Mercurial > illumos > illumos-gate
changeset 13137:34b1540309cc
6956844 ipadm private properties should begin with '_' instead of leading protocol name
line wrap: on
line diff
--- a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_impl.h Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_impl.h Mon Aug 16 19:16:00 2010 -0400 @@ -36,6 +36,7 @@ #include <ipadm_ipmgmt.h> #include <syslog.h> #include <pthread.h> +#include <libscf.h> #define IPMGMT_STRSIZE 256 #define IPMGMTD_FMRI "svc:/network/ip-interface-management:default" @@ -133,6 +134,17 @@ #define ADDROBJ_LOOKUPADD 0x00000004 #define ADDROBJ_SETLIFNUM 0x00000008 +/* Permanent data store for ipadm */ +#define IPADM_DB_FILE "/etc/ipadm/ipadm.conf" +#define IPADM_FILE_MODE (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) + +/* + * With the initial integration of the daemon (PSARC 2010/080), the version + * of the ipadm data-store (/etc/ipadm/ipadm.conf) was 0. A subsequent fix + * needed an upgrade to the data-store and we bumped the version to 1. + */ +#define IPADM_DB_VERSION 1 + /* * A temporary file created in SMF volatile filesystem. This file captures the * in-memory copy of list `aobjmap' on disk. This is done to recover from @@ -148,15 +160,34 @@ */ #define IPADM_VOL_DB_FILE IPADM_TMPFS_DIR"/ipadm.conf" +/* SCF resources required to interact with svc.configd */ +typedef struct scf_resources { + scf_handle_t *sr_handle; + scf_instance_t *sr_inst; + scf_propertygroup_t *sr_pg; + scf_property_t *sr_prop; + scf_value_t *sr_val; + scf_transaction_t *sr_tx; + scf_transaction_entry_t *sr_ent; +} scf_resources_t; + extern int ipmgmt_db_walk(db_wfunc_t *, void *, ipadm_db_op_t); extern int ipmgmt_aobjmap_op(ipmgmt_aobjmap_t *, uint32_t); extern boolean_t ipmgmt_aobjmap_init(void *, nvlist_t *, char *, size_t, int *); extern int ipmgmt_persist_aobjmap(ipmgmt_aobjmap_t *, ipadm_db_op_t); +extern boolean_t ipmgmt_ngz_firstboot_postinstall(); +extern int ipmgmt_persist_if(ipmgmt_if_arg_t *); +extern void ipmgmt_init_prop(); +extern boolean_t ipmgmt_db_upgrade(void *, nvlist_t *, char *, + size_t, int *); +extern int ipmgmt_create_scf_resources(const char *, + scf_resources_t *); +extern void ipmgmt_release_scf_resources(scf_resources_t *); +extern boolean_t ipmgmt_needs_upgrade(scf_resources_t *); +extern void ipmgmt_update_dbver(scf_resources_t *); -extern boolean_t ipmgmt_first_boot(); -extern int ipmgmt_persist_if(ipmgmt_if_arg_t *); #ifdef __cplusplus } #endif
--- a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_main.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_main.c Mon Aug 16 19:16:00 2010 -0400 @@ -73,7 +73,7 @@ const char *progname; /* readers-writers lock for reading/writing daemon data store */ -pthread_rwlock_t ipmgmt_dbconf_lock; +pthread_rwlock_t ipmgmt_dbconf_lock = PTHREAD_RWLOCK_INITIALIZER; /* tracks address object to {ifname|logical number|interface id} mapping */ ipmgmt_aobjmap_list_t aobjmap; @@ -87,7 +87,6 @@ static void ipmgmt_exit(int); static int ipmgmt_init(); static int ipmgmt_init_privileges(); -static void ipmgmt_ngz_init(); static void ipmgmt_ngz_persist_if(); static ipadm_handle_t iph; @@ -103,7 +102,36 @@ static int ipmgmt_db_init() { - int fd, err; + int fd, err, scferr; + scf_resources_t res; + boolean_t upgrade = B_TRUE; + + /* + * Check to see if we need to upgrade the data-store. We need to + * upgrade, if the version of the data-store does not match with + * IPADM_DB_VERSION. Further, if we cannot determine the current + * version of the data-store, we always err on the side of caution + * and upgrade the data-store to current version. + */ + if ((scferr = ipmgmt_create_scf_resources(IPMGMTD_FMRI, &res)) == 0) + upgrade = ipmgmt_needs_upgrade(&res); + if (upgrade) { + err = ipmgmt_db_walk(ipmgmt_db_upgrade, NULL, IPADM_DB_WRITE); + if (err != 0) { + ipmgmt_log(LOG_ERR, "could not upgrade the " + "ipadm data-store: %s", strerror(err)); + err = 0; + } else { + /* + * upgrade was success, let's update SCF with the + * current data-store version number. + */ + if (scferr == 0) + ipmgmt_update_dbver(&res); + } + } + if (scferr == 0) + ipmgmt_release_scf_resources(&res); /* creates the address object data store, if it doesn't exist */ if ((fd = open(ADDROBJ_MAPPING_DB_FILE, O_CREAT|O_RDONLY, @@ -132,8 +160,6 @@ err = 0; } - (void) pthread_rwlock_init(&ipmgmt_dbconf_lock, NULL); - ipmgmt_ngz_persist_if(); /* create persistent interface info for NGZ */ return (err); @@ -289,7 +315,7 @@ * available for restoring persistent configuration. */ if (strcmp(brand, NATIVE_BRAND_NAME) == 0) - firstboot = ipmgmt_first_boot(); + firstboot = ipmgmt_ngz_firstboot_postinstall(); else s10c = B_TRUE; @@ -323,7 +349,7 @@ ipmgmt_init_privileges() { struct stat statbuf; - int err; + int err; /* create the IPADM_TMPFS_DIR directory */ if (stat(IPADM_TMPFS_DIR, &statbuf) < 0) { @@ -353,6 +379,12 @@ ipmgmt_ngz_init(); /* + * Apply all protocol module properties. We need to apply all protocol + * properties before we drop root privileges. + */ + ipmgmt_init_prop(); + + /* * limit the privileges of this daemon and set the uid of this * daemon to UID_NETADM */
--- a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_persist.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_persist.c Mon Aug 16 19:16:00 2010 -0400 @@ -56,7 +56,12 @@ #include <arpa/inet.h> #include <unistd.h> #include "ipmgmt_impl.h" -#include <libscf.h> + +/* SCF related property group names and property names */ +#define IPMGMTD_APP_PG "ipmgmtd" +#define IPMGMTD_PROP_FBD "first_boot_done" +#define IPMGMTD_PROP_DBVER "datastore_version" +#define IPMGMTD_TRUESTR "true" #define ATYPE "_atype" /* name of the address type nvpair */ #define FLAGS "_flags" /* name of the flags nvpair */ @@ -412,6 +417,7 @@ boolean_t writeop; mode_t mode; pthread_t tid; + pthread_attr_t attr; writeop = (db_op != IPADM_DB_READ); if (writeop) { @@ -443,8 +449,12 @@ err = ipmgmt_cpfile(IPADM_DB_FILE, IPADM_VOL_DB_FILE, B_TRUE); if (err != 0) goto done; - err = pthread_create(&tid, NULL, ipmgmt_db_restore_thread, + (void) pthread_attr_init(&attr); + (void) pthread_attr_setdetachstate(&attr, + PTHREAD_CREATE_DETACHED); + err = pthread_create(&tid, &attr, ipmgmt_db_restore_thread, NULL); + (void) pthread_attr_destroy(&attr); if (err != 0) { (void) unlink(IPADM_VOL_DB_FILE); goto done; @@ -490,6 +500,7 @@ char *name, *instrval = NULL, *dbstrval = NULL; char pval[MAXPROPVALLEN]; + *errp = 0; if (!ipmgmt_nvlist_intersects(db_nvl, in_nvl)) return (B_TRUE); @@ -531,7 +542,6 @@ /* buffer overflow */ *errp = ENOBUFS; } - *errp = 0; /* we updated the DB entry, so do not continue */ return (B_FALSE); @@ -1245,21 +1255,169 @@ return (err); } -typedef struct scf_resources { - scf_handle_t *sr_handle; - scf_instance_t *sr_inst; - scf_propertygroup_t *sr_pg; - scf_property_t *sr_prop; - scf_value_t *sr_val; - scf_transaction_t *sr_tx; - scf_transaction_entry_t *sr_ent; -} scf_resources_t; +/* + * upgrades the ipadm data-store. It renames all the old private protocol + * property names which start with leading protocol names to begin with + * IPADM_PRIV_PROP_PREFIX. + */ +/* ARGSUSED */ +boolean_t +ipmgmt_db_upgrade(void *arg, nvlist_t *db_nvl, char *buf, size_t buflen, + int *errp) +{ + nvpair_t *nvp; + char *name, *pname = NULL, *protostr = NULL, *pval = NULL; + uint_t proto, nproto; + char nname[IPMGMT_STRSIZE], tmpstr[IPMGMT_STRSIZE]; + + *errp = 0; + /* + * We are interested in lines which contain protocol properties. We + * walk through other lines in the DB. + */ + if (nvlist_exists(db_nvl, IPADM_NVP_IFNAME) || + nvlist_exists(db_nvl, IPADM_NVP_AOBJNAME)) { + return (B_TRUE); + } + assert(nvlist_exists(db_nvl, IPADM_NVP_PROTONAME)); + + /* + * extract the propname from the `db_nvl' and also extract the + * protocol from the `db_nvl'. + */ + for (nvp = nvlist_next_nvpair(db_nvl, NULL); nvp != NULL; + nvp = nvlist_next_nvpair(db_nvl, nvp)) { + name = nvpair_name(nvp); + if (strcmp(name, IPADM_NVP_PROTONAME) == 0) { + if (nvpair_value_string(nvp, &protostr) != 0) + return (B_TRUE); + } else { + assert(!IPADM_PRIV_NVP(name)); + pname = name; + if (nvpair_value_string(nvp, &pval) != 0) + return (B_TRUE); + } + } + + /* if the private property is in the right format return */ + if (strncmp(pname, IPADM_PERSIST_PRIVPROP_PREFIX, + strlen(IPADM_PERSIST_PRIVPROP_PREFIX)) == 0) { + return (B_TRUE); + } + /* if it's a public property move onto the next property */ + nproto = proto = ipadm_str2proto(protostr); + if (ipadm_legacy2new_propname(pname, nname, sizeof (nname), + &nproto) != 0) { + return (B_TRUE); + } + + /* replace the old protocol with new protocol, if required */ + if (nproto != proto) { + protostr = ipadm_proto2str(nproto); + if (nvlist_add_string(db_nvl, IPADM_NVP_PROTONAME, + protostr) != 0) { + return (B_TRUE); + } + } + + /* replace the old property name with new property name, if required */ + /* add the prefix to property name */ + (void) snprintf(tmpstr, sizeof (tmpstr), "_%s", nname); + if (nvlist_add_string(db_nvl, tmpstr, pval) != 0 || + nvlist_remove(db_nvl, pname, DATA_TYPE_STRING) != 0) { + return (B_TRUE); + } + (void) memset(buf, 0, buflen); + if (ipadm_nvlist2str(db_nvl, buf, buflen) == 0) { + /* buffer overflow */ + *errp = ENOBUFS; + } + return (B_TRUE); +} /* - * Inputs: - * res is a pointer to the scf_resources_t to be released. + * Called during boot. + * + * Walk through the DB and apply all the global module properties. We plow + * through the DB even if we fail to apply property. */ -static void +/* ARGSUSED */ +static boolean_t +ipmgmt_db_init(void *cbarg, nvlist_t *db_nvl, char *buf, size_t buflen, + int *errp) +{ + ipadm_handle_t iph = cbarg; + nvpair_t *nvp, *pnvp; + char *strval = NULL, *name, *mod = NULL, *pname; + char tmpstr[IPMGMT_STRSIZE]; + uint_t proto; + + /* + * We could have used nvl_exists() directly, however we need several + * calls to it and each call traverses the list. Since this codepath + * is exercised during boot, let's traverse the list ourselves and do + * the necessary checks. + */ + for (nvp = nvlist_next_nvpair(db_nvl, NULL); nvp != NULL; + nvp = nvlist_next_nvpair(db_nvl, nvp)) { + name = nvpair_name(nvp); + if (IPADM_PRIV_NVP(name)) { + if (strcmp(name, IPADM_NVP_IFNAME) == 0 || + strcmp(name, IPADM_NVP_AOBJNAME) == 0) + return (B_TRUE); + else if (strcmp(name, IPADM_NVP_PROTONAME) == 0 && + nvpair_value_string(nvp, &mod) != 0) + return (B_TRUE); + } else { + /* possible a property */ + pnvp = nvp; + } + } + + /* if we are here than we found a global property */ + assert(mod != NULL); + assert(nvpair_type(pnvp) == DATA_TYPE_STRING); + + proto = ipadm_str2proto(mod); + name = nvpair_name(pnvp); + if (nvpair_value_string(pnvp, &strval) == 0) { + if (strncmp(name, IPADM_PERSIST_PRIVPROP_PREFIX, + strlen(IPADM_PERSIST_PRIVPROP_PREFIX)) == 0) { + /* private protocol property */ + pname = &name[1]; + } else if (ipadm_legacy2new_propname(name, tmpstr, + sizeof (tmpstr), &proto) == 0) { + pname = tmpstr; + } else { + pname = name; + } + if (ipadm_set_prop(iph, pname, strval, proto, + IPADM_OPT_ACTIVE) != IPADM_SUCCESS) { + ipmgmt_log(LOG_WARNING, "Failed to reapply property %s", + pname); + } + } + + return (B_TRUE); +} + +/* initialize global module properties */ +void +ipmgmt_init_prop() +{ + ipadm_handle_t iph = NULL; + + if (ipadm_open(&iph, IPH_INIT) != IPADM_SUCCESS) { + ipmgmt_log(LOG_WARNING, "Could not reapply any of the " + "persisted protocol properties"); + return; + } + /* ipmgmt_db_init() logs warnings if there are any issues */ + (void) ipmgmt_db_walk(ipmgmt_db_init, iph, IPADM_DB_READ); + ipadm_close(iph); +} + +void ipmgmt_release_scf_resources(scf_resources_t *res) { scf_entry_destroy(res->sr_ent); @@ -1273,23 +1431,11 @@ } /* - * Inputs: - * fmri is the instance to look up - * Outputs: - * res is a pointer to an scf_resources_t. This is an internal - * structure that holds all the handles needed to get a specific - * property from the running snapshot; on a successful return it - * contains the scf_value_t that should be passed to the desired - * scf_value_get_foo() function, and must be freed after use by - * calling release_scf_resources(). On a failure return, any - * resources that may have been assigned to res are released, so - * the caller does not need to do any cleanup in the failure case. - * Returns: - * 0 on success - * -1 on failure + * It creates the necessary SCF handles and binds the given `fmri' to an + * instance. These resources are required for retrieving property value, + * creating property groups and modifying property values. */ - -static int +int ipmgmt_create_scf_resources(const char *fmri, scf_resources_t *res) { res->sr_tx = NULL; @@ -1299,71 +1445,83 @@ res->sr_prop = NULL; res->sr_val = NULL; - if ((res->sr_handle = scf_handle_create(SCF_VERSION)) == NULL) { + if ((res->sr_handle = scf_handle_create(SCF_VERSION)) == NULL) return (-1); - } if (scf_handle_bind(res->sr_handle) != 0) { scf_handle_destroy(res->sr_handle); return (-1); } - if ((res->sr_inst = scf_instance_create(res->sr_handle)) == NULL) { + if ((res->sr_inst = scf_instance_create(res->sr_handle)) == NULL) goto failure; - } if (scf_handle_decode_fmri(res->sr_handle, fmri, NULL, NULL, res->sr_inst, NULL, NULL, SCF_DECODE_FMRI_REQUIRE_INSTANCE) != 0) { goto failure; } - if ((res->sr_pg = scf_pg_create(res->sr_handle)) == NULL) { - goto failure; - } - if ((res->sr_prop = scf_property_create(res->sr_handle)) == NULL) { - goto failure; - } - if ((res->sr_val = scf_value_create(res->sr_handle)) == NULL) { - goto failure; - } - if ((res->sr_tx = scf_transaction_create(res->sr_handle)) == NULL) { - goto failure; - } - if ((res->sr_ent = scf_entry_create(res->sr_handle)) == NULL) { - goto failure; - } + /* we will create the rest of the resources on demand */ return (0); failure: + ipmgmt_log(LOG_WARNING, "failed to create scf resources: %s", + scf_strerror(scf_error())); ipmgmt_release_scf_resources(res); return (-1); } +/* + * persists the `pval' for a given property `pname' in SCF. The only supported + * SCF property types are INTEGER and ASTRING. + */ static int -ipmgmt_set_property_value(scf_resources_t *res, const char *propname, - scf_type_t proptype) +ipmgmt_set_scfprop_value(scf_resources_t *res, const char *pname, void *pval, + scf_type_t ptype) { int result = -1; boolean_t new; -retry: - new = (scf_pg_get_property(res->sr_pg, propname, res->sr_prop) != 0); - - if (scf_transaction_start(res->sr_tx, res->sr_pg) == -1) { + if ((res->sr_val = scf_value_create(res->sr_handle)) == NULL) + goto failure; + switch (ptype) { + case SCF_TYPE_INTEGER: + scf_value_set_integer(res->sr_val, *(int64_t *)pval); + break; + case SCF_TYPE_ASTRING: + if (scf_value_set_astring(res->sr_val, (char *)pval) != 0) { + ipmgmt_log(LOG_WARNING, "Error setting string value %s " + "for property %s: %s", pval, pname, + scf_strerror(scf_error())); + goto failure; + } + break; + default: goto failure; } + + if ((res->sr_tx = scf_transaction_create(res->sr_handle)) == NULL) + goto failure; + if ((res->sr_ent = scf_entry_create(res->sr_handle)) == NULL) + goto failure; + if ((res->sr_prop = scf_property_create(res->sr_handle)) == NULL) + goto failure; + +retry: + new = (scf_pg_get_property(res->sr_pg, pname, res->sr_prop) != 0); + if (scf_transaction_start(res->sr_tx, res->sr_pg) == -1) + goto failure; if (new) { if (scf_transaction_property_new(res->sr_tx, res->sr_ent, - propname, proptype) == -1) { + pname, ptype) == -1) { goto failure; } } else { if (scf_transaction_property_change(res->sr_tx, res->sr_ent, - propname, proptype) == -1) { + pname, ptype) == -1) { goto failure; } } - if (scf_entry_add_value(res->sr_ent, res->sr_val) != 0) { + if (scf_entry_add_value(res->sr_ent, res->sr_val) != 0) goto failure; - } result = scf_transaction_commit(res->sr_tx); if (result == 0) { @@ -1378,69 +1536,153 @@ return (0); failure: + ipmgmt_log(LOG_WARNING, "failed to save the data in SCF: %s", + scf_strerror(scf_error())); return (-1); } /* - * Returns TRUE if this is the first boot, else return FALSE. The - * "ipmgmtd/first_boot_done" property is persistently set up on - * IPMGMTD_FMRI on the first boot. Note that the presence of - * "first_boot_done" itself is sufficient to indicate that this is - * not the first boot i.e., the value of the property is immaterial. + * Given a `pgname'/`pname', it retrieves the value based on `ptype' and + * places it in `pval'. */ -extern boolean_t -ipmgmt_first_boot() +static int +ipmgmt_get_scfprop(scf_resources_t *res, const char *pgname, const char *pname, + void *pval, scf_type_t ptype) { + ssize_t numvals; scf_simple_prop_t *prop; - ssize_t numvals; - scf_resources_t res; - scf_error_t err; - if (ipmgmt_create_scf_resources(IPMGMTD_FMRI, &res) != 0) - return (B_TRUE); /* err on the side of caution */ - prop = scf_simple_prop_get(res.sr_handle, - IPMGMTD_FMRI, "ipmgmtd", "first_boot_done"); + prop = scf_simple_prop_get(res->sr_handle, IPMGMTD_FMRI, pgname, pname); numvals = scf_simple_prop_numvalues(prop); - if (numvals > 0) { - scf_simple_prop_free(prop); - ipmgmt_release_scf_resources(&res); - return (B_FALSE); + if (numvals <= 0) + goto ret; + switch (ptype) { + case SCF_TYPE_INTEGER: + *(int64_t **)pval = scf_simple_prop_next_integer(prop); + break; + case SCF_TYPE_ASTRING: + *(char **)pval = scf_simple_prop_next_astring(prop); + break; + } +ret: + scf_simple_prop_free(prop); + return (numvals); +} + +/* + * It stores the `pval' for given `pgname'/`pname' property group in SCF. + */ +static int +ipmgmt_set_scfprop(scf_resources_t *res, const char *pgname, const char *pname, + void *pval, scf_type_t ptype) +{ + scf_error_t err; + + if ((res->sr_pg = scf_pg_create(res->sr_handle)) == NULL) { + ipmgmt_log(LOG_WARNING, "failed to create property group: %s", + scf_strerror(scf_error())); + return (-1); } - /* - * mark the first boot by setting ipmgmtd/first_boot_done to true - */ - if (scf_instance_add_pg(res.sr_inst, "ipmgmtd", SCF_GROUP_APPLICATION, - 0, res.sr_pg) != 0) { - if ((err = scf_error()) != SCF_ERROR_EXISTS) - goto failure; + if (scf_instance_add_pg(res->sr_inst, pgname, SCF_GROUP_APPLICATION, + 0, res->sr_pg) != 0) { + if ((err = scf_error()) != SCF_ERROR_EXISTS) { + ipmgmt_log(LOG_WARNING, + "Error adding property group '%s/%s': %s", + pgname, pname, scf_strerror(err)); + return (-1); + } /* - * err == SCF_ERROR_EXISTS is by itself sufficient to declare - * that this is not the first boot, but we create a simple - * property as a place-holder, so that we don't leave an - * empty process group behind. + * if the property group already exists, then we get the + * composed view of the property group for the given instance. */ - if (scf_instance_get_pg_composed(res.sr_inst, NULL, "ipmgmtd", - res.sr_pg) != 0) { - err = scf_error(); - goto failure; + if (scf_instance_get_pg_composed(res->sr_inst, NULL, pgname, + res->sr_pg) != 0) { + ipmgmt_log(LOG_WARNING, "Error getting composed view " + "of the property group '%s/%s': %s", pgname, pname, + scf_strerror(scf_error())); + return (-1); } } - if (scf_value_set_astring(res.sr_val, "true") != 0) { - err = scf_error(); - goto failure; - } + return (ipmgmt_set_scfprop_value(res, pname, pval, ptype)); +} + +/* + * Returns B_TRUE, if the non-global zone is being booted for the first time + * after being installed. This is required to setup the ipadm data-store for + * the first boot of the non-global zone. Please see, PSARC 2010/166, + * for more info. + * + * Note that, this API cannot be used to determine first boot post image-update. + * 'pkg image-update' clones the current BE and the existing value of + * ipmgmtd/first_boot_done will be carried forward and obviously it will be set + * to B_TRUE. + */ +boolean_t +ipmgmt_ngz_firstboot_postinstall() +{ + scf_resources_t res; + boolean_t bval = B_TRUE; + char *strval; + + /* we always err on the side of caution */ + if (ipmgmt_create_scf_resources(IPMGMTD_FMRI, &res) != 0) + return (bval); - if (ipmgmt_set_property_value(&res, "first_boot_done", - SCF_TYPE_ASTRING) != 0) { - ipmgmt_log(LOG_WARNING, - "Could not set rval of first_boot_done"); + if (ipmgmt_get_scfprop(&res, IPMGMTD_APP_PG, IPMGMTD_PROP_FBD, &strval, + SCF_TYPE_ASTRING) > 0) { + bval = (strcmp(strval, IPMGMTD_TRUESTR) == 0 ? + B_FALSE : B_TRUE); + } else { + /* + * IPMGMTD_PROP_FBD does not exist in the SCF. Lets create it. + * Since we err on the side of caution, we ignore the return + * error and return B_TRUE. + */ + (void) ipmgmt_set_scfprop(&res, IPMGMTD_APP_PG, + IPMGMTD_PROP_FBD, IPMGMTD_TRUESTR, SCF_TYPE_ASTRING); } + ipmgmt_release_scf_resources(&res); + return (bval); +} -failure: - ipmgmt_log(LOG_WARNING, "ipmgmt_first_boot scf error %s", - scf_strerror(err)); - ipmgmt_release_scf_resources(&res); - return (B_TRUE); +/* + * Returns B_TRUE, if the data-store needs upgrade otherwise returns B_FALSE. + * Today we have to take care of, one case of, upgrading from version 0 to + * version 1, so we will use boolean_t as means to decide if upgrade is needed + * or not. Further, the upcoming projects might completely move the flatfile + * data-store into SCF and hence we shall keep this interface simple. + */ +boolean_t +ipmgmt_needs_upgrade(scf_resources_t *res) +{ + boolean_t bval = B_TRUE; + int64_t *verp; + + if (ipmgmt_get_scfprop(res, IPMGMTD_APP_PG, IPMGMTD_PROP_DBVER, + &verp, SCF_TYPE_INTEGER) > 0) { + if (*verp == IPADM_DB_VERSION) + bval = B_FALSE; + } + /* + * 'datastore_version' doesn't exist. Which means that we need to + * upgrade the datastore. We will create 'datastore_version' and set + * the version value to IPADM_DB_VERSION, after we upgrade the file. + */ + return (bval); } + +/* + * This is called after the successful upgrade of the local data-store. With + * the data-store upgraded to recent version we don't have to do anything on + * subsequent reboots. + */ +void +ipmgmt_update_dbver(scf_resources_t *res) +{ + int64_t version = IPADM_DB_VERSION; + + (void) ipmgmt_set_scfprop(res, IPMGMTD_APP_PG, + IPMGMTD_PROP_DBVER, &version, SCF_TYPE_INTEGER); +}
--- a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_util.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_util.c Mon Aug 16 19:16:00 2010 -0400 @@ -61,9 +61,9 @@ struct stat statbuf; FILE *sfp, *dfp; char buf[IPMGMT_BUFSIZ]; - size_t bytes; int err = 0; + errno = 0; /* * Attempt to open the destination file first since we * want to optimize for the case where it is read-only @@ -89,14 +89,15 @@ /* * Copy the file. */ - while (((bytes = fread(buf, 1, sizeof (buf), sfp)) != 0) && - (errno == 0)) { - (void) fwrite(buf, bytes, 1, dfp); + while (fgets(buf, sizeof (buf), sfp) != NULL && errno == 0) { + (void) fputs(buf, dfp); if (errno != 0) break; } if (errno != 0) err = errno; + else if (fflush(dfp) == EOF) + err = errno; (void) fclose(sfp); (void) fclose(dfp);
--- a/usr/src/cmd/cmd-inet/lib/ipmgmtd/net-ipmgmt Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/net-ipmgmt Mon Aug 16 19:16:00 2010 -0400 @@ -50,12 +50,6 @@ fi fi -# Apply any persistent protocol (IP/TCP/SCTP/UDP/ICMP) properties -# ipadm doesn't exist and init-prop isn't required inside S10C -if [ -f /sbin/ipadm ]; then - /sbin/ipadm init-prop -fi - # # We must be now in a global zone or non-global zone with exclusive-IP stack. # Start the ipmgmtd daemon.
--- a/usr/src/cmd/cmd-inet/usr.sbin/ipadm/ipadm.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/cmd/cmd-inet/usr.sbin/ipadm/ipadm.c Mon Aug 16 19:16:00 2010 -0400 @@ -53,7 +53,7 @@ typedef void cmdfunc_t(int, char **, const char *); static cmdfunc_t do_create_if, do_delete_if, do_enable_if, do_disable_if; static cmdfunc_t do_show_if; -static cmdfunc_t do_set_prop, do_show_prop, do_init_prop, do_set_ifprop; +static cmdfunc_t do_set_prop, do_show_prop, do_set_ifprop; static cmdfunc_t do_show_ifprop, do_reset_ifprop, do_reset_prop; static cmdfunc_t do_show_addrprop, do_set_addrprop, do_reset_addrprop; static cmdfunc_t do_create_addr, do_delete_addr, do_show_addr; @@ -115,10 +115,7 @@ "\treset-prop\t[-t] -p <prop> <protocol>" }, { "show-prop", do_show_prop, "\tshow-prop\t[[-c] -o <field>,...] [-p <prop>,...]" - " [protocol]" }, - - /* private sub-commands */ - { "init-prop", do_init_prop, "\tinit-prop\n" } + " [protocol]" } }; static const struct option if_longopts[] = { @@ -351,8 +348,6 @@ gettext("usage: ipadm <subcommand> <args> ...\n")); for (i = 0; i < sizeof (cmds) / sizeof (cmds[0]); i++) { cmdp = &cmds[i]; - if (strcmp(cmdp->c_name, "init-prop") == 0) - continue; if (cmdp->c_usage != NULL) (void) fprintf(stderr, "%s\n", gettext(cmdp->c_usage)); } @@ -1038,17 +1033,6 @@ set_prop(argc, argv, _B_TRUE, use); } -/* - * Called on reboot by /lib/inet/netstart. Reads the persistent store - * and applies all the global protocol properties. - */ -/* ARGSUSED */ -static void -do_init_prop(int argc, char **argv, const char *use) -{ - (void) ipadm_init_prop(); -} - /* PRINTFLIKE1 */ static void warn(const char *format, ...)
--- a/usr/src/cmd/cmd-inet/usr.sbin/ndd.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/cmd/cmd-inet/usr.sbin/ndd.c Mon Aug 16 19:16:00 2010 -0400 @@ -19,15 +19,11 @@ * CDDL HEADER END */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* Copyright (c) 1990 Mentat Inc. */ -/* - * Copyright (c) 1990 Mentat Inc. - * ndd.c 2.1, last change 11/14/90 - */ - +#include <assert.h> #include <stdio.h> #include <errno.h> #include <ctype.h> @@ -164,8 +160,20 @@ } /* - * This function converts any new property names to old ndd name by consulting - * ndd2ipadm_map_t. This is done to preserve backward compatibility. + * Print all the protocol properties for the given protocol name. The kernel + * returns all the properties for the given protocol therefore we have to + * apply some filters before we print them. + * + * - convert any new ipadm name to old ndd name using the table. + * For example: `sack' --> `tcp_sack_permitted'. + * + * - replace leading underscores with protocol name. + * For example: `_strong_iss' --> `tcp_strong_iss' + * + * - don't print new public properties that are supported only by ipadm(1M) + * For example: `hostmodel' should be supported only from ipadm(1M). + * Such properties are identified by not having leading '_' and not + * being present in the mapping table. */ static void print_ipadm2ndd(char *oldbuf, uint_t obufsize) @@ -201,9 +209,22 @@ (void) printf("%-30s (%s)\n", nimap->ndd_name, ndd_perm2str(perm)); } - if (!matched) - (void) printf("%-30s (%s)\n", pname, + /* + * print only if it's a private property. We should + * not be printing any new public property in ndd(1M) + * output. + */ + if (!matched && pname[0] == '_') { + char tmpstr[512]; + int err; + + err = ipadm_new2legacy_propname(pname, tmpstr, + sizeof (tmpstr), proto); + assert(err != -1); + + (void) printf("%-30s (%s)\n", tmpstr, ndd_perm2str(perm)); + } for (pname = rwtag; *pname++; ) ; } @@ -224,7 +245,7 @@ ipadm_status_t status; char *mod; uint_t proto, perm = 0, flags = 0; - char *pname, *pvalp; + char *pname, *pvalp, nname[512]; int i; if ((mod = strrchr(modpath, '/')) == NULL) @@ -239,15 +260,26 @@ pname = buf; for (nimap = map; nimap->ndd_name != NULL; nimap++) { - if (strcmp(pname, nimap->ndd_name) == 0) + if (strcmp(pname, nimap->ndd_name) == 0) { + pname = nimap->ipadm_name; + proto = nimap->ipadm_proto; + flags = nimap->ipadm_flags; + perm = nimap->ndd_perm; break; + } } - if (nimap->ndd_name != NULL) { - pname = nimap->ipadm_name; - proto = nimap->ipadm_proto; - flags = nimap->ipadm_flags; - perm = nimap->ndd_perm; + + if (nimap->ndd_name == NULL && strcmp(pname, "?") != 0) { + /* do not allow set/get of public properties from ndd(1M) */ + if (ipadm_legacy2new_propname(pname, nname, sizeof (nname), + &proto) != 0) { + status = IPADM_PROP_UNKNOWN; + goto fail; + } else { + pname = nname; + } } + if (cmd == ND_GET) { char propval[MAXPROPVALLEN], allprop[64536]; uint_t pvalsz;
--- a/usr/src/lib/libipadm/common/ipadm_addr.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/lib/libipadm/common/ipadm_addr.c Mon Aug 16 19:16:00 2010 -0400 @@ -1371,7 +1371,7 @@ } static ipadm_prop_desc_t * -i_ipadm_getpropdesc(const char *pname) +i_ipadm_get_addrprop_desc(const char *pname) { int i; @@ -1401,7 +1401,7 @@ } /* find the property in the property description table */ - if ((pdp = i_ipadm_getpropdesc(pname)) == NULL) + if ((pdp = i_ipadm_get_addrprop_desc(pname)) == NULL) return (IPADM_PROP_UNKNOWN); /* @@ -1484,7 +1484,7 @@ } /* find the property in the property description table */ - if ((pdp = i_ipadm_getpropdesc(pname)) == NULL) + if ((pdp = i_ipadm_get_addrprop_desc(pname)) == NULL) return (IPADM_PROP_UNKNOWN); if (pdp->ipd_set == NULL || (reset && pdp->ipd_get == NULL))
--- a/usr/src/lib/libipadm/common/ipadm_ipmgmt.h Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/lib/libipadm/common/ipadm_ipmgmt.h Mon Aug 16 19:16:00 2010 -0400 @@ -47,10 +47,6 @@ /* * Data store read/write utilities related declarations. */ -/* Permanent data store for ipadm */ -#define IPADM_DB_FILE "/etc/ipadm/ipadm.conf" -#define IPADM_FILE_MODE (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) - /* * For more information on these definitions please refer to the top of * ipadm_persist.c. These are the name of the nvpairs which hold the @@ -76,7 +72,15 @@ #define IPADM_NVP_STATELESS "_stateless" /* IPv6 autoconf stateless */ #define IPADM_NVP_STATEFUL "_stateful" /* IPv6 autoconf dhcpv6 */ -#define IPADM_PRIV_NVP(s) ((s)[0] == '_') +#define IPADM_PRIV_NVP(s) ((s)[0] == '_' && (s)[1] != '_') + +/* + * All protocol properties that are private to ipadm are stored in the + * ipadm datastore with "__" as prefix. This is to ensure there + * is no collision of namespace between ipadm private nvpair names and + * the private protocol property names. + */ +#define IPADM_PERSIST_PRIVPROP_PREFIX "__" /* data-store operations */ typedef enum {
--- a/usr/src/lib/libipadm/common/ipadm_persist.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/lib/libipadm/common/ipadm_persist.c Mon Aug 16 19:16:00 2010 -0400 @@ -804,18 +804,24 @@ return (err); if (db_op == IPADM_DB_WRITE) { - ipadm_dbwrite_cbarg_t *cb = arg; - nvlist_t *nvl = cb->dbw_nvl; + nvlist_t *nvl; /* - * If the specified entry is not found above, we add - * the entry to the configuration file, here. + * `arg' will be NULL when we are doing in-line update of + * entries. */ - (void) memset(buf, 0, MAXLINELEN); - if (ipadm_nvlist2str(nvl, buf, MAXLINELEN) == 0) - err = ENOBUFS; - else if (fputs(buf, nfp) == EOF) - err = errno; + if (arg != NULL) { + nvl = ((ipadm_dbwrite_cbarg_t *)arg)->dbw_nvl; + /* + * If the specified entry is not found above, we add + * the entry to the configuration file, here. + */ + (void) memset(buf, 0, MAXLINELEN); + if (ipadm_nvlist2str(nvl, buf, MAXLINELEN) == 0) + err = ENOBUFS; + else if (fputs(buf, nfp) == EOF) + err = errno; + } return (err); }
--- a/usr/src/lib/libipadm/common/ipadm_prop.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/lib/libipadm/common/ipadm_prop.c Mon Aug 16 19:16:00 2010 -0400 @@ -48,13 +48,13 @@ #include "libipadm_impl.h" #include <inet/tunables.h> -#define IPADM_NONESTR "none" -#define DEF_METRIC_VAL 0 /* default metric value */ +#define IPADM_NONESTR "none" +#define DEF_METRIC_VAL 0 /* default metric value */ #define A_CNT(arr) (sizeof (arr) / sizeof (arr[0])) -static ipadm_status_t i_ipadm_validate_if(ipadm_handle_t, const char *, - uint_t, uint_t); +static ipadm_status_t i_ipadm_validate_if(ipadm_handle_t, const char *, + uint_t, uint_t); /* * Callback functions to retrieve property values from the kernel. These @@ -271,6 +271,37 @@ return (NULL); } +static ipadm_prop_desc_t * +i_ipadm_get_prop_desc(const char *pname, uint_t proto, int *errp) +{ + int err = 0; + boolean_t matched_name = B_FALSE; + ipadm_prop_desc_t *ipdp = NULL, *ipdtbl; + + if ((ipdtbl = i_ipadm_get_propdesc_table(proto)) == NULL) { + err = EINVAL; + goto ret; + } + for (ipdp = ipdtbl; ipdp->ipd_name != NULL; ipdp++) { + if (strcmp(pname, ipdp->ipd_name) == 0) { + matched_name = B_TRUE; + if (ipdp->ipd_proto == proto) + break; + } + } + if (ipdp->ipd_name == NULL) { + err = ENOENT; + /* if we matched name, but failed protocol check */ + if (matched_name) + err = EPROTO; + ipdp = NULL; + } +ret: + if (errp != NULL) + *errp = err; + return (ipdp); +} + char * ipadm_proto2str(uint_t proto) { @@ -1042,7 +1073,13 @@ } /* - * populates the ipmgmt_prop_arg_t based on the class of property. + * Populates the ipmgmt_prop_arg_t based on the class of property. + * + * For private protocol properties, while persisting information in ipadm + * data store, to ensure there is no collision of namespace between ipadm + * private nvpair names (which also starts with '_', see ipadm_ipmgmt.h) + * and private protocol property names, we will prepend IPADM_PRIV_PROP_PREFIX + * to property names. */ static void i_ipadm_populate_proparg(ipmgmt_prop_arg_t *pargp, ipadm_prop_desc_t *pdp, @@ -1059,6 +1096,11 @@ switch (class) { case IPADMPROP_CLASS_MODULE: + /* if it's a private property then add the prefix. */ + if (pdp->ipd_name[0] == '_') { + (void) snprintf(pargp->ia_pname, + sizeof (pargp->ia_pname), "_%s", pdp->ipd_name); + } (void) strlcpy(pargp->ia_module, object, sizeof (pargp->ia_module)); break; @@ -1104,28 +1146,19 @@ uint_t valtype) { ipadm_status_t status = IPADM_SUCCESS; - ipadm_prop_desc_t *pdp, *pdtbl; + ipadm_prop_desc_t *pdp; char priv_propname[MAXPROPNAMELEN]; - boolean_t matched_name = B_FALSE; boolean_t is_if = (ifname != NULL); - - pdtbl = i_ipadm_get_propdesc_table(proto); + int err = 0; - /* - * We already checked for supported protocol, - * pdtbl better not be NULL. - */ - assert(pdtbl != NULL); + pdp = i_ipadm_get_prop_desc(pname, proto, &err); + if (err == EPROTO) + return (IPADM_BAD_PROTOCOL); + /* there are no private interface properties */ + if (is_if && err == ENOENT) + return (IPADM_PROP_UNKNOWN); - for (pdp = pdtbl; pdp->ipd_name != NULL; pdp++) { - if (strcmp(pname, pdp->ipd_name) == 0) { - matched_name = B_TRUE; - if (proto == pdp->ipd_proto) - break; - } - } - - if (pdp->ipd_name != NULL) { + if (pdp != NULL) { /* * check whether the property can be * applied on an interface @@ -1140,17 +1173,6 @@ return (IPADM_INVALID_ARG); } else { - /* - * if we matched name, but failed protocol check, - * then return error - */ - if (matched_name) - return (IPADM_INVALID_ARG); - - /* there are no private interface properties */ - if (is_if) - return (IPADM_PROP_UNKNOWN); - /* private protocol properties, pass it to kernel directly */ pdp = &ipadm_privprop; (void) strlcpy(priv_propname, pname, sizeof (priv_propname)); @@ -1325,35 +1347,23 @@ ipadm_status_t status = IPADM_SUCCESS; boolean_t persist = (pflags & IPADM_OPT_PERSIST); boolean_t reset = (pflags & IPADM_OPT_DEFAULT); - ipadm_prop_desc_t *pdp, *pdtbl; + ipadm_prop_desc_t *pdp; boolean_t is_if = (ifname != NULL); char priv_propname[MAXPROPNAMELEN]; - boolean_t matched_name = B_FALSE; + int err = 0; /* Check that property value is within the allowed size */ if (!reset && strnlen(buf, MAXPROPVALLEN) >= MAXPROPVALLEN) return (IPADM_INVALID_ARG); - pdtbl = i_ipadm_get_propdesc_table(proto); - /* - * We already checked for supported protocol, - * pdtbl better not be NULL. - */ - assert(pdtbl != NULL); + pdp = i_ipadm_get_prop_desc(pname, proto, &err); + if (err == EPROTO) + return (IPADM_BAD_PROTOCOL); + /* there are no private interface properties */ + if (is_if && err == ENOENT) + return (IPADM_PROP_UNKNOWN); - /* Walk through the property table to match the given property name */ - for (pdp = pdtbl; pdp->ipd_name != NULL; pdp++) { - /* - * we find the entry which matches <pname, proto> tuple - */ - if (strcmp(pname, pdp->ipd_name) == 0) { - matched_name = B_TRUE; - if (pdp->ipd_proto == proto) - break; - } - } - - if (pdp->ipd_name != NULL) { + if (pdp != NULL) { /* do some sanity checks */ if (is_if) { if (!(pdp->ipd_class & IPADMPROP_CLASS_IF)) @@ -1371,19 +1381,7 @@ return (IPADM_INVALID_ARG); } } else { - /* - * if we matched name, but failed protocol check, - * then return error. - */ - if (matched_name) - return (IPADM_BAD_PROTOCOL); - - /* Possibly a private property, pass it to kernel directly */ - - /* there are no private interface properties */ - if (is_if) - return (IPADM_PROP_UNKNOWN); - + /* private protocol property, pass it to kernel directly */ pdp = &ipadm_privprop; (void) strlcpy(priv_propname, pname, sizeof (priv_propname)); pdp->ipd_name = priv_propname; @@ -1653,7 +1651,6 @@ bzero(&parg, sizeof (parg)); i_ipadm_populate_proparg(&parg, pdp, pval, object); - /* * Check if value to be persisted need to be appended or removed. This * is required for multi-valued property. @@ -1681,79 +1678,6 @@ } /* - * Called during boot. - * - * Walk through the DB and apply all the global module properties. We plow - * through the DB even if we fail to apply property. - */ -/* ARGSUSED */ -boolean_t -ipadm_db_init(void *cbarg, nvlist_t *db_nvl, char *buf, size_t buflen, - int *errp) -{ - ipadm_handle_t iph = cbarg; - nvpair_t *nvp, *pnvp; - char *strval = NULL, *name, *mod = NULL; - uint_t proto; - - /* - * We could have used nvl_exists() directly, however we need several - * calls to it and each call traverses the list. Since this codepath - * is exercised during boot, let's traverse the list ourselves and do - * the necessary checks. - */ - for (nvp = nvlist_next_nvpair(db_nvl, NULL); nvp != NULL; - nvp = nvlist_next_nvpair(db_nvl, nvp)) { - name = nvpair_name(nvp); - if (IPADM_PRIV_NVP(name)) { - if (strcmp(name, IPADM_NVP_IFNAME) == 0 || - strcmp(name, IPADM_NVP_AOBJNAME) == 0) - return (B_TRUE); - else if (strcmp(name, IPADM_NVP_PROTONAME) == 0 && - nvpair_value_string(nvp, &mod) != 0) - return (B_TRUE); - } else { - /* possible a property */ - pnvp = nvp; - } - } - - /* if we are here than we found a global property */ - assert(mod != NULL); - assert(nvpair_type(pnvp) == DATA_TYPE_STRING); - - proto = ipadm_str2proto(mod); - if (nvpair_value_string(pnvp, &strval) == 0) { - (void) ipadm_set_prop(iph, name, strval, proto, - IPADM_OPT_ACTIVE); - } - - return (B_TRUE); -} - -/* initialize global module properties */ -ipadm_status_t -ipadm_init_prop() -{ - ipadm_handle_t iph = NULL; - ipadm_status_t status; - int err; - - /* check for solaris.network.interface.config authorization */ - if (!ipadm_check_auth()) - return (IPADM_EAUTH); - - if ((status = ipadm_open(&iph, IPH_INIT)) != IPADM_SUCCESS) - return (status); - - err = ipadm_rw_db(ipadm_db_init, iph, IPADM_DB_FILE, IPADM_FILE_MODE, - IPADM_DB_READ); - - ipadm_close(iph); - return (ipadm_errno2status(err)); -} - -/* * This is called from ipadm_set_ifprop() to validate the set operation. * It does the following steps: * 1. Validates the interface name. @@ -1805,3 +1729,212 @@ return (IPADM_TEMPORARY_OBJ); return (IPADM_SUCCESS); } + +/* + * Private protocol properties namespace scheme: + * + * PSARC 2010/080 identified the private protocol property names to be the + * leading protocol names. For e.g. tcp_strong_iss, ip_strict_src_multihoming, + * et al,. However to be consistent with private data-link property names, + * which starts with '_', private protocol property names will start with '_'. + * For e.g. _strong_iss, _strict_src_multihoming, et al,. + */ + +/* maps new private protocol property name to the old private property name */ +typedef struct ipadm_oname2nname_map { + char *iom_oname; + char *iom_nname; + uint_t iom_proto; +} ipadm_oname2nname_map_t; + +/* + * IP is a special case. It isn't straight forward to derive the legacy name + * from the new name and vice versa. No set standard was followed in naming + * the properties and hence we need a table to capture the mapping. + */ +static ipadm_oname2nname_map_t name_map[] = { + { "arp_probe_delay", "_arp_probe_delay", + MOD_PROTO_IP }, + { "arp_fastprobe_delay", "_arp_fastprobe_delay", + MOD_PROTO_IP }, + { "arp_probe_interval", "_arp_probe_interval", + MOD_PROTO_IP }, + { "arp_fastprobe_interval", "_arp_fastprobe_interval", + MOD_PROTO_IP }, + { "arp_probe_count", "_arp_probe_count", + MOD_PROTO_IP }, + { "arp_fastprobe_count", "_arp_fastprobe_count", + MOD_PROTO_IP }, + { "arp_defend_interval", "_arp_defend_interval", + MOD_PROTO_IP }, + { "arp_defend_rate", "_arp_defend_rate", + MOD_PROTO_IP }, + { "arp_defend_period", "_arp_defend_period", + MOD_PROTO_IP }, + { "ndp_defend_interval", "_ndp_defend_interval", + MOD_PROTO_IP }, + { "ndp_defend_rate", "_ndp_defend_rate", + MOD_PROTO_IP }, + { "ndp_defend_period", "_ndp_defend_period", + MOD_PROTO_IP }, + { "igmp_max_version", "_igmp_max_version", + MOD_PROTO_IP }, + { "mld_max_version", "_mld_max_version", + MOD_PROTO_IP }, + { "ipsec_override_persocket_policy", "_ipsec_override_persocket_policy", + MOD_PROTO_IP }, + { "ipsec_policy_log_interval", "_ipsec_policy_log_interval", + MOD_PROTO_IP }, + { "icmp_accept_clear_messages", "_icmp_accept_clear_messages", + MOD_PROTO_IP }, + { "igmp_accept_clear_messages", "_igmp_accept_clear_messages", + MOD_PROTO_IP }, + { "pim_accept_clear_messages", "_pim_accept_clear_messages", + MOD_PROTO_IP }, + { "ip_respond_to_echo_multicast", "_respond_to_echo_multicast", + MOD_PROTO_IPV4 }, + { "ip_send_redirects", "_send_redirects", + MOD_PROTO_IPV4 }, + { "ip_forward_src_routed", "_forward_src_routed", + MOD_PROTO_IPV4 }, + { "ip_icmp_return_data_bytes", "_icmp_return_data_bytes", + MOD_PROTO_IPV4 }, + { "ip_ignore_redirect", "_ignore_redirect", + MOD_PROTO_IPV4 }, + { "ip_strict_dst_multihoming", "_strict_dst_multihoming", + MOD_PROTO_IPV4 }, + { "ip_reasm_timeout", "_reasm_timeout", + MOD_PROTO_IPV4 }, + { "ip_strict_src_multihoming", "_strict_src_multihoming", + MOD_PROTO_IPV4 }, + { "ipv4_dad_announce_interval", "_dad_announce_interval", + MOD_PROTO_IPV4 }, + { "ipv4_icmp_return_pmtu", "_icmp_return_pmtu", + MOD_PROTO_IPV4 }, + { "ipv6_dad_announce_interval", "_dad_announce_interval", + MOD_PROTO_IPV6 }, + { "ipv6_icmp_return_pmtu", "_icmp_return_pmtu", + MOD_PROTO_IPV6 }, + { NULL, NULL, MOD_PROTO_NONE } +}; + +/* + * Following API returns a new property name in `nname' for the given legacy + * property name in `oname'. + */ +int +ipadm_legacy2new_propname(const char *oname, char *nname, uint_t nnamelen, + uint_t *proto) +{ + const char *str; + ipadm_oname2nname_map_t *ionmp; + + /* if it's a public property, there is nothing to return */ + if (i_ipadm_get_prop_desc(oname, *proto, NULL) != NULL) + return (-1); + + /* + * we didn't find the `oname' in the table, check if the property + * name begins with a leading protocol. + */ + str = oname; + switch (*proto) { + case MOD_PROTO_TCP: + if (strstr(oname, "tcp_") == oname) + str += strlen("tcp"); + break; + case MOD_PROTO_SCTP: + if (strstr(oname, "sctp_") == oname) + str += strlen("sctp"); + break; + case MOD_PROTO_UDP: + if (strstr(oname, "udp_") == oname) + str += strlen("udp"); + break; + case MOD_PROTO_RAWIP: + if (strstr(oname, "icmp_") == oname) + str += strlen("icmp"); + break; + case MOD_PROTO_IP: + case MOD_PROTO_IPV4: + case MOD_PROTO_IPV6: + if (strstr(oname, "ip6_") == oname) { + *proto = MOD_PROTO_IPV6; + str += strlen("ip6"); + } else { + for (ionmp = name_map; ionmp->iom_oname != NULL; + ionmp++) { + if (strcmp(oname, ionmp->iom_oname) == 0) { + str = ionmp->iom_nname; + *proto = ionmp->iom_proto; + break; + } + } + if (ionmp->iom_oname != NULL) + break; + + if (strstr(oname, "ip_") == oname) { + *proto = MOD_PROTO_IP; + str += strlen("ip"); + } + } + break; + default: + return (-1); + } + (void) snprintf(nname, nnamelen, "%s", str); + return (0); +} + +/* + * Following API is required for ndd.c alone. To maintain backward + * compatibility with ndd output, we need to print the legacy name + * for the new name. + */ +int +ipadm_new2legacy_propname(const char *oname, char *nname, + uint_t nnamelen, uint_t proto) +{ + char *prefix; + ipadm_oname2nname_map_t *ionmp; + + /* if it's a public property, there is nothing to prepend */ + if (i_ipadm_get_prop_desc(oname, proto, NULL) != NULL) + return (-1); + + switch (proto) { + case MOD_PROTO_TCP: + prefix = "tcp"; + break; + case MOD_PROTO_SCTP: + prefix = "sctp"; + break; + case MOD_PROTO_UDP: + prefix = "udp"; + break; + case MOD_PROTO_RAWIP: + prefix = "icmp"; + break; + case MOD_PROTO_IP: + case MOD_PROTO_IPV4: + case MOD_PROTO_IPV6: + /* handle special case for IP */ + for (ionmp = name_map; ionmp->iom_oname != NULL; ionmp++) { + if (strcmp(oname, ionmp->iom_nname) == 0 && + ionmp->iom_proto == proto) { + (void) strlcpy(nname, ionmp->iom_oname, + nnamelen); + return (0); + } + } + if (proto == MOD_PROTO_IPV6) + prefix = "ip6"; + else + prefix = "ip"; + break; + default: + return (-1); + } + (void) snprintf(nname, nnamelen, "%s%s", prefix, oname); + return (0); +}
--- a/usr/src/lib/libipadm/common/libipadm.h Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/lib/libipadm/common/libipadm.h Mon Aug 16 19:16:00 2010 -0400 @@ -173,6 +173,11 @@ #define IPH_VRRP 0x00000001 /* Caller is VRRP */ #define IPH_LEGACY 0x00000002 /* Caller is legacy app */ #define IPH_IPMGMTD 0x00000004 /* Caller is ipmgmtd itself */ +/* + * Indicates that the operation being invoked is in 'init' context. This is + * a library private flag. + */ +#define IPH_INIT 0x10000000 /* opaque address object structure */ typedef struct ipadm_addrobj_s *ipadm_addrobj_t; @@ -338,7 +343,6 @@ const char *, uint_t, uint_t); extern ipadm_status_t ipadm_get_prop(ipadm_handle_t, const char *, char *, uint_t *, uint_t, uint_t); -extern ipadm_status_t ipadm_init_prop(void); /* * miscellaneous helper functions. @@ -349,6 +353,10 @@ extern char *ipadm_proto2str(uint_t); extern uint_t ipadm_str2proto(const char *); extern ipadm_status_t ipadm_open_arp_on_udp(const char *, int *); +extern int ipadm_legacy2new_propname(const char *, char *, + uint_t, uint_t *); +extern int ipadm_new2legacy_propname(const char *, char *, + uint_t, uint_t); #ifdef __cplusplus }
--- a/usr/src/lib/libipadm/common/libipadm_impl.h Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/lib/libipadm/common/libipadm_impl.h Mon Aug 16 19:16:00 2010 -0400 @@ -62,12 +62,6 @@ zoneid_t iph_zoneid; /* zoneid where handle was opened */ }; -/* - * Indicates that the operation being invoked is in 'init' context. This is - * a library private flag. - */ -#define IPH_INIT 0x10000000 - struct ipadm_addrobj_s { char ipadm_ifname[LIFNAMSIZ]; int32_t ipadm_lifnum;
--- a/usr/src/lib/libipadm/common/mapfile-vers Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/lib/libipadm/common/mapfile-vers Mon Aug 16 19:16:00 2010 -0400 @@ -66,10 +66,11 @@ ipadm_if_enabled; ipadm_if_info; ipadm_if_move; - ipadm_init_prop; ipadm_init_net_from_gz; + ipadm_legacy2new_propname; ipadm_ndpd_read; ipadm_ndpd_write; + ipadm_new2legacy_propname; ipadm_nvlist2str; ipadm_open; ipadm_open_arp_on_udp;
--- a/usr/src/uts/common/inet/ip/icmp.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/uts/common/inet/ip/icmp.c Mon Aug 16 19:16:00 2010 -0400 @@ -217,24 +217,24 @@ * All of these are alterable, within the min/max values given, at run time. * * Note: All those tunables which do not start with "icmp_" are Committed and - * therefore are public. See PSARC 2009/306. + * therefore are public. See PSARC 2010/080. */ static mod_prop_info_t icmp_propinfo_tbl[] = { /* tunable - 0 */ - { "icmp_wroff_extra", MOD_PROTO_RAWIP, + { "_wroff_extra", MOD_PROTO_RAWIP, mod_set_uint32, mod_get_uint32, {0, 128, 32}, {32} }, - { "icmp_ipv4_ttl", MOD_PROTO_RAWIP, + { "_ipv4_ttl", MOD_PROTO_RAWIP, mod_set_uint32, mod_get_uint32, {1, 255, 255}, {255} }, - { "icmp_ipv6_hoplimit", MOD_PROTO_RAWIP, + { "_ipv6_hoplimit", MOD_PROTO_RAWIP, mod_set_uint32, mod_get_uint32, {0, IPV6_MAX_HOPS, IPV6_DEFAULT_HOPS}, {IPV6_DEFAULT_HOPS} }, - { "icmp_bsd_compat", MOD_PROTO_RAWIP, + { "_bsd_compat", MOD_PROTO_RAWIP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, @@ -242,7 +242,7 @@ mod_set_uint32, mod_get_uint32, {4096, 65536, 8192}, {8192} }, - { "icmp_xmit_lowat", MOD_PROTO_RAWIP, + { "_xmit_lowat", MOD_PROTO_RAWIP, mod_set_uint32, mod_get_uint32, {0, 65536, 1024}, {1024} }, @@ -250,15 +250,15 @@ mod_set_uint32, mod_get_uint32, {4096, 65536, 8192}, {8192} }, - { "icmp_max_buf", MOD_PROTO_RAWIP, + { "_max_buf", MOD_PROTO_RAWIP, mod_set_uint32, mod_get_uint32, {65536, 1024*1024*1024, 256*1024}, {256 * 1024} }, - { "icmp_pmtu_discovery", MOD_PROTO_RAWIP, + { "_pmtu_discovery", MOD_PROTO_RAWIP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "icmp_sendto_ignerr", MOD_PROTO_RAWIP, + { "_sendto_ignerr", MOD_PROTO_RAWIP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} },
--- a/usr/src/uts/common/inet/ip/ip_tunables.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/uts/common/inet/ip/ip_tunables.c Mon Aug 16 19:16:00 2010 -0400 @@ -20,8 +20,8 @@ */ /* * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 1990 Mentat Inc. */ +/* Copyright (c) 1990 Mentat Inc. */ #include <inet/ip.h> #include <inet/ip6.h> @@ -488,53 +488,53 @@ /* * All of these are alterable, within the min/max values given, at run time. * - * Note: All those tunables which do not start with "ip_" are Committed and - * therefore are public. See PSARC 2009/306. + * Note: All those tunables which do not start with "_" are Committed and + * therefore are public. See PSARC 2010/080. */ mod_prop_info_t ip_propinfo_tbl[] = { /* tunable - 0 */ - { "ip_respond_to_address_mask_broadcast", MOD_PROTO_IP, + { "_respond_to_address_mask_broadcast", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "ip_respond_to_echo_broadcast", MOD_PROTO_IP, + { "_respond_to_echo_broadcast", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ip_respond_to_echo_multicast", MOD_PROTO_IP, + { "_respond_to_echo_multicast", MOD_PROTO_IPV4, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ip_respond_to_timestamp", MOD_PROTO_IP, + { "_respond_to_timestamp", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "ip_respond_to_timestamp_broadcast", MOD_PROTO_IP, + { "_respond_to_timestamp_broadcast", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "ip_send_redirects", MOD_PROTO_IP, + { "_send_redirects", MOD_PROTO_IPV4, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ip_forward_directed_broadcasts", MOD_PROTO_IP, + { "_forward_directed_broadcasts", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "ip_mrtdebug", MOD_PROTO_IP, + { "_mrtdebug", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 10, 0}, {0} }, - { "ip_ire_reclaim_fraction", MOD_PROTO_IP, + { "_ire_reclaim_fraction", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1, 8, 3}, {3} }, - { "ip_nce_reclaim_fraction", MOD_PROTO_IP, + { "_nce_reclaim_fraction", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1, 8, 3}, {3} }, /* tunable - 10 */ - { "ip_dce_reclaim_fraction", MOD_PROTO_IP, + { "_dce_reclaim_fraction", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1, 8, 3}, {3} }, @@ -542,53 +542,53 @@ mod_set_uint32, mod_get_uint32, {1, 255, 255}, {255} }, - { "ip_forward_src_routed", MOD_PROTO_IP, + { "_forward_src_routed", MOD_PROTO_IPV4, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "ip_wroff_extra", MOD_PROTO_IP, + { "_wroff_extra", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 256, 32}, {32} }, /* following tunable is in seconds - a deviant! */ - { "ip_pathmtu_interval", MOD_PROTO_IP, + { "_pathmtu_interval", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {2, 999999999, 60*20}, {60*20} }, - { "ip_icmp_return_data_bytes", MOD_PROTO_IP, + { "_icmp_return_data_bytes", MOD_PROTO_IPV4, mod_set_uint32, mod_get_uint32, {8, 65536, 64}, {64} }, - { "ip_path_mtu_discovery", MOD_PROTO_IP, + { "_path_mtu_discovery", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ip_pmtu_min", MOD_PROTO_IP, + { "_pmtu_min", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {68, 65535, 576}, {576} }, - { "ip_ignore_redirect", MOD_PROTO_IP, + { "_ignore_redirect", MOD_PROTO_IPV4, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "ip_arp_icmp_error", MOD_PROTO_IP, + { "_arp_icmp_error", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, /* tunable - 20 */ - { "ip_broadcast_ttl", MOD_PROTO_IP, + { "_broadcast_ttl", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1, 254, 1}, {1} }, - { "ip_icmp_err_interval", MOD_PROTO_IP, + { "_icmp_err_interval", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 99999, 100}, {100} }, - { "ip_icmp_err_burst", MOD_PROTO_IP, + { "_icmp_err_burst", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1, 99999, 10}, {10} }, - { "ip_reass_queue_bytes", MOD_PROTO_IP, + { "_reass_queue_bytes", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 999999999, 1000000}, {1000000} }, @@ -596,33 +596,33 @@ * See comments for ip_strict_src_multihoming for an explanation * of the semantics of ip_strict_dst_multihoming */ - { "ip_strict_dst_multihoming", MOD_PROTO_IP, + { "_strict_dst_multihoming", MOD_PROTO_IPV4, mod_set_uint32, mod_get_uint32, {0, 1, 0}, {0} }, - { "ip_addrs_per_if", MOD_PROTO_IP, + { "_addrs_per_if", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1, MAX_ADDRS_PER_IF, 256}, {256} }, - { "ipsec_override_persocket_policy", MOD_PROTO_IP, + { "_ipsec_override_persocket_policy", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "icmp_accept_clear_messages", MOD_PROTO_IP, + { "_icmp_accept_clear_messages", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "igmp_accept_clear_messages", MOD_PROTO_IP, + { "_igmp_accept_clear_messages", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ip_ndp_delay_first_probe_time", MOD_PROTO_IP, + { "_ndp_delay_first_probe_time", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {2, 999999999, ND_DELAY_FIRST_PROBE_TIME}, {ND_DELAY_FIRST_PROBE_TIME} }, /* tunable - 30 */ - { "ip_ndp_max_unicast_solicit", MOD_PROTO_IP, + { "_ndp_max_unicast_solicit", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1, 999999999, ND_MAX_UNICAST_SOLICIT}, {ND_MAX_UNICAST_SOLICIT} }, @@ -630,23 +630,23 @@ mod_set_uint32, mod_get_uint32, {1, 255, IPV6_MAX_HOPS}, {IPV6_MAX_HOPS} }, - { "ip6_icmp_return_data_bytes", MOD_PROTO_IP, + { "_icmp_return_data_bytes", MOD_PROTO_IPV6, mod_set_uint32, mod_get_uint32, {8, IPV6_MIN_MTU, IPV6_MIN_MTU}, {IPV6_MIN_MTU} }, - { "ip6_forward_src_routed", MOD_PROTO_IP, + { "_forward_src_routed", MOD_PROTO_IPV6, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "ip6_respond_to_echo_multicast", MOD_PROTO_IP, + { "_respond_to_echo_multicast", MOD_PROTO_IPV6, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ip6_send_redirects", MOD_PROTO_IP, + { "_send_redirects", MOD_PROTO_IPV6, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ip6_ignore_redirect", MOD_PROTO_IP, + { "_ignore_redirect", MOD_PROTO_IPV6, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, @@ -654,57 +654,57 @@ * See comments for ip6_strict_src_multihoming for an explanation * of the semantics of ip6_strict_dst_multihoming */ - { "ip6_strict_dst_multihoming", MOD_PROTO_IP, + { "_strict_dst_multihoming", MOD_PROTO_IPV6, mod_set_uint32, mod_get_uint32, {0, 1, 0}, {0} }, - { "ip_src_check", MOD_PROTO_IP, + { "_src_check", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 2, 2}, {2} }, - { "ipsec_policy_log_interval", MOD_PROTO_IP, + { "_ipsec_policy_log_interval", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 999999, 1000}, {1000} }, /* tunable - 40 */ - { "pim_accept_clear_messages", MOD_PROTO_IP, + { "_pim_accept_clear_messages", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ip_ndp_unsolicit_interval", MOD_PROTO_IP, + { "_ndp_unsolicit_interval", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1000, 20000, 2000}, {2000} }, - { "ip_ndp_unsolicit_count", MOD_PROTO_IP, + { "_ndp_unsolicit_count", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1, 20, 3}, {3} }, - { "ip6_ignore_home_address_opt", MOD_PROTO_IP, + { "_ignore_home_address_opt", MOD_PROTO_IPV6, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ip_policy_mask", MOD_PROTO_IP, + { "_policy_mask", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 15, 0}, {0} }, - { "ip_ecmp_behavior", MOD_PROTO_IP, + { "_ecmp_behavior", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 2, 2}, {2} }, - { "ip_multirt_ttl", MOD_PROTO_IP, + { "_multirt_ttl", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 255, 1}, {1} }, /* following tunable is in seconds - a deviant */ - { "ip_ire_badcnt_lifetime", MOD_PROTO_IP, + { "_ire_badcnt_lifetime", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 3600, 60}, {60} }, - { "ip_max_temp_idle", MOD_PROTO_IP, + { "_max_temp_idle", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 999999, 60*60*24}, {60*60*24} }, - { "ip_max_temp_defend", MOD_PROTO_IP, + { "_max_temp_defend", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 1000, 1}, {1} }, @@ -714,32 +714,32 @@ * defend up to ip_max_defend times, within any * ip_defend_interval span. */ - { "ip_max_defend", MOD_PROTO_IP, + { "_max_defend", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 1000, 3}, {3} }, - { "ip_defend_interval", MOD_PROTO_IP, + { "_defend_interval", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 999999, 30}, {30} }, - { "ip_dup_recovery", MOD_PROTO_IP, + { "_dup_recovery", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 3600000, 300000}, {300000} }, - { "ip_restrict_interzone_loopback", MOD_PROTO_IP, + { "_restrict_interzone_loopback", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ip_lso_outbound", MOD_PROTO_IP, + { "_lso_outbound", MOD_PROTO_IP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "igmp_max_version", MOD_PROTO_IP, + { "_igmp_max_version", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {IGMP_V1_ROUTER, IGMP_V3_ROUTER, IGMP_V3_ROUTER}, {IGMP_V3_ROUTER} }, - { "mld_max_version", MOD_PROTO_IP, + { "_mld_max_version", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {MLD_V1_ROUTER, MLD_V2_ROUTER, MLD_V2_ROUTER}, {MLD_V2_ROUTER} }, @@ -751,52 +751,52 @@ ip_set_forwarding, ip_get_forwarding, {IP_FORWARD_NEVER}, {IP_FORWARD_NEVER} }, - { "ip_reasm_timeout", MOD_PROTO_IP, + { "_reasm_timeout", MOD_PROTO_IPV4, mod_set_uint32, mod_get_uint32, {5, 255, IP_REASM_TIMEOUT}, {IP_REASM_TIMEOUT} }, /* tunable - 60 */ - { "ip6_reasm_timeout", MOD_PROTO_IP, + { "_reasm_timeout", MOD_PROTO_IPV6, mod_set_uint32, mod_get_uint32, {5, 255, IPV6_REASM_TIMEOUT}, {IPV6_REASM_TIMEOUT} }, - { "ip_cgtp_filter", MOD_PROTO_IP, + { "_cgtp_filter", MOD_PROTO_IP, ip_set_cgtp_filter, mod_get_boolean, {B_FALSE}, {B_FALSE} }, /* delay before sending first probe: */ - { "arp_probe_delay", MOD_PROTO_IP, + { "_arp_probe_delay", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 20000, 1000}, {1000} }, - { "arp_fastprobe_delay", MOD_PROTO_IP, + { "_arp_fastprobe_delay", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 20000, 100}, {100} }, /* interval at which DAD probes are sent: */ - { "arp_probe_interval", MOD_PROTO_IP, + { "_arp_probe_interval", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {10, 20000, 1500}, {1500} }, - { "arp_fastprobe_interval", MOD_PROTO_IP, + { "_arp_fastprobe_interval", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {10, 20000, 150}, {150} }, - { "arp_probe_count", MOD_PROTO_IP, + { "_arp_probe_count", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 20, 3}, {3} }, - { "arp_fastprobe_count", MOD_PROTO_IP, + { "_arp_fastprobe_count", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 20, 3}, {3} }, - { "ipv4_dad_announce_interval", MOD_PROTO_IP, + { "_dad_announce_interval", MOD_PROTO_IPV4, mod_set_uint32, mod_get_uint32, {0, 3600000, 15000}, {15000} }, - { "ipv6_dad_announce_interval", MOD_PROTO_IP, + { "_dad_announce_interval", MOD_PROTO_IPV6, mod_set_uint32, mod_get_uint32, {0, 3600000, 15000}, {15000} }, @@ -809,35 +809,35 @@ * DAD defense. * defend_period: denominator for defend_rate (in seconds). */ - { "arp_defend_interval", MOD_PROTO_IP, + { "_arp_defend_interval", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 3600000, 300000}, {300000} }, - { "arp_defend_rate", MOD_PROTO_IP, + { "_arp_defend_rate", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 20000, 100}, {100} }, - { "ndp_defend_interval", MOD_PROTO_IP, + { "_ndp_defend_interval", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 3600000, 300000}, {300000} }, - { "ndp_defend_rate", MOD_PROTO_IP, + { "_ndp_defend_rate", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {0, 20000, 100}, {100} }, - { "arp_defend_period", MOD_PROTO_IP, + { "_arp_defend_period", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {5, 86400, 3600}, {3600} }, - { "ndp_defend_period", MOD_PROTO_IP, + { "_ndp_defend_period", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {5, 86400, 3600}, {3600} }, - { "ipv4_icmp_return_pmtu", MOD_PROTO_IP, + { "_icmp_return_pmtu", MOD_PROTO_IPV4, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "ipv6_icmp_return_pmtu", MOD_PROTO_IP, + { "_icmp_return_pmtu", MOD_PROTO_IPV6, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, @@ -845,11 +845,11 @@ * publish count/interval values used to announce local addresses * for IPv4, IPv6. */ - { "ip_arp_publish_count", MOD_PROTO_IP, + { "_arp_publish_count", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1, 20, 5}, {5} }, - { "ip_arp_publish_interval", MOD_PROTO_IP, + { "_arp_publish_interval", MOD_PROTO_IP, mod_set_uint32, mod_get_uint32, {1000, 20000, 2000}, {2000} }, @@ -893,16 +893,16 @@ * the implementation of Strong ES as defined in Section 3.3.4.2 of * RFC 1122 */ - { "ip_strict_src_multihoming", MOD_PROTO_IP, + { "_strict_src_multihoming", MOD_PROTO_IPV4, ip_set_src_multihoming, mod_get_uint32, {0, 2, 0}, {0} }, - { "ip6_strict_src_multihoming", MOD_PROTO_IP, + { "_strict_src_multihoming", MOD_PROTO_IPV6, ip_set_src_multihoming, mod_get_uint32, {0, 2, 0}, {0} }, #ifdef DEBUG - { "ip6_drop_inbound_icmpv6", MOD_PROTO_IP, + { "_drop_inbound_icmpv6", MOD_PROTO_IPV6, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, #else @@ -917,7 +917,7 @@ * variable. Within these callback functions, we will be * setting/getting the global variable */ - { "ip_debug", MOD_PROTO_IP, + { "_debug", MOD_PROTO_IP, ip_set_debug, ip_get_debug, {0, 20, 0}, {0} },
--- a/usr/src/uts/common/inet/sctp/sctp_tunables.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/uts/common/inet/sctp/sctp_tunables.c Mon Aug 16 19:16:00 2010 -0400 @@ -166,23 +166,23 @@ /* * All of these are alterable, within the min/max values given, at run time. * - * Note: All those tunables which do not start with "sctp_" are Committed and - * therefore are public. See PSARC 2009/306. + * Note: All those tunables which do not start with "_" are Committed and + * therefore are public. See PSARC 2010/080. */ mod_prop_info_t sctp_propinfo_tbl[] = { - { "sctp_max_init_retr", MOD_PROTO_SCTP, + { "_max_init_retr", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {0, 128, 8}, {8} }, - { "sctp_pa_max_retr", MOD_PROTO_SCTP, + { "_pa_max_retr", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1, 128, 10}, {10} }, - { "sctp_pp_max_retr", MOD_PROTO_SCTP, + { "_pp_max_retr", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1, 128, 5}, {5} }, - { "sctp_cwnd_max", MOD_PROTO_SCTP, + { "_cwnd_max", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {128, (1<<30), 1024*1024}, {1024*1024} }, @@ -190,40 +190,40 @@ mod_set_uint32, mod_get_uint32, {1024, (32*1024), 1024}, {1024} }, - { "sctp_ipv4_ttl", MOD_PROTO_SCTP, + { "_ipv4_ttl", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1, 255, 64}, {64} }, - { "sctp_heartbeat_interval", MOD_PROTO_SCTP, + { "_heartbeat_interval", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {0, 1*DAYS, 30*SECONDS}, {30*SECONDS} }, - { "sctp_initial_mtu", MOD_PROTO_SCTP, + { "_initial_mtu", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {68, 65535, 1500}, {1500} }, - { "sctp_mtu_probe_interval", MOD_PROTO_SCTP, + { "_mtu_probe_interval", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {0, 1*DAYS, 10*MINUTES}, {10*MINUTES} }, - { "sctp_new_secret_interval", MOD_PROTO_SCTP, + { "_new_secret_interval", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {0, 1*DAYS, 2*MINUTES}, {2*MINUTES} }, /* tunable - 10 */ - { "sctp_deferred_ack_interval", MOD_PROTO_SCTP, + { "_deferred_ack_interval", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {10*MS, 1*MINUTES, 100*MS}, {100*MS} }, - { "sctp_snd_lowat_fraction", MOD_PROTO_SCTP, + { "_snd_lowat_fraction", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {0, 16, 0}, {0} }, - { "sctp_ignore_path_mtu", MOD_PROTO_SCTP, + { "_ignore_path_mtu", MOD_PROTO_SCTP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "sctp_initial_ssthresh", MOD_PROTO_SCTP, + { "_initial_ssthresh", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1024, UINT32_MAX, SCTP_RECV_HIWATER}, { SCTP_RECV_HIWATER} }, @@ -240,7 +240,7 @@ {SCTP_XMIT_LOWATER, (1<<30), SCTP_XMIT_HIWATER}, {SCTP_XMIT_HIWATER} }, - { "sctp_xmit_lowat", MOD_PROTO_SCTP, + { "_xmit_lowat", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {SCTP_XMIT_LOWATER, (1<<30), SCTP_XMIT_LOWATER}, {SCTP_XMIT_LOWATER} }, @@ -250,77 +250,77 @@ {SCTP_RECV_LOWATER, (1<<30), SCTP_RECV_HIWATER}, {SCTP_RECV_HIWATER} }, - { "sctp_max_buf", MOD_PROTO_SCTP, + { "_max_buf", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {8192, (1<<30), 1024*1024}, {1024*1024} }, /* tunable - 20 */ - { "sctp_rtt_updates", MOD_PROTO_SCTP, + { "_rtt_updates", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {0, 65536, 20}, {20} }, - { "sctp_ipv6_hoplimit", MOD_PROTO_SCTP, + { "_ipv6_hoplimit", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {0, IPV6_MAX_HOPS, IPV6_DEFAULT_HOPS}, {IPV6_DEFAULT_HOPS} }, - { "sctp_rto_min", MOD_PROTO_SCTP, + { "_rto_min", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {500*MS, 60*SECONDS, 1*SECONDS}, {1*SECONDS} }, - { "sctp_rto_max", MOD_PROTO_SCTP, + { "_rto_max", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1*SECONDS, 60000*SECONDS, 60*SECONDS}, {60*SECONDS} }, - { "sctp_rto_initial", MOD_PROTO_SCTP, + { "_rto_initial", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1*SECONDS, 60000*SECONDS, 3*SECONDS}, {3*SECONDS} }, - { "sctp_cookie_life", MOD_PROTO_SCTP, + { "_cookie_life", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {10*MS, 60000*SECONDS, 60*SECONDS}, {60*SECONDS} }, - { "sctp_max_in_streams", MOD_PROTO_SCTP, + { "_max_in_streams", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1, UINT16_MAX, 32}, {32} }, - { "sctp_initial_out_streams", MOD_PROTO_SCTP, + { "_initial_out_streams", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1, UINT16_MAX, 32}, {32} }, - { "sctp_shutack_wait_bound", MOD_PROTO_SCTP, + { "_shutack_wait_bound", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {0, 300*SECONDS, 60*SECONDS}, {60*SECONDS} }, - { "sctp_maxburst", MOD_PROTO_SCTP, + { "_maxburst", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {2, 8, 4}, {4} }, /* tunable - 30 */ - { "sctp_addip_enabled", MOD_PROTO_SCTP, + { "_addip_enabled", MOD_PROTO_SCTP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "sctp_recv_hiwat_minmss", MOD_PROTO_SCTP, + { "_recv_hiwat_minmss", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1, 65536, 4}, {4} }, - { "sctp_slow_start_initial", MOD_PROTO_SCTP, + { "_slow_start_initial", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1, 16, 4}, {4} }, - { "sctp_slow_start_after_idle", MOD_PROTO_SCTP, + { "_slow_start_after_idle", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1, 16384, 4}, {4} }, - { "sctp_prsctp_enabled", MOD_PROTO_SCTP, + { "_prsctp_enabled", MOD_PROTO_SCTP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "sctp_fast_rxt_thresh", MOD_PROTO_SCTP, + { "_fast_rxt_thresh", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, {1, 10000, 3}, {3} }, - { "sctp_deferred_acks_max", MOD_PROTO_SCTP, + { "_deferred_acks_max", MOD_PROTO_SCTP, mod_set_uint32, mod_get_uint32, { 1, 16, 2}, {2} }, @@ -328,7 +328,7 @@ * sctp_wroff_xtra is the extra space in front of SCTP/IP header * for link layer header. It has to be a multiple of 8. */ - { "sctp_wroff_xtra", MOD_PROTO_SCTP, + { "_wroff_xtra", MOD_PROTO_SCTP, mod_set_aligned, mod_get_uint32, {0, 256, 32}, {32} }, @@ -336,13 +336,13 @@ mod_set_extra_privports, mod_get_extra_privports, {1, ULP_MAX_PORT, 0}, {0} }, - { "sctp_listener_limit_conf", MOD_PROTO_SCTP, + { "_listener_limit_conf", MOD_PROTO_SCTP, NULL, sctp_listener_conf_get, {0}, {0} }, - { "sctp_listener_limit_conf_add", MOD_PROTO_SCTP, + { "_listener_limit_conf_add", MOD_PROTO_SCTP, sctp_listener_conf_add, NULL, {0}, {0} }, - { "sctp_listener_limit_conf_del", MOD_PROTO_SCTP, + { "_listener_limit_conf_del", MOD_PROTO_SCTP, sctp_listener_conf_del, NULL, {0}, {0} }, { "?", MOD_PROTO_SCTP, NULL, mod_get_allprop, {0}, {0} },
--- a/usr/src/uts/common/inet/tcp/tcp_tunables.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/uts/common/inet/tcp/tcp_tunables.c Mon Aug 16 19:16:00 2010 -0400 @@ -19,8 +19,9 @@ * CDDL HEADER END */ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* Copyright (c) 1990 Mentat Inc. */ #include <inet/ip.h> #include <inet/tcp_impl.h> @@ -188,36 +189,36 @@ /* * All of these are alterable, within the min/max values given, at run time. * - * Note: All those tunables which do not start with "tcp_" are Committed and - * therefore are public. See PSARC 2009/306. + * Note: All those tunables which do not start with "_" are Committed and + * therefore are public. See PSARC 2010/080. */ mod_prop_info_t tcp_propinfo_tbl[] = { /* tunable - 0 */ - { "tcp_time_wait_interval", MOD_PROTO_TCP, + { "_time_wait_interval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1*SECONDS, 10*MINUTES, 1*MINUTES}, {1*MINUTES} }, - { "tcp_conn_req_max_q", MOD_PROTO_TCP, + { "_conn_req_max_q", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, UINT32_MAX, 128}, {128} }, - { "tcp_conn_req_max_q0", MOD_PROTO_TCP, + { "_conn_req_max_q0", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, UINT32_MAX, 1024}, {1024} }, - { "tcp_conn_req_min", MOD_PROTO_TCP, + { "_conn_req_min", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, 1024, 1}, {1} }, - { "tcp_conn_grace_period", MOD_PROTO_TCP, + { "_conn_grace_period", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0*MS, 20*SECONDS, 0*MS}, {0*MS} }, - { "tcp_cwnd_max", MOD_PROTO_TCP, + { "_cwnd_max", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {128, (1<<30), 1024*1024}, {1024*1024} }, - { "tcp_debug", MOD_PROTO_TCP, + { "_debug", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, 10, 0}, {0} }, @@ -225,83 +226,83 @@ mod_set_uint32, mod_get_uint32, {1024, (32*1024), 1024}, {1024} }, - { "tcp_ip_abort_cinterval", MOD_PROTO_TCP, + { "_ip_abort_cinterval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1*SECONDS, UINT32_MAX, 3*MINUTES}, {3*MINUTES} }, - { "tcp_ip_abort_linterval", MOD_PROTO_TCP, + { "_ip_abort_linterval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1*SECONDS, UINT32_MAX, 3*MINUTES}, {3*MINUTES} }, /* tunable - 10 */ - { "tcp_ip_abort_interval", MOD_PROTO_TCP, + { "_ip_abort_interval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {500*MS, UINT32_MAX, 5*MINUTES}, {5*MINUTES} }, - { "tcp_ip_notify_cinterval", MOD_PROTO_TCP, + { "_ip_notify_cinterval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1*SECONDS, UINT32_MAX, 10*SECONDS}, {10*SECONDS} }, - { "tcp_ip_notify_interval", MOD_PROTO_TCP, + { "_ip_notify_interval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {500*MS, UINT32_MAX, 10*SECONDS}, {10*SECONDS} }, - { "tcp_ipv4_ttl", MOD_PROTO_TCP, + { "_ipv4_ttl", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, 255, 64}, {64} }, - { "tcp_keepalive_interval", MOD_PROTO_TCP, + { "_keepalive_interval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {10*SECONDS, 10*DAYS, 2*HOURS}, {2*HOURS} }, - { "tcp_maxpsz_multiplier", MOD_PROTO_TCP, + { "_maxpsz_multiplier", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, 100, 10}, {10} }, - { "tcp_mss_def_ipv4", MOD_PROTO_TCP, + { "_mss_def_ipv4", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, TCP_MSS_MAX_IPV4, 536}, {536} }, - { "tcp_mss_max_ipv4", MOD_PROTO_TCP, + { "_mss_max_ipv4", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, TCP_MSS_MAX_IPV4, TCP_MSS_MAX_IPV4}, {TCP_MSS_MAX_IPV4} }, - { "tcp_mss_min", MOD_PROTO_TCP, + { "_mss_min", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, TCP_MSS_MAX, 108}, {108} }, - { "tcp_naglim_def", MOD_PROTO_TCP, + { "_naglim_def", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, (64*1024)-1, (4*1024)-1}, {(4*1024)-1} }, /* tunable - 20 */ - { "tcp_rexmit_interval_initial", MOD_PROTO_TCP, + { "_rexmit_interval_initial", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1*MS, 20*SECONDS, 1*SECONDS}, {1*SECONDS} }, - { "tcp_rexmit_interval_max", MOD_PROTO_TCP, + { "_rexmit_interval_max", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1*MS, 2*HOURS, 60*SECONDS}, {60*SECONDS} }, - { "tcp_rexmit_interval_min", MOD_PROTO_TCP, + { "_rexmit_interval_min", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1*MS, 2*HOURS, 400*MS}, {400*MS} }, - { "tcp_deferred_ack_interval", MOD_PROTO_TCP, + { "_deferred_ack_interval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1*MS, 1*MINUTES, 100*MS}, {100*MS} }, - { "tcp_snd_lowat_fraction", MOD_PROTO_TCP, + { "_snd_lowat_fraction", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, 16, 0}, {0} }, - { "tcp_dupack_fast_retransmit", MOD_PROTO_TCP, + { "_dupack_fast_retransmit", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, 10000, 3}, {3} }, - { "tcp_ignore_path_mtu", MOD_PROTO_TCP, + { "_ignore_path_mtu", MOD_PROTO_TCP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, @@ -320,7 +321,7 @@ {TCP_XMIT_HIWATER} }, /* tunable - 30 */ - { "tcp_xmit_lowat", MOD_PROTO_TCP, + { "_xmit_lowat", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {TCP_XMIT_LOWATER, (1<<30), TCP_XMIT_LOWATER}, {TCP_XMIT_LOWATER} }, @@ -330,56 +331,56 @@ {TCP_RECV_LOWATER, (1<<30), TCP_RECV_HIWATER}, {TCP_RECV_HIWATER} }, - { "tcp_recv_hiwat_minmss", MOD_PROTO_TCP, + { "_recv_hiwat_minmss", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, 65536, 4}, {4} }, - { "tcp_fin_wait_2_flush_interval", MOD_PROTO_TCP, + { "_fin_wait_2_flush_interval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1*SECONDS, 2*HOURS, 60*SECONDS}, {60*SECONDS} }, - { "tcp_max_buf", MOD_PROTO_TCP, + { "_max_buf", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {8192, (1<<30), 1024*1024}, {1024*1024} }, /* * Question: What default value should I set for tcp_strong_iss? */ - { "tcp_strong_iss", MOD_PROTO_TCP, + { "_strong_iss", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, 2, 1}, {1} }, - { "tcp_rtt_updates", MOD_PROTO_TCP, + { "_rtt_updates", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, 65536, 20}, {20} }, - { "tcp_wscale_always", MOD_PROTO_TCP, + { "_wscale_always", MOD_PROTO_TCP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "tcp_tstamp_always", MOD_PROTO_TCP, + { "_tstamp_always", MOD_PROTO_TCP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "tcp_tstamp_if_wscale", MOD_PROTO_TCP, + { "_tstamp_if_wscale", MOD_PROTO_TCP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, /* tunable - 40 */ - { "tcp_rexmit_interval_extra", MOD_PROTO_TCP, + { "_rexmit_interval_extra", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0*MS, 2*HOURS, 0*MS}, {0*MS} }, - { "tcp_deferred_acks_max", MOD_PROTO_TCP, + { "_deferred_acks_max", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, 16, 2}, {2} }, - { "tcp_slow_start_after_idle", MOD_PROTO_TCP, + { "_slow_start_after_idle", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, 16384, 4}, {4} }, - { "tcp_slow_start_initial", MOD_PROTO_TCP, + { "_slow_start_initial", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, 4, 4}, {4} }, @@ -387,30 +388,30 @@ mod_set_uint32, mod_get_uint32, {0, 2, 2}, {2} }, - { "tcp_ipv6_hoplimit", MOD_PROTO_TCP, + { "_ipv6_hoplimit", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, IPV6_MAX_HOPS, IPV6_DEFAULT_HOPS}, {IPV6_DEFAULT_HOPS} }, - { "tcp_mss_def_ipv6", MOD_PROTO_TCP, + { "_mss_def_ipv6", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, TCP_MSS_MAX_IPV6, 1220}, {1220} }, - { "tcp_mss_max_ipv6", MOD_PROTO_TCP, + { "_mss_max_ipv6", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {1, TCP_MSS_MAX_IPV6, TCP_MSS_MAX_IPV6}, {TCP_MSS_MAX_IPV6} }, - { "tcp_rev_src_routes", MOD_PROTO_TCP, + { "_rev_src_routes", MOD_PROTO_TCP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "tcp_local_dack_interval", MOD_PROTO_TCP, + { "_local_dack_interval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {10*MS, 500*MS, 50*MS}, {50*MS} }, /* tunable - 50 */ - { "tcp_local_dacks_max", MOD_PROTO_TCP, + { "_local_dacks_max", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, 16, 8}, {8} }, @@ -418,23 +419,23 @@ mod_set_uint32, mod_get_uint32, {0, 2, 1}, {1} }, - { "tcp_rst_sent_rate_enabled", MOD_PROTO_TCP, + { "_rst_sent_rate_enabled", MOD_PROTO_TCP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, - { "tcp_rst_sent_rate", MOD_PROTO_TCP, + { "_rst_sent_rate", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, UINT32_MAX, 40}, {40} }, - { "tcp_push_timer_interval", MOD_PROTO_TCP, + { "_push_timer_interval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, 100*MS, 50*MS}, {50*MS} }, - { "tcp_use_smss_as_mss_opt", MOD_PROTO_TCP, + { "_use_smss_as_mss_opt", MOD_PROTO_TCP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "tcp_keepalive_abort_interval", MOD_PROTO_TCP, + { "_keepalive_abort_interval", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, UINT32_MAX, 8*MINUTES}, {8*MINUTES} }, @@ -442,15 +443,15 @@ * tcp_wroff_xtra is the extra space in front of TCP/IP header for link * layer header. It has to be a multiple of 8. */ - { "tcp_wroff_xtra", MOD_PROTO_TCP, + { "_wroff_xtra", MOD_PROTO_TCP, mod_set_aligned, mod_get_uint32, {0, 256, 32}, {32} }, - { "tcp_dev_flow_ctl", MOD_PROTO_TCP, + { "_dev_flow_ctl", MOD_PROTO_TCP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "tcp_reass_timeout", MOD_PROTO_TCP, + { "_reass_timeout", MOD_PROTO_TCP, mod_set_uint32, mod_get_uint32, {0, UINT32_MAX, 100*SECONDS}, {100*SECONDS} }, @@ -459,16 +460,16 @@ mod_set_extra_privports, mod_get_extra_privports, {1, ULP_MAX_PORT, 0}, {0} }, - { "tcp_1948_phrase", MOD_PROTO_TCP, + { "_1948_phrase", MOD_PROTO_TCP, tcp_set_1948phrase, NULL, {0}, {0} }, - { "tcp_listener_limit_conf", MOD_PROTO_TCP, + { "_listener_limit_conf", MOD_PROTO_TCP, NULL, tcp_listener_conf_get, {0}, {0} }, - { "tcp_listener_limit_conf_add", MOD_PROTO_TCP, + { "_listener_limit_conf_add", MOD_PROTO_TCP, tcp_listener_conf_add, NULL, {0}, {0} }, - { "tcp_listener_limit_conf_del", MOD_PROTO_TCP, + { "_listener_limit_conf_del", MOD_PROTO_TCP, tcp_listener_conf_del, NULL, {0}, {0} }, { "?", MOD_PROTO_TCP, NULL, mod_get_allprop, {0}, {0} },
--- a/usr/src/uts/common/inet/tunables.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/uts/common/inet/tunables.c Mon Aug 16 19:16:00 2010 -0400 @@ -242,9 +242,9 @@ for (prop = ptbl; prop->mpi_name != NULL; prop++) { if (prop->mpi_name[0] == '\0' || - strcmp(prop->mpi_name, "mtu") == 0 || - strcmp(prop->mpi_name, "?") == 0) + strcmp(prop->mpi_name, "?") == 0) { continue; + } nbytes = snprintf(pval, size, "%s %d %d", prop->mpi_name, prop->mpi_proto, prop_perm2const(prop)); size -= nbytes + 1;
--- a/usr/src/uts/common/inet/udp/udp_tunables.c Mon Aug 16 15:39:49 2010 -0700 +++ b/usr/src/uts/common/inet/udp/udp_tunables.c Mon Aug 16 19:16:00 2010 -0400 @@ -19,9 +19,9 @@ * CDDL HEADER END */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* Copyright (c) 1990 Mentat Inc. */ #include <inet/ip.h> #include <inet/ip6.h> @@ -31,20 +31,20 @@ /* * All of these are alterable, within the min/max values given, at run time. * - * Note: All those tunables which do not start with "udp_" are Committed and - * therefore are public. See PSARC 2009/306. + * Note: All those tunables which do not start with "_" are Committed and + * therefore are public. See PSARC 2010/080. */ mod_prop_info_t udp_propinfo_tbl[] = { /* tunable - 0 */ - { "udp_wroff_extra", MOD_PROTO_UDP, + { "_wroff_extra", MOD_PROTO_UDP, mod_set_uint32, mod_get_uint32, {0, 256, 32}, {32} }, - { "udp_ipv4_ttl", MOD_PROTO_UDP, + { "_ipv4_ttl", MOD_PROTO_UDP, mod_set_uint32, mod_get_uint32, {1, 255, 255}, {255} }, - { "udp_ipv6_hoplimit", MOD_PROTO_UDP, + { "_ipv6_hoplimit", MOD_PROTO_UDP, mod_set_uint32, mod_get_uint32, {0, IPV6_MAX_HOPS, IPV6_DEFAULT_HOPS}, {IPV6_DEFAULT_HOPS} }, @@ -52,7 +52,7 @@ mod_set_uint32, mod_get_uint32, {1024, (32 * 1024), 1024}, {1024} }, - { "udp_do_checksum", MOD_PROTO_UDP, + { "_do_checksum", MOD_PROTO_UDP, mod_set_boolean, mod_get_boolean, {B_TRUE}, {B_TRUE} }, @@ -69,7 +69,7 @@ {UDP_XMIT_LOWATER, (1<<30), UDP_XMIT_HIWATER}, {UDP_XMIT_HIWATER} }, - { "udp_xmit_lowat", MOD_PROTO_UDP, + { "_xmit_lowat", MOD_PROTO_UDP, mod_set_uint32, mod_get_uint32, {0, (1<<30), UDP_XMIT_LOWATER}, {UDP_XMIT_LOWATER} }, @@ -80,15 +80,15 @@ {UDP_RECV_HIWATER} }, /* tunable - 10 */ - { "udp_max_buf", MOD_PROTO_UDP, + { "_max_buf", MOD_PROTO_UDP, mod_set_uint32, mod_get_uint32, {65536, (1<<30), 2*1024*1024}, {2*1024*1024} }, - { "udp_pmtu_discovery", MOD_PROTO_UDP, + { "_pmtu_discovery", MOD_PROTO_UDP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} }, - { "udp_sendto_ignerr", MOD_PROTO_UDP, + { "_sendto_ignerr", MOD_PROTO_UDP, mod_set_boolean, mod_get_boolean, {B_FALSE}, {B_FALSE} },