1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved. 23 * Copyright (c) 1990 Mentat Inc. 24 */ 25 26 #include <inet/tunables.h> 27 #include <sys/md5.h> 28 #include <inet/common.h> 29 #include <inet/ip.h> 30 #include <inet/ip6.h> 31 #include <netinet/icmp6.h> 32 #include <inet/ip_stack.h> 33 #include <inet/rawip_impl.h> 34 #include <inet/tcp_stack.h> 35 #include <inet/tcp_impl.h> 36 #include <inet/udp_impl.h> 37 #include <inet/dccp/dccp_stack.h> 38 #include <inet/dccp/dccp_impl.h> 39 #include <inet/sctp/sctp_stack.h> 40 #include <inet/sctp/sctp_impl.h> 41 #include <inet/tunables.h> 42 43 static int 44 prop_perm2const(mod_prop_info_t *pinfo) 45 { 46 if (pinfo->mpi_setf == NULL) 47 return (MOD_PROP_PERM_READ); 48 if (pinfo->mpi_getf == NULL) 49 return (MOD_PROP_PERM_WRITE); 50 return (MOD_PROP_PERM_RW); 51 } 52 53 /* 54 * Modifies the value of the property to default value or to the `pval' 55 * specified by the user. 56 */ 57 /* ARGSUSED */ 58 int 59 mod_set_boolean(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo, 60 const char *ifname, const void* pval, uint_t flags) 61 { 62 char *end; 63 unsigned long new_value; 64 65 if (flags & MOD_PROP_DEFAULT) { 66 pinfo->prop_cur_bval = pinfo->prop_def_bval; 67 return (0); 68 } 69 70 if (ddi_strtoul(pval, &end, 10, &new_value) != 0 || *end != '\0') 71 return (EINVAL); 72 if (new_value != B_TRUE && new_value != B_FALSE) 73 return (EINVAL); 74 pinfo->prop_cur_bval = new_value; 75 return (0); 76 } 77 78 /* 79 * Retrieves property permission, default value, current value or possible 80 * values for those properties whose value type is boolean_t. 81 */ 82 /* ARGSUSED */ 83 int 84 mod_get_boolean(void *cbarg, mod_prop_info_t *pinfo, const char *ifname, 85 void *pval, uint_t psize, uint_t flags) 86 { 87 boolean_t get_def = (flags & MOD_PROP_DEFAULT); 88 boolean_t get_perm = (flags & MOD_PROP_PERM); 89 boolean_t get_range = (flags & MOD_PROP_POSSIBLE); 90 size_t nbytes; 91 92 bzero(pval, psize); 93 if (get_perm) 94 nbytes = snprintf(pval, psize, "%u", prop_perm2const(pinfo)); 95 else if (get_range) 96 nbytes = snprintf(pval, psize, "%u,%u", B_FALSE, B_TRUE); 97 else if (get_def) 98 nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_bval); 99 else 100 nbytes = snprintf(pval, psize, "%u", pinfo->prop_cur_bval); 101 if (nbytes >= psize) 102 return (ENOBUFS); 103 return (0); 104 } 105 106 int 107 mod_uint32_value(const void *pval, mod_prop_info_t *pinfo, uint_t flags, 108 ulong_t *new_value) 109 { 110 char *end; 111 112 if (flags & MOD_PROP_DEFAULT) { 113 *new_value = pinfo->prop_def_uval; 114 return (0); 115 } 116 117 if (ddi_strtoul(pval, &end, 10, (ulong_t *)new_value) != 0 || 118 *end != '\0') 119 return (EINVAL); 120 if (*new_value < pinfo->prop_min_uval || 121 *new_value > pinfo->prop_max_uval) { 122 return (ERANGE); 123 } 124 return (0); 125 } 126 127 /* 128 * Modifies the value of the property to default value or to the `pval' 129 * specified by the user. 130 */ 131 /* ARGSUSED */ 132 int 133 mod_set_uint32(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo, 134 const char *ifname, const void *pval, uint_t flags) 135 { 136 unsigned long new_value; 137 int err; 138 139 if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0) 140 return (err); 141 pinfo->prop_cur_uval = (uint32_t)new_value; 142 return (0); 143 } 144 145 /* 146 * Rounds up the value to make it multiple of 8. 147 */ 148 /* ARGSUSED */ 149 int 150 mod_set_aligned(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo, 151 const char *ifname, const void* pval, uint_t flags) 152 { 153 int err; 154 155 if ((err = mod_set_uint32(cbarg, cr, pinfo, ifname, pval, flags)) != 0) 156 return (err); 157 158 /* if required, align the value to multiple of 8 */ 159 if (pinfo->prop_cur_uval & 0x7) { 160 pinfo->prop_cur_uval &= ~0x7; 161 pinfo->prop_cur_uval += 0x8; 162 } 163 164 return (0); 165 } 166 167 /* 168 * Retrieves property permission, default value, current value or possible 169 * values for those properties whose value type is uint32_t. 170 */ 171 /* ARGSUSED */ 172 int 173 mod_get_uint32(void *cbarg, mod_prop_info_t *pinfo, const char *ifname, 174 void *pval, uint_t psize, uint_t flags) 175 { 176 boolean_t get_def = (flags & MOD_PROP_DEFAULT); 177 boolean_t get_perm = (flags & MOD_PROP_PERM); 178 boolean_t get_range = (flags & MOD_PROP_POSSIBLE); 179 size_t nbytes; 180 181 bzero(pval, psize); 182 if (get_perm) 183 nbytes = snprintf(pval, psize, "%u", prop_perm2const(pinfo)); 184 else if (get_range) 185 nbytes = snprintf(pval, psize, "%u-%u", 186 pinfo->prop_min_uval, pinfo->prop_max_uval); 187 else if (get_def) 188 nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_uval); 189 else 190 nbytes = snprintf(pval, psize, "%u", pinfo->prop_cur_uval); 191 if (nbytes >= psize) 192 return (ENOBUFS); 193 return (0); 194 } 195 196 /* 197 * Implements /sbin/ndd -get /dev/ip ?, for all the modules. Needed for 198 * backward compatibility with /sbin/ndd. 199 */ 200 /* ARGSUSED */ 201 int 202 mod_get_allprop(void *cbarg, mod_prop_info_t *pinfo, const char *ifname, 203 void *val, uint_t psize, uint_t flags) 204 { 205 char *pval = val; 206 mod_prop_info_t *ptbl, *prop; 207 ip_stack_t *ipst; 208 tcp_stack_t *tcps; 209 sctp_stack_t *sctps; 210 dccp_stack_t *dccps; 211 udp_stack_t *us; 212 icmp_stack_t *is; 213 uint_t size; 214 size_t nbytes = 0, tbytes = 0; 215 216 bzero(pval, psize); 217 size = psize; 218 219 switch (pinfo->mpi_proto) { 220 case MOD_PROTO_IP: 221 case MOD_PROTO_IPV4: 222 case MOD_PROTO_IPV6: 223 ipst = (ip_stack_t *)cbarg; 224 ptbl = ipst->ips_propinfo_tbl; 225 break; 226 case MOD_PROTO_RAWIP: 227 is = (icmp_stack_t *)cbarg; 228 ptbl = is->is_propinfo_tbl; 229 break; 230 case MOD_PROTO_TCP: 231 tcps = (tcp_stack_t *)cbarg; 232 ptbl = tcps->tcps_propinfo_tbl; 233 break; 234 case MOD_PROTO_UDP: 235 us = (udp_stack_t *)cbarg; 236 ptbl = us->us_propinfo_tbl; 237 break; 238 case MOD_PROTO_SCTP: 239 sctps = (sctp_stack_t *)cbarg; 240 ptbl = sctps->sctps_propinfo_tbl; 241 break; 242 case MOD_PROTO_DCCP: 243 dccps = (dccp_stack_t *)cbarg; 244 ptbl = dccps->dccps_propinfo_tbl; 245 break; 246 default: 247 return (EINVAL); 248 } 249 250 for (prop = ptbl; prop->mpi_name != NULL; prop++) { 251 if (prop->mpi_name[0] == '\0' || 252 strcmp(prop->mpi_name, "?") == 0) { 253 continue; 254 } 255 nbytes = snprintf(pval, size, "%s %d %d", prop->mpi_name, 256 prop->mpi_proto, prop_perm2const(prop)); 257 size -= nbytes + 1; 258 pval += nbytes + 1; 259 tbytes += nbytes + 1; 260 if (tbytes >= psize) { 261 /* Buffer overflow, stop copying information */ 262 return (ENOBUFS); 263 } 264 } 265 return (0); 266 } 267 268 /* 269 * Hold a lock while changing *_epriv_ports to prevent multiple 270 * threads from changing it at the same time. 271 */ 272 /* ARGSUSED */ 273 int 274 mod_set_extra_privports(void *cbarg, cred_t *cr, mod_prop_info_t *pinfo, 275 const char *ifname, const void* val, uint_t flags) 276 { 277 uint_t proto = pinfo->mpi_proto; 278 tcp_stack_t *tcps; 279 sctp_stack_t *sctps; 280 udp_stack_t *us; 281 unsigned long new_value; 282 char *end; 283 kmutex_t *lock; 284 uint_t i, nports; 285 in_port_t *ports; 286 boolean_t def = (flags & MOD_PROP_DEFAULT); 287 const char *pval = val; 288 289 if (!def) { 290 if (ddi_strtoul(pval, &end, 10, &new_value) != 0 || 291 *end != '\0') { 292 return (EINVAL); 293 } 294 295 if (new_value < pinfo->prop_min_uval || 296 new_value > pinfo->prop_max_uval) { 297 return (ERANGE); 298 } 299 } 300 301 switch (proto) { 302 case MOD_PROTO_TCP: 303 tcps = (tcp_stack_t *)cbarg; 304 lock = &tcps->tcps_epriv_port_lock; 305 ports = tcps->tcps_g_epriv_ports; 306 nports = tcps->tcps_g_num_epriv_ports; 307 break; 308 case MOD_PROTO_UDP: 309 us = (udp_stack_t *)cbarg; 310 lock = &us->us_epriv_port_lock; 311 ports = us->us_epriv_ports; 312 nports = us->us_num_epriv_ports; 313 break; 314 case MOD_PROTO_SCTP: 315 sctps = (sctp_stack_t *)cbarg; 316 lock = &sctps->sctps_epriv_port_lock; 317 ports = sctps->sctps_g_epriv_ports; 318 nports = sctps->sctps_g_num_epriv_ports; 319 break; 320 default: 321 return (ENOTSUP); 322 } 323 324 mutex_enter(lock); 325 326 /* if MOD_PROP_DEFAULT is set then reset the ports list to default */ 327 if (def) { 328 for (i = 0; i < nports; i++) 329 ports[i] = 0; 330 ports[0] = ULP_DEF_EPRIV_PORT1; 331 ports[1] = ULP_DEF_EPRIV_PORT2; 332 mutex_exit(lock); 333 return (0); 334 } 335 336 /* Check if the value is already in the list */ 337 for (i = 0; i < nports; i++) { 338 if (new_value == ports[i]) 339 break; 340 } 341 342 if (flags & MOD_PROP_REMOVE) { 343 if (i == nports) { 344 mutex_exit(lock); 345 return (ESRCH); 346 } 347 /* Clear the value */ 348 ports[i] = 0; 349 } else if (flags & MOD_PROP_APPEND) { 350 if (i != nports) { 351 mutex_exit(lock); 352 return (EEXIST); 353 } 354 355 /* Find an empty slot */ 356 for (i = 0; i < nports; i++) { 357 if (ports[i] == 0) 358 break; 359 } 360 if (i == nports) { 361 mutex_exit(lock); 362 return (EOVERFLOW); 363 } 364 /* Set the new value */ 365 ports[i] = (in_port_t)new_value; 366 } else { 367 /* 368 * If the user used 'assignment' modifier. 369 * For eg: 370 * # ipadm set-prop -p extra_priv_ports=3001 tcp 371 * 372 * We clear all the ports and then just add 3001. 373 */ 374 ASSERT(flags == MOD_PROP_ACTIVE); 375 for (i = 0; i < nports; i++) 376 ports[i] = 0; 377 ports[0] = (in_port_t)new_value; 378 } 379 380 mutex_exit(lock); 381 return (0); 382 } 383 384 /* 385 * Note: No locks are held when inspecting *_epriv_ports 386 * but instead the code relies on: 387 * - the fact that the address of the array and its size never changes 388 * - the atomic assignment of the elements of the array 389 */ 390 /* ARGSUSED */ 391 int 392 mod_get_extra_privports(void *cbarg, mod_prop_info_t *pinfo, const char *ifname, 393 void *val, uint_t psize, uint_t flags) 394 { 395 uint_t proto = pinfo->mpi_proto; 396 tcp_stack_t *tcps; 397 sctp_stack_t *sctps; 398 udp_stack_t *us; 399 uint_t i, nports, size; 400 in_port_t *ports; 401 char *pval = val; 402 size_t nbytes = 0, tbytes = 0; 403 boolean_t get_def = (flags & MOD_PROP_DEFAULT); 404 boolean_t get_perm = (flags & MOD_PROP_PERM); 405 boolean_t get_range = (flags & MOD_PROP_POSSIBLE); 406 407 bzero(pval, psize); 408 size = psize; 409 410 if (get_def) { 411 tbytes = snprintf(pval, psize, "%u,%u", ULP_DEF_EPRIV_PORT1, 412 ULP_DEF_EPRIV_PORT2); 413 goto ret; 414 } else if (get_perm) { 415 tbytes = snprintf(pval, psize, "%u", MOD_PROP_PERM_RW); 416 goto ret; 417 } 418 419 switch (proto) { 420 case MOD_PROTO_TCP: 421 tcps = (tcp_stack_t *)cbarg; 422 ports = tcps->tcps_g_epriv_ports; 423 nports = tcps->tcps_g_num_epriv_ports; 424 break; 425 case MOD_PROTO_UDP: 426 us = (udp_stack_t *)cbarg; 427 ports = us->us_epriv_ports; 428 nports = us->us_num_epriv_ports; 429 break; 430 case MOD_PROTO_SCTP: 431 sctps = (sctp_stack_t *)cbarg; 432 ports = sctps->sctps_g_epriv_ports; 433 nports = sctps->sctps_g_num_epriv_ports; 434 break; 435 default: 436 return (ENOTSUP); 437 } 438 439 if (get_range) { 440 tbytes = snprintf(pval, psize, "%u-%u", pinfo->prop_min_uval, 441 pinfo->prop_max_uval); 442 goto ret; 443 } 444 445 for (i = 0; i < nports; i++) { 446 if (ports[i] != 0) { 447 if (psize == size) 448 nbytes = snprintf(pval, size, "%u", ports[i]); 449 else 450 nbytes = snprintf(pval, size, ",%u", ports[i]); 451 size -= nbytes; 452 pval += nbytes; 453 tbytes += nbytes; 454 if (tbytes >= psize) 455 return (ENOBUFS); 456 } 457 } 458 return (0); 459 ret: 460 if (tbytes >= psize) 461 return (ENOBUFS); 462 return (0); 463 }