View | Details | Raw Unified | Return to bug 238580 | Differences between
and this patch

Collapse All | Expand All

(-)sbin/ifconfig/carp.c (-4 / +13 lines)
Lines 1-227 Link Here
1
/*	$FreeBSD$ */
1
/*	$FreeBSD$ */
2
/*	from $OpenBSD: ifconfig.c,v 1.82 2003/10/19 05:43:35 mcbride Exp $ */
2
/*	from $OpenBSD: ifconfig.c,v 1.82 2003/10/19 05:43:35 mcbride Exp $ */
3
3
4
/*-
4
/*-
5
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
5
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
6
 *
6
 *
7
 * Copyright (c) 2002 Michael Shalayeff. All rights reserved.
7
 * Copyright (c) 2002 Michael Shalayeff. All rights reserved.
8
 * Copyright (c) 2003 Ryan McBride. All rights reserved.
8
 * Copyright (c) 2003 Ryan McBride. All rights reserved.
9
 *
9
 *
10
 * Redistribution and use in source and binary forms, with or without
10
 * Redistribution and use in source and binary forms, with or without
11
 * modification, are permitted provided that the following conditions
11
 * modification, are permitted provided that the following conditions
12
 * are met:
12
 * are met:
13
 * 1. Redistributions of source code must retain the above copyright
13
 * 1. Redistributions of source code must retain the above copyright
14
 *    notice, this list of conditions and the following disclaimer.
14
 *    notice, this list of conditions and the following disclaimer.
15
 * 2. Redistributions in binary form must reproduce the above copyright
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in the
16
 *    notice, this list of conditions and the following disclaimer in the
17
 *    documentation and/or other materials provided with the distribution.
17
 *    documentation and/or other materials provided with the distribution.
18
 *
18
 *
19
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22
 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
22
 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
23
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
25
 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25
 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
28
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
29
 * THE POSSIBILITY OF SUCH DAMAGE.
29
 * THE POSSIBILITY OF SUCH DAMAGE.
30
 */
30
 */
31
31
32
#include <sys/param.h>
32
#include <sys/param.h>
33
#include <sys/ioctl.h>
33
#include <sys/ioctl.h>
34
#include <sys/socket.h>
34
#include <sys/socket.h>
35
#include <sys/sockio.h>
35
#include <sys/sockio.h>
36
36
37
#include <stdlib.h>
37
#include <stdlib.h>
38
#include <unistd.h>
38
#include <unistd.h>
39
39
40
#include <net/if.h>
40
#include <net/if.h>
41
#include <netinet/in.h>
41
#include <netinet/in.h>
42
#include <netinet/in_var.h>
42
#include <netinet/in_var.h>
43
#include <netinet/ip_carp.h>
43
#include <netinet/ip_carp.h>
44
44
45
#include <ctype.h>
45
#include <ctype.h>
46
#include <stdio.h>
46
#include <stdio.h>
47
#include <string.h>
47
#include <string.h>
48
#include <stdlib.h>
48
#include <stdlib.h>
49
#include <unistd.h>
49
#include <unistd.h>
50
#include <err.h>
50
#include <err.h>
51
#include <errno.h>
51
#include <errno.h>
52
52
53
#include "ifconfig.h"
53
#include "ifconfig.h"
54
54
55
static const char *carp_states[] = { CARP_STATES };
55
static const char *carp_states[] = { CARP_STATES };
56
56
57
static void carp_status(int s);
57
static void carp_status(int s);
58
static void setcarp_vhid(const char *, int, int, const struct afswtch *rafp);
58
static void setcarp_vhid(const char *, int, int, const struct afswtch *rafp);
59
static void setcarp_callback(int, void *);
59
static void setcarp_callback(int, void *);
60
static void setcarp_advbase(const char *,int, int, const struct afswtch *rafp);
60
static void setcarp_advbase(const char *,int, int, const struct afswtch *rafp);
61
static void setcarp_advskew(const char *, int, int, const struct afswtch *rafp);
61
static void setcarp_advskew(const char *, int, int, const struct afswtch *rafp);
62
static void setcarp_passwd(const char *, int, int, const struct afswtch *rafp);
62
static void setcarp_passwd(const char *, int, int, const struct afswtch *rafp);
63
63
64
static int carpr_vhid = -1;
64
static int carpr_vhid = -1;
65
static int carpr_advskew = -1;
65
static int carpr_advskew = -1;
66
static int carpr_advbase = -1;
66
static int carpr_advbase = -1;
67
static int carpr_state = -1;
67
static int carpr_state = -1;
68
static unsigned char const *carpr_key;
68
static unsigned char const *carpr_key;
69
69
70
static void
70
static void
71
carp_status(int s)
71
carp_status(int s)
72
{
72
{
73
	struct carpreq carpr[CARP_MAXVHID];
73
	struct carpreq carpr[CARP_MAXVHID];
74
	int i;
74
	int i;
75
75
76
	bzero(carpr, sizeof(struct carpreq) * CARP_MAXVHID);
76
	bzero(carpr, sizeof(struct carpreq) * CARP_MAXVHID);
77
	carpr[0].carpr_count = CARP_MAXVHID;
77
	carpr[0].carpr_count = CARP_MAXVHID;
78
	ifr.ifr_data = (caddr_t)&carpr;
78
	ifr.ifr_data = (caddr_t)&carpr;
79
79
80
	if (ioctl(s, SIOCGVH, (caddr_t)&ifr) == -1)
80
	if (ioctl(s, SIOCGVH, (caddr_t)&ifr) == -1)
81
		return;
81
		return;
82
82
83
	for (i = 0; i < carpr[0].carpr_count; i++) {
83
	for (i = 0; i < carpr[0].carpr_count; i++) {
84
		printf("\tcarp: %s vhid %d advbase %d advskew %d",
84
		printf("\tcarp: %s vhid %d advbase %d advskew %d",
85
		    carp_states[carpr[i].carpr_state], carpr[i].carpr_vhid,
85
		    carp_states[carpr[i].carpr_state], carpr[i].carpr_vhid,
86
		    carpr[i].carpr_advbase, carpr[i].carpr_advskew);
86
		    carpr[i].carpr_advbase, carpr[i].carpr_advskew);
87
		if (printkeys && carpr[i].carpr_key[0] != '\0')
87
		if (printkeys && carpr[i].carpr_key[0] != '\0')
88
			printf(" key \"%s\"\n", carpr[i].carpr_key);
88
			printf(" key \"%s\"\n", carpr[i].carpr_key);
89
		else
89
		else
90
			printf("\n");
90
			printf("\n");
91
	}
91
	}
92
}
92
}
93
93
94
static void
94
static void
95
setcarp_vhid(const char *val, int d, int s, const struct afswtch *afp)
95
setcarp_vhid(const char *val, int d, int s, const struct afswtch *afp)
96
{
96
{
97
97
98
	carpr_vhid = atoi(val);
98
	carpr_vhid = atoi(val);
99
99
100
	if (carpr_vhid <= 0 || carpr_vhid > CARP_MAXVHID)
100
	if (carpr_vhid <= 0 || carpr_vhid > CARP_MAXVHID)
101
		errx(1, "vhid must be greater than 0 and less than %u",
101
		errx(1, "vhid must be greater than 0 and less than %u",
102
		    CARP_MAXVHID);
102
		    CARP_MAXVHID);
103
103
104
	switch (afp->af_af) {
104
	switch (afp->af_af) {
105
#ifdef INET
105
#ifdef INET
106
	case AF_INET:
106
	case AF_INET:
107
	    {
107
	    {
108
		struct in_aliasreq *ifra;
108
		struct in_aliasreq *ifra;
109
109
110
		ifra = (struct in_aliasreq *)afp->af_addreq;
110
		ifra = (struct in_aliasreq *)afp->af_addreq;
111
		ifra->ifra_vhid = carpr_vhid;
111
		ifra->ifra_vhid = carpr_vhid;
112
		break;
112
		break;
113
	    }
113
	    }
114
#endif
114
#endif
115
#ifdef INET6
115
#ifdef INET6
116
	case AF_INET6:
116
	case AF_INET6:
117
	    {
117
	    {
118
		struct in6_aliasreq *ifra;
118
		struct in6_aliasreq *ifra;
119
119
120
		ifra = (struct in6_aliasreq *)afp->af_addreq;
120
		ifra = (struct in6_aliasreq *)afp->af_addreq;
121
		ifra->ifra_vhid = carpr_vhid;
121
		ifra->ifra_vhid = carpr_vhid;
122
		break;
122
		break;
123
	    }
123
	    }
124
#endif
124
#endif
125
	default:
125
	default:
126
		errx(1, "%s doesn't support carp(4)", afp->af_name);
126
		errx(1, "%s doesn't support carp(4)", afp->af_name);
127
	}
127
	}
128
128
129
	callback_register(setcarp_callback, NULL);
129
	callback_register(setcarp_callback, NULL);
130
}
130
}
131
131
132
static void
132
static void
133
setcarp_callback(int s, void *arg __unused)
133
setcarp_callback(int s, void *arg __unused)
134
{
134
{
135
	struct carpreq carpr;
135
	struct carpreq carpr;
136
136
137
	bzero(&carpr, sizeof(struct carpreq));
137
	bzero(&carpr, sizeof(struct carpreq));
138
	carpr.carpr_vhid = carpr_vhid;
138
	carpr.carpr_vhid = carpr_vhid;
139
	carpr.carpr_count = 1;
139
	carpr.carpr_count = 1;
140
	ifr.ifr_data = (caddr_t)&carpr;
140
	ifr.ifr_data = (caddr_t)&carpr;
141
141
142
	if (ioctl(s, SIOCGVH, (caddr_t)&ifr) == -1 && errno != ENOENT)
142
	if (ioctl(s, SIOCGVH, (caddr_t)&ifr) == -1 && errno != ENOENT)
143
		err(1, "SIOCGVH");
143
		err(1, "SIOCGVH");
144
144
145
	if (carpr_key != NULL)
145
	if (carpr_key != NULL)
146
		/* XXX Should hash the password into the key here? */
146
		/* XXX Should hash the password into the key here? */
147
		strlcpy(carpr.carpr_key, carpr_key, CARP_KEY_LEN);
147
		strlcpy(carpr.carpr_key, carpr_key, CARP_KEY_LEN);
148
	if (carpr_advskew > -1)
148
	if (carpr_advskew > -1)
149
		carpr.carpr_advskew = carpr_advskew;
149
		carpr.carpr_advskew = carpr_advskew;
150
	if (carpr_advbase > -1)
150
	if (carpr_advbase > -1)
151
		carpr.carpr_advbase = carpr_advbase;
151
		carpr.carpr_advbase = carpr_advbase;
152
	if (carpr_state > -1)
152
	if (carpr_state > -1)
153
		carpr.carpr_state = carpr_state;
153
		carpr.carpr_state = carpr_state;
154
154
155
	if (ioctl(s, SIOCSVH, (caddr_t)&ifr) == -1)
155
	if (ioctl(s, SIOCSVH, (caddr_t)&ifr) == -1)
156
		err(1, "SIOCSVH");
156
		err(1, "SIOCSVH");
157
}
157
}
158
158
159
static void
159
static void
160
setcarp_passwd(const char *val, int d, int s, const struct afswtch *afp)
160
setcarp_passwd(const char *val, int d, int s, const struct afswtch *afp)
161
{
161
{
162
162
163
	if (carpr_vhid == -1)
163
	if (carpr_vhid == -1)
164
		errx(1, "passwd requires vhid");
164
		errx(1, "pass requires vhid (must come first)");
165
165
166
	carpr_key = val;
166
	carpr_key = val;
167
}
167
}
168
168
169
static void
169
static void
170
setcarp_advskew(const char *val, int d, int s, const struct afswtch *afp)
170
setcarp_advskew(const char *val, int d, int s, const struct afswtch *afp)
171
{
171
{
172
172
173
	if (carpr_vhid == -1)
173
	if (carpr_vhid == -1)
174
		errx(1, "advskew requires vhid");
174
		errx(1, "advskew requires vhid (must come first)");
175
175
176
	carpr_advskew = atoi(val);
176
	carpr_advskew = atoi(val);
177
178
	if (carpr_advskew < 0 || carpr_advskew > CARP_MAXSKEW)
179
		errx(1, "advskew must be something between 0 and %u",
180
			CARP_MAXSKEW);
181
177
}
182
}
178
183
179
static void
184
static void
180
setcarp_advbase(const char *val, int d, int s, const struct afswtch *afp)
185
setcarp_advbase(const char *val, int d, int s, const struct afswtch *afp)
181
{
186
{
182
187
183
	if (carpr_vhid == -1)
188
	if (carpr_vhid == -1)
184
		errx(1, "advbase requires vhid");
189
		errx(1, "advbase requires vhid (must come first)");
185
190
186
	carpr_advbase = atoi(val);
191
	carpr_advbase = atoi(val);
192
193
	if (carpr_advbase < CARP_DFLTINTV || carpr_advbase > 255)
194
		errx(1, "advbase must be greater than 0 and less than 256");
195
187
}
196
}
188
197
189
static void
198
static void
190
setcarp_state(const char *val, int d, int s, const struct afswtch *afp)
199
setcarp_state(const char *val, int d, int s, const struct afswtch *afp)
191
{
200
{
192
	int i;
201
	int i;
193
202
194
	if (carpr_vhid == -1)
203
	if (carpr_vhid == -1)
195
		errx(1, "state requires vhid");
204
		errx(1, "state requires vhid (must come first)");
196
205
197
	for (i = 0; i <= CARP_MAXSTATE; i++)
206
	for (i = 0; i <= CARP_MAXSTATE; i++)
198
		if (strcasecmp(carp_states[i], val) == 0) {
207
		if (strcasecmp(carp_states[i], val) == 0) {
199
			carpr_state = i;
208
			carpr_state = i;
200
			return;
209
			return;
201
		}
210
		}
202
211
203
	errx(1, "unknown state");
212
	errx(1, "unknown state");
204
}
213
}
205
214
206
static struct cmd carp_cmds[] = {
215
static struct cmd carp_cmds[] = {
207
	DEF_CMD_ARG("advbase",	setcarp_advbase),
216
	DEF_CMD_ARG("advbase",	setcarp_advbase),
208
	DEF_CMD_ARG("advskew",	setcarp_advskew),
217
	DEF_CMD_ARG("advskew",	setcarp_advskew),
209
	DEF_CMD_ARG("pass",	setcarp_passwd),
218
	DEF_CMD_ARG("pass",	setcarp_passwd),
210
	DEF_CMD_ARG("vhid",	setcarp_vhid),
219
	DEF_CMD_ARG("vhid",	setcarp_vhid),
211
	DEF_CMD_ARG("state",	setcarp_state),
220
	DEF_CMD_ARG("state",	setcarp_state),
212
};
221
};
213
static struct afswtch af_carp = {
222
static struct afswtch af_carp = {
214
	.af_name	= "af_carp",
223
	.af_name	= "af_carp",
215
	.af_af		= AF_UNSPEC,
224
	.af_af		= AF_UNSPEC,
216
	.af_other_status = carp_status,
225
	.af_other_status = carp_status,
217
};
226
};
218
227
219
static __constructor void
228
static __constructor void
220
carp_ctor(void)
229
carp_ctor(void)
221
{
230
{
222
	int i;
231
	int i;
223
232
224
	for (i = 0; i < nitems(carp_cmds);  i++)
233
	for (i = 0; i < nitems(carp_cmds);  i++)
225
		cmd_register(&carp_cmds[i]);
234
		cmd_register(&carp_cmds[i]);
226
	af_register(&af_carp);
235
	af_register(&af_carp);
227
}
236
}
(-)sbin/ifconfig/ifconfig.8 (-1 / +1 lines)
Lines 1-3044 Link Here
1
.\" Copyright (c) 1983, 1991, 1993
1
.\" Copyright (c) 1983, 1991, 1993
2
.\"	The Regents of the University of California.  All rights reserved.
2
.\"	The Regents of the University of California.  All rights reserved.
3
.\"
3
.\"
4
.\" Redistribution and use in source and binary forms, with or without
4
.\" Redistribution and use in source and binary forms, with or without
5
.\" modification, are permitted provided that the following conditions
5
.\" modification, are permitted provided that the following conditions
6
.\" are met:
6
.\" are met:
7
.\" 1. Redistributions of source code must retain the above copyright
7
.\" 1. Redistributions of source code must retain the above copyright
8
.\"    notice, this list of conditions and the following disclaimer.
8
.\"    notice, this list of conditions and the following disclaimer.
9
.\" 2. Redistributions in binary form must reproduce the above copyright
9
.\" 2. Redistributions in binary form must reproduce the above copyright
10
.\"    notice, this list of conditions and the following disclaimer in the
10
.\"    notice, this list of conditions and the following disclaimer in the
11
.\"    documentation and/or other materials provided with the distribution.
11
.\"    documentation and/or other materials provided with the distribution.
12
.\" 3. Neither the name of the University nor the names of its contributors
12
.\" 3. Neither the name of the University nor the names of its contributors
13
.\"    may be used to endorse or promote products derived from this software
13
.\"    may be used to endorse or promote products derived from this software
14
.\"    without specific prior written permission.
14
.\"    without specific prior written permission.
15
.\"
15
.\"
16
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
16
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
19
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26
.\" SUCH DAMAGE.
26
.\" SUCH DAMAGE.
27
.\"
27
.\"
28
.\"     From: @(#)ifconfig.8	8.3 (Berkeley) 1/5/94
28
.\"     From: @(#)ifconfig.8	8.3 (Berkeley) 1/5/94
29
.\" $FreeBSD$
29
.\" $FreeBSD$
30
.\"
30
.\"
31
.Dd May 18, 2019
31
.Dd May 18, 2019
32
.Dt IFCONFIG 8
32
.Dt IFCONFIG 8
33
.Os
33
.Os
34
.Sh NAME
34
.Sh NAME
35
.Nm ifconfig
35
.Nm ifconfig
36
.Nd configure network interface parameters
36
.Nd configure network interface parameters
37
.Sh SYNOPSIS
37
.Sh SYNOPSIS
38
.Nm
38
.Nm
39
.Op Fl f Ar type:format Ns Op Ar ,type:format
39
.Op Fl f Ar type:format Ns Op Ar ,type:format
40
.Op Fl L
40
.Op Fl L
41
.Op Fl k
41
.Op Fl k
42
.Op Fl m
42
.Op Fl m
43
.Op Fl n
43
.Op Fl n
44
.Ar interface
44
.Ar interface
45
.Op Cm create
45
.Op Cm create
46
.Ar address_family
46
.Ar address_family
47
.Oo
47
.Oo
48
.Ar address
48
.Ar address
49
.Op Ar dest_address
49
.Op Ar dest_address
50
.Oc
50
.Oc
51
.Op Ar parameters
51
.Op Ar parameters
52
.Nm
52
.Nm
53
.Ar interface
53
.Ar interface
54
.Cm destroy
54
.Cm destroy
55
.Nm
55
.Nm
56
.Fl a
56
.Fl a
57
.Op Fl L
57
.Op Fl L
58
.Op Fl d
58
.Op Fl d
59
.Op Fl m
59
.Op Fl m
60
.Op Fl u
60
.Op Fl u
61
.Op Fl v
61
.Op Fl v
62
.Op Ar address_family
62
.Op Ar address_family
63
.Nm
63
.Nm
64
.Fl l
64
.Fl l
65
.Op Fl d
65
.Op Fl d
66
.Op Fl u
66
.Op Fl u
67
.Op Ar address_family
67
.Op Ar address_family
68
.Nm
68
.Nm
69
.Op Fl L
69
.Op Fl L
70
.Op Fl d
70
.Op Fl d
71
.Op Fl k
71
.Op Fl k
72
.Op Fl m
72
.Op Fl m
73
.Op Fl u
73
.Op Fl u
74
.Op Fl v
74
.Op Fl v
75
.Op Fl C
75
.Op Fl C
76
.Nm
76
.Nm
77
.Op Fl g Ar groupname
77
.Op Fl g Ar groupname
78
.Sh DESCRIPTION
78
.Sh DESCRIPTION
79
The
79
The
80
.Nm
80
.Nm
81
utility is used to assign an address
81
utility is used to assign an address
82
to a network interface and/or configure
82
to a network interface and/or configure
83
network interface parameters.
83
network interface parameters.
84
The
84
The
85
.Nm
85
.Nm
86
utility must be used at boot time to define the network address
86
utility must be used at boot time to define the network address
87
of each interface present on a machine; it may also be used at
87
of each interface present on a machine; it may also be used at
88
a later time to redefine an interface's address
88
a later time to redefine an interface's address
89
or other operating parameters.
89
or other operating parameters.
90
.Pp
90
.Pp
91
The following options are available:
91
The following options are available:
92
.Bl -tag -width indent
92
.Bl -tag -width indent
93
.It Ar address
93
.It Ar address
94
For the
94
For the
95
.Tn DARPA Ns -Internet
95
.Tn DARPA Ns -Internet
96
family,
96
family,
97
the address is either a host name present in the host name data
97
the address is either a host name present in the host name data
98
base,
98
base,
99
.Xr hosts 5 ,
99
.Xr hosts 5 ,
100
or a
100
or a
101
.Tn DARPA
101
.Tn DARPA
102
Internet address expressed in the Internet standard
102
Internet address expressed in the Internet standard
103
.Dq dot notation .
103
.Dq dot notation .
104
.Pp
104
.Pp
105
It is also possible to use the CIDR notation (also known as the
105
It is also possible to use the CIDR notation (also known as the
106
slash notation) to include the netmask.
106
slash notation) to include the netmask.
107
That is, one can specify an address like
107
That is, one can specify an address like
108
.Li 192.168.0.1/16 .
108
.Li 192.168.0.1/16 .
109
.Pp
109
.Pp
110
For the
110
For the
111
.Dq inet6
111
.Dq inet6
112
family, it is also possible to specify the prefix length using the slash
112
family, it is also possible to specify the prefix length using the slash
113
notation, like
113
notation, like
114
.Li ::1/128 .
114
.Li ::1/128 .
115
See the
115
See the
116
.Cm prefixlen
116
.Cm prefixlen
117
parameter below for more information.
117
parameter below for more information.
118
.\" For the Xerox Network Systems(tm) family,
118
.\" For the Xerox Network Systems(tm) family,
119
.\" addresses are
119
.\" addresses are
120
.\" .Ar net:a.b.c.d.e.f ,
120
.\" .Ar net:a.b.c.d.e.f ,
121
.\" where
121
.\" where
122
.\" .Ar net
122
.\" .Ar net
123
.\" is the assigned network number (in decimal),
123
.\" is the assigned network number (in decimal),
124
.\" and each of the six bytes of the host number,
124
.\" and each of the six bytes of the host number,
125
.\" .Ar a
125
.\" .Ar a
126
.\" through
126
.\" through
127
.\" .Ar f ,
127
.\" .Ar f ,
128
.\" are specified in hexadecimal.
128
.\" are specified in hexadecimal.
129
.\" The host number may be omitted on IEEE 802 protocol
129
.\" The host number may be omitted on IEEE 802 protocol
130
.\" (Ethernet, FDDI, and Token Ring) interfaces,
130
.\" (Ethernet, FDDI, and Token Ring) interfaces,
131
.\" which use the hardware physical address,
131
.\" which use the hardware physical address,
132
.\" and on interfaces other than the first.
132
.\" and on interfaces other than the first.
133
.\" For the
133
.\" For the
134
.\" .Tn ISO
134
.\" .Tn ISO
135
.\" family, addresses are specified as a long hexadecimal string,
135
.\" family, addresses are specified as a long hexadecimal string,
136
.\" as in the Xerox family.
136
.\" as in the Xerox family.
137
.\" However, two consecutive dots imply a zero
137
.\" However, two consecutive dots imply a zero
138
.\" byte, and the dots are optional, if the user wishes to (carefully)
138
.\" byte, and the dots are optional, if the user wishes to (carefully)
139
.\" count out long strings of digits in network byte order.
139
.\" count out long strings of digits in network byte order.
140
.Pp
140
.Pp
141
The link-level
141
The link-level
142
.Pq Dq link
142
.Pq Dq link
143
address
143
address
144
is specified as a series of colon-separated hex digits.
144
is specified as a series of colon-separated hex digits.
145
This can be used to, for example,
145
This can be used to, for example,
146
set a new MAC address on an Ethernet interface, though the
146
set a new MAC address on an Ethernet interface, though the
147
mechanism used is not Ethernet specific.
147
mechanism used is not Ethernet specific.
148
Use the
148
Use the
149
.Pq Dq random
149
.Pq Dq random
150
keyword to set a randomly generated MAC address.
150
keyword to set a randomly generated MAC address.
151
A randomly-generated MAC address might be the same as one already in use
151
A randomly-generated MAC address might be the same as one already in use
152
in the network.
152
in the network.
153
Such duplications are extremely unlikely.
153
Such duplications are extremely unlikely.
154
If the interface is already
154
If the interface is already
155
up when this option is used, it will be briefly brought down and
155
up when this option is used, it will be briefly brought down and
156
then brought back up again in order to ensure that the receive
156
then brought back up again in order to ensure that the receive
157
filter in the underlying Ethernet hardware is properly reprogrammed.
157
filter in the underlying Ethernet hardware is properly reprogrammed.
158
.It Ar address_family
158
.It Ar address_family
159
Specify the
159
Specify the
160
address family
160
address family
161
which affects interpretation of the remaining parameters.
161
which affects interpretation of the remaining parameters.
162
Since an interface can receive transmissions in differing protocols
162
Since an interface can receive transmissions in differing protocols
163
with different naming schemes, specifying the address family is recommended.
163
with different naming schemes, specifying the address family is recommended.
164
The address or protocol families currently
164
The address or protocol families currently
165
supported are
165
supported are
166
.Dq inet ,
166
.Dq inet ,
167
.Dq inet6 ,
167
.Dq inet6 ,
168
and
168
and
169
.Dq link .
169
.Dq link .
170
The default if available is
170
The default if available is
171
.Dq inet
171
.Dq inet
172
or otherwise
172
or otherwise
173
.Dq link .
173
.Dq link .
174
.Dq ether
174
.Dq ether
175
and
175
and
176
.Dq lladdr
176
.Dq lladdr
177
are synonyms for
177
are synonyms for
178
.Dq link .
178
.Dq link .
179
When using the
179
When using the
180
.Fl l
180
.Fl l
181
flag, the
181
flag, the
182
.Dq ether
182
.Dq ether
183
address family has special meaning and is no longer synonymous with
183
address family has special meaning and is no longer synonymous with
184
.Dq link
184
.Dq link
185
or
185
or
186
.Dq lladdr .
186
.Dq lladdr .
187
Specifying
187
Specifying
188
.Fl l Dq ether
188
.Fl l Dq ether
189
will list only Ethernet interfaces, excluding all other interface types,
189
will list only Ethernet interfaces, excluding all other interface types,
190
including the loopback interface.
190
including the loopback interface.
191
.It Ar dest_address
191
.It Ar dest_address
192
Specify the address of the correspondent on the other end
192
Specify the address of the correspondent on the other end
193
of a point to point link.
193
of a point to point link.
194
.It Ar interface
194
.It Ar interface
195
This
195
This
196
parameter is a string of the form
196
parameter is a string of the form
197
.Dq name unit ,
197
.Dq name unit ,
198
for example,
198
for example,
199
.Dq Li em0 .
199
.Dq Li em0 .
200
.It Ar groupname
200
.It Ar groupname
201
List the interfaces in the given group.
201
List the interfaces in the given group.
202
.El
202
.El
203
.Pp
203
.Pp
204
The output format of
204
The output format of
205
.Nm
205
.Nm
206
can be controlled using the
206
can be controlled using the
207
.Fl f
207
.Fl f
208
flag or the
208
flag or the
209
.Ev IFCONFIG_FORMAT
209
.Ev IFCONFIG_FORMAT
210
environment variable.
210
environment variable.
211
The format is specified as a comma separated list of
211
The format is specified as a comma separated list of
212
.Sy type:format
212
.Sy type:format
213
pairs.
213
pairs.
214
See the
214
See the
215
.Sx EXAMPLES
215
.Sx EXAMPLES
216
section for more information.
216
section for more information.
217
The
217
The
218
.Sy types
218
.Sy types
219
and their associated
219
and their associated
220
.Sy format
220
.Sy format
221
strings are:
221
strings are:
222
.Bl -tag -width ether
222
.Bl -tag -width ether
223
.It Sy addr
223
.It Sy addr
224
Adjust the display of inet and inet6 addresses
224
Adjust the display of inet and inet6 addresses
225
.Bl -tag -width default
225
.Bl -tag -width default
226
.It Sy default
226
.It Sy default
227
Display inet and inet6 addresses in the default format,
227
Display inet and inet6 addresses in the default format,
228
.Sy numeric
228
.Sy numeric
229
.It Sy fqdn
229
.It Sy fqdn
230
Display inet and inet6 addresses as fully qualified domain names
230
Display inet and inet6 addresses as fully qualified domain names
231
.Pq FQDN
231
.Pq FQDN
232
.It Sy host
232
.It Sy host
233
Display inet and inet6 addresses as unqualified hostnames
233
Display inet and inet6 addresses as unqualified hostnames
234
.It Sy numeric
234
.It Sy numeric
235
Display inet and inet6 addresses in numeric format
235
Display inet and inet6 addresses in numeric format
236
.El
236
.El
237
.It Sy ether
237
.It Sy ether
238
Adjust the display of link-level ethernet (MAC) addresses
238
Adjust the display of link-level ethernet (MAC) addresses
239
.Bl -tag -width default
239
.Bl -tag -width default
240
.It Sy colon
240
.It Sy colon
241
Separate address segments with a colon
241
Separate address segments with a colon
242
.It Sy dash
242
.It Sy dash
243
Separate address segments with a dash
243
Separate address segments with a dash
244
.It Sy default
244
.It Sy default
245
Display ethernet addresses in the default format,
245
Display ethernet addresses in the default format,
246
.Sy colon
246
.Sy colon
247
.El
247
.El
248
.It Sy inet
248
.It Sy inet
249
Adjust the display of inet address subnet masks:
249
Adjust the display of inet address subnet masks:
250
.Bl -tag -width default
250
.Bl -tag -width default
251
.It Sy cidr
251
.It Sy cidr
252
Display subnet masks in CIDR notation, for example:
252
Display subnet masks in CIDR notation, for example:
253
.br
253
.br
254
10.0.0.0/8 or 203.0.113.224/26
254
10.0.0.0/8 or 203.0.113.224/26
255
.It Sy default
255
.It Sy default
256
Display subnet masks in the default format,
256
Display subnet masks in the default format,
257
.Sy hex
257
.Sy hex
258
.It Sy dotted
258
.It Sy dotted
259
Display subnet masks in dotted quad notation, for example:
259
Display subnet masks in dotted quad notation, for example:
260
.br
260
.br
261
255.255.0.0 or 255.255.255.192
261
255.255.0.0 or 255.255.255.192
262
.It Sy hex
262
.It Sy hex
263
Display subnet masks in hexadecimal, for example:
263
Display subnet masks in hexadecimal, for example:
264
.br
264
.br
265
0xffff0000 or 0xffffffc0
265
0xffff0000 or 0xffffffc0
266
.El
266
.El
267
.It Sy inet6
267
.It Sy inet6
268
Adjust the display of inet6 address prefixes (subnet masks):
268
Adjust the display of inet6 address prefixes (subnet masks):
269
.Bl -tag -width default
269
.Bl -tag -width default
270
.It Sy cidr
270
.It Sy cidr
271
Display subnet prefix in CIDR notation, for example:
271
Display subnet prefix in CIDR notation, for example:
272
.br
272
.br
273
::1/128 or fe80::1%lo0/64
273
::1/128 or fe80::1%lo0/64
274
.It Sy default
274
.It Sy default
275
Display subnet prefix in the default format
275
Display subnet prefix in the default format
276
.Sy numeric
276
.Sy numeric
277
.It Sy numeric
277
.It Sy numeric
278
Display subnet prefix in integer format, for example:
278
Display subnet prefix in integer format, for example:
279
.br
279
.br
280
prefixlen 64
280
prefixlen 64
281
.El
281
.El
282
.El
282
.El
283
.Pp
283
.Pp
284
The following parameters may be set with
284
The following parameters may be set with
285
.Nm :
285
.Nm :
286
.Bl -tag -width indent
286
.Bl -tag -width indent
287
.It Cm add
287
.It Cm add
288
Another name for the
288
Another name for the
289
.Cm alias
289
.Cm alias
290
parameter.
290
parameter.
291
Introduced for compatibility
291
Introduced for compatibility
292
with
292
with
293
.Bsx .
293
.Bsx .
294
.It Cm alias
294
.It Cm alias
295
Establish an additional network address for this interface.
295
Establish an additional network address for this interface.
296
This is sometimes useful when changing network numbers, and
296
This is sometimes useful when changing network numbers, and
297
one wishes to accept packets addressed to the old interface.
297
one wishes to accept packets addressed to the old interface.
298
If the address is on the same subnet as the first network address
298
If the address is on the same subnet as the first network address
299
for this interface, a non-conflicting netmask must be given.
299
for this interface, a non-conflicting netmask must be given.
300
Usually
300
Usually
301
.Li 0xffffffff
301
.Li 0xffffffff
302
is most appropriate.
302
is most appropriate.
303
.It Fl alias
303
.It Fl alias
304
Remove the network address specified.
304
Remove the network address specified.
305
This would be used if you incorrectly specified an alias, or it
305
This would be used if you incorrectly specified an alias, or it
306
was no longer needed.
306
was no longer needed.
307
If you have incorrectly set an NS address having the side effect
307
If you have incorrectly set an NS address having the side effect
308
of specifying the host portion, removing all NS addresses will
308
of specifying the host portion, removing all NS addresses will
309
allow you to respecify the host portion.
309
allow you to respecify the host portion.
310
.It Cm anycast
310
.It Cm anycast
311
(Inet6 only.)
311
(Inet6 only.)
312
Specify that the address configured is an anycast address.
312
Specify that the address configured is an anycast address.
313
Based on the current specification,
313
Based on the current specification,
314
only routers may configure anycast addresses.
314
only routers may configure anycast addresses.
315
Anycast address will not be used as source address of any of outgoing
315
Anycast address will not be used as source address of any of outgoing
316
IPv6 packets.
316
IPv6 packets.
317
.It Cm arp
317
.It Cm arp
318
Enable the use of the Address Resolution Protocol
318
Enable the use of the Address Resolution Protocol
319
.Pq Xr arp 4
319
.Pq Xr arp 4
320
in mapping
320
in mapping
321
between network level addresses and link level addresses (default).
321
between network level addresses and link level addresses (default).
322
This is currently implemented for mapping between
322
This is currently implemented for mapping between
323
.Tn DARPA
323
.Tn DARPA
324
Internet
324
Internet
325
addresses and
325
addresses and
326
.Tn IEEE
326
.Tn IEEE
327
802 48-bit MAC addresses (Ethernet, FDDI, and Token Ring addresses).
327
802 48-bit MAC addresses (Ethernet, FDDI, and Token Ring addresses).
328
.It Fl arp
328
.It Fl arp
329
Disable the use of the Address Resolution Protocol
329
Disable the use of the Address Resolution Protocol
330
.Pq Xr arp 4 .
330
.Pq Xr arp 4 .
331
.It Cm staticarp
331
.It Cm staticarp
332
If the Address Resolution Protocol is enabled,
332
If the Address Resolution Protocol is enabled,
333
the host will only reply to requests for its addresses,
333
the host will only reply to requests for its addresses,
334
and will never send any requests.
334
and will never send any requests.
335
.It Fl staticarp
335
.It Fl staticarp
336
If the Address Resolution Protocol is enabled,
336
If the Address Resolution Protocol is enabled,
337
the host will perform normally,
337
the host will perform normally,
338
sending out requests and listening for replies.
338
sending out requests and listening for replies.
339
.It Cm broadcast
339
.It Cm broadcast
340
(Inet only.)
340
(Inet only.)
341
Specify the address to use to represent broadcasts to the
341
Specify the address to use to represent broadcasts to the
342
network.
342
network.
343
The default broadcast address is the address with a host part of all 1's.
343
The default broadcast address is the address with a host part of all 1's.
344
.It Cm debug
344
.It Cm debug
345
Enable driver dependent debugging code; usually, this turns on
345
Enable driver dependent debugging code; usually, this turns on
346
extra console error logging.
346
extra console error logging.
347
.It Fl debug
347
.It Fl debug
348
Disable driver dependent debugging code.
348
Disable driver dependent debugging code.
349
.It Cm promisc
349
.It Cm promisc
350
Put interface into permanently promiscuous mode.
350
Put interface into permanently promiscuous mode.
351
.It Fl promisc
351
.It Fl promisc
352
Disable permanently promiscuous mode.
352
Disable permanently promiscuous mode.
353
.It Cm delete
353
.It Cm delete
354
Another name for the
354
Another name for the
355
.Fl alias
355
.Fl alias
356
parameter.
356
parameter.
357
.It Cm description Ar value , Cm descr Ar value
357
.It Cm description Ar value , Cm descr Ar value
358
Specify a description of the interface.
358
Specify a description of the interface.
359
This can be used to label interfaces in situations where they may
359
This can be used to label interfaces in situations where they may
360
otherwise be difficult to distinguish.
360
otherwise be difficult to distinguish.
361
.It Cm -description , Cm -descr
361
.It Cm -description , Cm -descr
362
Clear the interface description.
362
Clear the interface description.
363
.It Cm down
363
.It Cm down
364
Mark an interface
364
Mark an interface
365
.Dq down .
365
.Dq down .
366
When an interface is marked
366
When an interface is marked
367
.Dq down ,
367
.Dq down ,
368
the system will not attempt to
368
the system will not attempt to
369
transmit messages through that interface.
369
transmit messages through that interface.
370
If possible, the interface will be reset to disable reception as well.
370
If possible, the interface will be reset to disable reception as well.
371
This action does not automatically disable routes using the interface.
371
This action does not automatically disable routes using the interface.
372
.It Cm group Ar group-name
372
.It Cm group Ar group-name
373
Assign the interface to a
373
Assign the interface to a
374
.Dq group .
374
.Dq group .
375
Any interface can be in multiple groups.
375
Any interface can be in multiple groups.
376
.Pp
376
.Pp
377
Cloned interfaces are members of their interface family group by default.
377
Cloned interfaces are members of their interface family group by default.
378
For example, a PPP interface such as
378
For example, a PPP interface such as
379
.Em ppp0
379
.Em ppp0
380
is a member of the PPP interface family group,
380
is a member of the PPP interface family group,
381
.Em ppp .
381
.Em ppp .
382
.\" The interface(s) the default route(s) point to are members of the
382
.\" The interface(s) the default route(s) point to are members of the
383
.\" .Em egress
383
.\" .Em egress
384
.\" interface group.
384
.\" interface group.
385
.It Cm -group Ar group-name
385
.It Cm -group Ar group-name
386
Remove the interface from the given
386
Remove the interface from the given
387
.Dq group .
387
.Dq group .
388
.It Cm eui64
388
.It Cm eui64
389
(Inet6 only.)
389
(Inet6 only.)
390
Fill interface index
390
Fill interface index
391
(lowermost 64bit of an IPv6 address)
391
(lowermost 64bit of an IPv6 address)
392
automatically.
392
automatically.
393
.It Cm fib Ar fib_number
393
.It Cm fib Ar fib_number
394
Specify interface FIB.
394
Specify interface FIB.
395
A FIB
395
A FIB
396
.Ar fib_number
396
.Ar fib_number
397
is assigned to all frames or packets received on that interface.
397
is assigned to all frames or packets received on that interface.
398
The FIB is not inherited, e.g., vlans or other sub-interfaces will use
398
The FIB is not inherited, e.g., vlans or other sub-interfaces will use
399
the default FIB (0) irrespective of the parent interface's FIB.
399
the default FIB (0) irrespective of the parent interface's FIB.
400
The kernel needs to be tuned to support more than the default FIB
400
The kernel needs to be tuned to support more than the default FIB
401
using the
401
using the
402
.Va ROUTETABLES
402
.Va ROUTETABLES
403
kernel configuration option, or the
403
kernel configuration option, or the
404
.Va net.fibs
404
.Va net.fibs
405
tunable.
405
tunable.
406
.It Cm tunnelfib Ar fib_number
406
.It Cm tunnelfib Ar fib_number
407
Specify tunnel FIB.
407
Specify tunnel FIB.
408
A FIB
408
A FIB
409
.Ar fib_number
409
.Ar fib_number
410
is assigned to all packets encapsulated by tunnel interface, e.g.,
410
is assigned to all packets encapsulated by tunnel interface, e.g.,
411
.Xr gif 4
411
.Xr gif 4
412
and
412
and
413
.Xr gre 4 .
413
.Xr gre 4 .
414
.It Cm maclabel Ar label
414
.It Cm maclabel Ar label
415
If Mandatory Access Control support is enabled in the kernel,
415
If Mandatory Access Control support is enabled in the kernel,
416
set the MAC label to
416
set the MAC label to
417
.Ar label .
417
.Ar label .
418
.\" (see
418
.\" (see
419
.\" .Xr maclabel 7 ) .
419
.\" .Xr maclabel 7 ) .
420
.It Cm media Ar type
420
.It Cm media Ar type
421
If the driver supports the media selection system, set the media type
421
If the driver supports the media selection system, set the media type
422
of the interface to
422
of the interface to
423
.Ar type .
423
.Ar type .
424
Some interfaces support the mutually exclusive use of one of several
424
Some interfaces support the mutually exclusive use of one of several
425
different physical media connectors.
425
different physical media connectors.
426
For example, a 10Mbit/s Ethernet
426
For example, a 10Mbit/s Ethernet
427
interface might support the use of either
427
interface might support the use of either
428
.Tn AUI
428
.Tn AUI
429
or twisted pair connectors.
429
or twisted pair connectors.
430
Setting the media type to
430
Setting the media type to
431
.Cm 10base5/AUI
431
.Cm 10base5/AUI
432
would change the currently active connector to the AUI port.
432
would change the currently active connector to the AUI port.
433
Setting it to
433
Setting it to
434
.Cm 10baseT/UTP
434
.Cm 10baseT/UTP
435
would activate twisted pair.
435
would activate twisted pair.
436
Refer to the interfaces' driver
436
Refer to the interfaces' driver
437
specific documentation or man page for a complete list of the
437
specific documentation or man page for a complete list of the
438
available types.
438
available types.
439
.It Cm mediaopt Ar opts
439
.It Cm mediaopt Ar opts
440
If the driver supports the media selection system, set the specified
440
If the driver supports the media selection system, set the specified
441
media options on the interface.
441
media options on the interface.
442
The
442
The
443
.Ar opts
443
.Ar opts
444
argument
444
argument
445
is a comma delimited list of options to apply to the interface.
445
is a comma delimited list of options to apply to the interface.
446
Refer to the interfaces' driver specific man page for a complete
446
Refer to the interfaces' driver specific man page for a complete
447
list of available options.
447
list of available options.
448
.It Fl mediaopt Ar opts
448
.It Fl mediaopt Ar opts
449
If the driver supports the media selection system, disable the
449
If the driver supports the media selection system, disable the
450
specified media options on the interface.
450
specified media options on the interface.
451
.It Cm mode Ar mode
451
.It Cm mode Ar mode
452
If the driver supports the media selection system, set the specified
452
If the driver supports the media selection system, set the specified
453
operating mode on the interface to
453
operating mode on the interface to
454
.Ar mode .
454
.Ar mode .
455
For IEEE 802.11 wireless interfaces that support multiple operating modes
455
For IEEE 802.11 wireless interfaces that support multiple operating modes
456
this directive is used to select between 802.11a
456
this directive is used to select between 802.11a
457
.Pq Cm 11a ,
457
.Pq Cm 11a ,
458
802.11b
458
802.11b
459
.Pq Cm 11b ,
459
.Pq Cm 11b ,
460
and 802.11g
460
and 802.11g
461
.Pq Cm 11g
461
.Pq Cm 11g
462
operating modes.
462
operating modes.
463
.It Cm txrtlmt
463
.It Cm txrtlmt
464
Set if the driver supports TX rate limiting.
464
Set if the driver supports TX rate limiting.
465
.It Cm inst Ar minst , Cm instance Ar minst
465
.It Cm inst Ar minst , Cm instance Ar minst
466
Set the media instance to
466
Set the media instance to
467
.Ar minst .
467
.Ar minst .
468
This is useful for devices which have multiple physical layer interfaces
468
This is useful for devices which have multiple physical layer interfaces
469
.Pq PHYs .
469
.Pq PHYs .
470
.It Cm name Ar name
470
.It Cm name Ar name
471
Set the interface name to
471
Set the interface name to
472
.Ar name .
472
.Ar name .
473
.It Cm rxcsum , txcsum , rxcsum6 , txcsum6
473
.It Cm rxcsum , txcsum , rxcsum6 , txcsum6
474
If the driver supports user-configurable checksum offloading,
474
If the driver supports user-configurable checksum offloading,
475
enable receive (or transmit) checksum offloading on the interface.
475
enable receive (or transmit) checksum offloading on the interface.
476
The feature can be turned on selectively per protocol family.
476
The feature can be turned on selectively per protocol family.
477
Use
477
Use
478
.Cm rxcsum6 , txcsum6
478
.Cm rxcsum6 , txcsum6
479
for
479
for
480
.Xr ip6 4
480
.Xr ip6 4
481
or
481
or
482
.Cm rxcsum , txcsum
482
.Cm rxcsum , txcsum
483
otherwise.
483
otherwise.
484
Some drivers may not be able to enable these flags independently
484
Some drivers may not be able to enable these flags independently
485
of each other, so setting one may also set the other.
485
of each other, so setting one may also set the other.
486
The driver will offload as much checksum work as it can reliably
486
The driver will offload as much checksum work as it can reliably
487
support, the exact level of offloading varies between drivers.
487
support, the exact level of offloading varies between drivers.
488
.It Fl rxcsum , txcsum , rxcsum6 , txcsum6
488
.It Fl rxcsum , txcsum , rxcsum6 , txcsum6
489
If the driver supports user-configurable checksum offloading,
489
If the driver supports user-configurable checksum offloading,
490
disable receive (or transmit) checksum offloading on the interface.
490
disable receive (or transmit) checksum offloading on the interface.
491
The feature can be turned off selectively per protocol family.
491
The feature can be turned off selectively per protocol family.
492
Use
492
Use
493
.Fl rxcsum6 , txcsum6
493
.Fl rxcsum6 , txcsum6
494
for
494
for
495
.Xr ip6 4
495
.Xr ip6 4
496
or
496
or
497
.Fl rxcsum , txcsum
497
.Fl rxcsum , txcsum
498
otherwise.
498
otherwise.
499
These settings may not always be independent of each other.
499
These settings may not always be independent of each other.
500
.It Cm tso
500
.It Cm tso
501
If the driver supports
501
If the driver supports
502
.Xr tcp 4
502
.Xr tcp 4
503
segmentation offloading, enable TSO on the interface.
503
segmentation offloading, enable TSO on the interface.
504
Some drivers may not be able to support TSO for
504
Some drivers may not be able to support TSO for
505
.Xr ip 4
505
.Xr ip 4
506
and
506
and
507
.Xr ip6 4
507
.Xr ip6 4
508
packets, so they may enable only one of them.
508
packets, so they may enable only one of them.
509
.It Fl tso
509
.It Fl tso
510
If the driver supports
510
If the driver supports
511
.Xr tcp 4
511
.Xr tcp 4
512
segmentation offloading, disable TSO on the interface.
512
segmentation offloading, disable TSO on the interface.
513
It will always disable TSO for
513
It will always disable TSO for
514
.Xr ip 4
514
.Xr ip 4
515
and
515
and
516
.Xr ip6 4 .
516
.Xr ip6 4 .
517
.It Cm tso6 , tso4
517
.It Cm tso6 , tso4
518
If the driver supports
518
If the driver supports
519
.Xr tcp 4
519
.Xr tcp 4
520
segmentation offloading for
520
segmentation offloading for
521
.Xr ip6 4
521
.Xr ip6 4
522
or
522
or
523
.Xr ip 4
523
.Xr ip 4
524
use one of these to selectively enabled it only for one protocol family.
524
use one of these to selectively enabled it only for one protocol family.
525
.It Fl tso6 , tso4
525
.It Fl tso6 , tso4
526
If the driver supports
526
If the driver supports
527
.Xr tcp 4
527
.Xr tcp 4
528
segmentation offloading for
528
segmentation offloading for
529
.Xr ip6 4
529
.Xr ip6 4
530
or
530
or
531
.Xr ip 4
531
.Xr ip 4
532
use one of these to selectively disable it only for one protocol family.
532
use one of these to selectively disable it only for one protocol family.
533
.It Cm lro
533
.It Cm lro
534
If the driver supports
534
If the driver supports
535
.Xr tcp 4
535
.Xr tcp 4
536
large receive offloading, enable LRO on the interface.
536
large receive offloading, enable LRO on the interface.
537
.It Fl lro
537
.It Fl lro
538
If the driver supports
538
If the driver supports
539
.Xr tcp 4
539
.Xr tcp 4
540
large receive offloading, disable LRO on the interface.
540
large receive offloading, disable LRO on the interface.
541
.It Cm wol , wol_ucast , wol_mcast , wol_magic
541
.It Cm wol , wol_ucast , wol_mcast , wol_magic
542
Enable Wake On Lan (WOL) support, if available.
542
Enable Wake On Lan (WOL) support, if available.
543
WOL is a facility whereby a machine in a low power state may be woken
543
WOL is a facility whereby a machine in a low power state may be woken
544
in response to a received packet.
544
in response to a received packet.
545
There are three types of packets that may wake a system:
545
There are three types of packets that may wake a system:
546
ucast (directed solely to the machine's mac address),
546
ucast (directed solely to the machine's mac address),
547
mcast (directed to a broadcast or multicast address),
547
mcast (directed to a broadcast or multicast address),
548
or
548
or
549
magic (unicast or multicast frames with a ``magic contents'').
549
magic (unicast or multicast frames with a ``magic contents'').
550
Not all devices support WOL, those that do indicate the mechanisms
550
Not all devices support WOL, those that do indicate the mechanisms
551
they support in their capabilities.
551
they support in their capabilities.
552
.Cm wol
552
.Cm wol
553
is a synonym for enabling all available WOL mechanisms.
553
is a synonym for enabling all available WOL mechanisms.
554
To disable WOL use
554
To disable WOL use
555
.Fl wol .
555
.Fl wol .
556
.It Cm vlanmtu , vlanhwtag, vlanhwfilter, vlanhwcsum, vlanhwtso
556
.It Cm vlanmtu , vlanhwtag, vlanhwfilter, vlanhwcsum, vlanhwtso
557
If the driver offers user-configurable VLAN support, enable
557
If the driver offers user-configurable VLAN support, enable
558
reception of extended frames, tag processing in hardware,
558
reception of extended frames, tag processing in hardware,
559
frame filtering in hardware, checksum offloading, or TSO on VLAN,
559
frame filtering in hardware, checksum offloading, or TSO on VLAN,
560
respectively.
560
respectively.
561
Note that this must be issued on a physical interface associated with
561
Note that this must be issued on a physical interface associated with
562
.Xr vlan 4 ,
562
.Xr vlan 4 ,
563
not on a
563
not on a
564
.Xr vlan 4
564
.Xr vlan 4
565
interface itself.
565
interface itself.
566
.It Fl vlanmtu , vlanhwtag, vlanhwfilter, vlanhwtso
566
.It Fl vlanmtu , vlanhwtag, vlanhwfilter, vlanhwtso
567
If the driver offers user-configurable VLAN support, disable
567
If the driver offers user-configurable VLAN support, disable
568
reception of extended frames, tag processing in hardware,
568
reception of extended frames, tag processing in hardware,
569
frame filtering in hardware, or TSO on VLAN,
569
frame filtering in hardware, or TSO on VLAN,
570
respectively.
570
respectively.
571
.It Cm vnet Ar jail
571
.It Cm vnet Ar jail
572
Move the interface to the
572
Move the interface to the
573
.Xr jail 8 ,
573
.Xr jail 8 ,
574
specified by name or JID.
574
specified by name or JID.
575
If the jail has a virtual network stack, the interface will disappear
575
If the jail has a virtual network stack, the interface will disappear
576
from the current environment and become visible to the jail.
576
from the current environment and become visible to the jail.
577
.It Fl vnet Ar jail
577
.It Fl vnet Ar jail
578
Reclaim the interface from the
578
Reclaim the interface from the
579
.Xr jail 8 ,
579
.Xr jail 8 ,
580
specified by name or JID.
580
specified by name or JID.
581
If the jail has a virtual network stack, the interface will disappear
581
If the jail has a virtual network stack, the interface will disappear
582
from the jail, and become visible to the current network environment.
582
from the jail, and become visible to the current network environment.
583
.It Cm polling
583
.It Cm polling
584
Turn on
584
Turn on
585
.Xr polling 4
585
.Xr polling 4
586
feature and disable interrupts on the interface, if driver supports
586
feature and disable interrupts on the interface, if driver supports
587
this mode.
587
this mode.
588
.It Fl polling
588
.It Fl polling
589
Turn off
589
Turn off
590
.Xr polling 4
590
.Xr polling 4
591
feature and enable interrupt mode on the interface.
591
feature and enable interrupt mode on the interface.
592
.It Cm create
592
.It Cm create
593
Create the specified network pseudo-device.
593
Create the specified network pseudo-device.
594
If the interface is given without a unit number, try to create a new
594
If the interface is given without a unit number, try to create a new
595
device with an arbitrary unit number.
595
device with an arbitrary unit number.
596
If creation of an arbitrary device is successful, the new device name is
596
If creation of an arbitrary device is successful, the new device name is
597
printed to standard output unless the interface is renamed or destroyed
597
printed to standard output unless the interface is renamed or destroyed
598
in the same
598
in the same
599
.Nm
599
.Nm
600
invocation.
600
invocation.
601
.It Cm destroy
601
.It Cm destroy
602
Destroy the specified network pseudo-device.
602
Destroy the specified network pseudo-device.
603
.It Cm plumb
603
.It Cm plumb
604
Another name for the
604
Another name for the
605
.Cm create
605
.Cm create
606
parameter.
606
parameter.
607
Included for
607
Included for
608
.Tn Solaris
608
.Tn Solaris
609
compatibility.
609
compatibility.
610
.It Cm unplumb
610
.It Cm unplumb
611
Another name for the
611
Another name for the
612
.Cm destroy
612
.Cm destroy
613
parameter.
613
parameter.
614
Included for
614
Included for
615
.Tn Solaris
615
.Tn Solaris
616
compatibility.
616
compatibility.
617
.It Cm metric Ar n
617
.It Cm metric Ar n
618
Set the routing metric of the interface to
618
Set the routing metric of the interface to
619
.Ar n ,
619
.Ar n ,
620
default 0.
620
default 0.
621
The routing metric is used by the routing protocol
621
The routing metric is used by the routing protocol
622
.Pq Xr routed 8 .
622
.Pq Xr routed 8 .
623
Higher metrics have the effect of making a route
623
Higher metrics have the effect of making a route
624
less favorable; metrics are counted as additional hops
624
less favorable; metrics are counted as additional hops
625
to the destination network or host.
625
to the destination network or host.
626
.It Cm mtu Ar n
626
.It Cm mtu Ar n
627
Set the maximum transmission unit of the interface to
627
Set the maximum transmission unit of the interface to
628
.Ar n ,
628
.Ar n ,
629
default is interface specific.
629
default is interface specific.
630
The MTU is used to limit the size of packets that are transmitted on an
630
The MTU is used to limit the size of packets that are transmitted on an
631
interface.
631
interface.
632
Not all interfaces support setting the MTU, and some interfaces have
632
Not all interfaces support setting the MTU, and some interfaces have
633
range restrictions.
633
range restrictions.
634
.It Cm netmask Ar mask
634
.It Cm netmask Ar mask
635
.\" (Inet and ISO.)
635
.\" (Inet and ISO.)
636
(Inet only.)
636
(Inet only.)
637
Specify how much of the address to reserve for subdividing
637
Specify how much of the address to reserve for subdividing
638
networks into sub-networks.
638
networks into sub-networks.
639
The mask includes the network part of the local address
639
The mask includes the network part of the local address
640
and the subnet part, which is taken from the host field of the address.
640
and the subnet part, which is taken from the host field of the address.
641
The mask can be specified as a single hexadecimal number
641
The mask can be specified as a single hexadecimal number
642
with a leading
642
with a leading
643
.Ql 0x ,
643
.Ql 0x ,
644
with a dot-notation Internet address,
644
with a dot-notation Internet address,
645
or with a pseudo-network name listed in the network table
645
or with a pseudo-network name listed in the network table
646
.Xr networks 5 .
646
.Xr networks 5 .
647
The mask contains 1's for the bit positions in the 32-bit address
647
The mask contains 1's for the bit positions in the 32-bit address
648
which are to be used for the network and subnet parts,
648
which are to be used for the network and subnet parts,
649
and 0's for the host part.
649
and 0's for the host part.
650
The mask should contain at least the standard network portion,
650
The mask should contain at least the standard network portion,
651
and the subnet field should be contiguous with the network
651
and the subnet field should be contiguous with the network
652
portion.
652
portion.
653
.Pp
653
.Pp
654
The netmask can also be specified in CIDR notation after the address.
654
The netmask can also be specified in CIDR notation after the address.
655
See the
655
See the
656
.Ar address
656
.Ar address
657
option above for more information.
657
option above for more information.
658
.It Cm prefixlen Ar len
658
.It Cm prefixlen Ar len
659
(Inet6 only.)
659
(Inet6 only.)
660
Specify that
660
Specify that
661
.Ar len
661
.Ar len
662
bits are reserved for subdividing networks into sub-networks.
662
bits are reserved for subdividing networks into sub-networks.
663
The
663
The
664
.Ar len
664
.Ar len
665
must be integer, and for syntactical reason it must be between 0 to 128.
665
must be integer, and for syntactical reason it must be between 0 to 128.
666
It is almost always 64 under the current IPv6 assignment rule.
666
It is almost always 64 under the current IPv6 assignment rule.
667
If the parameter is omitted, 64 is used.
667
If the parameter is omitted, 64 is used.
668
.Pp
668
.Pp
669
The prefix can also be specified using the slash notation after the address.
669
The prefix can also be specified using the slash notation after the address.
670
See the
670
See the
671
.Ar address
671
.Ar address
672
option above for more information.
672
option above for more information.
673
.It Cm remove
673
.It Cm remove
674
Another name for the
674
Another name for the
675
.Fl alias
675
.Fl alias
676
parameter.
676
parameter.
677
Introduced for compatibility
677
Introduced for compatibility
678
with
678
with
679
.Bsx .
679
.Bsx .
680
.Sm off
680
.Sm off
681
.It Cm link Op Cm 0 No - Cm 2
681
.It Cm link Op Cm 0 No - Cm 2
682
.Sm on
682
.Sm on
683
Enable special processing of the link level of the interface.
683
Enable special processing of the link level of the interface.
684
These three options are interface specific in actual effect, however,
684
These three options are interface specific in actual effect, however,
685
they are in general used to select special modes of operation.
685
they are in general used to select special modes of operation.
686
An example
686
An example
687
of this is to enable SLIP compression, or to select the connector type
687
of this is to enable SLIP compression, or to select the connector type
688
for some Ethernet cards.
688
for some Ethernet cards.
689
Refer to the man page for the specific driver
689
Refer to the man page for the specific driver
690
for more information.
690
for more information.
691
.Sm off
691
.Sm off
692
.It Fl link Op Cm 0 No - Cm 2
692
.It Fl link Op Cm 0 No - Cm 2
693
.Sm on
693
.Sm on
694
Disable special processing at the link level with the specified interface.
694
Disable special processing at the link level with the specified interface.
695
.It Cm monitor
695
.It Cm monitor
696
Put the interface in monitor mode.
696
Put the interface in monitor mode.
697
No packets are transmitted, and received packets are discarded after
697
No packets are transmitted, and received packets are discarded after
698
.Xr bpf 4
698
.Xr bpf 4
699
processing.
699
processing.
700
.It Fl monitor
700
.It Fl monitor
701
Take the interface out of monitor mode.
701
Take the interface out of monitor mode.
702
.It Cm up
702
.It Cm up
703
Mark an interface
703
Mark an interface
704
.Dq up .
704
.Dq up .
705
This may be used to enable an interface after an
705
This may be used to enable an interface after an
706
.Dq Nm Cm down .
706
.Dq Nm Cm down .
707
It happens automatically when setting the first address on an interface.
707
It happens automatically when setting the first address on an interface.
708
If the interface was reset when previously marked down,
708
If the interface was reset when previously marked down,
709
the hardware will be re-initialized.
709
the hardware will be re-initialized.
710
.El
710
.El
711
.Pp
711
.Pp
712
The following parameters are for ICMPv6 Neighbor Discovery Protocol.
712
The following parameters are for ICMPv6 Neighbor Discovery Protocol.
713
Note that the address family keyword
713
Note that the address family keyword
714
.Dq Li inet6
714
.Dq Li inet6
715
is needed for them:
715
is needed for them:
716
.Bl -tag -width indent
716
.Bl -tag -width indent
717
.It Cm accept_rtadv
717
.It Cm accept_rtadv
718
Set a flag to enable accepting ICMPv6 Router Advertisement messages.
718
Set a flag to enable accepting ICMPv6 Router Advertisement messages.
719
The
719
The
720
.Xr sysctl 8
720
.Xr sysctl 8
721
variable
721
variable
722
.Va net.inet6.ip6.accept_rtadv
722
.Va net.inet6.ip6.accept_rtadv
723
controls whether this flag is set by default or not.
723
controls whether this flag is set by default or not.
724
.It Cm -accept_rtadv
724
.It Cm -accept_rtadv
725
Clear a flag
725
Clear a flag
726
.Cm accept_rtadv .
726
.Cm accept_rtadv .
727
.It Cm no_radr
727
.It Cm no_radr
728
Set a flag to control whether routers from which the system accepts
728
Set a flag to control whether routers from which the system accepts
729
Router Advertisement messages will be added to the Default Router List
729
Router Advertisement messages will be added to the Default Router List
730
or not.
730
or not.
731
When the
731
When the
732
.Cm accept_rtadv
732
.Cm accept_rtadv
733
flag is disabled, this flag has no effect.
733
flag is disabled, this flag has no effect.
734
The
734
The
735
.Xr sysctl 8
735
.Xr sysctl 8
736
variable
736
variable
737
.Va net.inet6.ip6.no_radr
737
.Va net.inet6.ip6.no_radr
738
controls whether this flag is set by default or not.
738
controls whether this flag is set by default or not.
739
.It Cm -no_radr
739
.It Cm -no_radr
740
Clear a flag
740
Clear a flag
741
.Cm no_radr .
741
.Cm no_radr .
742
.It Cm auto_linklocal
742
.It Cm auto_linklocal
743
Set a flag to perform automatic link-local address configuration when
743
Set a flag to perform automatic link-local address configuration when
744
the interface becomes available.
744
the interface becomes available.
745
The
745
The
746
.Xr sysctl 8
746
.Xr sysctl 8
747
variable
747
variable
748
.Va net.inet6.ip6.auto_linklocal
748
.Va net.inet6.ip6.auto_linklocal
749
controls whether this flag is set by default or not.
749
controls whether this flag is set by default or not.
750
.It Cm -auto_linklocal
750
.It Cm -auto_linklocal
751
Clear a flag
751
Clear a flag
752
.Cm auto_linklocal .
752
.Cm auto_linklocal .
753
.It Cm defaultif
753
.It Cm defaultif
754
Set the specified interface as the default route when there is no
754
Set the specified interface as the default route when there is no
755
default router.
755
default router.
756
.It Cm -defaultif
756
.It Cm -defaultif
757
Clear a flag
757
Clear a flag
758
.Cm defaultif .
758
.Cm defaultif .
759
.It Cm ifdisabled
759
.It Cm ifdisabled
760
Set a flag to disable all of IPv6 network communications on the
760
Set a flag to disable all of IPv6 network communications on the
761
specified interface.
761
specified interface.
762
Note that if there are already configured IPv6
762
Note that if there are already configured IPv6
763
addresses on that interface, all of them are marked as
763
addresses on that interface, all of them are marked as
764
.Dq tentative
764
.Dq tentative
765
and DAD will be performed when this flag is cleared.
765
and DAD will be performed when this flag is cleared.
766
.It Cm -ifdisabled
766
.It Cm -ifdisabled
767
Clear a flag
767
Clear a flag
768
.Cm ifdisabled .
768
.Cm ifdisabled .
769
When this flag is cleared and
769
When this flag is cleared and
770
.Cm auto_linklocal
770
.Cm auto_linklocal
771
flag is enabled, automatic configuration of a link-local address is
771
flag is enabled, automatic configuration of a link-local address is
772
performed.
772
performed.
773
.It Cm nud
773
.It Cm nud
774
Set a flag to enable Neighbor Unreachability Detection.
774
Set a flag to enable Neighbor Unreachability Detection.
775
.It Cm -nud
775
.It Cm -nud
776
Clear a flag
776
Clear a flag
777
.Cm nud .
777
.Cm nud .
778
.It Cm no_prefer_iface
778
.It Cm no_prefer_iface
779
Set a flag to not honor rule 5 of source address selection in RFC 3484.
779
Set a flag to not honor rule 5 of source address selection in RFC 3484.
780
In practice this means the address on the outgoing interface will not be
780
In practice this means the address on the outgoing interface will not be
781
preferred, effectively yielding the decision to the address selection
781
preferred, effectively yielding the decision to the address selection
782
policy table, configurable with
782
policy table, configurable with
783
.Xr ip6addrctl 8 .
783
.Xr ip6addrctl 8 .
784
.It Cm -no_prefer_iface
784
.It Cm -no_prefer_iface
785
Clear a flag
785
Clear a flag
786
.Cm no_prefer_iface .
786
.Cm no_prefer_iface .
787
.It Cm no_dad
787
.It Cm no_dad
788
Set a flag to disable Duplicate Address Detection.
788
Set a flag to disable Duplicate Address Detection.
789
.It Cm -no_dad
789
.It Cm -no_dad
790
Clear a flag
790
Clear a flag
791
.Cm no_dad .
791
.Cm no_dad .
792
.El
792
.El
793
.Pp
793
.Pp
794
The following parameters are specific for IPv6 addresses.
794
The following parameters are specific for IPv6 addresses.
795
Note that the address family keyword
795
Note that the address family keyword
796
.Dq Li inet6
796
.Dq Li inet6
797
is needed for them:
797
is needed for them:
798
.Bl -tag -width indent
798
.Bl -tag -width indent
799
.It Cm autoconf
799
.It Cm autoconf
800
Set the IPv6 autoconfigured address bit.
800
Set the IPv6 autoconfigured address bit.
801
.It Fl autoconf
801
.It Fl autoconf
802
Clear the IPv6 autoconfigured address bit.
802
Clear the IPv6 autoconfigured address bit.
803
.It Cm deprecated
803
.It Cm deprecated
804
Set the IPv6 deprecated address bit.
804
Set the IPv6 deprecated address bit.
805
.It Fl deprecated
805
.It Fl deprecated
806
Clear the IPv6 deprecated address bit.
806
Clear the IPv6 deprecated address bit.
807
.It Cm pltime Ar n
807
.It Cm pltime Ar n
808
Set preferred lifetime for the address.
808
Set preferred lifetime for the address.
809
.It Cm prefer_source
809
.It Cm prefer_source
810
Set a flag to prefer address as a candidate of the source address for
810
Set a flag to prefer address as a candidate of the source address for
811
outgoing packets.
811
outgoing packets.
812
.It Cm -prefer_source
812
.It Cm -prefer_source
813
Clear a flag
813
Clear a flag
814
.Cm prefer_source .
814
.Cm prefer_source .
815
.It Cm vltime Ar n
815
.It Cm vltime Ar n
816
Set valid lifetime for the address.
816
Set valid lifetime for the address.
817
.El
817
.El
818
.Pp
818
.Pp
819
The following parameters are specific to cloning
819
The following parameters are specific to cloning
820
IEEE 802.11 wireless interfaces with the
820
IEEE 802.11 wireless interfaces with the
821
.Cm create
821
.Cm create
822
request:
822
request:
823
.Bl -tag -width indent
823
.Bl -tag -width indent
824
.It Cm wlandev Ar device
824
.It Cm wlandev Ar device
825
Use
825
Use
826
.Ar device
826
.Ar device
827
as the parent for the cloned device.
827
as the parent for the cloned device.
828
.It Cm wlanmode Ar mode
828
.It Cm wlanmode Ar mode
829
Specify the operating mode for this cloned device.
829
Specify the operating mode for this cloned device.
830
.Ar mode
830
.Ar mode
831
is one of
831
is one of
832
.Cm sta ,
832
.Cm sta ,
833
.Cm ahdemo
833
.Cm ahdemo
834
(or
834
(or
835
.Cm adhoc-demo ) ,
835
.Cm adhoc-demo ) ,
836
.Cm ibss ,
836
.Cm ibss ,
837
(or
837
(or
838
.Cm adhoc ) ,
838
.Cm adhoc ) ,
839
.Cm ap ,
839
.Cm ap ,
840
(or
840
(or
841
.Cm hostap ) ,
841
.Cm hostap ) ,
842
.Cm wds ,
842
.Cm wds ,
843
.Cm tdma ,
843
.Cm tdma ,
844
.Cm mesh ,
844
.Cm mesh ,
845
and
845
and
846
.Cm monitor .
846
.Cm monitor .
847
The operating mode of a cloned interface cannot be changed.
847
The operating mode of a cloned interface cannot be changed.
848
The
848
The
849
.Cm tdma
849
.Cm tdma
850
mode is actually implemented as an
850
mode is actually implemented as an
851
.Cm adhoc-demo
851
.Cm adhoc-demo
852
interface with special properties.
852
interface with special properties.
853
.It Cm wlanbssid Ar bssid
853
.It Cm wlanbssid Ar bssid
854
The 802.11 mac address to use for the bssid.
854
The 802.11 mac address to use for the bssid.
855
This must be specified at create time for a legacy
855
This must be specified at create time for a legacy
856
.Cm wds
856
.Cm wds
857
device.
857
device.
858
.It Cm wlanaddr Ar address
858
.It Cm wlanaddr Ar address
859
The local mac address.
859
The local mac address.
860
If this is not specified then a mac address will automatically be assigned
860
If this is not specified then a mac address will automatically be assigned
861
to the cloned device.
861
to the cloned device.
862
Typically this address is the same as the address of the parent device
862
Typically this address is the same as the address of the parent device
863
but if the
863
but if the
864
.Cm bssid
864
.Cm bssid
865
parameter is specified then the driver will craft a unique address for
865
parameter is specified then the driver will craft a unique address for
866
the device (if supported).
866
the device (if supported).
867
.It Cm wdslegacy
867
.It Cm wdslegacy
868
Mark a
868
Mark a
869
.Cm wds
869
.Cm wds
870
device as operating in ``legacy mode''.
870
device as operating in ``legacy mode''.
871
Legacy
871
Legacy
872
.Cm wds
872
.Cm wds
873
devices have a fixed peer relationship and do not, for example, roam
873
devices have a fixed peer relationship and do not, for example, roam
874
if their peer stops communicating.
874
if their peer stops communicating.
875
For completeness a Dynamic WDS (DWDS) interface may marked as
875
For completeness a Dynamic WDS (DWDS) interface may marked as
876
.Fl wdslegacy .
876
.Fl wdslegacy .
877
.It Cm bssid
877
.It Cm bssid
878
Request a unique local mac address for the cloned device.
878
Request a unique local mac address for the cloned device.
879
This is only possible if the device supports multiple mac addresses.
879
This is only possible if the device supports multiple mac addresses.
880
To force use of the parent's mac address use
880
To force use of the parent's mac address use
881
.Fl bssid .
881
.Fl bssid .
882
.It Cm beacons
882
.It Cm beacons
883
Mark the cloned interface as depending on hardware support to
883
Mark the cloned interface as depending on hardware support to
884
track received beacons.
884
track received beacons.
885
To have beacons tracked in software use
885
To have beacons tracked in software use
886
.Fl beacons .
886
.Fl beacons .
887
For
887
For
888
.Cm hostap
888
.Cm hostap
889
mode
889
mode
890
.Fl beacons
890
.Fl beacons
891
can also be used to indicate no beacons should
891
can also be used to indicate no beacons should
892
be transmitted; this can be useful when creating a WDS configuration but
892
be transmitted; this can be useful when creating a WDS configuration but
893
.Cm wds
893
.Cm wds
894
interfaces can only be created as companions to an access point.
894
interfaces can only be created as companions to an access point.
895
.El
895
.El
896
.Pp
896
.Pp
897
The following parameters are specific to IEEE 802.11 wireless interfaces
897
The following parameters are specific to IEEE 802.11 wireless interfaces
898
cloned with a
898
cloned with a
899
.Cm create
899
.Cm create
900
operation:
900
operation:
901
.Bl -tag -width indent
901
.Bl -tag -width indent
902
.It Cm ampdu
902
.It Cm ampdu
903
Enable sending and receiving AMPDU frames when using 802.11n (default).
903
Enable sending and receiving AMPDU frames when using 802.11n (default).
904
The 802.11n specification states a compliant station must be capable
904
The 802.11n specification states a compliant station must be capable
905
of receiving AMPDU frames but transmission is optional.
905
of receiving AMPDU frames but transmission is optional.
906
Use
906
Use
907
.Fl ampdu
907
.Fl ampdu
908
to disable all use of AMPDU with 802.11n.
908
to disable all use of AMPDU with 802.11n.
909
For testing and/or to work around interoperability problems one can use
909
For testing and/or to work around interoperability problems one can use
910
.Cm ampdutx
910
.Cm ampdutx
911
and
911
and
912
.Cm ampdurx
912
.Cm ampdurx
913
to control use of AMPDU in one direction.
913
to control use of AMPDU in one direction.
914
.It Cm ampdudensity Ar density
914
.It Cm ampdudensity Ar density
915
Set the AMPDU density parameter used when operating with 802.11n.
915
Set the AMPDU density parameter used when operating with 802.11n.
916
This parameter controls the inter-packet gap for AMPDU frames.
916
This parameter controls the inter-packet gap for AMPDU frames.
917
The sending device normally controls this setting but a receiving station
917
The sending device normally controls this setting but a receiving station
918
may request wider gaps.
918
may request wider gaps.
919
Legal values for
919
Legal values for
920
.Ar density
920
.Ar density
921
are 0, .25, .5, 1, 2, 4, 8, and 16 (microseconds).
921
are 0, .25, .5, 1, 2, 4, 8, and 16 (microseconds).
922
A value of
922
A value of
923
.Cm -
923
.Cm -
924
is treated the same as 0.
924
is treated the same as 0.
925
.It Cm ampdulimit Ar limit
925
.It Cm ampdulimit Ar limit
926
Set the limit on packet size for receiving AMPDU frames when operating
926
Set the limit on packet size for receiving AMPDU frames when operating
927
with 802.11n.
927
with 802.11n.
928
Legal values for
928
Legal values for
929
.Ar limit
929
.Ar limit
930
are 8192, 16384, 32768, and 65536 but one can also specify
930
are 8192, 16384, 32768, and 65536 but one can also specify
931
just the unique prefix: 8, 16, 32, 64.
931
just the unique prefix: 8, 16, 32, 64.
932
Note the sender may limit the size of AMPDU frames to be less
932
Note the sender may limit the size of AMPDU frames to be less
933
than the maximum specified by the receiving station.
933
than the maximum specified by the receiving station.
934
.It Cm amsdu
934
.It Cm amsdu
935
Enable sending and receiving AMSDU frames when using 802.11n.
935
Enable sending and receiving AMSDU frames when using 802.11n.
936
By default AMSDU is received but not transmitted.
936
By default AMSDU is received but not transmitted.
937
Use
937
Use
938
.Fl amsdu
938
.Fl amsdu
939
to disable all use of AMSDU with 802.11n.
939
to disable all use of AMSDU with 802.11n.
940
For testing and/or to work around interoperability problems one can use
940
For testing and/or to work around interoperability problems one can use
941
.Cm amsdutx
941
.Cm amsdutx
942
and
942
and
943
.Cm amsdurx
943
.Cm amsdurx
944
to control use of AMSDU in one direction.
944
to control use of AMSDU in one direction.
945
.It Cm amsdulimit Ar limit
945
.It Cm amsdulimit Ar limit
946
Set the limit on packet size for sending and receiving AMSDU frames
946
Set the limit on packet size for sending and receiving AMSDU frames
947
when operating with 802.11n.
947
when operating with 802.11n.
948
Legal values for
948
Legal values for
949
.Ar limit
949
.Ar limit
950
are 7935 and 3839 (bytes).
950
are 7935 and 3839 (bytes).
951
Note the sender may limit the size of AMSDU frames to be less
951
Note the sender may limit the size of AMSDU frames to be less
952
than the maximum specified by the receiving station.
952
than the maximum specified by the receiving station.
953
Note also that devices are not required to support the 7935 limit,
953
Note also that devices are not required to support the 7935 limit,
954
only 3839 is required by the specification and the larger value
954
only 3839 is required by the specification and the larger value
955
may require more memory to be dedicated to support functionality
955
may require more memory to be dedicated to support functionality
956
that is rarely used.
956
that is rarely used.
957
.It Cm apbridge
957
.It Cm apbridge
958
When operating as an access point, pass packets between
958
When operating as an access point, pass packets between
959
wireless clients directly (default).
959
wireless clients directly (default).
960
To instead let them pass up through the
960
To instead let them pass up through the
961
system and be forwarded using some other mechanism, use
961
system and be forwarded using some other mechanism, use
962
.Fl apbridge .
962
.Fl apbridge .
963
Disabling the internal bridging
963
Disabling the internal bridging
964
is useful when traffic is to be processed with
964
is useful when traffic is to be processed with
965
packet filtering.
965
packet filtering.
966
.It Cm authmode Ar mode
966
.It Cm authmode Ar mode
967
Set the desired authentication mode in infrastructure mode.
967
Set the desired authentication mode in infrastructure mode.
968
Not all adapters support all modes.
968
Not all adapters support all modes.
969
The set of
969
The set of
970
valid modes is
970
valid modes is
971
.Cm none , open , shared
971
.Cm none , open , shared
972
(shared key),
972
(shared key),
973
.Cm 8021x
973
.Cm 8021x
974
(IEEE 802.1x),
974
(IEEE 802.1x),
975
and
975
and
976
.Cm wpa
976
.Cm wpa
977
(IEEE WPA/WPA2/802.11i).
977
(IEEE WPA/WPA2/802.11i).
978
The
978
The
979
.Cm 8021x
979
.Cm 8021x
980
and
980
and
981
.Cm wpa
981
.Cm wpa
982
modes are only useful when using an authentication service
982
modes are only useful when using an authentication service
983
(a supplicant for client operation or an authenticator when
983
(a supplicant for client operation or an authenticator when
984
operating as an access point).
984
operating as an access point).
985
Modes are case insensitive.
985
Modes are case insensitive.
986
.It Cm bgscan
986
.It Cm bgscan
987
Enable background scanning when operating as a station.
987
Enable background scanning when operating as a station.
988
Background scanning is a technique whereby a station associated to
988
Background scanning is a technique whereby a station associated to
989
an access point will temporarily leave the channel to scan for
989
an access point will temporarily leave the channel to scan for
990
neighboring stations.
990
neighboring stations.
991
This allows a station to maintain a cache of nearby access points
991
This allows a station to maintain a cache of nearby access points
992
so that roaming between access points can be done without
992
so that roaming between access points can be done without
993
a lengthy scan operation.
993
a lengthy scan operation.
994
Background scanning is done only when a station is not busy and
994
Background scanning is done only when a station is not busy and
995
any outbound traffic will cancel a scan operation.
995
any outbound traffic will cancel a scan operation.
996
Background scanning should never cause packets to be lost though
996
Background scanning should never cause packets to be lost though
997
there may be some small latency if outbound traffic interrupts a
997
there may be some small latency if outbound traffic interrupts a
998
scan operation.
998
scan operation.
999
By default background scanning is enabled if the device is capable.
999
By default background scanning is enabled if the device is capable.
1000
To disable background scanning, use
1000
To disable background scanning, use
1001
.Fl bgscan .
1001
.Fl bgscan .
1002
Background scanning is controlled by the
1002
Background scanning is controlled by the
1003
.Cm bgscanidle
1003
.Cm bgscanidle
1004
and
1004
and
1005
.Cm bgscanintvl
1005
.Cm bgscanintvl
1006
parameters.
1006
parameters.
1007
Background scanning must be enabled for roaming; this is an artifact
1007
Background scanning must be enabled for roaming; this is an artifact
1008
of the current implementation and may not be required in the future.
1008
of the current implementation and may not be required in the future.
1009
.It Cm bgscanidle Ar idletime
1009
.It Cm bgscanidle Ar idletime
1010
Set the minimum time a station must be idle (not transmitting or
1010
Set the minimum time a station must be idle (not transmitting or
1011
receiving frames) before a background scan is initiated.
1011
receiving frames) before a background scan is initiated.
1012
The
1012
The
1013
.Ar idletime
1013
.Ar idletime
1014
parameter is specified in milliseconds.
1014
parameter is specified in milliseconds.
1015
By default a station must be idle at least 250 milliseconds before
1015
By default a station must be idle at least 250 milliseconds before
1016
a background scan is initiated.
1016
a background scan is initiated.
1017
The idle time may not be set to less than 100 milliseconds.
1017
The idle time may not be set to less than 100 milliseconds.
1018
.It Cm bgscanintvl Ar interval
1018
.It Cm bgscanintvl Ar interval
1019
Set the interval at which background scanning is attempted.
1019
Set the interval at which background scanning is attempted.
1020
The
1020
The
1021
.Ar interval
1021
.Ar interval
1022
parameter is specified in seconds.
1022
parameter is specified in seconds.
1023
By default a background scan is considered every 300 seconds (5 minutes).
1023
By default a background scan is considered every 300 seconds (5 minutes).
1024
The
1024
The
1025
.Ar interval
1025
.Ar interval
1026
may not be set to less than 15 seconds.
1026
may not be set to less than 15 seconds.
1027
.It Cm bintval Ar interval
1027
.It Cm bintval Ar interval
1028
Set the interval at which beacon frames are sent when operating in
1028
Set the interval at which beacon frames are sent when operating in
1029
ad-hoc or ap mode.
1029
ad-hoc or ap mode.
1030
The
1030
The
1031
.Ar interval
1031
.Ar interval
1032
parameter is specified in TU's (1024 usecs).
1032
parameter is specified in TU's (1024 usecs).
1033
By default beacon frames are transmitted every 100 TU's.
1033
By default beacon frames are transmitted every 100 TU's.
1034
.It Cm bmissthreshold Ar count
1034
.It Cm bmissthreshold Ar count
1035
Set the number of consecutive missed beacons at which the station
1035
Set the number of consecutive missed beacons at which the station
1036
will attempt to roam (i.e., search for a new access point).
1036
will attempt to roam (i.e., search for a new access point).
1037
The
1037
The
1038
.Ar count
1038
.Ar count
1039
parameter must be in the range 1 to 255; though the
1039
parameter must be in the range 1 to 255; though the
1040
upper bound may be reduced according to device capabilities.
1040
upper bound may be reduced according to device capabilities.
1041
The default threshold is 7 consecutive missed beacons; but
1041
The default threshold is 7 consecutive missed beacons; but
1042
this may be overridden by the device driver.
1042
this may be overridden by the device driver.
1043
Another name for the
1043
Another name for the
1044
.Cm bmissthreshold
1044
.Cm bmissthreshold
1045
parameter is
1045
parameter is
1046
.Cm bmiss .
1046
.Cm bmiss .
1047
.It Cm bssid Ar address
1047
.It Cm bssid Ar address
1048
Specify the MAC address of the access point to use when operating
1048
Specify the MAC address of the access point to use when operating
1049
as a station in a BSS network.
1049
as a station in a BSS network.
1050
This overrides any automatic selection done by the system.
1050
This overrides any automatic selection done by the system.
1051
To disable a previously selected access point, supply
1051
To disable a previously selected access point, supply
1052
.Cm any , none ,
1052
.Cm any , none ,
1053
or
1053
or
1054
.Cm -
1054
.Cm -
1055
for the address.
1055
for the address.
1056
This option is useful when more than one access point uses the same SSID.
1056
This option is useful when more than one access point uses the same SSID.
1057
Another name for the
1057
Another name for the
1058
.Cm bssid
1058
.Cm bssid
1059
parameter is
1059
parameter is
1060
.Cm ap .
1060
.Cm ap .
1061
.It Cm burst
1061
.It Cm burst
1062
Enable packet bursting.
1062
Enable packet bursting.
1063
Packet bursting is a transmission technique whereby the wireless
1063
Packet bursting is a transmission technique whereby the wireless
1064
medium is acquired once to send multiple frames and the interframe
1064
medium is acquired once to send multiple frames and the interframe
1065
spacing is reduced.
1065
spacing is reduced.
1066
This technique can significantly increase throughput by reducing
1066
This technique can significantly increase throughput by reducing
1067
transmission overhead.
1067
transmission overhead.
1068
Packet bursting is supported by the 802.11e QoS specification
1068
Packet bursting is supported by the 802.11e QoS specification
1069
and some devices that do not support QoS may still be capable.
1069
and some devices that do not support QoS may still be capable.
1070
By default packet bursting is enabled if a device is capable
1070
By default packet bursting is enabled if a device is capable
1071
of doing it.
1071
of doing it.
1072
To disable packet bursting, use
1072
To disable packet bursting, use
1073
.Fl burst .
1073
.Fl burst .
1074
.It Cm chanlist Ar channels
1074
.It Cm chanlist Ar channels
1075
Set the desired channels to use when scanning for access
1075
Set the desired channels to use when scanning for access
1076
points, neighbors in an IBSS network, or looking for unoccupied
1076
points, neighbors in an IBSS network, or looking for unoccupied
1077
channels when operating as an access point.
1077
channels when operating as an access point.
1078
The set of channels is specified as a comma-separated list with
1078
The set of channels is specified as a comma-separated list with
1079
each element in the list representing either a single channel number or a range
1079
each element in the list representing either a single channel number or a range
1080
of the form
1080
of the form
1081
.Dq Li a-b .
1081
.Dq Li a-b .
1082
Channel numbers must be in the range 1 to 255 and be permissible
1082
Channel numbers must be in the range 1 to 255 and be permissible
1083
according to the operating characteristics of the device.
1083
according to the operating characteristics of the device.
1084
.It Cm channel Ar number
1084
.It Cm channel Ar number
1085
Set a single desired channel.
1085
Set a single desired channel.
1086
Channels range from 1 to 255, but the exact selection available
1086
Channels range from 1 to 255, but the exact selection available
1087
depends on the region your adaptor was manufactured for.
1087
depends on the region your adaptor was manufactured for.
1088
Setting
1088
Setting
1089
the channel to
1089
the channel to
1090
.Li any ,
1090
.Li any ,
1091
or
1091
or
1092
.Cm -
1092
.Cm -
1093
will clear any desired channel and, if the device is marked up,
1093
will clear any desired channel and, if the device is marked up,
1094
force a scan for a channel to operate on.
1094
force a scan for a channel to operate on.
1095
Alternatively the frequency, in megahertz, may be specified
1095
Alternatively the frequency, in megahertz, may be specified
1096
instead of the channel number.
1096
instead of the channel number.
1097
.Pp
1097
.Pp
1098
When there are several ways to use a channel the channel
1098
When there are several ways to use a channel the channel
1099
number/frequency may be appended with attributes to clarify.
1099
number/frequency may be appended with attributes to clarify.
1100
For example, if a device is capable of operating on channel 6
1100
For example, if a device is capable of operating on channel 6
1101
with 802.11n and 802.11g then one can specify that g-only use
1101
with 802.11n and 802.11g then one can specify that g-only use
1102
should be used by specifying ``6:g''.
1102
should be used by specifying ``6:g''.
1103
Similarly the channel width can be specified by appending it
1103
Similarly the channel width can be specified by appending it
1104
with ``/''; e.g., ``6/40'' specifies a 40MHz wide channel,
1104
with ``/''; e.g., ``6/40'' specifies a 40MHz wide channel,
1105
These attributes can be combined as in: ``6:ht/40''.
1105
These attributes can be combined as in: ``6:ht/40''.
1106
The full set of flags specified following a ``:'' are:
1106
The full set of flags specified following a ``:'' are:
1107
.Cm a
1107
.Cm a
1108
(802.11a),
1108
(802.11a),
1109
.Cm b
1109
.Cm b
1110
(802.11b),
1110
(802.11b),
1111
.Cm d
1111
.Cm d
1112
(Atheros Dynamic Turbo mode),
1112
(Atheros Dynamic Turbo mode),
1113
.Cm g
1113
.Cm g
1114
(802.11g),
1114
(802.11g),
1115
.Cm h
1115
.Cm h
1116
or
1116
or
1117
.Cm n
1117
.Cm n
1118
(802.11n aka HT),
1118
(802.11n aka HT),
1119
.Cm s
1119
.Cm s
1120
(Atheros Static Turbo mode),
1120
(Atheros Static Turbo mode),
1121
and
1121
and
1122
.Cm t
1122
.Cm t
1123
(Atheros Dynamic Turbo mode, or appended to ``st'' and ``dt'').
1123
(Atheros Dynamic Turbo mode, or appended to ``st'' and ``dt'').
1124
The full set of channel widths following a '/' are:
1124
The full set of channel widths following a '/' are:
1125
.Cm 5
1125
.Cm 5
1126
(5MHz aka quarter-rate channel),
1126
(5MHz aka quarter-rate channel),
1127
.Cm 10
1127
.Cm 10
1128
(10MHz aka half-rate channel),
1128
(10MHz aka half-rate channel),
1129
.Cm 20
1129
.Cm 20
1130
(20MHz mostly for use in specifying ht20),
1130
(20MHz mostly for use in specifying ht20),
1131
and
1131
and
1132
.Cm 40
1132
.Cm 40
1133
(40MHz mostly for use in specifying ht40).
1133
(40MHz mostly for use in specifying ht40).
1134
In addition,
1134
In addition,
1135
a 40MHz HT channel specification may include the location
1135
a 40MHz HT channel specification may include the location
1136
of the extension channel by appending ``+'' or ``-'' for above and below,
1136
of the extension channel by appending ``+'' or ``-'' for above and below,
1137
respectively; e.g., ``2437:ht/40+'' specifies 40MHz wide HT operation
1137
respectively; e.g., ``2437:ht/40+'' specifies 40MHz wide HT operation
1138
with the center channel at frequency 2437 and the extension channel above.
1138
with the center channel at frequency 2437 and the extension channel above.
1139
.It Cm country Ar name
1139
.It Cm country Ar name
1140
Set the country code to use in calculating the regulatory constraints
1140
Set the country code to use in calculating the regulatory constraints
1141
for operation.
1141
for operation.
1142
In particular the set of available channels, how the wireless device
1142
In particular the set of available channels, how the wireless device
1143
will operation on the channels, and the maximum transmit power that
1143
will operation on the channels, and the maximum transmit power that
1144
can be used on a channel are defined by this setting.
1144
can be used on a channel are defined by this setting.
1145
Country/Region codes are specified as a 2-character abbreviation
1145
Country/Region codes are specified as a 2-character abbreviation
1146
defined by ISO 3166 or using a longer, but possibly ambiguous, spelling;
1146
defined by ISO 3166 or using a longer, but possibly ambiguous, spelling;
1147
e.g., "ES" and "Spain".
1147
e.g., "ES" and "Spain".
1148
The set of country codes are taken from
1148
The set of country codes are taken from
1149
.Pa /etc/regdomain.xml
1149
.Pa /etc/regdomain.xml
1150
and can also
1150
and can also
1151
be viewed with the ``list countries'' request.
1151
be viewed with the ``list countries'' request.
1152
Note that not all devices support changing the country code from a default
1152
Note that not all devices support changing the country code from a default
1153
setting; typically stored in EEPROM.
1153
setting; typically stored in EEPROM.
1154
See also
1154
See also
1155
.Cm regdomain ,
1155
.Cm regdomain ,
1156
.Cm indoor ,
1156
.Cm indoor ,
1157
.Cm outdoor ,
1157
.Cm outdoor ,
1158
and
1158
and
1159
.Cm anywhere .
1159
.Cm anywhere .
1160
.It Cm dfs
1160
.It Cm dfs
1161
Enable Dynamic Frequency Selection (DFS) as specified in 802.11h.
1161
Enable Dynamic Frequency Selection (DFS) as specified in 802.11h.
1162
DFS embodies several facilities including detection of overlapping
1162
DFS embodies several facilities including detection of overlapping
1163
radar signals, dynamic transmit power control, and channel selection
1163
radar signals, dynamic transmit power control, and channel selection
1164
according to a least-congested criteria.
1164
according to a least-congested criteria.
1165
DFS support is mandatory for some 5GHz frequencies in certain
1165
DFS support is mandatory for some 5GHz frequencies in certain
1166
locales (e.g., ETSI).
1166
locales (e.g., ETSI).
1167
By default DFS is enabled according to the regulatory definitions
1167
By default DFS is enabled according to the regulatory definitions
1168
specified in
1168
specified in
1169
.Pa /etc/regdomain.xml
1169
.Pa /etc/regdomain.xml
1170
and the current country code, regdomain,
1170
and the current country code, regdomain,
1171
and channel.
1171
and channel.
1172
Note the underlying device (and driver) must support radar detection
1172
Note the underlying device (and driver) must support radar detection
1173
for full DFS support to work.
1173
for full DFS support to work.
1174
To be fully compliant with the local regulatory agency frequencies that
1174
To be fully compliant with the local regulatory agency frequencies that
1175
require DFS should not be used unless it is fully supported.
1175
require DFS should not be used unless it is fully supported.
1176
Use
1176
Use
1177
.Fl dfs
1177
.Fl dfs
1178
to disable this functionality for testing.
1178
to disable this functionality for testing.
1179
.It Cm dotd
1179
.It Cm dotd
1180
Enable support for the 802.11d specification (default).
1180
Enable support for the 802.11d specification (default).
1181
When this support is enabled in station mode, beacon frames that advertise
1181
When this support is enabled in station mode, beacon frames that advertise
1182
a country code different than the currently configured country code will
1182
a country code different than the currently configured country code will
1183
cause an event to be dispatched to user applications.
1183
cause an event to be dispatched to user applications.
1184
This event can be used by the station to adopt that country code and
1184
This event can be used by the station to adopt that country code and
1185
operate according to the associated regulatory constraints.
1185
operate according to the associated regulatory constraints.
1186
When operating as an access point with 802.11d enabled the beacon and
1186
When operating as an access point with 802.11d enabled the beacon and
1187
probe response frames transmitted will advertise the current regulatory
1187
probe response frames transmitted will advertise the current regulatory
1188
domain settings.
1188
domain settings.
1189
To disable 802.11d use
1189
To disable 802.11d use
1190
.Fl dotd .
1190
.Fl dotd .
1191
.It Cm doth
1191
.It Cm doth
1192
Enable 802.11h support including spectrum management.
1192
Enable 802.11h support including spectrum management.
1193
When 802.11h is enabled beacon and probe response frames will have
1193
When 802.11h is enabled beacon and probe response frames will have
1194
the SpectrumMgt bit set in the capabilities field and
1194
the SpectrumMgt bit set in the capabilities field and
1195
country and power constraint information elements will be present.
1195
country and power constraint information elements will be present.
1196
802.11h support also includes handling Channel Switch Announcements (CSA)
1196
802.11h support also includes handling Channel Switch Announcements (CSA)
1197
which are a mechanism to coordinate channel changes by an access point.
1197
which are a mechanism to coordinate channel changes by an access point.
1198
By default 802.11h is enabled if the device is capable.
1198
By default 802.11h is enabled if the device is capable.
1199
To disable 802.11h use
1199
To disable 802.11h use
1200
.Fl doth .
1200
.Fl doth .
1201
.It Cm deftxkey Ar index
1201
.It Cm deftxkey Ar index
1202
Set the default key to use for transmission.
1202
Set the default key to use for transmission.
1203
Typically this is only set when using WEP encryption.
1203
Typically this is only set when using WEP encryption.
1204
Note that you must set a default transmit key
1204
Note that you must set a default transmit key
1205
for the system to know which key to use in encrypting outbound traffic.
1205
for the system to know which key to use in encrypting outbound traffic.
1206
The
1206
The
1207
.Cm weptxkey
1207
.Cm weptxkey
1208
is an alias for this request; it is provided for backwards compatibility.
1208
is an alias for this request; it is provided for backwards compatibility.
1209
.It Cm dtimperiod Ar period
1209
.It Cm dtimperiod Ar period
1210
Set the
1210
Set the
1211
DTIM
1211
DTIM
1212
period for transmitting buffered multicast data frames when
1212
period for transmitting buffered multicast data frames when
1213
operating in ap mode.
1213
operating in ap mode.
1214
The
1214
The
1215
.Ar period
1215
.Ar period
1216
specifies the number of beacon intervals between DTIM
1216
specifies the number of beacon intervals between DTIM
1217
and must be in the range 1 to 15.
1217
and must be in the range 1 to 15.
1218
By default DTIM is 1 (i.e., DTIM occurs at each beacon).
1218
By default DTIM is 1 (i.e., DTIM occurs at each beacon).
1219
.It Cm quiet
1219
.It Cm quiet
1220
Enable the use of quiet IE.
1220
Enable the use of quiet IE.
1221
Hostap will use this to silence other
1221
Hostap will use this to silence other
1222
stations to reduce interference for radar detection when
1222
stations to reduce interference for radar detection when
1223
operating on 5GHz frequency and doth support is enabled.
1223
operating on 5GHz frequency and doth support is enabled.
1224
Use
1224
Use
1225
.Fl quiet
1225
.Fl quiet
1226
to disable this functionality.
1226
to disable this functionality.
1227
.It Cm quiet_period Ar period
1227
.It Cm quiet_period Ar period
1228
Set the QUIET
1228
Set the QUIET
1229
.Ar period
1229
.Ar period
1230
to the number of beacon intervals between the start of regularly
1230
to the number of beacon intervals between the start of regularly
1231
scheduled quiet intervals defined by Quiet element.
1231
scheduled quiet intervals defined by Quiet element.
1232
.It Cm quiet_count Ar count
1232
.It Cm quiet_count Ar count
1233
Set the QUIET
1233
Set the QUIET
1234
.Ar count
1234
.Ar count
1235
to the number of TBTTs until the beacon interval during which the
1235
to the number of TBTTs until the beacon interval during which the
1236
next quiet interval shall start.
1236
next quiet interval shall start.
1237
A value of 1 indicates the quiet
1237
A value of 1 indicates the quiet
1238
interval will start during the beacon interval starting at the next
1238
interval will start during the beacon interval starting at the next
1239
TBTT.
1239
TBTT.
1240
A value 0 is reserved.
1240
A value 0 is reserved.
1241
.It Cm quiet_offset Ar offset
1241
.It Cm quiet_offset Ar offset
1242
Set the QUIET
1242
Set the QUIET
1243
.Ar offset
1243
.Ar offset
1244
to the offset of the start of the quiet interval from the TBTT
1244
to the offset of the start of the quiet interval from the TBTT
1245
specified by the Quiet count, expressed in TUs.
1245
specified by the Quiet count, expressed in TUs.
1246
The value of the
1246
The value of the
1247
.Ar offset
1247
.Ar offset
1248
shall be less than one beacon interval.
1248
shall be less than one beacon interval.
1249
.It Cm quiet_duration Ar dur
1249
.It Cm quiet_duration Ar dur
1250
Set the QUIET
1250
Set the QUIET
1251
.Ar dur
1251
.Ar dur
1252
to the duration of the Quiet interval, expressed in TUs.
1252
to the duration of the Quiet interval, expressed in TUs.
1253
The value should be less than beacon interval.
1253
The value should be less than beacon interval.
1254
.It Cm dturbo
1254
.It Cm dturbo
1255
Enable the use of Atheros Dynamic Turbo mode when communicating with
1255
Enable the use of Atheros Dynamic Turbo mode when communicating with
1256
another Dynamic Turbo-capable station.
1256
another Dynamic Turbo-capable station.
1257
Dynamic Turbo mode is an Atheros-specific mechanism by which
1257
Dynamic Turbo mode is an Atheros-specific mechanism by which
1258
stations switch between normal 802.11 operation and a ``boosted''
1258
stations switch between normal 802.11 operation and a ``boosted''
1259
mode in which a 40MHz wide channel is used for communication.
1259
mode in which a 40MHz wide channel is used for communication.
1260
Stations using Dynamic Turbo mode operate boosted only when the
1260
Stations using Dynamic Turbo mode operate boosted only when the
1261
channel is free of non-dturbo stations; when a non-dturbo station
1261
channel is free of non-dturbo stations; when a non-dturbo station
1262
is identified on the channel all stations will automatically drop
1262
is identified on the channel all stations will automatically drop
1263
back to normal operation.
1263
back to normal operation.
1264
By default, Dynamic Turbo mode is not enabled, even if the device is capable.
1264
By default, Dynamic Turbo mode is not enabled, even if the device is capable.
1265
Note that turbo mode (dynamic or static) is only allowed on some
1265
Note that turbo mode (dynamic or static) is only allowed on some
1266
channels depending on the regulatory constraints; use the
1266
channels depending on the regulatory constraints; use the
1267
.Cm list chan
1267
.Cm list chan
1268
command to identify the channels where turbo mode may be used.
1268
command to identify the channels where turbo mode may be used.
1269
To disable Dynamic Turbo mode use
1269
To disable Dynamic Turbo mode use
1270
.Fl dturbo .
1270
.Fl dturbo .
1271
.It Cm dwds
1271
.It Cm dwds
1272
Enable Dynamic WDS (DWDS) support.
1272
Enable Dynamic WDS (DWDS) support.
1273
DWDS is a facility by which 4-address traffic can be carried between
1273
DWDS is a facility by which 4-address traffic can be carried between
1274
stations operating in infrastructure mode.
1274
stations operating in infrastructure mode.
1275
A station first associates to an access point and authenticates using
1275
A station first associates to an access point and authenticates using
1276
normal procedures (e.g., WPA).
1276
normal procedures (e.g., WPA).
1277
Then 4-address frames are passed to carry traffic for stations
1277
Then 4-address frames are passed to carry traffic for stations
1278
operating on either side of the wireless link.
1278
operating on either side of the wireless link.
1279
DWDS extends the normal WDS mechanism by leveraging existing security
1279
DWDS extends the normal WDS mechanism by leveraging existing security
1280
protocols and eliminating static binding.
1280
protocols and eliminating static binding.
1281
.Pp
1281
.Pp
1282
When DWDS is enabled on an access point 4-address frames received from
1282
When DWDS is enabled on an access point 4-address frames received from
1283
an authorized station will generate a ``DWDS discovery'' event to user
1283
an authorized station will generate a ``DWDS discovery'' event to user
1284
applications.
1284
applications.
1285
This event should be used to create a WDS interface that is bound
1285
This event should be used to create a WDS interface that is bound
1286
to the remote station (and usually plumbed into a bridge).
1286
to the remote station (and usually plumbed into a bridge).
1287
Once the WDS interface is up and running 4-address traffic then logically
1287
Once the WDS interface is up and running 4-address traffic then logically
1288
flows through that interface.
1288
flows through that interface.
1289
.Pp
1289
.Pp
1290
When DWDS is enabled on a station, traffic with a destination address
1290
When DWDS is enabled on a station, traffic with a destination address
1291
different from the peer station are encapsulated in a 4-address frame
1291
different from the peer station are encapsulated in a 4-address frame
1292
and transmitted to the peer.
1292
and transmitted to the peer.
1293
All 4-address traffic uses the security information of the stations
1293
All 4-address traffic uses the security information of the stations
1294
(e.g., cryptographic keys).
1294
(e.g., cryptographic keys).
1295
A station is associated using 802.11n facilities may transport
1295
A station is associated using 802.11n facilities may transport
1296
4-address traffic using these same mechanisms; this depends on available
1296
4-address traffic using these same mechanisms; this depends on available
1297
resources and capabilities of the device.
1297
resources and capabilities of the device.
1298
The DWDS implementation guards against layer 2 routing loops of
1298
The DWDS implementation guards against layer 2 routing loops of
1299
multicast traffic.
1299
multicast traffic.
1300
.It Cm ff
1300
.It Cm ff
1301
Enable the use of Atheros Fast Frames when communicating with
1301
Enable the use of Atheros Fast Frames when communicating with
1302
another Fast Frames-capable station.
1302
another Fast Frames-capable station.
1303
Fast Frames are an encapsulation technique by which two 802.3
1303
Fast Frames are an encapsulation technique by which two 802.3
1304
frames are transmitted in a single 802.11 frame.
1304
frames are transmitted in a single 802.11 frame.
1305
This can noticeably improve throughput but requires that the
1305
This can noticeably improve throughput but requires that the
1306
receiving station understand how to decapsulate the frame.
1306
receiving station understand how to decapsulate the frame.
1307
Fast frame use is negotiated using the Atheros 802.11 vendor-specific
1307
Fast frame use is negotiated using the Atheros 802.11 vendor-specific
1308
protocol extension so enabling use is safe when communicating with
1308
protocol extension so enabling use is safe when communicating with
1309
non-Atheros devices.
1309
non-Atheros devices.
1310
By default, use of fast frames is enabled if the device is capable.
1310
By default, use of fast frames is enabled if the device is capable.
1311
To explicitly disable fast frames, use
1311
To explicitly disable fast frames, use
1312
.Fl ff .
1312
.Fl ff .
1313
.It Cm fragthreshold Ar length
1313
.It Cm fragthreshold Ar length
1314
Set the threshold for which transmitted frames are broken into fragments.
1314
Set the threshold for which transmitted frames are broken into fragments.
1315
The
1315
The
1316
.Ar length
1316
.Ar length
1317
argument is the frame size in bytes and must be in the range 256 to 2346.
1317
argument is the frame size in bytes and must be in the range 256 to 2346.
1318
Setting
1318
Setting
1319
.Ar length
1319
.Ar length
1320
to
1320
to
1321
.Li 2346 ,
1321
.Li 2346 ,
1322
.Cm any ,
1322
.Cm any ,
1323
or
1323
or
1324
.Cm -
1324
.Cm -
1325
disables transmit fragmentation.
1325
disables transmit fragmentation.
1326
Not all adapters honor the fragmentation threshold.
1326
Not all adapters honor the fragmentation threshold.
1327
.It Cm hidessid
1327
.It Cm hidessid
1328
When operating as an access point, do not broadcast the SSID
1328
When operating as an access point, do not broadcast the SSID
1329
in beacon frames or respond to probe request frames unless
1329
in beacon frames or respond to probe request frames unless
1330
they are directed to the ap (i.e., they include the ap's SSID).
1330
they are directed to the ap (i.e., they include the ap's SSID).
1331
By default, the SSID is included in beacon frames and
1331
By default, the SSID is included in beacon frames and
1332
undirected probe request frames are answered.
1332
undirected probe request frames are answered.
1333
To re-enable the broadcast of the SSID etc., use
1333
To re-enable the broadcast of the SSID etc., use
1334
.Fl hidessid .
1334
.Fl hidessid .
1335
.It Cm ht
1335
.It Cm ht
1336
Enable use of High Throughput (HT) when using 802.11n (default).
1336
Enable use of High Throughput (HT) when using 802.11n (default).
1337
The 802.11n specification includes mechanisms for operation
1337
The 802.11n specification includes mechanisms for operation
1338
on 20MHz and 40MHz wide channels using different signalling mechanisms
1338
on 20MHz and 40MHz wide channels using different signalling mechanisms
1339
than specified in 802.11b, 802.11g, and 802.11a.
1339
than specified in 802.11b, 802.11g, and 802.11a.
1340
Stations negotiate use of these facilities, termed HT20 and HT40,
1340
Stations negotiate use of these facilities, termed HT20 and HT40,
1341
when they associate.
1341
when they associate.
1342
To disable all use of 802.11n use
1342
To disable all use of 802.11n use
1343
.Fl ht .
1343
.Fl ht .
1344
To disable use of HT20 (e.g., to force only HT40 use) use
1344
To disable use of HT20 (e.g., to force only HT40 use) use
1345
.Fl ht20 .
1345
.Fl ht20 .
1346
To disable use of HT40 use
1346
To disable use of HT40 use
1347
.Fl ht40 .
1347
.Fl ht40 .
1348
.Pp
1348
.Pp
1349
HT configuration is used to ``auto promote'' operation
1349
HT configuration is used to ``auto promote'' operation
1350
when several choices are available.
1350
when several choices are available.
1351
For example, if a station associates to an 11n-capable access point
1351
For example, if a station associates to an 11n-capable access point
1352
it controls whether the station uses legacy operation, HT20, or HT40.
1352
it controls whether the station uses legacy operation, HT20, or HT40.
1353
When an 11n-capable device is setup as an access point and
1353
When an 11n-capable device is setup as an access point and
1354
Auto Channel Selection is used to locate a channel to operate on,
1354
Auto Channel Selection is used to locate a channel to operate on,
1355
HT configuration controls whether legacy, HT20, or HT40 operation is setup
1355
HT configuration controls whether legacy, HT20, or HT40 operation is setup
1356
on the selected channel.
1356
on the selected channel.
1357
If a fixed channel is specified for a station then HT configuration can
1357
If a fixed channel is specified for a station then HT configuration can
1358
be given as part of the channel specification; e.g., 6:ht/20 to setup
1358
be given as part of the channel specification; e.g., 6:ht/20 to setup
1359
HT20 operation on channel 6.
1359
HT20 operation on channel 6.
1360
.It Cm htcompat
1360
.It Cm htcompat
1361
Enable use of compatibility support for pre-802.11n devices (default).
1361
Enable use of compatibility support for pre-802.11n devices (default).
1362
The 802.11n protocol specification went through several incompatible iterations.
1362
The 802.11n protocol specification went through several incompatible iterations.
1363
Some vendors implemented 11n support to older specifications that
1363
Some vendors implemented 11n support to older specifications that
1364
will not interoperate with a purely 11n-compliant station.
1364
will not interoperate with a purely 11n-compliant station.
1365
In particular the information elements included in management frames
1365
In particular the information elements included in management frames
1366
for old devices are different.
1366
for old devices are different.
1367
When compatibility support is enabled both standard and compatible data
1367
When compatibility support is enabled both standard and compatible data
1368
will be provided.
1368
will be provided.
1369
Stations that associate using the compatibility mechanisms are flagged
1369
Stations that associate using the compatibility mechanisms are flagged
1370
in ``list sta''.
1370
in ``list sta''.
1371
To disable compatibility support use
1371
To disable compatibility support use
1372
.Fl htcompat .
1372
.Fl htcompat .
1373
.It Cm htprotmode Ar technique
1373
.It Cm htprotmode Ar technique
1374
For interfaces operating in 802.11n, use the specified
1374
For interfaces operating in 802.11n, use the specified
1375
.Ar technique
1375
.Ar technique
1376
for protecting HT frames in a mixed legacy/HT network.
1376
for protecting HT frames in a mixed legacy/HT network.
1377
The set of valid techniques is
1377
The set of valid techniques is
1378
.Cm off ,
1378
.Cm off ,
1379
and
1379
and
1380
.Cm rts
1380
.Cm rts
1381
(RTS/CTS, default).
1381
(RTS/CTS, default).
1382
Technique names are case insensitive.
1382
Technique names are case insensitive.
1383
.It Cm inact
1383
.It Cm inact
1384
Enable inactivity processing for stations associated to an
1384
Enable inactivity processing for stations associated to an
1385
access point (default).
1385
access point (default).
1386
When operating as an access point the 802.11 layer monitors
1386
When operating as an access point the 802.11 layer monitors
1387
the activity of each associated station.
1387
the activity of each associated station.
1388
When a station is inactive for 5 minutes it will send several
1388
When a station is inactive for 5 minutes it will send several
1389
``probe frames'' to see if the station is still present.
1389
``probe frames'' to see if the station is still present.
1390
If no response is received then the station is deauthenticated.
1390
If no response is received then the station is deauthenticated.
1391
Applications that prefer to handle this work can disable this
1391
Applications that prefer to handle this work can disable this
1392
facility by using
1392
facility by using
1393
.Fl inact .
1393
.Fl inact .
1394
.It Cm indoor
1394
.It Cm indoor
1395
Set the location to use in calculating regulatory constraints.
1395
Set the location to use in calculating regulatory constraints.
1396
The location is also advertised in beacon and probe response frames
1396
The location is also advertised in beacon and probe response frames
1397
when 802.11d is enabled with
1397
when 802.11d is enabled with
1398
.Cm dotd .
1398
.Cm dotd .
1399
See also
1399
See also
1400
.Cm outdoor ,
1400
.Cm outdoor ,
1401
.Cm anywhere ,
1401
.Cm anywhere ,
1402
.Cm country ,
1402
.Cm country ,
1403
and
1403
and
1404
.Cm regdomain .
1404
.Cm regdomain .
1405
.It Cm list active
1405
.It Cm list active
1406
Display the list of channels available for use taking into account
1406
Display the list of channels available for use taking into account
1407
any restrictions set with the
1407
any restrictions set with the
1408
.Cm chanlist
1408
.Cm chanlist
1409
directive.
1409
directive.
1410
See the description of
1410
See the description of
1411
.Cm list chan
1411
.Cm list chan
1412
for more information.
1412
for more information.
1413
.It Cm list caps
1413
.It Cm list caps
1414
Display the adaptor's capabilities, including the operating
1414
Display the adaptor's capabilities, including the operating
1415
modes supported.
1415
modes supported.
1416
.It Cm list chan
1416
.It Cm list chan
1417
Display the list of channels available for use.
1417
Display the list of channels available for use.
1418
Channels are shown with their IEEE channel number, equivalent
1418
Channels are shown with their IEEE channel number, equivalent
1419
frequency, and usage modes.
1419
frequency, and usage modes.
1420
Channels identified as
1420
Channels identified as
1421
.Ql 11g
1421
.Ql 11g
1422
are also usable in
1422
are also usable in
1423
.Ql 11b
1423
.Ql 11b
1424
mode.
1424
mode.
1425
Channels identified as
1425
Channels identified as
1426
.Ql 11a Turbo
1426
.Ql 11a Turbo
1427
may be used only for Atheros' Static Turbo mode
1427
may be used only for Atheros' Static Turbo mode
1428
(specified with
1428
(specified with
1429
. Cm mediaopt turbo ) .
1429
. Cm mediaopt turbo ) .
1430
Channels marked with a
1430
Channels marked with a
1431
.Ql *
1431
.Ql *
1432
have a regulatory constraint that they be passively scanned.
1432
have a regulatory constraint that they be passively scanned.
1433
This means a station is not permitted to transmit on the channel until
1433
This means a station is not permitted to transmit on the channel until
1434
it identifies the channel is being used for 802.11 communication;
1434
it identifies the channel is being used for 802.11 communication;
1435
typically by hearing a beacon frame from an access point operating
1435
typically by hearing a beacon frame from an access point operating
1436
on the channel.
1436
on the channel.
1437
.Cm list freq
1437
.Cm list freq
1438
is another way of requesting this information.
1438
is another way of requesting this information.
1439
By default a compacted list of channels is displayed; if the
1439
By default a compacted list of channels is displayed; if the
1440
.Fl v
1440
.Fl v
1441
option is specified then all channels are shown.
1441
option is specified then all channels are shown.
1442
.It Cm list countries
1442
.It Cm list countries
1443
Display the set of country codes and regulatory domains that can be
1443
Display the set of country codes and regulatory domains that can be
1444
used in regulatory configuration.
1444
used in regulatory configuration.
1445
.It Cm list mac
1445
.It Cm list mac
1446
Display the current MAC Access Control List state.
1446
Display the current MAC Access Control List state.
1447
Each address is prefixed with a character that indicates the
1447
Each address is prefixed with a character that indicates the
1448
current policy applied to it:
1448
current policy applied to it:
1449
.Ql +
1449
.Ql +
1450
indicates the address is allowed access,
1450
indicates the address is allowed access,
1451
.Ql -
1451
.Ql -
1452
indicates the address is denied access,
1452
indicates the address is denied access,
1453
.Ql *
1453
.Ql *
1454
indicates the address is present but the current policy open
1454
indicates the address is present but the current policy open
1455
(so the ACL is not consulted).
1455
(so the ACL is not consulted).
1456
.It Cm list mesh
1456
.It Cm list mesh
1457
Displays the mesh routing table, used for forwarding packets on a mesh
1457
Displays the mesh routing table, used for forwarding packets on a mesh
1458
network.
1458
network.
1459
.It Cm list regdomain
1459
.It Cm list regdomain
1460
Display the current regulatory settings including the available channels
1460
Display the current regulatory settings including the available channels
1461
and transmit power caps.
1461
and transmit power caps.
1462
.It Cm list roam
1462
.It Cm list roam
1463
Display the parameters that govern roaming operation.
1463
Display the parameters that govern roaming operation.
1464
.It Cm list txparam
1464
.It Cm list txparam
1465
Display the parameters that govern transmit operation.
1465
Display the parameters that govern transmit operation.
1466
.It Cm list txpower
1466
.It Cm list txpower
1467
Display the transmit power caps for each channel.
1467
Display the transmit power caps for each channel.
1468
.It Cm list scan
1468
.It Cm list scan
1469
Display the access points and/or ad-hoc neighbors
1469
Display the access points and/or ad-hoc neighbors
1470
located in the vicinity.
1470
located in the vicinity.
1471
This information may be updated automatically by the adapter
1471
This information may be updated automatically by the adapter
1472
with a
1472
with a
1473
.Cm scan
1473
.Cm scan
1474
request or through background scanning.
1474
request or through background scanning.
1475
Depending on the capabilities of the stations the following
1475
Depending on the capabilities of the stations the following
1476
flags can be included in the output:
1476
flags can be included in the output:
1477
.Bl -tag -width 3n
1477
.Bl -tag -width 3n
1478
.It Li A
1478
.It Li A
1479
Authorized.
1479
Authorized.
1480
Indicates that the station is permitted to send/receive data frames.
1480
Indicates that the station is permitted to send/receive data frames.
1481
.It Li E
1481
.It Li E
1482
Extended Rate Phy (ERP).
1482
Extended Rate Phy (ERP).
1483
Indicates that the station is operating in an 802.11g network
1483
Indicates that the station is operating in an 802.11g network
1484
using extended transmit rates.
1484
using extended transmit rates.
1485
.It Li H
1485
.It Li H
1486
High Throughput (HT).
1486
High Throughput (HT).
1487
Indicates that the station is using HT transmit rates.
1487
Indicates that the station is using HT transmit rates.
1488
If a `+' follows immediately after then the station associated
1488
If a `+' follows immediately after then the station associated
1489
using deprecated mechanisms supported only when
1489
using deprecated mechanisms supported only when
1490
.Cm htcompat
1490
.Cm htcompat
1491
is enabled.
1491
is enabled.
1492
.It Li P
1492
.It Li P
1493
Power Save.
1493
Power Save.
1494
Indicates that the station is operating in power save mode.
1494
Indicates that the station is operating in power save mode.
1495
.It Li Q
1495
.It Li Q
1496
Quality of Service (QoS).
1496
Quality of Service (QoS).
1497
Indicates that the station is using QoS encapsulation for
1497
Indicates that the station is using QoS encapsulation for
1498
data frame.
1498
data frame.
1499
QoS encapsulation is enabled only when WME mode is enabled.
1499
QoS encapsulation is enabled only when WME mode is enabled.
1500
.It Li S
1500
.It Li S
1501
Short Preamble.
1501
Short Preamble.
1502
Indicates that the station is doing short preamble to optionally
1502
Indicates that the station is doing short preamble to optionally
1503
improve throughput performance with 802.11g and 802.11b.
1503
improve throughput performance with 802.11g and 802.11b.
1504
.It Li T
1504
.It Li T
1505
Transitional Security Network (TSN).
1505
Transitional Security Network (TSN).
1506
Indicates that the station associated using TSN; see also
1506
Indicates that the station associated using TSN; see also
1507
.Cm tsn
1507
.Cm tsn
1508
below.
1508
below.
1509
.It Li W
1509
.It Li W
1510
Wi-Fi Protected Setup (WPS).
1510
Wi-Fi Protected Setup (WPS).
1511
Indicates that the station associated using WPS.
1511
Indicates that the station associated using WPS.
1512
.El
1512
.El
1513
.Pp
1513
.Pp
1514
By default interesting information elements captured from the neighboring
1514
By default interesting information elements captured from the neighboring
1515
stations are displayed at the end of each row.
1515
stations are displayed at the end of each row.
1516
Possible elements include:
1516
Possible elements include:
1517
.Cm WME
1517
.Cm WME
1518
(station supports WME),
1518
(station supports WME),
1519
.Cm WPA
1519
.Cm WPA
1520
(station supports WPA),
1520
(station supports WPA),
1521
.Cm WPS
1521
.Cm WPS
1522
(station supports WPS),
1522
(station supports WPS),
1523
.Cm RSN
1523
.Cm RSN
1524
(station supports 802.11i/RSN),
1524
(station supports 802.11i/RSN),
1525
.Cm HTCAP
1525
.Cm HTCAP
1526
(station supports 802.11n/HT communication),
1526
(station supports 802.11n/HT communication),
1527
.Cm ATH
1527
.Cm ATH
1528
(station supports Atheros protocol extensions),
1528
(station supports Atheros protocol extensions),
1529
.Cm VEN
1529
.Cm VEN
1530
(station supports unknown vendor-specific extensions).
1530
(station supports unknown vendor-specific extensions).
1531
If the
1531
If the
1532
.Fl v
1532
.Fl v
1533
flag is used all the information elements and their
1533
flag is used all the information elements and their
1534
contents will be shown.
1534
contents will be shown.
1535
Specifying the
1535
Specifying the
1536
.Fl v
1536
.Fl v
1537
flag also enables display of long SSIDs.
1537
flag also enables display of long SSIDs.
1538
The
1538
The
1539
.Cm list ap
1539
.Cm list ap
1540
command is another way of requesting this information.
1540
command is another way of requesting this information.
1541
.It Cm list sta
1541
.It Cm list sta
1542
When operating as an access point display the stations that are
1542
When operating as an access point display the stations that are
1543
currently associated.
1543
currently associated.
1544
When operating in ad-hoc mode display stations identified as
1544
When operating in ad-hoc mode display stations identified as
1545
neighbors in the IBSS.
1545
neighbors in the IBSS.
1546
When operating in mesh mode display stations identified as
1546
When operating in mesh mode display stations identified as
1547
neighbors in the MBSS.
1547
neighbors in the MBSS.
1548
When operating in station mode display the access point.
1548
When operating in station mode display the access point.
1549
Capabilities advertised by the stations are described under
1549
Capabilities advertised by the stations are described under
1550
the
1550
the
1551
.Cm scan
1551
.Cm scan
1552
request.
1552
request.
1553
Depending on the capabilities of the stations the following
1553
Depending on the capabilities of the stations the following
1554
flags can be included in the output:
1554
flags can be included in the output:
1555
.Bl -tag -width 3n
1555
.Bl -tag -width 3n
1556
.It Li A
1556
.It Li A
1557
Authorized.
1557
Authorized.
1558
Indicates that the station is permitted to send/receive data frames.
1558
Indicates that the station is permitted to send/receive data frames.
1559
.It Li E
1559
.It Li E
1560
Extended Rate Phy (ERP).
1560
Extended Rate Phy (ERP).
1561
Indicates that the station is operating in an 802.11g network
1561
Indicates that the station is operating in an 802.11g network
1562
using extended transmit rates.
1562
using extended transmit rates.
1563
.It Li H
1563
.It Li H
1564
High Throughput (HT).
1564
High Throughput (HT).
1565
Indicates that the station is using HT transmit rates.
1565
Indicates that the station is using HT transmit rates.
1566
If a `+' follows immediately after then the station associated
1566
If a `+' follows immediately after then the station associated
1567
using deprecated mechanisms supported only when
1567
using deprecated mechanisms supported only when
1568
.Cm htcompat
1568
.Cm htcompat
1569
is enabled.
1569
is enabled.
1570
.It Li P
1570
.It Li P
1571
Power Save.
1571
Power Save.
1572
Indicates that the station is operating in power save mode.
1572
Indicates that the station is operating in power save mode.
1573
.It Li Q
1573
.It Li Q
1574
Quality of Service (QoS).
1574
Quality of Service (QoS).
1575
Indicates that the station is using QoS encapsulation for
1575
Indicates that the station is using QoS encapsulation for
1576
data frame.
1576
data frame.
1577
QoS encapsulation is enabled only when WME mode is enabled.
1577
QoS encapsulation is enabled only when WME mode is enabled.
1578
.It Li S
1578
.It Li S
1579
Short Preamble.
1579
Short Preamble.
1580
Indicates that the station is doing short preamble to optionally
1580
Indicates that the station is doing short preamble to optionally
1581
improve throughput performance with 802.11g and 802.11b.
1581
improve throughput performance with 802.11g and 802.11b.
1582
.It Li T
1582
.It Li T
1583
Transitional Security Network (TSN).
1583
Transitional Security Network (TSN).
1584
Indicates that the station associated using TSN; see also
1584
Indicates that the station associated using TSN; see also
1585
.Cm tsn
1585
.Cm tsn
1586
below.
1586
below.
1587
.It Li W
1587
.It Li W
1588
Wi-Fi Protected Setup (WPS).
1588
Wi-Fi Protected Setup (WPS).
1589
Indicates that the station associated using WPS.
1589
Indicates that the station associated using WPS.
1590
.El
1590
.El
1591
.Pp
1591
.Pp
1592
By default information elements received from associated stations
1592
By default information elements received from associated stations
1593
are displayed in a short form; the
1593
are displayed in a short form; the
1594
.Fl v
1594
.Fl v
1595
flag causes this information to be displayed symbolically.
1595
flag causes this information to be displayed symbolically.
1596
.It Cm list wme
1596
.It Cm list wme
1597
Display the current channel parameters to use when operating in WME mode.
1597
Display the current channel parameters to use when operating in WME mode.
1598
If the
1598
If the
1599
.Fl v
1599
.Fl v
1600
option is specified then both channel and BSS parameters are displayed
1600
option is specified then both channel and BSS parameters are displayed
1601
for each AC (first channel, then BSS).
1601
for each AC (first channel, then BSS).
1602
When WME mode is enabled for an adaptor this information will be
1602
When WME mode is enabled for an adaptor this information will be
1603
displayed with the regular status; this command is mostly useful
1603
displayed with the regular status; this command is mostly useful
1604
for examining parameters when WME mode is disabled.
1604
for examining parameters when WME mode is disabled.
1605
See the description of the
1605
See the description of the
1606
.Cm wme
1606
.Cm wme
1607
directive for information on the various parameters.
1607
directive for information on the various parameters.
1608
.It Cm maxretry Ar count
1608
.It Cm maxretry Ar count
1609
Set the maximum number of tries to use in sending unicast frames.
1609
Set the maximum number of tries to use in sending unicast frames.
1610
The default setting is 6 but drivers may override this with a value
1610
The default setting is 6 but drivers may override this with a value
1611
they choose.
1611
they choose.
1612
.It Cm mcastrate Ar rate
1612
.It Cm mcastrate Ar rate
1613
Set the rate for transmitting multicast/broadcast frames.
1613
Set the rate for transmitting multicast/broadcast frames.
1614
Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s.
1614
Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s.
1615
This rate should be valid for the current operating conditions;
1615
This rate should be valid for the current operating conditions;
1616
if an invalid rate is specified drivers are free to chose an
1616
if an invalid rate is specified drivers are free to chose an
1617
appropriate rate.
1617
appropriate rate.
1618
.It Cm mgtrate Ar rate
1618
.It Cm mgtrate Ar rate
1619
Set the rate for transmitting management and/or control frames.
1619
Set the rate for transmitting management and/or control frames.
1620
Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s.
1620
Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s.
1621
.It Cm outdoor
1621
.It Cm outdoor
1622
Set the location to use in calculating regulatory constraints.
1622
Set the location to use in calculating regulatory constraints.
1623
The location is also advertised in beacon and probe response frames
1623
The location is also advertised in beacon and probe response frames
1624
when 802.11d is enabled with
1624
when 802.11d is enabled with
1625
.Cm dotd .
1625
.Cm dotd .
1626
See also
1626
See also
1627
.Cm anywhere ,
1627
.Cm anywhere ,
1628
.Cm country ,
1628
.Cm country ,
1629
.Cm indoor ,
1629
.Cm indoor ,
1630
and
1630
and
1631
.Cm regdomain .
1631
.Cm regdomain .
1632
.It Cm powersave
1632
.It Cm powersave
1633
Enable powersave operation.
1633
Enable powersave operation.
1634
When operating as a client, the station will conserve power by
1634
When operating as a client, the station will conserve power by
1635
periodically turning off the radio and listening for
1635
periodically turning off the radio and listening for
1636
messages from the access point telling it there are packets waiting.
1636
messages from the access point telling it there are packets waiting.
1637
The station must then retrieve the packets.
1637
The station must then retrieve the packets.
1638
Not all devices support power save operation as a client.
1638
Not all devices support power save operation as a client.
1639
The 802.11 specification requires that all access points support
1639
The 802.11 specification requires that all access points support
1640
power save but some drivers do not.
1640
power save but some drivers do not.
1641
Use
1641
Use
1642
.Fl powersave
1642
.Fl powersave
1643
to disable powersave operation when operating as a client.
1643
to disable powersave operation when operating as a client.
1644
.It Cm powersavesleep Ar sleep
1644
.It Cm powersavesleep Ar sleep
1645
Set the desired max powersave sleep time in TU's (1024 usecs).
1645
Set the desired max powersave sleep time in TU's (1024 usecs).
1646
By default the max powersave sleep time is 100 TU's.
1646
By default the max powersave sleep time is 100 TU's.
1647
.It Cm protmode Ar technique
1647
.It Cm protmode Ar technique
1648
For interfaces operating in 802.11g, use the specified
1648
For interfaces operating in 802.11g, use the specified
1649
.Ar technique
1649
.Ar technique
1650
for protecting OFDM frames in a mixed 11b/11g network.
1650
for protecting OFDM frames in a mixed 11b/11g network.
1651
The set of valid techniques is
1651
The set of valid techniques is
1652
.Cm off , cts
1652
.Cm off , cts
1653
(CTS to self),
1653
(CTS to self),
1654
and
1654
and
1655
.Cm rtscts
1655
.Cm rtscts
1656
(RTS/CTS).
1656
(RTS/CTS).
1657
Technique names are case insensitive.
1657
Technique names are case insensitive.
1658
Not all devices support
1658
Not all devices support
1659
.Cm cts
1659
.Cm cts
1660
as a protection technique.
1660
as a protection technique.
1661
.It Cm pureg
1661
.It Cm pureg
1662
When operating as an access point in 802.11g mode allow only
1662
When operating as an access point in 802.11g mode allow only
1663
11g-capable stations to associate (11b-only stations are not
1663
11g-capable stations to associate (11b-only stations are not
1664
permitted to associate).
1664
permitted to associate).
1665
To allow both 11g and 11b-only stations to associate, use
1665
To allow both 11g and 11b-only stations to associate, use
1666
.Fl pureg .
1666
.Fl pureg .
1667
.It Cm puren
1667
.It Cm puren
1668
When operating as an access point in 802.11n mode allow only
1668
When operating as an access point in 802.11n mode allow only
1669
HT-capable stations to associate (legacy stations are not
1669
HT-capable stations to associate (legacy stations are not
1670
permitted to associate).
1670
permitted to associate).
1671
To allow both HT and legacy stations to associate, use
1671
To allow both HT and legacy stations to associate, use
1672
.Fl puren .
1672
.Fl puren .
1673
.It Cm regdomain Ar sku
1673
.It Cm regdomain Ar sku
1674
Set the regulatory domain to use in calculating the regulatory constraints
1674
Set the regulatory domain to use in calculating the regulatory constraints
1675
for operation.
1675
for operation.
1676
In particular the set of available channels, how the wireless device
1676
In particular the set of available channels, how the wireless device
1677
will operation on the channels, and the maximum transmit power that
1677
will operation on the channels, and the maximum transmit power that
1678
can be used on a channel are defined by this setting.
1678
can be used on a channel are defined by this setting.
1679
Regdomain codes (SKU's) are taken from
1679
Regdomain codes (SKU's) are taken from
1680
.Pa /etc/regdomain.xml
1680
.Pa /etc/regdomain.xml
1681
and can also
1681
and can also
1682
be viewed with the ``list countries'' request.
1682
be viewed with the ``list countries'' request.
1683
Note that not all devices support changing the regdomain from a default
1683
Note that not all devices support changing the regdomain from a default
1684
setting; typically stored in EEPROM.
1684
setting; typically stored in EEPROM.
1685
See also
1685
See also
1686
.Cm country ,
1686
.Cm country ,
1687
.Cm indoor ,
1687
.Cm indoor ,
1688
.Cm outdoor ,
1688
.Cm outdoor ,
1689
and
1689
and
1690
.Cm anywhere .
1690
.Cm anywhere .
1691
.It Cm rifs
1691
.It Cm rifs
1692
Enable use of Reduced InterFrame Spacing (RIFS) when operating in 802.11n
1692
Enable use of Reduced InterFrame Spacing (RIFS) when operating in 802.11n
1693
on an HT channel.
1693
on an HT channel.
1694
Note that RIFS must be supported by both the station and access point
1694
Note that RIFS must be supported by both the station and access point
1695
for it to be used.
1695
for it to be used.
1696
To disable RIFS use
1696
To disable RIFS use
1697
.Fl rifs .
1697
.Fl rifs .
1698
.It Cm roam:rate Ar rate
1698
.It Cm roam:rate Ar rate
1699
Set the threshold for controlling roaming when operating in a BSS.
1699
Set the threshold for controlling roaming when operating in a BSS.
1700
The
1700
The
1701
.Ar rate
1701
.Ar rate
1702
parameter specifies the transmit rate in megabits
1702
parameter specifies the transmit rate in megabits
1703
at which roaming should be considered.
1703
at which roaming should be considered.
1704
If the current transmit rate drops below this setting and background scanning
1704
If the current transmit rate drops below this setting and background scanning
1705
is enabled, then the system will check if a more desirable access point is
1705
is enabled, then the system will check if a more desirable access point is
1706
available and switch over to it.
1706
available and switch over to it.
1707
The current scan cache contents are used if they are considered
1707
The current scan cache contents are used if they are considered
1708
valid according to the
1708
valid according to the
1709
.Cm scanvalid
1709
.Cm scanvalid
1710
parameter; otherwise a background scan operation is triggered before
1710
parameter; otherwise a background scan operation is triggered before
1711
any selection occurs.
1711
any selection occurs.
1712
Each channel type has a separate rate threshold; the default values are:
1712
Each channel type has a separate rate threshold; the default values are:
1713
12 Mb/s (11a), 2 Mb/s (11b), 2 Mb/s (11g), MCS 1 (11na, 11ng).
1713
12 Mb/s (11a), 2 Mb/s (11b), 2 Mb/s (11g), MCS 1 (11na, 11ng).
1714
.It Cm roam:rssi Ar rssi
1714
.It Cm roam:rssi Ar rssi
1715
Set the threshold for controlling roaming when operating in a BSS.
1715
Set the threshold for controlling roaming when operating in a BSS.
1716
The
1716
The
1717
.Ar rssi
1717
.Ar rssi
1718
parameter specifies the receive signal strength in dBm units
1718
parameter specifies the receive signal strength in dBm units
1719
at which roaming should be considered.
1719
at which roaming should be considered.
1720
If the current rssi drops below this setting and background scanning
1720
If the current rssi drops below this setting and background scanning
1721
is enabled, then the system will check if a more desirable access point is
1721
is enabled, then the system will check if a more desirable access point is
1722
available and switch over to it.
1722
available and switch over to it.
1723
The current scan cache contents are used if they are considered
1723
The current scan cache contents are used if they are considered
1724
valid according to the
1724
valid according to the
1725
.Cm scanvalid
1725
.Cm scanvalid
1726
parameter; otherwise a background scan operation is triggered before
1726
parameter; otherwise a background scan operation is triggered before
1727
any selection occurs.
1727
any selection occurs.
1728
Each channel type has a separate rssi threshold; the default values are
1728
Each channel type has a separate rssi threshold; the default values are
1729
all 7 dBm.
1729
all 7 dBm.
1730
.It Cm roaming Ar mode
1730
.It Cm roaming Ar mode
1731
When operating as a station, control how the system will
1731
When operating as a station, control how the system will
1732
behave when communication with the current access point
1732
behave when communication with the current access point
1733
is broken.
1733
is broken.
1734
The
1734
The
1735
.Ar mode
1735
.Ar mode
1736
argument may be one of
1736
argument may be one of
1737
.Cm device
1737
.Cm device
1738
(leave it to the hardware device to decide),
1738
(leave it to the hardware device to decide),
1739
.Cm auto
1739
.Cm auto
1740
(handle either in the device or the operating system\[em]as appropriate),
1740
(handle either in the device or the operating system\[em]as appropriate),
1741
.Cm manual
1741
.Cm manual
1742
(do nothing until explicitly instructed).
1742
(do nothing until explicitly instructed).
1743
By default, the device is left to handle this if it is
1743
By default, the device is left to handle this if it is
1744
capable; otherwise, the operating system will automatically
1744
capable; otherwise, the operating system will automatically
1745
attempt to reestablish communication.
1745
attempt to reestablish communication.
1746
Manual mode is used by applications such as
1746
Manual mode is used by applications such as
1747
.Xr wpa_supplicant 8
1747
.Xr wpa_supplicant 8
1748
that want to control the selection of an access point.
1748
that want to control the selection of an access point.
1749
.It Cm rtsthreshold Ar length
1749
.It Cm rtsthreshold Ar length
1750
Set the threshold for which
1750
Set the threshold for which
1751
transmitted frames are preceded by transmission of an
1751
transmitted frames are preceded by transmission of an
1752
RTS
1752
RTS
1753
control frame.
1753
control frame.
1754
The
1754
The
1755
.Ar length
1755
.Ar length
1756
argument
1756
argument
1757
is the frame size in bytes and must be in the range 1 to 2346.
1757
is the frame size in bytes and must be in the range 1 to 2346.
1758
Setting
1758
Setting
1759
.Ar length
1759
.Ar length
1760
to
1760
to
1761
.Li 2346 ,
1761
.Li 2346 ,
1762
.Cm any ,
1762
.Cm any ,
1763
or
1763
or
1764
.Cm -
1764
.Cm -
1765
disables transmission of RTS frames.
1765
disables transmission of RTS frames.
1766
Not all adapters support setting the RTS threshold.
1766
Not all adapters support setting the RTS threshold.
1767
.It Cm scan
1767
.It Cm scan
1768
Initiate a scan of neighboring stations, wait for it to complete, and
1768
Initiate a scan of neighboring stations, wait for it to complete, and
1769
display all stations found.
1769
display all stations found.
1770
Only the super-user can initiate a scan.
1770
Only the super-user can initiate a scan.
1771
See
1771
See
1772
.Cm list scan
1772
.Cm list scan
1773
for information on the display.
1773
for information on the display.
1774
By default a background scan is done; otherwise a foreground
1774
By default a background scan is done; otherwise a foreground
1775
scan is done and the station may roam to a different access point.
1775
scan is done and the station may roam to a different access point.
1776
The
1776
The
1777
.Cm list scan
1777
.Cm list scan
1778
request can be used to show recent scan results without
1778
request can be used to show recent scan results without
1779
initiating a new scan.
1779
initiating a new scan.
1780
.It Cm scanvalid Ar threshold
1780
.It Cm scanvalid Ar threshold
1781
Set the maximum time the scan cache contents are considered valid;
1781
Set the maximum time the scan cache contents are considered valid;
1782
i.e., will be used without first triggering a scan operation to
1782
i.e., will be used without first triggering a scan operation to
1783
refresh the data.
1783
refresh the data.
1784
The
1784
The
1785
.Ar threshold
1785
.Ar threshold
1786
parameter is specified in seconds and defaults to 60 seconds.
1786
parameter is specified in seconds and defaults to 60 seconds.
1787
The minimum setting for
1787
The minimum setting for
1788
.Ar threshold
1788
.Ar threshold
1789
is 10 seconds.
1789
is 10 seconds.
1790
One should take care setting this threshold; if it is set too low
1790
One should take care setting this threshold; if it is set too low
1791
then attempts to roam to another access point may trigger unnecessary
1791
then attempts to roam to another access point may trigger unnecessary
1792
background scan operations.
1792
background scan operations.
1793
.It Cm shortgi
1793
.It Cm shortgi
1794
Enable use of Short Guard Interval when operating in 802.11n
1794
Enable use of Short Guard Interval when operating in 802.11n
1795
on an HT channel.
1795
on an HT channel.
1796
NB: this currently enables Short GI on both HT40 and HT20 channels.
1796
NB: this currently enables Short GI on both HT40 and HT20 channels.
1797
To disable Short GI use
1797
To disable Short GI use
1798
.Fl shortgi .
1798
.Fl shortgi .
1799
.It Cm smps
1799
.It Cm smps
1800
Enable use of Static Spatial Multiplexing Power Save (SMPS)
1800
Enable use of Static Spatial Multiplexing Power Save (SMPS)
1801
when operating in 802.11n.
1801
when operating in 802.11n.
1802
A station operating with Static SMPS maintains only a single
1802
A station operating with Static SMPS maintains only a single
1803
receive chain active (this can significantly reduce power consumption).
1803
receive chain active (this can significantly reduce power consumption).
1804
To disable SMPS use
1804
To disable SMPS use
1805
.Fl smps .
1805
.Fl smps .
1806
.It Cm smpsdyn
1806
.It Cm smpsdyn
1807
Enable use of Dynamic Spatial Multiplexing Power Save (SMPS)
1807
Enable use of Dynamic Spatial Multiplexing Power Save (SMPS)
1808
when operating in 802.11n.
1808
when operating in 802.11n.
1809
A station operating with Dynamic SMPS maintains only a single
1809
A station operating with Dynamic SMPS maintains only a single
1810
receive chain active but switches to multiple receive chains when it
1810
receive chain active but switches to multiple receive chains when it
1811
receives an RTS frame (this can significantly reduce power consumption).
1811
receives an RTS frame (this can significantly reduce power consumption).
1812
Note that stations cannot distinguish between RTS/CTS intended to
1812
Note that stations cannot distinguish between RTS/CTS intended to
1813
enable multiple receive chains and those used for other purposes.
1813
enable multiple receive chains and those used for other purposes.
1814
To disable SMPS use
1814
To disable SMPS use
1815
.Fl smps .
1815
.Fl smps .
1816
.It Cm ssid Ar ssid
1816
.It Cm ssid Ar ssid
1817
Set the desired Service Set Identifier (aka network name).
1817
Set the desired Service Set Identifier (aka network name).
1818
The SSID is a string up to 32 characters
1818
The SSID is a string up to 32 characters
1819
in length and may be specified as either a normal string or in
1819
in length and may be specified as either a normal string or in
1820
hexadecimal when preceded by
1820
hexadecimal when preceded by
1821
.Ql 0x .
1821
.Ql 0x .
1822
Additionally, the SSID may be cleared by setting it to
1822
Additionally, the SSID may be cleared by setting it to
1823
.Ql - .
1823
.Ql - .
1824
.It Cm tdmaslot Ar slot
1824
.It Cm tdmaslot Ar slot
1825
When operating with TDMA, use the specified
1825
When operating with TDMA, use the specified
1826
.Ar slot
1826
.Ar slot
1827
configuration.
1827
configuration.
1828
The
1828
The
1829
.Ar slot
1829
.Ar slot
1830
is a number between 0 and the maximum number of slots in the BSS.
1830
is a number between 0 and the maximum number of slots in the BSS.
1831
Note that a station configured as slot 0 is a master and
1831
Note that a station configured as slot 0 is a master and
1832
will broadcast beacon frames advertising the BSS;
1832
will broadcast beacon frames advertising the BSS;
1833
stations configured to use other slots will always
1833
stations configured to use other slots will always
1834
scan to locate a master before they ever transmit.
1834
scan to locate a master before they ever transmit.
1835
By default
1835
By default
1836
.Cm tdmaslot
1836
.Cm tdmaslot
1837
is set to 1.
1837
is set to 1.
1838
.It Cm tdmaslotcnt Ar cnt
1838
.It Cm tdmaslotcnt Ar cnt
1839
When operating with TDMA, setup a BSS with
1839
When operating with TDMA, setup a BSS with
1840
.Ar cnt
1840
.Ar cnt
1841
slots.
1841
slots.
1842
The slot count may be at most 8.
1842
The slot count may be at most 8.
1843
The current implementation is only tested with two stations
1843
The current implementation is only tested with two stations
1844
(i.e., point to point applications).
1844
(i.e., point to point applications).
1845
This setting is only meaningful when a station is configured as slot 0;
1845
This setting is only meaningful when a station is configured as slot 0;
1846
other stations adopt this setting from the BSS they join.
1846
other stations adopt this setting from the BSS they join.
1847
By default
1847
By default
1848
.Cm tdmaslotcnt
1848
.Cm tdmaslotcnt
1849
is set to 2.
1849
is set to 2.
1850
.It Cm tdmaslotlen Ar len
1850
.It Cm tdmaslotlen Ar len
1851
When operating with TDMA, setup a BSS such that each station has a slot
1851
When operating with TDMA, setup a BSS such that each station has a slot
1852
.Ar len
1852
.Ar len
1853
microseconds long.
1853
microseconds long.
1854
The slot length must be at least 150 microseconds (1/8 TU)
1854
The slot length must be at least 150 microseconds (1/8 TU)
1855
and no more than 65 milliseconds.
1855
and no more than 65 milliseconds.
1856
Note that setting too small a slot length may result in poor channel
1856
Note that setting too small a slot length may result in poor channel
1857
bandwidth utilization due to factors such as timer granularity and
1857
bandwidth utilization due to factors such as timer granularity and
1858
guard time.
1858
guard time.
1859
This setting is only meaningful when a station is configured as slot 0;
1859
This setting is only meaningful when a station is configured as slot 0;
1860
other stations adopt this setting from the BSS they join.
1860
other stations adopt this setting from the BSS they join.
1861
By default
1861
By default
1862
.Cm tdmaslotlen
1862
.Cm tdmaslotlen
1863
is set to 10 milliseconds.
1863
is set to 10 milliseconds.
1864
.It Cm tdmabintval Ar intval
1864
.It Cm tdmabintval Ar intval
1865
When operating with TDMA, setup a BSS such that beacons are transmitted every
1865
When operating with TDMA, setup a BSS such that beacons are transmitted every
1866
.Ar intval
1866
.Ar intval
1867
superframes to synchronize the TDMA slot timing.
1867
superframes to synchronize the TDMA slot timing.
1868
A superframe is defined as the number of slots times the slot length; e.g.,
1868
A superframe is defined as the number of slots times the slot length; e.g.,
1869
a BSS with two slots of 10 milliseconds has a 20 millisecond superframe.
1869
a BSS with two slots of 10 milliseconds has a 20 millisecond superframe.
1870
The beacon interval may not be zero.
1870
The beacon interval may not be zero.
1871
A lower setting of
1871
A lower setting of
1872
.Cm tdmabintval
1872
.Cm tdmabintval
1873
causes the timers to be resynchronized more often; this can be help if
1873
causes the timers to be resynchronized more often; this can be help if
1874
significant timer drift is observed.
1874
significant timer drift is observed.
1875
By default
1875
By default
1876
.Cm tdmabintval
1876
.Cm tdmabintval
1877
is set to 5.
1877
is set to 5.
1878
.It Cm tsn
1878
.It Cm tsn
1879
When operating as an access point with WPA/802.11i allow legacy
1879
When operating as an access point with WPA/802.11i allow legacy
1880
stations to associate using static key WEP and open authentication.
1880
stations to associate using static key WEP and open authentication.
1881
To disallow legacy station use of WEP, use
1881
To disallow legacy station use of WEP, use
1882
.Fl tsn .
1882
.Fl tsn .
1883
.It Cm txpower Ar power
1883
.It Cm txpower Ar power
1884
Set the power used to transmit frames.
1884
Set the power used to transmit frames.
1885
The
1885
The
1886
.Ar power
1886
.Ar power
1887
argument is specified in .5 dBm units.
1887
argument is specified in .5 dBm units.
1888
Out of range values are truncated.
1888
Out of range values are truncated.
1889
Typically only a few discreet power settings are available and
1889
Typically only a few discreet power settings are available and
1890
the driver will use the setting closest to the specified value.
1890
the driver will use the setting closest to the specified value.
1891
Not all adapters support changing the transmit power.
1891
Not all adapters support changing the transmit power.
1892
.It Cm ucastrate Ar rate
1892
.It Cm ucastrate Ar rate
1893
Set a fixed rate for transmitting unicast frames.
1893
Set a fixed rate for transmitting unicast frames.
1894
Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s.
1894
Rates are specified as megabits/second in decimal; e.g.,\& 5.5 for 5.5 Mb/s.
1895
This rate should be valid for the current operating conditions;
1895
This rate should be valid for the current operating conditions;
1896
if an invalid rate is specified drivers are free to chose an
1896
if an invalid rate is specified drivers are free to chose an
1897
appropriate rate.
1897
appropriate rate.
1898
.It Cm wepmode Ar mode
1898
.It Cm wepmode Ar mode
1899
Set the desired WEP mode.
1899
Set the desired WEP mode.
1900
Not all adapters support all modes.
1900
Not all adapters support all modes.
1901
The set of valid modes is
1901
The set of valid modes is
1902
.Cm off , on ,
1902
.Cm off , on ,
1903
and
1903
and
1904
.Cm mixed .
1904
.Cm mixed .
1905
The
1905
The
1906
.Cm mixed
1906
.Cm mixed
1907
mode explicitly tells the adaptor to allow association with access
1907
mode explicitly tells the adaptor to allow association with access
1908
points which allow both encrypted and unencrypted traffic.
1908
points which allow both encrypted and unencrypted traffic.
1909
On these adapters,
1909
On these adapters,
1910
.Cm on
1910
.Cm on
1911
means that the access point must only allow encrypted connections.
1911
means that the access point must only allow encrypted connections.
1912
On other adapters,
1912
On other adapters,
1913
.Cm on
1913
.Cm on
1914
is generally another name for
1914
is generally another name for
1915
.Cm mixed .
1915
.Cm mixed .
1916
Modes are case insensitive.
1916
Modes are case insensitive.
1917
.It Cm weptxkey Ar index
1917
.It Cm weptxkey Ar index
1918
Set the WEP key to be used for transmission.
1918
Set the WEP key to be used for transmission.
1919
This is the same as setting the default transmission key with
1919
This is the same as setting the default transmission key with
1920
.Cm deftxkey .
1920
.Cm deftxkey .
1921
.It Cm wepkey Ar key Ns | Ns Ar index : Ns Ar key
1921
.It Cm wepkey Ar key Ns | Ns Ar index : Ns Ar key
1922
Set the selected WEP key.
1922
Set the selected WEP key.
1923
If an
1923
If an
1924
.Ar index
1924
.Ar index
1925
is not given, key 1 is set.
1925
is not given, key 1 is set.
1926
A WEP key will be either 5 or 13
1926
A WEP key will be either 5 or 13
1927
characters (40 or 104 bits) depending on the local network and the
1927
characters (40 or 104 bits) depending on the local network and the
1928
capabilities of the adaptor.
1928
capabilities of the adaptor.
1929
It may be specified either as a plain
1929
It may be specified either as a plain
1930
string or as a string of hexadecimal digits preceded by
1930
string or as a string of hexadecimal digits preceded by
1931
.Ql 0x .
1931
.Ql 0x .
1932
For maximum portability, hex keys are recommended;
1932
For maximum portability, hex keys are recommended;
1933
the mapping of text keys to WEP encryption is usually driver-specific.
1933
the mapping of text keys to WEP encryption is usually driver-specific.
1934
In particular, the
1934
In particular, the
1935
.Tn Windows
1935
.Tn Windows
1936
drivers do this mapping differently to
1936
drivers do this mapping differently to
1937
.Fx .
1937
.Fx .
1938
A key may be cleared by setting it to
1938
A key may be cleared by setting it to
1939
.Ql - .
1939
.Ql - .
1940
If WEP is supported then there are at least four keys.
1940
If WEP is supported then there are at least four keys.
1941
Some adapters support more than four keys.
1941
Some adapters support more than four keys.
1942
If that is the case, then the first four keys
1942
If that is the case, then the first four keys
1943
(1-4) will be the standard temporary keys and any others will be adaptor
1943
(1-4) will be the standard temporary keys and any others will be adaptor
1944
specific keys such as permanent keys stored in NVRAM.
1944
specific keys such as permanent keys stored in NVRAM.
1945
.Pp
1945
.Pp
1946
Note that you must set a default transmit key with
1946
Note that you must set a default transmit key with
1947
.Cm deftxkey
1947
.Cm deftxkey
1948
for the system to know which key to use in encrypting outbound traffic.
1948
for the system to know which key to use in encrypting outbound traffic.
1949
.It Cm wme
1949
.It Cm wme
1950
Enable Wireless Multimedia Extensions (WME) support, if available,
1950
Enable Wireless Multimedia Extensions (WME) support, if available,
1951
for the specified interface.
1951
for the specified interface.
1952
WME is a subset of the IEEE 802.11e standard to support the
1952
WME is a subset of the IEEE 802.11e standard to support the
1953
efficient communication of realtime and multimedia data.
1953
efficient communication of realtime and multimedia data.
1954
To disable WME support, use
1954
To disable WME support, use
1955
.Fl wme .
1955
.Fl wme .
1956
Another name for this parameter is
1956
Another name for this parameter is
1957
.Cm wmm .
1957
.Cm wmm .
1958
.Pp
1958
.Pp
1959
The following parameters are meaningful only when WME support is in use.
1959
The following parameters are meaningful only when WME support is in use.
1960
Parameters are specified per-AC (Access Category) and
1960
Parameters are specified per-AC (Access Category) and
1961
split into those that are used by a station when acting
1961
split into those that are used by a station when acting
1962
as an access point and those for client stations in the BSS.
1962
as an access point and those for client stations in the BSS.
1963
The latter are received from the access point and may not be changed
1963
The latter are received from the access point and may not be changed
1964
(at the station).
1964
(at the station).
1965
The following Access Categories are recognized:
1965
The following Access Categories are recognized:
1966
.Pp
1966
.Pp
1967
.Bl -tag -width ".Cm AC_BK" -compact
1967
.Bl -tag -width ".Cm AC_BK" -compact
1968
.It Cm AC_BE
1968
.It Cm AC_BE
1969
(or
1969
(or
1970
.Cm BE )
1970
.Cm BE )
1971
best effort delivery,
1971
best effort delivery,
1972
.It Cm AC_BK
1972
.It Cm AC_BK
1973
(or
1973
(or
1974
.Cm BK )
1974
.Cm BK )
1975
background traffic,
1975
background traffic,
1976
.It Cm AC_VI
1976
.It Cm AC_VI
1977
(or
1977
(or
1978
.Cm VI )
1978
.Cm VI )
1979
video traffic,
1979
video traffic,
1980
.It Cm AC_VO
1980
.It Cm AC_VO
1981
(or
1981
(or
1982
.Cm VO )
1982
.Cm VO )
1983
voice traffic.
1983
voice traffic.
1984
.El
1984
.El
1985
.Pp
1985
.Pp
1986
AC parameters are case-insensitive.
1986
AC parameters are case-insensitive.
1987
Traffic classification is done in the operating system using the
1987
Traffic classification is done in the operating system using the
1988
vlan priority associated with data frames or the
1988
vlan priority associated with data frames or the
1989
ToS (Type of Service) indication in IP-encapsulated frames.
1989
ToS (Type of Service) indication in IP-encapsulated frames.
1990
If neither information is present, traffic is assigned to the
1990
If neither information is present, traffic is assigned to the
1991
Best Effort (BE) category.
1991
Best Effort (BE) category.
1992
.Bl -tag -width indent
1992
.Bl -tag -width indent
1993
.It Cm ack Ar ac
1993
.It Cm ack Ar ac
1994
Set the ACK policy for QoS transmissions by the local station;
1994
Set the ACK policy for QoS transmissions by the local station;
1995
this controls whether or not data frames transmitted by a station
1995
this controls whether or not data frames transmitted by a station
1996
require an ACK response from the receiving station.
1996
require an ACK response from the receiving station.
1997
To disable waiting for an ACK use
1997
To disable waiting for an ACK use
1998
.Fl ack .
1998
.Fl ack .
1999
This parameter is applied only to the local station.
1999
This parameter is applied only to the local station.
2000
.It Cm acm Ar ac
2000
.It Cm acm Ar ac
2001
Enable the Admission Control Mandatory (ACM) mechanism
2001
Enable the Admission Control Mandatory (ACM) mechanism
2002
for transmissions by the local station.
2002
for transmissions by the local station.
2003
To disable the ACM use
2003
To disable the ACM use
2004
.Fl acm .
2004
.Fl acm .
2005
On stations in a BSS this parameter is read-only and indicates
2005
On stations in a BSS this parameter is read-only and indicates
2006
the setting received from the access point.
2006
the setting received from the access point.
2007
NB: ACM is not supported right now.
2007
NB: ACM is not supported right now.
2008
.It Cm aifs Ar ac Ar count
2008
.It Cm aifs Ar ac Ar count
2009
Set the Arbitration Inter Frame Spacing (AIFS)
2009
Set the Arbitration Inter Frame Spacing (AIFS)
2010
channel access parameter to use for transmissions
2010
channel access parameter to use for transmissions
2011
by the local station.
2011
by the local station.
2012
On stations in a BSS this parameter is read-only and indicates
2012
On stations in a BSS this parameter is read-only and indicates
2013
the setting received from the access point.
2013
the setting received from the access point.
2014
.It Cm cwmin Ar ac Ar count
2014
.It Cm cwmin Ar ac Ar count
2015
Set the CWmin channel access parameter to use for transmissions
2015
Set the CWmin channel access parameter to use for transmissions
2016
by the local station.
2016
by the local station.
2017
On stations in a BSS this parameter is read-only and indicates
2017
On stations in a BSS this parameter is read-only and indicates
2018
the setting received from the access point.
2018
the setting received from the access point.
2019
.It Cm cwmax Ar ac Ar count
2019
.It Cm cwmax Ar ac Ar count
2020
Set the CWmax channel access parameter to use for transmissions
2020
Set the CWmax channel access parameter to use for transmissions
2021
by the local station.
2021
by the local station.
2022
On stations in a BSS this parameter is read-only and indicates
2022
On stations in a BSS this parameter is read-only and indicates
2023
the setting received from the access point.
2023
the setting received from the access point.
2024
.It Cm txoplimit Ar ac Ar limit
2024
.It Cm txoplimit Ar ac Ar limit
2025
Set the Transmission Opportunity Limit channel access parameter
2025
Set the Transmission Opportunity Limit channel access parameter
2026
to use for transmissions by the local station.
2026
to use for transmissions by the local station.
2027
This parameter defines an interval of time when a WME station
2027
This parameter defines an interval of time when a WME station
2028
has the right to initiate transmissions onto the wireless medium.
2028
has the right to initiate transmissions onto the wireless medium.
2029
On stations in a BSS this parameter is read-only and indicates
2029
On stations in a BSS this parameter is read-only and indicates
2030
the setting received from the access point.
2030
the setting received from the access point.
2031
.It Cm bss:aifs Ar ac Ar count
2031
.It Cm bss:aifs Ar ac Ar count
2032
Set the AIFS channel access parameter to send to stations in a BSS.
2032
Set the AIFS channel access parameter to send to stations in a BSS.
2033
This parameter is meaningful only when operating in ap mode.
2033
This parameter is meaningful only when operating in ap mode.
2034
.It Cm bss:cwmin Ar ac Ar count
2034
.It Cm bss:cwmin Ar ac Ar count
2035
Set the CWmin channel access parameter to send to stations in a BSS.
2035
Set the CWmin channel access parameter to send to stations in a BSS.
2036
This parameter is meaningful only when operating in ap mode.
2036
This parameter is meaningful only when operating in ap mode.
2037
.It Cm bss:cwmax Ar ac Ar count
2037
.It Cm bss:cwmax Ar ac Ar count
2038
Set the CWmax channel access parameter to send to stations in a BSS.
2038
Set the CWmax channel access parameter to send to stations in a BSS.
2039
This parameter is meaningful only when operating in ap mode.
2039
This parameter is meaningful only when operating in ap mode.
2040
.It Cm bss:txoplimit Ar ac Ar limit
2040
.It Cm bss:txoplimit Ar ac Ar limit
2041
Set the TxOpLimit channel access parameter to send to stations in a BSS.
2041
Set the TxOpLimit channel access parameter to send to stations in a BSS.
2042
This parameter is meaningful only when operating in ap mode.
2042
This parameter is meaningful only when operating in ap mode.
2043
.El
2043
.El
2044
.It Cm wps
2044
.It Cm wps
2045
Enable Wireless Privacy Subscriber support.
2045
Enable Wireless Privacy Subscriber support.
2046
Note that WPS support requires a WPS-capable supplicant.
2046
Note that WPS support requires a WPS-capable supplicant.
2047
To disable this function use
2047
To disable this function use
2048
.Fl wps .
2048
.Fl wps .
2049
.El
2049
.El
2050
.Pp
2050
.Pp
2051
The following parameters support an optional access control list
2051
The following parameters support an optional access control list
2052
feature available with some adapters when operating in ap mode; see
2052
feature available with some adapters when operating in ap mode; see
2053
.Xr wlan_acl 4 .
2053
.Xr wlan_acl 4 .
2054
This facility allows an access point to accept/deny association
2054
This facility allows an access point to accept/deny association
2055
requests based on the MAC address of the station.
2055
requests based on the MAC address of the station.
2056
Note that this feature does not significantly enhance security
2056
Note that this feature does not significantly enhance security
2057
as MAC address spoofing is easy to do.
2057
as MAC address spoofing is easy to do.
2058
.Bl -tag -width indent
2058
.Bl -tag -width indent
2059
.It Cm mac:add Ar address
2059
.It Cm mac:add Ar address
2060
Add the specified MAC address to the database.
2060
Add the specified MAC address to the database.
2061
Depending on the policy setting association requests from the
2061
Depending on the policy setting association requests from the
2062
specified station will be allowed or denied.
2062
specified station will be allowed or denied.
2063
.It Cm mac:allow
2063
.It Cm mac:allow
2064
Set the ACL policy to permit association only by
2064
Set the ACL policy to permit association only by
2065
stations registered in the database.
2065
stations registered in the database.
2066
.It Cm mac:del Ar address
2066
.It Cm mac:del Ar address
2067
Delete the specified MAC address from the database.
2067
Delete the specified MAC address from the database.
2068
.It Cm mac:deny
2068
.It Cm mac:deny
2069
Set the ACL policy to deny association only by
2069
Set the ACL policy to deny association only by
2070
stations registered in the database.
2070
stations registered in the database.
2071
.It Cm mac:kick Ar address
2071
.It Cm mac:kick Ar address
2072
Force the specified station to be deauthenticated.
2072
Force the specified station to be deauthenticated.
2073
This typically is done to block a station after updating the
2073
This typically is done to block a station after updating the
2074
address database.
2074
address database.
2075
.It Cm mac:open
2075
.It Cm mac:open
2076
Set the ACL policy to allow all stations to associate.
2076
Set the ACL policy to allow all stations to associate.
2077
.It Cm mac:flush
2077
.It Cm mac:flush
2078
Delete all entries in the database.
2078
Delete all entries in the database.
2079
.It Cm mac:radius
2079
.It Cm mac:radius
2080
Set the ACL policy to permit association only by
2080
Set the ACL policy to permit association only by
2081
stations approved by a RADIUS server.
2081
stations approved by a RADIUS server.
2082
Note that this feature requires the
2082
Note that this feature requires the
2083
.Xr hostapd 8
2083
.Xr hostapd 8
2084
program be configured to do the right thing
2084
program be configured to do the right thing
2085
as it handles the RADIUS processing
2085
as it handles the RADIUS processing
2086
(and marks stations as authorized).
2086
(and marks stations as authorized).
2087
.El
2087
.El
2088
.Pp
2088
.Pp
2089
The following parameters are related to a wireless interface operating in mesh
2089
The following parameters are related to a wireless interface operating in mesh
2090
mode:
2090
mode:
2091
.Bl -tag -width indent
2091
.Bl -tag -width indent
2092
.It Cm meshid Ar meshid
2092
.It Cm meshid Ar meshid
2093
Set the desired Mesh Identifier.
2093
Set the desired Mesh Identifier.
2094
The Mesh ID is a string up to 32 characters in length.
2094
The Mesh ID is a string up to 32 characters in length.
2095
A mesh interface must have a Mesh Identifier specified
2095
A mesh interface must have a Mesh Identifier specified
2096
to reach an operational state.
2096
to reach an operational state.
2097
.It Cm meshttl Ar ttl
2097
.It Cm meshttl Ar ttl
2098
Set the desired ``time to live'' for mesh forwarded packets;
2098
Set the desired ``time to live'' for mesh forwarded packets;
2099
this is the number of hops a packet may be forwarded before
2099
this is the number of hops a packet may be forwarded before
2100
it is discarded.
2100
it is discarded.
2101
The default setting for
2101
The default setting for
2102
.Cm meshttl
2102
.Cm meshttl
2103
is 31.
2103
is 31.
2104
.It Cm meshpeering
2104
.It Cm meshpeering
2105
Enable or disable peering with neighbor mesh stations.
2105
Enable or disable peering with neighbor mesh stations.
2106
Stations must peer before any data packets can be exchanged.
2106
Stations must peer before any data packets can be exchanged.
2107
By default
2107
By default
2108
.Cm meshpeering
2108
.Cm meshpeering
2109
is enabled.
2109
is enabled.
2110
.It Cm meshforward
2110
.It Cm meshforward
2111
Enable or disable forwarding packets by a mesh interface.
2111
Enable or disable forwarding packets by a mesh interface.
2112
By default
2112
By default
2113
.Cm meshforward
2113
.Cm meshforward
2114
is enabled.
2114
is enabled.
2115
.It Cm meshgate
2115
.It Cm meshgate
2116
This attribute specifies whether or not the mesh STA activates mesh gate
2116
This attribute specifies whether or not the mesh STA activates mesh gate
2117
announcements.
2117
announcements.
2118
By default
2118
By default
2119
.Cm meshgate
2119
.Cm meshgate
2120
is disabled.
2120
is disabled.
2121
.It Cm meshmetric Ar protocol
2121
.It Cm meshmetric Ar protocol
2122
Set the specified
2122
Set the specified
2123
.Ar protocol
2123
.Ar protocol
2124
as the link metric protocol used on a mesh network.
2124
as the link metric protocol used on a mesh network.
2125
The default protocol is called
2125
The default protocol is called
2126
.Ar AIRTIME .
2126
.Ar AIRTIME .
2127
The mesh interface will restart after changing this setting.
2127
The mesh interface will restart after changing this setting.
2128
.It Cm meshpath Ar protocol
2128
.It Cm meshpath Ar protocol
2129
Set the specified
2129
Set the specified
2130
.Ar protocol
2130
.Ar protocol
2131
as the path selection protocol used on a mesh network.
2131
as the path selection protocol used on a mesh network.
2132
The only available protocol at the moment is called
2132
The only available protocol at the moment is called
2133
.Ar HWMP
2133
.Ar HWMP
2134
(Hybrid Wireless Mesh Protocol).
2134
(Hybrid Wireless Mesh Protocol).
2135
The mesh interface will restart after changing this setting.
2135
The mesh interface will restart after changing this setting.
2136
.It Cm hwmprootmode Ar mode
2136
.It Cm hwmprootmode Ar mode
2137
Stations on a mesh network can operate as ``root nodes.''
2137
Stations on a mesh network can operate as ``root nodes.''
2138
Root nodes try to find paths to all mesh nodes and advertise themselves
2138
Root nodes try to find paths to all mesh nodes and advertise themselves
2139
regularly.
2139
regularly.
2140
When there is a root mesh node on a network, other mesh nodes can setup
2140
When there is a root mesh node on a network, other mesh nodes can setup
2141
paths between themselves faster because they can use the root node
2141
paths between themselves faster because they can use the root node
2142
to find the destination.
2142
to find the destination.
2143
This path may not be the best, but on-demand
2143
This path may not be the best, but on-demand
2144
routing will eventually find the best path.
2144
routing will eventually find the best path.
2145
The following modes are recognized:
2145
The following modes are recognized:
2146
.Pp
2146
.Pp
2147
.Bl -tag -width ".Cm PROACTIVE" -compact
2147
.Bl -tag -width ".Cm PROACTIVE" -compact
2148
.It Cm DISABLED
2148
.It Cm DISABLED
2149
Disable root mode.
2149
Disable root mode.
2150
.It Cm NORMAL
2150
.It Cm NORMAL
2151
Send broadcast path requests every two seconds.
2151
Send broadcast path requests every two seconds.
2152
Nodes on the mesh without a path to this root mesh station with try to
2152
Nodes on the mesh without a path to this root mesh station with try to
2153
discover a path to us.
2153
discover a path to us.
2154
.It Cm PROACTIVE
2154
.It Cm PROACTIVE
2155
Send broadcast path requests every two seconds and every node must reply
2155
Send broadcast path requests every two seconds and every node must reply
2156
with a path reply even if it already has a path to this root mesh station.
2156
with a path reply even if it already has a path to this root mesh station.
2157
.It Cm RANN
2157
.It Cm RANN
2158
Send broadcast root announcement (RANN) frames.
2158
Send broadcast root announcement (RANN) frames.
2159
Nodes on the mesh without a path to this root mesh station with try to
2159
Nodes on the mesh without a path to this root mesh station with try to
2160
discover a path to us.
2160
discover a path to us.
2161
.El
2161
.El
2162
By default
2162
By default
2163
.Cm hwmprootmode
2163
.Cm hwmprootmode
2164
is set to
2164
is set to
2165
.Ar DISABLED .
2165
.Ar DISABLED .
2166
.It Cm hwmpmaxhops Ar cnt
2166
.It Cm hwmpmaxhops Ar cnt
2167
Set the maximum number of hops allowed in an HMWP path to
2167
Set the maximum number of hops allowed in an HMWP path to
2168
.Ar cnt .
2168
.Ar cnt .
2169
The default setting for
2169
The default setting for
2170
.Cm hwmpmaxhops
2170
.Cm hwmpmaxhops
2171
is 31.
2171
is 31.
2172
.El
2172
.El
2173
.Pp
2173
.Pp
2174
The following parameters are for compatibility with other systems:
2174
The following parameters are for compatibility with other systems:
2175
.Bl -tag -width indent
2175
.Bl -tag -width indent
2176
.It Cm nwid Ar ssid
2176
.It Cm nwid Ar ssid
2177
Another name for the
2177
Another name for the
2178
.Cm ssid
2178
.Cm ssid
2179
parameter.
2179
parameter.
2180
Included for
2180
Included for
2181
.Nx
2181
.Nx
2182
compatibility.
2182
compatibility.
2183
.It Cm stationname Ar name
2183
.It Cm stationname Ar name
2184
Set the name of this station.
2184
Set the name of this station.
2185
The station name is not part of the IEEE 802.11
2185
The station name is not part of the IEEE 802.11
2186
protocol though some interfaces support it.
2186
protocol though some interfaces support it.
2187
As such it only
2187
As such it only
2188
seems to be meaningful to identical or virtually identical equipment.
2188
seems to be meaningful to identical or virtually identical equipment.
2189
Setting the station name is identical in syntax to setting the SSID.
2189
Setting the station name is identical in syntax to setting the SSID.
2190
One can also use
2190
One can also use
2191
.Cm station
2191
.Cm station
2192
for
2192
for
2193
.Bsx
2193
.Bsx
2194
compatibility.
2194
compatibility.
2195
.It Cm wep
2195
.It Cm wep
2196
Another way of saying
2196
Another way of saying
2197
.Cm wepmode on .
2197
.Cm wepmode on .
2198
Included for
2198
Included for
2199
.Bsx
2199
.Bsx
2200
compatibility.
2200
compatibility.
2201
.It Fl wep
2201
.It Fl wep
2202
Another way of saying
2202
Another way of saying
2203
.Cm wepmode off .
2203
.Cm wepmode off .
2204
Included for
2204
Included for
2205
.Bsx
2205
.Bsx
2206
compatibility.
2206
compatibility.
2207
.It Cm nwkey key
2207
.It Cm nwkey key
2208
Another way of saying:
2208
Another way of saying:
2209
.Dq Li "wepmode on weptxkey 1 wepkey 1:key wepkey 2:- wepkey 3:- wepkey 4:-" .
2209
.Dq Li "wepmode on weptxkey 1 wepkey 1:key wepkey 2:- wepkey 3:- wepkey 4:-" .
2210
Included for
2210
Included for
2211
.Nx
2211
.Nx
2212
compatibility.
2212
compatibility.
2213
.It Cm nwkey Xo
2213
.It Cm nwkey Xo
2214
.Sm off
2214
.Sm off
2215
.Ar n : k1 , k2 , k3 , k4
2215
.Ar n : k1 , k2 , k3 , k4
2216
.Sm on
2216
.Sm on
2217
.Xc
2217
.Xc
2218
Another way of saying
2218
Another way of saying
2219
.Dq Li "wepmode on weptxkey n wepkey 1:k1 wepkey 2:k2 wepkey 3:k3 wepkey 4:k4" .
2219
.Dq Li "wepmode on weptxkey n wepkey 1:k1 wepkey 2:k2 wepkey 3:k3 wepkey 4:k4" .
2220
Included for
2220
Included for
2221
.Nx
2221
.Nx
2222
compatibility.
2222
compatibility.
2223
.It Fl nwkey
2223
.It Fl nwkey
2224
Another way of saying
2224
Another way of saying
2225
.Cm wepmode off .
2225
.Cm wepmode off .
2226
Included for
2226
Included for
2227
.Nx
2227
.Nx
2228
compatibility.
2228
compatibility.
2229
.El
2229
.El
2230
.Pp
2230
.Pp
2231
The following parameters are specific to bridge interfaces:
2231
The following parameters are specific to bridge interfaces:
2232
.Bl -tag -width indent
2232
.Bl -tag -width indent
2233
.It Cm addm Ar interface
2233
.It Cm addm Ar interface
2234
Add the interface named by
2234
Add the interface named by
2235
.Ar interface
2235
.Ar interface
2236
as a member of the bridge.
2236
as a member of the bridge.
2237
The interface is put into promiscuous mode
2237
The interface is put into promiscuous mode
2238
so that it can receive every packet sent on the network.
2238
so that it can receive every packet sent on the network.
2239
.It Cm deletem Ar interface
2239
.It Cm deletem Ar interface
2240
Remove the interface named by
2240
Remove the interface named by
2241
.Ar interface
2241
.Ar interface
2242
from the bridge.
2242
from the bridge.
2243
Promiscuous mode is disabled on the interface when
2243
Promiscuous mode is disabled on the interface when
2244
it is removed from the bridge.
2244
it is removed from the bridge.
2245
.It Cm maxaddr Ar size
2245
.It Cm maxaddr Ar size
2246
Set the size of the bridge address cache to
2246
Set the size of the bridge address cache to
2247
.Ar size .
2247
.Ar size .
2248
The default is 2000 entries.
2248
The default is 2000 entries.
2249
.It Cm timeout Ar seconds
2249
.It Cm timeout Ar seconds
2250
Set the timeout of address cache entries to
2250
Set the timeout of address cache entries to
2251
.Ar seconds
2251
.Ar seconds
2252
seconds.
2252
seconds.
2253
If
2253
If
2254
.Ar seconds
2254
.Ar seconds
2255
is zero, then address cache entries will not be expired.
2255
is zero, then address cache entries will not be expired.
2256
The default is 1200 seconds.
2256
The default is 1200 seconds.
2257
.It Cm addr
2257
.It Cm addr
2258
Display the addresses that have been learned by the bridge.
2258
Display the addresses that have been learned by the bridge.
2259
.It Cm static Ar interface-name Ar address
2259
.It Cm static Ar interface-name Ar address
2260
Add a static entry into the address cache pointing to
2260
Add a static entry into the address cache pointing to
2261
.Ar interface-name .
2261
.Ar interface-name .
2262
Static entries are never aged out of the cache or re-placed, even if the
2262
Static entries are never aged out of the cache or re-placed, even if the
2263
address is seen on a different interface.
2263
address is seen on a different interface.
2264
.It Cm deladdr Ar address
2264
.It Cm deladdr Ar address
2265
Delete
2265
Delete
2266
.Ar address
2266
.Ar address
2267
from the address cache.
2267
from the address cache.
2268
.It Cm flush
2268
.It Cm flush
2269
Delete all dynamically-learned addresses from the address cache.
2269
Delete all dynamically-learned addresses from the address cache.
2270
.It Cm flushall
2270
.It Cm flushall
2271
Delete all addresses, including static addresses, from the address cache.
2271
Delete all addresses, including static addresses, from the address cache.
2272
.It Cm discover Ar interface
2272
.It Cm discover Ar interface
2273
Mark an interface as a
2273
Mark an interface as a
2274
.Dq discovering
2274
.Dq discovering
2275
interface.
2275
interface.
2276
When the bridge has no address cache entry
2276
When the bridge has no address cache entry
2277
(either dynamic or static)
2277
(either dynamic or static)
2278
for the destination address of a packet,
2278
for the destination address of a packet,
2279
the bridge will forward the packet to all
2279
the bridge will forward the packet to all
2280
member interfaces marked as
2280
member interfaces marked as
2281
.Dq discovering .
2281
.Dq discovering .
2282
This is the default for all interfaces added to a bridge.
2282
This is the default for all interfaces added to a bridge.
2283
.It Cm -discover Ar interface
2283
.It Cm -discover Ar interface
2284
Clear the
2284
Clear the
2285
.Dq discovering
2285
.Dq discovering
2286
attribute on a member interface.
2286
attribute on a member interface.
2287
For packets without the
2287
For packets without the
2288
.Dq discovering
2288
.Dq discovering
2289
attribute, the only packets forwarded on the interface are broadcast
2289
attribute, the only packets forwarded on the interface are broadcast
2290
or multicast packets and packets for which the destination address
2290
or multicast packets and packets for which the destination address
2291
is known to be on the interface's segment.
2291
is known to be on the interface's segment.
2292
.It Cm learn Ar interface
2292
.It Cm learn Ar interface
2293
Mark an interface as a
2293
Mark an interface as a
2294
.Dq learning
2294
.Dq learning
2295
interface.
2295
interface.
2296
When a packet arrives on such an interface, the source
2296
When a packet arrives on such an interface, the source
2297
address of the packet is entered into the address cache as being a
2297
address of the packet is entered into the address cache as being a
2298
destination address on the interface's segment.
2298
destination address on the interface's segment.
2299
This is the default for all interfaces added to a bridge.
2299
This is the default for all interfaces added to a bridge.
2300
.It Cm -learn Ar interface
2300
.It Cm -learn Ar interface
2301
Clear the
2301
Clear the
2302
.Dq learning
2302
.Dq learning
2303
attribute on a member interface.
2303
attribute on a member interface.
2304
.It Cm sticky Ar interface
2304
.It Cm sticky Ar interface
2305
Mark an interface as a
2305
Mark an interface as a
2306
.Dq sticky
2306
.Dq sticky
2307
interface.
2307
interface.
2308
Dynamically learned address entries are treated at static once entered into
2308
Dynamically learned address entries are treated at static once entered into
2309
the cache.
2309
the cache.
2310
Sticky entries are never aged out of the cache or replaced, even if the
2310
Sticky entries are never aged out of the cache or replaced, even if the
2311
address is seen on a different interface.
2311
address is seen on a different interface.
2312
.It Cm -sticky Ar interface
2312
.It Cm -sticky Ar interface
2313
Clear the
2313
Clear the
2314
.Dq sticky
2314
.Dq sticky
2315
attribute on a member interface.
2315
attribute on a member interface.
2316
.It Cm private Ar interface
2316
.It Cm private Ar interface
2317
Mark an interface as a
2317
Mark an interface as a
2318
.Dq private
2318
.Dq private
2319
interface.
2319
interface.
2320
A private interface does not forward any traffic to any other port that is also
2320
A private interface does not forward any traffic to any other port that is also
2321
a private interface.
2321
a private interface.
2322
.It Cm -private Ar interface
2322
.It Cm -private Ar interface
2323
Clear the
2323
Clear the
2324
.Dq private
2324
.Dq private
2325
attribute on a member interface.
2325
attribute on a member interface.
2326
.It Cm span Ar interface
2326
.It Cm span Ar interface
2327
Add the interface named by
2327
Add the interface named by
2328
.Ar interface
2328
.Ar interface
2329
as a span port on the bridge.
2329
as a span port on the bridge.
2330
Span ports transmit a copy of every frame received by the bridge.
2330
Span ports transmit a copy of every frame received by the bridge.
2331
This is most useful for snooping a bridged network passively on
2331
This is most useful for snooping a bridged network passively on
2332
another host connected to one of the span ports of the bridge.
2332
another host connected to one of the span ports of the bridge.
2333
.It Cm -span Ar interface
2333
.It Cm -span Ar interface
2334
Delete the interface named by
2334
Delete the interface named by
2335
.Ar interface
2335
.Ar interface
2336
from the list of span ports of the bridge.
2336
from the list of span ports of the bridge.
2337
.It Cm stp Ar interface
2337
.It Cm stp Ar interface
2338
Enable Spanning Tree protocol on
2338
Enable Spanning Tree protocol on
2339
.Ar interface .
2339
.Ar interface .
2340
The
2340
The
2341
.Xr if_bridge 4
2341
.Xr if_bridge 4
2342
driver has support for the IEEE 802.1D Spanning Tree protocol (STP).
2342
driver has support for the IEEE 802.1D Spanning Tree protocol (STP).
2343
Spanning Tree is used to detect and remove loops in a network topology.
2343
Spanning Tree is used to detect and remove loops in a network topology.
2344
.It Cm -stp Ar interface
2344
.It Cm -stp Ar interface
2345
Disable Spanning Tree protocol on
2345
Disable Spanning Tree protocol on
2346
.Ar interface .
2346
.Ar interface .
2347
This is the default for all interfaces added to a bridge.
2347
This is the default for all interfaces added to a bridge.
2348
.It Cm edge Ar interface
2348
.It Cm edge Ar interface
2349
Set
2349
Set
2350
.Ar interface
2350
.Ar interface
2351
as an edge port.
2351
as an edge port.
2352
An edge port connects directly to end stations cannot create bridging
2352
An edge port connects directly to end stations cannot create bridging
2353
loops in the network, this allows it to transition straight to forwarding.
2353
loops in the network, this allows it to transition straight to forwarding.
2354
.It Cm -edge Ar interface
2354
.It Cm -edge Ar interface
2355
Disable edge status on
2355
Disable edge status on
2356
.Ar interface .
2356
.Ar interface .
2357
.It Cm autoedge Ar interface
2357
.It Cm autoedge Ar interface
2358
Allow
2358
Allow
2359
.Ar interface
2359
.Ar interface
2360
to automatically detect edge status.
2360
to automatically detect edge status.
2361
This is the default for all interfaces added to a bridge.
2361
This is the default for all interfaces added to a bridge.
2362
.It Cm -autoedge Ar interface
2362
.It Cm -autoedge Ar interface
2363
Disable automatic edge status on
2363
Disable automatic edge status on
2364
.Ar interface .
2364
.Ar interface .
2365
.It Cm ptp Ar interface
2365
.It Cm ptp Ar interface
2366
Set the
2366
Set the
2367
.Ar interface
2367
.Ar interface
2368
as a point to point link.
2368
as a point to point link.
2369
This is required for straight transitions to forwarding and
2369
This is required for straight transitions to forwarding and
2370
should be enabled on a direct link to another RSTP capable switch.
2370
should be enabled on a direct link to another RSTP capable switch.
2371
.It Cm -ptp Ar interface
2371
.It Cm -ptp Ar interface
2372
Disable point to point link status on
2372
Disable point to point link status on
2373
.Ar interface .
2373
.Ar interface .
2374
This should be disabled for a half duplex link and for an interface
2374
This should be disabled for a half duplex link and for an interface
2375
connected to a shared network segment,
2375
connected to a shared network segment,
2376
like a hub or a wireless network.
2376
like a hub or a wireless network.
2377
.It Cm autoptp Ar interface
2377
.It Cm autoptp Ar interface
2378
Automatically detect the point to point status on
2378
Automatically detect the point to point status on
2379
.Ar interface
2379
.Ar interface
2380
by checking the full duplex link status.
2380
by checking the full duplex link status.
2381
This is the default for interfaces added to the bridge.
2381
This is the default for interfaces added to the bridge.
2382
.It Cm -autoptp Ar interface
2382
.It Cm -autoptp Ar interface
2383
Disable automatic point to point link detection on
2383
Disable automatic point to point link detection on
2384
.Ar interface .
2384
.Ar interface .
2385
.It Cm maxage Ar seconds
2385
.It Cm maxage Ar seconds
2386
Set the time that a Spanning Tree protocol configuration is valid.
2386
Set the time that a Spanning Tree protocol configuration is valid.
2387
The default is 20 seconds.
2387
The default is 20 seconds.
2388
The minimum is 6 seconds and the maximum is 40 seconds.
2388
The minimum is 6 seconds and the maximum is 40 seconds.
2389
.It Cm fwddelay Ar seconds
2389
.It Cm fwddelay Ar seconds
2390
Set the time that must pass before an interface begins forwarding
2390
Set the time that must pass before an interface begins forwarding
2391
packets when Spanning Tree is enabled.
2391
packets when Spanning Tree is enabled.
2392
The default is 15 seconds.
2392
The default is 15 seconds.
2393
The minimum is 4 seconds and the maximum is 30 seconds.
2393
The minimum is 4 seconds and the maximum is 30 seconds.
2394
.It Cm hellotime Ar seconds
2394
.It Cm hellotime Ar seconds
2395
Set the time between broadcasting of Spanning Tree protocol
2395
Set the time between broadcasting of Spanning Tree protocol
2396
configuration messages.
2396
configuration messages.
2397
The hello time may only be changed when operating in legacy stp mode.
2397
The hello time may only be changed when operating in legacy stp mode.
2398
The default is 2 seconds.
2398
The default is 2 seconds.
2399
The minimum is 1 second and the maximum is 2 seconds.
2399
The minimum is 1 second and the maximum is 2 seconds.
2400
.It Cm priority Ar value
2400
.It Cm priority Ar value
2401
Set the bridge priority for Spanning Tree.
2401
Set the bridge priority for Spanning Tree.
2402
The default is 32768.
2402
The default is 32768.
2403
The minimum is 0 and the maximum is 61440.
2403
The minimum is 0 and the maximum is 61440.
2404
.It Cm proto Ar value
2404
.It Cm proto Ar value
2405
Set the Spanning Tree protocol.
2405
Set the Spanning Tree protocol.
2406
The default is rstp.
2406
The default is rstp.
2407
The available options are stp and rstp.
2407
The available options are stp and rstp.
2408
.It Cm holdcnt Ar value
2408
.It Cm holdcnt Ar value
2409
Set the transmit hold count for Spanning Tree.
2409
Set the transmit hold count for Spanning Tree.
2410
This is the number of packets transmitted before being rate limited.
2410
This is the number of packets transmitted before being rate limited.
2411
The default is 6.
2411
The default is 6.
2412
The minimum is 1 and the maximum is 10.
2412
The minimum is 1 and the maximum is 10.
2413
.It Cm ifpriority Ar interface Ar value
2413
.It Cm ifpriority Ar interface Ar value
2414
Set the Spanning Tree priority of
2414
Set the Spanning Tree priority of
2415
.Ar interface
2415
.Ar interface
2416
to
2416
to
2417
.Ar value .
2417
.Ar value .
2418
The default is 128.
2418
The default is 128.
2419
The minimum is 0 and the maximum is 240.
2419
The minimum is 0 and the maximum is 240.
2420
.It Cm ifpathcost Ar interface Ar value
2420
.It Cm ifpathcost Ar interface Ar value
2421
Set the Spanning Tree path cost of
2421
Set the Spanning Tree path cost of
2422
.Ar interface
2422
.Ar interface
2423
to
2423
to
2424
.Ar value .
2424
.Ar value .
2425
The default is calculated from the link speed.
2425
The default is calculated from the link speed.
2426
To change a previously selected path cost back to automatic, set the
2426
To change a previously selected path cost back to automatic, set the
2427
cost to 0.
2427
cost to 0.
2428
The minimum is 1 and the maximum is 200000000.
2428
The minimum is 1 and the maximum is 200000000.
2429
.It Cm ifmaxaddr Ar interface Ar size
2429
.It Cm ifmaxaddr Ar interface Ar size
2430
Set the maximum number of hosts allowed from an interface, packets with unknown
2430
Set the maximum number of hosts allowed from an interface, packets with unknown
2431
source addresses are dropped until an existing host cache entry expires or is
2431
source addresses are dropped until an existing host cache entry expires or is
2432
removed.
2432
removed.
2433
Set to 0 to disable.
2433
Set to 0 to disable.
2434
.El
2434
.El
2435
.Pp
2435
.Pp
2436
The following parameters are specific to lagg interfaces:
2436
The following parameters are specific to lagg interfaces:
2437
.Bl -tag -width indent
2437
.Bl -tag -width indent
2438
.It Cm laggport Ar interface
2438
.It Cm laggport Ar interface
2439
Add the interface named by
2439
Add the interface named by
2440
.Ar interface
2440
.Ar interface
2441
as a port of the aggregation interface.
2441
as a port of the aggregation interface.
2442
.It Cm -laggport Ar interface
2442
.It Cm -laggport Ar interface
2443
Remove the interface named by
2443
Remove the interface named by
2444
.Ar interface
2444
.Ar interface
2445
from the aggregation interface.
2445
from the aggregation interface.
2446
.It Cm laggproto Ar proto
2446
.It Cm laggproto Ar proto
2447
Set the aggregation protocol.
2447
Set the aggregation protocol.
2448
The default is
2448
The default is
2449
.Li failover .
2449
.Li failover .
2450
The available options are
2450
The available options are
2451
.Li failover ,
2451
.Li failover ,
2452
.Li lacp ,
2452
.Li lacp ,
2453
.Li loadbalance ,
2453
.Li loadbalance ,
2454
.Li roundrobin ,
2454
.Li roundrobin ,
2455
.Li broadcast
2455
.Li broadcast
2456
and
2456
and
2457
.Li none .
2457
.Li none .
2458
.It Cm lagghash Ar option Ns Oo , Ns Ar option Oc
2458
.It Cm lagghash Ar option Ns Oo , Ns Ar option Oc
2459
Set the packet layers to hash for aggregation protocols which load balance.
2459
Set the packet layers to hash for aggregation protocols which load balance.
2460
The default is
2460
The default is
2461
.Dq l2,l3,l4 .
2461
.Dq l2,l3,l4 .
2462
The options can be combined using commas.
2462
The options can be combined using commas.
2463
.Pp
2463
.Pp
2464
.Bl -tag -width ".Cm l2" -compact
2464
.Bl -tag -width ".Cm l2" -compact
2465
.It Cm l2
2465
.It Cm l2
2466
src/dst mac address and optional vlan number.
2466
src/dst mac address and optional vlan number.
2467
.It Cm l3
2467
.It Cm l3
2468
src/dst address for IPv4 or IPv6.
2468
src/dst address for IPv4 or IPv6.
2469
.It Cm l4
2469
.It Cm l4
2470
src/dst port for TCP/UDP/SCTP.
2470
src/dst port for TCP/UDP/SCTP.
2471
.El
2471
.El
2472
.It Cm -use_flowid
2472
.It Cm -use_flowid
2473
Enable local hash computation for RSS hash on the interface.
2473
Enable local hash computation for RSS hash on the interface.
2474
The
2474
The
2475
.Li loadbalance
2475
.Li loadbalance
2476
and
2476
and
2477
.Li lacp
2477
.Li lacp
2478
modes will use the RSS hash from the network card if available
2478
modes will use the RSS hash from the network card if available
2479
to avoid computing one, this may give poor traffic distribution
2479
to avoid computing one, this may give poor traffic distribution
2480
if the hash is invalid or uses less of the protocol header information.
2480
if the hash is invalid or uses less of the protocol header information.
2481
.Cm -use_flowid
2481
.Cm -use_flowid
2482
disables use of RSS hash from the network card.
2482
disables use of RSS hash from the network card.
2483
The default value can be set via the
2483
The default value can be set via the
2484
.Va net.link.lagg.default_use_flowid
2484
.Va net.link.lagg.default_use_flowid
2485
.Xr sysctl 8
2485
.Xr sysctl 8
2486
variable.
2486
variable.
2487
.Li 0
2487
.Li 0
2488
means
2488
means
2489
.Dq disabled
2489
.Dq disabled
2490
and
2490
and
2491
.Li 1
2491
.Li 1
2492
means
2492
means
2493
.Dq enabled .
2493
.Dq enabled .
2494
.It Cm use_flowid
2494
.It Cm use_flowid
2495
Use the RSS hash from the network card if available.
2495
Use the RSS hash from the network card if available.
2496
.It Cm flowid_shift Ar number
2496
.It Cm flowid_shift Ar number
2497
Set a shift parameter for RSS local hash computation.
2497
Set a shift parameter for RSS local hash computation.
2498
Hash is calculated by using flowid bits in a packet header mbuf
2498
Hash is calculated by using flowid bits in a packet header mbuf
2499
which are shifted by the number of this parameter.
2499
which are shifted by the number of this parameter.
2500
.It Cm use_numa
2500
.It Cm use_numa
2501
Enable selection of egress ports based on the native
2501
Enable selection of egress ports based on the native
2502
.Xr NUMA 4
2502
.Xr NUMA 4
2503
domain for the packets being transmitted.
2503
domain for the packets being transmitted.
2504
This is currently only implemented for lacp mode.
2504
This is currently only implemented for lacp mode.
2505
This works only on
2505
This works only on
2506
.Xr NUMA 4
2506
.Xr NUMA 4
2507
hardware, running a kernel compiled with the
2507
hardware, running a kernel compiled with the
2508
.Xr NUMA 4
2508
.Xr NUMA 4
2509
option, and when interfaces from multiple
2509
option, and when interfaces from multiple
2510
.Xr NUMA 4
2510
.Xr NUMA 4
2511
domains are ports of the aggregation interface.
2511
domains are ports of the aggregation interface.
2512
.It Cm -use_numa
2512
.It Cm -use_numa
2513
Disable selection of egress ports based on the native
2513
Disable selection of egress ports based on the native
2514
.Xr NUMA 4
2514
.Xr NUMA 4
2515
domain for the packets being transmitted.
2515
domain for the packets being transmitted.
2516
.It Cm lacp_fast_timeout
2516
.It Cm lacp_fast_timeout
2517
Enable lacp fast-timeout on the interface.
2517
Enable lacp fast-timeout on the interface.
2518
.It Cm -lacp_fast_timeout
2518
.It Cm -lacp_fast_timeout
2519
Disable lacp fast-timeout on the interface.
2519
Disable lacp fast-timeout on the interface.
2520
.It Cm lacp_strict
2520
.It Cm lacp_strict
2521
Enable lacp strict compliance on the interface.
2521
Enable lacp strict compliance on the interface.
2522
The default value can be set via the
2522
The default value can be set via the
2523
.Va net.link.lagg.lacp.default_strict_mode
2523
.Va net.link.lagg.lacp.default_strict_mode
2524
.Xr sysctl 8
2524
.Xr sysctl 8
2525
variable.
2525
variable.
2526
.Li 0
2526
.Li 0
2527
means
2527
means
2528
.Dq disabled
2528
.Dq disabled
2529
and
2529
and
2530
.Li 1
2530
.Li 1
2531
means
2531
means
2532
.Dq enabled .
2532
.Dq enabled .
2533
.It Cm -lacp_strict
2533
.It Cm -lacp_strict
2534
Disable lacp strict compliance on the interface.
2534
Disable lacp strict compliance on the interface.
2535
.El
2535
.El
2536
.Pp
2536
.Pp
2537
The following parameters apply to IP tunnel interfaces,
2537
The following parameters apply to IP tunnel interfaces,
2538
.Xr gif 4 :
2538
.Xr gif 4 :
2539
.Bl -tag -width indent
2539
.Bl -tag -width indent
2540
.It Cm tunnel Ar src_addr dest_addr
2540
.It Cm tunnel Ar src_addr dest_addr
2541
Configure the physical source and destination address for IP tunnel
2541
Configure the physical source and destination address for IP tunnel
2542
interfaces.
2542
interfaces.
2543
The arguments
2543
The arguments
2544
.Ar src_addr
2544
.Ar src_addr
2545
and
2545
and
2546
.Ar dest_addr
2546
.Ar dest_addr
2547
are interpreted as the outer source/destination for the encapsulating
2547
are interpreted as the outer source/destination for the encapsulating
2548
IPv4/IPv6 header.
2548
IPv4/IPv6 header.
2549
.It Fl tunnel
2549
.It Fl tunnel
2550
Unconfigure the physical source and destination address for IP tunnel
2550
Unconfigure the physical source and destination address for IP tunnel
2551
interfaces previously configured with
2551
interfaces previously configured with
2552
.Cm tunnel .
2552
.Cm tunnel .
2553
.It Cm deletetunnel
2553
.It Cm deletetunnel
2554
Another name for the
2554
Another name for the
2555
.Fl tunnel
2555
.Fl tunnel
2556
parameter.
2556
parameter.
2557
.It Cm accept_rev_ethip_ver
2557
.It Cm accept_rev_ethip_ver
2558
Set a flag to accept both correct EtherIP packets and ones
2558
Set a flag to accept both correct EtherIP packets and ones
2559
with reversed version field.
2559
with reversed version field.
2560
Enabled by default.
2560
Enabled by default.
2561
This is for backward compatibility with
2561
This is for backward compatibility with
2562
.Fx 6.1 ,
2562
.Fx 6.1 ,
2563
6.2, 6.3, 7.0, and 7.1.
2563
6.2, 6.3, 7.0, and 7.1.
2564
.It Cm -accept_rev_ethip_ver
2564
.It Cm -accept_rev_ethip_ver
2565
Clear a flag
2565
Clear a flag
2566
.Cm accept_rev_ethip_ver .
2566
.Cm accept_rev_ethip_ver .
2567
.It Cm ignore_source
2567
.It Cm ignore_source
2568
Set a flag to accept encapsulated packets destined to this host
2568
Set a flag to accept encapsulated packets destined to this host
2569
independently from source address.
2569
independently from source address.
2570
This may be useful for hosts, that receive encapsulated packets
2570
This may be useful for hosts, that receive encapsulated packets
2571
from the load balancers.
2571
from the load balancers.
2572
.It Cm -ignore_source
2572
.It Cm -ignore_source
2573
Clear a flag
2573
Clear a flag
2574
.Cm ignore_source .
2574
.Cm ignore_source .
2575
.It Cm send_rev_ethip_ver
2575
.It Cm send_rev_ethip_ver
2576
Set a flag to send EtherIP packets with reversed version
2576
Set a flag to send EtherIP packets with reversed version
2577
field intentionally.
2577
field intentionally.
2578
Disabled by default.
2578
Disabled by default.
2579
This is for backward compatibility with
2579
This is for backward compatibility with
2580
.Fx 6.1 ,
2580
.Fx 6.1 ,
2581
6.2, 6.3, 7.0, and 7.1.
2581
6.2, 6.3, 7.0, and 7.1.
2582
.It Cm -send_rev_ethip_ver
2582
.It Cm -send_rev_ethip_ver
2583
Clear a flag
2583
Clear a flag
2584
.Cm send_rev_ethip_ver .
2584
.Cm send_rev_ethip_ver .
2585
.El
2585
.El
2586
.Pp
2586
.Pp
2587
The following parameters apply to GRE tunnel interfaces,
2587
The following parameters apply to GRE tunnel interfaces,
2588
.Xr gre 4 :
2588
.Xr gre 4 :
2589
.Bl -tag -width indent
2589
.Bl -tag -width indent
2590
.It Cm tunnel Ar src_addr dest_addr
2590
.It Cm tunnel Ar src_addr dest_addr
2591
Configure the physical source and destination address for GRE tunnel
2591
Configure the physical source and destination address for GRE tunnel
2592
interfaces.
2592
interfaces.
2593
The arguments
2593
The arguments
2594
.Ar src_addr
2594
.Ar src_addr
2595
and
2595
and
2596
.Ar dest_addr
2596
.Ar dest_addr
2597
are interpreted as the outer source/destination for the encapsulating
2597
are interpreted as the outer source/destination for the encapsulating
2598
IPv4/IPv6 header.
2598
IPv4/IPv6 header.
2599
.It Fl tunnel
2599
.It Fl tunnel
2600
Unconfigure the physical source and destination address for GRE tunnel
2600
Unconfigure the physical source and destination address for GRE tunnel
2601
interfaces previously configured with
2601
interfaces previously configured with
2602
.Cm tunnel .
2602
.Cm tunnel .
2603
.It Cm deletetunnel
2603
.It Cm deletetunnel
2604
Another name for the
2604
Another name for the
2605
.Fl tunnel
2605
.Fl tunnel
2606
parameter.
2606
parameter.
2607
.It Cm grekey Ar key
2607
.It Cm grekey Ar key
2608
Configure the GRE key to be used for outgoing packets.
2608
Configure the GRE key to be used for outgoing packets.
2609
Note that
2609
Note that
2610
.Xr gre 4 will always accept GRE packets with invalid or absent keys.
2610
.Xr gre 4 will always accept GRE packets with invalid or absent keys.
2611
This command will result in a four byte MTU reduction on the interface.
2611
This command will result in a four byte MTU reduction on the interface.
2612
.El
2612
.El
2613
.Pp
2613
.Pp
2614
The following parameters are specific to
2614
The following parameters are specific to
2615
.Xr pfsync 4
2615
.Xr pfsync 4
2616
interfaces:
2616
interfaces:
2617
.Bl -tag -width indent
2617
.Bl -tag -width indent
2618
.It Cm syncdev Ar iface
2618
.It Cm syncdev Ar iface
2619
Use the specified interface
2619
Use the specified interface
2620
to send and receive pfsync state synchronisation messages.
2620
to send and receive pfsync state synchronisation messages.
2621
.It Fl syncdev
2621
.It Fl syncdev
2622
Stop sending pfsync state synchronisation messages over the network.
2622
Stop sending pfsync state synchronisation messages over the network.
2623
.It Cm syncpeer Ar peer_address
2623
.It Cm syncpeer Ar peer_address
2624
Make the pfsync link point-to-point rather than using
2624
Make the pfsync link point-to-point rather than using
2625
multicast to broadcast the state synchronisation messages.
2625
multicast to broadcast the state synchronisation messages.
2626
The peer_address is the IP address of the other host taking part in
2626
The peer_address is the IP address of the other host taking part in
2627
the pfsync cluster.
2627
the pfsync cluster.
2628
.It Fl syncpeer
2628
.It Fl syncpeer
2629
Broadcast the packets using multicast.
2629
Broadcast the packets using multicast.
2630
.It Cm maxupd Ar n
2630
.It Cm maxupd Ar n
2631
Set the maximum number of updates for a single state which
2631
Set the maximum number of updates for a single state which
2632
can be collapsed into one.
2632
can be collapsed into one.
2633
This is an 8-bit number; the default value is 128.
2633
This is an 8-bit number; the default value is 128.
2634
.It Cm defer
2634
.It Cm defer
2635
Defer transmission of the first packet in a state until a peer has
2635
Defer transmission of the first packet in a state until a peer has
2636
acknowledged that the associated state has been inserted.
2636
acknowledged that the associated state has been inserted.
2637
.It Fl defer
2637
.It Fl defer
2638
Do not defer the first packet in a state.
2638
Do not defer the first packet in a state.
2639
This is the default.
2639
This is the default.
2640
.El
2640
.El
2641
.Pp
2641
.Pp
2642
The following parameters are specific to
2642
The following parameters are specific to
2643
.Xr vlan 4
2643
.Xr vlan 4
2644
interfaces:
2644
interfaces:
2645
.Bl -tag -width indent
2645
.Bl -tag -width indent
2646
.It Cm vlan Ar vlan_tag
2646
.It Cm vlan Ar vlan_tag
2647
Set the VLAN tag value to
2647
Set the VLAN tag value to
2648
.Ar vlan_tag .
2648
.Ar vlan_tag .
2649
This value is a 12-bit VLAN Identifier (VID) which is used to create an 802.1Q
2649
This value is a 12-bit VLAN Identifier (VID) which is used to create an 802.1Q
2650
VLAN header for packets sent from the
2650
VLAN header for packets sent from the
2651
.Xr vlan 4
2651
.Xr vlan 4
2652
interface.
2652
interface.
2653
Note that
2653
Note that
2654
.Cm vlan
2654
.Cm vlan
2655
and
2655
and
2656
.Cm vlandev
2656
.Cm vlandev
2657
must both be set at the same time.
2657
must both be set at the same time.
2658
.It Cm vlanpcp Ar priority_code_point
2658
.It Cm vlanpcp Ar priority_code_point
2659
Priority code point
2659
Priority code point
2660
.Pq Dv PCP
2660
.Pq Dv PCP
2661
is an 3-bit field which refers to the IEEE 802.1p
2661
is an 3-bit field which refers to the IEEE 802.1p
2662
class of service and maps to the frame priority level.
2662
class of service and maps to the frame priority level.
2663
.Pp
2663
.Pp
2664
Values in order of priority are:
2664
Values in order of priority are:
2665
.Cm 1
2665
.Cm 1
2666
.Pq Dv Background (lowest) ,
2666
.Pq Dv Background (lowest) ,
2667
.Cm 0
2667
.Cm 0
2668
.Pq Dv Best effort (default) ,
2668
.Pq Dv Best effort (default) ,
2669
.Cm 2
2669
.Cm 2
2670
.Pq Dv Excellent effort ,
2670
.Pq Dv Excellent effort ,
2671
.Cm 3
2671
.Cm 3
2672
.Pq Dv Critical applications ,
2672
.Pq Dv Critical applications ,
2673
.Cm 4
2673
.Cm 4
2674
.Pq Dv Video, < 100ms latency ,
2674
.Pq Dv Video, < 100ms latency ,
2675
.Cm 5
2675
.Cm 5
2676
.Pq Dv Video, < 10ms latency ,
2676
.Pq Dv Video, < 10ms latency ,
2677
.Cm 6
2677
.Cm 6
2678
.Pq Dv Internetwork control ,
2678
.Pq Dv Internetwork control ,
2679
.Cm 7
2679
.Cm 7
2680
.Pq Dv Network control (highest) .
2680
.Pq Dv Network control (highest) .
2681
.It Cm vlandev Ar iface
2681
.It Cm vlandev Ar iface
2682
Associate the physical interface
2682
Associate the physical interface
2683
.Ar iface
2683
.Ar iface
2684
with a
2684
with a
2685
.Xr vlan 4
2685
.Xr vlan 4
2686
interface.
2686
interface.
2687
Packets transmitted through the
2687
Packets transmitted through the
2688
.Xr vlan 4
2688
.Xr vlan 4
2689
interface will be
2689
interface will be
2690
diverted to the specified physical interface
2690
diverted to the specified physical interface
2691
.Ar iface
2691
.Ar iface
2692
with 802.1Q VLAN encapsulation.
2692
with 802.1Q VLAN encapsulation.
2693
Packets with 802.1Q encapsulation received
2693
Packets with 802.1Q encapsulation received
2694
by the parent interface with the correct VLAN Identifier will be diverted to
2694
by the parent interface with the correct VLAN Identifier will be diverted to
2695
the associated
2695
the associated
2696
.Xr vlan 4
2696
.Xr vlan 4
2697
pseudo-interface.
2697
pseudo-interface.
2698
The
2698
The
2699
.Xr vlan 4
2699
.Xr vlan 4
2700
interface is assigned a
2700
interface is assigned a
2701
copy of the parent interface's flags and the parent's Ethernet address.
2701
copy of the parent interface's flags and the parent's Ethernet address.
2702
The
2702
The
2703
.Cm vlandev
2703
.Cm vlandev
2704
and
2704
and
2705
.Cm vlan
2705
.Cm vlan
2706
must both be set at the same time.
2706
must both be set at the same time.
2707
If the
2707
If the
2708
.Xr vlan 4
2708
.Xr vlan 4
2709
interface already has
2709
interface already has
2710
a physical interface associated with it, this command will fail.
2710
a physical interface associated with it, this command will fail.
2711
To
2711
To
2712
change the association to another physical interface, the existing
2712
change the association to another physical interface, the existing
2713
association must be cleared first.
2713
association must be cleared first.
2714
.Pp
2714
.Pp
2715
Note: if the hardware tagging capability
2715
Note: if the hardware tagging capability
2716
is set on the parent interface, the
2716
is set on the parent interface, the
2717
.Xr vlan 4
2717
.Xr vlan 4
2718
pseudo
2718
pseudo
2719
interface's behavior changes:
2719
interface's behavior changes:
2720
the
2720
the
2721
.Xr vlan 4
2721
.Xr vlan 4
2722
interface recognizes that the
2722
interface recognizes that the
2723
parent interface supports insertion and extraction of VLAN tags on its
2723
parent interface supports insertion and extraction of VLAN tags on its
2724
own (usually in firmware) and that it should pass packets to and from
2724
own (usually in firmware) and that it should pass packets to and from
2725
the parent unaltered.
2725
the parent unaltered.
2726
.It Fl vlandev Op Ar iface
2726
.It Fl vlandev Op Ar iface
2727
If the driver is a
2727
If the driver is a
2728
.Xr vlan 4
2728
.Xr vlan 4
2729
pseudo device, disassociate the parent interface from it.
2729
pseudo device, disassociate the parent interface from it.
2730
This breaks the link between the
2730
This breaks the link between the
2731
.Xr vlan 4
2731
.Xr vlan 4
2732
interface and its parent,
2732
interface and its parent,
2733
clears its VLAN Identifier, flags and its link address and shuts the interface
2733
clears its VLAN Identifier, flags and its link address and shuts the interface
2734
down.
2734
down.
2735
The
2735
The
2736
.Ar iface
2736
.Ar iface
2737
argument is useless and hence deprecated.
2737
argument is useless and hence deprecated.
2738
.El
2738
.El
2739
.Pp
2739
.Pp
2740
The following parameters are used to configure
2740
The following parameters are used to configure
2741
.Xr vxlan 4
2741
.Xr vxlan 4
2742
interfaces.
2742
interfaces.
2743
.Bl -tag -width indent
2743
.Bl -tag -width indent
2744
.It Cm vxlanid Ar identifier
2744
.It Cm vxlanid Ar identifier
2745
This value is a 24-bit VXLAN Network Identifier (VNI) that identifies the
2745
This value is a 24-bit VXLAN Network Identifier (VNI) that identifies the
2746
virtual network segment membership of the interface.
2746
virtual network segment membership of the interface.
2747
.It Cm vxlanlocal Ar address
2747
.It Cm vxlanlocal Ar address
2748
The source address used in the encapsulating IPv4/IPv6 header.
2748
The source address used in the encapsulating IPv4/IPv6 header.
2749
The address should already be assigned to an existing interface.
2749
The address should already be assigned to an existing interface.
2750
When the interface is configured in unicast mode, the listening socket
2750
When the interface is configured in unicast mode, the listening socket
2751
is bound to this address.
2751
is bound to this address.
2752
.It Cm vxlanremote Ar address
2752
.It Cm vxlanremote Ar address
2753
The interface can be configured in a unicast, or point-to-point, mode
2753
The interface can be configured in a unicast, or point-to-point, mode
2754
to create a tunnel between two hosts.
2754
to create a tunnel between two hosts.
2755
This is the IP address of the remote end of the tunnel.
2755
This is the IP address of the remote end of the tunnel.
2756
.It Cm vxlangroup Ar address
2756
.It Cm vxlangroup Ar address
2757
The interface can be configured in a multicast mode
2757
The interface can be configured in a multicast mode
2758
to create a virtual network of hosts.
2758
to create a virtual network of hosts.
2759
This is the IP multicast group address the interface will join.
2759
This is the IP multicast group address the interface will join.
2760
.It Cm vxlanlocalport Ar port
2760
.It Cm vxlanlocalport Ar port
2761
The port number the interface will listen on.
2761
The port number the interface will listen on.
2762
The default port number is 4789.
2762
The default port number is 4789.
2763
.It Cm vxlanremoteport Ar port
2763
.It Cm vxlanremoteport Ar port
2764
The destination port number used in the encapsulating IPv4/IPv6 header.
2764
The destination port number used in the encapsulating IPv4/IPv6 header.
2765
The remote host should be listening on this port.
2765
The remote host should be listening on this port.
2766
The default port number is 4789.
2766
The default port number is 4789.
2767
Note some other implementations, such as Linux,
2767
Note some other implementations, such as Linux,
2768
do not default to the IANA assigned port,
2768
do not default to the IANA assigned port,
2769
but instead listen on port 8472.
2769
but instead listen on port 8472.
2770
.It Cm vxlanportrange Ar low high
2770
.It Cm vxlanportrange Ar low high
2771
The range of source ports used in the encapsulating IPv4/IPv6 header.
2771
The range of source ports used in the encapsulating IPv4/IPv6 header.
2772
The port selected within the range is based on a hash of the inner frame.
2772
The port selected within the range is based on a hash of the inner frame.
2773
A range is useful to provide entropy within the outer IP header
2773
A range is useful to provide entropy within the outer IP header
2774
for more effective load balancing.
2774
for more effective load balancing.
2775
The default range is between the
2775
The default range is between the
2776
.Xr sysctl 8
2776
.Xr sysctl 8
2777
variables
2777
variables
2778
.Va net.inet.ip.portrange.first
2778
.Va net.inet.ip.portrange.first
2779
and
2779
and
2780
.Va net.inet.ip.portrange.last
2780
.Va net.inet.ip.portrange.last
2781
.It Cm vxlantimeout Ar timeout
2781
.It Cm vxlantimeout Ar timeout
2782
The maximum time, in seconds, before an entry in the forwarding table
2782
The maximum time, in seconds, before an entry in the forwarding table
2783
is pruned.
2783
is pruned.
2784
The default is 1200 seconds (20 minutes).
2784
The default is 1200 seconds (20 minutes).
2785
.It Cm vxlanmaxaddr Ar max
2785
.It Cm vxlanmaxaddr Ar max
2786
The maximum number of entries in the forwarding table.
2786
The maximum number of entries in the forwarding table.
2787
The default is 2000.
2787
The default is 2000.
2788
.It Cm vxlandev Ar dev
2788
.It Cm vxlandev Ar dev
2789
When the interface is configured in multicast mode, the
2789
When the interface is configured in multicast mode, the
2790
.Cm dev
2790
.Cm dev
2791
interface is used to transmit IP multicast packets.
2791
interface is used to transmit IP multicast packets.
2792
.It Cm vxlanttl Ar ttl
2792
.It Cm vxlanttl Ar ttl
2793
The TTL used in the encapsulating IPv4/IPv6 header.
2793
The TTL used in the encapsulating IPv4/IPv6 header.
2794
The default is 64.
2794
The default is 64.
2795
.It Cm vxlanlearn
2795
.It Cm vxlanlearn
2796
The source IP address and inner source Ethernet MAC address of
2796
The source IP address and inner source Ethernet MAC address of
2797
received packets are used to dynamically populate the forwarding table.
2797
received packets are used to dynamically populate the forwarding table.
2798
When in multicast mode, an entry in the forwarding table allows the
2798
When in multicast mode, an entry in the forwarding table allows the
2799
interface to send the frame directly to the remote host instead of
2799
interface to send the frame directly to the remote host instead of
2800
broadcasting the frame to the multicast group.
2800
broadcasting the frame to the multicast group.
2801
This is the default.
2801
This is the default.
2802
.It Fl vxlanlearn
2802
.It Fl vxlanlearn
2803
The forwarding table is not populated by received packets.
2803
The forwarding table is not populated by received packets.
2804
.It Cm vxlanflush
2804
.It Cm vxlanflush
2805
Delete all dynamically-learned addresses from the forwarding table.
2805
Delete all dynamically-learned addresses from the forwarding table.
2806
.It Cm vxlanflushall
2806
.It Cm vxlanflushall
2807
Delete all addresses, including static addresses, from the forwarding table.
2807
Delete all addresses, including static addresses, from the forwarding table.
2808
.El
2808
.El
2809
.Pp
2809
.Pp
2810
The following parameters are used to configure
2810
The following parameters are used to configure
2811
.Xr carp 4
2811
.Xr carp 4
2812
protocol on an interface:
2812
protocol on an interface:
2813
.Bl -tag -width indent
2813
.Bl -tag -width indent
2814
.It Cm vhid Ar n
2814
.It Cm vhid Ar n
2815
Set the virtual host ID.
2815
Set the virtual host ID.
2816
This is a required setting to initiate
2816
This is a required setting to initiate
2817
.Xr carp 4 .
2817
.Xr carp 4 .
2818
If the virtual host ID does not exist yet, it is created and attached to the
2818
If the virtual host ID does not exist yet, it is created and attached to the
2819
interface, otherwise configuration of an existing vhid is adjusted.
2819
interface, otherwise configuration of an existing vhid is adjusted.
2820
If the
2820
If the
2821
.Cm vhid
2821
.Cm vhid
2822
keyword is supplied along with an
2822
keyword is supplied along with an
2823
.Dq inet6
2823
.Dq inet6
2824
or
2824
or
2825
.Dq inet
2825
.Dq inet
2826
address, then this address is configured to be run under control of the
2826
address, then this address is configured to be run under control of the
2827
specified vhid.
2827
specified vhid.
2828
Whenever a last address that refers to a particular vhid is removed from an
2828
Whenever a last address that refers to a particular vhid is removed from an
2829
interface, the vhid is automatically removed from interface and destroyed.
2829
interface, the vhid is automatically removed from interface and destroyed.
2830
Any other configuration parameters for the
2830
Any other configuration parameters for the
2831
.Xr carp 4
2831
.Xr carp 4
2832
protocol should be supplied along with the
2832
protocol should be supplied along with the
2833
.Cm vhid
2833
.Cm vhid
2834
keyword.
2834
keyword.
2835
Acceptable values for vhid are 1 to 255.
2835
Acceptable values for vhid are 1 to 255.
2836
.It Cm advbase Ar seconds
2836
.It Cm advbase Ar seconds
2837
Specifies the base of the advertisement interval in seconds.
2837
Specifies the base of the advertisement interval in seconds.
2838
The acceptable values are 1 to 255.
2838
The acceptable values are 1 to 255.
2839
The default value is 1.
2839
The default value is 1.
2840
.It Cm advskew Ar interval
2840
.It Cm advskew Ar interval
2841
Specifies the skew to add to the base advertisement interval to
2841
Specifies the skew to add to the base advertisement interval to
2842
make one host advertise slower than another host.
2842
make one host advertise slower than another host.
2843
It is specified in 1/256 of seconds.
2843
It is specified in 1/256 of seconds.
2844
The acceptable values are 1 to 254.
2844
The acceptable values are 0 to 240.
2845
The default value is 0.
2845
The default value is 0.
2846
.It Cm pass Ar phrase
2846
.It Cm pass Ar phrase
2847
Set the authentication key to
2847
Set the authentication key to
2848
.Ar phrase .
2848
.Ar phrase .
2849
.It Cm state Ar MASTER|BACKUP
2849
.It Cm state Ar MASTER|BACKUP
2850
Forcibly change state of a given vhid.
2850
Forcibly change state of a given vhid.
2851
.El
2851
.El
2852
.Pp
2852
.Pp
2853
The
2853
The
2854
.Nm
2854
.Nm
2855
utility displays the current configuration for a network interface
2855
utility displays the current configuration for a network interface
2856
when no optional parameters are supplied.
2856
when no optional parameters are supplied.
2857
If a protocol family is specified,
2857
If a protocol family is specified,
2858
.Nm
2858
.Nm
2859
will report only the details specific to that protocol family.
2859
will report only the details specific to that protocol family.
2860
.Pp
2860
.Pp
2861
If the
2861
If the
2862
.Fl m
2862
.Fl m
2863
flag is passed before an interface name,
2863
flag is passed before an interface name,
2864
.Nm
2864
.Nm
2865
will display the capability list and all
2865
will display the capability list and all
2866
of the supported media for the specified interface.
2866
of the supported media for the specified interface.
2867
If
2867
If
2868
.Fl L
2868
.Fl L
2869
flag is supplied, address lifetime is displayed for IPv6 addresses,
2869
flag is supplied, address lifetime is displayed for IPv6 addresses,
2870
as time offset string.
2870
as time offset string.
2871
.Pp
2871
.Pp
2872
Optionally, the
2872
Optionally, the
2873
.Fl a
2873
.Fl a
2874
flag may be used instead of an interface name.
2874
flag may be used instead of an interface name.
2875
This flag instructs
2875
This flag instructs
2876
.Nm
2876
.Nm
2877
to display information about all interfaces in the system.
2877
to display information about all interfaces in the system.
2878
The
2878
The
2879
.Fl d
2879
.Fl d
2880
flag limits this to interfaces that are down, and
2880
flag limits this to interfaces that are down, and
2881
.Fl u
2881
.Fl u
2882
limits this to interfaces that are up.
2882
limits this to interfaces that are up.
2883
When no arguments are given,
2883
When no arguments are given,
2884
.Fl a
2884
.Fl a
2885
is implied.
2885
is implied.
2886
.Pp
2886
.Pp
2887
The
2887
The
2888
.Fl l
2888
.Fl l
2889
flag may be used to list all available interfaces on the system, with
2889
flag may be used to list all available interfaces on the system, with
2890
no other additional information.
2890
no other additional information.
2891
If an
2891
If an
2892
.Ar address_family
2892
.Ar address_family
2893
is specified, only interfaces of that type will be listed.
2893
is specified, only interfaces of that type will be listed.
2894
.Fl l Dq ether
2894
.Fl l Dq ether
2895
will list only Ethernet adapters, excluding the loopback interface.
2895
will list only Ethernet adapters, excluding the loopback interface.
2896
Use of this flag is mutually exclusive
2896
Use of this flag is mutually exclusive
2897
with all other flags and commands, except for
2897
with all other flags and commands, except for
2898
.Fl d
2898
.Fl d
2899
(only list interfaces that are down)
2899
(only list interfaces that are down)
2900
and
2900
and
2901
.Fl u
2901
.Fl u
2902
(only list interfaces that are up).
2902
(only list interfaces that are up).
2903
.Pp
2903
.Pp
2904
The
2904
The
2905
.Fl v
2905
.Fl v
2906
flag may be used to get more verbose status for an interface.
2906
flag may be used to get more verbose status for an interface.
2907
.Pp
2907
.Pp
2908
The
2908
The
2909
.Fl C
2909
.Fl C
2910
flag may be used to list all of the interface cloners available on
2910
flag may be used to list all of the interface cloners available on
2911
the system, with no additional information.
2911
the system, with no additional information.
2912
Use of this flag is mutually exclusive with all other flags and commands.
2912
Use of this flag is mutually exclusive with all other flags and commands.
2913
.Pp
2913
.Pp
2914
The
2914
The
2915
.Fl k
2915
.Fl k
2916
flag causes keying information for the interface, if available, to be
2916
flag causes keying information for the interface, if available, to be
2917
printed.
2917
printed.
2918
For example, the values of 802.11 WEP keys and
2918
For example, the values of 802.11 WEP keys and
2919
.Xr carp 4
2919
.Xr carp 4
2920
passphrases will be printed, if accessible to the current user.
2920
passphrases will be printed, if accessible to the current user.
2921
This information is not printed by default, as it may be considered
2921
This information is not printed by default, as it may be considered
2922
sensitive.
2922
sensitive.
2923
.Pp
2923
.Pp
2924
If the network interface driver is not present in the kernel then
2924
If the network interface driver is not present in the kernel then
2925
.Nm
2925
.Nm
2926
will attempt to load it.
2926
will attempt to load it.
2927
The
2927
The
2928
.Fl n
2928
.Fl n
2929
flag disables this behavior.
2929
flag disables this behavior.
2930
.Pp
2930
.Pp
2931
Only the super-user may modify the configuration of a network interface.
2931
Only the super-user may modify the configuration of a network interface.
2932
.Sh EXAMPLES
2932
.Sh EXAMPLES
2933
Assign the IPv4 address
2933
Assign the IPv4 address
2934
.Li 192.0.2.10 ,
2934
.Li 192.0.2.10 ,
2935
with a network mask of
2935
with a network mask of
2936
.Li 255.255.255.0 ,
2936
.Li 255.255.255.0 ,
2937
to the interface
2937
to the interface
2938
.Li em0 :
2938
.Li em0 :
2939
.Dl # ifconfig em0 inet 192.0.2.10 netmask 255.255.255.0
2939
.Dl # ifconfig em0 inet 192.0.2.10 netmask 255.255.255.0
2940
.Pp
2940
.Pp
2941
Add the IPv4 address
2941
Add the IPv4 address
2942
.Li 192.0.2.45 ,
2942
.Li 192.0.2.45 ,
2943
with the CIDR network prefix
2943
with the CIDR network prefix
2944
.Li /28 ,
2944
.Li /28 ,
2945
to the interface
2945
to the interface
2946
.Li em0 ,
2946
.Li em0 ,
2947
using
2947
using
2948
.Cm add
2948
.Cm add
2949
as a synonym for the canonical form of the option
2949
as a synonym for the canonical form of the option
2950
.Cm alias :
2950
.Cm alias :
2951
.Dl # ifconfig em0 inet 192.0.2.45/28 add
2951
.Dl # ifconfig em0 inet 192.0.2.45/28 add
2952
.Pp
2952
.Pp
2953
Remove the IPv4 address
2953
Remove the IPv4 address
2954
.Li 192.0.2.45
2954
.Li 192.0.2.45
2955
from the interface
2955
from the interface
2956
.Li em0 :
2956
.Li em0 :
2957
.Dl # ifconfig em0 inet 192.0.2.45 -alias
2957
.Dl # ifconfig em0 inet 192.0.2.45 -alias
2958
.Pp
2958
.Pp
2959
Enable IPv6 functionality of the interface:
2959
Enable IPv6 functionality of the interface:
2960
.Dl # ifconfig em0 inet6 -ifdisabled
2960
.Dl # ifconfig em0 inet6 -ifdisabled
2961
.Pp
2961
.Pp
2962
Add the IPv6 address
2962
Add the IPv6 address
2963
.Li 2001:DB8:DBDB::123/48
2963
.Li 2001:DB8:DBDB::123/48
2964
to the interface
2964
to the interface
2965
.Li em0 :
2965
.Li em0 :
2966
.Dl # ifconfig em0 inet6 2001:db8:bdbd::123 prefixlen 48 alias
2966
.Dl # ifconfig em0 inet6 2001:db8:bdbd::123 prefixlen 48 alias
2967
Note that lower case hexadecimal IPv6 addresses are acceptable.
2967
Note that lower case hexadecimal IPv6 addresses are acceptable.
2968
.Pp
2968
.Pp
2969
Remove the IPv6 address added in the above example,
2969
Remove the IPv6 address added in the above example,
2970
using the
2970
using the
2971
.Li /
2971
.Li /
2972
character as shorthand for the network prefix,
2972
character as shorthand for the network prefix,
2973
and using
2973
and using
2974
.Cm delete
2974
.Cm delete
2975
as a synonym for the canonical form of the option
2975
as a synonym for the canonical form of the option
2976
.Fl alias :
2976
.Fl alias :
2977
.Dl # ifconfig em0 inet6 2001:db8:bdbd::123/48 delete
2977
.Dl # ifconfig em0 inet6 2001:db8:bdbd::123/48 delete
2978
.Pp
2978
.Pp
2979
Configure a single CARP redundant address on igb0, and then switch it
2979
Configure a single CARP redundant address on igb0, and then switch it
2980
to be master:
2980
to be master:
2981
.Dl # ifconfig igb0 vhid 1 10.0.0.1/24 pass foobar up
2981
.Dl # ifconfig igb0 vhid 1 10.0.0.1/24 pass foobar up
2982
.Dl # ifconfig igb0 vhid 1 state master
2982
.Dl # ifconfig igb0 vhid 1 state master
2983
.Pp
2983
.Pp
2984
Configure the interface
2984
Configure the interface
2985
.Li xl0 ,
2985
.Li xl0 ,
2986
to use 100baseTX, full duplex Ethernet media options:
2986
to use 100baseTX, full duplex Ethernet media options:
2987
.Dl # ifconfig xl0 media 100baseTX mediaopt full-duplex
2987
.Dl # ifconfig xl0 media 100baseTX mediaopt full-duplex
2988
.Pp
2988
.Pp
2989
Label the em0 interface as an uplink:
2989
Label the em0 interface as an uplink:
2990
.Dl # ifconfig em0 description \&"Uplink to Gigabit Switch 2\&"
2990
.Dl # ifconfig em0 description \&"Uplink to Gigabit Switch 2\&"
2991
.Pp
2991
.Pp
2992
Create the software network interface
2992
Create the software network interface
2993
.Li gif1 :
2993
.Li gif1 :
2994
.Dl # ifconfig gif1 create
2994
.Dl # ifconfig gif1 create
2995
.Pp
2995
.Pp
2996
Destroy the software network interface
2996
Destroy the software network interface
2997
.Li gif1 :
2997
.Li gif1 :
2998
.Dl # ifconfig gif1 destroy
2998
.Dl # ifconfig gif1 destroy
2999
.Pp
2999
.Pp
3000
Display available wireless networks using
3000
Display available wireless networks using
3001
.Li wlan0 :
3001
.Li wlan0 :
3002
.Dl # ifconfig wlan0 list scan
3002
.Dl # ifconfig wlan0 list scan
3003
.Pp
3003
.Pp
3004
Display inet and inet6 address subnet masks in CIDR notation
3004
Display inet and inet6 address subnet masks in CIDR notation
3005
.Dl # ifconfig -f inet:cidr,inet6:cidr
3005
.Dl # ifconfig -f inet:cidr,inet6:cidr
3006
.Sh DIAGNOSTICS
3006
.Sh DIAGNOSTICS
3007
Messages indicating the specified interface does not exist, the
3007
Messages indicating the specified interface does not exist, the
3008
requested address is unknown, or the user is not privileged and
3008
requested address is unknown, or the user is not privileged and
3009
tried to alter an interface's configuration.
3009
tried to alter an interface's configuration.
3010
.Sh SEE ALSO
3010
.Sh SEE ALSO
3011
.Xr netstat 1 ,
3011
.Xr netstat 1 ,
3012
.Xr carp 4 ,
3012
.Xr carp 4 ,
3013
.Xr gif 4 ,
3013
.Xr gif 4 ,
3014
.Xr netintro 4 ,
3014
.Xr netintro 4 ,
3015
.Xr pfsync 4 ,
3015
.Xr pfsync 4 ,
3016
.Xr polling 4 ,
3016
.Xr polling 4 ,
3017
.Xr vlan 4 ,
3017
.Xr vlan 4 ,
3018
.Xr vxlan 4 ,
3018
.Xr vxlan 4 ,
3019
.Xr devd.conf 5 ,
3019
.Xr devd.conf 5 ,
3020
.\" .Xr eon 5 ,
3020
.\" .Xr eon 5 ,
3021
.Xr devd 8 ,
3021
.Xr devd 8 ,
3022
.Xr jail 8 ,
3022
.Xr jail 8 ,
3023
.Xr rc 8 ,
3023
.Xr rc 8 ,
3024
.Xr routed 8 ,
3024
.Xr routed 8 ,
3025
.Xr sysctl 8
3025
.Xr sysctl 8
3026
.Sh HISTORY
3026
.Sh HISTORY
3027
The
3027
The
3028
.Nm
3028
.Nm
3029
utility appeared in
3029
utility appeared in
3030
.Bx 4.2 .
3030
.Bx 4.2 .
3031
.Sh BUGS
3031
.Sh BUGS
3032
Basic IPv6 node operation requires a link-local address on each
3032
Basic IPv6 node operation requires a link-local address on each
3033
interface configured for IPv6.
3033
interface configured for IPv6.
3034
Normally, such an address is automatically configured by the
3034
Normally, such an address is automatically configured by the
3035
kernel on each interface added to the system or enabled; this behavior may
3035
kernel on each interface added to the system or enabled; this behavior may
3036
be disabled by setting per-interface flag
3036
be disabled by setting per-interface flag
3037
.Cm -auto_linklocal .
3037
.Cm -auto_linklocal .
3038
The default value of this flag is 1 and can be disabled by using the sysctl
3038
The default value of this flag is 1 and can be disabled by using the sysctl
3039
MIB variable
3039
MIB variable
3040
.Va net.inet6.ip6.auto_linklocal .
3040
.Va net.inet6.ip6.auto_linklocal .
3041
.Pp
3041
.Pp
3042
Do not configure IPv6 addresses with no link-local address by using
3042
Do not configure IPv6 addresses with no link-local address by using
3043
.Nm .
3043
.Nm .
3044
It can result in unexpected behaviors of the kernel.
3044
It can result in unexpected behaviors of the kernel.
(-)sys/netinet/ip_carp.c (-3 / +2 lines)
Lines 1-2303 Link Here
1
/*-
1
/*-
2
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
2
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3
 *
3
 *
4
 * Copyright (c) 2002 Michael Shalayeff.
4
 * Copyright (c) 2002 Michael Shalayeff.
5
 * Copyright (c) 2003 Ryan McBride.
5
 * Copyright (c) 2003 Ryan McBride.
6
 * Copyright (c) 2011 Gleb Smirnoff <glebius@FreeBSD.org>
6
 * Copyright (c) 2011 Gleb Smirnoff <glebius@FreeBSD.org>
7
 * All rights reserved.
7
 * All rights reserved.
8
 *
8
 *
9
 * Redistribution and use in source and binary forms, with or without
9
 * Redistribution and use in source and binary forms, with or without
10
 * modification, are permitted provided that the following conditions
10
 * modification, are permitted provided that the following conditions
11
 * are met:
11
 * are met:
12
 * 1. Redistributions of source code must retain the above copyright
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
13
 *    notice, this list of conditions and the following disclaimer.
14
 * 2. Redistributions in binary form must reproduce the above copyright
14
 * 2. Redistributions in binary form must reproduce the above copyright
15
 *    notice, this list of conditions and the following disclaimer in the
15
 *    notice, this list of conditions and the following disclaimer in the
16
 *    documentation and/or other materials provided with the distribution.
16
 *    documentation and/or other materials provided with the distribution.
17
 *
17
 *
18
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21
 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
21
 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
22
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
23
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24
 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24
 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
27
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28
 * THE POSSIBILITY OF SUCH DAMAGE.
28
 * THE POSSIBILITY OF SUCH DAMAGE.
29
 */
29
 */
30
30
31
#include <sys/cdefs.h>
31
#include <sys/cdefs.h>
32
__FBSDID("$FreeBSD$");
32
__FBSDID("$FreeBSD$");
33
33
34
#include "opt_bpf.h"
34
#include "opt_bpf.h"
35
#include "opt_inet.h"
35
#include "opt_inet.h"
36
#include "opt_inet6.h"
36
#include "opt_inet6.h"
37
37
38
#include <sys/param.h>
38
#include <sys/param.h>
39
#include <sys/systm.h>
39
#include <sys/systm.h>
40
#include <sys/bus.h>
40
#include <sys/bus.h>
41
#include <sys/jail.h>
41
#include <sys/jail.h>
42
#include <sys/kernel.h>
42
#include <sys/kernel.h>
43
#include <sys/limits.h>
43
#include <sys/limits.h>
44
#include <sys/malloc.h>
44
#include <sys/malloc.h>
45
#include <sys/mbuf.h>
45
#include <sys/mbuf.h>
46
#include <sys/module.h>
46
#include <sys/module.h>
47
#include <sys/priv.h>
47
#include <sys/priv.h>
48
#include <sys/proc.h>
48
#include <sys/proc.h>
49
#include <sys/protosw.h>
49
#include <sys/protosw.h>
50
#include <sys/socket.h>
50
#include <sys/socket.h>
51
#include <sys/sockio.h>
51
#include <sys/sockio.h>
52
#include <sys/sysctl.h>
52
#include <sys/sysctl.h>
53
#include <sys/syslog.h>
53
#include <sys/syslog.h>
54
#include <sys/taskqueue.h>
54
#include <sys/taskqueue.h>
55
#include <sys/counter.h>
55
#include <sys/counter.h>
56
56
57
#include <net/ethernet.h>
57
#include <net/ethernet.h>
58
#include <net/if.h>
58
#include <net/if.h>
59
#include <net/if_var.h>
59
#include <net/if_var.h>
60
#include <net/if_dl.h>
60
#include <net/if_dl.h>
61
#include <net/if_llatbl.h>
61
#include <net/if_llatbl.h>
62
#include <net/if_types.h>
62
#include <net/if_types.h>
63
#include <net/route.h>
63
#include <net/route.h>
64
#include <net/vnet.h>
64
#include <net/vnet.h>
65
65
66
#if defined(INET) || defined(INET6)
66
#if defined(INET) || defined(INET6)
67
#include <netinet/in.h>
67
#include <netinet/in.h>
68
#include <netinet/in_var.h>
68
#include <netinet/in_var.h>
69
#include <netinet/ip_carp.h>
69
#include <netinet/ip_carp.h>
70
#include <netinet/ip.h>
70
#include <netinet/ip.h>
71
#include <machine/in_cksum.h>
71
#include <machine/in_cksum.h>
72
#endif
72
#endif
73
#ifdef INET
73
#ifdef INET
74
#include <netinet/ip_var.h>
74
#include <netinet/ip_var.h>
75
#include <netinet/if_ether.h>
75
#include <netinet/if_ether.h>
76
#endif
76
#endif
77
77
78
#ifdef INET6
78
#ifdef INET6
79
#include <netinet/icmp6.h>
79
#include <netinet/icmp6.h>
80
#include <netinet/ip6.h>
80
#include <netinet/ip6.h>
81
#include <netinet6/in6_var.h>
81
#include <netinet6/in6_var.h>
82
#include <netinet6/ip6_var.h>
82
#include <netinet6/ip6_var.h>
83
#include <netinet6/scope6_var.h>
83
#include <netinet6/scope6_var.h>
84
#include <netinet6/nd6.h>
84
#include <netinet6/nd6.h>
85
#endif
85
#endif
86
86
87
#include <crypto/sha1.h>
87
#include <crypto/sha1.h>
88
88
89
static MALLOC_DEFINE(M_CARP, "CARP", "CARP addresses");
89
static MALLOC_DEFINE(M_CARP, "CARP", "CARP addresses");
90
90
91
struct carp_softc {
91
struct carp_softc {
92
	struct ifnet		*sc_carpdev;	/* Pointer to parent ifnet. */
92
	struct ifnet		*sc_carpdev;	/* Pointer to parent ifnet. */
93
	struct ifaddr		**sc_ifas;	/* Our ifaddrs. */
93
	struct ifaddr		**sc_ifas;	/* Our ifaddrs. */
94
	struct sockaddr_dl	sc_addr;	/* Our link level address. */
94
	struct sockaddr_dl	sc_addr;	/* Our link level address. */
95
	struct callout		sc_ad_tmo;	/* Advertising timeout. */
95
	struct callout		sc_ad_tmo;	/* Advertising timeout. */
96
#ifdef INET
96
#ifdef INET
97
	struct callout		sc_md_tmo;	/* Master down timeout. */
97
	struct callout		sc_md_tmo;	/* Master down timeout. */
98
#endif
98
#endif
99
#ifdef INET6
99
#ifdef INET6
100
	struct callout 		sc_md6_tmo;	/* XXX: Master down timeout. */
100
	struct callout 		sc_md6_tmo;	/* XXX: Master down timeout. */
101
#endif
101
#endif
102
	struct mtx		sc_mtx;
102
	struct mtx		sc_mtx;
103
103
104
	int			sc_vhid;
104
	int			sc_vhid;
105
	int			sc_advskew;
105
	int			sc_advskew;
106
	int			sc_advbase;
106
	int			sc_advbase;
107
107
108
	int			sc_naddrs;
108
	int			sc_naddrs;
109
	int			sc_naddrs6;
109
	int			sc_naddrs6;
110
	int			sc_ifasiz;
110
	int			sc_ifasiz;
111
	enum { INIT = 0, BACKUP, MASTER }	sc_state;
111
	enum { INIT = 0, BACKUP, MASTER }	sc_state;
112
	int			sc_suppress;
112
	int			sc_suppress;
113
	int			sc_sendad_errors;
113
	int			sc_sendad_errors;
114
#define	CARP_SENDAD_MAX_ERRORS	3
114
#define	CARP_SENDAD_MAX_ERRORS	3
115
	int			sc_sendad_success;
115
	int			sc_sendad_success;
116
#define	CARP_SENDAD_MIN_SUCCESS 3
116
#define	CARP_SENDAD_MIN_SUCCESS 3
117
117
118
	int			sc_init_counter;
118
	int			sc_init_counter;
119
	uint64_t		sc_counter;
119
	uint64_t		sc_counter;
120
120
121
	/* authentication */
121
	/* authentication */
122
#define	CARP_HMAC_PAD	64
122
#define	CARP_HMAC_PAD	64
123
	unsigned char sc_key[CARP_KEY_LEN];
123
	unsigned char sc_key[CARP_KEY_LEN];
124
	unsigned char sc_pad[CARP_HMAC_PAD];
124
	unsigned char sc_pad[CARP_HMAC_PAD];
125
	SHA1_CTX sc_sha1;
125
	SHA1_CTX sc_sha1;
126
126
127
	TAILQ_ENTRY(carp_softc)	sc_list;	/* On the carp_if list. */
127
	TAILQ_ENTRY(carp_softc)	sc_list;	/* On the carp_if list. */
128
	LIST_ENTRY(carp_softc)	sc_next;	/* On the global list. */
128
	LIST_ENTRY(carp_softc)	sc_next;	/* On the global list. */
129
};
129
};
130
130
131
struct carp_if {
131
struct carp_if {
132
#ifdef INET
132
#ifdef INET
133
	int	cif_naddrs;
133
	int	cif_naddrs;
134
#endif
134
#endif
135
#ifdef INET6
135
#ifdef INET6
136
	int	cif_naddrs6;
136
	int	cif_naddrs6;
137
#endif
137
#endif
138
	TAILQ_HEAD(, carp_softc) cif_vrs;
138
	TAILQ_HEAD(, carp_softc) cif_vrs;
139
#ifdef INET
139
#ifdef INET
140
	struct ip_moptions 	 cif_imo;
140
	struct ip_moptions 	 cif_imo;
141
#endif
141
#endif
142
#ifdef INET6
142
#ifdef INET6
143
	struct ip6_moptions 	 cif_im6o;
143
	struct ip6_moptions 	 cif_im6o;
144
#endif
144
#endif
145
	struct ifnet	*cif_ifp;
145
	struct ifnet	*cif_ifp;
146
	struct mtx	cif_mtx;
146
	struct mtx	cif_mtx;
147
	uint32_t	cif_flags;
147
	uint32_t	cif_flags;
148
#define	CIF_PROMISC	0x00000001
148
#define	CIF_PROMISC	0x00000001
149
};
149
};
150
150
151
#define	CARP_INET	0
151
#define	CARP_INET	0
152
#define	CARP_INET6	1
152
#define	CARP_INET6	1
153
static int proto_reg[] = {-1, -1};
153
static int proto_reg[] = {-1, -1};
154
154
155
/*
155
/*
156
 * Brief design of carp(4).
156
 * Brief design of carp(4).
157
 *
157
 *
158
 * Any carp-capable ifnet may have a list of carp softcs hanging off
158
 * Any carp-capable ifnet may have a list of carp softcs hanging off
159
 * its ifp->if_carp pointer. Each softc represents one unique virtual
159
 * its ifp->if_carp pointer. Each softc represents one unique virtual
160
 * host id, or vhid. The softc has a back pointer to the ifnet. All
160
 * host id, or vhid. The softc has a back pointer to the ifnet. All
161
 * softcs are joined in a global list, which has quite limited use.
161
 * softcs are joined in a global list, which has quite limited use.
162
 *
162
 *
163
 * Any interface address that takes part in CARP negotiation has a
163
 * Any interface address that takes part in CARP negotiation has a
164
 * pointer to the softc of its vhid, ifa->ifa_carp. That could be either
164
 * pointer to the softc of its vhid, ifa->ifa_carp. That could be either
165
 * AF_INET or AF_INET6 address.
165
 * AF_INET or AF_INET6 address.
166
 *
166
 *
167
 * Although, one can get the softc's backpointer to ifnet and traverse
167
 * Although, one can get the softc's backpointer to ifnet and traverse
168
 * through its ifp->if_addrhead queue to find all interface addresses
168
 * through its ifp->if_addrhead queue to find all interface addresses
169
 * involved in CARP, we keep a growable array of ifaddr pointers. This
169
 * involved in CARP, we keep a growable array of ifaddr pointers. This
170
 * allows us to avoid grabbing the IF_ADDR_LOCK() in many traversals that
170
 * allows us to avoid grabbing the IF_ADDR_LOCK() in many traversals that
171
 * do calls into the network stack, thus avoiding LORs.
171
 * do calls into the network stack, thus avoiding LORs.
172
 *
172
 *
173
 * Locking:
173
 * Locking:
174
 *
174
 *
175
 * Each softc has a lock sc_mtx. It is used to synchronise carp_input_c(),
175
 * Each softc has a lock sc_mtx. It is used to synchronise carp_input_c(),
176
 * callout-driven events and ioctl()s.
176
 * callout-driven events and ioctl()s.
177
 *
177
 *
178
 * To traverse the list of softcs on an ifnet we use CIF_LOCK() or carp_sx.
178
 * To traverse the list of softcs on an ifnet we use CIF_LOCK() or carp_sx.
179
 * To traverse the global list we use the mutex carp_mtx.
179
 * To traverse the global list we use the mutex carp_mtx.
180
 *
180
 *
181
 * Known issues with locking:
181
 * Known issues with locking:
182
 *
182
 *
183
 * - Sending ad, we put the pointer to the softc in an mtag, and no reference
183
 * - Sending ad, we put the pointer to the softc in an mtag, and no reference
184
 *   counting is done on the softc.
184
 *   counting is done on the softc.
185
 * - On module unload we may race (?) with packet processing thread
185
 * - On module unload we may race (?) with packet processing thread
186
 *   dereferencing our function pointers.
186
 *   dereferencing our function pointers.
187
 */
187
 */
188
188
189
/* Accept incoming CARP packets. */
189
/* Accept incoming CARP packets. */
190
VNET_DEFINE_STATIC(int, carp_allow) = 1;
190
VNET_DEFINE_STATIC(int, carp_allow) = 1;
191
#define	V_carp_allow	VNET(carp_allow)
191
#define	V_carp_allow	VNET(carp_allow)
192
192
193
/* Set DSCP in outgoing CARP packets. */
193
/* Set DSCP in outgoing CARP packets. */
194
VNET_DEFINE_STATIC(int, carp_dscp) = 56;
194
VNET_DEFINE_STATIC(int, carp_dscp) = 56;
195
#define	V_carp_dscp	VNET(carp_dscp)
195
#define	V_carp_dscp	VNET(carp_dscp)
196
196
197
/* Preempt slower nodes. */
197
/* Preempt slower nodes. */
198
VNET_DEFINE_STATIC(int, carp_preempt) = 0;
198
VNET_DEFINE_STATIC(int, carp_preempt) = 0;
199
#define	V_carp_preempt	VNET(carp_preempt)
199
#define	V_carp_preempt	VNET(carp_preempt)
200
200
201
/* Log level. */
201
/* Log level. */
202
VNET_DEFINE_STATIC(int, carp_log) = 1;
202
VNET_DEFINE_STATIC(int, carp_log) = 1;
203
#define	V_carp_log	VNET(carp_log)
203
#define	V_carp_log	VNET(carp_log)
204
204
205
/* Global advskew demotion. */
205
/* Global advskew demotion. */
206
VNET_DEFINE_STATIC(int, carp_demotion) = 0;
206
VNET_DEFINE_STATIC(int, carp_demotion) = 0;
207
#define	V_carp_demotion	VNET(carp_demotion)
207
#define	V_carp_demotion	VNET(carp_demotion)
208
208
209
/* Send error demotion factor. */
209
/* Send error demotion factor. */
210
VNET_DEFINE_STATIC(int, carp_senderr_adj) = CARP_MAXSKEW;
210
VNET_DEFINE_STATIC(int, carp_senderr_adj) = CARP_MAXSKEW;
211
#define	V_carp_senderr_adj	VNET(carp_senderr_adj)
211
#define	V_carp_senderr_adj	VNET(carp_senderr_adj)
212
212
213
/* Iface down demotion factor. */
213
/* Iface down demotion factor. */
214
VNET_DEFINE_STATIC(int, carp_ifdown_adj) = CARP_MAXSKEW;
214
VNET_DEFINE_STATIC(int, carp_ifdown_adj) = CARP_MAXSKEW;
215
#define	V_carp_ifdown_adj	VNET(carp_ifdown_adj)
215
#define	V_carp_ifdown_adj	VNET(carp_ifdown_adj)
216
216
217
static int carp_allow_sysctl(SYSCTL_HANDLER_ARGS);
217
static int carp_allow_sysctl(SYSCTL_HANDLER_ARGS);
218
static int carp_dscp_sysctl(SYSCTL_HANDLER_ARGS);
218
static int carp_dscp_sysctl(SYSCTL_HANDLER_ARGS);
219
static int carp_demote_adj_sysctl(SYSCTL_HANDLER_ARGS);
219
static int carp_demote_adj_sysctl(SYSCTL_HANDLER_ARGS);
220
220
221
SYSCTL_NODE(_net_inet, IPPROTO_CARP,	carp,	CTLFLAG_RW, 0,	"CARP");
221
SYSCTL_NODE(_net_inet, IPPROTO_CARP,	carp,	CTLFLAG_RW, 0,	"CARP");
222
SYSCTL_PROC(_net_inet_carp, OID_AUTO, allow,
222
SYSCTL_PROC(_net_inet_carp, OID_AUTO, allow,
223
    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW, 0, 0, carp_allow_sysctl, "I",
223
    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW, 0, 0, carp_allow_sysctl, "I",
224
    "Accept incoming CARP packets");
224
    "Accept incoming CARP packets");
225
SYSCTL_PROC(_net_inet_carp, OID_AUTO, dscp,
225
SYSCTL_PROC(_net_inet_carp, OID_AUTO, dscp,
226
    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW, 0, 0, carp_dscp_sysctl, "I",
226
    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW, 0, 0, carp_dscp_sysctl, "I",
227
    "DSCP value for carp packets");
227
    "DSCP value for carp packets");
228
SYSCTL_INT(_net_inet_carp, OID_AUTO, preempt, CTLFLAG_VNET | CTLFLAG_RW,
228
SYSCTL_INT(_net_inet_carp, OID_AUTO, preempt, CTLFLAG_VNET | CTLFLAG_RW,
229
    &VNET_NAME(carp_preempt), 0, "High-priority backup preemption mode");
229
    &VNET_NAME(carp_preempt), 0, "High-priority backup preemption mode");
230
SYSCTL_INT(_net_inet_carp, OID_AUTO, log, CTLFLAG_VNET | CTLFLAG_RW,
230
SYSCTL_INT(_net_inet_carp, OID_AUTO, log, CTLFLAG_VNET | CTLFLAG_RW,
231
    &VNET_NAME(carp_log), 0, "CARP log level");
231
    &VNET_NAME(carp_log), 0, "CARP log level");
232
SYSCTL_PROC(_net_inet_carp, OID_AUTO, demotion,
232
SYSCTL_PROC(_net_inet_carp, OID_AUTO, demotion,
233
    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
233
    CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
234
    0, 0, carp_demote_adj_sysctl, "I",
234
    0, 0, carp_demote_adj_sysctl, "I",
235
    "Adjust demotion factor (skew of advskew)");
235
    "Adjust demotion factor (skew of advskew)");
236
SYSCTL_INT(_net_inet_carp, OID_AUTO, senderr_demotion_factor,
236
SYSCTL_INT(_net_inet_carp, OID_AUTO, senderr_demotion_factor,
237
    CTLFLAG_VNET | CTLFLAG_RW,
237
    CTLFLAG_VNET | CTLFLAG_RW,
238
    &VNET_NAME(carp_senderr_adj), 0, "Send error demotion factor adjustment");
238
    &VNET_NAME(carp_senderr_adj), 0, "Send error demotion factor adjustment");
239
SYSCTL_INT(_net_inet_carp, OID_AUTO, ifdown_demotion_factor,
239
SYSCTL_INT(_net_inet_carp, OID_AUTO, ifdown_demotion_factor,
240
    CTLFLAG_VNET | CTLFLAG_RW,
240
    CTLFLAG_VNET | CTLFLAG_RW,
241
    &VNET_NAME(carp_ifdown_adj), 0,
241
    &VNET_NAME(carp_ifdown_adj), 0,
242
    "Interface down demotion factor adjustment");
242
    "Interface down demotion factor adjustment");
243
243
244
VNET_PCPUSTAT_DEFINE(struct carpstats, carpstats);
244
VNET_PCPUSTAT_DEFINE(struct carpstats, carpstats);
245
VNET_PCPUSTAT_SYSINIT(carpstats);
245
VNET_PCPUSTAT_SYSINIT(carpstats);
246
VNET_PCPUSTAT_SYSUNINIT(carpstats);
246
VNET_PCPUSTAT_SYSUNINIT(carpstats);
247
247
248
#define	CARPSTATS_ADD(name, val)	\
248
#define	CARPSTATS_ADD(name, val)	\
249
    counter_u64_add(VNET(carpstats)[offsetof(struct carpstats, name) / \
249
    counter_u64_add(VNET(carpstats)[offsetof(struct carpstats, name) / \
250
	sizeof(uint64_t)], (val))
250
	sizeof(uint64_t)], (val))
251
#define	CARPSTATS_INC(name)		CARPSTATS_ADD(name, 1)
251
#define	CARPSTATS_INC(name)		CARPSTATS_ADD(name, 1)
252
252
253
SYSCTL_VNET_PCPUSTAT(_net_inet_carp, OID_AUTO, stats, struct carpstats,
253
SYSCTL_VNET_PCPUSTAT(_net_inet_carp, OID_AUTO, stats, struct carpstats,
254
    carpstats, "CARP statistics (struct carpstats, netinet/ip_carp.h)");
254
    carpstats, "CARP statistics (struct carpstats, netinet/ip_carp.h)");
255
255
256
#define	CARP_LOCK_INIT(sc)	mtx_init(&(sc)->sc_mtx, "carp_softc",   \
256
#define	CARP_LOCK_INIT(sc)	mtx_init(&(sc)->sc_mtx, "carp_softc",   \
257
	NULL, MTX_DEF)
257
	NULL, MTX_DEF)
258
#define	CARP_LOCK_DESTROY(sc)	mtx_destroy(&(sc)->sc_mtx)
258
#define	CARP_LOCK_DESTROY(sc)	mtx_destroy(&(sc)->sc_mtx)
259
#define	CARP_LOCK_ASSERT(sc)	mtx_assert(&(sc)->sc_mtx, MA_OWNED)
259
#define	CARP_LOCK_ASSERT(sc)	mtx_assert(&(sc)->sc_mtx, MA_OWNED)
260
#define	CARP_LOCK(sc)		mtx_lock(&(sc)->sc_mtx)
260
#define	CARP_LOCK(sc)		mtx_lock(&(sc)->sc_mtx)
261
#define	CARP_UNLOCK(sc)		mtx_unlock(&(sc)->sc_mtx)
261
#define	CARP_UNLOCK(sc)		mtx_unlock(&(sc)->sc_mtx)
262
#define	CIF_LOCK_INIT(cif)	mtx_init(&(cif)->cif_mtx, "carp_if",   \
262
#define	CIF_LOCK_INIT(cif)	mtx_init(&(cif)->cif_mtx, "carp_if",   \
263
	NULL, MTX_DEF)
263
	NULL, MTX_DEF)
264
#define	CIF_LOCK_DESTROY(cif)	mtx_destroy(&(cif)->cif_mtx)
264
#define	CIF_LOCK_DESTROY(cif)	mtx_destroy(&(cif)->cif_mtx)
265
#define	CIF_LOCK_ASSERT(cif)	mtx_assert(&(cif)->cif_mtx, MA_OWNED)
265
#define	CIF_LOCK_ASSERT(cif)	mtx_assert(&(cif)->cif_mtx, MA_OWNED)
266
#define	CIF_LOCK(cif)		mtx_lock(&(cif)->cif_mtx)
266
#define	CIF_LOCK(cif)		mtx_lock(&(cif)->cif_mtx)
267
#define	CIF_UNLOCK(cif)		mtx_unlock(&(cif)->cif_mtx)
267
#define	CIF_UNLOCK(cif)		mtx_unlock(&(cif)->cif_mtx)
268
#define	CIF_FREE(cif)	do {				\
268
#define	CIF_FREE(cif)	do {				\
269
		CIF_LOCK(cif);				\
269
		CIF_LOCK(cif);				\
270
		if (TAILQ_EMPTY(&(cif)->cif_vrs))	\
270
		if (TAILQ_EMPTY(&(cif)->cif_vrs))	\
271
			carp_free_if(cif);		\
271
			carp_free_if(cif);		\
272
		else					\
272
		else					\
273
			CIF_UNLOCK(cif);		\
273
			CIF_UNLOCK(cif);		\
274
} while (0)
274
} while (0)
275
275
276
#define	CARP_LOG(...)	do {				\
276
#define	CARP_LOG(...)	do {				\
277
	if (V_carp_log > 0)				\
277
	if (V_carp_log > 0)				\
278
		log(LOG_INFO, "carp: " __VA_ARGS__);	\
278
		log(LOG_INFO, "carp: " __VA_ARGS__);	\
279
} while (0)
279
} while (0)
280
280
281
#define	CARP_DEBUG(...)	do {				\
281
#define	CARP_DEBUG(...)	do {				\
282
	if (V_carp_log > 1)				\
282
	if (V_carp_log > 1)				\
283
		log(LOG_DEBUG, __VA_ARGS__);		\
283
		log(LOG_DEBUG, __VA_ARGS__);		\
284
} while (0)
284
} while (0)
285
285
286
#define	IFNET_FOREACH_IFA(ifp, ifa)					\
286
#define	IFNET_FOREACH_IFA(ifp, ifa)					\
287
	CK_STAILQ_FOREACH((ifa), &(ifp)->if_addrhead, ifa_link)	\
287
	CK_STAILQ_FOREACH((ifa), &(ifp)->if_addrhead, ifa_link)	\
288
		if ((ifa)->ifa_carp != NULL)
288
		if ((ifa)->ifa_carp != NULL)
289
289
290
#define	CARP_FOREACH_IFA(sc, ifa)					\
290
#define	CARP_FOREACH_IFA(sc, ifa)					\
291
	CARP_LOCK_ASSERT(sc);						\
291
	CARP_LOCK_ASSERT(sc);						\
292
	for (int _i = 0;						\
292
	for (int _i = 0;						\
293
		_i < (sc)->sc_naddrs + (sc)->sc_naddrs6 &&		\
293
		_i < (sc)->sc_naddrs + (sc)->sc_naddrs6 &&		\
294
		((ifa) = sc->sc_ifas[_i]) != NULL;			\
294
		((ifa) = sc->sc_ifas[_i]) != NULL;			\
295
		++_i)
295
		++_i)
296
296
297
#define	IFNET_FOREACH_CARP(ifp, sc)					\
297
#define	IFNET_FOREACH_CARP(ifp, sc)					\
298
	KASSERT(mtx_owned(&ifp->if_carp->cif_mtx) ||			\
298
	KASSERT(mtx_owned(&ifp->if_carp->cif_mtx) ||			\
299
	    sx_xlocked(&carp_sx), ("cif_vrs not locked"));		\
299
	    sx_xlocked(&carp_sx), ("cif_vrs not locked"));		\
300
	TAILQ_FOREACH((sc), &(ifp)->if_carp->cif_vrs, sc_list)
300
	TAILQ_FOREACH((sc), &(ifp)->if_carp->cif_vrs, sc_list)
301
301
302
#define	DEMOTE_ADVSKEW(sc)					\
302
#define	DEMOTE_ADVSKEW(sc)					\
303
    (((sc)->sc_advskew + V_carp_demotion > CARP_MAXSKEW) ?	\
303
    (((sc)->sc_advskew + V_carp_demotion > CARP_MAXSKEW) ?	\
304
    CARP_MAXSKEW : ((sc)->sc_advskew + V_carp_demotion))
304
    CARP_MAXSKEW : ((sc)->sc_advskew + V_carp_demotion))
305
305
306
static void	carp_input_c(struct mbuf *, struct carp_header *, sa_family_t);
306
static void	carp_input_c(struct mbuf *, struct carp_header *, sa_family_t);
307
static struct carp_softc
307
static struct carp_softc
308
		*carp_alloc(struct ifnet *);
308
		*carp_alloc(struct ifnet *);
309
static void	carp_destroy(struct carp_softc *);
309
static void	carp_destroy(struct carp_softc *);
310
static struct carp_if
310
static struct carp_if
311
		*carp_alloc_if(struct ifnet *);
311
		*carp_alloc_if(struct ifnet *);
312
static void	carp_free_if(struct carp_if *);
312
static void	carp_free_if(struct carp_if *);
313
static void	carp_set_state(struct carp_softc *, int, const char* reason);
313
static void	carp_set_state(struct carp_softc *, int, const char* reason);
314
static void	carp_sc_state(struct carp_softc *);
314
static void	carp_sc_state(struct carp_softc *);
315
static void	carp_setrun(struct carp_softc *, sa_family_t);
315
static void	carp_setrun(struct carp_softc *, sa_family_t);
316
static void	carp_master_down(void *);
316
static void	carp_master_down(void *);
317
static void	carp_master_down_locked(struct carp_softc *,
317
static void	carp_master_down_locked(struct carp_softc *,
318
    		    const char* reason);
318
    		    const char* reason);
319
static void	carp_send_ad(void *);
319
static void	carp_send_ad(void *);
320
static void	carp_send_ad_locked(struct carp_softc *);
320
static void	carp_send_ad_locked(struct carp_softc *);
321
static void	carp_addroute(struct carp_softc *);
321
static void	carp_addroute(struct carp_softc *);
322
static void	carp_ifa_addroute(struct ifaddr *);
322
static void	carp_ifa_addroute(struct ifaddr *);
323
static void	carp_delroute(struct carp_softc *);
323
static void	carp_delroute(struct carp_softc *);
324
static void	carp_ifa_delroute(struct ifaddr *);
324
static void	carp_ifa_delroute(struct ifaddr *);
325
static void	carp_send_ad_all(void *, int);
325
static void	carp_send_ad_all(void *, int);
326
static void	carp_demote_adj(int, char *);
326
static void	carp_demote_adj(int, char *);
327
327
328
static LIST_HEAD(, carp_softc) carp_list;
328
static LIST_HEAD(, carp_softc) carp_list;
329
static struct mtx carp_mtx;
329
static struct mtx carp_mtx;
330
static struct sx carp_sx;
330
static struct sx carp_sx;
331
static struct task carp_sendall_task =
331
static struct task carp_sendall_task =
332
    TASK_INITIALIZER(0, carp_send_ad_all, NULL);
332
    TASK_INITIALIZER(0, carp_send_ad_all, NULL);
333
333
334
static void
334
static void
335
carp_hmac_prepare(struct carp_softc *sc)
335
carp_hmac_prepare(struct carp_softc *sc)
336
{
336
{
337
	uint8_t version = CARP_VERSION, type = CARP_ADVERTISEMENT;
337
	uint8_t version = CARP_VERSION, type = CARP_ADVERTISEMENT;
338
	uint8_t vhid = sc->sc_vhid & 0xff;
338
	uint8_t vhid = sc->sc_vhid & 0xff;
339
	struct ifaddr *ifa;
339
	struct ifaddr *ifa;
340
	int i, found;
340
	int i, found;
341
#ifdef INET
341
#ifdef INET
342
	struct in_addr last, cur, in;
342
	struct in_addr last, cur, in;
343
#endif
343
#endif
344
#ifdef INET6
344
#ifdef INET6
345
	struct in6_addr last6, cur6, in6;
345
	struct in6_addr last6, cur6, in6;
346
#endif
346
#endif
347
347
348
	CARP_LOCK_ASSERT(sc);
348
	CARP_LOCK_ASSERT(sc);
349
349
350
	/* Compute ipad from key. */
350
	/* Compute ipad from key. */
351
	bzero(sc->sc_pad, sizeof(sc->sc_pad));
351
	bzero(sc->sc_pad, sizeof(sc->sc_pad));
352
	bcopy(sc->sc_key, sc->sc_pad, sizeof(sc->sc_key));
352
	bcopy(sc->sc_key, sc->sc_pad, sizeof(sc->sc_key));
353
	for (i = 0; i < sizeof(sc->sc_pad); i++)
353
	for (i = 0; i < sizeof(sc->sc_pad); i++)
354
		sc->sc_pad[i] ^= 0x36;
354
		sc->sc_pad[i] ^= 0x36;
355
355
356
	/* Precompute first part of inner hash. */
356
	/* Precompute first part of inner hash. */
357
	SHA1Init(&sc->sc_sha1);
357
	SHA1Init(&sc->sc_sha1);
358
	SHA1Update(&sc->sc_sha1, sc->sc_pad, sizeof(sc->sc_pad));
358
	SHA1Update(&sc->sc_sha1, sc->sc_pad, sizeof(sc->sc_pad));
359
	SHA1Update(&sc->sc_sha1, (void *)&version, sizeof(version));
359
	SHA1Update(&sc->sc_sha1, (void *)&version, sizeof(version));
360
	SHA1Update(&sc->sc_sha1, (void *)&type, sizeof(type));
360
	SHA1Update(&sc->sc_sha1, (void *)&type, sizeof(type));
361
	SHA1Update(&sc->sc_sha1, (void *)&vhid, sizeof(vhid));
361
	SHA1Update(&sc->sc_sha1, (void *)&vhid, sizeof(vhid));
362
#ifdef INET
362
#ifdef INET
363
	cur.s_addr = 0;
363
	cur.s_addr = 0;
364
	do {
364
	do {
365
		found = 0;
365
		found = 0;
366
		last = cur;
366
		last = cur;
367
		cur.s_addr = 0xffffffff;
367
		cur.s_addr = 0xffffffff;
368
		CARP_FOREACH_IFA(sc, ifa) {
368
		CARP_FOREACH_IFA(sc, ifa) {
369
			in.s_addr = ifatoia(ifa)->ia_addr.sin_addr.s_addr;
369
			in.s_addr = ifatoia(ifa)->ia_addr.sin_addr.s_addr;
370
			if (ifa->ifa_addr->sa_family == AF_INET &&
370
			if (ifa->ifa_addr->sa_family == AF_INET &&
371
			    ntohl(in.s_addr) > ntohl(last.s_addr) &&
371
			    ntohl(in.s_addr) > ntohl(last.s_addr) &&
372
			    ntohl(in.s_addr) < ntohl(cur.s_addr)) {
372
			    ntohl(in.s_addr) < ntohl(cur.s_addr)) {
373
				cur.s_addr = in.s_addr;
373
				cur.s_addr = in.s_addr;
374
				found++;
374
				found++;
375
			}
375
			}
376
		}
376
		}
377
		if (found)
377
		if (found)
378
			SHA1Update(&sc->sc_sha1, (void *)&cur, sizeof(cur));
378
			SHA1Update(&sc->sc_sha1, (void *)&cur, sizeof(cur));
379
	} while (found);
379
	} while (found);
380
#endif /* INET */
380
#endif /* INET */
381
#ifdef INET6
381
#ifdef INET6
382
	memset(&cur6, 0, sizeof(cur6));
382
	memset(&cur6, 0, sizeof(cur6));
383
	do {
383
	do {
384
		found = 0;
384
		found = 0;
385
		last6 = cur6;
385
		last6 = cur6;
386
		memset(&cur6, 0xff, sizeof(cur6));
386
		memset(&cur6, 0xff, sizeof(cur6));
387
		CARP_FOREACH_IFA(sc, ifa) {
387
		CARP_FOREACH_IFA(sc, ifa) {
388
			in6 = ifatoia6(ifa)->ia_addr.sin6_addr;
388
			in6 = ifatoia6(ifa)->ia_addr.sin6_addr;
389
			if (IN6_IS_SCOPE_EMBED(&in6))
389
			if (IN6_IS_SCOPE_EMBED(&in6))
390
				in6.s6_addr16[1] = 0;
390
				in6.s6_addr16[1] = 0;
391
			if (ifa->ifa_addr->sa_family == AF_INET6 &&
391
			if (ifa->ifa_addr->sa_family == AF_INET6 &&
392
			    memcmp(&in6, &last6, sizeof(in6)) > 0 &&
392
			    memcmp(&in6, &last6, sizeof(in6)) > 0 &&
393
			    memcmp(&in6, &cur6, sizeof(in6)) < 0) {
393
			    memcmp(&in6, &cur6, sizeof(in6)) < 0) {
394
				cur6 = in6;
394
				cur6 = in6;
395
				found++;
395
				found++;
396
			}
396
			}
397
		}
397
		}
398
		if (found)
398
		if (found)
399
			SHA1Update(&sc->sc_sha1, (void *)&cur6, sizeof(cur6));
399
			SHA1Update(&sc->sc_sha1, (void *)&cur6, sizeof(cur6));
400
	} while (found);
400
	} while (found);
401
#endif /* INET6 */
401
#endif /* INET6 */
402
402
403
	/* convert ipad to opad */
403
	/* convert ipad to opad */
404
	for (i = 0; i < sizeof(sc->sc_pad); i++)
404
	for (i = 0; i < sizeof(sc->sc_pad); i++)
405
		sc->sc_pad[i] ^= 0x36 ^ 0x5c;
405
		sc->sc_pad[i] ^= 0x36 ^ 0x5c;
406
}
406
}
407
407
408
static void
408
static void
409
carp_hmac_generate(struct carp_softc *sc, uint32_t counter[2],
409
carp_hmac_generate(struct carp_softc *sc, uint32_t counter[2],
410
    unsigned char md[20])
410
    unsigned char md[20])
411
{
411
{
412
	SHA1_CTX sha1ctx;
412
	SHA1_CTX sha1ctx;
413
413
414
	CARP_LOCK_ASSERT(sc);
414
	CARP_LOCK_ASSERT(sc);
415
415
416
	/* fetch first half of inner hash */
416
	/* fetch first half of inner hash */
417
	bcopy(&sc->sc_sha1, &sha1ctx, sizeof(sha1ctx));
417
	bcopy(&sc->sc_sha1, &sha1ctx, sizeof(sha1ctx));
418
418
419
	SHA1Update(&sha1ctx, (void *)counter, sizeof(sc->sc_counter));
419
	SHA1Update(&sha1ctx, (void *)counter, sizeof(sc->sc_counter));
420
	SHA1Final(md, &sha1ctx);
420
	SHA1Final(md, &sha1ctx);
421
421
422
	/* outer hash */
422
	/* outer hash */
423
	SHA1Init(&sha1ctx);
423
	SHA1Init(&sha1ctx);
424
	SHA1Update(&sha1ctx, sc->sc_pad, sizeof(sc->sc_pad));
424
	SHA1Update(&sha1ctx, sc->sc_pad, sizeof(sc->sc_pad));
425
	SHA1Update(&sha1ctx, md, 20);
425
	SHA1Update(&sha1ctx, md, 20);
426
	SHA1Final(md, &sha1ctx);
426
	SHA1Final(md, &sha1ctx);
427
}
427
}
428
428
429
static int
429
static int
430
carp_hmac_verify(struct carp_softc *sc, uint32_t counter[2],
430
carp_hmac_verify(struct carp_softc *sc, uint32_t counter[2],
431
    unsigned char md[20])
431
    unsigned char md[20])
432
{
432
{
433
	unsigned char md2[20];
433
	unsigned char md2[20];
434
434
435
	CARP_LOCK_ASSERT(sc);
435
	CARP_LOCK_ASSERT(sc);
436
436
437
	carp_hmac_generate(sc, counter, md2);
437
	carp_hmac_generate(sc, counter, md2);
438
438
439
	return (bcmp(md, md2, sizeof(md2)));
439
	return (bcmp(md, md2, sizeof(md2)));
440
}
440
}
441
441
442
/*
442
/*
443
 * process input packet.
443
 * process input packet.
444
 * we have rearranged checks order compared to the rfc,
444
 * we have rearranged checks order compared to the rfc,
445
 * but it seems more efficient this way or not possible otherwise.
445
 * but it seems more efficient this way or not possible otherwise.
446
 */
446
 */
447
#ifdef INET
447
#ifdef INET
448
int
448
int
449
carp_input(struct mbuf **mp, int *offp, int proto)
449
carp_input(struct mbuf **mp, int *offp, int proto)
450
{
450
{
451
	struct mbuf *m = *mp;
451
	struct mbuf *m = *mp;
452
	struct ip *ip = mtod(m, struct ip *);
452
	struct ip *ip = mtod(m, struct ip *);
453
	struct carp_header *ch;
453
	struct carp_header *ch;
454
	int iplen, len;
454
	int iplen, len;
455
455
456
	iplen = *offp;
456
	iplen = *offp;
457
	*mp = NULL;
457
	*mp = NULL;
458
458
459
	CARPSTATS_INC(carps_ipackets);
459
	CARPSTATS_INC(carps_ipackets);
460
460
461
	if (!V_carp_allow) {
461
	if (!V_carp_allow) {
462
		m_freem(m);
462
		m_freem(m);
463
		return (IPPROTO_DONE);
463
		return (IPPROTO_DONE);
464
	}
464
	}
465
465
466
	/* verify that the IP TTL is 255.  */
466
	/* verify that the IP TTL is 255.  */
467
	if (ip->ip_ttl != CARP_DFLTTL) {
467
	if (ip->ip_ttl != CARP_DFLTTL) {
468
		CARPSTATS_INC(carps_badttl);
468
		CARPSTATS_INC(carps_badttl);
469
		CARP_DEBUG("%s: received ttl %d != 255 on %s\n", __func__,
469
		CARP_DEBUG("%s: received ttl %d != 255 on %s\n", __func__,
470
		    ip->ip_ttl,
470
		    ip->ip_ttl,
471
		    m->m_pkthdr.rcvif->if_xname);
471
		    m->m_pkthdr.rcvif->if_xname);
472
		m_freem(m);
472
		m_freem(m);
473
		return (IPPROTO_DONE);
473
		return (IPPROTO_DONE);
474
	}
474
	}
475
475
476
	iplen = ip->ip_hl << 2;
476
	iplen = ip->ip_hl << 2;
477
477
478
	if (m->m_pkthdr.len < iplen + sizeof(*ch)) {
478
	if (m->m_pkthdr.len < iplen + sizeof(*ch)) {
479
		CARPSTATS_INC(carps_badlen);
479
		CARPSTATS_INC(carps_badlen);
480
		CARP_DEBUG("%s: received len %zd < sizeof(struct carp_header) "
480
		CARP_DEBUG("%s: received len %zd < sizeof(struct carp_header) "
481
		    "on %s\n", __func__, m->m_len - sizeof(struct ip),
481
		    "on %s\n", __func__, m->m_len - sizeof(struct ip),
482
		    m->m_pkthdr.rcvif->if_xname);
482
		    m->m_pkthdr.rcvif->if_xname);
483
		m_freem(m);
483
		m_freem(m);
484
		return (IPPROTO_DONE);
484
		return (IPPROTO_DONE);
485
	}
485
	}
486
486
487
	if (iplen + sizeof(*ch) < m->m_len) {
487
	if (iplen + sizeof(*ch) < m->m_len) {
488
		if ((m = m_pullup(m, iplen + sizeof(*ch))) == NULL) {
488
		if ((m = m_pullup(m, iplen + sizeof(*ch))) == NULL) {
489
			CARPSTATS_INC(carps_hdrops);
489
			CARPSTATS_INC(carps_hdrops);
490
			CARP_DEBUG("%s: pullup failed\n", __func__);
490
			CARP_DEBUG("%s: pullup failed\n", __func__);
491
			return (IPPROTO_DONE);
491
			return (IPPROTO_DONE);
492
		}
492
		}
493
		ip = mtod(m, struct ip *);
493
		ip = mtod(m, struct ip *);
494
	}
494
	}
495
	ch = (struct carp_header *)((char *)ip + iplen);
495
	ch = (struct carp_header *)((char *)ip + iplen);
496
496
497
	/*
497
	/*
498
	 * verify that the received packet length is
498
	 * verify that the received packet length is
499
	 * equal to the CARP header
499
	 * equal to the CARP header
500
	 */
500
	 */
501
	len = iplen + sizeof(*ch);
501
	len = iplen + sizeof(*ch);
502
	if (len > m->m_pkthdr.len) {
502
	if (len > m->m_pkthdr.len) {
503
		CARPSTATS_INC(carps_badlen);
503
		CARPSTATS_INC(carps_badlen);
504
		CARP_DEBUG("%s: packet too short %d on %s\n", __func__,
504
		CARP_DEBUG("%s: packet too short %d on %s\n", __func__,
505
		    m->m_pkthdr.len,
505
		    m->m_pkthdr.len,
506
		    m->m_pkthdr.rcvif->if_xname);
506
		    m->m_pkthdr.rcvif->if_xname);
507
		m_freem(m);
507
		m_freem(m);
508
		return (IPPROTO_DONE);
508
		return (IPPROTO_DONE);
509
	}
509
	}
510
510
511
	if ((m = m_pullup(m, len)) == NULL) {
511
	if ((m = m_pullup(m, len)) == NULL) {
512
		CARPSTATS_INC(carps_hdrops);
512
		CARPSTATS_INC(carps_hdrops);
513
		return (IPPROTO_DONE);
513
		return (IPPROTO_DONE);
514
	}
514
	}
515
	ip = mtod(m, struct ip *);
515
	ip = mtod(m, struct ip *);
516
	ch = (struct carp_header *)((char *)ip + iplen);
516
	ch = (struct carp_header *)((char *)ip + iplen);
517
517
518
	/* verify the CARP checksum */
518
	/* verify the CARP checksum */
519
	m->m_data += iplen;
519
	m->m_data += iplen;
520
	if (in_cksum(m, len - iplen)) {
520
	if (in_cksum(m, len - iplen)) {
521
		CARPSTATS_INC(carps_badsum);
521
		CARPSTATS_INC(carps_badsum);
522
		CARP_DEBUG("%s: checksum failed on %s\n", __func__,
522
		CARP_DEBUG("%s: checksum failed on %s\n", __func__,
523
		    m->m_pkthdr.rcvif->if_xname);
523
		    m->m_pkthdr.rcvif->if_xname);
524
		m_freem(m);
524
		m_freem(m);
525
		return (IPPROTO_DONE);
525
		return (IPPROTO_DONE);
526
	}
526
	}
527
	m->m_data -= iplen;
527
	m->m_data -= iplen;
528
528
529
	carp_input_c(m, ch, AF_INET);
529
	carp_input_c(m, ch, AF_INET);
530
	return (IPPROTO_DONE);
530
	return (IPPROTO_DONE);
531
}
531
}
532
#endif
532
#endif
533
533
534
#ifdef INET6
534
#ifdef INET6
535
int
535
int
536
carp6_input(struct mbuf **mp, int *offp, int proto)
536
carp6_input(struct mbuf **mp, int *offp, int proto)
537
{
537
{
538
	struct mbuf *m = *mp;
538
	struct mbuf *m = *mp;
539
	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
539
	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
540
	struct carp_header *ch;
540
	struct carp_header *ch;
541
	u_int len;
541
	u_int len;
542
542
543
	CARPSTATS_INC(carps_ipackets6);
543
	CARPSTATS_INC(carps_ipackets6);
544
544
545
	if (!V_carp_allow) {
545
	if (!V_carp_allow) {
546
		m_freem(m);
546
		m_freem(m);
547
		return (IPPROTO_DONE);
547
		return (IPPROTO_DONE);
548
	}
548
	}
549
549
550
	/* check if received on a valid carp interface */
550
	/* check if received on a valid carp interface */
551
	if (m->m_pkthdr.rcvif->if_carp == NULL) {
551
	if (m->m_pkthdr.rcvif->if_carp == NULL) {
552
		CARPSTATS_INC(carps_badif);
552
		CARPSTATS_INC(carps_badif);
553
		CARP_DEBUG("%s: packet received on non-carp interface: %s\n",
553
		CARP_DEBUG("%s: packet received on non-carp interface: %s\n",
554
		    __func__, m->m_pkthdr.rcvif->if_xname);
554
		    __func__, m->m_pkthdr.rcvif->if_xname);
555
		m_freem(m);
555
		m_freem(m);
556
		return (IPPROTO_DONE);
556
		return (IPPROTO_DONE);
557
	}
557
	}
558
558
559
	/* verify that the IP TTL is 255 */
559
	/* verify that the IP TTL is 255 */
560
	if (ip6->ip6_hlim != CARP_DFLTTL) {
560
	if (ip6->ip6_hlim != CARP_DFLTTL) {
561
		CARPSTATS_INC(carps_badttl);
561
		CARPSTATS_INC(carps_badttl);
562
		CARP_DEBUG("%s: received ttl %d != 255 on %s\n", __func__,
562
		CARP_DEBUG("%s: received ttl %d != 255 on %s\n", __func__,
563
		    ip6->ip6_hlim, m->m_pkthdr.rcvif->if_xname);
563
		    ip6->ip6_hlim, m->m_pkthdr.rcvif->if_xname);
564
		m_freem(m);
564
		m_freem(m);
565
		return (IPPROTO_DONE);
565
		return (IPPROTO_DONE);
566
	}
566
	}
567
567
568
	/* verify that we have a complete carp packet */
568
	/* verify that we have a complete carp packet */
569
	len = m->m_len;
569
	len = m->m_len;
570
	IP6_EXTHDR_GET(ch, struct carp_header *, m, *offp, sizeof(*ch));
570
	IP6_EXTHDR_GET(ch, struct carp_header *, m, *offp, sizeof(*ch));
571
	if (ch == NULL) {
571
	if (ch == NULL) {
572
		CARPSTATS_INC(carps_badlen);
572
		CARPSTATS_INC(carps_badlen);
573
		CARP_DEBUG("%s: packet size %u too small\n", __func__, len);
573
		CARP_DEBUG("%s: packet size %u too small\n", __func__, len);
574
		return (IPPROTO_DONE);
574
		return (IPPROTO_DONE);
575
	}
575
	}
576
576
577
577
578
	/* verify the CARP checksum */
578
	/* verify the CARP checksum */
579
	m->m_data += *offp;
579
	m->m_data += *offp;
580
	if (in_cksum(m, sizeof(*ch))) {
580
	if (in_cksum(m, sizeof(*ch))) {
581
		CARPSTATS_INC(carps_badsum);
581
		CARPSTATS_INC(carps_badsum);
582
		CARP_DEBUG("%s: checksum failed, on %s\n", __func__,
582
		CARP_DEBUG("%s: checksum failed, on %s\n", __func__,
583
		    m->m_pkthdr.rcvif->if_xname);
583
		    m->m_pkthdr.rcvif->if_xname);
584
		m_freem(m);
584
		m_freem(m);
585
		return (IPPROTO_DONE);
585
		return (IPPROTO_DONE);
586
	}
586
	}
587
	m->m_data -= *offp;
587
	m->m_data -= *offp;
588
588
589
	carp_input_c(m, ch, AF_INET6);
589
	carp_input_c(m, ch, AF_INET6);
590
	return (IPPROTO_DONE);
590
	return (IPPROTO_DONE);
591
}
591
}
592
#endif /* INET6 */
592
#endif /* INET6 */
593
593
594
/*
594
/*
595
 * This routine should not be necessary at all, but some switches
595
 * This routine should not be necessary at all, but some switches
596
 * (VMWare ESX vswitches) can echo our own packets back at us,
596
 * (VMWare ESX vswitches) can echo our own packets back at us,
597
 * and we must ignore them or they will cause us to drop out of
597
 * and we must ignore them or they will cause us to drop out of
598
 * MASTER mode.
598
 * MASTER mode.
599
 *
599
 *
600
 * We cannot catch all cases of network loops.  Instead, what we
600
 * We cannot catch all cases of network loops.  Instead, what we
601
 * do here is catch any packet that arrives with a carp header
601
 * do here is catch any packet that arrives with a carp header
602
 * with a VHID of 0, that comes from an address that is our own.
602
 * with a VHID of 0, that comes from an address that is our own.
603
 * These packets are by definition "from us" (even if they are from
603
 * These packets are by definition "from us" (even if they are from
604
 * a misconfigured host that is pretending to be us).
604
 * a misconfigured host that is pretending to be us).
605
 *
605
 *
606
 * The VHID test is outside this mini-function.
606
 * The VHID test is outside this mini-function.
607
 */
607
 */
608
static int
608
static int
609
carp_source_is_self(struct mbuf *m, struct ifaddr *ifa, sa_family_t af)
609
carp_source_is_self(struct mbuf *m, struct ifaddr *ifa, sa_family_t af)
610
{
610
{
611
#ifdef INET
611
#ifdef INET
612
	struct ip *ip4;
612
	struct ip *ip4;
613
	struct in_addr in4;
613
	struct in_addr in4;
614
#endif
614
#endif
615
#ifdef INET6
615
#ifdef INET6
616
	struct ip6_hdr *ip6;
616
	struct ip6_hdr *ip6;
617
	struct in6_addr in6;
617
	struct in6_addr in6;
618
#endif
618
#endif
619
619
620
	switch (af) {
620
	switch (af) {
621
#ifdef INET
621
#ifdef INET
622
	case AF_INET:
622
	case AF_INET:
623
		ip4 = mtod(m, struct ip *);
623
		ip4 = mtod(m, struct ip *);
624
		in4 = ifatoia(ifa)->ia_addr.sin_addr;
624
		in4 = ifatoia(ifa)->ia_addr.sin_addr;
625
		return (in4.s_addr == ip4->ip_src.s_addr);
625
		return (in4.s_addr == ip4->ip_src.s_addr);
626
#endif
626
#endif
627
#ifdef INET6
627
#ifdef INET6
628
	case AF_INET6:
628
	case AF_INET6:
629
		ip6 = mtod(m, struct ip6_hdr *);
629
		ip6 = mtod(m, struct ip6_hdr *);
630
		in6 = ifatoia6(ifa)->ia_addr.sin6_addr;
630
		in6 = ifatoia6(ifa)->ia_addr.sin6_addr;
631
		return (memcmp(&in6, &ip6->ip6_src, sizeof(in6)) == 0);
631
		return (memcmp(&in6, &ip6->ip6_src, sizeof(in6)) == 0);
632
#endif
632
#endif
633
	default:
633
	default:
634
		break;
634
		break;
635
	}
635
	}
636
	return (0);
636
	return (0);
637
}
637
}
638
638
639
static void
639
static void
640
carp_input_c(struct mbuf *m, struct carp_header *ch, sa_family_t af)
640
carp_input_c(struct mbuf *m, struct carp_header *ch, sa_family_t af)
641
{
641
{
642
	struct ifnet *ifp = m->m_pkthdr.rcvif;
642
	struct ifnet *ifp = m->m_pkthdr.rcvif;
643
	struct ifaddr *ifa, *match;
643
	struct ifaddr *ifa, *match;
644
	struct carp_softc *sc;
644
	struct carp_softc *sc;
645
	uint64_t tmp_counter;
645
	uint64_t tmp_counter;
646
	struct timeval sc_tv, ch_tv;
646
	struct timeval sc_tv, ch_tv;
647
	struct epoch_tracker et;
647
	struct epoch_tracker et;
648
	int error;
648
	int error;
649
649
650
	/*
650
	/*
651
	 * Verify that the VHID is valid on the receiving interface.
651
	 * Verify that the VHID is valid on the receiving interface.
652
	 *
652
	 *
653
	 * There should be just one match.  If there are none
653
	 * There should be just one match.  If there are none
654
	 * the VHID is not valid and we drop the packet.  If
654
	 * the VHID is not valid and we drop the packet.  If
655
	 * there are multiple VHID matches, take just the first
655
	 * there are multiple VHID matches, take just the first
656
	 * one, for compatibility with previous code.  While we're
656
	 * one, for compatibility with previous code.  While we're
657
	 * scanning, check for obvious loops in the network topology
657
	 * scanning, check for obvious loops in the network topology
658
	 * (these should never happen, and as noted above, we may
658
	 * (these should never happen, and as noted above, we may
659
	 * miss real loops; this is just a double-check).
659
	 * miss real loops; this is just a double-check).
660
	 */
660
	 */
661
	NET_EPOCH_ENTER(et);
661
	NET_EPOCH_ENTER(et);
662
	error = 0;
662
	error = 0;
663
	match = NULL;
663
	match = NULL;
664
	IFNET_FOREACH_IFA(ifp, ifa) {
664
	IFNET_FOREACH_IFA(ifp, ifa) {
665
		if (match == NULL && ifa->ifa_carp != NULL &&
665
		if (match == NULL && ifa->ifa_carp != NULL &&
666
		    ifa->ifa_addr->sa_family == af &&
666
		    ifa->ifa_addr->sa_family == af &&
667
		    ifa->ifa_carp->sc_vhid == ch->carp_vhid)
667
		    ifa->ifa_carp->sc_vhid == ch->carp_vhid)
668
			match = ifa;
668
			match = ifa;
669
		if (ch->carp_vhid == 0 && carp_source_is_self(m, ifa, af))
669
		if (ch->carp_vhid == 0 && carp_source_is_self(m, ifa, af))
670
			error = ELOOP;
670
			error = ELOOP;
671
	}
671
	}
672
	ifa = error ? NULL : match;
672
	ifa = error ? NULL : match;
673
	if (ifa != NULL)
673
	if (ifa != NULL)
674
		ifa_ref(ifa);
674
		ifa_ref(ifa);
675
	NET_EPOCH_EXIT(et);
675
	NET_EPOCH_EXIT(et);
676
676
677
	if (ifa == NULL) {
677
	if (ifa == NULL) {
678
		if (error == ELOOP) {
678
		if (error == ELOOP) {
679
			CARP_DEBUG("dropping looped packet on interface %s\n",
679
			CARP_DEBUG("dropping looped packet on interface %s\n",
680
			    ifp->if_xname);
680
			    ifp->if_xname);
681
			CARPSTATS_INC(carps_badif);	/* ??? */
681
			CARPSTATS_INC(carps_badif);	/* ??? */
682
		} else {
682
		} else {
683
			CARPSTATS_INC(carps_badvhid);
683
			CARPSTATS_INC(carps_badvhid);
684
		}
684
		}
685
		m_freem(m);
685
		m_freem(m);
686
		return;
686
		return;
687
	}
687
	}
688
688
689
	/* verify the CARP version. */
689
	/* verify the CARP version. */
690
	if (ch->carp_version != CARP_VERSION) {
690
	if (ch->carp_version != CARP_VERSION) {
691
		CARPSTATS_INC(carps_badver);
691
		CARPSTATS_INC(carps_badver);
692
		CARP_DEBUG("%s: invalid version %d\n", ifp->if_xname,
692
		CARP_DEBUG("%s: invalid version %d\n", ifp->if_xname,
693
		    ch->carp_version);
693
		    ch->carp_version);
694
		ifa_free(ifa);
694
		ifa_free(ifa);
695
		m_freem(m);
695
		m_freem(m);
696
		return;
696
		return;
697
	}
697
	}
698
698
699
	sc = ifa->ifa_carp;
699
	sc = ifa->ifa_carp;
700
	CARP_LOCK(sc);
700
	CARP_LOCK(sc);
701
	ifa_free(ifa);
701
	ifa_free(ifa);
702
702
703
	if (carp_hmac_verify(sc, ch->carp_counter, ch->carp_md)) {
703
	if (carp_hmac_verify(sc, ch->carp_counter, ch->carp_md)) {
704
		CARPSTATS_INC(carps_badauth);
704
		CARPSTATS_INC(carps_badauth);
705
		CARP_DEBUG("%s: incorrect hash for VHID %u@%s\n", __func__,
705
		CARP_DEBUG("%s: incorrect hash for VHID %u@%s\n", __func__,
706
		    sc->sc_vhid, ifp->if_xname);
706
		    sc->sc_vhid, ifp->if_xname);
707
		goto out;
707
		goto out;
708
	}
708
	}
709
709
710
	tmp_counter = ntohl(ch->carp_counter[0]);
710
	tmp_counter = ntohl(ch->carp_counter[0]);
711
	tmp_counter = tmp_counter<<32;
711
	tmp_counter = tmp_counter<<32;
712
	tmp_counter += ntohl(ch->carp_counter[1]);
712
	tmp_counter += ntohl(ch->carp_counter[1]);
713
713
714
	/* XXX Replay protection goes here */
714
	/* XXX Replay protection goes here */
715
715
716
	sc->sc_init_counter = 0;
716
	sc->sc_init_counter = 0;
717
	sc->sc_counter = tmp_counter;
717
	sc->sc_counter = tmp_counter;
718
718
719
	sc_tv.tv_sec = sc->sc_advbase;
719
	sc_tv.tv_sec = sc->sc_advbase;
720
	sc_tv.tv_usec = DEMOTE_ADVSKEW(sc) * 1000000 / 256;
720
	sc_tv.tv_usec = DEMOTE_ADVSKEW(sc) * 1000000 / 256;
721
	ch_tv.tv_sec = ch->carp_advbase;
721
	ch_tv.tv_sec = ch->carp_advbase;
722
	ch_tv.tv_usec = ch->carp_advskew * 1000000 / 256;
722
	ch_tv.tv_usec = ch->carp_advskew * 1000000 / 256;
723
723
724
	switch (sc->sc_state) {
724
	switch (sc->sc_state) {
725
	case INIT:
725
	case INIT:
726
		break;
726
		break;
727
	case MASTER:
727
	case MASTER:
728
		/*
728
		/*
729
		 * If we receive an advertisement from a master who's going to
729
		 * If we receive an advertisement from a master who's going to
730
		 * be more frequent than us, go into BACKUP state.
730
		 * be more frequent than us, go into BACKUP state.
731
		 */
731
		 */
732
		if (timevalcmp(&sc_tv, &ch_tv, >) ||
732
		if (timevalcmp(&sc_tv, &ch_tv, >) ||
733
		    timevalcmp(&sc_tv, &ch_tv, ==)) {
733
		    timevalcmp(&sc_tv, &ch_tv, ==)) {
734
			callout_stop(&sc->sc_ad_tmo);
734
			callout_stop(&sc->sc_ad_tmo);
735
			carp_set_state(sc, BACKUP,
735
			carp_set_state(sc, BACKUP,
736
			    "more frequent advertisement received");
736
			    "more frequent advertisement received");
737
			carp_setrun(sc, 0);
737
			carp_setrun(sc, 0);
738
			carp_delroute(sc);
738
			carp_delroute(sc);
739
		}
739
		}
740
		break;
740
		break;
741
	case BACKUP:
741
	case BACKUP:
742
		/*
742
		/*
743
		 * If we're pre-empting masters who advertise slower than us,
743
		 * If we're pre-empting masters who advertise slower than us,
744
		 * and this one claims to be slower, treat him as down.
744
		 * and this one claims to be slower, treat him as down.
745
		 */
745
		 */
746
		if (V_carp_preempt && timevalcmp(&sc_tv, &ch_tv, <)) {
746
		if (V_carp_preempt && timevalcmp(&sc_tv, &ch_tv, <)) {
747
			carp_master_down_locked(sc,
747
			carp_master_down_locked(sc,
748
			    "preempting a slower master");
748
			    "preempting a slower master");
749
			break;
749
			break;
750
		}
750
		}
751
751
752
		/*
752
		/*
753
		 *  If the master is going to advertise at such a low frequency
753
		 *  If the master is going to advertise at such a low frequency
754
		 *  that he's guaranteed to time out, we'd might as well just
754
		 *  that he's guaranteed to time out, we'd might as well just
755
		 *  treat him as timed out now.
755
		 *  treat him as timed out now.
756
		 */
756
		 */
757
		sc_tv.tv_sec = sc->sc_advbase * 3;
757
		sc_tv.tv_sec = sc->sc_advbase * 3;
758
		if (timevalcmp(&sc_tv, &ch_tv, <)) {
758
		if (timevalcmp(&sc_tv, &ch_tv, <)) {
759
			carp_master_down_locked(sc, "master will time out");
759
			carp_master_down_locked(sc, "master will time out");
760
			break;
760
			break;
761
		}
761
		}
762
762
763
		/*
763
		/*
764
		 * Otherwise, we reset the counter and wait for the next
764
		 * Otherwise, we reset the counter and wait for the next
765
		 * advertisement.
765
		 * advertisement.
766
		 */
766
		 */
767
		carp_setrun(sc, af);
767
		carp_setrun(sc, af);
768
		break;
768
		break;
769
	}
769
	}
770
770
771
out:
771
out:
772
	CARP_UNLOCK(sc);
772
	CARP_UNLOCK(sc);
773
	m_freem(m);
773
	m_freem(m);
774
}
774
}
775
775
776
static int
776
static int
777
carp_prepare_ad(struct mbuf *m, struct carp_softc *sc, struct carp_header *ch)
777
carp_prepare_ad(struct mbuf *m, struct carp_softc *sc, struct carp_header *ch)
778
{
778
{
779
	struct m_tag *mtag;
779
	struct m_tag *mtag;
780
780
781
	if (sc->sc_init_counter) {
781
	if (sc->sc_init_counter) {
782
		/* this could also be seconds since unix epoch */
782
		/* this could also be seconds since unix epoch */
783
		sc->sc_counter = arc4random();
783
		sc->sc_counter = arc4random();
784
		sc->sc_counter = sc->sc_counter << 32;
784
		sc->sc_counter = sc->sc_counter << 32;
785
		sc->sc_counter += arc4random();
785
		sc->sc_counter += arc4random();
786
	} else
786
	} else
787
		sc->sc_counter++;
787
		sc->sc_counter++;
788
788
789
	ch->carp_counter[0] = htonl((sc->sc_counter>>32)&0xffffffff);
789
	ch->carp_counter[0] = htonl((sc->sc_counter>>32)&0xffffffff);
790
	ch->carp_counter[1] = htonl(sc->sc_counter&0xffffffff);
790
	ch->carp_counter[1] = htonl(sc->sc_counter&0xffffffff);
791
791
792
	carp_hmac_generate(sc, ch->carp_counter, ch->carp_md);
792
	carp_hmac_generate(sc, ch->carp_counter, ch->carp_md);
793
793
794
	/* Tag packet for carp_output */
794
	/* Tag packet for carp_output */
795
	if ((mtag = m_tag_get(PACKET_TAG_CARP, sizeof(struct carp_softc *),
795
	if ((mtag = m_tag_get(PACKET_TAG_CARP, sizeof(struct carp_softc *),
796
	    M_NOWAIT)) == NULL) {
796
	    M_NOWAIT)) == NULL) {
797
		m_freem(m);
797
		m_freem(m);
798
		CARPSTATS_INC(carps_onomem);
798
		CARPSTATS_INC(carps_onomem);
799
		return (ENOMEM);
799
		return (ENOMEM);
800
	}
800
	}
801
	bcopy(&sc, mtag + 1, sizeof(sc));
801
	bcopy(&sc, mtag + 1, sizeof(sc));
802
	m_tag_prepend(m, mtag);
802
	m_tag_prepend(m, mtag);
803
803
804
	return (0);
804
	return (0);
805
}
805
}
806
806
807
/*
807
/*
808
 * To avoid LORs and possible recursions this function shouldn't
808
 * To avoid LORs and possible recursions this function shouldn't
809
 * be called directly, but scheduled via taskqueue.
809
 * be called directly, but scheduled via taskqueue.
810
 */
810
 */
811
static void
811
static void
812
carp_send_ad_all(void *ctx __unused, int pending __unused)
812
carp_send_ad_all(void *ctx __unused, int pending __unused)
813
{
813
{
814
	struct carp_softc *sc;
814
	struct carp_softc *sc;
815
815
816
	mtx_lock(&carp_mtx);
816
	mtx_lock(&carp_mtx);
817
	LIST_FOREACH(sc, &carp_list, sc_next)
817
	LIST_FOREACH(sc, &carp_list, sc_next)
818
		if (sc->sc_state == MASTER) {
818
		if (sc->sc_state == MASTER) {
819
			CARP_LOCK(sc);
819
			CARP_LOCK(sc);
820
			CURVNET_SET(sc->sc_carpdev->if_vnet);
820
			CURVNET_SET(sc->sc_carpdev->if_vnet);
821
			carp_send_ad_locked(sc);
821
			carp_send_ad_locked(sc);
822
			CURVNET_RESTORE();
822
			CURVNET_RESTORE();
823
			CARP_UNLOCK(sc);
823
			CARP_UNLOCK(sc);
824
		}
824
		}
825
	mtx_unlock(&carp_mtx);
825
	mtx_unlock(&carp_mtx);
826
}
826
}
827
827
828
/* Send a periodic advertisement, executed in callout context. */
828
/* Send a periodic advertisement, executed in callout context. */
829
static void
829
static void
830
carp_send_ad(void *v)
830
carp_send_ad(void *v)
831
{
831
{
832
	struct carp_softc *sc = v;
832
	struct carp_softc *sc = v;
833
833
834
	CARP_LOCK_ASSERT(sc);
834
	CARP_LOCK_ASSERT(sc);
835
	CURVNET_SET(sc->sc_carpdev->if_vnet);
835
	CURVNET_SET(sc->sc_carpdev->if_vnet);
836
	carp_send_ad_locked(sc);
836
	carp_send_ad_locked(sc);
837
	CURVNET_RESTORE();
837
	CURVNET_RESTORE();
838
	CARP_UNLOCK(sc);
838
	CARP_UNLOCK(sc);
839
}
839
}
840
840
841
static void
841
static void
842
carp_send_ad_error(struct carp_softc *sc, int error)
842
carp_send_ad_error(struct carp_softc *sc, int error)
843
{
843
{
844
844
845
	if (error) {
845
	if (error) {
846
		if (sc->sc_sendad_errors < INT_MAX)
846
		if (sc->sc_sendad_errors < INT_MAX)
847
			sc->sc_sendad_errors++;
847
			sc->sc_sendad_errors++;
848
		if (sc->sc_sendad_errors == CARP_SENDAD_MAX_ERRORS) {
848
		if (sc->sc_sendad_errors == CARP_SENDAD_MAX_ERRORS) {
849
			static const char fmt[] = "send error %d on %s";
849
			static const char fmt[] = "send error %d on %s";
850
			char msg[sizeof(fmt) + IFNAMSIZ];
850
			char msg[sizeof(fmt) + IFNAMSIZ];
851
851
852
			sprintf(msg, fmt, error, sc->sc_carpdev->if_xname);
852
			sprintf(msg, fmt, error, sc->sc_carpdev->if_xname);
853
			carp_demote_adj(V_carp_senderr_adj, msg);
853
			carp_demote_adj(V_carp_senderr_adj, msg);
854
		}
854
		}
855
		sc->sc_sendad_success = 0;
855
		sc->sc_sendad_success = 0;
856
	} else {
856
	} else {
857
		if (sc->sc_sendad_errors >= CARP_SENDAD_MAX_ERRORS &&
857
		if (sc->sc_sendad_errors >= CARP_SENDAD_MAX_ERRORS &&
858
		    ++sc->sc_sendad_success >= CARP_SENDAD_MIN_SUCCESS) {
858
		    ++sc->sc_sendad_success >= CARP_SENDAD_MIN_SUCCESS) {
859
			static const char fmt[] = "send ok on %s";
859
			static const char fmt[] = "send ok on %s";
860
			char msg[sizeof(fmt) + IFNAMSIZ];
860
			char msg[sizeof(fmt) + IFNAMSIZ];
861
861
862
			sprintf(msg, fmt, sc->sc_carpdev->if_xname);
862
			sprintf(msg, fmt, sc->sc_carpdev->if_xname);
863
			carp_demote_adj(-V_carp_senderr_adj, msg);
863
			carp_demote_adj(-V_carp_senderr_adj, msg);
864
			sc->sc_sendad_errors = 0;
864
			sc->sc_sendad_errors = 0;
865
		} else
865
		} else
866
			sc->sc_sendad_errors = 0;
866
			sc->sc_sendad_errors = 0;
867
	}
867
	}
868
}
868
}
869
869
870
/*
870
/*
871
 * Pick the best ifaddr on the given ifp for sending CARP
871
 * Pick the best ifaddr on the given ifp for sending CARP
872
 * advertisements.
872
 * advertisements.
873
 *
873
 *
874
 * "Best" here is defined by ifa_preferred().  This function is much
874
 * "Best" here is defined by ifa_preferred().  This function is much
875
 * much like ifaof_ifpforaddr() except that we just use ifa_preferred().
875
 * much like ifaof_ifpforaddr() except that we just use ifa_preferred().
876
 *
876
 *
877
 * (This could be simplified to return the actual address, except that
877
 * (This could be simplified to return the actual address, except that
878
 * it has a different format in AF_INET and AF_INET6.)
878
 * it has a different format in AF_INET and AF_INET6.)
879
 */
879
 */
880
static struct ifaddr *
880
static struct ifaddr *
881
carp_best_ifa(int af, struct ifnet *ifp)
881
carp_best_ifa(int af, struct ifnet *ifp)
882
{
882
{
883
	struct epoch_tracker et;
883
	struct epoch_tracker et;
884
	struct ifaddr *ifa, *best;
884
	struct ifaddr *ifa, *best;
885
885
886
	if (af >= AF_MAX)
886
	if (af >= AF_MAX)
887
		return (NULL);
887
		return (NULL);
888
	best = NULL;
888
	best = NULL;
889
	NET_EPOCH_ENTER(et);
889
	NET_EPOCH_ENTER(et);
890
	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
890
	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
891
		if (ifa->ifa_addr->sa_family == af &&
891
		if (ifa->ifa_addr->sa_family == af &&
892
		    (best == NULL || ifa_preferred(best, ifa)))
892
		    (best == NULL || ifa_preferred(best, ifa)))
893
			best = ifa;
893
			best = ifa;
894
	}
894
	}
895
	NET_EPOCH_EXIT(et);
895
	NET_EPOCH_EXIT(et);
896
	if (best != NULL)
896
	if (best != NULL)
897
		ifa_ref(best);
897
		ifa_ref(best);
898
	return (best);
898
	return (best);
899
}
899
}
900
900
901
static void
901
static void
902
carp_send_ad_locked(struct carp_softc *sc)
902
carp_send_ad_locked(struct carp_softc *sc)
903
{
903
{
904
	struct carp_header ch;
904
	struct carp_header ch;
905
	struct timeval tv;
905
	struct timeval tv;
906
	struct ifaddr *ifa;
906
	struct ifaddr *ifa;
907
	struct carp_header *ch_ptr;
907
	struct carp_header *ch_ptr;
908
	struct mbuf *m;
908
	struct mbuf *m;
909
	int len, advskew;
909
	int len, advskew;
910
910
911
	CARP_LOCK_ASSERT(sc);
911
	CARP_LOCK_ASSERT(sc);
912
912
913
	advskew = DEMOTE_ADVSKEW(sc);
913
	advskew = DEMOTE_ADVSKEW(sc);
914
	tv.tv_sec = sc->sc_advbase;
914
	tv.tv_sec = sc->sc_advbase;
915
	tv.tv_usec = advskew * 1000000 / 256;
915
	tv.tv_usec = advskew * 1000000 / 256;
916
916
917
	ch.carp_version = CARP_VERSION;
917
	ch.carp_version = CARP_VERSION;
918
	ch.carp_type = CARP_ADVERTISEMENT;
918
	ch.carp_type = CARP_ADVERTISEMENT;
919
	ch.carp_vhid = sc->sc_vhid;
919
	ch.carp_vhid = sc->sc_vhid;
920
	ch.carp_advbase = sc->sc_advbase;
920
	ch.carp_advbase = sc->sc_advbase;
921
	ch.carp_advskew = advskew;
921
	ch.carp_advskew = advskew;
922
	ch.carp_authlen = 7;	/* XXX DEFINE */
922
	ch.carp_authlen = 7;	/* XXX DEFINE */
923
	ch.carp_pad1 = 0;	/* must be zero */
923
	ch.carp_pad1 = 0;	/* must be zero */
924
	ch.carp_cksum = 0;
924
	ch.carp_cksum = 0;
925
925
926
	/* XXXGL: OpenBSD picks first ifaddr with needed family. */
926
	/* XXXGL: OpenBSD picks first ifaddr with needed family. */
927
927
928
#ifdef INET
928
#ifdef INET
929
	if (sc->sc_naddrs) {
929
	if (sc->sc_naddrs) {
930
		struct ip *ip;
930
		struct ip *ip;
931
931
932
		m = m_gethdr(M_NOWAIT, MT_DATA);
932
		m = m_gethdr(M_NOWAIT, MT_DATA);
933
		if (m == NULL) {
933
		if (m == NULL) {
934
			CARPSTATS_INC(carps_onomem);
934
			CARPSTATS_INC(carps_onomem);
935
			goto resched;
935
			goto resched;
936
		}
936
		}
937
		len = sizeof(*ip) + sizeof(ch);
937
		len = sizeof(*ip) + sizeof(ch);
938
		m->m_pkthdr.len = len;
938
		m->m_pkthdr.len = len;
939
		m->m_pkthdr.rcvif = NULL;
939
		m->m_pkthdr.rcvif = NULL;
940
		m->m_len = len;
940
		m->m_len = len;
941
		M_ALIGN(m, m->m_len);
941
		M_ALIGN(m, m->m_len);
942
		m->m_flags |= M_MCAST;
942
		m->m_flags |= M_MCAST;
943
		ip = mtod(m, struct ip *);
943
		ip = mtod(m, struct ip *);
944
		ip->ip_v = IPVERSION;
944
		ip->ip_v = IPVERSION;
945
		ip->ip_hl = sizeof(*ip) >> 2;
945
		ip->ip_hl = sizeof(*ip) >> 2;
946
		ip->ip_tos = V_carp_dscp << IPTOS_DSCP_OFFSET;
946
		ip->ip_tos = V_carp_dscp << IPTOS_DSCP_OFFSET;
947
		ip->ip_len = htons(len);
947
		ip->ip_len = htons(len);
948
		ip->ip_off = htons(IP_DF);
948
		ip->ip_off = htons(IP_DF);
949
		ip->ip_ttl = CARP_DFLTTL;
949
		ip->ip_ttl = CARP_DFLTTL;
950
		ip->ip_p = IPPROTO_CARP;
950
		ip->ip_p = IPPROTO_CARP;
951
		ip->ip_sum = 0;
951
		ip->ip_sum = 0;
952
		ip_fillid(ip);
952
		ip_fillid(ip);
953
953
954
		ifa = carp_best_ifa(AF_INET, sc->sc_carpdev);
954
		ifa = carp_best_ifa(AF_INET, sc->sc_carpdev);
955
		if (ifa != NULL) {
955
		if (ifa != NULL) {
956
			ip->ip_src.s_addr =
956
			ip->ip_src.s_addr =
957
			    ifatoia(ifa)->ia_addr.sin_addr.s_addr;
957
			    ifatoia(ifa)->ia_addr.sin_addr.s_addr;
958
			ifa_free(ifa);
958
			ifa_free(ifa);
959
		} else
959
		} else
960
			ip->ip_src.s_addr = 0;
960
			ip->ip_src.s_addr = 0;
961
		ip->ip_dst.s_addr = htonl(INADDR_CARP_GROUP);
961
		ip->ip_dst.s_addr = htonl(INADDR_CARP_GROUP);
962
962
963
		ch_ptr = (struct carp_header *)(&ip[1]);
963
		ch_ptr = (struct carp_header *)(&ip[1]);
964
		bcopy(&ch, ch_ptr, sizeof(ch));
964
		bcopy(&ch, ch_ptr, sizeof(ch));
965
		if (carp_prepare_ad(m, sc, ch_ptr))
965
		if (carp_prepare_ad(m, sc, ch_ptr))
966
			goto resched;
966
			goto resched;
967
967
968
		m->m_data += sizeof(*ip);
968
		m->m_data += sizeof(*ip);
969
		ch_ptr->carp_cksum = in_cksum(m, len - sizeof(*ip));
969
		ch_ptr->carp_cksum = in_cksum(m, len - sizeof(*ip));
970
		m->m_data -= sizeof(*ip);
970
		m->m_data -= sizeof(*ip);
971
971
972
		CARPSTATS_INC(carps_opackets);
972
		CARPSTATS_INC(carps_opackets);
973
973
974
		carp_send_ad_error(sc, ip_output(m, NULL, NULL, IP_RAWOUTPUT,
974
		carp_send_ad_error(sc, ip_output(m, NULL, NULL, IP_RAWOUTPUT,
975
		    &sc->sc_carpdev->if_carp->cif_imo, NULL));
975
		    &sc->sc_carpdev->if_carp->cif_imo, NULL));
976
	}
976
	}
977
#endif /* INET */
977
#endif /* INET */
978
#ifdef INET6
978
#ifdef INET6
979
	if (sc->sc_naddrs6) {
979
	if (sc->sc_naddrs6) {
980
		struct ip6_hdr *ip6;
980
		struct ip6_hdr *ip6;
981
981
982
		m = m_gethdr(M_NOWAIT, MT_DATA);
982
		m = m_gethdr(M_NOWAIT, MT_DATA);
983
		if (m == NULL) {
983
		if (m == NULL) {
984
			CARPSTATS_INC(carps_onomem);
984
			CARPSTATS_INC(carps_onomem);
985
			goto resched;
985
			goto resched;
986
		}
986
		}
987
		len = sizeof(*ip6) + sizeof(ch);
987
		len = sizeof(*ip6) + sizeof(ch);
988
		m->m_pkthdr.len = len;
988
		m->m_pkthdr.len = len;
989
		m->m_pkthdr.rcvif = NULL;
989
		m->m_pkthdr.rcvif = NULL;
990
		m->m_len = len;
990
		m->m_len = len;
991
		M_ALIGN(m, m->m_len);
991
		M_ALIGN(m, m->m_len);
992
		m->m_flags |= M_MCAST;
992
		m->m_flags |= M_MCAST;
993
		ip6 = mtod(m, struct ip6_hdr *);
993
		ip6 = mtod(m, struct ip6_hdr *);
994
		bzero(ip6, sizeof(*ip6));
994
		bzero(ip6, sizeof(*ip6));
995
		ip6->ip6_vfc |= IPV6_VERSION;
995
		ip6->ip6_vfc |= IPV6_VERSION;
996
		/* Traffic class isn't defined in ip6 struct instead
996
		/* Traffic class isn't defined in ip6 struct instead
997
		 * it gets offset into flowid field */
997
		 * it gets offset into flowid field */
998
		ip6->ip6_flow |= htonl(V_carp_dscp << (IPV6_FLOWLABEL_LEN +
998
		ip6->ip6_flow |= htonl(V_carp_dscp << (IPV6_FLOWLABEL_LEN +
999
		    IPTOS_DSCP_OFFSET));
999
		    IPTOS_DSCP_OFFSET));
1000
		ip6->ip6_hlim = CARP_DFLTTL;
1000
		ip6->ip6_hlim = CARP_DFLTTL;
1001
		ip6->ip6_nxt = IPPROTO_CARP;
1001
		ip6->ip6_nxt = IPPROTO_CARP;
1002
1002
1003
		/* set the source address */
1003
		/* set the source address */
1004
		ifa = carp_best_ifa(AF_INET6, sc->sc_carpdev);
1004
		ifa = carp_best_ifa(AF_INET6, sc->sc_carpdev);
1005
		if (ifa != NULL) {
1005
		if (ifa != NULL) {
1006
			bcopy(IFA_IN6(ifa), &ip6->ip6_src,
1006
			bcopy(IFA_IN6(ifa), &ip6->ip6_src,
1007
			    sizeof(struct in6_addr));
1007
			    sizeof(struct in6_addr));
1008
			ifa_free(ifa);
1008
			ifa_free(ifa);
1009
		} else
1009
		} else
1010
			/* This should never happen with IPv6. */
1010
			/* This should never happen with IPv6. */
1011
			bzero(&ip6->ip6_src, sizeof(struct in6_addr));
1011
			bzero(&ip6->ip6_src, sizeof(struct in6_addr));
1012
1012
1013
		/* Set the multicast destination. */
1013
		/* Set the multicast destination. */
1014
		ip6->ip6_dst.s6_addr16[0] = htons(0xff02);
1014
		ip6->ip6_dst.s6_addr16[0] = htons(0xff02);
1015
		ip6->ip6_dst.s6_addr8[15] = 0x12;
1015
		ip6->ip6_dst.s6_addr8[15] = 0x12;
1016
		if (in6_setscope(&ip6->ip6_dst, sc->sc_carpdev, NULL) != 0) {
1016
		if (in6_setscope(&ip6->ip6_dst, sc->sc_carpdev, NULL) != 0) {
1017
			m_freem(m);
1017
			m_freem(m);
1018
			CARP_DEBUG("%s: in6_setscope failed\n", __func__);
1018
			CARP_DEBUG("%s: in6_setscope failed\n", __func__);
1019
			goto resched;
1019
			goto resched;
1020
		}
1020
		}
1021
1021
1022
		ch_ptr = (struct carp_header *)(&ip6[1]);
1022
		ch_ptr = (struct carp_header *)(&ip6[1]);
1023
		bcopy(&ch, ch_ptr, sizeof(ch));
1023
		bcopy(&ch, ch_ptr, sizeof(ch));
1024
		if (carp_prepare_ad(m, sc, ch_ptr))
1024
		if (carp_prepare_ad(m, sc, ch_ptr))
1025
			goto resched;
1025
			goto resched;
1026
1026
1027
		m->m_data += sizeof(*ip6);
1027
		m->m_data += sizeof(*ip6);
1028
		ch_ptr->carp_cksum = in_cksum(m, len - sizeof(*ip6));
1028
		ch_ptr->carp_cksum = in_cksum(m, len - sizeof(*ip6));
1029
		m->m_data -= sizeof(*ip6);
1029
		m->m_data -= sizeof(*ip6);
1030
1030
1031
		CARPSTATS_INC(carps_opackets6);
1031
		CARPSTATS_INC(carps_opackets6);
1032
1032
1033
		carp_send_ad_error(sc, ip6_output(m, NULL, NULL, 0,
1033
		carp_send_ad_error(sc, ip6_output(m, NULL, NULL, 0,
1034
		    &sc->sc_carpdev->if_carp->cif_im6o, NULL, NULL));
1034
		    &sc->sc_carpdev->if_carp->cif_im6o, NULL, NULL));
1035
	}
1035
	}
1036
#endif /* INET6 */
1036
#endif /* INET6 */
1037
1037
1038
resched:
1038
resched:
1039
	callout_reset(&sc->sc_ad_tmo, tvtohz(&tv), carp_send_ad, sc);
1039
	callout_reset(&sc->sc_ad_tmo, tvtohz(&tv), carp_send_ad, sc);
1040
}
1040
}
1041
1041
1042
static void
1042
static void
1043
carp_addroute(struct carp_softc *sc)
1043
carp_addroute(struct carp_softc *sc)
1044
{
1044
{
1045
	struct ifaddr *ifa;
1045
	struct ifaddr *ifa;
1046
1046
1047
	CARP_FOREACH_IFA(sc, ifa)
1047
	CARP_FOREACH_IFA(sc, ifa)
1048
		carp_ifa_addroute(ifa);
1048
		carp_ifa_addroute(ifa);
1049
}
1049
}
1050
1050
1051
static void
1051
static void
1052
carp_ifa_addroute(struct ifaddr *ifa)
1052
carp_ifa_addroute(struct ifaddr *ifa)
1053
{
1053
{
1054
1054
1055
	switch (ifa->ifa_addr->sa_family) {
1055
	switch (ifa->ifa_addr->sa_family) {
1056
#ifdef INET
1056
#ifdef INET
1057
	case AF_INET:
1057
	case AF_INET:
1058
		in_addprefix(ifatoia(ifa), RTF_UP);
1058
		in_addprefix(ifatoia(ifa), RTF_UP);
1059
		ifa_add_loopback_route(ifa,
1059
		ifa_add_loopback_route(ifa,
1060
		    (struct sockaddr *)&ifatoia(ifa)->ia_addr);
1060
		    (struct sockaddr *)&ifatoia(ifa)->ia_addr);
1061
		break;
1061
		break;
1062
#endif
1062
#endif
1063
#ifdef INET6
1063
#ifdef INET6
1064
	case AF_INET6:
1064
	case AF_INET6:
1065
		ifa_add_loopback_route(ifa,
1065
		ifa_add_loopback_route(ifa,
1066
		    (struct sockaddr *)&ifatoia6(ifa)->ia_addr);
1066
		    (struct sockaddr *)&ifatoia6(ifa)->ia_addr);
1067
		nd6_add_ifa_lle(ifatoia6(ifa));
1067
		nd6_add_ifa_lle(ifatoia6(ifa));
1068
		break;
1068
		break;
1069
#endif
1069
#endif
1070
	}
1070
	}
1071
}
1071
}
1072
1072
1073
static void
1073
static void
1074
carp_delroute(struct carp_softc *sc)
1074
carp_delroute(struct carp_softc *sc)
1075
{
1075
{
1076
	struct ifaddr *ifa;
1076
	struct ifaddr *ifa;
1077
1077
1078
	CARP_FOREACH_IFA(sc, ifa)
1078
	CARP_FOREACH_IFA(sc, ifa)
1079
		carp_ifa_delroute(ifa);
1079
		carp_ifa_delroute(ifa);
1080
}
1080
}
1081
1081
1082
static void
1082
static void
1083
carp_ifa_delroute(struct ifaddr *ifa)
1083
carp_ifa_delroute(struct ifaddr *ifa)
1084
{
1084
{
1085
1085
1086
	switch (ifa->ifa_addr->sa_family) {
1086
	switch (ifa->ifa_addr->sa_family) {
1087
#ifdef INET
1087
#ifdef INET
1088
	case AF_INET:
1088
	case AF_INET:
1089
		ifa_del_loopback_route(ifa,
1089
		ifa_del_loopback_route(ifa,
1090
		    (struct sockaddr *)&ifatoia(ifa)->ia_addr);
1090
		    (struct sockaddr *)&ifatoia(ifa)->ia_addr);
1091
		in_scrubprefix(ifatoia(ifa), LLE_STATIC);
1091
		in_scrubprefix(ifatoia(ifa), LLE_STATIC);
1092
		break;
1092
		break;
1093
#endif
1093
#endif
1094
#ifdef INET6
1094
#ifdef INET6
1095
	case AF_INET6:
1095
	case AF_INET6:
1096
		ifa_del_loopback_route(ifa,
1096
		ifa_del_loopback_route(ifa,
1097
		    (struct sockaddr *)&ifatoia6(ifa)->ia_addr);
1097
		    (struct sockaddr *)&ifatoia6(ifa)->ia_addr);
1098
		nd6_rem_ifa_lle(ifatoia6(ifa), 1);
1098
		nd6_rem_ifa_lle(ifatoia6(ifa), 1);
1099
		break;
1099
		break;
1100
#endif
1100
#endif
1101
	}
1101
	}
1102
}
1102
}
1103
1103
1104
int
1104
int
1105
carp_master(struct ifaddr *ifa)
1105
carp_master(struct ifaddr *ifa)
1106
{
1106
{
1107
	struct carp_softc *sc = ifa->ifa_carp;
1107
	struct carp_softc *sc = ifa->ifa_carp;
1108
1108
1109
	return (sc->sc_state == MASTER);
1109
	return (sc->sc_state == MASTER);
1110
}
1110
}
1111
1111
1112
#ifdef INET
1112
#ifdef INET
1113
/*
1113
/*
1114
 * Broadcast a gratuitous ARP request containing
1114
 * Broadcast a gratuitous ARP request containing
1115
 * the virtual router MAC address for each IP address
1115
 * the virtual router MAC address for each IP address
1116
 * associated with the virtual router.
1116
 * associated with the virtual router.
1117
 */
1117
 */
1118
static void
1118
static void
1119
carp_send_arp(struct carp_softc *sc)
1119
carp_send_arp(struct carp_softc *sc)
1120
{
1120
{
1121
	struct ifaddr *ifa;
1121
	struct ifaddr *ifa;
1122
	struct in_addr addr;
1122
	struct in_addr addr;
1123
1123
1124
	CARP_FOREACH_IFA(sc, ifa) {
1124
	CARP_FOREACH_IFA(sc, ifa) {
1125
		if (ifa->ifa_addr->sa_family != AF_INET)
1125
		if (ifa->ifa_addr->sa_family != AF_INET)
1126
			continue;
1126
			continue;
1127
		addr = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr;
1127
		addr = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr;
1128
		arp_announce_ifaddr(sc->sc_carpdev, addr, LLADDR(&sc->sc_addr));
1128
		arp_announce_ifaddr(sc->sc_carpdev, addr, LLADDR(&sc->sc_addr));
1129
	}
1129
	}
1130
}
1130
}
1131
1131
1132
int
1132
int
1133
carp_iamatch(struct ifaddr *ifa, uint8_t **enaddr)
1133
carp_iamatch(struct ifaddr *ifa, uint8_t **enaddr)
1134
{
1134
{
1135
	struct carp_softc *sc = ifa->ifa_carp;
1135
	struct carp_softc *sc = ifa->ifa_carp;
1136
1136
1137
	if (sc->sc_state == MASTER) {
1137
	if (sc->sc_state == MASTER) {
1138
		*enaddr = LLADDR(&sc->sc_addr);
1138
		*enaddr = LLADDR(&sc->sc_addr);
1139
		return (1);
1139
		return (1);
1140
	}
1140
	}
1141
1141
1142
	return (0);
1142
	return (0);
1143
}
1143
}
1144
#endif
1144
#endif
1145
1145
1146
#ifdef INET6
1146
#ifdef INET6
1147
static void
1147
static void
1148
carp_send_na(struct carp_softc *sc)
1148
carp_send_na(struct carp_softc *sc)
1149
{
1149
{
1150
	static struct in6_addr mcast = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
1150
	static struct in6_addr mcast = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
1151
	struct ifaddr *ifa;
1151
	struct ifaddr *ifa;
1152
	struct in6_addr *in6;
1152
	struct in6_addr *in6;
1153
1153
1154
	CARP_FOREACH_IFA(sc, ifa) {
1154
	CARP_FOREACH_IFA(sc, ifa) {
1155
		if (ifa->ifa_addr->sa_family != AF_INET6)
1155
		if (ifa->ifa_addr->sa_family != AF_INET6)
1156
			continue;
1156
			continue;
1157
1157
1158
		in6 = IFA_IN6(ifa);
1158
		in6 = IFA_IN6(ifa);
1159
		nd6_na_output(sc->sc_carpdev, &mcast, in6,
1159
		nd6_na_output(sc->sc_carpdev, &mcast, in6,
1160
		    ND_NA_FLAG_OVERRIDE, 1, NULL);
1160
		    ND_NA_FLAG_OVERRIDE, 1, NULL);
1161
		DELAY(1000);	/* XXX */
1161
		DELAY(1000);	/* XXX */
1162
	}
1162
	}
1163
}
1163
}
1164
1164
1165
/*
1165
/*
1166
 * Returns ifa in case it's a carp address and it is MASTER, or if the address
1166
 * Returns ifa in case it's a carp address and it is MASTER, or if the address
1167
 * matches and is not a carp address.  Returns NULL otherwise.
1167
 * matches and is not a carp address.  Returns NULL otherwise.
1168
 */
1168
 */
1169
struct ifaddr *
1169
struct ifaddr *
1170
carp_iamatch6(struct ifnet *ifp, struct in6_addr *taddr)
1170
carp_iamatch6(struct ifnet *ifp, struct in6_addr *taddr)
1171
{
1171
{
1172
	struct epoch_tracker et;
1172
	struct epoch_tracker et;
1173
	struct ifaddr *ifa;
1173
	struct ifaddr *ifa;
1174
1174
1175
	ifa = NULL;
1175
	ifa = NULL;
1176
	NET_EPOCH_ENTER(et);
1176
	NET_EPOCH_ENTER(et);
1177
	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1177
	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1178
		if (ifa->ifa_addr->sa_family != AF_INET6)
1178
		if (ifa->ifa_addr->sa_family != AF_INET6)
1179
			continue;
1179
			continue;
1180
		if (!IN6_ARE_ADDR_EQUAL(taddr, IFA_IN6(ifa)))
1180
		if (!IN6_ARE_ADDR_EQUAL(taddr, IFA_IN6(ifa)))
1181
			continue;
1181
			continue;
1182
		if (ifa->ifa_carp && ifa->ifa_carp->sc_state != MASTER)
1182
		if (ifa->ifa_carp && ifa->ifa_carp->sc_state != MASTER)
1183
			ifa = NULL;
1183
			ifa = NULL;
1184
		else
1184
		else
1185
			ifa_ref(ifa);
1185
			ifa_ref(ifa);
1186
		break;
1186
		break;
1187
	}
1187
	}
1188
	NET_EPOCH_EXIT(et);
1188
	NET_EPOCH_EXIT(et);
1189
1189
1190
	return (ifa);
1190
	return (ifa);
1191
}
1191
}
1192
1192
1193
caddr_t
1193
caddr_t
1194
carp_macmatch6(struct ifnet *ifp, struct mbuf *m, const struct in6_addr *taddr)
1194
carp_macmatch6(struct ifnet *ifp, struct mbuf *m, const struct in6_addr *taddr)
1195
{
1195
{
1196
	struct epoch_tracker et;
1196
	struct epoch_tracker et;
1197
	struct ifaddr *ifa;
1197
	struct ifaddr *ifa;
1198
1198
1199
	NET_EPOCH_ENTER(et);
1199
	NET_EPOCH_ENTER(et);
1200
	IFNET_FOREACH_IFA(ifp, ifa)
1200
	IFNET_FOREACH_IFA(ifp, ifa)
1201
		if (ifa->ifa_addr->sa_family == AF_INET6 &&
1201
		if (ifa->ifa_addr->sa_family == AF_INET6 &&
1202
		    IN6_ARE_ADDR_EQUAL(taddr, IFA_IN6(ifa))) {
1202
		    IN6_ARE_ADDR_EQUAL(taddr, IFA_IN6(ifa))) {
1203
			struct carp_softc *sc = ifa->ifa_carp;
1203
			struct carp_softc *sc = ifa->ifa_carp;
1204
			struct m_tag *mtag;
1204
			struct m_tag *mtag;
1205
1205
1206
			NET_EPOCH_EXIT(et);
1206
			NET_EPOCH_EXIT(et);
1207
1207
1208
			mtag = m_tag_get(PACKET_TAG_CARP,
1208
			mtag = m_tag_get(PACKET_TAG_CARP,
1209
			    sizeof(struct carp_softc *), M_NOWAIT);
1209
			    sizeof(struct carp_softc *), M_NOWAIT);
1210
			if (mtag == NULL)
1210
			if (mtag == NULL)
1211
				/* Better a bit than nothing. */
1211
				/* Better a bit than nothing. */
1212
				return (LLADDR(&sc->sc_addr));
1212
				return (LLADDR(&sc->sc_addr));
1213
1213
1214
			bcopy(&sc, mtag + 1, sizeof(sc));
1214
			bcopy(&sc, mtag + 1, sizeof(sc));
1215
			m_tag_prepend(m, mtag);
1215
			m_tag_prepend(m, mtag);
1216
1216
1217
			return (LLADDR(&sc->sc_addr));
1217
			return (LLADDR(&sc->sc_addr));
1218
		}
1218
		}
1219
	NET_EPOCH_EXIT(et);
1219
	NET_EPOCH_EXIT(et);
1220
1220
1221
	return (NULL);
1221
	return (NULL);
1222
}
1222
}
1223
#endif /* INET6 */
1223
#endif /* INET6 */
1224
1224
1225
int
1225
int
1226
carp_forus(struct ifnet *ifp, u_char *dhost)
1226
carp_forus(struct ifnet *ifp, u_char *dhost)
1227
{
1227
{
1228
	struct carp_softc *sc;
1228
	struct carp_softc *sc;
1229
	uint8_t *ena = dhost;
1229
	uint8_t *ena = dhost;
1230
1230
1231
	if (ena[0] || ena[1] || ena[2] != 0x5e || ena[3] || ena[4] != 1)
1231
	if (ena[0] || ena[1] || ena[2] != 0x5e || ena[3] || ena[4] != 1)
1232
		return (0);
1232
		return (0);
1233
1233
1234
	CIF_LOCK(ifp->if_carp);
1234
	CIF_LOCK(ifp->if_carp);
1235
	IFNET_FOREACH_CARP(ifp, sc) {
1235
	IFNET_FOREACH_CARP(ifp, sc) {
1236
		CARP_LOCK(sc);
1236
		CARP_LOCK(sc);
1237
		if (sc->sc_state == MASTER && !bcmp(dhost, LLADDR(&sc->sc_addr),
1237
		if (sc->sc_state == MASTER && !bcmp(dhost, LLADDR(&sc->sc_addr),
1238
		    ETHER_ADDR_LEN)) {
1238
		    ETHER_ADDR_LEN)) {
1239
			CARP_UNLOCK(sc);
1239
			CARP_UNLOCK(sc);
1240
			CIF_UNLOCK(ifp->if_carp);
1240
			CIF_UNLOCK(ifp->if_carp);
1241
			return (1);
1241
			return (1);
1242
		}
1242
		}
1243
		CARP_UNLOCK(sc);
1243
		CARP_UNLOCK(sc);
1244
	}
1244
	}
1245
	CIF_UNLOCK(ifp->if_carp);
1245
	CIF_UNLOCK(ifp->if_carp);
1246
1246
1247
	return (0);
1247
	return (0);
1248
}
1248
}
1249
1249
1250
/* Master down timeout event, executed in callout context. */
1250
/* Master down timeout event, executed in callout context. */
1251
static void
1251
static void
1252
carp_master_down(void *v)
1252
carp_master_down(void *v)
1253
{
1253
{
1254
	struct carp_softc *sc = v;
1254
	struct carp_softc *sc = v;
1255
1255
1256
	CARP_LOCK_ASSERT(sc);
1256
	CARP_LOCK_ASSERT(sc);
1257
1257
1258
	CURVNET_SET(sc->sc_carpdev->if_vnet);
1258
	CURVNET_SET(sc->sc_carpdev->if_vnet);
1259
	if (sc->sc_state == BACKUP) {
1259
	if (sc->sc_state == BACKUP) {
1260
		carp_master_down_locked(sc, "master timed out");
1260
		carp_master_down_locked(sc, "master timed out");
1261
	}
1261
	}
1262
	CURVNET_RESTORE();
1262
	CURVNET_RESTORE();
1263
1263
1264
	CARP_UNLOCK(sc);
1264
	CARP_UNLOCK(sc);
1265
}
1265
}
1266
1266
1267
static void
1267
static void
1268
carp_master_down_locked(struct carp_softc *sc, const char *reason)
1268
carp_master_down_locked(struct carp_softc *sc, const char *reason)
1269
{
1269
{
1270
1270
1271
	CARP_LOCK_ASSERT(sc);
1271
	CARP_LOCK_ASSERT(sc);
1272
1272
1273
	switch (sc->sc_state) {
1273
	switch (sc->sc_state) {
1274
	case BACKUP:
1274
	case BACKUP:
1275
		carp_set_state(sc, MASTER, reason);
1275
		carp_set_state(sc, MASTER, reason);
1276
		carp_send_ad_locked(sc);
1276
		carp_send_ad_locked(sc);
1277
#ifdef INET
1277
#ifdef INET
1278
		carp_send_arp(sc);
1278
		carp_send_arp(sc);
1279
#endif
1279
#endif
1280
#ifdef INET6
1280
#ifdef INET6
1281
		carp_send_na(sc);
1281
		carp_send_na(sc);
1282
#endif
1282
#endif
1283
		carp_setrun(sc, 0);
1283
		carp_setrun(sc, 0);
1284
		carp_addroute(sc);
1284
		carp_addroute(sc);
1285
		break;
1285
		break;
1286
	case INIT:
1286
	case INIT:
1287
	case MASTER:
1287
	case MASTER:
1288
#ifdef INVARIANTS
1288
#ifdef INVARIANTS
1289
		panic("carp: VHID %u@%s: master_down event in %s state\n",
1289
		panic("carp: VHID %u@%s: master_down event in %s state\n",
1290
		    sc->sc_vhid,
1290
		    sc->sc_vhid,
1291
		    sc->sc_carpdev->if_xname,
1291
		    sc->sc_carpdev->if_xname,
1292
		    sc->sc_state ? "MASTER" : "INIT");
1292
		    sc->sc_state ? "MASTER" : "INIT");
1293
#endif
1293
#endif
1294
		break;
1294
		break;
1295
	}
1295
	}
1296
}
1296
}
1297
1297
1298
/*
1298
/*
1299
 * When in backup state, af indicates whether to reset the master down timer
1299
 * When in backup state, af indicates whether to reset the master down timer
1300
 * for v4 or v6. If it's set to zero, reset the ones which are already pending.
1300
 * for v4 or v6. If it's set to zero, reset the ones which are already pending.
1301
 */
1301
 */
1302
static void
1302
static void
1303
carp_setrun(struct carp_softc *sc, sa_family_t af)
1303
carp_setrun(struct carp_softc *sc, sa_family_t af)
1304
{
1304
{
1305
	struct timeval tv;
1305
	struct timeval tv;
1306
1306
1307
	CARP_LOCK_ASSERT(sc);
1307
	CARP_LOCK_ASSERT(sc);
1308
1308
1309
	if ((sc->sc_carpdev->if_flags & IFF_UP) == 0 ||
1309
	if ((sc->sc_carpdev->if_flags & IFF_UP) == 0 ||
1310
	    sc->sc_carpdev->if_link_state != LINK_STATE_UP ||
1310
	    sc->sc_carpdev->if_link_state != LINK_STATE_UP ||
1311
	    (sc->sc_naddrs == 0 && sc->sc_naddrs6 == 0) ||
1311
	    (sc->sc_naddrs == 0 && sc->sc_naddrs6 == 0) ||
1312
	    !V_carp_allow)
1312
	    !V_carp_allow)
1313
		return;
1313
		return;
1314
1314
1315
	switch (sc->sc_state) {
1315
	switch (sc->sc_state) {
1316
	case INIT:
1316
	case INIT:
1317
		carp_set_state(sc, BACKUP, "initialization complete");
1317
		carp_set_state(sc, BACKUP, "initialization complete");
1318
		carp_setrun(sc, 0);
1318
		carp_setrun(sc, 0);
1319
		break;
1319
		break;
1320
	case BACKUP:
1320
	case BACKUP:
1321
		callout_stop(&sc->sc_ad_tmo);
1321
		callout_stop(&sc->sc_ad_tmo);
1322
		tv.tv_sec = 3 * sc->sc_advbase;
1322
		tv.tv_sec = 3 * sc->sc_advbase;
1323
		tv.tv_usec = sc->sc_advskew * 1000000 / 256;
1323
		tv.tv_usec = sc->sc_advskew * 1000000 / 256;
1324
		switch (af) {
1324
		switch (af) {
1325
#ifdef INET
1325
#ifdef INET
1326
		case AF_INET:
1326
		case AF_INET:
1327
			callout_reset(&sc->sc_md_tmo, tvtohz(&tv),
1327
			callout_reset(&sc->sc_md_tmo, tvtohz(&tv),
1328
			    carp_master_down, sc);
1328
			    carp_master_down, sc);
1329
			break;
1329
			break;
1330
#endif
1330
#endif
1331
#ifdef INET6
1331
#ifdef INET6
1332
		case AF_INET6:
1332
		case AF_INET6:
1333
			callout_reset(&sc->sc_md6_tmo, tvtohz(&tv),
1333
			callout_reset(&sc->sc_md6_tmo, tvtohz(&tv),
1334
			    carp_master_down, sc);
1334
			    carp_master_down, sc);
1335
			break;
1335
			break;
1336
#endif
1336
#endif
1337
		default:
1337
		default:
1338
#ifdef INET
1338
#ifdef INET
1339
			if (sc->sc_naddrs)
1339
			if (sc->sc_naddrs)
1340
				callout_reset(&sc->sc_md_tmo, tvtohz(&tv),
1340
				callout_reset(&sc->sc_md_tmo, tvtohz(&tv),
1341
				    carp_master_down, sc);
1341
				    carp_master_down, sc);
1342
#endif
1342
#endif
1343
#ifdef INET6
1343
#ifdef INET6
1344
			if (sc->sc_naddrs6)
1344
			if (sc->sc_naddrs6)
1345
				callout_reset(&sc->sc_md6_tmo, tvtohz(&tv),
1345
				callout_reset(&sc->sc_md6_tmo, tvtohz(&tv),
1346
				    carp_master_down, sc);
1346
				    carp_master_down, sc);
1347
#endif
1347
#endif
1348
			break;
1348
			break;
1349
		}
1349
		}
1350
		break;
1350
		break;
1351
	case MASTER:
1351
	case MASTER:
1352
		tv.tv_sec = sc->sc_advbase;
1352
		tv.tv_sec = sc->sc_advbase;
1353
		tv.tv_usec = sc->sc_advskew * 1000000 / 256;
1353
		tv.tv_usec = sc->sc_advskew * 1000000 / 256;
1354
		callout_reset(&sc->sc_ad_tmo, tvtohz(&tv),
1354
		callout_reset(&sc->sc_ad_tmo, tvtohz(&tv),
1355
		    carp_send_ad, sc);
1355
		    carp_send_ad, sc);
1356
		break;
1356
		break;
1357
	}
1357
	}
1358
}
1358
}
1359
1359
1360
/*
1360
/*
1361
 * Setup multicast structures.
1361
 * Setup multicast structures.
1362
 */
1362
 */
1363
static int
1363
static int
1364
carp_multicast_setup(struct carp_if *cif, sa_family_t sa)
1364
carp_multicast_setup(struct carp_if *cif, sa_family_t sa)
1365
{
1365
{
1366
	struct ifnet *ifp = cif->cif_ifp;
1366
	struct ifnet *ifp = cif->cif_ifp;
1367
	int error = 0;
1367
	int error = 0;
1368
1368
1369
	switch (sa) {
1369
	switch (sa) {
1370
#ifdef INET
1370
#ifdef INET
1371
	case AF_INET:
1371
	case AF_INET:
1372
	    {
1372
	    {
1373
		struct ip_moptions *imo = &cif->cif_imo;
1373
		struct ip_moptions *imo = &cif->cif_imo;
1374
		struct in_addr addr;
1374
		struct in_addr addr;
1375
1375
1376
		if (imo->imo_membership)
1376
		if (imo->imo_membership)
1377
			return (0);
1377
			return (0);
1378
1378
1379
		imo->imo_membership = (struct in_multi **)malloc(
1379
		imo->imo_membership = (struct in_multi **)malloc(
1380
		    (sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_CARP,
1380
		    (sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_CARP,
1381
		    M_WAITOK);
1381
		    M_WAITOK);
1382
		imo->imo_mfilters = NULL;
1382
		imo->imo_mfilters = NULL;
1383
		imo->imo_max_memberships = IP_MIN_MEMBERSHIPS;
1383
		imo->imo_max_memberships = IP_MIN_MEMBERSHIPS;
1384
		imo->imo_multicast_vif = -1;
1384
		imo->imo_multicast_vif = -1;
1385
1385
1386
		addr.s_addr = htonl(INADDR_CARP_GROUP);
1386
		addr.s_addr = htonl(INADDR_CARP_GROUP);
1387
		if ((error = in_joingroup(ifp, &addr, NULL,
1387
		if ((error = in_joingroup(ifp, &addr, NULL,
1388
		    &imo->imo_membership[0])) != 0) {
1388
		    &imo->imo_membership[0])) != 0) {
1389
			free(imo->imo_membership, M_CARP);
1389
			free(imo->imo_membership, M_CARP);
1390
			break;
1390
			break;
1391
		}
1391
		}
1392
		imo->imo_num_memberships++;
1392
		imo->imo_num_memberships++;
1393
		imo->imo_multicast_ifp = ifp;
1393
		imo->imo_multicast_ifp = ifp;
1394
		imo->imo_multicast_ttl = CARP_DFLTTL;
1394
		imo->imo_multicast_ttl = CARP_DFLTTL;
1395
		imo->imo_multicast_loop = 0;
1395
		imo->imo_multicast_loop = 0;
1396
		break;
1396
		break;
1397
	   }
1397
	   }
1398
#endif
1398
#endif
1399
#ifdef INET6
1399
#ifdef INET6
1400
	case AF_INET6:
1400
	case AF_INET6:
1401
	    {
1401
	    {
1402
		struct ip6_moptions *im6o = &cif->cif_im6o;
1402
		struct ip6_moptions *im6o = &cif->cif_im6o;
1403
		struct in6_addr in6;
1403
		struct in6_addr in6;
1404
		struct in6_multi *in6m;
1404
		struct in6_multi *in6m;
1405
1405
1406
		if (im6o->im6o_membership)
1406
		if (im6o->im6o_membership)
1407
			return (0);
1407
			return (0);
1408
1408
1409
		im6o->im6o_membership = (struct in6_multi **)malloc(
1409
		im6o->im6o_membership = (struct in6_multi **)malloc(
1410
		    (sizeof(struct in6_multi *) * IPV6_MIN_MEMBERSHIPS), M_CARP,
1410
		    (sizeof(struct in6_multi *) * IPV6_MIN_MEMBERSHIPS), M_CARP,
1411
		    M_ZERO | M_WAITOK);
1411
		    M_ZERO | M_WAITOK);
1412
		im6o->im6o_mfilters = NULL;
1412
		im6o->im6o_mfilters = NULL;
1413
		im6o->im6o_max_memberships = IPV6_MIN_MEMBERSHIPS;
1413
		im6o->im6o_max_memberships = IPV6_MIN_MEMBERSHIPS;
1414
		im6o->im6o_multicast_hlim = CARP_DFLTTL;
1414
		im6o->im6o_multicast_hlim = CARP_DFLTTL;
1415
		im6o->im6o_multicast_ifp = ifp;
1415
		im6o->im6o_multicast_ifp = ifp;
1416
1416
1417
		/* Join IPv6 CARP multicast group. */
1417
		/* Join IPv6 CARP multicast group. */
1418
		bzero(&in6, sizeof(in6));
1418
		bzero(&in6, sizeof(in6));
1419
		in6.s6_addr16[0] = htons(0xff02);
1419
		in6.s6_addr16[0] = htons(0xff02);
1420
		in6.s6_addr8[15] = 0x12;
1420
		in6.s6_addr8[15] = 0x12;
1421
		if ((error = in6_setscope(&in6, ifp, NULL)) != 0) {
1421
		if ((error = in6_setscope(&in6, ifp, NULL)) != 0) {
1422
			free(im6o->im6o_membership, M_CARP);
1422
			free(im6o->im6o_membership, M_CARP);
1423
			break;
1423
			break;
1424
		}
1424
		}
1425
		in6m = NULL;
1425
		in6m = NULL;
1426
		if ((error = in6_joingroup(ifp, &in6, NULL, &in6m, 0)) != 0) {
1426
		if ((error = in6_joingroup(ifp, &in6, NULL, &in6m, 0)) != 0) {
1427
			free(im6o->im6o_membership, M_CARP);
1427
			free(im6o->im6o_membership, M_CARP);
1428
			break;
1428
			break;
1429
		}
1429
		}
1430
		in6m_acquire(in6m);
1430
		in6m_acquire(in6m);
1431
		im6o->im6o_membership[0] = in6m;
1431
		im6o->im6o_membership[0] = in6m;
1432
		im6o->im6o_num_memberships++;
1432
		im6o->im6o_num_memberships++;
1433
1433
1434
		/* Join solicited multicast address. */
1434
		/* Join solicited multicast address. */
1435
		bzero(&in6, sizeof(in6));
1435
		bzero(&in6, sizeof(in6));
1436
		in6.s6_addr16[0] = htons(0xff02);
1436
		in6.s6_addr16[0] = htons(0xff02);
1437
		in6.s6_addr32[1] = 0;
1437
		in6.s6_addr32[1] = 0;
1438
		in6.s6_addr32[2] = htonl(1);
1438
		in6.s6_addr32[2] = htonl(1);
1439
		in6.s6_addr32[3] = 0;
1439
		in6.s6_addr32[3] = 0;
1440
		in6.s6_addr8[12] = 0xff;
1440
		in6.s6_addr8[12] = 0xff;
1441
		if ((error = in6_setscope(&in6, ifp, NULL)) != 0) {
1441
		if ((error = in6_setscope(&in6, ifp, NULL)) != 0) {
1442
			in6_leavegroup(im6o->im6o_membership[0], NULL);
1442
			in6_leavegroup(im6o->im6o_membership[0], NULL);
1443
			free(im6o->im6o_membership, M_CARP);
1443
			free(im6o->im6o_membership, M_CARP);
1444
			break;
1444
			break;
1445
		}
1445
		}
1446
		in6m = NULL;
1446
		in6m = NULL;
1447
		if ((error = in6_joingroup(ifp, &in6, NULL, &in6m, 0)) != 0) {
1447
		if ((error = in6_joingroup(ifp, &in6, NULL, &in6m, 0)) != 0) {
1448
			in6_leavegroup(im6o->im6o_membership[0], NULL);
1448
			in6_leavegroup(im6o->im6o_membership[0], NULL);
1449
			free(im6o->im6o_membership, M_CARP);
1449
			free(im6o->im6o_membership, M_CARP);
1450
			break;
1450
			break;
1451
		}
1451
		}
1452
		in6m_acquire(in6m);
1452
		in6m_acquire(in6m);
1453
		im6o->im6o_membership[1] = in6m;
1453
		im6o->im6o_membership[1] = in6m;
1454
		im6o->im6o_num_memberships++;
1454
		im6o->im6o_num_memberships++;
1455
		break;
1455
		break;
1456
	    }
1456
	    }
1457
#endif
1457
#endif
1458
	}
1458
	}
1459
1459
1460
	return (error);
1460
	return (error);
1461
}
1461
}
1462
1462
1463
/*
1463
/*
1464
 * Free multicast structures.
1464
 * Free multicast structures.
1465
 */
1465
 */
1466
static void
1466
static void
1467
carp_multicast_cleanup(struct carp_if *cif, sa_family_t sa)
1467
carp_multicast_cleanup(struct carp_if *cif, sa_family_t sa)
1468
{
1468
{
1469
1469
1470
	sx_assert(&carp_sx, SA_XLOCKED);
1470
	sx_assert(&carp_sx, SA_XLOCKED);
1471
1471
1472
	switch (sa) {
1472
	switch (sa) {
1473
#ifdef INET
1473
#ifdef INET
1474
	case AF_INET:
1474
	case AF_INET:
1475
		if (cif->cif_naddrs == 0) {
1475
		if (cif->cif_naddrs == 0) {
1476
			struct ip_moptions *imo = &cif->cif_imo;
1476
			struct ip_moptions *imo = &cif->cif_imo;
1477
1477
1478
			in_leavegroup(imo->imo_membership[0], NULL);
1478
			in_leavegroup(imo->imo_membership[0], NULL);
1479
			KASSERT(imo->imo_mf