Print this page
Removed mismerged Joyent copyright
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/inet/ip/ip_tunables.c
+++ new/usr/src/uts/common/inet/ip/ip_tunables.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
23 - * Copyright (c) 2012, Joyent, Inc. All rights reserved.
24 23 * Copyright (c) 2013 by Delphix. All rights reserved.
25 24 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
26 25 */
27 26 /* Copyright (c) 1990 Mentat Inc. */
28 27
29 28 #include <inet/ip.h>
30 29 #include <inet/ip6.h>
31 30 #include <inet/ip_if.h>
32 31 #include <inet/ip_ire.h>
33 32 #include <inet/ipclassifier.h>
34 33 #include <inet/ip_impl.h>
35 34 #include <inet/tunables.h>
36 35 #include <sys/sunddi.h>
37 36 #include <sys/policy.h>
38 37
39 38 /* How long, in seconds, we allow frags to hang around. */
40 39 #define IP_REASM_TIMEOUT 15
41 40 #define IPV6_REASM_TIMEOUT 60
42 41
43 42 /*
44 43 * Set ip{,6}_forwarding values. If the value is being set on an ill,
45 44 * find the ill and set the value on it. On the other hand if we are modifying
46 45 * global property, modify the global value and set the value on all the ills.
47 46 */
48 47 /* ARGSUSED */
49 48 static int
50 49 ip_set_forwarding(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
51 50 const char *ifname, const void* pval, uint_t flags)
52 51 {
53 52 char *end;
54 53 unsigned long new_value;
55 54 boolean_t per_ill, isv6;
56 55 ill_walk_context_t ctx;
57 56 ill_t *ill;
58 57 ip_stack_t *ipst = stack->netstack_ip;
59 58
60 59 if (flags & MOD_PROP_DEFAULT) {
61 60 new_value = pinfo->prop_def_bval;
62 61 } else {
63 62 if (ddi_strtoul(pval, &end, 10, &new_value) != 0 ||
64 63 *end != '\0')
65 64 return (EINVAL);
66 65 if (new_value != B_TRUE && new_value != B_FALSE)
67 66 return (EINVAL);
68 67 }
69 68
70 69 per_ill = (ifname != NULL && ifname[0] != '\0');
71 70 /*
72 71 * if it's not per ill then set the global property and bring all the
73 72 * ills up to date with the new global value.
74 73 */
75 74 if (!per_ill)
76 75 pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE);
77 76
78 77 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
79 78 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
80 79 if (isv6)
81 80 ill = ILL_START_WALK_V6(&ctx, ipst);
82 81 else
83 82 ill = ILL_START_WALK_V4(&ctx, ipst);
84 83
85 84 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
86 85 /*
87 86 * if the property needs to be set on a particular
88 87 * interface, look for that interface.
89 88 */
90 89 if (per_ill && strcmp(ifname, ill->ill_name) != 0)
91 90 continue;
92 91 (void) ill_forward_set(ill, new_value != 0);
93 92 }
94 93 rw_exit(&ipst->ips_ill_g_lock);
95 94
96 95 return (0);
97 96 }
98 97
99 98 static int
100 99 ip_get_forwarding(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
101 100 void *pval, uint_t pr_size, uint_t flags)
102 101 {
103 102 boolean_t value;
104 103 ill_walk_context_t ctx;
105 104 ill_t *ill;
106 105 ip_stack_t *ipst = stack->netstack_ip;
107 106 boolean_t get_def = (flags & MOD_PROP_DEFAULT);
108 107 boolean_t get_perm = (flags & MOD_PROP_PERM);
109 108 boolean_t isv6;
110 109 size_t nbytes = 0;
111 110
112 111 if (get_perm) {
113 112 nbytes = snprintf(pval, pr_size, "%d", MOD_PROP_PERM_RW);
114 113 goto ret;
115 114 } else if (get_def) {
116 115 nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_def_bval);
117 116 goto ret;
118 117 }
119 118
120 119 /*
121 120 * if per interface value is not asked for return the current
122 121 * global value
123 122 */
124 123 if (ifname == NULL || ifname[0] == '\0') {
125 124 nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_cur_bval);
126 125 goto ret;
127 126 }
128 127
129 128 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
130 129 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
131 130 if (isv6)
132 131 ill = ILL_START_WALK_V6(&ctx, ipst);
133 132 else
134 133 ill = ILL_START_WALK_V4(&ctx, ipst);
135 134 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
136 135 /*
137 136 * if the property needs to be obtained on a particular
138 137 * interface, look for that interface.
139 138 */
140 139 if (strcmp(ifname, ill->ill_name) == 0)
141 140 break;
142 141 }
143 142 if (ill == NULL) {
144 143 rw_exit(&ipst->ips_ill_g_lock);
145 144 return (ENXIO);
146 145 }
147 146 value = ((ill->ill_flags & ILLF_ROUTER) ? B_TRUE : B_FALSE);
148 147 rw_exit(&ipst->ips_ill_g_lock);
149 148 nbytes = snprintf(pval, pr_size, "%d", value);
150 149 ret:
151 150 if (nbytes >= pr_size)
152 151 return (ENOBUFS);
153 152 return (0);
154 153 }
155 154
156 155 /*
157 156 * `ip_debug' is a global variable. So, we will be modifying the global
158 157 * variable here.
159 158 */
160 159 /* ARGSUSED */
161 160 int
162 161 ip_set_debug(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
163 162 const char *ifname, const void* pval, uint_t flags)
164 163 {
165 164 unsigned long new_value;
166 165 int err;
167 166
168 167 if (cr != NULL && secpolicy_net_config(cr, B_FALSE) != 0)
169 168 return (EPERM);
170 169
171 170 if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0)
172 171 return (err);
173 172 ip_debug = (uint32_t)new_value;
174 173 return (0);
175 174 }
176 175
177 176 /*
178 177 * ip_debug is a global property. For default, permission and value range
179 178 * we retrieve the value from `pinfo'. However for the current value we
180 179 * retrieve the value from the global variable `ip_debug'
181 180 */
182 181 /* ARGSUSED */
183 182 int
184 183 ip_get_debug(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
185 184 void *pval, uint_t psize, uint_t flags)
186 185 {
187 186 boolean_t get_def = (flags & MOD_PROP_DEFAULT);
188 187 boolean_t get_perm = (flags & MOD_PROP_PERM);
189 188 boolean_t get_range = (flags & MOD_PROP_POSSIBLE);
190 189 size_t nbytes;
191 190
192 191 bzero(pval, psize);
193 192 if (get_perm)
194 193 nbytes = snprintf(pval, psize, "%u", MOD_PROP_PERM_RW);
195 194 else if (get_range)
196 195 nbytes = snprintf(pval, psize, "%u-%u",
197 196 pinfo->prop_min_uval, pinfo->prop_max_uval);
198 197 else if (get_def)
199 198 nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_uval);
200 199 else
201 200 nbytes = snprintf(pval, psize, "%u", ip_debug);
202 201 if (nbytes >= psize)
203 202 return (ENOBUFS);
204 203 return (0);
205 204 }
206 205
207 206 /*
208 207 * Set the CGTP (multirouting) filtering status. If the status is changed
209 208 * from active to transparent or from transparent to active, forward the
210 209 * new status to the filtering module (if loaded).
211 210 */
212 211 /* ARGSUSED */
213 212 static int
214 213 ip_set_cgtp_filter(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
215 214 const char *ifname, const void* pval, uint_t flags)
216 215 {
217 216 unsigned long new_value;
218 217 ip_stack_t *ipst = stack->netstack_ip;
219 218 char *end;
220 219
221 220 if (flags & MOD_PROP_DEFAULT) {
222 221 new_value = pinfo->prop_def_bval;
223 222 } else {
224 223 if (ddi_strtoul(pval, &end, 10, &new_value) != 0 ||
225 224 *end != '\0' || new_value > 1) {
226 225 return (EINVAL);
227 226 }
228 227 }
229 228 if (!pinfo->prop_cur_bval && new_value) {
230 229 cmn_err(CE_NOTE, "IP: enabling CGTP filtering%s",
231 230 ipst->ips_ip_cgtp_filter_ops == NULL ?
232 231 " (module not loaded)" : "");
233 232 }
234 233 if (pinfo->prop_cur_bval && !new_value) {
235 234 cmn_err(CE_NOTE, "IP: disabling CGTP filtering%s",
236 235 ipst->ips_ip_cgtp_filter_ops == NULL ?
237 236 " (module not loaded)" : "");
238 237 }
239 238 if (ipst->ips_ip_cgtp_filter_ops != NULL) {
240 239 int res;
241 240 netstackid_t stackid = ipst->ips_netstack->netstack_stackid;
242 241
243 242 res = ipst->ips_ip_cgtp_filter_ops->cfo_change_state(stackid,
244 243 new_value);
245 244 if (res)
246 245 return (res);
247 246 }
248 247 pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE);
249 248 ill_set_inputfn_all(ipst);
250 249 return (0);
251 250 }
252 251
253 252 /*
254 253 * Retrieve the default MTU or min-max MTU range for a given interface.
255 254 *
256 255 * -- ill_max_frag value tells us the maximum MTU that can be handled by the
257 256 * datalink. This value is advertised by the driver via DLPI messages
258 257 * (DL_NOTE_SDU_SIZE/DL_INFO_ACK).
259 258 *
260 259 * -- ill_current_frag for the most link-types will be same as ill_max_frag
261 260 * to begin with. However it is dynamically computed for some link-types
262 261 * like tunnels, based on the tunnel PMTU.
263 262 *
264 263 * -- ill_mtu is the user set MTU using SIOCSLIFMTU and must lie between
265 264 * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
266 265 *
267 266 * -- ill_user_mtu is set by in.ndpd using SIOCSLIFLNKINFO and must lie between
268 267 * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
269 268 */
270 269 int
271 270 ip_get_mtu(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
272 271 void *pval, uint_t psize, uint_t flags)
273 272 {
274 273 ill_walk_context_t ctx;
275 274 ill_t *ill;
276 275 ip_stack_t *ipst = stack->netstack_ip;
277 276 boolean_t isv6;
278 277 uint32_t max_mtu, def_mtu;
279 278 size_t nbytes = 0;
280 279
281 280 if (!(flags & (MOD_PROP_DEFAULT|MOD_PROP_POSSIBLE)))
282 281 return (ENOTSUP);
283 282
284 283 if (ifname == NULL || ifname[0] == '\0')
285 284 return (ENOTSUP);
286 285
287 286 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
288 287 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
289 288 if (isv6)
290 289 ill = ILL_START_WALK_V6(&ctx, ipst);
291 290 else
292 291 ill = ILL_START_WALK_V4(&ctx, ipst);
293 292 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
294 293 if (strcmp(ifname, ill->ill_name) == 0)
295 294 break;
296 295 }
297 296 if (ill == NULL) {
298 297 rw_exit(&ipst->ips_ill_g_lock);
299 298 return (ENXIO);
300 299 }
301 300 max_mtu = ill->ill_max_frag;
302 301 def_mtu = ill->ill_current_frag;
303 302 rw_exit(&ipst->ips_ill_g_lock);
304 303
305 304 if (flags & MOD_PROP_DEFAULT) {
306 305 nbytes = snprintf(pval, psize, "%u", def_mtu);
307 306 } else if (flags & MOD_PROP_POSSIBLE) {
308 307 uint32_t min_mtu;
309 308
310 309 min_mtu = isv6 ? IPV6_MIN_MTU : IP_MIN_MTU;
311 310 nbytes = snprintf(pval, psize, "%u-%u", min_mtu, max_mtu);
312 311 } else {
313 312 return (ENOTSUP);
314 313 }
315 314
316 315 if (nbytes >= psize)
317 316 return (ENOBUFS);
318 317 return (0);
319 318 }
320 319
321 320 /*
322 321 * See the comments for ip[6]_strict_src_multihoming for an explanation
323 322 * of the semanitcs.
324 323 */
325 324 void
326 325 ip_set_src_multihoming_common(ulong_t new_value, ulong_t old_value,
327 326 boolean_t isv6, ip_stack_t *ipst)
328 327 {
329 328 if (isv6)
330 329 ipst->ips_ipv6_strict_src_multihoming = new_value;
331 330 else
332 331 ipst->ips_ip_strict_src_multihoming = new_value;
333 332 if (new_value != old_value) {
334 333 if (!isv6) {
335 334 if (old_value == 0) {
336 335 ire_walk_v4(ip_ire_rebind_walker, NULL,
337 336 ALL_ZONES, ipst);
338 337 } else if (new_value == 0) {
339 338 ire_walk_v4(ip_ire_unbind_walker, NULL,
340 339 ALL_ZONES, ipst);
341 340 }
342 341 ipcl_walk(conn_ire_revalidate, (void *)B_FALSE, ipst);
343 342 } else {
344 343 if (old_value == 0) {
345 344 ire_walk_v6(ip_ire_rebind_walker, NULL,
346 345 ALL_ZONES, ipst);
347 346 } else if (new_value == 0) {
348 347 ire_walk_v6(ip_ire_unbind_walker, NULL,
349 348 ALL_ZONES, ipst);
350 349 }
351 350 ipcl_walk(conn_ire_revalidate, (void *)B_TRUE, ipst);
352 351 }
353 352 }
354 353 }
355 354
356 355 /* ARGSUSED */
357 356 static int
358 357 ip_set_src_multihoming(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
359 358 const char *ifname, const void* pval, uint_t flags)
360 359 {
361 360 unsigned long new_value, old_value;
362 361 boolean_t isv6;
363 362 ip_stack_t *ipst = stack->netstack_ip;
364 363 int err;
365 364
366 365 old_value = pinfo->prop_cur_uval;
367 366
368 367 if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0)
369 368 return (err);
370 369 pinfo->prop_cur_uval = new_value;
371 370 isv6 = (strcmp(pinfo->mpi_name, "ip6_strict_src_multihoming") == 0);
372 371 ip_set_src_multihoming_common(new_value, old_value, isv6, ipst);
373 372 return (0);
374 373 }
375 374
376 375
377 376 /* ARGSUSED */
378 377 static int
379 378 ip_set_hostmodel(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
380 379 const char *ifname, const void* pval, uint_t flags)
381 380 {
382 381 ip_hostmodel_t new_value, old_value;
383 382 ip_stack_t *ipst = stack->netstack_ip;
384 383 uint32_t old_src_multihoming;
385 384 int err;
386 385 ulong_t tmp;
387 386 boolean_t isv6;
388 387
389 388 old_value = pinfo->prop_cur_uval;
390 389
391 390 if ((err = mod_uint32_value(pval, pinfo, flags, &tmp)) != 0)
392 391 return (err);
393 392 new_value = tmp;
394 393 pinfo->prop_cur_uval = new_value;
395 394
396 395 switch (old_value) {
397 396 case IP_WEAK_ES:
398 397 old_src_multihoming = 0;
399 398 break;
400 399 case IP_SRC_PRI_ES:
401 400 old_src_multihoming = 1;
402 401 break;
403 402 case IP_STRONG_ES:
404 403 old_src_multihoming = 2;
405 404 break;
406 405 default:
407 406 ASSERT(0);
408 407 old_src_multihoming = IP_MAXVAL_ES;
409 408 break;
410 409 }
411 410 /*
412 411 * Changes to src_multihoming may require ire's to be rebound/unbound,
413 412 * and also require generation number resets. Changes to dst_multihoming
414 413 * require a simple reset of the value.
415 414 */
416 415 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6);
417 416 if (new_value != old_value) {
418 417 switch (new_value) {
419 418 case IP_WEAK_ES:
420 419 ip_set_src_multihoming_common(0, old_src_multihoming,
421 420 isv6, ipst);
422 421 if (isv6)
423 422 ipst->ips_ipv6_strict_dst_multihoming = 0;
424 423 else
425 424 ipst->ips_ip_strict_dst_multihoming = 0;
426 425 break;
427 426 case IP_SRC_PRI_ES:
428 427 ip_set_src_multihoming_common(1, old_src_multihoming,
429 428 isv6, ipst);
430 429 if (isv6)
431 430 ipst->ips_ipv6_strict_dst_multihoming = 0;
432 431 else
433 432 ipst->ips_ip_strict_dst_multihoming = 0;
434 433 break;
435 434 case IP_STRONG_ES:
436 435 ip_set_src_multihoming_common(2, old_src_multihoming,
437 436 isv6, ipst);
438 437 if (isv6)
439 438 ipst->ips_ipv6_strict_dst_multihoming = 1;
440 439 else
441 440 ipst->ips_ip_strict_dst_multihoming = 1;
442 441 break;
443 442 default:
444 443 return (EINVAL);
445 444 }
446 445 }
447 446 return (0);
448 447 }
449 448
450 449 /* ARGSUSED */
451 450 int
452 451 ip_get_hostmodel(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
453 452 void *pval, uint_t psize, uint_t flags)
454 453 {
455 454 boolean_t isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6);
456 455 ip_stack_t *ipst = stack->netstack_ip;
457 456 ip_hostmodel_t hostmodel;
458 457
459 458 if (psize < sizeof (hostmodel))
460 459 return (ENOBUFS);
461 460 bzero(pval, psize);
462 461 if (!isv6) {
463 462 if (ipst->ips_ip_strict_src_multihoming == 0 &&
464 463 ipst->ips_ip_strict_dst_multihoming == 0)
465 464 hostmodel = IP_WEAK_ES;
466 465 else if (ipst->ips_ip_strict_src_multihoming == 1 &&
467 466 ipst->ips_ip_strict_dst_multihoming == 0)
468 467 hostmodel = IP_SRC_PRI_ES;
469 468 else if (ipst->ips_ip_strict_src_multihoming == 2 &&
470 469 ipst->ips_ip_strict_dst_multihoming == 1)
471 470 hostmodel = IP_STRONG_ES;
472 471 else
473 472 hostmodel = IP_MAXVAL_ES;
474 473 } else {
475 474 if (ipst->ips_ipv6_strict_src_multihoming == 0 &&
476 475 ipst->ips_ipv6_strict_dst_multihoming == 0)
477 476 hostmodel = IP_WEAK_ES;
478 477 else if (ipst->ips_ipv6_strict_src_multihoming == 1 &&
479 478 ipst->ips_ipv6_strict_dst_multihoming == 0)
480 479 hostmodel = IP_SRC_PRI_ES;
481 480 else if (ipst->ips_ipv6_strict_src_multihoming == 2 &&
482 481 ipst->ips_ipv6_strict_dst_multihoming == 1)
483 482 hostmodel = IP_STRONG_ES;
484 483 else
485 484 hostmodel = IP_MAXVAL_ES;
486 485 }
487 486 bcopy(&hostmodel, pval, sizeof (hostmodel));
488 487 return (0);
489 488 }
490 489
491 490 /*
492 491 * All of these are alterable, within the min/max values given, at run time.
493 492 *
494 493 * Note: All those tunables which do not start with "_" are Committed and
495 494 * therefore are public. See PSARC 2010/080.
496 495 */
497 496 mod_prop_info_t ip_propinfo_tbl[] = {
498 497 /* tunable - 0 */
499 498 { "_respond_to_address_mask_broadcast", MOD_PROTO_IP,
500 499 mod_set_boolean, mod_get_boolean,
501 500 {B_FALSE}, {B_FALSE} },
502 501
503 502 { "_respond_to_echo_broadcast", MOD_PROTO_IP,
504 503 mod_set_boolean, mod_get_boolean,
505 504 {B_TRUE}, {B_TRUE} },
506 505
507 506 { "_respond_to_echo_multicast", MOD_PROTO_IPV4,
508 507 mod_set_boolean, mod_get_boolean,
509 508 {B_TRUE}, {B_TRUE} },
510 509
511 510 { "_respond_to_timestamp", MOD_PROTO_IP,
512 511 mod_set_boolean, mod_get_boolean,
513 512 {B_FALSE}, {B_FALSE} },
514 513
515 514 { "_respond_to_timestamp_broadcast", MOD_PROTO_IP,
516 515 mod_set_boolean, mod_get_boolean,
517 516 {B_FALSE}, {B_FALSE} },
518 517
519 518 { "_send_redirects", MOD_PROTO_IPV4,
520 519 mod_set_boolean, mod_get_boolean,
521 520 {B_TRUE}, {B_TRUE} },
522 521
523 522 { "_forward_directed_broadcasts", MOD_PROTO_IP,
524 523 mod_set_boolean, mod_get_boolean,
525 524 {B_FALSE}, {B_FALSE} },
526 525
527 526 { "_mrtdebug", MOD_PROTO_IP,
528 527 mod_set_uint32, mod_get_uint32,
529 528 {0, 10, 0}, {0} },
530 529
531 530 { "_ire_reclaim_fraction", MOD_PROTO_IP,
532 531 mod_set_uint32, mod_get_uint32,
533 532 {1, 8, 3}, {3} },
534 533
535 534 { "_nce_reclaim_fraction", MOD_PROTO_IP,
536 535 mod_set_uint32, mod_get_uint32,
537 536 {1, 8, 3}, {3} },
538 537
539 538 /* tunable - 10 */
540 539 { "_dce_reclaim_fraction", MOD_PROTO_IP,
541 540 mod_set_uint32, mod_get_uint32,
542 541 {1, 8, 3}, {3} },
543 542
544 543 { "ttl", MOD_PROTO_IPV4,
545 544 mod_set_uint32, mod_get_uint32,
546 545 {1, 255, 255}, {255} },
547 546
548 547 { "_forward_src_routed", MOD_PROTO_IPV4,
549 548 mod_set_boolean, mod_get_boolean,
550 549 {B_FALSE}, {B_FALSE} },
551 550
552 551 { "_wroff_extra", MOD_PROTO_IP,
553 552 mod_set_uint32, mod_get_uint32,
554 553 {0, 256, 32}, {32} },
555 554
556 555 /* following tunable is in seconds - a deviant! */
557 556 { "_pathmtu_interval", MOD_PROTO_IP,
558 557 mod_set_uint32, mod_get_uint32,
559 558 {2, 999999999, 60*20}, {60*20} },
560 559
561 560 { "_icmp_return_data_bytes", MOD_PROTO_IPV4,
562 561 mod_set_uint32, mod_get_uint32,
563 562 {8, 65536, 64}, {64} },
564 563
565 564 { "_path_mtu_discovery", MOD_PROTO_IP,
566 565 mod_set_boolean, mod_get_boolean,
567 566 {B_TRUE}, {B_TRUE} },
568 567
569 568 { "_pmtu_min", MOD_PROTO_IP,
570 569 mod_set_uint32, mod_get_uint32,
571 570 {68, 65535, 576}, {576} },
572 571
573 572 { "_ignore_redirect", MOD_PROTO_IPV4,
574 573 mod_set_boolean, mod_get_boolean,
575 574 {B_FALSE}, {B_FALSE} },
576 575
577 576 { "_arp_icmp_error", MOD_PROTO_IP,
578 577 mod_set_boolean, mod_get_boolean,
579 578 {B_FALSE}, {B_FALSE} },
580 579
581 580 /* tunable - 20 */
582 581 { "_broadcast_ttl", MOD_PROTO_IP,
583 582 mod_set_uint32, mod_get_uint32,
584 583 {1, 254, 1}, {1} },
585 584
586 585 { "_icmp_err_interval", MOD_PROTO_IP,
587 586 mod_set_uint32, mod_get_uint32,
588 587 {0, 99999, 100}, {100} },
589 588
590 589 { "_icmp_err_burst", MOD_PROTO_IP,
591 590 mod_set_uint32, mod_get_uint32,
592 591 {1, 99999, 10}, {10} },
593 592
594 593 { "_reass_queue_bytes", MOD_PROTO_IP,
595 594 mod_set_uint32, mod_get_uint32,
596 595 {0, 999999999, 1000000}, {1000000} },
597 596
598 597 /*
599 598 * See comments for ip_strict_src_multihoming for an explanation
600 599 * of the semantics of ip_strict_dst_multihoming
601 600 */
602 601 { "_strict_dst_multihoming", MOD_PROTO_IPV4,
603 602 mod_set_uint32, mod_get_uint32,
604 603 {0, 1, 0}, {0} },
605 604
606 605 { "_addrs_per_if", MOD_PROTO_IP,
607 606 mod_set_uint32, mod_get_uint32,
608 607 {1, MAX_ADDRS_PER_IF, 256}, {256} },
609 608
610 609 { "_ipsec_override_persocket_policy", MOD_PROTO_IP,
611 610 mod_set_boolean, mod_get_boolean,
612 611 {B_FALSE}, {B_FALSE} },
613 612
614 613 { "_icmp_accept_clear_messages", MOD_PROTO_IP,
615 614 mod_set_boolean, mod_get_boolean,
616 615 {B_TRUE}, {B_TRUE} },
617 616
618 617 { "_igmp_accept_clear_messages", MOD_PROTO_IP,
619 618 mod_set_boolean, mod_get_boolean,
620 619 {B_TRUE}, {B_TRUE} },
621 620
622 621 { "_ndp_delay_first_probe_time", MOD_PROTO_IP,
623 622 mod_set_uint32, mod_get_uint32,
624 623 {2, 999999999, ND_DELAY_FIRST_PROBE_TIME},
625 624 {ND_DELAY_FIRST_PROBE_TIME} },
626 625
627 626 /* tunable - 30 */
628 627 { "_ndp_max_unicast_solicit", MOD_PROTO_IP,
629 628 mod_set_uint32, mod_get_uint32,
630 629 {1, 999999999, ND_MAX_UNICAST_SOLICIT}, {ND_MAX_UNICAST_SOLICIT} },
631 630
632 631 { "hoplimit", MOD_PROTO_IPV6,
633 632 mod_set_uint32, mod_get_uint32,
634 633 {1, 255, IPV6_MAX_HOPS}, {IPV6_MAX_HOPS} },
635 634
636 635 { "_icmp_return_data_bytes", MOD_PROTO_IPV6,
637 636 mod_set_uint32, mod_get_uint32,
638 637 {8, IPV6_MIN_MTU, IPV6_MIN_MTU}, {IPV6_MIN_MTU} },
639 638
640 639 { "_forward_src_routed", MOD_PROTO_IPV6,
641 640 mod_set_boolean, mod_get_boolean,
642 641 {B_FALSE}, {B_FALSE} },
643 642
644 643 { "_respond_to_echo_multicast", MOD_PROTO_IPV6,
645 644 mod_set_boolean, mod_get_boolean,
646 645 {B_TRUE}, {B_TRUE} },
647 646
648 647 { "_send_redirects", MOD_PROTO_IPV6,
649 648 mod_set_boolean, mod_get_boolean,
650 649 {B_TRUE}, {B_TRUE} },
651 650
652 651 { "_ignore_redirect", MOD_PROTO_IPV6,
653 652 mod_set_boolean, mod_get_boolean,
654 653 {B_FALSE}, {B_FALSE} },
655 654
656 655 /*
657 656 * See comments for ip6_strict_src_multihoming for an explanation
658 657 * of the semantics of ip6_strict_dst_multihoming
659 658 */
660 659 { "_strict_dst_multihoming", MOD_PROTO_IPV6,
661 660 mod_set_uint32, mod_get_uint32,
662 661 {0, 1, 0}, {0} },
663 662
664 663 { "_src_check", MOD_PROTO_IP,
665 664 mod_set_uint32, mod_get_uint32,
666 665 {0, 2, 2}, {2} },
667 666
668 667 { "_ipsec_policy_log_interval", MOD_PROTO_IP,
669 668 mod_set_uint32, mod_get_uint32,
670 669 {0, 999999, 0}, {0} },
671 670
672 671 /* tunable - 40 */
673 672 { "_pim_accept_clear_messages", MOD_PROTO_IP,
674 673 mod_set_boolean, mod_get_boolean,
675 674 {B_TRUE}, {B_TRUE} },
676 675
677 676 { "_ndp_unsolicit_interval", MOD_PROTO_IP,
678 677 mod_set_uint32, mod_get_uint32,
679 678 {1000, 20000, 2000}, {2000} },
680 679
681 680 { "_ndp_unsolicit_count", MOD_PROTO_IP,
682 681 mod_set_uint32, mod_get_uint32,
683 682 {1, 20, 3}, {3} },
684 683
685 684 { "_ignore_home_address_opt", MOD_PROTO_IPV6,
686 685 mod_set_boolean, mod_get_boolean,
687 686 {B_TRUE}, {B_TRUE} },
688 687
689 688 { "_policy_mask", MOD_PROTO_IP,
690 689 mod_set_uint32, mod_get_uint32,
691 690 {0, 15, 0}, {0} },
692 691
693 692 { "_ecmp_behavior", MOD_PROTO_IP,
694 693 mod_set_uint32, mod_get_uint32,
695 694 {0, 2, 2}, {2} },
696 695
697 696 { "_multirt_ttl", MOD_PROTO_IP,
698 697 mod_set_uint32, mod_get_uint32,
699 698 {0, 255, 1}, {1} },
700 699
701 700 /* following tunable is in seconds - a deviant */
702 701 { "_ire_badcnt_lifetime", MOD_PROTO_IP,
703 702 mod_set_uint32, mod_get_uint32,
704 703 {0, 3600, 60}, {60} },
705 704
706 705 { "_max_temp_idle", MOD_PROTO_IP,
707 706 mod_set_uint32, mod_get_uint32,
708 707 {0, 999999, 60*60*24}, {60*60*24} },
709 708
710 709 { "_max_temp_defend", MOD_PROTO_IP,
711 710 mod_set_uint32, mod_get_uint32,
712 711 {0, 1000, 1}, {1} },
713 712
714 713 /* tunable - 50 */
715 714 /*
716 715 * when a conflict of an active address is detected,
717 716 * defend up to ip_max_defend times, within any
718 717 * ip_defend_interval span.
719 718 */
720 719 { "_max_defend", MOD_PROTO_IP,
721 720 mod_set_uint32, mod_get_uint32,
722 721 {0, 1000, 3}, {3} },
723 722
724 723 { "_defend_interval", MOD_PROTO_IP,
725 724 mod_set_uint32, mod_get_uint32,
726 725 {0, 999999, 30}, {30} },
727 726
728 727 { "_dup_recovery", MOD_PROTO_IP,
729 728 mod_set_uint32, mod_get_uint32,
730 729 {0, 3600000, 300000}, {300000} },
731 730
732 731 { "_restrict_interzone_loopback", MOD_PROTO_IP,
733 732 mod_set_boolean, mod_get_boolean,
734 733 {B_TRUE}, {B_TRUE} },
735 734
736 735 { "_lso_outbound", MOD_PROTO_IP,
737 736 mod_set_boolean, mod_get_boolean,
738 737 {B_TRUE}, {B_TRUE} },
739 738
740 739 { "_igmp_max_version", MOD_PROTO_IP,
741 740 mod_set_uint32, mod_get_uint32,
742 741 {IGMP_V1_ROUTER, IGMP_V3_ROUTER, IGMP_V3_ROUTER},
743 742 {IGMP_V3_ROUTER} },
744 743
745 744 { "_mld_max_version", MOD_PROTO_IP,
746 745 mod_set_uint32, mod_get_uint32,
747 746 {MLD_V1_ROUTER, MLD_V2_ROUTER, MLD_V2_ROUTER}, {MLD_V2_ROUTER} },
748 747
749 748 { "forwarding", MOD_PROTO_IPV4,
750 749 ip_set_forwarding, ip_get_forwarding,
751 750 {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} },
752 751
753 752 { "forwarding", MOD_PROTO_IPV6,
754 753 ip_set_forwarding, ip_get_forwarding,
755 754 {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} },
756 755
757 756 { "_reasm_timeout", MOD_PROTO_IPV4,
758 757 mod_set_uint32, mod_get_uint32,
759 758 {5, 255, IP_REASM_TIMEOUT},
760 759 {IP_REASM_TIMEOUT} },
761 760
762 761 /* tunable - 60 */
763 762 { "_reasm_timeout", MOD_PROTO_IPV6,
764 763 mod_set_uint32, mod_get_uint32,
765 764 {5, 255, IPV6_REASM_TIMEOUT},
766 765 {IPV6_REASM_TIMEOUT} },
767 766
768 767 { "_cgtp_filter", MOD_PROTO_IP,
769 768 ip_set_cgtp_filter, mod_get_boolean,
770 769 {B_FALSE}, {B_FALSE} },
771 770
772 771 /* delay before sending first probe: */
773 772 { "_arp_probe_delay", MOD_PROTO_IP,
774 773 mod_set_uint32, mod_get_uint32,
775 774 {0, 20000, 1000}, {1000} },
776 775
777 776 { "_arp_fastprobe_delay", MOD_PROTO_IP,
778 777 mod_set_uint32, mod_get_uint32,
779 778 {0, 20000, 100}, {100} },
780 779
781 780 /* interval at which DAD probes are sent: */
782 781 { "_arp_probe_interval", MOD_PROTO_IP,
783 782 mod_set_uint32, mod_get_uint32,
784 783 {10, 20000, 1500}, {1500} },
785 784
786 785 { "_arp_fastprobe_interval", MOD_PROTO_IP,
787 786 mod_set_uint32, mod_get_uint32,
788 787 {10, 20000, 150}, {150} },
789 788
790 789 { "_arp_probe_count", MOD_PROTO_IP,
791 790 mod_set_uint32, mod_get_uint32,
792 791 {0, 20, 3}, {3} },
793 792
794 793 { "_arp_fastprobe_count", MOD_PROTO_IP,
795 794 mod_set_uint32, mod_get_uint32,
796 795 {0, 20, 3}, {3} },
797 796
798 797 { "_dad_announce_interval", MOD_PROTO_IPV4,
799 798 mod_set_uint32, mod_get_uint32,
800 799 {0, 3600000, 15000}, {15000} },
801 800
802 801 { "_dad_announce_interval", MOD_PROTO_IPV6,
803 802 mod_set_uint32, mod_get_uint32,
804 803 {0, 3600000, 15000}, {15000} },
805 804
806 805 /* tunable - 70 */
807 806 /*
808 807 * Rate limiting parameters for DAD defense used in
809 808 * ill_defend_rate_limit():
810 809 * defend_rate : pkts/hour permitted
811 810 * defend_interval : time that can elapse before we send out a
812 811 * DAD defense.
813 812 * defend_period: denominator for defend_rate (in seconds).
814 813 */
815 814 { "_arp_defend_interval", MOD_PROTO_IP,
816 815 mod_set_uint32, mod_get_uint32,
817 816 {0, 3600000, 300000}, {300000} },
818 817
819 818 { "_arp_defend_rate", MOD_PROTO_IP,
820 819 mod_set_uint32, mod_get_uint32,
821 820 {0, 20000, 100}, {100} },
822 821
823 822 { "_ndp_defend_interval", MOD_PROTO_IP,
824 823 mod_set_uint32, mod_get_uint32,
825 824 {0, 3600000, 300000}, {300000} },
826 825
827 826 { "_ndp_defend_rate", MOD_PROTO_IP,
828 827 mod_set_uint32, mod_get_uint32,
829 828 {0, 20000, 100}, {100} },
830 829
831 830 { "_arp_defend_period", MOD_PROTO_IP,
832 831 mod_set_uint32, mod_get_uint32,
833 832 {5, 86400, 3600}, {3600} },
834 833
835 834 { "_ndp_defend_period", MOD_PROTO_IP,
836 835 mod_set_uint32, mod_get_uint32,
837 836 {5, 86400, 3600}, {3600} },
838 837
839 838 { "_icmp_return_pmtu", MOD_PROTO_IPV4,
840 839 mod_set_boolean, mod_get_boolean,
841 840 {B_TRUE}, {B_TRUE} },
842 841
843 842 { "_icmp_return_pmtu", MOD_PROTO_IPV6,
844 843 mod_set_boolean, mod_get_boolean,
845 844 {B_TRUE}, {B_TRUE} },
846 845
847 846 /*
848 847 * publish count/interval values used to announce local addresses
849 848 * for IPv4, IPv6.
850 849 */
851 850 { "_arp_publish_count", MOD_PROTO_IP,
852 851 mod_set_uint32, mod_get_uint32,
853 852 {1, 20, 5}, {5} },
854 853
855 854 { "_arp_publish_interval", MOD_PROTO_IP,
856 855 mod_set_uint32, mod_get_uint32,
857 856 {1000, 20000, 2000}, {2000} },
858 857
859 858 /* tunable - 80 */
860 859 /*
861 860 * The ip*strict_src_multihoming and ip*strict_dst_multihoming provide
862 861 * a range of choices for setting strong/weak/preferred end-system
863 862 * behavior. The semantics for setting these are:
864 863 *
865 864 * ip*_strict_dst_multihoming = 0
866 865 * weak end system model for managing ip destination addresses.
867 866 * A packet with IP dst D1 that's received on interface I1 will be
868 867 * accepted as long as D1 is one of the local addresses on
869 868 * the machine, even if D1 is not configured on I1.
870 869 * ip*strict_dst_multihioming = 1
871 870 * strong end system model for managing ip destination addresses.
872 871 * A packet with IP dst D1 that's received on interface I1 will be
873 872 * accepted if, and only if, D1 is configured on I1.
874 873 *
875 874 * ip*strict_src_multihoming = 0
876 875 * Source agnostic route selection for outgoing packets: the
877 876 * outgoing interface for a packet will be computed using
878 877 * default algorithms for route selection, where the route
879 878 * with the longest matching prefix is chosen for the output
880 879 * unless other route selection constraints are explicitly
881 880 * specified during routing table lookup. This may result
882 881 * in packet being sent out on interface I2 with source
883 882 * address S1, even though S1 is not a configured address on I2.
884 883 * ip*strict_src_multihoming = 1
885 884 * Preferred source aware route selection for outgoing packets: for
886 885 * a packet with source S2, destination D2, the route selection
887 886 * algorithm will first attempt to find a route for the destination
888 887 * that goes out through an interface where S2 is
889 888 * configured. If such a route cannot be found, then the
890 889 * best-matching route for D2 will be selected.
891 890 * ip*strict_src_multihoming = 2
892 891 * Source aware route selection for outgoing packets: a packet will
893 892 * be sent out on an interface I2 only if the src address S2 of the
894 893 * packet is a configured address on I2. In conjunction with
895 894 * the setting 'ip_strict_dst_multihoming == 1', this will result in
896 895 * the implementation of Strong ES as defined in Section 3.3.4.2 of
897 896 * RFC 1122
898 897 */
899 898 { "_strict_src_multihoming", MOD_PROTO_IPV4,
900 899 ip_set_src_multihoming, mod_get_uint32,
901 900 {0, 2, 0}, {0} },
902 901
903 902 { "_strict_src_multihoming", MOD_PROTO_IPV6,
904 903 ip_set_src_multihoming, mod_get_uint32,
905 904 {0, 2, 0}, {0} },
906 905
907 906 #ifdef DEBUG
908 907 { "_drop_inbound_icmpv6", MOD_PROTO_IPV6,
909 908 mod_set_boolean, mod_get_boolean,
910 909 {B_FALSE}, {B_FALSE} },
911 910 #else
912 911 { "", 0, NULL, NULL, {0}, {0} },
913 912 #endif
914 913
915 914 { "_dce_reclaim_threshold", MOD_PROTO_IP,
916 915 mod_set_uint32, mod_get_uint32,
917 916 {1, 100000, 32}, {32} },
918 917
919 918 { "mtu", MOD_PROTO_IPV4, NULL, ip_get_mtu, {0}, {0} },
920 919
921 920 { "mtu", MOD_PROTO_IPV6, NULL, ip_get_mtu, {0}, {0} },
922 921
923 922 /*
924 923 * The following entry is a placeholder for `ip_debug' global
925 924 * variable. Within these callback functions, we will be
926 925 * setting/getting the global variable
927 926 */
928 927 { "_debug", MOD_PROTO_IP,
929 928 ip_set_debug, ip_get_debug,
930 929 {0, 20, 0}, {0} },
931 930
932 931 { "hostmodel", MOD_PROTO_IPV4, ip_set_hostmodel, ip_get_hostmodel,
933 932 {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} },
934 933
935 934 { "hostmodel", MOD_PROTO_IPV6, ip_set_hostmodel, ip_get_hostmodel,
936 935 {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} },
937 936
938 937 { "?", MOD_PROTO_IP, NULL, mod_get_allprop, {0}, {0} },
939 938
940 939 { NULL, 0, NULL, NULL, {0}, {0} }
941 940 };
942 941
943 942 int ip_propinfo_count = A_CNT(ip_propinfo_tbl);
|
↓ open down ↓ |
910 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX