summaryrefslogtreecommitdiff
path: root/usr/src/man/man1m/dladm.1m
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/man/man1m/dladm.1m')
-rw-r--r--usr/src/man/man1m/dladm.1m233
1 files changed, 214 insertions, 19 deletions
diff --git a/usr/src/man/man1m/dladm.1m b/usr/src/man/man1m/dladm.1m
index e76b8998c7..fb7ad61939 100644
--- a/usr/src/man/man1m/dladm.1m
+++ b/usr/src/man/man1m/dladm.1m
@@ -41,7 +41,7 @@
.\"
.\"
.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
-.\" Copyright 2016 Joyent, Inc.
+.\" Copyright 2017 Joyent, Inc.
.\" Copyright 2020 RackTop Systems, Inc.
.\" Copyright 2021 OmniOS Community Edition (OmniOSce) Association.
.\"
@@ -54,7 +54,7 @@ dladm \- administer data links
.LP
.nf
\fBdladm show-link\fR [\fB-P\fR] [\fB-s\fR [\fB-i\fR \fIinterval\fR]] [[\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fIlink\fR]
-\fBdladm rename-link\fR [\fB-R\fR \fIroot-dir\fR] \fIlink\fR \fInew-link\fR
+\fBdladm rename-link\fR [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fIlink\fR \fInew-link\fR
.fi
.LP
@@ -137,9 +137,11 @@ dladm \- administer data links
.LP
.nf
-\fBdladm set-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] \fB-p\fR \fIprop\fR=\fIvalue\fR[,...] \fIlink\fR
-\fBdladm reset-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-p\fR \fIprop\fR[,...]] \fIlink\fR
-\fBdladm show-linkprop\fR [\fB-P\fR] [[\fB-c\fR] \fB-o\fR \fIfield\fR[,...]] [\fB-p\fR \fIprop\fR[,...]] [\fIlink\fR]
+\fBdladm set-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fB-p\fR \fIprop\fR=\fIvalue\fR[,...]
+ \fIlink\fR
+\fBdladm reset-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] [\fB-p\fR \fIprop\fR[,...]] \fIlink\fR
+\fBdladm show-linkprop\fR [\fB-P\fR] [\fB-z\fR \fIzonename\fR] [[\fB-c\fR] \fB-o\fR \fIfield\fR[,...]]
+ [\fB-p\fR \fIprop\fR[,...]] [\fIlink\fR]
.fi
.LP
@@ -154,9 +156,9 @@ dladm \- administer data links
\fBdladm create-vnic\fR [\fB-t\fR] \fB-l\fR \fIlink\fR [\fB-R\fR \fIroot-dir\fR] [\fB-m\fR \fIvalue\fR | auto |
{factory \fB-n\fR \fIslot-identifier\fR]} | {random [\fB-r\fR \fIprefix\fR]}]
[\fB-v\fR \fIvlan-id\fR] [\fB-p\fR \fIprop\fR=\fIvalue\fR[,...]] \fIvnic-link\fR
-\fBdladm delete-vnic\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] \fIvnic-link\fR
+\fBdladm delete-vnic\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fIvnic-link\fR
\fBdladm show-vnic\fR [\fB-pP\fR] [\fB-s\fR [\fB-i\fR \fIinterval\fR]] [\fB-o\fR \fIfield\fR[,...]]
- [\fB-l\fR \fIlink\fR] [\fIvnic-link\fR]
+ [\fB-l\fR \fIlink\fR] [\fB-z\fR \fIzonename\fR] [\fIvnic-link\fR]
.fi
.LP
@@ -471,6 +473,19 @@ A virtual network interface. The \fBshow-vnic\fR subcommand displays more
detail for this class of datalink.
.RE
+.sp
+.ne 2
+.na
+\fB\fBoverlay\fR\fR
+.ad
+.sp .6
+.RS 4n
+A virtual device that is used to create or join a software defined
+network. The \fBshow-overlay\fR subcommand displays more detail for this
+class of datalink.
+.RE
+
+
.RE
.sp
@@ -640,8 +655,7 @@ will be displayed only once.
.sp
.ne 2
.na
-\fB\fBdladm rename-link\fR [\fB-R\fR \fIroot-dir\fR] \fIlink\fR
-\fInew-link\fR\fR
+\fB\fBdladm rename-link\fR [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fIlink\fR \fInew-link\fR\fR
.ad
.sp .6
.RS 4n
@@ -659,6 +673,16 @@ examples of how this subcommand is used.
See "Options," above.
.RE
+.sp
+.ne 2
+.na
+\fB\fB-z\fR \fIzonename\fR
+.ad
+.sp .6
+.RS 4n
+A link assigned to a zone can only be renamed while the zone is in the ready state.
+.RE
+
.RE
.sp
@@ -3264,8 +3288,7 @@ Extended output is displayed for \fBPTYPE\fR values of \fBcurrent\fR,
.sp
.ne 2
.na
-\fB\fBdladm set-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] \fB-p\fR
-\fIprop\fR=\fIvalue\fR[,...] \fIlink\fR\fR
+\fB\fBdladm set-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fB-p\fR \fIprop\fR=\fIvalue\fR[,...] \fIlink\fR\fR
.ad
.sp .6
.RS 4n
@@ -3297,6 +3320,16 @@ See "Options," above.
.sp
.ne 2
.na
+\fB\fB-z\fR \fIzonename\fR
+.ad
+.sp .6
+.RS 4n
+Operate on a link that has been delegated to the specified zone.
+.RE
+
+.sp
+.ne 2
+.na
\fB\fB-p\fR \fIprop\fR=\fIvalue\fR[,...], \fB--prop\fR
\fIprop\fR=\fIvalue\fR[,...]\fR
.ad
@@ -3316,8 +3349,7 @@ same value.
.sp
.ne 2
.na
-\fB\fBdladm reset-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-p\fR
-\fIprop\fR,...] \fIlink\fR\fR
+\fB\fBdladm reset-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] [\fB-p\fR \fIprop\fR,...] \fIlink\fR\fR
.ad
.sp .6
.RS 4n
@@ -3349,6 +3381,16 @@ See "Options," above.
.sp
.ne 2
.na
+\fB\fB-z\fR \fIzonename\fR
+.ad
+.sp .6
+.RS 4n
+Operate on a link that has been delegated to the specified zone.
+.RE
+
+.sp
+.ne 2
+.na
\fB\fB-p\fR \fIprop, ...\fR, \fB--prop\fR=\fIprop, ...\fR\fR
.ad
.sp .6
@@ -3363,8 +3405,7 @@ the same value.
.sp
.ne 2
.na
-\fB\fBdladm show-linkprop\fR [\fB-P\fR] [[\fB-c\fR] \fB-o\fR
-\fIfield\fR[,...]][\fB-p\fR \fIprop\fR[,...]] [\fIlink\fR]\fR
+\fB\fBdladm show-linkprop\fR [\fB-P\fR] [\fB-z\fR \fIzonename\fR] [[\fB-c\fR] \fB-o\fR \fIfield\fR[,...]][\fB-p\fR \fIprop\fR[,...]] [\fIlink\fR]\fR
.ad
.sp .6
.RS 4n
@@ -3482,6 +3523,16 @@ Display persistent link property information
.sp
.ne 2
.na
+\fB\fB-z\fR \fIzonename\fR
+.ad
+.sp .6
+.RS 4n
+Operate on a link that has been delegated to the specified zone.
+.RE
+
+.sp
+.ne 2
+.na
\fB\fB-p\fR \fIprop, ...\fR, \fB--prop\fR=\fIprop, ...\fR\fR
.ad
.sp .6
@@ -3799,8 +3850,7 @@ A comma-separated list of properties to set to the specified values.
.sp
.ne 2
.na
-\fB\fBdladm delete-vnic\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR]
-\fIvnic-link\fR\fR
+\fB\fBdladm delete-vnic\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fIvnic-link\fR\fR
.ad
.sp .6
.RS 4n
@@ -3826,13 +3876,22 @@ next reboot.
See "Options," above.
.RE
+.sp
+.ne 2
+.na
+\fB\fB-z\fR \fIzonename\fR
+.ad
+.sp .6
+.RS 4n
+Operate on a link that has been delegated to the specified zone.
+.RE
+
.RE
.sp
.ne 2
.na
-\fB\fBdladm show-vnic\fR [\fB-pP\fR] [\fB-s\fR [\fB-i\fR \fIinterval\fR]]
-[\fB-o\fR \fIfield\fR[,...]] [\fB-l\fR \fIlink\fR] [\fIvnic-link\fR]\fR
+\fB\fBdladm show-vnic\fR [\fB-pP\fR] [\fB-s\fR [\fB-i\fR \fIinterval\fR]] [\fB-o\fR \fIfield\fR[,...]] [\fB-l\fR \fIlink\fR] [\fB-z\fR \fIzonename\fR] [\fIvnic-link\fR]\fR
.ad
.sp .6
.RS 4n
@@ -3975,6 +4034,16 @@ will be displayed only once.
Display information for all VNICs on the named link.
.RE
+.sp
+.ne 2
+.na
+\fB\fB-z\fR \fIzonename\fR
+.ad
+.sp .6
+.RS 4n
+Operate on a link that has been delegated to the specified zone.
+.RE
+
.RE
.sp
@@ -4836,6 +4905,43 @@ The following general link properties are supported:
.sp
.ne 2
.na
+\fB\fBallow-all-dhcp-cids\fR\fR
+.ad
+.sp .6
+.RS 4n
+One of \fBtrue\fR or \fBfalse\fR, to indicate whether or not all DHCP Client
+Identifiers should be permitted on this interface when DHCP spoofing protection
+is being used. This can be useful in cases where a DHCP client is using RFC
+4361-style Client Identifiers, which are based on a value that is opaque to the
+Global Zone, but enforcement of MAC addresses in DHCP packets is still desired.
+.RE
+
+.sp
+.ne 2
+.na
+\fB\fBallowed-dhcp-cids\fR\fR
+.ad
+.sp .6
+.RS 4n
+A comma-separated list of DHCP Client Identifiers that are allowed on the
+interface.
+.sp
+Client identifiers can be written in three different formats: a string of
+hexadecimal characters prefixed by \fB0x\fR, indicating the exact bytes used in
+the Client Identifier; an RFC 3315 DUID of the form
+"1.<hardware\ type>.<time>.<link-layer\ address>" (DUID-LLT),
+"2.<enterprise\ number>.<hex\ string>" (DUID-EN), or
+"3.<hardware\ type>.<link-layer\ address>" (DUID-LL); or a string of characters
+whose byte values should be used as the Client Identifier.
+.sp
+When specifying a string of hexadecimal characters prefixed by \fB0x\fR or as
+part of a DUID-EN string, an even number of hexadecimal characters must be
+provided in order to fully specify each byte.
+.RE
+
+.sp
+.ne 2
+.na
\fB\fBallowed-ips\fR\fR
.ad
.sp .6
@@ -4897,6 +5003,24 @@ is not bound to any specific processor or processor set.
.sp
.ne 2
.na
+\fB\fBdynamic-methods\fR\fR
+.ad
+.sp .6
+.RS 4n
+When using IP spoofing protection (see \fBprotection\fR), addresses can be
+learned dynamically by monitoring certain network traffic, like DHCP
+transactions or IPv6 Stateless Address Autoconfiguration (SLAAC). By default,
+all learning methods are permitted, but if \fBallowed-ips\fR contains any
+addresses, then all methods are disabled, and any packets sent from addresses
+previously learned will be dropped. This property allows selecting which ones
+are re-enabled, where valid options are \fBdhcpv4\fR, \fBdhcpv6\fR, and
+\fBslaac\fR. \fBaddrconf\fR is available as an alias for enabling both
+\fBdhcpv6\fR and \fBslaac\fR.
+.RE
+
+.sp
+.ne 2
+.na
\fB\fBlearn_limit\fR\fR
.ad
.sp .6
@@ -4949,6 +5073,67 @@ tokens \fBhigh\fR, \fBmedium\fR, or \fBlow\fR. The default is \fBhigh\fR.
.sp
.ne 2
.na
+\fB\fBprotection\fR\fR
+.ad
+.sp .6
+.RS 4n
+This property enables various forms of link protections, which prevent sending
+applicable traffic out of this link. Note that since this enforcement happens
+late in the networking stack, some observability tools like \fBsnoop\fR(1M) may
+still see dropped outbound packets.
+
+This property should be set to a comma-separated list of protections to enable
+on this link, where available protections are:
+.sp
+.ne 2
+.na
+\fBip-nospoof\fR
+.ad
+.sp .6
+.RS 4n
+Prevents sending from IPv4 and IPv6 addresses that have not been permitted
+over the NIC. Addresses can be learned dynamically (see \fBdynamic-methods\fR)
+or specified explicitly (see \fBallowed-ips\fR).
+.RE
+.sp
+.ne 2
+.na
+\fBdhcp-nospoof\fR
+.ad
+.sp .6
+.RS 4n
+Prevents sending DHCP packets whose client hardware address
+(CHADDR) field differs from the link-layer address, or from using a Client
+Identifier whose value cannot be confirmed to be derived from the link-layer
+address. Additional Client Identifiers can be permitted through the
+\fBallowed-dhcp-cids\fR and \fBallow-all-dhcp-cids\fR link properties.
+.RE
+.sp
+.ne 2
+.na
+\fBmac-nospoof\fR
+.ad
+.sp .6
+.RS 4n
+Prevents sending packets with a link-layer address that differs from the one
+associated with the NIC. Additional addresses to allow can be added using the
+\fBseconday-macs\fR property.
+.RE
+.sp
+.ne 2
+.na
+\fBrestricted\fR
+.ad
+.sp .6
+.RS 4n
+Prevents using a VLAN ID not associated with the NIC and sending packets that
+are not IPv4, IPv6 or ARP.
+.RE
+.RE
+
+.sp
+.ne 2
+.na
\fB\fBstp\fR\fR
.ad
.sp .6
@@ -5971,6 +6156,16 @@ Interface Stability Committed
\fBacctadm\fR(1M), \fBautopush\fR(1M), \fBifconfig\fR(1M), \fBipsecconf\fR(1M),
\fBndd\fR(1M), \fBpsrset\fR(1M), \fBwpad\fR(1M), \fBzonecfg\fR(1M),
\fBattributes\fR(5), \fBieee802.3\fR(5), \fBoverlay\fR(5), \fBdlpi\fR(7P)
+.sp
+.LP
+R. Droms, Ed., J. Bound, B. Volz, T. Lemon, C. Perkins, M. Carney. \fIRFC 3315:
+Dynamic Host Configuration Protocol for IPv6 (DHCPv6)\fR. The Internet Society.
+July 2003.
+.sp
+.LP
+T. Lemon, B. Sommerfeld. February 2006. \fIRFC 4361: Node-specific Client
+Identifiers for Dynamic Host Configuration Protocol Version Four (DHCPv4)\fR.
+The Internet Society. January 2006.
.SH NOTES
The preferred method of referring to an aggregation in the aggregation
subcommands is by its link name. Referring to an aggregation by its integer
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-10 01:02:04 +0000