--- dladm.1m.orig 2009-07-09 12:00:20.418419400 -0400 +++ dladm.1m.new 2009-09-03 14:25:49.684083200 -0400 @@ -81,12 +81,20 @@ dladm create-etherstub [-t] [-R root-dir] etherstub dladm delete-etherstub [-t] [-R root-dir] etherstub dladm show-etherstub [etherstub] + dladm create-iptun [-t] [-R root-dir] -T type + [-a {local|remote}=addr,...] iptun-link + dladm modify-iptun [-t] [-R root-dir] -a {local|remote}=addr,... + iptun-link + dladm delete-iptun [-t] [-R root-dir] iptun-link + dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link] + + dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time] [-e time] [link] DESCRIPTION The dladm command is used to administer data-links. A data- @@ -152,12 +160,16 @@ vnic-link A virtual network interface. + iptun-link + + An IP tunnel link. + dev A network device, identified by concatenation of a driver name and an instance number. @@ -2126,12 +2138,163 @@ dladm show-etherstub [etherstub] Show all configured etherstubs by default, or the speci- fied etherstub if etherstub is specified. + dladm create-iptun [-t] [-R root-dir] -T type + [-a {local|remote}=addr,...] iptun-link + + Create an IP tunnel link named iptun-link. Such links can + additionally be protected with IPsec using ipsecconf(1M). + + An IP tunnel is conceptually comprised of two parts: a + virtual link between two or more IP nodes, and an IP + interface above this link which allows the system to transmit + and receive IP packets encapsulated by the underlying link. + This subcommand creates a virtual link. The ifconfig(1M) + command is used to configure IP interfaces above the link. + + -t, --temporary + Specifies that the IP tunnel link is temporary. + Temporary tunnels last until the next reboot. + + -R root-dir, --root-dir=root-dir + Specifies an alternate root directory where dladm + should apply persistent creation. + + -T type,--tunnel-type=type + Specifies the type of tunnel to be created. The type + must be one of the following: + + ipv4 + A point-to-point IP-over-IP tunnel between two IPv4 + nodes. This type of tunnel requires local and remote + IPv4 addresses to function. IPv4 and IPv6 interfaces + may be plumbed above such a tunnel to create + IPv4-over-IPv4 and IPv6-over-IPv4 tunneling + configurations. + + ipv6 + A point-to-point IP-over-IP tunnel between two IPv6 + nodes as defined in IETF RFC 2473. This type of + tunnel requires local and remote IPv6 addresses to + function. IPv4 and IPv6 interfaces may be plumbed + above such a tunnel to create IPv4-over-IPv6 and + IPv6-over-IPv6 tunneling configurations. + + 6to4 + A 6to4 point-to-multipoint tunnel as defined in IETF + RFC 3056. This type of tunnel requires a local IPv4 + address to function. An IPv6 interface is plumbed on + such a tunnel link to configure a 6to4 router. + + -a {local|remote}=addr,... + --address {local|remote}=addr,... + + Literal IP addresses or hostnames corresponding to the + local or remote tunnel addresses. Either local or remote + can be specified individually, or both can be specified + separated by a comma (e.g. -a local=,remote=). + + If a hostname is specified, it must resolve to a single + IP address of the family associated with the tunnel type. + Because IP tunnels are created before naming services + have been brought online during the boot process, it's + important that any hostname used be included in + /etc/hosts. + + + dladm modify-iptun [-t] [-R root-dir] -a {local|remote}=addr... + iptun-link + + Modify the parameters of the specified IP tunnel. + + -t, --temporary + + Specifies that the modification is temporary. Tem- + porary modifications last until the next reboot. + + -R root-dir, --root-dir=root-dir + Specifies an alternate root directory where dladm + should apply persistent modifications. + + -a {local|remote}=addr,... + --address {local|remote}=addr,... + + Specify new local or remote addresses for the tunnel + link. See create-iptun for a description. + + + dladm delete-iptun [-t] [-R root-dir] iptun-link + + Delete the specified IP tunnel link. + + -t, --temporary + Specifies that the deletion is temporary. Temporary + deletions last until the next reboot. + + -R root-dir, --root-dir=root-dir + Specifies an alternate root directory where dladm + should apply persistent deletion. + + + dladm show-iptun [-P] [[-p] -o field[,...]] [iptun-link] + + Show IP tunnel link configuration for a single IP tunnel or + all IP tunnels. + + -P,--persistent + Display the persistent IP tunnel configuration. + + -p,--parseable + Display using a stable machine-parseable format. The + -o option is required with -p. See "Parseable Output + Format", below. + + -o field[,...] , --output=field[,...] + + A case-insensitive, comma-separated list of output + fields to display. The field name must be one of + the fields listed below, or the special value all to + display all fields. By default (without -o), show- + iptun displays all fields. + + LINK + The name of the IP tunnel link. + + TYPE + Type type of tunnel as specified by the -T option of + create-iptun. + + FLAGS + A set of flags associated with the IP tunnel link. + Possible flags are: + + s + The IP tunnel link is protected by IPsec policy. + To display the IPsec policy associated with the + tunnel link, type "ipsecconf -ln -i tunnel-link". + See ipsecconf(1M) for more details on how to + configure IPsec policy. + + i + The IP tunnel link was implicitly created with + ifconfig(1M), and will be automatically deleted + when it is no longer referenced (i.e., when the + last IP interface over the tunnel is unplumbed). + See ifconfig(1M) for details on implicit tunnel + creation. + + LOCAL + The local tunnel address. + + REMOTE + The remote tunnel address. + + dladm show-usage [-a] -f filename [-p plotfile -F format] [-s time] [-e time] [link] Show the historical network usage from a stored extended accounting file. Configuration and enabling of network accounting through acctadm(1M) is required. The default @@ -2476,12 +2639,27 @@ inserted in this mode and the user has also requested a non-zero priority, the priority is honored and included in the VLAN tag. The default value is vlanonly. + IP Tunnel Link Properties + The following IP tunnel link properties are supported. + + hoplimit + Specifies the IPv4 TTL or IPv6 hop limit for the + encapsulating outer IP header of a tunnel link. This + property exists for all tunnel types. The default value is + 64. + + encaplimit + Specifies the IPv6 encapsulation limit for an IPv6 tunnel as + defined in RFC 2473. This value is the tunnel nesting limit + for a given tunneled packet. The default value is 4. A + value of 0 disables the encapsulation limit. + EXAMPLES Example 1 Configuring an Aggregation To configure a data-link over an aggregation of devices bge0 @@ -2822,12 +3000,57 @@ # dladm show-usage -f /var/log/net.log LINK DURATION IPACKETS RBYTES OPACKETS OBYTES BANDWIDTH e1000g0 80 1031 546908 0 0 2.44 Kbps + Example 18 Creating an IPv4 Tunnel + + A persistent IPv4 tunnel link named mytunnel0 between 66.1.2.3 + and 192.4.5.6 is created: + + # dladm create-iptun -T ipv4 -a local=66.1.2.3,remote=192.4.5.6 \ + mytunnel0 + # dladm show-iptun mytunnel0 + LINK TYPE FLAGS LOCAL REMOTE + mytunnel0 ipv4 -- 66.1.2.3 192.4.5.6 + + A point-to-point IP interface can then be created over this + tunnel link: + + # ifconfig mytunnel0 plumb 10.1.0.1 10.1.0.2 up + + As with any other IP interface, configuration persistence for + this IP interface is achieved by placing the desired ifconfig + commands (in this case "10.1.0.1 10.1.0.2") into + /etc/hostname.mytunnel0. + + + Example 19 Creating a 6to4 Tunnel + + A persistent 6to4 tunnel link is created. The IPv4 address of + the 6to4 router is 75.10.11.12. + + # dladm create-iptun -T 6to4 -a local=75.10.11.12 sitetunnel0 + # dladm show-iptun sitetunnel0 + LINK TYPE FLAGS LOCAL REMOTE + sitetunnel0 6to4 -- 75.10.11.12 -- + + An IPv6 interface is plumbed on this tunnel: + + # ifconfig sitetunnel0 inet6 plumb up + # ifconfig sitetunnel0 inet6 + sitetunnel0: flags=2200041 mtu 65515 index 3 + inet tunnel src 75.10.11.12 + tunnel hop limit 64 + inet6 2002:4b0a:b0c::1/16 + + Note that the system automatically configures the IPv6 address on + the 6to4 IP interface. See ifconfig(1M) for a description of how + IPv6 addresses are configured on 6to4 tunnel links. + ATTRIBUTES See attributes(5) for descriptions of the following attri- butes: @@ -2862,13 +3085,13 @@ StabilityCommitted SEE ALSO acctadm(1M), autopush(1M), ifconfig(1M), ndd(1M), psrset(1M), wpad(1M), zonecfg(1M), attributes(5), - ieee802.3(5), dlpi(7P) + ieee802.3(5), dlpi(7P), ipsecconf(1M) NOTES The preferred method of referring to an aggregation in the aggregation subcommands is by its link name. Referring to an aggregation by its integer key is supported for backward compatibility, but is not necessary. When creating an aggre-