xref: /titanic_50/usr/src/cmd/cmd-inet/usr.sbin/ifconfig/ifconfig.c (revision 96c4a178a18cd52ee5001195f1552d9cef0c38f0)
1 /*
2  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 /*
6  * Copyright (c) 1983 Regents of the University of California.
7  * All rights reserved.  The Berkeley software License Agreement
8  * specifies the terms and conditions for redistribution.
9  */
10 
11 #include "defs.h"
12 #include "strings.h"
13 #include "ifconfig.h"
14 #include <compat.h>
15 #include <libdlpi.h>
16 #include <libdllink.h>
17 #include <libdliptun.h>
18 #include <libdllink.h>
19 #include <inet/ip.h>
20 #include <inet/ipsec_impl.h>
21 
22 #define	LOOPBACK_IF	"lo0"
23 #define	NONE_STR	"none"
24 #define	ARP_MOD_NAME	"arp"
25 #define	IPMPSTUB	(void *)-1
26 
27 typedef struct if_flags {
28 	uint64_t iff_value;
29 	char	*iff_name;
30 } if_flags_t;
31 
32 static if_flags_t	if_flags_tbl[] = {
33 	{ IFF_UP,		"UP" },
34 	{ IFF_BROADCAST,	"BROADCAST" },
35 	{ IFF_DEBUG,		"DEBUG" },
36 	{ IFF_LOOPBACK,		"LOOPBACK" },
37 	{ IFF_POINTOPOINT,	"POINTOPOINT" },
38 	{ IFF_NOTRAILERS,	"NOTRAILERS" },
39 	{ IFF_RUNNING,		"RUNNING" },
40 	{ IFF_NOARP,		"NOARP" },
41 	{ IFF_PROMISC,		"PROMISC" },
42 	{ IFF_ALLMULTI,		"ALLMULTI" },
43 	{ IFF_INTELLIGENT,	"INTELLIGENT" },
44 	{ IFF_MULTICAST,	"MULTICAST" },
45 	{ IFF_MULTI_BCAST,	"MULTI_BCAST" },
46 	{ IFF_UNNUMBERED,	"UNNUMBERED" },
47 	{ IFF_DHCPRUNNING,	"DHCP" },
48 	{ IFF_PRIVATE,		"PRIVATE" },
49 	{ IFF_NOXMIT,		"NOXMIT" },
50 	{ IFF_NOLOCAL,		"NOLOCAL" },
51 	{ IFF_DEPRECATED,	"DEPRECATED" },
52 	{ IFF_ADDRCONF,		"ADDRCONF" },
53 	{ IFF_ROUTER,		"ROUTER" },
54 	{ IFF_NONUD,		"NONUD" },
55 	{ IFF_ANYCAST,		"ANYCAST" },
56 	{ IFF_NORTEXCH,		"NORTEXCH" },
57 	{ IFF_IPV4,		"IPv4" },
58 	{ IFF_IPV6,		"IPv6" },
59 	{ IFF_NOFAILOVER,	"NOFAILOVER" },
60 	{ IFF_FAILED,		"FAILED" },
61 	{ IFF_STANDBY,		"STANDBY" },
62 	{ IFF_INACTIVE,		"INACTIVE" },
63 	{ IFF_OFFLINE,		"OFFLINE" },
64 	{ IFF_XRESOLV,		"XRESOLV" },
65 	{ IFF_COS_ENABLED,	"CoS" },
66 	{ IFF_PREFERRED,	"PREFERRED" },
67 	{ IFF_TEMPORARY,	"TEMPORARY" },
68 	{ IFF_FIXEDMTU,		"FIXEDMTU" },
69 	{ IFF_VIRTUAL,		"VIRTUAL" },
70 	{ IFF_DUPLICATE,	"DUPLICATE" },
71 	{ IFF_IPMP,		"IPMP"}
72 };
73 
74 typedef struct {
75 	const char		*ia_app;
76 	uint64_t		ia_flag;
77 	uint_t			ia_tries;
78 } if_appflags_t;
79 
80 static const if_appflags_t if_appflags_tbl[] = {
81 	{ "dhcpagent(1M)",	IFF_DHCPRUNNING,	1 },
82 	{ "in.ndpd(1M)",	IFF_ADDRCONF,		3 },
83 	{  NULL,		0,			0 }
84 };
85 
86 static dladm_handle_t	dlh;
87 boolean_t		dlh_opened;
88 static struct		lifreq lifr;
89 /* current interface name a particular function is accessing */
90 static char		name[LIFNAMSIZ];
91 /* foreach interface saved name */
92 static char		origname[LIFNAMSIZ];
93 static int		setaddr;
94 static boolean_t	ipsec_policy_set;
95 static boolean_t	ipsec_auth_covered;
96 
97 /*
98  * Make sure the algorithm variables hold more than the sizeof an algorithm
99  * in PF_KEY.  (For now, more than a uint8_t.)  The NO_***_?ALG indicates that
100  * there was no algorithm requested, and in the ipsec_req that service should
101  * be disabled.  (E.g. if ah_aalg remains NO_AH_AALG, then AH will be
102  * disabled on that tunnel.)
103  */
104 #define	NO_AH_AALG 256
105 #define	NO_ESP_AALG 256
106 #define	NO_ESP_EALG 256
107 
108 int	s, s4, s6;
109 int	af = AF_INET;	/* default address family */
110 int	debug = 0;
111 int	all = 0;	/* setifdhcp() needs to know this */
112 int	verbose = 0;
113 int	v4compat = 0;	/* Compatible printing format */
114 
115 /*
116  * Function prototypes for command functions.
117  */
118 static int	addif(char *arg, int64_t param);
119 static int	inetipmp(char *arg, int64_t param);
120 static int	inetplumb(char *arg, int64_t param);
121 static int	inetunplumb(char *arg, int64_t param);
122 static int	removeif(char *arg, int64_t param);
123 static int	setdebugflag(char *arg, int64_t param);
124 static int	setifaddr(char *arg, int64_t param);
125 static int	setifbroadaddr(char *arg, int64_t param);
126 static int	setifdstaddr(char *arg, int64_t param);
127 static int	setifether(char *arg, int64_t param);
128 static int	setifflags(char *arg, int64_t param);
129 static int	setifindex(char *arg, int64_t param);
130 static int	setifmetric(char *arg, int64_t param);
131 static int	setifmtu(char *arg, int64_t param);
132 static int	setifnetmask(char *arg, int64_t param);
133 static int	setifprefixlen(char *arg, int64_t param);
134 static int	setifrevarp(char *arg, int64_t param);
135 static int	setifsubnet(char *arg, int64_t param);
136 static int	setiftdst(char *arg, int64_t param);
137 static int	setiftoken(char *arg, int64_t param);
138 static int	setiftsrc(char *arg, int64_t param);
139 static int	setverboseflag(char *arg, int64_t param);
140 static int	set_tun_ah_alg(char *arg, int64_t param);
141 static int	set_tun_esp_auth_alg(char *arg, int64_t param);
142 static int	set_tun_esp_encr_alg(char *arg, int64_t param);
143 static int	modlist(char *arg, int64_t param);
144 static int	modinsert(char *arg, int64_t param);
145 static int	modremove(char *arg, int64_t param);
146 static int	setifgroupname(char *arg, int64_t param);
147 static int	configinfo(char *arg, int64_t param);
148 static void	print_config_flags(int af, uint64_t flags);
149 static void	print_flags(uint64_t flags);
150 static void	print_ifether(char *ifname);
151 static int	set_tun_encap_limit(char *arg, int64_t param);
152 static int	clr_tun_encap_limit(char *arg, int64_t param);
153 static int	set_tun_hop_limit(char *arg, int64_t param);
154 static int	setzone(char *arg, int64_t param);
155 static int	setallzones(char *arg, int64_t param);
156 static int	setifsrc(char *arg, int64_t param);
157 static int	lifnum(const char *ifname);
158 
159 /*
160  * Address family specific function prototypes.
161  */
162 static void	in_getaddr(char *s, struct sockaddr *saddr, int *plenp);
163 static void	in_status(int force, uint64_t flags);
164 static void	in_configinfo(int force, uint64_t flags);
165 static void	in6_getaddr(char *s, struct sockaddr *saddr, int *plenp);
166 static void	in6_status(int force, uint64_t flags);
167 static void	in6_configinfo(int force, uint64_t flags);
168 
169 /*
170  * Misc support functions
171  */
172 static boolean_t	ni_entry(const char *, void *);
173 static void	foreachinterface(void (*func)(), int argc, char *argv[],
174 		    int af, int64_t onflags, int64_t offflags,
175 		    int64_t lifc_flags);
176 static void	ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp);
177 static boolean_t	in_getmask(struct sockaddr_in *saddr,
178 			    boolean_t addr_set);
179 static int	in_getprefixlen(char *addr, boolean_t slash, int plen);
180 static boolean_t	in_prefixlentomask(int prefixlen, int maxlen,
181 			    uchar_t *mask);
182 static void	status(void);
183 static void	ifstatus(const char *);
184 static void	tun_status(datalink_id_t);
185 static void	usage(void);
186 static int	strioctl(int s, int cmd, void *buf, int buflen);
187 static int	setifdhcp(const char *caller, const char *ifname,
188 		    int argc, char *argv[]);
189 static int	ip_domux2fd(int *, int *, int *, int *, int *);
190 static int	ip_plink(int, int, int, int, int);
191 static int	modop(char *arg, char op);
192 static int	find_all_interfaces(struct lifconf *lifcp, char **buf,
193 		    int64_t lifc_flags);
194 static int	create_ipmp(const char *grname, int af, const char *ifname,
195 		    boolean_t implicit);
196 static int	create_ipmp_peer(int af, const char *ifname);
197 static void	start_ipmp_daemon(void);
198 static boolean_t ifaddr_up(ifaddrlistx_t *ifaddrp);
199 static boolean_t ifaddr_down(ifaddrlistx_t *ifaddrp);
200 static dladm_status_t	ifconfig_dladm_open(const char *, datalink_class_t,
201 		    datalink_id_t *);
202 static void	dladmerr_exit(dladm_status_t status, const char *str);
203 
204 #define	max(a, b)	((a) < (b) ? (b) : (a))
205 
206 /*
207  * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there
208  * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep
209  * on going rather than exit with an error.
210  */
211 
212 #define	DHCP_EXIT_IF_FAILURE	-1
213 
214 #define	NEXTARG		0xffffff	/* command takes an argument */
215 #define	OPTARG		0xfffffe 	/* command takes an optional argument */
216 #define	AF_ANY		(-1)
217 
218 /* Refer to the comments in ifconfig() on the netmask "hack" */
219 #define	NETMASK_CMD	"netmask"
220 struct sockaddr_storage	g_netmask;
221 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET }
222     g_netmask_set = G_NETMASK_NIL;
223 
224 struct	cmd {
225 	char		*c_name;
226 	int64_t		c_parameter;	/* NEXTARG means next argv */
227 	int		(*c_func)(char *, int64_t);
228 	int		c_abortonfail;	/* don't continue parsing args */
229 					/* for the current interface */
230 	int	c_af;			/* address family restrictions */
231 } cmds[] = {
232 	{ "up",		IFF_UP,		setifflags,	0,	AF_ANY },
233 	{ "down",	-IFF_UP,	setifflags,	0,	AF_ANY },
234 	{ "trailers",	-IFF_NOTRAILERS, setifflags,	0,	AF_ANY },
235 	{ "-trailers",	IFF_NOTRAILERS,	setifflags,	0,	AF_ANY },
236 	{ "arp",	-IFF_NOARP,	setifflags,	0,	AF_INET },
237 	{ "-arp",	IFF_NOARP,	setifflags,	0,	AF_INET },
238 	{ "router",	IFF_ROUTER,	setifflags,	0,	AF_ANY },
239 	{ "-router",	-IFF_ROUTER,	setifflags,	0,	AF_ANY },
240 	{ "private",	IFF_PRIVATE,	setifflags,	0,	AF_ANY },
241 	{ "-private",	-IFF_PRIVATE,	setifflags,	0,	AF_ANY },
242 	{ "xmit",	-IFF_NOXMIT,	setifflags,	0,	AF_ANY },
243 	{ "-xmit",	IFF_NOXMIT,	setifflags,	0,	AF_ANY },
244 	{ "-nud",	IFF_NONUD,	setifflags,	0,	AF_INET6 },
245 	{ "nud",	-IFF_NONUD,	setifflags,	0,	AF_INET6 },
246 	{ "anycast",	IFF_ANYCAST,	setifflags,	0,	AF_ANY },
247 	{ "-anycast",	-IFF_ANYCAST,	setifflags,	0,	AF_ANY },
248 	{ "local",	-IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
249 	{ "-local",	IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
250 	{ "deprecated",	IFF_DEPRECATED,	setifflags,	0,	AF_ANY },
251 	{ "-deprecated", -IFF_DEPRECATED, setifflags,	0,	AF_ANY },
252 	{ "preferred",	IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
253 	{ "-preferred",	-IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
254 	{ "debug",	0,		setdebugflag,	0,	AF_ANY },
255 	{ "verbose",	0,		setverboseflag,	0,	AF_ANY },
256 	{ NETMASK_CMD,	NEXTARG,	setifnetmask,	0,	AF_INET },
257 	{ "metric",	NEXTARG,	setifmetric,	0,	AF_ANY },
258 	{ "mtu",	NEXTARG,	setifmtu,	0,	AF_ANY },
259 	{ "index",	NEXTARG,	setifindex,	0,	AF_ANY },
260 	{ "broadcast",	NEXTARG,	setifbroadaddr,	0,	AF_INET },
261 	{ "auto-revarp", 0,		setifrevarp,	1,	AF_INET },
262 	{ "ipmp",	0,		inetipmp,	1,	AF_ANY },
263 	{ "plumb",	0,		inetplumb,	1,	AF_ANY },
264 	{ "unplumb",	0,		inetunplumb,	0,	AF_ANY },
265 	{ "subnet",	NEXTARG,	setifsubnet,	0,	AF_ANY },
266 	{ "token",	NEXTARG,	setiftoken,	0,	AF_INET6 },
267 	{ "tsrc",	NEXTARG,	setiftsrc,	0,	AF_ANY },
268 	{ "tdst",	NEXTARG,	setiftdst,	0,	AF_ANY },
269 	{ "encr_auth_algs", NEXTARG,	set_tun_esp_auth_alg, 0, AF_ANY },
270 	{ "encr_algs",	NEXTARG,	set_tun_esp_encr_alg, 0, AF_ANY },
271 	{ "auth_algs",	NEXTARG,	set_tun_ah_alg,	0,	AF_ANY },
272 	{ "addif",	NEXTARG,	addif,		1,	AF_ANY },
273 	{ "removeif",	NEXTARG,	removeif,	1,	AF_ANY },
274 	{ "modlist",	0,		modlist,	1,	AF_ANY },
275 	{ "modinsert",	NEXTARG,	modinsert,	1,	AF_ANY },
276 	{ "modremove",	NEXTARG,	modremove,	1,	AF_ANY },
277 	{ "failover",	-IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
278 	{ "-failover",	IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
279 	{ "standby",	IFF_STANDBY,	setifflags,	1,	AF_ANY },
280 	{ "-standby",	-IFF_STANDBY,	setifflags,	1,	AF_ANY },
281 	{ "failed",	IFF_FAILED,	setifflags,	1,	AF_ANY },
282 	{ "-failed",	-IFF_FAILED,	setifflags,	1,	AF_ANY },
283 	{ "group",	NEXTARG,	setifgroupname,	1,	AF_ANY },
284 	{ "configinfo",	0,		configinfo,	1,	AF_ANY },
285 	{ "encaplimit",	NEXTARG,	set_tun_encap_limit,	0, AF_ANY },
286 	{ "-encaplimit", 0,		clr_tun_encap_limit,	0, AF_ANY },
287 	{ "thoplimit",	NEXTARG,	set_tun_hop_limit,	0, AF_ANY },
288 	{ "set",	NEXTARG,	setifaddr,	0,	AF_ANY },
289 	{ "destination", NEXTARG,	setifdstaddr,	0,	AF_ANY },
290 	{ "zone",	NEXTARG,	setzone,	0,	AF_ANY },
291 	{ "-zone",	0,		setzone,	0,	AF_ANY },
292 	{ "all-zones",	0,		setallzones,	0,	AF_ANY },
293 	{ "ether",	OPTARG,		setifether,	0,	AF_ANY },
294 	{ "usesrc",	NEXTARG,	setifsrc,	0,	AF_ANY },
295 
296 	/*
297 	 * NOTE: any additions to this table must also be applied to ifparse
298 	 *	(usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c)
299 	 */
300 
301 	{ 0,		0,		setifaddr,	0,	AF_ANY },
302 	{ 0,		0,		setifdstaddr,	0,	AF_ANY },
303 	{ 0,		0,		0,		0,	0 },
304 };
305 
306 
307 typedef struct if_config_cmd {
308 	uint64_t	iff_flag;
309 	int		iff_af;
310 	char		*iff_name;
311 } if_config_cmd_t;
312 
313 /*
314  * NOTE: print_config_flags() processes this table in order, so we put "up"
315  * last so that we can be sure "-failover" will take effect first.  Otherwise,
316  * IPMP test addresses will erroneously migrate to the IPMP interface.
317  */
318 static if_config_cmd_t	if_config_cmd_tbl[] = {
319 	{ IFF_NOTRAILERS,	AF_UNSPEC,	"-trailers"	},
320 	{ IFF_PRIVATE,		AF_UNSPEC,	"private"	},
321 	{ IFF_NOXMIT,		AF_UNSPEC,	"-xmit"		},
322 	{ IFF_ANYCAST,		AF_INET6,	"anycast"	},
323 	{ IFF_NOLOCAL,		AF_UNSPEC,	"-local"	},
324 	{ IFF_DEPRECATED,	AF_UNSPEC,	"deprecated"	},
325 	{ IFF_NOFAILOVER,	AF_UNSPEC,	"-failover"	},
326 	{ IFF_STANDBY,		AF_UNSPEC,	"standby"	},
327 	{ IFF_FAILED,		AF_UNSPEC,	"failed"	},
328 	{ IFF_PREFERRED,	AF_UNSPEC,	"preferred"	},
329 	{ IFF_NONUD,		AF_INET6,	"-nud"		},
330 	{ IFF_NOARP,		AF_INET,	"-arp"		},
331 	{ IFF_UP,		AF_UNSPEC, 	"up" 		},
332 	{ 0,			0,		NULL		},
333 };
334 
335 typedef struct ni {
336 	char		ni_name[LIFNAMSIZ];
337 	struct ni	*ni_next;
338 } ni_t;
339 
340 static ni_t	*ni_list = NULL;
341 static int	num_ni = 0;
342 
343 /* End defines and structure definitions for ifconfig -a plumb */
344 
345 /* Known address families */
346 struct afswtch {
347 	char *af_name;
348 	short af_af;
349 	void (*af_status)();
350 	void (*af_getaddr)();
351 	void (*af_configinfo)();
352 } afs[] = {
353 	{ "inet", AF_INET, in_status, in_getaddr, in_configinfo },
354 	{ "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo },
355 	{ 0, 0,	0, 0, 0 }
356 };
357 
358 #define	SOCKET_AF(af)	(((af) == AF_UNSPEC) ? AF_INET : (af))
359 
360 struct afswtch *afp;	/* the address family being set or asked about */
361 
362 int
363 main(int argc, char *argv[])
364 {
365 	int64_t		lifc_flags;
366 	char		*default_ip_str;
367 
368 	lifc_flags = LIFC_NOXMIT|LIFC_TEMPORARY|LIFC_ALLZONES|LIFC_UNDER_IPMP;
369 
370 	if (argc < 2) {
371 		usage();
372 		exit(1);
373 	}
374 	argc--, argv++;
375 	if (strlen(*argv) > sizeof (name) - 1) {
376 		(void) fprintf(stderr, "%s: interface name too long\n", *argv);
377 		exit(1);
378 	}
379 	(void) strncpy(name, *argv, sizeof (name));
380 	name[sizeof (name) - 1] = '\0';
381 	(void) strncpy(origname, name, sizeof (origname));	/* For addif */
382 	default_ip_str = NULL;
383 	v4compat = get_compat_flag(&default_ip_str);
384 	if (v4compat == DEFAULT_PROT_BAD_VALUE) {
385 		(void) fprintf(stderr,
386 		    "ifconfig: %s: Bad value for %s in %s\n", default_ip_str,
387 		    DEFAULT_IP, INET_DEFAULT_FILE);
388 		free(default_ip_str);
389 		exit(2);
390 	}
391 	free(default_ip_str);
392 	argc--, argv++;
393 	if (argc > 0) {
394 		struct afswtch *myafp;
395 
396 		for (myafp = afp = afs; myafp->af_name; myafp++) {
397 			if (strcmp(myafp->af_name, *argv) == 0) {
398 				afp = myafp; argc--; argv++;
399 				break;
400 			}
401 		}
402 		af = lifr.lifr_addr.ss_family = afp->af_af;
403 		if (af == AF_INET6) {
404 			v4compat = 0;
405 		}
406 	}
407 
408 	s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
409 	s4 = socket(AF_INET, SOCK_DGRAM, 0);
410 	s6 = socket(AF_INET6, SOCK_DGRAM, 0);
411 	if (s == -1 || s4 == -1 || s6 == -1)
412 		Perror0_exit("socket");
413 
414 	/*
415 	 * Special interface names is any combination of these flags.
416 	 * Note that due to the ifconfig syntax they have to be combined
417 	 * as a single '-' option.
418 	 *	-a	All interfaces
419 	 *	-u	"up" interfaces
420 	 *	-d	"down" interfaces
421 	 *	-D	Interfaces not controlled by DHCP
422 	 *	-4	IPv4 interfaces
423 	 *	-6	IPv6 interfaces
424 	 *	-X	Turn on debug (not documented)
425 	 *	-v	Turn on verbose
426 	 *	-Z	Only interfaces in caller's zone
427 	 */
428 
429 	if (name[0] == '-') {
430 		/* One or more options */
431 		int64_t onflags = 0;
432 		int64_t offflags = 0;
433 		int c;
434 		char *av[2] = { "ifconfig", name };
435 
436 		while ((c = getopt(2, av, "audDXZ46v")) != -1) {
437 			switch ((char)c) {
438 			case 'a':
439 				all = 1;
440 				break;
441 			case 'u':
442 				onflags |= IFF_UP;
443 				break;
444 			case 'd':
445 				offflags |= IFF_UP;
446 				break;
447 			case 'D':
448 				offflags |= IFF_DHCPRUNNING;
449 				break;
450 			case 'X':
451 				debug += 3;
452 				break;
453 			case 'Z':
454 				lifc_flags &= ~LIFC_ALLZONES;
455 				break;
456 			case '4':
457 				/*
458 				 * -4 is not a compatable flag, therefore
459 				 * we assume they want v4compat turned off
460 				 */
461 				v4compat = 0;
462 				onflags |= IFF_IPV4;
463 				break;
464 			case '6':
465 				/*
466 				 * If they want IPv6, well then we'll assume
467 				 * they don't want IPv4 compat
468 				 */
469 				v4compat = 0;
470 				onflags |= IFF_IPV6;
471 				break;
472 			case 'v':
473 				verbose = 1;
474 				break;
475 			case '?':
476 				usage();
477 				exit(1);
478 			}
479 		}
480 		if (!all) {
481 			(void) fprintf(stderr,
482 			    "ifconfig: %s: no such interface\n", name);
483 			exit(1);
484 		}
485 		foreachinterface(ifconfig, argc, argv, af, onflags, offflags,
486 		    lifc_flags);
487 	} else {
488 		ifconfig(argc, argv, af, (struct lifreq *)NULL);
489 	}
490 	return (0);
491 }
492 
493 /*
494  * For each interface, call (*func)(argc, argv, af, lifrp).
495  * Only call function if onflags and offflags are set or clear, respectively,
496  * in the interfaces flags field.
497  */
498 static void
499 foreachinterface(void (*func)(), int argc, char *argv[], int af,
500     int64_t onflags, int64_t offflags, int64_t lifc_flags)
501 {
502 	int n;
503 	char *buf;
504 	struct lifnum lifn;
505 	struct lifconf lifc;
506 	struct lifreq *lifrp;
507 	struct lifreq lifrl;	/* Local lifreq struct */
508 	int numifs;
509 	unsigned bufsize;
510 	int plumball = 0;
511 	int save_af = af;
512 
513 	buf = NULL;
514 	/*
515 	 * Special case:
516 	 * ifconfig -a plumb should find all network interfaces in the current
517 	 * zone.
518 	 */
519 	if (argc > 0 && (strcmp(*argv, "plumb") == 0)) {
520 		if (find_all_interfaces(&lifc, &buf, lifc_flags) != 0 ||
521 		    lifc.lifc_len == 0)
522 			return;
523 		plumball = 1;
524 	} else {
525 		lifn.lifn_family = AF_UNSPEC;
526 		lifn.lifn_flags = lifc_flags;
527 		if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) {
528 			Perror0_exit("Could not determine number"
529 			    " of interfaces");
530 		}
531 		numifs = lifn.lifn_count;
532 		if (debug)
533 			(void) printf("ifconfig: %d interfaces\n",  numifs);
534 
535 		bufsize = numifs * sizeof (struct lifreq);
536 		if ((buf = malloc(bufsize)) == NULL) {
537 			Perror0("out of memory\n");
538 			(void) close(s);
539 			return;
540 		}
541 
542 		lifc.lifc_family = AF_UNSPEC;
543 		lifc.lifc_flags = lifc_flags;
544 		lifc.lifc_len = bufsize;
545 		lifc.lifc_buf = buf;
546 
547 		if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) {
548 			Perror0("SIOCGLIFCONF");
549 			(void) close(s);
550 			free(buf);
551 			return;
552 		}
553 	}
554 
555 	lifrp = lifc.lifc_req;
556 	for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) {
557 
558 		if (!plumball) {
559 			/*
560 			 * We must close and recreate the socket each time
561 			 * since we don't know what type of socket it is now
562 			 * (each status function may change it).
563 			 */
564 
565 			(void) close(s);
566 
567 			af = lifrp->lifr_addr.ss_family;
568 			s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
569 			if (s == -1) {
570 				/*
571 				 * Perror0() assumes the name to be in the
572 				 * globally defined lifreq structure.
573 				 */
574 				(void) strncpy(lifr.lifr_name,
575 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
576 				Perror0_exit("socket");
577 			}
578 		}
579 
580 		/*
581 		 * Only service interfaces that match the on and off
582 		 * flags masks.
583 		 */
584 		if (onflags || offflags) {
585 			(void) memset(&lifrl, 0, sizeof (lifrl));
586 			(void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
587 			    sizeof (lifrl.lifr_name));
588 			if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrl) < 0) {
589 				/*
590 				 * Perror0() assumes the name to be in the
591 				 * globally defined lifreq structure.
592 				 */
593 				(void) strncpy(lifr.lifr_name,
594 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
595 				Perror0_exit("foreachinterface: SIOCGLIFFLAGS");
596 			}
597 			if ((lifrl.lifr_flags & onflags) != onflags)
598 				continue;
599 			if ((~lifrl.lifr_flags & offflags) != offflags)
600 				continue;
601 		}
602 
603 		if (!plumball) {
604 			(void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
605 			    sizeof (lifrl.lifr_name));
606 			if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifrl) < 0) {
607 				/*
608 				 * Perror0() assumes the name to be in the
609 				 * globally defined lifreq structure.
610 				 */
611 				(void) strncpy(lifr.lifr_name,
612 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
613 				Perror0("foreachinterface: SIOCGLIFADDR");
614 				continue;
615 			}
616 			if (lifrl.lifr_addr.ss_family != af) {
617 				/* Switch address family */
618 				af = lifrl.lifr_addr.ss_family;
619 				(void) close(s);
620 
621 				s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
622 				if (s == -1) {
623 					/*
624 					 * Perror0() assumes the name to be in
625 					 * the globally defined lifreq
626 					 * structure.
627 					 */
628 					(void) strncpy(lifr.lifr_name,
629 					    lifrp->lifr_name,
630 					    sizeof (lifr.lifr_name));
631 					Perror0_exit("socket");
632 				}
633 			}
634 		}
635 
636 		/*
637 		 * Reset global state
638 		 * setaddr: Used by parser to tear apart source and dest
639 		 * name and origname contain the name of the 'current'
640 		 * interface.
641 		 */
642 		setaddr = 0;
643 		(void) strncpy(name, lifrp->lifr_name, sizeof (name));
644 		(void) strncpy(origname, name, sizeof (origname));
645 
646 		(*func)(argc, argv, save_af, lifrp);
647 		/* the func could have overwritten origname, so restore */
648 		(void) strncpy(name, origname, sizeof (name));
649 	}
650 	if (buf != NULL)
651 		free(buf);
652 }
653 
654 /*
655  * for the specified interface call (*func)(argc, argv, af, lifrp).
656  */
657 
658 static void
659 ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp)
660 {
661 	static boolean_t scan_netmask = _B_FALSE;
662 	int ret;
663 
664 	if (argc == 0) {
665 		status();
666 		return;
667 	}
668 
669 	if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) {
670 		/*
671 		 * Some errors are ignored in the case where more than one
672 		 * interface is being operated on.
673 		 */
674 		ret = setifdhcp("ifconfig", name, argc, argv);
675 		if (ret == DHCP_EXIT_IF_FAILURE) {
676 			if (!all)
677 				exit(DHCP_EXIT_FAILURE);
678 		} else if (ret != DHCP_EXIT_SUCCESS) {
679 			exit(ret);
680 		}
681 		return;
682 	}
683 
684 	/*
685 	 * The following is a "hack" to get around the existing interface
686 	 * setting mechanism.  Currently, each interface attribute,
687 	 * such as address, netmask, broadcast, ... is set separately.  But
688 	 * sometimes two or more attributes must be set together.  For
689 	 * example, setting an address without a netmask does not make sense.
690 	 * Yet they can be set separately for IPv4 address using the current
691 	 * ifconfig(1M) syntax.  The kernel then "infers" the correct netmask
692 	 * using the deprecated "IP address classes."  This is simply not
693 	 * correct.
694 	 *
695 	 * The "hack" below is to go thru the whole command list looking for
696 	 * the netmask command first.  Then use this netmask to set the
697 	 * address.  This does not provide an extensible way to accommodate
698 	 * future need for setting more than one attributes together.
699 	 *
700 	 * Note that if the "netmask" command argument is a "+", we need
701 	 * to save this info and do the query after we know the address to
702 	 * be set.  The reason is that if "addif" is used, the working
703 	 * interface name will be changed later when the logical interface
704 	 * is created.  In in_getmask(), if an address is not provided,
705 	 * it will use the working interface's address to do the query.
706 	 * It will be wrong now as we don't know the logical interface's name.
707 	 *
708 	 * ifconfig(1M) is too overloaded and the code is so convoluted
709 	 * that it is "safer" not to re-architect the code to fix the above
710 	 * issue, hence this "hack."  We may be better off to have a new
711 	 * command with better syntax for configuring network interface
712 	 * parameters...
713 	 */
714 	if (!scan_netmask && afp->af_af == AF_INET) {
715 		int	largc;
716 		char	**largv;
717 
718 		/* Only go thru the command list once to find the netmask. */
719 		scan_netmask = _B_TRUE;
720 
721 		/*
722 		 * Currently, if multiple netmask commands are specified, the
723 		 * last one will be used as the final netmask.  So we need
724 		 * to scan the whole list to preserve this behavior.
725 		 */
726 		for (largc = argc, largv = argv; largc > 0; largc--, largv++) {
727 			if (strcmp(*largv, NETMASK_CMD) == 0) {
728 				if (--largc == 0)
729 					break;
730 				largv++;
731 				if (strcmp(*largv, "+") == 0) {
732 					g_netmask_set = G_NETMASK_PENDING;
733 				} else {
734 					in_getaddr(*largv, (struct sockaddr *)
735 					    &g_netmask, NULL);
736 					g_netmask_set = G_NETMASK_SET;
737 				}
738 				/* Continue the scan. */
739 			}
740 		}
741 	}
742 
743 	while (argc > 0) {
744 		struct cmd *p;
745 		boolean_t found_cmd;
746 
747 		if (debug)
748 			(void) printf("ifconfig: argv %s\n", *argv);
749 
750 		found_cmd = _B_FALSE;
751 		for (p = cmds; p->c_func; p++) {
752 			if (p->c_name) {
753 				if (strcmp(*argv, p->c_name) == 0) {
754 					/*
755 					 * indicate that the command was
756 					 * found and check to see if
757 					 * the address family is valid
758 					 */
759 					found_cmd = _B_TRUE;
760 					if (p->c_af == AF_ANY ||
761 					    af == p->c_af)
762 						break;
763 				}
764 			} else {
765 				if (p->c_af == AF_ANY ||
766 				    af == p->c_af)
767 					break;
768 			}
769 		}
770 		/*
771 		 * If we found the keyword, but the address family
772 		 * did not match spit out an error
773 		 */
774 		if (found_cmd && p->c_name == 0) {
775 			(void) fprintf(stderr, "ifconfig: Operation %s not"
776 			    " supported for %s\n", *argv, afp->af_name);
777 			exit(1);
778 		}
779 		/*
780 		 * else (no keyword found), we assume it's an address
781 		 * of some sort
782 		 */
783 		if (p->c_name == 0 && setaddr)
784 			p++;	/* got src, do dst */
785 		if (p->c_func) {
786 			if (p->c_af == AF_INET6) {
787 				v4compat = 0;
788 			}
789 			if (p->c_parameter == NEXTARG ||
790 			    p->c_parameter == OPTARG) {
791 				argc--, argv++;
792 				if (argc == 0 && p->c_parameter == NEXTARG) {
793 					(void) fprintf(stderr,
794 					    "ifconfig: no argument for %s\n",
795 					    p->c_name);
796 					exit(1);
797 				}
798 			}
799 			/*
800 			 *	Call the function if:
801 			 *
802 			 *		there's no address family
803 			 *		restriction
804 			 *	OR
805 			 *		we don't know the address yet
806 			 *		(because we were called from
807 			 *		main)
808 			 *	OR
809 			 *		there is a restriction AND
810 			 *		the address families match
811 			 */
812 			if ((p->c_af == AF_ANY)	||
813 			    (lifrp == (struct lifreq *)NULL) ||
814 			    (lifrp->lifr_addr.ss_family == p->c_af)) {
815 				ret = (*p->c_func)(*argv, p->c_parameter);
816 				/*
817 				 *	If c_func failed and we should
818 				 *	abort processing for this
819 				 *	interface on failure, return
820 				 *	now rather than going on to
821 				 *	process other commands for
822 				 *	the same interface.
823 				 */
824 				if (ret != 0 && p->c_abortonfail)
825 					return;
826 			}
827 		}
828 		argc--, argv++;
829 	}
830 
831 	/* Check to see if there's a security hole in the tunnel setup. */
832 	if (ipsec_policy_set && !ipsec_auth_covered) {
833 		(void) fprintf(stderr, "ifconfig: WARNING: tunnel with only "
834 		    "ESP and no authentication.\n");
835 	}
836 }
837 
838 /* ARGSUSED */
839 static int
840 setdebugflag(char *val, int64_t arg)
841 {
842 	debug++;
843 	return (0);
844 }
845 
846 /* ARGSUSED */
847 static int
848 setverboseflag(char *val, int64_t arg)
849 {
850 	verbose++;
851 	return (0);
852 }
853 
854 /*
855  * This function fills in the given lifreq's lifr_addr field based on
856  * g_netmask_set.
857  */
858 static void
859 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr,
860     struct sockaddr_storage *mask)
861 {
862 	assert(addr != NULL);
863 	assert(mask != NULL);
864 
865 	switch (g_netmask_set) {
866 	case G_NETMASK_SET:
867 		lifr->lifr_addr = g_netmask;
868 		break;
869 
870 	case G_NETMASK_PENDING:
871 		/*
872 		 * "+" is used as the argument to "netmask" command.  Query
873 		 * the database on the correct netmask based on the address to
874 		 * be set.
875 		 */
876 		assert(afp->af_af == AF_INET);
877 		g_netmask = *addr;
878 		if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) {
879 			lifr->lifr_addr = *mask;
880 			g_netmask_set = G_NETMASK_NIL;
881 		} else {
882 			lifr->lifr_addr = g_netmask;
883 			g_netmask_set = G_NETMASK_SET;
884 		}
885 		break;
886 
887 	case G_NETMASK_NIL:
888 	default:
889 		lifr->lifr_addr = *mask;
890 		break;
891 	}
892 }
893 
894 /*
895  * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n>
896  * syntax for setting the address, the address plus netmask, and just
897  * the netmask respectively.
898  */
899 /* ARGSUSED */
900 static int
901 setifaddr(char *addr, int64_t param)
902 {
903 	int prefixlen = 0;
904 	struct	sockaddr_storage laddr;
905 	struct	sockaddr_storage netmask;
906 	struct	sockaddr_in6 *sin6;
907 	struct	sockaddr_in *sin;
908 	struct	sockaddr_storage sav_netmask;
909 
910 	if (addr[0] == '/')
911 		return (setifprefixlen(addr, 0));
912 
913 	(*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen);
914 
915 	(void) memset(&netmask, 0, sizeof (netmask));
916 	netmask.ss_family = afp->af_af;
917 	switch (prefixlen) {
918 	case NO_PREFIX:
919 		/* Nothing there - ok */
920 		break;
921 	case BAD_ADDR:
922 		(void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n",
923 		    addr);
924 		exit(1);
925 	default:
926 		if (afp->af_af == AF_INET6) {
927 			sin6 = (struct sockaddr_in6 *)&netmask;
928 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
929 			    (uchar_t *)&sin6->sin6_addr)) {
930 				(void) fprintf(stderr, "ifconfig: "
931 				    "Bad prefix length: %d\n",
932 				    prefixlen);
933 				exit(1);
934 			}
935 		} else {
936 			sin = (struct sockaddr_in *)&netmask;
937 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
938 			    (uchar_t *)&sin->sin_addr)) {
939 				(void) fprintf(stderr, "ifconfig: "
940 				    "Bad prefix length: %d\n",
941 				    prefixlen);
942 				exit(1);
943 			}
944 		}
945 		/*
946 		 * Just in case of funny setting of both prefix and netmask,
947 		 * prefix should override the netmask command.
948 		 */
949 		g_netmask_set = G_NETMASK_NIL;
950 		break;
951 	}
952 	/* Tell parser that an address was set */
953 	setaddr++;
954 	/* save copy of netmask to restore in case of error */
955 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
956 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0)
957 		Perror0_exit("SIOCGLIFNETMASK");
958 	sav_netmask = lifr.lifr_addr;
959 
960 	/*
961 	 * If setting the address and not the mask, clear any existing mask
962 	 * and the kernel will then assign the default (netmask has been set
963 	 * to 0 in this case).  If setting both (either by using a prefix or
964 	 * using the netmask command), set the mask first, so the address will
965 	 * be interpreted correctly.
966 	 */
967 	set_mask_lifreq(&lifr, &laddr, &netmask);
968 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
969 		Perror0_exit("SIOCSLIFNETMASK");
970 
971 	if (debug) {
972 		char abuf[INET6_ADDRSTRLEN];
973 		void *addr = (afp->af_af == AF_INET) ?
974 		    (void *)&((struct sockaddr_in *)&laddr)->sin_addr :
975 		    (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr;
976 
977 		(void) printf("Setting %s af %d addr %s\n",
978 		    lifr.lifr_name, afp->af_af,
979 		    inet_ntop(afp->af_af, addr, abuf, sizeof (abuf)));
980 	}
981 	lifr.lifr_addr = laddr;
982 	lifr.lifr_addr.ss_family = afp->af_af;
983 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) {
984 		/*
985 		 * Restore the netmask
986 		 */
987 		int saverr = errno;
988 
989 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
990 		lifr.lifr_addr = sav_netmask;
991 		(void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr);
992 		errno = saverr;
993 		Perror0_exit("SIOCSLIFADDR");
994 	}
995 
996 	return (0);
997 }
998 
999 /*
1000  * The following functions are stolen from the ipseckey(1m) program.
1001  * Perhaps they should be somewhere common, but for now, we just maintain
1002  * two versions.  We do this because of the different semantics for which
1003  * algorithms we select ("requested" for ifconfig vs. "actual" for key).
1004  */
1005 
1006 static ulong_t
1007 parsenum(char *num)
1008 {
1009 	ulong_t rc;
1010 	char *end = NULL;
1011 
1012 	errno = 0;
1013 	rc = strtoul(num, &end, 0);
1014 	if (errno != 0 || end == num || *end != '\0') {
1015 		rc = (ulong_t)-1;
1016 	}
1017 
1018 	return (rc);
1019 }
1020 
1021 /*
1022  * Parse and reverse parse possible algorithm values, include numbers.
1023  * Mostly stolen from ipseckey.c. See the comments above parsenum() for why
1024  * this isn't common to ipseckey.c.
1025  *
1026  * NOTE: Static buffer in this function for the return value.  Since ifconfig
1027  *       isn't multithreaded, this isn't a huge problem.
1028  */
1029 
1030 #define	NBUF_SIZE 20	/* Enough to print a large integer. */
1031 
1032 static char *
1033 rparsealg(uint8_t alg_value, int proto_num)
1034 {
1035 	struct ipsecalgent *alg;
1036 	static char numprint[128];	/* Enough to hold an algorithm name. */
1037 
1038 	/*
1039 	 * Special cases for "any" and "none"
1040 	 * The kernel needs to be able to distinguish between "any"
1041 	 * and "none" and the APIs are underdefined in this area for auth.
1042 	 */
1043 	if (proto_num == IPSEC_PROTO_AH) {
1044 		if (alg_value == SADB_AALG_NONE)
1045 			return ("none");
1046 		if (alg_value == SADB_AALG_ANY)
1047 			return ("any");
1048 	}
1049 
1050 	alg = getipsecalgbynum(alg_value, proto_num, NULL);
1051 	if (alg != NULL) {
1052 		(void) strlcpy(numprint, alg->a_names[0], sizeof (numprint));
1053 		freeipsecalgent(alg);
1054 	} else {
1055 		(void) snprintf(numprint, sizeof (numprint), "%d", alg_value);
1056 	}
1057 
1058 	return (numprint);
1059 }
1060 
1061 static uint_t
1062 parsealg(char *algname, int proto_num)
1063 {
1064 	struct ipsecalgent *alg;
1065 	ulong_t invalue;
1066 
1067 	if (algname == NULL) {
1068 		(void) fprintf(stderr, "ifconfig: Unexpected end of command "
1069 		    "line.\n");
1070 		exit(1);
1071 	}
1072 
1073 	/*
1074 	 * Special-case "none" and "any".
1075 	 * Use strcasecmp because its length is bounded.
1076 	 */
1077 	if (strcasecmp("none", algname) == 0) {
1078 		return ((proto_num == IPSEC_PROTO_ESP) ?
1079 		    NO_ESP_EALG : NO_ESP_AALG);
1080 	}
1081 	if ((strcasecmp("any", algname) == 0) && (proto_num == IPSEC_PROTO_AH))
1082 		return (SADB_AALG_ANY);
1083 
1084 	alg = getipsecalgbyname(algname, proto_num, NULL);
1085 	if (alg != NULL) {
1086 		invalue = alg->a_alg_num;
1087 		freeipsecalgent(alg);
1088 		return ((uint_t)invalue);
1089 	}
1090 
1091 	/*
1092 	 * Since algorithms can be loaded during kernel run-time, check for
1093 	 * numeric algorithm values too.
1094 	 */
1095 	invalue = parsenum(algname);
1096 	if ((invalue & (ulong_t)0xff) == invalue)
1097 		return ((uint_t)invalue);
1098 
1099 	(void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n",
1100 	    (proto_num == IPSEC_PROTO_ESP) ?
1101 	    "Encryption" : "Authentication", algname);
1102 	exit(1);
1103 	/* NOTREACHED */
1104 }
1105 
1106 /*
1107  * Actual ifconfig functions to set tunnel security properties.
1108  */
1109 
1110 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG };
1111 
1112 static int
1113 set_tun_algs(int which_alg, int alg)
1114 {
1115 	boolean_t	encr_alg_set = _B_FALSE;
1116 	iptun_params_t	params;
1117 	dladm_status_t	status;
1118 	ipsec_req_t	*ipsr;
1119 
1120 	if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN,
1121 	    &params.iptun_param_linkid)) != DLADM_STATUS_OK)
1122 		goto done;
1123 
1124 	status = dladm_iptun_getparams(dlh, &params, DLADM_OPT_ACTIVE);
1125 	if (status != DLADM_STATUS_OK)
1126 		goto done;
1127 
1128 	ipsr = &params.iptun_param_secinfo;
1129 
1130 	/*
1131 	 * If I'm just starting off this ifconfig, I want a clean slate,
1132 	 * otherwise, I've captured the current tunnel security settings.
1133 	 * In the case of continuation, I merely add to the settings.
1134 	 */
1135 	if (!(params.iptun_param_flags & IPTUN_PARAM_SECINFO))
1136 		(void) memset(ipsr, 0, sizeof (*ipsr));
1137 
1138 	/* We're only modifying the IPsec information */
1139 	params.iptun_param_flags = IPTUN_PARAM_SECINFO;
1140 
1141 	switch (which_alg) {
1142 	case ESP_ENCR_ALG:
1143 		if (alg == NO_ESP_EALG) {
1144 			if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE)
1145 				ipsr->ipsr_esp_req = 0;
1146 			ipsr->ipsr_esp_alg = SADB_EALG_NONE;
1147 
1148 			/* Let the user specify NULL encryption implicitly. */
1149 			if (ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) {
1150 				encr_alg_set = _B_TRUE;
1151 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1152 			}
1153 		} else {
1154 			encr_alg_set = _B_TRUE;
1155 			ipsr->ipsr_esp_req =
1156 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1157 			ipsr->ipsr_esp_alg = alg;
1158 		}
1159 		break;
1160 	case ESP_AUTH_ALG:
1161 		if (alg == NO_ESP_AALG) {
1162 			if ((ipsr->ipsr_esp_alg == SADB_EALG_NONE ||
1163 			    ipsr->ipsr_esp_alg == SADB_EALG_NULL) &&
1164 			    !encr_alg_set)
1165 				ipsr->ipsr_esp_req = 0;
1166 			ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE;
1167 		} else {
1168 			ipsr->ipsr_esp_req =
1169 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1170 			ipsr->ipsr_esp_auth_alg = alg;
1171 
1172 			/* Let the user specify NULL encryption implicitly. */
1173 			if (ipsr->ipsr_esp_alg == SADB_EALG_NONE &&
1174 			    !encr_alg_set)
1175 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1176 		}
1177 		break;
1178 	case AH_AUTH_ALG:
1179 		if (alg == NO_AH_AALG) {
1180 			ipsr->ipsr_ah_req = 0;
1181 			ipsr->ipsr_auth_alg = SADB_AALG_NONE;
1182 		} else {
1183 			ipsr->ipsr_ah_req =
1184 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1185 			ipsr->ipsr_auth_alg = alg;
1186 		}
1187 		break;
1188 		/* Will never hit DEFAULT */
1189 	}
1190 
1191 	status = dladm_iptun_modify(dlh, &params, DLADM_OPT_ACTIVE);
1192 
1193 done:
1194 	if (status != DLADM_STATUS_OK)
1195 		dladmerr_exit(status, name);
1196 	else {
1197 		ipsec_policy_set = _B_TRUE;
1198 		if ((ipsr->ipsr_esp_req != 0 &&
1199 		    ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) ||
1200 		    (ipsr->ipsr_ah_req != 0 &&
1201 		    ipsr->ipsr_auth_alg != SADB_AALG_NONE))
1202 			ipsec_auth_covered = _B_TRUE;
1203 	}
1204 	return (0);
1205 }
1206 
1207 /* ARGSUSED */
1208 static int
1209 set_tun_esp_encr_alg(char *addr, int64_t param)
1210 {
1211 	return (set_tun_algs(ESP_ENCR_ALG,
1212 	    parsealg(addr, IPSEC_PROTO_ESP)));
1213 }
1214 
1215 /* ARGSUSED */
1216 static int
1217 set_tun_esp_auth_alg(char *addr, int64_t param)
1218 {
1219 	return (set_tun_algs(ESP_AUTH_ALG,
1220 	    parsealg(addr, IPSEC_PROTO_AH)));
1221 }
1222 
1223 /* ARGSUSED */
1224 static int
1225 set_tun_ah_alg(char *addr, int64_t param)
1226 {
1227 	return (set_tun_algs(AH_AUTH_ALG,
1228 	    parsealg(addr, IPSEC_PROTO_AH)));
1229 }
1230 
1231 /* ARGSUSED */
1232 static int
1233 setifrevarp(char *arg, int64_t param)
1234 {
1235 	struct sockaddr_in	laddr;
1236 
1237 	if (afp->af_af == AF_INET6) {
1238 		(void) fprintf(stderr,
1239 		    "ifconfig: revarp not possible on IPv6 interface %s\n",
1240 		    name);
1241 		exit(1);
1242 	}
1243 	if (doifrevarp(name, &laddr)) {
1244 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1245 		laddr.sin_family = AF_INET;
1246 		(void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr));
1247 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1248 			Perror0_exit("SIOCSLIFADDR");
1249 	}
1250 	return (0);
1251 }
1252 
1253 /* ARGSUSED */
1254 static int
1255 setifsubnet(char *addr, int64_t param)
1256 {
1257 	int prefixlen = 0;
1258 	struct	sockaddr_storage subnet;
1259 
1260 	(*afp->af_getaddr)(addr, &subnet, &prefixlen);
1261 
1262 	switch (prefixlen) {
1263 	case NO_PREFIX:
1264 		(void) fprintf(stderr,
1265 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
1266 		exit(1);
1267 		/* NOTREACHED */
1268 	case BAD_ADDR:
1269 		(void) fprintf(stderr,
1270 		    "ifconfig: Bad prefix length in %s\n", addr);
1271 		exit(1);
1272 	default:
1273 		break;
1274 	}
1275 
1276 	lifr.lifr_addr = subnet;
1277 	lifr.lifr_addrlen = prefixlen;
1278 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1279 	if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0)
1280 		Perror0_exit("SIOCSLIFSUBNET");
1281 
1282 	return (0);
1283 }
1284 
1285 /* ARGSUSED */
1286 static int
1287 setifnetmask(char *addr, int64_t param)
1288 {
1289 	struct sockaddr_in netmask;
1290 
1291 	assert(afp->af_af != AF_INET6);
1292 
1293 	if (strcmp(addr, "+") == 0) {
1294 		if (!in_getmask(&netmask, _B_FALSE))
1295 			return (0);
1296 		(void) printf("Setting netmask of %s to %s\n", name,
1297 		    inet_ntoa(netmask.sin_addr));
1298 	} else {
1299 		in_getaddr(addr, (struct sockaddr *)&netmask, NULL);
1300 	}
1301 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1302 	(void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask));
1303 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1304 		Perror0_exit("SIOCSLIFNETMASK");
1305 	return (0);
1306 }
1307 
1308 /*
1309  * Parse '/<n>' as a netmask.
1310  */
1311 /* ARGSUSED */
1312 static int
1313 setifprefixlen(char *addr, int64_t param)
1314 {
1315 	int prefixlen;
1316 	int af = afp->af_af;
1317 
1318 	prefixlen = in_getprefixlen(addr, _B_TRUE,
1319 	    (af == AF_INET) ? IP_ABITS : IPV6_ABITS);
1320 	if (prefixlen < 0) {
1321 		(void) fprintf(stderr,
1322 		    "ifconfig: Bad prefix length in %s\n", addr);
1323 		exit(1);
1324 	}
1325 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1326 	lifr.lifr_addr.ss_family = af;
1327 	if (af == AF_INET6) {
1328 		struct sockaddr_in6 *sin6;
1329 
1330 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
1331 		if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1332 		    (uchar_t *)&sin6->sin6_addr)) {
1333 			(void) fprintf(stderr, "ifconfig: "
1334 			    "Bad prefix length: %d\n",
1335 			    prefixlen);
1336 			exit(1);
1337 		}
1338 	} else if (af == AF_INET) {
1339 		struct sockaddr_in *sin;
1340 
1341 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
1342 		if (!in_prefixlentomask(prefixlen, IP_ABITS,
1343 		    (uchar_t *)&sin->sin_addr)) {
1344 			(void) fprintf(stderr, "ifconfig: "
1345 			    "Bad prefix length: %d\n",
1346 			    prefixlen);
1347 			exit(1);
1348 		}
1349 	} else {
1350 		(void) fprintf(stderr, "ifconfig: setting prefix only supported"
1351 		    " for address family inet or inet6\n");
1352 		exit(1);
1353 	}
1354 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1355 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1356 		Perror0_exit("SIOCSLIFNETMASK");
1357 	return (0);
1358 }
1359 
1360 /* ARGSUSED */
1361 static int
1362 setifbroadaddr(char *addr, int64_t param)
1363 {
1364 	struct	sockaddr_in broadaddr;
1365 
1366 	assert(afp->af_af != AF_INET6);
1367 
1368 	if (strcmp(addr, "+") == 0) {
1369 		/*
1370 		 * This doesn't set the broadcast address at all. Rather, it
1371 		 * gets, then sets the interface's address, relying on the fact
1372 		 * that resetting the address will reset the broadcast address.
1373 		 */
1374 		(void) strncpy(lifr.lifr_name, name,
1375 		    sizeof (lifr.lifr_name));
1376 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
1377 			if (errno != EADDRNOTAVAIL)
1378 				Perror0_exit("SIOCGLIFADDR");
1379 			return (0);
1380 		}
1381 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1382 			Perror0_exit("SIOCGLIFADDR");
1383 
1384 		return (0);
1385 	}
1386 	in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL);
1387 
1388 	(void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr));
1389 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1390 	if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0)
1391 		Perror0_exit("SIOCSLIFBRDADDR");
1392 	return (0);
1393 }
1394 
1395 /*
1396  * set interface destination address
1397  */
1398 /* ARGSUSED */
1399 static int
1400 setifdstaddr(char *addr, int64_t param)
1401 {
1402 	(*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL);
1403 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1404 	if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0)
1405 		Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR");
1406 	return (0);
1407 }
1408 
1409 /* ARGSUSED */
1410 static int
1411 setifflags(char *val, int64_t value)
1412 {
1413 	struct lifreq lifrl;	/* local lifreq struct */
1414 	boolean_t bringup = _B_FALSE;
1415 
1416 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1417 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0)
1418 		Perror0_exit("setifflags: SIOCGLIFFLAGS");
1419 
1420 	if (value < 0) {
1421 		value = -value;
1422 
1423 		if ((value & IFF_NOFAILOVER) && (lifr.lifr_flags & IFF_UP)) {
1424 			/*
1425 			 * The kernel does not allow administratively up test
1426 			 * addresses to be converted to data addresses.  Bring
1427 			 * the address down first, then bring it up after it's
1428 			 * been converted to a data address.
1429 			 */
1430 			lifr.lifr_flags &= ~IFF_UP;
1431 			(void) ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr);
1432 			bringup = _B_TRUE;
1433 		}
1434 
1435 		lifr.lifr_flags &= ~value;
1436 		if ((value & (IFF_UP | IFF_NOFAILOVER)) &&
1437 		    (lifr.lifr_flags & IFF_DUPLICATE)) {
1438 			/*
1439 			 * If the user is trying to mark an interface with a
1440 			 * duplicate address as "down," or convert a duplicate
1441 			 * test address to a data address, then fetch the
1442 			 * address and set it.  This will cause IP to clear
1443 			 * the IFF_DUPLICATE flag and stop the automatic
1444 			 * recovery timer.
1445 			 */
1446 			value = lifr.lifr_flags;
1447 			if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0)
1448 				(void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr);
1449 			lifr.lifr_flags = value;
1450 		}
1451 	} else {
1452 		lifr.lifr_flags |= value;
1453 	}
1454 
1455 	/*
1456 	 * If we're about to bring up an underlying physical IPv6 interface in
1457 	 * an IPMP group, ensure the IPv6 IPMP interface is also up.  This is
1458 	 * for backward compatibility with legacy configurations in which
1459 	 * there are no explicit hostname files for IPMP interfaces.  (For
1460 	 * IPv4, this is automatically handled by the kernel when migrating
1461 	 * the underlying interface's data address to the IPMP interface.)
1462 	 */
1463 	(void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ);
1464 
1465 	if (lifnum(lifr.lifr_name) == 0 &&
1466 	    (lifr.lifr_flags & (IFF_UP|IFF_IPV6)) == (IFF_UP|IFF_IPV6) &&
1467 	    ioctl(s, SIOCGLIFGROUPNAME, &lifrl) == 0 &&
1468 	    lifrl.lifr_groupname[0] != '\0') {
1469 		lifgroupinfo_t lifgr;
1470 
1471 		(void) strlcpy(lifgr.gi_grname, lifrl.lifr_groupname,
1472 		    LIFGRNAMSIZ);
1473 		if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1)
1474 			Perror0_exit("setifflags: SIOCGLIFGROUPINFO");
1475 
1476 		(void) strlcpy(lifrl.lifr_name, lifgr.gi_grifname, LIFNAMSIZ);
1477 		if (ioctl(s, SIOCGLIFFLAGS, &lifrl) == -1)
1478 			Perror0_exit("setifflags: SIOCGLIFFLAGS");
1479 		if (!(lifrl.lifr_flags & IFF_UP)) {
1480 			lifrl.lifr_flags |= IFF_UP;
1481 			if (ioctl(s, SIOCSLIFFLAGS, &lifrl) == -1)
1482 				Perror0_exit("setifflags: SIOCSLIFFLAGS");
1483 		}
1484 	}
1485 
1486 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1487 	if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0)
1488 		Perror0_exit("setifflags: SIOCSLIFFLAGS");
1489 
1490 	if (bringup) {
1491 		lifr.lifr_flags |= IFF_UP;
1492 		if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0)
1493 			Perror0_exit("setifflags: SIOCSLIFFLAGS IFF_UP");
1494 	}
1495 
1496 	return (0);
1497 }
1498 
1499 /* ARGSUSED */
1500 static int
1501 setifmetric(char *val, int64_t param)
1502 {
1503 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1504 	lifr.lifr_metric = atoi(val);
1505 	if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0)
1506 		Perror0_exit("setifmetric: SIOCSLIFMETRIC");
1507 	return (0);
1508 }
1509 
1510 /* ARGSUSED */
1511 static int
1512 setifmtu(char *val, int64_t param)
1513 {
1514 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1515 	lifr.lifr_mtu = atoi(val);
1516 	if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0)
1517 		Perror0_exit("setifmtu: SIOCSLIFMTU");
1518 	return (0);
1519 }
1520 
1521 /* ARGSUSED */
1522 static int
1523 setifindex(char *val, int64_t param)
1524 {
1525 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1526 	lifr.lifr_index = atoi(val);
1527 	if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0)
1528 		Perror0_exit("setifindex: SIOCSLIFINDEX");
1529 	return (0);
1530 }
1531 
1532 /* ARGSUSED */
1533 static void
1534 notifycb(dlpi_handle_t dh, dlpi_notifyinfo_t *dnip, void *arg)
1535 {
1536 }
1537 
1538 /* ARGSUSED */
1539 static int
1540 setifether(char *addr, int64_t param)
1541 {
1542 	uchar_t		*hwaddr;
1543 	int		hwaddrlen;
1544 	int		retval;
1545 	ifaddrlistx_t	*ifaddrp, *ifaddrs = NULL;
1546 	dlpi_handle_t	dh;
1547 	dlpi_notifyid_t id;
1548 
1549 	if (addr == NULL) {
1550 		ifstatus(name);
1551 		print_ifether(name);
1552 		return (0);
1553 	}
1554 
1555 	/*
1556 	 * if the IP interface in the arguments is a logical
1557 	 * interface, exit with an error now.
1558 	 */
1559 	if (strchr(name, ':') != NULL) {
1560 		(void) fprintf(stderr, "ifconfig: cannot change"
1561 		    " ethernet address of a logical interface\n");
1562 		exit(1);
1563 	}
1564 
1565 	if ((hwaddr = _link_aton(addr, &hwaddrlen)) == NULL) {
1566 		if (hwaddrlen == -1)
1567 			(void) fprintf(stderr,
1568 			    "ifconfig: %s: bad address\n", hwaddr);
1569 		else
1570 			(void) fprintf(stderr, "ifconfig: malloc() failed\n");
1571 		exit(1);
1572 	}
1573 
1574 	if ((retval = dlpi_open(name, &dh, 0)) != DLPI_SUCCESS)
1575 		Perrdlpi_exit("cannot dlpi_open() link", name, retval);
1576 
1577 	retval = dlpi_enabnotify(dh, DL_NOTE_PHYS_ADDR, notifycb, NULL, &id);
1578 	if (retval == DLPI_SUCCESS) {
1579 		(void) dlpi_disabnotify(dh, id, NULL);
1580 	} else {
1581 		/*
1582 		 * This link does not support DL_NOTE_PHYS_ADDR: bring down
1583 		 * all of the addresses to flush the old hardware address
1584 		 * information out of IP.
1585 		 *
1586 		 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is
1587 		 * more than an optimization: in.mpathd will set IFF_OFFLINE
1588 		 * if it's notified and the new address is a duplicate of
1589 		 * another in the group -- but the flags manipulation in
1590 		 * ifaddr_{down,up}() cannot be atomic and thus might clobber
1591 		 * IFF_OFFLINE, confusing in.mpathd.
1592 		 */
1593 		if (ifaddrlistx(name, IFF_UP, 0, &ifaddrs) == -1)
1594 			Perror2_exit(name, "cannot get address list");
1595 
1596 		ifaddrp = ifaddrs;
1597 		for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
1598 			if (!ifaddr_down(ifaddrp)) {
1599 				Perror2_exit(ifaddrp->ia_name,
1600 				    "cannot bring down");
1601 			}
1602 		}
1603 	}
1604 
1605 	/*
1606 	 * Change the hardware address.
1607 	 */
1608 	retval = dlpi_set_physaddr(dh, DL_CURR_PHYS_ADDR, hwaddr, hwaddrlen);
1609 	if (retval != DLPI_SUCCESS) {
1610 		(void) fprintf(stderr,
1611 		    "ifconfig: failed setting mac address on %s\n", name);
1612 	}
1613 	dlpi_close(dh);
1614 
1615 	/*
1616 	 * If any addresses were brought down before changing the hardware
1617 	 * address, bring them up again.
1618 	 */
1619 	for (ifaddrp = ifaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
1620 		if (!ifaddr_up(ifaddrp))
1621 			Perror2_exit(ifaddrp->ia_name, "cannot bring up");
1622 	}
1623 	ifaddrlistx_free(ifaddrs);
1624 
1625 	return (0);
1626 }
1627 
1628 /*
1629  * Print an interface's Ethernet address, if it has one.
1630  */
1631 static void
1632 print_ifether(char *ifname)
1633 {
1634 	int fd;
1635 
1636 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1637 
1638 	fd = socket(AF_INET, SOCK_DGRAM, 0);
1639 	if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1640 		/*
1641 		 * It's possible the interface is only configured for
1642 		 * IPv6; check again with AF_INET6.
1643 		 */
1644 		(void) close(fd);
1645 		fd = socket(AF_INET6, SOCK_DGRAM, 0);
1646 		if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1647 			(void) close(fd);
1648 			return;
1649 		}
1650 	}
1651 	(void) close(fd);
1652 
1653 	/* VNI and IPMP interfaces don't have MAC addresses */
1654 	if (lifr.lifr_flags & (IFF_VIRTUAL|IFF_IPMP))
1655 		return;
1656 
1657 	/* IP tunnels also don't have Ethernet-like MAC addresses */
1658 	if (ifconfig_dladm_open(ifname, DATALINK_CLASS_IPTUN, NULL) ==
1659 	    DLADM_STATUS_OK)
1660 		return;
1661 
1662 	dlpi_print_address(ifname);
1663 }
1664 
1665 /*
1666  * static int find_all_interfaces(struct lifconf *lifcp, char **buf,
1667  *     int64_t lifc_flags)
1668  *
1669  * It finds all active data links.
1670  *
1671  * It takes in input a pointer to struct lifconf to receive interfaces
1672  * informations, a **char to hold allocated buffer, and a lifc_flags.
1673  *
1674  * Return values:
1675  *  0 = everything OK
1676  * -1 = problem
1677  */
1678 static int
1679 find_all_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags)
1680 {
1681 	unsigned bufsize;
1682 	int n;
1683 	ni_t *nip;
1684 	struct lifreq *lifrp;
1685 	dladm_status_t status;
1686 
1687 	if (!dlh_opened) {
1688 		status = ifconfig_dladm_open(NULL, 0, NULL);
1689 		if (status != DLADM_STATUS_OK)
1690 			dladmerr_exit(status, "unable to open dladm handle");
1691 	}
1692 
1693 	(void) dlpi_walk(ni_entry, dlh, 0);
1694 
1695 	/* Now, translate the linked list into a struct lifreq buffer */
1696 	if (num_ni == 0) {
1697 		lifcp->lifc_family = AF_UNSPEC;
1698 		lifcp->lifc_flags = lifc_flags;
1699 		lifcp->lifc_len = 0;
1700 		lifcp->lifc_buf = NULL;
1701 		return (0);
1702 	}
1703 
1704 	bufsize = num_ni * sizeof (struct lifreq);
1705 	if ((*buf = malloc(bufsize)) == NULL)
1706 		Perror0_exit("find_all_interfaces: malloc failed");
1707 
1708 	lifcp->lifc_family = AF_UNSPEC;
1709 	lifcp->lifc_flags = lifc_flags;
1710 	lifcp->lifc_len = bufsize;
1711 	lifcp->lifc_buf = *buf;
1712 
1713 	for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) {
1714 		nip = ni_list;
1715 		(void) strncpy(lifrp->lifr_name, nip->ni_name,
1716 		    sizeof (lifr.lifr_name));
1717 		ni_list = nip->ni_next;
1718 		free(nip);
1719 	}
1720 	return (0);
1721 }
1722 
1723 /*
1724  * Create the next unused logical interface using the original name
1725  * and assign the address (and mask if '/<n>' is part of the address).
1726  * Use the new logical interface for subsequent subcommands by updating
1727  * the name variable.
1728  *
1729  * This allows syntax like:
1730  *	ifconfig le0 addif 109.106.86.130 netmask + up \
1731  *	addif 109.106.86.131 netmask + up
1732  */
1733 /* ARGSUSED */
1734 static int
1735 addif(char *str, int64_t param)
1736 {
1737 	int prefixlen = 0;
1738 	struct sockaddr_storage laddr;
1739 	struct sockaddr_storage mask;
1740 
1741 	(void) strncpy(name, origname, sizeof (name));
1742 
1743 	if (strchr(name, ':') != NULL) {
1744 		(void) fprintf(stderr,
1745 		    "ifconfig: addif: bad physical interface name %s\n",
1746 		    name);
1747 		exit(1);
1748 	}
1749 
1750 	/*
1751 	 * clear so parser will interpret next address as source followed
1752 	 * by possible dest
1753 	 */
1754 	setaddr = 0;
1755 	(*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen);
1756 
1757 	switch (prefixlen) {
1758 	case NO_PREFIX:
1759 		/* Nothing there - ok */
1760 		break;
1761 	case BAD_ADDR:
1762 		(void) fprintf(stderr,
1763 		    "ifconfig: Bad prefix length in %s\n", str);
1764 		exit(1);
1765 	default:
1766 		(void) memset(&mask, 0, sizeof (mask));
1767 		mask.ss_family = afp->af_af;
1768 		if (afp->af_af == AF_INET6) {
1769 			struct sockaddr_in6 *sin6;
1770 			sin6 = (struct sockaddr_in6 *)&mask;
1771 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1772 			    (uchar_t *)&sin6->sin6_addr)) {
1773 				(void) fprintf(stderr, "ifconfig: "
1774 				    "Bad prefix length: %d\n",
1775 				    prefixlen);
1776 				exit(1);
1777 			}
1778 		} else {
1779 			struct sockaddr_in *sin;
1780 
1781 			sin = (struct sockaddr_in *)&mask;
1782 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
1783 			    (uchar_t *)&sin->sin_addr)) {
1784 				(void) fprintf(stderr, "ifconfig: "
1785 				    "Bad prefix length: %d\n",
1786 				    prefixlen);
1787 				exit(1);
1788 			}
1789 		}
1790 		g_netmask_set = G_NETMASK_NIL;
1791 		break;
1792 	}
1793 
1794 	/*
1795 	 * This is a "hack" to get around the problem of SIOCLIFADDIF.  The
1796 	 * problem is that this ioctl does not include the netmask when
1797 	 * adding a logical interface.  This is the same problem described
1798 	 * in the ifconfig() comments.  To get around this problem, we first
1799 	 * add the logical interface with a 0 address.  After that, we set
1800 	 * the netmask if provided.  Finally we set the interface address.
1801 	 */
1802 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1803 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1804 
1805 	/* Note: no need to do DAD here since the interface isn't up yet. */
1806 
1807 	if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0)
1808 		Perror0_exit("addif: SIOCLIFADDIF");
1809 
1810 	(void) printf("Created new logical interface %s\n",
1811 	    lifr.lifr_name);
1812 	(void) strncpy(name, lifr.lifr_name, sizeof (name));
1813 
1814 	/*
1815 	 * Check and see if any "netmask" command is used and perform the
1816 	 * necessary operation.
1817 	 */
1818 	set_mask_lifreq(&lifr, &laddr, &mask);
1819 	/*
1820 	 * Only set the netmask if "netmask" command is used or a prefix is
1821 	 * provided.
1822 	 */
1823 	if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) {
1824 		if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1825 			Perror0_exit("addif: SIOCSLIFNETMASK");
1826 	}
1827 
1828 	/* Finally, we set the interface address. */
1829 	lifr.lifr_addr = laddr;
1830 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1831 		Perror0_exit("SIOCSLIFADDR");
1832 
1833 	/*
1834 	 * let parser know we got a source.
1835 	 * Next address, if given, should be dest
1836 	 */
1837 	setaddr++;
1838 	return (0);
1839 }
1840 
1841 /*
1842  * Remove a logical interface based on its IP address. Unlike addif
1843  * there is no '/<n>' here.
1844  * Verifies that the interface is down before it is removed.
1845  */
1846 /* ARGSUSED */
1847 static int
1848 removeif(char *str, int64_t param)
1849 {
1850 	struct sockaddr_storage laddr;
1851 
1852 	if (strchr(name, ':') != NULL) {
1853 		(void) fprintf(stderr,
1854 		    "ifconfig: removeif: bad physical interface name %s\n",
1855 		    name);
1856 		exit(1);
1857 	}
1858 
1859 	(*afp->af_getaddr)(str, &laddr, NULL);
1860 	lifr.lifr_addr = laddr;
1861 
1862 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1863 	if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) {
1864 		if (errno == EBUSY) {
1865 			/* This can only happen if ipif_id = 0 */
1866 			(void) fprintf(stderr,
1867 			    "ifconfig: removeif: can't remove interface: %s\n",
1868 			    name);
1869 			exit(1);
1870 		}
1871 		Perror0_exit("removeif: SIOCLIFREMOVEIF");
1872 	}
1873 	return (0);
1874 }
1875 
1876 /*
1877  * Set the address token for IPv6.
1878  */
1879 /* ARGSUSED */
1880 static int
1881 setiftoken(char *addr, int64_t param)
1882 {
1883 	int prefixlen = 0;
1884 	struct sockaddr_in6 token;
1885 
1886 	in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen);
1887 	switch (prefixlen) {
1888 	case NO_PREFIX:
1889 		(void) fprintf(stderr,
1890 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
1891 		exit(1);
1892 		/* NOTREACHED */
1893 	case BAD_ADDR:
1894 		(void) fprintf(stderr,
1895 		    "ifconfig: Bad prefix length in %s\n", addr);
1896 		exit(1);
1897 	default:
1898 		break;
1899 	}
1900 	(void) memcpy(&lifr.lifr_addr, &token, sizeof (token));
1901 	lifr.lifr_addrlen = prefixlen;
1902 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1903 	if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0)  {
1904 		Perror0_exit("setiftoken: SIOCSLIFTOKEN");
1905 	}
1906 	return (0);
1907 }
1908 
1909 /* ARGSUSED */
1910 static int
1911 setifgroupname(char *grname, int64_t param)
1912 {
1913 	lifgroupinfo_t		lifgr;
1914 	struct lifreq		lifrl;
1915 	ifaddrlistx_t		*ifaddrp, *nextifaddrp;
1916 	ifaddrlistx_t		*ifaddrs = NULL, *downaddrs = NULL;
1917 	int			af;
1918 
1919 	if (debug) {
1920 		(void) printf("Setting groupname %s on interface %s\n",
1921 		    grname, name);
1922 	}
1923 
1924 	(void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ);
1925 	(void) strlcpy(lifrl.lifr_groupname, grname, LIFGRNAMSIZ);
1926 
1927 	while (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) {
1928 		switch (errno) {
1929 		case ENOENT:
1930 			/*
1931 			 * The group doesn't yet exist; create it and repeat.
1932 			 */
1933 			af = afp->af_af;
1934 			if (create_ipmp(grname, af, NULL, _B_TRUE) == -1) {
1935 				if (errno == EEXIST)
1936 					continue;
1937 
1938 				Perror2(grname, "cannot create IPMP group");
1939 				goto fail;
1940 			}
1941 			continue;
1942 
1943 		case EALREADY:
1944 			/*
1945 			 * The interface is already in another group; must
1946 			 * remove existing membership first.
1947 			 */
1948 			lifrl.lifr_groupname[0] = '\0';
1949 			if (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) {
1950 				Perror2(name, "cannot remove existing "
1951 				    "IPMP group membership");
1952 				goto fail;
1953 			}
1954 			(void) strlcpy(lifrl.lifr_groupname, grname,
1955 			    LIFGRNAMSIZ);
1956 			continue;
1957 
1958 		case EAFNOSUPPORT:
1959 			/*
1960 			 * The group exists, but it's not configured with the
1961 			 * address families the interface needs.  Since only
1962 			 * two address families are currently supported, just
1963 			 * configure the "other" address family.  Note that we
1964 			 * may race with group deletion or creation by another
1965 			 * process (ENOENT or EEXIST); in such cases we repeat
1966 			 * our original SIOCSLIFGROUPNAME.
1967 			 */
1968 			(void) strlcpy(lifgr.gi_grname, grname, LIFGRNAMSIZ);
1969 			if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) {
1970 				if (errno == ENOENT)
1971 					continue;
1972 
1973 				Perror2(grname, "SIOCGLIFGROUPINFO");
1974 				goto fail;
1975 			}
1976 
1977 			af = lifgr.gi_v4 ? AF_INET6 : AF_INET;
1978 			if (create_ipmp(grname, af, lifgr.gi_grifname,
1979 			    _B_TRUE) == -1) {
1980 				if (errno == EEXIST)
1981 					continue;
1982 
1983 				Perror2(grname, "cannot configure IPMP group");
1984 				goto fail;
1985 			}
1986 			continue;
1987 
1988 		case EADDRINUSE:
1989 			/*
1990 			 * Some addresses are in-use (or under control of DAD).
1991 			 * Bring them down and retry the group join operation.
1992 			 * We will bring them back up after the interface has
1993 			 * been placed in the group.
1994 			 */
1995 			if (ifaddrlistx(lifrl.lifr_name, IFF_UP|IFF_DUPLICATE,
1996 			    0, &ifaddrs) == -1) {
1997 				Perror2(grname, "cannot get address list");
1998 				goto fail;
1999 			}
2000 
2001 			ifaddrp = ifaddrs;
2002 			for (; ifaddrp != NULL; ifaddrp = nextifaddrp) {
2003 				if (!ifaddr_down(ifaddrp)) {
2004 					ifaddrs = ifaddrp;
2005 					goto fail;
2006 				}
2007 				nextifaddrp = ifaddrp->ia_next;
2008 				ifaddrp->ia_next = downaddrs;
2009 				downaddrs = ifaddrp;
2010 			}
2011 			ifaddrs = NULL;
2012 			continue;
2013 
2014 		case EADDRNOTAVAIL: {
2015 			/*
2016 			 * Some data addresses are under application control.
2017 			 * For some of these (e.g., ADDRCONF), the application
2018 			 * should remove the address, in which case we retry a
2019 			 * few times (since the application's action is not
2020 			 * atomic with respect to us) before bailing out and
2021 			 * informing the user.
2022 			 */
2023 			int ntries, nappaddr = 0;
2024 			const if_appflags_t *iap = if_appflags_tbl;
2025 
2026 			for (; iap->ia_app != NULL; iap++) {
2027 				ntries = 0;
2028 again:
2029 				if (ifaddrlistx(lifrl.lifr_name, iap->ia_flag,
2030 				    IFF_NOFAILOVER, &ifaddrs) == -1) {
2031 					(void) fprintf(stderr, "ifconfig: %s: "
2032 					    "cannot get data addresses managed "
2033 					    "by %s\n", lifrl.lifr_name,
2034 					    iap->ia_app);
2035 					goto fail;
2036 				}
2037 
2038 				if (ifaddrs == NULL)
2039 					continue;
2040 
2041 				ifaddrlistx_free(ifaddrs);
2042 				ifaddrs = NULL;
2043 
2044 				if (++ntries < iap->ia_tries) {
2045 					(void) poll(NULL, 0, 100);
2046 					goto again;
2047 				}
2048 
2049 				(void) fprintf(stderr, "ifconfig: cannot join "
2050 				    "IPMP group: %s has data addresses managed "
2051 				    "by %s\n", lifrl.lifr_name, iap->ia_app);
2052 				nappaddr++;
2053 			}
2054 			if (nappaddr > 0)
2055 				goto fail;
2056 			continue;
2057 		}
2058 		default:
2059 			Perror2(name, "SIOCSLIFGROUPNAME");
2060 			goto fail;
2061 		}
2062 	}
2063 
2064 	/*
2065 	 * If there were addresses that we had to bring down, it's time to
2066 	 * bring them up again.  As part of bringing them up, the kernel will
2067 	 * automatically move them to the new IPMP interface.
2068 	 */
2069 	for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
2070 		if (!ifaddr_up(ifaddrp) && errno != ENXIO) {
2071 			(void) fprintf(stderr, "ifconfig: cannot bring back up "
2072 			    "%s: %s\n", ifaddrp->ia_name, strerror(errno));
2073 		}
2074 	}
2075 	ifaddrlistx_free(downaddrs);
2076 	return (0);
2077 fail:
2078 	/*
2079 	 * Attempt to bring back up any interfaces that we downed.
2080 	 */
2081 	for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
2082 		if (!ifaddr_up(ifaddrp) && errno != ENXIO) {
2083 			(void) fprintf(stderr, "ifconfig: cannot bring back up "
2084 			    "%s: %s\n", ifaddrp->ia_name, strerror(errno));
2085 		}
2086 	}
2087 	ifaddrlistx_free(downaddrs);
2088 	ifaddrlistx_free(ifaddrs);
2089 
2090 	/*
2091 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2092 	 * into the exit status, so we're forced to explicitly exit().
2093 	 */
2094 	exit(1);
2095 	/* NOTREACHED */
2096 }
2097 
2098 static boolean_t
2099 modcheck(const char *ifname)
2100 {
2101 	(void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2102 
2103 	if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) {
2104 		Perror0("SIOCGLIFFLAGS");
2105 		return (_B_FALSE);
2106 	}
2107 
2108 	if (lifr.lifr_flags & IFF_IPMP) {
2109 		(void) fprintf(stderr, "ifconfig: %s: module operations not"
2110 		    " supported on IPMP interfaces\n", ifname);
2111 		return (_B_FALSE);
2112 	}
2113 	if (lifr.lifr_flags & IFF_VIRTUAL) {
2114 		(void) fprintf(stderr, "ifconfig: %s: module operations not"
2115 		    " supported on virtual IP interfaces\n", ifname);
2116 		return (_B_FALSE);
2117 	}
2118 	return (_B_TRUE);
2119 }
2120 
2121 /*
2122  * To list all the modules above a given network interface.
2123  */
2124 /* ARGSUSED */
2125 static int
2126 modlist(char *null, int64_t param)
2127 {
2128 	int muxid_fd;
2129 	int muxfd;
2130 	int ipfd_lowstr;
2131 	int arpfd_lowstr;
2132 	int num_mods;
2133 	int i;
2134 	struct str_list strlist;
2135 	int orig_arpid;
2136 
2137 	/*
2138 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2139 	 * into the exit status, so we're forced to explicitly exit().
2140 	 */
2141 	if (!modcheck(name))
2142 		exit(1);
2143 
2144 	if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr,
2145 	    &orig_arpid) < 0) {
2146 		return (-1);
2147 	}
2148 	if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) {
2149 		Perror0("cannot I_LIST to get the number of modules");
2150 	} else {
2151 		if (debug > 0) {
2152 			(void) printf("Listing (%d) modules above %s\n",
2153 			    num_mods, name);
2154 		}
2155 
2156 		strlist.sl_nmods = num_mods;
2157 		strlist.sl_modlist = malloc(sizeof (struct str_mlist) *
2158 		    num_mods);
2159 		if (strlist.sl_modlist == NULL) {
2160 			Perror0("cannot malloc");
2161 		} else {
2162 			if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) {
2163 				Perror0("cannot I_LIST for module names");
2164 			} else {
2165 				for (i = 0; i < strlist.sl_nmods; i++) {
2166 					(void) printf("%d %s\n", i,
2167 					    strlist.sl_modlist[i].l_name);
2168 				}
2169 			}
2170 			free(strlist.sl_modlist);
2171 		}
2172 	}
2173 	return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr,
2174 	    orig_arpid));
2175 }
2176 
2177 #define	MODINSERT_OP	'i'
2178 #define	MODREMOVE_OP	'r'
2179 
2180 /*
2181  * To insert a module to the stream of the interface.  It is just a
2182  * wrapper.  The real function is modop().
2183  */
2184 /* ARGSUSED */
2185 static int
2186 modinsert(char *arg, int64_t param)
2187 {
2188 	return (modop(arg, MODINSERT_OP));
2189 }
2190 
2191 /*
2192  * To remove a module from the stream of the interface.  It is just a
2193  * wrapper.  The real function is modop().
2194  */
2195 /* ARGSUSED */
2196 static int
2197 modremove(char *arg, int64_t param)
2198 {
2199 	return (modop(arg, MODREMOVE_OP));
2200 }
2201 
2202 /*
2203  * Open a stream on /dev/udp{,6}, pop off all undesired modules (note that
2204  * the user may have configured autopush to add modules above
2205  * udp), and push the arp module onto the resulting stream.
2206  * This is used to make IP+ARP be able to atomically track the muxid
2207  * for the I_PLINKed STREAMS, thus it isn't related to ARP running the ARP
2208  * protocol.
2209  */
2210 static int
2211 open_arp_on_udp(char *udp_dev_name)
2212 {
2213 	int fd;
2214 
2215 	if ((fd = open(udp_dev_name, O_RDWR)) == -1) {
2216 		Perror2("open", udp_dev_name);
2217 		return (-1);
2218 	}
2219 	errno = 0;
2220 	while (ioctl(fd, I_POP, 0) != -1)
2221 		;
2222 	if (errno != EINVAL) {
2223 		Perror2("pop", udp_dev_name);
2224 	} else if (ioctl(fd, I_PUSH, ARP_MOD_NAME) == -1) {
2225 		Perror2("arp PUSH", udp_dev_name);
2226 	} else {
2227 		return (fd);
2228 	}
2229 	(void) close(fd);
2230 	return (-1);
2231 }
2232 
2233 /*
2234  * Helper function for mod*() functions.  It gets a fd to the lower IP
2235  * stream and I_PUNLINK's the lower stream.  It also initializes the
2236  * global variable lifr.
2237  *
2238  * Param:
2239  *	int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2240  *	int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2241  *	int *ipfd_lowstr: fd to the lower IP stream.
2242  *	int *arpfd_lowstr: fd to the lower ARP stream.
2243  *
2244  * Return:
2245  *	-1 if operation fails, 0 otherwise.
2246  *
2247  * Please see the big block comment above ifplumb() for the logic of the
2248  * PLINK/PUNLINK
2249  */
2250 static int
2251 ip_domux2fd(int *muxfd, int *muxid_fd, int *ipfd_lowstr, int *arpfd_lowstr,
2252     int *orig_arpid)
2253 {
2254 	uint64_t	flags;
2255 	char		*udp_dev_name;
2256 
2257 	*orig_arpid = 0;
2258 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2259 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2260 		Perror0_exit("status: SIOCGLIFFLAGS");
2261 	}
2262 	flags = lifr.lifr_flags;
2263 	if (flags & IFF_IPV4) {
2264 		udp_dev_name = UDP_DEV_NAME;
2265 	} else if (flags & IFF_IPV6) {
2266 		udp_dev_name = UDP6_DEV_NAME;
2267 	} else {
2268 		return (-1);
2269 	}
2270 
2271 	if ((*muxid_fd = open(udp_dev_name, O_RDWR)) < 0) {
2272 		Perror2("open", udp_dev_name);
2273 		return (-1);
2274 	}
2275 	if (ioctl(*muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
2276 		Perror2("SIOCGLIFMUXID", udp_dev_name);
2277 		return (-1);
2278 	}
2279 	if (debug > 0) {
2280 		(void) printf("ARP_muxid %d IP_muxid %d\n",
2281 		    lifr.lifr_arp_muxid, lifr.lifr_ip_muxid);
2282 	}
2283 
2284 	/*
2285 	 * Use /dev/udp{,6} as the mux to avoid linkcycles.
2286 	 */
2287 	if ((*muxfd = open_arp_on_udp(udp_dev_name)) == -1)
2288 		return (-1);
2289 
2290 	if (lifr.lifr_arp_muxid != 0) {
2291 		if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2292 		    lifr.lifr_arp_muxid)) < 0) {
2293 			if ((errno == EINVAL) &&
2294 			    (flags & (IFF_NOARP | IFF_IPV6))) {
2295 				/*
2296 				 * Some plumbing utilities set the muxid to
2297 				 * -1 or some invalid value to signify that
2298 				 * there is no arp stream. Set the muxid to 0
2299 				 * before trying to unplumb the IP stream.
2300 				 * IP does not allow the IP stream to be
2301 				 * unplumbed if it sees a non-null arp muxid,
2302 				 * for consistency of IP-ARP streams.
2303 				 */
2304 				*orig_arpid = lifr.lifr_arp_muxid;
2305 				lifr.lifr_arp_muxid = 0;
2306 				(void) ioctl(*muxid_fd, SIOCSLIFMUXID,
2307 				    (caddr_t)&lifr);
2308 				*arpfd_lowstr = -1;
2309 			} else {
2310 				Perror0("_I_MUXID2FD");
2311 				return (-1);
2312 			}
2313 		} else if (ioctl(*muxfd, I_PUNLINK,
2314 		    lifr.lifr_arp_muxid) < 0) {
2315 			Perror2("I_PUNLINK", udp_dev_name);
2316 			return (-1);
2317 		}
2318 	} else {
2319 		*arpfd_lowstr = -1;
2320 	}
2321 
2322 	if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2323 	    lifr.lifr_ip_muxid)) < 0) {
2324 		Perror0("_I_MUXID2FD");
2325 		/* Undo any changes we made */
2326 		if (*orig_arpid != 0) {
2327 			lifr.lifr_arp_muxid = *orig_arpid;
2328 			(void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2329 		}
2330 		return (-1);
2331 	}
2332 	if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) {
2333 		Perror2("I_PUNLINK", udp_dev_name);
2334 		/* Undo any changes we made */
2335 		if (*orig_arpid != 0) {
2336 			lifr.lifr_arp_muxid = *orig_arpid;
2337 			(void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2338 		}
2339 		return (-1);
2340 	}
2341 	return (0);
2342 }
2343 
2344 /*
2345  * Helper function for mod*() functions.  It I_PLINK's back the upper and
2346  * lower IP streams.  Note that this function must be called after
2347  * ip_domux2fd().  In ip_domux2fd(), the global variable lifr is initialized
2348  * and ip_plink() needs information in lifr.  So ip_domux2fd() and ip_plink()
2349  * must be called in pairs.
2350  *
2351  * Param:
2352  *	int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2353  *	int muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2354  *	int ipfd_lowstr: fd to the lower IP stream.
2355  *	int arpfd_lowstr: fd to the lower ARP stream.
2356  *
2357  * Return:
2358  *	-1 if operation fails, 0 otherwise.
2359  *
2360  * Please see the big block comment above ifplumb() for the logic of the
2361  * PLINK/PUNLINK
2362  */
2363 static int
2364 ip_plink(int muxfd, int muxid_fd, int ipfd_lowstr, int arpfd_lowstr,
2365     int orig_arpid)
2366 {
2367 	int ip_muxid;
2368 
2369 	ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr);
2370 	if (ip_muxid < 0) {
2371 		Perror2("I_PLINK", UDP_DEV_NAME);
2372 		return (-1);
2373 	}
2374 
2375 	/*
2376 	 * If there is an arp stream, plink it. If there is no
2377 	 * arp stream, then it is possible that the plumbing
2378 	 * utility could have stored any value in the arp_muxid.
2379 	 * If so, restore it from orig_arpid.
2380 	 */
2381 	if (arpfd_lowstr != -1) {
2382 		if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) {
2383 			Perror2("I_PLINK", UDP_DEV_NAME);
2384 			return (-1);
2385 		}
2386 	} else if (orig_arpid != 0) {
2387 		/* Undo the changes we did in ip_domux2fd */
2388 		lifr.lifr_arp_muxid = orig_arpid;
2389 		lifr.lifr_ip_muxid = ip_muxid;
2390 		(void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2391 	}
2392 
2393 	(void) close(muxfd);
2394 	(void) close(muxid_fd);
2395 	return (0);
2396 }
2397 
2398 /*
2399  * The real function to perform module insertion/removal.
2400  *
2401  * Param:
2402  *	char *arg: the argument string module_name@position
2403  *	char op: operation, either MODINSERT_OP or MODREMOVE_OP.
2404  *
2405  * Return:
2406  *	Before doing ip_domux2fd(), this function calls exit(1) in case of
2407  *	error.  After ip_domux2fd() is done, it returns -1 for error, 0
2408  *	otherwise.
2409  */
2410 static int
2411 modop(char *arg, char op)
2412 {
2413 	char *pos_p;
2414 	int muxfd;
2415 	int muxid_fd;
2416 	int ipfd_lowstr;  /* IP stream (lower stream of mux) to be plinked */
2417 	int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */
2418 	struct strmodconf mod;
2419 	char *at_char = "@";
2420 	char *arg_str;
2421 	int orig_arpid;
2422 
2423 	/*
2424 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2425 	 * into the exit status, so we're forced to explicitly exit().
2426 	 */
2427 	if (!modcheck(name))
2428 		exit(1);
2429 
2430 	/* Need to save the original string for -a option. */
2431 	if ((arg_str = malloc(strlen(arg) + 1)) == NULL) {
2432 		Perror0("cannot malloc");
2433 		return (-1);
2434 	}
2435 	(void) strcpy(arg_str, arg);
2436 
2437 	if (*arg_str == *at_char) {
2438 		(void) fprintf(stderr,
2439 		    "ifconfig: must supply a module name\n");
2440 		exit(1);
2441 	}
2442 	mod.mod_name = strtok(arg_str, at_char);
2443 	if (strlen(mod.mod_name) > FMNAMESZ) {
2444 		(void) fprintf(stderr, "ifconfig: module name too long: %s\n",
2445 		    mod.mod_name);
2446 		exit(1);
2447 	}
2448 
2449 	/*
2450 	 * Need to make sure that the core TCP/IP stack modules are not
2451 	 * removed.  Otherwise, "bad" things can happen.  If a module
2452 	 * is removed and inserted back, it loses its old state.  But
2453 	 * the modules above it still have the old state.  E.g. IP assumes
2454 	 * fast data path while tunnel after re-inserted assumes that it can
2455 	 * receive M_DATA only in fast data path for which it does not have
2456 	 * any state.  This is a general caveat of _I_REMOVE/_I_INSERT.
2457 	 */
2458 	if (op == MODREMOVE_OP &&
2459 	    (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 ||
2460 	    strcmp(mod.mod_name, IP_MOD_NAME) == 0)) {
2461 		(void) fprintf(stderr, "ifconfig: cannot remove %s\n",
2462 		    mod.mod_name);
2463 		exit(1);
2464 	}
2465 
2466 	if ((pos_p = strtok(NULL, at_char)) == NULL) {
2467 		(void) fprintf(stderr, "ifconfig: must supply a position\n");
2468 		exit(1);
2469 	}
2470 	mod.pos = atoi(pos_p);
2471 
2472 	if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr,
2473 	    &orig_arpid) < 0) {
2474 		free(arg_str);
2475 		return (-1);
2476 	}
2477 	switch (op) {
2478 	case MODINSERT_OP:
2479 		if (debug > 0) {
2480 			(void) printf("Inserting module %s at %d\n",
2481 			    mod.mod_name, mod.pos);
2482 		}
2483 		if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) {
2484 			Perror2("fail to insert module", mod.mod_name);
2485 		}
2486 		break;
2487 	case MODREMOVE_OP:
2488 		if (debug > 0) {
2489 			(void) printf("Removing module %s at %d\n",
2490 			    mod.mod_name, mod.pos);
2491 		}
2492 		if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) {
2493 			Perror2("fail to remove module", mod.mod_name);
2494 		}
2495 		break;
2496 	default:
2497 		/* Should never get to here. */
2498 		(void) fprintf(stderr, "Unknown operation\n");
2499 		break;
2500 	}
2501 	free(arg_str);
2502 	return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr,
2503 	    orig_arpid));
2504 }
2505 
2506 static int
2507 modify_tun(iptun_params_t *params)
2508 {
2509 	dladm_status_t status;
2510 
2511 	if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN,
2512 	    &params->iptun_param_linkid)) == DLADM_STATUS_OK)
2513 		status = dladm_iptun_modify(dlh, params, DLADM_OPT_ACTIVE);
2514 	if (status != DLADM_STATUS_OK)
2515 		dladmerr_exit(status, name);
2516 	return (0);
2517 }
2518 
2519 /*
2520  * Set tunnel source address
2521  */
2522 /* ARGSUSED */
2523 static int
2524 setiftsrc(char *addr, int64_t param)
2525 {
2526 	iptun_params_t params;
2527 
2528 	params.iptun_param_flags = IPTUN_PARAM_LADDR;
2529 	(void) strlcpy(params.iptun_param_laddr, addr,
2530 	    sizeof (params.iptun_param_laddr));
2531 	return (modify_tun(&params));
2532 }
2533 
2534 /*
2535  * Set tunnel destination address
2536  */
2537 /* ARGSUSED */
2538 static int
2539 setiftdst(char *addr, int64_t param)
2540 {
2541 	iptun_params_t params;
2542 
2543 	params.iptun_param_flags = IPTUN_PARAM_RADDR;
2544 	(void) strlcpy(params.iptun_param_raddr, addr,
2545 	    sizeof (params.iptun_param_raddr));
2546 	return (modify_tun(&params));
2547 }
2548 
2549 static int
2550 set_tun_prop(const char *propname, char *value)
2551 {
2552 	dladm_status_t	status;
2553 	datalink_id_t	linkid;
2554 
2555 	status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid);
2556 	if (status == DLADM_STATUS_OK) {
2557 		status = dladm_set_linkprop(dlh, linkid, propname, &value, 1,
2558 		    DLADM_OPT_ACTIVE);
2559 	}
2560 	if (status != DLADM_STATUS_OK)
2561 		dladmerr_exit(status, name);
2562 	return (0);
2563 }
2564 
2565 /* Set tunnel encapsulation limit. */
2566 /* ARGSUSED */
2567 static int
2568 set_tun_encap_limit(char *arg, int64_t param)
2569 {
2570 	return (set_tun_prop("encaplimit", arg));
2571 }
2572 
2573 /* Disable encapsulation limit. */
2574 /* ARGSUSED */
2575 static int
2576 clr_tun_encap_limit(char *arg, int64_t param)
2577 {
2578 	return (set_tun_encap_limit("-1", 0));
2579 }
2580 
2581 /* Set tunnel hop limit. */
2582 /* ARGSUSED */
2583 static int
2584 set_tun_hop_limit(char *arg, int64_t param)
2585 {
2586 	return (set_tun_prop("hoplimit", arg));
2587 }
2588 
2589 /* Set zone ID */
2590 static int
2591 setzone(char *arg, int64_t param)
2592 {
2593 	zoneid_t zoneid = GLOBAL_ZONEID;
2594 
2595 	if (param == NEXTARG) {
2596 		/* zone must be active */
2597 		if ((zoneid = getzoneidbyname(arg)) == -1) {
2598 			(void) fprintf(stderr,
2599 			    "ifconfig: unknown zone '%s'\n", arg);
2600 			exit(1);
2601 		}
2602 	}
2603 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2604 	lifr.lifr_zoneid = zoneid;
2605 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2606 		Perror0_exit("SIOCSLIFZONE");
2607 	return (0);
2608 }
2609 
2610 /* Put interface into all zones */
2611 /* ARGSUSED */
2612 static int
2613 setallzones(char *arg, int64_t param)
2614 {
2615 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2616 	lifr.lifr_zoneid = ALL_ZONES;
2617 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2618 		Perror0_exit("SIOCSLIFZONE");
2619 	return (0);
2620 }
2621 
2622 /* Set source address to use */
2623 /* ARGSUSED */
2624 static int
2625 setifsrc(char *arg, int64_t param)
2626 {
2627 	uint_t ifindex = 0;
2628 	int rval;
2629 
2630 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2631 
2632 	/*
2633 	 * Argument can be either an interface name or "none". The latter means
2634 	 * that any previous selection is cleared.
2635 	 */
2636 
2637 	rval = strcmp(arg, name);
2638 	if (rval == 0) {
2639 		(void) fprintf(stderr,
2640 		    "ifconfig: Cannot specify same interface for usesrc"
2641 		    " group\n");
2642 		exit(1);
2643 	}
2644 
2645 	rval = strcmp(arg, NONE_STR);
2646 	if (rval != 0) {
2647 		if ((ifindex = if_nametoindex(arg)) == 0) {
2648 			(void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ);
2649 			Perror0_exit("Could not get interface index");
2650 		}
2651 		lifr.lifr_index = ifindex;
2652 	} else {
2653 		if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0)
2654 			Perror0_exit("Not a valid usesrc consumer");
2655 		lifr.lifr_index = 0;
2656 	}
2657 
2658 	if (debug)
2659 		(void) printf("setifsrc: lifr_name %s, lifr_index %d\n",
2660 		    lifr.lifr_name, lifr.lifr_index);
2661 
2662 	if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) {
2663 		if (rval == 0)
2664 			Perror0_exit("Cannot reset usesrc group");
2665 		else
2666 			Perror0_exit("Could not set source interface");
2667 	}
2668 
2669 	return (0);
2670 }
2671 
2672 /*
2673  * Print the interface status line associated with `ifname'
2674  */
2675 static void
2676 ifstatus(const char *ifname)
2677 {
2678 	uint64_t flags;
2679 	char if_usesrc_name[LIFNAMSIZ];
2680 	char *newbuf;
2681 	int n, numifs, rval = 0;
2682 	struct lifreq *lifrp;
2683 	struct lifsrcof lifs;
2684 
2685 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2686 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2687 		Perror0_exit("status: SIOCGLIFFLAGS");
2688 	}
2689 	flags = lifr.lifr_flags;
2690 
2691 	/*
2692 	 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or
2693 	 * interfaces with IFF_IPV6 set.
2694 	 */
2695 	if (v4compat) {
2696 		flags &= ~IFF_IPV4;
2697 		if (flags & IFF_IPV6)
2698 			return;
2699 	}
2700 
2701 	(void) printf("%s: ", ifname);
2702 	print_flags(flags);
2703 
2704 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2705 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
2706 		Perror0_exit("status: SIOCGLIFMETRIC");
2707 	} else {
2708 		if (lifr.lifr_metric)
2709 			(void) printf(" metric %d", lifr.lifr_metric);
2710 	}
2711 	if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
2712 		(void) printf(" mtu %u", lifr.lifr_mtu);
2713 
2714 	/* don't print index or zone when in compatibility mode */
2715 	if (!v4compat) {
2716 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
2717 			(void) printf(" index %d", lifr.lifr_index);
2718 		/*
2719 		 * Stack instances use GLOBAL_ZONEID for IP data structures
2720 		 * even in the non-global zone.
2721 		 */
2722 		if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 &&
2723 		    lifr.lifr_zoneid != getzoneid() &&
2724 		    lifr.lifr_zoneid != GLOBAL_ZONEID) {
2725 			char zone_name[ZONENAME_MAX];
2726 
2727 			if (lifr.lifr_zoneid == ALL_ZONES) {
2728 				(void) printf("\n\tall-zones");
2729 			} else if (getzonenamebyid(lifr.lifr_zoneid, zone_name,
2730 			    sizeof (zone_name)) < 0) {
2731 				(void) printf("\n\tzone %d", lifr.lifr_zoneid);
2732 			} else {
2733 				(void) printf("\n\tzone %s", zone_name);
2734 			}
2735 		}
2736 	}
2737 
2738 	if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) {
2739 		lifs.lifs_ifindex = lifr.lifr_index;
2740 
2741 		/*
2742 		 * Find the number of interfaces that use this interfaces'
2743 		 * address as a source address
2744 		 */
2745 		lifs.lifs_buf = NULL;
2746 		lifs.lifs_maxlen = 0;
2747 		for (;;) {
2748 			/* The first pass will give the bufsize we need */
2749 			rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs);
2750 			if (rval < 0) {
2751 				if (lifs.lifs_buf != NULL) {
2752 					free(lifs.lifs_buf);
2753 					lifs.lifs_buf = NULL;
2754 				}
2755 				lifs.lifs_len = 0;
2756 				break;
2757 			}
2758 			if (lifs.lifs_len <= lifs.lifs_maxlen)
2759 				break;
2760 			/* Use kernel's size + a small margin to avoid loops */
2761 			lifs.lifs_maxlen = lifs.lifs_len +
2762 			    5 * sizeof (struct lifreq);
2763 			/* For the first pass, realloc acts like malloc */
2764 			newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen);
2765 			if (newbuf == NULL) {
2766 				if (lifs.lifs_buf != NULL) {
2767 					free(lifs.lifs_buf);
2768 					lifs.lifs_buf = NULL;
2769 				}
2770 				lifs.lifs_len = 0;
2771 				break;
2772 			}
2773 			lifs.lifs_buf = newbuf;
2774 		}
2775 
2776 
2777 		numifs = lifs.lifs_len / sizeof (struct lifreq);
2778 		if (numifs > 0) {
2779 			lifrp = lifs.lifs_req;
2780 			(void) printf("\n\tsrcof");
2781 			for (n = numifs; n > 0; n--, lifrp++) {
2782 				(void) printf(" %s", lifrp->lifr_name);
2783 			}
2784 		}
2785 
2786 		if (lifs.lifs_buf != NULL)
2787 			free(lifs.lifs_buf);
2788 	}
2789 
2790 	/* Find the interface whose source address this interface uses */
2791 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
2792 		if (lifr.lifr_index != 0) {
2793 			if (if_indextoname(lifr.lifr_index,
2794 			    if_usesrc_name) == NULL) {
2795 				(void) printf("\n\tusesrc ifIndex %d",
2796 				    lifr.lifr_index);
2797 			} else {
2798 				(void) printf("\n\tusesrc %s", if_usesrc_name);
2799 			}
2800 		}
2801 	}
2802 
2803 	(void) putchar('\n');
2804 }
2805 
2806 
2807 /*
2808  * Print the status of the interface.  If an address family was
2809  * specified, show it and it only; otherwise, show them all.
2810  */
2811 static void
2812 status(void)
2813 {
2814 	struct afswtch	*p = afp;
2815 	uint64_t	flags;
2816 	datalink_id_t	linkid;
2817 
2818 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2819 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2820 		Perror0_exit("status: SIOCGLIFFLAGS");
2821 	}
2822 
2823 	flags = lifr.lifr_flags;
2824 
2825 	/*
2826 	 * Only print the interface status if the address family matches
2827 	 * the interface family flag.
2828 	 */
2829 	if (p != NULL) {
2830 		if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) ||
2831 		    ((p->af_af == AF_INET) && (flags & IFF_IPV6)))
2832 			return;
2833 	}
2834 
2835 	/*
2836 	 * In V4 compatibility mode, don't print IFF_IPV6 interfaces.
2837 	 */
2838 	if (v4compat && (flags & IFF_IPV6))
2839 		return;
2840 
2841 	ifstatus(name);
2842 
2843 	if (ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid) ==
2844 	    DLADM_STATUS_OK)
2845 		tun_status(linkid);
2846 
2847 	if (p != NULL) {
2848 		(*p->af_status)(1, flags);
2849 	} else {
2850 		for (p = afs; p->af_name; p++) {
2851 			(void) close(s);
2852 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
2853 			/* set global af for use in p->af_status */
2854 			af = p->af_af;
2855 			if (s == -1) {
2856 				Perror0_exit("socket");
2857 			}
2858 			(*p->af_status)(0, flags);
2859 		}
2860 
2861 		/*
2862 		 * Historically, 'ether' has been an address family,
2863 		 * so print it here.
2864 		 */
2865 		print_ifether(name);
2866 	}
2867 }
2868 
2869 /*
2870  * Print the status of the interface in a format that can be used to
2871  * reconfigure the interface later. Code stolen from status() above.
2872  */
2873 /* ARGSUSED */
2874 static int
2875 configinfo(char *null, int64_t param)
2876 {
2877 	char *cp;
2878 	struct afswtch *p = afp;
2879 	uint64_t flags;
2880 	char lifname[LIFNAMSIZ];
2881 	char if_usesrc_name[LIFNAMSIZ];
2882 
2883 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2884 
2885 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2886 		Perror0_exit("status: SIOCGLIFFLAGS");
2887 	}
2888 	flags = lifr.lifr_flags;
2889 
2890 	if (debug) {
2891 		(void) printf("configinfo: name %s flags  0x%llx af_af %d\n",
2892 		    name, flags, p != NULL ? p->af_af : -1);
2893 	}
2894 
2895 	/*
2896 	 * Build the interface name to print (we can't directly use `name'
2897 	 * because one cannot "plumb" ":0" interfaces).
2898 	 */
2899 	(void) strlcpy(lifname, name, LIFNAMSIZ);
2900 	if ((cp = strchr(lifname, ':')) != NULL && atoi(cp + 1) == 0)
2901 		*cp = '\0';
2902 
2903 	/*
2904 	 * if the interface is IPv4
2905 	 *	if we have a IPv6 address family restriction return
2906 	 *		so it won't print
2907 	 *	if we are in IPv4 compatibility mode, clear out IFF_IPV4
2908 	 *		so we don't print it.
2909 	 */
2910 	if (flags & IFF_IPV4) {
2911 		if (p && p->af_af == AF_INET6)
2912 			return (-1);
2913 		if (v4compat)
2914 			flags &= ~IFF_IPV4;
2915 
2916 		(void) printf("%s inet plumb", lifname);
2917 	} else if (flags & IFF_IPV6) {
2918 		/*
2919 		 * else if the interface is IPv6
2920 		 *	if we have a IPv4 address family restriction return
2921 		 *	or we are in IPv4 compatibiltiy mode, return.
2922 		 */
2923 		if (p && p->af_af == AF_INET)
2924 			return (-1);
2925 		if (v4compat)
2926 			return (-1);
2927 
2928 		(void) printf("%s inet6 plumb", lifname);
2929 	}
2930 
2931 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2932 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
2933 		Perror0_exit("configinfo: SIOCGLIFMETRIC");
2934 	} else {
2935 		if (lifr.lifr_metric)
2936 			(void) printf(" metric %d ", lifr.lifr_metric);
2937 	}
2938 	if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) &&
2939 	    ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
2940 		(void) printf(" mtu %d", lifr.lifr_metric);
2941 
2942 	/* Index only applies to the zeroth interface */
2943 	if (lifnum(name) == 0) {
2944 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
2945 			(void) printf(" index %d", lifr.lifr_index);
2946 	}
2947 
2948 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
2949 		if (lifr.lifr_index != 0) {
2950 			if (if_indextoname(lifr.lifr_index,
2951 			    if_usesrc_name) != NULL) {
2952 				(void) printf(" usesrc %s", if_usesrc_name);
2953 			}
2954 		}
2955 	}
2956 
2957 	if (p != NULL) {
2958 		(*p->af_configinfo)(1, flags);
2959 	} else {
2960 		for (p = afs; p->af_name; p++) {
2961 			(void) close(s);
2962 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
2963 			/* set global af for use in p->af_configinfo */
2964 			af = p->af_af;
2965 			if (s == -1) {
2966 				Perror0_exit("socket");
2967 			}
2968 			(*p->af_configinfo)(0, flags);
2969 		}
2970 	}
2971 
2972 	(void) putchar('\n');
2973 	return (0);
2974 }
2975 
2976 static void
2977 print_tsec(iptun_params_t *params)
2978 {
2979 	ipsec_req_t *ipsr;
2980 
2981 	(void) printf("\ttunnel security settings  ");
2982 	if (!(params->iptun_param_flags & IPTUN_PARAM_SECINFO)) {
2983 		(void) printf("-->  use 'ipsecconf -ln -i %s'", name);
2984 	} else {
2985 		ipsr = &params->iptun_param_secinfo;
2986 		if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) {
2987 			(void) printf("ah (%s)  ",
2988 			    rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH));
2989 		}
2990 		if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) {
2991 			(void) printf("esp (%s",
2992 			    rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP));
2993 			(void) printf("/%s)",
2994 			    rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH));
2995 		}
2996 	}
2997 	(void) printf("\n");
2998 }
2999 
3000 static void
3001 tun_status(datalink_id_t linkid)
3002 {
3003 	iptun_params_t	params;
3004 	char		propval[DLADM_PROP_VAL_MAX];
3005 	char		*valptr[1];
3006 	uint_t		valcnt = 1;
3007 	boolean_t	tabbed = _B_FALSE;
3008 
3009 	params.iptun_param_linkid = linkid;
3010 
3011 	/* If dladm_iptun_getparams() fails, assume we are not a tunnel. */
3012 	assert(dlh_opened);
3013 	if (dladm_iptun_getparams(dlh, &params, DLADM_OPT_ACTIVE) !=
3014 	    DLADM_STATUS_OK)
3015 		return;
3016 
3017 	switch (params.iptun_param_type) {
3018 	case IPTUN_TYPE_IPV4:
3019 	case IPTUN_TYPE_6TO4:
3020 		(void) printf("\tinet");
3021 		break;
3022 	case IPTUN_TYPE_IPV6:
3023 		(void) printf("\tinet6");
3024 		break;
3025 	default:
3026 		dladmerr_exit(DLADM_STATUS_IPTUNTYPE, name);
3027 		break;
3028 	}
3029 
3030 	/*
3031 	 * There is always a source address.  If it hasn't been explicitly
3032 	 * set, the API will pass back a buffer containing the unspecified
3033 	 * address.
3034 	 */
3035 	(void) printf(" tunnel src %s ", params.iptun_param_laddr);
3036 
3037 	if (params.iptun_param_flags & IPTUN_PARAM_RADDR)
3038 		(void) printf("tunnel dst %s\n", params.iptun_param_raddr);
3039 	else
3040 		(void) putchar('\n');
3041 
3042 	if (params.iptun_param_flags & IPTUN_PARAM_IPSECPOL)
3043 		print_tsec(&params);
3044 
3045 	valptr[0] = propval;
3046 	if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT, "hoplimit",
3047 	    (char **)valptr, &valcnt) == DLADM_STATUS_OK) {
3048 		(void) printf("\ttunnel hop limit %s ", propval);
3049 		tabbed = _B_TRUE;
3050 	}
3051 
3052 	if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT,
3053 	    "encaplimit", (char **)valptr, &valcnt) == DLADM_STATUS_OK) {
3054 		uint32_t elim;
3055 
3056 		if (!tabbed) {
3057 			(void) putchar('\t');
3058 			tabbed = _B_TRUE;
3059 		}
3060 		elim = strtol(propval, NULL, 10);
3061 		if (elim > 0)
3062 			(void) printf("tunnel encapsulation limit %s", propval);
3063 		else
3064 			(void) printf("tunnel encapsulation limit disabled");
3065 	}
3066 
3067 	if (tabbed)
3068 		(void) putchar('\n');
3069 }
3070 
3071 static void
3072 in_status(int force, uint64_t flags)
3073 {
3074 	struct sockaddr_in	*sin, *laddr;
3075 	struct sockaddr_in	netmask = { AF_INET };
3076 
3077 	if (debug)
3078 		(void) printf("in_status(%s) flags 0x%llx\n", name, flags);
3079 
3080 	/* only print status for IPv4 interfaces */
3081 	if (!(flags & IFF_IPV4))
3082 		return;
3083 
3084 	if (!(flags & IFF_NOLOCAL)) {
3085 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3086 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3087 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3088 			    errno == ENXIO) {
3089 				if (!force)
3090 					return;
3091 				(void) memset(&lifr.lifr_addr, 0,
3092 				    sizeof (lifr.lifr_addr));
3093 			} else
3094 				Perror0_exit("in_status: SIOCGLIFADDR");
3095 		}
3096 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3097 		(void) printf("\tinet %s ", inet_ntoa(sin->sin_addr));
3098 		laddr = sin;
3099 	} else {
3100 		(void) printf("\tinet ");
3101 	}
3102 
3103 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3104 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3105 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3106 		    errno == ENXIO) {
3107 			if (!force)
3108 				return;
3109 			(void) memset(&lifr.lifr_addr, 0,
3110 			    sizeof (lifr.lifr_addr));
3111 		} else {
3112 			Perror0_exit("in_status: SIOCGLIFSUBNET");
3113 		}
3114 	}
3115 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3116 	if ((flags & IFF_NOLOCAL) ||
3117 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3118 		(void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr),
3119 		    lifr.lifr_addrlen);
3120 	}
3121 	if (sin->sin_family != AF_INET) {
3122 		(void) printf("Wrong family: %d\n", sin->sin_family);
3123 	}
3124 
3125 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3126 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3127 		if (errno != EADDRNOTAVAIL)
3128 			Perror0_exit("in_status: SIOCGLIFNETMASK");
3129 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3130 	} else
3131 		netmask.sin_addr =
3132 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3133 	if (flags & IFF_POINTOPOINT) {
3134 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3135 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3136 			if (errno == EADDRNOTAVAIL)
3137 				(void) memset(&lifr.lifr_addr, 0,
3138 				    sizeof (lifr.lifr_addr));
3139 			else
3140 				Perror0_exit("in_status: SIOCGLIFDSTADDR");
3141 		}
3142 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3143 		(void) printf("--> %s ", inet_ntoa(sin->sin_addr));
3144 	}
3145 	(void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr));
3146 	if (flags & IFF_BROADCAST) {
3147 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3148 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3149 			if (errno == EADDRNOTAVAIL)
3150 				(void) memset(&lifr.lifr_addr, 0,
3151 				    sizeof (lifr.lifr_addr));
3152 			else
3153 				Perror0_exit("in_status: SIOCGLIFBRDADDR");
3154 		}
3155 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3156 		if (sin->sin_addr.s_addr != 0) {
3157 			(void) printf("broadcast %s",
3158 			    inet_ntoa(sin->sin_addr));
3159 		}
3160 	}
3161 	/* If there is a groupname, print it for only the physical interface */
3162 	if (strchr(name, ':') == NULL) {
3163 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3164 		    lifr.lifr_groupname[0] != '\0') {
3165 			(void) printf("\n\tgroupname %s", lifr.lifr_groupname);
3166 		}
3167 	}
3168 	(void) putchar('\n');
3169 }
3170 
3171 static void
3172 in6_status(int force, uint64_t flags)
3173 {
3174 	char			abuf[INET6_ADDRSTRLEN];
3175 	struct sockaddr_in6	*sin6, *laddr6;
3176 
3177 	if (debug)
3178 		(void) printf("in6_status(%s) flags 0x%llx\n", name, flags);
3179 
3180 	if (!(flags & IFF_IPV6))
3181 		return;
3182 
3183 	if (!(flags & IFF_NOLOCAL)) {
3184 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3185 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3186 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3187 			    errno == ENXIO) {
3188 				if (!force)
3189 					return;
3190 				(void) memset(&lifr.lifr_addr, 0,
3191 				    sizeof (lifr.lifr_addr));
3192 			} else
3193 				Perror0_exit("in_status6: SIOCGLIFADDR");
3194 		}
3195 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3196 		(void) printf("\tinet6 %s/%d ",
3197 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3198 		    abuf, sizeof (abuf)),
3199 		    lifr.lifr_addrlen);
3200 		laddr6 = sin6;
3201 	} else {
3202 		(void) printf("\tinet6 ");
3203 	}
3204 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3205 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3206 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3207 		    errno == ENXIO) {
3208 			if (!force)
3209 				return;
3210 			(void) memset(&lifr.lifr_addr, 0,
3211 			    sizeof (lifr.lifr_addr));
3212 		} else
3213 			Perror0_exit("in_status6: SIOCGLIFSUBNET");
3214 	}
3215 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3216 	if ((flags & IFF_NOLOCAL) ||
3217 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3218 		(void) printf("subnet %s/%d ",
3219 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3220 		    abuf, sizeof (abuf)),
3221 		    lifr.lifr_addrlen);
3222 	}
3223 	if (sin6->sin6_family != AF_INET6) {
3224 		(void) printf("Wrong family: %d\n", sin6->sin6_family);
3225 	}
3226 	if (flags & IFF_POINTOPOINT) {
3227 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3228 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3229 			if (errno == EADDRNOTAVAIL)
3230 				(void) memset(&lifr.lifr_addr, 0,
3231 				    sizeof (lifr.lifr_addr));
3232 			else
3233 				Perror0_exit("in_status6: SIOCGLIFDSTADDR");
3234 		}
3235 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3236 		(void) printf("--> %s ",
3237 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3238 		    abuf, sizeof (abuf)));
3239 	}
3240 	if (verbose) {
3241 		(void) putchar('\n');
3242 		(void) putchar('\t');
3243 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3244 		if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3245 			if (errno == EADDRNOTAVAIL || errno == EINVAL)
3246 				(void) memset(&lifr.lifr_addr, 0,
3247 				    sizeof (lifr.lifr_addr));
3248 			else
3249 				Perror0_exit("in_status6: SIOCGLIFTOKEN");
3250 		} else {
3251 			sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3252 			(void) printf("token %s/%d ",
3253 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3254 			    abuf, sizeof (abuf)),
3255 			    lifr.lifr_addrlen);
3256 		}
3257 		if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) {
3258 			if (errno != EINVAL) {
3259 				Perror0_exit("in_status6: SIOCGLIFLNKINFO");
3260 			}
3261 		} else {
3262 			(void) printf("maxhops %u, reachtime %u ms, "
3263 			    "reachretrans %u ms, maxmtu %u ",
3264 			    lifr.lifr_ifinfo.lir_maxhops,
3265 			    lifr.lifr_ifinfo.lir_reachtime,
3266 			    lifr.lifr_ifinfo.lir_reachretrans,
3267 			    lifr.lifr_ifinfo.lir_maxmtu);
3268 		}
3269 	}
3270 	/* If there is a groupname, print it for only the physical interface */
3271 	if (strchr(name, ':') == NULL) {
3272 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3273 		    lifr.lifr_groupname[0] != '\0') {
3274 			(void) printf("\n\tgroupname %s", lifr.lifr_groupname);
3275 		}
3276 	}
3277 	(void) putchar('\n');
3278 }
3279 
3280 static void
3281 in_configinfo(int force, uint64_t flags)
3282 {
3283 	struct sockaddr_in *sin, *laddr;
3284 	struct	sockaddr_in netmask = { AF_INET };
3285 
3286 	if (debug)
3287 		(void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags);
3288 
3289 	/* only configinfo info for IPv4 interfaces */
3290 	if (!(flags & IFF_IPV4))
3291 		return;
3292 
3293 	if (!(flags & IFF_NOLOCAL)) {
3294 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3295 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3296 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3297 			    errno == ENXIO) {
3298 				if (!force)
3299 					return;
3300 				(void) memset(&lifr.lifr_addr, 0,
3301 				    sizeof (lifr.lifr_addr));
3302 			} else
3303 				Perror0_exit("in_configinfo: SIOCGLIFADDR");
3304 		}
3305 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3306 		(void) printf(" set %s ", inet_ntoa(sin->sin_addr));
3307 		laddr = sin;
3308 	}
3309 
3310 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3311 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3312 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3313 		    errno == ENXIO) {
3314 			if (!force)
3315 				return;
3316 			(void) memset(&lifr.lifr_addr, 0,
3317 			    sizeof (lifr.lifr_addr));
3318 		} else {
3319 			Perror0_exit("in_configinfo: SIOCGLIFSUBNET");
3320 		}
3321 	}
3322 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3323 
3324 	if ((flags & IFF_NOLOCAL) ||
3325 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3326 		(void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr),
3327 		    lifr.lifr_addrlen);
3328 	}
3329 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3330 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3331 		if (errno != EADDRNOTAVAIL)
3332 			Perror0_exit("in_configinfo: SIOCGLIFNETMASK");
3333 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3334 	} else
3335 		netmask.sin_addr =
3336 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3337 	if (flags & IFF_POINTOPOINT) {
3338 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3339 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3340 			if (errno == EADDRNOTAVAIL)
3341 				(void) memset(&lifr.lifr_addr, 0,
3342 				    sizeof (lifr.lifr_addr));
3343 			else
3344 				Perror0_exit("in_configinfo: SIOCGLIFDSTADDR");
3345 		}
3346 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3347 		(void) printf(" destination %s ", inet_ntoa(sin->sin_addr));
3348 	}
3349 	(void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr));
3350 	if (flags & IFF_BROADCAST) {
3351 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3352 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3353 			if (errno == EADDRNOTAVAIL)
3354 				(void) memset(&lifr.lifr_addr, 0,
3355 				    sizeof (lifr.lifr_addr));
3356 			else
3357 				Perror0_exit("in_configinfo: SIOCGLIFBRDADDR");
3358 		}
3359 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3360 		if (sin->sin_addr.s_addr != 0) {
3361 			(void) printf(" broadcast %s ",
3362 			    inet_ntoa(sin->sin_addr));
3363 		}
3364 	}
3365 
3366 	/* If there is a groupname, print it for only the zeroth interface */
3367 	if (lifnum(name) == 0) {
3368 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3369 		    lifr.lifr_groupname[0] != '\0') {
3370 			(void) printf(" group %s ", lifr.lifr_groupname);
3371 		}
3372 	}
3373 
3374 	/* Print flags to configure */
3375 	print_config_flags(AF_INET, flags);
3376 }
3377 
3378 static void
3379 in6_configinfo(int force, uint64_t flags)
3380 {
3381 	char abuf[INET6_ADDRSTRLEN];
3382 	struct sockaddr_in6 *sin6, *laddr6;
3383 
3384 	if (debug)
3385 		(void) printf("in6_configinfo(%s) flags 0x%llx\n", name,
3386 		    flags);
3387 
3388 	if (!(flags & IFF_IPV6))
3389 		return;
3390 
3391 	if (!(flags & IFF_NOLOCAL)) {
3392 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3393 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3394 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3395 			    errno == ENXIO) {
3396 				if (!force)
3397 					return;
3398 				(void) memset(&lifr.lifr_addr, 0,
3399 				    sizeof (lifr.lifr_addr));
3400 			} else
3401 				Perror0_exit("in6_configinfo: SIOCGLIFADDR");
3402 		}
3403 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3404 		(void) printf(" set %s/%d ",
3405 		    inet_ntop(AF_INET6, &sin6->sin6_addr, abuf, sizeof (abuf)),
3406 		    lifr.lifr_addrlen);
3407 		laddr6 = sin6;
3408 	}
3409 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3410 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3411 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3412 		    errno == ENXIO) {
3413 			if (!force)
3414 				return;
3415 			(void) memset(&lifr.lifr_addr, 0,
3416 			    sizeof (lifr.lifr_addr));
3417 		} else
3418 			Perror0_exit("in6_configinfo: SIOCGLIFSUBNET");
3419 	}
3420 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3421 	if ((flags & IFF_NOLOCAL) ||
3422 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3423 		(void) printf(" subnet %s/%d ",
3424 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3425 		    abuf, sizeof (abuf)),
3426 		    lifr.lifr_addrlen);
3427 	}
3428 
3429 	if (flags & IFF_POINTOPOINT) {
3430 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3431 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3432 			if (errno == EADDRNOTAVAIL)
3433 				(void) memset(&lifr.lifr_addr, 0,
3434 				    sizeof (lifr.lifr_addr));
3435 			else
3436 				Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR");
3437 		}
3438 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3439 		(void) printf(" destination %s ",
3440 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3441 		    abuf, sizeof (abuf)));
3442 	}
3443 
3444 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3445 	if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3446 		if (errno == EADDRNOTAVAIL || errno == EINVAL)
3447 			(void) memset(&lifr.lifr_addr, 0,
3448 			    sizeof (lifr.lifr_addr));
3449 		else
3450 			Perror0_exit("in6_configinfo: SIOCGLIFTOKEN");
3451 	} else {
3452 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3453 		(void) printf(" token %s/%d ",
3454 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3455 		    abuf, sizeof (abuf)),
3456 		    lifr.lifr_addrlen);
3457 	}
3458 
3459 	/* If there is a groupname, print it for only the zeroth interface */
3460 	if (lifnum(name) == 0) {
3461 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3462 		    lifr.lifr_groupname[0] != '\0') {
3463 			(void) printf(" group %s ", lifr.lifr_groupname);
3464 		}
3465 	}
3466 
3467 	/* Print flags to configure */
3468 	print_config_flags(AF_INET6, flags);
3469 }
3470 
3471 /*
3472  * We need to plink both the arp-device stream and the arp-ip-device stream.
3473  * However the muxid is stored only in IP. Plumbing 2 streams individually
3474  * is not atomic, and if ifconfig is killed, the resulting plumbing can
3475  * be inconsistent. For eg. if only the arp stream is plumbed, we have lost
3476  * the muxid, and the half-baked plumbing can neither be unplumbed nor
3477  * replumbed, thus requiring a reboot. To avoid the above the following
3478  * scheme is used.
3479  *
3480  * Ifconfig asks IP to enforce atomicity of plumbing the arp and IP streams.
3481  * This is done by pushing arp on to the mux (/dev/udp). ARP adds some
3482  * extra information in the I_PLINK and I_PUNLINK ioctls to let IP know
3483  * that the plumbing/unplumbing has to be done atomically. Ifconfig plumbs
3484  * the IP stream first, and unplumbs it last. The kernel (IP) does not
3485  * allow IP stream to be unplumbed without unplumbing arp stream. Similarly
3486  * it does not allow arp stream to be plumbed before IP stream is plumbed.
3487  * There is no need to use SIOCSLIFMUXID, since the whole operation is atomic,
3488  * and IP uses the info in the I_PLINK message to get the muxid.
3489  *
3490  * a. STREAMS does not allow us to use /dev/ip itself as the mux. So we use
3491  *    /dev/udp{,6}.
3492  * b. SIOCGLIFMUXID returns the muxid corresponding to the V4 or V6 stream
3493  *    depending on the open i.e. V4 vs V6 open. So we need to use /dev/udp
3494  *    or /dev/udp6 for SIOCGLIFMUXID and SIOCSLIFMUXID.
3495  * c. We need to push ARP in order to get the required kernel support for
3496  *    atomic plumbings. The actual work done by ARP is explained in arp.c
3497  *    Without pushing ARP, we will still be able to plumb/unplumb. But
3498  *    it is not atomic, and is supported by the kernel for backward
3499  *    compatibility for other utilities like atmifconfig etc. In this case
3500  *    the utility must use SIOCSLIFMUXID.
3501  */
3502 static int
3503 ifplumb(const char *linkname, const char *ifname, boolean_t genppa, int af)
3504 {
3505 	int	arp_muxid = -1, ip_muxid;
3506 	int	mux_fd, ip_fd, arp_fd;
3507 	int 	retval;
3508 	char	*udp_dev_name;
3509 	uint64_t flags;
3510 	uint_t	dlpi_flags;
3511 	dlpi_handle_t	dh_arp, dh_ip;
3512 
3513 	/*
3514 	 * Always dlpi_open() with DLPI_NOATTACH because the IP and ARP module
3515 	 * will do the attach themselves for DLPI style-2 links.
3516 	 */
3517 	dlpi_flags = DLPI_NOATTACH;
3518 
3519 	/*
3520 	 * If `linkname' is the special token IPMPSTUB, then this is a request
3521 	 * to create an IPMP interface atop /dev/ipmpstub0.  (We can't simply
3522 	 * pass "ipmpstub0" as `linkname' since an admin *could* have a normal
3523 	 * vanity-named link named "ipmpstub0" that they'd like to plumb.)
3524 	 */
3525 	if (linkname == IPMPSTUB) {
3526 		linkname = "ipmpstub0";
3527 		dlpi_flags |= DLPI_DEVONLY;
3528 	}
3529 
3530 	retval = dlpi_open(linkname, &dh_ip, dlpi_flags);
3531 	if (retval != DLPI_SUCCESS)
3532 		Perrdlpi_exit("cannot open link", linkname, retval);
3533 
3534 	if (debug) {
3535 		(void) printf("ifconfig: ifplumb: link %s, ifname %s, "
3536 		    "genppa %u\n", linkname, ifname, genppa);
3537 	}
3538 
3539 	ip_fd = dlpi_fd(dh_ip);
3540 	if (ioctl(ip_fd, I_PUSH, IP_MOD_NAME) == -1)
3541 		Perror2_exit("I_PUSH", IP_MOD_NAME);
3542 
3543 	/*
3544 	 * Prepare to set IFF_IPV4/IFF_IPV6 flags as part of SIOCSLIFNAME.
3545 	 * (At this point in time the kernel also allows an override of the
3546 	 * IFF_CANTCHANGE flags.)
3547 	 */
3548 	lifr.lifr_name[0] = '\0';
3549 	if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1)
3550 		Perror0_exit("ifplumb: SIOCGLIFFLAGS");
3551 
3552 	if (af == AF_INET6) {
3553 		flags = lifr.lifr_flags | IFF_IPV6;
3554 		flags &= ~(IFF_BROADCAST | IFF_IPV4);
3555 	} else {
3556 		flags = lifr.lifr_flags | IFF_IPV4;
3557 		flags &= ~IFF_IPV6;
3558 	}
3559 
3560 	/*
3561 	 * Set the interface name.  If we've been asked to generate the PPA,
3562 	 * then find the lowest available PPA (only currently used for IPMP
3563 	 * interfaces).  Otherwise, use the interface name as-is.
3564 	 */
3565 	if (genppa) {
3566 		int ppa;
3567 
3568 		/*
3569 		 * We'd like to just set lifr_ppa to UINT_MAX and have the
3570 		 * kernel pick a PPA.  Unfortunately, that would mishandle
3571 		 * two cases:
3572 		 *
3573 		 *	1. If the PPA is available but the groupname is taken
3574 		 *	   (e.g., the "ipmp2" IP interface name is available
3575 		 *	   but the "ipmp2" groupname is taken) then the
3576 		 *	   auto-assignment by the kernel will fail.
3577 		 *
3578 		 *	2. If we're creating (e.g.) an IPv6-only IPMP
3579 		 *	   interface, and there's already an IPv4-only IPMP
3580 		 *	   interface, the kernel will allow us to accidentally
3581 		 *	   reuse the IPv6 IPMP interface name (since
3582 		 *	   SIOCSLIFNAME uniqueness is per-interface-type).
3583 		 *	   This will cause administrative confusion.
3584 		 *
3585 		 * Thus, we instead take a brute-force approach of checking
3586 		 * whether the IPv4 or IPv6 name is already in-use before
3587 		 * attempting the SIOCSLIFNAME.  As per (1) above, the
3588 		 * SIOCSLIFNAME may still fail, in which case we just proceed
3589 		 * to the next one.  If this approach becomes too slow, we
3590 		 * can add a new SIOC* to handle this case in the kernel.
3591 		 */
3592 		for (ppa = 0; ppa < UINT_MAX; ppa++) {
3593 			(void) snprintf(lifr.lifr_name, LIFNAMSIZ, "%s%d",
3594 			    ifname, ppa);
3595 
3596 			if (ioctl(s4, SIOCGLIFFLAGS, &lifr) != -1 ||
3597 			    errno != ENXIO)
3598 				continue;
3599 
3600 			if (ioctl(s6, SIOCGLIFFLAGS, &lifr) != -1 ||
3601 			    errno != ENXIO)
3602 				continue;
3603 
3604 			lifr.lifr_ppa = ppa;
3605 			lifr.lifr_flags = flags;
3606 			retval = ioctl(ip_fd, SIOCSLIFNAME, &lifr);
3607 			if (retval != -1 || errno != EEXIST)
3608 				break;
3609 		}
3610 	} else {
3611 		ifspec_t ifsp;
3612 
3613 		/*
3614 		 * The interface name could have come from the command-line;
3615 		 * check it.
3616 		 */
3617 		if (!ifparse_ifspec(ifname, &ifsp) || ifsp.ifsp_lunvalid)
3618 			Perror2_exit("invalid IP interface name", ifname);
3619 
3620 		/*
3621 		 * Before we call SIOCSLIFNAME, ensure that the IPMP group
3622 		 * interface for this address family exists.  Otherwise, the
3623 		 * kernel will kick the interface out of the group when we do
3624 		 * the SIOCSLIFNAME.
3625 		 *
3626 		 * Example: suppose bge0 is plumbed for IPv4 and in group "a".
3627 		 * If we're now plumbing bge0 for IPv6, but the IPMP group
3628 		 * interface for "a" is not plumbed for IPv6, the SIOCSLIFNAME
3629 		 * will kick bge0 out of group "a", which is undesired.
3630 		 */
3631 		if (create_ipmp_peer(af, ifname) == -1) {
3632 			(void) fprintf(stderr, "ifconfig: warning: cannot "
3633 			    "create %s IPMP group; %s will be removed from "
3634 			    "group\n", af == AF_INET ? "IPv4" : "IPv6", ifname);
3635 		}
3636 
3637 		lifr.lifr_ppa = ifsp.ifsp_ppa;
3638 		lifr.lifr_flags = flags;
3639 		(void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ);
3640 		retval = ioctl(ip_fd, SIOCSLIFNAME, &lifr);
3641 	}
3642 
3643 	if (retval == -1) {
3644 		if (errno != EEXIST)
3645 			Perror0_exit("SIOCSLIFNAME for ip");
3646 		/*
3647 		 * This difference between the way we behave for EEXIST
3648 		 * and that with other errors exists to preserve legacy
3649 		 * behaviour. Earlier when foreachinterface() and matchif()
3650 		 * were doing the duplicate interface name checks, for
3651 		 * already existing interfaces, inetplumb() returned "0".
3652 		 * To preserve this behaviour, Perror0() and return are
3653 		 * called for EEXIST.
3654 		 */
3655 		Perror0("SIOCSLIFNAME for ip");
3656 		return (-1);
3657 	}
3658 
3659 	/* Get the full set of existing flags for this stream */
3660 	if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1)
3661 		Perror0_exit("ifplumb: SIOCGLIFFLAGS");
3662 
3663 	if (debug) {
3664 		(void) printf("ifconfig: ifplumb: %s got flags:\n",
3665 		    lifr.lifr_name);
3666 		print_flags(lifr.lifr_flags);
3667 		(void) putchar('\n');
3668 	}
3669 
3670 	/*
3671 	 * Open "/dev/udp" for use as a multiplexor to PLINK the
3672 	 * interface stream under. We use "/dev/udp" instead of "/dev/ip"
3673 	 * since STREAMS will not let you PLINK a driver under itself,
3674 	 * and "/dev/ip" is typically the driver at the bottom of
3675 	 * the stream for tunneling interfaces.
3676 	 */
3677 	if (af == AF_INET6)
3678 		udp_dev_name = UDP6_DEV_NAME;
3679 	else
3680 		udp_dev_name = UDP_DEV_NAME;
3681 	if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1)
3682 		exit(EXIT_FAILURE);
3683 
3684 	/* Check if arp is not needed */
3685 	if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) {
3686 		/*
3687 		 * PLINK the interface stream so that ifconfig can exit
3688 		 * without tearing down the stream.
3689 		 */
3690 		if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1)
3691 			Perror0_exit("I_PLINK for ip");
3692 		(void) close(mux_fd);
3693 		return (lifr.lifr_ppa);
3694 	}
3695 
3696 	/*
3697 	 * This interface does use ARP, so set up a separate stream
3698 	 * from the interface to ARP.
3699 	 */
3700 	if (debug)
3701 		(void) printf("ifconfig: ifplumb: interface %s", ifname);
3702 
3703 	retval = dlpi_open(linkname, &dh_arp, dlpi_flags);
3704 	if (retval != DLPI_SUCCESS)
3705 		Perrdlpi_exit("cannot open link", linkname, retval);
3706 
3707 	arp_fd = dlpi_fd(dh_arp);
3708 	if (ioctl(arp_fd, I_PUSH, ARP_MOD_NAME) == -1)
3709 		Perror2_exit("I_PUSH", ARP_MOD_NAME);
3710 
3711 	/*
3712 	 * Tell ARP the name and unit number for this interface.
3713 	 * Note that arp has no support for transparent ioctls.
3714 	 */
3715 	if (strioctl(arp_fd, SIOCSLIFNAME, &lifr, sizeof (lifr)) == -1) {
3716 		if (errno != EEXIST)
3717 			Perror0_exit("SIOCSLIFNAME for arp");
3718 		Perror0("SIOCSLIFNAME for arp");
3719 		goto out;
3720 	}
3721 
3722 	/*
3723 	 * PLINK the IP and ARP streams so that ifconfig can exit
3724 	 * without tearing down the stream.
3725 	 */
3726 	if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1)
3727 		Perror0_exit("I_PLINK for ip");
3728 	if ((arp_muxid = ioctl(mux_fd, I_PLINK, arp_fd)) == -1) {
3729 		(void) ioctl(mux_fd, I_PUNLINK, ip_muxid);
3730 		Perror0_exit("I_PLINK for arp");
3731 	}
3732 
3733 	if (debug)
3734 		(void) printf("arp muxid = %d\n", arp_muxid);
3735 out:
3736 	dlpi_close(dh_ip);
3737 	dlpi_close(dh_arp);
3738 	(void) close(mux_fd);
3739 	return (lifr.lifr_ppa);
3740 }
3741 
3742 /*
3743  * If this is a physical interface then remove it.
3744  * If it is a logical interface name use SIOCLIFREMOVEIF to
3745  * remove it. In both cases fail if it doesn't exist.
3746  */
3747 /* ARGSUSED */
3748 static int
3749 inetunplumb(char *arg, int64_t param)
3750 {
3751 	int ip_muxid, arp_muxid;
3752 	int mux_fd;
3753 	int muxid_fd;
3754 	char *udp_dev_name;
3755 	char *strptr;
3756 	uint64_t flags;
3757 	boolean_t changed_arp_muxid = _B_FALSE;
3758 	int save_errno;
3759 	boolean_t v6 = (afp->af_af == AF_INET6);
3760 
3761 	strptr = strchr(name, ':');
3762 	if (strptr != NULL || strcmp(name, LOOPBACK_IF) == 0) {
3763 		/* Can't unplumb logical interface zero */
3764 		if (strptr != NULL && strcmp(strptr, ":0") == 0) {
3765 			(void) fprintf(stderr, "ifconfig: unplumb:"
3766 			    " Cannot unplumb %s: Invalid interface\n", name);
3767 			exit(1);
3768 		}
3769 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3770 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3771 
3772 		if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0)
3773 			Perror0_exit("unplumb: SIOCLIFREMOVEIF");
3774 		return (0);
3775 	}
3776 
3777 	/*
3778 	 * We used /dev/udp or udp6 to set up the mux. So we have to use
3779 	 * the same now for PUNLINK also.
3780 	 */
3781 	if (v6)
3782 		udp_dev_name = UDP6_DEV_NAME;
3783 	else
3784 		udp_dev_name = UDP_DEV_NAME;
3785 
3786 	if ((muxid_fd = open(udp_dev_name, O_RDWR)) == -1)
3787 		exit(EXIT_FAILURE);
3788 
3789 	if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1)
3790 		exit(EXIT_FAILURE);
3791 
3792 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3793 	if (ioctl(muxid_fd, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
3794 		Perror0_exit("unplumb: SIOCGLIFFLAGS");
3795 	}
3796 	flags = lifr.lifr_flags;
3797 again:
3798 	if (flags & IFF_IPMP) {
3799 		lifgroupinfo_t lifgr;
3800 		ifaddrlistx_t *ifaddrs, *ifaddrp;
3801 
3802 		/*
3803 		 * There are two reasons the I_PUNLINK can fail with EBUSY:
3804 		 * (1) if IP interfaces are in the group, or (2) if IPMP data
3805 		 * addresses are administratively up.  For case (1), we fail
3806 		 * here with a specific error message.  For case (2), we bring
3807 		 * down the addresses prior to doing the I_PUNLINK.  If the
3808 		 * I_PUNLINK still fails with EBUSY then the configuration
3809 		 * must have changed after our checks, in which case we branch
3810 		 * back up to `again' and rerun this logic.  The net effect is
3811 		 * that unplumbing an IPMP interface will only fail with EBUSY
3812 		 * if IP interfaces are in the group.
3813 		 */
3814 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) == -1)
3815 			Perror0_exit("unplumb: SIOCGLIFGROUPNAME");
3816 
3817 		(void) strlcpy(lifgr.gi_grname, lifr.lifr_groupname,
3818 		    LIFGRNAMSIZ);
3819 		if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1)
3820 			Perror0_exit("unplumb: SIOCGLIFGROUPINFO");
3821 
3822 		if ((v6 && lifgr.gi_nv6 != 0) || (!v6 && lifgr.gi_nv4 != 0)) {
3823 			(void) fprintf(stderr, "ifconfig: %s: cannot unplumb:"
3824 			    " IPMP group is not empty\n", name);
3825 			exit(1);
3826 		}
3827 
3828 		/*
3829 		 * The kernel will fail the I_PUNLINK if the IPMP interface
3830 		 * has administratively up addresses; bring 'em down.
3831 		 */
3832 		if (ifaddrlistx(name, IFF_UP|IFF_DUPLICATE, 0, &ifaddrs) == -1)
3833 			Perror2_exit(name, "cannot get address list");
3834 
3835 		ifaddrp = ifaddrs;
3836 		for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
3837 			if (((ifaddrp->ia_flags & IFF_IPV6) && !v6) ||
3838 			    (!(ifaddrp->ia_flags & IFF_IPV6) && v6))
3839 				continue;
3840 
3841 			if (!ifaddr_down(ifaddrp)) {
3842 				Perror2_exit(ifaddrp->ia_name,
3843 				    "cannot bring down");
3844 			}
3845 		}
3846 		ifaddrlistx_free(ifaddrs);
3847 	}
3848 
3849 	if (ioctl(muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
3850 		Perror0_exit("unplumb: SIOCGLIFMUXID");
3851 	}
3852 	arp_muxid = lifr.lifr_arp_muxid;
3853 	ip_muxid = lifr.lifr_ip_muxid;
3854 	/*
3855 	 * We don't have a good way of knowing whether the arp stream is
3856 	 * plumbed. We can't rely on IFF_NOARP because someone could
3857 	 * have turned it off later using "ifconfig xxx -arp".
3858 	 */
3859 	if (arp_muxid != 0) {
3860 		if (debug)
3861 			(void) printf("arp_muxid %d\n", arp_muxid);
3862 		if (ioctl(mux_fd, I_PUNLINK, arp_muxid) < 0) {
3863 			/*
3864 			 * See the comment before the SIOCGLIFGROUPNAME call.
3865 			 */
3866 			if (errno == EBUSY && (flags & IFF_IPMP))
3867 				goto again;
3868 
3869 			if ((errno == EINVAL) &&
3870 			    (flags & (IFF_NOARP | IFF_IPV6))) {
3871 				/*
3872 				 * Some plumbing utilities set the muxid to
3873 				 * -1 or some invalid value to signify that
3874 				 * there is no arp stream. Set the muxid to 0
3875 				 * before trying to unplumb the IP stream.
3876 				 * IP does not allow the IP stream to be
3877 				 * unplumbed if it sees a non-null arp muxid,
3878 				 * for consistency of IP-ARP streams.
3879 				 */
3880 				lifr.lifr_arp_muxid = 0;
3881 				(void) ioctl(muxid_fd, SIOCSLIFMUXID,
3882 				    (caddr_t)&lifr);
3883 				changed_arp_muxid = _B_TRUE;
3884 			} else {
3885 				Perror0("I_PUNLINK for arp");
3886 			}
3887 		}
3888 	}
3889 	if (debug)
3890 		(void) printf("ip_muxid %d\n", ip_muxid);
3891 
3892 	if (ioctl(mux_fd, I_PUNLINK, ip_muxid) < 0) {
3893 		if (changed_arp_muxid) {
3894 			/*
3895 			 * Some error occurred, and we need to restore
3896 			 * everything back to what it was.
3897 			 */
3898 			save_errno = errno;
3899 			lifr.lifr_arp_muxid = arp_muxid;
3900 			lifr.lifr_ip_muxid = ip_muxid;
3901 			(void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
3902 			errno = save_errno;
3903 		}
3904 
3905 		/*
3906 		 * See the comment before the SIOCGLIFGROUPNAME call.
3907 		 */
3908 		if (errno == EBUSY && (flags & IFF_IPMP))
3909 			goto again;
3910 
3911 		Perror0_exit("I_PUNLINK for ip");
3912 	}
3913 	(void) close(mux_fd);
3914 	(void) close(muxid_fd);
3915 	return (0);
3916 }
3917 
3918 /*
3919  * If this is a physical interface then create it unless it is already
3920  * present. If it is a logical interface name use SIOCLIFADDIF to
3921  * create and (and fail it if already exists.)
3922  * As a special case send SIOCLIFADDIF for the loopback interface. This
3923  * is needed since there is no other notion of plumbing the loopback
3924  * interface.
3925  */
3926 /* ARGSUSED */
3927 static int
3928 inetplumb(char *arg, int64_t param)
3929 {
3930 	char		*strptr;
3931 	boolean_t	islo;
3932 	zoneid_t	zoneid;
3933 	datalink_id_t	linkid;
3934 
3935 	strptr = strchr(name, ':');
3936 	islo = (strcmp(name, LOOPBACK_IF) == 0);
3937 
3938 	if (strptr != NULL || islo) {
3939 		(void) memset(&lifr, 0, sizeof (lifr));
3940 		(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3941 		if (islo && ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) {
3942 			if (debug) {
3943 				(void) fprintf(stderr,
3944 				    "ifconfig: %s already exists\n", name);
3945 			}
3946 			return (0);
3947 		}
3948 		if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) {
3949 			if (errno == EEXIST) {
3950 				if (debug) {
3951 					(void) fprintf(stderr,
3952 					    "ifconfig: %s already exists\n",
3953 					    name);
3954 				}
3955 			} else {
3956 				Perror2_exit("plumb: SIOCLIFADDIF", name);
3957 			}
3958 		}
3959 		return (0);
3960 	}
3961 
3962 	/*
3963 	 * If we're in the global zone and we're plumbing a datalink, make
3964 	 * sure that the datalink is not assigned to a non-global zone.  Note
3965 	 * that the non-global zones don't need this check, because zoneadm
3966 	 * has taken care of this when the zones boot.
3967 	 */
3968 	zoneid = getzoneid();
3969 	if (zoneid == GLOBAL_ZONEID &&
3970 	    ifconfig_dladm_open(name, DATALINK_CLASS_ALL, &linkid) ==
3971 	    DLADM_STATUS_OK) {
3972 		int ret;
3973 
3974 		zoneid = ALL_ZONES;
3975 		ret = zone_check_datalink(&zoneid, linkid);
3976 		if (ret == 0) {
3977 			char zonename[ZONENAME_MAX];
3978 
3979 			(void) getzonenamebyid(zoneid, zonename, ZONENAME_MAX);
3980 			(void) fprintf(stderr, "%s is used by non-global"
3981 			    "zone: %s\n", name, zonename);
3982 			return (1);
3983 		}
3984 	}
3985 
3986 	if (debug)
3987 		(void) printf("inetplumb: %s af %d\n", name, afp->af_af);
3988 
3989 	(void) ifplumb(name, name, _B_FALSE, afp->af_af);
3990 	return (0);
3991 }
3992 
3993 /* ARGSUSED */
3994 static int
3995 inetipmp(char *arg, int64_t param)
3996 {
3997 	int retval;
3998 
3999 	/*
4000 	 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb".
4001 	 * Otherwise, try to create the requested IPMP interface.
4002 	 */
4003 	if (strchr(name, ':') != NULL)
4004 		retval = inetplumb(arg, param);
4005 	else
4006 		retval = create_ipmp(name, afp->af_af, name, _B_FALSE);
4007 
4008 	/*
4009 	 * We'd return -1, but foreachinterface() doesn't propagate the error
4010 	 * into the exit status, so we're forced to explicitly exit().
4011 	 */
4012 	if (retval == -1)
4013 		exit(1);
4014 	return (0);
4015 }
4016 
4017 /*
4018  * Create an IPMP group `grname' with address family `af'.  If `ifname' is
4019  * non-NULL, it specifies the interface name to use.  Otherwise, use the name
4020  * ipmpN, where N corresponds to the lowest available integer.  If `implicit'
4021  * is set, then the group is being created as a side-effect of placing an
4022  * underlying interface in a group.  Also start in.mpathd if necessary.
4023  */
4024 static int
4025 create_ipmp(const char *grname, int af, const char *ifname, boolean_t implicit)
4026 {
4027 	int ppa;
4028 	static int ipmp_daemon_started;
4029 
4030 	if (debug) {
4031 		(void) printf("create_ipmp: ifname %s grname %s af %d\n",
4032 		    ifname != NULL ? ifname : "NULL", grname, af);
4033 	}
4034 
4035 	if (ifname != NULL)
4036 		ppa = ifplumb(IPMPSTUB, ifname, _B_FALSE, af);
4037 	else
4038 		ppa = ifplumb(IPMPSTUB, "ipmp", _B_TRUE, af);
4039 
4040 	if (ppa == -1) {
4041 		Perror2(grname, "cannot create IPMP interface");
4042 		return (-1);
4043 	}
4044 
4045 	if (ifname != NULL)
4046 		(void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ);
4047 	else
4048 		(void) snprintf(lifr.lifr_name, LIFNAMSIZ, "ipmp%d", ppa);
4049 
4050 	/*
4051 	 * To preserve backward-compatibility, always bring up the link-local
4052 	 * address for implicitly-created IPv6 IPMP interfaces.
4053 	 */
4054 	if (implicit && af == AF_INET6) {
4055 		if (ioctl(s6, SIOCGLIFFLAGS, &lifr) == 0) {
4056 			lifr.lifr_flags |= IFF_UP;
4057 			(void) ioctl(s6, SIOCSLIFFLAGS, &lifr);
4058 		}
4059 	}
4060 
4061 	/*
4062 	 * If the caller requested a different group name, issue a
4063 	 * SIOCSLIFGROUPNAME on the new IPMP interface.
4064 	 */
4065 	if (strcmp(lifr.lifr_name, grname) != 0) {
4066 		(void) strlcpy(lifr.lifr_groupname, grname, LIFGRNAMSIZ);
4067 		if (ioctl(s, SIOCSLIFGROUPNAME, &lifr) == -1) {
4068 			Perror0("SIOCSLIFGROUPNAME");
4069 			return (-1);
4070 		}
4071 	}
4072 
4073 	/*
4074 	 * If we haven't done so yet, ensure in.mpathd is started.
4075 	 */
4076 	if (ipmp_daemon_started++ == 0)
4077 		start_ipmp_daemon();
4078 
4079 	return (0);
4080 }
4081 
4082 /*
4083  * Check if `ifname' is plumbed and in an IPMP group on its "other" address
4084  * family.  If so, create a matching IPMP group for address family `af'.
4085  */
4086 static int
4087 create_ipmp_peer(int af, const char *ifname)
4088 {
4089 	int		fd;
4090 	lifgroupinfo_t	lifgr;
4091 
4092 	assert(af == AF_INET || af == AF_INET6);
4093 
4094 	/*
4095 	 * Get the socket for the "other" address family.
4096 	 */
4097 	fd = (af == AF_INET) ? s6 : s4;
4098 
4099 	(void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ);
4100 	if (ioctl(fd, SIOCGLIFGROUPNAME, &lifr) != 0)
4101 		return (0);
4102 
4103 	(void) strlcpy(lifgr.gi_grname, lifr.lifr_groupname, LIFGRNAMSIZ);
4104 	if (ioctl(fd, SIOCGLIFGROUPINFO, &lifgr) != 0)
4105 		return (0);
4106 
4107 	/*
4108 	 * If `ifname' *is* the IPMP group interface, or if the relevant
4109 	 * address family is already configured, then there's nothing to do.
4110 	 */
4111 	if (strcmp(lifgr.gi_grifname, ifname) == 0 ||
4112 	    (af == AF_INET && lifgr.gi_v4) || (af == AF_INET6 && lifgr.gi_v6))
4113 		return (0);
4114 
4115 	return (create_ipmp(lifgr.gi_grname, af, lifgr.gi_grifname, _B_TRUE));
4116 }
4117 
4118 /*
4119  * Start in.mpathd if it's not already running.
4120  */
4121 static void
4122 start_ipmp_daemon(void)
4123 {
4124 	int retval;
4125 	ipmp_handle_t ipmp_handle;
4126 
4127 	/*
4128 	 * Ping in.mpathd to see if it's running already.
4129 	 */
4130 	if ((retval = ipmp_open(&ipmp_handle)) != IPMP_SUCCESS) {
4131 		(void) fprintf(stderr, "ifconfig: cannot create IPMP handle: "
4132 		    "%s\n", ipmp_errmsg(retval));
4133 		return;
4134 	}
4135 
4136 	retval = ipmp_ping_daemon(ipmp_handle);
4137 	ipmp_close(ipmp_handle);
4138 
4139 	switch (retval) {
4140 	case IPMP_ENOMPATHD:
4141 		break;
4142 	case IPMP_SUCCESS:
4143 		return;
4144 	default:
4145 		(void) fprintf(stderr, "ifconfig: cannot ping in.mpathd: %s\n",
4146 		    ipmp_errmsg(retval));
4147 		break;
4148 	}
4149 
4150 	/*
4151 	 * Start in.mpathd.  Note that in.mpathd will handle multiple
4152 	 * incarnations (ipmp_ping_daemon() is just an optimization) so we
4153 	 * don't need to worry about racing with another ifconfig process.
4154 	 */
4155 	switch (fork()) {
4156 	case -1:
4157 		Perror0_exit("start_ipmp_daemon: fork");
4158 		/* NOTREACHED */
4159 	case 0:
4160 		(void) execl(MPATHD_PATH, MPATHD_PATH, NULL);
4161 		_exit(1);
4162 		/* NOTREACHED */
4163 	default:
4164 		break;
4165 	}
4166 }
4167 
4168 /*
4169  * Bring the address named by `ifaddrp' up or down.  Doesn't trust any mutable
4170  * values in ia_flags since they may be stale.
4171  */
4172 static boolean_t
4173 ifaddr_op(ifaddrlistx_t *ifaddrp, boolean_t up)
4174 {
4175 	struct lifreq	lifrl;	/* Local lifreq struct */
4176 	int		fd = (ifaddrp->ia_flags & IFF_IPV4) ? s4 : s6;
4177 
4178 	(void) memset(&lifrl, 0, sizeof (lifrl));
4179 	(void) strlcpy(lifrl.lifr_name, ifaddrp->ia_name, LIFNAMSIZ);
4180 	if (ioctl(fd, SIOCGLIFFLAGS, &lifrl) == -1)
4181 		return (_B_FALSE);
4182 
4183 	if (up)
4184 		lifrl.lifr_flags |= IFF_UP;
4185 	else
4186 		lifrl.lifr_flags &= ~IFF_UP;
4187 
4188 	if (ioctl(fd, SIOCSLIFFLAGS, &lifrl) == -1)
4189 		return (_B_FALSE);
4190 
4191 	/*
4192 	 * If we're trying to bring the address down, ensure that DAD activity
4193 	 * (observable by IFF_DUPLICATE) has also been stopped.
4194 	 */
4195 	if (!up && ioctl(fd, SIOCGLIFFLAGS, &lifrl) != -1 &&
4196 	    lifrl.lifr_flags & IFF_DUPLICATE) {
4197 		if (ioctl(fd, SIOCGLIFADDR, &lifrl) == -1 ||
4198 		    ioctl(fd, SIOCSLIFADDR, &lifrl) == -1) {
4199 			return (_B_FALSE);
4200 		}
4201 	}
4202 	return (_B_TRUE);
4203 }
4204 
4205 static boolean_t
4206 ifaddr_up(ifaddrlistx_t *ifaddrp)
4207 {
4208 	return (ifaddr_op(ifaddrp, _B_TRUE));
4209 }
4210 
4211 static boolean_t
4212 ifaddr_down(ifaddrlistx_t *ifaddrp)
4213 {
4214 	return (ifaddr_op(ifaddrp, _B_FALSE));
4215 }
4216 
4217 /*
4218  * Open the global libdladm handle "dlh" if it isn't already opened.  The
4219  * caller may optionally supply a link name to obtain its linkid.  If a link
4220  * of a specific class or classes is required, reqclass specifies the class
4221  * mask.
4222  */
4223 static dladm_status_t
4224 ifconfig_dladm_open(const char *name, datalink_class_t reqclass,
4225     datalink_id_t *linkid)
4226 {
4227 	dladm_status_t status = DLADM_STATUS_OK;
4228 	datalink_class_t class;
4229 
4230 	if (!dlh_opened) {
4231 		if ((status = dladm_open(&dlh)) != DLADM_STATUS_OK)
4232 			return (status);
4233 		dlh_opened = _B_TRUE;
4234 	}
4235 	if (name != NULL) {
4236 		status = dladm_name2info(dlh, name, linkid, NULL, &class, NULL);
4237 		if (status == DLADM_STATUS_OK) {
4238 			if (!(class & reqclass))
4239 				status = DLADM_STATUS_LINKINVAL;
4240 		}
4241 	}
4242 	return (status);
4243 }
4244 
4245 void
4246 dladmerr_exit(dladm_status_t status, const char *str)
4247 {
4248 	char errstr[DLADM_STRSIZE];
4249 
4250 	(void) fprintf(stderr, "%s: %s\n", str,
4251 	    dladm_status2str(status, errstr));
4252 	exit(1);
4253 }
4254 
4255 void
4256 Perror0(const char *cmd)
4257 {
4258 	Perror2(cmd, lifr.lifr_name);
4259 }
4260 
4261 void
4262 Perror0_exit(const char *cmd)
4263 {
4264 	Perror0(cmd);
4265 	exit(1);
4266 }
4267 
4268 void
4269 Perror2(const char *cmd, const char *str)
4270 {
4271 	int error = errno;
4272 
4273 	(void) fprintf(stderr, "ifconfig: %s: ", cmd);
4274 
4275 	switch (error) {
4276 	case ENXIO:
4277 		(void) fprintf(stderr, "%s: no such interface\n", str);
4278 		break;
4279 	case EPERM:
4280 		(void) fprintf(stderr, "%s: permission denied\n", str);
4281 		break;
4282 	case EEXIST:
4283 		(void) fprintf(stderr, "%s: already exists\n", str);
4284 		break;
4285 	default:
4286 		errno = error;
4287 		perror(str);
4288 	}
4289 }
4290 
4291 /*
4292  * Print out error message (Perror2()) and exit
4293  */
4294 void
4295 Perror2_exit(const char *cmd, const char *str)
4296 {
4297 	Perror2(cmd, str);
4298 	exit(1);
4299 	/* NOTREACHED */
4300 }
4301 
4302 void
4303 Perrdlpi(const char *cmd, const char *linkname, int err)
4304 {
4305 	(void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd,
4306 	    linkname, dlpi_strerror(err));
4307 }
4308 
4309 /*
4310  * Print out error message (Perrdlpi()) and exit
4311  */
4312 void
4313 Perrdlpi_exit(const char *cmd, const char *linkname, int err)
4314 {
4315 	Perrdlpi(cmd, linkname, err);
4316 	exit(1);
4317 }
4318 
4319 /*
4320  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4321  * pass out <n> in *plenp.
4322  * If <n> doesn't parse return BAD_ADDR as *plenp.
4323  * If no /<n> is present return NO_PREFIX as *plenp.
4324  */
4325 static void
4326 in_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4327 {
4328 	/* LINTED: alignment */
4329 	struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
4330 	struct hostent *hp;
4331 	struct netent *np;
4332 	char str[BUFSIZ];
4333 	int error_num;
4334 
4335 	(void) strncpy(str, s, sizeof (str));
4336 
4337 	/*
4338 	 * Look for '/'<n> is plenp
4339 	 */
4340 	if (plenp != NULL) {
4341 		char *cp;
4342 
4343 		*plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS);
4344 		if (*plenp == BAD_ADDR)
4345 			return;
4346 		cp = strchr(str, '/');
4347 		if (cp != NULL)
4348 			*cp = '\0';
4349 	} else if (strchr(str, '/') != NULL) {
4350 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4351 		exit(1);
4352 	}
4353 
4354 	(void) memset(sin, 0, sizeof (*sin));
4355 
4356 	/*
4357 	 *	Try to catch attempts to set the broadcast address to all 1's.
4358 	 */
4359 	if (strcmp(str, "255.255.255.255") == 0 ||
4360 	    (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) {
4361 		sin->sin_family = AF_INET;
4362 		sin->sin_addr.s_addr = 0xffffffff;
4363 		return;
4364 	}
4365 
4366 	hp = getipnodebyname(str, AF_INET, 0, &error_num);
4367 	if (hp) {
4368 		sin->sin_family = hp->h_addrtype;
4369 		(void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
4370 		freehostent(hp);
4371 		return;
4372 	}
4373 	np = getnetbyname(str);
4374 	if (np) {
4375 		sin->sin_family = np->n_addrtype;
4376 		sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY);
4377 		return;
4378 	}
4379 	if (error_num == TRY_AGAIN) {
4380 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4381 		    "(try again later)\n", s);
4382 	} else {
4383 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4384 	}
4385 	exit(1);
4386 }
4387 
4388 /*
4389  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4390  * pass out <n> in *plenp.
4391  * If <n> doesn't parse return BAD_ADDR as *plenp.
4392  * If no /<n> is present return NO_PREFIX as *plenp.
4393  */
4394 static void
4395 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4396 {
4397 	/* LINTED: alignment */
4398 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
4399 	struct hostent *hp;
4400 	char str[BUFSIZ];
4401 	int error_num;
4402 
4403 	(void) strncpy(str, s, sizeof (str));
4404 
4405 	/*
4406 	 * Look for '/'<n> is plenp
4407 	 */
4408 	if (plenp != NULL) {
4409 		char *cp;
4410 
4411 		*plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS);
4412 		if (*plenp == BAD_ADDR)
4413 			return;
4414 		cp = strchr(str, '/');
4415 		if (cp != NULL)
4416 			*cp = '\0';
4417 	} else if (strchr(str, '/') != NULL) {
4418 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4419 		exit(1);
4420 	}
4421 
4422 	(void) memset(sin6, 0, sizeof (*sin6));
4423 
4424 	hp = getipnodebyname(str, AF_INET6, 0, &error_num);
4425 	if (hp) {
4426 		sin6->sin6_family = hp->h_addrtype;
4427 		(void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length);
4428 		freehostent(hp);
4429 		return;
4430 	}
4431 	if (error_num == TRY_AGAIN) {
4432 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4433 		    "(try again later)\n", s);
4434 	} else {
4435 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4436 	}
4437 	exit(1);
4438 }
4439 
4440 /*
4441  * If "slash" is zero this parses the whole string as
4442  * an integer. With "slash" non zero it parses the tail part as an integer.
4443  *
4444  * If it is not a valid integer this returns BAD_ADDR.
4445  * If there is /<n> present this returns NO_PREFIX.
4446  */
4447 static int
4448 in_getprefixlen(char *addr, boolean_t slash, int max_plen)
4449 {
4450 	int prefixlen;
4451 	char *str, *end;
4452 
4453 	if (slash) {
4454 		str = strchr(addr, '/');
4455 		if (str == NULL)
4456 			return (NO_PREFIX);
4457 		str++;
4458 	} else
4459 		str = addr;
4460 
4461 	prefixlen = strtol(str, &end, 10);
4462 	if (prefixlen < 0)
4463 		return (BAD_ADDR);
4464 	if (str == end)
4465 		return (BAD_ADDR);
4466 	if (max_plen != 0 && max_plen < prefixlen)
4467 		return (BAD_ADDR);
4468 	return (prefixlen);
4469 }
4470 
4471 /*
4472  * Convert a prefix length to a mask.
4473  * Returns 1 if ok. 0 otherwise.
4474  * Assumes the mask array is zero'ed by the caller.
4475  */
4476 static boolean_t
4477 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask)
4478 {
4479 	if (prefixlen < 0 || prefixlen > maxlen)
4480 		return (0);
4481 
4482 	while (prefixlen > 0) {
4483 		if (prefixlen >= 8) {
4484 			*mask++ = 0xFF;
4485 			prefixlen -= 8;
4486 			continue;
4487 		}
4488 		*mask |= 1 << (8 - prefixlen);
4489 		prefixlen--;
4490 	}
4491 	return (1);
4492 }
4493 
4494 static void
4495 print_flags(uint64_t flags)
4496 {
4497 	boolean_t first = _B_TRUE;
4498 	int cnt, i;
4499 
4500 	(void) printf("flags=%llx", flags);
4501 	cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t);
4502 	for (i = 0; i < cnt; i++) {
4503 		if (flags & if_flags_tbl[i].iff_value) {
4504 			if (first) {
4505 				(void) printf("<");
4506 				first = _B_FALSE;
4507 			} else {
4508 				/*
4509 				 * It has to be here and not with the
4510 				 * printf below because for the last one,
4511 				 * we don't want a comma before the ">".
4512 				 */
4513 				(void) printf(",");
4514 			}
4515 			(void) printf("%s", if_flags_tbl[i].iff_name);
4516 		}
4517 	}
4518 	if (!first)
4519 		(void) printf(">");
4520 }
4521 
4522 static void
4523 print_config_flags(int af, uint64_t flags)
4524 {
4525 	if_config_cmd_t *cmdp;
4526 
4527 	for (cmdp = if_config_cmd_tbl; cmdp->iff_flag != 0; cmdp++) {
4528 		if ((flags & cmdp->iff_flag) &&
4529 		    (cmdp->iff_af == AF_UNSPEC || cmdp->iff_af == af)) {
4530 			(void) printf("%s ", cmdp->iff_name);
4531 		}
4532 	}
4533 }
4534 
4535 /*
4536  * Use the configured directory lookup mechanism (e.g. files/NIS/NIS+/...)
4537  * to find the network mask.  Returns true if we found one to set.
4538  *
4539  * The parameter addr_set controls whether we should get the address of
4540  * the working interface for the netmask query.  If addr_set is true,
4541  * we will use the address provided.  Otherwise, we will find the working
4542  * interface's address and use it instead.
4543  */
4544 static boolean_t
4545 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set)
4546 {
4547 	struct sockaddr_in ifaddr;
4548 
4549 	/*
4550 	 * Read the address from the interface if it is not passed in.
4551 	 */
4552 	if (!addr_set) {
4553 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4554 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
4555 			if (errno != EADDRNOTAVAIL) {
4556 				(void) fprintf(stderr, "Need net number for "
4557 				    "mask\n");
4558 			}
4559 			return (_B_FALSE);
4560 		}
4561 		ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr);
4562 	} else {
4563 		ifaddr.sin_addr = saddr->sin_addr;
4564 	}
4565 	if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) {
4566 		saddr->sin_family = AF_INET;
4567 		return (_B_TRUE);
4568 	}
4569 	return (_B_FALSE);
4570 }
4571 
4572 static int
4573 lifnum(const char *ifname)
4574 {
4575 	const char *cp;
4576 
4577 	if ((cp = strchr(ifname, ':')) == NULL)
4578 		return (0);
4579 	else
4580 		return (atoi(cp + 1));
4581 }
4582 
4583 static int
4584 strioctl(int s, int cmd, void *buf, int buflen)
4585 {
4586 	struct strioctl ioc;
4587 
4588 	(void) memset(&ioc, 0, sizeof (ioc));
4589 	ioc.ic_cmd = cmd;
4590 	ioc.ic_timout = 0;
4591 	ioc.ic_len = buflen;
4592 	ioc.ic_dp = buf;
4593 	return (ioctl(s, I_STR, (char *)&ioc));
4594 }
4595 
4596 static void
4597 add_ni(const char *name)
4598 {
4599 	ni_t **pp;
4600 	ni_t *p;
4601 
4602 	for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) {
4603 		if (strcmp(p->ni_name, name) == 0) {
4604 			if (debug > 2)
4605 				(void) fprintf(stderr, "'%s' is a duplicate\n",
4606 				    name);
4607 			return;
4608 		}
4609 	}
4610 
4611 	if (debug > 2)
4612 		(void) fprintf(stderr, "adding '%s'\n",
4613 		    name);
4614 
4615 	if ((p = malloc(sizeof (ni_t))) == NULL)
4616 		return;
4617 
4618 	(void) strlcpy(p->ni_name, name, sizeof (p->ni_name));
4619 	p->ni_next = NULL;
4620 
4621 	*pp = p;
4622 	num_ni++;
4623 }
4624 
4625 static boolean_t
4626 ni_entry(const char *linkname, void *arg)
4627 {
4628 	dlpi_handle_t	dh;
4629 	datalink_class_t class;
4630 
4631 	(void) dladm_name2info(arg, linkname, NULL, NULL, &class, NULL);
4632 
4633 	if (class == DATALINK_CLASS_ETHERSTUB)
4634 		return (_B_FALSE);
4635 	if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS)
4636 		return (_B_FALSE);
4637 
4638 	add_ni(linkname);
4639 
4640 	dlpi_close(dh);
4641 	return (_B_FALSE);
4642 }
4643 
4644 /*
4645  * dhcp-related routines
4646  */
4647 
4648 static int
4649 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[])
4650 {
4651 	dhcp_ipc_request_t	*request;
4652 	dhcp_ipc_reply_t	*reply	= NULL;
4653 	int			timeout = DHCP_IPC_WAIT_DEFAULT;
4654 	dhcp_ipc_type_t		type	= DHCP_START;
4655 	int			error;
4656 	boolean_t		is_primary = _B_FALSE;
4657 	boolean_t		started = _B_FALSE;
4658 
4659 	for (argv++; --argc > 0; argv++) {
4660 
4661 		if (strcmp(*argv, "primary") == 0) {
4662 			is_primary = _B_TRUE;
4663 			continue;
4664 		}
4665 
4666 		if (strcmp(*argv, "wait") == 0) {
4667 			if (--argc <= 0) {
4668 				usage();
4669 				return (DHCP_EXIT_BADARGS);
4670 			}
4671 			argv++;
4672 
4673 			if (strcmp(*argv, "forever") == 0) {
4674 				timeout = DHCP_IPC_WAIT_FOREVER;
4675 				continue;
4676 			}
4677 
4678 			if (sscanf(*argv, "%d", &timeout) != 1) {
4679 				usage();
4680 				return (DHCP_EXIT_BADARGS);
4681 			}
4682 
4683 			if (timeout < 0) {
4684 				usage();
4685 				return (DHCP_EXIT_BADARGS);
4686 			}
4687 			continue;
4688 		}
4689 
4690 		type = dhcp_string_to_request(*argv);
4691 		if (type == -1) {
4692 			usage();
4693 			return (DHCP_EXIT_BADARGS);
4694 		}
4695 	}
4696 
4697 	/*
4698 	 * Only try to start agent on start or inform; in all other cases it
4699 	 * has to already be running for anything to make sense.
4700 	 */
4701 	if (type == DHCP_START || type == DHCP_INFORM) {
4702 		if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) {
4703 			(void) fprintf(stderr, "%s: unable to start %s\n",
4704 			    caller, DHCP_AGENT_PATH);
4705 			return (DHCP_EXIT_FAILURE);
4706 		}
4707 		started = _B_TRUE;
4708 	}
4709 
4710 	if (is_primary)
4711 		type |= DHCP_PRIMARY;
4712 
4713 	if (af != AF_INET)
4714 		type |= DHCP_V6;
4715 
4716 	request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE);
4717 	if (request == NULL) {
4718 		(void) fprintf(stderr, "%s: out of memory\n", caller);
4719 		return (DHCP_EXIT_SYSTEM);
4720 	}
4721 
4722 	error = dhcp_ipc_make_request(request, &reply, timeout);
4723 	if (error != 0) {
4724 		free(request);
4725 		/*
4726 		 * Re-map connect error to not under control if we didn't try a
4727 		 * start operation, as this has to be true and results in a
4728 		 * clearer message, not to mention preserving compatibility
4729 		 * with the days when we always started dhcpagent for every
4730 		 * request.
4731 		 */
4732 		if (error == DHCP_IPC_E_CONNECT && !started)
4733 			error = DHCP_IPC_E_UNKIF;
4734 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4735 		    dhcp_ipc_strerror(error));
4736 		return (DHCP_EXIT_FAILURE);
4737 	}
4738 
4739 	error = reply->return_code;
4740 	if (error != 0) {
4741 		free(request);
4742 		free(reply);
4743 
4744 		if (error == DHCP_IPC_E_TIMEOUT && timeout == 0)
4745 			return (DHCP_EXIT_SUCCESS);
4746 
4747 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4748 		    dhcp_ipc_strerror(error));
4749 
4750 		if (error == DHCP_IPC_E_TIMEOUT)
4751 			return (DHCP_EXIT_TIMEOUT);
4752 		else
4753 			return (DHCP_EXIT_IF_FAILURE);
4754 	}
4755 
4756 	if (DHCP_IPC_CMD(type) == DHCP_STATUS) {
4757 		(void) printf("%s", dhcp_status_hdr_string());
4758 		(void) printf("%s", dhcp_status_reply_to_string(reply));
4759 	}
4760 
4761 	free(request);
4762 	free(reply);
4763 	return (DHCP_EXIT_SUCCESS);
4764 }
4765 
4766 static void
4767 usage(void)
4768 {
4769 	(void) fprintf(stderr,
4770 	    "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n");
4771 
4772 	(void) fprintf(stderr, "%s",
4773 	    "\t[ <addr_family> ]\n"
4774 	    "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n"
4775 	    "\t[ set [ <address>][/<prefix_length>] ]"
4776 	    " [ <address>/<prefix_length>] ]\n"
4777 	    "\t[ destination <dest_address> ]\n"
4778 	    "\t[ addif <address>[/<prefix_length>]"
4779 	    "  [ <dest_address> ] ]\n"
4780 	    "\t[ removeif <address>[/<prefix_length>] ]\n"
4781 	    "\t[ arp | -arp ]\n"
4782 	    "\t[ auto-revarp ]\n"
4783 	    "\t[ broadcast <broad_addr> ]\n"
4784 	    "\t[ index <if_index> ]\n"
4785 	    "\t[ metric <n> ] [ mtu <n> ]\n"
4786 	    "\t[ netmask <mask> ]\n"
4787 	    "\t[ plumb ] [ unplumb ]\n"
4788 	    "\t[ preferred | -preferred ]\n"
4789 	    "\t[ private | -private ]\n"
4790 	    "\t[ local | -local ]\n"
4791 	    "\t[ router | -router ]\n"
4792 	    "\t[ subnet <subnet_address>]\n"
4793 	    "\t[ trailers | -trailers ]\n"
4794 	    "\t[ token <address>/<prefix_length> ]\n"
4795 	    "\t[ tsrc <tunnel_src_address> ]\n"
4796 	    "\t[ tdst <tunnel_dest_address> ]\n"
4797 	    "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n"
4798 	    "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n"
4799 	    "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n"
4800 	    "\t[ up ] [ down ]\n"
4801 	    "\t[ xmit | -xmit ]\n"
4802 	    "\t[ modlist ]\n"
4803 	    "\t[ modinsert <module_name@position> ]\n"
4804 	    "\t[ modremove <module_name@position> ]\n"
4805 	    "\t[ ipmp ]\n"
4806 	    "\t[ group <groupname>] | [ group \"\"]\n"
4807 	    "\t[ deprecated | -deprecated ]\n"
4808 	    "\t[ standby | -standby ]\n"
4809 	    "\t[ failover | -failover ]\n"
4810 	    "\t[ zone <zonename> | -zone ]\n"
4811 	    "\t[ usesrc <interface> ]\n"
4812 	    "\t[ all-zones ]\n");
4813 
4814 	(void) fprintf(stderr, "or\n");
4815 	(void) fprintf(stderr,
4816 	    "\tifconfig <interface> |  -a[ 4 | 6 | D ] [ u | d ]\n");
4817 
4818 	(void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n"
4819 	    "\t[ wait <time> | forever ]\n\t[ primary ]\n"
4820 	    "\tstart | drop | ping | release | status | inform\n");
4821 }
4822