On 03/ 2/10 03:18 PM, Sebastien Roy wrote:
> I'm submitting the following fast-track for Girish Moodalbail, the
> timer is set for 03/09/2010. This case depends on PSARC 2009/306, the
> release binding is Minor.
I've finally reviewed the case materials -- I wish I had paid more
attention to 2009/306, but my mind was occupied with other things at the
time. (Its not that I had any specific objections, there were just some
surprises here for me -- like the fact that apparently ipadm can only
create or destroy both v4 and v6 interfaces at the same time.)
Anyway, this addendum looks fairly straight-forward.
+1.
- Garrett
>
> 1. Introduction:
> ================
>
> In the course of completing the implementation of Brussels II - ipadm
> and libipadm (PSARC 2009/306), few interface changes were made. They
> are all documented below.
>
> 1.1 Following new interfaces were added since PSARC 2009/306.
> -------------------------------------------------------------
> ------------------------------------------------------------------------------
>
>
> Interface Classification Comments
> ------------------------------------------------------------------------------
>
>
> ipadm down-addr Committed See section 5.6 of [1]
> ipadm up-addr Committed See section 5.7 of [1]
> ipadm reset-addrprop Committed See section 5.8 of [1]
> ipadm disable-if Committed See section 6.0 of [1]
> ipadm enable-if Committed See section 6.0 of [1]
> ipadm disable-addr Committed See section 6.0 of [1]
> ipadm enable-addr Committed See section 6.0 of [1]
>
> SIOCGLIFDADSTATE Consolidation
> Private See section 5.2 of [1]
>
> SIOCSLIFPREFIX Consolidation
> Private See section 5.1.2 of [1]
>
> IFF_NOLINKLOCAL Consolidation
> Private See section 4.1 of [1]
>
> 1.2 updates to 'show-if', 'show-addr', 'show-[if|addr]prop' parsable
> output
> ---------------------------------------------------------------------------
>
>
> * '-P' option has been removed from all of the 'show-*'
> subcommands. All the 'show-*' subcommands will always show both
> CURRENT and PERSISTENT values.
>
> 1.2.1 updates to 'show-if' parsable output
> ------------------------------------------
> [For more details, see section 4.3 of [1] and 'ipadm show-if' in [2]]
>
> * MTU,FLAGS column has been removed
> * CURRENT and PERSISTENT column, which represents both current and
> persistent flags are added.
>
> 1.2.2 updates to 'show-addr' parsable output
> --------------------------------------------
> [For more details, see section 5.2 of [1] and 'ipadm show-addr' in [2]]
>
> * Following column headers are renamed:
> ** s/OBJECT/ADDROBJ/
> ** s/ORIGIN/TYPE/
> * FLAGS column has been removed
> * Following changes are made to STATE column
> ** 'invalid' is renamed to 'down'
> ** 'unknown' and 'preferred' state is removed
> ** 'disabled' state is added.
> * New CURRENT and PERSISTENT columns, which represents current and
> persistent flags respectively are added.
>
> 1.3 updates to subcommand options
> ----------------------------------
> [Refer to ipadm man page [2] for more details]
>
> * 'create-if' subcommand will not take '-f inet|inet6' option
> * 'delete-if' subcommand will not take '-t' or '-f inet|inet6'
> option
> * 'create-addr -T addrconf' takes '-i' option instead of '-I'
> * 'create-addr -T dhcp' will not take '-p' option
> * 'refresh-addr' will take -i option to perform DHCP inform.
> * 'delete-addr' will not take '-t' option
> * 'set-ifprop' and 'reset-ifprop' will not take '-f inet|inet6'
> option instead they take '-m protocol' option
>
> 1.4 Reduced set of ndd IP/TCP/UDP/SCTP/ICMP tunables
> ----------------------------------------------------
>
> The number of protocol tunables that will be made public or Committed
> has been substantially reduced. The basic premise is to design a
> framework that provides persistence of protocol settings and
> improvement over the current ndd(1M). Once we have this framework,
> more and more tunables can be Committed through PSARC, after
> sufficient scrutiny. Following table lists the protocol properties
> that will be Committed.
>
> ------------------------------------------------------------------------------
>
>
> Properties Protocol(s) Classification Comments
> ------------------------------------------------------------------------------
>
>
>
> forwarding ipv4, ipv6 Committed See [2]
> ttl ipv4 Committed See [2]
> hoplimit ipv6 Committed See [2]
>
>
> ecn tcp Committed See [2]
> sack tcp Committed See [2]
>
> recv_maxbuf
> send_maxbuf tcp, udp, sctp
> icmp Committed See [2]
>
> extra_priv_ports
> largest_anon_port
> smallest_anon_port
> smallest_nonpriv_port tcp, udp, sctp Committed See [2]
>
> 1.5 Modifications to address and interface properties
> -----------------------------------------------------
>
> * Two new address properties, broadcast[2] and deprecated[2] were
> added
> * 'xmit' address property was renamed to 'transmit'
> * 'reasm-timeout' interface property was removed
> * 'rtexchg' interface property was renamed to 'exchange_routes'
>
> 1.6 No need for /sbin/netstart binary
> --------------------------------------
>
> PSARC 2009/306 proposed using /sbin/netstart to restore persistent
> protocol tunables during boot. This process would be started by
> init(1M), by reading /etc/inittab, before svc.startd(1M) comes up. The
> initial idea was to restore settings close to the execution of
> `soconfig(1M)' (soconfig(1M) maps sockets to service providers and
> networking applications are useless without the execution of
> soconfig(1M))
>
> However, modifying /etc/inittab in the post-SMF world was something
> that was not well received and also with IPS obsoleting SVR4
> post-install scripts, modifying /etc/inittab during the upgrade path
> was not possible. Therefore, we will now restore the persistent
> protocol tunables from a SMF script that starts the `ipmgmtd'
> daemon. Further `ipmgmtd' daemon is one of the first networking
> services to come up and it comes up even before network/loopback. That
> way the protocol properties would be re-instantiated before any of the
> IP interfaces are plumbed and before any of the networking
> applications starts.
>
> 1.7 non-contiguous netmask support removed
> ------------------------------------------
>
> Non-contiguous netmasks are a relic of yesteryear architectures for
> which we still retain support in the kernel today, and which create
> more complications than they solve. Very few customers use these
> today, and when used, they only create confusion.
>
> This is a hindrance for this project, which strives for an API where
> addresses are input and displayed in the "address/prefixlen" CIDR
> format. Thus, even if ipadm itself will not allow non-contiguous
> netmasks, if ifconfig is used to add non-contiguous netmask, ipadm
> would be forced to either lie about the mask or otherwise mangle its
> output format to display it.
>
> Therefore, this project will be adding checks in the kernel to prevent
> such netmasks from being created.
>
> 1.8 Obsoleting routeadm(1M) forwarding interface
> ------------------------------------------------
>
> The routeadm(1M) command is used to administer system-wide
> configuration for IP forwarding and routing. It currently uses ndd(1M)
> to enable IP forwarding. Since ndd(1M) does not provide persistence,
> the persistence is achieved using a SMF service, for ipv4 it is
> svc:/network/ipv4-forwarding:default and for ipv6 it is
> svc:/network/ipv6-forwarding:default. The whole purpose of this
> service, when enabled, is to execute `ndd -set /dev/ip ip_forwarding
> [0|1]`, in short provide persistence.
>
> The ipadm(1M) command, which provides persistence and allows setting
> of forwarding (ipadm set-prop -p forwarding=[on|off] ipv[4|6]) is an
> obvious fit for this feature. So this project will mark routeadm(1M)
> interfaces to enable/disable IPv4/IPv6 forwarding 'Obsolete' and will
> eventually EOF that feature. We have updated the routeadm(1M)[3] man
> page to reflect the same. Until that point in time, when both the
> tools continue to exist, we will modify the SMF script
> (/lib/svc/method/svc-forwarding) to invoke ipadm(1M). So that both
> routeadm(1M) and ipadm(1M) will be modifying the same repository and
> hence will have the same view.
>
> 2. References (enclosed in case directory)
> ==========================================
> [1] "Brussels II design document - brussels2_design.pdf
> [2] ipadm MAN page - ipadm.1m.txt
> [3] routeadm.1m.txt.diffs
