1 /* 2 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 /* 6 * Copyright (c) 1983 Regents of the University of California. 7 * All rights reserved. The Berkeley software License Agreement 8 * specifies the terms and conditions for redistribution. 9 */ 10 11 #include "defs.h" 12 #include "strings.h" 13 #include "ifconfig.h" 14 #include <compat.h> 15 #include <libdlpi.h> 16 #include <libdllink.h> 17 #include <inet/ip.h> 18 #include <inet/ipsec_impl.h> 19 20 #define LOOPBACK_IF "lo0" 21 #define NONE_STR "none" 22 #define ARP_MOD_NAME "arp" 23 #define TUN_NAME "tun" 24 #define ATUN_NAME "atun" 25 #define TUN6TO4_NAME "6to4tun" 26 #define IPMPSTUB (void *)-1 27 28 typedef struct if_flags { 29 uint64_t iff_value; 30 char *iff_name; 31 } if_flags_t; 32 33 static if_flags_t if_flags_tbl[] = { 34 { IFF_UP, "UP" }, 35 { IFF_BROADCAST, "BROADCAST" }, 36 { IFF_DEBUG, "DEBUG" }, 37 { IFF_LOOPBACK, "LOOPBACK" }, 38 { IFF_POINTOPOINT, "POINTOPOINT" }, 39 { IFF_NOTRAILERS, "NOTRAILERS" }, 40 { IFF_RUNNING, "RUNNING" }, 41 { IFF_NOARP, "NOARP" }, 42 { IFF_PROMISC, "PROMISC" }, 43 { IFF_ALLMULTI, "ALLMULTI" }, 44 { IFF_INTELLIGENT, "INTELLIGENT" }, 45 { IFF_MULTICAST, "MULTICAST" }, 46 { IFF_MULTI_BCAST, "MULTI_BCAST" }, 47 { IFF_UNNUMBERED, "UNNUMBERED" }, 48 { IFF_DHCPRUNNING, "DHCP" }, 49 { IFF_PRIVATE, "PRIVATE" }, 50 { IFF_NOXMIT, "NOXMIT" }, 51 { IFF_NOLOCAL, "NOLOCAL" }, 52 { IFF_DEPRECATED, "DEPRECATED" }, 53 { IFF_ADDRCONF, "ADDRCONF" }, 54 { IFF_ROUTER, "ROUTER" }, 55 { IFF_NONUD, "NONUD" }, 56 { IFF_ANYCAST, "ANYCAST" }, 57 { IFF_NORTEXCH, "NORTEXCH" }, 58 { IFF_IPV4, "IPv4" }, 59 { IFF_IPV6, "IPv6" }, 60 { IFF_NOFAILOVER, "NOFAILOVER" }, 61 { IFF_FAILED, "FAILED" }, 62 { IFF_STANDBY, "STANDBY" }, 63 { IFF_INACTIVE, "INACTIVE" }, 64 { IFF_OFFLINE, "OFFLINE" }, 65 { IFF_XRESOLV, "XRESOLV" }, 66 { IFF_COS_ENABLED, "CoS" }, 67 { IFF_PREFERRED, "PREFERRED" }, 68 { IFF_TEMPORARY, "TEMPORARY" }, 69 { IFF_FIXEDMTU, "FIXEDMTU" }, 70 { IFF_VIRTUAL, "VIRTUAL" }, 71 { IFF_DUPLICATE, "DUPLICATE" }, 72 { IFF_IPMP, "IPMP"} 73 }; 74 75 typedef struct { 76 const char *ia_app; 77 uint64_t ia_flag; 78 uint_t ia_tries; 79 } if_appflags_t; 80 81 static const if_appflags_t if_appflags_tbl[] = { 82 { "dhcpagent(1M)", IFF_DHCPRUNNING, 1 }, 83 { "in.ndpd(1M)", IFF_ADDRCONF, 3 }, 84 { NULL, 0, 0 } 85 }; 86 87 static struct lifreq lifr; 88 /* current interface name a particular function is accessing */ 89 static char name[LIFNAMSIZ]; 90 /* foreach interface saved name */ 91 static char origname[LIFNAMSIZ]; 92 static int setaddr; 93 94 /* 95 * Make sure the algorithm variables hold more than the sizeof an algorithm 96 * in PF_KEY. (For now, more than a uint8_t.) The NO_***_?ALG indicates that 97 * there was no algorithm requested, and in the ipsec_req that service should 98 * be disabled. (E.g. if ah_aalg remains NO_AH_AALG, then AH will be 99 * disabled on that tunnel.) 100 */ 101 #define NO_AH_AALG 256 102 #define NO_ESP_AALG 256 103 #define NO_ESP_EALG 256 104 105 int s, s4, s6; 106 int af = AF_INET; /* default address family */ 107 int debug = 0; 108 int all = 0; /* setifdhcp() needs to know this */ 109 int verbose = 0; 110 int v4compat = 0; /* Compatible printing format */ 111 112 /* 113 * Function prototypes for command functions. 114 */ 115 static int addif(char *arg, int64_t param); 116 static int inetipmp(char *arg, int64_t param); 117 static int inetplumb(char *arg, int64_t param); 118 static int inetunplumb(char *arg, int64_t param); 119 static int removeif(char *arg, int64_t param); 120 static int setdebugflag(char *arg, int64_t param); 121 static int setifaddr(char *arg, int64_t param); 122 static int setifbroadaddr(char *arg, int64_t param); 123 static int setifdstaddr(char *arg, int64_t param); 124 static int setifether(char *arg, int64_t param); 125 static int setifflags(char *arg, int64_t param); 126 static int setifindex(char *arg, int64_t param); 127 static int setifmetric(char *arg, int64_t param); 128 static int setifmtu(char *arg, int64_t param); 129 static int setifnetmask(char *arg, int64_t param); 130 static int setifprefixlen(char *arg, int64_t param); 131 static int setifrevarp(char *arg, int64_t param); 132 static int setifsubnet(char *arg, int64_t param); 133 static int setiftdst(char *arg, int64_t param); 134 static int setiftoken(char *arg, int64_t param); 135 static int setiftsrc(char *arg, int64_t param); 136 static int setverboseflag(char *arg, int64_t param); 137 static int set_tun_ah_alg(char *arg, int64_t param); 138 static int set_tun_esp_auth_alg(char *arg, int64_t param); 139 static int set_tun_esp_encr_alg(char *arg, int64_t param); 140 static int modlist(char *arg, int64_t param); 141 static int modinsert(char *arg, int64_t param); 142 static int modremove(char *arg, int64_t param); 143 static int setifgroupname(char *arg, int64_t param); 144 static int configinfo(char *arg, int64_t param); 145 static void print_config_flags(int af, uint64_t flags); 146 static void print_flags(uint64_t flags); 147 static void print_ifether(char *ifname); 148 static int set_tun_encap_limit(char *arg, int64_t param); 149 static int clr_tun_encap_limit(char *arg, int64_t param); 150 static int set_tun_hop_limit(char *arg, int64_t param); 151 static int setzone(char *arg, int64_t param); 152 static int setallzones(char *arg, int64_t param); 153 static int setifsrc(char *arg, int64_t param); 154 static int lifnum(const char *ifname); 155 156 /* 157 * Address family specific function prototypes. 158 */ 159 static void in_getaddr(char *s, struct sockaddr *saddr, int *plenp); 160 static void in_status(int force, uint64_t flags); 161 static void in_configinfo(int force, uint64_t flags); 162 static void in6_getaddr(char *s, struct sockaddr *saddr, int *plenp); 163 static void in6_status(int force, uint64_t flags); 164 static void in6_configinfo(int force, uint64_t flags); 165 166 /* 167 * Misc support functions 168 */ 169 static boolean_t ni_entry(const char *, void *); 170 static void foreachinterface(void (*func)(), int argc, char *argv[], 171 int af, int64_t onflags, int64_t offflags, 172 int64_t lifc_flags); 173 static void ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp); 174 static boolean_t in_getmask(struct sockaddr_in *saddr, 175 boolean_t addr_set); 176 static int in_getprefixlen(char *addr, boolean_t slash, int plen); 177 static boolean_t in_prefixlentomask(int prefixlen, int maxlen, 178 uchar_t *mask); 179 static int settaddr(char *, int (*)(icfg_handle_t, 180 const struct sockaddr *, socklen_t)); 181 static void status(void); 182 static void ifstatus(const char *); 183 static void usage(void); 184 static int strioctl(int s, int cmd, void *buf, int buflen); 185 static int setifdhcp(const char *caller, const char *ifname, 186 int argc, char *argv[]); 187 static int ip_domux2fd(int *, int *, int *, int *, int *); 188 static int ip_plink(int, int, int, int, int); 189 static int modop(char *arg, char op); 190 static int find_all_global_interfaces(struct lifconf *lifcp, char **buf, 191 int64_t lifc_flags); 192 static int find_all_zone_interfaces(struct lifconf *lifcp, char **buf, 193 int64_t lifc_flags); 194 static int create_ipmp(const char *grname, int af, const char *ifname, 195 boolean_t implicit); 196 static int create_ipmp_peer(int af, const char *ifname); 197 static void start_ipmp_daemon(void); 198 static boolean_t ifaddr_up(ifaddrlistx_t *ifaddrp); 199 static boolean_t ifaddr_down(ifaddrlistx_t *ifaddrp); 200 201 #define max(a, b) ((a) < (b) ? (b) : (a)) 202 203 /* 204 * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there 205 * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep 206 * on going rather than exit with an error. 207 */ 208 209 #define DHCP_EXIT_IF_FAILURE -1 210 211 #define NEXTARG 0xffffff /* command takes an argument */ 212 #define OPTARG 0xfffffe /* command takes an optional argument */ 213 #define AF_ANY (-1) 214 215 /* Refer to the comments in ifconfig() on the netmask "hack" */ 216 #define NETMASK_CMD "netmask" 217 struct sockaddr_storage g_netmask; 218 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET } 219 g_netmask_set = G_NETMASK_NIL; 220 221 struct cmd { 222 char *c_name; 223 int64_t c_parameter; /* NEXTARG means next argv */ 224 int (*c_func)(char *, int64_t); 225 int c_abortonfail; /* don't continue parsing args */ 226 /* for the current interface */ 227 int c_af; /* address family restrictions */ 228 } cmds[] = { 229 { "up", IFF_UP, setifflags, 0, AF_ANY }, 230 { "down", -IFF_UP, setifflags, 0, AF_ANY }, 231 { "trailers", -IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 232 { "-trailers", IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 233 { "arp", -IFF_NOARP, setifflags, 0, AF_INET }, 234 { "-arp", IFF_NOARP, setifflags, 0, AF_INET }, 235 { "router", IFF_ROUTER, setifflags, 0, AF_ANY }, 236 { "-router", -IFF_ROUTER, setifflags, 0, AF_ANY }, 237 { "private", IFF_PRIVATE, setifflags, 0, AF_ANY }, 238 { "-private", -IFF_PRIVATE, setifflags, 0, AF_ANY }, 239 { "xmit", -IFF_NOXMIT, setifflags, 0, AF_ANY }, 240 { "-xmit", IFF_NOXMIT, setifflags, 0, AF_ANY }, 241 { "-nud", IFF_NONUD, setifflags, 0, AF_INET6 }, 242 { "nud", -IFF_NONUD, setifflags, 0, AF_INET6 }, 243 { "anycast", IFF_ANYCAST, setifflags, 0, AF_ANY }, 244 { "-anycast", -IFF_ANYCAST, setifflags, 0, AF_ANY }, 245 { "local", -IFF_NOLOCAL, setifflags, 0, AF_ANY }, 246 { "-local", IFF_NOLOCAL, setifflags, 0, AF_ANY }, 247 { "deprecated", IFF_DEPRECATED, setifflags, 0, AF_ANY }, 248 { "-deprecated", -IFF_DEPRECATED, setifflags, 0, AF_ANY }, 249 { "preferred", IFF_PREFERRED, setifflags, 0, AF_INET6 }, 250 { "-preferred", -IFF_PREFERRED, setifflags, 0, AF_INET6 }, 251 { "debug", 0, setdebugflag, 0, AF_ANY }, 252 { "verbose", 0, setverboseflag, 0, AF_ANY }, 253 { NETMASK_CMD, NEXTARG, setifnetmask, 0, AF_INET }, 254 { "metric", NEXTARG, setifmetric, 0, AF_ANY }, 255 { "mtu", NEXTARG, setifmtu, 0, AF_ANY }, 256 { "index", NEXTARG, setifindex, 0, AF_ANY }, 257 { "broadcast", NEXTARG, setifbroadaddr, 0, AF_INET }, 258 { "auto-revarp", 0, setifrevarp, 1, AF_INET }, 259 { "ipmp", 0, inetipmp, 1, AF_ANY }, 260 { "plumb", 0, inetplumb, 1, AF_ANY }, 261 { "unplumb", 0, inetunplumb, 0, AF_ANY }, 262 { "subnet", NEXTARG, setifsubnet, 0, AF_ANY }, 263 { "token", NEXTARG, setiftoken, 0, AF_INET6 }, 264 { "tsrc", NEXTARG, setiftsrc, 0, AF_ANY }, 265 { "tdst", NEXTARG, setiftdst, 0, AF_ANY }, 266 { "encr_auth_algs", NEXTARG, set_tun_esp_auth_alg, 0, AF_ANY }, 267 { "encr_algs", NEXTARG, set_tun_esp_encr_alg, 0, AF_ANY }, 268 { "auth_algs", NEXTARG, set_tun_ah_alg, 0, AF_ANY }, 269 { "addif", NEXTARG, addif, 1, AF_ANY }, 270 { "removeif", NEXTARG, removeif, 1, AF_ANY }, 271 { "modlist", 0, modlist, 1, AF_ANY }, 272 { "modinsert", NEXTARG, modinsert, 1, AF_ANY }, 273 { "modremove", NEXTARG, modremove, 1, AF_ANY }, 274 { "failover", -IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 275 { "-failover", IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 276 { "standby", IFF_STANDBY, setifflags, 1, AF_ANY }, 277 { "-standby", -IFF_STANDBY, setifflags, 1, AF_ANY }, 278 { "failed", IFF_FAILED, setifflags, 1, AF_ANY }, 279 { "-failed", -IFF_FAILED, setifflags, 1, AF_ANY }, 280 { "group", NEXTARG, setifgroupname, 1, AF_ANY }, 281 { "configinfo", 0, configinfo, 1, AF_ANY }, 282 { "encaplimit", NEXTARG, set_tun_encap_limit, 0, AF_ANY }, 283 { "-encaplimit", 0, clr_tun_encap_limit, 0, AF_ANY }, 284 { "thoplimit", NEXTARG, set_tun_hop_limit, 0, AF_ANY }, 285 { "set", NEXTARG, setifaddr, 0, AF_ANY }, 286 { "destination", NEXTARG, setifdstaddr, 0, AF_ANY }, 287 { "zone", NEXTARG, setzone, 0, AF_ANY }, 288 { "-zone", 0, setzone, 0, AF_ANY }, 289 { "all-zones", 0, setallzones, 0, AF_ANY }, 290 { "ether", OPTARG, setifether, 0, AF_ANY }, 291 { "usesrc", NEXTARG, setifsrc, 0, AF_ANY }, 292 293 /* 294 * NOTE: any additions to this table must also be applied to ifparse 295 * (usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c) 296 */ 297 298 { 0, 0, setifaddr, 0, AF_ANY }, 299 { 0, 0, setifdstaddr, 0, AF_ANY }, 300 { 0, 0, 0, 0, 0 }, 301 }; 302 303 304 typedef struct if_config_cmd { 305 uint64_t iff_flag; 306 int iff_af; 307 char *iff_name; 308 } if_config_cmd_t; 309 310 /* 311 * NOTE: print_config_flags() processes this table in order, so we put "up" 312 * last so that we can be sure "-failover" will take effect first. Otherwise, 313 * IPMP test addresses will erroneously migrate to the IPMP interface. 314 */ 315 static if_config_cmd_t if_config_cmd_tbl[] = { 316 { IFF_NOTRAILERS, AF_UNSPEC, "-trailers" }, 317 { IFF_PRIVATE, AF_UNSPEC, "private" }, 318 { IFF_NOXMIT, AF_UNSPEC, "-xmit" }, 319 { IFF_ANYCAST, AF_INET6, "anycast" }, 320 { IFF_NOLOCAL, AF_UNSPEC, "-local" }, 321 { IFF_DEPRECATED, AF_UNSPEC, "deprecated" }, 322 { IFF_NOFAILOVER, AF_UNSPEC, "-failover" }, 323 { IFF_STANDBY, AF_UNSPEC, "standby" }, 324 { IFF_FAILED, AF_UNSPEC, "failed" }, 325 { IFF_PREFERRED, AF_UNSPEC, "preferred" }, 326 { IFF_NONUD, AF_INET6, "-nud" }, 327 { IFF_NOARP, AF_INET, "-arp" }, 328 { IFF_UP, AF_UNSPEC, "up" }, 329 { 0, 0, NULL }, 330 }; 331 332 typedef struct ni { 333 char ni_name[LIFNAMSIZ]; 334 struct ni *ni_next; 335 } ni_t; 336 337 static ni_t *ni_list = NULL; 338 static int num_ni = 0; 339 340 /* End defines and structure definitions for ifconfig -a plumb */ 341 342 /* Known address families */ 343 struct afswtch { 344 char *af_name; 345 short af_af; 346 void (*af_status)(); 347 void (*af_getaddr)(); 348 void (*af_configinfo)(); 349 } afs[] = { 350 { "inet", AF_INET, in_status, in_getaddr, in_configinfo }, 351 { "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo }, 352 { 0, 0, 0, 0, 0 } 353 }; 354 355 #define SOCKET_AF(af) (((af) == AF_UNSPEC) ? AF_INET : (af)) 356 357 struct afswtch *afp; /* the address family being set or asked about */ 358 359 int 360 main(int argc, char *argv[]) 361 { 362 int64_t lifc_flags; 363 char *default_ip_str; 364 365 lifc_flags = LIFC_NOXMIT|LIFC_TEMPORARY|LIFC_ALLZONES|LIFC_UNDER_IPMP; 366 367 if (argc < 2) { 368 usage(); 369 exit(1); 370 } 371 argc--, argv++; 372 if (strlen(*argv) > sizeof (name) - 1) { 373 (void) fprintf(stderr, "%s: interface name too long\n", *argv); 374 exit(1); 375 } 376 (void) strncpy(name, *argv, sizeof (name)); 377 name[sizeof (name) - 1] = '\0'; 378 (void) strncpy(origname, name, sizeof (origname)); /* For addif */ 379 default_ip_str = NULL; 380 v4compat = get_compat_flag(&default_ip_str); 381 if (v4compat == DEFAULT_PROT_BAD_VALUE) { 382 (void) fprintf(stderr, 383 "ifconfig: %s: Bad value for %s in %s\n", default_ip_str, 384 DEFAULT_IP, INET_DEFAULT_FILE); 385 free(default_ip_str); 386 exit(2); 387 } 388 free(default_ip_str); 389 argc--, argv++; 390 if (argc > 0) { 391 struct afswtch *myafp; 392 393 for (myafp = afp = afs; myafp->af_name; myafp++) { 394 if (strcmp(myafp->af_name, *argv) == 0) { 395 afp = myafp; argc--; argv++; 396 break; 397 } 398 } 399 af = lifr.lifr_addr.ss_family = afp->af_af; 400 if (af == AF_INET6) { 401 v4compat = 0; 402 } 403 } 404 405 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 406 s4 = socket(AF_INET, SOCK_DGRAM, 0); 407 s6 = socket(AF_INET6, SOCK_DGRAM, 0); 408 if (s == -1 || s4 == -1 || s6 == -1) 409 Perror0_exit("socket"); 410 411 /* 412 * Special interface names is any combination of these flags. 413 * Note that due to the ifconfig syntax they have to be combined 414 * as a single '-' option. 415 * -a All interfaces 416 * -u "up" interfaces 417 * -d "down" interfaces 418 * -D Interfaces not controlled by DHCP 419 * -4 IPv4 interfaces 420 * -6 IPv6 interfaces 421 * -X Turn on debug (not documented) 422 * -v Turn on verbose 423 * -Z Only interfaces in caller's zone 424 */ 425 426 if (name[0] == '-') { 427 /* One or more options */ 428 int64_t onflags = 0; 429 int64_t offflags = 0; 430 int c; 431 char *av[2] = { "ifconfig", name }; 432 433 while ((c = getopt(2, av, "audDXZ46v")) != -1) { 434 switch ((char)c) { 435 case 'a': 436 all = 1; 437 break; 438 case 'u': 439 onflags |= IFF_UP; 440 break; 441 case 'd': 442 offflags |= IFF_UP; 443 break; 444 case 'D': 445 offflags |= IFF_DHCPRUNNING; 446 break; 447 case 'X': 448 debug += 3; 449 break; 450 case 'Z': 451 lifc_flags &= ~LIFC_ALLZONES; 452 break; 453 case '4': 454 /* 455 * -4 is not a compatable flag, therefore 456 * we assume they want v4compat turned off 457 */ 458 v4compat = 0; 459 onflags |= IFF_IPV4; 460 break; 461 case '6': 462 /* 463 * If they want IPv6, well then we'll assume 464 * they don't want IPv4 compat 465 */ 466 v4compat = 0; 467 onflags |= IFF_IPV6; 468 break; 469 case 'v': 470 verbose = 1; 471 break; 472 case '?': 473 usage(); 474 exit(1); 475 } 476 } 477 if (!all) { 478 (void) fprintf(stderr, 479 "ifconfig: %s: no such interface\n", name); 480 exit(1); 481 } 482 foreachinterface(ifconfig, argc, argv, af, onflags, offflags, 483 lifc_flags); 484 } else { 485 ifconfig(argc, argv, af, (struct lifreq *)NULL); 486 } 487 return (0); 488 } 489 490 /* 491 * For each interface, call (*func)(argc, argv, af, lifrp). 492 * Only call function if onflags and offflags are set or clear, respectively, 493 * in the interfaces flags field. 494 */ 495 static void 496 foreachinterface(void (*func)(), int argc, char *argv[], int af, 497 int64_t onflags, int64_t offflags, int64_t lifc_flags) 498 { 499 int n; 500 char *buf; 501 struct lifnum lifn; 502 struct lifconf lifc; 503 struct lifreq *lifrp; 504 struct lifreq lifrl; /* Local lifreq struct */ 505 int numifs; 506 unsigned bufsize; 507 int plumball = 0; 508 int save_af = af; 509 510 buf = NULL; 511 /* 512 * Special case: 513 * ifconfig -a plumb should find all network interfaces 514 * in the machine for the global zone. 515 * For non-global zones, only find the assigned interfaces. 516 * Also, there is no need to SIOCGLIF* ioctls, since 517 * those interfaces have already been plumbed 518 */ 519 if (argc > 0 && (strcmp(*argv, "plumb") == 0)) { 520 if (getzoneid() == GLOBAL_ZONEID) { 521 if (find_all_global_interfaces(&lifc, &buf, 522 lifc_flags) != 0) 523 return; 524 } else { 525 if (find_all_zone_interfaces(&lifc, &buf, 526 lifc_flags) != 0) 527 return; 528 } 529 if (lifc.lifc_len == 0) 530 return; 531 plumball = 1; 532 } else { 533 lifn.lifn_family = AF_UNSPEC; 534 lifn.lifn_flags = lifc_flags; 535 if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) { 536 Perror0_exit("Could not determine number" 537 " of interfaces"); 538 } 539 numifs = lifn.lifn_count; 540 if (debug) 541 (void) printf("ifconfig: %d interfaces\n", numifs); 542 543 bufsize = numifs * sizeof (struct lifreq); 544 if ((buf = malloc(bufsize)) == NULL) { 545 Perror0("out of memory\n"); 546 (void) close(s); 547 return; 548 } 549 550 lifc.lifc_family = AF_UNSPEC; 551 lifc.lifc_flags = lifc_flags; 552 lifc.lifc_len = bufsize; 553 lifc.lifc_buf = buf; 554 555 if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) { 556 Perror0("SIOCGLIFCONF"); 557 (void) close(s); 558 free(buf); 559 return; 560 } 561 } 562 563 lifrp = lifc.lifc_req; 564 for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) { 565 566 if (!plumball) { 567 /* 568 * We must close and recreate the socket each time 569 * since we don't know what type of socket it is now 570 * (each status function may change it). 571 */ 572 573 (void) close(s); 574 575 af = lifrp->lifr_addr.ss_family; 576 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 577 if (s == -1) { 578 /* 579 * Perror0() assumes the name to be in the 580 * globally defined lifreq structure. 581 */ 582 (void) strncpy(lifr.lifr_name, 583 lifrp->lifr_name, sizeof (lifr.lifr_name)); 584 Perror0_exit("socket"); 585 } 586 } 587 588 /* 589 * Only service interfaces that match the on and off 590 * flags masks. 591 */ 592 if (onflags || offflags) { 593 (void) memset(&lifrl, 0, sizeof (lifrl)); 594 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name, 595 sizeof (lifrl.lifr_name)); 596 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrl) < 0) { 597 /* 598 * Perror0() assumes the name to be in the 599 * globally defined lifreq structure. 600 */ 601 (void) strncpy(lifr.lifr_name, 602 lifrp->lifr_name, sizeof (lifr.lifr_name)); 603 Perror0_exit("foreachinterface: SIOCGLIFFLAGS"); 604 } 605 if ((lifrl.lifr_flags & onflags) != onflags) 606 continue; 607 if ((~lifrl.lifr_flags & offflags) != offflags) 608 continue; 609 } 610 611 if (!plumball) { 612 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name, 613 sizeof (lifrl.lifr_name)); 614 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifrl) < 0) { 615 /* 616 * Perror0() assumes the name to be in the 617 * globally defined lifreq structure. 618 */ 619 (void) strncpy(lifr.lifr_name, 620 lifrp->lifr_name, sizeof (lifr.lifr_name)); 621 Perror0("foreachinterface: SIOCGLIFADDR"); 622 continue; 623 } 624 if (lifrl.lifr_addr.ss_family != af) { 625 /* Switch address family */ 626 af = lifrl.lifr_addr.ss_family; 627 (void) close(s); 628 629 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 630 if (s == -1) { 631 /* 632 * Perror0() assumes the name to be in 633 * the globally defined lifreq 634 * structure. 635 */ 636 (void) strncpy(lifr.lifr_name, 637 lifrp->lifr_name, 638 sizeof (lifr.lifr_name)); 639 Perror0_exit("socket"); 640 } 641 } 642 } 643 644 /* 645 * Reset global state 646 * setaddr: Used by parser to tear apart source and dest 647 * name and origname contain the name of the 'current' 648 * interface. 649 */ 650 setaddr = 0; 651 (void) strncpy(name, lifrp->lifr_name, sizeof (name)); 652 (void) strncpy(origname, name, sizeof (origname)); 653 654 (*func)(argc, argv, save_af, lifrp); 655 /* the func could have overwritten origname, so restore */ 656 (void) strncpy(name, origname, sizeof (name)); 657 } 658 if (buf != NULL) 659 free(buf); 660 } 661 662 static void 663 tun_reality_check(void) 664 { 665 struct iftun_req treq; 666 ipsec_req_t *ipsr; 667 668 (void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name)); 669 if (strchr(name, ':') != NULL) { 670 /* Return, we don't need to check. */ 671 return; 672 } 673 if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0 || 674 !(treq.ifta_flags & IFTUN_SECURITY) || 675 (treq.ifta_flags & IFTUN_COMPLEX_SECURITY)) { 676 /* 677 * Either not a tunnel (the SIOCGTUNPARAM fails on 678 * non-tunnels), the security flag is not set, or 679 * this is a tunnel with ipsecconf(1M)-set policy. 680 * Regardless, return. 681 */ 682 return; 683 } 684 685 ipsr = (ipsec_req_t *)&treq.ifta_secinfo; 686 687 if (ipsr->ipsr_esp_req != 0 && 688 ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE && 689 ipsr->ipsr_ah_req == 0) 690 (void) fprintf(stderr, "ifconfig: WARNING - tunnel with " 691 "only ESP and no authentication.\n"); 692 } 693 694 /* 695 * for the specified interface call (*func)(argc, argv, af, lifrp). 696 */ 697 698 static void 699 ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp) 700 { 701 static boolean_t scan_netmask = _B_FALSE; 702 int ret; 703 704 if (argc == 0) { 705 status(); 706 return; 707 } 708 709 if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) { 710 /* 711 * Some errors are ignored in the case where more than one 712 * interface is being operated on. 713 */ 714 ret = setifdhcp("ifconfig", name, argc, argv); 715 if (ret == DHCP_EXIT_IF_FAILURE) { 716 if (!all) 717 exit(DHCP_EXIT_FAILURE); 718 } else if (ret != DHCP_EXIT_SUCCESS) { 719 exit(ret); 720 } 721 return; 722 } 723 724 /* 725 * The following is a "hack" to get around the existing interface 726 * setting mechanism. Currently, each interface attribute, 727 * such as address, netmask, broadcast, ... is set separately. But 728 * sometimes two or more attributes must be set together. For 729 * example, setting an address without a netmask does not make sense. 730 * Yet they can be set separately for IPv4 address using the current 731 * ifconfig(1M) syntax. The kernel then "infers" the correct netmask 732 * using the deprecated "IP address classes." This is simply not 733 * correct. 734 * 735 * The "hack" below is to go thru the whole command list looking for 736 * the netmask command first. Then use this netmask to set the 737 * address. This does not provide an extensible way to accommodate 738 * future need for setting more than one attributes together. 739 * 740 * Note that if the "netmask" command argument is a "+", we need 741 * to save this info and do the query after we know the address to 742 * be set. The reason is that if "addif" is used, the working 743 * interface name will be changed later when the logical interface 744 * is created. In in_getmask(), if an address is not provided, 745 * it will use the working interface's address to do the query. 746 * It will be wrong now as we don't know the logical interface's name. 747 * 748 * ifconfig(1M) is too overloaded and the code is so convoluted 749 * that it is "safer" not to re-architect the code to fix the above 750 * issue, hence this "hack." We may be better off to have a new 751 * command with better syntax for configuring network interface 752 * parameters... 753 */ 754 if (!scan_netmask && afp->af_af == AF_INET) { 755 int largc; 756 char **largv; 757 758 /* Only go thru the command list once to find the netmask. */ 759 scan_netmask = _B_TRUE; 760 761 /* 762 * Currently, if multiple netmask commands are specified, the 763 * last one will be used as the final netmask. So we need 764 * to scan the whole list to preserve this behavior. 765 */ 766 for (largc = argc, largv = argv; largc > 0; largc--, largv++) { 767 if (strcmp(*largv, NETMASK_CMD) == 0) { 768 if (--largc == 0) 769 break; 770 largv++; 771 if (strcmp(*largv, "+") == 0) { 772 g_netmask_set = G_NETMASK_PENDING; 773 } else { 774 in_getaddr(*largv, (struct sockaddr *) 775 &g_netmask, NULL); 776 g_netmask_set = G_NETMASK_SET; 777 } 778 /* Continue the scan. */ 779 } 780 } 781 } 782 783 while (argc > 0) { 784 struct cmd *p; 785 boolean_t found_cmd; 786 787 if (debug) 788 (void) printf("ifconfig: argv %s\n", *argv); 789 790 found_cmd = _B_FALSE; 791 for (p = cmds; p->c_func; p++) { 792 if (p->c_name) { 793 if (strcmp(*argv, p->c_name) == 0) { 794 /* 795 * indicate that the command was 796 * found and check to see if 797 * the address family is valid 798 */ 799 found_cmd = _B_TRUE; 800 if (p->c_af == AF_ANY || 801 af == p->c_af) 802 break; 803 } 804 } else { 805 if (p->c_af == AF_ANY || 806 af == p->c_af) 807 break; 808 } 809 } 810 /* 811 * If we found the keyword, but the address family 812 * did not match spit out an error 813 */ 814 if (found_cmd && p->c_name == 0) { 815 (void) fprintf(stderr, "ifconfig: Operation %s not" 816 " supported for %s\n", *argv, afp->af_name); 817 exit(1); 818 } 819 /* 820 * else (no keyword found), we assume it's an address 821 * of some sort 822 */ 823 if (p->c_name == 0 && setaddr) 824 p++; /* got src, do dst */ 825 if (p->c_func) { 826 if (p->c_af == AF_INET6) { 827 v4compat = 0; 828 } 829 if (p->c_parameter == NEXTARG || 830 p->c_parameter == OPTARG) { 831 argc--, argv++; 832 if (argc == 0 && p->c_parameter == NEXTARG) { 833 (void) fprintf(stderr, 834 "ifconfig: no argument for %s\n", 835 p->c_name); 836 exit(1); 837 } 838 } 839 /* 840 * Call the function if: 841 * 842 * there's no address family 843 * restriction 844 * OR 845 * we don't know the address yet 846 * (because we were called from 847 * main) 848 * OR 849 * there is a restriction AND 850 * the address families match 851 */ 852 if ((p->c_af == AF_ANY) || 853 (lifrp == (struct lifreq *)NULL) || 854 (lifrp->lifr_addr.ss_family == p->c_af)) { 855 ret = (*p->c_func)(*argv, p->c_parameter); 856 /* 857 * If c_func failed and we should 858 * abort processing for this 859 * interface on failure, return 860 * now rather than going on to 861 * process other commands for 862 * the same interface. 863 */ 864 if (ret != 0 && p->c_abortonfail) 865 return; 866 } 867 } 868 argc--, argv++; 869 } 870 871 /* Check to see if there's a security hole in the tunnel setup. */ 872 tun_reality_check(); 873 } 874 875 /* ARGSUSED */ 876 static int 877 setdebugflag(char *val, int64_t arg) 878 { 879 debug++; 880 return (0); 881 } 882 883 /* ARGSUSED */ 884 static int 885 setverboseflag(char *val, int64_t arg) 886 { 887 verbose++; 888 return (0); 889 } 890 891 /* 892 * This function fills in the given lifreq's lifr_addr field based on 893 * g_netmask_set. 894 */ 895 static void 896 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr, 897 struct sockaddr_storage *mask) 898 { 899 assert(addr != NULL); 900 assert(mask != NULL); 901 902 switch (g_netmask_set) { 903 case G_NETMASK_SET: 904 lifr->lifr_addr = g_netmask; 905 break; 906 907 case G_NETMASK_PENDING: 908 /* 909 * "+" is used as the argument to "netmask" command. Query 910 * the database on the correct netmask based on the address to 911 * be set. 912 */ 913 assert(afp->af_af == AF_INET); 914 g_netmask = *addr; 915 if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) { 916 lifr->lifr_addr = *mask; 917 g_netmask_set = G_NETMASK_NIL; 918 } else { 919 lifr->lifr_addr = g_netmask; 920 g_netmask_set = G_NETMASK_SET; 921 } 922 break; 923 924 case G_NETMASK_NIL: 925 default: 926 lifr->lifr_addr = *mask; 927 break; 928 } 929 } 930 931 /* 932 * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n> 933 * syntax for setting the address, the address plus netmask, and just 934 * the netmask respectively. 935 */ 936 /* ARGSUSED */ 937 static int 938 setifaddr(char *addr, int64_t param) 939 { 940 int prefixlen = 0; 941 struct sockaddr_storage laddr; 942 struct sockaddr_storage netmask; 943 struct sockaddr_in6 *sin6; 944 struct sockaddr_in *sin; 945 struct sockaddr_storage sav_netmask; 946 947 if (addr[0] == '/') 948 return (setifprefixlen(addr, 0)); 949 950 (*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen); 951 952 (void) memset(&netmask, 0, sizeof (netmask)); 953 netmask.ss_family = afp->af_af; 954 switch (prefixlen) { 955 case NO_PREFIX: 956 /* Nothing there - ok */ 957 break; 958 case BAD_ADDR: 959 (void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n", 960 addr); 961 exit(1); 962 default: 963 if (afp->af_af == AF_INET6) { 964 sin6 = (struct sockaddr_in6 *)&netmask; 965 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 966 (uchar_t *)&sin6->sin6_addr)) { 967 (void) fprintf(stderr, "ifconfig: " 968 "Bad prefix length: %d\n", 969 prefixlen); 970 exit(1); 971 } 972 } else { 973 sin = (struct sockaddr_in *)&netmask; 974 if (!in_prefixlentomask(prefixlen, IP_ABITS, 975 (uchar_t *)&sin->sin_addr)) { 976 (void) fprintf(stderr, "ifconfig: " 977 "Bad prefix length: %d\n", 978 prefixlen); 979 exit(1); 980 } 981 } 982 /* 983 * Just in case of funny setting of both prefix and netmask, 984 * prefix should override the netmask command. 985 */ 986 g_netmask_set = G_NETMASK_NIL; 987 break; 988 } 989 /* Tell parser that an address was set */ 990 setaddr++; 991 /* save copy of netmask to restore in case of error */ 992 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 993 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) 994 Perror0_exit("SIOCGLIFNETMASK"); 995 sav_netmask = lifr.lifr_addr; 996 997 /* 998 * If setting the address and not the mask, clear any existing mask 999 * and the kernel will then assign the default (netmask has been set 1000 * to 0 in this case). If setting both (either by using a prefix or 1001 * using the netmask command), set the mask first, so the address will 1002 * be interpreted correctly. 1003 */ 1004 set_mask_lifreq(&lifr, &laddr, &netmask); 1005 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1006 Perror0_exit("SIOCSLIFNETMASK"); 1007 1008 if (debug) { 1009 char abuf[INET6_ADDRSTRLEN]; 1010 void *addr = (afp->af_af == AF_INET) ? 1011 (void *)&((struct sockaddr_in *)&laddr)->sin_addr : 1012 (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr; 1013 1014 (void) printf("Setting %s af %d addr %s\n", 1015 lifr.lifr_name, afp->af_af, 1016 inet_ntop(afp->af_af, addr, abuf, sizeof (abuf))); 1017 } 1018 lifr.lifr_addr = laddr; 1019 lifr.lifr_addr.ss_family = afp->af_af; 1020 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) { 1021 /* 1022 * Restore the netmask 1023 */ 1024 int saverr = errno; 1025 1026 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1027 lifr.lifr_addr = sav_netmask; 1028 (void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr); 1029 errno = saverr; 1030 Perror0_exit("SIOCSLIFADDR"); 1031 } 1032 1033 return (0); 1034 } 1035 1036 /* 1037 * The following functions are stolen from the ipseckey(1m) program. 1038 * Perhaps they should be somewhere common, but for now, we just maintain 1039 * two versions. We do this because of the different semantics for which 1040 * algorithms we select ("requested" for ifconfig vs. "actual" for key). 1041 */ 1042 1043 static ulong_t 1044 parsenum(char *num) 1045 { 1046 ulong_t rc; 1047 char *end = NULL; 1048 1049 errno = 0; 1050 rc = strtoul(num, &end, 0); 1051 if (errno != 0 || end == num || *end != '\0') { 1052 rc = (ulong_t)-1; 1053 } 1054 1055 return (rc); 1056 } 1057 1058 /* 1059 * Parse and reverse parse possible algorithm values, include numbers. 1060 * Mostly stolen from ipseckey.c. See the comments above parsenum() for why 1061 * this isn't common to ipseckey.c. 1062 * 1063 * NOTE: Static buffer in this function for the return value. Since ifconfig 1064 * isn't multithreaded, this isn't a huge problem. 1065 */ 1066 1067 #define NBUF_SIZE 20 /* Enough to print a large integer. */ 1068 1069 static char * 1070 rparsealg(uint8_t alg_value, int proto_num) 1071 { 1072 struct ipsecalgent *alg; 1073 static char numprint[128]; /* Enough to hold an algorithm name. */ 1074 1075 /* 1076 * Special cases for "any" and "none" 1077 * The kernel needs to be able to distinguish between "any" 1078 * and "none" and the APIs are underdefined in this area for auth. 1079 */ 1080 if (proto_num == IPSEC_PROTO_AH) { 1081 if (alg_value == SADB_AALG_NONE) 1082 return ("none"); 1083 if (alg_value == SADB_AALG_ANY) 1084 return ("any"); 1085 } 1086 1087 alg = getipsecalgbynum(alg_value, proto_num, NULL); 1088 if (alg != NULL) { 1089 (void) strlcpy(numprint, alg->a_names[0], sizeof (numprint)); 1090 freeipsecalgent(alg); 1091 } else { 1092 (void) snprintf(numprint, sizeof (numprint), "%d", alg_value); 1093 } 1094 1095 return (numprint); 1096 } 1097 1098 static uint_t 1099 parsealg(char *algname, int proto_num) 1100 { 1101 struct ipsecalgent *alg; 1102 ulong_t invalue; 1103 1104 if (algname == NULL) { 1105 (void) fprintf(stderr, "ifconfig: Unexpected end of command " 1106 "line.\n"); 1107 exit(1); 1108 } 1109 1110 /* 1111 * Special-case "none" and "any". 1112 * Use strcasecmp because its length is bounded. 1113 */ 1114 if (strcasecmp("none", algname) == 0) { 1115 return ((proto_num == IPSEC_PROTO_ESP) ? 1116 NO_ESP_EALG : NO_ESP_AALG); 1117 } 1118 if ((strcasecmp("any", algname) == 0) && (proto_num == IPSEC_PROTO_AH)) 1119 return (SADB_AALG_ANY); 1120 1121 alg = getipsecalgbyname(algname, proto_num, NULL); 1122 if (alg != NULL) { 1123 invalue = alg->a_alg_num; 1124 freeipsecalgent(alg); 1125 return ((uint_t)invalue); 1126 } 1127 1128 /* 1129 * Since algorithms can be loaded during kernel run-time, check for 1130 * numeric algorithm values too. 1131 */ 1132 invalue = parsenum(algname); 1133 if ((invalue & (ulong_t)0xff) == invalue) 1134 return ((uint_t)invalue); 1135 1136 (void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n", 1137 (proto_num == IPSEC_PROTO_ESP) ? 1138 "Encryption" : "Authentication", algname); 1139 exit(1); 1140 /* NOTREACHED */ 1141 } 1142 1143 /* 1144 * Actual ifconfig functions to set tunnel security properties. 1145 */ 1146 1147 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG }; 1148 1149 boolean_t first_set_tun = _B_TRUE; 1150 boolean_t encr_alg_set = _B_FALSE; 1151 1152 /* 1153 * Need global for multiple calls to set_tun_algs 1154 * because we accumulate algorithm selections over 1155 * the lifetime of this ifconfig(1M) invocation. 1156 */ 1157 static struct iftun_req treq_tun; 1158 1159 static int 1160 set_tun_algs(int which_alg, int alg) 1161 { 1162 ipsec_req_t *ipsr; 1163 1164 (void) strncpy(treq_tun.ifta_lifr_name, name, 1165 sizeof (treq_tun.ifta_lifr_name)); 1166 if (strchr(name, ':') != NULL) { 1167 errno = EPERM; 1168 Perror0_exit("Tunnel params on logical interfaces"); 1169 } 1170 if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq_tun) < 0) { 1171 if (errno == EOPNOTSUPP || errno == EINVAL) 1172 Perror0_exit("Not a tunnel"); 1173 else Perror0_exit("SIOCGTUNPARAM"); 1174 } 1175 1176 ipsr = (ipsec_req_t *)&treq_tun.ifta_secinfo; 1177 1178 if (treq_tun.ifta_vers != IFTUN_VERSION) { 1179 (void) fprintf(stderr, 1180 "Kernel tunnel secinfo version mismatch.\n"); 1181 exit(1); 1182 } 1183 1184 /* 1185 * If I'm just starting off this ifconfig, I want a clean slate, 1186 * otherwise, I've captured the current tunnel security settings. 1187 * In the case of continuation, I merely add to the settings. 1188 */ 1189 if (first_set_tun) { 1190 first_set_tun = _B_FALSE; 1191 (void) memset(ipsr, 0, sizeof (*ipsr)); 1192 } 1193 1194 treq_tun.ifta_flags = IFTUN_SECURITY; 1195 1196 switch (which_alg) { 1197 case ESP_ENCR_ALG: 1198 if (alg == NO_ESP_EALG) { 1199 if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE) 1200 ipsr->ipsr_esp_req = 0; 1201 ipsr->ipsr_esp_alg = SADB_EALG_NONE; 1202 1203 /* Let the user specify NULL encryption implicitly. */ 1204 if (ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) { 1205 encr_alg_set = _B_TRUE; 1206 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1207 } 1208 } else { 1209 encr_alg_set = _B_TRUE; 1210 ipsr->ipsr_esp_req = 1211 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1212 ipsr->ipsr_esp_alg = alg; 1213 } 1214 break; 1215 case ESP_AUTH_ALG: 1216 if (alg == NO_ESP_AALG) { 1217 if ((ipsr->ipsr_esp_alg == SADB_EALG_NONE || 1218 ipsr->ipsr_esp_alg == SADB_EALG_NULL) && 1219 !encr_alg_set) 1220 ipsr->ipsr_esp_req = 0; 1221 ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE; 1222 } else { 1223 ipsr->ipsr_esp_req = 1224 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1225 ipsr->ipsr_esp_auth_alg = alg; 1226 1227 /* Let the user specify NULL encryption implicitly. */ 1228 if (ipsr->ipsr_esp_alg == SADB_EALG_NONE && 1229 !encr_alg_set) 1230 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1231 } 1232 break; 1233 case AH_AUTH_ALG: 1234 if (alg == NO_AH_AALG) { 1235 ipsr->ipsr_ah_req = 0; 1236 ipsr->ipsr_auth_alg = SADB_AALG_NONE; 1237 } else { 1238 ipsr->ipsr_ah_req = 1239 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1240 ipsr->ipsr_auth_alg = alg; 1241 } 1242 break; 1243 /* Will never hit DEFAULT */ 1244 } 1245 1246 if (ioctl(s, SIOCSTUNPARAM, (caddr_t)&treq_tun) < 0) { 1247 Perror2_exit("set tunnel security properties", 1248 treq_tun.ifta_lifr_name); 1249 } 1250 1251 return (0); 1252 } 1253 1254 /* ARGSUSED */ 1255 static int 1256 set_tun_esp_encr_alg(char *addr, int64_t param) 1257 { 1258 return (set_tun_algs(ESP_ENCR_ALG, 1259 parsealg(addr, IPSEC_PROTO_ESP))); 1260 } 1261 1262 /* ARGSUSED */ 1263 static int 1264 set_tun_esp_auth_alg(char *addr, int64_t param) 1265 { 1266 return (set_tun_algs(ESP_AUTH_ALG, 1267 parsealg(addr, IPSEC_PROTO_AH))); 1268 } 1269 1270 /* ARGSUSED */ 1271 static int 1272 set_tun_ah_alg(char *addr, int64_t param) 1273 { 1274 return (set_tun_algs(AH_AUTH_ALG, 1275 parsealg(addr, IPSEC_PROTO_AH))); 1276 } 1277 1278 /* ARGSUSED */ 1279 static int 1280 setifrevarp(char *arg, int64_t param) 1281 { 1282 struct sockaddr_in laddr; 1283 1284 if (afp->af_af == AF_INET6) { 1285 (void) fprintf(stderr, 1286 "ifconfig: revarp not possible on IPv6 interface %s\n", 1287 name); 1288 exit(1); 1289 } 1290 if (doifrevarp(name, &laddr)) { 1291 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1292 laddr.sin_family = AF_INET; 1293 (void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr)); 1294 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1295 Perror0_exit("SIOCSLIFADDR"); 1296 } 1297 return (0); 1298 } 1299 1300 /* ARGSUSED */ 1301 static int 1302 setifsubnet(char *addr, int64_t param) 1303 { 1304 int prefixlen = 0; 1305 struct sockaddr_storage subnet; 1306 1307 (*afp->af_getaddr)(addr, &subnet, &prefixlen); 1308 1309 switch (prefixlen) { 1310 case NO_PREFIX: 1311 (void) fprintf(stderr, 1312 "ifconfig: Missing prefix length in subnet %s\n", addr); 1313 exit(1); 1314 /* NOTREACHED */ 1315 case BAD_ADDR: 1316 (void) fprintf(stderr, 1317 "ifconfig: Bad prefix length in %s\n", addr); 1318 exit(1); 1319 default: 1320 break; 1321 } 1322 1323 lifr.lifr_addr = subnet; 1324 lifr.lifr_addrlen = prefixlen; 1325 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1326 if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0) 1327 Perror0_exit("SIOCSLIFSUBNET"); 1328 1329 return (0); 1330 } 1331 1332 /* ARGSUSED */ 1333 static int 1334 setifnetmask(char *addr, int64_t param) 1335 { 1336 struct sockaddr_in netmask; 1337 1338 assert(afp->af_af != AF_INET6); 1339 1340 if (strcmp(addr, "+") == 0) { 1341 if (!in_getmask(&netmask, _B_FALSE)) 1342 return (0); 1343 (void) printf("Setting netmask of %s to %s\n", name, 1344 inet_ntoa(netmask.sin_addr)); 1345 } else { 1346 in_getaddr(addr, (struct sockaddr *)&netmask, NULL); 1347 } 1348 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1349 (void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask)); 1350 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1351 Perror0_exit("SIOCSLIFNETMASK"); 1352 return (0); 1353 } 1354 1355 /* 1356 * Parse '/<n>' as a netmask. 1357 */ 1358 /* ARGSUSED */ 1359 static int 1360 setifprefixlen(char *addr, int64_t param) 1361 { 1362 int prefixlen; 1363 int af = afp->af_af; 1364 1365 prefixlen = in_getprefixlen(addr, _B_TRUE, 1366 (af == AF_INET) ? IP_ABITS : IPV6_ABITS); 1367 if (prefixlen < 0) { 1368 (void) fprintf(stderr, 1369 "ifconfig: Bad prefix length in %s\n", addr); 1370 exit(1); 1371 } 1372 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1373 lifr.lifr_addr.ss_family = af; 1374 if (af == AF_INET6) { 1375 struct sockaddr_in6 *sin6; 1376 1377 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 1378 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1379 (uchar_t *)&sin6->sin6_addr)) { 1380 (void) fprintf(stderr, "ifconfig: " 1381 "Bad prefix length: %d\n", 1382 prefixlen); 1383 exit(1); 1384 } 1385 } else if (af == AF_INET) { 1386 struct sockaddr_in *sin; 1387 1388 sin = (struct sockaddr_in *)&lifr.lifr_addr; 1389 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1390 (uchar_t *)&sin->sin_addr)) { 1391 (void) fprintf(stderr, "ifconfig: " 1392 "Bad prefix length: %d\n", 1393 prefixlen); 1394 exit(1); 1395 } 1396 } else { 1397 (void) fprintf(stderr, "ifconfig: setting prefix only supported" 1398 " for address family inet or inet6\n"); 1399 exit(1); 1400 } 1401 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1402 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1403 Perror0_exit("SIOCSLIFNETMASK"); 1404 return (0); 1405 } 1406 1407 /* ARGSUSED */ 1408 static int 1409 setifbroadaddr(char *addr, int64_t param) 1410 { 1411 struct sockaddr_in broadaddr; 1412 1413 assert(afp->af_af != AF_INET6); 1414 1415 if (strcmp(addr, "+") == 0) { 1416 /* 1417 * This doesn't set the broadcast address at all. Rather, it 1418 * gets, then sets the interface's address, relying on the fact 1419 * that resetting the address will reset the broadcast address. 1420 */ 1421 (void) strncpy(lifr.lifr_name, name, 1422 sizeof (lifr.lifr_name)); 1423 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 1424 if (errno != EADDRNOTAVAIL) 1425 Perror0_exit("SIOCGLIFADDR"); 1426 return (0); 1427 } 1428 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1429 Perror0_exit("SIOCGLIFADDR"); 1430 1431 return (0); 1432 } 1433 in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL); 1434 1435 (void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr)); 1436 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1437 if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0) 1438 Perror0_exit("SIOCSLIFBRDADDR"); 1439 return (0); 1440 } 1441 1442 /* 1443 * set interface destination address 1444 */ 1445 /* ARGSUSED */ 1446 static int 1447 setifdstaddr(char *addr, int64_t param) 1448 { 1449 (*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL); 1450 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1451 if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0) 1452 Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR"); 1453 return (0); 1454 } 1455 1456 /* ARGSUSED */ 1457 static int 1458 setifflags(char *val, int64_t value) 1459 { 1460 struct lifreq lifrl; /* local lifreq struct */ 1461 boolean_t bringup = _B_FALSE; 1462 1463 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1464 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) 1465 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1466 1467 if (value < 0) { 1468 value = -value; 1469 1470 if ((value & IFF_NOFAILOVER) && (lifr.lifr_flags & IFF_UP)) { 1471 /* 1472 * The kernel does not allow administratively up test 1473 * addresses to be converted to data addresses. Bring 1474 * the address down first, then bring it up after it's 1475 * been converted to a data address. 1476 */ 1477 lifr.lifr_flags &= ~IFF_UP; 1478 (void) ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr); 1479 bringup = _B_TRUE; 1480 } 1481 1482 lifr.lifr_flags &= ~value; 1483 if ((value & (IFF_UP | IFF_NOFAILOVER)) && 1484 (lifr.lifr_flags & IFF_DUPLICATE)) { 1485 /* 1486 * If the user is trying to mark an interface with a 1487 * duplicate address as "down," or convert a duplicate 1488 * test address to a data address, then fetch the 1489 * address and set it. This will cause IP to clear 1490 * the IFF_DUPLICATE flag and stop the automatic 1491 * recovery timer. 1492 */ 1493 value = lifr.lifr_flags; 1494 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) 1495 (void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr); 1496 lifr.lifr_flags = value; 1497 } 1498 } else { 1499 lifr.lifr_flags |= value; 1500 } 1501 1502 /* 1503 * If we're about to bring up an underlying physical IPv6 interface in 1504 * an IPMP group, ensure the IPv6 IPMP interface is also up. This is 1505 * for backward compatibility with legacy configurations in which 1506 * there are no explicit hostname files for IPMP interfaces. (For 1507 * IPv4, this is automatically handled by the kernel when migrating 1508 * the underlying interface's data address to the IPMP interface.) 1509 */ 1510 (void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ); 1511 1512 if (lifnum(lifr.lifr_name) == 0 && 1513 (lifr.lifr_flags & (IFF_UP|IFF_IPV6)) == (IFF_UP|IFF_IPV6) && 1514 ioctl(s, SIOCGLIFGROUPNAME, &lifrl) == 0 && 1515 lifrl.lifr_groupname[0] != '\0') { 1516 lifgroupinfo_t lifgr; 1517 1518 (void) strlcpy(lifgr.gi_grname, lifrl.lifr_groupname, 1519 LIFGRNAMSIZ); 1520 if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) 1521 Perror0_exit("setifflags: SIOCGLIFGROUPINFO"); 1522 1523 (void) strlcpy(lifrl.lifr_name, lifgr.gi_grifname, LIFNAMSIZ); 1524 if (ioctl(s, SIOCGLIFFLAGS, &lifrl) == -1) 1525 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1526 if (!(lifrl.lifr_flags & IFF_UP)) { 1527 lifrl.lifr_flags |= IFF_UP; 1528 if (ioctl(s, SIOCSLIFFLAGS, &lifrl) == -1) 1529 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1530 } 1531 } 1532 1533 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1534 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) 1535 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1536 1537 if (bringup) { 1538 lifr.lifr_flags |= IFF_UP; 1539 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) 1540 Perror0_exit("setifflags: SIOCSLIFFLAGS IFF_UP"); 1541 } 1542 1543 return (0); 1544 } 1545 1546 /* ARGSUSED */ 1547 static int 1548 setifmetric(char *val, int64_t param) 1549 { 1550 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1551 lifr.lifr_metric = atoi(val); 1552 if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0) 1553 Perror0_exit("setifmetric: SIOCSLIFMETRIC"); 1554 return (0); 1555 } 1556 1557 /* ARGSUSED */ 1558 static int 1559 setifmtu(char *val, int64_t param) 1560 { 1561 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1562 lifr.lifr_mtu = atoi(val); 1563 if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0) 1564 Perror0_exit("setifmtu: SIOCSLIFMTU"); 1565 return (0); 1566 } 1567 1568 /* ARGSUSED */ 1569 static int 1570 setifindex(char *val, int64_t param) 1571 { 1572 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1573 lifr.lifr_index = atoi(val); 1574 if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0) 1575 Perror0_exit("setifindex: SIOCSLIFINDEX"); 1576 return (0); 1577 } 1578 1579 /* ARGSUSED */ 1580 static void 1581 notifycb(dlpi_handle_t dh, dlpi_notifyinfo_t *dnip, void *arg) 1582 { 1583 } 1584 1585 /* ARGSUSED */ 1586 static int 1587 setifether(char *addr, int64_t param) 1588 { 1589 uchar_t *hwaddr; 1590 int hwaddrlen; 1591 int retval; 1592 ifaddrlistx_t *ifaddrp, *ifaddrs = NULL; 1593 dlpi_handle_t dh; 1594 dlpi_notifyid_t id; 1595 1596 if (addr == NULL) { 1597 ifstatus(name); 1598 print_ifether(name); 1599 return (0); 1600 } 1601 1602 /* 1603 * if the IP interface in the arguments is a logical 1604 * interface, exit with an error now. 1605 */ 1606 if (strchr(name, ':') != NULL) { 1607 (void) fprintf(stderr, "ifconfig: cannot change" 1608 " ethernet address of a logical interface\n"); 1609 exit(1); 1610 } 1611 1612 if ((hwaddr = _link_aton(addr, &hwaddrlen)) == NULL) { 1613 if (hwaddrlen == -1) 1614 (void) fprintf(stderr, 1615 "ifconfig: %s: bad address\n", hwaddr); 1616 else 1617 (void) fprintf(stderr, "ifconfig: malloc() failed\n"); 1618 exit(1); 1619 } 1620 1621 if ((retval = dlpi_open(name, &dh, 0)) != DLPI_SUCCESS) 1622 Perrdlpi_exit("cannot dlpi_open() link", name, retval); 1623 1624 retval = dlpi_enabnotify(dh, DL_NOTE_PHYS_ADDR, notifycb, NULL, &id); 1625 if (retval == DLPI_SUCCESS) { 1626 (void) dlpi_disabnotify(dh, id, NULL); 1627 } else { 1628 /* 1629 * This link does not support DL_NOTE_PHYS_ADDR: bring down 1630 * all of the addresses to flush the old hardware address 1631 * information out of IP. 1632 * 1633 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is 1634 * more than an optimization: in.mpathd will set IFF_OFFLINE 1635 * if it's notified and the new address is a duplicate of 1636 * another in the group -- but the flags manipulation in 1637 * ifaddr_{down,up}() cannot be atomic and thus might clobber 1638 * IFF_OFFLINE, confusing in.mpathd. 1639 */ 1640 if (ifaddrlistx(name, IFF_UP, 0, &ifaddrs) == -1) 1641 Perror2_exit(name, "cannot get address list"); 1642 1643 ifaddrp = ifaddrs; 1644 for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 1645 if (!ifaddr_down(ifaddrp)) { 1646 Perror2_exit(ifaddrp->ia_name, 1647 "cannot bring down"); 1648 } 1649 } 1650 } 1651 1652 /* 1653 * Change the hardware address. 1654 */ 1655 retval = dlpi_set_physaddr(dh, DL_CURR_PHYS_ADDR, hwaddr, hwaddrlen); 1656 if (retval != DLPI_SUCCESS) { 1657 (void) fprintf(stderr, 1658 "ifconfig: failed setting mac address on %s\n", name); 1659 } 1660 dlpi_close(dh); 1661 1662 /* 1663 * If any addresses were brought down before changing the hardware 1664 * address, bring them up again. 1665 */ 1666 for (ifaddrp = ifaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 1667 if (!ifaddr_up(ifaddrp)) 1668 Perror2_exit(ifaddrp->ia_name, "cannot bring up"); 1669 } 1670 ifaddrlistx_free(ifaddrs); 1671 1672 return (0); 1673 } 1674 1675 /* 1676 * Print an interface's Ethernet address, if it has one. 1677 */ 1678 static void 1679 print_ifether(char *ifname) 1680 { 1681 int protocol; 1682 icfg_if_t interface; 1683 icfg_handle_t handle; 1684 int fd; 1685 1686 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1687 1688 fd = socket(AF_INET, SOCK_DGRAM, 0); 1689 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1690 /* 1691 * It's possible the interface is only configured for 1692 * IPv6; check again with AF_INET6. 1693 */ 1694 (void) close(fd); 1695 fd = socket(AF_INET6, SOCK_DGRAM, 0); 1696 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1697 (void) close(fd); 1698 return; 1699 } 1700 } 1701 (void) close(fd); 1702 1703 /* VNI and IPMP interfaces don't have MAC addresses */ 1704 if (lifr.lifr_flags & (IFF_VIRTUAL|IFF_IPMP)) 1705 return; 1706 1707 /* 1708 * We must be careful to set if_protocol based on the current 1709 * properties of the interface. For instance, if "ip.tun0" is 1710 * configured only as an IPv6 tunnel, then if_protocol must be 1711 * set to AF_INET6 or icfg_get_tunnel_lower() will fail and 1712 * we will falsely conclude that it's not a tunnel. 1713 */ 1714 interface.if_protocol = AF_INET; 1715 if (lifr.lifr_flags & IFF_IPV6) 1716 interface.if_protocol = AF_INET6; 1717 1718 (void) strncpy(interface.if_name, ifname, sizeof (interface.if_name)); 1719 1720 if (icfg_open(&handle, &interface) == ICFG_SUCCESS) { 1721 if (icfg_get_tunnel_lower(handle, &protocol) == ICFG_SUCCESS) { 1722 /* Tunnel op succeeded -- it's a tunnel so skip */ 1723 icfg_close(handle); 1724 return; 1725 } 1726 icfg_close(handle); 1727 } 1728 1729 dlpi_print_address(ifname); 1730 } 1731 1732 /* 1733 * static int find_all_global_interfaces(struct lifconf *lifcp, char **buf, 1734 * int64_t lifc_flags) 1735 * 1736 * It finds all data links for the global zone. 1737 * 1738 * It takes in input a pointer to struct lifconf to receive interfaces 1739 * informations, a **char to hold allocated buffer, and a lifc_flags. 1740 * 1741 * Return values: 1742 * 0 = everything OK 1743 * -1 = problem 1744 */ 1745 static int 1746 find_all_global_interfaces(struct lifconf *lifcp, char **buf, 1747 int64_t lifc_flags) 1748 { 1749 unsigned bufsize; 1750 int n; 1751 ni_t *nip; 1752 struct lifreq *lifrp; 1753 dladm_handle_t dld_handle; 1754 dladm_status_t status; 1755 char errmsg[DLADM_STRSIZE]; 1756 1757 if ((status = dladm_open(&dld_handle)) != DLADM_STATUS_OK) { 1758 (void) fprintf(stderr, 1759 "ifconfig: find_all_global_interfaces failed: %s\n", 1760 dladm_status2str(status, errmsg)); 1761 return (-1); 1762 } 1763 1764 (void) dlpi_walk(ni_entry, dld_handle, 0); 1765 1766 dladm_close(dld_handle); 1767 1768 /* 1769 * Now, translate the linked list into 1770 * a struct lifreq buffer 1771 */ 1772 if (num_ni == 0) { 1773 lifcp->lifc_family = AF_UNSPEC; 1774 lifcp->lifc_flags = lifc_flags; 1775 lifcp->lifc_len = 0; 1776 lifcp->lifc_buf = NULL; 1777 return (0); 1778 } 1779 1780 bufsize = num_ni * sizeof (struct lifreq); 1781 if ((*buf = malloc(bufsize)) == NULL) 1782 Perror0_exit("find_all_interfaces: malloc failed"); 1783 1784 lifcp->lifc_family = AF_UNSPEC; 1785 lifcp->lifc_flags = lifc_flags; 1786 lifcp->lifc_len = bufsize; 1787 lifcp->lifc_buf = *buf; 1788 1789 for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) { 1790 nip = ni_list; 1791 (void) strncpy(lifrp->lifr_name, nip->ni_name, 1792 sizeof (lifr.lifr_name)); 1793 ni_list = nip->ni_next; 1794 free(nip); 1795 } 1796 return (0); 1797 } 1798 1799 /* 1800 * static int find_all_zone_interfaces(struct lifconf *lifcp, char **buf, 1801 * int64_t lifc_flags) 1802 * 1803 * It finds all interfaces for an exclusive-IP zone, that is all the interfaces 1804 * assigned to it. 1805 * 1806 * It takes in input a pointer to struct lifconf to receive interfaces 1807 * informations, a **char to hold allocated buffer, and a lifc_flags. 1808 * 1809 * Return values: 1810 * 0 = everything OK 1811 * -1 = problem 1812 */ 1813 static int 1814 find_all_zone_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags) 1815 { 1816 zoneid_t zoneid; 1817 unsigned bufsize; 1818 char *dlnames, *ptr; 1819 struct lifreq *lifrp; 1820 int num_ni_saved, i; 1821 1822 zoneid = getzoneid(); 1823 1824 num_ni = 0; 1825 if (zone_list_datalink(zoneid, &num_ni, NULL) != 0) 1826 Perror0_exit("find_all_interfaces: list interfaces failed"); 1827 again: 1828 /* this zone doesn't have any data-links */ 1829 if (num_ni == 0) { 1830 lifcp->lifc_family = AF_UNSPEC; 1831 lifcp->lifc_flags = lifc_flags; 1832 lifcp->lifc_len = 0; 1833 lifcp->lifc_buf = NULL; 1834 return (0); 1835 } 1836 1837 dlnames = malloc(num_ni * LIFNAMSIZ); 1838 if (dlnames == NULL) 1839 Perror0_exit("find_all_interfaces: out of memory"); 1840 num_ni_saved = num_ni; 1841 1842 if (zone_list_datalink(zoneid, &num_ni, dlnames) != 0) 1843 Perror0_exit("find_all_interfaces: list interfaces failed"); 1844 1845 if (num_ni_saved < num_ni) { 1846 /* list increased, try again */ 1847 free(dlnames); 1848 goto again; 1849 } 1850 1851 /* this zone doesn't have any data-links now */ 1852 if (num_ni == 0) { 1853 free(dlnames); 1854 lifcp->lifc_family = AF_UNSPEC; 1855 lifcp->lifc_flags = lifc_flags; 1856 lifcp->lifc_len = 0; 1857 lifcp->lifc_buf = NULL; 1858 return (0); 1859 } 1860 1861 bufsize = num_ni * sizeof (struct lifreq); 1862 if ((*buf = malloc(bufsize)) == NULL) { 1863 free(dlnames); 1864 Perror0_exit("find_all_interfaces: malloc failed"); 1865 } 1866 1867 lifrp = (struct lifreq *)*buf; 1868 ptr = dlnames; 1869 for (i = 0; i < num_ni; i++) { 1870 if (strlcpy(lifrp->lifr_name, ptr, LIFNAMSIZ) >= 1871 LIFNAMSIZ) 1872 Perror0_exit("find_all_interfaces: overflow"); 1873 ptr += LIFNAMSIZ; 1874 lifrp++; 1875 } 1876 1877 free(dlnames); 1878 lifcp->lifc_family = AF_UNSPEC; 1879 lifcp->lifc_flags = lifc_flags; 1880 lifcp->lifc_len = bufsize; 1881 lifcp->lifc_buf = *buf; 1882 return (0); 1883 } 1884 1885 /* 1886 * Create the next unused logical interface using the original name 1887 * and assign the address (and mask if '/<n>' is part of the address). 1888 * Use the new logical interface for subsequent subcommands by updating 1889 * the name variable. 1890 * 1891 * This allows syntax like: 1892 * ifconfig le0 addif 109.106.86.130 netmask + up \ 1893 * addif 109.106.86.131 netmask + up 1894 */ 1895 /* ARGSUSED */ 1896 static int 1897 addif(char *str, int64_t param) 1898 { 1899 int prefixlen = 0; 1900 struct sockaddr_storage laddr; 1901 struct sockaddr_storage mask; 1902 1903 (void) strncpy(name, origname, sizeof (name)); 1904 1905 if (strchr(name, ':') != NULL) { 1906 (void) fprintf(stderr, 1907 "ifconfig: addif: bad physical interface name %s\n", 1908 name); 1909 exit(1); 1910 } 1911 1912 /* 1913 * clear so parser will interpret next address as source followed 1914 * by possible dest 1915 */ 1916 setaddr = 0; 1917 (*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen); 1918 1919 switch (prefixlen) { 1920 case NO_PREFIX: 1921 /* Nothing there - ok */ 1922 break; 1923 case BAD_ADDR: 1924 (void) fprintf(stderr, 1925 "ifconfig: Bad prefix length in %s\n", str); 1926 exit(1); 1927 default: 1928 (void) memset(&mask, 0, sizeof (mask)); 1929 mask.ss_family = afp->af_af; 1930 if (afp->af_af == AF_INET6) { 1931 struct sockaddr_in6 *sin6; 1932 sin6 = (struct sockaddr_in6 *)&mask; 1933 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1934 (uchar_t *)&sin6->sin6_addr)) { 1935 (void) fprintf(stderr, "ifconfig: " 1936 "Bad prefix length: %d\n", 1937 prefixlen); 1938 exit(1); 1939 } 1940 } else { 1941 struct sockaddr_in *sin; 1942 1943 sin = (struct sockaddr_in *)&mask; 1944 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1945 (uchar_t *)&sin->sin_addr)) { 1946 (void) fprintf(stderr, "ifconfig: " 1947 "Bad prefix length: %d\n", 1948 prefixlen); 1949 exit(1); 1950 } 1951 } 1952 g_netmask_set = G_NETMASK_NIL; 1953 break; 1954 } 1955 1956 /* 1957 * This is a "hack" to get around the problem of SIOCLIFADDIF. The 1958 * problem is that this ioctl does not include the netmask when 1959 * adding a logical interface. This is the same problem described 1960 * in the ifconfig() comments. To get around this problem, we first 1961 * add the logical interface with a 0 address. After that, we set 1962 * the netmask if provided. Finally we set the interface address. 1963 */ 1964 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1965 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1966 1967 /* Note: no need to do DAD here since the interface isn't up yet. */ 1968 1969 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) 1970 Perror0_exit("addif: SIOCLIFADDIF"); 1971 1972 (void) printf("Created new logical interface %s\n", 1973 lifr.lifr_name); 1974 (void) strncpy(name, lifr.lifr_name, sizeof (name)); 1975 1976 /* 1977 * Check and see if any "netmask" command is used and perform the 1978 * necessary operation. 1979 */ 1980 set_mask_lifreq(&lifr, &laddr, &mask); 1981 /* 1982 * Only set the netmask if "netmask" command is used or a prefix is 1983 * provided. 1984 */ 1985 if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) { 1986 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1987 Perror0_exit("addif: SIOCSLIFNETMASK"); 1988 } 1989 1990 /* Finally, we set the interface address. */ 1991 lifr.lifr_addr = laddr; 1992 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1993 Perror0_exit("SIOCSLIFADDR"); 1994 1995 /* 1996 * let parser know we got a source. 1997 * Next address, if given, should be dest 1998 */ 1999 setaddr++; 2000 return (0); 2001 } 2002 2003 /* 2004 * Remove a logical interface based on its IP address. Unlike addif 2005 * there is no '/<n>' here. 2006 * Verifies that the interface is down before it is removed. 2007 */ 2008 /* ARGSUSED */ 2009 static int 2010 removeif(char *str, int64_t param) 2011 { 2012 struct sockaddr_storage laddr; 2013 2014 if (strchr(name, ':') != NULL) { 2015 (void) fprintf(stderr, 2016 "ifconfig: removeif: bad physical interface name %s\n", 2017 name); 2018 exit(1); 2019 } 2020 2021 (*afp->af_getaddr)(str, &laddr, NULL); 2022 lifr.lifr_addr = laddr; 2023 2024 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2025 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) { 2026 if (errno == EBUSY) { 2027 /* This can only happen if ipif_id = 0 */ 2028 (void) fprintf(stderr, 2029 "ifconfig: removeif: can't remove interface: %s\n", 2030 name); 2031 exit(1); 2032 } 2033 Perror0_exit("removeif: SIOCLIFREMOVEIF"); 2034 } 2035 return (0); 2036 } 2037 2038 /* 2039 * Set the address token for IPv6. 2040 */ 2041 /* ARGSUSED */ 2042 static int 2043 setiftoken(char *addr, int64_t param) 2044 { 2045 int prefixlen = 0; 2046 struct sockaddr_in6 token; 2047 2048 in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen); 2049 switch (prefixlen) { 2050 case NO_PREFIX: 2051 (void) fprintf(stderr, 2052 "ifconfig: Missing prefix length in subnet %s\n", addr); 2053 exit(1); 2054 /* NOTREACHED */ 2055 case BAD_ADDR: 2056 (void) fprintf(stderr, 2057 "ifconfig: Bad prefix length in %s\n", addr); 2058 exit(1); 2059 default: 2060 break; 2061 } 2062 (void) memcpy(&lifr.lifr_addr, &token, sizeof (token)); 2063 lifr.lifr_addrlen = prefixlen; 2064 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2065 if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0) { 2066 Perror0_exit("setiftoken: SIOCSLIFTOKEN"); 2067 } 2068 return (0); 2069 } 2070 2071 /* ARGSUSED */ 2072 static int 2073 setifgroupname(char *grname, int64_t param) 2074 { 2075 lifgroupinfo_t lifgr; 2076 struct lifreq lifrl; 2077 ifaddrlistx_t *ifaddrp, *nextifaddrp; 2078 ifaddrlistx_t *ifaddrs = NULL, *downaddrs = NULL; 2079 int af; 2080 2081 if (debug) { 2082 (void) printf("Setting groupname %s on interface %s\n", 2083 grname, name); 2084 } 2085 2086 (void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ); 2087 (void) strlcpy(lifrl.lifr_groupname, grname, LIFGRNAMSIZ); 2088 2089 while (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) { 2090 switch (errno) { 2091 case ENOENT: 2092 /* 2093 * The group doesn't yet exist; create it and repeat. 2094 */ 2095 af = afp->af_af; 2096 if (create_ipmp(grname, af, NULL, _B_TRUE) == -1) { 2097 if (errno == EEXIST) 2098 continue; 2099 2100 Perror2(grname, "cannot create IPMP group"); 2101 goto fail; 2102 } 2103 continue; 2104 2105 case EALREADY: 2106 /* 2107 * The interface is already in another group; must 2108 * remove existing membership first. 2109 */ 2110 lifrl.lifr_groupname[0] = '\0'; 2111 if (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) { 2112 Perror2(name, "cannot remove existing " 2113 "IPMP group membership"); 2114 goto fail; 2115 } 2116 (void) strlcpy(lifrl.lifr_groupname, grname, 2117 LIFGRNAMSIZ); 2118 continue; 2119 2120 case EAFNOSUPPORT: 2121 /* 2122 * The group exists, but it's not configured with the 2123 * address families the interface needs. Since only 2124 * two address families are currently supported, just 2125 * configure the "other" address family. Note that we 2126 * may race with group deletion or creation by another 2127 * process (ENOENT or EEXIST); in such cases we repeat 2128 * our original SIOCSLIFGROUPNAME. 2129 */ 2130 (void) strlcpy(lifgr.gi_grname, grname, LIFGRNAMSIZ); 2131 if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) { 2132 if (errno == ENOENT) 2133 continue; 2134 2135 Perror2(grname, "SIOCGLIFGROUPINFO"); 2136 goto fail; 2137 } 2138 2139 af = lifgr.gi_v4 ? AF_INET6 : AF_INET; 2140 if (create_ipmp(grname, af, lifgr.gi_grifname, 2141 _B_TRUE) == -1) { 2142 if (errno == EEXIST) 2143 continue; 2144 2145 Perror2(grname, "cannot configure IPMP group"); 2146 goto fail; 2147 } 2148 continue; 2149 2150 case EADDRINUSE: 2151 /* 2152 * Some addresses are in-use (or under control of DAD). 2153 * Bring them down and retry the group join operation. 2154 * We will bring them back up after the interface has 2155 * been placed in the group. 2156 */ 2157 if (ifaddrlistx(lifrl.lifr_name, IFF_UP|IFF_DUPLICATE, 2158 0, &ifaddrs) == -1) { 2159 Perror2(grname, "cannot get address list"); 2160 goto fail; 2161 } 2162 2163 ifaddrp = ifaddrs; 2164 for (; ifaddrp != NULL; ifaddrp = nextifaddrp) { 2165 if (!ifaddr_down(ifaddrp)) { 2166 ifaddrs = ifaddrp; 2167 goto fail; 2168 } 2169 nextifaddrp = ifaddrp->ia_next; 2170 ifaddrp->ia_next = downaddrs; 2171 downaddrs = ifaddrp; 2172 } 2173 ifaddrs = NULL; 2174 continue; 2175 2176 case EADDRNOTAVAIL: { 2177 /* 2178 * Some data addresses are under application control. 2179 * For some of these (e.g., ADDRCONF), the application 2180 * should remove the address, in which case we retry a 2181 * few times (since the application's action is not 2182 * atomic with respect to us) before bailing out and 2183 * informing the user. 2184 */ 2185 int ntries, nappaddr = 0; 2186 const if_appflags_t *iap = if_appflags_tbl; 2187 2188 for (; iap->ia_app != NULL; iap++) { 2189 ntries = 0; 2190 again: 2191 if (ifaddrlistx(lifrl.lifr_name, iap->ia_flag, 2192 IFF_NOFAILOVER, &ifaddrs) == -1) { 2193 (void) fprintf(stderr, "ifconfig: %s: " 2194 "cannot get data addresses managed " 2195 "by %s\n", lifrl.lifr_name, 2196 iap->ia_app); 2197 goto fail; 2198 } 2199 2200 if (ifaddrs == NULL) 2201 continue; 2202 2203 ifaddrlistx_free(ifaddrs); 2204 ifaddrs = NULL; 2205 2206 if (++ntries < iap->ia_tries) { 2207 (void) poll(NULL, 0, 100); 2208 goto again; 2209 } 2210 2211 (void) fprintf(stderr, "ifconfig: cannot join " 2212 "IPMP group: %s has data addresses managed " 2213 "by %s\n", lifrl.lifr_name, iap->ia_app); 2214 nappaddr++; 2215 } 2216 if (nappaddr > 0) 2217 goto fail; 2218 continue; 2219 } 2220 default: 2221 Perror2(name, "SIOCSLIFGROUPNAME"); 2222 goto fail; 2223 } 2224 } 2225 2226 /* 2227 * If there were addresses that we had to bring down, it's time to 2228 * bring them up again. As part of bringing them up, the kernel will 2229 * automatically move them to the new IPMP interface. 2230 */ 2231 for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 2232 if (!ifaddr_up(ifaddrp) && errno != ENXIO) { 2233 (void) fprintf(stderr, "ifconfig: cannot bring back up " 2234 "%s: %s\n", ifaddrp->ia_name, strerror(errno)); 2235 } 2236 } 2237 ifaddrlistx_free(downaddrs); 2238 return (0); 2239 fail: 2240 /* 2241 * Attempt to bring back up any interfaces that we downed. 2242 */ 2243 for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 2244 if (!ifaddr_up(ifaddrp) && errno != ENXIO) { 2245 (void) fprintf(stderr, "ifconfig: cannot bring back up " 2246 "%s: %s\n", ifaddrp->ia_name, strerror(errno)); 2247 } 2248 } 2249 ifaddrlistx_free(downaddrs); 2250 ifaddrlistx_free(ifaddrs); 2251 2252 /* 2253 * We'd return -1, but foreachinterface() doesn't propagate the error 2254 * into the exit status, so we're forced to explicitly exit(). 2255 */ 2256 exit(1); 2257 /* NOTREACHED */ 2258 } 2259 2260 static boolean_t 2261 modcheck(const char *ifname) 2262 { 2263 (void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2264 2265 if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) { 2266 Perror0("SIOCGLIFFLAGS"); 2267 return (_B_FALSE); 2268 } 2269 2270 if (lifr.lifr_flags & IFF_IPMP) { 2271 (void) fprintf(stderr, "ifconfig: %s: module operations not" 2272 " supported on IPMP interfaces\n", ifname); 2273 return (_B_FALSE); 2274 } 2275 if (lifr.lifr_flags & IFF_VIRTUAL) { 2276 (void) fprintf(stderr, "ifconfig: %s: module operations not" 2277 " supported on virtual IP interfaces\n", ifname); 2278 return (_B_FALSE); 2279 } 2280 return (_B_TRUE); 2281 } 2282 2283 /* 2284 * To list all the modules above a given network interface. 2285 */ 2286 /* ARGSUSED */ 2287 static int 2288 modlist(char *null, int64_t param) 2289 { 2290 int muxid_fd; 2291 int muxfd; 2292 int ipfd_lowstr; 2293 int arpfd_lowstr; 2294 int num_mods; 2295 int i; 2296 struct str_list strlist; 2297 int orig_arpid; 2298 2299 /* 2300 * We'd return -1, but foreachinterface() doesn't propagate the error 2301 * into the exit status, so we're forced to explicitly exit(). 2302 */ 2303 if (!modcheck(name)) 2304 exit(1); 2305 2306 if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr, 2307 &orig_arpid) < 0) { 2308 return (-1); 2309 } 2310 if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) { 2311 Perror0("cannot I_LIST to get the number of modules"); 2312 } else { 2313 if (debug > 0) { 2314 (void) printf("Listing (%d) modules above %s\n", 2315 num_mods, name); 2316 } 2317 2318 strlist.sl_nmods = num_mods; 2319 strlist.sl_modlist = malloc(sizeof (struct str_mlist) * 2320 num_mods); 2321 if (strlist.sl_modlist == NULL) { 2322 Perror0("cannot malloc"); 2323 } else { 2324 if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) { 2325 Perror0("cannot I_LIST for module names"); 2326 } else { 2327 for (i = 0; i < strlist.sl_nmods; i++) { 2328 (void) printf("%d %s\n", i, 2329 strlist.sl_modlist[i].l_name); 2330 } 2331 } 2332 free(strlist.sl_modlist); 2333 } 2334 } 2335 return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr, 2336 orig_arpid)); 2337 } 2338 2339 #define MODINSERT_OP 'i' 2340 #define MODREMOVE_OP 'r' 2341 2342 /* 2343 * To insert a module to the stream of the interface. It is just a 2344 * wrapper. The real function is modop(). 2345 */ 2346 /* ARGSUSED */ 2347 static int 2348 modinsert(char *arg, int64_t param) 2349 { 2350 return (modop(arg, MODINSERT_OP)); 2351 } 2352 2353 /* 2354 * To remove a module from the stream of the interface. It is just a 2355 * wrapper. The real function is modop(). 2356 */ 2357 /* ARGSUSED */ 2358 static int 2359 modremove(char *arg, int64_t param) 2360 { 2361 return (modop(arg, MODREMOVE_OP)); 2362 } 2363 2364 /* 2365 * Open a stream on /dev/udp{,6}, pop off all undesired modules (note that 2366 * the user may have configured autopush to add modules above 2367 * udp), and push the arp module onto the resulting stream. 2368 * This is used to make IP+ARP be able to atomically track the muxid 2369 * for the I_PLINKed STREAMS, thus it isn't related to ARP running the ARP 2370 * protocol. 2371 */ 2372 static int 2373 open_arp_on_udp(char *udp_dev_name) 2374 { 2375 int fd; 2376 2377 if ((fd = open(udp_dev_name, O_RDWR)) == -1) { 2378 Perror2("open", udp_dev_name); 2379 return (-1); 2380 } 2381 errno = 0; 2382 while (ioctl(fd, I_POP, 0) != -1) 2383 ; 2384 if (errno != EINVAL) { 2385 Perror2("pop", udp_dev_name); 2386 } else if (ioctl(fd, I_PUSH, ARP_MOD_NAME) == -1) { 2387 Perror2("arp PUSH", udp_dev_name); 2388 } else { 2389 return (fd); 2390 } 2391 (void) close(fd); 2392 return (-1); 2393 } 2394 2395 /* 2396 * Helper function for mod*() functions. It gets a fd to the lower IP 2397 * stream and I_PUNLINK's the lower stream. It also initializes the 2398 * global variable lifr. 2399 * 2400 * Param: 2401 * int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK 2402 * int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID 2403 * int *ipfd_lowstr: fd to the lower IP stream. 2404 * int *arpfd_lowstr: fd to the lower ARP stream. 2405 * 2406 * Return: 2407 * -1 if operation fails, 0 otherwise. 2408 * 2409 * Please see the big block comment above ifplumb() for the logic of the 2410 * PLINK/PUNLINK 2411 */ 2412 static int 2413 ip_domux2fd(int *muxfd, int *muxid_fd, int *ipfd_lowstr, int *arpfd_lowstr, 2414 int *orig_arpid) 2415 { 2416 uint64_t flags; 2417 char *udp_dev_name; 2418 2419 *orig_arpid = 0; 2420 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2421 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2422 Perror0_exit("status: SIOCGLIFFLAGS"); 2423 } 2424 flags = lifr.lifr_flags; 2425 if (flags & IFF_IPV4) { 2426 udp_dev_name = UDP_DEV_NAME; 2427 } else if (flags & IFF_IPV6) { 2428 udp_dev_name = UDP6_DEV_NAME; 2429 } else { 2430 return (-1); 2431 } 2432 2433 if ((*muxid_fd = open(udp_dev_name, O_RDWR)) < 0) { 2434 Perror2("open", udp_dev_name); 2435 return (-1); 2436 } 2437 if (ioctl(*muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 2438 Perror2("SIOCGLIFMUXID", udp_dev_name); 2439 return (-1); 2440 } 2441 if (debug > 0) { 2442 (void) printf("ARP_muxid %d IP_muxid %d\n", 2443 lifr.lifr_arp_muxid, lifr.lifr_ip_muxid); 2444 } 2445 2446 /* 2447 * Use /dev/udp{,6} as the mux to avoid linkcycles. 2448 */ 2449 if ((*muxfd = open_arp_on_udp(udp_dev_name)) == -1) 2450 return (-1); 2451 2452 if (lifr.lifr_arp_muxid != 0) { 2453 if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2454 lifr.lifr_arp_muxid)) < 0) { 2455 if ((errno == EINVAL) && 2456 (flags & (IFF_NOARP | IFF_IPV6))) { 2457 /* 2458 * Some plumbing utilities set the muxid to 2459 * -1 or some invalid value to signify that 2460 * there is no arp stream. Set the muxid to 0 2461 * before trying to unplumb the IP stream. 2462 * IP does not allow the IP stream to be 2463 * unplumbed if it sees a non-null arp muxid, 2464 * for consistency of IP-ARP streams. 2465 */ 2466 *orig_arpid = lifr.lifr_arp_muxid; 2467 lifr.lifr_arp_muxid = 0; 2468 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, 2469 (caddr_t)&lifr); 2470 *arpfd_lowstr = -1; 2471 } else { 2472 Perror0("_I_MUXID2FD"); 2473 return (-1); 2474 } 2475 } else if (ioctl(*muxfd, I_PUNLINK, 2476 lifr.lifr_arp_muxid) < 0) { 2477 Perror2("I_PUNLINK", udp_dev_name); 2478 return (-1); 2479 } 2480 } else { 2481 *arpfd_lowstr = -1; 2482 } 2483 2484 if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2485 lifr.lifr_ip_muxid)) < 0) { 2486 Perror0("_I_MUXID2FD"); 2487 /* Undo any changes we made */ 2488 if (*orig_arpid != 0) { 2489 lifr.lifr_arp_muxid = *orig_arpid; 2490 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2491 } 2492 return (-1); 2493 } 2494 if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) { 2495 Perror2("I_PUNLINK", udp_dev_name); 2496 /* Undo any changes we made */ 2497 if (*orig_arpid != 0) { 2498 lifr.lifr_arp_muxid = *orig_arpid; 2499 (void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2500 } 2501 return (-1); 2502 } 2503 return (0); 2504 } 2505 2506 /* 2507 * Helper function for mod*() functions. It I_PLINK's back the upper and 2508 * lower IP streams. Note that this function must be called after 2509 * ip_domux2fd(). In ip_domux2fd(), the global variable lifr is initialized 2510 * and ip_plink() needs information in lifr. So ip_domux2fd() and ip_plink() 2511 * must be called in pairs. 2512 * 2513 * Param: 2514 * int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK 2515 * int muxid_fd: fd to /dev/udp{,6} for LIFMUXID 2516 * int ipfd_lowstr: fd to the lower IP stream. 2517 * int arpfd_lowstr: fd to the lower ARP stream. 2518 * 2519 * Return: 2520 * -1 if operation fails, 0 otherwise. 2521 * 2522 * Please see the big block comment above ifplumb() for the logic of the 2523 * PLINK/PUNLINK 2524 */ 2525 static int 2526 ip_plink(int muxfd, int muxid_fd, int ipfd_lowstr, int arpfd_lowstr, 2527 int orig_arpid) 2528 { 2529 int ip_muxid; 2530 2531 ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr); 2532 if (ip_muxid < 0) { 2533 Perror2("I_PLINK", UDP_DEV_NAME); 2534 return (-1); 2535 } 2536 2537 /* 2538 * If there is an arp stream, plink it. If there is no 2539 * arp stream, then it is possible that the plumbing 2540 * utility could have stored any value in the arp_muxid. 2541 * If so, restore it from orig_arpid. 2542 */ 2543 if (arpfd_lowstr != -1) { 2544 if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) { 2545 Perror2("I_PLINK", UDP_DEV_NAME); 2546 return (-1); 2547 } 2548 } else if (orig_arpid != 0) { 2549 /* Undo the changes we did in ip_domux2fd */ 2550 lifr.lifr_arp_muxid = orig_arpid; 2551 lifr.lifr_ip_muxid = ip_muxid; 2552 (void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 2553 } 2554 2555 (void) close(muxfd); 2556 (void) close(muxid_fd); 2557 return (0); 2558 } 2559 2560 /* 2561 * The real function to perform module insertion/removal. 2562 * 2563 * Param: 2564 * char *arg: the argument string module_name@position 2565 * char op: operation, either MODINSERT_OP or MODREMOVE_OP. 2566 * 2567 * Return: 2568 * Before doing ip_domux2fd(), this function calls exit(1) in case of 2569 * error. After ip_domux2fd() is done, it returns -1 for error, 0 2570 * otherwise. 2571 */ 2572 static int 2573 modop(char *arg, char op) 2574 { 2575 char *pos_p; 2576 int muxfd; 2577 int muxid_fd; 2578 int ipfd_lowstr; /* IP stream (lower stream of mux) to be plinked */ 2579 int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */ 2580 struct strmodconf mod; 2581 char *at_char = "@"; 2582 char *arg_str; 2583 int orig_arpid; 2584 2585 /* 2586 * We'd return -1, but foreachinterface() doesn't propagate the error 2587 * into the exit status, so we're forced to explicitly exit(). 2588 */ 2589 if (!modcheck(name)) 2590 exit(1); 2591 2592 /* Need to save the original string for -a option. */ 2593 if ((arg_str = malloc(strlen(arg) + 1)) == NULL) { 2594 Perror0("cannot malloc"); 2595 return (-1); 2596 } 2597 (void) strcpy(arg_str, arg); 2598 2599 if (*arg_str == *at_char) { 2600 (void) fprintf(stderr, 2601 "ifconfig: must supply a module name\n"); 2602 exit(1); 2603 } 2604 mod.mod_name = strtok(arg_str, at_char); 2605 if (strlen(mod.mod_name) > FMNAMESZ) { 2606 (void) fprintf(stderr, "ifconfig: module name too long: %s\n", 2607 mod.mod_name); 2608 exit(1); 2609 } 2610 2611 /* 2612 * Need to make sure that the core TCP/IP stack modules are not 2613 * removed. Otherwise, "bad" things can happen. If a module 2614 * is removed and inserted back, it loses its old state. But 2615 * the modules above it still have the old state. E.g. IP assumes 2616 * fast data path while tunnel after re-inserted assumes that it can 2617 * receive M_DATA only in fast data path for which it does not have 2618 * any state. This is a general caveat of _I_REMOVE/_I_INSERT. 2619 */ 2620 if (op == MODREMOVE_OP && 2621 (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 || 2622 strcmp(mod.mod_name, IP_MOD_NAME) == 0 || 2623 strcmp(mod.mod_name, TUN_NAME) == 0 || 2624 strcmp(mod.mod_name, ATUN_NAME) == 0 || 2625 strcmp(mod.mod_name, TUN6TO4_NAME) == 0)) { 2626 (void) fprintf(stderr, "ifconfig: cannot remove %s\n", 2627 mod.mod_name); 2628 exit(1); 2629 } 2630 2631 if ((pos_p = strtok(NULL, at_char)) == NULL) { 2632 (void) fprintf(stderr, "ifconfig: must supply a position\n"); 2633 exit(1); 2634 } 2635 mod.pos = atoi(pos_p); 2636 2637 if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr, 2638 &orig_arpid) < 0) { 2639 free(arg_str); 2640 return (-1); 2641 } 2642 switch (op) { 2643 case MODINSERT_OP: 2644 if (debug > 0) { 2645 (void) printf("Inserting module %s at %d\n", 2646 mod.mod_name, mod.pos); 2647 } 2648 if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) { 2649 Perror2("fail to insert module", mod.mod_name); 2650 } 2651 break; 2652 case MODREMOVE_OP: 2653 if (debug > 0) { 2654 (void) printf("Removing module %s at %d\n", 2655 mod.mod_name, mod.pos); 2656 } 2657 if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) { 2658 Perror2("fail to remove module", mod.mod_name); 2659 } 2660 break; 2661 default: 2662 /* Should never get to here. */ 2663 (void) fprintf(stderr, "Unknown operation\n"); 2664 break; 2665 } 2666 free(arg_str); 2667 return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr, 2668 orig_arpid)); 2669 } 2670 2671 /* 2672 * Set tunnel source address 2673 */ 2674 /* ARGSUSED */ 2675 static int 2676 setiftsrc(char *addr, int64_t param) 2677 { 2678 return (settaddr(addr, icfg_set_tunnel_src)); 2679 } 2680 2681 /* 2682 * Set tunnel destination address 2683 */ 2684 /* ARGSUSED */ 2685 static int 2686 setiftdst(char *addr, int64_t param) 2687 { 2688 return (settaddr(addr, icfg_set_tunnel_dest)); 2689 } 2690 2691 /* 2692 * sets tunnels src|dst address. settaddr() expects the following: 2693 * addr: Points to a printable string containing the address to be 2694 * set, e.g. 129.153.128.110. 2695 * fn: Pointer to a libinetcfg routine that will do the actual work. 2696 * The only valid functions are icfg_set_tunnel_src and 2697 * icfg_set_tunnel_dest. 2698 */ 2699 static int 2700 settaddr(char *addr, 2701 int (*fn)(icfg_handle_t, const struct sockaddr *, socklen_t)) 2702 { 2703 icfg_handle_t handle; 2704 icfg_if_t interface; 2705 struct sockaddr_storage laddr; 2706 int lower; 2707 int rc; 2708 2709 if (strchr(name, ':') != NULL) { 2710 errno = EPERM; 2711 Perror0_exit("Tunnel params on logical interfaces"); 2712 } 2713 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2714 interface.if_protocol = SOCKET_AF(af); 2715 2716 /* Open interface. */ 2717 if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS) 2718 Perror0_exit((char *)icfg_errmsg(rc)); 2719 2720 rc = icfg_get_tunnel_lower(handle, &lower); 2721 if (rc != ICFG_SUCCESS) 2722 Perror0_exit((char *)icfg_errmsg(rc)); 2723 2724 if (lower == AF_INET) { 2725 in_getaddr(addr, (struct sockaddr *)&laddr, NULL); 2726 } else { 2727 in6_getaddr(addr, (struct sockaddr *)&laddr, NULL); 2728 } 2729 2730 /* Call fn to do the real work, and close the interface. */ 2731 rc = (*fn)(handle, (struct sockaddr *)&laddr, 2732 sizeof (struct sockaddr_storage)); 2733 icfg_close(handle); 2734 2735 if (rc != ICFG_SUCCESS) 2736 Perror0_exit((char *)icfg_errmsg(rc)); 2737 2738 return (0); 2739 } 2740 2741 /* Set tunnel encapsulation limit. */ 2742 /* ARGSUSED */ 2743 static int 2744 set_tun_encap_limit(char *arg, int64_t param) 2745 { 2746 short limit; 2747 icfg_if_t interface; 2748 icfg_handle_t handle; 2749 int rc; 2750 2751 if (strchr(name, ':') != NULL) { 2752 errno = EPERM; 2753 Perror0_exit("Tunnel params on logical interfaces"); 2754 } 2755 2756 if ((sscanf(arg, "%hd", &limit) != 1) || (limit < 0) || 2757 (limit > 255)) { 2758 errno = EINVAL; 2759 Perror0_exit("Invalid encapsulation limit"); 2760 } 2761 2762 /* Open interface for configuration. */ 2763 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2764 interface.if_protocol = SOCKET_AF(af); 2765 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2766 Perror0_exit("couldn't open interface"); 2767 2768 rc = icfg_set_tunnel_encaplimit(handle, (int)limit); 2769 icfg_close(handle); 2770 2771 if (rc != ICFG_SUCCESS) 2772 Perror0_exit("Could not configure tunnel encapsulation limit"); 2773 2774 return (0); 2775 } 2776 2777 /* Disable encapsulation limit. */ 2778 /* ARGSUSED */ 2779 static int 2780 clr_tun_encap_limit(char *arg, int64_t param) 2781 { 2782 icfg_if_t interface; 2783 icfg_handle_t handle; 2784 int rc; 2785 2786 if (strchr(name, ':') != NULL) { 2787 errno = EPERM; 2788 Perror0_exit("Tunnel params on logical interfaces"); 2789 } 2790 2791 /* Open interface for configuration. */ 2792 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2793 interface.if_protocol = SOCKET_AF(af); 2794 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2795 Perror0_exit("couldn't open interface"); 2796 2797 rc = icfg_set_tunnel_encaplimit(handle, -1); 2798 icfg_close(handle); 2799 2800 if (rc != ICFG_SUCCESS) 2801 Perror0_exit((char *)icfg_errmsg(rc)); 2802 2803 return (0); 2804 } 2805 2806 /* Set tunnel hop limit. */ 2807 /* ARGSUSED */ 2808 static int 2809 set_tun_hop_limit(char *arg, int64_t param) 2810 { 2811 unsigned short limit; 2812 icfg_if_t interface; 2813 icfg_handle_t handle; 2814 int rc; 2815 2816 if (strchr(name, ':') != NULL) { 2817 errno = EPERM; 2818 Perror0_exit("Tunnel params on logical interfaces"); 2819 } 2820 2821 /* 2822 * Check limit here since it's really only an 8-bit unsigned quantity. 2823 */ 2824 if ((sscanf(arg, "%hu", &limit) != 1) || (limit > 255)) { 2825 errno = EINVAL; 2826 Perror0_exit("Invalid hop limit"); 2827 } 2828 2829 /* Open interface for configuration. */ 2830 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2831 interface.if_protocol = SOCKET_AF(af); 2832 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2833 Perror0_exit("couldn't open interface"); 2834 2835 rc = icfg_set_tunnel_hoplimit(handle, (uint8_t)limit); 2836 icfg_close(handle); 2837 2838 if (rc != ICFG_SUCCESS) 2839 Perror0_exit("Could not configure tunnel hop limit"); 2840 2841 return (0); 2842 } 2843 2844 /* Set zone ID */ 2845 static int 2846 setzone(char *arg, int64_t param) 2847 { 2848 zoneid_t zoneid = GLOBAL_ZONEID; 2849 2850 if (param == NEXTARG) { 2851 /* zone must be active */ 2852 if ((zoneid = getzoneidbyname(arg)) == -1) { 2853 (void) fprintf(stderr, 2854 "ifconfig: unknown zone '%s'\n", arg); 2855 exit(1); 2856 } 2857 } 2858 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2859 lifr.lifr_zoneid = zoneid; 2860 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2861 Perror0_exit("SIOCSLIFZONE"); 2862 return (0); 2863 } 2864 2865 /* Put interface into all zones */ 2866 /* ARGSUSED */ 2867 static int 2868 setallzones(char *arg, int64_t param) 2869 { 2870 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2871 lifr.lifr_zoneid = ALL_ZONES; 2872 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2873 Perror0_exit("SIOCSLIFZONE"); 2874 return (0); 2875 } 2876 2877 /* Set source address to use */ 2878 /* ARGSUSED */ 2879 static int 2880 setifsrc(char *arg, int64_t param) 2881 { 2882 uint_t ifindex = 0; 2883 int rval; 2884 2885 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2886 2887 /* 2888 * Argument can be either an interface name or "none". The latter means 2889 * that any previous selection is cleared. 2890 */ 2891 2892 rval = strcmp(arg, name); 2893 if (rval == 0) { 2894 (void) fprintf(stderr, 2895 "ifconfig: Cannot specify same interface for usesrc" 2896 " group\n"); 2897 exit(1); 2898 } 2899 2900 rval = strcmp(arg, NONE_STR); 2901 if (rval != 0) { 2902 if ((ifindex = if_nametoindex(arg)) == 0) { 2903 (void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ); 2904 Perror0_exit("Could not get interface index"); 2905 } 2906 lifr.lifr_index = ifindex; 2907 } else { 2908 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0) 2909 Perror0_exit("Not a valid usesrc consumer"); 2910 lifr.lifr_index = 0; 2911 } 2912 2913 if (debug) 2914 (void) printf("setifsrc: lifr_name %s, lifr_index %d\n", 2915 lifr.lifr_name, lifr.lifr_index); 2916 2917 if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) { 2918 if (rval == 0) 2919 Perror0_exit("Cannot reset usesrc group"); 2920 else 2921 Perror0_exit("Could not set source interface"); 2922 } 2923 2924 return (0); 2925 } 2926 2927 /* 2928 * Print the interface status line associated with `ifname' 2929 */ 2930 static void 2931 ifstatus(const char *ifname) 2932 { 2933 uint64_t flags; 2934 char if_usesrc_name[LIFNAMSIZ]; 2935 char *newbuf; 2936 int n, numifs, rval = 0; 2937 struct lifreq *lifrp; 2938 struct lifsrcof lifs; 2939 2940 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2941 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2942 Perror0_exit("status: SIOCGLIFFLAGS"); 2943 } 2944 flags = lifr.lifr_flags; 2945 2946 /* 2947 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or 2948 * interfaces with IFF_IPV6 set. 2949 */ 2950 if (v4compat) { 2951 flags &= ~IFF_IPV4; 2952 if (flags & IFF_IPV6) 2953 return; 2954 } 2955 2956 (void) printf("%s: ", ifname); 2957 print_flags(flags); 2958 2959 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2960 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 2961 Perror0_exit("status: SIOCGLIFMETRIC"); 2962 } else { 2963 if (lifr.lifr_metric) 2964 (void) printf(" metric %d", lifr.lifr_metric); 2965 } 2966 if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 2967 (void) printf(" mtu %u", lifr.lifr_mtu); 2968 2969 /* don't print index or zone when in compatibility mode */ 2970 if (!v4compat) { 2971 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 2972 (void) printf(" index %d", lifr.lifr_index); 2973 /* 2974 * Stack instances use GLOBAL_ZONEID for IP data structures 2975 * even in the non-global zone. 2976 */ 2977 if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 && 2978 lifr.lifr_zoneid != getzoneid() && 2979 lifr.lifr_zoneid != GLOBAL_ZONEID) { 2980 char zone_name[ZONENAME_MAX]; 2981 2982 if (lifr.lifr_zoneid == ALL_ZONES) { 2983 (void) printf("\n\tall-zones"); 2984 } else if (getzonenamebyid(lifr.lifr_zoneid, zone_name, 2985 sizeof (zone_name)) < 0) { 2986 (void) printf("\n\tzone %d", lifr.lifr_zoneid); 2987 } else { 2988 (void) printf("\n\tzone %s", zone_name); 2989 } 2990 } 2991 } 2992 2993 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) { 2994 lifs.lifs_ifindex = lifr.lifr_index; 2995 2996 /* 2997 * Find the number of interfaces that use this interfaces' 2998 * address as a source address 2999 */ 3000 lifs.lifs_buf = NULL; 3001 lifs.lifs_maxlen = 0; 3002 for (;;) { 3003 /* The first pass will give the bufsize we need */ 3004 rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs); 3005 if (rval < 0) { 3006 if (lifs.lifs_buf != NULL) { 3007 free(lifs.lifs_buf); 3008 lifs.lifs_buf = NULL; 3009 } 3010 lifs.lifs_len = 0; 3011 break; 3012 } 3013 if (lifs.lifs_len <= lifs.lifs_maxlen) 3014 break; 3015 /* Use kernel's size + a small margin to avoid loops */ 3016 lifs.lifs_maxlen = lifs.lifs_len + 3017 5 * sizeof (struct lifreq); 3018 /* For the first pass, realloc acts like malloc */ 3019 newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen); 3020 if (newbuf == NULL) { 3021 if (lifs.lifs_buf != NULL) { 3022 free(lifs.lifs_buf); 3023 lifs.lifs_buf = NULL; 3024 } 3025 lifs.lifs_len = 0; 3026 break; 3027 } 3028 lifs.lifs_buf = newbuf; 3029 } 3030 3031 3032 numifs = lifs.lifs_len / sizeof (struct lifreq); 3033 if (numifs > 0) { 3034 lifrp = lifs.lifs_req; 3035 (void) printf("\n\tsrcof"); 3036 for (n = numifs; n > 0; n--, lifrp++) { 3037 (void) printf(" %s", lifrp->lifr_name); 3038 } 3039 } 3040 3041 if (lifs.lifs_buf != NULL) 3042 free(lifs.lifs_buf); 3043 } 3044 3045 /* Find the interface whose source address this interface uses */ 3046 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 3047 if (lifr.lifr_index != 0) { 3048 if (if_indextoname(lifr.lifr_index, 3049 if_usesrc_name) == NULL) { 3050 (void) printf("\n\tusesrc ifIndex %d", 3051 lifr.lifr_index); 3052 } else { 3053 (void) printf("\n\tusesrc %s", if_usesrc_name); 3054 } 3055 } 3056 } 3057 3058 (void) putchar('\n'); 3059 } 3060 3061 3062 /* 3063 * Print the status of the interface. If an address family was 3064 * specified, show it and it only; otherwise, show them all. 3065 */ 3066 static void 3067 status(void) 3068 { 3069 struct afswtch *p = afp; 3070 uint64_t flags; 3071 3072 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3073 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 3074 Perror0_exit("status: SIOCGLIFFLAGS"); 3075 } 3076 3077 flags = lifr.lifr_flags; 3078 3079 /* 3080 * Only print the interface status if the address family matches 3081 * the interface family flag. 3082 */ 3083 if (p != NULL) { 3084 if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) || 3085 ((p->af_af == AF_INET) && (flags & IFF_IPV6))) 3086 return; 3087 } 3088 3089 /* 3090 * In V4 compatibility mode, don't print IFF_IPV6 interfaces. 3091 */ 3092 if (v4compat && (flags & IFF_IPV6)) 3093 return; 3094 3095 ifstatus(name); 3096 3097 if (p != NULL) { 3098 (*p->af_status)(1, flags); 3099 } else { 3100 for (p = afs; p->af_name; p++) { 3101 (void) close(s); 3102 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 3103 /* set global af for use in p->af_status */ 3104 af = p->af_af; 3105 if (s == -1) { 3106 Perror0_exit("socket"); 3107 } 3108 (*p->af_status)(0, flags); 3109 } 3110 3111 /* 3112 * Historically, 'ether' has been an address family, 3113 * so print it here. 3114 */ 3115 print_ifether(name); 3116 } 3117 } 3118 3119 /* 3120 * Print the status of the interface in a format that can be used to 3121 * reconfigure the interface later. Code stolen from status() above. 3122 */ 3123 /* ARGSUSED */ 3124 static int 3125 configinfo(char *null, int64_t param) 3126 { 3127 char *cp; 3128 struct afswtch *p = afp; 3129 uint64_t flags; 3130 char lifname[LIFNAMSIZ]; 3131 char if_usesrc_name[LIFNAMSIZ]; 3132 3133 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3134 3135 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 3136 Perror0_exit("status: SIOCGLIFFLAGS"); 3137 } 3138 flags = lifr.lifr_flags; 3139 3140 if (debug) { 3141 (void) printf("configinfo: name %s flags 0x%llx af_af %d\n", 3142 name, flags, p != NULL ? p->af_af : -1); 3143 } 3144 3145 /* 3146 * Build the interface name to print (we can't directly use `name' 3147 * because one cannot "plumb" ":0" interfaces). 3148 */ 3149 (void) strlcpy(lifname, name, LIFNAMSIZ); 3150 if ((cp = strchr(lifname, ':')) != NULL && atoi(cp + 1) == 0) 3151 *cp = '\0'; 3152 3153 /* 3154 * if the interface is IPv4 3155 * if we have a IPv6 address family restriction return 3156 * so it won't print 3157 * if we are in IPv4 compatibility mode, clear out IFF_IPV4 3158 * so we don't print it. 3159 */ 3160 if (flags & IFF_IPV4) { 3161 if (p && p->af_af == AF_INET6) 3162 return (-1); 3163 if (v4compat) 3164 flags &= ~IFF_IPV4; 3165 3166 (void) printf("%s inet plumb", lifname); 3167 } else if (flags & IFF_IPV6) { 3168 /* 3169 * else if the interface is IPv6 3170 * if we have a IPv4 address family restriction return 3171 * or we are in IPv4 compatibiltiy mode, return. 3172 */ 3173 if (p && p->af_af == AF_INET) 3174 return (-1); 3175 if (v4compat) 3176 return (-1); 3177 3178 (void) printf("%s inet6 plumb", lifname); 3179 } 3180 3181 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3182 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 3183 Perror0_exit("configinfo: SIOCGLIFMETRIC"); 3184 } else { 3185 if (lifr.lifr_metric) 3186 (void) printf(" metric %d ", lifr.lifr_metric); 3187 } 3188 if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) && 3189 ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 3190 (void) printf(" mtu %d", lifr.lifr_metric); 3191 3192 /* Index only applies to the zeroth interface */ 3193 if (lifnum(name) == 0) { 3194 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 3195 (void) printf(" index %d", lifr.lifr_index); 3196 } 3197 3198 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 3199 if (lifr.lifr_index != 0) { 3200 if (if_indextoname(lifr.lifr_index, 3201 if_usesrc_name) != NULL) { 3202 (void) printf(" usesrc %s", if_usesrc_name); 3203 } 3204 } 3205 } 3206 3207 if (p != NULL) { 3208 (*p->af_configinfo)(1, flags); 3209 } else { 3210 for (p = afs; p->af_name; p++) { 3211 (void) close(s); 3212 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 3213 /* set global af for use in p->af_configinfo */ 3214 af = p->af_af; 3215 if (s == -1) { 3216 Perror0_exit("socket"); 3217 } 3218 (*p->af_configinfo)(0, flags); 3219 } 3220 } 3221 3222 (void) printf("\n"); 3223 return (0); 3224 } 3225 3226 static void 3227 print_tsec(struct iftun_req *tparams) 3228 { 3229 ipsec_req_t *ipsr; 3230 3231 (void) printf("\ttunnel security settings "); 3232 /* 3233 * Deal with versioning, for now just point 3234 * an ipsec_req_t at ifta_secinfo. If versions 3235 * change, something else will overlay ifta_secinfo. 3236 */ 3237 assert(tparams->ifta_vers == IFTUN_VERSION); 3238 3239 if (tparams->ifta_flags & IFTUN_COMPLEX_SECURITY) { 3240 (void) printf("--> use 'ipsecconf -ln -i %s'", 3241 tparams->ifta_lifr_name); 3242 } else { 3243 ipsr = (ipsec_req_t *)(&tparams->ifta_secinfo); 3244 if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) { 3245 (void) printf("ah (%s) ", 3246 rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH)); 3247 } 3248 if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) { 3249 (void) printf("esp (%s", 3250 rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP)); 3251 (void) printf("/%s)", 3252 rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH)); 3253 } 3254 } 3255 (void) printf("\n"); 3256 } 3257 3258 static void 3259 tun_status(void) 3260 { 3261 icfg_if_t interface; 3262 int rc; 3263 icfg_handle_t handle; 3264 int protocol; 3265 char srcbuf[INET6_ADDRSTRLEN]; 3266 char dstbuf[INET6_ADDRSTRLEN]; 3267 boolean_t tabbed; 3268 uint8_t hoplimit; 3269 int16_t encaplimit; 3270 struct sockaddr_storage taddr; 3271 socklen_t socklen = sizeof (taddr); 3272 3273 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 3274 interface.if_protocol = SOCKET_AF(af); 3275 if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS) 3276 Perror0_exit((char *)icfg_errmsg(rc)); 3277 3278 /* 3279 * only print tunnel info for lun 0. If ioctl fails, assume 3280 * we are not a tunnel 3281 */ 3282 if (strchr(name, ':') != NULL || 3283 icfg_get_tunnel_lower(handle, &protocol) != ICFG_SUCCESS) { 3284 icfg_close(handle); 3285 return; 3286 } 3287 3288 switch (protocol) { 3289 case AF_INET: 3290 (void) printf("\tinet"); 3291 break; 3292 case AF_INET6: 3293 (void) printf("\tinet6"); 3294 break; 3295 default: 3296 Perror0_exit("\ttunnel: Illegal lower stream\n\t"); 3297 break; 3298 } 3299 3300 rc = icfg_get_tunnel_src(handle, (struct sockaddr *)&taddr, &socklen); 3301 if (rc == ICFG_NOT_SET) { 3302 (void) strlcpy(srcbuf, (protocol == AF_INET) ? "0.0.0.0" : 3303 "::", sizeof (srcbuf)); 3304 } else if (rc != ICFG_SUCCESS) { 3305 Perror0_exit((char *)icfg_errmsg(rc)); 3306 } else { 3307 rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr, 3308 srcbuf, sizeof (srcbuf)); 3309 if (rc != ICFG_SUCCESS) { 3310 Perror0_exit((char *)icfg_errmsg(rc)); 3311 } 3312 } 3313 3314 (void) printf(" tunnel src %s ", srcbuf); 3315 3316 rc = icfg_get_tunnel_dest(handle, (struct sockaddr *)&taddr, &socklen); 3317 if (rc == ICFG_NOT_SET) { 3318 (void) printf("\n"); 3319 } else { 3320 rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr, 3321 dstbuf, sizeof (dstbuf)); 3322 if (rc != ICFG_SUCCESS) { 3323 Perror0_exit((char *)icfg_errmsg(rc)); 3324 } 3325 (void) printf("tunnel dst %s\n", dstbuf); 3326 } 3327 3328 if (handle->ifh_tunnel_params != NULL && 3329 (handle->ifh_tunnel_params->ifta_flags & IFTUN_SECURITY)) 3330 print_tsec(handle->ifh_tunnel_params); 3331 3332 /* 3333 * tabbed indicates tabbed and printed. Use it tell us whether 3334 * to tab and that we've printed something here, so we need a 3335 * newline 3336 */ 3337 tabbed = _B_FALSE; 3338 3339 if (icfg_get_tunnel_hoplimit(handle, &hoplimit) == ICFG_SUCCESS) { 3340 (void) printf("\ttunnel hop limit %d ", hoplimit); 3341 tabbed = _B_TRUE; 3342 } 3343 3344 if ((protocol == AF_INET6) && 3345 (icfg_get_tunnel_encaplimit(handle, &encaplimit) == 3346 ICFG_SUCCESS)) { 3347 if (!tabbed) { 3348 (void) printf("\t"); 3349 tabbed = _B_TRUE; 3350 } 3351 if (encaplimit >= 0) { 3352 (void) printf("tunnel encapsulation limit %d", 3353 encaplimit); 3354 } else { 3355 (void) printf("tunnel encapsulation limit disabled"); 3356 } 3357 } 3358 3359 if (tabbed) 3360 (void) printf("\n"); 3361 3362 icfg_close(handle); 3363 } 3364 3365 static void 3366 in_status(int force, uint64_t flags) 3367 { 3368 struct sockaddr_in *sin, *laddr; 3369 struct sockaddr_in netmask = { AF_INET }; 3370 3371 if (debug) 3372 (void) printf("in_status(%s) flags 0x%llx\n", name, flags); 3373 3374 /* only print status for IPv4 interfaces */ 3375 if (!(flags & IFF_IPV4)) 3376 return; 3377 3378 /* if the interface is a tunnel, print the tunnel status */ 3379 tun_status(); 3380 3381 if (!(flags & IFF_NOLOCAL)) { 3382 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3383 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3384 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3385 errno == ENXIO) { 3386 if (!force) 3387 return; 3388 (void) memset(&lifr.lifr_addr, 0, 3389 sizeof (lifr.lifr_addr)); 3390 } else 3391 Perror0_exit("in_status: SIOCGLIFADDR"); 3392 } 3393 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3394 (void) printf("\tinet %s ", inet_ntoa(sin->sin_addr)); 3395 laddr = sin; 3396 } else { 3397 (void) printf("\tinet "); 3398 } 3399 3400 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3401 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3402 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3403 errno == ENXIO) { 3404 if (!force) 3405 return; 3406 (void) memset(&lifr.lifr_addr, 0, 3407 sizeof (lifr.lifr_addr)); 3408 } else { 3409 Perror0_exit("in_status: SIOCGLIFSUBNET"); 3410 } 3411 } 3412 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3413 if ((flags & IFF_NOLOCAL) || 3414 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3415 (void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr), 3416 lifr.lifr_addrlen); 3417 } 3418 if (sin->sin_family != AF_INET) { 3419 (void) printf("Wrong family: %d\n", sin->sin_family); 3420 } 3421 3422 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3423 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3424 if (errno != EADDRNOTAVAIL) 3425 Perror0_exit("in_status: SIOCGLIFNETMASK"); 3426 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3427 } else 3428 netmask.sin_addr = 3429 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3430 if (flags & IFF_POINTOPOINT) { 3431 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3432 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3433 if (errno == EADDRNOTAVAIL) 3434 (void) memset(&lifr.lifr_addr, 0, 3435 sizeof (lifr.lifr_addr)); 3436 else 3437 Perror0_exit("in_status: SIOCGLIFDSTADDR"); 3438 } 3439 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3440 (void) printf("--> %s ", inet_ntoa(sin->sin_addr)); 3441 } 3442 (void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr)); 3443 if (flags & IFF_BROADCAST) { 3444 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3445 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3446 if (errno == EADDRNOTAVAIL) 3447 (void) memset(&lifr.lifr_addr, 0, 3448 sizeof (lifr.lifr_addr)); 3449 else 3450 Perror0_exit("in_status: SIOCGLIFBRDADDR"); 3451 } 3452 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3453 if (sin->sin_addr.s_addr != 0) { 3454 (void) printf("broadcast %s", 3455 inet_ntoa(sin->sin_addr)); 3456 } 3457 } 3458 /* If there is a groupname, print it for only the physical interface */ 3459 if (strchr(name, ':') == NULL) { 3460 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3461 lifr.lifr_groupname[0] != '\0') { 3462 (void) printf("\n\tgroupname %s", lifr.lifr_groupname); 3463 } 3464 } 3465 (void) putchar('\n'); 3466 } 3467 3468 static void 3469 in6_status(int force, uint64_t flags) 3470 { 3471 char abuf[INET6_ADDRSTRLEN]; 3472 struct sockaddr_in6 *sin6, *laddr6; 3473 3474 if (debug) 3475 (void) printf("in6_status(%s) flags 0x%llx\n", name, flags); 3476 3477 if (!(flags & IFF_IPV6)) 3478 return; 3479 3480 /* if the interface is a tunnel, print the tunnel status */ 3481 tun_status(); 3482 3483 if (!(flags & IFF_NOLOCAL)) { 3484 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3485 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3486 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3487 errno == ENXIO) { 3488 if (!force) 3489 return; 3490 (void) memset(&lifr.lifr_addr, 0, 3491 sizeof (lifr.lifr_addr)); 3492 } else 3493 Perror0_exit("in_status6: SIOCGLIFADDR"); 3494 } 3495 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3496 (void) printf("\tinet6 %s/%d ", 3497 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3498 abuf, sizeof (abuf)), 3499 lifr.lifr_addrlen); 3500 laddr6 = sin6; 3501 } else { 3502 (void) printf("\tinet6 "); 3503 } 3504 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3505 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3506 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3507 errno == ENXIO) { 3508 if (!force) 3509 return; 3510 (void) memset(&lifr.lifr_addr, 0, 3511 sizeof (lifr.lifr_addr)); 3512 } else 3513 Perror0_exit("in_status6: SIOCGLIFSUBNET"); 3514 } 3515 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3516 if ((flags & IFF_NOLOCAL) || 3517 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3518 (void) printf("subnet %s/%d ", 3519 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3520 abuf, sizeof (abuf)), 3521 lifr.lifr_addrlen); 3522 } 3523 if (sin6->sin6_family != AF_INET6) { 3524 (void) printf("Wrong family: %d\n", sin6->sin6_family); 3525 } 3526 if (flags & IFF_POINTOPOINT) { 3527 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3528 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3529 if (errno == EADDRNOTAVAIL) 3530 (void) memset(&lifr.lifr_addr, 0, 3531 sizeof (lifr.lifr_addr)); 3532 else 3533 Perror0_exit("in_status6: SIOCGLIFDSTADDR"); 3534 } 3535 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3536 (void) printf("--> %s ", 3537 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3538 abuf, sizeof (abuf))); 3539 } 3540 if (verbose) { 3541 (void) putchar('\n'); 3542 (void) putchar('\t'); 3543 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3544 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3545 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3546 (void) memset(&lifr.lifr_addr, 0, 3547 sizeof (lifr.lifr_addr)); 3548 else 3549 Perror0_exit("in_status6: SIOCGLIFTOKEN"); 3550 } else { 3551 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3552 (void) printf("token %s/%d ", 3553 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3554 abuf, sizeof (abuf)), 3555 lifr.lifr_addrlen); 3556 } 3557 if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) { 3558 if (errno != EINVAL) { 3559 Perror0_exit("in_status6: SIOCGLIFLNKINFO"); 3560 } 3561 } else { 3562 (void) printf("maxhops %u, reachtime %u ms, " 3563 "reachretrans %u ms, maxmtu %u ", 3564 lifr.lifr_ifinfo.lir_maxhops, 3565 lifr.lifr_ifinfo.lir_reachtime, 3566 lifr.lifr_ifinfo.lir_reachretrans, 3567 lifr.lifr_ifinfo.lir_maxmtu); 3568 } 3569 } 3570 /* If there is a groupname, print it for only the physical interface */ 3571 if (strchr(name, ':') == NULL) { 3572 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3573 lifr.lifr_groupname[0] != '\0') { 3574 (void) printf("\n\tgroupname %s", lifr.lifr_groupname); 3575 } 3576 } 3577 (void) putchar('\n'); 3578 } 3579 3580 static void 3581 in_configinfo(int force, uint64_t flags) 3582 { 3583 struct sockaddr_in *sin, *laddr; 3584 struct sockaddr_in netmask = { AF_INET }; 3585 3586 if (debug) 3587 (void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags); 3588 3589 /* only configinfo info for IPv4 interfaces */ 3590 if (!(flags & IFF_IPV4)) 3591 return; 3592 3593 if (!(flags & IFF_NOLOCAL)) { 3594 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3595 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3596 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3597 errno == ENXIO) { 3598 if (!force) 3599 return; 3600 (void) memset(&lifr.lifr_addr, 0, 3601 sizeof (lifr.lifr_addr)); 3602 } else 3603 Perror0_exit("in_configinfo: SIOCGLIFADDR"); 3604 } 3605 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3606 (void) printf(" set %s ", inet_ntoa(sin->sin_addr)); 3607 laddr = sin; 3608 } 3609 3610 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3611 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3612 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3613 errno == ENXIO) { 3614 if (!force) 3615 return; 3616 (void) memset(&lifr.lifr_addr, 0, 3617 sizeof (lifr.lifr_addr)); 3618 } else { 3619 Perror0_exit("in_configinfo: SIOCGLIFSUBNET"); 3620 } 3621 } 3622 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3623 3624 if ((flags & IFF_NOLOCAL) || 3625 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3626 (void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr), 3627 lifr.lifr_addrlen); 3628 } 3629 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3630 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3631 if (errno != EADDRNOTAVAIL) 3632 Perror0_exit("in_configinfo: SIOCGLIFNETMASK"); 3633 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3634 } else 3635 netmask.sin_addr = 3636 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3637 if (flags & IFF_POINTOPOINT) { 3638 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3639 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3640 if (errno == EADDRNOTAVAIL) 3641 (void) memset(&lifr.lifr_addr, 0, 3642 sizeof (lifr.lifr_addr)); 3643 else 3644 Perror0_exit("in_configinfo: SIOCGLIFDSTADDR"); 3645 } 3646 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3647 (void) printf(" destination %s ", inet_ntoa(sin->sin_addr)); 3648 } 3649 (void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr)); 3650 if (flags & IFF_BROADCAST) { 3651 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3652 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3653 if (errno == EADDRNOTAVAIL) 3654 (void) memset(&lifr.lifr_addr, 0, 3655 sizeof (lifr.lifr_addr)); 3656 else 3657 Perror0_exit("in_configinfo: SIOCGLIFBRDADDR"); 3658 } 3659 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3660 if (sin->sin_addr.s_addr != 0) { 3661 (void) printf(" broadcast %s ", 3662 inet_ntoa(sin->sin_addr)); 3663 } 3664 } 3665 3666 /* If there is a groupname, print it for only the zeroth interface */ 3667 if (lifnum(name) == 0) { 3668 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3669 lifr.lifr_groupname[0] != '\0') { 3670 (void) printf(" group %s ", lifr.lifr_groupname); 3671 } 3672 } 3673 3674 /* Print flags to configure */ 3675 print_config_flags(AF_INET, flags); 3676 } 3677 3678 static void 3679 in6_configinfo(int force, uint64_t flags) 3680 { 3681 char abuf[INET6_ADDRSTRLEN]; 3682 struct sockaddr_in6 *sin6, *laddr6; 3683 3684 if (debug) 3685 (void) printf("in6_configinfo(%s) flags 0x%llx\n", name, 3686 flags); 3687 3688 if (!(flags & IFF_IPV6)) 3689 return; 3690 3691 if (!(flags & IFF_NOLOCAL)) { 3692 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3693 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3694 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3695 errno == ENXIO) { 3696 if (!force) 3697 return; 3698 (void) memset(&lifr.lifr_addr, 0, 3699 sizeof (lifr.lifr_addr)); 3700 } else 3701 Perror0_exit("in6_configinfo: SIOCGLIFADDR"); 3702 } 3703 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3704 (void) printf(" set %s/%d ", 3705 inet_ntop(AF_INET6, &sin6->sin6_addr, abuf, sizeof (abuf)), 3706 lifr.lifr_addrlen); 3707 laddr6 = sin6; 3708 } 3709 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3710 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3711 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3712 errno == ENXIO) { 3713 if (!force) 3714 return; 3715 (void) memset(&lifr.lifr_addr, 0, 3716 sizeof (lifr.lifr_addr)); 3717 } else 3718 Perror0_exit("in6_configinfo: SIOCGLIFSUBNET"); 3719 } 3720 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3721 if ((flags & IFF_NOLOCAL) || 3722 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3723 (void) printf(" subnet %s/%d ", 3724 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3725 abuf, sizeof (abuf)), 3726 lifr.lifr_addrlen); 3727 } 3728 3729 if (flags & IFF_POINTOPOINT) { 3730 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3731 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3732 if (errno == EADDRNOTAVAIL) 3733 (void) memset(&lifr.lifr_addr, 0, 3734 sizeof (lifr.lifr_addr)); 3735 else 3736 Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR"); 3737 } 3738 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3739 (void) printf(" destination %s ", 3740 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3741 abuf, sizeof (abuf))); 3742 } 3743 3744 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3745 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3746 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3747 (void) memset(&lifr.lifr_addr, 0, 3748 sizeof (lifr.lifr_addr)); 3749 else 3750 Perror0_exit("in6_configinfo: SIOCGLIFTOKEN"); 3751 } else { 3752 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3753 (void) printf(" token %s/%d ", 3754 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3755 abuf, sizeof (abuf)), 3756 lifr.lifr_addrlen); 3757 } 3758 3759 /* If there is a groupname, print it for only the zeroth interface */ 3760 if (lifnum(name) == 0) { 3761 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 && 3762 lifr.lifr_groupname[0] != '\0') { 3763 (void) printf(" group %s ", lifr.lifr_groupname); 3764 } 3765 } 3766 3767 /* Print flags to configure */ 3768 print_config_flags(AF_INET6, flags); 3769 } 3770 3771 /* 3772 * We need to plink both the arp-device stream and the arp-ip-device stream. 3773 * However the muxid is stored only in IP. Plumbing 2 streams individually 3774 * is not atomic, and if ifconfig is killed, the resulting plumbing can 3775 * be inconsistent. For eg. if only the arp stream is plumbed, we have lost 3776 * the muxid, and the half-baked plumbing can neither be unplumbed nor 3777 * replumbed, thus requiring a reboot. To avoid the above the following 3778 * scheme is used. 3779 * 3780 * Ifconfig asks IP to enforce atomicity of plumbing the arp and IP streams. 3781 * This is done by pushing arp on to the mux (/dev/udp). ARP adds some 3782 * extra information in the I_PLINK and I_PUNLINK ioctls to let IP know 3783 * that the plumbing/unplumbing has to be done atomically. Ifconfig plumbs 3784 * the IP stream first, and unplumbs it last. The kernel (IP) does not 3785 * allow IP stream to be unplumbed without unplumbing arp stream. Similarly 3786 * it does not allow arp stream to be plumbed before IP stream is plumbed. 3787 * There is no need to use SIOCSLIFMUXID, since the whole operation is atomic, 3788 * and IP uses the info in the I_PLINK message to get the muxid. 3789 * 3790 * a. STREAMS does not allow us to use /dev/ip itself as the mux. So we use 3791 * /dev/udp{,6}. 3792 * b. SIOCGLIFMUXID returns the muxid corresponding to the V4 or V6 stream 3793 * depending on the open i.e. V4 vs V6 open. So we need to use /dev/udp 3794 * or /dev/udp6 for SIOCGLIFMUXID and SIOCSLIFMUXID. 3795 * c. We need to push ARP in order to get the required kernel support for 3796 * atomic plumbings. The actual work done by ARP is explained in arp.c 3797 * Without pushing ARP, we will still be able to plumb/unplumb. But 3798 * it is not atomic, and is supported by the kernel for backward 3799 * compatibility for other utilities like atmifconfig etc. In this case 3800 * the utility must use SIOCSLIFMUXID. 3801 */ 3802 static int 3803 ifplumb(const char *linkname, const char *ifname, boolean_t genppa, int af) 3804 { 3805 int arp_muxid = -1, ip_muxid; 3806 int mux_fd, ip_fd, arp_fd; 3807 int retval; 3808 char *udp_dev_name; 3809 uint64_t flags; 3810 uint_t dlpi_flags; 3811 dlpi_handle_t dh_arp, dh_ip; 3812 3813 /* 3814 * Always dlpi_open() with DLPI_NOATTACH because the IP and ARP module 3815 * will do the attach themselves for DLPI style-2 links. 3816 */ 3817 dlpi_flags = DLPI_NOATTACH; 3818 3819 /* 3820 * If `linkname' is the special token IPMPSTUB, then this is a request 3821 * to create an IPMP interface atop /dev/ipmpstub0. (We can't simply 3822 * pass "ipmpstub0" as `linkname' since an admin *could* have a normal 3823 * vanity-named link named "ipmpstub0" that they'd like to plumb.) 3824 */ 3825 if (linkname == IPMPSTUB) { 3826 linkname = "ipmpstub0"; 3827 dlpi_flags |= DLPI_DEVONLY; 3828 } 3829 3830 retval = dlpi_open(linkname, &dh_ip, dlpi_flags); 3831 if (retval != DLPI_SUCCESS) 3832 Perrdlpi_exit("cannot open link", linkname, retval); 3833 3834 if (debug) { 3835 (void) printf("ifconfig: ifplumb: link %s, ifname %s, " 3836 "genppa %u\n", linkname, ifname, genppa); 3837 } 3838 3839 ip_fd = dlpi_fd(dh_ip); 3840 if (ioctl(ip_fd, I_PUSH, IP_MOD_NAME) == -1) 3841 Perror2_exit("I_PUSH", IP_MOD_NAME); 3842 3843 /* 3844 * Push the ARP module onto the interface stream. IP uses 3845 * this to send resolution requests up to ARP. We need to 3846 * do this before the SLIFNAME ioctl is sent down because 3847 * the interface becomes publicly known as soon as the SLIFNAME 3848 * ioctl completes. Thus some other process trying to bring up 3849 * the interface after SLIFNAME but before we have pushed ARP 3850 * could hang. We pop the module again later if it is not needed. 3851 */ 3852 if (ioctl(ip_fd, I_PUSH, ARP_MOD_NAME) == -1) 3853 Perror2_exit("I_PUSH", ARP_MOD_NAME); 3854 3855 /* 3856 * Prepare to set IFF_IPV4/IFF_IPV6 flags as part of SIOCSLIFNAME. 3857 * (At this point in time the kernel also allows an override of the 3858 * IFF_CANTCHANGE flags.) 3859 */ 3860 lifr.lifr_name[0] = '\0'; 3861 if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1) 3862 Perror0_exit("ifplumb: SIOCGLIFFLAGS"); 3863 3864 if (af == AF_INET6) { 3865 flags = lifr.lifr_flags | IFF_IPV6; 3866 flags &= ~(IFF_BROADCAST | IFF_IPV4); 3867 } else { 3868 flags = lifr.lifr_flags | IFF_IPV4; 3869 flags &= ~IFF_IPV6; 3870 } 3871 3872 /* 3873 * Set the interface name. If we've been asked to generate the PPA, 3874 * then find the lowest available PPA (only currently used for IPMP 3875 * interfaces). Otherwise, use the interface name as-is. 3876 */ 3877 if (genppa) { 3878 int ppa; 3879 3880 /* 3881 * We'd like to just set lifr_ppa to UINT_MAX and have the 3882 * kernel pick a PPA. Unfortunately, that would mishandle 3883 * two cases: 3884 * 3885 * 1. If the PPA is available but the groupname is taken 3886 * (e.g., the "ipmp2" IP interface name is available 3887 * but the "ipmp2" groupname is taken) then the 3888 * auto-assignment by the kernel will fail. 3889 * 3890 * 2. If we're creating (e.g.) an IPv6-only IPMP 3891 * interface, and there's already an IPv4-only IPMP 3892 * interface, the kernel will allow us to accidentally 3893 * reuse the IPv6 IPMP interface name (since 3894 * SIOCSLIFNAME uniqueness is per-interface-type). 3895 * This will cause administrative confusion. 3896 * 3897 * Thus, we instead take a brute-force approach of checking 3898 * whether the IPv4 or IPv6 name is already in-use before 3899 * attempting the SIOCSLIFNAME. As per (1) above, the 3900 * SIOCSLIFNAME may still fail, in which case we just proceed 3901 * to the next one. If this approach becomes too slow, we 3902 * can add a new SIOC* to handle this case in the kernel. 3903 */ 3904 for (ppa = 0; ppa < UINT_MAX; ppa++) { 3905 (void) snprintf(lifr.lifr_name, LIFNAMSIZ, "%s%d", 3906 ifname, ppa); 3907 3908 if (ioctl(s4, SIOCGLIFFLAGS, &lifr) != -1 || 3909 errno != ENXIO) 3910 continue; 3911 3912 if (ioctl(s6, SIOCGLIFFLAGS, &lifr) != -1 || 3913 errno != ENXIO) 3914 continue; 3915 3916 lifr.lifr_ppa = ppa; 3917 lifr.lifr_flags = flags; 3918 retval = ioctl(ip_fd, SIOCSLIFNAME, &lifr); 3919 if (retval != -1 || errno != EEXIST) 3920 break; 3921 } 3922 } else { 3923 ifspec_t ifsp; 3924 3925 /* 3926 * The interface name could have come from the command-line; 3927 * check it. 3928 */ 3929 if (!ifparse_ifspec(ifname, &ifsp) || ifsp.ifsp_lunvalid) 3930 Perror2_exit("invalid IP interface name", ifname); 3931 3932 /* 3933 * Before we call SIOCSLIFNAME, ensure that the IPMP group 3934 * interface for this address family exists. Otherwise, the 3935 * kernel will kick the interface out of the group when we do 3936 * the SIOCSLIFNAME. 3937 * 3938 * Example: suppose bge0 is plumbed for IPv4 and in group "a". 3939 * If we're now plumbing bge0 for IPv6, but the IPMP group 3940 * interface for "a" is not plumbed for IPv6, the SIOCSLIFNAME 3941 * will kick bge0 out of group "a", which is undesired. 3942 */ 3943 if (create_ipmp_peer(af, ifname) == -1) { 3944 (void) fprintf(stderr, "ifconfig: warning: cannot " 3945 "create %s IPMP group; %s will be removed from " 3946 "group\n", af == AF_INET ? "IPv4" : "IPv6", ifname); 3947 } 3948 3949 lifr.lifr_ppa = ifsp.ifsp_ppa; 3950 lifr.lifr_flags = flags; 3951 (void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ); 3952 retval = ioctl(ip_fd, SIOCSLIFNAME, &lifr); 3953 } 3954 3955 if (retval == -1) { 3956 if (errno != EEXIST) 3957 Perror0_exit("SIOCSLIFNAME for ip"); 3958 /* 3959 * This difference between the way we behave for EEXIST 3960 * and that with other errors exists to preserve legacy 3961 * behaviour. Earlier when foreachinterface() and matchif() 3962 * were doing the duplicate interface name checks, for 3963 * already existing interfaces, inetplumb() returned "0". 3964 * To preserve this behaviour, Perror0() and return are 3965 * called for EEXIST. 3966 */ 3967 Perror0("SIOCSLIFNAME for ip"); 3968 return (-1); 3969 } 3970 3971 /* Get the full set of existing flags for this stream */ 3972 if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1) 3973 Perror0_exit("ifplumb: SIOCGLIFFLAGS"); 3974 3975 if (debug) { 3976 (void) printf("ifconfig: ifplumb: %s got flags:\n", 3977 lifr.lifr_name); 3978 print_flags(lifr.lifr_flags); 3979 (void) putchar('\n'); 3980 } 3981 3982 /* Check if arp is not actually needed */ 3983 if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) { 3984 if (ioctl(ip_fd, I_POP, 0) == -1) 3985 Perror2_exit("I_POP", ARP_MOD_NAME); 3986 } 3987 3988 /* 3989 * Open "/dev/udp" for use as a multiplexor to PLINK the 3990 * interface stream under. We use "/dev/udp" instead of "/dev/ip" 3991 * since STREAMS will not let you PLINK a driver under itself, 3992 * and "/dev/ip" is typically the driver at the bottom of 3993 * the stream for tunneling interfaces. 3994 */ 3995 if (af == AF_INET6) 3996 udp_dev_name = UDP6_DEV_NAME; 3997 else 3998 udp_dev_name = UDP_DEV_NAME; 3999 if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1) 4000 exit(EXIT_FAILURE); 4001 4002 /* Check if arp is not needed */ 4003 if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) { 4004 /* 4005 * PLINK the interface stream so that ifconfig can exit 4006 * without tearing down the stream. 4007 */ 4008 if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) 4009 Perror0_exit("I_PLINK for ip"); 4010 (void) close(mux_fd); 4011 return (lifr.lifr_ppa); 4012 } 4013 4014 /* 4015 * This interface does use ARP, so set up a separate stream 4016 * from the interface to ARP. 4017 * 4018 * Note: modules specified by the user are pushed 4019 * only on the interface stream, not on the ARP stream. 4020 */ 4021 if (debug) 4022 (void) printf("ifconfig: ifplumb: interface %s", ifname); 4023 4024 retval = dlpi_open(linkname, &dh_arp, dlpi_flags); 4025 if (retval != DLPI_SUCCESS) 4026 Perrdlpi_exit("cannot open link", linkname, retval); 4027 4028 arp_fd = dlpi_fd(dh_arp); 4029 if (ioctl(arp_fd, I_PUSH, ARP_MOD_NAME) == -1) 4030 Perror2_exit("I_PUSH", ARP_MOD_NAME); 4031 4032 /* 4033 * Tell ARP the name and unit number for this interface. 4034 * Note that arp has no support for transparent ioctls. 4035 */ 4036 if (strioctl(arp_fd, SIOCSLIFNAME, &lifr, sizeof (lifr)) == -1) { 4037 if (errno != EEXIST) 4038 Perror0_exit("SIOCSLIFNAME for arp"); 4039 Perror0("SIOCSLIFNAME for arp"); 4040 goto out; 4041 } 4042 4043 /* 4044 * PLINK the IP and ARP streams so that ifconfig can exit 4045 * without tearing down the stream. 4046 */ 4047 if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) 4048 Perror0_exit("I_PLINK for ip"); 4049 if ((arp_muxid = ioctl(mux_fd, I_PLINK, arp_fd)) == -1) { 4050 (void) ioctl(mux_fd, I_PUNLINK, ip_muxid); 4051 Perror0_exit("I_PLINK for arp"); 4052 } 4053 4054 if (debug) 4055 (void) printf("arp muxid = %d\n", arp_muxid); 4056 out: 4057 dlpi_close(dh_ip); 4058 dlpi_close(dh_arp); 4059 (void) close(mux_fd); 4060 return (lifr.lifr_ppa); 4061 } 4062 4063 /* 4064 * If this is a physical interface then remove it. 4065 * If it is a logical interface name use SIOCLIFREMOVEIF to 4066 * remove it. In both cases fail if it doesn't exist. 4067 */ 4068 /* ARGSUSED */ 4069 static int 4070 inetunplumb(char *arg, int64_t param) 4071 { 4072 int ip_muxid, arp_muxid; 4073 int mux_fd; 4074 int muxid_fd; 4075 char *udp_dev_name; 4076 char *strptr; 4077 uint64_t flags; 4078 boolean_t changed_arp_muxid = _B_FALSE; 4079 int save_errno; 4080 boolean_t v6 = (afp->af_af == AF_INET6); 4081 4082 strptr = strchr(name, ':'); 4083 if (strptr != NULL || strcmp(name, LOOPBACK_IF) == 0) { 4084 /* Can't unplumb logical interface zero */ 4085 if (strptr != NULL && strcmp(strptr, ":0") == 0) { 4086 (void) fprintf(stderr, "ifconfig: unplumb:" 4087 " Cannot unplumb %s: Invalid interface\n", name); 4088 exit(1); 4089 } 4090 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4091 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 4092 4093 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) 4094 Perror0_exit("unplumb: SIOCLIFREMOVEIF"); 4095 return (0); 4096 } 4097 4098 /* 4099 * We used /dev/udp or udp6 to set up the mux. So we have to use 4100 * the same now for PUNLINK also. 4101 */ 4102 if (v6) 4103 udp_dev_name = UDP6_DEV_NAME; 4104 else 4105 udp_dev_name = UDP_DEV_NAME; 4106 4107 if ((muxid_fd = open(udp_dev_name, O_RDWR)) == -1) 4108 exit(EXIT_FAILURE); 4109 4110 if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1) 4111 exit(EXIT_FAILURE); 4112 4113 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4114 if (ioctl(muxid_fd, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 4115 Perror0_exit("unplumb: SIOCGLIFFLAGS"); 4116 } 4117 flags = lifr.lifr_flags; 4118 again: 4119 if (flags & IFF_IPMP) { 4120 lifgroupinfo_t lifgr; 4121 ifaddrlistx_t *ifaddrs, *ifaddrp; 4122 4123 /* 4124 * There are two reasons the I_PUNLINK can fail with EBUSY: 4125 * (1) if IP interfaces are in the group, or (2) if IPMP data 4126 * addresses are administratively up. For case (1), we fail 4127 * here with a specific error message. For case (2), we bring 4128 * down the addresses prior to doing the I_PUNLINK. If the 4129 * I_PUNLINK still fails with EBUSY then the configuration 4130 * must have changed after our checks, in which case we branch 4131 * back up to `again' and rerun this logic. The net effect is 4132 * that unplumbing an IPMP interface will only fail with EBUSY 4133 * if IP interfaces are in the group. 4134 */ 4135 if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) == -1) 4136 Perror0_exit("unplumb: SIOCGLIFGROUPNAME"); 4137 4138 (void) strlcpy(lifgr.gi_grname, lifr.lifr_groupname, 4139 LIFGRNAMSIZ); 4140 if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) 4141 Perror0_exit("unplumb: SIOCGLIFGROUPINFO"); 4142 4143 if ((v6 && lifgr.gi_nv6 != 0) || (!v6 && lifgr.gi_nv4 != 0)) { 4144 (void) fprintf(stderr, "ifconfig: %s: cannot unplumb:" 4145 " IPMP group is not empty\n", name); 4146 exit(1); 4147 } 4148 4149 /* 4150 * The kernel will fail the I_PUNLINK if the IPMP interface 4151 * has administratively up addresses; bring 'em down. 4152 */ 4153 if (ifaddrlistx(name, IFF_UP|IFF_DUPLICATE, 0, &ifaddrs) == -1) 4154 Perror2_exit(name, "cannot get address list"); 4155 4156 ifaddrp = ifaddrs; 4157 for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) { 4158 if (((ifaddrp->ia_flags & IFF_IPV6) && !v6) || 4159 (!(ifaddrp->ia_flags & IFF_IPV6) && v6)) 4160 continue; 4161 4162 if (!ifaddr_down(ifaddrp)) { 4163 Perror2_exit(ifaddrp->ia_name, 4164 "cannot bring down"); 4165 } 4166 } 4167 ifaddrlistx_free(ifaddrs); 4168 } 4169 4170 if (ioctl(muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 4171 Perror0_exit("unplumb: SIOCGLIFMUXID"); 4172 } 4173 arp_muxid = lifr.lifr_arp_muxid; 4174 ip_muxid = lifr.lifr_ip_muxid; 4175 /* 4176 * We don't have a good way of knowing whether the arp stream is 4177 * plumbed. We can't rely on IFF_NOARP because someone could 4178 * have turned it off later using "ifconfig xxx -arp". 4179 */ 4180 if (arp_muxid != 0) { 4181 if (debug) 4182 (void) printf("arp_muxid %d\n", arp_muxid); 4183 if (ioctl(mux_fd, I_PUNLINK, arp_muxid) < 0) { 4184 /* 4185 * See the comment before the SIOCGLIFGROUPNAME call. 4186 */ 4187 if (errno == EBUSY && (flags & IFF_IPMP)) 4188 goto again; 4189 4190 if ((errno == EINVAL) && 4191 (flags & (IFF_NOARP | IFF_IPV6))) { 4192 /* 4193 * Some plumbing utilities set the muxid to 4194 * -1 or some invalid value to signify that 4195 * there is no arp stream. Set the muxid to 0 4196 * before trying to unplumb the IP stream. 4197 * IP does not allow the IP stream to be 4198 * unplumbed if it sees a non-null arp muxid, 4199 * for consistency of IP-ARP streams. 4200 */ 4201 lifr.lifr_arp_muxid = 0; 4202 (void) ioctl(muxid_fd, SIOCSLIFMUXID, 4203 (caddr_t)&lifr); 4204 changed_arp_muxid = _B_TRUE; 4205 } else { 4206 Perror0("I_PUNLINK for arp"); 4207 } 4208 } 4209 } 4210 if (debug) 4211 (void) printf("ip_muxid %d\n", ip_muxid); 4212 4213 if (ioctl(mux_fd, I_PUNLINK, ip_muxid) < 0) { 4214 if (changed_arp_muxid) { 4215 /* 4216 * Some error occurred, and we need to restore 4217 * everything back to what it was. 4218 */ 4219 save_errno = errno; 4220 lifr.lifr_arp_muxid = arp_muxid; 4221 lifr.lifr_ip_muxid = ip_muxid; 4222 (void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 4223 errno = save_errno; 4224 } 4225 4226 /* 4227 * See the comment before the SIOCGLIFGROUPNAME call. 4228 */ 4229 if (errno == EBUSY && (flags & IFF_IPMP)) 4230 goto again; 4231 4232 Perror0_exit("I_PUNLINK for ip"); 4233 } 4234 (void) close(mux_fd); 4235 (void) close(muxid_fd); 4236 return (0); 4237 } 4238 4239 /* 4240 * If this is a physical interface then create it unless it is already 4241 * present. If it is a logical interface name use SIOCLIFADDIF to 4242 * create and (and fail it if already exists.) 4243 * As a special case send SIOCLIFADDIF for the loopback interface. This 4244 * is needed since there is no other notion of plumbing the loopback 4245 * interface. 4246 */ 4247 /* ARGSUSED */ 4248 static int 4249 inetplumb(char *arg, int64_t param) 4250 { 4251 char *strptr; 4252 boolean_t islo; 4253 zoneid_t zoneid; 4254 4255 strptr = strchr(name, ':'); 4256 islo = (strcmp(name, LOOPBACK_IF) == 0); 4257 4258 if (strptr != NULL || islo) { 4259 (void) memset(&lifr, 0, sizeof (lifr)); 4260 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4261 if (islo && ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) { 4262 if (debug) { 4263 (void) fprintf(stderr, 4264 "ifconfig: %s already exists\n", name); 4265 } 4266 return (0); 4267 } 4268 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) { 4269 if (errno == EEXIST) { 4270 if (debug) { 4271 (void) fprintf(stderr, 4272 "ifconfig: %s already exists\n", 4273 name); 4274 } 4275 } else { 4276 Perror2_exit("plumb: SIOCLIFADDIF", name); 4277 } 4278 } 4279 return (0); 4280 } 4281 4282 /* 4283 * For global zone, check if the interface is used by a non-global 4284 * zone, note that the non-global zones doesn't need this check, 4285 * because zoneadm has taken care of this when the zone boots. 4286 */ 4287 zoneid = getzoneid(); 4288 if (zoneid == GLOBAL_ZONEID) { 4289 int ret; 4290 4291 zoneid = ALL_ZONES; 4292 ret = zone_check_datalink(&zoneid, name); 4293 if (ret == 0) { 4294 char zonename[ZONENAME_MAX]; 4295 4296 (void) getzonenamebyid(zoneid, zonename, ZONENAME_MAX); 4297 (void) fprintf(stderr, "%s is used by non-global" 4298 "zone: %s\n", name, zonename); 4299 return (1); 4300 } 4301 } 4302 4303 if (debug) 4304 (void) printf("inetplumb: %s af %d\n", name, afp->af_af); 4305 4306 (void) ifplumb(name, name, _B_FALSE, afp->af_af); 4307 return (0); 4308 } 4309 4310 /* ARGSUSED */ 4311 static int 4312 inetipmp(char *arg, int64_t param) 4313 { 4314 int retval; 4315 4316 /* 4317 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb". 4318 * Otherwise, try to create the requested IPMP interface. 4319 */ 4320 if (strchr(name, ':') != NULL) 4321 retval = inetplumb(arg, param); 4322 else 4323 retval = create_ipmp(name, afp->af_af, name, _B_FALSE); 4324 4325 /* 4326 * We'd return -1, but foreachinterface() doesn't propagate the error 4327 * into the exit status, so we're forced to explicitly exit(). 4328 */ 4329 if (retval == -1) 4330 exit(1); 4331 return (0); 4332 } 4333 4334 /* 4335 * Create an IPMP group `grname' with address family `af'. If `ifname' is 4336 * non-NULL, it specifies the interface name to use. Otherwise, use the name 4337 * ipmpN, where N corresponds to the lowest available integer. If `implicit' 4338 * is set, then the group is being created as a side-effect of placing an 4339 * underlying interface in a group. Also start in.mpathd if necessary. 4340 */ 4341 static int 4342 create_ipmp(const char *grname, int af, const char *ifname, boolean_t implicit) 4343 { 4344 int ppa; 4345 static int ipmp_daemon_started; 4346 4347 if (debug) { 4348 (void) printf("create_ipmp: ifname %s grname %s af %d\n", 4349 ifname != NULL ? ifname : "NULL", grname, af); 4350 } 4351 4352 if (ifname != NULL) 4353 ppa = ifplumb(IPMPSTUB, ifname, _B_FALSE, af); 4354 else 4355 ppa = ifplumb(IPMPSTUB, "ipmp", _B_TRUE, af); 4356 4357 if (ppa == -1) { 4358 Perror2(grname, "cannot create IPMP interface"); 4359 return (-1); 4360 } 4361 4362 if (ifname != NULL) 4363 (void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ); 4364 else 4365 (void) snprintf(lifr.lifr_name, LIFNAMSIZ, "ipmp%d", ppa); 4366 4367 /* 4368 * To preserve backward-compatibility, always bring up the link-local 4369 * address for implicitly-created IPv6 IPMP interfaces. 4370 */ 4371 if (implicit && af == AF_INET6) { 4372 if (ioctl(s6, SIOCGLIFFLAGS, &lifr) == 0) { 4373 lifr.lifr_flags |= IFF_UP; 4374 (void) ioctl(s6, SIOCSLIFFLAGS, &lifr); 4375 } 4376 } 4377 4378 /* 4379 * If the caller requested a different group name, issue a 4380 * SIOCSLIFGROUPNAME on the new IPMP interface. 4381 */ 4382 if (strcmp(lifr.lifr_name, grname) != 0) { 4383 (void) strlcpy(lifr.lifr_groupname, grname, LIFGRNAMSIZ); 4384 if (ioctl(s, SIOCSLIFGROUPNAME, &lifr) == -1) { 4385 Perror0("SIOCSLIFGROUPNAME"); 4386 return (-1); 4387 } 4388 } 4389 4390 /* 4391 * If we haven't done so yet, ensure in.mpathd is started. 4392 */ 4393 if (ipmp_daemon_started++ == 0) 4394 start_ipmp_daemon(); 4395 4396 return (0); 4397 } 4398 4399 /* 4400 * Check if `ifname' is plumbed and in an IPMP group on its "other" address 4401 * family. If so, create a matching IPMP group for address family `af'. 4402 */ 4403 static int 4404 create_ipmp_peer(int af, const char *ifname) 4405 { 4406 int fd; 4407 lifgroupinfo_t lifgr; 4408 4409 assert(af == AF_INET || af == AF_INET6); 4410 4411 /* 4412 * Get the socket for the "other" address family. 4413 */ 4414 fd = (af == AF_INET) ? s6 : s4; 4415 4416 (void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ); 4417 if (ioctl(fd, SIOCGLIFGROUPNAME, &lifr) != 0) 4418 return (0); 4419 4420 (void) strlcpy(lifgr.gi_grname, lifr.lifr_groupname, LIFGRNAMSIZ); 4421 if (ioctl(fd, SIOCGLIFGROUPINFO, &lifgr) != 0) 4422 return (0); 4423 4424 /* 4425 * If `ifname' *is* the IPMP group interface, or if the relevant 4426 * address family is already configured, then there's nothing to do. 4427 */ 4428 if (strcmp(lifgr.gi_grifname, ifname) == 0 || 4429 (af == AF_INET && lifgr.gi_v4) || (af == AF_INET6 && lifgr.gi_v6)) 4430 return (0); 4431 4432 return (create_ipmp(lifgr.gi_grname, af, lifgr.gi_grifname, _B_TRUE)); 4433 } 4434 4435 /* 4436 * Start in.mpathd if it's not already running. 4437 */ 4438 static void 4439 start_ipmp_daemon(void) 4440 { 4441 int retval; 4442 ipmp_handle_t ipmp_handle; 4443 4444 /* 4445 * Ping in.mpathd to see if it's running already. 4446 */ 4447 if ((retval = ipmp_open(&ipmp_handle)) != IPMP_SUCCESS) { 4448 (void) fprintf(stderr, "ifconfig: cannot create IPMP handle: " 4449 "%s\n", ipmp_errmsg(retval)); 4450 return; 4451 } 4452 4453 retval = ipmp_ping_daemon(ipmp_handle); 4454 ipmp_close(ipmp_handle); 4455 4456 switch (retval) { 4457 case IPMP_ENOMPATHD: 4458 break; 4459 case IPMP_SUCCESS: 4460 return; 4461 default: 4462 (void) fprintf(stderr, "ifconfig: cannot ping in.mpathd: %s\n", 4463 ipmp_errmsg(retval)); 4464 break; 4465 } 4466 4467 /* 4468 * Start in.mpathd. Note that in.mpathd will handle multiple 4469 * incarnations (ipmp_ping_daemon() is just an optimization) so we 4470 * don't need to worry about racing with another ifconfig process. 4471 */ 4472 switch (fork()) { 4473 case -1: 4474 Perror0_exit("start_ipmp_daemon: fork"); 4475 /* NOTREACHED */ 4476 case 0: 4477 (void) execl(MPATHD_PATH, MPATHD_PATH, NULL); 4478 _exit(1); 4479 /* NOTREACHED */ 4480 default: 4481 break; 4482 } 4483 } 4484 4485 /* 4486 * Bring the address named by `ifaddrp' up or down. Doesn't trust any mutable 4487 * values in ia_flags since they may be stale. 4488 */ 4489 static boolean_t 4490 ifaddr_op(ifaddrlistx_t *ifaddrp, boolean_t up) 4491 { 4492 struct lifreq lifrl; /* Local lifreq struct */ 4493 int fd = (ifaddrp->ia_flags & IFF_IPV4) ? s4 : s6; 4494 4495 (void) memset(&lifrl, 0, sizeof (lifrl)); 4496 (void) strlcpy(lifrl.lifr_name, ifaddrp->ia_name, LIFNAMSIZ); 4497 if (ioctl(fd, SIOCGLIFFLAGS, &lifrl) == -1) 4498 return (_B_FALSE); 4499 4500 if (up) 4501 lifrl.lifr_flags |= IFF_UP; 4502 else 4503 lifrl.lifr_flags &= ~IFF_UP; 4504 4505 if (ioctl(fd, SIOCSLIFFLAGS, &lifrl) == -1) 4506 return (_B_FALSE); 4507 4508 /* 4509 * If we're trying to bring the address down, ensure that DAD activity 4510 * (observable by IFF_DUPLICATE) has also been stopped. 4511 */ 4512 if (!up && ioctl(fd, SIOCGLIFFLAGS, &lifrl) != -1 && 4513 lifrl.lifr_flags & IFF_DUPLICATE) { 4514 if (ioctl(fd, SIOCGLIFADDR, &lifrl) == -1 || 4515 ioctl(fd, SIOCSLIFADDR, &lifrl) == -1) { 4516 return (_B_FALSE); 4517 } 4518 } 4519 return (_B_TRUE); 4520 } 4521 4522 static boolean_t 4523 ifaddr_up(ifaddrlistx_t *ifaddrp) 4524 { 4525 return (ifaddr_op(ifaddrp, _B_TRUE)); 4526 } 4527 4528 static boolean_t 4529 ifaddr_down(ifaddrlistx_t *ifaddrp) 4530 { 4531 return (ifaddr_op(ifaddrp, _B_FALSE)); 4532 } 4533 4534 void 4535 Perror0(const char *cmd) 4536 { 4537 Perror2(cmd, lifr.lifr_name); 4538 } 4539 4540 void 4541 Perror0_exit(const char *cmd) 4542 { 4543 Perror0(cmd); 4544 exit(1); 4545 /* NOTREACHED */ 4546 } 4547 4548 void 4549 Perror2(const char *cmd, const char *str) 4550 { 4551 int error = errno; 4552 4553 (void) fprintf(stderr, "ifconfig: %s: ", cmd); 4554 4555 switch (error) { 4556 case ENXIO: 4557 (void) fprintf(stderr, "%s: no such interface\n", str); 4558 break; 4559 case EPERM: 4560 (void) fprintf(stderr, "%s: permission denied\n", str); 4561 break; 4562 case EEXIST: 4563 (void) fprintf(stderr, "%s: already exists\n", str); 4564 break; 4565 default: 4566 errno = error; 4567 perror(str); 4568 } 4569 } 4570 4571 /* 4572 * Print out error message (Perror2()) and exit 4573 */ 4574 void 4575 Perror2_exit(const char *cmd, const char *str) 4576 { 4577 Perror2(cmd, str); 4578 exit(1); 4579 /* NOTREACHED */ 4580 } 4581 4582 void 4583 Perrdlpi(const char *cmd, const char *linkname, int err) 4584 { 4585 (void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd, 4586 linkname, dlpi_strerror(err)); 4587 } 4588 4589 /* 4590 * Print out error message (Perrdlpi()) and exit 4591 */ 4592 void 4593 Perrdlpi_exit(const char *cmd, const char *linkname, int err) 4594 { 4595 Perrdlpi(cmd, linkname, err); 4596 exit(1); 4597 } 4598 4599 /* 4600 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4601 * pass out <n> in *plenp. 4602 * If <n> doesn't parse return BAD_ADDR as *plenp. 4603 * If no /<n> is present return NO_PREFIX as *plenp. 4604 */ 4605 static void 4606 in_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4607 { 4608 /* LINTED: alignment */ 4609 struct sockaddr_in *sin = (struct sockaddr_in *)saddr; 4610 struct hostent *hp; 4611 struct netent *np; 4612 char str[BUFSIZ]; 4613 int error_num; 4614 4615 (void) strncpy(str, s, sizeof (str)); 4616 4617 /* 4618 * Look for '/'<n> is plenp 4619 */ 4620 if (plenp != NULL) { 4621 char *cp; 4622 4623 *plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS); 4624 if (*plenp == BAD_ADDR) 4625 return; 4626 cp = strchr(str, '/'); 4627 if (cp != NULL) 4628 *cp = '\0'; 4629 } else if (strchr(str, '/') != NULL) { 4630 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4631 exit(1); 4632 } 4633 4634 (void) memset(sin, 0, sizeof (*sin)); 4635 4636 /* 4637 * Try to catch attempts to set the broadcast address to all 1's. 4638 */ 4639 if (strcmp(str, "255.255.255.255") == 0 || 4640 (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) { 4641 sin->sin_family = AF_INET; 4642 sin->sin_addr.s_addr = 0xffffffff; 4643 return; 4644 } 4645 4646 hp = getipnodebyname(str, AF_INET, 0, &error_num); 4647 if (hp) { 4648 sin->sin_family = hp->h_addrtype; 4649 (void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length); 4650 freehostent(hp); 4651 return; 4652 } 4653 np = getnetbyname(str); 4654 if (np) { 4655 sin->sin_family = np->n_addrtype; 4656 sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY); 4657 return; 4658 } 4659 if (error_num == TRY_AGAIN) { 4660 (void) fprintf(stderr, "ifconfig: %s: bad address " 4661 "(try again later)\n", s); 4662 } else { 4663 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4664 } 4665 exit(1); 4666 } 4667 4668 /* 4669 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4670 * pass out <n> in *plenp. 4671 * If <n> doesn't parse return BAD_ADDR as *plenp. 4672 * If no /<n> is present return NO_PREFIX as *plenp. 4673 */ 4674 static void 4675 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4676 { 4677 /* LINTED: alignment */ 4678 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr; 4679 struct hostent *hp; 4680 char str[BUFSIZ]; 4681 int error_num; 4682 4683 (void) strncpy(str, s, sizeof (str)); 4684 4685 /* 4686 * Look for '/'<n> is plenp 4687 */ 4688 if (plenp != NULL) { 4689 char *cp; 4690 4691 *plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS); 4692 if (*plenp == BAD_ADDR) 4693 return; 4694 cp = strchr(str, '/'); 4695 if (cp != NULL) 4696 *cp = '\0'; 4697 } else if (strchr(str, '/') != NULL) { 4698 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4699 exit(1); 4700 } 4701 4702 (void) memset(sin6, 0, sizeof (*sin6)); 4703 4704 hp = getipnodebyname(str, AF_INET6, 0, &error_num); 4705 if (hp) { 4706 sin6->sin6_family = hp->h_addrtype; 4707 (void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length); 4708 freehostent(hp); 4709 return; 4710 } 4711 if (error_num == TRY_AGAIN) { 4712 (void) fprintf(stderr, "ifconfig: %s: bad address " 4713 "(try again later)\n", s); 4714 } else { 4715 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4716 } 4717 exit(1); 4718 } 4719 4720 /* 4721 * If "slash" is zero this parses the whole string as 4722 * an integer. With "slash" non zero it parses the tail part as an integer. 4723 * 4724 * If it is not a valid integer this returns BAD_ADDR. 4725 * If there is /<n> present this returns NO_PREFIX. 4726 */ 4727 static int 4728 in_getprefixlen(char *addr, boolean_t slash, int max_plen) 4729 { 4730 int prefixlen; 4731 char *str, *end; 4732 4733 if (slash) { 4734 str = strchr(addr, '/'); 4735 if (str == NULL) 4736 return (NO_PREFIX); 4737 str++; 4738 } else 4739 str = addr; 4740 4741 prefixlen = strtol(str, &end, 10); 4742 if (prefixlen < 0) 4743 return (BAD_ADDR); 4744 if (str == end) 4745 return (BAD_ADDR); 4746 if (max_plen != 0 && max_plen < prefixlen) 4747 return (BAD_ADDR); 4748 return (prefixlen); 4749 } 4750 4751 /* 4752 * Convert a prefix length to a mask. 4753 * Returns 1 if ok. 0 otherwise. 4754 * Assumes the mask array is zero'ed by the caller. 4755 */ 4756 static boolean_t 4757 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask) 4758 { 4759 if (prefixlen < 0 || prefixlen > maxlen) 4760 return (0); 4761 4762 while (prefixlen > 0) { 4763 if (prefixlen >= 8) { 4764 *mask++ = 0xFF; 4765 prefixlen -= 8; 4766 continue; 4767 } 4768 *mask |= 1 << (8 - prefixlen); 4769 prefixlen--; 4770 } 4771 return (1); 4772 } 4773 4774 static void 4775 print_flags(uint64_t flags) 4776 { 4777 boolean_t first = _B_TRUE; 4778 int cnt, i; 4779 4780 (void) printf("flags=%llx", flags); 4781 cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t); 4782 for (i = 0; i < cnt; i++) { 4783 if (flags & if_flags_tbl[i].iff_value) { 4784 if (first) { 4785 (void) printf("<"); 4786 first = _B_FALSE; 4787 } else { 4788 /* 4789 * It has to be here and not with the 4790 * printf below because for the last one, 4791 * we don't want a comma before the ">". 4792 */ 4793 (void) printf(","); 4794 } 4795 (void) printf("%s", if_flags_tbl[i].iff_name); 4796 } 4797 } 4798 if (!first) 4799 (void) printf(">"); 4800 } 4801 4802 static void 4803 print_config_flags(int af, uint64_t flags) 4804 { 4805 if_config_cmd_t *cmdp; 4806 4807 for (cmdp = if_config_cmd_tbl; cmdp->iff_flag != 0; cmdp++) { 4808 if ((flags & cmdp->iff_flag) && 4809 (cmdp->iff_af == AF_UNSPEC || cmdp->iff_af == af)) { 4810 (void) printf("%s ", cmdp->iff_name); 4811 } 4812 } 4813 } 4814 4815 /* 4816 * Use the configured directory lookup mechanism (e.g. files/NIS/NIS+/...) 4817 * to find the network mask. Returns true if we found one to set. 4818 * 4819 * The parameter addr_set controls whether we should get the address of 4820 * the working interface for the netmask query. If addr_set is true, 4821 * we will use the address provided. Otherwise, we will find the working 4822 * interface's address and use it instead. 4823 */ 4824 static boolean_t 4825 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set) 4826 { 4827 struct sockaddr_in ifaddr; 4828 4829 /* 4830 * Read the address from the interface if it is not passed in. 4831 */ 4832 if (!addr_set) { 4833 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4834 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 4835 if (errno != EADDRNOTAVAIL) { 4836 (void) fprintf(stderr, "Need net number for " 4837 "mask\n"); 4838 } 4839 return (_B_FALSE); 4840 } 4841 ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr); 4842 } else { 4843 ifaddr.sin_addr = saddr->sin_addr; 4844 } 4845 if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) { 4846 saddr->sin_family = AF_INET; 4847 return (_B_TRUE); 4848 } 4849 return (_B_FALSE); 4850 } 4851 4852 static int 4853 lifnum(const char *ifname) 4854 { 4855 const char *cp; 4856 4857 if ((cp = strchr(ifname, ':')) == NULL) 4858 return (0); 4859 else 4860 return (atoi(cp + 1)); 4861 } 4862 4863 static int 4864 strioctl(int s, int cmd, void *buf, int buflen) 4865 { 4866 struct strioctl ioc; 4867 4868 (void) memset(&ioc, 0, sizeof (ioc)); 4869 ioc.ic_cmd = cmd; 4870 ioc.ic_timout = 0; 4871 ioc.ic_len = buflen; 4872 ioc.ic_dp = buf; 4873 return (ioctl(s, I_STR, (char *)&ioc)); 4874 } 4875 4876 static void 4877 add_ni(const char *name) 4878 { 4879 ni_t **pp; 4880 ni_t *p; 4881 4882 for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) { 4883 if (strcmp(p->ni_name, name) == 0) { 4884 if (debug > 2) 4885 (void) fprintf(stderr, "'%s' is a duplicate\n", 4886 name); 4887 return; 4888 } 4889 } 4890 4891 if (debug > 2) 4892 (void) fprintf(stderr, "adding '%s'\n", 4893 name); 4894 4895 if ((p = malloc(sizeof (ni_t))) == NULL) 4896 return; 4897 4898 (void) strlcpy(p->ni_name, name, sizeof (p->ni_name)); 4899 p->ni_next = NULL; 4900 4901 *pp = p; 4902 num_ni++; 4903 } 4904 4905 static boolean_t 4906 ni_entry(const char *linkname, void *arg) 4907 { 4908 dlpi_handle_t dh; 4909 datalink_class_t class; 4910 4911 (void) dladm_name2info(arg, linkname, NULL, NULL, &class, NULL); 4912 4913 if (class == DATALINK_CLASS_ETHERSTUB) 4914 return (_B_FALSE); 4915 if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS) 4916 return (_B_FALSE); 4917 4918 add_ni(linkname); 4919 4920 dlpi_close(dh); 4921 return (_B_FALSE); 4922 } 4923 4924 /* 4925 * dhcp-related routines 4926 */ 4927 4928 static int 4929 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[]) 4930 { 4931 dhcp_ipc_request_t *request; 4932 dhcp_ipc_reply_t *reply = NULL; 4933 int timeout = DHCP_IPC_WAIT_DEFAULT; 4934 dhcp_ipc_type_t type = DHCP_START; 4935 int error; 4936 boolean_t is_primary = _B_FALSE; 4937 boolean_t started = _B_FALSE; 4938 4939 for (argv++; --argc > 0; argv++) { 4940 4941 if (strcmp(*argv, "primary") == 0) { 4942 is_primary = _B_TRUE; 4943 continue; 4944 } 4945 4946 if (strcmp(*argv, "wait") == 0) { 4947 if (--argc <= 0) { 4948 usage(); 4949 return (DHCP_EXIT_BADARGS); 4950 } 4951 argv++; 4952 4953 if (strcmp(*argv, "forever") == 0) { 4954 timeout = DHCP_IPC_WAIT_FOREVER; 4955 continue; 4956 } 4957 4958 if (sscanf(*argv, "%d", &timeout) != 1) { 4959 usage(); 4960 return (DHCP_EXIT_BADARGS); 4961 } 4962 4963 if (timeout < 0) { 4964 usage(); 4965 return (DHCP_EXIT_BADARGS); 4966 } 4967 continue; 4968 } 4969 4970 type = dhcp_string_to_request(*argv); 4971 if (type == -1) { 4972 usage(); 4973 return (DHCP_EXIT_BADARGS); 4974 } 4975 } 4976 4977 /* 4978 * Only try to start agent on start or inform; in all other cases it 4979 * has to already be running for anything to make sense. 4980 */ 4981 if (type == DHCP_START || type == DHCP_INFORM) { 4982 if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) { 4983 (void) fprintf(stderr, "%s: unable to start %s\n", 4984 caller, DHCP_AGENT_PATH); 4985 return (DHCP_EXIT_FAILURE); 4986 } 4987 started = _B_TRUE; 4988 } 4989 4990 if (is_primary) 4991 type |= DHCP_PRIMARY; 4992 4993 if (af != AF_INET) 4994 type |= DHCP_V6; 4995 4996 request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE); 4997 if (request == NULL) { 4998 (void) fprintf(stderr, "%s: out of memory\n", caller); 4999 return (DHCP_EXIT_SYSTEM); 5000 } 5001 5002 error = dhcp_ipc_make_request(request, &reply, timeout); 5003 if (error != 0) { 5004 free(request); 5005 /* 5006 * Re-map connect error to not under control if we didn't try a 5007 * start operation, as this has to be true and results in a 5008 * clearer message, not to mention preserving compatibility 5009 * with the days when we always started dhcpagent for every 5010 * request. 5011 */ 5012 if (error == DHCP_IPC_E_CONNECT && !started) 5013 error = DHCP_IPC_E_UNKIF; 5014 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 5015 dhcp_ipc_strerror(error)); 5016 return (DHCP_EXIT_FAILURE); 5017 } 5018 5019 error = reply->return_code; 5020 if (error != 0) { 5021 free(request); 5022 free(reply); 5023 5024 if (error == DHCP_IPC_E_TIMEOUT && timeout == 0) 5025 return (DHCP_EXIT_SUCCESS); 5026 5027 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 5028 dhcp_ipc_strerror(error)); 5029 5030 if (error == DHCP_IPC_E_TIMEOUT) 5031 return (DHCP_EXIT_TIMEOUT); 5032 else 5033 return (DHCP_EXIT_IF_FAILURE); 5034 } 5035 5036 if (DHCP_IPC_CMD(type) == DHCP_STATUS) { 5037 (void) printf("%s", dhcp_status_hdr_string()); 5038 (void) printf("%s", dhcp_status_reply_to_string(reply)); 5039 } 5040 5041 free(request); 5042 free(reply); 5043 return (DHCP_EXIT_SUCCESS); 5044 } 5045 5046 static void 5047 usage(void) 5048 { 5049 (void) fprintf(stderr, 5050 "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n"); 5051 5052 (void) fprintf(stderr, "%s", 5053 "\t[ <addr_family> ]\n" 5054 "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n" 5055 "\t[ set [ <address>][/<prefix_length>] ]" 5056 " [ <address>/<prefix_length>] ]\n" 5057 "\t[ destination <dest_address> ]\n" 5058 "\t[ addif <address>[/<prefix_length>]" 5059 " [ <dest_address> ] ]\n" 5060 "\t[ removeif <address>[/<prefix_length>] ]\n" 5061 "\t[ arp | -arp ]\n" 5062 "\t[ auto-revarp ]\n" 5063 "\t[ broadcast <broad_addr> ]\n" 5064 "\t[ index <if_index> ]\n" 5065 "\t[ metric <n> ] [ mtu <n> ]\n" 5066 "\t[ netmask <mask> ]\n" 5067 "\t[ plumb ] [ unplumb ]\n" 5068 "\t[ preferred | -preferred ]\n" 5069 "\t[ private | -private ]\n" 5070 "\t[ local | -local ]\n" 5071 "\t[ router | -router ]\n" 5072 "\t[ subnet <subnet_address>]\n" 5073 "\t[ trailers | -trailers ]\n" 5074 "\t[ token <address>/<prefix_length> ]\n" 5075 "\t[ tsrc <tunnel_src_address> ]\n" 5076 "\t[ tdst <tunnel_dest_address> ]\n" 5077 "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n" 5078 "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n" 5079 "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n" 5080 "\t[ up ] [ down ]\n" 5081 "\t[ xmit | -xmit ]\n" 5082 "\t[ modlist ]\n" 5083 "\t[ modinsert <module_name@position> ]\n" 5084 "\t[ modremove <module_name@position> ]\n" 5085 "\t[ ipmp ]\n" 5086 "\t[ group <groupname>] | [ group \"\"]\n" 5087 "\t[ deprecated | -deprecated ]\n" 5088 "\t[ standby | -standby ]\n" 5089 "\t[ failover | -failover ]\n" 5090 "\t[ zone <zonename> | -zone ]\n" 5091 "\t[ usesrc <interface> ]\n" 5092 "\t[ all-zones ]\n"); 5093 5094 (void) fprintf(stderr, "or\n"); 5095 (void) fprintf(stderr, 5096 "\tifconfig <interface> | -a[ 4 | 6 | D ] [ u | d ]\n"); 5097 5098 (void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n" 5099 "\t[ wait <time> | forever ]\n\t[ primary ]\n" 5100 "\tstart | drop | ping | release | status | inform\n"); 5101 } 5102