16e91bba0SGirish Moodalbail /* 26e91bba0SGirish Moodalbail * CDDL HEADER START 36e91bba0SGirish Moodalbail * 46e91bba0SGirish Moodalbail * The contents of this file are subject to the terms of the 56e91bba0SGirish Moodalbail * Common Development and Distribution License (the "License"). 66e91bba0SGirish Moodalbail * You may not use this file except in compliance with the License. 76e91bba0SGirish Moodalbail * 86e91bba0SGirish Moodalbail * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 96e91bba0SGirish Moodalbail * or http://www.opensolaris.org/os/licensing. 106e91bba0SGirish Moodalbail * See the License for the specific language governing permissions 116e91bba0SGirish Moodalbail * and limitations under the License. 126e91bba0SGirish Moodalbail * 136e91bba0SGirish Moodalbail * When distributing Covered Code, include this CDDL HEADER in each 146e91bba0SGirish Moodalbail * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 156e91bba0SGirish Moodalbail * If applicable, add the following below this CDDL HEADER, with the 166e91bba0SGirish Moodalbail * fields enclosed by brackets "[]" replaced with your own identifying 176e91bba0SGirish Moodalbail * information: Portions Copyright [yyyy] [name of copyright owner] 186e91bba0SGirish Moodalbail * 196e91bba0SGirish Moodalbail * CDDL HEADER END 206e91bba0SGirish Moodalbail */ 216e91bba0SGirish Moodalbail /* 22f1e9465bSSowmini Varadhan * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved. 23299625c6SSebastien Roy * Copyright (c) 2013 by Delphix. All rights reserved. 247c6d7024SJerry Jelinek * Copyright (c) 2012, Joyent, Inc. All rights reserved. 256e91bba0SGirish Moodalbail */ 268887b57dSGirish Moodalbail /* Copyright (c) 1990 Mentat Inc. */ 276e91bba0SGirish Moodalbail 286e91bba0SGirish Moodalbail #include <inet/ip.h> 296e91bba0SGirish Moodalbail #include <inet/ip6.h> 306e91bba0SGirish Moodalbail #include <inet/ip_if.h> 316e91bba0SGirish Moodalbail #include <inet/ip_ire.h> 326e91bba0SGirish Moodalbail #include <inet/ipclassifier.h> 336e91bba0SGirish Moodalbail #include <inet/ip_impl.h> 346e91bba0SGirish Moodalbail #include <inet/tunables.h> 356e91bba0SGirish Moodalbail #include <sys/sunddi.h> 366e91bba0SGirish Moodalbail #include <sys/policy.h> 376e91bba0SGirish Moodalbail 386e91bba0SGirish Moodalbail /* How long, in seconds, we allow frags to hang around. */ 396e91bba0SGirish Moodalbail #define IP_REASM_TIMEOUT 15 406e91bba0SGirish Moodalbail #define IPV6_REASM_TIMEOUT 60 416e91bba0SGirish Moodalbail 426e91bba0SGirish Moodalbail /* 436e91bba0SGirish Moodalbail * Set ip{,6}_forwarding values. If the value is being set on an ill, 446e91bba0SGirish Moodalbail * find the ill and set the value on it. On the other hand if we are modifying 456e91bba0SGirish Moodalbail * global property, modify the global value and set the value on all the ills. 466e91bba0SGirish Moodalbail */ 476e91bba0SGirish Moodalbail /* ARGSUSED */ 486e91bba0SGirish Moodalbail static int 49299625c6SSebastien Roy ip_set_forwarding(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo, 506e91bba0SGirish Moodalbail const char *ifname, const void* pval, uint_t flags) 516e91bba0SGirish Moodalbail { 526e91bba0SGirish Moodalbail char *end; 536e91bba0SGirish Moodalbail unsigned long new_value; 546e91bba0SGirish Moodalbail boolean_t per_ill, isv6; 556e91bba0SGirish Moodalbail ill_walk_context_t ctx; 566e91bba0SGirish Moodalbail ill_t *ill; 57299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 586e91bba0SGirish Moodalbail 596e91bba0SGirish Moodalbail if (flags & MOD_PROP_DEFAULT) { 606e91bba0SGirish Moodalbail new_value = pinfo->prop_def_bval; 616e91bba0SGirish Moodalbail } else { 626e91bba0SGirish Moodalbail if (ddi_strtoul(pval, &end, 10, &new_value) != 0 || 636e91bba0SGirish Moodalbail *end != '\0') 646e91bba0SGirish Moodalbail return (EINVAL); 656e91bba0SGirish Moodalbail if (new_value != B_TRUE && new_value != B_FALSE) 666e91bba0SGirish Moodalbail return (EINVAL); 676e91bba0SGirish Moodalbail } 686e91bba0SGirish Moodalbail 696e91bba0SGirish Moodalbail per_ill = (ifname != NULL && ifname[0] != '\0'); 706e91bba0SGirish Moodalbail /* 716e91bba0SGirish Moodalbail * if it's not per ill then set the global property and bring all the 726e91bba0SGirish Moodalbail * ills up to date with the new global value. 736e91bba0SGirish Moodalbail */ 746e91bba0SGirish Moodalbail if (!per_ill) 756e91bba0SGirish Moodalbail pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE); 766e91bba0SGirish Moodalbail 776e91bba0SGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE); 786e91bba0SGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER); 796e91bba0SGirish Moodalbail if (isv6) 806e91bba0SGirish Moodalbail ill = ILL_START_WALK_V6(&ctx, ipst); 816e91bba0SGirish Moodalbail else 826e91bba0SGirish Moodalbail ill = ILL_START_WALK_V4(&ctx, ipst); 836e91bba0SGirish Moodalbail 846e91bba0SGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) { 856e91bba0SGirish Moodalbail /* 866e91bba0SGirish Moodalbail * if the property needs to be set on a particular 876e91bba0SGirish Moodalbail * interface, look for that interface. 886e91bba0SGirish Moodalbail */ 896e91bba0SGirish Moodalbail if (per_ill && strcmp(ifname, ill->ill_name) != 0) 906e91bba0SGirish Moodalbail continue; 916e91bba0SGirish Moodalbail (void) ill_forward_set(ill, new_value != 0); 926e91bba0SGirish Moodalbail } 936e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 946e91bba0SGirish Moodalbail 956e91bba0SGirish Moodalbail return (0); 966e91bba0SGirish Moodalbail } 976e91bba0SGirish Moodalbail 986e91bba0SGirish Moodalbail static int 99299625c6SSebastien Roy ip_get_forwarding(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname, 1006e91bba0SGirish Moodalbail void *pval, uint_t pr_size, uint_t flags) 1016e91bba0SGirish Moodalbail { 1026e91bba0SGirish Moodalbail boolean_t value; 1036e91bba0SGirish Moodalbail ill_walk_context_t ctx; 1046e91bba0SGirish Moodalbail ill_t *ill; 105299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 1066e91bba0SGirish Moodalbail boolean_t get_def = (flags & MOD_PROP_DEFAULT); 1076e91bba0SGirish Moodalbail boolean_t get_perm = (flags & MOD_PROP_PERM); 1086e91bba0SGirish Moodalbail boolean_t isv6; 1096e91bba0SGirish Moodalbail size_t nbytes = 0; 1106e91bba0SGirish Moodalbail 1116e91bba0SGirish Moodalbail if (get_perm) { 1126e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", MOD_PROP_PERM_RW); 1136e91bba0SGirish Moodalbail goto ret; 1146e91bba0SGirish Moodalbail } else if (get_def) { 1156e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_def_bval); 1166e91bba0SGirish Moodalbail goto ret; 1176e91bba0SGirish Moodalbail } 1186e91bba0SGirish Moodalbail 1196e91bba0SGirish Moodalbail /* 1206e91bba0SGirish Moodalbail * if per interface value is not asked for return the current 1216e91bba0SGirish Moodalbail * global value 1226e91bba0SGirish Moodalbail */ 1236e91bba0SGirish Moodalbail if (ifname == NULL || ifname[0] == '\0') { 1246e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_cur_bval); 1256e91bba0SGirish Moodalbail goto ret; 1266e91bba0SGirish Moodalbail } 1276e91bba0SGirish Moodalbail 1286e91bba0SGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE); 1296e91bba0SGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER); 1306e91bba0SGirish Moodalbail if (isv6) 1316e91bba0SGirish Moodalbail ill = ILL_START_WALK_V6(&ctx, ipst); 1326e91bba0SGirish Moodalbail else 1336e91bba0SGirish Moodalbail ill = ILL_START_WALK_V4(&ctx, ipst); 1346e91bba0SGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) { 1356e91bba0SGirish Moodalbail /* 1366e91bba0SGirish Moodalbail * if the property needs to be obtained on a particular 1376e91bba0SGirish Moodalbail * interface, look for that interface. 1386e91bba0SGirish Moodalbail */ 1396e91bba0SGirish Moodalbail if (strcmp(ifname, ill->ill_name) == 0) 1406e91bba0SGirish Moodalbail break; 1416e91bba0SGirish Moodalbail } 1426e91bba0SGirish Moodalbail if (ill == NULL) { 1436e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 1446e91bba0SGirish Moodalbail return (ENXIO); 1456e91bba0SGirish Moodalbail } 1466e91bba0SGirish Moodalbail value = ((ill->ill_flags & ILLF_ROUTER) ? B_TRUE : B_FALSE); 1476e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 1486e91bba0SGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", value); 1496e91bba0SGirish Moodalbail ret: 1506e91bba0SGirish Moodalbail if (nbytes >= pr_size) 1516e91bba0SGirish Moodalbail return (ENOBUFS); 1526e91bba0SGirish Moodalbail return (0); 1536e91bba0SGirish Moodalbail } 1546e91bba0SGirish Moodalbail 1556e91bba0SGirish Moodalbail /* 1566e91bba0SGirish Moodalbail * `ip_debug' is a global variable. So, we will be modifying the global 1576e91bba0SGirish Moodalbail * variable here. 1586e91bba0SGirish Moodalbail */ 1596e91bba0SGirish Moodalbail /* ARGSUSED */ 1606e91bba0SGirish Moodalbail int 161299625c6SSebastien Roy ip_set_debug(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo, 1626e91bba0SGirish Moodalbail const char *ifname, const void* pval, uint_t flags) 1636e91bba0SGirish Moodalbail { 1646e91bba0SGirish Moodalbail unsigned long new_value; 165f1e9465bSSowmini Varadhan int err; 1666e91bba0SGirish Moodalbail 1676e91bba0SGirish Moodalbail if (cr != NULL && secpolicy_net_config(cr, B_FALSE) != 0) 1686e91bba0SGirish Moodalbail return (EPERM); 1696e91bba0SGirish Moodalbail 170f1e9465bSSowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0) 171f1e9465bSSowmini Varadhan return (err); 1726e91bba0SGirish Moodalbail ip_debug = (uint32_t)new_value; 1736e91bba0SGirish Moodalbail return (0); 1746e91bba0SGirish Moodalbail } 1756e91bba0SGirish Moodalbail 1766e91bba0SGirish Moodalbail /* 1776e91bba0SGirish Moodalbail * ip_debug is a global property. For default, permission and value range 1786e91bba0SGirish Moodalbail * we retrieve the value from `pinfo'. However for the current value we 1796e91bba0SGirish Moodalbail * retrieve the value from the global variable `ip_debug' 1806e91bba0SGirish Moodalbail */ 1816e91bba0SGirish Moodalbail /* ARGSUSED */ 1826e91bba0SGirish Moodalbail int 183299625c6SSebastien Roy ip_get_debug(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname, 1846e91bba0SGirish Moodalbail void *pval, uint_t psize, uint_t flags) 1856e91bba0SGirish Moodalbail { 1866e91bba0SGirish Moodalbail boolean_t get_def = (flags & MOD_PROP_DEFAULT); 1876e91bba0SGirish Moodalbail boolean_t get_perm = (flags & MOD_PROP_PERM); 1886e91bba0SGirish Moodalbail boolean_t get_range = (flags & MOD_PROP_POSSIBLE); 1896e91bba0SGirish Moodalbail size_t nbytes; 1906e91bba0SGirish Moodalbail 1916e91bba0SGirish Moodalbail bzero(pval, psize); 1926e91bba0SGirish Moodalbail if (get_perm) 1936e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", MOD_PROP_PERM_RW); 1946e91bba0SGirish Moodalbail else if (get_range) 1956e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u-%u", 1966e91bba0SGirish Moodalbail pinfo->prop_min_uval, pinfo->prop_max_uval); 1976e91bba0SGirish Moodalbail else if (get_def) 1986e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_uval); 1996e91bba0SGirish Moodalbail else 2006e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", ip_debug); 2016e91bba0SGirish Moodalbail if (nbytes >= psize) 2026e91bba0SGirish Moodalbail return (ENOBUFS); 2036e91bba0SGirish Moodalbail return (0); 2046e91bba0SGirish Moodalbail } 2056e91bba0SGirish Moodalbail 2066e91bba0SGirish Moodalbail /* 2076e91bba0SGirish Moodalbail * Set the CGTP (multirouting) filtering status. If the status is changed 2086e91bba0SGirish Moodalbail * from active to transparent or from transparent to active, forward the 2096e91bba0SGirish Moodalbail * new status to the filtering module (if loaded). 2106e91bba0SGirish Moodalbail */ 2116e91bba0SGirish Moodalbail /* ARGSUSED */ 2126e91bba0SGirish Moodalbail static int 213299625c6SSebastien Roy ip_set_cgtp_filter(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo, 2146e91bba0SGirish Moodalbail const char *ifname, const void* pval, uint_t flags) 2156e91bba0SGirish Moodalbail { 2166e91bba0SGirish Moodalbail unsigned long new_value; 217299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 2186e91bba0SGirish Moodalbail char *end; 2196e91bba0SGirish Moodalbail 2206e91bba0SGirish Moodalbail if (flags & MOD_PROP_DEFAULT) { 2216e91bba0SGirish Moodalbail new_value = pinfo->prop_def_bval; 2226e91bba0SGirish Moodalbail } else { 2236e91bba0SGirish Moodalbail if (ddi_strtoul(pval, &end, 10, &new_value) != 0 || 2246e91bba0SGirish Moodalbail *end != '\0' || new_value > 1) { 2256e91bba0SGirish Moodalbail return (EINVAL); 2266e91bba0SGirish Moodalbail } 2276e91bba0SGirish Moodalbail } 2286e91bba0SGirish Moodalbail if (!pinfo->prop_cur_bval && new_value) { 2296e91bba0SGirish Moodalbail cmn_err(CE_NOTE, "IP: enabling CGTP filtering%s", 2306e91bba0SGirish Moodalbail ipst->ips_ip_cgtp_filter_ops == NULL ? 2316e91bba0SGirish Moodalbail " (module not loaded)" : ""); 2326e91bba0SGirish Moodalbail } 2336e91bba0SGirish Moodalbail if (pinfo->prop_cur_bval && !new_value) { 2346e91bba0SGirish Moodalbail cmn_err(CE_NOTE, "IP: disabling CGTP filtering%s", 2356e91bba0SGirish Moodalbail ipst->ips_ip_cgtp_filter_ops == NULL ? 2366e91bba0SGirish Moodalbail " (module not loaded)" : ""); 2376e91bba0SGirish Moodalbail } 2386e91bba0SGirish Moodalbail if (ipst->ips_ip_cgtp_filter_ops != NULL) { 2396e91bba0SGirish Moodalbail int res; 2406e91bba0SGirish Moodalbail netstackid_t stackid = ipst->ips_netstack->netstack_stackid; 2416e91bba0SGirish Moodalbail 2426e91bba0SGirish Moodalbail res = ipst->ips_ip_cgtp_filter_ops->cfo_change_state(stackid, 2436e91bba0SGirish Moodalbail new_value); 2446e91bba0SGirish Moodalbail if (res) 2456e91bba0SGirish Moodalbail return (res); 2466e91bba0SGirish Moodalbail } 2476e91bba0SGirish Moodalbail pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE); 2486e91bba0SGirish Moodalbail ill_set_inputfn_all(ipst); 2496e91bba0SGirish Moodalbail return (0); 2506e91bba0SGirish Moodalbail } 2516e91bba0SGirish Moodalbail 2526e91bba0SGirish Moodalbail /* 2536e91bba0SGirish Moodalbail * Retrieve the default MTU or min-max MTU range for a given interface. 2546e91bba0SGirish Moodalbail * 2556e91bba0SGirish Moodalbail * -- ill_max_frag value tells us the maximum MTU that can be handled by the 2566e91bba0SGirish Moodalbail * datalink. This value is advertised by the driver via DLPI messages 2576e91bba0SGirish Moodalbail * (DL_NOTE_SDU_SIZE/DL_INFO_ACK). 2586e91bba0SGirish Moodalbail * 2596e91bba0SGirish Moodalbail * -- ill_current_frag for the most link-types will be same as ill_max_frag 2606e91bba0SGirish Moodalbail * to begin with. However it is dynamically computed for some link-types 2616e91bba0SGirish Moodalbail * like tunnels, based on the tunnel PMTU. 2626e91bba0SGirish Moodalbail * 2636e91bba0SGirish Moodalbail * -- ill_mtu is the user set MTU using SIOCSLIFMTU and must lie between 2646e91bba0SGirish Moodalbail * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag. 2656e91bba0SGirish Moodalbail * 2666e91bba0SGirish Moodalbail * -- ill_user_mtu is set by in.ndpd using SIOCSLIFLNKINFO and must lie between 2676e91bba0SGirish Moodalbail * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag. 2686e91bba0SGirish Moodalbail */ 2696e91bba0SGirish Moodalbail int 270299625c6SSebastien Roy ip_get_mtu(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname, 2716e91bba0SGirish Moodalbail void *pval, uint_t psize, uint_t flags) 2726e91bba0SGirish Moodalbail { 2736e91bba0SGirish Moodalbail ill_walk_context_t ctx; 2746e91bba0SGirish Moodalbail ill_t *ill; 275299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 2766e91bba0SGirish Moodalbail boolean_t isv6; 2776e91bba0SGirish Moodalbail uint32_t max_mtu, def_mtu; 2786e91bba0SGirish Moodalbail size_t nbytes = 0; 2796e91bba0SGirish Moodalbail 2806e91bba0SGirish Moodalbail if (!(flags & (MOD_PROP_DEFAULT|MOD_PROP_POSSIBLE))) 2816e91bba0SGirish Moodalbail return (ENOTSUP); 2826e91bba0SGirish Moodalbail 2836e91bba0SGirish Moodalbail if (ifname == NULL || ifname[0] == '\0') 2846e91bba0SGirish Moodalbail return (ENOTSUP); 2856e91bba0SGirish Moodalbail 2866e91bba0SGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE); 2876e91bba0SGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER); 2886e91bba0SGirish Moodalbail if (isv6) 2896e91bba0SGirish Moodalbail ill = ILL_START_WALK_V6(&ctx, ipst); 2906e91bba0SGirish Moodalbail else 2916e91bba0SGirish Moodalbail ill = ILL_START_WALK_V4(&ctx, ipst); 2926e91bba0SGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) { 2936e91bba0SGirish Moodalbail if (strcmp(ifname, ill->ill_name) == 0) 2946e91bba0SGirish Moodalbail break; 2956e91bba0SGirish Moodalbail } 2966e91bba0SGirish Moodalbail if (ill == NULL) { 2976e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 2986e91bba0SGirish Moodalbail return (ENXIO); 2996e91bba0SGirish Moodalbail } 3006e91bba0SGirish Moodalbail max_mtu = ill->ill_max_frag; 3016e91bba0SGirish Moodalbail def_mtu = ill->ill_current_frag; 3026e91bba0SGirish Moodalbail rw_exit(&ipst->ips_ill_g_lock); 3036e91bba0SGirish Moodalbail 3046e91bba0SGirish Moodalbail if (flags & MOD_PROP_DEFAULT) { 3056e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u", def_mtu); 3066e91bba0SGirish Moodalbail } else if (flags & MOD_PROP_POSSIBLE) { 3076e91bba0SGirish Moodalbail uint32_t min_mtu; 3086e91bba0SGirish Moodalbail 3096e91bba0SGirish Moodalbail min_mtu = isv6 ? IPV6_MIN_MTU : IP_MIN_MTU; 3106e91bba0SGirish Moodalbail nbytes = snprintf(pval, psize, "%u-%u", min_mtu, max_mtu); 3116e91bba0SGirish Moodalbail } else { 3126e91bba0SGirish Moodalbail return (ENOTSUP); 3136e91bba0SGirish Moodalbail } 3146e91bba0SGirish Moodalbail 3156e91bba0SGirish Moodalbail if (nbytes >= psize) 3166e91bba0SGirish Moodalbail return (ENOBUFS); 3176e91bba0SGirish Moodalbail return (0); 3186e91bba0SGirish Moodalbail } 3196e91bba0SGirish Moodalbail 3206e91bba0SGirish Moodalbail /* 3216e91bba0SGirish Moodalbail * See the comments for ip[6]_strict_src_multihoming for an explanation 3226e91bba0SGirish Moodalbail * of the semanitcs. 3236e91bba0SGirish Moodalbail */ 324f1e9465bSSowmini Varadhan void 325f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(ulong_t new_value, ulong_t old_value, 326f1e9465bSSowmini Varadhan boolean_t isv6, ip_stack_t *ipst) 3276e91bba0SGirish Moodalbail { 328f1e9465bSSowmini Varadhan if (isv6) 329f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_src_multihoming = new_value; 330f1e9465bSSowmini Varadhan else 331f1e9465bSSowmini Varadhan ipst->ips_ip_strict_src_multihoming = new_value; 3326e91bba0SGirish Moodalbail if (new_value != old_value) { 3336e91bba0SGirish Moodalbail if (!isv6) { 3346e91bba0SGirish Moodalbail if (old_value == 0) { 3356e91bba0SGirish Moodalbail ire_walk_v4(ip_ire_rebind_walker, NULL, 3366e91bba0SGirish Moodalbail ALL_ZONES, ipst); 337f1e9465bSSowmini Varadhan } else if (new_value == 0) { 3386e91bba0SGirish Moodalbail ire_walk_v4(ip_ire_unbind_walker, NULL, 3396e91bba0SGirish Moodalbail ALL_ZONES, ipst); 3406e91bba0SGirish Moodalbail } 3416e91bba0SGirish Moodalbail ipcl_walk(conn_ire_revalidate, (void *)B_FALSE, ipst); 3426e91bba0SGirish Moodalbail } else { 3436e91bba0SGirish Moodalbail if (old_value == 0) { 3446e91bba0SGirish Moodalbail ire_walk_v6(ip_ire_rebind_walker, NULL, 3456e91bba0SGirish Moodalbail ALL_ZONES, ipst); 346f1e9465bSSowmini Varadhan } else if (new_value == 0) { 3476e91bba0SGirish Moodalbail ire_walk_v6(ip_ire_unbind_walker, NULL, 3486e91bba0SGirish Moodalbail ALL_ZONES, ipst); 3496e91bba0SGirish Moodalbail } 3506e91bba0SGirish Moodalbail ipcl_walk(conn_ire_revalidate, (void *)B_TRUE, ipst); 3516e91bba0SGirish Moodalbail } 3526e91bba0SGirish Moodalbail } 353f1e9465bSSowmini Varadhan } 354f1e9465bSSowmini Varadhan 355f1e9465bSSowmini Varadhan /* ARGSUSED */ 356f1e9465bSSowmini Varadhan static int 357299625c6SSebastien Roy ip_set_src_multihoming(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo, 358f1e9465bSSowmini Varadhan const char *ifname, const void* pval, uint_t flags) 359f1e9465bSSowmini Varadhan { 360f1e9465bSSowmini Varadhan unsigned long new_value, old_value; 361f1e9465bSSowmini Varadhan boolean_t isv6; 362299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 363f1e9465bSSowmini Varadhan int err; 364f1e9465bSSowmini Varadhan 365f1e9465bSSowmini Varadhan old_value = pinfo->prop_cur_uval; 366f1e9465bSSowmini Varadhan 367f1e9465bSSowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0) 368f1e9465bSSowmini Varadhan return (err); 369f1e9465bSSowmini Varadhan pinfo->prop_cur_uval = new_value; 370f1e9465bSSowmini Varadhan isv6 = (strcmp(pinfo->mpi_name, "ip6_strict_src_multihoming") == 0); 371f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(new_value, old_value, isv6, ipst); 372f1e9465bSSowmini Varadhan return (0); 373f1e9465bSSowmini Varadhan } 374f1e9465bSSowmini Varadhan 375f1e9465bSSowmini Varadhan 376f1e9465bSSowmini Varadhan /* ARGSUSED */ 377f1e9465bSSowmini Varadhan static int 378299625c6SSebastien Roy ip_set_hostmodel(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo, 379f1e9465bSSowmini Varadhan const char *ifname, const void* pval, uint_t flags) 380f1e9465bSSowmini Varadhan { 381f1e9465bSSowmini Varadhan ip_hostmodel_t new_value, old_value; 382299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 383f1e9465bSSowmini Varadhan uint32_t old_src_multihoming; 384f1e9465bSSowmini Varadhan int err; 385f1e9465bSSowmini Varadhan ulong_t tmp; 386f1e9465bSSowmini Varadhan boolean_t isv6; 387f1e9465bSSowmini Varadhan 388f1e9465bSSowmini Varadhan old_value = pinfo->prop_cur_uval; 389f1e9465bSSowmini Varadhan 390f1e9465bSSowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &tmp)) != 0) 391f1e9465bSSowmini Varadhan return (err); 392f1e9465bSSowmini Varadhan new_value = tmp; 393f1e9465bSSowmini Varadhan pinfo->prop_cur_uval = new_value; 394f1e9465bSSowmini Varadhan 395f1e9465bSSowmini Varadhan switch (old_value) { 396f1e9465bSSowmini Varadhan case IP_WEAK_ES: 397f1e9465bSSowmini Varadhan old_src_multihoming = 0; 398f1e9465bSSowmini Varadhan break; 399f1e9465bSSowmini Varadhan case IP_SRC_PRI_ES: 400f1e9465bSSowmini Varadhan old_src_multihoming = 1; 401f1e9465bSSowmini Varadhan break; 402f1e9465bSSowmini Varadhan case IP_STRONG_ES: 403f1e9465bSSowmini Varadhan old_src_multihoming = 2; 404f1e9465bSSowmini Varadhan break; 405f1e9465bSSowmini Varadhan default: 406f1e9465bSSowmini Varadhan ASSERT(0); 407f1e9465bSSowmini Varadhan old_src_multihoming = IP_MAXVAL_ES; 408f1e9465bSSowmini Varadhan break; 409f1e9465bSSowmini Varadhan } 410f1e9465bSSowmini Varadhan /* 411f1e9465bSSowmini Varadhan * Changes to src_multihoming may require ire's to be rebound/unbound, 412f1e9465bSSowmini Varadhan * and also require generation number resets. Changes to dst_multihoming 413f1e9465bSSowmini Varadhan * require a simple reset of the value. 414f1e9465bSSowmini Varadhan */ 415f1e9465bSSowmini Varadhan isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6); 416f1e9465bSSowmini Varadhan if (new_value != old_value) { 417f1e9465bSSowmini Varadhan switch (new_value) { 418f1e9465bSSowmini Varadhan case IP_WEAK_ES: 419f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(0, old_src_multihoming, 420f1e9465bSSowmini Varadhan isv6, ipst); 421f1e9465bSSowmini Varadhan if (isv6) 422f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming = 0; 423f1e9465bSSowmini Varadhan else 424f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming = 0; 425f1e9465bSSowmini Varadhan break; 426f1e9465bSSowmini Varadhan case IP_SRC_PRI_ES: 427f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(1, old_src_multihoming, 428f1e9465bSSowmini Varadhan isv6, ipst); 429f1e9465bSSowmini Varadhan if (isv6) 430f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming = 0; 431f1e9465bSSowmini Varadhan else 432f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming = 0; 433f1e9465bSSowmini Varadhan break; 434f1e9465bSSowmini Varadhan case IP_STRONG_ES: 435f1e9465bSSowmini Varadhan ip_set_src_multihoming_common(2, old_src_multihoming, 436f1e9465bSSowmini Varadhan isv6, ipst); 437f1e9465bSSowmini Varadhan if (isv6) 438f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming = 1; 439f1e9465bSSowmini Varadhan else 440f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming = 1; 441f1e9465bSSowmini Varadhan break; 442f1e9465bSSowmini Varadhan default: 443f1e9465bSSowmini Varadhan return (EINVAL); 444f1e9465bSSowmini Varadhan } 445f1e9465bSSowmini Varadhan } 446f1e9465bSSowmini Varadhan return (0); 447f1e9465bSSowmini Varadhan } 448f1e9465bSSowmini Varadhan 449f1e9465bSSowmini Varadhan /* ARGSUSED */ 450f1e9465bSSowmini Varadhan int 451299625c6SSebastien Roy ip_get_hostmodel(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname, 452f1e9465bSSowmini Varadhan void *pval, uint_t psize, uint_t flags) 453f1e9465bSSowmini Varadhan { 454f1e9465bSSowmini Varadhan boolean_t isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6); 455299625c6SSebastien Roy ip_stack_t *ipst = stack->netstack_ip; 456f1e9465bSSowmini Varadhan ip_hostmodel_t hostmodel; 457f1e9465bSSowmini Varadhan 458f1e9465bSSowmini Varadhan if (psize < sizeof (hostmodel)) 459f1e9465bSSowmini Varadhan return (ENOBUFS); 460f1e9465bSSowmini Varadhan bzero(pval, psize); 461f1e9465bSSowmini Varadhan if (!isv6) { 462f1e9465bSSowmini Varadhan if (ipst->ips_ip_strict_src_multihoming == 0 && 463f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming == 0) 464f1e9465bSSowmini Varadhan hostmodel = IP_WEAK_ES; 465f1e9465bSSowmini Varadhan else if (ipst->ips_ip_strict_src_multihoming == 1 && 466f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming == 0) 467f1e9465bSSowmini Varadhan hostmodel = IP_SRC_PRI_ES; 468f1e9465bSSowmini Varadhan else if (ipst->ips_ip_strict_src_multihoming == 2 && 469f1e9465bSSowmini Varadhan ipst->ips_ip_strict_dst_multihoming == 1) 470f1e9465bSSowmini Varadhan hostmodel = IP_STRONG_ES; 471f1e9465bSSowmini Varadhan else 472f1e9465bSSowmini Varadhan hostmodel = IP_MAXVAL_ES; 473f1e9465bSSowmini Varadhan } else { 474f1e9465bSSowmini Varadhan if (ipst->ips_ipv6_strict_src_multihoming == 0 && 475f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 0) 476f1e9465bSSowmini Varadhan hostmodel = IP_WEAK_ES; 477f1e9465bSSowmini Varadhan else if (ipst->ips_ipv6_strict_src_multihoming == 1 && 478f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 0) 479f1e9465bSSowmini Varadhan hostmodel = IP_SRC_PRI_ES; 480f1e9465bSSowmini Varadhan else if (ipst->ips_ipv6_strict_src_multihoming == 2 && 481f1e9465bSSowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 1) 482f1e9465bSSowmini Varadhan hostmodel = IP_STRONG_ES; 483f1e9465bSSowmini Varadhan else 484f1e9465bSSowmini Varadhan hostmodel = IP_MAXVAL_ES; 485f1e9465bSSowmini Varadhan } 486f1e9465bSSowmini Varadhan bcopy(&hostmodel, pval, sizeof (hostmodel)); 4876e91bba0SGirish Moodalbail return (0); 4886e91bba0SGirish Moodalbail } 4896e91bba0SGirish Moodalbail 4906e91bba0SGirish Moodalbail /* 4916e91bba0SGirish Moodalbail * All of these are alterable, within the min/max values given, at run time. 4926e91bba0SGirish Moodalbail * 4938887b57dSGirish Moodalbail * Note: All those tunables which do not start with "_" are Committed and 4948887b57dSGirish Moodalbail * therefore are public. See PSARC 2010/080. 4956e91bba0SGirish Moodalbail */ 4966e91bba0SGirish Moodalbail mod_prop_info_t ip_propinfo_tbl[] = { 4976e91bba0SGirish Moodalbail /* tunable - 0 */ 4988887b57dSGirish Moodalbail { "_respond_to_address_mask_broadcast", MOD_PROTO_IP, 4996e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5006e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5016e91bba0SGirish Moodalbail 5028887b57dSGirish Moodalbail { "_respond_to_echo_broadcast", MOD_PROTO_IP, 5036e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5046e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5056e91bba0SGirish Moodalbail 5068887b57dSGirish Moodalbail { "_respond_to_echo_multicast", MOD_PROTO_IPV4, 5076e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5086e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5096e91bba0SGirish Moodalbail 5108887b57dSGirish Moodalbail { "_respond_to_timestamp", MOD_PROTO_IP, 5116e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5126e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5136e91bba0SGirish Moodalbail 5148887b57dSGirish Moodalbail { "_respond_to_timestamp_broadcast", MOD_PROTO_IP, 5156e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5166e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5176e91bba0SGirish Moodalbail 5188887b57dSGirish Moodalbail { "_send_redirects", MOD_PROTO_IPV4, 5196e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5206e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5216e91bba0SGirish Moodalbail 5228887b57dSGirish Moodalbail { "_forward_directed_broadcasts", MOD_PROTO_IP, 5236e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5246e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5256e91bba0SGirish Moodalbail 5268887b57dSGirish Moodalbail { "_mrtdebug", MOD_PROTO_IP, 5276e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5286e91bba0SGirish Moodalbail {0, 10, 0}, {0} }, 5296e91bba0SGirish Moodalbail 5308887b57dSGirish Moodalbail { "_ire_reclaim_fraction", MOD_PROTO_IP, 5316e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5326e91bba0SGirish Moodalbail {1, 8, 3}, {3} }, 5336e91bba0SGirish Moodalbail 5348887b57dSGirish Moodalbail { "_nce_reclaim_fraction", MOD_PROTO_IP, 5356e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5366e91bba0SGirish Moodalbail {1, 8, 3}, {3} }, 5376e91bba0SGirish Moodalbail 5386e91bba0SGirish Moodalbail /* tunable - 10 */ 5398887b57dSGirish Moodalbail { "_dce_reclaim_fraction", MOD_PROTO_IP, 5406e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5416e91bba0SGirish Moodalbail {1, 8, 3}, {3} }, 5426e91bba0SGirish Moodalbail 5436e91bba0SGirish Moodalbail { "ttl", MOD_PROTO_IPV4, 5446e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5456e91bba0SGirish Moodalbail {1, 255, 255}, {255} }, 5466e91bba0SGirish Moodalbail 5478887b57dSGirish Moodalbail { "_forward_src_routed", MOD_PROTO_IPV4, 5486e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5496e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5506e91bba0SGirish Moodalbail 5518887b57dSGirish Moodalbail { "_wroff_extra", MOD_PROTO_IP, 5526e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5536e91bba0SGirish Moodalbail {0, 256, 32}, {32} }, 5546e91bba0SGirish Moodalbail 5556e91bba0SGirish Moodalbail /* following tunable is in seconds - a deviant! */ 5568887b57dSGirish Moodalbail { "_pathmtu_interval", MOD_PROTO_IP, 5576e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5586e91bba0SGirish Moodalbail {2, 999999999, 60*20}, {60*20} }, 5596e91bba0SGirish Moodalbail 5608887b57dSGirish Moodalbail { "_icmp_return_data_bytes", MOD_PROTO_IPV4, 5616e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5626e91bba0SGirish Moodalbail {8, 65536, 64}, {64} }, 5636e91bba0SGirish Moodalbail 5648887b57dSGirish Moodalbail { "_path_mtu_discovery", MOD_PROTO_IP, 5656e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5666e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 5676e91bba0SGirish Moodalbail 5688887b57dSGirish Moodalbail { "_pmtu_min", MOD_PROTO_IP, 5696e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5706e91bba0SGirish Moodalbail {68, 65535, 576}, {576} }, 5716e91bba0SGirish Moodalbail 5728887b57dSGirish Moodalbail { "_ignore_redirect", MOD_PROTO_IPV4, 5736e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5746e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5756e91bba0SGirish Moodalbail 5768887b57dSGirish Moodalbail { "_arp_icmp_error", MOD_PROTO_IP, 5776e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 5786e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 5796e91bba0SGirish Moodalbail 5806e91bba0SGirish Moodalbail /* tunable - 20 */ 5818887b57dSGirish Moodalbail { "_broadcast_ttl", MOD_PROTO_IP, 5826e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5836e91bba0SGirish Moodalbail {1, 254, 1}, {1} }, 5846e91bba0SGirish Moodalbail 5858887b57dSGirish Moodalbail { "_icmp_err_interval", MOD_PROTO_IP, 5866e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5876e91bba0SGirish Moodalbail {0, 99999, 100}, {100} }, 5886e91bba0SGirish Moodalbail 5898887b57dSGirish Moodalbail { "_icmp_err_burst", MOD_PROTO_IP, 5906e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5916e91bba0SGirish Moodalbail {1, 99999, 10}, {10} }, 5926e91bba0SGirish Moodalbail 5938887b57dSGirish Moodalbail { "_reass_queue_bytes", MOD_PROTO_IP, 5946e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 5956e91bba0SGirish Moodalbail {0, 999999999, 1000000}, {1000000} }, 5966e91bba0SGirish Moodalbail 5976e91bba0SGirish Moodalbail /* 5986e91bba0SGirish Moodalbail * See comments for ip_strict_src_multihoming for an explanation 5996e91bba0SGirish Moodalbail * of the semantics of ip_strict_dst_multihoming 6006e91bba0SGirish Moodalbail */ 6018887b57dSGirish Moodalbail { "_strict_dst_multihoming", MOD_PROTO_IPV4, 6026e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6036e91bba0SGirish Moodalbail {0, 1, 0}, {0} }, 6046e91bba0SGirish Moodalbail 6058887b57dSGirish Moodalbail { "_addrs_per_if", MOD_PROTO_IP, 6066e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6076e91bba0SGirish Moodalbail {1, MAX_ADDRS_PER_IF, 256}, {256} }, 6086e91bba0SGirish Moodalbail 6098887b57dSGirish Moodalbail { "_ipsec_override_persocket_policy", MOD_PROTO_IP, 6106e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6116e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 6126e91bba0SGirish Moodalbail 6138887b57dSGirish Moodalbail { "_icmp_accept_clear_messages", MOD_PROTO_IP, 6146e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6156e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6166e91bba0SGirish Moodalbail 6178887b57dSGirish Moodalbail { "_igmp_accept_clear_messages", MOD_PROTO_IP, 6186e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6196e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6206e91bba0SGirish Moodalbail 6218887b57dSGirish Moodalbail { "_ndp_delay_first_probe_time", MOD_PROTO_IP, 6226e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6236e91bba0SGirish Moodalbail {2, 999999999, ND_DELAY_FIRST_PROBE_TIME}, 6246e91bba0SGirish Moodalbail {ND_DELAY_FIRST_PROBE_TIME} }, 6256e91bba0SGirish Moodalbail 6266e91bba0SGirish Moodalbail /* tunable - 30 */ 6278887b57dSGirish Moodalbail { "_ndp_max_unicast_solicit", MOD_PROTO_IP, 6286e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6296e91bba0SGirish Moodalbail {1, 999999999, ND_MAX_UNICAST_SOLICIT}, {ND_MAX_UNICAST_SOLICIT} }, 6306e91bba0SGirish Moodalbail 6316e91bba0SGirish Moodalbail { "hoplimit", MOD_PROTO_IPV6, 6326e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6336e91bba0SGirish Moodalbail {1, 255, IPV6_MAX_HOPS}, {IPV6_MAX_HOPS} }, 6346e91bba0SGirish Moodalbail 6358887b57dSGirish Moodalbail { "_icmp_return_data_bytes", MOD_PROTO_IPV6, 6366e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6376e91bba0SGirish Moodalbail {8, IPV6_MIN_MTU, IPV6_MIN_MTU}, {IPV6_MIN_MTU} }, 6386e91bba0SGirish Moodalbail 6398887b57dSGirish Moodalbail { "_forward_src_routed", MOD_PROTO_IPV6, 6406e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6416e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 6426e91bba0SGirish Moodalbail 6438887b57dSGirish Moodalbail { "_respond_to_echo_multicast", MOD_PROTO_IPV6, 6446e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6456e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6466e91bba0SGirish Moodalbail 6478887b57dSGirish Moodalbail { "_send_redirects", MOD_PROTO_IPV6, 6486e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6496e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6506e91bba0SGirish Moodalbail 6518887b57dSGirish Moodalbail { "_ignore_redirect", MOD_PROTO_IPV6, 6526e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6536e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 6546e91bba0SGirish Moodalbail 6556e91bba0SGirish Moodalbail /* 6566e91bba0SGirish Moodalbail * See comments for ip6_strict_src_multihoming for an explanation 6576e91bba0SGirish Moodalbail * of the semantics of ip6_strict_dst_multihoming 6586e91bba0SGirish Moodalbail */ 6598887b57dSGirish Moodalbail { "_strict_dst_multihoming", MOD_PROTO_IPV6, 6606e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6616e91bba0SGirish Moodalbail {0, 1, 0}, {0} }, 6626e91bba0SGirish Moodalbail 6638887b57dSGirish Moodalbail { "_src_check", MOD_PROTO_IP, 6646e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6656e91bba0SGirish Moodalbail {0, 2, 2}, {2} }, 6666e91bba0SGirish Moodalbail 6678887b57dSGirish Moodalbail { "_ipsec_policy_log_interval", MOD_PROTO_IP, 6686e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 669*05b5eb98SDan McDonald {0, 999999, 0}, {0} }, 6706e91bba0SGirish Moodalbail 6716e91bba0SGirish Moodalbail /* tunable - 40 */ 6728887b57dSGirish Moodalbail { "_pim_accept_clear_messages", MOD_PROTO_IP, 6736e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6746e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6756e91bba0SGirish Moodalbail 6768887b57dSGirish Moodalbail { "_ndp_unsolicit_interval", MOD_PROTO_IP, 6776e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6786e91bba0SGirish Moodalbail {1000, 20000, 2000}, {2000} }, 6796e91bba0SGirish Moodalbail 6808887b57dSGirish Moodalbail { "_ndp_unsolicit_count", MOD_PROTO_IP, 6816e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6826e91bba0SGirish Moodalbail {1, 20, 3}, {3} }, 6836e91bba0SGirish Moodalbail 6848887b57dSGirish Moodalbail { "_ignore_home_address_opt", MOD_PROTO_IPV6, 6856e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 6866e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 6876e91bba0SGirish Moodalbail 6888887b57dSGirish Moodalbail { "_policy_mask", MOD_PROTO_IP, 6896e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6906e91bba0SGirish Moodalbail {0, 15, 0}, {0} }, 6916e91bba0SGirish Moodalbail 6928887b57dSGirish Moodalbail { "_ecmp_behavior", MOD_PROTO_IP, 6936e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6946e91bba0SGirish Moodalbail {0, 2, 2}, {2} }, 6956e91bba0SGirish Moodalbail 6968887b57dSGirish Moodalbail { "_multirt_ttl", MOD_PROTO_IP, 6976e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 6986e91bba0SGirish Moodalbail {0, 255, 1}, {1} }, 6996e91bba0SGirish Moodalbail 7006e91bba0SGirish Moodalbail /* following tunable is in seconds - a deviant */ 7018887b57dSGirish Moodalbail { "_ire_badcnt_lifetime", MOD_PROTO_IP, 7026e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7036e91bba0SGirish Moodalbail {0, 3600, 60}, {60} }, 7046e91bba0SGirish Moodalbail 7058887b57dSGirish Moodalbail { "_max_temp_idle", MOD_PROTO_IP, 7066e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7076e91bba0SGirish Moodalbail {0, 999999, 60*60*24}, {60*60*24} }, 7086e91bba0SGirish Moodalbail 7098887b57dSGirish Moodalbail { "_max_temp_defend", MOD_PROTO_IP, 7106e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7116e91bba0SGirish Moodalbail {0, 1000, 1}, {1} }, 7126e91bba0SGirish Moodalbail 7136e91bba0SGirish Moodalbail /* tunable - 50 */ 7146e91bba0SGirish Moodalbail /* 7156e91bba0SGirish Moodalbail * when a conflict of an active address is detected, 7166e91bba0SGirish Moodalbail * defend up to ip_max_defend times, within any 7176e91bba0SGirish Moodalbail * ip_defend_interval span. 7186e91bba0SGirish Moodalbail */ 7198887b57dSGirish Moodalbail { "_max_defend", MOD_PROTO_IP, 7206e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7216e91bba0SGirish Moodalbail {0, 1000, 3}, {3} }, 7226e91bba0SGirish Moodalbail 7238887b57dSGirish Moodalbail { "_defend_interval", MOD_PROTO_IP, 7246e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7256e91bba0SGirish Moodalbail {0, 999999, 30}, {30} }, 7266e91bba0SGirish Moodalbail 7278887b57dSGirish Moodalbail { "_dup_recovery", MOD_PROTO_IP, 7286e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7296e91bba0SGirish Moodalbail {0, 3600000, 300000}, {300000} }, 7306e91bba0SGirish Moodalbail 7318887b57dSGirish Moodalbail { "_restrict_interzone_loopback", MOD_PROTO_IP, 7326e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 7336e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 7346e91bba0SGirish Moodalbail 7358887b57dSGirish Moodalbail { "_lso_outbound", MOD_PROTO_IP, 7366e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 7376e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 7386e91bba0SGirish Moodalbail 7398887b57dSGirish Moodalbail { "_igmp_max_version", MOD_PROTO_IP, 7406e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7416e91bba0SGirish Moodalbail {IGMP_V1_ROUTER, IGMP_V3_ROUTER, IGMP_V3_ROUTER}, 7426e91bba0SGirish Moodalbail {IGMP_V3_ROUTER} }, 7436e91bba0SGirish Moodalbail 7448887b57dSGirish Moodalbail { "_mld_max_version", MOD_PROTO_IP, 7456e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7466e91bba0SGirish Moodalbail {MLD_V1_ROUTER, MLD_V2_ROUTER, MLD_V2_ROUTER}, {MLD_V2_ROUTER} }, 7476e91bba0SGirish Moodalbail 7486e91bba0SGirish Moodalbail { "forwarding", MOD_PROTO_IPV4, 7496e91bba0SGirish Moodalbail ip_set_forwarding, ip_get_forwarding, 7506e91bba0SGirish Moodalbail {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} }, 7516e91bba0SGirish Moodalbail 7526e91bba0SGirish Moodalbail { "forwarding", MOD_PROTO_IPV6, 7536e91bba0SGirish Moodalbail ip_set_forwarding, ip_get_forwarding, 7546e91bba0SGirish Moodalbail {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} }, 7556e91bba0SGirish Moodalbail 7568887b57dSGirish Moodalbail { "_reasm_timeout", MOD_PROTO_IPV4, 7576e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7586e91bba0SGirish Moodalbail {5, 255, IP_REASM_TIMEOUT}, 7596e91bba0SGirish Moodalbail {IP_REASM_TIMEOUT} }, 7606e91bba0SGirish Moodalbail 7616e91bba0SGirish Moodalbail /* tunable - 60 */ 7628887b57dSGirish Moodalbail { "_reasm_timeout", MOD_PROTO_IPV6, 7636e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7646e91bba0SGirish Moodalbail {5, 255, IPV6_REASM_TIMEOUT}, 7656e91bba0SGirish Moodalbail {IPV6_REASM_TIMEOUT} }, 7666e91bba0SGirish Moodalbail 7678887b57dSGirish Moodalbail { "_cgtp_filter", MOD_PROTO_IP, 7686e91bba0SGirish Moodalbail ip_set_cgtp_filter, mod_get_boolean, 7696e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 7706e91bba0SGirish Moodalbail 7716e91bba0SGirish Moodalbail /* delay before sending first probe: */ 7728887b57dSGirish Moodalbail { "_arp_probe_delay", MOD_PROTO_IP, 7736e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7746e91bba0SGirish Moodalbail {0, 20000, 1000}, {1000} }, 7756e91bba0SGirish Moodalbail 7768887b57dSGirish Moodalbail { "_arp_fastprobe_delay", MOD_PROTO_IP, 7776e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7786e91bba0SGirish Moodalbail {0, 20000, 100}, {100} }, 7796e91bba0SGirish Moodalbail 7806e91bba0SGirish Moodalbail /* interval at which DAD probes are sent: */ 7818887b57dSGirish Moodalbail { "_arp_probe_interval", MOD_PROTO_IP, 7826e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7836e91bba0SGirish Moodalbail {10, 20000, 1500}, {1500} }, 7846e91bba0SGirish Moodalbail 7858887b57dSGirish Moodalbail { "_arp_fastprobe_interval", MOD_PROTO_IP, 7866e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7876e91bba0SGirish Moodalbail {10, 20000, 150}, {150} }, 7886e91bba0SGirish Moodalbail 7898887b57dSGirish Moodalbail { "_arp_probe_count", MOD_PROTO_IP, 7906e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7916e91bba0SGirish Moodalbail {0, 20, 3}, {3} }, 7926e91bba0SGirish Moodalbail 7938887b57dSGirish Moodalbail { "_arp_fastprobe_count", MOD_PROTO_IP, 7946e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7956e91bba0SGirish Moodalbail {0, 20, 3}, {3} }, 7966e91bba0SGirish Moodalbail 7978887b57dSGirish Moodalbail { "_dad_announce_interval", MOD_PROTO_IPV4, 7986e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 7996e91bba0SGirish Moodalbail {0, 3600000, 15000}, {15000} }, 8006e91bba0SGirish Moodalbail 8018887b57dSGirish Moodalbail { "_dad_announce_interval", MOD_PROTO_IPV6, 8026e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8036e91bba0SGirish Moodalbail {0, 3600000, 15000}, {15000} }, 8046e91bba0SGirish Moodalbail 8056e91bba0SGirish Moodalbail /* tunable - 70 */ 8066e91bba0SGirish Moodalbail /* 8076e91bba0SGirish Moodalbail * Rate limiting parameters for DAD defense used in 8086e91bba0SGirish Moodalbail * ill_defend_rate_limit(): 8096e91bba0SGirish Moodalbail * defend_rate : pkts/hour permitted 8106e91bba0SGirish Moodalbail * defend_interval : time that can elapse before we send out a 8116e91bba0SGirish Moodalbail * DAD defense. 8126e91bba0SGirish Moodalbail * defend_period: denominator for defend_rate (in seconds). 8136e91bba0SGirish Moodalbail */ 8148887b57dSGirish Moodalbail { "_arp_defend_interval", MOD_PROTO_IP, 8156e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8166e91bba0SGirish Moodalbail {0, 3600000, 300000}, {300000} }, 8176e91bba0SGirish Moodalbail 8188887b57dSGirish Moodalbail { "_arp_defend_rate", MOD_PROTO_IP, 8196e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8206e91bba0SGirish Moodalbail {0, 20000, 100}, {100} }, 8216e91bba0SGirish Moodalbail 8228887b57dSGirish Moodalbail { "_ndp_defend_interval", MOD_PROTO_IP, 8236e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8246e91bba0SGirish Moodalbail {0, 3600000, 300000}, {300000} }, 8256e91bba0SGirish Moodalbail 8268887b57dSGirish Moodalbail { "_ndp_defend_rate", MOD_PROTO_IP, 8276e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8286e91bba0SGirish Moodalbail {0, 20000, 100}, {100} }, 8296e91bba0SGirish Moodalbail 8308887b57dSGirish Moodalbail { "_arp_defend_period", MOD_PROTO_IP, 8316e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8326e91bba0SGirish Moodalbail {5, 86400, 3600}, {3600} }, 8336e91bba0SGirish Moodalbail 8348887b57dSGirish Moodalbail { "_ndp_defend_period", MOD_PROTO_IP, 8356e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8366e91bba0SGirish Moodalbail {5, 86400, 3600}, {3600} }, 8376e91bba0SGirish Moodalbail 8388887b57dSGirish Moodalbail { "_icmp_return_pmtu", MOD_PROTO_IPV4, 8396e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 8406e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 8416e91bba0SGirish Moodalbail 8428887b57dSGirish Moodalbail { "_icmp_return_pmtu", MOD_PROTO_IPV6, 8436e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 8446e91bba0SGirish Moodalbail {B_TRUE}, {B_TRUE} }, 8456e91bba0SGirish Moodalbail 8466e91bba0SGirish Moodalbail /* 8476e91bba0SGirish Moodalbail * publish count/interval values used to announce local addresses 8486e91bba0SGirish Moodalbail * for IPv4, IPv6. 8496e91bba0SGirish Moodalbail */ 8508887b57dSGirish Moodalbail { "_arp_publish_count", MOD_PROTO_IP, 8516e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8526e91bba0SGirish Moodalbail {1, 20, 5}, {5} }, 8536e91bba0SGirish Moodalbail 8548887b57dSGirish Moodalbail { "_arp_publish_interval", MOD_PROTO_IP, 8556e91bba0SGirish Moodalbail mod_set_uint32, mod_get_uint32, 8566e91bba0SGirish Moodalbail {1000, 20000, 2000}, {2000} }, 8576e91bba0SGirish Moodalbail 8586e91bba0SGirish Moodalbail /* tunable - 80 */ 8596e91bba0SGirish Moodalbail /* 8606e91bba0SGirish Moodalbail * The ip*strict_src_multihoming and ip*strict_dst_multihoming provide 8616e91bba0SGirish Moodalbail * a range of choices for setting strong/weak/preferred end-system 8626e91bba0SGirish Moodalbail * behavior. The semantics for setting these are: 8636e91bba0SGirish Moodalbail * 8646e91bba0SGirish Moodalbail * ip*_strict_dst_multihoming = 0 8656e91bba0SGirish Moodalbail * weak end system model for managing ip destination addresses. 8666e91bba0SGirish Moodalbail * A packet with IP dst D1 that's received on interface I1 will be 8676e91bba0SGirish Moodalbail * accepted as long as D1 is one of the local addresses on 8686e91bba0SGirish Moodalbail * the machine, even if D1 is not configured on I1. 8696e91bba0SGirish Moodalbail * ip*strict_dst_multihioming = 1 8706e91bba0SGirish Moodalbail * strong end system model for managing ip destination addresses. 8716e91bba0SGirish Moodalbail * A packet with IP dst D1 that's received on interface I1 will be 8726e91bba0SGirish Moodalbail * accepted if, and only if, D1 is configured on I1. 8736e91bba0SGirish Moodalbail * 8746e91bba0SGirish Moodalbail * ip*strict_src_multihoming = 0 8756e91bba0SGirish Moodalbail * Source agnostic route selection for outgoing packets: the 8766e91bba0SGirish Moodalbail * outgoing interface for a packet will be computed using 8776e91bba0SGirish Moodalbail * default algorithms for route selection, where the route 8786e91bba0SGirish Moodalbail * with the longest matching prefix is chosen for the output 8796e91bba0SGirish Moodalbail * unless other route selection constraints are explicitly 8806e91bba0SGirish Moodalbail * specified during routing table lookup. This may result 8816e91bba0SGirish Moodalbail * in packet being sent out on interface I2 with source 8826e91bba0SGirish Moodalbail * address S1, even though S1 is not a configured address on I2. 8836e91bba0SGirish Moodalbail * ip*strict_src_multihoming = 1 8846e91bba0SGirish Moodalbail * Preferred source aware route selection for outgoing packets: for 8856e91bba0SGirish Moodalbail * a packet with source S2, destination D2, the route selection 8866e91bba0SGirish Moodalbail * algorithm will first attempt to find a route for the destination 8876e91bba0SGirish Moodalbail * that goes out through an interface where S2 is 8886e91bba0SGirish Moodalbail * configured. If such a route cannot be found, then the 8896e91bba0SGirish Moodalbail * best-matching route for D2 will be selected. 8906e91bba0SGirish Moodalbail * ip*strict_src_multihoming = 2 8916e91bba0SGirish Moodalbail * Source aware route selection for outgoing packets: a packet will 8926e91bba0SGirish Moodalbail * be sent out on an interface I2 only if the src address S2 of the 8936e91bba0SGirish Moodalbail * packet is a configured address on I2. In conjunction with 8946e91bba0SGirish Moodalbail * the setting 'ip_strict_dst_multihoming == 1', this will result in 8956e91bba0SGirish Moodalbail * the implementation of Strong ES as defined in Section 3.3.4.2 of 8966e91bba0SGirish Moodalbail * RFC 1122 8976e91bba0SGirish Moodalbail */ 8988887b57dSGirish Moodalbail { "_strict_src_multihoming", MOD_PROTO_IPV4, 8996e91bba0SGirish Moodalbail ip_set_src_multihoming, mod_get_uint32, 9006e91bba0SGirish Moodalbail {0, 2, 0}, {0} }, 9016e91bba0SGirish Moodalbail 9028887b57dSGirish Moodalbail { "_strict_src_multihoming", MOD_PROTO_IPV6, 9036e91bba0SGirish Moodalbail ip_set_src_multihoming, mod_get_uint32, 9046e91bba0SGirish Moodalbail {0, 2, 0}, {0} }, 9056e91bba0SGirish Moodalbail 9066e91bba0SGirish Moodalbail #ifdef DEBUG 9078887b57dSGirish Moodalbail { "_drop_inbound_icmpv6", MOD_PROTO_IPV6, 9086e91bba0SGirish Moodalbail mod_set_boolean, mod_get_boolean, 9096e91bba0SGirish Moodalbail {B_FALSE}, {B_FALSE} }, 9106e91bba0SGirish Moodalbail #else 9116e91bba0SGirish Moodalbail { "", 0, NULL, NULL, {0}, {0} }, 9126e91bba0SGirish Moodalbail #endif 9137c6d7024SJerry Jelinek 9147c6d7024SJerry Jelinek { "_dce_reclaim_threshold", MOD_PROTO_IP, 9157c6d7024SJerry Jelinek mod_set_uint32, mod_get_uint32, 9167c6d7024SJerry Jelinek {1, 100000, 32}, {32} }, 9177c6d7024SJerry Jelinek 9186e91bba0SGirish Moodalbail { "mtu", MOD_PROTO_IPV4, NULL, ip_get_mtu, {0}, {0} }, 9196e91bba0SGirish Moodalbail 9206e91bba0SGirish Moodalbail { "mtu", MOD_PROTO_IPV6, NULL, ip_get_mtu, {0}, {0} }, 9216e91bba0SGirish Moodalbail 9226e91bba0SGirish Moodalbail /* 9236e91bba0SGirish Moodalbail * The following entry is a placeholder for `ip_debug' global 9246e91bba0SGirish Moodalbail * variable. Within these callback functions, we will be 9256e91bba0SGirish Moodalbail * setting/getting the global variable 9266e91bba0SGirish Moodalbail */ 9278887b57dSGirish Moodalbail { "_debug", MOD_PROTO_IP, 9286e91bba0SGirish Moodalbail ip_set_debug, ip_get_debug, 9296e91bba0SGirish Moodalbail {0, 20, 0}, {0} }, 9306e91bba0SGirish Moodalbail 931f1e9465bSSowmini Varadhan { "hostmodel", MOD_PROTO_IPV4, ip_set_hostmodel, ip_get_hostmodel, 932f1e9465bSSowmini Varadhan {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} }, 933f1e9465bSSowmini Varadhan 934f1e9465bSSowmini Varadhan { "hostmodel", MOD_PROTO_IPV6, ip_set_hostmodel, ip_get_hostmodel, 935f1e9465bSSowmini Varadhan {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} }, 936f1e9465bSSowmini Varadhan 9376e91bba0SGirish Moodalbail { "?", MOD_PROTO_IP, NULL, mod_get_allprop, {0}, {0} }, 9386e91bba0SGirish Moodalbail 9396e91bba0SGirish Moodalbail { NULL, 0, NULL, NULL, {0}, {0} } 9406e91bba0SGirish Moodalbail }; 9416e91bba0SGirish Moodalbail 9426e91bba0SGirish Moodalbail int ip_propinfo_count = A_CNT(ip_propinfo_tbl); 943