Print this page
3942 inject sanity into ipadm tcp buffer size properties
3943 _snd_lowat_fraction tcp tunable has no effect
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Peng Dai <peng.dai@delphix.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/inet/ip/ip_tunables.c
+++ new/usr/src/uts/common/inet/ip/ip_tunables.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
23 + * Copyright (c) 2013 by Delphix. All rights reserved.
23 24 */
24 25 /* Copyright (c) 1990 Mentat Inc. */
25 26
26 27 #include <inet/ip.h>
27 28 #include <inet/ip6.h>
28 29 #include <inet/ip_if.h>
29 30 #include <inet/ip_ire.h>
30 31 #include <inet/ipclassifier.h>
31 32 #include <inet/ip_impl.h>
32 33 #include <inet/tunables.h>
33 34 #include <sys/sunddi.h>
34 35 #include <sys/policy.h>
35 36
36 37 /* How long, in seconds, we allow frags to hang around. */
|
↓ open down ↓ |
4 lines elided |
↑ open up ↑ |
37 38 #define IP_REASM_TIMEOUT 15
38 39 #define IPV6_REASM_TIMEOUT 60
39 40
40 41 /*
41 42 * Set ip{,6}_forwarding values. If the value is being set on an ill,
42 43 * find the ill and set the value on it. On the other hand if we are modifying
43 44 * global property, modify the global value and set the value on all the ills.
44 45 */
45 46 /* ARGSUSED */
46 47 static int
47 -ip_set_forwarding(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo,
48 +ip_set_forwarding(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
48 49 const char *ifname, const void* pval, uint_t flags)
49 50 {
50 51 char *end;
51 52 unsigned long new_value;
52 - boolean_t per_ill, isv6;
53 - ill_walk_context_t ctx;
54 - ill_t *ill;
55 - ip_stack_t *ipst = (ip_stack_t *)cbarg;
53 + boolean_t per_ill, isv6;
54 + ill_walk_context_t ctx;
55 + ill_t *ill;
56 + ip_stack_t *ipst = stack->netstack_ip;
56 57
57 58 if (flags & MOD_PROP_DEFAULT) {
58 59 new_value = pinfo->prop_def_bval;
59 60 } else {
60 61 if (ddi_strtoul(pval, &end, 10, &new_value) != 0 ||
61 62 *end != '\0')
62 63 return (EINVAL);
63 64 if (new_value != B_TRUE && new_value != B_FALSE)
64 65 return (EINVAL);
65 66 }
66 67
67 68 per_ill = (ifname != NULL && ifname[0] != '\0');
68 69 /*
69 70 * if it's not per ill then set the global property and bring all the
70 71 * ills up to date with the new global value.
71 72 */
72 73 if (!per_ill)
73 74 pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE);
74 75
75 76 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
76 77 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
77 78 if (isv6)
78 79 ill = ILL_START_WALK_V6(&ctx, ipst);
79 80 else
80 81 ill = ILL_START_WALK_V4(&ctx, ipst);
81 82
82 83 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
83 84 /*
84 85 * if the property needs to be set on a particular
85 86 * interface, look for that interface.
86 87 */
|
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
87 88 if (per_ill && strcmp(ifname, ill->ill_name) != 0)
88 89 continue;
89 90 (void) ill_forward_set(ill, new_value != 0);
90 91 }
91 92 rw_exit(&ipst->ips_ill_g_lock);
92 93
93 94 return (0);
94 95 }
95 96
96 97 static int
97 -ip_get_forwarding(void *cbarg, mod_prop_info_t *pinfo, const char *ifname,
98 +ip_get_forwarding(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
98 99 void *pval, uint_t pr_size, uint_t flags)
99 100 {
100 - boolean_t value;
101 - ill_walk_context_t ctx;
102 - ill_t *ill;
103 - ip_stack_t *ipst = (ip_stack_t *)cbarg;
101 + boolean_t value;
102 + ill_walk_context_t ctx;
103 + ill_t *ill;
104 + ip_stack_t *ipst = stack->netstack_ip;
104 105 boolean_t get_def = (flags & MOD_PROP_DEFAULT);
105 106 boolean_t get_perm = (flags & MOD_PROP_PERM);
106 107 boolean_t isv6;
107 108 size_t nbytes = 0;
108 109
109 110 if (get_perm) {
110 111 nbytes = snprintf(pval, pr_size, "%d", MOD_PROP_PERM_RW);
111 112 goto ret;
112 113 } else if (get_def) {
113 114 nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_def_bval);
114 115 goto ret;
115 116 }
116 117
117 118 /*
118 119 * if per interface value is not asked for return the current
119 120 * global value
120 121 */
121 122 if (ifname == NULL || ifname[0] == '\0') {
122 123 nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_cur_bval);
123 124 goto ret;
124 125 }
125 126
126 127 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
127 128 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
128 129 if (isv6)
129 130 ill = ILL_START_WALK_V6(&ctx, ipst);
130 131 else
131 132 ill = ILL_START_WALK_V4(&ctx, ipst);
132 133 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
133 134 /*
134 135 * if the property needs to be obtained on a particular
135 136 * interface, look for that interface.
136 137 */
137 138 if (strcmp(ifname, ill->ill_name) == 0)
138 139 break;
139 140 }
140 141 if (ill == NULL) {
141 142 rw_exit(&ipst->ips_ill_g_lock);
142 143 return (ENXIO);
143 144 }
144 145 value = ((ill->ill_flags & ILLF_ROUTER) ? B_TRUE : B_FALSE);
145 146 rw_exit(&ipst->ips_ill_g_lock);
146 147 nbytes = snprintf(pval, pr_size, "%d", value);
147 148 ret:
148 149 if (nbytes >= pr_size)
|
↓ open down ↓ |
35 lines elided |
↑ open up ↑ |
149 150 return (ENOBUFS);
150 151 return (0);
151 152 }
152 153
153 154 /*
154 155 * `ip_debug' is a global variable. So, we will be modifying the global
155 156 * variable here.
156 157 */
157 158 /* ARGSUSED */
158 159 int
159 -ip_set_debug(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo,
160 +ip_set_debug(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
160 161 const char *ifname, const void* pval, uint_t flags)
161 162 {
162 - unsigned long new_value;
163 + unsigned long new_value;
163 164 int err;
164 165
165 166 if (cr != NULL && secpolicy_net_config(cr, B_FALSE) != 0)
166 167 return (EPERM);
167 168
168 169 if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0)
169 170 return (err);
170 171 ip_debug = (uint32_t)new_value;
171 172 return (0);
172 173 }
173 174
174 175 /*
175 176 * ip_debug is a global property. For default, permission and value range
176 177 * we retrieve the value from `pinfo'. However for the current value we
177 178 * retrieve the value from the global variable `ip_debug'
178 179 */
179 180 /* ARGSUSED */
180 181 int
181 -ip_get_debug(void *cbarg, mod_prop_info_t *pinfo, const char *ifname,
182 +ip_get_debug(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
182 183 void *pval, uint_t psize, uint_t flags)
183 184 {
184 185 boolean_t get_def = (flags & MOD_PROP_DEFAULT);
185 186 boolean_t get_perm = (flags & MOD_PROP_PERM);
186 187 boolean_t get_range = (flags & MOD_PROP_POSSIBLE);
187 188 size_t nbytes;
188 189
189 190 bzero(pval, psize);
190 191 if (get_perm)
191 192 nbytes = snprintf(pval, psize, "%u", MOD_PROP_PERM_RW);
192 193 else if (get_range)
193 194 nbytes = snprintf(pval, psize, "%u-%u",
194 195 pinfo->prop_min_uval, pinfo->prop_max_uval);
195 196 else if (get_def)
196 197 nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_uval);
197 198 else
198 199 nbytes = snprintf(pval, psize, "%u", ip_debug);
199 200 if (nbytes >= psize)
200 201 return (ENOBUFS);
|
↓ open down ↓ |
9 lines elided |
↑ open up ↑ |
201 202 return (0);
202 203 }
203 204
204 205 /*
205 206 * Set the CGTP (multirouting) filtering status. If the status is changed
206 207 * from active to transparent or from transparent to active, forward the
207 208 * new status to the filtering module (if loaded).
208 209 */
209 210 /* ARGSUSED */
210 211 static int
211 -ip_set_cgtp_filter(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo,
212 +ip_set_cgtp_filter(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
212 213 const char *ifname, const void* pval, uint_t flags)
213 214 {
214 215 unsigned long new_value;
215 - ip_stack_t *ipst = (ip_stack_t *)cbarg;
216 + ip_stack_t *ipst = stack->netstack_ip;
216 217 char *end;
217 218
218 219 if (flags & MOD_PROP_DEFAULT) {
219 220 new_value = pinfo->prop_def_bval;
220 221 } else {
221 222 if (ddi_strtoul(pval, &end, 10, &new_value) != 0 ||
222 223 *end != '\0' || new_value > 1) {
223 224 return (EINVAL);
224 225 }
225 226 }
226 227 if (!pinfo->prop_cur_bval && new_value) {
227 228 cmn_err(CE_NOTE, "IP: enabling CGTP filtering%s",
228 229 ipst->ips_ip_cgtp_filter_ops == NULL ?
229 230 " (module not loaded)" : "");
230 231 }
231 232 if (pinfo->prop_cur_bval && !new_value) {
232 233 cmn_err(CE_NOTE, "IP: disabling CGTP filtering%s",
233 234 ipst->ips_ip_cgtp_filter_ops == NULL ?
234 235 " (module not loaded)" : "");
235 236 }
236 237 if (ipst->ips_ip_cgtp_filter_ops != NULL) {
237 238 int res;
238 239 netstackid_t stackid = ipst->ips_netstack->netstack_stackid;
239 240
240 241 res = ipst->ips_ip_cgtp_filter_ops->cfo_change_state(stackid,
241 242 new_value);
242 243 if (res)
243 244 return (res);
244 245 }
245 246 pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE);
246 247 ill_set_inputfn_all(ipst);
247 248 return (0);
248 249 }
249 250
250 251 /*
251 252 * Retrieve the default MTU or min-max MTU range for a given interface.
252 253 *
253 254 * -- ill_max_frag value tells us the maximum MTU that can be handled by the
254 255 * datalink. This value is advertised by the driver via DLPI messages
255 256 * (DL_NOTE_SDU_SIZE/DL_INFO_ACK).
256 257 *
257 258 * -- ill_current_frag for the most link-types will be same as ill_max_frag
|
↓ open down ↓ |
32 lines elided |
↑ open up ↑ |
258 259 * to begin with. However it is dynamically computed for some link-types
259 260 * like tunnels, based on the tunnel PMTU.
260 261 *
261 262 * -- ill_mtu is the user set MTU using SIOCSLIFMTU and must lie between
262 263 * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
263 264 *
264 265 * -- ill_user_mtu is set by in.ndpd using SIOCSLIFLNKINFO and must lie between
265 266 * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
266 267 */
267 268 int
268 -ip_get_mtu(void *cbarg, mod_prop_info_t *pinfo, const char *ifname,
269 +ip_get_mtu(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
269 270 void *pval, uint_t psize, uint_t flags)
270 271 {
271 - ill_walk_context_t ctx;
272 - ill_t *ill;
273 - ip_stack_t *ipst = (ip_stack_t *)cbarg;
272 + ill_walk_context_t ctx;
273 + ill_t *ill;
274 + ip_stack_t *ipst = stack->netstack_ip;
274 275 boolean_t isv6;
275 276 uint32_t max_mtu, def_mtu;
276 277 size_t nbytes = 0;
277 278
278 279 if (!(flags & (MOD_PROP_DEFAULT|MOD_PROP_POSSIBLE)))
279 280 return (ENOTSUP);
280 281
281 282 if (ifname == NULL || ifname[0] == '\0')
282 283 return (ENOTSUP);
283 284
284 285 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
285 286 rw_enter(&ipst->ips_ill_g_lock, RW_READER);
286 287 if (isv6)
287 288 ill = ILL_START_WALK_V6(&ctx, ipst);
288 289 else
289 290 ill = ILL_START_WALK_V4(&ctx, ipst);
290 291 for (; ill != NULL; ill = ill_next(&ctx, ill)) {
291 292 if (strcmp(ifname, ill->ill_name) == 0)
292 293 break;
293 294 }
294 295 if (ill == NULL) {
295 296 rw_exit(&ipst->ips_ill_g_lock);
296 297 return (ENXIO);
297 298 }
298 299 max_mtu = ill->ill_max_frag;
299 300 def_mtu = ill->ill_current_frag;
300 301 rw_exit(&ipst->ips_ill_g_lock);
301 302
302 303 if (flags & MOD_PROP_DEFAULT) {
303 304 nbytes = snprintf(pval, psize, "%u", def_mtu);
304 305 } else if (flags & MOD_PROP_POSSIBLE) {
305 306 uint32_t min_mtu;
306 307
307 308 min_mtu = isv6 ? IPV6_MIN_MTU : IP_MIN_MTU;
308 309 nbytes = snprintf(pval, psize, "%u-%u", min_mtu, max_mtu);
309 310 } else {
310 311 return (ENOTSUP);
311 312 }
312 313
313 314 if (nbytes >= psize)
314 315 return (ENOBUFS);
315 316 return (0);
316 317 }
317 318
318 319 /*
319 320 * See the comments for ip[6]_strict_src_multihoming for an explanation
320 321 * of the semanitcs.
321 322 */
322 323 void
323 324 ip_set_src_multihoming_common(ulong_t new_value, ulong_t old_value,
324 325 boolean_t isv6, ip_stack_t *ipst)
325 326 {
326 327 if (isv6)
327 328 ipst->ips_ipv6_strict_src_multihoming = new_value;
328 329 else
329 330 ipst->ips_ip_strict_src_multihoming = new_value;
330 331 if (new_value != old_value) {
331 332 if (!isv6) {
332 333 if (old_value == 0) {
333 334 ire_walk_v4(ip_ire_rebind_walker, NULL,
334 335 ALL_ZONES, ipst);
335 336 } else if (new_value == 0) {
336 337 ire_walk_v4(ip_ire_unbind_walker, NULL,
337 338 ALL_ZONES, ipst);
338 339 }
339 340 ipcl_walk(conn_ire_revalidate, (void *)B_FALSE, ipst);
340 341 } else {
341 342 if (old_value == 0) {
342 343 ire_walk_v6(ip_ire_rebind_walker, NULL,
343 344 ALL_ZONES, ipst);
344 345 } else if (new_value == 0) {
|
↓ open down ↓ |
61 lines elided |
↑ open up ↑ |
345 346 ire_walk_v6(ip_ire_unbind_walker, NULL,
346 347 ALL_ZONES, ipst);
347 348 }
348 349 ipcl_walk(conn_ire_revalidate, (void *)B_TRUE, ipst);
349 350 }
350 351 }
351 352 }
352 353
353 354 /* ARGSUSED */
354 355 static int
355 -ip_set_src_multihoming(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo,
356 +ip_set_src_multihoming(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
356 357 const char *ifname, const void* pval, uint_t flags)
357 358 {
358 - unsigned long new_value, old_value;
359 + unsigned long new_value, old_value;
359 360 boolean_t isv6;
360 - ip_stack_t *ipst = (ip_stack_t *)cbarg;
361 + ip_stack_t *ipst = stack->netstack_ip;
361 362 int err;
362 363
363 364 old_value = pinfo->prop_cur_uval;
364 365
365 366 if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0)
366 367 return (err);
367 368 pinfo->prop_cur_uval = new_value;
368 369 isv6 = (strcmp(pinfo->mpi_name, "ip6_strict_src_multihoming") == 0);
369 370 ip_set_src_multihoming_common(new_value, old_value, isv6, ipst);
370 371 return (0);
371 372 }
372 373
373 374
374 375 /* ARGSUSED */
375 376 static int
376 -ip_set_hostmodel(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo,
377 +ip_set_hostmodel(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
377 378 const char *ifname, const void* pval, uint_t flags)
378 379 {
379 380 ip_hostmodel_t new_value, old_value;
380 - ip_stack_t *ipst = (ip_stack_t *)cbarg;
381 + ip_stack_t *ipst = stack->netstack_ip;
381 382 uint32_t old_src_multihoming;
382 383 int err;
383 384 ulong_t tmp;
384 385 boolean_t isv6;
385 386
386 387 old_value = pinfo->prop_cur_uval;
387 388
388 389 if ((err = mod_uint32_value(pval, pinfo, flags, &tmp)) != 0)
389 390 return (err);
390 391 new_value = tmp;
391 392 pinfo->prop_cur_uval = new_value;
392 393
393 394 switch (old_value) {
394 395 case IP_WEAK_ES:
395 396 old_src_multihoming = 0;
396 397 break;
397 398 case IP_SRC_PRI_ES:
398 399 old_src_multihoming = 1;
399 400 break;
400 401 case IP_STRONG_ES:
401 402 old_src_multihoming = 2;
402 403 break;
403 404 default:
404 405 ASSERT(0);
405 406 old_src_multihoming = IP_MAXVAL_ES;
406 407 break;
407 408 }
408 409 /*
409 410 * Changes to src_multihoming may require ire's to be rebound/unbound,
410 411 * and also require generation number resets. Changes to dst_multihoming
411 412 * require a simple reset of the value.
412 413 */
413 414 isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6);
414 415 if (new_value != old_value) {
415 416 switch (new_value) {
416 417 case IP_WEAK_ES:
417 418 ip_set_src_multihoming_common(0, old_src_multihoming,
418 419 isv6, ipst);
419 420 if (isv6)
420 421 ipst->ips_ipv6_strict_dst_multihoming = 0;
421 422 else
422 423 ipst->ips_ip_strict_dst_multihoming = 0;
423 424 break;
424 425 case IP_SRC_PRI_ES:
425 426 ip_set_src_multihoming_common(1, old_src_multihoming,
426 427 isv6, ipst);
427 428 if (isv6)
428 429 ipst->ips_ipv6_strict_dst_multihoming = 0;
429 430 else
430 431 ipst->ips_ip_strict_dst_multihoming = 0;
431 432 break;
432 433 case IP_STRONG_ES:
433 434 ip_set_src_multihoming_common(2, old_src_multihoming,
434 435 isv6, ipst);
435 436 if (isv6)
436 437 ipst->ips_ipv6_strict_dst_multihoming = 1;
437 438 else
438 439 ipst->ips_ip_strict_dst_multihoming = 1;
|
↓ open down ↓ |
48 lines elided |
↑ open up ↑ |
439 440 break;
440 441 default:
441 442 return (EINVAL);
442 443 }
443 444 }
444 445 return (0);
445 446 }
446 447
447 448 /* ARGSUSED */
448 449 int
449 -ip_get_hostmodel(void *cbarg, mod_prop_info_t *pinfo, const char *ifname,
450 +ip_get_hostmodel(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
450 451 void *pval, uint_t psize, uint_t flags)
451 452 {
452 453 boolean_t isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6);
453 - ip_stack_t *ipst = cbarg;
454 + ip_stack_t *ipst = stack->netstack_ip;
454 455 ip_hostmodel_t hostmodel;
455 456
456 457 if (psize < sizeof (hostmodel))
457 458 return (ENOBUFS);
458 459 bzero(pval, psize);
459 460 if (!isv6) {
460 461 if (ipst->ips_ip_strict_src_multihoming == 0 &&
461 462 ipst->ips_ip_strict_dst_multihoming == 0)
462 463 hostmodel = IP_WEAK_ES;
463 464 else if (ipst->ips_ip_strict_src_multihoming == 1 &&
464 465 ipst->ips_ip_strict_dst_multihoming == 0)
465 466 hostmodel = IP_SRC_PRI_ES;
466 467 else if (ipst->ips_ip_strict_src_multihoming == 2 &&
467 468 ipst->ips_ip_strict_dst_multihoming == 1)
468 469 hostmodel = IP_STRONG_ES;
469 470 else
470 471 hostmodel = IP_MAXVAL_ES;
471 472 } else {
472 473 if (ipst->ips_ipv6_strict_src_multihoming == 0 &&
473 474 ipst->ips_ipv6_strict_dst_multihoming == 0)
474 475 hostmodel = IP_WEAK_ES;
475 476 else if (ipst->ips_ipv6_strict_src_multihoming == 1 &&
476 477 ipst->ips_ipv6_strict_dst_multihoming == 0)
477 478 hostmodel = IP_SRC_PRI_ES;
478 479 else if (ipst->ips_ipv6_strict_src_multihoming == 2 &&
479 480 ipst->ips_ipv6_strict_dst_multihoming == 1)
480 481 hostmodel = IP_STRONG_ES;
481 482 else
482 483 hostmodel = IP_MAXVAL_ES;
483 484 }
484 485 bcopy(&hostmodel, pval, sizeof (hostmodel));
485 486 return (0);
486 487 }
487 488
488 489 /*
489 490 * All of these are alterable, within the min/max values given, at run time.
490 491 *
491 492 * Note: All those tunables which do not start with "_" are Committed and
492 493 * therefore are public. See PSARC 2010/080.
493 494 */
494 495 mod_prop_info_t ip_propinfo_tbl[] = {
495 496 /* tunable - 0 */
496 497 { "_respond_to_address_mask_broadcast", MOD_PROTO_IP,
497 498 mod_set_boolean, mod_get_boolean,
498 499 {B_FALSE}, {B_FALSE} },
499 500
500 501 { "_respond_to_echo_broadcast", MOD_PROTO_IP,
501 502 mod_set_boolean, mod_get_boolean,
502 503 {B_TRUE}, {B_TRUE} },
503 504
504 505 { "_respond_to_echo_multicast", MOD_PROTO_IPV4,
505 506 mod_set_boolean, mod_get_boolean,
506 507 {B_TRUE}, {B_TRUE} },
507 508
508 509 { "_respond_to_timestamp", MOD_PROTO_IP,
509 510 mod_set_boolean, mod_get_boolean,
510 511 {B_FALSE}, {B_FALSE} },
511 512
512 513 { "_respond_to_timestamp_broadcast", MOD_PROTO_IP,
513 514 mod_set_boolean, mod_get_boolean,
514 515 {B_FALSE}, {B_FALSE} },
515 516
516 517 { "_send_redirects", MOD_PROTO_IPV4,
517 518 mod_set_boolean, mod_get_boolean,
518 519 {B_TRUE}, {B_TRUE} },
519 520
520 521 { "_forward_directed_broadcasts", MOD_PROTO_IP,
521 522 mod_set_boolean, mod_get_boolean,
522 523 {B_FALSE}, {B_FALSE} },
523 524
524 525 { "_mrtdebug", MOD_PROTO_IP,
525 526 mod_set_uint32, mod_get_uint32,
526 527 {0, 10, 0}, {0} },
527 528
528 529 { "_ire_reclaim_fraction", MOD_PROTO_IP,
529 530 mod_set_uint32, mod_get_uint32,
530 531 {1, 8, 3}, {3} },
531 532
532 533 { "_nce_reclaim_fraction", MOD_PROTO_IP,
533 534 mod_set_uint32, mod_get_uint32,
534 535 {1, 8, 3}, {3} },
535 536
536 537 /* tunable - 10 */
537 538 { "_dce_reclaim_fraction", MOD_PROTO_IP,
538 539 mod_set_uint32, mod_get_uint32,
539 540 {1, 8, 3}, {3} },
540 541
541 542 { "ttl", MOD_PROTO_IPV4,
542 543 mod_set_uint32, mod_get_uint32,
543 544 {1, 255, 255}, {255} },
544 545
545 546 { "_forward_src_routed", MOD_PROTO_IPV4,
546 547 mod_set_boolean, mod_get_boolean,
547 548 {B_FALSE}, {B_FALSE} },
548 549
549 550 { "_wroff_extra", MOD_PROTO_IP,
550 551 mod_set_uint32, mod_get_uint32,
551 552 {0, 256, 32}, {32} },
552 553
553 554 /* following tunable is in seconds - a deviant! */
554 555 { "_pathmtu_interval", MOD_PROTO_IP,
555 556 mod_set_uint32, mod_get_uint32,
556 557 {2, 999999999, 60*20}, {60*20} },
557 558
558 559 { "_icmp_return_data_bytes", MOD_PROTO_IPV4,
559 560 mod_set_uint32, mod_get_uint32,
560 561 {8, 65536, 64}, {64} },
561 562
562 563 { "_path_mtu_discovery", MOD_PROTO_IP,
563 564 mod_set_boolean, mod_get_boolean,
564 565 {B_TRUE}, {B_TRUE} },
565 566
566 567 { "_pmtu_min", MOD_PROTO_IP,
567 568 mod_set_uint32, mod_get_uint32,
568 569 {68, 65535, 576}, {576} },
569 570
570 571 { "_ignore_redirect", MOD_PROTO_IPV4,
571 572 mod_set_boolean, mod_get_boolean,
572 573 {B_FALSE}, {B_FALSE} },
573 574
574 575 { "_arp_icmp_error", MOD_PROTO_IP,
575 576 mod_set_boolean, mod_get_boolean,
576 577 {B_FALSE}, {B_FALSE} },
577 578
578 579 /* tunable - 20 */
579 580 { "_broadcast_ttl", MOD_PROTO_IP,
580 581 mod_set_uint32, mod_get_uint32,
581 582 {1, 254, 1}, {1} },
582 583
583 584 { "_icmp_err_interval", MOD_PROTO_IP,
584 585 mod_set_uint32, mod_get_uint32,
585 586 {0, 99999, 100}, {100} },
586 587
587 588 { "_icmp_err_burst", MOD_PROTO_IP,
588 589 mod_set_uint32, mod_get_uint32,
589 590 {1, 99999, 10}, {10} },
590 591
591 592 { "_reass_queue_bytes", MOD_PROTO_IP,
592 593 mod_set_uint32, mod_get_uint32,
593 594 {0, 999999999, 1000000}, {1000000} },
594 595
595 596 /*
596 597 * See comments for ip_strict_src_multihoming for an explanation
597 598 * of the semantics of ip_strict_dst_multihoming
598 599 */
599 600 { "_strict_dst_multihoming", MOD_PROTO_IPV4,
600 601 mod_set_uint32, mod_get_uint32,
601 602 {0, 1, 0}, {0} },
602 603
603 604 { "_addrs_per_if", MOD_PROTO_IP,
604 605 mod_set_uint32, mod_get_uint32,
605 606 {1, MAX_ADDRS_PER_IF, 256}, {256} },
606 607
607 608 { "_ipsec_override_persocket_policy", MOD_PROTO_IP,
608 609 mod_set_boolean, mod_get_boolean,
609 610 {B_FALSE}, {B_FALSE} },
610 611
611 612 { "_icmp_accept_clear_messages", MOD_PROTO_IP,
612 613 mod_set_boolean, mod_get_boolean,
613 614 {B_TRUE}, {B_TRUE} },
614 615
615 616 { "_igmp_accept_clear_messages", MOD_PROTO_IP,
616 617 mod_set_boolean, mod_get_boolean,
617 618 {B_TRUE}, {B_TRUE} },
618 619
619 620 { "_ndp_delay_first_probe_time", MOD_PROTO_IP,
620 621 mod_set_uint32, mod_get_uint32,
621 622 {2, 999999999, ND_DELAY_FIRST_PROBE_TIME},
622 623 {ND_DELAY_FIRST_PROBE_TIME} },
623 624
624 625 /* tunable - 30 */
625 626 { "_ndp_max_unicast_solicit", MOD_PROTO_IP,
626 627 mod_set_uint32, mod_get_uint32,
627 628 {1, 999999999, ND_MAX_UNICAST_SOLICIT}, {ND_MAX_UNICAST_SOLICIT} },
628 629
629 630 { "hoplimit", MOD_PROTO_IPV6,
630 631 mod_set_uint32, mod_get_uint32,
631 632 {1, 255, IPV6_MAX_HOPS}, {IPV6_MAX_HOPS} },
632 633
633 634 { "_icmp_return_data_bytes", MOD_PROTO_IPV6,
634 635 mod_set_uint32, mod_get_uint32,
635 636 {8, IPV6_MIN_MTU, IPV6_MIN_MTU}, {IPV6_MIN_MTU} },
636 637
637 638 { "_forward_src_routed", MOD_PROTO_IPV6,
638 639 mod_set_boolean, mod_get_boolean,
639 640 {B_FALSE}, {B_FALSE} },
640 641
641 642 { "_respond_to_echo_multicast", MOD_PROTO_IPV6,
642 643 mod_set_boolean, mod_get_boolean,
643 644 {B_TRUE}, {B_TRUE} },
644 645
645 646 { "_send_redirects", MOD_PROTO_IPV6,
646 647 mod_set_boolean, mod_get_boolean,
647 648 {B_TRUE}, {B_TRUE} },
648 649
649 650 { "_ignore_redirect", MOD_PROTO_IPV6,
650 651 mod_set_boolean, mod_get_boolean,
651 652 {B_FALSE}, {B_FALSE} },
652 653
653 654 /*
654 655 * See comments for ip6_strict_src_multihoming for an explanation
655 656 * of the semantics of ip6_strict_dst_multihoming
656 657 */
657 658 { "_strict_dst_multihoming", MOD_PROTO_IPV6,
658 659 mod_set_uint32, mod_get_uint32,
659 660 {0, 1, 0}, {0} },
660 661
661 662 { "_src_check", MOD_PROTO_IP,
662 663 mod_set_uint32, mod_get_uint32,
663 664 {0, 2, 2}, {2} },
664 665
665 666 { "_ipsec_policy_log_interval", MOD_PROTO_IP,
666 667 mod_set_uint32, mod_get_uint32,
667 668 {0, 999999, 1000}, {1000} },
668 669
669 670 /* tunable - 40 */
670 671 { "_pim_accept_clear_messages", MOD_PROTO_IP,
671 672 mod_set_boolean, mod_get_boolean,
672 673 {B_TRUE}, {B_TRUE} },
673 674
674 675 { "_ndp_unsolicit_interval", MOD_PROTO_IP,
675 676 mod_set_uint32, mod_get_uint32,
676 677 {1000, 20000, 2000}, {2000} },
677 678
678 679 { "_ndp_unsolicit_count", MOD_PROTO_IP,
679 680 mod_set_uint32, mod_get_uint32,
680 681 {1, 20, 3}, {3} },
681 682
682 683 { "_ignore_home_address_opt", MOD_PROTO_IPV6,
683 684 mod_set_boolean, mod_get_boolean,
684 685 {B_TRUE}, {B_TRUE} },
685 686
686 687 { "_policy_mask", MOD_PROTO_IP,
687 688 mod_set_uint32, mod_get_uint32,
688 689 {0, 15, 0}, {0} },
689 690
690 691 { "_ecmp_behavior", MOD_PROTO_IP,
691 692 mod_set_uint32, mod_get_uint32,
692 693 {0, 2, 2}, {2} },
693 694
694 695 { "_multirt_ttl", MOD_PROTO_IP,
695 696 mod_set_uint32, mod_get_uint32,
696 697 {0, 255, 1}, {1} },
697 698
698 699 /* following tunable is in seconds - a deviant */
699 700 { "_ire_badcnt_lifetime", MOD_PROTO_IP,
700 701 mod_set_uint32, mod_get_uint32,
701 702 {0, 3600, 60}, {60} },
702 703
703 704 { "_max_temp_idle", MOD_PROTO_IP,
704 705 mod_set_uint32, mod_get_uint32,
705 706 {0, 999999, 60*60*24}, {60*60*24} },
706 707
707 708 { "_max_temp_defend", MOD_PROTO_IP,
708 709 mod_set_uint32, mod_get_uint32,
709 710 {0, 1000, 1}, {1} },
710 711
711 712 /* tunable - 50 */
712 713 /*
713 714 * when a conflict of an active address is detected,
714 715 * defend up to ip_max_defend times, within any
715 716 * ip_defend_interval span.
716 717 */
717 718 { "_max_defend", MOD_PROTO_IP,
718 719 mod_set_uint32, mod_get_uint32,
719 720 {0, 1000, 3}, {3} },
720 721
721 722 { "_defend_interval", MOD_PROTO_IP,
722 723 mod_set_uint32, mod_get_uint32,
723 724 {0, 999999, 30}, {30} },
724 725
725 726 { "_dup_recovery", MOD_PROTO_IP,
726 727 mod_set_uint32, mod_get_uint32,
727 728 {0, 3600000, 300000}, {300000} },
728 729
729 730 { "_restrict_interzone_loopback", MOD_PROTO_IP,
730 731 mod_set_boolean, mod_get_boolean,
731 732 {B_TRUE}, {B_TRUE} },
732 733
733 734 { "_lso_outbound", MOD_PROTO_IP,
734 735 mod_set_boolean, mod_get_boolean,
735 736 {B_TRUE}, {B_TRUE} },
736 737
737 738 { "_igmp_max_version", MOD_PROTO_IP,
738 739 mod_set_uint32, mod_get_uint32,
739 740 {IGMP_V1_ROUTER, IGMP_V3_ROUTER, IGMP_V3_ROUTER},
740 741 {IGMP_V3_ROUTER} },
741 742
742 743 { "_mld_max_version", MOD_PROTO_IP,
743 744 mod_set_uint32, mod_get_uint32,
744 745 {MLD_V1_ROUTER, MLD_V2_ROUTER, MLD_V2_ROUTER}, {MLD_V2_ROUTER} },
745 746
746 747 { "forwarding", MOD_PROTO_IPV4,
747 748 ip_set_forwarding, ip_get_forwarding,
748 749 {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} },
749 750
750 751 { "forwarding", MOD_PROTO_IPV6,
751 752 ip_set_forwarding, ip_get_forwarding,
752 753 {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} },
753 754
754 755 { "_reasm_timeout", MOD_PROTO_IPV4,
755 756 mod_set_uint32, mod_get_uint32,
756 757 {5, 255, IP_REASM_TIMEOUT},
757 758 {IP_REASM_TIMEOUT} },
758 759
759 760 /* tunable - 60 */
760 761 { "_reasm_timeout", MOD_PROTO_IPV6,
761 762 mod_set_uint32, mod_get_uint32,
762 763 {5, 255, IPV6_REASM_TIMEOUT},
763 764 {IPV6_REASM_TIMEOUT} },
764 765
765 766 { "_cgtp_filter", MOD_PROTO_IP,
766 767 ip_set_cgtp_filter, mod_get_boolean,
767 768 {B_FALSE}, {B_FALSE} },
768 769
769 770 /* delay before sending first probe: */
770 771 { "_arp_probe_delay", MOD_PROTO_IP,
771 772 mod_set_uint32, mod_get_uint32,
772 773 {0, 20000, 1000}, {1000} },
773 774
774 775 { "_arp_fastprobe_delay", MOD_PROTO_IP,
775 776 mod_set_uint32, mod_get_uint32,
776 777 {0, 20000, 100}, {100} },
777 778
778 779 /* interval at which DAD probes are sent: */
779 780 { "_arp_probe_interval", MOD_PROTO_IP,
780 781 mod_set_uint32, mod_get_uint32,
781 782 {10, 20000, 1500}, {1500} },
782 783
783 784 { "_arp_fastprobe_interval", MOD_PROTO_IP,
784 785 mod_set_uint32, mod_get_uint32,
785 786 {10, 20000, 150}, {150} },
786 787
787 788 { "_arp_probe_count", MOD_PROTO_IP,
788 789 mod_set_uint32, mod_get_uint32,
789 790 {0, 20, 3}, {3} },
790 791
791 792 { "_arp_fastprobe_count", MOD_PROTO_IP,
792 793 mod_set_uint32, mod_get_uint32,
793 794 {0, 20, 3}, {3} },
794 795
795 796 { "_dad_announce_interval", MOD_PROTO_IPV4,
796 797 mod_set_uint32, mod_get_uint32,
797 798 {0, 3600000, 15000}, {15000} },
798 799
799 800 { "_dad_announce_interval", MOD_PROTO_IPV6,
800 801 mod_set_uint32, mod_get_uint32,
801 802 {0, 3600000, 15000}, {15000} },
802 803
803 804 /* tunable - 70 */
804 805 /*
805 806 * Rate limiting parameters for DAD defense used in
806 807 * ill_defend_rate_limit():
807 808 * defend_rate : pkts/hour permitted
808 809 * defend_interval : time that can elapse before we send out a
809 810 * DAD defense.
810 811 * defend_period: denominator for defend_rate (in seconds).
811 812 */
812 813 { "_arp_defend_interval", MOD_PROTO_IP,
813 814 mod_set_uint32, mod_get_uint32,
814 815 {0, 3600000, 300000}, {300000} },
815 816
816 817 { "_arp_defend_rate", MOD_PROTO_IP,
817 818 mod_set_uint32, mod_get_uint32,
818 819 {0, 20000, 100}, {100} },
819 820
820 821 { "_ndp_defend_interval", MOD_PROTO_IP,
821 822 mod_set_uint32, mod_get_uint32,
822 823 {0, 3600000, 300000}, {300000} },
823 824
824 825 { "_ndp_defend_rate", MOD_PROTO_IP,
825 826 mod_set_uint32, mod_get_uint32,
826 827 {0, 20000, 100}, {100} },
827 828
828 829 { "_arp_defend_period", MOD_PROTO_IP,
829 830 mod_set_uint32, mod_get_uint32,
830 831 {5, 86400, 3600}, {3600} },
831 832
832 833 { "_ndp_defend_period", MOD_PROTO_IP,
833 834 mod_set_uint32, mod_get_uint32,
834 835 {5, 86400, 3600}, {3600} },
835 836
836 837 { "_icmp_return_pmtu", MOD_PROTO_IPV4,
837 838 mod_set_boolean, mod_get_boolean,
838 839 {B_TRUE}, {B_TRUE} },
839 840
840 841 { "_icmp_return_pmtu", MOD_PROTO_IPV6,
841 842 mod_set_boolean, mod_get_boolean,
842 843 {B_TRUE}, {B_TRUE} },
843 844
844 845 /*
845 846 * publish count/interval values used to announce local addresses
846 847 * for IPv4, IPv6.
847 848 */
848 849 { "_arp_publish_count", MOD_PROTO_IP,
849 850 mod_set_uint32, mod_get_uint32,
850 851 {1, 20, 5}, {5} },
851 852
852 853 { "_arp_publish_interval", MOD_PROTO_IP,
853 854 mod_set_uint32, mod_get_uint32,
854 855 {1000, 20000, 2000}, {2000} },
855 856
856 857 /* tunable - 80 */
857 858 /*
858 859 * The ip*strict_src_multihoming and ip*strict_dst_multihoming provide
859 860 * a range of choices for setting strong/weak/preferred end-system
860 861 * behavior. The semantics for setting these are:
861 862 *
862 863 * ip*_strict_dst_multihoming = 0
863 864 * weak end system model for managing ip destination addresses.
864 865 * A packet with IP dst D1 that's received on interface I1 will be
865 866 * accepted as long as D1 is one of the local addresses on
866 867 * the machine, even if D1 is not configured on I1.
867 868 * ip*strict_dst_multihioming = 1
868 869 * strong end system model for managing ip destination addresses.
869 870 * A packet with IP dst D1 that's received on interface I1 will be
870 871 * accepted if, and only if, D1 is configured on I1.
871 872 *
872 873 * ip*strict_src_multihoming = 0
873 874 * Source agnostic route selection for outgoing packets: the
874 875 * outgoing interface for a packet will be computed using
875 876 * default algorithms for route selection, where the route
876 877 * with the longest matching prefix is chosen for the output
877 878 * unless other route selection constraints are explicitly
878 879 * specified during routing table lookup. This may result
879 880 * in packet being sent out on interface I2 with source
880 881 * address S1, even though S1 is not a configured address on I2.
881 882 * ip*strict_src_multihoming = 1
882 883 * Preferred source aware route selection for outgoing packets: for
883 884 * a packet with source S2, destination D2, the route selection
884 885 * algorithm will first attempt to find a route for the destination
885 886 * that goes out through an interface where S2 is
886 887 * configured. If such a route cannot be found, then the
887 888 * best-matching route for D2 will be selected.
888 889 * ip*strict_src_multihoming = 2
889 890 * Source aware route selection for outgoing packets: a packet will
890 891 * be sent out on an interface I2 only if the src address S2 of the
891 892 * packet is a configured address on I2. In conjunction with
892 893 * the setting 'ip_strict_dst_multihoming == 1', this will result in
893 894 * the implementation of Strong ES as defined in Section 3.3.4.2 of
894 895 * RFC 1122
895 896 */
896 897 { "_strict_src_multihoming", MOD_PROTO_IPV4,
897 898 ip_set_src_multihoming, mod_get_uint32,
898 899 {0, 2, 0}, {0} },
899 900
900 901 { "_strict_src_multihoming", MOD_PROTO_IPV6,
901 902 ip_set_src_multihoming, mod_get_uint32,
902 903 {0, 2, 0}, {0} },
903 904
904 905 #ifdef DEBUG
905 906 { "_drop_inbound_icmpv6", MOD_PROTO_IPV6,
906 907 mod_set_boolean, mod_get_boolean,
907 908 {B_FALSE}, {B_FALSE} },
908 909 #else
909 910 { "", 0, NULL, NULL, {0}, {0} },
910 911 #endif
911 912 { "mtu", MOD_PROTO_IPV4, NULL, ip_get_mtu, {0}, {0} },
912 913
913 914 { "mtu", MOD_PROTO_IPV6, NULL, ip_get_mtu, {0}, {0} },
914 915
915 916 /*
916 917 * The following entry is a placeholder for `ip_debug' global
917 918 * variable. Within these callback functions, we will be
918 919 * setting/getting the global variable
919 920 */
920 921 { "_debug", MOD_PROTO_IP,
921 922 ip_set_debug, ip_get_debug,
922 923 {0, 20, 0}, {0} },
923 924
924 925 { "hostmodel", MOD_PROTO_IPV4, ip_set_hostmodel, ip_get_hostmodel,
925 926 {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} },
926 927
927 928 { "hostmodel", MOD_PROTO_IPV6, ip_set_hostmodel, ip_get_hostmodel,
928 929 {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} },
929 930
930 931 { "?", MOD_PROTO_IP, NULL, mod_get_allprop, {0}, {0} },
931 932
932 933 { NULL, 0, NULL, NULL, {0}, {0} }
933 934 };
934 935
935 936 int ip_propinfo_count = A_CNT(ip_propinfo_tbl);
|
↓ open down ↓ |
472 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX