6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * CDDL HEADER START
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * The contents of this file are subject to the terms of the
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * Common Development and Distribution License (the "License").
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * You may not use this file except in compliance with the License.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * or http://www.opensolaris.org/os/licensing.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * See the License for the specific language governing permissions
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * and limitations under the License.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * When distributing Covered Code, include this CDDL HEADER in each
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * If applicable, add the following below this CDDL HEADER, with the
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * fields enclosed by brackets "[]" replaced with your own identifying
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * information: Portions Copyright [yyyy] [name of copyright owner]
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * CDDL HEADER END
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
299625c6492013aa7bd163862f0d181854f69b3cSebastien Roy * Copyright (c) 2013 by Delphix. All rights reserved.
7c6d7024e51780d3aacf9063d2133c1e957d7eeaJerry Jelinek * Copyright (c) 2012, Joyent, Inc. All rights reserved.
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail/* Copyright (c) 1990 Mentat Inc. */
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail/* How long, in seconds, we allow frags to hang around. */
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * Set ip{,6}_forwarding values. If the value is being set on an ill,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * find the ill and set the value on it. On the other hand if we are modifying
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * global property, modify the global value and set the value on all the ills.
299625c6492013aa7bd163862f0d181854f69b3cSebastien Royip_set_forwarding(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail const char *ifname, const void* pval, uint_t flags)
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail if (ddi_strtoul(pval, &end, 10, &new_value) != 0 ||
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail if (new_value != B_TRUE && new_value != B_FALSE)
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail per_ill = (ifname != NULL && ifname[0] != '\0');
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * if it's not per ill then set the global property and bring all the
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * ills up to date with the new global value.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) {
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * if the property needs to be set on a particular
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * interface, look for that interface.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail if (per_ill && strcmp(ifname, ill->ill_name) != 0)
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail (void) ill_forward_set(ill, new_value != 0);
299625c6492013aa7bd163862f0d181854f69b3cSebastien Royip_get_forwarding(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail boolean_t get_def = (flags & MOD_PROP_DEFAULT);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail boolean_t get_perm = (flags & MOD_PROP_PERM);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", MOD_PROP_PERM_RW);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_def_bval);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * if per interface value is not asked for return the current
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * global value
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail if (ifname == NULL || ifname[0] == '\0') {
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", pinfo->prop_cur_bval);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) {
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * if the property needs to be obtained on a particular
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * interface, look for that interface.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail value = ((ill->ill_flags & ILLF_ROUTER) ? B_TRUE : B_FALSE);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail nbytes = snprintf(pval, pr_size, "%d", value);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * `ip_debug' is a global variable. So, we will be modifying the global
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * variable here.
299625c6492013aa7bd163862f0d181854f69b3cSebastien Royip_set_debug(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail const char *ifname, const void* pval, uint_t flags)
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail if (cr != NULL && secpolicy_net_config(cr, B_FALSE) != 0)
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0)
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * ip_debug is a global property. For default, permission and value range
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * we retrieve the value from `pinfo'. However for the current value we
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * retrieve the value from the global variable `ip_debug'
299625c6492013aa7bd163862f0d181854f69b3cSebastien Royip_get_debug(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail boolean_t get_def = (flags & MOD_PROP_DEFAULT);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail boolean_t get_perm = (flags & MOD_PROP_PERM);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail boolean_t get_range = (flags & MOD_PROP_POSSIBLE);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail nbytes = snprintf(pval, psize, "%u", MOD_PROP_PERM_RW);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail pinfo->prop_min_uval, pinfo->prop_max_uval);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail nbytes = snprintf(pval, psize, "%u", pinfo->prop_def_uval);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail nbytes = snprintf(pval, psize, "%u", ip_debug);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * Set the CGTP (multirouting) filtering status. If the status is changed
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * from active to transparent or from transparent to active, forward the
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * new status to the filtering module (if loaded).
299625c6492013aa7bd163862f0d181854f69b3cSebastien Royip_set_cgtp_filter(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail const char *ifname, const void* pval, uint_t flags)
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail if (ddi_strtoul(pval, &end, 10, &new_value) != 0 ||
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail cmn_err(CE_NOTE, "IP: enabling CGTP filtering%s",
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail cmn_err(CE_NOTE, "IP: disabling CGTP filtering%s",
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail if (ipst->ips_ip_cgtp_filter_ops != NULL) {
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail netstackid_t stackid = ipst->ips_netstack->netstack_stackid;
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail res = ipst->ips_ip_cgtp_filter_ops->cfo_change_state(stackid,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail pinfo->prop_cur_bval = (new_value == 1 ? B_TRUE : B_FALSE);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * Retrieve the default MTU or min-max MTU range for a given interface.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * -- ill_max_frag value tells us the maximum MTU that can be handled by the
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * datalink. This value is advertised by the driver via DLPI messages
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * -- ill_current_frag for the most link-types will be same as ill_max_frag
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * to begin with. However it is dynamically computed for some link-types
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * like tunnels, based on the tunnel PMTU.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * -- ill_mtu is the user set MTU using SIOCSLIFMTU and must lie between
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * -- ill_user_mtu is set by in.ndpd using SIOCSLIFLNKINFO and must lie between
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
299625c6492013aa7bd163862f0d181854f69b3cSebastien Royip_get_mtu(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail if (!(flags & (MOD_PROP_DEFAULT|MOD_PROP_POSSIBLE)))
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6 ? B_TRUE : B_FALSE);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail rw_enter(&ipst->ips_ill_g_lock, RW_READER);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail for (; ill != NULL; ill = ill_next(&ctx, ill)) {
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail nbytes = snprintf(pval, psize, "%u", def_mtu);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail min_mtu = isv6 ? IPV6_MIN_MTU : IP_MIN_MTU;
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail nbytes = snprintf(pval, psize, "%u-%u", min_mtu, max_mtu);
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * See the comments for ip[6]_strict_src_multihoming for an explanation
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * of the semanitcs.
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhanip_set_src_multihoming_common(ulong_t new_value, ulong_t old_value,
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan ipst->ips_ipv6_strict_src_multihoming = new_value;
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan ipst->ips_ip_strict_src_multihoming = new_value;
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan } else if (new_value == 0) {
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail ipcl_walk(conn_ire_revalidate, (void *)B_FALSE, ipst);
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan } else if (new_value == 0) {
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail ipcl_walk(conn_ire_revalidate, (void *)B_TRUE, ipst);
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan/* ARGSUSED */
299625c6492013aa7bd163862f0d181854f69b3cSebastien Royip_set_src_multihoming(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan const char *ifname, const void* pval, uint_t flags)
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &new_value)) != 0)
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan isv6 = (strcmp(pinfo->mpi_name, "ip6_strict_src_multihoming") == 0);
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan ip_set_src_multihoming_common(new_value, old_value, isv6, ipst);
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan/* ARGSUSED */
299625c6492013aa7bd163862f0d181854f69b3cSebastien Royip_set_hostmodel(netstack_t *stack, cred_t *cr, mod_prop_info_t *pinfo,
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan const char *ifname, const void* pval, uint_t flags)
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan if ((err = mod_uint32_value(pval, pinfo, flags, &tmp)) != 0)
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan * Changes to src_multihoming may require ire's to be rebound/unbound,
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan * and also require generation number resets. Changes to dst_multihoming
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan * require a simple reset of the value.
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6);
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan ip_set_src_multihoming_common(0, old_src_multihoming,
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan ip_set_src_multihoming_common(1, old_src_multihoming,
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan ip_set_src_multihoming_common(2, old_src_multihoming,
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan/* ARGSUSED */
299625c6492013aa7bd163862f0d181854f69b3cSebastien Royip_get_hostmodel(netstack_t *stack, mod_prop_info_t *pinfo, const char *ifname,
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan boolean_t isv6 = (pinfo->mpi_proto == MOD_PROTO_IPV6);
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan if (ipst->ips_ip_strict_src_multihoming == 0 &&
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan else if (ipst->ips_ip_strict_src_multihoming == 1 &&
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan else if (ipst->ips_ip_strict_src_multihoming == 2 &&
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan if (ipst->ips_ipv6_strict_src_multihoming == 0 &&
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 0)
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan else if (ipst->ips_ipv6_strict_src_multihoming == 1 &&
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 0)
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan else if (ipst->ips_ipv6_strict_src_multihoming == 2 &&
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan ipst->ips_ipv6_strict_dst_multihoming == 1)
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan bcopy(&hostmodel, pval, sizeof (hostmodel));
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * All of these are alterable, within the min/max values given, at run time.
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail * Note: All those tunables which do not start with "_" are Committed and
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail * therefore are public. See PSARC 2010/080.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* tunable - 0 */
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_respond_to_address_mask_broadcast", MOD_PROTO_IP,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_respond_to_echo_broadcast", MOD_PROTO_IP,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_respond_to_echo_multicast", MOD_PROTO_IPV4,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_respond_to_timestamp_broadcast", MOD_PROTO_IP,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_forward_directed_broadcasts", MOD_PROTO_IP,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {0, 10, 0}, {0} },
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* tunable - 10 */
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* following tunable is in seconds - a deviant! */
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_icmp_return_data_bytes", MOD_PROTO_IPV4,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* tunable - 20 */
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * See comments for ip_strict_src_multihoming for an explanation
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * of the semantics of ip_strict_dst_multihoming
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_strict_dst_multihoming", MOD_PROTO_IPV4,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {0, 1, 0}, {0} },
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_ipsec_override_persocket_policy", MOD_PROTO_IP,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_icmp_accept_clear_messages", MOD_PROTO_IP,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_igmp_accept_clear_messages", MOD_PROTO_IP,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_ndp_delay_first_probe_time", MOD_PROTO_IP,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {2, 999999999, ND_DELAY_FIRST_PROBE_TIME},
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* tunable - 30 */
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_ndp_max_unicast_solicit", MOD_PROTO_IP,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {1, 999999999, ND_MAX_UNICAST_SOLICIT}, {ND_MAX_UNICAST_SOLICIT} },
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {1, 255, IPV6_MAX_HOPS}, {IPV6_MAX_HOPS} },
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_icmp_return_data_bytes", MOD_PROTO_IPV6,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {8, IPV6_MIN_MTU, IPV6_MIN_MTU}, {IPV6_MIN_MTU} },
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_respond_to_echo_multicast", MOD_PROTO_IPV6,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * See comments for ip6_strict_src_multihoming for an explanation
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * of the semantics of ip6_strict_dst_multihoming
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_strict_dst_multihoming", MOD_PROTO_IPV6,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {0, 1, 0}, {0} },
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_ipsec_policy_log_interval", MOD_PROTO_IP,
05b5eb98f5af5545cf01e97712cca09c5293fe9aDan McDonald {0, 999999, 0}, {0} },
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* tunable - 40 */
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_pim_accept_clear_messages", MOD_PROTO_IP,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_ndp_unsolicit_interval", MOD_PROTO_IP,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_ignore_home_address_opt", MOD_PROTO_IPV6,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {0, 15, 0}, {0} },
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* following tunable is in seconds - a deviant */
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* tunable - 50 */
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * when a conflict of an active address is detected,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * defend up to ip_max_defend times, within any
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * ip_defend_interval span.
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_restrict_interzone_loopback", MOD_PROTO_IP,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {IGMP_V1_ROUTER, IGMP_V3_ROUTER, IGMP_V3_ROUTER},
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {MLD_V1_ROUTER, MLD_V2_ROUTER, MLD_V2_ROUTER}, {MLD_V2_ROUTER} },
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* tunable - 60 */
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* delay before sending first probe: */
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* interval at which DAD probes are sent: */
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_arp_fastprobe_interval", MOD_PROTO_IP,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_dad_announce_interval", MOD_PROTO_IPV4,
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_dad_announce_interval", MOD_PROTO_IPV6,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* tunable - 70 */
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * Rate limiting parameters for DAD defense used in
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * ill_defend_rate_limit():
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * defend_rate : pkts/hour permitted
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * defend_interval : time that can elapse before we send out a
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * DAD defense.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * defend_period: denominator for defend_rate (in seconds).
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * publish count/interval values used to announce local addresses
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * for IPv4, IPv6.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /* tunable - 80 */
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * The ip*strict_src_multihoming and ip*strict_dst_multihoming provide
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * a range of choices for setting strong/weak/preferred end-system
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * behavior. The semantics for setting these are:
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * ip*_strict_dst_multihoming = 0
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * weak end system model for managing ip destination addresses.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * A packet with IP dst D1 that's received on interface I1 will be
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * accepted as long as D1 is one of the local addresses on
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * the machine, even if D1 is not configured on I1.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * ip*strict_dst_multihioming = 1
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * strong end system model for managing ip destination addresses.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * A packet with IP dst D1 that's received on interface I1 will be
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * accepted if, and only if, D1 is configured on I1.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * ip*strict_src_multihoming = 0
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * Source agnostic route selection for outgoing packets: the
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * outgoing interface for a packet will be computed using
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * default algorithms for route selection, where the route
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * with the longest matching prefix is chosen for the output
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * unless other route selection constraints are explicitly
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * specified during routing table lookup. This may result
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * in packet being sent out on interface I2 with source
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * address S1, even though S1 is not a configured address on I2.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * ip*strict_src_multihoming = 1
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * Preferred source aware route selection for outgoing packets: for
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * a packet with source S2, destination D2, the route selection
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * algorithm will first attempt to find a route for the destination
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * that goes out through an interface where S2 is
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * configured. If such a route cannot be found, then the
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * best-matching route for D2 will be selected.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * ip*strict_src_multihoming = 2
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * Source aware route selection for outgoing packets: a packet will
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * be sent out on an interface I2 only if the src address S2 of the
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * packet is a configured address on I2. In conjunction with
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * the setting 'ip_strict_dst_multihoming == 1', this will result in
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * the implementation of Strong ES as defined in Section 3.3.4.2 of
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_strict_src_multihoming", MOD_PROTO_IPV4,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {0, 2, 0}, {0} },
8887b57dc579de11464fc6c74163d2595ce073afGirish Moodalbail { "_strict_src_multihoming", MOD_PROTO_IPV6,
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {0, 2, 0}, {0} },
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail { "mtu", MOD_PROTO_IPV4, NULL, ip_get_mtu, {0}, {0} },
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail { "mtu", MOD_PROTO_IPV6, NULL, ip_get_mtu, {0}, {0} },
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * The following entry is a placeholder for `ip_debug' global
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * variable. Within these callback functions, we will be
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail * setting/getting the global variable
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail {0, 20, 0}, {0} },
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan { "hostmodel", MOD_PROTO_IPV4, ip_set_hostmodel, ip_get_hostmodel,
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} },
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan { "hostmodel", MOD_PROTO_IPV6, ip_set_hostmodel, ip_get_hostmodel,
f1e9465bc27e0b59eff81249c9c2e3fd268727a6Sowmini Varadhan {IP_WEAK_ES, IP_STRONG_ES, IP_WEAK_ES}, {IP_WEAK_ES} },
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail { "?", MOD_PROTO_IP, NULL, mod_get_allprop, {0}, {0} },