xref: /titanic_50/usr/src/cmd/cmd-inet/usr.sbin/ifconfig/ifconfig.c (revision 724365f7556fc4201fdb11766ebc6bd918523130)
1 /*
2  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 /*
6  * Copyright (c) 1983 Regents of the University of California.
7  * All rights reserved.  The Berkeley software License Agreement
8  * specifies the terms and conditions for redistribution.
9  */
10 
11 #pragma ident	"%Z%%M%	%I%	%E% SMI"
12 
13 #include "defs.h"
14 #include "strings.h"
15 #include "ifconfig.h"
16 #include <compat.h>
17 
18 #include <sys/dlpi.h>
19 #include <libdlpi.h>
20 
21 #include <inet/ip.h>
22 
23 #define	LOOPBACK_IF	"lo0"
24 
25 #define	NONE_STR	"none"
26 
27 #ifndef	ARP_MOD_NAME
28 #define	ARP_MOD_NAME	"arp"
29 #endif
30 
31 #define	ADDRBITS_V4	32	/* number of bits in IPv4 address */
32 #define	ADDRBITS_V6	128	/* number of bits in IPv6 address */
33 
34 #define	AF_FUNC_STATUS		1	/* af_status func reports status */
35 #define	AF_FUNC_CONFIGINFO	2	/* af_status func reports configinfo */
36 
37 typedef struct if_flags {
38 	uint64_t iff_value;
39 	char	*iff_name;
40 } if_flags_t;
41 
42 static if_flags_t	if_flags_tbl[] = {
43 	{ IFF_UP,		"UP" },
44 	{ IFF_BROADCAST,	"BROADCAST" },
45 	{ IFF_DEBUG,		"DEBUG" },
46 	{ IFF_LOOPBACK,		"LOOPBACK" },
47 	{ IFF_POINTOPOINT,	"POINTOPOINT" },
48 	{ IFF_NOTRAILERS,	"NOTRAILERS" },
49 	{ IFF_RUNNING,		"RUNNING" },
50 	{ IFF_NOARP,		"NOARP" },
51 	{ IFF_PROMISC,		"PROMISC" },
52 	{ IFF_ALLMULTI,		"ALLMULTI" },
53 	{ IFF_INTELLIGENT,	"INTELLIGENT" },
54 	{ IFF_MULTICAST,	"MULTICAST" },
55 	{ IFF_MULTI_BCAST,	"MULTI_BCAST" },
56 	{ IFF_UNNUMBERED,	"UNNUMBERED" },
57 	{ IFF_DHCPRUNNING,	"DHCP" },
58 	{ IFF_PRIVATE,		"PRIVATE" },
59 	{ IFF_NOXMIT,		"NOXMIT" },
60 	{ IFF_NOLOCAL,		"NOLOCAL" },
61 	{ IFF_DEPRECATED,	"DEPRECATED" },
62 	{ IFF_ADDRCONF,		"ADDRCONF" },
63 	{ IFF_ROUTER,		"ROUTER" },
64 	{ IFF_NONUD,		"NONUD" },
65 	{ IFF_ANYCAST,		"ANYCAST" },
66 	{ IFF_NORTEXCH,		"NORTEXCH" },
67 	{ IFF_IPV4,		"IPv4" },
68 	{ IFF_IPV6,		"IPv6" },
69 	{ IFF_MIPRUNNING,	"MIP" },
70 	{ IFF_NOFAILOVER,	"NOFAILOVER" },
71 	{ IFF_FAILED,		"FAILED" },
72 	{ IFF_STANDBY,		"STANDBY" },
73 	{ IFF_INACTIVE,		"INACTIVE" },
74 	{ IFF_OFFLINE,		"OFFLINE" },
75 	{ IFF_XRESOLV,		"XRESOLV" },
76 	{ IFF_COS_ENABLED,	"CoS" },
77 	{ IFF_PREFERRED,	"PREFERRED" },
78 	{ IFF_TEMPORARY,	"TEMPORARY" },
79 	{ IFF_FIXEDMTU,		"FIXEDMTU" },
80 	{ IFF_VIRTUAL,		"VIRTUAL"}
81 };
82 
83 static struct	lifreq lifr;
84 /* current interface name a praticular function is accessing */
85 static char	name[LIFNAMSIZ];
86 /* foreach interface saved name */
87 static char	origname[LIFNAMSIZ];
88 static char savedname[LIFNAMSIZ];	/* For addif */
89 static int	setaddr;
90 static char partname[LIFNAMSIZ];
91 
92 uid_t	euid;
93 
94 /*
95  * Make sure the algorithm variables hold more than the sizeof an algorithm
96  * in PF_KEY.  (For now, more than a uint8_t.)  The NO_***_?ALG indicates that
97  * there was no algorithm requested, and in the ipsec_req that service should
98  * be disabled.  (E.g. if ah_aalg remains NO_AH_AALG, then AH will be
99  * disabled on that tunnel.)
100  */
101 #define	NO_AH_AALG 256
102 #define	NO_ESP_AALG 256
103 #define	NO_ESP_EALG 256
104 
105 /*
106  * iface_t
107  * used by setifether to create a list of interfaces to mark
108  * down-up when changing the ethernet address of an interface
109  */
110 typedef struct iface {
111 	struct lifreq lifr;
112 	struct iface *next;	/* pointer to the next list element */
113 } iface_t;
114 
115 static	iface_t	*logifs = NULL; /* list of logical interfaces */
116 static 	iface_t	*phyif	= NULL;	/* physical interface */
117 
118 int	s;
119 int	af = AF_INET;	/* default address family */
120 int	debug = 0;
121 int	all = 0;	/* setifdhcp() needs to know this */
122 int	verbose = 0;
123 int	v4compat = 0;	/* Compatible printing format */
124 boolean_t	partial = _B_FALSE;
125 
126 /*
127  * Function prototypes for command functions.
128  */
129 static int	addif(char *arg, int64_t param);
130 static int	inetplumb(char *arg, int64_t param);
131 static int	inetunplumb(char *arg, int64_t param);
132 static int	removeif(char *arg, int64_t param);
133 static int	setdebugflag(char *arg, int64_t param);
134 static int	setifaddr(char *arg, int64_t param);
135 static int	setifbroadaddr(char *arg, int64_t param);
136 static int	setifdstaddr(char *arg, int64_t param);
137 static int	setifether(char *arg, int64_t param);
138 static int	setifflags(char *arg, int64_t param);
139 static int	setifindex(char *arg, int64_t param);
140 static int	setifmetric(char *arg, int64_t param);
141 static int	setifmtu(char *arg, int64_t param);
142 static int	setifnetmask(char *arg, int64_t param);
143 static int	setifprefixlen(char *arg, int64_t param);
144 static int	setifrevarp(char *arg, int64_t param);
145 static int	setifsubnet(char *arg, int64_t param);
146 static int	setiftdst(char *arg, int64_t param);
147 static int	setiftoken(char *arg, int64_t param);
148 static int	setiftsrc(char *arg, int64_t param);
149 static int	setverboseflag(char *arg, int64_t param);
150 static int	set_tun_ah_alg(char *arg, int64_t param);
151 static int	set_tun_esp_auth_alg(char *arg, int64_t param);
152 static int	set_tun_esp_encr_alg(char *arg, int64_t param);
153 static int	modlist(char *arg, int64_t param);
154 static int	modinsert(char *arg, int64_t param);
155 static int	modremove(char *arg, int64_t param);
156 static int	setifgroupname(char *arg, int64_t param);
157 static int	configinfo(char *arg, int64_t param);
158 static void	print_config_flags(uint64_t flags);
159 static void	print_flags(uint64_t flags);
160 static void	print_ifether(char *ifname);
161 static int	set_tun_encap_limit(char *arg, int64_t param);
162 static int	clr_tun_encap_limit(char *arg, int64_t param);
163 static int	set_tun_hop_limit(char *arg, int64_t param);
164 static int	setzone(char *arg, int64_t param);
165 static int	setallzones(char *arg, int64_t param);
166 static int	setifsrc(char *arg, int64_t param);
167 
168 #ifdef DEBUG
169 static int	setnd(char *arg, int64_t param);
170 static int	delnd(char *arg, int64_t param);
171 static int	getnd(char *arg, int64_t param);
172 #endif /* DEBUG */
173 
174 /*
175  * Address family specific function prototypes.
176  */
177 static void	in_getaddr(char *s, struct sockaddr *saddr, int *plenp);
178 static void	in_status(int force, uint64_t flags);
179 static void	in_configinfo(int force, uint64_t flags);
180 static void	in6_getaddr(char *s, struct sockaddr *saddr, int *plenp);
181 static void	in6_status(int force, uint64_t flags);
182 static void	in6_configinfo(int force, uint64_t flags);
183 
184 /*
185  * Misc support functions
186  */
187 static int	devfs_entry(di_node_t node, di_minor_t minor, void *arg);
188 static void	foreachinterface(void (*func)(), int argc, char *argv[],
189 		    int af, int64_t onflags, int64_t offflags,
190 		    int64_t lifc_flags);
191 static void	ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp);
192 static int	ifdad(char *ifname, struct sockaddr_in6 *laddr);
193 static boolean_t	in_getmask(struct sockaddr_in *saddr,
194 			    boolean_t addr_set);
195 static int	in_getprefixlen(char *addr, boolean_t slash, int plen);
196 static boolean_t	in_prefixlentomask(int prefixlen, int maxlen,
197 			    uchar_t *mask);
198 static int	settaddr(char *, int (*)(icfg_handle_t,
199 			    const struct sockaddr *, socklen_t));
200 static void	status(void);
201 static void	ifstatus(const char *);
202 static void	usage(void);
203 static int	strioctl(int s, int cmd, char *buf, int buflen);
204 static int	setifdhcp(const char *caller, const char *ifname,
205 		    int argc, char *argv[]);
206 static int	ip_domux2fd(int *, int *, int *, int *);
207 static int	ip_plink(int, int, int, int);
208 static int	modop(char *arg, char op);
209 static int	get_lun(char *);
210 static void	selectifs(int argc, char *argv[], int af,
211 			struct lifreq *lifrp);
212 static int	updownifs(iface_t *ifs, int up);
213 
214 #define	max(a, b)	((a) < (b) ? (b) : (a))
215 
216 /*
217  * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there
218  * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep
219  * on going rather than exit with an error.
220  */
221 
222 #define	DHCP_EXIT_IF_FAILURE	-1
223 #define	DHCP_IPC_MAX_WAIT	15	/* max seconds to wait to start agent */
224 
225 #define	NEXTARG		0xffffff	/* command takes an argument */
226 #define	OPTARG		0xfffffe 	/* command takes an optional argument */
227 #define	AF_ANY		(-1)
228 
229 /* Refer to the comments in ifconfig() on the netmask "hack" */
230 #define	NETMASK_CMD	"netmask"
231 struct sockaddr_storage	g_netmask;
232 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET }
233     g_netmask_set = G_NETMASK_NIL;
234 
235 struct	cmd {
236 	char		*c_name;
237 	int64_t		c_parameter;	/* NEXTARG means next argv */
238 	int		(*c_func)(char *, int64_t);
239 	int		c_abortonfail;	/* don't continue parsing args */
240 					/* for the current interface */
241 	int	c_af;			/* address family restrictions */
242 } cmds[] = {
243 	{ "up",		IFF_UP,		setifflags,	0,	AF_ANY },
244 	{ "down",	-IFF_UP,	setifflags,	0,	AF_ANY },
245 	{ "trailers",	-IFF_NOTRAILERS, setifflags,	0,	AF_ANY },
246 	{ "-trailers",	IFF_NOTRAILERS,	setifflags,	0,	AF_ANY },
247 	{ "arp",	-IFF_NOARP,	setifflags,	0,	AF_INET },
248 	{ "-arp",	IFF_NOARP,	setifflags,	0,	AF_INET },
249 	{ "router",	IFF_ROUTER,	setifflags,	0,	AF_ANY },
250 	{ "-router",	-IFF_ROUTER,	setifflags,	0,	AF_ANY },
251 	{ "private",	IFF_PRIVATE,	setifflags,	0,	AF_ANY },
252 	{ "-private",	-IFF_PRIVATE,	setifflags,	0,	AF_ANY },
253 	{ "xmit",	-IFF_NOXMIT,	setifflags,	0,	AF_ANY },
254 	{ "-xmit",	IFF_NOXMIT,	setifflags,	0,	AF_ANY },
255 	{ "-nud",	IFF_NONUD,	setifflags,	0,	AF_INET6 },
256 	{ "nud",	-IFF_NONUD,	setifflags,	0,	AF_INET6 },
257 	{ "anycast",	IFF_ANYCAST,	setifflags,	0,	AF_ANY },
258 	{ "-anycast",	-IFF_ANYCAST,	setifflags,	0,	AF_ANY },
259 	{ "local",	-IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
260 	{ "-local",	IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
261 	{ "deprecated",	IFF_DEPRECATED,	setifflags,	0,	AF_ANY },
262 	{ "-deprecated", -IFF_DEPRECATED, setifflags,	0,	AF_ANY },
263 	{ "preferred",	IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
264 	{ "-preferred",	-IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
265 	{ "debug",	0,		setdebugflag,	0,	AF_ANY },
266 	{ "verbose",	0,		setverboseflag,	0,	AF_ANY },
267 	{ NETMASK_CMD,	NEXTARG,	setifnetmask,	0,	AF_INET },
268 	{ "metric",	NEXTARG,	setifmetric,	0,	AF_ANY },
269 	{ "mtu",	NEXTARG,	setifmtu,	0,	AF_ANY },
270 	{ "index",	NEXTARG,	setifindex,	0,	AF_ANY },
271 	{ "broadcast",	NEXTARG,	setifbroadaddr,	0,	AF_INET },
272 	{ "auto-revarp", 0,		setifrevarp,	1,	AF_INET },
273 	{ "plumb",	0,		inetplumb,	1,	AF_ANY },
274 	{ "unplumb",	0,		inetunplumb,	0,	AF_ANY },
275 	{ "subnet",	NEXTARG,	setifsubnet,	0,	AF_ANY },
276 	{ "token",	NEXTARG,	setiftoken,	0,	AF_INET6 },
277 	{ "tsrc",	NEXTARG,	setiftsrc,	0,	AF_ANY },
278 	{ "tdst",	NEXTARG,	setiftdst,	0,	AF_ANY },
279 	{ "encr_auth_algs", NEXTARG,	set_tun_esp_auth_alg, 0, AF_ANY },
280 	{ "encr_algs",	NEXTARG,	set_tun_esp_encr_alg, 0, AF_ANY },
281 	{ "auth_algs",	NEXTARG,	set_tun_ah_alg,	0,	AF_ANY },
282 	{ "addif",	NEXTARG,	addif,		1,	AF_ANY },
283 	{ "removeif",	NEXTARG,	removeif,	1,	AF_ANY },
284 	{ "modlist",	0,		modlist,	1,	AF_ANY },
285 	{ "modinsert",	NEXTARG,	modinsert,	1,	AF_ANY },
286 	{ "modremove",	NEXTARG,	modremove,	1,	AF_ANY },
287 	{ "failover",	-IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
288 	{ "-failover",	IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
289 	{ "standby",	IFF_STANDBY,	setifflags,	1,	AF_ANY },
290 	{ "-standby",	-IFF_STANDBY,	setifflags,	1,	AF_ANY },
291 	{ "failed",	IFF_FAILED,	setifflags,	1,	AF_ANY },
292 	{ "-failed",	-IFF_FAILED,	setifflags,	1,	AF_ANY },
293 	{ "group",	NEXTARG,	setifgroupname,	1,	AF_ANY },
294 	{ "configinfo",	0,		configinfo,	1,	AF_ANY },
295 	{ "encaplimit",	NEXTARG,	set_tun_encap_limit,	0,
296 	    AF_ANY },
297 	{ "-encaplimit", 0,		clr_tun_encap_limit,	0,
298 	    AF_ANY },
299 	{ "thoplimit",	NEXTARG,	set_tun_hop_limit,	0,
300 	    AF_ANY },
301 #ifdef DEBUG
302 	{ "getnd",	NEXTARG,	getnd,		0,	AF_INET6 },
303 	{ "setnd",	NEXTARG,	setnd,		0,	AF_INET6 },
304 	{ "delnd",	NEXTARG,	delnd,		0,	AF_INET6 },
305 #endif
306 /* XXX for testing SIOCT* ioctls. Remove */
307 	{ "set",	NEXTARG,	setifaddr,	0,	AF_ANY },
308 	{ "destination", NEXTARG,	setifdstaddr,	0,	AF_ANY },
309 	{ "zone",	NEXTARG,	setzone,	0,	AF_ANY },
310 	{ "-zone",	0,		setzone,	0,	AF_ANY },
311 	{ "all-zones",	0,		setallzones,	0,	AF_ANY },
312 	{ "ether",	OPTARG,		setifether,	0,	AF_ANY },
313 	{ "usesrc",	NEXTARG,	setifsrc,	0,	AF_ANY },
314 	{ 0,		0,		setifaddr,	0,	AF_ANY },
315 	{ 0,		0,		setifdstaddr,	0,	AF_ANY },
316 	{ 0,		0,		0,		0,	0 },
317 };
318 
319 
320 typedef struct if_config_cmd {
321 	uint64_t	iff_flag;
322 	char		*iff_name;
323 } if_config_cmd_t;
324 
325 static if_config_cmd_t	if_config_cmd_tbl[] = {
326 	{ IFF_UP,		"up" },
327 	{ IFF_NOTRAILERS,	"-trailers" },
328 	{ IFF_PRIVATE,		"private" },
329 	{ IFF_NOXMIT,		"-xmit" },
330 	{ IFF_ANYCAST,		"anycast" },
331 	{ IFF_NOLOCAL,		"-local" },
332 	{ IFF_DEPRECATED,	"deprecated" },
333 	{ IFF_NOFAILOVER,	"-failover" },
334 	{ IFF_STANDBY,		"standby" },
335 	{ IFF_FAILED,		"failed" },
336 	{ IFF_PREFERRED,	"preferred" },
337 	{ 0,			0 },
338 };
339 
340 typedef struct ni {
341 	char		ni_name[LIFNAMSIZ];
342 	struct ni	*ni_next;
343 } ni_t;
344 
345 static ni_t	*ni_list = NULL;
346 static int	num_ni = 0;
347 
348 /* End defines and structure definitions for ifconfig -a plumb */
349 
350 /* Known address families */
351 struct afswtch {
352 	char *af_name;
353 	short af_af;
354 	void (*af_status)();
355 	void (*af_getaddr)();
356 	void (*af_configinfo)();
357 } afs[] = {
358 	{ "inet", AF_INET, in_status, in_getaddr, in_configinfo },
359 	{ "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo },
360 	{ 0, 0,	0, 0, 0 }
361 };
362 
363 #define	SOCKET_AF(af)	(((af) == AF_UNSPEC) ? AF_INET : (af))
364 
365 struct afswtch *afp;	/* the address family being set or asked about */
366 
367 int
368 main(int argc, char *argv[])
369 {
370 	/* Include IFF_NOXMIT, IFF_TEMPORARY and all zone interfaces */
371 	int64_t lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES;
372 	char *default_ip_str;
373 
374 	if (argc < 2) {
375 		usage();
376 		exit(1);
377 	}
378 	argc--, argv++;
379 	if (strlen(*argv) > sizeof (name) - 1) {
380 		(void) fprintf(stderr, "%s: interface name too long\n", *argv);
381 		exit(1);
382 	}
383 	(void) strncpy(name, *argv, sizeof (name));
384 	name[sizeof (name) - 1] = '\0';
385 	(void) strncpy(origname, name, sizeof (origname));	/* For addif */
386 	euid = geteuid();
387 	default_ip_str = NULL;
388 	v4compat = get_compat_flag(&default_ip_str);
389 	if (v4compat == DEFAULT_PROT_BAD_VALUE) {
390 		(void) fprintf(stderr,
391 		    "ifconfig: %s: Bad value for %s in %s\n", default_ip_str,
392 		    DEFAULT_IP, INET_DEFAULT_FILE);
393 		free(default_ip_str);
394 		exit(2);
395 	}
396 	free(default_ip_str);
397 	argc--, argv++;
398 	if (argc > 0) {
399 		struct afswtch *myafp;
400 
401 		for (myafp = afp = afs; myafp->af_name; myafp++) {
402 			if (strcmp(myafp->af_name, *argv) == 0) {
403 				afp = myafp; argc--; argv++;
404 				break;
405 			}
406 		}
407 		af = lifr.lifr_addr.ss_family = afp->af_af;
408 		if (af == AF_INET6) {
409 			v4compat = 0;
410 		}
411 	}
412 
413 	s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
414 	if (s < 0) {
415 		Perror0_exit("socket");
416 	}
417 
418 	/*
419 	 * Special interface names is any combination of these flags.
420 	 * Note that due to the ifconfig syntax they have to be combined
421 	 * as a single '-' option.
422 	 *	-a	All interfaces
423 	 *	-u	"up" interfaces
424 	 *	-d	"down" interfaces
425 	 *	-D	Interfaces not controlled by DHCP
426 	 *	-4	IPv4 interfaces
427 	 *	-6	IPv6 interfaces
428 	 *	-X	Turn on debug (not documented)
429 	 *	-v	Turn on verbose
430 	 *	-Z	Only interfaces in caller's zone
431 	 */
432 
433 	if (name[0] == '-') {
434 		/* One or more options */
435 		int64_t onflags = 0;
436 		int64_t offflags = 0;
437 		int c;
438 		char *av[2] = { "ifconfig", name };
439 
440 		while ((c = getopt(2, av, "audDXZ46v")) != -1) {
441 			switch ((char)c) {
442 			case 'a':
443 				all = 1;
444 				break;
445 			case 'u':
446 				onflags |= IFF_UP;
447 				break;
448 			case 'd':
449 				offflags |= IFF_UP;
450 				break;
451 			case 'D':
452 				offflags |= IFF_DHCPRUNNING;
453 				break;
454 			case 'X':
455 				debug += 3;
456 				break;
457 			case 'Z':
458 				lifc_flags &= ~LIFC_ALLZONES;
459 				break;
460 			case '4':
461 				/*
462 				 * -4 is not a compatable flag, therefore
463 				 * we assume they want v4compat turned off
464 				 */
465 				v4compat = 0;
466 				onflags |= IFF_IPV4;
467 				break;
468 			case '6':
469 				/*
470 				 * If they want IPv6, well then we'll assume
471 				 * they don't want IPv4 compat
472 				 */
473 				v4compat = 0;
474 				onflags |= IFF_IPV6;
475 				break;
476 			case 'v':
477 				verbose = 1;
478 				break;
479 			case '?':
480 				usage();
481 				exit(1);
482 			}
483 		}
484 		if (!all) {
485 			(void) fprintf(stderr,
486 			    "ifconfig: %s: no such interface\n",
487 			    name);
488 			exit(1);
489 		}
490 		foreachinterface(ifconfig, argc, argv, af, onflags, offflags,
491 		    lifc_flags);
492 	} else {
493 		ifconfig(argc, argv, af, (struct lifreq *)NULL);
494 	}
495 	return (0);
496 }
497 
498 /*
499  * For each interface, call (*func)(argc, argv, af, lifrp).
500  * Only call function if onflags and offflags are set or clear, respectively,
501  * in the interfaces flags field.
502  */
503 static void
504 foreachinterface(void (*func)(), int argc, char *argv[], int af,
505     int64_t onflags, int64_t offflags, int64_t lifc_flags)
506 {
507 	int n;
508 	char *buf;
509 	struct lifnum lifn;
510 	struct lifconf lifc;
511 	struct lifreq *lifrp;
512 	struct lifreq lifrl;	/* Local lifreq struct */
513 	int numifs;
514 	unsigned bufsize;
515 	ni_t *nip;
516 	int plumball = 0;
517 	int save_af = af;
518 
519 	/*
520 	 * Special case:
521 	 * ifconfig -a plumb should find all network interfaces
522 	 * in the machine by traversing the devinfo tree.
523 	 * Also, there is no need to  SIOCGLIF* ioctls, since
524 	 * those interfaces have already been plumbed
525 	 */
526 	if (argc > 0 && (strcmp(*argv, "plumb") == 0)) {
527 		/*
528 		 * Look through the kernel's devinfo tree for
529 		 * network devices
530 		 */
531 		di_node_t root;
532 
533 		/*
534 		 * DINFOCACHE is equivalent to DINFOSUBTREE | DINFOMINOR |
535 		 * DINFOPROP | DINFOFORCE.
536 		 */
537 		if ((root = di_init("/", DINFOCACHE)) == DI_NODE_NIL) {
538 			(void) fprintf(stderr, "ifconfig: di_init failed;"
539 			    " check the devinfo driver.\n");
540 			exit(1);
541 		}
542 
543 		(void) di_walk_minor(root, DDI_NT_NET, DI_CHECK_ALIAS, NULL,
544 		    devfs_entry);
545 		di_fini(root);
546 
547 		/*
548 		 * Now, translate the linked list into
549 		 * a struct lifreq buffer
550 		 */
551 		bufsize = num_ni * sizeof (struct lifreq);
552 		if ((buf = malloc(bufsize)) == NULL)
553 			Perror0_exit("foreachinterface: malloc failed");
554 
555 		lifc.lifc_family = AF_UNSPEC;
556 		lifc.lifc_flags = lifc_flags;
557 		lifc.lifc_len = bufsize;
558 		lifc.lifc_buf = buf;
559 
560 		for (n = 0, lifrp = lifc.lifc_req; n < num_ni; n++, lifrp++) {
561 			nip = ni_list;
562 			(void) strncpy(lifrp->lifr_name, nip->ni_name,
563 			    sizeof (lifr.lifr_name));
564 			ni_list = nip->ni_next;
565 			free(nip);
566 		}
567 
568 		plumball = 1;
569 	} else {
570 		lifn.lifn_family = AF_UNSPEC;
571 		lifn.lifn_flags = lifc_flags;
572 		if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) {
573 			Perror0_exit("Could not determine number"
574 			    " of interfaces");
575 		}
576 		numifs = lifn.lifn_count;
577 		if (debug)
578 			(void) printf("ifconfig: %d interfaces\n",  numifs);
579 
580 		bufsize = numifs * sizeof (struct lifreq);
581 		if ((buf = malloc(bufsize)) == NULL) {
582 			Perror0("out of memory\n");
583 			(void) close(s);
584 			return;
585 		}
586 
587 		lifc.lifc_family = AF_UNSPEC;
588 		lifc.lifc_flags = lifc_flags;
589 		lifc.lifc_len = bufsize;
590 		lifc.lifc_buf = buf;
591 
592 		if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) {
593 			Perror0("SIOCGLIFCONF");
594 			(void) close(s);
595 			free(buf);
596 			return;
597 		}
598 	}
599 
600 	lifrp = lifc.lifc_req;
601 	for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) {
602 
603 		if (!plumball) {
604 			/*
605 			 * We must close and recreate the socket each time
606 			 * since we don't know what type of socket it is now
607 			 * (each status function may change it).
608 			 */
609 
610 			(void) close(s);
611 
612 			af = lifrp->lifr_addr.ss_family;
613 			s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
614 			if (s == -1) {
615 				/*
616 				 * Perror0() assumes the name to be in the
617 				 * globally defined lifreq structure.
618 				 */
619 				(void) strncpy(lifr.lifr_name,
620 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
621 				Perror0_exit("socket");
622 			}
623 		}
624 
625 		/*
626 		 * Only service interfaces that match the on and off
627 		 * flags masks.
628 		 */
629 		if (onflags || offflags) {
630 			(void) memset(&lifrl, 0, sizeof (lifrl));
631 			(void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
632 				sizeof (lifrl.lifr_name));
633 			if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrl) < 0) {
634 				/*
635 				 * Perror0() assumes the name to be in the
636 				 * globally defined lifreq structure.
637 				 */
638 				(void) strncpy(lifr.lifr_name,
639 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
640 				Perror0_exit("foreachinterface: SIOCGLIFFLAGS");
641 			}
642 			if ((lifrl.lifr_flags & onflags) != onflags)
643 				continue;
644 			if ((~lifrl.lifr_flags & offflags) != offflags)
645 				continue;
646 		}
647 
648 		if (!plumball) {
649 			(void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
650 			    sizeof (lifrl.lifr_name));
651 			if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifrl) < 0) {
652 				/*
653 				 * Perror0() assumes the name to be in the
654 				 * globally defined lifreq structure.
655 				 */
656 				(void) strncpy(lifr.lifr_name,
657 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
658 				Perror0("foreachinterface: SIOCGLIFADDR");
659 				continue;
660 			}
661 			if (lifrl.lifr_addr.ss_family != af) {
662 				/* Switch address family */
663 				af = lifrl.lifr_addr.ss_family;
664 				(void) close(s);
665 
666 				s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
667 				if (s == -1) {
668 					/*
669 					 * Perror0() assumes the name to be in
670 					 * the globally defined lifreq
671 					 * structure.
672 					 */
673 					(void) strncpy(lifr.lifr_name,
674 					    lifrp->lifr_name,
675 					    sizeof (lifr.lifr_name));
676 					Perror0_exit("socket");
677 				}
678 			}
679 		}
680 
681 		/*
682 		 * Reset global state
683 		 * setaddr: Used by parser to tear apart source and dest
684 		 * name and origname contain the name of the 'current'
685 		 * interface.
686 		 */
687 		setaddr = 0;
688 		(void) strncpy(name, lifrp->lifr_name, sizeof (name));
689 		(void) strncpy(origname, name, sizeof (origname));
690 
691 		if (partial) {
692 			if (debug)
693 				(void) fprintf(stderr,
694 				    "checking partial %s against %s\n",
695 				    partname, name);
696 			if (strncmp(name, partname, strlen(partname)))
697 				continue;
698 		}
699 		(*func)(argc, argv, save_af, lifrp);
700 		/* the func could have overwritten origname, so restore */
701 		(void) strncpy(name, origname, sizeof (name));
702 	}
703 	free(buf);
704 }
705 
706 static void
707 tun_reality_check(void)
708 {
709 	struct iftun_req treq;
710 	ipsec_req_t *ipsr;
711 
712 	(void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name));
713 	if (strchr(name, ':') != NULL) {
714 		/* Return, we don't need to check. */
715 		return;
716 	}
717 	if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0 ||
718 	    (treq.ifta_flags & IFTUN_SECURITY) == 0) {
719 		/*
720 		 * Either not a tunnel (the SIOCGTUNPARAM fails on
721 		 * non-tunnels), or the security flag is not set.  Either
722 		 * way, return.
723 		 */
724 		return;
725 	}
726 
727 	ipsr = (ipsec_req_t *)&treq.ifta_secinfo;
728 
729 	if (ipsr->ipsr_esp_req != 0 &&
730 	    ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE &&
731 	    ipsr->ipsr_ah_req == 0)
732 		(void) fprintf(stderr, "ifconfig: WARNING - tunnel with "
733 		    "only ESP and potentially no authentication.\n");
734 }
735 
736 /*
737  * for the specified interface call (*func)(argc, argv, af, lifrp).
738  */
739 
740 static void
741 ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp)
742 {
743 	static boolean_t scan_netmask = _B_FALSE;
744 	int ret;
745 
746 	if (argc == 0) {
747 		status();
748 		return;
749 	}
750 
751 	if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) {
752 		if (af == AF_INET) {
753 
754 			/*
755 			 * some errors are ignored in the case where
756 			 * more than one interface is being operated on.
757 			 */
758 			ret = setifdhcp("ifconfig", name, argc, argv);
759 			if (ret == DHCP_EXIT_IF_FAILURE) {
760 				if (!all)
761 					exit(DHCP_EXIT_FAILURE);
762 			} else if (ret != DHCP_EXIT_SUCCESS)
763 				exit(ret);
764 		} else
765 			(void) fprintf(stderr, "ifconfig: dhcp not supported "
766 			    "for inet6\n");
767 		return;
768 	}
769 
770 	/*
771 	 * The following is a "hack" to get around the existing interface
772 	 * setting mechanism.  Currently, each interface attribute,
773 	 * such as address, netmask, broadcast, ... is set separately.  But
774 	 * sometimes two or more attributes must be set together.  For
775 	 * example, setting an address without a netmask does not make sense.
776 	 * Yet they can be set separately for IPv4 address using the current
777 	 * ifconfig(1M) syntax.  The kernel then "infers" the correct netmask
778 	 * using the deprecated "IP address classes."  This is simply not
779 	 * correct.
780 	 *
781 	 * The "hack" below is to go thru the whole command list looking for
782 	 * the netmask command first.  Then use this netmask to set the
783 	 * address.  This does not provide an extensible way to accommodate
784 	 * future need for setting more than one attributes together.
785 	 *
786 	 * Note that if the "netmask" command argument is a "+", we need
787 	 * to save this info and do the query after we know the address to
788 	 * be set.  The reason is that if "addif" is used, the working
789 	 * interface name will be changed later when the logical interface
790 	 * is created.  In in_getmask(), if an address is not provided,
791 	 * it will use the working interface's address to do the query.
792 	 * It will be wrong now as we don't know the logical interface's name.
793 	 *
794 	 * ifconfig(1M) is too overloaded and the code is so convoluted
795 	 * that it is "safer" not to re-architect the code to fix the above
796 	 * issue, hence this "hack."  We may be better off to have a new
797 	 * command with better syntax for configuring network interface
798 	 * parameters...
799 	 */
800 	if (!scan_netmask && afp->af_af == AF_INET) {
801 		int	largc;
802 		char	**largv;
803 
804 		/* Only go thru the command list once to find the netmask. */
805 		scan_netmask = _B_TRUE;
806 
807 		/*
808 		 * Currently, if multiple netmask commands are specified, the
809 		 * last one will be used as the final netmask.  So we need
810 		 * to scan the whole list to preserve this behavior.
811 		 */
812 		for (largc = argc, largv = argv; largc > 0; largc--, largv++) {
813 			if (strcmp(*largv, NETMASK_CMD) == 0) {
814 				if (--largc == 0)
815 					break;
816 				largv++;
817 				if (strcmp(*largv, "+") == 0) {
818 					g_netmask_set = G_NETMASK_PENDING;
819 				} else {
820 					in_getaddr(*largv, (struct sockaddr *)
821 					    &g_netmask, NULL);
822 					g_netmask_set = G_NETMASK_SET;
823 				}
824 				/* Continue the scan. */
825 			}
826 		}
827 	}
828 
829 	while (argc > 0) {
830 		struct cmd *p;
831 		boolean_t found_cmd;
832 
833 		if (debug)
834 			(void) printf("ifconfig: argv %s\n", *argv);
835 
836 		found_cmd = _B_FALSE;
837 		for (p = cmds; p->c_func; p++) {
838 			if (p->c_name) {
839 				if (strcmp(*argv, p->c_name) == 0) {
840 					/*
841 					 * indicate that the command was
842 					 * found and check to see if
843 					 * the address family is valid
844 					 */
845 					found_cmd = _B_TRUE;
846 					if (p->c_af == AF_ANY ||
847 					    af == p->c_af)
848 						break;
849 				}
850 			} else {
851 				if (p->c_af == AF_ANY ||
852 				    af == p->c_af)
853 					break;
854 			}
855 		}
856 		/*
857 		 * If we found the keyword, but the address family
858 		 * did not match spit out an error
859 		 */
860 		if (found_cmd && p->c_name == 0) {
861 			(void) fprintf(stderr, "ifconfig: Operation %s not"
862 			    " supported for %s\n", *argv, afp->af_name);
863 			exit(1);
864 		}
865 		/*
866 		 * else (no keyword found), we assume it's an address
867 		 * of some sort
868 		 */
869 		if (p->c_name == 0 && setaddr)
870 			p++;	/* got src, do dst */
871 		if (p->c_func) {
872 			if (p->c_af == AF_INET6) {
873 				v4compat = 0;
874 			}
875 			if (p->c_parameter == NEXTARG ||
876 			    p->c_parameter == OPTARG) {
877 				argc--, argv++;
878 				if (argc == 0 && p->c_parameter == NEXTARG) {
879 					(void) fprintf(stderr,
880 					    "ifconfig: no argument for %s\n",
881 					    p->c_name);
882 					exit(1);
883 				}
884 			}
885 			/*
886 			 *	Call the function if:
887 			 *
888 			 *		there's no address family
889 			 *		restriction
890 			 *	OR
891 			 *		we don't know the address yet
892 			 *		(because we were called from
893 			 *		main)
894 			 *	OR
895 			 *		there is a restriction AND
896 			 *		the address families match
897 			 */
898 			if ((p->c_af == AF_ANY)	||
899 			    (lifrp == (struct lifreq *)NULL) ||
900 			    (lifrp->lifr_addr.ss_family == p->c_af)) {
901 				ret = (*p->c_func)(*argv, p->c_parameter);
902 				/*
903 				 *	If c_func failed and we should
904 				 *	abort processing for this
905 				 *	interface on failure, return
906 				 *	now rather than going on to
907 				 *	process other commands for
908 				 *	the same interface.
909 				 */
910 				if (ret != 0 && p->c_abortonfail)
911 					return;
912 			}
913 		}
914 		argc--, argv++;
915 	}
916 
917 	/* Check to see if there's a security hole in the tunnel setup. */
918 	tun_reality_check();
919 }
920 
921 /* ARGSUSED */
922 static int
923 setdebugflag(char *val, int64_t arg)
924 {
925 	debug++;
926 	return (0);
927 }
928 
929 /* ARGSUSED */
930 static int
931 setverboseflag(char *val, int64_t arg)
932 {
933 	verbose++;
934 	return (0);
935 }
936 
937 /*
938  * This function fills in the given lifreq's lifr_addr field based on
939  * g_netmask_set.
940  */
941 static void
942 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr,
943     struct sockaddr_storage *mask)
944 {
945 	assert(addr != NULL);
946 	assert(mask != NULL);
947 
948 	switch (g_netmask_set) {
949 	case G_NETMASK_SET:
950 		lifr->lifr_addr = g_netmask;
951 		break;
952 
953 	case G_NETMASK_PENDING:
954 		/*
955 		 * "+" is used as the argument to "netmask" command.  Query
956 		 * the database on the correct netmask based on the address to
957 		 * be set.
958 		 */
959 		assert(afp->af_af == AF_INET);
960 		g_netmask = *addr;
961 		if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) {
962 			lifr->lifr_addr = *mask;
963 			g_netmask_set = G_NETMASK_NIL;
964 		} else {
965 			lifr->lifr_addr = g_netmask;
966 			g_netmask_set = G_NETMASK_SET;
967 		}
968 		break;
969 
970 	case G_NETMASK_NIL:
971 	default:
972 		lifr->lifr_addr = *mask;
973 		break;
974 	}
975 }
976 
977 /*
978  * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n>
979  * syntax for setting the address, the address plus netmask, and just
980  * the netmask respectively.
981  */
982 /* ARGSUSED */
983 static int
984 setifaddr(char *addr, int64_t param)
985 {
986 	int prefixlen = 0;
987 	struct	sockaddr_storage laddr;
988 	struct	sockaddr_storage netmask;
989 	struct	sockaddr_in6 *sin6;
990 	struct	sockaddr_in *sin;
991 	struct	sockaddr_storage sav_netmask;
992 
993 	if (addr[0] == '/')
994 		return (setifprefixlen(addr, 0));
995 
996 	(*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen);
997 
998 	(void) memset(&netmask, 0, sizeof (netmask));
999 	netmask.ss_family = afp->af_af;
1000 	switch (prefixlen) {
1001 	case NO_PREFIX:
1002 		/* Nothing there - ok */
1003 		break;
1004 	case BAD_ADDR:
1005 		(void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n",
1006 		    addr);
1007 		exit(1);
1008 	default:
1009 		if (afp->af_af == AF_INET6) {
1010 			sin6 = (struct sockaddr_in6 *)&netmask;
1011 			if (!in_prefixlentomask(prefixlen, ADDRBITS_V6,
1012 			    (uchar_t *)&sin6->sin6_addr)) {
1013 				(void) fprintf(stderr, "ifconfig: "
1014 				    "Bad prefix length: %d\n",
1015 				    prefixlen);
1016 				exit(1);
1017 			}
1018 		} else {
1019 			sin = (struct sockaddr_in *)&netmask;
1020 			if (!in_prefixlentomask(prefixlen, ADDRBITS_V4,
1021 			    (uchar_t *)&sin->sin_addr)) {
1022 				(void) fprintf(stderr, "ifconfig: "
1023 				    "Bad prefix length: %d\n",
1024 				    prefixlen);
1025 				exit(1);
1026 			}
1027 		}
1028 		/*
1029 		 * Just in case of funny setting of both prefix and netmask,
1030 		 * prefix should override the netmask command.
1031 		 */
1032 		g_netmask_set = G_NETMASK_NIL;
1033 		break;
1034 	}
1035 	/* Tell parser that an address was set */
1036 	setaddr++;
1037 	/* save copy of netmask to restore in case of error */
1038 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1039 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0)
1040 		Perror0_exit("SIOCGLIFNETMASK");
1041 	sav_netmask = lifr.lifr_addr;
1042 
1043 	/*
1044 	 * Catch set of address for AF_INET6 to perform
1045 	 * duplicate address detection. Check that the interface is
1046 	 * up.
1047 	 */
1048 	if (afp->af_af == AF_INET6) {
1049 		if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
1050 			Perror0_exit("ifsetaddr: SIOCGLIFFLAGS");
1051 		}
1052 		if (lifr.lifr_flags & IFF_UP) {
1053 			if (debug)
1054 				(void) printf(
1055 				    "setifaddr: Calling ifdad flags %llx\n",
1056 				    lifr.lifr_flags);
1057 			if (ifdad(name, (struct sockaddr_in6 *)&laddr) == -1)
1058 				exit(3);
1059 		}
1060 	}
1061 
1062 	/*
1063 	 * If setting the address and not the mask, clear any existing mask
1064 	 * and the kernel will then assign the default (netmask has been set
1065 	 * to 0 in this case).  If setting both (either by using a prefix or
1066 	 * using the netmask command), set the mask first, so the address will
1067 	 * be interpreted correctly.
1068 	 */
1069 	set_mask_lifreq(&lifr, &laddr, &netmask);
1070 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1071 		Perror0_exit("SIOCSLIFNETMASK");
1072 
1073 	if (debug) {
1074 		char abuf[INET6_ADDRSTRLEN];
1075 		void *addr = (afp->af_af == AF_INET) ?
1076 		    (void *)&((struct sockaddr_in *)&laddr)->sin_addr :
1077 		    (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr;
1078 
1079 		(void) printf("Setting %s af %d addr %s\n",
1080 		    lifr.lifr_name, afp->af_af,
1081 		    inet_ntop(afp->af_af, addr, abuf, sizeof (abuf)));
1082 	}
1083 	lifr.lifr_addr = laddr;
1084 	lifr.lifr_addr.ss_family = afp->af_af;
1085 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) {
1086 		/*
1087 		 * Restore the netmask
1088 		 */
1089 		int saverr = errno;
1090 
1091 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1092 		lifr.lifr_addr = sav_netmask;
1093 		(void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr);
1094 		errno = saverr;
1095 		Perror0_exit("SIOCSLIFADDR");
1096 	}
1097 
1098 	return (0);
1099 }
1100 
1101 /*
1102  * The following functions are stolen from the ipseckey(1m) program.
1103  * Perhaps they should be somewhere common, but for now, we just maintain
1104  * two versions.  We do this because of the different semantics for which
1105  * algorithms we select ("requested" for ifconfig vs. "actual" for key).
1106  */
1107 
1108 static ulong_t
1109 parsenum(char *num)
1110 {
1111 	ulong_t rc;
1112 	char *end = NULL;
1113 
1114 	errno = 0;
1115 	rc = strtoul(num, &end, 0);
1116 	if (errno != 0 || end == num || *end != '\0') {
1117 		rc = (ulong_t)-1;
1118 	}
1119 
1120 	return (rc);
1121 }
1122 
1123 /*
1124  * Parse and reverse parse possible algorithm values, include numbers.
1125  * Mostly stolen from ipseckey.c. See the comments above parsenum() for why
1126  * this isn't common to ipseckey.c.
1127  *
1128  * NOTE: Static buffer in this function for the return value.  Since ifconfig
1129  *	 isn't multithreaded, this isn't a huge problem.
1130  */
1131 
1132 #define	NBUF_SIZE 20	/* Enough to print a large integer. */
1133 
1134 static char *
1135 rparsealg(uint8_t alg_value, int proto_num)
1136 {
1137 	struct ipsecalgent *alg;
1138 	static char numprint[128];	/* Enough to hold an algorithm name. */
1139 
1140 	/* Special-case 0 to return "<any-none>" */
1141 	if (alg_value == 0)
1142 		return ("<any-none>");
1143 
1144 	alg = getipsecalgbynum(alg_value, proto_num, NULL);
1145 	if (alg != NULL) {
1146 		(void) strlcpy(numprint, alg->a_names[0], sizeof (numprint));
1147 		freeipsecalgent(alg);
1148 	} else {
1149 		(void) snprintf(numprint, sizeof (numprint), "%d", alg_value);
1150 	}
1151 
1152 	return (numprint);
1153 }
1154 
1155 static uint_t
1156 parsealg(char *algname, int proto_num)
1157 {
1158 	struct ipsecalgent *alg;
1159 	ulong_t invalue;
1160 
1161 	if (algname == NULL) {
1162 		(void) fprintf(stderr, "ifconfig: Unexpected end of command "
1163 		    "line.\n");
1164 		exit(1);
1165 	}
1166 
1167 	/*
1168 	 * Special-case "none". Use strcasecmp because its length is
1169 	 * bound.
1170 	 */
1171 	if (strcasecmp("none", algname) == 0) {
1172 		return ((proto_num == IPSEC_PROTO_ESP) ?
1173 		    NO_ESP_EALG : NO_ESP_AALG);
1174 	}
1175 
1176 	alg = getipsecalgbyname(algname, proto_num, NULL);
1177 	if (alg != NULL) {
1178 		invalue = alg->a_alg_num;
1179 		freeipsecalgent(alg);
1180 		return ((uint_t)invalue);
1181 	}
1182 
1183 	/*
1184 	 * Since algorithms can be loaded during kernel run-time, check for
1185 	 * numeric algorithm values too.
1186 	 */
1187 	invalue = parsenum(algname);
1188 	if ((invalue & (ulong_t)0xff) == invalue)
1189 		return ((uint_t)invalue);
1190 
1191 	(void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n",
1192 	    (proto_num == IPSEC_PROTO_ESP) ?
1193 	    "Encryption" : "Authentication", algname);
1194 	exit(1);
1195 	/* NOTREACHED */
1196 }
1197 
1198 /*
1199  * Actual ifconfig functions to set tunnel security properties.
1200  */
1201 
1202 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG };
1203 
1204 boolean_t first_set_tun = _B_TRUE;
1205 boolean_t encr_alg_set = _B_FALSE;
1206 
1207 static int
1208 set_tun_algs(int which_alg, int alg)
1209 {
1210 	struct iftun_req treq;
1211 	ipsec_req_t *ipsr;
1212 
1213 	(void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name));
1214 	if (strchr(name, ':') != NULL) {
1215 		errno = EPERM;
1216 		Perror0_exit("Tunnel params on logical interfaces");
1217 	}
1218 	if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0) {
1219 		if (errno == EOPNOTSUPP || errno == EINVAL)
1220 			Perror0_exit("Not a tunnel");
1221 		else Perror0_exit("SIOCGTUNPARAM");
1222 	}
1223 
1224 	ipsr = (ipsec_req_t *)&treq.ifta_secinfo;
1225 
1226 	if (treq.ifta_vers != IFTUN_VERSION) {
1227 		(void) fprintf(stderr,
1228 		    "Kernel tunnel secinfo version mismatch.\n");
1229 		exit(1);
1230 	}
1231 
1232 	/*
1233 	 * If I'm just starting off this ifconfig, I want a clean slate,
1234 	 * otherwise, I've captured the current tunnel security settings.
1235 	 * In the case of continuation, I merely add to the settings.
1236 	 */
1237 	if (first_set_tun) {
1238 		first_set_tun = _B_FALSE;
1239 		(void) memset(ipsr, 0, sizeof (*ipsr));
1240 	}
1241 
1242 	treq.ifta_flags = IFTUN_SECURITY;
1243 
1244 	switch (which_alg) {
1245 	case ESP_ENCR_ALG:
1246 		if (alg == NO_ESP_EALG) {
1247 			if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE)
1248 				ipsr->ipsr_esp_req = 0;
1249 			ipsr->ipsr_esp_alg = SADB_EALG_NONE;
1250 		} else {
1251 			encr_alg_set = _B_TRUE;
1252 			ipsr->ipsr_esp_req =
1253 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1254 			ipsr->ipsr_esp_alg = alg;
1255 		}
1256 		break;
1257 	case ESP_AUTH_ALG:
1258 		if (alg == NO_ESP_AALG) {
1259 			if (ipsr->ipsr_esp_alg == SADB_EALG_NONE ||
1260 			    ipsr->ipsr_esp_alg == SADB_EALG_NULL)
1261 				ipsr->ipsr_esp_req = 0;
1262 			ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE;
1263 		} else {
1264 			ipsr->ipsr_esp_req =
1265 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1266 			ipsr->ipsr_esp_auth_alg = alg;
1267 
1268 			/* Let the user specify NULL encryption implicitly. */
1269 			if (ipsr->ipsr_esp_alg == SADB_EALG_NONE &&
1270 			    !encr_alg_set)
1271 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1272 		}
1273 		break;
1274 	case AH_AUTH_ALG:
1275 		if (alg == NO_AH_AALG) {
1276 			ipsr->ipsr_ah_req = 0;
1277 			ipsr->ipsr_auth_alg = SADB_AALG_NONE;
1278 		} else {
1279 			ipsr->ipsr_ah_req =
1280 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1281 			ipsr->ipsr_auth_alg = alg;
1282 		}
1283 		break;
1284 		/* Will never hit DEFAULT */
1285 	}
1286 
1287 	if (ioctl(s, SIOCSTUNPARAM, (caddr_t)&treq) < 0) {
1288 		Perror2_exit("set tunnel security properties",
1289 		    treq.ifta_lifr_name);
1290 	}
1291 
1292 	return (0);
1293 }
1294 
1295 /* ARGSUSED */
1296 static int
1297 set_tun_esp_encr_alg(char *addr, int64_t param)
1298 {
1299 	return (set_tun_algs(ESP_ENCR_ALG,
1300 		    parsealg(addr, IPSEC_PROTO_ESP)));
1301 }
1302 
1303 /* ARGSUSED */
1304 static int
1305 set_tun_esp_auth_alg(char *addr, int64_t param)
1306 {
1307 	return (set_tun_algs(ESP_AUTH_ALG,
1308 		    parsealg(addr, IPSEC_PROTO_AH)));
1309 }
1310 
1311 /* ARGSUSED */
1312 static int
1313 set_tun_ah_alg(char *addr, int64_t param)
1314 {
1315 	return (set_tun_algs(AH_AUTH_ALG,
1316 		    parsealg(addr, IPSEC_PROTO_AH)));
1317 }
1318 
1319 /* ARGSUSED */
1320 static int
1321 setifrevarp(char *arg, int64_t param)
1322 {
1323 	struct sockaddr_in	laddr;
1324 
1325 	if (afp->af_af == AF_INET6) {
1326 		(void) fprintf(stderr,
1327 		    "ifconfig: revarp not possible on IPv6 interface %s\n",
1328 		    name);
1329 		exit(1);
1330 	}
1331 	if (doifrevarp(name, &laddr)) {
1332 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1333 		laddr.sin_family = AF_INET;
1334 		(void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr));
1335 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1336 			Perror0_exit("SIOCSLIFADDR");
1337 	}
1338 	return (0);
1339 }
1340 
1341 /* ARGSUSED */
1342 static int
1343 setifsubnet(char *addr, int64_t param)
1344 {
1345 	int prefixlen = 0;
1346 	struct	sockaddr_storage subnet;
1347 
1348 	(*afp->af_getaddr)(addr, &subnet, &prefixlen);
1349 
1350 	switch (prefixlen) {
1351 	case NO_PREFIX:
1352 		(void) fprintf(stderr,
1353 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
1354 		exit(1);
1355 		/* NOTREACHED */
1356 	case BAD_ADDR:
1357 		(void) fprintf(stderr,
1358 		    "ifconfig: Bad prefix length in %s\n", addr);
1359 		exit(1);
1360 	default:
1361 		break;
1362 	}
1363 
1364 	lifr.lifr_addr = subnet;
1365 	lifr.lifr_addrlen = prefixlen;
1366 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1367 	if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0)
1368 		Perror0_exit("SIOCSLIFSUBNET");
1369 
1370 	return (0);
1371 }
1372 
1373 /* ARGSUSED */
1374 static int
1375 setifnetmask(char *addr, int64_t param)
1376 {
1377 	struct sockaddr_in netmask;
1378 
1379 	assert(afp->af_af != AF_INET6);
1380 
1381 	if (strcmp(addr, "+") == 0) {
1382 		if (!in_getmask(&netmask, _B_FALSE))
1383 			return (0);
1384 		(void) printf("Setting netmask of %s to %s\n", name,
1385 		    inet_ntoa(netmask.sin_addr));
1386 	} else {
1387 		in_getaddr(addr, (struct sockaddr *)&netmask, NULL);
1388 	}
1389 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1390 	(void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask));
1391 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1392 		Perror0_exit("SIOCSLIFNETMASK");
1393 	return (0);
1394 }
1395 
1396 /*
1397  * Parse '/<n>' as a netmask.
1398  */
1399 /* ARGSUSED */
1400 static int
1401 setifprefixlen(char *addr, int64_t param)
1402 {
1403 	int prefixlen;
1404 	int af = afp->af_af;
1405 
1406 	prefixlen = in_getprefixlen(addr, _B_TRUE,
1407 	    (af == AF_INET) ? ADDRBITS_V4 : ADDRBITS_V6);
1408 	if (prefixlen < 0) {
1409 		(void) fprintf(stderr,
1410 		    "ifconfig: Bad prefix length in %s\n", addr);
1411 		exit(1);
1412 	}
1413 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1414 	lifr.lifr_addr.ss_family = af;
1415 	if (af == AF_INET6) {
1416 		struct sockaddr_in6 *sin6;
1417 
1418 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
1419 		if (!in_prefixlentomask(prefixlen, ADDRBITS_V6,
1420 		    (uchar_t *)&sin6->sin6_addr)) {
1421 			(void) fprintf(stderr, "ifconfig: "
1422 			    "Bad prefix length: %d\n",
1423 			    prefixlen);
1424 			exit(1);
1425 		}
1426 	} else if (af == AF_INET) {
1427 		struct sockaddr_in *sin;
1428 
1429 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
1430 		if (!in_prefixlentomask(prefixlen, ADDRBITS_V4,
1431 		    (uchar_t *)&sin->sin_addr)) {
1432 			(void) fprintf(stderr, "ifconfig: "
1433 			    "Bad prefix length: %d\n",
1434 			    prefixlen);
1435 			exit(1);
1436 		}
1437 	} else {
1438 		(void) fprintf(stderr, "ifconfig: setting prefix only supported"
1439 		    " for address family inet or inet6\n");
1440 		exit(1);
1441 	}
1442 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1443 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1444 		Perror0_exit("SIOCSLIFNETMASK");
1445 	return (0);
1446 }
1447 
1448 /* ARGSUSED */
1449 static int
1450 setifbroadaddr(char *addr, int64_t param)
1451 {
1452 	struct	sockaddr_in broadaddr;
1453 
1454 	assert(afp->af_af != AF_INET6);
1455 
1456 	if (strcmp(addr, "+") == 0) {
1457 		/*
1458 		 * This doesn't set the broadcast address at all. Rather, it
1459 		 * gets, then sets the interface's address, relying on the fact
1460 		 * that resetting the address will reset the broadcast address.
1461 		 */
1462 		(void) strncpy(lifr.lifr_name, name,
1463 		    sizeof (lifr.lifr_name));
1464 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
1465 			if (errno != EADDRNOTAVAIL)
1466 				Perror0_exit("SIOCGLIFADDR");
1467 			return (0);
1468 		}
1469 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1470 			Perror0_exit("SIOCGLIFADDR");
1471 
1472 		return (0);
1473 	}
1474 	in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL);
1475 
1476 	(void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr));
1477 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1478 	if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0)
1479 		Perror0_exit("SIOCSLIFBRDADDR");
1480 	return (0);
1481 }
1482 
1483 /*
1484  * set interface destination address
1485  */
1486 /* ARGSUSED */
1487 static int
1488 setifdstaddr(char *addr, int64_t param)
1489 {
1490 	(*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL);
1491 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1492 	if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0)
1493 		Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR");
1494 	return (0);
1495 }
1496 
1497 /* ARGSUSED */
1498 static int
1499 setifflags(char *val, int64_t value)
1500 {
1501 	int phyintlen, origphyintlen;
1502 
1503 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1504 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0)
1505 		Perror0_exit("setifflags: SIOCGLIFFLAGS");
1506 
1507 	if (value == IFF_NOFAILOVER) {
1508 		/*
1509 		 * Fail if '-failover' is set after a prior addif created the
1510 		 * alias on a different interface. This can happen when the
1511 		 * interface is part of an IPMP group.
1512 		 */
1513 		phyintlen = strcspn(name, ":");
1514 		origphyintlen = strcspn(origname, ":");
1515 		if (phyintlen != origphyintlen ||
1516 		    strncmp(name, origname, phyintlen) != 0) {
1517 			(void) fprintf(stderr, "ifconfig: can't set -failover "
1518 			    "on failed/standby/offlined interface %s\n",
1519 			    origname);
1520 			exit(1);
1521 		}
1522 	}
1523 
1524 	/*
1525 	 * Catch "up" transition for AF_INET6 to perform duplicate address
1526 	 * detection. ifdad checks if an address has been set.
1527 	 */
1528 	if (afp->af_af == AF_INET6 && !(lifr.lifr_flags & IFF_UP) &&
1529 	    value == IFF_UP) {
1530 		if (debug)
1531 			(void) printf(
1532 			    "setifaddr:Calling ifdad flags %llx value 0x%llx\n",
1533 			    lifr.lifr_flags, value);
1534 		if (ifdad(name, NULL) == -1)
1535 			exit(1);
1536 	}
1537 
1538 	if (value < 0) {
1539 		value = -value;
1540 		lifr.lifr_flags &= ~value;
1541 	} else
1542 		lifr.lifr_flags |= value;
1543 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1544 	if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) {
1545 		Perror0_exit("setifflags: SIOCSLIFFLAGS");
1546 	}
1547 	return (0);
1548 }
1549 
1550 /* ARGSUSED */
1551 static int
1552 setifmetric(char *val, int64_t param)
1553 {
1554 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1555 	lifr.lifr_metric = atoi(val);
1556 	if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0)
1557 		Perror0_exit("setifmetric: SIOCSLIFMETRIC");
1558 	return (0);
1559 }
1560 
1561 /* ARGSUSED */
1562 static int
1563 setifmtu(char *val, int64_t param)
1564 {
1565 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1566 	lifr.lifr_mtu = atoi(val);
1567 	if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0)
1568 		Perror0_exit("setifmtu: SIOCSLIFMTU");
1569 	return (0);
1570 }
1571 
1572 /* ARGSUSED */
1573 static int
1574 setifindex(char *val, int64_t param)
1575 {
1576 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1577 	lifr.lifr_index = atoi(val);
1578 	if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0)
1579 		Perror0_exit("setifindex: SIOCSLIFINDEX");
1580 	return (0);
1581 }
1582 
1583 /* ARGSUSED */
1584 static int
1585 setifether(char *addr, int64_t param)
1586 {
1587 	uchar_t	*ea;
1588 	iface_t	*current;
1589 	int	maclen;
1590 
1591 	if (addr == NULL) {
1592 		ifstatus(name);
1593 		print_ifether(name);
1594 		return (0);
1595 	}
1596 
1597 	phyif = NULL;
1598 	logifs = NULL;
1599 
1600 	/*
1601 	 * if the IP interface in the arguments is a logical
1602 	 * interface, exit with an error now.
1603 	 */
1604 	if (strchr(name, ':') != NULL) {
1605 		(void) fprintf(stderr, "ifconfig: cannot change"
1606 		    " ethernet address of a logical interface\n");
1607 		exit(1);
1608 	}
1609 
1610 	ea = _link_aton(addr, &maclen);
1611 	if (ea == NULL) {
1612 		if (maclen == -1)
1613 			(void) fprintf(stderr,
1614 			    "ifconfig: %s: bad address\n", addr);
1615 		else
1616 			(void) fprintf(stderr, "ifconfig: malloc() failed\n");
1617 		exit(1);
1618 	}
1619 
1620 	(void) strncpy(savedname, name, sizeof (savedname));
1621 
1622 	/*
1623 	 * Call selectifs only for the IP interfaces that are ipv4.
1624 	 * offflags == IFF_IPV6 because you should not change the
1625 	 *		Ethernet address of an ipv6 interface
1626 	 */
1627 	foreachinterface(selectifs, 0, (char **)NULL, 0, 0, IFF_IPV6, 0);
1628 
1629 	/* If physical interface not found, exit now */
1630 	if (phyif == NULL) {
1631 		(void) fprintf(stderr,
1632 		    "ifconfig: interface %s not found\n", savedname);
1633 		exit(1);
1634 	}
1635 
1636 	/* Restore */
1637 	(void) strncpy(name, savedname, sizeof (name));
1638 	(void) strncpy(origname, savedname, sizeof (origname));
1639 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1640 
1641 	/*
1642 	 * close and reopen the socket
1643 	 * we don't know which type of socket we have now
1644 	 */
1645 	(void) close(s);
1646 	s = socket(SOCKET_AF(AF_UNSPEC), SOCK_DGRAM, 0);
1647 	if (s < 0) {
1648 		Perror0_exit("socket");
1649 	}
1650 
1651 	/*
1652 	 * mark down the logical interfaces first,
1653 	 * and then the physical interface
1654 	 */
1655 	if (updownifs(logifs, 0) < 0 || updownifs(phyif, 0) < 0) {
1656 		Perror0_exit("mark down interface failed");
1657 	}
1658 
1659 	/*
1660 	 * Change the physical address
1661 	 */
1662 	if (dlpi_set_address(savedname, ea, maclen) == -1) {
1663 		(void) fprintf(stderr,
1664 		    "ifconfig: failed setting mac address on %s\n",
1665 		    savedname);
1666 	}
1667 
1668 	/*
1669 	 * if any interfaces were marked down before changing the
1670 	 * ethernet address, put them up again.
1671 	 * First the physical interface, then the logical ones.
1672 	 */
1673 	if (updownifs(phyif, 1) < 0 || updownifs(logifs, 1) < 0) {
1674 		Perror0_exit("mark down interface failed");
1675 	}
1676 
1677 	/* Free the memory allocated by selectifs */
1678 	free(phyif);
1679 	for (current = logifs; current != NULL; current = logifs) {
1680 		logifs = logifs->next;
1681 		free(current);
1682 	}
1683 
1684 	return (0);
1685 }
1686 
1687 /*
1688  * Print an interface's Ethernet address, if it has one.
1689  */
1690 static void
1691 print_ifether(char *ifname)
1692 {
1693 	int		protocol;
1694 	icfg_if_t	interface;
1695 	icfg_handle_t	handle;
1696 	int		fd;
1697 
1698 	/*
1699 	 * Loopback interfaces and tunnels can't have MAC addresses,
1700 	 * so filter them out first.
1701 	 */
1702 	if (strcmp(ifname, LOOPBACK_IF) == 0)
1703 		return;
1704 
1705 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1706 
1707 	fd = socket(AF_INET, SOCK_DGRAM, 0);
1708 	if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1709 		/*
1710 		 * It's possible the interface is only configured for
1711 		 * IPv6; check again with AF_INET6.
1712 		 */
1713 		(void) close(fd);
1714 		fd = socket(AF_INET6, SOCK_DGRAM, 0);
1715 		if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1716 			(void) close(fd);
1717 			return;
1718 		}
1719 	}
1720 	(void) close(fd);
1721 
1722 	/* Virtual interfaces don't have MAC addresses */
1723 	if (lifr.lifr_flags & IFF_VIRTUAL)
1724 		return;
1725 
1726 	/*
1727 	 * We must be careful to set if_protocol based on the current
1728 	 * properties of the interface.  For instance, if "ip.tun0" is
1729 	 * configured only as an IPv6 tunnel, then if_protocol must be
1730 	 * set to AF_INET6 or icfg_get_tunnel_lower() will fail and
1731 	 * we will falsely conclude that it's not a tunnel.
1732 	 */
1733 	interface.if_protocol = AF_INET;
1734 	if (lifr.lifr_flags & IFF_IPV6)
1735 		interface.if_protocol = AF_INET6;
1736 
1737 	(void) strncpy(interface.if_name, ifname, sizeof (interface.if_name));
1738 
1739 	if (icfg_open(&handle, &interface) == ICFG_SUCCESS) {
1740 		if (icfg_get_tunnel_lower(handle, &protocol) == ICFG_SUCCESS) {
1741 			/* Tunnel op succeeded -- it's a tunnel so skip */
1742 			icfg_close(handle);
1743 			return;
1744 		}
1745 		icfg_close(handle);
1746 	}
1747 
1748 	dlpi_print_address(ifname);
1749 }
1750 
1751 /*
1752  * static void selectifs(int argc, char *argv[], int af, struct lifreq *rp)
1753  *
1754  * Called inside setifether() to create a list of interfaces to
1755  * mark down/up when changing the Ethernet address.
1756  * If the current interface is the physical interface passed
1757  * as an argument to ifconfig, update phyif.
1758  * If the current interface is a logical interface associated
1759  * to the physical interface, add it to the logifs list.
1760  */
1761 /* ARGSUSED */
1762 static void
1763 selectifs(int argc, char *argv[], int af, struct lifreq *rp)
1764 {
1765 	char		*colonp;
1766 	int		length;
1767 	iface_t		*current;
1768 
1769 	/*
1770 	 *  savedname=	name of the IP interface to which you want to
1771 	 *		change ethernet address
1772 	 *  name=	name of the current IP interface
1773 	 */
1774 	colonp = strchr(name, ':');
1775 	if (colonp == NULL)
1776 		length = max(strlen(savedname), strlen(name));
1777 	else
1778 		length = max(strlen(savedname), colonp - name);
1779 	if (strncmp(savedname, name, length) == 0) {
1780 		(void) strcpy(lifr.lifr_name, name);
1781 		if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) {
1782 			Perror0("selectifs: SIOCGLIFFLAGS");
1783 			return;
1784 		}
1785 
1786 		if ((current = malloc(sizeof (iface_t))) == NULL) {
1787 			Perror0_exit("selectifs: malloc failed\n");
1788 		}
1789 
1790 		if (colonp == NULL) {
1791 			/* this is the physical interface */
1792 			phyif = current;
1793 			bcopy(&lifr, &phyif->lifr, sizeof (struct lifreq));
1794 			phyif->next = NULL;
1795 		} else {
1796 			/* this is a logical interface */
1797 			bcopy(&lifr, &current->lifr, sizeof (struct lifreq));
1798 			current->next = logifs;
1799 			logifs = current;
1800 		}
1801 	}
1802 }
1803 
1804 /*
1805  * static int updownifs(iface_t *ifs, int up)
1806  *
1807  * It takes in input a list of IP interfaces (ifs)
1808  * and a flag (up).
1809  * It marks each interface in the list down (up = 0)
1810  * or up (up > 0). This is done ONLY if the IP
1811  * interface was originally up.
1812  *
1813  * Return values:
1814  *  0 = everything OK
1815  * -1 = problem
1816  */
1817 static int
1818 updownifs(iface_t *ifs, int up)
1819 {
1820 	iface_t *current;
1821 	int	ret = 0;
1822 	int 	save_errno;
1823 	char	savename[LIFNAMSIZ];
1824 	uint64_t orig_flags;
1825 
1826 	for (current = ifs; current != NULL; current = current->next) {
1827 		if (current->lifr.lifr_flags & IFF_UP) {
1828 			orig_flags = current->lifr.lifr_flags;
1829 			if (!up)
1830 				current->lifr.lifr_flags &= ~IFF_UP;
1831 			if (ioctl(s, SIOCSLIFFLAGS, &current->lifr) < 0) {
1832 				save_errno = errno;
1833 				(void) strcpy(savename,
1834 				    current->lifr.lifr_name);
1835 				ret = -1;
1836 			}
1837 			if (!up) /* restore the original flags */
1838 				current->lifr.lifr_flags = orig_flags;
1839 		}
1840 	}
1841 
1842 	if (ret == -1) {
1843 		(void) strcpy(lifr.lifr_name, savename);
1844 		errno = save_errno;
1845 	}
1846 	return (ret);
1847 }
1848 
1849 /*
1850  * Create the next unused logical interface using the original name
1851  * and assign the address (and mask if '/<n>' is part of the address).
1852  * Use the new logical interface for subsequent subcommands by updating
1853  * the name variable.
1854  *
1855  * This allows syntax like:
1856  *	ifconfig le0 addif 109.106.86.130 netmask + up \
1857  *	addif 109.106.86.131 netmask + up
1858  */
1859 /* ARGSUSED */
1860 static int
1861 addif(char *str, int64_t param)
1862 {
1863 	int prefixlen = 0;
1864 	struct sockaddr_storage laddr;
1865 	struct sockaddr_storage mask;
1866 
1867 	(void) strncpy(name, origname, sizeof (name));
1868 
1869 	if (strchr(name, ':') != NULL) {
1870 		(void) fprintf(stderr,
1871 		    "ifconfig: addif: bad physical interface name %s\n",
1872 		    name);
1873 		exit(1);
1874 	}
1875 
1876 	/*
1877 	 * clear so parser will interpret next address as source followed
1878 	 * by possible dest
1879 	 */
1880 	setaddr = 0;
1881 	(*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen);
1882 
1883 	switch (prefixlen) {
1884 	case NO_PREFIX:
1885 		/* Nothing there - ok */
1886 		break;
1887 	case BAD_ADDR:
1888 		(void) fprintf(stderr,
1889 		    "ifconfig: Bad prefix length in %s\n", str);
1890 		exit(1);
1891 	default:
1892 		(void) memset(&mask, 0, sizeof (mask));
1893 		mask.ss_family = afp->af_af;
1894 		if (afp->af_af == AF_INET6) {
1895 			struct sockaddr_in6 *sin6;
1896 			sin6 = (struct sockaddr_in6 *)&mask;
1897 			if (!in_prefixlentomask(prefixlen, ADDRBITS_V6,
1898 			    (uchar_t *)&sin6->sin6_addr)) {
1899 				(void) fprintf(stderr, "ifconfig: "
1900 				    "Bad prefix length: %d\n",
1901 				    prefixlen);
1902 				exit(1);
1903 			}
1904 		} else {
1905 			struct sockaddr_in *sin;
1906 
1907 			sin = (struct sockaddr_in *)&mask;
1908 			if (!in_prefixlentomask(prefixlen, ADDRBITS_V4,
1909 			    (uchar_t *)&sin->sin_addr)) {
1910 				(void) fprintf(stderr, "ifconfig: "
1911 				    "Bad prefix length: %d\n",
1912 				    prefixlen);
1913 				exit(1);
1914 			}
1915 		}
1916 		g_netmask_set = G_NETMASK_NIL;
1917 		break;
1918 	}
1919 
1920 	/*
1921 	 * This is a "hack" to get around the problem of SIOCLIFADDIF.  The
1922 	 * problem is that this ioctl does not include the netmask when
1923 	 * adding a logical interface.  This is the same problem described
1924 	 * in the ifconfig() comments.  To get around this problem, we first
1925 	 * add the logical interface with a 0 address.  After that, we set
1926 	 * the netmask if provided.  Finally we set the interface address.
1927 	 */
1928 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1929 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1930 
1931 	/* Note: no need to do DAD here since the interface isn't up yet. */
1932 
1933 	if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0)
1934 		Perror0_exit("addif: SIOCLIFADDIF");
1935 
1936 	(void) printf("Created new logical interface %s\n",
1937 	    lifr.lifr_name);
1938 	(void) strncpy(name, lifr.lifr_name, sizeof (name));
1939 
1940 	/*
1941 	 * Check and see if any "netmask" command is used and perform the
1942 	 * necessary operation.
1943 	 */
1944 	set_mask_lifreq(&lifr, &laddr, &mask);
1945 	/*
1946 	 * Only set the netmask if "netmask" command is used or a prefix is
1947 	 * provided.
1948 	 */
1949 	if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) {
1950 		if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1951 			Perror0_exit("addif: SIOCSLIFNETMASK");
1952 	}
1953 
1954 	/* Finally, we set the interface address. */
1955 	lifr.lifr_addr = laddr;
1956 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1957 		Perror0_exit("SIOCSLIFADDR");
1958 
1959 	/*
1960 	 * let parser know we got a source.
1961 	 * Next address, if given, should be dest
1962 	 */
1963 	setaddr++;
1964 	return (0);
1965 }
1966 
1967 /*
1968  * Remove a logical interface based on its IP address. Unlike addif
1969  * there is no '/<n>' here.
1970  * Verifies that the interface is down before it is removed.
1971  */
1972 /* ARGSUSED */
1973 static int
1974 removeif(char *str, int64_t param)
1975 {
1976 	struct sockaddr_storage laddr;
1977 
1978 	if (strchr(name, ':') != NULL) {
1979 		(void) fprintf(stderr,
1980 		    "ifconfig: removeif: bad physical interface name %s\n",
1981 		    name);
1982 		exit(1);
1983 	}
1984 
1985 	(*afp->af_getaddr)(str, &laddr, NULL);
1986 	lifr.lifr_addr = laddr;
1987 
1988 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1989 	if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) {
1990 		if (errno == EBUSY) {
1991 			/* This can only happen if ipif_id = 0 */
1992 			(void) fprintf(stderr,
1993 			    "ifconfig: removeif: can't remove interface: %s\n",
1994 			    name);
1995 			exit(1);
1996 		}
1997 		Perror0_exit("removeif: SIOCLIFREMOVEIF");
1998 	}
1999 	return (0);
2000 }
2001 
2002 /*
2003  * If laddr is non-NULL it is used - otherwise we use the address on
2004  * the interface.
2005  */
2006 /* ARGSUSED */
2007 static int
2008 ifdad(char *ifname, struct sockaddr_in6 *laddr)
2009 {
2010 	struct sockaddr_in6 testaddr;
2011 	struct lifreq lifr2;	/* Avoid overriting lifr */
2012 
2013 	if (debug)
2014 		(void) printf("ifdad(%s)\n", ifname);
2015 
2016 	assert(afp->af_af == AF_INET6);
2017 
2018 	/*
2019 	 * Check the address assigned to the interface.
2020 	 * Skip the check if IFF_NOLOCAL, IFF_NONUD, IFF_ANYCAST, or
2021 	 * IFF_LOOPBACK.
2022 	 * Note that IFF_NONUD turns of both NUD and DAD.
2023 	 */
2024 	(void) strncpy(lifr2.lifr_name, ifname,
2025 	    sizeof (lifr2.lifr_name));
2026 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr2) < 0) {
2027 		Perror0_exit("ifdad: SIOCGLIFFLAGS");
2028 	}
2029 	if (lifr2.lifr_flags & (IFF_NOLOCAL|IFF_LOOPBACK|IFF_NONUD|IFF_ANYCAST))
2030 		return (0);
2031 
2032 	if (laddr != NULL) {
2033 		testaddr = *laddr;
2034 	} else {
2035 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr2) < 0) {
2036 			Perror0_exit("ifdad: SIOCGLIFADDR");
2037 		}
2038 		testaddr = *(struct sockaddr_in6 *)&lifr2.lifr_addr;
2039 	}
2040 
2041 	if (IN6_IS_ADDR_UNSPECIFIED(&testaddr.sin6_addr))
2042 		return (0);
2043 
2044 	if (do_dad(name, &testaddr) != 0)
2045 		return (-1);
2046 	else
2047 		return (0);
2048 }
2049 
2050 /*
2051  * Set the address token for IPv6.
2052  */
2053 /* ARGSUSED */
2054 static int
2055 setiftoken(char *addr, int64_t param)
2056 {
2057 	int prefixlen = 0;
2058 	struct sockaddr_in6 token;
2059 
2060 	in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen);
2061 	switch (prefixlen) {
2062 	case NO_PREFIX:
2063 		(void) fprintf(stderr,
2064 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
2065 		exit(1);
2066 		/* NOTREACHED */
2067 	case BAD_ADDR:
2068 		(void) fprintf(stderr,
2069 		    "ifconfig: Bad prefix length in %s\n", addr);
2070 		exit(1);
2071 	default:
2072 		break;
2073 	}
2074 	(void) memcpy(&lifr.lifr_addr, &token, sizeof (token));
2075 	lifr.lifr_addrlen = prefixlen;
2076 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2077 	if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0)  {
2078 		Perror0_exit("setiftoken: SIOCSLIFTOKEN");
2079 	}
2080 	return (0);
2081 }
2082 
2083 /*
2084  * Return value: 0 on success, -1 on failure.
2085  */
2086 static int
2087 connect_to_mpathd(int family)
2088 {
2089 	int s;
2090 	struct sockaddr_storage ss;
2091 	struct sockaddr_in *sin = (struct sockaddr_in *)&ss;
2092 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&ss;
2093 	struct in6_addr loopback_addr = IN6ADDR_LOOPBACK_INIT;
2094 	int addrlen;
2095 	int ret;
2096 	int on;
2097 
2098 	s = socket(family, SOCK_STREAM, 0);
2099 	if (s < 0) {
2100 		Perror0_exit("connect_to_mpathd: socket");
2101 	}
2102 	(void) bzero((char *)&ss, sizeof (ss));
2103 	ss.ss_family = family;
2104 	/*
2105 	 * Need to bind to a privileged port. For non-root, this
2106 	 * will fail. in.mpathd verifies that only commands coming
2107 	 * from privileged ports succeed so that ordinary users
2108 	 * can't connect and start talking to in.mpathd
2109 	 */
2110 	on = 1;
2111 	if (setsockopt(s, IPPROTO_TCP, TCP_ANONPRIVBIND, &on,
2112 	    sizeof (on)) < 0) {
2113 		Perror0_exit("connect_to_mpathd: setsockopt");
2114 	}
2115 	switch (family) {
2116 	case AF_INET:
2117 		sin->sin_port = 0;
2118 		sin->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
2119 		addrlen = sizeof (struct sockaddr_in);
2120 		break;
2121 	case AF_INET6:
2122 		sin6->sin6_port = 0;
2123 		sin6->sin6_addr = loopback_addr;
2124 		addrlen = sizeof (struct sockaddr_in6);
2125 		break;
2126 	}
2127 	ret = bind(s, (struct sockaddr *)&ss, addrlen);
2128 	if (ret != 0) {
2129 		(void) close(s);
2130 		return (-1);
2131 	}
2132 
2133 	switch (family) {
2134 	case AF_INET:
2135 		sin->sin_port = htons(MPATHD_PORT);
2136 		break;
2137 	case AF_INET6:
2138 		sin6->sin6_port = htons(MPATHD_PORT);
2139 		break;
2140 	}
2141 	ret = connect(s, (struct sockaddr *)&ss, addrlen);
2142 	(void) close(s);
2143 	return (ret);
2144 }
2145 
2146 /* ARGSUSED */
2147 static int
2148 setifgroupname(char *grpname, int64_t param)
2149 {
2150 	if (debug) {
2151 		(void) printf("Setting groupname %s on interface %s\n",
2152 		    grpname, name);
2153 	}
2154 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2155 	(void) strncpy(lifr.lifr_groupname, grpname,
2156 	    sizeof (lifr.lifr_groupname));
2157 	if (ioctl(s, SIOCSLIFGROUPNAME, (caddr_t)&lifr) < 0) {
2158 		Perror0_exit("setifgroupname: SIOCSLIFGROUPNAME");
2159 	}
2160 
2161 	/*
2162 	 * If the SUNW_NO_MPATHD environment variable is set then don't
2163 	 * bother starting up in.mpathd.  See PSARC/2002/249 for the
2164 	 * depressing details on this bit of stupidity.
2165 	 */
2166 	if (getenv("SUNW_NO_MPATHD") != NULL) {
2167 		return (0);
2168 	}
2169 
2170 	/*
2171 	 * Try to connect to in.mpathd using IPv4. If we succeed,
2172 	 * we conclude that in.mpathd is running, and quit.
2173 	 */
2174 	if (connect_to_mpathd(AF_INET) == 0) {
2175 		/* connect succeeded, mpathd is already running */
2176 		return (0);
2177 	}
2178 	/*
2179 	 * Try to connect to in.mpathd using IPv6. If we succeed,
2180 	 * we conclude that in.mpathd is running, and quit.
2181 	 */
2182 	if (connect_to_mpathd(AF_INET6) == 0) {
2183 		/* connect succeeded, mpathd is already running */
2184 		return (0);
2185 	}
2186 
2187 	/*
2188 	 * in.mpathd may not be running. Start it now. If it is already
2189 	 * running, in.mpathd will take care of handling multiple incarnations
2190 	 * of itself. ifconfig only tries to optimize performance by not
2191 	 * starting another incarnation of in.mpathd.
2192 	 */
2193 	switch (fork()) {
2194 
2195 	case -1:
2196 		Perror0_exit("setifgroupname: fork");
2197 		/* NOTREACHED */
2198 	case 0:
2199 		(void) execl(MPATHD_PATH, MPATHD_PATH, NULL);
2200 		_exit(1);
2201 		/* NOTREACHED */
2202 	default:
2203 		return (0);
2204 	}
2205 }
2206 
2207 
2208 /*
2209  * To list all the modules above a given network interface.
2210  */
2211 /* ARGSUSED */
2212 static int
2213 modlist(char *null, int64_t param)
2214 {
2215 	int muxfd;
2216 	int ipfd_lowstr;
2217 	int arpfd_lowstr;
2218 	int num_mods;
2219 	int i;
2220 	struct str_list strlist;
2221 	int orig_arpid;
2222 
2223 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2224 	if (ip_domux2fd(&muxfd, &ipfd_lowstr, &arpfd_lowstr,
2225 	    &orig_arpid) < 0) {
2226 		return (-1);
2227 	}
2228 	if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) {
2229 		Perror0("cannot I_LIST to get the number of modules");
2230 	} else {
2231 		if (debug > 0) {
2232 			(void) printf("Listing (%d) modules above %s\n",
2233 			    num_mods, name);
2234 		}
2235 
2236 		strlist.sl_nmods = num_mods;
2237 		strlist.sl_modlist = malloc(sizeof (struct str_mlist) *
2238 		    num_mods);
2239 		if (strlist.sl_modlist == NULL) {
2240 			Perror0("cannot malloc");
2241 		} else {
2242 			if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) {
2243 				Perror0("cannot I_LIST for module names");
2244 			} else {
2245 				for (i = 0; i < strlist.sl_nmods; i++) {
2246 				    (void) printf("%d %s\n", i,
2247 				    strlist.sl_modlist[i].l_name);
2248 				}
2249 			}
2250 			free(strlist.sl_modlist);
2251 		}
2252 	}
2253 	return (ip_plink(muxfd, ipfd_lowstr, arpfd_lowstr, orig_arpid));
2254 }
2255 
2256 #define	MODINSERT_OP	'i'
2257 #define	MODREMOVE_OP	'r'
2258 
2259 /*
2260  * To insert a module to the stream of the interface.  It is just a
2261  * wrapper.  The real function is modop().
2262  */
2263 /* ARGSUSED */
2264 static int
2265 modinsert(char *arg, int64_t param)
2266 {
2267 	return (modop(arg, MODINSERT_OP));
2268 }
2269 
2270 /*
2271  * To remove a module from the stream of the interface.  It is just a
2272  * wrapper.  The real function is modop().
2273  */
2274 /* ARGSUSED */
2275 static int
2276 modremove(char *arg, int64_t param)
2277 {
2278 	return (modop(arg, MODREMOVE_OP));
2279 }
2280 
2281 /*
2282  * Open a stream on /dev/udp, pop off all undesired modules (note that
2283  * the user may have configured autopush to add modules above or below
2284  * udp), and push the arp module onto raw IP.
2285  */
2286 static int
2287 open_arp_on_udp(char *udp_dev_name)
2288 {
2289 	int fd;
2290 	boolean_t popped;
2291 
2292 	if ((fd = open(udp_dev_name, O_RDWR)) == -1) {
2293 		Perror2("open", udp_dev_name);
2294 		return (-1);
2295 	}
2296 	errno = 0;
2297 	popped = _B_FALSE;
2298 	while (ioctl(fd, I_POP, 0) != -1)
2299 		popped = _B_TRUE;
2300 	if (!popped) {
2301 		Perror2("cannot pop", udp_dev_name);
2302 	} else if (errno != EINVAL) {
2303 		Perror2("pop", udp_dev_name);
2304 	} else if (ioctl(fd, I_PUSH, ARP_MOD_NAME) == -1) {
2305 		Perror2("arp PUSH", udp_dev_name);
2306 	} else {
2307 		return (fd);
2308 	}
2309 	(void) close(fd);
2310 	return (-1);
2311 }
2312 
2313 /*
2314  * Helper function for mod*() functions.  It gets a fd to the lower IP
2315  * stream and I_PUNLINK's the lower stream.  It also initializes the
2316  * global variable lifr.
2317  *
2318  * Param:
2319  *	int *udp_fd: (referenced) fd to /dev/udp (upper IP stream).
2320  *	int *fd: (referenced) fd to the lower IP stream.
2321  *
2322  * Return:
2323  *	-1 if operation fails, 0 otherwise.
2324  *
2325  * Please see the big block comment above plumb_one_device()
2326  * for the logic of the PLINK/PUNLINK
2327  */
2328 static int
2329 ip_domux2fd(int *muxfd, int *ipfd_lowstr, int *arpfd_lowstr, int *orig_arpid)
2330 {
2331 	int		ip_fd;
2332 	uint64_t	flags;
2333 	char		*udp_dev_name;
2334 	char		*ip_dev_name;
2335 
2336 	*orig_arpid = 0;
2337 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2338 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2339 		Perror0_exit("status: SIOCGLIFFLAGS");
2340 	}
2341 	flags = lifr.lifr_flags;
2342 	if (flags & IFF_IPV4) {
2343 		udp_dev_name = UDP_DEV_NAME;
2344 		ip_dev_name  = IP_DEV_NAME;
2345 	} else if (flags & IFF_IPV6) {
2346 		udp_dev_name = UDP6_DEV_NAME;
2347 		ip_dev_name  = IP6_DEV_NAME;
2348 	} else {
2349 		return (-1);
2350 	}
2351 
2352 	if ((ip_fd = open(ip_dev_name, O_RDWR)) < 0) {
2353 		Perror2("open", ip_dev_name);
2354 		return (-1);
2355 	}
2356 	if (ioctl(ip_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
2357 		Perror2("SIOCGLIFMUXID", ip_dev_name);
2358 		return (-1);
2359 	}
2360 	if (debug > 0) {
2361 		(void) printf("ARP_muxid %d IP_muxid %d\n",
2362 		    lifr.lifr_arp_muxid, lifr.lifr_ip_muxid);
2363 	}
2364 
2365 	if ((*muxfd = open_arp_on_udp(udp_dev_name)) == -1)
2366 		return (-1);
2367 
2368 	if (lifr.lifr_arp_muxid != 0) {
2369 		if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2370 		    lifr.lifr_arp_muxid)) < 0) {
2371 			if ((errno == EINVAL) &&
2372 			    (flags & (IFF_NOARP | IFF_IPV6))) {
2373 				/*
2374 				 * Some plumbing utilities set the muxid to
2375 				 * -1 or some invalid value to signify that
2376 				 * there is no arp stream. Set the muxid to 0
2377 				 * before trying to unplumb the IP stream.
2378 				 * IP does not allow the IP stream to be
2379 				 * unplumbed if it sees a non-null arp muxid,
2380 				 * for consistency of IP-ARP streams.
2381 				 */
2382 				*orig_arpid = lifr.lifr_arp_muxid;
2383 				lifr.lifr_arp_muxid = 0;
2384 				(void) ioctl(*muxfd, SIOCSLIFMUXID,
2385 				    (caddr_t)&lifr);
2386 				*arpfd_lowstr = -1;
2387 			} else {
2388 				Perror0("_I_MUXID2FD");
2389 				return (-1);
2390 			}
2391 		} else if (ioctl(*muxfd, I_PUNLINK,
2392 		    lifr.lifr_arp_muxid) < 0) {
2393 			Perror2("I_PUNLINK", udp_dev_name);
2394 			return (-1);
2395 		}
2396 	} else {
2397 		*arpfd_lowstr = -1;
2398 	}
2399 
2400 	if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2401 	    lifr.lifr_ip_muxid)) < 0) {
2402 		Perror0("_I_MUXID2FD");
2403 		/* Undo any changes we made */
2404 		if (*orig_arpid != 0) {
2405 			lifr.lifr_arp_muxid = *orig_arpid;
2406 			(void) ioctl(*muxfd, SIOCSLIFMUXID, (caddr_t)&lifr);
2407 		}
2408 		return (-1);
2409 	}
2410 	if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) {
2411 		Perror2("I_PUNLINK", udp_dev_name);
2412 		/* Undo any changes we made */
2413 		if (*orig_arpid != 0) {
2414 			lifr.lifr_arp_muxid = *orig_arpid;
2415 			(void) ioctl(*muxfd, SIOCSLIFMUXID, (caddr_t)&lifr);
2416 		}
2417 		return (-1);
2418 	}
2419 	return (0);
2420 }
2421 
2422 /*
2423  * Helper function for mod*() functions.  It I_PLINK's back the upper and
2424  * lower IP streams.  Note that this function must be called after
2425  * ip_domux2fd().  In ip_domux2fd(), the global variable lifr is initialized
2426  * and ip_plink() needs information in lifr.  So ip_domux2fd() and ip_plink()
2427  * must be called in pairs.
2428  *
2429  * Param:
2430  *	int udp_fd: fd to /dev/udp (upper IP stream).
2431  *	int fd: fd to the lower IP stream.
2432  *
2433  * Return:
2434  *	-1 if operation fails, 0 otherwise.
2435  *
2436  * Please see the big block comment above plumb_one_device()
2437  * for the logic of the PLINK/PUNLINK
2438  */
2439 static int
2440 ip_plink(int muxfd, int ipfd_lowstr, int arpfd_lowstr, int orig_arpid)
2441 {
2442 	int ip_muxid;
2443 
2444 	ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr);
2445 	if (ip_muxid < 0) {
2446 		Perror2("I_PLINK", UDP_DEV_NAME);
2447 		return (-1);
2448 	}
2449 
2450 	/*
2451 	 * If there is an arp stream, plink it. If there is no
2452 	 * arp stream, then it is possible that the plumbing
2453 	 * utility could have stored any value in the arp_muxid.
2454 	 * If so, restore it from orig_arpid.
2455 	 */
2456 	if (arpfd_lowstr != -1) {
2457 		if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) {
2458 			Perror2("I_PLINK", UDP_DEV_NAME);
2459 			return (-1);
2460 		}
2461 	} else if (orig_arpid != 0) {
2462 		/* Undo the changes we did in ip_domux2fd */
2463 		lifr.lifr_arp_muxid = orig_arpid;
2464 		lifr.lifr_ip_muxid = ip_muxid;
2465 		(void) ioctl(muxfd, SIOCSLIFMUXID, (caddr_t)&lifr);
2466 	}
2467 
2468 	return (0);
2469 }
2470 
2471 
2472 /*
2473  * The names of other core TCP/IP stack modules which cannot be removed.
2474  */
2475 #ifndef	TUN_NAME
2476 #define	TUN_NAME	"tun"
2477 #endif
2478 
2479 #ifndef	ATUN_NAME
2480 #define	ATUN_NAME	"atun"
2481 #endif
2482 
2483 #ifndef	TUN6TO4_NAME
2484 #define	TUN6TO4_NAME	"6to4tun"
2485 #endif
2486 
2487 /*
2488  * The real function to perform module insertion/removal.
2489  *
2490  * Param:
2491  *	char *arg: the argument string module_name@position
2492  *	char op: operation, either MODINSERT_OP or MODREMOVE_OP.
2493  *
2494  * Return:
2495  *	Before doing ip_domux2fd(), this function calls exit(1) in case of
2496  *	error.  After ip_domux2fd() is done, it returns -1 for error, 0
2497  *	otherwise.
2498  */
2499 static int
2500 modop(char *arg, char op)
2501 {
2502 	char *pos_p;
2503 	int muxfd;
2504 	int ipfd_lowstr;  /* IP stream (lower stream of mux) to be plinked */
2505 	int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */
2506 	struct strmodconf mod;
2507 	char *at_char = "@";
2508 	char *arg_str;
2509 	int orig_arpid;
2510 
2511 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2512 
2513 	/* Need to save the original string for -a option. */
2514 	if ((arg_str = malloc(strlen(arg) + 1)) == NULL) {
2515 		Perror0("cannot malloc");
2516 		return (-1);
2517 	}
2518 	(void) strcpy(arg_str, arg);
2519 
2520 	if (*arg_str == *at_char) {
2521 		(void) fprintf(stderr,
2522 		    "ifconfig: must supply a module name\n");
2523 		exit(1);
2524 	}
2525 	mod.mod_name = strtok(arg_str, at_char);
2526 	if (strlen(mod.mod_name) > FMNAMESZ) {
2527 		(void) fprintf(stderr, "ifconfig: module name too long: %s\n",
2528 		    mod.mod_name);
2529 		exit(1);
2530 	}
2531 
2532 	/*
2533 	 * Need to make sure that the core TCP/IP stack modules are not
2534 	 * removed.  Otherwise, "bad" things can happen.  If a module
2535 	 * is removed and inserted back, it loses its old state.  But
2536 	 * the modules above it still have the old state.  E.g. IP assumes
2537 	 * fast data path while tunnel after re-inserted assumes that it can
2538 	 * receive M_DATA only in fast data path for which it does not have
2539 	 * any state.  This is a general caveat of _I_REMOVE/_I_INSERT.
2540 	 */
2541 	if (op == MODREMOVE_OP &&
2542 	    (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 ||
2543 	    strcmp(mod.mod_name, IP_MOD_NAME) == 0 ||
2544 	    strcmp(mod.mod_name, TUN_NAME) == 0 ||
2545 	    strcmp(mod.mod_name, ATUN_NAME) == 0 ||
2546 	    strcmp(mod.mod_name, TUN6TO4_NAME) == 0)) {
2547 		(void) fprintf(stderr, "ifconfig: cannot remove %s\n",
2548 		    mod.mod_name);
2549 		exit(1);
2550 	}
2551 
2552 	if ((pos_p = strtok(NULL, at_char)) == NULL) {
2553 		(void) fprintf(stderr, "ifconfig: must supply a position\n");
2554 		exit(1);
2555 	}
2556 	mod.pos = atoi(pos_p);
2557 
2558 	if (ip_domux2fd(&muxfd, &ipfd_lowstr, &arpfd_lowstr,
2559 	    &orig_arpid) < 0) {
2560 		free(arg_str);
2561 		return (-1);
2562 	}
2563 	switch (op) {
2564 	case MODINSERT_OP:
2565 		if (debug > 0) {
2566 			(void) printf("Inserting module %s at %d\n",
2567 			    mod.mod_name, mod.pos);
2568 		}
2569 		if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) {
2570 			Perror2("fail to insert module", mod.mod_name);
2571 		}
2572 		break;
2573 	case MODREMOVE_OP:
2574 		if (debug > 0) {
2575 			(void) printf("Removing module %s at %d\n",
2576 			    mod.mod_name, mod.pos);
2577 		}
2578 		if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) {
2579 			Perror2("fail to remove module", mod.mod_name);
2580 		}
2581 		break;
2582 	default:
2583 		/* Should never get to here. */
2584 		(void) fprintf(stderr, "Unknown operation\n");
2585 		break;
2586 	}
2587 	free(arg_str);
2588 	return (ip_plink(muxfd, ipfd_lowstr, arpfd_lowstr, orig_arpid));
2589 }
2590 
2591 #ifdef DEBUG
2592 
2593 /* ARGSUSED */
2594 static int
2595 getnd(char *addr, int64_t param)
2596 {
2597 	struct sockaddr_in6 v6addr;
2598 	char *str = NULL;
2599 
2600 	in6_getaddr(addr, &v6addr, NULL);
2601 	(void) memcpy(&lifr.lifr_nd.lnr_addr, &v6addr, sizeof (v6addr));
2602 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2603 	if (ioctl(s, SIOCLIFGETND, (caddr_t)&lifr) < 0)  {
2604 		Perror0_exit("SIOCLIFGETND");
2605 	}
2606 	str = _link_ntoa((const unsigned char *)lifr.lifr_nd.lnr_hdw_addr,
2607 	    str, lifr.lifr_nd.lnr_hdw_len, IFT_OTHER);
2608 	if (str != NULL) {
2609 		(void) printf("address %s", str);
2610 		free(str);
2611 	}
2612 	(void) printf(" state %d/%d/%d flags %x\n",
2613 		lifr.lifr_nd.lnr_state_create,
2614 		lifr.lifr_nd.lnr_state_same_lla,
2615 		lifr.lifr_nd.lnr_state_diff_lla,
2616 		lifr.lifr_nd.lnr_flags);
2617 	return (0);
2618 }
2619 
2620 /* ARGSUSED */
2621 static int
2622 delnd(char *addr, int64_t param)
2623 {
2624 	struct sockaddr_in6 v6addr;
2625 
2626 	in6_getaddr(addr, &v6addr, NULL);
2627 	(void) memcpy(&lifr.lifr_nd.lnr_addr, &v6addr, sizeof (v6addr));
2628 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2629 
2630 	lifr.lifr_nd.lnr_state_create = ND_UNCHANGED;
2631 	lifr.lifr_nd.lnr_state_same_lla = ND_UNCHANGED;
2632 	lifr.lifr_nd.lnr_state_diff_lla = ND_UNCHANGED;
2633 	lifr.lifr_nd.lnr_flags = 0;
2634 	if (ioctl(s, SIOCLIFDELND, (caddr_t)&lifr) < 0)  {
2635 		Perror0_exit("SIOCLIFDELND");
2636 	}
2637 	return (0);
2638 }
2639 
2640 /* ARGSUSED */
2641 static int
2642 setnd(char *addr, int64_t param)
2643 {
2644 	struct sockaddr_in6 v6addr;
2645 
2646 	/*
2647 	 * XXX parse phyaddr? Need syntax to fit in one argv.
2648 	 * XXX <proto addr>/<phyaddr> ??
2649 	 */
2650 	in6_getaddr(addr, &v6addr, NULL);
2651 	(void) memcpy(&lifr.lifr_nd.lnr_addr, &v6addr, sizeof (v6addr));
2652 	(void) memset(lifr.lifr_nd.lnr_hdw_addr, 0x55,
2653 	    sizeof (lifr.lifr_nd.lnr_hdw_addr));
2654 	lifr.lifr_nd.lnr_hdw_len = 6;
2655 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2656 
2657 	lifr.lifr_nd.lnr_state_create = ND_STALE;
2658 	lifr.lifr_nd.lnr_state_same_lla = ND_UNCHANGED;
2659 	lifr.lifr_nd.lnr_state_diff_lla = ND_STALE;
2660 	lifr.lifr_nd.lnr_flags = 0;
2661 
2662 	if (ioctl(s, SIOCLIFSETND, (caddr_t)&lifr) < 0)  {
2663 		Perror0_exit("SIOCLIFSETND");
2664 	}
2665 	return (0);
2666 }
2667 #endif /* DEBUG */
2668 
2669 /*
2670  * Set tunnel source address
2671  */
2672 /* ARGSUSED */
2673 static int
2674 setiftsrc(char *addr, int64_t param)
2675 {
2676 	return (settaddr(addr, icfg_set_tunnel_src));
2677 }
2678 
2679 /*
2680  * Set tunnel destination address
2681  */
2682 /* ARGSUSED */
2683 static int
2684 setiftdst(char *addr, int64_t param)
2685 {
2686 	return (settaddr(addr, icfg_set_tunnel_dest));
2687 }
2688 
2689 /*
2690  * sets tunnels src|dst address.  settaddr() expects the following:
2691  * addr: Points to a printable string containing the address to be
2692  *       set, e.g. 129.153.128.110.
2693  * fn:   Pointer to a libinetcfg routine that will do the actual work.
2694  *       The only valid functions are icfg_set_tunnel_src and
2695  *       icfg_set_tunnel_dest.
2696  */
2697 static int
2698 settaddr(char *addr,
2699     int (*fn)(icfg_handle_t, const struct sockaddr *, socklen_t))
2700 {
2701 	icfg_handle_t handle;
2702 	icfg_if_t interface;
2703 	struct sockaddr_storage laddr;
2704 	int lower;
2705 	int rc;
2706 
2707 	if (strchr(name, ':') != NULL) {
2708 		errno = EPERM;
2709 		Perror0_exit("Tunnel params on logical interfaces");
2710 	}
2711 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2712 	interface.if_protocol = SOCKET_AF(af);
2713 
2714 	/* Open interface. */
2715 	if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS)
2716 		Perror0_exit((char *)icfg_errmsg(rc));
2717 
2718 	rc = icfg_get_tunnel_lower(handle, &lower);
2719 	if (rc != ICFG_SUCCESS)
2720 		Perror0_exit((char *)icfg_errmsg(rc));
2721 
2722 	if (lower == AF_INET) {
2723 		in_getaddr(addr, (struct sockaddr *)&laddr, NULL);
2724 	} else {
2725 		in6_getaddr(addr, (struct sockaddr *)&laddr, NULL);
2726 	}
2727 
2728 	/* Call fn to do the real work, and close the interface. */
2729 	rc = (*fn)(handle, (struct sockaddr *)&laddr,
2730 	    sizeof (struct sockaddr_storage));
2731 	icfg_close(handle);
2732 
2733 	if (rc != ICFG_SUCCESS)
2734 		Perror0_exit((char *)icfg_errmsg(rc));
2735 
2736 	return (0);
2737 }
2738 
2739 /* Set tunnel encapsulation limit. */
2740 /* ARGSUSED */
2741 static int
2742 set_tun_encap_limit(char *arg, int64_t param)
2743 {
2744 	short limit;
2745 	icfg_if_t interface;
2746 	icfg_handle_t handle;
2747 	int rc;
2748 
2749 	if (strchr(name, ':') != NULL) {
2750 		errno = EPERM;
2751 		Perror0_exit("Tunnel params on logical interfaces");
2752 	}
2753 
2754 	if ((sscanf(arg, "%hd", &limit) != 1) || (limit < 0) ||
2755 	    (limit > 255)) {
2756 		errno = EINVAL;
2757 		Perror0_exit("Invalid encapsulation limit");
2758 	}
2759 
2760 	/* Open interface for configuration. */
2761 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2762 	interface.if_protocol = SOCKET_AF(af);
2763 	if (icfg_open(&handle, &interface) != ICFG_SUCCESS)
2764 		Perror0_exit("couldn't open interface");
2765 
2766 	rc = icfg_set_tunnel_encaplimit(handle, (int)limit);
2767 	icfg_close(handle);
2768 
2769 	if (rc != ICFG_SUCCESS)
2770 		Perror0_exit("Could not configure tunnel encapsulation limit");
2771 
2772 	return (0);
2773 }
2774 
2775 /* Disable encapsulation limit. */
2776 /* ARGSUSED */
2777 static int
2778 clr_tun_encap_limit(char *arg, int64_t param)
2779 {
2780 	icfg_if_t interface;
2781 	icfg_handle_t handle;
2782 	int rc;
2783 
2784 	if (strchr(name, ':') != NULL) {
2785 		errno = EPERM;
2786 		Perror0_exit("Tunnel params on logical interfaces");
2787 	}
2788 
2789 	/* Open interface for configuration. */
2790 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2791 	interface.if_protocol = SOCKET_AF(af);
2792 	if (icfg_open(&handle, &interface) != ICFG_SUCCESS)
2793 		Perror0_exit("couldn't open interface");
2794 
2795 	rc = icfg_set_tunnel_encaplimit(handle, -1);
2796 	icfg_close(handle);
2797 
2798 	if (rc != ICFG_SUCCESS)
2799 		Perror0_exit((char *)icfg_errmsg(rc));
2800 
2801 	return (0);
2802 }
2803 
2804 /* Set tunnel hop limit. */
2805 /* ARGSUSED */
2806 static int
2807 set_tun_hop_limit(char *arg, int64_t param)
2808 {
2809 	unsigned short limit;
2810 	icfg_if_t interface;
2811 	icfg_handle_t handle;
2812 	int rc;
2813 
2814 	if (strchr(name, ':') != NULL) {
2815 		errno = EPERM;
2816 		Perror0_exit("Tunnel params on logical interfaces");
2817 	}
2818 
2819 	/*
2820 	 * Check limit here since it's really only an 8-bit unsigned quantity.
2821 	 */
2822 	if ((sscanf(arg, "%hu", &limit) != 1) || (limit > 255)) {
2823 		errno = EINVAL;
2824 		Perror0_exit("Invalid hop limit");
2825 	}
2826 
2827 	/* Open interface for configuration. */
2828 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2829 	interface.if_protocol = SOCKET_AF(af);
2830 	if (icfg_open(&handle, &interface) != ICFG_SUCCESS)
2831 		Perror0_exit("couldn't open interface");
2832 
2833 	rc = icfg_set_tunnel_hoplimit(handle, (uint8_t)limit);
2834 	icfg_close(handle);
2835 
2836 	if (rc != ICFG_SUCCESS)
2837 		Perror0_exit("Could not configure tunnel hop limit");
2838 
2839 	return (0);
2840 }
2841 
2842 /* Set zone ID */
2843 static int
2844 setzone(char *arg, int64_t param)
2845 {
2846 	zoneid_t zoneid = GLOBAL_ZONEID;
2847 
2848 	if (param == NEXTARG) {
2849 		/* zone must be active */
2850 		if ((zoneid = getzoneidbyname(arg)) == -1) {
2851 			(void) fprintf(stderr,
2852 			    "ifconfig: unknown zone '%s'\n", arg);
2853 			exit(1);
2854 		}
2855 	}
2856 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2857 	lifr.lifr_zoneid = zoneid;
2858 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2859 		Perror0_exit("SIOCSLIFZONE");
2860 	return (0);
2861 }
2862 
2863 /* Put interface into all zones */
2864 /* ARGSUSED */
2865 static int
2866 setallzones(char *arg, int64_t param)
2867 {
2868 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2869 	lifr.lifr_zoneid = ALL_ZONES;
2870 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2871 		Perror0_exit("SIOCSLIFZONE");
2872 	return (0);
2873 }
2874 
2875 /* Set source address to use */
2876 /* ARGSUSED */
2877 static int
2878 setifsrc(char *arg, int64_t param)
2879 {
2880 	uint_t ifindex = 0;
2881 	int rval;
2882 
2883 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2884 
2885 	/*
2886 	 * Argument can be either an interface name or "none". The latter means
2887 	 * that any previous selection is cleared.
2888 	 */
2889 
2890 	rval = strcmp(arg, name);
2891 	if (rval == 0) {
2892 		(void) fprintf(stderr,
2893 		    "ifconfig: Cannot specify same interface for usesrc"
2894 		    " group\n");
2895 		exit(1);
2896 	}
2897 
2898 	rval = strcmp(arg, NONE_STR);
2899 	if (rval != 0) {
2900 		if ((ifindex = if_nametoindex(arg)) == 0) {
2901 			(void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ);
2902 			Perror0_exit("Could not get interface index");
2903 		}
2904 		lifr.lifr_index = ifindex;
2905 	} else {
2906 		if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0)
2907 			Perror0_exit("Not a valid usesrc consumer");
2908 		lifr.lifr_index = 0;
2909 	}
2910 
2911 	if (debug)
2912 		(void) printf("setifsrc: lifr_name %s, lifr_index %d\n",
2913 		    lifr.lifr_name, lifr.lifr_index);
2914 
2915 	if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) {
2916 		if (rval == 0)
2917 			Perror0_exit("Cannot reset usesrc group");
2918 		else
2919 			Perror0_exit("Could not set source interface");
2920 	}
2921 
2922 	return (0);
2923 }
2924 
2925 /*
2926  * Print the interface status line associated with `ifname'
2927  */
2928 static void
2929 ifstatus(const char *ifname)
2930 {
2931 	uint64_t flags;
2932 	char if_usesrc_name[LIFNAMSIZ];
2933 	char *newbuf;
2934 	int n, numifs, rval = 0;
2935 	struct lifreq *lifrp;
2936 	struct lifsrcof lifs;
2937 
2938 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2939 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2940 		Perror0_exit("status: SIOCGLIFFLAGS");
2941 	}
2942 	flags = lifr.lifr_flags;
2943 
2944 	/*
2945 	 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or
2946 	 * interfaces with IFF_IPV6 set.
2947 	 */
2948 	if (v4compat) {
2949 		flags &= ~IFF_IPV4;
2950 		if (flags & IFF_IPV6)
2951 			return;
2952 	}
2953 
2954 	(void) printf("%s: ", ifname);
2955 	print_flags(flags);
2956 
2957 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2958 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
2959 		Perror0_exit("status: SIOCGLIFMETRIC");
2960 	} else {
2961 		if (lifr.lifr_metric)
2962 			(void) printf(" metric %d", lifr.lifr_metric);
2963 	}
2964 	if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
2965 		(void) printf(" mtu %d", lifr.lifr_metric);
2966 
2967 	/* don't print index or zone when in compatibility mode */
2968 	if (!v4compat) {
2969 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
2970 			(void) printf(" index %d", lifr.lifr_index);
2971 		if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 &&
2972 		    lifr.lifr_zoneid != getzoneid()) {
2973 			char zone_name[ZONENAME_MAX];
2974 
2975 			if (lifr.lifr_zoneid == ALL_ZONES) {
2976 				(void) printf("\n\tall-zones");
2977 			} else if (getzonenamebyid(lifr.lifr_zoneid, zone_name,
2978 			    sizeof (zone_name)) < 0) {
2979 				(void) printf("\n\tzone %d", lifr.lifr_zoneid);
2980 			} else {
2981 				(void) printf("\n\tzone %s", zone_name);
2982 			}
2983 		}
2984 	}
2985 
2986 	if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) {
2987 		lifs.lifs_ifindex = lifr.lifr_index;
2988 
2989 		/*
2990 		 * Find the number of interfaces that use this interfaces'
2991 		 * address as a source address
2992 		 */
2993 		lifs.lifs_buf = NULL;
2994 		lifs.lifs_maxlen = 0;
2995 		for (;;) {
2996 			/* The first pass will give the bufsize we need */
2997 			rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs);
2998 			if (rval < 0) {
2999 				if (lifs.lifs_buf != NULL) {
3000 					free(lifs.lifs_buf);
3001 					lifs.lifs_buf = NULL;
3002 				}
3003 				lifs.lifs_len = 0;
3004 				break;
3005 			}
3006 			if (lifs.lifs_len <= lifs.lifs_maxlen)
3007 				break;
3008 			/* Use kernel's size + a small margin to avoid loops */
3009 			lifs.lifs_maxlen = lifs.lifs_len +
3010 			    5 * sizeof (struct lifreq);
3011 			/* For the first pass, realloc acts like malloc */
3012 			newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen);
3013 			if (newbuf == NULL) {
3014 				if (lifs.lifs_buf != NULL) {
3015 					free(lifs.lifs_buf);
3016 					lifs.lifs_buf = NULL;
3017 				}
3018 				lifs.lifs_len = 0;
3019 				break;
3020 			}
3021 			lifs.lifs_buf = newbuf;
3022 		}
3023 
3024 
3025 		numifs = lifs.lifs_len / sizeof (struct lifreq);
3026 		if (numifs > 0) {
3027 			lifrp = lifs.lifs_req;
3028 			(void) printf("\n\tsrcof");
3029 			for (n = numifs; n > 0; n--, lifrp++) {
3030 				(void) printf(" %s", lifrp->lifr_name);
3031 			}
3032 		}
3033 
3034 		if (lifs.lifs_buf != NULL)
3035 			free(lifs.lifs_buf);
3036 	}
3037 
3038 	/* Find the interface whose source address this interface uses */
3039 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
3040 		if (lifr.lifr_index != 0) {
3041 			if (if_indextoname(lifr.lifr_index,
3042 			    if_usesrc_name) == NULL) {
3043 				(void) printf("\n\tusesrc ifIndex %d",
3044 				    lifr.lifr_index);
3045 			} else {
3046 				(void) printf("\n\tusesrc %s", if_usesrc_name);
3047 			}
3048 		}
3049 	}
3050 
3051 	(void) putchar('\n');
3052 }
3053 
3054 
3055 /*
3056  * Print the status of the interface.  If an address family was
3057  * specified, show it and it only; otherwise, show them all.
3058  */
3059 static void
3060 status(void)
3061 {
3062 	struct afswtch *p = afp;
3063 	uint64_t flags;
3064 
3065 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3066 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
3067 		Perror0_exit("status: SIOCGLIFFLAGS");
3068 	}
3069 
3070 	flags = lifr.lifr_flags;
3071 
3072 	/*
3073 	 * Only print the interface status if the address family matches
3074 	 * the interface family flag.
3075 	 */
3076 	if (p != NULL) {
3077 		if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) ||
3078 		    ((p->af_af == AF_INET) && (flags & IFF_IPV6)))
3079 			return;
3080 	}
3081 
3082 	/*
3083 	 * In V4 compatibility mode, don't print IFF_IPV6 interfaces.
3084 	 */
3085 	if (v4compat && (flags & IFF_IPV6))
3086 		return;
3087 
3088 	ifstatus(name);
3089 
3090 	if (p != NULL) {
3091 		(*p->af_status)(1, flags);
3092 	} else {
3093 		for (p = afs; p->af_name; p++) {
3094 			(void) close(s);
3095 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
3096 			/* set global af for use in p->af_status */
3097 			af = p->af_af;
3098 			if (s == -1) {
3099 				Perror0_exit("socket");
3100 			}
3101 			(*p->af_status)(0, flags);
3102 		}
3103 
3104 		/*
3105 		 * Historically, 'ether' has been an address family,
3106 		 * so print it here.
3107 		 */
3108 		print_ifether(name);
3109 	}
3110 }
3111 
3112 /*
3113  * Print the status of the interface in a format that can be used to
3114  * reconfigure the interface later. Code stolen from status() above.
3115  */
3116 /* ARGSUSED */
3117 static int
3118 configinfo(char *null, int64_t param)
3119 {
3120 	struct afswtch *p = afp;
3121 	uint64_t flags;
3122 	char phydevname[LIFNAMSIZ];
3123 	char if_usesrc_name[LIFNAMSIZ];
3124 	char *cp;
3125 
3126 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3127 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
3128 		Perror0_exit("status: SIOCGLIFFLAGS");
3129 	}
3130 	flags = lifr.lifr_flags;
3131 
3132 	if (debug) {
3133 		(void) printf("configinfo: name %s flags  0x%llx af_af %d\n",
3134 		    name, flags, p != NULL ? p->af_af : -1);
3135 	}
3136 
3137 	/* remove LIF component */
3138 	(void) strncpy(phydevname, name, sizeof (phydevname));
3139 	cp = strchr(phydevname, ':');
3140 	if (cp) {
3141 		*cp = 0;
3142 	}
3143 	phydevname[sizeof (phydevname) - 1] = '\0';
3144 
3145 	/*
3146 	 * if the interface is IPv4
3147 	 *	if we have a IPv6 address family restriction return
3148 	 *		so it won't print
3149 	 *	if we are in IPv4 compatibility mode, clear out IFF_IPV4
3150 	 *		so we don't print it.
3151 	 */
3152 	if (flags & IFF_IPV4) {
3153 		if (p && p->af_af == AF_INET6)
3154 			return (-1);
3155 		if (v4compat)
3156 			flags &= ~IFF_IPV4;
3157 
3158 		(void) printf("%s inet plumb", phydevname);
3159 	} else if (flags & IFF_IPV6) {
3160 		/*
3161 		 * else if the interface is IPv6
3162 		 *	if we have a IPv4 address family restriction return
3163 		 *	or we are in IPv4 compatibiltiy mode, return.
3164 		 */
3165 		if (p && p->af_af == AF_INET)
3166 			return (-1);
3167 		if (v4compat)
3168 			return (-1);
3169 
3170 		(void) printf("%s inet6 plumb", phydevname);
3171 	}
3172 
3173 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3174 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
3175 		Perror0_exit("configinfo: SIOCGLIFMETRIC");
3176 	} else {
3177 		if (lifr.lifr_metric)
3178 			(void) printf(" metric %d ", lifr.lifr_metric);
3179 	}
3180 	if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) &&
3181 		ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
3182 		(void) printf(" mtu %d", lifr.lifr_metric);
3183 
3184 	/* don't print index when in compatibility mode */
3185 	if (!v4compat) {
3186 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
3187 			(void) printf(" index %d", lifr.lifr_index);
3188 	}
3189 
3190 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
3191 		if (lifr.lifr_index != 0) {
3192 			if (if_indextoname(lifr.lifr_index,
3193 			    if_usesrc_name) != NULL) {
3194 				(void) printf(" usesrc %s", if_usesrc_name);
3195 			}
3196 		}
3197 	}
3198 
3199 	if (p != NULL) {
3200 		(*p->af_configinfo)(1, flags);
3201 	} else {
3202 		for (p = afs; p->af_name; p++) {
3203 			(void) close(s);
3204 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
3205 			/* set global af for use in p->af_configinfo */
3206 			af = p->af_af;
3207 			if (s == -1) {
3208 				Perror0_exit("socket");
3209 			}
3210 			(*p->af_configinfo)(0, flags);
3211 		}
3212 	}
3213 
3214 	(void) printf("\n");
3215 
3216 	return (0);
3217 }
3218 
3219 static void
3220 print_tsec(struct iftun_req *tparams)
3221 {
3222 	ipsec_req_t *ipsr;
3223 
3224 	(void) printf("\ttunnel security settings  ");
3225 	/*
3226 	 * Deal with versioning, for now just point
3227 	 * an ipsec_req_t at ifta_secinfo.  If versions
3228 	 * change, something else will overlay ifta_secinfo.
3229 	 */
3230 	assert(tparams->ifta_vers == IFTUN_VERSION);
3231 
3232 	ipsr = (ipsec_req_t *)(&tparams->ifta_secinfo);
3233 	if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) {
3234 		(void) printf("ah (%s)  ",
3235 		    rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH));
3236 	}
3237 	if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) {
3238 		(void) printf("esp (%s",
3239 		    rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP));
3240 		(void) printf("/%s)",
3241 		    rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH));
3242 	}
3243 	(void) printf("\n");
3244 }
3245 
3246 static void
3247 tun_status(void)
3248 {
3249 	icfg_if_t interface;
3250 	int rc;
3251 	icfg_handle_t handle;
3252 	int protocol;
3253 	char srcbuf[INET6_ADDRSTRLEN];
3254 	char dstbuf[INET6_ADDRSTRLEN];
3255 	boolean_t tabbed;
3256 	uint8_t hoplimit;
3257 	int16_t encaplimit;
3258 	struct sockaddr_storage taddr;
3259 	socklen_t socklen = sizeof (taddr);
3260 
3261 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
3262 	interface.if_protocol = SOCKET_AF(af);
3263 	if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS)
3264 		Perror0_exit((char *)icfg_errmsg(rc));
3265 
3266 	/*
3267 	 * only print tunnel info for lun 0.  If ioctl fails, assume
3268 	 * we are not a tunnel
3269 	 */
3270 	if (strchr(name, ':') != NULL ||
3271 	    icfg_get_tunnel_lower(handle, &protocol) != ICFG_SUCCESS) {
3272 		icfg_close(handle);
3273 		return;
3274 	}
3275 
3276 	switch (protocol) {
3277 	case AF_INET:
3278 		(void) printf("\tinet");
3279 		break;
3280 	case AF_INET6:
3281 		(void) printf("\tinet6");
3282 		break;
3283 	default:
3284 		Perror0_exit("\ttunnel: Illegal lower stream\n\t");
3285 		break;
3286 	}
3287 
3288 	rc = icfg_get_tunnel_src(handle, (struct sockaddr *)&taddr, &socklen);
3289 	if (rc == ICFG_NOT_SET) {
3290 		(void) strlcpy(srcbuf, (protocol == AF_INET) ? "0.0.0.0" :
3291 		    "::", sizeof (srcbuf));
3292 	} else if (rc != ICFG_SUCCESS) {
3293 		Perror0_exit((char *)icfg_errmsg(rc));
3294 	} else {
3295 		rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr,
3296 		    srcbuf, sizeof (srcbuf));
3297 		if (rc != ICFG_SUCCESS) {
3298 			Perror0_exit((char *)icfg_errmsg(rc));
3299 		}
3300 	}
3301 
3302 	(void) printf(" tunnel src %s ", srcbuf);
3303 
3304 	rc = icfg_get_tunnel_dest(handle, (struct sockaddr *)&taddr, &socklen);
3305 	if (rc == ICFG_NOT_SET) {
3306 		(void) printf("\n");
3307 	} else {
3308 		rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr,
3309 		    dstbuf, sizeof (dstbuf));
3310 		if (rc != ICFG_SUCCESS) {
3311 			Perror0_exit((char *)icfg_errmsg(rc));
3312 		}
3313 		(void) printf("tunnel dst %s\n", dstbuf);
3314 	}
3315 
3316 	if (handle->ifh_tunnel_params != NULL &&
3317 	    (handle->ifh_tunnel_params->ifta_flags & IFTUN_SECURITY))
3318 		print_tsec(handle->ifh_tunnel_params);
3319 
3320 	/*
3321 	 * tabbed indicates tabbed and printed.  Use it tell us whether
3322 	 * to tab and that we've printed something here, so we need a
3323 	 * newline
3324 	 */
3325 	tabbed = _B_FALSE;
3326 
3327 	if (icfg_get_tunnel_hoplimit(handle, &hoplimit) == ICFG_SUCCESS) {
3328 		(void) printf("\ttunnel hop limit %d ", hoplimit);
3329 		tabbed = _B_TRUE;
3330 	}
3331 
3332 	if ((protocol == AF_INET6) &&
3333 	    (icfg_get_tunnel_encaplimit(handle, &encaplimit) ==
3334 		ICFG_SUCCESS)) {
3335 		if (!tabbed) {
3336 			(void) printf("\t");
3337 			tabbed = _B_TRUE;
3338 		}
3339 		if (encaplimit >= 0) {
3340 			(void) printf("tunnel encapsulation limit %d",
3341 			    encaplimit);
3342 		} else {
3343 			(void) printf("tunnel encapsulation limit disabled");
3344 		}
3345 	}
3346 
3347 	if (tabbed)
3348 		(void) printf("\n");
3349 
3350 	icfg_close(handle);
3351 }
3352 
3353 static void
3354 in_status(int force, uint64_t flags)
3355 {
3356 	struct sockaddr_in *sin, *laddr;
3357 	struct	sockaddr_in netmask = { AF_INET };
3358 
3359 	if (debug)
3360 		(void) printf("in_status(%s) flags 0x%llx\n", name, flags);
3361 
3362 	/* only print status for IPv4 interfaces */
3363 	if (!(flags & IFF_IPV4))
3364 		return;
3365 
3366 	/* if the interface is a tunnel, print the tunnel status */
3367 	tun_status();
3368 
3369 	if (!(flags & IFF_NOLOCAL)) {
3370 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3371 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3372 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3373 			    errno == ENXIO) {
3374 				if (!force)
3375 					return;
3376 				(void) memset(&lifr.lifr_addr, 0,
3377 				    sizeof (lifr.lifr_addr));
3378 			} else
3379 				Perror0_exit("in_status: SIOCGLIFADDR");
3380 		}
3381 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3382 		(void) printf("\tinet %s ", inet_ntoa(sin->sin_addr));
3383 		laddr = sin;
3384 	} else {
3385 		(void) printf("\tinet ");
3386 	}
3387 
3388 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3389 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3390 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3391 		    errno == ENXIO) {
3392 			if (!force)
3393 				return;
3394 			(void) memset(&lifr.lifr_addr, 0,
3395 			    sizeof (lifr.lifr_addr));
3396 		} else {
3397 			Perror0_exit("in_status: SIOCGLIFSUBNET");
3398 		}
3399 	}
3400 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3401 	if ((flags & IFF_NOLOCAL) ||
3402 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3403 		(void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr),
3404 		    lifr.lifr_addrlen);
3405 	}
3406 	if (sin->sin_family != AF_INET) {
3407 		(void) printf("Wrong family: %d\n", sin->sin_family);
3408 	}
3409 
3410 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3411 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3412 		if (errno != EADDRNOTAVAIL)
3413 			Perror0_exit("in_status: SIOCGLIFNETMASK");
3414 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3415 	} else
3416 		netmask.sin_addr =
3417 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3418 	if (flags & IFF_POINTOPOINT) {
3419 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3420 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3421 			if (errno == EADDRNOTAVAIL)
3422 				(void) memset(&lifr.lifr_addr, 0,
3423 				    sizeof (lifr.lifr_addr));
3424 			else
3425 			    Perror0_exit("in_status: SIOCGLIFDSTADDR");
3426 		}
3427 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3428 		(void) printf("--> %s ", inet_ntoa(sin->sin_addr));
3429 	}
3430 	(void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr));
3431 	if (flags & IFF_BROADCAST) {
3432 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3433 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3434 			if (errno == EADDRNOTAVAIL)
3435 				(void) memset(&lifr.lifr_addr, 0,
3436 				    sizeof (lifr.lifr_addr));
3437 			else
3438 			    Perror0_exit("in_status: SIOCGLIFBRDADDR");
3439 		}
3440 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3441 		if (sin->sin_addr.s_addr != 0) {
3442 			(void) printf("broadcast %s",
3443 			    inet_ntoa(sin->sin_addr));
3444 		}
3445 	}
3446 	/* If there is a groupname, print it for lun 0 alone */
3447 	if (strchr(name, ':') == NULL) {
3448 		(void) memset(lifr.lifr_groupname, 0,
3449 		    sizeof (lifr.lifr_groupname));
3450 		if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) {
3451 			if (strlen(lifr.lifr_groupname) > 0) {
3452 				(void) printf("\n\tgroupname %s",
3453 				    lifr.lifr_groupname);
3454 			}
3455 		}
3456 	}
3457 	(void) putchar('\n');
3458 }
3459 
3460 static void
3461 in6_status(int force, uint64_t flags)
3462 {
3463 	char abuf[INET6_ADDRSTRLEN];
3464 	struct sockaddr_in6 *sin6, *laddr6;
3465 
3466 	if (debug)
3467 		(void) printf("in6_status(%s) flags 0x%llx\n", name, flags);
3468 
3469 	if (!(flags & IFF_IPV6))
3470 		return;
3471 
3472 	/* if the interface is a tunnel, print the tunnel status */
3473 	tun_status();
3474 
3475 	if (!(flags & IFF_NOLOCAL)) {
3476 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3477 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3478 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3479 			    errno == ENXIO) {
3480 				if (!force)
3481 					return;
3482 				(void) memset(&lifr.lifr_addr, 0,
3483 				    sizeof (lifr.lifr_addr));
3484 			} else
3485 				Perror0_exit("in_status6: SIOCGLIFADDR");
3486 		}
3487 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3488 		(void) printf("\tinet6 %s/%d ",
3489 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3490 		    abuf, sizeof (abuf)),
3491 		    lifr.lifr_addrlen);
3492 		laddr6 = sin6;
3493 	} else {
3494 		(void) printf("\tinet6 ");
3495 	}
3496 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3497 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3498 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3499 		    errno == ENXIO) {
3500 			if (!force)
3501 				return;
3502 			(void) memset(&lifr.lifr_addr, 0,
3503 			    sizeof (lifr.lifr_addr));
3504 		} else
3505 			Perror0_exit("in_status6: SIOCGLIFSUBNET");
3506 	}
3507 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3508 	if ((flags & IFF_NOLOCAL) ||
3509 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3510 		(void) printf("subnet %s/%d ",
3511 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3512 		    abuf, sizeof (abuf)),
3513 		    lifr.lifr_addrlen);
3514 	}
3515 	if (sin6->sin6_family != AF_INET6) {
3516 		(void) printf("Wrong family: %d\n", sin6->sin6_family);
3517 	}
3518 	if (flags & IFF_POINTOPOINT) {
3519 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3520 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3521 			if (errno == EADDRNOTAVAIL)
3522 				(void) memset(&lifr.lifr_addr, 0,
3523 				    sizeof (lifr.lifr_addr));
3524 			else
3525 			    Perror0_exit("in_status6: SIOCGLIFDSTADDR");
3526 		}
3527 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3528 		(void) printf("--> %s ",
3529 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3530 		    abuf, sizeof (abuf)));
3531 	}
3532 	if (verbose) {
3533 		(void) putchar('\n');
3534 		(void) putchar('\t');
3535 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3536 		if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3537 			if (errno == EADDRNOTAVAIL || errno == EINVAL)
3538 				(void) memset(&lifr.lifr_addr, 0,
3539 				    sizeof (lifr.lifr_addr));
3540 			else
3541 			    Perror0_exit("in_status6: SIOCGLIFTOKEN");
3542 		} else {
3543 			sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3544 			(void) printf("token %s/%d ",
3545 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3546 			    abuf, sizeof (abuf)),
3547 			    lifr.lifr_addrlen);
3548 		}
3549 		if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) {
3550 			if (errno != EINVAL) {
3551 				Perror0_exit("in_status6: SIOCGLIFLNKINFO");
3552 			}
3553 		} else {
3554 			(void) printf("maxhops %u, reachtime %u ms, "
3555 			    "reachretrans %u ms, maxmtu %u ",
3556 			    lifr.lifr_ifinfo.lir_maxhops,
3557 			    lifr.lifr_ifinfo.lir_reachtime,
3558 			    lifr.lifr_ifinfo.lir_reachretrans,
3559 			    lifr.lifr_ifinfo.lir_maxmtu);
3560 		}
3561 	}
3562 	/* If there is a groupname, print it for lun 0 alone */
3563 	if (strchr(name, ':') == NULL) {
3564 		(void) memset(lifr.lifr_groupname, 0,
3565 		    sizeof (lifr.lifr_groupname));
3566 		if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) {
3567 			if (strlen(lifr.lifr_groupname) > 0) {
3568 				(void) printf("\n\tgroupname %s",
3569 				    lifr.lifr_groupname);
3570 			}
3571 		}
3572 	}
3573 	(void) putchar('\n');
3574 }
3575 
3576 static void
3577 in_configinfo(int force, uint64_t flags)
3578 {
3579 	struct sockaddr_in *sin, *laddr;
3580 	struct	sockaddr_in netmask = { AF_INET };
3581 
3582 	if (debug)
3583 		(void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags);
3584 
3585 	/* only configinfo info for IPv4 interfaces */
3586 	if (!(flags & IFF_IPV4))
3587 		return;
3588 
3589 	if (!(flags & IFF_NOLOCAL)) {
3590 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3591 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3592 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3593 			    errno == ENXIO) {
3594 				if (!force)
3595 					return;
3596 				(void) memset(&lifr.lifr_addr, 0,
3597 				    sizeof (lifr.lifr_addr));
3598 			} else
3599 				Perror0_exit("in_configinfo: SIOCGLIFADDR");
3600 		}
3601 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3602 		if (get_lun(name) != 0) {
3603 			(void) printf(" addif %s ", inet_ntoa(sin->sin_addr));
3604 		} else {
3605 			(void) printf(" set %s ", inet_ntoa(sin->sin_addr));
3606 		}
3607 		laddr = sin;
3608 	}
3609 
3610 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3611 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3612 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3613 		    errno == ENXIO) {
3614 			if (!force)
3615 				return;
3616 			(void) memset(&lifr.lifr_addr, 0,
3617 			    sizeof (lifr.lifr_addr));
3618 		} else {
3619 			Perror0_exit("in_configinfo: SIOCGLIFSUBNET");
3620 		}
3621 	}
3622 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3623 
3624 	if ((flags & IFF_NOLOCAL) ||
3625 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3626 		(void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr),
3627 		    lifr.lifr_addrlen);
3628 	}
3629 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3630 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3631 		if (errno != EADDRNOTAVAIL)
3632 			Perror0_exit("in_configinfo: SIOCGLIFNETMASK");
3633 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3634 	} else
3635 		netmask.sin_addr =
3636 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3637 	if (flags & IFF_POINTOPOINT) {
3638 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3639 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3640 			if (errno == EADDRNOTAVAIL)
3641 				(void) memset(&lifr.lifr_addr, 0,
3642 				    sizeof (lifr.lifr_addr));
3643 			else
3644 			    Perror0_exit("in_configinfo: SIOCGLIFDSTADDR");
3645 		}
3646 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3647 		(void) printf(" destination %s ", inet_ntoa(sin->sin_addr));
3648 	}
3649 	(void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr));
3650 	if (flags & IFF_BROADCAST) {
3651 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3652 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3653 			if (errno == EADDRNOTAVAIL)
3654 				(void) memset(&lifr.lifr_addr, 0,
3655 				    sizeof (lifr.lifr_addr));
3656 			else
3657 			    Perror0_exit("in_configinfo: SIOCGLIFBRDADDR");
3658 		}
3659 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3660 		if (sin->sin_addr.s_addr != 0) {
3661 			(void) printf(" broadcast %s ",
3662 			    inet_ntoa(sin->sin_addr));
3663 		}
3664 	}
3665 
3666 	/* If there is a groupname, print it for lun 0 alone */
3667 	if (get_lun(name) == 0) {
3668 		(void) memset(lifr.lifr_groupname, 0,
3669 		    sizeof (lifr.lifr_groupname));
3670 		if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) {
3671 			if (strlen(lifr.lifr_groupname) > 0) {
3672 				(void) printf(" group %s ",
3673 				    lifr.lifr_groupname);
3674 			}
3675 		}
3676 	}
3677 
3678 	/* Print flags to configure */
3679 	print_config_flags(flags);
3680 
3681 	/* IFF_NOARP applies to AF_INET only */
3682 	if (flags & IFF_NOARP) {
3683 		(void) printf("-arp ");
3684 	}
3685 }
3686 
3687 static void
3688 in6_configinfo(int force, uint64_t flags)
3689 {
3690 	char abuf[INET6_ADDRSTRLEN];
3691 	struct sockaddr_in6 *sin6, *laddr6;
3692 
3693 	if (debug)
3694 		(void) printf("in6_configinfo(%s) flags 0x%llx\n", name,
3695 		    flags);
3696 
3697 	if (!(flags & IFF_IPV6))
3698 		return;
3699 
3700 	if (!(flags & IFF_NOLOCAL)) {
3701 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3702 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3703 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3704 			    errno == ENXIO) {
3705 				if (!force)
3706 					return;
3707 				(void) memset(&lifr.lifr_addr, 0,
3708 				    sizeof (lifr.lifr_addr));
3709 			} else
3710 				Perror0_exit("in6_configinfo: SIOCGLIFADDR");
3711 		}
3712 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3713 		if (get_lun(name) != 0) {
3714 			(void) printf(" addif %s/%d ",
3715 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3716 			    abuf, sizeof (abuf)),
3717 			    lifr.lifr_addrlen);
3718 		} else {
3719 			(void) printf(" set %s/%d ",
3720 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3721 			    abuf, sizeof (abuf)),
3722 			    lifr.lifr_addrlen);
3723 		}
3724 		laddr6 = sin6;
3725 	}
3726 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3727 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3728 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3729 		    errno == ENXIO) {
3730 			if (!force)
3731 				return;
3732 			(void) memset(&lifr.lifr_addr, 0,
3733 			    sizeof (lifr.lifr_addr));
3734 		} else
3735 			Perror0_exit("in6_configinfo: SIOCGLIFSUBNET");
3736 	}
3737 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3738 	if ((flags & IFF_NOLOCAL) ||
3739 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3740 		(void) printf(" subnet %s/%d ",
3741 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3742 		    abuf, sizeof (abuf)),
3743 		    lifr.lifr_addrlen);
3744 	}
3745 
3746 	if (flags & IFF_POINTOPOINT) {
3747 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3748 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3749 			if (errno == EADDRNOTAVAIL)
3750 				(void) memset(&lifr.lifr_addr, 0,
3751 				    sizeof (lifr.lifr_addr));
3752 			else
3753 			    Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR");
3754 		}
3755 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3756 		(void) printf(" destination %s ",
3757 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3758 		    abuf, sizeof (abuf)));
3759 	}
3760 
3761 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3762 	if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3763 		if (errno == EADDRNOTAVAIL || errno == EINVAL)
3764 			(void) memset(&lifr.lifr_addr, 0,
3765 			    sizeof (lifr.lifr_addr));
3766 		else
3767 		    Perror0_exit("in6_configinfo: SIOCGLIFTOKEN");
3768 	} else {
3769 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3770 		(void) printf(" token %s/%d ",
3771 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3772 		    abuf, sizeof (abuf)),
3773 		    lifr.lifr_addrlen);
3774 	}
3775 
3776 	/* If there is a groupname, print it for lun 0 alone */
3777 	if (get_lun(name) == 0) {
3778 		(void) memset(lifr.lifr_groupname, 0,
3779 		    sizeof (lifr.lifr_groupname));
3780 		if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) {
3781 			if (strlen(lifr.lifr_groupname) > 0) {
3782 				(void) printf(" group %s ",
3783 				    lifr.lifr_groupname);
3784 			}
3785 		}
3786 	}
3787 
3788 	/* Print flags to configure */
3789 	print_config_flags(flags);
3790 
3791 	/* IFF_NONUD applies to AF_INET6 only */
3792 	if (flags & IFF_NONUD) {
3793 		(void) printf("-nud ");
3794 	}
3795 }
3796 
3797 /* ARGSUSED */
3798 static int
3799 get_lun(char *rsrc)
3800 {
3801 	char resource[LIFNAMSIZ];
3802 	char *cp;
3803 
3804 	(void) strcpy(resource, rsrc);
3805 
3806 	/* remove LIF component */
3807 	cp = strchr(resource, ':');
3808 	if (cp) {
3809 		cp++;
3810 		return (atoi(cp));
3811 	}
3812 
3813 	return (0);
3814 }
3815 
3816 /*
3817  * We need to plink both the arp-device stream and the arp-ip-device stream.
3818  * However the muxid is stored only in IP. Plumbing 2 streams individually
3819  * is not atomic, and if ifconfig is killed, the resulting plumbing can
3820  * be inconsistent. For eg. if only the arp stream is plumbed, we have lost
3821  * the muxid, and the half-baked plumbing can neither be unplumbed nor
3822  * replumbed, thus requiring a reboot. To avoid the above the following
3823  * scheme is used.
3824  *
3825  * Ifconfig asks IP to enforce atomicity of plumbing the arp and IP streams.
3826  * This is done by pushing arp on to the mux (/dev/udp). ARP adds some
3827  * extra information in the I_PLINK and I_PUNLINK ioctls to let IP know
3828  * that the plumbing/unplumbing has to be done atomically. Ifconfig plumbs
3829  * the IP stream first, and unplumbs it last. The kernel (IP) does not
3830  * allow IP stream to be unplumbed without unplumbing arp stream. Similarly
3831  * it does not allow arp stream to be plumbed before IP stream is plumbed.
3832  * There is no need to use SIOCSLIFMUXID, since the whole operation is atomic,
3833  * and IP uses the info in the I_PLINK message to get the muxid.
3834  *
3835  * a. STREAMS does not allow us to use /dev/ip itself as the mux. So we use
3836  *    /dev/udp[6].
3837  * b. SIOCGLIFMUXID returns the muxid corresponding to the V4 or V6 stream
3838  *    depending on the open i.e. V4 vs V6 open. So we need to use /dev/udp
3839  *    or /dev/udp6.
3840  * c. We need to push ARP in order to get the required kernel support for
3841  *    atomic plumbings. The actual work done by ARP is explained in arp.c
3842  *    Without pushing ARP, we will still be able to plumb/unplumb. But
3843  *    it is not atomic, and is supported by the kernel for backward
3844  *    compatibility for other utilities like atmifconfig etc. In this case
3845  *    the utility must use SIOCSLIFMUXID.
3846  */
3847 static void
3848 plumb_one_device(dlpi_if_attr_t *diap, int ip_fd, int af)
3849 {
3850 	int	arp_fd = -1;
3851 	int	arp_muxid = -1, ip_muxid;
3852 	int	mux_fd;
3853 	char	*udp_dev_name;
3854 	dlpi_if_attr_t	dia;
3855 
3856 	if (debug)
3857 		(void) printf("plumb_one_device: ifname %s, ppa %d\n",
3858 		    diap->ifname, diap->ppa);
3859 
3860 	if (diap->style == DL_STYLE2 && dlpi_detach(ip_fd, -1) < 0)
3861 		Perror0_exit("dlpi_detach");
3862 
3863 	if (ioctl(ip_fd, I_PUSH, IP_MOD_NAME) == -1)
3864 		Perror2_exit("I_PUSH", IP_MOD_NAME);
3865 
3866 	/*
3867 	 * Push the ARP module onto the interface stream. IP uses
3868 	 * this to send resolution requests up to ARP. We need to
3869 	 * do this before the SLIFNAME ioctl is sent down because
3870 	 * the interface becomes publicly known as soon as the SLIFNAME
3871 	 * ioctl completes. Thus some other process trying to bring up
3872 	 * the interface after SLIFNAME but before we have pushed ARP
3873 	 * could hang. We pop the module again later if it is not needed.
3874 	 */
3875 	if (ioctl(ip_fd, I_PUSH, ARP_MOD_NAME) == -1)
3876 		Perror2_exit("I_PUSH", ARP_MOD_NAME);
3877 
3878 	/*
3879 	 * Set IFF_IPV4/IFF_IPV6 flags.
3880 	 * At this point in time the kernel also allows an
3881 	 * override of the CANTCHANGE flags.
3882 	 */
3883 
3884 	lifr.lifr_name[0] = '\0';
3885 	if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1)
3886 		Perror0_exit("plumb_one_device: SIOCGLIFFLAGS");
3887 
3888 	/* Set the name string and the IFF_IPV* flag */
3889 	if (af == AF_INET6) {
3890 		lifr.lifr_flags |= IFF_IPV6;
3891 		lifr.lifr_flags &= ~(IFF_BROADCAST | IFF_IPV4);
3892 	} else {
3893 		lifr.lifr_flags |= IFF_IPV4;
3894 		lifr.lifr_flags &= ~IFF_IPV6;
3895 	}
3896 
3897 	/* record the device and module names as interface name */
3898 	lifr.lifr_ppa = diap->ppa;
3899 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3900 
3901 	/* set the interface name */
3902 	if (ioctl(ip_fd, SIOCSLIFNAME, (char *)&lifr) == -1) {
3903 		if (errno != EEXIST)
3904 			Perror0_exit("SIOCSLIFNAME for ip");
3905 		/*
3906 		 * This difference between the way we behave for EEXIST
3907 		 * and that with other errors exists to preserve legacy
3908 		 * behaviour. Earlier when foreachinterface() and matcif()
3909 		 * were doing the duplicate interface name checks, for
3910 		 * already existing interfaces, inetplumb() returned "0".
3911 		 * To preserve this behaviour, Perror0() and return are
3912 		 * called for EEXIST.
3913 		 */
3914 		Perror0("SIOCSLIFNAME for ip");
3915 		return;
3916 	}
3917 
3918 	/* Get the full set of existing flags for this stream */
3919 	if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1)
3920 		Perror0_exit("plumb_one_device: SIOCFLIFFLAGS");
3921 
3922 	if (debug) {
3923 		(void) printf("plumb_one_device: %s got flags: \n",
3924 		    lifr.lifr_name);
3925 		print_flags(lifr.lifr_flags);
3926 		(void) putchar('\n');
3927 	}
3928 
3929 	/* Check if arp is not actually needed */
3930 	if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) {
3931 		if (ioctl(ip_fd, I_POP, 0) == -1)
3932 			Perror2_exit("I_POP", ARP_MOD_NAME);
3933 	}
3934 
3935 	/*
3936 	 * Open "/dev/udp" for use as a multiplexor to PLINK the
3937 	 * interface stream under. We use "/dev/udp" instead of "/dev/ip"
3938 	 * since STREAMS will not let you PLINK a driver under itself,
3939 	 * and "/dev/ip" is typically the driver at the bottom of
3940 	 * the stream for tunneling interfaces.
3941 	 */
3942 	if (af == AF_INET6)
3943 		udp_dev_name = UDP6_DEV_NAME;
3944 	else
3945 		udp_dev_name = UDP_DEV_NAME;
3946 	if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1)
3947 		exit(EXIT_FAILURE);
3948 
3949 	/* Check if arp is not needed */
3950 	if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) {
3951 		/*
3952 		 * PLINK the interface stream so that ifconfig can exit
3953 		 * without tearing down the stream.
3954 		 */
3955 		if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) {
3956 			Perror0_exit("I_PLINK for ip");
3957 		}
3958 		(void) close(mux_fd);
3959 		return;
3960 	}
3961 
3962 	/*
3963 	 * This interface does use ARP, so set up a separate stream
3964 	 * from the interface to ARP.
3965 	 *
3966 	 * Note: modules specified by the user are pushed
3967 	 * only on the interface stream, not on the ARP stream.
3968 	 */
3969 
3970 	if (debug)
3971 		(void) printf("plumb_one_device: ifname: %s\n",
3972 		    diap->ifname);
3973 	arp_fd = dlpi_if_open(diap->ifname, &dia, _B_FALSE);
3974 
3975 	if (dia.style == DL_STYLE2 && dlpi_detach(arp_fd, -1) < 0)
3976 		Perror0_exit("dlpi_detach");
3977 
3978 	if (ioctl(arp_fd, I_PUSH, ARP_MOD_NAME) == -1)
3979 		Perror2_exit("I_PUSH", ARP_MOD_NAME);
3980 
3981 	/*
3982 	 * Tell ARP the name and unit number for this interface.
3983 	 * Note that arp has no support for transparent ioctls.
3984 	 */
3985 	if (strioctl(arp_fd, SIOCSLIFNAME, (char *)&lifr,
3986 	    sizeof (lifr)) == -1) {
3987 		if (errno != EEXIST)
3988 			Perror0_exit("SIOCSLIFNAME for arp");
3989 		Perror0("SIOCSLIFNAME for arp");
3990 		(void) close(arp_fd);
3991 		(void) close(mux_fd);
3992 		return;
3993 	}
3994 	/*
3995 	 * PLINK the IP and ARP streams so that ifconfig can exit
3996 	 * without tearing down the stream.
3997 	 */
3998 	if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) {
3999 		Perror0_exit("I_PLINK for ip");
4000 	}
4001 	if ((arp_muxid = ioctl(mux_fd, I_PLINK, arp_fd)) == -1) {
4002 		(void) ioctl(mux_fd, I_PUNLINK, ip_muxid);
4003 		Perror0_exit("I_PLINK for arp");
4004 	}
4005 
4006 	if (debug)
4007 		(void) printf("arp muxid = %d\n", arp_muxid);
4008 	(void) close(arp_fd);
4009 	(void) close(mux_fd);
4010 }
4011 
4012 
4013 /*
4014  * If this is a physical interface then remove it.
4015  * If it is a logical interface name use SIOCLIFREMOVEIF to
4016  * remove it. In both cases fail if it doesn't exist.
4017  */
4018 /* ARGSUSED */
4019 static int
4020 inetunplumb(char *arg, int64_t param)
4021 {
4022 	int ip_muxid, arp_muxid;
4023 	int mux_fd;
4024 	char *udp_dev_name;
4025 	char *strptr;
4026 	uint64_t flags;
4027 	boolean_t changed_arp_muxid = _B_FALSE;
4028 	int save_errno;
4029 
4030 	strptr = strchr(name, ':');
4031 	if (strptr != NULL || strcmp(name, LOOPBACK_IF) == 0) {
4032 		/* Can't unplumb logical interface zero */
4033 		if (strptr != NULL && strcmp(strptr, ":0") == 0) {
4034 			(void) fprintf(stderr, "ifconfig: unplumb:"
4035 			    " Cannot unplumb %s: Invalid interface\n", name);
4036 			exit(1);
4037 		}
4038 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4039 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
4040 
4041 		if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0)
4042 			Perror0_exit("unplumb: SIOCLIFREMOVEIF");
4043 		return (0);
4044 	}
4045 
4046 	/*
4047 	 * We used /dev/udp or udp6 to set up the mux. So we have to use
4048 	 * the same now for PUNLINK also.
4049 	 */
4050 	if (afp->af_af == AF_INET6)
4051 		udp_dev_name = UDP6_DEV_NAME;
4052 	else
4053 		udp_dev_name = UDP_DEV_NAME;
4054 
4055 	if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1)
4056 		exit(EXIT_FAILURE);
4057 
4058 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4059 	if (ioctl(mux_fd, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
4060 		Perror0_exit("unplumb: SIOCGLIFFLAGS");
4061 	}
4062 	flags = lifr.lifr_flags;
4063 	if (ioctl(mux_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
4064 		Perror0_exit("unplumb: SIOCGLIFMUXID");
4065 	}
4066 	arp_muxid = lifr.lifr_arp_muxid;
4067 	ip_muxid = lifr.lifr_ip_muxid;
4068 	/*
4069 	 * We don't have a good way of knowing whether the arp stream is
4070 	 * plumbed. We can't rely on IFF_NOARP because someone could
4071 	 * have turned it off later using "ifconfig xxx -arp".
4072 	 */
4073 	if (arp_muxid != 0) {
4074 		if (debug)
4075 			(void) printf("arp_muxid %d\n", arp_muxid);
4076 		if (ioctl(mux_fd, I_PUNLINK, arp_muxid) < 0) {
4077 			if ((errno == EINVAL) &&
4078 			    (flags & (IFF_NOARP | IFF_IPV6))) {
4079 				/*
4080 				 * Some plumbing utilities set the muxid to
4081 				 * -1 or some invalid value to signify that
4082 				 * there is no arp stream. Set the muxid to 0
4083 				 * before trying to unplumb the IP stream.
4084 				 * IP does not allow the IP stream to be
4085 				 * unplumbed if it sees a non-null arp muxid,
4086 				 * for consistency of IP-ARP streams.
4087 				 */
4088 				lifr.lifr_arp_muxid = 0;
4089 				(void) ioctl(mux_fd, SIOCSLIFMUXID,
4090 				    (caddr_t)&lifr);
4091 				changed_arp_muxid = _B_TRUE;
4092 			} else {
4093 				Perror0("I_PUNLINK for arp");
4094 			}
4095 		}
4096 	}
4097 	if (debug)
4098 		(void) printf("ip_muxid %d\n", ip_muxid);
4099 
4100 	if (ioctl(mux_fd, I_PUNLINK, ip_muxid) < 0) {
4101 		if (changed_arp_muxid) {
4102 			/*
4103 			 * Some error occurred, and we need to restore
4104 			 * everything back to what it was.
4105 			 */
4106 			save_errno = errno;
4107 			lifr.lifr_arp_muxid = arp_muxid;
4108 			lifr.lifr_ip_muxid = ip_muxid;
4109 			(void) ioctl(mux_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
4110 			errno = save_errno;
4111 		}
4112 		Perror0_exit("I_PUNLINK for ip");
4113 	}
4114 	(void) close(mux_fd);
4115 	return (0);
4116 }
4117 
4118 /*
4119  * If this is a physical interface then create it unless it is already
4120  * present. If it is a logical interface name use SIOCLIFADDIF to
4121  * create and (and fail it if already exists.)
4122  * As a special case send SIOCLIFADDIF for the loopback interface. This
4123  * is needed since there is no other notion of plumbing the loopback
4124  * interface.
4125  */
4126 /* ARGSUSED */
4127 static int
4128 inetplumb(char *arg, int64_t param)
4129 {
4130 	char		*strptr;
4131 	int		dev_fd;
4132 	dlpi_if_attr_t	dia;
4133 	boolean_t	islo;
4134 
4135 	strptr = strchr(name, ':');
4136 	islo = (strcmp(name, LOOPBACK_IF) == 0);
4137 
4138 	if (strptr != NULL || islo) {
4139 		(void) memset(&lifr, 0, sizeof (lifr));
4140 		(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4141 		if (islo && ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) {
4142 			if (debug) {
4143 				(void) fprintf(stderr,
4144 				    "ifconfig: %s already exists\n", name);
4145 			}
4146 			return (0);
4147 		}
4148 		if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) {
4149 			if (errno == EEXIST) {
4150 				if (debug) {
4151 					(void) fprintf(stderr,
4152 					    "ifconfig: %s already exists\n",
4153 					    name);
4154 				}
4155 			} else {
4156 				Perror2_exit("plumb: SIOCLIFADDIF", name);
4157 			}
4158 		}
4159 		/*
4160 		 * IP can create the new logical interface on a different
4161 		 * physical interface in the same IPMP group. Take the new
4162 		 * interface into account for further operations.
4163 		 */
4164 		(void) strncpy(name, lifr.lifr_name, sizeof (name));
4165 		return (0);
4166 	}
4167 
4168 	if (debug)
4169 		(void) printf("inetplumb: %s af %d\n", name, afp->af_af);
4170 
4171 	if ((dev_fd = dlpi_if_open(name, &dia, _B_FALSE)) < 0) {
4172 		Perror2_exit("plumb", name);
4173 		/* NOTREACHED */
4174 	}
4175 
4176 	plumb_one_device(&dia, dev_fd, afp->af_af);
4177 	(void) close(dev_fd);
4178 	return (0);
4179 }
4180 
4181 void
4182 Perror0(char *cmd)
4183 {
4184 	int save_errno;
4185 
4186 	save_errno = errno;
4187 	(void) fprintf(stderr, "ifconfig: ");
4188 	errno = save_errno;
4189 	switch (errno) {
4190 
4191 	case ENXIO:
4192 		(void) fprintf(stderr, "%s: %s: no such interface\n",
4193 			cmd, lifr.lifr_name);
4194 		break;
4195 
4196 	case EPERM:
4197 		(void) fprintf(stderr, "%s: %s: permission denied\n",
4198 			cmd, lifr.lifr_name);
4199 		break;
4200 
4201 	case EEXIST:
4202 		(void) fprintf(stderr, "%s: %s: already exists\n",
4203 			cmd, lifr.lifr_name);
4204 		break;
4205 
4206 	default: {
4207 		char buf[BUFSIZ];
4208 
4209 		(void) snprintf(buf, sizeof (buf), "%s: %s",
4210 		    cmd, lifr.lifr_name);
4211 		perror(buf);
4212 	}
4213 	}
4214 }
4215 
4216 void
4217 Perror0_exit(char *cmd)
4218 {
4219 	Perror0(cmd);
4220 	exit(1);
4221 	/* NOTREACHED */
4222 }
4223 
4224 void
4225 Perror2(char *cmd, char *str)
4226 {
4227 	int save_errno;
4228 
4229 	save_errno = errno;
4230 	(void) fprintf(stderr, "ifconfig: ");
4231 	errno = save_errno;
4232 	switch (errno) {
4233 
4234 	case ENXIO:
4235 		(void) fprintf(stderr, "%s: %s: no such interface\n",
4236 			cmd, str);
4237 		break;
4238 
4239 	case EPERM:
4240 		(void) fprintf(stderr, "%s: %s: permission denied\n",
4241 			cmd, str);
4242 		break;
4243 
4244 	default: {
4245 		char buf[BUFSIZ];
4246 
4247 		(void) snprintf(buf, sizeof (buf), "%s: %s", cmd, str);
4248 		perror(buf);
4249 	}
4250 	}
4251 }
4252 
4253 /*
4254  * Print out error message (Perror2()) and exit
4255  */
4256 void
4257 Perror2_exit(char *cmd, char *str)
4258 {
4259 	Perror2(cmd, str);
4260 	exit(1);
4261 	/* NOTREACHED */
4262 }
4263 
4264 /*
4265  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4266  * pass out <n> in *plenp.
4267  * If <n> doesn't parse return BAD_ADDR as *plenp.
4268  * If no /<n> is present return NO_PREFIX as *plenp.
4269  */
4270 static void
4271 in_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4272 {
4273 	struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
4274 	struct hostent *hp;
4275 	struct netent *np;
4276 	char str[BUFSIZ];
4277 	int error_num;
4278 
4279 	(void) strncpy(str, s, sizeof (str));
4280 
4281 	/*
4282 	 * Look for '/'<n> is plenp
4283 	 */
4284 	if (plenp != NULL) {
4285 		char *cp;
4286 
4287 		*plenp = in_getprefixlen(str, _B_TRUE, ADDRBITS_V4);
4288 		if (*plenp == BAD_ADDR)
4289 			return;
4290 		cp = strchr(str, '/');
4291 		if (cp != NULL)
4292 			*cp = '\0';
4293 	} else if (strchr(str, '/') != NULL) {
4294 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4295 		exit(1);
4296 	}
4297 
4298 	(void) memset(sin, 0, sizeof (*sin));
4299 
4300 	/*
4301 	 *	Try to catch attempts to set the broadcast address to all 1's.
4302 	 */
4303 	if (strcmp(str, "255.255.255.255") == 0 ||
4304 	    (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) {
4305 		sin->sin_family = AF_INET;
4306 		sin->sin_addr.s_addr = 0xffffffff;
4307 		return;
4308 	}
4309 
4310 	hp = getipnodebyname(str, AF_INET, 0, &error_num);
4311 	if (hp) {
4312 		sin->sin_family = hp->h_addrtype;
4313 		(void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
4314 		freehostent(hp);
4315 		return;
4316 	}
4317 	np = getnetbyname(str);
4318 	if (np) {
4319 		sin->sin_family = np->n_addrtype;
4320 		sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY);
4321 		return;
4322 	}
4323 	if (error_num == TRY_AGAIN) {
4324 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4325 		    "(try again later)\n", s);
4326 	} else {
4327 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4328 	}
4329 	exit(1);
4330 }
4331 
4332 /*
4333  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4334  * pass out <n> in *plenp.
4335  * If <n> doesn't parse return BAD_ADDR as *plenp.
4336  * If no /<n> is present return NO_PREFIX as *plenp.
4337  */
4338 static void
4339 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4340 {
4341 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
4342 	struct hostent *hp;
4343 	char str[BUFSIZ];
4344 	int error_num;
4345 
4346 	(void) strncpy(str, s, sizeof (str));
4347 
4348 	/*
4349 	 * Look for '/'<n> is plenp
4350 	 */
4351 	if (plenp != NULL) {
4352 		char *cp;
4353 
4354 		*plenp = in_getprefixlen(str, _B_TRUE, ADDRBITS_V6);
4355 		if (*plenp == BAD_ADDR)
4356 			return;
4357 		cp = strchr(str, '/');
4358 		if (cp != NULL)
4359 			*cp = '\0';
4360 	} else if (strchr(str, '/') != NULL) {
4361 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4362 		exit(1);
4363 	}
4364 
4365 	(void) memset(sin6, 0, sizeof (*sin6));
4366 
4367 	hp = getipnodebyname(str, AF_INET6, 0, &error_num);
4368 	if (hp) {
4369 		sin6->sin6_family = hp->h_addrtype;
4370 		(void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length);
4371 		freehostent(hp);
4372 		return;
4373 	}
4374 	if (error_num == TRY_AGAIN) {
4375 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4376 		    "(try again later)\n", s);
4377 	} else {
4378 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4379 	}
4380 	exit(1);
4381 }
4382 
4383 /*
4384  * If "slash" is zero this parses the whole string as
4385  * an integer. With "slash" non zero it parses the tail part as an integer.
4386  *
4387  * If it is not a valid integer this returns BAD_ADDR.
4388  * If there is /<n> present this returns NO_PREFIX.
4389  */
4390 static int
4391 in_getprefixlen(char *addr, boolean_t slash, int max_plen)
4392 {
4393 	int prefixlen;
4394 	char *str, *end;
4395 
4396 	if (slash) {
4397 		str = strchr(addr, '/');
4398 		if (str == NULL)
4399 			return (NO_PREFIX);
4400 		str++;
4401 	} else
4402 		str = addr;
4403 
4404 	prefixlen = strtol(str, &end, 10);
4405 	if (prefixlen < 0)
4406 		return (BAD_ADDR);
4407 	if (str == end)
4408 		return (BAD_ADDR);
4409 	if (max_plen != 0 && max_plen < prefixlen)
4410 		return (BAD_ADDR);
4411 	return (prefixlen);
4412 }
4413 
4414 /*
4415  * Convert a prefix length to a mask.
4416  * Returns 1 if ok. 0 otherwise.
4417  * Assumes the mask array is zero'ed by the caller.
4418  */
4419 static boolean_t
4420 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask)
4421 {
4422 	if (prefixlen < 0 || prefixlen > maxlen)
4423 		return (0);
4424 
4425 	while (prefixlen > 0) {
4426 		if (prefixlen >= 8) {
4427 			*mask++ = 0xFF;
4428 			prefixlen -= 8;
4429 			continue;
4430 		}
4431 		*mask |= 1 << (8 - prefixlen);
4432 		prefixlen--;
4433 	}
4434 	return (1);
4435 }
4436 
4437 static void
4438 print_flags(uint64_t flags)
4439 {
4440 	boolean_t first = _B_TRUE;
4441 	int cnt, i;
4442 
4443 	(void) printf("flags=%llx", flags);
4444 	cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t);
4445 	for (i = 0; i < cnt; i++) {
4446 		if (flags & if_flags_tbl[i].iff_value) {
4447 			if (first) {
4448 				(void) printf("<");
4449 				first = _B_FALSE;
4450 			} else {
4451 				/*
4452 				 * It has to be here and not with the
4453 				 * printf below because for the last one,
4454 				 * we don't want a comma before the ">".
4455 				 */
4456 				(void) printf(",");
4457 			}
4458 			(void) printf("%s", if_flags_tbl[i].iff_name);
4459 		}
4460 	}
4461 	if (!first)
4462 		(void) printf(">");
4463 }
4464 
4465 static void
4466 print_config_flags(uint64_t flags)
4467 {
4468 	int cnt, i;
4469 
4470 	cnt = sizeof (if_config_cmd_tbl) / sizeof (if_config_cmd_t);
4471 	for (i = 0; i < cnt; i++) {
4472 		if (flags & if_config_cmd_tbl[i].iff_flag) {
4473 			(void) printf("%s ", if_config_cmd_tbl[i].iff_name);
4474 		}
4475 	}
4476 }
4477 
4478 /*
4479  * Use the configured directory lookup mechanism (e.g. files/NIS/NIS+/...)
4480  * to find the network mask.  Returns true if we found one to set.
4481  *
4482  * The parameter addr_set controls whether we should get the address of
4483  * the working interface for the netmask query.  If addr_set is true,
4484  * we will use the address provided.  Otherwise, we will find the working
4485  * interface's address and use it instead.
4486  */
4487 static boolean_t
4488 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set)
4489 {
4490 	struct sockaddr_in ifaddr;
4491 
4492 	/*
4493 	 * Read the address from the interface if it is not passed in.
4494 	 */
4495 	if (!addr_set) {
4496 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4497 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
4498 			if (errno != EADDRNOTAVAIL) {
4499 				(void) fprintf(stderr, "Need net number for "
4500 				    "mask\n");
4501 			}
4502 			return (_B_FALSE);
4503 		}
4504 		ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr);
4505 	} else {
4506 		ifaddr.sin_addr = saddr->sin_addr;
4507 	}
4508 	if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) {
4509 		saddr->sin_family = AF_INET;
4510 		return (_B_TRUE);
4511 	}
4512 	return (_B_FALSE);
4513 }
4514 
4515 static int
4516 strioctl(int s, int cmd, char *buf, int buflen)
4517 {
4518 	struct strioctl ioc;
4519 
4520 	(void) memset(&ioc, 0, sizeof (ioc));
4521 	ioc.ic_cmd = cmd;
4522 	ioc.ic_timout = 0;
4523 	ioc.ic_len = buflen;
4524 	ioc.ic_dp = buf;
4525 	return (ioctl(s, I_STR, (char *)&ioc));
4526 }
4527 
4528 static void
4529 add_ni(char *name)
4530 {
4531 	ni_t **pp;
4532 	ni_t *p;
4533 
4534 	for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) {
4535 		if (strcmp(p->ni_name, name) == 0) {
4536 			if (debug > 2)
4537 				(void) fprintf(stderr, "'%s' is a duplicate\n",
4538 				    name);
4539 			return;
4540 		}
4541 	}
4542 
4543 	if (debug > 2)
4544 		(void) fprintf(stderr, "adding '%s'\n",
4545 		    name);
4546 
4547 	if ((p = malloc(sizeof (ni_t))) == NULL)
4548 		return;
4549 
4550 	(void) strlcpy(p->ni_name, name, sizeof (p->ni_name));
4551 	p->ni_next = NULL;
4552 
4553 	*pp = p;
4554 	num_ni++;
4555 }
4556 
4557 /* ARGSUSED2 */
4558 static int
4559 devfs_entry(di_node_t node, di_minor_t minor, void *arg)
4560 {
4561 	char *provider;
4562 	int fd;
4563 	uint_t ppa;
4564 	dl_info_ack_t dlia;
4565 	char ifname[LIFNAMSIZ];
4566 
4567 	provider = di_minor_name(minor);
4568 
4569 	if (strlen(provider) > LIFNAMSIZ)
4570 		return (DI_WALK_CONTINUE);
4571 
4572 	if (debug > 2)
4573 		fprintf(stderr, "provider = %s\n", provider);
4574 
4575 	if ((fd = dlpi_open(provider)) < 0)
4576 		return (DI_WALK_CONTINUE);
4577 
4578 	if (debug > 2)
4579 		fprintf(stderr, "getting DL_INFO_ACK\n");
4580 
4581 	if (dlpi_info(fd, -1, &dlia, NULL, NULL, NULL, NULL, NULL, NULL) < 0)
4582 		goto done;
4583 
4584 	if (dlia.dl_provider_style == DL_STYLE1) {
4585 		if (debug > 2)
4586 			fprintf(stderr, "provider is DL_STYLE1\n");
4587 		add_ni(provider);
4588 		goto done;
4589 	}
4590 
4591 	if (debug > 2)
4592 		fprintf(stderr, "provider is DL_STYLE2\n");
4593 
4594 	if (di_minor_type(minor) != DDM_ALIAS) {
4595 		if (debug > 2)
4596 			(void) fprintf(stderr,
4597 			    "non-alias node, ignoring\n");
4598 		goto done;
4599 	}
4600 
4601 	if (debug > 2)
4602 		(void) fprintf(stderr,
4603 		    "alias node, using instance\n");
4604 	ppa = di_instance(node);
4605 
4606 	if (dlpi_attach(fd, -1, ppa) < 0) {
4607 		if (debug > 2)
4608 			(void) fprintf(stderr,
4609 			    "non-existent PPA, ignoring\n");
4610 		goto done;
4611 	}
4612 
4613 	(void) snprintf(ifname, LIFNAMSIZ, "%s%d", provider, ppa);
4614 	add_ni(ifname);
4615 
4616 done:
4617 	(void) dlpi_close(fd);
4618 	return (DI_WALK_CONTINUE);
4619 }
4620 
4621 /*
4622  * dhcp-related routines
4623  */
4624 
4625 static int
4626 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[])
4627 {
4628 	dhcp_ipc_request_t	*request;
4629 	dhcp_ipc_reply_t	*reply	= NULL;
4630 	int			timeout = DHCP_IPC_WAIT_DEFAULT;
4631 	dhcp_ipc_type_t		type	= DHCP_START;
4632 	int			error;
4633 	boolean_t		is_primary = _B_FALSE;
4634 	boolean_t		started = _B_FALSE;
4635 
4636 	for (argv++; --argc > 0; argv++) {
4637 
4638 		if (strcmp(*argv, "primary") == 0) {
4639 			is_primary = _B_TRUE;
4640 			continue;
4641 		}
4642 
4643 		if (strcmp(*argv, "wait") == 0) {
4644 			if (--argc <= 0) {
4645 				usage();
4646 				return (DHCP_EXIT_BADARGS);
4647 			}
4648 			argv++;
4649 
4650 			if (strcmp(*argv, "forever") == 0) {
4651 				timeout = DHCP_IPC_WAIT_FOREVER;
4652 				continue;
4653 			}
4654 
4655 			if (sscanf(*argv, "%d", &timeout) != 1) {
4656 				usage();
4657 				return (DHCP_EXIT_BADARGS);
4658 			}
4659 
4660 			if (timeout < 0) {
4661 				usage();
4662 				return (DHCP_EXIT_BADARGS);
4663 			}
4664 			continue;
4665 		}
4666 
4667 		type = dhcp_string_to_request(*argv);
4668 		if (type == -1) {
4669 			usage();
4670 			return (DHCP_EXIT_BADARGS);
4671 		}
4672 	}
4673 
4674 	/*
4675 	 * Only try to start agent on start or inform; in all other cases it
4676 	 * has to already be running for anything to make sense.
4677 	 */
4678 	if (type == DHCP_START || type == DHCP_INFORM) {
4679 		if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) {
4680 			(void) fprintf(stderr, "%s: unable to start %s\n",
4681 			    caller, DHCP_AGENT_PATH);
4682 			return (DHCP_EXIT_FAILURE);
4683 		}
4684 		started = _B_TRUE;
4685 	}
4686 
4687 	if (is_primary)
4688 		type = type | DHCP_PRIMARY;
4689 
4690 	request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE);
4691 	if (request == NULL) {
4692 		(void) fprintf(stderr, "%s: out of memory\n", caller);
4693 		return (DHCP_EXIT_SYSTEM);
4694 	}
4695 
4696 	error = dhcp_ipc_make_request(request, &reply, timeout);
4697 	if (error != 0) {
4698 		free(request);
4699 		/*
4700 		 * Re-map connect error to not under control if we didn't try a
4701 		 * start operation, as this has to be true and results in a
4702 		 * clearer message, not to mention preserving compatibility
4703 		 * with the days when we always started dhcpagent for every
4704 		 * request.
4705 		 */
4706 		if (error == DHCP_IPC_E_CONNECT && !started)
4707 			error = DHCP_IPC_E_UNKIF;
4708 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4709 		    dhcp_ipc_strerror(error));
4710 		return (DHCP_EXIT_FAILURE);
4711 	}
4712 
4713 	error = reply->return_code;
4714 	if (error != 0) {
4715 		free(request);
4716 		free(reply);
4717 
4718 		if (error == DHCP_IPC_E_TIMEOUT && timeout == 0)
4719 			return (DHCP_EXIT_SUCCESS);
4720 
4721 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4722 		    dhcp_ipc_strerror(error));
4723 
4724 		if (error == DHCP_IPC_E_TIMEOUT)
4725 			return (DHCP_EXIT_TIMEOUT);
4726 		else
4727 			return (DHCP_EXIT_IF_FAILURE);
4728 	}
4729 
4730 	if (DHCP_IPC_CMD(type) == DHCP_STATUS) {
4731 		(void) printf("%s", dhcp_status_hdr_string());
4732 		(void) printf("%s", dhcp_status_reply_to_string(reply));
4733 	}
4734 
4735 	free(request);
4736 	free(reply);
4737 	return (DHCP_EXIT_SUCCESS);
4738 }
4739 
4740 static void
4741 usage(void)
4742 {
4743 	(void) fprintf(stderr,
4744 	    "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n");
4745 
4746 	(void) fprintf(stderr, "%s",
4747 	    "\t[ <addr_family> ]\n"
4748 	    "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n"
4749 	    "\t[ set [ <address>][/<prefix_length>] ]"
4750 	    " [ <address>/<prefix_length>] ]\n"
4751 	    "\t[ destination <dest_address> ]\n"
4752 	    "\t[ addif <address>[/<prefix_length>]"
4753 	    "  [ <dest_address> ] ]\n"
4754 	    "\t[ removeif <address>[/<prefix_length>] ]\n"
4755 	    "\t[ arp | -arp ]\n"
4756 	    "\t[ auto-revarp ]\n"
4757 	    "\t[ broadcast <broad_addr> ]\n"
4758 	    "\t[ index <if_index> ]\n"
4759 	    "\t[ metric <n> ] [ mtu <n> ]\n"
4760 	    "\t[ netmask <mask> ]\n"
4761 	    "\t[ plumb ] [ unplumb ]\n"
4762 	    "\t[ preferred | -preferred ]\n"
4763 	    "\t[ private | -private ]\n"
4764 	    "\t[ local | -local ]\n"
4765 	    "\t[ router | -router ]\n"
4766 	    "\t[ subnet <subnet_address>]\n"
4767 	    "\t[ trailers | -trailers ]\n"
4768 	    "\t[ token <address>/<prefix_length> ]\n"
4769 	    "\t[ tsrc <tunnel_src_address> ]\n"
4770 	    "\t[ tdst <tunnel_dest_address> ]\n"
4771 	    "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n"
4772 	    "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n"
4773 	    "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n"
4774 	    "\t[ up ] [ down ]\n"
4775 	    "\t[ xmit | -xmit ]\n"
4776 	    "\t[ modlist ]\n"
4777 	    "\t[ modinsert <module_name@position> ]\n"
4778 	    "\t[ modremove <module_name@position> ]\n"
4779 	    "\t[ group <groupname>] | [ group \"\"]\n"
4780 	    "\t[ deprecated | -deprecated ]\n"
4781 	    "\t[ standby | -standby ]\n"
4782 	    "\t[ failover | -failover ]\n"
4783 	    "\t[ zone <zonename> | -zone ]\n"
4784 	    "\t[ usesrc <interface> ]\n"
4785 	    "\t[ all-zones ]\n");
4786 
4787 	(void) fprintf(stderr, "or\n");
4788 	(void) fprintf(stderr,
4789 	    "\tifconfig <interface> |  -a[ 4 | 6 | D ] [ u | d ]\n");
4790 
4791 	(void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n"
4792 	    "\t[ wait <time> | forever ]\n\t[ primary ]\n"
4793 	    "\tstart | drop | ping | release | status | inform\n");
4794 }
4795