xref: /titanic_50/usr/src/cmd/cmd-inet/usr.sbin/ifconfig/ifconfig.c (revision 5829b1c983804e9f5553f65d47f088a97a89700b)
1 /*
2  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 /*
6  * Copyright (c) 1983 Regents of the University of California.
7  * All rights reserved.  The Berkeley software License Agreement
8  * specifies the terms and conditions for redistribution.
9  */
10 
11 #include "defs.h"
12 #include "strings.h"
13 #include "ifconfig.h"
14 #include <compat.h>
15 #include <libdlpi.h>
16 #include <libdllink.h>
17 #include <inet/ip.h>
18 #include <inet/ipsec_impl.h>
19 
20 #define	LOOPBACK_IF	"lo0"
21 #define	NONE_STR	"none"
22 #define	ARP_MOD_NAME	"arp"
23 #define	TUN_NAME	"tun"
24 #define	ATUN_NAME	"atun"
25 #define	TUN6TO4_NAME	"6to4tun"
26 #define	IPMPSTUB	(void *)-1
27 
28 typedef struct if_flags {
29 	uint64_t iff_value;
30 	char	*iff_name;
31 } if_flags_t;
32 
33 static if_flags_t	if_flags_tbl[] = {
34 	{ IFF_UP,		"UP" },
35 	{ IFF_BROADCAST,	"BROADCAST" },
36 	{ IFF_DEBUG,		"DEBUG" },
37 	{ IFF_LOOPBACK,		"LOOPBACK" },
38 	{ IFF_POINTOPOINT,	"POINTOPOINT" },
39 	{ IFF_NOTRAILERS,	"NOTRAILERS" },
40 	{ IFF_RUNNING,		"RUNNING" },
41 	{ IFF_NOARP,		"NOARP" },
42 	{ IFF_PROMISC,		"PROMISC" },
43 	{ IFF_ALLMULTI,		"ALLMULTI" },
44 	{ IFF_INTELLIGENT,	"INTELLIGENT" },
45 	{ IFF_MULTICAST,	"MULTICAST" },
46 	{ IFF_MULTI_BCAST,	"MULTI_BCAST" },
47 	{ IFF_UNNUMBERED,	"UNNUMBERED" },
48 	{ IFF_DHCPRUNNING,	"DHCP" },
49 	{ IFF_PRIVATE,		"PRIVATE" },
50 	{ IFF_NOXMIT,		"NOXMIT" },
51 	{ IFF_NOLOCAL,		"NOLOCAL" },
52 	{ IFF_DEPRECATED,	"DEPRECATED" },
53 	{ IFF_ADDRCONF,		"ADDRCONF" },
54 	{ IFF_ROUTER,		"ROUTER" },
55 	{ IFF_NONUD,		"NONUD" },
56 	{ IFF_ANYCAST,		"ANYCAST" },
57 	{ IFF_NORTEXCH,		"NORTEXCH" },
58 	{ IFF_IPV4,		"IPv4" },
59 	{ IFF_IPV6,		"IPv6" },
60 	{ IFF_NOFAILOVER,	"NOFAILOVER" },
61 	{ IFF_FAILED,		"FAILED" },
62 	{ IFF_STANDBY,		"STANDBY" },
63 	{ IFF_INACTIVE,		"INACTIVE" },
64 	{ IFF_OFFLINE,		"OFFLINE" },
65 	{ IFF_XRESOLV,		"XRESOLV" },
66 	{ IFF_COS_ENABLED,	"CoS" },
67 	{ IFF_PREFERRED,	"PREFERRED" },
68 	{ IFF_TEMPORARY,	"TEMPORARY" },
69 	{ IFF_FIXEDMTU,		"FIXEDMTU" },
70 	{ IFF_VIRTUAL,		"VIRTUAL" },
71 	{ IFF_DUPLICATE,	"DUPLICATE" },
72 	{ IFF_IPMP,		"IPMP"}
73 };
74 
75 typedef struct {
76 	const char		*ia_app;
77 	uint64_t		ia_flag;
78 	uint_t			ia_tries;
79 } if_appflags_t;
80 
81 static const if_appflags_t if_appflags_tbl[] = {
82 	{ "dhcpagent(1M)",	IFF_DHCPRUNNING,	1 },
83 	{ "in.ndpd(1M)",	IFF_ADDRCONF,		3 },
84 	{  NULL,		0,			0 }
85 };
86 
87 static struct	lifreq lifr;
88 /* current interface name a particular function is accessing */
89 static char	name[LIFNAMSIZ];
90 /* foreach interface saved name */
91 static char	origname[LIFNAMSIZ];
92 static int	setaddr;
93 
94 /*
95  * Make sure the algorithm variables hold more than the sizeof an algorithm
96  * in PF_KEY.  (For now, more than a uint8_t.)  The NO_***_?ALG indicates that
97  * there was no algorithm requested, and in the ipsec_req that service should
98  * be disabled.  (E.g. if ah_aalg remains NO_AH_AALG, then AH will be
99  * disabled on that tunnel.)
100  */
101 #define	NO_AH_AALG 256
102 #define	NO_ESP_AALG 256
103 #define	NO_ESP_EALG 256
104 
105 int	s, s4, s6;
106 int	af = AF_INET;	/* default address family */
107 int	debug = 0;
108 int	all = 0;	/* setifdhcp() needs to know this */
109 int	verbose = 0;
110 int	v4compat = 0;	/* Compatible printing format */
111 
112 /*
113  * Function prototypes for command functions.
114  */
115 static int	addif(char *arg, int64_t param);
116 static int	inetipmp(char *arg, int64_t param);
117 static int	inetplumb(char *arg, int64_t param);
118 static int	inetunplumb(char *arg, int64_t param);
119 static int	removeif(char *arg, int64_t param);
120 static int	setdebugflag(char *arg, int64_t param);
121 static int	setifaddr(char *arg, int64_t param);
122 static int	setifbroadaddr(char *arg, int64_t param);
123 static int	setifdstaddr(char *arg, int64_t param);
124 static int	setifether(char *arg, int64_t param);
125 static int	setifflags(char *arg, int64_t param);
126 static int	setifindex(char *arg, int64_t param);
127 static int	setifmetric(char *arg, int64_t param);
128 static int	setifmtu(char *arg, int64_t param);
129 static int	setifnetmask(char *arg, int64_t param);
130 static int	setifprefixlen(char *arg, int64_t param);
131 static int	setifrevarp(char *arg, int64_t param);
132 static int	setifsubnet(char *arg, int64_t param);
133 static int	setiftdst(char *arg, int64_t param);
134 static int	setiftoken(char *arg, int64_t param);
135 static int	setiftsrc(char *arg, int64_t param);
136 static int	setverboseflag(char *arg, int64_t param);
137 static int	set_tun_ah_alg(char *arg, int64_t param);
138 static int	set_tun_esp_auth_alg(char *arg, int64_t param);
139 static int	set_tun_esp_encr_alg(char *arg, int64_t param);
140 static int	modlist(char *arg, int64_t param);
141 static int	modinsert(char *arg, int64_t param);
142 static int	modremove(char *arg, int64_t param);
143 static int	setifgroupname(char *arg, int64_t param);
144 static int	configinfo(char *arg, int64_t param);
145 static void	print_config_flags(int af, uint64_t flags);
146 static void	print_flags(uint64_t flags);
147 static void	print_ifether(char *ifname);
148 static int	set_tun_encap_limit(char *arg, int64_t param);
149 static int	clr_tun_encap_limit(char *arg, int64_t param);
150 static int	set_tun_hop_limit(char *arg, int64_t param);
151 static int	setzone(char *arg, int64_t param);
152 static int	setallzones(char *arg, int64_t param);
153 static int	setifsrc(char *arg, int64_t param);
154 static int	lifnum(const char *ifname);
155 
156 /*
157  * Address family specific function prototypes.
158  */
159 static void	in_getaddr(char *s, struct sockaddr *saddr, int *plenp);
160 static void	in_status(int force, uint64_t flags);
161 static void	in_configinfo(int force, uint64_t flags);
162 static void	in6_getaddr(char *s, struct sockaddr *saddr, int *plenp);
163 static void	in6_status(int force, uint64_t flags);
164 static void	in6_configinfo(int force, uint64_t flags);
165 
166 /*
167  * Misc support functions
168  */
169 static boolean_t	ni_entry(const char *, void *);
170 static void	foreachinterface(void (*func)(), int argc, char *argv[],
171 		    int af, int64_t onflags, int64_t offflags,
172 		    int64_t lifc_flags);
173 static void	ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp);
174 static boolean_t	in_getmask(struct sockaddr_in *saddr,
175 			    boolean_t addr_set);
176 static int	in_getprefixlen(char *addr, boolean_t slash, int plen);
177 static boolean_t	in_prefixlentomask(int prefixlen, int maxlen,
178 			    uchar_t *mask);
179 static int	settaddr(char *, int (*)(icfg_handle_t,
180 			    const struct sockaddr *, socklen_t));
181 static void	status(void);
182 static void	ifstatus(const char *);
183 static void	usage(void);
184 static int	strioctl(int s, int cmd, void *buf, int buflen);
185 static int	setifdhcp(const char *caller, const char *ifname,
186 		    int argc, char *argv[]);
187 static int	ip_domux2fd(int *, int *, int *, int *, int *);
188 static int	ip_plink(int, int, int, int, int);
189 static int	modop(char *arg, char op);
190 static int	find_all_global_interfaces(struct lifconf *lifcp, char **buf,
191 		    int64_t lifc_flags);
192 static int	find_all_zone_interfaces(struct lifconf *lifcp, char **buf,
193 		    int64_t lifc_flags);
194 static int	create_ipmp(const char *grname, int af, const char *ifname,
195 		    boolean_t implicit);
196 static int	create_ipmp_peer(int af, const char *ifname);
197 static void	start_ipmp_daemon(void);
198 static boolean_t ifaddr_up(ifaddrlistx_t *ifaddrp);
199 static boolean_t ifaddr_down(ifaddrlistx_t *ifaddrp);
200 
201 #define	max(a, b)	((a) < (b) ? (b) : (a))
202 
203 /*
204  * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there
205  * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep
206  * on going rather than exit with an error.
207  */
208 
209 #define	DHCP_EXIT_IF_FAILURE	-1
210 
211 #define	NEXTARG		0xffffff	/* command takes an argument */
212 #define	OPTARG		0xfffffe 	/* command takes an optional argument */
213 #define	AF_ANY		(-1)
214 
215 /* Refer to the comments in ifconfig() on the netmask "hack" */
216 #define	NETMASK_CMD	"netmask"
217 struct sockaddr_storage	g_netmask;
218 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET }
219     g_netmask_set = G_NETMASK_NIL;
220 
221 struct	cmd {
222 	char		*c_name;
223 	int64_t		c_parameter;	/* NEXTARG means next argv */
224 	int		(*c_func)(char *, int64_t);
225 	int		c_abortonfail;	/* don't continue parsing args */
226 					/* for the current interface */
227 	int	c_af;			/* address family restrictions */
228 } cmds[] = {
229 	{ "up",		IFF_UP,		setifflags,	0,	AF_ANY },
230 	{ "down",	-IFF_UP,	setifflags,	0,	AF_ANY },
231 	{ "trailers",	-IFF_NOTRAILERS, setifflags,	0,	AF_ANY },
232 	{ "-trailers",	IFF_NOTRAILERS,	setifflags,	0,	AF_ANY },
233 	{ "arp",	-IFF_NOARP,	setifflags,	0,	AF_INET },
234 	{ "-arp",	IFF_NOARP,	setifflags,	0,	AF_INET },
235 	{ "router",	IFF_ROUTER,	setifflags,	0,	AF_ANY },
236 	{ "-router",	-IFF_ROUTER,	setifflags,	0,	AF_ANY },
237 	{ "private",	IFF_PRIVATE,	setifflags,	0,	AF_ANY },
238 	{ "-private",	-IFF_PRIVATE,	setifflags,	0,	AF_ANY },
239 	{ "xmit",	-IFF_NOXMIT,	setifflags,	0,	AF_ANY },
240 	{ "-xmit",	IFF_NOXMIT,	setifflags,	0,	AF_ANY },
241 	{ "-nud",	IFF_NONUD,	setifflags,	0,	AF_INET6 },
242 	{ "nud",	-IFF_NONUD,	setifflags,	0,	AF_INET6 },
243 	{ "anycast",	IFF_ANYCAST,	setifflags,	0,	AF_ANY },
244 	{ "-anycast",	-IFF_ANYCAST,	setifflags,	0,	AF_ANY },
245 	{ "local",	-IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
246 	{ "-local",	IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
247 	{ "deprecated",	IFF_DEPRECATED,	setifflags,	0,	AF_ANY },
248 	{ "-deprecated", -IFF_DEPRECATED, setifflags,	0,	AF_ANY },
249 	{ "preferred",	IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
250 	{ "-preferred",	-IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
251 	{ "debug",	0,		setdebugflag,	0,	AF_ANY },
252 	{ "verbose",	0,		setverboseflag,	0,	AF_ANY },
253 	{ NETMASK_CMD,	NEXTARG,	setifnetmask,	0,	AF_INET },
254 	{ "metric",	NEXTARG,	setifmetric,	0,	AF_ANY },
255 	{ "mtu",	NEXTARG,	setifmtu,	0,	AF_ANY },
256 	{ "index",	NEXTARG,	setifindex,	0,	AF_ANY },
257 	{ "broadcast",	NEXTARG,	setifbroadaddr,	0,	AF_INET },
258 	{ "auto-revarp", 0,		setifrevarp,	1,	AF_INET },
259 	{ "ipmp",	0,		inetipmp,	1,	AF_ANY },
260 	{ "plumb",	0,		inetplumb,	1,	AF_ANY },
261 	{ "unplumb",	0,		inetunplumb,	0,	AF_ANY },
262 	{ "subnet",	NEXTARG,	setifsubnet,	0,	AF_ANY },
263 	{ "token",	NEXTARG,	setiftoken,	0,	AF_INET6 },
264 	{ "tsrc",	NEXTARG,	setiftsrc,	0,	AF_ANY },
265 	{ "tdst",	NEXTARG,	setiftdst,	0,	AF_ANY },
266 	{ "encr_auth_algs", NEXTARG,	set_tun_esp_auth_alg, 0, AF_ANY },
267 	{ "encr_algs",	NEXTARG,	set_tun_esp_encr_alg, 0, AF_ANY },
268 	{ "auth_algs",	NEXTARG,	set_tun_ah_alg,	0,	AF_ANY },
269 	{ "addif",	NEXTARG,	addif,		1,	AF_ANY },
270 	{ "removeif",	NEXTARG,	removeif,	1,	AF_ANY },
271 	{ "modlist",	0,		modlist,	1,	AF_ANY },
272 	{ "modinsert",	NEXTARG,	modinsert,	1,	AF_ANY },
273 	{ "modremove",	NEXTARG,	modremove,	1,	AF_ANY },
274 	{ "failover",	-IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
275 	{ "-failover",	IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
276 	{ "standby",	IFF_STANDBY,	setifflags,	1,	AF_ANY },
277 	{ "-standby",	-IFF_STANDBY,	setifflags,	1,	AF_ANY },
278 	{ "failed",	IFF_FAILED,	setifflags,	1,	AF_ANY },
279 	{ "-failed",	-IFF_FAILED,	setifflags,	1,	AF_ANY },
280 	{ "group",	NEXTARG,	setifgroupname,	1,	AF_ANY },
281 	{ "configinfo",	0,		configinfo,	1,	AF_ANY },
282 	{ "encaplimit",	NEXTARG,	set_tun_encap_limit,	0, AF_ANY },
283 	{ "-encaplimit", 0,		clr_tun_encap_limit,	0, AF_ANY },
284 	{ "thoplimit",	NEXTARG,	set_tun_hop_limit,	0, AF_ANY },
285 	{ "set",	NEXTARG,	setifaddr,	0,	AF_ANY },
286 	{ "destination", NEXTARG,	setifdstaddr,	0,	AF_ANY },
287 	{ "zone",	NEXTARG,	setzone,	0,	AF_ANY },
288 	{ "-zone",	0,		setzone,	0,	AF_ANY },
289 	{ "all-zones",	0,		setallzones,	0,	AF_ANY },
290 	{ "ether",	OPTARG,		setifether,	0,	AF_ANY },
291 	{ "usesrc",	NEXTARG,	setifsrc,	0,	AF_ANY },
292 
293 	/*
294 	 * NOTE: any additions to this table must also be applied to ifparse
295 	 *	(usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c)
296 	 */
297 
298 	{ 0,		0,		setifaddr,	0,	AF_ANY },
299 	{ 0,		0,		setifdstaddr,	0,	AF_ANY },
300 	{ 0,		0,		0,		0,	0 },
301 };
302 
303 
304 typedef struct if_config_cmd {
305 	uint64_t	iff_flag;
306 	int		iff_af;
307 	char		*iff_name;
308 } if_config_cmd_t;
309 
310 /*
311  * NOTE: print_config_flags() processes this table in order, so we put "up"
312  * last so that we can be sure "-failover" will take effect first.  Otherwise,
313  * IPMP test addresses will erroneously migrate to the IPMP interface.
314  */
315 static if_config_cmd_t	if_config_cmd_tbl[] = {
316 	{ IFF_NOTRAILERS,	AF_UNSPEC,	"-trailers"	},
317 	{ IFF_PRIVATE,		AF_UNSPEC,	"private"	},
318 	{ IFF_NOXMIT,		AF_UNSPEC,	"-xmit"		},
319 	{ IFF_ANYCAST,		AF_INET6,	"anycast"	},
320 	{ IFF_NOLOCAL,		AF_UNSPEC,	"-local"	},
321 	{ IFF_DEPRECATED,	AF_UNSPEC,	"deprecated"	},
322 	{ IFF_NOFAILOVER,	AF_UNSPEC,	"-failover"	},
323 	{ IFF_STANDBY,		AF_UNSPEC,	"standby"	},
324 	{ IFF_FAILED,		AF_UNSPEC,	"failed"	},
325 	{ IFF_PREFERRED,	AF_UNSPEC,	"preferred"	},
326 	{ IFF_NONUD,		AF_INET6,	"-nud"		},
327 	{ IFF_NOARP,		AF_INET,	"-arp"		},
328 	{ IFF_UP,		AF_UNSPEC, 	"up" 		},
329 	{ 0,			0,		NULL		},
330 };
331 
332 typedef struct ni {
333 	char		ni_name[LIFNAMSIZ];
334 	struct ni	*ni_next;
335 } ni_t;
336 
337 static ni_t	*ni_list = NULL;
338 static int	num_ni = 0;
339 
340 /* End defines and structure definitions for ifconfig -a plumb */
341 
342 /* Known address families */
343 struct afswtch {
344 	char *af_name;
345 	short af_af;
346 	void (*af_status)();
347 	void (*af_getaddr)();
348 	void (*af_configinfo)();
349 } afs[] = {
350 	{ "inet", AF_INET, in_status, in_getaddr, in_configinfo },
351 	{ "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo },
352 	{ 0, 0,	0, 0, 0 }
353 };
354 
355 #define	SOCKET_AF(af)	(((af) == AF_UNSPEC) ? AF_INET : (af))
356 
357 struct afswtch *afp;	/* the address family being set or asked about */
358 
359 int
360 main(int argc, char *argv[])
361 {
362 	int64_t lifc_flags;
363 	char *default_ip_str;
364 
365 	lifc_flags = LIFC_NOXMIT|LIFC_TEMPORARY|LIFC_ALLZONES|LIFC_UNDER_IPMP;
366 
367 	if (argc < 2) {
368 		usage();
369 		exit(1);
370 	}
371 	argc--, argv++;
372 	if (strlen(*argv) > sizeof (name) - 1) {
373 		(void) fprintf(stderr, "%s: interface name too long\n", *argv);
374 		exit(1);
375 	}
376 	(void) strncpy(name, *argv, sizeof (name));
377 	name[sizeof (name) - 1] = '\0';
378 	(void) strncpy(origname, name, sizeof (origname));	/* For addif */
379 	default_ip_str = NULL;
380 	v4compat = get_compat_flag(&default_ip_str);
381 	if (v4compat == DEFAULT_PROT_BAD_VALUE) {
382 		(void) fprintf(stderr,
383 		    "ifconfig: %s: Bad value for %s in %s\n", default_ip_str,
384 		    DEFAULT_IP, INET_DEFAULT_FILE);
385 		free(default_ip_str);
386 		exit(2);
387 	}
388 	free(default_ip_str);
389 	argc--, argv++;
390 	if (argc > 0) {
391 		struct afswtch *myafp;
392 
393 		for (myafp = afp = afs; myafp->af_name; myafp++) {
394 			if (strcmp(myafp->af_name, *argv) == 0) {
395 				afp = myafp; argc--; argv++;
396 				break;
397 			}
398 		}
399 		af = lifr.lifr_addr.ss_family = afp->af_af;
400 		if (af == AF_INET6) {
401 			v4compat = 0;
402 		}
403 	}
404 
405 	s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
406 	s4 = socket(AF_INET, SOCK_DGRAM, 0);
407 	s6 = socket(AF_INET6, SOCK_DGRAM, 0);
408 	if (s == -1 || s4 == -1 || s6 == -1)
409 		Perror0_exit("socket");
410 
411 	/*
412 	 * Special interface names is any combination of these flags.
413 	 * Note that due to the ifconfig syntax they have to be combined
414 	 * as a single '-' option.
415 	 *	-a	All interfaces
416 	 *	-u	"up" interfaces
417 	 *	-d	"down" interfaces
418 	 *	-D	Interfaces not controlled by DHCP
419 	 *	-4	IPv4 interfaces
420 	 *	-6	IPv6 interfaces
421 	 *	-X	Turn on debug (not documented)
422 	 *	-v	Turn on verbose
423 	 *	-Z	Only interfaces in caller's zone
424 	 */
425 
426 	if (name[0] == '-') {
427 		/* One or more options */
428 		int64_t onflags = 0;
429 		int64_t offflags = 0;
430 		int c;
431 		char *av[2] = { "ifconfig", name };
432 
433 		while ((c = getopt(2, av, "audDXZ46v")) != -1) {
434 			switch ((char)c) {
435 			case 'a':
436 				all = 1;
437 				break;
438 			case 'u':
439 				onflags |= IFF_UP;
440 				break;
441 			case 'd':
442 				offflags |= IFF_UP;
443 				break;
444 			case 'D':
445 				offflags |= IFF_DHCPRUNNING;
446 				break;
447 			case 'X':
448 				debug += 3;
449 				break;
450 			case 'Z':
451 				lifc_flags &= ~LIFC_ALLZONES;
452 				break;
453 			case '4':
454 				/*
455 				 * -4 is not a compatable flag, therefore
456 				 * we assume they want v4compat turned off
457 				 */
458 				v4compat = 0;
459 				onflags |= IFF_IPV4;
460 				break;
461 			case '6':
462 				/*
463 				 * If they want IPv6, well then we'll assume
464 				 * they don't want IPv4 compat
465 				 */
466 				v4compat = 0;
467 				onflags |= IFF_IPV6;
468 				break;
469 			case 'v':
470 				verbose = 1;
471 				break;
472 			case '?':
473 				usage();
474 				exit(1);
475 			}
476 		}
477 		if (!all) {
478 			(void) fprintf(stderr,
479 			    "ifconfig: %s: no such interface\n", name);
480 			exit(1);
481 		}
482 		foreachinterface(ifconfig, argc, argv, af, onflags, offflags,
483 		    lifc_flags);
484 	} else {
485 		ifconfig(argc, argv, af, (struct lifreq *)NULL);
486 	}
487 	return (0);
488 }
489 
490 /*
491  * For each interface, call (*func)(argc, argv, af, lifrp).
492  * Only call function if onflags and offflags are set or clear, respectively,
493  * in the interfaces flags field.
494  */
495 static void
496 foreachinterface(void (*func)(), int argc, char *argv[], int af,
497     int64_t onflags, int64_t offflags, int64_t lifc_flags)
498 {
499 	int n;
500 	char *buf;
501 	struct lifnum lifn;
502 	struct lifconf lifc;
503 	struct lifreq *lifrp;
504 	struct lifreq lifrl;	/* Local lifreq struct */
505 	int numifs;
506 	unsigned bufsize;
507 	int plumball = 0;
508 	int save_af = af;
509 
510 	buf = NULL;
511 	/*
512 	 * Special case:
513 	 * ifconfig -a plumb should find all network interfaces
514 	 * in the machine for the global zone.
515 	 * For non-global zones, only find the assigned interfaces.
516 	 * Also, there is no need to  SIOCGLIF* ioctls, since
517 	 * those interfaces have already been plumbed
518 	 */
519 	if (argc > 0 && (strcmp(*argv, "plumb") == 0)) {
520 		if (getzoneid() == GLOBAL_ZONEID) {
521 			if (find_all_global_interfaces(&lifc, &buf,
522 			    lifc_flags) != 0)
523 				return;
524 		} else {
525 			if (find_all_zone_interfaces(&lifc, &buf,
526 			    lifc_flags) != 0)
527 				return;
528 		}
529 		if (lifc.lifc_len == 0)
530 			return;
531 		plumball = 1;
532 	} else {
533 		lifn.lifn_family = AF_UNSPEC;
534 		lifn.lifn_flags = lifc_flags;
535 		if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) {
536 			Perror0_exit("Could not determine number"
537 			    " of interfaces");
538 		}
539 		numifs = lifn.lifn_count;
540 		if (debug)
541 			(void) printf("ifconfig: %d interfaces\n",  numifs);
542 
543 		bufsize = numifs * sizeof (struct lifreq);
544 		if ((buf = malloc(bufsize)) == NULL) {
545 			Perror0("out of memory\n");
546 			(void) close(s);
547 			return;
548 		}
549 
550 		lifc.lifc_family = AF_UNSPEC;
551 		lifc.lifc_flags = lifc_flags;
552 		lifc.lifc_len = bufsize;
553 		lifc.lifc_buf = buf;
554 
555 		if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) {
556 			Perror0("SIOCGLIFCONF");
557 			(void) close(s);
558 			free(buf);
559 			return;
560 		}
561 	}
562 
563 	lifrp = lifc.lifc_req;
564 	for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) {
565 
566 		if (!plumball) {
567 			/*
568 			 * We must close and recreate the socket each time
569 			 * since we don't know what type of socket it is now
570 			 * (each status function may change it).
571 			 */
572 
573 			(void) close(s);
574 
575 			af = lifrp->lifr_addr.ss_family;
576 			s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
577 			if (s == -1) {
578 				/*
579 				 * Perror0() assumes the name to be in the
580 				 * globally defined lifreq structure.
581 				 */
582 				(void) strncpy(lifr.lifr_name,
583 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
584 				Perror0_exit("socket");
585 			}
586 		}
587 
588 		/*
589 		 * Only service interfaces that match the on and off
590 		 * flags masks.
591 		 */
592 		if (onflags || offflags) {
593 			(void) memset(&lifrl, 0, sizeof (lifrl));
594 			(void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
595 			    sizeof (lifrl.lifr_name));
596 			if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrl) < 0) {
597 				/*
598 				 * Perror0() assumes the name to be in the
599 				 * globally defined lifreq structure.
600 				 */
601 				(void) strncpy(lifr.lifr_name,
602 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
603 				Perror0_exit("foreachinterface: SIOCGLIFFLAGS");
604 			}
605 			if ((lifrl.lifr_flags & onflags) != onflags)
606 				continue;
607 			if ((~lifrl.lifr_flags & offflags) != offflags)
608 				continue;
609 		}
610 
611 		if (!plumball) {
612 			(void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
613 			    sizeof (lifrl.lifr_name));
614 			if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifrl) < 0) {
615 				/*
616 				 * Perror0() assumes the name to be in the
617 				 * globally defined lifreq structure.
618 				 */
619 				(void) strncpy(lifr.lifr_name,
620 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
621 				Perror0("foreachinterface: SIOCGLIFADDR");
622 				continue;
623 			}
624 			if (lifrl.lifr_addr.ss_family != af) {
625 				/* Switch address family */
626 				af = lifrl.lifr_addr.ss_family;
627 				(void) close(s);
628 
629 				s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
630 				if (s == -1) {
631 					/*
632 					 * Perror0() assumes the name to be in
633 					 * the globally defined lifreq
634 					 * structure.
635 					 */
636 					(void) strncpy(lifr.lifr_name,
637 					    lifrp->lifr_name,
638 					    sizeof (lifr.lifr_name));
639 					Perror0_exit("socket");
640 				}
641 			}
642 		}
643 
644 		/*
645 		 * Reset global state
646 		 * setaddr: Used by parser to tear apart source and dest
647 		 * name and origname contain the name of the 'current'
648 		 * interface.
649 		 */
650 		setaddr = 0;
651 		(void) strncpy(name, lifrp->lifr_name, sizeof (name));
652 		(void) strncpy(origname, name, sizeof (origname));
653 
654 		(*func)(argc, argv, save_af, lifrp);
655 		/* the func could have overwritten origname, so restore */
656 		(void) strncpy(name, origname, sizeof (name));
657 	}
658 	if (buf != NULL)
659 		free(buf);
660 }
661 
662 static void
663 tun_reality_check(void)
664 {
665 	struct iftun_req treq;
666 	ipsec_req_t *ipsr;
667 
668 	(void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name));
669 	if (strchr(name, ':') != NULL) {
670 		/* Return, we don't need to check. */
671 		return;
672 	}
673 	if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0 ||
674 	    !(treq.ifta_flags & IFTUN_SECURITY) ||
675 	    (treq.ifta_flags & IFTUN_COMPLEX_SECURITY)) {
676 		/*
677 		 * Either not a tunnel (the SIOCGTUNPARAM fails on
678 		 * non-tunnels), the security flag is not set, or
679 		 * this is a tunnel with ipsecconf(1M)-set policy.
680 		 * Regardless, return.
681 		 */
682 		return;
683 	}
684 
685 	ipsr = (ipsec_req_t *)&treq.ifta_secinfo;
686 
687 	if (ipsr->ipsr_esp_req != 0 &&
688 	    ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE &&
689 	    ipsr->ipsr_ah_req == 0)
690 		(void) fprintf(stderr, "ifconfig: WARNING - tunnel with "
691 		    "only ESP and no authentication.\n");
692 }
693 
694 /*
695  * for the specified interface call (*func)(argc, argv, af, lifrp).
696  */
697 
698 static void
699 ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp)
700 {
701 	static boolean_t scan_netmask = _B_FALSE;
702 	int ret;
703 
704 	if (argc == 0) {
705 		status();
706 		return;
707 	}
708 
709 	if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) {
710 		/*
711 		 * Some errors are ignored in the case where more than one
712 		 * interface is being operated on.
713 		 */
714 		ret = setifdhcp("ifconfig", name, argc, argv);
715 		if (ret == DHCP_EXIT_IF_FAILURE) {
716 			if (!all)
717 				exit(DHCP_EXIT_FAILURE);
718 		} else if (ret != DHCP_EXIT_SUCCESS) {
719 			exit(ret);
720 		}
721 		return;
722 	}
723 
724 	/*
725 	 * The following is a "hack" to get around the existing interface
726 	 * setting mechanism.  Currently, each interface attribute,
727 	 * such as address, netmask, broadcast, ... is set separately.  But
728 	 * sometimes two or more attributes must be set together.  For
729 	 * example, setting an address without a netmask does not make sense.
730 	 * Yet they can be set separately for IPv4 address using the current
731 	 * ifconfig(1M) syntax.  The kernel then "infers" the correct netmask
732 	 * using the deprecated "IP address classes."  This is simply not
733 	 * correct.
734 	 *
735 	 * The "hack" below is to go thru the whole command list looking for
736 	 * the netmask command first.  Then use this netmask to set the
737 	 * address.  This does not provide an extensible way to accommodate
738 	 * future need for setting more than one attributes together.
739 	 *
740 	 * Note that if the "netmask" command argument is a "+", we need
741 	 * to save this info and do the query after we know the address to
742 	 * be set.  The reason is that if "addif" is used, the working
743 	 * interface name will be changed later when the logical interface
744 	 * is created.  In in_getmask(), if an address is not provided,
745 	 * it will use the working interface's address to do the query.
746 	 * It will be wrong now as we don't know the logical interface's name.
747 	 *
748 	 * ifconfig(1M) is too overloaded and the code is so convoluted
749 	 * that it is "safer" not to re-architect the code to fix the above
750 	 * issue, hence this "hack."  We may be better off to have a new
751 	 * command with better syntax for configuring network interface
752 	 * parameters...
753 	 */
754 	if (!scan_netmask && afp->af_af == AF_INET) {
755 		int	largc;
756 		char	**largv;
757 
758 		/* Only go thru the command list once to find the netmask. */
759 		scan_netmask = _B_TRUE;
760 
761 		/*
762 		 * Currently, if multiple netmask commands are specified, the
763 		 * last one will be used as the final netmask.  So we need
764 		 * to scan the whole list to preserve this behavior.
765 		 */
766 		for (largc = argc, largv = argv; largc > 0; largc--, largv++) {
767 			if (strcmp(*largv, NETMASK_CMD) == 0) {
768 				if (--largc == 0)
769 					break;
770 				largv++;
771 				if (strcmp(*largv, "+") == 0) {
772 					g_netmask_set = G_NETMASK_PENDING;
773 				} else {
774 					in_getaddr(*largv, (struct sockaddr *)
775 					    &g_netmask, NULL);
776 					g_netmask_set = G_NETMASK_SET;
777 				}
778 				/* Continue the scan. */
779 			}
780 		}
781 	}
782 
783 	while (argc > 0) {
784 		struct cmd *p;
785 		boolean_t found_cmd;
786 
787 		if (debug)
788 			(void) printf("ifconfig: argv %s\n", *argv);
789 
790 		found_cmd = _B_FALSE;
791 		for (p = cmds; p->c_func; p++) {
792 			if (p->c_name) {
793 				if (strcmp(*argv, p->c_name) == 0) {
794 					/*
795 					 * indicate that the command was
796 					 * found and check to see if
797 					 * the address family is valid
798 					 */
799 					found_cmd = _B_TRUE;
800 					if (p->c_af == AF_ANY ||
801 					    af == p->c_af)
802 						break;
803 				}
804 			} else {
805 				if (p->c_af == AF_ANY ||
806 				    af == p->c_af)
807 					break;
808 			}
809 		}
810 		/*
811 		 * If we found the keyword, but the address family
812 		 * did not match spit out an error
813 		 */
814 		if (found_cmd && p->c_name == 0) {
815 			(void) fprintf(stderr, "ifconfig: Operation %s not"
816 			    " supported for %s\n", *argv, afp->af_name);
817 			exit(1);
818 		}
819 		/*
820 		 * else (no keyword found), we assume it's an address
821 		 * of some sort
822 		 */
823 		if (p->c_name == 0 && setaddr)
824 			p++;	/* got src, do dst */
825 		if (p->c_func) {
826 			if (p->c_af == AF_INET6) {
827 				v4compat = 0;
828 			}
829 			if (p->c_parameter == NEXTARG ||
830 			    p->c_parameter == OPTARG) {
831 				argc--, argv++;
832 				if (argc == 0 && p->c_parameter == NEXTARG) {
833 					(void) fprintf(stderr,
834 					    "ifconfig: no argument for %s\n",
835 					    p->c_name);
836 					exit(1);
837 				}
838 			}
839 			/*
840 			 *	Call the function if:
841 			 *
842 			 *		there's no address family
843 			 *		restriction
844 			 *	OR
845 			 *		we don't know the address yet
846 			 *		(because we were called from
847 			 *		main)
848 			 *	OR
849 			 *		there is a restriction AND
850 			 *		the address families match
851 			 */
852 			if ((p->c_af == AF_ANY)	||
853 			    (lifrp == (struct lifreq *)NULL) ||
854 			    (lifrp->lifr_addr.ss_family == p->c_af)) {
855 				ret = (*p->c_func)(*argv, p->c_parameter);
856 				/*
857 				 *	If c_func failed and we should
858 				 *	abort processing for this
859 				 *	interface on failure, return
860 				 *	now rather than going on to
861 				 *	process other commands for
862 				 *	the same interface.
863 				 */
864 				if (ret != 0 && p->c_abortonfail)
865 					return;
866 			}
867 		}
868 		argc--, argv++;
869 	}
870 
871 	/* Check to see if there's a security hole in the tunnel setup. */
872 	tun_reality_check();
873 }
874 
875 /* ARGSUSED */
876 static int
877 setdebugflag(char *val, int64_t arg)
878 {
879 	debug++;
880 	return (0);
881 }
882 
883 /* ARGSUSED */
884 static int
885 setverboseflag(char *val, int64_t arg)
886 {
887 	verbose++;
888 	return (0);
889 }
890 
891 /*
892  * This function fills in the given lifreq's lifr_addr field based on
893  * g_netmask_set.
894  */
895 static void
896 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr,
897     struct sockaddr_storage *mask)
898 {
899 	assert(addr != NULL);
900 	assert(mask != NULL);
901 
902 	switch (g_netmask_set) {
903 	case G_NETMASK_SET:
904 		lifr->lifr_addr = g_netmask;
905 		break;
906 
907 	case G_NETMASK_PENDING:
908 		/*
909 		 * "+" is used as the argument to "netmask" command.  Query
910 		 * the database on the correct netmask based on the address to
911 		 * be set.
912 		 */
913 		assert(afp->af_af == AF_INET);
914 		g_netmask = *addr;
915 		if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) {
916 			lifr->lifr_addr = *mask;
917 			g_netmask_set = G_NETMASK_NIL;
918 		} else {
919 			lifr->lifr_addr = g_netmask;
920 			g_netmask_set = G_NETMASK_SET;
921 		}
922 		break;
923 
924 	case G_NETMASK_NIL:
925 	default:
926 		lifr->lifr_addr = *mask;
927 		break;
928 	}
929 }
930 
931 /*
932  * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n>
933  * syntax for setting the address, the address plus netmask, and just
934  * the netmask respectively.
935  */
936 /* ARGSUSED */
937 static int
938 setifaddr(char *addr, int64_t param)
939 {
940 	int prefixlen = 0;
941 	struct	sockaddr_storage laddr;
942 	struct	sockaddr_storage netmask;
943 	struct	sockaddr_in6 *sin6;
944 	struct	sockaddr_in *sin;
945 	struct	sockaddr_storage sav_netmask;
946 
947 	if (addr[0] == '/')
948 		return (setifprefixlen(addr, 0));
949 
950 	(*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen);
951 
952 	(void) memset(&netmask, 0, sizeof (netmask));
953 	netmask.ss_family = afp->af_af;
954 	switch (prefixlen) {
955 	case NO_PREFIX:
956 		/* Nothing there - ok */
957 		break;
958 	case BAD_ADDR:
959 		(void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n",
960 		    addr);
961 		exit(1);
962 	default:
963 		if (afp->af_af == AF_INET6) {
964 			sin6 = (struct sockaddr_in6 *)&netmask;
965 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
966 			    (uchar_t *)&sin6->sin6_addr)) {
967 				(void) fprintf(stderr, "ifconfig: "
968 				    "Bad prefix length: %d\n",
969 				    prefixlen);
970 				exit(1);
971 			}
972 		} else {
973 			sin = (struct sockaddr_in *)&netmask;
974 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
975 			    (uchar_t *)&sin->sin_addr)) {
976 				(void) fprintf(stderr, "ifconfig: "
977 				    "Bad prefix length: %d\n",
978 				    prefixlen);
979 				exit(1);
980 			}
981 		}
982 		/*
983 		 * Just in case of funny setting of both prefix and netmask,
984 		 * prefix should override the netmask command.
985 		 */
986 		g_netmask_set = G_NETMASK_NIL;
987 		break;
988 	}
989 	/* Tell parser that an address was set */
990 	setaddr++;
991 	/* save copy of netmask to restore in case of error */
992 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
993 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0)
994 		Perror0_exit("SIOCGLIFNETMASK");
995 	sav_netmask = lifr.lifr_addr;
996 
997 	/*
998 	 * If setting the address and not the mask, clear any existing mask
999 	 * and the kernel will then assign the default (netmask has been set
1000 	 * to 0 in this case).  If setting both (either by using a prefix or
1001 	 * using the netmask command), set the mask first, so the address will
1002 	 * be interpreted correctly.
1003 	 */
1004 	set_mask_lifreq(&lifr, &laddr, &netmask);
1005 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1006 		Perror0_exit("SIOCSLIFNETMASK");
1007 
1008 	if (debug) {
1009 		char abuf[INET6_ADDRSTRLEN];
1010 		void *addr = (afp->af_af == AF_INET) ?
1011 		    (void *)&((struct sockaddr_in *)&laddr)->sin_addr :
1012 		    (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr;
1013 
1014 		(void) printf("Setting %s af %d addr %s\n",
1015 		    lifr.lifr_name, afp->af_af,
1016 		    inet_ntop(afp->af_af, addr, abuf, sizeof (abuf)));
1017 	}
1018 	lifr.lifr_addr = laddr;
1019 	lifr.lifr_addr.ss_family = afp->af_af;
1020 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) {
1021 		/*
1022 		 * Restore the netmask
1023 		 */
1024 		int saverr = errno;
1025 
1026 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1027 		lifr.lifr_addr = sav_netmask;
1028 		(void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr);
1029 		errno = saverr;
1030 		Perror0_exit("SIOCSLIFADDR");
1031 	}
1032 
1033 	return (0);
1034 }
1035 
1036 /*
1037  * The following functions are stolen from the ipseckey(1m) program.
1038  * Perhaps they should be somewhere common, but for now, we just maintain
1039  * two versions.  We do this because of the different semantics for which
1040  * algorithms we select ("requested" for ifconfig vs. "actual" for key).
1041  */
1042 
1043 static ulong_t
1044 parsenum(char *num)
1045 {
1046 	ulong_t rc;
1047 	char *end = NULL;
1048 
1049 	errno = 0;
1050 	rc = strtoul(num, &end, 0);
1051 	if (errno != 0 || end == num || *end != '\0') {
1052 		rc = (ulong_t)-1;
1053 	}
1054 
1055 	return (rc);
1056 }
1057 
1058 /*
1059  * Parse and reverse parse possible algorithm values, include numbers.
1060  * Mostly stolen from ipseckey.c. See the comments above parsenum() for why
1061  * this isn't common to ipseckey.c.
1062  *
1063  * NOTE: Static buffer in this function for the return value.  Since ifconfig
1064  *	 isn't multithreaded, this isn't a huge problem.
1065  */
1066 
1067 #define	NBUF_SIZE 20	/* Enough to print a large integer. */
1068 
1069 static char *
1070 rparsealg(uint8_t alg_value, int proto_num)
1071 {
1072 	struct ipsecalgent *alg;
1073 	static char numprint[128];	/* Enough to hold an algorithm name. */
1074 
1075 	/*
1076 	 * Special cases for "any" and "none"
1077 	 * The kernel needs to be able to distinguish between "any"
1078 	 * and "none" and the APIs are underdefined in this area for auth.
1079 	 */
1080 	if (proto_num == IPSEC_PROTO_AH) {
1081 		if (alg_value == SADB_AALG_NONE)
1082 			return ("none");
1083 		if (alg_value == SADB_AALG_ANY)
1084 			return ("any");
1085 	}
1086 
1087 	alg = getipsecalgbynum(alg_value, proto_num, NULL);
1088 	if (alg != NULL) {
1089 		(void) strlcpy(numprint, alg->a_names[0], sizeof (numprint));
1090 		freeipsecalgent(alg);
1091 	} else {
1092 		(void) snprintf(numprint, sizeof (numprint), "%d", alg_value);
1093 	}
1094 
1095 	return (numprint);
1096 }
1097 
1098 static uint_t
1099 parsealg(char *algname, int proto_num)
1100 {
1101 	struct ipsecalgent *alg;
1102 	ulong_t invalue;
1103 
1104 	if (algname == NULL) {
1105 		(void) fprintf(stderr, "ifconfig: Unexpected end of command "
1106 		    "line.\n");
1107 		exit(1);
1108 	}
1109 
1110 	/*
1111 	 * Special-case "none" and "any".
1112 	 * Use strcasecmp because its length is bounded.
1113 	 */
1114 	if (strcasecmp("none", algname) == 0) {
1115 		return ((proto_num == IPSEC_PROTO_ESP) ?
1116 		    NO_ESP_EALG : NO_ESP_AALG);
1117 	}
1118 	if ((strcasecmp("any", algname) == 0) && (proto_num == IPSEC_PROTO_AH))
1119 		return (SADB_AALG_ANY);
1120 
1121 	alg = getipsecalgbyname(algname, proto_num, NULL);
1122 	if (alg != NULL) {
1123 		invalue = alg->a_alg_num;
1124 		freeipsecalgent(alg);
1125 		return ((uint_t)invalue);
1126 	}
1127 
1128 	/*
1129 	 * Since algorithms can be loaded during kernel run-time, check for
1130 	 * numeric algorithm values too.
1131 	 */
1132 	invalue = parsenum(algname);
1133 	if ((invalue & (ulong_t)0xff) == invalue)
1134 		return ((uint_t)invalue);
1135 
1136 	(void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n",
1137 	    (proto_num == IPSEC_PROTO_ESP) ?
1138 	    "Encryption" : "Authentication", algname);
1139 	exit(1);
1140 	/* NOTREACHED */
1141 }
1142 
1143 /*
1144  * Actual ifconfig functions to set tunnel security properties.
1145  */
1146 
1147 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG };
1148 
1149 boolean_t first_set_tun = _B_TRUE;
1150 boolean_t encr_alg_set = _B_FALSE;
1151 
1152 /*
1153  * Need global for multiple calls to set_tun_algs
1154  * because we accumulate algorithm selections over
1155  * the lifetime of this ifconfig(1M) invocation.
1156  */
1157 static struct iftun_req treq_tun;
1158 
1159 static int
1160 set_tun_algs(int which_alg, int alg)
1161 {
1162 	ipsec_req_t *ipsr;
1163 
1164 	(void) strncpy(treq_tun.ifta_lifr_name, name,
1165 	    sizeof (treq_tun.ifta_lifr_name));
1166 	if (strchr(name, ':') != NULL) {
1167 		errno = EPERM;
1168 		Perror0_exit("Tunnel params on logical interfaces");
1169 	}
1170 	if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq_tun) < 0) {
1171 		if (errno == EOPNOTSUPP || errno == EINVAL)
1172 			Perror0_exit("Not a tunnel");
1173 		else Perror0_exit("SIOCGTUNPARAM");
1174 	}
1175 
1176 	ipsr = (ipsec_req_t *)&treq_tun.ifta_secinfo;
1177 
1178 	if (treq_tun.ifta_vers != IFTUN_VERSION) {
1179 		(void) fprintf(stderr,
1180 		    "Kernel tunnel secinfo version mismatch.\n");
1181 		exit(1);
1182 	}
1183 
1184 	/*
1185 	 * If I'm just starting off this ifconfig, I want a clean slate,
1186 	 * otherwise, I've captured the current tunnel security settings.
1187 	 * In the case of continuation, I merely add to the settings.
1188 	 */
1189 	if (first_set_tun) {
1190 		first_set_tun = _B_FALSE;
1191 		(void) memset(ipsr, 0, sizeof (*ipsr));
1192 	}
1193 
1194 	treq_tun.ifta_flags = IFTUN_SECURITY;
1195 
1196 	switch (which_alg) {
1197 	case ESP_ENCR_ALG:
1198 		if (alg == NO_ESP_EALG) {
1199 			if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE)
1200 				ipsr->ipsr_esp_req = 0;
1201 			ipsr->ipsr_esp_alg = SADB_EALG_NONE;
1202 
1203 			/* Let the user specify NULL encryption implicitly. */
1204 			if (ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) {
1205 				encr_alg_set = _B_TRUE;
1206 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1207 			}
1208 		} else {
1209 			encr_alg_set = _B_TRUE;
1210 			ipsr->ipsr_esp_req =
1211 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1212 			ipsr->ipsr_esp_alg = alg;
1213 		}
1214 		break;
1215 	case ESP_AUTH_ALG:
1216 		if (alg == NO_ESP_AALG) {
1217 			if ((ipsr->ipsr_esp_alg == SADB_EALG_NONE ||
1218 			    ipsr->ipsr_esp_alg == SADB_EALG_NULL) &&
1219 			    !encr_alg_set)
1220 				ipsr->ipsr_esp_req = 0;
1221 			ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE;
1222 		} else {
1223 			ipsr->ipsr_esp_req =
1224 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1225 			ipsr->ipsr_esp_auth_alg = alg;
1226 
1227 			/* Let the user specify NULL encryption implicitly. */
1228 			if (ipsr->ipsr_esp_alg == SADB_EALG_NONE &&
1229 			    !encr_alg_set)
1230 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1231 		}
1232 		break;
1233 	case AH_AUTH_ALG:
1234 		if (alg == NO_AH_AALG) {
1235 			ipsr->ipsr_ah_req = 0;
1236 			ipsr->ipsr_auth_alg = SADB_AALG_NONE;
1237 		} else {
1238 			ipsr->ipsr_ah_req =
1239 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1240 			ipsr->ipsr_auth_alg = alg;
1241 		}
1242 		break;
1243 		/* Will never hit DEFAULT */
1244 	}
1245 
1246 	if (ioctl(s, SIOCSTUNPARAM, (caddr_t)&treq_tun) < 0) {
1247 		Perror2_exit("set tunnel security properties",
1248 		    treq_tun.ifta_lifr_name);
1249 	}
1250 
1251 	return (0);
1252 }
1253 
1254 /* ARGSUSED */
1255 static int
1256 set_tun_esp_encr_alg(char *addr, int64_t param)
1257 {
1258 	return (set_tun_algs(ESP_ENCR_ALG,
1259 	    parsealg(addr, IPSEC_PROTO_ESP)));
1260 }
1261 
1262 /* ARGSUSED */
1263 static int
1264 set_tun_esp_auth_alg(char *addr, int64_t param)
1265 {
1266 	return (set_tun_algs(ESP_AUTH_ALG,
1267 	    parsealg(addr, IPSEC_PROTO_AH)));
1268 }
1269 
1270 /* ARGSUSED */
1271 static int
1272 set_tun_ah_alg(char *addr, int64_t param)
1273 {
1274 	return (set_tun_algs(AH_AUTH_ALG,
1275 	    parsealg(addr, IPSEC_PROTO_AH)));
1276 }
1277 
1278 /* ARGSUSED */
1279 static int
1280 setifrevarp(char *arg, int64_t param)
1281 {
1282 	struct sockaddr_in	laddr;
1283 
1284 	if (afp->af_af == AF_INET6) {
1285 		(void) fprintf(stderr,
1286 		    "ifconfig: revarp not possible on IPv6 interface %s\n",
1287 		    name);
1288 		exit(1);
1289 	}
1290 	if (doifrevarp(name, &laddr)) {
1291 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1292 		laddr.sin_family = AF_INET;
1293 		(void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr));
1294 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1295 			Perror0_exit("SIOCSLIFADDR");
1296 	}
1297 	return (0);
1298 }
1299 
1300 /* ARGSUSED */
1301 static int
1302 setifsubnet(char *addr, int64_t param)
1303 {
1304 	int prefixlen = 0;
1305 	struct	sockaddr_storage subnet;
1306 
1307 	(*afp->af_getaddr)(addr, &subnet, &prefixlen);
1308 
1309 	switch (prefixlen) {
1310 	case NO_PREFIX:
1311 		(void) fprintf(stderr,
1312 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
1313 		exit(1);
1314 		/* NOTREACHED */
1315 	case BAD_ADDR:
1316 		(void) fprintf(stderr,
1317 		    "ifconfig: Bad prefix length in %s\n", addr);
1318 		exit(1);
1319 	default:
1320 		break;
1321 	}
1322 
1323 	lifr.lifr_addr = subnet;
1324 	lifr.lifr_addrlen = prefixlen;
1325 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1326 	if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0)
1327 		Perror0_exit("SIOCSLIFSUBNET");
1328 
1329 	return (0);
1330 }
1331 
1332 /* ARGSUSED */
1333 static int
1334 setifnetmask(char *addr, int64_t param)
1335 {
1336 	struct sockaddr_in netmask;
1337 
1338 	assert(afp->af_af != AF_INET6);
1339 
1340 	if (strcmp(addr, "+") == 0) {
1341 		if (!in_getmask(&netmask, _B_FALSE))
1342 			return (0);
1343 		(void) printf("Setting netmask of %s to %s\n", name,
1344 		    inet_ntoa(netmask.sin_addr));
1345 	} else {
1346 		in_getaddr(addr, (struct sockaddr *)&netmask, NULL);
1347 	}
1348 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1349 	(void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask));
1350 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1351 		Perror0_exit("SIOCSLIFNETMASK");
1352 	return (0);
1353 }
1354 
1355 /*
1356  * Parse '/<n>' as a netmask.
1357  */
1358 /* ARGSUSED */
1359 static int
1360 setifprefixlen(char *addr, int64_t param)
1361 {
1362 	int prefixlen;
1363 	int af = afp->af_af;
1364 
1365 	prefixlen = in_getprefixlen(addr, _B_TRUE,
1366 	    (af == AF_INET) ? IP_ABITS : IPV6_ABITS);
1367 	if (prefixlen < 0) {
1368 		(void) fprintf(stderr,
1369 		    "ifconfig: Bad prefix length in %s\n", addr);
1370 		exit(1);
1371 	}
1372 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1373 	lifr.lifr_addr.ss_family = af;
1374 	if (af == AF_INET6) {
1375 		struct sockaddr_in6 *sin6;
1376 
1377 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
1378 		if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1379 		    (uchar_t *)&sin6->sin6_addr)) {
1380 			(void) fprintf(stderr, "ifconfig: "
1381 			    "Bad prefix length: %d\n",
1382 			    prefixlen);
1383 			exit(1);
1384 		}
1385 	} else if (af == AF_INET) {
1386 		struct sockaddr_in *sin;
1387 
1388 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
1389 		if (!in_prefixlentomask(prefixlen, IP_ABITS,
1390 		    (uchar_t *)&sin->sin_addr)) {
1391 			(void) fprintf(stderr, "ifconfig: "
1392 			    "Bad prefix length: %d\n",
1393 			    prefixlen);
1394 			exit(1);
1395 		}
1396 	} else {
1397 		(void) fprintf(stderr, "ifconfig: setting prefix only supported"
1398 		    " for address family inet or inet6\n");
1399 		exit(1);
1400 	}
1401 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1402 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1403 		Perror0_exit("SIOCSLIFNETMASK");
1404 	return (0);
1405 }
1406 
1407 /* ARGSUSED */
1408 static int
1409 setifbroadaddr(char *addr, int64_t param)
1410 {
1411 	struct	sockaddr_in broadaddr;
1412 
1413 	assert(afp->af_af != AF_INET6);
1414 
1415 	if (strcmp(addr, "+") == 0) {
1416 		/*
1417 		 * This doesn't set the broadcast address at all. Rather, it
1418 		 * gets, then sets the interface's address, relying on the fact
1419 		 * that resetting the address will reset the broadcast address.
1420 		 */
1421 		(void) strncpy(lifr.lifr_name, name,
1422 		    sizeof (lifr.lifr_name));
1423 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
1424 			if (errno != EADDRNOTAVAIL)
1425 				Perror0_exit("SIOCGLIFADDR");
1426 			return (0);
1427 		}
1428 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1429 			Perror0_exit("SIOCGLIFADDR");
1430 
1431 		return (0);
1432 	}
1433 	in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL);
1434 
1435 	(void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr));
1436 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1437 	if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0)
1438 		Perror0_exit("SIOCSLIFBRDADDR");
1439 	return (0);
1440 }
1441 
1442 /*
1443  * set interface destination address
1444  */
1445 /* ARGSUSED */
1446 static int
1447 setifdstaddr(char *addr, int64_t param)
1448 {
1449 	(*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL);
1450 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1451 	if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0)
1452 		Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR");
1453 	return (0);
1454 }
1455 
1456 /* ARGSUSED */
1457 static int
1458 setifflags(char *val, int64_t value)
1459 {
1460 	struct lifreq lifrl;	/* local lifreq struct */
1461 	boolean_t bringup = _B_FALSE;
1462 
1463 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1464 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0)
1465 		Perror0_exit("setifflags: SIOCGLIFFLAGS");
1466 
1467 	if (value < 0) {
1468 		value = -value;
1469 
1470 		if ((value & IFF_NOFAILOVER) && (lifr.lifr_flags & IFF_UP)) {
1471 			/*
1472 			 * The kernel does not allow administratively up test
1473 			 * addresses to be converted to data addresses.  Bring
1474 			 * the address down first, then bring it up after it's
1475 			 * been converted to a data address.
1476 			 */
1477 			lifr.lifr_flags &= ~IFF_UP;
1478 			(void) ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr);
1479 			bringup = _B_TRUE;
1480 		}
1481 
1482 		lifr.lifr_flags &= ~value;
1483 		if ((value & (IFF_UP | IFF_NOFAILOVER)) &&
1484 		    (lifr.lifr_flags & IFF_DUPLICATE)) {
1485 			/*
1486 			 * If the user is trying to mark an interface with a
1487 			 * duplicate address as "down," or convert a duplicate
1488 			 * test address to a data address, then fetch the
1489 			 * address and set it.  This will cause IP to clear
1490 			 * the IFF_DUPLICATE flag and stop the automatic
1491 			 * recovery timer.
1492 			 */
1493 			value = lifr.lifr_flags;
1494 			if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0)
1495 				(void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr);
1496 			lifr.lifr_flags = value;
1497 		}
1498 	} else {
1499 		lifr.lifr_flags |= value;
1500 	}
1501 
1502 	/*
1503 	 * If we're about to bring up an underlying physical IPv6 interface in
1504 	 * an IPMP group, ensure the IPv6 IPMP interface is also up.  This is
1505 	 * for backward compatibility with legacy configurations in which
1506 	 * there are no explicit hostname files for IPMP interfaces.  (For
1507 	 * IPv4, this is automatically handled by the kernel when migrating
1508 	 * the underlying interface's data address to the IPMP interface.)
1509 	 */
1510 	(void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ);
1511 
1512 	if (lifnum(lifr.lifr_name) == 0 &&
1513 	    (lifr.lifr_flags & (IFF_UP|IFF_IPV6)) == (IFF_UP|IFF_IPV6) &&
1514 	    ioctl(s, SIOCGLIFGROUPNAME, &lifrl) == 0 &&
1515 	    lifrl.lifr_groupname[0] != '\0') {
1516 		lifgroupinfo_t lifgr;
1517 
1518 		(void) strlcpy(lifgr.gi_grname, lifrl.lifr_groupname,
1519 		    LIFGRNAMSIZ);
1520 		if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1)
1521 			Perror0_exit("setifflags: SIOCGLIFGROUPINFO");
1522 
1523 		(void) strlcpy(lifrl.lifr_name, lifgr.gi_grifname, LIFNAMSIZ);
1524 		if (ioctl(s, SIOCGLIFFLAGS, &lifrl) == -1)
1525 			Perror0_exit("setifflags: SIOCGLIFFLAGS");
1526 		if (!(lifrl.lifr_flags & IFF_UP)) {
1527 			lifrl.lifr_flags |= IFF_UP;
1528 			if (ioctl(s, SIOCSLIFFLAGS, &lifrl) == -1)
1529 				Perror0_exit("setifflags: SIOCSLIFFLAGS");
1530 		}
1531 	}
1532 
1533 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1534 	if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0)
1535 		Perror0_exit("setifflags: SIOCSLIFFLAGS");
1536 
1537 	if (bringup) {
1538 		lifr.lifr_flags |= IFF_UP;
1539 		if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0)
1540 			Perror0_exit("setifflags: SIOCSLIFFLAGS IFF_UP");
1541 	}
1542 
1543 	return (0);
1544 }
1545 
1546 /* ARGSUSED */
1547 static int
1548 setifmetric(char *val, int64_t param)
1549 {
1550 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1551 	lifr.lifr_metric = atoi(val);
1552 	if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0)
1553 		Perror0_exit("setifmetric: SIOCSLIFMETRIC");
1554 	return (0);
1555 }
1556 
1557 /* ARGSUSED */
1558 static int
1559 setifmtu(char *val, int64_t param)
1560 {
1561 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1562 	lifr.lifr_mtu = atoi(val);
1563 	if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0)
1564 		Perror0_exit("setifmtu: SIOCSLIFMTU");
1565 	return (0);
1566 }
1567 
1568 /* ARGSUSED */
1569 static int
1570 setifindex(char *val, int64_t param)
1571 {
1572 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1573 	lifr.lifr_index = atoi(val);
1574 	if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0)
1575 		Perror0_exit("setifindex: SIOCSLIFINDEX");
1576 	return (0);
1577 }
1578 
1579 /* ARGSUSED */
1580 static void
1581 notifycb(dlpi_handle_t dh, dlpi_notifyinfo_t *dnip, void *arg)
1582 {
1583 }
1584 
1585 /* ARGSUSED */
1586 static int
1587 setifether(char *addr, int64_t param)
1588 {
1589 	uchar_t		*hwaddr;
1590 	int		hwaddrlen;
1591 	int		retval;
1592 	ifaddrlistx_t	*ifaddrp, *ifaddrs = NULL;
1593 	dlpi_handle_t	dh;
1594 	dlpi_notifyid_t id;
1595 
1596 	if (addr == NULL) {
1597 		ifstatus(name);
1598 		print_ifether(name);
1599 		return (0);
1600 	}
1601 
1602 	/*
1603 	 * if the IP interface in the arguments is a logical
1604 	 * interface, exit with an error now.
1605 	 */
1606 	if (strchr(name, ':') != NULL) {
1607 		(void) fprintf(stderr, "ifconfig: cannot change"
1608 		    " ethernet address of a logical interface\n");
1609 		exit(1);
1610 	}
1611 
1612 	if ((hwaddr = _link_aton(addr, &hwaddrlen)) == NULL) {
1613 		if (hwaddrlen == -1)
1614 			(void) fprintf(stderr,
1615 			    "ifconfig: %s: bad address\n", hwaddr);
1616 		else
1617 			(void) fprintf(stderr, "ifconfig: malloc() failed\n");
1618 		exit(1);
1619 	}
1620 
1621 	if ((retval = dlpi_open(name, &dh, 0)) != DLPI_SUCCESS)
1622 		Perrdlpi_exit("cannot dlpi_open() link", name, retval);
1623 
1624 	retval = dlpi_enabnotify(dh, DL_NOTE_PHYS_ADDR, notifycb, NULL, &id);
1625 	if (retval == DLPI_SUCCESS) {
1626 		(void) dlpi_disabnotify(dh, id, NULL);
1627 	} else {
1628 		/*
1629 		 * This link does not support DL_NOTE_PHYS_ADDR: bring down
1630 		 * all of the addresses to flush the old hardware address
1631 		 * information out of IP.
1632 		 *
1633 		 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is
1634 		 * more than an optimization: in.mpathd will set IFF_OFFLINE
1635 		 * if it's notified and the new address is a duplicate of
1636 		 * another in the group -- but the flags manipulation in
1637 		 * ifaddr_{down,up}() cannot be atomic and thus might clobber
1638 		 * IFF_OFFLINE, confusing in.mpathd.
1639 		 */
1640 		if (ifaddrlistx(name, IFF_UP, 0, &ifaddrs) == -1)
1641 			Perror2_exit(name, "cannot get address list");
1642 
1643 		ifaddrp = ifaddrs;
1644 		for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
1645 			if (!ifaddr_down(ifaddrp)) {
1646 				Perror2_exit(ifaddrp->ia_name,
1647 				    "cannot bring down");
1648 			}
1649 		}
1650 	}
1651 
1652 	/*
1653 	 * Change the hardware address.
1654 	 */
1655 	retval = dlpi_set_physaddr(dh, DL_CURR_PHYS_ADDR, hwaddr, hwaddrlen);
1656 	if (retval != DLPI_SUCCESS) {
1657 		(void) fprintf(stderr,
1658 		    "ifconfig: failed setting mac address on %s\n", name);
1659 	}
1660 	dlpi_close(dh);
1661 
1662 	/*
1663 	 * If any addresses were brought down before changing the hardware
1664 	 * address, bring them up again.
1665 	 */
1666 	for (ifaddrp = ifaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
1667 		if (!ifaddr_up(ifaddrp))
1668 			Perror2_exit(ifaddrp->ia_name, "cannot bring up");
1669 	}
1670 	ifaddrlistx_free(ifaddrs);
1671 
1672 	return (0);
1673 }
1674 
1675 /*
1676  * Print an interface's Ethernet address, if it has one.
1677  */
1678 static void
1679 print_ifether(char *ifname)
1680 {
1681 	int		protocol;
1682 	icfg_if_t	interface;
1683 	icfg_handle_t	handle;
1684 	int		fd;
1685 
1686 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1687 
1688 	fd = socket(AF_INET, SOCK_DGRAM, 0);
1689 	if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1690 		/*
1691 		 * It's possible the interface is only configured for
1692 		 * IPv6; check again with AF_INET6.
1693 		 */
1694 		(void) close(fd);
1695 		fd = socket(AF_INET6, SOCK_DGRAM, 0);
1696 		if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1697 			(void) close(fd);
1698 			return;
1699 		}
1700 	}
1701 	(void) close(fd);
1702 
1703 	/* VNI and IPMP interfaces don't have MAC addresses */
1704 	if (lifr.lifr_flags & (IFF_VIRTUAL|IFF_IPMP))
1705 		return;
1706 
1707 	/*
1708 	 * We must be careful to set if_protocol based on the current
1709 	 * properties of the interface.  For instance, if "ip.tun0" is
1710 	 * configured only as an IPv6 tunnel, then if_protocol must be
1711 	 * set to AF_INET6 or icfg_get_tunnel_lower() will fail and
1712 	 * we will falsely conclude that it's not a tunnel.
1713 	 */
1714 	interface.if_protocol = AF_INET;
1715 	if (lifr.lifr_flags & IFF_IPV6)
1716 		interface.if_protocol = AF_INET6;
1717 
1718 	(void) strncpy(interface.if_name, ifname, sizeof (interface.if_name));
1719 
1720 	if (icfg_open(&handle, &interface) == ICFG_SUCCESS) {
1721 		if (icfg_get_tunnel_lower(handle, &protocol) == ICFG_SUCCESS) {
1722 			/* Tunnel op succeeded -- it's a tunnel so skip */
1723 			icfg_close(handle);
1724 			return;
1725 		}
1726 		icfg_close(handle);
1727 	}
1728 
1729 	dlpi_print_address(ifname);
1730 }
1731 
1732 /*
1733  * static int find_all_global_interfaces(struct lifconf *lifcp, char **buf,
1734  *     int64_t lifc_flags)
1735  *
1736  * It finds all data links for the global zone.
1737  *
1738  * It takes in input a pointer to struct lifconf to receive interfaces
1739  * informations, a **char to hold allocated buffer, and a lifc_flags.
1740  *
1741  * Return values:
1742  *  0 = everything OK
1743  * -1 = problem
1744  */
1745 static int
1746 find_all_global_interfaces(struct lifconf *lifcp, char **buf,
1747     int64_t lifc_flags)
1748 {
1749 	unsigned bufsize;
1750 	int n;
1751 	ni_t *nip;
1752 	struct lifreq *lifrp;
1753 	dladm_handle_t dld_handle;
1754 	dladm_status_t status;
1755 	char errmsg[DLADM_STRSIZE];
1756 
1757 	if ((status = dladm_open(&dld_handle)) != DLADM_STATUS_OK) {
1758 		(void) fprintf(stderr,
1759 		    "ifconfig: find_all_global_interfaces failed: %s\n",
1760 		    dladm_status2str(status, errmsg));
1761 		return (-1);
1762 	}
1763 
1764 	(void) dlpi_walk(ni_entry, dld_handle, 0);
1765 
1766 	dladm_close(dld_handle);
1767 
1768 	/*
1769 	 * Now, translate the linked list into
1770 	 * a struct lifreq buffer
1771 	 */
1772 	if (num_ni == 0) {
1773 		lifcp->lifc_family = AF_UNSPEC;
1774 		lifcp->lifc_flags = lifc_flags;
1775 		lifcp->lifc_len = 0;
1776 		lifcp->lifc_buf = NULL;
1777 		return (0);
1778 	}
1779 
1780 	bufsize = num_ni * sizeof (struct lifreq);
1781 	if ((*buf = malloc(bufsize)) == NULL)
1782 		Perror0_exit("find_all_interfaces: malloc failed");
1783 
1784 	lifcp->lifc_family = AF_UNSPEC;
1785 	lifcp->lifc_flags = lifc_flags;
1786 	lifcp->lifc_len = bufsize;
1787 	lifcp->lifc_buf = *buf;
1788 
1789 	for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) {
1790 		nip = ni_list;
1791 		(void) strncpy(lifrp->lifr_name, nip->ni_name,
1792 		    sizeof (lifr.lifr_name));
1793 		ni_list = nip->ni_next;
1794 		free(nip);
1795 	}
1796 	return (0);
1797 }
1798 
1799 /*
1800  * static int find_all_zone_interfaces(struct lifconf *lifcp, char **buf,
1801  *     int64_t lifc_flags)
1802  *
1803  * It finds all interfaces for an exclusive-IP zone, that is all the interfaces
1804  * assigned to it.
1805  *
1806  * It takes in input a pointer to struct lifconf to receive interfaces
1807  * informations, a **char to hold allocated buffer, and a lifc_flags.
1808  *
1809  * Return values:
1810  *  0 = everything OK
1811  * -1 = problem
1812  */
1813 static int
1814 find_all_zone_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags)
1815 {
1816 	zoneid_t zoneid;
1817 	unsigned bufsize;
1818 	char *dlnames, *ptr;
1819 	struct lifreq *lifrp;
1820 	int num_ni_saved, i;
1821 
1822 	zoneid = getzoneid();
1823 
1824 	num_ni = 0;
1825 	if (zone_list_datalink(zoneid, &num_ni, NULL) != 0)
1826 		Perror0_exit("find_all_interfaces: list interfaces failed");
1827 again:
1828 	/* this zone doesn't have any data-links */
1829 	if (num_ni == 0) {
1830 		lifcp->lifc_family = AF_UNSPEC;
1831 		lifcp->lifc_flags = lifc_flags;
1832 		lifcp->lifc_len = 0;
1833 		lifcp->lifc_buf = NULL;
1834 		return (0);
1835 	}
1836 
1837 	dlnames = malloc(num_ni * LIFNAMSIZ);
1838 	if (dlnames == NULL)
1839 		Perror0_exit("find_all_interfaces: out of memory");
1840 	num_ni_saved = num_ni;
1841 
1842 	if (zone_list_datalink(zoneid, &num_ni, dlnames) != 0)
1843 		Perror0_exit("find_all_interfaces: list interfaces failed");
1844 
1845 	if (num_ni_saved < num_ni) {
1846 		/* list increased, try again */
1847 		free(dlnames);
1848 		goto again;
1849 	}
1850 
1851 	/* this zone doesn't have any data-links now */
1852 	if (num_ni == 0) {
1853 		free(dlnames);
1854 		lifcp->lifc_family = AF_UNSPEC;
1855 		lifcp->lifc_flags = lifc_flags;
1856 		lifcp->lifc_len = 0;
1857 		lifcp->lifc_buf = NULL;
1858 		return (0);
1859 	}
1860 
1861 	bufsize = num_ni * sizeof (struct lifreq);
1862 	if ((*buf = malloc(bufsize)) == NULL) {
1863 		free(dlnames);
1864 		Perror0_exit("find_all_interfaces: malloc failed");
1865 	}
1866 
1867 	lifrp = (struct lifreq *)*buf;
1868 	ptr = dlnames;
1869 	for (i = 0; i < num_ni; i++) {
1870 		if (strlcpy(lifrp->lifr_name, ptr, LIFNAMSIZ) >=
1871 		    LIFNAMSIZ)
1872 			Perror0_exit("find_all_interfaces: overflow");
1873 		ptr += LIFNAMSIZ;
1874 		lifrp++;
1875 	}
1876 
1877 	free(dlnames);
1878 	lifcp->lifc_family = AF_UNSPEC;
1879 	lifcp->lifc_flags = lifc_flags;
1880 	lifcp->lifc_len = bufsize;
1881 	lifcp->lifc_buf = *buf;
1882 	return (0);
1883 }
1884 
1885 /*
1886  * Create the next unused logical interface using the original name
1887  * and assign the address (and mask if '/<n>' is part of the address).
1888  * Use the new logical interface for subsequent subcommands by updating
1889  * the name variable.
1890  *
1891  * This allows syntax like:
1892  *	ifconfig le0 addif 109.106.86.130 netmask + up \
1893  *	addif 109.106.86.131 netmask + up
1894  */
1895 /* ARGSUSED */
1896 static int
1897 addif(char *str, int64_t param)
1898 {
1899 	int prefixlen = 0;
1900 	struct sockaddr_storage laddr;
1901 	struct sockaddr_storage mask;
1902 
1903 	(void) strncpy(name, origname, sizeof (name));
1904 
1905 	if (strchr(name, ':') != NULL) {
1906 		(void) fprintf(stderr,
1907 		    "ifconfig: addif: bad physical interface name %s\n",
1908 		    name);
1909 		exit(1);
1910 	}
1911 
1912 	/*
1913 	 * clear so parser will interpret next address as source followed
1914 	 * by possible dest
1915 	 */
1916 	setaddr = 0;
1917 	(*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen);
1918 
1919 	switch (prefixlen) {
1920 	case NO_PREFIX:
1921 		/* Nothing there - ok */
1922 		break;
1923 	case BAD_ADDR:
1924 		(void) fprintf(stderr,
1925 		    "ifconfig: Bad prefix length in %s\n", str);
1926 		exit(1);
1927 	default:
1928 		(void) memset(&mask, 0, sizeof (mask));
1929 		mask.ss_family = afp->af_af;
1930 		if (afp->af_af == AF_INET6) {
1931 			struct sockaddr_in6 *sin6;
1932 			sin6 = (struct sockaddr_in6 *)&mask;
1933 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1934 			    (uchar_t *)&sin6->sin6_addr)) {
1935 				(void) fprintf(stderr, "ifconfig: "
1936 				    "Bad prefix length: %d\n",
1937 				    prefixlen);
1938 				exit(1);
1939 			}
1940 		} else {
1941 			struct sockaddr_in *sin;
1942 
1943 			sin = (struct sockaddr_in *)&mask;
1944 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
1945 			    (uchar_t *)&sin->sin_addr)) {
1946 				(void) fprintf(stderr, "ifconfig: "
1947 				    "Bad prefix length: %d\n",
1948 				    prefixlen);
1949 				exit(1);
1950 			}
1951 		}
1952 		g_netmask_set = G_NETMASK_NIL;
1953 		break;
1954 	}
1955 
1956 	/*
1957 	 * This is a "hack" to get around the problem of SIOCLIFADDIF.  The
1958 	 * problem is that this ioctl does not include the netmask when
1959 	 * adding a logical interface.  This is the same problem described
1960 	 * in the ifconfig() comments.  To get around this problem, we first
1961 	 * add the logical interface with a 0 address.  After that, we set
1962 	 * the netmask if provided.  Finally we set the interface address.
1963 	 */
1964 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1965 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1966 
1967 	/* Note: no need to do DAD here since the interface isn't up yet. */
1968 
1969 	if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0)
1970 		Perror0_exit("addif: SIOCLIFADDIF");
1971 
1972 	(void) printf("Created new logical interface %s\n",
1973 	    lifr.lifr_name);
1974 	(void) strncpy(name, lifr.lifr_name, sizeof (name));
1975 
1976 	/*
1977 	 * Check and see if any "netmask" command is used and perform the
1978 	 * necessary operation.
1979 	 */
1980 	set_mask_lifreq(&lifr, &laddr, &mask);
1981 	/*
1982 	 * Only set the netmask if "netmask" command is used or a prefix is
1983 	 * provided.
1984 	 */
1985 	if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) {
1986 		if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1987 			Perror0_exit("addif: SIOCSLIFNETMASK");
1988 	}
1989 
1990 	/* Finally, we set the interface address. */
1991 	lifr.lifr_addr = laddr;
1992 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1993 		Perror0_exit("SIOCSLIFADDR");
1994 
1995 	/*
1996 	 * let parser know we got a source.
1997 	 * Next address, if given, should be dest
1998 	 */
1999 	setaddr++;
2000 	return (0);
2001 }
2002 
2003 /*
2004  * Remove a logical interface based on its IP address. Unlike addif
2005  * there is no '/<n>' here.
2006  * Verifies that the interface is down before it is removed.
2007  */
2008 /* ARGSUSED */
2009 static int
2010 removeif(char *str, int64_t param)
2011 {
2012 	struct sockaddr_storage laddr;
2013 
2014 	if (strchr(name, ':') != NULL) {
2015 		(void) fprintf(stderr,
2016 		    "ifconfig: removeif: bad physical interface name %s\n",
2017 		    name);
2018 		exit(1);
2019 	}
2020 
2021 	(*afp->af_getaddr)(str, &laddr, NULL);
2022 	lifr.lifr_addr = laddr;
2023 
2024 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2025 	if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) {
2026 		if (errno == EBUSY) {
2027 			/* This can only happen if ipif_id = 0 */
2028 			(void) fprintf(stderr,
2029 			    "ifconfig: removeif: can't remove interface: %s\n",
2030 			    name);
2031 			exit(1);
2032 		}
2033 		Perror0_exit("removeif: SIOCLIFREMOVEIF");
2034 	}
2035 	return (0);
2036 }
2037 
2038 /*
2039  * Set the address token for IPv6.
2040  */
2041 /* ARGSUSED */
2042 static int
2043 setiftoken(char *addr, int64_t param)
2044 {
2045 	int prefixlen = 0;
2046 	struct sockaddr_in6 token;
2047 
2048 	in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen);
2049 	switch (prefixlen) {
2050 	case NO_PREFIX:
2051 		(void) fprintf(stderr,
2052 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
2053 		exit(1);
2054 		/* NOTREACHED */
2055 	case BAD_ADDR:
2056 		(void) fprintf(stderr,
2057 		    "ifconfig: Bad prefix length in %s\n", addr);
2058 		exit(1);
2059 	default:
2060 		break;
2061 	}
2062 	(void) memcpy(&lifr.lifr_addr, &token, sizeof (token));
2063 	lifr.lifr_addrlen = prefixlen;
2064 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2065 	if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0)  {
2066 		Perror0_exit("setiftoken: SIOCSLIFTOKEN");
2067 	}
2068 	return (0);
2069 }
2070 
2071 /* ARGSUSED */
2072 static int
2073 setifgroupname(char *grname, int64_t param)
2074 {
2075 	lifgroupinfo_t		lifgr;
2076 	struct lifreq		lifrl;
2077 	ifaddrlistx_t		*ifaddrp, *nextifaddrp;
2078 	ifaddrlistx_t		*ifaddrs = NULL, *downaddrs = NULL;
2079 	int			af;
2080 
2081 	if (debug) {
2082 		(void) printf("Setting groupname %s on interface %s\n",
2083 		    grname, name);
2084 	}
2085 
2086 	(void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ);
2087 	(void) strlcpy(lifrl.lifr_groupname, grname, LIFGRNAMSIZ);
2088 
2089 	while (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) {
2090 		switch (errno) {
2091 		case ENOENT:
2092 			/*
2093 			 * The group doesn't yet exist; create it and repeat.
2094 			 */
2095 			af = afp->af_af;
2096 			if (create_ipmp(grname, af, NULL, _B_TRUE) == -1) {
2097 				if (errno == EEXIST)
2098 					continue;
2099 
2100 				Perror2(grname, "cannot create IPMP group");
2101 				goto fail;
2102 			}
2103 			continue;
2104 
2105 		case EALREADY:
2106 			/*
2107 			 * The interface is already in another group; must
2108 			 * remove existing membership first.
2109 			 */
2110 			lifrl.lifr_groupname[0] = '\0';
2111 			if (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) {
2112 				Perror2(name, "cannot remove existing "
2113 				    "IPMP group membership");
2114 				goto fail;
2115 			}
2116 			(void) strlcpy(lifrl.lifr_groupname, grname,
2117 			    LIFGRNAMSIZ);
2118 			continue;
2119 
2120 		case EAFNOSUPPORT:
2121 			/*
2122 			 * The group exists, but it's not configured with the
2123 			 * address families the interface needs.  Since only
2124 			 * two address families are currently supported, just
2125 			 * configure the "other" address family.  Note that we
2126 			 * may race with group deletion or creation by another
2127 			 * process (ENOENT or EEXIST); in such cases we repeat
2128 			 * our original SIOCSLIFGROUPNAME.
2129 			 */
2130 			(void) strlcpy(lifgr.gi_grname, grname, LIFGRNAMSIZ);
2131 			if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) {
2132 				if (errno == ENOENT)
2133 					continue;
2134 
2135 				Perror2(grname, "SIOCGLIFGROUPINFO");
2136 				goto fail;
2137 			}
2138 
2139 			af = lifgr.gi_v4 ? AF_INET6 : AF_INET;
2140 			if (create_ipmp(grname, af, lifgr.gi_grifname,
2141 			    _B_TRUE) == -1) {
2142 				if (errno == EEXIST)
2143 					continue;
2144 
2145 				Perror2(grname, "cannot configure IPMP group");
2146 				goto fail;
2147 			}
2148 			continue;
2149 
2150 		case EADDRINUSE:
2151 			/*
2152 			 * Some addresses are in-use (or under control of DAD).
2153 			 * Bring them down and retry the group join operation.
2154 			 * We will bring them back up after the interface has
2155 			 * been placed in the group.
2156 			 */
2157 			if (ifaddrlistx(lifrl.lifr_name, IFF_UP|IFF_DUPLICATE,
2158 			    0, &ifaddrs) == -1) {
2159 				Perror2(grname, "cannot get address list");
2160 				goto fail;
2161 			}
2162 
2163 			ifaddrp = ifaddrs;
2164 			for (; ifaddrp != NULL; ifaddrp = nextifaddrp) {
2165 				if (!ifaddr_down(ifaddrp)) {
2166 					ifaddrs = ifaddrp;
2167 					goto fail;
2168 				}
2169 				nextifaddrp = ifaddrp->ia_next;
2170 				ifaddrp->ia_next = downaddrs;
2171 				downaddrs = ifaddrp;
2172 			}
2173 			ifaddrs = NULL;
2174 			continue;
2175 
2176 		case EADDRNOTAVAIL: {
2177 			/*
2178 			 * Some data addresses are under application control.
2179 			 * For some of these (e.g., ADDRCONF), the application
2180 			 * should remove the address, in which case we retry a
2181 			 * few times (since the application's action is not
2182 			 * atomic with respect to us) before bailing out and
2183 			 * informing the user.
2184 			 */
2185 			int ntries, nappaddr = 0;
2186 			const if_appflags_t *iap = if_appflags_tbl;
2187 
2188 			for (; iap->ia_app != NULL; iap++) {
2189 				ntries = 0;
2190 again:
2191 				if (ifaddrlistx(lifrl.lifr_name, iap->ia_flag,
2192 				    IFF_NOFAILOVER, &ifaddrs) == -1) {
2193 					(void) fprintf(stderr, "ifconfig: %s: "
2194 					    "cannot get data addresses managed "
2195 					    "by %s\n", lifrl.lifr_name,
2196 					    iap->ia_app);
2197 					goto fail;
2198 				}
2199 
2200 				if (ifaddrs == NULL)
2201 					continue;
2202 
2203 				ifaddrlistx_free(ifaddrs);
2204 				ifaddrs = NULL;
2205 
2206 				if (++ntries < iap->ia_tries) {
2207 					(void) poll(NULL, 0, 100);
2208 					goto again;
2209 				}
2210 
2211 				(void) fprintf(stderr, "ifconfig: cannot join "
2212 				    "IPMP group: %s has data addresses managed "
2213 				    "by %s\n", lifrl.lifr_name, iap->ia_app);
2214 				nappaddr++;
2215 			}
2216 			if (nappaddr > 0)
2217 				goto fail;
2218 			continue;
2219 		}
2220 		default:
2221 			Perror2(name, "SIOCSLIFGROUPNAME");
2222 			goto fail;
2223 		}
2224 	}
2225 
2226 	/*
2227 	 * If there were addresses that we had to bring down, it's time to
2228 	 * bring them up again.  As part of bringing them up, the kernel will
2229 	 * automatically move them to the new IPMP interface.
2230 	 */
2231 	for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
2232 		if (!ifaddr_up(ifaddrp) && errno != ENXIO) {
2233 			(void) fprintf(stderr, "ifconfig: cannot bring back up "
2234 			    "%s: %s\n", ifaddrp->ia_name, strerror(errno));
2235 		}
2236 	}
2237 	ifaddrlistx_free(downaddrs);
2238 	return (0);
2239 fail:
2240 	/*
2241 	 * Attempt to bring back up any interfaces that we downed.
2242 	 */
2243 	for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
2244 		if (!ifaddr_up(ifaddrp) && errno != ENXIO) {
2245 			(void) fprintf(stderr, "ifconfig: cannot bring back up "
2246 			    "%s: %s\n", ifaddrp->ia_name, strerror(errno));
2247 		}
2248 	}
2249 	ifaddrlistx_free(downaddrs);
2250 	ifaddrlistx_free(ifaddrs);
2251 
2252 	/*
2253 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2254 	 * into the exit status, so we're forced to explicitly exit().
2255 	 */
2256 	exit(1);
2257 	/* NOTREACHED */
2258 }
2259 
2260 static boolean_t
2261 modcheck(const char *ifname)
2262 {
2263 	(void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2264 
2265 	if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) {
2266 		Perror0("SIOCGLIFFLAGS");
2267 		return (_B_FALSE);
2268 	}
2269 
2270 	if (lifr.lifr_flags & IFF_IPMP) {
2271 		(void) fprintf(stderr, "ifconfig: %s: module operations not"
2272 		    " supported on IPMP interfaces\n", ifname);
2273 		return (_B_FALSE);
2274 	}
2275 	if (lifr.lifr_flags & IFF_VIRTUAL) {
2276 		(void) fprintf(stderr, "ifconfig: %s: module operations not"
2277 		    " supported on virtual IP interfaces\n", ifname);
2278 		return (_B_FALSE);
2279 	}
2280 	return (_B_TRUE);
2281 }
2282 
2283 /*
2284  * To list all the modules above a given network interface.
2285  */
2286 /* ARGSUSED */
2287 static int
2288 modlist(char *null, int64_t param)
2289 {
2290 	int muxid_fd;
2291 	int muxfd;
2292 	int ipfd_lowstr;
2293 	int arpfd_lowstr;
2294 	int num_mods;
2295 	int i;
2296 	struct str_list strlist;
2297 	int orig_arpid;
2298 
2299 	/*
2300 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2301 	 * into the exit status, so we're forced to explicitly exit().
2302 	 */
2303 	if (!modcheck(name))
2304 		exit(1);
2305 
2306 	if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr,
2307 	    &orig_arpid) < 0) {
2308 		return (-1);
2309 	}
2310 	if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) {
2311 		Perror0("cannot I_LIST to get the number of modules");
2312 	} else {
2313 		if (debug > 0) {
2314 			(void) printf("Listing (%d) modules above %s\n",
2315 			    num_mods, name);
2316 		}
2317 
2318 		strlist.sl_nmods = num_mods;
2319 		strlist.sl_modlist = malloc(sizeof (struct str_mlist) *
2320 		    num_mods);
2321 		if (strlist.sl_modlist == NULL) {
2322 			Perror0("cannot malloc");
2323 		} else {
2324 			if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) {
2325 				Perror0("cannot I_LIST for module names");
2326 			} else {
2327 				for (i = 0; i < strlist.sl_nmods; i++) {
2328 					(void) printf("%d %s\n", i,
2329 					    strlist.sl_modlist[i].l_name);
2330 				}
2331 			}
2332 			free(strlist.sl_modlist);
2333 		}
2334 	}
2335 	return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr,
2336 	    orig_arpid));
2337 }
2338 
2339 #define	MODINSERT_OP	'i'
2340 #define	MODREMOVE_OP	'r'
2341 
2342 /*
2343  * To insert a module to the stream of the interface.  It is just a
2344  * wrapper.  The real function is modop().
2345  */
2346 /* ARGSUSED */
2347 static int
2348 modinsert(char *arg, int64_t param)
2349 {
2350 	return (modop(arg, MODINSERT_OP));
2351 }
2352 
2353 /*
2354  * To remove a module from the stream of the interface.  It is just a
2355  * wrapper.  The real function is modop().
2356  */
2357 /* ARGSUSED */
2358 static int
2359 modremove(char *arg, int64_t param)
2360 {
2361 	return (modop(arg, MODREMOVE_OP));
2362 }
2363 
2364 /*
2365  * Open a stream on /dev/udp{,6}, pop off all undesired modules (note that
2366  * the user may have configured autopush to add modules above
2367  * udp), and push the arp module onto the resulting stream.
2368  * This is used to make IP+ARP be able to atomically track the muxid
2369  * for the I_PLINKed STREAMS, thus it isn't related to ARP running the ARP
2370  * protocol.
2371  */
2372 static int
2373 open_arp_on_udp(char *udp_dev_name)
2374 {
2375 	int fd;
2376 
2377 	if ((fd = open(udp_dev_name, O_RDWR)) == -1) {
2378 		Perror2("open", udp_dev_name);
2379 		return (-1);
2380 	}
2381 	errno = 0;
2382 	while (ioctl(fd, I_POP, 0) != -1)
2383 		;
2384 	if (errno != EINVAL) {
2385 		Perror2("pop", udp_dev_name);
2386 	} else if (ioctl(fd, I_PUSH, ARP_MOD_NAME) == -1) {
2387 		Perror2("arp PUSH", udp_dev_name);
2388 	} else {
2389 		return (fd);
2390 	}
2391 	(void) close(fd);
2392 	return (-1);
2393 }
2394 
2395 /*
2396  * Helper function for mod*() functions.  It gets a fd to the lower IP
2397  * stream and I_PUNLINK's the lower stream.  It also initializes the
2398  * global variable lifr.
2399  *
2400  * Param:
2401  *	int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2402  *	int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2403  *	int *ipfd_lowstr: fd to the lower IP stream.
2404  *	int *arpfd_lowstr: fd to the lower ARP stream.
2405  *
2406  * Return:
2407  *	-1 if operation fails, 0 otherwise.
2408  *
2409  * Please see the big block comment above ifplumb() for the logic of the
2410  * PLINK/PUNLINK
2411  */
2412 static int
2413 ip_domux2fd(int *muxfd, int *muxid_fd, int *ipfd_lowstr, int *arpfd_lowstr,
2414     int *orig_arpid)
2415 {
2416 	uint64_t	flags;
2417 	char		*udp_dev_name;
2418 
2419 	*orig_arpid = 0;
2420 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2421 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2422 		Perror0_exit("status: SIOCGLIFFLAGS");
2423 	}
2424 	flags = lifr.lifr_flags;
2425 	if (flags & IFF_IPV4) {
2426 		udp_dev_name = UDP_DEV_NAME;
2427 	} else if (flags & IFF_IPV6) {
2428 		udp_dev_name = UDP6_DEV_NAME;
2429 	} else {
2430 		return (-1);
2431 	}
2432 
2433 	if ((*muxid_fd = open(udp_dev_name, O_RDWR)) < 0) {
2434 		Perror2("open", udp_dev_name);
2435 		return (-1);
2436 	}
2437 	if (ioctl(*muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
2438 		Perror2("SIOCGLIFMUXID", udp_dev_name);
2439 		return (-1);
2440 	}
2441 	if (debug > 0) {
2442 		(void) printf("ARP_muxid %d IP_muxid %d\n",
2443 		    lifr.lifr_arp_muxid, lifr.lifr_ip_muxid);
2444 	}
2445 
2446 	/*
2447 	 * Use /dev/udp{,6} as the mux to avoid linkcycles.
2448 	 */
2449 	if ((*muxfd = open_arp_on_udp(udp_dev_name)) == -1)
2450 		return (-1);
2451 
2452 	if (lifr.lifr_arp_muxid != 0) {
2453 		if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2454 		    lifr.lifr_arp_muxid)) < 0) {
2455 			if ((errno == EINVAL) &&
2456 			    (flags & (IFF_NOARP | IFF_IPV6))) {
2457 				/*
2458 				 * Some plumbing utilities set the muxid to
2459 				 * -1 or some invalid value to signify that
2460 				 * there is no arp stream. Set the muxid to 0
2461 				 * before trying to unplumb the IP stream.
2462 				 * IP does not allow the IP stream to be
2463 				 * unplumbed if it sees a non-null arp muxid,
2464 				 * for consistency of IP-ARP streams.
2465 				 */
2466 				*orig_arpid = lifr.lifr_arp_muxid;
2467 				lifr.lifr_arp_muxid = 0;
2468 				(void) ioctl(*muxid_fd, SIOCSLIFMUXID,
2469 				    (caddr_t)&lifr);
2470 				*arpfd_lowstr = -1;
2471 			} else {
2472 				Perror0("_I_MUXID2FD");
2473 				return (-1);
2474 			}
2475 		} else if (ioctl(*muxfd, I_PUNLINK,
2476 		    lifr.lifr_arp_muxid) < 0) {
2477 			Perror2("I_PUNLINK", udp_dev_name);
2478 			return (-1);
2479 		}
2480 	} else {
2481 		*arpfd_lowstr = -1;
2482 	}
2483 
2484 	if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2485 	    lifr.lifr_ip_muxid)) < 0) {
2486 		Perror0("_I_MUXID2FD");
2487 		/* Undo any changes we made */
2488 		if (*orig_arpid != 0) {
2489 			lifr.lifr_arp_muxid = *orig_arpid;
2490 			(void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2491 		}
2492 		return (-1);
2493 	}
2494 	if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) {
2495 		Perror2("I_PUNLINK", udp_dev_name);
2496 		/* Undo any changes we made */
2497 		if (*orig_arpid != 0) {
2498 			lifr.lifr_arp_muxid = *orig_arpid;
2499 			(void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2500 		}
2501 		return (-1);
2502 	}
2503 	return (0);
2504 }
2505 
2506 /*
2507  * Helper function for mod*() functions.  It I_PLINK's back the upper and
2508  * lower IP streams.  Note that this function must be called after
2509  * ip_domux2fd().  In ip_domux2fd(), the global variable lifr is initialized
2510  * and ip_plink() needs information in lifr.  So ip_domux2fd() and ip_plink()
2511  * must be called in pairs.
2512  *
2513  * Param:
2514  *	int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2515  *	int muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2516  *	int ipfd_lowstr: fd to the lower IP stream.
2517  *	int arpfd_lowstr: fd to the lower ARP stream.
2518  *
2519  * Return:
2520  *	-1 if operation fails, 0 otherwise.
2521  *
2522  * Please see the big block comment above ifplumb() for the logic of the
2523  * PLINK/PUNLINK
2524  */
2525 static int
2526 ip_plink(int muxfd, int muxid_fd, int ipfd_lowstr, int arpfd_lowstr,
2527     int orig_arpid)
2528 {
2529 	int ip_muxid;
2530 
2531 	ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr);
2532 	if (ip_muxid < 0) {
2533 		Perror2("I_PLINK", UDP_DEV_NAME);
2534 		return (-1);
2535 	}
2536 
2537 	/*
2538 	 * If there is an arp stream, plink it. If there is no
2539 	 * arp stream, then it is possible that the plumbing
2540 	 * utility could have stored any value in the arp_muxid.
2541 	 * If so, restore it from orig_arpid.
2542 	 */
2543 	if (arpfd_lowstr != -1) {
2544 		if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) {
2545 			Perror2("I_PLINK", UDP_DEV_NAME);
2546 			return (-1);
2547 		}
2548 	} else if (orig_arpid != 0) {
2549 		/* Undo the changes we did in ip_domux2fd */
2550 		lifr.lifr_arp_muxid = orig_arpid;
2551 		lifr.lifr_ip_muxid = ip_muxid;
2552 		(void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2553 	}
2554 
2555 	(void) close(muxfd);
2556 	(void) close(muxid_fd);
2557 	return (0);
2558 }
2559 
2560 /*
2561  * The real function to perform module insertion/removal.
2562  *
2563  * Param:
2564  *	char *arg: the argument string module_name@position
2565  *	char op: operation, either MODINSERT_OP or MODREMOVE_OP.
2566  *
2567  * Return:
2568  *	Before doing ip_domux2fd(), this function calls exit(1) in case of
2569  *	error.  After ip_domux2fd() is done, it returns -1 for error, 0
2570  *	otherwise.
2571  */
2572 static int
2573 modop(char *arg, char op)
2574 {
2575 	char *pos_p;
2576 	int muxfd;
2577 	int muxid_fd;
2578 	int ipfd_lowstr;  /* IP stream (lower stream of mux) to be plinked */
2579 	int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */
2580 	struct strmodconf mod;
2581 	char *at_char = "@";
2582 	char *arg_str;
2583 	int orig_arpid;
2584 
2585 	/*
2586 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2587 	 * into the exit status, so we're forced to explicitly exit().
2588 	 */
2589 	if (!modcheck(name))
2590 		exit(1);
2591 
2592 	/* Need to save the original string for -a option. */
2593 	if ((arg_str = malloc(strlen(arg) + 1)) == NULL) {
2594 		Perror0("cannot malloc");
2595 		return (-1);
2596 	}
2597 	(void) strcpy(arg_str, arg);
2598 
2599 	if (*arg_str == *at_char) {
2600 		(void) fprintf(stderr,
2601 		    "ifconfig: must supply a module name\n");
2602 		exit(1);
2603 	}
2604 	mod.mod_name = strtok(arg_str, at_char);
2605 	if (strlen(mod.mod_name) > FMNAMESZ) {
2606 		(void) fprintf(stderr, "ifconfig: module name too long: %s\n",
2607 		    mod.mod_name);
2608 		exit(1);
2609 	}
2610 
2611 	/*
2612 	 * Need to make sure that the core TCP/IP stack modules are not
2613 	 * removed.  Otherwise, "bad" things can happen.  If a module
2614 	 * is removed and inserted back, it loses its old state.  But
2615 	 * the modules above it still have the old state.  E.g. IP assumes
2616 	 * fast data path while tunnel after re-inserted assumes that it can
2617 	 * receive M_DATA only in fast data path for which it does not have
2618 	 * any state.  This is a general caveat of _I_REMOVE/_I_INSERT.
2619 	 */
2620 	if (op == MODREMOVE_OP &&
2621 	    (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 ||
2622 	    strcmp(mod.mod_name, IP_MOD_NAME) == 0 ||
2623 	    strcmp(mod.mod_name, TUN_NAME) == 0 ||
2624 	    strcmp(mod.mod_name, ATUN_NAME) == 0 ||
2625 	    strcmp(mod.mod_name, TUN6TO4_NAME) == 0)) {
2626 		(void) fprintf(stderr, "ifconfig: cannot remove %s\n",
2627 		    mod.mod_name);
2628 		exit(1);
2629 	}
2630 
2631 	if ((pos_p = strtok(NULL, at_char)) == NULL) {
2632 		(void) fprintf(stderr, "ifconfig: must supply a position\n");
2633 		exit(1);
2634 	}
2635 	mod.pos = atoi(pos_p);
2636 
2637 	if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr,
2638 	    &orig_arpid) < 0) {
2639 		free(arg_str);
2640 		return (-1);
2641 	}
2642 	switch (op) {
2643 	case MODINSERT_OP:
2644 		if (debug > 0) {
2645 			(void) printf("Inserting module %s at %d\n",
2646 			    mod.mod_name, mod.pos);
2647 		}
2648 		if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) {
2649 			Perror2("fail to insert module", mod.mod_name);
2650 		}
2651 		break;
2652 	case MODREMOVE_OP:
2653 		if (debug > 0) {
2654 			(void) printf("Removing module %s at %d\n",
2655 			    mod.mod_name, mod.pos);
2656 		}
2657 		if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) {
2658 			Perror2("fail to remove module", mod.mod_name);
2659 		}
2660 		break;
2661 	default:
2662 		/* Should never get to here. */
2663 		(void) fprintf(stderr, "Unknown operation\n");
2664 		break;
2665 	}
2666 	free(arg_str);
2667 	return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr,
2668 	    orig_arpid));
2669 }
2670 
2671 /*
2672  * Set tunnel source address
2673  */
2674 /* ARGSUSED */
2675 static int
2676 setiftsrc(char *addr, int64_t param)
2677 {
2678 	return (settaddr(addr, icfg_set_tunnel_src));
2679 }
2680 
2681 /*
2682  * Set tunnel destination address
2683  */
2684 /* ARGSUSED */
2685 static int
2686 setiftdst(char *addr, int64_t param)
2687 {
2688 	return (settaddr(addr, icfg_set_tunnel_dest));
2689 }
2690 
2691 /*
2692  * sets tunnels src|dst address.  settaddr() expects the following:
2693  * addr: Points to a printable string containing the address to be
2694  *       set, e.g. 129.153.128.110.
2695  * fn:   Pointer to a libinetcfg routine that will do the actual work.
2696  *       The only valid functions are icfg_set_tunnel_src and
2697  *       icfg_set_tunnel_dest.
2698  */
2699 static int
2700 settaddr(char *addr,
2701     int (*fn)(icfg_handle_t, const struct sockaddr *, socklen_t))
2702 {
2703 	icfg_handle_t handle;
2704 	icfg_if_t interface;
2705 	struct sockaddr_storage laddr;
2706 	int lower;
2707 	int rc;
2708 
2709 	if (strchr(name, ':') != NULL) {
2710 		errno = EPERM;
2711 		Perror0_exit("Tunnel params on logical interfaces");
2712 	}
2713 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2714 	interface.if_protocol = SOCKET_AF(af);
2715 
2716 	/* Open interface. */
2717 	if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS)
2718 		Perror0_exit((char *)icfg_errmsg(rc));
2719 
2720 	rc = icfg_get_tunnel_lower(handle, &lower);
2721 	if (rc != ICFG_SUCCESS)
2722 		Perror0_exit((char *)icfg_errmsg(rc));
2723 
2724 	if (lower == AF_INET) {
2725 		in_getaddr(addr, (struct sockaddr *)&laddr, NULL);
2726 	} else {
2727 		in6_getaddr(addr, (struct sockaddr *)&laddr, NULL);
2728 	}
2729 
2730 	/* Call fn to do the real work, and close the interface. */
2731 	rc = (*fn)(handle, (struct sockaddr *)&laddr,
2732 	    sizeof (struct sockaddr_storage));
2733 	icfg_close(handle);
2734 
2735 	if (rc != ICFG_SUCCESS)
2736 		Perror0_exit((char *)icfg_errmsg(rc));
2737 
2738 	return (0);
2739 }
2740 
2741 /* Set tunnel encapsulation limit. */
2742 /* ARGSUSED */
2743 static int
2744 set_tun_encap_limit(char *arg, int64_t param)
2745 {
2746 	short limit;
2747 	icfg_if_t interface;
2748 	icfg_handle_t handle;
2749 	int rc;
2750 
2751 	if (strchr(name, ':') != NULL) {
2752 		errno = EPERM;
2753 		Perror0_exit("Tunnel params on logical interfaces");
2754 	}
2755 
2756 	if ((sscanf(arg, "%hd", &limit) != 1) || (limit < 0) ||
2757 	    (limit > 255)) {
2758 		errno = EINVAL;
2759 		Perror0_exit("Invalid encapsulation limit");
2760 	}
2761 
2762 	/* Open interface for configuration. */
2763 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2764 	interface.if_protocol = SOCKET_AF(af);
2765 	if (icfg_open(&handle, &interface) != ICFG_SUCCESS)
2766 		Perror0_exit("couldn't open interface");
2767 
2768 	rc = icfg_set_tunnel_encaplimit(handle, (int)limit);
2769 	icfg_close(handle);
2770 
2771 	if (rc != ICFG_SUCCESS)
2772 		Perror0_exit("Could not configure tunnel encapsulation limit");
2773 
2774 	return (0);
2775 }
2776 
2777 /* Disable encapsulation limit. */
2778 /* ARGSUSED */
2779 static int
2780 clr_tun_encap_limit(char *arg, int64_t param)
2781 {
2782 	icfg_if_t interface;
2783 	icfg_handle_t handle;
2784 	int rc;
2785 
2786 	if (strchr(name, ':') != NULL) {
2787 		errno = EPERM;
2788 		Perror0_exit("Tunnel params on logical interfaces");
2789 	}
2790 
2791 	/* Open interface for configuration. */
2792 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2793 	interface.if_protocol = SOCKET_AF(af);
2794 	if (icfg_open(&handle, &interface) != ICFG_SUCCESS)
2795 		Perror0_exit("couldn't open interface");
2796 
2797 	rc = icfg_set_tunnel_encaplimit(handle, -1);
2798 	icfg_close(handle);
2799 
2800 	if (rc != ICFG_SUCCESS)
2801 		Perror0_exit((char *)icfg_errmsg(rc));
2802 
2803 	return (0);
2804 }
2805 
2806 /* Set tunnel hop limit. */
2807 /* ARGSUSED */
2808 static int
2809 set_tun_hop_limit(char *arg, int64_t param)
2810 {
2811 	unsigned short limit;
2812 	icfg_if_t interface;
2813 	icfg_handle_t handle;
2814 	int rc;
2815 
2816 	if (strchr(name, ':') != NULL) {
2817 		errno = EPERM;
2818 		Perror0_exit("Tunnel params on logical interfaces");
2819 	}
2820 
2821 	/*
2822 	 * Check limit here since it's really only an 8-bit unsigned quantity.
2823 	 */
2824 	if ((sscanf(arg, "%hu", &limit) != 1) || (limit > 255)) {
2825 		errno = EINVAL;
2826 		Perror0_exit("Invalid hop limit");
2827 	}
2828 
2829 	/* Open interface for configuration. */
2830 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2831 	interface.if_protocol = SOCKET_AF(af);
2832 	if (icfg_open(&handle, &interface) != ICFG_SUCCESS)
2833 		Perror0_exit("couldn't open interface");
2834 
2835 	rc = icfg_set_tunnel_hoplimit(handle, (uint8_t)limit);
2836 	icfg_close(handle);
2837 
2838 	if (rc != ICFG_SUCCESS)
2839 		Perror0_exit("Could not configure tunnel hop limit");
2840 
2841 	return (0);
2842 }
2843 
2844 /* Set zone ID */
2845 static int
2846 setzone(char *arg, int64_t param)
2847 {
2848 	zoneid_t zoneid = GLOBAL_ZONEID;
2849 
2850 	if (param == NEXTARG) {
2851 		/* zone must be active */
2852 		if ((zoneid = getzoneidbyname(arg)) == -1) {
2853 			(void) fprintf(stderr,
2854 			    "ifconfig: unknown zone '%s'\n", arg);
2855 			exit(1);
2856 		}
2857 	}
2858 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2859 	lifr.lifr_zoneid = zoneid;
2860 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2861 		Perror0_exit("SIOCSLIFZONE");
2862 	return (0);
2863 }
2864 
2865 /* Put interface into all zones */
2866 /* ARGSUSED */
2867 static int
2868 setallzones(char *arg, int64_t param)
2869 {
2870 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2871 	lifr.lifr_zoneid = ALL_ZONES;
2872 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2873 		Perror0_exit("SIOCSLIFZONE");
2874 	return (0);
2875 }
2876 
2877 /* Set source address to use */
2878 /* ARGSUSED */
2879 static int
2880 setifsrc(char *arg, int64_t param)
2881 {
2882 	uint_t ifindex = 0;
2883 	int rval;
2884 
2885 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2886 
2887 	/*
2888 	 * Argument can be either an interface name or "none". The latter means
2889 	 * that any previous selection is cleared.
2890 	 */
2891 
2892 	rval = strcmp(arg, name);
2893 	if (rval == 0) {
2894 		(void) fprintf(stderr,
2895 		    "ifconfig: Cannot specify same interface for usesrc"
2896 		    " group\n");
2897 		exit(1);
2898 	}
2899 
2900 	rval = strcmp(arg, NONE_STR);
2901 	if (rval != 0) {
2902 		if ((ifindex = if_nametoindex(arg)) == 0) {
2903 			(void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ);
2904 			Perror0_exit("Could not get interface index");
2905 		}
2906 		lifr.lifr_index = ifindex;
2907 	} else {
2908 		if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0)
2909 			Perror0_exit("Not a valid usesrc consumer");
2910 		lifr.lifr_index = 0;
2911 	}
2912 
2913 	if (debug)
2914 		(void) printf("setifsrc: lifr_name %s, lifr_index %d\n",
2915 		    lifr.lifr_name, lifr.lifr_index);
2916 
2917 	if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) {
2918 		if (rval == 0)
2919 			Perror0_exit("Cannot reset usesrc group");
2920 		else
2921 			Perror0_exit("Could not set source interface");
2922 	}
2923 
2924 	return (0);
2925 }
2926 
2927 /*
2928  * Print the interface status line associated with `ifname'
2929  */
2930 static void
2931 ifstatus(const char *ifname)
2932 {
2933 	uint64_t flags;
2934 	char if_usesrc_name[LIFNAMSIZ];
2935 	char *newbuf;
2936 	int n, numifs, rval = 0;
2937 	struct lifreq *lifrp;
2938 	struct lifsrcof lifs;
2939 
2940 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2941 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2942 		Perror0_exit("status: SIOCGLIFFLAGS");
2943 	}
2944 	flags = lifr.lifr_flags;
2945 
2946 	/*
2947 	 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or
2948 	 * interfaces with IFF_IPV6 set.
2949 	 */
2950 	if (v4compat) {
2951 		flags &= ~IFF_IPV4;
2952 		if (flags & IFF_IPV6)
2953 			return;
2954 	}
2955 
2956 	(void) printf("%s: ", ifname);
2957 	print_flags(flags);
2958 
2959 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2960 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
2961 		Perror0_exit("status: SIOCGLIFMETRIC");
2962 	} else {
2963 		if (lifr.lifr_metric)
2964 			(void) printf(" metric %d", lifr.lifr_metric);
2965 	}
2966 	if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
2967 		(void) printf(" mtu %u", lifr.lifr_mtu);
2968 
2969 	/* don't print index or zone when in compatibility mode */
2970 	if (!v4compat) {
2971 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
2972 			(void) printf(" index %d", lifr.lifr_index);
2973 		/*
2974 		 * Stack instances use GLOBAL_ZONEID for IP data structures
2975 		 * even in the non-global zone.
2976 		 */
2977 		if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 &&
2978 		    lifr.lifr_zoneid != getzoneid() &&
2979 		    lifr.lifr_zoneid != GLOBAL_ZONEID) {
2980 			char zone_name[ZONENAME_MAX];
2981 
2982 			if (lifr.lifr_zoneid == ALL_ZONES) {
2983 				(void) printf("\n\tall-zones");
2984 			} else if (getzonenamebyid(lifr.lifr_zoneid, zone_name,
2985 			    sizeof (zone_name)) < 0) {
2986 				(void) printf("\n\tzone %d", lifr.lifr_zoneid);
2987 			} else {
2988 				(void) printf("\n\tzone %s", zone_name);
2989 			}
2990 		}
2991 	}
2992 
2993 	if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) {
2994 		lifs.lifs_ifindex = lifr.lifr_index;
2995 
2996 		/*
2997 		 * Find the number of interfaces that use this interfaces'
2998 		 * address as a source address
2999 		 */
3000 		lifs.lifs_buf = NULL;
3001 		lifs.lifs_maxlen = 0;
3002 		for (;;) {
3003 			/* The first pass will give the bufsize we need */
3004 			rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs);
3005 			if (rval < 0) {
3006 				if (lifs.lifs_buf != NULL) {
3007 					free(lifs.lifs_buf);
3008 					lifs.lifs_buf = NULL;
3009 				}
3010 				lifs.lifs_len = 0;
3011 				break;
3012 			}
3013 			if (lifs.lifs_len <= lifs.lifs_maxlen)
3014 				break;
3015 			/* Use kernel's size + a small margin to avoid loops */
3016 			lifs.lifs_maxlen = lifs.lifs_len +
3017 			    5 * sizeof (struct lifreq);
3018 			/* For the first pass, realloc acts like malloc */
3019 			newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen);
3020 			if (newbuf == NULL) {
3021 				if (lifs.lifs_buf != NULL) {
3022 					free(lifs.lifs_buf);
3023 					lifs.lifs_buf = NULL;
3024 				}
3025 				lifs.lifs_len = 0;
3026 				break;
3027 			}
3028 			lifs.lifs_buf = newbuf;
3029 		}
3030 
3031 
3032 		numifs = lifs.lifs_len / sizeof (struct lifreq);
3033 		if (numifs > 0) {
3034 			lifrp = lifs.lifs_req;
3035 			(void) printf("\n\tsrcof");
3036 			for (n = numifs; n > 0; n--, lifrp++) {
3037 				(void) printf(" %s", lifrp->lifr_name);
3038 			}
3039 		}
3040 
3041 		if (lifs.lifs_buf != NULL)
3042 			free(lifs.lifs_buf);
3043 	}
3044 
3045 	/* Find the interface whose source address this interface uses */
3046 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
3047 		if (lifr.lifr_index != 0) {
3048 			if (if_indextoname(lifr.lifr_index,
3049 			    if_usesrc_name) == NULL) {
3050 				(void) printf("\n\tusesrc ifIndex %d",
3051 				    lifr.lifr_index);
3052 			} else {
3053 				(void) printf("\n\tusesrc %s", if_usesrc_name);
3054 			}
3055 		}
3056 	}
3057 
3058 	(void) putchar('\n');
3059 }
3060 
3061 
3062 /*
3063  * Print the status of the interface.  If an address family was
3064  * specified, show it and it only; otherwise, show them all.
3065  */
3066 static void
3067 status(void)
3068 {
3069 	struct afswtch *p = afp;
3070 	uint64_t flags;
3071 
3072 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3073 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
3074 		Perror0_exit("status: SIOCGLIFFLAGS");
3075 	}
3076 
3077 	flags = lifr.lifr_flags;
3078 
3079 	/*
3080 	 * Only print the interface status if the address family matches
3081 	 * the interface family flag.
3082 	 */
3083 	if (p != NULL) {
3084 		if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) ||
3085 		    ((p->af_af == AF_INET) && (flags & IFF_IPV6)))
3086 			return;
3087 	}
3088 
3089 	/*
3090 	 * In V4 compatibility mode, don't print IFF_IPV6 interfaces.
3091 	 */
3092 	if (v4compat && (flags & IFF_IPV6))
3093 		return;
3094 
3095 	ifstatus(name);
3096 
3097 	if (p != NULL) {
3098 		(*p->af_status)(1, flags);
3099 	} else {
3100 		for (p = afs; p->af_name; p++) {
3101 			(void) close(s);
3102 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
3103 			/* set global af for use in p->af_status */
3104 			af = p->af_af;
3105 			if (s == -1) {
3106 				Perror0_exit("socket");
3107 			}
3108 			(*p->af_status)(0, flags);
3109 		}
3110 
3111 		/*
3112 		 * Historically, 'ether' has been an address family,
3113 		 * so print it here.
3114 		 */
3115 		print_ifether(name);
3116 	}
3117 }
3118 
3119 /*
3120  * Print the status of the interface in a format that can be used to
3121  * reconfigure the interface later. Code stolen from status() above.
3122  */
3123 /* ARGSUSED */
3124 static int
3125 configinfo(char *null, int64_t param)
3126 {
3127 	char *cp;
3128 	struct afswtch *p = afp;
3129 	uint64_t flags;
3130 	char lifname[LIFNAMSIZ];
3131 	char if_usesrc_name[LIFNAMSIZ];
3132 
3133 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3134 
3135 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
3136 		Perror0_exit("status: SIOCGLIFFLAGS");
3137 	}
3138 	flags = lifr.lifr_flags;
3139 
3140 	if (debug) {
3141 		(void) printf("configinfo: name %s flags  0x%llx af_af %d\n",
3142 		    name, flags, p != NULL ? p->af_af : -1);
3143 	}
3144 
3145 	/*
3146 	 * Build the interface name to print (we can't directly use `name'
3147 	 * because one cannot "plumb" ":0" interfaces).
3148 	 */
3149 	(void) strlcpy(lifname, name, LIFNAMSIZ);
3150 	if ((cp = strchr(lifname, ':')) != NULL && atoi(cp + 1) == 0)
3151 		*cp = '\0';
3152 
3153 	/*
3154 	 * if the interface is IPv4
3155 	 *	if we have a IPv6 address family restriction return
3156 	 *		so it won't print
3157 	 *	if we are in IPv4 compatibility mode, clear out IFF_IPV4
3158 	 *		so we don't print it.
3159 	 */
3160 	if (flags & IFF_IPV4) {
3161 		if (p && p->af_af == AF_INET6)
3162 			return (-1);
3163 		if (v4compat)
3164 			flags &= ~IFF_IPV4;
3165 
3166 		(void) printf("%s inet plumb", lifname);
3167 	} else if (flags & IFF_IPV6) {
3168 		/*
3169 		 * else if the interface is IPv6
3170 		 *	if we have a IPv4 address family restriction return
3171 		 *	or we are in IPv4 compatibiltiy mode, return.
3172 		 */
3173 		if (p && p->af_af == AF_INET)
3174 			return (-1);
3175 		if (v4compat)
3176 			return (-1);
3177 
3178 		(void) printf("%s inet6 plumb", lifname);
3179 	}
3180 
3181 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3182 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
3183 		Perror0_exit("configinfo: SIOCGLIFMETRIC");
3184 	} else {
3185 		if (lifr.lifr_metric)
3186 			(void) printf(" metric %d ", lifr.lifr_metric);
3187 	}
3188 	if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) &&
3189 	    ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
3190 		(void) printf(" mtu %d", lifr.lifr_metric);
3191 
3192 	/* Index only applies to the zeroth interface */
3193 	if (lifnum(name) == 0) {
3194 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
3195 			(void) printf(" index %d", lifr.lifr_index);
3196 	}
3197 
3198 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
3199 		if (lifr.lifr_index != 0) {
3200 			if (if_indextoname(lifr.lifr_index,
3201 			    if_usesrc_name) != NULL) {
3202 				(void) printf(" usesrc %s", if_usesrc_name);
3203 			}
3204 		}
3205 	}
3206 
3207 	if (p != NULL) {
3208 		(*p->af_configinfo)(1, flags);
3209 	} else {
3210 		for (p = afs; p->af_name; p++) {
3211 			(void) close(s);
3212 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
3213 			/* set global af for use in p->af_configinfo */
3214 			af = p->af_af;
3215 			if (s == -1) {
3216 				Perror0_exit("socket");
3217 			}
3218 			(*p->af_configinfo)(0, flags);
3219 		}
3220 	}
3221 
3222 	(void) printf("\n");
3223 	return (0);
3224 }
3225 
3226 static void
3227 print_tsec(struct iftun_req *tparams)
3228 {
3229 	ipsec_req_t *ipsr;
3230 
3231 	(void) printf("\ttunnel security settings  ");
3232 	/*
3233 	 * Deal with versioning, for now just point
3234 	 * an ipsec_req_t at ifta_secinfo.  If versions
3235 	 * change, something else will overlay ifta_secinfo.
3236 	 */
3237 	assert(tparams->ifta_vers == IFTUN_VERSION);
3238 
3239 	if (tparams->ifta_flags & IFTUN_COMPLEX_SECURITY) {
3240 		(void) printf("-->  use 'ipsecconf -ln -i %s'",
3241 		    tparams->ifta_lifr_name);
3242 	} else {
3243 		ipsr = (ipsec_req_t *)(&tparams->ifta_secinfo);
3244 		if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) {
3245 			(void) printf("ah (%s)  ",
3246 			    rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH));
3247 		}
3248 		if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) {
3249 			(void) printf("esp (%s",
3250 			    rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP));
3251 			(void) printf("/%s)",
3252 			    rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH));
3253 		}
3254 	}
3255 	(void) printf("\n");
3256 }
3257 
3258 static void
3259 tun_status(void)
3260 {
3261 	icfg_if_t interface;
3262 	int rc;
3263 	icfg_handle_t handle;
3264 	int protocol;
3265 	char srcbuf[INET6_ADDRSTRLEN];
3266 	char dstbuf[INET6_ADDRSTRLEN];
3267 	boolean_t tabbed;
3268 	uint8_t hoplimit;
3269 	int16_t encaplimit;
3270 	struct sockaddr_storage taddr;
3271 	socklen_t socklen = sizeof (taddr);
3272 
3273 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
3274 	interface.if_protocol = SOCKET_AF(af);
3275 	if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS)
3276 		Perror0_exit((char *)icfg_errmsg(rc));
3277 
3278 	/*
3279 	 * only print tunnel info for lun 0.  If ioctl fails, assume
3280 	 * we are not a tunnel
3281 	 */
3282 	if (strchr(name, ':') != NULL ||
3283 	    icfg_get_tunnel_lower(handle, &protocol) != ICFG_SUCCESS) {
3284 		icfg_close(handle);
3285 		return;
3286 	}
3287 
3288 	switch (protocol) {
3289 	case AF_INET:
3290 		(void) printf("\tinet");
3291 		break;
3292 	case AF_INET6:
3293 		(void) printf("\tinet6");
3294 		break;
3295 	default:
3296 		Perror0_exit("\ttunnel: Illegal lower stream\n\t");
3297 		break;
3298 	}
3299 
3300 	rc = icfg_get_tunnel_src(handle, (struct sockaddr *)&taddr, &socklen);
3301 	if (rc == ICFG_NOT_SET) {
3302 		(void) strlcpy(srcbuf, (protocol == AF_INET) ? "0.0.0.0" :
3303 		    "::", sizeof (srcbuf));
3304 	} else if (rc != ICFG_SUCCESS) {
3305 		Perror0_exit((char *)icfg_errmsg(rc));
3306 	} else {
3307 		rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr,
3308 		    srcbuf, sizeof (srcbuf));
3309 		if (rc != ICFG_SUCCESS) {
3310 			Perror0_exit((char *)icfg_errmsg(rc));
3311 		}
3312 	}
3313 
3314 	(void) printf(" tunnel src %s ", srcbuf);
3315 
3316 	rc = icfg_get_tunnel_dest(handle, (struct sockaddr *)&taddr, &socklen);
3317 	if (rc == ICFG_NOT_SET) {
3318 		(void) printf("\n");
3319 	} else {
3320 		rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr,
3321 		    dstbuf, sizeof (dstbuf));
3322 		if (rc != ICFG_SUCCESS) {
3323 			Perror0_exit((char *)icfg_errmsg(rc));
3324 		}
3325 		(void) printf("tunnel dst %s\n", dstbuf);
3326 	}
3327 
3328 	if (handle->ifh_tunnel_params != NULL &&
3329 	    (handle->ifh_tunnel_params->ifta_flags & IFTUN_SECURITY))
3330 		print_tsec(handle->ifh_tunnel_params);
3331 
3332 	/*
3333 	 * tabbed indicates tabbed and printed.  Use it tell us whether
3334 	 * to tab and that we've printed something here, so we need a
3335 	 * newline
3336 	 */
3337 	tabbed = _B_FALSE;
3338 
3339 	if (icfg_get_tunnel_hoplimit(handle, &hoplimit) == ICFG_SUCCESS) {
3340 		(void) printf("\ttunnel hop limit %d ", hoplimit);
3341 		tabbed = _B_TRUE;
3342 	}
3343 
3344 	if ((protocol == AF_INET6) &&
3345 	    (icfg_get_tunnel_encaplimit(handle, &encaplimit) ==
3346 	    ICFG_SUCCESS)) {
3347 		if (!tabbed) {
3348 			(void) printf("\t");
3349 			tabbed = _B_TRUE;
3350 		}
3351 		if (encaplimit >= 0) {
3352 			(void) printf("tunnel encapsulation limit %d",
3353 			    encaplimit);
3354 		} else {
3355 			(void) printf("tunnel encapsulation limit disabled");
3356 		}
3357 	}
3358 
3359 	if (tabbed)
3360 		(void) printf("\n");
3361 
3362 	icfg_close(handle);
3363 }
3364 
3365 static void
3366 in_status(int force, uint64_t flags)
3367 {
3368 	struct sockaddr_in *sin, *laddr;
3369 	struct	sockaddr_in netmask = { AF_INET };
3370 
3371 	if (debug)
3372 		(void) printf("in_status(%s) flags 0x%llx\n", name, flags);
3373 
3374 	/* only print status for IPv4 interfaces */
3375 	if (!(flags & IFF_IPV4))
3376 		return;
3377 
3378 	/* if the interface is a tunnel, print the tunnel status */
3379 	tun_status();
3380 
3381 	if (!(flags & IFF_NOLOCAL)) {
3382 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3383 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3384 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3385 			    errno == ENXIO) {
3386 				if (!force)
3387 					return;
3388 				(void) memset(&lifr.lifr_addr, 0,
3389 				    sizeof (lifr.lifr_addr));
3390 			} else
3391 				Perror0_exit("in_status: SIOCGLIFADDR");
3392 		}
3393 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3394 		(void) printf("\tinet %s ", inet_ntoa(sin->sin_addr));
3395 		laddr = sin;
3396 	} else {
3397 		(void) printf("\tinet ");
3398 	}
3399 
3400 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3401 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3402 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3403 		    errno == ENXIO) {
3404 			if (!force)
3405 				return;
3406 			(void) memset(&lifr.lifr_addr, 0,
3407 			    sizeof (lifr.lifr_addr));
3408 		} else {
3409 			Perror0_exit("in_status: SIOCGLIFSUBNET");
3410 		}
3411 	}
3412 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3413 	if ((flags & IFF_NOLOCAL) ||
3414 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3415 		(void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr),
3416 		    lifr.lifr_addrlen);
3417 	}
3418 	if (sin->sin_family != AF_INET) {
3419 		(void) printf("Wrong family: %d\n", sin->sin_family);
3420 	}
3421 
3422 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3423 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3424 		if (errno != EADDRNOTAVAIL)
3425 			Perror0_exit("in_status: SIOCGLIFNETMASK");
3426 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3427 	} else
3428 		netmask.sin_addr =
3429 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3430 	if (flags & IFF_POINTOPOINT) {
3431 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3432 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3433 			if (errno == EADDRNOTAVAIL)
3434 				(void) memset(&lifr.lifr_addr, 0,
3435 				    sizeof (lifr.lifr_addr));
3436 			else
3437 				Perror0_exit("in_status: SIOCGLIFDSTADDR");
3438 		}
3439 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3440 		(void) printf("--> %s ", inet_ntoa(sin->sin_addr));
3441 	}
3442 	(void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr));
3443 	if (flags & IFF_BROADCAST) {
3444 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3445 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3446 			if (errno == EADDRNOTAVAIL)
3447 				(void) memset(&lifr.lifr_addr, 0,
3448 				    sizeof (lifr.lifr_addr));
3449 			else
3450 				Perror0_exit("in_status: SIOCGLIFBRDADDR");
3451 		}
3452 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3453 		if (sin->sin_addr.s_addr != 0) {
3454 			(void) printf("broadcast %s",
3455 			    inet_ntoa(sin->sin_addr));
3456 		}
3457 	}
3458 	/* If there is a groupname, print it for only the physical interface */
3459 	if (strchr(name, ':') == NULL) {
3460 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3461 		    lifr.lifr_groupname[0] != '\0') {
3462 			(void) printf("\n\tgroupname %s", lifr.lifr_groupname);
3463 		}
3464 	}
3465 	(void) putchar('\n');
3466 }
3467 
3468 static void
3469 in6_status(int force, uint64_t flags)
3470 {
3471 	char abuf[INET6_ADDRSTRLEN];
3472 	struct sockaddr_in6 *sin6, *laddr6;
3473 
3474 	if (debug)
3475 		(void) printf("in6_status(%s) flags 0x%llx\n", name, flags);
3476 
3477 	if (!(flags & IFF_IPV6))
3478 		return;
3479 
3480 	/* if the interface is a tunnel, print the tunnel status */
3481 	tun_status();
3482 
3483 	if (!(flags & IFF_NOLOCAL)) {
3484 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3485 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3486 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3487 			    errno == ENXIO) {
3488 				if (!force)
3489 					return;
3490 				(void) memset(&lifr.lifr_addr, 0,
3491 				    sizeof (lifr.lifr_addr));
3492 			} else
3493 				Perror0_exit("in_status6: SIOCGLIFADDR");
3494 		}
3495 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3496 		(void) printf("\tinet6 %s/%d ",
3497 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3498 		    abuf, sizeof (abuf)),
3499 		    lifr.lifr_addrlen);
3500 		laddr6 = sin6;
3501 	} else {
3502 		(void) printf("\tinet6 ");
3503 	}
3504 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3505 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3506 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3507 		    errno == ENXIO) {
3508 			if (!force)
3509 				return;
3510 			(void) memset(&lifr.lifr_addr, 0,
3511 			    sizeof (lifr.lifr_addr));
3512 		} else
3513 			Perror0_exit("in_status6: SIOCGLIFSUBNET");
3514 	}
3515 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3516 	if ((flags & IFF_NOLOCAL) ||
3517 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3518 		(void) printf("subnet %s/%d ",
3519 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3520 		    abuf, sizeof (abuf)),
3521 		    lifr.lifr_addrlen);
3522 	}
3523 	if (sin6->sin6_family != AF_INET6) {
3524 		(void) printf("Wrong family: %d\n", sin6->sin6_family);
3525 	}
3526 	if (flags & IFF_POINTOPOINT) {
3527 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3528 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3529 			if (errno == EADDRNOTAVAIL)
3530 				(void) memset(&lifr.lifr_addr, 0,
3531 				    sizeof (lifr.lifr_addr));
3532 			else
3533 				Perror0_exit("in_status6: SIOCGLIFDSTADDR");
3534 		}
3535 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3536 		(void) printf("--> %s ",
3537 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3538 		    abuf, sizeof (abuf)));
3539 	}
3540 	if (verbose) {
3541 		(void) putchar('\n');
3542 		(void) putchar('\t');
3543 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3544 		if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3545 			if (errno == EADDRNOTAVAIL || errno == EINVAL)
3546 				(void) memset(&lifr.lifr_addr, 0,
3547 				    sizeof (lifr.lifr_addr));
3548 			else
3549 				Perror0_exit("in_status6: SIOCGLIFTOKEN");
3550 		} else {
3551 			sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3552 			(void) printf("token %s/%d ",
3553 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3554 			    abuf, sizeof (abuf)),
3555 			    lifr.lifr_addrlen);
3556 		}
3557 		if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) {
3558 			if (errno != EINVAL) {
3559 				Perror0_exit("in_status6: SIOCGLIFLNKINFO");
3560 			}
3561 		} else {
3562 			(void) printf("maxhops %u, reachtime %u ms, "
3563 			    "reachretrans %u ms, maxmtu %u ",
3564 			    lifr.lifr_ifinfo.lir_maxhops,
3565 			    lifr.lifr_ifinfo.lir_reachtime,
3566 			    lifr.lifr_ifinfo.lir_reachretrans,
3567 			    lifr.lifr_ifinfo.lir_maxmtu);
3568 		}
3569 	}
3570 	/* If there is a groupname, print it for only the physical interface */
3571 	if (strchr(name, ':') == NULL) {
3572 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3573 		    lifr.lifr_groupname[0] != '\0') {
3574 			(void) printf("\n\tgroupname %s", lifr.lifr_groupname);
3575 		}
3576 	}
3577 	(void) putchar('\n');
3578 }
3579 
3580 static void
3581 in_configinfo(int force, uint64_t flags)
3582 {
3583 	struct sockaddr_in *sin, *laddr;
3584 	struct	sockaddr_in netmask = { AF_INET };
3585 
3586 	if (debug)
3587 		(void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags);
3588 
3589 	/* only configinfo info for IPv4 interfaces */
3590 	if (!(flags & IFF_IPV4))
3591 		return;
3592 
3593 	if (!(flags & IFF_NOLOCAL)) {
3594 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3595 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3596 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3597 			    errno == ENXIO) {
3598 				if (!force)
3599 					return;
3600 				(void) memset(&lifr.lifr_addr, 0,
3601 				    sizeof (lifr.lifr_addr));
3602 			} else
3603 				Perror0_exit("in_configinfo: SIOCGLIFADDR");
3604 		}
3605 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3606 		(void) printf(" set %s ", inet_ntoa(sin->sin_addr));
3607 		laddr = sin;
3608 	}
3609 
3610 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3611 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3612 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3613 		    errno == ENXIO) {
3614 			if (!force)
3615 				return;
3616 			(void) memset(&lifr.lifr_addr, 0,
3617 			    sizeof (lifr.lifr_addr));
3618 		} else {
3619 			Perror0_exit("in_configinfo: SIOCGLIFSUBNET");
3620 		}
3621 	}
3622 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3623 
3624 	if ((flags & IFF_NOLOCAL) ||
3625 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3626 		(void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr),
3627 		    lifr.lifr_addrlen);
3628 	}
3629 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3630 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3631 		if (errno != EADDRNOTAVAIL)
3632 			Perror0_exit("in_configinfo: SIOCGLIFNETMASK");
3633 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3634 	} else
3635 		netmask.sin_addr =
3636 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3637 	if (flags & IFF_POINTOPOINT) {
3638 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3639 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3640 			if (errno == EADDRNOTAVAIL)
3641 				(void) memset(&lifr.lifr_addr, 0,
3642 				    sizeof (lifr.lifr_addr));
3643 			else
3644 				Perror0_exit("in_configinfo: SIOCGLIFDSTADDR");
3645 		}
3646 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3647 		(void) printf(" destination %s ", inet_ntoa(sin->sin_addr));
3648 	}
3649 	(void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr));
3650 	if (flags & IFF_BROADCAST) {
3651 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3652 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3653 			if (errno == EADDRNOTAVAIL)
3654 				(void) memset(&lifr.lifr_addr, 0,
3655 				    sizeof (lifr.lifr_addr));
3656 			else
3657 				Perror0_exit("in_configinfo: SIOCGLIFBRDADDR");
3658 		}
3659 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3660 		if (sin->sin_addr.s_addr != 0) {
3661 			(void) printf(" broadcast %s ",
3662 			    inet_ntoa(sin->sin_addr));
3663 		}
3664 	}
3665 
3666 	/* If there is a groupname, print it for only the zeroth interface */
3667 	if (lifnum(name) == 0) {
3668 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3669 		    lifr.lifr_groupname[0] != '\0') {
3670 			(void) printf(" group %s ", lifr.lifr_groupname);
3671 		}
3672 	}
3673 
3674 	/* Print flags to configure */
3675 	print_config_flags(AF_INET, flags);
3676 }
3677 
3678 static void
3679 in6_configinfo(int force, uint64_t flags)
3680 {
3681 	char abuf[INET6_ADDRSTRLEN];
3682 	struct sockaddr_in6 *sin6, *laddr6;
3683 
3684 	if (debug)
3685 		(void) printf("in6_configinfo(%s) flags 0x%llx\n", name,
3686 		    flags);
3687 
3688 	if (!(flags & IFF_IPV6))
3689 		return;
3690 
3691 	if (!(flags & IFF_NOLOCAL)) {
3692 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3693 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3694 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3695 			    errno == ENXIO) {
3696 				if (!force)
3697 					return;
3698 				(void) memset(&lifr.lifr_addr, 0,
3699 				    sizeof (lifr.lifr_addr));
3700 			} else
3701 				Perror0_exit("in6_configinfo: SIOCGLIFADDR");
3702 		}
3703 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3704 		(void) printf(" set %s/%d ",
3705 		    inet_ntop(AF_INET6, &sin6->sin6_addr, abuf, sizeof (abuf)),
3706 		    lifr.lifr_addrlen);
3707 		laddr6 = sin6;
3708 	}
3709 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3710 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3711 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3712 		    errno == ENXIO) {
3713 			if (!force)
3714 				return;
3715 			(void) memset(&lifr.lifr_addr, 0,
3716 			    sizeof (lifr.lifr_addr));
3717 		} else
3718 			Perror0_exit("in6_configinfo: SIOCGLIFSUBNET");
3719 	}
3720 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3721 	if ((flags & IFF_NOLOCAL) ||
3722 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3723 		(void) printf(" subnet %s/%d ",
3724 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3725 		    abuf, sizeof (abuf)),
3726 		    lifr.lifr_addrlen);
3727 	}
3728 
3729 	if (flags & IFF_POINTOPOINT) {
3730 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3731 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3732 			if (errno == EADDRNOTAVAIL)
3733 				(void) memset(&lifr.lifr_addr, 0,
3734 				    sizeof (lifr.lifr_addr));
3735 			else
3736 				Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR");
3737 		}
3738 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3739 		(void) printf(" destination %s ",
3740 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3741 		    abuf, sizeof (abuf)));
3742 	}
3743 
3744 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3745 	if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3746 		if (errno == EADDRNOTAVAIL || errno == EINVAL)
3747 			(void) memset(&lifr.lifr_addr, 0,
3748 			    sizeof (lifr.lifr_addr));
3749 		else
3750 			Perror0_exit("in6_configinfo: SIOCGLIFTOKEN");
3751 	} else {
3752 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3753 		(void) printf(" token %s/%d ",
3754 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3755 		    abuf, sizeof (abuf)),
3756 		    lifr.lifr_addrlen);
3757 	}
3758 
3759 	/* If there is a groupname, print it for only the zeroth interface */
3760 	if (lifnum(name) == 0) {
3761 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3762 		    lifr.lifr_groupname[0] != '\0') {
3763 			(void) printf(" group %s ", lifr.lifr_groupname);
3764 		}
3765 	}
3766 
3767 	/* Print flags to configure */
3768 	print_config_flags(AF_INET6, flags);
3769 }
3770 
3771 /*
3772  * We need to plink both the arp-device stream and the arp-ip-device stream.
3773  * However the muxid is stored only in IP. Plumbing 2 streams individually
3774  * is not atomic, and if ifconfig is killed, the resulting plumbing can
3775  * be inconsistent. For eg. if only the arp stream is plumbed, we have lost
3776  * the muxid, and the half-baked plumbing can neither be unplumbed nor
3777  * replumbed, thus requiring a reboot. To avoid the above the following
3778  * scheme is used.
3779  *
3780  * Ifconfig asks IP to enforce atomicity of plumbing the arp and IP streams.
3781  * This is done by pushing arp on to the mux (/dev/udp). ARP adds some
3782  * extra information in the I_PLINK and I_PUNLINK ioctls to let IP know
3783  * that the plumbing/unplumbing has to be done atomically. Ifconfig plumbs
3784  * the IP stream first, and unplumbs it last. The kernel (IP) does not
3785  * allow IP stream to be unplumbed without unplumbing arp stream. Similarly
3786  * it does not allow arp stream to be plumbed before IP stream is plumbed.
3787  * There is no need to use SIOCSLIFMUXID, since the whole operation is atomic,
3788  * and IP uses the info in the I_PLINK message to get the muxid.
3789  *
3790  * a. STREAMS does not allow us to use /dev/ip itself as the mux. So we use
3791  *    /dev/udp{,6}.
3792  * b. SIOCGLIFMUXID returns the muxid corresponding to the V4 or V6 stream
3793  *    depending on the open i.e. V4 vs V6 open. So we need to use /dev/udp
3794  *    or /dev/udp6 for SIOCGLIFMUXID and SIOCSLIFMUXID.
3795  * c. We need to push ARP in order to get the required kernel support for
3796  *    atomic plumbings. The actual work done by ARP is explained in arp.c
3797  *    Without pushing ARP, we will still be able to plumb/unplumb. But
3798  *    it is not atomic, and is supported by the kernel for backward
3799  *    compatibility for other utilities like atmifconfig etc. In this case
3800  *    the utility must use SIOCSLIFMUXID.
3801  */
3802 static int
3803 ifplumb(const char *linkname, const char *ifname, boolean_t genppa, int af)
3804 {
3805 	int	arp_muxid = -1, ip_muxid;
3806 	int	mux_fd, ip_fd, arp_fd;
3807 	int 	retval;
3808 	char	*udp_dev_name;
3809 	uint64_t flags;
3810 	uint_t	dlpi_flags;
3811 	dlpi_handle_t	dh_arp, dh_ip;
3812 
3813 	/*
3814 	 * Always dlpi_open() with DLPI_NOATTACH because the IP and ARP module
3815 	 * will do the attach themselves for DLPI style-2 links.
3816 	 */
3817 	dlpi_flags = DLPI_NOATTACH;
3818 
3819 	/*
3820 	 * If `linkname' is the special token IPMPSTUB, then this is a request
3821 	 * to create an IPMP interface atop /dev/ipmpstub0.  (We can't simply
3822 	 * pass "ipmpstub0" as `linkname' since an admin *could* have a normal
3823 	 * vanity-named link named "ipmpstub0" that they'd like to plumb.)
3824 	 */
3825 	if (linkname == IPMPSTUB) {
3826 		linkname = "ipmpstub0";
3827 		dlpi_flags |= DLPI_DEVONLY;
3828 	}
3829 
3830 	retval = dlpi_open(linkname, &dh_ip, dlpi_flags);
3831 	if (retval != DLPI_SUCCESS)
3832 		Perrdlpi_exit("cannot open link", linkname, retval);
3833 
3834 	if (debug) {
3835 		(void) printf("ifconfig: ifplumb: link %s, ifname %s, "
3836 		    "genppa %u\n", linkname, ifname, genppa);
3837 	}
3838 
3839 	ip_fd = dlpi_fd(dh_ip);
3840 	if (ioctl(ip_fd, I_PUSH, IP_MOD_NAME) == -1)
3841 		Perror2_exit("I_PUSH", IP_MOD_NAME);
3842 
3843 	/*
3844 	 * Push the ARP module onto the interface stream. IP uses
3845 	 * this to send resolution requests up to ARP. We need to
3846 	 * do this before the SLIFNAME ioctl is sent down because
3847 	 * the interface becomes publicly known as soon as the SLIFNAME
3848 	 * ioctl completes. Thus some other process trying to bring up
3849 	 * the interface after SLIFNAME but before we have pushed ARP
3850 	 * could hang. We pop the module again later if it is not needed.
3851 	 */
3852 	if (ioctl(ip_fd, I_PUSH, ARP_MOD_NAME) == -1)
3853 		Perror2_exit("I_PUSH", ARP_MOD_NAME);
3854 
3855 	/*
3856 	 * Prepare to set IFF_IPV4/IFF_IPV6 flags as part of SIOCSLIFNAME.
3857 	 * (At this point in time the kernel also allows an override of the
3858 	 * IFF_CANTCHANGE flags.)
3859 	 */
3860 	lifr.lifr_name[0] = '\0';
3861 	if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1)
3862 		Perror0_exit("ifplumb: SIOCGLIFFLAGS");
3863 
3864 	if (af == AF_INET6) {
3865 		flags = lifr.lifr_flags | IFF_IPV6;
3866 		flags &= ~(IFF_BROADCAST | IFF_IPV4);
3867 	} else {
3868 		flags = lifr.lifr_flags | IFF_IPV4;
3869 		flags &= ~IFF_IPV6;
3870 	}
3871 
3872 	/*
3873 	 * Set the interface name.  If we've been asked to generate the PPA,
3874 	 * then find the lowest available PPA (only currently used for IPMP
3875 	 * interfaces).  Otherwise, use the interface name as-is.
3876 	 */
3877 	if (genppa) {
3878 		int ppa;
3879 
3880 		/*
3881 		 * We'd like to just set lifr_ppa to UINT_MAX and have the
3882 		 * kernel pick a PPA.  Unfortunately, that would mishandle
3883 		 * two cases:
3884 		 *
3885 		 *	1. If the PPA is available but the groupname is taken
3886 		 *	   (e.g., the "ipmp2" IP interface name is available
3887 		 *	   but the "ipmp2" groupname is taken) then the
3888 		 *	   auto-assignment by the kernel will fail.
3889 		 *
3890 		 *	2. If we're creating (e.g.) an IPv6-only IPMP
3891 		 *	   interface, and there's already an IPv4-only IPMP
3892 		 *	   interface, the kernel will allow us to accidentally
3893 		 *	   reuse the IPv6 IPMP interface name (since
3894 		 *	   SIOCSLIFNAME uniqueness is per-interface-type).
3895 		 *	   This will cause administrative confusion.
3896 		 *
3897 		 * Thus, we instead take a brute-force approach of checking
3898 		 * whether the IPv4 or IPv6 name is already in-use before
3899 		 * attempting the SIOCSLIFNAME.  As per (1) above, the
3900 		 * SIOCSLIFNAME may still fail, in which case we just proceed
3901 		 * to the next one.  If this approach becomes too slow, we
3902 		 * can add a new SIOC* to handle this case in the kernel.
3903 		 */
3904 		for (ppa = 0; ppa < UINT_MAX; ppa++) {
3905 			(void) snprintf(lifr.lifr_name, LIFNAMSIZ, "%s%d",
3906 			    ifname, ppa);
3907 
3908 			if (ioctl(s4, SIOCGLIFFLAGS, &lifr) != -1 ||
3909 			    errno != ENXIO)
3910 				continue;
3911 
3912 			if (ioctl(s6, SIOCGLIFFLAGS, &lifr) != -1 ||
3913 			    errno != ENXIO)
3914 				continue;
3915 
3916 			lifr.lifr_ppa = ppa;
3917 			lifr.lifr_flags = flags;
3918 			retval = ioctl(ip_fd, SIOCSLIFNAME, &lifr);
3919 			if (retval != -1 || errno != EEXIST)
3920 				break;
3921 		}
3922 	} else {
3923 		ifspec_t ifsp;
3924 
3925 		/*
3926 		 * The interface name could have come from the command-line;
3927 		 * check it.
3928 		 */
3929 		if (!ifparse_ifspec(ifname, &ifsp) || ifsp.ifsp_lunvalid)
3930 			Perror2_exit("invalid IP interface name", ifname);
3931 
3932 		/*
3933 		 * Before we call SIOCSLIFNAME, ensure that the IPMP group
3934 		 * interface for this address family exists.  Otherwise, the
3935 		 * kernel will kick the interface out of the group when we do
3936 		 * the SIOCSLIFNAME.
3937 		 *
3938 		 * Example: suppose bge0 is plumbed for IPv4 and in group "a".
3939 		 * If we're now plumbing bge0 for IPv6, but the IPMP group
3940 		 * interface for "a" is not plumbed for IPv6, the SIOCSLIFNAME
3941 		 * will kick bge0 out of group "a", which is undesired.
3942 		 */
3943 		if (create_ipmp_peer(af, ifname) == -1) {
3944 			(void) fprintf(stderr, "ifconfig: warning: cannot "
3945 			    "create %s IPMP group; %s will be removed from "
3946 			    "group\n", af == AF_INET ? "IPv4" : "IPv6", ifname);
3947 		}
3948 
3949 		lifr.lifr_ppa = ifsp.ifsp_ppa;
3950 		lifr.lifr_flags = flags;
3951 		(void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ);
3952 		retval = ioctl(ip_fd, SIOCSLIFNAME, &lifr);
3953 	}
3954 
3955 	if (retval == -1) {
3956 		if (errno != EEXIST)
3957 			Perror0_exit("SIOCSLIFNAME for ip");
3958 		/*
3959 		 * This difference between the way we behave for EEXIST
3960 		 * and that with other errors exists to preserve legacy
3961 		 * behaviour. Earlier when foreachinterface() and matchif()
3962 		 * were doing the duplicate interface name checks, for
3963 		 * already existing interfaces, inetplumb() returned "0".
3964 		 * To preserve this behaviour, Perror0() and return are
3965 		 * called for EEXIST.
3966 		 */
3967 		Perror0("SIOCSLIFNAME for ip");
3968 		return (-1);
3969 	}
3970 
3971 	/* Get the full set of existing flags for this stream */
3972 	if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1)
3973 		Perror0_exit("ifplumb: SIOCGLIFFLAGS");
3974 
3975 	if (debug) {
3976 		(void) printf("ifconfig: ifplumb: %s got flags:\n",
3977 		    lifr.lifr_name);
3978 		print_flags(lifr.lifr_flags);
3979 		(void) putchar('\n');
3980 	}
3981 
3982 	/* Check if arp is not actually needed */
3983 	if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) {
3984 		if (ioctl(ip_fd, I_POP, 0) == -1)
3985 			Perror2_exit("I_POP", ARP_MOD_NAME);
3986 	}
3987 
3988 	/*
3989 	 * Open "/dev/udp" for use as a multiplexor to PLINK the
3990 	 * interface stream under. We use "/dev/udp" instead of "/dev/ip"
3991 	 * since STREAMS will not let you PLINK a driver under itself,
3992 	 * and "/dev/ip" is typically the driver at the bottom of
3993 	 * the stream for tunneling interfaces.
3994 	 */
3995 	if (af == AF_INET6)
3996 		udp_dev_name = UDP6_DEV_NAME;
3997 	else
3998 		udp_dev_name = UDP_DEV_NAME;
3999 	if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1)
4000 		exit(EXIT_FAILURE);
4001 
4002 	/* Check if arp is not needed */
4003 	if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) {
4004 		/*
4005 		 * PLINK the interface stream so that ifconfig can exit
4006 		 * without tearing down the stream.
4007 		 */
4008 		if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1)
4009 			Perror0_exit("I_PLINK for ip");
4010 		(void) close(mux_fd);
4011 		return (lifr.lifr_ppa);
4012 	}
4013 
4014 	/*
4015 	 * This interface does use ARP, so set up a separate stream
4016 	 * from the interface to ARP.
4017 	 *
4018 	 * Note: modules specified by the user are pushed
4019 	 * only on the interface stream, not on the ARP stream.
4020 	 */
4021 	if (debug)
4022 		(void) printf("ifconfig: ifplumb: interface %s", ifname);
4023 
4024 	retval = dlpi_open(linkname, &dh_arp, dlpi_flags);
4025 	if (retval != DLPI_SUCCESS)
4026 		Perrdlpi_exit("cannot open link", linkname, retval);
4027 
4028 	arp_fd = dlpi_fd(dh_arp);
4029 	if (ioctl(arp_fd, I_PUSH, ARP_MOD_NAME) == -1)
4030 		Perror2_exit("I_PUSH", ARP_MOD_NAME);
4031 
4032 	/*
4033 	 * Tell ARP the name and unit number for this interface.
4034 	 * Note that arp has no support for transparent ioctls.
4035 	 */
4036 	if (strioctl(arp_fd, SIOCSLIFNAME, &lifr, sizeof (lifr)) == -1) {
4037 		if (errno != EEXIST)
4038 			Perror0_exit("SIOCSLIFNAME for arp");
4039 		Perror0("SIOCSLIFNAME for arp");
4040 		goto out;
4041 	}
4042 
4043 	/*
4044 	 * PLINK the IP and ARP streams so that ifconfig can exit
4045 	 * without tearing down the stream.
4046 	 */
4047 	if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1)
4048 		Perror0_exit("I_PLINK for ip");
4049 	if ((arp_muxid = ioctl(mux_fd, I_PLINK, arp_fd)) == -1) {
4050 		(void) ioctl(mux_fd, I_PUNLINK, ip_muxid);
4051 		Perror0_exit("I_PLINK for arp");
4052 	}
4053 
4054 	if (debug)
4055 		(void) printf("arp muxid = %d\n", arp_muxid);
4056 out:
4057 	dlpi_close(dh_ip);
4058 	dlpi_close(dh_arp);
4059 	(void) close(mux_fd);
4060 	return (lifr.lifr_ppa);
4061 }
4062 
4063 /*
4064  * If this is a physical interface then remove it.
4065  * If it is a logical interface name use SIOCLIFREMOVEIF to
4066  * remove it. In both cases fail if it doesn't exist.
4067  */
4068 /* ARGSUSED */
4069 static int
4070 inetunplumb(char *arg, int64_t param)
4071 {
4072 	int ip_muxid, arp_muxid;
4073 	int mux_fd;
4074 	int muxid_fd;
4075 	char *udp_dev_name;
4076 	char *strptr;
4077 	uint64_t flags;
4078 	boolean_t changed_arp_muxid = _B_FALSE;
4079 	int save_errno;
4080 	boolean_t v6 = (afp->af_af == AF_INET6);
4081 
4082 	strptr = strchr(name, ':');
4083 	if (strptr != NULL || strcmp(name, LOOPBACK_IF) == 0) {
4084 		/* Can't unplumb logical interface zero */
4085 		if (strptr != NULL && strcmp(strptr, ":0") == 0) {
4086 			(void) fprintf(stderr, "ifconfig: unplumb:"
4087 			    " Cannot unplumb %s: Invalid interface\n", name);
4088 			exit(1);
4089 		}
4090 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4091 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
4092 
4093 		if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0)
4094 			Perror0_exit("unplumb: SIOCLIFREMOVEIF");
4095 		return (0);
4096 	}
4097 
4098 	/*
4099 	 * We used /dev/udp or udp6 to set up the mux. So we have to use
4100 	 * the same now for PUNLINK also.
4101 	 */
4102 	if (v6)
4103 		udp_dev_name = UDP6_DEV_NAME;
4104 	else
4105 		udp_dev_name = UDP_DEV_NAME;
4106 
4107 	if ((muxid_fd = open(udp_dev_name, O_RDWR)) == -1)
4108 		exit(EXIT_FAILURE);
4109 
4110 	if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1)
4111 		exit(EXIT_FAILURE);
4112 
4113 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4114 	if (ioctl(muxid_fd, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
4115 		Perror0_exit("unplumb: SIOCGLIFFLAGS");
4116 	}
4117 	flags = lifr.lifr_flags;
4118 again:
4119 	if (flags & IFF_IPMP) {
4120 		lifgroupinfo_t lifgr;
4121 		ifaddrlistx_t *ifaddrs, *ifaddrp;
4122 
4123 		/*
4124 		 * There are two reasons the I_PUNLINK can fail with EBUSY:
4125 		 * (1) if IP interfaces are in the group, or (2) if IPMP data
4126 		 * addresses are administratively up.  For case (1), we fail
4127 		 * here with a specific error message.  For case (2), we bring
4128 		 * down the addresses prior to doing the I_PUNLINK.  If the
4129 		 * I_PUNLINK still fails with EBUSY then the configuration
4130 		 * must have changed after our checks, in which case we branch
4131 		 * back up to `again' and rerun this logic.  The net effect is
4132 		 * that unplumbing an IPMP interface will only fail with EBUSY
4133 		 * if IP interfaces are in the group.
4134 		 */
4135 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) == -1)
4136 			Perror0_exit("unplumb: SIOCGLIFGROUPNAME");
4137 
4138 		(void) strlcpy(lifgr.gi_grname, lifr.lifr_groupname,
4139 		    LIFGRNAMSIZ);
4140 		if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1)
4141 			Perror0_exit("unplumb: SIOCGLIFGROUPINFO");
4142 
4143 		if ((v6 && lifgr.gi_nv6 != 0) || (!v6 && lifgr.gi_nv4 != 0)) {
4144 			(void) fprintf(stderr, "ifconfig: %s: cannot unplumb:"
4145 			    " IPMP group is not empty\n", name);
4146 			exit(1);
4147 		}
4148 
4149 		/*
4150 		 * The kernel will fail the I_PUNLINK if the IPMP interface
4151 		 * has administratively up addresses; bring 'em down.
4152 		 */
4153 		if (ifaddrlistx(name, IFF_UP|IFF_DUPLICATE, 0, &ifaddrs) == -1)
4154 			Perror2_exit(name, "cannot get address list");
4155 
4156 		ifaddrp = ifaddrs;
4157 		for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
4158 			if (((ifaddrp->ia_flags & IFF_IPV6) && !v6) ||
4159 			    (!(ifaddrp->ia_flags & IFF_IPV6) && v6))
4160 				continue;
4161 
4162 			if (!ifaddr_down(ifaddrp)) {
4163 				Perror2_exit(ifaddrp->ia_name,
4164 				    "cannot bring down");
4165 			}
4166 		}
4167 		ifaddrlistx_free(ifaddrs);
4168 	}
4169 
4170 	if (ioctl(muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
4171 		Perror0_exit("unplumb: SIOCGLIFMUXID");
4172 	}
4173 	arp_muxid = lifr.lifr_arp_muxid;
4174 	ip_muxid = lifr.lifr_ip_muxid;
4175 	/*
4176 	 * We don't have a good way of knowing whether the arp stream is
4177 	 * plumbed. We can't rely on IFF_NOARP because someone could
4178 	 * have turned it off later using "ifconfig xxx -arp".
4179 	 */
4180 	if (arp_muxid != 0) {
4181 		if (debug)
4182 			(void) printf("arp_muxid %d\n", arp_muxid);
4183 		if (ioctl(mux_fd, I_PUNLINK, arp_muxid) < 0) {
4184 			/*
4185 			 * See the comment before the SIOCGLIFGROUPNAME call.
4186 			 */
4187 			if (errno == EBUSY && (flags & IFF_IPMP))
4188 				goto again;
4189 
4190 			if ((errno == EINVAL) &&
4191 			    (flags & (IFF_NOARP | IFF_IPV6))) {
4192 				/*
4193 				 * Some plumbing utilities set the muxid to
4194 				 * -1 or some invalid value to signify that
4195 				 * there is no arp stream. Set the muxid to 0
4196 				 * before trying to unplumb the IP stream.
4197 				 * IP does not allow the IP stream to be
4198 				 * unplumbed if it sees a non-null arp muxid,
4199 				 * for consistency of IP-ARP streams.
4200 				 */
4201 				lifr.lifr_arp_muxid = 0;
4202 				(void) ioctl(muxid_fd, SIOCSLIFMUXID,
4203 				    (caddr_t)&lifr);
4204 				changed_arp_muxid = _B_TRUE;
4205 			} else {
4206 				Perror0("I_PUNLINK for arp");
4207 			}
4208 		}
4209 	}
4210 	if (debug)
4211 		(void) printf("ip_muxid %d\n", ip_muxid);
4212 
4213 	if (ioctl(mux_fd, I_PUNLINK, ip_muxid) < 0) {
4214 		if (changed_arp_muxid) {
4215 			/*
4216 			 * Some error occurred, and we need to restore
4217 			 * everything back to what it was.
4218 			 */
4219 			save_errno = errno;
4220 			lifr.lifr_arp_muxid = arp_muxid;
4221 			lifr.lifr_ip_muxid = ip_muxid;
4222 			(void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
4223 			errno = save_errno;
4224 		}
4225 
4226 		/*
4227 		 * See the comment before the SIOCGLIFGROUPNAME call.
4228 		 */
4229 		if (errno == EBUSY && (flags & IFF_IPMP))
4230 			goto again;
4231 
4232 		Perror0_exit("I_PUNLINK for ip");
4233 	}
4234 	(void) close(mux_fd);
4235 	(void) close(muxid_fd);
4236 	return (0);
4237 }
4238 
4239 /*
4240  * If this is a physical interface then create it unless it is already
4241  * present. If it is a logical interface name use SIOCLIFADDIF to
4242  * create and (and fail it if already exists.)
4243  * As a special case send SIOCLIFADDIF for the loopback interface. This
4244  * is needed since there is no other notion of plumbing the loopback
4245  * interface.
4246  */
4247 /* ARGSUSED */
4248 static int
4249 inetplumb(char *arg, int64_t param)
4250 {
4251 	char		*strptr;
4252 	boolean_t	islo;
4253 	zoneid_t	zoneid;
4254 
4255 	strptr = strchr(name, ':');
4256 	islo = (strcmp(name, LOOPBACK_IF) == 0);
4257 
4258 	if (strptr != NULL || islo) {
4259 		(void) memset(&lifr, 0, sizeof (lifr));
4260 		(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4261 		if (islo && ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) {
4262 			if (debug) {
4263 				(void) fprintf(stderr,
4264 				    "ifconfig: %s already exists\n", name);
4265 			}
4266 			return (0);
4267 		}
4268 		if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) {
4269 			if (errno == EEXIST) {
4270 				if (debug) {
4271 					(void) fprintf(stderr,
4272 					    "ifconfig: %s already exists\n",
4273 					    name);
4274 				}
4275 			} else {
4276 				Perror2_exit("plumb: SIOCLIFADDIF", name);
4277 			}
4278 		}
4279 		return (0);
4280 	}
4281 
4282 	/*
4283 	 * For global zone, check if the interface is used by a non-global
4284 	 * zone, note that the non-global zones doesn't need this check,
4285 	 * because zoneadm has taken care of this when the zone boots.
4286 	 */
4287 	zoneid = getzoneid();
4288 	if (zoneid == GLOBAL_ZONEID) {
4289 		int ret;
4290 
4291 		zoneid = ALL_ZONES;
4292 		ret = zone_check_datalink(&zoneid, name);
4293 		if (ret == 0) {
4294 			char zonename[ZONENAME_MAX];
4295 
4296 			(void) getzonenamebyid(zoneid, zonename, ZONENAME_MAX);
4297 			(void) fprintf(stderr, "%s is used by non-global"
4298 			    "zone: %s\n", name, zonename);
4299 			return (1);
4300 		}
4301 	}
4302 
4303 	if (debug)
4304 		(void) printf("inetplumb: %s af %d\n", name, afp->af_af);
4305 
4306 	(void) ifplumb(name, name, _B_FALSE, afp->af_af);
4307 	return (0);
4308 }
4309 
4310 /* ARGSUSED */
4311 static int
4312 inetipmp(char *arg, int64_t param)
4313 {
4314 	int retval;
4315 
4316 	/*
4317 	 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb".
4318 	 * Otherwise, try to create the requested IPMP interface.
4319 	 */
4320 	if (strchr(name, ':') != NULL)
4321 		retval = inetplumb(arg, param);
4322 	else
4323 		retval = create_ipmp(name, afp->af_af, name, _B_FALSE);
4324 
4325 	/*
4326 	 * We'd return -1, but foreachinterface() doesn't propagate the error
4327 	 * into the exit status, so we're forced to explicitly exit().
4328 	 */
4329 	if (retval == -1)
4330 		exit(1);
4331 	return (0);
4332 }
4333 
4334 /*
4335  * Create an IPMP group `grname' with address family `af'.  If `ifname' is
4336  * non-NULL, it specifies the interface name to use.  Otherwise, use the name
4337  * ipmpN, where N corresponds to the lowest available integer.  If `implicit'
4338  * is set, then the group is being created as a side-effect of placing an
4339  * underlying interface in a group.  Also start in.mpathd if necessary.
4340  */
4341 static int
4342 create_ipmp(const char *grname, int af, const char *ifname, boolean_t implicit)
4343 {
4344 	int ppa;
4345 	static int ipmp_daemon_started;
4346 
4347 	if (debug) {
4348 		(void) printf("create_ipmp: ifname %s grname %s af %d\n",
4349 		    ifname != NULL ? ifname : "NULL", grname, af);
4350 	}
4351 
4352 	if (ifname != NULL)
4353 		ppa = ifplumb(IPMPSTUB, ifname, _B_FALSE, af);
4354 	else
4355 		ppa = ifplumb(IPMPSTUB, "ipmp", _B_TRUE, af);
4356 
4357 	if (ppa == -1) {
4358 		Perror2(grname, "cannot create IPMP interface");
4359 		return (-1);
4360 	}
4361 
4362 	if (ifname != NULL)
4363 		(void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ);
4364 	else
4365 		(void) snprintf(lifr.lifr_name, LIFNAMSIZ, "ipmp%d", ppa);
4366 
4367 	/*
4368 	 * To preserve backward-compatibility, always bring up the link-local
4369 	 * address for implicitly-created IPv6 IPMP interfaces.
4370 	 */
4371 	if (implicit && af == AF_INET6) {
4372 		if (ioctl(s6, SIOCGLIFFLAGS, &lifr) == 0) {
4373 			lifr.lifr_flags |= IFF_UP;
4374 			(void) ioctl(s6, SIOCSLIFFLAGS, &lifr);
4375 		}
4376 	}
4377 
4378 	/*
4379 	 * If the caller requested a different group name, issue a
4380 	 * SIOCSLIFGROUPNAME on the new IPMP interface.
4381 	 */
4382 	if (strcmp(lifr.lifr_name, grname) != 0) {
4383 		(void) strlcpy(lifr.lifr_groupname, grname, LIFGRNAMSIZ);
4384 		if (ioctl(s, SIOCSLIFGROUPNAME, &lifr) == -1) {
4385 			Perror0("SIOCSLIFGROUPNAME");
4386 			return (-1);
4387 		}
4388 	}
4389 
4390 	/*
4391 	 * If we haven't done so yet, ensure in.mpathd is started.
4392 	 */
4393 	if (ipmp_daemon_started++ == 0)
4394 		start_ipmp_daemon();
4395 
4396 	return (0);
4397 }
4398 
4399 /*
4400  * Check if `ifname' is plumbed and in an IPMP group on its "other" address
4401  * family.  If so, create a matching IPMP group for address family `af'.
4402  */
4403 static int
4404 create_ipmp_peer(int af, const char *ifname)
4405 {
4406 	int		fd;
4407 	lifgroupinfo_t	lifgr;
4408 
4409 	assert(af == AF_INET || af == AF_INET6);
4410 
4411 	/*
4412 	 * Get the socket for the "other" address family.
4413 	 */
4414 	fd = (af == AF_INET) ? s6 : s4;
4415 
4416 	(void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ);
4417 	if (ioctl(fd, SIOCGLIFGROUPNAME, &lifr) != 0)
4418 		return (0);
4419 
4420 	(void) strlcpy(lifgr.gi_grname, lifr.lifr_groupname, LIFGRNAMSIZ);
4421 	if (ioctl(fd, SIOCGLIFGROUPINFO, &lifgr) != 0)
4422 		return (0);
4423 
4424 	/*
4425 	 * If `ifname' *is* the IPMP group interface, or if the relevant
4426 	 * address family is already configured, then there's nothing to do.
4427 	 */
4428 	if (strcmp(lifgr.gi_grifname, ifname) == 0 ||
4429 	    (af == AF_INET && lifgr.gi_v4) || (af == AF_INET6 && lifgr.gi_v6))
4430 		return (0);
4431 
4432 	return (create_ipmp(lifgr.gi_grname, af, lifgr.gi_grifname, _B_TRUE));
4433 }
4434 
4435 /*
4436  * Start in.mpathd if it's not already running.
4437  */
4438 static void
4439 start_ipmp_daemon(void)
4440 {
4441 	int retval;
4442 	ipmp_handle_t ipmp_handle;
4443 
4444 	/*
4445 	 * Ping in.mpathd to see if it's running already.
4446 	 */
4447 	if ((retval = ipmp_open(&ipmp_handle)) != IPMP_SUCCESS) {
4448 		(void) fprintf(stderr, "ifconfig: cannot create IPMP handle: "
4449 		    "%s\n", ipmp_errmsg(retval));
4450 		return;
4451 	}
4452 
4453 	retval = ipmp_ping_daemon(ipmp_handle);
4454 	ipmp_close(ipmp_handle);
4455 
4456 	switch (retval) {
4457 	case IPMP_ENOMPATHD:
4458 		break;
4459 	case IPMP_SUCCESS:
4460 		return;
4461 	default:
4462 		(void) fprintf(stderr, "ifconfig: cannot ping in.mpathd: %s\n",
4463 		    ipmp_errmsg(retval));
4464 		break;
4465 	}
4466 
4467 	/*
4468 	 * Start in.mpathd.  Note that in.mpathd will handle multiple
4469 	 * incarnations (ipmp_ping_daemon() is just an optimization) so we
4470 	 * don't need to worry about racing with another ifconfig process.
4471 	 */
4472 	switch (fork()) {
4473 	case -1:
4474 		Perror0_exit("start_ipmp_daemon: fork");
4475 		/* NOTREACHED */
4476 	case 0:
4477 		(void) execl(MPATHD_PATH, MPATHD_PATH, NULL);
4478 		_exit(1);
4479 		/* NOTREACHED */
4480 	default:
4481 		break;
4482 	}
4483 }
4484 
4485 /*
4486  * Bring the address named by `ifaddrp' up or down.  Doesn't trust any mutable
4487  * values in ia_flags since they may be stale.
4488  */
4489 static boolean_t
4490 ifaddr_op(ifaddrlistx_t *ifaddrp, boolean_t up)
4491 {
4492 	struct lifreq	lifrl;	/* Local lifreq struct */
4493 	int		fd = (ifaddrp->ia_flags & IFF_IPV4) ? s4 : s6;
4494 
4495 	(void) memset(&lifrl, 0, sizeof (lifrl));
4496 	(void) strlcpy(lifrl.lifr_name, ifaddrp->ia_name, LIFNAMSIZ);
4497 	if (ioctl(fd, SIOCGLIFFLAGS, &lifrl) == -1)
4498 		return (_B_FALSE);
4499 
4500 	if (up)
4501 		lifrl.lifr_flags |= IFF_UP;
4502 	else
4503 		lifrl.lifr_flags &= ~IFF_UP;
4504 
4505 	if (ioctl(fd, SIOCSLIFFLAGS, &lifrl) == -1)
4506 		return (_B_FALSE);
4507 
4508 	/*
4509 	 * If we're trying to bring the address down, ensure that DAD activity
4510 	 * (observable by IFF_DUPLICATE) has also been stopped.
4511 	 */
4512 	if (!up && ioctl(fd, SIOCGLIFFLAGS, &lifrl) != -1 &&
4513 	    lifrl.lifr_flags & IFF_DUPLICATE) {
4514 		if (ioctl(fd, SIOCGLIFADDR, &lifrl) == -1 ||
4515 		    ioctl(fd, SIOCSLIFADDR, &lifrl) == -1) {
4516 			return (_B_FALSE);
4517 		}
4518 	}
4519 	return (_B_TRUE);
4520 }
4521 
4522 static boolean_t
4523 ifaddr_up(ifaddrlistx_t *ifaddrp)
4524 {
4525 	return (ifaddr_op(ifaddrp, _B_TRUE));
4526 }
4527 
4528 static boolean_t
4529 ifaddr_down(ifaddrlistx_t *ifaddrp)
4530 {
4531 	return (ifaddr_op(ifaddrp, _B_FALSE));
4532 }
4533 
4534 void
4535 Perror0(const char *cmd)
4536 {
4537 	Perror2(cmd, lifr.lifr_name);
4538 }
4539 
4540 void
4541 Perror0_exit(const char *cmd)
4542 {
4543 	Perror0(cmd);
4544 	exit(1);
4545 	/* NOTREACHED */
4546 }
4547 
4548 void
4549 Perror2(const char *cmd, const char *str)
4550 {
4551 	int error = errno;
4552 
4553 	(void) fprintf(stderr, "ifconfig: %s: ", cmd);
4554 
4555 	switch (error) {
4556 	case ENXIO:
4557 		(void) fprintf(stderr, "%s: no such interface\n", str);
4558 		break;
4559 	case EPERM:
4560 		(void) fprintf(stderr, "%s: permission denied\n", str);
4561 		break;
4562 	case EEXIST:
4563 		(void) fprintf(stderr, "%s: already exists\n", str);
4564 		break;
4565 	default:
4566 		errno = error;
4567 		perror(str);
4568 	}
4569 }
4570 
4571 /*
4572  * Print out error message (Perror2()) and exit
4573  */
4574 void
4575 Perror2_exit(const char *cmd, const char *str)
4576 {
4577 	Perror2(cmd, str);
4578 	exit(1);
4579 	/* NOTREACHED */
4580 }
4581 
4582 void
4583 Perrdlpi(const char *cmd, const char *linkname, int err)
4584 {
4585 	(void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd,
4586 	    linkname, dlpi_strerror(err));
4587 }
4588 
4589 /*
4590  * Print out error message (Perrdlpi()) and exit
4591  */
4592 void
4593 Perrdlpi_exit(const char *cmd, const char *linkname, int err)
4594 {
4595 	Perrdlpi(cmd, linkname, err);
4596 	exit(1);
4597 }
4598 
4599 /*
4600  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4601  * pass out <n> in *plenp.
4602  * If <n> doesn't parse return BAD_ADDR as *plenp.
4603  * If no /<n> is present return NO_PREFIX as *plenp.
4604  */
4605 static void
4606 in_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4607 {
4608 	/* LINTED: alignment */
4609 	struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
4610 	struct hostent *hp;
4611 	struct netent *np;
4612 	char str[BUFSIZ];
4613 	int error_num;
4614 
4615 	(void) strncpy(str, s, sizeof (str));
4616 
4617 	/*
4618 	 * Look for '/'<n> is plenp
4619 	 */
4620 	if (plenp != NULL) {
4621 		char *cp;
4622 
4623 		*plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS);
4624 		if (*plenp == BAD_ADDR)
4625 			return;
4626 		cp = strchr(str, '/');
4627 		if (cp != NULL)
4628 			*cp = '\0';
4629 	} else if (strchr(str, '/') != NULL) {
4630 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4631 		exit(1);
4632 	}
4633 
4634 	(void) memset(sin, 0, sizeof (*sin));
4635 
4636 	/*
4637 	 *	Try to catch attempts to set the broadcast address to all 1's.
4638 	 */
4639 	if (strcmp(str, "255.255.255.255") == 0 ||
4640 	    (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) {
4641 		sin->sin_family = AF_INET;
4642 		sin->sin_addr.s_addr = 0xffffffff;
4643 		return;
4644 	}
4645 
4646 	hp = getipnodebyname(str, AF_INET, 0, &error_num);
4647 	if (hp) {
4648 		sin->sin_family = hp->h_addrtype;
4649 		(void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
4650 		freehostent(hp);
4651 		return;
4652 	}
4653 	np = getnetbyname(str);
4654 	if (np) {
4655 		sin->sin_family = np->n_addrtype;
4656 		sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY);
4657 		return;
4658 	}
4659 	if (error_num == TRY_AGAIN) {
4660 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4661 		    "(try again later)\n", s);
4662 	} else {
4663 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4664 	}
4665 	exit(1);
4666 }
4667 
4668 /*
4669  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4670  * pass out <n> in *plenp.
4671  * If <n> doesn't parse return BAD_ADDR as *plenp.
4672  * If no /<n> is present return NO_PREFIX as *plenp.
4673  */
4674 static void
4675 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4676 {
4677 	/* LINTED: alignment */
4678 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
4679 	struct hostent *hp;
4680 	char str[BUFSIZ];
4681 	int error_num;
4682 
4683 	(void) strncpy(str, s, sizeof (str));
4684 
4685 	/*
4686 	 * Look for '/'<n> is plenp
4687 	 */
4688 	if (plenp != NULL) {
4689 		char *cp;
4690 
4691 		*plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS);
4692 		if (*plenp == BAD_ADDR)
4693 			return;
4694 		cp = strchr(str, '/');
4695 		if (cp != NULL)
4696 			*cp = '\0';
4697 	} else if (strchr(str, '/') != NULL) {
4698 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4699 		exit(1);
4700 	}
4701 
4702 	(void) memset(sin6, 0, sizeof (*sin6));
4703 
4704 	hp = getipnodebyname(str, AF_INET6, 0, &error_num);
4705 	if (hp) {
4706 		sin6->sin6_family = hp->h_addrtype;
4707 		(void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length);
4708 		freehostent(hp);
4709 		return;
4710 	}
4711 	if (error_num == TRY_AGAIN) {
4712 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4713 		    "(try again later)\n", s);
4714 	} else {
4715 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4716 	}
4717 	exit(1);
4718 }
4719 
4720 /*
4721  * If "slash" is zero this parses the whole string as
4722  * an integer. With "slash" non zero it parses the tail part as an integer.
4723  *
4724  * If it is not a valid integer this returns BAD_ADDR.
4725  * If there is /<n> present this returns NO_PREFIX.
4726  */
4727 static int
4728 in_getprefixlen(char *addr, boolean_t slash, int max_plen)
4729 {
4730 	int prefixlen;
4731 	char *str, *end;
4732 
4733 	if (slash) {
4734 		str = strchr(addr, '/');
4735 		if (str == NULL)
4736 			return (NO_PREFIX);
4737 		str++;
4738 	} else
4739 		str = addr;
4740 
4741 	prefixlen = strtol(str, &end, 10);
4742 	if (prefixlen < 0)
4743 		return (BAD_ADDR);
4744 	if (str == end)
4745 		return (BAD_ADDR);
4746 	if (max_plen != 0 && max_plen < prefixlen)
4747 		return (BAD_ADDR);
4748 	return (prefixlen);
4749 }
4750 
4751 /*
4752  * Convert a prefix length to a mask.
4753  * Returns 1 if ok. 0 otherwise.
4754  * Assumes the mask array is zero'ed by the caller.
4755  */
4756 static boolean_t
4757 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask)
4758 {
4759 	if (prefixlen < 0 || prefixlen > maxlen)
4760 		return (0);
4761 
4762 	while (prefixlen > 0) {
4763 		if (prefixlen >= 8) {
4764 			*mask++ = 0xFF;
4765 			prefixlen -= 8;
4766 			continue;
4767 		}
4768 		*mask |= 1 << (8 - prefixlen);
4769 		prefixlen--;
4770 	}
4771 	return (1);
4772 }
4773 
4774 static void
4775 print_flags(uint64_t flags)
4776 {
4777 	boolean_t first = _B_TRUE;
4778 	int cnt, i;
4779 
4780 	(void) printf("flags=%llx", flags);
4781 	cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t);
4782 	for (i = 0; i < cnt; i++) {
4783 		if (flags & if_flags_tbl[i].iff_value) {
4784 			if (first) {
4785 				(void) printf("<");
4786 				first = _B_FALSE;
4787 			} else {
4788 				/*
4789 				 * It has to be here and not with the
4790 				 * printf below because for the last one,
4791 				 * we don't want a comma before the ">".
4792 				 */
4793 				(void) printf(",");
4794 			}
4795 			(void) printf("%s", if_flags_tbl[i].iff_name);
4796 		}
4797 	}
4798 	if (!first)
4799 		(void) printf(">");
4800 }
4801 
4802 static void
4803 print_config_flags(int af, uint64_t flags)
4804 {
4805 	if_config_cmd_t *cmdp;
4806 
4807 	for (cmdp = if_config_cmd_tbl; cmdp->iff_flag != 0; cmdp++) {
4808 		if ((flags & cmdp->iff_flag) &&
4809 		    (cmdp->iff_af == AF_UNSPEC || cmdp->iff_af == af)) {
4810 			(void) printf("%s ", cmdp->iff_name);
4811 		}
4812 	}
4813 }
4814 
4815 /*
4816  * Use the configured directory lookup mechanism (e.g. files/NIS/NIS+/...)
4817  * to find the network mask.  Returns true if we found one to set.
4818  *
4819  * The parameter addr_set controls whether we should get the address of
4820  * the working interface for the netmask query.  If addr_set is true,
4821  * we will use the address provided.  Otherwise, we will find the working
4822  * interface's address and use it instead.
4823  */
4824 static boolean_t
4825 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set)
4826 {
4827 	struct sockaddr_in ifaddr;
4828 
4829 	/*
4830 	 * Read the address from the interface if it is not passed in.
4831 	 */
4832 	if (!addr_set) {
4833 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4834 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
4835 			if (errno != EADDRNOTAVAIL) {
4836 				(void) fprintf(stderr, "Need net number for "
4837 				    "mask\n");
4838 			}
4839 			return (_B_FALSE);
4840 		}
4841 		ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr);
4842 	} else {
4843 		ifaddr.sin_addr = saddr->sin_addr;
4844 	}
4845 	if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) {
4846 		saddr->sin_family = AF_INET;
4847 		return (_B_TRUE);
4848 	}
4849 	return (_B_FALSE);
4850 }
4851 
4852 static int
4853 lifnum(const char *ifname)
4854 {
4855 	const char *cp;
4856 
4857 	if ((cp = strchr(ifname, ':')) == NULL)
4858 		return (0);
4859 	else
4860 		return (atoi(cp + 1));
4861 }
4862 
4863 static int
4864 strioctl(int s, int cmd, void *buf, int buflen)
4865 {
4866 	struct strioctl ioc;
4867 
4868 	(void) memset(&ioc, 0, sizeof (ioc));
4869 	ioc.ic_cmd = cmd;
4870 	ioc.ic_timout = 0;
4871 	ioc.ic_len = buflen;
4872 	ioc.ic_dp = buf;
4873 	return (ioctl(s, I_STR, (char *)&ioc));
4874 }
4875 
4876 static void
4877 add_ni(const char *name)
4878 {
4879 	ni_t **pp;
4880 	ni_t *p;
4881 
4882 	for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) {
4883 		if (strcmp(p->ni_name, name) == 0) {
4884 			if (debug > 2)
4885 				(void) fprintf(stderr, "'%s' is a duplicate\n",
4886 				    name);
4887 			return;
4888 		}
4889 	}
4890 
4891 	if (debug > 2)
4892 		(void) fprintf(stderr, "adding '%s'\n",
4893 		    name);
4894 
4895 	if ((p = malloc(sizeof (ni_t))) == NULL)
4896 		return;
4897 
4898 	(void) strlcpy(p->ni_name, name, sizeof (p->ni_name));
4899 	p->ni_next = NULL;
4900 
4901 	*pp = p;
4902 	num_ni++;
4903 }
4904 
4905 static boolean_t
4906 ni_entry(const char *linkname, void *arg)
4907 {
4908 	dlpi_handle_t	dh;
4909 	datalink_class_t class;
4910 
4911 	(void) dladm_name2info(arg, linkname, NULL, NULL, &class, NULL);
4912 
4913 	if (class == DATALINK_CLASS_ETHERSTUB)
4914 		return (_B_FALSE);
4915 	if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS)
4916 		return (_B_FALSE);
4917 
4918 	add_ni(linkname);
4919 
4920 	dlpi_close(dh);
4921 	return (_B_FALSE);
4922 }
4923 
4924 /*
4925  * dhcp-related routines
4926  */
4927 
4928 static int
4929 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[])
4930 {
4931 	dhcp_ipc_request_t	*request;
4932 	dhcp_ipc_reply_t	*reply	= NULL;
4933 	int			timeout = DHCP_IPC_WAIT_DEFAULT;
4934 	dhcp_ipc_type_t		type	= DHCP_START;
4935 	int			error;
4936 	boolean_t		is_primary = _B_FALSE;
4937 	boolean_t		started = _B_FALSE;
4938 
4939 	for (argv++; --argc > 0; argv++) {
4940 
4941 		if (strcmp(*argv, "primary") == 0) {
4942 			is_primary = _B_TRUE;
4943 			continue;
4944 		}
4945 
4946 		if (strcmp(*argv, "wait") == 0) {
4947 			if (--argc <= 0) {
4948 				usage();
4949 				return (DHCP_EXIT_BADARGS);
4950 			}
4951 			argv++;
4952 
4953 			if (strcmp(*argv, "forever") == 0) {
4954 				timeout = DHCP_IPC_WAIT_FOREVER;
4955 				continue;
4956 			}
4957 
4958 			if (sscanf(*argv, "%d", &timeout) != 1) {
4959 				usage();
4960 				return (DHCP_EXIT_BADARGS);
4961 			}
4962 
4963 			if (timeout < 0) {
4964 				usage();
4965 				return (DHCP_EXIT_BADARGS);
4966 			}
4967 			continue;
4968 		}
4969 
4970 		type = dhcp_string_to_request(*argv);
4971 		if (type == -1) {
4972 			usage();
4973 			return (DHCP_EXIT_BADARGS);
4974 		}
4975 	}
4976 
4977 	/*
4978 	 * Only try to start agent on start or inform; in all other cases it
4979 	 * has to already be running for anything to make sense.
4980 	 */
4981 	if (type == DHCP_START || type == DHCP_INFORM) {
4982 		if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) {
4983 			(void) fprintf(stderr, "%s: unable to start %s\n",
4984 			    caller, DHCP_AGENT_PATH);
4985 			return (DHCP_EXIT_FAILURE);
4986 		}
4987 		started = _B_TRUE;
4988 	}
4989 
4990 	if (is_primary)
4991 		type |= DHCP_PRIMARY;
4992 
4993 	if (af != AF_INET)
4994 		type |= DHCP_V6;
4995 
4996 	request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE);
4997 	if (request == NULL) {
4998 		(void) fprintf(stderr, "%s: out of memory\n", caller);
4999 		return (DHCP_EXIT_SYSTEM);
5000 	}
5001 
5002 	error = dhcp_ipc_make_request(request, &reply, timeout);
5003 	if (error != 0) {
5004 		free(request);
5005 		/*
5006 		 * Re-map connect error to not under control if we didn't try a
5007 		 * start operation, as this has to be true and results in a
5008 		 * clearer message, not to mention preserving compatibility
5009 		 * with the days when we always started dhcpagent for every
5010 		 * request.
5011 		 */
5012 		if (error == DHCP_IPC_E_CONNECT && !started)
5013 			error = DHCP_IPC_E_UNKIF;
5014 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
5015 		    dhcp_ipc_strerror(error));
5016 		return (DHCP_EXIT_FAILURE);
5017 	}
5018 
5019 	error = reply->return_code;
5020 	if (error != 0) {
5021 		free(request);
5022 		free(reply);
5023 
5024 		if (error == DHCP_IPC_E_TIMEOUT && timeout == 0)
5025 			return (DHCP_EXIT_SUCCESS);
5026 
5027 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
5028 		    dhcp_ipc_strerror(error));
5029 
5030 		if (error == DHCP_IPC_E_TIMEOUT)
5031 			return (DHCP_EXIT_TIMEOUT);
5032 		else
5033 			return (DHCP_EXIT_IF_FAILURE);
5034 	}
5035 
5036 	if (DHCP_IPC_CMD(type) == DHCP_STATUS) {
5037 		(void) printf("%s", dhcp_status_hdr_string());
5038 		(void) printf("%s", dhcp_status_reply_to_string(reply));
5039 	}
5040 
5041 	free(request);
5042 	free(reply);
5043 	return (DHCP_EXIT_SUCCESS);
5044 }
5045 
5046 static void
5047 usage(void)
5048 {
5049 	(void) fprintf(stderr,
5050 	    "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n");
5051 
5052 	(void) fprintf(stderr, "%s",
5053 	    "\t[ <addr_family> ]\n"
5054 	    "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n"
5055 	    "\t[ set [ <address>][/<prefix_length>] ]"
5056 	    " [ <address>/<prefix_length>] ]\n"
5057 	    "\t[ destination <dest_address> ]\n"
5058 	    "\t[ addif <address>[/<prefix_length>]"
5059 	    "  [ <dest_address> ] ]\n"
5060 	    "\t[ removeif <address>[/<prefix_length>] ]\n"
5061 	    "\t[ arp | -arp ]\n"
5062 	    "\t[ auto-revarp ]\n"
5063 	    "\t[ broadcast <broad_addr> ]\n"
5064 	    "\t[ index <if_index> ]\n"
5065 	    "\t[ metric <n> ] [ mtu <n> ]\n"
5066 	    "\t[ netmask <mask> ]\n"
5067 	    "\t[ plumb ] [ unplumb ]\n"
5068 	    "\t[ preferred | -preferred ]\n"
5069 	    "\t[ private | -private ]\n"
5070 	    "\t[ local | -local ]\n"
5071 	    "\t[ router | -router ]\n"
5072 	    "\t[ subnet <subnet_address>]\n"
5073 	    "\t[ trailers | -trailers ]\n"
5074 	    "\t[ token <address>/<prefix_length> ]\n"
5075 	    "\t[ tsrc <tunnel_src_address> ]\n"
5076 	    "\t[ tdst <tunnel_dest_address> ]\n"
5077 	    "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n"
5078 	    "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n"
5079 	    "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n"
5080 	    "\t[ up ] [ down ]\n"
5081 	    "\t[ xmit | -xmit ]\n"
5082 	    "\t[ modlist ]\n"
5083 	    "\t[ modinsert <module_name@position> ]\n"
5084 	    "\t[ modremove <module_name@position> ]\n"
5085 	    "\t[ ipmp ]\n"
5086 	    "\t[ group <groupname>] | [ group \"\"]\n"
5087 	    "\t[ deprecated | -deprecated ]\n"
5088 	    "\t[ standby | -standby ]\n"
5089 	    "\t[ failover | -failover ]\n"
5090 	    "\t[ zone <zonename> | -zone ]\n"
5091 	    "\t[ usesrc <interface> ]\n"
5092 	    "\t[ all-zones ]\n");
5093 
5094 	(void) fprintf(stderr, "or\n");
5095 	(void) fprintf(stderr,
5096 	    "\tifconfig <interface> |  -a[ 4 | 6 | D ] [ u | d ]\n");
5097 
5098 	(void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n"
5099 	    "\t[ wait <time> | forever ]\n\t[ primary ]\n"
5100 	    "\tstart | drop | ping | release | status | inform\n");
5101 }
5102