1 /* 2 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 /* 6 * Copyright (c) 1983 Regents of the University of California. 7 * All rights reserved. The Berkeley software License Agreement 8 * specifies the terms and conditions for redistribution. 9 */ 10 11 #pragma ident "%Z%%M% %I% %E% SMI" 12 13 #include "defs.h" 14 #include "strings.h" 15 #include "ifconfig.h" 16 #include <compat.h> 17 18 #include <sys/dlpi.h> 19 #include <libdlpi.h> 20 21 #include <inet/ip.h> 22 23 #define LOOPBACK_IF "lo0" 24 #define NONE_STR "none" 25 #define ARP_MOD_NAME "arp" 26 #define TUN_NAME "tun" 27 #define ATUN_NAME "atun" 28 #define TUN6TO4_NAME "6to4tun" 29 30 typedef struct if_flags { 31 uint64_t iff_value; 32 char *iff_name; 33 } if_flags_t; 34 35 static if_flags_t if_flags_tbl[] = { 36 { IFF_UP, "UP" }, 37 { IFF_BROADCAST, "BROADCAST" }, 38 { IFF_DEBUG, "DEBUG" }, 39 { IFF_LOOPBACK, "LOOPBACK" }, 40 { IFF_POINTOPOINT, "POINTOPOINT" }, 41 { IFF_NOTRAILERS, "NOTRAILERS" }, 42 { IFF_RUNNING, "RUNNING" }, 43 { IFF_NOARP, "NOARP" }, 44 { IFF_PROMISC, "PROMISC" }, 45 { IFF_ALLMULTI, "ALLMULTI" }, 46 { IFF_INTELLIGENT, "INTELLIGENT" }, 47 { IFF_MULTICAST, "MULTICAST" }, 48 { IFF_MULTI_BCAST, "MULTI_BCAST" }, 49 { IFF_UNNUMBERED, "UNNUMBERED" }, 50 { IFF_DHCPRUNNING, "DHCP" }, 51 { IFF_PRIVATE, "PRIVATE" }, 52 { IFF_NOXMIT, "NOXMIT" }, 53 { IFF_NOLOCAL, "NOLOCAL" }, 54 { IFF_DEPRECATED, "DEPRECATED" }, 55 { IFF_ADDRCONF, "ADDRCONF" }, 56 { IFF_ROUTER, "ROUTER" }, 57 { IFF_NONUD, "NONUD" }, 58 { IFF_ANYCAST, "ANYCAST" }, 59 { IFF_NORTEXCH, "NORTEXCH" }, 60 { IFF_IPV4, "IPv4" }, 61 { IFF_IPV6, "IPv6" }, 62 { IFF_MIPRUNNING, "MIP" }, 63 { IFF_NOFAILOVER, "NOFAILOVER" }, 64 { IFF_FAILED, "FAILED" }, 65 { IFF_STANDBY, "STANDBY" }, 66 { IFF_INACTIVE, "INACTIVE" }, 67 { IFF_OFFLINE, "OFFLINE" }, 68 { IFF_XRESOLV, "XRESOLV" }, 69 { IFF_COS_ENABLED, "CoS" }, 70 { IFF_PREFERRED, "PREFERRED" }, 71 { IFF_TEMPORARY, "TEMPORARY" }, 72 { IFF_FIXEDMTU, "FIXEDMTU" }, 73 { IFF_VIRTUAL, "VIRTUAL" }, 74 { IFF_DUPLICATE, "DUPLICATE" } 75 }; 76 77 static struct lifreq lifr; 78 /* current interface name a particular function is accessing */ 79 static char name[LIFNAMSIZ]; 80 /* foreach interface saved name */ 81 static char origname[LIFNAMSIZ]; 82 static char savedname[LIFNAMSIZ]; /* For addif */ 83 static int setaddr; 84 85 /* 86 * Make sure the algorithm variables hold more than the sizeof an algorithm 87 * in PF_KEY. (For now, more than a uint8_t.) The NO_***_?ALG indicates that 88 * there was no algorithm requested, and in the ipsec_req that service should 89 * be disabled. (E.g. if ah_aalg remains NO_AH_AALG, then AH will be 90 * disabled on that tunnel.) 91 */ 92 #define NO_AH_AALG 256 93 #define NO_ESP_AALG 256 94 #define NO_ESP_EALG 256 95 96 /* 97 * iface_t 98 * used by setifether to create a list of interfaces to mark 99 * down-up when changing the ethernet address of an interface 100 */ 101 typedef struct iface { 102 struct lifreq lifr; 103 struct iface *next; /* pointer to the next list element */ 104 } iface_t; 105 106 static iface_t *logifs = NULL; /* list of logical interfaces */ 107 static iface_t *phyif = NULL; /* physical interface */ 108 109 int s; 110 int af = AF_INET; /* default address family */ 111 int debug = 0; 112 int all = 0; /* setifdhcp() needs to know this */ 113 int verbose = 0; 114 int v4compat = 0; /* Compatible printing format */ 115 116 /* 117 * Function prototypes for command functions. 118 */ 119 static int addif(char *arg, int64_t param); 120 static int inetplumb(char *arg, int64_t param); 121 static int inetunplumb(char *arg, int64_t param); 122 static int removeif(char *arg, int64_t param); 123 static int setdebugflag(char *arg, int64_t param); 124 static int setifaddr(char *arg, int64_t param); 125 static int setifbroadaddr(char *arg, int64_t param); 126 static int setifdstaddr(char *arg, int64_t param); 127 static int setifether(char *arg, int64_t param); 128 static int setifflags(char *arg, int64_t param); 129 static int setifindex(char *arg, int64_t param); 130 static int setifmetric(char *arg, int64_t param); 131 static int setifmtu(char *arg, int64_t param); 132 static int setifnetmask(char *arg, int64_t param); 133 static int setifprefixlen(char *arg, int64_t param); 134 static int setifrevarp(char *arg, int64_t param); 135 static int setifsubnet(char *arg, int64_t param); 136 static int setiftdst(char *arg, int64_t param); 137 static int setiftoken(char *arg, int64_t param); 138 static int setiftsrc(char *arg, int64_t param); 139 static int setverboseflag(char *arg, int64_t param); 140 static int set_tun_ah_alg(char *arg, int64_t param); 141 static int set_tun_esp_auth_alg(char *arg, int64_t param); 142 static int set_tun_esp_encr_alg(char *arg, int64_t param); 143 static int modlist(char *arg, int64_t param); 144 static int modinsert(char *arg, int64_t param); 145 static int modremove(char *arg, int64_t param); 146 static int setifgroupname(char *arg, int64_t param); 147 static int configinfo(char *arg, int64_t param); 148 static void print_config_flags(uint64_t flags); 149 static void print_flags(uint64_t flags); 150 static void print_ifether(char *ifname); 151 static int set_tun_encap_limit(char *arg, int64_t param); 152 static int clr_tun_encap_limit(char *arg, int64_t param); 153 static int set_tun_hop_limit(char *arg, int64_t param); 154 static int setzone(char *arg, int64_t param); 155 static int setallzones(char *arg, int64_t param); 156 static int setifsrc(char *arg, int64_t param); 157 158 /* 159 * Address family specific function prototypes. 160 */ 161 static void in_getaddr(char *s, struct sockaddr *saddr, int *plenp); 162 static void in_status(int force, uint64_t flags); 163 static void in_configinfo(int force, uint64_t flags); 164 static void in6_getaddr(char *s, struct sockaddr *saddr, int *plenp); 165 static void in6_status(int force, uint64_t flags); 166 static void in6_configinfo(int force, uint64_t flags); 167 168 /* 169 * Misc support functions 170 */ 171 static int devfs_entry(di_node_t node, di_minor_t minor, void *arg); 172 static void foreachinterface(void (*func)(), int argc, char *argv[], 173 int af, int64_t onflags, int64_t offflags, 174 int64_t lifc_flags); 175 static void ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp); 176 static boolean_t in_getmask(struct sockaddr_in *saddr, 177 boolean_t addr_set); 178 static int in_getprefixlen(char *addr, boolean_t slash, int plen); 179 static boolean_t in_prefixlentomask(int prefixlen, int maxlen, 180 uchar_t *mask); 181 static int settaddr(char *, int (*)(icfg_handle_t, 182 const struct sockaddr *, socklen_t)); 183 static void status(void); 184 static void ifstatus(const char *); 185 static void usage(void); 186 static int strioctl(int s, int cmd, char *buf, int buflen); 187 static int setifdhcp(const char *caller, const char *ifname, 188 int argc, char *argv[]); 189 static int ip_domux2fd(int *, int *, int *, int *); 190 static int ip_plink(int, int, int, int); 191 static int modop(char *arg, char op); 192 static int get_lun(char *); 193 static void selectifs(int argc, char *argv[], int af, 194 struct lifreq *lifrp); 195 static int updownifs(iface_t *ifs, int up); 196 static int find_all_global_interfaces(struct lifconf *lifcp, char **buf, 197 int64_t lifc_flags); 198 static int find_all_zone_interfaces(struct lifconf *lifcp, char **buf, 199 int64_t lifc_flags); 200 201 #define max(a, b) ((a) < (b) ? (b) : (a)) 202 203 /* 204 * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there 205 * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep 206 * on going rather than exit with an error. 207 */ 208 209 #define DHCP_EXIT_IF_FAILURE -1 210 211 #define NEXTARG 0xffffff /* command takes an argument */ 212 #define OPTARG 0xfffffe /* command takes an optional argument */ 213 #define AF_ANY (-1) 214 215 /* Refer to the comments in ifconfig() on the netmask "hack" */ 216 #define NETMASK_CMD "netmask" 217 struct sockaddr_storage g_netmask; 218 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET } 219 g_netmask_set = G_NETMASK_NIL; 220 221 struct cmd { 222 char *c_name; 223 int64_t c_parameter; /* NEXTARG means next argv */ 224 int (*c_func)(char *, int64_t); 225 int c_abortonfail; /* don't continue parsing args */ 226 /* for the current interface */ 227 int c_af; /* address family restrictions */ 228 } cmds[] = { 229 { "up", IFF_UP, setifflags, 0, AF_ANY }, 230 { "down", -IFF_UP, setifflags, 0, AF_ANY }, 231 { "trailers", -IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 232 { "-trailers", IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 233 { "arp", -IFF_NOARP, setifflags, 0, AF_INET }, 234 { "-arp", IFF_NOARP, setifflags, 0, AF_INET }, 235 { "router", IFF_ROUTER, setifflags, 0, AF_ANY }, 236 { "-router", -IFF_ROUTER, setifflags, 0, AF_ANY }, 237 { "private", IFF_PRIVATE, setifflags, 0, AF_ANY }, 238 { "-private", -IFF_PRIVATE, setifflags, 0, AF_ANY }, 239 { "xmit", -IFF_NOXMIT, setifflags, 0, AF_ANY }, 240 { "-xmit", IFF_NOXMIT, setifflags, 0, AF_ANY }, 241 { "-nud", IFF_NONUD, setifflags, 0, AF_INET6 }, 242 { "nud", -IFF_NONUD, setifflags, 0, AF_INET6 }, 243 { "anycast", IFF_ANYCAST, setifflags, 0, AF_ANY }, 244 { "-anycast", -IFF_ANYCAST, setifflags, 0, AF_ANY }, 245 { "local", -IFF_NOLOCAL, setifflags, 0, AF_ANY }, 246 { "-local", IFF_NOLOCAL, setifflags, 0, AF_ANY }, 247 { "deprecated", IFF_DEPRECATED, setifflags, 0, AF_ANY }, 248 { "-deprecated", -IFF_DEPRECATED, setifflags, 0, AF_ANY }, 249 { "preferred", IFF_PREFERRED, setifflags, 0, AF_INET6 }, 250 { "-preferred", -IFF_PREFERRED, setifflags, 0, AF_INET6 }, 251 { "debug", 0, setdebugflag, 0, AF_ANY }, 252 { "verbose", 0, setverboseflag, 0, AF_ANY }, 253 { NETMASK_CMD, NEXTARG, setifnetmask, 0, AF_INET }, 254 { "metric", NEXTARG, setifmetric, 0, AF_ANY }, 255 { "mtu", NEXTARG, setifmtu, 0, AF_ANY }, 256 { "index", NEXTARG, setifindex, 0, AF_ANY }, 257 { "broadcast", NEXTARG, setifbroadaddr, 0, AF_INET }, 258 { "auto-revarp", 0, setifrevarp, 1, AF_INET }, 259 { "plumb", 0, inetplumb, 1, AF_ANY }, 260 { "unplumb", 0, inetunplumb, 0, AF_ANY }, 261 { "subnet", NEXTARG, setifsubnet, 0, AF_ANY }, 262 { "token", NEXTARG, setiftoken, 0, AF_INET6 }, 263 { "tsrc", NEXTARG, setiftsrc, 0, AF_ANY }, 264 { "tdst", NEXTARG, setiftdst, 0, AF_ANY }, 265 { "encr_auth_algs", NEXTARG, set_tun_esp_auth_alg, 0, AF_ANY }, 266 { "encr_algs", NEXTARG, set_tun_esp_encr_alg, 0, AF_ANY }, 267 { "auth_algs", NEXTARG, set_tun_ah_alg, 0, AF_ANY }, 268 { "addif", NEXTARG, addif, 1, AF_ANY }, 269 { "removeif", NEXTARG, removeif, 1, AF_ANY }, 270 { "modlist", 0, modlist, 1, AF_ANY }, 271 { "modinsert", NEXTARG, modinsert, 1, AF_ANY }, 272 { "modremove", NEXTARG, modremove, 1, AF_ANY }, 273 { "failover", -IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 274 { "-failover", IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 275 { "standby", IFF_STANDBY, setifflags, 1, AF_ANY }, 276 { "-standby", -IFF_STANDBY, setifflags, 1, AF_ANY }, 277 { "failed", IFF_FAILED, setifflags, 1, AF_ANY }, 278 { "-failed", -IFF_FAILED, setifflags, 1, AF_ANY }, 279 { "group", NEXTARG, setifgroupname, 1, AF_ANY }, 280 { "configinfo", 0, configinfo, 1, AF_ANY }, 281 { "encaplimit", NEXTARG, set_tun_encap_limit, 0, AF_ANY }, 282 { "-encaplimit", 0, clr_tun_encap_limit, 0, AF_ANY }, 283 { "thoplimit", NEXTARG, set_tun_hop_limit, 0, AF_ANY }, 284 { "set", NEXTARG, setifaddr, 0, AF_ANY }, 285 { "destination", NEXTARG, setifdstaddr, 0, AF_ANY }, 286 { "zone", NEXTARG, setzone, 0, AF_ANY }, 287 { "-zone", 0, setzone, 0, AF_ANY }, 288 { "all-zones", 0, setallzones, 0, AF_ANY }, 289 { "ether", OPTARG, setifether, 0, AF_ANY }, 290 { "usesrc", NEXTARG, setifsrc, 0, AF_ANY }, 291 { 0, 0, setifaddr, 0, AF_ANY }, 292 { 0, 0, setifdstaddr, 0, AF_ANY }, 293 { 0, 0, 0, 0, 0 }, 294 }; 295 296 297 typedef struct if_config_cmd { 298 uint64_t iff_flag; 299 char *iff_name; 300 } if_config_cmd_t; 301 302 static if_config_cmd_t if_config_cmd_tbl[] = { 303 { IFF_UP, "up" }, 304 { IFF_NOTRAILERS, "-trailers" }, 305 { IFF_PRIVATE, "private" }, 306 { IFF_NOXMIT, "-xmit" }, 307 { IFF_ANYCAST, "anycast" }, 308 { IFF_NOLOCAL, "-local" }, 309 { IFF_DEPRECATED, "deprecated" }, 310 { IFF_NOFAILOVER, "-failover" }, 311 { IFF_STANDBY, "standby" }, 312 { IFF_FAILED, "failed" }, 313 { IFF_PREFERRED, "preferred" }, 314 { 0, 0 }, 315 }; 316 317 typedef struct ni { 318 char ni_name[LIFNAMSIZ]; 319 struct ni *ni_next; 320 } ni_t; 321 322 static ni_t *ni_list = NULL; 323 static int num_ni = 0; 324 325 /* End defines and structure definitions for ifconfig -a plumb */ 326 327 /* Known address families */ 328 struct afswtch { 329 char *af_name; 330 short af_af; 331 void (*af_status)(); 332 void (*af_getaddr)(); 333 void (*af_configinfo)(); 334 } afs[] = { 335 { "inet", AF_INET, in_status, in_getaddr, in_configinfo }, 336 { "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo }, 337 { 0, 0, 0, 0, 0 } 338 }; 339 340 #define SOCKET_AF(af) (((af) == AF_UNSPEC) ? AF_INET : (af)) 341 342 struct afswtch *afp; /* the address family being set or asked about */ 343 344 int 345 main(int argc, char *argv[]) 346 { 347 /* Include IFF_NOXMIT, IFF_TEMPORARY and all zone interfaces */ 348 int64_t lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES; 349 char *default_ip_str; 350 351 if (argc < 2) { 352 usage(); 353 exit(1); 354 } 355 argc--, argv++; 356 if (strlen(*argv) > sizeof (name) - 1) { 357 (void) fprintf(stderr, "%s: interface name too long\n", *argv); 358 exit(1); 359 } 360 (void) strncpy(name, *argv, sizeof (name)); 361 name[sizeof (name) - 1] = '\0'; 362 (void) strncpy(origname, name, sizeof (origname)); /* For addif */ 363 default_ip_str = NULL; 364 v4compat = get_compat_flag(&default_ip_str); 365 if (v4compat == DEFAULT_PROT_BAD_VALUE) { 366 (void) fprintf(stderr, 367 "ifconfig: %s: Bad value for %s in %s\n", default_ip_str, 368 DEFAULT_IP, INET_DEFAULT_FILE); 369 free(default_ip_str); 370 exit(2); 371 } 372 free(default_ip_str); 373 argc--, argv++; 374 if (argc > 0) { 375 struct afswtch *myafp; 376 377 for (myafp = afp = afs; myafp->af_name; myafp++) { 378 if (strcmp(myafp->af_name, *argv) == 0) { 379 afp = myafp; argc--; argv++; 380 break; 381 } 382 } 383 af = lifr.lifr_addr.ss_family = afp->af_af; 384 if (af == AF_INET6) { 385 v4compat = 0; 386 } 387 } 388 389 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 390 if (s < 0) { 391 Perror0_exit("socket"); 392 } 393 394 /* 395 * Special interface names is any combination of these flags. 396 * Note that due to the ifconfig syntax they have to be combined 397 * as a single '-' option. 398 * -a All interfaces 399 * -u "up" interfaces 400 * -d "down" interfaces 401 * -D Interfaces not controlled by DHCP 402 * -4 IPv4 interfaces 403 * -6 IPv6 interfaces 404 * -X Turn on debug (not documented) 405 * -v Turn on verbose 406 * -Z Only interfaces in caller's zone 407 */ 408 409 if (name[0] == '-') { 410 /* One or more options */ 411 int64_t onflags = 0; 412 int64_t offflags = 0; 413 int c; 414 char *av[2] = { "ifconfig", name }; 415 416 while ((c = getopt(2, av, "audDXZ46v")) != -1) { 417 switch ((char)c) { 418 case 'a': 419 all = 1; 420 break; 421 case 'u': 422 onflags |= IFF_UP; 423 break; 424 case 'd': 425 offflags |= IFF_UP; 426 break; 427 case 'D': 428 offflags |= IFF_DHCPRUNNING; 429 break; 430 case 'X': 431 debug += 3; 432 break; 433 case 'Z': 434 lifc_flags &= ~LIFC_ALLZONES; 435 break; 436 case '4': 437 /* 438 * -4 is not a compatable flag, therefore 439 * we assume they want v4compat turned off 440 */ 441 v4compat = 0; 442 onflags |= IFF_IPV4; 443 break; 444 case '6': 445 /* 446 * If they want IPv6, well then we'll assume 447 * they don't want IPv4 compat 448 */ 449 v4compat = 0; 450 onflags |= IFF_IPV6; 451 break; 452 case 'v': 453 verbose = 1; 454 break; 455 case '?': 456 usage(); 457 exit(1); 458 } 459 } 460 if (!all) { 461 (void) fprintf(stderr, 462 "ifconfig: %s: no such interface\n", 463 name); 464 exit(1); 465 } 466 foreachinterface(ifconfig, argc, argv, af, onflags, offflags, 467 lifc_flags); 468 } else { 469 ifconfig(argc, argv, af, (struct lifreq *)NULL); 470 } 471 return (0); 472 } 473 474 /* 475 * For each interface, call (*func)(argc, argv, af, lifrp). 476 * Only call function if onflags and offflags are set or clear, respectively, 477 * in the interfaces flags field. 478 */ 479 static void 480 foreachinterface(void (*func)(), int argc, char *argv[], int af, 481 int64_t onflags, int64_t offflags, int64_t lifc_flags) 482 { 483 int n; 484 char *buf; 485 struct lifnum lifn; 486 struct lifconf lifc; 487 struct lifreq *lifrp; 488 struct lifreq lifrl; /* Local lifreq struct */ 489 int numifs; 490 unsigned bufsize; 491 int plumball = 0; 492 int save_af = af; 493 494 buf = NULL; 495 /* 496 * Special case: 497 * ifconfig -a plumb should find all network interfaces 498 * in the machine by traversing the devinfo tree for global zone. 499 * For non-global zones, only find the assigned interfaces. 500 * Also, there is no need to SIOCGLIF* ioctls, since 501 * those interfaces have already been plumbed 502 */ 503 if (argc > 0 && (strcmp(*argv, "plumb") == 0)) { 504 if (getzoneid() == GLOBAL_ZONEID) { 505 if (find_all_global_interfaces(&lifc, &buf, 506 lifc_flags) != 0) 507 return; 508 } else { 509 if (find_all_zone_interfaces(&lifc, &buf, 510 lifc_flags) != 0) 511 return; 512 } 513 if (lifc.lifc_len == 0) 514 return; 515 plumball = 1; 516 } else { 517 lifn.lifn_family = AF_UNSPEC; 518 lifn.lifn_flags = lifc_flags; 519 if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) { 520 Perror0_exit("Could not determine number" 521 " of interfaces"); 522 } 523 numifs = lifn.lifn_count; 524 if (debug) 525 (void) printf("ifconfig: %d interfaces\n", numifs); 526 527 bufsize = numifs * sizeof (struct lifreq); 528 if ((buf = malloc(bufsize)) == NULL) { 529 Perror0("out of memory\n"); 530 (void) close(s); 531 return; 532 } 533 534 lifc.lifc_family = AF_UNSPEC; 535 lifc.lifc_flags = lifc_flags; 536 lifc.lifc_len = bufsize; 537 lifc.lifc_buf = buf; 538 539 if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) { 540 Perror0("SIOCGLIFCONF"); 541 (void) close(s); 542 free(buf); 543 return; 544 } 545 } 546 547 lifrp = lifc.lifc_req; 548 for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) { 549 550 if (!plumball) { 551 /* 552 * We must close and recreate the socket each time 553 * since we don't know what type of socket it is now 554 * (each status function may change it). 555 */ 556 557 (void) close(s); 558 559 af = lifrp->lifr_addr.ss_family; 560 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 561 if (s == -1) { 562 /* 563 * Perror0() assumes the name to be in the 564 * globally defined lifreq structure. 565 */ 566 (void) strncpy(lifr.lifr_name, 567 lifrp->lifr_name, sizeof (lifr.lifr_name)); 568 Perror0_exit("socket"); 569 } 570 } 571 572 /* 573 * Only service interfaces that match the on and off 574 * flags masks. 575 */ 576 if (onflags || offflags) { 577 (void) memset(&lifrl, 0, sizeof (lifrl)); 578 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name, 579 sizeof (lifrl.lifr_name)); 580 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrl) < 0) { 581 /* 582 * Perror0() assumes the name to be in the 583 * globally defined lifreq structure. 584 */ 585 (void) strncpy(lifr.lifr_name, 586 lifrp->lifr_name, sizeof (lifr.lifr_name)); 587 Perror0_exit("foreachinterface: SIOCGLIFFLAGS"); 588 } 589 if ((lifrl.lifr_flags & onflags) != onflags) 590 continue; 591 if ((~lifrl.lifr_flags & offflags) != offflags) 592 continue; 593 } 594 595 if (!plumball) { 596 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name, 597 sizeof (lifrl.lifr_name)); 598 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifrl) < 0) { 599 /* 600 * Perror0() assumes the name to be in the 601 * globally defined lifreq structure. 602 */ 603 (void) strncpy(lifr.lifr_name, 604 lifrp->lifr_name, sizeof (lifr.lifr_name)); 605 Perror0("foreachinterface: SIOCGLIFADDR"); 606 continue; 607 } 608 if (lifrl.lifr_addr.ss_family != af) { 609 /* Switch address family */ 610 af = lifrl.lifr_addr.ss_family; 611 (void) close(s); 612 613 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 614 if (s == -1) { 615 /* 616 * Perror0() assumes the name to be in 617 * the globally defined lifreq 618 * structure. 619 */ 620 (void) strncpy(lifr.lifr_name, 621 lifrp->lifr_name, 622 sizeof (lifr.lifr_name)); 623 Perror0_exit("socket"); 624 } 625 } 626 } 627 628 /* 629 * Reset global state 630 * setaddr: Used by parser to tear apart source and dest 631 * name and origname contain the name of the 'current' 632 * interface. 633 */ 634 setaddr = 0; 635 (void) strncpy(name, lifrp->lifr_name, sizeof (name)); 636 (void) strncpy(origname, name, sizeof (origname)); 637 638 (*func)(argc, argv, save_af, lifrp); 639 /* the func could have overwritten origname, so restore */ 640 (void) strncpy(name, origname, sizeof (name)); 641 } 642 if (buf != NULL) 643 free(buf); 644 } 645 646 static void 647 tun_reality_check(void) 648 { 649 struct iftun_req treq; 650 ipsec_req_t *ipsr; 651 652 (void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name)); 653 if (strchr(name, ':') != NULL) { 654 /* Return, we don't need to check. */ 655 return; 656 } 657 if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0 || 658 (treq.ifta_flags & IFTUN_SECURITY) == 0) { 659 /* 660 * Either not a tunnel (the SIOCGTUNPARAM fails on 661 * non-tunnels), or the security flag is not set. Either 662 * way, return. 663 */ 664 return; 665 } 666 667 ipsr = (ipsec_req_t *)&treq.ifta_secinfo; 668 669 if (ipsr->ipsr_esp_req != 0 && 670 ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE && 671 ipsr->ipsr_ah_req == 0) 672 (void) fprintf(stderr, "ifconfig: WARNING - tunnel with " 673 "only ESP and potentially no authentication.\n"); 674 } 675 676 /* 677 * for the specified interface call (*func)(argc, argv, af, lifrp). 678 */ 679 680 static void 681 ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp) 682 { 683 static boolean_t scan_netmask = _B_FALSE; 684 int ret; 685 686 if (argc == 0) { 687 status(); 688 return; 689 } 690 691 if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) { 692 /* 693 * Some errors are ignored in the case where more than one 694 * interface is being operated on. 695 */ 696 ret = setifdhcp("ifconfig", name, argc, argv); 697 if (ret == DHCP_EXIT_IF_FAILURE) { 698 if (!all) 699 exit(DHCP_EXIT_FAILURE); 700 } else if (ret != DHCP_EXIT_SUCCESS) { 701 exit(ret); 702 } 703 return; 704 } 705 706 /* 707 * The following is a "hack" to get around the existing interface 708 * setting mechanism. Currently, each interface attribute, 709 * such as address, netmask, broadcast, ... is set separately. But 710 * sometimes two or more attributes must be set together. For 711 * example, setting an address without a netmask does not make sense. 712 * Yet they can be set separately for IPv4 address using the current 713 * ifconfig(1M) syntax. The kernel then "infers" the correct netmask 714 * using the deprecated "IP address classes." This is simply not 715 * correct. 716 * 717 * The "hack" below is to go thru the whole command list looking for 718 * the netmask command first. Then use this netmask to set the 719 * address. This does not provide an extensible way to accommodate 720 * future need for setting more than one attributes together. 721 * 722 * Note that if the "netmask" command argument is a "+", we need 723 * to save this info and do the query after we know the address to 724 * be set. The reason is that if "addif" is used, the working 725 * interface name will be changed later when the logical interface 726 * is created. In in_getmask(), if an address is not provided, 727 * it will use the working interface's address to do the query. 728 * It will be wrong now as we don't know the logical interface's name. 729 * 730 * ifconfig(1M) is too overloaded and the code is so convoluted 731 * that it is "safer" not to re-architect the code to fix the above 732 * issue, hence this "hack." We may be better off to have a new 733 * command with better syntax for configuring network interface 734 * parameters... 735 */ 736 if (!scan_netmask && afp->af_af == AF_INET) { 737 int largc; 738 char **largv; 739 740 /* Only go thru the command list once to find the netmask. */ 741 scan_netmask = _B_TRUE; 742 743 /* 744 * Currently, if multiple netmask commands are specified, the 745 * last one will be used as the final netmask. So we need 746 * to scan the whole list to preserve this behavior. 747 */ 748 for (largc = argc, largv = argv; largc > 0; largc--, largv++) { 749 if (strcmp(*largv, NETMASK_CMD) == 0) { 750 if (--largc == 0) 751 break; 752 largv++; 753 if (strcmp(*largv, "+") == 0) { 754 g_netmask_set = G_NETMASK_PENDING; 755 } else { 756 in_getaddr(*largv, (struct sockaddr *) 757 &g_netmask, NULL); 758 g_netmask_set = G_NETMASK_SET; 759 } 760 /* Continue the scan. */ 761 } 762 } 763 } 764 765 while (argc > 0) { 766 struct cmd *p; 767 boolean_t found_cmd; 768 769 if (debug) 770 (void) printf("ifconfig: argv %s\n", *argv); 771 772 found_cmd = _B_FALSE; 773 for (p = cmds; p->c_func; p++) { 774 if (p->c_name) { 775 if (strcmp(*argv, p->c_name) == 0) { 776 /* 777 * indicate that the command was 778 * found and check to see if 779 * the address family is valid 780 */ 781 found_cmd = _B_TRUE; 782 if (p->c_af == AF_ANY || 783 af == p->c_af) 784 break; 785 } 786 } else { 787 if (p->c_af == AF_ANY || 788 af == p->c_af) 789 break; 790 } 791 } 792 /* 793 * If we found the keyword, but the address family 794 * did not match spit out an error 795 */ 796 if (found_cmd && p->c_name == 0) { 797 (void) fprintf(stderr, "ifconfig: Operation %s not" 798 " supported for %s\n", *argv, afp->af_name); 799 exit(1); 800 } 801 /* 802 * else (no keyword found), we assume it's an address 803 * of some sort 804 */ 805 if (p->c_name == 0 && setaddr) 806 p++; /* got src, do dst */ 807 if (p->c_func) { 808 if (p->c_af == AF_INET6) { 809 v4compat = 0; 810 } 811 if (p->c_parameter == NEXTARG || 812 p->c_parameter == OPTARG) { 813 argc--, argv++; 814 if (argc == 0 && p->c_parameter == NEXTARG) { 815 (void) fprintf(stderr, 816 "ifconfig: no argument for %s\n", 817 p->c_name); 818 exit(1); 819 } 820 } 821 /* 822 * Call the function if: 823 * 824 * there's no address family 825 * restriction 826 * OR 827 * we don't know the address yet 828 * (because we were called from 829 * main) 830 * OR 831 * there is a restriction AND 832 * the address families match 833 */ 834 if ((p->c_af == AF_ANY) || 835 (lifrp == (struct lifreq *)NULL) || 836 (lifrp->lifr_addr.ss_family == p->c_af)) { 837 ret = (*p->c_func)(*argv, p->c_parameter); 838 /* 839 * If c_func failed and we should 840 * abort processing for this 841 * interface on failure, return 842 * now rather than going on to 843 * process other commands for 844 * the same interface. 845 */ 846 if (ret != 0 && p->c_abortonfail) 847 return; 848 } 849 } 850 argc--, argv++; 851 } 852 853 /* Check to see if there's a security hole in the tunnel setup. */ 854 tun_reality_check(); 855 } 856 857 /* ARGSUSED */ 858 static int 859 setdebugflag(char *val, int64_t arg) 860 { 861 debug++; 862 return (0); 863 } 864 865 /* ARGSUSED */ 866 static int 867 setverboseflag(char *val, int64_t arg) 868 { 869 verbose++; 870 return (0); 871 } 872 873 /* 874 * This function fills in the given lifreq's lifr_addr field based on 875 * g_netmask_set. 876 */ 877 static void 878 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr, 879 struct sockaddr_storage *mask) 880 { 881 assert(addr != NULL); 882 assert(mask != NULL); 883 884 switch (g_netmask_set) { 885 case G_NETMASK_SET: 886 lifr->lifr_addr = g_netmask; 887 break; 888 889 case G_NETMASK_PENDING: 890 /* 891 * "+" is used as the argument to "netmask" command. Query 892 * the database on the correct netmask based on the address to 893 * be set. 894 */ 895 assert(afp->af_af == AF_INET); 896 g_netmask = *addr; 897 if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) { 898 lifr->lifr_addr = *mask; 899 g_netmask_set = G_NETMASK_NIL; 900 } else { 901 lifr->lifr_addr = g_netmask; 902 g_netmask_set = G_NETMASK_SET; 903 } 904 break; 905 906 case G_NETMASK_NIL: 907 default: 908 lifr->lifr_addr = *mask; 909 break; 910 } 911 } 912 913 /* 914 * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n> 915 * syntax for setting the address, the address plus netmask, and just 916 * the netmask respectively. 917 */ 918 /* ARGSUSED */ 919 static int 920 setifaddr(char *addr, int64_t param) 921 { 922 int prefixlen = 0; 923 struct sockaddr_storage laddr; 924 struct sockaddr_storage netmask; 925 struct sockaddr_in6 *sin6; 926 struct sockaddr_in *sin; 927 struct sockaddr_storage sav_netmask; 928 929 if (addr[0] == '/') 930 return (setifprefixlen(addr, 0)); 931 932 (*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen); 933 934 (void) memset(&netmask, 0, sizeof (netmask)); 935 netmask.ss_family = afp->af_af; 936 switch (prefixlen) { 937 case NO_PREFIX: 938 /* Nothing there - ok */ 939 break; 940 case BAD_ADDR: 941 (void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n", 942 addr); 943 exit(1); 944 default: 945 if (afp->af_af == AF_INET6) { 946 sin6 = (struct sockaddr_in6 *)&netmask; 947 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 948 (uchar_t *)&sin6->sin6_addr)) { 949 (void) fprintf(stderr, "ifconfig: " 950 "Bad prefix length: %d\n", 951 prefixlen); 952 exit(1); 953 } 954 } else { 955 sin = (struct sockaddr_in *)&netmask; 956 if (!in_prefixlentomask(prefixlen, IP_ABITS, 957 (uchar_t *)&sin->sin_addr)) { 958 (void) fprintf(stderr, "ifconfig: " 959 "Bad prefix length: %d\n", 960 prefixlen); 961 exit(1); 962 } 963 } 964 /* 965 * Just in case of funny setting of both prefix and netmask, 966 * prefix should override the netmask command. 967 */ 968 g_netmask_set = G_NETMASK_NIL; 969 break; 970 } 971 /* Tell parser that an address was set */ 972 setaddr++; 973 /* save copy of netmask to restore in case of error */ 974 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 975 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) 976 Perror0_exit("SIOCGLIFNETMASK"); 977 sav_netmask = lifr.lifr_addr; 978 979 /* 980 * If setting the address and not the mask, clear any existing mask 981 * and the kernel will then assign the default (netmask has been set 982 * to 0 in this case). If setting both (either by using a prefix or 983 * using the netmask command), set the mask first, so the address will 984 * be interpreted correctly. 985 */ 986 set_mask_lifreq(&lifr, &laddr, &netmask); 987 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 988 Perror0_exit("SIOCSLIFNETMASK"); 989 990 if (debug) { 991 char abuf[INET6_ADDRSTRLEN]; 992 void *addr = (afp->af_af == AF_INET) ? 993 (void *)&((struct sockaddr_in *)&laddr)->sin_addr : 994 (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr; 995 996 (void) printf("Setting %s af %d addr %s\n", 997 lifr.lifr_name, afp->af_af, 998 inet_ntop(afp->af_af, addr, abuf, sizeof (abuf))); 999 } 1000 lifr.lifr_addr = laddr; 1001 lifr.lifr_addr.ss_family = afp->af_af; 1002 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) { 1003 /* 1004 * Restore the netmask 1005 */ 1006 int saverr = errno; 1007 1008 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1009 lifr.lifr_addr = sav_netmask; 1010 (void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr); 1011 errno = saverr; 1012 Perror0_exit("SIOCSLIFADDR"); 1013 } 1014 1015 return (0); 1016 } 1017 1018 /* 1019 * The following functions are stolen from the ipseckey(1m) program. 1020 * Perhaps they should be somewhere common, but for now, we just maintain 1021 * two versions. We do this because of the different semantics for which 1022 * algorithms we select ("requested" for ifconfig vs. "actual" for key). 1023 */ 1024 1025 static ulong_t 1026 parsenum(char *num) 1027 { 1028 ulong_t rc; 1029 char *end = NULL; 1030 1031 errno = 0; 1032 rc = strtoul(num, &end, 0); 1033 if (errno != 0 || end == num || *end != '\0') { 1034 rc = (ulong_t)-1; 1035 } 1036 1037 return (rc); 1038 } 1039 1040 /* 1041 * Parse and reverse parse possible algorithm values, include numbers. 1042 * Mostly stolen from ipseckey.c. See the comments above parsenum() for why 1043 * this isn't common to ipseckey.c. 1044 * 1045 * NOTE: Static buffer in this function for the return value. Since ifconfig 1046 * isn't multithreaded, this isn't a huge problem. 1047 */ 1048 1049 #define NBUF_SIZE 20 /* Enough to print a large integer. */ 1050 1051 static char * 1052 rparsealg(uint8_t alg_value, int proto_num) 1053 { 1054 struct ipsecalgent *alg; 1055 static char numprint[128]; /* Enough to hold an algorithm name. */ 1056 1057 /* Special-case 0 to return "<any-none>" */ 1058 if (alg_value == 0) 1059 return ("<any-none>"); 1060 1061 alg = getipsecalgbynum(alg_value, proto_num, NULL); 1062 if (alg != NULL) { 1063 (void) strlcpy(numprint, alg->a_names[0], sizeof (numprint)); 1064 freeipsecalgent(alg); 1065 } else { 1066 (void) snprintf(numprint, sizeof (numprint), "%d", alg_value); 1067 } 1068 1069 return (numprint); 1070 } 1071 1072 static uint_t 1073 parsealg(char *algname, int proto_num) 1074 { 1075 struct ipsecalgent *alg; 1076 ulong_t invalue; 1077 1078 if (algname == NULL) { 1079 (void) fprintf(stderr, "ifconfig: Unexpected end of command " 1080 "line.\n"); 1081 exit(1); 1082 } 1083 1084 /* 1085 * Special-case "none". Use strcasecmp because its length is 1086 * bound. 1087 */ 1088 if (strcasecmp("none", algname) == 0) { 1089 return ((proto_num == IPSEC_PROTO_ESP) ? 1090 NO_ESP_EALG : NO_ESP_AALG); 1091 } 1092 1093 alg = getipsecalgbyname(algname, proto_num, NULL); 1094 if (alg != NULL) { 1095 invalue = alg->a_alg_num; 1096 freeipsecalgent(alg); 1097 return ((uint_t)invalue); 1098 } 1099 1100 /* 1101 * Since algorithms can be loaded during kernel run-time, check for 1102 * numeric algorithm values too. 1103 */ 1104 invalue = parsenum(algname); 1105 if ((invalue & (ulong_t)0xff) == invalue) 1106 return ((uint_t)invalue); 1107 1108 (void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n", 1109 (proto_num == IPSEC_PROTO_ESP) ? 1110 "Encryption" : "Authentication", algname); 1111 exit(1); 1112 /* NOTREACHED */ 1113 } 1114 1115 /* 1116 * Actual ifconfig functions to set tunnel security properties. 1117 */ 1118 1119 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG }; 1120 1121 boolean_t first_set_tun = _B_TRUE; 1122 boolean_t encr_alg_set = _B_FALSE; 1123 1124 static int 1125 set_tun_algs(int which_alg, int alg) 1126 { 1127 struct iftun_req treq; 1128 ipsec_req_t *ipsr; 1129 1130 (void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name)); 1131 if (strchr(name, ':') != NULL) { 1132 errno = EPERM; 1133 Perror0_exit("Tunnel params on logical interfaces"); 1134 } 1135 if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0) { 1136 if (errno == EOPNOTSUPP || errno == EINVAL) 1137 Perror0_exit("Not a tunnel"); 1138 else Perror0_exit("SIOCGTUNPARAM"); 1139 } 1140 1141 ipsr = (ipsec_req_t *)&treq.ifta_secinfo; 1142 1143 if (treq.ifta_vers != IFTUN_VERSION) { 1144 (void) fprintf(stderr, 1145 "Kernel tunnel secinfo version mismatch.\n"); 1146 exit(1); 1147 } 1148 1149 /* 1150 * If I'm just starting off this ifconfig, I want a clean slate, 1151 * otherwise, I've captured the current tunnel security settings. 1152 * In the case of continuation, I merely add to the settings. 1153 */ 1154 if (first_set_tun) { 1155 first_set_tun = _B_FALSE; 1156 (void) memset(ipsr, 0, sizeof (*ipsr)); 1157 } 1158 1159 treq.ifta_flags = IFTUN_SECURITY; 1160 1161 switch (which_alg) { 1162 case ESP_ENCR_ALG: 1163 if (alg == NO_ESP_EALG) { 1164 if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE) 1165 ipsr->ipsr_esp_req = 0; 1166 ipsr->ipsr_esp_alg = SADB_EALG_NONE; 1167 } else { 1168 encr_alg_set = _B_TRUE; 1169 ipsr->ipsr_esp_req = 1170 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1171 ipsr->ipsr_esp_alg = alg; 1172 } 1173 break; 1174 case ESP_AUTH_ALG: 1175 if (alg == NO_ESP_AALG) { 1176 if (ipsr->ipsr_esp_alg == SADB_EALG_NONE || 1177 ipsr->ipsr_esp_alg == SADB_EALG_NULL) 1178 ipsr->ipsr_esp_req = 0; 1179 ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE; 1180 } else { 1181 ipsr->ipsr_esp_req = 1182 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1183 ipsr->ipsr_esp_auth_alg = alg; 1184 1185 /* Let the user specify NULL encryption implicitly. */ 1186 if (ipsr->ipsr_esp_alg == SADB_EALG_NONE && 1187 !encr_alg_set) 1188 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1189 } 1190 break; 1191 case AH_AUTH_ALG: 1192 if (alg == NO_AH_AALG) { 1193 ipsr->ipsr_ah_req = 0; 1194 ipsr->ipsr_auth_alg = SADB_AALG_NONE; 1195 } else { 1196 ipsr->ipsr_ah_req = 1197 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1198 ipsr->ipsr_auth_alg = alg; 1199 } 1200 break; 1201 /* Will never hit DEFAULT */ 1202 } 1203 1204 if (ioctl(s, SIOCSTUNPARAM, (caddr_t)&treq) < 0) { 1205 Perror2_exit("set tunnel security properties", 1206 treq.ifta_lifr_name); 1207 } 1208 1209 return (0); 1210 } 1211 1212 /* ARGSUSED */ 1213 static int 1214 set_tun_esp_encr_alg(char *addr, int64_t param) 1215 { 1216 return (set_tun_algs(ESP_ENCR_ALG, 1217 parsealg(addr, IPSEC_PROTO_ESP))); 1218 } 1219 1220 /* ARGSUSED */ 1221 static int 1222 set_tun_esp_auth_alg(char *addr, int64_t param) 1223 { 1224 return (set_tun_algs(ESP_AUTH_ALG, 1225 parsealg(addr, IPSEC_PROTO_AH))); 1226 } 1227 1228 /* ARGSUSED */ 1229 static int 1230 set_tun_ah_alg(char *addr, int64_t param) 1231 { 1232 return (set_tun_algs(AH_AUTH_ALG, 1233 parsealg(addr, IPSEC_PROTO_AH))); 1234 } 1235 1236 /* ARGSUSED */ 1237 static int 1238 setifrevarp(char *arg, int64_t param) 1239 { 1240 struct sockaddr_in laddr; 1241 1242 if (afp->af_af == AF_INET6) { 1243 (void) fprintf(stderr, 1244 "ifconfig: revarp not possible on IPv6 interface %s\n", 1245 name); 1246 exit(1); 1247 } 1248 if (doifrevarp(name, &laddr)) { 1249 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1250 laddr.sin_family = AF_INET; 1251 (void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr)); 1252 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1253 Perror0_exit("SIOCSLIFADDR"); 1254 } 1255 return (0); 1256 } 1257 1258 /* ARGSUSED */ 1259 static int 1260 setifsubnet(char *addr, int64_t param) 1261 { 1262 int prefixlen = 0; 1263 struct sockaddr_storage subnet; 1264 1265 (*afp->af_getaddr)(addr, &subnet, &prefixlen); 1266 1267 switch (prefixlen) { 1268 case NO_PREFIX: 1269 (void) fprintf(stderr, 1270 "ifconfig: Missing prefix length in subnet %s\n", addr); 1271 exit(1); 1272 /* NOTREACHED */ 1273 case BAD_ADDR: 1274 (void) fprintf(stderr, 1275 "ifconfig: Bad prefix length in %s\n", addr); 1276 exit(1); 1277 default: 1278 break; 1279 } 1280 1281 lifr.lifr_addr = subnet; 1282 lifr.lifr_addrlen = prefixlen; 1283 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1284 if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0) 1285 Perror0_exit("SIOCSLIFSUBNET"); 1286 1287 return (0); 1288 } 1289 1290 /* ARGSUSED */ 1291 static int 1292 setifnetmask(char *addr, int64_t param) 1293 { 1294 struct sockaddr_in netmask; 1295 1296 assert(afp->af_af != AF_INET6); 1297 1298 if (strcmp(addr, "+") == 0) { 1299 if (!in_getmask(&netmask, _B_FALSE)) 1300 return (0); 1301 (void) printf("Setting netmask of %s to %s\n", name, 1302 inet_ntoa(netmask.sin_addr)); 1303 } else { 1304 in_getaddr(addr, (struct sockaddr *)&netmask, NULL); 1305 } 1306 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1307 (void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask)); 1308 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1309 Perror0_exit("SIOCSLIFNETMASK"); 1310 return (0); 1311 } 1312 1313 /* 1314 * Parse '/<n>' as a netmask. 1315 */ 1316 /* ARGSUSED */ 1317 static int 1318 setifprefixlen(char *addr, int64_t param) 1319 { 1320 int prefixlen; 1321 int af = afp->af_af; 1322 1323 prefixlen = in_getprefixlen(addr, _B_TRUE, 1324 (af == AF_INET) ? IP_ABITS : IPV6_ABITS); 1325 if (prefixlen < 0) { 1326 (void) fprintf(stderr, 1327 "ifconfig: Bad prefix length in %s\n", addr); 1328 exit(1); 1329 } 1330 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1331 lifr.lifr_addr.ss_family = af; 1332 if (af == AF_INET6) { 1333 struct sockaddr_in6 *sin6; 1334 1335 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 1336 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1337 (uchar_t *)&sin6->sin6_addr)) { 1338 (void) fprintf(stderr, "ifconfig: " 1339 "Bad prefix length: %d\n", 1340 prefixlen); 1341 exit(1); 1342 } 1343 } else if (af == AF_INET) { 1344 struct sockaddr_in *sin; 1345 1346 sin = (struct sockaddr_in *)&lifr.lifr_addr; 1347 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1348 (uchar_t *)&sin->sin_addr)) { 1349 (void) fprintf(stderr, "ifconfig: " 1350 "Bad prefix length: %d\n", 1351 prefixlen); 1352 exit(1); 1353 } 1354 } else { 1355 (void) fprintf(stderr, "ifconfig: setting prefix only supported" 1356 " for address family inet or inet6\n"); 1357 exit(1); 1358 } 1359 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1360 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1361 Perror0_exit("SIOCSLIFNETMASK"); 1362 return (0); 1363 } 1364 1365 /* ARGSUSED */ 1366 static int 1367 setifbroadaddr(char *addr, int64_t param) 1368 { 1369 struct sockaddr_in broadaddr; 1370 1371 assert(afp->af_af != AF_INET6); 1372 1373 if (strcmp(addr, "+") == 0) { 1374 /* 1375 * This doesn't set the broadcast address at all. Rather, it 1376 * gets, then sets the interface's address, relying on the fact 1377 * that resetting the address will reset the broadcast address. 1378 */ 1379 (void) strncpy(lifr.lifr_name, name, 1380 sizeof (lifr.lifr_name)); 1381 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 1382 if (errno != EADDRNOTAVAIL) 1383 Perror0_exit("SIOCGLIFADDR"); 1384 return (0); 1385 } 1386 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1387 Perror0_exit("SIOCGLIFADDR"); 1388 1389 return (0); 1390 } 1391 in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL); 1392 1393 (void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr)); 1394 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1395 if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0) 1396 Perror0_exit("SIOCSLIFBRDADDR"); 1397 return (0); 1398 } 1399 1400 /* 1401 * set interface destination address 1402 */ 1403 /* ARGSUSED */ 1404 static int 1405 setifdstaddr(char *addr, int64_t param) 1406 { 1407 (*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL); 1408 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1409 if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0) 1410 Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR"); 1411 return (0); 1412 } 1413 1414 /* ARGSUSED */ 1415 static int 1416 setifflags(char *val, int64_t value) 1417 { 1418 int phyintlen, origphyintlen; 1419 1420 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1421 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) 1422 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1423 1424 if (value == IFF_NOFAILOVER) { 1425 /* 1426 * Fail if '-failover' is set after a prior addif created the 1427 * alias on a different interface. This can happen when the 1428 * interface is part of an IPMP group. 1429 */ 1430 phyintlen = strcspn(name, ":"); 1431 origphyintlen = strcspn(origname, ":"); 1432 if (phyintlen != origphyintlen || 1433 strncmp(name, origname, phyintlen) != 0) { 1434 (void) fprintf(stderr, "ifconfig: can't set -failover " 1435 "on failed/standby/offlined interface %s\n", 1436 origname); 1437 exit(1); 1438 } 1439 } 1440 1441 if (value < 0) { 1442 value = -value; 1443 lifr.lifr_flags &= ~value; 1444 if ((value & IFF_UP) && (lifr.lifr_flags & IFF_DUPLICATE)) { 1445 /* 1446 * If the user is trying to mark an interface with a 1447 * duplicate address as "down," then fetch the address 1448 * and set it. This will cause IP to clear the 1449 * IFF_DUPLICATE flag and stop the automatic recovery 1450 * timer. 1451 */ 1452 value = lifr.lifr_flags; 1453 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) 1454 (void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr); 1455 lifr.lifr_flags = value; 1456 } 1457 } else { 1458 lifr.lifr_flags |= value; 1459 } 1460 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1461 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) { 1462 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1463 } 1464 return (0); 1465 } 1466 1467 /* ARGSUSED */ 1468 static int 1469 setifmetric(char *val, int64_t param) 1470 { 1471 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1472 lifr.lifr_metric = atoi(val); 1473 if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0) 1474 Perror0_exit("setifmetric: SIOCSLIFMETRIC"); 1475 return (0); 1476 } 1477 1478 /* ARGSUSED */ 1479 static int 1480 setifmtu(char *val, int64_t param) 1481 { 1482 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1483 lifr.lifr_mtu = atoi(val); 1484 if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0) 1485 Perror0_exit("setifmtu: SIOCSLIFMTU"); 1486 return (0); 1487 } 1488 1489 /* ARGSUSED */ 1490 static int 1491 setifindex(char *val, int64_t param) 1492 { 1493 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1494 lifr.lifr_index = atoi(val); 1495 if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0) 1496 Perror0_exit("setifindex: SIOCSLIFINDEX"); 1497 return (0); 1498 } 1499 1500 /* ARGSUSED */ 1501 static int 1502 setifether(char *addr, int64_t param) 1503 { 1504 uchar_t *ea; 1505 iface_t *current; 1506 int maclen; 1507 1508 if (addr == NULL) { 1509 ifstatus(name); 1510 print_ifether(name); 1511 return (0); 1512 } 1513 1514 phyif = NULL; 1515 logifs = NULL; 1516 1517 /* 1518 * if the IP interface in the arguments is a logical 1519 * interface, exit with an error now. 1520 */ 1521 if (strchr(name, ':') != NULL) { 1522 (void) fprintf(stderr, "ifconfig: cannot change" 1523 " ethernet address of a logical interface\n"); 1524 exit(1); 1525 } 1526 1527 ea = _link_aton(addr, &maclen); 1528 if (ea == NULL) { 1529 if (maclen == -1) 1530 (void) fprintf(stderr, 1531 "ifconfig: %s: bad address\n", addr); 1532 else 1533 (void) fprintf(stderr, "ifconfig: malloc() failed\n"); 1534 exit(1); 1535 } 1536 1537 (void) strncpy(savedname, name, sizeof (savedname)); 1538 1539 /* 1540 * Call selectifs only for the IP interfaces that are ipv4. 1541 * offflags == IFF_IPV6 because you should not change the 1542 * Ethernet address of an ipv6 interface 1543 */ 1544 foreachinterface(selectifs, 0, (char **)NULL, 0, 0, IFF_IPV6, 0); 1545 1546 /* If physical interface not found, exit now */ 1547 if (phyif == NULL) { 1548 (void) fprintf(stderr, 1549 "ifconfig: interface %s not found\n", savedname); 1550 exit(1); 1551 } 1552 1553 /* Restore */ 1554 (void) strncpy(name, savedname, sizeof (name)); 1555 (void) strncpy(origname, savedname, sizeof (origname)); 1556 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1557 1558 /* 1559 * close and reopen the socket 1560 * we don't know which type of socket we have now 1561 */ 1562 (void) close(s); 1563 s = socket(SOCKET_AF(AF_UNSPEC), SOCK_DGRAM, 0); 1564 if (s < 0) { 1565 Perror0_exit("socket"); 1566 } 1567 1568 /* 1569 * mark down the logical interfaces first, 1570 * and then the physical interface 1571 */ 1572 if (updownifs(logifs, 0) < 0 || updownifs(phyif, 0) < 0) { 1573 Perror0_exit("mark down interface failed"); 1574 } 1575 1576 /* 1577 * Change the physical address 1578 */ 1579 if (dlpi_set_address(savedname, ea, maclen) == -1) { 1580 (void) fprintf(stderr, 1581 "ifconfig: failed setting mac address on %s\n", 1582 savedname); 1583 } 1584 1585 /* 1586 * if any interfaces were marked down before changing the 1587 * ethernet address, put them up again. 1588 * First the physical interface, then the logical ones. 1589 */ 1590 if (updownifs(phyif, 1) < 0 || updownifs(logifs, 1) < 0) { 1591 Perror0_exit("mark down interface failed"); 1592 } 1593 1594 /* Free the memory allocated by selectifs */ 1595 free(phyif); 1596 for (current = logifs; current != NULL; current = logifs) { 1597 logifs = logifs->next; 1598 free(current); 1599 } 1600 1601 return (0); 1602 } 1603 1604 /* 1605 * Print an interface's Ethernet address, if it has one. 1606 */ 1607 static void 1608 print_ifether(char *ifname) 1609 { 1610 int protocol; 1611 icfg_if_t interface; 1612 icfg_handle_t handle; 1613 int fd; 1614 1615 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1616 1617 fd = socket(AF_INET, SOCK_DGRAM, 0); 1618 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1619 /* 1620 * It's possible the interface is only configured for 1621 * IPv6; check again with AF_INET6. 1622 */ 1623 (void) close(fd); 1624 fd = socket(AF_INET6, SOCK_DGRAM, 0); 1625 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1626 (void) close(fd); 1627 return; 1628 } 1629 } 1630 (void) close(fd); 1631 1632 /* Virtual interfaces don't have MAC addresses */ 1633 if (lifr.lifr_flags & IFF_VIRTUAL) 1634 return; 1635 1636 /* 1637 * We must be careful to set if_protocol based on the current 1638 * properties of the interface. For instance, if "ip.tun0" is 1639 * configured only as an IPv6 tunnel, then if_protocol must be 1640 * set to AF_INET6 or icfg_get_tunnel_lower() will fail and 1641 * we will falsely conclude that it's not a tunnel. 1642 */ 1643 interface.if_protocol = AF_INET; 1644 if (lifr.lifr_flags & IFF_IPV6) 1645 interface.if_protocol = AF_INET6; 1646 1647 (void) strncpy(interface.if_name, ifname, sizeof (interface.if_name)); 1648 1649 if (icfg_open(&handle, &interface) == ICFG_SUCCESS) { 1650 if (icfg_get_tunnel_lower(handle, &protocol) == ICFG_SUCCESS) { 1651 /* Tunnel op succeeded -- it's a tunnel so skip */ 1652 icfg_close(handle); 1653 return; 1654 } 1655 icfg_close(handle); 1656 } 1657 1658 dlpi_print_address(ifname); 1659 } 1660 1661 /* 1662 * static void selectifs(int argc, char *argv[], int af, struct lifreq *rp) 1663 * 1664 * Called inside setifether() to create a list of interfaces to 1665 * mark down/up when changing the Ethernet address. 1666 * If the current interface is the physical interface passed 1667 * as an argument to ifconfig, update phyif. 1668 * If the current interface is a logical interface associated 1669 * to the physical interface, add it to the logifs list. 1670 */ 1671 /* ARGSUSED */ 1672 static void 1673 selectifs(int argc, char *argv[], int af, struct lifreq *rp) 1674 { 1675 char *colonp; 1676 int length; 1677 iface_t *current; 1678 1679 /* 1680 * savedname= name of the IP interface to which you want to 1681 * change ethernet address 1682 * name= name of the current IP interface 1683 */ 1684 colonp = strchr(name, ':'); 1685 if (colonp == NULL) 1686 length = max(strlen(savedname), strlen(name)); 1687 else 1688 length = max(strlen(savedname), colonp - name); 1689 if (strncmp(savedname, name, length) == 0) { 1690 (void) strcpy(lifr.lifr_name, name); 1691 if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) { 1692 Perror0("selectifs: SIOCGLIFFLAGS"); 1693 return; 1694 } 1695 1696 if ((current = malloc(sizeof (iface_t))) == NULL) { 1697 Perror0_exit("selectifs: malloc failed\n"); 1698 } 1699 1700 if (colonp == NULL) { 1701 /* this is the physical interface */ 1702 phyif = current; 1703 bcopy(&lifr, &phyif->lifr, sizeof (struct lifreq)); 1704 phyif->next = NULL; 1705 } else { 1706 /* this is a logical interface */ 1707 bcopy(&lifr, ¤t->lifr, sizeof (struct lifreq)); 1708 current->next = logifs; 1709 logifs = current; 1710 } 1711 } 1712 } 1713 1714 /* 1715 * static int updownifs(iface_t *ifs, int up) 1716 * 1717 * It takes in input a list of IP interfaces (ifs) 1718 * and a flag (up). 1719 * It marks each interface in the list down (up = 0) 1720 * or up (up > 0). This is done ONLY if the IP 1721 * interface was originally up. 1722 * 1723 * Return values: 1724 * 0 = everything OK 1725 * -1 = problem 1726 */ 1727 static int 1728 updownifs(iface_t *ifs, int up) 1729 { 1730 iface_t *current; 1731 int ret = 0; 1732 int save_errno; 1733 char savename[LIFNAMSIZ]; 1734 uint64_t orig_flags; 1735 1736 for (current = ifs; current != NULL; current = current->next) { 1737 if (current->lifr.lifr_flags & IFF_UP) { 1738 orig_flags = current->lifr.lifr_flags; 1739 if (!up) 1740 current->lifr.lifr_flags &= ~IFF_UP; 1741 if (ioctl(s, SIOCSLIFFLAGS, ¤t->lifr) < 0) { 1742 save_errno = errno; 1743 (void) strcpy(savename, 1744 current->lifr.lifr_name); 1745 ret = -1; 1746 } 1747 if (!up) /* restore the original flags */ 1748 current->lifr.lifr_flags = orig_flags; 1749 } 1750 } 1751 1752 if (ret == -1) { 1753 (void) strcpy(lifr.lifr_name, savename); 1754 errno = save_errno; 1755 } 1756 return (ret); 1757 } 1758 1759 /* 1760 * static int find_all_global_interfaces(struct lifconf *lifcp, char **buf, 1761 * int64_t lifc_flags) 1762 * 1763 * It finds all interfaces for the global zone, that is all 1764 * the physical interfaces, using the kernel's devinfo tree. 1765 * 1766 * It takes in input a pointer to struct lifconf to receive interfaces 1767 * informations, a **char to hold allocated buffer, and a lifc_flags. 1768 * 1769 * Return values: 1770 * 0 = everything OK 1771 * -1 = problem 1772 */ 1773 static int 1774 find_all_global_interfaces(struct lifconf *lifcp, char **buf, 1775 int64_t lifc_flags) 1776 { 1777 unsigned bufsize; 1778 int n; 1779 di_node_t root; 1780 ni_t *nip; 1781 struct lifreq *lifrp; 1782 1783 /* 1784 * DINFOCACHE is equivalent to DINFOSUBTREE | DINFOMINOR | 1785 * DINFOPROP | DINFOFORCE. 1786 */ 1787 if ((root = di_init("/", DINFOCACHE)) == DI_NODE_NIL) { 1788 (void) fprintf(stderr, "ifconfig: di_init " 1789 "failed; check the devinfo driver.\n"); 1790 exit(1); 1791 } 1792 1793 (void) di_walk_minor(root, DDI_NT_NET, DI_CHECK_ALIAS, 1794 NULL, devfs_entry); 1795 di_fini(root); 1796 1797 /* 1798 * Now, translate the linked list into 1799 * a struct lifreq buffer 1800 */ 1801 if (num_ni == 0) { 1802 lifcp->lifc_family = AF_UNSPEC; 1803 lifcp->lifc_flags = lifc_flags; 1804 lifcp->lifc_len = 0; 1805 lifcp->lifc_buf = NULL; 1806 return (0); 1807 } 1808 1809 bufsize = num_ni * sizeof (struct lifreq); 1810 if ((*buf = malloc(bufsize)) == NULL) 1811 Perror0_exit("find_all_interfaces: malloc failed"); 1812 1813 lifcp->lifc_family = AF_UNSPEC; 1814 lifcp->lifc_flags = lifc_flags; 1815 lifcp->lifc_len = bufsize; 1816 lifcp->lifc_buf = *buf; 1817 1818 for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) { 1819 nip = ni_list; 1820 (void) strncpy(lifrp->lifr_name, nip->ni_name, 1821 sizeof (lifr.lifr_name)); 1822 ni_list = nip->ni_next; 1823 free(nip); 1824 } 1825 return (0); 1826 } 1827 1828 /* 1829 * static int find_all_zone_interfaces(struct lifconf *lifcp, char **buf, 1830 * int64_t lifc_flags) 1831 * 1832 * It finds all interfaces for an exclusive-IP zone, that is all the interfaces 1833 * assigned to it. 1834 * 1835 * It takes in input a pointer to struct lifconf to receive interfaces 1836 * informations, a **char to hold allocated buffer, and a lifc_flags. 1837 * 1838 * Return values: 1839 * 0 = everything OK 1840 * -1 = problem 1841 */ 1842 static int 1843 find_all_zone_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags) 1844 { 1845 zoneid_t zoneid; 1846 unsigned bufsize; 1847 char *dlnames, *ptr; 1848 struct lifreq *lifrp; 1849 int num_ni_saved, i; 1850 1851 zoneid = getzoneid(); 1852 1853 num_ni = 0; 1854 if (zone_list_datalink(zoneid, &num_ni, NULL) != 0) 1855 Perror0_exit("find_all_interfaces: list interfaces failed"); 1856 again: 1857 /* this zone doesn't have any data-links */ 1858 if (num_ni == 0) { 1859 lifcp->lifc_family = AF_UNSPEC; 1860 lifcp->lifc_flags = lifc_flags; 1861 lifcp->lifc_len = 0; 1862 lifcp->lifc_buf = NULL; 1863 return (0); 1864 } 1865 1866 dlnames = malloc(num_ni * LIFNAMSIZ); 1867 if (dlnames == NULL) 1868 Perror0_exit("find_all_interfaces: out of memory"); 1869 num_ni_saved = num_ni; 1870 1871 if (zone_list_datalink(zoneid, &num_ni, dlnames) != 0) 1872 Perror0_exit("find_all_interfaces: list interfaces failed"); 1873 1874 if (num_ni_saved < num_ni) { 1875 /* list increased, try again */ 1876 free(dlnames); 1877 goto again; 1878 } 1879 1880 /* this zone doesn't have any data-links now */ 1881 if (num_ni == 0) { 1882 free(dlnames); 1883 lifcp->lifc_family = AF_UNSPEC; 1884 lifcp->lifc_flags = lifc_flags; 1885 lifcp->lifc_len = 0; 1886 lifcp->lifc_buf = NULL; 1887 return (0); 1888 } 1889 1890 bufsize = num_ni * sizeof (struct lifreq); 1891 if ((*buf = malloc(bufsize)) == NULL) { 1892 free(dlnames); 1893 Perror0_exit("find_all_interfaces: malloc failed"); 1894 } 1895 1896 lifrp = (struct lifreq *)*buf; 1897 ptr = dlnames; 1898 for (i = 0; i < num_ni; i++) { 1899 if (strlcpy(lifrp->lifr_name, ptr, LIFNAMSIZ) >= 1900 LIFNAMSIZ) 1901 Perror0_exit("find_all_interfaces: overflow"); 1902 ptr += LIFNAMSIZ; 1903 lifrp++; 1904 } 1905 1906 free(dlnames); 1907 lifcp->lifc_family = AF_UNSPEC; 1908 lifcp->lifc_flags = lifc_flags; 1909 lifcp->lifc_len = bufsize; 1910 lifcp->lifc_buf = *buf; 1911 return (0); 1912 } 1913 1914 /* 1915 * Create the next unused logical interface using the original name 1916 * and assign the address (and mask if '/<n>' is part of the address). 1917 * Use the new logical interface for subsequent subcommands by updating 1918 * the name variable. 1919 * 1920 * This allows syntax like: 1921 * ifconfig le0 addif 109.106.86.130 netmask + up \ 1922 * addif 109.106.86.131 netmask + up 1923 */ 1924 /* ARGSUSED */ 1925 static int 1926 addif(char *str, int64_t param) 1927 { 1928 int prefixlen = 0; 1929 struct sockaddr_storage laddr; 1930 struct sockaddr_storage mask; 1931 1932 (void) strncpy(name, origname, sizeof (name)); 1933 1934 if (strchr(name, ':') != NULL) { 1935 (void) fprintf(stderr, 1936 "ifconfig: addif: bad physical interface name %s\n", 1937 name); 1938 exit(1); 1939 } 1940 1941 /* 1942 * clear so parser will interpret next address as source followed 1943 * by possible dest 1944 */ 1945 setaddr = 0; 1946 (*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen); 1947 1948 switch (prefixlen) { 1949 case NO_PREFIX: 1950 /* Nothing there - ok */ 1951 break; 1952 case BAD_ADDR: 1953 (void) fprintf(stderr, 1954 "ifconfig: Bad prefix length in %s\n", str); 1955 exit(1); 1956 default: 1957 (void) memset(&mask, 0, sizeof (mask)); 1958 mask.ss_family = afp->af_af; 1959 if (afp->af_af == AF_INET6) { 1960 struct sockaddr_in6 *sin6; 1961 sin6 = (struct sockaddr_in6 *)&mask; 1962 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1963 (uchar_t *)&sin6->sin6_addr)) { 1964 (void) fprintf(stderr, "ifconfig: " 1965 "Bad prefix length: %d\n", 1966 prefixlen); 1967 exit(1); 1968 } 1969 } else { 1970 struct sockaddr_in *sin; 1971 1972 sin = (struct sockaddr_in *)&mask; 1973 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1974 (uchar_t *)&sin->sin_addr)) { 1975 (void) fprintf(stderr, "ifconfig: " 1976 "Bad prefix length: %d\n", 1977 prefixlen); 1978 exit(1); 1979 } 1980 } 1981 g_netmask_set = G_NETMASK_NIL; 1982 break; 1983 } 1984 1985 /* 1986 * This is a "hack" to get around the problem of SIOCLIFADDIF. The 1987 * problem is that this ioctl does not include the netmask when 1988 * adding a logical interface. This is the same problem described 1989 * in the ifconfig() comments. To get around this problem, we first 1990 * add the logical interface with a 0 address. After that, we set 1991 * the netmask if provided. Finally we set the interface address. 1992 */ 1993 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1994 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1995 1996 /* Note: no need to do DAD here since the interface isn't up yet. */ 1997 1998 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) 1999 Perror0_exit("addif: SIOCLIFADDIF"); 2000 2001 (void) printf("Created new logical interface %s\n", 2002 lifr.lifr_name); 2003 (void) strncpy(name, lifr.lifr_name, sizeof (name)); 2004 2005 /* 2006 * Check and see if any "netmask" command is used and perform the 2007 * necessary operation. 2008 */ 2009 set_mask_lifreq(&lifr, &laddr, &mask); 2010 /* 2011 * Only set the netmask if "netmask" command is used or a prefix is 2012 * provided. 2013 */ 2014 if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) { 2015 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 2016 Perror0_exit("addif: SIOCSLIFNETMASK"); 2017 } 2018 2019 /* Finally, we set the interface address. */ 2020 lifr.lifr_addr = laddr; 2021 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 2022 Perror0_exit("SIOCSLIFADDR"); 2023 2024 /* 2025 * let parser know we got a source. 2026 * Next address, if given, should be dest 2027 */ 2028 setaddr++; 2029 return (0); 2030 } 2031 2032 /* 2033 * Remove a logical interface based on its IP address. Unlike addif 2034 * there is no '/<n>' here. 2035 * Verifies that the interface is down before it is removed. 2036 */ 2037 /* ARGSUSED */ 2038 static int 2039 removeif(char *str, int64_t param) 2040 { 2041 struct sockaddr_storage laddr; 2042 2043 if (strchr(name, ':') != NULL) { 2044 (void) fprintf(stderr, 2045 "ifconfig: removeif: bad physical interface name %s\n", 2046 name); 2047 exit(1); 2048 } 2049 2050 (*afp->af_getaddr)(str, &laddr, NULL); 2051 lifr.lifr_addr = laddr; 2052 2053 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2054 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) { 2055 if (errno == EBUSY) { 2056 /* This can only happen if ipif_id = 0 */ 2057 (void) fprintf(stderr, 2058 "ifconfig: removeif: can't remove interface: %s\n", 2059 name); 2060 exit(1); 2061 } 2062 Perror0_exit("removeif: SIOCLIFREMOVEIF"); 2063 } 2064 return (0); 2065 } 2066 2067 /* 2068 * Set the address token for IPv6. 2069 */ 2070 /* ARGSUSED */ 2071 static int 2072 setiftoken(char *addr, int64_t param) 2073 { 2074 int prefixlen = 0; 2075 struct sockaddr_in6 token; 2076 2077 in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen); 2078 switch (prefixlen) { 2079 case NO_PREFIX: 2080 (void) fprintf(stderr, 2081 "ifconfig: Missing prefix length in subnet %s\n", addr); 2082 exit(1); 2083 /* NOTREACHED */ 2084 case BAD_ADDR: 2085 (void) fprintf(stderr, 2086 "ifconfig: Bad prefix length in %s\n", addr); 2087 exit(1); 2088 default: 2089 break; 2090 } 2091 (void) memcpy(&lifr.lifr_addr, &token, sizeof (token)); 2092 lifr.lifr_addrlen = prefixlen; 2093 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2094 if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0) { 2095 Perror0_exit("setiftoken: SIOCSLIFTOKEN"); 2096 } 2097 return (0); 2098 } 2099 2100 /* 2101 * Return value: 0 on success, -1 on failure. 2102 */ 2103 static int 2104 connect_to_mpathd(int family) 2105 { 2106 int s; 2107 struct sockaddr_storage ss; 2108 struct sockaddr_in *sin = (struct sockaddr_in *)&ss; 2109 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&ss; 2110 struct in6_addr loopback_addr = IN6ADDR_LOOPBACK_INIT; 2111 int addrlen; 2112 int ret; 2113 int on; 2114 2115 s = socket(family, SOCK_STREAM, 0); 2116 if (s < 0) { 2117 Perror0_exit("connect_to_mpathd: socket"); 2118 } 2119 (void) bzero((char *)&ss, sizeof (ss)); 2120 ss.ss_family = family; 2121 /* 2122 * Need to bind to a privileged port. For non-root, this 2123 * will fail. in.mpathd verifies that only commands coming 2124 * from privileged ports succeed so that ordinary users 2125 * can't connect and start talking to in.mpathd 2126 */ 2127 on = 1; 2128 if (setsockopt(s, IPPROTO_TCP, TCP_ANONPRIVBIND, &on, 2129 sizeof (on)) < 0) { 2130 Perror0_exit("connect_to_mpathd: setsockopt"); 2131 } 2132 switch (family) { 2133 case AF_INET: 2134 sin->sin_port = 0; 2135 sin->sin_addr.s_addr = htonl(INADDR_LOOPBACK); 2136 addrlen = sizeof (struct sockaddr_in); 2137 break; 2138 case AF_INET6: 2139 sin6->sin6_port = 0; 2140 sin6->sin6_addr = loopback_addr; 2141 addrlen = sizeof (struct sockaddr_in6); 2142 break; 2143 } 2144 ret = bind(s, (struct sockaddr *)&ss, addrlen); 2145 if (ret != 0) { 2146 (void) close(s); 2147 return (-1); 2148 } 2149 2150 switch (family) { 2151 case AF_INET: 2152 sin->sin_port = htons(MPATHD_PORT); 2153 break; 2154 case AF_INET6: 2155 sin6->sin6_port = htons(MPATHD_PORT); 2156 break; 2157 } 2158 ret = connect(s, (struct sockaddr *)&ss, addrlen); 2159 (void) close(s); 2160 return (ret); 2161 } 2162 2163 /* ARGSUSED */ 2164 static int 2165 setifgroupname(char *grpname, int64_t param) 2166 { 2167 if (debug) { 2168 (void) printf("Setting groupname %s on interface %s\n", 2169 grpname, name); 2170 } 2171 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2172 (void) strncpy(lifr.lifr_groupname, grpname, 2173 sizeof (lifr.lifr_groupname)); 2174 if (ioctl(s, SIOCSLIFGROUPNAME, (caddr_t)&lifr) < 0) { 2175 Perror0_exit("setifgroupname: SIOCSLIFGROUPNAME"); 2176 } 2177 2178 /* 2179 * If the SUNW_NO_MPATHD environment variable is set then don't 2180 * bother starting up in.mpathd. See PSARC/2002/249 for the 2181 * depressing details on this bit of stupidity. 2182 */ 2183 if (getenv("SUNW_NO_MPATHD") != NULL) { 2184 return (0); 2185 } 2186 2187 /* 2188 * Try to connect to in.mpathd using IPv4. If we succeed, 2189 * we conclude that in.mpathd is running, and quit. 2190 */ 2191 if (connect_to_mpathd(AF_INET) == 0) { 2192 /* connect succeeded, mpathd is already running */ 2193 return (0); 2194 } 2195 /* 2196 * Try to connect to in.mpathd using IPv6. If we succeed, 2197 * we conclude that in.mpathd is running, and quit. 2198 */ 2199 if (connect_to_mpathd(AF_INET6) == 0) { 2200 /* connect succeeded, mpathd is already running */ 2201 return (0); 2202 } 2203 2204 /* 2205 * in.mpathd may not be running. Start it now. If it is already 2206 * running, in.mpathd will take care of handling multiple incarnations 2207 * of itself. ifconfig only tries to optimize performance by not 2208 * starting another incarnation of in.mpathd. 2209 */ 2210 switch (fork()) { 2211 2212 case -1: 2213 Perror0_exit("setifgroupname: fork"); 2214 /* NOTREACHED */ 2215 case 0: 2216 (void) execl(MPATHD_PATH, MPATHD_PATH, NULL); 2217 _exit(1); 2218 /* NOTREACHED */ 2219 default: 2220 return (0); 2221 } 2222 } 2223 2224 2225 /* 2226 * To list all the modules above a given network interface. 2227 */ 2228 /* ARGSUSED */ 2229 static int 2230 modlist(char *null, int64_t param) 2231 { 2232 int muxfd; 2233 int ipfd_lowstr; 2234 int arpfd_lowstr; 2235 int num_mods; 2236 int i; 2237 struct str_list strlist; 2238 int orig_arpid; 2239 2240 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2241 if (ip_domux2fd(&muxfd, &ipfd_lowstr, &arpfd_lowstr, 2242 &orig_arpid) < 0) { 2243 return (-1); 2244 } 2245 if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) { 2246 Perror0("cannot I_LIST to get the number of modules"); 2247 } else { 2248 if (debug > 0) { 2249 (void) printf("Listing (%d) modules above %s\n", 2250 num_mods, name); 2251 } 2252 2253 strlist.sl_nmods = num_mods; 2254 strlist.sl_modlist = malloc(sizeof (struct str_mlist) * 2255 num_mods); 2256 if (strlist.sl_modlist == NULL) { 2257 Perror0("cannot malloc"); 2258 } else { 2259 if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) { 2260 Perror0("cannot I_LIST for module names"); 2261 } else { 2262 for (i = 0; i < strlist.sl_nmods; i++) { 2263 (void) printf("%d %s\n", i, 2264 strlist.sl_modlist[i].l_name); 2265 } 2266 } 2267 free(strlist.sl_modlist); 2268 } 2269 } 2270 return (ip_plink(muxfd, ipfd_lowstr, arpfd_lowstr, orig_arpid)); 2271 } 2272 2273 #define MODINSERT_OP 'i' 2274 #define MODREMOVE_OP 'r' 2275 2276 /* 2277 * To insert a module to the stream of the interface. It is just a 2278 * wrapper. The real function is modop(). 2279 */ 2280 /* ARGSUSED */ 2281 static int 2282 modinsert(char *arg, int64_t param) 2283 { 2284 return (modop(arg, MODINSERT_OP)); 2285 } 2286 2287 /* 2288 * To remove a module from the stream of the interface. It is just a 2289 * wrapper. The real function is modop(). 2290 */ 2291 /* ARGSUSED */ 2292 static int 2293 modremove(char *arg, int64_t param) 2294 { 2295 return (modop(arg, MODREMOVE_OP)); 2296 } 2297 2298 /* 2299 * Open a stream on /dev/udp, pop off all undesired modules (note that 2300 * the user may have configured autopush to add modules above or below 2301 * udp), and push the arp module onto raw IP. 2302 */ 2303 static int 2304 open_arp_on_udp(char *udp_dev_name) 2305 { 2306 int fd; 2307 boolean_t popped; 2308 2309 if ((fd = open(udp_dev_name, O_RDWR)) == -1) { 2310 Perror2("open", udp_dev_name); 2311 return (-1); 2312 } 2313 errno = 0; 2314 popped = _B_FALSE; 2315 while (ioctl(fd, I_POP, 0) != -1) 2316 popped = _B_TRUE; 2317 if (!popped) { 2318 Perror2("cannot pop", udp_dev_name); 2319 } else if (errno != EINVAL) { 2320 Perror2("pop", udp_dev_name); 2321 } else if (ioctl(fd, I_PUSH, ARP_MOD_NAME) == -1) { 2322 Perror2("arp PUSH", udp_dev_name); 2323 } else { 2324 return (fd); 2325 } 2326 (void) close(fd); 2327 return (-1); 2328 } 2329 2330 /* 2331 * Helper function for mod*() functions. It gets a fd to the lower IP 2332 * stream and I_PUNLINK's the lower stream. It also initializes the 2333 * global variable lifr. 2334 * 2335 * Param: 2336 * int *udp_fd: (referenced) fd to /dev/udp (upper IP stream). 2337 * int *fd: (referenced) fd to the lower IP stream. 2338 * 2339 * Return: 2340 * -1 if operation fails, 0 otherwise. 2341 * 2342 * Please see the big block comment above plumb_one_device() 2343 * for the logic of the PLINK/PUNLINK 2344 */ 2345 static int 2346 ip_domux2fd(int *muxfd, int *ipfd_lowstr, int *arpfd_lowstr, int *orig_arpid) 2347 { 2348 int ip_fd; 2349 uint64_t flags; 2350 char *udp_dev_name; 2351 char *ip_dev_name; 2352 2353 *orig_arpid = 0; 2354 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2355 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2356 Perror0_exit("status: SIOCGLIFFLAGS"); 2357 } 2358 flags = lifr.lifr_flags; 2359 if (flags & IFF_IPV4) { 2360 udp_dev_name = UDP_DEV_NAME; 2361 ip_dev_name = IP_DEV_NAME; 2362 } else if (flags & IFF_IPV6) { 2363 udp_dev_name = UDP6_DEV_NAME; 2364 ip_dev_name = IP6_DEV_NAME; 2365 } else { 2366 return (-1); 2367 } 2368 2369 if ((ip_fd = open(ip_dev_name, O_RDWR)) < 0) { 2370 Perror2("open", ip_dev_name); 2371 return (-1); 2372 } 2373 if (ioctl(ip_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 2374 Perror2("SIOCGLIFMUXID", ip_dev_name); 2375 return (-1); 2376 } 2377 if (debug > 0) { 2378 (void) printf("ARP_muxid %d IP_muxid %d\n", 2379 lifr.lifr_arp_muxid, lifr.lifr_ip_muxid); 2380 } 2381 2382 if ((*muxfd = open_arp_on_udp(udp_dev_name)) == -1) 2383 return (-1); 2384 2385 if (lifr.lifr_arp_muxid != 0) { 2386 if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2387 lifr.lifr_arp_muxid)) < 0) { 2388 if ((errno == EINVAL) && 2389 (flags & (IFF_NOARP | IFF_IPV6))) { 2390 /* 2391 * Some plumbing utilities set the muxid to 2392 * -1 or some invalid value to signify that 2393 * there is no arp stream. Set the muxid to 0 2394 * before trying to unplumb the IP stream. 2395 * IP does not allow the IP stream to be 2396 * unplumbed if it sees a non-null arp muxid, 2397 * for consistency of IP-ARP streams. 2398 */ 2399 *orig_arpid = lifr.lifr_arp_muxid; 2400 lifr.lifr_arp_muxid = 0; 2401 (void) ioctl(*muxfd, SIOCSLIFMUXID, 2402 (caddr_t)&lifr); 2403 *arpfd_lowstr = -1; 2404 } else { 2405 Perror0("_I_MUXID2FD"); 2406 return (-1); 2407 } 2408 } else if (ioctl(*muxfd, I_PUNLINK, 2409 lifr.lifr_arp_muxid) < 0) { 2410 Perror2("I_PUNLINK", udp_dev_name); 2411 return (-1); 2412 } 2413 } else { 2414 *arpfd_lowstr = -1; 2415 } 2416 2417 if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2418 lifr.lifr_ip_muxid)) < 0) { 2419 Perror0("_I_MUXID2FD"); 2420 /* Undo any changes we made */ 2421 if (*orig_arpid != 0) { 2422 lifr.lifr_arp_muxid = *orig_arpid; 2423 (void) ioctl(*muxfd, SIOCSLIFMUXID, (caddr_t)&lifr); 2424 } 2425 return (-1); 2426 } 2427 if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) { 2428 Perror2("I_PUNLINK", udp_dev_name); 2429 /* Undo any changes we made */ 2430 if (*orig_arpid != 0) { 2431 lifr.lifr_arp_muxid = *orig_arpid; 2432 (void) ioctl(*muxfd, SIOCSLIFMUXID, (caddr_t)&lifr); 2433 } 2434 return (-1); 2435 } 2436 return (0); 2437 } 2438 2439 /* 2440 * Helper function for mod*() functions. It I_PLINK's back the upper and 2441 * lower IP streams. Note that this function must be called after 2442 * ip_domux2fd(). In ip_domux2fd(), the global variable lifr is initialized 2443 * and ip_plink() needs information in lifr. So ip_domux2fd() and ip_plink() 2444 * must be called in pairs. 2445 * 2446 * Param: 2447 * int udp_fd: fd to /dev/udp (upper IP stream). 2448 * int fd: fd to the lower IP stream. 2449 * 2450 * Return: 2451 * -1 if operation fails, 0 otherwise. 2452 * 2453 * Please see the big block comment above plumb_one_device() 2454 * for the logic of the PLINK/PUNLINK 2455 */ 2456 static int 2457 ip_plink(int muxfd, int ipfd_lowstr, int arpfd_lowstr, int orig_arpid) 2458 { 2459 int ip_muxid; 2460 2461 ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr); 2462 if (ip_muxid < 0) { 2463 Perror2("I_PLINK", UDP_DEV_NAME); 2464 return (-1); 2465 } 2466 2467 /* 2468 * If there is an arp stream, plink it. If there is no 2469 * arp stream, then it is possible that the plumbing 2470 * utility could have stored any value in the arp_muxid. 2471 * If so, restore it from orig_arpid. 2472 */ 2473 if (arpfd_lowstr != -1) { 2474 if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) { 2475 Perror2("I_PLINK", UDP_DEV_NAME); 2476 return (-1); 2477 } 2478 } else if (orig_arpid != 0) { 2479 /* Undo the changes we did in ip_domux2fd */ 2480 lifr.lifr_arp_muxid = orig_arpid; 2481 lifr.lifr_ip_muxid = ip_muxid; 2482 (void) ioctl(muxfd, SIOCSLIFMUXID, (caddr_t)&lifr); 2483 } 2484 2485 return (0); 2486 } 2487 2488 /* 2489 * The real function to perform module insertion/removal. 2490 * 2491 * Param: 2492 * char *arg: the argument string module_name@position 2493 * char op: operation, either MODINSERT_OP or MODREMOVE_OP. 2494 * 2495 * Return: 2496 * Before doing ip_domux2fd(), this function calls exit(1) in case of 2497 * error. After ip_domux2fd() is done, it returns -1 for error, 0 2498 * otherwise. 2499 */ 2500 static int 2501 modop(char *arg, char op) 2502 { 2503 char *pos_p; 2504 int muxfd; 2505 int ipfd_lowstr; /* IP stream (lower stream of mux) to be plinked */ 2506 int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */ 2507 struct strmodconf mod; 2508 char *at_char = "@"; 2509 char *arg_str; 2510 int orig_arpid; 2511 2512 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2513 2514 /* Need to save the original string for -a option. */ 2515 if ((arg_str = malloc(strlen(arg) + 1)) == NULL) { 2516 Perror0("cannot malloc"); 2517 return (-1); 2518 } 2519 (void) strcpy(arg_str, arg); 2520 2521 if (*arg_str == *at_char) { 2522 (void) fprintf(stderr, 2523 "ifconfig: must supply a module name\n"); 2524 exit(1); 2525 } 2526 mod.mod_name = strtok(arg_str, at_char); 2527 if (strlen(mod.mod_name) > FMNAMESZ) { 2528 (void) fprintf(stderr, "ifconfig: module name too long: %s\n", 2529 mod.mod_name); 2530 exit(1); 2531 } 2532 2533 /* 2534 * Need to make sure that the core TCP/IP stack modules are not 2535 * removed. Otherwise, "bad" things can happen. If a module 2536 * is removed and inserted back, it loses its old state. But 2537 * the modules above it still have the old state. E.g. IP assumes 2538 * fast data path while tunnel after re-inserted assumes that it can 2539 * receive M_DATA only in fast data path for which it does not have 2540 * any state. This is a general caveat of _I_REMOVE/_I_INSERT. 2541 */ 2542 if (op == MODREMOVE_OP && 2543 (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 || 2544 strcmp(mod.mod_name, IP_MOD_NAME) == 0 || 2545 strcmp(mod.mod_name, TUN_NAME) == 0 || 2546 strcmp(mod.mod_name, ATUN_NAME) == 0 || 2547 strcmp(mod.mod_name, TUN6TO4_NAME) == 0)) { 2548 (void) fprintf(stderr, "ifconfig: cannot remove %s\n", 2549 mod.mod_name); 2550 exit(1); 2551 } 2552 2553 if ((pos_p = strtok(NULL, at_char)) == NULL) { 2554 (void) fprintf(stderr, "ifconfig: must supply a position\n"); 2555 exit(1); 2556 } 2557 mod.pos = atoi(pos_p); 2558 2559 if (ip_domux2fd(&muxfd, &ipfd_lowstr, &arpfd_lowstr, 2560 &orig_arpid) < 0) { 2561 free(arg_str); 2562 return (-1); 2563 } 2564 switch (op) { 2565 case MODINSERT_OP: 2566 if (debug > 0) { 2567 (void) printf("Inserting module %s at %d\n", 2568 mod.mod_name, mod.pos); 2569 } 2570 if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) { 2571 Perror2("fail to insert module", mod.mod_name); 2572 } 2573 break; 2574 case MODREMOVE_OP: 2575 if (debug > 0) { 2576 (void) printf("Removing module %s at %d\n", 2577 mod.mod_name, mod.pos); 2578 } 2579 if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) { 2580 Perror2("fail to remove module", mod.mod_name); 2581 } 2582 break; 2583 default: 2584 /* Should never get to here. */ 2585 (void) fprintf(stderr, "Unknown operation\n"); 2586 break; 2587 } 2588 free(arg_str); 2589 return (ip_plink(muxfd, ipfd_lowstr, arpfd_lowstr, orig_arpid)); 2590 } 2591 2592 /* 2593 * Set tunnel source address 2594 */ 2595 /* ARGSUSED */ 2596 static int 2597 setiftsrc(char *addr, int64_t param) 2598 { 2599 return (settaddr(addr, icfg_set_tunnel_src)); 2600 } 2601 2602 /* 2603 * Set tunnel destination address 2604 */ 2605 /* ARGSUSED */ 2606 static int 2607 setiftdst(char *addr, int64_t param) 2608 { 2609 return (settaddr(addr, icfg_set_tunnel_dest)); 2610 } 2611 2612 /* 2613 * sets tunnels src|dst address. settaddr() expects the following: 2614 * addr: Points to a printable string containing the address to be 2615 * set, e.g. 129.153.128.110. 2616 * fn: Pointer to a libinetcfg routine that will do the actual work. 2617 * The only valid functions are icfg_set_tunnel_src and 2618 * icfg_set_tunnel_dest. 2619 */ 2620 static int 2621 settaddr(char *addr, 2622 int (*fn)(icfg_handle_t, const struct sockaddr *, socklen_t)) 2623 { 2624 icfg_handle_t handle; 2625 icfg_if_t interface; 2626 struct sockaddr_storage laddr; 2627 int lower; 2628 int rc; 2629 2630 if (strchr(name, ':') != NULL) { 2631 errno = EPERM; 2632 Perror0_exit("Tunnel params on logical interfaces"); 2633 } 2634 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2635 interface.if_protocol = SOCKET_AF(af); 2636 2637 /* Open interface. */ 2638 if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS) 2639 Perror0_exit((char *)icfg_errmsg(rc)); 2640 2641 rc = icfg_get_tunnel_lower(handle, &lower); 2642 if (rc != ICFG_SUCCESS) 2643 Perror0_exit((char *)icfg_errmsg(rc)); 2644 2645 if (lower == AF_INET) { 2646 in_getaddr(addr, (struct sockaddr *)&laddr, NULL); 2647 } else { 2648 in6_getaddr(addr, (struct sockaddr *)&laddr, NULL); 2649 } 2650 2651 /* Call fn to do the real work, and close the interface. */ 2652 rc = (*fn)(handle, (struct sockaddr *)&laddr, 2653 sizeof (struct sockaddr_storage)); 2654 icfg_close(handle); 2655 2656 if (rc != ICFG_SUCCESS) 2657 Perror0_exit((char *)icfg_errmsg(rc)); 2658 2659 return (0); 2660 } 2661 2662 /* Set tunnel encapsulation limit. */ 2663 /* ARGSUSED */ 2664 static int 2665 set_tun_encap_limit(char *arg, int64_t param) 2666 { 2667 short limit; 2668 icfg_if_t interface; 2669 icfg_handle_t handle; 2670 int rc; 2671 2672 if (strchr(name, ':') != NULL) { 2673 errno = EPERM; 2674 Perror0_exit("Tunnel params on logical interfaces"); 2675 } 2676 2677 if ((sscanf(arg, "%hd", &limit) != 1) || (limit < 0) || 2678 (limit > 255)) { 2679 errno = EINVAL; 2680 Perror0_exit("Invalid encapsulation limit"); 2681 } 2682 2683 /* Open interface for configuration. */ 2684 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2685 interface.if_protocol = SOCKET_AF(af); 2686 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2687 Perror0_exit("couldn't open interface"); 2688 2689 rc = icfg_set_tunnel_encaplimit(handle, (int)limit); 2690 icfg_close(handle); 2691 2692 if (rc != ICFG_SUCCESS) 2693 Perror0_exit("Could not configure tunnel encapsulation limit"); 2694 2695 return (0); 2696 } 2697 2698 /* Disable encapsulation limit. */ 2699 /* ARGSUSED */ 2700 static int 2701 clr_tun_encap_limit(char *arg, int64_t param) 2702 { 2703 icfg_if_t interface; 2704 icfg_handle_t handle; 2705 int rc; 2706 2707 if (strchr(name, ':') != NULL) { 2708 errno = EPERM; 2709 Perror0_exit("Tunnel params on logical interfaces"); 2710 } 2711 2712 /* Open interface for configuration. */ 2713 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2714 interface.if_protocol = SOCKET_AF(af); 2715 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2716 Perror0_exit("couldn't open interface"); 2717 2718 rc = icfg_set_tunnel_encaplimit(handle, -1); 2719 icfg_close(handle); 2720 2721 if (rc != ICFG_SUCCESS) 2722 Perror0_exit((char *)icfg_errmsg(rc)); 2723 2724 return (0); 2725 } 2726 2727 /* Set tunnel hop limit. */ 2728 /* ARGSUSED */ 2729 static int 2730 set_tun_hop_limit(char *arg, int64_t param) 2731 { 2732 unsigned short limit; 2733 icfg_if_t interface; 2734 icfg_handle_t handle; 2735 int rc; 2736 2737 if (strchr(name, ':') != NULL) { 2738 errno = EPERM; 2739 Perror0_exit("Tunnel params on logical interfaces"); 2740 } 2741 2742 /* 2743 * Check limit here since it's really only an 8-bit unsigned quantity. 2744 */ 2745 if ((sscanf(arg, "%hu", &limit) != 1) || (limit > 255)) { 2746 errno = EINVAL; 2747 Perror0_exit("Invalid hop limit"); 2748 } 2749 2750 /* Open interface for configuration. */ 2751 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2752 interface.if_protocol = SOCKET_AF(af); 2753 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2754 Perror0_exit("couldn't open interface"); 2755 2756 rc = icfg_set_tunnel_hoplimit(handle, (uint8_t)limit); 2757 icfg_close(handle); 2758 2759 if (rc != ICFG_SUCCESS) 2760 Perror0_exit("Could not configure tunnel hop limit"); 2761 2762 return (0); 2763 } 2764 2765 /* Set zone ID */ 2766 static int 2767 setzone(char *arg, int64_t param) 2768 { 2769 zoneid_t zoneid = GLOBAL_ZONEID; 2770 2771 if (param == NEXTARG) { 2772 /* zone must be active */ 2773 if ((zoneid = getzoneidbyname(arg)) == -1) { 2774 (void) fprintf(stderr, 2775 "ifconfig: unknown zone '%s'\n", arg); 2776 exit(1); 2777 } 2778 } 2779 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2780 lifr.lifr_zoneid = zoneid; 2781 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2782 Perror0_exit("SIOCSLIFZONE"); 2783 return (0); 2784 } 2785 2786 /* Put interface into all zones */ 2787 /* ARGSUSED */ 2788 static int 2789 setallzones(char *arg, int64_t param) 2790 { 2791 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2792 lifr.lifr_zoneid = ALL_ZONES; 2793 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2794 Perror0_exit("SIOCSLIFZONE"); 2795 return (0); 2796 } 2797 2798 /* Set source address to use */ 2799 /* ARGSUSED */ 2800 static int 2801 setifsrc(char *arg, int64_t param) 2802 { 2803 uint_t ifindex = 0; 2804 int rval; 2805 2806 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2807 2808 /* 2809 * Argument can be either an interface name or "none". The latter means 2810 * that any previous selection is cleared. 2811 */ 2812 2813 rval = strcmp(arg, name); 2814 if (rval == 0) { 2815 (void) fprintf(stderr, 2816 "ifconfig: Cannot specify same interface for usesrc" 2817 " group\n"); 2818 exit(1); 2819 } 2820 2821 rval = strcmp(arg, NONE_STR); 2822 if (rval != 0) { 2823 if ((ifindex = if_nametoindex(arg)) == 0) { 2824 (void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ); 2825 Perror0_exit("Could not get interface index"); 2826 } 2827 lifr.lifr_index = ifindex; 2828 } else { 2829 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0) 2830 Perror0_exit("Not a valid usesrc consumer"); 2831 lifr.lifr_index = 0; 2832 } 2833 2834 if (debug) 2835 (void) printf("setifsrc: lifr_name %s, lifr_index %d\n", 2836 lifr.lifr_name, lifr.lifr_index); 2837 2838 if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) { 2839 if (rval == 0) 2840 Perror0_exit("Cannot reset usesrc group"); 2841 else 2842 Perror0_exit("Could not set source interface"); 2843 } 2844 2845 return (0); 2846 } 2847 2848 /* 2849 * Print the interface status line associated with `ifname' 2850 */ 2851 static void 2852 ifstatus(const char *ifname) 2853 { 2854 uint64_t flags; 2855 char if_usesrc_name[LIFNAMSIZ]; 2856 char *newbuf; 2857 int n, numifs, rval = 0; 2858 struct lifreq *lifrp; 2859 struct lifsrcof lifs; 2860 2861 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2862 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2863 Perror0_exit("status: SIOCGLIFFLAGS"); 2864 } 2865 flags = lifr.lifr_flags; 2866 2867 /* 2868 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or 2869 * interfaces with IFF_IPV6 set. 2870 */ 2871 if (v4compat) { 2872 flags &= ~IFF_IPV4; 2873 if (flags & IFF_IPV6) 2874 return; 2875 } 2876 2877 (void) printf("%s: ", ifname); 2878 print_flags(flags); 2879 2880 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2881 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 2882 Perror0_exit("status: SIOCGLIFMETRIC"); 2883 } else { 2884 if (lifr.lifr_metric) 2885 (void) printf(" metric %d", lifr.lifr_metric); 2886 } 2887 if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 2888 (void) printf(" mtu %d", lifr.lifr_metric); 2889 2890 /* don't print index or zone when in compatibility mode */ 2891 if (!v4compat) { 2892 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 2893 (void) printf(" index %d", lifr.lifr_index); 2894 /* 2895 * Stack instances use GLOBAL_ZONEID for IP data structures 2896 * even in the non-global zone. 2897 */ 2898 if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 && 2899 lifr.lifr_zoneid != getzoneid() && 2900 lifr.lifr_zoneid != GLOBAL_ZONEID) { 2901 char zone_name[ZONENAME_MAX]; 2902 2903 if (lifr.lifr_zoneid == ALL_ZONES) { 2904 (void) printf("\n\tall-zones"); 2905 } else if (getzonenamebyid(lifr.lifr_zoneid, zone_name, 2906 sizeof (zone_name)) < 0) { 2907 (void) printf("\n\tzone %d", lifr.lifr_zoneid); 2908 } else { 2909 (void) printf("\n\tzone %s", zone_name); 2910 } 2911 } 2912 } 2913 2914 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) { 2915 lifs.lifs_ifindex = lifr.lifr_index; 2916 2917 /* 2918 * Find the number of interfaces that use this interfaces' 2919 * address as a source address 2920 */ 2921 lifs.lifs_buf = NULL; 2922 lifs.lifs_maxlen = 0; 2923 for (;;) { 2924 /* The first pass will give the bufsize we need */ 2925 rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs); 2926 if (rval < 0) { 2927 if (lifs.lifs_buf != NULL) { 2928 free(lifs.lifs_buf); 2929 lifs.lifs_buf = NULL; 2930 } 2931 lifs.lifs_len = 0; 2932 break; 2933 } 2934 if (lifs.lifs_len <= lifs.lifs_maxlen) 2935 break; 2936 /* Use kernel's size + a small margin to avoid loops */ 2937 lifs.lifs_maxlen = lifs.lifs_len + 2938 5 * sizeof (struct lifreq); 2939 /* For the first pass, realloc acts like malloc */ 2940 newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen); 2941 if (newbuf == NULL) { 2942 if (lifs.lifs_buf != NULL) { 2943 free(lifs.lifs_buf); 2944 lifs.lifs_buf = NULL; 2945 } 2946 lifs.lifs_len = 0; 2947 break; 2948 } 2949 lifs.lifs_buf = newbuf; 2950 } 2951 2952 2953 numifs = lifs.lifs_len / sizeof (struct lifreq); 2954 if (numifs > 0) { 2955 lifrp = lifs.lifs_req; 2956 (void) printf("\n\tsrcof"); 2957 for (n = numifs; n > 0; n--, lifrp++) { 2958 (void) printf(" %s", lifrp->lifr_name); 2959 } 2960 } 2961 2962 if (lifs.lifs_buf != NULL) 2963 free(lifs.lifs_buf); 2964 } 2965 2966 /* Find the interface whose source address this interface uses */ 2967 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 2968 if (lifr.lifr_index != 0) { 2969 if (if_indextoname(lifr.lifr_index, 2970 if_usesrc_name) == NULL) { 2971 (void) printf("\n\tusesrc ifIndex %d", 2972 lifr.lifr_index); 2973 } else { 2974 (void) printf("\n\tusesrc %s", if_usesrc_name); 2975 } 2976 } 2977 } 2978 2979 (void) putchar('\n'); 2980 } 2981 2982 2983 /* 2984 * Print the status of the interface. If an address family was 2985 * specified, show it and it only; otherwise, show them all. 2986 */ 2987 static void 2988 status(void) 2989 { 2990 struct afswtch *p = afp; 2991 uint64_t flags; 2992 2993 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2994 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2995 Perror0_exit("status: SIOCGLIFFLAGS"); 2996 } 2997 2998 flags = lifr.lifr_flags; 2999 3000 /* 3001 * Only print the interface status if the address family matches 3002 * the interface family flag. 3003 */ 3004 if (p != NULL) { 3005 if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) || 3006 ((p->af_af == AF_INET) && (flags & IFF_IPV6))) 3007 return; 3008 } 3009 3010 /* 3011 * In V4 compatibility mode, don't print IFF_IPV6 interfaces. 3012 */ 3013 if (v4compat && (flags & IFF_IPV6)) 3014 return; 3015 3016 ifstatus(name); 3017 3018 if (p != NULL) { 3019 (*p->af_status)(1, flags); 3020 } else { 3021 for (p = afs; p->af_name; p++) { 3022 (void) close(s); 3023 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 3024 /* set global af for use in p->af_status */ 3025 af = p->af_af; 3026 if (s == -1) { 3027 Perror0_exit("socket"); 3028 } 3029 (*p->af_status)(0, flags); 3030 } 3031 3032 /* 3033 * Historically, 'ether' has been an address family, 3034 * so print it here. 3035 */ 3036 print_ifether(name); 3037 } 3038 } 3039 3040 /* 3041 * Print the status of the interface in a format that can be used to 3042 * reconfigure the interface later. Code stolen from status() above. 3043 */ 3044 /* ARGSUSED */ 3045 static int 3046 configinfo(char *null, int64_t param) 3047 { 3048 struct afswtch *p = afp; 3049 uint64_t flags; 3050 char phydevname[LIFNAMSIZ]; 3051 char if_usesrc_name[LIFNAMSIZ]; 3052 char *cp; 3053 3054 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3055 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 3056 Perror0_exit("status: SIOCGLIFFLAGS"); 3057 } 3058 flags = lifr.lifr_flags; 3059 3060 if (debug) { 3061 (void) printf("configinfo: name %s flags 0x%llx af_af %d\n", 3062 name, flags, p != NULL ? p->af_af : -1); 3063 } 3064 3065 /* remove LIF component */ 3066 (void) strncpy(phydevname, name, sizeof (phydevname)); 3067 cp = strchr(phydevname, ':'); 3068 if (cp) { 3069 *cp = 0; 3070 } 3071 phydevname[sizeof (phydevname) - 1] = '\0'; 3072 3073 /* 3074 * if the interface is IPv4 3075 * if we have a IPv6 address family restriction return 3076 * so it won't print 3077 * if we are in IPv4 compatibility mode, clear out IFF_IPV4 3078 * so we don't print it. 3079 */ 3080 if (flags & IFF_IPV4) { 3081 if (p && p->af_af == AF_INET6) 3082 return (-1); 3083 if (v4compat) 3084 flags &= ~IFF_IPV4; 3085 3086 (void) printf("%s inet plumb", phydevname); 3087 } else if (flags & IFF_IPV6) { 3088 /* 3089 * else if the interface is IPv6 3090 * if we have a IPv4 address family restriction return 3091 * or we are in IPv4 compatibiltiy mode, return. 3092 */ 3093 if (p && p->af_af == AF_INET) 3094 return (-1); 3095 if (v4compat) 3096 return (-1); 3097 3098 (void) printf("%s inet6 plumb", phydevname); 3099 } 3100 3101 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3102 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 3103 Perror0_exit("configinfo: SIOCGLIFMETRIC"); 3104 } else { 3105 if (lifr.lifr_metric) 3106 (void) printf(" metric %d ", lifr.lifr_metric); 3107 } 3108 if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) && 3109 ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 3110 (void) printf(" mtu %d", lifr.lifr_metric); 3111 3112 /* don't print index when in compatibility mode */ 3113 if (!v4compat) { 3114 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 3115 (void) printf(" index %d", lifr.lifr_index); 3116 } 3117 3118 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 3119 if (lifr.lifr_index != 0) { 3120 if (if_indextoname(lifr.lifr_index, 3121 if_usesrc_name) != NULL) { 3122 (void) printf(" usesrc %s", if_usesrc_name); 3123 } 3124 } 3125 } 3126 3127 if (p != NULL) { 3128 (*p->af_configinfo)(1, flags); 3129 } else { 3130 for (p = afs; p->af_name; p++) { 3131 (void) close(s); 3132 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 3133 /* set global af for use in p->af_configinfo */ 3134 af = p->af_af; 3135 if (s == -1) { 3136 Perror0_exit("socket"); 3137 } 3138 (*p->af_configinfo)(0, flags); 3139 } 3140 } 3141 3142 (void) printf("\n"); 3143 3144 return (0); 3145 } 3146 3147 static void 3148 print_tsec(struct iftun_req *tparams) 3149 { 3150 ipsec_req_t *ipsr; 3151 3152 (void) printf("\ttunnel security settings "); 3153 /* 3154 * Deal with versioning, for now just point 3155 * an ipsec_req_t at ifta_secinfo. If versions 3156 * change, something else will overlay ifta_secinfo. 3157 */ 3158 assert(tparams->ifta_vers == IFTUN_VERSION); 3159 3160 if (tparams->ifta_flags & IFTUN_COMPLEX_SECURITY) { 3161 (void) printf("--> use 'ipsecconf -ln -i %s'", 3162 tparams->ifta_lifr_name); 3163 } else { 3164 ipsr = (ipsec_req_t *)(&tparams->ifta_secinfo); 3165 if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) { 3166 (void) printf("ah (%s) ", 3167 rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH)); 3168 } 3169 if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) { 3170 (void) printf("esp (%s", 3171 rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP)); 3172 (void) printf("/%s)", 3173 rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH)); 3174 } 3175 } 3176 (void) printf("\n"); 3177 } 3178 3179 static void 3180 tun_status(void) 3181 { 3182 icfg_if_t interface; 3183 int rc; 3184 icfg_handle_t handle; 3185 int protocol; 3186 char srcbuf[INET6_ADDRSTRLEN]; 3187 char dstbuf[INET6_ADDRSTRLEN]; 3188 boolean_t tabbed; 3189 uint8_t hoplimit; 3190 int16_t encaplimit; 3191 struct sockaddr_storage taddr; 3192 socklen_t socklen = sizeof (taddr); 3193 3194 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 3195 interface.if_protocol = SOCKET_AF(af); 3196 if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS) 3197 Perror0_exit((char *)icfg_errmsg(rc)); 3198 3199 /* 3200 * only print tunnel info for lun 0. If ioctl fails, assume 3201 * we are not a tunnel 3202 */ 3203 if (strchr(name, ':') != NULL || 3204 icfg_get_tunnel_lower(handle, &protocol) != ICFG_SUCCESS) { 3205 icfg_close(handle); 3206 return; 3207 } 3208 3209 switch (protocol) { 3210 case AF_INET: 3211 (void) printf("\tinet"); 3212 break; 3213 case AF_INET6: 3214 (void) printf("\tinet6"); 3215 break; 3216 default: 3217 Perror0_exit("\ttunnel: Illegal lower stream\n\t"); 3218 break; 3219 } 3220 3221 rc = icfg_get_tunnel_src(handle, (struct sockaddr *)&taddr, &socklen); 3222 if (rc == ICFG_NOT_SET) { 3223 (void) strlcpy(srcbuf, (protocol == AF_INET) ? "0.0.0.0" : 3224 "::", sizeof (srcbuf)); 3225 } else if (rc != ICFG_SUCCESS) { 3226 Perror0_exit((char *)icfg_errmsg(rc)); 3227 } else { 3228 rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr, 3229 srcbuf, sizeof (srcbuf)); 3230 if (rc != ICFG_SUCCESS) { 3231 Perror0_exit((char *)icfg_errmsg(rc)); 3232 } 3233 } 3234 3235 (void) printf(" tunnel src %s ", srcbuf); 3236 3237 rc = icfg_get_tunnel_dest(handle, (struct sockaddr *)&taddr, &socklen); 3238 if (rc == ICFG_NOT_SET) { 3239 (void) printf("\n"); 3240 } else { 3241 rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr, 3242 dstbuf, sizeof (dstbuf)); 3243 if (rc != ICFG_SUCCESS) { 3244 Perror0_exit((char *)icfg_errmsg(rc)); 3245 } 3246 (void) printf("tunnel dst %s\n", dstbuf); 3247 } 3248 3249 if (handle->ifh_tunnel_params != NULL && 3250 (handle->ifh_tunnel_params->ifta_flags & IFTUN_SECURITY)) 3251 print_tsec(handle->ifh_tunnel_params); 3252 3253 /* 3254 * tabbed indicates tabbed and printed. Use it tell us whether 3255 * to tab and that we've printed something here, so we need a 3256 * newline 3257 */ 3258 tabbed = _B_FALSE; 3259 3260 if (icfg_get_tunnel_hoplimit(handle, &hoplimit) == ICFG_SUCCESS) { 3261 (void) printf("\ttunnel hop limit %d ", hoplimit); 3262 tabbed = _B_TRUE; 3263 } 3264 3265 if ((protocol == AF_INET6) && 3266 (icfg_get_tunnel_encaplimit(handle, &encaplimit) == 3267 ICFG_SUCCESS)) { 3268 if (!tabbed) { 3269 (void) printf("\t"); 3270 tabbed = _B_TRUE; 3271 } 3272 if (encaplimit >= 0) { 3273 (void) printf("tunnel encapsulation limit %d", 3274 encaplimit); 3275 } else { 3276 (void) printf("tunnel encapsulation limit disabled"); 3277 } 3278 } 3279 3280 if (tabbed) 3281 (void) printf("\n"); 3282 3283 icfg_close(handle); 3284 } 3285 3286 static void 3287 in_status(int force, uint64_t flags) 3288 { 3289 struct sockaddr_in *sin, *laddr; 3290 struct sockaddr_in netmask = { AF_INET }; 3291 3292 if (debug) 3293 (void) printf("in_status(%s) flags 0x%llx\n", name, flags); 3294 3295 /* only print status for IPv4 interfaces */ 3296 if (!(flags & IFF_IPV4)) 3297 return; 3298 3299 /* if the interface is a tunnel, print the tunnel status */ 3300 tun_status(); 3301 3302 if (!(flags & IFF_NOLOCAL)) { 3303 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3304 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3305 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3306 errno == ENXIO) { 3307 if (!force) 3308 return; 3309 (void) memset(&lifr.lifr_addr, 0, 3310 sizeof (lifr.lifr_addr)); 3311 } else 3312 Perror0_exit("in_status: SIOCGLIFADDR"); 3313 } 3314 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3315 (void) printf("\tinet %s ", inet_ntoa(sin->sin_addr)); 3316 laddr = sin; 3317 } else { 3318 (void) printf("\tinet "); 3319 } 3320 3321 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3322 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3323 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3324 errno == ENXIO) { 3325 if (!force) 3326 return; 3327 (void) memset(&lifr.lifr_addr, 0, 3328 sizeof (lifr.lifr_addr)); 3329 } else { 3330 Perror0_exit("in_status: SIOCGLIFSUBNET"); 3331 } 3332 } 3333 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3334 if ((flags & IFF_NOLOCAL) || 3335 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3336 (void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr), 3337 lifr.lifr_addrlen); 3338 } 3339 if (sin->sin_family != AF_INET) { 3340 (void) printf("Wrong family: %d\n", sin->sin_family); 3341 } 3342 3343 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3344 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3345 if (errno != EADDRNOTAVAIL) 3346 Perror0_exit("in_status: SIOCGLIFNETMASK"); 3347 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3348 } else 3349 netmask.sin_addr = 3350 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3351 if (flags & IFF_POINTOPOINT) { 3352 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3353 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3354 if (errno == EADDRNOTAVAIL) 3355 (void) memset(&lifr.lifr_addr, 0, 3356 sizeof (lifr.lifr_addr)); 3357 else 3358 Perror0_exit("in_status: SIOCGLIFDSTADDR"); 3359 } 3360 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3361 (void) printf("--> %s ", inet_ntoa(sin->sin_addr)); 3362 } 3363 (void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr)); 3364 if (flags & IFF_BROADCAST) { 3365 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3366 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3367 if (errno == EADDRNOTAVAIL) 3368 (void) memset(&lifr.lifr_addr, 0, 3369 sizeof (lifr.lifr_addr)); 3370 else 3371 Perror0_exit("in_status: SIOCGLIFBRDADDR"); 3372 } 3373 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3374 if (sin->sin_addr.s_addr != 0) { 3375 (void) printf("broadcast %s", 3376 inet_ntoa(sin->sin_addr)); 3377 } 3378 } 3379 /* If there is a groupname, print it for lun 0 alone */ 3380 if (strchr(name, ':') == NULL) { 3381 (void) memset(lifr.lifr_groupname, 0, 3382 sizeof (lifr.lifr_groupname)); 3383 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) { 3384 if (strlen(lifr.lifr_groupname) > 0) { 3385 (void) printf("\n\tgroupname %s", 3386 lifr.lifr_groupname); 3387 } 3388 } 3389 } 3390 (void) putchar('\n'); 3391 } 3392 3393 static void 3394 in6_status(int force, uint64_t flags) 3395 { 3396 char abuf[INET6_ADDRSTRLEN]; 3397 struct sockaddr_in6 *sin6, *laddr6; 3398 3399 if (debug) 3400 (void) printf("in6_status(%s) flags 0x%llx\n", name, flags); 3401 3402 if (!(flags & IFF_IPV6)) 3403 return; 3404 3405 /* if the interface is a tunnel, print the tunnel status */ 3406 tun_status(); 3407 3408 if (!(flags & IFF_NOLOCAL)) { 3409 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3410 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3411 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3412 errno == ENXIO) { 3413 if (!force) 3414 return; 3415 (void) memset(&lifr.lifr_addr, 0, 3416 sizeof (lifr.lifr_addr)); 3417 } else 3418 Perror0_exit("in_status6: SIOCGLIFADDR"); 3419 } 3420 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3421 (void) printf("\tinet6 %s/%d ", 3422 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3423 abuf, sizeof (abuf)), 3424 lifr.lifr_addrlen); 3425 laddr6 = sin6; 3426 } else { 3427 (void) printf("\tinet6 "); 3428 } 3429 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3430 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3431 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3432 errno == ENXIO) { 3433 if (!force) 3434 return; 3435 (void) memset(&lifr.lifr_addr, 0, 3436 sizeof (lifr.lifr_addr)); 3437 } else 3438 Perror0_exit("in_status6: SIOCGLIFSUBNET"); 3439 } 3440 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3441 if ((flags & IFF_NOLOCAL) || 3442 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3443 (void) printf("subnet %s/%d ", 3444 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3445 abuf, sizeof (abuf)), 3446 lifr.lifr_addrlen); 3447 } 3448 if (sin6->sin6_family != AF_INET6) { 3449 (void) printf("Wrong family: %d\n", sin6->sin6_family); 3450 } 3451 if (flags & IFF_POINTOPOINT) { 3452 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3453 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3454 if (errno == EADDRNOTAVAIL) 3455 (void) memset(&lifr.lifr_addr, 0, 3456 sizeof (lifr.lifr_addr)); 3457 else 3458 Perror0_exit("in_status6: SIOCGLIFDSTADDR"); 3459 } 3460 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3461 (void) printf("--> %s ", 3462 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3463 abuf, sizeof (abuf))); 3464 } 3465 if (verbose) { 3466 (void) putchar('\n'); 3467 (void) putchar('\t'); 3468 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3469 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3470 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3471 (void) memset(&lifr.lifr_addr, 0, 3472 sizeof (lifr.lifr_addr)); 3473 else 3474 Perror0_exit("in_status6: SIOCGLIFTOKEN"); 3475 } else { 3476 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3477 (void) printf("token %s/%d ", 3478 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3479 abuf, sizeof (abuf)), 3480 lifr.lifr_addrlen); 3481 } 3482 if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) { 3483 if (errno != EINVAL) { 3484 Perror0_exit("in_status6: SIOCGLIFLNKINFO"); 3485 } 3486 } else { 3487 (void) printf("maxhops %u, reachtime %u ms, " 3488 "reachretrans %u ms, maxmtu %u ", 3489 lifr.lifr_ifinfo.lir_maxhops, 3490 lifr.lifr_ifinfo.lir_reachtime, 3491 lifr.lifr_ifinfo.lir_reachretrans, 3492 lifr.lifr_ifinfo.lir_maxmtu); 3493 } 3494 } 3495 /* If there is a groupname, print it for lun 0 alone */ 3496 if (strchr(name, ':') == NULL) { 3497 (void) memset(lifr.lifr_groupname, 0, 3498 sizeof (lifr.lifr_groupname)); 3499 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) { 3500 if (strlen(lifr.lifr_groupname) > 0) { 3501 (void) printf("\n\tgroupname %s", 3502 lifr.lifr_groupname); 3503 } 3504 } 3505 } 3506 (void) putchar('\n'); 3507 } 3508 3509 static void 3510 in_configinfo(int force, uint64_t flags) 3511 { 3512 struct sockaddr_in *sin, *laddr; 3513 struct sockaddr_in netmask = { AF_INET }; 3514 3515 if (debug) 3516 (void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags); 3517 3518 /* only configinfo info for IPv4 interfaces */ 3519 if (!(flags & IFF_IPV4)) 3520 return; 3521 3522 if (!(flags & IFF_NOLOCAL)) { 3523 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3524 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3525 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3526 errno == ENXIO) { 3527 if (!force) 3528 return; 3529 (void) memset(&lifr.lifr_addr, 0, 3530 sizeof (lifr.lifr_addr)); 3531 } else 3532 Perror0_exit("in_configinfo: SIOCGLIFADDR"); 3533 } 3534 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3535 if (get_lun(name) != 0) { 3536 (void) printf(" addif %s ", inet_ntoa(sin->sin_addr)); 3537 } else { 3538 (void) printf(" set %s ", inet_ntoa(sin->sin_addr)); 3539 } 3540 laddr = sin; 3541 } 3542 3543 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3544 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3545 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3546 errno == ENXIO) { 3547 if (!force) 3548 return; 3549 (void) memset(&lifr.lifr_addr, 0, 3550 sizeof (lifr.lifr_addr)); 3551 } else { 3552 Perror0_exit("in_configinfo: SIOCGLIFSUBNET"); 3553 } 3554 } 3555 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3556 3557 if ((flags & IFF_NOLOCAL) || 3558 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3559 (void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr), 3560 lifr.lifr_addrlen); 3561 } 3562 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3563 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3564 if (errno != EADDRNOTAVAIL) 3565 Perror0_exit("in_configinfo: SIOCGLIFNETMASK"); 3566 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3567 } else 3568 netmask.sin_addr = 3569 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3570 if (flags & IFF_POINTOPOINT) { 3571 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3572 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3573 if (errno == EADDRNOTAVAIL) 3574 (void) memset(&lifr.lifr_addr, 0, 3575 sizeof (lifr.lifr_addr)); 3576 else 3577 Perror0_exit("in_configinfo: SIOCGLIFDSTADDR"); 3578 } 3579 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3580 (void) printf(" destination %s ", inet_ntoa(sin->sin_addr)); 3581 } 3582 (void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr)); 3583 if (flags & IFF_BROADCAST) { 3584 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3585 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3586 if (errno == EADDRNOTAVAIL) 3587 (void) memset(&lifr.lifr_addr, 0, 3588 sizeof (lifr.lifr_addr)); 3589 else 3590 Perror0_exit("in_configinfo: SIOCGLIFBRDADDR"); 3591 } 3592 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3593 if (sin->sin_addr.s_addr != 0) { 3594 (void) printf(" broadcast %s ", 3595 inet_ntoa(sin->sin_addr)); 3596 } 3597 } 3598 3599 /* If there is a groupname, print it for lun 0 alone */ 3600 if (get_lun(name) == 0) { 3601 (void) memset(lifr.lifr_groupname, 0, 3602 sizeof (lifr.lifr_groupname)); 3603 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) { 3604 if (strlen(lifr.lifr_groupname) > 0) { 3605 (void) printf(" group %s ", 3606 lifr.lifr_groupname); 3607 } 3608 } 3609 } 3610 3611 /* Print flags to configure */ 3612 print_config_flags(flags); 3613 3614 /* IFF_NOARP applies to AF_INET only */ 3615 if (flags & IFF_NOARP) { 3616 (void) printf("-arp "); 3617 } 3618 } 3619 3620 static void 3621 in6_configinfo(int force, uint64_t flags) 3622 { 3623 char abuf[INET6_ADDRSTRLEN]; 3624 struct sockaddr_in6 *sin6, *laddr6; 3625 3626 if (debug) 3627 (void) printf("in6_configinfo(%s) flags 0x%llx\n", name, 3628 flags); 3629 3630 if (!(flags & IFF_IPV6)) 3631 return; 3632 3633 if (!(flags & IFF_NOLOCAL)) { 3634 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3635 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3636 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3637 errno == ENXIO) { 3638 if (!force) 3639 return; 3640 (void) memset(&lifr.lifr_addr, 0, 3641 sizeof (lifr.lifr_addr)); 3642 } else 3643 Perror0_exit("in6_configinfo: SIOCGLIFADDR"); 3644 } 3645 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3646 if (get_lun(name) != 0) { 3647 (void) printf(" addif %s/%d ", 3648 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3649 abuf, sizeof (abuf)), 3650 lifr.lifr_addrlen); 3651 } else { 3652 (void) printf(" set %s/%d ", 3653 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3654 abuf, sizeof (abuf)), 3655 lifr.lifr_addrlen); 3656 } 3657 laddr6 = sin6; 3658 } 3659 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3660 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3661 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3662 errno == ENXIO) { 3663 if (!force) 3664 return; 3665 (void) memset(&lifr.lifr_addr, 0, 3666 sizeof (lifr.lifr_addr)); 3667 } else 3668 Perror0_exit("in6_configinfo: SIOCGLIFSUBNET"); 3669 } 3670 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3671 if ((flags & IFF_NOLOCAL) || 3672 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3673 (void) printf(" subnet %s/%d ", 3674 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3675 abuf, sizeof (abuf)), 3676 lifr.lifr_addrlen); 3677 } 3678 3679 if (flags & IFF_POINTOPOINT) { 3680 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3681 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3682 if (errno == EADDRNOTAVAIL) 3683 (void) memset(&lifr.lifr_addr, 0, 3684 sizeof (lifr.lifr_addr)); 3685 else 3686 Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR"); 3687 } 3688 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3689 (void) printf(" destination %s ", 3690 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3691 abuf, sizeof (abuf))); 3692 } 3693 3694 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3695 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3696 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3697 (void) memset(&lifr.lifr_addr, 0, 3698 sizeof (lifr.lifr_addr)); 3699 else 3700 Perror0_exit("in6_configinfo: SIOCGLIFTOKEN"); 3701 } else { 3702 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3703 (void) printf(" token %s/%d ", 3704 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3705 abuf, sizeof (abuf)), 3706 lifr.lifr_addrlen); 3707 } 3708 3709 /* If there is a groupname, print it for lun 0 alone */ 3710 if (get_lun(name) == 0) { 3711 (void) memset(lifr.lifr_groupname, 0, 3712 sizeof (lifr.lifr_groupname)); 3713 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) { 3714 if (strlen(lifr.lifr_groupname) > 0) { 3715 (void) printf(" group %s ", 3716 lifr.lifr_groupname); 3717 } 3718 } 3719 } 3720 3721 /* Print flags to configure */ 3722 print_config_flags(flags); 3723 3724 /* IFF_NONUD applies to AF_INET6 only */ 3725 if (flags & IFF_NONUD) { 3726 (void) printf("-nud "); 3727 } 3728 } 3729 3730 /* ARGSUSED */ 3731 static int 3732 get_lun(char *rsrc) 3733 { 3734 char resource[LIFNAMSIZ]; 3735 char *cp; 3736 3737 (void) strcpy(resource, rsrc); 3738 3739 /* remove LIF component */ 3740 cp = strchr(resource, ':'); 3741 if (cp) { 3742 cp++; 3743 return (atoi(cp)); 3744 } 3745 3746 return (0); 3747 } 3748 3749 /* 3750 * We need to plink both the arp-device stream and the arp-ip-device stream. 3751 * However the muxid is stored only in IP. Plumbing 2 streams individually 3752 * is not atomic, and if ifconfig is killed, the resulting plumbing can 3753 * be inconsistent. For eg. if only the arp stream is plumbed, we have lost 3754 * the muxid, and the half-baked plumbing can neither be unplumbed nor 3755 * replumbed, thus requiring a reboot. To avoid the above the following 3756 * scheme is used. 3757 * 3758 * Ifconfig asks IP to enforce atomicity of plumbing the arp and IP streams. 3759 * This is done by pushing arp on to the mux (/dev/udp). ARP adds some 3760 * extra information in the I_PLINK and I_PUNLINK ioctls to let IP know 3761 * that the plumbing/unplumbing has to be done atomically. Ifconfig plumbs 3762 * the IP stream first, and unplumbs it last. The kernel (IP) does not 3763 * allow IP stream to be unplumbed without unplumbing arp stream. Similarly 3764 * it does not allow arp stream to be plumbed before IP stream is plumbed. 3765 * There is no need to use SIOCSLIFMUXID, since the whole operation is atomic, 3766 * and IP uses the info in the I_PLINK message to get the muxid. 3767 * 3768 * a. STREAMS does not allow us to use /dev/ip itself as the mux. So we use 3769 * /dev/udp[6]. 3770 * b. SIOCGLIFMUXID returns the muxid corresponding to the V4 or V6 stream 3771 * depending on the open i.e. V4 vs V6 open. So we need to use /dev/udp 3772 * or /dev/udp6. 3773 * c. We need to push ARP in order to get the required kernel support for 3774 * atomic plumbings. The actual work done by ARP is explained in arp.c 3775 * Without pushing ARP, we will still be able to plumb/unplumb. But 3776 * it is not atomic, and is supported by the kernel for backward 3777 * compatibility for other utilities like atmifconfig etc. In this case 3778 * the utility must use SIOCSLIFMUXID. 3779 */ 3780 static void 3781 plumb_one_device(dlpi_if_attr_t *diap, int ip_fd, int af) 3782 { 3783 int arp_fd = -1; 3784 int arp_muxid = -1, ip_muxid; 3785 int mux_fd; 3786 char *udp_dev_name; 3787 dlpi_if_attr_t dia; 3788 3789 if (debug) 3790 (void) printf("plumb_one_device: ifname %s, ppa %d\n", 3791 diap->ifname, diap->ppa); 3792 3793 if (diap->style == DL_STYLE2 && dlpi_detach(ip_fd, -1) < 0) 3794 Perror0_exit("dlpi_detach"); 3795 3796 if (ioctl(ip_fd, I_PUSH, IP_MOD_NAME) == -1) 3797 Perror2_exit("I_PUSH", IP_MOD_NAME); 3798 3799 /* 3800 * Push the ARP module onto the interface stream. IP uses 3801 * this to send resolution requests up to ARP. We need to 3802 * do this before the SLIFNAME ioctl is sent down because 3803 * the interface becomes publicly known as soon as the SLIFNAME 3804 * ioctl completes. Thus some other process trying to bring up 3805 * the interface after SLIFNAME but before we have pushed ARP 3806 * could hang. We pop the module again later if it is not needed. 3807 */ 3808 if (ioctl(ip_fd, I_PUSH, ARP_MOD_NAME) == -1) 3809 Perror2_exit("I_PUSH", ARP_MOD_NAME); 3810 3811 /* 3812 * Set IFF_IPV4/IFF_IPV6 flags. 3813 * At this point in time the kernel also allows an 3814 * override of the CANTCHANGE flags. 3815 */ 3816 3817 lifr.lifr_name[0] = '\0'; 3818 if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1) 3819 Perror0_exit("plumb_one_device: SIOCGLIFFLAGS"); 3820 3821 /* Set the name string and the IFF_IPV* flag */ 3822 if (af == AF_INET6) { 3823 lifr.lifr_flags |= IFF_IPV6; 3824 lifr.lifr_flags &= ~(IFF_BROADCAST | IFF_IPV4); 3825 } else { 3826 lifr.lifr_flags |= IFF_IPV4; 3827 lifr.lifr_flags &= ~IFF_IPV6; 3828 } 3829 3830 /* record the device and module names as interface name */ 3831 lifr.lifr_ppa = diap->ppa; 3832 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3833 3834 /* set the interface name */ 3835 if (ioctl(ip_fd, SIOCSLIFNAME, (char *)&lifr) == -1) { 3836 if (errno != EEXIST) 3837 Perror0_exit("SIOCSLIFNAME for ip"); 3838 /* 3839 * This difference between the way we behave for EEXIST 3840 * and that with other errors exists to preserve legacy 3841 * behaviour. Earlier when foreachinterface() and matcif() 3842 * were doing the duplicate interface name checks, for 3843 * already existing interfaces, inetplumb() returned "0". 3844 * To preserve this behaviour, Perror0() and return are 3845 * called for EEXIST. 3846 */ 3847 Perror0("SIOCSLIFNAME for ip"); 3848 return; 3849 } 3850 3851 /* Get the full set of existing flags for this stream */ 3852 if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1) 3853 Perror0_exit("plumb_one_device: SIOCFLIFFLAGS"); 3854 3855 if (debug) { 3856 (void) printf("plumb_one_device: %s got flags: \n", 3857 lifr.lifr_name); 3858 print_flags(lifr.lifr_flags); 3859 (void) putchar('\n'); 3860 } 3861 3862 /* Check if arp is not actually needed */ 3863 if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) { 3864 if (ioctl(ip_fd, I_POP, 0) == -1) 3865 Perror2_exit("I_POP", ARP_MOD_NAME); 3866 } 3867 3868 /* 3869 * Open "/dev/udp" for use as a multiplexor to PLINK the 3870 * interface stream under. We use "/dev/udp" instead of "/dev/ip" 3871 * since STREAMS will not let you PLINK a driver under itself, 3872 * and "/dev/ip" is typically the driver at the bottom of 3873 * the stream for tunneling interfaces. 3874 */ 3875 if (af == AF_INET6) 3876 udp_dev_name = UDP6_DEV_NAME; 3877 else 3878 udp_dev_name = UDP_DEV_NAME; 3879 if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1) 3880 exit(EXIT_FAILURE); 3881 3882 /* Check if arp is not needed */ 3883 if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) { 3884 /* 3885 * PLINK the interface stream so that ifconfig can exit 3886 * without tearing down the stream. 3887 */ 3888 if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) { 3889 Perror0_exit("I_PLINK for ip"); 3890 } 3891 (void) close(mux_fd); 3892 return; 3893 } 3894 3895 /* 3896 * This interface does use ARP, so set up a separate stream 3897 * from the interface to ARP. 3898 * 3899 * Note: modules specified by the user are pushed 3900 * only on the interface stream, not on the ARP stream. 3901 */ 3902 3903 if (debug) 3904 (void) printf("plumb_one_device: ifname: %s\n", 3905 diap->ifname); 3906 arp_fd = dlpi_if_open(diap->ifname, &dia, _B_FALSE); 3907 3908 if (dia.style == DL_STYLE2 && dlpi_detach(arp_fd, -1) < 0) 3909 Perror0_exit("dlpi_detach"); 3910 3911 if (ioctl(arp_fd, I_PUSH, ARP_MOD_NAME) == -1) 3912 Perror2_exit("I_PUSH", ARP_MOD_NAME); 3913 3914 /* 3915 * Tell ARP the name and unit number for this interface. 3916 * Note that arp has no support for transparent ioctls. 3917 */ 3918 if (strioctl(arp_fd, SIOCSLIFNAME, (char *)&lifr, 3919 sizeof (lifr)) == -1) { 3920 if (errno != EEXIST) 3921 Perror0_exit("SIOCSLIFNAME for arp"); 3922 Perror0("SIOCSLIFNAME for arp"); 3923 (void) close(arp_fd); 3924 (void) close(mux_fd); 3925 return; 3926 } 3927 /* 3928 * PLINK the IP and ARP streams so that ifconfig can exit 3929 * without tearing down the stream. 3930 */ 3931 if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) { 3932 Perror0_exit("I_PLINK for ip"); 3933 } 3934 if ((arp_muxid = ioctl(mux_fd, I_PLINK, arp_fd)) == -1) { 3935 (void) ioctl(mux_fd, I_PUNLINK, ip_muxid); 3936 Perror0_exit("I_PLINK for arp"); 3937 } 3938 3939 if (debug) 3940 (void) printf("arp muxid = %d\n", arp_muxid); 3941 (void) close(arp_fd); 3942 (void) close(mux_fd); 3943 } 3944 3945 3946 /* 3947 * If this is a physical interface then remove it. 3948 * If it is a logical interface name use SIOCLIFREMOVEIF to 3949 * remove it. In both cases fail if it doesn't exist. 3950 */ 3951 /* ARGSUSED */ 3952 static int 3953 inetunplumb(char *arg, int64_t param) 3954 { 3955 int ip_muxid, arp_muxid; 3956 int mux_fd; 3957 char *udp_dev_name; 3958 char *strptr; 3959 uint64_t flags; 3960 boolean_t changed_arp_muxid = _B_FALSE; 3961 int save_errno; 3962 3963 strptr = strchr(name, ':'); 3964 if (strptr != NULL || strcmp(name, LOOPBACK_IF) == 0) { 3965 /* Can't unplumb logical interface zero */ 3966 if (strptr != NULL && strcmp(strptr, ":0") == 0) { 3967 (void) fprintf(stderr, "ifconfig: unplumb:" 3968 " Cannot unplumb %s: Invalid interface\n", name); 3969 exit(1); 3970 } 3971 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3972 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3973 3974 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) 3975 Perror0_exit("unplumb: SIOCLIFREMOVEIF"); 3976 return (0); 3977 } 3978 3979 /* 3980 * We used /dev/udp or udp6 to set up the mux. So we have to use 3981 * the same now for PUNLINK also. 3982 */ 3983 if (afp->af_af == AF_INET6) 3984 udp_dev_name = UDP6_DEV_NAME; 3985 else 3986 udp_dev_name = UDP_DEV_NAME; 3987 3988 if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1) 3989 exit(EXIT_FAILURE); 3990 3991 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3992 if (ioctl(mux_fd, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 3993 Perror0_exit("unplumb: SIOCGLIFFLAGS"); 3994 } 3995 flags = lifr.lifr_flags; 3996 if (ioctl(mux_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 3997 Perror0_exit("unplumb: SIOCGLIFMUXID"); 3998 } 3999 arp_muxid = lifr.lifr_arp_muxid; 4000 ip_muxid = lifr.lifr_ip_muxid; 4001 /* 4002 * We don't have a good way of knowing whether the arp stream is 4003 * plumbed. We can't rely on IFF_NOARP because someone could 4004 * have turned it off later using "ifconfig xxx -arp". 4005 */ 4006 if (arp_muxid != 0) { 4007 if (debug) 4008 (void) printf("arp_muxid %d\n", arp_muxid); 4009 if (ioctl(mux_fd, I_PUNLINK, arp_muxid) < 0) { 4010 if ((errno == EINVAL) && 4011 (flags & (IFF_NOARP | IFF_IPV6))) { 4012 /* 4013 * Some plumbing utilities set the muxid to 4014 * -1 or some invalid value to signify that 4015 * there is no arp stream. Set the muxid to 0 4016 * before trying to unplumb the IP stream. 4017 * IP does not allow the IP stream to be 4018 * unplumbed if it sees a non-null arp muxid, 4019 * for consistency of IP-ARP streams. 4020 */ 4021 lifr.lifr_arp_muxid = 0; 4022 (void) ioctl(mux_fd, SIOCSLIFMUXID, 4023 (caddr_t)&lifr); 4024 changed_arp_muxid = _B_TRUE; 4025 } else { 4026 Perror0("I_PUNLINK for arp"); 4027 } 4028 } 4029 } 4030 if (debug) 4031 (void) printf("ip_muxid %d\n", ip_muxid); 4032 4033 if (ioctl(mux_fd, I_PUNLINK, ip_muxid) < 0) { 4034 if (changed_arp_muxid) { 4035 /* 4036 * Some error occurred, and we need to restore 4037 * everything back to what it was. 4038 */ 4039 save_errno = errno; 4040 lifr.lifr_arp_muxid = arp_muxid; 4041 lifr.lifr_ip_muxid = ip_muxid; 4042 (void) ioctl(mux_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 4043 errno = save_errno; 4044 } 4045 Perror0_exit("I_PUNLINK for ip"); 4046 } 4047 (void) close(mux_fd); 4048 return (0); 4049 } 4050 4051 /* 4052 * If this is a physical interface then create it unless it is already 4053 * present. If it is a logical interface name use SIOCLIFADDIF to 4054 * create and (and fail it if already exists.) 4055 * As a special case send SIOCLIFADDIF for the loopback interface. This 4056 * is needed since there is no other notion of plumbing the loopback 4057 * interface. 4058 */ 4059 /* ARGSUSED */ 4060 static int 4061 inetplumb(char *arg, int64_t param) 4062 { 4063 char *strptr; 4064 int dev_fd; 4065 dlpi_if_attr_t dia; 4066 boolean_t islo; 4067 zoneid_t zoneid; 4068 4069 strptr = strchr(name, ':'); 4070 islo = (strcmp(name, LOOPBACK_IF) == 0); 4071 4072 if (strptr != NULL || islo) { 4073 (void) memset(&lifr, 0, sizeof (lifr)); 4074 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4075 if (islo && ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) { 4076 if (debug) { 4077 (void) fprintf(stderr, 4078 "ifconfig: %s already exists\n", name); 4079 } 4080 return (0); 4081 } 4082 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) { 4083 if (errno == EEXIST) { 4084 if (debug) { 4085 (void) fprintf(stderr, 4086 "ifconfig: %s already exists\n", 4087 name); 4088 } 4089 } else { 4090 Perror2_exit("plumb: SIOCLIFADDIF", name); 4091 } 4092 } 4093 /* 4094 * IP can create the new logical interface on a different 4095 * physical interface in the same IPMP group. Take the new 4096 * interface into account for further operations. 4097 */ 4098 (void) strncpy(name, lifr.lifr_name, sizeof (name)); 4099 return (0); 4100 } 4101 4102 /* 4103 * For global zone, check if the interface is used by a non-global 4104 * zone, note that the non-global zones doesn't need this check, 4105 * because zoneadm has taken care of this when the zone boots. 4106 */ 4107 zoneid = getzoneid(); 4108 if (zoneid == GLOBAL_ZONEID) { 4109 int ret; 4110 4111 zoneid = ALL_ZONES; 4112 ret = zone_check_datalink(&zoneid, name); 4113 if (ret == 0) { 4114 char zonename[ZONENAME_MAX]; 4115 4116 (void) getzonenamebyid(zoneid, zonename, ZONENAME_MAX); 4117 (void) fprintf(stderr, "%s is used by non-global" 4118 "zone: %s\n", name, zonename); 4119 return (1); 4120 } 4121 } 4122 4123 if (debug) 4124 (void) printf("inetplumb: %s af %d\n", name, afp->af_af); 4125 4126 if ((dev_fd = dlpi_if_open(name, &dia, _B_FALSE)) < 0) { 4127 Perror2_exit("plumb", name); 4128 /* NOTREACHED */ 4129 } 4130 4131 plumb_one_device(&dia, dev_fd, afp->af_af); 4132 (void) close(dev_fd); 4133 return (0); 4134 } 4135 4136 void 4137 Perror0(char *cmd) 4138 { 4139 int save_errno; 4140 4141 save_errno = errno; 4142 (void) fprintf(stderr, "ifconfig: "); 4143 errno = save_errno; 4144 switch (errno) { 4145 4146 case ENXIO: 4147 (void) fprintf(stderr, "%s: %s: no such interface\n", 4148 cmd, lifr.lifr_name); 4149 break; 4150 4151 case EPERM: 4152 (void) fprintf(stderr, "%s: %s: permission denied\n", 4153 cmd, lifr.lifr_name); 4154 break; 4155 4156 case EEXIST: 4157 (void) fprintf(stderr, "%s: %s: already exists\n", 4158 cmd, lifr.lifr_name); 4159 break; 4160 4161 default: { 4162 char buf[BUFSIZ]; 4163 4164 (void) snprintf(buf, sizeof (buf), "%s: %s", 4165 cmd, lifr.lifr_name); 4166 perror(buf); 4167 } 4168 } 4169 } 4170 4171 void 4172 Perror0_exit(char *cmd) 4173 { 4174 Perror0(cmd); 4175 exit(1); 4176 /* NOTREACHED */ 4177 } 4178 4179 void 4180 Perror2(char *cmd, char *str) 4181 { 4182 int save_errno; 4183 4184 save_errno = errno; 4185 (void) fprintf(stderr, "ifconfig: "); 4186 errno = save_errno; 4187 switch (errno) { 4188 4189 case ENXIO: 4190 (void) fprintf(stderr, "%s: %s: no such interface\n", 4191 cmd, str); 4192 break; 4193 4194 case EPERM: 4195 (void) fprintf(stderr, "%s: %s: permission denied\n", 4196 cmd, str); 4197 break; 4198 4199 default: { 4200 char buf[BUFSIZ]; 4201 4202 (void) snprintf(buf, sizeof (buf), "%s: %s", cmd, str); 4203 perror(buf); 4204 } 4205 } 4206 } 4207 4208 /* 4209 * Print out error message (Perror2()) and exit 4210 */ 4211 void 4212 Perror2_exit(char *cmd, char *str) 4213 { 4214 Perror2(cmd, str); 4215 exit(1); 4216 /* NOTREACHED */ 4217 } 4218 4219 /* 4220 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4221 * pass out <n> in *plenp. 4222 * If <n> doesn't parse return BAD_ADDR as *plenp. 4223 * If no /<n> is present return NO_PREFIX as *plenp. 4224 */ 4225 static void 4226 in_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4227 { 4228 /* LINTED: alignment */ 4229 struct sockaddr_in *sin = (struct sockaddr_in *)saddr; 4230 struct hostent *hp; 4231 struct netent *np; 4232 char str[BUFSIZ]; 4233 int error_num; 4234 4235 (void) strncpy(str, s, sizeof (str)); 4236 4237 /* 4238 * Look for '/'<n> is plenp 4239 */ 4240 if (plenp != NULL) { 4241 char *cp; 4242 4243 *plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS); 4244 if (*plenp == BAD_ADDR) 4245 return; 4246 cp = strchr(str, '/'); 4247 if (cp != NULL) 4248 *cp = '\0'; 4249 } else if (strchr(str, '/') != NULL) { 4250 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4251 exit(1); 4252 } 4253 4254 (void) memset(sin, 0, sizeof (*sin)); 4255 4256 /* 4257 * Try to catch attempts to set the broadcast address to all 1's. 4258 */ 4259 if (strcmp(str, "255.255.255.255") == 0 || 4260 (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) { 4261 sin->sin_family = AF_INET; 4262 sin->sin_addr.s_addr = 0xffffffff; 4263 return; 4264 } 4265 4266 hp = getipnodebyname(str, AF_INET, 0, &error_num); 4267 if (hp) { 4268 sin->sin_family = hp->h_addrtype; 4269 (void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length); 4270 freehostent(hp); 4271 return; 4272 } 4273 np = getnetbyname(str); 4274 if (np) { 4275 sin->sin_family = np->n_addrtype; 4276 sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY); 4277 return; 4278 } 4279 if (error_num == TRY_AGAIN) { 4280 (void) fprintf(stderr, "ifconfig: %s: bad address " 4281 "(try again later)\n", s); 4282 } else { 4283 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4284 } 4285 exit(1); 4286 } 4287 4288 /* 4289 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4290 * pass out <n> in *plenp. 4291 * If <n> doesn't parse return BAD_ADDR as *plenp. 4292 * If no /<n> is present return NO_PREFIX as *plenp. 4293 */ 4294 static void 4295 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4296 { 4297 /* LINTED: alignment */ 4298 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr; 4299 struct hostent *hp; 4300 char str[BUFSIZ]; 4301 int error_num; 4302 4303 (void) strncpy(str, s, sizeof (str)); 4304 4305 /* 4306 * Look for '/'<n> is plenp 4307 */ 4308 if (plenp != NULL) { 4309 char *cp; 4310 4311 *plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS); 4312 if (*plenp == BAD_ADDR) 4313 return; 4314 cp = strchr(str, '/'); 4315 if (cp != NULL) 4316 *cp = '\0'; 4317 } else if (strchr(str, '/') != NULL) { 4318 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4319 exit(1); 4320 } 4321 4322 (void) memset(sin6, 0, sizeof (*sin6)); 4323 4324 hp = getipnodebyname(str, AF_INET6, 0, &error_num); 4325 if (hp) { 4326 sin6->sin6_family = hp->h_addrtype; 4327 (void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length); 4328 freehostent(hp); 4329 return; 4330 } 4331 if (error_num == TRY_AGAIN) { 4332 (void) fprintf(stderr, "ifconfig: %s: bad address " 4333 "(try again later)\n", s); 4334 } else { 4335 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4336 } 4337 exit(1); 4338 } 4339 4340 /* 4341 * If "slash" is zero this parses the whole string as 4342 * an integer. With "slash" non zero it parses the tail part as an integer. 4343 * 4344 * If it is not a valid integer this returns BAD_ADDR. 4345 * If there is /<n> present this returns NO_PREFIX. 4346 */ 4347 static int 4348 in_getprefixlen(char *addr, boolean_t slash, int max_plen) 4349 { 4350 int prefixlen; 4351 char *str, *end; 4352 4353 if (slash) { 4354 str = strchr(addr, '/'); 4355 if (str == NULL) 4356 return (NO_PREFIX); 4357 str++; 4358 } else 4359 str = addr; 4360 4361 prefixlen = strtol(str, &end, 10); 4362 if (prefixlen < 0) 4363 return (BAD_ADDR); 4364 if (str == end) 4365 return (BAD_ADDR); 4366 if (max_plen != 0 && max_plen < prefixlen) 4367 return (BAD_ADDR); 4368 return (prefixlen); 4369 } 4370 4371 /* 4372 * Convert a prefix length to a mask. 4373 * Returns 1 if ok. 0 otherwise. 4374 * Assumes the mask array is zero'ed by the caller. 4375 */ 4376 static boolean_t 4377 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask) 4378 { 4379 if (prefixlen < 0 || prefixlen > maxlen) 4380 return (0); 4381 4382 while (prefixlen > 0) { 4383 if (prefixlen >= 8) { 4384 *mask++ = 0xFF; 4385 prefixlen -= 8; 4386 continue; 4387 } 4388 *mask |= 1 << (8 - prefixlen); 4389 prefixlen--; 4390 } 4391 return (1); 4392 } 4393 4394 static void 4395 print_flags(uint64_t flags) 4396 { 4397 boolean_t first = _B_TRUE; 4398 int cnt, i; 4399 4400 (void) printf("flags=%llx", flags); 4401 cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t); 4402 for (i = 0; i < cnt; i++) { 4403 if (flags & if_flags_tbl[i].iff_value) { 4404 if (first) { 4405 (void) printf("<"); 4406 first = _B_FALSE; 4407 } else { 4408 /* 4409 * It has to be here and not with the 4410 * printf below because for the last one, 4411 * we don't want a comma before the ">". 4412 */ 4413 (void) printf(","); 4414 } 4415 (void) printf("%s", if_flags_tbl[i].iff_name); 4416 } 4417 } 4418 if (!first) 4419 (void) printf(">"); 4420 } 4421 4422 static void 4423 print_config_flags(uint64_t flags) 4424 { 4425 int cnt, i; 4426 4427 cnt = sizeof (if_config_cmd_tbl) / sizeof (if_config_cmd_t); 4428 for (i = 0; i < cnt; i++) { 4429 if (flags & if_config_cmd_tbl[i].iff_flag) { 4430 (void) printf("%s ", if_config_cmd_tbl[i].iff_name); 4431 } 4432 } 4433 } 4434 4435 /* 4436 * Use the configured directory lookup mechanism (e.g. files/NIS/NIS+/...) 4437 * to find the network mask. Returns true if we found one to set. 4438 * 4439 * The parameter addr_set controls whether we should get the address of 4440 * the working interface for the netmask query. If addr_set is true, 4441 * we will use the address provided. Otherwise, we will find the working 4442 * interface's address and use it instead. 4443 */ 4444 static boolean_t 4445 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set) 4446 { 4447 struct sockaddr_in ifaddr; 4448 4449 /* 4450 * Read the address from the interface if it is not passed in. 4451 */ 4452 if (!addr_set) { 4453 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4454 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 4455 if (errno != EADDRNOTAVAIL) { 4456 (void) fprintf(stderr, "Need net number for " 4457 "mask\n"); 4458 } 4459 return (_B_FALSE); 4460 } 4461 ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr); 4462 } else { 4463 ifaddr.sin_addr = saddr->sin_addr; 4464 } 4465 if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) { 4466 saddr->sin_family = AF_INET; 4467 return (_B_TRUE); 4468 } 4469 return (_B_FALSE); 4470 } 4471 4472 static int 4473 strioctl(int s, int cmd, char *buf, int buflen) 4474 { 4475 struct strioctl ioc; 4476 4477 (void) memset(&ioc, 0, sizeof (ioc)); 4478 ioc.ic_cmd = cmd; 4479 ioc.ic_timout = 0; 4480 ioc.ic_len = buflen; 4481 ioc.ic_dp = buf; 4482 return (ioctl(s, I_STR, (char *)&ioc)); 4483 } 4484 4485 static void 4486 add_ni(char *name) 4487 { 4488 ni_t **pp; 4489 ni_t *p; 4490 4491 for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) { 4492 if (strcmp(p->ni_name, name) == 0) { 4493 if (debug > 2) 4494 (void) fprintf(stderr, "'%s' is a duplicate\n", 4495 name); 4496 return; 4497 } 4498 } 4499 4500 if (debug > 2) 4501 (void) fprintf(stderr, "adding '%s'\n", 4502 name); 4503 4504 if ((p = malloc(sizeof (ni_t))) == NULL) 4505 return; 4506 4507 (void) strlcpy(p->ni_name, name, sizeof (p->ni_name)); 4508 p->ni_next = NULL; 4509 4510 *pp = p; 4511 num_ni++; 4512 } 4513 4514 /* ARGSUSED2 */ 4515 static int 4516 devfs_entry(di_node_t node, di_minor_t minor, void *arg) 4517 { 4518 char *provider; 4519 int fd; 4520 uint_t ppa; 4521 dl_info_ack_t dlia; 4522 char ifname[LIFNAMSIZ]; 4523 4524 provider = di_minor_name(minor); 4525 4526 if (strlen(provider) > LIFNAMSIZ) 4527 return (DI_WALK_CONTINUE); 4528 4529 if (debug > 2) 4530 fprintf(stderr, "provider = %s\n", provider); 4531 4532 if ((fd = dlpi_open(provider)) < 0) 4533 return (DI_WALK_CONTINUE); 4534 4535 if (debug > 2) 4536 fprintf(stderr, "getting DL_INFO_ACK\n"); 4537 4538 if (dlpi_info(fd, -1, &dlia, NULL, NULL, NULL, NULL, NULL, NULL) < 0) 4539 goto done; 4540 4541 if (dlia.dl_provider_style == DL_STYLE1) { 4542 if (debug > 2) 4543 fprintf(stderr, "provider is DL_STYLE1\n"); 4544 add_ni(provider); 4545 goto done; 4546 } 4547 4548 if (debug > 2) 4549 fprintf(stderr, "provider is DL_STYLE2\n"); 4550 4551 if (di_minor_type(minor) != DDM_ALIAS) { 4552 if (debug > 2) 4553 (void) fprintf(stderr, 4554 "non-alias node, ignoring\n"); 4555 goto done; 4556 } 4557 4558 if (debug > 2) 4559 (void) fprintf(stderr, 4560 "alias node, using instance\n"); 4561 ppa = di_instance(node); 4562 4563 if (dlpi_attach(fd, -1, ppa) < 0) { 4564 if (debug > 2) 4565 (void) fprintf(stderr, 4566 "non-existent PPA, ignoring\n"); 4567 goto done; 4568 } 4569 4570 (void) snprintf(ifname, LIFNAMSIZ, "%s%d", provider, ppa); 4571 add_ni(ifname); 4572 4573 done: 4574 (void) dlpi_close(fd); 4575 return (DI_WALK_CONTINUE); 4576 } 4577 4578 /* 4579 * dhcp-related routines 4580 */ 4581 4582 static int 4583 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[]) 4584 { 4585 dhcp_ipc_request_t *request; 4586 dhcp_ipc_reply_t *reply = NULL; 4587 int timeout = DHCP_IPC_WAIT_DEFAULT; 4588 dhcp_ipc_type_t type = DHCP_START; 4589 int error; 4590 boolean_t is_primary = _B_FALSE; 4591 boolean_t started = _B_FALSE; 4592 4593 for (argv++; --argc > 0; argv++) { 4594 4595 if (strcmp(*argv, "primary") == 0) { 4596 is_primary = _B_TRUE; 4597 continue; 4598 } 4599 4600 if (strcmp(*argv, "wait") == 0) { 4601 if (--argc <= 0) { 4602 usage(); 4603 return (DHCP_EXIT_BADARGS); 4604 } 4605 argv++; 4606 4607 if (strcmp(*argv, "forever") == 0) { 4608 timeout = DHCP_IPC_WAIT_FOREVER; 4609 continue; 4610 } 4611 4612 if (sscanf(*argv, "%d", &timeout) != 1) { 4613 usage(); 4614 return (DHCP_EXIT_BADARGS); 4615 } 4616 4617 if (timeout < 0) { 4618 usage(); 4619 return (DHCP_EXIT_BADARGS); 4620 } 4621 continue; 4622 } 4623 4624 type = dhcp_string_to_request(*argv); 4625 if (type == -1) { 4626 usage(); 4627 return (DHCP_EXIT_BADARGS); 4628 } 4629 } 4630 4631 /* 4632 * Only try to start agent on start or inform; in all other cases it 4633 * has to already be running for anything to make sense. 4634 */ 4635 if (type == DHCP_START || type == DHCP_INFORM) { 4636 if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) { 4637 (void) fprintf(stderr, "%s: unable to start %s\n", 4638 caller, DHCP_AGENT_PATH); 4639 return (DHCP_EXIT_FAILURE); 4640 } 4641 started = _B_TRUE; 4642 } 4643 4644 if (is_primary) 4645 type |= DHCP_PRIMARY; 4646 4647 if (af != AF_INET) 4648 type |= DHCP_V6; 4649 4650 request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE); 4651 if (request == NULL) { 4652 (void) fprintf(stderr, "%s: out of memory\n", caller); 4653 return (DHCP_EXIT_SYSTEM); 4654 } 4655 4656 error = dhcp_ipc_make_request(request, &reply, timeout); 4657 if (error != 0) { 4658 free(request); 4659 /* 4660 * Re-map connect error to not under control if we didn't try a 4661 * start operation, as this has to be true and results in a 4662 * clearer message, not to mention preserving compatibility 4663 * with the days when we always started dhcpagent for every 4664 * request. 4665 */ 4666 if (error == DHCP_IPC_E_CONNECT && !started) 4667 error = DHCP_IPC_E_UNKIF; 4668 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4669 dhcp_ipc_strerror(error)); 4670 return (DHCP_EXIT_FAILURE); 4671 } 4672 4673 error = reply->return_code; 4674 if (error != 0) { 4675 free(request); 4676 free(reply); 4677 4678 if (error == DHCP_IPC_E_TIMEOUT && timeout == 0) 4679 return (DHCP_EXIT_SUCCESS); 4680 4681 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4682 dhcp_ipc_strerror(error)); 4683 4684 if (error == DHCP_IPC_E_TIMEOUT) 4685 return (DHCP_EXIT_TIMEOUT); 4686 else 4687 return (DHCP_EXIT_IF_FAILURE); 4688 } 4689 4690 if (DHCP_IPC_CMD(type) == DHCP_STATUS) { 4691 (void) printf("%s", dhcp_status_hdr_string()); 4692 (void) printf("%s", dhcp_status_reply_to_string(reply)); 4693 } 4694 4695 free(request); 4696 free(reply); 4697 return (DHCP_EXIT_SUCCESS); 4698 } 4699 4700 static void 4701 usage(void) 4702 { 4703 (void) fprintf(stderr, 4704 "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n"); 4705 4706 (void) fprintf(stderr, "%s", 4707 "\t[ <addr_family> ]\n" 4708 "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n" 4709 "\t[ set [ <address>][/<prefix_length>] ]" 4710 " [ <address>/<prefix_length>] ]\n" 4711 "\t[ destination <dest_address> ]\n" 4712 "\t[ addif <address>[/<prefix_length>]" 4713 " [ <dest_address> ] ]\n" 4714 "\t[ removeif <address>[/<prefix_length>] ]\n" 4715 "\t[ arp | -arp ]\n" 4716 "\t[ auto-revarp ]\n" 4717 "\t[ broadcast <broad_addr> ]\n" 4718 "\t[ index <if_index> ]\n" 4719 "\t[ metric <n> ] [ mtu <n> ]\n" 4720 "\t[ netmask <mask> ]\n" 4721 "\t[ plumb ] [ unplumb ]\n" 4722 "\t[ preferred | -preferred ]\n" 4723 "\t[ private | -private ]\n" 4724 "\t[ local | -local ]\n" 4725 "\t[ router | -router ]\n" 4726 "\t[ subnet <subnet_address>]\n" 4727 "\t[ trailers | -trailers ]\n" 4728 "\t[ token <address>/<prefix_length> ]\n" 4729 "\t[ tsrc <tunnel_src_address> ]\n" 4730 "\t[ tdst <tunnel_dest_address> ]\n" 4731 "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n" 4732 "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n" 4733 "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n" 4734 "\t[ up ] [ down ]\n" 4735 "\t[ xmit | -xmit ]\n" 4736 "\t[ modlist ]\n" 4737 "\t[ modinsert <module_name@position> ]\n" 4738 "\t[ modremove <module_name@position> ]\n" 4739 "\t[ group <groupname>] | [ group \"\"]\n" 4740 "\t[ deprecated | -deprecated ]\n" 4741 "\t[ standby | -standby ]\n" 4742 "\t[ failover | -failover ]\n" 4743 "\t[ zone <zonename> | -zone ]\n" 4744 "\t[ usesrc <interface> ]\n" 4745 "\t[ all-zones ]\n"); 4746 4747 (void) fprintf(stderr, "or\n"); 4748 (void) fprintf(stderr, 4749 "\tifconfig <interface> | -a[ 4 | 6 | D ] [ u | d ]\n"); 4750 4751 (void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n" 4752 "\t[ wait <time> | forever ]\n\t[ primary ]\n" 4753 "\tstart | drop | ping | release | status | inform\n"); 4754 } 4755