diff options
Diffstat (limited to 'usr/src/man/man1m/dladm.1m')
| -rw-r--r-- | usr/src/man/man1m/dladm.1m | 608 |
1 files changed, 584 insertions, 24 deletions
diff --git a/usr/src/man/man1m/dladm.1m b/usr/src/man/man1m/dladm.1m index f84c147caf..ffe36dfa07 100644 --- a/usr/src/man/man1m/dladm.1m +++ b/usr/src/man/man1m/dladm.1m @@ -41,16 +41,16 @@ .\" .\" .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved -.\" Copyright 2016 Joyent, Inc. +.\" Copyright 2017 Joyent, Inc. .\" -.TH DLADM 1M "Dec 16, 2016" +.TH DLADM 1M "Dec 6, 2017" .SH NAME dladm \- administer data links .SH SYNOPSIS .LP .nf \fBdladm show-link\fR [\fB-P\fR] [\fB-s\fR [\fB-i\fR \fIinterval\fR]] [[\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fIlink\fR] -\fBdladm rename-link\fR [\fB-R\fR \fIroot-dir\fR] \fIlink\fR \fInew-link\fR +\fBdladm rename-link\fR [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fIlink\fR \fInew-link\fR .fi .LP @@ -133,9 +133,11 @@ dladm \- administer data links .LP .nf -\fBdladm set-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] \fB-p\fR \fIprop\fR=\fIvalue\fR[,...] \fIlink\fR -\fBdladm reset-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-p\fR \fIprop\fR[,...]] \fIlink\fR -\fBdladm show-linkprop\fR [\fB-P\fR] [[\fB-c\fR] \fB-o\fR \fIfield\fR[,...]] [\fB-p\fR \fIprop\fR[,...]] [\fIlink\fR] +\fBdladm set-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fB-p\fR \fIprop\fR=\fIvalue\fR[,...] + \fIlink\fR +\fBdladm reset-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] [\fB-p\fR \fIprop\fR[,...]] \fIlink\fR +\fBdladm show-linkprop\fR [\fB-P\fR] [\fB-z\fR \fIzonename\fR] [[\fB-c\fR] \fB-o\fR \fIfield\fR[,...]] + [\fB-p\fR \fIprop\fR[,...]] [\fIlink\fR] .fi .LP @@ -150,9 +152,9 @@ dladm \- administer data links \fBdladm create-vnic\fR [\fB-t\fR] \fB-l\fR \fIlink\fR [\fB-R\fR \fIroot-dir\fR] [\fB-m\fR \fIvalue\fR | auto | {factory \fB-n\fR \fIslot-identifier\fR]} | {random [\fB-r\fR \fIprefix\fR]}] [\fB-v\fR \fIvlan-id\fR] [\fB-p\fR \fIprop\fR=\fIvalue\fR[,...]] \fIvnic-link\fR -\fBdladm delete-vnic\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] \fIvnic-link\fR +\fBdladm delete-vnic\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fIvnic-link\fR \fBdladm show-vnic\fR [\fB-pP\fR] [\fB-s\fR [\fB-i\fR \fIinterval\fR]] [\fB-o\fR \fIfield\fR[,...]] - [\fB-l\fR \fIlink\fR] [\fIvnic-link\fR] + [\fB-l\fR \fIlink\fR] [\fB-z\fR \fIzonename\fR] [\fIvnic-link\fR] .fi .LP @@ -174,6 +176,14 @@ dladm \- administer data links .LP .nf +\fBdladm create-overlay\fR [\fB-t\fR] \fB-e\fR \fIencap\fR \fB-s\fR \fIsearch\fR \fB-v\fR \fIvnetid\fR [\fB-p\fR \fIprop\fR=\fIvalue\fR[,...]] \fIoverlay\fR +\fBdladm delete-overlay\fR \fIoverlay\fR +\fBdladm modify-overlay\fR \fB-d\fR \fImac\fR | \fB-f\fR | \fB-s\fR \fImac=ip:port\fR \fIoverlay\fR +\fBdladm show-overlay\fR [ \fB-f\fR | \fB-t\fR ] [[\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fIoverlay\fR] +.fi + +.LP +.nf \fBdladm show-usage\fR [\fB-a\fR] \fB-f\fR \fIfilename\fR [\fB-p\fR \fIplotfile\fR \fB-F\fR \fIformat\fR] [\fB-s\fR \fItime\fR] [\fB-e\fR \fItime\fR] [\fIlink\fR] .fi @@ -261,9 +271,9 @@ A WiFi datalink. .ad .sp .6 .RS 4n -A virtual network interface created on a link or an \fBetherstub\fR. It is a -pseudo device that can be treated as if it were an network interface card on a -machine. +A virtual network interface created on a link, an \fBetherstub\fR, or \fBan +overlay\fR. It is a pseudo device that can be treated as if it were an network +interface card on a machine. .RE .sp @@ -331,6 +341,20 @@ use any alphanumeric characters, as well as underscore (\fB_\fR), period characters. .RE +.sp +.ne 2 +.na +.B overlay +.ad +.sp .6 +.RS 4n +An overlay instance, identified by an administratively-chosen name. An overlay +can be used to create or join an existing software defined network. +VNICs created on an overlay will appear to be connected by a local virtual +switch and will also be connected to interfaces on matching overlays provided by +other hosts. For more information on overlay devices, see \fBoverlay\fR(5). +.RE + .SS "Options" .LP Each \fBdladm\fR subcommand has its own set of options. However, many of the @@ -434,6 +458,19 @@ A virtual network interface. The \fBshow-vnic\fR subcommand displays more detail for this class of datalink. .RE +.sp +.ne 2 +.na +\fB\fBoverlay\fR\fR +.ad +.sp .6 +.RS 4n +A virtual device that is used to create or join a software defined +network. The \fBshow-overlay\fR subcommand displays more detail for this +class of datalink. +.RE + + .RE .sp @@ -603,8 +640,7 @@ will be displayed only once. .sp .ne 2 .na -\fB\fBdladm rename-link\fR [\fB-R\fR \fIroot-dir\fR] \fIlink\fR -\fInew-link\fR\fR +\fB\fBdladm rename-link\fR [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fIlink\fR \fInew-link\fR\fR .ad .sp .6 .RS 4n @@ -622,6 +658,16 @@ examples of how this subcommand is used. See "Options," above. .RE +.sp +.ne 2 +.na +\fB\fB-z\fR \fIzonename\fR +.ad +.sp .6 +.RS 4n +A link assigned to a zone can only be renamed while the zone is in the ready state. +.RE + .RE .sp @@ -3227,8 +3273,7 @@ Extended output is displayed for \fBPTYPE\fR values of \fBcurrent\fR, .sp .ne 2 .na -\fB\fBdladm set-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] \fB-p\fR -\fIprop\fR=\fIvalue\fR[,...] \fIlink\fR\fR +\fB\fBdladm set-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fB-p\fR \fIprop\fR=\fIvalue\fR[,...] \fIlink\fR\fR .ad .sp .6 .RS 4n @@ -3260,6 +3305,16 @@ See "Options," above. .sp .ne 2 .na +\fB\fB-z\fR \fIzonename\fR +.ad +.sp .6 +.RS 4n +Operate on a link that has been delegated to the specified zone. +.RE + +.sp +.ne 2 +.na \fB\fB-p\fR \fIprop\fR=\fIvalue\fR[,...], \fB--prop\fR \fIprop\fR=\fIvalue\fR[,...]\fR .ad @@ -3279,8 +3334,7 @@ same value. .sp .ne 2 .na -\fB\fBdladm reset-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-p\fR -\fIprop\fR,...] \fIlink\fR\fR +\fB\fBdladm reset-linkprop\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] [\fB-p\fR \fIprop\fR,...] \fIlink\fR\fR .ad .sp .6 .RS 4n @@ -3312,6 +3366,16 @@ See "Options," above. .sp .ne 2 .na +\fB\fB-z\fR \fIzonename\fR +.ad +.sp .6 +.RS 4n +Operate on a link that has been delegated to the specified zone. +.RE + +.sp +.ne 2 +.na \fB\fB-p\fR \fIprop, ...\fR, \fB--prop\fR=\fIprop, ...\fR\fR .ad .sp .6 @@ -3326,8 +3390,7 @@ the same value. .sp .ne 2 .na -\fB\fBdladm show-linkprop\fR [\fB-P\fR] [[\fB-c\fR] \fB-o\fR -\fIfield\fR[,...]][\fB-p\fR \fIprop\fR[,...]] [\fIlink\fR]\fR +\fB\fBdladm show-linkprop\fR [\fB-P\fR] [\fB-z\fR \fIzonename\fR] [[\fB-c\fR] \fB-o\fR \fIfield\fR[,...]][\fB-p\fR \fIprop\fR[,...]] [\fIlink\fR]\fR .ad .sp .6 .RS 4n @@ -3445,6 +3508,16 @@ Display persistent link property information .sp .ne 2 .na +\fB\fB-z\fR \fIzonename\fR +.ad +.sp .6 +.RS 4n +Operate on a link that has been delegated to the specified zone. +.RE + +.sp +.ne 2 +.na \fB\fB-p\fR \fIprop, ...\fR, \fB--prop\fR=\fIprop, ...\fR\fR .ad .sp .6 @@ -3762,8 +3835,7 @@ A comma-separated list of properties to set to the specified values. .sp .ne 2 .na -\fB\fBdladm delete-vnic\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] -\fIvnic-link\fR\fR +\fB\fBdladm delete-vnic\fR [\fB-t\fR] [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzonename\fR] \fIvnic-link\fR\fR .ad .sp .6 .RS 4n @@ -3789,13 +3861,22 @@ next reboot. See "Options," above. .RE +.sp +.ne 2 +.na +\fB\fB-z\fR \fIzonename\fR +.ad +.sp .6 +.RS 4n +Operate on a link that has been delegated to the specified zone. +.RE + .RE .sp .ne 2 .na -\fB\fBdladm show-vnic\fR [\fB-pP\fR] [\fB-s\fR [\fB-i\fR \fIinterval\fR]] -[\fB-o\fR \fIfield\fR[,...]] [\fB-l\fR \fIlink\fR] [\fIvnic-link\fR]\fR +\fB\fBdladm show-vnic\fR [\fB-pP\fR] [\fB-s\fR [\fB-i\fR \fIinterval\fR]] [\fB-o\fR \fIfield\fR[,...]] [\fB-l\fR \fIlink\fR] [\fB-z\fR \fIzonename\fR] [\fIvnic-link\fR]\fR .ad .sp .6 .RS 4n @@ -3938,6 +4019,16 @@ will be displayed only once. Display information for all VNICs on the named link. .RE +.sp +.ne 2 +.na +\fB\fB-z\fR \fIzonename\fR +.ad +.sp .6 +.RS 4n +Operate on a link that has been delegated to the specified zone. +.RE + .RE .sp @@ -4355,6 +4446,349 @@ The tunnel destination address. .sp .ne 2 .na +\fBdladm create-overlay\fR \fB-e\fR \fIencap\fR \fB-s\fR \fIsearch\fR +\fB-v\fR \fIvnetid\fR [\fB-p\fR \fIprop\fR=\fIvalue\fR[,...]] \fIoverlay\fR +.ad +.sp .6 +.RS 4n +Create an overlay device named \fIoverlay\fR. +.sp +Overlay devices are similar to etherstubs. VNICs can be created on top +of them. However, unlike an etherstub which is local to the system, an +overlay device can be configured to communicate to remote hosts, +providing a means for network virtualization. The way in which it does +this is described by the encapsulation module and the search plugin. For +more information on these, see \fBoverlay\fR(5). +.sp +An overlay device has a series of required and optional properties. These +properties vary based upon the search and encapsulation modules and are fully +specified in \fBoverlay\fR(5). Not every property needs to be specified - some +have default values which will be used if nothing specific is specified. For +example, the default port for VXLAN comes from its IANA standard. If a +required property is missing, the command will fail and inform you of the +missing properties. +.sp +.ne 2 +.na +\fB\fB-t\fR, \fB--temporary\fR\fR +.ad +.sp .6 +.RS 4n +Specifies that the overlay is temporary. Temporary overlays last until +the next reboot. +.RE + +.sp +.ne 2 +.na +\fB-e\fR \fIencap\fR, \fB--encap\fR=\fIencap\fR +.ad +.sp .6 +.RS 4n +Use \fIencap\fR as the encapsulation plugin for the overlay device +\fIoverlay\fR. The encapsulation plugin determines how packets are transformed +before being put on the wire. +.RE + +.sp +.ne 2 +.na +\fB-s\fR \fIsearch\fR, \fB--search\fR=\fIsearch\fR +.ad +.sp .6 +.RS 4n +Use \fIsearch\fR as the search plugin for \fIoverlay\fR. The search plugin +determines how non-local targets are found and where packets are directed to. +.RE + +.sp +.ne 2 +.na +\fB\fB-p\fR \fIprop\fR=\fIvalue\fR,..., \fB--prop\fR +\fIprop\fR=\fIvalue\fR,...\fR +.ad +.sp .6 +.RS 4n +A comma-separated list of properties to set to the specified values. +.RE + +.sp +.ne 2 +.na +\fB-v\fR \fIvnetid\fR, \fB--vnetid\fR=\fIvnetid\fR +.ad +.sp .6 +.RS 4n +Sets the virtual networking identifier to \fIvnetid\fR. A virtual network +identifier determines is similar to a VLAN identifier, in that it identifies a +unique virtual network. All overlay devices on the system share the same space +for the virtual network identifier. However, the valid range of identifiers is +determined by the encapsulation plugin specified by \fB-e\fR. +.RE + +.RE + +.sp +.ne 2 +.na +\fBdladm delete-overlay\fR \fIoverlay\fR +.ad +.sp .6 +.RS 4n +Delete the specified overlay. This will fail if there are VNICs on top of the +device. +.RE + +.sp +.ne 2 +.na +\fBdladm modify-overlay\fR \fB-d\fR \fImac\fR | \fB-f\fR | \fB-s\fR \fImac=ip:port\fR \fIoverlay\fR +.ad +.sp .6 +.RS 4n +Modifies the target tables for the specified overlay. +.sp +The different options allow for different ways of modifying the target table. +One of \fB-d\fR, \fB-f\fR, and \fB-s\fR is required. This is not applicable for +all kinds of overlay devices. For more information, see \fBoverlay\fR(5). +.sp +.ne 2 +.na +\fB-d\fR \fImac\fR, \fB--delete-entry\fR=\fImac\fR +.ad +.sp .6 +.RS 4n +Deletes the entry for \fImac\fR from the target table for \fIoverlay\fR. Note, +if a lookup is pending or outstanding, this does not cancel it or stop it from +updating the value. +.RE + +.sp +.ne 2 +.na +\fB-f\fR, \fB--flush-table\fR +.ad +.sp .6 +.RS 4n +Flushes all values in the target table for \fIoverlay\fR. +.RE + +.sp +.ne 2 +.na +\fB-s\fR \fImac\fR=\fIvalue\fR, \fB--set-entry\fR=\fImac\fR=\fIvalue\fR +.ad +.sp .6 +.RS 4n +Sets the value of \fIoverlay\fR's target table entry for \fImac\fR to +the specified value. The specified value varies upon the encapsulation +plugin. The value may be a combination of a MAC address, IP address, +and port. Generally, this looks like +[\fImac\fR,][\fIIP\fR:][\fIport\fR]. If a component is the last one, +then there is no need for a separator. eg. if just the MAC address or +IP is needed, it would look like \fImac\fR and \fIIP\fR respectively. +.RE + +.RE + +.sp +.ne 2 +.na +\fBdladm show-overlay\fR [ \fB-f\fR | \fB-t\fR ] [[\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fIoverlay\fR] +.ad +.sp .6 +.RS 4n +Shows overlay configuration (the default), internal target tables (\fB-t\fR), or +the FMA state (\fB-f\fR), either for all overlays or the specified overlay. +.sp +By default (with neither \fB-f\fR or \fB-t\fR specified), the following fields +will be displayed: +.sp +.ne 2 +.na +\fB\fBLINK\fR\fR +.ad +.sp .6 +.RS 4n +The name of the overlay. +.RE + +.sp +.ne 2 +.na +\fB\fBPROPERTY\fR\fR +.ad +.sp .6 +.RS 4n +The name of the property. +.RE + +.sp +.ne 2 +.na +\fB\fBPERM\fR\fR +.ad +.sp .6 +.RS 4n +The read/write permissions of the property. The value shown is one of \fBr-\fR +or \fBrw\fR. +.RE + +.sp +.ne 2 +.na +\fB\fBVALUE\fR\fR +.ad +.sp .6 +.RS 4n +The current property value. If the value is not set, it is shown as \fB--\fR. +If it is unknown, the value is shown as \fB?\fR. +.RE + +.sp +.ne 2 +.na +\fB\fBDEFAULT\fR\fR +.ad +.sp .6 +.RS 4n +The default value of the property. If the property has no default value, +\fB--\fR is shown. +.RE + +.sp +.ne 2 +.na +\fB\fBPOSSIBLE\fR\fR +.ad +.sp .6 +.RS 4n +A comma-separated list of the values the property can have. If the values span +a numeric range, \fImin\fR - \fImax\fR might be shown as shorthand. If the +possible values are unknown or unbounded, \fB--\fR is shown. +.RE + +.sp +When the \fB-f\fR option is displayed, the following fields will be displayed: +.sp +.ne 2 +.na +\fB\fBLINK\fR\fR +.ad +.sp .6 +.RS 4n +The name of the overlay. +.RE + +.sp +.ne 2 +.na +\fB\fBSTATUS\fR\fR +.ad +.sp .6 +.RS 4n +Either \fBONLINE\fR or \fBDEGRADED\fR. +.RE + +.sp +.ne 2 +.na +\fB\fBDETAILS\fR\fR +.ad +.sp .6 +.RS 4n +When the \fBoverlay\fR's status is \fBONLINE\fR, then this has the value +\fB--\fR. Otherwise, when it is \fBDEGRADED\fR, this field provides a more +detailed explanation as to why it's degraded. +.RE + +.sp +When the \fB-t\fR option is displayed, the following fields will be displayed: +.sp +.ne 2 +.na +\fB\fBLINK\fR\fR +.ad +.sp .6 +.RS 4n +The name of the overlay. +.RE + +.sp +.ne 2 +.na +\fB\fBTARGET\fR\fR +.ad +.sp .6 +.RS 4n +The target MAC address of a table entry. +.RE + +.sp +.ne 2 +.na +\fB\fBDESTINATION\fR\fR +.ad +.sp .6 +.RS 4n +The address that an encapsulated packet will be sent to when a packet has the +address specified by \fBTARGET\fR. +.RE + +The \fBshow-overlay\fR command supports the following options: + +.sp +.ne 2 +.na +\fB-f\fR, \fB--fma\fR +.ad +.sp .6 +.RS 4n +Displays information about an overlay device's FMA state. For more +information on the target table, see \fBoverlay\fR(5). +.RE + +.sp +.ne 2 +.na +\fB\fB-o\fR \fIfield\fR[,...], \fB--output\fR=\fIfield\fR\fR +.ad +.sp .6 +.RS 4n +A case-insensitive, comma-separated list of output fields to display. The field +name must be one of the fields listed above, or the special value \fBall\fR, to +display all fields. The fields applicable to the \fB-o\fR option are limited to +those listed under each output mode. For example, if using \fB-L\fR, only the +fields listed under \fB-L\fR, above, can be used with \fB-o\fR. +.RE + +.sp +.ne 2 +.na +\fB\fB-p\fR, \fB--parsable\fR\fR +.ad +.sp .6 +.RS 4n +Display using a stable machine-parsable format. The \fB-o\fR option is +required with \fB-p\fR. See "Parsable Output Format", below. +.RE + +.sp +.ne 2 +.na +\fB-t\fR, \fB--target\fR +.ad +.sp .6 +.RS 4n +Displays information about an overlay device's target table. For more +information on the target table, see \fBoverlay\fR(5). +.RE + +.RE + +.sp +.ne 2 +.na \fB\fBdladm show-usage\fR [\fB-a\fR] \fB-f\fR \fIfilename\fR [\fB-p\fR \fIplotfile\fR \fB-F\fR \fIformat\fR] [\fB-s\fR \fItime\fR] [\fB-e\fR \fItime\fR] [\fIlink\fR]\fR @@ -4459,6 +4893,43 @@ The following general link properties are supported: .sp .ne 2 .na +\fB\fBallow-all-dhcp-cids\fR\fR +.ad +.sp .6 +.RS 4n +One of \fBtrue\fR or \fBfalse\fR, to indicate whether or not all DHCP Client +Identifiers should be permitted on this interface when DHCP spoofing protection +is being used. This can be useful in cases where a DHCP client is using RFC +4361-style Client Identifiers, which are based on a value that is opaque to the +Global Zone, but enforcement of MAC addresses in DHCP packets is still desired. +.RE + +.sp +.ne 2 +.na +\fB\fBallowed-dhcp-cids\fR\fR +.ad +.sp .6 +.RS 4n +A comma-separated list of DHCP Client Identifiers that are allowed on the +interface. +.sp +Client identifiers can be written in three different formats: a string of +hexadecimal characters prefixed by \fB0x\fR, indicating the exact bytes used in +the Client Identifier; an RFC 3315 DUID of the form +"1.<hardware\ type>.<time>.<link-layer\ address>" (DUID-LLT), +"2.<enterprise\ number>.<hex\ string>" (DUID-EN), or +"3.<hardware\ type>.<link-layer\ address>" (DUID-LL); or a string of characters +whose byte values should be used as the Client Identifier. +.sp +When specifying a string of hexadecimal characters prefixed by \fB0x\fR or as +part of a DUID-EN string, an even number of hexadecimal characters must be +provided in order to fully specify each byte. +.RE + +.sp +.ne 2 +.na \fB\fBallowed-ips\fR\fR .ad .sp .6 @@ -4520,6 +4991,24 @@ is not bound to any specific processor or processor set. .sp .ne 2 .na +\fB\fBdynamic-methods\fR\fR +.ad +.sp .6 +.RS 4n +When using IP spoofing protection (see \fBprotection\fR), addresses can be +learned dynamically by monitoring certain network traffic, like DHCP +transactions or IPv6 Stateless Address Autoconfiguration (SLAAC). By default, +all learning methods are permitted, but if \fBallowed-ips\fR contains any +addresses, then all methods are disabled, and any packets sent from addresses +previously learned will be dropped. This property allows selecting which ones +are re-enabled, where valid options are \fBdhcpv4\fR, \fBdhcpv6\fR, and +\fBslaac\fR. \fBaddrconf\fR is available as an alias for enabling both +\fBdhcpv6\fR and \fBslaac\fR. +.RE + +.sp +.ne 2 +.na \fB\fBlearn_limit\fR\fR .ad .sp .6 @@ -4572,6 +5061,67 @@ tokens \fBhigh\fR, \fBmedium\fR, or \fBlow\fR. The default is \fBhigh\fR. .sp .ne 2 .na +\fB\fBprotection\fR\fR +.ad +.sp .6 +.RS 4n +This property enables various forms of link protections, which prevent sending +applicable traffic out of this link. Note that since this enforcement happens +late in the networking stack, some observability tools like \fBsnoop\fR(1M) may +still see dropped outbound packets. + +This property should be set to a comma-separated list of protections to enable +on this link, where available protections are: +.sp +.ne 2 +.na +\fBip-nospoof\fR +.ad +.sp .6 +.RS 4n +Prevents sending from IPv4 and IPv6 addresses that have not been permitted +over the NIC. Addresses can be learned dynamically (see \fBdynamic-methods\fR) +or specified explicitly (see \fBallowed-ips\fR). +.RE +.sp +.ne 2 +.na +\fBdhcp-nospoof\fR +.ad +.sp .6 +.RS 4n +Prevents sending DHCP packets whose client hardware address +(CHADDR) field differs from the link-layer address, or from using a Client +Identifier whose value cannot be confirmed to be derived from the link-layer +address. Additional Client Identifiers can be permitted through the +\fBallowed-dhcp-cids\fR and \fBallow-all-dhcp-cids\fR link properties. +.RE +.sp +.ne 2 +.na +\fBmac-nospoof\fR +.ad +.sp .6 +.RS 4n +Prevents sending packets with a link-layer address that differs from the one +associated with the NIC. Additional addresses to allow can be added using the +\fBseconday-macs\fR property. +.RE +.sp +.ne 2 +.na +\fBrestricted\fR +.ad +.sp .6 +.RS 4n +Prevents using a VLAN ID not associated with the NIC and sending packets that +are not IPv4, IPv6 or ARP. +.RE +.RE + +.sp +.ne 2 +.na \fB\fBstp\fR\fR .ad .sp .6 @@ -5530,7 +6080,17 @@ Interface Stability Committed .LP \fBacctadm\fR(1M), \fBautopush\fR(1M), \fBifconfig\fR(1M), \fBipsecconf\fR(1M), \fBndd\fR(1M), \fBpsrset\fR(1M), \fBwpad\fR(1M), \fBzonecfg\fR(1M), -\fBattributes\fR(5), \fBieee802.3\fR(5), \fBdlpi\fR(7P) +\fBattributes\fR(5), \fBieee802.3\fR(5), \fBoverlay\fR(5), \fBdlpi\fR(7P) +.sp +.LP +R. Droms, Ed., J. Bound, B. Volz, T. Lemon, C. Perkins, M. Carney. \fIRFC 3315: +Dynamic Host Configuration Protocol for IPv6 (DHCPv6)\fR. The Internet Society. +July 2003. +.sp +.LP +T. Lemon, B. Sommerfeld. February 2006. \fIRFC 4361: Node-specific Client +Identifiers for Dynamic Host Configuration Protocol Version Four (DHCPv4)\fR. +The Internet Society. January 2006. .SH NOTES .LP The preferred method of referring to an aggregation in the aggregation |