16e91bba0SGirish Moodalbail /* 26e91bba0SGirish Moodalbail * CDDL HEADER START 36e91bba0SGirish Moodalbail * 46e91bba0SGirish Moodalbail * The contents of this file are subject to the terms of the 56e91bba0SGirish Moodalbail * Common Development and Distribution License (the "License"). 66e91bba0SGirish Moodalbail * You may not use this file except in compliance with the License. 76e91bba0SGirish Moodalbail * 86e91bba0SGirish Moodalbail * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 96e91bba0SGirish Moodalbail * or http://www.opensolaris.org/os/licensing. 106e91bba0SGirish Moodalbail * See the License for the specific language governing permissions 116e91bba0SGirish Moodalbail * and limitations under the License. 126e91bba0SGirish Moodalbail * 136e91bba0SGirish Moodalbail * When distributing Covered Code, include this CDDL HEADER in each 146e91bba0SGirish Moodalbail * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 156e91bba0SGirish Moodalbail * If applicable, add the following below this CDDL HEADER, with the 166e91bba0SGirish Moodalbail * fields enclosed by brackets "[]" replaced with your own identifying 176e91bba0SGirish Moodalbail * information: Portions Copyright [yyyy] [name of copyright owner] 186e91bba0SGirish Moodalbail * 196e91bba0SGirish Moodalbail * CDDL HEADER END 206e91bba0SGirish Moodalbail */ 216e91bba0SGirish Moodalbail /* 22*f1e9465bSSowmini Varadhan * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved. 23*f1e9465bSSowmini Varadhan * Copyright (c) 1990 Mentat Inc. 246e91bba0SGirish Moodalbail */ 256e91bba0SGirish Moodalbail 266e91bba0SGirish Moodalbail #include <inet/ip.h> 276e91bba0SGirish Moodalbail #include <inet/ip6.h> 286e91bba0SGirish Moodalbail #include <inet/ip_if.h> 296e91bba0SGirish Moodalbail #include <inet/ip_ire.h> 306e91bba0SGirish Moodalbail #include <inet/ipclassifier.h> 316e91bba0SGirish Moodalbail #include <inet/ip_impl.h> 326e91bba0SGirish Moodalbail #include <inet/tunables.h> 336e91bba0SGirish Moodalbail #include <sys/sunddi.h> 346e91bba0SGirish Moodalbail #include <sys/policy.h> 356e91bba0SGirish Moodalbail 366e91bba0SGirish Moodalbail /* How long, in seconds, we allow frags to hang around. */ 376e91bba0SGirish Moodalbail #define IP_REASM_TIMEOUT 15 386e91bba0SGirish Moodalbail #define IPV6_REASM_TIMEOUT 60 396e91bba0SGirish Moodalbail 406e91bba0SGirish Moodalbail /* 416e91bba0SGirish Moodalbail * Set ip{,6}_forwarding values. If the value is being set on an ill, 426e91bba0SGirish Moodalbail * find the ill and set the value on it. On the other hand if we are modifying 436e91bba0SGirish Moodalbail * global property, modify the global value and set the value on all the ills. 446e91bba0SGirish Moodalbail */ 456e91bba0SGirish Moodalbail /* ARGSUSED */ 466e91bba0SGirish Moodalbail static int 476e91bba0SGirish Moodalbail ip_set_forwarding(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo, 486e91bba0SGirish Moodalbail const char *ifname, const void* pval, uint_t flags) 496e91bba0SGirish Moodalbail { 506e91bba0SGirish Moodalbail char *end; 516e91bba0SGirish Moodalbail unsigned long new_value; 526e91bba0SGirish Moodalbail boolean_t per_ill, isv6; 536e91bba0SGirish Moodalbail ill_walk_context_t ctx; 546e91bba0SGirish Moodalbail ill_t *ill; 556e91bba0SGirish Moodalbail ip_stack_t *ipst = (ip_stack_t *)cbarg; 566e91bba0SGirish Moodalbail 576e91bba0SGirish Moodalbail if (flags & MOD_PROP_DEFAULT) { 586e91bba0SGirish Moodalbail new_value = pinfo->prop_def_bval; 596e91bba0SGirish Moodalbail } else { 606e91bba0SGirish Moodalbail if (ddi_strtoul(pval, &end, 10, &new_value) != 0 || 616e91bba0SGirish Moodalbail *end != '\0') 626e91bba0SGirish Moodalbail return (EINVAL); 636e91bba0SGirish Moodalbail if (new_value != B_TRUE && new_value != B_FALSE) 646e91bba0SGirish Moodalbail return (EINVAL); 656e91bba0SGirish Moodalbail } 666e91bba0SGirish Moodalbail 676e91bba0SGirish Moodalbail per_ill = (ifname != NULL && ifname[0] != '\0'); 686e91bba0SGirish Moodalbail /* 696e91bba0SGirish Moodalbail * if it's not per ill then set the global property and bring all the 706e91bba0SGirish Moodalbail * ills up to date with the new global value. 716e91bba0SGirish Moodalbail */ 726e91bba0SGirish Moodalbail if (!per_ill) 736e91bba0SGirish Moodalbail pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE); 746e91bba0SGirish Moodalbail 756e91bba0SGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE); 766e91bba0SGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER); 776e91bba0SGirish Moodalbail if (isv6) 786e91bba0SGirish Moodalbail ill = ILL_START_WALK_V6(&ctx, ipst); 796e91bba0SGirish Moodalbail else 806e91bba0SGirish Moodalbail ill = ILL_START_WALK_V4(&ctx, ipst); 816e91bba0SGirish Moodalbail 826e91bba0SGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) { 836e91bba0SGirish Moodalbail /* 846e91bba0SGirish Moodalbail * if the property needs to be set on a particular 856e91bba0SGirish Moodalbail * interface, look for that interface. 866e91bba0SGirish Moodalbail */ 876e91bba0SGirish Moodalbail if (per_ill && strcmp(ifname, ill->ill_name) != 0) 886e91bba0SGirish Moodalbail continue; 896e91bba0SGirish Moodalbail (void) ill_forward_set(ill, new_value != 0); 906e91bba0SGirish Moodalbail } 916e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 926e91bba0SGirish Moodalbail 936e91bba0SGirish Moodalbail return (0); 946e91bba0SGirish Moodalbail } 956e91bba0SGirish Moodalbail 966e91bba0SGirish Moodalbail static int 976e91bba0SGirish Moodalbail ip_get_forwarding(void *cbarg, mod_prop_info_t *pinfo, const char *ifname, 986e91bba0SGirish Moodalbail void *pval, uint_t pr_size, uint_t flags) 996e91bba0SGirish Moodalbail { 1006e91bba0SGirish Moodalbail boolean_t value; 1016e91bba0SGirish Moodalbail ill_walk_context_t ctx; 1026e91bba0SGirish Moodalbail ill_t *ill; 1036e91bba0SGirish Moodalbail ip_stack_t *ipst = (ip_stack_t *)cbarg; 1046e91bba0SGirish Moodalbail boolean_t get_def = (flags & MOD_PROP_DEFAULT); 1056e91bba0SGirish Moodalbail boolean_t get_perm = (flags & MOD_PROP_PERM); 1066e91bba0SGirish Moodalbail boolean_t isv6; 1076e91bba0SGirish Moodalbail size_t nbytes = 0; 1086e91bba0SGirish Moodalbail 1096e91bba0SGirish Moodalbail if (get_perm) { 1106e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", MOD_PROP_PERM_RW); 1116e91bba0SGirish Moodalbail goto ret; 1126e91bba0SGirish Moodalbail } else if (get_def) { 1136e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_def_bval); 1146e91bba0SGirish Moodalbail goto ret; 1156e91bba0SGirish Moodalbail } 1166e91bba0SGirish Moodalbail 1176e91bba0SGirish Moodalbail /* 1186e91bba0SGirish Moodalbail * if per interface value is not asked for return the current 1196e91bba0SGirish Moodalbail * global value 1206e91bba0SGirish Moodalbail */ 1216e91bba0SGirish Moodalbail if (ifname == NULL || ifname[0] == '\0') { 1226e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_cur_bval); 1236e91bba0SGirish Moodalbail goto ret; 1246e91bba0SGirish Moodalbail } 1256e91bba0SGirish Moodalbail 1266e91bba0SGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE); 1276e91bba0SGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER); 1286e91bba0SGirish Moodalbail if (isv6) 1296e91bba0SGirish Moodalbail ill = ILL_START_WALK_V6(&ctx, ipst); 1306e91bba0SGirish Moodalbail else 1316e91bba0SGirish Moodalbail ill = ILL_START_WALK_V4(&ctx, ipst); 1326e91bba0SGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) { 1336e91bba0SGirish Moodalbail /* 1346e91bba0SGirish Moodalbail * if the property needs to be obtained on a particular 1356e91bba0SGirish Moodalbail * interface, look for that interface. 1366e91bba0SGirish Moodalbail */ 1376e91bba0SGirish Moodalbail if (strcmp(ifname, ill->ill_name) == 0) 1386e91bba0SGirish Moodalbail break; 1396e91bba0SGirish Moodalbail } 1406e91bba0SGirish Moodalbail if (ill == NULL) { 1416e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 1426e91bba0SGirish Moodalbail return (ENXIO); 1436e91bba0SGirish Moodalbail } 1446e91bba0SGirish Moodalbail value = ((ill->ill_flags & ILLF_ROUTER) ? B_TRUE : B_FALSE); 1456e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 1466e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", value); 1476e91bba0SGirish Moodalbail ret: 1486e91bba0SGirish Moodalbail if (nbytes >= pr_size) 1496e91bba0SGirish Moodalbail return (ENOBUFS); 1506e91bba0SGirish Moodalbail return (0); 1516e91bba0SGirish Moodalbail } 1526e91bba0SGirish Moodalbail 1536e91bba0SGirish Moodalbail /* 1546e91bba0SGirish Moodalbail * `ip_debug' is a global variable. So, we will be modifying the global 1556e91bba0SGirish Moodalbail * variable here. 1566e91bba0SGirish Moodalbail */ 1576e91bba0SGirish Moodalbail /* ARGSUSED */ 1586e91bba0SGirish Moodalbail int 1596e91bba0SGirish Moodalbail ip_set_debug(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo, 1606e91bba0SGirish Moodalbail const char *ifname, const void* pval, uint_t flags) 1616e91bba0SGirish Moodalbail { 1626e91bba0SGirish Moodalbail unsigned long new_value; 163*f1e9465bSSowmini Varadhan int err; 1646e91bba0SGirish Moodalbail 1656e91bba0SGirish Moodalbail if (cr != NULL && secpolicy_net_config(cr, B_FALSE) != 0) 1666e91bba0SGirish Moodalbail return (EPERM); 1676e91bba0SGirish Moodalbail 168*f1e9465bSSowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0) 169*f1e9465bSSowmini Varadhan return (err); 1706e91bba0SGirish Moodalbail ip_debug = (uint32_t)new_value; 1716e91bba0SGirish Moodalbail return (0); 1726e91bba0SGirish Moodalbail } 1736e91bba0SGirish Moodalbail 1746e91bba0SGirish Moodalbail /* 1756e91bba0SGirish Moodalbail * ip_debug is a global property. For default, permission and value range 1766e91bba0SGirish Moodalbail * we retrieve the value from `pinfo'. However for the current value we 1776e91bba0SGirish Moodalbail * retrieve the value from the global variable `ip_debug' 1786e91bba0SGirish Moodalbail */ 1796e91bba0SGirish Moodalbail /* ARGSUSED */ 1806e91bba0SGirish Moodalbail int 1816e91bba0SGirish Moodalbail ip_get_debug(void *cbarg, mod_prop_info_t *pinfo, const char *ifname, 1826e91bba0SGirish Moodalbail void *pval, uint_t psize, uint_t flags) 1836e91bba0SGirish Moodalbail { 1846e91bba0SGirish Moodalbail boolean_t get_def = (flags & MOD_PROP_DEFAULT); 1856e91bba0SGirish Moodalbail boolean_t get_perm = (flags & MOD_PROP_PERM); 1866e91bba0SGirish Moodalbail boolean_t get_range = (flags & MOD_PROP_POSSIBLE); 1876e91bba0SGirish Moodalbail size_t nbytes; 1886e91bba0SGirish Moodalbail 1896e91bba0SGirish Moodalbail bzero(pval, psize); 1906e91bba0SGirish Moodalbail if (get_perm) 1916e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", MOD_PROP_PERM_RW); 1926e91bba0SGirish Moodalbail else if (get_range) 1936e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u-%u", 1946e91bba0SGirish Moodalbail pinfo->prop_min_uval, pinfo->prop_max_uval); 1956e91bba0SGirish Moodalbail else if (get_def) 1966e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_uval); 1976e91bba0SGirish Moodalbail else 1986e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", ip_debug); 1996e91bba0SGirish Moodalbail if (nbytes >= psize) 2006e91bba0SGirish Moodalbail return (ENOBUFS); 2016e91bba0SGirish Moodalbail return (0); 2026e91bba0SGirish Moodalbail } 2036e91bba0SGirish Moodalbail 2046e91bba0SGirish Moodalbail /* 2056e91bba0SGirish Moodalbail * Set the CGTP (multirouting) filtering status. If the status is changed 2066e91bba0SGirish Moodalbail * from active to transparent or from transparent to active, forward the 2076e91bba0SGirish Moodalbail * new status to the filtering module (if loaded). 2086e91bba0SGirish Moodalbail */ 2096e91bba0SGirish Moodalbail /* ARGSUSED */ 2106e91bba0SGirish Moodalbail static int 2116e91bba0SGirish Moodalbail ip_set_cgtp_filter(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo, 2126e91bba0SGirish Moodalbail const char *ifname, const void* pval, uint_t flags) 2136e91bba0SGirish Moodalbail { 2146e91bba0SGirish Moodalbail unsigned long new_value; 2156e91bba0SGirish Moodalbail ip_stack_t *ipst = (ip_stack_t *)cbarg; 2166e91bba0SGirish Moodalbail char *end; 2176e91bba0SGirish Moodalbail 2186e91bba0SGirish Moodalbail if (flags & MOD_PROP_DEFAULT) { 2196e91bba0SGirish Moodalbail new_value = pinfo->prop_def_bval; 2206e91bba0SGirish Moodalbail } else { 2216e91bba0SGirish Moodalbail if (ddi_strtoul(pval, &end, 10, &new_value) != 0 || 2226e91bba0SGirish Moodalbail *end != '\0' || new_value > 1) { 2236e91bba0SGirish Moodalbail return (EINVAL); 2246e91bba0SGirish Moodalbail } 2256e91bba0SGirish Moodalbail } 2266e91bba0SGirish Moodalbail if (!pinfo->prop_cur_bval && new_value) { 2276e91bba0SGirish Moodalbail cmn_err(CE_NOTE, "IP: enabling CGTP filtering%s", 2286e91bba0SGirish Moodalbail ipst->ips_ip_cgtp_filter_ops == NULL ? 2296e91bba0SGirish Moodalbail " (module not loaded)" : ""); 2306e91bba0SGirish Moodalbail } 2316e91bba0SGirish Moodalbail if (pinfo->prop_cur_bval && !new_value) { 2326e91bba0SGirish Moodalbail cmn_err(CE_NOTE, "IP: disabling CGTP filtering%s", 2336e91bba0SGirish Moodalbail ipst->ips_ip_cgtp_filter_ops == NULL ? 2346e91bba0SGirish Moodalbail " (module not loaded)" : ""); 2356e91bba0SGirish Moodalbail } 2366e91bba0SGirish Moodalbail if (ipst->ips_ip_cgtp_filter_ops != NULL) { 2376e91bba0SGirish Moodalbail int res; 2386e91bba0SGirish Moodalbail netstackid_t stackid = ipst->ips_netstack->netstack_stackid; 2396e91bba0SGirish Moodalbail 2406e91bba0SGirish Moodalbail res = ipst->ips_ip_cgtp_filter_ops->cfo_change_state(stackid, 2416e91bba0SGirish Moodalbail new_value); 2426e91bba0SGirish Moodalbail if (res) 2436e91bba0SGirish Moodalbail return (res); 2446e91bba0SGirish Moodalbail } 2456e91bba0SGirish Moodalbail pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE); 2466e91bba0SGirish Moodalbail ill_set_inputfn_all(ipst); 2476e91bba0SGirish Moodalbail return (0); 2486e91bba0SGirish Moodalbail } 2496e91bba0SGirish Moodalbail 2506e91bba0SGirish Moodalbail /* 2516e91bba0SGirish Moodalbail * Retrieve the default MTU or min-max MTU range for a given interface. 2526e91bba0SGirish Moodalbail * 2536e91bba0SGirish Moodalbail * -- ill_max_frag value tells us the maximum MTU that can be handled by the 2546e91bba0SGirish Moodalbail * datalink. This value is advertised by the driver via DLPI messages 2556e91bba0SGirish Moodalbail * (DL_NOTE_SDU_SIZE/DL_INFO_ACK). 2566e91bba0SGirish Moodalbail * 2576e91bba0SGirish Moodalbail * -- ill_current_frag for the most link-types will be same as ill_max_frag 2586e91bba0SGirish Moodalbail * to begin with. However it is dynamically computed for some link-types 2596e91bba0SGirish Moodalbail * like tunnels, based on the tunnel PMTU. 2606e91bba0SGirish Moodalbail * 2616e91bba0SGirish Moodalbail * -- ill_mtu is the user set MTU using SIOCSLIFMTU and must lie between 2626e91bba0SGirish Moodalbail * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag. 2636e91bba0SGirish Moodalbail * 2646e91bba0SGirish Moodalbail * -- ill_user_mtu is set by in.ndpd using SIOCSLIFLNKINFO and must lie between 2656e91bba0SGirish Moodalbail * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag. 2666e91bba0SGirish Moodalbail */ 2676e91bba0SGirish Moodalbail int 2686e91bba0SGirish Moodalbail ip_get_mtu(void *cbarg, mod_prop_info_t *pinfo, const char *ifname, 2696e91bba0SGirish Moodalbail void *pval, uint_t psize, uint_t flags) 2706e91bba0SGirish Moodalbail { 2716e91bba0SGirish Moodalbail ill_walk_context_t ctx; 2726e91bba0SGirish Moodalbail ill_t *ill; 2736e91bba0SGirish Moodalbail ip_stack_t *ipst = (ip_stack_t *)cbarg; 2746e91bba0SGirish Moodalbail boolean_t isv6; 2756e91bba0SGirish Moodalbail uint32_t max_mtu, def_mtu; 2766e91bba0SGirish Moodalbail size_t nbytes = 0; 2776e91bba0SGirish Moodalbail 2786e91bba0SGirish Moodalbail if (!(flags & (MOD_PROP_DEFAULT|MOD_PROP_POSSIBLE))) 2796e91bba0SGirish Moodalbail return (ENOTSUP); 2806e91bba0SGirish Moodalbail 2816e91bba0SGirish Moodalbail if (ifname == NULL || ifname[0] == '\0') 2826e91bba0SGirish Moodalbail return (ENOTSUP); 2836e91bba0SGirish Moodalbail 2846e91bba0SGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE); 2856e91bba0SGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER); 2866e91bba0SGirish Moodalbail if (isv6) 2876e91bba0SGirish Moodalbail ill = ILL_START_WALK_V6(&ctx, ipst); 2886e91bba0SGirish Moodalbail else 2896e91bba0SGirish Moodalbail ill = ILL_START_WALK_V4(&ctx, ipst); 2906e91bba0SGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) { 2916e91bba0SGirish Moodalbail if (strcmp(ifname, ill->ill_name) == 0) 2926e91bba0SGirish Moodalbail break; 2936e91bba0SGirish Moodalbail } 2946e91bba0SGirish Moodalbail if (ill == NULL) { 2956e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 2966e91bba0SGirish Moodalbail return (ENXIO); 2976e91bba0SGirish Moodalbail } 2986e91bba0SGirish Moodalbail max_mtu = ill->ill_max_frag; 2996e91bba0SGirish Moodalbail def_mtu = ill->ill_current_frag; 3006e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 3016e91bba0SGirish Moodalbail 3026e91bba0SGirish Moodalbail if (flags & MOD_PROP_DEFAULT) { 3036e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", def_mtu); 3046e91bba0SGirish Moodalbail } else if (flags & MOD_PROP_POSSIBLE) { 3056e91bba0SGirish Moodalbail uint32_t min_mtu; 3066e91bba0SGirish Moodalbail 3076e91bba0SGirish Moodalbail min_mtu = isv6 ? IPV6_MIN_MTU : IP_MIN_MTU; 3086e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u-%u", min_mtu, max_mtu); 3096e91bba0SGirish Moodalbail } else { 3106e91bba0SGirish Moodalbail return (ENOTSUP); 3116e91bba0SGirish Moodalbail } 3126e91bba0SGirish Moodalbail 3136e91bba0SGirish Moodalbail if (nbytes >= psize) 3146e91bba0SGirish Moodalbail return (ENOBUFS); 3156e91bba0SGirish Moodalbail return (0); 3166e91bba0SGirish Moodalbail } 3176e91bba0SGirish Moodalbail 3186e91bba0SGirish Moodalbail /* 3196e91bba0SGirish Moodalbail * See the comments for ip[6]_strict_src_multihoming for an explanation 3206e91bba0SGirish Moodalbail * of the semanitcs. 3216e91bba0SGirish Moodalbail */ 322*f1e9465bSSowmini Varadhan void 323*f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(ulong_t new_value, ulong_t old_value, 324*f1e9465bSSowmini Varadhan boolean_t isv6, ip_stack_t *ipst) 3256e91bba0SGirish Moodalbail { 326*f1e9465bSSowmini Varadhan if (isv6) 327*f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_src_multihoming = new_value; 328*f1e9465bSSowmini Varadhan else 329*f1e9465bSSowmini Varadhan ipst->ips_ip_strict_src_multihoming = new_value; 3306e91bba0SGirish Moodalbail if (new_value != old_value) { 3316e91bba0SGirish Moodalbail if (!isv6) { 3326e91bba0SGirish Moodalbail if (old_value == 0) { 3336e91bba0SGirish Moodalbail ire_walk_v4(ip_ire_rebind_walker, NULL, 3346e91bba0SGirish Moodalbail ALL_ZONES, ipst); 335*f1e9465bSSowmini Varadhan } else if (new_value == 0) { 3366e91bba0SGirish Moodalbail ire_walk_v4(ip_ire_unbind_walker, NULL, 3376e91bba0SGirish Moodalbail ALL_ZONES, ipst); 3386e91bba0SGirish Moodalbail } 3396e91bba0SGirish Moodalbail ipcl_walk(conn_ire_revalidate, (void *)B_FALSE, ipst); 3406e91bba0SGirish Moodalbail } else { 3416e91bba0SGirish Moodalbail if (old_value == 0) { 3426e91bba0SGirish Moodalbail ire_walk_v6(ip_ire_rebind_walker, NULL, 3436e91bba0SGirish Moodalbail ALL_ZONES, ipst); 344*f1e9465bSSowmini Varadhan } else if (new_value == 0) { 3456e91bba0SGirish Moodalbail ire_walk_v6(ip_ire_unbind_walker, NULL, 3466e91bba0SGirish Moodalbail ALL_ZONES, ipst); 3476e91bba0SGirish Moodalbail } 3486e91bba0SGirish Moodalbail ipcl_walk(conn_ire_revalidate, (void *)B_TRUE, ipst); 3496e91bba0SGirish Moodalbail } 3506e91bba0SGirish Moodalbail } 351*f1e9465bSSowmini Varadhan } 352*f1e9465bSSowmini Varadhan 353*f1e9465bSSowmini Varadhan /* ARGSUSED */ 354*f1e9465bSSowmini Varadhan static int 355*f1e9465bSSowmini Varadhan ip_set_src_multihoming(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo, 356*f1e9465bSSowmini Varadhan const char *ifname, const void* pval, uint_t flags) 357*f1e9465bSSowmini Varadhan { 358*f1e9465bSSowmini Varadhan unsigned long new_value, old_value; 359*f1e9465bSSowmini Varadhan boolean_t isv6; 360*f1e9465bSSowmini Varadhan ip_stack_t *ipst = (ip_stack_t *)cbarg; 361*f1e9465bSSowmini Varadhan int err; 362*f1e9465bSSowmini Varadhan 363*f1e9465bSSowmini Varadhan old_value = pinfo->prop_cur_uval; 364*f1e9465bSSowmini Varadhan 365*f1e9465bSSowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0) 366*f1e9465bSSowmini Varadhan return (err); 367*f1e9465bSSowmini Varadhan pinfo->prop_cur_uval = new_value; 368*f1e9465bSSowmini Varadhan isv6 = (strcmp(pinfo->mpi_name, "ip6_strict_src_multihoming") == 0); 369*f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(new_value, old_value, isv6, ipst); 370*f1e9465bSSowmini Varadhan return (0); 371*f1e9465bSSowmini Varadhan } 372*f1e9465bSSowmini Varadhan 373*f1e9465bSSowmini Varadhan 374*f1e9465bSSowmini Varadhan /* ARGSUSED */ 375*f1e9465bSSowmini Varadhan static int 376*f1e9465bSSowmini Varadhan ip_set_hostmodel(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo, 377*f1e9465bSSowmini Varadhan const char *ifname, const void* pval, uint_t flags) 378*f1e9465bSSowmini Varadhan { 379*f1e9465bSSowmini Varadhan ip_hostmodel_t new_value, old_value; 380*f1e9465bSSowmini Varadhan ip_stack_t *ipst = (ip_stack_t *)cbarg; 381*f1e9465bSSowmini Varadhan uint32_t old_src_multihoming; 382*f1e9465bSSowmini Varadhan int err; 383*f1e9465bSSowmini Varadhan ulong_t tmp; 384*f1e9465bSSowmini Varadhan boolean_t isv6; 385*f1e9465bSSowmini Varadhan 386*f1e9465bSSowmini Varadhan old_value = pinfo->prop_cur_uval; 387*f1e9465bSSowmini Varadhan 388*f1e9465bSSowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &tmp)) != 0) 389*f1e9465bSSowmini Varadhan return (err); 390*f1e9465bSSowmini Varadhan new_value = tmp; 391*f1e9465bSSowmini Varadhan pinfo->prop_cur_uval = new_value; 392*f1e9465bSSowmini Varadhan 393*f1e9465bSSowmini Varadhan switch (old_value) { 394*f1e9465bSSowmini Varadhan case IP_WEAK_ES: 395*f1e9465bSSowmini Varadhan old_src_multihoming = 0; 396*f1e9465bSSowmini Varadhan break; 397*f1e9465bSSowmini Varadhan case IP_SRC_PRI_ES: 398*f1e9465bSSowmini Varadhan old_src_multihoming = 1; 399*f1e9465bSSowmini Varadhan break; 400*f1e9465bSSowmini Varadhan case IP_STRONG_ES: 401*f1e9465bSSowmini Varadhan old_src_multihoming = 2; 402*f1e9465bSSowmini Varadhan break; 403*f1e9465bSSowmini Varadhan default: 404*f1e9465bSSowmini Varadhan ASSERT(0); 405*f1e9465bSSowmini Varadhan old_src_multihoming = IP_MAXVAL_ES; 406*f1e9465bSSowmini Varadhan break; 407*f1e9465bSSowmini Varadhan } 408*f1e9465bSSowmini Varadhan /* 409*f1e9465bSSowmini Varadhan * Changes to src_multihoming may require ire's to be rebound/unbound, 410*f1e9465bSSowmini Varadhan * and also require generation number resets. Changes to dst_multihoming 411*f1e9465bSSowmini Varadhan * require a simple reset of the value. 412*f1e9465bSSowmini Varadhan */ 413*f1e9465bSSowmini Varadhan isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6); 414*f1e9465bSSowmini Varadhan if (new_value != old_value) { 415*f1e9465bSSowmini Varadhan switch (new_value) { 416*f1e9465bSSowmini Varadhan case IP_WEAK_ES: 417*f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(0, old_src_multihoming, 418*f1e9465bSSowmini Varadhan isv6, ipst); 419*f1e9465bSSowmini Varadhan if (isv6) 420*f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming = 0; 421*f1e9465bSSowmini Varadhan else 422*f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming = 0; 423*f1e9465bSSowmini Varadhan break; 424*f1e9465bSSowmini Varadhan case IP_SRC_PRI_ES: 425*f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(1, old_src_multihoming, 426*f1e9465bSSowmini Varadhan isv6, ipst); 427*f1e9465bSSowmini Varadhan if (isv6) 428*f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming = 0; 429*f1e9465bSSowmini Varadhan else 430*f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming = 0; 431*f1e9465bSSowmini Varadhan break; 432*f1e9465bSSowmini Varadhan case IP_STRONG_ES: 433*f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(2, old_src_multihoming, 434*f1e9465bSSowmini Varadhan isv6, ipst); 435*f1e9465bSSowmini Varadhan if (isv6) 436*f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming = 1; 437*f1e9465bSSowmini Varadhan else 438*f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming = 1; 439*f1e9465bSSowmini Varadhan break; 440*f1e9465bSSowmini Varadhan default: 441*f1e9465bSSowmini Varadhan return (EINVAL); 442*f1e9465bSSowmini Varadhan } 443*f1e9465bSSowmini Varadhan } 444*f1e9465bSSowmini Varadhan return (0); 445*f1e9465bSSowmini Varadhan } 446*f1e9465bSSowmini Varadhan 447*f1e9465bSSowmini Varadhan /* ARGSUSED */ 448*f1e9465bSSowmini Varadhan int 449*f1e9465bSSowmini Varadhan ip_get_hostmodel(void *cbarg, mod_prop_info_t *pinfo, const char *ifname, 450*f1e9465bSSowmini Varadhan void *pval, uint_t psize, uint_t flags) 451*f1e9465bSSowmini Varadhan { 452*f1e9465bSSowmini Varadhan boolean_t isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6); 453*f1e9465bSSowmini Varadhan ip_stack_t *ipst = cbarg; 454*f1e9465bSSowmini Varadhan ip_hostmodel_t hostmodel; 455*f1e9465bSSowmini Varadhan 456*f1e9465bSSowmini Varadhan if (psize < sizeof (hostmodel)) 457*f1e9465bSSowmini Varadhan return (ENOBUFS); 458*f1e9465bSSowmini Varadhan bzero(pval, psize); 459*f1e9465bSSowmini Varadhan if (!isv6) { 460*f1e9465bSSowmini Varadhan if (ipst->ips_ip_strict_src_multihoming == 0 && 461*f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming == 0) 462*f1e9465bSSowmini Varadhan hostmodel = IP_WEAK_ES; 463*f1e9465bSSowmini Varadhan else if (ipst->ips_ip_strict_src_multihoming == 1 && 464*f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming == 0) 465*f1e9465bSSowmini Varadhan hostmodel = IP_SRC_PRI_ES; 466*f1e9465bSSowmini Varadhan else if (ipst->ips_ip_strict_src_multihoming == 2 && 467*f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming == 1) 468*f1e9465bSSowmini Varadhan hostmodel = IP_STRONG_ES; 469*f1e9465bSSowmini Varadhan else 470*f1e9465bSSowmini Varadhan hostmodel = IP_MAXVAL_ES; 471*f1e9465bSSowmini Varadhan } else { 472*f1e9465bSSowmini Varadhan if (ipst->ips_ipv6_strict_src_multihoming == 0 && 473*f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 0) 474*f1e9465bSSowmini Varadhan hostmodel = IP_WEAK_ES; 475*f1e9465bSSowmini Varadhan else if (ipst->ips_ipv6_strict_src_multihoming == 1 && 476*f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 0) 477*f1e9465bSSowmini Varadhan hostmodel = IP_SRC_PRI_ES; 478*f1e9465bSSowmini Varadhan else if (ipst->ips_ipv6_strict_src_multihoming == 2 && 479*f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 1) 480*f1e9465bSSowmini Varadhan hostmodel = IP_STRONG_ES; 481*f1e9465bSSowmini Varadhan else 482*f1e9465bSSowmini Varadhan hostmodel = IP_MAXVAL_ES; 483*f1e9465bSSowmini Varadhan } 484*f1e9465bSSowmini Varadhan bcopy(&hostmodel, pval, sizeof (hostmodel)); 4856e91bba0SGirish Moodalbail return (0); 4866e91bba0SGirish Moodalbail } 4876e91bba0SGirish Moodalbail 4886e91bba0SGirish Moodalbail /* 4896e91bba0SGirish Moodalbail * All of these are alterable, within the min/max values given, at run time. 4906e91bba0SGirish Moodalbail * 4916e91bba0SGirish Moodalbail * Note: All those tunables which do not start with "ip_" are Committed and 4926e91bba0SGirish Moodalbail * therefore are public. See PSARC 2009/306. 4936e91bba0SGirish Moodalbail */ 4946e91bba0SGirish Moodalbail mod_prop_info_t ip_propinfo_tbl[] = { 4956e91bba0SGirish Moodalbail /* tunable - 0 */ 4966e91bba0SGirish Moodalbail { "ip_respond_to_address_mask_broadcast", MOD_PROTO_IP, 4976e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 4986e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 4996e91bba0SGirish Moodalbail 5006e91bba0SGirish Moodalbail { "ip_respond_to_echo_broadcast", MOD_PROTO_IP, 5016e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5026e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5036e91bba0SGirish Moodalbail 5046e91bba0SGirish Moodalbail { "ip_respond_to_echo_multicast", MOD_PROTO_IP, 5056e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5066e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5076e91bba0SGirish Moodalbail 5086e91bba0SGirish Moodalbail { "ip_respond_to_timestamp", MOD_PROTO_IP, 5096e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5106e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5116e91bba0SGirish Moodalbail 5126e91bba0SGirish Moodalbail { "ip_respond_to_timestamp_broadcast", MOD_PROTO_IP, 5136e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5146e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5156e91bba0SGirish Moodalbail 5166e91bba0SGirish Moodalbail { "ip_send_redirects", MOD_PROTO_IP, 5176e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5186e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5196e91bba0SGirish Moodalbail 5206e91bba0SGirish Moodalbail { "ip_forward_directed_broadcasts", MOD_PROTO_IP, 5216e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5226e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5236e91bba0SGirish Moodalbail 5246e91bba0SGirish Moodalbail { "ip_mrtdebug", MOD_PROTO_IP, 5256e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5266e91bba0SGirish Moodalbail {0, 10, 0}, {0} }, 5276e91bba0SGirish Moodalbail 5286e91bba0SGirish Moodalbail { "ip_ire_reclaim_fraction", MOD_PROTO_IP, 5296e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5306e91bba0SGirish Moodalbail {1, 8, 3}, {3} }, 5316e91bba0SGirish Moodalbail 5326e91bba0SGirish Moodalbail { "ip_nce_reclaim_fraction", MOD_PROTO_IP, 5336e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5346e91bba0SGirish Moodalbail {1, 8, 3}, {3} }, 5356e91bba0SGirish Moodalbail 5366e91bba0SGirish Moodalbail /* tunable - 10 */ 5376e91bba0SGirish Moodalbail { "ip_dce_reclaim_fraction", MOD_PROTO_IP, 5386e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5396e91bba0SGirish Moodalbail {1, 8, 3}, {3} }, 5406e91bba0SGirish Moodalbail 5416e91bba0SGirish Moodalbail { "ttl", MOD_PROTO_IPV4, 5426e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5436e91bba0SGirish Moodalbail {1, 255, 255}, {255} }, 5446e91bba0SGirish Moodalbail 5456e91bba0SGirish Moodalbail { "ip_forward_src_routed", MOD_PROTO_IP, 5466e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5476e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5486e91bba0SGirish Moodalbail 5496e91bba0SGirish Moodalbail { "ip_wroff_extra", MOD_PROTO_IP, 5506e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5516e91bba0SGirish Moodalbail {0, 256, 32}, {32} }, 5526e91bba0SGirish Moodalbail 5536e91bba0SGirish Moodalbail /* following tunable is in seconds - a deviant! */ 5546e91bba0SGirish Moodalbail { "ip_pathmtu_interval", MOD_PROTO_IP, 5556e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5566e91bba0SGirish Moodalbail {2, 999999999, 60*20}, {60*20} }, 5576e91bba0SGirish Moodalbail 5586e91bba0SGirish Moodalbail { "ip_icmp_return_data_bytes", MOD_PROTO_IP, 5596e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5606e91bba0SGirish Moodalbail {8, 65536, 64}, {64} }, 5616e91bba0SGirish Moodalbail 5626e91bba0SGirish Moodalbail { "ip_path_mtu_discovery", MOD_PROTO_IP, 5636e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5646e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5656e91bba0SGirish Moodalbail 5666e91bba0SGirish Moodalbail { "ip_pmtu_min", MOD_PROTO_IP, 5676e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5686e91bba0SGirish Moodalbail {68, 65535, 576}, {576} }, 5696e91bba0SGirish Moodalbail 5706e91bba0SGirish Moodalbail { "ip_ignore_redirect", MOD_PROTO_IP, 5716e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5726e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5736e91bba0SGirish Moodalbail 5746e91bba0SGirish Moodalbail { "ip_arp_icmp_error", MOD_PROTO_IP, 5756e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5766e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5776e91bba0SGirish Moodalbail 5786e91bba0SGirish Moodalbail /* tunable - 20 */ 5796e91bba0SGirish Moodalbail { "ip_broadcast_ttl", MOD_PROTO_IP, 5806e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5816e91bba0SGirish Moodalbail {1, 254, 1}, {1} }, 5826e91bba0SGirish Moodalbail 5836e91bba0SGirish Moodalbail { "ip_icmp_err_interval", MOD_PROTO_IP, 5846e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5856e91bba0SGirish Moodalbail {0, 99999, 100}, {100} }, 5866e91bba0SGirish Moodalbail 5876e91bba0SGirish Moodalbail { "ip_icmp_err_burst", MOD_PROTO_IP, 5886e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5896e91bba0SGirish Moodalbail {1, 99999, 10}, {10} }, 5906e91bba0SGirish Moodalbail 5916e91bba0SGirish Moodalbail { "ip_reass_queue_bytes", MOD_PROTO_IP, 5926e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5936e91bba0SGirish Moodalbail {0, 999999999, 1000000}, {1000000} }, 5946e91bba0SGirish Moodalbail 5956e91bba0SGirish Moodalbail /* 5966e91bba0SGirish Moodalbail * See comments for ip_strict_src_multihoming for an explanation 5976e91bba0SGirish Moodalbail * of the semantics of ip_strict_dst_multihoming 5986e91bba0SGirish Moodalbail */ 5996e91bba0SGirish Moodalbail { "ip_strict_dst_multihoming", MOD_PROTO_IP, 6006e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6016e91bba0SGirish Moodalbail {0, 1, 0}, {0} }, 6026e91bba0SGirish Moodalbail 6036e91bba0SGirish Moodalbail { "ip_addrs_per_if", MOD_PROTO_IP, 6046e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6056e91bba0SGirish Moodalbail {1, MAX_ADDRS_PER_IF, 256}, {256} }, 6066e91bba0SGirish Moodalbail 6076e91bba0SGirish Moodalbail { "ipsec_override_persocket_policy", MOD_PROTO_IP, 6086e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6096e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 6106e91bba0SGirish Moodalbail 6116e91bba0SGirish Moodalbail { "icmp_accept_clear_messages", MOD_PROTO_IP, 6126e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6136e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6146e91bba0SGirish Moodalbail 6156e91bba0SGirish Moodalbail { "igmp_accept_clear_messages", MOD_PROTO_IP, 6166e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6176e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6186e91bba0SGirish Moodalbail 6196e91bba0SGirish Moodalbail { "ip_ndp_delay_first_probe_time", MOD_PROTO_IP, 6206e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6216e91bba0SGirish Moodalbail {2, 999999999, ND_DELAY_FIRST_PROBE_TIME}, 6226e91bba0SGirish Moodalbail {ND_DELAY_FIRST_PROBE_TIME} }, 6236e91bba0SGirish Moodalbail 6246e91bba0SGirish Moodalbail /* tunable - 30 */ 6256e91bba0SGirish Moodalbail { "ip_ndp_max_unicast_solicit", MOD_PROTO_IP, 6266e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6276e91bba0SGirish Moodalbail {1, 999999999, ND_MAX_UNICAST_SOLICIT}, {ND_MAX_UNICAST_SOLICIT} }, 6286e91bba0SGirish Moodalbail 6296e91bba0SGirish Moodalbail { "hoplimit", MOD_PROTO_IPV6, 6306e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6316e91bba0SGirish Moodalbail {1, 255, IPV6_MAX_HOPS}, {IPV6_MAX_HOPS} }, 6326e91bba0SGirish Moodalbail 6336e91bba0SGirish Moodalbail { "ip6_icmp_return_data_bytes", MOD_PROTO_IP, 6346e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6356e91bba0SGirish Moodalbail {8, IPV6_MIN_MTU, IPV6_MIN_MTU}, {IPV6_MIN_MTU} }, 6366e91bba0SGirish Moodalbail 6376e91bba0SGirish Moodalbail { "ip6_forward_src_routed", MOD_PROTO_IP, 6386e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6396e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 6406e91bba0SGirish Moodalbail 6416e91bba0SGirish Moodalbail { "ip6_respond_to_echo_multicast", MOD_PROTO_IP, 6426e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6436e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6446e91bba0SGirish Moodalbail 6456e91bba0SGirish Moodalbail { "ip6_send_redirects", MOD_PROTO_IP, 6466e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6476e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6486e91bba0SGirish Moodalbail 6496e91bba0SGirish Moodalbail { "ip6_ignore_redirect", MOD_PROTO_IP, 6506e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6516e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 6526e91bba0SGirish Moodalbail 6536e91bba0SGirish Moodalbail /* 6546e91bba0SGirish Moodalbail * See comments for ip6_strict_src_multihoming for an explanation 6556e91bba0SGirish Moodalbail * of the semantics of ip6_strict_dst_multihoming 6566e91bba0SGirish Moodalbail */ 6576e91bba0SGirish Moodalbail { "ip6_strict_dst_multihoming", MOD_PROTO_IP, 6586e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6596e91bba0SGirish Moodalbail {0, 1, 0}, {0} }, 6606e91bba0SGirish Moodalbail 6616e91bba0SGirish Moodalbail { "ip_src_check", MOD_PROTO_IP, 6626e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6636e91bba0SGirish Moodalbail {0, 2, 2}, {2} }, 6646e91bba0SGirish Moodalbail 6656e91bba0SGirish Moodalbail { "ipsec_policy_log_interval", MOD_PROTO_IP, 6666e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6676e91bba0SGirish Moodalbail {0, 999999, 1000}, {1000} }, 6686e91bba0SGirish Moodalbail 6696e91bba0SGirish Moodalbail /* tunable - 40 */ 6706e91bba0SGirish Moodalbail { "pim_accept_clear_messages", MOD_PROTO_IP, 6716e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6726e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6736e91bba0SGirish Moodalbail 6746e91bba0SGirish Moodalbail { "ip_ndp_unsolicit_interval", MOD_PROTO_IP, 6756e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6766e91bba0SGirish Moodalbail {1000, 20000, 2000}, {2000} }, 6776e91bba0SGirish Moodalbail 6786e91bba0SGirish Moodalbail { "ip_ndp_unsolicit_count", MOD_PROTO_IP, 6796e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6806e91bba0SGirish Moodalbail {1, 20, 3}, {3} }, 6816e91bba0SGirish Moodalbail 6826e91bba0SGirish Moodalbail { "ip6_ignore_home_address_opt", MOD_PROTO_IP, 6836e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6846e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6856e91bba0SGirish Moodalbail 6866e91bba0SGirish Moodalbail { "ip_policy_mask", MOD_PROTO_IP, 6876e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6886e91bba0SGirish Moodalbail {0, 15, 0}, {0} }, 6896e91bba0SGirish Moodalbail 6906e91bba0SGirish Moodalbail { "ip_ecmp_behavior", MOD_PROTO_IP, 6916e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6926e91bba0SGirish Moodalbail {0, 2, 2}, {2} }, 6936e91bba0SGirish Moodalbail 6946e91bba0SGirish Moodalbail { "ip_multirt_ttl", MOD_PROTO_IP, 6956e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6966e91bba0SGirish Moodalbail {0, 255, 1}, {1} }, 6976e91bba0SGirish Moodalbail 6986e91bba0SGirish Moodalbail /* following tunable is in seconds - a deviant */ 6996e91bba0SGirish Moodalbail { "ip_ire_badcnt_lifetime", MOD_PROTO_IP, 7006e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7016e91bba0SGirish Moodalbail {0, 3600, 60}, {60} }, 7026e91bba0SGirish Moodalbail 7036e91bba0SGirish Moodalbail { "ip_max_temp_idle", MOD_PROTO_IP, 7046e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7056e91bba0SGirish Moodalbail {0, 999999, 60*60*24}, {60*60*24} }, 7066e91bba0SGirish Moodalbail 7076e91bba0SGirish Moodalbail { "ip_max_temp_defend", MOD_PROTO_IP, 7086e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7096e91bba0SGirish Moodalbail {0, 1000, 1}, {1} }, 7106e91bba0SGirish Moodalbail 7116e91bba0SGirish Moodalbail /* tunable - 50 */ 7126e91bba0SGirish Moodalbail /* 7136e91bba0SGirish Moodalbail * when a conflict of an active address is detected, 7146e91bba0SGirish Moodalbail * defend up to ip_max_defend times, within any 7156e91bba0SGirish Moodalbail * ip_defend_interval span. 7166e91bba0SGirish Moodalbail */ 7176e91bba0SGirish Moodalbail { "ip_max_defend", MOD_PROTO_IP, 7186e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7196e91bba0SGirish Moodalbail {0, 1000, 3}, {3} }, 7206e91bba0SGirish Moodalbail 7216e91bba0SGirish Moodalbail { "ip_defend_interval", MOD_PROTO_IP, 7226e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7236e91bba0SGirish Moodalbail {0, 999999, 30}, {30} }, 7246e91bba0SGirish Moodalbail 7256e91bba0SGirish Moodalbail { "ip_dup_recovery", MOD_PROTO_IP, 7266e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7276e91bba0SGirish Moodalbail {0, 3600000, 300000}, {300000} }, 7286e91bba0SGirish Moodalbail 7296e91bba0SGirish Moodalbail { "ip_restrict_interzone_loopback", MOD_PROTO_IP, 7306e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 7316e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 7326e91bba0SGirish Moodalbail 7336e91bba0SGirish Moodalbail { "ip_lso_outbound", MOD_PROTO_IP, 7346e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 7356e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 7366e91bba0SGirish Moodalbail 7376e91bba0SGirish Moodalbail { "igmp_max_version", MOD_PROTO_IP, 7386e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7396e91bba0SGirish Moodalbail {IGMP_V1_ROUTER, IGMP_V3_ROUTER, IGMP_V3_ROUTER}, 7406e91bba0SGirish Moodalbail {IGMP_V3_ROUTER} }, 7416e91bba0SGirish Moodalbail 7426e91bba0SGirish Moodalbail { "mld_max_version", MOD_PROTO_IP, 7436e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7446e91bba0SGirish Moodalbail {MLD_V1_ROUTER, MLD_V2_ROUTER, MLD_V2_ROUTER}, {MLD_V2_ROUTER} }, 7456e91bba0SGirish Moodalbail 7466e91bba0SGirish Moodalbail { "forwarding", MOD_PROTO_IPV4, 7476e91bba0SGirish Moodalbail ip_set_forwarding, ip_get_forwarding, 7486e91bba0SGirish Moodalbail {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} }, 7496e91bba0SGirish Moodalbail 7506e91bba0SGirish Moodalbail { "forwarding", MOD_PROTO_IPV6, 7516e91bba0SGirish Moodalbail ip_set_forwarding, ip_get_forwarding, 7526e91bba0SGirish Moodalbail {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} }, 7536e91bba0SGirish Moodalbail 7546e91bba0SGirish Moodalbail { "ip_reasm_timeout", MOD_PROTO_IP, 7556e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7566e91bba0SGirish Moodalbail {5, 255, IP_REASM_TIMEOUT}, 7576e91bba0SGirish Moodalbail {IP_REASM_TIMEOUT} }, 7586e91bba0SGirish Moodalbail 7596e91bba0SGirish Moodalbail /* tunable - 60 */ 7606e91bba0SGirish Moodalbail { "ip6_reasm_timeout", MOD_PROTO_IP, 7616e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7626e91bba0SGirish Moodalbail {5, 255, IPV6_REASM_TIMEOUT}, 7636e91bba0SGirish Moodalbail {IPV6_REASM_TIMEOUT} }, 7646e91bba0SGirish Moodalbail 7656e91bba0SGirish Moodalbail { "ip_cgtp_filter", MOD_PROTO_IP, 7666e91bba0SGirish Moodalbail ip_set_cgtp_filter, mod_get_boolean, 7676e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 7686e91bba0SGirish Moodalbail 7696e91bba0SGirish Moodalbail /* delay before sending first probe: */ 7706e91bba0SGirish Moodalbail { "arp_probe_delay", MOD_PROTO_IP, 7716e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7726e91bba0SGirish Moodalbail {0, 20000, 1000}, {1000} }, 7736e91bba0SGirish Moodalbail 7746e91bba0SGirish Moodalbail { "arp_fastprobe_delay", MOD_PROTO_IP, 7756e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7766e91bba0SGirish Moodalbail {0, 20000, 100}, {100} }, 7776e91bba0SGirish Moodalbail 7786e91bba0SGirish Moodalbail /* interval at which DAD probes are sent: */ 7796e91bba0SGirish Moodalbail { "arp_probe_interval", MOD_PROTO_IP, 7806e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7816e91bba0SGirish Moodalbail {10, 20000, 1500}, {1500} }, 7826e91bba0SGirish Moodalbail 7836e91bba0SGirish Moodalbail { "arp_fastprobe_interval", MOD_PROTO_IP, 7846e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7856e91bba0SGirish Moodalbail {10, 20000, 150}, {150} }, 7866e91bba0SGirish Moodalbail 7876e91bba0SGirish Moodalbail { "arp_probe_count", MOD_PROTO_IP, 7886e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7896e91bba0SGirish Moodalbail {0, 20, 3}, {3} }, 7906e91bba0SGirish Moodalbail 7916e91bba0SGirish Moodalbail { "arp_fastprobe_count", MOD_PROTO_IP, 7926e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7936e91bba0SGirish Moodalbail {0, 20, 3}, {3} }, 7946e91bba0SGirish Moodalbail 7956e91bba0SGirish Moodalbail { "ipv4_dad_announce_interval", MOD_PROTO_IP, 7966e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7976e91bba0SGirish Moodalbail {0, 3600000, 15000}, {15000} }, 7986e91bba0SGirish Moodalbail 7996e91bba0SGirish Moodalbail { "ipv6_dad_announce_interval", MOD_PROTO_IP, 8006e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8016e91bba0SGirish Moodalbail {0, 3600000, 15000}, {15000} }, 8026e91bba0SGirish Moodalbail 8036e91bba0SGirish Moodalbail /* tunable - 70 */ 8046e91bba0SGirish Moodalbail /* 8056e91bba0SGirish Moodalbail * Rate limiting parameters for DAD defense used in 8066e91bba0SGirish Moodalbail * ill_defend_rate_limit(): 8076e91bba0SGirish Moodalbail * defend_rate : pkts/hour permitted 8086e91bba0SGirish Moodalbail * defend_interval : time that can elapse before we send out a 8096e91bba0SGirish Moodalbail * DAD defense. 8106e91bba0SGirish Moodalbail * defend_period: denominator for defend_rate (in seconds). 8116e91bba0SGirish Moodalbail */ 8126e91bba0SGirish Moodalbail { "arp_defend_interval", MOD_PROTO_IP, 8136e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8146e91bba0SGirish Moodalbail {0, 3600000, 300000}, {300000} }, 8156e91bba0SGirish Moodalbail 8166e91bba0SGirish Moodalbail { "arp_defend_rate", MOD_PROTO_IP, 8176e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8186e91bba0SGirish Moodalbail {0, 20000, 100}, {100} }, 8196e91bba0SGirish Moodalbail 8206e91bba0SGirish Moodalbail { "ndp_defend_interval", MOD_PROTO_IP, 8216e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8226e91bba0SGirish Moodalbail {0, 3600000, 300000}, {300000} }, 8236e91bba0SGirish Moodalbail 8246e91bba0SGirish Moodalbail { "ndp_defend_rate", MOD_PROTO_IP, 8256e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8266e91bba0SGirish Moodalbail {0, 20000, 100}, {100} }, 8276e91bba0SGirish Moodalbail 8286e91bba0SGirish Moodalbail { "arp_defend_period", MOD_PROTO_IP, 8296e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8306e91bba0SGirish Moodalbail {5, 86400, 3600}, {3600} }, 8316e91bba0SGirish Moodalbail 8326e91bba0SGirish Moodalbail { "ndp_defend_period", MOD_PROTO_IP, 8336e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8346e91bba0SGirish Moodalbail {5, 86400, 3600}, {3600} }, 8356e91bba0SGirish Moodalbail 8366e91bba0SGirish Moodalbail { "ipv4_icmp_return_pmtu", MOD_PROTO_IP, 8376e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 8386e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 8396e91bba0SGirish Moodalbail 8406e91bba0SGirish Moodalbail { "ipv6_icmp_return_pmtu", MOD_PROTO_IP, 8416e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 8426e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 8436e91bba0SGirish Moodalbail 8446e91bba0SGirish Moodalbail /* 8456e91bba0SGirish Moodalbail * publish count/interval values used to announce local addresses 8466e91bba0SGirish Moodalbail * for IPv4, IPv6. 8476e91bba0SGirish Moodalbail */ 8486e91bba0SGirish Moodalbail { "ip_arp_publish_count", MOD_PROTO_IP, 8496e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8506e91bba0SGirish Moodalbail {1, 20, 5}, {5} }, 8516e91bba0SGirish Moodalbail 8526e91bba0SGirish Moodalbail { "ip_arp_publish_interval", MOD_PROTO_IP, 8536e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8546e91bba0SGirish Moodalbail {1000, 20000, 2000}, {2000} }, 8556e91bba0SGirish Moodalbail 8566e91bba0SGirish Moodalbail /* tunable - 80 */ 8576e91bba0SGirish Moodalbail /* 8586e91bba0SGirish Moodalbail * The ip*strict_src_multihoming and ip*strict_dst_multihoming provide 8596e91bba0SGirish Moodalbail * a range of choices for setting strong/weak/preferred end-system 8606e91bba0SGirish Moodalbail * behavior. The semantics for setting these are: 8616e91bba0SGirish Moodalbail * 8626e91bba0SGirish Moodalbail * ip*_strict_dst_multihoming = 0 8636e91bba0SGirish Moodalbail * weak end system model for managing ip destination addresses. 8646e91bba0SGirish Moodalbail * A packet with IP dst D1 that's received on interface I1 will be 8656e91bba0SGirish Moodalbail * accepted as long as D1 is one of the local addresses on 8666e91bba0SGirish Moodalbail * the machine, even if D1 is not configured on I1. 8676e91bba0SGirish Moodalbail * ip*strict_dst_multihioming = 1 8686e91bba0SGirish Moodalbail * strong end system model for managing ip destination addresses. 8696e91bba0SGirish Moodalbail * A packet with IP dst D1 that's received on interface I1 will be 8706e91bba0SGirish Moodalbail * accepted if, and only if, D1 is configured on I1. 8716e91bba0SGirish Moodalbail * 8726e91bba0SGirish Moodalbail * ip*strict_src_multihoming = 0 8736e91bba0SGirish Moodalbail * Source agnostic route selection for outgoing packets: the 8746e91bba0SGirish Moodalbail * outgoing interface for a packet will be computed using 8756e91bba0SGirish Moodalbail * default algorithms for route selection, where the route 8766e91bba0SGirish Moodalbail * with the longest matching prefix is chosen for the output 8776e91bba0SGirish Moodalbail * unless other route selection constraints are explicitly 8786e91bba0SGirish Moodalbail * specified during routing table lookup. This may result 8796e91bba0SGirish Moodalbail * in packet being sent out on interface I2 with source 8806e91bba0SGirish Moodalbail * address S1, even though S1 is not a configured address on I2. 8816e91bba0SGirish Moodalbail * ip*strict_src_multihoming = 1 8826e91bba0SGirish Moodalbail * Preferred source aware route selection for outgoing packets: for 8836e91bba0SGirish Moodalbail * a packet with source S2, destination D2, the route selection 8846e91bba0SGirish Moodalbail * algorithm will first attempt to find a route for the destination 8856e91bba0SGirish Moodalbail * that goes out through an interface where S2 is 8866e91bba0SGirish Moodalbail * configured. If such a route cannot be found, then the 8876e91bba0SGirish Moodalbail * best-matching route for D2 will be selected. 8886e91bba0SGirish Moodalbail * ip*strict_src_multihoming = 2 8896e91bba0SGirish Moodalbail * Source aware route selection for outgoing packets: a packet will 8906e91bba0SGirish Moodalbail * be sent out on an interface I2 only if the src address S2 of the 8916e91bba0SGirish Moodalbail * packet is a configured address on I2. In conjunction with 8926e91bba0SGirish Moodalbail * the setting 'ip_strict_dst_multihoming == 1', this will result in 8936e91bba0SGirish Moodalbail * the implementation of Strong ES as defined in Section 3.3.4.2 of 8946e91bba0SGirish Moodalbail * RFC 1122 8956e91bba0SGirish Moodalbail */ 8966e91bba0SGirish Moodalbail { "ip_strict_src_multihoming", MOD_PROTO_IP, 8976e91bba0SGirish Moodalbail ip_set_src_multihoming, mod_get_uint32, 8986e91bba0SGirish Moodalbail {0, 2, 0}, {0} }, 8996e91bba0SGirish Moodalbail 9006e91bba0SGirish Moodalbail { "ip6_strict_src_multihoming", MOD_PROTO_IP, 9016e91bba0SGirish Moodalbail ip_set_src_multihoming, mod_get_uint32, 9026e91bba0SGirish Moodalbail {0, 2, 0}, {0} }, 9036e91bba0SGirish Moodalbail 9046e91bba0SGirish Moodalbail #ifdef DEBUG 9056e91bba0SGirish Moodalbail { "ip6_drop_inbound_icmpv6", MOD_PROTO_IP, 9066e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 9076e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 9086e91bba0SGirish Moodalbail #else 9096e91bba0SGirish Moodalbail { "", 0, NULL, NULL, {0}, {0} }, 9106e91bba0SGirish Moodalbail #endif 9116e91bba0SGirish Moodalbail { "mtu", MOD_PROTO_IPV4, NULL, ip_get_mtu, {0}, {0} }, 9126e91bba0SGirish Moodalbail 9136e91bba0SGirish Moodalbail { "mtu", MOD_PROTO_IPV6, NULL, ip_get_mtu, {0}, {0} }, 9146e91bba0SGirish Moodalbail 9156e91bba0SGirish Moodalbail /* 9166e91bba0SGirish Moodalbail * The following entry is a placeholder for `ip_debug' global 9176e91bba0SGirish Moodalbail * variable. Within these callback functions, we will be 9186e91bba0SGirish Moodalbail * setting/getting the global variable 9196e91bba0SGirish Moodalbail */ 9206e91bba0SGirish Moodalbail { "ip_debug", MOD_PROTO_IP, 9216e91bba0SGirish Moodalbail ip_set_debug, ip_get_debug, 9226e91bba0SGirish Moodalbail {0, 20, 0}, {0} }, 9236e91bba0SGirish Moodalbail 924*f1e9465bSSowmini Varadhan { "hostmodel", MOD_PROTO_IPV4, ip_set_hostmodel, ip_get_hostmodel, 925*f1e9465bSSowmini Varadhan {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} }, 926*f1e9465bSSowmini Varadhan 927*f1e9465bSSowmini Varadhan { "hostmodel", MOD_PROTO_IPV6, ip_set_hostmodel, ip_get_hostmodel, 928*f1e9465bSSowmini Varadhan {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} }, 929*f1e9465bSSowmini Varadhan 9306e91bba0SGirish Moodalbail { "?", MOD_PROTO_IP, NULL, mod_get_allprop, {0}, {0} }, 9316e91bba0SGirish Moodalbail 9326e91bba0SGirish Moodalbail { NULL, 0, NULL, NULL, {0}, {0} } 9336e91bba0SGirish Moodalbail }; 9346e91bba0SGirish Moodalbail 9356e91bba0SGirish Moodalbail int ip_propinfo_count = A_CNT(ip_propinfo_tbl); 936