OS-4683 Using the allowed-ips property prevents using dynamic addressesOS-4683

4 files changed, 115 insertions, 5 deletions

diff --git a/usr/src/lib/libdladm/common/libdladm.c b/usr/src/lib/libdladm/common/libdladm.c
index 37823ce913..1452e6de01 100644
--- a/usr/src/lib/libdladm/common/libdladm.c
+++ b/usr/src/lib/libdladm/common/libdladm.c
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright (c) 2015, Joyent, Inc.
+ * Copyright (c) 2016, Joyent, Inc.
  */
 
 #include <unistd.h>
@@ -99,6 +99,18 @@ static link_protect_t link_protect_types[] = {
 };
 #define	LPTYPES	(sizeof (link_protect_types) / sizeof (link_protect_t))
 
+typedef struct {
+	uint32_t	ld_type;
+	char		*ld_name;
+} link_dynamic_t;
+
+static link_dynamic_t link_dynamic_types[] = {
+	{ MPT_DYN_DHCPV4, "dhcpv4" },
+	{ MPT_DYN_DHCPV6, "dhcpv6" },
+	{ MPT_DYN_SLAAC, "slaac" },
+};
+#define	DYNTYPES	(sizeof (link_dynamic_types) / sizeof (link_dynamic_t))
+
 dladm_status_t
 dladm_open(dladm_handle_t *handle)
 {
@@ -945,6 +957,47 @@ dladm_protect2str(uint32_t ptype, char *buf)
 }
 
 /*
+ * Convert dynamic address method string to a value.
+ */
+dladm_status_t
+dladm_str2dynamic(char *token, uint32_t *dtype)
+{
+	link_dynamic_t	*ld;
+	int		i;
+
+	for (i = 0; i < DYNTYPES; i++) {
+		ld = &link_dynamic_types[i];
+		if (strcmp(token, ld->ld_name) == 0) {
+			*dtype = ld->ld_type;
+			return (DLADM_STATUS_OK);
+		}
+	}
+	return (DLADM_STATUS_BADVAL);
+}
+
+
+/*
+ * Convert dynamic address method value to a string.
+ */
+const char *
+dladm_dynamic2str(uint32_t dtype, char *buf)
+{
+	const char	*s = "--";
+	link_dynamic_t	*ld;
+	int		i;
+
+	for (i = 0; i < DYNTYPES; i++) {
+		ld = &link_dynamic_types[i];
+		if (ld->ld_type == dtype) {
+			s = ld->ld_name;
+			break;
+		}
+	}
+	(void) snprintf(buf, DLADM_STRSIZE, "%s", dgettext(TEXT_DOMAIN, s));
+	return (buf);
+}
+
+/*
  * Convert an IPv4 address to/from a string.
  */
 const char *
@@ -1086,7 +1139,7 @@ fail:
  */
 dladm_status_t
 dladm_strs2range(char **prop_val, uint_t val_cnt,
-	mac_propval_type_t type, mac_propval_range_t **range)
+    mac_propval_type_t type, mac_propval_range_t **range)
 {
 	int			i;
 	char			*endp;
diff --git a/usr/src/lib/libdladm/common/libdladm.h b/usr/src/lib/libdladm/common/libdladm.h
index e5da4e3b44..52cb9274e8 100644
--- a/usr/src/lib/libdladm/common/libdladm.h
+++ b/usr/src/lib/libdladm/common/libdladm.h
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2015, Joyent, Inc.
+ * Copyright 2016, Joyent, Inc.
  */
 
 #ifndef _LIBDLADM_H
@@ -265,6 +265,8 @@ extern dladm_status_t	dladm_str2pri(char *, mac_priority_level_t *);
 extern const char	*dladm_pri2str(mac_priority_level_t, char *);
 extern dladm_status_t	dladm_str2protect(char *, uint32_t *);
 extern const char	*dladm_protect2str(uint32_t, char *);
+extern dladm_status_t	dladm_str2dynamic(char *, uint32_t *);
+extern const char	*dladm_dynamic2str(uint32_t, char *);
 extern dladm_status_t	dladm_str2ipv4addr(char *, void *);
 extern const char	*dladm_ipv4addr2str(void *, char *);
 extern dladm_status_t	dladm_str2ipv6addr(char *, void *);
diff --git a/usr/src/lib/libdladm/common/libdladm_impl.h b/usr/src/lib/libdladm/common/libdladm_impl.h
index ce1e2d8193..cb638e7743 100644
--- a/usr/src/lib/libdladm/common/libdladm_impl.h
+++ b/usr/src/lib/libdladm/common/libdladm_impl.h
@@ -147,7 +147,7 @@ extern dladm_status_t	dladm_flow_proplist_extract(dladm_arg_list_t *,
  * by the pd_check function.
  */
 typedef	dladm_status_t	rp_extractf_t(val_desc_t *, uint_t, void *);
-extern rp_extractf_t	extract_priority, extract_cpus,
+extern rp_extractf_t	extract_dynamic_methods, extract_priority, extract_cpus,
 			extract_protection, extract_allowallcids, extract_pool,
 			extract_allowedips, extract_allowedcids, extract_maxbw,
 			extract_rxrings, extract_txrings;
diff --git a/usr/src/lib/libdladm/common/linkprop.c b/usr/src/lib/libdladm/common/linkprop.c
index d00c294a38..008dff6d78 100644
--- a/usr/src/lib/libdladm/common/linkprop.c
+++ b/usr/src/lib/libdladm/common/linkprop.c
@@ -155,7 +155,7 @@ static pd_getf_t	get_zone, get_autopush, get_rate_mod, get_rate,
 			get_txrings, get_cntavail, get_secondary_macs,
 			get_allowallcids, get_allowedips, get_allowedcids,
 			get_pool, get_rings_range, get_linkmode_prop,
-			get_promisc_filtered;
+			get_promisc_filtered, get_dynamic_methods;
 
 static pd_setf_t	set_zone, set_rate, set_powermode, set_radio,
 			set_public_prop, set_resource, set_stp_prop,
@@ -443,6 +443,12 @@ static  val_desc_t	link_protect_vals[] = {
 	{ "dhcp-nospoof",	MPT_DHCPNOSPOOF	},
 };
 
+static val_desc_t	link_dynamic_method_vals[] = {
+	{ "dhcpv4",	MPT_DYN_DHCPV4	},
+	{ "dhcpv6",	MPT_DYN_DHCPV6	},
+	{ "slaac",	MPT_DYN_SLAAC	},
+};
+
 static val_desc_t	dladm_bool_vals[] = {
 	{ "false",	B_FALSE },
 	{ "true",	B_TRUE },
@@ -769,6 +775,11 @@ static prop_desc_t	prop_table[] = {
 	    set_resource, NULL, get_protection, check_prop, 0,
 	    DATALINK_CLASS_ALL, DATALINK_ANY_MEDIATYPE },
 
+	{ "dynamic-methods", { "--", RESET_VAL },
+	    link_dynamic_method_vals, VALCNT(link_dynamic_method_vals),
+	    set_resource, NULL, get_dynamic_methods, check_prop, 0,
+	    DATALINK_CLASS_ALL, DATALINK_ANY_MEDIATYPE },
+
 	{ "promisc-filtered", { "on", 1 },
 	    link_promisc_filtered_vals, VALCNT(link_promisc_filtered_vals),
 	    set_promisc_filtered, NULL, get_promisc_filtered, check_prop, 0,
@@ -836,6 +847,7 @@ static resource_prop_t rsrc_prop_table[] = {
 	{"pool",		extract_pool},
 	{"pool-effective",	extract_pool},
 	{"protection",		extract_protection},
+	{"dynamic-methods",	extract_dynamic_methods},
 	{"allowed-ips",		extract_allowedips},
 	{"allowed-dhcp-cids",	extract_allowedcids},
 	{"allow-all-dhcp-cids",	extract_allowallcids},
@@ -2879,6 +2891,49 @@ dladm_str2cid(char *buf, mac_dhcpcid_t *cid)
 
 /* ARGSUSED */
 static dladm_status_t
+get_dynamic_methods(dladm_handle_t handle, prop_desc_t *pdp,
+    datalink_id_t linkid, char **prop_val, uint_t *val_cnt,
+    datalink_media_t media, uint_t flags, uint_t *perm_flags)
+{
+	mac_resource_props_t	mrp;
+	mac_protect_t		*p;
+	dladm_status_t		status;
+	uint32_t		i, cnt = 0, setbits[32];
+
+	status = i_dladm_get_public_prop(handle, linkid, "resource", flags,
+	    perm_flags, &mrp, sizeof (mrp));
+	if (status != DLADM_STATUS_OK)
+		return (status);
+
+	p = &mrp.mrp_protect;
+	dladm_find_setbits32(p->mp_dynamic, setbits, &cnt);
+	if (cnt > *val_cnt)
+		return (DLADM_STATUS_BADVALCNT);
+
+	for (i = 0; i < cnt; i++)
+		(void) dladm_dynamic2str(setbits[i], prop_val[i]);
+
+	*val_cnt = cnt;
+	return (DLADM_STATUS_OK);
+}
+
+dladm_status_t
+extract_dynamic_methods(val_desc_t *vdp, uint_t cnt, void *arg)
+{
+	mac_resource_props_t	*mrp = arg;
+	uint32_t		methods = 0;
+	int			i;
+
+	for (i = 0; i < cnt; i++)
+		methods |= (uint32_t)vdp[i].vd_val;
+
+	mrp->mrp_protect.mp_dynamic = methods;
+	mrp->mrp_mask |= MRP_PROTECT;
+	return (DLADM_STATUS_OK);
+}
+
+/* ARGSUSED */
+static dladm_status_t
 get_allowallcids(dladm_handle_t handle, prop_desc_t *pdp,
     datalink_id_t linkid, char **prop_val, uint_t *val_cnt,
     datalink_media_t media, uint_t flags, uint_t *perm_flags)