1 /* 2 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 /* 6 * Copyright (c) 1983 Regents of the University of California. 7 * All rights reserved. The Berkeley software License Agreement 8 * specifies the terms and conditions for redistribution. 9 */ 10 11 #pragma ident "%Z%%M% %I% %E% SMI" 12 13 #include "defs.h" 14 #include "strings.h" 15 #include "ifconfig.h" 16 #include <compat.h> 17 #include <libdlpi.h> 18 #include <inet/ip.h> 19 20 #define LOOPBACK_IF "lo0" 21 #define NONE_STR "none" 22 #define ARP_MOD_NAME "arp" 23 #define TUN_NAME "tun" 24 #define ATUN_NAME "atun" 25 #define TUN6TO4_NAME "6to4tun" 26 27 typedef struct if_flags { 28 uint64_t iff_value; 29 char *iff_name; 30 } if_flags_t; 31 32 static if_flags_t if_flags_tbl[] = { 33 { IFF_UP, "UP" }, 34 { IFF_BROADCAST, "BROADCAST" }, 35 { IFF_DEBUG, "DEBUG" }, 36 { IFF_LOOPBACK, "LOOPBACK" }, 37 { IFF_POINTOPOINT, "POINTOPOINT" }, 38 { IFF_NOTRAILERS, "NOTRAILERS" }, 39 { IFF_RUNNING, "RUNNING" }, 40 { IFF_NOARP, "NOARP" }, 41 { IFF_PROMISC, "PROMISC" }, 42 { IFF_ALLMULTI, "ALLMULTI" }, 43 { IFF_INTELLIGENT, "INTELLIGENT" }, 44 { IFF_MULTICAST, "MULTICAST" }, 45 { IFF_MULTI_BCAST, "MULTI_BCAST" }, 46 { IFF_UNNUMBERED, "UNNUMBERED" }, 47 { IFF_DHCPRUNNING, "DHCP" }, 48 { IFF_PRIVATE, "PRIVATE" }, 49 { IFF_NOXMIT, "NOXMIT" }, 50 { IFF_NOLOCAL, "NOLOCAL" }, 51 { IFF_DEPRECATED, "DEPRECATED" }, 52 { IFF_ADDRCONF, "ADDRCONF" }, 53 { IFF_ROUTER, "ROUTER" }, 54 { IFF_NONUD, "NONUD" }, 55 { IFF_ANYCAST, "ANYCAST" }, 56 { IFF_NORTEXCH, "NORTEXCH" }, 57 { IFF_IPV4, "IPv4" }, 58 { IFF_IPV6, "IPv6" }, 59 { IFF_MIPRUNNING, "MIP" }, 60 { IFF_NOFAILOVER, "NOFAILOVER" }, 61 { IFF_FAILED, "FAILED" }, 62 { IFF_STANDBY, "STANDBY" }, 63 { IFF_INACTIVE, "INACTIVE" }, 64 { IFF_OFFLINE, "OFFLINE" }, 65 { IFF_XRESOLV, "XRESOLV" }, 66 { IFF_COS_ENABLED, "CoS" }, 67 { IFF_PREFERRED, "PREFERRED" }, 68 { IFF_TEMPORARY, "TEMPORARY" }, 69 { IFF_FIXEDMTU, "FIXEDMTU" }, 70 { IFF_VIRTUAL, "VIRTUAL" }, 71 { IFF_DUPLICATE, "DUPLICATE" } 72 }; 73 74 static struct lifreq lifr; 75 /* current interface name a particular function is accessing */ 76 static char name[LIFNAMSIZ]; 77 /* foreach interface saved name */ 78 static char origname[LIFNAMSIZ]; 79 static char savedname[LIFNAMSIZ]; /* For addif */ 80 static int setaddr; 81 82 /* 83 * Make sure the algorithm variables hold more than the sizeof an algorithm 84 * in PF_KEY. (For now, more than a uint8_t.) The NO_***_?ALG indicates that 85 * there was no algorithm requested, and in the ipsec_req that service should 86 * be disabled. (E.g. if ah_aalg remains NO_AH_AALG, then AH will be 87 * disabled on that tunnel.) 88 */ 89 #define NO_AH_AALG 256 90 #define NO_ESP_AALG 256 91 #define NO_ESP_EALG 256 92 93 /* 94 * iface_t 95 * used by setifether to create a list of interfaces to mark 96 * down-up when changing the ethernet address of an interface 97 */ 98 typedef struct iface { 99 struct lifreq lifr; 100 struct iface *next; /* pointer to the next list element */ 101 } iface_t; 102 103 static iface_t *logifs = NULL; /* list of logical interfaces */ 104 static iface_t *phyif = NULL; /* physical interface */ 105 106 int s; 107 int af = AF_INET; /* default address family */ 108 int debug = 0; 109 int all = 0; /* setifdhcp() needs to know this */ 110 int verbose = 0; 111 int v4compat = 0; /* Compatible printing format */ 112 113 /* 114 * Function prototypes for command functions. 115 */ 116 static int addif(char *arg, int64_t param); 117 static int inetplumb(char *arg, int64_t param); 118 static int inetunplumb(char *arg, int64_t param); 119 static int removeif(char *arg, int64_t param); 120 static int setdebugflag(char *arg, int64_t param); 121 static int setifaddr(char *arg, int64_t param); 122 static int setifbroadaddr(char *arg, int64_t param); 123 static int setifdstaddr(char *arg, int64_t param); 124 static int setifether(char *arg, int64_t param); 125 static int setifflags(char *arg, int64_t param); 126 static int setifindex(char *arg, int64_t param); 127 static int setifmetric(char *arg, int64_t param); 128 static int setifmtu(char *arg, int64_t param); 129 static int setifnetmask(char *arg, int64_t param); 130 static int setifprefixlen(char *arg, int64_t param); 131 static int setifrevarp(char *arg, int64_t param); 132 static int setifsubnet(char *arg, int64_t param); 133 static int setiftdst(char *arg, int64_t param); 134 static int setiftoken(char *arg, int64_t param); 135 static int setiftsrc(char *arg, int64_t param); 136 static int setverboseflag(char *arg, int64_t param); 137 static int set_tun_ah_alg(char *arg, int64_t param); 138 static int set_tun_esp_auth_alg(char *arg, int64_t param); 139 static int set_tun_esp_encr_alg(char *arg, int64_t param); 140 static int modlist(char *arg, int64_t param); 141 static int modinsert(char *arg, int64_t param); 142 static int modremove(char *arg, int64_t param); 143 static int setifgroupname(char *arg, int64_t param); 144 static int configinfo(char *arg, int64_t param); 145 static void print_config_flags(uint64_t flags); 146 static void print_flags(uint64_t flags); 147 static void print_ifether(char *ifname); 148 static int set_tun_encap_limit(char *arg, int64_t param); 149 static int clr_tun_encap_limit(char *arg, int64_t param); 150 static int set_tun_hop_limit(char *arg, int64_t param); 151 static int setzone(char *arg, int64_t param); 152 static int setallzones(char *arg, int64_t param); 153 static int setifsrc(char *arg, int64_t param); 154 155 /* 156 * Address family specific function prototypes. 157 */ 158 static void in_getaddr(char *s, struct sockaddr *saddr, int *plenp); 159 static void in_status(int force, uint64_t flags); 160 static void in_configinfo(int force, uint64_t flags); 161 static void in6_getaddr(char *s, struct sockaddr *saddr, int *plenp); 162 static void in6_status(int force, uint64_t flags); 163 static void in6_configinfo(int force, uint64_t flags); 164 165 /* 166 * Misc support functions 167 */ 168 static int devfs_entry(di_node_t node, di_minor_t minor, void *arg); 169 static void foreachinterface(void (*func)(), int argc, char *argv[], 170 int af, int64_t onflags, int64_t offflags, 171 int64_t lifc_flags); 172 static void ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp); 173 static boolean_t in_getmask(struct sockaddr_in *saddr, 174 boolean_t addr_set); 175 static int in_getprefixlen(char *addr, boolean_t slash, int plen); 176 static boolean_t in_prefixlentomask(int prefixlen, int maxlen, 177 uchar_t *mask); 178 static int settaddr(char *, int (*)(icfg_handle_t, 179 const struct sockaddr *, socklen_t)); 180 static void status(void); 181 static void ifstatus(const char *); 182 static void usage(void); 183 static int strioctl(int s, int cmd, char *buf, int buflen); 184 static int setifdhcp(const char *caller, const char *ifname, 185 int argc, char *argv[]); 186 static int ip_domux2fd(int *, int *, int *, int *); 187 static int ip_plink(int, int, int, int); 188 static int modop(char *arg, char op); 189 static int get_lun(char *); 190 static void selectifs(int argc, char *argv[], int af, 191 struct lifreq *lifrp); 192 static int updownifs(iface_t *ifs, int up); 193 static int find_all_global_interfaces(struct lifconf *lifcp, char **buf, 194 int64_t lifc_flags); 195 static int find_all_zone_interfaces(struct lifconf *lifcp, char **buf, 196 int64_t lifc_flags); 197 198 #define max(a, b) ((a) < (b) ? (b) : (a)) 199 200 /* 201 * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there 202 * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep 203 * on going rather than exit with an error. 204 */ 205 206 #define DHCP_EXIT_IF_FAILURE -1 207 208 #define NEXTARG 0xffffff /* command takes an argument */ 209 #define OPTARG 0xfffffe /* command takes an optional argument */ 210 #define AF_ANY (-1) 211 212 /* Refer to the comments in ifconfig() on the netmask "hack" */ 213 #define NETMASK_CMD "netmask" 214 struct sockaddr_storage g_netmask; 215 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET } 216 g_netmask_set = G_NETMASK_NIL; 217 218 struct cmd { 219 char *c_name; 220 int64_t c_parameter; /* NEXTARG means next argv */ 221 int (*c_func)(char *, int64_t); 222 int c_abortonfail; /* don't continue parsing args */ 223 /* for the current interface */ 224 int c_af; /* address family restrictions */ 225 } cmds[] = { 226 { "up", IFF_UP, setifflags, 0, AF_ANY }, 227 { "down", -IFF_UP, setifflags, 0, AF_ANY }, 228 { "trailers", -IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 229 { "-trailers", IFF_NOTRAILERS, setifflags, 0, AF_ANY }, 230 { "arp", -IFF_NOARP, setifflags, 0, AF_INET }, 231 { "-arp", IFF_NOARP, setifflags, 0, AF_INET }, 232 { "router", IFF_ROUTER, setifflags, 0, AF_ANY }, 233 { "-router", -IFF_ROUTER, setifflags, 0, AF_ANY }, 234 { "private", IFF_PRIVATE, setifflags, 0, AF_ANY }, 235 { "-private", -IFF_PRIVATE, setifflags, 0, AF_ANY }, 236 { "xmit", -IFF_NOXMIT, setifflags, 0, AF_ANY }, 237 { "-xmit", IFF_NOXMIT, setifflags, 0, AF_ANY }, 238 { "-nud", IFF_NONUD, setifflags, 0, AF_INET6 }, 239 { "nud", -IFF_NONUD, setifflags, 0, AF_INET6 }, 240 { "anycast", IFF_ANYCAST, setifflags, 0, AF_ANY }, 241 { "-anycast", -IFF_ANYCAST, setifflags, 0, AF_ANY }, 242 { "local", -IFF_NOLOCAL, setifflags, 0, AF_ANY }, 243 { "-local", IFF_NOLOCAL, setifflags, 0, AF_ANY }, 244 { "deprecated", IFF_DEPRECATED, setifflags, 0, AF_ANY }, 245 { "-deprecated", -IFF_DEPRECATED, setifflags, 0, AF_ANY }, 246 { "preferred", IFF_PREFERRED, setifflags, 0, AF_INET6 }, 247 { "-preferred", -IFF_PREFERRED, setifflags, 0, AF_INET6 }, 248 { "debug", 0, setdebugflag, 0, AF_ANY }, 249 { "verbose", 0, setverboseflag, 0, AF_ANY }, 250 { NETMASK_CMD, NEXTARG, setifnetmask, 0, AF_INET }, 251 { "metric", NEXTARG, setifmetric, 0, AF_ANY }, 252 { "mtu", NEXTARG, setifmtu, 0, AF_ANY }, 253 { "index", NEXTARG, setifindex, 0, AF_ANY }, 254 { "broadcast", NEXTARG, setifbroadaddr, 0, AF_INET }, 255 { "auto-revarp", 0, setifrevarp, 1, AF_INET }, 256 { "plumb", 0, inetplumb, 1, AF_ANY }, 257 { "unplumb", 0, inetunplumb, 0, AF_ANY }, 258 { "subnet", NEXTARG, setifsubnet, 0, AF_ANY }, 259 { "token", NEXTARG, setiftoken, 0, AF_INET6 }, 260 { "tsrc", NEXTARG, setiftsrc, 0, AF_ANY }, 261 { "tdst", NEXTARG, setiftdst, 0, AF_ANY }, 262 { "encr_auth_algs", NEXTARG, set_tun_esp_auth_alg, 0, AF_ANY }, 263 { "encr_algs", NEXTARG, set_tun_esp_encr_alg, 0, AF_ANY }, 264 { "auth_algs", NEXTARG, set_tun_ah_alg, 0, AF_ANY }, 265 { "addif", NEXTARG, addif, 1, AF_ANY }, 266 { "removeif", NEXTARG, removeif, 1, AF_ANY }, 267 { "modlist", 0, modlist, 1, AF_ANY }, 268 { "modinsert", NEXTARG, modinsert, 1, AF_ANY }, 269 { "modremove", NEXTARG, modremove, 1, AF_ANY }, 270 { "failover", -IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 271 { "-failover", IFF_NOFAILOVER, setifflags, 1, AF_ANY }, 272 { "standby", IFF_STANDBY, setifflags, 1, AF_ANY }, 273 { "-standby", -IFF_STANDBY, setifflags, 1, AF_ANY }, 274 { "failed", IFF_FAILED, setifflags, 1, AF_ANY }, 275 { "-failed", -IFF_FAILED, setifflags, 1, AF_ANY }, 276 { "group", NEXTARG, setifgroupname, 1, AF_ANY }, 277 { "configinfo", 0, configinfo, 1, AF_ANY }, 278 { "encaplimit", NEXTARG, set_tun_encap_limit, 0, AF_ANY }, 279 { "-encaplimit", 0, clr_tun_encap_limit, 0, AF_ANY }, 280 { "thoplimit", NEXTARG, set_tun_hop_limit, 0, AF_ANY }, 281 { "set", NEXTARG, setifaddr, 0, AF_ANY }, 282 { "destination", NEXTARG, setifdstaddr, 0, AF_ANY }, 283 { "zone", NEXTARG, setzone, 0, AF_ANY }, 284 { "-zone", 0, setzone, 0, AF_ANY }, 285 { "all-zones", 0, setallzones, 0, AF_ANY }, 286 { "ether", OPTARG, setifether, 0, AF_ANY }, 287 { "usesrc", NEXTARG, setifsrc, 0, AF_ANY }, 288 { 0, 0, setifaddr, 0, AF_ANY }, 289 { 0, 0, setifdstaddr, 0, AF_ANY }, 290 { 0, 0, 0, 0, 0 }, 291 }; 292 293 294 typedef struct if_config_cmd { 295 uint64_t iff_flag; 296 char *iff_name; 297 } if_config_cmd_t; 298 299 static if_config_cmd_t if_config_cmd_tbl[] = { 300 { IFF_UP, "up" }, 301 { IFF_NOTRAILERS, "-trailers" }, 302 { IFF_PRIVATE, "private" }, 303 { IFF_NOXMIT, "-xmit" }, 304 { IFF_ANYCAST, "anycast" }, 305 { IFF_NOLOCAL, "-local" }, 306 { IFF_DEPRECATED, "deprecated" }, 307 { IFF_NOFAILOVER, "-failover" }, 308 { IFF_STANDBY, "standby" }, 309 { IFF_FAILED, "failed" }, 310 { IFF_PREFERRED, "preferred" }, 311 { 0, 0 }, 312 }; 313 314 typedef struct ni { 315 char ni_name[LIFNAMSIZ]; 316 struct ni *ni_next; 317 } ni_t; 318 319 static ni_t *ni_list = NULL; 320 static int num_ni = 0; 321 322 /* End defines and structure definitions for ifconfig -a plumb */ 323 324 /* Known address families */ 325 struct afswtch { 326 char *af_name; 327 short af_af; 328 void (*af_status)(); 329 void (*af_getaddr)(); 330 void (*af_configinfo)(); 331 } afs[] = { 332 { "inet", AF_INET, in_status, in_getaddr, in_configinfo }, 333 { "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo }, 334 { 0, 0, 0, 0, 0 } 335 }; 336 337 #define SOCKET_AF(af) (((af) == AF_UNSPEC) ? AF_INET : (af)) 338 339 struct afswtch *afp; /* the address family being set or asked about */ 340 341 int 342 main(int argc, char *argv[]) 343 { 344 /* Include IFF_NOXMIT, IFF_TEMPORARY and all zone interfaces */ 345 int64_t lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES; 346 char *default_ip_str; 347 348 if (argc < 2) { 349 usage(); 350 exit(1); 351 } 352 argc--, argv++; 353 if (strlen(*argv) > sizeof (name) - 1) { 354 (void) fprintf(stderr, "%s: interface name too long\n", *argv); 355 exit(1); 356 } 357 (void) strncpy(name, *argv, sizeof (name)); 358 name[sizeof (name) - 1] = '\0'; 359 (void) strncpy(origname, name, sizeof (origname)); /* For addif */ 360 default_ip_str = NULL; 361 v4compat = get_compat_flag(&default_ip_str); 362 if (v4compat == DEFAULT_PROT_BAD_VALUE) { 363 (void) fprintf(stderr, 364 "ifconfig: %s: Bad value for %s in %s\n", default_ip_str, 365 DEFAULT_IP, INET_DEFAULT_FILE); 366 free(default_ip_str); 367 exit(2); 368 } 369 free(default_ip_str); 370 argc--, argv++; 371 if (argc > 0) { 372 struct afswtch *myafp; 373 374 for (myafp = afp = afs; myafp->af_name; myafp++) { 375 if (strcmp(myafp->af_name, *argv) == 0) { 376 afp = myafp; argc--; argv++; 377 break; 378 } 379 } 380 af = lifr.lifr_addr.ss_family = afp->af_af; 381 if (af == AF_INET6) { 382 v4compat = 0; 383 } 384 } 385 386 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 387 if (s < 0) { 388 Perror0_exit("socket"); 389 } 390 391 /* 392 * Special interface names is any combination of these flags. 393 * Note that due to the ifconfig syntax they have to be combined 394 * as a single '-' option. 395 * -a All interfaces 396 * -u "up" interfaces 397 * -d "down" interfaces 398 * -D Interfaces not controlled by DHCP 399 * -4 IPv4 interfaces 400 * -6 IPv6 interfaces 401 * -X Turn on debug (not documented) 402 * -v Turn on verbose 403 * -Z Only interfaces in caller's zone 404 */ 405 406 if (name[0] == '-') { 407 /* One or more options */ 408 int64_t onflags = 0; 409 int64_t offflags = 0; 410 int c; 411 char *av[2] = { "ifconfig", name }; 412 413 while ((c = getopt(2, av, "audDXZ46v")) != -1) { 414 switch ((char)c) { 415 case 'a': 416 all = 1; 417 break; 418 case 'u': 419 onflags |= IFF_UP; 420 break; 421 case 'd': 422 offflags |= IFF_UP; 423 break; 424 case 'D': 425 offflags |= IFF_DHCPRUNNING; 426 break; 427 case 'X': 428 debug += 3; 429 break; 430 case 'Z': 431 lifc_flags &= ~LIFC_ALLZONES; 432 break; 433 case '4': 434 /* 435 * -4 is not a compatable flag, therefore 436 * we assume they want v4compat turned off 437 */ 438 v4compat = 0; 439 onflags |= IFF_IPV4; 440 break; 441 case '6': 442 /* 443 * If they want IPv6, well then we'll assume 444 * they don't want IPv4 compat 445 */ 446 v4compat = 0; 447 onflags |= IFF_IPV6; 448 break; 449 case 'v': 450 verbose = 1; 451 break; 452 case '?': 453 usage(); 454 exit(1); 455 } 456 } 457 if (!all) { 458 (void) fprintf(stderr, 459 "ifconfig: %s: no such interface\n", name); 460 exit(1); 461 } 462 foreachinterface(ifconfig, argc, argv, af, onflags, offflags, 463 lifc_flags); 464 } else { 465 ifconfig(argc, argv, af, (struct lifreq *)NULL); 466 } 467 return (0); 468 } 469 470 /* 471 * For each interface, call (*func)(argc, argv, af, lifrp). 472 * Only call function if onflags and offflags are set or clear, respectively, 473 * in the interfaces flags field. 474 */ 475 static void 476 foreachinterface(void (*func)(), int argc, char *argv[], int af, 477 int64_t onflags, int64_t offflags, int64_t lifc_flags) 478 { 479 int n; 480 char *buf; 481 struct lifnum lifn; 482 struct lifconf lifc; 483 struct lifreq *lifrp; 484 struct lifreq lifrl; /* Local lifreq struct */ 485 int numifs; 486 unsigned bufsize; 487 int plumball = 0; 488 int save_af = af; 489 490 buf = NULL; 491 /* 492 * Special case: 493 * ifconfig -a plumb should find all network interfaces 494 * in the machine by traversing the devinfo tree for global zone. 495 * For non-global zones, only find the assigned interfaces. 496 * Also, there is no need to SIOCGLIF* ioctls, since 497 * those interfaces have already been plumbed 498 */ 499 if (argc > 0 && (strcmp(*argv, "plumb") == 0)) { 500 if (getzoneid() == GLOBAL_ZONEID) { 501 if (find_all_global_interfaces(&lifc, &buf, 502 lifc_flags) != 0) 503 return; 504 } else { 505 if (find_all_zone_interfaces(&lifc, &buf, 506 lifc_flags) != 0) 507 return; 508 } 509 if (lifc.lifc_len == 0) 510 return; 511 plumball = 1; 512 } else { 513 lifn.lifn_family = AF_UNSPEC; 514 lifn.lifn_flags = lifc_flags; 515 if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) { 516 Perror0_exit("Could not determine number" 517 " of interfaces"); 518 } 519 numifs = lifn.lifn_count; 520 if (debug) 521 (void) printf("ifconfig: %d interfaces\n", numifs); 522 523 bufsize = numifs * sizeof (struct lifreq); 524 if ((buf = malloc(bufsize)) == NULL) { 525 Perror0("out of memory\n"); 526 (void) close(s); 527 return; 528 } 529 530 lifc.lifc_family = AF_UNSPEC; 531 lifc.lifc_flags = lifc_flags; 532 lifc.lifc_len = bufsize; 533 lifc.lifc_buf = buf; 534 535 if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) { 536 Perror0("SIOCGLIFCONF"); 537 (void) close(s); 538 free(buf); 539 return; 540 } 541 } 542 543 lifrp = lifc.lifc_req; 544 for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) { 545 546 if (!plumball) { 547 /* 548 * We must close and recreate the socket each time 549 * since we don't know what type of socket it is now 550 * (each status function may change it). 551 */ 552 553 (void) close(s); 554 555 af = lifrp->lifr_addr.ss_family; 556 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 557 if (s == -1) { 558 /* 559 * Perror0() assumes the name to be in the 560 * globally defined lifreq structure. 561 */ 562 (void) strncpy(lifr.lifr_name, 563 lifrp->lifr_name, sizeof (lifr.lifr_name)); 564 Perror0_exit("socket"); 565 } 566 } 567 568 /* 569 * Only service interfaces that match the on and off 570 * flags masks. 571 */ 572 if (onflags || offflags) { 573 (void) memset(&lifrl, 0, sizeof (lifrl)); 574 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name, 575 sizeof (lifrl.lifr_name)); 576 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrl) < 0) { 577 /* 578 * Perror0() assumes the name to be in the 579 * globally defined lifreq structure. 580 */ 581 (void) strncpy(lifr.lifr_name, 582 lifrp->lifr_name, sizeof (lifr.lifr_name)); 583 Perror0_exit("foreachinterface: SIOCGLIFFLAGS"); 584 } 585 if ((lifrl.lifr_flags & onflags) != onflags) 586 continue; 587 if ((~lifrl.lifr_flags & offflags) != offflags) 588 continue; 589 } 590 591 if (!plumball) { 592 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name, 593 sizeof (lifrl.lifr_name)); 594 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifrl) < 0) { 595 /* 596 * Perror0() assumes the name to be in the 597 * globally defined lifreq structure. 598 */ 599 (void) strncpy(lifr.lifr_name, 600 lifrp->lifr_name, sizeof (lifr.lifr_name)); 601 Perror0("foreachinterface: SIOCGLIFADDR"); 602 continue; 603 } 604 if (lifrl.lifr_addr.ss_family != af) { 605 /* Switch address family */ 606 af = lifrl.lifr_addr.ss_family; 607 (void) close(s); 608 609 s = socket(SOCKET_AF(af), SOCK_DGRAM, 0); 610 if (s == -1) { 611 /* 612 * Perror0() assumes the name to be in 613 * the globally defined lifreq 614 * structure. 615 */ 616 (void) strncpy(lifr.lifr_name, 617 lifrp->lifr_name, 618 sizeof (lifr.lifr_name)); 619 Perror0_exit("socket"); 620 } 621 } 622 } 623 624 /* 625 * Reset global state 626 * setaddr: Used by parser to tear apart source and dest 627 * name and origname contain the name of the 'current' 628 * interface. 629 */ 630 setaddr = 0; 631 (void) strncpy(name, lifrp->lifr_name, sizeof (name)); 632 (void) strncpy(origname, name, sizeof (origname)); 633 634 (*func)(argc, argv, save_af, lifrp); 635 /* the func could have overwritten origname, so restore */ 636 (void) strncpy(name, origname, sizeof (name)); 637 } 638 if (buf != NULL) 639 free(buf); 640 } 641 642 static void 643 tun_reality_check(void) 644 { 645 struct iftun_req treq; 646 ipsec_req_t *ipsr; 647 648 (void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name)); 649 if (strchr(name, ':') != NULL) { 650 /* Return, we don't need to check. */ 651 return; 652 } 653 if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0 || 654 (treq.ifta_flags & IFTUN_SECURITY) == 0) { 655 /* 656 * Either not a tunnel (the SIOCGTUNPARAM fails on 657 * non-tunnels), or the security flag is not set. Either 658 * way, return. 659 */ 660 return; 661 } 662 663 ipsr = (ipsec_req_t *)&treq.ifta_secinfo; 664 665 if (ipsr->ipsr_esp_req != 0 && 666 ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE && 667 ipsr->ipsr_ah_req == 0) 668 (void) fprintf(stderr, "ifconfig: WARNING - tunnel with " 669 "only ESP and potentially no authentication.\n"); 670 } 671 672 /* 673 * for the specified interface call (*func)(argc, argv, af, lifrp). 674 */ 675 676 static void 677 ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp) 678 { 679 static boolean_t scan_netmask = _B_FALSE; 680 int ret; 681 682 if (argc == 0) { 683 status(); 684 return; 685 } 686 687 if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) { 688 /* 689 * Some errors are ignored in the case where more than one 690 * interface is being operated on. 691 */ 692 ret = setifdhcp("ifconfig", name, argc, argv); 693 if (ret == DHCP_EXIT_IF_FAILURE) { 694 if (!all) 695 exit(DHCP_EXIT_FAILURE); 696 } else if (ret != DHCP_EXIT_SUCCESS) { 697 exit(ret); 698 } 699 return; 700 } 701 702 /* 703 * The following is a "hack" to get around the existing interface 704 * setting mechanism. Currently, each interface attribute, 705 * such as address, netmask, broadcast, ... is set separately. But 706 * sometimes two or more attributes must be set together. For 707 * example, setting an address without a netmask does not make sense. 708 * Yet they can be set separately for IPv4 address using the current 709 * ifconfig(1M) syntax. The kernel then "infers" the correct netmask 710 * using the deprecated "IP address classes." This is simply not 711 * correct. 712 * 713 * The "hack" below is to go thru the whole command list looking for 714 * the netmask command first. Then use this netmask to set the 715 * address. This does not provide an extensible way to accommodate 716 * future need for setting more than one attributes together. 717 * 718 * Note that if the "netmask" command argument is a "+", we need 719 * to save this info and do the query after we know the address to 720 * be set. The reason is that if "addif" is used, the working 721 * interface name will be changed later when the logical interface 722 * is created. In in_getmask(), if an address is not provided, 723 * it will use the working interface's address to do the query. 724 * It will be wrong now as we don't know the logical interface's name. 725 * 726 * ifconfig(1M) is too overloaded and the code is so convoluted 727 * that it is "safer" not to re-architect the code to fix the above 728 * issue, hence this "hack." We may be better off to have a new 729 * command with better syntax for configuring network interface 730 * parameters... 731 */ 732 if (!scan_netmask && afp->af_af == AF_INET) { 733 int largc; 734 char **largv; 735 736 /* Only go thru the command list once to find the netmask. */ 737 scan_netmask = _B_TRUE; 738 739 /* 740 * Currently, if multiple netmask commands are specified, the 741 * last one will be used as the final netmask. So we need 742 * to scan the whole list to preserve this behavior. 743 */ 744 for (largc = argc, largv = argv; largc > 0; largc--, largv++) { 745 if (strcmp(*largv, NETMASK_CMD) == 0) { 746 if (--largc == 0) 747 break; 748 largv++; 749 if (strcmp(*largv, "+") == 0) { 750 g_netmask_set = G_NETMASK_PENDING; 751 } else { 752 in_getaddr(*largv, (struct sockaddr *) 753 &g_netmask, NULL); 754 g_netmask_set = G_NETMASK_SET; 755 } 756 /* Continue the scan. */ 757 } 758 } 759 } 760 761 while (argc > 0) { 762 struct cmd *p; 763 boolean_t found_cmd; 764 765 if (debug) 766 (void) printf("ifconfig: argv %s\n", *argv); 767 768 found_cmd = _B_FALSE; 769 for (p = cmds; p->c_func; p++) { 770 if (p->c_name) { 771 if (strcmp(*argv, p->c_name) == 0) { 772 /* 773 * indicate that the command was 774 * found and check to see if 775 * the address family is valid 776 */ 777 found_cmd = _B_TRUE; 778 if (p->c_af == AF_ANY || 779 af == p->c_af) 780 break; 781 } 782 } else { 783 if (p->c_af == AF_ANY || 784 af == p->c_af) 785 break; 786 } 787 } 788 /* 789 * If we found the keyword, but the address family 790 * did not match spit out an error 791 */ 792 if (found_cmd && p->c_name == 0) { 793 (void) fprintf(stderr, "ifconfig: Operation %s not" 794 " supported for %s\n", *argv, afp->af_name); 795 exit(1); 796 } 797 /* 798 * else (no keyword found), we assume it's an address 799 * of some sort 800 */ 801 if (p->c_name == 0 && setaddr) 802 p++; /* got src, do dst */ 803 if (p->c_func) { 804 if (p->c_af == AF_INET6) { 805 v4compat = 0; 806 } 807 if (p->c_parameter == NEXTARG || 808 p->c_parameter == OPTARG) { 809 argc--, argv++; 810 if (argc == 0 && p->c_parameter == NEXTARG) { 811 (void) fprintf(stderr, 812 "ifconfig: no argument for %s\n", 813 p->c_name); 814 exit(1); 815 } 816 } 817 /* 818 * Call the function if: 819 * 820 * there's no address family 821 * restriction 822 * OR 823 * we don't know the address yet 824 * (because we were called from 825 * main) 826 * OR 827 * there is a restriction AND 828 * the address families match 829 */ 830 if ((p->c_af == AF_ANY) || 831 (lifrp == (struct lifreq *)NULL) || 832 (lifrp->lifr_addr.ss_family == p->c_af)) { 833 ret = (*p->c_func)(*argv, p->c_parameter); 834 /* 835 * If c_func failed and we should 836 * abort processing for this 837 * interface on failure, return 838 * now rather than going on to 839 * process other commands for 840 * the same interface. 841 */ 842 if (ret != 0 && p->c_abortonfail) 843 return; 844 } 845 } 846 argc--, argv++; 847 } 848 849 /* Check to see if there's a security hole in the tunnel setup. */ 850 tun_reality_check(); 851 } 852 853 /* ARGSUSED */ 854 static int 855 setdebugflag(char *val, int64_t arg) 856 { 857 debug++; 858 return (0); 859 } 860 861 /* ARGSUSED */ 862 static int 863 setverboseflag(char *val, int64_t arg) 864 { 865 verbose++; 866 return (0); 867 } 868 869 /* 870 * This function fills in the given lifreq's lifr_addr field based on 871 * g_netmask_set. 872 */ 873 static void 874 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr, 875 struct sockaddr_storage *mask) 876 { 877 assert(addr != NULL); 878 assert(mask != NULL); 879 880 switch (g_netmask_set) { 881 case G_NETMASK_SET: 882 lifr->lifr_addr = g_netmask; 883 break; 884 885 case G_NETMASK_PENDING: 886 /* 887 * "+" is used as the argument to "netmask" command. Query 888 * the database on the correct netmask based on the address to 889 * be set. 890 */ 891 assert(afp->af_af == AF_INET); 892 g_netmask = *addr; 893 if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) { 894 lifr->lifr_addr = *mask; 895 g_netmask_set = G_NETMASK_NIL; 896 } else { 897 lifr->lifr_addr = g_netmask; 898 g_netmask_set = G_NETMASK_SET; 899 } 900 break; 901 902 case G_NETMASK_NIL: 903 default: 904 lifr->lifr_addr = *mask; 905 break; 906 } 907 } 908 909 /* 910 * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n> 911 * syntax for setting the address, the address plus netmask, and just 912 * the netmask respectively. 913 */ 914 /* ARGSUSED */ 915 static int 916 setifaddr(char *addr, int64_t param) 917 { 918 int prefixlen = 0; 919 struct sockaddr_storage laddr; 920 struct sockaddr_storage netmask; 921 struct sockaddr_in6 *sin6; 922 struct sockaddr_in *sin; 923 struct sockaddr_storage sav_netmask; 924 925 if (addr[0] == '/') 926 return (setifprefixlen(addr, 0)); 927 928 (*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen); 929 930 (void) memset(&netmask, 0, sizeof (netmask)); 931 netmask.ss_family = afp->af_af; 932 switch (prefixlen) { 933 case NO_PREFIX: 934 /* Nothing there - ok */ 935 break; 936 case BAD_ADDR: 937 (void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n", 938 addr); 939 exit(1); 940 default: 941 if (afp->af_af == AF_INET6) { 942 sin6 = (struct sockaddr_in6 *)&netmask; 943 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 944 (uchar_t *)&sin6->sin6_addr)) { 945 (void) fprintf(stderr, "ifconfig: " 946 "Bad prefix length: %d\n", 947 prefixlen); 948 exit(1); 949 } 950 } else { 951 sin = (struct sockaddr_in *)&netmask; 952 if (!in_prefixlentomask(prefixlen, IP_ABITS, 953 (uchar_t *)&sin->sin_addr)) { 954 (void) fprintf(stderr, "ifconfig: " 955 "Bad prefix length: %d\n", 956 prefixlen); 957 exit(1); 958 } 959 } 960 /* 961 * Just in case of funny setting of both prefix and netmask, 962 * prefix should override the netmask command. 963 */ 964 g_netmask_set = G_NETMASK_NIL; 965 break; 966 } 967 /* Tell parser that an address was set */ 968 setaddr++; 969 /* save copy of netmask to restore in case of error */ 970 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 971 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) 972 Perror0_exit("SIOCGLIFNETMASK"); 973 sav_netmask = lifr.lifr_addr; 974 975 /* 976 * If setting the address and not the mask, clear any existing mask 977 * and the kernel will then assign the default (netmask has been set 978 * to 0 in this case). If setting both (either by using a prefix or 979 * using the netmask command), set the mask first, so the address will 980 * be interpreted correctly. 981 */ 982 set_mask_lifreq(&lifr, &laddr, &netmask); 983 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 984 Perror0_exit("SIOCSLIFNETMASK"); 985 986 if (debug) { 987 char abuf[INET6_ADDRSTRLEN]; 988 void *addr = (afp->af_af == AF_INET) ? 989 (void *)&((struct sockaddr_in *)&laddr)->sin_addr : 990 (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr; 991 992 (void) printf("Setting %s af %d addr %s\n", 993 lifr.lifr_name, afp->af_af, 994 inet_ntop(afp->af_af, addr, abuf, sizeof (abuf))); 995 } 996 lifr.lifr_addr = laddr; 997 lifr.lifr_addr.ss_family = afp->af_af; 998 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) { 999 /* 1000 * Restore the netmask 1001 */ 1002 int saverr = errno; 1003 1004 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1005 lifr.lifr_addr = sav_netmask; 1006 (void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr); 1007 errno = saverr; 1008 Perror0_exit("SIOCSLIFADDR"); 1009 } 1010 1011 return (0); 1012 } 1013 1014 /* 1015 * The following functions are stolen from the ipseckey(1m) program. 1016 * Perhaps they should be somewhere common, but for now, we just maintain 1017 * two versions. We do this because of the different semantics for which 1018 * algorithms we select ("requested" for ifconfig vs. "actual" for key). 1019 */ 1020 1021 static ulong_t 1022 parsenum(char *num) 1023 { 1024 ulong_t rc; 1025 char *end = NULL; 1026 1027 errno = 0; 1028 rc = strtoul(num, &end, 0); 1029 if (errno != 0 || end == num || *end != '\0') { 1030 rc = (ulong_t)-1; 1031 } 1032 1033 return (rc); 1034 } 1035 1036 /* 1037 * Parse and reverse parse possible algorithm values, include numbers. 1038 * Mostly stolen from ipseckey.c. See the comments above parsenum() for why 1039 * this isn't common to ipseckey.c. 1040 * 1041 * NOTE: Static buffer in this function for the return value. Since ifconfig 1042 * isn't multithreaded, this isn't a huge problem. 1043 */ 1044 1045 #define NBUF_SIZE 20 /* Enough to print a large integer. */ 1046 1047 static char * 1048 rparsealg(uint8_t alg_value, int proto_num) 1049 { 1050 struct ipsecalgent *alg; 1051 static char numprint[128]; /* Enough to hold an algorithm name. */ 1052 1053 /* Special-case 0 to return "<any-none>" */ 1054 if (alg_value == 0) 1055 return ("<any-none>"); 1056 1057 alg = getipsecalgbynum(alg_value, proto_num, NULL); 1058 if (alg != NULL) { 1059 (void) strlcpy(numprint, alg->a_names[0], sizeof (numprint)); 1060 freeipsecalgent(alg); 1061 } else { 1062 (void) snprintf(numprint, sizeof (numprint), "%d", alg_value); 1063 } 1064 1065 return (numprint); 1066 } 1067 1068 static uint_t 1069 parsealg(char *algname, int proto_num) 1070 { 1071 struct ipsecalgent *alg; 1072 ulong_t invalue; 1073 1074 if (algname == NULL) { 1075 (void) fprintf(stderr, "ifconfig: Unexpected end of command " 1076 "line.\n"); 1077 exit(1); 1078 } 1079 1080 /* 1081 * Special-case "none". Use strcasecmp because its length is 1082 * bound. 1083 */ 1084 if (strcasecmp("none", algname) == 0) { 1085 return ((proto_num == IPSEC_PROTO_ESP) ? 1086 NO_ESP_EALG : NO_ESP_AALG); 1087 } 1088 1089 alg = getipsecalgbyname(algname, proto_num, NULL); 1090 if (alg != NULL) { 1091 invalue = alg->a_alg_num; 1092 freeipsecalgent(alg); 1093 return ((uint_t)invalue); 1094 } 1095 1096 /* 1097 * Since algorithms can be loaded during kernel run-time, check for 1098 * numeric algorithm values too. 1099 */ 1100 invalue = parsenum(algname); 1101 if ((invalue & (ulong_t)0xff) == invalue) 1102 return ((uint_t)invalue); 1103 1104 (void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n", 1105 (proto_num == IPSEC_PROTO_ESP) ? 1106 "Encryption" : "Authentication", algname); 1107 exit(1); 1108 /* NOTREACHED */ 1109 } 1110 1111 /* 1112 * Actual ifconfig functions to set tunnel security properties. 1113 */ 1114 1115 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG }; 1116 1117 boolean_t first_set_tun = _B_TRUE; 1118 boolean_t encr_alg_set = _B_FALSE; 1119 1120 static int 1121 set_tun_algs(int which_alg, int alg) 1122 { 1123 struct iftun_req treq; 1124 ipsec_req_t *ipsr; 1125 1126 (void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name)); 1127 if (strchr(name, ':') != NULL) { 1128 errno = EPERM; 1129 Perror0_exit("Tunnel params on logical interfaces"); 1130 } 1131 if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0) { 1132 if (errno == EOPNOTSUPP || errno == EINVAL) 1133 Perror0_exit("Not a tunnel"); 1134 else Perror0_exit("SIOCGTUNPARAM"); 1135 } 1136 1137 ipsr = (ipsec_req_t *)&treq.ifta_secinfo; 1138 1139 if (treq.ifta_vers != IFTUN_VERSION) { 1140 (void) fprintf(stderr, 1141 "Kernel tunnel secinfo version mismatch.\n"); 1142 exit(1); 1143 } 1144 1145 /* 1146 * If I'm just starting off this ifconfig, I want a clean slate, 1147 * otherwise, I've captured the current tunnel security settings. 1148 * In the case of continuation, I merely add to the settings. 1149 */ 1150 if (first_set_tun) { 1151 first_set_tun = _B_FALSE; 1152 (void) memset(ipsr, 0, sizeof (*ipsr)); 1153 } 1154 1155 treq.ifta_flags = IFTUN_SECURITY; 1156 1157 switch (which_alg) { 1158 case ESP_ENCR_ALG: 1159 if (alg == NO_ESP_EALG) { 1160 if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE) 1161 ipsr->ipsr_esp_req = 0; 1162 ipsr->ipsr_esp_alg = SADB_EALG_NONE; 1163 } else { 1164 encr_alg_set = _B_TRUE; 1165 ipsr->ipsr_esp_req = 1166 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1167 ipsr->ipsr_esp_alg = alg; 1168 } 1169 break; 1170 case ESP_AUTH_ALG: 1171 if (alg == NO_ESP_AALG) { 1172 if (ipsr->ipsr_esp_alg == SADB_EALG_NONE || 1173 ipsr->ipsr_esp_alg == SADB_EALG_NULL) 1174 ipsr->ipsr_esp_req = 0; 1175 ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE; 1176 } else { 1177 ipsr->ipsr_esp_req = 1178 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1179 ipsr->ipsr_esp_auth_alg = alg; 1180 1181 /* Let the user specify NULL encryption implicitly. */ 1182 if (ipsr->ipsr_esp_alg == SADB_EALG_NONE && 1183 !encr_alg_set) 1184 ipsr->ipsr_esp_alg = SADB_EALG_NULL; 1185 } 1186 break; 1187 case AH_AUTH_ALG: 1188 if (alg == NO_AH_AALG) { 1189 ipsr->ipsr_ah_req = 0; 1190 ipsr->ipsr_auth_alg = SADB_AALG_NONE; 1191 } else { 1192 ipsr->ipsr_ah_req = 1193 IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE; 1194 ipsr->ipsr_auth_alg = alg; 1195 } 1196 break; 1197 /* Will never hit DEFAULT */ 1198 } 1199 1200 if (ioctl(s, SIOCSTUNPARAM, (caddr_t)&treq) < 0) { 1201 Perror2_exit("set tunnel security properties", 1202 treq.ifta_lifr_name); 1203 } 1204 1205 return (0); 1206 } 1207 1208 /* ARGSUSED */ 1209 static int 1210 set_tun_esp_encr_alg(char *addr, int64_t param) 1211 { 1212 return (set_tun_algs(ESP_ENCR_ALG, 1213 parsealg(addr, IPSEC_PROTO_ESP))); 1214 } 1215 1216 /* ARGSUSED */ 1217 static int 1218 set_tun_esp_auth_alg(char *addr, int64_t param) 1219 { 1220 return (set_tun_algs(ESP_AUTH_ALG, 1221 parsealg(addr, IPSEC_PROTO_AH))); 1222 } 1223 1224 /* ARGSUSED */ 1225 static int 1226 set_tun_ah_alg(char *addr, int64_t param) 1227 { 1228 return (set_tun_algs(AH_AUTH_ALG, 1229 parsealg(addr, IPSEC_PROTO_AH))); 1230 } 1231 1232 /* ARGSUSED */ 1233 static int 1234 setifrevarp(char *arg, int64_t param) 1235 { 1236 struct sockaddr_in laddr; 1237 1238 if (afp->af_af == AF_INET6) { 1239 (void) fprintf(stderr, 1240 "ifconfig: revarp not possible on IPv6 interface %s\n", 1241 name); 1242 exit(1); 1243 } 1244 if (doifrevarp(name, &laddr)) { 1245 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1246 laddr.sin_family = AF_INET; 1247 (void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr)); 1248 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1249 Perror0_exit("SIOCSLIFADDR"); 1250 } 1251 return (0); 1252 } 1253 1254 /* ARGSUSED */ 1255 static int 1256 setifsubnet(char *addr, int64_t param) 1257 { 1258 int prefixlen = 0; 1259 struct sockaddr_storage subnet; 1260 1261 (*afp->af_getaddr)(addr, &subnet, &prefixlen); 1262 1263 switch (prefixlen) { 1264 case NO_PREFIX: 1265 (void) fprintf(stderr, 1266 "ifconfig: Missing prefix length in subnet %s\n", addr); 1267 exit(1); 1268 /* NOTREACHED */ 1269 case BAD_ADDR: 1270 (void) fprintf(stderr, 1271 "ifconfig: Bad prefix length in %s\n", addr); 1272 exit(1); 1273 default: 1274 break; 1275 } 1276 1277 lifr.lifr_addr = subnet; 1278 lifr.lifr_addrlen = prefixlen; 1279 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1280 if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0) 1281 Perror0_exit("SIOCSLIFSUBNET"); 1282 1283 return (0); 1284 } 1285 1286 /* ARGSUSED */ 1287 static int 1288 setifnetmask(char *addr, int64_t param) 1289 { 1290 struct sockaddr_in netmask; 1291 1292 assert(afp->af_af != AF_INET6); 1293 1294 if (strcmp(addr, "+") == 0) { 1295 if (!in_getmask(&netmask, _B_FALSE)) 1296 return (0); 1297 (void) printf("Setting netmask of %s to %s\n", name, 1298 inet_ntoa(netmask.sin_addr)); 1299 } else { 1300 in_getaddr(addr, (struct sockaddr *)&netmask, NULL); 1301 } 1302 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1303 (void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask)); 1304 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1305 Perror0_exit("SIOCSLIFNETMASK"); 1306 return (0); 1307 } 1308 1309 /* 1310 * Parse '/<n>' as a netmask. 1311 */ 1312 /* ARGSUSED */ 1313 static int 1314 setifprefixlen(char *addr, int64_t param) 1315 { 1316 int prefixlen; 1317 int af = afp->af_af; 1318 1319 prefixlen = in_getprefixlen(addr, _B_TRUE, 1320 (af == AF_INET) ? IP_ABITS : IPV6_ABITS); 1321 if (prefixlen < 0) { 1322 (void) fprintf(stderr, 1323 "ifconfig: Bad prefix length in %s\n", addr); 1324 exit(1); 1325 } 1326 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1327 lifr.lifr_addr.ss_family = af; 1328 if (af == AF_INET6) { 1329 struct sockaddr_in6 *sin6; 1330 1331 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 1332 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1333 (uchar_t *)&sin6->sin6_addr)) { 1334 (void) fprintf(stderr, "ifconfig: " 1335 "Bad prefix length: %d\n", 1336 prefixlen); 1337 exit(1); 1338 } 1339 } else if (af == AF_INET) { 1340 struct sockaddr_in *sin; 1341 1342 sin = (struct sockaddr_in *)&lifr.lifr_addr; 1343 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1344 (uchar_t *)&sin->sin_addr)) { 1345 (void) fprintf(stderr, "ifconfig: " 1346 "Bad prefix length: %d\n", 1347 prefixlen); 1348 exit(1); 1349 } 1350 } else { 1351 (void) fprintf(stderr, "ifconfig: setting prefix only supported" 1352 " for address family inet or inet6\n"); 1353 exit(1); 1354 } 1355 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1356 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 1357 Perror0_exit("SIOCSLIFNETMASK"); 1358 return (0); 1359 } 1360 1361 /* ARGSUSED */ 1362 static int 1363 setifbroadaddr(char *addr, int64_t param) 1364 { 1365 struct sockaddr_in broadaddr; 1366 1367 assert(afp->af_af != AF_INET6); 1368 1369 if (strcmp(addr, "+") == 0) { 1370 /* 1371 * This doesn't set the broadcast address at all. Rather, it 1372 * gets, then sets the interface's address, relying on the fact 1373 * that resetting the address will reset the broadcast address. 1374 */ 1375 (void) strncpy(lifr.lifr_name, name, 1376 sizeof (lifr.lifr_name)); 1377 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 1378 if (errno != EADDRNOTAVAIL) 1379 Perror0_exit("SIOCGLIFADDR"); 1380 return (0); 1381 } 1382 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 1383 Perror0_exit("SIOCGLIFADDR"); 1384 1385 return (0); 1386 } 1387 in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL); 1388 1389 (void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr)); 1390 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1391 if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0) 1392 Perror0_exit("SIOCSLIFBRDADDR"); 1393 return (0); 1394 } 1395 1396 /* 1397 * set interface destination address 1398 */ 1399 /* ARGSUSED */ 1400 static int 1401 setifdstaddr(char *addr, int64_t param) 1402 { 1403 (*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL); 1404 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1405 if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0) 1406 Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR"); 1407 return (0); 1408 } 1409 1410 /* ARGSUSED */ 1411 static int 1412 setifflags(char *val, int64_t value) 1413 { 1414 int phyintlen, origphyintlen; 1415 1416 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1417 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) 1418 Perror0_exit("setifflags: SIOCGLIFFLAGS"); 1419 1420 if (value == IFF_NOFAILOVER) { 1421 /* 1422 * Fail if '-failover' is set after a prior addif created the 1423 * alias on a different interface. This can happen when the 1424 * interface is part of an IPMP group. 1425 */ 1426 phyintlen = strcspn(name, ":"); 1427 origphyintlen = strcspn(origname, ":"); 1428 if (phyintlen != origphyintlen || 1429 strncmp(name, origname, phyintlen) != 0) { 1430 (void) fprintf(stderr, "ifconfig: can't set -failover " 1431 "on failed/standby/offlined interface %s\n", 1432 origname); 1433 exit(1); 1434 } 1435 } 1436 1437 if (value < 0) { 1438 value = -value; 1439 lifr.lifr_flags &= ~value; 1440 if ((value & IFF_UP) && (lifr.lifr_flags & IFF_DUPLICATE)) { 1441 /* 1442 * If the user is trying to mark an interface with a 1443 * duplicate address as "down," then fetch the address 1444 * and set it. This will cause IP to clear the 1445 * IFF_DUPLICATE flag and stop the automatic recovery 1446 * timer. 1447 */ 1448 value = lifr.lifr_flags; 1449 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) 1450 (void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr); 1451 lifr.lifr_flags = value; 1452 } 1453 } else { 1454 lifr.lifr_flags |= value; 1455 } 1456 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1457 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) { 1458 Perror0_exit("setifflags: SIOCSLIFFLAGS"); 1459 } 1460 return (0); 1461 } 1462 1463 /* ARGSUSED */ 1464 static int 1465 setifmetric(char *val, int64_t param) 1466 { 1467 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1468 lifr.lifr_metric = atoi(val); 1469 if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0) 1470 Perror0_exit("setifmetric: SIOCSLIFMETRIC"); 1471 return (0); 1472 } 1473 1474 /* ARGSUSED */ 1475 static int 1476 setifmtu(char *val, int64_t param) 1477 { 1478 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1479 lifr.lifr_mtu = atoi(val); 1480 if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0) 1481 Perror0_exit("setifmtu: SIOCSLIFMTU"); 1482 return (0); 1483 } 1484 1485 /* ARGSUSED */ 1486 static int 1487 setifindex(char *val, int64_t param) 1488 { 1489 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1490 lifr.lifr_index = atoi(val); 1491 if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0) 1492 Perror0_exit("setifindex: SIOCSLIFINDEX"); 1493 return (0); 1494 } 1495 1496 /* ARGSUSED */ 1497 static int 1498 setifether(char *addr, int64_t param) 1499 { 1500 uchar_t *ea; 1501 iface_t *current; 1502 int maclen; 1503 1504 if (addr == NULL) { 1505 ifstatus(name); 1506 print_ifether(name); 1507 return (0); 1508 } 1509 1510 phyif = NULL; 1511 logifs = NULL; 1512 1513 /* 1514 * if the IP interface in the arguments is a logical 1515 * interface, exit with an error now. 1516 */ 1517 if (strchr(name, ':') != NULL) { 1518 (void) fprintf(stderr, "ifconfig: cannot change" 1519 " ethernet address of a logical interface\n"); 1520 exit(1); 1521 } 1522 1523 ea = _link_aton(addr, &maclen); 1524 if (ea == NULL) { 1525 if (maclen == -1) 1526 (void) fprintf(stderr, 1527 "ifconfig: %s: bad address\n", addr); 1528 else 1529 (void) fprintf(stderr, "ifconfig: malloc() failed\n"); 1530 exit(1); 1531 } 1532 1533 (void) strncpy(savedname, name, sizeof (savedname)); 1534 1535 /* 1536 * Call selectifs only for the IP interfaces that are ipv4. 1537 * offflags == IFF_IPV6 because you should not change the 1538 * Ethernet address of an ipv6 interface 1539 */ 1540 foreachinterface(selectifs, 0, (char **)NULL, 0, 0, IFF_IPV6, 0); 1541 1542 /* If physical interface not found, exit now */ 1543 if (phyif == NULL) { 1544 (void) fprintf(stderr, 1545 "ifconfig: interface %s not found\n", savedname); 1546 exit(1); 1547 } 1548 1549 /* Restore */ 1550 (void) strncpy(name, savedname, sizeof (name)); 1551 (void) strncpy(origname, savedname, sizeof (origname)); 1552 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1553 1554 /* 1555 * close and reopen the socket 1556 * we don't know which type of socket we have now 1557 */ 1558 (void) close(s); 1559 s = socket(SOCKET_AF(AF_UNSPEC), SOCK_DGRAM, 0); 1560 if (s < 0) { 1561 Perror0_exit("socket"); 1562 } 1563 1564 /* 1565 * mark down the logical interfaces first, 1566 * and then the physical interface 1567 */ 1568 if (updownifs(logifs, 0) < 0 || updownifs(phyif, 0) < 0) { 1569 Perror0_exit("mark down interface failed"); 1570 } 1571 1572 /* 1573 * Change the physical address 1574 */ 1575 if (dlpi_set_address(savedname, ea, maclen) == -1) { 1576 (void) fprintf(stderr, 1577 "ifconfig: failed setting mac address on %s\n", 1578 savedname); 1579 } 1580 1581 /* 1582 * if any interfaces were marked down before changing the 1583 * ethernet address, put them up again. 1584 * First the physical interface, then the logical ones. 1585 */ 1586 if (updownifs(phyif, 1) < 0 || updownifs(logifs, 1) < 0) { 1587 Perror0_exit("mark down interface failed"); 1588 } 1589 1590 /* Free the memory allocated by selectifs */ 1591 free(phyif); 1592 for (current = logifs; current != NULL; current = logifs) { 1593 logifs = logifs->next; 1594 free(current); 1595 } 1596 1597 return (0); 1598 } 1599 1600 /* 1601 * Print an interface's Ethernet address, if it has one. 1602 */ 1603 static void 1604 print_ifether(char *ifname) 1605 { 1606 int protocol; 1607 icfg_if_t interface; 1608 icfg_handle_t handle; 1609 int fd; 1610 1611 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1612 1613 fd = socket(AF_INET, SOCK_DGRAM, 0); 1614 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1615 /* 1616 * It's possible the interface is only configured for 1617 * IPv6; check again with AF_INET6. 1618 */ 1619 (void) close(fd); 1620 fd = socket(AF_INET6, SOCK_DGRAM, 0); 1621 if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) { 1622 (void) close(fd); 1623 return; 1624 } 1625 } 1626 (void) close(fd); 1627 1628 /* Virtual interfaces don't have MAC addresses */ 1629 if (lifr.lifr_flags & IFF_VIRTUAL) 1630 return; 1631 1632 /* 1633 * We must be careful to set if_protocol based on the current 1634 * properties of the interface. For instance, if "ip.tun0" is 1635 * configured only as an IPv6 tunnel, then if_protocol must be 1636 * set to AF_INET6 or icfg_get_tunnel_lower() will fail and 1637 * we will falsely conclude that it's not a tunnel. 1638 */ 1639 interface.if_protocol = AF_INET; 1640 if (lifr.lifr_flags & IFF_IPV6) 1641 interface.if_protocol = AF_INET6; 1642 1643 (void) strncpy(interface.if_name, ifname, sizeof (interface.if_name)); 1644 1645 if (icfg_open(&handle, &interface) == ICFG_SUCCESS) { 1646 if (icfg_get_tunnel_lower(handle, &protocol) == ICFG_SUCCESS) { 1647 /* Tunnel op succeeded -- it's a tunnel so skip */ 1648 icfg_close(handle); 1649 return; 1650 } 1651 icfg_close(handle); 1652 } 1653 1654 dlpi_print_address(ifname); 1655 } 1656 1657 /* 1658 * static void selectifs(int argc, char *argv[], int af, struct lifreq *rp) 1659 * 1660 * Called inside setifether() to create a list of interfaces to 1661 * mark down/up when changing the Ethernet address. 1662 * If the current interface is the physical interface passed 1663 * as an argument to ifconfig, update phyif. 1664 * If the current interface is a logical interface associated 1665 * to the physical interface, add it to the logifs list. 1666 */ 1667 /* ARGSUSED */ 1668 static void 1669 selectifs(int argc, char *argv[], int af, struct lifreq *rp) 1670 { 1671 char *colonp; 1672 int length; 1673 iface_t *current; 1674 1675 /* 1676 * savedname= name of the IP interface to which you want to 1677 * change ethernet address 1678 * name= name of the current IP interface 1679 */ 1680 colonp = strchr(name, ':'); 1681 if (colonp == NULL) 1682 length = max(strlen(savedname), strlen(name)); 1683 else 1684 length = max(strlen(savedname), colonp - name); 1685 if (strncmp(savedname, name, length) == 0) { 1686 (void) strcpy(lifr.lifr_name, name); 1687 if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) { 1688 Perror0("selectifs: SIOCGLIFFLAGS"); 1689 return; 1690 } 1691 1692 if ((current = malloc(sizeof (iface_t))) == NULL) { 1693 Perror0_exit("selectifs: malloc failed\n"); 1694 } 1695 1696 if (colonp == NULL) { 1697 /* this is the physical interface */ 1698 phyif = current; 1699 bcopy(&lifr, &phyif->lifr, sizeof (struct lifreq)); 1700 phyif->next = NULL; 1701 } else { 1702 /* this is a logical interface */ 1703 bcopy(&lifr, ¤t->lifr, sizeof (struct lifreq)); 1704 current->next = logifs; 1705 logifs = current; 1706 } 1707 } 1708 } 1709 1710 /* 1711 * static int updownifs(iface_t *ifs, int up) 1712 * 1713 * It takes in input a list of IP interfaces (ifs) 1714 * and a flag (up). 1715 * It marks each interface in the list down (up = 0) 1716 * or up (up > 0). This is done ONLY if the IP 1717 * interface was originally up. 1718 * 1719 * Return values: 1720 * 0 = everything OK 1721 * -1 = problem 1722 */ 1723 static int 1724 updownifs(iface_t *ifs, int up) 1725 { 1726 iface_t *current; 1727 int ret = 0; 1728 int save_errno; 1729 char savename[LIFNAMSIZ]; 1730 uint64_t orig_flags; 1731 1732 for (current = ifs; current != NULL; current = current->next) { 1733 if (current->lifr.lifr_flags & IFF_UP) { 1734 orig_flags = current->lifr.lifr_flags; 1735 if (!up) 1736 current->lifr.lifr_flags &= ~IFF_UP; 1737 if (ioctl(s, SIOCSLIFFLAGS, ¤t->lifr) < 0) { 1738 save_errno = errno; 1739 (void) strcpy(savename, 1740 current->lifr.lifr_name); 1741 ret = -1; 1742 } 1743 if (!up) /* restore the original flags */ 1744 current->lifr.lifr_flags = orig_flags; 1745 } 1746 } 1747 1748 if (ret == -1) { 1749 (void) strcpy(lifr.lifr_name, savename); 1750 errno = save_errno; 1751 } 1752 return (ret); 1753 } 1754 1755 /* 1756 * static int find_all_global_interfaces(struct lifconf *lifcp, char **buf, 1757 * int64_t lifc_flags) 1758 * 1759 * It finds all interfaces for the global zone, that is all 1760 * the physical interfaces, using the kernel's devinfo tree. 1761 * 1762 * It takes in input a pointer to struct lifconf to receive interfaces 1763 * informations, a **char to hold allocated buffer, and a lifc_flags. 1764 * 1765 * Return values: 1766 * 0 = everything OK 1767 * -1 = problem 1768 */ 1769 static int 1770 find_all_global_interfaces(struct lifconf *lifcp, char **buf, 1771 int64_t lifc_flags) 1772 { 1773 unsigned bufsize; 1774 int n; 1775 di_node_t root; 1776 ni_t *nip; 1777 struct lifreq *lifrp; 1778 1779 /* 1780 * DINFOCACHE is equivalent to DINFOSUBTREE | DINFOMINOR | 1781 * DINFOPROP | DINFOFORCE. 1782 */ 1783 if ((root = di_init("/", DINFOCACHE)) == DI_NODE_NIL) { 1784 (void) fprintf(stderr, "ifconfig: di_init " 1785 "failed; check the devinfo driver.\n"); 1786 exit(1); 1787 } 1788 1789 (void) di_walk_minor(root, DDI_NT_NET, DI_CHECK_ALIAS, 1790 NULL, devfs_entry); 1791 di_fini(root); 1792 1793 /* 1794 * Now, translate the linked list into 1795 * a struct lifreq buffer 1796 */ 1797 if (num_ni == 0) { 1798 lifcp->lifc_family = AF_UNSPEC; 1799 lifcp->lifc_flags = lifc_flags; 1800 lifcp->lifc_len = 0; 1801 lifcp->lifc_buf = NULL; 1802 return (0); 1803 } 1804 1805 bufsize = num_ni * sizeof (struct lifreq); 1806 if ((*buf = malloc(bufsize)) == NULL) 1807 Perror0_exit("find_all_interfaces: malloc failed"); 1808 1809 lifcp->lifc_family = AF_UNSPEC; 1810 lifcp->lifc_flags = lifc_flags; 1811 lifcp->lifc_len = bufsize; 1812 lifcp->lifc_buf = *buf; 1813 1814 for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) { 1815 nip = ni_list; 1816 (void) strncpy(lifrp->lifr_name, nip->ni_name, 1817 sizeof (lifr.lifr_name)); 1818 ni_list = nip->ni_next; 1819 free(nip); 1820 } 1821 return (0); 1822 } 1823 1824 /* 1825 * static int find_all_zone_interfaces(struct lifconf *lifcp, char **buf, 1826 * int64_t lifc_flags) 1827 * 1828 * It finds all interfaces for an exclusive-IP zone, that is all the interfaces 1829 * assigned to it. 1830 * 1831 * It takes in input a pointer to struct lifconf to receive interfaces 1832 * informations, a **char to hold allocated buffer, and a lifc_flags. 1833 * 1834 * Return values: 1835 * 0 = everything OK 1836 * -1 = problem 1837 */ 1838 static int 1839 find_all_zone_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags) 1840 { 1841 zoneid_t zoneid; 1842 unsigned bufsize; 1843 char *dlnames, *ptr; 1844 struct lifreq *lifrp; 1845 int num_ni_saved, i; 1846 1847 zoneid = getzoneid(); 1848 1849 num_ni = 0; 1850 if (zone_list_datalink(zoneid, &num_ni, NULL) != 0) 1851 Perror0_exit("find_all_interfaces: list interfaces failed"); 1852 again: 1853 /* this zone doesn't have any data-links */ 1854 if (num_ni == 0) { 1855 lifcp->lifc_family = AF_UNSPEC; 1856 lifcp->lifc_flags = lifc_flags; 1857 lifcp->lifc_len = 0; 1858 lifcp->lifc_buf = NULL; 1859 return (0); 1860 } 1861 1862 dlnames = malloc(num_ni * LIFNAMSIZ); 1863 if (dlnames == NULL) 1864 Perror0_exit("find_all_interfaces: out of memory"); 1865 num_ni_saved = num_ni; 1866 1867 if (zone_list_datalink(zoneid, &num_ni, dlnames) != 0) 1868 Perror0_exit("find_all_interfaces: list interfaces failed"); 1869 1870 if (num_ni_saved < num_ni) { 1871 /* list increased, try again */ 1872 free(dlnames); 1873 goto again; 1874 } 1875 1876 /* this zone doesn't have any data-links now */ 1877 if (num_ni == 0) { 1878 free(dlnames); 1879 lifcp->lifc_family = AF_UNSPEC; 1880 lifcp->lifc_flags = lifc_flags; 1881 lifcp->lifc_len = 0; 1882 lifcp->lifc_buf = NULL; 1883 return (0); 1884 } 1885 1886 bufsize = num_ni * sizeof (struct lifreq); 1887 if ((*buf = malloc(bufsize)) == NULL) { 1888 free(dlnames); 1889 Perror0_exit("find_all_interfaces: malloc failed"); 1890 } 1891 1892 lifrp = (struct lifreq *)*buf; 1893 ptr = dlnames; 1894 for (i = 0; i < num_ni; i++) { 1895 if (strlcpy(lifrp->lifr_name, ptr, LIFNAMSIZ) >= 1896 LIFNAMSIZ) 1897 Perror0_exit("find_all_interfaces: overflow"); 1898 ptr += LIFNAMSIZ; 1899 lifrp++; 1900 } 1901 1902 free(dlnames); 1903 lifcp->lifc_family = AF_UNSPEC; 1904 lifcp->lifc_flags = lifc_flags; 1905 lifcp->lifc_len = bufsize; 1906 lifcp->lifc_buf = *buf; 1907 return (0); 1908 } 1909 1910 /* 1911 * Create the next unused logical interface using the original name 1912 * and assign the address (and mask if '/<n>' is part of the address). 1913 * Use the new logical interface for subsequent subcommands by updating 1914 * the name variable. 1915 * 1916 * This allows syntax like: 1917 * ifconfig le0 addif 109.106.86.130 netmask + up \ 1918 * addif 109.106.86.131 netmask + up 1919 */ 1920 /* ARGSUSED */ 1921 static int 1922 addif(char *str, int64_t param) 1923 { 1924 int prefixlen = 0; 1925 struct sockaddr_storage laddr; 1926 struct sockaddr_storage mask; 1927 1928 (void) strncpy(name, origname, sizeof (name)); 1929 1930 if (strchr(name, ':') != NULL) { 1931 (void) fprintf(stderr, 1932 "ifconfig: addif: bad physical interface name %s\n", 1933 name); 1934 exit(1); 1935 } 1936 1937 /* 1938 * clear so parser will interpret next address as source followed 1939 * by possible dest 1940 */ 1941 setaddr = 0; 1942 (*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen); 1943 1944 switch (prefixlen) { 1945 case NO_PREFIX: 1946 /* Nothing there - ok */ 1947 break; 1948 case BAD_ADDR: 1949 (void) fprintf(stderr, 1950 "ifconfig: Bad prefix length in %s\n", str); 1951 exit(1); 1952 default: 1953 (void) memset(&mask, 0, sizeof (mask)); 1954 mask.ss_family = afp->af_af; 1955 if (afp->af_af == AF_INET6) { 1956 struct sockaddr_in6 *sin6; 1957 sin6 = (struct sockaddr_in6 *)&mask; 1958 if (!in_prefixlentomask(prefixlen, IPV6_ABITS, 1959 (uchar_t *)&sin6->sin6_addr)) { 1960 (void) fprintf(stderr, "ifconfig: " 1961 "Bad prefix length: %d\n", 1962 prefixlen); 1963 exit(1); 1964 } 1965 } else { 1966 struct sockaddr_in *sin; 1967 1968 sin = (struct sockaddr_in *)&mask; 1969 if (!in_prefixlentomask(prefixlen, IP_ABITS, 1970 (uchar_t *)&sin->sin_addr)) { 1971 (void) fprintf(stderr, "ifconfig: " 1972 "Bad prefix length: %d\n", 1973 prefixlen); 1974 exit(1); 1975 } 1976 } 1977 g_netmask_set = G_NETMASK_NIL; 1978 break; 1979 } 1980 1981 /* 1982 * This is a "hack" to get around the problem of SIOCLIFADDIF. The 1983 * problem is that this ioctl does not include the netmask when 1984 * adding a logical interface. This is the same problem described 1985 * in the ifconfig() comments. To get around this problem, we first 1986 * add the logical interface with a 0 address. After that, we set 1987 * the netmask if provided. Finally we set the interface address. 1988 */ 1989 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 1990 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 1991 1992 /* Note: no need to do DAD here since the interface isn't up yet. */ 1993 1994 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) 1995 Perror0_exit("addif: SIOCLIFADDIF"); 1996 1997 (void) printf("Created new logical interface %s\n", 1998 lifr.lifr_name); 1999 (void) strncpy(name, lifr.lifr_name, sizeof (name)); 2000 2001 /* 2002 * Check and see if any "netmask" command is used and perform the 2003 * necessary operation. 2004 */ 2005 set_mask_lifreq(&lifr, &laddr, &mask); 2006 /* 2007 * Only set the netmask if "netmask" command is used or a prefix is 2008 * provided. 2009 */ 2010 if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) { 2011 if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) 2012 Perror0_exit("addif: SIOCSLIFNETMASK"); 2013 } 2014 2015 /* Finally, we set the interface address. */ 2016 lifr.lifr_addr = laddr; 2017 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) 2018 Perror0_exit("SIOCSLIFADDR"); 2019 2020 /* 2021 * let parser know we got a source. 2022 * Next address, if given, should be dest 2023 */ 2024 setaddr++; 2025 return (0); 2026 } 2027 2028 /* 2029 * Remove a logical interface based on its IP address. Unlike addif 2030 * there is no '/<n>' here. 2031 * Verifies that the interface is down before it is removed. 2032 */ 2033 /* ARGSUSED */ 2034 static int 2035 removeif(char *str, int64_t param) 2036 { 2037 struct sockaddr_storage laddr; 2038 2039 if (strchr(name, ':') != NULL) { 2040 (void) fprintf(stderr, 2041 "ifconfig: removeif: bad physical interface name %s\n", 2042 name); 2043 exit(1); 2044 } 2045 2046 (*afp->af_getaddr)(str, &laddr, NULL); 2047 lifr.lifr_addr = laddr; 2048 2049 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2050 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) { 2051 if (errno == EBUSY) { 2052 /* This can only happen if ipif_id = 0 */ 2053 (void) fprintf(stderr, 2054 "ifconfig: removeif: can't remove interface: %s\n", 2055 name); 2056 exit(1); 2057 } 2058 Perror0_exit("removeif: SIOCLIFREMOVEIF"); 2059 } 2060 return (0); 2061 } 2062 2063 /* 2064 * Set the address token for IPv6. 2065 */ 2066 /* ARGSUSED */ 2067 static int 2068 setiftoken(char *addr, int64_t param) 2069 { 2070 int prefixlen = 0; 2071 struct sockaddr_in6 token; 2072 2073 in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen); 2074 switch (prefixlen) { 2075 case NO_PREFIX: 2076 (void) fprintf(stderr, 2077 "ifconfig: Missing prefix length in subnet %s\n", addr); 2078 exit(1); 2079 /* NOTREACHED */ 2080 case BAD_ADDR: 2081 (void) fprintf(stderr, 2082 "ifconfig: Bad prefix length in %s\n", addr); 2083 exit(1); 2084 default: 2085 break; 2086 } 2087 (void) memcpy(&lifr.lifr_addr, &token, sizeof (token)); 2088 lifr.lifr_addrlen = prefixlen; 2089 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2090 if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0) { 2091 Perror0_exit("setiftoken: SIOCSLIFTOKEN"); 2092 } 2093 return (0); 2094 } 2095 2096 /* 2097 * Return value: 0 on success, -1 on failure. 2098 */ 2099 static int 2100 connect_to_mpathd(int family) 2101 { 2102 int s; 2103 struct sockaddr_storage ss; 2104 struct sockaddr_in *sin = (struct sockaddr_in *)&ss; 2105 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&ss; 2106 struct in6_addr loopback_addr = IN6ADDR_LOOPBACK_INIT; 2107 int addrlen; 2108 int ret; 2109 int on; 2110 2111 s = socket(family, SOCK_STREAM, 0); 2112 if (s < 0) { 2113 Perror0_exit("connect_to_mpathd: socket"); 2114 } 2115 (void) bzero((char *)&ss, sizeof (ss)); 2116 ss.ss_family = family; 2117 /* 2118 * Need to bind to a privileged port. For non-root, this 2119 * will fail. in.mpathd verifies that only commands coming 2120 * from privileged ports succeed so that ordinary users 2121 * can't connect and start talking to in.mpathd 2122 */ 2123 on = 1; 2124 if (setsockopt(s, IPPROTO_TCP, TCP_ANONPRIVBIND, &on, 2125 sizeof (on)) < 0) { 2126 Perror0_exit("connect_to_mpathd: setsockopt"); 2127 } 2128 switch (family) { 2129 case AF_INET: 2130 sin->sin_port = 0; 2131 sin->sin_addr.s_addr = htonl(INADDR_LOOPBACK); 2132 addrlen = sizeof (struct sockaddr_in); 2133 break; 2134 case AF_INET6: 2135 sin6->sin6_port = 0; 2136 sin6->sin6_addr = loopback_addr; 2137 addrlen = sizeof (struct sockaddr_in6); 2138 break; 2139 } 2140 ret = bind(s, (struct sockaddr *)&ss, addrlen); 2141 if (ret != 0) { 2142 (void) close(s); 2143 return (-1); 2144 } 2145 2146 switch (family) { 2147 case AF_INET: 2148 sin->sin_port = htons(MPATHD_PORT); 2149 break; 2150 case AF_INET6: 2151 sin6->sin6_port = htons(MPATHD_PORT); 2152 break; 2153 } 2154 ret = connect(s, (struct sockaddr *)&ss, addrlen); 2155 (void) close(s); 2156 return (ret); 2157 } 2158 2159 /* ARGSUSED */ 2160 static int 2161 setifgroupname(char *grpname, int64_t param) 2162 { 2163 if (debug) { 2164 (void) printf("Setting groupname %s on interface %s\n", 2165 grpname, name); 2166 } 2167 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2168 (void) strncpy(lifr.lifr_groupname, grpname, 2169 sizeof (lifr.lifr_groupname)); 2170 if (ioctl(s, SIOCSLIFGROUPNAME, (caddr_t)&lifr) < 0) { 2171 Perror0_exit("setifgroupname: SIOCSLIFGROUPNAME"); 2172 } 2173 2174 /* 2175 * If the SUNW_NO_MPATHD environment variable is set then don't 2176 * bother starting up in.mpathd. See PSARC/2002/249 for the 2177 * depressing details on this bit of stupidity. 2178 */ 2179 if (getenv("SUNW_NO_MPATHD") != NULL) { 2180 return (0); 2181 } 2182 2183 /* 2184 * Try to connect to in.mpathd using IPv4. If we succeed, 2185 * we conclude that in.mpathd is running, and quit. 2186 */ 2187 if (connect_to_mpathd(AF_INET) == 0) { 2188 /* connect succeeded, mpathd is already running */ 2189 return (0); 2190 } 2191 /* 2192 * Try to connect to in.mpathd using IPv6. If we succeed, 2193 * we conclude that in.mpathd is running, and quit. 2194 */ 2195 if (connect_to_mpathd(AF_INET6) == 0) { 2196 /* connect succeeded, mpathd is already running */ 2197 return (0); 2198 } 2199 2200 /* 2201 * in.mpathd may not be running. Start it now. If it is already 2202 * running, in.mpathd will take care of handling multiple incarnations 2203 * of itself. ifconfig only tries to optimize performance by not 2204 * starting another incarnation of in.mpathd. 2205 */ 2206 switch (fork()) { 2207 2208 case -1: 2209 Perror0_exit("setifgroupname: fork"); 2210 /* NOTREACHED */ 2211 case 0: 2212 (void) execl(MPATHD_PATH, MPATHD_PATH, NULL); 2213 _exit(1); 2214 /* NOTREACHED */ 2215 default: 2216 return (0); 2217 } 2218 } 2219 2220 2221 /* 2222 * To list all the modules above a given network interface. 2223 */ 2224 /* ARGSUSED */ 2225 static int 2226 modlist(char *null, int64_t param) 2227 { 2228 int muxfd; 2229 int ipfd_lowstr; 2230 int arpfd_lowstr; 2231 int num_mods; 2232 int i; 2233 struct str_list strlist; 2234 int orig_arpid; 2235 2236 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2237 if (ip_domux2fd(&muxfd, &ipfd_lowstr, &arpfd_lowstr, 2238 &orig_arpid) < 0) { 2239 return (-1); 2240 } 2241 if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) { 2242 Perror0("cannot I_LIST to get the number of modules"); 2243 } else { 2244 if (debug > 0) { 2245 (void) printf("Listing (%d) modules above %s\n", 2246 num_mods, name); 2247 } 2248 2249 strlist.sl_nmods = num_mods; 2250 strlist.sl_modlist = malloc(sizeof (struct str_mlist) * 2251 num_mods); 2252 if (strlist.sl_modlist == NULL) { 2253 Perror0("cannot malloc"); 2254 } else { 2255 if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) { 2256 Perror0("cannot I_LIST for module names"); 2257 } else { 2258 for (i = 0; i < strlist.sl_nmods; i++) { 2259 (void) printf("%d %s\n", i, 2260 strlist.sl_modlist[i].l_name); 2261 } 2262 } 2263 free(strlist.sl_modlist); 2264 } 2265 } 2266 return (ip_plink(muxfd, ipfd_lowstr, arpfd_lowstr, orig_arpid)); 2267 } 2268 2269 #define MODINSERT_OP 'i' 2270 #define MODREMOVE_OP 'r' 2271 2272 /* 2273 * To insert a module to the stream of the interface. It is just a 2274 * wrapper. The real function is modop(). 2275 */ 2276 /* ARGSUSED */ 2277 static int 2278 modinsert(char *arg, int64_t param) 2279 { 2280 return (modop(arg, MODINSERT_OP)); 2281 } 2282 2283 /* 2284 * To remove a module from the stream of the interface. It is just a 2285 * wrapper. The real function is modop(). 2286 */ 2287 /* ARGSUSED */ 2288 static int 2289 modremove(char *arg, int64_t param) 2290 { 2291 return (modop(arg, MODREMOVE_OP)); 2292 } 2293 2294 /* 2295 * Open a stream on /dev/udp, pop off all undesired modules (note that 2296 * the user may have configured autopush to add modules above or below 2297 * udp), and push the arp module onto raw IP. 2298 */ 2299 static int 2300 open_arp_on_udp(char *udp_dev_name) 2301 { 2302 int fd; 2303 boolean_t popped; 2304 2305 if ((fd = open(udp_dev_name, O_RDWR)) == -1) { 2306 Perror2("open", udp_dev_name); 2307 return (-1); 2308 } 2309 errno = 0; 2310 popped = _B_FALSE; 2311 while (ioctl(fd, I_POP, 0) != -1) 2312 popped = _B_TRUE; 2313 if (!popped) { 2314 Perror2("cannot pop", udp_dev_name); 2315 } else if (errno != EINVAL) { 2316 Perror2("pop", udp_dev_name); 2317 } else if (ioctl(fd, I_PUSH, ARP_MOD_NAME) == -1) { 2318 Perror2("arp PUSH", udp_dev_name); 2319 } else { 2320 return (fd); 2321 } 2322 (void) close(fd); 2323 return (-1); 2324 } 2325 2326 /* 2327 * Helper function for mod*() functions. It gets a fd to the lower IP 2328 * stream and I_PUNLINK's the lower stream. It also initializes the 2329 * global variable lifr. 2330 * 2331 * Param: 2332 * int *udp_fd: (referenced) fd to /dev/udp (upper IP stream). 2333 * int *fd: (referenced) fd to the lower IP stream. 2334 * 2335 * Return: 2336 * -1 if operation fails, 0 otherwise. 2337 * 2338 * Please see the big block comment above plumb_one_device() 2339 * for the logic of the PLINK/PUNLINK 2340 */ 2341 static int 2342 ip_domux2fd(int *muxfd, int *ipfd_lowstr, int *arpfd_lowstr, int *orig_arpid) 2343 { 2344 int ip_fd; 2345 uint64_t flags; 2346 char *udp_dev_name; 2347 char *ip_dev_name; 2348 2349 *orig_arpid = 0; 2350 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2351 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2352 Perror0_exit("status: SIOCGLIFFLAGS"); 2353 } 2354 flags = lifr.lifr_flags; 2355 if (flags & IFF_IPV4) { 2356 udp_dev_name = UDP_DEV_NAME; 2357 ip_dev_name = IP_DEV_NAME; 2358 } else if (flags & IFF_IPV6) { 2359 udp_dev_name = UDP6_DEV_NAME; 2360 ip_dev_name = IP6_DEV_NAME; 2361 } else { 2362 return (-1); 2363 } 2364 2365 if ((ip_fd = open(ip_dev_name, O_RDWR)) < 0) { 2366 Perror2("open", ip_dev_name); 2367 return (-1); 2368 } 2369 if (ioctl(ip_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 2370 Perror2("SIOCGLIFMUXID", ip_dev_name); 2371 return (-1); 2372 } 2373 if (debug > 0) { 2374 (void) printf("ARP_muxid %d IP_muxid %d\n", 2375 lifr.lifr_arp_muxid, lifr.lifr_ip_muxid); 2376 } 2377 2378 if ((*muxfd = open_arp_on_udp(udp_dev_name)) == -1) 2379 return (-1); 2380 2381 if (lifr.lifr_arp_muxid != 0) { 2382 if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2383 lifr.lifr_arp_muxid)) < 0) { 2384 if ((errno == EINVAL) && 2385 (flags & (IFF_NOARP | IFF_IPV6))) { 2386 /* 2387 * Some plumbing utilities set the muxid to 2388 * -1 or some invalid value to signify that 2389 * there is no arp stream. Set the muxid to 0 2390 * before trying to unplumb the IP stream. 2391 * IP does not allow the IP stream to be 2392 * unplumbed if it sees a non-null arp muxid, 2393 * for consistency of IP-ARP streams. 2394 */ 2395 *orig_arpid = lifr.lifr_arp_muxid; 2396 lifr.lifr_arp_muxid = 0; 2397 (void) ioctl(*muxfd, SIOCSLIFMUXID, 2398 (caddr_t)&lifr); 2399 *arpfd_lowstr = -1; 2400 } else { 2401 Perror0("_I_MUXID2FD"); 2402 return (-1); 2403 } 2404 } else if (ioctl(*muxfd, I_PUNLINK, 2405 lifr.lifr_arp_muxid) < 0) { 2406 Perror2("I_PUNLINK", udp_dev_name); 2407 return (-1); 2408 } 2409 } else { 2410 *arpfd_lowstr = -1; 2411 } 2412 2413 if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD, 2414 lifr.lifr_ip_muxid)) < 0) { 2415 Perror0("_I_MUXID2FD"); 2416 /* Undo any changes we made */ 2417 if (*orig_arpid != 0) { 2418 lifr.lifr_arp_muxid = *orig_arpid; 2419 (void) ioctl(*muxfd, SIOCSLIFMUXID, (caddr_t)&lifr); 2420 } 2421 return (-1); 2422 } 2423 if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) { 2424 Perror2("I_PUNLINK", udp_dev_name); 2425 /* Undo any changes we made */ 2426 if (*orig_arpid != 0) { 2427 lifr.lifr_arp_muxid = *orig_arpid; 2428 (void) ioctl(*muxfd, SIOCSLIFMUXID, (caddr_t)&lifr); 2429 } 2430 return (-1); 2431 } 2432 return (0); 2433 } 2434 2435 /* 2436 * Helper function for mod*() functions. It I_PLINK's back the upper and 2437 * lower IP streams. Note that this function must be called after 2438 * ip_domux2fd(). In ip_domux2fd(), the global variable lifr is initialized 2439 * and ip_plink() needs information in lifr. So ip_domux2fd() and ip_plink() 2440 * must be called in pairs. 2441 * 2442 * Param: 2443 * int udp_fd: fd to /dev/udp (upper IP stream). 2444 * int fd: fd to the lower IP stream. 2445 * 2446 * Return: 2447 * -1 if operation fails, 0 otherwise. 2448 * 2449 * Please see the big block comment above plumb_one_device() 2450 * for the logic of the PLINK/PUNLINK 2451 */ 2452 static int 2453 ip_plink(int muxfd, int ipfd_lowstr, int arpfd_lowstr, int orig_arpid) 2454 { 2455 int ip_muxid; 2456 2457 ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr); 2458 if (ip_muxid < 0) { 2459 Perror2("I_PLINK", UDP_DEV_NAME); 2460 return (-1); 2461 } 2462 2463 /* 2464 * If there is an arp stream, plink it. If there is no 2465 * arp stream, then it is possible that the plumbing 2466 * utility could have stored any value in the arp_muxid. 2467 * If so, restore it from orig_arpid. 2468 */ 2469 if (arpfd_lowstr != -1) { 2470 if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) { 2471 Perror2("I_PLINK", UDP_DEV_NAME); 2472 return (-1); 2473 } 2474 } else if (orig_arpid != 0) { 2475 /* Undo the changes we did in ip_domux2fd */ 2476 lifr.lifr_arp_muxid = orig_arpid; 2477 lifr.lifr_ip_muxid = ip_muxid; 2478 (void) ioctl(muxfd, SIOCSLIFMUXID, (caddr_t)&lifr); 2479 } 2480 2481 return (0); 2482 } 2483 2484 /* 2485 * The real function to perform module insertion/removal. 2486 * 2487 * Param: 2488 * char *arg: the argument string module_name@position 2489 * char op: operation, either MODINSERT_OP or MODREMOVE_OP. 2490 * 2491 * Return: 2492 * Before doing ip_domux2fd(), this function calls exit(1) in case of 2493 * error. After ip_domux2fd() is done, it returns -1 for error, 0 2494 * otherwise. 2495 */ 2496 static int 2497 modop(char *arg, char op) 2498 { 2499 char *pos_p; 2500 int muxfd; 2501 int ipfd_lowstr; /* IP stream (lower stream of mux) to be plinked */ 2502 int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */ 2503 struct strmodconf mod; 2504 char *at_char = "@"; 2505 char *arg_str; 2506 int orig_arpid; 2507 2508 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2509 2510 /* Need to save the original string for -a option. */ 2511 if ((arg_str = malloc(strlen(arg) + 1)) == NULL) { 2512 Perror0("cannot malloc"); 2513 return (-1); 2514 } 2515 (void) strcpy(arg_str, arg); 2516 2517 if (*arg_str == *at_char) { 2518 (void) fprintf(stderr, 2519 "ifconfig: must supply a module name\n"); 2520 exit(1); 2521 } 2522 mod.mod_name = strtok(arg_str, at_char); 2523 if (strlen(mod.mod_name) > FMNAMESZ) { 2524 (void) fprintf(stderr, "ifconfig: module name too long: %s\n", 2525 mod.mod_name); 2526 exit(1); 2527 } 2528 2529 /* 2530 * Need to make sure that the core TCP/IP stack modules are not 2531 * removed. Otherwise, "bad" things can happen. If a module 2532 * is removed and inserted back, it loses its old state. But 2533 * the modules above it still have the old state. E.g. IP assumes 2534 * fast data path while tunnel after re-inserted assumes that it can 2535 * receive M_DATA only in fast data path for which it does not have 2536 * any state. This is a general caveat of _I_REMOVE/_I_INSERT. 2537 */ 2538 if (op == MODREMOVE_OP && 2539 (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 || 2540 strcmp(mod.mod_name, IP_MOD_NAME) == 0 || 2541 strcmp(mod.mod_name, TUN_NAME) == 0 || 2542 strcmp(mod.mod_name, ATUN_NAME) == 0 || 2543 strcmp(mod.mod_name, TUN6TO4_NAME) == 0)) { 2544 (void) fprintf(stderr, "ifconfig: cannot remove %s\n", 2545 mod.mod_name); 2546 exit(1); 2547 } 2548 2549 if ((pos_p = strtok(NULL, at_char)) == NULL) { 2550 (void) fprintf(stderr, "ifconfig: must supply a position\n"); 2551 exit(1); 2552 } 2553 mod.pos = atoi(pos_p); 2554 2555 if (ip_domux2fd(&muxfd, &ipfd_lowstr, &arpfd_lowstr, 2556 &orig_arpid) < 0) { 2557 free(arg_str); 2558 return (-1); 2559 } 2560 switch (op) { 2561 case MODINSERT_OP: 2562 if (debug > 0) { 2563 (void) printf("Inserting module %s at %d\n", 2564 mod.mod_name, mod.pos); 2565 } 2566 if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) { 2567 Perror2("fail to insert module", mod.mod_name); 2568 } 2569 break; 2570 case MODREMOVE_OP: 2571 if (debug > 0) { 2572 (void) printf("Removing module %s at %d\n", 2573 mod.mod_name, mod.pos); 2574 } 2575 if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) { 2576 Perror2("fail to remove module", mod.mod_name); 2577 } 2578 break; 2579 default: 2580 /* Should never get to here. */ 2581 (void) fprintf(stderr, "Unknown operation\n"); 2582 break; 2583 } 2584 free(arg_str); 2585 return (ip_plink(muxfd, ipfd_lowstr, arpfd_lowstr, orig_arpid)); 2586 } 2587 2588 /* 2589 * Set tunnel source address 2590 */ 2591 /* ARGSUSED */ 2592 static int 2593 setiftsrc(char *addr, int64_t param) 2594 { 2595 return (settaddr(addr, icfg_set_tunnel_src)); 2596 } 2597 2598 /* 2599 * Set tunnel destination address 2600 */ 2601 /* ARGSUSED */ 2602 static int 2603 setiftdst(char *addr, int64_t param) 2604 { 2605 return (settaddr(addr, icfg_set_tunnel_dest)); 2606 } 2607 2608 /* 2609 * sets tunnels src|dst address. settaddr() expects the following: 2610 * addr: Points to a printable string containing the address to be 2611 * set, e.g. 129.153.128.110. 2612 * fn: Pointer to a libinetcfg routine that will do the actual work. 2613 * The only valid functions are icfg_set_tunnel_src and 2614 * icfg_set_tunnel_dest. 2615 */ 2616 static int 2617 settaddr(char *addr, 2618 int (*fn)(icfg_handle_t, const struct sockaddr *, socklen_t)) 2619 { 2620 icfg_handle_t handle; 2621 icfg_if_t interface; 2622 struct sockaddr_storage laddr; 2623 int lower; 2624 int rc; 2625 2626 if (strchr(name, ':') != NULL) { 2627 errno = EPERM; 2628 Perror0_exit("Tunnel params on logical interfaces"); 2629 } 2630 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2631 interface.if_protocol = SOCKET_AF(af); 2632 2633 /* Open interface. */ 2634 if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS) 2635 Perror0_exit((char *)icfg_errmsg(rc)); 2636 2637 rc = icfg_get_tunnel_lower(handle, &lower); 2638 if (rc != ICFG_SUCCESS) 2639 Perror0_exit((char *)icfg_errmsg(rc)); 2640 2641 if (lower == AF_INET) { 2642 in_getaddr(addr, (struct sockaddr *)&laddr, NULL); 2643 } else { 2644 in6_getaddr(addr, (struct sockaddr *)&laddr, NULL); 2645 } 2646 2647 /* Call fn to do the real work, and close the interface. */ 2648 rc = (*fn)(handle, (struct sockaddr *)&laddr, 2649 sizeof (struct sockaddr_storage)); 2650 icfg_close(handle); 2651 2652 if (rc != ICFG_SUCCESS) 2653 Perror0_exit((char *)icfg_errmsg(rc)); 2654 2655 return (0); 2656 } 2657 2658 /* Set tunnel encapsulation limit. */ 2659 /* ARGSUSED */ 2660 static int 2661 set_tun_encap_limit(char *arg, int64_t param) 2662 { 2663 short limit; 2664 icfg_if_t interface; 2665 icfg_handle_t handle; 2666 int rc; 2667 2668 if (strchr(name, ':') != NULL) { 2669 errno = EPERM; 2670 Perror0_exit("Tunnel params on logical interfaces"); 2671 } 2672 2673 if ((sscanf(arg, "%hd", &limit) != 1) || (limit < 0) || 2674 (limit > 255)) { 2675 errno = EINVAL; 2676 Perror0_exit("Invalid encapsulation limit"); 2677 } 2678 2679 /* Open interface for configuration. */ 2680 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2681 interface.if_protocol = SOCKET_AF(af); 2682 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2683 Perror0_exit("couldn't open interface"); 2684 2685 rc = icfg_set_tunnel_encaplimit(handle, (int)limit); 2686 icfg_close(handle); 2687 2688 if (rc != ICFG_SUCCESS) 2689 Perror0_exit("Could not configure tunnel encapsulation limit"); 2690 2691 return (0); 2692 } 2693 2694 /* Disable encapsulation limit. */ 2695 /* ARGSUSED */ 2696 static int 2697 clr_tun_encap_limit(char *arg, int64_t param) 2698 { 2699 icfg_if_t interface; 2700 icfg_handle_t handle; 2701 int rc; 2702 2703 if (strchr(name, ':') != NULL) { 2704 errno = EPERM; 2705 Perror0_exit("Tunnel params on logical interfaces"); 2706 } 2707 2708 /* Open interface for configuration. */ 2709 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2710 interface.if_protocol = SOCKET_AF(af); 2711 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2712 Perror0_exit("couldn't open interface"); 2713 2714 rc = icfg_set_tunnel_encaplimit(handle, -1); 2715 icfg_close(handle); 2716 2717 if (rc != ICFG_SUCCESS) 2718 Perror0_exit((char *)icfg_errmsg(rc)); 2719 2720 return (0); 2721 } 2722 2723 /* Set tunnel hop limit. */ 2724 /* ARGSUSED */ 2725 static int 2726 set_tun_hop_limit(char *arg, int64_t param) 2727 { 2728 unsigned short limit; 2729 icfg_if_t interface; 2730 icfg_handle_t handle; 2731 int rc; 2732 2733 if (strchr(name, ':') != NULL) { 2734 errno = EPERM; 2735 Perror0_exit("Tunnel params on logical interfaces"); 2736 } 2737 2738 /* 2739 * Check limit here since it's really only an 8-bit unsigned quantity. 2740 */ 2741 if ((sscanf(arg, "%hu", &limit) != 1) || (limit > 255)) { 2742 errno = EINVAL; 2743 Perror0_exit("Invalid hop limit"); 2744 } 2745 2746 /* Open interface for configuration. */ 2747 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 2748 interface.if_protocol = SOCKET_AF(af); 2749 if (icfg_open(&handle, &interface) != ICFG_SUCCESS) 2750 Perror0_exit("couldn't open interface"); 2751 2752 rc = icfg_set_tunnel_hoplimit(handle, (uint8_t)limit); 2753 icfg_close(handle); 2754 2755 if (rc != ICFG_SUCCESS) 2756 Perror0_exit("Could not configure tunnel hop limit"); 2757 2758 return (0); 2759 } 2760 2761 /* Set zone ID */ 2762 static int 2763 setzone(char *arg, int64_t param) 2764 { 2765 zoneid_t zoneid = GLOBAL_ZONEID; 2766 2767 if (param == NEXTARG) { 2768 /* zone must be active */ 2769 if ((zoneid = getzoneidbyname(arg)) == -1) { 2770 (void) fprintf(stderr, 2771 "ifconfig: unknown zone '%s'\n", arg); 2772 exit(1); 2773 } 2774 } 2775 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2776 lifr.lifr_zoneid = zoneid; 2777 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2778 Perror0_exit("SIOCSLIFZONE"); 2779 return (0); 2780 } 2781 2782 /* Put interface into all zones */ 2783 /* ARGSUSED */ 2784 static int 2785 setallzones(char *arg, int64_t param) 2786 { 2787 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2788 lifr.lifr_zoneid = ALL_ZONES; 2789 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1) 2790 Perror0_exit("SIOCSLIFZONE"); 2791 return (0); 2792 } 2793 2794 /* Set source address to use */ 2795 /* ARGSUSED */ 2796 static int 2797 setifsrc(char *arg, int64_t param) 2798 { 2799 uint_t ifindex = 0; 2800 int rval; 2801 2802 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2803 2804 /* 2805 * Argument can be either an interface name or "none". The latter means 2806 * that any previous selection is cleared. 2807 */ 2808 2809 rval = strcmp(arg, name); 2810 if (rval == 0) { 2811 (void) fprintf(stderr, 2812 "ifconfig: Cannot specify same interface for usesrc" 2813 " group\n"); 2814 exit(1); 2815 } 2816 2817 rval = strcmp(arg, NONE_STR); 2818 if (rval != 0) { 2819 if ((ifindex = if_nametoindex(arg)) == 0) { 2820 (void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ); 2821 Perror0_exit("Could not get interface index"); 2822 } 2823 lifr.lifr_index = ifindex; 2824 } else { 2825 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0) 2826 Perror0_exit("Not a valid usesrc consumer"); 2827 lifr.lifr_index = 0; 2828 } 2829 2830 if (debug) 2831 (void) printf("setifsrc: lifr_name %s, lifr_index %d\n", 2832 lifr.lifr_name, lifr.lifr_index); 2833 2834 if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) { 2835 if (rval == 0) 2836 Perror0_exit("Cannot reset usesrc group"); 2837 else 2838 Perror0_exit("Could not set source interface"); 2839 } 2840 2841 return (0); 2842 } 2843 2844 /* 2845 * Print the interface status line associated with `ifname' 2846 */ 2847 static void 2848 ifstatus(const char *ifname) 2849 { 2850 uint64_t flags; 2851 char if_usesrc_name[LIFNAMSIZ]; 2852 char *newbuf; 2853 int n, numifs, rval = 0; 2854 struct lifreq *lifrp; 2855 struct lifsrcof lifs; 2856 2857 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2858 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2859 Perror0_exit("status: SIOCGLIFFLAGS"); 2860 } 2861 flags = lifr.lifr_flags; 2862 2863 /* 2864 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or 2865 * interfaces with IFF_IPV6 set. 2866 */ 2867 if (v4compat) { 2868 flags &= ~IFF_IPV4; 2869 if (flags & IFF_IPV6) 2870 return; 2871 } 2872 2873 (void) printf("%s: ", ifname); 2874 print_flags(flags); 2875 2876 (void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name)); 2877 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 2878 Perror0_exit("status: SIOCGLIFMETRIC"); 2879 } else { 2880 if (lifr.lifr_metric) 2881 (void) printf(" metric %d", lifr.lifr_metric); 2882 } 2883 if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 2884 (void) printf(" mtu %d", lifr.lifr_metric); 2885 2886 /* don't print index or zone when in compatibility mode */ 2887 if (!v4compat) { 2888 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 2889 (void) printf(" index %d", lifr.lifr_index); 2890 /* 2891 * Stack instances use GLOBAL_ZONEID for IP data structures 2892 * even in the non-global zone. 2893 */ 2894 if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 && 2895 lifr.lifr_zoneid != getzoneid() && 2896 lifr.lifr_zoneid != GLOBAL_ZONEID) { 2897 char zone_name[ZONENAME_MAX]; 2898 2899 if (lifr.lifr_zoneid == ALL_ZONES) { 2900 (void) printf("\n\tall-zones"); 2901 } else if (getzonenamebyid(lifr.lifr_zoneid, zone_name, 2902 sizeof (zone_name)) < 0) { 2903 (void) printf("\n\tzone %d", lifr.lifr_zoneid); 2904 } else { 2905 (void) printf("\n\tzone %s", zone_name); 2906 } 2907 } 2908 } 2909 2910 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) { 2911 lifs.lifs_ifindex = lifr.lifr_index; 2912 2913 /* 2914 * Find the number of interfaces that use this interfaces' 2915 * address as a source address 2916 */ 2917 lifs.lifs_buf = NULL; 2918 lifs.lifs_maxlen = 0; 2919 for (;;) { 2920 /* The first pass will give the bufsize we need */ 2921 rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs); 2922 if (rval < 0) { 2923 if (lifs.lifs_buf != NULL) { 2924 free(lifs.lifs_buf); 2925 lifs.lifs_buf = NULL; 2926 } 2927 lifs.lifs_len = 0; 2928 break; 2929 } 2930 if (lifs.lifs_len <= lifs.lifs_maxlen) 2931 break; 2932 /* Use kernel's size + a small margin to avoid loops */ 2933 lifs.lifs_maxlen = lifs.lifs_len + 2934 5 * sizeof (struct lifreq); 2935 /* For the first pass, realloc acts like malloc */ 2936 newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen); 2937 if (newbuf == NULL) { 2938 if (lifs.lifs_buf != NULL) { 2939 free(lifs.lifs_buf); 2940 lifs.lifs_buf = NULL; 2941 } 2942 lifs.lifs_len = 0; 2943 break; 2944 } 2945 lifs.lifs_buf = newbuf; 2946 } 2947 2948 2949 numifs = lifs.lifs_len / sizeof (struct lifreq); 2950 if (numifs > 0) { 2951 lifrp = lifs.lifs_req; 2952 (void) printf("\n\tsrcof"); 2953 for (n = numifs; n > 0; n--, lifrp++) { 2954 (void) printf(" %s", lifrp->lifr_name); 2955 } 2956 } 2957 2958 if (lifs.lifs_buf != NULL) 2959 free(lifs.lifs_buf); 2960 } 2961 2962 /* Find the interface whose source address this interface uses */ 2963 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 2964 if (lifr.lifr_index != 0) { 2965 if (if_indextoname(lifr.lifr_index, 2966 if_usesrc_name) == NULL) { 2967 (void) printf("\n\tusesrc ifIndex %d", 2968 lifr.lifr_index); 2969 } else { 2970 (void) printf("\n\tusesrc %s", if_usesrc_name); 2971 } 2972 } 2973 } 2974 2975 (void) putchar('\n'); 2976 } 2977 2978 2979 /* 2980 * Print the status of the interface. If an address family was 2981 * specified, show it and it only; otherwise, show them all. 2982 */ 2983 static void 2984 status(void) 2985 { 2986 struct afswtch *p = afp; 2987 uint64_t flags; 2988 2989 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 2990 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 2991 Perror0_exit("status: SIOCGLIFFLAGS"); 2992 } 2993 2994 flags = lifr.lifr_flags; 2995 2996 /* 2997 * Only print the interface status if the address family matches 2998 * the interface family flag. 2999 */ 3000 if (p != NULL) { 3001 if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) || 3002 ((p->af_af == AF_INET) && (flags & IFF_IPV6))) 3003 return; 3004 } 3005 3006 /* 3007 * In V4 compatibility mode, don't print IFF_IPV6 interfaces. 3008 */ 3009 if (v4compat && (flags & IFF_IPV6)) 3010 return; 3011 3012 ifstatus(name); 3013 3014 if (p != NULL) { 3015 (*p->af_status)(1, flags); 3016 } else { 3017 for (p = afs; p->af_name; p++) { 3018 (void) close(s); 3019 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 3020 /* set global af for use in p->af_status */ 3021 af = p->af_af; 3022 if (s == -1) { 3023 Perror0_exit("socket"); 3024 } 3025 (*p->af_status)(0, flags); 3026 } 3027 3028 /* 3029 * Historically, 'ether' has been an address family, 3030 * so print it here. 3031 */ 3032 print_ifether(name); 3033 } 3034 } 3035 3036 /* 3037 * Print the status of the interface in a format that can be used to 3038 * reconfigure the interface later. Code stolen from status() above. 3039 */ 3040 /* ARGSUSED */ 3041 static int 3042 configinfo(char *null, int64_t param) 3043 { 3044 struct afswtch *p = afp; 3045 uint64_t flags; 3046 char phydevname[LIFNAMSIZ]; 3047 char if_usesrc_name[LIFNAMSIZ]; 3048 char *cp; 3049 3050 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3051 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 3052 Perror0_exit("status: SIOCGLIFFLAGS"); 3053 } 3054 flags = lifr.lifr_flags; 3055 3056 if (debug) { 3057 (void) printf("configinfo: name %s flags 0x%llx af_af %d\n", 3058 name, flags, p != NULL ? p->af_af : -1); 3059 } 3060 3061 /* remove LIF component */ 3062 (void) strncpy(phydevname, name, sizeof (phydevname)); 3063 cp = strchr(phydevname, ':'); 3064 if (cp) { 3065 *cp = 0; 3066 } 3067 phydevname[sizeof (phydevname) - 1] = '\0'; 3068 3069 /* 3070 * if the interface is IPv4 3071 * if we have a IPv6 address family restriction return 3072 * so it won't print 3073 * if we are in IPv4 compatibility mode, clear out IFF_IPV4 3074 * so we don't print it. 3075 */ 3076 if (flags & IFF_IPV4) { 3077 if (p && p->af_af == AF_INET6) 3078 return (-1); 3079 if (v4compat) 3080 flags &= ~IFF_IPV4; 3081 3082 (void) printf("%s inet plumb", phydevname); 3083 } else if (flags & IFF_IPV6) { 3084 /* 3085 * else if the interface is IPv6 3086 * if we have a IPv4 address family restriction return 3087 * or we are in IPv4 compatibiltiy mode, return. 3088 */ 3089 if (p && p->af_af == AF_INET) 3090 return (-1); 3091 if (v4compat) 3092 return (-1); 3093 3094 (void) printf("%s inet6 plumb", phydevname); 3095 } 3096 3097 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3098 if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) { 3099 Perror0_exit("configinfo: SIOCGLIFMETRIC"); 3100 } else { 3101 if (lifr.lifr_metric) 3102 (void) printf(" metric %d ", lifr.lifr_metric); 3103 } 3104 if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) && 3105 ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0) 3106 (void) printf(" mtu %d", lifr.lifr_metric); 3107 3108 /* don't print index when in compatibility mode */ 3109 if (!v4compat) { 3110 if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) 3111 (void) printf(" index %d", lifr.lifr_index); 3112 } 3113 3114 if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) { 3115 if (lifr.lifr_index != 0) { 3116 if (if_indextoname(lifr.lifr_index, 3117 if_usesrc_name) != NULL) { 3118 (void) printf(" usesrc %s", if_usesrc_name); 3119 } 3120 } 3121 } 3122 3123 if (p != NULL) { 3124 (*p->af_configinfo)(1, flags); 3125 } else { 3126 for (p = afs; p->af_name; p++) { 3127 (void) close(s); 3128 s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0); 3129 /* set global af for use in p->af_configinfo */ 3130 af = p->af_af; 3131 if (s == -1) { 3132 Perror0_exit("socket"); 3133 } 3134 (*p->af_configinfo)(0, flags); 3135 } 3136 } 3137 3138 (void) printf("\n"); 3139 3140 return (0); 3141 } 3142 3143 static void 3144 print_tsec(struct iftun_req *tparams) 3145 { 3146 ipsec_req_t *ipsr; 3147 3148 (void) printf("\ttunnel security settings "); 3149 /* 3150 * Deal with versioning, for now just point 3151 * an ipsec_req_t at ifta_secinfo. If versions 3152 * change, something else will overlay ifta_secinfo. 3153 */ 3154 assert(tparams->ifta_vers == IFTUN_VERSION); 3155 3156 if (tparams->ifta_flags & IFTUN_COMPLEX_SECURITY) { 3157 (void) printf("--> use 'ipsecconf -ln -i %s'", 3158 tparams->ifta_lifr_name); 3159 } else { 3160 ipsr = (ipsec_req_t *)(&tparams->ifta_secinfo); 3161 if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) { 3162 (void) printf("ah (%s) ", 3163 rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH)); 3164 } 3165 if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) { 3166 (void) printf("esp (%s", 3167 rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP)); 3168 (void) printf("/%s)", 3169 rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH)); 3170 } 3171 } 3172 (void) printf("\n"); 3173 } 3174 3175 static void 3176 tun_status(void) 3177 { 3178 icfg_if_t interface; 3179 int rc; 3180 icfg_handle_t handle; 3181 int protocol; 3182 char srcbuf[INET6_ADDRSTRLEN]; 3183 char dstbuf[INET6_ADDRSTRLEN]; 3184 boolean_t tabbed; 3185 uint8_t hoplimit; 3186 int16_t encaplimit; 3187 struct sockaddr_storage taddr; 3188 socklen_t socklen = sizeof (taddr); 3189 3190 (void) strncpy(interface.if_name, name, sizeof (interface.if_name)); 3191 interface.if_protocol = SOCKET_AF(af); 3192 if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS) 3193 Perror0_exit((char *)icfg_errmsg(rc)); 3194 3195 /* 3196 * only print tunnel info for lun 0. If ioctl fails, assume 3197 * we are not a tunnel 3198 */ 3199 if (strchr(name, ':') != NULL || 3200 icfg_get_tunnel_lower(handle, &protocol) != ICFG_SUCCESS) { 3201 icfg_close(handle); 3202 return; 3203 } 3204 3205 switch (protocol) { 3206 case AF_INET: 3207 (void) printf("\tinet"); 3208 break; 3209 case AF_INET6: 3210 (void) printf("\tinet6"); 3211 break; 3212 default: 3213 Perror0_exit("\ttunnel: Illegal lower stream\n\t"); 3214 break; 3215 } 3216 3217 rc = icfg_get_tunnel_src(handle, (struct sockaddr *)&taddr, &socklen); 3218 if (rc == ICFG_NOT_SET) { 3219 (void) strlcpy(srcbuf, (protocol == AF_INET) ? "0.0.0.0" : 3220 "::", sizeof (srcbuf)); 3221 } else if (rc != ICFG_SUCCESS) { 3222 Perror0_exit((char *)icfg_errmsg(rc)); 3223 } else { 3224 rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr, 3225 srcbuf, sizeof (srcbuf)); 3226 if (rc != ICFG_SUCCESS) { 3227 Perror0_exit((char *)icfg_errmsg(rc)); 3228 } 3229 } 3230 3231 (void) printf(" tunnel src %s ", srcbuf); 3232 3233 rc = icfg_get_tunnel_dest(handle, (struct sockaddr *)&taddr, &socklen); 3234 if (rc == ICFG_NOT_SET) { 3235 (void) printf("\n"); 3236 } else { 3237 rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr, 3238 dstbuf, sizeof (dstbuf)); 3239 if (rc != ICFG_SUCCESS) { 3240 Perror0_exit((char *)icfg_errmsg(rc)); 3241 } 3242 (void) printf("tunnel dst %s\n", dstbuf); 3243 } 3244 3245 if (handle->ifh_tunnel_params != NULL && 3246 (handle->ifh_tunnel_params->ifta_flags & IFTUN_SECURITY)) 3247 print_tsec(handle->ifh_tunnel_params); 3248 3249 /* 3250 * tabbed indicates tabbed and printed. Use it tell us whether 3251 * to tab and that we've printed something here, so we need a 3252 * newline 3253 */ 3254 tabbed = _B_FALSE; 3255 3256 if (icfg_get_tunnel_hoplimit(handle, &hoplimit) == ICFG_SUCCESS) { 3257 (void) printf("\ttunnel hop limit %d ", hoplimit); 3258 tabbed = _B_TRUE; 3259 } 3260 3261 if ((protocol == AF_INET6) && 3262 (icfg_get_tunnel_encaplimit(handle, &encaplimit) == 3263 ICFG_SUCCESS)) { 3264 if (!tabbed) { 3265 (void) printf("\t"); 3266 tabbed = _B_TRUE; 3267 } 3268 if (encaplimit >= 0) { 3269 (void) printf("tunnel encapsulation limit %d", 3270 encaplimit); 3271 } else { 3272 (void) printf("tunnel encapsulation limit disabled"); 3273 } 3274 } 3275 3276 if (tabbed) 3277 (void) printf("\n"); 3278 3279 icfg_close(handle); 3280 } 3281 3282 static void 3283 in_status(int force, uint64_t flags) 3284 { 3285 struct sockaddr_in *sin, *laddr; 3286 struct sockaddr_in netmask = { AF_INET }; 3287 3288 if (debug) 3289 (void) printf("in_status(%s) flags 0x%llx\n", name, flags); 3290 3291 /* only print status for IPv4 interfaces */ 3292 if (!(flags & IFF_IPV4)) 3293 return; 3294 3295 /* if the interface is a tunnel, print the tunnel status */ 3296 tun_status(); 3297 3298 if (!(flags & IFF_NOLOCAL)) { 3299 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3300 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3301 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3302 errno == ENXIO) { 3303 if (!force) 3304 return; 3305 (void) memset(&lifr.lifr_addr, 0, 3306 sizeof (lifr.lifr_addr)); 3307 } else 3308 Perror0_exit("in_status: SIOCGLIFADDR"); 3309 } 3310 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3311 (void) printf("\tinet %s ", inet_ntoa(sin->sin_addr)); 3312 laddr = sin; 3313 } else { 3314 (void) printf("\tinet "); 3315 } 3316 3317 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3318 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3319 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3320 errno == ENXIO) { 3321 if (!force) 3322 return; 3323 (void) memset(&lifr.lifr_addr, 0, 3324 sizeof (lifr.lifr_addr)); 3325 } else { 3326 Perror0_exit("in_status: SIOCGLIFSUBNET"); 3327 } 3328 } 3329 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3330 if ((flags & IFF_NOLOCAL) || 3331 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3332 (void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr), 3333 lifr.lifr_addrlen); 3334 } 3335 if (sin->sin_family != AF_INET) { 3336 (void) printf("Wrong family: %d\n", sin->sin_family); 3337 } 3338 3339 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3340 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3341 if (errno != EADDRNOTAVAIL) 3342 Perror0_exit("in_status: SIOCGLIFNETMASK"); 3343 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3344 } else 3345 netmask.sin_addr = 3346 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3347 if (flags & IFF_POINTOPOINT) { 3348 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3349 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3350 if (errno == EADDRNOTAVAIL) 3351 (void) memset(&lifr.lifr_addr, 0, 3352 sizeof (lifr.lifr_addr)); 3353 else 3354 Perror0_exit("in_status: SIOCGLIFDSTADDR"); 3355 } 3356 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3357 (void) printf("--> %s ", inet_ntoa(sin->sin_addr)); 3358 } 3359 (void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr)); 3360 if (flags & IFF_BROADCAST) { 3361 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3362 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3363 if (errno == EADDRNOTAVAIL) 3364 (void) memset(&lifr.lifr_addr, 0, 3365 sizeof (lifr.lifr_addr)); 3366 else 3367 Perror0_exit("in_status: SIOCGLIFBRDADDR"); 3368 } 3369 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3370 if (sin->sin_addr.s_addr != 0) { 3371 (void) printf("broadcast %s", 3372 inet_ntoa(sin->sin_addr)); 3373 } 3374 } 3375 /* If there is a groupname, print it for lun 0 alone */ 3376 if (strchr(name, ':') == NULL) { 3377 (void) memset(lifr.lifr_groupname, 0, 3378 sizeof (lifr.lifr_groupname)); 3379 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) { 3380 if (strlen(lifr.lifr_groupname) > 0) { 3381 (void) printf("\n\tgroupname %s", 3382 lifr.lifr_groupname); 3383 } 3384 } 3385 } 3386 (void) putchar('\n'); 3387 } 3388 3389 static void 3390 in6_status(int force, uint64_t flags) 3391 { 3392 char abuf[INET6_ADDRSTRLEN]; 3393 struct sockaddr_in6 *sin6, *laddr6; 3394 3395 if (debug) 3396 (void) printf("in6_status(%s) flags 0x%llx\n", name, flags); 3397 3398 if (!(flags & IFF_IPV6)) 3399 return; 3400 3401 /* if the interface is a tunnel, print the tunnel status */ 3402 tun_status(); 3403 3404 if (!(flags & IFF_NOLOCAL)) { 3405 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3406 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3407 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3408 errno == ENXIO) { 3409 if (!force) 3410 return; 3411 (void) memset(&lifr.lifr_addr, 0, 3412 sizeof (lifr.lifr_addr)); 3413 } else 3414 Perror0_exit("in_status6: SIOCGLIFADDR"); 3415 } 3416 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3417 (void) printf("\tinet6 %s/%d ", 3418 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3419 abuf, sizeof (abuf)), 3420 lifr.lifr_addrlen); 3421 laddr6 = sin6; 3422 } else { 3423 (void) printf("\tinet6 "); 3424 } 3425 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3426 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3427 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3428 errno == ENXIO) { 3429 if (!force) 3430 return; 3431 (void) memset(&lifr.lifr_addr, 0, 3432 sizeof (lifr.lifr_addr)); 3433 } else 3434 Perror0_exit("in_status6: SIOCGLIFSUBNET"); 3435 } 3436 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3437 if ((flags & IFF_NOLOCAL) || 3438 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3439 (void) printf("subnet %s/%d ", 3440 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3441 abuf, sizeof (abuf)), 3442 lifr.lifr_addrlen); 3443 } 3444 if (sin6->sin6_family != AF_INET6) { 3445 (void) printf("Wrong family: %d\n", sin6->sin6_family); 3446 } 3447 if (flags & IFF_POINTOPOINT) { 3448 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3449 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3450 if (errno == EADDRNOTAVAIL) 3451 (void) memset(&lifr.lifr_addr, 0, 3452 sizeof (lifr.lifr_addr)); 3453 else 3454 Perror0_exit("in_status6: SIOCGLIFDSTADDR"); 3455 } 3456 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3457 (void) printf("--> %s ", 3458 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3459 abuf, sizeof (abuf))); 3460 } 3461 if (verbose) { 3462 (void) putchar('\n'); 3463 (void) putchar('\t'); 3464 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3465 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3466 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3467 (void) memset(&lifr.lifr_addr, 0, 3468 sizeof (lifr.lifr_addr)); 3469 else 3470 Perror0_exit("in_status6: SIOCGLIFTOKEN"); 3471 } else { 3472 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3473 (void) printf("token %s/%d ", 3474 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3475 abuf, sizeof (abuf)), 3476 lifr.lifr_addrlen); 3477 } 3478 if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) { 3479 if (errno != EINVAL) { 3480 Perror0_exit("in_status6: SIOCGLIFLNKINFO"); 3481 } 3482 } else { 3483 (void) printf("maxhops %u, reachtime %u ms, " 3484 "reachretrans %u ms, maxmtu %u ", 3485 lifr.lifr_ifinfo.lir_maxhops, 3486 lifr.lifr_ifinfo.lir_reachtime, 3487 lifr.lifr_ifinfo.lir_reachretrans, 3488 lifr.lifr_ifinfo.lir_maxmtu); 3489 } 3490 } 3491 /* If there is a groupname, print it for lun 0 alone */ 3492 if (strchr(name, ':') == NULL) { 3493 (void) memset(lifr.lifr_groupname, 0, 3494 sizeof (lifr.lifr_groupname)); 3495 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) { 3496 if (strlen(lifr.lifr_groupname) > 0) { 3497 (void) printf("\n\tgroupname %s", 3498 lifr.lifr_groupname); 3499 } 3500 } 3501 } 3502 (void) putchar('\n'); 3503 } 3504 3505 static void 3506 in_configinfo(int force, uint64_t flags) 3507 { 3508 struct sockaddr_in *sin, *laddr; 3509 struct sockaddr_in netmask = { AF_INET }; 3510 3511 if (debug) 3512 (void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags); 3513 3514 /* only configinfo info for IPv4 interfaces */ 3515 if (!(flags & IFF_IPV4)) 3516 return; 3517 3518 if (!(flags & IFF_NOLOCAL)) { 3519 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3520 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3521 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3522 errno == ENXIO) { 3523 if (!force) 3524 return; 3525 (void) memset(&lifr.lifr_addr, 0, 3526 sizeof (lifr.lifr_addr)); 3527 } else 3528 Perror0_exit("in_configinfo: SIOCGLIFADDR"); 3529 } 3530 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3531 if (get_lun(name) != 0) { 3532 (void) printf(" addif %s ", inet_ntoa(sin->sin_addr)); 3533 } else { 3534 (void) printf(" set %s ", inet_ntoa(sin->sin_addr)); 3535 } 3536 laddr = sin; 3537 } 3538 3539 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3540 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3541 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3542 errno == ENXIO) { 3543 if (!force) 3544 return; 3545 (void) memset(&lifr.lifr_addr, 0, 3546 sizeof (lifr.lifr_addr)); 3547 } else { 3548 Perror0_exit("in_configinfo: SIOCGLIFSUBNET"); 3549 } 3550 } 3551 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3552 3553 if ((flags & IFF_NOLOCAL) || 3554 sin->sin_addr.s_addr != laddr->sin_addr.s_addr) { 3555 (void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr), 3556 lifr.lifr_addrlen); 3557 } 3558 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3559 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) { 3560 if (errno != EADDRNOTAVAIL) 3561 Perror0_exit("in_configinfo: SIOCGLIFNETMASK"); 3562 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3563 } else 3564 netmask.sin_addr = 3565 ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr; 3566 if (flags & IFF_POINTOPOINT) { 3567 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3568 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3569 if (errno == EADDRNOTAVAIL) 3570 (void) memset(&lifr.lifr_addr, 0, 3571 sizeof (lifr.lifr_addr)); 3572 else 3573 Perror0_exit("in_configinfo: SIOCGLIFDSTADDR"); 3574 } 3575 sin = (struct sockaddr_in *)&lifr.lifr_dstaddr; 3576 (void) printf(" destination %s ", inet_ntoa(sin->sin_addr)); 3577 } 3578 (void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr)); 3579 if (flags & IFF_BROADCAST) { 3580 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3581 if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) { 3582 if (errno == EADDRNOTAVAIL) 3583 (void) memset(&lifr.lifr_addr, 0, 3584 sizeof (lifr.lifr_addr)); 3585 else 3586 Perror0_exit("in_configinfo: SIOCGLIFBRDADDR"); 3587 } 3588 sin = (struct sockaddr_in *)&lifr.lifr_addr; 3589 if (sin->sin_addr.s_addr != 0) { 3590 (void) printf(" broadcast %s ", 3591 inet_ntoa(sin->sin_addr)); 3592 } 3593 } 3594 3595 /* If there is a groupname, print it for lun 0 alone */ 3596 if (get_lun(name) == 0) { 3597 (void) memset(lifr.lifr_groupname, 0, 3598 sizeof (lifr.lifr_groupname)); 3599 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) { 3600 if (strlen(lifr.lifr_groupname) > 0) { 3601 (void) printf(" group %s ", 3602 lifr.lifr_groupname); 3603 } 3604 } 3605 } 3606 3607 /* Print flags to configure */ 3608 print_config_flags(flags); 3609 3610 /* IFF_NOARP applies to AF_INET only */ 3611 if (flags & IFF_NOARP) { 3612 (void) printf("-arp "); 3613 } 3614 } 3615 3616 static void 3617 in6_configinfo(int force, uint64_t flags) 3618 { 3619 char abuf[INET6_ADDRSTRLEN]; 3620 struct sockaddr_in6 *sin6, *laddr6; 3621 3622 if (debug) 3623 (void) printf("in6_configinfo(%s) flags 0x%llx\n", name, 3624 flags); 3625 3626 if (!(flags & IFF_IPV6)) 3627 return; 3628 3629 if (!(flags & IFF_NOLOCAL)) { 3630 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3631 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 3632 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3633 errno == ENXIO) { 3634 if (!force) 3635 return; 3636 (void) memset(&lifr.lifr_addr, 0, 3637 sizeof (lifr.lifr_addr)); 3638 } else 3639 Perror0_exit("in6_configinfo: SIOCGLIFADDR"); 3640 } 3641 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3642 if (get_lun(name) != 0) { 3643 (void) printf(" addif %s/%d ", 3644 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3645 abuf, sizeof (abuf)), 3646 lifr.lifr_addrlen); 3647 } else { 3648 (void) printf(" set %s/%d ", 3649 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3650 abuf, sizeof (abuf)), 3651 lifr.lifr_addrlen); 3652 } 3653 laddr6 = sin6; 3654 } 3655 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3656 if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) { 3657 if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT || 3658 errno == ENXIO) { 3659 if (!force) 3660 return; 3661 (void) memset(&lifr.lifr_addr, 0, 3662 sizeof (lifr.lifr_addr)); 3663 } else 3664 Perror0_exit("in6_configinfo: SIOCGLIFSUBNET"); 3665 } 3666 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3667 if ((flags & IFF_NOLOCAL) || 3668 !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) { 3669 (void) printf(" subnet %s/%d ", 3670 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3671 abuf, sizeof (abuf)), 3672 lifr.lifr_addrlen); 3673 } 3674 3675 if (flags & IFF_POINTOPOINT) { 3676 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3677 if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) { 3678 if (errno == EADDRNOTAVAIL) 3679 (void) memset(&lifr.lifr_addr, 0, 3680 sizeof (lifr.lifr_addr)); 3681 else 3682 Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR"); 3683 } 3684 sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr; 3685 (void) printf(" destination %s ", 3686 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3687 abuf, sizeof (abuf))); 3688 } 3689 3690 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3691 if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) { 3692 if (errno == EADDRNOTAVAIL || errno == EINVAL) 3693 (void) memset(&lifr.lifr_addr, 0, 3694 sizeof (lifr.lifr_addr)); 3695 else 3696 Perror0_exit("in6_configinfo: SIOCGLIFTOKEN"); 3697 } else { 3698 sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr; 3699 (void) printf(" token %s/%d ", 3700 inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, 3701 abuf, sizeof (abuf)), 3702 lifr.lifr_addrlen); 3703 } 3704 3705 /* If there is a groupname, print it for lun 0 alone */ 3706 if (get_lun(name) == 0) { 3707 (void) memset(lifr.lifr_groupname, 0, 3708 sizeof (lifr.lifr_groupname)); 3709 if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) { 3710 if (strlen(lifr.lifr_groupname) > 0) { 3711 (void) printf(" group %s ", 3712 lifr.lifr_groupname); 3713 } 3714 } 3715 } 3716 3717 /* Print flags to configure */ 3718 print_config_flags(flags); 3719 3720 /* IFF_NONUD applies to AF_INET6 only */ 3721 if (flags & IFF_NONUD) { 3722 (void) printf("-nud "); 3723 } 3724 } 3725 3726 /* ARGSUSED */ 3727 static int 3728 get_lun(char *rsrc) 3729 { 3730 char resource[LIFNAMSIZ]; 3731 char *cp; 3732 3733 (void) strcpy(resource, rsrc); 3734 3735 /* remove LIF component */ 3736 cp = strchr(resource, ':'); 3737 if (cp) { 3738 cp++; 3739 return (atoi(cp)); 3740 } 3741 3742 return (0); 3743 } 3744 3745 /* 3746 * We need to plink both the arp-device stream and the arp-ip-device stream. 3747 * However the muxid is stored only in IP. Plumbing 2 streams individually 3748 * is not atomic, and if ifconfig is killed, the resulting plumbing can 3749 * be inconsistent. For eg. if only the arp stream is plumbed, we have lost 3750 * the muxid, and the half-baked plumbing can neither be unplumbed nor 3751 * replumbed, thus requiring a reboot. To avoid the above the following 3752 * scheme is used. 3753 * 3754 * Ifconfig asks IP to enforce atomicity of plumbing the arp and IP streams. 3755 * This is done by pushing arp on to the mux (/dev/udp). ARP adds some 3756 * extra information in the I_PLINK and I_PUNLINK ioctls to let IP know 3757 * that the plumbing/unplumbing has to be done atomically. Ifconfig plumbs 3758 * the IP stream first, and unplumbs it last. The kernel (IP) does not 3759 * allow IP stream to be unplumbed without unplumbing arp stream. Similarly 3760 * it does not allow arp stream to be plumbed before IP stream is plumbed. 3761 * There is no need to use SIOCSLIFMUXID, since the whole operation is atomic, 3762 * and IP uses the info in the I_PLINK message to get the muxid. 3763 * 3764 * a. STREAMS does not allow us to use /dev/ip itself as the mux. So we use 3765 * /dev/udp[6]. 3766 * b. SIOCGLIFMUXID returns the muxid corresponding to the V4 or V6 stream 3767 * depending on the open i.e. V4 vs V6 open. So we need to use /dev/udp 3768 * or /dev/udp6. 3769 * c. We need to push ARP in order to get the required kernel support for 3770 * atomic plumbings. The actual work done by ARP is explained in arp.c 3771 * Without pushing ARP, we will still be able to plumb/unplumb. But 3772 * it is not atomic, and is supported by the kernel for backward 3773 * compatibility for other utilities like atmifconfig etc. In this case 3774 * the utility must use SIOCSLIFMUXID. 3775 */ 3776 static void 3777 plumb_one_device(int af) 3778 { 3779 int arp_muxid = -1, ip_muxid; 3780 int mux_fd, ip_fd, arp_fd; 3781 int retval; 3782 uint_t ppa; 3783 char *udp_dev_name; 3784 char provider[DLPI_LINKNAME_MAX]; 3785 dlpi_handle_t dh_arp, dh_ip; 3786 3787 /* 3788 * We use DLPI_NOATTACH because the ip module will do the attach 3789 * itself for DLPI style-2 devices. 3790 */ 3791 retval = dlpi_open(name, &dh_ip, DLPI_NOATTACH); 3792 if (retval != DLPI_SUCCESS) 3793 Perrdlpi_exit("cannot open link", name, retval); 3794 3795 if ((retval = dlpi_parselink(name, provider, &ppa)) != DLPI_SUCCESS) 3796 Perrdlpi_exit("dlpi_parselink", name, retval); 3797 3798 if (debug) { 3799 (void) printf("ifconfig: plumb_one_device: provider %s," 3800 " ppa %u\n", provider, ppa); 3801 } 3802 3803 ip_fd = dlpi_fd(dh_ip); 3804 if (ioctl(ip_fd, I_PUSH, IP_MOD_NAME) == -1) 3805 Perror2_exit("I_PUSH", IP_MOD_NAME); 3806 3807 /* 3808 * Push the ARP module onto the interface stream. IP uses 3809 * this to send resolution requests up to ARP. We need to 3810 * do this before the SLIFNAME ioctl is sent down because 3811 * the interface becomes publicly known as soon as the SLIFNAME 3812 * ioctl completes. Thus some other process trying to bring up 3813 * the interface after SLIFNAME but before we have pushed ARP 3814 * could hang. We pop the module again later if it is not needed. 3815 */ 3816 if (ioctl(ip_fd, I_PUSH, ARP_MOD_NAME) == -1) 3817 Perror2_exit("I_PUSH", ARP_MOD_NAME); 3818 3819 /* 3820 * Set IFF_IPV4/IFF_IPV6 flags. 3821 * At this point in time the kernel also allows an 3822 * override of the CANTCHANGE flags. 3823 */ 3824 lifr.lifr_name[0] = '\0'; 3825 if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1) 3826 Perror0_exit("plumb_one_device: SIOCGLIFFLAGS"); 3827 3828 /* Set the name string and the IFF_IPV* flag */ 3829 if (af == AF_INET6) { 3830 lifr.lifr_flags |= IFF_IPV6; 3831 lifr.lifr_flags &= ~(IFF_BROADCAST | IFF_IPV4); 3832 } else { 3833 lifr.lifr_flags |= IFF_IPV4; 3834 lifr.lifr_flags &= ~IFF_IPV6; 3835 } 3836 3837 /* record the device and module names as interface name */ 3838 lifr.lifr_ppa = ppa; 3839 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3840 3841 /* set the interface name */ 3842 if (ioctl(ip_fd, SIOCSLIFNAME, (char *)&lifr) == -1) { 3843 if (errno != EEXIST) 3844 Perror0_exit("SIOCSLIFNAME for ip"); 3845 /* 3846 * This difference between the way we behave for EEXIST 3847 * and that with other errors exists to preserve legacy 3848 * behaviour. Earlier when foreachinterface() and matcif() 3849 * were doing the duplicate interface name checks, for 3850 * already existing interfaces, inetplumb() returned "0". 3851 * To preserve this behaviour, Perror0() and return are 3852 * called for EEXIST. 3853 */ 3854 Perror0("SIOCSLIFNAME for ip"); 3855 return; 3856 } 3857 3858 /* Get the full set of existing flags for this stream */ 3859 if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1) 3860 Perror0_exit("plumb_one_device: SIOCFLIFFLAGS"); 3861 3862 if (debug) { 3863 (void) printf("ifconfig: plumb_one_device: %s got flags:\n", 3864 lifr.lifr_name); 3865 print_flags(lifr.lifr_flags); 3866 (void) putchar('\n'); 3867 } 3868 3869 /* Check if arp is not actually needed */ 3870 if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) { 3871 if (ioctl(ip_fd, I_POP, 0) == -1) 3872 Perror2_exit("I_POP", ARP_MOD_NAME); 3873 } 3874 3875 /* 3876 * Open "/dev/udp" for use as a multiplexor to PLINK the 3877 * interface stream under. We use "/dev/udp" instead of "/dev/ip" 3878 * since STREAMS will not let you PLINK a driver under itself, 3879 * and "/dev/ip" is typically the driver at the bottom of 3880 * the stream for tunneling interfaces. 3881 */ 3882 if (af == AF_INET6) 3883 udp_dev_name = UDP6_DEV_NAME; 3884 else 3885 udp_dev_name = UDP_DEV_NAME; 3886 if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1) 3887 exit(EXIT_FAILURE); 3888 3889 /* Check if arp is not needed */ 3890 if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) { 3891 /* 3892 * PLINK the interface stream so that ifconfig can exit 3893 * without tearing down the stream. 3894 */ 3895 if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) 3896 Perror0_exit("I_PLINK for ip"); 3897 (void) close(mux_fd); 3898 return; 3899 } 3900 3901 /* 3902 * This interface does use ARP, so set up a separate stream 3903 * from the interface to ARP. 3904 * 3905 * Note: modules specified by the user are pushed 3906 * only on the interface stream, not on the ARP stream. 3907 */ 3908 if (debug) 3909 (void) printf("ifconfig: plumb_one_device: ifname: %s\n", name); 3910 3911 /* 3912 * We use DLPI_NOATTACH because the arp module will do the attach 3913 * itself for DLPI style-2 devices. 3914 */ 3915 retval = dlpi_open(name, &dh_arp, DLPI_NOATTACH); 3916 if (retval != DLPI_SUCCESS) 3917 Perrdlpi_exit("cannot open link", name, retval); 3918 3919 arp_fd = dlpi_fd(dh_arp); 3920 if (ioctl(arp_fd, I_PUSH, ARP_MOD_NAME) == -1) 3921 Perror2_exit("I_PUSH", ARP_MOD_NAME); 3922 3923 /* 3924 * Tell ARP the name and unit number for this interface. 3925 * Note that arp has no support for transparent ioctls. 3926 */ 3927 if (strioctl(arp_fd, SIOCSLIFNAME, (char *)&lifr, 3928 sizeof (lifr)) == -1) { 3929 if (errno != EEXIST) 3930 Perror0_exit("SIOCSLIFNAME for arp"); 3931 Perror0("SIOCSLIFNAME for arp"); 3932 dlpi_close(dh_arp); 3933 dlpi_close(dh_ip); 3934 (void) close(mux_fd); 3935 return; 3936 } 3937 /* 3938 * PLINK the IP and ARP streams so that ifconfig can exit 3939 * without tearing down the stream. 3940 */ 3941 if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) 3942 Perror0_exit("I_PLINK for ip"); 3943 if ((arp_muxid = ioctl(mux_fd, I_PLINK, arp_fd)) == -1) { 3944 (void) ioctl(mux_fd, I_PUNLINK, ip_muxid); 3945 Perror0_exit("I_PLINK for arp"); 3946 } 3947 3948 if (debug) 3949 (void) printf("arp muxid = %d\n", arp_muxid); 3950 dlpi_close(dh_ip); 3951 dlpi_close(dh_arp); 3952 (void) close(mux_fd); 3953 } 3954 3955 3956 /* 3957 * If this is a physical interface then remove it. 3958 * If it is a logical interface name use SIOCLIFREMOVEIF to 3959 * remove it. In both cases fail if it doesn't exist. 3960 */ 3961 /* ARGSUSED */ 3962 static int 3963 inetunplumb(char *arg, int64_t param) 3964 { 3965 int ip_muxid, arp_muxid; 3966 int mux_fd; 3967 char *udp_dev_name; 3968 char *strptr; 3969 uint64_t flags; 3970 boolean_t changed_arp_muxid = _B_FALSE; 3971 int save_errno; 3972 3973 strptr = strchr(name, ':'); 3974 if (strptr != NULL || strcmp(name, LOOPBACK_IF) == 0) { 3975 /* Can't unplumb logical interface zero */ 3976 if (strptr != NULL && strcmp(strptr, ":0") == 0) { 3977 (void) fprintf(stderr, "ifconfig: unplumb:" 3978 " Cannot unplumb %s: Invalid interface\n", name); 3979 exit(1); 3980 } 3981 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 3982 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr)); 3983 3984 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) 3985 Perror0_exit("unplumb: SIOCLIFREMOVEIF"); 3986 return (0); 3987 } 3988 3989 /* 3990 * We used /dev/udp or udp6 to set up the mux. So we have to use 3991 * the same now for PUNLINK also. 3992 */ 3993 if (afp->af_af == AF_INET6) 3994 udp_dev_name = UDP6_DEV_NAME; 3995 else 3996 udp_dev_name = UDP_DEV_NAME; 3997 3998 if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1) 3999 exit(EXIT_FAILURE); 4000 4001 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4002 if (ioctl(mux_fd, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) { 4003 Perror0_exit("unplumb: SIOCGLIFFLAGS"); 4004 } 4005 flags = lifr.lifr_flags; 4006 if (ioctl(mux_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) { 4007 Perror0_exit("unplumb: SIOCGLIFMUXID"); 4008 } 4009 arp_muxid = lifr.lifr_arp_muxid; 4010 ip_muxid = lifr.lifr_ip_muxid; 4011 /* 4012 * We don't have a good way of knowing whether the arp stream is 4013 * plumbed. We can't rely on IFF_NOARP because someone could 4014 * have turned it off later using "ifconfig xxx -arp". 4015 */ 4016 if (arp_muxid != 0) { 4017 if (debug) 4018 (void) printf("arp_muxid %d\n", arp_muxid); 4019 if (ioctl(mux_fd, I_PUNLINK, arp_muxid) < 0) { 4020 if ((errno == EINVAL) && 4021 (flags & (IFF_NOARP | IFF_IPV6))) { 4022 /* 4023 * Some plumbing utilities set the muxid to 4024 * -1 or some invalid value to signify that 4025 * there is no arp stream. Set the muxid to 0 4026 * before trying to unplumb the IP stream. 4027 * IP does not allow the IP stream to be 4028 * unplumbed if it sees a non-null arp muxid, 4029 * for consistency of IP-ARP streams. 4030 */ 4031 lifr.lifr_arp_muxid = 0; 4032 (void) ioctl(mux_fd, SIOCSLIFMUXID, 4033 (caddr_t)&lifr); 4034 changed_arp_muxid = _B_TRUE; 4035 } else { 4036 Perror0("I_PUNLINK for arp"); 4037 } 4038 } 4039 } 4040 if (debug) 4041 (void) printf("ip_muxid %d\n", ip_muxid); 4042 4043 if (ioctl(mux_fd, I_PUNLINK, ip_muxid) < 0) { 4044 if (changed_arp_muxid) { 4045 /* 4046 * Some error occurred, and we need to restore 4047 * everything back to what it was. 4048 */ 4049 save_errno = errno; 4050 lifr.lifr_arp_muxid = arp_muxid; 4051 lifr.lifr_ip_muxid = ip_muxid; 4052 (void) ioctl(mux_fd, SIOCSLIFMUXID, (caddr_t)&lifr); 4053 errno = save_errno; 4054 } 4055 Perror0_exit("I_PUNLINK for ip"); 4056 } 4057 (void) close(mux_fd); 4058 return (0); 4059 } 4060 4061 /* 4062 * If this is a physical interface then create it unless it is already 4063 * present. If it is a logical interface name use SIOCLIFADDIF to 4064 * create and (and fail it if already exists.) 4065 * As a special case send SIOCLIFADDIF for the loopback interface. This 4066 * is needed since there is no other notion of plumbing the loopback 4067 * interface. 4068 */ 4069 /* ARGSUSED */ 4070 static int 4071 inetplumb(char *arg, int64_t param) 4072 { 4073 char *strptr; 4074 boolean_t islo; 4075 zoneid_t zoneid; 4076 4077 strptr = strchr(name, ':'); 4078 islo = (strcmp(name, LOOPBACK_IF) == 0); 4079 4080 if (strptr != NULL || islo) { 4081 (void) memset(&lifr, 0, sizeof (lifr)); 4082 (void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4083 if (islo && ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) { 4084 if (debug) { 4085 (void) fprintf(stderr, 4086 "ifconfig: %s already exists\n", name); 4087 } 4088 return (0); 4089 } 4090 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) { 4091 if (errno == EEXIST) { 4092 if (debug) { 4093 (void) fprintf(stderr, 4094 "ifconfig: %s already exists\n", 4095 name); 4096 } 4097 } else { 4098 Perror2_exit("plumb: SIOCLIFADDIF", name); 4099 } 4100 } 4101 /* 4102 * IP can create the new logical interface on a different 4103 * physical interface in the same IPMP group. Take the new 4104 * interface into account for further operations. 4105 */ 4106 (void) strncpy(name, lifr.lifr_name, sizeof (name)); 4107 return (0); 4108 } 4109 4110 /* 4111 * For global zone, check if the interface is used by a non-global 4112 * zone, note that the non-global zones doesn't need this check, 4113 * because zoneadm has taken care of this when the zone boots. 4114 */ 4115 zoneid = getzoneid(); 4116 if (zoneid == GLOBAL_ZONEID) { 4117 int ret; 4118 4119 zoneid = ALL_ZONES; 4120 ret = zone_check_datalink(&zoneid, name); 4121 if (ret == 0) { 4122 char zonename[ZONENAME_MAX]; 4123 4124 (void) getzonenamebyid(zoneid, zonename, ZONENAME_MAX); 4125 (void) fprintf(stderr, "%s is used by non-global" 4126 "zone: %s\n", name, zonename); 4127 return (1); 4128 } 4129 } 4130 4131 if (debug) 4132 (void) printf("inetplumb: %s af %d\n", name, afp->af_af); 4133 4134 plumb_one_device(afp->af_af); 4135 return (0); 4136 } 4137 4138 void 4139 Perror0(char *cmd) 4140 { 4141 int save_errno; 4142 4143 save_errno = errno; 4144 (void) fprintf(stderr, "ifconfig: "); 4145 errno = save_errno; 4146 switch (errno) { 4147 4148 case ENXIO: 4149 (void) fprintf(stderr, "%s: %s: no such interface\n", 4150 cmd, lifr.lifr_name); 4151 break; 4152 4153 case EPERM: 4154 (void) fprintf(stderr, "%s: %s: permission denied\n", 4155 cmd, lifr.lifr_name); 4156 break; 4157 4158 case EEXIST: 4159 (void) fprintf(stderr, "%s: %s: already exists\n", 4160 cmd, lifr.lifr_name); 4161 break; 4162 4163 default: { 4164 char buf[BUFSIZ]; 4165 4166 (void) snprintf(buf, sizeof (buf), "%s: %s", 4167 cmd, lifr.lifr_name); 4168 perror(buf); 4169 } 4170 } 4171 } 4172 4173 void 4174 Perror0_exit(char *cmd) 4175 { 4176 Perror0(cmd); 4177 exit(1); 4178 /* NOTREACHED */ 4179 } 4180 4181 void 4182 Perror2(char *cmd, char *str) 4183 { 4184 int save_errno; 4185 4186 save_errno = errno; 4187 (void) fprintf(stderr, "ifconfig: "); 4188 errno = save_errno; 4189 switch (errno) { 4190 4191 case ENXIO: 4192 (void) fprintf(stderr, "%s: %s: no such interface\n", 4193 cmd, str); 4194 break; 4195 4196 case EPERM: 4197 (void) fprintf(stderr, "%s: %s: permission denied\n", 4198 cmd, str); 4199 break; 4200 4201 default: { 4202 char buf[BUFSIZ]; 4203 4204 (void) snprintf(buf, sizeof (buf), "%s: %s", cmd, str); 4205 perror(buf); 4206 } 4207 } 4208 } 4209 4210 /* 4211 * Print out error message (Perror2()) and exit 4212 */ 4213 void 4214 Perror2_exit(char *cmd, char *str) 4215 { 4216 Perror2(cmd, str); 4217 exit(1); 4218 /* NOTREACHED */ 4219 } 4220 4221 void 4222 Perrdlpi(const char *cmd, const char *linkname, int err) 4223 { 4224 (void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd, 4225 linkname, dlpi_strerror(err)); 4226 } 4227 4228 /* 4229 * Print out error message (Perrdlpi()) and exit 4230 */ 4231 void 4232 Perrdlpi_exit(const char *cmd, const char *linkname, int err) 4233 { 4234 Perrdlpi(cmd, linkname, err); 4235 exit(1); 4236 } 4237 4238 /* 4239 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4240 * pass out <n> in *plenp. 4241 * If <n> doesn't parse return BAD_ADDR as *plenp. 4242 * If no /<n> is present return NO_PREFIX as *plenp. 4243 */ 4244 static void 4245 in_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4246 { 4247 /* LINTED: alignment */ 4248 struct sockaddr_in *sin = (struct sockaddr_in *)saddr; 4249 struct hostent *hp; 4250 struct netent *np; 4251 char str[BUFSIZ]; 4252 int error_num; 4253 4254 (void) strncpy(str, s, sizeof (str)); 4255 4256 /* 4257 * Look for '/'<n> is plenp 4258 */ 4259 if (plenp != NULL) { 4260 char *cp; 4261 4262 *plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS); 4263 if (*plenp == BAD_ADDR) 4264 return; 4265 cp = strchr(str, '/'); 4266 if (cp != NULL) 4267 *cp = '\0'; 4268 } else if (strchr(str, '/') != NULL) { 4269 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4270 exit(1); 4271 } 4272 4273 (void) memset(sin, 0, sizeof (*sin)); 4274 4275 /* 4276 * Try to catch attempts to set the broadcast address to all 1's. 4277 */ 4278 if (strcmp(str, "255.255.255.255") == 0 || 4279 (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) { 4280 sin->sin_family = AF_INET; 4281 sin->sin_addr.s_addr = 0xffffffff; 4282 return; 4283 } 4284 4285 hp = getipnodebyname(str, AF_INET, 0, &error_num); 4286 if (hp) { 4287 sin->sin_family = hp->h_addrtype; 4288 (void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length); 4289 freehostent(hp); 4290 return; 4291 } 4292 np = getnetbyname(str); 4293 if (np) { 4294 sin->sin_family = np->n_addrtype; 4295 sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY); 4296 return; 4297 } 4298 if (error_num == TRY_AGAIN) { 4299 (void) fprintf(stderr, "ifconfig: %s: bad address " 4300 "(try again later)\n", s); 4301 } else { 4302 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4303 } 4304 exit(1); 4305 } 4306 4307 /* 4308 * If the last argument is non-NULL allow a <addr>/<n> syntax and 4309 * pass out <n> in *plenp. 4310 * If <n> doesn't parse return BAD_ADDR as *plenp. 4311 * If no /<n> is present return NO_PREFIX as *plenp. 4312 */ 4313 static void 4314 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp) 4315 { 4316 /* LINTED: alignment */ 4317 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr; 4318 struct hostent *hp; 4319 char str[BUFSIZ]; 4320 int error_num; 4321 4322 (void) strncpy(str, s, sizeof (str)); 4323 4324 /* 4325 * Look for '/'<n> is plenp 4326 */ 4327 if (plenp != NULL) { 4328 char *cp; 4329 4330 *plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS); 4331 if (*plenp == BAD_ADDR) 4332 return; 4333 cp = strchr(str, '/'); 4334 if (cp != NULL) 4335 *cp = '\0'; 4336 } else if (strchr(str, '/') != NULL) { 4337 (void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str); 4338 exit(1); 4339 } 4340 4341 (void) memset(sin6, 0, sizeof (*sin6)); 4342 4343 hp = getipnodebyname(str, AF_INET6, 0, &error_num); 4344 if (hp) { 4345 sin6->sin6_family = hp->h_addrtype; 4346 (void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length); 4347 freehostent(hp); 4348 return; 4349 } 4350 if (error_num == TRY_AGAIN) { 4351 (void) fprintf(stderr, "ifconfig: %s: bad address " 4352 "(try again later)\n", s); 4353 } else { 4354 (void) fprintf(stderr, "ifconfig: %s: bad address\n", s); 4355 } 4356 exit(1); 4357 } 4358 4359 /* 4360 * If "slash" is zero this parses the whole string as 4361 * an integer. With "slash" non zero it parses the tail part as an integer. 4362 * 4363 * If it is not a valid integer this returns BAD_ADDR. 4364 * If there is /<n> present this returns NO_PREFIX. 4365 */ 4366 static int 4367 in_getprefixlen(char *addr, boolean_t slash, int max_plen) 4368 { 4369 int prefixlen; 4370 char *str, *end; 4371 4372 if (slash) { 4373 str = strchr(addr, '/'); 4374 if (str == NULL) 4375 return (NO_PREFIX); 4376 str++; 4377 } else 4378 str = addr; 4379 4380 prefixlen = strtol(str, &end, 10); 4381 if (prefixlen < 0) 4382 return (BAD_ADDR); 4383 if (str == end) 4384 return (BAD_ADDR); 4385 if (max_plen != 0 && max_plen < prefixlen) 4386 return (BAD_ADDR); 4387 return (prefixlen); 4388 } 4389 4390 /* 4391 * Convert a prefix length to a mask. 4392 * Returns 1 if ok. 0 otherwise. 4393 * Assumes the mask array is zero'ed by the caller. 4394 */ 4395 static boolean_t 4396 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask) 4397 { 4398 if (prefixlen < 0 || prefixlen > maxlen) 4399 return (0); 4400 4401 while (prefixlen > 0) { 4402 if (prefixlen >= 8) { 4403 *mask++ = 0xFF; 4404 prefixlen -= 8; 4405 continue; 4406 } 4407 *mask |= 1 << (8 - prefixlen); 4408 prefixlen--; 4409 } 4410 return (1); 4411 } 4412 4413 static void 4414 print_flags(uint64_t flags) 4415 { 4416 boolean_t first = _B_TRUE; 4417 int cnt, i; 4418 4419 (void) printf("flags=%llx", flags); 4420 cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t); 4421 for (i = 0; i < cnt; i++) { 4422 if (flags & if_flags_tbl[i].iff_value) { 4423 if (first) { 4424 (void) printf("<"); 4425 first = _B_FALSE; 4426 } else { 4427 /* 4428 * It has to be here and not with the 4429 * printf below because for the last one, 4430 * we don't want a comma before the ">". 4431 */ 4432 (void) printf(","); 4433 } 4434 (void) printf("%s", if_flags_tbl[i].iff_name); 4435 } 4436 } 4437 if (!first) 4438 (void) printf(">"); 4439 } 4440 4441 static void 4442 print_config_flags(uint64_t flags) 4443 { 4444 int cnt, i; 4445 4446 cnt = sizeof (if_config_cmd_tbl) / sizeof (if_config_cmd_t); 4447 for (i = 0; i < cnt; i++) { 4448 if (flags & if_config_cmd_tbl[i].iff_flag) { 4449 (void) printf("%s ", if_config_cmd_tbl[i].iff_name); 4450 } 4451 } 4452 } 4453 4454 /* 4455 * Use the configured directory lookup mechanism (e.g. files/NIS/NIS+/...) 4456 * to find the network mask. Returns true if we found one to set. 4457 * 4458 * The parameter addr_set controls whether we should get the address of 4459 * the working interface for the netmask query. If addr_set is true, 4460 * we will use the address provided. Otherwise, we will find the working 4461 * interface's address and use it instead. 4462 */ 4463 static boolean_t 4464 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set) 4465 { 4466 struct sockaddr_in ifaddr; 4467 4468 /* 4469 * Read the address from the interface if it is not passed in. 4470 */ 4471 if (!addr_set) { 4472 (void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name)); 4473 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) { 4474 if (errno != EADDRNOTAVAIL) { 4475 (void) fprintf(stderr, "Need net number for " 4476 "mask\n"); 4477 } 4478 return (_B_FALSE); 4479 } 4480 ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr); 4481 } else { 4482 ifaddr.sin_addr = saddr->sin_addr; 4483 } 4484 if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) { 4485 saddr->sin_family = AF_INET; 4486 return (_B_TRUE); 4487 } 4488 return (_B_FALSE); 4489 } 4490 4491 static int 4492 strioctl(int s, int cmd, char *buf, int buflen) 4493 { 4494 struct strioctl ioc; 4495 4496 (void) memset(&ioc, 0, sizeof (ioc)); 4497 ioc.ic_cmd = cmd; 4498 ioc.ic_timout = 0; 4499 ioc.ic_len = buflen; 4500 ioc.ic_dp = buf; 4501 return (ioctl(s, I_STR, (char *)&ioc)); 4502 } 4503 4504 static void 4505 add_ni(char *name) 4506 { 4507 ni_t **pp; 4508 ni_t *p; 4509 4510 for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) { 4511 if (strcmp(p->ni_name, name) == 0) { 4512 if (debug > 2) 4513 (void) fprintf(stderr, "'%s' is a duplicate\n", 4514 name); 4515 return; 4516 } 4517 } 4518 4519 if (debug > 2) 4520 (void) fprintf(stderr, "adding '%s'\n", 4521 name); 4522 4523 if ((p = malloc(sizeof (ni_t))) == NULL) 4524 return; 4525 4526 (void) strlcpy(p->ni_name, name, sizeof (p->ni_name)); 4527 p->ni_next = NULL; 4528 4529 *pp = p; 4530 num_ni++; 4531 } 4532 4533 /* ARGSUSED2 */ 4534 static int 4535 devfs_entry(di_node_t node, di_minor_t minor, void *arg) 4536 { 4537 char *provider; 4538 char linkname[DLPI_LINKNAME_MAX]; 4539 dlpi_handle_t dh; 4540 4541 provider = di_minor_name(minor); 4542 if (debug > 2) 4543 (void) fprintf(stderr, "provider = %s\n", provider); 4544 4545 if (dlpi_makelink(linkname, provider, 4546 di_instance(node)) != DLPI_SUCCESS) 4547 return (DI_WALK_CONTINUE); 4548 4549 if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS) 4550 return (DI_WALK_CONTINUE); 4551 4552 if (di_minor_type(minor) == DDM_ALIAS) { 4553 if (debug > 2) 4554 (void) fprintf(stderr, "alias node, using instance\n"); 4555 add_ni(linkname); 4556 } else { 4557 if (debug > 2) 4558 (void) fprintf(stderr, "non-alias node, ignoring\n"); 4559 } 4560 4561 dlpi_close(dh); 4562 return (DI_WALK_CONTINUE); 4563 } 4564 4565 /* 4566 * dhcp-related routines 4567 */ 4568 4569 static int 4570 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[]) 4571 { 4572 dhcp_ipc_request_t *request; 4573 dhcp_ipc_reply_t *reply = NULL; 4574 int timeout = DHCP_IPC_WAIT_DEFAULT; 4575 dhcp_ipc_type_t type = DHCP_START; 4576 int error; 4577 boolean_t is_primary = _B_FALSE; 4578 boolean_t started = _B_FALSE; 4579 4580 for (argv++; --argc > 0; argv++) { 4581 4582 if (strcmp(*argv, "primary") == 0) { 4583 is_primary = _B_TRUE; 4584 continue; 4585 } 4586 4587 if (strcmp(*argv, "wait") == 0) { 4588 if (--argc <= 0) { 4589 usage(); 4590 return (DHCP_EXIT_BADARGS); 4591 } 4592 argv++; 4593 4594 if (strcmp(*argv, "forever") == 0) { 4595 timeout = DHCP_IPC_WAIT_FOREVER; 4596 continue; 4597 } 4598 4599 if (sscanf(*argv, "%d", &timeout) != 1) { 4600 usage(); 4601 return (DHCP_EXIT_BADARGS); 4602 } 4603 4604 if (timeout < 0) { 4605 usage(); 4606 return (DHCP_EXIT_BADARGS); 4607 } 4608 continue; 4609 } 4610 4611 type = dhcp_string_to_request(*argv); 4612 if (type == -1) { 4613 usage(); 4614 return (DHCP_EXIT_BADARGS); 4615 } 4616 } 4617 4618 /* 4619 * Only try to start agent on start or inform; in all other cases it 4620 * has to already be running for anything to make sense. 4621 */ 4622 if (type == DHCP_START || type == DHCP_INFORM) { 4623 if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) { 4624 (void) fprintf(stderr, "%s: unable to start %s\n", 4625 caller, DHCP_AGENT_PATH); 4626 return (DHCP_EXIT_FAILURE); 4627 } 4628 started = _B_TRUE; 4629 } 4630 4631 if (is_primary) 4632 type |= DHCP_PRIMARY; 4633 4634 if (af != AF_INET) 4635 type |= DHCP_V6; 4636 4637 request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE); 4638 if (request == NULL) { 4639 (void) fprintf(stderr, "%s: out of memory\n", caller); 4640 return (DHCP_EXIT_SYSTEM); 4641 } 4642 4643 error = dhcp_ipc_make_request(request, &reply, timeout); 4644 if (error != 0) { 4645 free(request); 4646 /* 4647 * Re-map connect error to not under control if we didn't try a 4648 * start operation, as this has to be true and results in a 4649 * clearer message, not to mention preserving compatibility 4650 * with the days when we always started dhcpagent for every 4651 * request. 4652 */ 4653 if (error == DHCP_IPC_E_CONNECT && !started) 4654 error = DHCP_IPC_E_UNKIF; 4655 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4656 dhcp_ipc_strerror(error)); 4657 return (DHCP_EXIT_FAILURE); 4658 } 4659 4660 error = reply->return_code; 4661 if (error != 0) { 4662 free(request); 4663 free(reply); 4664 4665 if (error == DHCP_IPC_E_TIMEOUT && timeout == 0) 4666 return (DHCP_EXIT_SUCCESS); 4667 4668 (void) fprintf(stderr, "%s: %s: %s\n", caller, ifname, 4669 dhcp_ipc_strerror(error)); 4670 4671 if (error == DHCP_IPC_E_TIMEOUT) 4672 return (DHCP_EXIT_TIMEOUT); 4673 else 4674 return (DHCP_EXIT_IF_FAILURE); 4675 } 4676 4677 if (DHCP_IPC_CMD(type) == DHCP_STATUS) { 4678 (void) printf("%s", dhcp_status_hdr_string()); 4679 (void) printf("%s", dhcp_status_reply_to_string(reply)); 4680 } 4681 4682 free(request); 4683 free(reply); 4684 return (DHCP_EXIT_SUCCESS); 4685 } 4686 4687 static void 4688 usage(void) 4689 { 4690 (void) fprintf(stderr, 4691 "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n"); 4692 4693 (void) fprintf(stderr, "%s", 4694 "\t[ <addr_family> ]\n" 4695 "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n" 4696 "\t[ set [ <address>][/<prefix_length>] ]" 4697 " [ <address>/<prefix_length>] ]\n" 4698 "\t[ destination <dest_address> ]\n" 4699 "\t[ addif <address>[/<prefix_length>]" 4700 " [ <dest_address> ] ]\n" 4701 "\t[ removeif <address>[/<prefix_length>] ]\n" 4702 "\t[ arp | -arp ]\n" 4703 "\t[ auto-revarp ]\n" 4704 "\t[ broadcast <broad_addr> ]\n" 4705 "\t[ index <if_index> ]\n" 4706 "\t[ metric <n> ] [ mtu <n> ]\n" 4707 "\t[ netmask <mask> ]\n" 4708 "\t[ plumb ] [ unplumb ]\n" 4709 "\t[ preferred | -preferred ]\n" 4710 "\t[ private | -private ]\n" 4711 "\t[ local | -local ]\n" 4712 "\t[ router | -router ]\n" 4713 "\t[ subnet <subnet_address>]\n" 4714 "\t[ trailers | -trailers ]\n" 4715 "\t[ token <address>/<prefix_length> ]\n" 4716 "\t[ tsrc <tunnel_src_address> ]\n" 4717 "\t[ tdst <tunnel_dest_address> ]\n" 4718 "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n" 4719 "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n" 4720 "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n" 4721 "\t[ up ] [ down ]\n" 4722 "\t[ xmit | -xmit ]\n" 4723 "\t[ modlist ]\n" 4724 "\t[ modinsert <module_name@position> ]\n" 4725 "\t[ modremove <module_name@position> ]\n" 4726 "\t[ group <groupname>] | [ group \"\"]\n" 4727 "\t[ deprecated | -deprecated ]\n" 4728 "\t[ standby | -standby ]\n" 4729 "\t[ failover | -failover ]\n" 4730 "\t[ zone <zonename> | -zone ]\n" 4731 "\t[ usesrc <interface> ]\n" 4732 "\t[ all-zones ]\n"); 4733 4734 (void) fprintf(stderr, "or\n"); 4735 (void) fprintf(stderr, 4736 "\tifconfig <interface> | -a[ 4 | 6 | D ] [ u | d ]\n"); 4737 4738 (void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n" 4739 "\t[ wait <time> | forever ]\n\t[ primary ]\n" 4740 "\tstart | drop | ping | release | status | inform\n"); 4741 } 4742