xref: /illumos-gate/usr/src/uts/common/inet/tunables.c (revision 315e695527b211489a44386ec695c6ccd3af4e6e)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright (c) 1990 Mentat Inc.
24  */
25 
26 #include <inet/tunables.h>
27 #include <sys/md5.h>
28 #include <inet/common.h>
29 #include <inet/ip.h>
30 #include <inet/ip6.h>
31 #include <netinet/icmp6.h>
32 #include <inet/ip_stack.h>
33 #include <inet/rawip_impl.h>
34 #include <inet/tcp_stack.h>
35 #include <inet/tcp_impl.h>
36 #include <inet/udp_impl.h>
37 #include <inet/sctp/sctp_stack.h>
38 #include <inet/sctp/sctp_impl.h>
39 #include <inet/tunables.h>
40 
41 static int
42 prop_perm2const(mod_prop_info_t *pinfo)
43 {
44 	if (pinfo->mpi_setf == NULL)
45 		return (MOD_PROP_PERM_READ);
46 	if (pinfo->mpi_getf == NULL)
47 		return (MOD_PROP_PERM_WRITE);
48 	return (MOD_PROP_PERM_RW);
49 }
50 
51 /*
52  * Modifies the value of the property to default value or to the `pval'
53  * specified by the user.
54  */
55 /* ARGSUSED */
56 int
57 mod_set_boolean(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo,
58     const char *ifname, const void* pval, uint_t flags)
59 {
60 	char 		*end;
61 	unsigned long 	new_value;
62 
63 	if (flags & MOD_PROP_DEFAULT) {
64 		pinfo->prop_cur_bval = pinfo->prop_def_bval;
65 		return (0);
66 	}
67 
68 	if (ddi_strtoul(pval, &end, 10, &new_value) != 0 || *end != '\0')
69 		return (EINVAL);
70 	if (new_value != B_TRUE && new_value != B_FALSE)
71 		return (EINVAL);
72 	pinfo->prop_cur_bval = new_value;
73 	return (0);
74 }
75 
76 /*
77  * Retrieves property permission, default value, current value or possible
78  * values for those properties whose value type is boolean_t.
79  */
80 /* ARGSUSED */
81 int
82 mod_get_boolean(void *cbarg, mod_prop_info_t *pinfo, const char *ifname,
83     void *pval, uint_t psize, uint_t flags)
84 {
85 	boolean_t	get_def = (flags & MOD_PROP_DEFAULT);
86 	boolean_t	get_perm = (flags & MOD_PROP_PERM);
87 	boolean_t	get_range = (flags & MOD_PROP_POSSIBLE);
88 	size_t		nbytes;
89 
90 	bzero(pval, psize);
91 	if (get_perm)
92 		nbytes = snprintf(pval, psize, "%u", prop_perm2const(pinfo));
93 	else if (get_range)
94 		nbytes = snprintf(pval, psize, "%u,%u", B_FALSE, B_TRUE);
95 	else if (get_def)
96 		nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_bval);
97 	else
98 		nbytes = snprintf(pval, psize, "%u", pinfo->prop_cur_bval);
99 	if (nbytes >= psize)
100 		return (ENOBUFS);
101 	return (0);
102 }
103 
104 int
105 mod_uint32_value(const void *pval, mod_prop_info_t *pinfo, uint_t flags,
106     ulong_t *new_value)
107 {
108 	char 		*end;
109 
110 	if (flags & MOD_PROP_DEFAULT) {
111 		*new_value = pinfo->prop_def_uval;
112 		return (0);
113 	}
114 
115 	if (ddi_strtoul(pval, &end, 10, (ulong_t *)new_value) != 0 ||
116 	    *end != '\0')
117 		return (EINVAL);
118 	if (*new_value < pinfo->prop_min_uval ||
119 	    *new_value > pinfo->prop_max_uval) {
120 		return (ERANGE);
121 	}
122 	return (0);
123 }
124 
125 /*
126  * Modifies the value of the property to default value or to the `pval'
127  * specified by the user.
128  */
129 /* ARGSUSED */
130 int
131 mod_set_uint32(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo,
132     const char *ifname, const void *pval, uint_t flags)
133 {
134 	unsigned long	new_value;
135 	int		err;
136 
137 	if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0)
138 		return (err);
139 	pinfo->prop_cur_uval = (uint32_t)new_value;
140 	return (0);
141 }
142 
143 /*
144  * Rounds up the value to make it multiple of 8.
145  */
146 /* ARGSUSED */
147 int
148 mod_set_aligned(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo,
149     const char *ifname, const void* pval, uint_t flags)
150 {
151 	int	err;
152 
153 	if ((err = mod_set_uint32(cbarg, cr, pinfo, ifname, pval, flags)) != 0)
154 		return (err);
155 
156 	/* if required, align the value to multiple of 8 */
157 	if (pinfo->prop_cur_uval & 0x7) {
158 		pinfo->prop_cur_uval &= ~0x7;
159 		pinfo->prop_cur_uval += 0x8;
160 	}
161 
162 	return (0);
163 }
164 
165 /*
166  * Retrieves property permission, default value, current value or possible
167  * values for those properties whose value type is uint32_t.
168  */
169 /* ARGSUSED */
170 int
171 mod_get_uint32(void *cbarg, mod_prop_info_t *pinfo, const char *ifname,
172     void *pval, uint_t psize, uint_t flags)
173 {
174 	boolean_t	get_def = (flags & MOD_PROP_DEFAULT);
175 	boolean_t	get_perm = (flags & MOD_PROP_PERM);
176 	boolean_t	get_range = (flags & MOD_PROP_POSSIBLE);
177 	size_t		nbytes;
178 
179 	bzero(pval, psize);
180 	if (get_perm)
181 		nbytes = snprintf(pval, psize, "%u", prop_perm2const(pinfo));
182 	else if (get_range)
183 		nbytes = snprintf(pval, psize, "%u-%u",
184 		    pinfo->prop_min_uval, pinfo->prop_max_uval);
185 	else if (get_def)
186 		nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_uval);
187 	else
188 		nbytes = snprintf(pval, psize, "%u", pinfo->prop_cur_uval);
189 	if (nbytes >= psize)
190 		return (ENOBUFS);
191 	return (0);
192 }
193 
194 /*
195  * Implements /sbin/ndd -get /dev/ip ?, for all the modules. Needed for
196  * backward compatibility with /sbin/ndd.
197  */
198 /* ARGSUSED */
199 int
200 mod_get_allprop(void *cbarg, mod_prop_info_t *pinfo, const char *ifname,
201     void *val, uint_t psize, uint_t flags)
202 {
203 	char		*pval = val;
204 	mod_prop_info_t	*ptbl, *prop;
205 	ip_stack_t	*ipst;
206 	tcp_stack_t	*tcps;
207 	sctp_stack_t	*sctps;
208 	udp_stack_t	*us;
209 	icmp_stack_t	*is;
210 	uint_t		size;
211 	size_t		nbytes = 0, tbytes = 0;
212 
213 	bzero(pval, psize);
214 	size = psize;
215 
216 	switch (pinfo->mpi_proto) {
217 	case MOD_PROTO_IP:
218 	case MOD_PROTO_IPV4:
219 	case MOD_PROTO_IPV6:
220 		ipst = (ip_stack_t *)cbarg;
221 		ptbl = ipst->ips_propinfo_tbl;
222 		break;
223 	case MOD_PROTO_RAWIP:
224 		is = (icmp_stack_t *)cbarg;
225 		ptbl = is->is_propinfo_tbl;
226 		break;
227 	case MOD_PROTO_TCP:
228 		tcps = (tcp_stack_t *)cbarg;
229 		ptbl = tcps->tcps_propinfo_tbl;
230 		break;
231 	case MOD_PROTO_UDP:
232 		us = (udp_stack_t *)cbarg;
233 		ptbl = us->us_propinfo_tbl;
234 		break;
235 	case MOD_PROTO_SCTP:
236 		sctps = (sctp_stack_t *)cbarg;
237 		ptbl = sctps->sctps_propinfo_tbl;
238 		break;
239 	default:
240 		return (EINVAL);
241 	}
242 
243 	for (prop = ptbl; prop->mpi_name != NULL; prop++) {
244 		if (prop->mpi_name[0] == '\0' ||
245 		    strcmp(prop->mpi_name, "?") == 0) {
246 			continue;
247 		}
248 		nbytes = snprintf(pval, size, "%s %d %d", prop->mpi_name,
249 		    prop->mpi_proto, prop_perm2const(prop));
250 		size -= nbytes + 1;
251 		pval += nbytes + 1;
252 		tbytes += nbytes + 1;
253 		if (tbytes >= psize) {
254 			/* Buffer overflow, stop copying information */
255 			return (ENOBUFS);
256 		}
257 	}
258 	return (0);
259 }
260 
261 /*
262  * Hold a lock while changing *_epriv_ports to prevent multiple
263  * threads from changing it at the same time.
264  */
265 /* ARGSUSED */
266 int
267 mod_set_extra_privports(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo,
268     const char *ifname, const void* val, uint_t flags)
269 {
270 	uint_t		proto = pinfo->mpi_proto;
271 	tcp_stack_t	*tcps;
272 	sctp_stack_t	*sctps;
273 	udp_stack_t	*us;
274 	unsigned long	new_value;
275 	char		*end;
276 	kmutex_t	*lock;
277 	uint_t		i, nports;
278 	in_port_t	*ports;
279 	boolean_t	def = (flags & MOD_PROP_DEFAULT);
280 	const char	*pval = val;
281 
282 	if (!def) {
283 		if (ddi_strtoul(pval, &end, 10, &new_value) != 0 ||
284 		    *end != '\0') {
285 			return (EINVAL);
286 		}
287 
288 		if (new_value < pinfo->prop_min_uval ||
289 		    new_value > pinfo->prop_max_uval) {
290 			return (ERANGE);
291 		}
292 	}
293 
294 	switch (proto) {
295 	case MOD_PROTO_TCP:
296 		tcps = (tcp_stack_t *)cbarg;
297 		lock = &tcps->tcps_epriv_port_lock;
298 		ports = tcps->tcps_g_epriv_ports;
299 		nports = tcps->tcps_g_num_epriv_ports;
300 		break;
301 	case MOD_PROTO_UDP:
302 		us = (udp_stack_t *)cbarg;
303 		lock = &us->us_epriv_port_lock;
304 		ports = us->us_epriv_ports;
305 		nports = us->us_num_epriv_ports;
306 		break;
307 	case MOD_PROTO_SCTP:
308 		sctps = (sctp_stack_t *)cbarg;
309 		lock = &sctps->sctps_epriv_port_lock;
310 		ports = sctps->sctps_g_epriv_ports;
311 		nports = sctps->sctps_g_num_epriv_ports;
312 		break;
313 	default:
314 		return (ENOTSUP);
315 	}
316 
317 	mutex_enter(lock);
318 
319 	/* if MOD_PROP_DEFAULT is set then reset the ports list to default */
320 	if (def) {
321 		for (i = 0; i < nports; i++)
322 			ports[i] = 0;
323 		ports[0] = ULP_DEF_EPRIV_PORT1;
324 		ports[1] = ULP_DEF_EPRIV_PORT2;
325 		mutex_exit(lock);
326 		return (0);
327 	}
328 
329 	/* Check if the value is already in the list */
330 	for (i = 0; i < nports; i++) {
331 		if (new_value == ports[i])
332 			break;
333 	}
334 
335 	if (flags & MOD_PROP_REMOVE) {
336 		if (i == nports) {
337 			mutex_exit(lock);
338 			return (ESRCH);
339 		}
340 		/* Clear the value */
341 		ports[i] = 0;
342 	} else if (flags & MOD_PROP_APPEND) {
343 		if (i != nports) {
344 			mutex_exit(lock);
345 			return (EEXIST);
346 		}
347 
348 		/* Find an empty slot */
349 		for (i = 0; i < nports; i++) {
350 			if (ports[i] == 0)
351 				break;
352 		}
353 		if (i == nports) {
354 			mutex_exit(lock);
355 			return (EOVERFLOW);
356 		}
357 		/* Set the new value */
358 		ports[i] = (in_port_t)new_value;
359 	} else {
360 		/*
361 		 * If the user used 'assignment' modifier.
362 		 * For eg:
363 		 * 	# ipadm set-prop -p extra_priv_ports=3001 tcp
364 		 *
365 		 * We clear all the ports and then just add 3001.
366 		 */
367 		ASSERT(flags == MOD_PROP_ACTIVE);
368 		for (i = 0; i < nports; i++)
369 			ports[i] = 0;
370 		ports[0] = (in_port_t)new_value;
371 	}
372 
373 	mutex_exit(lock);
374 	return (0);
375 }
376 
377 /*
378  * Note: No locks are held when inspecting *_epriv_ports
379  * but instead the code relies on:
380  * - the fact that the address of the array and its size never changes
381  * - the atomic assignment of the elements of the array
382  */
383 /* ARGSUSED */
384 int
385 mod_get_extra_privports(void *cbarg, mod_prop_info_t *pinfo, const char *ifname,
386     void *val, uint_t psize, uint_t flags)
387 {
388 	uint_t		proto = pinfo->mpi_proto;
389 	tcp_stack_t	*tcps;
390 	sctp_stack_t	*sctps;
391 	udp_stack_t	*us;
392 	uint_t		i, nports, size;
393 	in_port_t	*ports;
394 	char		*pval = val;
395 	size_t		nbytes = 0, tbytes = 0;
396 	boolean_t	get_def = (flags & MOD_PROP_DEFAULT);
397 	boolean_t	get_perm = (flags & MOD_PROP_PERM);
398 	boolean_t	get_range = (flags & MOD_PROP_POSSIBLE);
399 
400 	bzero(pval, psize);
401 	size = psize;
402 
403 	if (get_def) {
404 		tbytes = snprintf(pval, psize, "%u,%u", ULP_DEF_EPRIV_PORT1,
405 		    ULP_DEF_EPRIV_PORT2);
406 		goto ret;
407 	} else if (get_perm) {
408 		tbytes = snprintf(pval, psize, "%u", MOD_PROP_PERM_RW);
409 		goto ret;
410 	}
411 
412 	switch (proto) {
413 	case MOD_PROTO_TCP:
414 		tcps = (tcp_stack_t *)cbarg;
415 		ports = tcps->tcps_g_epriv_ports;
416 		nports = tcps->tcps_g_num_epriv_ports;
417 		break;
418 	case MOD_PROTO_UDP:
419 		us = (udp_stack_t *)cbarg;
420 		ports = us->us_epriv_ports;
421 		nports = us->us_num_epriv_ports;
422 		break;
423 	case MOD_PROTO_SCTP:
424 		sctps = (sctp_stack_t *)cbarg;
425 		ports = sctps->sctps_g_epriv_ports;
426 		nports = sctps->sctps_g_num_epriv_ports;
427 		break;
428 	default:
429 		return (ENOTSUP);
430 	}
431 
432 	if (get_range) {
433 		tbytes = snprintf(pval, psize, "%u-%u", pinfo->prop_min_uval,
434 		    pinfo->prop_max_uval);
435 		goto ret;
436 	}
437 
438 	for (i = 0; i < nports; i++) {
439 		if (ports[i] != 0) {
440 			if (psize == size)
441 				nbytes = snprintf(pval, size, "%u", ports[i]);
442 			else
443 				nbytes = snprintf(pval, size, ",%u", ports[i]);
444 			size -= nbytes;
445 			pval += nbytes;
446 			tbytes += nbytes;
447 			if (tbytes >= psize)
448 				return (ENOBUFS);
449 		}
450 	}
451 	return (0);
452 ret:
453 	if (tbytes >= psize)
454 		return (ENOBUFS);
455 	return (0);
456 }
457