xref: /illumos-gate/usr/src/cmd/cmd-inet/usr.sbin/ifconfig/ifconfig.c (revision d7c57852794a9ac50d4b6a9c4161cb10919658aa)
1 /*
2  * Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
3  * Copyright 2012, Daniil Lunev. All rights reserved.
4  * Copyright 2014, OmniTI Computer Consulting, Inc. All rights reserved.
5  */
6 /*
7  * Copyright (c) 1983 Regents of the University of California.
8  * All rights reserved.  The Berkeley software License Agreement
9  * specifies the terms and conditions for redistribution.
10  */
11 
12 #include "defs.h"
13 #include "strings.h"
14 #include "ifconfig.h"
15 #include <compat.h>
16 #include <libdlpi.h>
17 #include <libdllink.h>
18 #include <libdliptun.h>
19 #include <libdllink.h>
20 #include <inet/ip.h>
21 #include <inet/ipsec_impl.h>
22 #include <libipadm.h>
23 #include <ifaddrs.h>
24 #include <libsocket_priv.h>
25 
26 #define	LOOPBACK_IF	"lo0"
27 #define	NONE_STR	"none"
28 #define	ARP_MOD_NAME	"arp"
29 #define	LIFC_DEFAULT	(LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES |\
30 			LIFC_UNDER_IPMP)
31 
32 typedef struct if_flags {
33 	uint64_t iff_value;
34 	char	*iff_name;
35 } if_flags_t;
36 
37 static if_flags_t	if_flags_tbl[] = {
38 	{ IFF_UP,		"UP" },
39 	{ IFF_BROADCAST,	"BROADCAST" },
40 	{ IFF_DEBUG,		"DEBUG" },
41 	{ IFF_LOOPBACK,		"LOOPBACK" },
42 	{ IFF_POINTOPOINT,	"POINTOPOINT" },
43 	{ IFF_NOTRAILERS,	"NOTRAILERS" },
44 	{ IFF_RUNNING,		"RUNNING" },
45 	{ IFF_NOARP,		"NOARP" },
46 	{ IFF_PROMISC,		"PROMISC" },
47 	{ IFF_ALLMULTI,		"ALLMULTI" },
48 	{ IFF_INTELLIGENT,	"INTELLIGENT" },
49 	{ IFF_MULTICAST,	"MULTICAST" },
50 	{ IFF_MULTI_BCAST,	"MULTI_BCAST" },
51 	{ IFF_UNNUMBERED,	"UNNUMBERED" },
52 	{ IFF_DHCPRUNNING,	"DHCP" },
53 	{ IFF_PRIVATE,		"PRIVATE" },
54 	{ IFF_NOXMIT,		"NOXMIT" },
55 	{ IFF_NOLOCAL,		"NOLOCAL" },
56 	{ IFF_DEPRECATED,	"DEPRECATED" },
57 	{ IFF_ADDRCONF,		"ADDRCONF" },
58 	{ IFF_ROUTER,		"ROUTER" },
59 	{ IFF_NONUD,		"NONUD" },
60 	{ IFF_ANYCAST,		"ANYCAST" },
61 	{ IFF_NORTEXCH,		"NORTEXCH" },
62 	{ IFF_IPV4,		"IPv4" },
63 	{ IFF_IPV6,		"IPv6" },
64 	{ IFF_NOFAILOVER,	"NOFAILOVER" },
65 	{ IFF_FAILED,		"FAILED" },
66 	{ IFF_STANDBY,		"STANDBY" },
67 	{ IFF_INACTIVE,		"INACTIVE" },
68 	{ IFF_OFFLINE,		"OFFLINE" },
69 	{ IFF_XRESOLV,		"XRESOLV" },
70 	{ IFF_COS_ENABLED,	"CoS" },
71 	{ IFF_PREFERRED,	"PREFERRED" },
72 	{ IFF_TEMPORARY,	"TEMPORARY" },
73 	{ IFF_FIXEDMTU,		"FIXEDMTU" },
74 	{ IFF_VIRTUAL,		"VIRTUAL" },
75 	{ IFF_DUPLICATE,	"DUPLICATE" },
76 	{ IFF_IPMP,		"IPMP"},
77 	{ IFF_VRRP,		"VRRP"},
78 	{ IFF_NOACCEPT,		"NOACCEPT"},
79 	{ IFF_L3PROTECT,	"L3PROTECT"}
80 };
81 
82 typedef struct {
83 	const char		*ia_app;
84 	uint64_t		ia_flag;
85 	uint_t			ia_tries;
86 } if_appflags_t;
87 
88 static const if_appflags_t if_appflags_tbl[] = {
89 	{ "dhcpagent(1M)",	IFF_DHCPRUNNING,	1 },
90 	{ "in.ndpd(1M)",	IFF_ADDRCONF,		3 },
91 	{  NULL,		0,			0 }
92 };
93 
94 static dladm_handle_t	dlh;
95 boolean_t		dlh_opened;
96 static struct		lifreq lifr;
97 /* current interface name a particular function is accessing */
98 static char		name[LIFNAMSIZ];
99 /* foreach interface saved name */
100 static char		origname[LIFNAMSIZ];
101 static int		setaddr;
102 static boolean_t	setaddr_done = _B_FALSE;
103 static boolean_t	ipsec_policy_set;
104 static boolean_t	ipsec_auth_covered;
105 static ipadm_handle_t	iph;
106 static ipadm_addrobj_t	ipaddr;
107 
108 /*
109  * Make sure the algorithm variables hold more than the sizeof an algorithm
110  * in PF_KEY.  (For now, more than a uint8_t.)  The NO_***_?ALG indicates that
111  * there was no algorithm requested, and in the ipsec_req that service should
112  * be disabled.  (E.g. if ah_aalg remains NO_AH_AALG, then AH will be
113  * disabled on that tunnel.)
114  */
115 #define	NO_AH_AALG 256
116 #define	NO_ESP_AALG 256
117 #define	NO_ESP_EALG 256
118 
119 int	s, s4, s6;
120 int	af = AF_INET;	/* default address family */
121 int	debug = 0;
122 int	all = 0;	/* setifdhcp() needs to know this */
123 int	verbose = 0;
124 int	v4compat = 0;	/* Compatible printing format */
125 
126 /*
127  * Function prototypes for command functions.
128  */
129 static int	addif(char *arg, int64_t param);
130 static int	inetipmp(char *arg, int64_t param);
131 static int	inetplumb(char *arg, int64_t param);
132 static int	inetunplumb(char *arg, int64_t param);
133 static int	removeif(char *arg, int64_t param);
134 static int	setdebugflag(char *arg, int64_t param);
135 static int	setifaddr(char *arg, int64_t param);
136 static int	setifbroadaddr(char *arg, int64_t param);
137 static int	setifdstaddr(char *arg, int64_t param);
138 static int	setifether(char *arg, int64_t param);
139 static int	setifflags(char *arg, int64_t param);
140 static int	setifindex(char *arg, int64_t param);
141 static int	setifmetric(char *arg, int64_t param);
142 static int	setifmtu(char *arg, int64_t param);
143 static int	setifnetmask(char *arg, int64_t param);
144 static int	setifprefixlen(char *arg, int64_t param);
145 static int	setifrevarp(char *arg, int64_t param);
146 static int	setifsubnet(char *arg, int64_t param);
147 static int	setiftdst(char *arg, int64_t param);
148 static int	setiftoken(char *arg, int64_t param);
149 static int	setiftsrc(char *arg, int64_t param);
150 static int	setverboseflag(char *arg, int64_t param);
151 static int	set_tun_ah_alg(char *arg, int64_t param);
152 static int	set_tun_esp_auth_alg(char *arg, int64_t param);
153 static int	set_tun_esp_encr_alg(char *arg, int64_t param);
154 static int	modlist(char *arg, int64_t param);
155 static int	modinsert(char *arg, int64_t param);
156 static int	modremove(char *arg, int64_t param);
157 static int	setifgroupname(char *arg, int64_t param);
158 static int	configinfo(char *arg, int64_t param);
159 static void	print_config_flags(int af, uint64_t flags);
160 static void	print_flags(uint64_t flags);
161 static void	print_ifether(const char *ifname);
162 static int	set_tun_encap_limit(char *arg, int64_t param);
163 static int	clr_tun_encap_limit(char *arg, int64_t param);
164 static int	set_tun_hop_limit(char *arg, int64_t param);
165 static int	setzone(char *arg, int64_t param);
166 static int	setallzones(char *arg, int64_t param);
167 static int	setifsrc(char *arg, int64_t param);
168 static int	lifnum(const char *ifname);
169 static void	plumball(int, char **, int64_t, int64_t, int64_t);
170 
171 /*
172  * Address family specific function prototypes.
173  */
174 static void	in_getaddr(char *s, struct sockaddr *saddr, int *plenp);
175 static void	in_status(int force, uint64_t flags);
176 static void	in_configinfo(int force, uint64_t flags);
177 static void	in6_getaddr(char *s, struct sockaddr *saddr, int *plenp);
178 static void	in6_status(int force, uint64_t flags);
179 static void	in6_configinfo(int force, uint64_t flags);
180 
181 /*
182  * Misc support functions
183  */
184 static boolean_t	ni_entry(const char *, void *);
185 static void		foreachinterface(int argc, char *argv[],
186 			    int af, int64_t onflags, int64_t offflags,
187 			    int64_t lifc_flags);
188 static void		ifconfig(int argc, char *argv[], int af,
189 			    struct ifaddrs *ifa);
190 static boolean_t	in_getmask(struct sockaddr_in *saddr,
191 			    boolean_t addr_set);
192 static int		in_getprefixlen(char *addr, boolean_t slash, int plen);
193 static boolean_t	in_prefixlentomask(int prefixlen, int maxlen,
194 			    uchar_t *mask);
195 static void		status(void);
196 static void		ifstatus(const char *ifname);
197 static void		tun_status(datalink_id_t);
198 static void		usage(void);
199 static int		setifdhcp(const char *caller, const char *ifname,
200 			    int argc, char *argv[]);
201 static int		ip_domux2fd(int *, int *, int *, int *, int *);
202 static int		ip_plink(int, int, int, int, int);
203 static int		modop(char *arg, char op);
204 static int		find_all_interfaces(struct lifconf *lifcp, char **buf,
205 			    int64_t lifc_flags);
206 static int		create_ipmp(const char *grname, int af,
207 			    const char *ifname, boolean_t implicit);
208 static void		start_ipmp_daemon(void);
209 static boolean_t 	ifaddr_up(ifaddrlistx_t *ifaddrp);
210 static boolean_t 	ifaddr_down(ifaddrlistx_t *ifaddrp);
211 static dladm_status_t	ifconfig_dladm_open(const char *, datalink_class_t,
212 			    datalink_id_t *);
213 static void		dladmerr_exit(dladm_status_t status, const char *str);
214 static void		ipadmerr_exit(ipadm_status_t status, const char *str);
215 static boolean_t	ifconfig_use_libipadm(int, const char *);
216 
217 #define	max(a, b)	((a) < (b) ? (b) : (a))
218 
219 /*
220  * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there
221  * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep
222  * on going rather than exit with an error.
223  */
224 
225 #define	DHCP_EXIT_IF_FAILURE	-1
226 
227 #define	NEXTARG		0xffffff	/* command takes an argument */
228 #define	OPTARG		0xfffffe 	/* command takes an optional argument */
229 #define	AF_ANY		(-1)
230 
231 /* Refer to the comments in ifconfig() on the netmask "hack" */
232 #define	NETMASK_CMD	"netmask"
233 struct sockaddr_storage	g_netmask;
234 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET }
235     g_netmask_set = G_NETMASK_NIL;
236 
237 struct	cmd {
238 	char		*c_name;
239 	int64_t		c_parameter;	/* NEXTARG means next argv */
240 	int		(*c_func)(char *, int64_t);
241 	int		c_abortonfail;	/* don't continue parsing args */
242 					/* for the current interface */
243 	int	c_af;			/* address family restrictions */
244 } cmds[] = {
245 	{ "up",		IFF_UP,		setifflags,	0,	AF_ANY },
246 	{ "down",	-IFF_UP,	setifflags,	0,	AF_ANY },
247 	{ "trailers",	-IFF_NOTRAILERS, setifflags,	0,	AF_ANY },
248 	{ "-trailers",	IFF_NOTRAILERS,	setifflags,	0,	AF_ANY },
249 	{ "arp",	-IFF_NOARP,	setifflags,	0,	AF_INET },
250 	{ "-arp",	IFF_NOARP,	setifflags,	0,	AF_INET },
251 	{ "router",	IFF_ROUTER,	setifflags,	0,	AF_ANY },
252 	{ "-router",	-IFF_ROUTER,	setifflags,	0,	AF_ANY },
253 	{ "private",	IFF_PRIVATE,	setifflags,	0,	AF_ANY },
254 	{ "-private",	-IFF_PRIVATE,	setifflags,	0,	AF_ANY },
255 	{ "xmit",	-IFF_NOXMIT,	setifflags,	0,	AF_ANY },
256 	{ "-xmit",	IFF_NOXMIT,	setifflags,	0,	AF_ANY },
257 	{ "-nud",	IFF_NONUD,	setifflags,	0,	AF_INET6 },
258 	{ "nud",	-IFF_NONUD,	setifflags,	0,	AF_INET6 },
259 	{ "anycast",	IFF_ANYCAST,	setifflags,	0,	AF_ANY },
260 	{ "-anycast",	-IFF_ANYCAST,	setifflags,	0,	AF_ANY },
261 	{ "local",	-IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
262 	{ "-local",	IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
263 	{ "deprecated",	IFF_DEPRECATED,	setifflags,	0,	AF_ANY },
264 	{ "-deprecated", -IFF_DEPRECATED, setifflags,	0,	AF_ANY },
265 	{ "preferred",	IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
266 	{ "-preferred",	-IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
267 	{ "debug",	0,		setdebugflag,	0,	AF_ANY },
268 	{ "verbose",	0,		setverboseflag,	0,	AF_ANY },
269 	{ NETMASK_CMD,	NEXTARG,	setifnetmask,	0,	AF_INET },
270 	{ "metric",	NEXTARG,	setifmetric,	0,	AF_ANY },
271 	{ "mtu",	NEXTARG,	setifmtu,	0,	AF_ANY },
272 	{ "index",	NEXTARG,	setifindex,	0,	AF_ANY },
273 	{ "broadcast",	NEXTARG,	setifbroadaddr,	0,	AF_INET },
274 	{ "auto-revarp", 0,		setifrevarp,	1,	AF_INET },
275 	{ "ipmp",	0,		inetipmp,	1,	AF_ANY },
276 	{ "plumb",	0,		inetplumb,	1,	AF_ANY },
277 	{ "unplumb",	0,		inetunplumb,	0,	AF_ANY },
278 	{ "subnet",	NEXTARG,	setifsubnet,	0,	AF_ANY },
279 	{ "token",	NEXTARG,	setiftoken,	0,	AF_INET6 },
280 	{ "tsrc",	NEXTARG,	setiftsrc,	0,	AF_ANY },
281 	{ "tdst",	NEXTARG,	setiftdst,	0,	AF_ANY },
282 	{ "encr_auth_algs", NEXTARG,	set_tun_esp_auth_alg, 0, AF_ANY },
283 	{ "encr_algs",	NEXTARG,	set_tun_esp_encr_alg, 0, AF_ANY },
284 	{ "auth_algs",	NEXTARG,	set_tun_ah_alg,	0,	AF_ANY },
285 	{ "addif",	NEXTARG,	addif,		1,	AF_ANY },
286 	{ "removeif",	NEXTARG,	removeif,	1,	AF_ANY },
287 	{ "modlist",	0,		modlist,	1,	AF_ANY },
288 	{ "modinsert",	NEXTARG,	modinsert,	1,	AF_ANY },
289 	{ "modremove",	NEXTARG,	modremove,	1,	AF_ANY },
290 	{ "failover",	-IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
291 	{ "-failover",	IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
292 	{ "standby",	IFF_STANDBY,	setifflags,	1,	AF_ANY },
293 	{ "-standby",	-IFF_STANDBY,	setifflags,	1,	AF_ANY },
294 	{ "failed",	IFF_FAILED,	setifflags,	1,	AF_ANY },
295 	{ "-failed",	-IFF_FAILED,	setifflags,	1,	AF_ANY },
296 	{ "group",	NEXTARG,	setifgroupname,	1,	AF_ANY },
297 	{ "configinfo",	0,		configinfo,	1,	AF_ANY },
298 	{ "encaplimit",	NEXTARG,	set_tun_encap_limit,	0, AF_ANY },
299 	{ "-encaplimit", 0,		clr_tun_encap_limit,	0, AF_ANY },
300 	{ "thoplimit",	NEXTARG,	set_tun_hop_limit,	0, AF_ANY },
301 	{ "set",	NEXTARG,	setifaddr,	0,	AF_ANY },
302 	{ "destination", NEXTARG,	setifdstaddr,	0,	AF_ANY },
303 	{ "zone",	NEXTARG,	setzone,	0,	AF_ANY },
304 	{ "-zone",	0,		setzone,	0,	AF_ANY },
305 	{ "all-zones",	0,		setallzones,	0,	AF_ANY },
306 	{ "ether",	OPTARG,		setifether,	0,	AF_ANY },
307 	{ "usesrc",	NEXTARG,	setifsrc,	0,	AF_ANY },
308 
309 	/*
310 	 * NOTE: any additions to this table must also be applied to ifparse
311 	 *	(usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c)
312 	 */
313 
314 	{ 0,		0,		setifaddr,	0,	AF_ANY },
315 	{ 0,		0,		setifdstaddr,	0,	AF_ANY },
316 	{ 0,		0,		0,		0,	0 },
317 };
318 
319 
320 typedef struct if_config_cmd {
321 	uint64_t	iff_flag;
322 	int		iff_af;
323 	char		*iff_name;
324 } if_config_cmd_t;
325 
326 /*
327  * NOTE: print_config_flags() processes this table in order, so we put "up"
328  * last so that we can be sure "-failover" will take effect first.  Otherwise,
329  * IPMP test addresses will erroneously migrate to the IPMP interface.
330  */
331 static if_config_cmd_t	if_config_cmd_tbl[] = {
332 	{ IFF_NOTRAILERS,	AF_UNSPEC,	"-trailers"	},
333 	{ IFF_PRIVATE,		AF_UNSPEC,	"private"	},
334 	{ IFF_NOXMIT,		AF_UNSPEC,	"-xmit"		},
335 	{ IFF_ANYCAST,		AF_INET6,	"anycast"	},
336 	{ IFF_NOLOCAL,		AF_UNSPEC,	"-local"	},
337 	{ IFF_DEPRECATED,	AF_UNSPEC,	"deprecated"	},
338 	{ IFF_NOFAILOVER,	AF_UNSPEC,	"-failover"	},
339 	{ IFF_STANDBY,		AF_UNSPEC,	"standby"	},
340 	{ IFF_FAILED,		AF_UNSPEC,	"failed"	},
341 	{ IFF_PREFERRED,	AF_UNSPEC,	"preferred"	},
342 	{ IFF_NONUD,		AF_INET6,	"-nud"		},
343 	{ IFF_NOARP,		AF_INET,	"-arp"		},
344 	{ IFF_UP,		AF_UNSPEC, 	"up" 		},
345 	{ 0,			0,		NULL		},
346 };
347 
348 typedef struct ni {
349 	char		ni_name[LIFNAMSIZ];
350 	struct ni	*ni_next;
351 } ni_t;
352 
353 static ni_t	*ni_list = NULL;
354 static int	num_ni = 0;
355 
356 /* End defines and structure definitions for ifconfig -a plumb */
357 
358 /* Known address families */
359 struct afswtch {
360 	char *af_name;
361 	short af_af;
362 	void (*af_status)();
363 	void (*af_getaddr)();
364 	void (*af_configinfo)();
365 } afs[] = {
366 	{ "inet", AF_INET, in_status, in_getaddr, in_configinfo },
367 	{ "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo },
368 	{ 0, 0,	0, 0, 0 }
369 };
370 
371 #define	SOCKET_AF(af)	(((af) == AF_UNSPEC) ? AF_INET : (af))
372 
373 struct afswtch *afp;	/* the address family being set or asked about */
374 
375 int
376 main(int argc, char *argv[])
377 {
378 	int64_t		lifc_flags;
379 	char		*default_ip_str;
380 	ipadm_status_t	istatus;
381 
382 	lifc_flags = LIFC_DEFAULT;
383 
384 	if (argc < 2) {
385 		(void) strncpy(name, "-a", sizeof (name));
386 	} else {
387 		argc--, argv++;
388 		if (strlen(*argv) > sizeof (name) - 1) {
389 			(void) fprintf(stderr, "%s: interface name too long\n",
390 			    *argv);
391 			exit(1);
392 		}
393 		(void) strncpy(name, *argv, sizeof (name));
394 	}
395 	name[sizeof (name) - 1] = '\0';
396 	(void) strncpy(origname, name, sizeof (origname));	/* For addif */
397 	default_ip_str = NULL;
398 	v4compat = get_compat_flag(&default_ip_str);
399 	if (v4compat == DEFAULT_PROT_BAD_VALUE) {
400 		(void) fprintf(stderr,
401 		    "ifconfig: %s: Bad value for %s in %s\n", default_ip_str,
402 		    DEFAULT_IP, INET_DEFAULT_FILE);
403 		free(default_ip_str);
404 		exit(2);
405 	}
406 	free(default_ip_str);
407 	argc--, argv++;
408 	if (argc > 0) {
409 		struct afswtch *myafp;
410 
411 		for (myafp = afp = afs; myafp->af_name; myafp++) {
412 			if (strcmp(myafp->af_name, *argv) == 0) {
413 				afp = myafp; argc--; argv++;
414 				break;
415 			}
416 		}
417 		af = lifr.lifr_addr.ss_family = afp->af_af;
418 		if (af == AF_INET6) {
419 			v4compat = 0;
420 		}
421 	}
422 
423 	s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
424 	s4 = socket(AF_INET, SOCK_DGRAM, 0);
425 	s6 = socket(AF_INET6, SOCK_DGRAM, 0);
426 	if (s == -1 || s4 == -1 || s6 == -1)
427 		Perror0_exit("socket");
428 	/*
429 	 * Open the global libipadm handle. The flag IPH_LEGACY has to
430 	 * be specified to indicate that logical interface names will
431 	 * be used during interface creation and address creation.
432 	 */
433 	if ((istatus = ipadm_open(&iph, IPH_LEGACY)) != IPADM_SUCCESS)
434 		ipadmerr_exit(istatus, "unable to open handle to libipadm");
435 
436 	/*
437 	 * Special interface names is any combination of these flags.
438 	 * Note that due to the ifconfig syntax they have to be combined
439 	 * as a single '-' option.
440 	 *	-a	All interfaces
441 	 *	-u	"up" interfaces
442 	 *	-d	"down" interfaces
443 	 *	-D	Interfaces not controlled by DHCP
444 	 *	-4	IPv4 interfaces
445 	 *	-6	IPv6 interfaces
446 	 *	-X	Turn on debug (not documented)
447 	 *	-v	Turn on verbose
448 	 *	-Z	Only interfaces in caller's zone
449 	 */
450 
451 	if (name[0] == '-') {
452 		/* One or more options */
453 		int64_t onflags = 0;
454 		int64_t offflags = 0;
455 		int c;
456 		char *av[2] = { "ifconfig", name };
457 
458 		while ((c = getopt(2, av, "audhDXZ46v")) != -1) {
459 			switch ((char)c) {
460 			case 'a':
461 				all = 1;
462 				break;
463 			case 'u':
464 				onflags |= IFF_UP;
465 				break;
466 			case 'd':
467 				offflags |= IFF_UP;
468 				break;
469 			case 'D':
470 				offflags |= IFF_DHCPRUNNING;
471 				break;
472 			case 'X':
473 				debug += 3;
474 				break;
475 			case 'Z':
476 				lifc_flags &= ~LIFC_ALLZONES;
477 				break;
478 			case '4':
479 				/*
480 				 * -4 is not a compatable flag, therefore
481 				 * we assume they want v4compat turned off
482 				 */
483 				v4compat = 0;
484 				onflags |= IFF_IPV4;
485 				break;
486 			case '6':
487 				/*
488 				 * If they want IPv6, well then we'll assume
489 				 * they don't want IPv4 compat
490 				 */
491 				v4compat = 0;
492 				onflags |= IFF_IPV6;
493 				break;
494 			case 'v':
495 				verbose = 1;
496 				break;
497 			case 'h':
498 			case '?':
499 				usage();
500 				exit(1);
501 			}
502 		}
503 		if (!all) {
504 			(void) fprintf(stderr,
505 			    "ifconfig: %s: no such interface\n", name);
506 			exit(1);
507 		}
508 		foreachinterface(argc, argv, af, onflags, offflags,
509 		    lifc_flags);
510 	} else {
511 		ifconfig(argc, argv, af, NULL);
512 	}
513 	ipadm_close(iph);
514 	return (0);
515 }
516 
517 /*
518  * For each interface, call ifconfig(argc, argv, af, ifa).
519  * Only call function if onflags and offflags are set or clear, respectively,
520  * in the interfaces flags field.
521  */
522 static void
523 foreachinterface(int argc, char *argv[], int af,
524     int64_t onflags, int64_t offflags, int64_t lifc_flags)
525 {
526 	ipadm_addr_info_t *ainfo, *ainfop;
527 	struct ifaddrs *ifa;
528 	ipadm_status_t istatus;
529 
530 	/*
531 	 * Special case:
532 	 * ifconfig -a plumb should find all network interfaces in the current
533 	 * zone.
534 	 */
535 	if (argc > 0 && (strcmp(*argv, "plumb") == 0)) {
536 		plumball(argc, argv, onflags, offflags, lifc_flags);
537 		return;
538 	}
539 	/* Get all addresses in kernel including addresses that are zero. */
540 	istatus = ipadm_addr_info(iph, NULL, &ainfo, IPADM_OPT_ZEROADDR,
541 	    lifc_flags);
542 	if (istatus != IPADM_SUCCESS)
543 		ipadmerr_exit(istatus, "could not get addresses from kernel");
544 
545 	/*
546 	 * For each logical interface, call ifconfig() with the
547 	 * given arguments.
548 	 */
549 	for (ainfop = ainfo; ainfop != NULL; ainfop = IA_NEXT(ainfop)) {
550 		if (ainfop->ia_state == IFA_DISABLED)
551 			continue;
552 		ifa = &ainfop->ia_ifa;
553 		if (onflags || offflags) {
554 			if ((ifa->ifa_flags & onflags) != onflags)
555 				continue;
556 			if ((~ifa->ifa_flags & offflags) != offflags)
557 				continue;
558 		}
559 		s = (ifa->ifa_addr->sa_family == AF_INET ? s4 : s6);
560 		(void) strncpy(name, ifa->ifa_name, sizeof (name));
561 		(void) strncpy(origname, name, sizeof (origname));
562 		ifconfig(argc, argv, af, ifa);
563 	}
564 	ipadm_free_addr_info(ainfo);
565 }
566 
567 /*
568  * Used for `ifconfig -a plumb'. Finds all datalinks and plumbs the interface.
569  */
570 static void
571 plumball(int argc, char *argv[], int64_t onflags, int64_t offflags,
572     int64_t lifc_flags)
573 {
574 	int n;
575 	struct lifreq *lifrp;
576 	struct lifconf lifc;
577 	char *buf;
578 
579 	if (onflags != 0 || offflags != 0) {
580 		(void) fprintf(stderr, "ifconfig: invalid syntax used to "
581 		    "plumb all interfaces.\n");
582 		exit(1);
583 	}
584 
585 	if (find_all_interfaces(&lifc, &buf, lifc_flags) != 0 ||
586 	    lifc.lifc_len == 0)
587 		return;
588 
589 	lifrp = lifc.lifc_req;
590 	for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) {
591 		/*
592 		 * Reset global state
593 		 * setaddr: Used by parser to tear apart source and dest
594 		 * name and origname contain the name of the 'current'
595 		 * interface.
596 		 */
597 		setaddr = 0;
598 		(void) strncpy(name, lifrp->lifr_name, sizeof (name));
599 		(void) strncpy(origname, name, sizeof (origname));
600 		ifconfig(argc, argv, af, NULL);
601 	}
602 }
603 
604 /*
605  * Parses the interface name and the command in argv[]. Calls the
606  * appropriate callback function for the given command from `cmds[]'
607  * table.
608  * If there is no command specified, it prints all addresses.
609  */
610 static void
611 ifconfig(int argc, char *argv[], int af, struct ifaddrs *ifa)
612 {
613 	static boolean_t scan_netmask = _B_FALSE;
614 	int ret;
615 	ipadm_status_t istatus;
616 	struct lifreq lifr;
617 
618 	if (argc == 0) {
619 		status();
620 		return;
621 	}
622 
623 	if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) {
624 		/*
625 		 * Some errors are ignored in the case where more than one
626 		 * interface is being operated on.
627 		 */
628 		ret = setifdhcp("ifconfig", name, argc, argv);
629 		if (ret == DHCP_EXIT_IF_FAILURE) {
630 			if (!all)
631 				exit(DHCP_EXIT_FAILURE);
632 		} else if (ret != DHCP_EXIT_SUCCESS) {
633 			exit(ret);
634 		}
635 		return;
636 	}
637 
638 	/*
639 	 * The following is a "hack" to get around the existing interface
640 	 * setting mechanism.  Currently, each interface attribute,
641 	 * such as address, netmask, broadcast, ... is set separately.  But
642 	 * sometimes two or more attributes must be set together.  For
643 	 * example, setting an address without a netmask does not make sense.
644 	 * Yet they can be set separately for IPv4 address using the current
645 	 * ifconfig(1M) syntax.  The kernel then "infers" the correct netmask
646 	 * using the deprecated "IP address classes."  This is simply not
647 	 * correct.
648 	 *
649 	 * The "hack" below is to go thru the whole command list looking for
650 	 * the netmask command first.  Then use this netmask to set the
651 	 * address.  This does not provide an extensible way to accommodate
652 	 * future need for setting more than one attributes together.
653 	 *
654 	 * Note that if the "netmask" command argument is a "+", we need
655 	 * to save this info and do the query after we know the address to
656 	 * be set.  The reason is that if "addif" is used, the working
657 	 * interface name will be changed later when the logical interface
658 	 * is created.  In in_getmask(), if an address is not provided,
659 	 * it will use the working interface's address to do the query.
660 	 * It will be wrong now as we don't know the logical interface's name.
661 	 *
662 	 * ifconfig(1M) is too overloaded and the code is so convoluted
663 	 * that it is "safer" not to re-architect the code to fix the above
664 	 * issue, hence this "hack."  We may be better off to have a new
665 	 * command with better syntax for configuring network interface
666 	 * parameters...
667 	 */
668 	if (!scan_netmask && afp->af_af == AF_INET) {
669 		int	largc;
670 		char	**largv;
671 
672 		/* Only go thru the command list once to find the netmask. */
673 		scan_netmask = _B_TRUE;
674 
675 		/*
676 		 * Currently, if multiple netmask commands are specified, the
677 		 * last one will be used as the final netmask.  So we need
678 		 * to scan the whole list to preserve this behavior.
679 		 */
680 		for (largc = argc, largv = argv; largc > 0; largc--, largv++) {
681 			if (strcmp(*largv, NETMASK_CMD) == 0) {
682 				if (--largc == 0)
683 					break;
684 				largv++;
685 				if (strcmp(*largv, "+") == 0) {
686 					g_netmask_set = G_NETMASK_PENDING;
687 				} else {
688 					in_getaddr(*largv, (struct sockaddr *)
689 					    &g_netmask, NULL);
690 					g_netmask_set = G_NETMASK_SET;
691 				}
692 				/* Continue the scan. */
693 			}
694 		}
695 	}
696 
697 	while (argc > 0) {
698 		struct cmd *p;
699 		boolean_t found_cmd;
700 
701 		if (debug)
702 			(void) printf("ifconfig: argv %s\n", *argv);
703 
704 		found_cmd = _B_FALSE;
705 		for (p = cmds; p->c_func; p++) {
706 			if (p->c_name) {
707 				if (strcmp(*argv, p->c_name) == 0) {
708 					/*
709 					 * indicate that the command was
710 					 * found and check to see if
711 					 * the address family is valid
712 					 */
713 					found_cmd = _B_TRUE;
714 					if (p->c_af == AF_ANY ||
715 					    af == p->c_af)
716 						break;
717 				}
718 			} else {
719 				if (p->c_af == AF_ANY ||
720 				    af == p->c_af)
721 					break;
722 			}
723 		}
724 		/*
725 		 * If we found the keyword, but the address family
726 		 * did not match spit out an error
727 		 */
728 		if (found_cmd && p->c_name == 0) {
729 			(void) fprintf(stderr, "ifconfig: Operation %s not"
730 			    " supported for %s\n", *argv, afp->af_name);
731 			exit(1);
732 		}
733 		/*
734 		 * else (no keyword found), we assume it's an address
735 		 * of some sort
736 		 */
737 		if (setaddr && ipaddr != NULL) {
738 			/*
739 			 * We must have already filled in a source address in
740 			 * `ipaddr' and we now got a destination address.
741 			 * Fill it in `ipaddr' and call libipadm to create
742 			 * the static address.
743 			 */
744 			if (p->c_name == 0) {
745 				istatus = ipadm_set_dst_addr(ipaddr, *argv,
746 				    (p->c_af == AF_ANY ? AF_UNSPEC : af));
747 				if (istatus != IPADM_SUCCESS) {
748 					ipadmerr_exit(istatus, "could not "
749 					    "set destination address");
750 				}
751 				/*
752 				 * finished processing dstaddr, so reset setaddr
753 				 */
754 				setaddr = 0;
755 			}
756 			/*
757 			 * Both source and destination address are in `ipaddr'.
758 			 * Add the address by calling libipadm.
759 			 */
760 			istatus = ipadm_create_addr(iph, ipaddr,
761 			    IPADM_OPT_ACTIVE);
762 			if (istatus != IPADM_SUCCESS)
763 				goto createfailed;
764 			ipadm_destroy_addrobj(ipaddr);
765 			ipaddr = NULL;
766 			setaddr_done = _B_TRUE;
767 			if (p->c_name == 0) {
768 				/* move parser along */
769 				argc--, argv++;
770 				continue;
771 			}
772 		}
773 		if (p->c_name == 0 && setaddr_done) {
774 			/*
775 			 * catch odd commands like
776 			 * "ifconfig <intf> addr1 addr2 addr3 addr4 up"
777 			 */
778 			(void) fprintf(stderr, "%s",
779 			    "ifconfig: cannot configure more than two "
780 			    "addresses in one command\n");
781 			exit(1);
782 		}
783 		if (p->c_func) {
784 			if (p->c_af == AF_INET6) {
785 				v4compat = 0;
786 			}
787 			if (p->c_parameter == NEXTARG ||
788 			    p->c_parameter == OPTARG) {
789 				argc--, argv++;
790 				if (argc == 0 && p->c_parameter == NEXTARG) {
791 					(void) fprintf(stderr,
792 					    "ifconfig: no argument for %s\n",
793 					    p->c_name);
794 					exit(1);
795 				}
796 			}
797 			/*
798 			 *	Call the function if:
799 			 *
800 			 *		there's no address family
801 			 *		restriction
802 			 *	OR
803 			 *		we don't know the address yet
804 			 *		(because we were called from
805 			 *		main)
806 			 *	OR
807 			 *		there is a restriction AND
808 			 *		the address families match
809 			 */
810 			if ((p->c_af == AF_ANY)	||
811 			    (ifa == NULL) ||
812 			    (ifa->ifa_addr->sa_family == p->c_af)) {
813 				ret = (*p->c_func)(*argv, p->c_parameter);
814 				/*
815 				 *	If c_func failed and we should
816 				 *	abort processing for this
817 				 *	interface on failure, return
818 				 *	now rather than going on to
819 				 *	process other commands for
820 				 *	the same interface.
821 				 */
822 				if (ret != 0 && p->c_abortonfail)
823 					return;
824 			}
825 		}
826 		argc--, argv++;
827 	}
828 
829 	if (setaddr && ipaddr != NULL) {
830 		/*
831 		 * Only the source address was provided, which was already
832 		 * set in `ipaddr'. Add the address by calling libipadm.
833 		 */
834 		istatus = ipadm_create_addr(iph, ipaddr, IPADM_OPT_ACTIVE);
835 		if (istatus != IPADM_SUCCESS)
836 			goto createfailed;
837 		ipadm_destroy_addrobj(ipaddr);
838 		ipaddr = NULL;
839 		setaddr_done = _B_TRUE;
840 	}
841 
842 	/* Check to see if there's a security hole in the tunnel setup. */
843 	if (ipsec_policy_set && !ipsec_auth_covered) {
844 		(void) fprintf(stderr, "ifconfig: WARNING: tunnel with only "
845 		    "ESP and no authentication.\n");
846 	}
847 	return;
848 
849 createfailed:
850 	(void) fprintf(stderr, "ifconfig: could not create address:% s\n",
851 	    ipadm_status2str(istatus));
852 	/* Remove the newly created logical interface. */
853 	if (strcmp(name, origname) != 0) {
854 		assert(strchr(name, ':') != NULL);
855 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
856 		(void) ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr);
857 	}
858 	exit(1);
859 }
860 
861 /* ARGSUSED */
862 static int
863 setdebugflag(char *val, int64_t arg)
864 {
865 	debug++;
866 	return (0);
867 }
868 
869 /* ARGSUSED */
870 static int
871 setverboseflag(char *val, int64_t arg)
872 {
873 	verbose++;
874 	return (0);
875 }
876 
877 /*
878  * This function fills in the given lifreq's lifr_addr field based on
879  * g_netmask_set.
880  */
881 static void
882 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr,
883     struct sockaddr_storage *mask)
884 {
885 	assert(addr != NULL);
886 	assert(mask != NULL);
887 
888 	switch (g_netmask_set) {
889 	case G_NETMASK_SET:
890 		lifr->lifr_addr = g_netmask;
891 		break;
892 
893 	case G_NETMASK_PENDING:
894 		/*
895 		 * "+" is used as the argument to "netmask" command.  Query
896 		 * the database on the correct netmask based on the address to
897 		 * be set.
898 		 */
899 		assert(afp->af_af == AF_INET);
900 		g_netmask = *addr;
901 		if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) {
902 			lifr->lifr_addr = *mask;
903 			g_netmask_set = G_NETMASK_NIL;
904 		} else {
905 			lifr->lifr_addr = g_netmask;
906 			g_netmask_set = G_NETMASK_SET;
907 		}
908 		break;
909 
910 	case G_NETMASK_NIL:
911 	default:
912 		lifr->lifr_addr = *mask;
913 		break;
914 	}
915 }
916 
917 /*
918  * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n>
919  * syntax for setting the address, the address plus netmask, and just
920  * the netmask respectively.
921  */
922 /* ARGSUSED */
923 static int
924 setifaddr(char *addr, int64_t param)
925 {
926 	ipadm_status_t istatus;
927 	int prefixlen = 0;
928 	struct  lifreq lifr1;
929 	struct	sockaddr_storage laddr;
930 	struct	sockaddr_storage netmask;
931 	struct	sockaddr_in6 *sin6;
932 	struct	sockaddr_in *sin;
933 	struct	sockaddr_storage sav_netmask;
934 	char cidraddr[BUFSIZ];
935 
936 	if (addr[0] == '/')
937 		return (setifprefixlen(addr, 0));
938 
939 	(*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen);
940 
941 	(void) memset(&netmask, 0, sizeof (netmask));
942 	netmask.ss_family = afp->af_af;
943 	switch (prefixlen) {
944 	case NO_PREFIX:
945 		/* Nothing there - ok */
946 		break;
947 	case BAD_ADDR:
948 		(void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n",
949 		    addr);
950 		exit(1);
951 	default:
952 		if (afp->af_af == AF_INET6) {
953 			sin6 = (struct sockaddr_in6 *)&netmask;
954 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
955 			    (uchar_t *)&sin6->sin6_addr)) {
956 				(void) fprintf(stderr, "ifconfig: "
957 				    "Bad prefix length: %d\n",
958 				    prefixlen);
959 				exit(1);
960 			}
961 		} else {
962 			sin = (struct sockaddr_in *)&netmask;
963 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
964 			    (uchar_t *)&sin->sin_addr)) {
965 				(void) fprintf(stderr, "ifconfig: "
966 				    "Bad prefix length: %d\n",
967 				    prefixlen);
968 				exit(1);
969 			}
970 		}
971 		/*
972 		 * Just in case of funny setting of both prefix and netmask,
973 		 * prefix should override the netmask command.
974 		 */
975 		g_netmask_set = G_NETMASK_NIL;
976 		break;
977 	}
978 
979 	/*
980 	 * Check and see if any "netmask" command is used and perform the
981 	 * necessary operation.
982 	 */
983 	set_mask_lifreq(&lifr, &laddr, &netmask);
984 
985 	/* This check is temporary until libipadm supports IPMP interfaces. */
986 	if (ifconfig_use_libipadm(s, name)) {
987 		char	addrstr[INET6_ADDRSTRLEN];
988 
989 		if (af == AF_INET) {
990 			sin = (struct sockaddr_in *)&laddr;
991 			(void) inet_ntop(AF_INET, &sin->sin_addr, addrstr,
992 			    sizeof (addrstr));
993 		} else {
994 			sin6 = (struct sockaddr_in6 *)&laddr;
995 			(void) inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr,
996 			    sizeof (addrstr));
997 		}
998 		istatus = ipadm_create_addrobj(IPADM_ADDR_STATIC, name,
999 		    &ipaddr);
1000 		if (istatus != IPADM_SUCCESS)
1001 			ipadmerr_exit(istatus, "setifaddr");
1002 
1003 		/*
1004 		 * lifr.lifr_addr, which is updated by set_mask_lifreq()
1005 		 * will contain the right mask to use.
1006 		 */
1007 		prefixlen = mask2plen((struct sockaddr *)&lifr.lifr_addr);
1008 		(void) snprintf(cidraddr, sizeof (cidraddr), "%s/%d",
1009 		    addrstr, prefixlen);
1010 
1011 		istatus = ipadm_set_addr(ipaddr, cidraddr, af);
1012 		if (istatus != IPADM_SUCCESS)
1013 			ipadmerr_exit(istatus, "could not set address");
1014 		/*
1015 		 * let parser know we got a source.
1016 		 * Next address, if given, should be dest
1017 		 */
1018 		setaddr++;
1019 
1020 		/*
1021 		 * address will be set by the parser after nextarg has
1022 		 * been scanned
1023 		 */
1024 		return (0);
1025 	}
1026 
1027 	/* Tell parser that an address was set */
1028 	setaddr++;
1029 	/* save copy of netmask to restore in case of error */
1030 	(void) strncpy(lifr1.lifr_name, name, sizeof (lifr1.lifr_name));
1031 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr1) < 0)
1032 		Perror0_exit("SIOCGLIFNETMASK");
1033 	sav_netmask = lifr1.lifr_addr;
1034 
1035 	/*
1036 	 * If setting the address and not the mask, clear any existing mask
1037 	 * and the kernel will then assign the default (netmask has been set
1038 	 * to 0 in this case).  If setting both (either by using a prefix or
1039 	 * using the netmask command), set the mask first, so the address will
1040 	 * be interpreted correctly.
1041 	 */
1042 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1043 	/* lifr.lifr_addr already contains netmask from set_mask_lifreq() */
1044 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1045 		Perror0_exit("SIOCSLIFNETMASK");
1046 
1047 	if (debug) {
1048 		char abuf[INET6_ADDRSTRLEN];
1049 		void *addr = (afp->af_af == AF_INET) ?
1050 		    (void *)&((struct sockaddr_in *)&laddr)->sin_addr :
1051 		    (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr;
1052 
1053 		(void) printf("Setting %s af %d addr %s\n",
1054 		    lifr.lifr_name, afp->af_af,
1055 		    inet_ntop(afp->af_af, addr, abuf, sizeof (abuf)));
1056 	}
1057 	lifr.lifr_addr = laddr;
1058 	lifr.lifr_addr.ss_family = afp->af_af;
1059 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) {
1060 		/*
1061 		 * Restore the netmask
1062 		 */
1063 		int saverr = errno;
1064 
1065 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1066 		lifr.lifr_addr = sav_netmask;
1067 		(void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr);
1068 		errno = saverr;
1069 		Perror0_exit("SIOCSLIFADDR");
1070 	}
1071 
1072 	return (0);
1073 }
1074 
1075 /*
1076  * The following functions are stolen from the ipseckey(1m) program.
1077  * Perhaps they should be somewhere common, but for now, we just maintain
1078  * two versions.  We do this because of the different semantics for which
1079  * algorithms we select ("requested" for ifconfig vs. "actual" for key).
1080  */
1081 
1082 static ulong_t
1083 parsenum(char *num)
1084 {
1085 	ulong_t rc;
1086 	char *end = NULL;
1087 
1088 	errno = 0;
1089 	rc = strtoul(num, &end, 0);
1090 	if (errno != 0 || end == num || *end != '\0') {
1091 		rc = (ulong_t)-1;
1092 	}
1093 
1094 	return (rc);
1095 }
1096 
1097 /*
1098  * Parse and reverse parse possible algorithm values, include numbers.
1099  * Mostly stolen from ipseckey.c. See the comments above parsenum() for why
1100  * this isn't common to ipseckey.c.
1101  *
1102  * NOTE: Static buffer in this function for the return value.  Since ifconfig
1103  *       isn't multithreaded, this isn't a huge problem.
1104  */
1105 
1106 #define	NBUF_SIZE 20	/* Enough to print a large integer. */
1107 
1108 static char *
1109 rparsealg(uint8_t alg_value, int proto_num)
1110 {
1111 	struct ipsecalgent *alg;
1112 	static char numprint[128];	/* Enough to hold an algorithm name. */
1113 
1114 	/*
1115 	 * Special cases for "any" and "none"
1116 	 * The kernel needs to be able to distinguish between "any"
1117 	 * and "none" and the APIs are underdefined in this area for auth.
1118 	 */
1119 	if (proto_num == IPSEC_PROTO_AH) {
1120 		if (alg_value == SADB_AALG_NONE)
1121 			return ("none");
1122 		if (alg_value == SADB_AALG_ANY)
1123 			return ("any");
1124 	}
1125 
1126 	alg = getipsecalgbynum(alg_value, proto_num, NULL);
1127 	if (alg != NULL) {
1128 		(void) strlcpy(numprint, alg->a_names[0], sizeof (numprint));
1129 		freeipsecalgent(alg);
1130 	} else {
1131 		(void) snprintf(numprint, sizeof (numprint), "%d", alg_value);
1132 	}
1133 
1134 	return (numprint);
1135 }
1136 
1137 static uint_t
1138 parsealg(char *algname, int proto_num)
1139 {
1140 	struct ipsecalgent *alg;
1141 	ulong_t invalue;
1142 
1143 	if (algname == NULL) {
1144 		(void) fprintf(stderr, "ifconfig: Unexpected end of command "
1145 		    "line.\n");
1146 		exit(1);
1147 	}
1148 
1149 	/*
1150 	 * Special-case "none" and "any".
1151 	 * Use strcasecmp because its length is bounded.
1152 	 */
1153 	if (strcasecmp("none", algname) == 0) {
1154 		return ((proto_num == IPSEC_PROTO_ESP) ?
1155 		    NO_ESP_EALG : NO_ESP_AALG);
1156 	}
1157 	if ((strcasecmp("any", algname) == 0) && (proto_num == IPSEC_PROTO_AH))
1158 		return (SADB_AALG_ANY);
1159 
1160 	alg = getipsecalgbyname(algname, proto_num, NULL);
1161 	if (alg != NULL) {
1162 		invalue = alg->a_alg_num;
1163 		freeipsecalgent(alg);
1164 		return ((uint_t)invalue);
1165 	}
1166 
1167 	/*
1168 	 * Since algorithms can be loaded during kernel run-time, check for
1169 	 * numeric algorithm values too.
1170 	 */
1171 	invalue = parsenum(algname);
1172 	if ((invalue & (ulong_t)0xff) == invalue)
1173 		return ((uint_t)invalue);
1174 
1175 	(void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n",
1176 	    (proto_num == IPSEC_PROTO_ESP) ?
1177 	    "Encryption" : "Authentication", algname);
1178 	exit(1);
1179 	/* NOTREACHED */
1180 }
1181 
1182 /*
1183  * Actual ifconfig functions to set tunnel security properties.
1184  */
1185 
1186 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG };
1187 
1188 static int
1189 set_tun_algs(int which_alg, int alg)
1190 {
1191 	boolean_t	encr_alg_set = _B_FALSE;
1192 	iptun_params_t	params;
1193 	dladm_status_t	status;
1194 	ipsec_req_t	*ipsr;
1195 
1196 	if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN,
1197 	    &params.iptun_param_linkid)) != DLADM_STATUS_OK)
1198 		goto done;
1199 
1200 	status = dladm_iptun_getparams(dlh, &params, DLADM_OPT_ACTIVE);
1201 	if (status != DLADM_STATUS_OK)
1202 		goto done;
1203 
1204 	ipsr = &params.iptun_param_secinfo;
1205 
1206 	/*
1207 	 * If I'm just starting off this ifconfig, I want a clean slate,
1208 	 * otherwise, I've captured the current tunnel security settings.
1209 	 * In the case of continuation, I merely add to the settings.
1210 	 */
1211 	if (!(params.iptun_param_flags & IPTUN_PARAM_SECINFO))
1212 		(void) memset(ipsr, 0, sizeof (*ipsr));
1213 
1214 	/* We're only modifying the IPsec information */
1215 	params.iptun_param_flags = IPTUN_PARAM_SECINFO;
1216 
1217 	switch (which_alg) {
1218 	case ESP_ENCR_ALG:
1219 		if (alg == NO_ESP_EALG) {
1220 			if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE)
1221 				ipsr->ipsr_esp_req = 0;
1222 			ipsr->ipsr_esp_alg = SADB_EALG_NONE;
1223 
1224 			/* Let the user specify NULL encryption implicitly. */
1225 			if (ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) {
1226 				encr_alg_set = _B_TRUE;
1227 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1228 			}
1229 		} else {
1230 			encr_alg_set = _B_TRUE;
1231 			ipsr->ipsr_esp_req =
1232 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1233 			ipsr->ipsr_esp_alg = alg;
1234 		}
1235 		break;
1236 	case ESP_AUTH_ALG:
1237 		if (alg == NO_ESP_AALG) {
1238 			if ((ipsr->ipsr_esp_alg == SADB_EALG_NONE ||
1239 			    ipsr->ipsr_esp_alg == SADB_EALG_NULL) &&
1240 			    !encr_alg_set)
1241 				ipsr->ipsr_esp_req = 0;
1242 			ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE;
1243 		} else {
1244 			ipsr->ipsr_esp_req =
1245 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1246 			ipsr->ipsr_esp_auth_alg = alg;
1247 
1248 			/* Let the user specify NULL encryption implicitly. */
1249 			if (ipsr->ipsr_esp_alg == SADB_EALG_NONE &&
1250 			    !encr_alg_set)
1251 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1252 		}
1253 		break;
1254 	case AH_AUTH_ALG:
1255 		if (alg == NO_AH_AALG) {
1256 			ipsr->ipsr_ah_req = 0;
1257 			ipsr->ipsr_auth_alg = SADB_AALG_NONE;
1258 		} else {
1259 			ipsr->ipsr_ah_req =
1260 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1261 			ipsr->ipsr_auth_alg = alg;
1262 		}
1263 		break;
1264 		/* Will never hit DEFAULT */
1265 	}
1266 
1267 	status = dladm_iptun_modify(dlh, &params, DLADM_OPT_ACTIVE);
1268 
1269 done:
1270 	if (status != DLADM_STATUS_OK)
1271 		dladmerr_exit(status, name);
1272 	else {
1273 		ipsec_policy_set = _B_TRUE;
1274 		if ((ipsr->ipsr_esp_req != 0 &&
1275 		    ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) ||
1276 		    (ipsr->ipsr_ah_req != 0 &&
1277 		    ipsr->ipsr_auth_alg != SADB_AALG_NONE))
1278 			ipsec_auth_covered = _B_TRUE;
1279 	}
1280 	return (0);
1281 }
1282 
1283 /* ARGSUSED */
1284 static int
1285 set_tun_esp_encr_alg(char *addr, int64_t param)
1286 {
1287 	return (set_tun_algs(ESP_ENCR_ALG,
1288 	    parsealg(addr, IPSEC_PROTO_ESP)));
1289 }
1290 
1291 /* ARGSUSED */
1292 static int
1293 set_tun_esp_auth_alg(char *addr, int64_t param)
1294 {
1295 	return (set_tun_algs(ESP_AUTH_ALG,
1296 	    parsealg(addr, IPSEC_PROTO_AH)));
1297 }
1298 
1299 /* ARGSUSED */
1300 static int
1301 set_tun_ah_alg(char *addr, int64_t param)
1302 {
1303 	return (set_tun_algs(AH_AUTH_ALG,
1304 	    parsealg(addr, IPSEC_PROTO_AH)));
1305 }
1306 
1307 /* ARGSUSED */
1308 static int
1309 setifrevarp(char *arg, int64_t param)
1310 {
1311 	struct sockaddr_in	laddr;
1312 
1313 	if (afp->af_af == AF_INET6) {
1314 		(void) fprintf(stderr,
1315 		    "ifconfig: revarp not possible on IPv6 interface %s\n",
1316 		    name);
1317 		exit(1);
1318 	}
1319 	if (doifrevarp(name, &laddr)) {
1320 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1321 		laddr.sin_family = AF_INET;
1322 		(void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr));
1323 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1324 			Perror0_exit("SIOCSLIFADDR");
1325 	}
1326 	return (0);
1327 }
1328 
1329 /* ARGSUSED */
1330 static int
1331 setifsubnet(char *addr, int64_t param)
1332 {
1333 	int prefixlen = 0;
1334 	struct	sockaddr_storage subnet;
1335 
1336 	(*afp->af_getaddr)(addr, &subnet, &prefixlen);
1337 
1338 	switch (prefixlen) {
1339 	case NO_PREFIX:
1340 		(void) fprintf(stderr,
1341 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
1342 		exit(1);
1343 		/* NOTREACHED */
1344 	case BAD_ADDR:
1345 		(void) fprintf(stderr,
1346 		    "ifconfig: Bad prefix length in %s\n", addr);
1347 		exit(1);
1348 	default:
1349 		break;
1350 	}
1351 
1352 	lifr.lifr_addr = subnet;
1353 	lifr.lifr_addrlen = prefixlen;
1354 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1355 	if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0)
1356 		Perror0_exit("SIOCSLIFSUBNET");
1357 
1358 	return (0);
1359 }
1360 
1361 /* ARGSUSED */
1362 static int
1363 setifnetmask(char *addr, int64_t param)
1364 {
1365 	struct sockaddr_in netmask;
1366 
1367 	assert(afp->af_af != AF_INET6);
1368 
1369 	if (strcmp(addr, "+") == 0) {
1370 		if (!in_getmask(&netmask, _B_FALSE))
1371 			return (0);
1372 		(void) printf("Setting netmask of %s to %s\n", name,
1373 		    inet_ntoa(netmask.sin_addr));
1374 	} else {
1375 		in_getaddr(addr, (struct sockaddr *)&netmask, NULL);
1376 	}
1377 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1378 	(void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask));
1379 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1380 		Perror0_exit("SIOCSLIFNETMASK");
1381 	return (0);
1382 }
1383 
1384 /*
1385  * Parse '/<n>' as a netmask.
1386  */
1387 /* ARGSUSED */
1388 static int
1389 setifprefixlen(char *addr, int64_t param)
1390 {
1391 	int prefixlen;
1392 	int af = afp->af_af;
1393 
1394 	prefixlen = in_getprefixlen(addr, _B_TRUE,
1395 	    (af == AF_INET) ? IP_ABITS : IPV6_ABITS);
1396 	if (prefixlen < 0) {
1397 		(void) fprintf(stderr,
1398 		    "ifconfig: Bad prefix length in %s\n", addr);
1399 		exit(1);
1400 	}
1401 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1402 	lifr.lifr_addr.ss_family = af;
1403 	if (af == AF_INET6) {
1404 		struct sockaddr_in6 *sin6;
1405 
1406 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
1407 		if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1408 		    (uchar_t *)&sin6->sin6_addr)) {
1409 			(void) fprintf(stderr, "ifconfig: "
1410 			    "Bad prefix length: %d\n",
1411 			    prefixlen);
1412 			exit(1);
1413 		}
1414 	} else if (af == AF_INET) {
1415 		struct sockaddr_in *sin;
1416 
1417 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
1418 		if (!in_prefixlentomask(prefixlen, IP_ABITS,
1419 		    (uchar_t *)&sin->sin_addr)) {
1420 			(void) fprintf(stderr, "ifconfig: "
1421 			    "Bad prefix length: %d\n",
1422 			    prefixlen);
1423 			exit(1);
1424 		}
1425 	} else {
1426 		(void) fprintf(stderr, "ifconfig: setting prefix only supported"
1427 		    " for address family inet or inet6\n");
1428 		exit(1);
1429 	}
1430 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1431 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1432 		Perror0_exit("SIOCSLIFNETMASK");
1433 	return (0);
1434 }
1435 
1436 /* ARGSUSED */
1437 static int
1438 setifbroadaddr(char *addr, int64_t param)
1439 {
1440 	struct	sockaddr_in broadaddr;
1441 
1442 	assert(afp->af_af != AF_INET6);
1443 
1444 	if (strcmp(addr, "+") == 0) {
1445 		/*
1446 		 * This doesn't set the broadcast address at all. Rather, it
1447 		 * gets, then sets the interface's address, relying on the fact
1448 		 * that resetting the address will reset the broadcast address.
1449 		 */
1450 		(void) strncpy(lifr.lifr_name, name,
1451 		    sizeof (lifr.lifr_name));
1452 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
1453 			if (errno != EADDRNOTAVAIL)
1454 				Perror0_exit("SIOCGLIFADDR");
1455 			return (0);
1456 		}
1457 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1458 			Perror0_exit("SIOCGLIFADDR");
1459 
1460 		return (0);
1461 	}
1462 	in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL);
1463 
1464 	(void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr));
1465 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1466 	if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0)
1467 		Perror0_exit("SIOCSLIFBRDADDR");
1468 	return (0);
1469 }
1470 
1471 /*
1472  * set interface destination address
1473  */
1474 /* ARGSUSED */
1475 static int
1476 setifdstaddr(char *addr, int64_t param)
1477 {
1478 	(*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL);
1479 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1480 	if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0)
1481 		Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR");
1482 	return (0);
1483 }
1484 
1485 /* ARGSUSED */
1486 static int
1487 setifflags(char *val, int64_t value)
1488 {
1489 	struct lifreq lifrl;	/* local lifreq struct */
1490 	boolean_t bringup = _B_FALSE;
1491 
1492 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1493 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0)
1494 		Perror0_exit("setifflags: SIOCGLIFFLAGS");
1495 
1496 	if (value < 0) {
1497 		value = -value;
1498 
1499 		if ((value & IFF_NOFAILOVER) && (lifr.lifr_flags & IFF_UP)) {
1500 			/*
1501 			 * The kernel does not allow administratively up test
1502 			 * addresses to be converted to data addresses.  Bring
1503 			 * the address down first, then bring it up after it's
1504 			 * been converted to a data address.
1505 			 */
1506 			lifr.lifr_flags &= ~IFF_UP;
1507 			(void) ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr);
1508 			bringup = _B_TRUE;
1509 		}
1510 
1511 		lifr.lifr_flags &= ~value;
1512 		if ((value & (IFF_UP | IFF_NOFAILOVER)) &&
1513 		    (lifr.lifr_flags & IFF_DUPLICATE)) {
1514 			/*
1515 			 * If the user is trying to mark an interface with a
1516 			 * duplicate address as "down," or convert a duplicate
1517 			 * test address to a data address, then fetch the
1518 			 * address and set it.  This will cause IP to clear
1519 			 * the IFF_DUPLICATE flag and stop the automatic
1520 			 * recovery timer.
1521 			 */
1522 			value = lifr.lifr_flags;
1523 			if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0)
1524 				(void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr);
1525 			lifr.lifr_flags = value;
1526 		}
1527 	} else {
1528 		lifr.lifr_flags |= value;
1529 	}
1530 
1531 	/*
1532 	 * If we're about to bring up an underlying physical IPv6 interface in
1533 	 * an IPMP group, ensure the IPv6 IPMP interface is also up.  This is
1534 	 * for backward compatibility with legacy configurations in which
1535 	 * there are no explicit hostname files for IPMP interfaces.  (For
1536 	 * IPv4, this is automatically handled by the kernel when migrating
1537 	 * the underlying interface's data address to the IPMP interface.)
1538 	 */
1539 	(void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ);
1540 
1541 	if (lifnum(lifr.lifr_name) == 0 &&
1542 	    (lifr.lifr_flags & (IFF_UP|IFF_IPV6)) == (IFF_UP|IFF_IPV6) &&
1543 	    ioctl(s, SIOCGLIFGROUPNAME, &lifrl) == 0 &&
1544 	    lifrl.lifr_groupname[0] != '\0') {
1545 		lifgroupinfo_t lifgr;
1546 
1547 		(void) strlcpy(lifgr.gi_grname, lifrl.lifr_groupname,
1548 		    LIFGRNAMSIZ);
1549 		if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1)
1550 			Perror0_exit("setifflags: SIOCGLIFGROUPINFO");
1551 
1552 		(void) strlcpy(lifrl.lifr_name, lifgr.gi_grifname, LIFNAMSIZ);
1553 		if (ioctl(s, SIOCGLIFFLAGS, &lifrl) == -1)
1554 			Perror0_exit("setifflags: SIOCGLIFFLAGS");
1555 		if (!(lifrl.lifr_flags & IFF_UP)) {
1556 			lifrl.lifr_flags |= IFF_UP;
1557 			if (ioctl(s, SIOCSLIFFLAGS, &lifrl) == -1)
1558 				Perror0_exit("setifflags: SIOCSLIFFLAGS");
1559 		}
1560 	}
1561 
1562 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1563 	if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0)
1564 		Perror0_exit("setifflags: SIOCSLIFFLAGS");
1565 
1566 	if (bringup) {
1567 		lifr.lifr_flags |= IFF_UP;
1568 		if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0)
1569 			Perror0_exit("setifflags: SIOCSLIFFLAGS IFF_UP");
1570 	}
1571 
1572 	return (0);
1573 }
1574 
1575 /* ARGSUSED */
1576 static int
1577 setifmetric(char *val, int64_t param)
1578 {
1579 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1580 	lifr.lifr_metric = atoi(val);
1581 	if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0)
1582 		Perror0_exit("setifmetric: SIOCSLIFMETRIC");
1583 	return (0);
1584 }
1585 
1586 /* ARGSUSED */
1587 static int
1588 setifmtu(char *val, int64_t param)
1589 {
1590 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1591 	lifr.lifr_mtu = atoi(val);
1592 	if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0)
1593 		Perror0_exit("setifmtu: SIOCSLIFMTU");
1594 	return (0);
1595 }
1596 
1597 /* ARGSUSED */
1598 static int
1599 setifindex(char *val, int64_t param)
1600 {
1601 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1602 	lifr.lifr_index = atoi(val);
1603 	if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0)
1604 		Perror0_exit("setifindex: SIOCSLIFINDEX");
1605 	return (0);
1606 }
1607 
1608 /* ARGSUSED */
1609 static void
1610 notifycb(dlpi_handle_t dh, dlpi_notifyinfo_t *dnip, void *arg)
1611 {
1612 }
1613 
1614 /* ARGSUSED */
1615 static int
1616 setifether(char *addr, int64_t param)
1617 {
1618 	uchar_t		*hwaddr;
1619 	int		hwaddrlen;
1620 	int		retval;
1621 	ifaddrlistx_t	*ifaddrp, *ifaddrs = NULL;
1622 	dlpi_handle_t	dh;
1623 	dlpi_notifyid_t id;
1624 
1625 	if (addr == NULL) {
1626 		ifstatus(name);
1627 		print_ifether(name);
1628 		return (0);
1629 	}
1630 
1631 	/*
1632 	 * if the IP interface in the arguments is a logical
1633 	 * interface, exit with an error now.
1634 	 */
1635 	if (strchr(name, ':') != NULL) {
1636 		(void) fprintf(stderr, "ifconfig: cannot change"
1637 		    " ethernet address of a logical interface\n");
1638 		exit(1);
1639 	}
1640 
1641 	if ((hwaddr = _link_aton(addr, &hwaddrlen)) == NULL) {
1642 		if (hwaddrlen == -1)
1643 			(void) fprintf(stderr,
1644 			    "ifconfig: bad ethernet address\n");
1645 		else
1646 			(void) fprintf(stderr, "ifconfig: malloc() failed\n");
1647 		exit(1);
1648 	}
1649 
1650 	if ((retval = dlpi_open(name, &dh, 0)) != DLPI_SUCCESS)
1651 		Perrdlpi_exit("cannot dlpi_open() link", name, retval);
1652 
1653 	retval = dlpi_enabnotify(dh, DL_NOTE_PHYS_ADDR, notifycb, NULL, &id);
1654 	if (retval == DLPI_SUCCESS) {
1655 		(void) dlpi_disabnotify(dh, id, NULL);
1656 	} else {
1657 		/*
1658 		 * This link does not support DL_NOTE_PHYS_ADDR: bring down
1659 		 * all of the addresses to flush the old hardware address
1660 		 * information out of IP.
1661 		 *
1662 		 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is
1663 		 * more than an optimization: in.mpathd will set IFF_OFFLINE
1664 		 * if it's notified and the new address is a duplicate of
1665 		 * another in the group -- but the flags manipulation in
1666 		 * ifaddr_{down,up}() cannot be atomic and thus might clobber
1667 		 * IFF_OFFLINE, confusing in.mpathd.
1668 		 */
1669 		if (ifaddrlistx(name, IFF_UP, 0, &ifaddrs) == -1)
1670 			Perror2_exit(name, "cannot get address list");
1671 
1672 		ifaddrp = ifaddrs;
1673 		for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
1674 			if (!ifaddr_down(ifaddrp)) {
1675 				Perror2_exit(ifaddrp->ia_name,
1676 				    "cannot bring down");
1677 			}
1678 		}
1679 	}
1680 
1681 	/*
1682 	 * Change the hardware address.
1683 	 */
1684 	retval = dlpi_set_physaddr(dh, DL_CURR_PHYS_ADDR, hwaddr, hwaddrlen);
1685 	if (retval != DLPI_SUCCESS) {
1686 		(void) fprintf(stderr,
1687 		    "ifconfig: failed setting mac address on %s\n", name);
1688 	}
1689 	dlpi_close(dh);
1690 
1691 	/*
1692 	 * If any addresses were brought down before changing the hardware
1693 	 * address, bring them up again.
1694 	 */
1695 	for (ifaddrp = ifaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
1696 		if (!ifaddr_up(ifaddrp))
1697 			Perror2_exit(ifaddrp->ia_name, "cannot bring up");
1698 	}
1699 	ifaddrlistx_free(ifaddrs);
1700 
1701 	return (0);
1702 }
1703 
1704 /*
1705  * Print an interface's Ethernet address, if it has one.
1706  */
1707 static void
1708 print_ifether(const char *ifname)
1709 {
1710 	int fd;
1711 
1712 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1713 
1714 	fd = socket(AF_INET, SOCK_DGRAM, 0);
1715 	if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1716 		/*
1717 		 * It's possible the interface is only configured for
1718 		 * IPv6; check again with AF_INET6.
1719 		 */
1720 		(void) close(fd);
1721 		fd = socket(AF_INET6, SOCK_DGRAM, 0);
1722 		if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1723 			(void) close(fd);
1724 			return;
1725 		}
1726 	}
1727 	(void) close(fd);
1728 
1729 	/* VNI and IPMP interfaces don't have MAC addresses */
1730 	if (lifr.lifr_flags & (IFF_VIRTUAL|IFF_IPMP))
1731 		return;
1732 
1733 	/* IP tunnels also don't have Ethernet-like MAC addresses */
1734 	if (ifconfig_dladm_open(ifname, DATALINK_CLASS_IPTUN, NULL) ==
1735 	    DLADM_STATUS_OK)
1736 		return;
1737 
1738 	dlpi_print_address(ifname);
1739 }
1740 
1741 /*
1742  * static int find_all_interfaces(struct lifconf *lifcp, char **buf,
1743  *     int64_t lifc_flags)
1744  *
1745  * It finds all active data links.
1746  *
1747  * It takes in input a pointer to struct lifconf to receive interfaces
1748  * informations, a **char to hold allocated buffer, and a lifc_flags.
1749  *
1750  * Return values:
1751  *  0 = everything OK
1752  * -1 = problem
1753  */
1754 static int
1755 find_all_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags)
1756 {
1757 	unsigned bufsize;
1758 	int n;
1759 	ni_t *nip;
1760 	struct lifreq *lifrp;
1761 	dladm_status_t status;
1762 
1763 	if (!dlh_opened) {
1764 		status = ifconfig_dladm_open(NULL, 0, NULL);
1765 		if (status != DLADM_STATUS_OK)
1766 			dladmerr_exit(status, "unable to open dladm handle");
1767 	}
1768 
1769 	(void) dlpi_walk(ni_entry, dlh, 0);
1770 
1771 	/* Now, translate the linked list into a struct lifreq buffer */
1772 	if (num_ni == 0) {
1773 		lifcp->lifc_family = AF_UNSPEC;
1774 		lifcp->lifc_flags = lifc_flags;
1775 		lifcp->lifc_len = 0;
1776 		lifcp->lifc_buf = NULL;
1777 		return (0);
1778 	}
1779 
1780 	bufsize = num_ni * sizeof (struct lifreq);
1781 	if ((*buf = malloc(bufsize)) == NULL)
1782 		Perror0_exit("find_all_interfaces: malloc failed");
1783 
1784 	lifcp->lifc_family = AF_UNSPEC;
1785 	lifcp->lifc_flags = lifc_flags;
1786 	lifcp->lifc_len = bufsize;
1787 	lifcp->lifc_buf = *buf;
1788 
1789 	for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) {
1790 		nip = ni_list;
1791 		(void) strncpy(lifrp->lifr_name, nip->ni_name,
1792 		    sizeof (lifr.lifr_name));
1793 		ni_list = nip->ni_next;
1794 		free(nip);
1795 	}
1796 	return (0);
1797 }
1798 
1799 /*
1800  * Create the next unused logical interface using the original name
1801  * and assign the address (and mask if '/<n>' is part of the address).
1802  * Use the new logical interface for subsequent subcommands by updating
1803  * the name variable.
1804  *
1805  * This allows syntax like:
1806  *	ifconfig le0 addif 109.106.86.130 netmask + up \
1807  *	addif 109.106.86.131 netmask + up
1808  */
1809 /* ARGSUSED */
1810 static int
1811 addif(char *str, int64_t param)
1812 {
1813 	int prefixlen = 0;
1814 	struct sockaddr_storage laddr;
1815 	struct sockaddr_storage mask;
1816 	struct sockaddr_in6 *sin6;
1817 	struct sockaddr_in *sin;
1818 	ipadm_status_t istatus;
1819 	char cidraddr[BUFSIZ];
1820 	char addrstr[INET6_ADDRSTRLEN];
1821 
1822 	(void) strncpy(name, origname, sizeof (name));
1823 
1824 	if (strchr(name, ':') != NULL) {
1825 		(void) fprintf(stderr,
1826 		    "ifconfig: addif: bad physical interface name %s\n",
1827 		    name);
1828 		exit(1);
1829 	}
1830 
1831 	/*
1832 	 * clear so parser will interpret next address as source followed
1833 	 * by possible dest
1834 	 */
1835 	setaddr = 0;
1836 	(*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen);
1837 
1838 	(void) memset(&mask, 0, sizeof (mask));
1839 	mask.ss_family = afp->af_af;
1840 
1841 	switch (prefixlen) {
1842 	case NO_PREFIX:
1843 		/* Nothing there - ok */
1844 		break;
1845 	case BAD_ADDR:
1846 		(void) fprintf(stderr,
1847 		    "ifconfig: Bad prefix length in %s\n", str);
1848 		exit(1);
1849 	default:
1850 		(void) memset(&mask, 0, sizeof (mask));
1851 		mask.ss_family = afp->af_af;
1852 		if (afp->af_af == AF_INET6) {
1853 			sin6 = (struct sockaddr_in6 *)&mask;
1854 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1855 			    (uchar_t *)&sin6->sin6_addr)) {
1856 				(void) fprintf(stderr, "ifconfig: "
1857 				    "Bad prefix length: %d\n",
1858 				    prefixlen);
1859 				exit(1);
1860 			}
1861 		} else {
1862 			sin = (struct sockaddr_in *)&mask;
1863 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
1864 			    (uchar_t *)&sin->sin_addr)) {
1865 				(void) fprintf(stderr, "ifconfig: "
1866 				    "Bad prefix length: %d\n",
1867 				    prefixlen);
1868 				exit(1);
1869 			}
1870 		}
1871 		g_netmask_set = G_NETMASK_NIL;
1872 		break;
1873 	}
1874 
1875 	/*
1876 	 * This is a "hack" to get around the problem of SIOCLIFADDIF.  The
1877 	 * problem is that this ioctl does not include the netmask when
1878 	 * adding a logical interface.  This is the same problem described
1879 	 * in the ifconfig() comments.  To get around this problem, we first
1880 	 * add the logical interface with a 0 address.  After that, we set
1881 	 * the netmask if provided.  Finally we set the interface address.
1882 	 */
1883 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1884 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1885 
1886 	/* Note: no need to do DAD here since the interface isn't up yet. */
1887 
1888 	if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0)
1889 		Perror0_exit("addif: SIOCLIFADDIF");
1890 
1891 	(void) printf("Created new logical interface %s\n",
1892 	    lifr.lifr_name);
1893 	(void) strncpy(name, lifr.lifr_name, sizeof (name));
1894 
1895 	/*
1896 	 * Check and see if any "netmask" command is used and perform the
1897 	 * necessary operation.
1898 	 */
1899 	set_mask_lifreq(&lifr, &laddr, &mask);
1900 
1901 	/* This check is temporary until libipadm supports IPMP interfaces. */
1902 	if (ifconfig_use_libipadm(s, name)) {
1903 		/*
1904 		 * We added the logical interface above before calling
1905 		 * ipadm_create_addr(), because, with IPH_LEGACY, we need
1906 		 * to do an addif for `ifconfig ce0 addif <addr>' but not for
1907 		 * `ifconfig ce0 <addr>'. libipadm does not have a flag to
1908 		 * to differentiate between these two cases. To keep it simple,
1909 		 * we always create the logical interface and pass it to
1910 		 * libipadm instead of requiring libipadm to addif for some
1911 		 * cases and not do addif for other cases.
1912 		 */
1913 		istatus = ipadm_create_addrobj(IPADM_ADDR_STATIC, name,
1914 		    &ipaddr);
1915 		if (istatus != IPADM_SUCCESS)
1916 			ipadmerr_exit(istatus, "addif");
1917 
1918 		if (af == AF_INET) {
1919 			sin = (struct sockaddr_in *)&laddr;
1920 			(void) inet_ntop(AF_INET, &sin->sin_addr, addrstr,
1921 			    sizeof (addrstr));
1922 		} else {
1923 			sin6 = (struct sockaddr_in6 *)&laddr;
1924 			(void) inet_ntop(AF_INET6, &sin6->sin6_addr, addrstr,
1925 			    sizeof (addrstr));
1926 		}
1927 		/*
1928 		 * lifr.lifr_addr, which is updated by set_mask_lifreq()
1929 		 * will contain the right mask to use.
1930 		 */
1931 		prefixlen = mask2plen((struct sockaddr *)&lifr.lifr_addr);
1932 
1933 		(void) snprintf(cidraddr, sizeof (cidraddr), "%s/%d",
1934 		    addrstr, prefixlen);
1935 
1936 		istatus = ipadm_set_addr(ipaddr, cidraddr, af);
1937 
1938 		if (istatus != IPADM_SUCCESS)
1939 			ipadmerr_exit(istatus, "could not set address");
1940 		setaddr++;
1941 		/*
1942 		 * address will be set by the parser after nextarg
1943 		 * has been scanned
1944 		 */
1945 		return (0);
1946 	}
1947 
1948 	/*
1949 	 * Only set the netmask if "netmask" command is used or a prefix is
1950 	 * provided.
1951 	 */
1952 	if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) {
1953 		/*
1954 		 * lifr.lifr_addr already contains netmask from
1955 		 * set_mask_lifreq().
1956 		 */
1957 		if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1958 			Perror0_exit("addif: SIOCSLIFNETMASK");
1959 	}
1960 
1961 	/* Finally, we set the interface address. */
1962 	lifr.lifr_addr = laddr;
1963 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1964 		Perror0_exit("SIOCSLIFADDR");
1965 
1966 	/*
1967 	 * let parser know we got a source.
1968 	 * Next address, if given, should be dest
1969 	 */
1970 	setaddr++;
1971 	return (0);
1972 }
1973 
1974 /*
1975  * Remove a logical interface based on its IP address. Unlike addif
1976  * there is no '/<n>' here.
1977  * Verifies that the interface is down before it is removed.
1978  */
1979 /* ARGSUSED */
1980 static int
1981 removeif(char *str, int64_t param)
1982 {
1983 	struct sockaddr_storage laddr;
1984 	ipadm_status_t istatus;
1985 	ipadm_addr_info_t *ainfo, *ainfop;
1986 
1987 	if (strchr(name, ':') != NULL) {
1988 		(void) fprintf(stderr,
1989 		    "ifconfig: removeif: bad physical interface name %s\n",
1990 		    name);
1991 		exit(1);
1992 	}
1993 
1994 	(*afp->af_getaddr)(str, &laddr, NULL);
1995 
1996 	/*
1997 	 * Following check is temporary until libipadm supports
1998 	 * IPMP interfaces.
1999 	 */
2000 	if (!ifconfig_use_libipadm(s, name))
2001 		goto delete;
2002 
2003 	/*
2004 	 * Get all addresses and search this address among the active
2005 	 * addresses. If an address object was found, delete using
2006 	 * ipadm_delete_addr().
2007 	 */
2008 	istatus = ipadm_addr_info(iph, name, &ainfo, 0, LIFC_DEFAULT);
2009 	if (istatus != IPADM_SUCCESS)
2010 		ipadmerr_exit(istatus, "removeif");
2011 
2012 	for (ainfop = ainfo; ainfop != NULL; ainfop = IA_NEXT(ainfop))
2013 		if (sockaddrcmp(
2014 		    (struct sockaddr_storage *)ainfop->ia_ifa.ifa_addr, &laddr))
2015 			break;
2016 
2017 	if (ainfop != NULL) {
2018 		if (strchr(ainfop->ia_ifa.ifa_name, ':') == NULL) {
2019 			(void) fprintf(stderr,
2020 			    "ifconfig: removeif: cannot remove interface: %s\n",
2021 			    name);
2022 			exit(1);
2023 		}
2024 		if (ainfop->ia_aobjname[0] != '\0') {
2025 			istatus = ipadm_delete_addr(iph, ainfop->ia_aobjname,
2026 			    IPADM_OPT_ACTIVE);
2027 			if (istatus != IPADM_SUCCESS) {
2028 				ipadmerr_exit(istatus,
2029 				    "could not delete address");
2030 			}
2031 			ipadm_free_addr_info(ainfo);
2032 			return (0);
2033 		}
2034 	}
2035 	ipadm_free_addr_info(ainfo);
2036 
2037 delete:
2038 	/*
2039 	 * An address object for this address was not found in ipadm.
2040 	 * Delete with SIOCLIFREMOVEIF.
2041 	 */
2042 	lifr.lifr_addr = laddr;
2043 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2044 	if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) {
2045 		if (errno == EBUSY) {
2046 			/* This can only happen if ipif_id = 0 */
2047 			(void) fprintf(stderr,
2048 			    "ifconfig: removeif: cannot remove interface: %s\n",
2049 			    name);
2050 			exit(1);
2051 		}
2052 		Perror0_exit("removeif: SIOCLIFREMOVEIF");
2053 	}
2054 	return (0);
2055 }
2056 
2057 /*
2058  * Set the address token for IPv6.
2059  */
2060 /* ARGSUSED */
2061 static int
2062 setiftoken(char *addr, int64_t param)
2063 {
2064 	int prefixlen = 0;
2065 	struct sockaddr_in6 token;
2066 
2067 	in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen);
2068 	switch (prefixlen) {
2069 	case NO_PREFIX:
2070 		(void) fprintf(stderr,
2071 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
2072 		exit(1);
2073 		/* NOTREACHED */
2074 	case BAD_ADDR:
2075 		(void) fprintf(stderr,
2076 		    "ifconfig: Bad prefix length in %s\n", addr);
2077 		exit(1);
2078 	default:
2079 		break;
2080 	}
2081 	(void) memcpy(&lifr.lifr_addr, &token, sizeof (token));
2082 	lifr.lifr_addrlen = prefixlen;
2083 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2084 	if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0)  {
2085 		Perror0_exit("setiftoken: SIOCSLIFTOKEN");
2086 	}
2087 	return (0);
2088 }
2089 
2090 /* ARGSUSED */
2091 static int
2092 setifgroupname(char *grname, int64_t param)
2093 {
2094 	lifgroupinfo_t		lifgr;
2095 	struct lifreq		lifrl;
2096 	ifaddrlistx_t		*ifaddrp, *nextifaddrp;
2097 	ifaddrlistx_t		*ifaddrs = NULL, *downaddrs = NULL;
2098 	int			af;
2099 
2100 	if (debug) {
2101 		(void) printf("Setting groupname %s on interface %s\n",
2102 		    grname, name);
2103 	}
2104 
2105 	(void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ);
2106 	(void) strlcpy(lifrl.lifr_groupname, grname, LIFGRNAMSIZ);
2107 
2108 	while (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) {
2109 		switch (errno) {
2110 		case ENOENT:
2111 			/*
2112 			 * The group doesn't yet exist; create it and repeat.
2113 			 */
2114 			af = afp->af_af;
2115 			if (create_ipmp(grname, af, NULL, _B_TRUE) == -1) {
2116 				if (errno == EEXIST)
2117 					continue;
2118 
2119 				Perror2(grname, "cannot create IPMP group");
2120 				goto fail;
2121 			}
2122 			continue;
2123 
2124 		case EALREADY:
2125 			/*
2126 			 * The interface is already in another group; must
2127 			 * remove existing membership first.
2128 			 */
2129 			lifrl.lifr_groupname[0] = '\0';
2130 			if (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) {
2131 				Perror2(name, "cannot remove existing "
2132 				    "IPMP group membership");
2133 				goto fail;
2134 			}
2135 			(void) strlcpy(lifrl.lifr_groupname, grname,
2136 			    LIFGRNAMSIZ);
2137 			continue;
2138 
2139 		case EAFNOSUPPORT:
2140 			/*
2141 			 * The group exists, but it's not configured with the
2142 			 * address families the interface needs.  Since only
2143 			 * two address families are currently supported, just
2144 			 * configure the "other" address family.  Note that we
2145 			 * may race with group deletion or creation by another
2146 			 * process (ENOENT or EEXIST); in such cases we repeat
2147 			 * our original SIOCSLIFGROUPNAME.
2148 			 */
2149 			(void) strlcpy(lifgr.gi_grname, grname, LIFGRNAMSIZ);
2150 			if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) {
2151 				if (errno == ENOENT)
2152 					continue;
2153 
2154 				Perror2(grname, "SIOCGLIFGROUPINFO");
2155 				goto fail;
2156 			}
2157 
2158 			af = lifgr.gi_v4 ? AF_INET6 : AF_INET;
2159 			if (create_ipmp(grname, af, lifgr.gi_grifname,
2160 			    _B_TRUE) == -1) {
2161 				if (errno == EEXIST)
2162 					continue;
2163 
2164 				Perror2(grname, "cannot configure IPMP group");
2165 				goto fail;
2166 			}
2167 			continue;
2168 
2169 		case EADDRINUSE:
2170 			/*
2171 			 * Some addresses are in-use (or under control of DAD).
2172 			 * Bring them down and retry the group join operation.
2173 			 * We will bring them back up after the interface has
2174 			 * been placed in the group.
2175 			 */
2176 			if (ifaddrlistx(lifrl.lifr_name, IFF_UP|IFF_DUPLICATE,
2177 			    0, &ifaddrs) == -1) {
2178 				Perror2(grname, "cannot get address list");
2179 				goto fail;
2180 			}
2181 
2182 			ifaddrp = ifaddrs;
2183 			for (; ifaddrp != NULL; ifaddrp = nextifaddrp) {
2184 				if (!ifaddr_down(ifaddrp)) {
2185 					ifaddrs = ifaddrp;
2186 					goto fail;
2187 				}
2188 				nextifaddrp = ifaddrp->ia_next;
2189 				ifaddrp->ia_next = downaddrs;
2190 				downaddrs = ifaddrp;
2191 			}
2192 			ifaddrs = NULL;
2193 			continue;
2194 
2195 		case EADDRNOTAVAIL: {
2196 			/*
2197 			 * Some data addresses are under application control.
2198 			 * For some of these (e.g., ADDRCONF), the application
2199 			 * should remove the address, in which case we retry a
2200 			 * few times (since the application's action is not
2201 			 * atomic with respect to us) before bailing out and
2202 			 * informing the user.
2203 			 */
2204 			int ntries, nappaddr = 0;
2205 			const if_appflags_t *iap = if_appflags_tbl;
2206 
2207 			for (; iap->ia_app != NULL; iap++) {
2208 				ntries = 0;
2209 again:
2210 				if (ifaddrlistx(lifrl.lifr_name, iap->ia_flag,
2211 				    IFF_NOFAILOVER, &ifaddrs) == -1) {
2212 					(void) fprintf(stderr, "ifconfig: %s: "
2213 					    "cannot get data addresses managed "
2214 					    "by %s\n", lifrl.lifr_name,
2215 					    iap->ia_app);
2216 					goto fail;
2217 				}
2218 
2219 				if (ifaddrs == NULL)
2220 					continue;
2221 
2222 				ifaddrlistx_free(ifaddrs);
2223 				ifaddrs = NULL;
2224 
2225 				if (++ntries < iap->ia_tries) {
2226 					(void) poll(NULL, 0, 100);
2227 					goto again;
2228 				}
2229 
2230 				(void) fprintf(stderr, "ifconfig: cannot join "
2231 				    "IPMP group: %s has data addresses managed "
2232 				    "by %s\n", lifrl.lifr_name, iap->ia_app);
2233 				nappaddr++;
2234 			}
2235 			if (nappaddr > 0)
2236 				goto fail;
2237 			continue;
2238 		}
2239 		default:
2240 			Perror2(name, "SIOCSLIFGROUPNAME");
2241 			goto fail;
2242 		}
2243 	}
2244 
2245 	/*
2246 	 * If the interface being moved is under the control of `ipmgmtd(1M)'
2247 	 * dameon then we should inform the daemon about this move, so that
2248 	 * the daemon can delete the state associated with this interface.
2249 	 *
2250 	 * This workaround is needed until the IPMP support in ipadm(1M).
2251 	 */
2252 	ipadm_if_move(iph, name);
2253 
2254 	/*
2255 	 * If there were addresses that we had to bring down, it's time to
2256 	 * bring them up again.  As part of bringing them up, the kernel will
2257 	 * automatically move them to the new IPMP interface.
2258 	 */
2259 	for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
2260 		if (!ifaddr_up(ifaddrp) && errno != ENXIO) {
2261 			(void) fprintf(stderr, "ifconfig: cannot bring back up "
2262 			    "%s: %s\n", ifaddrp->ia_name, strerror(errno));
2263 		}
2264 	}
2265 	ifaddrlistx_free(downaddrs);
2266 	return (0);
2267 fail:
2268 	/*
2269 	 * Attempt to bring back up any interfaces that we downed.
2270 	 */
2271 	for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
2272 		if (!ifaddr_up(ifaddrp) && errno != ENXIO) {
2273 			(void) fprintf(stderr, "ifconfig: cannot bring back up "
2274 			    "%s: %s\n", ifaddrp->ia_name, strerror(errno));
2275 		}
2276 	}
2277 	ifaddrlistx_free(downaddrs);
2278 	ifaddrlistx_free(ifaddrs);
2279 
2280 	/*
2281 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2282 	 * into the exit status, so we're forced to explicitly exit().
2283 	 */
2284 	exit(1);
2285 	/* NOTREACHED */
2286 }
2287 
2288 static boolean_t
2289 modcheck(const char *ifname)
2290 {
2291 	(void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2292 
2293 	if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) {
2294 		Perror0("SIOCGLIFFLAGS");
2295 		return (_B_FALSE);
2296 	}
2297 
2298 	if (lifr.lifr_flags & IFF_IPMP) {
2299 		(void) fprintf(stderr, "ifconfig: %s: module operations not"
2300 		    " supported on IPMP interfaces\n", ifname);
2301 		return (_B_FALSE);
2302 	}
2303 	if (lifr.lifr_flags & IFF_VIRTUAL) {
2304 		(void) fprintf(stderr, "ifconfig: %s: module operations not"
2305 		    " supported on virtual IP interfaces\n", ifname);
2306 		return (_B_FALSE);
2307 	}
2308 	return (_B_TRUE);
2309 }
2310 
2311 /*
2312  * To list all the modules above a given network interface.
2313  */
2314 /* ARGSUSED */
2315 static int
2316 modlist(char *null, int64_t param)
2317 {
2318 	int muxid_fd;
2319 	int muxfd;
2320 	int ipfd_lowstr;
2321 	int arpfd_lowstr;
2322 	int num_mods;
2323 	int i;
2324 	struct str_list strlist;
2325 	int orig_arpid;
2326 
2327 	/*
2328 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2329 	 * into the exit status, so we're forced to explicitly exit().
2330 	 */
2331 	if (!modcheck(name))
2332 		exit(1);
2333 
2334 	if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr,
2335 	    &orig_arpid) < 0) {
2336 		return (-1);
2337 	}
2338 	if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) {
2339 		Perror0("cannot I_LIST to get the number of modules");
2340 	} else {
2341 		if (debug > 0) {
2342 			(void) printf("Listing (%d) modules above %s\n",
2343 			    num_mods, name);
2344 		}
2345 
2346 		strlist.sl_nmods = num_mods;
2347 		strlist.sl_modlist = malloc(sizeof (struct str_mlist) *
2348 		    num_mods);
2349 		if (strlist.sl_modlist == NULL) {
2350 			Perror0("cannot malloc");
2351 		} else {
2352 			if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) {
2353 				Perror0("cannot I_LIST for module names");
2354 			} else {
2355 				for (i = 0; i < strlist.sl_nmods; i++) {
2356 					(void) printf("%d %s\n", i,
2357 					    strlist.sl_modlist[i].l_name);
2358 				}
2359 			}
2360 			free(strlist.sl_modlist);
2361 		}
2362 	}
2363 	return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr,
2364 	    orig_arpid));
2365 }
2366 
2367 #define	MODINSERT_OP	'i'
2368 #define	MODREMOVE_OP	'r'
2369 
2370 /*
2371  * To insert a module to the stream of the interface.  It is just a
2372  * wrapper.  The real function is modop().
2373  */
2374 /* ARGSUSED */
2375 static int
2376 modinsert(char *arg, int64_t param)
2377 {
2378 	return (modop(arg, MODINSERT_OP));
2379 }
2380 
2381 /*
2382  * To remove a module from the stream of the interface.  It is just a
2383  * wrapper.  The real function is modop().
2384  */
2385 /* ARGSUSED */
2386 static int
2387 modremove(char *arg, int64_t param)
2388 {
2389 	return (modop(arg, MODREMOVE_OP));
2390 }
2391 
2392 /*
2393  * Helper function for mod*() functions.  It gets a fd to the lower IP
2394  * stream and I_PUNLINK's the lower stream.  It also initializes the
2395  * global variable lifr.
2396  *
2397  * Param:
2398  *	int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2399  *	int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2400  *	int *ipfd_lowstr: fd to the lower IP stream.
2401  *	int *arpfd_lowstr: fd to the lower ARP stream.
2402  *
2403  * Return:
2404  *	-1 if operation fails, 0 otherwise.
2405  *
2406  * Please see the big block comment above ifplumb() for the logic of the
2407  * PLINK/PUNLINK
2408  */
2409 static int
2410 ip_domux2fd(int *muxfd, int *muxid_fd, int *ipfd_lowstr, int *arpfd_lowstr,
2411     int *orig_arpid)
2412 {
2413 	uint64_t	flags;
2414 	char		*udp_dev_name;
2415 
2416 	*orig_arpid = 0;
2417 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2418 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2419 		Perror0_exit("status: SIOCGLIFFLAGS");
2420 	}
2421 	flags = lifr.lifr_flags;
2422 	if (flags & IFF_IPV4) {
2423 		udp_dev_name = UDP_DEV_NAME;
2424 	} else if (flags & IFF_IPV6) {
2425 		udp_dev_name = UDP6_DEV_NAME;
2426 	} else {
2427 		return (-1);
2428 	}
2429 
2430 	if ((*muxid_fd = open(udp_dev_name, O_RDWR)) < 0) {
2431 		Perror2("open", udp_dev_name);
2432 		return (-1);
2433 	}
2434 	if (ioctl(*muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
2435 		Perror2("SIOCGLIFMUXID", udp_dev_name);
2436 		return (-1);
2437 	}
2438 	if (debug > 0) {
2439 		(void) printf("ARP_muxid %d IP_muxid %d\n",
2440 		    lifr.lifr_arp_muxid, lifr.lifr_ip_muxid);
2441 	}
2442 
2443 	/*
2444 	 * Use /dev/udp{,6} as the mux to avoid linkcycles.
2445 	 */
2446 	if (ipadm_open_arp_on_udp(udp_dev_name, muxfd) != IPADM_SUCCESS)
2447 		return (-1);
2448 
2449 	if (lifr.lifr_arp_muxid != 0) {
2450 		if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2451 		    lifr.lifr_arp_muxid)) < 0) {
2452 			if ((errno == EINVAL) &&
2453 			    (flags & (IFF_NOARP | IFF_IPV6))) {
2454 				/*
2455 				 * Some plumbing utilities set the muxid to
2456 				 * -1 or some invalid value to signify that
2457 				 * there is no arp stream. Set the muxid to 0
2458 				 * before trying to unplumb the IP stream.
2459 				 * IP does not allow the IP stream to be
2460 				 * unplumbed if it sees a non-null arp muxid,
2461 				 * for consistency of IP-ARP streams.
2462 				 */
2463 				*orig_arpid = lifr.lifr_arp_muxid;
2464 				lifr.lifr_arp_muxid = 0;
2465 				(void) ioctl(*muxid_fd, SIOCSLIFMUXID,
2466 				    (caddr_t)&lifr);
2467 				*arpfd_lowstr = -1;
2468 			} else {
2469 				Perror0("_I_MUXID2FD");
2470 				return (-1);
2471 			}
2472 		} else if (ioctl(*muxfd, I_PUNLINK,
2473 		    lifr.lifr_arp_muxid) < 0) {
2474 			Perror2("I_PUNLINK", udp_dev_name);
2475 			return (-1);
2476 		}
2477 	} else {
2478 		*arpfd_lowstr = -1;
2479 	}
2480 
2481 	if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2482 	    lifr.lifr_ip_muxid)) < 0) {
2483 		Perror0("_I_MUXID2FD");
2484 		/* Undo any changes we made */
2485 		if (*orig_arpid != 0) {
2486 			lifr.lifr_arp_muxid = *orig_arpid;
2487 			(void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2488 		}
2489 		return (-1);
2490 	}
2491 	if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) {
2492 		Perror2("I_PUNLINK", udp_dev_name);
2493 		/* Undo any changes we made */
2494 		if (*orig_arpid != 0) {
2495 			lifr.lifr_arp_muxid = *orig_arpid;
2496 			(void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2497 		}
2498 		return (-1);
2499 	}
2500 	return (0);
2501 }
2502 
2503 /*
2504  * Helper function for mod*() functions.  It I_PLINK's back the upper and
2505  * lower IP streams.  Note that this function must be called after
2506  * ip_domux2fd().  In ip_domux2fd(), the global variable lifr is initialized
2507  * and ip_plink() needs information in lifr.  So ip_domux2fd() and ip_plink()
2508  * must be called in pairs.
2509  *
2510  * Param:
2511  *	int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2512  *	int muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2513  *	int ipfd_lowstr: fd to the lower IP stream.
2514  *	int arpfd_lowstr: fd to the lower ARP stream.
2515  *
2516  * Return:
2517  *	-1 if operation fails, 0 otherwise.
2518  *
2519  * Please see the big block comment above ifplumb() for the logic of the
2520  * PLINK/PUNLINK
2521  */
2522 static int
2523 ip_plink(int muxfd, int muxid_fd, int ipfd_lowstr, int arpfd_lowstr,
2524     int orig_arpid)
2525 {
2526 	int ip_muxid;
2527 
2528 	ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr);
2529 	if (ip_muxid < 0) {
2530 		Perror2("I_PLINK", UDP_DEV_NAME);
2531 		return (-1);
2532 	}
2533 
2534 	/*
2535 	 * If there is an arp stream, plink it. If there is no
2536 	 * arp stream, then it is possible that the plumbing
2537 	 * utility could have stored any value in the arp_muxid.
2538 	 * If so, restore it from orig_arpid.
2539 	 */
2540 	if (arpfd_lowstr != -1) {
2541 		if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) {
2542 			Perror2("I_PLINK", UDP_DEV_NAME);
2543 			return (-1);
2544 		}
2545 	} else if (orig_arpid != 0) {
2546 		/* Undo the changes we did in ip_domux2fd */
2547 		lifr.lifr_arp_muxid = orig_arpid;
2548 		lifr.lifr_ip_muxid = ip_muxid;
2549 		(void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2550 	}
2551 
2552 	(void) close(muxfd);
2553 	(void) close(muxid_fd);
2554 	return (0);
2555 }
2556 
2557 /*
2558  * The real function to perform module insertion/removal.
2559  *
2560  * Param:
2561  *	char *arg: the argument string module_name@position
2562  *	char op: operation, either MODINSERT_OP or MODREMOVE_OP.
2563  *
2564  * Return:
2565  *	Before doing ip_domux2fd(), this function calls exit(1) in case of
2566  *	error.  After ip_domux2fd() is done, it returns -1 for error, 0
2567  *	otherwise.
2568  */
2569 static int
2570 modop(char *arg, char op)
2571 {
2572 	char *pos_p;
2573 	int muxfd;
2574 	int muxid_fd;
2575 	int ipfd_lowstr;  /* IP stream (lower stream of mux) to be plinked */
2576 	int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */
2577 	struct strmodconf mod;
2578 	char *at_char = "@";
2579 	char *arg_str;
2580 	int orig_arpid;
2581 
2582 	/*
2583 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2584 	 * into the exit status, so we're forced to explicitly exit().
2585 	 */
2586 	if (!modcheck(name))
2587 		exit(1);
2588 
2589 	/* Need to save the original string for -a option. */
2590 	if ((arg_str = malloc(strlen(arg) + 1)) == NULL) {
2591 		Perror0("cannot malloc");
2592 		return (-1);
2593 	}
2594 	(void) strcpy(arg_str, arg);
2595 
2596 	if (*arg_str == *at_char) {
2597 		(void) fprintf(stderr,
2598 		    "ifconfig: must supply a module name\n");
2599 		exit(1);
2600 	}
2601 	mod.mod_name = strtok(arg_str, at_char);
2602 	if (strlen(mod.mod_name) > FMNAMESZ) {
2603 		(void) fprintf(stderr, "ifconfig: module name too long: %s\n",
2604 		    mod.mod_name);
2605 		exit(1);
2606 	}
2607 
2608 	/*
2609 	 * Need to make sure that the core TCP/IP stack modules are not
2610 	 * removed.  Otherwise, "bad" things can happen.  If a module
2611 	 * is removed and inserted back, it loses its old state.  But
2612 	 * the modules above it still have the old state.  E.g. IP assumes
2613 	 * fast data path while tunnel after re-inserted assumes that it can
2614 	 * receive M_DATA only in fast data path for which it does not have
2615 	 * any state.  This is a general caveat of _I_REMOVE/_I_INSERT.
2616 	 */
2617 	if (op == MODREMOVE_OP &&
2618 	    (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 ||
2619 	    strcmp(mod.mod_name, IP_MOD_NAME) == 0)) {
2620 		(void) fprintf(stderr, "ifconfig: cannot remove %s\n",
2621 		    mod.mod_name);
2622 		exit(1);
2623 	}
2624 
2625 	if ((pos_p = strtok(NULL, at_char)) == NULL) {
2626 		(void) fprintf(stderr, "ifconfig: must supply a position\n");
2627 		exit(1);
2628 	}
2629 	mod.pos = atoi(pos_p);
2630 
2631 	if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr,
2632 	    &orig_arpid) < 0) {
2633 		free(arg_str);
2634 		return (-1);
2635 	}
2636 	switch (op) {
2637 	case MODINSERT_OP:
2638 		if (debug > 0) {
2639 			(void) printf("Inserting module %s at %d\n",
2640 			    mod.mod_name, mod.pos);
2641 		}
2642 		if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) {
2643 			Perror2("fail to insert module", mod.mod_name);
2644 		}
2645 		break;
2646 	case MODREMOVE_OP:
2647 		if (debug > 0) {
2648 			(void) printf("Removing module %s at %d\n",
2649 			    mod.mod_name, mod.pos);
2650 		}
2651 		if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) {
2652 			Perror2("fail to remove module", mod.mod_name);
2653 		}
2654 		break;
2655 	default:
2656 		/* Should never get to here. */
2657 		(void) fprintf(stderr, "Unknown operation\n");
2658 		break;
2659 	}
2660 	free(arg_str);
2661 	return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr,
2662 	    orig_arpid));
2663 }
2664 
2665 static int
2666 modify_tun(iptun_params_t *params)
2667 {
2668 	dladm_status_t status;
2669 
2670 	if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN,
2671 	    &params->iptun_param_linkid)) == DLADM_STATUS_OK)
2672 		status = dladm_iptun_modify(dlh, params, DLADM_OPT_ACTIVE);
2673 	if (status != DLADM_STATUS_OK)
2674 		dladmerr_exit(status, name);
2675 	return (0);
2676 }
2677 
2678 /*
2679  * Set tunnel source address
2680  */
2681 /* ARGSUSED */
2682 static int
2683 setiftsrc(char *addr, int64_t param)
2684 {
2685 	iptun_params_t params;
2686 
2687 	params.iptun_param_flags = IPTUN_PARAM_LADDR;
2688 	(void) strlcpy(params.iptun_param_laddr, addr,
2689 	    sizeof (params.iptun_param_laddr));
2690 	return (modify_tun(&params));
2691 }
2692 
2693 /*
2694  * Set tunnel destination address
2695  */
2696 /* ARGSUSED */
2697 static int
2698 setiftdst(char *addr, int64_t param)
2699 {
2700 	iptun_params_t params;
2701 
2702 	params.iptun_param_flags = IPTUN_PARAM_RADDR;
2703 	(void) strlcpy(params.iptun_param_raddr, addr,
2704 	    sizeof (params.iptun_param_raddr));
2705 	return (modify_tun(&params));
2706 }
2707 
2708 static int
2709 set_tun_prop(const char *propname, char *value)
2710 {
2711 	dladm_status_t	status;
2712 	datalink_id_t	linkid;
2713 
2714 	status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid);
2715 	if (status == DLADM_STATUS_OK) {
2716 		status = dladm_set_linkprop(dlh, linkid, propname, &value, 1,
2717 		    DLADM_OPT_ACTIVE);
2718 	}
2719 	if (status != DLADM_STATUS_OK)
2720 		dladmerr_exit(status, name);
2721 	return (0);
2722 }
2723 
2724 /* Set tunnel encapsulation limit. */
2725 /* ARGSUSED */
2726 static int
2727 set_tun_encap_limit(char *arg, int64_t param)
2728 {
2729 	return (set_tun_prop("encaplimit", arg));
2730 }
2731 
2732 /* Disable encapsulation limit. */
2733 /* ARGSUSED */
2734 static int
2735 clr_tun_encap_limit(char *arg, int64_t param)
2736 {
2737 	return (set_tun_encap_limit("-1", 0));
2738 }
2739 
2740 /* Set tunnel hop limit. */
2741 /* ARGSUSED */
2742 static int
2743 set_tun_hop_limit(char *arg, int64_t param)
2744 {
2745 	return (set_tun_prop("hoplimit", arg));
2746 }
2747 
2748 /* Set zone ID */
2749 static int
2750 setzone(char *arg, int64_t param)
2751 {
2752 	zoneid_t zoneid = GLOBAL_ZONEID;
2753 
2754 	if (param == NEXTARG) {
2755 		/* zone must be active */
2756 		if ((zoneid = getzoneidbyname(arg)) == -1) {
2757 			(void) fprintf(stderr,
2758 			    "ifconfig: unknown zone '%s'\n", arg);
2759 			exit(1);
2760 		}
2761 	}
2762 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2763 	lifr.lifr_zoneid = zoneid;
2764 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2765 		Perror0_exit("SIOCSLIFZONE");
2766 	return (0);
2767 }
2768 
2769 /* Put interface into all zones */
2770 /* ARGSUSED */
2771 static int
2772 setallzones(char *arg, int64_t param)
2773 {
2774 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2775 	lifr.lifr_zoneid = ALL_ZONES;
2776 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2777 		Perror0_exit("SIOCSLIFZONE");
2778 	return (0);
2779 }
2780 
2781 /* Set source address to use */
2782 /* ARGSUSED */
2783 static int
2784 setifsrc(char *arg, int64_t param)
2785 {
2786 	uint_t ifindex = 0;
2787 	int rval;
2788 
2789 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2790 
2791 	/*
2792 	 * Argument can be either an interface name or "none". The latter means
2793 	 * that any previous selection is cleared.
2794 	 */
2795 
2796 	if (strchr(arg, ':') != NULL) {
2797 		(void) fprintf(stderr,
2798 		    "ifconfig: Cannot specify logical interface for usesrc \n");
2799 		exit(1);
2800 	}
2801 
2802 	rval = strcmp(arg, NONE_STR);
2803 	if (rval != 0) {
2804 		if ((ifindex = if_nametoindex(arg)) == 0) {
2805 			(void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ);
2806 			Perror0_exit("Could not get interface index");
2807 		}
2808 		lifr.lifr_index = ifindex;
2809 	} else {
2810 		if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0)
2811 			Perror0_exit("Not a valid usesrc consumer");
2812 		lifr.lifr_index = 0;
2813 	}
2814 
2815 	if (debug)
2816 		(void) printf("setifsrc: lifr_name %s, lifr_index %d\n",
2817 		    lifr.lifr_name, lifr.lifr_index);
2818 
2819 	if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) {
2820 		if (rval == 0)
2821 			Perror0_exit("Cannot reset usesrc group");
2822 		else
2823 			Perror0_exit("Could not set source interface");
2824 	}
2825 
2826 	return (0);
2827 }
2828 
2829 /*
2830  * Print the interface status line associated with `ifname'
2831  */
2832 static void
2833 ifstatus(const char *ifname)
2834 {
2835 	uint64_t flags;
2836 	char if_usesrc_name[LIFNAMSIZ];
2837 	char *newbuf;
2838 	int n, numifs, rval = 0;
2839 	struct lifreq *lifrp;
2840 	struct lifsrcof lifs;
2841 
2842 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2843 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2844 		Perror0_exit("status: SIOCGLIFFLAGS");
2845 	}
2846 	flags = lifr.lifr_flags;
2847 
2848 	/*
2849 	 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or
2850 	 * interfaces with IFF_IPV6 set.
2851 	 */
2852 	if (v4compat) {
2853 		flags &= ~IFF_IPV4;
2854 		if (flags & IFF_IPV6)
2855 			return;
2856 	}
2857 
2858 	(void) printf("%s: ", ifname);
2859 	print_flags(flags);
2860 
2861 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2862 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
2863 		Perror0_exit("status: SIOCGLIFMETRIC");
2864 	} else {
2865 		if (lifr.lifr_metric)
2866 			(void) printf(" metric %d", lifr.lifr_metric);
2867 	}
2868 	if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
2869 		(void) printf(" mtu %u", lifr.lifr_mtu);
2870 
2871 	/* don't print index or zone when in compatibility mode */
2872 	if (!v4compat) {
2873 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
2874 			(void) printf(" index %d", lifr.lifr_index);
2875 		/*
2876 		 * Stack instances use GLOBAL_ZONEID for IP data structures
2877 		 * even in the non-global zone.
2878 		 */
2879 		if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 &&
2880 		    lifr.lifr_zoneid != getzoneid() &&
2881 		    lifr.lifr_zoneid != GLOBAL_ZONEID) {
2882 			char zone_name[ZONENAME_MAX];
2883 
2884 			if (lifr.lifr_zoneid == ALL_ZONES) {
2885 				(void) printf("\n\tall-zones");
2886 			} else if (getzonenamebyid(lifr.lifr_zoneid, zone_name,
2887 			    sizeof (zone_name)) < 0) {
2888 				(void) printf("\n\tzone %d", lifr.lifr_zoneid);
2889 			} else {
2890 				(void) printf("\n\tzone %s", zone_name);
2891 			}
2892 		}
2893 	}
2894 
2895 	if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) {
2896 		lifs.lifs_ifindex = lifr.lifr_index;
2897 
2898 		/*
2899 		 * Find the number of interfaces that use this interfaces'
2900 		 * address as a source address
2901 		 */
2902 		lifs.lifs_buf = NULL;
2903 		lifs.lifs_maxlen = 0;
2904 		for (;;) {
2905 			/* The first pass will give the bufsize we need */
2906 			rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs);
2907 			if (rval < 0) {
2908 				if (lifs.lifs_buf != NULL) {
2909 					free(lifs.lifs_buf);
2910 					lifs.lifs_buf = NULL;
2911 				}
2912 				lifs.lifs_len = 0;
2913 				break;
2914 			}
2915 			if (lifs.lifs_len <= lifs.lifs_maxlen)
2916 				break;
2917 			/* Use kernel's size + a small margin to avoid loops */
2918 			lifs.lifs_maxlen = lifs.lifs_len +
2919 			    5 * sizeof (struct lifreq);
2920 			/* For the first pass, realloc acts like malloc */
2921 			newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen);
2922 			if (newbuf == NULL) {
2923 				if (lifs.lifs_buf != NULL) {
2924 					free(lifs.lifs_buf);
2925 					lifs.lifs_buf = NULL;
2926 				}
2927 				lifs.lifs_len = 0;
2928 				break;
2929 			}
2930 			lifs.lifs_buf = newbuf;
2931 		}
2932 
2933 
2934 		numifs = lifs.lifs_len / sizeof (struct lifreq);
2935 		if (numifs > 0) {
2936 			lifrp = lifs.lifs_req;
2937 			(void) printf("\n\tsrcof");
2938 			for (n = numifs; n > 0; n--, lifrp++) {
2939 				(void) printf(" %s", lifrp->lifr_name);
2940 			}
2941 		}
2942 
2943 		if (lifs.lifs_buf != NULL)
2944 			free(lifs.lifs_buf);
2945 	}
2946 
2947 	/* Find the interface whose source address this interface uses */
2948 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
2949 		if (lifr.lifr_index != 0) {
2950 			if (if_indextoname(lifr.lifr_index,
2951 			    if_usesrc_name) == NULL) {
2952 				(void) printf("\n\tusesrc ifIndex %d",
2953 				    lifr.lifr_index);
2954 			} else {
2955 				(void) printf("\n\tusesrc %s", if_usesrc_name);
2956 			}
2957 		}
2958 	}
2959 
2960 	(void) putchar('\n');
2961 }
2962 
2963 /*
2964  * Print the status of the interface.  If an address family was
2965  * specified, show it and it only; otherwise, show them all.
2966  */
2967 static void
2968 status(void)
2969 {
2970 	struct afswtch	*p = afp;
2971 	uint64_t	flags;
2972 	datalink_id_t	linkid;
2973 
2974 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2975 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2976 		Perror0_exit("status: SIOCGLIFFLAGS");
2977 	}
2978 
2979 	flags = lifr.lifr_flags;
2980 
2981 	/*
2982 	 * Only print the interface status if the address family matches
2983 	 * the interface family flag.
2984 	 */
2985 	if (p != NULL) {
2986 		if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) ||
2987 		    ((p->af_af == AF_INET) && (flags & IFF_IPV6)))
2988 			return;
2989 	}
2990 
2991 	/*
2992 	 * In V4 compatibility mode, don't print IFF_IPV6 interfaces.
2993 	 */
2994 	if (v4compat && (flags & IFF_IPV6))
2995 		return;
2996 
2997 	ifstatus(name);
2998 
2999 	if (ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid) ==
3000 	    DLADM_STATUS_OK)
3001 		tun_status(linkid);
3002 
3003 	if (p != NULL) {
3004 		(*p->af_status)(1, flags);
3005 	} else {
3006 		for (p = afs; p->af_name; p++) {
3007 			/* set global af for use in p->af_status */
3008 			af = p->af_af;
3009 			(*p->af_status)(0, flags);
3010 		}
3011 
3012 		/*
3013 		 * Historically, 'ether' has been an address family,
3014 		 * so print it here.
3015 		 */
3016 		print_ifether(name);
3017 	}
3018 }
3019 
3020 /*
3021  * Print the status of the interface in a format that can be used to
3022  * reconfigure the interface later. Code stolen from status() above.
3023  */
3024 /* ARGSUSED */
3025 static int
3026 configinfo(char *null, int64_t param)
3027 {
3028 	char *cp;
3029 	struct afswtch *p = afp;
3030 	uint64_t flags;
3031 	char lifname[LIFNAMSIZ];
3032 	char if_usesrc_name[LIFNAMSIZ];
3033 
3034 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3035 
3036 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
3037 		Perror0_exit("status: SIOCGLIFFLAGS");
3038 	}
3039 	flags = lifr.lifr_flags;
3040 
3041 	if (debug) {
3042 		(void) printf("configinfo: name %s flags  0x%llx af_af %d\n",
3043 		    name, flags, p != NULL ? p->af_af : -1);
3044 	}
3045 
3046 	/*
3047 	 * Build the interface name to print (we cannot directly use `name'
3048 	 * because one cannot "plumb" ":0" interfaces).
3049 	 */
3050 	(void) strlcpy(lifname, name, LIFNAMSIZ);
3051 	if ((cp = strchr(lifname, ':')) != NULL && atoi(cp + 1) == 0)
3052 		*cp = '\0';
3053 
3054 	/*
3055 	 * if the interface is IPv4
3056 	 *	if we have a IPv6 address family restriction return
3057 	 *		so it won't print
3058 	 *	if we are in IPv4 compatibility mode, clear out IFF_IPV4
3059 	 *		so we don't print it.
3060 	 */
3061 	if (flags & IFF_IPV4) {
3062 		if (p && p->af_af == AF_INET6)
3063 			return (-1);
3064 		if (v4compat)
3065 			flags &= ~IFF_IPV4;
3066 
3067 		(void) printf("%s inet plumb", lifname);
3068 	} else if (flags & IFF_IPV6) {
3069 		/*
3070 		 * else if the interface is IPv6
3071 		 *	if we have a IPv4 address family restriction return
3072 		 *	or we are in IPv4 compatibiltiy mode, return.
3073 		 */
3074 		if (p && p->af_af == AF_INET)
3075 			return (-1);
3076 		if (v4compat)
3077 			return (-1);
3078 
3079 		(void) printf("%s inet6 plumb", lifname);
3080 	}
3081 
3082 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3083 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
3084 		Perror0_exit("configinfo: SIOCGLIFMETRIC");
3085 	} else {
3086 		if (lifr.lifr_metric)
3087 			(void) printf(" metric %d ", lifr.lifr_metric);
3088 	}
3089 	if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) &&
3090 	    ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
3091 		(void) printf(" mtu %u", lifr.lifr_mtu);
3092 
3093 	/* Index only applies to the zeroth interface */
3094 	if (lifnum(name) == 0) {
3095 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
3096 			(void) printf(" index %d", lifr.lifr_index);
3097 	}
3098 
3099 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
3100 		if (lifr.lifr_index != 0) {
3101 			if (if_indextoname(lifr.lifr_index,
3102 			    if_usesrc_name) != NULL) {
3103 				(void) printf(" usesrc %s", if_usesrc_name);
3104 			}
3105 		}
3106 	}
3107 
3108 	if (p != NULL) {
3109 		(*p->af_configinfo)(1, flags);
3110 	} else {
3111 		for (p = afs; p->af_name; p++) {
3112 			(void) close(s);
3113 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
3114 			/* set global af for use in p->af_configinfo */
3115 			af = p->af_af;
3116 			if (s == -1) {
3117 				Perror0_exit("socket");
3118 			}
3119 			(*p->af_configinfo)(0, flags);
3120 		}
3121 	}
3122 
3123 	(void) putchar('\n');
3124 	return (0);
3125 }
3126 
3127 static void
3128 print_tsec(iptun_params_t *params)
3129 {
3130 	ipsec_req_t *ipsr;
3131 
3132 	(void) printf("\ttunnel security settings  ");
3133 	if (!(params->iptun_param_flags & IPTUN_PARAM_SECINFO)) {
3134 		(void) printf("-->  use 'ipsecconf -ln -i %s'", name);
3135 	} else {
3136 		ipsr = &params->iptun_param_secinfo;
3137 		if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) {
3138 			(void) printf("ah (%s)  ",
3139 			    rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH));
3140 		}
3141 		if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) {
3142 			(void) printf("esp (%s",
3143 			    rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP));
3144 			(void) printf("/%s)",
3145 			    rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH));
3146 		}
3147 	}
3148 	(void) printf("\n");
3149 }
3150 
3151 static void
3152 tun_status(datalink_id_t linkid)
3153 {
3154 	iptun_params_t	params;
3155 	char		propval[DLADM_PROP_VAL_MAX];
3156 	char		*valptr[1];
3157 	uint_t		valcnt = 1;
3158 	boolean_t	tabbed = _B_FALSE;
3159 
3160 	params.iptun_param_linkid = linkid;
3161 
3162 	/* If dladm_iptun_getparams() fails, assume we are not a tunnel. */
3163 	assert(dlh_opened);
3164 	if (dladm_iptun_getparams(dlh, &params, DLADM_OPT_ACTIVE) !=
3165 	    DLADM_STATUS_OK)
3166 		return;
3167 
3168 	switch (params.iptun_param_type) {
3169 	case IPTUN_TYPE_IPV4:
3170 	case IPTUN_TYPE_6TO4:
3171 		(void) printf("\tinet");
3172 		break;
3173 	case IPTUN_TYPE_IPV6:
3174 		(void) printf("\tinet6");
3175 		break;
3176 	default:
3177 		dladmerr_exit(DLADM_STATUS_IPTUNTYPE, name);
3178 		break;
3179 	}
3180 
3181 	/*
3182 	 * There is always a source address.  If it hasn't been explicitly
3183 	 * set, the API will pass back a buffer containing the unspecified
3184 	 * address.
3185 	 */
3186 	(void) printf(" tunnel src %s ", params.iptun_param_laddr);
3187 
3188 	if (params.iptun_param_flags & IPTUN_PARAM_RADDR)
3189 		(void) printf("tunnel dst %s\n", params.iptun_param_raddr);
3190 	else
3191 		(void) putchar('\n');
3192 
3193 	if (params.iptun_param_flags & IPTUN_PARAM_IPSECPOL)
3194 		print_tsec(&params);
3195 
3196 	valptr[0] = propval;
3197 	if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT, "hoplimit",
3198 	    (char **)valptr, &valcnt) == DLADM_STATUS_OK) {
3199 		(void) printf("\ttunnel hop limit %s ", propval);
3200 		tabbed = _B_TRUE;
3201 	}
3202 
3203 	if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT,
3204 	    "encaplimit", (char **)valptr, &valcnt) == DLADM_STATUS_OK) {
3205 		uint32_t elim;
3206 
3207 		if (!tabbed) {
3208 			(void) putchar('\t');
3209 			tabbed = _B_TRUE;
3210 		}
3211 		elim = strtol(propval, NULL, 10);
3212 		if (elim > 0)
3213 			(void) printf("tunnel encapsulation limit %s", propval);
3214 		else
3215 			(void) printf("tunnel encapsulation limit disabled");
3216 	}
3217 
3218 	if (tabbed)
3219 		(void) putchar('\n');
3220 }
3221 
3222 static void
3223 in_status(int force, uint64_t flags)
3224 {
3225 	struct sockaddr_in	*sin, *laddr;
3226 	struct sockaddr_in	netmask = { AF_INET };
3227 
3228 	if (debug)
3229 		(void) printf("in_status(%s) flags 0x%llx\n", name, flags);
3230 
3231 	/* only print status for IPv4 interfaces */
3232 	if (!(flags & IFF_IPV4))
3233 		return;
3234 
3235 	if (!(flags & IFF_NOLOCAL)) {
3236 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3237 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3238 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3239 			    errno == ENXIO) {
3240 				if (!force)
3241 					return;
3242 				(void) memset(&lifr.lifr_addr, 0,
3243 				    sizeof (lifr.lifr_addr));
3244 			} else
3245 				Perror0_exit("in_status: SIOCGLIFADDR");
3246 		}
3247 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3248 		(void) printf("\tinet %s ", inet_ntoa(sin->sin_addr));
3249 		laddr = sin;
3250 	} else {
3251 		(void) printf("\tinet ");
3252 	}
3253 
3254 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3255 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3256 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3257 		    errno == ENXIO) {
3258 			if (!force)
3259 				return;
3260 			(void) memset(&lifr.lifr_addr, 0,
3261 			    sizeof (lifr.lifr_addr));
3262 		} else {
3263 			Perror0_exit("in_status: SIOCGLIFSUBNET");
3264 		}
3265 	}
3266 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3267 	if ((flags & IFF_NOLOCAL) ||
3268 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3269 		(void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr),
3270 		    lifr.lifr_addrlen);
3271 	}
3272 	if (sin->sin_family != AF_INET) {
3273 		(void) printf("Wrong family: %d\n", sin->sin_family);
3274 	}
3275 
3276 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3277 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3278 		if (errno != EADDRNOTAVAIL)
3279 			Perror0_exit("in_status: SIOCGLIFNETMASK");
3280 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3281 	} else
3282 		netmask.sin_addr =
3283 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3284 	if (flags & IFF_POINTOPOINT) {
3285 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3286 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3287 			if (errno == EADDRNOTAVAIL)
3288 				(void) memset(&lifr.lifr_addr, 0,
3289 				    sizeof (lifr.lifr_addr));
3290 			else
3291 				Perror0_exit("in_status: SIOCGLIFDSTADDR");
3292 		}
3293 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3294 		(void) printf("--> %s ", inet_ntoa(sin->sin_addr));
3295 	}
3296 	(void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr));
3297 	if (flags & IFF_BROADCAST) {
3298 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3299 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3300 			if (errno == EADDRNOTAVAIL)
3301 				(void) memset(&lifr.lifr_addr, 0,
3302 				    sizeof (lifr.lifr_addr));
3303 			else
3304 				Perror0_exit("in_status: SIOCGLIFBRDADDR");
3305 		}
3306 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3307 		if (sin->sin_addr.s_addr != 0) {
3308 			(void) printf("broadcast %s",
3309 			    inet_ntoa(sin->sin_addr));
3310 		}
3311 	}
3312 	/* If there is a groupname, print it for only the physical interface */
3313 	if (strchr(name, ':') == NULL) {
3314 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3315 		    lifr.lifr_groupname[0] != '\0') {
3316 			(void) printf("\n\tgroupname %s", lifr.lifr_groupname);
3317 		}
3318 	}
3319 	(void) putchar('\n');
3320 }
3321 
3322 static void
3323 in6_status(int force, uint64_t flags)
3324 {
3325 	char			abuf[INET6_ADDRSTRLEN];
3326 	struct sockaddr_in6	*sin6, *laddr6;
3327 
3328 	if (debug)
3329 		(void) printf("in6_status(%s) flags 0x%llx\n", name, flags);
3330 
3331 	if (!(flags & IFF_IPV6))
3332 		return;
3333 
3334 	if (!(flags & IFF_NOLOCAL)) {
3335 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3336 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3337 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3338 			    errno == ENXIO) {
3339 				if (!force)
3340 					return;
3341 				(void) memset(&lifr.lifr_addr, 0,
3342 				    sizeof (lifr.lifr_addr));
3343 			} else
3344 				Perror0_exit("in_status6: SIOCGLIFADDR");
3345 		}
3346 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3347 		(void) printf("\tinet6 %s/%d ",
3348 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3349 		    abuf, sizeof (abuf)),
3350 		    lifr.lifr_addrlen);
3351 		laddr6 = sin6;
3352 	} else {
3353 		(void) printf("\tinet6 ");
3354 	}
3355 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3356 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3357 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3358 		    errno == ENXIO) {
3359 			if (!force)
3360 				return;
3361 			(void) memset(&lifr.lifr_addr, 0,
3362 			    sizeof (lifr.lifr_addr));
3363 		} else
3364 			Perror0_exit("in_status6: SIOCGLIFSUBNET");
3365 	}
3366 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3367 	if ((flags & IFF_NOLOCAL) ||
3368 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3369 		(void) printf("subnet %s/%d ",
3370 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3371 		    abuf, sizeof (abuf)),
3372 		    lifr.lifr_addrlen);
3373 	}
3374 	if (sin6->sin6_family != AF_INET6) {
3375 		(void) printf("Wrong family: %d\n", sin6->sin6_family);
3376 	}
3377 	if (flags & IFF_POINTOPOINT) {
3378 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3379 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3380 			if (errno == EADDRNOTAVAIL)
3381 				(void) memset(&lifr.lifr_addr, 0,
3382 				    sizeof (lifr.lifr_addr));
3383 			else
3384 				Perror0_exit("in_status6: SIOCGLIFDSTADDR");
3385 		}
3386 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3387 		(void) printf("--> %s ",
3388 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3389 		    abuf, sizeof (abuf)));
3390 	}
3391 	if (verbose) {
3392 		(void) putchar('\n');
3393 		(void) putchar('\t');
3394 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3395 		if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3396 			if (errno == EADDRNOTAVAIL || errno == EINVAL)
3397 				(void) memset(&lifr.lifr_addr, 0,
3398 				    sizeof (lifr.lifr_addr));
3399 			else
3400 				Perror0_exit("in_status6: SIOCGLIFTOKEN");
3401 		} else {
3402 			sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3403 			(void) printf("token %s/%d ",
3404 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3405 			    abuf, sizeof (abuf)),
3406 			    lifr.lifr_addrlen);
3407 		}
3408 		if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) {
3409 			if (errno != EINVAL) {
3410 				Perror0_exit("in_status6: SIOCGLIFLNKINFO");
3411 			}
3412 		} else {
3413 			(void) printf("maxhops %u, reachtime %u ms, "
3414 			    "reachretrans %u ms, maxmtu %u ",
3415 			    lifr.lifr_ifinfo.lir_maxhops,
3416 			    lifr.lifr_ifinfo.lir_reachtime,
3417 			    lifr.lifr_ifinfo.lir_reachretrans,
3418 			    lifr.lifr_ifinfo.lir_maxmtu);
3419 		}
3420 	}
3421 	/* If there is a groupname, print it for only the physical interface */
3422 	if (strchr(name, ':') == NULL) {
3423 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3424 		    lifr.lifr_groupname[0] != '\0') {
3425 			(void) printf("\n\tgroupname %s", lifr.lifr_groupname);
3426 		}
3427 	}
3428 	(void) putchar('\n');
3429 }
3430 
3431 static void
3432 in_configinfo(int force, uint64_t flags)
3433 {
3434 	struct sockaddr_in *sin, *laddr;
3435 	struct	sockaddr_in netmask = { AF_INET };
3436 
3437 	if (debug)
3438 		(void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags);
3439 
3440 	/* only configinfo info for IPv4 interfaces */
3441 	if (!(flags & IFF_IPV4))
3442 		return;
3443 
3444 	if (!(flags & IFF_NOLOCAL)) {
3445 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3446 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3447 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3448 			    errno == ENXIO) {
3449 				if (!force)
3450 					return;
3451 				(void) memset(&lifr.lifr_addr, 0,
3452 				    sizeof (lifr.lifr_addr));
3453 			} else
3454 				Perror0_exit("in_configinfo: SIOCGLIFADDR");
3455 		}
3456 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3457 		(void) printf(" set %s ", inet_ntoa(sin->sin_addr));
3458 		laddr = sin;
3459 	}
3460 
3461 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3462 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3463 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3464 		    errno == ENXIO) {
3465 			if (!force)
3466 				return;
3467 			(void) memset(&lifr.lifr_addr, 0,
3468 			    sizeof (lifr.lifr_addr));
3469 		} else {
3470 			Perror0_exit("in_configinfo: SIOCGLIFSUBNET");
3471 		}
3472 	}
3473 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3474 
3475 	if ((flags & IFF_NOLOCAL) ||
3476 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3477 		(void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr),
3478 		    lifr.lifr_addrlen);
3479 	}
3480 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3481 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3482 		if (errno != EADDRNOTAVAIL)
3483 			Perror0_exit("in_configinfo: SIOCGLIFNETMASK");
3484 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3485 	} else
3486 		netmask.sin_addr =
3487 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3488 	if (flags & IFF_POINTOPOINT) {
3489 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3490 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3491 			if (errno == EADDRNOTAVAIL)
3492 				(void) memset(&lifr.lifr_addr, 0,
3493 				    sizeof (lifr.lifr_addr));
3494 			else
3495 				Perror0_exit("in_configinfo: SIOCGLIFDSTADDR");
3496 		}
3497 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3498 		(void) printf(" destination %s ", inet_ntoa(sin->sin_addr));
3499 	}
3500 	(void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr));
3501 	if (flags & IFF_BROADCAST) {
3502 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3503 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3504 			if (errno == EADDRNOTAVAIL)
3505 				(void) memset(&lifr.lifr_addr, 0,
3506 				    sizeof (lifr.lifr_addr));
3507 			else
3508 				Perror0_exit("in_configinfo: SIOCGLIFBRDADDR");
3509 		}
3510 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3511 		if (sin->sin_addr.s_addr != 0) {
3512 			(void) printf(" broadcast %s ",
3513 			    inet_ntoa(sin->sin_addr));
3514 		}
3515 	}
3516 
3517 	/* If there is a groupname, print it for only the zeroth interface */
3518 	if (lifnum(name) == 0) {
3519 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3520 		    lifr.lifr_groupname[0] != '\0') {
3521 			(void) printf(" group %s ", lifr.lifr_groupname);
3522 		}
3523 	}
3524 
3525 	/* Print flags to configure */
3526 	print_config_flags(AF_INET, flags);
3527 }
3528 
3529 static void
3530 in6_configinfo(int force, uint64_t flags)
3531 {
3532 	char abuf[INET6_ADDRSTRLEN];
3533 	struct sockaddr_in6 *sin6, *laddr6;
3534 
3535 	if (debug)
3536 		(void) printf("in6_configinfo(%s) flags 0x%llx\n", name,
3537 		    flags);
3538 
3539 	if (!(flags & IFF_IPV6))
3540 		return;
3541 
3542 	if (!(flags & IFF_NOLOCAL)) {
3543 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3544 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3545 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3546 			    errno == ENXIO) {
3547 				if (!force)
3548 					return;
3549 				(void) memset(&lifr.lifr_addr, 0,
3550 				    sizeof (lifr.lifr_addr));
3551 			} else
3552 				Perror0_exit("in6_configinfo: SIOCGLIFADDR");
3553 		}
3554 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3555 		(void) printf(" set %s/%d ",
3556 		    inet_ntop(AF_INET6, &sin6->sin6_addr, abuf, sizeof (abuf)),
3557 		    lifr.lifr_addrlen);
3558 		laddr6 = sin6;
3559 	}
3560 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3561 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3562 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3563 		    errno == ENXIO) {
3564 			if (!force)
3565 				return;
3566 			(void) memset(&lifr.lifr_addr, 0,
3567 			    sizeof (lifr.lifr_addr));
3568 		} else
3569 			Perror0_exit("in6_configinfo: SIOCGLIFSUBNET");
3570 	}
3571 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3572 	if ((flags & IFF_NOLOCAL) ||
3573 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3574 		(void) printf(" subnet %s/%d ",
3575 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3576 		    abuf, sizeof (abuf)),
3577 		    lifr.lifr_addrlen);
3578 	}
3579 
3580 	if (flags & IFF_POINTOPOINT) {
3581 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3582 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3583 			if (errno == EADDRNOTAVAIL)
3584 				(void) memset(&lifr.lifr_addr, 0,
3585 				    sizeof (lifr.lifr_addr));
3586 			else
3587 				Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR");
3588 		}
3589 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3590 		(void) printf(" destination %s ",
3591 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3592 		    abuf, sizeof (abuf)));
3593 	}
3594 
3595 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3596 	if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3597 		if (errno == EADDRNOTAVAIL || errno == EINVAL)
3598 			(void) memset(&lifr.lifr_addr, 0,
3599 			    sizeof (lifr.lifr_addr));
3600 		else
3601 			Perror0_exit("in6_configinfo: SIOCGLIFTOKEN");
3602 	} else {
3603 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3604 		(void) printf(" token %s/%d ",
3605 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3606 		    abuf, sizeof (abuf)),
3607 		    lifr.lifr_addrlen);
3608 	}
3609 
3610 	/* If there is a groupname, print it for only the zeroth interface */
3611 	if (lifnum(name) == 0) {
3612 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3613 		    lifr.lifr_groupname[0] != '\0') {
3614 			(void) printf(" group %s ", lifr.lifr_groupname);
3615 		}
3616 	}
3617 
3618 	/* Print flags to configure */
3619 	print_config_flags(AF_INET6, flags);
3620 }
3621 
3622 /*
3623  * If this is a physical interface then remove it.
3624  * If it is a logical interface name use SIOCLIFREMOVEIF to
3625  * remove it. In both cases fail if it doesn't exist.
3626  */
3627 /* ARGSUSED */
3628 static int
3629 inetunplumb(char *arg, int64_t param)
3630 {
3631 	ipadm_status_t	istatus;
3632 
3633 	istatus = ipadm_delete_if(iph, name, afp->af_af, IPADM_OPT_ACTIVE);
3634 	if (istatus != IPADM_SUCCESS) {
3635 		(void) fprintf(stderr, "ifconfig: cannot unplumb %s: %s\n",
3636 		    name, ipadm_status2str(istatus));
3637 		exit(1);
3638 	}
3639 
3640 	return (0);
3641 }
3642 
3643 /*
3644  * Create the interface in `name', using ipadm_create_if(). If `name' is a
3645  * logical interface or loopback interface, ipadm_create_if() uses
3646  * SIOCLIFADDIF to create it.
3647  */
3648 /* ARGSUSED */
3649 static int
3650 inetplumb(char *arg, int64_t param)
3651 {
3652 	ipadm_status_t	istatus;
3653 
3654 	istatus = ipadm_create_if(iph, name, afp->af_af, IPADM_OPT_ACTIVE);
3655 	if (istatus != IPADM_SUCCESS) {
3656 		(void) fprintf(stderr, "ifconfig: cannot plumb %s: %s\n",
3657 		    name, ipadm_status2str(istatus));
3658 		if (istatus != IPADM_IF_EXISTS)
3659 			exit(1);
3660 	}
3661 	return (0);
3662 }
3663 
3664 /* ARGSUSED */
3665 static int
3666 inetipmp(char *arg, int64_t param)
3667 {
3668 	int retval;
3669 
3670 	/*
3671 	 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb".
3672 	 * Otherwise, try to create the requested IPMP interface.
3673 	 */
3674 	if (strchr(name, ':') != NULL)
3675 		retval = inetplumb(arg, param);
3676 	else
3677 		retval = create_ipmp(name, afp->af_af, name, _B_FALSE);
3678 
3679 	/*
3680 	 * We'd return -1, but foreachinterface() doesn't propagate the error
3681 	 * into the exit status, so we're forced to explicitly exit().
3682 	 */
3683 	if (retval == -1)
3684 		exit(1);
3685 	return (0);
3686 }
3687 
3688 /*
3689  * Create an IPMP group `grname' with address family `af'.  If `ifname' is
3690  * non-NULL, it specifies the interface name to use.  Otherwise, use the name
3691  * ipmpN, where N corresponds to the lowest available integer.  If `implicit'
3692  * is set, then the group is being created as a side-effect of placing an
3693  * underlying interface in a group.  Also start in.mpathd if necessary.
3694  */
3695 static int
3696 create_ipmp(const char *grname, int af, const char *ifname, boolean_t implicit)
3697 {
3698 	static int ipmp_daemon_started;
3699 	uint32_t flags = IPADM_OPT_IPMP|IPADM_OPT_ACTIVE;
3700 	ipadm_status_t istatus;
3701 
3702 	if (debug) {
3703 		(void) printf("create_ipmp: ifname %s grname %s af %d\n",
3704 		    ifname != NULL ? ifname : "NULL", grname, af);
3705 	}
3706 
3707 	/*
3708 	 * ipadm_create_if() creates the IPMP interface and fills in the
3709 	 * ppa in lifr.lifr_name, if `ifname'="ipmp".
3710 	 */
3711 	(void) strlcpy(lifr.lifr_name, (ifname ? ifname : "ipmp"),
3712 	    sizeof (lifr.lifr_name));
3713 	if (ifname == NULL)
3714 		flags |= IPADM_OPT_GENPPA;
3715 	istatus = ipadm_create_if(iph, lifr.lifr_name, af, flags);
3716 	if (istatus != IPADM_SUCCESS) {
3717 		(void) fprintf(stderr, "ifconfig: cannot create IPMP interface "
3718 		    "%s: %s\n", grname, ipadm_status2str(istatus));
3719 		return (-1);
3720 	}
3721 
3722 	/*
3723 	 * To preserve backward-compatibility, always bring up the link-local
3724 	 * address for implicitly-created IPv6 IPMP interfaces.
3725 	 */
3726 	if (implicit && af == AF_INET6) {
3727 		if (ioctl(s6, SIOCGLIFFLAGS, &lifr) == 0) {
3728 			lifr.lifr_flags |= IFF_UP;
3729 			(void) ioctl(s6, SIOCSLIFFLAGS, &lifr);
3730 		}
3731 	}
3732 
3733 	/*
3734 	 * If the caller requested a different group name, issue a
3735 	 * SIOCSLIFGROUPNAME on the new IPMP interface.
3736 	 */
3737 	if (strcmp(lifr.lifr_name, grname) != 0) {
3738 		(void) strlcpy(lifr.lifr_groupname, grname, LIFGRNAMSIZ);
3739 		if (ioctl(s, SIOCSLIFGROUPNAME, &lifr) == -1) {
3740 			Perror0("SIOCSLIFGROUPNAME");
3741 			return (-1);
3742 		}
3743 	}
3744 
3745 	/*
3746 	 * If we haven't done so yet, ensure in.mpathd is started.
3747 	 */
3748 	if (ipmp_daemon_started++ == 0)
3749 		start_ipmp_daemon();
3750 
3751 	return (0);
3752 }
3753 
3754 /*
3755  * Start in.mpathd if it's not already running.
3756  */
3757 static void
3758 start_ipmp_daemon(void)
3759 {
3760 	int retval;
3761 	ipmp_handle_t ipmp_handle;
3762 
3763 	/*
3764 	 * Ping in.mpathd to see if it's running already.
3765 	 */
3766 	if ((retval = ipmp_open(&ipmp_handle)) != IPMP_SUCCESS) {
3767 		(void) fprintf(stderr, "ifconfig: cannot create IPMP handle: "
3768 		    "%s\n", ipmp_errmsg(retval));
3769 		return;
3770 	}
3771 
3772 	retval = ipmp_ping_daemon(ipmp_handle);
3773 	ipmp_close(ipmp_handle);
3774 
3775 	switch (retval) {
3776 	case IPMP_ENOMPATHD:
3777 		break;
3778 	case IPMP_SUCCESS:
3779 		return;
3780 	default:
3781 		(void) fprintf(stderr, "ifconfig: cannot ping in.mpathd: %s\n",
3782 		    ipmp_errmsg(retval));
3783 		break;
3784 	}
3785 
3786 	/*
3787 	 * Start in.mpathd.  Note that in.mpathd will handle multiple
3788 	 * incarnations (ipmp_ping_daemon() is just an optimization) so we
3789 	 * don't need to worry about racing with another ifconfig process.
3790 	 */
3791 	switch (fork()) {
3792 	case -1:
3793 		Perror0_exit("start_ipmp_daemon: fork");
3794 		/* NOTREACHED */
3795 	case 0:
3796 		(void) execl(MPATHD_PATH, MPATHD_PATH, NULL);
3797 		_exit(1);
3798 		/* NOTREACHED */
3799 	default:
3800 		break;
3801 	}
3802 }
3803 
3804 /*
3805  * Bring the address named by `ifaddrp' up or down.  Doesn't trust any mutable
3806  * values in ia_flags since they may be stale.
3807  */
3808 static boolean_t
3809 ifaddr_op(ifaddrlistx_t *ifaddrp, boolean_t up)
3810 {
3811 	struct lifreq	lifrl;	/* Local lifreq struct */
3812 	int		fd = (ifaddrp->ia_flags & IFF_IPV4) ? s4 : s6;
3813 
3814 	(void) memset(&lifrl, 0, sizeof (lifrl));
3815 	(void) strlcpy(lifrl.lifr_name, ifaddrp->ia_name, LIFNAMSIZ);
3816 	if (ioctl(fd, SIOCGLIFFLAGS, &lifrl) == -1)
3817 		return (_B_FALSE);
3818 
3819 	if (up)
3820 		lifrl.lifr_flags |= IFF_UP;
3821 	else
3822 		lifrl.lifr_flags &= ~IFF_UP;
3823 
3824 	if (ioctl(fd, SIOCSLIFFLAGS, &lifrl) == -1)
3825 		return (_B_FALSE);
3826 
3827 	/*
3828 	 * If we're trying to bring the address down, ensure that DAD activity
3829 	 * (observable by IFF_DUPLICATE) has also been stopped.
3830 	 */
3831 	if (!up && ioctl(fd, SIOCGLIFFLAGS, &lifrl) != -1 &&
3832 	    lifrl.lifr_flags & IFF_DUPLICATE) {
3833 		if (ioctl(fd, SIOCGLIFADDR, &lifrl) == -1 ||
3834 		    ioctl(fd, SIOCSLIFADDR, &lifrl) == -1) {
3835 			return (_B_FALSE);
3836 		}
3837 	}
3838 	return (_B_TRUE);
3839 }
3840 
3841 static boolean_t
3842 ifaddr_up(ifaddrlistx_t *ifaddrp)
3843 {
3844 	return (ifaddr_op(ifaddrp, _B_TRUE));
3845 }
3846 
3847 static boolean_t
3848 ifaddr_down(ifaddrlistx_t *ifaddrp)
3849 {
3850 	return (ifaddr_op(ifaddrp, _B_FALSE));
3851 }
3852 
3853 /*
3854  * Open the global libdladm handle "dlh" if it isn't already opened.  The
3855  * caller may optionally supply a link name to obtain its linkid.  If a link
3856  * of a specific class or classes is required, reqclass specifies the class
3857  * mask.
3858  */
3859 static dladm_status_t
3860 ifconfig_dladm_open(const char *name, datalink_class_t reqclass,
3861     datalink_id_t *linkid)
3862 {
3863 	dladm_status_t status = DLADM_STATUS_OK;
3864 	datalink_class_t class;
3865 
3866 	if (!dlh_opened) {
3867 		if ((status = dladm_open(&dlh)) != DLADM_STATUS_OK)
3868 			return (status);
3869 		dlh_opened = _B_TRUE;
3870 	}
3871 	if (name != NULL) {
3872 		status = dladm_name2info(dlh, name, linkid, NULL, &class, NULL);
3873 		if (status == DLADM_STATUS_OK) {
3874 			if (!(class & reqclass))
3875 				status = DLADM_STATUS_LINKINVAL;
3876 		}
3877 	}
3878 	return (status);
3879 }
3880 
3881 /*
3882  * This function checks if we can use libipadm API's. We will only
3883  * call libipadm functions for non-IPMP interfaces. This check is
3884  * temporary until libipadm supports IPMP interfaces.
3885  */
3886 static boolean_t
3887 ifconfig_use_libipadm(int s, const char *lifname)
3888 {
3889 	struct lifreq lifr1;
3890 
3891 	(void) strlcpy(lifr1.lifr_name, lifname, sizeof (lifr1.lifr_name));
3892 	if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr1) < 0) {
3893 		(void) strncpy(lifr.lifr_name, lifname,
3894 		    sizeof (lifr.lifr_name));
3895 		Perror0_exit("error");
3896 	}
3897 
3898 	return (lifr1.lifr_groupname[0] == '\0');
3899 }
3900 
3901 static void
3902 ipadmerr_exit(ipadm_status_t status, const char *str)
3903 {
3904 	(void) fprintf(stderr, "ifconfig: %s: %s\n", str,
3905 	    ipadm_status2str(status));
3906 	exit(1);
3907 }
3908 
3909 static void
3910 dladmerr_exit(dladm_status_t status, const char *str)
3911 {
3912 	char errstr[DLADM_STRSIZE];
3913 
3914 	(void) fprintf(stderr, "%s: %s\n", str,
3915 	    dladm_status2str(status, errstr));
3916 	exit(1);
3917 }
3918 
3919 void
3920 Perror0(const char *cmd)
3921 {
3922 	Perror2(cmd, lifr.lifr_name);
3923 }
3924 
3925 void
3926 Perror0_exit(const char *cmd)
3927 {
3928 	Perror0(cmd);
3929 	exit(1);
3930 }
3931 
3932 void
3933 Perror2(const char *cmd, const char *str)
3934 {
3935 	int error = errno;
3936 
3937 	(void) fprintf(stderr, "ifconfig: %s: ", cmd);
3938 
3939 	switch (error) {
3940 	case ENXIO:
3941 		(void) fprintf(stderr, "%s: no such interface\n", str);
3942 		break;
3943 	case EPERM:
3944 		(void) fprintf(stderr, "%s: permission denied\n", str);
3945 		break;
3946 	case EEXIST:
3947 		(void) fprintf(stderr, "%s: already exists\n", str);
3948 		break;
3949 	case ENAMETOOLONG:
3950 		(void) fprintf(stderr, "%s: interface name too long\n", str);
3951 		break;
3952 	case ERANGE:
3953 		(void) fprintf(stderr, "%s: logical interface id is outside "
3954 		    "allowed range\n", str);
3955 		break;
3956 	default:
3957 		errno = error;
3958 		perror(str);
3959 	}
3960 }
3961 
3962 /*
3963  * Print out error message (Perror2()) and exit
3964  */
3965 void
3966 Perror2_exit(const char *cmd, const char *str)
3967 {
3968 	Perror2(cmd, str);
3969 	exit(1);
3970 	/* NOTREACHED */
3971 }
3972 
3973 void
3974 Perrdlpi(const char *cmd, const char *linkname, int err)
3975 {
3976 	(void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd,
3977 	    linkname, dlpi_strerror(err));
3978 }
3979 
3980 /*
3981  * Print out error message (Perrdlpi()) and exit
3982  */
3983 void
3984 Perrdlpi_exit(const char *cmd, const char *linkname, int err)
3985 {
3986 	Perrdlpi(cmd, linkname, err);
3987 	exit(1);
3988 }
3989 
3990 /*
3991  * If the last argument is non-NULL allow a <addr>/<n> syntax and
3992  * pass out <n> in *plenp.
3993  * If <n> doesn't parse return BAD_ADDR as *plenp.
3994  * If no /<n> is present return NO_PREFIX as *plenp.
3995  */
3996 static void
3997 in_getaddr(char *s, struct sockaddr *saddr, int *plenp)
3998 {
3999 	/* LINTED: alignment */
4000 	struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
4001 	struct hostent *hp;
4002 	struct netent *np;
4003 	char str[BUFSIZ];
4004 	int error_num;
4005 
4006 	(void) strncpy(str, s, sizeof (str));
4007 
4008 	/*
4009 	 * Look for '/'<n> is plenp
4010 	 */
4011 	if (plenp != NULL) {
4012 		char *cp;
4013 
4014 		*plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS);
4015 		if (*plenp == BAD_ADDR)
4016 			return;
4017 		cp = strchr(str, '/');
4018 		if (cp != NULL)
4019 			*cp = '\0';
4020 	} else if (strchr(str, '/') != NULL) {
4021 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4022 		exit(1);
4023 	}
4024 
4025 	(void) memset(sin, 0, sizeof (*sin));
4026 
4027 	/*
4028 	 *	Try to catch attempts to set the broadcast address to all 1's.
4029 	 */
4030 	if (strcmp(str, "255.255.255.255") == 0 ||
4031 	    (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) {
4032 		sin->sin_family = AF_INET;
4033 		sin->sin_addr.s_addr = 0xffffffff;
4034 		return;
4035 	}
4036 
4037 	hp = getipnodebyname(str, AF_INET, 0, &error_num);
4038 	if (hp) {
4039 		sin->sin_family = hp->h_addrtype;
4040 		(void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
4041 		freehostent(hp);
4042 		return;
4043 	}
4044 	np = getnetbyname(str);
4045 	if (np) {
4046 		sin->sin_family = np->n_addrtype;
4047 		sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY);
4048 		return;
4049 	}
4050 	if (error_num == TRY_AGAIN) {
4051 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4052 		    "(try again later)\n", s);
4053 	} else {
4054 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4055 	}
4056 	exit(1);
4057 }
4058 
4059 /*
4060  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4061  * pass out <n> in *plenp.
4062  * If <n> doesn't parse return BAD_ADDR as *plenp.
4063  * If no /<n> is present return NO_PREFIX as *plenp.
4064  */
4065 static void
4066 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4067 {
4068 	/* LINTED: alignment */
4069 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
4070 	struct hostent *hp;
4071 	char str[BUFSIZ];
4072 	int error_num;
4073 
4074 	(void) strncpy(str, s, sizeof (str));
4075 
4076 	/*
4077 	 * Look for '/'<n> is plenp
4078 	 */
4079 	if (plenp != NULL) {
4080 		char *cp;
4081 
4082 		*plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS);
4083 		if (*plenp == BAD_ADDR)
4084 			return;
4085 		cp = strchr(str, '/');
4086 		if (cp != NULL)
4087 			*cp = '\0';
4088 	} else if (strchr(str, '/') != NULL) {
4089 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4090 		exit(1);
4091 	}
4092 
4093 	(void) memset(sin6, 0, sizeof (*sin6));
4094 
4095 	hp = getipnodebyname(str, AF_INET6, 0, &error_num);
4096 	if (hp) {
4097 		sin6->sin6_family = hp->h_addrtype;
4098 		(void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length);
4099 		freehostent(hp);
4100 		return;
4101 	}
4102 	if (error_num == TRY_AGAIN) {
4103 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4104 		    "(try again later)\n", s);
4105 	} else {
4106 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4107 	}
4108 	exit(1);
4109 }
4110 
4111 /*
4112  * If "slash" is zero this parses the whole string as
4113  * an integer. With "slash" non zero it parses the tail part as an integer.
4114  *
4115  * If it is not a valid integer this returns BAD_ADDR.
4116  * If there is /<n> present this returns NO_PREFIX.
4117  */
4118 static int
4119 in_getprefixlen(char *addr, boolean_t slash, int max_plen)
4120 {
4121 	int prefixlen;
4122 	char *str, *end;
4123 
4124 	if (slash) {
4125 		str = strchr(addr, '/');
4126 		if (str == NULL)
4127 			return (NO_PREFIX);
4128 		str++;
4129 	} else
4130 		str = addr;
4131 
4132 	prefixlen = strtol(str, &end, 10);
4133 	if (prefixlen < 0)
4134 		return (BAD_ADDR);
4135 	if (str == end)
4136 		return (BAD_ADDR);
4137 	if (max_plen != 0 && max_plen < prefixlen)
4138 		return (BAD_ADDR);
4139 	return (prefixlen);
4140 }
4141 
4142 /*
4143  * Convert a prefix length to a mask.
4144  * Returns 1 if ok. 0 otherwise.
4145  * Assumes the mask array is zero'ed by the caller.
4146  */
4147 static boolean_t
4148 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask)
4149 {
4150 	if (prefixlen < 0 || prefixlen > maxlen)
4151 		return (0);
4152 
4153 	while (prefixlen > 0) {
4154 		if (prefixlen >= 8) {
4155 			*mask++ = 0xFF;
4156 			prefixlen -= 8;
4157 			continue;
4158 		}
4159 		*mask |= 1 << (8 - prefixlen);
4160 		prefixlen--;
4161 	}
4162 	return (1);
4163 }
4164 
4165 static void
4166 print_flags(uint64_t flags)
4167 {
4168 	boolean_t first = _B_TRUE;
4169 	int cnt, i;
4170 
4171 	(void) printf("flags=%llx", flags);
4172 	cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t);
4173 	for (i = 0; i < cnt; i++) {
4174 		if (flags & if_flags_tbl[i].iff_value) {
4175 			if (first) {
4176 				(void) printf("<");
4177 				first = _B_FALSE;
4178 			} else {
4179 				/*
4180 				 * It has to be here and not with the
4181 				 * printf below because for the last one,
4182 				 * we don't want a comma before the ">".
4183 				 */
4184 				(void) printf(",");
4185 			}
4186 			(void) printf("%s", if_flags_tbl[i].iff_name);
4187 		}
4188 	}
4189 	if (!first)
4190 		(void) printf(">");
4191 }
4192 
4193 static void
4194 print_config_flags(int af, uint64_t flags)
4195 {
4196 	if_config_cmd_t *cmdp;
4197 
4198 	for (cmdp = if_config_cmd_tbl; cmdp->iff_flag != 0; cmdp++) {
4199 		if ((flags & cmdp->iff_flag) &&
4200 		    (cmdp->iff_af == AF_UNSPEC || cmdp->iff_af == af)) {
4201 			(void) printf("%s ", cmdp->iff_name);
4202 		}
4203 	}
4204 }
4205 
4206 /*
4207  * Use the configured directory lookup mechanism (e.g. files/NIS/...)
4208  * to find the network mask.  Returns true if we found one to set.
4209  *
4210  * The parameter addr_set controls whether we should get the address of
4211  * the working interface for the netmask query.  If addr_set is true,
4212  * we will use the address provided.  Otherwise, we will find the working
4213  * interface's address and use it instead.
4214  */
4215 static boolean_t
4216 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set)
4217 {
4218 	struct sockaddr_in ifaddr;
4219 
4220 	/*
4221 	 * Read the address from the interface if it is not passed in.
4222 	 */
4223 	if (!addr_set) {
4224 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4225 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
4226 			if (errno != EADDRNOTAVAIL) {
4227 				(void) fprintf(stderr, "Need net number for "
4228 				    "mask\n");
4229 			}
4230 			return (_B_FALSE);
4231 		}
4232 		ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr);
4233 	} else {
4234 		ifaddr.sin_addr = saddr->sin_addr;
4235 	}
4236 	if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) {
4237 		saddr->sin_family = AF_INET;
4238 		return (_B_TRUE);
4239 	}
4240 	return (_B_FALSE);
4241 }
4242 
4243 static int
4244 lifnum(const char *ifname)
4245 {
4246 	const char *cp;
4247 
4248 	if ((cp = strchr(ifname, ':')) == NULL)
4249 		return (0);
4250 	else
4251 		return (atoi(cp + 1));
4252 }
4253 
4254 static void
4255 add_ni(const char *name)
4256 {
4257 	ni_t **pp;
4258 	ni_t *p;
4259 
4260 	for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) {
4261 		if (strcmp(p->ni_name, name) == 0) {
4262 			if (debug > 2)
4263 				(void) fprintf(stderr, "'%s' is a duplicate\n",
4264 				    name);
4265 			return;
4266 		}
4267 	}
4268 
4269 	if (debug > 2)
4270 		(void) fprintf(stderr, "adding '%s'\n",
4271 		    name);
4272 
4273 	if ((p = malloc(sizeof (ni_t))) == NULL)
4274 		return;
4275 
4276 	(void) strlcpy(p->ni_name, name, sizeof (p->ni_name));
4277 	p->ni_next = NULL;
4278 
4279 	*pp = p;
4280 	num_ni++;
4281 }
4282 
4283 static boolean_t
4284 ni_entry(const char *linkname, void *arg)
4285 {
4286 	dlpi_handle_t	dh;
4287 	datalink_class_t class;
4288 
4289 	(void) dladm_name2info(arg, linkname, NULL, NULL, &class, NULL);
4290 
4291 	if (class == DATALINK_CLASS_ETHERSTUB)
4292 		return (_B_FALSE);
4293 	if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS)
4294 		return (_B_FALSE);
4295 
4296 	add_ni(linkname);
4297 
4298 	dlpi_close(dh);
4299 	return (_B_FALSE);
4300 }
4301 
4302 /*
4303  * dhcp-related routines
4304  */
4305 
4306 static int
4307 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[])
4308 {
4309 	dhcp_ipc_request_t	*request;
4310 	dhcp_ipc_reply_t	*reply	= NULL;
4311 	int			timeout = DHCP_IPC_WAIT_DEFAULT;
4312 	dhcp_ipc_type_t		type	= DHCP_START;
4313 	int			error;
4314 	boolean_t		is_primary = _B_FALSE;
4315 	boolean_t		started = _B_FALSE;
4316 
4317 	for (argv++; --argc > 0; argv++) {
4318 
4319 		if (strcmp(*argv, "primary") == 0) {
4320 			is_primary = _B_TRUE;
4321 			continue;
4322 		}
4323 
4324 		if (strcmp(*argv, "wait") == 0) {
4325 			if (--argc <= 0) {
4326 				usage();
4327 				return (DHCP_EXIT_BADARGS);
4328 			}
4329 			argv++;
4330 
4331 			if (strcmp(*argv, "forever") == 0) {
4332 				timeout = DHCP_IPC_WAIT_FOREVER;
4333 				continue;
4334 			}
4335 
4336 			if (sscanf(*argv, "%d", &timeout) != 1) {
4337 				usage();
4338 				return (DHCP_EXIT_BADARGS);
4339 			}
4340 
4341 			if (timeout < 0) {
4342 				usage();
4343 				return (DHCP_EXIT_BADARGS);
4344 			}
4345 			continue;
4346 		}
4347 
4348 		type = dhcp_string_to_request(*argv);
4349 		if (type == -1) {
4350 			usage();
4351 			return (DHCP_EXIT_BADARGS);
4352 		}
4353 	}
4354 
4355 	/*
4356 	 * Only try to start agent on start or inform; in all other cases it
4357 	 * has to already be running for anything to make sense.
4358 	 */
4359 	if (type == DHCP_START || type == DHCP_INFORM) {
4360 		if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) {
4361 			(void) fprintf(stderr, "%s: unable to start %s\n",
4362 			    caller, DHCP_AGENT_PATH);
4363 			return (DHCP_EXIT_FAILURE);
4364 		}
4365 		started = _B_TRUE;
4366 	}
4367 
4368 	if (is_primary)
4369 		type |= DHCP_PRIMARY;
4370 
4371 	if (af != AF_INET)
4372 		type |= DHCP_V6;
4373 
4374 	request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE);
4375 	if (request == NULL) {
4376 		(void) fprintf(stderr, "%s: out of memory\n", caller);
4377 		return (DHCP_EXIT_SYSTEM);
4378 	}
4379 
4380 	error = dhcp_ipc_make_request(request, &reply, timeout);
4381 	if (error != 0) {
4382 		free(request);
4383 		/*
4384 		 * Re-map connect error to not under control if we didn't try a
4385 		 * start operation, as this has to be true and results in a
4386 		 * clearer message, not to mention preserving compatibility
4387 		 * with the days when we always started dhcpagent for every
4388 		 * request.
4389 		 */
4390 		if (error == DHCP_IPC_E_CONNECT && !started)
4391 			error = DHCP_IPC_E_UNKIF;
4392 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4393 		    dhcp_ipc_strerror(error));
4394 		return (DHCP_EXIT_FAILURE);
4395 	}
4396 
4397 	error = reply->return_code;
4398 	if (error != 0) {
4399 		free(request);
4400 		free(reply);
4401 
4402 		if (error == DHCP_IPC_E_TIMEOUT && timeout == 0)
4403 			return (DHCP_EXIT_SUCCESS);
4404 
4405 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4406 		    dhcp_ipc_strerror(error));
4407 
4408 		if (error == DHCP_IPC_E_TIMEOUT)
4409 			return (DHCP_EXIT_TIMEOUT);
4410 		else
4411 			return (DHCP_EXIT_IF_FAILURE);
4412 	}
4413 
4414 	if (DHCP_IPC_CMD(type) == DHCP_STATUS) {
4415 		(void) printf("%s", dhcp_status_hdr_string());
4416 		(void) printf("%s", dhcp_status_reply_to_string(reply));
4417 	}
4418 
4419 	free(request);
4420 	free(reply);
4421 	return (DHCP_EXIT_SUCCESS);
4422 }
4423 
4424 static void
4425 usage(void)
4426 {
4427 	(void) fprintf(stderr,
4428 	    "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n");
4429 
4430 	(void) fprintf(stderr, "%s",
4431 	    "\t[ <addr_family> ]\n"
4432 	    "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n"
4433 	    "\t[ set [ <address>][/<prefix_length>] ]"
4434 	    " [ <address>/<prefix_length>] ]\n"
4435 	    "\t[ destination <dest_address> ]\n"
4436 	    "\t[ addif <address>[/<prefix_length>]"
4437 	    "  [ <dest_address> ] ]\n"
4438 	    "\t[ removeif <address>[/<prefix_length>] ]\n"
4439 	    "\t[ arp | -arp ]\n"
4440 	    "\t[ auto-revarp ]\n"
4441 	    "\t[ broadcast <broad_addr> ]\n"
4442 	    "\t[ index <if_index> ]\n"
4443 	    "\t[ metric <n> ] [ mtu <n> ]\n"
4444 	    "\t[ netmask <mask> ]\n"
4445 	    "\t[ plumb ] [ unplumb ]\n"
4446 	    "\t[ preferred | -preferred ]\n"
4447 	    "\t[ private | -private ]\n"
4448 	    "\t[ local | -local ]\n"
4449 	    "\t[ router | -router ]\n"
4450 	    "\t[ subnet <subnet_address>]\n"
4451 	    "\t[ trailers | -trailers ]\n"
4452 	    "\t[ token <address>/<prefix_length> ]\n"
4453 	    "\t[ tsrc <tunnel_src_address> ]\n"
4454 	    "\t[ tdst <tunnel_dest_address> ]\n"
4455 	    "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n"
4456 	    "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n"
4457 	    "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n"
4458 	    "\t[ up ] [ down ]\n"
4459 	    "\t[ xmit | -xmit ]\n"
4460 	    "\t[ modlist ]\n"
4461 	    "\t[ modinsert <module_name@position> ]\n"
4462 	    "\t[ modremove <module_name@position> ]\n"
4463 	    "\t[ ipmp ]\n"
4464 	    "\t[ group <groupname>] | [ group \"\"]\n"
4465 	    "\t[ deprecated | -deprecated ]\n"
4466 	    "\t[ standby | -standby ]\n"
4467 	    "\t[ failover | -failover ]\n"
4468 	    "\t[ zone <zonename> | -zone ]\n"
4469 	    "\t[ usesrc <interface> ]\n"
4470 	    "\t[ all-zones ]\n");
4471 
4472 	(void) fprintf(stderr, "or\n");
4473 	(void) fprintf(stderr,
4474 	    "\tifconfig <interface> |  -a[ 4 | 6 | D ] [ u | d ]\n");
4475 
4476 	(void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n"
4477 	    "\t[ wait <time> | forever ]\n\t[ primary ]\n"
4478 	    "\tstart | drop | ping | release | status | inform\n");
4479 }
4480