1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 /* 6 * Copyright (c) 1983 Regents of the University of California. 7 * All rights reserved. The Berkeley software License Agreement 8 * specifies the terms and conditions for redistribution. 9 */ 10 11 #include "defs.h" 12 #include "strings.h" 13 #include "ifconfig.h" 14 #include <compat.h> 15 #include <libdlpi.h> 16 #include <libdllink.h> 17 #include <inet/ip.h> 18 #include <inet/ipsec_impl.h> 19 20 #define LOOPBACK_IF "lo0" 21 #define NONE_STR "none" 22 #define ARP_MOD_NAME "arp" 23 #define TUN_NAME "tun" 24 #define ATUN_NAME "atun" 25 #define TUN6TO4_NAME "6to4tun" 26 27 typedef struct if_flags { 28 uint64_t iff_value; 29 char *iff_name; 30 } if_flags_t; 31 32 static if_flags_t if_flags_tbl[] = { 33 { IFF_UP, "UP" }, 34 { IFF_BROADCAST, "BROADCAST" }, 35 { IFF_DEBUG, "DEBUG" }, 36 { IFF_LOOPBACK, "LOOPBACK" }, 37 { IFF_POINTOPOINT, "POINTOPOINT" }, 38 { IFF_NOTRAILERS, "NOTRAILERS" }, 39 { IFF_RUNNING, "RUNNING" }, 40 { IFF_NOARP, "NOARP" }, 41 { IFF_PROMISC, "PROMISC" }, 42 { IFF_ALLMULTI, "ALLMULTI" }, 43 { IFF_INTELLIGENT, "INTELLIGENT" }, 44 { IFF_MULTICAST, "MULTICAST" }, 45 { IFF_MULTI_BCAST, "MULTI_BCAST" }, 46 { IFF_UNNUMBERED, "UNNUMBERED" }, 47 { IFF_DHCPRUNNING, "DHCP" }, 48 { IFF_PRIVATE, "PRIVATE" }, 49 { IFF_NOXMIT, "NOXMIT" }, 50 { IFF_NOLOCAL, "NOLOCAL" }, 51 { IFF_DEPRECATED, "DEPRECATED" }, 52 { IFF_ADDRCONF, "ADDRCONF" }, 53 { IFF_ROUTER, "ROUTER" }, 54 { IFF_NONUD, "NONUD" }, 55 { IFF_ANYCAST, "ANYCAST" }, 56 { IFF_NORTEXCH, "NORTEXCH" }, 57 { IFF_IPV4, "IPv4" }, 58 { IFF_IPV6, "IPv6" }, 59 { IFF_NOFAILOVER, "NOFAILOVER" }, 60 { IFF_FAILED, "FAILED" }, 61 { IFF_STANDBY, "STANDBY" }, 62 { IFF_INACTIVE, "INACTIVE" }, 63 { IFF_OFFLINE, "OFFLINE" }, 64 { IFF_XRESOLV, "XRESOLV" }, 65 { IFF_COS_ENABLED, "CoS" }, 66 { IFF_PREFERRED, "PREFERRED" }, 67 { IFF_TEMPORARY, "TEMPORARY" }, 68 { IFF_FIXEDMTU, "FIXEDMTU" }, 69 { IFF_VIRTUAL, "VIRTUAL" }, 70 { IFF_DUPLICATE, "DUPLICATE" } 71 }; 72 73 static struct lifreq lifr; 74 /* current interface name a particular function is accessing */ 75 static char name[LIFNAMSIZ]; 76 /* foreach interface saved name */ 77 static char origname[LIFNAMSIZ]; 78 static char savedname[LIFNAMSIZ]; /* For addif */ 79 static int setaddr; 80 81 /* 82 * Make sure the algorithm variables hold more than the sizeof an algorithm 83 * in PF_KEY. (For now, more than a uint8_t.) The NO_***_?ALG indicates that 84 * there was no algorithm requested, and in the ipsec_req that service should 85 * be disabled. (E.g. if ah_aalg remains NO_AH_AALG, then AH will be 86 * disabled on that tunnel.) 87 */ 88 #define NO_AH_AALG 256 89 #define NO_ESP_AALG 256 90 #define NO_ESP_EALG 256 91 92 /* 93 * iface_t 94 * used by setifether to create a list of interfaces to mark 95 * down-up when changing the ethernet address of an interface 96 */ 97 typedef struct iface { 98 struct lifreq lifr; 99 struct iface *next; /* pointer to the next list element */ 100 } iface_t; 101 102 static iface_t *logifs = NULL; /* list of logical interfaces */ 103 static iface_t *phyif = NULL; /* physical interface */ 104 105 int s; 106 int af = AF_INET; /* default address family */ 107 int debug = 0; 108 int all = 0; /* setifdhcp() needs to know this */ 109 int verbose = 0; 110 int v4compat = 0; /* Compatible printing format */ 111 112 /* 113 * Function prototypes for command functions. 114 */ 115 static int addif(char *arg, int64_t param); 116 static int inetplumb(char *arg, int64_t param); 117 static int inetunplumb(char *arg, int64_t param); 118 static int removeif(char *arg, int64_t param); 119 static int setdebugflag(char *arg, int64_t param); 120 static int setifaddr(char *arg, int64_t param); 121 static int setifbroadaddr(char *arg, int64_t param); 122 static int setifdstaddr(char *arg, int64_t param); 123 static int setifether(char *arg, int64_t param); 124 static int setifflags(char *arg, int64_t param); 125 static int setifindex(char *arg, int64_t param); 126 static int setifmetric(char *arg, int64_t param); 127 static int setifmtu(char *arg, int64_t param); 128 static int setifnetmask(char *arg, int64_t param); 129 static int setifprefixlen(char *arg, int64_t param); 130 static int setifrevarp(char *arg, int64_t param); 131 static int setifsubnet(char *arg, int64_t param); 132 static int setiftdst(char *arg, int64_t param); 133 static int setiftoken(char *arg, int64_t param); 134 static int setiftsrc(char *arg, int64_t param); 135 static int setverboseflag(char *arg, int64_t param); 136 static int set_tun_ah_alg(char *arg, int64_t param); 137 static int set_tun_esp_auth_alg(char *arg, int64_t param); 138 static int set_tun_esp_encr_alg(char *arg, int64_t param); 139 static int modlist(char *arg, int64_t param); 140 static int modinsert(char *arg, int64_t param); 141 static int modremove(char *arg, int64_t param); 142 static int setifgroupname(char *arg, int64_t param); 143 static int configinfo(char *arg, int64_t param); 144 static void print_config_flags(uint64_t flags); 145 static void print_flags(uint64_t flags); 146 static void print_ifether(char *ifname); 147 static int set_tun_encap_limit(char *arg, int64_t param); 148 static int clr_tun_encap_limit(char *arg, int64_t param); 149 static int set_tun_hop_limit(char *arg, int64_t param); 150 static int setzone(char *arg, int64_t param); 151 static int setallzones(char *arg, int64_t param); 152 static int setifsrc(char *arg, int64_t param); 153 154 /* 155 * Address family specific function prototypes. 156 */ 157 static void in_getaddr(char *s, struct sockaddr *saddr, int *plenp); 158 static void in_status(int force, uint64_t flags); 159 static void in_configinfo(int force, uint64_t flags); 160 static void in6_getaddr(char *s, struct sockaddr *saddr, int *plenp); 161 static void in6_status(int force, uint64_t flags); 162 static void in6_configinfo(int force, uint64_t flags); 163 164 /* 165 * Misc support functions 166 */ 167 static boolean_t ni_entry(const char *, void *); 168 static void foreachinterface(void (*func)(), int argc, char *argv[], 169 int af, int64_t onflags, int64_t offflags, 170 int64_t lifc_flags); 171 static void ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp); 172 static boolean_t in_getmask(struct sockaddr_in *saddr, 173 boolean_t addr_set); 174 static int in_getprefixlen(char *addr, boolean_t slash, int plen); 175 static boolean_t in_prefixlentomask(int prefixlen, int maxlen, 176 uchar_t *mask); 177 static int settaddr(char *, int (*)(icfg_handle_t, 178 const struct sockaddr *, socklen_t)); 179 static void status(void); 180 static void ifstatus(const char *); 181 static void usage(void); 182 static int strioctl(int s, int cmd, char *buf, int buflen); 183 static int setifdhcp(const char *caller, const char *ifname, 184 int argc, char *argv[]); 185 static int ip_domux2fd(int *, int *, int *, int *, int *); 186 static int ip_plink(int, int, int, int, int); 187 static int modop(char *arg, char op); 188 static void selectifs(int argc, char *argv[], int af, 189 struct lifreq *lifrp); 190 static int updownifs(iface_t *ifs, int up); 191 static int find_all_global_interfaces(struct lifconf *lifcp, char **buf, 192 int64_t lifc_flags); 193 static int find_all_zone_interfaces(struct lifconf *lifcp, char **buf, 194 int64_t lifc_flags); 195 196 #define max(a, b) ((a) < (b) ? (b) : (a)) 197 198 /* 199 * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there 200 * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep 201 * on going rather than exit with an error. 202 */ 203 204 #define DHCP_EXIT_IF_FAILURE -1 205 206 #define NEXTARG 0xffffff /* command takes an argument */ 207 #define OPTARG 0xfffffe /* command takes an optional argument */ 208 #define AF_ANY (-1) 209 210 /* Refer to the comments in ifconfig() on the netmask "hack" */ 211 #define NETMASK_CMD "netmask" 212 struct sockaddr_storage g_netmask; 213 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET } 214 g_netmask_set = G_NETMASK_NIL; 215 216 struct cmd { 217 char *c_name; 218 int64_t c_parameter; /* NEXTARG means next argv */ 219 int (*c_func)(char *, int64_t); 220 int c_abortonfail; /* don't continue parsing args */ 221 /* for the current interface */ 222 int c_af; /* address family restrictions */ 223 } cmds[] = { 224 { "up", IFF_UP, setifflags, 0, AF_ANY }, 225 { "down", -IFF_UP, setifflags, 0, AF_ANY }, 226 { "trailers", -IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 227 { "-trailers", IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 228 { "arp", -IFF_NOARP, setifflags, 0, AF_INET }, 229 { "-arp", IFF_NOARP, setifflags, 0, AF_INET }, 230 { "router", IFF_ROUTER, setifflags, 0, AF_ANY }, 231 { "-router", -IFF_ROUTER, setifflags, 0, AF_ANY }, 232 { "private", IFF_PRIVATE, setifflags, 0, AF_ANY }, 233 { "-private", -IFF_PRIVATE, setifflags, 0, AF_ANY }, 234 { "xmit", -IFF_NOXMIT, setifflags, 0, AF_ANY }, 235 { "-xmit", IFF_NOXMIT, setifflags, 0, AF_ANY }, 236 { "-nud", IFF_NONUD, setifflags, 0, AF_INET6 }, 237 { "nud", -IFF_NONUD, setifflags, 0, AF_INET6 }, 238 { "anycast", IFF_ANYCAST, setifflags, 0, AF_ANY }, 239 { "-anycast", -IFF_ANYCAST, setifflags, 0, AF_ANY }, 240 { "local", -IFF_NOLOCAL, setifflags, 0, AF_ANY }, 241 { "-local", IFF_NOLOCAL, setifflags, 0, AF_ANY }, 242 { "deprecated", IFF_DEPRECATED, setifflags, 0, AF_ANY }, 243 { "-deprecated", -IFF_DEPRECATED, setifflags, 0, AF_ANY }, 244 { "preferred", IFF_PREFERRED, setifflags, 0, AF_INET6 }, 245 { "-preferred", -IFF_PREFERRED, setifflags, 0, AF_INET6 }, 246 { "debug", 0, setdebugflag, 0, AF_ANY }, 247 { "verbose", 0, setverboseflag, 0, AF_ANY }, 248 { NETMASK_CMD, NEXTARG, setifnetmask, 0, AF_INET }, 249 { "metric", NEXTARG, setifmetric, 0, AF_ANY }, 250 { "mtu", NEXTARG, setifmtu, 0, AF_ANY }, 251 { "index", NEXTARG, setifindex, 0, AF_ANY }, 252 { "broadcast", NEXTARG, setifbroadaddr, 0, AF_INET }, 253 { "auto-revarp", 0, setifrevarp, 1, AF_INET }, 254 { "plumb", 0, inetplumb, 1, AF_ANY }, 255 { "unplumb", 0, inetunplumb, 0, AF_ANY }, 256 { "subnet", NEXTARG, setifsubnet, 0, AF_ANY }, 257 { "token", NEXTARG, setiftoken, 0, AF_INET6 }, 258 { "tsrc", NEXTARG, setiftsrc, 0, AF_ANY }, 259 { "tdst", NEXTARG, setiftdst, 0, AF_ANY }, 260 { "encr_auth_algs", NEXTARG, set_tun_esp_auth_alg, 0, AF_ANY }, 261 { "encr_algs", NEXTARG, set_tun_esp_encr_alg, 0, AF_ANY }, 262 { "auth_algs", NEXTARG, set_tun_ah_alg, 0, AF_ANY }, 263 { "addif", NEXTARG, addif, 1, AF_ANY }, 264 { "removeif", NEXTARG, removeif, 1, AF_ANY }, 265 { "modlist", 0, modlist, 1, AF_ANY }, 266 { "modinsert", NEXTARG, modinsert, 1, AF_ANY }, 267 { "modremove", NEXTARG, modremove, 1, AF_ANY }, 268 { "failover", -IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 269 { "-failover", IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 270 { "standby", IFF_STANDBY, setifflags, 1, AF_ANY }, 271 { "-standby", -IFF_STANDBY, setifflags, 1, AF_ANY }, 272 { "failed", IFF_FAILED, setifflags, 1, AF_ANY }, 273 { "-failed", -IFF_FAILED, setifflags, 1, AF_ANY }, 274 { "group", NEXTARG, setifgroupname, 1, AF_ANY }, 275 { "configinfo", 0, configinfo, 1, AF_ANY }, 276 { "encaplimit", NEXTARG, set_tun_encap_limit, 0, AF_ANY }, 277 { "-encaplimit", 0, clr_tun_encap_limit, 0, AF_ANY }, 278 { "thoplimit", NEXTARG, set_tun_hop_limit, 0, AF_ANY }, 279 { "set", NEXTARG, setifaddr, 0, AF_ANY }, 280 { "destination", NEXTARG, setifdstaddr, 0, AF_ANY }, 281 { "zone", NEXTARG, setzone, 0, AF_ANY }, 282 { "-zone", 0, setzone, 0, AF_ANY }, 283 { "all-zones", 0, setallzones, 0, AF_ANY }, 284 { "ether", OPTARG, setifether, 0, AF_ANY }, 285 { "usesrc", NEXTARG, setifsrc, 0, AF_ANY }, 286 287 /* 288 * NOTE: any additions to this table must also be applied to ifparse 289 * (usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c) 290 */ 291 292 { 0, 0, setifaddr, 0, AF_ANY }, 293 { 0, 0, setifdstaddr, 0, AF_ANY }, 294 { 0, 0, 0, 0, 0 }, 295 }; 296 297 298 typedef struct if_config_cmd { 299 uint64_t iff_flag; 300 char *iff_name; 301 } if_config_cmd_t; 302 303 static if_config_cmd_t if_config_cmd_tbl[] = { 304 { IFF_UP, "up" }, 305 { IFF_NOTRAILERS, "-trailers" }, 306 { IFF_PRIVATE, "private" }, 307 { IFF_NOXMIT, "-xmit" }, 308 { IFF_ANYCAST, "anycast" }, 309 { IFF_NOLOCAL, "-local" }, 310 { IFF_DEPRECATED, "deprecated" }, 311 { IFF_NOFAILOVER, "-failover" }, 312 { IFF_STANDBY, "standby" }, 313 { IFF_FAILED, "failed" }, 314 { IFF_PREFERRED, "preferred" }, 315 { 0, 0 }, 316 }; 317 318 typedef struct ni { 319 char ni_name[LIFNAMSIZ]; 320 struct ni *ni_next; 321 } ni_t; 322 323 static ni_t *ni_list = NULL; 324 static int num_ni = 0; 325 326 /* End defines and structure definitions for ifconfig -a plumb */ 327 328 /* Known address families */ 329 struct afswtch { 330 char *af_name; 331 short af_af; 332 void (*af_status)(); 333 void (*af_getaddr)(); 334 void (*af_configinfo)(); 335 } afs[] = { 336 { "inet", AF_INET, in_status, in_getaddr, in_configinfo }, 337 { "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo }, 338 { 0, 0, 0, 0, 0 } 339 }; 340 341 #define SOCKET_AF(af) (((af) == AF_UNSPEC) ? AF_INET : (af)) 342 343 struct afswtch *afp; /* the address family being set or asked about */ 344 345 int 346 main(int argc, char *argv[]) 347 { 348 /* Include IFF_NOXMIT, IFF_TEMPORARY and all zone interfaces */ 349 int64_t lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES; 350 char *default_ip_str; 351 352 if (argc < 2) { 353 usage(); 354 exit(1); 355 } 356 argc--, argv++; 357 if (strlen(*argv) > sizeof (name) - 1) { 358 (void) fprintf(stderr, "%s: interface name too long\n", *argv); 359 exit(1); 360 } 361 (void) strncpy(name, *argv, sizeof (name)); 362 name[sizeof (name) - 1] = '\0'; 363 (void) strncpy(origname, name, sizeof (origname)); /* For addif */ 364 default_ip_str = NULL; 365 v4compat = get_compat_flag(&default_ip_str); 366 if (v4compat == DEFAULT_PROT_BAD_VALUE) { 367 (void) fprintf(stderr, 368 "ifconfig: %s: Bad value for %s in %s\n", default_ip_str, 369 DEFAULT_IP, INET_DEFAULT_FILE); 370 free(default_ip_str); 371 exit(2); 372 } 373 free(default_ip_str); 374 argc--, argv++; 375 if (argc > 0) { 376 struct afswtch *myafp; 377 378 for (myafp = afp = afs; myafp->af_name; myafp++) { 379 if (strcmp(myafp->af_name, *argv) == 0) { 380 afp = myafp; argc--; argv++; 381 break; 382 } 383 } 384 af = lifr.lifr_addr.ss_family = afp->af_af; 385 if (af == AF_INET6) { 386 v4compat = 0; 387 } 388 } 389 390 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 391 if (s < 0) { 392 Perror0_exit("socket"); 393 } 394 395 /* 396 * Special interface names is any combination of these flags. 397 * Note that due to the ifconfig syntax they have to be combined 398 * as a single '-' option. 399 * -a All interfaces 400 * -u "up" interfaces 401 * -d "down" interfaces 402 * -D Interfaces not controlled by DHCP 403 * -4 IPv4 interfaces 404 * -6 IPv6 interfaces 405 * -X Turn on debug (not documented) 406 * -v Turn on verbose 407 * -Z Only interfaces in caller's zone 408 */ 409 410 if (name[0] == '-') { 411 /* One or more options */ 412 int64_t onflags = 0; 413 int64_t offflags = 0; 414 int c; 415 char *av[2] = { "ifconfig", name }; 416 417 while ((c = getopt(2, av, "audDXZ46v")) != -1) { 418 switch ((char)c) { 419 case 'a': 420 all = 1; 421 break; 422 case 'u': 423 onflags |= IFF_UP; 424 break; 425 case 'd': 426 offflags |= IFF_UP; 427 break; 428 case 'D': 429 offflags |= IFF_DHCPRUNNING; 430 break; 431 case 'X': 432 debug += 3; 433 break; 434 case 'Z': 435 lifc_flags &= ~LIFC_ALLZONES; 436 break; 437 case '4': 438 /* 439 * -4 is not a compatable flag, therefore 440 * we assume they want v4compat turned off 441 */ 442 v4compat = 0; 443 onflags |= IFF_IPV4; 444 break; 445 case '6': 446 /* 447 * If they want IPv6, well then we'll assume 448 * they don't want IPv4 compat 449 */ 450 v4compat = 0; 451 onflags |= IFF_IPV6; 452 break; 453 case 'v': 454 verbose = 1; 455 break; 456 case '?': 457 usage(); 458 exit(1); 459 } 460 } 461 if (!all) { 462 (void) fprintf(stderr, 463 "ifconfig: %s: no such interface\n", name); 464 exit(1); 465 } 466 foreachinterface(ifconfig, argc, argv, af, onflags, offflags, 467 lifc_flags); 468 } else { 469 ifconfig(argc, argv, af, (struct lifreq *)NULL); 470 } 471 return (0); 472 } 473 474 /* 475 * For each interface, call (*func)(argc, argv, af, lifrp). 476 * Only call function if onflags and offflags are set or clear, respectively, 477 * in the interfaces flags field. 478 */ 479 static void 480 foreachinterface(void (*func)(), int argc, char *argv[], int af, 481 int64_t onflags, int64_t offflags, int64_t lifc_flags) 482 { 483 int n; 484 char *buf; 485 struct lifnum lifn; 486 struct lifconf lifc; 487 struct lifreq *lifrp; 488 struct lifreq lifrl; /* Local lifreq struct */ 489 int numifs; 490 unsigned bufsize; 491 int plumball = 0; 492 int save_af = af; 493 494 buf = NULL; 495 /* 496 * Special case: 497 * ifconfig -a plumb should find all network interfaces 498 * in the machine for the global zone. 499 * For non-global zones, only find the assigned interfaces. 500 * Also, there is no need to SIOCGLIF* ioctls, since 501 * those interfaces have already been plumbed 502 */ 503 if (argc > 0 && (strcmp(*argv, "plumb") == 0)) { 504 if (getzoneid() == GLOBAL_ZONEID) { 505 if (find_all_global_interfaces(&lifc, &buf, 506 lifc_flags) != 0) 507 return; 508 } else { 509 if (find_all_zone_interfaces(&lifc, &buf, 510 lifc_flags) != 0) 511 return; 512 } 513 if (lifc.lifc_len == 0) 514 return; 515 plumball = 1; 516 } else { 517 lifn.lifn_family = AF_UNSPEC; 518 lifn.lifn_flags = lifc_flags; 519 if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) { 520 Perror0_exit("Could not determine number" 521 " of interfaces"); 522 } 523 numifs = lifn.lifn_count; 524 if (debug) 525 (void) printf("ifconfig: %d interfaces\n", numifs); 526 527 bufsize = numifs * sizeof (struct lifreq); 528 if ((buf = malloc(bufsize)) == NULL) { 529 Perror0("out of memory\n"); 530 (void) close(s); 531 return; 532 } 533 534 lifc.lifc_family = AF_UNSPEC; 535 lifc.lifc_flags = lifc_flags; 536 lifc.lifc_len = bufsize; 537 lifc.lifc_buf = buf; 538 539 if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) { 540 Perror0("SIOCGLIFCONF"); 541 (void) close(s); 542 free(buf); 543 return; 544 } 545 } 546 547 lifrp = lifc.lifc_req; 548 for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) { 549 550 if (!plumball) { 551 /* 552 * We must close and recreate the socket each time 553 * since we don't know what type of socket it is now 554 * (each status function may change it). 555 */ 556 557 (void) close(s); 558 559 af = lifrp->lifr_addr.ss_family; 560 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 561 if (s == -1) { 562 /* 563 * Perror0() assumes the name to be in the 564 * globally defined lifreq structure. 565 */ 566 (void) strncpy(lifr.lifr_name, 567 lifrp->lifr_name, sizeof (lifr.lifr_name)); 568 Perror0_exit("socket"); 569 } 570 } 571 572 /* 573 * Only service interfaces that match the on and off 574 * flags masks. 575 */ 576 if (onflags || offflags) { 577 (void) memset(&lifrl, 0, sizeof (lifrl)); 578 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name, 579 sizeof (lifrl.lifr_name)); 580 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrl) < 0) { 581 /* 582 * Perror0() assumes the name to be in the 583 * globally defined lifreq structure. 584 */ 585 (void) strncpy(lifr.lifr_name, 586 lifrp->lifr_name, sizeof (lifr.lifr_name)); 587 Perror0_exit("foreachinterface: SIOCGLIFFLAGS"); 588 } 589 if ((lifrl.lifr_flags & onflags) != onflags) 590 continue; 591 if ((~lifrl.lifr_flags & offflags) != offflags) 592 continue; 593 } 594 595 if (!plumball) { 596 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name, 597 sizeof (lifrl.lifr_name)); 598 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifrl) < 0) { 599 /* 600 * Perror0() assumes the name to be in the 601 * globally defined lifreq structure. 602 */ 603 (void) strncpy(lifr.lifr_name, 604 lifrp->lifr_name, sizeof (lifr.lifr_name)); 605 Perror0("foreachinterface: SIOCGLIFADDR"); 606 continue; 607 } 608 if (lifrl.lifr_addr.ss_family != af) { 609 /* Switch address family */ 610 af = lifrl.lifr_addr.ss_family; 611 (void) close(s); 612 613 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 614 if (s == -1) { 615 /* 616 * Perror0() assumes the name to be in 617 * the globally defined lifreq 618 * structure. 619 */ 620 (void) strncpy(lifr.lifr_name, 621 lifrp->lifr_name, 622 sizeof (lifr.lifr_name)); 623 Perror0_exit("socket"); 624 } 625 } 626 } 627 628 /* 629 * Reset global state 630 * setaddr: Used by parser to tear apart source and dest 631 * name and origname contain the name of the 'current' 632 * interface. 633 */ 634 setaddr = 0; 635 (void) strncpy(name, lifrp->lifr_name, sizeof (name)); 636 (void) strncpy(origname, name, sizeof (origname)); 637 638 (*func)(argc, argv, save_af, lifrp); 639 /* the func could have overwritten origname, so restore */ 640 (void) strncpy(name, origname, sizeof (name)); 641 } 642 if (buf != NULL) 643 free(buf); 644 } 645 646 static void 647 tun_reality_check(void) 648 { 649 struct iftun_req treq; 650 ipsec_req_t *ipsr; 651 652 (void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name)); 653 if (strchr(name, ':') != NULL) { 654 /* Return, we don't need to check. */ 655 return; 656 } 657 if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0 || 658 !(treq.ifta_flags & IFTUN_SECURITY) || 659 (treq.ifta_flags & IFTUN_COMPLEX_SECURITY)) { 660 /* 661 * Either not a tunnel (the SIOCGTUNPARAM fails on 662 * non-tunnels), the security flag is not set, or 663 * this is a tunnel with ipsecconf(1M)-set policy. 664 * Regardless, return. 665 */ 666 return; 667 } 668 669 ipsr = (ipsec_req_t *)&treq.ifta_secinfo; 670 671 if (ipsr->ipsr_esp_req != 0 && 672 ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE && 673 ipsr->ipsr_ah_req == 0) 674 (void) fprintf(stderr, "ifconfig: WARNING - tunnel with " 675 "only ESP and no authentication.\n"); 676 } 677 678 /* 679 * for the specified interface call (*func)(argc, argv, af, lifrp). 680 */ 681 682 static void 683 ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp) 684 { 685 static boolean_t scan_netmask = _B_FALSE; 686 int ret; 687 688 if (argc == 0) { 689 status(); 690 return; 691 } 692 693 if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) { 694 /* 695 * Some errors are ignored in the case where more than one 696 * interface is being operated on. 697 */ 698 ret = setifdhcp("ifconfig", name, argc, argv); 699 if (ret == DHCP_EXIT_IF_FAILURE) { 700 if (!all) 701 exit(DHCP_EXIT_FAILURE); 702 } else if (ret != DHCP_EXIT_SUCCESS) { 703 exit(ret); 704 } 705 return; 706 } 707 708 /* 709 * The following is a "hack" to get around the existing interface 710 * setting mechanism. Currently, each interface attribute, 711 * such as address, netmask, broadcast, ... is set separately. But 712 * sometimes two or more attributes must be set together. For 713 * example, setting an address without a netmask does not make sense. 714 * Yet they can be set separately for IPv4 address using the current 715 * ifconfig(1M) syntax. The kernel then "infers" the correct netmask 716 * using the deprecated "IP address classes." This is simply not 717 * correct. 718 * 719 * The "hack" below is to go thru the whole command list looking for 720 * the netmask command first. Then use this netmask to set the 721 * address. This does not provide an extensible way to accommodate 722 * future need for setting more than one attributes together. 723 * 724 * Note that if the "netmask" command argument is a "+", we need 725 * to save this info and do the query after we know the address to 726 * be set. The reason is that if "addif" is used, the working 727 * interface name will be changed later when the logical interface 728 * is created. In in_getmask(), if an address is not provided, 729 * it will use the working interface's address to do the query. 730 * It will be wrong now as we don't know the logical interface's name. 731 * 732 * ifconfig(1M) is too overloaded and the code is so convoluted 733 * that it is "safer" not to re-architect the code to fix the above 734 * issue, hence this "hack." We may be better off to have a new 735 * command with better syntax for configuring network interface 736 * parameters... 737 */ 738 if (!scan_netmask && afp->af_af == AF_INET) { 739 int largc; 740 char **largv; 741 742 /* Only go thru the command list once to find the netmask. */ 743 scan_netmask = _B_TRUE; 744 745 /* 746 * Currently, if multiple netmask commands are specified, the 747 * last one will be used as the final netmask. So we need 748 * to scan the whole list to preserve this behavior. 749 */ 750 for (largc = argc, largv = argv; largc > 0; largc--, largv++) { 751 if (strcmp(*largv, NETMASK_CMD) == 0) { 752 if (--largc == 0) 753 break; 754 largv++; 755 if (strcmp(*largv, "+") == 0) { 756 g_netmask_set = G_NETMASK_PENDING; 757 } else { 758 in_getaddr(*largv, (struct sockaddr *) 759 &g_netmask, NULL); 760 g_netmask_set = G_NETMASK_SET; 761 } 762 /* Continue the scan. */ 763 } 764 } 765 } 766 767 while (argc > 0) { 768 struct cmd *p; 769 boolean_t found_cmd; 770 771 if (debug) 772 (void) printf("ifconfig: argv %s\n", *argv); 773 774 found_cmd = _B_FALSE; 775 for (p = cmds; p->c_func; p++) { 776 if (p->c_name) { 777 if (strcmp(*argv, p->c_name) == 0) { 778 /* 779 * indicate that the command was 780 * found and check to see if 781 * the address family is valid 782 */ 783 found_cmd = _B_TRUE; 784 if (p->c_af == AF_ANY || 785 af == p->c_af) 786 break; 787 } 788 } else { 789 if (p->c_af == AF_ANY || 790 af == p->c_af) 791 break; 792 } 793 } 794 /* 795 * If we found the keyword, but the address family 796 * did not match spit out an error 797 */ 798 if (found_cmd && p->c_name == 0) { 799 (void) fprintf(stderr, "ifconfig: Operation %s not" 800 " supported for %s\n", *argv, afp->af_name); 801 exit(1); 802 } 803 /* 804 * else (no keyword found), we assume it's an address 805 * of some sort 806 */ 807 if (p->c_name == 0 && setaddr) 808 p++; /* got src, do dst */ 809 if (p->c_func) { 810 if (p->c_af == AF_INET6) { 811 v4compat = 0; 812 } 813 if (p->c_parameter == NEXTARG || 814 p->c_parameter == OPTARG) { 815 argc--, argv++; 816 if (argc == 0 && p->c_parameter == NEXTARG) { 817 (void) fprintf(stderr, 818 "ifconfig: no argument for %s\n", 819 p->c_name); 820 exit(1); 821 } 822 } 823 /* 824 * Call the function if: 825 * 826 * there's no address family 827 * restriction 828 * OR 829 * we don't know the address yet 830 * (because we were called from 831 * main) 832 * OR 833 * there is a restriction AND 834 * the address families match 835 */ 836 if ((p->c_af == AF_ANY) || 837 (lifrp == (struct lifreq *)NULL) || 838 (lifrp->lifr_addr.ss_family == p->c_af)) { 839 ret = (*p->c_func)(*argv, p->c_parameter); 840 /* 841 * If c_func failed and we should 842 * abort processing for this 843 * interface on failure, return 844 * now rather than going on to 845 * process other commands for 846 * the same interface. 847 */ 848 if (ret != 0 && p->c_abortonfail) 849 return; 850 } 851 } 852 argc--, argv++; 853 } 854 855 /* Check to see if there's a security hole in the tunnel setup. */ 856 tun_reality_check(); 857 } 858 859 /* ARGSUSED */ 860 static int 861 setdebugflag(char *val, int64_t arg) 862 { 863 debug++; 864 return (0); 865 } 866 867 /* ARGSUSED */ 868 static int 869 setverboseflag(char *val, int64_t arg) 870 { 871 verbose++; 872 return (0); 873 } 874 875 /* 876 * This function fills in the given lifreq's lifr_addr field based on 877 * g_netmask_set. 878 */ 879 static void 880 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr, 881 struct sockaddr_storage *mask) 882 { 883 assert(addr != NULL); 884 assert(mask != NULL); 885 886 switch (g_netmask_set) { 887 case G_NETMASK_SET: 888 lifr->lifr_addr = g_netmask; 889 break; 890 891 case G_NETMASK_PENDING: 892 /* 893 * "+" is used as the argument to "netmask" command. Query 894 * the database on the correct netmask based on the address to 895 * be set. 896 */ 897 assert(afp->af_af == AF_INET); 898 g_netmask = *addr; 899 if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) { 900 lifr->lifr_addr = *mask; 901 g_netmask_set = G_NETMASK_NIL; 902 } else { 903 lifr->lifr_addr = g_netmask; 904 g_netmask_set = G_NETMASK_SET; 905 } 906 break; 907 908 case G_NETMASK_NIL: 909 default: 910 lifr->lifr_addr = *mask; 911 break; 912 } 913 } 914 915 /* 916 * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n> 917 * syntax for setting the address, the address plus netmask, and just 918 * the netmask respectively. 919 */ 920 /* ARGSUSED */ 921 static int 922 setifaddr(char *addr, int64_t param) 923 { 924 int prefixlen = 0; 925 struct sockaddr_storage laddr; 926 struct sockaddr_storage netmask; 927 struct sockaddr_in6 *sin6; 928 struct sockaddr_in *sin; 929 struct sockaddr_storage sav_netmask; 930 931 if (addr[0] == '/') 932 return (setifprefixlen(addr, 0)); 933 934 (*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen); 935 936 (void) memset(&netmask, 0, sizeof (netmask)); 937 netmask.ss_family = afp->af_af; 938 switch (prefixlen) { 939 case NO_PREFIX: 940 /* Nothing there - ok */ 941 break; 942 case BAD_ADDR: 943 (void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n", 944 addr); 945 exit(1); 946 default: 947 if (afp->af_af == AF_INET6) { 948 sin6 = (struct sockaddr_in6 *)&netmask; 949 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 950 (uchar_t *)&sin6->sin6_addr)) { 951 (void) fprintf(stderr, "ifconfig: " 952 "Bad prefix length: %d\n", 953 prefixlen); 954 exit(1); 955 } 956 } else { 957 sin = (struct sockaddr_in *)&netmask; 958 if (!in_prefixlentomask(prefixlen, IP_ABITS, 959 (uchar_t *)&sin->sin_addr)) { 960 (void) fprintf(stderr, "ifconfig: " 961 "Bad prefix length: %d\n", 962 prefixlen); 963 exit(1); 964 } 965 } 966 /* 967 * Just in case of funny setting of both prefix and netmask, 968 * prefix should override the netmask command. 969 */ 970 g_netmask_set = G_NETMASK_NIL; 971 break; 972 } 973 /* Tell parser that an address was set */ 974 setaddr++; 975 /* save copy of netmask to restore in case of error */ 976 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 977 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) 978 Perror0_exit("SIOCGLIFNETMASK"); 979 sav_netmask = lifr.lifr_addr; 980 981 /* 982 * If setting the address and not the mask, clear any existing mask 983 * and the kernel will then assign the default (netmask has been set 984 * to 0 in this case). If setting both (either by using a prefix or 985 * using the netmask command), set the mask first, so the address will 986 * be interpreted correctly. 987 */ 988 set_mask_lifreq(&lifr, &laddr, &netmask); 989 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 990 Perror0_exit("SIOCSLIFNETMASK"); 991 992 if (debug) { 993 char abuf[INET6_ADDRSTRLEN]; 994 void *addr = (afp->af_af == AF_INET) ? 995 (void *)&((struct sockaddr_in *)&laddr)->sin_addr : 996 (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr; 997 998 (void) printf("Setting %s af %d addr %s\n", 999 lifr.lifr_name, afp->af_af, 1000 inet_ntop(afp->af_af, addr, abuf, sizeof (abuf))); 1001 } 1002 lifr.lifr_addr = laddr; 1003 lifr.lifr_addr.ss_family = afp->af_af; 1004 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) { 1005 /* 1006 * Restore the netmask 1007 */ 1008 int saverr = errno; 1009 1010 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1011 lifr.lifr_addr = sav_netmask; 1012 (void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr); 1013 errno = saverr; 1014 Perror0_exit("SIOCSLIFADDR"); 1015 } 1016 1017 return (0); 1018 } 1019 1020 /* 1021 * The following functions are stolen from the ipseckey(1m) program. 1022 * Perhaps they should be somewhere common, but for now, we just maintain 1023 * two versions. We do this because of the different semantics for which 1024 * algorithms we select ("requested" for ifconfig vs. "actual" for key). 1025 */ 1026 1027 static ulong_t 1028 parsenum(char *num) 1029 { 1030 ulong_t rc; 1031 char *end = NULL; 1032 1033 errno = 0; 1034 rc = strtoul(num, &end, 0); 1035 if (errno != 0 || end == num || *end != '\0') { 1036 rc = (ulong_t)-1; 1037 } 1038 1039 return (rc); 1040 } 1041 1042 /* 1043 * Parse and reverse parse possible algorithm values, include numbers. 1044 * Mostly stolen from ipseckey.c. See the comments above parsenum() for why 1045 * this isn't common to ipseckey.c. 1046 * 1047 * NOTE: Static buffer in this function for the return value. Since ifconfig 1048 * isn't multithreaded, this isn't a huge problem. 1049 */ 1050 1051 #define NBUF_SIZE 20 /* Enough to print a large integer. */ 1052 1053 static char * 1054 rparsealg(uint8_t alg_value, int proto_num) 1055 { 1056 struct ipsecalgent *alg; 1057 static char numprint[128]; /* Enough to hold an algorithm name. */ 1058 1059 /* 1060 * Special cases for "any" and "none" 1061 * The kernel needs to be able to distinguish between "any" 1062 * and "none" and the APIs are underdefined in this area for auth. 1063 */ 1064 if (proto_num == IPSEC_PROTO_AH) { 1065 if (alg_value == SADB_AALG_NONE) 1066 return ("none"); 1067 if (alg_value == SADB_AALG_ANY) 1068 return ("any"); 1069 } 1070 1071 alg = getipsecalgbynum(alg_value, proto_num, NULL); 1072 if (alg != NULL) { 1073 (void) strlcpy(numprint, alg->a_names[0], sizeof (numprint)); 1074 freeipsecalgent(alg); 1075 } else { 1076 (void) snprintf(numprint, sizeof (numprint), "%d", alg_value); 1077 } 1078 1079 return (numprint); 1080 } 1081 1082 static uint_t 1083 parsealg(char *algname, int proto_num) 1084 { 1085 struct ipsecalgent *alg; 1086 ulong_t invalue; 1087 1088 if (algname == NULL) { 1089 (void) fprintf(stderr, "ifconfig: Unexpected end of command " 1090 "line.\n"); 1091 exit(1); 1092 } 1093 1094 /* 1095 * Special-case "none" and "any". 1096 * Use strcasecmp because its length is bounded. 1097 */ 1098 if (strcasecmp("none", algname) == 0) { 1099 return ((proto_num == IPSEC_PROTO_ESP) ? 1100 NO_ESP_EALG : NO_ESP_AALG); 1101 } 1102 if ((strcasecmp("any", algname) == 0) && (proto_num == IPSEC_PROTO_AH)) 1103 return (SADB_AALG_ANY); 1104 1105 alg = getipsecalgbyname(algname, proto_num, NULL); 1106 if (alg != NULL) { 1107 invalue = alg->a_alg_num; 1108 freeipsecalgent(alg); 1109 return ((uint_t)invalue); 1110 } 1111 1112 /* 1113 * Since algorithms can be loaded during kernel run-time, check for 1114 * numeric algorithm values too. 1115 */ 1116 invalue = parsenum(algname); 1117 if ((invalue & (ulong_t)0xff) == invalue) 1118 return ((uint_t)invalue); 1119 1120 (void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n", 1121 (proto_num == IPSEC_PROTO_ESP) ? 1122 "Encryption" : "Authentication", algname); 1123 exit(1); 1124 /* NOTREACHED */ 1125 } 1126 1127 /* 1128 * Actual ifconfig functions to set tunnel security properties. 1129 */ 1130 1131 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG }; 1132 1133 boolean_t first_set_tun = _B_TRUE; 1134 boolean_t encr_alg_set = _B_FALSE; 1135 1136 /* 1137 * Need global for multiple calls to set_tun_algs 1138 * because we accumulate algorithm selections over 1139 * the lifetime of this ifconfig(1M) invocation. 1140 */ 1141 static struct iftun_req treq_tun; 1142 1143 static int 1144 set_tun_algs(int which_alg, int alg) 1145 { 1146 ipsec_req_t *ipsr; 1147 1148 (void) strncpy(treq_tun.ifta_lifr_name, name, 1149 sizeof (treq_tun.ifta_lifr_name)); 1150 if (strchr(name, ':') != NULL) { 1151 errno = EPERM; 1152 Perror0_exit("Tunnel params on logical interfaces"); 1153 } 1154 if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq_tun) < 0) { 1155 if (errno == EOPNOTSUPP || errno == EINVAL) 1156 Perror0_exit("Not a tunnel"); 1157 else Perror0_exit("SIOCGTUNPARAM"); 1158 } 1159 1160 ipsr = (ipsec_req_t *)&treq_tun.ifta_secinfo; 1161 1162 if (treq_tun.ifta_vers != IFTUN_VERSION) { 1163 (void) fprintf(stderr, 1164 "Kernel tunnel secinfo version mismatch.\n"); 1165 exit(1); 1166 } 1167 1168 /* 1169 * If I'm just starting off this ifconfig, I want a clean slate, 1170 * otherwise, I've captured the current tunnel security settings. 1171 * In the case of continuation, I merely add to the settings. 1172 */ 1173 if (first_set_tun) { 1174 first_set_tun = _B_FALSE; 1175 (void) memset(ipsr, 0, sizeof (*ipsr)); 1176 } 1177 1178 treq_tun.ifta_flags = IFTUN_SECURITY; 1179 1180 switch (which_alg) { 1181 case ESP_ENCR_ALG: 1182 if (alg == NO_ESP_EALG) { 1183 if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE) 1184 ipsr->ipsr_esp_req = 0; 1185 ipsr->ipsr_esp_alg = SADB_EALG_NONE; 1186 1187 /* Let the user specify NULL encryption implicitly. */ 1188 if (ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) { 1189 encr_alg_set = _B_TRUE; 1190 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1191 } 1192 } else { 1193 encr_alg_set = _B_TRUE; 1194 ipsr->ipsr_esp_req = 1195 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1196 ipsr->ipsr_esp_alg = alg; 1197 } 1198 break; 1199 case ESP_AUTH_ALG: 1200 if (alg == NO_ESP_AALG) { 1201 if ((ipsr->ipsr_esp_alg == SADB_EALG_NONE || 1202 ipsr->ipsr_esp_alg == SADB_EALG_NULL) && 1203 !encr_alg_set) 1204 ipsr->ipsr_esp_req = 0; 1205 ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE; 1206 } else { 1207 ipsr->ipsr_esp_req = 1208 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1209 ipsr->ipsr_esp_auth_alg = alg; 1210 1211 /* Let the user specify NULL encryption implicitly. */ 1212 if (ipsr->ipsr_esp_alg == SADB_EALG_NONE && 1213 !encr_alg_set) 1214 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1215 } 1216 break; 1217 case AH_AUTH_ALG: 1218 if (alg == NO_AH_AALG) { 1219 ipsr->ipsr_ah_req = 0; 1220 ipsr->ipsr_auth_alg = SADB_AALG_NONE; 1221 } else { 1222 ipsr->ipsr_ah_req = 1223 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1224 ipsr->ipsr_auth_alg = alg; 1225 } 1226 break; 1227 /* Will never hit DEFAULT */ 1228 } 1229 1230 if (ioctl(s, SIOCSTUNPARAM, (caddr_t)&treq_tun) < 0) { 1231 Perror2_exit("set tunnel security properties", 1232 treq_tun.ifta_lifr_name); 1233 } 1234 1235 return (0); 1236 } 1237 1238 /* ARGSUSED */ 1239 static int 1240 set_tun_esp_encr_alg(char *addr, int64_t param) 1241 { 1242 return (set_tun_algs(ESP_ENCR_ALG, 1243 parsealg(addr, IPSEC_PROTO_ESP))); 1244 } 1245 1246 /* ARGSUSED */ 1247 static int 1248 set_tun_esp_auth_alg(char *addr, int64_t param) 1249 { 1250 return (set_tun_algs(ESP_AUTH_ALG, 1251 parsealg(addr, IPSEC_PROTO_AH))); 1252 } 1253 1254 /* ARGSUSED */ 1255 static int 1256 set_tun_ah_alg(char *addr, int64_t param) 1257 { 1258 return (set_tun_algs(AH_AUTH_ALG, 1259 parsealg(addr, IPSEC_PROTO_AH))); 1260 } 1261 1262 /* ARGSUSED */ 1263 static int 1264 setifrevarp(char *arg, int64_t param) 1265 { 1266 struct sockaddr_in laddr; 1267 1268 if (afp->af_af == AF_INET6) { 1269 (void) fprintf(stderr, 1270 "ifconfig: revarp not possible on IPv6 interface %s\n", 1271 name); 1272 exit(1); 1273 } 1274 if (doifrevarp(name, &laddr)) { 1275 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1276 laddr.sin_family = AF_INET; 1277 (void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr)); 1278 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1279 Perror0_exit("SIOCSLIFADDR"); 1280 } 1281 return (0); 1282 } 1283 1284 /* ARGSUSED */ 1285 static int 1286 setifsubnet(char *addr, int64_t param) 1287 { 1288 int prefixlen = 0; 1289 struct sockaddr_storage subnet; 1290 1291 (*afp->af_getaddr)(addr, &subnet, &prefixlen); 1292 1293 switch (prefixlen) { 1294 case NO_PREFIX: 1295 (void) fprintf(stderr, 1296 "ifconfig: Missing prefix length in subnet %s\n", addr); 1297 exit(1); 1298 /* NOTREACHED */ 1299 case BAD_ADDR: 1300 (void) fprintf(stderr, 1301 "ifconfig: Bad prefix length in %s\n", addr); 1302 exit(1); 1303 default: 1304 break; 1305 } 1306 1307 lifr.lifr_addr = subnet; 1308 lifr.lifr_addrlen = prefixlen; 1309 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1310 if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0) 1311 Perror0_exit("SIOCSLIFSUBNET"); 1312 1313 return (0); 1314 } 1315 1316 /* ARGSUSED */ 1317 static int 1318 setifnetmask(char *addr, int64_t param) 1319 { 1320 struct sockaddr_in netmask; 1321 1322 assert(afp->af_af != AF_INET6); 1323 1324 if (strcmp(addr, "+") == 0) { 1325 if (!in_getmask(&netmask, _B_FALSE)) 1326 return (0); 1327 (void) printf("Setting netmask of %s to %s\n", name, 1328 inet_ntoa(netmask.sin_addr)); 1329 } else { 1330 in_getaddr(addr, (struct sockaddr *)&netmask, NULL); 1331 } 1332 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1333 (void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask)); 1334 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1335 Perror0_exit("SIOCSLIFNETMASK"); 1336 return (0); 1337 } 1338 1339 /* 1340 * Parse '/<n>' as a netmask. 1341 */ 1342 /* ARGSUSED */ 1343 static int 1344 setifprefixlen(char *addr, int64_t param) 1345 { 1346 int prefixlen; 1347 int af = afp->af_af; 1348 1349 prefixlen = in_getprefixlen(addr, _B_TRUE, 1350 (af == AF_INET) ? IP_ABITS : IPV6_ABITS); 1351 if (prefixlen < 0) { 1352 (void) fprintf(stderr, 1353 "ifconfig: Bad prefix length in %s\n", addr); 1354 exit(1); 1355 } 1356 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1357 lifr.lifr_addr.ss_family = af; 1358 if (af == AF_INET6) { 1359 struct sockaddr_in6 *sin6; 1360 1361 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 1362 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1363 (uchar_t *)&sin6->sin6_addr)) { 1364 (void) fprintf(stderr, "ifconfig: " 1365 "Bad prefix length: %d\n", 1366 prefixlen); 1367 exit(1); 1368 } 1369 } else if (af == AF_INET) { 1370 struct sockaddr_in *sin; 1371 1372 sin = (struct sockaddr_in *)&lifr.lifr_addr; 1373 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1374 (uchar_t *)&sin->sin_addr)) { 1375 (void) fprintf(stderr, "ifconfig: " 1376 "Bad prefix length: %d\n", 1377 prefixlen); 1378 exit(1); 1379 } 1380 } else { 1381 (void) fprintf(stderr, "ifconfig: setting prefix only supported" 1382 " for address family inet or inet6\n"); 1383 exit(1); 1384 } 1385 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1386 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1387 Perror0_exit("SIOCSLIFNETMASK"); 1388 return (0); 1389 } 1390 1391 /* ARGSUSED */ 1392 static int 1393 setifbroadaddr(char *addr, int64_t param) 1394 { 1395 struct sockaddr_in broadaddr; 1396 1397 assert(afp->af_af != AF_INET6); 1398 1399 if (strcmp(addr, "+") == 0) { 1400 /* 1401 * This doesn't set the broadcast address at all. Rather, it 1402 * gets, then sets the interface's address, relying on the fact 1403 * that resetting the address will reset the broadcast address. 1404 */ 1405 (void) strncpy(lifr.lifr_name, name, 1406 sizeof (lifr.lifr_name)); 1407 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 1408 if (errno != EADDRNOTAVAIL) 1409 Perror0_exit("SIOCGLIFADDR"); 1410 return (0); 1411 } 1412 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1413 Perror0_exit("SIOCGLIFADDR"); 1414 1415 return (0); 1416 } 1417 in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL); 1418 1419 (void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr)); 1420 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1421 if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0) 1422 Perror0_exit("SIOCSLIFBRDADDR"); 1423 return (0); 1424 } 1425 1426 /* 1427 * set interface destination address 1428 */ 1429 /* ARGSUSED */ 1430 static int 1431 setifdstaddr(char *addr, int64_t param) 1432 { 1433 (*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL); 1434 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1435 if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0) 1436 Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR"); 1437 return (0); 1438 } 1439 1440 /* ARGSUSED */ 1441 static int 1442 setifflags(char *val, int64_t value) 1443 { 1444 int phyintlen, origphyintlen; 1445 1446 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1447 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) 1448 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1449 1450 if (value == IFF_NOFAILOVER) { 1451 /* 1452 * Fail if '-failover' is set after a prior addif created the 1453 * alias on a different interface. This can happen when the 1454 * interface is part of an IPMP group. 1455 */ 1456 phyintlen = strcspn(name, ":"); 1457 origphyintlen = strcspn(origname, ":"); 1458 if (phyintlen != origphyintlen || 1459 strncmp(name, origname, phyintlen) != 0) { 1460 (void) fprintf(stderr, "ifconfig: can't set -failover " 1461 "on failed/standby/offlined interface %s\n", 1462 origname); 1463 exit(1); 1464 } 1465 } 1466 1467 if (value < 0) { 1468 value = -value; 1469 lifr.lifr_flags &= ~value; 1470 if ((value & IFF_UP) && (lifr.lifr_flags & IFF_DUPLICATE)) { 1471 /* 1472 * If the user is trying to mark an interface with a 1473 * duplicate address as "down," then fetch the address 1474 * and set it. This will cause IP to clear the 1475 * IFF_DUPLICATE flag and stop the automatic recovery 1476 * timer. 1477 */ 1478 value = lifr.lifr_flags; 1479 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) 1480 (void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr); 1481 lifr.lifr_flags = value; 1482 } 1483 } else { 1484 lifr.lifr_flags |= value; 1485 } 1486 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1487 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) { 1488 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1489 } 1490 return (0); 1491 } 1492 1493 /* ARGSUSED */ 1494 static int 1495 setifmetric(char *val, int64_t param) 1496 { 1497 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1498 lifr.lifr_metric = atoi(val); 1499 if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0) 1500 Perror0_exit("setifmetric: SIOCSLIFMETRIC"); 1501 return (0); 1502 } 1503 1504 /* ARGSUSED */ 1505 static int 1506 setifmtu(char *val, int64_t param) 1507 { 1508 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1509 lifr.lifr_mtu = atoi(val); 1510 if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0) 1511 Perror0_exit("setifmtu: SIOCSLIFMTU"); 1512 return (0); 1513 } 1514 1515 /* ARGSUSED */ 1516 static int 1517 setifindex(char *val, int64_t param) 1518 { 1519 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1520 lifr.lifr_index = atoi(val); 1521 if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0) 1522 Perror0_exit("setifindex: SIOCSLIFINDEX"); 1523 return (0); 1524 } 1525 1526 /* ARGSUSED */ 1527 static int 1528 setifether(char *addr, int64_t param) 1529 { 1530 uchar_t *ea; 1531 iface_t *current; 1532 int maclen; 1533 1534 if (addr == NULL) { 1535 ifstatus(name); 1536 print_ifether(name); 1537 return (0); 1538 } 1539 1540 phyif = NULL; 1541 logifs = NULL; 1542 1543 /* 1544 * if the IP interface in the arguments is a logical 1545 * interface, exit with an error now. 1546 */ 1547 if (strchr(name, ':') != NULL) { 1548 (void) fprintf(stderr, "ifconfig: cannot change" 1549 " ethernet address of a logical interface\n"); 1550 exit(1); 1551 } 1552 1553 ea = _link_aton(addr, &maclen); 1554 if (ea == NULL) { 1555 if (maclen == -1) 1556 (void) fprintf(stderr, 1557 "ifconfig: %s: bad address\n", addr); 1558 else 1559 (void) fprintf(stderr, "ifconfig: malloc() failed\n"); 1560 exit(1); 1561 } 1562 1563 (void) strncpy(savedname, name, sizeof (savedname)); 1564 1565 /* 1566 * Call selectifs only for the IP interfaces that are ipv4. 1567 * offflags == IFF_IPV6 because you should not change the 1568 * Ethernet address of an ipv6 interface 1569 */ 1570 foreachinterface(selectifs, 0, (char **)NULL, 0, 0, IFF_IPV6, 0); 1571 1572 /* If physical interface not found, exit now */ 1573 if (phyif == NULL) { 1574 (void) fprintf(stderr, 1575 "ifconfig: interface %s not found\n", savedname); 1576 exit(1); 1577 } 1578 1579 /* Restore */ 1580 (void) strncpy(name, savedname, sizeof (name)); 1581 (void) strncpy(origname, savedname, sizeof (origname)); 1582 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1583 1584 /* 1585 * close and reopen the socket 1586 * we don't know which type of socket we have now 1587 */ 1588 (void) close(s); 1589 s = socket(SOCKET_AF(AF_UNSPEC), SOCK_DGRAM, 0); 1590 if (s < 0) { 1591 Perror0_exit("socket"); 1592 } 1593 1594 /* 1595 * mark down the logical interfaces first, 1596 * and then the physical interface 1597 */ 1598 if (updownifs(logifs, 0) < 0 || updownifs(phyif, 0) < 0) { 1599 Perror0_exit("mark down interface failed"); 1600 } 1601 1602 /* 1603 * Change the physical address 1604 */ 1605 if (dlpi_set_address(savedname, ea, maclen) == -1) { 1606 (void) fprintf(stderr, 1607 "ifconfig: failed setting mac address on %s\n", 1608 savedname); 1609 } 1610 1611 /* 1612 * if any interfaces were marked down before changing the 1613 * ethernet address, put them up again. 1614 * First the physical interface, then the logical ones. 1615 */ 1616 if (updownifs(phyif, 1) < 0 || updownifs(logifs, 1) < 0) { 1617 Perror0_exit("mark down interface failed"); 1618 } 1619 1620 /* Free the memory allocated by selectifs */ 1621 free(phyif); 1622 for (current = logifs; current != NULL; current = logifs) { 1623 logifs = logifs->next; 1624 free(current); 1625 } 1626 1627 return (0); 1628 } 1629 1630 /* 1631 * Print an interface's Ethernet address, if it has one. 1632 */ 1633 static void 1634 print_ifether(char *ifname) 1635 { 1636 int protocol; 1637 icfg_if_t interface; 1638 icfg_handle_t handle; 1639 int fd; 1640 1641 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1642 1643 fd = socket(AF_INET, SOCK_DGRAM, 0); 1644 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1645 /* 1646 * It's possible the interface is only configured for 1647 * IPv6; check again with AF_INET6. 1648 */ 1649 (void) close(fd); 1650 fd = socket(AF_INET6, SOCK_DGRAM, 0); 1651 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1652 (void) close(fd); 1653 return; 1654 } 1655 } 1656 (void) close(fd); 1657 1658 /* Virtual interfaces don't have MAC addresses */ 1659 if (lifr.lifr_flags & IFF_VIRTUAL) 1660 return; 1661 1662 /* 1663 * We must be careful to set if_protocol based on the current 1664 * properties of the interface. For instance, if "ip.tun0" is 1665 * configured only as an IPv6 tunnel, then if_protocol must be 1666 * set to AF_INET6 or icfg_get_tunnel_lower() will fail and 1667 * we will falsely conclude that it's not a tunnel. 1668 */ 1669 interface.if_protocol = AF_INET; 1670 if (lifr.lifr_flags & IFF_IPV6) 1671 interface.if_protocol = AF_INET6; 1672 1673 (void) strncpy(interface.if_name, ifname, sizeof (interface.if_name)); 1674 1675 if (icfg_open(&handle, &interface) == ICFG_SUCCESS) { 1676 if (icfg_get_tunnel_lower(handle, &protocol) == ICFG_SUCCESS) { 1677 /* Tunnel op succeeded -- it's a tunnel so skip */ 1678 icfg_close(handle); 1679 return; 1680 } 1681 icfg_close(handle); 1682 } 1683 1684 dlpi_print_address(ifname); 1685 } 1686 1687 /* 1688 * static void selectifs(int argc, char *argv[], int af, struct lifreq *rp) 1689 * 1690 * Called inside setifether() to create a list of interfaces to 1691 * mark down/up when changing the Ethernet address. 1692 * If the current interface is the physical interface passed 1693 * as an argument to ifconfig, update phyif. 1694 * If the current interface is a logical interface associated 1695 * to the physical interface, add it to the logifs list. 1696 */ 1697 /* ARGSUSED */ 1698 static void 1699 selectifs(int argc, char *argv[], int af, struct lifreq *rp) 1700 { 1701 char *colonp; 1702 int length; 1703 iface_t *current; 1704 1705 /* 1706 * savedname= name of the IP interface to which you want to 1707 * change ethernet address 1708 * name= name of the current IP interface 1709 */ 1710 colonp = strchr(name, ':'); 1711 if (colonp == NULL) 1712 length = max(strlen(savedname), strlen(name)); 1713 else 1714 length = max(strlen(savedname), colonp - name); 1715 if (strncmp(savedname, name, length) == 0) { 1716 (void) strcpy(lifr.lifr_name, name); 1717 if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) { 1718 Perror0("selectifs: SIOCGLIFFLAGS"); 1719 return; 1720 } 1721 1722 if ((current = malloc(sizeof (iface_t))) == NULL) { 1723 Perror0_exit("selectifs: malloc failed\n"); 1724 } 1725 1726 if (colonp == NULL) { 1727 /* this is the physical interface */ 1728 phyif = current; 1729 bcopy(&lifr, &phyif->lifr, sizeof (struct lifreq)); 1730 phyif->next = NULL; 1731 } else { 1732 /* this is a logical interface */ 1733 bcopy(&lifr, ¤t->lifr, sizeof (struct lifreq)); 1734 current->next = logifs; 1735 logifs = current; 1736 } 1737 } 1738 } 1739 1740 /* 1741 * static int updownifs(iface_t *ifs, int up) 1742 * 1743 * It takes in input a list of IP interfaces (ifs) 1744 * and a flag (up). 1745 * It marks each interface in the list down (up = 0) 1746 * or up (up > 0). This is done ONLY if the IP 1747 * interface was originally up. 1748 * 1749 * Return values: 1750 * 0 = everything OK 1751 * -1 = problem 1752 */ 1753 static int 1754 updownifs(iface_t *ifs, int up) 1755 { 1756 iface_t *current; 1757 int ret = 0; 1758 int save_errno; 1759 char savename[LIFNAMSIZ]; 1760 uint64_t orig_flags; 1761 1762 for (current = ifs; current != NULL; current = current->next) { 1763 if (current->lifr.lifr_flags & IFF_UP) { 1764 orig_flags = current->lifr.lifr_flags; 1765 if (!up) 1766 current->lifr.lifr_flags &= ~IFF_UP; 1767 if (ioctl(s, SIOCSLIFFLAGS, ¤t->lifr) < 0) { 1768 save_errno = errno; 1769 (void) strcpy(savename, 1770 current->lifr.lifr_name); 1771 ret = -1; 1772 } 1773 if (!up) /* restore the original flags */ 1774 current->lifr.lifr_flags = orig_flags; 1775 } 1776 } 1777 1778 if (ret == -1) { 1779 (void) strcpy(lifr.lifr_name, savename); 1780 errno = save_errno; 1781 } 1782 return (ret); 1783 } 1784 1785 /* 1786 * static int find_all_global_interfaces(struct lifconf *lifcp, char **buf, 1787 * int64_t lifc_flags) 1788 * 1789 * It finds all data links for the global zone. 1790 * 1791 * It takes in input a pointer to struct lifconf to receive interfaces 1792 * informations, a **char to hold allocated buffer, and a lifc_flags. 1793 * 1794 * Return values: 1795 * 0 = everything OK 1796 * -1 = problem 1797 */ 1798 static int 1799 find_all_global_interfaces(struct lifconf *lifcp, char **buf, 1800 int64_t lifc_flags) 1801 { 1802 unsigned bufsize; 1803 int n; 1804 ni_t *nip; 1805 struct lifreq *lifrp; 1806 1807 (void) dlpi_walk(ni_entry, NULL, 0); 1808 1809 /* 1810 * Now, translate the linked list into 1811 * a struct lifreq buffer 1812 */ 1813 if (num_ni == 0) { 1814 lifcp->lifc_family = AF_UNSPEC; 1815 lifcp->lifc_flags = lifc_flags; 1816 lifcp->lifc_len = 0; 1817 lifcp->lifc_buf = NULL; 1818 return (0); 1819 } 1820 1821 bufsize = num_ni * sizeof (struct lifreq); 1822 if ((*buf = malloc(bufsize)) == NULL) 1823 Perror0_exit("find_all_interfaces: malloc failed"); 1824 1825 lifcp->lifc_family = AF_UNSPEC; 1826 lifcp->lifc_flags = lifc_flags; 1827 lifcp->lifc_len = bufsize; 1828 lifcp->lifc_buf = *buf; 1829 1830 for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) { 1831 nip = ni_list; 1832 (void) strncpy(lifrp->lifr_name, nip->ni_name, 1833 sizeof (lifr.lifr_name)); 1834 ni_list = nip->ni_next; 1835 free(nip); 1836 } 1837 return (0); 1838 } 1839 1840 /* 1841 * static int find_all_zone_interfaces(struct lifconf *lifcp, char **buf, 1842 * int64_t lifc_flags) 1843 * 1844 * It finds all interfaces for an exclusive-IP zone, that is all the interfaces 1845 * assigned to it. 1846 * 1847 * It takes in input a pointer to struct lifconf to receive interfaces 1848 * informations, a **char to hold allocated buffer, and a lifc_flags. 1849 * 1850 * Return values: 1851 * 0 = everything OK 1852 * -1 = problem 1853 */ 1854 static int 1855 find_all_zone_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags) 1856 { 1857 zoneid_t zoneid; 1858 unsigned bufsize; 1859 char *dlnames, *ptr; 1860 struct lifreq *lifrp; 1861 int num_ni_saved, i; 1862 1863 zoneid = getzoneid(); 1864 1865 num_ni = 0; 1866 if (zone_list_datalink(zoneid, &num_ni, NULL) != 0) 1867 Perror0_exit("find_all_interfaces: list interfaces failed"); 1868 again: 1869 /* this zone doesn't have any data-links */ 1870 if (num_ni == 0) { 1871 lifcp->lifc_family = AF_UNSPEC; 1872 lifcp->lifc_flags = lifc_flags; 1873 lifcp->lifc_len = 0; 1874 lifcp->lifc_buf = NULL; 1875 return (0); 1876 } 1877 1878 dlnames = malloc(num_ni * LIFNAMSIZ); 1879 if (dlnames == NULL) 1880 Perror0_exit("find_all_interfaces: out of memory"); 1881 num_ni_saved = num_ni; 1882 1883 if (zone_list_datalink(zoneid, &num_ni, dlnames) != 0) 1884 Perror0_exit("find_all_interfaces: list interfaces failed"); 1885 1886 if (num_ni_saved < num_ni) { 1887 /* list increased, try again */ 1888 free(dlnames); 1889 goto again; 1890 } 1891 1892 /* this zone doesn't have any data-links now */ 1893 if (num_ni == 0) { 1894 free(dlnames); 1895 lifcp->lifc_family = AF_UNSPEC; 1896 lifcp->lifc_flags = lifc_flags; 1897 lifcp->lifc_len = 0; 1898 lifcp->lifc_buf = NULL; 1899 return (0); 1900 } 1901 1902 bufsize = num_ni * sizeof (struct lifreq); 1903 if ((*buf = malloc(bufsize)) == NULL) { 1904 free(dlnames); 1905 Perror0_exit("find_all_interfaces: malloc failed"); 1906 } 1907 1908 lifrp = (struct lifreq *)*buf; 1909 ptr = dlnames; 1910 for (i = 0; i < num_ni; i++) { 1911 if (strlcpy(lifrp->lifr_name, ptr, LIFNAMSIZ) >= 1912 LIFNAMSIZ) 1913 Perror0_exit("find_all_interfaces: overflow"); 1914 ptr += LIFNAMSIZ; 1915 lifrp++; 1916 } 1917 1918 free(dlnames); 1919 lifcp->lifc_family = AF_UNSPEC; 1920 lifcp->lifc_flags = lifc_flags; 1921 lifcp->lifc_len = bufsize; 1922 lifcp->lifc_buf = *buf; 1923 return (0); 1924 } 1925 1926 /* 1927 * Create the next unused logical interface using the original name 1928 * and assign the address (and mask if '/<n>' is part of the address). 1929 * Use the new logical interface for subsequent subcommands by updating 1930 * the name variable. 1931 * 1932 * This allows syntax like: 1933 * ifconfig le0 addif 109.106.86.130 netmask + up \ 1934 * addif 109.106.86.131 netmask + up 1935 */ 1936 /* ARGSUSED */ 1937 static int 1938 addif(char *str, int64_t param) 1939 { 1940 int prefixlen = 0; 1941 struct sockaddr_storage laddr; 1942 struct sockaddr_storage mask; 1943 1944 (void) strncpy(name, origname, sizeof (name)); 1945 1946 if (strchr(name, ':') != NULL) { 1947 (void) fprintf(stderr, 1948 "ifconfig: addif: bad physical interface name %s\n", 1949 name); 1950 exit(1); 1951 } 1952 1953 /* 1954 * clear so parser will interpret next address as source followed 1955 * by possible dest 1956 */ 1957 setaddr = 0; 1958 (*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen); 1959 1960 switch (prefixlen) { 1961 case NO_PREFIX: 1962 /* Nothing there - ok */ 1963 break; 1964 case BAD_ADDR: 1965 (void) fprintf(stderr, 1966 "ifconfig: Bad prefix length in %s\n", str); 1967 exit(1); 1968 default: 1969 (void) memset(&mask, 0, sizeof (mask)); 1970 mask.ss_family = afp->af_af; 1971 if (afp->af_af == AF_INET6) { 1972 struct sockaddr_in6 *sin6; 1973 sin6 = (struct sockaddr_in6 *)&mask; 1974 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1975 (uchar_t *)&sin6->sin6_addr)) { 1976 (void) fprintf(stderr, "ifconfig: " 1977 "Bad prefix length: %d\n", 1978 prefixlen); 1979 exit(1); 1980 } 1981 } else { 1982 struct sockaddr_in *sin; 1983 1984 sin = (struct sockaddr_in *)&mask; 1985 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1986 (uchar_t *)&sin->sin_addr)) { 1987 (void) fprintf(stderr, "ifconfig: " 1988 "Bad prefix length: %d\n", 1989 prefixlen); 1990 exit(1); 1991 } 1992 } 1993 g_netmask_set = G_NETMASK_NIL; 1994 break; 1995 } 1996 1997 /* 1998 * This is a "hack" to get around the problem of SIOCLIFADDIF. The 1999 * problem is that this ioctl does not include the netmask when 2000 * adding a logical interface. This is the same problem described 2001 * in the ifconfig() comments. To get around this problem, we first 2002 * add the logical interface with a 0 address. After that, we set 2003 * the netmask if provided. Finally we set the interface address. 2004 */ 2005 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2006 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 2007 2008 /* Note: no need to do DAD here since the interface isn't up yet. */ 2009 2010 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) 2011 Perror0_exit("addif: SIOCLIFADDIF"); 2012 2013 (void) printf("Created new logical interface %s\n", 2014 lifr.lifr_name); 2015 (void) strncpy(name, lifr.lifr_name, sizeof (name)); 2016 2017 /* 2018 * Check and see if any "netmask" command is used and perform the 2019 * necessary operation. 2020 */ 2021 set_mask_lifreq(&lifr, &laddr, &mask); 2022 /* 2023 * Only set the netmask if "netmask" command is used or a prefix is 2024 * provided. 2025 */ 2026 if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) { 2027 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 2028 Perror0_exit("addif: SIOCSLIFNETMASK"); 2029 } 2030 2031 /* Finally, we set the interface address. */ 2032 lifr.lifr_addr = laddr; 2033 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 2034 Perror0_exit("SIOCSLIFADDR"); 2035 2036 /* 2037 * let parser know we got a source. 2038 * Next address, if given, should be dest 2039 */ 2040 setaddr++; 2041 return (0); 2042 } 2043 2044 /* 2045 * Remove a logical interface based on its IP address. Unlike addif 2046 * there is no '/<n>' here. 2047 * Verifies that the interface is down before it is removed. 2048 */ 2049 /* ARGSUSED */ 2050 static int 2051 removeif(char *str, int64_t param) 2052 { 2053 struct sockaddr_storage laddr; 2054 2055 if (strchr(name, ':') != NULL) { 2056 (void) fprintf(stderr, 2057 "ifconfig: removeif: bad physical interface name %s\n", 2058 name); 2059 exit(1); 2060 } 2061 2062 (*afp->af_getaddr)(str, &laddr, NULL); 2063 lifr.lifr_addr = laddr; 2064 2065 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2066 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) { 2067 if (errno == EBUSY) { 2068 /* This can only happen if ipif_id = 0 */ 2069 (void) fprintf(stderr, 2070 "ifconfig: removeif: can't remove interface: %s\n", 2071 name); 2072 exit(1); 2073 } 2074 Perror0_exit("removeif: SIOCLIFREMOVEIF"); 2075 } 2076 return (0); 2077 } 2078 2079 /* 2080 * Set the address token for IPv6. 2081 */ 2082 /* ARGSUSED */ 2083 static int 2084 setiftoken(char *addr, int64_t param) 2085 { 2086 int prefixlen = 0; 2087 struct sockaddr_in6 token; 2088 2089 in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen); 2090 switch (prefixlen) { 2091 case NO_PREFIX: 2092 (void) fprintf(stderr, 2093 "ifconfig: Missing prefix length in subnet %s\n", addr); 2094 exit(1); 2095 /* NOTREACHED */ 2096 case BAD_ADDR: 2097 (void) fprintf(stderr, 2098 "ifconfig: Bad prefix length in %s\n", addr); 2099 exit(1); 2100 default: 2101 break; 2102 } 2103 (void) memcpy(&lifr.lifr_addr, &token, sizeof (token)); 2104 lifr.lifr_addrlen = prefixlen; 2105 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2106 if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0) { 2107 Perror0_exit("setiftoken: SIOCSLIFTOKEN"); 2108 } 2109 return (0); 2110 } 2111 2112 /* 2113 * Return value: 0 on success, -1 on failure. 2114 */ 2115 static int 2116 connect_to_mpathd(int family) 2117 { 2118 int s; 2119 struct sockaddr_storage ss; 2120 struct sockaddr_in *sin = (struct sockaddr_in *)&ss; 2121 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&ss; 2122 struct in6_addr loopback_addr = IN6ADDR_LOOPBACK_INIT; 2123 int addrlen; 2124 int ret; 2125 int on; 2126 2127 s = socket(family, SOCK_STREAM, 0); 2128 if (s < 0) { 2129 Perror0_exit("connect_to_mpathd: socket"); 2130 } 2131 (void) bzero((char *)&ss, sizeof (ss)); 2132 ss.ss_family = family; 2133 /* 2134 * Need to bind to a privileged port. For non-root, this 2135 * will fail. in.mpathd verifies that only commands coming 2136 * from privileged ports succeed so that ordinary users 2137 * can't connect and start talking to in.mpathd 2138 */ 2139 on = 1; 2140 if (setsockopt(s, IPPROTO_TCP, TCP_ANONPRIVBIND, &on, 2141 sizeof (on)) < 0) { 2142 Perror0_exit("connect_to_mpathd: setsockopt"); 2143 } 2144 switch (family) { 2145 case AF_INET: 2146 sin->sin_port = 0; 2147 sin->sin_addr.s_addr = htonl(INADDR_LOOPBACK); 2148 addrlen = sizeof (struct sockaddr_in); 2149 break; 2150 case AF_INET6: 2151 sin6->sin6_port = 0; 2152 sin6->sin6_addr = loopback_addr; 2153 addrlen = sizeof (struct sockaddr_in6); 2154 break; 2155 } 2156 ret = bind(s, (struct sockaddr *)&ss, addrlen); 2157 if (ret != 0) { 2158 (void) close(s); 2159 return (-1); 2160 } 2161 2162 switch (family) { 2163 case AF_INET: 2164 sin->sin_port = htons(MPATHD_PORT); 2165 break; 2166 case AF_INET6: 2167 sin6->sin6_port = htons(MPATHD_PORT); 2168 break; 2169 } 2170 ret = connect(s, (struct sockaddr *)&ss, addrlen); 2171 (void) close(s); 2172 return (ret); 2173 } 2174 2175 /* ARGSUSED */ 2176 static int 2177 setifgroupname(char *grpname, int64_t param) 2178 { 2179 if (debug) { 2180 (void) printf("Setting groupname %s on interface %s\n", 2181 grpname, name); 2182 } 2183 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2184 (void) strncpy(lifr.lifr_groupname, grpname, 2185 sizeof (lifr.lifr_groupname)); 2186 if (ioctl(s, SIOCSLIFGROUPNAME, (caddr_t)&lifr) < 0) { 2187 Perror0_exit("setifgroupname: SIOCSLIFGROUPNAME"); 2188 } 2189 2190 /* 2191 * If the SUNW_NO_MPATHD environment variable is set then don't 2192 * bother starting up in.mpathd. See PSARC/2002/249 for the 2193 * depressing details on this bit of stupidity. 2194 */ 2195 if (getenv("SUNW_NO_MPATHD") != NULL) { 2196 return (0); 2197 } 2198 2199 /* 2200 * Try to connect to in.mpathd using IPv4. If we succeed, 2201 * we conclude that in.mpathd is running, and quit. 2202 */ 2203 if (connect_to_mpathd(AF_INET) == 0) { 2204 /* connect succeeded, mpathd is already running */ 2205 return (0); 2206 } 2207 /* 2208 * Try to connect to in.mpathd using IPv6. If we succeed, 2209 * we conclude that in.mpathd is running, and quit. 2210 */ 2211 if (connect_to_mpathd(AF_INET6) == 0) { 2212 /* connect succeeded, mpathd is already running */ 2213 return (0); 2214 } 2215 2216 /* 2217 * in.mpathd may not be running. Start it now. If it is already 2218 * running, in.mpathd will take care of handling multiple incarnations 2219 * of itself. ifconfig only tries to optimize performance by not 2220 * starting another incarnation of in.mpathd. 2221 */ 2222 switch (fork()) { 2223 2224 case -1: 2225 Perror0_exit("setifgroupname: fork"); 2226 /* NOTREACHED */ 2227 case 0: 2228 (void) execl(MPATHD_PATH, MPATHD_PATH, NULL); 2229 _exit(1); 2230 /* NOTREACHED */ 2231 default: 2232 return (0); 2233 } 2234 } 2235 2236 2237 /* 2238 * To list all the modules above a given network interface. 2239 */ 2240 /* ARGSUSED */ 2241 static int 2242 modlist(char *null, int64_t param) 2243 { 2244 int muxid_fd; 2245 int muxfd; 2246 int ipfd_lowstr; 2247 int arpfd_lowstr; 2248 int num_mods; 2249 int i; 2250 struct str_list strlist; 2251 int orig_arpid; 2252 2253 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2254 if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr, 2255 &orig_arpid) < 0) { 2256 return (-1); 2257 } 2258 if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) { 2259 Perror0("cannot I_LIST to get the number of modules"); 2260 } else { 2261 if (debug > 0) { 2262 (void) printf("Listing (%d) modules above %s\n", 2263 num_mods, name); 2264 } 2265 2266 strlist.sl_nmods = num_mods; 2267 strlist.sl_modlist = malloc(sizeof (struct str_mlist) * 2268 num_mods); 2269 if (strlist.sl_modlist == NULL) { 2270 Perror0("cannot malloc"); 2271 } else { 2272 if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) { 2273 Perror0("cannot I_LIST for module names"); 2274 } else { 2275 for (i = 0; i < strlist.sl_nmods; i++) { 2276 (void) printf("%d %s\n", i, 2277 strlist.sl_modlist[i].l_name); 2278 } 2279 } 2280 free(strlist.sl_modlist); 2281 } 2282 } 2283 return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr, 2284 orig_arpid)); 2285 } 2286 2287 #define MODINSERT_OP 'i' 2288 #define MODREMOVE_OP 'r' 2289 2290 /* 2291 * To insert a module to the stream of the interface. It is just a 2292 * wrapper. The real function is modop(). 2293 */ 2294 /* ARGSUSED */ 2295 static int 2296 modinsert(char *arg, int64_t param) 2297 { 2298 return (modop(arg, MODINSERT_OP)); 2299 } 2300 2301 /* 2302 * To remove a module from the stream of the interface. It is just a 2303 * wrapper. The real function is modop(). 2304 */ 2305 /* ARGSUSED */ 2306 static int 2307 modremove(char *arg, int64_t param) 2308 { 2309 return (modop(arg, MODREMOVE_OP)); 2310 } 2311 2312 /* 2313 * Open a stream on /dev/udp{,6}, pop off all undesired modules (note that 2314 * the user may have configured autopush to add modules above 2315 * udp), and push the arp module onto the resulting stream. 2316 * This is used to make IP+ARP be able to atomically track the muxid 2317 * for the I_PLINKed STREAMS, thus it isn't related to ARP running the ARP 2318 * protocol. 2319 */ 2320 static int 2321 open_arp_on_udp(char *udp_dev_name) 2322 { 2323 int fd; 2324 2325 if ((fd = open(udp_dev_name, O_RDWR)) == -1) { 2326 Perror2("open", udp_dev_name); 2327 return (-1); 2328 } 2329 errno = 0; 2330 while (ioctl(fd, I_POP, 0) != -1) 2331 ; 2332 if (errno != EINVAL) { 2333 Perror2("pop", udp_dev_name); 2334 } else if (ioctl(fd, I_PUSH, ARP_MOD_NAME) == -1) { 2335 Perror2("arp PUSH", udp_dev_name); 2336 } else { 2337 return (fd); 2338 } 2339 (void) close(fd); 2340 return (-1); 2341 } 2342 2343 /* 2344 * Helper function for mod*() functions. It gets a fd to the lower IP 2345 * stream and I_PUNLINK's the lower stream. It also initializes the 2346 * global variable lifr. 2347 * 2348 * Param: 2349 * int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK 2350 * int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID 2351 * int *ipfd_lowstr: fd to the lower IP stream. 2352 * int *arpfd_lowstr: fd to the lower ARP stream. 2353 * 2354 * Return: 2355 * -1 if operation fails, 0 otherwise. 2356 * 2357 * Please see the big block comment above plumb_one_device() 2358 * for the logic of the PLINK/PUNLINK 2359 */ 2360 static int 2361 ip_domux2fd(int *muxfd, int *muxid_fd, int *ipfd_lowstr, int *arpfd_lowstr, 2362 int *orig_arpid) 2363 { 2364 uint64_t flags; 2365 char *udp_dev_name; 2366 2367 *orig_arpid = 0; 2368 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2369 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2370 Perror0_exit("status: SIOCGLIFFLAGS"); 2371 } 2372 flags = lifr.lifr_flags; 2373 if (flags & IFF_IPV4) { 2374 udp_dev_name = UDP_DEV_NAME; 2375 } else if (flags & IFF_IPV6) { 2376 udp_dev_name = UDP6_DEV_NAME; 2377 } else { 2378 return (-1); 2379 } 2380 2381 if ((*muxid_fd = open(udp_dev_name, O_RDWR)) < 0) { 2382 Perror2("open", udp_dev_name); 2383 return (-1); 2384 } 2385 if (ioctl(*muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 2386 Perror2("SIOCGLIFMUXID", udp_dev_name); 2387 return (-1); 2388 } 2389 if (debug > 0) { 2390 (void) printf("ARP_muxid %d IP_muxid %d\n", 2391 lifr.lifr_arp_muxid, lifr.lifr_ip_muxid); 2392 } 2393 2394 /* 2395 * Use /dev/udp{,6} as the mux to avoid linkcycles. 2396 */ 2397 if ((*muxfd = open_arp_on_udp(udp_dev_name)) == -1) 2398 return (-1); 2399 2400 if (lifr.lifr_arp_muxid != 0) { 2401 if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2402 lifr.lifr_arp_muxid)) < 0) { 2403 if ((errno == EINVAL) && 2404 (flags & (IFF_NOARP | IFF_IPV6))) { 2405 /* 2406 * Some plumbing utilities set the muxid to 2407 * -1 or some invalid value to signify that 2408 * there is no arp stream. Set the muxid to 0 2409 * before trying to unplumb the IP stream. 2410 * IP does not allow the IP stream to be 2411 * unplumbed if it sees a non-null arp muxid, 2412 * for consistency of IP-ARP streams. 2413 */ 2414 *orig_arpid = lifr.lifr_arp_muxid; 2415 lifr.lifr_arp_muxid = 0; 2416 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, 2417 (caddr_t)&lifr); 2418 *arpfd_lowstr = -1; 2419 } else { 2420 Perror0("_I_MUXID2FD"); 2421 return (-1); 2422 } 2423 } else if (ioctl(*muxfd, I_PUNLINK, 2424 lifr.lifr_arp_muxid) < 0) { 2425 Perror2("I_PUNLINK", udp_dev_name); 2426 return (-1); 2427 } 2428 } else { 2429 *arpfd_lowstr = -1; 2430 } 2431 2432 if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2433 lifr.lifr_ip_muxid)) < 0) { 2434 Perror0("_I_MUXID2FD"); 2435 /* Undo any changes we made */ 2436 if (*orig_arpid != 0) { 2437 lifr.lifr_arp_muxid = *orig_arpid; 2438 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2439 } 2440 return (-1); 2441 } 2442 if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) { 2443 Perror2("I_PUNLINK", udp_dev_name); 2444 /* Undo any changes we made */ 2445 if (*orig_arpid != 0) { 2446 lifr.lifr_arp_muxid = *orig_arpid; 2447 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2448 } 2449 return (-1); 2450 } 2451 return (0); 2452 } 2453 2454 /* 2455 * Helper function for mod*() functions. It I_PLINK's back the upper and 2456 * lower IP streams. Note that this function must be called after 2457 * ip_domux2fd(). In ip_domux2fd(), the global variable lifr is initialized 2458 * and ip_plink() needs information in lifr. So ip_domux2fd() and ip_plink() 2459 * must be called in pairs. 2460 * 2461 * Param: 2462 * int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK 2463 * int muxid_fd: fd to /dev/udp{,6} for LIFMUXID 2464 * int ipfd_lowstr: fd to the lower IP stream. 2465 * int arpfd_lowstr: fd to the lower ARP stream. 2466 * 2467 * Return: 2468 * -1 if operation fails, 0 otherwise. 2469 * 2470 * Please see the big block comment above plumb_one_device() 2471 * for the logic of the PLINK/PUNLINK 2472 */ 2473 static int 2474 ip_plink(int muxfd, int muxid_fd, int ipfd_lowstr, int arpfd_lowstr, 2475 int orig_arpid) 2476 { 2477 int ip_muxid; 2478 2479 ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr); 2480 if (ip_muxid < 0) { 2481 Perror2("I_PLINK", UDP_DEV_NAME); 2482 return (-1); 2483 } 2484 2485 /* 2486 * If there is an arp stream, plink it. If there is no 2487 * arp stream, then it is possible that the plumbing 2488 * utility could have stored any value in the arp_muxid. 2489 * If so, restore it from orig_arpid. 2490 */ 2491 if (arpfd_lowstr != -1) { 2492 if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) { 2493 Perror2("I_PLINK", UDP_DEV_NAME); 2494 return (-1); 2495 } 2496 } else if (orig_arpid != 0) { 2497 /* Undo the changes we did in ip_domux2fd */ 2498 lifr.lifr_arp_muxid = orig_arpid; 2499 lifr.lifr_ip_muxid = ip_muxid; 2500 (void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2501 } 2502 2503 (void) close(muxfd); 2504 (void) close(muxid_fd); 2505 return (0); 2506 } 2507 2508 /* 2509 * The real function to perform module insertion/removal. 2510 * 2511 * Param: 2512 * char *arg: the argument string module_name@position 2513 * char op: operation, either MODINSERT_OP or MODREMOVE_OP. 2514 * 2515 * Return: 2516 * Before doing ip_domux2fd(), this function calls exit(1) in case of 2517 * error. After ip_domux2fd() is done, it returns -1 for error, 0 2518 * otherwise. 2519 */ 2520 static int 2521 modop(char *arg, char op) 2522 { 2523 char *pos_p; 2524 int muxfd; 2525 int muxid_fd; 2526 int ipfd_lowstr; /* IP stream (lower stream of mux) to be plinked */ 2527 int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */ 2528 struct strmodconf mod; 2529 char *at_char = "@"; 2530 char *arg_str; 2531 int orig_arpid; 2532 2533 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2534 2535 /* Need to save the original string for -a option. */ 2536 if ((arg_str = malloc(strlen(arg) + 1)) == NULL) { 2537 Perror0("cannot malloc"); 2538 return (-1); 2539 } 2540 (void) strcpy(arg_str, arg); 2541 2542 if (*arg_str == *at_char) { 2543 (void) fprintf(stderr, 2544 "ifconfig: must supply a module name\n"); 2545 exit(1); 2546 } 2547 mod.mod_name = strtok(arg_str, at_char); 2548 if (strlen(mod.mod_name) > FMNAMESZ) { 2549 (void) fprintf(stderr, "ifconfig: module name too long: %s\n", 2550 mod.mod_name); 2551 exit(1); 2552 } 2553 2554 /* 2555 * Need to make sure that the core TCP/IP stack modules are not 2556 * removed. Otherwise, "bad" things can happen. If a module 2557 * is removed and inserted back, it loses its old state. But 2558 * the modules above it still have the old state. E.g. IP assumes 2559 * fast data path while tunnel after re-inserted assumes that it can 2560 * receive M_DATA only in fast data path for which it does not have 2561 * any state. This is a general caveat of _I_REMOVE/_I_INSERT. 2562 */ 2563 if (op == MODREMOVE_OP && 2564 (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 || 2565 strcmp(mod.mod_name, IP_MOD_NAME) == 0 || 2566 strcmp(mod.mod_name, TUN_NAME) == 0 || 2567 strcmp(mod.mod_name, ATUN_NAME) == 0 || 2568 strcmp(mod.mod_name, TUN6TO4_NAME) == 0)) { 2569 (void) fprintf(stderr, "ifconfig: cannot remove %s\n", 2570 mod.mod_name); 2571 exit(1); 2572 } 2573 2574 if ((pos_p = strtok(NULL, at_char)) == NULL) { 2575 (void) fprintf(stderr, "ifconfig: must supply a position\n"); 2576 exit(1); 2577 } 2578 mod.pos = atoi(pos_p); 2579 2580 if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr, 2581 &orig_arpid) < 0) { 2582 free(arg_str); 2583 return (-1); 2584 } 2585 switch (op) { 2586 case MODINSERT_OP: 2587 if (debug > 0) { 2588 (void) printf("Inserting module %s at %d\n", 2589 mod.mod_name, mod.pos); 2590 } 2591 if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) { 2592 Perror2("fail to insert module", mod.mod_name); 2593 } 2594 break; 2595 case MODREMOVE_OP: 2596 if (debug > 0) { 2597 (void) printf("Removing module %s at %d\n", 2598 mod.mod_name, mod.pos); 2599 } 2600 if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) { 2601 Perror2("fail to remove module", mod.mod_name); 2602 } 2603 break; 2604 default: 2605 /* Should never get to here. */ 2606 (void) fprintf(stderr, "Unknown operation\n"); 2607 break; 2608 } 2609 free(arg_str); 2610 return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr, 2611 orig_arpid)); 2612 } 2613 2614 /* 2615 * Set tunnel source address 2616 */ 2617 /* ARGSUSED */ 2618 static int 2619 setiftsrc(char *addr, int64_t param) 2620 { 2621 return (settaddr(addr, icfg_set_tunnel_src)); 2622 } 2623 2624 /* 2625 * Set tunnel destination address 2626 */ 2627 /* ARGSUSED */ 2628 static int 2629 setiftdst(char *addr, int64_t param) 2630 { 2631 return (settaddr(addr, icfg_set_tunnel_dest)); 2632 } 2633 2634 /* 2635 * sets tunnels src|dst address. settaddr() expects the following: 2636 * addr: Points to a printable string containing the address to be 2637 * set, e.g. 129.153.128.110. 2638 * fn: Pointer to a libinetcfg routine that will do the actual work. 2639 * The only valid functions are icfg_set_tunnel_src and 2640 * icfg_set_tunnel_dest. 2641 */ 2642 static int 2643 settaddr(char *addr, 2644 int (*fn)(icfg_handle_t, const struct sockaddr *, socklen_t)) 2645 { 2646 icfg_handle_t handle; 2647 icfg_if_t interface; 2648 struct sockaddr_storage laddr; 2649 int lower; 2650 int rc; 2651 2652 if (strchr(name, ':') != NULL) { 2653 errno = EPERM; 2654 Perror0_exit("Tunnel params on logical interfaces"); 2655 } 2656 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2657 interface.if_protocol = SOCKET_AF(af); 2658 2659 /* Open interface. */ 2660 if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS) 2661 Perror0_exit((char *)icfg_errmsg(rc)); 2662 2663 rc = icfg_get_tunnel_lower(handle, &lower); 2664 if (rc != ICFG_SUCCESS) 2665 Perror0_exit((char *)icfg_errmsg(rc)); 2666 2667 if (lower == AF_INET) { 2668 in_getaddr(addr, (struct sockaddr *)&laddr, NULL); 2669 } else { 2670 in6_getaddr(addr, (struct sockaddr *)&laddr, NULL); 2671 } 2672 2673 /* Call fn to do the real work, and close the interface. */ 2674 rc = (*fn)(handle, (struct sockaddr *)&laddr, 2675 sizeof (struct sockaddr_storage)); 2676 icfg_close(handle); 2677 2678 if (rc != ICFG_SUCCESS) 2679 Perror0_exit((char *)icfg_errmsg(rc)); 2680 2681 return (0); 2682 } 2683 2684 /* Set tunnel encapsulation limit. */ 2685 /* ARGSUSED */ 2686 static int 2687 set_tun_encap_limit(char *arg, int64_t param) 2688 { 2689 short limit; 2690 icfg_if_t interface; 2691 icfg_handle_t handle; 2692 int rc; 2693 2694 if (strchr(name, ':') != NULL) { 2695 errno = EPERM; 2696 Perror0_exit("Tunnel params on logical interfaces"); 2697 } 2698 2699 if ((sscanf(arg, "%hd", &limit) != 1) || (limit < 0) || 2700 (limit > 255)) { 2701 errno = EINVAL; 2702 Perror0_exit("Invalid encapsulation limit"); 2703 } 2704 2705 /* Open interface for configuration. */ 2706 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2707 interface.if_protocol = SOCKET_AF(af); 2708 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2709 Perror0_exit("couldn't open interface"); 2710 2711 rc = icfg_set_tunnel_encaplimit(handle, (int)limit); 2712 icfg_close(handle); 2713 2714 if (rc != ICFG_SUCCESS) 2715 Perror0_exit("Could not configure tunnel encapsulation limit"); 2716 2717 return (0); 2718 } 2719 2720 /* Disable encapsulation limit. */ 2721 /* ARGSUSED */ 2722 static int 2723 clr_tun_encap_limit(char *arg, int64_t param) 2724 { 2725 icfg_if_t interface; 2726 icfg_handle_t handle; 2727 int rc; 2728 2729 if (strchr(name, ':') != NULL) { 2730 errno = EPERM; 2731 Perror0_exit("Tunnel params on logical interfaces"); 2732 } 2733 2734 /* Open interface for configuration. */ 2735 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2736 interface.if_protocol = SOCKET_AF(af); 2737 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2738 Perror0_exit("couldn't open interface"); 2739 2740 rc = icfg_set_tunnel_encaplimit(handle, -1); 2741 icfg_close(handle); 2742 2743 if (rc != ICFG_SUCCESS) 2744 Perror0_exit((char *)icfg_errmsg(rc)); 2745 2746 return (0); 2747 } 2748 2749 /* Set tunnel hop limit. */ 2750 /* ARGSUSED */ 2751 static int 2752 set_tun_hop_limit(char *arg, int64_t param) 2753 { 2754 unsigned short limit; 2755 icfg_if_t interface; 2756 icfg_handle_t handle; 2757 int rc; 2758 2759 if (strchr(name, ':') != NULL) { 2760 errno = EPERM; 2761 Perror0_exit("Tunnel params on logical interfaces"); 2762 } 2763 2764 /* 2765 * Check limit here since it's really only an 8-bit unsigned quantity. 2766 */ 2767 if ((sscanf(arg, "%hu", &limit) != 1) || (limit > 255)) { 2768 errno = EINVAL; 2769 Perror0_exit("Invalid hop limit"); 2770 } 2771 2772 /* Open interface for configuration. */ 2773 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2774 interface.if_protocol = SOCKET_AF(af); 2775 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2776 Perror0_exit("couldn't open interface"); 2777 2778 rc = icfg_set_tunnel_hoplimit(handle, (uint8_t)limit); 2779 icfg_close(handle); 2780 2781 if (rc != ICFG_SUCCESS) 2782 Perror0_exit("Could not configure tunnel hop limit"); 2783 2784 return (0); 2785 } 2786 2787 /* Set zone ID */ 2788 static int 2789 setzone(char *arg, int64_t param) 2790 { 2791 zoneid_t zoneid = GLOBAL_ZONEID; 2792 2793 if (param == NEXTARG) { 2794 /* zone must be active */ 2795 if ((zoneid = getzoneidbyname(arg)) == -1) { 2796 (void) fprintf(stderr, 2797 "ifconfig: unknown zone '%s'\n", arg); 2798 exit(1); 2799 } 2800 } 2801 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2802 lifr.lifr_zoneid = zoneid; 2803 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2804 Perror0_exit("SIOCSLIFZONE"); 2805 return (0); 2806 } 2807 2808 /* Put interface into all zones */ 2809 /* ARGSUSED */ 2810 static int 2811 setallzones(char *arg, int64_t param) 2812 { 2813 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2814 lifr.lifr_zoneid = ALL_ZONES; 2815 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2816 Perror0_exit("SIOCSLIFZONE"); 2817 return (0); 2818 } 2819 2820 /* Set source address to use */ 2821 /* ARGSUSED */ 2822 static int 2823 setifsrc(char *arg, int64_t param) 2824 { 2825 uint_t ifindex = 0; 2826 int rval; 2827 2828 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2829 2830 /* 2831 * Argument can be either an interface name or "none". The latter means 2832 * that any previous selection is cleared. 2833 */ 2834 2835 rval = strcmp(arg, name); 2836 if (rval == 0) { 2837 (void) fprintf(stderr, 2838 "ifconfig: Cannot specify same interface for usesrc" 2839 " group\n"); 2840 exit(1); 2841 } 2842 2843 rval = strcmp(arg, NONE_STR); 2844 if (rval != 0) { 2845 if ((ifindex = if_nametoindex(arg)) == 0) { 2846 (void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ); 2847 Perror0_exit("Could not get interface index"); 2848 } 2849 lifr.lifr_index = ifindex; 2850 } else { 2851 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0) 2852 Perror0_exit("Not a valid usesrc consumer"); 2853 lifr.lifr_index = 0; 2854 } 2855 2856 if (debug) 2857 (void) printf("setifsrc: lifr_name %s, lifr_index %d\n", 2858 lifr.lifr_name, lifr.lifr_index); 2859 2860 if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) { 2861 if (rval == 0) 2862 Perror0_exit("Cannot reset usesrc group"); 2863 else 2864 Perror0_exit("Could not set source interface"); 2865 } 2866 2867 return (0); 2868 } 2869 2870 /* 2871 * Print the interface status line associated with `ifname' 2872 */ 2873 static void 2874 ifstatus(const char *ifname) 2875 { 2876 uint64_t flags; 2877 char if_usesrc_name[LIFNAMSIZ]; 2878 char *newbuf; 2879 int n, numifs, rval = 0; 2880 struct lifreq *lifrp; 2881 struct lifsrcof lifs; 2882 2883 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2884 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2885 Perror0_exit("status: SIOCGLIFFLAGS"); 2886 } 2887 flags = lifr.lifr_flags; 2888 2889 /* 2890 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or 2891 * interfaces with IFF_IPV6 set. 2892 */ 2893 if (v4compat) { 2894 flags &= ~IFF_IPV4; 2895 if (flags & IFF_IPV6) 2896 return; 2897 } 2898 2899 (void) printf("%s: ", ifname); 2900 print_flags(flags); 2901 2902 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2903 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 2904 Perror0_exit("status: SIOCGLIFMETRIC"); 2905 } else { 2906 if (lifr.lifr_metric) 2907 (void) printf(" metric %d", lifr.lifr_metric); 2908 } 2909 if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 2910 (void) printf(" mtu %u", lifr.lifr_mtu); 2911 2912 /* don't print index or zone when in compatibility mode */ 2913 if (!v4compat) { 2914 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 2915 (void) printf(" index %d", lifr.lifr_index); 2916 /* 2917 * Stack instances use GLOBAL_ZONEID for IP data structures 2918 * even in the non-global zone. 2919 */ 2920 if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 && 2921 lifr.lifr_zoneid != getzoneid() && 2922 lifr.lifr_zoneid != GLOBAL_ZONEID) { 2923 char zone_name[ZONENAME_MAX]; 2924 2925 if (lifr.lifr_zoneid == ALL_ZONES) { 2926 (void) printf("\n\tall-zones"); 2927 } else if (getzonenamebyid(lifr.lifr_zoneid, zone_name, 2928 sizeof (zone_name)) < 0) { 2929 (void) printf("\n\tzone %d", lifr.lifr_zoneid); 2930 } else { 2931 (void) printf("\n\tzone %s", zone_name); 2932 } 2933 } 2934 } 2935 2936 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) { 2937 lifs.lifs_ifindex = lifr.lifr_index; 2938 2939 /* 2940 * Find the number of interfaces that use this interfaces' 2941 * address as a source address 2942 */ 2943 lifs.lifs_buf = NULL; 2944 lifs.lifs_maxlen = 0; 2945 for (;;) { 2946 /* The first pass will give the bufsize we need */ 2947 rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs); 2948 if (rval < 0) { 2949 if (lifs.lifs_buf != NULL) { 2950 free(lifs.lifs_buf); 2951 lifs.lifs_buf = NULL; 2952 } 2953 lifs.lifs_len = 0; 2954 break; 2955 } 2956 if (lifs.lifs_len <= lifs.lifs_maxlen) 2957 break; 2958 /* Use kernel's size + a small margin to avoid loops */ 2959 lifs.lifs_maxlen = lifs.lifs_len + 2960 5 * sizeof (struct lifreq); 2961 /* For the first pass, realloc acts like malloc */ 2962 newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen); 2963 if (newbuf == NULL) { 2964 if (lifs.lifs_buf != NULL) { 2965 free(lifs.lifs_buf); 2966 lifs.lifs_buf = NULL; 2967 } 2968 lifs.lifs_len = 0; 2969 break; 2970 } 2971 lifs.lifs_buf = newbuf; 2972 } 2973 2974 2975 numifs = lifs.lifs_len / sizeof (struct lifreq); 2976 if (numifs > 0) { 2977 lifrp = lifs.lifs_req; 2978 (void) printf("\n\tsrcof"); 2979 for (n = numifs; n > 0; n--, lifrp++) { 2980 (void) printf(" %s", lifrp->lifr_name); 2981 } 2982 } 2983 2984 if (lifs.lifs_buf != NULL) 2985 free(lifs.lifs_buf); 2986 } 2987 2988 /* Find the interface whose source address this interface uses */ 2989 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 2990 if (lifr.lifr_index != 0) { 2991 if (if_indextoname(lifr.lifr_index, 2992 if_usesrc_name) == NULL) { 2993 (void) printf("\n\tusesrc ifIndex %d", 2994 lifr.lifr_index); 2995 } else { 2996 (void) printf("\n\tusesrc %s", if_usesrc_name); 2997 } 2998 } 2999 } 3000 3001 (void) putchar('\n'); 3002 } 3003 3004 3005 /* 3006 * Print the status of the interface. If an address family was 3007 * specified, show it and it only; otherwise, show them all. 3008 */ 3009 static void 3010 status(void) 3011 { 3012 struct afswtch *p = afp; 3013 uint64_t flags; 3014 3015 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3016 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 3017 Perror0_exit("status: SIOCGLIFFLAGS"); 3018 } 3019 3020 flags = lifr.lifr_flags; 3021 3022 /* 3023 * Only print the interface status if the address family matches 3024 * the interface family flag. 3025 */ 3026 if (p != NULL) { 3027 if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) || 3028 ((p->af_af == AF_INET) && (flags & IFF_IPV6))) 3029 return; 3030 } 3031 3032 /* 3033 * In V4 compatibility mode, don't print IFF_IPV6 interfaces. 3034 */ 3035 if (v4compat && (flags & IFF_IPV6)) 3036 return; 3037 3038 ifstatus(name); 3039 3040 if (p != NULL) { 3041 (*p->af_status)(1, flags); 3042 } else { 3043 for (p = afs; p->af_name; p++) { 3044 (void) close(s); 3045 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 3046 /* set global af for use in p->af_status */ 3047 af = p->af_af; 3048 if (s == -1) { 3049 Perror0_exit("socket"); 3050 } 3051 (*p->af_status)(0, flags); 3052 } 3053 3054 /* 3055 * Historically, 'ether' has been an address family, 3056 * so print it here. 3057 */ 3058 print_ifether(name); 3059 } 3060 } 3061 3062 /* 3063 * Print the status of the interface in a format that can be used to 3064 * reconfigure the interface later. Code stolen from status() above. 3065 */ 3066 /* ARGSUSED */ 3067 static int 3068 configinfo(char *null, int64_t param) 3069 { 3070 struct afswtch *p = afp; 3071 uint64_t flags; 3072 char phydevname[LIFNAMSIZ]; 3073 char if_usesrc_name[LIFNAMSIZ]; 3074 char *cp; 3075 3076 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3077 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 3078 Perror0_exit("status: SIOCGLIFFLAGS"); 3079 } 3080 flags = lifr.lifr_flags; 3081 3082 if (debug) { 3083 (void) printf("configinfo: name %s flags 0x%llx af_af %d\n", 3084 name, flags, p != NULL ? p->af_af : -1); 3085 } 3086 3087 /* remove LIF component */ 3088 (void) strncpy(phydevname, name, sizeof (phydevname)); 3089 cp = strchr(phydevname, ':'); 3090 if (cp) { 3091 *cp = 0; 3092 } 3093 phydevname[sizeof (phydevname) - 1] = '\0'; 3094 3095 /* 3096 * if the interface is IPv4 3097 * if we have a IPv6 address family restriction return 3098 * so it won't print 3099 * if we are in IPv4 compatibility mode, clear out IFF_IPV4 3100 * so we don't print it. 3101 */ 3102 if (flags & IFF_IPV4) { 3103 if (p && p->af_af == AF_INET6) 3104 return (-1); 3105 if (v4compat) 3106 flags &= ~IFF_IPV4; 3107 3108 (void) printf("%s inet plumb", phydevname); 3109 } else if (flags & IFF_IPV6) { 3110 /* 3111 * else if the interface is IPv6 3112 * if we have a IPv4 address family restriction return 3113 * or we are in IPv4 compatibiltiy mode, return. 3114 */ 3115 if (p && p->af_af == AF_INET) 3116 return (-1); 3117 if (v4compat) 3118 return (-1); 3119 3120 (void) printf("%s inet6 plumb", phydevname); 3121 } 3122 3123 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3124 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 3125 Perror0_exit("configinfo: SIOCGLIFMETRIC"); 3126 } else { 3127 if (lifr.lifr_metric) 3128 (void) printf(" metric %d ", lifr.lifr_metric); 3129 } 3130 if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) && 3131 ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 3132 (void) printf(" mtu %d", lifr.lifr_metric); 3133 3134 /* don't print index when in compatibility mode */ 3135 if (!v4compat) { 3136 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 3137 (void) printf(" index %d", lifr.lifr_index); 3138 } 3139 3140 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 3141 if (lifr.lifr_index != 0) { 3142 if (if_indextoname(lifr.lifr_index, 3143 if_usesrc_name) != NULL) { 3144 (void) printf(" usesrc %s", if_usesrc_name); 3145 } 3146 } 3147 } 3148 3149 if (p != NULL) { 3150 (*p->af_configinfo)(1, flags); 3151 } else { 3152 for (p = afs; p->af_name; p++) { 3153 (void) close(s); 3154 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 3155 /* set global af for use in p->af_configinfo */ 3156 af = p->af_af; 3157 if (s == -1) { 3158 Perror0_exit("socket"); 3159 } 3160 (*p->af_configinfo)(0, flags); 3161 } 3162 } 3163 3164 (void) printf("\n"); 3165 3166 return (0); 3167 } 3168 3169 static void 3170 print_tsec(struct iftun_req *tparams) 3171 { 3172 ipsec_req_t *ipsr; 3173 3174 (void) printf("\ttunnel security settings "); 3175 /* 3176 * Deal with versioning, for now just point 3177 * an ipsec_req_t at ifta_secinfo. If versions 3178 * change, something else will overlay ifta_secinfo. 3179 */ 3180 assert(tparams->ifta_vers == IFTUN_VERSION); 3181 3182 if (tparams->ifta_flags & IFTUN_COMPLEX_SECURITY) { 3183 (void) printf("--> use 'ipsecconf -ln -i %s'", 3184 tparams->ifta_lifr_name); 3185 } else { 3186 ipsr = (ipsec_req_t *)(&tparams->ifta_secinfo); 3187 if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) { 3188 (void) printf("ah (%s) ", 3189 rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH)); 3190 } 3191 if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) { 3192 (void) printf("esp (%s", 3193 rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP)); 3194 (void) printf("/%s)", 3195 rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH)); 3196 } 3197 } 3198 (void) printf("\n"); 3199 } 3200 3201 static void 3202 tun_status(void) 3203 { 3204 icfg_if_t interface; 3205 int rc; 3206 icfg_handle_t handle; 3207 int protocol; 3208 char srcbuf[INET6_ADDRSTRLEN]; 3209 char dstbuf[INET6_ADDRSTRLEN]; 3210 boolean_t tabbed; 3211 uint8_t hoplimit; 3212 int16_t encaplimit; 3213 struct sockaddr_storage taddr; 3214 socklen_t socklen = sizeof (taddr); 3215 3216 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 3217 interface.if_protocol = SOCKET_AF(af); 3218 if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS) 3219 Perror0_exit((char *)icfg_errmsg(rc)); 3220 3221 /* 3222 * only print tunnel info for lun 0. If ioctl fails, assume 3223 * we are not a tunnel 3224 */ 3225 if (strchr(name, ':') != NULL || 3226 icfg_get_tunnel_lower(handle, &protocol) != ICFG_SUCCESS) { 3227 icfg_close(handle); 3228 return; 3229 } 3230 3231 switch (protocol) { 3232 case AF_INET: 3233 (void) printf("\tinet"); 3234 break; 3235 case AF_INET6: 3236 (void) printf("\tinet6"); 3237 break; 3238 default: 3239 Perror0_exit("\ttunnel: Illegal lower stream\n\t"); 3240 break; 3241 } 3242 3243 rc = icfg_get_tunnel_src(handle, (struct sockaddr *)&taddr, &socklen); 3244 if (rc == ICFG_NOT_SET) { 3245 (void) strlcpy(srcbuf, (protocol == AF_INET) ? "0.0.0.0" : 3246 "::", sizeof (srcbuf)); 3247 } else if (rc != ICFG_SUCCESS) { 3248 Perror0_exit((char *)icfg_errmsg(rc)); 3249 } else { 3250 rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr, 3251 srcbuf, sizeof (srcbuf)); 3252 if (rc != ICFG_SUCCESS) { 3253 Perror0_exit((char *)icfg_errmsg(rc)); 3254 } 3255 } 3256 3257 (void) printf(" tunnel src %s ", srcbuf); 3258 3259 rc = icfg_get_tunnel_dest(handle, (struct sockaddr *)&taddr, &socklen); 3260 if (rc == ICFG_NOT_SET) { 3261 (void) printf("\n"); 3262 } else { 3263 rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr, 3264 dstbuf, sizeof (dstbuf)); 3265 if (rc != ICFG_SUCCESS) { 3266 Perror0_exit((char *)icfg_errmsg(rc)); 3267 } 3268 (void) printf("tunnel dst %s\n", dstbuf); 3269 } 3270 3271 if (handle->ifh_tunnel_params != NULL && 3272 (handle->ifh_tunnel_params->ifta_flags & IFTUN_SECURITY)) 3273 print_tsec(handle->ifh_tunnel_params); 3274 3275 /* 3276 * tabbed indicates tabbed and printed. Use it tell us whether 3277 * to tab and that we've printed something here, so we need a 3278 * newline 3279 */ 3280 tabbed = _B_FALSE; 3281 3282 if (icfg_get_tunnel_hoplimit(handle, &hoplimit) == ICFG_SUCCESS) { 3283 (void) printf("\ttunnel hop limit %d ", hoplimit); 3284 tabbed = _B_TRUE; 3285 } 3286 3287 if ((protocol == AF_INET6) && 3288 (icfg_get_tunnel_encaplimit(handle, &encaplimit) == 3289 ICFG_SUCCESS)) { 3290 if (!tabbed) { 3291 (void) printf("\t"); 3292 tabbed = _B_TRUE; 3293 } 3294 if (encaplimit >= 0) { 3295 (void) printf("tunnel encapsulation limit %d", 3296 encaplimit); 3297 } else { 3298 (void) printf("tunnel encapsulation limit disabled"); 3299 } 3300 } 3301 3302 if (tabbed) 3303 (void) printf("\n"); 3304 3305 icfg_close(handle); 3306 } 3307 3308 static void 3309 in_status(int force, uint64_t flags) 3310 { 3311 struct sockaddr_in *sin, *laddr; 3312 struct sockaddr_in netmask = { AF_INET }; 3313 3314 if (debug) 3315 (void) printf("in_status(%s) flags 0x%llx\n", name, flags); 3316 3317 /* only print status for IPv4 interfaces */ 3318 if (!(flags & IFF_IPV4)) 3319 return; 3320 3321 /* if the interface is a tunnel, print the tunnel status */ 3322 tun_status(); 3323 3324 if (!(flags & IFF_NOLOCAL)) { 3325 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3326 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3327 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3328 errno == ENXIO) { 3329 if (!force) 3330 return; 3331 (void) memset(&lifr.lifr_addr, 0, 3332 sizeof (lifr.lifr_addr)); 3333 } else 3334 Perror0_exit("in_status: SIOCGLIFADDR"); 3335 } 3336 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3337 (void) printf("\tinet %s ", inet_ntoa(sin->sin_addr)); 3338 laddr = sin; 3339 } else { 3340 (void) printf("\tinet "); 3341 } 3342 3343 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3344 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3345 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3346 errno == ENXIO) { 3347 if (!force) 3348 return; 3349 (void) memset(&lifr.lifr_addr, 0, 3350 sizeof (lifr.lifr_addr)); 3351 } else { 3352 Perror0_exit("in_status: SIOCGLIFSUBNET"); 3353 } 3354 } 3355 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3356 if ((flags & IFF_NOLOCAL) || 3357 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3358 (void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr), 3359 lifr.lifr_addrlen); 3360 } 3361 if (sin->sin_family != AF_INET) { 3362 (void) printf("Wrong family: %d\n", sin->sin_family); 3363 } 3364 3365 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3366 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3367 if (errno != EADDRNOTAVAIL) 3368 Perror0_exit("in_status: SIOCGLIFNETMASK"); 3369 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3370 } else 3371 netmask.sin_addr = 3372 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3373 if (flags & IFF_POINTOPOINT) { 3374 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3375 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3376 if (errno == EADDRNOTAVAIL) 3377 (void) memset(&lifr.lifr_addr, 0, 3378 sizeof (lifr.lifr_addr)); 3379 else 3380 Perror0_exit("in_status: SIOCGLIFDSTADDR"); 3381 } 3382 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3383 (void) printf("--> %s ", inet_ntoa(sin->sin_addr)); 3384 } 3385 (void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr)); 3386 if (flags & IFF_BROADCAST) { 3387 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3388 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3389 if (errno == EADDRNOTAVAIL) 3390 (void) memset(&lifr.lifr_addr, 0, 3391 sizeof (lifr.lifr_addr)); 3392 else 3393 Perror0_exit("in_status: SIOCGLIFBRDADDR"); 3394 } 3395 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3396 if (sin->sin_addr.s_addr != 0) { 3397 (void) printf("broadcast %s", 3398 inet_ntoa(sin->sin_addr)); 3399 } 3400 } 3401 /* If there is a groupname, print it for lun 0 alone */ 3402 if (strchr(name, ':') == NULL) { 3403 (void) memset(lifr.lifr_groupname, 0, 3404 sizeof (lifr.lifr_groupname)); 3405 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) { 3406 if (strlen(lifr.lifr_groupname) > 0) { 3407 (void) printf("\n\tgroupname %s", 3408 lifr.lifr_groupname); 3409 } 3410 } 3411 } 3412 (void) putchar('\n'); 3413 } 3414 3415 static void 3416 in6_status(int force, uint64_t flags) 3417 { 3418 char abuf[INET6_ADDRSTRLEN]; 3419 struct sockaddr_in6 *sin6, *laddr6; 3420 3421 if (debug) 3422 (void) printf("in6_status(%s) flags 0x%llx\n", name, flags); 3423 3424 if (!(flags & IFF_IPV6)) 3425 return; 3426 3427 /* if the interface is a tunnel, print the tunnel status */ 3428 tun_status(); 3429 3430 if (!(flags & IFF_NOLOCAL)) { 3431 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3432 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3433 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3434 errno == ENXIO) { 3435 if (!force) 3436 return; 3437 (void) memset(&lifr.lifr_addr, 0, 3438 sizeof (lifr.lifr_addr)); 3439 } else 3440 Perror0_exit("in_status6: SIOCGLIFADDR"); 3441 } 3442 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3443 (void) printf("\tinet6 %s/%d ", 3444 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3445 abuf, sizeof (abuf)), 3446 lifr.lifr_addrlen); 3447 laddr6 = sin6; 3448 } else { 3449 (void) printf("\tinet6 "); 3450 } 3451 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3452 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3453 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3454 errno == ENXIO) { 3455 if (!force) 3456 return; 3457 (void) memset(&lifr.lifr_addr, 0, 3458 sizeof (lifr.lifr_addr)); 3459 } else 3460 Perror0_exit("in_status6: SIOCGLIFSUBNET"); 3461 } 3462 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3463 if ((flags & IFF_NOLOCAL) || 3464 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3465 (void) printf("subnet %s/%d ", 3466 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3467 abuf, sizeof (abuf)), 3468 lifr.lifr_addrlen); 3469 } 3470 if (sin6->sin6_family != AF_INET6) { 3471 (void) printf("Wrong family: %d\n", sin6->sin6_family); 3472 } 3473 if (flags & IFF_POINTOPOINT) { 3474 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3475 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3476 if (errno == EADDRNOTAVAIL) 3477 (void) memset(&lifr.lifr_addr, 0, 3478 sizeof (lifr.lifr_addr)); 3479 else 3480 Perror0_exit("in_status6: SIOCGLIFDSTADDR"); 3481 } 3482 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3483 (void) printf("--> %s ", 3484 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3485 abuf, sizeof (abuf))); 3486 } 3487 if (verbose) { 3488 (void) putchar('\n'); 3489 (void) putchar('\t'); 3490 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3491 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3492 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3493 (void) memset(&lifr.lifr_addr, 0, 3494 sizeof (lifr.lifr_addr)); 3495 else 3496 Perror0_exit("in_status6: SIOCGLIFTOKEN"); 3497 } else { 3498 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3499 (void) printf("token %s/%d ", 3500 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3501 abuf, sizeof (abuf)), 3502 lifr.lifr_addrlen); 3503 } 3504 if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) { 3505 if (errno != EINVAL) { 3506 Perror0_exit("in_status6: SIOCGLIFLNKINFO"); 3507 } 3508 } else { 3509 (void) printf("maxhops %u, reachtime %u ms, " 3510 "reachretrans %u ms, maxmtu %u ", 3511 lifr.lifr_ifinfo.lir_maxhops, 3512 lifr.lifr_ifinfo.lir_reachtime, 3513 lifr.lifr_ifinfo.lir_reachretrans, 3514 lifr.lifr_ifinfo.lir_maxmtu); 3515 } 3516 } 3517 /* If there is a groupname, print it for only the physical interface */ 3518 if (strchr(name, ':') == NULL) { 3519 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3520 lifr.lifr_groupname[0] != '\0') { 3521 (void) printf("\n\tgroupname %s", lifr.lifr_groupname); 3522 } 3523 } 3524 (void) putchar('\n'); 3525 } 3526 3527 static void 3528 in_configinfo(int force, uint64_t flags) 3529 { 3530 struct sockaddr_in *sin, *laddr; 3531 struct sockaddr_in netmask = { AF_INET }; 3532 3533 if (debug) 3534 (void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags); 3535 3536 /* only configinfo info for IPv4 interfaces */ 3537 if (!(flags & IFF_IPV4)) 3538 return; 3539 3540 if (!(flags & IFF_NOLOCAL)) { 3541 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3542 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3543 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3544 errno == ENXIO) { 3545 if (!force) 3546 return; 3547 (void) memset(&lifr.lifr_addr, 0, 3548 sizeof (lifr.lifr_addr)); 3549 } else 3550 Perror0_exit("in_configinfo: SIOCGLIFADDR"); 3551 } 3552 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3553 if (strchr(name, ':') != NULL) { 3554 (void) printf(" addif %s ", inet_ntoa(sin->sin_addr)); 3555 } else { 3556 (void) printf(" set %s ", inet_ntoa(sin->sin_addr)); 3557 } 3558 laddr = sin; 3559 } 3560 3561 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3562 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3563 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3564 errno == ENXIO) { 3565 if (!force) 3566 return; 3567 (void) memset(&lifr.lifr_addr, 0, 3568 sizeof (lifr.lifr_addr)); 3569 } else { 3570 Perror0_exit("in_configinfo: SIOCGLIFSUBNET"); 3571 } 3572 } 3573 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3574 3575 if ((flags & IFF_NOLOCAL) || 3576 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3577 (void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr), 3578 lifr.lifr_addrlen); 3579 } 3580 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3581 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3582 if (errno != EADDRNOTAVAIL) 3583 Perror0_exit("in_configinfo: SIOCGLIFNETMASK"); 3584 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3585 } else 3586 netmask.sin_addr = 3587 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3588 if (flags & IFF_POINTOPOINT) { 3589 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3590 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3591 if (errno == EADDRNOTAVAIL) 3592 (void) memset(&lifr.lifr_addr, 0, 3593 sizeof (lifr.lifr_addr)); 3594 else 3595 Perror0_exit("in_configinfo: SIOCGLIFDSTADDR"); 3596 } 3597 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3598 (void) printf(" destination %s ", inet_ntoa(sin->sin_addr)); 3599 } 3600 (void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr)); 3601 if (flags & IFF_BROADCAST) { 3602 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3603 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3604 if (errno == EADDRNOTAVAIL) 3605 (void) memset(&lifr.lifr_addr, 0, 3606 sizeof (lifr.lifr_addr)); 3607 else 3608 Perror0_exit("in_configinfo: SIOCGLIFBRDADDR"); 3609 } 3610 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3611 if (sin->sin_addr.s_addr != 0) { 3612 (void) printf(" broadcast %s ", 3613 inet_ntoa(sin->sin_addr)); 3614 } 3615 } 3616 3617 /* If there is a groupname, print it for only the physical interface */ 3618 if (strchr(name, ':') == NULL) { 3619 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3620 lifr.lifr_groupname[0] != '\0') { 3621 (void) printf(" group %s ", lifr.lifr_groupname); 3622 } 3623 } 3624 3625 /* Print flags to configure */ 3626 print_config_flags(flags); 3627 3628 /* IFF_NOARP applies to AF_INET only */ 3629 if (flags & IFF_NOARP) { 3630 (void) printf("-arp "); 3631 } 3632 } 3633 3634 static void 3635 in6_configinfo(int force, uint64_t flags) 3636 { 3637 char abuf[INET6_ADDRSTRLEN]; 3638 struct sockaddr_in6 *sin6, *laddr6; 3639 3640 if (debug) 3641 (void) printf("in6_configinfo(%s) flags 0x%llx\n", name, 3642 flags); 3643 3644 if (!(flags & IFF_IPV6)) 3645 return; 3646 3647 if (!(flags & IFF_NOLOCAL)) { 3648 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3649 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3650 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3651 errno == ENXIO) { 3652 if (!force) 3653 return; 3654 (void) memset(&lifr.lifr_addr, 0, 3655 sizeof (lifr.lifr_addr)); 3656 } else 3657 Perror0_exit("in6_configinfo: SIOCGLIFADDR"); 3658 } 3659 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3660 if (strchr(name, ':') != NULL) { 3661 (void) printf(" addif %s/%d ", 3662 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3663 abuf, sizeof (abuf)), 3664 lifr.lifr_addrlen); 3665 } else { 3666 (void) printf(" set %s/%d ", 3667 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3668 abuf, sizeof (abuf)), 3669 lifr.lifr_addrlen); 3670 } 3671 laddr6 = sin6; 3672 } 3673 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3674 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3675 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3676 errno == ENXIO) { 3677 if (!force) 3678 return; 3679 (void) memset(&lifr.lifr_addr, 0, 3680 sizeof (lifr.lifr_addr)); 3681 } else 3682 Perror0_exit("in6_configinfo: SIOCGLIFSUBNET"); 3683 } 3684 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3685 if ((flags & IFF_NOLOCAL) || 3686 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3687 (void) printf(" subnet %s/%d ", 3688 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3689 abuf, sizeof (abuf)), 3690 lifr.lifr_addrlen); 3691 } 3692 3693 if (flags & IFF_POINTOPOINT) { 3694 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3695 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3696 if (errno == EADDRNOTAVAIL) 3697 (void) memset(&lifr.lifr_addr, 0, 3698 sizeof (lifr.lifr_addr)); 3699 else 3700 Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR"); 3701 } 3702 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3703 (void) printf(" destination %s ", 3704 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3705 abuf, sizeof (abuf))); 3706 } 3707 3708 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3709 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3710 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3711 (void) memset(&lifr.lifr_addr, 0, 3712 sizeof (lifr.lifr_addr)); 3713 else 3714 Perror0_exit("in6_configinfo: SIOCGLIFTOKEN"); 3715 } else { 3716 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3717 (void) printf(" token %s/%d ", 3718 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3719 abuf, sizeof (abuf)), 3720 lifr.lifr_addrlen); 3721 } 3722 3723 /* If there is a groupname, print it for only the physical interface */ 3724 if (strchr(name, ':') == NULL) { 3725 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3726 lifr.lifr_groupname[0] != '\0') { 3727 (void) printf(" group %s ", lifr.lifr_groupname); 3728 } 3729 } 3730 3731 /* Print flags to configure */ 3732 print_config_flags(flags); 3733 3734 /* IFF_NONUD applies to AF_INET6 only */ 3735 if (flags & IFF_NONUD) { 3736 (void) printf("-nud "); 3737 } 3738 } 3739 3740 /* 3741 * We need to plink both the arp-device stream and the arp-ip-device stream. 3742 * However the muxid is stored only in IP. Plumbing 2 streams individually 3743 * is not atomic, and if ifconfig is killed, the resulting plumbing can 3744 * be inconsistent. For eg. if only the arp stream is plumbed, we have lost 3745 * the muxid, and the half-baked plumbing can neither be unplumbed nor 3746 * replumbed, thus requiring a reboot. To avoid the above the following 3747 * scheme is used. 3748 * 3749 * Ifconfig asks IP to enforce atomicity of plumbing the arp and IP streams. 3750 * This is done by pushing arp on to the mux (/dev/udp). ARP adds some 3751 * extra information in the I_PLINK and I_PUNLINK ioctls to let IP know 3752 * that the plumbing/unplumbing has to be done atomically. Ifconfig plumbs 3753 * the IP stream first, and unplumbs it last. The kernel (IP) does not 3754 * allow IP stream to be unplumbed without unplumbing arp stream. Similarly 3755 * it does not allow arp stream to be plumbed before IP stream is plumbed. 3756 * There is no need to use SIOCSLIFMUXID, since the whole operation is atomic, 3757 * and IP uses the info in the I_PLINK message to get the muxid. 3758 * 3759 * a. STREAMS does not allow us to use /dev/ip itself as the mux. So we use 3760 * /dev/udp{,6}. 3761 * b. SIOCGLIFMUXID returns the muxid corresponding to the V4 or V6 stream 3762 * depending on the open i.e. V4 vs V6 open. So we need to use /dev/udp 3763 * or /dev/udp6 for SIOCGLIFMUXID and SIOCSLIFMUXID. 3764 * c. We need to push ARP in order to get the required kernel support for 3765 * atomic plumbings. The actual work done by ARP is explained in arp.c 3766 * Without pushing ARP, we will still be able to plumb/unplumb. But 3767 * it is not atomic, and is supported by the kernel for backward 3768 * compatibility for other utilities like atmifconfig etc. In this case 3769 * the utility must use SIOCSLIFMUXID. 3770 */ 3771 static void 3772 plumb_one_device(int af) 3773 { 3774 int arp_muxid = -1, ip_muxid; 3775 int mux_fd, ip_fd, arp_fd; 3776 int retval; 3777 uint_t ppa; 3778 char *udp_dev_name; 3779 char provider[DLPI_LINKNAME_MAX]; 3780 dlpi_handle_t dh_arp, dh_ip; 3781 3782 /* 3783 * We use DLPI_NOATTACH because the ip module will do the attach 3784 * itself for DLPI style-2 devices. 3785 */ 3786 retval = dlpi_open(name, &dh_ip, DLPI_NOATTACH); 3787 if (retval != DLPI_SUCCESS) 3788 Perrdlpi_exit("cannot open link", name, retval); 3789 3790 if ((retval = dlpi_parselink(name, provider, &ppa)) != DLPI_SUCCESS) 3791 Perrdlpi_exit("dlpi_parselink", name, retval); 3792 3793 if (debug) { 3794 (void) printf("ifconfig: plumb_one_device: provider %s," 3795 " ppa %u\n", provider, ppa); 3796 } 3797 3798 ip_fd = dlpi_fd(dh_ip); 3799 if (ioctl(ip_fd, I_PUSH, IP_MOD_NAME) == -1) 3800 Perror2_exit("I_PUSH", IP_MOD_NAME); 3801 3802 /* 3803 * Push the ARP module onto the interface stream. IP uses 3804 * this to send resolution requests up to ARP. We need to 3805 * do this before the SLIFNAME ioctl is sent down because 3806 * the interface becomes publicly known as soon as the SLIFNAME 3807 * ioctl completes. Thus some other process trying to bring up 3808 * the interface after SLIFNAME but before we have pushed ARP 3809 * could hang. We pop the module again later if it is not needed. 3810 */ 3811 if (ioctl(ip_fd, I_PUSH, ARP_MOD_NAME) == -1) 3812 Perror2_exit("I_PUSH", ARP_MOD_NAME); 3813 3814 /* 3815 * Set IFF_IPV4/IFF_IPV6 flags. 3816 * At this point in time the kernel also allows an 3817 * override of the CANTCHANGE flags. 3818 */ 3819 lifr.lifr_name[0] = '\0'; 3820 if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1) 3821 Perror0_exit("plumb_one_device: SIOCGLIFFLAGS"); 3822 3823 /* Set the name string and the IFF_IPV* flag */ 3824 if (af == AF_INET6) { 3825 lifr.lifr_flags |= IFF_IPV6; 3826 lifr.lifr_flags &= ~(IFF_BROADCAST | IFF_IPV4); 3827 } else { 3828 lifr.lifr_flags |= IFF_IPV4; 3829 lifr.lifr_flags &= ~IFF_IPV6; 3830 } 3831 3832 /* record the device and module names as interface name */ 3833 lifr.lifr_ppa = ppa; 3834 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3835 3836 /* set the interface name */ 3837 if (ioctl(ip_fd, SIOCSLIFNAME, (char *)&lifr) == -1) { 3838 if (errno != EEXIST) 3839 Perror0_exit("SIOCSLIFNAME for ip"); 3840 /* 3841 * This difference between the way we behave for EEXIST 3842 * and that with other errors exists to preserve legacy 3843 * behaviour. Earlier when foreachinterface() and matchif() 3844 * were doing the duplicate interface name checks, for 3845 * already existing interfaces, inetplumb() returned "0". 3846 * To preserve this behaviour, Perror0() and return are 3847 * called for EEXIST. 3848 */ 3849 Perror0("SIOCSLIFNAME for ip"); 3850 return; 3851 } 3852 3853 /* Get the full set of existing flags for this stream */ 3854 if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1) 3855 Perror0_exit("plumb_one_device: SIOCFLIFFLAGS"); 3856 3857 if (debug) { 3858 (void) printf("ifconfig: plumb_one_device: %s got flags:\n", 3859 lifr.lifr_name); 3860 print_flags(lifr.lifr_flags); 3861 (void) putchar('\n'); 3862 } 3863 3864 /* Check if arp is not actually needed */ 3865 if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) { 3866 if (ioctl(ip_fd, I_POP, 0) == -1) 3867 Perror2_exit("I_POP", ARP_MOD_NAME); 3868 } 3869 3870 /* 3871 * Open "/dev/udp" for use as a multiplexor to PLINK the 3872 * interface stream under. We use "/dev/udp" instead of "/dev/ip" 3873 * since STREAMS will not let you PLINK a driver under itself, 3874 * and "/dev/ip" is typically the driver at the bottom of 3875 * the stream for tunneling interfaces. 3876 */ 3877 if (af == AF_INET6) 3878 udp_dev_name = UDP6_DEV_NAME; 3879 else 3880 udp_dev_name = UDP_DEV_NAME; 3881 if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1) 3882 exit(EXIT_FAILURE); 3883 3884 /* Check if arp is not needed */ 3885 if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) { 3886 /* 3887 * PLINK the interface stream so that ifconfig can exit 3888 * without tearing down the stream. 3889 */ 3890 if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) 3891 Perror0_exit("I_PLINK for ip"); 3892 (void) close(mux_fd); 3893 return; 3894 } 3895 3896 /* 3897 * This interface does use ARP, so set up a separate stream 3898 * from the interface to ARP. 3899 * 3900 * Note: modules specified by the user are pushed 3901 * only on the interface stream, not on the ARP stream. 3902 */ 3903 if (debug) 3904 (void) printf("ifconfig: plumb_one_device: ifname: %s\n", name); 3905 3906 /* 3907 * We use DLPI_NOATTACH because the arp module will do the attach 3908 * itself for DLPI style-2 devices. 3909 */ 3910 retval = dlpi_open(name, &dh_arp, DLPI_NOATTACH); 3911 if (retval != DLPI_SUCCESS) 3912 Perrdlpi_exit("cannot open link", name, retval); 3913 3914 arp_fd = dlpi_fd(dh_arp); 3915 if (ioctl(arp_fd, I_PUSH, ARP_MOD_NAME) == -1) 3916 Perror2_exit("I_PUSH", ARP_MOD_NAME); 3917 3918 /* 3919 * Tell ARP the name and unit number for this interface. 3920 * Note that arp has no support for transparent ioctls. 3921 */ 3922 if (strioctl(arp_fd, SIOCSLIFNAME, (char *)&lifr, 3923 sizeof (lifr)) == -1) { 3924 if (errno != EEXIST) 3925 Perror0_exit("SIOCSLIFNAME for arp"); 3926 Perror0("SIOCSLIFNAME for arp"); 3927 dlpi_close(dh_arp); 3928 dlpi_close(dh_ip); 3929 (void) close(mux_fd); 3930 return; 3931 } 3932 /* 3933 * PLINK the IP and ARP streams so that ifconfig can exit 3934 * without tearing down the stream. 3935 */ 3936 if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) 3937 Perror0_exit("I_PLINK for ip"); 3938 if ((arp_muxid = ioctl(mux_fd, I_PLINK, arp_fd)) == -1) { 3939 (void) ioctl(mux_fd, I_PUNLINK, ip_muxid); 3940 Perror0_exit("I_PLINK for arp"); 3941 } 3942 3943 if (debug) 3944 (void) printf("arp muxid = %d\n", arp_muxid); 3945 dlpi_close(dh_ip); 3946 dlpi_close(dh_arp); 3947 (void) close(mux_fd); 3948 } 3949 3950 3951 /* 3952 * If this is a physical interface then remove it. 3953 * If it is a logical interface name use SIOCLIFREMOVEIF to 3954 * remove it. In both cases fail if it doesn't exist. 3955 */ 3956 /* ARGSUSED */ 3957 static int 3958 inetunplumb(char *arg, int64_t param) 3959 { 3960 int ip_muxid, arp_muxid; 3961 int mux_fd; 3962 int muxid_fd; 3963 char *udp_dev_name; 3964 char *strptr; 3965 uint64_t flags; 3966 boolean_t changed_arp_muxid = _B_FALSE; 3967 int save_errno; 3968 3969 strptr = strchr(name, ':'); 3970 if (strptr != NULL || strcmp(name, LOOPBACK_IF) == 0) { 3971 /* Can't unplumb logical interface zero */ 3972 if (strptr != NULL && strcmp(strptr, ":0") == 0) { 3973 (void) fprintf(stderr, "ifconfig: unplumb:" 3974 " Cannot unplumb %s: Invalid interface\n", name); 3975 exit(1); 3976 } 3977 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3978 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3979 3980 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) 3981 Perror0_exit("unplumb: SIOCLIFREMOVEIF"); 3982 return (0); 3983 } 3984 3985 /* 3986 * We used /dev/udp or udp6 to set up the mux. So we have to use 3987 * the same now for PUNLINK also. 3988 */ 3989 if (afp->af_af == AF_INET6) 3990 udp_dev_name = UDP6_DEV_NAME; 3991 else 3992 udp_dev_name = UDP_DEV_NAME; 3993 3994 if ((muxid_fd = open(udp_dev_name, O_RDWR)) == -1) 3995 exit(EXIT_FAILURE); 3996 3997 if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1) 3998 exit(EXIT_FAILURE); 3999 4000 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4001 if (ioctl(muxid_fd, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 4002 Perror0_exit("unplumb: SIOCGLIFFLAGS"); 4003 } 4004 flags = lifr.lifr_flags; 4005 if (ioctl(muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 4006 Perror0_exit("unplumb: SIOCGLIFMUXID"); 4007 } 4008 arp_muxid = lifr.lifr_arp_muxid; 4009 ip_muxid = lifr.lifr_ip_muxid; 4010 /* 4011 * We don't have a good way of knowing whether the arp stream is 4012 * plumbed. We can't rely on IFF_NOARP because someone could 4013 * have turned it off later using "ifconfig xxx -arp". 4014 */ 4015 if (arp_muxid != 0) { 4016 if (debug) 4017 (void) printf("arp_muxid %d\n", arp_muxid); 4018 if (ioctl(mux_fd, I_PUNLINK, arp_muxid) < 0) { 4019 if ((errno == EINVAL) && 4020 (flags & (IFF_NOARP | IFF_IPV6))) { 4021 /* 4022 * Some plumbing utilities set the muxid to 4023 * -1 or some invalid value to signify that 4024 * there is no arp stream. Set the muxid to 0 4025 * before trying to unplumb the IP stream. 4026 * IP does not allow the IP stream to be 4027 * unplumbed if it sees a non-null arp muxid, 4028 * for consistency of IP-ARP streams. 4029 */ 4030 lifr.lifr_arp_muxid = 0; 4031 (void) ioctl(muxid_fd, SIOCSLIFMUXID, 4032 (caddr_t)&lifr); 4033 changed_arp_muxid = _B_TRUE; 4034 } else { 4035 Perror0("I_PUNLINK for arp"); 4036 } 4037 } 4038 } 4039 if (debug) 4040 (void) printf("ip_muxid %d\n", ip_muxid); 4041 4042 if (ioctl(mux_fd, I_PUNLINK, ip_muxid) < 0) { 4043 if (changed_arp_muxid) { 4044 /* 4045 * Some error occurred, and we need to restore 4046 * everything back to what it was. 4047 */ 4048 save_errno = errno; 4049 lifr.lifr_arp_muxid = arp_muxid; 4050 lifr.lifr_ip_muxid = ip_muxid; 4051 (void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 4052 errno = save_errno; 4053 } 4054 Perror0_exit("I_PUNLINK for ip"); 4055 } 4056 (void) close(mux_fd); 4057 (void) close(muxid_fd); 4058 return (0); 4059 } 4060 4061 /* 4062 * If this is a physical interface then create it unless it is already 4063 * present. If it is a logical interface name use SIOCLIFADDIF to 4064 * create and (and fail it if already exists.) 4065 * As a special case send SIOCLIFADDIF for the loopback interface. This 4066 * is needed since there is no other notion of plumbing the loopback 4067 * interface. 4068 */ 4069 /* ARGSUSED */ 4070 static int 4071 inetplumb(char *arg, int64_t param) 4072 { 4073 char *strptr; 4074 boolean_t islo; 4075 zoneid_t zoneid; 4076 4077 strptr = strchr(name, ':'); 4078 islo = (strcmp(name, LOOPBACK_IF) == 0); 4079 4080 if (strptr != NULL || islo) { 4081 (void) memset(&lifr, 0, sizeof (lifr)); 4082 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4083 if (islo && ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) { 4084 if (debug) { 4085 (void) fprintf(stderr, 4086 "ifconfig: %s already exists\n", name); 4087 } 4088 return (0); 4089 } 4090 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) { 4091 if (errno == EEXIST) { 4092 if (debug) { 4093 (void) fprintf(stderr, 4094 "ifconfig: %s already exists\n", 4095 name); 4096 } 4097 } else { 4098 Perror2_exit("plumb: SIOCLIFADDIF", name); 4099 } 4100 } 4101 /* 4102 * IP can create the new logical interface on a different 4103 * physical interface in the same IPMP group. Take the new 4104 * interface into account for further operations. 4105 */ 4106 (void) strncpy(name, lifr.lifr_name, sizeof (name)); 4107 return (0); 4108 } 4109 4110 /* 4111 * For global zone, check if the interface is used by a non-global 4112 * zone, note that the non-global zones doesn't need this check, 4113 * because zoneadm has taken care of this when the zone boots. 4114 */ 4115 zoneid = getzoneid(); 4116 if (zoneid == GLOBAL_ZONEID) { 4117 int ret; 4118 4119 zoneid = ALL_ZONES; 4120 ret = zone_check_datalink(&zoneid, name); 4121 if (ret == 0) { 4122 char zonename[ZONENAME_MAX]; 4123 4124 (void) getzonenamebyid(zoneid, zonename, ZONENAME_MAX); 4125 (void) fprintf(stderr, "%s is used by non-global" 4126 "zone: %s\n", name, zonename); 4127 return (1); 4128 } 4129 } 4130 4131 if (debug) 4132 (void) printf("inetplumb: %s af %d\n", name, afp->af_af); 4133 4134 plumb_one_device(afp->af_af); 4135 return (0); 4136 } 4137 4138 void 4139 Perror0(const char *cmd) 4140 { 4141 Perror2(cmd, lifr.lifr_name); 4142 } 4143 4144 void 4145 Perror0_exit(const char *cmd) 4146 { 4147 Perror0(cmd); 4148 exit(1); 4149 /* NOTREACHED */ 4150 } 4151 4152 void 4153 Perror2(const char *cmd, const char *str) 4154 { 4155 int error = errno; 4156 4157 (void) fprintf(stderr, "ifconfig: %s: ", cmd); 4158 4159 switch (error) { 4160 case ENXIO: 4161 (void) fprintf(stderr, "%s: no such interface\n", str); 4162 break; 4163 case EPERM: 4164 (void) fprintf(stderr, "%s: permission denied\n", str); 4165 break; 4166 case EEXIST: 4167 (void) fprintf(stderr, "%s: already exists\n", str); 4168 break; 4169 default: 4170 errno = error; 4171 perror(str); 4172 } 4173 } 4174 4175 /* 4176 * Print out error message (Perror2()) and exit 4177 */ 4178 void 4179 Perror2_exit(const char *cmd, const char *str) 4180 { 4181 Perror2(cmd, str); 4182 exit(1); 4183 /* NOTREACHED */ 4184 } 4185 4186 void 4187 Perrdlpi(const char *cmd, const char *linkname, int err) 4188 { 4189 (void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd, 4190 linkname, dlpi_strerror(err)); 4191 } 4192 4193 /* 4194 * Print out error message (Perrdlpi()) and exit 4195 */ 4196 void 4197 Perrdlpi_exit(const char *cmd, const char *linkname, int err) 4198 { 4199 Perrdlpi(cmd, linkname, err); 4200 exit(1); 4201 } 4202 4203 /* 4204 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4205 * pass out <n> in *plenp. 4206 * If <n> doesn't parse return BAD_ADDR as *plenp. 4207 * If no /<n> is present return NO_PREFIX as *plenp. 4208 */ 4209 static void 4210 in_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4211 { 4212 /* LINTED: alignment */ 4213 struct sockaddr_in *sin = (struct sockaddr_in *)saddr; 4214 struct hostent *hp; 4215 struct netent *np; 4216 char str[BUFSIZ]; 4217 int error_num; 4218 4219 (void) strncpy(str, s, sizeof (str)); 4220 4221 /* 4222 * Look for '/'<n> is plenp 4223 */ 4224 if (plenp != NULL) { 4225 char *cp; 4226 4227 *plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS); 4228 if (*plenp == BAD_ADDR) 4229 return; 4230 cp = strchr(str, '/'); 4231 if (cp != NULL) 4232 *cp = '\0'; 4233 } else if (strchr(str, '/') != NULL) { 4234 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4235 exit(1); 4236 } 4237 4238 (void) memset(sin, 0, sizeof (*sin)); 4239 4240 /* 4241 * Try to catch attempts to set the broadcast address to all 1's. 4242 */ 4243 if (strcmp(str, "255.255.255.255") == 0 || 4244 (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) { 4245 sin->sin_family = AF_INET; 4246 sin->sin_addr.s_addr = 0xffffffff; 4247 return; 4248 } 4249 4250 hp = getipnodebyname(str, AF_INET, 0, &error_num); 4251 if (hp) { 4252 sin->sin_family = hp->h_addrtype; 4253 (void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length); 4254 freehostent(hp); 4255 return; 4256 } 4257 np = getnetbyname(str); 4258 if (np) { 4259 sin->sin_family = np->n_addrtype; 4260 sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY); 4261 return; 4262 } 4263 if (error_num == TRY_AGAIN) { 4264 (void) fprintf(stderr, "ifconfig: %s: bad address " 4265 "(try again later)\n", s); 4266 } else { 4267 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4268 } 4269 exit(1); 4270 } 4271 4272 /* 4273 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4274 * pass out <n> in *plenp. 4275 * If <n> doesn't parse return BAD_ADDR as *plenp. 4276 * If no /<n> is present return NO_PREFIX as *plenp. 4277 */ 4278 static void 4279 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4280 { 4281 /* LINTED: alignment */ 4282 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr; 4283 struct hostent *hp; 4284 char str[BUFSIZ]; 4285 int error_num; 4286 4287 (void) strncpy(str, s, sizeof (str)); 4288 4289 /* 4290 * Look for '/'<n> is plenp 4291 */ 4292 if (plenp != NULL) { 4293 char *cp; 4294 4295 *plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS); 4296 if (*plenp == BAD_ADDR) 4297 return; 4298 cp = strchr(str, '/'); 4299 if (cp != NULL) 4300 *cp = '\0'; 4301 } else if (strchr(str, '/') != NULL) { 4302 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4303 exit(1); 4304 } 4305 4306 (void) memset(sin6, 0, sizeof (*sin6)); 4307 4308 hp = getipnodebyname(str, AF_INET6, 0, &error_num); 4309 if (hp) { 4310 sin6->sin6_family = hp->h_addrtype; 4311 (void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length); 4312 freehostent(hp); 4313 return; 4314 } 4315 if (error_num == TRY_AGAIN) { 4316 (void) fprintf(stderr, "ifconfig: %s: bad address " 4317 "(try again later)\n", s); 4318 } else { 4319 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4320 } 4321 exit(1); 4322 } 4323 4324 /* 4325 * If "slash" is zero this parses the whole string as 4326 * an integer. With "slash" non zero it parses the tail part as an integer. 4327 * 4328 * If it is not a valid integer this returns BAD_ADDR. 4329 * If there is /<n> present this returns NO_PREFIX. 4330 */ 4331 static int 4332 in_getprefixlen(char *addr, boolean_t slash, int max_plen) 4333 { 4334 int prefixlen; 4335 char *str, *end; 4336 4337 if (slash) { 4338 str = strchr(addr, '/'); 4339 if (str == NULL) 4340 return (NO_PREFIX); 4341 str++; 4342 } else 4343 str = addr; 4344 4345 prefixlen = strtol(str, &end, 10); 4346 if (prefixlen < 0) 4347 return (BAD_ADDR); 4348 if (str == end) 4349 return (BAD_ADDR); 4350 if (max_plen != 0 && max_plen < prefixlen) 4351 return (BAD_ADDR); 4352 return (prefixlen); 4353 } 4354 4355 /* 4356 * Convert a prefix length to a mask. 4357 * Returns 1 if ok. 0 otherwise. 4358 * Assumes the mask array is zero'ed by the caller. 4359 */ 4360 static boolean_t 4361 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask) 4362 { 4363 if (prefixlen < 0 || prefixlen > maxlen) 4364 return (0); 4365 4366 while (prefixlen > 0) { 4367 if (prefixlen >= 8) { 4368 *mask++ = 0xFF; 4369 prefixlen -= 8; 4370 continue; 4371 } 4372 *mask |= 1 << (8 - prefixlen); 4373 prefixlen--; 4374 } 4375 return (1); 4376 } 4377 4378 static void 4379 print_flags(uint64_t flags) 4380 { 4381 boolean_t first = _B_TRUE; 4382 int cnt, i; 4383 4384 (void) printf("flags=%llx", flags); 4385 cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t); 4386 for (i = 0; i < cnt; i++) { 4387 if (flags & if_flags_tbl[i].iff_value) { 4388 if (first) { 4389 (void) printf("<"); 4390 first = _B_FALSE; 4391 } else { 4392 /* 4393 * It has to be here and not with the 4394 * printf below because for the last one, 4395 * we don't want a comma before the ">". 4396 */ 4397 (void) printf(","); 4398 } 4399 (void) printf("%s", if_flags_tbl[i].iff_name); 4400 } 4401 } 4402 if (!first) 4403 (void) printf(">"); 4404 } 4405 4406 static void 4407 print_config_flags(uint64_t flags) 4408 { 4409 int cnt, i; 4410 4411 cnt = sizeof (if_config_cmd_tbl) / sizeof (if_config_cmd_t); 4412 for (i = 0; i < cnt; i++) { 4413 if (flags & if_config_cmd_tbl[i].iff_flag) { 4414 (void) printf("%s ", if_config_cmd_tbl[i].iff_name); 4415 } 4416 } 4417 } 4418 4419 /* 4420 * Use the configured directory lookup mechanism (e.g. files/NIS/NIS+/...) 4421 * to find the network mask. Returns true if we found one to set. 4422 * 4423 * The parameter addr_set controls whether we should get the address of 4424 * the working interface for the netmask query. If addr_set is true, 4425 * we will use the address provided. Otherwise, we will find the working 4426 * interface's address and use it instead. 4427 */ 4428 static boolean_t 4429 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set) 4430 { 4431 struct sockaddr_in ifaddr; 4432 4433 /* 4434 * Read the address from the interface if it is not passed in. 4435 */ 4436 if (!addr_set) { 4437 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4438 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 4439 if (errno != EADDRNOTAVAIL) { 4440 (void) fprintf(stderr, "Need net number for " 4441 "mask\n"); 4442 } 4443 return (_B_FALSE); 4444 } 4445 ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr); 4446 } else { 4447 ifaddr.sin_addr = saddr->sin_addr; 4448 } 4449 if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) { 4450 saddr->sin_family = AF_INET; 4451 return (_B_TRUE); 4452 } 4453 return (_B_FALSE); 4454 } 4455 4456 static int 4457 strioctl(int s, int cmd, char *buf, int buflen) 4458 { 4459 struct strioctl ioc; 4460 4461 (void) memset(&ioc, 0, sizeof (ioc)); 4462 ioc.ic_cmd = cmd; 4463 ioc.ic_timout = 0; 4464 ioc.ic_len = buflen; 4465 ioc.ic_dp = buf; 4466 return (ioctl(s, I_STR, (char *)&ioc)); 4467 } 4468 4469 static void 4470 add_ni(const char *name) 4471 { 4472 ni_t **pp; 4473 ni_t *p; 4474 4475 for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) { 4476 if (strcmp(p->ni_name, name) == 0) { 4477 if (debug > 2) 4478 (void) fprintf(stderr, "'%s' is a duplicate\n", 4479 name); 4480 return; 4481 } 4482 } 4483 4484 if (debug > 2) 4485 (void) fprintf(stderr, "adding '%s'\n", 4486 name); 4487 4488 if ((p = malloc(sizeof (ni_t))) == NULL) 4489 return; 4490 4491 (void) strlcpy(p->ni_name, name, sizeof (p->ni_name)); 4492 p->ni_next = NULL; 4493 4494 *pp = p; 4495 num_ni++; 4496 } 4497 4498 /* ARGSUSED2 */ 4499 static boolean_t 4500 ni_entry(const char *linkname, void *arg) 4501 { 4502 dlpi_handle_t dh; 4503 datalink_class_t class; 4504 4505 (void) dladm_name2info(linkname, NULL, NULL, &class, NULL); 4506 if (class == DATALINK_CLASS_ETHERSTUB) 4507 return (_B_FALSE); 4508 if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS) 4509 return (_B_FALSE); 4510 4511 add_ni(linkname); 4512 4513 dlpi_close(dh); 4514 return (_B_FALSE); 4515 } 4516 4517 /* 4518 * dhcp-related routines 4519 */ 4520 4521 static int 4522 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[]) 4523 { 4524 dhcp_ipc_request_t *request; 4525 dhcp_ipc_reply_t *reply = NULL; 4526 int timeout = DHCP_IPC_WAIT_DEFAULT; 4527 dhcp_ipc_type_t type = DHCP_START; 4528 int error; 4529 boolean_t is_primary = _B_FALSE; 4530 boolean_t started = _B_FALSE; 4531 4532 for (argv++; --argc > 0; argv++) { 4533 4534 if (strcmp(*argv, "primary") == 0) { 4535 is_primary = _B_TRUE; 4536 continue; 4537 } 4538 4539 if (strcmp(*argv, "wait") == 0) { 4540 if (--argc <= 0) { 4541 usage(); 4542 return (DHCP_EXIT_BADARGS); 4543 } 4544 argv++; 4545 4546 if (strcmp(*argv, "forever") == 0) { 4547 timeout = DHCP_IPC_WAIT_FOREVER; 4548 continue; 4549 } 4550 4551 if (sscanf(*argv, "%d", &timeout) != 1) { 4552 usage(); 4553 return (DHCP_EXIT_BADARGS); 4554 } 4555 4556 if (timeout < 0) { 4557 usage(); 4558 return (DHCP_EXIT_BADARGS); 4559 } 4560 continue; 4561 } 4562 4563 type = dhcp_string_to_request(*argv); 4564 if (type == -1) { 4565 usage(); 4566 return (DHCP_EXIT_BADARGS); 4567 } 4568 } 4569 4570 /* 4571 * Only try to start agent on start or inform; in all other cases it 4572 * has to already be running for anything to make sense. 4573 */ 4574 if (type == DHCP_START || type == DHCP_INFORM) { 4575 if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) { 4576 (void) fprintf(stderr, "%s: unable to start %s\n", 4577 caller, DHCP_AGENT_PATH); 4578 return (DHCP_EXIT_FAILURE); 4579 } 4580 started = _B_TRUE; 4581 } 4582 4583 if (is_primary) 4584 type |= DHCP_PRIMARY; 4585 4586 if (af != AF_INET) 4587 type |= DHCP_V6; 4588 4589 request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE); 4590 if (request == NULL) { 4591 (void) fprintf(stderr, "%s: out of memory\n", caller); 4592 return (DHCP_EXIT_SYSTEM); 4593 } 4594 4595 error = dhcp_ipc_make_request(request, &reply, timeout); 4596 if (error != 0) { 4597 free(request); 4598 /* 4599 * Re-map connect error to not under control if we didn't try a 4600 * start operation, as this has to be true and results in a 4601 * clearer message, not to mention preserving compatibility 4602 * with the days when we always started dhcpagent for every 4603 * request. 4604 */ 4605 if (error == DHCP_IPC_E_CONNECT && !started) 4606 error = DHCP_IPC_E_UNKIF; 4607 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4608 dhcp_ipc_strerror(error)); 4609 return (DHCP_EXIT_FAILURE); 4610 } 4611 4612 error = reply->return_code; 4613 if (error != 0) { 4614 free(request); 4615 free(reply); 4616 4617 if (error == DHCP_IPC_E_TIMEOUT && timeout == 0) 4618 return (DHCP_EXIT_SUCCESS); 4619 4620 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4621 dhcp_ipc_strerror(error)); 4622 4623 if (error == DHCP_IPC_E_TIMEOUT) 4624 return (DHCP_EXIT_TIMEOUT); 4625 else 4626 return (DHCP_EXIT_IF_FAILURE); 4627 } 4628 4629 if (DHCP_IPC_CMD(type) == DHCP_STATUS) { 4630 (void) printf("%s", dhcp_status_hdr_string()); 4631 (void) printf("%s", dhcp_status_reply_to_string(reply)); 4632 } 4633 4634 free(request); 4635 free(reply); 4636 return (DHCP_EXIT_SUCCESS); 4637 } 4638 4639 static void 4640 usage(void) 4641 { 4642 (void) fprintf(stderr, 4643 "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n"); 4644 4645 (void) fprintf(stderr, "%s", 4646 "\t[ <addr_family> ]\n" 4647 "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n" 4648 "\t[ set [ <address>][/<prefix_length>] ]" 4649 " [ <address>/<prefix_length>] ]\n" 4650 "\t[ destination <dest_address> ]\n" 4651 "\t[ addif <address>[/<prefix_length>]" 4652 " [ <dest_address> ] ]\n" 4653 "\t[ removeif <address>[/<prefix_length>] ]\n" 4654 "\t[ arp | -arp ]\n" 4655 "\t[ auto-revarp ]\n" 4656 "\t[ broadcast <broad_addr> ]\n" 4657 "\t[ index <if_index> ]\n" 4658 "\t[ metric <n> ] [ mtu <n> ]\n" 4659 "\t[ netmask <mask> ]\n" 4660 "\t[ plumb ] [ unplumb ]\n" 4661 "\t[ preferred | -preferred ]\n" 4662 "\t[ private | -private ]\n" 4663 "\t[ local | -local ]\n" 4664 "\t[ router | -router ]\n" 4665 "\t[ subnet <subnet_address>]\n" 4666 "\t[ trailers | -trailers ]\n" 4667 "\t[ token <address>/<prefix_length> ]\n" 4668 "\t[ tsrc <tunnel_src_address> ]\n" 4669 "\t[ tdst <tunnel_dest_address> ]\n" 4670 "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n" 4671 "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n" 4672 "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n" 4673 "\t[ up ] [ down ]\n" 4674 "\t[ xmit | -xmit ]\n" 4675 "\t[ modlist ]\n" 4676 "\t[ modinsert <module_name@position> ]\n" 4677 "\t[ modremove <module_name@position> ]\n" 4678 "\t[ group <groupname>] | [ group \"\"]\n" 4679 "\t[ deprecated | -deprecated ]\n" 4680 "\t[ standby | -standby ]\n" 4681 "\t[ failover | -failover ]\n" 4682 "\t[ zone <zonename> | -zone ]\n" 4683 "\t[ usesrc <interface> ]\n" 4684 "\t[ all-zones ]\n"); 4685 4686 (void) fprintf(stderr, "or\n"); 4687 (void) fprintf(stderr, 4688 "\tifconfig <interface> | -a[ 4 | 6 | D ] [ u | d ]\n"); 4689 4690 (void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n" 4691 "\t[ wait <time> | forever ]\n\t[ primary ]\n" 4692 "\tstart | drop | ping | release | status | inform\n"); 4693 } 4694