diff options
Diffstat (limited to 'usr/src/cmd/cmd-inet')
22 files changed, 1525 insertions, 245 deletions
diff --git a/usr/src/cmd/cmd-inet/etc/services b/usr/src/cmd/cmd-inet/etc/services index 4562baff66..5673b61626 100644 --- a/usr/src/cmd/cmd-inet/etc/services +++ b/usr/src/cmd/cmd-inet/etc/services @@ -1,7 +1,6 @@ -# # Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. -# Copyright 2015 Joyent, Inc. +# Copyright 2019 Joyent, Inc. # # CDDL HEADER START # @@ -23,9 +22,18 @@ # CDDL HEADER END # # Network services, Internet style -# Look at http://www.iana.org/assignments/port-numbers for more # -tcpmux 1/tcp +# Note that it is presently the policy of IANA to assign a single well-known +# port number for both TCP and UDP; hence, officially ports have two entries +# even if the protocol doesn't support UDP operations. +# +# Updated from http://www.iana.org/assignments/port-numbers and other +# sources like http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services . +# New ports will be added on request if they have been officially assigned +# by IANA and used in the real-world or are needed by a debian package. +# If you need a huge list of used numbers please install the nmap package. + +tcpmux 1/tcp # TCP port service multiplexer echo 7/tcp echo 7/udp discard 9/tcp sink null @@ -34,208 +42,615 @@ systat 11/tcp users daytime 13/tcp daytime 13/udp netstat 15/tcp -qotd 17/tcp # Quote of the Day +qotd 17/tcp quote +msp 18/tcp # message send protocol +msp 18/udp chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp 21/tcp ftp 21/sctp -ssh 22/tcp # Secure Shell +fsp 21/udp fspd +ssh 22/tcp # SSH Remote Login Protocol ssh 22/sctp +ssh 22/udp telnet 23/tcp smtp 25/tcp mail time 37/tcp timserver time 37/udp timserver rlp 39/tcp # Resource Location Protocol -rlp 39/udp # Resource Location Protocol -name 42/udp nameserver -whois 43/tcp nicname # usually to sri-nic -tacacs 49/tcp +rlp 39/udp resource # resource location +nameserver 42/tcp name # IEN 116 +nameserver 42/udp name +whois 43/tcp nicname +tacacs 49/tcp # Login Host Protocol (TACACS) tacacs 49/udp +re-mail-ck 50/tcp # Remote Mail Checking Protocol +re-mail-ck 50/udp +domain 53/tcp # name-domain server domain 53/udp -domain 53/tcp -tacacs-ds 65/tcp +mtp 57/tcp # deprecated +tacacs-ds 65/tcp # TACACS-Database Service tacacs-ds 65/udp -bootps 67/udp # BOOTP/DHCP server -bootpc 68/udp # BOOTP/DHCP client -http 80/tcp www www-http -http 80/udp www www-http -http 80/sctp -kerberos 88/udp kdc # Kerberos V5 KDC -kerberos 88/tcp kdc # Kerberos V5 KDC -hostnames 101/tcp hostname # usually to sri-nic -pop2 109/tcp pop-2 # Post Office Protocol - V2 -pop3 110/tcp # Post Office Protocol - Version 3 -sunrpc 111/udp rpcbind -sunrpc 111/tcp rpcbind +bootps 67/tcp # BOOTP server +bootps 67/udp +bootpc 68/tcp # BOOTP client +bootpc 68/udp +tftp 69/udp +gopher 70/tcp # Internet Gopher +gopher 70/udp +rje 77/tcp netrjs +finger 79/tcp +www 80/tcp http # WorldWideWeb HTTP +www 80/sctp http +www 80/udp # HyperText Transfer Protocol +link 87/tcp ttylink +kerberos 88/tcp kerberos5 krb5 kerberos-sec # Kerberos v5 +kerberos 88/udp kerberos5 krb5 kerberos-sec # Kerberos v5 +supdup 95/tcp +hostnames 101/tcp hostname # usually from sri-nic +iso-tsap 102/tcp tsap # part of ISODE +x400 103/tcp # ISO Mail +acr-nema 104/tcp dicom # Digital Imag. & Comm. 300 +acr-nema 104/udp dicom # Digital Imag. & Comm. 300 +csnet-ns 105/tcp cso-ns # also used by CSO name server +csnet-ns 105/udp cso-ns +rtelnet 107/tcp # Remote Telnet +rtelnet 107/udp +pop2 109/tcp postoffice pop-2 # POP version 2 +pop2 109/udp pop-2 +pop3 110/tcp pop-3 # POP version 3 +pop3 110/udp pop-3 +sunrpc 111/tcp portmapper # RPC 4.0 portmapper +sunrpc 111/udp portmapper +auth 113/tcp authentication tap ident sftp 115/tcp -imap 143/tcp imap2 # Internet Mail Access Protocol v2 +uucp-path 117/tcp +nntp 119/tcp readnews untp # USENET News Transfer Protocol +ntp 123/tcp +ntp 123/udp # Network Time Protocol +pwdgen 129/tcp # PWDGEN service +pwdgen 129/udp # PWDGEN service +loc-srv 135/tcp epmap # Location Service +loc-srv 135/udp epmap +netbios-ns 137/tcp # NETBIOS Name Service +netbios-ns 137/udp +netbios-dgm 138/tcp # NETBIOS Datagram Service +netbios-dgm 138/udp +netbios-ssn 139/tcp # NETBIOS session service +netbios-ssn 139/udp +imap2 143/tcp imap # Interim Mail Access P 2 and 4 +imap2 143/udp imap +snmp 161/tcp # Simple Net Mgmt Protocol +snmp 161/udp # Simple Net Mgmt Protocol +snmp-trap 162/tcp snmptrap # Traps for SNMP +snmp-trap 162/udp snmptrap # Traps for SNMP +cmip-man 163/tcp # ISO mgmt over IP (CMOT) +cmip-man 163/udp +cmip-agent 164/tcp +cmip-agent 164/udp +mailq 174/tcp # Mailer transport queue for Zmailer +mailq 174/udp # Mailer transport queue for Zmailer +xdmcp 177/tcp # X Display Mgr. Control Proto +xdmcp 177/udp +nextstep 178/tcp NeXTStep NextStep # NeXTStep window +nextstep 178/udp NeXTStep NextStep # server bgp 179/tcp # Border Gateway Protocol -bgp 179/udp bgp 179/sctp -irc 194/tcp +bgp 179/udp +prospero 191/tcp # Cliff Neuman's Prospero +prospero 191/udp +irc 194/tcp # Internet Relay Chat irc 194/udp -smux 199/tcp +smux 199/tcp # SNMP Unix Multiplexer smux 199/udp -imap3 220/tcp -imap3 220/udp -clearcase 371/tcp -clearcase 371/udp -ldap 389/tcp # Lightweight Directory Access Protocol -ldap 389/udp # Lightweight Directory Access Protocol -https 443/tcp +at-rtmp 201/tcp # AppleTalk routing +at-rtmp 201/udp +at-nbp 202/tcp # AppleTalk name binding +at-nbp 202/udp +at-echo 204/tcp # AppleTalk echo +at-echo 204/udp +at-zis 206/tcp # AppleTalk zone information +at-zis 206/udp +qmtp 209/tcp # Quick Mail Transfer Protocol +qmtp 209/udp # Quick Mail Transfer Protocol +z3950 210/tcp wais # NISO Z39.50 database +z3950 210/udp wais +ipx 213/tcp # IPX +ipx 213/udp +imap3 220/tcp # Interactive Mail Access +imap3 220/udp # Protocol v3 +pawserv 345/tcp # Perf Analysis Workbench +pawserv 345/udp +zserv 346/tcp # Zebra server +zserv 346/udp +fatserv 347/tcp # Fatmen Server +fatserv 347/udp +rpc2portmap 369/tcp +rpc2portmap 369/udp # Coda portmapper +codaauth2 370/tcp +codaauth2 370/udp # Coda authentication server +clearcase 371/tcp Clearcase +clearcase 371/udp Clearcase +ulistserv 372/tcp # UNIX Listserv +ulistserv 372/udp +ldap 389/tcp # Lightweight Directory Access Protocol +ldap 389/udp +imsp 406/tcp # Interactive Mail Support Protocol +imsp 406/udp +slp 427/tcp slp # Service Location Protocol, V2 +slp 427/udp slp # Service Location Protocol, V2 +mobile-ip 434/udp mobile-ip # Mobile-IP +cvc_hostd 442/tcp # Network Console +https 443/tcp # http protocol over TLS/SSL https 443/udp https 443/sctp +snpp 444/tcp # Simple Network Paging Protocol +snpp 444/udp +microsoft-ds 445/tcp # Microsoft Naked CIFS +microsoft-ds 445/udp kpasswd 464/tcp kpasswd 464/udp +saft 487/tcp # Simple Asynchronous File Transfer +saft 487/udp +isakmp 500/tcp # IPsec - Internet Security Association +isakmp 500/udp # and Key Management Protocol dhcpv6-client 546/udp dhcpv6c # DHCPv6 Client (RFC 3315) dhcpv6-client 546/tcp dhcpv6-server 547/udp dhcpv6s # DHCPv6 Server (RFC 3315) dhcpv6-server 547/tcp -rtsp 554/tcp -rtsp 554/udp -nntps 563/tcp snntp -nntps 563/udp snntp -submission 587/tcp # Mail Message Submission -submission 587/udp # see RFC 2476 -ipp 631/tcp +rtsp 554/tcp # Real Time Stream Control Protocol +rtsp 554/udp # Real Time Stream Control Protocol +nqs 607/tcp # Network Queuing system +nqs 607/udp +npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS +npmp-local 610/udp dqs313_qmaster +npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS +npmp-gui 611/udp dqs313_execd +hmmp-ind 612/tcp dqs313_intercell # HMMP Indication / DQS +hmmp-ind 612/udp dqs313_intercell +qmqp 628/tcp +qmqp 628/udp +ipp 631/tcp # Internet Printing Protocol ipp 631/udp -ldaps 636/tcp # LDAP protocol over TLS/SSL (was sldap) -ldaps 636/udp # LDAP protocol over TLS/SSL (was sldap) -silc 706/tcp -silc 706/udp -iscsi 860/tcp -iscsi 860/udp -rsync 873/tcp -rsync 873/udp -ftps-data 989/tcp -ftps-data 989/udp -ftps 990/tcp -ftps 990/udp -imaps 993/tcp -imaps 993/udp -pop3s 995/tcp -pop3s 995/udp -socks 1080/tcp -socks 1080/udp -openvpn 1194/tcp -openvpn 1194/udp -icap 1344/tcp # Internet Content Adaptation Protocol -wins 1512/tcp -wins 1512/udp -radius 1812/tcp -radius 1812/udp -radius-acct 1813/tcp -radius-acct 1813/udp -cvspserver 2401/tcp -icpv2 3130/tcp -icpv2 3130/udp -iscsi-target 3260/tcp -iscsi-target 3260/udp -mysql 3306/tcp -mysql 3306/udp -nut 3493/tcp # Network UPS Tools -svn 3690/tcp -svn 3690/udp -epmd 4369/tcp # Erlang Port Mapper Daemon -epmd 4369/udp -sip 5060/tcp -sip 5060/udp -sip-tls 5061/tcp -sip-tls 5061/udp -xmpp-client 5222/tcp -xmpp-server 5269/tcp -postgresql 5432/tcp postgres -postgresql 5432/udp postgres -http-alt 8080/tcp webcache # HTTP Alternate, webcache -http-alt 8080/udp -memcache 11211/tcp -memcache 11211/udp -# -# Host specific functions -# -tftp 69/udp -rje 77/tcp -finger 79/tcp -link 87/tcp ttylink -supdup 95/tcp -iso-tsap 102/tcp -x400 103/tcp # ISO Mail -x400-snd 104/tcp -csnet-ns 105/tcp -uucp-path 117/tcp -nntp 119/tcp usenet # Network News Transfer -ntp 123/tcp # Network Time Protocol -ntp 123/udp # Network Time Protocol -netbios-ns 137/tcp # NETBIOS Name Service -netbios-ns 137/udp # NETBIOS Name Service -netbios-dgm 138/tcp # NETBIOS Datagram Service -netbios-dgm 138/udp # NETBIOS Datagram Service -netbios-ssn 139/tcp # NETBIOS Session Service -netbios-ssn 139/udp # NETBIOS Session Service -NeWS 144/tcp news # Window System -snmpd 161/udp snmp # Net-SNMP snmp daemon -slp 427/tcp slp # Service Location Protocol, V2 -slp 427/udp slp # Service Location Protocol, V2 -mobile-ip 434/udp mobile-ip # Mobile-IP -cvc_hostd 442/tcp # Network Console -microsoft-ds 445/tcp # Microsoft Directory Services -microsoft-ds 445/udp # Microsoft Directory Services -ike 500/udp ike # Internet Key Exchange uuidgen 697/tcp # UUID Generator uuidgen 697/udp # UUID Generator # # UNIX specific services # -# these are NOT officially assigned -# rdc 121/tcp # SNDR server daemon exec 512/tcp -login 513/tcp -shell 514/tcp cmd # no passwords used -printer 515/tcp spooler # line printer spooler -courier 530/tcp rpc # experimental -uucp 540/tcp uucpd # uucp daemon biff 512/udp comsat +login 513/tcp who 513/udp whod +shell 514/tcp cmd # no passwords used syslog 514/udp +printer 515/tcp spooler # line printer spooler talk 517/udp -route 520/udp router routed +ntalk 518/udp +route 520/udp router routed # RIP ripng 521/udp -klogin 543/tcp # Kerberos authenticated rlogin -kshell 544/tcp cmd # Kerberos authenticated remote shell +timed 525/udp timeserver +tempo 526/tcp newdate +courier 530/tcp rpc +conference 531/tcp chat +netnews 532/tcp readnews +netwall 533/udp # for emergency broadcasts +gdomap 538/tcp # GNUstep distributed objects +gdomap 538/udp +uucp 540/tcp uucpd # uucp daemon +klogin 543/tcp # Kerberized `rlogin' (v5) +kshell 544/tcp krcmd # Kerberized `rsh' (v5) +afpovertcp 548/tcp # AFP over TCP +afpovertcp 548/udp new-rwho 550/udp new-who # experimental +remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem rmonitor 560/udp rmonitord # experimental monitor 561/udp # experimental +nntps 563/tcp snntp # NNTP over SSL +nntps 563/udp snntp +submission 587/tcp # Submission [RFC4409] +submission 587/udp pcserver 600/tcp # ECD Integrated PC board srvr +ldaps 636/tcp # LDAP over SSL +ldaps 636/udp +tinc 655/tcp # tinc control port +tinc 655/udp sun-dr 665/tcp # Remote Dynamic Reconfiguration -kerberos-adm 749/tcp # Kerberos V5 Administration +silc 706/tcp +silc 706/udp +kerberos-adm 749/tcp # Kerberos `kadmin' (v5) kerberos-adm 749/udp # Kerberos V5 Administration kerberos-iv 750/udp # Kerberos V4 key server krb5_prop 754/tcp # Kerberos V5 KDC propogation -swat 901/tcp # Samba Web Adm.Tool +# +webster 765/tcp # Network dictionary +webster 765/udp +iscsi 860/tcp +iscsi 860/udp +rsync 873/tcp +rsync 873/udp +ftps-data 989/tcp # FTP over SSL (data) +ftps 990/tcp +telnets 992/tcp # Telnet over SSL +telnets 992/udp +imaps 993/tcp # IMAP over SSL +imaps 993/udp +ircs 994/tcp # IRC over SSL +ircs 994/udp +pop3s 995/tcp # POP-3 over SSL +pop3s 995/udp ufsd 1008/tcp ufsd # UFS-aware server ufsd 1008/udp ufsd +portolan 1296/tcp # Portolan +svp-underlay 1339/tcp # SDC VXLAN underlay invalidation cvc 1495/tcp # Network Console +# +# From ``Assigned Numbers'': +# +#> The Registered Ports are not controlled by the IANA and on most systems +#> can be used by ordinary user processes or programs executed by ordinary +#> users. +# +#> Ports are used in the TCP [45,106] to name the ends of logical +#> connections which carry long term conversations. For the purpose of +#> providing services to unknown callers, a service contact port is +#> defined. This list specifies the port used by the server process as its +#> contact port. While the IANA can not control uses of these ports it +#> does register or list uses of these ports as a convienence to the +#> community. +# +socks 1080/tcp # socks proxy server +socks 1080/udp +proofd 1093/tcp +proofd 1093/udp +rootd 1094/tcp +rootd 1094/udp +openvpn 1194/tcp +openvpn 1194/udp +rmiregistry 1099/tcp # Java RMI Registry +rmiregistry 1099/udp +kazaa 1214/tcp +kazaa 1214/udp +nessus 1241/tcp # Nessus vulnerability +nessus 1241/udp # assessment scanner +icap 1344/tcp # Internet Content Adaptation Protocol +lotusnote 1352/tcp lotusnotes # Lotus Note +lotusnote 1352/udp lotusnotes +ms-sql-s 1433/tcp # Microsoft SQL Server +ms-sql-s 1433/udp +ms-sql-m 1434/tcp # Microsoft SQL Monitor +ms-sql-m 1434/udp +wins 1512/tcp +wins 1512/udp ingreslock 1524/tcp +ingreslock 1524/udp +prospero-np 1525/tcp # Prospero non-privileged +prospero-np 1525/udp +datametrics 1645/tcp old-radius +datametrics 1645/udp old-radius +sa-msg-port 1646/tcp old-radacct +sa-msg-port 1646/udp old-radacct +kermit 1649/tcp +kermit 1649/udp +l2f 1701/tcp l2tp +l2f 1701/udp l2tp www-ldap-gw 1760/tcp # HTTP to LDAP gateway www-ldap-gw 1760/udp # HTTP to LDAP gateway -listen 2766/tcp # System V listener port -nfsd 2049/udp nfs # NFS server daemon (clts) -nfsd 2049/tcp nfs # NFS server daemon (cots) +radius 1812/tcp +radius 1812/udp +radius-acct 1813/tcp radacct # Radius Accounting +radius-acct 1813/udp radacct +msnp 1863/tcp # MSN Messenger +msnp 1863/udp +unix-status 1957/tcp # remstats unix-status server +log-server 1958/tcp # remstats log server +remoteping 1959/tcp # remstats remoteping server +cisco-sccp 2000/tcp sieve # Cisco SCCP +cisco-sccp 2000/udp +search 2010/tcp ndtp +pipe_server 2010/tcp +nfs 2049/tcp # Network File System +nfs 2049/udp # Network File System nfsd 2049/sctp nfs -eklogin 2105/tcp # Kerberos encrypted rlogin +gnunet 2086/tcp +gnunet 2086/udp +rtcm-sc104 2101/tcp # RTCM SC-104 IANA 1/29/99 +rtcm-sc104 2101/udp +gsigatekeeper 2119/tcp +gsigatekeeper 2119/udp +gris 2135/tcp # Grid Resource Information Server +gris 2135/udp # Grid Resource Information Server +cvspserver 2401/tcp # CVS client/server operations +cvspserver 2401/udp +venus 2430/tcp # codacon port +venus 2430/udp # Venus callback/wbc interface +venus-se 2431/tcp # tcp side effects +venus-se 2431/udp # udp sftp side effect +codasrv 2432/tcp # not used +codasrv 2432/udp # server port +codasrv-se 2433/tcp # tcp side effects +codasrv-se 2433/udp # udp sftp side effect +mon 2583/tcp # MON traps +mon 2583/udp +dict 2628/tcp # Dictionary server +dict 2628/udp +listen 2766/tcp # System V listener port +gsiftp 2811/tcp +gsiftp 2811/udp +gpsd 2947/tcp +gpsd 2947/udp +gds_db 3050/tcp # InterBase server +gds_db 3050/udp +icpv2 3130/tcp icp # Internet Cache Protocol +icpv2 3130/udp icp +iscsi-target 3260/tcp +iscsi-target 3260/udp +mysql 3306/tcp +mysql 3306/udp +nut 3493/tcp # Network UPS Tools +nut 3493/udp +distcc 3632/tcp # distributed compiler +distcc 3632/udp +daap 3689/tcp # Digital Audio Access Protocol +daap 3689/udp +svn 3690/tcp subversion # Subversion protocol +svn 3690/udp subversion +suucp 4031/tcp # UUCP over SSL +suucp 4031/udp # UUCP over SSL lockd 4045/udp # NFS lock daemon/manager lockd 4045/tcp +sysrqd 4094/tcp # sysrq daemon +sysrqd 4094/udp # sysrq daemon +remctl 4373/tcp # Remote Authenticated Command Service +remctl 4373/udp # Remote Authenticated Command Service +epmd 4369/tcp # Erlang Port Mapper Daemon +epmd 4369/udp ipsec-nat-t 4500/udp # IPsec NAT-Traversal +iax 4569/tcp # Inter-Asterisk eXchange +iax 4569/udp vxlan 4789/udp # Virtual eXtensible Local Area Network (VXLAN) +radmin-port 4899/tcp # RAdmin Port +radmin-port 4899/udp +rfe 5002/udp # Radio Free Ethernet +rfe 5002/tcp +mmcc 5050/tcp # multimedia conference control tool (Yahoo IM) +mmcc 5050/udp +sip 5060/tcp # Session Initiation Protocol +sip 5060/udp +sip-tls 5061/tcp +sip-tls 5061/udp +aol 5190/tcp # AIM +aol 5190/udp +xmpp-client 5222/tcp jabber-client # Jabber Client Connection +xmpp-client 5222/udp jabber-client +xmpp-server 5269/tcp jabber-server # Jabber Server Connection +xmpp-server 5269/udp jabber-server +cfengine 5308/tcp +cfengine 5308/udp +mdns 5353/tcp # Multicast DNS mdns 5353/udp # Multicast DNS -mdns 5353/tcp +postgresql 5432/tcp postgres # PostgreSQL Database +postgresql 5432/udp postgres +freeciv 5556/tcp rptp # Freeciv gameplay +freeciv 5556/udp +amqp 5672/tcp +amqp 5672/udp +amqp 5672/sctp +ggz 5688/tcp # GGZ Gaming Zone +ggz 5688/udp # GGZ Gaming Zone vnc-server 5900/tcp # VNC Server +x11 6000/tcp x11-0 # X Window System +x11 6000/udp x11-0 +x11-1 6001/tcp +x11-1 6001/udp +x11-2 6002/tcp +x11-2 6002/udp +x11-3 6003/tcp +x11-3 6003/udp +x11-4 6004/tcp +x11-4 6004/udp +x11-5 6005/tcp +x11-5 6005/udp +x11-6 6006/tcp +x11-6 6006/udp +x11-7 6007/tcp +x11-7 6007/udp dtspc 6112/tcp # CDE subprocess control +gnutella-svc 6346/tcp # gnutella +gnutella-svc 6346/udp +gnutella-rtr 6347/tcp # gnutella +gnutella-rtr 6347/udp +sge_qmaster 6444/tcp # Grid Engine Qmaster Service +sge_qmaster 6444/udp # Grid Engine Qmaster Service +sge_execd 6445/tcp # Grid Engine Execution Service +sge_execd 6445/udp # Grid Engine Execution Service servicetag 6481/udp servicetag 6481/tcp -fs 7100/tcp # Font server +afs3-fileserver 7000/tcp bbs # file server itself +afs3-fileserver 7000/udp bbs +afs3-callback 7001/tcp # callbacks to cache managers +afs3-callback 7001/udp +afs3-prserver 7002/tcp # users & groups database +afs3-prserver 7002/udp +afs3-vlserver 7003/tcp # volume location database +afs3-vlserver 7003/udp +afs3-kaserver 7004/tcp # AFS/Kerberos authentication +afs3-kaserver 7004/udp +afs3-volser 7005/tcp # volume managment server +afs3-volser 7005/udp +afs3-errors 7006/tcp # error interpretation service +afs3-errors 7006/udp +afs3-bos 7007/tcp # basic overseer process +afs3-bos 7007/udp +afs3-update 7008/tcp # server-to-server updater +afs3-update 7008/udp +afs3-rmtsys 7009/tcp # remote cache manager service +afs3-rmtsys 7009/udp +font-service 7100/tcp xfs # X Font Service +font-service 7100/udp xfs +http-alt 8080/tcp webcache # WWW caching service +http-alt 8080/udp # WWW caching service +bacula-dir 9101/tcp # Bacula Director +bacula-dir 9101/udp +bacula-fd 9102/tcp # Bacula File Daemon +bacula-fd 9102/udp +bacula-sd 9103/tcp # Bacula Storage Daemon +bacula-sd 9103/udp +xmms2 9667/tcp # Cross-platform Music Multiplexing System +xmms2 9667/udp # Cross-platform Music Multiplexing System +amanda 10080/tcp # amanda backup services +amanda 10080/udp +memcache 11211/tcp +memcache 11211/udp +hkp 11371/tcp # OpenPGP HTTP Keyserver +hkp 11371/udp # OpenPGP HTTP Keyserver +bprd 13720/tcp # VERITAS NetBackup +bprd 13720/udp +bpdbm 13721/tcp # VERITAS NetBackup +bpdbm 13721/udp +bpjava-msvc 13722/tcp # BP Java MSVC Protocol +bpjava-msvc 13722/udp +vnetd 13724/tcp # Veritas Network Utility +vnetd 13724/udp +bpcd 13782/tcp # VERITAS NetBackup +bpcd 13782/udp +vopied 13783/tcp # VERITAS NetBackup +vopied 13783/udp solaris-audit 16162/tcp # Secure remote audit logging -wnn6 22273/tcp # Wnn6 jserver -wnn6 22273/udp # Wnn6 jserver +wnn6 22273/tcp # wnn6 +wnn6 22273/udp + +# +# Datagram Delivery Protocol services +# +rtmp 1/ddp # Routing Table Maintenance Protocol +nbp 2/ddp # Name Binding Protocol +echo 4/ddp # AppleTalk Echo Protocol +zip 6/ddp # Zone Information Protocol + +#========================================================================= +# The remaining port numbers are not as allocated by IANA. +#========================================================================= + +# Kerberos (Project Athena/MIT) services +# Note that these are for Kerberos v4, and are unofficial. Sites running +# v4 should uncomment these and comment out the v5 entries above. +# +kerberos4 750/udp kerberos-iv kdc # Kerberos (server) +kerberos4 750/tcp kerberos-iv kdc +kerberos_master 751/udp # Kerberos authentication +kerberos_master 751/tcp +passwd_server 752/udp # Kerberos passwd server +krb_prop 754/tcp krb5_prop hprop # Kerberos slave propagation +krbupdate 760/tcp kreg # Kerberos registration +swat 901/tcp # swat +kpop 1109/tcp # Pop with Kerberos +knetd 2053/tcp # Kerberos de-multiplexor +zephyr-srv 2102/udp # Zephyr server +zephyr-clt 2103/udp # Zephyr serv-hm connection +zephyr-hm 2104/udp # Zephyr hostmanager +eklogin 2105/tcp # Kerberos encrypted rlogin +# Hmmm. Are we using Kv4 or Kv5 now? Worrying. +# The following is probably Kerberos v5 --- ajt@debian.org (11/02/2000) +kx 2111/tcp # X over Kerberos +iprop 2121/tcp # incremental propagation +# +# Unofficial but necessary (for NetBSD) services +# +supfilesrv 871/tcp # SUP server +supfiledbg 1127/tcp # SUP debugging + +# +# Services added for the Debian GNU/Linux distribution +# +linuxconf 98/tcp # LinuxConf +poppassd 106/tcp # Eudora +poppassd 106/udp +ssmtp 465/tcp smtps # SMTP over SSL +moira_db 775/tcp # Moira database +moira_update 777/tcp # Moira update protocol +moira_ureg 779/udp # Moira user registration +spamd 783/tcp # spamassassin daemon +omirr 808/tcp omirrd # online mirror +omirr 808/udp omirrd +customs 1001/tcp # pmake customs server +customs 1001/udp +skkserv 1178/tcp # skk jisho server port +predict 1210/udp # predict -- satellite tracking +rmtcfg 1236/tcp # Gracilis Packeten remote config server +wipld 1300/tcp # Wipl network monitor +xtel 1313/tcp # french minitel +xtelw 1314/tcp # french minitel +support 1529/tcp # GNATS +cfinger 2003/tcp # GNU Finger +frox 2121/tcp # frox: caching ftp proxy +ninstall 2150/tcp # ninstall service +ninstall 2150/udp +zebrasrv 2600/tcp # zebra service +zebra 2601/tcp # zebra vty +ripd 2602/tcp # ripd vty (zebra) +ripngd 2603/tcp # ripngd vty (zebra) +ospfd 2604/tcp # ospfd vty (zebra) +bgpd 2605/tcp # bgpd vty (zebra) +ospf6d 2606/tcp # ospf6d vty (zebra) +ospfapi 2607/tcp # OSPF-API +isisd 2608/tcp # ISISd vty (zebra) +afbackup 2988/tcp # Afbackup system +afbackup 2988/udp +afmbackup 2989/tcp # Afmbackup system +afmbackup 2989/udp +xtell 4224/tcp # xtell server +fax 4557/tcp # FAX transmission service (old) +hylafax 4559/tcp # HylaFAX client-server protocol (new) +distmp3 4600/tcp # distmp3host daemon +munin 4949/tcp lrrd # Munin +enbd-cstatd 5051/tcp # ENBD client statd +enbd-sstatd 5052/tcp # ENBD server statd +pcrd 5151/tcp # PCR-1000 Daemon +noclog 5354/tcp # noclogd with TCP (nocol) +noclog 5354/udp # noclogd with UDP (nocol) +hostmon 5355/tcp # hostmon uses TCP (nocol) +hostmon 5355/udp # hostmon uses UDP (nocol) +rplay 5555/udp # RPlay audio service +nsca 5667/tcp # Nagios Agent - NSCA +mrtd 5674/tcp # MRT Routing Daemon +bgpsim 5675/tcp # MRT Routing Simulator +canna 5680/tcp # cannaserver +sane-port 6566/tcp sane saned # SANE network scanner daemon +ircd 6667/tcp # Internet Relay Chat +zope-ftp 8021/tcp # zope management by ftp +tproxy 8081/tcp # Transparent Proxy +omniorb 8088/tcp # OmniORB +omniorb 8088/udp +clc-build-daemon 8990/tcp # Common lisp build daemon +xinetd 9098/tcp +mandelspawn 9359/udp mandelbrot # network mandelbrot +git 9418/tcp # Git Version Control System +zope 9673/tcp # zope server +webmin 10000/tcp +kamanda 10081/tcp # amanda backup services (Kerberos) +kamanda 10081/udp +amandaidx 10082/tcp # amanda backup services +amidxtape 10083/tcp # amanda backup services +smsqp 11201/tcp # Alamin SMS gateway +smsqp 11201/udp +xpilot 15345/tcp # XPilot Contact Port +xpilot 15345/udp +sgi-cmsd 17001/udp # Cluster membership services daemon +sgi-crsd 17002/udp +sgi-gcd 17003/udp # SGI Group membership daemon +sgi-cad 17004/tcp # Cluster Admin daemon +isdnlog 20011/tcp # isdn logging system +isdnlog 20011/udp +vboxd 20012/tcp # voice box system +vboxd 20012/udp +binkp 24554/tcp # binkp fidonet protocol +asp 27374/tcp # Address Search Protocol +asp 27374/udp +csync2 30865/tcp # cluster synchronization tool +dircproxy 57000/tcp # Detachable IRC Proxy +tfido 60177/tcp # fidonet EMSI over telnet +fido 60179/tcp # fidonet EMSI over TCP + +# Local services diff --git a/usr/src/cmd/cmd-inet/etc/sock2path.d/system%2Fkernel b/usr/src/cmd/cmd-inet/etc/sock2path.d/system%2Fkernel index c62e339953..49151907eb 100644 --- a/usr/src/cmd/cmd-inet/etc/sock2path.d/system%2Fkernel +++ b/usr/src/cmd/cmd-inet/etc/sock2path.d/system%2Fkernel @@ -18,6 +18,7 @@ # CDDL HEADER END # # Copyright (c) 1995, 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2014, Joyent, Inc. All rights reserved. # # socket configuration information # @@ -52,3 +53,6 @@ 29 4 1 /dev/spdsock 31 1 0 trill + + 33 1 0 lx_netlink + 33 4 0 lx_netlink diff --git a/usr/src/cmd/cmd-inet/lib/ipmgmtd/Makefile b/usr/src/cmd/cmd-inet/lib/ipmgmtd/Makefile index 1c32ce2ff1..1ec235b9a5 100644 --- a/usr/src/cmd/cmd-inet/lib/ipmgmtd/Makefile +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/Makefile @@ -21,6 +21,7 @@ # # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright 2015 Joyent, Inc. # Copyright 2021 Tintri by DDN, Inc. All rights reserved. # @@ -28,7 +29,8 @@ include ../../../../lib/Makefile.lib PROG= ipmgmtd -OBJS= ipmgmt_main.o ipmgmt_door.o ipmgmt_persist.o ipmgmt_util.o +OBJS= ipmgmt_main.o ipmgmt_door.o ipmgmt_persist.o ipmgmt_util.o \ + ipmgmt_path.o SRCS= $(OBJS:.o=.c) SVCMETHOD= net-ipmgmt MANIFEST= network-ipmgmt.xml diff --git a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_door.c b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_door.c index e3f18fea71..45080518b4 100644 --- a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_door.c +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_door.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2014, Joyent, Inc. All rights reserved. * Copyright (c) 2016-2017, Chris Fraire <cfraire@me.com>. * Copyright 2021, Tintri by DDN. All rights reserved. * Copyright 2022, Oxide Computer Company. @@ -120,7 +121,9 @@ ipmgmt_handler(void *cookie, char *argp, size_t argsz, door_desc_t *dp, goto fail; } - /* check for solaris.network.interface.config authorization */ + /* + * if not root, check for solaris.network.interface.config authorization + */ if (infop->idi_set) { uid_t uid; struct passwd pwd; @@ -132,24 +135,32 @@ ipmgmt_handler(void *cookie, char *argp, size_t argsz, door_desc_t *dp, goto fail; } uid = ucred_getruid(cred); + ucred_free(cred); if ((int)uid < 0) { err = errno; ipmgmt_log(LOG_ERR, "Could not get user id."); goto fail; } - if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == - NULL) { - err = errno; - ipmgmt_log(LOG_ERR, "Could not get password entry."); - goto fail; - } - if (chkauthattr(NETWORK_INTERFACE_CONFIG_AUTH, - pwd.pw_name) != 1) { - err = EPERM; - ipmgmt_log(LOG_ERR, "Not authorized for operation."); - goto fail; + + /* + * Branded zones may have different auth, but root always + * allowed. + */ + if (uid != 0) { + if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == NULL) { + err = errno; + ipmgmt_log(LOG_ERR, + "Could not get password entry."); + goto fail; + } + if (chkauthattr(NETWORK_INTERFACE_CONFIG_AUTH, + pwd.pw_name) != 1) { + err = EPERM; + ipmgmt_log(LOG_ERR, + "Not authorized for operation."); + goto fail; + } } - ucred_free(cred); } /* individual handlers take care of calling door_return */ diff --git a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_impl.h b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_impl.h index fe7e95a87e..bf70839f36 100644 --- a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_impl.h +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_impl.h @@ -21,6 +21,7 @@ /* * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2015 Joyent, Inc. * Copyright (c) 2016, Chris Fraire <cfraire@me.com>. * Copyright 2021 Tintri by DDN, Inc. All rights reserved. */ @@ -144,8 +145,6 @@ extern ipmgmt_aobjmap_list_t aobjmap; #define ADDROBJ_LOOKUPADD 0x00000004 #define ADDROBJ_SETLIFNUM 0x00000008 -/* Permanent data store for ipadm */ -#define IPADM_DB_FILE "/etc/ipadm/ipadm.conf" #define IPADM_FILE_MODE (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) /* @@ -155,20 +154,12 @@ extern ipmgmt_aobjmap_list_t aobjmap; */ #define IPADM_DB_VERSION 1 -/* - * A temporary file created in SMF volatile filesystem. This file captures the - * in-memory copy of list `aobjmap' on disk. This is done to recover from - * daemon reboot (using svcadm) or crashes. - */ -#define IPADM_TMPFS_DIR "/etc/svc/volatile/ipadm" -#define ADDROBJ_MAPPING_DB_FILE IPADM_TMPFS_DIR"/aobjmap.conf" - -/* - * A temporary copy of the ipadm configuration file might need - * to be created if write requests are encountered during boottime - * and the root filesystem is mounted read-only. - */ -#define IPADM_VOL_DB_FILE IPADM_TMPFS_DIR"/ipadm.conf" +typedef enum ipadm_path { + IPADM_PATH_TMPFS_DIR = 1, + IPADM_PATH_ADDROBJ_MAP_DB, + IPADM_PATH_DB, + IPADM_PATH_VOL_DB +} ipadm_path_t; /* SCF resources required to interact with svc.configd */ typedef struct scf_resources { @@ -200,6 +191,8 @@ extern void ipmgmt_release_scf_resources(scf_resources_t *); extern boolean_t ipmgmt_needs_upgrade(scf_resources_t *); extern void ipmgmt_update_dbver(scf_resources_t *); +extern void ipmgmt_path(ipadm_path_t, char *, size_t); + #ifdef __cplusplus } #endif diff --git a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_main.c b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_main.c index c31c91a547..41aeb2d98c 100644 --- a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_main.c +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_main.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2015 Joyent, Inc. * Copyright 2021 Tintri by DDN, Inc. All rights reserved. */ @@ -106,6 +107,7 @@ ipmgmt_db_init() int fd, err, scferr; scf_resources_t res; boolean_t upgrade = B_TRUE; + char aobjpath[MAXPATHLEN]; /* * Check to see if we need to upgrade the data-store. We need to @@ -135,11 +137,11 @@ ipmgmt_db_init() ipmgmt_release_scf_resources(&res); /* creates the address object data store, if it doesn't exist */ - if ((fd = open(ADDROBJ_MAPPING_DB_FILE, O_CREAT|O_RDONLY, - IPADM_FILE_MODE)) == -1) { + ipmgmt_path(IPADM_PATH_ADDROBJ_MAP_DB, aobjpath, sizeof (aobjpath)); + if ((fd = open(aobjpath, O_CREAT|O_RDONLY, IPADM_FILE_MODE)) == -1) { err = errno; - ipmgmt_log(LOG_ERR, "could not open %s: %s", - ADDROBJ_MAPPING_DB_FILE, strerror(err)); + ipmgmt_log(LOG_ERR, "could not open %s: %s", aobjpath, + strerror(err)); return (err); } (void) close(fd); @@ -153,8 +155,8 @@ ipmgmt_db_init() * representation of the mapping. That is, build `aobjmap' structure * from address object data store. */ - if ((err = ipadm_rw_db(ipmgmt_aobjmap_init, NULL, - ADDROBJ_MAPPING_DB_FILE, 0, IPADM_DB_READ)) != 0) { + if ((err = ipadm_rw_db(ipmgmt_aobjmap_init, NULL, aobjpath, 0, + IPADM_DB_READ)) != 0) { /* if there was nothing to initialize, it's fine */ if (err != ENOENT) return (err); @@ -166,17 +168,42 @@ ipmgmt_db_init() return (err); } +static const char * +ipmgmt_door_path() +{ + static char door[MAXPATHLEN]; + static boolean_t init_done = B_FALSE; + + if (!init_done) { + const char *zroot = zone_get_nroot(); + + /* + * If this is a branded zone, make sure we use the "/native" + * prefix for the door path: + */ + (void) snprintf(door, sizeof (door), "%s%s", zroot != NULL ? + zroot : "", IPMGMT_DOOR); + + init_done = B_TRUE; + } + + return (door); +} + static int ipmgmt_door_init() { int fd; int err; + const char *door = ipmgmt_door_path(); - /* create the door file for ipmgmtd */ - if ((fd = open(IPMGMT_DOOR, O_CREAT|O_RDONLY, IPADM_FILE_MODE)) == -1) { + /* + * Create the door file for ipmgmtd. + */ + if ((fd = open(door, O_CREAT | O_RDONLY, IPADM_FILE_MODE)) == -1) { err = errno; - ipmgmt_log(LOG_ERR, "could not open %s: %s", - IPMGMT_DOOR, strerror(err)); + ipmgmt_log(LOG_ERR, "could not open %s: %s", door, + strerror(err)); return (err); } (void) close(fd); @@ -187,15 +214,16 @@ ipmgmt_door_init() ipmgmt_log(LOG_ERR, "failed to create door: %s", strerror(err)); return (err); } + /* * fdetach first in case a previous daemon instance exited * ungracefully. */ - (void) fdetach(IPMGMT_DOOR); - if (fattach(ipmgmt_door_fd, IPMGMT_DOOR) != 0) { + (void) fdetach(door); + if (fattach(ipmgmt_door_fd, door) != 0) { err = errno; - ipmgmt_log(LOG_ERR, "failed to attach door to %s: %s", - IPMGMT_DOOR, strerror(err)); + ipmgmt_log(LOG_ERR, "failed to attach door to %s: %s", door, + strerror(err)); goto fail; } return (0); @@ -208,13 +236,15 @@ fail: static void ipmgmt_door_fini() { + const char *door = ipmgmt_door_path(); + if (ipmgmt_door_fd == -1) return; - (void) fdetach(IPMGMT_DOOR); + (void) fdetach(door); if (door_revoke(ipmgmt_door_fd) == -1) { ipmgmt_log(LOG_ERR, "failed to revoke access to door %s: %s", - IPMGMT_DOOR, strerror(errno)); + door, strerror(errno)); } } @@ -351,10 +381,14 @@ ipmgmt_init_privileges() { struct stat statbuf; int err; + char tmpfsdir[MAXPATHLEN]; - /* create the IPADM_TMPFS_DIR directory */ - if (stat(IPADM_TMPFS_DIR, &statbuf) < 0) { - if (mkdir(IPADM_TMPFS_DIR, (mode_t)0755) < 0) { + /* + * Create the volatile storage directory: + */ + ipmgmt_path(IPADM_PATH_TMPFS_DIR, tmpfsdir, sizeof (tmpfsdir)); + if (stat(tmpfsdir, &statbuf) < 0) { + if (mkdir(tmpfsdir, (mode_t)0755) < 0) { err = errno; goto fail; } @@ -365,8 +399,8 @@ ipmgmt_init_privileges() } } - if ((chmod(IPADM_TMPFS_DIR, 0755) < 0) || - (chown(IPADM_TMPFS_DIR, UID_NETADM, GID_NETADM) < 0)) { + if ((chmod(tmpfsdir, 0755) < 0) || + (chown(tmpfsdir, UID_NETADM, GID_NETADM) < 0)) { err = errno; goto fail; } diff --git a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_path.c b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_path.c new file mode 100644 index 0000000000..0219ac1522 --- /dev/null +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_path.c @@ -0,0 +1,84 @@ +/* + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + */ + +/* + * Copyright 2015 Joyent, Inc. + */ + +/* + * Lookup functions for various file paths used by ipmgmtd. This mechanism + * primarily exists to account for a native root prefix when run within a + * branded zone (e.g. "/native"). + */ + +#include <stdio.h> +#include <zone.h> +#include "ipmgmt_impl.h" + +#define IPADM_PERM_DIR "/etc/ipadm" +#define IPADM_TMPFS_DIR "/etc/svc/volatile/ipadm" + +typedef struct ipadm_path_ent { + ipadm_path_t ipe_id; + const char *ipe_path; +} ipadm_path_ent_t; + +static ipadm_path_ent_t ipadm_paths[] = { + /* + * A temporary directory created in the SMF volatile filesystem. + */ + { IPADM_PATH_TMPFS_DIR, IPADM_TMPFS_DIR }, + + /* + * This file captures the in-memory copy of list `aobjmap' on disk. + * This allows the system to recover in the event that the daemon + * crashes or is restarted. + */ + { IPADM_PATH_ADDROBJ_MAP_DB, IPADM_TMPFS_DIR "/aobjmap.conf" }, + + /* + * The permanent data store for ipadm. + */ + { IPADM_PATH_DB, IPADM_PERM_DIR "/ipadm.conf" }, + + /* + * A temporary copy of the ipadm configuration created, if needed, to + * service write requests early in boot. This file is merged with the + * permanent data store once it is available for writes. + */ + { IPADM_PATH_VOL_DB, IPADM_TMPFS_DIR "/ipadm.conf" }, + + { 0, NULL } +}; + +/* + * Load one of the paths used by ipadm into the provided string buffer. + * Prepends the native system prefix (e.g. "/native") if one is in effect, + * such as when running within a branded zone. + */ +void +ipmgmt_path(ipadm_path_t ip, char *buf, size_t bufsz) +{ + int i; + + for (i = 0; ipadm_paths[i].ipe_path != NULL; i++) { + if (ipadm_paths[i].ipe_id == ip) { + const char *zroot = zone_get_nroot(); + + (void) snprintf(buf, bufsz, "%s%s", zroot != NULL ? + zroot : "", ipadm_paths[i].ipe_path); + + return; + } + } + + abort(); +} diff --git a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_persist.c b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_persist.c index e29ecbaeb2..0c44b51f5a 100644 --- a/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_persist.c +++ b/usr/src/cmd/cmd-inet/lib/ipmgmtd/ipmgmt_persist.c @@ -542,13 +542,18 @@ static void * ipmgmt_db_restore_thread(void *arg) { int err; + char confpath[MAXPATHLEN]; + char tmpconfpath[MAXPATHLEN]; + + ipmgmt_path(IPADM_PATH_DB, confpath, sizeof (confpath)); + ipmgmt_path(IPADM_PATH_VOL_DB, tmpconfpath, sizeof (tmpconfpath)); for (;;) { (void) sleep(5); (void) pthread_rwlock_wrlock(&ipmgmt_dbconf_lock); if (!ipmgmt_rdonly_root) break; - err = ipmgmt_cpfile(IPADM_VOL_DB_FILE, IPADM_DB_FILE, B_FALSE); + err = ipmgmt_cpfile(tmpconfpath, confpath, B_FALSE); if (err == 0) { ipmgmt_rdonly_root = B_FALSE; break; @@ -580,6 +585,11 @@ ipmgmt_db_walk(db_wfunc_t *db_walk_func, void *db_warg, ipadm_db_op_t db_op) mode_t mode; pthread_t tid; pthread_attr_t attr; + char confpath[MAXPATHLEN]; + char tmpconfpath[MAXPATHLEN]; + + ipmgmt_path(IPADM_PATH_DB, confpath, sizeof (confpath)); + ipmgmt_path(IPADM_PATH_VOL_DB, tmpconfpath, sizeof (tmpconfpath)); writeop = (db_op != IPADM_DB_READ); if (writeop) { @@ -592,11 +602,10 @@ ipmgmt_db_walk(db_wfunc_t *db_walk_func, void *db_warg, ipadm_db_op_t db_op) /* * Did a previous write attempt fail? If so, don't even try to - * read/write to IPADM_DB_FILE. + * read/write to the permanent configuration file. */ if (!ipmgmt_rdonly_root) { - err = ipadm_rw_db(db_walk_func, db_warg, IPADM_DB_FILE, - mode, db_op); + err = ipadm_rw_db(db_walk_func, db_warg, confpath, mode, db_op); if (err != EROFS) goto done; } @@ -604,11 +613,11 @@ ipmgmt_db_walk(db_wfunc_t *db_walk_func, void *db_warg, ipadm_db_op_t db_op) /* * If we haven't already copied the file to the volatile * file system, do so. This should only happen on a failed - * writeop(i.e., we have acquired the write lock above). + * writeop (i.e., we have acquired the write lock above). */ - if (access(IPADM_VOL_DB_FILE, F_OK) != 0) { + if (access(tmpconfpath, F_OK) != 0) { assert(writeop); - err = ipmgmt_cpfile(IPADM_DB_FILE, IPADM_VOL_DB_FILE, B_TRUE); + err = ipmgmt_cpfile(confpath, tmpconfpath, B_TRUE); if (err != 0) goto done; (void) pthread_attr_init(&attr); @@ -619,7 +628,7 @@ ipmgmt_db_walk(db_wfunc_t *db_walk_func, void *db_warg, ipadm_db_op_t db_op) NULL); (void) pthread_attr_destroy(&attr); if (err != 0) { - (void) unlink(IPADM_VOL_DB_FILE); + (void) unlink(tmpconfpath); goto done; } ipmgmt_rdonly_root = B_TRUE; @@ -628,7 +637,7 @@ ipmgmt_db_walk(db_wfunc_t *db_walk_func, void *db_warg, ipadm_db_op_t db_op) /* * Read/write from the volatile copy. */ - err = ipadm_rw_db(db_walk_func, db_warg, IPADM_VOL_DB_FILE, + err = ipadm_rw_db(db_walk_func, db_warg, tmpconfpath, mode, db_op); done: (void) pthread_rwlock_unlock(&ipmgmt_dbconf_lock); @@ -1506,6 +1515,9 @@ ipmgmt_persist_aobjmap(ipmgmt_aobjmap_t *nodep, ipadm_db_op_t op) int err; ipadm_dbwrite_cbarg_t cb; nvlist_t *nvl = NULL; + char aobjpath[MAXPATHLEN]; + + ipmgmt_path(IPADM_PATH_ADDROBJ_MAP_DB, aobjpath, sizeof (aobjpath)); if (op == IPADM_DB_WRITE) { if ((err = i_ipmgmt_node2nvl(&nvl, nodep)) != 0) @@ -1516,14 +1528,14 @@ ipmgmt_persist_aobjmap(ipmgmt_aobjmap_t *nodep, ipadm_db_op_t op) else cb.dbw_flags = 0; - err = ipadm_rw_db(ipmgmt_update_aobjmap, &cb, - ADDROBJ_MAPPING_DB_FILE, IPADM_FILE_MODE, IPADM_DB_WRITE); + err = ipadm_rw_db(ipmgmt_update_aobjmap, &cb, aobjpath, + IPADM_FILE_MODE, IPADM_DB_WRITE); nvlist_free(nvl); } else { assert(op == IPADM_DB_DELETE); - err = ipadm_rw_db(ipmgmt_delete_aobjmap, nodep, - ADDROBJ_MAPPING_DB_FILE, IPADM_FILE_MODE, IPADM_DB_DELETE); + err = ipadm_rw_db(ipmgmt_delete_aobjmap, nodep, aobjpath, + IPADM_FILE_MODE, IPADM_DB_DELETE); } return (err); } diff --git a/usr/src/cmd/cmd-inet/sbin/dhcpagent/defaults.c b/usr/src/cmd/cmd-inet/sbin/dhcpagent/defaults.c index 133254be4a..e6a88304a7 100644 --- a/usr/src/cmd/cmd-inet/sbin/dhcpagent/defaults.c +++ b/usr/src/cmd/cmd-inet/sbin/dhcpagent/defaults.c @@ -32,6 +32,7 @@ #include <stdio.h> #include <sys/stat.h> #include <libnvpair.h> +#include <zone.h> #include "common.h" #include "defaults.h" @@ -67,6 +68,32 @@ static struct dhcp_default defaults[] = { { "ADOPT_DOMAINNAME", "0", 0, 0 }, }; + +/* + * df_find_defaults(): builds the path to the default configuration file + * + * input: void + * output: void + */ + +static const char * +df_find_defaults(void) +{ + static char agent_defaults_path[MAXPATHLEN] = { 0 }; + const char *zroot = NULL; + + if (agent_defaults_path[0] != '\0') { + return agent_defaults_path; + } + + zroot = zone_get_nroot(); + + (void) snprintf(agent_defaults_path, MAXPATHLEN, "%s%s", + zroot != NULL ? zroot : "", DHCP_AGENT_DEFAULTS); + + return agent_defaults_path; +} + /* * df_build_cache(): builds the defaults nvlist cache * @@ -77,6 +104,7 @@ static struct dhcp_default defaults[] = { static nvlist_t * df_build_cache(void) { + const char *agent_defaults_path = df_find_defaults(); char entry[1024]; int i; char *param, *pastv6, *value, *end; @@ -84,7 +112,7 @@ df_build_cache(void) nvlist_t *nvlist; struct dhcp_default *defp; - if ((fp = fopen(DHCP_AGENT_DEFAULTS, "r")) == NULL) + if ((fp = fopen(agent_defaults_path, "r")) == NULL) return (NULL); if (nvlist_alloc(&nvlist, NV_UNIQUE_NAME, 0) != 0) { @@ -164,6 +192,7 @@ df_build_cache(void) const char * df_get_string(const char *if_name, boolean_t isv6, uint_t param) { + const char *agent_defaults_path = df_find_defaults(); char *value; char paramstr[256]; char name[256]; @@ -175,10 +204,11 @@ df_get_string(const char *if_name, boolean_t isv6, uint_t param) if (param >= (sizeof (defaults) / sizeof (*defaults))) return (NULL); - if (stat(DHCP_AGENT_DEFAULTS, &statbuf) != 0) { + + if (stat(agent_defaults_path, &statbuf) != 0) { if (!df_unavail_msg) { dhcpmsg(MSG_WARNING, "cannot access %s; using " - "built-in defaults", DHCP_AGENT_DEFAULTS); + "built-in defaults", agent_defaults_path); df_unavail_msg = B_TRUE; } return (defaults[param].df_default); diff --git a/usr/src/cmd/cmd-inet/sbin/dhcpagent/request.c b/usr/src/cmd/cmd-inet/sbin/dhcpagent/request.c index 6b5a08a51a..7517f2c094 100644 --- a/usr/src/cmd/cmd-inet/sbin/dhcpagent/request.c +++ b/usr/src/cmd/cmd-inet/sbin/dhcpagent/request.c @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2011 Joyent, Inc. All rights reserved. * Copyright (c) 2016-2017, Chris Fraire <cfraire@me.com>. * * REQUESTING state of the client state machine. @@ -39,6 +40,7 @@ #include <dhcp_hostconf.h> #include <dhcpagent_util.h> #include <dhcpmsg.h> +#include <strings.h> #include "states.h" #include "util.h" @@ -645,8 +647,24 @@ accept_v4_acknak(dhcp_smach_t *dsmp, PKT_LIST *plp) stop_pkt_retransmission(dsmp); if (*plp->opts[CD_DHCP_TYPE]->value == NAK) { - dhcpmsg(MSG_WARNING, "accept_v4_acknak: NAK on interface %s", - dsmp->dsm_name); + char saddr[18]; + + saddr[0] = '\0'; + if (plp->opts[CD_SERVER_ID] != NULL && + plp->opts[CD_SERVER_ID]->len == sizeof (struct in_addr)) { + struct in_addr t_server; + + bcopy(plp->opts[CD_SERVER_ID]->value, &t_server, + plp->opts[CD_SERVER_ID]->len); + (void) strlcpy(saddr, inet_ntoa(t_server), + sizeof (saddr)); + } + + dhcpmsg(MSG_WARNING, "accept_v4_acknak: NAK on interface %s " + "from %s %s", + dsmp->dsm_name, + inet_ntoa(plp->pktfrom.v4.sin_addr), saddr); + dsmp->dsm_bad_offers++; free_pkt_entry(plp); dhcp_restart(dsmp); diff --git a/usr/src/cmd/cmd-inet/usr.lib/wpad/Makefile b/usr/src/cmd/cmd-inet/usr.lib/wpad/Makefile index 7d72bad58f..0efa270e8b 100644 --- a/usr/src/cmd/cmd-inet/usr.lib/wpad/Makefile +++ b/usr/src/cmd/cmd-inet/usr.lib/wpad/Makefile @@ -34,8 +34,7 @@ include ../../../Makefile.cmd ROOTMANIFESTDIR = $(ROOTSVCNETWORK) LDLIBS += -ldladm -ldlpi -NATIVE_LIBS += libcrypto.so -all install := LDLIBS += -lcrypto +all install := LDLIBS += -lsunw_crypto SMOFF += all_func_returns diff --git a/usr/src/cmd/cmd-inet/usr.sbin/Makefile b/usr/src/cmd/cmd-inet/usr.sbin/Makefile index 864920184a..3f794a331a 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/Makefile +++ b/usr/src/cmd/cmd-inet/usr.sbin/Makefile @@ -157,6 +157,7 @@ route := CPPFLAGS += -DNDEBUG ndd := LDLIBS += -ldladm -lipadm $(RELEASE_BUILD)ndd := CERRWARN += -_gcc=-Wno-unused in.comsat := LDFLAGS += $(MAPFILE.NGB:%=-Wl,-M%) +route := LDLIBS += -lzonecfg -lcontract .KEEP_STATE: diff --git a/usr/src/cmd/cmd-inet/usr.sbin/arp.c b/usr/src/cmd/cmd-inet/usr.sbin/arp.c index 720b996f57..784e87ca6f 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/arp.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/arp.c @@ -58,6 +58,7 @@ #include <arpa/inet.h> #include <net/if_types.h> #include <net/if_dl.h> +#include <zone.h> static int file(char *); static int set(int, char *[]); @@ -119,7 +120,11 @@ main(int argc, char *argv[]) * is to let netstat, which prints it as part of * the MIB statistics, do it. */ - (void) execl("/usr/bin/netstat", "netstat", + char netstat_path[MAXPATHLEN]; + const char *zroot = zone_get_nroot(); + (void) snprintf(netstat_path, sizeof (netstat_path), "%s%s", zroot != NULL ? + zroot : "", "/usr/bin/netstat"); + (void) execl(netstat_path, "netstat", (n_flag ? "-np" : "-p"), "-f", "inet", (char *)0); (void) fprintf(stderr, "failed to exec netstat: %s\n", diff --git a/usr/src/cmd/cmd-inet/usr.sbin/ndp.c b/usr/src/cmd/cmd-inet/usr.sbin/ndp.c index d2c26bf0b2..c77e1587d9 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/ndp.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/ndp.c @@ -40,6 +40,7 @@ #include <inet/ip.h> #include <net/if_dl.h> #include <net/route.h> +#include <zone.h> typedef struct sockaddr_in6 sin6_t; @@ -95,7 +96,6 @@ static int ndp_set_nce(char *, char *, char *[], int); static int ndp_set_file(char *); static char *ndp_iface = NULL; -static char *netstat_path = "/usr/bin/netstat"; static pid_t ndp_pid; static boolean_t ndp_noresolve = B_FALSE; /* Don't lookup addresses */ static boolean_t ndp_run = B_TRUE; @@ -103,6 +103,7 @@ static boolean_t ndp_run = B_TRUE; #define MAX_ATTEMPTS 5 #define MAX_OPTS 5 #define WORDSEPS " \t\r\n" +#define NETSTAT_PATH "/usr/bin/netstat" /* * Macros borrowed from route(8) for working with PF_ROUTE messages @@ -767,6 +768,12 @@ ndp_get(int fd, struct lifreq *lifrp, void *unused) static void ndp_get_all(void) { + char netstat_path[MAXPATHLEN]; + const char *zroot = zone_get_nroot(); + + (void) snprintf(netstat_path, sizeof (netstat_path), "%s%s", zroot != NULL ? + zroot : "", NETSTAT_PATH); + (void) execl(netstat_path, "netstat", (ndp_noresolve ? "-np" : "-p"), "-f", "inet6", (char *)0); diff --git a/usr/src/cmd/cmd-inet/usr.sbin/route.c b/usr/src/cmd/cmd-inet/usr.sbin/route.c index d8f11bd4a6..17a63d6f95 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/route.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/route.c @@ -6,6 +6,7 @@ /* All Rights Reserved */ /* Copyright (c) 1990 Mentat Inc. */ +/* Copyright 2018, Joyent, Inc. */ /* * @@ -79,6 +80,13 @@ #include <assert.h> #include <strings.h> +#include <libcontract.h> +#include <sys/ctfs.h> +#include <sys/contract/process.h> +#include <sys/wait.h> +#include <libzonecfg.h> +#include <zone.h> + #include <libtsnet.h> #include <tsol/label.h> @@ -292,6 +300,7 @@ static void syntax_error(char *err, ...); static void usage(char *cp); static void write_to_rtfile(FILE *fp, int argc, char **argv); static void pmsg_secattr(const char *, size_t, const char *); +static void do_zone(char *); static pid_t pid; static int s; @@ -308,6 +317,7 @@ static char perm_file_sfx[] = "/etc/inet/static_routes"; static char *perm_file; static char temp_file_sfx[] = "/etc/inet/static_routes.tmp"; static char *temp_file; +static char *zonename; static struct in6_addr in6_host_mask = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; /* @@ -354,7 +364,7 @@ usage(char *cp) cp); } (void) fprintf(stderr, gettext("usage: route [ -fnpqv ] " - "[ -R <root-dir> ] cmd [[ -<qualifers> ] args ]\n")); + "[-z <zone> ] [ -R <root-dir> ] cmd [[ -<qualifers> ] args ]\n")); exit(1); /* NOTREACHED */ } @@ -418,7 +428,7 @@ main(int argc, char **argv) if (argc < 2) usage(NULL); - while ((ch = getopt(argc, argv, "R:nqdtvfp")) != EOF) { + while ((ch = getopt(argc, argv, "R:nqdtvfpz:")) != EOF) { switch (ch) { case 'n': nflag = B_TRUE; @@ -444,6 +454,9 @@ main(int argc, char **argv) case 'R': root_dir = optarg; break; + case 'z': + zonename = optarg; + break; case '?': default: usage(NULL); @@ -453,6 +466,8 @@ main(int argc, char **argv) argc -= optind; argv += optind; + do_zone(zonename); + pid = getpid(); if (tflag) s = open("/dev/null", O_WRONLY); @@ -3252,3 +3267,74 @@ pmsg_secattr(const char *sptr, size_t msglen, const char *labelstr) sizeof (buf))); } } + +static void +do_zone(char *name) +{ + zoneid_t zoneid; + zone_state_t st; + int fd, status, rc = 0; + pid_t pid; + + if (name == NULL) + return; + + if (getzoneid() != GLOBAL_ZONEID) { + (void) fprintf(stderr, + "route: -z can only be specified from the global zone\n"); + exit(EXIT_FAILURE); + } + + if (strcmp(name, GLOBAL_ZONENAME) == 0) + return; + + if (zone_get_state(name, &st) != Z_OK) + quit("unable to get zone state", errno); + + if (st != ZONE_STATE_RUNNING) { + (void) fprintf(stderr, "route: zone must be running\n"); + exit(EXIT_FAILURE); + } + + if ((zoneid = getzoneidbyname(name)) == -1) + quit("cannot determine zone id", errno); + + if ((fd = open64(CTFS_ROOT "/process/template", O_RDWR)) == -1) + quit("cannot open ctfs template", errno); + + /* + * zone_enter() does not allow contracts to straddle zones, so we must + * create a new, though largely unused contract. Once we fork, the + * child is the only member of the new contract, so it can perform a + * zone_enter(). + */ + rc |= ct_tmpl_set_critical(fd, 0); + rc |= ct_tmpl_set_informative(fd, 0); + rc |= ct_pr_tmpl_set_fatal(fd, CT_PR_EV_HWERR); + rc |= ct_pr_tmpl_set_param(fd, CT_PR_PGRPONLY | CT_PR_REGENT); + if (rc || ct_tmpl_activate(fd)) { + (void) close(fd); + quit("could not create contract", errno); + } + + switch (pid = fork1()) { + case 0: + (void) ct_tmpl_clear(fd); + (void) close(fd); + if (zone_enter(zoneid) == -1) + quit("could not enter zone", errno); + return; + + case -1: + quit("fork1 failed", errno); + + default: + (void) ct_tmpl_clear(fd); + (void) close(fd); + if (waitpid(pid, &status, 0) < 0) + quit("waitpid failed", errno); + + exit(WEXITSTATUS(status)); + } + +} diff --git a/usr/src/cmd/cmd-inet/usr.sbin/routeadm/routeadm.c b/usr/src/cmd/cmd-inet/usr.sbin/routeadm/routeadm.c index 657fc77f9d..6fad8a3513 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/routeadm/routeadm.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/routeadm/routeadm.c @@ -21,6 +21,7 @@ /* * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Joyent, Inc. All rights reserved. */ #include <stdio.h> @@ -44,6 +45,7 @@ #include <libscf.h> #include <libscf_priv.h> #include <libuutil.h> +#include <ifaddrs.h> /* * This program moves routing management under SMF. We do this by giving @@ -2333,8 +2335,8 @@ out: /* * - * Return the number of IPv6 addresses configured. This answers the - * generic question, "is IPv6 configured?". We only start in.ndpd if IPv6 + * Return the number of non-loopback IPv6 addresses configured. This answers + * the generic question, "is IPv6 configured?". We only start in.ndpd if IPv6 * is configured, and we also only enable IPv6 routing daemons if IPv6 is * enabled. */ @@ -2342,28 +2344,24 @@ static int ra_numv6intfs(void) { static int num = -1; - int ipsock; - struct lifnum lifn; + int cnt; + struct ifaddrs *ifp_head, *ifp; if (num != -1) return (num); - if ((ipsock = socket(PF_INET6, SOCK_DGRAM, 0)) == -1) { - (void) fprintf(stderr, - gettext("%1$s: unable to open %2$s: %3$s\n"), - myname, IP_DEV_NAME, strerror(errno)); + if (getifaddrs(&ifp_head) < 0) return (0); - } - lifn.lifn_family = AF_INET6; - lifn.lifn_flags = 0; - if (ioctl(ipsock, SIOCGLIFNUM, &lifn) == -1) { - (void) close(ipsock); - return (0); + cnt = 0; + for (ifp = ifp_head; ifp; ifp = ifp->ifa_next) { + if (!(ifp->ifa_flags & IFF_LOOPBACK) && + (ifp->ifa_flags & IFF_IPV6)) + cnt++; } - (void) close(ipsock); - return (num = lifn.lifn_count); + freeifaddrs(ifp_head); + return (num = cnt); } /* diff --git a/usr/src/cmd/cmd-inet/usr.sbin/snoop/Makefile b/usr/src/cmd/cmd-inet/usr.sbin/snoop/Makefile index e026093057..4839757233 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/Makefile +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/Makefile @@ -40,17 +40,18 @@ OBJS= nfs4_xdr.o snoop.o snoop_aarp.o snoop_adsp.o snoop_aecho.o \ snoop_pppoe.o snoop_rip.o snoop_rip6.o snoop_rpc.o snoop_rpcprint.o \ snoop_rpcsec.o snoop_rport.o snoop_rquota.o snoop_rstat.o snoop_rtmp.o \ snoop_sctp.o snoop_slp.o snoop_smb.o snoop_socks.o snoop_solarnet.o \ - snoop_tcp.o snoop_tftp.o snoop_trill.o snoop_udp.o snoop_vxlan.o \ - snoop_zip.o + snoop_svp.o snoop_tcp.o snoop_tftp.o snoop_trill.o snoop_udp.o \ + snoop_vxlan.o snoop_zip.o SRCS= $(OBJS:.o=.c) HDRS= snoop.h snoop_mip.h at.h snoop_ospf.h snoop_ospf6.h include ../../../Makefile.cmd +include ../../../Makefile.ctf CPPFLAGS += -I. -I$(SRC)/common/net/dhcp \ -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -LDLIBS += -ldhcputil -ldlpi -lsocket -lnsl -ltsol +LDLIBS += -ldhcputil -ldlpi -lsocket -lnsl -ltsol -luuid LDFLAGS += $(MAPFILE.NGB:%=-Wl,-M%) CERRWARN += -_gcc=-Wno-switch CERRWARN += -_gcc=-Wno-implicit-function-declaration diff --git a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop.c b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop.c index 860bb55f79..c9b1eb848e 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop.c @@ -124,6 +124,7 @@ main(int argc, char **argv) char *output_area; int nbytes; char *datalink = NULL; + char *zonename = NULL; dlpi_handle_t dh; names[0] = '\0'; @@ -230,7 +231,7 @@ main(int argc, char **argv) } (void) setvbuf(stdout, NULL, _IOLBF, BUFSIZ); - while ((c = getopt(argc, argv, "at:CPDSi:o:Nn:s:d:I:vVp:fc:x:U?rqz")) + while ((c = getopt(argc, argv, "at:CPDSi:o:Nn:s:d:I:vVp:fc:x:U?rqz:Z")) != EOF) { switch (c) { case 'a': @@ -337,8 +338,11 @@ main(int argc, char **argv) case 'U': Uflg = B_TRUE; break; -#ifdef DEBUG case 'z': + zonename = optarg; + break; +#ifdef DEBUG + case 'Z': zflg = B_TRUE; break; #endif /* DEBUG */ @@ -360,7 +364,7 @@ main(int argc, char **argv) * requested was chosen, but that's too hard. */ if (!icapfile) { - use_kern_pf = open_datalink(&dh, datalink); + use_kern_pf = open_datalink(&dh, datalink, zonename); } else { use_kern_pf = B_FALSE; cap_open_read(icapfile); @@ -801,6 +805,8 @@ usage(void) (void) fprintf(stderr, "\t[ -r ] # Do not resolve address to name\n"); (void) fprintf(stderr, + "\t[ -z zone ] # Open links from named zone\n"); + (void) fprintf(stderr, "\n\t[ filter expression ]\n"); (void) fprintf(stderr, "\nExample:\n"); (void) fprintf(stderr, "\tsnoop -o saved host fred\n\n"); diff --git a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop.h b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop.h index 52a496db73..19a8c25a87 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop.h +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop.h @@ -216,7 +216,7 @@ extern void cap_open_read(const char *); extern void cap_open_write(const char *); extern void cap_read(int, int, int, void (*)(), int); extern void cap_close(void); -extern boolean_t open_datalink(dlpi_handle_t *, const char *); +extern boolean_t open_datalink(dlpi_handle_t *, const char *, const char *); extern void init_datalink(dlpi_handle_t, ulong_t, ulong_t, struct timeval *, struct Pf_ext_packetfilt *); extern void net_read(dlpi_handle_t, size_t, int, void (*)(), int); @@ -295,6 +295,7 @@ extern int interpret_trill(int, struct ether_header **, char *, int *); extern int interpret_isis(int, char *, int, boolean_t); extern int interpret_bpdu(int, char *, int); extern int interpret_vxlan(int, char *, int); +extern int interpret_svp(int, char *, int); extern void init_ldap(void); extern boolean_t arp_for_ether(char *, struct ether_addr *); extern char *ether_ouiname(uint32_t); diff --git a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_capture.c b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_capture.c index b0cc78b5f2..63eb4973a0 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_capture.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_capture.c @@ -30,6 +30,7 @@ #include <strings.h> #include <errno.h> #include <fcntl.h> +#include <limits.h> #include <setjmp.h> #include <sys/types.h> #include <sys/signal.h> @@ -115,7 +116,7 @@ select_datalink(const char *linkname, void *arg) * about the datalink useful for building the proper packet filters. */ boolean_t -open_datalink(dlpi_handle_t *dhp, const char *linkname) +open_datalink(dlpi_handle_t *dhp, const char *linkname, const char *zonename) { int retval; int flags = DLPI_PASSIVE | DLPI_RAW; @@ -123,6 +124,9 @@ open_datalink(dlpi_handle_t *dhp, const char *linkname) dlpi_info_t dlinfo; if (linkname == NULL) { + if (zonename != NULL) + pr_err("a datalink must be specified with a zone name"); + /* * Select a datalink to use by default. Prefer datalinks that * are plumbed by IP. @@ -146,7 +150,8 @@ open_datalink(dlpi_handle_t *dhp, const char *linkname) flags |= DLPI_DEVIPNET; if (Iflg || strcmp(linkname, "lo0") == 0) flags |= DLPI_IPNETINFO; - if ((retval = dlpi_open(linkname, dhp, flags)) != DLPI_SUCCESS) { + if ((retval = dlpi_open_zone(linkname, zonename, dhp, + flags)) != DLPI_SUCCESS) { pr_err("cannot open \"%s\": %s", linkname, dlpi_strerror(retval)); } @@ -636,6 +641,10 @@ cap_open_read(const char *name) if (fstat(capfile_in, &st) < 0) pr_err("couldn't stat %s: %m", name); + if (st.st_size > INT_MAX) + pr_err("input file size (%llu bytes) exceeds maximum " + "supported size (%d bytes)", + (unsigned long long)st.st_size, INT_MAX); cap_len = st.st_size; cap_buffp = mmap(0, cap_len, PROT_READ, MAP_PRIVATE, capfile_in, 0); diff --git a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_rport.c b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_rport.c index 6e67d03950..77e9d97766 100644 --- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_rport.c +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_rport.c @@ -21,7 +21,7 @@ /* * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. - * Copyright 2015, Joyent, Inc. + * Copyright 2018, Joyent, Inc. */ #include <stdio.h> @@ -130,6 +130,7 @@ static struct porttable pt_tcp[] = { { 540, "UUCP" }, { 600, "PCSERVER" }, { IPPORT_SOCKS, "SOCKS" }, + { 1296, "SVP" }, { 1524, "INGRESLOCK" }, { 2904, "M2UA" }, { 2905, "M3UA" }, @@ -430,6 +431,12 @@ interpret_reserved(int flags, int proto, in_port_t src, in_port_t dst, case IPPORT_VXLAN: (void) interpret_vxlan(flags, data, dlen); return (1); + case 1296: + if (proto == IPPROTO_TCP) { + (void) interpret_svp(flags, data, dlen); + return (1); + } + break; } } diff --git a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_svp.c b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_svp.c new file mode 100644 index 0000000000..a0768c2234 --- /dev/null +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_svp.c @@ -0,0 +1,557 @@ +/* + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + */ + +/* + * Copyright 2019 Joyent, Inc. + */ + +/* + * Decode SVP (SmartDC VxLAN Protocol) packets + */ + +#include <inttypes.h> +#include <sys/crc32.h> +#include <uuid/uuid.h> +#include <arpa/inet.h> +#include <stdio.h> +#include <stdarg.h> +#include <libvarpd_svp_prot.h> +#include "snoop.h" + +/* + * String size large enough for an IPv6 address + / + a 3 digit (or less) + * prefix length + */ +#define ADDRSTR_LEN (INET6_ADDRSTRLEN + 4) + +/* + * Large enough for all currently known status strings as well as a + * 16-bit hex value. + */ +#define STATUSSTR_LEN 32 + +/* + * Large enough for all currently known op strings, as well as a + * 16-bit hex value. + */ +#define OPSTR_LEN 32 + +/* + * Large enough for VL3 types and bulk types, as well as a 32-bit + * hex value. + */ +#define TYPESTR_LEN 32 + +static uint32_t svp_crc32_tab[] = { CRC32_TABLE }; + +#define STR(_x, _buf, _len) \ + case _x: \ + (void) strlcpy(_buf, #_x, _len); \ + break + +static void +svp_op_str(uint16_t op, char *buf, size_t buflen) +{ + switch (op) { + STR(SVP_R_UNKNOWN, buf, buflen); + STR(SVP_R_PING, buf, buflen); + STR(SVP_R_PONG, buf, buflen); + STR(SVP_R_VL2_REQ, buf, buflen); + STR(SVP_R_VL2_ACK, buf, buflen); + STR(SVP_R_VL3_REQ, buf, buflen); + STR(SVP_R_VL3_ACK, buf, buflen); + STR(SVP_R_BULK_REQ, buf, buflen); + STR(SVP_R_BULK_ACK, buf, buflen); + STR(SVP_R_LOG_REQ, buf, buflen); + STR(SVP_R_LOG_ACK, buf, buflen); + STR(SVP_R_LOG_RM, buf, buflen); + STR(SVP_R_LOG_RM_ACK, buf, buflen); + STR(SVP_R_SHOOTDOWN, buf, buflen); + default: + (void) snprintf(buf, buflen, "0x%hx", op); + } +} + +static void +svp_status_str(uint16_t status, char *buf, size_t buflen) +{ + switch (status) { + STR(SVP_S_OK, buf, buflen); + STR(SVP_S_FATAL, buf, buflen); + STR(SVP_S_NOTFOUND, buf, buflen); + STR(SVP_S_BADL3TYPE, buf, buflen); + STR(SVP_S_BADBULK, buf, buflen); + default: + (void) snprintf(buf, buflen, "0x%hx", status); + } +} + +static void +svp_vl3_type_str(uint32_t type, char *buf, size_t buflen) +{ + switch (type) { + STR(SVP_VL3_IP, buf, buflen); + STR(SVP_VL3_IPV6, buf, buflen); + default: + (void) snprintf(buf, buflen, "0x%x", type); + } +} + +static void +svp_bulk_type_str(uint32_t type, char *buf, size_t buflen) +{ + switch (type) { + STR(SVP_BULK_VL2, buf, buflen); + STR(SVP_BULK_VL3, buf, buflen); + default: + (void) snprintf(buf, buflen, "0x%x", type); + } +} + +static void +svp_log_type_str(uint32_t type, char *buf, size_t buflen) +{ + switch (type) { + STR(SVP_LOG_VL2, buf, buflen); + STR(SVP_LOG_VL3, buf, buflen); + default: + (void) snprintf(buf, buflen, "0x%x", type); + } +} +#undef STR + +static void +svp_addr_str(void *addrp, uint8_t *prefixp, char *buf, size_t buflen) +{ + struct in_addr v4; + int af = AF_INET6; + + if (IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addrp)) { + af = AF_INET; + IN6_V4MAPPED_TO_INADDR((struct in6_addr *)addrp, &v4); + addrp = &v4; + } + + if (inet_ntop(af, addrp, buf, buflen) == NULL) { + uint8_t *p = addrp; + size_t i; + + (void) strlcpy(buf, "0x", buflen); + for (i = 0; i < 16; i++) { + (void) snprintf(buf + 2 + i * 2, + sizeof (buf) - 2 - i * 2, "%02hhx", p[i]); + } + } + + if (prefixp != NULL && *prefixp != 128) { + char buf2[5]; /* / + 3 digits + NUL */ + + if (af == AF_INET) + *prefixp -= 96; + + (void) snprintf(buf2, sizeof (buf2), "/%hhu", *prefixp); + (void) strlcat(buf, buf2, buflen); + } +} + +static boolean_t +svp_check_crc(char *data, int len) +{ + svp_req_t *req = (svp_req_t *)data; + uint32_t save_crc = req->svp_crc32; + uint32_t crc = -1U; + + req->svp_crc32 = 0; + CRC32(crc, (uint8_t *)data, len, -1U, svp_crc32_tab); + crc = ~crc; + req->svp_crc32 = save_crc; + + return (ntohl(save_crc) == crc ? B_TRUE : B_FALSE); +} + +static void +do_svp_vl2_req(void *data, int len) +{ + svp_vl2_req_t *vl2 = data; + + show_printf("MAC = %s", ether_ntoa((struct ether_addr *)vl2->sl2r_mac)); + show_printf("Virtual network id = %u", ntohl(vl2->sl2r_vnetid)); +} + +static void +do_svp_vl2_ack(void *data, int len) +{ + svp_vl2_ack_t *vl2a = data; + char status[STATUSSTR_LEN]; + char addr[ADDRSTR_LEN]; + + svp_status_str(ntohs(vl2a->sl2a_status), status, sizeof (status)); + svp_addr_str(vl2a->sl2a_addr, NULL, addr, sizeof (addr)); + + show_printf("Status = %s", status); + show_printf("UL3 Address = %s", addr); + show_printf("UL3 Port = %hu", ntohs(vl2a->sl2a_port)); +} + +static void +do_svp_vl3_req(void *data, int len) +{ + svp_vl3_req_t *req = data; + char type[TYPESTR_LEN]; + char addr[ADDRSTR_LEN]; + + svp_vl3_type_str(ntohl(req->sl3r_type), type, sizeof (type)); + svp_addr_str(req->sl3r_ip, NULL, addr, sizeof (addr)); + + show_printf("Virtual network id = %u", ntohl(req->sl3r_vnetid)); + show_printf("Type = %s", type); + show_printf("VL3 Address = %s", addr); +} + +static void +do_svp_vl3_ack(void *data, int len) +{ + svp_vl3_ack_t *vl3a = data; + char status[STATUSSTR_LEN]; + char addr[ADDRSTR_LEN]; + + svp_status_str(ntohl(vl3a->sl3a_status), status, sizeof (status)); + svp_addr_str(vl3a->sl3a_uip, NULL, addr, sizeof (addr)); + + show_printf("Status = %s", status); + show_printf("MAC = %s", + ether_ntoa((struct ether_addr *)vl3a->sl3a_mac)); + show_printf("UL3 Address = %s", addr); + show_printf("UL3 Port = %hu", ntohs(vl3a->sl3a_uport)); +} + +static void +do_svp_bulk_req(void *data, int len) +{ + svp_bulk_req_t *req = data; + char type[TYPESTR_LEN]; + + if (len < sizeof (svp_bulk_req_t)) { + show_printf("SVP_R_BULK_REQ runt"); + return; + } + + svp_bulk_type_str(ntohl(req->svbr_type), type, sizeof (type)); + show_printf("Type = %s", type); +} + +static void +do_svp_bulk_ack(void *data, int len) +{ + svp_bulk_ack_t *ack = data; + char status[STATUSSTR_LEN]; + char type[TYPESTR_LEN]; + + svp_status_str(ntohl(ack->svba_status), status, sizeof (status)); + svp_bulk_type_str(ntohl(ack->svba_type), type, sizeof (type)); + + show_printf("Status = %s", status); + show_printf("Type = %s", type); + + /* + * Currently the data format is undefined (see libvarp_svp_prot.h), + * so there is nothing else we can display. + */ +} + +static void +do_svp_log_req(void *data, int len) +{ + svp_log_req_t *svlr = data; + char addr[ADDRSTR_LEN]; + + svp_addr_str(svlr->svlr_ip, NULL, addr, sizeof (addr)); + + show_printf("Count = %u", ntohl(svlr->svlr_count)); + show_printf("Address = %s", addr); +} + +static void +do_svp_log_ack(void *data, int len) +{ + svp_log_ack_t *ack = data; + union { + svp_log_vl2_t *vl2; + svp_log_vl3_t *vl3; + uint32_t *vtype; + void *vd; + } u; + size_t total = 0, rlen = 0; + uint8_t prefixlen; + boolean_t is_host; + char status[STATUSSTR_LEN]; + char typestr[TYPESTR_LEN]; + char uuid[UUID_PRINTABLE_STRING_LENGTH]; + char addr[ADDRSTR_LEN]; + + u.vd = (ack + 1); + + svp_status_str(ntohl(ack->svla_status), status, sizeof (status)); + + show_printf("Status = %s", status); + len -= sizeof (*ack); + + while (len > 0) { + uint32_t type; + + if (len < sizeof (uint32_t)) { + show_printf(" Trailing runt"); + break; + } + + type = ntohl(*u.vtype); + svp_log_type_str(type, typestr, sizeof (typestr)); + + switch (type) { + case SVP_LOG_VL2: + rlen = sizeof (svp_log_vl2_t); + break; + case SVP_LOG_VL3: + rlen = sizeof (svp_log_vl3_t); + break; + default: + /* + * If we don't know the type of log record we have, + * we cannot determine the size of the record, so we + * cannot continue past this. + */ + show_printf("Log %-4zu: Log type = %s", ++total, + typestr); + return; + } + + if (len < rlen) { + show_printf("Log %-4zu %s runt", ++total, typestr); + return; + } + + /* These are the same in SVP_LOG_VL2 and SVP_LOG_VL3 records */ + show_printf("Log %-4zu Log type = %s", ++total, typestr); + + uuid_parse(uuid, u.vl2->svl2_id); + show_printf("%8s UUID = %s", "", uuid); + + switch (type) { + case SVP_LOG_VL2: + show_printf("%8s MAC = %s", "", + ether_ntoa((struct ether_addr *)u.vl2->svl2_mac)); + show_printf("%8s Vnet = %u", "", + ntohl(u.vl2->svl2_vnetid)); + u.vl2++; + break; + case SVP_LOG_VL3: + svp_addr_str(u.vl3->svl3_ip, NULL, addr, sizeof (addr)); + + show_printf("%8s VLAN = %hu", "", + ntohs(u.vl3->svl3_vlan)); + show_printf("%8s Address = %s", "", addr); + show_printf("%8s Vnet = %u", "", + ntohl(u.vl3->svl3_vnetid)); + u.vl3++; + break; + } + + len -= rlen; + show_space(); + } + show_printf("Total log records = %zu", total); +} + +static void +do_svp_lrm_req(void *data, int len) +{ + /* + * Sized large enough to hold the expected size message + * (formatted below) if there's a length mismatch. + */ + char mismatch_str[64] = { 0 }; + svp_lrm_req_t *req = data; + size_t expected_sz = sizeof (*req); + size_t i, n; + + n = ntohl(req->svrr_count); + + /* IDs are 16-byte UUIDs */ + expected_sz += n * UUID_LEN; + if (len != expected_sz) { + (void) snprintf(mismatch_str, sizeof (mismatch_str), + " (expected %zu bytes, actual size is %d bytes)", + expected_sz, len); + } + show_printf("ID Count = %u%s", n, mismatch_str); + if (len != expected_sz) + return; + + for (i = 0; i < n; i++) { + char uuid[UUID_PRINTABLE_STRING_LENGTH]; + + uuid_parse(uuid, &req->svrr_ids[UUID_LEN * i]); + show_printf("%-4s %s", (i == 0) ? "IDs:" : "", uuid); + } +} + +static void +do_svp_lrm_ack(void *data, int len) +{ + svp_lrm_ack_t *ack = data; + char status[STATUSSTR_LEN]; + + svp_status_str(ntohl(ack->svra_status), status, sizeof (status)); + show_printf("Status = %s", status); +} + +static void +do_svp_shootdown(void *data, int len) +{ + svp_shootdown_t *sd = data; + + show_printf("Vnet = %u", ntohl(sd->svsd_vnetid)); + show_printf("MAC Address = %s", + ether_ntoa((struct ether_addr *)sd->svsd_mac)); +} + +static struct svp_len_tbl { + uint16_t slt_op; + size_t slt_len; +} svp_len_tbl[] = { + { SVP_R_UNKNOWN, 0 }, + { SVP_R_PING, 0 }, + { SVP_R_PONG, 0 }, + { SVP_R_VL2_REQ, sizeof (svp_vl2_req_t) }, + { SVP_R_VL2_ACK, sizeof (svp_vl2_ack_t) }, + { SVP_R_VL3_REQ, sizeof (svp_vl3_req_t) }, + { SVP_R_VL3_ACK, sizeof (svp_vl3_ack_t) }, + { SVP_R_BULK_REQ, sizeof (svp_bulk_req_t) }, + { SVP_R_BULK_ACK, sizeof (svp_bulk_ack_t) }, + { SVP_R_LOG_REQ, sizeof (svp_log_req_t) }, + { SVP_R_LOG_ACK, 0 }, + { SVP_R_LOG_RM, sizeof (svp_lrm_req_t) }, + { SVP_R_LOG_RM_ACK, sizeof (svp_lrm_ack_t) }, + { SVP_R_SHOOTDOWN, sizeof (svp_shootdown_t) }, +}; + +static boolean_t +svp_check_runt(uint16_t op, int len) +{ + if (op > SVP_R_SHOOTDOWN) + return (B_FALSE); + + if (len < svp_len_tbl[op].slt_len) { + char opstr[OPSTR_LEN]; + + svp_op_str(op, opstr, sizeof (opstr)); + show_printf("%s Runt", opstr); + show_space(); + return (B_TRUE); + } + return (B_FALSE); +} + +int +interpret_svp(int flags, char *data, int fraglen) +{ + svp_req_t *req = (svp_req_t *)data; + char opstr[OPSTR_LEN]; + uint16_t op; + boolean_t crc_ok; + + if (fraglen < sizeof (svp_req_t)) { + if (flags & F_SUM) + (void) snprintf(get_sum_line(), MAXLINE, + "SVP RUNT"); + if (flags & F_DTAIL) + show_header("SVP RUNT: ", "Short packet", fraglen); + + return (fraglen); + } + + op = ntohs(req->svp_op); + svp_op_str(op, opstr, sizeof (opstr)); + + crc_ok = svp_check_crc(data, fraglen); + + if (flags & F_SUM) { + (void) snprintf(get_sum_line(), MAXLINE, + "SVP V=%hu OP=%s ID=%u%s", ntohs(req->svp_ver), opstr, + ntohl(req->svp_id), crc_ok ? "" : " (BAD CRC)"); + } + + if (flags & F_DTAIL) { + show_header("SVP: ", "SVP Header", sizeof (svp_req_t)); + show_space(); + show_printf("Version = %hu", ntohs(req->svp_ver)); + show_printf("Op = %s", opstr); + show_printf("Packet length = %u bytes%s", ntohl(req->svp_size), + (ntohl(req->svp_size) == fraglen - sizeof (*req)) ? + "" : " (mismatch)"); + show_printf("Id = %u", ntohl(req->svp_id)); + show_printf("CRC = %x%s", ntohl(req->svp_crc32), + crc_ok ? "" : " (bad)"); + show_space(); + + req++; + fraglen -= sizeof (*req); + + /* + * Since we cannot know the length of an unknown op, + * svp_check_runt() returns B_TRUE for both truncated packets + * and unknown packets -- we have nothing meaningful besides + * the header we could print anyway. + */ + if (svp_check_runt(op, fraglen)) + return (fraglen); + + switch (op) { + case SVP_R_VL2_REQ: + do_svp_vl2_req(req, fraglen); + break; + case SVP_R_VL2_ACK: + do_svp_vl2_ack(req, fraglen); + break; + case SVP_R_VL3_REQ: + do_svp_vl3_req(req, fraglen); + break; + case SVP_R_VL3_ACK: + do_svp_vl3_ack(req, fraglen); + break; + case SVP_R_BULK_REQ: + do_svp_bulk_req(req, fraglen); + break; + case SVP_R_BULK_ACK: + do_svp_bulk_ack(req, fraglen); + break; + case SVP_R_LOG_REQ: + do_svp_log_req(req, fraglen); + break; + case SVP_R_LOG_ACK: + do_svp_log_ack(req, fraglen); + break; + case SVP_R_LOG_RM: + do_svp_lrm_req(req, fraglen); + break; + case SVP_R_LOG_RM_ACK: + do_svp_lrm_ack(req, fraglen); + break; + case SVP_R_SHOOTDOWN: + do_svp_shootdown(req, fraglen); + break; + } + + show_space(); + } + + return (0); +} |