diff options
| author | Cody Peter Mello <cody.mello@joyent.com> | 2017-12-06 01:29:00 +0000 |
|---|---|---|
| committer | Cody Peter Mello <melloc@writev.io> | 2018-06-08 18:47:07 +0000 |
| commit | e2369459ab12f803d44f6b49c6f48b06f28c7f9f (patch) | |
| tree | 5995f0751cfd7283e9067d9625cda940962de068 | |
| parent | 12a82dd4a058eb86f2b6b075bde38b01424f8f30 (diff) | |
| download | illumos-joyent-e2369459ab12f803d44f6b49c6f48b06f28c7f9f.tar.gz | |
OS-5269 dladm(1M) should describe the "protection" link property
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Dave Eddy <dave.eddy@joyent.com>
Approved by: Dave Eddy <dave.eddy@joyent.com>
| -rw-r--r-- | usr/src/man/man1m/dladm.1m | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/usr/src/man/man1m/dladm.1m b/usr/src/man/man1m/dladm.1m index 7a29e88ad7..ffe36dfa07 100644 --- a/usr/src/man/man1m/dladm.1m +++ b/usr/src/man/man1m/dladm.1m @@ -5061,6 +5061,67 @@ tokens \fBhigh\fR, \fBmedium\fR, or \fBlow\fR. The default is \fBhigh\fR. .sp .ne 2 .na +\fB\fBprotection\fR\fR +.ad +.sp .6 +.RS 4n +This property enables various forms of link protections, which prevent sending +applicable traffic out of this link. Note that since this enforcement happens +late in the networking stack, some observability tools like \fBsnoop\fR(1M) may +still see dropped outbound packets. + +This property should be set to a comma-separated list of protections to enable +on this link, where available protections are: +.sp +.ne 2 +.na +\fBip-nospoof\fR +.ad +.sp .6 +.RS 4n +Prevents sending from IPv4 and IPv6 addresses that have not been permitted +over the NIC. Addresses can be learned dynamically (see \fBdynamic-methods\fR) +or specified explicitly (see \fBallowed-ips\fR). +.RE +.sp +.ne 2 +.na +\fBdhcp-nospoof\fR +.ad +.sp .6 +.RS 4n +Prevents sending DHCP packets whose client hardware address +(CHADDR) field differs from the link-layer address, or from using a Client +Identifier whose value cannot be confirmed to be derived from the link-layer +address. Additional Client Identifiers can be permitted through the +\fBallowed-dhcp-cids\fR and \fBallow-all-dhcp-cids\fR link properties. +.RE +.sp +.ne 2 +.na +\fBmac-nospoof\fR +.ad +.sp .6 +.RS 4n +Prevents sending packets with a link-layer address that differs from the one +associated with the NIC. Additional addresses to allow can be added using the +\fBseconday-macs\fR property. +.RE +.sp +.ne 2 +.na +\fBrestricted\fR +.ad +.sp .6 +.RS 4n +Prevents using a VLAN ID not associated with the NIC and sending packets that +are not IPv4, IPv6 or ARP. +.RE +.RE + +.sp +.ne 2 +.na \fB\fBstp\fR\fR .ad .sp .6 |