1 /* 2 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. 3 * Copyright 2012, Daniil Lunev. All rights reserved. 4 * Copyright 2014, OmniTI Computer Consulting, Inc. All rights reserved. 5 */ 6 /* 7 * Copyright (c) 1983 Regents of the University of California. 8 * All rights reserved. The Berkeley software License Agreement 9 * specifies the terms and conditions for redistribution. 10 */ 11 12 #include "defs.h" 13 #include "strings.h" 14 #include "ifconfig.h" 15 #include <compat.h> 16 #include <libdlpi.h> 17 #include <libdllink.h> 18 #include <libdliptun.h> 19 #include <libdllink.h> 20 #include <inet/ip.h> 21 #include <inet/ipsec_impl.h> 22 #include <libipadm.h> 23 #include <ifaddrs.h> 24 #include <libsocket_priv.h> 25 26 #define LOOPBACK_IF "lo0" 27 #define NONE_STR "none" 28 #define ARP_MOD_NAME "arp" 29 #define LIFC_DEFAULT (LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES |\ 30 LIFC_UNDER_IPMP) 31 32 typedef struct if_flags { 33 uint64_t iff_value; 34 char *iff_name; 35 } if_flags_t; 36 37 static if_flags_t if_flags_tbl[] = { 38 { IFF_UP, "UP" }, 39 { IFF_BROADCAST, "BROADCAST" }, 40 { IFF_DEBUG, "DEBUG" }, 41 { IFF_LOOPBACK, "LOOPBACK" }, 42 { IFF_POINTOPOINT, "POINTOPOINT" }, 43 { IFF_NOTRAILERS, "NOTRAILERS" }, 44 { IFF_RUNNING, "RUNNING" }, 45 { IFF_NOARP, "NOARP" }, 46 { IFF_PROMISC, "PROMISC" }, 47 { IFF_ALLMULTI, "ALLMULTI" }, 48 { IFF_INTELLIGENT, "INTELLIGENT" }, 49 { IFF_MULTICAST, "MULTICAST" }, 50 { IFF_MULTI_BCAST, "MULTI_BCAST" }, 51 { IFF_UNNUMBERED, "UNNUMBERED" }, 52 { IFF_DHCPRUNNING, "DHCP" }, 53 { IFF_PRIVATE, "PRIVATE" }, 54 { IFF_NOXMIT, "NOXMIT" }, 55 { IFF_NOLOCAL, "NOLOCAL" }, 56 { IFF_DEPRECATED, "DEPRECATED" }, 57 { IFF_ADDRCONF, "ADDRCONF" }, 58 { IFF_ROUTER, "ROUTER" }, 59 { IFF_NONUD, "NONUD" }, 60 { IFF_ANYCAST, "ANYCAST" }, 61 { IFF_NORTEXCH, "NORTEXCH" }, 62 { IFF_IPV4, "IPv4" }, 63 { IFF_IPV6, "IPv6" }, 64 { IFF_NOFAILOVER, "NOFAILOVER" }, 65 { IFF_FAILED, "FAILED" }, 66 { IFF_STANDBY, "STANDBY" }, 67 { IFF_INACTIVE, "INACTIVE" }, 68 { IFF_OFFLINE, "OFFLINE" }, 69 { IFF_XRESOLV, "XRESOLV" }, 70 { IFF_COS_ENABLED, "CoS" }, 71 { IFF_PREFERRED, "PREFERRED" }, 72 { IFF_TEMPORARY, "TEMPORARY" }, 73 { IFF_FIXEDMTU, "FIXEDMTU" }, 74 { IFF_VIRTUAL, "VIRTUAL" }, 75 { IFF_DUPLICATE, "DUPLICATE" }, 76 { IFF_IPMP, "IPMP"}, 77 { IFF_VRRP, "VRRP"}, 78 { IFF_NOACCEPT, "NOACCEPT"}, 79 { IFF_L3PROTECT, "L3PROTECT"} 80 }; 81 82 typedef struct { 83 const char *ia_app; 84 uint64_t ia_flag; 85 uint_t ia_tries; 86 } if_appflags_t; 87 88 static const if_appflags_t if_appflags_tbl[] = { 89 { "dhcpagent(1M)", IFF_DHCPRUNNING, 1 }, 90 { "in.ndpd(1M)", IFF_ADDRCONF, 3 }, 91 { NULL, 0, 0 } 92 }; 93 94 static dladm_handle_t dlh; 95 boolean_t dlh_opened; 96 static struct lifreq lifr; 97 /* current interface name a particular function is accessing */ 98 static char name[LIFNAMSIZ]; 99 /* foreach interface saved name */ 100 static char origname[LIFNAMSIZ]; 101 static int setaddr; 102 static boolean_t setaddr_done = _B_FALSE; 103 static boolean_t ipsec_policy_set; 104 static boolean_t ipsec_auth_covered; 105 static ipadm_handle_t iph; 106 static ipadm_addrobj_t ipaddr; 107 108 /* 109 * Make sure the algorithm variables hold more than the sizeof an algorithm 110 * in PF_KEY. (For now, more than a uint8_t.) The NO_***_?ALG indicates that 111 * there was no algorithm requested, and in the ipsec_req that service should 112 * be disabled. (E.g. if ah_aalg remains NO_AH_AALG, then AH will be 113 * disabled on that tunnel.) 114 */ 115 #define NO_AH_AALG 256 116 #define NO_ESP_AALG 256 117 #define NO_ESP_EALG 256 118 119 int s, s4, s6; 120 int af = AF_INET; /* default address family */ 121 int debug = 0; 122 int all = 0; /* setifdhcp() needs to know this */ 123 int verbose = 0; 124 int v4compat = 0; /* Compatible printing format */ 125 126 /* 127 * Function prototypes for command functions. 128 */ 129 static int addif(char *arg, int64_t param); 130 static int inetipmp(char *arg, int64_t param); 131 static int inetplumb(char *arg, int64_t param); 132 static int inetunplumb(char *arg, int64_t param); 133 static int removeif(char *arg, int64_t param); 134 static int setdebugflag(char *arg, int64_t param); 135 static int setifaddr(char *arg, int64_t param); 136 static int setifbroadaddr(char *arg, int64_t param); 137 static int setifdstaddr(char *arg, int64_t param); 138 static int setifether(char *arg, int64_t param); 139 static int setifflags(char *arg, int64_t param); 140 static int setifindex(char *arg, int64_t param); 141 static int setifmetric(char *arg, int64_t param); 142 static int setifmtu(char *arg, int64_t param); 143 static int setifnetmask(char *arg, int64_t param); 144 static int setifprefixlen(char *arg, int64_t param); 145 static int setifrevarp(char *arg, int64_t param); 146 static int setifsubnet(char *arg, int64_t param); 147 static int setiftdst(char *arg, int64_t param); 148 static int setiftoken(char *arg, int64_t param); 149 static int setiftsrc(char *arg, int64_t param); 150 static int setverboseflag(char *arg, int64_t param); 151 static int set_tun_ah_alg(char *arg, int64_t param); 152 static int set_tun_esp_auth_alg(char *arg, int64_t param); 153 static int set_tun_esp_encr_alg(char *arg, int64_t param); 154 static int modlist(char *arg, int64_t param); 155 static int modinsert(char *arg, int64_t param); 156 static int modremove(char *arg, int64_t param); 157 static int setifgroupname(char *arg, int64_t param); 158 static int configinfo(char *arg, int64_t param); 159 static void print_config_flags(int af, uint64_t flags); 160 static void print_flags(uint64_t flags); 161 static void print_ifether(const char *ifname); 162 static int set_tun_encap_limit(char *arg, int64_t param); 163 static int clr_tun_encap_limit(char *arg, int64_t param); 164 static int set_tun_hop_limit(char *arg, int64_t param); 165 static int setzone(char *arg, int64_t param); 166 static int setallzones(char *arg, int64_t param); 167 static int setifsrc(char *arg, int64_t param); 168 static int lifnum(const char *ifname); 169 static void plumball(int, char **, int64_t, int64_t, int64_t); 170 171 /* 172 * Address family specific function prototypes. 173 */ 174 static void in_getaddr(char *s, struct sockaddr *saddr, int *plenp); 175 static void in_status(int force, uint64_t flags); 176 static void in_configinfo(int force, uint64_t flags); 177 static void in6_getaddr(char *s, struct sockaddr *saddr, int *plenp); 178 static void in6_status(int force, uint64_t flags); 179 static void in6_configinfo(int force, uint64_t flags); 180 181 /* 182 * Misc support functions 183 */ 184 static boolean_t ni_entry(const char *, void *); 185 static void foreachinterface(int argc, char *argv[], 186 int af, int64_t onflags, int64_t offflags, 187 int64_t lifc_flags); 188 static void ifconfig(int argc, char *argv[], int af, 189 struct ifaddrs *ifa); 190 static boolean_t in_getmask(struct sockaddr_in *saddr, 191 boolean_t addr_set); 192 static int in_getprefixlen(char *addr, boolean_t slash, int plen); 193 static boolean_t in_prefixlentomask(int prefixlen, int maxlen, 194 uchar_t *mask); 195 static void status(void); 196 static void ifstatus(const char *ifname); 197 static void tun_status(datalink_id_t); 198 static void usage(void); 199 static int setifdhcp(const char *caller, const char *ifname, 200 int argc, char *argv[]); 201 static int ip_domux2fd(int *, int *, int *, int *, int *); 202 static int ip_plink(int, int, int, int, int); 203 static int modop(char *arg, char op); 204 static int find_all_interfaces(struct lifconf *lifcp, char **buf, 205 int64_t lifc_flags); 206 static int create_ipmp(const char *grname, int af, 207 const char *ifname, boolean_t implicit); 208 static void start_ipmp_daemon(void); 209 static boolean_t ifaddr_up(ifaddrlistx_t *ifaddrp); 210 static boolean_t ifaddr_down(ifaddrlistx_t *ifaddrp); 211 static dladm_status_t ifconfig_dladm_open(const char *, datalink_class_t, 212 datalink_id_t *); 213 static void dladmerr_exit(dladm_status_t status, const char *str); 214 static void ipadmerr_exit(ipadm_status_t status, const char *str); 215 static boolean_t ifconfig_use_libipadm(int, const char *); 216 void Perror0_exit(const char *cmd) __NORETURN; 217 218 #define max(a, b) ((a) < (b) ? (b) : (a)) 219 220 /* 221 * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there 222 * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep 223 * on going rather than exit with an error. 224 */ 225 226 #define DHCP_EXIT_IF_FAILURE -1 227 228 #define NEXTARG 0xffffff /* command takes an argument */ 229 #define OPTARG 0xfffffe /* command takes an optional argument */ 230 #define AF_ANY (-1) 231 232 /* Refer to the comments in ifconfig() on the netmask "hack" */ 233 #define NETMASK_CMD "netmask" 234 struct sockaddr_storage g_netmask; 235 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET } 236 g_netmask_set = G_NETMASK_NIL; 237 238 struct cmd { 239 char *c_name; 240 int64_t c_parameter; /* NEXTARG means next argv */ 241 int (*c_func)(char *, int64_t); 242 int c_abortonfail; /* don't continue parsing args */ 243 /* for the current interface */ 244 int c_af; /* address family restrictions */ 245 } cmds[] = { 246 { "up", IFF_UP, setifflags, 0, AF_ANY }, 247 { "down", -IFF_UP, setifflags, 0, AF_ANY }, 248 { "trailers", -IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 249 { "-trailers", IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 250 { "arp", -IFF_NOARP, setifflags, 0, AF_INET }, 251 { "-arp", IFF_NOARP, setifflags, 0, AF_INET }, 252 { "router", IFF_ROUTER, setifflags, 0, AF_ANY }, 253 { "-router", -IFF_ROUTER, setifflags, 0, AF_ANY }, 254 { "private", IFF_PRIVATE, setifflags, 0, AF_ANY }, 255 { "-private", -IFF_PRIVATE, setifflags, 0, AF_ANY }, 256 { "xmit", -IFF_NOXMIT, setifflags, 0, AF_ANY }, 257 { "-xmit", IFF_NOXMIT, setifflags, 0, AF_ANY }, 258 { "-nud", IFF_NONUD, setifflags, 0, AF_INET6 }, 259 { "nud", -IFF_NONUD, setifflags, 0, AF_INET6 }, 260 { "anycast", IFF_ANYCAST, setifflags, 0, AF_ANY }, 261 { "-anycast", -IFF_ANYCAST, setifflags, 0, AF_ANY }, 262 { "local", -IFF_NOLOCAL, setifflags, 0, AF_ANY }, 263 { "-local", IFF_NOLOCAL, setifflags, 0, AF_ANY }, 264 { "deprecated", IFF_DEPRECATED, setifflags, 0, AF_ANY }, 265 { "-deprecated", -IFF_DEPRECATED, setifflags, 0, AF_ANY }, 266 { "preferred", IFF_PREFERRED, setifflags, 0, AF_INET6 }, 267 { "-preferred", -IFF_PREFERRED, setifflags, 0, AF_INET6 }, 268 { "debug", 0, setdebugflag, 0, AF_ANY }, 269 { "verbose", 0, setverboseflag, 0, AF_ANY }, 270 { NETMASK_CMD, NEXTARG, setifnetmask, 0, AF_INET }, 271 { "metric", NEXTARG, setifmetric, 0, AF_ANY }, 272 { "mtu", NEXTARG, setifmtu, 0, AF_ANY }, 273 { "index", NEXTARG, setifindex, 0, AF_ANY }, 274 { "broadcast", NEXTARG, setifbroadaddr, 0, AF_INET }, 275 { "auto-revarp", 0, setifrevarp, 1, AF_INET }, 276 { "ipmp", 0, inetipmp, 1, AF_ANY }, 277 { "plumb", 0, inetplumb, 1, AF_ANY }, 278 { "unplumb", 0, inetunplumb, 0, AF_ANY }, 279 { "subnet", NEXTARG, setifsubnet, 0, AF_ANY }, 280 { "token", NEXTARG, setiftoken, 0, AF_INET6 }, 281 { "tsrc", NEXTARG, setiftsrc, 0, AF_ANY }, 282 { "tdst", NEXTARG, setiftdst, 0, AF_ANY }, 283 { "encr_auth_algs", NEXTARG, set_tun_esp_auth_alg, 0, AF_ANY }, 284 { "encr_algs", NEXTARG, set_tun_esp_encr_alg, 0, AF_ANY }, 285 { "auth_algs", NEXTARG, set_tun_ah_alg, 0, AF_ANY }, 286 { "addif", NEXTARG, addif, 1, AF_ANY }, 287 { "removeif", NEXTARG, removeif, 1, AF_ANY }, 288 { "modlist", 0, modlist, 1, AF_ANY }, 289 { "modinsert", NEXTARG, modinsert, 1, AF_ANY }, 290 { "modremove", NEXTARG, modremove, 1, AF_ANY }, 291 { "failover", -IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 292 { "-failover", IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 293 { "standby", IFF_STANDBY, setifflags, 1, AF_ANY }, 294 { "-standby", -IFF_STANDBY, setifflags, 1, AF_ANY }, 295 { "failed", IFF_FAILED, setifflags, 1, AF_ANY }, 296 { "-failed", -IFF_FAILED, setifflags, 1, AF_ANY }, 297 { "group", NEXTARG, setifgroupname, 1, AF_ANY }, 298 { "configinfo", 0, configinfo, 1, AF_ANY }, 299 { "encaplimit", NEXTARG, set_tun_encap_limit, 0, AF_ANY }, 300 { "-encaplimit", 0, clr_tun_encap_limit, 0, AF_ANY }, 301 { "thoplimit", NEXTARG, set_tun_hop_limit, 0, AF_ANY }, 302 { "set", NEXTARG, setifaddr, 0, AF_ANY }, 303 { "destination", NEXTARG, setifdstaddr, 0, AF_ANY }, 304 { "zone", NEXTARG, setzone, 0, AF_ANY }, 305 { "-zone", 0, setzone, 0, AF_ANY }, 306 { "all-zones", 0, setallzones, 0, AF_ANY }, 307 { "ether", OPTARG, setifether, 0, AF_ANY }, 308 { "usesrc", NEXTARG, setifsrc, 0, AF_ANY }, 309 310 /* 311 * NOTE: any additions to this table must also be applied to ifparse 312 * (usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c) 313 */ 314 315 { 0, 0, setifaddr, 0, AF_ANY }, 316 { 0, 0, setifdstaddr, 0, AF_ANY }, 317 { 0, 0, 0, 0, 0 }, 318 }; 319 320 321 typedef struct if_config_cmd { 322 uint64_t iff_flag; 323 int iff_af; 324 char *iff_name; 325 } if_config_cmd_t; 326 327 /* 328 * NOTE: print_config_flags() processes this table in order, so we put "up" 329 * last so that we can be sure "-failover" will take effect first. Otherwise, 330 * IPMP test addresses will erroneously migrate to the IPMP interface. 331 */ 332 static if_config_cmd_t if_config_cmd_tbl[] = { 333 { IFF_NOTRAILERS, AF_UNSPEC, "-trailers" }, 334 { IFF_PRIVATE, AF_UNSPEC, "private" }, 335 { IFF_NOXMIT, AF_UNSPEC, "-xmit" }, 336 { IFF_ANYCAST, AF_INET6, "anycast" }, 337 { IFF_NOLOCAL, AF_UNSPEC, "-local" }, 338 { IFF_DEPRECATED, AF_UNSPEC, "deprecated" }, 339 { IFF_NOFAILOVER, AF_UNSPEC, "-failover" }, 340 { IFF_STANDBY, AF_UNSPEC, "standby" }, 341 { IFF_FAILED, AF_UNSPEC, "failed" }, 342 { IFF_PREFERRED, AF_UNSPEC, "preferred" }, 343 { IFF_NONUD, AF_INET6, "-nud" }, 344 { IFF_NOARP, AF_INET, "-arp" }, 345 { IFF_UP, AF_UNSPEC, "up" }, 346 { 0, 0, NULL }, 347 }; 348 349 typedef struct ni { 350 char ni_name[LIFNAMSIZ]; 351 struct ni *ni_next; 352 } ni_t; 353 354 static ni_t *ni_list = NULL; 355 static int num_ni = 0; 356 357 /* End defines and structure definitions for ifconfig -a plumb */ 358 359 /* Known address families */ 360 struct afswtch { 361 char *af_name; 362 short af_af; 363 void (*af_status)(); 364 void (*af_getaddr)(); 365 void (*af_configinfo)(); 366 } afs[] = { 367 { "inet", AF_INET, in_status, in_getaddr, in_configinfo }, 368 { "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo }, 369 { 0, 0, 0, 0, 0 } 370 }; 371 372 #define SOCKET_AF(af) (((af) == AF_UNSPEC) ? AF_INET : (af)) 373 374 struct afswtch *afp; /* the address family being set or asked about */ 375 376 int 377 main(int argc, char *argv[]) 378 { 379 int64_t lifc_flags; 380 char *default_ip_str; 381 ipadm_status_t istatus; 382 383 lifc_flags = LIFC_DEFAULT; 384 385 if (argc < 2) { 386 (void) strncpy(name, "-a", sizeof (name)); 387 } else { 388 argc--, argv++; 389 if (strlen(*argv) > sizeof (name) - 1) { 390 (void) fprintf(stderr, "%s: interface name too long\n", 391 *argv); 392 exit(1); 393 } 394 (void) strncpy(name, *argv, sizeof (name)); 395 } 396 name[sizeof (name) - 1] = '\0'; 397 (void) strncpy(origname, name, sizeof (origname)); /* For addif */ 398 default_ip_str = NULL; 399 v4compat = get_compat_flag(&default_ip_str); 400 if (v4compat == DEFAULT_PROT_BAD_VALUE) { 401 (void) fprintf(stderr, 402 "ifconfig: %s: Bad value for %s in %s\n", default_ip_str, 403 DEFAULT_IP, INET_DEFAULT_FILE); 404 free(default_ip_str); 405 exit(2); 406 } 407 free(default_ip_str); 408 argc--, argv++; 409 if (argc > 0) { 410 struct afswtch *myafp; 411 412 for (myafp = afp = afs; myafp->af_name; myafp++) { 413 if (strcmp(myafp->af_name, *argv) == 0) { 414 afp = myafp; argc--; argv++; 415 break; 416 } 417 } 418 af = lifr.lifr_addr.ss_family = afp->af_af; 419 if (af == AF_INET6) { 420 v4compat = 0; 421 } 422 } 423 424 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 425 s4 = socket(AF_INET, SOCK_DGRAM, 0); 426 s6 = socket(AF_INET6, SOCK_DGRAM, 0); 427 if (s == -1 || s4 == -1 || s6 == -1) 428 Perror0_exit("socket"); 429 /* 430 * Open the global libipadm handle. The flag IPH_LEGACY has to 431 * be specified to indicate that logical interface names will 432 * be used during interface creation and address creation. 433 */ 434 if ((istatus = ipadm_open(&iph, IPH_LEGACY)) != IPADM_SUCCESS) 435 ipadmerr_exit(istatus, "unable to open handle to libipadm"); 436 437 /* 438 * Special interface names is any combination of these flags. 439 * Note that due to the ifconfig syntax they have to be combined 440 * as a single '-' option. 441 * -a All interfaces 442 * -u "up" interfaces 443 * -d "down" interfaces 444 * -D Interfaces not controlled by DHCP 445 * -4 IPv4 interfaces 446 * -6 IPv6 interfaces 447 * -X Turn on debug (not documented) 448 * -v Turn on verbose 449 * -Z Only interfaces in caller's zone 450 */ 451 452 if (name[0] == '-') { 453 /* One or more options */ 454 int64_t onflags = 0; 455 int64_t offflags = 0; 456 int c; 457 char *av[2] = { "ifconfig", name }; 458 459 while ((c = getopt(2, av, "audhDXZ46v")) != -1) { 460 switch ((char)c) { 461 case 'a': 462 all = 1; 463 break; 464 case 'u': 465 onflags |= IFF_UP; 466 break; 467 case 'd': 468 offflags |= IFF_UP; 469 break; 470 case 'D': 471 offflags |= IFF_DHCPRUNNING; 472 break; 473 case 'X': 474 debug += 3; 475 break; 476 case 'Z': 477 lifc_flags &= ~LIFC_ALLZONES; 478 break; 479 case '4': 480 /* 481 * -4 is not a compatable flag, therefore 482 * we assume they want v4compat turned off 483 */ 484 v4compat = 0; 485 onflags |= IFF_IPV4; 486 break; 487 case '6': 488 /* 489 * If they want IPv6, well then we'll assume 490 * they don't want IPv4 compat 491 */ 492 v4compat = 0; 493 onflags |= IFF_IPV6; 494 break; 495 case 'v': 496 verbose = 1; 497 break; 498 case 'h': 499 case '?': 500 usage(); 501 exit(1); 502 } 503 } 504 if (!all) { 505 (void) fprintf(stderr, 506 "ifconfig: %s: no such interface\n", name); 507 exit(1); 508 } 509 foreachinterface(argc, argv, af, onflags, offflags, 510 lifc_flags); 511 } else { 512 ifconfig(argc, argv, af, NULL); 513 } 514 ipadm_close(iph); 515 return (0); 516 } 517 518 /* 519 * For each interface, call ifconfig(argc, argv, af, ifa). 520 * Only call function if onflags and offflags are set or clear, respectively, 521 * in the interfaces flags field. 522 */ 523 static void 524 foreachinterface(int argc, char *argv[], int af, 525 int64_t onflags, int64_t offflags, int64_t lifc_flags) 526 { 527 ipadm_addr_info_t *ainfo, *ainfop; 528 struct ifaddrs *ifa; 529 ipadm_status_t istatus; 530 531 /* 532 * Special case: 533 * ifconfig -a plumb should find all network interfaces in the current 534 * zone. 535 */ 536 if (argc > 0 && (strcmp(*argv, "plumb") == 0)) { 537 plumball(argc, argv, onflags, offflags, lifc_flags); 538 return; 539 } 540 /* Get all addresses in kernel including addresses that are zero. */ 541 istatus = ipadm_addr_info(iph, NULL, &ainfo, IPADM_OPT_ZEROADDR, 542 lifc_flags); 543 if (istatus != IPADM_SUCCESS) 544 ipadmerr_exit(istatus, "could not get addresses from kernel"); 545 546 /* 547 * For each logical interface, call ifconfig() with the 548 * given arguments. 549 */ 550 for (ainfop = ainfo; ainfop != NULL; ainfop = IA_NEXT(ainfop)) { 551 if (ainfop->ia_state == IFA_DISABLED) 552 continue; 553 ifa = &ainfop->ia_ifa; 554 if (onflags || offflags) { 555 if ((ifa->ifa_flags & onflags) != onflags) 556 continue; 557 if ((~ifa->ifa_flags & offflags) != offflags) 558 continue; 559 } 560 s = (ifa->ifa_addr->sa_family == AF_INET ? s4 : s6); 561 (void) strncpy(name, ifa->ifa_name, sizeof (name)); 562 (void) strncpy(origname, name, sizeof (origname)); 563 ifconfig(argc, argv, af, ifa); 564 } 565 ipadm_free_addr_info(ainfo); 566 } 567 568 /* 569 * Used for `ifconfig -a plumb'. Finds all datalinks and plumbs the interface. 570 */ 571 static void 572 plumball(int argc, char *argv[], int64_t onflags, int64_t offflags, 573 int64_t lifc_flags) 574 { 575 int n; 576 struct lifreq *lifrp; 577 struct lifconf lifc; 578 char *buf; 579 580 if (onflags != 0 || offflags != 0) { 581 (void) fprintf(stderr, "ifconfig: invalid syntax used to " 582 "plumb all interfaces.\n"); 583 exit(1); 584 } 585 586 if (find_all_interfaces(&lifc, &buf, lifc_flags) != 0 || 587 lifc.lifc_len == 0) 588 return; 589 590 lifrp = lifc.lifc_req; 591 for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) { 592 /* 593 * Reset global state 594 * setaddr: Used by parser to tear apart source and dest 595 * name and origname contain the name of the 'current' 596 * interface. 597 */ 598 setaddr = 0; 599 (void) strncpy(name, lifrp->lifr_name, sizeof (name)); 600 (void) strncpy(origname, name, sizeof (origname)); 601 ifconfig(argc, argv, af, NULL); 602 } 603 } 604 605 /* 606 * Parses the interface name and the command in argv[]. Calls the 607 * appropriate callback function for the given command from `cmds[]' 608 * table. 609 * If there is no command specified, it prints all addresses. 610 */ 611 static void 612 ifconfig(int argc, char *argv[], int af, struct ifaddrs *ifa) 613 { 614 static boolean_t scan_netmask = _B_FALSE; 615 int ret; 616 ipadm_status_t istatus; 617 struct lifreq lifr; 618 619 if (argc == 0) { 620 status(); 621 return; 622 } 623 624 if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) { 625 /* 626 * Some errors are ignored in the case where more than one 627 * interface is being operated on. 628 */ 629 ret = setifdhcp("ifconfig", name, argc, argv); 630 if (ret == DHCP_EXIT_IF_FAILURE) { 631 if (!all) 632 exit(DHCP_EXIT_FAILURE); 633 } else if (ret != DHCP_EXIT_SUCCESS) { 634 exit(ret); 635 } 636 return; 637 } 638 639 /* 640 * The following is a "hack" to get around the existing interface 641 * setting mechanism. Currently, each interface attribute, 642 * such as address, netmask, broadcast, ... is set separately. But 643 * sometimes two or more attributes must be set together. For 644 * example, setting an address without a netmask does not make sense. 645 * Yet they can be set separately for IPv4 address using the current 646 * ifconfig(1M) syntax. The kernel then "infers" the correct netmask 647 * using the deprecated "IP address classes." This is simply not 648 * correct. 649 * 650 * The "hack" below is to go thru the whole command list looking for 651 * the netmask command first. Then use this netmask to set the 652 * address. This does not provide an extensible way to accommodate 653 * future need for setting more than one attributes together. 654 * 655 * Note that if the "netmask" command argument is a "+", we need 656 * to save this info and do the query after we know the address to 657 * be set. The reason is that if "addif" is used, the working 658 * interface name will be changed later when the logical interface 659 * is created. In in_getmask(), if an address is not provided, 660 * it will use the working interface's address to do the query. 661 * It will be wrong now as we don't know the logical interface's name. 662 * 663 * ifconfig(1M) is too overloaded and the code is so convoluted 664 * that it is "safer" not to re-architect the code to fix the above 665 * issue, hence this "hack." We may be better off to have a new 666 * command with better syntax for configuring network interface 667 * parameters... 668 */ 669 if (!scan_netmask && afp->af_af == AF_INET) { 670 int largc; 671 char **largv; 672 673 /* Only go thru the command list once to find the netmask. */ 674 scan_netmask = _B_TRUE; 675 676 /* 677 * Currently, if multiple netmask commands are specified, the 678 * last one will be used as the final netmask. So we need 679 * to scan the whole list to preserve this behavior. 680 */ 681 for (largc = argc, largv = argv; largc > 0; largc--, largv++) { 682 if (strcmp(*largv, NETMASK_CMD) == 0) { 683 if (--largc == 0) 684 break; 685 largv++; 686 if (strcmp(*largv, "+") == 0) { 687 g_netmask_set = G_NETMASK_PENDING; 688 } else { 689 in_getaddr(*largv, (struct sockaddr *) 690 &g_netmask, NULL); 691 g_netmask_set = G_NETMASK_SET; 692 } 693 /* Continue the scan. */ 694 } 695 } 696 } 697 698 while (argc > 0) { 699 struct cmd *p; 700 boolean_t found_cmd; 701 702 if (debug) 703 (void) printf("ifconfig: argv %s\n", *argv); 704 705 found_cmd = _B_FALSE; 706 for (p = cmds; p->c_func; p++) { 707 if (p->c_name) { 708 if (strcmp(*argv, p->c_name) == 0) { 709 /* 710 * indicate that the command was 711 * found and check to see if 712 * the address family is valid 713 */ 714 found_cmd = _B_TRUE; 715 if (p->c_af == AF_ANY || 716 af == p->c_af) 717 break; 718 } 719 } else { 720 if (p->c_af == AF_ANY || 721 af == p->c_af) 722 break; 723 } 724 } 725 /* 726 * If we found the keyword, but the address family 727 * did not match spit out an error 728 */ 729 if (found_cmd && p->c_name == 0) { 730 (void) fprintf(stderr, "ifconfig: Operation %s not" 731 " supported for %s\n", *argv, afp->af_name); 732 exit(1); 733 } 734 /* 735 * else (no keyword found), we assume it's an address 736 * of some sort 737 */ 738 if (setaddr && ipaddr != NULL) { 739 /* 740 * We must have already filled in a source address in 741 * `ipaddr' and we now got a destination address. 742 * Fill it in `ipaddr' and call libipadm to create 743 * the static address. 744 */ 745 if (p->c_name == 0) { 746 istatus = ipadm_set_dst_addr(ipaddr, *argv, 747 (p->c_af == AF_ANY ? AF_UNSPEC : af)); 748 if (istatus != IPADM_SUCCESS) { 749 ipadmerr_exit(istatus, "could not " 750 "set destination address"); 751 } 752 /* 753 * finished processing dstaddr, so reset setaddr 754 */ 755 setaddr = 0; 756 } 757 /* 758 * Both source and destination address are in `ipaddr'. 759 * Add the address by calling libipadm. 760 */ 761 istatus = ipadm_create_addr(iph, ipaddr, 762 IPADM_OPT_ACTIVE); 763 if (istatus != IPADM_SUCCESS) 764 goto createfailed; 765 ipadm_destroy_addrobj(ipaddr); 766 ipaddr = NULL; 767 setaddr_done = _B_TRUE; 768 if (p->c_name == 0) { 769 /* move parser along */ 770 argc--, argv++; 771 continue; 772 } 773 } 774 if (p->c_name == 0 && setaddr_done) { 775 /* 776 * catch odd commands like 777 * "ifconfig <intf> addr1 addr2 addr3 addr4 up" 778 */ 779 (void) fprintf(stderr, "%s", 780 "ifconfig: cannot configure more than two " 781 "addresses in one command\n"); 782 exit(1); 783 } 784 if (p->c_func) { 785 if (p->c_af == AF_INET6) { 786 v4compat = 0; 787 } 788 if (p->c_parameter == NEXTARG || 789 p->c_parameter == OPTARG) { 790 argc--, argv++; 791 if (argc == 0 && p->c_parameter == NEXTARG) { 792 (void) fprintf(stderr, 793 "ifconfig: no argument for %s\n", 794 p->c_name); 795 exit(1); 796 } 797 } 798 /* 799 * Call the function if: 800 * 801 * there's no address family 802 * restriction 803 * OR 804 * we don't know the address yet 805 * (because we were called from 806 * main) 807 * OR 808 * there is a restriction AND 809 * the address families match 810 */ 811 if ((p->c_af == AF_ANY) || 812 (ifa == NULL) || 813 (ifa->ifa_addr->sa_family == p->c_af)) { 814 ret = (*p->c_func)(*argv, p->c_parameter); 815 /* 816 * If c_func failed and we should 817 * abort processing for this 818 * interface on failure, return 819 * now rather than going on to 820 * process other commands for 821 * the same interface. 822 */ 823 if (ret != 0 && p->c_abortonfail) 824 return; 825 } 826 } 827 argc--, argv++; 828 } 829 830 if (setaddr && ipaddr != NULL) { 831 /* 832 * Only the source address was provided, which was already 833 * set in `ipaddr'. Add the address by calling libipadm. 834 */ 835 istatus = ipadm_create_addr(iph, ipaddr, IPADM_OPT_ACTIVE); 836 if (istatus != IPADM_SUCCESS) 837 goto createfailed; 838 ipadm_destroy_addrobj(ipaddr); 839 ipaddr = NULL; 840 setaddr_done = _B_TRUE; 841 } 842 843 /* Check to see if there's a security hole in the tunnel setup. */ 844 if (ipsec_policy_set && !ipsec_auth_covered) { 845 (void) fprintf(stderr, "ifconfig: WARNING: tunnel with only " 846 "ESP and no authentication.\n"); 847 } 848 return; 849 850 createfailed: 851 (void) fprintf(stderr, "ifconfig: could not create address:% s\n", 852 ipadm_status2str(istatus)); 853 /* Remove the newly created logical interface. */ 854 if (strcmp(name, origname) != 0) { 855 assert(strchr(name, ':') != NULL); 856 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 857 (void) ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr); 858 } 859 exit(1); 860 } 861 862 /* ARGSUSED */ 863 static int 864 setdebugflag(char *val, int64_t arg) 865 { 866 debug++; 867 return (0); 868 } 869 870 /* ARGSUSED */ 871 static int 872 setverboseflag(char *val, int64_t arg) 873 { 874 verbose++; 875 return (0); 876 } 877 878 /* 879 * This function fills in the given lifreq's lifr_addr field based on 880 * g_netmask_set. 881 */ 882 static void 883 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr, 884 struct sockaddr_storage *mask) 885 { 886 assert(addr != NULL); 887 assert(mask != NULL); 888 889 switch (g_netmask_set) { 890 case G_NETMASK_SET: 891 lifr->lifr_addr = g_netmask; 892 break; 893 894 case G_NETMASK_PENDING: 895 /* 896 * "+" is used as the argument to "netmask" command. Query 897 * the database on the correct netmask based on the address to 898 * be set. 899 */ 900 assert(afp->af_af == AF_INET); 901 g_netmask = *addr; 902 if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) { 903 lifr->lifr_addr = *mask; 904 g_netmask_set = G_NETMASK_NIL; 905 } else { 906 lifr->lifr_addr = g_netmask; 907 g_netmask_set = G_NETMASK_SET; 908 } 909 break; 910 911 case G_NETMASK_NIL: 912 default: 913 lifr->lifr_addr = *mask; 914 break; 915 } 916 } 917 918 /* 919 * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n> 920 * syntax for setting the address, the address plus netmask, and just 921 * the netmask respectively. 922 */ 923 /* ARGSUSED */ 924 static int 925 setifaddr(char *addr, int64_t param) 926 { 927 ipadm_status_t istatus; 928 int prefixlen = 0; 929 struct lifreq lifr1; 930 struct sockaddr_storage laddr; 931 struct sockaddr_storage netmask; 932 struct sockaddr_in6 *sin6; 933 struct sockaddr_in *sin; 934 struct sockaddr_storage sav_netmask; 935 char cidraddr[BUFSIZ]; 936 937 if (addr[0] == '/') 938 return (setifprefixlen(addr, 0)); 939 940 (*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen); 941 942 (void) memset(&netmask, 0, sizeof (netmask)); 943 netmask.ss_family = afp->af_af; 944 switch (prefixlen) { 945 case NO_PREFIX: 946 /* Nothing there - ok */ 947 break; 948 case BAD_ADDR: 949 (void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n", 950 addr); 951 exit(1); 952 default: 953 if (afp->af_af == AF_INET6) { 954 sin6 = (struct sockaddr_in6 *)&netmask; 955 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 956 (uchar_t *)&sin6->sin6_addr)) { 957 (void) fprintf(stderr, "ifconfig: " 958 "Bad prefix length: %d\n", 959 prefixlen); 960 exit(1); 961 } 962 } else { 963 sin = (struct sockaddr_in *)&netmask; 964 if (!in_prefixlentomask(prefixlen, IP_ABITS, 965 (uchar_t *)&sin->sin_addr)) { 966 (void) fprintf(stderr, "ifconfig: " 967 "Bad prefix length: %d\n", 968 prefixlen); 969 exit(1); 970 } 971 } 972 /* 973 * Just in case of funny setting of both prefix and netmask, 974 * prefix should override the netmask command. 975 */ 976 g_netmask_set = G_NETMASK_NIL; 977 break; 978 } 979 980 /* 981 * Check and see if any "netmask" command is used and perform the 982 * necessary operation. 983 */ 984 set_mask_lifreq(&lifr, &laddr, &netmask); 985 986 /* This check is temporary until libipadm supports IPMP interfaces. */ 987 if (ifconfig_use_libipadm(s, name)) { 988 char addrstr[INET6_ADDRSTRLEN]; 989 990 if (af == AF_INET) { 991 sin = (struct sockaddr_in *)&laddr; 992 (void) inet_ntop(AF_INET, &sin->sin_addr, addrstr, 993 sizeof (addrstr)); 994 } else { 995 sin6 = (struct sockaddr_in6 *)&laddr; 996 (void) inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr, 997 sizeof (addrstr)); 998 } 999 istatus = ipadm_create_addrobj(IPADM_ADDR_STATIC, name, 1000 &ipaddr); 1001 if (istatus != IPADM_SUCCESS) 1002 ipadmerr_exit(istatus, "setifaddr"); 1003 1004 /* 1005 * lifr.lifr_addr, which is updated by set_mask_lifreq() 1006 * will contain the right mask to use. 1007 */ 1008 prefixlen = mask2plen((struct sockaddr *)&lifr.lifr_addr); 1009 (void) snprintf(cidraddr, sizeof (cidraddr), "%s/%d", 1010 addrstr, prefixlen); 1011 1012 istatus = ipadm_set_addr(ipaddr, cidraddr, af); 1013 if (istatus != IPADM_SUCCESS) 1014 ipadmerr_exit(istatus, "could not set address"); 1015 /* 1016 * let parser know we got a source. 1017 * Next address, if given, should be dest 1018 */ 1019 setaddr++; 1020 1021 /* 1022 * address will be set by the parser after nextarg has 1023 * been scanned 1024 */ 1025 return (0); 1026 } 1027 1028 /* Tell parser that an address was set */ 1029 setaddr++; 1030 /* save copy of netmask to restore in case of error */ 1031 (void) strncpy(lifr1.lifr_name, name, sizeof (lifr1.lifr_name)); 1032 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr1) < 0) 1033 Perror0_exit("SIOCGLIFNETMASK"); 1034 sav_netmask = lifr1.lifr_addr; 1035 1036 /* 1037 * If setting the address and not the mask, clear any existing mask 1038 * and the kernel will then assign the default (netmask has been set 1039 * to 0 in this case). If setting both (either by using a prefix or 1040 * using the netmask command), set the mask first, so the address will 1041 * be interpreted correctly. 1042 */ 1043 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1044 /* lifr.lifr_addr already contains netmask from set_mask_lifreq() */ 1045 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1046 Perror0_exit("SIOCSLIFNETMASK"); 1047 1048 if (debug) { 1049 char abuf[INET6_ADDRSTRLEN]; 1050 void *addr = (afp->af_af == AF_INET) ? 1051 (void *)&((struct sockaddr_in *)&laddr)->sin_addr : 1052 (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr; 1053 1054 (void) printf("Setting %s af %d addr %s\n", 1055 lifr.lifr_name, afp->af_af, 1056 inet_ntop(afp->af_af, addr, abuf, sizeof (abuf))); 1057 } 1058 lifr.lifr_addr = laddr; 1059 lifr.lifr_addr.ss_family = afp->af_af; 1060 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) { 1061 /* 1062 * Restore the netmask 1063 */ 1064 int saverr = errno; 1065 1066 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1067 lifr.lifr_addr = sav_netmask; 1068 (void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr); 1069 errno = saverr; 1070 Perror0_exit("SIOCSLIFADDR"); 1071 } 1072 1073 return (0); 1074 } 1075 1076 /* 1077 * The following functions are stolen from the ipseckey(1m) program. 1078 * Perhaps they should be somewhere common, but for now, we just maintain 1079 * two versions. We do this because of the different semantics for which 1080 * algorithms we select ("requested" for ifconfig vs. "actual" for key). 1081 */ 1082 1083 static ulong_t 1084 parsenum(char *num) 1085 { 1086 ulong_t rc; 1087 char *end = NULL; 1088 1089 errno = 0; 1090 rc = strtoul(num, &end, 0); 1091 if (errno != 0 || end == num || *end != '\0') { 1092 rc = (ulong_t)-1; 1093 } 1094 1095 return (rc); 1096 } 1097 1098 /* 1099 * Parse and reverse parse possible algorithm values, include numbers. 1100 * Mostly stolen from ipseckey.c. See the comments above parsenum() for why 1101 * this isn't common to ipseckey.c. 1102 * 1103 * NOTE: Static buffer in this function for the return value. Since ifconfig 1104 * isn't multithreaded, this isn't a huge problem. 1105 */ 1106 1107 #define NBUF_SIZE 20 /* Enough to print a large integer. */ 1108 1109 static char * 1110 rparsealg(uint8_t alg_value, int proto_num) 1111 { 1112 struct ipsecalgent *alg; 1113 static char numprint[128]; /* Enough to hold an algorithm name. */ 1114 1115 /* 1116 * Special cases for "any" and "none" 1117 * The kernel needs to be able to distinguish between "any" 1118 * and "none" and the APIs are underdefined in this area for auth. 1119 */ 1120 if (proto_num == IPSEC_PROTO_AH) { 1121 if (alg_value == SADB_AALG_NONE) 1122 return ("none"); 1123 if (alg_value == SADB_AALG_ANY) 1124 return ("any"); 1125 } 1126 1127 alg = getipsecalgbynum(alg_value, proto_num, NULL); 1128 if (alg != NULL) { 1129 (void) strlcpy(numprint, alg->a_names[0], sizeof (numprint)); 1130 freeipsecalgent(alg); 1131 } else { 1132 (void) snprintf(numprint, sizeof (numprint), "%d", alg_value); 1133 } 1134 1135 return (numprint); 1136 } 1137 1138 static uint_t 1139 parsealg(char *algname, int proto_num) 1140 { 1141 struct ipsecalgent *alg; 1142 ulong_t invalue; 1143 1144 if (algname == NULL) { 1145 (void) fprintf(stderr, "ifconfig: Unexpected end of command " 1146 "line.\n"); 1147 exit(1); 1148 } 1149 1150 /* 1151 * Special-case "none" and "any". 1152 * Use strcasecmp because its length is bounded. 1153 */ 1154 if (strcasecmp("none", algname) == 0) { 1155 return ((proto_num == IPSEC_PROTO_ESP) ? 1156 NO_ESP_EALG : NO_ESP_AALG); 1157 } 1158 if ((strcasecmp("any", algname) == 0) && (proto_num == IPSEC_PROTO_AH)) 1159 return (SADB_AALG_ANY); 1160 1161 alg = getipsecalgbyname(algname, proto_num, NULL); 1162 if (alg != NULL) { 1163 invalue = alg->a_alg_num; 1164 freeipsecalgent(alg); 1165 return ((uint_t)invalue); 1166 } 1167 1168 /* 1169 * Since algorithms can be loaded during kernel run-time, check for 1170 * numeric algorithm values too. 1171 */ 1172 invalue = parsenum(algname); 1173 if ((invalue & (ulong_t)0xff) == invalue) 1174 return ((uint_t)invalue); 1175 1176 (void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n", 1177 (proto_num == IPSEC_PROTO_ESP) ? 1178 "Encryption" : "Authentication", algname); 1179 exit(1); 1180 /* NOTREACHED */ 1181 } 1182 1183 /* 1184 * Actual ifconfig functions to set tunnel security properties. 1185 */ 1186 1187 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG }; 1188 1189 static int 1190 set_tun_algs(int which_alg, int alg) 1191 { 1192 boolean_t encr_alg_set = _B_FALSE; 1193 iptun_params_t params; 1194 dladm_status_t status; 1195 ipsec_req_t *ipsr; 1196 1197 if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, 1198 ¶ms.iptun_param_linkid)) != DLADM_STATUS_OK) 1199 goto done; 1200 1201 status = dladm_iptun_getparams(dlh, ¶ms, DLADM_OPT_ACTIVE); 1202 if (status != DLADM_STATUS_OK) 1203 goto done; 1204 1205 ipsr = ¶ms.iptun_param_secinfo; 1206 1207 /* 1208 * If I'm just starting off this ifconfig, I want a clean slate, 1209 * otherwise, I've captured the current tunnel security settings. 1210 * In the case of continuation, I merely add to the settings. 1211 */ 1212 if (!(params.iptun_param_flags & IPTUN_PARAM_SECINFO)) 1213 (void) memset(ipsr, 0, sizeof (*ipsr)); 1214 1215 /* We're only modifying the IPsec information */ 1216 params.iptun_param_flags = IPTUN_PARAM_SECINFO; 1217 1218 switch (which_alg) { 1219 case ESP_ENCR_ALG: 1220 if (alg == NO_ESP_EALG) { 1221 if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE) 1222 ipsr->ipsr_esp_req = 0; 1223 ipsr->ipsr_esp_alg = SADB_EALG_NONE; 1224 1225 /* Let the user specify NULL encryption implicitly. */ 1226 if (ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) { 1227 encr_alg_set = _B_TRUE; 1228 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1229 } 1230 } else { 1231 encr_alg_set = _B_TRUE; 1232 ipsr->ipsr_esp_req = 1233 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1234 ipsr->ipsr_esp_alg = alg; 1235 } 1236 break; 1237 case ESP_AUTH_ALG: 1238 if (alg == NO_ESP_AALG) { 1239 if ((ipsr->ipsr_esp_alg == SADB_EALG_NONE || 1240 ipsr->ipsr_esp_alg == SADB_EALG_NULL) && 1241 !encr_alg_set) 1242 ipsr->ipsr_esp_req = 0; 1243 ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE; 1244 } else { 1245 ipsr->ipsr_esp_req = 1246 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1247 ipsr->ipsr_esp_auth_alg = alg; 1248 1249 /* Let the user specify NULL encryption implicitly. */ 1250 if (ipsr->ipsr_esp_alg == SADB_EALG_NONE && 1251 !encr_alg_set) 1252 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1253 } 1254 break; 1255 case AH_AUTH_ALG: 1256 if (alg == NO_AH_AALG) { 1257 ipsr->ipsr_ah_req = 0; 1258 ipsr->ipsr_auth_alg = SADB_AALG_NONE; 1259 } else { 1260 ipsr->ipsr_ah_req = 1261 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1262 ipsr->ipsr_auth_alg = alg; 1263 } 1264 break; 1265 /* Will never hit DEFAULT */ 1266 } 1267 1268 status = dladm_iptun_modify(dlh, ¶ms, DLADM_OPT_ACTIVE); 1269 1270 done: 1271 if (status != DLADM_STATUS_OK) 1272 dladmerr_exit(status, name); 1273 else { 1274 ipsec_policy_set = _B_TRUE; 1275 if ((ipsr->ipsr_esp_req != 0 && 1276 ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) || 1277 (ipsr->ipsr_ah_req != 0 && 1278 ipsr->ipsr_auth_alg != SADB_AALG_NONE)) 1279 ipsec_auth_covered = _B_TRUE; 1280 } 1281 return (0); 1282 } 1283 1284 /* ARGSUSED */ 1285 static int 1286 set_tun_esp_encr_alg(char *addr, int64_t param) 1287 { 1288 return (set_tun_algs(ESP_ENCR_ALG, 1289 parsealg(addr, IPSEC_PROTO_ESP))); 1290 } 1291 1292 /* ARGSUSED */ 1293 static int 1294 set_tun_esp_auth_alg(char *addr, int64_t param) 1295 { 1296 return (set_tun_algs(ESP_AUTH_ALG, 1297 parsealg(addr, IPSEC_PROTO_AH))); 1298 } 1299 1300 /* ARGSUSED */ 1301 static int 1302 set_tun_ah_alg(char *addr, int64_t param) 1303 { 1304 return (set_tun_algs(AH_AUTH_ALG, 1305 parsealg(addr, IPSEC_PROTO_AH))); 1306 } 1307 1308 /* ARGSUSED */ 1309 static int 1310 setifrevarp(char *arg, int64_t param) 1311 { 1312 struct sockaddr_in laddr; 1313 1314 if (afp->af_af == AF_INET6) { 1315 (void) fprintf(stderr, 1316 "ifconfig: revarp not possible on IPv6 interface %s\n", 1317 name); 1318 exit(1); 1319 } 1320 if (doifrevarp(name, &laddr)) { 1321 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1322 laddr.sin_family = AF_INET; 1323 (void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr)); 1324 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1325 Perror0_exit("SIOCSLIFADDR"); 1326 } 1327 return (0); 1328 } 1329 1330 /* ARGSUSED */ 1331 static int 1332 setifsubnet(char *addr, int64_t param) 1333 { 1334 int prefixlen = 0; 1335 struct sockaddr_storage subnet; 1336 1337 (*afp->af_getaddr)(addr, &subnet, &prefixlen); 1338 1339 switch (prefixlen) { 1340 case NO_PREFIX: 1341 (void) fprintf(stderr, 1342 "ifconfig: Missing prefix length in subnet %s\n", addr); 1343 exit(1); 1344 /* NOTREACHED */ 1345 case BAD_ADDR: 1346 (void) fprintf(stderr, 1347 "ifconfig: Bad prefix length in %s\n", addr); 1348 exit(1); 1349 default: 1350 break; 1351 } 1352 1353 lifr.lifr_addr = subnet; 1354 lifr.lifr_addrlen = prefixlen; 1355 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1356 if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0) 1357 Perror0_exit("SIOCSLIFSUBNET"); 1358 1359 return (0); 1360 } 1361 1362 /* ARGSUSED */ 1363 static int 1364 setifnetmask(char *addr, int64_t param) 1365 { 1366 struct sockaddr_in netmask; 1367 1368 assert(afp->af_af != AF_INET6); 1369 1370 if (strcmp(addr, "+") == 0) { 1371 if (!in_getmask(&netmask, _B_FALSE)) 1372 return (0); 1373 (void) printf("Setting netmask of %s to %s\n", name, 1374 inet_ntoa(netmask.sin_addr)); 1375 } else { 1376 in_getaddr(addr, (struct sockaddr *)&netmask, NULL); 1377 } 1378 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1379 (void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask)); 1380 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1381 Perror0_exit("SIOCSLIFNETMASK"); 1382 return (0); 1383 } 1384 1385 /* 1386 * Parse '/<n>' as a netmask. 1387 */ 1388 /* ARGSUSED */ 1389 static int 1390 setifprefixlen(char *addr, int64_t param) 1391 { 1392 int prefixlen; 1393 int af = afp->af_af; 1394 1395 prefixlen = in_getprefixlen(addr, _B_TRUE, 1396 (af == AF_INET) ? IP_ABITS : IPV6_ABITS); 1397 if (prefixlen < 0) { 1398 (void) fprintf(stderr, 1399 "ifconfig: Bad prefix length in %s\n", addr); 1400 exit(1); 1401 } 1402 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1403 lifr.lifr_addr.ss_family = af; 1404 if (af == AF_INET6) { 1405 struct sockaddr_in6 *sin6; 1406 1407 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 1408 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1409 (uchar_t *)&sin6->sin6_addr)) { 1410 (void) fprintf(stderr, "ifconfig: " 1411 "Bad prefix length: %d\n", 1412 prefixlen); 1413 exit(1); 1414 } 1415 } else if (af == AF_INET) { 1416 struct sockaddr_in *sin; 1417 1418 sin = (struct sockaddr_in *)&lifr.lifr_addr; 1419 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1420 (uchar_t *)&sin->sin_addr)) { 1421 (void) fprintf(stderr, "ifconfig: " 1422 "Bad prefix length: %d\n", 1423 prefixlen); 1424 exit(1); 1425 } 1426 } else { 1427 (void) fprintf(stderr, "ifconfig: setting prefix only supported" 1428 " for address family inet or inet6\n"); 1429 exit(1); 1430 } 1431 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1432 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1433 Perror0_exit("SIOCSLIFNETMASK"); 1434 return (0); 1435 } 1436 1437 /* ARGSUSED */ 1438 static int 1439 setifbroadaddr(char *addr, int64_t param) 1440 { 1441 struct sockaddr_in broadaddr; 1442 1443 assert(afp->af_af != AF_INET6); 1444 1445 if (strcmp(addr, "+") == 0) { 1446 /* 1447 * This doesn't set the broadcast address at all. Rather, it 1448 * gets, then sets the interface's address, relying on the fact 1449 * that resetting the address will reset the broadcast address. 1450 */ 1451 (void) strncpy(lifr.lifr_name, name, 1452 sizeof (lifr.lifr_name)); 1453 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 1454 if (errno != EADDRNOTAVAIL) 1455 Perror0_exit("SIOCGLIFADDR"); 1456 return (0); 1457 } 1458 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1459 Perror0_exit("SIOCGLIFADDR"); 1460 1461 return (0); 1462 } 1463 in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL); 1464 1465 (void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr)); 1466 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1467 if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0) 1468 Perror0_exit("SIOCSLIFBRDADDR"); 1469 return (0); 1470 } 1471 1472 /* 1473 * set interface destination address 1474 */ 1475 /* ARGSUSED */ 1476 static int 1477 setifdstaddr(char *addr, int64_t param) 1478 { 1479 (*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL); 1480 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1481 if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0) 1482 Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR"); 1483 return (0); 1484 } 1485 1486 /* ARGSUSED */ 1487 static int 1488 setifflags(char *val, int64_t value) 1489 { 1490 struct lifreq lifrl; /* local lifreq struct */ 1491 boolean_t bringup = _B_FALSE; 1492 1493 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1494 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) 1495 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1496 1497 if (value < 0) { 1498 value = -value; 1499 1500 if ((value & IFF_NOFAILOVER) && (lifr.lifr_flags & IFF_UP)) { 1501 /* 1502 * The kernel does not allow administratively up test 1503 * addresses to be converted to data addresses. Bring 1504 * the address down first, then bring it up after it's 1505 * been converted to a data address. 1506 */ 1507 lifr.lifr_flags &= ~IFF_UP; 1508 (void) ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr); 1509 bringup = _B_TRUE; 1510 } 1511 1512 lifr.lifr_flags &= ~value; 1513 if ((value & (IFF_UP | IFF_NOFAILOVER)) && 1514 (lifr.lifr_flags & IFF_DUPLICATE)) { 1515 /* 1516 * If the user is trying to mark an interface with a 1517 * duplicate address as "down," or convert a duplicate 1518 * test address to a data address, then fetch the 1519 * address and set it. This will cause IP to clear 1520 * the IFF_DUPLICATE flag and stop the automatic 1521 * recovery timer. 1522 */ 1523 value = lifr.lifr_flags; 1524 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) 1525 (void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr); 1526 lifr.lifr_flags = value; 1527 } 1528 } else { 1529 lifr.lifr_flags |= value; 1530 } 1531 1532 /* 1533 * If we're about to bring up an underlying physical IPv6 interface in 1534 * an IPMP group, ensure the IPv6 IPMP interface is also up. This is 1535 * for backward compatibility with legacy configurations in which 1536 * there are no explicit hostname files for IPMP interfaces. (For 1537 * IPv4, this is automatically handled by the kernel when migrating 1538 * the underlying interface's data address to the IPMP interface.) 1539 */ 1540 (void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ); 1541 1542 if (lifnum(lifr.lifr_name) == 0 && 1543 (lifr.lifr_flags & (IFF_UP|IFF_IPV6)) == (IFF_UP|IFF_IPV6) && 1544 ioctl(s, SIOCGLIFGROUPNAME, &lifrl) == 0 && 1545 lifrl.lifr_groupname[0] != '\0') { 1546 lifgroupinfo_t lifgr; 1547 1548 (void) strlcpy(lifgr.gi_grname, lifrl.lifr_groupname, 1549 LIFGRNAMSIZ); 1550 if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) 1551 Perror0_exit("setifflags: SIOCGLIFGROUPINFO"); 1552 1553 (void) strlcpy(lifrl.lifr_name, lifgr.gi_grifname, LIFNAMSIZ); 1554 if (ioctl(s, SIOCGLIFFLAGS, &lifrl) == -1) 1555 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1556 if (!(lifrl.lifr_flags & IFF_UP)) { 1557 lifrl.lifr_flags |= IFF_UP; 1558 if (ioctl(s, SIOCSLIFFLAGS, &lifrl) == -1) 1559 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1560 } 1561 } 1562 1563 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1564 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) 1565 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1566 1567 if (bringup) { 1568 lifr.lifr_flags |= IFF_UP; 1569 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) 1570 Perror0_exit("setifflags: SIOCSLIFFLAGS IFF_UP"); 1571 } 1572 1573 return (0); 1574 } 1575 1576 /* ARGSUSED */ 1577 static int 1578 setifmetric(char *val, int64_t param) 1579 { 1580 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1581 lifr.lifr_metric = atoi(val); 1582 if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0) 1583 Perror0_exit("setifmetric: SIOCSLIFMETRIC"); 1584 return (0); 1585 } 1586 1587 /* ARGSUSED */ 1588 static int 1589 setifmtu(char *val, int64_t param) 1590 { 1591 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1592 lifr.lifr_mtu = atoi(val); 1593 if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0) 1594 Perror0_exit("setifmtu: SIOCSLIFMTU"); 1595 return (0); 1596 } 1597 1598 /* ARGSUSED */ 1599 static int 1600 setifindex(char *val, int64_t param) 1601 { 1602 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1603 lifr.lifr_index = atoi(val); 1604 if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0) 1605 Perror0_exit("setifindex: SIOCSLIFINDEX"); 1606 return (0); 1607 } 1608 1609 /* ARGSUSED */ 1610 static void 1611 notifycb(dlpi_handle_t dh, dlpi_notifyinfo_t *dnip, void *arg) 1612 { 1613 } 1614 1615 /* ARGSUSED */ 1616 static int 1617 setifether(char *addr, int64_t param) 1618 { 1619 uchar_t *hwaddr; 1620 int hwaddrlen; 1621 int retval; 1622 ifaddrlistx_t *ifaddrp, *ifaddrs = NULL; 1623 dlpi_handle_t dh; 1624 dlpi_notifyid_t id; 1625 1626 if (addr == NULL) { 1627 ifstatus(name); 1628 print_ifether(name); 1629 return (0); 1630 } 1631 1632 /* 1633 * if the IP interface in the arguments is a logical 1634 * interface, exit with an error now. 1635 */ 1636 if (strchr(name, ':') != NULL) { 1637 (void) fprintf(stderr, "ifconfig: cannot change" 1638 " ethernet address of a logical interface\n"); 1639 exit(1); 1640 } 1641 1642 if ((hwaddr = _link_aton(addr, &hwaddrlen)) == NULL) { 1643 if (hwaddrlen == -1) 1644 (void) fprintf(stderr, 1645 "ifconfig: bad ethernet address\n"); 1646 else 1647 (void) fprintf(stderr, "ifconfig: malloc() failed\n"); 1648 exit(1); 1649 } 1650 1651 if ((retval = dlpi_open(name, &dh, 0)) != DLPI_SUCCESS) 1652 Perrdlpi_exit("cannot dlpi_open() link", name, retval); 1653 1654 retval = dlpi_enabnotify(dh, DL_NOTE_PHYS_ADDR, notifycb, NULL, &id); 1655 if (retval == DLPI_SUCCESS) { 1656 (void) dlpi_disabnotify(dh, id, NULL); 1657 } else { 1658 /* 1659 * This link does not support DL_NOTE_PHYS_ADDR: bring down 1660 * all of the addresses to flush the old hardware address 1661 * information out of IP. 1662 * 1663 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is 1664 * more than an optimization: in.mpathd will set IFF_OFFLINE 1665 * if it's notified and the new address is a duplicate of 1666 * another in the group -- but the flags manipulation in 1667 * ifaddr_{down,up}() cannot be atomic and thus might clobber 1668 * IFF_OFFLINE, confusing in.mpathd. 1669 */ 1670 if (ifaddrlistx(name, IFF_UP, 0, &ifaddrs) == -1) 1671 Perror2_exit(name, "cannot get address list"); 1672 1673 ifaddrp = ifaddrs; 1674 for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 1675 if (!ifaddr_down(ifaddrp)) { 1676 Perror2_exit(ifaddrp->ia_name, 1677 "cannot bring down"); 1678 } 1679 } 1680 } 1681 1682 /* 1683 * Change the hardware address. 1684 */ 1685 retval = dlpi_set_physaddr(dh, DL_CURR_PHYS_ADDR, hwaddr, hwaddrlen); 1686 if (retval != DLPI_SUCCESS) { 1687 (void) fprintf(stderr, 1688 "ifconfig: failed setting mac address on %s\n", name); 1689 } 1690 dlpi_close(dh); 1691 1692 /* 1693 * If any addresses were brought down before changing the hardware 1694 * address, bring them up again. 1695 */ 1696 for (ifaddrp = ifaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 1697 if (!ifaddr_up(ifaddrp)) 1698 Perror2_exit(ifaddrp->ia_name, "cannot bring up"); 1699 } 1700 ifaddrlistx_free(ifaddrs); 1701 1702 return (0); 1703 } 1704 1705 /* 1706 * Print an interface's Ethernet address, if it has one. 1707 */ 1708 static void 1709 print_ifether(const char *ifname) 1710 { 1711 int fd; 1712 1713 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1714 1715 fd = socket(AF_INET, SOCK_DGRAM, 0); 1716 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1717 /* 1718 * It's possible the interface is only configured for 1719 * IPv6; check again with AF_INET6. 1720 */ 1721 (void) close(fd); 1722 fd = socket(AF_INET6, SOCK_DGRAM, 0); 1723 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1724 (void) close(fd); 1725 return; 1726 } 1727 } 1728 (void) close(fd); 1729 1730 /* VNI and IPMP interfaces don't have MAC addresses */ 1731 if (lifr.lifr_flags & (IFF_VIRTUAL|IFF_IPMP)) 1732 return; 1733 1734 /* IP tunnels also don't have Ethernet-like MAC addresses */ 1735 if (ifconfig_dladm_open(ifname, DATALINK_CLASS_IPTUN, NULL) == 1736 DLADM_STATUS_OK) 1737 return; 1738 1739 dlpi_print_address(ifname); 1740 } 1741 1742 /* 1743 * static int find_all_interfaces(struct lifconf *lifcp, char **buf, 1744 * int64_t lifc_flags) 1745 * 1746 * It finds all active data links. 1747 * 1748 * It takes in input a pointer to struct lifconf to receive interfaces 1749 * informations, a **char to hold allocated buffer, and a lifc_flags. 1750 * 1751 * Return values: 1752 * 0 = everything OK 1753 * -1 = problem 1754 */ 1755 static int 1756 find_all_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags) 1757 { 1758 unsigned bufsize; 1759 int n; 1760 ni_t *nip; 1761 struct lifreq *lifrp; 1762 dladm_status_t status; 1763 1764 if (!dlh_opened) { 1765 status = ifconfig_dladm_open(NULL, 0, NULL); 1766 if (status != DLADM_STATUS_OK) 1767 dladmerr_exit(status, "unable to open dladm handle"); 1768 } 1769 1770 (void) dlpi_walk(ni_entry, dlh, 0); 1771 1772 /* Now, translate the linked list into a struct lifreq buffer */ 1773 if (num_ni == 0) { 1774 lifcp->lifc_family = AF_UNSPEC; 1775 lifcp->lifc_flags = lifc_flags; 1776 lifcp->lifc_len = 0; 1777 lifcp->lifc_buf = NULL; 1778 return (0); 1779 } 1780 1781 bufsize = num_ni * sizeof (struct lifreq); 1782 if ((*buf = malloc(bufsize)) == NULL) 1783 Perror0_exit("find_all_interfaces: malloc failed"); 1784 1785 lifcp->lifc_family = AF_UNSPEC; 1786 lifcp->lifc_flags = lifc_flags; 1787 lifcp->lifc_len = bufsize; 1788 lifcp->lifc_buf = *buf; 1789 1790 for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) { 1791 nip = ni_list; 1792 (void) strncpy(lifrp->lifr_name, nip->ni_name, 1793 sizeof (lifr.lifr_name)); 1794 ni_list = nip->ni_next; 1795 free(nip); 1796 } 1797 return (0); 1798 } 1799 1800 /* 1801 * Create the next unused logical interface using the original name 1802 * and assign the address (and mask if '/<n>' is part of the address). 1803 * Use the new logical interface for subsequent subcommands by updating 1804 * the name variable. 1805 * 1806 * This allows syntax like: 1807 * ifconfig le0 addif 109.106.86.130 netmask + up \ 1808 * addif 109.106.86.131 netmask + up 1809 */ 1810 /* ARGSUSED */ 1811 static int 1812 addif(char *str, int64_t param) 1813 { 1814 int prefixlen = 0; 1815 struct sockaddr_storage laddr; 1816 struct sockaddr_storage mask; 1817 struct sockaddr_in6 *sin6; 1818 struct sockaddr_in *sin; 1819 ipadm_status_t istatus; 1820 char cidraddr[BUFSIZ]; 1821 char addrstr[INET6_ADDRSTRLEN]; 1822 1823 (void) strncpy(name, origname, sizeof (name)); 1824 1825 if (strchr(name, ':') != NULL) { 1826 (void) fprintf(stderr, 1827 "ifconfig: addif: bad physical interface name %s\n", 1828 name); 1829 exit(1); 1830 } 1831 1832 /* 1833 * clear so parser will interpret next address as source followed 1834 * by possible dest 1835 */ 1836 setaddr = 0; 1837 (*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen); 1838 1839 (void) memset(&mask, 0, sizeof (mask)); 1840 mask.ss_family = afp->af_af; 1841 1842 switch (prefixlen) { 1843 case NO_PREFIX: 1844 /* Nothing there - ok */ 1845 break; 1846 case BAD_ADDR: 1847 (void) fprintf(stderr, 1848 "ifconfig: Bad prefix length in %s\n", str); 1849 exit(1); 1850 default: 1851 (void) memset(&mask, 0, sizeof (mask)); 1852 mask.ss_family = afp->af_af; 1853 if (afp->af_af == AF_INET6) { 1854 sin6 = (struct sockaddr_in6 *)&mask; 1855 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1856 (uchar_t *)&sin6->sin6_addr)) { 1857 (void) fprintf(stderr, "ifconfig: " 1858 "Bad prefix length: %d\n", 1859 prefixlen); 1860 exit(1); 1861 } 1862 } else { 1863 sin = (struct sockaddr_in *)&mask; 1864 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1865 (uchar_t *)&sin->sin_addr)) { 1866 (void) fprintf(stderr, "ifconfig: " 1867 "Bad prefix length: %d\n", 1868 prefixlen); 1869 exit(1); 1870 } 1871 } 1872 g_netmask_set = G_NETMASK_NIL; 1873 break; 1874 } 1875 1876 /* 1877 * This is a "hack" to get around the problem of SIOCLIFADDIF. The 1878 * problem is that this ioctl does not include the netmask when 1879 * adding a logical interface. This is the same problem described 1880 * in the ifconfig() comments. To get around this problem, we first 1881 * add the logical interface with a 0 address. After that, we set 1882 * the netmask if provided. Finally we set the interface address. 1883 */ 1884 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1885 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1886 1887 /* Note: no need to do DAD here since the interface isn't up yet. */ 1888 1889 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) 1890 Perror0_exit("addif: SIOCLIFADDIF"); 1891 1892 (void) printf("Created new logical interface %s\n", 1893 lifr.lifr_name); 1894 (void) strncpy(name, lifr.lifr_name, sizeof (name)); 1895 1896 /* 1897 * Check and see if any "netmask" command is used and perform the 1898 * necessary operation. 1899 */ 1900 set_mask_lifreq(&lifr, &laddr, &mask); 1901 1902 /* This check is temporary until libipadm supports IPMP interfaces. */ 1903 if (ifconfig_use_libipadm(s, name)) { 1904 /* 1905 * We added the logical interface above before calling 1906 * ipadm_create_addr(), because, with IPH_LEGACY, we need 1907 * to do an addif for `ifconfig ce0 addif <addr>' but not for 1908 * `ifconfig ce0 <addr>'. libipadm does not have a flag to 1909 * to differentiate between these two cases. To keep it simple, 1910 * we always create the logical interface and pass it to 1911 * libipadm instead of requiring libipadm to addif for some 1912 * cases and not do addif for other cases. 1913 */ 1914 istatus = ipadm_create_addrobj(IPADM_ADDR_STATIC, name, 1915 &ipaddr); 1916 if (istatus != IPADM_SUCCESS) 1917 ipadmerr_exit(istatus, "addif"); 1918 1919 if (af == AF_INET) { 1920 sin = (struct sockaddr_in *)&laddr; 1921 (void) inet_ntop(AF_INET, &sin->sin_addr, addrstr, 1922 sizeof (addrstr)); 1923 } else { 1924 sin6 = (struct sockaddr_in6 *)&laddr; 1925 (void) inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr, 1926 sizeof (addrstr)); 1927 } 1928 /* 1929 * lifr.lifr_addr, which is updated by set_mask_lifreq() 1930 * will contain the right mask to use. 1931 */ 1932 prefixlen = mask2plen((struct sockaddr *)&lifr.lifr_addr); 1933 1934 (void) snprintf(cidraddr, sizeof (cidraddr), "%s/%d", 1935 addrstr, prefixlen); 1936 1937 istatus = ipadm_set_addr(ipaddr, cidraddr, af); 1938 1939 if (istatus != IPADM_SUCCESS) 1940 ipadmerr_exit(istatus, "could not set address"); 1941 setaddr++; 1942 /* 1943 * address will be set by the parser after nextarg 1944 * has been scanned 1945 */ 1946 return (0); 1947 } 1948 1949 /* 1950 * Only set the netmask if "netmask" command is used or a prefix is 1951 * provided. 1952 */ 1953 if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) { 1954 /* 1955 * lifr.lifr_addr already contains netmask from 1956 * set_mask_lifreq(). 1957 */ 1958 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1959 Perror0_exit("addif: SIOCSLIFNETMASK"); 1960 } 1961 1962 /* Finally, we set the interface address. */ 1963 lifr.lifr_addr = laddr; 1964 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1965 Perror0_exit("SIOCSLIFADDR"); 1966 1967 /* 1968 * let parser know we got a source. 1969 * Next address, if given, should be dest 1970 */ 1971 setaddr++; 1972 return (0); 1973 } 1974 1975 /* 1976 * Remove a logical interface based on its IP address. Unlike addif 1977 * there is no '/<n>' here. 1978 * Verifies that the interface is down before it is removed. 1979 */ 1980 /* ARGSUSED */ 1981 static int 1982 removeif(char *str, int64_t param) 1983 { 1984 struct sockaddr_storage laddr; 1985 ipadm_status_t istatus; 1986 ipadm_addr_info_t *ainfo, *ainfop; 1987 1988 if (strchr(name, ':') != NULL) { 1989 (void) fprintf(stderr, 1990 "ifconfig: removeif: bad physical interface name %s\n", 1991 name); 1992 exit(1); 1993 } 1994 1995 (*afp->af_getaddr)(str, &laddr, NULL); 1996 1997 /* 1998 * Following check is temporary until libipadm supports 1999 * IPMP interfaces. 2000 */ 2001 if (!ifconfig_use_libipadm(s, name)) 2002 goto delete; 2003 2004 /* 2005 * Get all addresses and search this address among the active 2006 * addresses. If an address object was found, delete using 2007 * ipadm_delete_addr(). 2008 */ 2009 istatus = ipadm_addr_info(iph, name, &ainfo, 0, LIFC_DEFAULT); 2010 if (istatus != IPADM_SUCCESS) 2011 ipadmerr_exit(istatus, "removeif"); 2012 2013 for (ainfop = ainfo; ainfop != NULL; ainfop = IA_NEXT(ainfop)) 2014 if (sockaddrcmp( 2015 (struct sockaddr_storage *)ainfop->ia_ifa.ifa_addr, &laddr)) 2016 break; 2017 2018 if (ainfop != NULL) { 2019 if (strchr(ainfop->ia_ifa.ifa_name, ':') == NULL) { 2020 (void) fprintf(stderr, 2021 "ifconfig: removeif: cannot remove interface: %s\n", 2022 name); 2023 exit(1); 2024 } 2025 if (ainfop->ia_aobjname[0] != '\0') { 2026 istatus = ipadm_delete_addr(iph, ainfop->ia_aobjname, 2027 IPADM_OPT_ACTIVE); 2028 if (istatus != IPADM_SUCCESS) { 2029 ipadmerr_exit(istatus, 2030 "could not delete address"); 2031 } 2032 ipadm_free_addr_info(ainfo); 2033 return (0); 2034 } 2035 } 2036 ipadm_free_addr_info(ainfo); 2037 2038 delete: 2039 /* 2040 * An address object for this address was not found in ipadm. 2041 * Delete with SIOCLIFREMOVEIF. 2042 */ 2043 lifr.lifr_addr = laddr; 2044 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2045 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) { 2046 if (errno == EBUSY) { 2047 /* This can only happen if ipif_id = 0 */ 2048 (void) fprintf(stderr, 2049 "ifconfig: removeif: cannot remove interface: %s\n", 2050 name); 2051 exit(1); 2052 } 2053 Perror0_exit("removeif: SIOCLIFREMOVEIF"); 2054 } 2055 return (0); 2056 } 2057 2058 /* 2059 * Set the address token for IPv6. 2060 */ 2061 /* ARGSUSED */ 2062 static int 2063 setiftoken(char *addr, int64_t param) 2064 { 2065 int prefixlen = 0; 2066 struct sockaddr_in6 token; 2067 2068 in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen); 2069 switch (prefixlen) { 2070 case NO_PREFIX: 2071 (void) fprintf(stderr, 2072 "ifconfig: Missing prefix length in subnet %s\n", addr); 2073 exit(1); 2074 /* NOTREACHED */ 2075 case BAD_ADDR: 2076 (void) fprintf(stderr, 2077 "ifconfig: Bad prefix length in %s\n", addr); 2078 exit(1); 2079 default: 2080 break; 2081 } 2082 (void) memcpy(&lifr.lifr_addr, &token, sizeof (token)); 2083 lifr.lifr_addrlen = prefixlen; 2084 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2085 if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0) { 2086 Perror0_exit("setiftoken: SIOCSLIFTOKEN"); 2087 } 2088 return (0); 2089 } 2090 2091 /* ARGSUSED */ 2092 static int 2093 setifgroupname(char *grname, int64_t param) 2094 { 2095 lifgroupinfo_t lifgr; 2096 struct lifreq lifrl; 2097 ifaddrlistx_t *ifaddrp, *nextifaddrp; 2098 ifaddrlistx_t *ifaddrs = NULL, *downaddrs = NULL; 2099 int af; 2100 2101 if (debug) { 2102 (void) printf("Setting groupname %s on interface %s\n", 2103 grname, name); 2104 } 2105 2106 (void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ); 2107 (void) strlcpy(lifrl.lifr_groupname, grname, LIFGRNAMSIZ); 2108 2109 while (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) { 2110 switch (errno) { 2111 case ENOENT: 2112 /* 2113 * The group doesn't yet exist; create it and repeat. 2114 */ 2115 af = afp->af_af; 2116 if (create_ipmp(grname, af, NULL, _B_TRUE) == -1) { 2117 if (errno == EEXIST) 2118 continue; 2119 2120 Perror2(grname, "cannot create IPMP group"); 2121 goto fail; 2122 } 2123 continue; 2124 2125 case EALREADY: 2126 /* 2127 * The interface is already in another group; must 2128 * remove existing membership first. 2129 */ 2130 lifrl.lifr_groupname[0] = '\0'; 2131 if (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) { 2132 Perror2(name, "cannot remove existing " 2133 "IPMP group membership"); 2134 goto fail; 2135 } 2136 (void) strlcpy(lifrl.lifr_groupname, grname, 2137 LIFGRNAMSIZ); 2138 continue; 2139 2140 case EAFNOSUPPORT: 2141 /* 2142 * The group exists, but it's not configured with the 2143 * address families the interface needs. Since only 2144 * two address families are currently supported, just 2145 * configure the "other" address family. Note that we 2146 * may race with group deletion or creation by another 2147 * process (ENOENT or EEXIST); in such cases we repeat 2148 * our original SIOCSLIFGROUPNAME. 2149 */ 2150 (void) strlcpy(lifgr.gi_grname, grname, LIFGRNAMSIZ); 2151 if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) { 2152 if (errno == ENOENT) 2153 continue; 2154 2155 Perror2(grname, "SIOCGLIFGROUPINFO"); 2156 goto fail; 2157 } 2158 2159 af = lifgr.gi_v4 ? AF_INET6 : AF_INET; 2160 if (create_ipmp(grname, af, lifgr.gi_grifname, 2161 _B_TRUE) == -1) { 2162 if (errno == EEXIST) 2163 continue; 2164 2165 Perror2(grname, "cannot configure IPMP group"); 2166 goto fail; 2167 } 2168 continue; 2169 2170 case EADDRINUSE: 2171 /* 2172 * Some addresses are in-use (or under control of DAD). 2173 * Bring them down and retry the group join operation. 2174 * We will bring them back up after the interface has 2175 * been placed in the group. 2176 */ 2177 if (ifaddrlistx(lifrl.lifr_name, IFF_UP|IFF_DUPLICATE, 2178 0, &ifaddrs) == -1) { 2179 Perror2(grname, "cannot get address list"); 2180 goto fail; 2181 } 2182 2183 ifaddrp = ifaddrs; 2184 for (; ifaddrp != NULL; ifaddrp = nextifaddrp) { 2185 if (!ifaddr_down(ifaddrp)) { 2186 ifaddrs = ifaddrp; 2187 goto fail; 2188 } 2189 nextifaddrp = ifaddrp->ia_next; 2190 ifaddrp->ia_next = downaddrs; 2191 downaddrs = ifaddrp; 2192 } 2193 ifaddrs = NULL; 2194 continue; 2195 2196 case EADDRNOTAVAIL: { 2197 /* 2198 * Some data addresses are under application control. 2199 * For some of these (e.g., ADDRCONF), the application 2200 * should remove the address, in which case we retry a 2201 * few times (since the application's action is not 2202 * atomic with respect to us) before bailing out and 2203 * informing the user. 2204 */ 2205 int ntries, nappaddr = 0; 2206 const if_appflags_t *iap = if_appflags_tbl; 2207 2208 for (; iap->ia_app != NULL; iap++) { 2209 ntries = 0; 2210 again: 2211 if (ifaddrlistx(lifrl.lifr_name, iap->ia_flag, 2212 IFF_NOFAILOVER, &ifaddrs) == -1) { 2213 (void) fprintf(stderr, "ifconfig: %s: " 2214 "cannot get data addresses managed " 2215 "by %s\n", lifrl.lifr_name, 2216 iap->ia_app); 2217 goto fail; 2218 } 2219 2220 if (ifaddrs == NULL) 2221 continue; 2222 2223 ifaddrlistx_free(ifaddrs); 2224 ifaddrs = NULL; 2225 2226 if (++ntries < iap->ia_tries) { 2227 (void) poll(NULL, 0, 100); 2228 goto again; 2229 } 2230 2231 (void) fprintf(stderr, "ifconfig: cannot join " 2232 "IPMP group: %s has data addresses managed " 2233 "by %s\n", lifrl.lifr_name, iap->ia_app); 2234 nappaddr++; 2235 } 2236 if (nappaddr > 0) 2237 goto fail; 2238 continue; 2239 } 2240 default: 2241 Perror2(name, "SIOCSLIFGROUPNAME"); 2242 goto fail; 2243 } 2244 } 2245 2246 /* 2247 * If the interface being moved is under the control of `ipmgmtd(1M)' 2248 * dameon then we should inform the daemon about this move, so that 2249 * the daemon can delete the state associated with this interface. 2250 * 2251 * This workaround is needed until the IPMP support in ipadm(1M). 2252 */ 2253 ipadm_if_move(iph, name); 2254 2255 /* 2256 * If there were addresses that we had to bring down, it's time to 2257 * bring them up again. As part of bringing them up, the kernel will 2258 * automatically move them to the new IPMP interface. 2259 */ 2260 for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 2261 if (!ifaddr_up(ifaddrp) && errno != ENXIO) { 2262 (void) fprintf(stderr, "ifconfig: cannot bring back up " 2263 "%s: %s\n", ifaddrp->ia_name, strerror(errno)); 2264 } 2265 } 2266 ifaddrlistx_free(downaddrs); 2267 return (0); 2268 fail: 2269 /* 2270 * Attempt to bring back up any interfaces that we downed. 2271 */ 2272 for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 2273 if (!ifaddr_up(ifaddrp) && errno != ENXIO) { 2274 (void) fprintf(stderr, "ifconfig: cannot bring back up " 2275 "%s: %s\n", ifaddrp->ia_name, strerror(errno)); 2276 } 2277 } 2278 ifaddrlistx_free(downaddrs); 2279 ifaddrlistx_free(ifaddrs); 2280 2281 /* 2282 * We'd return -1, but foreachinterface() doesn't propagate the error 2283 * into the exit status, so we're forced to explicitly exit(). 2284 */ 2285 exit(1); 2286 /* NOTREACHED */ 2287 } 2288 2289 static boolean_t 2290 modcheck(const char *ifname) 2291 { 2292 (void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2293 2294 if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) { 2295 Perror0("SIOCGLIFFLAGS"); 2296 return (_B_FALSE); 2297 } 2298 2299 if (lifr.lifr_flags & IFF_IPMP) { 2300 (void) fprintf(stderr, "ifconfig: %s: module operations not" 2301 " supported on IPMP interfaces\n", ifname); 2302 return (_B_FALSE); 2303 } 2304 if (lifr.lifr_flags & IFF_VIRTUAL) { 2305 (void) fprintf(stderr, "ifconfig: %s: module operations not" 2306 " supported on virtual IP interfaces\n", ifname); 2307 return (_B_FALSE); 2308 } 2309 return (_B_TRUE); 2310 } 2311 2312 /* 2313 * To list all the modules above a given network interface. 2314 */ 2315 /* ARGSUSED */ 2316 static int 2317 modlist(char *null, int64_t param) 2318 { 2319 int muxid_fd; 2320 int muxfd; 2321 int ipfd_lowstr; 2322 int arpfd_lowstr; 2323 int num_mods; 2324 int i; 2325 struct str_list strlist; 2326 int orig_arpid; 2327 2328 /* 2329 * We'd return -1, but foreachinterface() doesn't propagate the error 2330 * into the exit status, so we're forced to explicitly exit(). 2331 */ 2332 if (!modcheck(name)) 2333 exit(1); 2334 2335 if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr, 2336 &orig_arpid) < 0) { 2337 return (-1); 2338 } 2339 if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) { 2340 Perror0("cannot I_LIST to get the number of modules"); 2341 } else { 2342 if (debug > 0) { 2343 (void) printf("Listing (%d) modules above %s\n", 2344 num_mods, name); 2345 } 2346 2347 strlist.sl_nmods = num_mods; 2348 strlist.sl_modlist = malloc(sizeof (struct str_mlist) * 2349 num_mods); 2350 if (strlist.sl_modlist == NULL) { 2351 Perror0("cannot malloc"); 2352 } else { 2353 if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) { 2354 Perror0("cannot I_LIST for module names"); 2355 } else { 2356 for (i = 0; i < strlist.sl_nmods; i++) { 2357 (void) printf("%d %s\n", i, 2358 strlist.sl_modlist[i].l_name); 2359 } 2360 } 2361 free(strlist.sl_modlist); 2362 } 2363 } 2364 return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr, 2365 orig_arpid)); 2366 } 2367 2368 #define MODINSERT_OP 'i' 2369 #define MODREMOVE_OP 'r' 2370 2371 /* 2372 * To insert a module to the stream of the interface. It is just a 2373 * wrapper. The real function is modop(). 2374 */ 2375 /* ARGSUSED */ 2376 static int 2377 modinsert(char *arg, int64_t param) 2378 { 2379 return (modop(arg, MODINSERT_OP)); 2380 } 2381 2382 /* 2383 * To remove a module from the stream of the interface. It is just a 2384 * wrapper. The real function is modop(). 2385 */ 2386 /* ARGSUSED */ 2387 static int 2388 modremove(char *arg, int64_t param) 2389 { 2390 return (modop(arg, MODREMOVE_OP)); 2391 } 2392 2393 /* 2394 * Helper function for mod*() functions. It gets a fd to the lower IP 2395 * stream and I_PUNLINK's the lower stream. It also initializes the 2396 * global variable lifr. 2397 * 2398 * Param: 2399 * int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK 2400 * int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID 2401 * int *ipfd_lowstr: fd to the lower IP stream. 2402 * int *arpfd_lowstr: fd to the lower ARP stream. 2403 * 2404 * Return: 2405 * -1 if operation fails, 0 otherwise. 2406 * 2407 * Please see the big block comment above ifplumb() for the logic of the 2408 * PLINK/PUNLINK 2409 */ 2410 static int 2411 ip_domux2fd(int *muxfd, int *muxid_fd, int *ipfd_lowstr, int *arpfd_lowstr, 2412 int *orig_arpid) 2413 { 2414 uint64_t flags; 2415 char *udp_dev_name; 2416 2417 *orig_arpid = 0; 2418 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2419 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2420 Perror0_exit("status: SIOCGLIFFLAGS"); 2421 } 2422 flags = lifr.lifr_flags; 2423 if (flags & IFF_IPV4) { 2424 udp_dev_name = UDP_DEV_NAME; 2425 } else if (flags & IFF_IPV6) { 2426 udp_dev_name = UDP6_DEV_NAME; 2427 } else { 2428 return (-1); 2429 } 2430 2431 if ((*muxid_fd = open(udp_dev_name, O_RDWR)) < 0) { 2432 Perror2("open", udp_dev_name); 2433 return (-1); 2434 } 2435 if (ioctl(*muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 2436 Perror2("SIOCGLIFMUXID", udp_dev_name); 2437 return (-1); 2438 } 2439 if (debug > 0) { 2440 (void) printf("ARP_muxid %d IP_muxid %d\n", 2441 lifr.lifr_arp_muxid, lifr.lifr_ip_muxid); 2442 } 2443 2444 /* 2445 * Use /dev/udp{,6} as the mux to avoid linkcycles. 2446 */ 2447 if (ipadm_open_arp_on_udp(udp_dev_name, muxfd) != IPADM_SUCCESS) 2448 return (-1); 2449 2450 if (lifr.lifr_arp_muxid != 0) { 2451 if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2452 lifr.lifr_arp_muxid)) < 0) { 2453 if ((errno == EINVAL) && 2454 (flags & (IFF_NOARP | IFF_IPV6))) { 2455 /* 2456 * Some plumbing utilities set the muxid to 2457 * -1 or some invalid value to signify that 2458 * there is no arp stream. Set the muxid to 0 2459 * before trying to unplumb the IP stream. 2460 * IP does not allow the IP stream to be 2461 * unplumbed if it sees a non-null arp muxid, 2462 * for consistency of IP-ARP streams. 2463 */ 2464 *orig_arpid = lifr.lifr_arp_muxid; 2465 lifr.lifr_arp_muxid = 0; 2466 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, 2467 (caddr_t)&lifr); 2468 *arpfd_lowstr = -1; 2469 } else { 2470 Perror0("_I_MUXID2FD"); 2471 return (-1); 2472 } 2473 } else if (ioctl(*muxfd, I_PUNLINK, 2474 lifr.lifr_arp_muxid) < 0) { 2475 Perror2("I_PUNLINK", udp_dev_name); 2476 return (-1); 2477 } 2478 } else { 2479 *arpfd_lowstr = -1; 2480 } 2481 2482 if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2483 lifr.lifr_ip_muxid)) < 0) { 2484 Perror0("_I_MUXID2FD"); 2485 /* Undo any changes we made */ 2486 if (*orig_arpid != 0) { 2487 lifr.lifr_arp_muxid = *orig_arpid; 2488 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2489 } 2490 return (-1); 2491 } 2492 if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) { 2493 Perror2("I_PUNLINK", udp_dev_name); 2494 /* Undo any changes we made */ 2495 if (*orig_arpid != 0) { 2496 lifr.lifr_arp_muxid = *orig_arpid; 2497 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2498 } 2499 return (-1); 2500 } 2501 return (0); 2502 } 2503 2504 /* 2505 * Helper function for mod*() functions. It I_PLINK's back the upper and 2506 * lower IP streams. Note that this function must be called after 2507 * ip_domux2fd(). In ip_domux2fd(), the global variable lifr is initialized 2508 * and ip_plink() needs information in lifr. So ip_domux2fd() and ip_plink() 2509 * must be called in pairs. 2510 * 2511 * Param: 2512 * int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK 2513 * int muxid_fd: fd to /dev/udp{,6} for LIFMUXID 2514 * int ipfd_lowstr: fd to the lower IP stream. 2515 * int arpfd_lowstr: fd to the lower ARP stream. 2516 * 2517 * Return: 2518 * -1 if operation fails, 0 otherwise. 2519 * 2520 * Please see the big block comment above ifplumb() for the logic of the 2521 * PLINK/PUNLINK 2522 */ 2523 static int 2524 ip_plink(int muxfd, int muxid_fd, int ipfd_lowstr, int arpfd_lowstr, 2525 int orig_arpid) 2526 { 2527 int ip_muxid; 2528 2529 ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr); 2530 if (ip_muxid < 0) { 2531 Perror2("I_PLINK", UDP_DEV_NAME); 2532 return (-1); 2533 } 2534 2535 /* 2536 * If there is an arp stream, plink it. If there is no 2537 * arp stream, then it is possible that the plumbing 2538 * utility could have stored any value in the arp_muxid. 2539 * If so, restore it from orig_arpid. 2540 */ 2541 if (arpfd_lowstr != -1) { 2542 if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) { 2543 Perror2("I_PLINK", UDP_DEV_NAME); 2544 return (-1); 2545 } 2546 } else if (orig_arpid != 0) { 2547 /* Undo the changes we did in ip_domux2fd */ 2548 lifr.lifr_arp_muxid = orig_arpid; 2549 lifr.lifr_ip_muxid = ip_muxid; 2550 (void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2551 } 2552 2553 (void) close(muxfd); 2554 (void) close(muxid_fd); 2555 return (0); 2556 } 2557 2558 /* 2559 * The real function to perform module insertion/removal. 2560 * 2561 * Param: 2562 * char *arg: the argument string module_name@position 2563 * char op: operation, either MODINSERT_OP or MODREMOVE_OP. 2564 * 2565 * Return: 2566 * Before doing ip_domux2fd(), this function calls exit(1) in case of 2567 * error. After ip_domux2fd() is done, it returns -1 for error, 0 2568 * otherwise. 2569 */ 2570 static int 2571 modop(char *arg, char op) 2572 { 2573 char *pos_p; 2574 int muxfd; 2575 int muxid_fd; 2576 int ipfd_lowstr; /* IP stream (lower stream of mux) to be plinked */ 2577 int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */ 2578 struct strmodconf mod; 2579 char *at_char = "@"; 2580 char *arg_str; 2581 int orig_arpid; 2582 2583 /* 2584 * We'd return -1, but foreachinterface() doesn't propagate the error 2585 * into the exit status, so we're forced to explicitly exit(). 2586 */ 2587 if (!modcheck(name)) 2588 exit(1); 2589 2590 /* Need to save the original string for -a option. */ 2591 if ((arg_str = malloc(strlen(arg) + 1)) == NULL) { 2592 Perror0("cannot malloc"); 2593 return (-1); 2594 } 2595 (void) strcpy(arg_str, arg); 2596 2597 if (*arg_str == *at_char) { 2598 (void) fprintf(stderr, 2599 "ifconfig: must supply a module name\n"); 2600 exit(1); 2601 } 2602 mod.mod_name = strtok(arg_str, at_char); 2603 if (strlen(mod.mod_name) > FMNAMESZ) { 2604 (void) fprintf(stderr, "ifconfig: module name too long: %s\n", 2605 mod.mod_name); 2606 exit(1); 2607 } 2608 2609 /* 2610 * Need to make sure that the core TCP/IP stack modules are not 2611 * removed. Otherwise, "bad" things can happen. If a module 2612 * is removed and inserted back, it loses its old state. But 2613 * the modules above it still have the old state. E.g. IP assumes 2614 * fast data path while tunnel after re-inserted assumes that it can 2615 * receive M_DATA only in fast data path for which it does not have 2616 * any state. This is a general caveat of _I_REMOVE/_I_INSERT. 2617 */ 2618 if (op == MODREMOVE_OP && 2619 (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 || 2620 strcmp(mod.mod_name, IP_MOD_NAME) == 0)) { 2621 (void) fprintf(stderr, "ifconfig: cannot remove %s\n", 2622 mod.mod_name); 2623 exit(1); 2624 } 2625 2626 if ((pos_p = strtok(NULL, at_char)) == NULL) { 2627 (void) fprintf(stderr, "ifconfig: must supply a position\n"); 2628 exit(1); 2629 } 2630 mod.pos = atoi(pos_p); 2631 2632 if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr, 2633 &orig_arpid) < 0) { 2634 free(arg_str); 2635 return (-1); 2636 } 2637 switch (op) { 2638 case MODINSERT_OP: 2639 if (debug > 0) { 2640 (void) printf("Inserting module %s at %d\n", 2641 mod.mod_name, mod.pos); 2642 } 2643 if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) { 2644 Perror2("fail to insert module", mod.mod_name); 2645 } 2646 break; 2647 case MODREMOVE_OP: 2648 if (debug > 0) { 2649 (void) printf("Removing module %s at %d\n", 2650 mod.mod_name, mod.pos); 2651 } 2652 if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) { 2653 Perror2("fail to remove module", mod.mod_name); 2654 } 2655 break; 2656 default: 2657 /* Should never get to here. */ 2658 (void) fprintf(stderr, "Unknown operation\n"); 2659 break; 2660 } 2661 free(arg_str); 2662 return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr, 2663 orig_arpid)); 2664 } 2665 2666 static int 2667 modify_tun(iptun_params_t *params) 2668 { 2669 dladm_status_t status; 2670 2671 if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, 2672 ¶ms->iptun_param_linkid)) == DLADM_STATUS_OK) 2673 status = dladm_iptun_modify(dlh, params, DLADM_OPT_ACTIVE); 2674 if (status != DLADM_STATUS_OK) 2675 dladmerr_exit(status, name); 2676 return (0); 2677 } 2678 2679 /* 2680 * Set tunnel source address 2681 */ 2682 /* ARGSUSED */ 2683 static int 2684 setiftsrc(char *addr, int64_t param) 2685 { 2686 iptun_params_t params; 2687 2688 params.iptun_param_flags = IPTUN_PARAM_LADDR; 2689 (void) strlcpy(params.iptun_param_laddr, addr, 2690 sizeof (params.iptun_param_laddr)); 2691 return (modify_tun(¶ms)); 2692 } 2693 2694 /* 2695 * Set tunnel destination address 2696 */ 2697 /* ARGSUSED */ 2698 static int 2699 setiftdst(char *addr, int64_t param) 2700 { 2701 iptun_params_t params; 2702 2703 params.iptun_param_flags = IPTUN_PARAM_RADDR; 2704 (void) strlcpy(params.iptun_param_raddr, addr, 2705 sizeof (params.iptun_param_raddr)); 2706 return (modify_tun(¶ms)); 2707 } 2708 2709 static int 2710 set_tun_prop(const char *propname, char *value) 2711 { 2712 dladm_status_t status; 2713 datalink_id_t linkid; 2714 2715 status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid); 2716 if (status == DLADM_STATUS_OK) { 2717 status = dladm_set_linkprop(dlh, linkid, propname, &value, 1, 2718 DLADM_OPT_ACTIVE); 2719 } 2720 if (status != DLADM_STATUS_OK) 2721 dladmerr_exit(status, name); 2722 return (0); 2723 } 2724 2725 /* Set tunnel encapsulation limit. */ 2726 /* ARGSUSED */ 2727 static int 2728 set_tun_encap_limit(char *arg, int64_t param) 2729 { 2730 return (set_tun_prop("encaplimit", arg)); 2731 } 2732 2733 /* Disable encapsulation limit. */ 2734 /* ARGSUSED */ 2735 static int 2736 clr_tun_encap_limit(char *arg, int64_t param) 2737 { 2738 return (set_tun_encap_limit("-1", 0)); 2739 } 2740 2741 /* Set tunnel hop limit. */ 2742 /* ARGSUSED */ 2743 static int 2744 set_tun_hop_limit(char *arg, int64_t param) 2745 { 2746 return (set_tun_prop("hoplimit", arg)); 2747 } 2748 2749 /* Set zone ID */ 2750 static int 2751 setzone(char *arg, int64_t param) 2752 { 2753 zoneid_t zoneid = GLOBAL_ZONEID; 2754 2755 if (param == NEXTARG) { 2756 /* zone must be active */ 2757 if ((zoneid = getzoneidbyname(arg)) == -1) { 2758 (void) fprintf(stderr, 2759 "ifconfig: unknown zone '%s'\n", arg); 2760 exit(1); 2761 } 2762 } 2763 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2764 lifr.lifr_zoneid = zoneid; 2765 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2766 Perror0_exit("SIOCSLIFZONE"); 2767 return (0); 2768 } 2769 2770 /* Put interface into all zones */ 2771 /* ARGSUSED */ 2772 static int 2773 setallzones(char *arg, int64_t param) 2774 { 2775 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2776 lifr.lifr_zoneid = ALL_ZONES; 2777 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2778 Perror0_exit("SIOCSLIFZONE"); 2779 return (0); 2780 } 2781 2782 /* Set source address to use */ 2783 /* ARGSUSED */ 2784 static int 2785 setifsrc(char *arg, int64_t param) 2786 { 2787 uint_t ifindex = 0; 2788 int rval; 2789 2790 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2791 2792 /* 2793 * Argument can be either an interface name or "none". The latter means 2794 * that any previous selection is cleared. 2795 */ 2796 2797 if (strchr(arg, ':') != NULL) { 2798 (void) fprintf(stderr, 2799 "ifconfig: Cannot specify logical interface for usesrc \n"); 2800 exit(1); 2801 } 2802 2803 rval = strcmp(arg, NONE_STR); 2804 if (rval != 0) { 2805 if ((ifindex = if_nametoindex(arg)) == 0) { 2806 (void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ); 2807 Perror0_exit("Could not get interface index"); 2808 } 2809 lifr.lifr_index = ifindex; 2810 } else { 2811 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0) 2812 Perror0_exit("Not a valid usesrc consumer"); 2813 lifr.lifr_index = 0; 2814 } 2815 2816 if (debug) 2817 (void) printf("setifsrc: lifr_name %s, lifr_index %d\n", 2818 lifr.lifr_name, lifr.lifr_index); 2819 2820 if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) { 2821 if (rval == 0) 2822 Perror0_exit("Cannot reset usesrc group"); 2823 else 2824 Perror0_exit("Could not set source interface"); 2825 } 2826 2827 return (0); 2828 } 2829 2830 /* 2831 * Print the interface status line associated with `ifname' 2832 */ 2833 static void 2834 ifstatus(const char *ifname) 2835 { 2836 uint64_t flags; 2837 char if_usesrc_name[LIFNAMSIZ]; 2838 char *newbuf; 2839 int n, numifs, rval = 0; 2840 struct lifreq *lifrp; 2841 struct lifsrcof lifs; 2842 2843 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2844 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2845 Perror0_exit("status: SIOCGLIFFLAGS"); 2846 } 2847 flags = lifr.lifr_flags; 2848 2849 /* 2850 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or 2851 * interfaces with IFF_IPV6 set. 2852 */ 2853 if (v4compat) { 2854 flags &= ~IFF_IPV4; 2855 if (flags & IFF_IPV6) 2856 return; 2857 } 2858 2859 (void) printf("%s: ", ifname); 2860 print_flags(flags); 2861 2862 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2863 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 2864 Perror0_exit("status: SIOCGLIFMETRIC"); 2865 } else { 2866 if (lifr.lifr_metric) 2867 (void) printf(" metric %d", lifr.lifr_metric); 2868 } 2869 if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 2870 (void) printf(" mtu %u", lifr.lifr_mtu); 2871 2872 /* don't print index or zone when in compatibility mode */ 2873 if (!v4compat) { 2874 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 2875 (void) printf(" index %d", lifr.lifr_index); 2876 /* 2877 * Stack instances use GLOBAL_ZONEID for IP data structures 2878 * even in the non-global zone. 2879 */ 2880 if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 && 2881 lifr.lifr_zoneid != getzoneid() && 2882 lifr.lifr_zoneid != GLOBAL_ZONEID) { 2883 char zone_name[ZONENAME_MAX]; 2884 2885 if (lifr.lifr_zoneid == ALL_ZONES) { 2886 (void) printf("\n\tall-zones"); 2887 } else if (getzonenamebyid(lifr.lifr_zoneid, zone_name, 2888 sizeof (zone_name)) < 0) { 2889 (void) printf("\n\tzone %d", lifr.lifr_zoneid); 2890 } else { 2891 (void) printf("\n\tzone %s", zone_name); 2892 } 2893 } 2894 } 2895 2896 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) { 2897 lifs.lifs_ifindex = lifr.lifr_index; 2898 2899 /* 2900 * Find the number of interfaces that use this interfaces' 2901 * address as a source address 2902 */ 2903 lifs.lifs_buf = NULL; 2904 lifs.lifs_maxlen = 0; 2905 for (;;) { 2906 /* The first pass will give the bufsize we need */ 2907 rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs); 2908 if (rval < 0) { 2909 if (lifs.lifs_buf != NULL) { 2910 free(lifs.lifs_buf); 2911 lifs.lifs_buf = NULL; 2912 } 2913 lifs.lifs_len = 0; 2914 break; 2915 } 2916 if (lifs.lifs_len <= lifs.lifs_maxlen) 2917 break; 2918 /* Use kernel's size + a small margin to avoid loops */ 2919 lifs.lifs_maxlen = lifs.lifs_len + 2920 5 * sizeof (struct lifreq); 2921 /* For the first pass, realloc acts like malloc */ 2922 newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen); 2923 if (newbuf == NULL) { 2924 if (lifs.lifs_buf != NULL) { 2925 free(lifs.lifs_buf); 2926 lifs.lifs_buf = NULL; 2927 } 2928 lifs.lifs_len = 0; 2929 break; 2930 } 2931 lifs.lifs_buf = newbuf; 2932 } 2933 2934 2935 numifs = lifs.lifs_len / sizeof (struct lifreq); 2936 if (numifs > 0) { 2937 lifrp = lifs.lifs_req; 2938 (void) printf("\n\tsrcof"); 2939 for (n = numifs; n > 0; n--, lifrp++) { 2940 (void) printf(" %s", lifrp->lifr_name); 2941 } 2942 } 2943 2944 if (lifs.lifs_buf != NULL) 2945 free(lifs.lifs_buf); 2946 } 2947 2948 /* Find the interface whose source address this interface uses */ 2949 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 2950 if (lifr.lifr_index != 0) { 2951 if (if_indextoname(lifr.lifr_index, 2952 if_usesrc_name) == NULL) { 2953 (void) printf("\n\tusesrc ifIndex %d", 2954 lifr.lifr_index); 2955 } else { 2956 (void) printf("\n\tusesrc %s", if_usesrc_name); 2957 } 2958 } 2959 } 2960 2961 (void) putchar('\n'); 2962 } 2963 2964 /* 2965 * Print the status of the interface. If an address family was 2966 * specified, show it and it only; otherwise, show them all. 2967 */ 2968 static void 2969 status(void) 2970 { 2971 struct afswtch *p = afp; 2972 uint64_t flags; 2973 datalink_id_t linkid; 2974 2975 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2976 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2977 Perror0_exit("status: SIOCGLIFFLAGS"); 2978 } 2979 2980 flags = lifr.lifr_flags; 2981 2982 /* 2983 * Only print the interface status if the address family matches 2984 * the interface family flag. 2985 */ 2986 if (p != NULL) { 2987 if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) || 2988 ((p->af_af == AF_INET) && (flags & IFF_IPV6))) 2989 return; 2990 } 2991 2992 /* 2993 * In V4 compatibility mode, don't print IFF_IPV6 interfaces. 2994 */ 2995 if (v4compat && (flags & IFF_IPV6)) 2996 return; 2997 2998 ifstatus(name); 2999 3000 if (ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid) == 3001 DLADM_STATUS_OK) 3002 tun_status(linkid); 3003 3004 if (p != NULL) { 3005 (*p->af_status)(1, flags); 3006 } else { 3007 for (p = afs; p->af_name; p++) { 3008 /* set global af for use in p->af_status */ 3009 af = p->af_af; 3010 (*p->af_status)(0, flags); 3011 } 3012 3013 /* 3014 * Historically, 'ether' has been an address family, 3015 * so print it here. 3016 */ 3017 print_ifether(name); 3018 } 3019 } 3020 3021 /* 3022 * Print the status of the interface in a format that can be used to 3023 * reconfigure the interface later. Code stolen from status() above. 3024 */ 3025 /* ARGSUSED */ 3026 static int 3027 configinfo(char *null, int64_t param) 3028 { 3029 char *cp; 3030 struct afswtch *p = afp; 3031 uint64_t flags; 3032 char lifname[LIFNAMSIZ]; 3033 char if_usesrc_name[LIFNAMSIZ]; 3034 3035 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3036 3037 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 3038 Perror0_exit("status: SIOCGLIFFLAGS"); 3039 } 3040 flags = lifr.lifr_flags; 3041 3042 if (debug) { 3043 (void) printf("configinfo: name %s flags 0x%llx af_af %d\n", 3044 name, flags, p != NULL ? p->af_af : -1); 3045 } 3046 3047 /* 3048 * Build the interface name to print (we cannot directly use `name' 3049 * because one cannot "plumb" ":0" interfaces). 3050 */ 3051 (void) strlcpy(lifname, name, LIFNAMSIZ); 3052 if ((cp = strchr(lifname, ':')) != NULL && atoi(cp + 1) == 0) 3053 *cp = '\0'; 3054 3055 /* 3056 * if the interface is IPv4 3057 * if we have a IPv6 address family restriction return 3058 * so it won't print 3059 * if we are in IPv4 compatibility mode, clear out IFF_IPV4 3060 * so we don't print it. 3061 */ 3062 if (flags & IFF_IPV4) { 3063 if (p && p->af_af == AF_INET6) 3064 return (-1); 3065 if (v4compat) 3066 flags &= ~IFF_IPV4; 3067 3068 (void) printf("%s inet plumb", lifname); 3069 } else if (flags & IFF_IPV6) { 3070 /* 3071 * else if the interface is IPv6 3072 * if we have a IPv4 address family restriction return 3073 * or we are in IPv4 compatibiltiy mode, return. 3074 */ 3075 if (p && p->af_af == AF_INET) 3076 return (-1); 3077 if (v4compat) 3078 return (-1); 3079 3080 (void) printf("%s inet6 plumb", lifname); 3081 } 3082 3083 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3084 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 3085 Perror0_exit("configinfo: SIOCGLIFMETRIC"); 3086 } else { 3087 if (lifr.lifr_metric) 3088 (void) printf(" metric %d ", lifr.lifr_metric); 3089 } 3090 if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) && 3091 ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 3092 (void) printf(" mtu %u", lifr.lifr_mtu); 3093 3094 /* Index only applies to the zeroth interface */ 3095 if (lifnum(name) == 0) { 3096 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 3097 (void) printf(" index %d", lifr.lifr_index); 3098 } 3099 3100 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 3101 if (lifr.lifr_index != 0) { 3102 if (if_indextoname(lifr.lifr_index, 3103 if_usesrc_name) != NULL) { 3104 (void) printf(" usesrc %s", if_usesrc_name); 3105 } 3106 } 3107 } 3108 3109 if (p != NULL) { 3110 (*p->af_configinfo)(1, flags); 3111 } else { 3112 for (p = afs; p->af_name; p++) { 3113 (void) close(s); 3114 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 3115 /* set global af for use in p->af_configinfo */ 3116 af = p->af_af; 3117 if (s == -1) { 3118 Perror0_exit("socket"); 3119 } 3120 (*p->af_configinfo)(0, flags); 3121 } 3122 } 3123 3124 (void) putchar('\n'); 3125 return (0); 3126 } 3127 3128 static void 3129 print_tsec(iptun_params_t *params) 3130 { 3131 ipsec_req_t *ipsr; 3132 3133 (void) printf("\ttunnel security settings "); 3134 if (!(params->iptun_param_flags & IPTUN_PARAM_SECINFO)) { 3135 (void) printf("--> use 'ipsecconf -ln -i %s'", name); 3136 } else { 3137 ipsr = ¶ms->iptun_param_secinfo; 3138 if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) { 3139 (void) printf("ah (%s) ", 3140 rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH)); 3141 } 3142 if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) { 3143 (void) printf("esp (%s", 3144 rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP)); 3145 (void) printf("/%s)", 3146 rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH)); 3147 } 3148 } 3149 (void) printf("\n"); 3150 } 3151 3152 static void 3153 tun_status(datalink_id_t linkid) 3154 { 3155 iptun_params_t params; 3156 char propval[DLADM_PROP_VAL_MAX]; 3157 char *valptr[1]; 3158 uint_t valcnt = 1; 3159 boolean_t tabbed = _B_FALSE; 3160 3161 params.iptun_param_linkid = linkid; 3162 3163 /* If dladm_iptun_getparams() fails, assume we are not a tunnel. */ 3164 assert(dlh_opened); 3165 if (dladm_iptun_getparams(dlh, ¶ms, DLADM_OPT_ACTIVE) != 3166 DLADM_STATUS_OK) 3167 return; 3168 3169 switch (params.iptun_param_type) { 3170 case IPTUN_TYPE_IPV4: 3171 case IPTUN_TYPE_6TO4: 3172 (void) printf("\tinet"); 3173 break; 3174 case IPTUN_TYPE_IPV6: 3175 (void) printf("\tinet6"); 3176 break; 3177 default: 3178 dladmerr_exit(DLADM_STATUS_IPTUNTYPE, name); 3179 break; 3180 } 3181 3182 /* 3183 * There is always a source address. If it hasn't been explicitly 3184 * set, the API will pass back a buffer containing the unspecified 3185 * address. 3186 */ 3187 (void) printf(" tunnel src %s ", params.iptun_param_laddr); 3188 3189 if (params.iptun_param_flags & IPTUN_PARAM_RADDR) 3190 (void) printf("tunnel dst %s\n", params.iptun_param_raddr); 3191 else 3192 (void) putchar('\n'); 3193 3194 if (params.iptun_param_flags & IPTUN_PARAM_IPSECPOL) 3195 print_tsec(¶ms); 3196 3197 valptr[0] = propval; 3198 if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT, "hoplimit", 3199 (char **)valptr, &valcnt) == DLADM_STATUS_OK) { 3200 (void) printf("\ttunnel hop limit %s ", propval); 3201 tabbed = _B_TRUE; 3202 } 3203 3204 if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT, 3205 "encaplimit", (char **)valptr, &valcnt) == DLADM_STATUS_OK) { 3206 uint32_t elim; 3207 3208 if (!tabbed) { 3209 (void) putchar('\t'); 3210 tabbed = _B_TRUE; 3211 } 3212 elim = strtol(propval, NULL, 10); 3213 if (elim > 0) 3214 (void) printf("tunnel encapsulation limit %s", propval); 3215 else 3216 (void) printf("tunnel encapsulation limit disabled"); 3217 } 3218 3219 if (tabbed) 3220 (void) putchar('\n'); 3221 } 3222 3223 static void 3224 in_status(int force, uint64_t flags) 3225 { 3226 struct sockaddr_in *sin, *laddr; 3227 struct sockaddr_in netmask = { AF_INET }; 3228 3229 if (debug) 3230 (void) printf("in_status(%s) flags 0x%llx\n", name, flags); 3231 3232 /* only print status for IPv4 interfaces */ 3233 if (!(flags & IFF_IPV4)) 3234 return; 3235 3236 if (!(flags & IFF_NOLOCAL)) { 3237 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3238 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3239 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3240 errno == ENXIO) { 3241 if (!force) 3242 return; 3243 (void) memset(&lifr.lifr_addr, 0, 3244 sizeof (lifr.lifr_addr)); 3245 } else 3246 Perror0_exit("in_status: SIOCGLIFADDR"); 3247 } 3248 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3249 (void) printf("\tinet %s ", inet_ntoa(sin->sin_addr)); 3250 laddr = sin; 3251 } else { 3252 (void) printf("\tinet "); 3253 } 3254 3255 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3256 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3257 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3258 errno == ENXIO) { 3259 if (!force) 3260 return; 3261 (void) memset(&lifr.lifr_addr, 0, 3262 sizeof (lifr.lifr_addr)); 3263 } else { 3264 Perror0_exit("in_status: SIOCGLIFSUBNET"); 3265 } 3266 } 3267 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3268 if ((flags & IFF_NOLOCAL) || 3269 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3270 (void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr), 3271 lifr.lifr_addrlen); 3272 } 3273 if (sin->sin_family != AF_INET) { 3274 (void) printf("Wrong family: %d\n", sin->sin_family); 3275 } 3276 3277 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3278 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3279 if (errno != EADDRNOTAVAIL) 3280 Perror0_exit("in_status: SIOCGLIFNETMASK"); 3281 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3282 } else 3283 netmask.sin_addr = 3284 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3285 if (flags & IFF_POINTOPOINT) { 3286 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3287 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3288 if (errno == EADDRNOTAVAIL) 3289 (void) memset(&lifr.lifr_addr, 0, 3290 sizeof (lifr.lifr_addr)); 3291 else 3292 Perror0_exit("in_status: SIOCGLIFDSTADDR"); 3293 } 3294 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3295 (void) printf("--> %s ", inet_ntoa(sin->sin_addr)); 3296 } 3297 (void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr)); 3298 if (flags & IFF_BROADCAST) { 3299 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3300 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3301 if (errno == EADDRNOTAVAIL) 3302 (void) memset(&lifr.lifr_addr, 0, 3303 sizeof (lifr.lifr_addr)); 3304 else 3305 Perror0_exit("in_status: SIOCGLIFBRDADDR"); 3306 } 3307 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3308 if (sin->sin_addr.s_addr != 0) { 3309 (void) printf("broadcast %s", 3310 inet_ntoa(sin->sin_addr)); 3311 } 3312 } 3313 /* If there is a groupname, print it for only the physical interface */ 3314 if (strchr(name, ':') == NULL) { 3315 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3316 lifr.lifr_groupname[0] != '\0') { 3317 (void) printf("\n\tgroupname %s", lifr.lifr_groupname); 3318 } 3319 } 3320 (void) putchar('\n'); 3321 } 3322 3323 static void 3324 in6_status(int force, uint64_t flags) 3325 { 3326 char abuf[INET6_ADDRSTRLEN]; 3327 struct sockaddr_in6 *sin6, *laddr6; 3328 3329 if (debug) 3330 (void) printf("in6_status(%s) flags 0x%llx\n", name, flags); 3331 3332 if (!(flags & IFF_IPV6)) 3333 return; 3334 3335 if (!(flags & IFF_NOLOCAL)) { 3336 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3337 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3338 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3339 errno == ENXIO) { 3340 if (!force) 3341 return; 3342 (void) memset(&lifr.lifr_addr, 0, 3343 sizeof (lifr.lifr_addr)); 3344 } else 3345 Perror0_exit("in_status6: SIOCGLIFADDR"); 3346 } 3347 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3348 (void) printf("\tinet6 %s/%d ", 3349 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3350 abuf, sizeof (abuf)), 3351 lifr.lifr_addrlen); 3352 laddr6 = sin6; 3353 } else { 3354 (void) printf("\tinet6 "); 3355 } 3356 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3357 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3358 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3359 errno == ENXIO) { 3360 if (!force) 3361 return; 3362 (void) memset(&lifr.lifr_addr, 0, 3363 sizeof (lifr.lifr_addr)); 3364 } else 3365 Perror0_exit("in_status6: SIOCGLIFSUBNET"); 3366 } 3367 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3368 if ((flags & IFF_NOLOCAL) || 3369 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3370 (void) printf("subnet %s/%d ", 3371 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3372 abuf, sizeof (abuf)), 3373 lifr.lifr_addrlen); 3374 } 3375 if (sin6->sin6_family != AF_INET6) { 3376 (void) printf("Wrong family: %d\n", sin6->sin6_family); 3377 } 3378 if (flags & IFF_POINTOPOINT) { 3379 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3380 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3381 if (errno == EADDRNOTAVAIL) 3382 (void) memset(&lifr.lifr_addr, 0, 3383 sizeof (lifr.lifr_addr)); 3384 else 3385 Perror0_exit("in_status6: SIOCGLIFDSTADDR"); 3386 } 3387 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3388 (void) printf("--> %s ", 3389 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3390 abuf, sizeof (abuf))); 3391 } 3392 if (verbose) { 3393 (void) putchar('\n'); 3394 (void) putchar('\t'); 3395 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3396 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3397 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3398 (void) memset(&lifr.lifr_addr, 0, 3399 sizeof (lifr.lifr_addr)); 3400 else 3401 Perror0_exit("in_status6: SIOCGLIFTOKEN"); 3402 } else { 3403 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3404 (void) printf("token %s/%d ", 3405 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3406 abuf, sizeof (abuf)), 3407 lifr.lifr_addrlen); 3408 } 3409 if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) { 3410 if (errno != EINVAL) { 3411 Perror0_exit("in_status6: SIOCGLIFLNKINFO"); 3412 } 3413 } else { 3414 (void) printf("maxhops %u, reachtime %u ms, " 3415 "reachretrans %u ms, maxmtu %u ", 3416 lifr.lifr_ifinfo.lir_maxhops, 3417 lifr.lifr_ifinfo.lir_reachtime, 3418 lifr.lifr_ifinfo.lir_reachretrans, 3419 lifr.lifr_ifinfo.lir_maxmtu); 3420 } 3421 } 3422 /* If there is a groupname, print it for only the physical interface */ 3423 if (strchr(name, ':') == NULL) { 3424 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3425 lifr.lifr_groupname[0] != '\0') { 3426 (void) printf("\n\tgroupname %s", lifr.lifr_groupname); 3427 } 3428 } 3429 (void) putchar('\n'); 3430 } 3431 3432 static void 3433 in_configinfo(int force, uint64_t flags) 3434 { 3435 struct sockaddr_in *sin, *laddr; 3436 struct sockaddr_in netmask = { AF_INET }; 3437 3438 if (debug) 3439 (void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags); 3440 3441 /* only configinfo info for IPv4 interfaces */ 3442 if (!(flags & IFF_IPV4)) 3443 return; 3444 3445 if (!(flags & IFF_NOLOCAL)) { 3446 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3447 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3448 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3449 errno == ENXIO) { 3450 if (!force) 3451 return; 3452 (void) memset(&lifr.lifr_addr, 0, 3453 sizeof (lifr.lifr_addr)); 3454 } else 3455 Perror0_exit("in_configinfo: SIOCGLIFADDR"); 3456 } 3457 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3458 (void) printf(" set %s ", inet_ntoa(sin->sin_addr)); 3459 laddr = sin; 3460 } 3461 3462 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3463 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3464 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3465 errno == ENXIO) { 3466 if (!force) 3467 return; 3468 (void) memset(&lifr.lifr_addr, 0, 3469 sizeof (lifr.lifr_addr)); 3470 } else { 3471 Perror0_exit("in_configinfo: SIOCGLIFSUBNET"); 3472 } 3473 } 3474 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3475 3476 if ((flags & IFF_NOLOCAL) || 3477 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3478 (void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr), 3479 lifr.lifr_addrlen); 3480 } 3481 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3482 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3483 if (errno != EADDRNOTAVAIL) 3484 Perror0_exit("in_configinfo: SIOCGLIFNETMASK"); 3485 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3486 } else 3487 netmask.sin_addr = 3488 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3489 if (flags & IFF_POINTOPOINT) { 3490 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3491 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3492 if (errno == EADDRNOTAVAIL) 3493 (void) memset(&lifr.lifr_addr, 0, 3494 sizeof (lifr.lifr_addr)); 3495 else 3496 Perror0_exit("in_configinfo: SIOCGLIFDSTADDR"); 3497 } 3498 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3499 (void) printf(" destination %s ", inet_ntoa(sin->sin_addr)); 3500 } 3501 (void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr)); 3502 if (flags & IFF_BROADCAST) { 3503 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3504 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3505 if (errno == EADDRNOTAVAIL) 3506 (void) memset(&lifr.lifr_addr, 0, 3507 sizeof (lifr.lifr_addr)); 3508 else 3509 Perror0_exit("in_configinfo: SIOCGLIFBRDADDR"); 3510 } 3511 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3512 if (sin->sin_addr.s_addr != 0) { 3513 (void) printf(" broadcast %s ", 3514 inet_ntoa(sin->sin_addr)); 3515 } 3516 } 3517 3518 /* If there is a groupname, print it for only the zeroth interface */ 3519 if (lifnum(name) == 0) { 3520 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3521 lifr.lifr_groupname[0] != '\0') { 3522 (void) printf(" group %s ", lifr.lifr_groupname); 3523 } 3524 } 3525 3526 /* Print flags to configure */ 3527 print_config_flags(AF_INET, flags); 3528 } 3529 3530 static void 3531 in6_configinfo(int force, uint64_t flags) 3532 { 3533 char abuf[INET6_ADDRSTRLEN]; 3534 struct sockaddr_in6 *sin6, *laddr6; 3535 3536 if (debug) 3537 (void) printf("in6_configinfo(%s) flags 0x%llx\n", name, 3538 flags); 3539 3540 if (!(flags & IFF_IPV6)) 3541 return; 3542 3543 if (!(flags & IFF_NOLOCAL)) { 3544 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3545 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3546 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3547 errno == ENXIO) { 3548 if (!force) 3549 return; 3550 (void) memset(&lifr.lifr_addr, 0, 3551 sizeof (lifr.lifr_addr)); 3552 } else 3553 Perror0_exit("in6_configinfo: SIOCGLIFADDR"); 3554 } 3555 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3556 (void) printf(" set %s/%d ", 3557 inet_ntop(AF_INET6, &sin6->sin6_addr, abuf, sizeof (abuf)), 3558 lifr.lifr_addrlen); 3559 laddr6 = sin6; 3560 } 3561 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3562 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3563 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3564 errno == ENXIO) { 3565 if (!force) 3566 return; 3567 (void) memset(&lifr.lifr_addr, 0, 3568 sizeof (lifr.lifr_addr)); 3569 } else 3570 Perror0_exit("in6_configinfo: SIOCGLIFSUBNET"); 3571 } 3572 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3573 if ((flags & IFF_NOLOCAL) || 3574 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3575 (void) printf(" subnet %s/%d ", 3576 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3577 abuf, sizeof (abuf)), 3578 lifr.lifr_addrlen); 3579 } 3580 3581 if (flags & IFF_POINTOPOINT) { 3582 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3583 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3584 if (errno == EADDRNOTAVAIL) 3585 (void) memset(&lifr.lifr_addr, 0, 3586 sizeof (lifr.lifr_addr)); 3587 else 3588 Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR"); 3589 } 3590 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3591 (void) printf(" destination %s ", 3592 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3593 abuf, sizeof (abuf))); 3594 } 3595 3596 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3597 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3598 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3599 (void) memset(&lifr.lifr_addr, 0, 3600 sizeof (lifr.lifr_addr)); 3601 else 3602 Perror0_exit("in6_configinfo: SIOCGLIFTOKEN"); 3603 } else { 3604 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3605 (void) printf(" token %s/%d ", 3606 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3607 abuf, sizeof (abuf)), 3608 lifr.lifr_addrlen); 3609 } 3610 3611 /* If there is a groupname, print it for only the zeroth interface */ 3612 if (lifnum(name) == 0) { 3613 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3614 lifr.lifr_groupname[0] != '\0') { 3615 (void) printf(" group %s ", lifr.lifr_groupname); 3616 } 3617 } 3618 3619 /* Print flags to configure */ 3620 print_config_flags(AF_INET6, flags); 3621 } 3622 3623 /* 3624 * If this is a physical interface then remove it. 3625 * If it is a logical interface name use SIOCLIFREMOVEIF to 3626 * remove it. In both cases fail if it doesn't exist. 3627 */ 3628 /* ARGSUSED */ 3629 static int 3630 inetunplumb(char *arg, int64_t param) 3631 { 3632 ipadm_status_t istatus; 3633 3634 istatus = ipadm_delete_if(iph, name, afp->af_af, IPADM_OPT_ACTIVE); 3635 if (istatus != IPADM_SUCCESS) { 3636 (void) fprintf(stderr, "ifconfig: cannot unplumb %s: %s\n", 3637 name, ipadm_status2str(istatus)); 3638 exit(1); 3639 } 3640 3641 return (0); 3642 } 3643 3644 /* 3645 * Create the interface in `name', using ipadm_create_if(). If `name' is a 3646 * logical interface or loopback interface, ipadm_create_if() uses 3647 * SIOCLIFADDIF to create it. 3648 */ 3649 /* ARGSUSED */ 3650 static int 3651 inetplumb(char *arg, int64_t param) 3652 { 3653 ipadm_status_t istatus; 3654 3655 istatus = ipadm_create_if(iph, name, afp->af_af, IPADM_OPT_ACTIVE); 3656 if (istatus != IPADM_SUCCESS) { 3657 (void) fprintf(stderr, "ifconfig: cannot plumb %s: %s\n", 3658 name, ipadm_status2str(istatus)); 3659 if (istatus != IPADM_IF_EXISTS) 3660 exit(1); 3661 } 3662 return (0); 3663 } 3664 3665 /* ARGSUSED */ 3666 static int 3667 inetipmp(char *arg, int64_t param) 3668 { 3669 int retval; 3670 3671 /* 3672 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb". 3673 * Otherwise, try to create the requested IPMP interface. 3674 */ 3675 if (strchr(name, ':') != NULL) 3676 retval = inetplumb(arg, param); 3677 else 3678 retval = create_ipmp(name, afp->af_af, name, _B_FALSE); 3679 3680 /* 3681 * We'd return -1, but foreachinterface() doesn't propagate the error 3682 * into the exit status, so we're forced to explicitly exit(). 3683 */ 3684 if (retval == -1) 3685 exit(1); 3686 return (0); 3687 } 3688 3689 /* 3690 * Create an IPMP group `grname' with address family `af'. If `ifname' is 3691 * non-NULL, it specifies the interface name to use. Otherwise, use the name 3692 * ipmpN, where N corresponds to the lowest available integer. If `implicit' 3693 * is set, then the group is being created as a side-effect of placing an 3694 * underlying interface in a group. Also start in.mpathd if necessary. 3695 */ 3696 static int 3697 create_ipmp(const char *grname, int af, const char *ifname, boolean_t implicit) 3698 { 3699 static int ipmp_daemon_started; 3700 uint32_t flags = IPADM_OPT_IPMP|IPADM_OPT_ACTIVE; 3701 ipadm_status_t istatus; 3702 3703 if (debug) { 3704 (void) printf("create_ipmp: ifname %s grname %s af %d\n", 3705 ifname != NULL ? ifname : "NULL", grname, af); 3706 } 3707 3708 /* 3709 * ipadm_create_if() creates the IPMP interface and fills in the 3710 * ppa in lifr.lifr_name, if `ifname'="ipmp". 3711 */ 3712 (void) strlcpy(lifr.lifr_name, (ifname ? ifname : "ipmp"), 3713 sizeof (lifr.lifr_name)); 3714 if (ifname == NULL) 3715 flags |= IPADM_OPT_GENPPA; 3716 istatus = ipadm_create_if(iph, lifr.lifr_name, af, flags); 3717 if (istatus != IPADM_SUCCESS) { 3718 (void) fprintf(stderr, "ifconfig: cannot create IPMP interface " 3719 "%s: %s\n", grname, ipadm_status2str(istatus)); 3720 return (-1); 3721 } 3722 3723 /* 3724 * To preserve backward-compatibility, always bring up the link-local 3725 * address for implicitly-created IPv6 IPMP interfaces. 3726 */ 3727 if (implicit && af == AF_INET6) { 3728 if (ioctl(s6, SIOCGLIFFLAGS, &lifr) == 0) { 3729 lifr.lifr_flags |= IFF_UP; 3730 (void) ioctl(s6, SIOCSLIFFLAGS, &lifr); 3731 } 3732 } 3733 3734 /* 3735 * If the caller requested a different group name, issue a 3736 * SIOCSLIFGROUPNAME on the new IPMP interface. 3737 */ 3738 if (strcmp(lifr.lifr_name, grname) != 0) { 3739 (void) strlcpy(lifr.lifr_groupname, grname, LIFGRNAMSIZ); 3740 if (ioctl(s, SIOCSLIFGROUPNAME, &lifr) == -1) { 3741 Perror0("SIOCSLIFGROUPNAME"); 3742 return (-1); 3743 } 3744 } 3745 3746 /* 3747 * If we haven't done so yet, ensure in.mpathd is started. 3748 */ 3749 if (ipmp_daemon_started++ == 0) 3750 start_ipmp_daemon(); 3751 3752 return (0); 3753 } 3754 3755 /* 3756 * Start in.mpathd if it's not already running. 3757 */ 3758 static void 3759 start_ipmp_daemon(void) 3760 { 3761 int retval; 3762 ipmp_handle_t ipmp_handle; 3763 3764 /* 3765 * Ping in.mpathd to see if it's running already. 3766 */ 3767 if ((retval = ipmp_open(&ipmp_handle)) != IPMP_SUCCESS) { 3768 (void) fprintf(stderr, "ifconfig: cannot create IPMP handle: " 3769 "%s\n", ipmp_errmsg(retval)); 3770 return; 3771 } 3772 3773 retval = ipmp_ping_daemon(ipmp_handle); 3774 ipmp_close(ipmp_handle); 3775 3776 switch (retval) { 3777 case IPMP_ENOMPATHD: 3778 break; 3779 case IPMP_SUCCESS: 3780 return; 3781 default: 3782 (void) fprintf(stderr, "ifconfig: cannot ping in.mpathd: %s\n", 3783 ipmp_errmsg(retval)); 3784 break; 3785 } 3786 3787 /* 3788 * Start in.mpathd. Note that in.mpathd will handle multiple 3789 * incarnations (ipmp_ping_daemon() is just an optimization) so we 3790 * don't need to worry about racing with another ifconfig process. 3791 */ 3792 switch (fork()) { 3793 case -1: 3794 Perror0_exit("start_ipmp_daemon: fork"); 3795 /* NOTREACHED */ 3796 case 0: 3797 (void) execl(MPATHD_PATH, MPATHD_PATH, NULL); 3798 _exit(1); 3799 /* NOTREACHED */ 3800 default: 3801 break; 3802 } 3803 } 3804 3805 /* 3806 * Bring the address named by `ifaddrp' up or down. Doesn't trust any mutable 3807 * values in ia_flags since they may be stale. 3808 */ 3809 static boolean_t 3810 ifaddr_op(ifaddrlistx_t *ifaddrp, boolean_t up) 3811 { 3812 struct lifreq lifrl; /* Local lifreq struct */ 3813 int fd = (ifaddrp->ia_flags & IFF_IPV4) ? s4 : s6; 3814 3815 (void) memset(&lifrl, 0, sizeof (lifrl)); 3816 (void) strlcpy(lifrl.lifr_name, ifaddrp->ia_name, LIFNAMSIZ); 3817 if (ioctl(fd, SIOCGLIFFLAGS, &lifrl) == -1) 3818 return (_B_FALSE); 3819 3820 if (up) 3821 lifrl.lifr_flags |= IFF_UP; 3822 else 3823 lifrl.lifr_flags &= ~IFF_UP; 3824 3825 if (ioctl(fd, SIOCSLIFFLAGS, &lifrl) == -1) 3826 return (_B_FALSE); 3827 3828 /* 3829 * If we're trying to bring the address down, ensure that DAD activity 3830 * (observable by IFF_DUPLICATE) has also been stopped. 3831 */ 3832 if (!up && ioctl(fd, SIOCGLIFFLAGS, &lifrl) != -1 && 3833 lifrl.lifr_flags & IFF_DUPLICATE) { 3834 if (ioctl(fd, SIOCGLIFADDR, &lifrl) == -1 || 3835 ioctl(fd, SIOCSLIFADDR, &lifrl) == -1) { 3836 return (_B_FALSE); 3837 } 3838 } 3839 return (_B_TRUE); 3840 } 3841 3842 static boolean_t 3843 ifaddr_up(ifaddrlistx_t *ifaddrp) 3844 { 3845 return (ifaddr_op(ifaddrp, _B_TRUE)); 3846 } 3847 3848 static boolean_t 3849 ifaddr_down(ifaddrlistx_t *ifaddrp) 3850 { 3851 return (ifaddr_op(ifaddrp, _B_FALSE)); 3852 } 3853 3854 /* 3855 * Open the global libdladm handle "dlh" if it isn't already opened. The 3856 * caller may optionally supply a link name to obtain its linkid. If a link 3857 * of a specific class or classes is required, reqclass specifies the class 3858 * mask. 3859 */ 3860 static dladm_status_t 3861 ifconfig_dladm_open(const char *name, datalink_class_t reqclass, 3862 datalink_id_t *linkid) 3863 { 3864 dladm_status_t status = DLADM_STATUS_OK; 3865 datalink_class_t class; 3866 3867 if (!dlh_opened) { 3868 if ((status = dladm_open(&dlh)) != DLADM_STATUS_OK) 3869 return (status); 3870 dlh_opened = _B_TRUE; 3871 } 3872 if (name != NULL) { 3873 status = dladm_name2info(dlh, name, linkid, NULL, &class, NULL); 3874 if (status == DLADM_STATUS_OK) { 3875 if (!(class & reqclass)) 3876 status = DLADM_STATUS_LINKINVAL; 3877 } 3878 } 3879 return (status); 3880 } 3881 3882 /* 3883 * This function checks if we can use libipadm API's. We will only 3884 * call libipadm functions for non-IPMP interfaces. This check is 3885 * temporary until libipadm supports IPMP interfaces. 3886 */ 3887 static boolean_t 3888 ifconfig_use_libipadm(int s, const char *lifname) 3889 { 3890 struct lifreq lifr1; 3891 3892 (void) strlcpy(lifr1.lifr_name, lifname, sizeof (lifr1.lifr_name)); 3893 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr1) < 0) { 3894 (void) strncpy(lifr.lifr_name, lifname, 3895 sizeof (lifr.lifr_name)); 3896 Perror0_exit("error"); 3897 } 3898 3899 return (lifr1.lifr_groupname[0] == '\0'); 3900 } 3901 3902 static void 3903 ipadmerr_exit(ipadm_status_t status, const char *str) 3904 { 3905 (void) fprintf(stderr, "ifconfig: %s: %s\n", str, 3906 ipadm_status2str(status)); 3907 exit(1); 3908 } 3909 3910 static void 3911 dladmerr_exit(dladm_status_t status, const char *str) 3912 { 3913 char errstr[DLADM_STRSIZE]; 3914 3915 (void) fprintf(stderr, "%s: %s\n", str, 3916 dladm_status2str(status, errstr)); 3917 exit(1); 3918 } 3919 3920 void 3921 Perror0(const char *cmd) 3922 { 3923 Perror2(cmd, lifr.lifr_name); 3924 } 3925 3926 void 3927 Perror0_exit(const char *cmd) 3928 { 3929 Perror0(cmd); 3930 exit(1); 3931 } 3932 3933 void 3934 Perror2(const char *cmd, const char *str) 3935 { 3936 int error = errno; 3937 3938 (void) fprintf(stderr, "ifconfig: %s: ", cmd); 3939 3940 switch (error) { 3941 case ENXIO: 3942 (void) fprintf(stderr, "%s: no such interface\n", str); 3943 break; 3944 case EPERM: 3945 (void) fprintf(stderr, "%s: permission denied\n", str); 3946 break; 3947 case EEXIST: 3948 (void) fprintf(stderr, "%s: already exists\n", str); 3949 break; 3950 case ENAMETOOLONG: 3951 (void) fprintf(stderr, "%s: interface name too long\n", str); 3952 break; 3953 case ERANGE: 3954 (void) fprintf(stderr, "%s: logical interface id is outside " 3955 "allowed range\n", str); 3956 break; 3957 default: 3958 errno = error; 3959 perror(str); 3960 } 3961 } 3962 3963 /* 3964 * Print out error message (Perror2()) and exit 3965 */ 3966 void 3967 Perror2_exit(const char *cmd, const char *str) 3968 { 3969 Perror2(cmd, str); 3970 exit(1); 3971 /* NOTREACHED */ 3972 } 3973 3974 void 3975 Perrdlpi(const char *cmd, const char *linkname, int err) 3976 { 3977 (void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd, 3978 linkname, dlpi_strerror(err)); 3979 } 3980 3981 /* 3982 * Print out error message (Perrdlpi()) and exit 3983 */ 3984 void 3985 Perrdlpi_exit(const char *cmd, const char *linkname, int err) 3986 { 3987 Perrdlpi(cmd, linkname, err); 3988 exit(1); 3989 } 3990 3991 /* 3992 * If the last argument is non-NULL allow a <addr>/<n> syntax and 3993 * pass out <n> in *plenp. 3994 * If <n> doesn't parse return BAD_ADDR as *plenp. 3995 * If no /<n> is present return NO_PREFIX as *plenp. 3996 */ 3997 static void 3998 in_getaddr(char *s, struct sockaddr *saddr, int *plenp) 3999 { 4000 /* LINTED: alignment */ 4001 struct sockaddr_in *sin = (struct sockaddr_in *)saddr; 4002 struct hostent *hp; 4003 struct netent *np; 4004 char str[BUFSIZ]; 4005 int error_num; 4006 4007 (void) strncpy(str, s, sizeof (str)); 4008 4009 /* 4010 * Look for '/'<n> is plenp 4011 */ 4012 if (plenp != NULL) { 4013 char *cp; 4014 4015 *plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS); 4016 if (*plenp == BAD_ADDR) 4017 return; 4018 cp = strchr(str, '/'); 4019 if (cp != NULL) 4020 *cp = '\0'; 4021 } else if (strchr(str, '/') != NULL) { 4022 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4023 exit(1); 4024 } 4025 4026 (void) memset(sin, 0, sizeof (*sin)); 4027 4028 /* 4029 * Try to catch attempts to set the broadcast address to all 1's. 4030 */ 4031 if (strcmp(str, "255.255.255.255") == 0 || 4032 (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) { 4033 sin->sin_family = AF_INET; 4034 sin->sin_addr.s_addr = 0xffffffff; 4035 return; 4036 } 4037 4038 hp = getipnodebyname(str, AF_INET, 0, &error_num); 4039 if (hp) { 4040 sin->sin_family = hp->h_addrtype; 4041 (void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length); 4042 freehostent(hp); 4043 return; 4044 } 4045 np = getnetbyname(str); 4046 if (np) { 4047 sin->sin_family = np->n_addrtype; 4048 sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY); 4049 return; 4050 } 4051 if (error_num == TRY_AGAIN) { 4052 (void) fprintf(stderr, "ifconfig: %s: bad address " 4053 "(try again later)\n", s); 4054 } else { 4055 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4056 } 4057 exit(1); 4058 } 4059 4060 /* 4061 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4062 * pass out <n> in *plenp. 4063 * If <n> doesn't parse return BAD_ADDR as *plenp. 4064 * If no /<n> is present return NO_PREFIX as *plenp. 4065 */ 4066 static void 4067 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4068 { 4069 /* LINTED: alignment */ 4070 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr; 4071 struct hostent *hp; 4072 char str[BUFSIZ]; 4073 int error_num; 4074 4075 (void) strncpy(str, s, sizeof (str)); 4076 4077 /* 4078 * Look for '/'<n> is plenp 4079 */ 4080 if (plenp != NULL) { 4081 char *cp; 4082 4083 *plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS); 4084 if (*plenp == BAD_ADDR) 4085 return; 4086 cp = strchr(str, '/'); 4087 if (cp != NULL) 4088 *cp = '\0'; 4089 } else if (strchr(str, '/') != NULL) { 4090 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4091 exit(1); 4092 } 4093 4094 (void) memset(sin6, 0, sizeof (*sin6)); 4095 4096 hp = getipnodebyname(str, AF_INET6, 0, &error_num); 4097 if (hp) { 4098 sin6->sin6_family = hp->h_addrtype; 4099 (void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length); 4100 freehostent(hp); 4101 return; 4102 } 4103 if (error_num == TRY_AGAIN) { 4104 (void) fprintf(stderr, "ifconfig: %s: bad address " 4105 "(try again later)\n", s); 4106 } else { 4107 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4108 } 4109 exit(1); 4110 } 4111 4112 /* 4113 * If "slash" is zero this parses the whole string as 4114 * an integer. With "slash" non zero it parses the tail part as an integer. 4115 * 4116 * If it is not a valid integer this returns BAD_ADDR. 4117 * If there is /<n> present this returns NO_PREFIX. 4118 */ 4119 static int 4120 in_getprefixlen(char *addr, boolean_t slash, int max_plen) 4121 { 4122 int prefixlen; 4123 char *str, *end; 4124 4125 if (slash) { 4126 str = strchr(addr, '/'); 4127 if (str == NULL) 4128 return (NO_PREFIX); 4129 str++; 4130 } else 4131 str = addr; 4132 4133 prefixlen = strtol(str, &end, 10); 4134 if (prefixlen < 0) 4135 return (BAD_ADDR); 4136 if (str == end) 4137 return (BAD_ADDR); 4138 if (max_plen != 0 && max_plen < prefixlen) 4139 return (BAD_ADDR); 4140 return (prefixlen); 4141 } 4142 4143 /* 4144 * Convert a prefix length to a mask. 4145 * Returns 1 if ok. 0 otherwise. 4146 * Assumes the mask array is zero'ed by the caller. 4147 */ 4148 static boolean_t 4149 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask) 4150 { 4151 if (prefixlen < 0 || prefixlen > maxlen) 4152 return (0); 4153 4154 while (prefixlen > 0) { 4155 if (prefixlen >= 8) { 4156 *mask++ = 0xFF; 4157 prefixlen -= 8; 4158 continue; 4159 } 4160 *mask |= 1 << (8 - prefixlen); 4161 prefixlen--; 4162 } 4163 return (1); 4164 } 4165 4166 static void 4167 print_flags(uint64_t flags) 4168 { 4169 boolean_t first = _B_TRUE; 4170 int cnt, i; 4171 4172 (void) printf("flags=%llx", flags); 4173 cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t); 4174 for (i = 0; i < cnt; i++) { 4175 if (flags & if_flags_tbl[i].iff_value) { 4176 if (first) { 4177 (void) printf("<"); 4178 first = _B_FALSE; 4179 } else { 4180 /* 4181 * It has to be here and not with the 4182 * printf below because for the last one, 4183 * we don't want a comma before the ">". 4184 */ 4185 (void) printf(","); 4186 } 4187 (void) printf("%s", if_flags_tbl[i].iff_name); 4188 } 4189 } 4190 if (!first) 4191 (void) printf(">"); 4192 } 4193 4194 static void 4195 print_config_flags(int af, uint64_t flags) 4196 { 4197 if_config_cmd_t *cmdp; 4198 4199 for (cmdp = if_config_cmd_tbl; cmdp->iff_flag != 0; cmdp++) { 4200 if ((flags & cmdp->iff_flag) && 4201 (cmdp->iff_af == AF_UNSPEC || cmdp->iff_af == af)) { 4202 (void) printf("%s ", cmdp->iff_name); 4203 } 4204 } 4205 } 4206 4207 /* 4208 * Use the configured directory lookup mechanism (e.g. files/NIS/...) 4209 * to find the network mask. Returns true if we found one to set. 4210 * 4211 * The parameter addr_set controls whether we should get the address of 4212 * the working interface for the netmask query. If addr_set is true, 4213 * we will use the address provided. Otherwise, we will find the working 4214 * interface's address and use it instead. 4215 */ 4216 static boolean_t 4217 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set) 4218 { 4219 struct sockaddr_in ifaddr; 4220 4221 /* 4222 * Read the address from the interface if it is not passed in. 4223 */ 4224 if (!addr_set) { 4225 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4226 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 4227 if (errno != EADDRNOTAVAIL) { 4228 (void) fprintf(stderr, "Need net number for " 4229 "mask\n"); 4230 } 4231 return (_B_FALSE); 4232 } 4233 ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr); 4234 } else { 4235 ifaddr.sin_addr = saddr->sin_addr; 4236 } 4237 if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) { 4238 saddr->sin_family = AF_INET; 4239 return (_B_TRUE); 4240 } 4241 return (_B_FALSE); 4242 } 4243 4244 static int 4245 lifnum(const char *ifname) 4246 { 4247 const char *cp; 4248 4249 if ((cp = strchr(ifname, ':')) == NULL) 4250 return (0); 4251 else 4252 return (atoi(cp + 1)); 4253 } 4254 4255 static void 4256 add_ni(const char *name) 4257 { 4258 ni_t **pp; 4259 ni_t *p; 4260 4261 for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) { 4262 if (strcmp(p->ni_name, name) == 0) { 4263 if (debug > 2) 4264 (void) fprintf(stderr, "'%s' is a duplicate\n", 4265 name); 4266 return; 4267 } 4268 } 4269 4270 if (debug > 2) 4271 (void) fprintf(stderr, "adding '%s'\n", 4272 name); 4273 4274 if ((p = malloc(sizeof (ni_t))) == NULL) 4275 return; 4276 4277 (void) strlcpy(p->ni_name, name, sizeof (p->ni_name)); 4278 p->ni_next = NULL; 4279 4280 *pp = p; 4281 num_ni++; 4282 } 4283 4284 static boolean_t 4285 ni_entry(const char *linkname, void *arg) 4286 { 4287 dlpi_handle_t dh; 4288 datalink_class_t class; 4289 4290 (void) dladm_name2info(arg, linkname, NULL, NULL, &class, NULL); 4291 4292 if (class == DATALINK_CLASS_ETHERSTUB) 4293 return (_B_FALSE); 4294 if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS) 4295 return (_B_FALSE); 4296 4297 add_ni(linkname); 4298 4299 dlpi_close(dh); 4300 return (_B_FALSE); 4301 } 4302 4303 /* 4304 * dhcp-related routines 4305 */ 4306 4307 static int 4308 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[]) 4309 { 4310 dhcp_ipc_request_t *request; 4311 dhcp_ipc_reply_t *reply = NULL; 4312 int timeout = DHCP_IPC_WAIT_DEFAULT; 4313 dhcp_ipc_type_t type = DHCP_START; 4314 int error; 4315 boolean_t is_primary = _B_FALSE; 4316 boolean_t started = _B_FALSE; 4317 4318 for (argv++; --argc > 0; argv++) { 4319 4320 if (strcmp(*argv, "primary") == 0) { 4321 is_primary = _B_TRUE; 4322 continue; 4323 } 4324 4325 if (strcmp(*argv, "wait") == 0) { 4326 if (--argc <= 0) { 4327 usage(); 4328 return (DHCP_EXIT_BADARGS); 4329 } 4330 argv++; 4331 4332 if (strcmp(*argv, "forever") == 0) { 4333 timeout = DHCP_IPC_WAIT_FOREVER; 4334 continue; 4335 } 4336 4337 if (sscanf(*argv, "%d", &timeout) != 1) { 4338 usage(); 4339 return (DHCP_EXIT_BADARGS); 4340 } 4341 4342 if (timeout < 0) { 4343 usage(); 4344 return (DHCP_EXIT_BADARGS); 4345 } 4346 continue; 4347 } 4348 4349 type = dhcp_string_to_request(*argv); 4350 if (type == -1) { 4351 usage(); 4352 return (DHCP_EXIT_BADARGS); 4353 } 4354 } 4355 4356 /* 4357 * Only try to start agent on start or inform; in all other cases it 4358 * has to already be running for anything to make sense. 4359 */ 4360 if (type == DHCP_START || type == DHCP_INFORM) { 4361 if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) { 4362 (void) fprintf(stderr, "%s: unable to start %s\n", 4363 caller, DHCP_AGENT_PATH); 4364 return (DHCP_EXIT_FAILURE); 4365 } 4366 started = _B_TRUE; 4367 } 4368 4369 if (is_primary) 4370 type |= DHCP_PRIMARY; 4371 4372 if (af != AF_INET) 4373 type |= DHCP_V6; 4374 4375 request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE); 4376 if (request == NULL) { 4377 (void) fprintf(stderr, "%s: out of memory\n", caller); 4378 return (DHCP_EXIT_SYSTEM); 4379 } 4380 4381 error = dhcp_ipc_make_request(request, &reply, timeout); 4382 if (error != 0) { 4383 free(request); 4384 /* 4385 * Re-map connect error to not under control if we didn't try a 4386 * start operation, as this has to be true and results in a 4387 * clearer message, not to mention preserving compatibility 4388 * with the days when we always started dhcpagent for every 4389 * request. 4390 */ 4391 if (error == DHCP_IPC_E_CONNECT && !started) 4392 error = DHCP_IPC_E_UNKIF; 4393 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4394 dhcp_ipc_strerror(error)); 4395 return (DHCP_EXIT_FAILURE); 4396 } 4397 4398 error = reply->return_code; 4399 if (error != 0) { 4400 free(request); 4401 free(reply); 4402 4403 if (error == DHCP_IPC_E_TIMEOUT && timeout == 0) 4404 return (DHCP_EXIT_SUCCESS); 4405 4406 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4407 dhcp_ipc_strerror(error)); 4408 4409 if (error == DHCP_IPC_E_TIMEOUT) 4410 return (DHCP_EXIT_TIMEOUT); 4411 else 4412 return (DHCP_EXIT_IF_FAILURE); 4413 } 4414 4415 if (DHCP_IPC_CMD(type) == DHCP_STATUS) { 4416 (void) printf("%s", dhcp_status_hdr_string()); 4417 (void) printf("%s", dhcp_status_reply_to_string(reply)); 4418 } 4419 4420 free(request); 4421 free(reply); 4422 return (DHCP_EXIT_SUCCESS); 4423 } 4424 4425 static void 4426 usage(void) 4427 { 4428 (void) fprintf(stderr, 4429 "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n"); 4430 4431 (void) fprintf(stderr, "%s", 4432 "\t[ <addr_family> ]\n" 4433 "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n" 4434 "\t[ set [ <address>][/<prefix_length>] ]" 4435 " [ <address>/<prefix_length>] ]\n" 4436 "\t[ destination <dest_address> ]\n" 4437 "\t[ addif <address>[/<prefix_length>]" 4438 " [ <dest_address> ] ]\n" 4439 "\t[ removeif <address>[/<prefix_length>] ]\n" 4440 "\t[ arp | -arp ]\n" 4441 "\t[ auto-revarp ]\n" 4442 "\t[ broadcast <broad_addr> ]\n" 4443 "\t[ index <if_index> ]\n" 4444 "\t[ metric <n> ] [ mtu <n> ]\n" 4445 "\t[ netmask <mask> ]\n" 4446 "\t[ plumb ] [ unplumb ]\n" 4447 "\t[ preferred | -preferred ]\n" 4448 "\t[ private | -private ]\n" 4449 "\t[ local | -local ]\n" 4450 "\t[ router | -router ]\n" 4451 "\t[ subnet <subnet_address>]\n" 4452 "\t[ trailers | -trailers ]\n" 4453 "\t[ token <address>/<prefix_length> ]\n" 4454 "\t[ tsrc <tunnel_src_address> ]\n" 4455 "\t[ tdst <tunnel_dest_address> ]\n" 4456 "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n" 4457 "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n" 4458 "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n" 4459 "\t[ up ] [ down ]\n" 4460 "\t[ xmit | -xmit ]\n" 4461 "\t[ modlist ]\n" 4462 "\t[ modinsert <module_name@position> ]\n" 4463 "\t[ modremove <module_name@position> ]\n" 4464 "\t[ ipmp ]\n" 4465 "\t[ group <groupname>] | [ group \"\"]\n" 4466 "\t[ deprecated | -deprecated ]\n" 4467 "\t[ standby | -standby ]\n" 4468 "\t[ failover | -failover ]\n" 4469 "\t[ zone <zonename> | -zone ]\n" 4470 "\t[ usesrc <interface> ]\n" 4471 "\t[ all-zones ]\n"); 4472 4473 (void) fprintf(stderr, "or\n"); 4474 (void) fprintf(stderr, 4475 "\tifconfig <interface> | -a[ 4 | 6 | D ] [ u | d ]\n"); 4476 4477 (void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n" 4478 "\t[ wait <time> | forever ]\n\t[ primary ]\n" 4479 "\tstart | drop | ping | release | status | inform\n"); 4480 } 4481