Before You Begin
You must become an administrator who is assigned the Network Link Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# dladm show-linkprop -p protection,allowed-ips,allowed-dhcp-cids link
The following example shows the values for the protection, allowed-ips, and allowed-dhcp-cids properties for the vnic0 link:
# dladm show-linkprop -p protection,allowed-ips,allowed-dhcp-cids vnic0
LINK PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE
vnic0 protection rw mac-nospoof mac-nospoof -- mac-nospoof,
restricted restricted restricted,
ip-nospoof ip-nospoof ip-nospoof,
dhcp-nospoof dhcp-nospoof dhcp-nospoof
vnic0 allowed-ips rw 192.0.2.11, 192.0.2.11, -- --
192.0.2.12 192.0.2.12
vnic0 allowed-dhcp-cids rw hello hello -- --
The output of the dlstat command is committed, so this command is suitable for scripts.
# dlstat -A
...
vnic0
mac_misc_stat
multircv 0
brdcstrcv 0
multixmt 0
brdcstxmt 0
multircvbytes 0
bcstrcvbytes 0
multixmtbytes 0
bcstxmtbytes 0
txerrors 0
macspoofed 0 <----------
ipspoofed 0 <----------
dhcpspoofed 0 <----------
restricted 0 <----------
ipackets 3
rbytes 182
...The output indicates that no spoofed or restricted packets have attempted to pass through.
You might use the kstat command, but its output is not committed. For example, the following command finds the dhcpspoofed statistics:
# kstat vnic0:0:link:dhcpspoofed
module: vnic0 instance: 0
name: link class: vnic
dhcpspoofed 0 For more information, see the dlstat(1M) and kstat(1M) man pages.