1 /* 2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 /* 6 * Copyright (c) 1983 Regents of the University of California. 7 * All rights reserved. The Berkeley software License Agreement 8 * specifies the terms and conditions for redistribution. 9 */ 10 11 #include "defs.h" 12 #include "strings.h" 13 #include "ifconfig.h" 14 #include <compat.h> 15 #include <libdlpi.h> 16 #include <libdllink.h> 17 #include <libdliptun.h> 18 #include <libdllink.h> 19 #include <inet/ip.h> 20 #include <inet/ipsec_impl.h> 21 22 #define LOOPBACK_IF "lo0" 23 #define NONE_STR "none" 24 #define ARP_MOD_NAME "arp" 25 #define IPMPSTUB (void *)-1 26 27 typedef struct if_flags { 28 uint64_t iff_value; 29 char *iff_name; 30 } if_flags_t; 31 32 static if_flags_t if_flags_tbl[] = { 33 { IFF_UP, "UP" }, 34 { IFF_BROADCAST, "BROADCAST" }, 35 { IFF_DEBUG, "DEBUG" }, 36 { IFF_LOOPBACK, "LOOPBACK" }, 37 { IFF_POINTOPOINT, "POINTOPOINT" }, 38 { IFF_NOTRAILERS, "NOTRAILERS" }, 39 { IFF_RUNNING, "RUNNING" }, 40 { IFF_NOARP, "NOARP" }, 41 { IFF_PROMISC, "PROMISC" }, 42 { IFF_ALLMULTI, "ALLMULTI" }, 43 { IFF_INTELLIGENT, "INTELLIGENT" }, 44 { IFF_MULTICAST, "MULTICAST" }, 45 { IFF_MULTI_BCAST, "MULTI_BCAST" }, 46 { IFF_UNNUMBERED, "UNNUMBERED" }, 47 { IFF_DHCPRUNNING, "DHCP" }, 48 { IFF_PRIVATE, "PRIVATE" }, 49 { IFF_NOXMIT, "NOXMIT" }, 50 { IFF_NOLOCAL, "NOLOCAL" }, 51 { IFF_DEPRECATED, "DEPRECATED" }, 52 { IFF_ADDRCONF, "ADDRCONF" }, 53 { IFF_ROUTER, "ROUTER" }, 54 { IFF_NONUD, "NONUD" }, 55 { IFF_ANYCAST, "ANYCAST" }, 56 { IFF_NORTEXCH, "NORTEXCH" }, 57 { IFF_IPV4, "IPv4" }, 58 { IFF_IPV6, "IPv6" }, 59 { IFF_NOFAILOVER, "NOFAILOVER" }, 60 { IFF_FAILED, "FAILED" }, 61 { IFF_STANDBY, "STANDBY" }, 62 { IFF_INACTIVE, "INACTIVE" }, 63 { IFF_OFFLINE, "OFFLINE" }, 64 { IFF_XRESOLV, "XRESOLV" }, 65 { IFF_COS_ENABLED, "CoS" }, 66 { IFF_PREFERRED, "PREFERRED" }, 67 { IFF_TEMPORARY, "TEMPORARY" }, 68 { IFF_FIXEDMTU, "FIXEDMTU" }, 69 { IFF_VIRTUAL, "VIRTUAL" }, 70 { IFF_DUPLICATE, "DUPLICATE" }, 71 { IFF_IPMP, "IPMP"} 72 }; 73 74 typedef struct { 75 const char *ia_app; 76 uint64_t ia_flag; 77 uint_t ia_tries; 78 } if_appflags_t; 79 80 static const if_appflags_t if_appflags_tbl[] = { 81 { "dhcpagent(1M)", IFF_DHCPRUNNING, 1 }, 82 { "in.ndpd(1M)", IFF_ADDRCONF, 3 }, 83 { NULL, 0, 0 } 84 }; 85 86 static dladm_handle_t dlh; 87 boolean_t dlh_opened; 88 static struct lifreq lifr; 89 /* current interface name a particular function is accessing */ 90 static char name[LIFNAMSIZ]; 91 /* foreach interface saved name */ 92 static char origname[LIFNAMSIZ]; 93 static int setaddr; 94 static boolean_t ipsec_policy_set; 95 static boolean_t ipsec_auth_covered; 96 97 /* 98 * Make sure the algorithm variables hold more than the sizeof an algorithm 99 * in PF_KEY. (For now, more than a uint8_t.) The NO_***_?ALG indicates that 100 * there was no algorithm requested, and in the ipsec_req that service should 101 * be disabled. (E.g. if ah_aalg remains NO_AH_AALG, then AH will be 102 * disabled on that tunnel.) 103 */ 104 #define NO_AH_AALG 256 105 #define NO_ESP_AALG 256 106 #define NO_ESP_EALG 256 107 108 int s, s4, s6; 109 int af = AF_INET; /* default address family */ 110 int debug = 0; 111 int all = 0; /* setifdhcp() needs to know this */ 112 int verbose = 0; 113 int v4compat = 0; /* Compatible printing format */ 114 115 /* 116 * Function prototypes for command functions. 117 */ 118 static int addif(char *arg, int64_t param); 119 static int inetipmp(char *arg, int64_t param); 120 static int inetplumb(char *arg, int64_t param); 121 static int inetunplumb(char *arg, int64_t param); 122 static int removeif(char *arg, int64_t param); 123 static int setdebugflag(char *arg, int64_t param); 124 static int setifaddr(char *arg, int64_t param); 125 static int setifbroadaddr(char *arg, int64_t param); 126 static int setifdstaddr(char *arg, int64_t param); 127 static int setifether(char *arg, int64_t param); 128 static int setifflags(char *arg, int64_t param); 129 static int setifindex(char *arg, int64_t param); 130 static int setifmetric(char *arg, int64_t param); 131 static int setifmtu(char *arg, int64_t param); 132 static int setifnetmask(char *arg, int64_t param); 133 static int setifprefixlen(char *arg, int64_t param); 134 static int setifrevarp(char *arg, int64_t param); 135 static int setifsubnet(char *arg, int64_t param); 136 static int setiftdst(char *arg, int64_t param); 137 static int setiftoken(char *arg, int64_t param); 138 static int setiftsrc(char *arg, int64_t param); 139 static int setverboseflag(char *arg, int64_t param); 140 static int set_tun_ah_alg(char *arg, int64_t param); 141 static int set_tun_esp_auth_alg(char *arg, int64_t param); 142 static int set_tun_esp_encr_alg(char *arg, int64_t param); 143 static int modlist(char *arg, int64_t param); 144 static int modinsert(char *arg, int64_t param); 145 static int modremove(char *arg, int64_t param); 146 static int setifgroupname(char *arg, int64_t param); 147 static int configinfo(char *arg, int64_t param); 148 static void print_config_flags(int af, uint64_t flags); 149 static void print_flags(uint64_t flags); 150 static void print_ifether(char *ifname); 151 static int set_tun_encap_limit(char *arg, int64_t param); 152 static int clr_tun_encap_limit(char *arg, int64_t param); 153 static int set_tun_hop_limit(char *arg, int64_t param); 154 static int setzone(char *arg, int64_t param); 155 static int setallzones(char *arg, int64_t param); 156 static int setifsrc(char *arg, int64_t param); 157 static int lifnum(const char *ifname); 158 159 /* 160 * Address family specific function prototypes. 161 */ 162 static void in_getaddr(char *s, struct sockaddr *saddr, int *plenp); 163 static void in_status(int force, uint64_t flags); 164 static void in_configinfo(int force, uint64_t flags); 165 static void in6_getaddr(char *s, struct sockaddr *saddr, int *plenp); 166 static void in6_status(int force, uint64_t flags); 167 static void in6_configinfo(int force, uint64_t flags); 168 169 /* 170 * Misc support functions 171 */ 172 static boolean_t ni_entry(const char *, void *); 173 static void foreachinterface(void (*func)(), int argc, char *argv[], 174 int af, int64_t onflags, int64_t offflags, 175 int64_t lifc_flags); 176 static void ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp); 177 static boolean_t in_getmask(struct sockaddr_in *saddr, 178 boolean_t addr_set); 179 static int in_getprefixlen(char *addr, boolean_t slash, int plen); 180 static boolean_t in_prefixlentomask(int prefixlen, int maxlen, 181 uchar_t *mask); 182 static void status(void); 183 static void ifstatus(const char *); 184 static void tun_status(datalink_id_t); 185 static void usage(void); 186 static int strioctl(int s, int cmd, void *buf, int buflen); 187 static int setifdhcp(const char *caller, const char *ifname, 188 int argc, char *argv[]); 189 static int ip_domux2fd(int *, int *, int *, int *, int *); 190 static int ip_plink(int, int, int, int, int); 191 static int modop(char *arg, char op); 192 static int find_all_interfaces(struct lifconf *lifcp, char **buf, 193 int64_t lifc_flags); 194 static int create_ipmp(const char *grname, int af, const char *ifname, 195 boolean_t implicit); 196 static int create_ipmp_peer(int af, const char *ifname); 197 static void start_ipmp_daemon(void); 198 static boolean_t ifaddr_up(ifaddrlistx_t *ifaddrp); 199 static boolean_t ifaddr_down(ifaddrlistx_t *ifaddrp); 200 static dladm_status_t ifconfig_dladm_open(const char *, datalink_class_t, 201 datalink_id_t *); 202 static void dladmerr_exit(dladm_status_t status, const char *str); 203 204 #define max(a, b) ((a) < (b) ? (b) : (a)) 205 206 /* 207 * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there 208 * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep 209 * on going rather than exit with an error. 210 */ 211 212 #define DHCP_EXIT_IF_FAILURE -1 213 214 #define NEXTARG 0xffffff /* command takes an argument */ 215 #define OPTARG 0xfffffe /* command takes an optional argument */ 216 #define AF_ANY (-1) 217 218 /* Refer to the comments in ifconfig() on the netmask "hack" */ 219 #define NETMASK_CMD "netmask" 220 struct sockaddr_storage g_netmask; 221 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET } 222 g_netmask_set = G_NETMASK_NIL; 223 224 struct cmd { 225 char *c_name; 226 int64_t c_parameter; /* NEXTARG means next argv */ 227 int (*c_func)(char *, int64_t); 228 int c_abortonfail; /* don't continue parsing args */ 229 /* for the current interface */ 230 int c_af; /* address family restrictions */ 231 } cmds[] = { 232 { "up", IFF_UP, setifflags, 0, AF_ANY }, 233 { "down", -IFF_UP, setifflags, 0, AF_ANY }, 234 { "trailers", -IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 235 { "-trailers", IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 236 { "arp", -IFF_NOARP, setifflags, 0, AF_INET }, 237 { "-arp", IFF_NOARP, setifflags, 0, AF_INET }, 238 { "router", IFF_ROUTER, setifflags, 0, AF_ANY }, 239 { "-router", -IFF_ROUTER, setifflags, 0, AF_ANY }, 240 { "private", IFF_PRIVATE, setifflags, 0, AF_ANY }, 241 { "-private", -IFF_PRIVATE, setifflags, 0, AF_ANY }, 242 { "xmit", -IFF_NOXMIT, setifflags, 0, AF_ANY }, 243 { "-xmit", IFF_NOXMIT, setifflags, 0, AF_ANY }, 244 { "-nud", IFF_NONUD, setifflags, 0, AF_INET6 }, 245 { "nud", -IFF_NONUD, setifflags, 0, AF_INET6 }, 246 { "anycast", IFF_ANYCAST, setifflags, 0, AF_ANY }, 247 { "-anycast", -IFF_ANYCAST, setifflags, 0, AF_ANY }, 248 { "local", -IFF_NOLOCAL, setifflags, 0, AF_ANY }, 249 { "-local", IFF_NOLOCAL, setifflags, 0, AF_ANY }, 250 { "deprecated", IFF_DEPRECATED, setifflags, 0, AF_ANY }, 251 { "-deprecated", -IFF_DEPRECATED, setifflags, 0, AF_ANY }, 252 { "preferred", IFF_PREFERRED, setifflags, 0, AF_INET6 }, 253 { "-preferred", -IFF_PREFERRED, setifflags, 0, AF_INET6 }, 254 { "debug", 0, setdebugflag, 0, AF_ANY }, 255 { "verbose", 0, setverboseflag, 0, AF_ANY }, 256 { NETMASK_CMD, NEXTARG, setifnetmask, 0, AF_INET }, 257 { "metric", NEXTARG, setifmetric, 0, AF_ANY }, 258 { "mtu", NEXTARG, setifmtu, 0, AF_ANY }, 259 { "index", NEXTARG, setifindex, 0, AF_ANY }, 260 { "broadcast", NEXTARG, setifbroadaddr, 0, AF_INET }, 261 { "auto-revarp", 0, setifrevarp, 1, AF_INET }, 262 { "ipmp", 0, inetipmp, 1, AF_ANY }, 263 { "plumb", 0, inetplumb, 1, AF_ANY }, 264 { "unplumb", 0, inetunplumb, 0, AF_ANY }, 265 { "subnet", NEXTARG, setifsubnet, 0, AF_ANY }, 266 { "token", NEXTARG, setiftoken, 0, AF_INET6 }, 267 { "tsrc", NEXTARG, setiftsrc, 0, AF_ANY }, 268 { "tdst", NEXTARG, setiftdst, 0, AF_ANY }, 269 { "encr_auth_algs", NEXTARG, set_tun_esp_auth_alg, 0, AF_ANY }, 270 { "encr_algs", NEXTARG, set_tun_esp_encr_alg, 0, AF_ANY }, 271 { "auth_algs", NEXTARG, set_tun_ah_alg, 0, AF_ANY }, 272 { "addif", NEXTARG, addif, 1, AF_ANY }, 273 { "removeif", NEXTARG, removeif, 1, AF_ANY }, 274 { "modlist", 0, modlist, 1, AF_ANY }, 275 { "modinsert", NEXTARG, modinsert, 1, AF_ANY }, 276 { "modremove", NEXTARG, modremove, 1, AF_ANY }, 277 { "failover", -IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 278 { "-failover", IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 279 { "standby", IFF_STANDBY, setifflags, 1, AF_ANY }, 280 { "-standby", -IFF_STANDBY, setifflags, 1, AF_ANY }, 281 { "failed", IFF_FAILED, setifflags, 1, AF_ANY }, 282 { "-failed", -IFF_FAILED, setifflags, 1, AF_ANY }, 283 { "group", NEXTARG, setifgroupname, 1, AF_ANY }, 284 { "configinfo", 0, configinfo, 1, AF_ANY }, 285 { "encaplimit", NEXTARG, set_tun_encap_limit, 0, AF_ANY }, 286 { "-encaplimit", 0, clr_tun_encap_limit, 0, AF_ANY }, 287 { "thoplimit", NEXTARG, set_tun_hop_limit, 0, AF_ANY }, 288 { "set", NEXTARG, setifaddr, 0, AF_ANY }, 289 { "destination", NEXTARG, setifdstaddr, 0, AF_ANY }, 290 { "zone", NEXTARG, setzone, 0, AF_ANY }, 291 { "-zone", 0, setzone, 0, AF_ANY }, 292 { "all-zones", 0, setallzones, 0, AF_ANY }, 293 { "ether", OPTARG, setifether, 0, AF_ANY }, 294 { "usesrc", NEXTARG, setifsrc, 0, AF_ANY }, 295 296 /* 297 * NOTE: any additions to this table must also be applied to ifparse 298 * (usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c) 299 */ 300 301 { 0, 0, setifaddr, 0, AF_ANY }, 302 { 0, 0, setifdstaddr, 0, AF_ANY }, 303 { 0, 0, 0, 0, 0 }, 304 }; 305 306 307 typedef struct if_config_cmd { 308 uint64_t iff_flag; 309 int iff_af; 310 char *iff_name; 311 } if_config_cmd_t; 312 313 /* 314 * NOTE: print_config_flags() processes this table in order, so we put "up" 315 * last so that we can be sure "-failover" will take effect first. Otherwise, 316 * IPMP test addresses will erroneously migrate to the IPMP interface. 317 */ 318 static if_config_cmd_t if_config_cmd_tbl[] = { 319 { IFF_NOTRAILERS, AF_UNSPEC, "-trailers" }, 320 { IFF_PRIVATE, AF_UNSPEC, "private" }, 321 { IFF_NOXMIT, AF_UNSPEC, "-xmit" }, 322 { IFF_ANYCAST, AF_INET6, "anycast" }, 323 { IFF_NOLOCAL, AF_UNSPEC, "-local" }, 324 { IFF_DEPRECATED, AF_UNSPEC, "deprecated" }, 325 { IFF_NOFAILOVER, AF_UNSPEC, "-failover" }, 326 { IFF_STANDBY, AF_UNSPEC, "standby" }, 327 { IFF_FAILED, AF_UNSPEC, "failed" }, 328 { IFF_PREFERRED, AF_UNSPEC, "preferred" }, 329 { IFF_NONUD, AF_INET6, "-nud" }, 330 { IFF_NOARP, AF_INET, "-arp" }, 331 { IFF_UP, AF_UNSPEC, "up" }, 332 { 0, 0, NULL }, 333 }; 334 335 typedef struct ni { 336 char ni_name[LIFNAMSIZ]; 337 struct ni *ni_next; 338 } ni_t; 339 340 static ni_t *ni_list = NULL; 341 static int num_ni = 0; 342 343 /* End defines and structure definitions for ifconfig -a plumb */ 344 345 /* Known address families */ 346 struct afswtch { 347 char *af_name; 348 short af_af; 349 void (*af_status)(); 350 void (*af_getaddr)(); 351 void (*af_configinfo)(); 352 } afs[] = { 353 { "inet", AF_INET, in_status, in_getaddr, in_configinfo }, 354 { "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo }, 355 { 0, 0, 0, 0, 0 } 356 }; 357 358 #define SOCKET_AF(af) (((af) == AF_UNSPEC) ? AF_INET : (af)) 359 360 struct afswtch *afp; /* the address family being set or asked about */ 361 362 int 363 main(int argc, char *argv[]) 364 { 365 int64_t lifc_flags; 366 char *default_ip_str; 367 368 lifc_flags = LIFC_NOXMIT|LIFC_TEMPORARY|LIFC_ALLZONES|LIFC_UNDER_IPMP; 369 370 if (argc < 2) { 371 usage(); 372 exit(1); 373 } 374 argc--, argv++; 375 if (strlen(*argv) > sizeof (name) - 1) { 376 (void) fprintf(stderr, "%s: interface name too long\n", *argv); 377 exit(1); 378 } 379 (void) strncpy(name, *argv, sizeof (name)); 380 name[sizeof (name) - 1] = '\0'; 381 (void) strncpy(origname, name, sizeof (origname)); /* For addif */ 382 default_ip_str = NULL; 383 v4compat = get_compat_flag(&default_ip_str); 384 if (v4compat == DEFAULT_PROT_BAD_VALUE) { 385 (void) fprintf(stderr, 386 "ifconfig: %s: Bad value for %s in %s\n", default_ip_str, 387 DEFAULT_IP, INET_DEFAULT_FILE); 388 free(default_ip_str); 389 exit(2); 390 } 391 free(default_ip_str); 392 argc--, argv++; 393 if (argc > 0) { 394 struct afswtch *myafp; 395 396 for (myafp = afp = afs; myafp->af_name; myafp++) { 397 if (strcmp(myafp->af_name, *argv) == 0) { 398 afp = myafp; argc--; argv++; 399 break; 400 } 401 } 402 af = lifr.lifr_addr.ss_family = afp->af_af; 403 if (af == AF_INET6) { 404 v4compat = 0; 405 } 406 } 407 408 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 409 s4 = socket(AF_INET, SOCK_DGRAM, 0); 410 s6 = socket(AF_INET6, SOCK_DGRAM, 0); 411 if (s == -1 || s4 == -1 || s6 == -1) 412 Perror0_exit("socket"); 413 414 /* 415 * Special interface names is any combination of these flags. 416 * Note that due to the ifconfig syntax they have to be combined 417 * as a single '-' option. 418 * -a All interfaces 419 * -u "up" interfaces 420 * -d "down" interfaces 421 * -D Interfaces not controlled by DHCP 422 * -4 IPv4 interfaces 423 * -6 IPv6 interfaces 424 * -X Turn on debug (not documented) 425 * -v Turn on verbose 426 * -Z Only interfaces in caller's zone 427 */ 428 429 if (name[0] == '-') { 430 /* One or more options */ 431 int64_t onflags = 0; 432 int64_t offflags = 0; 433 int c; 434 char *av[2] = { "ifconfig", name }; 435 436 while ((c = getopt(2, av, "audDXZ46v")) != -1) { 437 switch ((char)c) { 438 case 'a': 439 all = 1; 440 break; 441 case 'u': 442 onflags |= IFF_UP; 443 break; 444 case 'd': 445 offflags |= IFF_UP; 446 break; 447 case 'D': 448 offflags |= IFF_DHCPRUNNING; 449 break; 450 case 'X': 451 debug += 3; 452 break; 453 case 'Z': 454 lifc_flags &= ~LIFC_ALLZONES; 455 break; 456 case '4': 457 /* 458 * -4 is not a compatable flag, therefore 459 * we assume they want v4compat turned off 460 */ 461 v4compat = 0; 462 onflags |= IFF_IPV4; 463 break; 464 case '6': 465 /* 466 * If they want IPv6, well then we'll assume 467 * they don't want IPv4 compat 468 */ 469 v4compat = 0; 470 onflags |= IFF_IPV6; 471 break; 472 case 'v': 473 verbose = 1; 474 break; 475 case '?': 476 usage(); 477 exit(1); 478 } 479 } 480 if (!all) { 481 (void) fprintf(stderr, 482 "ifconfig: %s: no such interface\n", name); 483 exit(1); 484 } 485 foreachinterface(ifconfig, argc, argv, af, onflags, offflags, 486 lifc_flags); 487 } else { 488 ifconfig(argc, argv, af, (struct lifreq *)NULL); 489 } 490 return (0); 491 } 492 493 /* 494 * For each interface, call (*func)(argc, argv, af, lifrp). 495 * Only call function if onflags and offflags are set or clear, respectively, 496 * in the interfaces flags field. 497 */ 498 static void 499 foreachinterface(void (*func)(), int argc, char *argv[], int af, 500 int64_t onflags, int64_t offflags, int64_t lifc_flags) 501 { 502 int n; 503 char *buf; 504 struct lifnum lifn; 505 struct lifconf lifc; 506 struct lifreq *lifrp; 507 struct lifreq lifrl; /* Local lifreq struct */ 508 int numifs; 509 unsigned bufsize; 510 int plumball = 0; 511 int save_af = af; 512 513 buf = NULL; 514 /* 515 * Special case: 516 * ifconfig -a plumb should find all network interfaces in the current 517 * zone. 518 */ 519 if (argc > 0 && (strcmp(*argv, "plumb") == 0)) { 520 if (find_all_interfaces(&lifc, &buf, lifc_flags) != 0 || 521 lifc.lifc_len == 0) 522 return; 523 plumball = 1; 524 } else { 525 lifn.lifn_family = AF_UNSPEC; 526 lifn.lifn_flags = lifc_flags; 527 if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) { 528 Perror0_exit("Could not determine number" 529 " of interfaces"); 530 } 531 numifs = lifn.lifn_count; 532 if (debug) 533 (void) printf("ifconfig: %d interfaces\n", numifs); 534 535 bufsize = numifs * sizeof (struct lifreq); 536 if ((buf = malloc(bufsize)) == NULL) { 537 Perror0("out of memory\n"); 538 (void) close(s); 539 return; 540 } 541 542 lifc.lifc_family = AF_UNSPEC; 543 lifc.lifc_flags = lifc_flags; 544 lifc.lifc_len = bufsize; 545 lifc.lifc_buf = buf; 546 547 if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) { 548 Perror0("SIOCGLIFCONF"); 549 (void) close(s); 550 free(buf); 551 return; 552 } 553 } 554 555 lifrp = lifc.lifc_req; 556 for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) { 557 558 if (!plumball) { 559 /* 560 * We must close and recreate the socket each time 561 * since we don't know what type of socket it is now 562 * (each status function may change it). 563 */ 564 565 (void) close(s); 566 567 af = lifrp->lifr_addr.ss_family; 568 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 569 if (s == -1) { 570 /* 571 * Perror0() assumes the name to be in the 572 * globally defined lifreq structure. 573 */ 574 (void) strncpy(lifr.lifr_name, 575 lifrp->lifr_name, sizeof (lifr.lifr_name)); 576 Perror0_exit("socket"); 577 } 578 } 579 580 /* 581 * Only service interfaces that match the on and off 582 * flags masks. 583 */ 584 if (onflags || offflags) { 585 (void) memset(&lifrl, 0, sizeof (lifrl)); 586 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name, 587 sizeof (lifrl.lifr_name)); 588 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrl) < 0) { 589 /* 590 * Perror0() assumes the name to be in the 591 * globally defined lifreq structure. 592 */ 593 (void) strncpy(lifr.lifr_name, 594 lifrp->lifr_name, sizeof (lifr.lifr_name)); 595 Perror0_exit("foreachinterface: SIOCGLIFFLAGS"); 596 } 597 if ((lifrl.lifr_flags & onflags) != onflags) 598 continue; 599 if ((~lifrl.lifr_flags & offflags) != offflags) 600 continue; 601 } 602 603 if (!plumball) { 604 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name, 605 sizeof (lifrl.lifr_name)); 606 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifrl) < 0) { 607 /* 608 * Perror0() assumes the name to be in the 609 * globally defined lifreq structure. 610 */ 611 (void) strncpy(lifr.lifr_name, 612 lifrp->lifr_name, sizeof (lifr.lifr_name)); 613 Perror0("foreachinterface: SIOCGLIFADDR"); 614 continue; 615 } 616 if (lifrl.lifr_addr.ss_family != af) { 617 /* Switch address family */ 618 af = lifrl.lifr_addr.ss_family; 619 (void) close(s); 620 621 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 622 if (s == -1) { 623 /* 624 * Perror0() assumes the name to be in 625 * the globally defined lifreq 626 * structure. 627 */ 628 (void) strncpy(lifr.lifr_name, 629 lifrp->lifr_name, 630 sizeof (lifr.lifr_name)); 631 Perror0_exit("socket"); 632 } 633 } 634 } 635 636 /* 637 * Reset global state 638 * setaddr: Used by parser to tear apart source and dest 639 * name and origname contain the name of the 'current' 640 * interface. 641 */ 642 setaddr = 0; 643 (void) strncpy(name, lifrp->lifr_name, sizeof (name)); 644 (void) strncpy(origname, name, sizeof (origname)); 645 646 (*func)(argc, argv, save_af, lifrp); 647 /* the func could have overwritten origname, so restore */ 648 (void) strncpy(name, origname, sizeof (name)); 649 } 650 if (buf != NULL) 651 free(buf); 652 } 653 654 /* 655 * for the specified interface call (*func)(argc, argv, af, lifrp). 656 */ 657 658 static void 659 ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp) 660 { 661 static boolean_t scan_netmask = _B_FALSE; 662 int ret; 663 664 if (argc == 0) { 665 status(); 666 return; 667 } 668 669 if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) { 670 /* 671 * Some errors are ignored in the case where more than one 672 * interface is being operated on. 673 */ 674 ret = setifdhcp("ifconfig", name, argc, argv); 675 if (ret == DHCP_EXIT_IF_FAILURE) { 676 if (!all) 677 exit(DHCP_EXIT_FAILURE); 678 } else if (ret != DHCP_EXIT_SUCCESS) { 679 exit(ret); 680 } 681 return; 682 } 683 684 /* 685 * The following is a "hack" to get around the existing interface 686 * setting mechanism. Currently, each interface attribute, 687 * such as address, netmask, broadcast, ... is set separately. But 688 * sometimes two or more attributes must be set together. For 689 * example, setting an address without a netmask does not make sense. 690 * Yet they can be set separately for IPv4 address using the current 691 * ifconfig(1M) syntax. The kernel then "infers" the correct netmask 692 * using the deprecated "IP address classes." This is simply not 693 * correct. 694 * 695 * The "hack" below is to go thru the whole command list looking for 696 * the netmask command first. Then use this netmask to set the 697 * address. This does not provide an extensible way to accommodate 698 * future need for setting more than one attributes together. 699 * 700 * Note that if the "netmask" command argument is a "+", we need 701 * to save this info and do the query after we know the address to 702 * be set. The reason is that if "addif" is used, the working 703 * interface name will be changed later when the logical interface 704 * is created. In in_getmask(), if an address is not provided, 705 * it will use the working interface's address to do the query. 706 * It will be wrong now as we don't know the logical interface's name. 707 * 708 * ifconfig(1M) is too overloaded and the code is so convoluted 709 * that it is "safer" not to re-architect the code to fix the above 710 * issue, hence this "hack." We may be better off to have a new 711 * command with better syntax for configuring network interface 712 * parameters... 713 */ 714 if (!scan_netmask && afp->af_af == AF_INET) { 715 int largc; 716 char **largv; 717 718 /* Only go thru the command list once to find the netmask. */ 719 scan_netmask = _B_TRUE; 720 721 /* 722 * Currently, if multiple netmask commands are specified, the 723 * last one will be used as the final netmask. So we need 724 * to scan the whole list to preserve this behavior. 725 */ 726 for (largc = argc, largv = argv; largc > 0; largc--, largv++) { 727 if (strcmp(*largv, NETMASK_CMD) == 0) { 728 if (--largc == 0) 729 break; 730 largv++; 731 if (strcmp(*largv, "+") == 0) { 732 g_netmask_set = G_NETMASK_PENDING; 733 } else { 734 in_getaddr(*largv, (struct sockaddr *) 735 &g_netmask, NULL); 736 g_netmask_set = G_NETMASK_SET; 737 } 738 /* Continue the scan. */ 739 } 740 } 741 } 742 743 while (argc > 0) { 744 struct cmd *p; 745 boolean_t found_cmd; 746 747 if (debug) 748 (void) printf("ifconfig: argv %s\n", *argv); 749 750 found_cmd = _B_FALSE; 751 for (p = cmds; p->c_func; p++) { 752 if (p->c_name) { 753 if (strcmp(*argv, p->c_name) == 0) { 754 /* 755 * indicate that the command was 756 * found and check to see if 757 * the address family is valid 758 */ 759 found_cmd = _B_TRUE; 760 if (p->c_af == AF_ANY || 761 af == p->c_af) 762 break; 763 } 764 } else { 765 if (p->c_af == AF_ANY || 766 af == p->c_af) 767 break; 768 } 769 } 770 /* 771 * If we found the keyword, but the address family 772 * did not match spit out an error 773 */ 774 if (found_cmd && p->c_name == 0) { 775 (void) fprintf(stderr, "ifconfig: Operation %s not" 776 " supported for %s\n", *argv, afp->af_name); 777 exit(1); 778 } 779 /* 780 * else (no keyword found), we assume it's an address 781 * of some sort 782 */ 783 if (p->c_name == 0 && setaddr) 784 p++; /* got src, do dst */ 785 if (p->c_func) { 786 if (p->c_af == AF_INET6) { 787 v4compat = 0; 788 } 789 if (p->c_parameter == NEXTARG || 790 p->c_parameter == OPTARG) { 791 argc--, argv++; 792 if (argc == 0 && p->c_parameter == NEXTARG) { 793 (void) fprintf(stderr, 794 "ifconfig: no argument for %s\n", 795 p->c_name); 796 exit(1); 797 } 798 } 799 /* 800 * Call the function if: 801 * 802 * there's no address family 803 * restriction 804 * OR 805 * we don't know the address yet 806 * (because we were called from 807 * main) 808 * OR 809 * there is a restriction AND 810 * the address families match 811 */ 812 if ((p->c_af == AF_ANY) || 813 (lifrp == (struct lifreq *)NULL) || 814 (lifrp->lifr_addr.ss_family == p->c_af)) { 815 ret = (*p->c_func)(*argv, p->c_parameter); 816 /* 817 * If c_func failed and we should 818 * abort processing for this 819 * interface on failure, return 820 * now rather than going on to 821 * process other commands for 822 * the same interface. 823 */ 824 if (ret != 0 && p->c_abortonfail) 825 return; 826 } 827 } 828 argc--, argv++; 829 } 830 831 /* Check to see if there's a security hole in the tunnel setup. */ 832 if (ipsec_policy_set && !ipsec_auth_covered) { 833 (void) fprintf(stderr, "ifconfig: WARNING: tunnel with only " 834 "ESP and no authentication.\n"); 835 } 836 } 837 838 /* ARGSUSED */ 839 static int 840 setdebugflag(char *val, int64_t arg) 841 { 842 debug++; 843 return (0); 844 } 845 846 /* ARGSUSED */ 847 static int 848 setverboseflag(char *val, int64_t arg) 849 { 850 verbose++; 851 return (0); 852 } 853 854 /* 855 * This function fills in the given lifreq's lifr_addr field based on 856 * g_netmask_set. 857 */ 858 static void 859 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr, 860 struct sockaddr_storage *mask) 861 { 862 assert(addr != NULL); 863 assert(mask != NULL); 864 865 switch (g_netmask_set) { 866 case G_NETMASK_SET: 867 lifr->lifr_addr = g_netmask; 868 break; 869 870 case G_NETMASK_PENDING: 871 /* 872 * "+" is used as the argument to "netmask" command. Query 873 * the database on the correct netmask based on the address to 874 * be set. 875 */ 876 assert(afp->af_af == AF_INET); 877 g_netmask = *addr; 878 if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) { 879 lifr->lifr_addr = *mask; 880 g_netmask_set = G_NETMASK_NIL; 881 } else { 882 lifr->lifr_addr = g_netmask; 883 g_netmask_set = G_NETMASK_SET; 884 } 885 break; 886 887 case G_NETMASK_NIL: 888 default: 889 lifr->lifr_addr = *mask; 890 break; 891 } 892 } 893 894 /* 895 * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n> 896 * syntax for setting the address, the address plus netmask, and just 897 * the netmask respectively. 898 */ 899 /* ARGSUSED */ 900 static int 901 setifaddr(char *addr, int64_t param) 902 { 903 int prefixlen = 0; 904 struct sockaddr_storage laddr; 905 struct sockaddr_storage netmask; 906 struct sockaddr_in6 *sin6; 907 struct sockaddr_in *sin; 908 struct sockaddr_storage sav_netmask; 909 910 if (addr[0] == '/') 911 return (setifprefixlen(addr, 0)); 912 913 (*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen); 914 915 (void) memset(&netmask, 0, sizeof (netmask)); 916 netmask.ss_family = afp->af_af; 917 switch (prefixlen) { 918 case NO_PREFIX: 919 /* Nothing there - ok */ 920 break; 921 case BAD_ADDR: 922 (void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n", 923 addr); 924 exit(1); 925 default: 926 if (afp->af_af == AF_INET6) { 927 sin6 = (struct sockaddr_in6 *)&netmask; 928 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 929 (uchar_t *)&sin6->sin6_addr)) { 930 (void) fprintf(stderr, "ifconfig: " 931 "Bad prefix length: %d\n", 932 prefixlen); 933 exit(1); 934 } 935 } else { 936 sin = (struct sockaddr_in *)&netmask; 937 if (!in_prefixlentomask(prefixlen, IP_ABITS, 938 (uchar_t *)&sin->sin_addr)) { 939 (void) fprintf(stderr, "ifconfig: " 940 "Bad prefix length: %d\n", 941 prefixlen); 942 exit(1); 943 } 944 } 945 /* 946 * Just in case of funny setting of both prefix and netmask, 947 * prefix should override the netmask command. 948 */ 949 g_netmask_set = G_NETMASK_NIL; 950 break; 951 } 952 /* Tell parser that an address was set */ 953 setaddr++; 954 /* save copy of netmask to restore in case of error */ 955 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 956 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) 957 Perror0_exit("SIOCGLIFNETMASK"); 958 sav_netmask = lifr.lifr_addr; 959 960 /* 961 * If setting the address and not the mask, clear any existing mask 962 * and the kernel will then assign the default (netmask has been set 963 * to 0 in this case). If setting both (either by using a prefix or 964 * using the netmask command), set the mask first, so the address will 965 * be interpreted correctly. 966 */ 967 set_mask_lifreq(&lifr, &laddr, &netmask); 968 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 969 Perror0_exit("SIOCSLIFNETMASK"); 970 971 if (debug) { 972 char abuf[INET6_ADDRSTRLEN]; 973 void *addr = (afp->af_af == AF_INET) ? 974 (void *)&((struct sockaddr_in *)&laddr)->sin_addr : 975 (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr; 976 977 (void) printf("Setting %s af %d addr %s\n", 978 lifr.lifr_name, afp->af_af, 979 inet_ntop(afp->af_af, addr, abuf, sizeof (abuf))); 980 } 981 lifr.lifr_addr = laddr; 982 lifr.lifr_addr.ss_family = afp->af_af; 983 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) { 984 /* 985 * Restore the netmask 986 */ 987 int saverr = errno; 988 989 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 990 lifr.lifr_addr = sav_netmask; 991 (void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr); 992 errno = saverr; 993 Perror0_exit("SIOCSLIFADDR"); 994 } 995 996 return (0); 997 } 998 999 /* 1000 * The following functions are stolen from the ipseckey(1m) program. 1001 * Perhaps they should be somewhere common, but for now, we just maintain 1002 * two versions. We do this because of the different semantics for which 1003 * algorithms we select ("requested" for ifconfig vs. "actual" for key). 1004 */ 1005 1006 static ulong_t 1007 parsenum(char *num) 1008 { 1009 ulong_t rc; 1010 char *end = NULL; 1011 1012 errno = 0; 1013 rc = strtoul(num, &end, 0); 1014 if (errno != 0 || end == num || *end != '\0') { 1015 rc = (ulong_t)-1; 1016 } 1017 1018 return (rc); 1019 } 1020 1021 /* 1022 * Parse and reverse parse possible algorithm values, include numbers. 1023 * Mostly stolen from ipseckey.c. See the comments above parsenum() for why 1024 * this isn't common to ipseckey.c. 1025 * 1026 * NOTE: Static buffer in this function for the return value. Since ifconfig 1027 * isn't multithreaded, this isn't a huge problem. 1028 */ 1029 1030 #define NBUF_SIZE 20 /* Enough to print a large integer. */ 1031 1032 static char * 1033 rparsealg(uint8_t alg_value, int proto_num) 1034 { 1035 struct ipsecalgent *alg; 1036 static char numprint[128]; /* Enough to hold an algorithm name. */ 1037 1038 /* 1039 * Special cases for "any" and "none" 1040 * The kernel needs to be able to distinguish between "any" 1041 * and "none" and the APIs are underdefined in this area for auth. 1042 */ 1043 if (proto_num == IPSEC_PROTO_AH) { 1044 if (alg_value == SADB_AALG_NONE) 1045 return ("none"); 1046 if (alg_value == SADB_AALG_ANY) 1047 return ("any"); 1048 } 1049 1050 alg = getipsecalgbynum(alg_value, proto_num, NULL); 1051 if (alg != NULL) { 1052 (void) strlcpy(numprint, alg->a_names[0], sizeof (numprint)); 1053 freeipsecalgent(alg); 1054 } else { 1055 (void) snprintf(numprint, sizeof (numprint), "%d", alg_value); 1056 } 1057 1058 return (numprint); 1059 } 1060 1061 static uint_t 1062 parsealg(char *algname, int proto_num) 1063 { 1064 struct ipsecalgent *alg; 1065 ulong_t invalue; 1066 1067 if (algname == NULL) { 1068 (void) fprintf(stderr, "ifconfig: Unexpected end of command " 1069 "line.\n"); 1070 exit(1); 1071 } 1072 1073 /* 1074 * Special-case "none" and "any". 1075 * Use strcasecmp because its length is bounded. 1076 */ 1077 if (strcasecmp("none", algname) == 0) { 1078 return ((proto_num == IPSEC_PROTO_ESP) ? 1079 NO_ESP_EALG : NO_ESP_AALG); 1080 } 1081 if ((strcasecmp("any", algname) == 0) && (proto_num == IPSEC_PROTO_AH)) 1082 return (SADB_AALG_ANY); 1083 1084 alg = getipsecalgbyname(algname, proto_num, NULL); 1085 if (alg != NULL) { 1086 invalue = alg->a_alg_num; 1087 freeipsecalgent(alg); 1088 return ((uint_t)invalue); 1089 } 1090 1091 /* 1092 * Since algorithms can be loaded during kernel run-time, check for 1093 * numeric algorithm values too. 1094 */ 1095 invalue = parsenum(algname); 1096 if ((invalue & (ulong_t)0xff) == invalue) 1097 return ((uint_t)invalue); 1098 1099 (void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n", 1100 (proto_num == IPSEC_PROTO_ESP) ? 1101 "Encryption" : "Authentication", algname); 1102 exit(1); 1103 /* NOTREACHED */ 1104 } 1105 1106 /* 1107 * Actual ifconfig functions to set tunnel security properties. 1108 */ 1109 1110 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG }; 1111 1112 static int 1113 set_tun_algs(int which_alg, int alg) 1114 { 1115 boolean_t encr_alg_set = _B_FALSE; 1116 iptun_params_t params; 1117 dladm_status_t status; 1118 ipsec_req_t *ipsr; 1119 1120 if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, 1121 ¶ms.iptun_param_linkid)) != DLADM_STATUS_OK) 1122 goto done; 1123 1124 status = dladm_iptun_getparams(dlh, ¶ms, DLADM_OPT_ACTIVE); 1125 if (status != DLADM_STATUS_OK) 1126 goto done; 1127 1128 ipsr = ¶ms.iptun_param_secinfo; 1129 1130 /* 1131 * If I'm just starting off this ifconfig, I want a clean slate, 1132 * otherwise, I've captured the current tunnel security settings. 1133 * In the case of continuation, I merely add to the settings. 1134 */ 1135 if (!(params.iptun_param_flags & IPTUN_PARAM_SECINFO)) 1136 (void) memset(ipsr, 0, sizeof (*ipsr)); 1137 1138 /* We're only modifying the IPsec information */ 1139 params.iptun_param_flags = IPTUN_PARAM_SECINFO; 1140 1141 switch (which_alg) { 1142 case ESP_ENCR_ALG: 1143 if (alg == NO_ESP_EALG) { 1144 if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE) 1145 ipsr->ipsr_esp_req = 0; 1146 ipsr->ipsr_esp_alg = SADB_EALG_NONE; 1147 1148 /* Let the user specify NULL encryption implicitly. */ 1149 if (ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) { 1150 encr_alg_set = _B_TRUE; 1151 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1152 } 1153 } else { 1154 encr_alg_set = _B_TRUE; 1155 ipsr->ipsr_esp_req = 1156 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1157 ipsr->ipsr_esp_alg = alg; 1158 } 1159 break; 1160 case ESP_AUTH_ALG: 1161 if (alg == NO_ESP_AALG) { 1162 if ((ipsr->ipsr_esp_alg == SADB_EALG_NONE || 1163 ipsr->ipsr_esp_alg == SADB_EALG_NULL) && 1164 !encr_alg_set) 1165 ipsr->ipsr_esp_req = 0; 1166 ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE; 1167 } else { 1168 ipsr->ipsr_esp_req = 1169 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1170 ipsr->ipsr_esp_auth_alg = alg; 1171 1172 /* Let the user specify NULL encryption implicitly. */ 1173 if (ipsr->ipsr_esp_alg == SADB_EALG_NONE && 1174 !encr_alg_set) 1175 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1176 } 1177 break; 1178 case AH_AUTH_ALG: 1179 if (alg == NO_AH_AALG) { 1180 ipsr->ipsr_ah_req = 0; 1181 ipsr->ipsr_auth_alg = SADB_AALG_NONE; 1182 } else { 1183 ipsr->ipsr_ah_req = 1184 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1185 ipsr->ipsr_auth_alg = alg; 1186 } 1187 break; 1188 /* Will never hit DEFAULT */ 1189 } 1190 1191 status = dladm_iptun_modify(dlh, ¶ms, DLADM_OPT_ACTIVE); 1192 1193 done: 1194 if (status != DLADM_STATUS_OK) 1195 dladmerr_exit(status, name); 1196 else { 1197 ipsec_policy_set = _B_TRUE; 1198 if ((ipsr->ipsr_esp_req != 0 && 1199 ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) || 1200 (ipsr->ipsr_ah_req != 0 && 1201 ipsr->ipsr_auth_alg != SADB_AALG_NONE)) 1202 ipsec_auth_covered = _B_TRUE; 1203 } 1204 return (0); 1205 } 1206 1207 /* ARGSUSED */ 1208 static int 1209 set_tun_esp_encr_alg(char *addr, int64_t param) 1210 { 1211 return (set_tun_algs(ESP_ENCR_ALG, 1212 parsealg(addr, IPSEC_PROTO_ESP))); 1213 } 1214 1215 /* ARGSUSED */ 1216 static int 1217 set_tun_esp_auth_alg(char *addr, int64_t param) 1218 { 1219 return (set_tun_algs(ESP_AUTH_ALG, 1220 parsealg(addr, IPSEC_PROTO_AH))); 1221 } 1222 1223 /* ARGSUSED */ 1224 static int 1225 set_tun_ah_alg(char *addr, int64_t param) 1226 { 1227 return (set_tun_algs(AH_AUTH_ALG, 1228 parsealg(addr, IPSEC_PROTO_AH))); 1229 } 1230 1231 /* ARGSUSED */ 1232 static int 1233 setifrevarp(char *arg, int64_t param) 1234 { 1235 struct sockaddr_in laddr; 1236 1237 if (afp->af_af == AF_INET6) { 1238 (void) fprintf(stderr, 1239 "ifconfig: revarp not possible on IPv6 interface %s\n", 1240 name); 1241 exit(1); 1242 } 1243 if (doifrevarp(name, &laddr)) { 1244 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1245 laddr.sin_family = AF_INET; 1246 (void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr)); 1247 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1248 Perror0_exit("SIOCSLIFADDR"); 1249 } 1250 return (0); 1251 } 1252 1253 /* ARGSUSED */ 1254 static int 1255 setifsubnet(char *addr, int64_t param) 1256 { 1257 int prefixlen = 0; 1258 struct sockaddr_storage subnet; 1259 1260 (*afp->af_getaddr)(addr, &subnet, &prefixlen); 1261 1262 switch (prefixlen) { 1263 case NO_PREFIX: 1264 (void) fprintf(stderr, 1265 "ifconfig: Missing prefix length in subnet %s\n", addr); 1266 exit(1); 1267 /* NOTREACHED */ 1268 case BAD_ADDR: 1269 (void) fprintf(stderr, 1270 "ifconfig: Bad prefix length in %s\n", addr); 1271 exit(1); 1272 default: 1273 break; 1274 } 1275 1276 lifr.lifr_addr = subnet; 1277 lifr.lifr_addrlen = prefixlen; 1278 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1279 if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0) 1280 Perror0_exit("SIOCSLIFSUBNET"); 1281 1282 return (0); 1283 } 1284 1285 /* ARGSUSED */ 1286 static int 1287 setifnetmask(char *addr, int64_t param) 1288 { 1289 struct sockaddr_in netmask; 1290 1291 assert(afp->af_af != AF_INET6); 1292 1293 if (strcmp(addr, "+") == 0) { 1294 if (!in_getmask(&netmask, _B_FALSE)) 1295 return (0); 1296 (void) printf("Setting netmask of %s to %s\n", name, 1297 inet_ntoa(netmask.sin_addr)); 1298 } else { 1299 in_getaddr(addr, (struct sockaddr *)&netmask, NULL); 1300 } 1301 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1302 (void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask)); 1303 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1304 Perror0_exit("SIOCSLIFNETMASK"); 1305 return (0); 1306 } 1307 1308 /* 1309 * Parse '/<n>' as a netmask. 1310 */ 1311 /* ARGSUSED */ 1312 static int 1313 setifprefixlen(char *addr, int64_t param) 1314 { 1315 int prefixlen; 1316 int af = afp->af_af; 1317 1318 prefixlen = in_getprefixlen(addr, _B_TRUE, 1319 (af == AF_INET) ? IP_ABITS : IPV6_ABITS); 1320 if (prefixlen < 0) { 1321 (void) fprintf(stderr, 1322 "ifconfig: Bad prefix length in %s\n", addr); 1323 exit(1); 1324 } 1325 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1326 lifr.lifr_addr.ss_family = af; 1327 if (af == AF_INET6) { 1328 struct sockaddr_in6 *sin6; 1329 1330 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 1331 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1332 (uchar_t *)&sin6->sin6_addr)) { 1333 (void) fprintf(stderr, "ifconfig: " 1334 "Bad prefix length: %d\n", 1335 prefixlen); 1336 exit(1); 1337 } 1338 } else if (af == AF_INET) { 1339 struct sockaddr_in *sin; 1340 1341 sin = (struct sockaddr_in *)&lifr.lifr_addr; 1342 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1343 (uchar_t *)&sin->sin_addr)) { 1344 (void) fprintf(stderr, "ifconfig: " 1345 "Bad prefix length: %d\n", 1346 prefixlen); 1347 exit(1); 1348 } 1349 } else { 1350 (void) fprintf(stderr, "ifconfig: setting prefix only supported" 1351 " for address family inet or inet6\n"); 1352 exit(1); 1353 } 1354 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1355 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1356 Perror0_exit("SIOCSLIFNETMASK"); 1357 return (0); 1358 } 1359 1360 /* ARGSUSED */ 1361 static int 1362 setifbroadaddr(char *addr, int64_t param) 1363 { 1364 struct sockaddr_in broadaddr; 1365 1366 assert(afp->af_af != AF_INET6); 1367 1368 if (strcmp(addr, "+") == 0) { 1369 /* 1370 * This doesn't set the broadcast address at all. Rather, it 1371 * gets, then sets the interface's address, relying on the fact 1372 * that resetting the address will reset the broadcast address. 1373 */ 1374 (void) strncpy(lifr.lifr_name, name, 1375 sizeof (lifr.lifr_name)); 1376 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 1377 if (errno != EADDRNOTAVAIL) 1378 Perror0_exit("SIOCGLIFADDR"); 1379 return (0); 1380 } 1381 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1382 Perror0_exit("SIOCGLIFADDR"); 1383 1384 return (0); 1385 } 1386 in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL); 1387 1388 (void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr)); 1389 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1390 if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0) 1391 Perror0_exit("SIOCSLIFBRDADDR"); 1392 return (0); 1393 } 1394 1395 /* 1396 * set interface destination address 1397 */ 1398 /* ARGSUSED */ 1399 static int 1400 setifdstaddr(char *addr, int64_t param) 1401 { 1402 (*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL); 1403 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1404 if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0) 1405 Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR"); 1406 return (0); 1407 } 1408 1409 /* ARGSUSED */ 1410 static int 1411 setifflags(char *val, int64_t value) 1412 { 1413 struct lifreq lifrl; /* local lifreq struct */ 1414 boolean_t bringup = _B_FALSE; 1415 1416 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1417 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) 1418 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1419 1420 if (value < 0) { 1421 value = -value; 1422 1423 if ((value & IFF_NOFAILOVER) && (lifr.lifr_flags & IFF_UP)) { 1424 /* 1425 * The kernel does not allow administratively up test 1426 * addresses to be converted to data addresses. Bring 1427 * the address down first, then bring it up after it's 1428 * been converted to a data address. 1429 */ 1430 lifr.lifr_flags &= ~IFF_UP; 1431 (void) ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr); 1432 bringup = _B_TRUE; 1433 } 1434 1435 lifr.lifr_flags &= ~value; 1436 if ((value & (IFF_UP | IFF_NOFAILOVER)) && 1437 (lifr.lifr_flags & IFF_DUPLICATE)) { 1438 /* 1439 * If the user is trying to mark an interface with a 1440 * duplicate address as "down," or convert a duplicate 1441 * test address to a data address, then fetch the 1442 * address and set it. This will cause IP to clear 1443 * the IFF_DUPLICATE flag and stop the automatic 1444 * recovery timer. 1445 */ 1446 value = lifr.lifr_flags; 1447 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) 1448 (void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr); 1449 lifr.lifr_flags = value; 1450 } 1451 } else { 1452 lifr.lifr_flags |= value; 1453 } 1454 1455 /* 1456 * If we're about to bring up an underlying physical IPv6 interface in 1457 * an IPMP group, ensure the IPv6 IPMP interface is also up. This is 1458 * for backward compatibility with legacy configurations in which 1459 * there are no explicit hostname files for IPMP interfaces. (For 1460 * IPv4, this is automatically handled by the kernel when migrating 1461 * the underlying interface's data address to the IPMP interface.) 1462 */ 1463 (void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ); 1464 1465 if (lifnum(lifr.lifr_name) == 0 && 1466 (lifr.lifr_flags & (IFF_UP|IFF_IPV6)) == (IFF_UP|IFF_IPV6) && 1467 ioctl(s, SIOCGLIFGROUPNAME, &lifrl) == 0 && 1468 lifrl.lifr_groupname[0] != '\0') { 1469 lifgroupinfo_t lifgr; 1470 1471 (void) strlcpy(lifgr.gi_grname, lifrl.lifr_groupname, 1472 LIFGRNAMSIZ); 1473 if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) 1474 Perror0_exit("setifflags: SIOCGLIFGROUPINFO"); 1475 1476 (void) strlcpy(lifrl.lifr_name, lifgr.gi_grifname, LIFNAMSIZ); 1477 if (ioctl(s, SIOCGLIFFLAGS, &lifrl) == -1) 1478 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1479 if (!(lifrl.lifr_flags & IFF_UP)) { 1480 lifrl.lifr_flags |= IFF_UP; 1481 if (ioctl(s, SIOCSLIFFLAGS, &lifrl) == -1) 1482 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1483 } 1484 } 1485 1486 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1487 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) 1488 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1489 1490 if (bringup) { 1491 lifr.lifr_flags |= IFF_UP; 1492 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) 1493 Perror0_exit("setifflags: SIOCSLIFFLAGS IFF_UP"); 1494 } 1495 1496 return (0); 1497 } 1498 1499 /* ARGSUSED */ 1500 static int 1501 setifmetric(char *val, int64_t param) 1502 { 1503 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1504 lifr.lifr_metric = atoi(val); 1505 if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0) 1506 Perror0_exit("setifmetric: SIOCSLIFMETRIC"); 1507 return (0); 1508 } 1509 1510 /* ARGSUSED */ 1511 static int 1512 setifmtu(char *val, int64_t param) 1513 { 1514 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1515 lifr.lifr_mtu = atoi(val); 1516 if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0) 1517 Perror0_exit("setifmtu: SIOCSLIFMTU"); 1518 return (0); 1519 } 1520 1521 /* ARGSUSED */ 1522 static int 1523 setifindex(char *val, int64_t param) 1524 { 1525 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1526 lifr.lifr_index = atoi(val); 1527 if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0) 1528 Perror0_exit("setifindex: SIOCSLIFINDEX"); 1529 return (0); 1530 } 1531 1532 /* ARGSUSED */ 1533 static void 1534 notifycb(dlpi_handle_t dh, dlpi_notifyinfo_t *dnip, void *arg) 1535 { 1536 } 1537 1538 /* ARGSUSED */ 1539 static int 1540 setifether(char *addr, int64_t param) 1541 { 1542 uchar_t *hwaddr; 1543 int hwaddrlen; 1544 int retval; 1545 ifaddrlistx_t *ifaddrp, *ifaddrs = NULL; 1546 dlpi_handle_t dh; 1547 dlpi_notifyid_t id; 1548 1549 if (addr == NULL) { 1550 ifstatus(name); 1551 print_ifether(name); 1552 return (0); 1553 } 1554 1555 /* 1556 * if the IP interface in the arguments is a logical 1557 * interface, exit with an error now. 1558 */ 1559 if (strchr(name, ':') != NULL) { 1560 (void) fprintf(stderr, "ifconfig: cannot change" 1561 " ethernet address of a logical interface\n"); 1562 exit(1); 1563 } 1564 1565 if ((hwaddr = _link_aton(addr, &hwaddrlen)) == NULL) { 1566 if (hwaddrlen == -1) 1567 (void) fprintf(stderr, 1568 "ifconfig: %s: bad address\n", hwaddr); 1569 else 1570 (void) fprintf(stderr, "ifconfig: malloc() failed\n"); 1571 exit(1); 1572 } 1573 1574 if ((retval = dlpi_open(name, &dh, 0)) != DLPI_SUCCESS) 1575 Perrdlpi_exit("cannot dlpi_open() link", name, retval); 1576 1577 retval = dlpi_enabnotify(dh, DL_NOTE_PHYS_ADDR, notifycb, NULL, &id); 1578 if (retval == DLPI_SUCCESS) { 1579 (void) dlpi_disabnotify(dh, id, NULL); 1580 } else { 1581 /* 1582 * This link does not support DL_NOTE_PHYS_ADDR: bring down 1583 * all of the addresses to flush the old hardware address 1584 * information out of IP. 1585 * 1586 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is 1587 * more than an optimization: in.mpathd will set IFF_OFFLINE 1588 * if it's notified and the new address is a duplicate of 1589 * another in the group -- but the flags manipulation in 1590 * ifaddr_{down,up}() cannot be atomic and thus might clobber 1591 * IFF_OFFLINE, confusing in.mpathd. 1592 */ 1593 if (ifaddrlistx(name, IFF_UP, 0, &ifaddrs) == -1) 1594 Perror2_exit(name, "cannot get address list"); 1595 1596 ifaddrp = ifaddrs; 1597 for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 1598 if (!ifaddr_down(ifaddrp)) { 1599 Perror2_exit(ifaddrp->ia_name, 1600 "cannot bring down"); 1601 } 1602 } 1603 } 1604 1605 /* 1606 * Change the hardware address. 1607 */ 1608 retval = dlpi_set_physaddr(dh, DL_CURR_PHYS_ADDR, hwaddr, hwaddrlen); 1609 if (retval != DLPI_SUCCESS) { 1610 (void) fprintf(stderr, 1611 "ifconfig: failed setting mac address on %s\n", name); 1612 } 1613 dlpi_close(dh); 1614 1615 /* 1616 * If any addresses were brought down before changing the hardware 1617 * address, bring them up again. 1618 */ 1619 for (ifaddrp = ifaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 1620 if (!ifaddr_up(ifaddrp)) 1621 Perror2_exit(ifaddrp->ia_name, "cannot bring up"); 1622 } 1623 ifaddrlistx_free(ifaddrs); 1624 1625 return (0); 1626 } 1627 1628 /* 1629 * Print an interface's Ethernet address, if it has one. 1630 */ 1631 static void 1632 print_ifether(char *ifname) 1633 { 1634 int fd; 1635 1636 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1637 1638 fd = socket(AF_INET, SOCK_DGRAM, 0); 1639 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1640 /* 1641 * It's possible the interface is only configured for 1642 * IPv6; check again with AF_INET6. 1643 */ 1644 (void) close(fd); 1645 fd = socket(AF_INET6, SOCK_DGRAM, 0); 1646 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1647 (void) close(fd); 1648 return; 1649 } 1650 } 1651 (void) close(fd); 1652 1653 /* VNI and IPMP interfaces don't have MAC addresses */ 1654 if (lifr.lifr_flags & (IFF_VIRTUAL|IFF_IPMP)) 1655 return; 1656 1657 /* IP tunnels also don't have Ethernet-like MAC addresses */ 1658 if (ifconfig_dladm_open(ifname, DATALINK_CLASS_IPTUN, NULL) == 1659 DLADM_STATUS_OK) 1660 return; 1661 1662 dlpi_print_address(ifname); 1663 } 1664 1665 /* 1666 * static int find_all_interfaces(struct lifconf *lifcp, char **buf, 1667 * int64_t lifc_flags) 1668 * 1669 * It finds all active data links. 1670 * 1671 * It takes in input a pointer to struct lifconf to receive interfaces 1672 * informations, a **char to hold allocated buffer, and a lifc_flags. 1673 * 1674 * Return values: 1675 * 0 = everything OK 1676 * -1 = problem 1677 */ 1678 static int 1679 find_all_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags) 1680 { 1681 unsigned bufsize; 1682 int n; 1683 ni_t *nip; 1684 struct lifreq *lifrp; 1685 dladm_status_t status; 1686 1687 if (!dlh_opened) { 1688 status = ifconfig_dladm_open(NULL, 0, NULL); 1689 if (status != DLADM_STATUS_OK) 1690 dladmerr_exit(status, "unable to open dladm handle"); 1691 } 1692 1693 (void) dlpi_walk(ni_entry, dlh, 0); 1694 1695 /* Now, translate the linked list into a struct lifreq buffer */ 1696 if (num_ni == 0) { 1697 lifcp->lifc_family = AF_UNSPEC; 1698 lifcp->lifc_flags = lifc_flags; 1699 lifcp->lifc_len = 0; 1700 lifcp->lifc_buf = NULL; 1701 return (0); 1702 } 1703 1704 bufsize = num_ni * sizeof (struct lifreq); 1705 if ((*buf = malloc(bufsize)) == NULL) 1706 Perror0_exit("find_all_interfaces: malloc failed"); 1707 1708 lifcp->lifc_family = AF_UNSPEC; 1709 lifcp->lifc_flags = lifc_flags; 1710 lifcp->lifc_len = bufsize; 1711 lifcp->lifc_buf = *buf; 1712 1713 for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) { 1714 nip = ni_list; 1715 (void) strncpy(lifrp->lifr_name, nip->ni_name, 1716 sizeof (lifr.lifr_name)); 1717 ni_list = nip->ni_next; 1718 free(nip); 1719 } 1720 return (0); 1721 } 1722 1723 /* 1724 * Create the next unused logical interface using the original name 1725 * and assign the address (and mask if '/<n>' is part of the address). 1726 * Use the new logical interface for subsequent subcommands by updating 1727 * the name variable. 1728 * 1729 * This allows syntax like: 1730 * ifconfig le0 addif 109.106.86.130 netmask + up \ 1731 * addif 109.106.86.131 netmask + up 1732 */ 1733 /* ARGSUSED */ 1734 static int 1735 addif(char *str, int64_t param) 1736 { 1737 int prefixlen = 0; 1738 struct sockaddr_storage laddr; 1739 struct sockaddr_storage mask; 1740 1741 (void) strncpy(name, origname, sizeof (name)); 1742 1743 if (strchr(name, ':') != NULL) { 1744 (void) fprintf(stderr, 1745 "ifconfig: addif: bad physical interface name %s\n", 1746 name); 1747 exit(1); 1748 } 1749 1750 /* 1751 * clear so parser will interpret next address as source followed 1752 * by possible dest 1753 */ 1754 setaddr = 0; 1755 (*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen); 1756 1757 switch (prefixlen) { 1758 case NO_PREFIX: 1759 /* Nothing there - ok */ 1760 break; 1761 case BAD_ADDR: 1762 (void) fprintf(stderr, 1763 "ifconfig: Bad prefix length in %s\n", str); 1764 exit(1); 1765 default: 1766 (void) memset(&mask, 0, sizeof (mask)); 1767 mask.ss_family = afp->af_af; 1768 if (afp->af_af == AF_INET6) { 1769 struct sockaddr_in6 *sin6; 1770 sin6 = (struct sockaddr_in6 *)&mask; 1771 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1772 (uchar_t *)&sin6->sin6_addr)) { 1773 (void) fprintf(stderr, "ifconfig: " 1774 "Bad prefix length: %d\n", 1775 prefixlen); 1776 exit(1); 1777 } 1778 } else { 1779 struct sockaddr_in *sin; 1780 1781 sin = (struct sockaddr_in *)&mask; 1782 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1783 (uchar_t *)&sin->sin_addr)) { 1784 (void) fprintf(stderr, "ifconfig: " 1785 "Bad prefix length: %d\n", 1786 prefixlen); 1787 exit(1); 1788 } 1789 } 1790 g_netmask_set = G_NETMASK_NIL; 1791 break; 1792 } 1793 1794 /* 1795 * This is a "hack" to get around the problem of SIOCLIFADDIF. The 1796 * problem is that this ioctl does not include the netmask when 1797 * adding a logical interface. This is the same problem described 1798 * in the ifconfig() comments. To get around this problem, we first 1799 * add the logical interface with a 0 address. After that, we set 1800 * the netmask if provided. Finally we set the interface address. 1801 */ 1802 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1803 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1804 1805 /* Note: no need to do DAD here since the interface isn't up yet. */ 1806 1807 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) 1808 Perror0_exit("addif: SIOCLIFADDIF"); 1809 1810 (void) printf("Created new logical interface %s\n", 1811 lifr.lifr_name); 1812 (void) strncpy(name, lifr.lifr_name, sizeof (name)); 1813 1814 /* 1815 * Check and see if any "netmask" command is used and perform the 1816 * necessary operation. 1817 */ 1818 set_mask_lifreq(&lifr, &laddr, &mask); 1819 /* 1820 * Only set the netmask if "netmask" command is used or a prefix is 1821 * provided. 1822 */ 1823 if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) { 1824 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1825 Perror0_exit("addif: SIOCSLIFNETMASK"); 1826 } 1827 1828 /* Finally, we set the interface address. */ 1829 lifr.lifr_addr = laddr; 1830 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1831 Perror0_exit("SIOCSLIFADDR"); 1832 1833 /* 1834 * let parser know we got a source. 1835 * Next address, if given, should be dest 1836 */ 1837 setaddr++; 1838 return (0); 1839 } 1840 1841 /* 1842 * Remove a logical interface based on its IP address. Unlike addif 1843 * there is no '/<n>' here. 1844 * Verifies that the interface is down before it is removed. 1845 */ 1846 /* ARGSUSED */ 1847 static int 1848 removeif(char *str, int64_t param) 1849 { 1850 struct sockaddr_storage laddr; 1851 1852 if (strchr(name, ':') != NULL) { 1853 (void) fprintf(stderr, 1854 "ifconfig: removeif: bad physical interface name %s\n", 1855 name); 1856 exit(1); 1857 } 1858 1859 (*afp->af_getaddr)(str, &laddr, NULL); 1860 lifr.lifr_addr = laddr; 1861 1862 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1863 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) { 1864 if (errno == EBUSY) { 1865 /* This can only happen if ipif_id = 0 */ 1866 (void) fprintf(stderr, 1867 "ifconfig: removeif: can't remove interface: %s\n", 1868 name); 1869 exit(1); 1870 } 1871 Perror0_exit("removeif: SIOCLIFREMOVEIF"); 1872 } 1873 return (0); 1874 } 1875 1876 /* 1877 * Set the address token for IPv6. 1878 */ 1879 /* ARGSUSED */ 1880 static int 1881 setiftoken(char *addr, int64_t param) 1882 { 1883 int prefixlen = 0; 1884 struct sockaddr_in6 token; 1885 1886 in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen); 1887 switch (prefixlen) { 1888 case NO_PREFIX: 1889 (void) fprintf(stderr, 1890 "ifconfig: Missing prefix length in subnet %s\n", addr); 1891 exit(1); 1892 /* NOTREACHED */ 1893 case BAD_ADDR: 1894 (void) fprintf(stderr, 1895 "ifconfig: Bad prefix length in %s\n", addr); 1896 exit(1); 1897 default: 1898 break; 1899 } 1900 (void) memcpy(&lifr.lifr_addr, &token, sizeof (token)); 1901 lifr.lifr_addrlen = prefixlen; 1902 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1903 if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0) { 1904 Perror0_exit("setiftoken: SIOCSLIFTOKEN"); 1905 } 1906 return (0); 1907 } 1908 1909 /* ARGSUSED */ 1910 static int 1911 setifgroupname(char *grname, int64_t param) 1912 { 1913 lifgroupinfo_t lifgr; 1914 struct lifreq lifrl; 1915 ifaddrlistx_t *ifaddrp, *nextifaddrp; 1916 ifaddrlistx_t *ifaddrs = NULL, *downaddrs = NULL; 1917 int af; 1918 1919 if (debug) { 1920 (void) printf("Setting groupname %s on interface %s\n", 1921 grname, name); 1922 } 1923 1924 (void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ); 1925 (void) strlcpy(lifrl.lifr_groupname, grname, LIFGRNAMSIZ); 1926 1927 while (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) { 1928 switch (errno) { 1929 case ENOENT: 1930 /* 1931 * The group doesn't yet exist; create it and repeat. 1932 */ 1933 af = afp->af_af; 1934 if (create_ipmp(grname, af, NULL, _B_TRUE) == -1) { 1935 if (errno == EEXIST) 1936 continue; 1937 1938 Perror2(grname, "cannot create IPMP group"); 1939 goto fail; 1940 } 1941 continue; 1942 1943 case EALREADY: 1944 /* 1945 * The interface is already in another group; must 1946 * remove existing membership first. 1947 */ 1948 lifrl.lifr_groupname[0] = '\0'; 1949 if (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) { 1950 Perror2(name, "cannot remove existing " 1951 "IPMP group membership"); 1952 goto fail; 1953 } 1954 (void) strlcpy(lifrl.lifr_groupname, grname, 1955 LIFGRNAMSIZ); 1956 continue; 1957 1958 case EAFNOSUPPORT: 1959 /* 1960 * The group exists, but it's not configured with the 1961 * address families the interface needs. Since only 1962 * two address families are currently supported, just 1963 * configure the "other" address family. Note that we 1964 * may race with group deletion or creation by another 1965 * process (ENOENT or EEXIST); in such cases we repeat 1966 * our original SIOCSLIFGROUPNAME. 1967 */ 1968 (void) strlcpy(lifgr.gi_grname, grname, LIFGRNAMSIZ); 1969 if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) { 1970 if (errno == ENOENT) 1971 continue; 1972 1973 Perror2(grname, "SIOCGLIFGROUPINFO"); 1974 goto fail; 1975 } 1976 1977 af = lifgr.gi_v4 ? AF_INET6 : AF_INET; 1978 if (create_ipmp(grname, af, lifgr.gi_grifname, 1979 _B_TRUE) == -1) { 1980 if (errno == EEXIST) 1981 continue; 1982 1983 Perror2(grname, "cannot configure IPMP group"); 1984 goto fail; 1985 } 1986 continue; 1987 1988 case EADDRINUSE: 1989 /* 1990 * Some addresses are in-use (or under control of DAD). 1991 * Bring them down and retry the group join operation. 1992 * We will bring them back up after the interface has 1993 * been placed in the group. 1994 */ 1995 if (ifaddrlistx(lifrl.lifr_name, IFF_UP|IFF_DUPLICATE, 1996 0, &ifaddrs) == -1) { 1997 Perror2(grname, "cannot get address list"); 1998 goto fail; 1999 } 2000 2001 ifaddrp = ifaddrs; 2002 for (; ifaddrp != NULL; ifaddrp = nextifaddrp) { 2003 if (!ifaddr_down(ifaddrp)) { 2004 ifaddrs = ifaddrp; 2005 goto fail; 2006 } 2007 nextifaddrp = ifaddrp->ia_next; 2008 ifaddrp->ia_next = downaddrs; 2009 downaddrs = ifaddrp; 2010 } 2011 ifaddrs = NULL; 2012 continue; 2013 2014 case EADDRNOTAVAIL: { 2015 /* 2016 * Some data addresses are under application control. 2017 * For some of these (e.g., ADDRCONF), the application 2018 * should remove the address, in which case we retry a 2019 * few times (since the application's action is not 2020 * atomic with respect to us) before bailing out and 2021 * informing the user. 2022 */ 2023 int ntries, nappaddr = 0; 2024 const if_appflags_t *iap = if_appflags_tbl; 2025 2026 for (; iap->ia_app != NULL; iap++) { 2027 ntries = 0; 2028 again: 2029 if (ifaddrlistx(lifrl.lifr_name, iap->ia_flag, 2030 IFF_NOFAILOVER, &ifaddrs) == -1) { 2031 (void) fprintf(stderr, "ifconfig: %s: " 2032 "cannot get data addresses managed " 2033 "by %s\n", lifrl.lifr_name, 2034 iap->ia_app); 2035 goto fail; 2036 } 2037 2038 if (ifaddrs == NULL) 2039 continue; 2040 2041 ifaddrlistx_free(ifaddrs); 2042 ifaddrs = NULL; 2043 2044 if (++ntries < iap->ia_tries) { 2045 (void) poll(NULL, 0, 100); 2046 goto again; 2047 } 2048 2049 (void) fprintf(stderr, "ifconfig: cannot join " 2050 "IPMP group: %s has data addresses managed " 2051 "by %s\n", lifrl.lifr_name, iap->ia_app); 2052 nappaddr++; 2053 } 2054 if (nappaddr > 0) 2055 goto fail; 2056 continue; 2057 } 2058 default: 2059 Perror2(name, "SIOCSLIFGROUPNAME"); 2060 goto fail; 2061 } 2062 } 2063 2064 /* 2065 * If there were addresses that we had to bring down, it's time to 2066 * bring them up again. As part of bringing them up, the kernel will 2067 * automatically move them to the new IPMP interface. 2068 */ 2069 for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 2070 if (!ifaddr_up(ifaddrp) && errno != ENXIO) { 2071 (void) fprintf(stderr, "ifconfig: cannot bring back up " 2072 "%s: %s\n", ifaddrp->ia_name, strerror(errno)); 2073 } 2074 } 2075 ifaddrlistx_free(downaddrs); 2076 return (0); 2077 fail: 2078 /* 2079 * Attempt to bring back up any interfaces that we downed. 2080 */ 2081 for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 2082 if (!ifaddr_up(ifaddrp) && errno != ENXIO) { 2083 (void) fprintf(stderr, "ifconfig: cannot bring back up " 2084 "%s: %s\n", ifaddrp->ia_name, strerror(errno)); 2085 } 2086 } 2087 ifaddrlistx_free(downaddrs); 2088 ifaddrlistx_free(ifaddrs); 2089 2090 /* 2091 * We'd return -1, but foreachinterface() doesn't propagate the error 2092 * into the exit status, so we're forced to explicitly exit(). 2093 */ 2094 exit(1); 2095 /* NOTREACHED */ 2096 } 2097 2098 static boolean_t 2099 modcheck(const char *ifname) 2100 { 2101 (void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2102 2103 if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) { 2104 Perror0("SIOCGLIFFLAGS"); 2105 return (_B_FALSE); 2106 } 2107 2108 if (lifr.lifr_flags & IFF_IPMP) { 2109 (void) fprintf(stderr, "ifconfig: %s: module operations not" 2110 " supported on IPMP interfaces\n", ifname); 2111 return (_B_FALSE); 2112 } 2113 if (lifr.lifr_flags & IFF_VIRTUAL) { 2114 (void) fprintf(stderr, "ifconfig: %s: module operations not" 2115 " supported on virtual IP interfaces\n", ifname); 2116 return (_B_FALSE); 2117 } 2118 return (_B_TRUE); 2119 } 2120 2121 /* 2122 * To list all the modules above a given network interface. 2123 */ 2124 /* ARGSUSED */ 2125 static int 2126 modlist(char *null, int64_t param) 2127 { 2128 int muxid_fd; 2129 int muxfd; 2130 int ipfd_lowstr; 2131 int arpfd_lowstr; 2132 int num_mods; 2133 int i; 2134 struct str_list strlist; 2135 int orig_arpid; 2136 2137 /* 2138 * We'd return -1, but foreachinterface() doesn't propagate the error 2139 * into the exit status, so we're forced to explicitly exit(). 2140 */ 2141 if (!modcheck(name)) 2142 exit(1); 2143 2144 if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr, 2145 &orig_arpid) < 0) { 2146 return (-1); 2147 } 2148 if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) { 2149 Perror0("cannot I_LIST to get the number of modules"); 2150 } else { 2151 if (debug > 0) { 2152 (void) printf("Listing (%d) modules above %s\n", 2153 num_mods, name); 2154 } 2155 2156 strlist.sl_nmods = num_mods; 2157 strlist.sl_modlist = malloc(sizeof (struct str_mlist) * 2158 num_mods); 2159 if (strlist.sl_modlist == NULL) { 2160 Perror0("cannot malloc"); 2161 } else { 2162 if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) { 2163 Perror0("cannot I_LIST for module names"); 2164 } else { 2165 for (i = 0; i < strlist.sl_nmods; i++) { 2166 (void) printf("%d %s\n", i, 2167 strlist.sl_modlist[i].l_name); 2168 } 2169 } 2170 free(strlist.sl_modlist); 2171 } 2172 } 2173 return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr, 2174 orig_arpid)); 2175 } 2176 2177 #define MODINSERT_OP 'i' 2178 #define MODREMOVE_OP 'r' 2179 2180 /* 2181 * To insert a module to the stream of the interface. It is just a 2182 * wrapper. The real function is modop(). 2183 */ 2184 /* ARGSUSED */ 2185 static int 2186 modinsert(char *arg, int64_t param) 2187 { 2188 return (modop(arg, MODINSERT_OP)); 2189 } 2190 2191 /* 2192 * To remove a module from the stream of the interface. It is just a 2193 * wrapper. The real function is modop(). 2194 */ 2195 /* ARGSUSED */ 2196 static int 2197 modremove(char *arg, int64_t param) 2198 { 2199 return (modop(arg, MODREMOVE_OP)); 2200 } 2201 2202 /* 2203 * Open a stream on /dev/udp{,6}, pop off all undesired modules (note that 2204 * the user may have configured autopush to add modules above 2205 * udp), and push the arp module onto the resulting stream. 2206 * This is used to make IP+ARP be able to atomically track the muxid 2207 * for the I_PLINKed STREAMS, thus it isn't related to ARP running the ARP 2208 * protocol. 2209 */ 2210 static int 2211 open_arp_on_udp(char *udp_dev_name) 2212 { 2213 int fd; 2214 2215 if ((fd = open(udp_dev_name, O_RDWR)) == -1) { 2216 Perror2("open", udp_dev_name); 2217 return (-1); 2218 } 2219 errno = 0; 2220 while (ioctl(fd, I_POP, 0) != -1) 2221 ; 2222 if (errno != EINVAL) { 2223 Perror2("pop", udp_dev_name); 2224 } else if (ioctl(fd, I_PUSH, ARP_MOD_NAME) == -1) { 2225 Perror2("arp PUSH", udp_dev_name); 2226 } else { 2227 return (fd); 2228 } 2229 (void) close(fd); 2230 return (-1); 2231 } 2232 2233 /* 2234 * Helper function for mod*() functions. It gets a fd to the lower IP 2235 * stream and I_PUNLINK's the lower stream. It also initializes the 2236 * global variable lifr. 2237 * 2238 * Param: 2239 * int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK 2240 * int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID 2241 * int *ipfd_lowstr: fd to the lower IP stream. 2242 * int *arpfd_lowstr: fd to the lower ARP stream. 2243 * 2244 * Return: 2245 * -1 if operation fails, 0 otherwise. 2246 * 2247 * Please see the big block comment above ifplumb() for the logic of the 2248 * PLINK/PUNLINK 2249 */ 2250 static int 2251 ip_domux2fd(int *muxfd, int *muxid_fd, int *ipfd_lowstr, int *arpfd_lowstr, 2252 int *orig_arpid) 2253 { 2254 uint64_t flags; 2255 char *udp_dev_name; 2256 2257 *orig_arpid = 0; 2258 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2259 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2260 Perror0_exit("status: SIOCGLIFFLAGS"); 2261 } 2262 flags = lifr.lifr_flags; 2263 if (flags & IFF_IPV4) { 2264 udp_dev_name = UDP_DEV_NAME; 2265 } else if (flags & IFF_IPV6) { 2266 udp_dev_name = UDP6_DEV_NAME; 2267 } else { 2268 return (-1); 2269 } 2270 2271 if ((*muxid_fd = open(udp_dev_name, O_RDWR)) < 0) { 2272 Perror2("open", udp_dev_name); 2273 return (-1); 2274 } 2275 if (ioctl(*muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 2276 Perror2("SIOCGLIFMUXID", udp_dev_name); 2277 return (-1); 2278 } 2279 if (debug > 0) { 2280 (void) printf("ARP_muxid %d IP_muxid %d\n", 2281 lifr.lifr_arp_muxid, lifr.lifr_ip_muxid); 2282 } 2283 2284 /* 2285 * Use /dev/udp{,6} as the mux to avoid linkcycles. 2286 */ 2287 if ((*muxfd = open_arp_on_udp(udp_dev_name)) == -1) 2288 return (-1); 2289 2290 if (lifr.lifr_arp_muxid != 0) { 2291 if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2292 lifr.lifr_arp_muxid)) < 0) { 2293 if ((errno == EINVAL) && 2294 (flags & (IFF_NOARP | IFF_IPV6))) { 2295 /* 2296 * Some plumbing utilities set the muxid to 2297 * -1 or some invalid value to signify that 2298 * there is no arp stream. Set the muxid to 0 2299 * before trying to unplumb the IP stream. 2300 * IP does not allow the IP stream to be 2301 * unplumbed if it sees a non-null arp muxid, 2302 * for consistency of IP-ARP streams. 2303 */ 2304 *orig_arpid = lifr.lifr_arp_muxid; 2305 lifr.lifr_arp_muxid = 0; 2306 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, 2307 (caddr_t)&lifr); 2308 *arpfd_lowstr = -1; 2309 } else { 2310 Perror0("_I_MUXID2FD"); 2311 return (-1); 2312 } 2313 } else if (ioctl(*muxfd, I_PUNLINK, 2314 lifr.lifr_arp_muxid) < 0) { 2315 Perror2("I_PUNLINK", udp_dev_name); 2316 return (-1); 2317 } 2318 } else { 2319 *arpfd_lowstr = -1; 2320 } 2321 2322 if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2323 lifr.lifr_ip_muxid)) < 0) { 2324 Perror0("_I_MUXID2FD"); 2325 /* Undo any changes we made */ 2326 if (*orig_arpid != 0) { 2327 lifr.lifr_arp_muxid = *orig_arpid; 2328 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2329 } 2330 return (-1); 2331 } 2332 if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) { 2333 Perror2("I_PUNLINK", udp_dev_name); 2334 /* Undo any changes we made */ 2335 if (*orig_arpid != 0) { 2336 lifr.lifr_arp_muxid = *orig_arpid; 2337 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2338 } 2339 return (-1); 2340 } 2341 return (0); 2342 } 2343 2344 /* 2345 * Helper function for mod*() functions. It I_PLINK's back the upper and 2346 * lower IP streams. Note that this function must be called after 2347 * ip_domux2fd(). In ip_domux2fd(), the global variable lifr is initialized 2348 * and ip_plink() needs information in lifr. So ip_domux2fd() and ip_plink() 2349 * must be called in pairs. 2350 * 2351 * Param: 2352 * int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK 2353 * int muxid_fd: fd to /dev/udp{,6} for LIFMUXID 2354 * int ipfd_lowstr: fd to the lower IP stream. 2355 * int arpfd_lowstr: fd to the lower ARP stream. 2356 * 2357 * Return: 2358 * -1 if operation fails, 0 otherwise. 2359 * 2360 * Please see the big block comment above ifplumb() for the logic of the 2361 * PLINK/PUNLINK 2362 */ 2363 static int 2364 ip_plink(int muxfd, int muxid_fd, int ipfd_lowstr, int arpfd_lowstr, 2365 int orig_arpid) 2366 { 2367 int ip_muxid; 2368 2369 ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr); 2370 if (ip_muxid < 0) { 2371 Perror2("I_PLINK", UDP_DEV_NAME); 2372 return (-1); 2373 } 2374 2375 /* 2376 * If there is an arp stream, plink it. If there is no 2377 * arp stream, then it is possible that the plumbing 2378 * utility could have stored any value in the arp_muxid. 2379 * If so, restore it from orig_arpid. 2380 */ 2381 if (arpfd_lowstr != -1) { 2382 if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) { 2383 Perror2("I_PLINK", UDP_DEV_NAME); 2384 return (-1); 2385 } 2386 } else if (orig_arpid != 0) { 2387 /* Undo the changes we did in ip_domux2fd */ 2388 lifr.lifr_arp_muxid = orig_arpid; 2389 lifr.lifr_ip_muxid = ip_muxid; 2390 (void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2391 } 2392 2393 (void) close(muxfd); 2394 (void) close(muxid_fd); 2395 return (0); 2396 } 2397 2398 /* 2399 * The real function to perform module insertion/removal. 2400 * 2401 * Param: 2402 * char *arg: the argument string module_name@position 2403 * char op: operation, either MODINSERT_OP or MODREMOVE_OP. 2404 * 2405 * Return: 2406 * Before doing ip_domux2fd(), this function calls exit(1) in case of 2407 * error. After ip_domux2fd() is done, it returns -1 for error, 0 2408 * otherwise. 2409 */ 2410 static int 2411 modop(char *arg, char op) 2412 { 2413 char *pos_p; 2414 int muxfd; 2415 int muxid_fd; 2416 int ipfd_lowstr; /* IP stream (lower stream of mux) to be plinked */ 2417 int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */ 2418 struct strmodconf mod; 2419 char *at_char = "@"; 2420 char *arg_str; 2421 int orig_arpid; 2422 2423 /* 2424 * We'd return -1, but foreachinterface() doesn't propagate the error 2425 * into the exit status, so we're forced to explicitly exit(). 2426 */ 2427 if (!modcheck(name)) 2428 exit(1); 2429 2430 /* Need to save the original string for -a option. */ 2431 if ((arg_str = malloc(strlen(arg) + 1)) == NULL) { 2432 Perror0("cannot malloc"); 2433 return (-1); 2434 } 2435 (void) strcpy(arg_str, arg); 2436 2437 if (*arg_str == *at_char) { 2438 (void) fprintf(stderr, 2439 "ifconfig: must supply a module name\n"); 2440 exit(1); 2441 } 2442 mod.mod_name = strtok(arg_str, at_char); 2443 if (strlen(mod.mod_name) > FMNAMESZ) { 2444 (void) fprintf(stderr, "ifconfig: module name too long: %s\n", 2445 mod.mod_name); 2446 exit(1); 2447 } 2448 2449 /* 2450 * Need to make sure that the core TCP/IP stack modules are not 2451 * removed. Otherwise, "bad" things can happen. If a module 2452 * is removed and inserted back, it loses its old state. But 2453 * the modules above it still have the old state. E.g. IP assumes 2454 * fast data path while tunnel after re-inserted assumes that it can 2455 * receive M_DATA only in fast data path for which it does not have 2456 * any state. This is a general caveat of _I_REMOVE/_I_INSERT. 2457 */ 2458 if (op == MODREMOVE_OP && 2459 (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 || 2460 strcmp(mod.mod_name, IP_MOD_NAME) == 0)) { 2461 (void) fprintf(stderr, "ifconfig: cannot remove %s\n", 2462 mod.mod_name); 2463 exit(1); 2464 } 2465 2466 if ((pos_p = strtok(NULL, at_char)) == NULL) { 2467 (void) fprintf(stderr, "ifconfig: must supply a position\n"); 2468 exit(1); 2469 } 2470 mod.pos = atoi(pos_p); 2471 2472 if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr, 2473 &orig_arpid) < 0) { 2474 free(arg_str); 2475 return (-1); 2476 } 2477 switch (op) { 2478 case MODINSERT_OP: 2479 if (debug > 0) { 2480 (void) printf("Inserting module %s at %d\n", 2481 mod.mod_name, mod.pos); 2482 } 2483 if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) { 2484 Perror2("fail to insert module", mod.mod_name); 2485 } 2486 break; 2487 case MODREMOVE_OP: 2488 if (debug > 0) { 2489 (void) printf("Removing module %s at %d\n", 2490 mod.mod_name, mod.pos); 2491 } 2492 if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) { 2493 Perror2("fail to remove module", mod.mod_name); 2494 } 2495 break; 2496 default: 2497 /* Should never get to here. */ 2498 (void) fprintf(stderr, "Unknown operation\n"); 2499 break; 2500 } 2501 free(arg_str); 2502 return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr, 2503 orig_arpid)); 2504 } 2505 2506 static int 2507 modify_tun(iptun_params_t *params) 2508 { 2509 dladm_status_t status; 2510 2511 if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, 2512 ¶ms->iptun_param_linkid)) == DLADM_STATUS_OK) 2513 status = dladm_iptun_modify(dlh, params, DLADM_OPT_ACTIVE); 2514 if (status != DLADM_STATUS_OK) 2515 dladmerr_exit(status, name); 2516 return (0); 2517 } 2518 2519 /* 2520 * Set tunnel source address 2521 */ 2522 /* ARGSUSED */ 2523 static int 2524 setiftsrc(char *addr, int64_t param) 2525 { 2526 iptun_params_t params; 2527 2528 params.iptun_param_flags = IPTUN_PARAM_LADDR; 2529 (void) strlcpy(params.iptun_param_laddr, addr, 2530 sizeof (params.iptun_param_laddr)); 2531 return (modify_tun(¶ms)); 2532 } 2533 2534 /* 2535 * Set tunnel destination address 2536 */ 2537 /* ARGSUSED */ 2538 static int 2539 setiftdst(char *addr, int64_t param) 2540 { 2541 iptun_params_t params; 2542 2543 params.iptun_param_flags = IPTUN_PARAM_RADDR; 2544 (void) strlcpy(params.iptun_param_raddr, addr, 2545 sizeof (params.iptun_param_raddr)); 2546 return (modify_tun(¶ms)); 2547 } 2548 2549 static int 2550 set_tun_prop(const char *propname, char *value) 2551 { 2552 dladm_status_t status; 2553 datalink_id_t linkid; 2554 2555 status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid); 2556 if (status == DLADM_STATUS_OK) { 2557 status = dladm_set_linkprop(dlh, linkid, propname, &value, 1, 2558 DLADM_OPT_ACTIVE); 2559 } 2560 if (status != DLADM_STATUS_OK) 2561 dladmerr_exit(status, name); 2562 return (0); 2563 } 2564 2565 /* Set tunnel encapsulation limit. */ 2566 /* ARGSUSED */ 2567 static int 2568 set_tun_encap_limit(char *arg, int64_t param) 2569 { 2570 return (set_tun_prop("encaplimit", arg)); 2571 } 2572 2573 /* Disable encapsulation limit. */ 2574 /* ARGSUSED */ 2575 static int 2576 clr_tun_encap_limit(char *arg, int64_t param) 2577 { 2578 return (set_tun_encap_limit("-1", 0)); 2579 } 2580 2581 /* Set tunnel hop limit. */ 2582 /* ARGSUSED */ 2583 static int 2584 set_tun_hop_limit(char *arg, int64_t param) 2585 { 2586 return (set_tun_prop("hoplimit", arg)); 2587 } 2588 2589 /* Set zone ID */ 2590 static int 2591 setzone(char *arg, int64_t param) 2592 { 2593 zoneid_t zoneid = GLOBAL_ZONEID; 2594 2595 if (param == NEXTARG) { 2596 /* zone must be active */ 2597 if ((zoneid = getzoneidbyname(arg)) == -1) { 2598 (void) fprintf(stderr, 2599 "ifconfig: unknown zone '%s'\n", arg); 2600 exit(1); 2601 } 2602 } 2603 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2604 lifr.lifr_zoneid = zoneid; 2605 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2606 Perror0_exit("SIOCSLIFZONE"); 2607 return (0); 2608 } 2609 2610 /* Put interface into all zones */ 2611 /* ARGSUSED */ 2612 static int 2613 setallzones(char *arg, int64_t param) 2614 { 2615 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2616 lifr.lifr_zoneid = ALL_ZONES; 2617 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2618 Perror0_exit("SIOCSLIFZONE"); 2619 return (0); 2620 } 2621 2622 /* Set source address to use */ 2623 /* ARGSUSED */ 2624 static int 2625 setifsrc(char *arg, int64_t param) 2626 { 2627 uint_t ifindex = 0; 2628 int rval; 2629 2630 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2631 2632 /* 2633 * Argument can be either an interface name or "none". The latter means 2634 * that any previous selection is cleared. 2635 */ 2636 2637 rval = strcmp(arg, name); 2638 if (rval == 0) { 2639 (void) fprintf(stderr, 2640 "ifconfig: Cannot specify same interface for usesrc" 2641 " group\n"); 2642 exit(1); 2643 } 2644 2645 rval = strcmp(arg, NONE_STR); 2646 if (rval != 0) { 2647 if ((ifindex = if_nametoindex(arg)) == 0) { 2648 (void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ); 2649 Perror0_exit("Could not get interface index"); 2650 } 2651 lifr.lifr_index = ifindex; 2652 } else { 2653 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0) 2654 Perror0_exit("Not a valid usesrc consumer"); 2655 lifr.lifr_index = 0; 2656 } 2657 2658 if (debug) 2659 (void) printf("setifsrc: lifr_name %s, lifr_index %d\n", 2660 lifr.lifr_name, lifr.lifr_index); 2661 2662 if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) { 2663 if (rval == 0) 2664 Perror0_exit("Cannot reset usesrc group"); 2665 else 2666 Perror0_exit("Could not set source interface"); 2667 } 2668 2669 return (0); 2670 } 2671 2672 /* 2673 * Print the interface status line associated with `ifname' 2674 */ 2675 static void 2676 ifstatus(const char *ifname) 2677 { 2678 uint64_t flags; 2679 char if_usesrc_name[LIFNAMSIZ]; 2680 char *newbuf; 2681 int n, numifs, rval = 0; 2682 struct lifreq *lifrp; 2683 struct lifsrcof lifs; 2684 2685 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2686 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2687 Perror0_exit("status: SIOCGLIFFLAGS"); 2688 } 2689 flags = lifr.lifr_flags; 2690 2691 /* 2692 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or 2693 * interfaces with IFF_IPV6 set. 2694 */ 2695 if (v4compat) { 2696 flags &= ~IFF_IPV4; 2697 if (flags & IFF_IPV6) 2698 return; 2699 } 2700 2701 (void) printf("%s: ", ifname); 2702 print_flags(flags); 2703 2704 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2705 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 2706 Perror0_exit("status: SIOCGLIFMETRIC"); 2707 } else { 2708 if (lifr.lifr_metric) 2709 (void) printf(" metric %d", lifr.lifr_metric); 2710 } 2711 if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 2712 (void) printf(" mtu %u", lifr.lifr_mtu); 2713 2714 /* don't print index or zone when in compatibility mode */ 2715 if (!v4compat) { 2716 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 2717 (void) printf(" index %d", lifr.lifr_index); 2718 /* 2719 * Stack instances use GLOBAL_ZONEID for IP data structures 2720 * even in the non-global zone. 2721 */ 2722 if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 && 2723 lifr.lifr_zoneid != getzoneid() && 2724 lifr.lifr_zoneid != GLOBAL_ZONEID) { 2725 char zone_name[ZONENAME_MAX]; 2726 2727 if (lifr.lifr_zoneid == ALL_ZONES) { 2728 (void) printf("\n\tall-zones"); 2729 } else if (getzonenamebyid(lifr.lifr_zoneid, zone_name, 2730 sizeof (zone_name)) < 0) { 2731 (void) printf("\n\tzone %d", lifr.lifr_zoneid); 2732 } else { 2733 (void) printf("\n\tzone %s", zone_name); 2734 } 2735 } 2736 } 2737 2738 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) { 2739 lifs.lifs_ifindex = lifr.lifr_index; 2740 2741 /* 2742 * Find the number of interfaces that use this interfaces' 2743 * address as a source address 2744 */ 2745 lifs.lifs_buf = NULL; 2746 lifs.lifs_maxlen = 0; 2747 for (;;) { 2748 /* The first pass will give the bufsize we need */ 2749 rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs); 2750 if (rval < 0) { 2751 if (lifs.lifs_buf != NULL) { 2752 free(lifs.lifs_buf); 2753 lifs.lifs_buf = NULL; 2754 } 2755 lifs.lifs_len = 0; 2756 break; 2757 } 2758 if (lifs.lifs_len <= lifs.lifs_maxlen) 2759 break; 2760 /* Use kernel's size + a small margin to avoid loops */ 2761 lifs.lifs_maxlen = lifs.lifs_len + 2762 5 * sizeof (struct lifreq); 2763 /* For the first pass, realloc acts like malloc */ 2764 newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen); 2765 if (newbuf == NULL) { 2766 if (lifs.lifs_buf != NULL) { 2767 free(lifs.lifs_buf); 2768 lifs.lifs_buf = NULL; 2769 } 2770 lifs.lifs_len = 0; 2771 break; 2772 } 2773 lifs.lifs_buf = newbuf; 2774 } 2775 2776 2777 numifs = lifs.lifs_len / sizeof (struct lifreq); 2778 if (numifs > 0) { 2779 lifrp = lifs.lifs_req; 2780 (void) printf("\n\tsrcof"); 2781 for (n = numifs; n > 0; n--, lifrp++) { 2782 (void) printf(" %s", lifrp->lifr_name); 2783 } 2784 } 2785 2786 if (lifs.lifs_buf != NULL) 2787 free(lifs.lifs_buf); 2788 } 2789 2790 /* Find the interface whose source address this interface uses */ 2791 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 2792 if (lifr.lifr_index != 0) { 2793 if (if_indextoname(lifr.lifr_index, 2794 if_usesrc_name) == NULL) { 2795 (void) printf("\n\tusesrc ifIndex %d", 2796 lifr.lifr_index); 2797 } else { 2798 (void) printf("\n\tusesrc %s", if_usesrc_name); 2799 } 2800 } 2801 } 2802 2803 (void) putchar('\n'); 2804 } 2805 2806 2807 /* 2808 * Print the status of the interface. If an address family was 2809 * specified, show it and it only; otherwise, show them all. 2810 */ 2811 static void 2812 status(void) 2813 { 2814 struct afswtch *p = afp; 2815 uint64_t flags; 2816 datalink_id_t linkid; 2817 2818 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2819 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2820 Perror0_exit("status: SIOCGLIFFLAGS"); 2821 } 2822 2823 flags = lifr.lifr_flags; 2824 2825 /* 2826 * Only print the interface status if the address family matches 2827 * the interface family flag. 2828 */ 2829 if (p != NULL) { 2830 if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) || 2831 ((p->af_af == AF_INET) && (flags & IFF_IPV6))) 2832 return; 2833 } 2834 2835 /* 2836 * In V4 compatibility mode, don't print IFF_IPV6 interfaces. 2837 */ 2838 if (v4compat && (flags & IFF_IPV6)) 2839 return; 2840 2841 ifstatus(name); 2842 2843 if (ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid) == 2844 DLADM_STATUS_OK) 2845 tun_status(linkid); 2846 2847 if (p != NULL) { 2848 (*p->af_status)(1, flags); 2849 } else { 2850 for (p = afs; p->af_name; p++) { 2851 (void) close(s); 2852 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 2853 /* set global af for use in p->af_status */ 2854 af = p->af_af; 2855 if (s == -1) { 2856 Perror0_exit("socket"); 2857 } 2858 (*p->af_status)(0, flags); 2859 } 2860 2861 /* 2862 * Historically, 'ether' has been an address family, 2863 * so print it here. 2864 */ 2865 print_ifether(name); 2866 } 2867 } 2868 2869 /* 2870 * Print the status of the interface in a format that can be used to 2871 * reconfigure the interface later. Code stolen from status() above. 2872 */ 2873 /* ARGSUSED */ 2874 static int 2875 configinfo(char *null, int64_t param) 2876 { 2877 char *cp; 2878 struct afswtch *p = afp; 2879 uint64_t flags; 2880 char lifname[LIFNAMSIZ]; 2881 char if_usesrc_name[LIFNAMSIZ]; 2882 2883 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2884 2885 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2886 Perror0_exit("status: SIOCGLIFFLAGS"); 2887 } 2888 flags = lifr.lifr_flags; 2889 2890 if (debug) { 2891 (void) printf("configinfo: name %s flags 0x%llx af_af %d\n", 2892 name, flags, p != NULL ? p->af_af : -1); 2893 } 2894 2895 /* 2896 * Build the interface name to print (we can't directly use `name' 2897 * because one cannot "plumb" ":0" interfaces). 2898 */ 2899 (void) strlcpy(lifname, name, LIFNAMSIZ); 2900 if ((cp = strchr(lifname, ':')) != NULL && atoi(cp + 1) == 0) 2901 *cp = '\0'; 2902 2903 /* 2904 * if the interface is IPv4 2905 * if we have a IPv6 address family restriction return 2906 * so it won't print 2907 * if we are in IPv4 compatibility mode, clear out IFF_IPV4 2908 * so we don't print it. 2909 */ 2910 if (flags & IFF_IPV4) { 2911 if (p && p->af_af == AF_INET6) 2912 return (-1); 2913 if (v4compat) 2914 flags &= ~IFF_IPV4; 2915 2916 (void) printf("%s inet plumb", lifname); 2917 } else if (flags & IFF_IPV6) { 2918 /* 2919 * else if the interface is IPv6 2920 * if we have a IPv4 address family restriction return 2921 * or we are in IPv4 compatibiltiy mode, return. 2922 */ 2923 if (p && p->af_af == AF_INET) 2924 return (-1); 2925 if (v4compat) 2926 return (-1); 2927 2928 (void) printf("%s inet6 plumb", lifname); 2929 } 2930 2931 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2932 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 2933 Perror0_exit("configinfo: SIOCGLIFMETRIC"); 2934 } else { 2935 if (lifr.lifr_metric) 2936 (void) printf(" metric %d ", lifr.lifr_metric); 2937 } 2938 if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) && 2939 ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 2940 (void) printf(" mtu %d", lifr.lifr_metric); 2941 2942 /* Index only applies to the zeroth interface */ 2943 if (lifnum(name) == 0) { 2944 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 2945 (void) printf(" index %d", lifr.lifr_index); 2946 } 2947 2948 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 2949 if (lifr.lifr_index != 0) { 2950 if (if_indextoname(lifr.lifr_index, 2951 if_usesrc_name) != NULL) { 2952 (void) printf(" usesrc %s", if_usesrc_name); 2953 } 2954 } 2955 } 2956 2957 if (p != NULL) { 2958 (*p->af_configinfo)(1, flags); 2959 } else { 2960 for (p = afs; p->af_name; p++) { 2961 (void) close(s); 2962 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 2963 /* set global af for use in p->af_configinfo */ 2964 af = p->af_af; 2965 if (s == -1) { 2966 Perror0_exit("socket"); 2967 } 2968 (*p->af_configinfo)(0, flags); 2969 } 2970 } 2971 2972 (void) putchar('\n'); 2973 return (0); 2974 } 2975 2976 static void 2977 print_tsec(iptun_params_t *params) 2978 { 2979 ipsec_req_t *ipsr; 2980 2981 (void) printf("\ttunnel security settings "); 2982 if (!(params->iptun_param_flags & IPTUN_PARAM_SECINFO)) { 2983 (void) printf("--> use 'ipsecconf -ln -i %s'", name); 2984 } else { 2985 ipsr = ¶ms->iptun_param_secinfo; 2986 if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) { 2987 (void) printf("ah (%s) ", 2988 rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH)); 2989 } 2990 if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) { 2991 (void) printf("esp (%s", 2992 rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP)); 2993 (void) printf("/%s)", 2994 rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH)); 2995 } 2996 } 2997 (void) printf("\n"); 2998 } 2999 3000 static void 3001 tun_status(datalink_id_t linkid) 3002 { 3003 iptun_params_t params; 3004 char propval[DLADM_PROP_VAL_MAX]; 3005 char *valptr[1]; 3006 uint_t valcnt = 1; 3007 boolean_t tabbed = _B_FALSE; 3008 3009 params.iptun_param_linkid = linkid; 3010 3011 /* If dladm_iptun_getparams() fails, assume we are not a tunnel. */ 3012 assert(dlh_opened); 3013 if (dladm_iptun_getparams(dlh, ¶ms, DLADM_OPT_ACTIVE) != 3014 DLADM_STATUS_OK) 3015 return; 3016 3017 switch (params.iptun_param_type) { 3018 case IPTUN_TYPE_IPV4: 3019 case IPTUN_TYPE_6TO4: 3020 (void) printf("\tinet"); 3021 break; 3022 case IPTUN_TYPE_IPV6: 3023 (void) printf("\tinet6"); 3024 break; 3025 default: 3026 dladmerr_exit(DLADM_STATUS_IPTUNTYPE, name); 3027 break; 3028 } 3029 3030 /* 3031 * There is always a source address. If it hasn't been explicitly 3032 * set, the API will pass back a buffer containing the unspecified 3033 * address. 3034 */ 3035 (void) printf(" tunnel src %s ", params.iptun_param_laddr); 3036 3037 if (params.iptun_param_flags & IPTUN_PARAM_RADDR) 3038 (void) printf("tunnel dst %s\n", params.iptun_param_raddr); 3039 else 3040 (void) putchar('\n'); 3041 3042 if (params.iptun_param_flags & IPTUN_PARAM_IPSECPOL) 3043 print_tsec(¶ms); 3044 3045 valptr[0] = propval; 3046 if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT, "hoplimit", 3047 (char **)valptr, &valcnt) == DLADM_STATUS_OK) { 3048 (void) printf("\ttunnel hop limit %s ", propval); 3049 tabbed = _B_TRUE; 3050 } 3051 3052 if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT, 3053 "encaplimit", (char **)valptr, &valcnt) == DLADM_STATUS_OK) { 3054 uint32_t elim; 3055 3056 if (!tabbed) { 3057 (void) putchar('\t'); 3058 tabbed = _B_TRUE; 3059 } 3060 elim = strtol(propval, NULL, 10); 3061 if (elim > 0) 3062 (void) printf("tunnel encapsulation limit %s", propval); 3063 else 3064 (void) printf("tunnel encapsulation limit disabled"); 3065 } 3066 3067 if (tabbed) 3068 (void) putchar('\n'); 3069 } 3070 3071 static void 3072 in_status(int force, uint64_t flags) 3073 { 3074 struct sockaddr_in *sin, *laddr; 3075 struct sockaddr_in netmask = { AF_INET }; 3076 3077 if (debug) 3078 (void) printf("in_status(%s) flags 0x%llx\n", name, flags); 3079 3080 /* only print status for IPv4 interfaces */ 3081 if (!(flags & IFF_IPV4)) 3082 return; 3083 3084 if (!(flags & IFF_NOLOCAL)) { 3085 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3086 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3087 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3088 errno == ENXIO) { 3089 if (!force) 3090 return; 3091 (void) memset(&lifr.lifr_addr, 0, 3092 sizeof (lifr.lifr_addr)); 3093 } else 3094 Perror0_exit("in_status: SIOCGLIFADDR"); 3095 } 3096 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3097 (void) printf("\tinet %s ", inet_ntoa(sin->sin_addr)); 3098 laddr = sin; 3099 } else { 3100 (void) printf("\tinet "); 3101 } 3102 3103 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3104 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3105 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3106 errno == ENXIO) { 3107 if (!force) 3108 return; 3109 (void) memset(&lifr.lifr_addr, 0, 3110 sizeof (lifr.lifr_addr)); 3111 } else { 3112 Perror0_exit("in_status: SIOCGLIFSUBNET"); 3113 } 3114 } 3115 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3116 if ((flags & IFF_NOLOCAL) || 3117 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3118 (void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr), 3119 lifr.lifr_addrlen); 3120 } 3121 if (sin->sin_family != AF_INET) { 3122 (void) printf("Wrong family: %d\n", sin->sin_family); 3123 } 3124 3125 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3126 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3127 if (errno != EADDRNOTAVAIL) 3128 Perror0_exit("in_status: SIOCGLIFNETMASK"); 3129 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3130 } else 3131 netmask.sin_addr = 3132 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3133 if (flags & IFF_POINTOPOINT) { 3134 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3135 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3136 if (errno == EADDRNOTAVAIL) 3137 (void) memset(&lifr.lifr_addr, 0, 3138 sizeof (lifr.lifr_addr)); 3139 else 3140 Perror0_exit("in_status: SIOCGLIFDSTADDR"); 3141 } 3142 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3143 (void) printf("--> %s ", inet_ntoa(sin->sin_addr)); 3144 } 3145 (void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr)); 3146 if (flags & IFF_BROADCAST) { 3147 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3148 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3149 if (errno == EADDRNOTAVAIL) 3150 (void) memset(&lifr.lifr_addr, 0, 3151 sizeof (lifr.lifr_addr)); 3152 else 3153 Perror0_exit("in_status: SIOCGLIFBRDADDR"); 3154 } 3155 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3156 if (sin->sin_addr.s_addr != 0) { 3157 (void) printf("broadcast %s", 3158 inet_ntoa(sin->sin_addr)); 3159 } 3160 } 3161 /* If there is a groupname, print it for only the physical interface */ 3162 if (strchr(name, ':') == NULL) { 3163 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3164 lifr.lifr_groupname[0] != '\0') { 3165 (void) printf("\n\tgroupname %s", lifr.lifr_groupname); 3166 } 3167 } 3168 (void) putchar('\n'); 3169 } 3170 3171 static void 3172 in6_status(int force, uint64_t flags) 3173 { 3174 char abuf[INET6_ADDRSTRLEN]; 3175 struct sockaddr_in6 *sin6, *laddr6; 3176 3177 if (debug) 3178 (void) printf("in6_status(%s) flags 0x%llx\n", name, flags); 3179 3180 if (!(flags & IFF_IPV6)) 3181 return; 3182 3183 if (!(flags & IFF_NOLOCAL)) { 3184 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3185 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3186 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3187 errno == ENXIO) { 3188 if (!force) 3189 return; 3190 (void) memset(&lifr.lifr_addr, 0, 3191 sizeof (lifr.lifr_addr)); 3192 } else 3193 Perror0_exit("in_status6: SIOCGLIFADDR"); 3194 } 3195 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3196 (void) printf("\tinet6 %s/%d ", 3197 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3198 abuf, sizeof (abuf)), 3199 lifr.lifr_addrlen); 3200 laddr6 = sin6; 3201 } else { 3202 (void) printf("\tinet6 "); 3203 } 3204 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3205 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3206 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3207 errno == ENXIO) { 3208 if (!force) 3209 return; 3210 (void) memset(&lifr.lifr_addr, 0, 3211 sizeof (lifr.lifr_addr)); 3212 } else 3213 Perror0_exit("in_status6: SIOCGLIFSUBNET"); 3214 } 3215 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3216 if ((flags & IFF_NOLOCAL) || 3217 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3218 (void) printf("subnet %s/%d ", 3219 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3220 abuf, sizeof (abuf)), 3221 lifr.lifr_addrlen); 3222 } 3223 if (sin6->sin6_family != AF_INET6) { 3224 (void) printf("Wrong family: %d\n", sin6->sin6_family); 3225 } 3226 if (flags & IFF_POINTOPOINT) { 3227 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3228 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3229 if (errno == EADDRNOTAVAIL) 3230 (void) memset(&lifr.lifr_addr, 0, 3231 sizeof (lifr.lifr_addr)); 3232 else 3233 Perror0_exit("in_status6: SIOCGLIFDSTADDR"); 3234 } 3235 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3236 (void) printf("--> %s ", 3237 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3238 abuf, sizeof (abuf))); 3239 } 3240 if (verbose) { 3241 (void) putchar('\n'); 3242 (void) putchar('\t'); 3243 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3244 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3245 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3246 (void) memset(&lifr.lifr_addr, 0, 3247 sizeof (lifr.lifr_addr)); 3248 else 3249 Perror0_exit("in_status6: SIOCGLIFTOKEN"); 3250 } else { 3251 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3252 (void) printf("token %s/%d ", 3253 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3254 abuf, sizeof (abuf)), 3255 lifr.lifr_addrlen); 3256 } 3257 if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) { 3258 if (errno != EINVAL) { 3259 Perror0_exit("in_status6: SIOCGLIFLNKINFO"); 3260 } 3261 } else { 3262 (void) printf("maxhops %u, reachtime %u ms, " 3263 "reachretrans %u ms, maxmtu %u ", 3264 lifr.lifr_ifinfo.lir_maxhops, 3265 lifr.lifr_ifinfo.lir_reachtime, 3266 lifr.lifr_ifinfo.lir_reachretrans, 3267 lifr.lifr_ifinfo.lir_maxmtu); 3268 } 3269 } 3270 /* If there is a groupname, print it for only the physical interface */ 3271 if (strchr(name, ':') == NULL) { 3272 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3273 lifr.lifr_groupname[0] != '\0') { 3274 (void) printf("\n\tgroupname %s", lifr.lifr_groupname); 3275 } 3276 } 3277 (void) putchar('\n'); 3278 } 3279 3280 static void 3281 in_configinfo(int force, uint64_t flags) 3282 { 3283 struct sockaddr_in *sin, *laddr; 3284 struct sockaddr_in netmask = { AF_INET }; 3285 3286 if (debug) 3287 (void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags); 3288 3289 /* only configinfo info for IPv4 interfaces */ 3290 if (!(flags & IFF_IPV4)) 3291 return; 3292 3293 if (!(flags & IFF_NOLOCAL)) { 3294 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3295 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3296 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3297 errno == ENXIO) { 3298 if (!force) 3299 return; 3300 (void) memset(&lifr.lifr_addr, 0, 3301 sizeof (lifr.lifr_addr)); 3302 } else 3303 Perror0_exit("in_configinfo: SIOCGLIFADDR"); 3304 } 3305 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3306 (void) printf(" set %s ", inet_ntoa(sin->sin_addr)); 3307 laddr = sin; 3308 } 3309 3310 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3311 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3312 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3313 errno == ENXIO) { 3314 if (!force) 3315 return; 3316 (void) memset(&lifr.lifr_addr, 0, 3317 sizeof (lifr.lifr_addr)); 3318 } else { 3319 Perror0_exit("in_configinfo: SIOCGLIFSUBNET"); 3320 } 3321 } 3322 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3323 3324 if ((flags & IFF_NOLOCAL) || 3325 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3326 (void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr), 3327 lifr.lifr_addrlen); 3328 } 3329 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3330 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3331 if (errno != EADDRNOTAVAIL) 3332 Perror0_exit("in_configinfo: SIOCGLIFNETMASK"); 3333 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3334 } else 3335 netmask.sin_addr = 3336 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3337 if (flags & IFF_POINTOPOINT) { 3338 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3339 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3340 if (errno == EADDRNOTAVAIL) 3341 (void) memset(&lifr.lifr_addr, 0, 3342 sizeof (lifr.lifr_addr)); 3343 else 3344 Perror0_exit("in_configinfo: SIOCGLIFDSTADDR"); 3345 } 3346 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3347 (void) printf(" destination %s ", inet_ntoa(sin->sin_addr)); 3348 } 3349 (void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr)); 3350 if (flags & IFF_BROADCAST) { 3351 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3352 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3353 if (errno == EADDRNOTAVAIL) 3354 (void) memset(&lifr.lifr_addr, 0, 3355 sizeof (lifr.lifr_addr)); 3356 else 3357 Perror0_exit("in_configinfo: SIOCGLIFBRDADDR"); 3358 } 3359 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3360 if (sin->sin_addr.s_addr != 0) { 3361 (void) printf(" broadcast %s ", 3362 inet_ntoa(sin->sin_addr)); 3363 } 3364 } 3365 3366 /* If there is a groupname, print it for only the zeroth interface */ 3367 if (lifnum(name) == 0) { 3368 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3369 lifr.lifr_groupname[0] != '\0') { 3370 (void) printf(" group %s ", lifr.lifr_groupname); 3371 } 3372 } 3373 3374 /* Print flags to configure */ 3375 print_config_flags(AF_INET, flags); 3376 } 3377 3378 static void 3379 in6_configinfo(int force, uint64_t flags) 3380 { 3381 char abuf[INET6_ADDRSTRLEN]; 3382 struct sockaddr_in6 *sin6, *laddr6; 3383 3384 if (debug) 3385 (void) printf("in6_configinfo(%s) flags 0x%llx\n", name, 3386 flags); 3387 3388 if (!(flags & IFF_IPV6)) 3389 return; 3390 3391 if (!(flags & IFF_NOLOCAL)) { 3392 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3393 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3394 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3395 errno == ENXIO) { 3396 if (!force) 3397 return; 3398 (void) memset(&lifr.lifr_addr, 0, 3399 sizeof (lifr.lifr_addr)); 3400 } else 3401 Perror0_exit("in6_configinfo: SIOCGLIFADDR"); 3402 } 3403 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3404 (void) printf(" set %s/%d ", 3405 inet_ntop(AF_INET6, &sin6->sin6_addr, abuf, sizeof (abuf)), 3406 lifr.lifr_addrlen); 3407 laddr6 = sin6; 3408 } 3409 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3410 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3411 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3412 errno == ENXIO) { 3413 if (!force) 3414 return; 3415 (void) memset(&lifr.lifr_addr, 0, 3416 sizeof (lifr.lifr_addr)); 3417 } else 3418 Perror0_exit("in6_configinfo: SIOCGLIFSUBNET"); 3419 } 3420 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3421 if ((flags & IFF_NOLOCAL) || 3422 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3423 (void) printf(" subnet %s/%d ", 3424 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3425 abuf, sizeof (abuf)), 3426 lifr.lifr_addrlen); 3427 } 3428 3429 if (flags & IFF_POINTOPOINT) { 3430 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3431 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3432 if (errno == EADDRNOTAVAIL) 3433 (void) memset(&lifr.lifr_addr, 0, 3434 sizeof (lifr.lifr_addr)); 3435 else 3436 Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR"); 3437 } 3438 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3439 (void) printf(" destination %s ", 3440 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3441 abuf, sizeof (abuf))); 3442 } 3443 3444 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3445 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3446 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3447 (void) memset(&lifr.lifr_addr, 0, 3448 sizeof (lifr.lifr_addr)); 3449 else 3450 Perror0_exit("in6_configinfo: SIOCGLIFTOKEN"); 3451 } else { 3452 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3453 (void) printf(" token %s/%d ", 3454 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3455 abuf, sizeof (abuf)), 3456 lifr.lifr_addrlen); 3457 } 3458 3459 /* If there is a groupname, print it for only the zeroth interface */ 3460 if (lifnum(name) == 0) { 3461 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3462 lifr.lifr_groupname[0] != '\0') { 3463 (void) printf(" group %s ", lifr.lifr_groupname); 3464 } 3465 } 3466 3467 /* Print flags to configure */ 3468 print_config_flags(AF_INET6, flags); 3469 } 3470 3471 /* 3472 * We need to plink both the arp-device stream and the arp-ip-device stream. 3473 * However the muxid is stored only in IP. Plumbing 2 streams individually 3474 * is not atomic, and if ifconfig is killed, the resulting plumbing can 3475 * be inconsistent. For eg. if only the arp stream is plumbed, we have lost 3476 * the muxid, and the half-baked plumbing can neither be unplumbed nor 3477 * replumbed, thus requiring a reboot. To avoid the above the following 3478 * scheme is used. 3479 * 3480 * Ifconfig asks IP to enforce atomicity of plumbing the arp and IP streams. 3481 * This is done by pushing arp on to the mux (/dev/udp). ARP adds some 3482 * extra information in the I_PLINK and I_PUNLINK ioctls to let IP know 3483 * that the plumbing/unplumbing has to be done atomically. Ifconfig plumbs 3484 * the IP stream first, and unplumbs it last. The kernel (IP) does not 3485 * allow IP stream to be unplumbed without unplumbing arp stream. Similarly 3486 * it does not allow arp stream to be plumbed before IP stream is plumbed. 3487 * There is no need to use SIOCSLIFMUXID, since the whole operation is atomic, 3488 * and IP uses the info in the I_PLINK message to get the muxid. 3489 * 3490 * a. STREAMS does not allow us to use /dev/ip itself as the mux. So we use 3491 * /dev/udp{,6}. 3492 * b. SIOCGLIFMUXID returns the muxid corresponding to the V4 or V6 stream 3493 * depending on the open i.e. V4 vs V6 open. So we need to use /dev/udp 3494 * or /dev/udp6 for SIOCGLIFMUXID and SIOCSLIFMUXID. 3495 * c. We need to push ARP in order to get the required kernel support for 3496 * atomic plumbings. The actual work done by ARP is explained in arp.c 3497 * Without pushing ARP, we will still be able to plumb/unplumb. But 3498 * it is not atomic, and is supported by the kernel for backward 3499 * compatibility for other utilities like atmifconfig etc. In this case 3500 * the utility must use SIOCSLIFMUXID. 3501 */ 3502 static int 3503 ifplumb(const char *linkname, const char *ifname, boolean_t genppa, int af) 3504 { 3505 int arp_muxid = -1, ip_muxid; 3506 int mux_fd, ip_fd, arp_fd; 3507 int retval; 3508 char *udp_dev_name; 3509 uint64_t flags; 3510 uint_t dlpi_flags; 3511 dlpi_handle_t dh_arp, dh_ip; 3512 3513 /* 3514 * Always dlpi_open() with DLPI_NOATTACH because the IP and ARP module 3515 * will do the attach themselves for DLPI style-2 links. 3516 */ 3517 dlpi_flags = DLPI_NOATTACH; 3518 3519 /* 3520 * If `linkname' is the special token IPMPSTUB, then this is a request 3521 * to create an IPMP interface atop /dev/ipmpstub0. (We can't simply 3522 * pass "ipmpstub0" as `linkname' since an admin *could* have a normal 3523 * vanity-named link named "ipmpstub0" that they'd like to plumb.) 3524 */ 3525 if (linkname == IPMPSTUB) { 3526 linkname = "ipmpstub0"; 3527 dlpi_flags |= DLPI_DEVONLY; 3528 } 3529 3530 retval = dlpi_open(linkname, &dh_ip, dlpi_flags); 3531 if (retval != DLPI_SUCCESS) 3532 Perrdlpi_exit("cannot open link", linkname, retval); 3533 3534 if (debug) { 3535 (void) printf("ifconfig: ifplumb: link %s, ifname %s, " 3536 "genppa %u\n", linkname, ifname, genppa); 3537 } 3538 3539 ip_fd = dlpi_fd(dh_ip); 3540 if (ioctl(ip_fd, I_PUSH, IP_MOD_NAME) == -1) 3541 Perror2_exit("I_PUSH", IP_MOD_NAME); 3542 3543 /* 3544 * Push the ARP module onto the interface stream. IP uses 3545 * this to send resolution requests up to ARP. We need to 3546 * do this before the SLIFNAME ioctl is sent down because 3547 * the interface becomes publicly known as soon as the SLIFNAME 3548 * ioctl completes. Thus some other process trying to bring up 3549 * the interface after SLIFNAME but before we have pushed ARP 3550 * could hang. We pop the module again later if it is not needed. 3551 */ 3552 if (ioctl(ip_fd, I_PUSH, ARP_MOD_NAME) == -1) 3553 Perror2_exit("I_PUSH", ARP_MOD_NAME); 3554 3555 /* 3556 * Prepare to set IFF_IPV4/IFF_IPV6 flags as part of SIOCSLIFNAME. 3557 * (At this point in time the kernel also allows an override of the 3558 * IFF_CANTCHANGE flags.) 3559 */ 3560 lifr.lifr_name[0] = '\0'; 3561 if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1) 3562 Perror0_exit("ifplumb: SIOCGLIFFLAGS"); 3563 3564 if (af == AF_INET6) { 3565 flags = lifr.lifr_flags | IFF_IPV6; 3566 flags &= ~(IFF_BROADCAST | IFF_IPV4); 3567 } else { 3568 flags = lifr.lifr_flags | IFF_IPV4; 3569 flags &= ~IFF_IPV6; 3570 } 3571 3572 /* 3573 * Set the interface name. If we've been asked to generate the PPA, 3574 * then find the lowest available PPA (only currently used for IPMP 3575 * interfaces). Otherwise, use the interface name as-is. 3576 */ 3577 if (genppa) { 3578 int ppa; 3579 3580 /* 3581 * We'd like to just set lifr_ppa to UINT_MAX and have the 3582 * kernel pick a PPA. Unfortunately, that would mishandle 3583 * two cases: 3584 * 3585 * 1. If the PPA is available but the groupname is taken 3586 * (e.g., the "ipmp2" IP interface name is available 3587 * but the "ipmp2" groupname is taken) then the 3588 * auto-assignment by the kernel will fail. 3589 * 3590 * 2. If we're creating (e.g.) an IPv6-only IPMP 3591 * interface, and there's already an IPv4-only IPMP 3592 * interface, the kernel will allow us to accidentally 3593 * reuse the IPv6 IPMP interface name (since 3594 * SIOCSLIFNAME uniqueness is per-interface-type). 3595 * This will cause administrative confusion. 3596 * 3597 * Thus, we instead take a brute-force approach of checking 3598 * whether the IPv4 or IPv6 name is already in-use before 3599 * attempting the SIOCSLIFNAME. As per (1) above, the 3600 * SIOCSLIFNAME may still fail, in which case we just proceed 3601 * to the next one. If this approach becomes too slow, we 3602 * can add a new SIOC* to handle this case in the kernel. 3603 */ 3604 for (ppa = 0; ppa < UINT_MAX; ppa++) { 3605 (void) snprintf(lifr.lifr_name, LIFNAMSIZ, "%s%d", 3606 ifname, ppa); 3607 3608 if (ioctl(s4, SIOCGLIFFLAGS, &lifr) != -1 || 3609 errno != ENXIO) 3610 continue; 3611 3612 if (ioctl(s6, SIOCGLIFFLAGS, &lifr) != -1 || 3613 errno != ENXIO) 3614 continue; 3615 3616 lifr.lifr_ppa = ppa; 3617 lifr.lifr_flags = flags; 3618 retval = ioctl(ip_fd, SIOCSLIFNAME, &lifr); 3619 if (retval != -1 || errno != EEXIST) 3620 break; 3621 } 3622 } else { 3623 ifspec_t ifsp; 3624 3625 /* 3626 * The interface name could have come from the command-line; 3627 * check it. 3628 */ 3629 if (!ifparse_ifspec(ifname, &ifsp) || ifsp.ifsp_lunvalid) 3630 Perror2_exit("invalid IP interface name", ifname); 3631 3632 /* 3633 * Before we call SIOCSLIFNAME, ensure that the IPMP group 3634 * interface for this address family exists. Otherwise, the 3635 * kernel will kick the interface out of the group when we do 3636 * the SIOCSLIFNAME. 3637 * 3638 * Example: suppose bge0 is plumbed for IPv4 and in group "a". 3639 * If we're now plumbing bge0 for IPv6, but the IPMP group 3640 * interface for "a" is not plumbed for IPv6, the SIOCSLIFNAME 3641 * will kick bge0 out of group "a", which is undesired. 3642 */ 3643 if (create_ipmp_peer(af, ifname) == -1) { 3644 (void) fprintf(stderr, "ifconfig: warning: cannot " 3645 "create %s IPMP group; %s will be removed from " 3646 "group\n", af == AF_INET ? "IPv4" : "IPv6", ifname); 3647 } 3648 3649 lifr.lifr_ppa = ifsp.ifsp_ppa; 3650 lifr.lifr_flags = flags; 3651 (void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ); 3652 retval = ioctl(ip_fd, SIOCSLIFNAME, &lifr); 3653 } 3654 3655 if (retval == -1) { 3656 if (errno != EEXIST) 3657 Perror0_exit("SIOCSLIFNAME for ip"); 3658 /* 3659 * This difference between the way we behave for EEXIST 3660 * and that with other errors exists to preserve legacy 3661 * behaviour. Earlier when foreachinterface() and matchif() 3662 * were doing the duplicate interface name checks, for 3663 * already existing interfaces, inetplumb() returned "0". 3664 * To preserve this behaviour, Perror0() and return are 3665 * called for EEXIST. 3666 */ 3667 Perror0("SIOCSLIFNAME for ip"); 3668 return (-1); 3669 } 3670 3671 /* Get the full set of existing flags for this stream */ 3672 if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1) 3673 Perror0_exit("ifplumb: SIOCGLIFFLAGS"); 3674 3675 if (debug) { 3676 (void) printf("ifconfig: ifplumb: %s got flags:\n", 3677 lifr.lifr_name); 3678 print_flags(lifr.lifr_flags); 3679 (void) putchar('\n'); 3680 } 3681 3682 /* Check if arp is not actually needed */ 3683 if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) { 3684 if (ioctl(ip_fd, I_POP, 0) == -1) 3685 Perror2_exit("I_POP", ARP_MOD_NAME); 3686 } 3687 3688 /* 3689 * Open "/dev/udp" for use as a multiplexor to PLINK the 3690 * interface stream under. We use "/dev/udp" instead of "/dev/ip" 3691 * since STREAMS will not let you PLINK a driver under itself, 3692 * and "/dev/ip" is typically the driver at the bottom of 3693 * the stream for tunneling interfaces. 3694 */ 3695 if (af == AF_INET6) 3696 udp_dev_name = UDP6_DEV_NAME; 3697 else 3698 udp_dev_name = UDP_DEV_NAME; 3699 if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1) 3700 exit(EXIT_FAILURE); 3701 3702 /* Check if arp is not needed */ 3703 if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) { 3704 /* 3705 * PLINK the interface stream so that ifconfig can exit 3706 * without tearing down the stream. 3707 */ 3708 if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) 3709 Perror0_exit("I_PLINK for ip"); 3710 (void) close(mux_fd); 3711 return (lifr.lifr_ppa); 3712 } 3713 3714 /* 3715 * This interface does use ARP, so set up a separate stream 3716 * from the interface to ARP. 3717 */ 3718 if (debug) 3719 (void) printf("ifconfig: ifplumb: interface %s", ifname); 3720 3721 retval = dlpi_open(linkname, &dh_arp, dlpi_flags); 3722 if (retval != DLPI_SUCCESS) 3723 Perrdlpi_exit("cannot open link", linkname, retval); 3724 3725 arp_fd = dlpi_fd(dh_arp); 3726 if (ioctl(arp_fd, I_PUSH, ARP_MOD_NAME) == -1) 3727 Perror2_exit("I_PUSH", ARP_MOD_NAME); 3728 3729 /* 3730 * Tell ARP the name and unit number for this interface. 3731 * Note that arp has no support for transparent ioctls. 3732 */ 3733 if (strioctl(arp_fd, SIOCSLIFNAME, &lifr, sizeof (lifr)) == -1) { 3734 if (errno != EEXIST) 3735 Perror0_exit("SIOCSLIFNAME for arp"); 3736 Perror0("SIOCSLIFNAME for arp"); 3737 goto out; 3738 } 3739 3740 /* 3741 * PLINK the IP and ARP streams so that ifconfig can exit 3742 * without tearing down the stream. 3743 */ 3744 if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) 3745 Perror0_exit("I_PLINK for ip"); 3746 if ((arp_muxid = ioctl(mux_fd, I_PLINK, arp_fd)) == -1) { 3747 (void) ioctl(mux_fd, I_PUNLINK, ip_muxid); 3748 Perror0_exit("I_PLINK for arp"); 3749 } 3750 3751 if (debug) 3752 (void) printf("arp muxid = %d\n", arp_muxid); 3753 out: 3754 dlpi_close(dh_ip); 3755 dlpi_close(dh_arp); 3756 (void) close(mux_fd); 3757 return (lifr.lifr_ppa); 3758 } 3759 3760 /* 3761 * If this is a physical interface then remove it. 3762 * If it is a logical interface name use SIOCLIFREMOVEIF to 3763 * remove it. In both cases fail if it doesn't exist. 3764 */ 3765 /* ARGSUSED */ 3766 static int 3767 inetunplumb(char *arg, int64_t param) 3768 { 3769 int ip_muxid, arp_muxid; 3770 int mux_fd; 3771 int muxid_fd; 3772 char *udp_dev_name; 3773 char *strptr; 3774 uint64_t flags; 3775 boolean_t changed_arp_muxid = _B_FALSE; 3776 int save_errno; 3777 boolean_t v6 = (afp->af_af == AF_INET6); 3778 3779 strptr = strchr(name, ':'); 3780 if (strptr != NULL || strcmp(name, LOOPBACK_IF) == 0) { 3781 /* Can't unplumb logical interface zero */ 3782 if (strptr != NULL && strcmp(strptr, ":0") == 0) { 3783 (void) fprintf(stderr, "ifconfig: unplumb:" 3784 " Cannot unplumb %s: Invalid interface\n", name); 3785 exit(1); 3786 } 3787 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3788 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3789 3790 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) 3791 Perror0_exit("unplumb: SIOCLIFREMOVEIF"); 3792 return (0); 3793 } 3794 3795 /* 3796 * We used /dev/udp or udp6 to set up the mux. So we have to use 3797 * the same now for PUNLINK also. 3798 */ 3799 if (v6) 3800 udp_dev_name = UDP6_DEV_NAME; 3801 else 3802 udp_dev_name = UDP_DEV_NAME; 3803 3804 if ((muxid_fd = open(udp_dev_name, O_RDWR)) == -1) 3805 exit(EXIT_FAILURE); 3806 3807 if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1) 3808 exit(EXIT_FAILURE); 3809 3810 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3811 if (ioctl(muxid_fd, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 3812 Perror0_exit("unplumb: SIOCGLIFFLAGS"); 3813 } 3814 flags = lifr.lifr_flags; 3815 again: 3816 if (flags & IFF_IPMP) { 3817 lifgroupinfo_t lifgr; 3818 ifaddrlistx_t *ifaddrs, *ifaddrp; 3819 3820 /* 3821 * There are two reasons the I_PUNLINK can fail with EBUSY: 3822 * (1) if IP interfaces are in the group, or (2) if IPMP data 3823 * addresses are administratively up. For case (1), we fail 3824 * here with a specific error message. For case (2), we bring 3825 * down the addresses prior to doing the I_PUNLINK. If the 3826 * I_PUNLINK still fails with EBUSY then the configuration 3827 * must have changed after our checks, in which case we branch 3828 * back up to `again' and rerun this logic. The net effect is 3829 * that unplumbing an IPMP interface will only fail with EBUSY 3830 * if IP interfaces are in the group. 3831 */ 3832 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) == -1) 3833 Perror0_exit("unplumb: SIOCGLIFGROUPNAME"); 3834 3835 (void) strlcpy(lifgr.gi_grname, lifr.lifr_groupname, 3836 LIFGRNAMSIZ); 3837 if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) 3838 Perror0_exit("unplumb: SIOCGLIFGROUPINFO"); 3839 3840 if ((v6 && lifgr.gi_nv6 != 0) || (!v6 && lifgr.gi_nv4 != 0)) { 3841 (void) fprintf(stderr, "ifconfig: %s: cannot unplumb:" 3842 " IPMP group is not empty\n", name); 3843 exit(1); 3844 } 3845 3846 /* 3847 * The kernel will fail the I_PUNLINK if the IPMP interface 3848 * has administratively up addresses; bring 'em down. 3849 */ 3850 if (ifaddrlistx(name, IFF_UP|IFF_DUPLICATE, 0, &ifaddrs) == -1) 3851 Perror2_exit(name, "cannot get address list"); 3852 3853 ifaddrp = ifaddrs; 3854 for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 3855 if (((ifaddrp->ia_flags & IFF_IPV6) && !v6) || 3856 (!(ifaddrp->ia_flags & IFF_IPV6) && v6)) 3857 continue; 3858 3859 if (!ifaddr_down(ifaddrp)) { 3860 Perror2_exit(ifaddrp->ia_name, 3861 "cannot bring down"); 3862 } 3863 } 3864 ifaddrlistx_free(ifaddrs); 3865 } 3866 3867 if (ioctl(muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 3868 Perror0_exit("unplumb: SIOCGLIFMUXID"); 3869 } 3870 arp_muxid = lifr.lifr_arp_muxid; 3871 ip_muxid = lifr.lifr_ip_muxid; 3872 /* 3873 * We don't have a good way of knowing whether the arp stream is 3874 * plumbed. We can't rely on IFF_NOARP because someone could 3875 * have turned it off later using "ifconfig xxx -arp". 3876 */ 3877 if (arp_muxid != 0) { 3878 if (debug) 3879 (void) printf("arp_muxid %d\n", arp_muxid); 3880 if (ioctl(mux_fd, I_PUNLINK, arp_muxid) < 0) { 3881 /* 3882 * See the comment before the SIOCGLIFGROUPNAME call. 3883 */ 3884 if (errno == EBUSY && (flags & IFF_IPMP)) 3885 goto again; 3886 3887 if ((errno == EINVAL) && 3888 (flags & (IFF_NOARP | IFF_IPV6))) { 3889 /* 3890 * Some plumbing utilities set the muxid to 3891 * -1 or some invalid value to signify that 3892 * there is no arp stream. Set the muxid to 0 3893 * before trying to unplumb the IP stream. 3894 * IP does not allow the IP stream to be 3895 * unplumbed if it sees a non-null arp muxid, 3896 * for consistency of IP-ARP streams. 3897 */ 3898 lifr.lifr_arp_muxid = 0; 3899 (void) ioctl(muxid_fd, SIOCSLIFMUXID, 3900 (caddr_t)&lifr); 3901 changed_arp_muxid = _B_TRUE; 3902 } else { 3903 Perror0("I_PUNLINK for arp"); 3904 } 3905 } 3906 } 3907 if (debug) 3908 (void) printf("ip_muxid %d\n", ip_muxid); 3909 3910 if (ioctl(mux_fd, I_PUNLINK, ip_muxid) < 0) { 3911 if (changed_arp_muxid) { 3912 /* 3913 * Some error occurred, and we need to restore 3914 * everything back to what it was. 3915 */ 3916 save_errno = errno; 3917 lifr.lifr_arp_muxid = arp_muxid; 3918 lifr.lifr_ip_muxid = ip_muxid; 3919 (void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 3920 errno = save_errno; 3921 } 3922 3923 /* 3924 * See the comment before the SIOCGLIFGROUPNAME call. 3925 */ 3926 if (errno == EBUSY && (flags & IFF_IPMP)) 3927 goto again; 3928 3929 Perror0_exit("I_PUNLINK for ip"); 3930 } 3931 (void) close(mux_fd); 3932 (void) close(muxid_fd); 3933 return (0); 3934 } 3935 3936 /* 3937 * If this is a physical interface then create it unless it is already 3938 * present. If it is a logical interface name use SIOCLIFADDIF to 3939 * create and (and fail it if already exists.) 3940 * As a special case send SIOCLIFADDIF for the loopback interface. This 3941 * is needed since there is no other notion of plumbing the loopback 3942 * interface. 3943 */ 3944 /* ARGSUSED */ 3945 static int 3946 inetplumb(char *arg, int64_t param) 3947 { 3948 char *strptr; 3949 boolean_t islo; 3950 zoneid_t zoneid; 3951 datalink_id_t linkid; 3952 3953 strptr = strchr(name, ':'); 3954 islo = (strcmp(name, LOOPBACK_IF) == 0); 3955 3956 if (strptr != NULL || islo) { 3957 (void) memset(&lifr, 0, sizeof (lifr)); 3958 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3959 if (islo && ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) { 3960 if (debug) { 3961 (void) fprintf(stderr, 3962 "ifconfig: %s already exists\n", name); 3963 } 3964 return (0); 3965 } 3966 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) { 3967 if (errno == EEXIST) { 3968 if (debug) { 3969 (void) fprintf(stderr, 3970 "ifconfig: %s already exists\n", 3971 name); 3972 } 3973 } else { 3974 Perror2_exit("plumb: SIOCLIFADDIF", name); 3975 } 3976 } 3977 return (0); 3978 } 3979 3980 /* 3981 * If we're in the global zone and we're plumbing a datalink, make 3982 * sure that the datalink is not assigned to a non-global zone. Note 3983 * that the non-global zones don't need this check, because zoneadm 3984 * has taken care of this when the zones boot. 3985 */ 3986 zoneid = getzoneid(); 3987 if (zoneid == GLOBAL_ZONEID && 3988 ifconfig_dladm_open(name, DATALINK_CLASS_ALL, &linkid) == 3989 DLADM_STATUS_OK) { 3990 int ret; 3991 3992 zoneid = ALL_ZONES; 3993 ret = zone_check_datalink(&zoneid, linkid); 3994 if (ret == 0) { 3995 char zonename[ZONENAME_MAX]; 3996 3997 (void) getzonenamebyid(zoneid, zonename, ZONENAME_MAX); 3998 (void) fprintf(stderr, "%s is used by non-global" 3999 "zone: %s\n", name, zonename); 4000 return (1); 4001 } 4002 } 4003 4004 if (debug) 4005 (void) printf("inetplumb: %s af %d\n", name, afp->af_af); 4006 4007 (void) ifplumb(name, name, _B_FALSE, afp->af_af); 4008 return (0); 4009 } 4010 4011 /* ARGSUSED */ 4012 static int 4013 inetipmp(char *arg, int64_t param) 4014 { 4015 int retval; 4016 4017 /* 4018 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb". 4019 * Otherwise, try to create the requested IPMP interface. 4020 */ 4021 if (strchr(name, ':') != NULL) 4022 retval = inetplumb(arg, param); 4023 else 4024 retval = create_ipmp(name, afp->af_af, name, _B_FALSE); 4025 4026 /* 4027 * We'd return -1, but foreachinterface() doesn't propagate the error 4028 * into the exit status, so we're forced to explicitly exit(). 4029 */ 4030 if (retval == -1) 4031 exit(1); 4032 return (0); 4033 } 4034 4035 /* 4036 * Create an IPMP group `grname' with address family `af'. If `ifname' is 4037 * non-NULL, it specifies the interface name to use. Otherwise, use the name 4038 * ipmpN, where N corresponds to the lowest available integer. If `implicit' 4039 * is set, then the group is being created as a side-effect of placing an 4040 * underlying interface in a group. Also start in.mpathd if necessary. 4041 */ 4042 static int 4043 create_ipmp(const char *grname, int af, const char *ifname, boolean_t implicit) 4044 { 4045 int ppa; 4046 static int ipmp_daemon_started; 4047 4048 if (debug) { 4049 (void) printf("create_ipmp: ifname %s grname %s af %d\n", 4050 ifname != NULL ? ifname : "NULL", grname, af); 4051 } 4052 4053 if (ifname != NULL) 4054 ppa = ifplumb(IPMPSTUB, ifname, _B_FALSE, af); 4055 else 4056 ppa = ifplumb(IPMPSTUB, "ipmp", _B_TRUE, af); 4057 4058 if (ppa == -1) { 4059 Perror2(grname, "cannot create IPMP interface"); 4060 return (-1); 4061 } 4062 4063 if (ifname != NULL) 4064 (void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ); 4065 else 4066 (void) snprintf(lifr.lifr_name, LIFNAMSIZ, "ipmp%d", ppa); 4067 4068 /* 4069 * To preserve backward-compatibility, always bring up the link-local 4070 * address for implicitly-created IPv6 IPMP interfaces. 4071 */ 4072 if (implicit && af == AF_INET6) { 4073 if (ioctl(s6, SIOCGLIFFLAGS, &lifr) == 0) { 4074 lifr.lifr_flags |= IFF_UP; 4075 (void) ioctl(s6, SIOCSLIFFLAGS, &lifr); 4076 } 4077 } 4078 4079 /* 4080 * If the caller requested a different group name, issue a 4081 * SIOCSLIFGROUPNAME on the new IPMP interface. 4082 */ 4083 if (strcmp(lifr.lifr_name, grname) != 0) { 4084 (void) strlcpy(lifr.lifr_groupname, grname, LIFGRNAMSIZ); 4085 if (ioctl(s, SIOCSLIFGROUPNAME, &lifr) == -1) { 4086 Perror0("SIOCSLIFGROUPNAME"); 4087 return (-1); 4088 } 4089 } 4090 4091 /* 4092 * If we haven't done so yet, ensure in.mpathd is started. 4093 */ 4094 if (ipmp_daemon_started++ == 0) 4095 start_ipmp_daemon(); 4096 4097 return (0); 4098 } 4099 4100 /* 4101 * Check if `ifname' is plumbed and in an IPMP group on its "other" address 4102 * family. If so, create a matching IPMP group for address family `af'. 4103 */ 4104 static int 4105 create_ipmp_peer(int af, const char *ifname) 4106 { 4107 int fd; 4108 lifgroupinfo_t lifgr; 4109 4110 assert(af == AF_INET || af == AF_INET6); 4111 4112 /* 4113 * Get the socket for the "other" address family. 4114 */ 4115 fd = (af == AF_INET) ? s6 : s4; 4116 4117 (void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ); 4118 if (ioctl(fd, SIOCGLIFGROUPNAME, &lifr) != 0) 4119 return (0); 4120 4121 (void) strlcpy(lifgr.gi_grname, lifr.lifr_groupname, LIFGRNAMSIZ); 4122 if (ioctl(fd, SIOCGLIFGROUPINFO, &lifgr) != 0) 4123 return (0); 4124 4125 /* 4126 * If `ifname' *is* the IPMP group interface, or if the relevant 4127 * address family is already configured, then there's nothing to do. 4128 */ 4129 if (strcmp(lifgr.gi_grifname, ifname) == 0 || 4130 (af == AF_INET && lifgr.gi_v4) || (af == AF_INET6 && lifgr.gi_v6)) 4131 return (0); 4132 4133 return (create_ipmp(lifgr.gi_grname, af, lifgr.gi_grifname, _B_TRUE)); 4134 } 4135 4136 /* 4137 * Start in.mpathd if it's not already running. 4138 */ 4139 static void 4140 start_ipmp_daemon(void) 4141 { 4142 int retval; 4143 ipmp_handle_t ipmp_handle; 4144 4145 /* 4146 * Ping in.mpathd to see if it's running already. 4147 */ 4148 if ((retval = ipmp_open(&ipmp_handle)) != IPMP_SUCCESS) { 4149 (void) fprintf(stderr, "ifconfig: cannot create IPMP handle: " 4150 "%s\n", ipmp_errmsg(retval)); 4151 return; 4152 } 4153 4154 retval = ipmp_ping_daemon(ipmp_handle); 4155 ipmp_close(ipmp_handle); 4156 4157 switch (retval) { 4158 case IPMP_ENOMPATHD: 4159 break; 4160 case IPMP_SUCCESS: 4161 return; 4162 default: 4163 (void) fprintf(stderr, "ifconfig: cannot ping in.mpathd: %s\n", 4164 ipmp_errmsg(retval)); 4165 break; 4166 } 4167 4168 /* 4169 * Start in.mpathd. Note that in.mpathd will handle multiple 4170 * incarnations (ipmp_ping_daemon() is just an optimization) so we 4171 * don't need to worry about racing with another ifconfig process. 4172 */ 4173 switch (fork()) { 4174 case -1: 4175 Perror0_exit("start_ipmp_daemon: fork"); 4176 /* NOTREACHED */ 4177 case 0: 4178 (void) execl(MPATHD_PATH, MPATHD_PATH, NULL); 4179 _exit(1); 4180 /* NOTREACHED */ 4181 default: 4182 break; 4183 } 4184 } 4185 4186 /* 4187 * Bring the address named by `ifaddrp' up or down. Doesn't trust any mutable 4188 * values in ia_flags since they may be stale. 4189 */ 4190 static boolean_t 4191 ifaddr_op(ifaddrlistx_t *ifaddrp, boolean_t up) 4192 { 4193 struct lifreq lifrl; /* Local lifreq struct */ 4194 int fd = (ifaddrp->ia_flags & IFF_IPV4) ? s4 : s6; 4195 4196 (void) memset(&lifrl, 0, sizeof (lifrl)); 4197 (void) strlcpy(lifrl.lifr_name, ifaddrp->ia_name, LIFNAMSIZ); 4198 if (ioctl(fd, SIOCGLIFFLAGS, &lifrl) == -1) 4199 return (_B_FALSE); 4200 4201 if (up) 4202 lifrl.lifr_flags |= IFF_UP; 4203 else 4204 lifrl.lifr_flags &= ~IFF_UP; 4205 4206 if (ioctl(fd, SIOCSLIFFLAGS, &lifrl) == -1) 4207 return (_B_FALSE); 4208 4209 /* 4210 * If we're trying to bring the address down, ensure that DAD activity 4211 * (observable by IFF_DUPLICATE) has also been stopped. 4212 */ 4213 if (!up && ioctl(fd, SIOCGLIFFLAGS, &lifrl) != -1 && 4214 lifrl.lifr_flags & IFF_DUPLICATE) { 4215 if (ioctl(fd, SIOCGLIFADDR, &lifrl) == -1 || 4216 ioctl(fd, SIOCSLIFADDR, &lifrl) == -1) { 4217 return (_B_FALSE); 4218 } 4219 } 4220 return (_B_TRUE); 4221 } 4222 4223 static boolean_t 4224 ifaddr_up(ifaddrlistx_t *ifaddrp) 4225 { 4226 return (ifaddr_op(ifaddrp, _B_TRUE)); 4227 } 4228 4229 static boolean_t 4230 ifaddr_down(ifaddrlistx_t *ifaddrp) 4231 { 4232 return (ifaddr_op(ifaddrp, _B_FALSE)); 4233 } 4234 4235 /* 4236 * Open the global libdladm handle "dlh" if it isn't already opened. The 4237 * caller may optionally supply a link name to obtain its linkid. If a link 4238 * of a specific class or classes is required, reqclass specifies the class 4239 * mask. 4240 */ 4241 static dladm_status_t 4242 ifconfig_dladm_open(const char *name, datalink_class_t reqclass, 4243 datalink_id_t *linkid) 4244 { 4245 dladm_status_t status = DLADM_STATUS_OK; 4246 datalink_class_t class; 4247 4248 if (!dlh_opened) { 4249 if ((status = dladm_open(&dlh)) != DLADM_STATUS_OK) 4250 return (status); 4251 dlh_opened = _B_TRUE; 4252 } 4253 if (name != NULL) { 4254 status = dladm_name2info(dlh, name, linkid, NULL, &class, NULL); 4255 if (status == DLADM_STATUS_OK) { 4256 if (!(class & reqclass)) 4257 status = DLADM_STATUS_LINKINVAL; 4258 } 4259 } 4260 return (status); 4261 } 4262 4263 void 4264 dladmerr_exit(dladm_status_t status, const char *str) 4265 { 4266 char errstr[DLADM_STRSIZE]; 4267 4268 (void) fprintf(stderr, "%s: %s\n", str, 4269 dladm_status2str(status, errstr)); 4270 exit(1); 4271 } 4272 4273 void 4274 Perror0(const char *cmd) 4275 { 4276 Perror2(cmd, lifr.lifr_name); 4277 } 4278 4279 void 4280 Perror0_exit(const char *cmd) 4281 { 4282 Perror0(cmd); 4283 exit(1); 4284 } 4285 4286 void 4287 Perror2(const char *cmd, const char *str) 4288 { 4289 int error = errno; 4290 4291 (void) fprintf(stderr, "ifconfig: %s: ", cmd); 4292 4293 switch (error) { 4294 case ENXIO: 4295 (void) fprintf(stderr, "%s: no such interface\n", str); 4296 break; 4297 case EPERM: 4298 (void) fprintf(stderr, "%s: permission denied\n", str); 4299 break; 4300 case EEXIST: 4301 (void) fprintf(stderr, "%s: already exists\n", str); 4302 break; 4303 default: 4304 errno = error; 4305 perror(str); 4306 } 4307 } 4308 4309 /* 4310 * Print out error message (Perror2()) and exit 4311 */ 4312 void 4313 Perror2_exit(const char *cmd, const char *str) 4314 { 4315 Perror2(cmd, str); 4316 exit(1); 4317 /* NOTREACHED */ 4318 } 4319 4320 void 4321 Perrdlpi(const char *cmd, const char *linkname, int err) 4322 { 4323 (void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd, 4324 linkname, dlpi_strerror(err)); 4325 } 4326 4327 /* 4328 * Print out error message (Perrdlpi()) and exit 4329 */ 4330 void 4331 Perrdlpi_exit(const char *cmd, const char *linkname, int err) 4332 { 4333 Perrdlpi(cmd, linkname, err); 4334 exit(1); 4335 } 4336 4337 /* 4338 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4339 * pass out <n> in *plenp. 4340 * If <n> doesn't parse return BAD_ADDR as *plenp. 4341 * If no /<n> is present return NO_PREFIX as *plenp. 4342 */ 4343 static void 4344 in_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4345 { 4346 /* LINTED: alignment */ 4347 struct sockaddr_in *sin = (struct sockaddr_in *)saddr; 4348 struct hostent *hp; 4349 struct netent *np; 4350 char str[BUFSIZ]; 4351 int error_num; 4352 4353 (void) strncpy(str, s, sizeof (str)); 4354 4355 /* 4356 * Look for '/'<n> is plenp 4357 */ 4358 if (plenp != NULL) { 4359 char *cp; 4360 4361 *plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS); 4362 if (*plenp == BAD_ADDR) 4363 return; 4364 cp = strchr(str, '/'); 4365 if (cp != NULL) 4366 *cp = '\0'; 4367 } else if (strchr(str, '/') != NULL) { 4368 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4369 exit(1); 4370 } 4371 4372 (void) memset(sin, 0, sizeof (*sin)); 4373 4374 /* 4375 * Try to catch attempts to set the broadcast address to all 1's. 4376 */ 4377 if (strcmp(str, "255.255.255.255") == 0 || 4378 (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) { 4379 sin->sin_family = AF_INET; 4380 sin->sin_addr.s_addr = 0xffffffff; 4381 return; 4382 } 4383 4384 hp = getipnodebyname(str, AF_INET, 0, &error_num); 4385 if (hp) { 4386 sin->sin_family = hp->h_addrtype; 4387 (void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length); 4388 freehostent(hp); 4389 return; 4390 } 4391 np = getnetbyname(str); 4392 if (np) { 4393 sin->sin_family = np->n_addrtype; 4394 sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY); 4395 return; 4396 } 4397 if (error_num == TRY_AGAIN) { 4398 (void) fprintf(stderr, "ifconfig: %s: bad address " 4399 "(try again later)\n", s); 4400 } else { 4401 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4402 } 4403 exit(1); 4404 } 4405 4406 /* 4407 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4408 * pass out <n> in *plenp. 4409 * If <n> doesn't parse return BAD_ADDR as *plenp. 4410 * If no /<n> is present return NO_PREFIX as *plenp. 4411 */ 4412 static void 4413 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4414 { 4415 /* LINTED: alignment */ 4416 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr; 4417 struct hostent *hp; 4418 char str[BUFSIZ]; 4419 int error_num; 4420 4421 (void) strncpy(str, s, sizeof (str)); 4422 4423 /* 4424 * Look for '/'<n> is plenp 4425 */ 4426 if (plenp != NULL) { 4427 char *cp; 4428 4429 *plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS); 4430 if (*plenp == BAD_ADDR) 4431 return; 4432 cp = strchr(str, '/'); 4433 if (cp != NULL) 4434 *cp = '\0'; 4435 } else if (strchr(str, '/') != NULL) { 4436 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4437 exit(1); 4438 } 4439 4440 (void) memset(sin6, 0, sizeof (*sin6)); 4441 4442 hp = getipnodebyname(str, AF_INET6, 0, &error_num); 4443 if (hp) { 4444 sin6->sin6_family = hp->h_addrtype; 4445 (void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length); 4446 freehostent(hp); 4447 return; 4448 } 4449 if (error_num == TRY_AGAIN) { 4450 (void) fprintf(stderr, "ifconfig: %s: bad address " 4451 "(try again later)\n", s); 4452 } else { 4453 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4454 } 4455 exit(1); 4456 } 4457 4458 /* 4459 * If "slash" is zero this parses the whole string as 4460 * an integer. With "slash" non zero it parses the tail part as an integer. 4461 * 4462 * If it is not a valid integer this returns BAD_ADDR. 4463 * If there is /<n> present this returns NO_PREFIX. 4464 */ 4465 static int 4466 in_getprefixlen(char *addr, boolean_t slash, int max_plen) 4467 { 4468 int prefixlen; 4469 char *str, *end; 4470 4471 if (slash) { 4472 str = strchr(addr, '/'); 4473 if (str == NULL) 4474 return (NO_PREFIX); 4475 str++; 4476 } else 4477 str = addr; 4478 4479 prefixlen = strtol(str, &end, 10); 4480 if (prefixlen < 0) 4481 return (BAD_ADDR); 4482 if (str == end) 4483 return (BAD_ADDR); 4484 if (max_plen != 0 && max_plen < prefixlen) 4485 return (BAD_ADDR); 4486 return (prefixlen); 4487 } 4488 4489 /* 4490 * Convert a prefix length to a mask. 4491 * Returns 1 if ok. 0 otherwise. 4492 * Assumes the mask array is zero'ed by the caller. 4493 */ 4494 static boolean_t 4495 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask) 4496 { 4497 if (prefixlen < 0 || prefixlen > maxlen) 4498 return (0); 4499 4500 while (prefixlen > 0) { 4501 if (prefixlen >= 8) { 4502 *mask++ = 0xFF; 4503 prefixlen -= 8; 4504 continue; 4505 } 4506 *mask |= 1 << (8 - prefixlen); 4507 prefixlen--; 4508 } 4509 return (1); 4510 } 4511 4512 static void 4513 print_flags(uint64_t flags) 4514 { 4515 boolean_t first = _B_TRUE; 4516 int cnt, i; 4517 4518 (void) printf("flags=%llx", flags); 4519 cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t); 4520 for (i = 0; i < cnt; i++) { 4521 if (flags & if_flags_tbl[i].iff_value) { 4522 if (first) { 4523 (void) printf("<"); 4524 first = _B_FALSE; 4525 } else { 4526 /* 4527 * It has to be here and not with the 4528 * printf below because for the last one, 4529 * we don't want a comma before the ">". 4530 */ 4531 (void) printf(","); 4532 } 4533 (void) printf("%s", if_flags_tbl[i].iff_name); 4534 } 4535 } 4536 if (!first) 4537 (void) printf(">"); 4538 } 4539 4540 static void 4541 print_config_flags(int af, uint64_t flags) 4542 { 4543 if_config_cmd_t *cmdp; 4544 4545 for (cmdp = if_config_cmd_tbl; cmdp->iff_flag != 0; cmdp++) { 4546 if ((flags & cmdp->iff_flag) && 4547 (cmdp->iff_af == AF_UNSPEC || cmdp->iff_af == af)) { 4548 (void) printf("%s ", cmdp->iff_name); 4549 } 4550 } 4551 } 4552 4553 /* 4554 * Use the configured directory lookup mechanism (e.g. files/NIS/NIS+/...) 4555 * to find the network mask. Returns true if we found one to set. 4556 * 4557 * The parameter addr_set controls whether we should get the address of 4558 * the working interface for the netmask query. If addr_set is true, 4559 * we will use the address provided. Otherwise, we will find the working 4560 * interface's address and use it instead. 4561 */ 4562 static boolean_t 4563 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set) 4564 { 4565 struct sockaddr_in ifaddr; 4566 4567 /* 4568 * Read the address from the interface if it is not passed in. 4569 */ 4570 if (!addr_set) { 4571 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4572 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 4573 if (errno != EADDRNOTAVAIL) { 4574 (void) fprintf(stderr, "Need net number for " 4575 "mask\n"); 4576 } 4577 return (_B_FALSE); 4578 } 4579 ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr); 4580 } else { 4581 ifaddr.sin_addr = saddr->sin_addr; 4582 } 4583 if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) { 4584 saddr->sin_family = AF_INET; 4585 return (_B_TRUE); 4586 } 4587 return (_B_FALSE); 4588 } 4589 4590 static int 4591 lifnum(const char *ifname) 4592 { 4593 const char *cp; 4594 4595 if ((cp = strchr(ifname, ':')) == NULL) 4596 return (0); 4597 else 4598 return (atoi(cp + 1)); 4599 } 4600 4601 static int 4602 strioctl(int s, int cmd, void *buf, int buflen) 4603 { 4604 struct strioctl ioc; 4605 4606 (void) memset(&ioc, 0, sizeof (ioc)); 4607 ioc.ic_cmd = cmd; 4608 ioc.ic_timout = 0; 4609 ioc.ic_len = buflen; 4610 ioc.ic_dp = buf; 4611 return (ioctl(s, I_STR, (char *)&ioc)); 4612 } 4613 4614 static void 4615 add_ni(const char *name) 4616 { 4617 ni_t **pp; 4618 ni_t *p; 4619 4620 for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) { 4621 if (strcmp(p->ni_name, name) == 0) { 4622 if (debug > 2) 4623 (void) fprintf(stderr, "'%s' is a duplicate\n", 4624 name); 4625 return; 4626 } 4627 } 4628 4629 if (debug > 2) 4630 (void) fprintf(stderr, "adding '%s'\n", 4631 name); 4632 4633 if ((p = malloc(sizeof (ni_t))) == NULL) 4634 return; 4635 4636 (void) strlcpy(p->ni_name, name, sizeof (p->ni_name)); 4637 p->ni_next = NULL; 4638 4639 *pp = p; 4640 num_ni++; 4641 } 4642 4643 static boolean_t 4644 ni_entry(const char *linkname, void *arg) 4645 { 4646 dlpi_handle_t dh; 4647 datalink_class_t class; 4648 4649 (void) dladm_name2info(arg, linkname, NULL, NULL, &class, NULL); 4650 4651 if (class == DATALINK_CLASS_ETHERSTUB) 4652 return (_B_FALSE); 4653 if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS) 4654 return (_B_FALSE); 4655 4656 add_ni(linkname); 4657 4658 dlpi_close(dh); 4659 return (_B_FALSE); 4660 } 4661 4662 /* 4663 * dhcp-related routines 4664 */ 4665 4666 static int 4667 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[]) 4668 { 4669 dhcp_ipc_request_t *request; 4670 dhcp_ipc_reply_t *reply = NULL; 4671 int timeout = DHCP_IPC_WAIT_DEFAULT; 4672 dhcp_ipc_type_t type = DHCP_START; 4673 int error; 4674 boolean_t is_primary = _B_FALSE; 4675 boolean_t started = _B_FALSE; 4676 4677 for (argv++; --argc > 0; argv++) { 4678 4679 if (strcmp(*argv, "primary") == 0) { 4680 is_primary = _B_TRUE; 4681 continue; 4682 } 4683 4684 if (strcmp(*argv, "wait") == 0) { 4685 if (--argc <= 0) { 4686 usage(); 4687 return (DHCP_EXIT_BADARGS); 4688 } 4689 argv++; 4690 4691 if (strcmp(*argv, "forever") == 0) { 4692 timeout = DHCP_IPC_WAIT_FOREVER; 4693 continue; 4694 } 4695 4696 if (sscanf(*argv, "%d", &timeout) != 1) { 4697 usage(); 4698 return (DHCP_EXIT_BADARGS); 4699 } 4700 4701 if (timeout < 0) { 4702 usage(); 4703 return (DHCP_EXIT_BADARGS); 4704 } 4705 continue; 4706 } 4707 4708 type = dhcp_string_to_request(*argv); 4709 if (type == -1) { 4710 usage(); 4711 return (DHCP_EXIT_BADARGS); 4712 } 4713 } 4714 4715 /* 4716 * Only try to start agent on start or inform; in all other cases it 4717 * has to already be running for anything to make sense. 4718 */ 4719 if (type == DHCP_START || type == DHCP_INFORM) { 4720 if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) { 4721 (void) fprintf(stderr, "%s: unable to start %s\n", 4722 caller, DHCP_AGENT_PATH); 4723 return (DHCP_EXIT_FAILURE); 4724 } 4725 started = _B_TRUE; 4726 } 4727 4728 if (is_primary) 4729 type |= DHCP_PRIMARY; 4730 4731 if (af != AF_INET) 4732 type |= DHCP_V6; 4733 4734 request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE); 4735 if (request == NULL) { 4736 (void) fprintf(stderr, "%s: out of memory\n", caller); 4737 return (DHCP_EXIT_SYSTEM); 4738 } 4739 4740 error = dhcp_ipc_make_request(request, &reply, timeout); 4741 if (error != 0) { 4742 free(request); 4743 /* 4744 * Re-map connect error to not under control if we didn't try a 4745 * start operation, as this has to be true and results in a 4746 * clearer message, not to mention preserving compatibility 4747 * with the days when we always started dhcpagent for every 4748 * request. 4749 */ 4750 if (error == DHCP_IPC_E_CONNECT && !started) 4751 error = DHCP_IPC_E_UNKIF; 4752 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4753 dhcp_ipc_strerror(error)); 4754 return (DHCP_EXIT_FAILURE); 4755 } 4756 4757 error = reply->return_code; 4758 if (error != 0) { 4759 free(request); 4760 free(reply); 4761 4762 if (error == DHCP_IPC_E_TIMEOUT && timeout == 0) 4763 return (DHCP_EXIT_SUCCESS); 4764 4765 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4766 dhcp_ipc_strerror(error)); 4767 4768 if (error == DHCP_IPC_E_TIMEOUT) 4769 return (DHCP_EXIT_TIMEOUT); 4770 else 4771 return (DHCP_EXIT_IF_FAILURE); 4772 } 4773 4774 if (DHCP_IPC_CMD(type) == DHCP_STATUS) { 4775 (void) printf("%s", dhcp_status_hdr_string()); 4776 (void) printf("%s", dhcp_status_reply_to_string(reply)); 4777 } 4778 4779 free(request); 4780 free(reply); 4781 return (DHCP_EXIT_SUCCESS); 4782 } 4783 4784 static void 4785 usage(void) 4786 { 4787 (void) fprintf(stderr, 4788 "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n"); 4789 4790 (void) fprintf(stderr, "%s", 4791 "\t[ <addr_family> ]\n" 4792 "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n" 4793 "\t[ set [ <address>][/<prefix_length>] ]" 4794 " [ <address>/<prefix_length>] ]\n" 4795 "\t[ destination <dest_address> ]\n" 4796 "\t[ addif <address>[/<prefix_length>]" 4797 " [ <dest_address> ] ]\n" 4798 "\t[ removeif <address>[/<prefix_length>] ]\n" 4799 "\t[ arp | -arp ]\n" 4800 "\t[ auto-revarp ]\n" 4801 "\t[ broadcast <broad_addr> ]\n" 4802 "\t[ index <if_index> ]\n" 4803 "\t[ metric <n> ] [ mtu <n> ]\n" 4804 "\t[ netmask <mask> ]\n" 4805 "\t[ plumb ] [ unplumb ]\n" 4806 "\t[ preferred | -preferred ]\n" 4807 "\t[ private | -private ]\n" 4808 "\t[ local | -local ]\n" 4809 "\t[ router | -router ]\n" 4810 "\t[ subnet <subnet_address>]\n" 4811 "\t[ trailers | -trailers ]\n" 4812 "\t[ token <address>/<prefix_length> ]\n" 4813 "\t[ tsrc <tunnel_src_address> ]\n" 4814 "\t[ tdst <tunnel_dest_address> ]\n" 4815 "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n" 4816 "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n" 4817 "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n" 4818 "\t[ up ] [ down ]\n" 4819 "\t[ xmit | -xmit ]\n" 4820 "\t[ modlist ]\n" 4821 "\t[ modinsert <module_name@position> ]\n" 4822 "\t[ modremove <module_name@position> ]\n" 4823 "\t[ ipmp ]\n" 4824 "\t[ group <groupname>] | [ group \"\"]\n" 4825 "\t[ deprecated | -deprecated ]\n" 4826 "\t[ standby | -standby ]\n" 4827 "\t[ failover | -failover ]\n" 4828 "\t[ zone <zonename> | -zone ]\n" 4829 "\t[ usesrc <interface> ]\n" 4830 "\t[ all-zones ]\n"); 4831 4832 (void) fprintf(stderr, "or\n"); 4833 (void) fprintf(stderr, 4834 "\tifconfig <interface> | -a[ 4 | 6 | D ] [ u | d ]\n"); 4835 4836 (void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n" 4837 "\t[ wait <time> | forever ]\n\t[ primary ]\n" 4838 "\tstart | drop | ping | release | status | inform\n"); 4839 } 4840