16e91bba0SGirish Moodalbail /* 26e91bba0SGirish Moodalbail * CDDL HEADER START 36e91bba0SGirish Moodalbail * 46e91bba0SGirish Moodalbail * The contents of this file are subject to the terms of the 56e91bba0SGirish Moodalbail * Common Development and Distribution License (the "License"). 66e91bba0SGirish Moodalbail * You may not use this file except in compliance with the License. 76e91bba0SGirish Moodalbail * 86e91bba0SGirish Moodalbail * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 96e91bba0SGirish Moodalbail * or http://www.opensolaris.org/os/licensing. 106e91bba0SGirish Moodalbail * See the License for the specific language governing permissions 116e91bba0SGirish Moodalbail * and limitations under the License. 126e91bba0SGirish Moodalbail * 136e91bba0SGirish Moodalbail * When distributing Covered Code, include this CDDL HEADER in each 146e91bba0SGirish Moodalbail * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 156e91bba0SGirish Moodalbail * If applicable, add the following below this CDDL HEADER, with the 166e91bba0SGirish Moodalbail * fields enclosed by brackets "[]" replaced with your own identifying 176e91bba0SGirish Moodalbail * information: Portions Copyright [yyyy] [name of copyright owner] 186e91bba0SGirish Moodalbail * 196e91bba0SGirish Moodalbail * CDDL HEADER END 206e91bba0SGirish Moodalbail */ 216e91bba0SGirish Moodalbail /* 22f1e9465bSSowmini Varadhan * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved. 23*299625c6SSebastien Roy * Copyright (c) 2013 by Delphix. All rights reserved. 246e91bba0SGirish Moodalbail */ 258887b57dSGirish Moodalbail /* Copyright (c) 1990 Mentat Inc. */ 266e91bba0SGirish Moodalbail 276e91bba0SGirish Moodalbail #include <inet/ip.h> 286e91bba0SGirish Moodalbail #include <inet/ip6.h> 296e91bba0SGirish Moodalbail #include <inet/ip_if.h> 306e91bba0SGirish Moodalbail #include <inet/ip_ire.h> 316e91bba0SGirish Moodalbail #include <inet/ipclassifier.h> 326e91bba0SGirish Moodalbail #include <inet/ip_impl.h> 336e91bba0SGirish Moodalbail #include <inet/tunables.h> 346e91bba0SGirish Moodalbail #include <sys/sunddi.h> 356e91bba0SGirish Moodalbail #include <sys/policy.h> 366e91bba0SGirish Moodalbail 376e91bba0SGirish Moodalbail /* How long, in seconds, we allow frags to hang around. */ 386e91bba0SGirish Moodalbail #define IP_REASM_TIMEOUT 15 396e91bba0SGirish Moodalbail #define IPV6_REASM_TIMEOUT 60 406e91bba0SGirish Moodalbail 416e91bba0SGirish Moodalbail /* 426e91bba0SGirish Moodalbail * Set ip{,6}_forwarding values. If the value is being set on an ill, 436e91bba0SGirish Moodalbail * find the ill and set the value on it. On the other hand if we are modifying 446e91bba0SGirish Moodalbail * global property, modify the global value and set the value on all the ills. 456e91bba0SGirish Moodalbail */ 466e91bba0SGirish Moodalbail /* ARGSUSED */ 476e91bba0SGirish Moodalbail static int 48*299625c6SSebastien Roy ip_set_forwarding(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo, 496e91bba0SGirish Moodalbail const char *ifname, const void* pval, uint_t flags) 506e91bba0SGirish Moodalbail { 516e91bba0SGirish Moodalbail char *end; 526e91bba0SGirish Moodalbail unsigned long new_value; 53*299625c6SSebastien Roy boolean_t per_ill, isv6; 54*299625c6SSebastien Roy ill_walk_context_t ctx; 55*299625c6SSebastien Roy ill_t *ill; 56*299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 576e91bba0SGirish Moodalbail 586e91bba0SGirish Moodalbail if (flags & MOD_PROP_DEFAULT) { 596e91bba0SGirish Moodalbail new_value = pinfo->prop_def_bval; 606e91bba0SGirish Moodalbail } else { 616e91bba0SGirish Moodalbail if (ddi_strtoul(pval, &end, 10, &new_value) != 0 || 626e91bba0SGirish Moodalbail *end != '\0') 636e91bba0SGirish Moodalbail return (EINVAL); 646e91bba0SGirish Moodalbail if (new_value != B_TRUE && new_value != B_FALSE) 656e91bba0SGirish Moodalbail return (EINVAL); 666e91bba0SGirish Moodalbail } 676e91bba0SGirish Moodalbail 686e91bba0SGirish Moodalbail per_ill = (ifname != NULL && ifname[0] != '\0'); 696e91bba0SGirish Moodalbail /* 706e91bba0SGirish Moodalbail * if it's not per ill then set the global property and bring all the 716e91bba0SGirish Moodalbail * ills up to date with the new global value. 726e91bba0SGirish Moodalbail */ 736e91bba0SGirish Moodalbail if (!per_ill) 746e91bba0SGirish Moodalbail pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE); 756e91bba0SGirish Moodalbail 766e91bba0SGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE); 776e91bba0SGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER); 786e91bba0SGirish Moodalbail if (isv6) 796e91bba0SGirish Moodalbail ill = ILL_START_WALK_V6(&ctx, ipst); 806e91bba0SGirish Moodalbail else 816e91bba0SGirish Moodalbail ill = ILL_START_WALK_V4(&ctx, ipst); 826e91bba0SGirish Moodalbail 836e91bba0SGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) { 846e91bba0SGirish Moodalbail /* 856e91bba0SGirish Moodalbail * if the property needs to be set on a particular 866e91bba0SGirish Moodalbail * interface, look for that interface. 876e91bba0SGirish Moodalbail */ 886e91bba0SGirish Moodalbail if (per_ill && strcmp(ifname, ill->ill_name) != 0) 896e91bba0SGirish Moodalbail continue; 906e91bba0SGirish Moodalbail (void) ill_forward_set(ill, new_value != 0); 916e91bba0SGirish Moodalbail } 926e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 936e91bba0SGirish Moodalbail 946e91bba0SGirish Moodalbail return (0); 956e91bba0SGirish Moodalbail } 966e91bba0SGirish Moodalbail 976e91bba0SGirish Moodalbail static int 98*299625c6SSebastien Roy ip_get_forwarding(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname, 996e91bba0SGirish Moodalbail void *pval, uint_t pr_size, uint_t flags) 1006e91bba0SGirish Moodalbail { 101*299625c6SSebastien Roy boolean_t value; 102*299625c6SSebastien Roy ill_walk_context_t ctx; 103*299625c6SSebastien Roy ill_t *ill; 104*299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 1056e91bba0SGirish Moodalbail boolean_t get_def = (flags & MOD_PROP_DEFAULT); 1066e91bba0SGirish Moodalbail boolean_t get_perm = (flags & MOD_PROP_PERM); 1076e91bba0SGirish Moodalbail boolean_t isv6; 1086e91bba0SGirish Moodalbail size_t nbytes = 0; 1096e91bba0SGirish Moodalbail 1106e91bba0SGirish Moodalbail if (get_perm) { 1116e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", MOD_PROP_PERM_RW); 1126e91bba0SGirish Moodalbail goto ret; 1136e91bba0SGirish Moodalbail } else if (get_def) { 1146e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_def_bval); 1156e91bba0SGirish Moodalbail goto ret; 1166e91bba0SGirish Moodalbail } 1176e91bba0SGirish Moodalbail 1186e91bba0SGirish Moodalbail /* 1196e91bba0SGirish Moodalbail * if per interface value is not asked for return the current 1206e91bba0SGirish Moodalbail * global value 1216e91bba0SGirish Moodalbail */ 1226e91bba0SGirish Moodalbail if (ifname == NULL || ifname[0] == '\0') { 1236e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_cur_bval); 1246e91bba0SGirish Moodalbail goto ret; 1256e91bba0SGirish Moodalbail } 1266e91bba0SGirish Moodalbail 1276e91bba0SGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE); 1286e91bba0SGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER); 1296e91bba0SGirish Moodalbail if (isv6) 1306e91bba0SGirish Moodalbail ill = ILL_START_WALK_V6(&ctx, ipst); 1316e91bba0SGirish Moodalbail else 1326e91bba0SGirish Moodalbail ill = ILL_START_WALK_V4(&ctx, ipst); 1336e91bba0SGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) { 1346e91bba0SGirish Moodalbail /* 1356e91bba0SGirish Moodalbail * if the property needs to be obtained on a particular 1366e91bba0SGirish Moodalbail * interface, look for that interface. 1376e91bba0SGirish Moodalbail */ 1386e91bba0SGirish Moodalbail if (strcmp(ifname, ill->ill_name) == 0) 1396e91bba0SGirish Moodalbail break; 1406e91bba0SGirish Moodalbail } 1416e91bba0SGirish Moodalbail if (ill == NULL) { 1426e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 1436e91bba0SGirish Moodalbail return (ENXIO); 1446e91bba0SGirish Moodalbail } 1456e91bba0SGirish Moodalbail value = ((ill->ill_flags & ILLF_ROUTER) ? B_TRUE : B_FALSE); 1466e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 1476e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", value); 1486e91bba0SGirish Moodalbail ret: 1496e91bba0SGirish Moodalbail if (nbytes >= pr_size) 1506e91bba0SGirish Moodalbail return (ENOBUFS); 1516e91bba0SGirish Moodalbail return (0); 1526e91bba0SGirish Moodalbail } 1536e91bba0SGirish Moodalbail 1546e91bba0SGirish Moodalbail /* 1556e91bba0SGirish Moodalbail * `ip_debug' is a global variable. So, we will be modifying the global 1566e91bba0SGirish Moodalbail * variable here. 1576e91bba0SGirish Moodalbail */ 1586e91bba0SGirish Moodalbail /* ARGSUSED */ 1596e91bba0SGirish Moodalbail int 160*299625c6SSebastien Roy ip_set_debug(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo, 1616e91bba0SGirish Moodalbail const char *ifname, const void* pval, uint_t flags) 1626e91bba0SGirish Moodalbail { 163*299625c6SSebastien Roy unsigned long new_value; 164f1e9465bSSowmini Varadhan int err; 1656e91bba0SGirish Moodalbail 1666e91bba0SGirish Moodalbail if (cr != NULL && secpolicy_net_config(cr, B_FALSE) != 0) 1676e91bba0SGirish Moodalbail return (EPERM); 1686e91bba0SGirish Moodalbail 169f1e9465bSSowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0) 170f1e9465bSSowmini Varadhan return (err); 1716e91bba0SGirish Moodalbail ip_debug = (uint32_t)new_value; 1726e91bba0SGirish Moodalbail return (0); 1736e91bba0SGirish Moodalbail } 1746e91bba0SGirish Moodalbail 1756e91bba0SGirish Moodalbail /* 1766e91bba0SGirish Moodalbail * ip_debug is a global property. For default, permission and value range 1776e91bba0SGirish Moodalbail * we retrieve the value from `pinfo'. However for the current value we 1786e91bba0SGirish Moodalbail * retrieve the value from the global variable `ip_debug' 1796e91bba0SGirish Moodalbail */ 1806e91bba0SGirish Moodalbail /* ARGSUSED */ 1816e91bba0SGirish Moodalbail int 182*299625c6SSebastien Roy ip_get_debug(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname, 1836e91bba0SGirish Moodalbail void *pval, uint_t psize, uint_t flags) 1846e91bba0SGirish Moodalbail { 1856e91bba0SGirish Moodalbail boolean_t get_def = (flags & MOD_PROP_DEFAULT); 1866e91bba0SGirish Moodalbail boolean_t get_perm = (flags & MOD_PROP_PERM); 1876e91bba0SGirish Moodalbail boolean_t get_range = (flags & MOD_PROP_POSSIBLE); 1886e91bba0SGirish Moodalbail size_t nbytes; 1896e91bba0SGirish Moodalbail 1906e91bba0SGirish Moodalbail bzero(pval, psize); 1916e91bba0SGirish Moodalbail if (get_perm) 1926e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", MOD_PROP_PERM_RW); 1936e91bba0SGirish Moodalbail else if (get_range) 1946e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u-%u", 1956e91bba0SGirish Moodalbail pinfo->prop_min_uval, pinfo->prop_max_uval); 1966e91bba0SGirish Moodalbail else if (get_def) 1976e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_uval); 1986e91bba0SGirish Moodalbail else 1996e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", ip_debug); 2006e91bba0SGirish Moodalbail if (nbytes >= psize) 2016e91bba0SGirish Moodalbail return (ENOBUFS); 2026e91bba0SGirish Moodalbail return (0); 2036e91bba0SGirish Moodalbail } 2046e91bba0SGirish Moodalbail 2056e91bba0SGirish Moodalbail /* 2066e91bba0SGirish Moodalbail * Set the CGTP (multirouting) filtering status. If the status is changed 2076e91bba0SGirish Moodalbail * from active to transparent or from transparent to active, forward the 2086e91bba0SGirish Moodalbail * new status to the filtering module (if loaded). 2096e91bba0SGirish Moodalbail */ 2106e91bba0SGirish Moodalbail /* ARGSUSED */ 2116e91bba0SGirish Moodalbail static int 212*299625c6SSebastien Roy ip_set_cgtp_filter(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo, 2136e91bba0SGirish Moodalbail const char *ifname, const void* pval, uint_t flags) 2146e91bba0SGirish Moodalbail { 2156e91bba0SGirish Moodalbail unsigned long new_value; 216*299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 2176e91bba0SGirish Moodalbail char *end; 2186e91bba0SGirish Moodalbail 2196e91bba0SGirish Moodalbail if (flags & MOD_PROP_DEFAULT) { 2206e91bba0SGirish Moodalbail new_value = pinfo->prop_def_bval; 2216e91bba0SGirish Moodalbail } else { 2226e91bba0SGirish Moodalbail if (ddi_strtoul(pval, &end, 10, &new_value) != 0 || 2236e91bba0SGirish Moodalbail *end != '\0' || new_value > 1) { 2246e91bba0SGirish Moodalbail return (EINVAL); 2256e91bba0SGirish Moodalbail } 2266e91bba0SGirish Moodalbail } 2276e91bba0SGirish Moodalbail if (!pinfo->prop_cur_bval && new_value) { 2286e91bba0SGirish Moodalbail cmn_err(CE_NOTE, "IP: enabling CGTP filtering%s", 2296e91bba0SGirish Moodalbail ipst->ips_ip_cgtp_filter_ops == NULL ? 2306e91bba0SGirish Moodalbail " (module not loaded)" : ""); 2316e91bba0SGirish Moodalbail } 2326e91bba0SGirish Moodalbail if (pinfo->prop_cur_bval && !new_value) { 2336e91bba0SGirish Moodalbail cmn_err(CE_NOTE, "IP: disabling CGTP filtering%s", 2346e91bba0SGirish Moodalbail ipst->ips_ip_cgtp_filter_ops == NULL ? 2356e91bba0SGirish Moodalbail " (module not loaded)" : ""); 2366e91bba0SGirish Moodalbail } 2376e91bba0SGirish Moodalbail if (ipst->ips_ip_cgtp_filter_ops != NULL) { 2386e91bba0SGirish Moodalbail int res; 2396e91bba0SGirish Moodalbail netstackid_t stackid = ipst->ips_netstack->netstack_stackid; 2406e91bba0SGirish Moodalbail 2416e91bba0SGirish Moodalbail res = ipst->ips_ip_cgtp_filter_ops->cfo_change_state(stackid, 2426e91bba0SGirish Moodalbail new_value); 2436e91bba0SGirish Moodalbail if (res) 2446e91bba0SGirish Moodalbail return (res); 2456e91bba0SGirish Moodalbail } 2466e91bba0SGirish Moodalbail pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE); 2476e91bba0SGirish Moodalbail ill_set_inputfn_all(ipst); 2486e91bba0SGirish Moodalbail return (0); 2496e91bba0SGirish Moodalbail } 2506e91bba0SGirish Moodalbail 2516e91bba0SGirish Moodalbail /* 2526e91bba0SGirish Moodalbail * Retrieve the default MTU or min-max MTU range for a given interface. 2536e91bba0SGirish Moodalbail * 2546e91bba0SGirish Moodalbail * -- ill_max_frag value tells us the maximum MTU that can be handled by the 2556e91bba0SGirish Moodalbail * datalink. This value is advertised by the driver via DLPI messages 2566e91bba0SGirish Moodalbail * (DL_NOTE_SDU_SIZE/DL_INFO_ACK). 2576e91bba0SGirish Moodalbail * 2586e91bba0SGirish Moodalbail * -- ill_current_frag for the most link-types will be same as ill_max_frag 2596e91bba0SGirish Moodalbail * to begin with. However it is dynamically computed for some link-types 2606e91bba0SGirish Moodalbail * like tunnels, based on the tunnel PMTU. 2616e91bba0SGirish Moodalbail * 2626e91bba0SGirish Moodalbail * -- ill_mtu is the user set MTU using SIOCSLIFMTU and must lie between 2636e91bba0SGirish Moodalbail * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag. 2646e91bba0SGirish Moodalbail * 2656e91bba0SGirish Moodalbail * -- ill_user_mtu is set by in.ndpd using SIOCSLIFLNKINFO and must lie between 2666e91bba0SGirish Moodalbail * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag. 2676e91bba0SGirish Moodalbail */ 2686e91bba0SGirish Moodalbail int 269*299625c6SSebastien Roy ip_get_mtu(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname, 2706e91bba0SGirish Moodalbail void *pval, uint_t psize, uint_t flags) 2716e91bba0SGirish Moodalbail { 272*299625c6SSebastien Roy ill_walk_context_t ctx; 273*299625c6SSebastien Roy ill_t *ill; 274*299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 2756e91bba0SGirish Moodalbail boolean_t isv6; 2766e91bba0SGirish Moodalbail uint32_t max_mtu, def_mtu; 2776e91bba0SGirish Moodalbail size_t nbytes = 0; 2786e91bba0SGirish Moodalbail 2796e91bba0SGirish Moodalbail if (!(flags & (MOD_PROP_DEFAULT|MOD_PROP_POSSIBLE))) 2806e91bba0SGirish Moodalbail return (ENOTSUP); 2816e91bba0SGirish Moodalbail 2826e91bba0SGirish Moodalbail if (ifname == NULL || ifname[0] == '\0') 2836e91bba0SGirish Moodalbail return (ENOTSUP); 2846e91bba0SGirish Moodalbail 2856e91bba0SGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE); 2866e91bba0SGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER); 2876e91bba0SGirish Moodalbail if (isv6) 2886e91bba0SGirish Moodalbail ill = ILL_START_WALK_V6(&ctx, ipst); 2896e91bba0SGirish Moodalbail else 2906e91bba0SGirish Moodalbail ill = ILL_START_WALK_V4(&ctx, ipst); 2916e91bba0SGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) { 2926e91bba0SGirish Moodalbail if (strcmp(ifname, ill->ill_name) == 0) 2936e91bba0SGirish Moodalbail break; 2946e91bba0SGirish Moodalbail } 2956e91bba0SGirish Moodalbail if (ill == NULL) { 2966e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 2976e91bba0SGirish Moodalbail return (ENXIO); 2986e91bba0SGirish Moodalbail } 2996e91bba0SGirish Moodalbail max_mtu = ill->ill_max_frag; 3006e91bba0SGirish Moodalbail def_mtu = ill->ill_current_frag; 3016e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 3026e91bba0SGirish Moodalbail 3036e91bba0SGirish Moodalbail if (flags & MOD_PROP_DEFAULT) { 3046e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", def_mtu); 3056e91bba0SGirish Moodalbail } else if (flags & MOD_PROP_POSSIBLE) { 3066e91bba0SGirish Moodalbail uint32_t min_mtu; 3076e91bba0SGirish Moodalbail 3086e91bba0SGirish Moodalbail min_mtu = isv6 ? IPV6_MIN_MTU : IP_MIN_MTU; 3096e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u-%u", min_mtu, max_mtu); 3106e91bba0SGirish Moodalbail } else { 3116e91bba0SGirish Moodalbail return (ENOTSUP); 3126e91bba0SGirish Moodalbail } 3136e91bba0SGirish Moodalbail 3146e91bba0SGirish Moodalbail if (nbytes >= psize) 3156e91bba0SGirish Moodalbail return (ENOBUFS); 3166e91bba0SGirish Moodalbail return (0); 3176e91bba0SGirish Moodalbail } 3186e91bba0SGirish Moodalbail 3196e91bba0SGirish Moodalbail /* 3206e91bba0SGirish Moodalbail * See the comments for ip[6]_strict_src_multihoming for an explanation 3216e91bba0SGirish Moodalbail * of the semanitcs. 3226e91bba0SGirish Moodalbail */ 323f1e9465bSSowmini Varadhan void 324f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(ulong_t new_value, ulong_t old_value, 325f1e9465bSSowmini Varadhan boolean_t isv6, ip_stack_t *ipst) 3266e91bba0SGirish Moodalbail { 327f1e9465bSSowmini Varadhan if (isv6) 328f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_src_multihoming = new_value; 329f1e9465bSSowmini Varadhan else 330f1e9465bSSowmini Varadhan ipst->ips_ip_strict_src_multihoming = new_value; 3316e91bba0SGirish Moodalbail if (new_value != old_value) { 3326e91bba0SGirish Moodalbail if (!isv6) { 3336e91bba0SGirish Moodalbail if (old_value == 0) { 3346e91bba0SGirish Moodalbail ire_walk_v4(ip_ire_rebind_walker, NULL, 3356e91bba0SGirish Moodalbail ALL_ZONES, ipst); 336f1e9465bSSowmini Varadhan } else if (new_value == 0) { 3376e91bba0SGirish Moodalbail ire_walk_v4(ip_ire_unbind_walker, NULL, 3386e91bba0SGirish Moodalbail ALL_ZONES, ipst); 3396e91bba0SGirish Moodalbail } 3406e91bba0SGirish Moodalbail ipcl_walk(conn_ire_revalidate, (void *)B_FALSE, ipst); 3416e91bba0SGirish Moodalbail } else { 3426e91bba0SGirish Moodalbail if (old_value == 0) { 3436e91bba0SGirish Moodalbail ire_walk_v6(ip_ire_rebind_walker, NULL, 3446e91bba0SGirish Moodalbail ALL_ZONES, ipst); 345f1e9465bSSowmini Varadhan } else if (new_value == 0) { 3466e91bba0SGirish Moodalbail ire_walk_v6(ip_ire_unbind_walker, NULL, 3476e91bba0SGirish Moodalbail ALL_ZONES, ipst); 3486e91bba0SGirish Moodalbail } 3496e91bba0SGirish Moodalbail ipcl_walk(conn_ire_revalidate, (void *)B_TRUE, ipst); 3506e91bba0SGirish Moodalbail } 3516e91bba0SGirish Moodalbail } 352f1e9465bSSowmini Varadhan } 353f1e9465bSSowmini Varadhan 354f1e9465bSSowmini Varadhan /* ARGSUSED */ 355f1e9465bSSowmini Varadhan static int 356*299625c6SSebastien Roy ip_set_src_multihoming(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo, 357f1e9465bSSowmini Varadhan const char *ifname, const void* pval, uint_t flags) 358f1e9465bSSowmini Varadhan { 359*299625c6SSebastien Roy unsigned long new_value, old_value; 360f1e9465bSSowmini Varadhan boolean_t isv6; 361*299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 362f1e9465bSSowmini Varadhan int err; 363f1e9465bSSowmini Varadhan 364f1e9465bSSowmini Varadhan old_value = pinfo->prop_cur_uval; 365f1e9465bSSowmini Varadhan 366f1e9465bSSowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0) 367f1e9465bSSowmini Varadhan return (err); 368f1e9465bSSowmini Varadhan pinfo->prop_cur_uval = new_value; 369f1e9465bSSowmini Varadhan isv6 = (strcmp(pinfo->mpi_name, "ip6_strict_src_multihoming") == 0); 370f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(new_value, old_value, isv6, ipst); 371f1e9465bSSowmini Varadhan return (0); 372f1e9465bSSowmini Varadhan } 373f1e9465bSSowmini Varadhan 374f1e9465bSSowmini Varadhan 375f1e9465bSSowmini Varadhan /* ARGSUSED */ 376f1e9465bSSowmini Varadhan static int 377*299625c6SSebastien Roy ip_set_hostmodel(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo, 378f1e9465bSSowmini Varadhan const char *ifname, const void* pval, uint_t flags) 379f1e9465bSSowmini Varadhan { 380f1e9465bSSowmini Varadhan ip_hostmodel_t new_value, old_value; 381*299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 382f1e9465bSSowmini Varadhan uint32_t old_src_multihoming; 383f1e9465bSSowmini Varadhan int err; 384f1e9465bSSowmini Varadhan ulong_t tmp; 385f1e9465bSSowmini Varadhan boolean_t isv6; 386f1e9465bSSowmini Varadhan 387f1e9465bSSowmini Varadhan old_value = pinfo->prop_cur_uval; 388f1e9465bSSowmini Varadhan 389f1e9465bSSowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &tmp)) != 0) 390f1e9465bSSowmini Varadhan return (err); 391f1e9465bSSowmini Varadhan new_value = tmp; 392f1e9465bSSowmini Varadhan pinfo->prop_cur_uval = new_value; 393f1e9465bSSowmini Varadhan 394f1e9465bSSowmini Varadhan switch (old_value) { 395f1e9465bSSowmini Varadhan case IP_WEAK_ES: 396f1e9465bSSowmini Varadhan old_src_multihoming = 0; 397f1e9465bSSowmini Varadhan break; 398f1e9465bSSowmini Varadhan case IP_SRC_PRI_ES: 399f1e9465bSSowmini Varadhan old_src_multihoming = 1; 400f1e9465bSSowmini Varadhan break; 401f1e9465bSSowmini Varadhan case IP_STRONG_ES: 402f1e9465bSSowmini Varadhan old_src_multihoming = 2; 403f1e9465bSSowmini Varadhan break; 404f1e9465bSSowmini Varadhan default: 405f1e9465bSSowmini Varadhan ASSERT(0); 406f1e9465bSSowmini Varadhan old_src_multihoming = IP_MAXVAL_ES; 407f1e9465bSSowmini Varadhan break; 408f1e9465bSSowmini Varadhan } 409f1e9465bSSowmini Varadhan /* 410f1e9465bSSowmini Varadhan * Changes to src_multihoming may require ire's to be rebound/unbound, 411f1e9465bSSowmini Varadhan * and also require generation number resets. Changes to dst_multihoming 412f1e9465bSSowmini Varadhan * require a simple reset of the value. 413f1e9465bSSowmini Varadhan */ 414f1e9465bSSowmini Varadhan isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6); 415f1e9465bSSowmini Varadhan if (new_value != old_value) { 416f1e9465bSSowmini Varadhan switch (new_value) { 417f1e9465bSSowmini Varadhan case IP_WEAK_ES: 418f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(0, old_src_multihoming, 419f1e9465bSSowmini Varadhan isv6, ipst); 420f1e9465bSSowmini Varadhan if (isv6) 421f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming = 0; 422f1e9465bSSowmini Varadhan else 423f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming = 0; 424f1e9465bSSowmini Varadhan break; 425f1e9465bSSowmini Varadhan case IP_SRC_PRI_ES: 426f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(1, old_src_multihoming, 427f1e9465bSSowmini Varadhan isv6, ipst); 428f1e9465bSSowmini Varadhan if (isv6) 429f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming = 0; 430f1e9465bSSowmini Varadhan else 431f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming = 0; 432f1e9465bSSowmini Varadhan break; 433f1e9465bSSowmini Varadhan case IP_STRONG_ES: 434f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(2, old_src_multihoming, 435f1e9465bSSowmini Varadhan isv6, ipst); 436f1e9465bSSowmini Varadhan if (isv6) 437f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming = 1; 438f1e9465bSSowmini Varadhan else 439f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming = 1; 440f1e9465bSSowmini Varadhan break; 441f1e9465bSSowmini Varadhan default: 442f1e9465bSSowmini Varadhan return (EINVAL); 443f1e9465bSSowmini Varadhan } 444f1e9465bSSowmini Varadhan } 445f1e9465bSSowmini Varadhan return (0); 446f1e9465bSSowmini Varadhan } 447f1e9465bSSowmini Varadhan 448f1e9465bSSowmini Varadhan /* ARGSUSED */ 449f1e9465bSSowmini Varadhan int 450*299625c6SSebastien Roy ip_get_hostmodel(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname, 451f1e9465bSSowmini Varadhan void *pval, uint_t psize, uint_t flags) 452f1e9465bSSowmini Varadhan { 453f1e9465bSSowmini Varadhan boolean_t isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6); 454*299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 455f1e9465bSSowmini Varadhan ip_hostmodel_t hostmodel; 456f1e9465bSSowmini Varadhan 457f1e9465bSSowmini Varadhan if (psize < sizeof (hostmodel)) 458f1e9465bSSowmini Varadhan return (ENOBUFS); 459f1e9465bSSowmini Varadhan bzero(pval, psize); 460f1e9465bSSowmini Varadhan if (!isv6) { 461f1e9465bSSowmini Varadhan if (ipst->ips_ip_strict_src_multihoming == 0 && 462f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming == 0) 463f1e9465bSSowmini Varadhan hostmodel = IP_WEAK_ES; 464f1e9465bSSowmini Varadhan else if (ipst->ips_ip_strict_src_multihoming == 1 && 465f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming == 0) 466f1e9465bSSowmini Varadhan hostmodel = IP_SRC_PRI_ES; 467f1e9465bSSowmini Varadhan else if (ipst->ips_ip_strict_src_multihoming == 2 && 468f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming == 1) 469f1e9465bSSowmini Varadhan hostmodel = IP_STRONG_ES; 470f1e9465bSSowmini Varadhan else 471f1e9465bSSowmini Varadhan hostmodel = IP_MAXVAL_ES; 472f1e9465bSSowmini Varadhan } else { 473f1e9465bSSowmini Varadhan if (ipst->ips_ipv6_strict_src_multihoming == 0 && 474f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 0) 475f1e9465bSSowmini Varadhan hostmodel = IP_WEAK_ES; 476f1e9465bSSowmini Varadhan else if (ipst->ips_ipv6_strict_src_multihoming == 1 && 477f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 0) 478f1e9465bSSowmini Varadhan hostmodel = IP_SRC_PRI_ES; 479f1e9465bSSowmini Varadhan else if (ipst->ips_ipv6_strict_src_multihoming == 2 && 480f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 1) 481f1e9465bSSowmini Varadhan hostmodel = IP_STRONG_ES; 482f1e9465bSSowmini Varadhan else 483f1e9465bSSowmini Varadhan hostmodel = IP_MAXVAL_ES; 484f1e9465bSSowmini Varadhan } 485f1e9465bSSowmini Varadhan bcopy(&hostmodel, pval, sizeof (hostmodel)); 4866e91bba0SGirish Moodalbail return (0); 4876e91bba0SGirish Moodalbail } 4886e91bba0SGirish Moodalbail 4896e91bba0SGirish Moodalbail /* 4906e91bba0SGirish Moodalbail * All of these are alterable, within the min/max values given, at run time. 4916e91bba0SGirish Moodalbail * 4928887b57dSGirish Moodalbail * Note: All those tunables which do not start with "_" are Committed and 4938887b57dSGirish Moodalbail * therefore are public. See PSARC 2010/080. 4946e91bba0SGirish Moodalbail */ 4956e91bba0SGirish Moodalbail mod_prop_info_t ip_propinfo_tbl[] = { 4966e91bba0SGirish Moodalbail /* tunable - 0 */ 4978887b57dSGirish Moodalbail { "_respond_to_address_mask_broadcast", MOD_PROTO_IP, 4986e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 4996e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5006e91bba0SGirish Moodalbail 5018887b57dSGirish Moodalbail { "_respond_to_echo_broadcast", MOD_PROTO_IP, 5026e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5036e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5046e91bba0SGirish Moodalbail 5058887b57dSGirish Moodalbail { "_respond_to_echo_multicast", MOD_PROTO_IPV4, 5066e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5076e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5086e91bba0SGirish Moodalbail 5098887b57dSGirish Moodalbail { "_respond_to_timestamp", MOD_PROTO_IP, 5106e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5116e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5126e91bba0SGirish Moodalbail 5138887b57dSGirish Moodalbail { "_respond_to_timestamp_broadcast", MOD_PROTO_IP, 5146e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5156e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5166e91bba0SGirish Moodalbail 5178887b57dSGirish Moodalbail { "_send_redirects", MOD_PROTO_IPV4, 5186e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5196e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5206e91bba0SGirish Moodalbail 5218887b57dSGirish Moodalbail { "_forward_directed_broadcasts", MOD_PROTO_IP, 5226e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5236e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5246e91bba0SGirish Moodalbail 5258887b57dSGirish Moodalbail { "_mrtdebug", MOD_PROTO_IP, 5266e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5276e91bba0SGirish Moodalbail {0, 10, 0}, {0} }, 5286e91bba0SGirish Moodalbail 5298887b57dSGirish Moodalbail { "_ire_reclaim_fraction", MOD_PROTO_IP, 5306e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5316e91bba0SGirish Moodalbail {1, 8, 3}, {3} }, 5326e91bba0SGirish Moodalbail 5338887b57dSGirish Moodalbail { "_nce_reclaim_fraction", MOD_PROTO_IP, 5346e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5356e91bba0SGirish Moodalbail {1, 8, 3}, {3} }, 5366e91bba0SGirish Moodalbail 5376e91bba0SGirish Moodalbail /* tunable - 10 */ 5388887b57dSGirish Moodalbail { "_dce_reclaim_fraction", MOD_PROTO_IP, 5396e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5406e91bba0SGirish Moodalbail {1, 8, 3}, {3} }, 5416e91bba0SGirish Moodalbail 5426e91bba0SGirish Moodalbail { "ttl", MOD_PROTO_IPV4, 5436e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5446e91bba0SGirish Moodalbail {1, 255, 255}, {255} }, 5456e91bba0SGirish Moodalbail 5468887b57dSGirish Moodalbail { "_forward_src_routed", MOD_PROTO_IPV4, 5476e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5486e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5496e91bba0SGirish Moodalbail 5508887b57dSGirish Moodalbail { "_wroff_extra", MOD_PROTO_IP, 5516e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5526e91bba0SGirish Moodalbail {0, 256, 32}, {32} }, 5536e91bba0SGirish Moodalbail 5546e91bba0SGirish Moodalbail /* following tunable is in seconds - a deviant! */ 5558887b57dSGirish Moodalbail { "_pathmtu_interval", MOD_PROTO_IP, 5566e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5576e91bba0SGirish Moodalbail {2, 999999999, 60*20}, {60*20} }, 5586e91bba0SGirish Moodalbail 5598887b57dSGirish Moodalbail { "_icmp_return_data_bytes", MOD_PROTO_IPV4, 5606e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5616e91bba0SGirish Moodalbail {8, 65536, 64}, {64} }, 5626e91bba0SGirish Moodalbail 5638887b57dSGirish Moodalbail { "_path_mtu_discovery", MOD_PROTO_IP, 5646e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5656e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5666e91bba0SGirish Moodalbail 5678887b57dSGirish Moodalbail { "_pmtu_min", MOD_PROTO_IP, 5686e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5696e91bba0SGirish Moodalbail {68, 65535, 576}, {576} }, 5706e91bba0SGirish Moodalbail 5718887b57dSGirish Moodalbail { "_ignore_redirect", MOD_PROTO_IPV4, 5726e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5736e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5746e91bba0SGirish Moodalbail 5758887b57dSGirish Moodalbail { "_arp_icmp_error", MOD_PROTO_IP, 5766e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5776e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5786e91bba0SGirish Moodalbail 5796e91bba0SGirish Moodalbail /* tunable - 20 */ 5808887b57dSGirish Moodalbail { "_broadcast_ttl", MOD_PROTO_IP, 5816e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5826e91bba0SGirish Moodalbail {1, 254, 1}, {1} }, 5836e91bba0SGirish Moodalbail 5848887b57dSGirish Moodalbail { "_icmp_err_interval", MOD_PROTO_IP, 5856e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5866e91bba0SGirish Moodalbail {0, 99999, 100}, {100} }, 5876e91bba0SGirish Moodalbail 5888887b57dSGirish Moodalbail { "_icmp_err_burst", MOD_PROTO_IP, 5896e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5906e91bba0SGirish Moodalbail {1, 99999, 10}, {10} }, 5916e91bba0SGirish Moodalbail 5928887b57dSGirish Moodalbail { "_reass_queue_bytes", MOD_PROTO_IP, 5936e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5946e91bba0SGirish Moodalbail {0, 999999999, 1000000}, {1000000} }, 5956e91bba0SGirish Moodalbail 5966e91bba0SGirish Moodalbail /* 5976e91bba0SGirish Moodalbail * See comments for ip_strict_src_multihoming for an explanation 5986e91bba0SGirish Moodalbail * of the semantics of ip_strict_dst_multihoming 5996e91bba0SGirish Moodalbail */ 6008887b57dSGirish Moodalbail { "_strict_dst_multihoming", MOD_PROTO_IPV4, 6016e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6026e91bba0SGirish Moodalbail {0, 1, 0}, {0} }, 6036e91bba0SGirish Moodalbail 6048887b57dSGirish Moodalbail { "_addrs_per_if", MOD_PROTO_IP, 6056e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6066e91bba0SGirish Moodalbail {1, MAX_ADDRS_PER_IF, 256}, {256} }, 6076e91bba0SGirish Moodalbail 6088887b57dSGirish Moodalbail { "_ipsec_override_persocket_policy", MOD_PROTO_IP, 6096e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6106e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 6116e91bba0SGirish Moodalbail 6128887b57dSGirish Moodalbail { "_icmp_accept_clear_messages", MOD_PROTO_IP, 6136e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6146e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6156e91bba0SGirish Moodalbail 6168887b57dSGirish Moodalbail { "_igmp_accept_clear_messages", MOD_PROTO_IP, 6176e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6186e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6196e91bba0SGirish Moodalbail 6208887b57dSGirish Moodalbail { "_ndp_delay_first_probe_time", MOD_PROTO_IP, 6216e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6226e91bba0SGirish Moodalbail {2, 999999999, ND_DELAY_FIRST_PROBE_TIME}, 6236e91bba0SGirish Moodalbail {ND_DELAY_FIRST_PROBE_TIME} }, 6246e91bba0SGirish Moodalbail 6256e91bba0SGirish Moodalbail /* tunable - 30 */ 6268887b57dSGirish Moodalbail { "_ndp_max_unicast_solicit", MOD_PROTO_IP, 6276e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6286e91bba0SGirish Moodalbail {1, 999999999, ND_MAX_UNICAST_SOLICIT}, {ND_MAX_UNICAST_SOLICIT} }, 6296e91bba0SGirish Moodalbail 6306e91bba0SGirish Moodalbail { "hoplimit", MOD_PROTO_IPV6, 6316e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6326e91bba0SGirish Moodalbail {1, 255, IPV6_MAX_HOPS}, {IPV6_MAX_HOPS} }, 6336e91bba0SGirish Moodalbail 6348887b57dSGirish Moodalbail { "_icmp_return_data_bytes", MOD_PROTO_IPV6, 6356e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6366e91bba0SGirish Moodalbail {8, IPV6_MIN_MTU, IPV6_MIN_MTU}, {IPV6_MIN_MTU} }, 6376e91bba0SGirish Moodalbail 6388887b57dSGirish Moodalbail { "_forward_src_routed", MOD_PROTO_IPV6, 6396e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6406e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 6416e91bba0SGirish Moodalbail 6428887b57dSGirish Moodalbail { "_respond_to_echo_multicast", MOD_PROTO_IPV6, 6436e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6446e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6456e91bba0SGirish Moodalbail 6468887b57dSGirish Moodalbail { "_send_redirects", MOD_PROTO_IPV6, 6476e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6486e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6496e91bba0SGirish Moodalbail 6508887b57dSGirish Moodalbail { "_ignore_redirect", MOD_PROTO_IPV6, 6516e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6526e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 6536e91bba0SGirish Moodalbail 6546e91bba0SGirish Moodalbail /* 6556e91bba0SGirish Moodalbail * See comments for ip6_strict_src_multihoming for an explanation 6566e91bba0SGirish Moodalbail * of the semantics of ip6_strict_dst_multihoming 6576e91bba0SGirish Moodalbail */ 6588887b57dSGirish Moodalbail { "_strict_dst_multihoming", MOD_PROTO_IPV6, 6596e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6606e91bba0SGirish Moodalbail {0, 1, 0}, {0} }, 6616e91bba0SGirish Moodalbail 6628887b57dSGirish Moodalbail { "_src_check", MOD_PROTO_IP, 6636e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6646e91bba0SGirish Moodalbail {0, 2, 2}, {2} }, 6656e91bba0SGirish Moodalbail 6668887b57dSGirish Moodalbail { "_ipsec_policy_log_interval", MOD_PROTO_IP, 6676e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6686e91bba0SGirish Moodalbail {0, 999999, 1000}, {1000} }, 6696e91bba0SGirish Moodalbail 6706e91bba0SGirish Moodalbail /* tunable - 40 */ 6718887b57dSGirish Moodalbail { "_pim_accept_clear_messages", MOD_PROTO_IP, 6726e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6736e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6746e91bba0SGirish Moodalbail 6758887b57dSGirish Moodalbail { "_ndp_unsolicit_interval", MOD_PROTO_IP, 6766e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6776e91bba0SGirish Moodalbail {1000, 20000, 2000}, {2000} }, 6786e91bba0SGirish Moodalbail 6798887b57dSGirish Moodalbail { "_ndp_unsolicit_count", MOD_PROTO_IP, 6806e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6816e91bba0SGirish Moodalbail {1, 20, 3}, {3} }, 6826e91bba0SGirish Moodalbail 6838887b57dSGirish Moodalbail { "_ignore_home_address_opt", MOD_PROTO_IPV6, 6846e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6856e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6866e91bba0SGirish Moodalbail 6878887b57dSGirish Moodalbail { "_policy_mask", MOD_PROTO_IP, 6886e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6896e91bba0SGirish Moodalbail {0, 15, 0}, {0} }, 6906e91bba0SGirish Moodalbail 6918887b57dSGirish Moodalbail { "_ecmp_behavior", MOD_PROTO_IP, 6926e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6936e91bba0SGirish Moodalbail {0, 2, 2}, {2} }, 6946e91bba0SGirish Moodalbail 6958887b57dSGirish Moodalbail { "_multirt_ttl", MOD_PROTO_IP, 6966e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6976e91bba0SGirish Moodalbail {0, 255, 1}, {1} }, 6986e91bba0SGirish Moodalbail 6996e91bba0SGirish Moodalbail /* following tunable is in seconds - a deviant */ 7008887b57dSGirish Moodalbail { "_ire_badcnt_lifetime", MOD_PROTO_IP, 7016e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7026e91bba0SGirish Moodalbail {0, 3600, 60}, {60} }, 7036e91bba0SGirish Moodalbail 7048887b57dSGirish Moodalbail { "_max_temp_idle", MOD_PROTO_IP, 7056e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7066e91bba0SGirish Moodalbail {0, 999999, 60*60*24}, {60*60*24} }, 7076e91bba0SGirish Moodalbail 7088887b57dSGirish Moodalbail { "_max_temp_defend", MOD_PROTO_IP, 7096e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7106e91bba0SGirish Moodalbail {0, 1000, 1}, {1} }, 7116e91bba0SGirish Moodalbail 7126e91bba0SGirish Moodalbail /* tunable - 50 */ 7136e91bba0SGirish Moodalbail /* 7146e91bba0SGirish Moodalbail * when a conflict of an active address is detected, 7156e91bba0SGirish Moodalbail * defend up to ip_max_defend times, within any 7166e91bba0SGirish Moodalbail * ip_defend_interval span. 7176e91bba0SGirish Moodalbail */ 7188887b57dSGirish Moodalbail { "_max_defend", MOD_PROTO_IP, 7196e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7206e91bba0SGirish Moodalbail {0, 1000, 3}, {3} }, 7216e91bba0SGirish Moodalbail 7228887b57dSGirish Moodalbail { "_defend_interval", MOD_PROTO_IP, 7236e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7246e91bba0SGirish Moodalbail {0, 999999, 30}, {30} }, 7256e91bba0SGirish Moodalbail 7268887b57dSGirish Moodalbail { "_dup_recovery", MOD_PROTO_IP, 7276e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7286e91bba0SGirish Moodalbail {0, 3600000, 300000}, {300000} }, 7296e91bba0SGirish Moodalbail 7308887b57dSGirish Moodalbail { "_restrict_interzone_loopback", MOD_PROTO_IP, 7316e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 7326e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 7336e91bba0SGirish Moodalbail 7348887b57dSGirish Moodalbail { "_lso_outbound", MOD_PROTO_IP, 7356e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 7366e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 7376e91bba0SGirish Moodalbail 7388887b57dSGirish Moodalbail { "_igmp_max_version", MOD_PROTO_IP, 7396e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7406e91bba0SGirish Moodalbail {IGMP_V1_ROUTER, IGMP_V3_ROUTER, IGMP_V3_ROUTER}, 7416e91bba0SGirish Moodalbail {IGMP_V3_ROUTER} }, 7426e91bba0SGirish Moodalbail 7438887b57dSGirish Moodalbail { "_mld_max_version", MOD_PROTO_IP, 7446e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7456e91bba0SGirish Moodalbail {MLD_V1_ROUTER, MLD_V2_ROUTER, MLD_V2_ROUTER}, {MLD_V2_ROUTER} }, 7466e91bba0SGirish Moodalbail 7476e91bba0SGirish Moodalbail { "forwarding", MOD_PROTO_IPV4, 7486e91bba0SGirish Moodalbail ip_set_forwarding, ip_get_forwarding, 7496e91bba0SGirish Moodalbail {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} }, 7506e91bba0SGirish Moodalbail 7516e91bba0SGirish Moodalbail { "forwarding", MOD_PROTO_IPV6, 7526e91bba0SGirish Moodalbail ip_set_forwarding, ip_get_forwarding, 7536e91bba0SGirish Moodalbail {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} }, 7546e91bba0SGirish Moodalbail 7558887b57dSGirish Moodalbail { "_reasm_timeout", MOD_PROTO_IPV4, 7566e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7576e91bba0SGirish Moodalbail {5, 255, IP_REASM_TIMEOUT}, 7586e91bba0SGirish Moodalbail {IP_REASM_TIMEOUT} }, 7596e91bba0SGirish Moodalbail 7606e91bba0SGirish Moodalbail /* tunable - 60 */ 7618887b57dSGirish Moodalbail { "_reasm_timeout", MOD_PROTO_IPV6, 7626e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7636e91bba0SGirish Moodalbail {5, 255, IPV6_REASM_TIMEOUT}, 7646e91bba0SGirish Moodalbail {IPV6_REASM_TIMEOUT} }, 7656e91bba0SGirish Moodalbail 7668887b57dSGirish Moodalbail { "_cgtp_filter", MOD_PROTO_IP, 7676e91bba0SGirish Moodalbail ip_set_cgtp_filter, mod_get_boolean, 7686e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 7696e91bba0SGirish Moodalbail 7706e91bba0SGirish Moodalbail /* delay before sending first probe: */ 7718887b57dSGirish Moodalbail { "_arp_probe_delay", MOD_PROTO_IP, 7726e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7736e91bba0SGirish Moodalbail {0, 20000, 1000}, {1000} }, 7746e91bba0SGirish Moodalbail 7758887b57dSGirish Moodalbail { "_arp_fastprobe_delay", MOD_PROTO_IP, 7766e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7776e91bba0SGirish Moodalbail {0, 20000, 100}, {100} }, 7786e91bba0SGirish Moodalbail 7796e91bba0SGirish Moodalbail /* interval at which DAD probes are sent: */ 7808887b57dSGirish Moodalbail { "_arp_probe_interval", MOD_PROTO_IP, 7816e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7826e91bba0SGirish Moodalbail {10, 20000, 1500}, {1500} }, 7836e91bba0SGirish Moodalbail 7848887b57dSGirish Moodalbail { "_arp_fastprobe_interval", MOD_PROTO_IP, 7856e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7866e91bba0SGirish Moodalbail {10, 20000, 150}, {150} }, 7876e91bba0SGirish Moodalbail 7888887b57dSGirish Moodalbail { "_arp_probe_count", MOD_PROTO_IP, 7896e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7906e91bba0SGirish Moodalbail {0, 20, 3}, {3} }, 7916e91bba0SGirish Moodalbail 7928887b57dSGirish Moodalbail { "_arp_fastprobe_count", MOD_PROTO_IP, 7936e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7946e91bba0SGirish Moodalbail {0, 20, 3}, {3} }, 7956e91bba0SGirish Moodalbail 7968887b57dSGirish Moodalbail { "_dad_announce_interval", MOD_PROTO_IPV4, 7976e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7986e91bba0SGirish Moodalbail {0, 3600000, 15000}, {15000} }, 7996e91bba0SGirish Moodalbail 8008887b57dSGirish Moodalbail { "_dad_announce_interval", MOD_PROTO_IPV6, 8016e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8026e91bba0SGirish Moodalbail {0, 3600000, 15000}, {15000} }, 8036e91bba0SGirish Moodalbail 8046e91bba0SGirish Moodalbail /* tunable - 70 */ 8056e91bba0SGirish Moodalbail /* 8066e91bba0SGirish Moodalbail * Rate limiting parameters for DAD defense used in 8076e91bba0SGirish Moodalbail * ill_defend_rate_limit(): 8086e91bba0SGirish Moodalbail * defend_rate : pkts/hour permitted 8096e91bba0SGirish Moodalbail * defend_interval : time that can elapse before we send out a 8106e91bba0SGirish Moodalbail * DAD defense. 8116e91bba0SGirish Moodalbail * defend_period: denominator for defend_rate (in seconds). 8126e91bba0SGirish Moodalbail */ 8138887b57dSGirish Moodalbail { "_arp_defend_interval", MOD_PROTO_IP, 8146e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8156e91bba0SGirish Moodalbail {0, 3600000, 300000}, {300000} }, 8166e91bba0SGirish Moodalbail 8178887b57dSGirish Moodalbail { "_arp_defend_rate", MOD_PROTO_IP, 8186e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8196e91bba0SGirish Moodalbail {0, 20000, 100}, {100} }, 8206e91bba0SGirish Moodalbail 8218887b57dSGirish Moodalbail { "_ndp_defend_interval", MOD_PROTO_IP, 8226e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8236e91bba0SGirish Moodalbail {0, 3600000, 300000}, {300000} }, 8246e91bba0SGirish Moodalbail 8258887b57dSGirish Moodalbail { "_ndp_defend_rate", MOD_PROTO_IP, 8266e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8276e91bba0SGirish Moodalbail {0, 20000, 100}, {100} }, 8286e91bba0SGirish Moodalbail 8298887b57dSGirish Moodalbail { "_arp_defend_period", MOD_PROTO_IP, 8306e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8316e91bba0SGirish Moodalbail {5, 86400, 3600}, {3600} }, 8326e91bba0SGirish Moodalbail 8338887b57dSGirish Moodalbail { "_ndp_defend_period", MOD_PROTO_IP, 8346e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8356e91bba0SGirish Moodalbail {5, 86400, 3600}, {3600} }, 8366e91bba0SGirish Moodalbail 8378887b57dSGirish Moodalbail { "_icmp_return_pmtu", MOD_PROTO_IPV4, 8386e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 8396e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 8406e91bba0SGirish Moodalbail 8418887b57dSGirish Moodalbail { "_icmp_return_pmtu", MOD_PROTO_IPV6, 8426e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 8436e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 8446e91bba0SGirish Moodalbail 8456e91bba0SGirish Moodalbail /* 8466e91bba0SGirish Moodalbail * publish count/interval values used to announce local addresses 8476e91bba0SGirish Moodalbail * for IPv4, IPv6. 8486e91bba0SGirish Moodalbail */ 8498887b57dSGirish Moodalbail { "_arp_publish_count", MOD_PROTO_IP, 8506e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8516e91bba0SGirish Moodalbail {1, 20, 5}, {5} }, 8526e91bba0SGirish Moodalbail 8538887b57dSGirish Moodalbail { "_arp_publish_interval", MOD_PROTO_IP, 8546e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8556e91bba0SGirish Moodalbail {1000, 20000, 2000}, {2000} }, 8566e91bba0SGirish Moodalbail 8576e91bba0SGirish Moodalbail /* tunable - 80 */ 8586e91bba0SGirish Moodalbail /* 8596e91bba0SGirish Moodalbail * The ip*strict_src_multihoming and ip*strict_dst_multihoming provide 8606e91bba0SGirish Moodalbail * a range of choices for setting strong/weak/preferred end-system 8616e91bba0SGirish Moodalbail * behavior. The semantics for setting these are: 8626e91bba0SGirish Moodalbail * 8636e91bba0SGirish Moodalbail * ip*_strict_dst_multihoming = 0 8646e91bba0SGirish Moodalbail * weak end system model for managing ip destination addresses. 8656e91bba0SGirish Moodalbail * A packet with IP dst D1 that's received on interface I1 will be 8666e91bba0SGirish Moodalbail * accepted as long as D1 is one of the local addresses on 8676e91bba0SGirish Moodalbail * the machine, even if D1 is not configured on I1. 8686e91bba0SGirish Moodalbail * ip*strict_dst_multihioming = 1 8696e91bba0SGirish Moodalbail * strong end system model for managing ip destination addresses. 8706e91bba0SGirish Moodalbail * A packet with IP dst D1 that's received on interface I1 will be 8716e91bba0SGirish Moodalbail * accepted if, and only if, D1 is configured on I1. 8726e91bba0SGirish Moodalbail * 8736e91bba0SGirish Moodalbail * ip*strict_src_multihoming = 0 8746e91bba0SGirish Moodalbail * Source agnostic route selection for outgoing packets: the 8756e91bba0SGirish Moodalbail * outgoing interface for a packet will be computed using 8766e91bba0SGirish Moodalbail * default algorithms for route selection, where the route 8776e91bba0SGirish Moodalbail * with the longest matching prefix is chosen for the output 8786e91bba0SGirish Moodalbail * unless other route selection constraints are explicitly 8796e91bba0SGirish Moodalbail * specified during routing table lookup. This may result 8806e91bba0SGirish Moodalbail * in packet being sent out on interface I2 with source 8816e91bba0SGirish Moodalbail * address S1, even though S1 is not a configured address on I2. 8826e91bba0SGirish Moodalbail * ip*strict_src_multihoming = 1 8836e91bba0SGirish Moodalbail * Preferred source aware route selection for outgoing packets: for 8846e91bba0SGirish Moodalbail * a packet with source S2, destination D2, the route selection 8856e91bba0SGirish Moodalbail * algorithm will first attempt to find a route for the destination 8866e91bba0SGirish Moodalbail * that goes out through an interface where S2 is 8876e91bba0SGirish Moodalbail * configured. If such a route cannot be found, then the 8886e91bba0SGirish Moodalbail * best-matching route for D2 will be selected. 8896e91bba0SGirish Moodalbail * ip*strict_src_multihoming = 2 8906e91bba0SGirish Moodalbail * Source aware route selection for outgoing packets: a packet will 8916e91bba0SGirish Moodalbail * be sent out on an interface I2 only if the src address S2 of the 8926e91bba0SGirish Moodalbail * packet is a configured address on I2. In conjunction with 8936e91bba0SGirish Moodalbail * the setting 'ip_strict_dst_multihoming == 1', this will result in 8946e91bba0SGirish Moodalbail * the implementation of Strong ES as defined in Section 3.3.4.2 of 8956e91bba0SGirish Moodalbail * RFC 1122 8966e91bba0SGirish Moodalbail */ 8978887b57dSGirish Moodalbail { "_strict_src_multihoming", MOD_PROTO_IPV4, 8986e91bba0SGirish Moodalbail ip_set_src_multihoming, mod_get_uint32, 8996e91bba0SGirish Moodalbail {0, 2, 0}, {0} }, 9006e91bba0SGirish Moodalbail 9018887b57dSGirish Moodalbail { "_strict_src_multihoming", MOD_PROTO_IPV6, 9026e91bba0SGirish Moodalbail ip_set_src_multihoming, mod_get_uint32, 9036e91bba0SGirish Moodalbail {0, 2, 0}, {0} }, 9046e91bba0SGirish Moodalbail 9056e91bba0SGirish Moodalbail #ifdef DEBUG 9068887b57dSGirish Moodalbail { "_drop_inbound_icmpv6", MOD_PROTO_IPV6, 9076e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 9086e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 9096e91bba0SGirish Moodalbail #else 9106e91bba0SGirish Moodalbail { "", 0, NULL, NULL, {0}, {0} }, 9116e91bba0SGirish Moodalbail #endif 9126e91bba0SGirish Moodalbail { "mtu", MOD_PROTO_IPV4, NULL, ip_get_mtu, {0}, {0} }, 9136e91bba0SGirish Moodalbail 9146e91bba0SGirish Moodalbail { "mtu", MOD_PROTO_IPV6, NULL, ip_get_mtu, {0}, {0} }, 9156e91bba0SGirish Moodalbail 9166e91bba0SGirish Moodalbail /* 9176e91bba0SGirish Moodalbail * The following entry is a placeholder for `ip_debug' global 9186e91bba0SGirish Moodalbail * variable. Within these callback functions, we will be 9196e91bba0SGirish Moodalbail * setting/getting the global variable 9206e91bba0SGirish Moodalbail */ 9218887b57dSGirish Moodalbail { "_debug", MOD_PROTO_IP, 9226e91bba0SGirish Moodalbail ip_set_debug, ip_get_debug, 9236e91bba0SGirish Moodalbail {0, 20, 0}, {0} }, 9246e91bba0SGirish Moodalbail 925f1e9465bSSowmini Varadhan { "hostmodel", MOD_PROTO_IPV4, ip_set_hostmodel, ip_get_hostmodel, 926f1e9465bSSowmini Varadhan {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} }, 927f1e9465bSSowmini Varadhan 928f1e9465bSSowmini Varadhan { "hostmodel", MOD_PROTO_IPV6, ip_set_hostmodel, ip_get_hostmodel, 929f1e9465bSSowmini Varadhan {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} }, 930f1e9465bSSowmini Varadhan 9316e91bba0SGirish Moodalbail { "?", MOD_PROTO_IP, NULL, mod_get_allprop, {0}, {0} }, 9326e91bba0SGirish Moodalbail 9336e91bba0SGirish Moodalbail { NULL, 0, NULL, NULL, {0}, {0} } 9346e91bba0SGirish Moodalbail }; 9356e91bba0SGirish Moodalbail 9366e91bba0SGirish Moodalbail int ip_propinfo_count = A_CNT(ip_propinfo_tbl); 937