4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2013 by Delphix. All rights reserved.
24 * Copyright (c) 2012, Joyent, Inc. All rights reserved.
26 /* Copyright (c) 1990 Mentat Inc. */
30 #include <inet/ip_if.h>
31 #include <inet/ip_ire.h>
32 #include <inet/ipclassifier.h>
33 #include <inet/ip_impl.h>
34 #include <inet/tunables.h>
35 #include <sys/sunddi.h>
36 #include <sys/policy.h>
38 /* How long, in seconds, we allow frags to hang around. */
39 #define IP_REASM_TIMEOUT 15
40 #define IPV6_REASM_TIMEOUT 60
43 * Set ip{,6}_forwarding values. If the value is being set on an ill,
44 * find the ill and set the value on it. On the other hand if we are modifying
45 * global property, modify the global value and set the value on all the ills.
49 ip_set_forwarding(netstack_t
*stack
, cred_t
*cr
, mod_prop_info_t
*pinfo
,
50 const char *ifname
, const void* pval
, uint_t flags
)
53 unsigned long new_value
;
54 boolean_t per_ill
, isv6
;
55 ill_walk_context_t ctx
;
57 ip_stack_t
*ipst
= stack
->netstack_ip
;
59 if (flags
& MOD_PROP_DEFAULT
) {
60 new_value
= pinfo
->prop_def_bval
;
62 if (ddi_strtoul(pval
, &end
, 10, &new_value
) != 0 ||
65 if (new_value
!= B_TRUE
&& new_value
!= B_FALSE
)
69 per_ill
= (ifname
!= NULL
&& ifname
[0] != '\0');
71 * if it's not per ill then set the global property and bring all the
72 * ills up to date with the new global value.
75 pinfo
->prop_cur_bval
= (new_value
== 1 ? B_TRUE
: B_FALSE
);
77 isv6
= (pinfo
->mpi_proto
== MOD_PROTO_IPV6
? B_TRUE
: B_FALSE
);
78 rw_enter(&ipst
->ips_ill_g_lock
, RW_READER
);
80 ill
= ILL_START_WALK_V6(&ctx
, ipst
);
82 ill
= ILL_START_WALK_V4(&ctx
, ipst
);
84 for (; ill
!= NULL
; ill
= ill_next(&ctx
, ill
)) {
86 * if the property needs to be set on a particular
87 * interface, look for that interface.
89 if (per_ill
&& strcmp(ifname
, ill
->ill_name
) != 0)
91 (void) ill_forward_set(ill
, new_value
!= 0);
93 rw_exit(&ipst
->ips_ill_g_lock
);
99 ip_get_forwarding(netstack_t
*stack
, mod_prop_info_t
*pinfo
, const char *ifname
,
100 void *pval
, uint_t pr_size
, uint_t flags
)
103 ill_walk_context_t ctx
;
105 ip_stack_t
*ipst
= stack
->netstack_ip
;
106 boolean_t get_def
= (flags
& MOD_PROP_DEFAULT
);
107 boolean_t get_perm
= (flags
& MOD_PROP_PERM
);
112 nbytes
= snprintf(pval
, pr_size
, "%d", MOD_PROP_PERM_RW
);
114 } else if (get_def
) {
115 nbytes
= snprintf(pval
, pr_size
, "%d", pinfo
->prop_def_bval
);
120 * if per interface value is not asked for return the current
123 if (ifname
== NULL
|| ifname
[0] == '\0') {
124 nbytes
= snprintf(pval
, pr_size
, "%d", pinfo
->prop_cur_bval
);
128 isv6
= (pinfo
->mpi_proto
== MOD_PROTO_IPV6
? B_TRUE
: B_FALSE
);
129 rw_enter(&ipst
->ips_ill_g_lock
, RW_READER
);
131 ill
= ILL_START_WALK_V6(&ctx
, ipst
);
133 ill
= ILL_START_WALK_V4(&ctx
, ipst
);
134 for (; ill
!= NULL
; ill
= ill_next(&ctx
, ill
)) {
136 * if the property needs to be obtained on a particular
137 * interface, look for that interface.
139 if (strcmp(ifname
, ill
->ill_name
) == 0)
143 rw_exit(&ipst
->ips_ill_g_lock
);
146 value
= ((ill
->ill_flags
& ILLF_ROUTER
) ? B_TRUE
: B_FALSE
);
147 rw_exit(&ipst
->ips_ill_g_lock
);
148 nbytes
= snprintf(pval
, pr_size
, "%d", value
);
150 if (nbytes
>= pr_size
)
156 * `ip_debug' is a global variable. So, we will be modifying the global
161 ip_set_debug(netstack_t
*stack
, cred_t
*cr
, mod_prop_info_t
*pinfo
,
162 const char *ifname
, const void* pval
, uint_t flags
)
164 unsigned long new_value
;
167 if (cr
!= NULL
&& secpolicy_net_config(cr
, B_FALSE
) != 0)
170 if ((err
= mod_uint32_value(pval
, pinfo
, flags
, &new_value
)) != 0)
172 ip_debug
= (uint32_t)new_value
;
177 * ip_debug is a global property. For default, permission and value range
178 * we retrieve the value from `pinfo'. However for the current value we
179 * retrieve the value from the global variable `ip_debug'
183 ip_get_debug(netstack_t
*stack
, mod_prop_info_t
*pinfo
, const char *ifname
,
184 void *pval
, uint_t psize
, uint_t flags
)
186 boolean_t get_def
= (flags
& MOD_PROP_DEFAULT
);
187 boolean_t get_perm
= (flags
& MOD_PROP_PERM
);
188 boolean_t get_range
= (flags
& MOD_PROP_POSSIBLE
);
193 nbytes
= snprintf(pval
, psize
, "%u", MOD_PROP_PERM_RW
);
195 nbytes
= snprintf(pval
, psize
, "%u-%u",
196 pinfo
->prop_min_uval
, pinfo
->prop_max_uval
);
198 nbytes
= snprintf(pval
, psize
, "%u", pinfo
->prop_def_uval
);
200 nbytes
= snprintf(pval
, psize
, "%u", ip_debug
);
207 * Retrieve the default MTU or min-max MTU range for a given interface.
209 * -- ill_max_frag value tells us the maximum MTU that can be handled by the
210 * datalink. This value is advertised by the driver via DLPI messages
211 * (DL_NOTE_SDU_SIZE/DL_INFO_ACK).
213 * -- ill_current_frag for the most link-types will be same as ill_max_frag
214 * to begin with. However it is dynamically computed for some link-types
215 * like tunnels, based on the tunnel PMTU.
217 * -- ill_mtu is the user set MTU using SIOCSLIFMTU and must lie between
218 * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
220 * -- ill_user_mtu is set by in.ndpd using SIOCSLIFLNKINFO and must lie between
221 * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
224 ip_get_mtu(netstack_t
*stack
, mod_prop_info_t
*pinfo
, const char *ifname
,
225 void *pval
, uint_t psize
, uint_t flags
)
227 ill_walk_context_t ctx
;
229 ip_stack_t
*ipst
= stack
->netstack_ip
;
231 uint32_t max_mtu
, def_mtu
;
234 if (!(flags
& (MOD_PROP_DEFAULT
|MOD_PROP_POSSIBLE
)))
237 if (ifname
== NULL
|| ifname
[0] == '\0')
240 isv6
= (pinfo
->mpi_proto
== MOD_PROTO_IPV6
? B_TRUE
: B_FALSE
);
241 rw_enter(&ipst
->ips_ill_g_lock
, RW_READER
);
243 ill
= ILL_START_WALK_V6(&ctx
, ipst
);
245 ill
= ILL_START_WALK_V4(&ctx
, ipst
);
246 for (; ill
!= NULL
; ill
= ill_next(&ctx
, ill
)) {
247 if (strcmp(ifname
, ill
->ill_name
) == 0)
251 rw_exit(&ipst
->ips_ill_g_lock
);
254 max_mtu
= ill
->ill_max_frag
;
255 def_mtu
= ill
->ill_current_frag
;
256 rw_exit(&ipst
->ips_ill_g_lock
);
258 if (flags
& MOD_PROP_DEFAULT
) {
259 nbytes
= snprintf(pval
, psize
, "%u", def_mtu
);
260 } else if (flags
& MOD_PROP_POSSIBLE
) {
263 min_mtu
= isv6
? IPV6_MIN_MTU
: IP_MIN_MTU
;
264 nbytes
= snprintf(pval
, psize
, "%u-%u", min_mtu
, max_mtu
);
275 * See the comments for ip[6]_strict_src_multihoming for an explanation
279 ip_set_src_multihoming_common(ulong_t new_value
, ulong_t old_value
,
280 boolean_t isv6
, ip_stack_t
*ipst
)
283 ipst
->ips_ipv6_strict_src_multihoming
= new_value
;
285 ipst
->ips_ip_strict_src_multihoming
= new_value
;
286 if (new_value
!= old_value
) {
288 if (old_value
== 0) {
289 ire_walk_v4(ip_ire_rebind_walker
, NULL
,
291 } else if (new_value
== 0) {
292 ire_walk_v4(ip_ire_unbind_walker
, NULL
,
295 ipcl_walk(conn_ire_revalidate
, (void *)B_FALSE
, ipst
);
297 if (old_value
== 0) {
298 ire_walk_v6(ip_ire_rebind_walker
, NULL
,
300 } else if (new_value
== 0) {
301 ire_walk_v6(ip_ire_unbind_walker
, NULL
,
304 ipcl_walk(conn_ire_revalidate
, (void *)B_TRUE
, ipst
);
311 ip_set_src_multihoming(netstack_t
*stack
, cred_t
*cr
, mod_prop_info_t
*pinfo
,
312 const char *ifname
, const void* pval
, uint_t flags
)
314 unsigned long new_value
, old_value
;
316 ip_stack_t
*ipst
= stack
->netstack_ip
;
319 old_value
= pinfo
->prop_cur_uval
;
321 if ((err
= mod_uint32_value(pval
, pinfo
, flags
, &new_value
)) != 0)
323 pinfo
->prop_cur_uval
= new_value
;
324 isv6
= (strcmp(pinfo
->mpi_name
, "ip6_strict_src_multihoming") == 0);
325 ip_set_src_multihoming_common(new_value
, old_value
, isv6
, ipst
);
332 ip_set_hostmodel(netstack_t
*stack
, cred_t
*cr
, mod_prop_info_t
*pinfo
,
333 const char *ifname
, const void* pval
, uint_t flags
)
335 ip_hostmodel_t new_value
, old_value
;
336 ip_stack_t
*ipst
= stack
->netstack_ip
;
337 uint32_t old_src_multihoming
;
342 old_value
= pinfo
->prop_cur_uval
;
344 if ((err
= mod_uint32_value(pval
, pinfo
, flags
, &tmp
)) != 0)
347 pinfo
->prop_cur_uval
= new_value
;
351 old_src_multihoming
= 0;
354 old_src_multihoming
= 1;
357 old_src_multihoming
= 2;
361 old_src_multihoming
= IP_MAXVAL_ES
;
365 * Changes to src_multihoming may require ire's to be rebound/unbound,
366 * and also require generation number resets. Changes to dst_multihoming
367 * require a simple reset of the value.
369 isv6
= (pinfo
->mpi_proto
== MOD_PROTO_IPV6
);
370 if (new_value
!= old_value
) {
373 ip_set_src_multihoming_common(0, old_src_multihoming
,
376 ipst
->ips_ipv6_strict_dst_multihoming
= 0;
378 ipst
->ips_ip_strict_dst_multihoming
= 0;
381 ip_set_src_multihoming_common(1, old_src_multihoming
,
384 ipst
->ips_ipv6_strict_dst_multihoming
= 0;
386 ipst
->ips_ip_strict_dst_multihoming
= 0;
389 ip_set_src_multihoming_common(2, old_src_multihoming
,
392 ipst
->ips_ipv6_strict_dst_multihoming
= 1;
394 ipst
->ips_ip_strict_dst_multihoming
= 1;
405 ip_get_hostmodel(netstack_t
*stack
, mod_prop_info_t
*pinfo
, const char *ifname
,
406 void *pval
, uint_t psize
, uint_t flags
)
408 boolean_t isv6
= (pinfo
->mpi_proto
== MOD_PROTO_IPV6
);
409 ip_stack_t
*ipst
= stack
->netstack_ip
;
410 ip_hostmodel_t hostmodel
;
412 if (psize
< sizeof (hostmodel
))
416 if (ipst
->ips_ip_strict_src_multihoming
== 0 &&
417 ipst
->ips_ip_strict_dst_multihoming
== 0)
418 hostmodel
= IP_WEAK_ES
;
419 else if (ipst
->ips_ip_strict_src_multihoming
== 1 &&
420 ipst
->ips_ip_strict_dst_multihoming
== 0)
421 hostmodel
= IP_SRC_PRI_ES
;
422 else if (ipst
->ips_ip_strict_src_multihoming
== 2 &&
423 ipst
->ips_ip_strict_dst_multihoming
== 1)
424 hostmodel
= IP_STRONG_ES
;
426 hostmodel
= IP_MAXVAL_ES
;
428 if (ipst
->ips_ipv6_strict_src_multihoming
== 0 &&
429 ipst
->ips_ipv6_strict_dst_multihoming
== 0)
430 hostmodel
= IP_WEAK_ES
;
431 else if (ipst
->ips_ipv6_strict_src_multihoming
== 1 &&
432 ipst
->ips_ipv6_strict_dst_multihoming
== 0)
433 hostmodel
= IP_SRC_PRI_ES
;
434 else if (ipst
->ips_ipv6_strict_src_multihoming
== 2 &&
435 ipst
->ips_ipv6_strict_dst_multihoming
== 1)
436 hostmodel
= IP_STRONG_ES
;
438 hostmodel
= IP_MAXVAL_ES
;
440 bcopy(&hostmodel
, pval
, sizeof (hostmodel
));
445 * All of these are alterable, within the min/max values given, at run time.
447 * Note: All those tunables which do not start with "_" are Committed and
448 * therefore are public. See PSARC 2010/080.
450 mod_prop_info_t ip_propinfo_tbl
[] = {
452 { "_respond_to_address_mask_broadcast", MOD_PROTO_IP
,
453 mod_set_boolean
, mod_get_boolean
,
454 {B_FALSE
}, {B_FALSE
} },
456 { "_respond_to_echo_broadcast", MOD_PROTO_IP
,
457 mod_set_boolean
, mod_get_boolean
,
458 {B_TRUE
}, {B_TRUE
} },
460 { "_respond_to_echo_multicast", MOD_PROTO_IPV4
,
461 mod_set_boolean
, mod_get_boolean
,
462 {B_TRUE
}, {B_TRUE
} },
464 { "_respond_to_timestamp", MOD_PROTO_IP
,
465 mod_set_boolean
, mod_get_boolean
,
466 {B_FALSE
}, {B_FALSE
} },
468 { "_respond_to_timestamp_broadcast", MOD_PROTO_IP
,
469 mod_set_boolean
, mod_get_boolean
,
470 {B_FALSE
}, {B_FALSE
} },
472 { "_send_redirects", MOD_PROTO_IPV4
,
473 mod_set_boolean
, mod_get_boolean
,
474 {B_TRUE
}, {B_TRUE
} },
476 { "_forward_directed_broadcasts", MOD_PROTO_IP
,
477 mod_set_boolean
, mod_get_boolean
,
478 {B_FALSE
}, {B_FALSE
} },
480 { "_mrtdebug", MOD_PROTO_IP
,
481 mod_set_uint32
, mod_get_uint32
,
484 { "_ire_reclaim_fraction", MOD_PROTO_IP
,
485 mod_set_uint32
, mod_get_uint32
,
488 { "_nce_reclaim_fraction", MOD_PROTO_IP
,
489 mod_set_uint32
, mod_get_uint32
,
493 { "_dce_reclaim_fraction", MOD_PROTO_IP
,
494 mod_set_uint32
, mod_get_uint32
,
497 { "ttl", MOD_PROTO_IPV4
,
498 mod_set_uint32
, mod_get_uint32
,
499 {1, 255, 255}, {255} },
501 { "_forward_src_routed", MOD_PROTO_IPV4
,
502 mod_set_boolean
, mod_get_boolean
,
503 {B_FALSE
}, {B_FALSE
} },
505 { "_wroff_extra", MOD_PROTO_IP
,
506 mod_set_uint32
, mod_get_uint32
,
507 {0, 256, 32}, {32} },
509 /* following tunable is in seconds - a deviant! */
510 { "_pathmtu_interval", MOD_PROTO_IP
,
511 mod_set_uint32
, mod_get_uint32
,
512 {2, 999999999, 60*20}, {60*20} },
514 { "_icmp_return_data_bytes", MOD_PROTO_IPV4
,
515 mod_set_uint32
, mod_get_uint32
,
516 {8, 65536, 64}, {64} },
518 { "_path_mtu_discovery", MOD_PROTO_IP
,
519 mod_set_boolean
, mod_get_boolean
,
520 {B_TRUE
}, {B_TRUE
} },
522 { "_pmtu_min", MOD_PROTO_IP
,
523 mod_set_uint32
, mod_get_uint32
,
524 {68, 65535, 576}, {576} },
526 { "_ignore_redirect", MOD_PROTO_IPV4
,
527 mod_set_boolean
, mod_get_boolean
,
528 {B_FALSE
}, {B_FALSE
} },
530 { "_arp_icmp_error", MOD_PROTO_IP
,
531 mod_set_boolean
, mod_get_boolean
,
532 {B_FALSE
}, {B_FALSE
} },
535 { "_broadcast_ttl", MOD_PROTO_IP
,
536 mod_set_uint32
, mod_get_uint32
,
539 { "_icmp_err_interval", MOD_PROTO_IP
,
540 mod_set_uint32
, mod_get_uint32
,
541 {0, 99999, 100}, {100} },
543 { "_icmp_err_burst", MOD_PROTO_IP
,
544 mod_set_uint32
, mod_get_uint32
,
545 {1, 99999, 10}, {10} },
547 { "_reass_queue_bytes", MOD_PROTO_IP
,
548 mod_set_uint32
, mod_get_uint32
,
549 {0, 999999999, 1000000}, {1000000} },
552 * See comments for ip_strict_src_multihoming for an explanation
553 * of the semantics of ip_strict_dst_multihoming
555 { "_strict_dst_multihoming", MOD_PROTO_IPV4
,
556 mod_set_uint32
, mod_get_uint32
,
559 { "_addrs_per_if", MOD_PROTO_IP
,
560 mod_set_uint32
, mod_get_uint32
,
561 {1, MAX_ADDRS_PER_IF
, 256}, {256} },
563 { "_ipsec_override_persocket_policy", MOD_PROTO_IP
,
564 mod_set_boolean
, mod_get_boolean
,
565 {B_FALSE
}, {B_FALSE
} },
567 { "_icmp_accept_clear_messages", MOD_PROTO_IP
,
568 mod_set_boolean
, mod_get_boolean
,
569 {B_TRUE
}, {B_TRUE
} },
571 { "_igmp_accept_clear_messages", MOD_PROTO_IP
,
572 mod_set_boolean
, mod_get_boolean
,
573 {B_TRUE
}, {B_TRUE
} },
575 { "_ndp_delay_first_probe_time", MOD_PROTO_IP
,
576 mod_set_uint32
, mod_get_uint32
,
577 {2, 999999999, ND_DELAY_FIRST_PROBE_TIME
},
578 {ND_DELAY_FIRST_PROBE_TIME
} },
581 { "_ndp_max_unicast_solicit", MOD_PROTO_IP
,
582 mod_set_uint32
, mod_get_uint32
,
583 {1, 999999999, ND_MAX_UNICAST_SOLICIT
}, {ND_MAX_UNICAST_SOLICIT
} },
585 { "hoplimit", MOD_PROTO_IPV6
,
586 mod_set_uint32
, mod_get_uint32
,
587 {1, 255, IPV6_MAX_HOPS
}, {IPV6_MAX_HOPS
} },
589 { "_icmp_return_data_bytes", MOD_PROTO_IPV6
,
590 mod_set_uint32
, mod_get_uint32
,
591 {8, IPV6_MIN_MTU
, IPV6_MIN_MTU
}, {IPV6_MIN_MTU
} },
593 { "_forward_src_routed", MOD_PROTO_IPV6
,
594 mod_set_boolean
, mod_get_boolean
,
595 {B_FALSE
}, {B_FALSE
} },
597 { "_respond_to_echo_multicast", MOD_PROTO_IPV6
,
598 mod_set_boolean
, mod_get_boolean
,
599 {B_TRUE
}, {B_TRUE
} },
601 { "_send_redirects", MOD_PROTO_IPV6
,
602 mod_set_boolean
, mod_get_boolean
,
603 {B_TRUE
}, {B_TRUE
} },
605 { "_ignore_redirect", MOD_PROTO_IPV6
,
606 mod_set_boolean
, mod_get_boolean
,
607 {B_FALSE
}, {B_FALSE
} },
610 * See comments for ip6_strict_src_multihoming for an explanation
611 * of the semantics of ip6_strict_dst_multihoming
613 { "_strict_dst_multihoming", MOD_PROTO_IPV6
,
614 mod_set_uint32
, mod_get_uint32
,
617 { "_src_check", MOD_PROTO_IP
,
618 mod_set_uint32
, mod_get_uint32
,
621 { "_ipsec_policy_log_interval", MOD_PROTO_IP
,
622 mod_set_uint32
, mod_get_uint32
,
623 {0, 999999, 0}, {0} },
626 { "_pim_accept_clear_messages", MOD_PROTO_IP
,
627 mod_set_boolean
, mod_get_boolean
,
628 {B_TRUE
}, {B_TRUE
} },
630 { "_ndp_unsolicit_interval", MOD_PROTO_IP
,
631 mod_set_uint32
, mod_get_uint32
,
632 {1000, 20000, 2000}, {2000} },
634 { "_ndp_unsolicit_count", MOD_PROTO_IP
,
635 mod_set_uint32
, mod_get_uint32
,
638 { "_ignore_home_address_opt", MOD_PROTO_IPV6
,
639 mod_set_boolean
, mod_get_boolean
,
640 {B_TRUE
}, {B_TRUE
} },
642 { "_policy_mask", MOD_PROTO_IP
,
643 mod_set_uint32
, mod_get_uint32
,
646 { "_ecmp_behavior", MOD_PROTO_IP
,
647 mod_set_uint32
, mod_get_uint32
,
650 /* following tunable is in seconds - a deviant */
651 { "_ire_badcnt_lifetime", MOD_PROTO_IP
,
652 mod_set_uint32
, mod_get_uint32
,
653 {0, 3600, 60}, {60} },
655 { "_max_temp_idle", MOD_PROTO_IP
,
656 mod_set_uint32
, mod_get_uint32
,
657 {0, 999999, 60*60*24}, {60*60*24} },
659 { "_max_temp_defend", MOD_PROTO_IP
,
660 mod_set_uint32
, mod_get_uint32
,
665 * when a conflict of an active address is detected,
666 * defend up to ip_max_defend times, within any
667 * ip_defend_interval span.
669 { "_max_defend", MOD_PROTO_IP
,
670 mod_set_uint32
, mod_get_uint32
,
673 { "_defend_interval", MOD_PROTO_IP
,
674 mod_set_uint32
, mod_get_uint32
,
675 {0, 999999, 30}, {30} },
677 { "_dup_recovery", MOD_PROTO_IP
,
678 mod_set_uint32
, mod_get_uint32
,
679 {0, 3600000, 300000}, {300000} },
681 { "_restrict_interzone_loopback", MOD_PROTO_IP
,
682 mod_set_boolean
, mod_get_boolean
,
683 {B_TRUE
}, {B_TRUE
} },
685 { "_lso_outbound", MOD_PROTO_IP
,
686 mod_set_boolean
, mod_get_boolean
,
687 {B_TRUE
}, {B_TRUE
} },
689 { "_igmp_max_version", MOD_PROTO_IP
,
690 mod_set_uint32
, mod_get_uint32
,
691 {IGMP_V1_ROUTER
, IGMP_V3_ROUTER
, IGMP_V3_ROUTER
},
694 { "_mld_max_version", MOD_PROTO_IP
,
695 mod_set_uint32
, mod_get_uint32
,
696 {MLD_V1_ROUTER
, MLD_V2_ROUTER
, MLD_V2_ROUTER
}, {MLD_V2_ROUTER
} },
698 { "forwarding", MOD_PROTO_IPV4
,
699 ip_set_forwarding
, ip_get_forwarding
,
700 {IP_FORWARD_NEVER
}, {IP_FORWARD_NEVER
} },
702 { "forwarding", MOD_PROTO_IPV6
,
703 ip_set_forwarding
, ip_get_forwarding
,
704 {IP_FORWARD_NEVER
}, {IP_FORWARD_NEVER
} },
706 { "_reasm_timeout", MOD_PROTO_IPV4
,
707 mod_set_uint32
, mod_get_uint32
,
708 {5, 255, IP_REASM_TIMEOUT
},
709 {IP_REASM_TIMEOUT
} },
712 { "_reasm_timeout", MOD_PROTO_IPV6
,
713 mod_set_uint32
, mod_get_uint32
,
714 {5, 255, IPV6_REASM_TIMEOUT
},
715 {IPV6_REASM_TIMEOUT
} },
717 /* delay before sending first probe: */
718 { "_arp_probe_delay", MOD_PROTO_IP
,
719 mod_set_uint32
, mod_get_uint32
,
720 {0, 20000, 1000}, {1000} },
722 { "_arp_fastprobe_delay", MOD_PROTO_IP
,
723 mod_set_uint32
, mod_get_uint32
,
724 {0, 20000, 100}, {100} },
726 /* interval at which DAD probes are sent: */
727 { "_arp_probe_interval", MOD_PROTO_IP
,
728 mod_set_uint32
, mod_get_uint32
,
729 {10, 20000, 1500}, {1500} },
731 { "_arp_fastprobe_interval", MOD_PROTO_IP
,
732 mod_set_uint32
, mod_get_uint32
,
733 {10, 20000, 150}, {150} },
735 { "_arp_probe_count", MOD_PROTO_IP
,
736 mod_set_uint32
, mod_get_uint32
,
739 { "_arp_fastprobe_count", MOD_PROTO_IP
,
740 mod_set_uint32
, mod_get_uint32
,
743 { "_dad_announce_interval", MOD_PROTO_IPV4
,
744 mod_set_uint32
, mod_get_uint32
,
745 {0, 3600000, 15000}, {15000} },
747 { "_dad_announce_interval", MOD_PROTO_IPV6
,
748 mod_set_uint32
, mod_get_uint32
,
749 {0, 3600000, 15000}, {15000} },
753 * Rate limiting parameters for DAD defense used in
754 * ill_defend_rate_limit():
755 * defend_rate : pkts/hour permitted
756 * defend_interval : time that can elapse before we send out a
758 * defend_period: denominator for defend_rate (in seconds).
760 { "_arp_defend_interval", MOD_PROTO_IP
,
761 mod_set_uint32
, mod_get_uint32
,
762 {0, 3600000, 300000}, {300000} },
764 { "_arp_defend_rate", MOD_PROTO_IP
,
765 mod_set_uint32
, mod_get_uint32
,
766 {0, 20000, 100}, {100} },
768 { "_ndp_defend_interval", MOD_PROTO_IP
,
769 mod_set_uint32
, mod_get_uint32
,
770 {0, 3600000, 300000}, {300000} },
772 { "_ndp_defend_rate", MOD_PROTO_IP
,
773 mod_set_uint32
, mod_get_uint32
,
774 {0, 20000, 100}, {100} },
776 { "_arp_defend_period", MOD_PROTO_IP
,
777 mod_set_uint32
, mod_get_uint32
,
778 {5, 86400, 3600}, {3600} },
780 { "_ndp_defend_period", MOD_PROTO_IP
,
781 mod_set_uint32
, mod_get_uint32
,
782 {5, 86400, 3600}, {3600} },
784 { "_icmp_return_pmtu", MOD_PROTO_IPV4
,
785 mod_set_boolean
, mod_get_boolean
,
786 {B_TRUE
}, {B_TRUE
} },
788 { "_icmp_return_pmtu", MOD_PROTO_IPV6
,
789 mod_set_boolean
, mod_get_boolean
,
790 {B_TRUE
}, {B_TRUE
} },
793 * publish count/interval values used to announce local addresses
796 { "_arp_publish_count", MOD_PROTO_IP
,
797 mod_set_uint32
, mod_get_uint32
,
800 { "_arp_publish_interval", MOD_PROTO_IP
,
801 mod_set_uint32
, mod_get_uint32
,
802 {1000, 20000, 2000}, {2000} },
806 * The ip*strict_src_multihoming and ip*strict_dst_multihoming provide
807 * a range of choices for setting strong/weak/preferred end-system
808 * behavior. The semantics for setting these are:
810 * ip*_strict_dst_multihoming = 0
811 * weak end system model for managing ip destination addresses.
812 * A packet with IP dst D1 that's received on interface I1 will be
813 * accepted as long as D1 is one of the local addresses on
814 * the machine, even if D1 is not configured on I1.
815 * ip*strict_dst_multihioming = 1
816 * strong end system model for managing ip destination addresses.
817 * A packet with IP dst D1 that's received on interface I1 will be
818 * accepted if, and only if, D1 is configured on I1.
820 * ip*strict_src_multihoming = 0
821 * Source agnostic route selection for outgoing packets: the
822 * outgoing interface for a packet will be computed using
823 * default algorithms for route selection, where the route
824 * with the longest matching prefix is chosen for the output
825 * unless other route selection constraints are explicitly
826 * specified during routing table lookup. This may result
827 * in packet being sent out on interface I2 with source
828 * address S1, even though S1 is not a configured address on I2.
829 * ip*strict_src_multihoming = 1
830 * Preferred source aware route selection for outgoing packets: for
831 * a packet with source S2, destination D2, the route selection
832 * algorithm will first attempt to find a route for the destination
833 * that goes out through an interface where S2 is
834 * configured. If such a route cannot be found, then the
835 * best-matching route for D2 will be selected.
836 * ip*strict_src_multihoming = 2
837 * Source aware route selection for outgoing packets: a packet will
838 * be sent out on an interface I2 only if the src address S2 of the
839 * packet is a configured address on I2. In conjunction with
840 * the setting 'ip_strict_dst_multihoming == 1', this will result in
841 * the implementation of Strong ES as defined in Section 3.3.4.2 of
844 { "_strict_src_multihoming", MOD_PROTO_IPV4
,
845 ip_set_src_multihoming
, mod_get_uint32
,
848 { "_strict_src_multihoming", MOD_PROTO_IPV6
,
849 ip_set_src_multihoming
, mod_get_uint32
,
853 { "_drop_inbound_icmpv6", MOD_PROTO_IPV6
,
854 mod_set_boolean
, mod_get_boolean
,
855 {B_FALSE
}, {B_FALSE
} },
857 { "", 0, NULL
, NULL
, {0}, {0} },
860 { "_dce_reclaim_threshold", MOD_PROTO_IP
,
861 mod_set_uint32
, mod_get_uint32
,
862 {1, 100000, 32}, {32} },
864 { "mtu", MOD_PROTO_IPV4
, NULL
, ip_get_mtu
, {0}, {0} },
866 { "mtu", MOD_PROTO_IPV6
, NULL
, ip_get_mtu
, {0}, {0} },
869 * The following entry is a placeholder for `ip_debug' global
870 * variable. Within these callback functions, we will be
871 * setting/getting the global variable
873 { "_debug", MOD_PROTO_IP
,
874 ip_set_debug
, ip_get_debug
,
877 { "hostmodel", MOD_PROTO_IPV4
, ip_set_hostmodel
, ip_get_hostmodel
,
878 {IP_WEAK_ES
, IP_STRONG_ES
, IP_WEAK_ES
}, {IP_WEAK_ES
} },
880 { "hostmodel", MOD_PROTO_IPV6
, ip_set_hostmodel
, ip_get_hostmodel
,
881 {IP_WEAK_ES
, IP_STRONG_ES
, IP_WEAK_ES
}, {IP_WEAK_ES
} },
883 { "?", MOD_PROTO_IP
, NULL
, mod_get_allprop
, {0}, {0} },
885 { NULL
, 0, NULL
, NULL
, {0}, {0} }
888 int ip_propinfo_count
= A_CNT(ip_propinfo_tbl
);