search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge commit 'b1e7e97d3b60469b243b3b2e22c7d8cbd11c7c90'
[unleashed.git] / kernel / net / ip / ip_tunables.c
blobaa527cd42a3659fe2a07b62084eb5237c7c3c7cb
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2013 by Delphix. All rights reserved.
24 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
25 */
26 /* Copyright (c) 1990 Mentat Inc. */
27
28 #include <inet/ip.h>
29 #include <inet/ip6.h>
30 #include <inet/ip_if.h>
31 #include <inet/ip_ire.h>
32 #include <inet/ipclassifier.h>
33 #include <inet/ip_impl.h>
34 #include <inet/tunables.h>
35 #include <sys/sunddi.h>
36 #include <sys/policy.h>
37
38 /* How long, in seconds, we allow frags to hang around. */
39 #define IP_REASM_TIMEOUT 15
40 #define IPV6_REASM_TIMEOUT 60
41
42 /*
43 * Set ip{,6}_forwarding values. If the value is being set on an ill,
44 * find the ill and set the value on it. On the other hand if we are modifying
45 * global property, modify the global value and set the value on all the ills.
46 */
47 /* ARGSUSED */
48 static int
49 ip_set_forwarding(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
50 const char *ifname, const void* pval, uint_t flags)
51 {
52 char *end;
53 unsigned long new_value;
54 boolean_t per_ill, isv6;
55 ill_walk_context_t ctx;
56 ill_t *ill;
57 ip_stack_t *ipst = stack->netstack_ip;
58
59 if (flags & MOD_PROP_DEFAULT) {
60 new_value = pinfo->prop_def_bval;
61 } else {
62 if (ddi_strtoul(pval, &end, 10, &new_value) != 0 ||
63 *end != '\0')
64 return (EINVAL);
65 if (new_value != B_TRUE && new_value != B_FALSE)
66 return (EINVAL);
67 }
68
69 per_ill = (ifname != NULL && ifname[0] != '\0');
70 /*
71 * if it's not per ill then set the global property and bring all the
72 * ills up to date with the new global value.
73 */
74 if (!per_ill)
75 pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE);
76
77 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
78 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
79 if (isv6)
80 ill = ILL_START_WALK_V6(&ctx, ipst);
81 else
82 ill = ILL_START_WALK_V4(&ctx, ipst);
83
84 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
85 /*
86 * if the property needs to be set on a particular
87 * interface, look for that interface.
88 */
89 if (per_ill && strcmp(ifname, ill->ill_name) != 0)
90 continue;
91 (void) ill_forward_set(ill, new_value != 0);
92 }
93 rw_exit(&ipst->ips_ill_g_lock);
94
95 return (0);
96 }
97
98 static int
99 ip_get_forwarding(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
100 void *pval, uint_t pr_size, uint_t flags)
101 {
102 boolean_t value;
103 ill_walk_context_t ctx;
104 ill_t *ill;
105 ip_stack_t *ipst = stack->netstack_ip;
106 boolean_t get_def = (flags & MOD_PROP_DEFAULT);
107 boolean_t get_perm = (flags & MOD_PROP_PERM);
108 boolean_t isv6;
109 size_t nbytes = 0;
110
111 if (get_perm) {
112 nbytes = snprintf(pval, pr_size, "%d", MOD_PROP_PERM_RW);
113 goto ret;
114 } else if (get_def) {
115 nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_def_bval);
116 goto ret;
117 }
118
119 /*
120 * if per interface value is not asked for return the current
121 * global value
122 */
123 if (ifname == NULL || ifname[0] == '\0') {
124 nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_cur_bval);
125 goto ret;
126 }
127
128 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
129 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
130 if (isv6)
131 ill = ILL_START_WALK_V6(&ctx, ipst);
132 else
133 ill = ILL_START_WALK_V4(&ctx, ipst);
134 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
135 /*
136 * if the property needs to be obtained on a particular
137 * interface, look for that interface.
138 */
139 if (strcmp(ifname, ill->ill_name) == 0)
140 break;
141 }
142 if (ill == NULL) {
143 rw_exit(&ipst->ips_ill_g_lock);
144 return (ENXIO);
145 }
146 value = ((ill->ill_flags & ILLF_ROUTER) ? B_TRUE : B_FALSE);
147 rw_exit(&ipst->ips_ill_g_lock);
148 nbytes = snprintf(pval, pr_size, "%d", value);
149 ret:
150 if (nbytes >= pr_size)
151 return (ENOBUFS);
152 return (0);
153 }
154
155 /*
156 * `ip_debug' is a global variable. So, we will be modifying the global
157 * variable here.
158 */
159 /* ARGSUSED */
160 int
161 ip_set_debug(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
162 const char *ifname, const void* pval, uint_t flags)
163 {
164 unsigned long new_value;
165 int err;
166
167 if (cr != NULL && secpolicy_net_config(cr, B_FALSE) != 0)
168 return (EPERM);
169
170 if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0)
171 return (err);
172 ip_debug = (uint32_t)new_value;
173 return (0);
174 }
175
176 /*
177 * ip_debug is a global property. For default, permission and value range
178 * we retrieve the value from `pinfo'. However for the current value we
179 * retrieve the value from the global variable `ip_debug'
180 */
181 /* ARGSUSED */
182 int
183 ip_get_debug(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
184 void *pval, uint_t psize, uint_t flags)
185 {
186 boolean_t get_def = (flags & MOD_PROP_DEFAULT);
187 boolean_t get_perm = (flags & MOD_PROP_PERM);
188 boolean_t get_range = (flags & MOD_PROP_POSSIBLE);
189 size_t nbytes;
190
191 bzero(pval, psize);
192 if (get_perm)
193 nbytes = snprintf(pval, psize, "%u", MOD_PROP_PERM_RW);
194 else if (get_range)
195 nbytes = snprintf(pval, psize, "%u-%u",
196 pinfo->prop_min_uval, pinfo->prop_max_uval);
197 else if (get_def)
198 nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_uval);
199 else
200 nbytes = snprintf(pval, psize, "%u", ip_debug);
201 if (nbytes >= psize)
202 return (ENOBUFS);
203 return (0);
204 }
205
206 /*
207 * Retrieve the default MTU or min-max MTU range for a given interface.
208 *
209 * -- ill_max_frag value tells us the maximum MTU that can be handled by the
210 * datalink. This value is advertised by the driver via DLPI messages
211 * (DL_NOTE_SDU_SIZE/DL_INFO_ACK).
212 *
213 * -- ill_current_frag for the most link-types will be same as ill_max_frag
214 * to begin with. However it is dynamically computed for some link-types
215 * like tunnels, based on the tunnel PMTU.
216 *
217 * -- ill_mtu is the user set MTU using SIOCSLIFMTU and must lie between
218 * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
219 *
220 * -- ill_user_mtu is set by in.ndpd using SIOCSLIFLNKINFO and must lie between
221 * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
222 */
223 int
224 ip_get_mtu(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
225 void *pval, uint_t psize, uint_t flags)
226 {
227 ill_walk_context_t ctx;
228 ill_t *ill;
229 ip_stack_t *ipst = stack->netstack_ip;
230 boolean_t isv6;
231 uint32_t max_mtu, def_mtu;
232 size_t nbytes = 0;
233
234 if (!(flags & (MOD_PROP_DEFAULT|MOD_PROP_POSSIBLE)))
235 return (ENOTSUP);
236
237 if (ifname == NULL || ifname[0] == '\0')
238 return (ENOTSUP);
239
240 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
241 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
242 if (isv6)
243 ill = ILL_START_WALK_V6(&ctx, ipst);
244 else
245 ill = ILL_START_WALK_V4(&ctx, ipst);
246 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
247 if (strcmp(ifname, ill->ill_name) == 0)
248 break;
249 }
250 if (ill == NULL) {
251 rw_exit(&ipst->ips_ill_g_lock);
252 return (ENXIO);
253 }
254 max_mtu = ill->ill_max_frag;
255 def_mtu = ill->ill_current_frag;
256 rw_exit(&ipst->ips_ill_g_lock);
257
258 if (flags & MOD_PROP_DEFAULT) {
259 nbytes = snprintf(pval, psize, "%u", def_mtu);
260 } else if (flags & MOD_PROP_POSSIBLE) {
261 uint32_t min_mtu;
262
263 min_mtu = isv6 ? IPV6_MIN_MTU : IP_MIN_MTU;
264 nbytes = snprintf(pval, psize, "%u-%u", min_mtu, max_mtu);
265 } else {
266 return (ENOTSUP);
267 }
268
269 if (nbytes >= psize)
270 return (ENOBUFS);
271 return (0);
272 }
273
274 /*
275 * See the comments for ip[6]_strict_src_multihoming for an explanation
276 * of the semanitcs.
277 */
278 void
279 ip_set_src_multihoming_common(ulong_t new_value, ulong_t old_value,
280 boolean_t isv6, ip_stack_t *ipst)
281 {
282 if (isv6)
283 ipst->ips_ipv6_strict_src_multihoming = new_value;
284 else
285 ipst->ips_ip_strict_src_multihoming = new_value;
286 if (new_value != old_value) {
287 if (!isv6) {
288 if (old_value == 0) {
289 ire_walk_v4(ip_ire_rebind_walker, NULL,
290 ALL_ZONES, ipst);
291 } else if (new_value == 0) {
292 ire_walk_v4(ip_ire_unbind_walker, NULL,
293 ALL_ZONES, ipst);
294 }
295 ipcl_walk(conn_ire_revalidate, (void *)B_FALSE, ipst);
296 } else {
297 if (old_value == 0) {
298 ire_walk_v6(ip_ire_rebind_walker, NULL,
299 ALL_ZONES, ipst);
300 } else if (new_value == 0) {
301 ire_walk_v6(ip_ire_unbind_walker, NULL,
302 ALL_ZONES, ipst);
303 }
304 ipcl_walk(conn_ire_revalidate, (void *)B_TRUE, ipst);
305 }
306 }
307 }
308
309 /* ARGSUSED */
310 static int
311 ip_set_src_multihoming(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
312 const char *ifname, const void* pval, uint_t flags)
313 {
314 unsigned long new_value, old_value;
315 boolean_t isv6;
316 ip_stack_t *ipst = stack->netstack_ip;
317 int err;
318
319 old_value = pinfo->prop_cur_uval;
320
321 if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0)
322 return (err);
323 pinfo->prop_cur_uval = new_value;
324 isv6 = (strcmp(pinfo->mpi_name, "ip6_strict_src_multihoming") == 0);
325 ip_set_src_multihoming_common(new_value, old_value, isv6, ipst);
326 return (0);
327 }
328
329
330 /* ARGSUSED */
331 static int
332 ip_set_hostmodel(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
333 const char *ifname, const void* pval, uint_t flags)
334 {
335 ip_hostmodel_t new_value, old_value;
336 ip_stack_t *ipst = stack->netstack_ip;
337 uint32_t old_src_multihoming;
338 int err;
339 ulong_t tmp;
340 boolean_t isv6;
341
342 old_value = pinfo->prop_cur_uval;
343
344 if ((err = mod_uint32_value(pval, pinfo, flags, &tmp)) != 0)
345 return (err);
346 new_value = tmp;
347 pinfo->prop_cur_uval = new_value;
348
349 switch (old_value) {
350 case IP_WEAK_ES:
351 old_src_multihoming = 0;
352 break;
353 case IP_SRC_PRI_ES:
354 old_src_multihoming = 1;
355 break;
356 case IP_STRONG_ES:
357 old_src_multihoming = 2;
358 break;
359 default:
360 ASSERT(0);
361 old_src_multihoming = IP_MAXVAL_ES;
362 break;
363 }
364 /*
365 * Changes to src_multihoming may require ire's to be rebound/unbound,
366 * and also require generation number resets. Changes to dst_multihoming
367 * require a simple reset of the value.
368 */
369 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6);
370 if (new_value != old_value) {
371 switch (new_value) {
372 case IP_WEAK_ES:
373 ip_set_src_multihoming_common(0, old_src_multihoming,
374 isv6, ipst);
375 if (isv6)
376 ipst->ips_ipv6_strict_dst_multihoming = 0;
377 else
378 ipst->ips_ip_strict_dst_multihoming = 0;
379 break;
380 case IP_SRC_PRI_ES:
381 ip_set_src_multihoming_common(1, old_src_multihoming,
382 isv6, ipst);
383 if (isv6)
384 ipst->ips_ipv6_strict_dst_multihoming = 0;
385 else
386 ipst->ips_ip_strict_dst_multihoming = 0;
387 break;
388 case IP_STRONG_ES:
389 ip_set_src_multihoming_common(2, old_src_multihoming,
390 isv6, ipst);
391 if (isv6)
392 ipst->ips_ipv6_strict_dst_multihoming = 1;
393 else
394 ipst->ips_ip_strict_dst_multihoming = 1;
395 break;
396 default:
397 return (EINVAL);
398 }
399 }
400 return (0);
401 }
402
403 /* ARGSUSED */
404 int
405 ip_get_hostmodel(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
406 void *pval, uint_t psize, uint_t flags)
407 {
408 boolean_t isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6);
409 ip_stack_t *ipst = stack->netstack_ip;
410 ip_hostmodel_t hostmodel;
411
412 if (psize < sizeof (hostmodel))
413 return (ENOBUFS);
414 bzero(pval, psize);
415 if (!isv6) {
416 if (ipst->ips_ip_strict_src_multihoming == 0 &&
417 ipst->ips_ip_strict_dst_multihoming == 0)
418 hostmodel = IP_WEAK_ES;
419 else if (ipst->ips_ip_strict_src_multihoming == 1 &&
420 ipst->ips_ip_strict_dst_multihoming == 0)
421 hostmodel = IP_SRC_PRI_ES;
422 else if (ipst->ips_ip_strict_src_multihoming == 2 &&
423 ipst->ips_ip_strict_dst_multihoming == 1)
424 hostmodel = IP_STRONG_ES;
425 else
426 hostmodel = IP_MAXVAL_ES;
427 } else {
428 if (ipst->ips_ipv6_strict_src_multihoming == 0 &&
429 ipst->ips_ipv6_strict_dst_multihoming == 0)
430 hostmodel = IP_WEAK_ES;
431 else if (ipst->ips_ipv6_strict_src_multihoming == 1 &&
432 ipst->ips_ipv6_strict_dst_multihoming == 0)
433 hostmodel = IP_SRC_PRI_ES;
434 else if (ipst->ips_ipv6_strict_src_multihoming == 2 &&
435 ipst->ips_ipv6_strict_dst_multihoming == 1)
436 hostmodel = IP_STRONG_ES;
437 else
438 hostmodel = IP_MAXVAL_ES;
439 }
440 bcopy(&hostmodel, pval, sizeof (hostmodel));
441 return (0);
442 }
443
444 /*
445 * All of these are alterable, within the min/max values given, at run time.
446 *
447 * Note: All those tunables which do not start with "_" are Committed and
448 * therefore are public. See PSARC 2010/080.
449 */
450 mod_prop_info_t ip_propinfo_tbl[] = {
451 /* tunable - 0 */
452 { "_respond_to_address_mask_broadcast", MOD_PROTO_IP,
453 mod_set_boolean, mod_get_boolean,
454 {B_FALSE}, {B_FALSE} },
455
456 { "_respond_to_echo_broadcast", MOD_PROTO_IP,
457 mod_set_boolean, mod_get_boolean,
458 {B_TRUE}, {B_TRUE} },
459
460 { "_respond_to_echo_multicast", MOD_PROTO_IPV4,
461 mod_set_boolean, mod_get_boolean,
462 {B_TRUE}, {B_TRUE} },
463
464 { "_respond_to_timestamp", MOD_PROTO_IP,
465 mod_set_boolean, mod_get_boolean,
466 {B_FALSE}, {B_FALSE} },
467
468 { "_respond_to_timestamp_broadcast", MOD_PROTO_IP,
469 mod_set_boolean, mod_get_boolean,
470 {B_FALSE}, {B_FALSE} },
471
472 { "_send_redirects", MOD_PROTO_IPV4,
473 mod_set_boolean, mod_get_boolean,
474 {B_TRUE}, {B_TRUE} },
475
476 { "_forward_directed_broadcasts", MOD_PROTO_IP,
477 mod_set_boolean, mod_get_boolean,
478 {B_FALSE}, {B_FALSE} },
479
480 { "_mrtdebug", MOD_PROTO_IP,
481 mod_set_uint32, mod_get_uint32,
482 {0, 10, 0}, {0} },
483
484 { "_ire_reclaim_fraction", MOD_PROTO_IP,
485 mod_set_uint32, mod_get_uint32,
486 {1, 8, 3}, {3} },
487
488 { "_nce_reclaim_fraction", MOD_PROTO_IP,
489 mod_set_uint32, mod_get_uint32,
490 {1, 8, 3}, {3} },
491
492 /* tunable - 10 */
493 { "_dce_reclaim_fraction", MOD_PROTO_IP,
494 mod_set_uint32, mod_get_uint32,
495 {1, 8, 3}, {3} },
496
497 { "ttl", MOD_PROTO_IPV4,
498 mod_set_uint32, mod_get_uint32,
499 {1, 255, 255}, {255} },
500
501 { "_forward_src_routed", MOD_PROTO_IPV4,
502 mod_set_boolean, mod_get_boolean,
503 {B_FALSE}, {B_FALSE} },
504
505 { "_wroff_extra", MOD_PROTO_IP,
506 mod_set_uint32, mod_get_uint32,
507 {0, 256, 32}, {32} },
508
509 /* following tunable is in seconds - a deviant! */
510 { "_pathmtu_interval", MOD_PROTO_IP,
511 mod_set_uint32, mod_get_uint32,
512 {2, 999999999, 60*20}, {60*20} },
513
514 { "_icmp_return_data_bytes", MOD_PROTO_IPV4,
515 mod_set_uint32, mod_get_uint32,
516 {8, 65536, 64}, {64} },
517
518 { "_path_mtu_discovery", MOD_PROTO_IP,
519 mod_set_boolean, mod_get_boolean,
520 {B_TRUE}, {B_TRUE} },
521
522 { "_pmtu_min", MOD_PROTO_IP,
523 mod_set_uint32, mod_get_uint32,
524 {68, 65535, 576}, {576} },
525
526 { "_ignore_redirect", MOD_PROTO_IPV4,
527 mod_set_boolean, mod_get_boolean,
528 {B_FALSE}, {B_FALSE} },
529
530 { "_arp_icmp_error", MOD_PROTO_IP,
531 mod_set_boolean, mod_get_boolean,
532 {B_FALSE}, {B_FALSE} },
533
534 /* tunable - 20 */
535 { "_broadcast_ttl", MOD_PROTO_IP,
536 mod_set_uint32, mod_get_uint32,
537 {1, 254, 1}, {1} },
538
539 { "_icmp_err_interval", MOD_PROTO_IP,
540 mod_set_uint32, mod_get_uint32,
541 {0, 99999, 100}, {100} },
542
543 { "_icmp_err_burst", MOD_PROTO_IP,
544 mod_set_uint32, mod_get_uint32,
545 {1, 99999, 10}, {10} },
546
547 { "_reass_queue_bytes", MOD_PROTO_IP,
548 mod_set_uint32, mod_get_uint32,
549 {0, 999999999, 1000000}, {1000000} },
550
551 /*
552 * See comments for ip_strict_src_multihoming for an explanation
553 * of the semantics of ip_strict_dst_multihoming
554 */
555 { "_strict_dst_multihoming", MOD_PROTO_IPV4,
556 mod_set_uint32, mod_get_uint32,
557 {0, 1, 0}, {0} },
558
559 { "_addrs_per_if", MOD_PROTO_IP,
560 mod_set_uint32, mod_get_uint32,
561 {1, MAX_ADDRS_PER_IF, 256}, {256} },
562
563 { "_ipsec_override_persocket_policy", MOD_PROTO_IP,
564 mod_set_boolean, mod_get_boolean,
565 {B_FALSE}, {B_FALSE} },
566
567 { "_icmp_accept_clear_messages", MOD_PROTO_IP,
568 mod_set_boolean, mod_get_boolean,
569 {B_TRUE}, {B_TRUE} },
570
571 { "_igmp_accept_clear_messages", MOD_PROTO_IP,
572 mod_set_boolean, mod_get_boolean,
573 {B_TRUE}, {B_TRUE} },
574
575 { "_ndp_delay_first_probe_time", MOD_PROTO_IP,
576 mod_set_uint32, mod_get_uint32,
577 {2, 999999999, ND_DELAY_FIRST_PROBE_TIME},
578 {ND_DELAY_FIRST_PROBE_TIME} },
579
580 /* tunable - 30 */
581 { "_ndp_max_unicast_solicit", MOD_PROTO_IP,
582 mod_set_uint32, mod_get_uint32,
583 {1, 999999999, ND_MAX_UNICAST_SOLICIT}, {ND_MAX_UNICAST_SOLICIT} },
584
585 { "hoplimit", MOD_PROTO_IPV6,
586 mod_set_uint32, mod_get_uint32,
587 {1, 255, IPV6_MAX_HOPS}, {IPV6_MAX_HOPS} },
588
589 { "_icmp_return_data_bytes", MOD_PROTO_IPV6,
590 mod_set_uint32, mod_get_uint32,
591 {8, IPV6_MIN_MTU, IPV6_MIN_MTU}, {IPV6_MIN_MTU} },
592
593 { "_forward_src_routed", MOD_PROTO_IPV6,
594 mod_set_boolean, mod_get_boolean,
595 {B_FALSE}, {B_FALSE} },
596
597 { "_respond_to_echo_multicast", MOD_PROTO_IPV6,
598 mod_set_boolean, mod_get_boolean,
599 {B_TRUE}, {B_TRUE} },
600
601 { "_send_redirects", MOD_PROTO_IPV6,
602 mod_set_boolean, mod_get_boolean,
603 {B_TRUE}, {B_TRUE} },
604
605 { "_ignore_redirect", MOD_PROTO_IPV6,
606 mod_set_boolean, mod_get_boolean,
607 {B_FALSE}, {B_FALSE} },
608
609 /*
610 * See comments for ip6_strict_src_multihoming for an explanation
611 * of the semantics of ip6_strict_dst_multihoming
612 */
613 { "_strict_dst_multihoming", MOD_PROTO_IPV6,
614 mod_set_uint32, mod_get_uint32,
615 {0, 1, 0}, {0} },
616
617 { "_src_check", MOD_PROTO_IP,
618 mod_set_uint32, mod_get_uint32,
619 {0, 2, 2}, {2} },
620
621 { "_ipsec_policy_log_interval", MOD_PROTO_IP,
622 mod_set_uint32, mod_get_uint32,
623 {0, 999999, 0}, {0} },
624
625 /* tunable - 40 */
626 { "_pim_accept_clear_messages", MOD_PROTO_IP,
627 mod_set_boolean, mod_get_boolean,
628 {B_TRUE}, {B_TRUE} },
629
630 { "_ndp_unsolicit_interval", MOD_PROTO_IP,
631 mod_set_uint32, mod_get_uint32,
632 {1000, 20000, 2000}, {2000} },
633
634 { "_ndp_unsolicit_count", MOD_PROTO_IP,
635 mod_set_uint32, mod_get_uint32,
636 {1, 20, 3}, {3} },
637
638 { "_ignore_home_address_opt", MOD_PROTO_IPV6,
639 mod_set_boolean, mod_get_boolean,
640 {B_TRUE}, {B_TRUE} },
641
642 { "_policy_mask", MOD_PROTO_IP,
643 mod_set_uint32, mod_get_uint32,
644 {0, 15, 0}, {0} },
645
646 { "_ecmp_behavior", MOD_PROTO_IP,
647 mod_set_uint32, mod_get_uint32,
648 {0, 2, 2}, {2} },
649
650 /* following tunable is in seconds - a deviant */
651 { "_ire_badcnt_lifetime", MOD_PROTO_IP,
652 mod_set_uint32, mod_get_uint32,
653 {0, 3600, 60}, {60} },
654
655 { "_max_temp_idle", MOD_PROTO_IP,
656 mod_set_uint32, mod_get_uint32,
657 {0, 999999, 60*60*24}, {60*60*24} },
658
659 { "_max_temp_defend", MOD_PROTO_IP,
660 mod_set_uint32, mod_get_uint32,
661 {0, 1000, 1}, {1} },
662
663 /* tunable - 50 */
664 /*
665 * when a conflict of an active address is detected,
666 * defend up to ip_max_defend times, within any
667 * ip_defend_interval span.
668 */
669 { "_max_defend", MOD_PROTO_IP,
670 mod_set_uint32, mod_get_uint32,
671 {0, 1000, 3}, {3} },
672
673 { "_defend_interval", MOD_PROTO_IP,
674 mod_set_uint32, mod_get_uint32,
675 {0, 999999, 30}, {30} },
676
677 { "_dup_recovery", MOD_PROTO_IP,
678 mod_set_uint32, mod_get_uint32,
679 {0, 3600000, 300000}, {300000} },
680
681 { "_restrict_interzone_loopback", MOD_PROTO_IP,
682 mod_set_boolean, mod_get_boolean,
683 {B_TRUE}, {B_TRUE} },
684
685 { "_lso_outbound", MOD_PROTO_IP,
686 mod_set_boolean, mod_get_boolean,
687 {B_TRUE}, {B_TRUE} },
688
689 { "_igmp_max_version", MOD_PROTO_IP,
690 mod_set_uint32, mod_get_uint32,
691 {IGMP_V1_ROUTER, IGMP_V3_ROUTER, IGMP_V3_ROUTER},
692 {IGMP_V3_ROUTER} },
693
694 { "_mld_max_version", MOD_PROTO_IP,
695 mod_set_uint32, mod_get_uint32,
696 {MLD_V1_ROUTER, MLD_V2_ROUTER, MLD_V2_ROUTER}, {MLD_V2_ROUTER} },
697
698 { "forwarding", MOD_PROTO_IPV4,
699 ip_set_forwarding, ip_get_forwarding,
700 {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} },
701
702 { "forwarding", MOD_PROTO_IPV6,
703 ip_set_forwarding, ip_get_forwarding,
704 {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} },
705
706 { "_reasm_timeout", MOD_PROTO_IPV4,
707 mod_set_uint32, mod_get_uint32,
708 {5, 255, IP_REASM_TIMEOUT},
709 {IP_REASM_TIMEOUT} },
710
711 /* tunable - 60 */
712 { "_reasm_timeout", MOD_PROTO_IPV6,
713 mod_set_uint32, mod_get_uint32,
714 {5, 255, IPV6_REASM_TIMEOUT},
715 {IPV6_REASM_TIMEOUT} },
716
717 /* delay before sending first probe: */
718 { "_arp_probe_delay", MOD_PROTO_IP,
719 mod_set_uint32, mod_get_uint32,
720 {0, 20000, 1000}, {1000} },
721
722 { "_arp_fastprobe_delay", MOD_PROTO_IP,
723 mod_set_uint32, mod_get_uint32,
724 {0, 20000, 100}, {100} },
725
726 /* interval at which DAD probes are sent: */
727 { "_arp_probe_interval", MOD_PROTO_IP,
728 mod_set_uint32, mod_get_uint32,
729 {10, 20000, 1500}, {1500} },
730
731 { "_arp_fastprobe_interval", MOD_PROTO_IP,
732 mod_set_uint32, mod_get_uint32,
733 {10, 20000, 150}, {150} },
734
735 { "_arp_probe_count", MOD_PROTO_IP,
736 mod_set_uint32, mod_get_uint32,
737 {0, 20, 3}, {3} },
738
739 { "_arp_fastprobe_count", MOD_PROTO_IP,
740 mod_set_uint32, mod_get_uint32,
741 {0, 20, 3}, {3} },
742
743 { "_dad_announce_interval", MOD_PROTO_IPV4,
744 mod_set_uint32, mod_get_uint32,
745 {0, 3600000, 15000}, {15000} },
746
747 { "_dad_announce_interval", MOD_PROTO_IPV6,
748 mod_set_uint32, mod_get_uint32,
749 {0, 3600000, 15000}, {15000} },
750
751 /* tunable - 70 */
752 /*
753 * Rate limiting parameters for DAD defense used in
754 * ill_defend_rate_limit():
755 * defend_rate : pkts/hour permitted
756 * defend_interval : time that can elapse before we send out a
757 * DAD defense.
758 * defend_period: denominator for defend_rate (in seconds).
759 */
760 { "_arp_defend_interval", MOD_PROTO_IP,
761 mod_set_uint32, mod_get_uint32,
762 {0, 3600000, 300000}, {300000} },
763
764 { "_arp_defend_rate", MOD_PROTO_IP,
765 mod_set_uint32, mod_get_uint32,
766 {0, 20000, 100}, {100} },
767
768 { "_ndp_defend_interval", MOD_PROTO_IP,
769 mod_set_uint32, mod_get_uint32,
770 {0, 3600000, 300000}, {300000} },
771
772 { "_ndp_defend_rate", MOD_PROTO_IP,
773 mod_set_uint32, mod_get_uint32,
774 {0, 20000, 100}, {100} },
775
776 { "_arp_defend_period", MOD_PROTO_IP,
777 mod_set_uint32, mod_get_uint32,
778 {5, 86400, 3600}, {3600} },
779
780 { "_ndp_defend_period", MOD_PROTO_IP,
781 mod_set_uint32, mod_get_uint32,
782 {5, 86400, 3600}, {3600} },
783
784 { "_icmp_return_pmtu", MOD_PROTO_IPV4,
785 mod_set_boolean, mod_get_boolean,
786 {B_TRUE}, {B_TRUE} },
787
788 { "_icmp_return_pmtu", MOD_PROTO_IPV6,
789 mod_set_boolean, mod_get_boolean,
790 {B_TRUE}, {B_TRUE} },
791
792 /*
793 * publish count/interval values used to announce local addresses
794 * for IPv4, IPv6.
795 */
796 { "_arp_publish_count", MOD_PROTO_IP,
797 mod_set_uint32, mod_get_uint32,
798 {1, 20, 5}, {5} },
799
800 { "_arp_publish_interval", MOD_PROTO_IP,
801 mod_set_uint32, mod_get_uint32,
802 {1000, 20000, 2000}, {2000} },
803
804 /* tunable - 80 */
805 /*
806 * The ip*strict_src_multihoming and ip*strict_dst_multihoming provide
807 * a range of choices for setting strong/weak/preferred end-system
808 * behavior. The semantics for setting these are:
809 *
810 * ip*_strict_dst_multihoming = 0
811 * weak end system model for managing ip destination addresses.
812 * A packet with IP dst D1 that's received on interface I1 will be
813 * accepted as long as D1 is one of the local addresses on
814 * the machine, even if D1 is not configured on I1.
815 * ip*strict_dst_multihioming = 1
816 * strong end system model for managing ip destination addresses.
817 * A packet with IP dst D1 that's received on interface I1 will be
818 * accepted if, and only if, D1 is configured on I1.
819 *
820 * ip*strict_src_multihoming = 0
821 * Source agnostic route selection for outgoing packets: the
822 * outgoing interface for a packet will be computed using
823 * default algorithms for route selection, where the route
824 * with the longest matching prefix is chosen for the output
825 * unless other route selection constraints are explicitly
826 * specified during routing table lookup. This may result
827 * in packet being sent out on interface I2 with source
828 * address S1, even though S1 is not a configured address on I2.
829 * ip*strict_src_multihoming = 1
830 * Preferred source aware route selection for outgoing packets: for
831 * a packet with source S2, destination D2, the route selection
832 * algorithm will first attempt to find a route for the destination
833 * that goes out through an interface where S2 is
834 * configured. If such a route cannot be found, then the
835 * best-matching route for D2 will be selected.
836 * ip*strict_src_multihoming = 2
837 * Source aware route selection for outgoing packets: a packet will
838 * be sent out on an interface I2 only if the src address S2 of the
839 * packet is a configured address on I2. In conjunction with
840 * the setting 'ip_strict_dst_multihoming == 1', this will result in
841 * the implementation of Strong ES as defined in Section 3.3.4.2 of
842 * RFC 1122
843 */
844 { "_strict_src_multihoming", MOD_PROTO_IPV4,
845 ip_set_src_multihoming, mod_get_uint32,
846 {0, 2, 0}, {0} },
847
848 { "_strict_src_multihoming", MOD_PROTO_IPV6,
849 ip_set_src_multihoming, mod_get_uint32,
850 {0, 2, 0}, {0} },
851
852 #ifdef DEBUG
853 { "_drop_inbound_icmpv6", MOD_PROTO_IPV6,
854 mod_set_boolean, mod_get_boolean,
855 {B_FALSE}, {B_FALSE} },
856 #else
857 { "", 0, NULL, NULL, {0}, {0} },
858 #endif
859
860 { "_dce_reclaim_threshold", MOD_PROTO_IP,
861 mod_set_uint32, mod_get_uint32,
862 {1, 100000, 32}, {32} },
863
864 { "mtu", MOD_PROTO_IPV4, NULL, ip_get_mtu, {0}, {0} },
865
866 { "mtu", MOD_PROTO_IPV6, NULL, ip_get_mtu, {0}, {0} },
867
868 /*
869 * The following entry is a placeholder for `ip_debug' global
870 * variable. Within these callback functions, we will be
871 * setting/getting the global variable
872 */
873 { "_debug", MOD_PROTO_IP,
874 ip_set_debug, ip_get_debug,
875 {0, 20, 0}, {0} },
876
877 { "hostmodel", MOD_PROTO_IPV4, ip_set_hostmodel, ip_get_hostmodel,
878 {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} },
879
880 { "hostmodel", MOD_PROTO_IPV6, ip_set_hostmodel, ip_get_hostmodel,
881 {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} },
882
883 { "?", MOD_PROTO_IP, NULL, mod_get_allprop, {0}, {0} },
884
885 { NULL, 0, NULL, NULL, {0}, {0} }
886 };
887
888 int ip_propinfo_count = A_CNT(ip_propinfo_tbl);
Unleashed OS