ip_tunables.c revision 8887b57dc579de11464fc6c74163d2595ce073af
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
*/
/* Copyright (c) 1990 Mentat Inc. */
#include <inet/ipclassifier.h>
#include <inet/tunables.h>
/* How long, in seconds, we allow frags to hang around. */
#define IP_REASM_TIMEOUT 15
#define IPV6_REASM_TIMEOUT 60
/*
* Set ip{,6}_forwarding values. If the value is being set on an ill,
* find the ill and set the value on it. On the other hand if we are modifying
* global property, modify the global value and set the value on all the ills.
*/
/* ARGSUSED */
static int
{
char *end;
unsigned long new_value;
if (flags & MOD_PROP_DEFAULT) {
} else {
*end != '\0')
return (EINVAL);
return (EINVAL);
}
/*
* if it's not per ill then set the global property and bring all the
* ills up to date with the new global value.
*/
if (!per_ill)
if (isv6)
else
/*
* if the property needs to be set on a particular
* interface, look for that interface.
*/
continue;
}
return (0);
}
static int
{
if (get_perm) {
goto ret;
} else if (get_def) {
goto ret;
}
/*
* if per interface value is not asked for return the current
* global value
*/
goto ret;
}
if (isv6)
else
/*
* if the property needs to be obtained on a particular
* interface, look for that interface.
*/
break;
}
return (ENXIO);
}
ret:
return (ENOBUFS);
return (0);
}
/*
* `ip_debug' is a global variable. So, we will be modifying the global
* variable here.
*/
/* ARGSUSED */
int
{
unsigned long new_value;
int err;
return (EPERM);
return (err);
return (0);
}
/*
* ip_debug is a global property. For default, permission and value range
* we retrieve the value from `pinfo'. However for the current value we
* retrieve the value from the global variable `ip_debug'
*/
/* ARGSUSED */
int
{
if (get_perm)
else if (get_range)
else if (get_def)
else
return (ENOBUFS);
return (0);
}
/*
* Set the CGTP (multirouting) filtering status. If the status is changed
* from active to transparent or from transparent to active, forward the
* new status to the filtering module (if loaded).
*/
/* ARGSUSED */
static int
{
unsigned long new_value;
char *end;
if (flags & MOD_PROP_DEFAULT) {
} else {
return (EINVAL);
}
}
" (module not loaded)" : "");
}
" (module not loaded)" : "");
}
int res;
if (res)
return (res);
}
return (0);
}
/*
* Retrieve the default MTU or min-max MTU range for a given interface.
*
* -- ill_max_frag value tells us the maximum MTU that can be handled by the
* datalink. This value is advertised by the driver via DLPI messages
*
* -- ill_current_frag for the most link-types will be same as ill_max_frag
* to begin with. However it is dynamically computed for some link-types
* like tunnels, based on the tunnel PMTU.
*
* -- ill_mtu is the user set MTU using SIOCSLIFMTU and must lie between
* (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
*
* -- ill_user_mtu is set by in.ndpd using SIOCSLIFLNKINFO and must lie between
* (IPV6_MIN_MTU/IP_MIN_MTU) and ill_max_frag.
*/
int
{
return (ENOTSUP);
return (ENOTSUP);
if (isv6)
else
break;
}
return (ENXIO);
}
if (flags & MOD_PROP_DEFAULT) {
} else if (flags & MOD_PROP_POSSIBLE) {
} else {
return (ENOTSUP);
}
return (ENOBUFS);
return (0);
}
/*
* See the comments for ip[6]_strict_src_multihoming for an explanation
* of the semanitcs.
*/
void
{
if (isv6)
else
if (!isv6) {
if (old_value == 0) {
} else if (new_value == 0) {
}
} else {
if (old_value == 0) {
} else if (new_value == 0) {
}
}
}
}
/* ARGSUSED */
static int
{
int err;
return (err);
return (0);
}
/* ARGSUSED */
static int
{
int err;
return (err);
switch (old_value) {
case IP_WEAK_ES:
old_src_multihoming = 0;
break;
case IP_SRC_PRI_ES:
old_src_multihoming = 1;
break;
case IP_STRONG_ES:
old_src_multihoming = 2;
break;
default:
ASSERT(0);
break;
}
/*
* and also require generation number resets. Changes to dst_multihoming
* require a simple reset of the value.
*/
switch (new_value) {
case IP_WEAK_ES:
if (isv6)
else
break;
case IP_SRC_PRI_ES:
if (isv6)
else
break;
case IP_STRONG_ES:
if (isv6)
else
break;
default:
return (EINVAL);
}
}
return (0);
}
/* ARGSUSED */
int
{
return (ENOBUFS);
if (!isv6) {
if (ipst->ips_ip_strict_src_multihoming == 0 &&
else
} else {
if (ipst->ips_ipv6_strict_src_multihoming == 0 &&
else
}
return (0);
}
/*
*
* Note: All those tunables which do not start with "_" are Committed and
* therefore are public. See PSARC 2010/080.
*/
/* tunable - 0 */
{ "_respond_to_address_mask_broadcast", MOD_PROTO_IP,
{ "_respond_to_echo_broadcast", MOD_PROTO_IP,
{ "_respond_to_echo_multicast", MOD_PROTO_IPV4,
{ "_respond_to_timestamp", MOD_PROTO_IP,
{ "_respond_to_timestamp_broadcast", MOD_PROTO_IP,
{ "_send_redirects", MOD_PROTO_IPV4,
{ "_forward_directed_broadcasts", MOD_PROTO_IP,
{ "_mrtdebug", MOD_PROTO_IP,
{0, 10, 0}, {0} },
{ "_ire_reclaim_fraction", MOD_PROTO_IP,
{1, 8, 3}, {3} },
{ "_nce_reclaim_fraction", MOD_PROTO_IP,
{1, 8, 3}, {3} },
/* tunable - 10 */
{ "_dce_reclaim_fraction", MOD_PROTO_IP,
{1, 8, 3}, {3} },
{ "ttl", MOD_PROTO_IPV4,
{1, 255, 255}, {255} },
{ "_forward_src_routed", MOD_PROTO_IPV4,
{ "_wroff_extra", MOD_PROTO_IP,
{0, 256, 32}, {32} },
/* following tunable is in seconds - a deviant! */
{ "_pathmtu_interval", MOD_PROTO_IP,
{2, 999999999, 60*20}, {60*20} },
{ "_icmp_return_data_bytes", MOD_PROTO_IPV4,
{8, 65536, 64}, {64} },
{ "_path_mtu_discovery", MOD_PROTO_IP,
{ "_pmtu_min", MOD_PROTO_IP,
{68, 65535, 576}, {576} },
{ "_ignore_redirect", MOD_PROTO_IPV4,
{ "_arp_icmp_error", MOD_PROTO_IP,
/* tunable - 20 */
{ "_broadcast_ttl", MOD_PROTO_IP,
{1, 254, 1}, {1} },
{ "_icmp_err_interval", MOD_PROTO_IP,
{0, 99999, 100}, {100} },
{ "_icmp_err_burst", MOD_PROTO_IP,
{1, 99999, 10}, {10} },
{ "_reass_queue_bytes", MOD_PROTO_IP,
{0, 999999999, 1000000}, {1000000} },
/*
* See comments for ip_strict_src_multihoming for an explanation
* of the semantics of ip_strict_dst_multihoming
*/
{ "_strict_dst_multihoming", MOD_PROTO_IPV4,
{0, 1, 0}, {0} },
{ "_addrs_per_if", MOD_PROTO_IP,
{ "_ipsec_override_persocket_policy", MOD_PROTO_IP,
{ "_icmp_accept_clear_messages", MOD_PROTO_IP,
{ "_igmp_accept_clear_messages", MOD_PROTO_IP,
{ "_ndp_delay_first_probe_time", MOD_PROTO_IP,
/* tunable - 30 */
{ "_ndp_max_unicast_solicit", MOD_PROTO_IP,
{ "hoplimit", MOD_PROTO_IPV6,
{ "_icmp_return_data_bytes", MOD_PROTO_IPV6,
{ "_forward_src_routed", MOD_PROTO_IPV6,
{ "_respond_to_echo_multicast", MOD_PROTO_IPV6,
{ "_send_redirects", MOD_PROTO_IPV6,
{ "_ignore_redirect", MOD_PROTO_IPV6,
/*
* See comments for ip6_strict_src_multihoming for an explanation
* of the semantics of ip6_strict_dst_multihoming
*/
{ "_strict_dst_multihoming", MOD_PROTO_IPV6,
{0, 1, 0}, {0} },
{ "_src_check", MOD_PROTO_IP,
{0, 2, 2}, {2} },
{ "_ipsec_policy_log_interval", MOD_PROTO_IP,
{0, 999999, 1000}, {1000} },
/* tunable - 40 */
{ "_pim_accept_clear_messages", MOD_PROTO_IP,
{ "_ndp_unsolicit_interval", MOD_PROTO_IP,
{1000, 20000, 2000}, {2000} },
{ "_ndp_unsolicit_count", MOD_PROTO_IP,
{1, 20, 3}, {3} },
{ "_ignore_home_address_opt", MOD_PROTO_IPV6,
{ "_policy_mask", MOD_PROTO_IP,
{0, 15, 0}, {0} },
{ "_ecmp_behavior", MOD_PROTO_IP,
{0, 2, 2}, {2} },
{ "_multirt_ttl", MOD_PROTO_IP,
{0, 255, 1}, {1} },
/* following tunable is in seconds - a deviant */
{ "_ire_badcnt_lifetime", MOD_PROTO_IP,
{0, 3600, 60}, {60} },
{ "_max_temp_idle", MOD_PROTO_IP,
{0, 999999, 60*60*24}, {60*60*24} },
{ "_max_temp_defend", MOD_PROTO_IP,
{0, 1000, 1}, {1} },
/* tunable - 50 */
/*
* when a conflict of an active address is detected,
* defend up to ip_max_defend times, within any
* ip_defend_interval span.
*/
{ "_max_defend", MOD_PROTO_IP,
{0, 1000, 3}, {3} },
{ "_defend_interval", MOD_PROTO_IP,
{0, 999999, 30}, {30} },
{ "_dup_recovery", MOD_PROTO_IP,
{0, 3600000, 300000}, {300000} },
{ "_restrict_interzone_loopback", MOD_PROTO_IP,
{ "_lso_outbound", MOD_PROTO_IP,
{ "_igmp_max_version", MOD_PROTO_IP,
{IGMP_V3_ROUTER} },
{ "_mld_max_version", MOD_PROTO_IP,
{ "forwarding", MOD_PROTO_IPV4,
{IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} },
{ "forwarding", MOD_PROTO_IPV6,
{IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} },
{ "_reasm_timeout", MOD_PROTO_IPV4,
{IP_REASM_TIMEOUT} },
/* tunable - 60 */
{ "_reasm_timeout", MOD_PROTO_IPV6,
{IPV6_REASM_TIMEOUT} },
{ "_cgtp_filter", MOD_PROTO_IP,
/* delay before sending first probe: */
{ "_arp_probe_delay", MOD_PROTO_IP,
{0, 20000, 1000}, {1000} },
{ "_arp_fastprobe_delay", MOD_PROTO_IP,
{0, 20000, 100}, {100} },
/* interval at which DAD probes are sent: */
{ "_arp_probe_interval", MOD_PROTO_IP,
{10, 20000, 1500}, {1500} },
{ "_arp_fastprobe_interval", MOD_PROTO_IP,
{10, 20000, 150}, {150} },
{ "_arp_probe_count", MOD_PROTO_IP,
{0, 20, 3}, {3} },
{ "_arp_fastprobe_count", MOD_PROTO_IP,
{0, 20, 3}, {3} },
{ "_dad_announce_interval", MOD_PROTO_IPV4,
{0, 3600000, 15000}, {15000} },
{ "_dad_announce_interval", MOD_PROTO_IPV6,
{0, 3600000, 15000}, {15000} },
/* tunable - 70 */
/*
* Rate limiting parameters for DAD defense used in
* ill_defend_rate_limit():
* defend_interval : time that can elapse before we send out a
* DAD defense.
* defend_period: denominator for defend_rate (in seconds).
*/
{ "_arp_defend_interval", MOD_PROTO_IP,
{0, 3600000, 300000}, {300000} },
{ "_arp_defend_rate", MOD_PROTO_IP,
{0, 20000, 100}, {100} },
{ "_ndp_defend_interval", MOD_PROTO_IP,
{0, 3600000, 300000}, {300000} },
{ "_ndp_defend_rate", MOD_PROTO_IP,
{0, 20000, 100}, {100} },
{ "_arp_defend_period", MOD_PROTO_IP,
{5, 86400, 3600}, {3600} },
{ "_ndp_defend_period", MOD_PROTO_IP,
{5, 86400, 3600}, {3600} },
{ "_icmp_return_pmtu", MOD_PROTO_IPV4,
{ "_icmp_return_pmtu", MOD_PROTO_IPV6,
/*
* for IPv4, IPv6.
*/
{ "_arp_publish_count", MOD_PROTO_IP,
{1, 20, 5}, {5} },
{ "_arp_publish_interval", MOD_PROTO_IP,
{1000, 20000, 2000}, {2000} },
/* tunable - 80 */
/*
* The ip*strict_src_multihoming and ip*strict_dst_multihoming provide
* behavior. The semantics for setting these are:
*
* ip*_strict_dst_multihoming = 0
* weak end system model for managing ip destination addresses.
* A packet with IP dst D1 that's received on interface I1 will be
* accepted as long as D1 is one of the local addresses on
* the machine, even if D1 is not configured on I1.
* ip*strict_dst_multihioming = 1
* strong end system model for managing ip destination addresses.
* A packet with IP dst D1 that's received on interface I1 will be
* accepted if, and only if, D1 is configured on I1.
*
* ip*strict_src_multihoming = 0
* Source agnostic route selection for outgoing packets: the
* outgoing interface for a packet will be computed using
* default algorithms for route selection, where the route
* with the longest matching prefix is chosen for the output
* unless other route selection constraints are explicitly
* specified during routing table lookup. This may result
* in packet being sent out on interface I2 with source
* address S1, even though S1 is not a configured address on I2.
* ip*strict_src_multihoming = 1
* Preferred source aware route selection for outgoing packets: for
* a packet with source S2, destination D2, the route selection
* algorithm will first attempt to find a route for the destination
* that goes out through an interface where S2 is
* configured. If such a route cannot be found, then the
* best-matching route for D2 will be selected.
* ip*strict_src_multihoming = 2
* Source aware route selection for outgoing packets: a packet will
* be sent out on an interface I2 only if the src address S2 of the
* packet is a configured address on I2. In conjunction with
* the setting 'ip_strict_dst_multihoming == 1', this will result in
* the implementation of Strong ES as defined in Section 3.3.4.2 of
* RFC 1122
*/
{ "_strict_src_multihoming", MOD_PROTO_IPV4,
{0, 2, 0}, {0} },
{ "_strict_src_multihoming", MOD_PROTO_IPV6,
{0, 2, 0}, {0} },
#ifdef DEBUG
{ "_drop_inbound_icmpv6", MOD_PROTO_IPV6,
#else
#endif
/*
* The following entry is a placeholder for `ip_debug' global
* variable. Within these callback functions, we will be
*/
{ "_debug", MOD_PROTO_IP,
{0, 20, 0}, {0} },
};