1 /* 2 * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. 3 * Copyright 2012, Daniil Lunev. All rights reserved. 4 * Copyright 2014, OmniTI Computer Consulting, Inc. All rights reserved. 5 */ 6 /* 7 * Copyright (c) 1983 Regents of the University of California. 8 * All rights reserved. The Berkeley software License Agreement 9 * specifies the terms and conditions for redistribution. 10 */ 11 12 #include "defs.h" 13 #include "strings.h" 14 #include "ifconfig.h" 15 #include <compat.h> 16 #include <libdlpi.h> 17 #include <libdllink.h> 18 #include <libdliptun.h> 19 #include <libdllink.h> 20 #include <inet/ip.h> 21 #include <inet/ipsec_impl.h> 22 #include <libipadm.h> 23 #include <ifaddrs.h> 24 #include <libsocket_priv.h> 25 26 #define LOOPBACK_IF "lo0" 27 #define NONE_STR "none" 28 #define ARP_MOD_NAME "arp" 29 #define LIFC_DEFAULT (LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES |\ 30 LIFC_UNDER_IPMP) 31 32 typedef struct if_flags { 33 uint64_t iff_value; 34 char *iff_name; 35 } if_flags_t; 36 37 static if_flags_t if_flags_tbl[] = { 38 { IFF_UP, "UP" }, 39 { IFF_BROADCAST, "BROADCAST" }, 40 { IFF_DEBUG, "DEBUG" }, 41 { IFF_LOOPBACK, "LOOPBACK" }, 42 { IFF_POINTOPOINT, "POINTOPOINT" }, 43 { IFF_NOTRAILERS, "NOTRAILERS" }, 44 { IFF_RUNNING, "RUNNING" }, 45 { IFF_NOARP, "NOARP" }, 46 { IFF_PROMISC, "PROMISC" }, 47 { IFF_ALLMULTI, "ALLMULTI" }, 48 { IFF_INTELLIGENT, "INTELLIGENT" }, 49 { IFF_MULTICAST, "MULTICAST" }, 50 { IFF_MULTI_BCAST, "MULTI_BCAST" }, 51 { IFF_UNNUMBERED, "UNNUMBERED" }, 52 { IFF_DHCPRUNNING, "DHCP" }, 53 { IFF_PRIVATE, "PRIVATE" }, 54 { IFF_NOXMIT, "NOXMIT" }, 55 { IFF_NOLOCAL, "NOLOCAL" }, 56 { IFF_DEPRECATED, "DEPRECATED" }, 57 { IFF_ADDRCONF, "ADDRCONF" }, 58 { IFF_ROUTER, "ROUTER" }, 59 { IFF_NONUD, "NONUD" }, 60 { IFF_ANYCAST, "ANYCAST" }, 61 { IFF_NORTEXCH, "NORTEXCH" }, 62 { IFF_IPV4, "IPv4" }, 63 { IFF_IPV6, "IPv6" }, 64 { IFF_NOFAILOVER, "NOFAILOVER" }, 65 { IFF_FAILED, "FAILED" }, 66 { IFF_STANDBY, "STANDBY" }, 67 { IFF_INACTIVE, "INACTIVE" }, 68 { IFF_OFFLINE, "OFFLINE" }, 69 { IFF_XRESOLV, "XRESOLV" }, 70 { IFF_COS_ENABLED, "CoS" }, 71 { IFF_PREFERRED, "PREFERRED" }, 72 { IFF_TEMPORARY, "TEMPORARY" }, 73 { IFF_FIXEDMTU, "FIXEDMTU" }, 74 { IFF_VIRTUAL, "VIRTUAL" }, 75 { IFF_DUPLICATE, "DUPLICATE" }, 76 { IFF_IPMP, "IPMP"}, 77 { IFF_VRRP, "VRRP"}, 78 { IFF_NOACCEPT, "NOACCEPT"}, 79 { IFF_L3PROTECT, "L3PROTECT"} 80 }; 81 82 typedef struct { 83 const char *ia_app; 84 uint64_t ia_flag; 85 uint_t ia_tries; 86 } if_appflags_t; 87 88 static const if_appflags_t if_appflags_tbl[] = { 89 { "dhcpagent(1M)", IFF_DHCPRUNNING, 1 }, 90 { "in.ndpd(1M)", IFF_ADDRCONF, 3 }, 91 { NULL, 0, 0 } 92 }; 93 94 static dladm_handle_t dlh; 95 boolean_t dlh_opened; 96 static struct lifreq lifr; 97 /* current interface name a particular function is accessing */ 98 static char name[LIFNAMSIZ]; 99 /* foreach interface saved name */ 100 static char origname[LIFNAMSIZ]; 101 static int setaddr; 102 static boolean_t setaddr_done = _B_FALSE; 103 static boolean_t ipsec_policy_set; 104 static boolean_t ipsec_auth_covered; 105 static ipadm_handle_t iph; 106 static ipadm_addrobj_t ipaddr; 107 108 /* 109 * Make sure the algorithm variables hold more than the sizeof an algorithm 110 * in PF_KEY. (For now, more than a uint8_t.) The NO_***_?ALG indicates that 111 * there was no algorithm requested, and in the ipsec_req that service should 112 * be disabled. (E.g. if ah_aalg remains NO_AH_AALG, then AH will be 113 * disabled on that tunnel.) 114 */ 115 #define NO_AH_AALG 256 116 #define NO_ESP_AALG 256 117 #define NO_ESP_EALG 256 118 119 int s, s4, s6; 120 int af = AF_INET; /* default address family */ 121 int debug = 0; 122 int all = 0; /* setifdhcp() needs to know this */ 123 int verbose = 0; 124 int v4compat = 0; /* Compatible printing format */ 125 126 /* 127 * Function prototypes for command functions. 128 */ 129 static int addif(char *arg, int64_t param); 130 static int inetipmp(char *arg, int64_t param); 131 static int inetplumb(char *arg, int64_t param); 132 static int inetunplumb(char *arg, int64_t param); 133 static int removeif(char *arg, int64_t param); 134 static int setdebugflag(char *arg, int64_t param); 135 static int setifaddr(char *arg, int64_t param); 136 static int setifbroadaddr(char *arg, int64_t param); 137 static int setifdstaddr(char *arg, int64_t param); 138 static int setifether(char *arg, int64_t param); 139 static int setifflags(char *arg, int64_t param); 140 static int setifindex(char *arg, int64_t param); 141 static int setifmetric(char *arg, int64_t param); 142 static int setifmtu(char *arg, int64_t param); 143 static int setifnetmask(char *arg, int64_t param); 144 static int setifprefixlen(char *arg, int64_t param); 145 static int setifrevarp(char *arg, int64_t param); 146 static int setifsubnet(char *arg, int64_t param); 147 static int setiftdst(char *arg, int64_t param); 148 static int setiftoken(char *arg, int64_t param); 149 static int setiftsrc(char *arg, int64_t param); 150 static int setverboseflag(char *arg, int64_t param); 151 static int set_tun_ah_alg(char *arg, int64_t param); 152 static int set_tun_esp_auth_alg(char *arg, int64_t param); 153 static int set_tun_esp_encr_alg(char *arg, int64_t param); 154 static int modlist(char *arg, int64_t param); 155 static int modinsert(char *arg, int64_t param); 156 static int modremove(char *arg, int64_t param); 157 static int setifgroupname(char *arg, int64_t param); 158 static int configinfo(char *arg, int64_t param); 159 static void print_config_flags(int af, uint64_t flags); 160 static void print_flags(uint64_t flags); 161 static void print_ifether(const char *ifname); 162 static int set_tun_encap_limit(char *arg, int64_t param); 163 static int clr_tun_encap_limit(char *arg, int64_t param); 164 static int set_tun_hop_limit(char *arg, int64_t param); 165 static int setzone(char *arg, int64_t param); 166 static int setallzones(char *arg, int64_t param); 167 static int setifsrc(char *arg, int64_t param); 168 static int lifnum(const char *ifname); 169 static void plumball(int, char **, int64_t, int64_t, int64_t); 170 171 /* 172 * Address family specific function prototypes. 173 */ 174 static void in_getaddr(char *s, struct sockaddr *saddr, int *plenp); 175 static void in_status(int force, uint64_t flags); 176 static void in_configinfo(int force, uint64_t flags); 177 static void in6_getaddr(char *s, struct sockaddr *saddr, int *plenp); 178 static void in6_status(int force, uint64_t flags); 179 static void in6_configinfo(int force, uint64_t flags); 180 181 /* 182 * Misc support functions 183 */ 184 static boolean_t ni_entry(const char *, void *); 185 static void foreachinterface(int argc, char *argv[], 186 int af, int64_t onflags, int64_t offflags, 187 int64_t lifc_flags); 188 static void ifconfig(int argc, char *argv[], int af, 189 struct ifaddrs *ifa); 190 static boolean_t in_getmask(struct sockaddr_in *saddr, 191 boolean_t addr_set); 192 static int in_getprefixlen(char *addr, boolean_t slash, int plen); 193 static boolean_t in_prefixlentomask(int prefixlen, int maxlen, 194 uchar_t *mask); 195 static void status(void); 196 static void ifstatus(const char *ifname); 197 static void tun_status(datalink_id_t); 198 static void usage(void); 199 static int setifdhcp(const char *caller, const char *ifname, 200 int argc, char *argv[]); 201 static int ip_domux2fd(int *, int *, int *, int *, int *); 202 static int ip_plink(int, int, int, int, int); 203 static int modop(char *arg, char op); 204 static int find_all_interfaces(struct lifconf *lifcp, char **buf, 205 int64_t lifc_flags); 206 static int create_ipmp(const char *grname, int af, 207 const char *ifname, boolean_t implicit); 208 static void start_ipmp_daemon(void); 209 static boolean_t ifaddr_up(ifaddrlistx_t *ifaddrp); 210 static boolean_t ifaddr_down(ifaddrlistx_t *ifaddrp); 211 static dladm_status_t ifconfig_dladm_open(const char *, datalink_class_t, 212 datalink_id_t *); 213 static void dladmerr_exit(dladm_status_t status, const char *str); 214 static void ipadmerr_exit(ipadm_status_t status, const char *str); 215 static boolean_t ifconfig_use_libipadm(int, const char *); 216 217 #define max(a, b) ((a) < (b) ? (b) : (a)) 218 219 /* 220 * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there 221 * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep 222 * on going rather than exit with an error. 223 */ 224 225 #define DHCP_EXIT_IF_FAILURE -1 226 227 #define NEXTARG 0xffffff /* command takes an argument */ 228 #define OPTARG 0xfffffe /* command takes an optional argument */ 229 #define AF_ANY (-1) 230 231 /* Refer to the comments in ifconfig() on the netmask "hack" */ 232 #define NETMASK_CMD "netmask" 233 struct sockaddr_storage g_netmask; 234 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET } 235 g_netmask_set = G_NETMASK_NIL; 236 237 struct cmd { 238 char *c_name; 239 int64_t c_parameter; /* NEXTARG means next argv */ 240 int (*c_func)(char *, int64_t); 241 int c_abortonfail; /* don't continue parsing args */ 242 /* for the current interface */ 243 int c_af; /* address family restrictions */ 244 } cmds[] = { 245 { "up", IFF_UP, setifflags, 0, AF_ANY }, 246 { "down", -IFF_UP, setifflags, 0, AF_ANY }, 247 { "trailers", -IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 248 { "-trailers", IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 249 { "arp", -IFF_NOARP, setifflags, 0, AF_INET }, 250 { "-arp", IFF_NOARP, setifflags, 0, AF_INET }, 251 { "router", IFF_ROUTER, setifflags, 0, AF_ANY }, 252 { "-router", -IFF_ROUTER, setifflags, 0, AF_ANY }, 253 { "private", IFF_PRIVATE, setifflags, 0, AF_ANY }, 254 { "-private", -IFF_PRIVATE, setifflags, 0, AF_ANY }, 255 { "xmit", -IFF_NOXMIT, setifflags, 0, AF_ANY }, 256 { "-xmit", IFF_NOXMIT, setifflags, 0, AF_ANY }, 257 { "-nud", IFF_NONUD, setifflags, 0, AF_INET6 }, 258 { "nud", -IFF_NONUD, setifflags, 0, AF_INET6 }, 259 { "anycast", IFF_ANYCAST, setifflags, 0, AF_ANY }, 260 { "-anycast", -IFF_ANYCAST, setifflags, 0, AF_ANY }, 261 { "local", -IFF_NOLOCAL, setifflags, 0, AF_ANY }, 262 { "-local", IFF_NOLOCAL, setifflags, 0, AF_ANY }, 263 { "deprecated", IFF_DEPRECATED, setifflags, 0, AF_ANY }, 264 { "-deprecated", -IFF_DEPRECATED, setifflags, 0, AF_ANY }, 265 { "preferred", IFF_PREFERRED, setifflags, 0, AF_INET6 }, 266 { "-preferred", -IFF_PREFERRED, setifflags, 0, AF_INET6 }, 267 { "debug", 0, setdebugflag, 0, AF_ANY }, 268 { "verbose", 0, setverboseflag, 0, AF_ANY }, 269 { NETMASK_CMD, NEXTARG, setifnetmask, 0, AF_INET }, 270 { "metric", NEXTARG, setifmetric, 0, AF_ANY }, 271 { "mtu", NEXTARG, setifmtu, 0, AF_ANY }, 272 { "index", NEXTARG, setifindex, 0, AF_ANY }, 273 { "broadcast", NEXTARG, setifbroadaddr, 0, AF_INET }, 274 { "auto-revarp", 0, setifrevarp, 1, AF_INET }, 275 { "ipmp", 0, inetipmp, 1, AF_ANY }, 276 { "plumb", 0, inetplumb, 1, AF_ANY }, 277 { "unplumb", 0, inetunplumb, 0, AF_ANY }, 278 { "subnet", NEXTARG, setifsubnet, 0, AF_ANY }, 279 { "token", NEXTARG, setiftoken, 0, AF_INET6 }, 280 { "tsrc", NEXTARG, setiftsrc, 0, AF_ANY }, 281 { "tdst", NEXTARG, setiftdst, 0, AF_ANY }, 282 { "encr_auth_algs", NEXTARG, set_tun_esp_auth_alg, 0, AF_ANY }, 283 { "encr_algs", NEXTARG, set_tun_esp_encr_alg, 0, AF_ANY }, 284 { "auth_algs", NEXTARG, set_tun_ah_alg, 0, AF_ANY }, 285 { "addif", NEXTARG, addif, 1, AF_ANY }, 286 { "removeif", NEXTARG, removeif, 1, AF_ANY }, 287 { "modlist", 0, modlist, 1, AF_ANY }, 288 { "modinsert", NEXTARG, modinsert, 1, AF_ANY }, 289 { "modremove", NEXTARG, modremove, 1, AF_ANY }, 290 { "failover", -IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 291 { "-failover", IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 292 { "standby", IFF_STANDBY, setifflags, 1, AF_ANY }, 293 { "-standby", -IFF_STANDBY, setifflags, 1, AF_ANY }, 294 { "failed", IFF_FAILED, setifflags, 1, AF_ANY }, 295 { "-failed", -IFF_FAILED, setifflags, 1, AF_ANY }, 296 { "group", NEXTARG, setifgroupname, 1, AF_ANY }, 297 { "configinfo", 0, configinfo, 1, AF_ANY }, 298 { "encaplimit", NEXTARG, set_tun_encap_limit, 0, AF_ANY }, 299 { "-encaplimit", 0, clr_tun_encap_limit, 0, AF_ANY }, 300 { "thoplimit", NEXTARG, set_tun_hop_limit, 0, AF_ANY }, 301 { "set", NEXTARG, setifaddr, 0, AF_ANY }, 302 { "destination", NEXTARG, setifdstaddr, 0, AF_ANY }, 303 { "zone", NEXTARG, setzone, 0, AF_ANY }, 304 { "-zone", 0, setzone, 0, AF_ANY }, 305 { "all-zones", 0, setallzones, 0, AF_ANY }, 306 { "ether", OPTARG, setifether, 0, AF_ANY }, 307 { "usesrc", NEXTARG, setifsrc, 0, AF_ANY }, 308 309 /* 310 * NOTE: any additions to this table must also be applied to ifparse 311 * (usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c) 312 */ 313 314 { 0, 0, setifaddr, 0, AF_ANY }, 315 { 0, 0, setifdstaddr, 0, AF_ANY }, 316 { 0, 0, 0, 0, 0 }, 317 }; 318 319 320 typedef struct if_config_cmd { 321 uint64_t iff_flag; 322 int iff_af; 323 char *iff_name; 324 } if_config_cmd_t; 325 326 /* 327 * NOTE: print_config_flags() processes this table in order, so we put "up" 328 * last so that we can be sure "-failover" will take effect first. Otherwise, 329 * IPMP test addresses will erroneously migrate to the IPMP interface. 330 */ 331 static if_config_cmd_t if_config_cmd_tbl[] = { 332 { IFF_NOTRAILERS, AF_UNSPEC, "-trailers" }, 333 { IFF_PRIVATE, AF_UNSPEC, "private" }, 334 { IFF_NOXMIT, AF_UNSPEC, "-xmit" }, 335 { IFF_ANYCAST, AF_INET6, "anycast" }, 336 { IFF_NOLOCAL, AF_UNSPEC, "-local" }, 337 { IFF_DEPRECATED, AF_UNSPEC, "deprecated" }, 338 { IFF_NOFAILOVER, AF_UNSPEC, "-failover" }, 339 { IFF_STANDBY, AF_UNSPEC, "standby" }, 340 { IFF_FAILED, AF_UNSPEC, "failed" }, 341 { IFF_PREFERRED, AF_UNSPEC, "preferred" }, 342 { IFF_NONUD, AF_INET6, "-nud" }, 343 { IFF_NOARP, AF_INET, "-arp" }, 344 { IFF_UP, AF_UNSPEC, "up" }, 345 { 0, 0, NULL }, 346 }; 347 348 typedef struct ni { 349 char ni_name[LIFNAMSIZ]; 350 struct ni *ni_next; 351 } ni_t; 352 353 static ni_t *ni_list = NULL; 354 static int num_ni = 0; 355 356 /* End defines and structure definitions for ifconfig -a plumb */ 357 358 /* Known address families */ 359 struct afswtch { 360 char *af_name; 361 short af_af; 362 void (*af_status)(); 363 void (*af_getaddr)(); 364 void (*af_configinfo)(); 365 } afs[] = { 366 { "inet", AF_INET, in_status, in_getaddr, in_configinfo }, 367 { "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo }, 368 { 0, 0, 0, 0, 0 } 369 }; 370 371 #define SOCKET_AF(af) (((af) == AF_UNSPEC) ? AF_INET : (af)) 372 373 struct afswtch *afp; /* the address family being set or asked about */ 374 375 int 376 main(int argc, char *argv[]) 377 { 378 int64_t lifc_flags; 379 char *default_ip_str; 380 ipadm_status_t istatus; 381 382 lifc_flags = LIFC_DEFAULT; 383 384 if (argc < 2) { 385 (void) strncpy(name, "-a", sizeof (name)); 386 } else { 387 argc--, argv++; 388 if (strlen(*argv) > sizeof (name) - 1) { 389 (void) fprintf(stderr, "%s: interface name too long\n", 390 *argv); 391 exit(1); 392 } 393 (void) strncpy(name, *argv, sizeof (name)); 394 } 395 name[sizeof (name) - 1] = '\0'; 396 (void) strncpy(origname, name, sizeof (origname)); /* For addif */ 397 default_ip_str = NULL; 398 v4compat = get_compat_flag(&default_ip_str); 399 if (v4compat == DEFAULT_PROT_BAD_VALUE) { 400 (void) fprintf(stderr, 401 "ifconfig: %s: Bad value for %s in %s\n", default_ip_str, 402 DEFAULT_IP, INET_DEFAULT_FILE); 403 free(default_ip_str); 404 exit(2); 405 } 406 free(default_ip_str); 407 argc--, argv++; 408 if (argc > 0) { 409 struct afswtch *myafp; 410 411 for (myafp = afp = afs; myafp->af_name; myafp++) { 412 if (strcmp(myafp->af_name, *argv) == 0) { 413 afp = myafp; argc--; argv++; 414 break; 415 } 416 } 417 af = lifr.lifr_addr.ss_family = afp->af_af; 418 if (af == AF_INET6) { 419 v4compat = 0; 420 } 421 } 422 423 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 424 s4 = socket(AF_INET, SOCK_DGRAM, 0); 425 s6 = socket(AF_INET6, SOCK_DGRAM, 0); 426 if (s == -1 || s4 == -1 || s6 == -1) 427 Perror0_exit("socket"); 428 /* 429 * Open the global libipadm handle. The flag IPH_LEGACY has to 430 * be specified to indicate that logical interface names will 431 * be used during interface creation and address creation. 432 */ 433 if ((istatus = ipadm_open(&iph, IPH_LEGACY)) != IPADM_SUCCESS) 434 ipadmerr_exit(istatus, "unable to open handle to libipadm"); 435 436 /* 437 * Special interface names is any combination of these flags. 438 * Note that due to the ifconfig syntax they have to be combined 439 * as a single '-' option. 440 * -a All interfaces 441 * -u "up" interfaces 442 * -d "down" interfaces 443 * -D Interfaces not controlled by DHCP 444 * -4 IPv4 interfaces 445 * -6 IPv6 interfaces 446 * -X Turn on debug (not documented) 447 * -v Turn on verbose 448 * -Z Only interfaces in caller's zone 449 */ 450 451 if (name[0] == '-') { 452 /* One or more options */ 453 int64_t onflags = 0; 454 int64_t offflags = 0; 455 int c; 456 char *av[2] = { "ifconfig", name }; 457 458 while ((c = getopt(2, av, "audhDXZ46v")) != -1) { 459 switch ((char)c) { 460 case 'a': 461 all = 1; 462 break; 463 case 'u': 464 onflags |= IFF_UP; 465 break; 466 case 'd': 467 offflags |= IFF_UP; 468 break; 469 case 'D': 470 offflags |= IFF_DHCPRUNNING; 471 break; 472 case 'X': 473 debug += 3; 474 break; 475 case 'Z': 476 lifc_flags &= ~LIFC_ALLZONES; 477 break; 478 case '4': 479 /* 480 * -4 is not a compatable flag, therefore 481 * we assume they want v4compat turned off 482 */ 483 v4compat = 0; 484 onflags |= IFF_IPV4; 485 break; 486 case '6': 487 /* 488 * If they want IPv6, well then we'll assume 489 * they don't want IPv4 compat 490 */ 491 v4compat = 0; 492 onflags |= IFF_IPV6; 493 break; 494 case 'v': 495 verbose = 1; 496 break; 497 case 'h': 498 case '?': 499 usage(); 500 exit(1); 501 } 502 } 503 if (!all) { 504 (void) fprintf(stderr, 505 "ifconfig: %s: no such interface\n", name); 506 exit(1); 507 } 508 foreachinterface(argc, argv, af, onflags, offflags, 509 lifc_flags); 510 } else { 511 ifconfig(argc, argv, af, NULL); 512 } 513 ipadm_close(iph); 514 return (0); 515 } 516 517 /* 518 * For each interface, call ifconfig(argc, argv, af, ifa). 519 * Only call function if onflags and offflags are set or clear, respectively, 520 * in the interfaces flags field. 521 */ 522 static void 523 foreachinterface(int argc, char *argv[], int af, 524 int64_t onflags, int64_t offflags, int64_t lifc_flags) 525 { 526 ipadm_addr_info_t *ainfo, *ainfop; 527 struct ifaddrs *ifa; 528 ipadm_status_t istatus; 529 530 /* 531 * Special case: 532 * ifconfig -a plumb should find all network interfaces in the current 533 * zone. 534 */ 535 if (argc > 0 && (strcmp(*argv, "plumb") == 0)) { 536 plumball(argc, argv, onflags, offflags, lifc_flags); 537 return; 538 } 539 /* Get all addresses in kernel including addresses that are zero. */ 540 istatus = ipadm_addr_info(iph, NULL, &ainfo, IPADM_OPT_ZEROADDR, 541 lifc_flags); 542 if (istatus != IPADM_SUCCESS) 543 ipadmerr_exit(istatus, "could not get addresses from kernel"); 544 545 /* 546 * For each logical interface, call ifconfig() with the 547 * given arguments. 548 */ 549 for (ainfop = ainfo; ainfop != NULL; ainfop = IA_NEXT(ainfop)) { 550 if (ainfop->ia_state == IFA_DISABLED) 551 continue; 552 ifa = &ainfop->ia_ifa; 553 if (onflags || offflags) { 554 if ((ifa->ifa_flags & onflags) != onflags) 555 continue; 556 if ((~ifa->ifa_flags & offflags) != offflags) 557 continue; 558 } 559 s = (ifa->ifa_addr->sa_family == AF_INET ? s4 : s6); 560 (void) strncpy(name, ifa->ifa_name, sizeof (name)); 561 (void) strncpy(origname, name, sizeof (origname)); 562 ifconfig(argc, argv, af, ifa); 563 } 564 ipadm_free_addr_info(ainfo); 565 } 566 567 /* 568 * Used for `ifconfig -a plumb'. Finds all datalinks and plumbs the interface. 569 */ 570 static void 571 plumball(int argc, char *argv[], int64_t onflags, int64_t offflags, 572 int64_t lifc_flags) 573 { 574 int n; 575 struct lifreq *lifrp; 576 struct lifconf lifc; 577 char *buf; 578 579 if (onflags != 0 || offflags != 0) { 580 (void) fprintf(stderr, "ifconfig: invalid syntax used to " 581 "plumb all interfaces.\n"); 582 exit(1); 583 } 584 585 if (find_all_interfaces(&lifc, &buf, lifc_flags) != 0 || 586 lifc.lifc_len == 0) 587 return; 588 589 lifrp = lifc.lifc_req; 590 for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) { 591 /* 592 * Reset global state 593 * setaddr: Used by parser to tear apart source and dest 594 * name and origname contain the name of the 'current' 595 * interface. 596 */ 597 setaddr = 0; 598 (void) strncpy(name, lifrp->lifr_name, sizeof (name)); 599 (void) strncpy(origname, name, sizeof (origname)); 600 ifconfig(argc, argv, af, NULL); 601 } 602 } 603 604 /* 605 * Parses the interface name and the command in argv[]. Calls the 606 * appropriate callback function for the given command from `cmds[]' 607 * table. 608 * If there is no command specified, it prints all addresses. 609 */ 610 static void 611 ifconfig(int argc, char *argv[], int af, struct ifaddrs *ifa) 612 { 613 static boolean_t scan_netmask = _B_FALSE; 614 int ret; 615 ipadm_status_t istatus; 616 struct lifreq lifr; 617 618 if (argc == 0) { 619 status(); 620 return; 621 } 622 623 if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) { 624 /* 625 * Some errors are ignored in the case where more than one 626 * interface is being operated on. 627 */ 628 ret = setifdhcp("ifconfig", name, argc, argv); 629 if (ret == DHCP_EXIT_IF_FAILURE) { 630 if (!all) 631 exit(DHCP_EXIT_FAILURE); 632 } else if (ret != DHCP_EXIT_SUCCESS) { 633 exit(ret); 634 } 635 return; 636 } 637 638 /* 639 * The following is a "hack" to get around the existing interface 640 * setting mechanism. Currently, each interface attribute, 641 * such as address, netmask, broadcast, ... is set separately. But 642 * sometimes two or more attributes must be set together. For 643 * example, setting an address without a netmask does not make sense. 644 * Yet they can be set separately for IPv4 address using the current 645 * ifconfig(1M) syntax. The kernel then "infers" the correct netmask 646 * using the deprecated "IP address classes." This is simply not 647 * correct. 648 * 649 * The "hack" below is to go thru the whole command list looking for 650 * the netmask command first. Then use this netmask to set the 651 * address. This does not provide an extensible way to accommodate 652 * future need for setting more than one attributes together. 653 * 654 * Note that if the "netmask" command argument is a "+", we need 655 * to save this info and do the query after we know the address to 656 * be set. The reason is that if "addif" is used, the working 657 * interface name will be changed later when the logical interface 658 * is created. In in_getmask(), if an address is not provided, 659 * it will use the working interface's address to do the query. 660 * It will be wrong now as we don't know the logical interface's name. 661 * 662 * ifconfig(1M) is too overloaded and the code is so convoluted 663 * that it is "safer" not to re-architect the code to fix the above 664 * issue, hence this "hack." We may be better off to have a new 665 * command with better syntax for configuring network interface 666 * parameters... 667 */ 668 if (!scan_netmask && afp->af_af == AF_INET) { 669 int largc; 670 char **largv; 671 672 /* Only go thru the command list once to find the netmask. */ 673 scan_netmask = _B_TRUE; 674 675 /* 676 * Currently, if multiple netmask commands are specified, the 677 * last one will be used as the final netmask. So we need 678 * to scan the whole list to preserve this behavior. 679 */ 680 for (largc = argc, largv = argv; largc > 0; largc--, largv++) { 681 if (strcmp(*largv, NETMASK_CMD) == 0) { 682 if (--largc == 0) 683 break; 684 largv++; 685 if (strcmp(*largv, "+") == 0) { 686 g_netmask_set = G_NETMASK_PENDING; 687 } else { 688 in_getaddr(*largv, (struct sockaddr *) 689 &g_netmask, NULL); 690 g_netmask_set = G_NETMASK_SET; 691 } 692 /* Continue the scan. */ 693 } 694 } 695 } 696 697 while (argc > 0) { 698 struct cmd *p; 699 boolean_t found_cmd; 700 701 if (debug) 702 (void) printf("ifconfig: argv %s\n", *argv); 703 704 found_cmd = _B_FALSE; 705 for (p = cmds; p->c_func; p++) { 706 if (p->c_name) { 707 if (strcmp(*argv, p->c_name) == 0) { 708 /* 709 * indicate that the command was 710 * found and check to see if 711 * the address family is valid 712 */ 713 found_cmd = _B_TRUE; 714 if (p->c_af == AF_ANY || 715 af == p->c_af) 716 break; 717 } 718 } else { 719 if (p->c_af == AF_ANY || 720 af == p->c_af) 721 break; 722 } 723 } 724 /* 725 * If we found the keyword, but the address family 726 * did not match spit out an error 727 */ 728 if (found_cmd && p->c_name == 0) { 729 (void) fprintf(stderr, "ifconfig: Operation %s not" 730 " supported for %s\n", *argv, afp->af_name); 731 exit(1); 732 } 733 /* 734 * else (no keyword found), we assume it's an address 735 * of some sort 736 */ 737 if (setaddr && ipaddr != NULL) { 738 /* 739 * We must have already filled in a source address in 740 * `ipaddr' and we now got a destination address. 741 * Fill it in `ipaddr' and call libipadm to create 742 * the static address. 743 */ 744 if (p->c_name == 0) { 745 istatus = ipadm_set_dst_addr(ipaddr, *argv, 746 (p->c_af == AF_ANY ? AF_UNSPEC : af)); 747 if (istatus != IPADM_SUCCESS) { 748 ipadmerr_exit(istatus, "could not " 749 "set destination address"); 750 } 751 /* 752 * finished processing dstaddr, so reset setaddr 753 */ 754 setaddr = 0; 755 } 756 /* 757 * Both source and destination address are in `ipaddr'. 758 * Add the address by calling libipadm. 759 */ 760 istatus = ipadm_create_addr(iph, ipaddr, 761 IPADM_OPT_ACTIVE); 762 if (istatus != IPADM_SUCCESS) 763 goto createfailed; 764 ipadm_destroy_addrobj(ipaddr); 765 ipaddr = NULL; 766 setaddr_done = _B_TRUE; 767 if (p->c_name == 0) { 768 /* move parser along */ 769 argc--, argv++; 770 continue; 771 } 772 } 773 if (p->c_name == 0 && setaddr_done) { 774 /* 775 * catch odd commands like 776 * "ifconfig <intf> addr1 addr2 addr3 addr4 up" 777 */ 778 (void) fprintf(stderr, "%s", 779 "ifconfig: cannot configure more than two " 780 "addresses in one command\n"); 781 exit(1); 782 } 783 if (p->c_func) { 784 if (p->c_af == AF_INET6) { 785 v4compat = 0; 786 } 787 if (p->c_parameter == NEXTARG || 788 p->c_parameter == OPTARG) { 789 argc--, argv++; 790 if (argc == 0 && p->c_parameter == NEXTARG) { 791 (void) fprintf(stderr, 792 "ifconfig: no argument for %s\n", 793 p->c_name); 794 exit(1); 795 } 796 } 797 /* 798 * Call the function if: 799 * 800 * there's no address family 801 * restriction 802 * OR 803 * we don't know the address yet 804 * (because we were called from 805 * main) 806 * OR 807 * there is a restriction AND 808 * the address families match 809 */ 810 if ((p->c_af == AF_ANY) || 811 (ifa == NULL) || 812 (ifa->ifa_addr->sa_family == p->c_af)) { 813 ret = (*p->c_func)(*argv, p->c_parameter); 814 /* 815 * If c_func failed and we should 816 * abort processing for this 817 * interface on failure, return 818 * now rather than going on to 819 * process other commands for 820 * the same interface. 821 */ 822 if (ret != 0 && p->c_abortonfail) 823 return; 824 } 825 } 826 argc--, argv++; 827 } 828 829 if (setaddr && ipaddr != NULL) { 830 /* 831 * Only the source address was provided, which was already 832 * set in `ipaddr'. Add the address by calling libipadm. 833 */ 834 istatus = ipadm_create_addr(iph, ipaddr, IPADM_OPT_ACTIVE); 835 if (istatus != IPADM_SUCCESS) 836 goto createfailed; 837 ipadm_destroy_addrobj(ipaddr); 838 ipaddr = NULL; 839 setaddr_done = _B_TRUE; 840 } 841 842 /* Check to see if there's a security hole in the tunnel setup. */ 843 if (ipsec_policy_set && !ipsec_auth_covered) { 844 (void) fprintf(stderr, "ifconfig: WARNING: tunnel with only " 845 "ESP and no authentication.\n"); 846 } 847 return; 848 849 createfailed: 850 (void) fprintf(stderr, "ifconfig: could not create address:% s\n", 851 ipadm_status2str(istatus)); 852 /* Remove the newly created logical interface. */ 853 if (strcmp(name, origname) != 0) { 854 assert(strchr(name, ':') != NULL); 855 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 856 (void) ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr); 857 } 858 exit(1); 859 } 860 861 /* ARGSUSED */ 862 static int 863 setdebugflag(char *val, int64_t arg) 864 { 865 debug++; 866 return (0); 867 } 868 869 /* ARGSUSED */ 870 static int 871 setverboseflag(char *val, int64_t arg) 872 { 873 verbose++; 874 return (0); 875 } 876 877 /* 878 * This function fills in the given lifreq's lifr_addr field based on 879 * g_netmask_set. 880 */ 881 static void 882 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr, 883 struct sockaddr_storage *mask) 884 { 885 assert(addr != NULL); 886 assert(mask != NULL); 887 888 switch (g_netmask_set) { 889 case G_NETMASK_SET: 890 lifr->lifr_addr = g_netmask; 891 break; 892 893 case G_NETMASK_PENDING: 894 /* 895 * "+" is used as the argument to "netmask" command. Query 896 * the database on the correct netmask based on the address to 897 * be set. 898 */ 899 assert(afp->af_af == AF_INET); 900 g_netmask = *addr; 901 if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) { 902 lifr->lifr_addr = *mask; 903 g_netmask_set = G_NETMASK_NIL; 904 } else { 905 lifr->lifr_addr = g_netmask; 906 g_netmask_set = G_NETMASK_SET; 907 } 908 break; 909 910 case G_NETMASK_NIL: 911 default: 912 lifr->lifr_addr = *mask; 913 break; 914 } 915 } 916 917 /* 918 * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n> 919 * syntax for setting the address, the address plus netmask, and just 920 * the netmask respectively. 921 */ 922 /* ARGSUSED */ 923 static int 924 setifaddr(char *addr, int64_t param) 925 { 926 ipadm_status_t istatus; 927 int prefixlen = 0; 928 struct lifreq lifr1; 929 struct sockaddr_storage laddr; 930 struct sockaddr_storage netmask; 931 struct sockaddr_in6 *sin6; 932 struct sockaddr_in *sin; 933 struct sockaddr_storage sav_netmask; 934 char cidraddr[BUFSIZ]; 935 936 if (addr[0] == '/') 937 return (setifprefixlen(addr, 0)); 938 939 (*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen); 940 941 (void) memset(&netmask, 0, sizeof (netmask)); 942 netmask.ss_family = afp->af_af; 943 switch (prefixlen) { 944 case NO_PREFIX: 945 /* Nothing there - ok */ 946 break; 947 case BAD_ADDR: 948 (void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n", 949 addr); 950 exit(1); 951 default: 952 if (afp->af_af == AF_INET6) { 953 sin6 = (struct sockaddr_in6 *)&netmask; 954 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 955 (uchar_t *)&sin6->sin6_addr)) { 956 (void) fprintf(stderr, "ifconfig: " 957 "Bad prefix length: %d\n", 958 prefixlen); 959 exit(1); 960 } 961 } else { 962 sin = (struct sockaddr_in *)&netmask; 963 if (!in_prefixlentomask(prefixlen, IP_ABITS, 964 (uchar_t *)&sin->sin_addr)) { 965 (void) fprintf(stderr, "ifconfig: " 966 "Bad prefix length: %d\n", 967 prefixlen); 968 exit(1); 969 } 970 } 971 /* 972 * Just in case of funny setting of both prefix and netmask, 973 * prefix should override the netmask command. 974 */ 975 g_netmask_set = G_NETMASK_NIL; 976 break; 977 } 978 979 /* 980 * Check and see if any "netmask" command is used and perform the 981 * necessary operation. 982 */ 983 set_mask_lifreq(&lifr, &laddr, &netmask); 984 985 /* This check is temporary until libipadm supports IPMP interfaces. */ 986 if (ifconfig_use_libipadm(s, name)) { 987 char addrstr[INET6_ADDRSTRLEN]; 988 989 if (af == AF_INET) { 990 sin = (struct sockaddr_in *)&laddr; 991 (void) inet_ntop(AF_INET, &sin->sin_addr, addrstr, 992 sizeof (addrstr)); 993 } else { 994 sin6 = (struct sockaddr_in6 *)&laddr; 995 (void) inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr, 996 sizeof (addrstr)); 997 } 998 istatus = ipadm_create_addrobj(IPADM_ADDR_STATIC, name, 999 &ipaddr); 1000 if (istatus != IPADM_SUCCESS) 1001 ipadmerr_exit(istatus, "setifaddr"); 1002 1003 /* 1004 * lifr.lifr_addr, which is updated by set_mask_lifreq() 1005 * will contain the right mask to use. 1006 */ 1007 prefixlen = mask2plen((struct sockaddr *)&lifr.lifr_addr); 1008 (void) snprintf(cidraddr, sizeof (cidraddr), "%s/%d", 1009 addrstr, prefixlen); 1010 1011 istatus = ipadm_set_addr(ipaddr, cidraddr, af); 1012 if (istatus != IPADM_SUCCESS) 1013 ipadmerr_exit(istatus, "could not set address"); 1014 /* 1015 * let parser know we got a source. 1016 * Next address, if given, should be dest 1017 */ 1018 setaddr++; 1019 1020 /* 1021 * address will be set by the parser after nextarg has 1022 * been scanned 1023 */ 1024 return (0); 1025 } 1026 1027 /* Tell parser that an address was set */ 1028 setaddr++; 1029 /* save copy of netmask to restore in case of error */ 1030 (void) strncpy(lifr1.lifr_name, name, sizeof (lifr1.lifr_name)); 1031 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr1) < 0) 1032 Perror0_exit("SIOCGLIFNETMASK"); 1033 sav_netmask = lifr1.lifr_addr; 1034 1035 /* 1036 * If setting the address and not the mask, clear any existing mask 1037 * and the kernel will then assign the default (netmask has been set 1038 * to 0 in this case). If setting both (either by using a prefix or 1039 * using the netmask command), set the mask first, so the address will 1040 * be interpreted correctly. 1041 */ 1042 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1043 /* lifr.lifr_addr already contains netmask from set_mask_lifreq() */ 1044 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1045 Perror0_exit("SIOCSLIFNETMASK"); 1046 1047 if (debug) { 1048 char abuf[INET6_ADDRSTRLEN]; 1049 void *addr = (afp->af_af == AF_INET) ? 1050 (void *)&((struct sockaddr_in *)&laddr)->sin_addr : 1051 (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr; 1052 1053 (void) printf("Setting %s af %d addr %s\n", 1054 lifr.lifr_name, afp->af_af, 1055 inet_ntop(afp->af_af, addr, abuf, sizeof (abuf))); 1056 } 1057 lifr.lifr_addr = laddr; 1058 lifr.lifr_addr.ss_family = afp->af_af; 1059 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) { 1060 /* 1061 * Restore the netmask 1062 */ 1063 int saverr = errno; 1064 1065 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1066 lifr.lifr_addr = sav_netmask; 1067 (void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr); 1068 errno = saverr; 1069 Perror0_exit("SIOCSLIFADDR"); 1070 } 1071 1072 return (0); 1073 } 1074 1075 /* 1076 * The following functions are stolen from the ipseckey(1m) program. 1077 * Perhaps they should be somewhere common, but for now, we just maintain 1078 * two versions. We do this because of the different semantics for which 1079 * algorithms we select ("requested" for ifconfig vs. "actual" for key). 1080 */ 1081 1082 static ulong_t 1083 parsenum(char *num) 1084 { 1085 ulong_t rc; 1086 char *end = NULL; 1087 1088 errno = 0; 1089 rc = strtoul(num, &end, 0); 1090 if (errno != 0 || end == num || *end != '\0') { 1091 rc = (ulong_t)-1; 1092 } 1093 1094 return (rc); 1095 } 1096 1097 /* 1098 * Parse and reverse parse possible algorithm values, include numbers. 1099 * Mostly stolen from ipseckey.c. See the comments above parsenum() for why 1100 * this isn't common to ipseckey.c. 1101 * 1102 * NOTE: Static buffer in this function for the return value. Since ifconfig 1103 * isn't multithreaded, this isn't a huge problem. 1104 */ 1105 1106 #define NBUF_SIZE 20 /* Enough to print a large integer. */ 1107 1108 static char * 1109 rparsealg(uint8_t alg_value, int proto_num) 1110 { 1111 struct ipsecalgent *alg; 1112 static char numprint[128]; /* Enough to hold an algorithm name. */ 1113 1114 /* 1115 * Special cases for "any" and "none" 1116 * The kernel needs to be able to distinguish between "any" 1117 * and "none" and the APIs are underdefined in this area for auth. 1118 */ 1119 if (proto_num == IPSEC_PROTO_AH) { 1120 if (alg_value == SADB_AALG_NONE) 1121 return ("none"); 1122 if (alg_value == SADB_AALG_ANY) 1123 return ("any"); 1124 } 1125 1126 alg = getipsecalgbynum(alg_value, proto_num, NULL); 1127 if (alg != NULL) { 1128 (void) strlcpy(numprint, alg->a_names[0], sizeof (numprint)); 1129 freeipsecalgent(alg); 1130 } else { 1131 (void) snprintf(numprint, sizeof (numprint), "%d", alg_value); 1132 } 1133 1134 return (numprint); 1135 } 1136 1137 static uint_t 1138 parsealg(char *algname, int proto_num) 1139 { 1140 struct ipsecalgent *alg; 1141 ulong_t invalue; 1142 1143 if (algname == NULL) { 1144 (void) fprintf(stderr, "ifconfig: Unexpected end of command " 1145 "line.\n"); 1146 exit(1); 1147 } 1148 1149 /* 1150 * Special-case "none" and "any". 1151 * Use strcasecmp because its length is bounded. 1152 */ 1153 if (strcasecmp("none", algname) == 0) { 1154 return ((proto_num == IPSEC_PROTO_ESP) ? 1155 NO_ESP_EALG : NO_ESP_AALG); 1156 } 1157 if ((strcasecmp("any", algname) == 0) && (proto_num == IPSEC_PROTO_AH)) 1158 return (SADB_AALG_ANY); 1159 1160 alg = getipsecalgbyname(algname, proto_num, NULL); 1161 if (alg != NULL) { 1162 invalue = alg->a_alg_num; 1163 freeipsecalgent(alg); 1164 return ((uint_t)invalue); 1165 } 1166 1167 /* 1168 * Since algorithms can be loaded during kernel run-time, check for 1169 * numeric algorithm values too. 1170 */ 1171 invalue = parsenum(algname); 1172 if ((invalue & (ulong_t)0xff) == invalue) 1173 return ((uint_t)invalue); 1174 1175 (void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n", 1176 (proto_num == IPSEC_PROTO_ESP) ? 1177 "Encryption" : "Authentication", algname); 1178 exit(1); 1179 /* NOTREACHED */ 1180 } 1181 1182 /* 1183 * Actual ifconfig functions to set tunnel security properties. 1184 */ 1185 1186 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG }; 1187 1188 static int 1189 set_tun_algs(int which_alg, int alg) 1190 { 1191 boolean_t encr_alg_set = _B_FALSE; 1192 iptun_params_t params; 1193 dladm_status_t status; 1194 ipsec_req_t *ipsr; 1195 1196 if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, 1197 ¶ms.iptun_param_linkid)) != DLADM_STATUS_OK) 1198 goto done; 1199 1200 status = dladm_iptun_getparams(dlh, ¶ms, DLADM_OPT_ACTIVE); 1201 if (status != DLADM_STATUS_OK) 1202 goto done; 1203 1204 ipsr = ¶ms.iptun_param_secinfo; 1205 1206 /* 1207 * If I'm just starting off this ifconfig, I want a clean slate, 1208 * otherwise, I've captured the current tunnel security settings. 1209 * In the case of continuation, I merely add to the settings. 1210 */ 1211 if (!(params.iptun_param_flags & IPTUN_PARAM_SECINFO)) 1212 (void) memset(ipsr, 0, sizeof (*ipsr)); 1213 1214 /* We're only modifying the IPsec information */ 1215 params.iptun_param_flags = IPTUN_PARAM_SECINFO; 1216 1217 switch (which_alg) { 1218 case ESP_ENCR_ALG: 1219 if (alg == NO_ESP_EALG) { 1220 if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE) 1221 ipsr->ipsr_esp_req = 0; 1222 ipsr->ipsr_esp_alg = SADB_EALG_NONE; 1223 1224 /* Let the user specify NULL encryption implicitly. */ 1225 if (ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) { 1226 encr_alg_set = _B_TRUE; 1227 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1228 } 1229 } else { 1230 encr_alg_set = _B_TRUE; 1231 ipsr->ipsr_esp_req = 1232 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1233 ipsr->ipsr_esp_alg = alg; 1234 } 1235 break; 1236 case ESP_AUTH_ALG: 1237 if (alg == NO_ESP_AALG) { 1238 if ((ipsr->ipsr_esp_alg == SADB_EALG_NONE || 1239 ipsr->ipsr_esp_alg == SADB_EALG_NULL) && 1240 !encr_alg_set) 1241 ipsr->ipsr_esp_req = 0; 1242 ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE; 1243 } else { 1244 ipsr->ipsr_esp_req = 1245 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1246 ipsr->ipsr_esp_auth_alg = alg; 1247 1248 /* Let the user specify NULL encryption implicitly. */ 1249 if (ipsr->ipsr_esp_alg == SADB_EALG_NONE && 1250 !encr_alg_set) 1251 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1252 } 1253 break; 1254 case AH_AUTH_ALG: 1255 if (alg == NO_AH_AALG) { 1256 ipsr->ipsr_ah_req = 0; 1257 ipsr->ipsr_auth_alg = SADB_AALG_NONE; 1258 } else { 1259 ipsr->ipsr_ah_req = 1260 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1261 ipsr->ipsr_auth_alg = alg; 1262 } 1263 break; 1264 /* Will never hit DEFAULT */ 1265 } 1266 1267 status = dladm_iptun_modify(dlh, ¶ms, DLADM_OPT_ACTIVE); 1268 1269 done: 1270 if (status != DLADM_STATUS_OK) 1271 dladmerr_exit(status, name); 1272 else { 1273 ipsec_policy_set = _B_TRUE; 1274 if ((ipsr->ipsr_esp_req != 0 && 1275 ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) || 1276 (ipsr->ipsr_ah_req != 0 && 1277 ipsr->ipsr_auth_alg != SADB_AALG_NONE)) 1278 ipsec_auth_covered = _B_TRUE; 1279 } 1280 return (0); 1281 } 1282 1283 /* ARGSUSED */ 1284 static int 1285 set_tun_esp_encr_alg(char *addr, int64_t param) 1286 { 1287 return (set_tun_algs(ESP_ENCR_ALG, 1288 parsealg(addr, IPSEC_PROTO_ESP))); 1289 } 1290 1291 /* ARGSUSED */ 1292 static int 1293 set_tun_esp_auth_alg(char *addr, int64_t param) 1294 { 1295 return (set_tun_algs(ESP_AUTH_ALG, 1296 parsealg(addr, IPSEC_PROTO_AH))); 1297 } 1298 1299 /* ARGSUSED */ 1300 static int 1301 set_tun_ah_alg(char *addr, int64_t param) 1302 { 1303 return (set_tun_algs(AH_AUTH_ALG, 1304 parsealg(addr, IPSEC_PROTO_AH))); 1305 } 1306 1307 /* ARGSUSED */ 1308 static int 1309 setifrevarp(char *arg, int64_t param) 1310 { 1311 struct sockaddr_in laddr; 1312 1313 if (afp->af_af == AF_INET6) { 1314 (void) fprintf(stderr, 1315 "ifconfig: revarp not possible on IPv6 interface %s\n", 1316 name); 1317 exit(1); 1318 } 1319 if (doifrevarp(name, &laddr)) { 1320 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1321 laddr.sin_family = AF_INET; 1322 (void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr)); 1323 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1324 Perror0_exit("SIOCSLIFADDR"); 1325 } 1326 return (0); 1327 } 1328 1329 /* ARGSUSED */ 1330 static int 1331 setifsubnet(char *addr, int64_t param) 1332 { 1333 int prefixlen = 0; 1334 struct sockaddr_storage subnet; 1335 1336 (*afp->af_getaddr)(addr, &subnet, &prefixlen); 1337 1338 switch (prefixlen) { 1339 case NO_PREFIX: 1340 (void) fprintf(stderr, 1341 "ifconfig: Missing prefix length in subnet %s\n", addr); 1342 exit(1); 1343 /* NOTREACHED */ 1344 case BAD_ADDR: 1345 (void) fprintf(stderr, 1346 "ifconfig: Bad prefix length in %s\n", addr); 1347 exit(1); 1348 default: 1349 break; 1350 } 1351 1352 lifr.lifr_addr = subnet; 1353 lifr.lifr_addrlen = prefixlen; 1354 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1355 if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0) 1356 Perror0_exit("SIOCSLIFSUBNET"); 1357 1358 return (0); 1359 } 1360 1361 /* ARGSUSED */ 1362 static int 1363 setifnetmask(char *addr, int64_t param) 1364 { 1365 struct sockaddr_in netmask; 1366 1367 assert(afp->af_af != AF_INET6); 1368 1369 if (strcmp(addr, "+") == 0) { 1370 if (!in_getmask(&netmask, _B_FALSE)) 1371 return (0); 1372 (void) printf("Setting netmask of %s to %s\n", name, 1373 inet_ntoa(netmask.sin_addr)); 1374 } else { 1375 in_getaddr(addr, (struct sockaddr *)&netmask, NULL); 1376 } 1377 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1378 (void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask)); 1379 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1380 Perror0_exit("SIOCSLIFNETMASK"); 1381 return (0); 1382 } 1383 1384 /* 1385 * Parse '/<n>' as a netmask. 1386 */ 1387 /* ARGSUSED */ 1388 static int 1389 setifprefixlen(char *addr, int64_t param) 1390 { 1391 int prefixlen; 1392 int af = afp->af_af; 1393 1394 prefixlen = in_getprefixlen(addr, _B_TRUE, 1395 (af == AF_INET) ? IP_ABITS : IPV6_ABITS); 1396 if (prefixlen < 0) { 1397 (void) fprintf(stderr, 1398 "ifconfig: Bad prefix length in %s\n", addr); 1399 exit(1); 1400 } 1401 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1402 lifr.lifr_addr.ss_family = af; 1403 if (af == AF_INET6) { 1404 struct sockaddr_in6 *sin6; 1405 1406 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 1407 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1408 (uchar_t *)&sin6->sin6_addr)) { 1409 (void) fprintf(stderr, "ifconfig: " 1410 "Bad prefix length: %d\n", 1411 prefixlen); 1412 exit(1); 1413 } 1414 } else if (af == AF_INET) { 1415 struct sockaddr_in *sin; 1416 1417 sin = (struct sockaddr_in *)&lifr.lifr_addr; 1418 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1419 (uchar_t *)&sin->sin_addr)) { 1420 (void) fprintf(stderr, "ifconfig: " 1421 "Bad prefix length: %d\n", 1422 prefixlen); 1423 exit(1); 1424 } 1425 } else { 1426 (void) fprintf(stderr, "ifconfig: setting prefix only supported" 1427 " for address family inet or inet6\n"); 1428 exit(1); 1429 } 1430 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1431 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1432 Perror0_exit("SIOCSLIFNETMASK"); 1433 return (0); 1434 } 1435 1436 /* ARGSUSED */ 1437 static int 1438 setifbroadaddr(char *addr, int64_t param) 1439 { 1440 struct sockaddr_in broadaddr; 1441 1442 assert(afp->af_af != AF_INET6); 1443 1444 if (strcmp(addr, "+") == 0) { 1445 /* 1446 * This doesn't set the broadcast address at all. Rather, it 1447 * gets, then sets the interface's address, relying on the fact 1448 * that resetting the address will reset the broadcast address. 1449 */ 1450 (void) strncpy(lifr.lifr_name, name, 1451 sizeof (lifr.lifr_name)); 1452 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 1453 if (errno != EADDRNOTAVAIL) 1454 Perror0_exit("SIOCGLIFADDR"); 1455 return (0); 1456 } 1457 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1458 Perror0_exit("SIOCGLIFADDR"); 1459 1460 return (0); 1461 } 1462 in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL); 1463 1464 (void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr)); 1465 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1466 if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0) 1467 Perror0_exit("SIOCSLIFBRDADDR"); 1468 return (0); 1469 } 1470 1471 /* 1472 * set interface destination address 1473 */ 1474 /* ARGSUSED */ 1475 static int 1476 setifdstaddr(char *addr, int64_t param) 1477 { 1478 (*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL); 1479 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1480 if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0) 1481 Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR"); 1482 return (0); 1483 } 1484 1485 /* ARGSUSED */ 1486 static int 1487 setifflags(char *val, int64_t value) 1488 { 1489 struct lifreq lifrl; /* local lifreq struct */ 1490 boolean_t bringup = _B_FALSE; 1491 1492 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1493 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) 1494 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1495 1496 if (value < 0) { 1497 value = -value; 1498 1499 if ((value & IFF_NOFAILOVER) && (lifr.lifr_flags & IFF_UP)) { 1500 /* 1501 * The kernel does not allow administratively up test 1502 * addresses to be converted to data addresses. Bring 1503 * the address down first, then bring it up after it's 1504 * been converted to a data address. 1505 */ 1506 lifr.lifr_flags &= ~IFF_UP; 1507 (void) ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr); 1508 bringup = _B_TRUE; 1509 } 1510 1511 lifr.lifr_flags &= ~value; 1512 if ((value & (IFF_UP | IFF_NOFAILOVER)) && 1513 (lifr.lifr_flags & IFF_DUPLICATE)) { 1514 /* 1515 * If the user is trying to mark an interface with a 1516 * duplicate address as "down," or convert a duplicate 1517 * test address to a data address, then fetch the 1518 * address and set it. This will cause IP to clear 1519 * the IFF_DUPLICATE flag and stop the automatic 1520 * recovery timer. 1521 */ 1522 value = lifr.lifr_flags; 1523 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) 1524 (void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr); 1525 lifr.lifr_flags = value; 1526 } 1527 } else { 1528 lifr.lifr_flags |= value; 1529 } 1530 1531 /* 1532 * If we're about to bring up an underlying physical IPv6 interface in 1533 * an IPMP group, ensure the IPv6 IPMP interface is also up. This is 1534 * for backward compatibility with legacy configurations in which 1535 * there are no explicit hostname files for IPMP interfaces. (For 1536 * IPv4, this is automatically handled by the kernel when migrating 1537 * the underlying interface's data address to the IPMP interface.) 1538 */ 1539 (void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ); 1540 1541 if (lifnum(lifr.lifr_name) == 0 && 1542 (lifr.lifr_flags & (IFF_UP|IFF_IPV6)) == (IFF_UP|IFF_IPV6) && 1543 ioctl(s, SIOCGLIFGROUPNAME, &lifrl) == 0 && 1544 lifrl.lifr_groupname[0] != '\0') { 1545 lifgroupinfo_t lifgr; 1546 1547 (void) strlcpy(lifgr.gi_grname, lifrl.lifr_groupname, 1548 LIFGRNAMSIZ); 1549 if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) 1550 Perror0_exit("setifflags: SIOCGLIFGROUPINFO"); 1551 1552 (void) strlcpy(lifrl.lifr_name, lifgr.gi_grifname, LIFNAMSIZ); 1553 if (ioctl(s, SIOCGLIFFLAGS, &lifrl) == -1) 1554 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1555 if (!(lifrl.lifr_flags & IFF_UP)) { 1556 lifrl.lifr_flags |= IFF_UP; 1557 if (ioctl(s, SIOCSLIFFLAGS, &lifrl) == -1) 1558 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1559 } 1560 } 1561 1562 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1563 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) 1564 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1565 1566 if (bringup) { 1567 lifr.lifr_flags |= IFF_UP; 1568 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) 1569 Perror0_exit("setifflags: SIOCSLIFFLAGS IFF_UP"); 1570 } 1571 1572 return (0); 1573 } 1574 1575 /* ARGSUSED */ 1576 static int 1577 setifmetric(char *val, int64_t param) 1578 { 1579 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1580 lifr.lifr_metric = atoi(val); 1581 if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0) 1582 Perror0_exit("setifmetric: SIOCSLIFMETRIC"); 1583 return (0); 1584 } 1585 1586 /* ARGSUSED */ 1587 static int 1588 setifmtu(char *val, int64_t param) 1589 { 1590 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1591 lifr.lifr_mtu = atoi(val); 1592 if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0) 1593 Perror0_exit("setifmtu: SIOCSLIFMTU"); 1594 return (0); 1595 } 1596 1597 /* ARGSUSED */ 1598 static int 1599 setifindex(char *val, int64_t param) 1600 { 1601 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1602 lifr.lifr_index = atoi(val); 1603 if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0) 1604 Perror0_exit("setifindex: SIOCSLIFINDEX"); 1605 return (0); 1606 } 1607 1608 /* ARGSUSED */ 1609 static void 1610 notifycb(dlpi_handle_t dh, dlpi_notifyinfo_t *dnip, void *arg) 1611 { 1612 } 1613 1614 /* ARGSUSED */ 1615 static int 1616 setifether(char *addr, int64_t param) 1617 { 1618 uchar_t *hwaddr; 1619 int hwaddrlen; 1620 int retval; 1621 ifaddrlistx_t *ifaddrp, *ifaddrs = NULL; 1622 dlpi_handle_t dh; 1623 dlpi_notifyid_t id; 1624 1625 if (addr == NULL) { 1626 ifstatus(name); 1627 print_ifether(name); 1628 return (0); 1629 } 1630 1631 /* 1632 * if the IP interface in the arguments is a logical 1633 * interface, exit with an error now. 1634 */ 1635 if (strchr(name, ':') != NULL) { 1636 (void) fprintf(stderr, "ifconfig: cannot change" 1637 " ethernet address of a logical interface\n"); 1638 exit(1); 1639 } 1640 1641 if ((hwaddr = _link_aton(addr, &hwaddrlen)) == NULL) { 1642 if (hwaddrlen == -1) 1643 (void) fprintf(stderr, 1644 "ifconfig: bad ethernet address\n"); 1645 else 1646 (void) fprintf(stderr, "ifconfig: malloc() failed\n"); 1647 exit(1); 1648 } 1649 1650 if ((retval = dlpi_open(name, &dh, 0)) != DLPI_SUCCESS) 1651 Perrdlpi_exit("cannot dlpi_open() link", name, retval); 1652 1653 retval = dlpi_enabnotify(dh, DL_NOTE_PHYS_ADDR, notifycb, NULL, &id); 1654 if (retval == DLPI_SUCCESS) { 1655 (void) dlpi_disabnotify(dh, id, NULL); 1656 } else { 1657 /* 1658 * This link does not support DL_NOTE_PHYS_ADDR: bring down 1659 * all of the addresses to flush the old hardware address 1660 * information out of IP. 1661 * 1662 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is 1663 * more than an optimization: in.mpathd will set IFF_OFFLINE 1664 * if it's notified and the new address is a duplicate of 1665 * another in the group -- but the flags manipulation in 1666 * ifaddr_{down,up}() cannot be atomic and thus might clobber 1667 * IFF_OFFLINE, confusing in.mpathd. 1668 */ 1669 if (ifaddrlistx(name, IFF_UP, 0, &ifaddrs) == -1) 1670 Perror2_exit(name, "cannot get address list"); 1671 1672 ifaddrp = ifaddrs; 1673 for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 1674 if (!ifaddr_down(ifaddrp)) { 1675 Perror2_exit(ifaddrp->ia_name, 1676 "cannot bring down"); 1677 } 1678 } 1679 } 1680 1681 /* 1682 * Change the hardware address. 1683 */ 1684 retval = dlpi_set_physaddr(dh, DL_CURR_PHYS_ADDR, hwaddr, hwaddrlen); 1685 if (retval != DLPI_SUCCESS) { 1686 (void) fprintf(stderr, 1687 "ifconfig: failed setting mac address on %s\n", name); 1688 } 1689 dlpi_close(dh); 1690 1691 /* 1692 * If any addresses were brought down before changing the hardware 1693 * address, bring them up again. 1694 */ 1695 for (ifaddrp = ifaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 1696 if (!ifaddr_up(ifaddrp)) 1697 Perror2_exit(ifaddrp->ia_name, "cannot bring up"); 1698 } 1699 ifaddrlistx_free(ifaddrs); 1700 1701 return (0); 1702 } 1703 1704 /* 1705 * Print an interface's Ethernet address, if it has one. 1706 */ 1707 static void 1708 print_ifether(const char *ifname) 1709 { 1710 int fd; 1711 1712 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1713 1714 fd = socket(AF_INET, SOCK_DGRAM, 0); 1715 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1716 /* 1717 * It's possible the interface is only configured for 1718 * IPv6; check again with AF_INET6. 1719 */ 1720 (void) close(fd); 1721 fd = socket(AF_INET6, SOCK_DGRAM, 0); 1722 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1723 (void) close(fd); 1724 return; 1725 } 1726 } 1727 (void) close(fd); 1728 1729 /* VNI and IPMP interfaces don't have MAC addresses */ 1730 if (lifr.lifr_flags & (IFF_VIRTUAL|IFF_IPMP)) 1731 return; 1732 1733 /* IP tunnels also don't have Ethernet-like MAC addresses */ 1734 if (ifconfig_dladm_open(ifname, DATALINK_CLASS_IPTUN, NULL) == 1735 DLADM_STATUS_OK) 1736 return; 1737 1738 dlpi_print_address(ifname); 1739 } 1740 1741 /* 1742 * static int find_all_interfaces(struct lifconf *lifcp, char **buf, 1743 * int64_t lifc_flags) 1744 * 1745 * It finds all active data links. 1746 * 1747 * It takes in input a pointer to struct lifconf to receive interfaces 1748 * informations, a **char to hold allocated buffer, and a lifc_flags. 1749 * 1750 * Return values: 1751 * 0 = everything OK 1752 * -1 = problem 1753 */ 1754 static int 1755 find_all_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags) 1756 { 1757 unsigned bufsize; 1758 int n; 1759 ni_t *nip; 1760 struct lifreq *lifrp; 1761 dladm_status_t status; 1762 1763 if (!dlh_opened) { 1764 status = ifconfig_dladm_open(NULL, 0, NULL); 1765 if (status != DLADM_STATUS_OK) 1766 dladmerr_exit(status, "unable to open dladm handle"); 1767 } 1768 1769 (void) dlpi_walk(ni_entry, dlh, 0); 1770 1771 /* Now, translate the linked list into a struct lifreq buffer */ 1772 if (num_ni == 0) { 1773 lifcp->lifc_family = AF_UNSPEC; 1774 lifcp->lifc_flags = lifc_flags; 1775 lifcp->lifc_len = 0; 1776 lifcp->lifc_buf = NULL; 1777 return (0); 1778 } 1779 1780 bufsize = num_ni * sizeof (struct lifreq); 1781 if ((*buf = malloc(bufsize)) == NULL) 1782 Perror0_exit("find_all_interfaces: malloc failed"); 1783 1784 lifcp->lifc_family = AF_UNSPEC; 1785 lifcp->lifc_flags = lifc_flags; 1786 lifcp->lifc_len = bufsize; 1787 lifcp->lifc_buf = *buf; 1788 1789 for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) { 1790 nip = ni_list; 1791 (void) strncpy(lifrp->lifr_name, nip->ni_name, 1792 sizeof (lifr.lifr_name)); 1793 ni_list = nip->ni_next; 1794 free(nip); 1795 } 1796 return (0); 1797 } 1798 1799 /* 1800 * Create the next unused logical interface using the original name 1801 * and assign the address (and mask if '/<n>' is part of the address). 1802 * Use the new logical interface for subsequent subcommands by updating 1803 * the name variable. 1804 * 1805 * This allows syntax like: 1806 * ifconfig le0 addif 109.106.86.130 netmask + up \ 1807 * addif 109.106.86.131 netmask + up 1808 */ 1809 /* ARGSUSED */ 1810 static int 1811 addif(char *str, int64_t param) 1812 { 1813 int prefixlen = 0; 1814 struct sockaddr_storage laddr; 1815 struct sockaddr_storage mask; 1816 struct sockaddr_in6 *sin6; 1817 struct sockaddr_in *sin; 1818 ipadm_status_t istatus; 1819 char cidraddr[BUFSIZ]; 1820 char addrstr[INET6_ADDRSTRLEN]; 1821 1822 (void) strncpy(name, origname, sizeof (name)); 1823 1824 if (strchr(name, ':') != NULL) { 1825 (void) fprintf(stderr, 1826 "ifconfig: addif: bad physical interface name %s\n", 1827 name); 1828 exit(1); 1829 } 1830 1831 /* 1832 * clear so parser will interpret next address as source followed 1833 * by possible dest 1834 */ 1835 setaddr = 0; 1836 (*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen); 1837 1838 (void) memset(&mask, 0, sizeof (mask)); 1839 mask.ss_family = afp->af_af; 1840 1841 switch (prefixlen) { 1842 case NO_PREFIX: 1843 /* Nothing there - ok */ 1844 break; 1845 case BAD_ADDR: 1846 (void) fprintf(stderr, 1847 "ifconfig: Bad prefix length in %s\n", str); 1848 exit(1); 1849 default: 1850 (void) memset(&mask, 0, sizeof (mask)); 1851 mask.ss_family = afp->af_af; 1852 if (afp->af_af == AF_INET6) { 1853 sin6 = (struct sockaddr_in6 *)&mask; 1854 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1855 (uchar_t *)&sin6->sin6_addr)) { 1856 (void) fprintf(stderr, "ifconfig: " 1857 "Bad prefix length: %d\n", 1858 prefixlen); 1859 exit(1); 1860 } 1861 } else { 1862 sin = (struct sockaddr_in *)&mask; 1863 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1864 (uchar_t *)&sin->sin_addr)) { 1865 (void) fprintf(stderr, "ifconfig: " 1866 "Bad prefix length: %d\n", 1867 prefixlen); 1868 exit(1); 1869 } 1870 } 1871 g_netmask_set = G_NETMASK_NIL; 1872 break; 1873 } 1874 1875 /* 1876 * This is a "hack" to get around the problem of SIOCLIFADDIF. The 1877 * problem is that this ioctl does not include the netmask when 1878 * adding a logical interface. This is the same problem described 1879 * in the ifconfig() comments. To get around this problem, we first 1880 * add the logical interface with a 0 address. After that, we set 1881 * the netmask if provided. Finally we set the interface address. 1882 */ 1883 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1884 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1885 1886 /* Note: no need to do DAD here since the interface isn't up yet. */ 1887 1888 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) 1889 Perror0_exit("addif: SIOCLIFADDIF"); 1890 1891 (void) printf("Created new logical interface %s\n", 1892 lifr.lifr_name); 1893 (void) strncpy(name, lifr.lifr_name, sizeof (name)); 1894 1895 /* 1896 * Check and see if any "netmask" command is used and perform the 1897 * necessary operation. 1898 */ 1899 set_mask_lifreq(&lifr, &laddr, &mask); 1900 1901 /* This check is temporary until libipadm supports IPMP interfaces. */ 1902 if (ifconfig_use_libipadm(s, name)) { 1903 /* 1904 * We added the logical interface above before calling 1905 * ipadm_create_addr(), because, with IPH_LEGACY, we need 1906 * to do an addif for `ifconfig ce0 addif <addr>' but not for 1907 * `ifconfig ce0 <addr>'. libipadm does not have a flag to 1908 * to differentiate between these two cases. To keep it simple, 1909 * we always create the logical interface and pass it to 1910 * libipadm instead of requiring libipadm to addif for some 1911 * cases and not do addif for other cases. 1912 */ 1913 istatus = ipadm_create_addrobj(IPADM_ADDR_STATIC, name, 1914 &ipaddr); 1915 if (istatus != IPADM_SUCCESS) 1916 ipadmerr_exit(istatus, "addif"); 1917 1918 if (af == AF_INET) { 1919 sin = (struct sockaddr_in *)&laddr; 1920 (void) inet_ntop(AF_INET, &sin->sin_addr, addrstr, 1921 sizeof (addrstr)); 1922 } else { 1923 sin6 = (struct sockaddr_in6 *)&laddr; 1924 (void) inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr, 1925 sizeof (addrstr)); 1926 } 1927 /* 1928 * lifr.lifr_addr, which is updated by set_mask_lifreq() 1929 * will contain the right mask to use. 1930 */ 1931 prefixlen = mask2plen((struct sockaddr *)&lifr.lifr_addr); 1932 1933 (void) snprintf(cidraddr, sizeof (cidraddr), "%s/%d", 1934 addrstr, prefixlen); 1935 1936 istatus = ipadm_set_addr(ipaddr, cidraddr, af); 1937 1938 if (istatus != IPADM_SUCCESS) 1939 ipadmerr_exit(istatus, "could not set address"); 1940 setaddr++; 1941 /* 1942 * address will be set by the parser after nextarg 1943 * has been scanned 1944 */ 1945 return (0); 1946 } 1947 1948 /* 1949 * Only set the netmask if "netmask" command is used or a prefix is 1950 * provided. 1951 */ 1952 if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) { 1953 /* 1954 * lifr.lifr_addr already contains netmask from 1955 * set_mask_lifreq(). 1956 */ 1957 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1958 Perror0_exit("addif: SIOCSLIFNETMASK"); 1959 } 1960 1961 /* Finally, we set the interface address. */ 1962 lifr.lifr_addr = laddr; 1963 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1964 Perror0_exit("SIOCSLIFADDR"); 1965 1966 /* 1967 * let parser know we got a source. 1968 * Next address, if given, should be dest 1969 */ 1970 setaddr++; 1971 return (0); 1972 } 1973 1974 /* 1975 * Remove a logical interface based on its IP address. Unlike addif 1976 * there is no '/<n>' here. 1977 * Verifies that the interface is down before it is removed. 1978 */ 1979 /* ARGSUSED */ 1980 static int 1981 removeif(char *str, int64_t param) 1982 { 1983 struct sockaddr_storage laddr; 1984 ipadm_status_t istatus; 1985 ipadm_addr_info_t *ainfo, *ainfop; 1986 1987 if (strchr(name, ':') != NULL) { 1988 (void) fprintf(stderr, 1989 "ifconfig: removeif: bad physical interface name %s\n", 1990 name); 1991 exit(1); 1992 } 1993 1994 (*afp->af_getaddr)(str, &laddr, NULL); 1995 1996 /* 1997 * Following check is temporary until libipadm supports 1998 * IPMP interfaces. 1999 */ 2000 if (!ifconfig_use_libipadm(s, name)) 2001 goto delete; 2002 2003 /* 2004 * Get all addresses and search this address among the active 2005 * addresses. If an address object was found, delete using 2006 * ipadm_delete_addr(). 2007 */ 2008 istatus = ipadm_addr_info(iph, name, &ainfo, 0, LIFC_DEFAULT); 2009 if (istatus != IPADM_SUCCESS) 2010 ipadmerr_exit(istatus, "removeif"); 2011 2012 for (ainfop = ainfo; ainfop != NULL; ainfop = IA_NEXT(ainfop)) 2013 if (sockaddrcmp( 2014 (struct sockaddr_storage *)ainfop->ia_ifa.ifa_addr, &laddr)) 2015 break; 2016 2017 if (ainfop != NULL) { 2018 if (strchr(ainfop->ia_ifa.ifa_name, ':') == NULL) { 2019 (void) fprintf(stderr, 2020 "ifconfig: removeif: cannot remove interface: %s\n", 2021 name); 2022 exit(1); 2023 } 2024 if (ainfop->ia_aobjname[0] != '\0') { 2025 istatus = ipadm_delete_addr(iph, ainfop->ia_aobjname, 2026 IPADM_OPT_ACTIVE); 2027 if (istatus != IPADM_SUCCESS) { 2028 ipadmerr_exit(istatus, 2029 "could not delete address"); 2030 } 2031 ipadm_free_addr_info(ainfo); 2032 return (0); 2033 } 2034 } 2035 ipadm_free_addr_info(ainfo); 2036 2037 delete: 2038 /* 2039 * An address object for this address was not found in ipadm. 2040 * Delete with SIOCLIFREMOVEIF. 2041 */ 2042 lifr.lifr_addr = laddr; 2043 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2044 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) { 2045 if (errno == EBUSY) { 2046 /* This can only happen if ipif_id = 0 */ 2047 (void) fprintf(stderr, 2048 "ifconfig: removeif: cannot remove interface: %s\n", 2049 name); 2050 exit(1); 2051 } 2052 Perror0_exit("removeif: SIOCLIFREMOVEIF"); 2053 } 2054 return (0); 2055 } 2056 2057 /* 2058 * Set the address token for IPv6. 2059 */ 2060 /* ARGSUSED */ 2061 static int 2062 setiftoken(char *addr, int64_t param) 2063 { 2064 int prefixlen = 0; 2065 struct sockaddr_in6 token; 2066 2067 in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen); 2068 switch (prefixlen) { 2069 case NO_PREFIX: 2070 (void) fprintf(stderr, 2071 "ifconfig: Missing prefix length in subnet %s\n", addr); 2072 exit(1); 2073 /* NOTREACHED */ 2074 case BAD_ADDR: 2075 (void) fprintf(stderr, 2076 "ifconfig: Bad prefix length in %s\n", addr); 2077 exit(1); 2078 default: 2079 break; 2080 } 2081 (void) memcpy(&lifr.lifr_addr, &token, sizeof (token)); 2082 lifr.lifr_addrlen = prefixlen; 2083 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2084 if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0) { 2085 Perror0_exit("setiftoken: SIOCSLIFTOKEN"); 2086 } 2087 return (0); 2088 } 2089 2090 /* ARGSUSED */ 2091 static int 2092 setifgroupname(char *grname, int64_t param) 2093 { 2094 lifgroupinfo_t lifgr; 2095 struct lifreq lifrl; 2096 ifaddrlistx_t *ifaddrp, *nextifaddrp; 2097 ifaddrlistx_t *ifaddrs = NULL, *downaddrs = NULL; 2098 int af; 2099 2100 if (debug) { 2101 (void) printf("Setting groupname %s on interface %s\n", 2102 grname, name); 2103 } 2104 2105 (void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ); 2106 (void) strlcpy(lifrl.lifr_groupname, grname, LIFGRNAMSIZ); 2107 2108 while (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) { 2109 switch (errno) { 2110 case ENOENT: 2111 /* 2112 * The group doesn't yet exist; create it and repeat. 2113 */ 2114 af = afp->af_af; 2115 if (create_ipmp(grname, af, NULL, _B_TRUE) == -1) { 2116 if (errno == EEXIST) 2117 continue; 2118 2119 Perror2(grname, "cannot create IPMP group"); 2120 goto fail; 2121 } 2122 continue; 2123 2124 case EALREADY: 2125 /* 2126 * The interface is already in another group; must 2127 * remove existing membership first. 2128 */ 2129 lifrl.lifr_groupname[0] = '\0'; 2130 if (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) { 2131 Perror2(name, "cannot remove existing " 2132 "IPMP group membership"); 2133 goto fail; 2134 } 2135 (void) strlcpy(lifrl.lifr_groupname, grname, 2136 LIFGRNAMSIZ); 2137 continue; 2138 2139 case EAFNOSUPPORT: 2140 /* 2141 * The group exists, but it's not configured with the 2142 * address families the interface needs. Since only 2143 * two address families are currently supported, just 2144 * configure the "other" address family. Note that we 2145 * may race with group deletion or creation by another 2146 * process (ENOENT or EEXIST); in such cases we repeat 2147 * our original SIOCSLIFGROUPNAME. 2148 */ 2149 (void) strlcpy(lifgr.gi_grname, grname, LIFGRNAMSIZ); 2150 if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) { 2151 if (errno == ENOENT) 2152 continue; 2153 2154 Perror2(grname, "SIOCGLIFGROUPINFO"); 2155 goto fail; 2156 } 2157 2158 af = lifgr.gi_v4 ? AF_INET6 : AF_INET; 2159 if (create_ipmp(grname, af, lifgr.gi_grifname, 2160 _B_TRUE) == -1) { 2161 if (errno == EEXIST) 2162 continue; 2163 2164 Perror2(grname, "cannot configure IPMP group"); 2165 goto fail; 2166 } 2167 continue; 2168 2169 case EADDRINUSE: 2170 /* 2171 * Some addresses are in-use (or under control of DAD). 2172 * Bring them down and retry the group join operation. 2173 * We will bring them back up after the interface has 2174 * been placed in the group. 2175 */ 2176 if (ifaddrlistx(lifrl.lifr_name, IFF_UP|IFF_DUPLICATE, 2177 0, &ifaddrs) == -1) { 2178 Perror2(grname, "cannot get address list"); 2179 goto fail; 2180 } 2181 2182 ifaddrp = ifaddrs; 2183 for (; ifaddrp != NULL; ifaddrp = nextifaddrp) { 2184 if (!ifaddr_down(ifaddrp)) { 2185 ifaddrs = ifaddrp; 2186 goto fail; 2187 } 2188 nextifaddrp = ifaddrp->ia_next; 2189 ifaddrp->ia_next = downaddrs; 2190 downaddrs = ifaddrp; 2191 } 2192 ifaddrs = NULL; 2193 continue; 2194 2195 case EADDRNOTAVAIL: { 2196 /* 2197 * Some data addresses are under application control. 2198 * For some of these (e.g., ADDRCONF), the application 2199 * should remove the address, in which case we retry a 2200 * few times (since the application's action is not 2201 * atomic with respect to us) before bailing out and 2202 * informing the user. 2203 */ 2204 int ntries, nappaddr = 0; 2205 const if_appflags_t *iap = if_appflags_tbl; 2206 2207 for (; iap->ia_app != NULL; iap++) { 2208 ntries = 0; 2209 again: 2210 if (ifaddrlistx(lifrl.lifr_name, iap->ia_flag, 2211 IFF_NOFAILOVER, &ifaddrs) == -1) { 2212 (void) fprintf(stderr, "ifconfig: %s: " 2213 "cannot get data addresses managed " 2214 "by %s\n", lifrl.lifr_name, 2215 iap->ia_app); 2216 goto fail; 2217 } 2218 2219 if (ifaddrs == NULL) 2220 continue; 2221 2222 ifaddrlistx_free(ifaddrs); 2223 ifaddrs = NULL; 2224 2225 if (++ntries < iap->ia_tries) { 2226 (void) poll(NULL, 0, 100); 2227 goto again; 2228 } 2229 2230 (void) fprintf(stderr, "ifconfig: cannot join " 2231 "IPMP group: %s has data addresses managed " 2232 "by %s\n", lifrl.lifr_name, iap->ia_app); 2233 nappaddr++; 2234 } 2235 if (nappaddr > 0) 2236 goto fail; 2237 continue; 2238 } 2239 default: 2240 Perror2(name, "SIOCSLIFGROUPNAME"); 2241 goto fail; 2242 } 2243 } 2244 2245 /* 2246 * If the interface being moved is under the control of `ipmgmtd(1M)' 2247 * dameon then we should inform the daemon about this move, so that 2248 * the daemon can delete the state associated with this interface. 2249 * 2250 * This workaround is needed until the IPMP support in ipadm(1M). 2251 */ 2252 ipadm_if_move(iph, name); 2253 2254 /* 2255 * If there were addresses that we had to bring down, it's time to 2256 * bring them up again. As part of bringing them up, the kernel will 2257 * automatically move them to the new IPMP interface. 2258 */ 2259 for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 2260 if (!ifaddr_up(ifaddrp) && errno != ENXIO) { 2261 (void) fprintf(stderr, "ifconfig: cannot bring back up " 2262 "%s: %s\n", ifaddrp->ia_name, strerror(errno)); 2263 } 2264 } 2265 ifaddrlistx_free(downaddrs); 2266 return (0); 2267 fail: 2268 /* 2269 * Attempt to bring back up any interfaces that we downed. 2270 */ 2271 for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 2272 if (!ifaddr_up(ifaddrp) && errno != ENXIO) { 2273 (void) fprintf(stderr, "ifconfig: cannot bring back up " 2274 "%s: %s\n", ifaddrp->ia_name, strerror(errno)); 2275 } 2276 } 2277 ifaddrlistx_free(downaddrs); 2278 ifaddrlistx_free(ifaddrs); 2279 2280 /* 2281 * We'd return -1, but foreachinterface() doesn't propagate the error 2282 * into the exit status, so we're forced to explicitly exit(). 2283 */ 2284 exit(1); 2285 /* NOTREACHED */ 2286 } 2287 2288 static boolean_t 2289 modcheck(const char *ifname) 2290 { 2291 (void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2292 2293 if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) { 2294 Perror0("SIOCGLIFFLAGS"); 2295 return (_B_FALSE); 2296 } 2297 2298 if (lifr.lifr_flags & IFF_IPMP) { 2299 (void) fprintf(stderr, "ifconfig: %s: module operations not" 2300 " supported on IPMP interfaces\n", ifname); 2301 return (_B_FALSE); 2302 } 2303 if (lifr.lifr_flags & IFF_VIRTUAL) { 2304 (void) fprintf(stderr, "ifconfig: %s: module operations not" 2305 " supported on virtual IP interfaces\n", ifname); 2306 return (_B_FALSE); 2307 } 2308 return (_B_TRUE); 2309 } 2310 2311 /* 2312 * To list all the modules above a given network interface. 2313 */ 2314 /* ARGSUSED */ 2315 static int 2316 modlist(char *null, int64_t param) 2317 { 2318 int muxid_fd; 2319 int muxfd; 2320 int ipfd_lowstr; 2321 int arpfd_lowstr; 2322 int num_mods; 2323 int i; 2324 struct str_list strlist; 2325 int orig_arpid; 2326 2327 /* 2328 * We'd return -1, but foreachinterface() doesn't propagate the error 2329 * into the exit status, so we're forced to explicitly exit(). 2330 */ 2331 if (!modcheck(name)) 2332 exit(1); 2333 2334 if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr, 2335 &orig_arpid) < 0) { 2336 return (-1); 2337 } 2338 if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) { 2339 Perror0("cannot I_LIST to get the number of modules"); 2340 } else { 2341 if (debug > 0) { 2342 (void) printf("Listing (%d) modules above %s\n", 2343 num_mods, name); 2344 } 2345 2346 strlist.sl_nmods = num_mods; 2347 strlist.sl_modlist = malloc(sizeof (struct str_mlist) * 2348 num_mods); 2349 if (strlist.sl_modlist == NULL) { 2350 Perror0("cannot malloc"); 2351 } else { 2352 if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) { 2353 Perror0("cannot I_LIST for module names"); 2354 } else { 2355 for (i = 0; i < strlist.sl_nmods; i++) { 2356 (void) printf("%d %s\n", i, 2357 strlist.sl_modlist[i].l_name); 2358 } 2359 } 2360 free(strlist.sl_modlist); 2361 } 2362 } 2363 return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr, 2364 orig_arpid)); 2365 } 2366 2367 #define MODINSERT_OP 'i' 2368 #define MODREMOVE_OP 'r' 2369 2370 /* 2371 * To insert a module to the stream of the interface. It is just a 2372 * wrapper. The real function is modop(). 2373 */ 2374 /* ARGSUSED */ 2375 static int 2376 modinsert(char *arg, int64_t param) 2377 { 2378 return (modop(arg, MODINSERT_OP)); 2379 } 2380 2381 /* 2382 * To remove a module from the stream of the interface. It is just a 2383 * wrapper. The real function is modop(). 2384 */ 2385 /* ARGSUSED */ 2386 static int 2387 modremove(char *arg, int64_t param) 2388 { 2389 return (modop(arg, MODREMOVE_OP)); 2390 } 2391 2392 /* 2393 * Helper function for mod*() functions. It gets a fd to the lower IP 2394 * stream and I_PUNLINK's the lower stream. It also initializes the 2395 * global variable lifr. 2396 * 2397 * Param: 2398 * int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK 2399 * int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID 2400 * int *ipfd_lowstr: fd to the lower IP stream. 2401 * int *arpfd_lowstr: fd to the lower ARP stream. 2402 * 2403 * Return: 2404 * -1 if operation fails, 0 otherwise. 2405 * 2406 * Please see the big block comment above ifplumb() for the logic of the 2407 * PLINK/PUNLINK 2408 */ 2409 static int 2410 ip_domux2fd(int *muxfd, int *muxid_fd, int *ipfd_lowstr, int *arpfd_lowstr, 2411 int *orig_arpid) 2412 { 2413 uint64_t flags; 2414 char *udp_dev_name; 2415 2416 *orig_arpid = 0; 2417 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2418 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2419 Perror0_exit("status: SIOCGLIFFLAGS"); 2420 } 2421 flags = lifr.lifr_flags; 2422 if (flags & IFF_IPV4) { 2423 udp_dev_name = UDP_DEV_NAME; 2424 } else if (flags & IFF_IPV6) { 2425 udp_dev_name = UDP6_DEV_NAME; 2426 } else { 2427 return (-1); 2428 } 2429 2430 if ((*muxid_fd = open(udp_dev_name, O_RDWR)) < 0) { 2431 Perror2("open", udp_dev_name); 2432 return (-1); 2433 } 2434 if (ioctl(*muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 2435 Perror2("SIOCGLIFMUXID", udp_dev_name); 2436 return (-1); 2437 } 2438 if (debug > 0) { 2439 (void) printf("ARP_muxid %d IP_muxid %d\n", 2440 lifr.lifr_arp_muxid, lifr.lifr_ip_muxid); 2441 } 2442 2443 /* 2444 * Use /dev/udp{,6} as the mux to avoid linkcycles. 2445 */ 2446 if (ipadm_open_arp_on_udp(udp_dev_name, muxfd) != IPADM_SUCCESS) 2447 return (-1); 2448 2449 if (lifr.lifr_arp_muxid != 0) { 2450 if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2451 lifr.lifr_arp_muxid)) < 0) { 2452 if ((errno == EINVAL) && 2453 (flags & (IFF_NOARP | IFF_IPV6))) { 2454 /* 2455 * Some plumbing utilities set the muxid to 2456 * -1 or some invalid value to signify that 2457 * there is no arp stream. Set the muxid to 0 2458 * before trying to unplumb the IP stream. 2459 * IP does not allow the IP stream to be 2460 * unplumbed if it sees a non-null arp muxid, 2461 * for consistency of IP-ARP streams. 2462 */ 2463 *orig_arpid = lifr.lifr_arp_muxid; 2464 lifr.lifr_arp_muxid = 0; 2465 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, 2466 (caddr_t)&lifr); 2467 *arpfd_lowstr = -1; 2468 } else { 2469 Perror0("_I_MUXID2FD"); 2470 return (-1); 2471 } 2472 } else if (ioctl(*muxfd, I_PUNLINK, 2473 lifr.lifr_arp_muxid) < 0) { 2474 Perror2("I_PUNLINK", udp_dev_name); 2475 return (-1); 2476 } 2477 } else { 2478 *arpfd_lowstr = -1; 2479 } 2480 2481 if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2482 lifr.lifr_ip_muxid)) < 0) { 2483 Perror0("_I_MUXID2FD"); 2484 /* Undo any changes we made */ 2485 if (*orig_arpid != 0) { 2486 lifr.lifr_arp_muxid = *orig_arpid; 2487 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2488 } 2489 return (-1); 2490 } 2491 if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) { 2492 Perror2("I_PUNLINK", udp_dev_name); 2493 /* Undo any changes we made */ 2494 if (*orig_arpid != 0) { 2495 lifr.lifr_arp_muxid = *orig_arpid; 2496 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2497 } 2498 return (-1); 2499 } 2500 return (0); 2501 } 2502 2503 /* 2504 * Helper function for mod*() functions. It I_PLINK's back the upper and 2505 * lower IP streams. Note that this function must be called after 2506 * ip_domux2fd(). In ip_domux2fd(), the global variable lifr is initialized 2507 * and ip_plink() needs information in lifr. So ip_domux2fd() and ip_plink() 2508 * must be called in pairs. 2509 * 2510 * Param: 2511 * int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK 2512 * int muxid_fd: fd to /dev/udp{,6} for LIFMUXID 2513 * int ipfd_lowstr: fd to the lower IP stream. 2514 * int arpfd_lowstr: fd to the lower ARP stream. 2515 * 2516 * Return: 2517 * -1 if operation fails, 0 otherwise. 2518 * 2519 * Please see the big block comment above ifplumb() for the logic of the 2520 * PLINK/PUNLINK 2521 */ 2522 static int 2523 ip_plink(int muxfd, int muxid_fd, int ipfd_lowstr, int arpfd_lowstr, 2524 int orig_arpid) 2525 { 2526 int ip_muxid; 2527 2528 ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr); 2529 if (ip_muxid < 0) { 2530 Perror2("I_PLINK", UDP_DEV_NAME); 2531 return (-1); 2532 } 2533 2534 /* 2535 * If there is an arp stream, plink it. If there is no 2536 * arp stream, then it is possible that the plumbing 2537 * utility could have stored any value in the arp_muxid. 2538 * If so, restore it from orig_arpid. 2539 */ 2540 if (arpfd_lowstr != -1) { 2541 if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) { 2542 Perror2("I_PLINK", UDP_DEV_NAME); 2543 return (-1); 2544 } 2545 } else if (orig_arpid != 0) { 2546 /* Undo the changes we did in ip_domux2fd */ 2547 lifr.lifr_arp_muxid = orig_arpid; 2548 lifr.lifr_ip_muxid = ip_muxid; 2549 (void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2550 } 2551 2552 (void) close(muxfd); 2553 (void) close(muxid_fd); 2554 return (0); 2555 } 2556 2557 /* 2558 * The real function to perform module insertion/removal. 2559 * 2560 * Param: 2561 * char *arg: the argument string module_name@position 2562 * char op: operation, either MODINSERT_OP or MODREMOVE_OP. 2563 * 2564 * Return: 2565 * Before doing ip_domux2fd(), this function calls exit(1) in case of 2566 * error. After ip_domux2fd() is done, it returns -1 for error, 0 2567 * otherwise. 2568 */ 2569 static int 2570 modop(char *arg, char op) 2571 { 2572 char *pos_p; 2573 int muxfd; 2574 int muxid_fd; 2575 int ipfd_lowstr; /* IP stream (lower stream of mux) to be plinked */ 2576 int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */ 2577 struct strmodconf mod; 2578 char *at_char = "@"; 2579 char *arg_str; 2580 int orig_arpid; 2581 2582 /* 2583 * We'd return -1, but foreachinterface() doesn't propagate the error 2584 * into the exit status, so we're forced to explicitly exit(). 2585 */ 2586 if (!modcheck(name)) 2587 exit(1); 2588 2589 /* Need to save the original string for -a option. */ 2590 if ((arg_str = malloc(strlen(arg) + 1)) == NULL) { 2591 Perror0("cannot malloc"); 2592 return (-1); 2593 } 2594 (void) strcpy(arg_str, arg); 2595 2596 if (*arg_str == *at_char) { 2597 (void) fprintf(stderr, 2598 "ifconfig: must supply a module name\n"); 2599 exit(1); 2600 } 2601 mod.mod_name = strtok(arg_str, at_char); 2602 if (strlen(mod.mod_name) > FMNAMESZ) { 2603 (void) fprintf(stderr, "ifconfig: module name too long: %s\n", 2604 mod.mod_name); 2605 exit(1); 2606 } 2607 2608 /* 2609 * Need to make sure that the core TCP/IP stack modules are not 2610 * removed. Otherwise, "bad" things can happen. If a module 2611 * is removed and inserted back, it loses its old state. But 2612 * the modules above it still have the old state. E.g. IP assumes 2613 * fast data path while tunnel after re-inserted assumes that it can 2614 * receive M_DATA only in fast data path for which it does not have 2615 * any state. This is a general caveat of _I_REMOVE/_I_INSERT. 2616 */ 2617 if (op == MODREMOVE_OP && 2618 (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 || 2619 strcmp(mod.mod_name, IP_MOD_NAME) == 0)) { 2620 (void) fprintf(stderr, "ifconfig: cannot remove %s\n", 2621 mod.mod_name); 2622 exit(1); 2623 } 2624 2625 if ((pos_p = strtok(NULL, at_char)) == NULL) { 2626 (void) fprintf(stderr, "ifconfig: must supply a position\n"); 2627 exit(1); 2628 } 2629 mod.pos = atoi(pos_p); 2630 2631 if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr, 2632 &orig_arpid) < 0) { 2633 free(arg_str); 2634 return (-1); 2635 } 2636 switch (op) { 2637 case MODINSERT_OP: 2638 if (debug > 0) { 2639 (void) printf("Inserting module %s at %d\n", 2640 mod.mod_name, mod.pos); 2641 } 2642 if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) { 2643 Perror2("fail to insert module", mod.mod_name); 2644 } 2645 break; 2646 case MODREMOVE_OP: 2647 if (debug > 0) { 2648 (void) printf("Removing module %s at %d\n", 2649 mod.mod_name, mod.pos); 2650 } 2651 if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) { 2652 Perror2("fail to remove module", mod.mod_name); 2653 } 2654 break; 2655 default: 2656 /* Should never get to here. */ 2657 (void) fprintf(stderr, "Unknown operation\n"); 2658 break; 2659 } 2660 free(arg_str); 2661 return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr, 2662 orig_arpid)); 2663 } 2664 2665 static int 2666 modify_tun(iptun_params_t *params) 2667 { 2668 dladm_status_t status; 2669 2670 if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, 2671 ¶ms->iptun_param_linkid)) == DLADM_STATUS_OK) 2672 status = dladm_iptun_modify(dlh, params, DLADM_OPT_ACTIVE); 2673 if (status != DLADM_STATUS_OK) 2674 dladmerr_exit(status, name); 2675 return (0); 2676 } 2677 2678 /* 2679 * Set tunnel source address 2680 */ 2681 /* ARGSUSED */ 2682 static int 2683 setiftsrc(char *addr, int64_t param) 2684 { 2685 iptun_params_t params; 2686 2687 params.iptun_param_flags = IPTUN_PARAM_LADDR; 2688 (void) strlcpy(params.iptun_param_laddr, addr, 2689 sizeof (params.iptun_param_laddr)); 2690 return (modify_tun(¶ms)); 2691 } 2692 2693 /* 2694 * Set tunnel destination address 2695 */ 2696 /* ARGSUSED */ 2697 static int 2698 setiftdst(char *addr, int64_t param) 2699 { 2700 iptun_params_t params; 2701 2702 params.iptun_param_flags = IPTUN_PARAM_RADDR; 2703 (void) strlcpy(params.iptun_param_raddr, addr, 2704 sizeof (params.iptun_param_raddr)); 2705 return (modify_tun(¶ms)); 2706 } 2707 2708 static int 2709 set_tun_prop(const char *propname, char *value) 2710 { 2711 dladm_status_t status; 2712 datalink_id_t linkid; 2713 2714 status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid); 2715 if (status == DLADM_STATUS_OK) { 2716 status = dladm_set_linkprop(dlh, linkid, propname, &value, 1, 2717 DLADM_OPT_ACTIVE); 2718 } 2719 if (status != DLADM_STATUS_OK) 2720 dladmerr_exit(status, name); 2721 return (0); 2722 } 2723 2724 /* Set tunnel encapsulation limit. */ 2725 /* ARGSUSED */ 2726 static int 2727 set_tun_encap_limit(char *arg, int64_t param) 2728 { 2729 return (set_tun_prop("encaplimit", arg)); 2730 } 2731 2732 /* Disable encapsulation limit. */ 2733 /* ARGSUSED */ 2734 static int 2735 clr_tun_encap_limit(char *arg, int64_t param) 2736 { 2737 return (set_tun_encap_limit("-1", 0)); 2738 } 2739 2740 /* Set tunnel hop limit. */ 2741 /* ARGSUSED */ 2742 static int 2743 set_tun_hop_limit(char *arg, int64_t param) 2744 { 2745 return (set_tun_prop("hoplimit", arg)); 2746 } 2747 2748 /* Set zone ID */ 2749 static int 2750 setzone(char *arg, int64_t param) 2751 { 2752 zoneid_t zoneid = GLOBAL_ZONEID; 2753 2754 if (param == NEXTARG) { 2755 /* zone must be active */ 2756 if ((zoneid = getzoneidbyname(arg)) == -1) { 2757 (void) fprintf(stderr, 2758 "ifconfig: unknown zone '%s'\n", arg); 2759 exit(1); 2760 } 2761 } 2762 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2763 lifr.lifr_zoneid = zoneid; 2764 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2765 Perror0_exit("SIOCSLIFZONE"); 2766 return (0); 2767 } 2768 2769 /* Put interface into all zones */ 2770 /* ARGSUSED */ 2771 static int 2772 setallzones(char *arg, int64_t param) 2773 { 2774 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2775 lifr.lifr_zoneid = ALL_ZONES; 2776 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2777 Perror0_exit("SIOCSLIFZONE"); 2778 return (0); 2779 } 2780 2781 /* Set source address to use */ 2782 /* ARGSUSED */ 2783 static int 2784 setifsrc(char *arg, int64_t param) 2785 { 2786 uint_t ifindex = 0; 2787 int rval; 2788 2789 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2790 2791 /* 2792 * Argument can be either an interface name or "none". The latter means 2793 * that any previous selection is cleared. 2794 */ 2795 2796 if (strchr(arg, ':') != NULL) { 2797 (void) fprintf(stderr, 2798 "ifconfig: Cannot specify logical interface for usesrc \n"); 2799 exit(1); 2800 } 2801 2802 rval = strcmp(arg, NONE_STR); 2803 if (rval != 0) { 2804 if ((ifindex = if_nametoindex(arg)) == 0) { 2805 (void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ); 2806 Perror0_exit("Could not get interface index"); 2807 } 2808 lifr.lifr_index = ifindex; 2809 } else { 2810 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0) 2811 Perror0_exit("Not a valid usesrc consumer"); 2812 lifr.lifr_index = 0; 2813 } 2814 2815 if (debug) 2816 (void) printf("setifsrc: lifr_name %s, lifr_index %d\n", 2817 lifr.lifr_name, lifr.lifr_index); 2818 2819 if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) { 2820 if (rval == 0) 2821 Perror0_exit("Cannot reset usesrc group"); 2822 else 2823 Perror0_exit("Could not set source interface"); 2824 } 2825 2826 return (0); 2827 } 2828 2829 /* 2830 * Print the interface status line associated with `ifname' 2831 */ 2832 static void 2833 ifstatus(const char *ifname) 2834 { 2835 uint64_t flags; 2836 char if_usesrc_name[LIFNAMSIZ]; 2837 char *newbuf; 2838 int n, numifs, rval = 0; 2839 struct lifreq *lifrp; 2840 struct lifsrcof lifs; 2841 2842 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2843 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2844 Perror0_exit("status: SIOCGLIFFLAGS"); 2845 } 2846 flags = lifr.lifr_flags; 2847 2848 /* 2849 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or 2850 * interfaces with IFF_IPV6 set. 2851 */ 2852 if (v4compat) { 2853 flags &= ~IFF_IPV4; 2854 if (flags & IFF_IPV6) 2855 return; 2856 } 2857 2858 (void) printf("%s: ", ifname); 2859 print_flags(flags); 2860 2861 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2862 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 2863 Perror0_exit("status: SIOCGLIFMETRIC"); 2864 } else { 2865 if (lifr.lifr_metric) 2866 (void) printf(" metric %d", lifr.lifr_metric); 2867 } 2868 if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 2869 (void) printf(" mtu %u", lifr.lifr_mtu); 2870 2871 /* don't print index or zone when in compatibility mode */ 2872 if (!v4compat) { 2873 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 2874 (void) printf(" index %d", lifr.lifr_index); 2875 /* 2876 * Stack instances use GLOBAL_ZONEID for IP data structures 2877 * even in the non-global zone. 2878 */ 2879 if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 && 2880 lifr.lifr_zoneid != getzoneid() && 2881 lifr.lifr_zoneid != GLOBAL_ZONEID) { 2882 char zone_name[ZONENAME_MAX]; 2883 2884 if (lifr.lifr_zoneid == ALL_ZONES) { 2885 (void) printf("\n\tall-zones"); 2886 } else if (getzonenamebyid(lifr.lifr_zoneid, zone_name, 2887 sizeof (zone_name)) < 0) { 2888 (void) printf("\n\tzone %d", lifr.lifr_zoneid); 2889 } else { 2890 (void) printf("\n\tzone %s", zone_name); 2891 } 2892 } 2893 } 2894 2895 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) { 2896 lifs.lifs_ifindex = lifr.lifr_index; 2897 2898 /* 2899 * Find the number of interfaces that use this interfaces' 2900 * address as a source address 2901 */ 2902 lifs.lifs_buf = NULL; 2903 lifs.lifs_maxlen = 0; 2904 for (;;) { 2905 /* The first pass will give the bufsize we need */ 2906 rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs); 2907 if (rval < 0) { 2908 if (lifs.lifs_buf != NULL) { 2909 free(lifs.lifs_buf); 2910 lifs.lifs_buf = NULL; 2911 } 2912 lifs.lifs_len = 0; 2913 break; 2914 } 2915 if (lifs.lifs_len <= lifs.lifs_maxlen) 2916 break; 2917 /* Use kernel's size + a small margin to avoid loops */ 2918 lifs.lifs_maxlen = lifs.lifs_len + 2919 5 * sizeof (struct lifreq); 2920 /* For the first pass, realloc acts like malloc */ 2921 newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen); 2922 if (newbuf == NULL) { 2923 if (lifs.lifs_buf != NULL) { 2924 free(lifs.lifs_buf); 2925 lifs.lifs_buf = NULL; 2926 } 2927 lifs.lifs_len = 0; 2928 break; 2929 } 2930 lifs.lifs_buf = newbuf; 2931 } 2932 2933 2934 numifs = lifs.lifs_len / sizeof (struct lifreq); 2935 if (numifs > 0) { 2936 lifrp = lifs.lifs_req; 2937 (void) printf("\n\tsrcof"); 2938 for (n = numifs; n > 0; n--, lifrp++) { 2939 (void) printf(" %s", lifrp->lifr_name); 2940 } 2941 } 2942 2943 if (lifs.lifs_buf != NULL) 2944 free(lifs.lifs_buf); 2945 } 2946 2947 /* Find the interface whose source address this interface uses */ 2948 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 2949 if (lifr.lifr_index != 0) { 2950 if (if_indextoname(lifr.lifr_index, 2951 if_usesrc_name) == NULL) { 2952 (void) printf("\n\tusesrc ifIndex %d", 2953 lifr.lifr_index); 2954 } else { 2955 (void) printf("\n\tusesrc %s", if_usesrc_name); 2956 } 2957 } 2958 } 2959 2960 (void) putchar('\n'); 2961 } 2962 2963 /* 2964 * Print the status of the interface. If an address family was 2965 * specified, show it and it only; otherwise, show them all. 2966 */ 2967 static void 2968 status(void) 2969 { 2970 struct afswtch *p = afp; 2971 uint64_t flags; 2972 datalink_id_t linkid; 2973 2974 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2975 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2976 Perror0_exit("status: SIOCGLIFFLAGS"); 2977 } 2978 2979 flags = lifr.lifr_flags; 2980 2981 /* 2982 * Only print the interface status if the address family matches 2983 * the interface family flag. 2984 */ 2985 if (p != NULL) { 2986 if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) || 2987 ((p->af_af == AF_INET) && (flags & IFF_IPV6))) 2988 return; 2989 } 2990 2991 /* 2992 * In V4 compatibility mode, don't print IFF_IPV6 interfaces. 2993 */ 2994 if (v4compat && (flags & IFF_IPV6)) 2995 return; 2996 2997 ifstatus(name); 2998 2999 if (ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid) == 3000 DLADM_STATUS_OK) 3001 tun_status(linkid); 3002 3003 if (p != NULL) { 3004 (*p->af_status)(1, flags); 3005 } else { 3006 for (p = afs; p->af_name; p++) { 3007 /* set global af for use in p->af_status */ 3008 af = p->af_af; 3009 (*p->af_status)(0, flags); 3010 } 3011 3012 /* 3013 * Historically, 'ether' has been an address family, 3014 * so print it here. 3015 */ 3016 print_ifether(name); 3017 } 3018 } 3019 3020 /* 3021 * Print the status of the interface in a format that can be used to 3022 * reconfigure the interface later. Code stolen from status() above. 3023 */ 3024 /* ARGSUSED */ 3025 static int 3026 configinfo(char *null, int64_t param) 3027 { 3028 char *cp; 3029 struct afswtch *p = afp; 3030 uint64_t flags; 3031 char lifname[LIFNAMSIZ]; 3032 char if_usesrc_name[LIFNAMSIZ]; 3033 3034 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3035 3036 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 3037 Perror0_exit("status: SIOCGLIFFLAGS"); 3038 } 3039 flags = lifr.lifr_flags; 3040 3041 if (debug) { 3042 (void) printf("configinfo: name %s flags 0x%llx af_af %d\n", 3043 name, flags, p != NULL ? p->af_af : -1); 3044 } 3045 3046 /* 3047 * Build the interface name to print (we cannot directly use `name' 3048 * because one cannot "plumb" ":0" interfaces). 3049 */ 3050 (void) strlcpy(lifname, name, LIFNAMSIZ); 3051 if ((cp = strchr(lifname, ':')) != NULL && atoi(cp + 1) == 0) 3052 *cp = '\0'; 3053 3054 /* 3055 * if the interface is IPv4 3056 * if we have a IPv6 address family restriction return 3057 * so it won't print 3058 * if we are in IPv4 compatibility mode, clear out IFF_IPV4 3059 * so we don't print it. 3060 */ 3061 if (flags & IFF_IPV4) { 3062 if (p && p->af_af == AF_INET6) 3063 return (-1); 3064 if (v4compat) 3065 flags &= ~IFF_IPV4; 3066 3067 (void) printf("%s inet plumb", lifname); 3068 } else if (flags & IFF_IPV6) { 3069 /* 3070 * else if the interface is IPv6 3071 * if we have a IPv4 address family restriction return 3072 * or we are in IPv4 compatibiltiy mode, return. 3073 */ 3074 if (p && p->af_af == AF_INET) 3075 return (-1); 3076 if (v4compat) 3077 return (-1); 3078 3079 (void) printf("%s inet6 plumb", lifname); 3080 } 3081 3082 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3083 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 3084 Perror0_exit("configinfo: SIOCGLIFMETRIC"); 3085 } else { 3086 if (lifr.lifr_metric) 3087 (void) printf(" metric %d ", lifr.lifr_metric); 3088 } 3089 if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) && 3090 ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 3091 (void) printf(" mtu %u", lifr.lifr_mtu); 3092 3093 /* Index only applies to the zeroth interface */ 3094 if (lifnum(name) == 0) { 3095 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 3096 (void) printf(" index %d", lifr.lifr_index); 3097 } 3098 3099 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 3100 if (lifr.lifr_index != 0) { 3101 if (if_indextoname(lifr.lifr_index, 3102 if_usesrc_name) != NULL) { 3103 (void) printf(" usesrc %s", if_usesrc_name); 3104 } 3105 } 3106 } 3107 3108 if (p != NULL) { 3109 (*p->af_configinfo)(1, flags); 3110 } else { 3111 for (p = afs; p->af_name; p++) { 3112 (void) close(s); 3113 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 3114 /* set global af for use in p->af_configinfo */ 3115 af = p->af_af; 3116 if (s == -1) { 3117 Perror0_exit("socket"); 3118 } 3119 (*p->af_configinfo)(0, flags); 3120 } 3121 } 3122 3123 (void) putchar('\n'); 3124 return (0); 3125 } 3126 3127 static void 3128 print_tsec(iptun_params_t *params) 3129 { 3130 ipsec_req_t *ipsr; 3131 3132 (void) printf("\ttunnel security settings "); 3133 if (!(params->iptun_param_flags & IPTUN_PARAM_SECINFO)) { 3134 (void) printf("--> use 'ipsecconf -ln -i %s'", name); 3135 } else { 3136 ipsr = ¶ms->iptun_param_secinfo; 3137 if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) { 3138 (void) printf("ah (%s) ", 3139 rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH)); 3140 } 3141 if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) { 3142 (void) printf("esp (%s", 3143 rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP)); 3144 (void) printf("/%s)", 3145 rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH)); 3146 } 3147 } 3148 (void) printf("\n"); 3149 } 3150 3151 static void 3152 tun_status(datalink_id_t linkid) 3153 { 3154 iptun_params_t params; 3155 char propval[DLADM_PROP_VAL_MAX]; 3156 char *valptr[1]; 3157 uint_t valcnt = 1; 3158 boolean_t tabbed = _B_FALSE; 3159 3160 params.iptun_param_linkid = linkid; 3161 3162 /* If dladm_iptun_getparams() fails, assume we are not a tunnel. */ 3163 assert(dlh_opened); 3164 if (dladm_iptun_getparams(dlh, ¶ms, DLADM_OPT_ACTIVE) != 3165 DLADM_STATUS_OK) 3166 return; 3167 3168 switch (params.iptun_param_type) { 3169 case IPTUN_TYPE_IPV4: 3170 case IPTUN_TYPE_6TO4: 3171 (void) printf("\tinet"); 3172 break; 3173 case IPTUN_TYPE_IPV6: 3174 (void) printf("\tinet6"); 3175 break; 3176 default: 3177 dladmerr_exit(DLADM_STATUS_IPTUNTYPE, name); 3178 break; 3179 } 3180 3181 /* 3182 * There is always a source address. If it hasn't been explicitly 3183 * set, the API will pass back a buffer containing the unspecified 3184 * address. 3185 */ 3186 (void) printf(" tunnel src %s ", params.iptun_param_laddr); 3187 3188 if (params.iptun_param_flags & IPTUN_PARAM_RADDR) 3189 (void) printf("tunnel dst %s\n", params.iptun_param_raddr); 3190 else 3191 (void) putchar('\n'); 3192 3193 if (params.iptun_param_flags & IPTUN_PARAM_IPSECPOL) 3194 print_tsec(¶ms); 3195 3196 valptr[0] = propval; 3197 if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT, "hoplimit", 3198 (char **)valptr, &valcnt) == DLADM_STATUS_OK) { 3199 (void) printf("\ttunnel hop limit %s ", propval); 3200 tabbed = _B_TRUE; 3201 } 3202 3203 if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT, 3204 "encaplimit", (char **)valptr, &valcnt) == DLADM_STATUS_OK) { 3205 uint32_t elim; 3206 3207 if (!tabbed) { 3208 (void) putchar('\t'); 3209 tabbed = _B_TRUE; 3210 } 3211 elim = strtol(propval, NULL, 10); 3212 if (elim > 0) 3213 (void) printf("tunnel encapsulation limit %s", propval); 3214 else 3215 (void) printf("tunnel encapsulation limit disabled"); 3216 } 3217 3218 if (tabbed) 3219 (void) putchar('\n'); 3220 } 3221 3222 static void 3223 in_status(int force, uint64_t flags) 3224 { 3225 struct sockaddr_in *sin, *laddr; 3226 struct sockaddr_in netmask = { AF_INET }; 3227 3228 if (debug) 3229 (void) printf("in_status(%s) flags 0x%llx\n", name, flags); 3230 3231 /* only print status for IPv4 interfaces */ 3232 if (!(flags & IFF_IPV4)) 3233 return; 3234 3235 if (!(flags & IFF_NOLOCAL)) { 3236 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3237 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3238 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3239 errno == ENXIO) { 3240 if (!force) 3241 return; 3242 (void) memset(&lifr.lifr_addr, 0, 3243 sizeof (lifr.lifr_addr)); 3244 } else 3245 Perror0_exit("in_status: SIOCGLIFADDR"); 3246 } 3247 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3248 (void) printf("\tinet %s ", inet_ntoa(sin->sin_addr)); 3249 laddr = sin; 3250 } else { 3251 (void) printf("\tinet "); 3252 } 3253 3254 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3255 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3256 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3257 errno == ENXIO) { 3258 if (!force) 3259 return; 3260 (void) memset(&lifr.lifr_addr, 0, 3261 sizeof (lifr.lifr_addr)); 3262 } else { 3263 Perror0_exit("in_status: SIOCGLIFSUBNET"); 3264 } 3265 } 3266 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3267 if ((flags & IFF_NOLOCAL) || 3268 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3269 (void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr), 3270 lifr.lifr_addrlen); 3271 } 3272 if (sin->sin_family != AF_INET) { 3273 (void) printf("Wrong family: %d\n", sin->sin_family); 3274 } 3275 3276 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3277 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3278 if (errno != EADDRNOTAVAIL) 3279 Perror0_exit("in_status: SIOCGLIFNETMASK"); 3280 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3281 } else 3282 netmask.sin_addr = 3283 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3284 if (flags & IFF_POINTOPOINT) { 3285 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3286 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3287 if (errno == EADDRNOTAVAIL) 3288 (void) memset(&lifr.lifr_addr, 0, 3289 sizeof (lifr.lifr_addr)); 3290 else 3291 Perror0_exit("in_status: SIOCGLIFDSTADDR"); 3292 } 3293 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3294 (void) printf("--> %s ", inet_ntoa(sin->sin_addr)); 3295 } 3296 (void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr)); 3297 if (flags & IFF_BROADCAST) { 3298 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3299 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3300 if (errno == EADDRNOTAVAIL) 3301 (void) memset(&lifr.lifr_addr, 0, 3302 sizeof (lifr.lifr_addr)); 3303 else 3304 Perror0_exit("in_status: SIOCGLIFBRDADDR"); 3305 } 3306 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3307 if (sin->sin_addr.s_addr != 0) { 3308 (void) printf("broadcast %s", 3309 inet_ntoa(sin->sin_addr)); 3310 } 3311 } 3312 /* If there is a groupname, print it for only the physical interface */ 3313 if (strchr(name, ':') == NULL) { 3314 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3315 lifr.lifr_groupname[0] != '\0') { 3316 (void) printf("\n\tgroupname %s", lifr.lifr_groupname); 3317 } 3318 } 3319 (void) putchar('\n'); 3320 } 3321 3322 static void 3323 in6_status(int force, uint64_t flags) 3324 { 3325 char abuf[INET6_ADDRSTRLEN]; 3326 struct sockaddr_in6 *sin6, *laddr6; 3327 3328 if (debug) 3329 (void) printf("in6_status(%s) flags 0x%llx\n", name, flags); 3330 3331 if (!(flags & IFF_IPV6)) 3332 return; 3333 3334 if (!(flags & IFF_NOLOCAL)) { 3335 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3336 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3337 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3338 errno == ENXIO) { 3339 if (!force) 3340 return; 3341 (void) memset(&lifr.lifr_addr, 0, 3342 sizeof (lifr.lifr_addr)); 3343 } else 3344 Perror0_exit("in_status6: SIOCGLIFADDR"); 3345 } 3346 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3347 (void) printf("\tinet6 %s/%d ", 3348 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3349 abuf, sizeof (abuf)), 3350 lifr.lifr_addrlen); 3351 laddr6 = sin6; 3352 } else { 3353 (void) printf("\tinet6 "); 3354 } 3355 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3356 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3357 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3358 errno == ENXIO) { 3359 if (!force) 3360 return; 3361 (void) memset(&lifr.lifr_addr, 0, 3362 sizeof (lifr.lifr_addr)); 3363 } else 3364 Perror0_exit("in_status6: SIOCGLIFSUBNET"); 3365 } 3366 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3367 if ((flags & IFF_NOLOCAL) || 3368 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3369 (void) printf("subnet %s/%d ", 3370 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3371 abuf, sizeof (abuf)), 3372 lifr.lifr_addrlen); 3373 } 3374 if (sin6->sin6_family != AF_INET6) { 3375 (void) printf("Wrong family: %d\n", sin6->sin6_family); 3376 } 3377 if (flags & IFF_POINTOPOINT) { 3378 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3379 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3380 if (errno == EADDRNOTAVAIL) 3381 (void) memset(&lifr.lifr_addr, 0, 3382 sizeof (lifr.lifr_addr)); 3383 else 3384 Perror0_exit("in_status6: SIOCGLIFDSTADDR"); 3385 } 3386 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3387 (void) printf("--> %s ", 3388 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3389 abuf, sizeof (abuf))); 3390 } 3391 if (verbose) { 3392 (void) putchar('\n'); 3393 (void) putchar('\t'); 3394 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3395 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3396 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3397 (void) memset(&lifr.lifr_addr, 0, 3398 sizeof (lifr.lifr_addr)); 3399 else 3400 Perror0_exit("in_status6: SIOCGLIFTOKEN"); 3401 } else { 3402 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3403 (void) printf("token %s/%d ", 3404 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3405 abuf, sizeof (abuf)), 3406 lifr.lifr_addrlen); 3407 } 3408 if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) { 3409 if (errno != EINVAL) { 3410 Perror0_exit("in_status6: SIOCGLIFLNKINFO"); 3411 } 3412 } else { 3413 (void) printf("maxhops %u, reachtime %u ms, " 3414 "reachretrans %u ms, maxmtu %u ", 3415 lifr.lifr_ifinfo.lir_maxhops, 3416 lifr.lifr_ifinfo.lir_reachtime, 3417 lifr.lifr_ifinfo.lir_reachretrans, 3418 lifr.lifr_ifinfo.lir_maxmtu); 3419 } 3420 } 3421 /* If there is a groupname, print it for only the physical interface */ 3422 if (strchr(name, ':') == NULL) { 3423 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3424 lifr.lifr_groupname[0] != '\0') { 3425 (void) printf("\n\tgroupname %s", lifr.lifr_groupname); 3426 } 3427 } 3428 (void) putchar('\n'); 3429 } 3430 3431 static void 3432 in_configinfo(int force, uint64_t flags) 3433 { 3434 struct sockaddr_in *sin, *laddr; 3435 struct sockaddr_in netmask = { AF_INET }; 3436 3437 if (debug) 3438 (void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags); 3439 3440 /* only configinfo info for IPv4 interfaces */ 3441 if (!(flags & IFF_IPV4)) 3442 return; 3443 3444 if (!(flags & IFF_NOLOCAL)) { 3445 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3446 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3447 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3448 errno == ENXIO) { 3449 if (!force) 3450 return; 3451 (void) memset(&lifr.lifr_addr, 0, 3452 sizeof (lifr.lifr_addr)); 3453 } else 3454 Perror0_exit("in_configinfo: SIOCGLIFADDR"); 3455 } 3456 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3457 (void) printf(" set %s ", inet_ntoa(sin->sin_addr)); 3458 laddr = sin; 3459 } 3460 3461 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3462 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3463 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3464 errno == ENXIO) { 3465 if (!force) 3466 return; 3467 (void) memset(&lifr.lifr_addr, 0, 3468 sizeof (lifr.lifr_addr)); 3469 } else { 3470 Perror0_exit("in_configinfo: SIOCGLIFSUBNET"); 3471 } 3472 } 3473 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3474 3475 if ((flags & IFF_NOLOCAL) || 3476 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3477 (void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr), 3478 lifr.lifr_addrlen); 3479 } 3480 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3481 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3482 if (errno != EADDRNOTAVAIL) 3483 Perror0_exit("in_configinfo: SIOCGLIFNETMASK"); 3484 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3485 } else 3486 netmask.sin_addr = 3487 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3488 if (flags & IFF_POINTOPOINT) { 3489 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3490 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3491 if (errno == EADDRNOTAVAIL) 3492 (void) memset(&lifr.lifr_addr, 0, 3493 sizeof (lifr.lifr_addr)); 3494 else 3495 Perror0_exit("in_configinfo: SIOCGLIFDSTADDR"); 3496 } 3497 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3498 (void) printf(" destination %s ", inet_ntoa(sin->sin_addr)); 3499 } 3500 (void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr)); 3501 if (flags & IFF_BROADCAST) { 3502 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3503 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3504 if (errno == EADDRNOTAVAIL) 3505 (void) memset(&lifr.lifr_addr, 0, 3506 sizeof (lifr.lifr_addr)); 3507 else 3508 Perror0_exit("in_configinfo: SIOCGLIFBRDADDR"); 3509 } 3510 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3511 if (sin->sin_addr.s_addr != 0) { 3512 (void) printf(" broadcast %s ", 3513 inet_ntoa(sin->sin_addr)); 3514 } 3515 } 3516 3517 /* If there is a groupname, print it for only the zeroth interface */ 3518 if (lifnum(name) == 0) { 3519 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3520 lifr.lifr_groupname[0] != '\0') { 3521 (void) printf(" group %s ", lifr.lifr_groupname); 3522 } 3523 } 3524 3525 /* Print flags to configure */ 3526 print_config_flags(AF_INET, flags); 3527 } 3528 3529 static void 3530 in6_configinfo(int force, uint64_t flags) 3531 { 3532 char abuf[INET6_ADDRSTRLEN]; 3533 struct sockaddr_in6 *sin6, *laddr6; 3534 3535 if (debug) 3536 (void) printf("in6_configinfo(%s) flags 0x%llx\n", name, 3537 flags); 3538 3539 if (!(flags & IFF_IPV6)) 3540 return; 3541 3542 if (!(flags & IFF_NOLOCAL)) { 3543 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3544 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3545 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3546 errno == ENXIO) { 3547 if (!force) 3548 return; 3549 (void) memset(&lifr.lifr_addr, 0, 3550 sizeof (lifr.lifr_addr)); 3551 } else 3552 Perror0_exit("in6_configinfo: SIOCGLIFADDR"); 3553 } 3554 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3555 (void) printf(" set %s/%d ", 3556 inet_ntop(AF_INET6, &sin6->sin6_addr, abuf, sizeof (abuf)), 3557 lifr.lifr_addrlen); 3558 laddr6 = sin6; 3559 } 3560 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3561 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3562 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3563 errno == ENXIO) { 3564 if (!force) 3565 return; 3566 (void) memset(&lifr.lifr_addr, 0, 3567 sizeof (lifr.lifr_addr)); 3568 } else 3569 Perror0_exit("in6_configinfo: SIOCGLIFSUBNET"); 3570 } 3571 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3572 if ((flags & IFF_NOLOCAL) || 3573 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3574 (void) printf(" subnet %s/%d ", 3575 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3576 abuf, sizeof (abuf)), 3577 lifr.lifr_addrlen); 3578 } 3579 3580 if (flags & IFF_POINTOPOINT) { 3581 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3582 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3583 if (errno == EADDRNOTAVAIL) 3584 (void) memset(&lifr.lifr_addr, 0, 3585 sizeof (lifr.lifr_addr)); 3586 else 3587 Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR"); 3588 } 3589 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3590 (void) printf(" destination %s ", 3591 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3592 abuf, sizeof (abuf))); 3593 } 3594 3595 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3596 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3597 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3598 (void) memset(&lifr.lifr_addr, 0, 3599 sizeof (lifr.lifr_addr)); 3600 else 3601 Perror0_exit("in6_configinfo: SIOCGLIFTOKEN"); 3602 } else { 3603 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3604 (void) printf(" token %s/%d ", 3605 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3606 abuf, sizeof (abuf)), 3607 lifr.lifr_addrlen); 3608 } 3609 3610 /* If there is a groupname, print it for only the zeroth interface */ 3611 if (lifnum(name) == 0) { 3612 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3613 lifr.lifr_groupname[0] != '\0') { 3614 (void) printf(" group %s ", lifr.lifr_groupname); 3615 } 3616 } 3617 3618 /* Print flags to configure */ 3619 print_config_flags(AF_INET6, flags); 3620 } 3621 3622 /* 3623 * If this is a physical interface then remove it. 3624 * If it is a logical interface name use SIOCLIFREMOVEIF to 3625 * remove it. In both cases fail if it doesn't exist. 3626 */ 3627 /* ARGSUSED */ 3628 static int 3629 inetunplumb(char *arg, int64_t param) 3630 { 3631 ipadm_status_t istatus; 3632 3633 istatus = ipadm_delete_if(iph, name, afp->af_af, IPADM_OPT_ACTIVE); 3634 if (istatus != IPADM_SUCCESS) { 3635 (void) fprintf(stderr, "ifconfig: cannot unplumb %s: %s\n", 3636 name, ipadm_status2str(istatus)); 3637 exit(1); 3638 } 3639 3640 return (0); 3641 } 3642 3643 /* 3644 * Create the interface in `name', using ipadm_create_if(). If `name' is a 3645 * logical interface or loopback interface, ipadm_create_if() uses 3646 * SIOCLIFADDIF to create it. 3647 */ 3648 /* ARGSUSED */ 3649 static int 3650 inetplumb(char *arg, int64_t param) 3651 { 3652 ipadm_status_t istatus; 3653 3654 istatus = ipadm_create_if(iph, name, afp->af_af, IPADM_OPT_ACTIVE); 3655 if (istatus != IPADM_SUCCESS) { 3656 (void) fprintf(stderr, "ifconfig: cannot plumb %s: %s\n", 3657 name, ipadm_status2str(istatus)); 3658 if (istatus != IPADM_IF_EXISTS) 3659 exit(1); 3660 } 3661 return (0); 3662 } 3663 3664 /* ARGSUSED */ 3665 static int 3666 inetipmp(char *arg, int64_t param) 3667 { 3668 int retval; 3669 3670 /* 3671 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb". 3672 * Otherwise, try to create the requested IPMP interface. 3673 */ 3674 if (strchr(name, ':') != NULL) 3675 retval = inetplumb(arg, param); 3676 else 3677 retval = create_ipmp(name, afp->af_af, name, _B_FALSE); 3678 3679 /* 3680 * We'd return -1, but foreachinterface() doesn't propagate the error 3681 * into the exit status, so we're forced to explicitly exit(). 3682 */ 3683 if (retval == -1) 3684 exit(1); 3685 return (0); 3686 } 3687 3688 /* 3689 * Create an IPMP group `grname' with address family `af'. If `ifname' is 3690 * non-NULL, it specifies the interface name to use. Otherwise, use the name 3691 * ipmpN, where N corresponds to the lowest available integer. If `implicit' 3692 * is set, then the group is being created as a side-effect of placing an 3693 * underlying interface in a group. Also start in.mpathd if necessary. 3694 */ 3695 static int 3696 create_ipmp(const char *grname, int af, const char *ifname, boolean_t implicit) 3697 { 3698 static int ipmp_daemon_started; 3699 uint32_t flags = IPADM_OPT_IPMP|IPADM_OPT_ACTIVE; 3700 ipadm_status_t istatus; 3701 3702 if (debug) { 3703 (void) printf("create_ipmp: ifname %s grname %s af %d\n", 3704 ifname != NULL ? ifname : "NULL", grname, af); 3705 } 3706 3707 /* 3708 * ipadm_create_if() creates the IPMP interface and fills in the 3709 * ppa in lifr.lifr_name, if `ifname'="ipmp". 3710 */ 3711 (void) strlcpy(lifr.lifr_name, (ifname ? ifname : "ipmp"), 3712 sizeof (lifr.lifr_name)); 3713 if (ifname == NULL) 3714 flags |= IPADM_OPT_GENPPA; 3715 istatus = ipadm_create_if(iph, lifr.lifr_name, af, flags); 3716 if (istatus != IPADM_SUCCESS) { 3717 (void) fprintf(stderr, "ifconfig: cannot create IPMP interface " 3718 "%s: %s\n", grname, ipadm_status2str(istatus)); 3719 return (-1); 3720 } 3721 3722 /* 3723 * To preserve backward-compatibility, always bring up the link-local 3724 * address for implicitly-created IPv6 IPMP interfaces. 3725 */ 3726 if (implicit && af == AF_INET6) { 3727 if (ioctl(s6, SIOCGLIFFLAGS, &lifr) == 0) { 3728 lifr.lifr_flags |= IFF_UP; 3729 (void) ioctl(s6, SIOCSLIFFLAGS, &lifr); 3730 } 3731 } 3732 3733 /* 3734 * If the caller requested a different group name, issue a 3735 * SIOCSLIFGROUPNAME on the new IPMP interface. 3736 */ 3737 if (strcmp(lifr.lifr_name, grname) != 0) { 3738 (void) strlcpy(lifr.lifr_groupname, grname, LIFGRNAMSIZ); 3739 if (ioctl(s, SIOCSLIFGROUPNAME, &lifr) == -1) { 3740 Perror0("SIOCSLIFGROUPNAME"); 3741 return (-1); 3742 } 3743 } 3744 3745 /* 3746 * If we haven't done so yet, ensure in.mpathd is started. 3747 */ 3748 if (ipmp_daemon_started++ == 0) 3749 start_ipmp_daemon(); 3750 3751 return (0); 3752 } 3753 3754 /* 3755 * Start in.mpathd if it's not already running. 3756 */ 3757 static void 3758 start_ipmp_daemon(void) 3759 { 3760 int retval; 3761 ipmp_handle_t ipmp_handle; 3762 3763 /* 3764 * Ping in.mpathd to see if it's running already. 3765 */ 3766 if ((retval = ipmp_open(&ipmp_handle)) != IPMP_SUCCESS) { 3767 (void) fprintf(stderr, "ifconfig: cannot create IPMP handle: " 3768 "%s\n", ipmp_errmsg(retval)); 3769 return; 3770 } 3771 3772 retval = ipmp_ping_daemon(ipmp_handle); 3773 ipmp_close(ipmp_handle); 3774 3775 switch (retval) { 3776 case IPMP_ENOMPATHD: 3777 break; 3778 case IPMP_SUCCESS: 3779 return; 3780 default: 3781 (void) fprintf(stderr, "ifconfig: cannot ping in.mpathd: %s\n", 3782 ipmp_errmsg(retval)); 3783 break; 3784 } 3785 3786 /* 3787 * Start in.mpathd. Note that in.mpathd will handle multiple 3788 * incarnations (ipmp_ping_daemon() is just an optimization) so we 3789 * don't need to worry about racing with another ifconfig process. 3790 */ 3791 switch (fork()) { 3792 case -1: 3793 Perror0_exit("start_ipmp_daemon: fork"); 3794 /* NOTREACHED */ 3795 case 0: 3796 (void) execl(MPATHD_PATH, MPATHD_PATH, NULL); 3797 _exit(1); 3798 /* NOTREACHED */ 3799 default: 3800 break; 3801 } 3802 } 3803 3804 /* 3805 * Bring the address named by `ifaddrp' up or down. Doesn't trust any mutable 3806 * values in ia_flags since they may be stale. 3807 */ 3808 static boolean_t 3809 ifaddr_op(ifaddrlistx_t *ifaddrp, boolean_t up) 3810 { 3811 struct lifreq lifrl; /* Local lifreq struct */ 3812 int fd = (ifaddrp->ia_flags & IFF_IPV4) ? s4 : s6; 3813 3814 (void) memset(&lifrl, 0, sizeof (lifrl)); 3815 (void) strlcpy(lifrl.lifr_name, ifaddrp->ia_name, LIFNAMSIZ); 3816 if (ioctl(fd, SIOCGLIFFLAGS, &lifrl) == -1) 3817 return (_B_FALSE); 3818 3819 if (up) 3820 lifrl.lifr_flags |= IFF_UP; 3821 else 3822 lifrl.lifr_flags &= ~IFF_UP; 3823 3824 if (ioctl(fd, SIOCSLIFFLAGS, &lifrl) == -1) 3825 return (_B_FALSE); 3826 3827 /* 3828 * If we're trying to bring the address down, ensure that DAD activity 3829 * (observable by IFF_DUPLICATE) has also been stopped. 3830 */ 3831 if (!up && ioctl(fd, SIOCGLIFFLAGS, &lifrl) != -1 && 3832 lifrl.lifr_flags & IFF_DUPLICATE) { 3833 if (ioctl(fd, SIOCGLIFADDR, &lifrl) == -1 || 3834 ioctl(fd, SIOCSLIFADDR, &lifrl) == -1) { 3835 return (_B_FALSE); 3836 } 3837 } 3838 return (_B_TRUE); 3839 } 3840 3841 static boolean_t 3842 ifaddr_up(ifaddrlistx_t *ifaddrp) 3843 { 3844 return (ifaddr_op(ifaddrp, _B_TRUE)); 3845 } 3846 3847 static boolean_t 3848 ifaddr_down(ifaddrlistx_t *ifaddrp) 3849 { 3850 return (ifaddr_op(ifaddrp, _B_FALSE)); 3851 } 3852 3853 /* 3854 * Open the global libdladm handle "dlh" if it isn't already opened. The 3855 * caller may optionally supply a link name to obtain its linkid. If a link 3856 * of a specific class or classes is required, reqclass specifies the class 3857 * mask. 3858 */ 3859 static dladm_status_t 3860 ifconfig_dladm_open(const char *name, datalink_class_t reqclass, 3861 datalink_id_t *linkid) 3862 { 3863 dladm_status_t status = DLADM_STATUS_OK; 3864 datalink_class_t class; 3865 3866 if (!dlh_opened) { 3867 if ((status = dladm_open(&dlh)) != DLADM_STATUS_OK) 3868 return (status); 3869 dlh_opened = _B_TRUE; 3870 } 3871 if (name != NULL) { 3872 status = dladm_name2info(dlh, name, linkid, NULL, &class, NULL); 3873 if (status == DLADM_STATUS_OK) { 3874 if (!(class & reqclass)) 3875 status = DLADM_STATUS_LINKINVAL; 3876 } 3877 } 3878 return (status); 3879 } 3880 3881 /* 3882 * This function checks if we can use libipadm API's. We will only 3883 * call libipadm functions for non-IPMP interfaces. This check is 3884 * temporary until libipadm supports IPMP interfaces. 3885 */ 3886 static boolean_t 3887 ifconfig_use_libipadm(int s, const char *lifname) 3888 { 3889 struct lifreq lifr1; 3890 3891 (void) strlcpy(lifr1.lifr_name, lifname, sizeof (lifr1.lifr_name)); 3892 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr1) < 0) { 3893 (void) strncpy(lifr.lifr_name, lifname, 3894 sizeof (lifr.lifr_name)); 3895 Perror0_exit("error"); 3896 } 3897 3898 return (lifr1.lifr_groupname[0] == '\0'); 3899 } 3900 3901 static void 3902 ipadmerr_exit(ipadm_status_t status, const char *str) 3903 { 3904 (void) fprintf(stderr, "ifconfig: %s: %s\n", str, 3905 ipadm_status2str(status)); 3906 exit(1); 3907 } 3908 3909 static void 3910 dladmerr_exit(dladm_status_t status, const char *str) 3911 { 3912 char errstr[DLADM_STRSIZE]; 3913 3914 (void) fprintf(stderr, "%s: %s\n", str, 3915 dladm_status2str(status, errstr)); 3916 exit(1); 3917 } 3918 3919 void 3920 Perror0(const char *cmd) 3921 { 3922 Perror2(cmd, lifr.lifr_name); 3923 } 3924 3925 void 3926 Perror0_exit(const char *cmd) 3927 { 3928 Perror0(cmd); 3929 exit(1); 3930 } 3931 3932 void 3933 Perror2(const char *cmd, const char *str) 3934 { 3935 int error = errno; 3936 3937 (void) fprintf(stderr, "ifconfig: %s: ", cmd); 3938 3939 switch (error) { 3940 case ENXIO: 3941 (void) fprintf(stderr, "%s: no such interface\n", str); 3942 break; 3943 case EPERM: 3944 (void) fprintf(stderr, "%s: permission denied\n", str); 3945 break; 3946 case EEXIST: 3947 (void) fprintf(stderr, "%s: already exists\n", str); 3948 break; 3949 case ENAMETOOLONG: 3950 (void) fprintf(stderr, "%s: interface name too long\n", str); 3951 break; 3952 case ERANGE: 3953 (void) fprintf(stderr, "%s: logical interface id is outside " 3954 "allowed range\n", str); 3955 break; 3956 default: 3957 errno = error; 3958 perror(str); 3959 } 3960 } 3961 3962 /* 3963 * Print out error message (Perror2()) and exit 3964 */ 3965 void 3966 Perror2_exit(const char *cmd, const char *str) 3967 { 3968 Perror2(cmd, str); 3969 exit(1); 3970 /* NOTREACHED */ 3971 } 3972 3973 void 3974 Perrdlpi(const char *cmd, const char *linkname, int err) 3975 { 3976 (void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd, 3977 linkname, dlpi_strerror(err)); 3978 } 3979 3980 /* 3981 * Print out error message (Perrdlpi()) and exit 3982 */ 3983 void 3984 Perrdlpi_exit(const char *cmd, const char *linkname, int err) 3985 { 3986 Perrdlpi(cmd, linkname, err); 3987 exit(1); 3988 } 3989 3990 /* 3991 * If the last argument is non-NULL allow a <addr>/<n> syntax and 3992 * pass out <n> in *plenp. 3993 * If <n> doesn't parse return BAD_ADDR as *plenp. 3994 * If no /<n> is present return NO_PREFIX as *plenp. 3995 */ 3996 static void 3997 in_getaddr(char *s, struct sockaddr *saddr, int *plenp) 3998 { 3999 /* LINTED: alignment */ 4000 struct sockaddr_in *sin = (struct sockaddr_in *)saddr; 4001 struct hostent *hp; 4002 struct netent *np; 4003 char str[BUFSIZ]; 4004 int error_num; 4005 4006 (void) strncpy(str, s, sizeof (str)); 4007 4008 /* 4009 * Look for '/'<n> is plenp 4010 */ 4011 if (plenp != NULL) { 4012 char *cp; 4013 4014 *plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS); 4015 if (*plenp == BAD_ADDR) 4016 return; 4017 cp = strchr(str, '/'); 4018 if (cp != NULL) 4019 *cp = '\0'; 4020 } else if (strchr(str, '/') != NULL) { 4021 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4022 exit(1); 4023 } 4024 4025 (void) memset(sin, 0, sizeof (*sin)); 4026 4027 /* 4028 * Try to catch attempts to set the broadcast address to all 1's. 4029 */ 4030 if (strcmp(str, "255.255.255.255") == 0 || 4031 (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) { 4032 sin->sin_family = AF_INET; 4033 sin->sin_addr.s_addr = 0xffffffff; 4034 return; 4035 } 4036 4037 hp = getipnodebyname(str, AF_INET, 0, &error_num); 4038 if (hp) { 4039 sin->sin_family = hp->h_addrtype; 4040 (void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length); 4041 freehostent(hp); 4042 return; 4043 } 4044 np = getnetbyname(str); 4045 if (np) { 4046 sin->sin_family = np->n_addrtype; 4047 sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY); 4048 return; 4049 } 4050 if (error_num == TRY_AGAIN) { 4051 (void) fprintf(stderr, "ifconfig: %s: bad address " 4052 "(try again later)\n", s); 4053 } else { 4054 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4055 } 4056 exit(1); 4057 } 4058 4059 /* 4060 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4061 * pass out <n> in *plenp. 4062 * If <n> doesn't parse return BAD_ADDR as *plenp. 4063 * If no /<n> is present return NO_PREFIX as *plenp. 4064 */ 4065 static void 4066 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4067 { 4068 /* LINTED: alignment */ 4069 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr; 4070 struct hostent *hp; 4071 char str[BUFSIZ]; 4072 int error_num; 4073 4074 (void) strncpy(str, s, sizeof (str)); 4075 4076 /* 4077 * Look for '/'<n> is plenp 4078 */ 4079 if (plenp != NULL) { 4080 char *cp; 4081 4082 *plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS); 4083 if (*plenp == BAD_ADDR) 4084 return; 4085 cp = strchr(str, '/'); 4086 if (cp != NULL) 4087 *cp = '\0'; 4088 } else if (strchr(str, '/') != NULL) { 4089 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4090 exit(1); 4091 } 4092 4093 (void) memset(sin6, 0, sizeof (*sin6)); 4094 4095 hp = getipnodebyname(str, AF_INET6, 0, &error_num); 4096 if (hp) { 4097 sin6->sin6_family = hp->h_addrtype; 4098 (void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length); 4099 freehostent(hp); 4100 return; 4101 } 4102 if (error_num == TRY_AGAIN) { 4103 (void) fprintf(stderr, "ifconfig: %s: bad address " 4104 "(try again later)\n", s); 4105 } else { 4106 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4107 } 4108 exit(1); 4109 } 4110 4111 /* 4112 * If "slash" is zero this parses the whole string as 4113 * an integer. With "slash" non zero it parses the tail part as an integer. 4114 * 4115 * If it is not a valid integer this returns BAD_ADDR. 4116 * If there is /<n> present this returns NO_PREFIX. 4117 */ 4118 static int 4119 in_getprefixlen(char *addr, boolean_t slash, int max_plen) 4120 { 4121 int prefixlen; 4122 char *str, *end; 4123 4124 if (slash) { 4125 str = strchr(addr, '/'); 4126 if (str == NULL) 4127 return (NO_PREFIX); 4128 str++; 4129 } else 4130 str = addr; 4131 4132 prefixlen = strtol(str, &end, 10); 4133 if (prefixlen < 0) 4134 return (BAD_ADDR); 4135 if (str == end) 4136 return (BAD_ADDR); 4137 if (max_plen != 0 && max_plen < prefixlen) 4138 return (BAD_ADDR); 4139 return (prefixlen); 4140 } 4141 4142 /* 4143 * Convert a prefix length to a mask. 4144 * Returns 1 if ok. 0 otherwise. 4145 * Assumes the mask array is zero'ed by the caller. 4146 */ 4147 static boolean_t 4148 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask) 4149 { 4150 if (prefixlen < 0 || prefixlen > maxlen) 4151 return (0); 4152 4153 while (prefixlen > 0) { 4154 if (prefixlen >= 8) { 4155 *mask++ = 0xFF; 4156 prefixlen -= 8; 4157 continue; 4158 } 4159 *mask |= 1 << (8 - prefixlen); 4160 prefixlen--; 4161 } 4162 return (1); 4163 } 4164 4165 static void 4166 print_flags(uint64_t flags) 4167 { 4168 boolean_t first = _B_TRUE; 4169 int cnt, i; 4170 4171 (void) printf("flags=%llx", flags); 4172 cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t); 4173 for (i = 0; i < cnt; i++) { 4174 if (flags & if_flags_tbl[i].iff_value) { 4175 if (first) { 4176 (void) printf("<"); 4177 first = _B_FALSE; 4178 } else { 4179 /* 4180 * It has to be here and not with the 4181 * printf below because for the last one, 4182 * we don't want a comma before the ">". 4183 */ 4184 (void) printf(","); 4185 } 4186 (void) printf("%s", if_flags_tbl[i].iff_name); 4187 } 4188 } 4189 if (!first) 4190 (void) printf(">"); 4191 } 4192 4193 static void 4194 print_config_flags(int af, uint64_t flags) 4195 { 4196 if_config_cmd_t *cmdp; 4197 4198 for (cmdp = if_config_cmd_tbl; cmdp->iff_flag != 0; cmdp++) { 4199 if ((flags & cmdp->iff_flag) && 4200 (cmdp->iff_af == AF_UNSPEC || cmdp->iff_af == af)) { 4201 (void) printf("%s ", cmdp->iff_name); 4202 } 4203 } 4204 } 4205 4206 /* 4207 * Use the configured directory lookup mechanism (e.g. files/NIS/...) 4208 * to find the network mask. Returns true if we found one to set. 4209 * 4210 * The parameter addr_set controls whether we should get the address of 4211 * the working interface for the netmask query. If addr_set is true, 4212 * we will use the address provided. Otherwise, we will find the working 4213 * interface's address and use it instead. 4214 */ 4215 static boolean_t 4216 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set) 4217 { 4218 struct sockaddr_in ifaddr; 4219 4220 /* 4221 * Read the address from the interface if it is not passed in. 4222 */ 4223 if (!addr_set) { 4224 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4225 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 4226 if (errno != EADDRNOTAVAIL) { 4227 (void) fprintf(stderr, "Need net number for " 4228 "mask\n"); 4229 } 4230 return (_B_FALSE); 4231 } 4232 ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr); 4233 } else { 4234 ifaddr.sin_addr = saddr->sin_addr; 4235 } 4236 if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) { 4237 saddr->sin_family = AF_INET; 4238 return (_B_TRUE); 4239 } 4240 return (_B_FALSE); 4241 } 4242 4243 static int 4244 lifnum(const char *ifname) 4245 { 4246 const char *cp; 4247 4248 if ((cp = strchr(ifname, ':')) == NULL) 4249 return (0); 4250 else 4251 return (atoi(cp + 1)); 4252 } 4253 4254 static void 4255 add_ni(const char *name) 4256 { 4257 ni_t **pp; 4258 ni_t *p; 4259 4260 for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) { 4261 if (strcmp(p->ni_name, name) == 0) { 4262 if (debug > 2) 4263 (void) fprintf(stderr, "'%s' is a duplicate\n", 4264 name); 4265 return; 4266 } 4267 } 4268 4269 if (debug > 2) 4270 (void) fprintf(stderr, "adding '%s'\n", 4271 name); 4272 4273 if ((p = malloc(sizeof (ni_t))) == NULL) 4274 return; 4275 4276 (void) strlcpy(p->ni_name, name, sizeof (p->ni_name)); 4277 p->ni_next = NULL; 4278 4279 *pp = p; 4280 num_ni++; 4281 } 4282 4283 static boolean_t 4284 ni_entry(const char *linkname, void *arg) 4285 { 4286 dlpi_handle_t dh; 4287 datalink_class_t class; 4288 4289 (void) dladm_name2info(arg, linkname, NULL, NULL, &class, NULL); 4290 4291 if (class == DATALINK_CLASS_ETHERSTUB) 4292 return (_B_FALSE); 4293 if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS) 4294 return (_B_FALSE); 4295 4296 add_ni(linkname); 4297 4298 dlpi_close(dh); 4299 return (_B_FALSE); 4300 } 4301 4302 /* 4303 * dhcp-related routines 4304 */ 4305 4306 static int 4307 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[]) 4308 { 4309 dhcp_ipc_request_t *request; 4310 dhcp_ipc_reply_t *reply = NULL; 4311 int timeout = DHCP_IPC_WAIT_DEFAULT; 4312 dhcp_ipc_type_t type = DHCP_START; 4313 int error; 4314 boolean_t is_primary = _B_FALSE; 4315 boolean_t started = _B_FALSE; 4316 4317 for (argv++; --argc > 0; argv++) { 4318 4319 if (strcmp(*argv, "primary") == 0) { 4320 is_primary = _B_TRUE; 4321 continue; 4322 } 4323 4324 if (strcmp(*argv, "wait") == 0) { 4325 if (--argc <= 0) { 4326 usage(); 4327 return (DHCP_EXIT_BADARGS); 4328 } 4329 argv++; 4330 4331 if (strcmp(*argv, "forever") == 0) { 4332 timeout = DHCP_IPC_WAIT_FOREVER; 4333 continue; 4334 } 4335 4336 if (sscanf(*argv, "%d", &timeout) != 1) { 4337 usage(); 4338 return (DHCP_EXIT_BADARGS); 4339 } 4340 4341 if (timeout < 0) { 4342 usage(); 4343 return (DHCP_EXIT_BADARGS); 4344 } 4345 continue; 4346 } 4347 4348 type = dhcp_string_to_request(*argv); 4349 if (type == -1) { 4350 usage(); 4351 return (DHCP_EXIT_BADARGS); 4352 } 4353 } 4354 4355 /* 4356 * Only try to start agent on start or inform; in all other cases it 4357 * has to already be running for anything to make sense. 4358 */ 4359 if (type == DHCP_START || type == DHCP_INFORM) { 4360 if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) { 4361 (void) fprintf(stderr, "%s: unable to start %s\n", 4362 caller, DHCP_AGENT_PATH); 4363 return (DHCP_EXIT_FAILURE); 4364 } 4365 started = _B_TRUE; 4366 } 4367 4368 if (is_primary) 4369 type |= DHCP_PRIMARY; 4370 4371 if (af != AF_INET) 4372 type |= DHCP_V6; 4373 4374 request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE); 4375 if (request == NULL) { 4376 (void) fprintf(stderr, "%s: out of memory\n", caller); 4377 return (DHCP_EXIT_SYSTEM); 4378 } 4379 4380 error = dhcp_ipc_make_request(request, &reply, timeout); 4381 if (error != 0) { 4382 free(request); 4383 /* 4384 * Re-map connect error to not under control if we didn't try a 4385 * start operation, as this has to be true and results in a 4386 * clearer message, not to mention preserving compatibility 4387 * with the days when we always started dhcpagent for every 4388 * request. 4389 */ 4390 if (error == DHCP_IPC_E_CONNECT && !started) 4391 error = DHCP_IPC_E_UNKIF; 4392 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4393 dhcp_ipc_strerror(error)); 4394 return (DHCP_EXIT_FAILURE); 4395 } 4396 4397 error = reply->return_code; 4398 if (error != 0) { 4399 free(request); 4400 free(reply); 4401 4402 if (error == DHCP_IPC_E_TIMEOUT && timeout == 0) 4403 return (DHCP_EXIT_SUCCESS); 4404 4405 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4406 dhcp_ipc_strerror(error)); 4407 4408 if (error == DHCP_IPC_E_TIMEOUT) 4409 return (DHCP_EXIT_TIMEOUT); 4410 else 4411 return (DHCP_EXIT_IF_FAILURE); 4412 } 4413 4414 if (DHCP_IPC_CMD(type) == DHCP_STATUS) { 4415 (void) printf("%s", dhcp_status_hdr_string()); 4416 (void) printf("%s", dhcp_status_reply_to_string(reply)); 4417 } 4418 4419 free(request); 4420 free(reply); 4421 return (DHCP_EXIT_SUCCESS); 4422 } 4423 4424 static void 4425 usage(void) 4426 { 4427 (void) fprintf(stderr, 4428 "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n"); 4429 4430 (void) fprintf(stderr, "%s", 4431 "\t[ <addr_family> ]\n" 4432 "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n" 4433 "\t[ set [ <address>][/<prefix_length>] ]" 4434 " [ <address>/<prefix_length>] ]\n" 4435 "\t[ destination <dest_address> ]\n" 4436 "\t[ addif <address>[/<prefix_length>]" 4437 " [ <dest_address> ] ]\n" 4438 "\t[ removeif <address>[/<prefix_length>] ]\n" 4439 "\t[ arp | -arp ]\n" 4440 "\t[ auto-revarp ]\n" 4441 "\t[ broadcast <broad_addr> ]\n" 4442 "\t[ index <if_index> ]\n" 4443 "\t[ metric <n> ] [ mtu <n> ]\n" 4444 "\t[ netmask <mask> ]\n" 4445 "\t[ plumb ] [ unplumb ]\n" 4446 "\t[ preferred | -preferred ]\n" 4447 "\t[ private | -private ]\n" 4448 "\t[ local | -local ]\n" 4449 "\t[ router | -router ]\n" 4450 "\t[ subnet <subnet_address>]\n" 4451 "\t[ trailers | -trailers ]\n" 4452 "\t[ token <address>/<prefix_length> ]\n" 4453 "\t[ tsrc <tunnel_src_address> ]\n" 4454 "\t[ tdst <tunnel_dest_address> ]\n" 4455 "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n" 4456 "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n" 4457 "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n" 4458 "\t[ up ] [ down ]\n" 4459 "\t[ xmit | -xmit ]\n" 4460 "\t[ modlist ]\n" 4461 "\t[ modinsert <module_name@position> ]\n" 4462 "\t[ modremove <module_name@position> ]\n" 4463 "\t[ ipmp ]\n" 4464 "\t[ group <groupname>] | [ group \"\"]\n" 4465 "\t[ deprecated | -deprecated ]\n" 4466 "\t[ standby | -standby ]\n" 4467 "\t[ failover | -failover ]\n" 4468 "\t[ zone <zonename> | -zone ]\n" 4469 "\t[ usesrc <interface> ]\n" 4470 "\t[ all-zones ]\n"); 4471 4472 (void) fprintf(stderr, "or\n"); 4473 (void) fprintf(stderr, 4474 "\tifconfig <interface> | -a[ 4 | 6 | D ] [ u | d ]\n"); 4475 4476 (void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n" 4477 "\t[ wait <time> | forever ]\n\t[ primary ]\n" 4478 "\tstart | drop | ping | release | status | inform\n"); 4479 } 4480