| blob | 1a2e3eb0a9a662098f719d2379f3914b06734ce0 |
1 /*
2 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
3 * Copyright 2012, Daniil Lunev. All rights reserved.
4 * Copyright 2014, OmniTI Computer Consulting, Inc. All rights reserved.
5 */
6 /*
7 * Copyright (c) 1983 Regents of the University of California.
8 * All rights reserved. The Berkeley software License Agreement
9 * specifies the terms and conditions for redistribution.
10 */
15 #include <compat.h>
16 #include <libdlpi.h>
17 #include <libdllink.h>
18 #include <libdliptun.h>
19 #include <libdllink.h>
20 #include <inet/ip.h>
21 #include <inet/ipsec_impl.h>
22 #include <libipadm.h>
23 #include <ifaddrs.h>
24 #include <libsocket_priv.h>
29 #define LIFC_DEFAULT (LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES |\
30 LIFC_UNDER_IPMP)
80 };
85 uint_t ia_tries;
92 };
95 boolean_t dlh_opened;
97 /* current interface name a particular function is accessing */
99 /* foreach interface saved name */
108 /*
109 * Make sure the algorithm variables hold more than the sizeof an algorithm
110 * in PF_KEY. (For now, more than a uint8_t.) The NO_***_?ALG indicates that
111 * there was no algorithm requested, and in the ipsec_req that service should
112 * be disabled. (E.g. if ah_aalg remains NO_AH_AALG, then AH will be
113 * disabled on that tunnel.)
114 */
115 #define NO_AH_AALG 256
116 #define NO_ESP_AALG 256
117 #define NO_ESP_EALG 256
126 /*
127 * Function prototypes for command functions.
128 */
170 /*
171 * Address family specific function prototypes.
172 */
180 /*
181 * Misc support functions
182 */
190 boolean_t addr_set);
211 datalink_id_t *);
216 #define max(a, b) ((a) < (b) ? (b) : (a))
218 /*
219 * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there
220 * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep
221 * on going rather than exit with an error.
222 */
224 #define DHCP_EXIT_IF_FAILURE -1
228 #define AF_ANY (-1)
230 /* Refer to the comments in ifconfig() on the netmask "hack" */
241 /* for the current interface */
307 /*
308 * NOTE: any additions to this table must also be applied to ifparse
309 * (usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c)
310 */
315 };
324 /*
325 * NOTE: print_config_flags() processes this table in order, so we put "up"
326 * last so that we can be sure "-failover" will take effect first. Otherwise,
327 * IPMP test addresses will erroneously migrate to the IPMP interface.
328 */
344 };
354 /* End defines and structure definitions for ifconfig -a plumb */
356 /* Known address families */
367 };
369 #define SOCKET_AF(af) (((af) == AF_UNSPEC) ? AF_INET : (af))
373 int
375 {
378 ipadm_status_t istatus;
390 }
392 }
403 }
413 }
414 }
418 }
419 }
426 /*
427 * Open the global libipadm handle. The flag IPH_LEGACY has to
428 * be specified to indicate that logical interface names will
429 * be used during interface creation and address creation.
430 */
434 /*
435 * Special interface names is any combination of these flags.
436 * Note that due to the ifconfig syntax they have to be combined
437 * as a single '-' option.
438 * -a All interfaces
439 * -u "up" interfaces
440 * -d "down" interfaces
441 * -D Interfaces not controlled by DHCP
442 * -4 IPv4 interfaces
443 * -6 IPv6 interfaces
444 * -X Turn on debug (not documented)
445 * -v Turn on verbose
446 * -Z Only interfaces in caller's zone
447 */
450 /* One or more options */
477 /*
478 * -4 is not a compatable flag, therefore
479 * we assume they want v4compat turned off
480 */
485 /*
486 * If they want IPv6, well then we'll assume
487 * they don't want IPv4 compat
488 */
499 }
500 }
505 }
507 lifc_flags);
510 }
513 }
515 /*
516 * For each interface, call ifconfig(argc, argv, af, ifa).
517 * Only call function if onflags and offflags are set or clear, respectively,
518 * in the interfaces flags field.
519 */
520 static void
523 {
526 ipadm_status_t istatus;
528 /*
529 * Special case:
530 * ifconfig -a plumb should find all network interfaces in the current
531 * zone.
532 */
536 }
537 /* Get all addresses in kernel including addresses that are zero. */
539 lifc_flags);
543 /*
544 * For each logical interface, call ifconfig() with the
545 * given arguments.
546 */
556 }
561 }
563 }
565 /*
566 * Used for `ifconfig -a plumb'. Finds all datalinks and plumbs the interface.
567 */
568 static void
571 {
581 }
589 /*
590 * Reset global state
591 * setaddr: Used by parser to tear apart source and dest
592 * name and origname contain the name of the 'current'
593 * interface.
594 */
599 }
600 }
602 /*
603 * Parses the interface name and the command in argv[]. Calls the
604 * appropriate callback function for the given command from `cmds[]'
605 * table.
606 * If there is no command specified, it prints all addresses.
607 */
608 static void
610 {
613 ipadm_status_t istatus;
619 }
622 /*
623 * Some errors are ignored in the case where more than one
624 * interface is being operated on.
625 */
632 }
634 }
636 /*
637 * The following is a "hack" to get around the existing interface
638 * setting mechanism. Currently, each interface attribute,
639 * such as address, netmask, broadcast, ... is set separately. But
640 * sometimes two or more attributes must be set together. For
641 * example, setting an address without a netmask does not make sense.
642 * Yet they can be set separately for IPv4 address using the current
643 * ifconfig(1M) syntax. The kernel then "infers" the correct netmask
644 * using the deprecated "IP address classes." This is simply not
645 * correct.
646 *
647 * The "hack" below is to go thru the whole command list looking for
648 * the netmask command first. Then use this netmask to set the
649 * address. This does not provide an extensible way to accommodate
650 * future need for setting more than one attributes together.
651 *
652 * Note that if the "netmask" command argument is a "+", we need
653 * to save this info and do the query after we know the address to
654 * be set. The reason is that if "addif" is used, the working
655 * interface name will be changed later when the logical interface
656 * is created. In in_getmask(), if an address is not provided,
657 * it will use the working interface's address to do the query.
658 * It will be wrong now as we don't know the logical interface's name.
659 *
660 * ifconfig(1M) is too overloaded and the code is so convoluted
661 * that it is "safer" not to re-architect the code to fix the above
662 * issue, hence this "hack." We may be better off to have a new
663 * command with better syntax for configuring network interface
664 * parameters...
665 */
670 /* Only go thru the command list once to find the netmask. */
673 /*
674 * Currently, if multiple netmask commands are specified, the
675 * last one will be used as the final netmask. So we need
676 * to scan the whole list to preserve this behavior.
677 */
682 largv++;
689 }
690 /* Continue the scan. */
691 }
692 }
693 }
697 boolean_t found_cmd;
706 /*
707 * indicate that the command was
708 * found and check to see if
709 * the address family is valid
710 */
715 }
720 }
721 }
722 /*
723 * If we found the keyword, but the address family
724 * did not match spit out an error
725 */
730 }
731 /*
732 * else (no keyword found), we assume it's an address
733 * of some sort
734 */
736 /*
737 * We must have already filled in a source address in
738 * `ipaddr' and we now got a destination address.
739 * Fill it in `ipaddr' and call libipadm to create
740 * the static address.
741 */
748 }
749 /*
750 * finished processing dstaddr, so reset setaddr
751 */
753 }
754 /*
755 * Both source and destination address are in `ipaddr'.
756 * Add the address by calling libipadm.
757 */
759 IPADM_OPT_ACTIVE);
766 /* move parser along */
769 }
770 }
772 /*
773 * catch odd commands like
774 * "ifconfig <intf> addr1 addr2 addr3 addr4 up"
775 */
777 "ifconfig: cannot configure more than two "
780 }
784 }
793 }
794 }
795 /*
796 * Call the function if:
797 *
798 * there's no address family
799 * restriction
800 * OR
801 * we don't know the address yet
802 * (because we were called from
803 * main)
804 * OR
805 * there is a restriction AND
806 * the address families match
807 */
812 /*
813 * If c_func failed and we should
814 * abort processing for this
815 * interface on failure, return
816 * now rather than going on to
817 * process other commands for
818 * the same interface.
819 */
822 }
823 }
825 }
828 /*
829 * Only the source address was provided, which was already
830 * set in `ipaddr'. Add the address by calling libipadm.
831 */
838 }
840 /* Check to see if there's a security hole in the tunnel setup. */
844 }
847 createfailed:
850 /* Remove the newly created logical interface. */
855 }
857 }
859 /* ARGSUSED */
860 static int
862 {
863 debug++;
865 }
867 /* ARGSUSED */
868 static int
870 {
871 verbose++;
873 }
875 /*
876 * This function fills in the given lifreq's lifr_addr field based on
877 * g_netmask_set.
878 */
879 static void
882 {
892 /*
893 * "+" is used as the argument to "netmask" command. Query
894 * the database on the correct netmask based on the address to
895 * be set.
896 */
905 }
912 }
913 }
915 /*
916 * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n>
917 * syntax for setting the address, the address plus netmask, and just
918 * the netmask respectively.
919 */
920 /* ARGSUSED */
921 static int
923 {
924 ipadm_status_t istatus;
943 /* Nothing there - ok */
947 addr);
956 prefixlen);
958 }
965 prefixlen);
967 }
968 }
969 /*
970 * Just in case of funny setting of both prefix and netmask,
971 * prefix should override the netmask command.
972 */
975 }
977 /*
978 * Check and see if any "netmask" command is used and perform the
979 * necessary operation.
980 */
983 /* This check is temporary until libipadm supports IPMP interfaces. */
995 }
1001 /*
1002 * lifr.lifr_addr, which is updated by set_mask_lifreq()
1003 * will contain the right mask to use.
1004 */
1012 /*
1013 * let parser know we got a source.
1014 * Next address, if given, should be dest
1015 */
1016 setaddr++;
1018 /*
1019 * address will be set by the parser after nextarg has
1020 * been scanned
1021 */
1023 }
1025 /* Tell parser that an address was set */
1026 setaddr++;
1027 /* save copy of netmask to restore in case of error */
1033 /*
1034 * If setting the address and not the mask, clear any existing mask
1035 * and the kernel will then assign the default (netmask has been set
1036 * to 0 in this case). If setting both (either by using a prefix or
1037 * using the netmask command), set the mask first, so the address will
1038 * be interpreted correctly.
1039 */
1041 /* lifr.lifr_addr already contains netmask from set_mask_lifreq() */
1054 }
1058 /*
1059 * Restore the netmask
1060 */
1068 }
1071 }
1073 /*
1074 * The following functions are stolen from the ipseckey(1m) program.
1075 * Perhaps they should be somewhere common, but for now, we just maintain
1076 * two versions. We do this because of the different semantics for which
1077 * algorithms we select ("requested" for ifconfig vs. "actual" for key).
1078 */
1080 static ulong_t
1082 {
1083 ulong_t rc;
1090 }
1093 }
1095 /*
1096 * Parse and reverse parse possible algorithm values, include numbers.
1097 * Mostly stolen from ipseckey.c. See the comments above parsenum() for why
1098 * this isn't common to ipseckey.c.
1099 *
1100 * NOTE: Static buffer in this function for the return value. Since ifconfig
1101 * isn't multithreaded, this isn't a huge problem.
1102 */
1108 {
1112 /*
1113 * Special cases for "any" and "none"
1114 * The kernel needs to be able to distinguish between "any"
1115 * and "none" and the APIs are underdefined in this area for auth.
1116 */
1122 }
1130 }
1133 }
1135 static uint_t
1137 {
1139 ulong_t invalue;
1145 }
1147 /*
1148 * Special-case "none" and "any".
1149 * Use strcasecmp because its length is bounded.
1150 */
1154 }
1163 }
1165 /*
1166 * Since algorithms can be loaded during kernel run-time, check for
1167 * numeric algorithm values too.
1168 */
1177 /* NOTREACHED */
1178 }
1180 /*
1181 * Actual ifconfig functions to set tunnel security properties.
1182 */
1186 static int
1188 {
1190 iptun_params_t params;
1191 dladm_status_t status;
1204 /*
1205 * If I'm just starting off this ifconfig, I want a clean slate,
1206 * otherwise, I've captured the current tunnel security settings.
1207 * In the case of continuation, I merely add to the settings.
1208 */
1212 /* We're only modifying the IPsec information */
1222 /* Let the user specify NULL encryption implicitly. */
1226 }
1232 }
1246 /* Let the user specify NULL encryption implicitly. */
1250 }
1260 }
1262 /* Will never hit DEFAULT */
1263 }
1267 done:
1277 }
1279 }
1281 /* ARGSUSED */
1282 static int
1284 {
1287 }
1289 /* ARGSUSED */
1290 static int
1292 {
1295 }
1297 /* ARGSUSED */
1298 static int
1300 {
1303 }
1305 /* ARGSUSED */
1306 static int
1308 {
1314 name);
1316 }
1323 }
1325 }
1327 /* ARGSUSED */
1328 static int
1330 {
1341 /* NOTREACHED */
1348 }
1357 }
1359 /* ARGSUSED */
1360 static int
1362 {
1374 }
1380 }
1382 /*
1383 * Parse '/<n>' as a netmask.
1384 */
1385 /* ARGSUSED */
1386 static int
1388 {
1398 }
1409 prefixlen);
1411 }
1420 prefixlen);
1422 }
1427 }
1432 }
1434 /* ARGSUSED */
1435 static int
1437 {
1443 /*
1444 * This doesn't set the broadcast address at all. Rather, it
1445 * gets, then sets the interface's address, relying on the fact
1446 * that resetting the address will reset the broadcast address.
1447 */
1454 }
1459 }
1467 }
1469 /*
1470 * set interface destination address
1471 */
1472 /* ARGSUSED */
1473 static int
1475 {
1481 }
1483 /* ARGSUSED */
1484 static int
1486 {
1498 /*
1499 * The kernel does not allow administratively up test
1500 * addresses to be converted to data addresses. Bring
1501 * the address down first, then bring it up after it's
1502 * been converted to a data address.
1503 */
1507 }
1512 /*
1513 * If the user is trying to mark an interface with a
1514 * duplicate address as "down," or convert a duplicate
1515 * test address to a data address, then fetch the
1516 * address and set it. This will cause IP to clear
1517 * the IFF_DUPLICATE flag and stop the automatic
1518 * recovery timer.
1519 */
1524 }
1527 }
1529 /*
1530 * If we're about to bring up an underlying physical IPv6 interface in
1531 * an IPMP group, ensure the IPv6 IPMP interface is also up. This is
1532 * for backward compatibility with legacy configurations in which
1533 * there are no explicit hostname files for IPMP interfaces. (For
1534 * IPv4, this is automatically handled by the kernel when migrating
1535 * the underlying interface's data address to the IPMP interface.)
1536 */
1543 lifgroupinfo_t lifgr;
1546 LIFGRNAMSIZ);
1557 }
1558 }
1568 }
1571 }
1573 /* ARGSUSED */
1574 static int
1576 {
1582 }
1584 /* ARGSUSED */
1585 static int
1587 {
1593 }
1595 /* ARGSUSED */
1596 static int
1598 {
1604 }
1606 /* ARGSUSED */
1607 static void
1609 {
1610 }
1612 /* ARGSUSED */
1613 static int
1615 {
1620 dlpi_handle_t dh;
1621 dlpi_notifyid_t id;
1627 }
1629 /*
1630 * if the IP interface in the arguments is a logical
1631 * interface, exit with an error now.
1632 */
1637 }
1643 else
1646 }
1655 /*
1656 * This link does not support DL_NOTE_PHYS_ADDR: bring down
1657 * all of the addresses to flush the old hardware address
1658 * information out of IP.
1659 *
1660 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is
1661 * more than an optimization: in.mpathd will set IFF_OFFLINE
1662 * if it's notified and the new address is a duplicate of
1663 * another in the group -- but the flags manipulation in
1664 * ifaddr_{down,up}() cannot be atomic and thus might clobber
1665 * IFF_OFFLINE, confusing in.mpathd.
1666 */
1675 }
1676 }
1677 }
1679 /*
1680 * Change the hardware address.
1681 */
1686 }
1689 /*
1690 * If any addresses were brought down before changing the hardware
1691 * address, bring them up again.
1692 */
1696 }
1700 }
1702 /*
1703 * Print an interface's Ethernet address, if it has one.
1704 */
1705 static void
1707 {
1714 /*
1715 * It's possible the interface is only configured for
1716 * IPv6; check again with AF_INET6.
1717 */
1723 }
1724 }
1727 /* VNI and IPMP interfaces don't have MAC addresses */
1731 /* IP tunnels also don't have Ethernet-like MAC addresses */
1733 DLADM_STATUS_OK)
1737 }
1739 /*
1740 * static int find_all_interfaces(struct lifconf *lifcp, char **buf,
1741 * int64_t lifc_flags)
1742 *
1743 * It finds all active data links.
1744 *
1745 * It takes in input a pointer to struct lifconf to receive interfaces
1746 * informations, a **char to hold allocated buffer, and a lifc_flags.
1747 *
1748 * Return values:
1749 * 0 = everything OK
1750 * -1 = problem
1751 */
1752 static int
1754 {
1759 dladm_status_t status;
1765 }
1769 /* Now, translate the linked list into a struct lifreq buffer */
1776 }
1793 }
1795 }
1797 /*
1798 * Create the next unused logical interface using the original name
1799 * and assign the address (and mask if '/<n>' is part of the address).
1800 * Use the new logical interface for subsequent subcommands by updating
1801 * the name variable.
1802 *
1803 * This allows syntax like:
1804 * ifconfig le0 addif 109.106.86.130 netmask + up \
1805 * addif 109.106.86.131 netmask + up
1806 */
1807 /* ARGSUSED */
1808 static int
1810 {
1816 ipadm_status_t istatus;
1825 name);
1827 }
1829 /*
1830 * clear so parser will interpret next address as source followed
1831 * by possible dest
1832 */
1841 /* Nothing there - ok */
1856 prefixlen);
1858 }
1865 prefixlen);
1867 }
1868 }
1871 }
1873 /*
1874 * This is a "hack" to get around the problem of SIOCLIFADDIF. The
1875 * problem is that this ioctl does not include the netmask when
1876 * adding a logical interface. This is the same problem described
1877 * in the ifconfig() comments. To get around this problem, we first
1878 * add the logical interface with a 0 address. After that, we set
1879 * the netmask if provided. Finally we set the interface address.
1880 */
1884 /* Note: no need to do DAD here since the interface isn't up yet. */
1893 /*
1894 * Check and see if any "netmask" command is used and perform the
1895 * necessary operation.
1896 */
1899 /* This check is temporary until libipadm supports IPMP interfaces. */
1901 /*
1902 * We added the logical interface above before calling
1903 * ipadm_create_addr(), because, with IPH_LEGACY, we need
1904 * to do an addif for `ifconfig ce0 addif <addr>' but not for
1905 * `ifconfig ce0 <addr>'. libipadm does not have a flag to
1906 * to differentiate between these two cases. To keep it simple,
1907 * we always create the logical interface and pass it to
1908 * libipadm instead of requiring libipadm to addif for some
1909 * cases and not do addif for other cases.
1910 */
1924 }
1925 /*
1926 * lifr.lifr_addr, which is updated by set_mask_lifreq()
1927 * will contain the right mask to use.
1928 */
1938 setaddr++;
1939 /*
1940 * address will be set by the parser after nextarg
1941 * has been scanned
1942 */
1944 }
1946 /*
1947 * Only set the netmask if "netmask" command is used or a prefix is
1948 * provided.
1949 */
1951 /*
1952 * lifr.lifr_addr already contains netmask from
1953 * set_mask_lifreq().
1954 */
1957 }
1959 /* Finally, we set the interface address. */
1964 /*
1965 * let parser know we got a source.
1966 * Next address, if given, should be dest
1967 */
1968 setaddr++;
1970 }
1972 /*
1973 * Remove a logical interface based on its IP address. Unlike addif
1974 * there is no '/<n>' here.
1975 * Verifies that the interface is down before it is removed.
1976 */
1977 /* ARGSUSED */
1978 static int
1980 {
1982 ipadm_status_t istatus;
1988 name);
1990 }
1994 /*
1995 * Following check is temporary until libipadm supports
1996 * IPMP interfaces.
1997 */
2001 /*
2002 * Get all addresses and search this address among the active
2003 * addresses. If an address object was found, delete using
2004 * ipadm_delete_addr().
2005 */
2019 name);
2021 }
2024 IPADM_OPT_ACTIVE);
2028 }
2031 }
2032 }
2036 /*
2037 * An address object for this address was not found in ipadm.
2038 * Delete with SIOCLIFREMOVEIF.
2039 */
2044 /* This can only happen if ipif_id = 0 */
2047 name);
2049 }
2051 }
2053 }
2055 /*
2056 * Set the address token for IPv6.
2057 */
2058 /* ARGSUSED */
2059 static int
2061 {
2071 /* NOTREACHED */
2078 }
2084 }
2086 }
2088 /* ARGSUSED */
2089 static int
2091 {
2092 lifgroupinfo_t lifgr;
2101 }
2109 /*
2110 * The group doesn't yet exist; create it and repeat.
2111 */
2119 }
2123 /*
2124 * The interface is already in another group; must
2125 * remove existing membership first.
2126 */
2132 }
2134 LIFGRNAMSIZ);
2138 /*
2139 * The group exists, but it's not configured with the
2140 * address families the interface needs. Since only
2141 * two address families are currently supported, just
2142 * configure the "other" address family. Note that we
2143 * may race with group deletion or creation by another
2144 * process (ENOENT or EEXIST); in such cases we repeat
2145 * our original SIOCSLIFGROUPNAME.
2146 */
2154 }
2164 }
2168 /*
2169 * Some addresses are in-use (or under control of DAD).
2170 * Bring them down and retry the group join operation.
2171 * We will bring them back up after the interface has
2172 * been placed in the group.
2173 */
2178 }
2185 }
2189 }
2194 /*
2195 * Some data addresses are under application control.
2196 * For some of these (e.g., ADDRCONF), the application
2197 * should remove the address, in which case we retry a
2198 * few times (since the application's action is not
2199 * atomic with respect to us) before bailing out and
2200 * informing the user.
2201 */
2207 again:
2211 "cannot get data addresses managed "
2215 }
2226 }
2229 "IPMP group: %s has data addresses managed "
2231 nappaddr++;
2232 }
2236 }
2240 }
2241 }
2243 /*
2244 * If the interface being moved is under the control of `ipmgmtd(1M)'
2245 * dameon then we should inform the daemon about this move, so that
2246 * the daemon can delete the state associated with this interface.
2247 *
2248 * This workaround is needed until the IPMP support in ipadm(1M).
2249 */
2252 /*
2253 * If there were addresses that we had to bring down, it's time to
2254 * bring them up again. As part of bringing them up, the kernel will
2255 * automatically move them to the new IPMP interface.
2256 */
2261 }
2262 }
2265 fail:
2266 /*
2267 * Attempt to bring back up any interfaces that we downed.
2268 */
2273 }
2274 }
2278 /*
2279 * We'd return -1, but foreachinterface() doesn't propagate the error
2280 * into the exit status, so we're forced to explicitly exit().
2281 */
2283 /* NOTREACHED */
2284 }
2286 static boolean_t
2288 {
2294 }
2300 }
2305 }
2307 }
2309 /*
2310 * To list all the modules above a given network interface.
2311 */
2312 /* ARGSUSED */
2313 static int
2315 {
2325 /*
2326 * We'd return -1, but foreachinterface() doesn't propagate the error
2327 * into the exit status, so we're forced to explicitly exit().
2328 */
2335 }
2342 }
2346 num_mods);
2356 }
2357 }
2359 }
2360 }
2362 orig_arpid));
2363 }
2368 /*
2369 * To insert a module to the stream of the interface. It is just a
2370 * wrapper. The real function is modop().
2371 */
2372 /* ARGSUSED */
2373 static int
2375 {
2377 }
2379 /*
2380 * To remove a module from the stream of the interface. It is just a
2381 * wrapper. The real function is modop().
2382 */
2383 /* ARGSUSED */
2384 static int
2386 {
2388 }
2390 /*
2391 * Helper function for mod*() functions. It gets a fd to the lower IP
2392 * stream and I_PUNLINK's the lower stream. It also initializes the
2393 * global variable lifr.
2394 *
2395 * Param:
2396 * int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2397 * int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2398 * int *ipfd_lowstr: fd to the lower IP stream.
2399 * int *arpfd_lowstr: fd to the lower ARP stream.
2400 *
2401 * Return:
2402 * -1 if operation fails, 0 otherwise.
2403 *
2404 * Please see the big block comment above ifplumb() for the logic of the
2405 * PLINK/PUNLINK
2406 */
2407 static int
2410 {
2418 }
2426 }
2431 }
2435 }
2439 }
2441 /*
2442 * Use /dev/udp{,6} as the mux to avoid linkcycles.
2443 */
2452 /*
2453 * Some plumbing utilities set the muxid to
2454 * -1 or some invalid value to signify that
2455 * there is no arp stream. Set the muxid to 0
2456 * before trying to unplumb the IP stream.
2457 * IP does not allow the IP stream to be
2458 * unplumbed if it sees a non-null arp muxid,
2459 * for consistency of IP-ARP streams.
2460 */
2469 }
2474 }
2477 }
2482 /* Undo any changes we made */
2486 }
2488 }
2491 /* Undo any changes we made */
2495 }
2497 }
2499 }
2501 /*
2502 * Helper function for mod*() functions. It I_PLINK's back the upper and
2503 * lower IP streams. Note that this function must be called after
2504 * ip_domux2fd(). In ip_domux2fd(), the global variable lifr is initialized
2505 * and ip_plink() needs information in lifr. So ip_domux2fd() and ip_plink()
2506 * must be called in pairs.
2507 *
2508 * Param:
2509 * int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2510 * int muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2511 * int ipfd_lowstr: fd to the lower IP stream.
2512 * int arpfd_lowstr: fd to the lower ARP stream.
2513 *
2514 * Return:
2515 * -1 if operation fails, 0 otherwise.
2516 *
2517 * Please see the big block comment above ifplumb() for the logic of the
2518 * PLINK/PUNLINK
2519 */
2520 static int
2523 {
2530 }
2532 /*
2533 * If there is an arp stream, plink it. If there is no
2534 * arp stream, then it is possible that the plumbing
2535 * utility could have stored any value in the arp_muxid.
2536 * If so, restore it from orig_arpid.
2537 */
2542 }
2544 /* Undo the changes we did in ip_domux2fd */
2548 }
2553 }
2555 /*
2556 * The real function to perform module insertion/removal.
2557 *
2558 * Param:
2559 * char *arg: the argument string module_name@position
2560 * char op: operation, either MODINSERT_OP or MODREMOVE_OP.
2561 *
2562 * Return:
2563 * Before doing ip_domux2fd(), this function calls exit(1) in case of
2564 * error. After ip_domux2fd() is done, it returns -1 for error, 0
2565 * otherwise.
2566 */
2567 static int
2569 {
2580 /*
2581 * We'd return -1, but foreachinterface() doesn't propagate the error
2582 * into the exit status, so we're forced to explicitly exit().
2583 */
2587 /* Need to save the original string for -a option. */
2591 }
2598 }
2604 }
2606 /*
2607 * Need to make sure that the core TCP/IP stack modules are not
2608 * removed. Otherwise, "bad" things can happen. If a module
2609 * is removed and inserted back, it loses its old state. But
2610 * the modules above it still have the old state. E.g. IP assumes
2611 * fast data path while tunnel after re-inserted assumes that it can
2612 * receive M_DATA only in fast data path for which it does not have
2613 * any state. This is a general caveat of _I_REMOVE/_I_INSERT.
2614 */
2621 }
2626 }
2633 }
2639 }
2642 }
2648 }
2651 }
2654 /* Should never get to here. */
2657 }
2660 orig_arpid));
2661 }
2663 static int
2665 {
2666 dladm_status_t status;
2674 }
2676 /*
2677 * Set tunnel source address
2678 */
2679 /* ARGSUSED */
2680 static int
2682 {
2683 iptun_params_t params;
2689 }
2691 /*
2692 * Set tunnel destination address
2693 */
2694 /* ARGSUSED */
2695 static int
2697 {
2698 iptun_params_t params;
2704 }
2706 static int
2708 {
2709 dladm_status_t status;
2710 datalink_id_t linkid;
2715 DLADM_OPT_ACTIVE);
2716 }
2720 }
2722 /* Set tunnel encapsulation limit. */
2723 /* ARGSUSED */
2724 static int
2726 {
2728 }
2730 /* Disable encapsulation limit. */
2731 /* ARGSUSED */
2732 static int
2734 {
2736 }
2738 /* Set tunnel hop limit. */
2739 /* ARGSUSED */
2740 static int
2742 {
2744 }
2746 /* Set zone ID */
2747 static int
2749 {
2753 /* zone must be active */
2758 }
2759 }
2765 }
2767 /* Set source address to use */
2768 /* ARGSUSED */
2769 static int
2771 {
2777 /*
2778 * Argument can be either an interface name or "none". The latter means
2779 * that any previous selection is cleared.
2780 */
2786 }
2793 }
2799 }
2808 else
2810 }
2813 }
2815 /*
2816 * Print the interface status line associated with `ifname'
2817 */
2818 static void
2820 {
2831 }
2834 /*
2835 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or
2836 * interfaces with IFF_IPV6 set.
2837 */
2842 }
2853 }
2857 /* don't print index or zone when in compatibility mode */
2861 /*
2862 * Stack instances use GLOBAL_ZONEID for IP data structures
2863 * even in the non-global zone.
2864 */
2875 }
2876 }
2877 }
2882 /*
2883 * Find the number of interfaces that use this interfaces'
2884 * address as a source address
2885 */
2889 /* The first pass will give the bufsize we need */
2895 }
2898 }
2901 /* Use kernel's size + a small margin to avoid loops */
2904 /* For the first pass, realloc acts like malloc */
2910 }
2913 }
2915 }
2924 }
2925 }
2928 }
2930 /* Find the interface whose source address this interface uses */
2939 }
2940 }
2941 }
2944 }
2946 /*
2947 * Print the status of the interface. If an address family was
2948 * specified, show it and it only; otherwise, show them all.
2949 */
2950 static void
2952 {
2955 datalink_id_t linkid;
2960 }
2964 /*
2965 * Only print the interface status if the address family matches
2966 * the interface family flag.
2967 */
2972 }
2974 /*
2975 * In V4 compatibility mode, don't print IFF_IPV6 interfaces.
2976 */
2983 DLADM_STATUS_OK)
2990 /* set global af for use in p->af_status */
2993 }
2995 /*
2996 * Historically, 'ether' has been an address family,
2997 * so print it here.
2998 */
3000 }
3001 }
3003 /*
3004 * Print the status of the interface in a format that can be used to
3005 * reconfigure the interface later. Code stolen from status() above.
3006 */
3007 /* ARGSUSED */
3008 static int
3010 {
3021 }
3027 }
3029 /*
3030 * Build the interface name to print (we cannot directly use `name'
3031 * because one cannot "plumb" ":0" interfaces).
3032 */
3037 /*
3038 * if the interface is IPv4
3039 * if we have a IPv6 address family restriction return
3040 * so it won't print
3041 * if we are in IPv4 compatibility mode, clear out IFF_IPV4
3042 * so we don't print it.
3043 */
3052 /*
3053 * else if the interface is IPv6
3054 * if we have a IPv4 address family restriction return
3055 * or we are in IPv4 compatibiltiy mode, return.
3056 */
3063 }
3071 }
3076 /* Index only applies to the zeroth interface */
3080 }
3087 }
3088 }
3089 }
3097 /* set global af for use in p->af_configinfo */
3101 }
3103 }
3104 }
3108 }
3110 static void
3112 {
3123 }
3129 }
3130 }
3132 }
3134 static void
3136 {
3137 iptun_params_t params;
3145 /* If dladm_iptun_getparams() fails, assume we are not a tunnel. */
3148 DLADM_STATUS_OK)
3162 }
3164 /*
3165 * There is always a source address. If it hasn't been explicitly
3166 * set, the API will pass back a buffer containing the unspecified
3167 * address.
3168 */
3173 else
3184 }
3193 }
3197 else
3199 }
3203 }
3205 static void
3207 {
3214 /* only print status for IPv4 interfaces */
3229 }
3235 }
3247 }
3248 }
3254 }
3257 }
3273 else
3275 }
3278 }
3286 else
3288 }
3293 }
3294 }
3295 /* If there is a groupname, print it for only the physical interface */
3300 }
3301 }
3303 }
3305 static void
3307 {
3328 }
3337 }
3348 }
3356 }
3359 }
3366 else
3368 }
3373 }
3382 else
3390 }
3394 }
3402 }
3403 }
3404 /* If there is a groupname, print it for only the physical interface */
3409 }
3410 }
3412 }
3414 static void
3416 {
3423 /* only configinfo info for IPv4 interfaces */
3438 }
3442 }
3454 }
3455 }
3462 }
3477 else
3479 }
3482 }
3490 else
3492 }
3497 }
3498 }
3500 /* If there is a groupname, print it for only the zeroth interface */
3505 }
3506 }
3508 /* Print flags to configure */
3510 }
3512 static void
3514 {
3520 flags);
3536 }
3542 }
3553 }
3561 }
3569 else
3571 }
3576 }
3583 else
3591 }
3593 /* If there is a groupname, print it for only the zeroth interface */
3598 }
3599 }
3601 /* Print flags to configure */
3603 }
3605 /*
3606 * If this is a physical interface then remove it.
3607 * If it is a logical interface name use SIOCLIFREMOVEIF to
3608 * remove it. In both cases fail if it doesn't exist.
3609 */
3610 /* ARGSUSED */
3611 static int
3613 {
3614 ipadm_status_t istatus;
3621 }
3624 }
3626 /*
3627 * Create the interface in `name', using ipadm_create_if(). If `name' is a
3628 * logical interface or loopback interface, ipadm_create_if() uses
3629 * SIOCLIFADDIF to create it.
3630 */
3631 /* ARGSUSED */
3632 static int
3634 {
3635 ipadm_status_t istatus;
3643 }
3645 }
3647 /* ARGSUSED */
3648 static int
3650 {
3653 /*
3654 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb".
3655 * Otherwise, try to create the requested IPMP interface.
3656 */
3659 else
3662 /*
3663 * We'd return -1, but foreachinterface() doesn't propagate the error
3664 * into the exit status, so we're forced to explicitly exit().
3665 */
3669 }
3671 /*
3672 * Create an IPMP group `grname' with address family `af'. If `ifname' is
3673 * non-NULL, it specifies the interface name to use. Otherwise, use the name
3674 * ipmpN, where N corresponds to the lowest available integer. If `implicit'
3675 * is set, then the group is being created as a side-effect of placing an
3676 * underlying interface in a group. Also start in.mpathd if necessary.
3677 */
3678 static int
3680 {
3683 ipadm_status_t istatus;
3688 }
3690 /*
3691 * ipadm_create_if() creates the IPMP interface and fills in the
3692 * ppa in lifr.lifr_name, if `ifname'="ipmp".
3693 */
3703 }
3705 /*
3706 * To preserve backward-compatibility, always bring up the link-local
3707 * address for implicitly-created IPv6 IPMP interfaces.
3708 */
3713 }
3714 }
3716 /*
3717 * If the caller requested a different group name, issue a
3718 * SIOCSLIFGROUPNAME on the new IPMP interface.
3719 */
3725 }
3726 }
3728 /*
3729 * If we haven't done so yet, ensure in.mpathd is started.
3730 */
3735 }
3737 /*
3738 * Start in.mpathd if it's not already running.
3739 */
3740 static void
3742 {
3744 ipmp_handle_t ipmp_handle;
3746 /*
3747 * Ping in.mpathd to see if it's running already.
3748 */
3753 }
3767 }
3769 /*
3770 * Start in.mpathd. Note that in.mpathd will handle multiple
3771 * incarnations (ipmp_ping_daemon() is just an optimization) so we
3772 * don't need to worry about racing with another ifconfig process.
3773 */
3777 /* NOTREACHED */
3781 /* NOTREACHED */
3784 }
3785 }
3787 /*
3788 * Bring the address named by `ifaddrp' up or down. Doesn't trust any mutable
3789 * values in ia_flags since they may be stale.
3790 */
3791 static boolean_t
3793 {
3804 else
3810 /*
3811 * If we're trying to bring the address down, ensure that DAD activity
3812 * (observable by IFF_DUPLICATE) has also been stopped.
3813 */
3819 }
3820 }
3822 }
3824 static boolean_t
3826 {
3828 }
3830 static boolean_t
3832 {
3834 }
3836 /*
3837 * Open the global libdladm handle "dlh" if it isn't already opened. The
3838 * caller may optionally supply a link name to obtain its linkid. If a link
3839 * of a specific class or classes is required, reqclass specifies the class
3840 * mask.
3841 */
3842 static dladm_status_t
3845 {
3853 }
3859 }
3860 }
3862 }
3864 /*
3865 * This function checks if we can use libipadm API's. We will only
3866 * call libipadm functions for non-IPMP interfaces. This check is
3867 * temporary until libipadm supports IPMP interfaces.
3868 */
3869 static boolean_t
3871 {
3879 }
3882 }
3884 static void
3886 {
3890 }
3892 static void
3894 {
3900 }
3902 void
3904 {
3906 }
3908 void
3910 {
3913 }
3915 void
3917 {
3942 }
3943 }
3945 /*
3946 * Print out error message (Perror2()) and exit
3947 */
3948 void
3950 {
3953 /* NOTREACHED */
3954 }
3956 void
3958 {
3961 }
3963 /*
3964 * Print out error message (Perrdlpi()) and exit
3965 */
3966 void
3968 {
3971 }
3973 /*
3974 * If the last argument is non-NULL allow a <addr>/<n> syntax and
3975 * pass out <n> in *plenp.
3976 * If <n> doesn't parse return BAD_ADDR as *plenp.
3977 * If no /<n> is present return NO_PREFIX as *plenp.
3978 */
3979 static void
3981 {
3982 /* LINTED: alignment */
3991 /*
3992 * Look for '/'<n> is plenp
3993 */
4006 }
4010 /*
4011 * Try to catch attempts to set the broadcast address to all 1's.
4012 */
4018 }
4026 }
4032 }
4038 }
4040 }
4042 /*
4043 * If the last argument is non-NULL allow a <addr>/<n> syntax and
4044 * pass out <n> in *plenp.
4045 * If <n> doesn't parse return BAD_ADDR as *plenp.
4046 * If no /<n> is present return NO_PREFIX as *plenp.
4047 */
4048 static void
4050 {
4051 /* LINTED: alignment */
4059 /*
4060 * Look for '/'<n> is plenp
4061 */
4074 }
4084 }
4090 }
4092 }
4094 /*
4095 * If "slash" is zero this parses the whole string as
4096 * an integer. With "slash" non zero it parses the tail part as an integer.
4097 *
4098 * If it is not a valid integer this returns BAD_ADDR.
4099 * If there is /<n> present this returns NO_PREFIX.
4100 */
4101 static int
4103 {
4111 str++;
4123 }
4125 /*
4126 * Convert a prefix length to a mask.
4127 * Returns 1 if ok. 0 otherwise.
4128 * Assumes the mask array is zero'ed by the caller.
4129 */
4130 static boolean_t
4132 {
4141 }
4143 prefixlen--;
4144 }
4146 }
4148 static void
4150 {
4162 /*
4163 * It has to be here and not with the
4164 * printf below because for the last one,
4165 * we don't want a comma before the ">".
4166 */
4168 }
4170 }
4171 }
4174 }
4176 static void
4178 {
4185 }
4186 }
4187 }
4189 /*
4190 * Use the configured directory lookup mechanism (e.g. files/NIS/...)
4191 * to find the network mask. Returns true if we found one to set.
4192 *
4193 * The parameter addr_set controls whether we should get the address of
4194 * the working interface for the netmask query. If addr_set is true,
4195 * we will use the address provided. Otherwise, we will find the working
4196 * interface's address and use it instead.
4197 */
4198 static boolean_t
4200 {
4203 /*
4204 * Read the address from the interface if it is not passed in.
4205 */
4212 }
4214 }
4218 }
4222 }
4224 }
4226 static int
4228 {
4233 else
4235 }
4237 static void
4239 {
4247 name);
4249 }
4250 }
4254 name);
4263 num_ni++;
4264 }
4266 static boolean_t
4268 {
4269 dlpi_handle_t dh;
4283 }
4285 /*
4286 * dhcp-related routines
4287 */
4289 static int
4291 {
4305 }
4311 }
4312 argv++;
4317 }
4322 }
4327 }
4329 }
4335 }
4336 }
4338 /*
4339 * Only try to start agent on start or inform; in all other cases it
4340 * has to already be running for anything to make sense.
4341 */
4347 }
4349 }
4361 }
4366 /*
4367 * Re-map connect error to not under control if we didn't try a
4368 * start operation, as this has to be true and results in a
4369 * clearer message, not to mention preserving compatibility
4370 * with the days when we always started dhcpagent for every
4371 * request.
4372 */
4378 }
4393 else
4395 }
4400 }
4405 }
4407 static void
4409 {
4461 }