xref: /titanic_50/usr/src/cmd/cmd-inet/usr.sbin/ifconfig/ifconfig.c (revision e7860364450c5bfee3d12a2a4d9fcde8b0a1c2b6)
1 /*
2  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 /*
6  * Copyright (c) 1983 Regents of the University of California.
7  * All rights reserved.  The Berkeley software License Agreement
8  * specifies the terms and conditions for redistribution.
9  */
10 
11 #include "defs.h"
12 #include "strings.h"
13 #include "ifconfig.h"
14 #include <compat.h>
15 #include <libdlpi.h>
16 #include <libdllink.h>
17 #include <libdliptun.h>
18 #include <libdllink.h>
19 #include <inet/ip.h>
20 #include <inet/ipsec_impl.h>
21 
22 #define	LOOPBACK_IF	"lo0"
23 #define	NONE_STR	"none"
24 #define	ARP_MOD_NAME	"arp"
25 #define	IPMPSTUB	(void *)-1
26 
27 typedef struct if_flags {
28 	uint64_t iff_value;
29 	char	*iff_name;
30 } if_flags_t;
31 
32 static if_flags_t	if_flags_tbl[] = {
33 	{ IFF_UP,		"UP" },
34 	{ IFF_BROADCAST,	"BROADCAST" },
35 	{ IFF_DEBUG,		"DEBUG" },
36 	{ IFF_LOOPBACK,		"LOOPBACK" },
37 	{ IFF_POINTOPOINT,	"POINTOPOINT" },
38 	{ IFF_NOTRAILERS,	"NOTRAILERS" },
39 	{ IFF_RUNNING,		"RUNNING" },
40 	{ IFF_NOARP,		"NOARP" },
41 	{ IFF_PROMISC,		"PROMISC" },
42 	{ IFF_ALLMULTI,		"ALLMULTI" },
43 	{ IFF_INTELLIGENT,	"INTELLIGENT" },
44 	{ IFF_MULTICAST,	"MULTICAST" },
45 	{ IFF_MULTI_BCAST,	"MULTI_BCAST" },
46 	{ IFF_UNNUMBERED,	"UNNUMBERED" },
47 	{ IFF_DHCPRUNNING,	"DHCP" },
48 	{ IFF_PRIVATE,		"PRIVATE" },
49 	{ IFF_NOXMIT,		"NOXMIT" },
50 	{ IFF_NOLOCAL,		"NOLOCAL" },
51 	{ IFF_DEPRECATED,	"DEPRECATED" },
52 	{ IFF_ADDRCONF,		"ADDRCONF" },
53 	{ IFF_ROUTER,		"ROUTER" },
54 	{ IFF_NONUD,		"NONUD" },
55 	{ IFF_ANYCAST,		"ANYCAST" },
56 	{ IFF_NORTEXCH,		"NORTEXCH" },
57 	{ IFF_IPV4,		"IPv4" },
58 	{ IFF_IPV6,		"IPv6" },
59 	{ IFF_NOFAILOVER,	"NOFAILOVER" },
60 	{ IFF_FAILED,		"FAILED" },
61 	{ IFF_STANDBY,		"STANDBY" },
62 	{ IFF_INACTIVE,		"INACTIVE" },
63 	{ IFF_OFFLINE,		"OFFLINE" },
64 	{ IFF_XRESOLV,		"XRESOLV" },
65 	{ IFF_COS_ENABLED,	"CoS" },
66 	{ IFF_PREFERRED,	"PREFERRED" },
67 	{ IFF_TEMPORARY,	"TEMPORARY" },
68 	{ IFF_FIXEDMTU,		"FIXEDMTU" },
69 	{ IFF_VIRTUAL,		"VIRTUAL" },
70 	{ IFF_DUPLICATE,	"DUPLICATE" },
71 	{ IFF_IPMP,		"IPMP"},
72 	{ IFF_VRRP,		"VRRP"},
73 	{ IFF_NOACCEPT,		"NOACCEPT"}
74 };
75 
76 typedef struct {
77 	const char		*ia_app;
78 	uint64_t		ia_flag;
79 	uint_t			ia_tries;
80 } if_appflags_t;
81 
82 static const if_appflags_t if_appflags_tbl[] = {
83 	{ "dhcpagent(1M)",	IFF_DHCPRUNNING,	1 },
84 	{ "in.ndpd(1M)",	IFF_ADDRCONF,		3 },
85 	{  NULL,		0,			0 }
86 };
87 
88 static dladm_handle_t	dlh;
89 boolean_t		dlh_opened;
90 static struct		lifreq lifr;
91 /* current interface name a particular function is accessing */
92 static char		name[LIFNAMSIZ];
93 /* foreach interface saved name */
94 static char		origname[LIFNAMSIZ];
95 static int		setaddr;
96 static boolean_t	ipsec_policy_set;
97 static boolean_t	ipsec_auth_covered;
98 
99 /*
100  * Make sure the algorithm variables hold more than the sizeof an algorithm
101  * in PF_KEY.  (For now, more than a uint8_t.)  The NO_***_?ALG indicates that
102  * there was no algorithm requested, and in the ipsec_req that service should
103  * be disabled.  (E.g. if ah_aalg remains NO_AH_AALG, then AH will be
104  * disabled on that tunnel.)
105  */
106 #define	NO_AH_AALG 256
107 #define	NO_ESP_AALG 256
108 #define	NO_ESP_EALG 256
109 
110 int	s, s4, s6;
111 int	af = AF_INET;	/* default address family */
112 int	debug = 0;
113 int	all = 0;	/* setifdhcp() needs to know this */
114 int	verbose = 0;
115 int	v4compat = 0;	/* Compatible printing format */
116 
117 /*
118  * Function prototypes for command functions.
119  */
120 static int	addif(char *arg, int64_t param);
121 static int	inetipmp(char *arg, int64_t param);
122 static int	inetplumb(char *arg, int64_t param);
123 static int	inetunplumb(char *arg, int64_t param);
124 static int	removeif(char *arg, int64_t param);
125 static int	setdebugflag(char *arg, int64_t param);
126 static int	setifaddr(char *arg, int64_t param);
127 static int	setifbroadaddr(char *arg, int64_t param);
128 static int	setifdstaddr(char *arg, int64_t param);
129 static int	setifether(char *arg, int64_t param);
130 static int	setifflags(char *arg, int64_t param);
131 static int	setifindex(char *arg, int64_t param);
132 static int	setifmetric(char *arg, int64_t param);
133 static int	setifmtu(char *arg, int64_t param);
134 static int	setifnetmask(char *arg, int64_t param);
135 static int	setifprefixlen(char *arg, int64_t param);
136 static int	setifrevarp(char *arg, int64_t param);
137 static int	setifsubnet(char *arg, int64_t param);
138 static int	setiftdst(char *arg, int64_t param);
139 static int	setiftoken(char *arg, int64_t param);
140 static int	setiftsrc(char *arg, int64_t param);
141 static int	setverboseflag(char *arg, int64_t param);
142 static int	set_tun_ah_alg(char *arg, int64_t param);
143 static int	set_tun_esp_auth_alg(char *arg, int64_t param);
144 static int	set_tun_esp_encr_alg(char *arg, int64_t param);
145 static int	modlist(char *arg, int64_t param);
146 static int	modinsert(char *arg, int64_t param);
147 static int	modremove(char *arg, int64_t param);
148 static int	setifgroupname(char *arg, int64_t param);
149 static int	configinfo(char *arg, int64_t param);
150 static void	print_config_flags(int af, uint64_t flags);
151 static void	print_flags(uint64_t flags);
152 static void	print_ifether(char *ifname);
153 static int	set_tun_encap_limit(char *arg, int64_t param);
154 static int	clr_tun_encap_limit(char *arg, int64_t param);
155 static int	set_tun_hop_limit(char *arg, int64_t param);
156 static int	setzone(char *arg, int64_t param);
157 static int	setallzones(char *arg, int64_t param);
158 static int	setifsrc(char *arg, int64_t param);
159 static int	lifnum(const char *ifname);
160 
161 /*
162  * Address family specific function prototypes.
163  */
164 static void	in_getaddr(char *s, struct sockaddr *saddr, int *plenp);
165 static void	in_status(int force, uint64_t flags);
166 static void	in_configinfo(int force, uint64_t flags);
167 static void	in6_getaddr(char *s, struct sockaddr *saddr, int *plenp);
168 static void	in6_status(int force, uint64_t flags);
169 static void	in6_configinfo(int force, uint64_t flags);
170 
171 /*
172  * Misc support functions
173  */
174 static boolean_t	ni_entry(const char *, void *);
175 static void	foreachinterface(void (*func)(), int argc, char *argv[],
176 		    int af, int64_t onflags, int64_t offflags,
177 		    int64_t lifc_flags);
178 static void	ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp);
179 static boolean_t	in_getmask(struct sockaddr_in *saddr,
180 			    boolean_t addr_set);
181 static int	in_getprefixlen(char *addr, boolean_t slash, int plen);
182 static boolean_t	in_prefixlentomask(int prefixlen, int maxlen,
183 			    uchar_t *mask);
184 static void	status(void);
185 static void	ifstatus(const char *);
186 static void	tun_status(datalink_id_t);
187 static void	usage(void);
188 static int	strioctl(int s, int cmd, void *buf, int buflen);
189 static int	setifdhcp(const char *caller, const char *ifname,
190 		    int argc, char *argv[]);
191 static int	ip_domux2fd(int *, int *, int *, int *, int *);
192 static int	ip_plink(int, int, int, int, int);
193 static int	modop(char *arg, char op);
194 static int	find_all_interfaces(struct lifconf *lifcp, char **buf,
195 		    int64_t lifc_flags);
196 static int	create_ipmp(const char *grname, int af, const char *ifname,
197 		    boolean_t implicit);
198 static int	create_ipmp_peer(int af, const char *ifname);
199 static void	start_ipmp_daemon(void);
200 static boolean_t ifaddr_up(ifaddrlistx_t *ifaddrp);
201 static boolean_t ifaddr_down(ifaddrlistx_t *ifaddrp);
202 static dladm_status_t	ifconfig_dladm_open(const char *, datalink_class_t,
203 		    datalink_id_t *);
204 static void	dladmerr_exit(dladm_status_t status, const char *str);
205 
206 #define	max(a, b)	((a) < (b) ? (b) : (a))
207 
208 /*
209  * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there
210  * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep
211  * on going rather than exit with an error.
212  */
213 
214 #define	DHCP_EXIT_IF_FAILURE	-1
215 
216 #define	NEXTARG		0xffffff	/* command takes an argument */
217 #define	OPTARG		0xfffffe 	/* command takes an optional argument */
218 #define	AF_ANY		(-1)
219 
220 /* Refer to the comments in ifconfig() on the netmask "hack" */
221 #define	NETMASK_CMD	"netmask"
222 struct sockaddr_storage	g_netmask;
223 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET }
224     g_netmask_set = G_NETMASK_NIL;
225 
226 struct	cmd {
227 	char		*c_name;
228 	int64_t		c_parameter;	/* NEXTARG means next argv */
229 	int		(*c_func)(char *, int64_t);
230 	int		c_abortonfail;	/* don't continue parsing args */
231 					/* for the current interface */
232 	int	c_af;			/* address family restrictions */
233 } cmds[] = {
234 	{ "up",		IFF_UP,		setifflags,	0,	AF_ANY },
235 	{ "down",	-IFF_UP,	setifflags,	0,	AF_ANY },
236 	{ "trailers",	-IFF_NOTRAILERS, setifflags,	0,	AF_ANY },
237 	{ "-trailers",	IFF_NOTRAILERS,	setifflags,	0,	AF_ANY },
238 	{ "arp",	-IFF_NOARP,	setifflags,	0,	AF_INET },
239 	{ "-arp",	IFF_NOARP,	setifflags,	0,	AF_INET },
240 	{ "router",	IFF_ROUTER,	setifflags,	0,	AF_ANY },
241 	{ "-router",	-IFF_ROUTER,	setifflags,	0,	AF_ANY },
242 	{ "private",	IFF_PRIVATE,	setifflags,	0,	AF_ANY },
243 	{ "-private",	-IFF_PRIVATE,	setifflags,	0,	AF_ANY },
244 	{ "xmit",	-IFF_NOXMIT,	setifflags,	0,	AF_ANY },
245 	{ "-xmit",	IFF_NOXMIT,	setifflags,	0,	AF_ANY },
246 	{ "-nud",	IFF_NONUD,	setifflags,	0,	AF_INET6 },
247 	{ "nud",	-IFF_NONUD,	setifflags,	0,	AF_INET6 },
248 	{ "anycast",	IFF_ANYCAST,	setifflags,	0,	AF_ANY },
249 	{ "-anycast",	-IFF_ANYCAST,	setifflags,	0,	AF_ANY },
250 	{ "local",	-IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
251 	{ "-local",	IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
252 	{ "deprecated",	IFF_DEPRECATED,	setifflags,	0,	AF_ANY },
253 	{ "-deprecated", -IFF_DEPRECATED, setifflags,	0,	AF_ANY },
254 	{ "preferred",	IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
255 	{ "-preferred",	-IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
256 	{ "debug",	0,		setdebugflag,	0,	AF_ANY },
257 	{ "verbose",	0,		setverboseflag,	0,	AF_ANY },
258 	{ NETMASK_CMD,	NEXTARG,	setifnetmask,	0,	AF_INET },
259 	{ "metric",	NEXTARG,	setifmetric,	0,	AF_ANY },
260 	{ "mtu",	NEXTARG,	setifmtu,	0,	AF_ANY },
261 	{ "index",	NEXTARG,	setifindex,	0,	AF_ANY },
262 	{ "broadcast",	NEXTARG,	setifbroadaddr,	0,	AF_INET },
263 	{ "auto-revarp", 0,		setifrevarp,	1,	AF_INET },
264 	{ "ipmp",	0,		inetipmp,	1,	AF_ANY },
265 	{ "plumb",	0,		inetplumb,	1,	AF_ANY },
266 	{ "unplumb",	0,		inetunplumb,	0,	AF_ANY },
267 	{ "subnet",	NEXTARG,	setifsubnet,	0,	AF_ANY },
268 	{ "token",	NEXTARG,	setiftoken,	0,	AF_INET6 },
269 	{ "tsrc",	NEXTARG,	setiftsrc,	0,	AF_ANY },
270 	{ "tdst",	NEXTARG,	setiftdst,	0,	AF_ANY },
271 	{ "encr_auth_algs", NEXTARG,	set_tun_esp_auth_alg, 0, AF_ANY },
272 	{ "encr_algs",	NEXTARG,	set_tun_esp_encr_alg, 0, AF_ANY },
273 	{ "auth_algs",	NEXTARG,	set_tun_ah_alg,	0,	AF_ANY },
274 	{ "addif",	NEXTARG,	addif,		1,	AF_ANY },
275 	{ "removeif",	NEXTARG,	removeif,	1,	AF_ANY },
276 	{ "modlist",	0,		modlist,	1,	AF_ANY },
277 	{ "modinsert",	NEXTARG,	modinsert,	1,	AF_ANY },
278 	{ "modremove",	NEXTARG,	modremove,	1,	AF_ANY },
279 	{ "failover",	-IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
280 	{ "-failover",	IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
281 	{ "standby",	IFF_STANDBY,	setifflags,	1,	AF_ANY },
282 	{ "-standby",	-IFF_STANDBY,	setifflags,	1,	AF_ANY },
283 	{ "failed",	IFF_FAILED,	setifflags,	1,	AF_ANY },
284 	{ "-failed",	-IFF_FAILED,	setifflags,	1,	AF_ANY },
285 	{ "group",	NEXTARG,	setifgroupname,	1,	AF_ANY },
286 	{ "configinfo",	0,		configinfo,	1,	AF_ANY },
287 	{ "encaplimit",	NEXTARG,	set_tun_encap_limit,	0, AF_ANY },
288 	{ "-encaplimit", 0,		clr_tun_encap_limit,	0, AF_ANY },
289 	{ "thoplimit",	NEXTARG,	set_tun_hop_limit,	0, AF_ANY },
290 	{ "set",	NEXTARG,	setifaddr,	0,	AF_ANY },
291 	{ "destination", NEXTARG,	setifdstaddr,	0,	AF_ANY },
292 	{ "zone",	NEXTARG,	setzone,	0,	AF_ANY },
293 	{ "-zone",	0,		setzone,	0,	AF_ANY },
294 	{ "all-zones",	0,		setallzones,	0,	AF_ANY },
295 	{ "ether",	OPTARG,		setifether,	0,	AF_ANY },
296 	{ "usesrc",	NEXTARG,	setifsrc,	0,	AF_ANY },
297 
298 	/*
299 	 * NOTE: any additions to this table must also be applied to ifparse
300 	 *	(usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c)
301 	 */
302 
303 	{ 0,		0,		setifaddr,	0,	AF_ANY },
304 	{ 0,		0,		setifdstaddr,	0,	AF_ANY },
305 	{ 0,		0,		0,		0,	0 },
306 };
307 
308 
309 typedef struct if_config_cmd {
310 	uint64_t	iff_flag;
311 	int		iff_af;
312 	char		*iff_name;
313 } if_config_cmd_t;
314 
315 /*
316  * NOTE: print_config_flags() processes this table in order, so we put "up"
317  * last so that we can be sure "-failover" will take effect first.  Otherwise,
318  * IPMP test addresses will erroneously migrate to the IPMP interface.
319  */
320 static if_config_cmd_t	if_config_cmd_tbl[] = {
321 	{ IFF_NOTRAILERS,	AF_UNSPEC,	"-trailers"	},
322 	{ IFF_PRIVATE,		AF_UNSPEC,	"private"	},
323 	{ IFF_NOXMIT,		AF_UNSPEC,	"-xmit"		},
324 	{ IFF_ANYCAST,		AF_INET6,	"anycast"	},
325 	{ IFF_NOLOCAL,		AF_UNSPEC,	"-local"	},
326 	{ IFF_DEPRECATED,	AF_UNSPEC,	"deprecated"	},
327 	{ IFF_NOFAILOVER,	AF_UNSPEC,	"-failover"	},
328 	{ IFF_STANDBY,		AF_UNSPEC,	"standby"	},
329 	{ IFF_FAILED,		AF_UNSPEC,	"failed"	},
330 	{ IFF_PREFERRED,	AF_UNSPEC,	"preferred"	},
331 	{ IFF_NONUD,		AF_INET6,	"-nud"		},
332 	{ IFF_NOARP,		AF_INET,	"-arp"		},
333 	{ IFF_UP,		AF_UNSPEC, 	"up" 		},
334 	{ 0,			0,		NULL		},
335 };
336 
337 typedef struct ni {
338 	char		ni_name[LIFNAMSIZ];
339 	struct ni	*ni_next;
340 } ni_t;
341 
342 static ni_t	*ni_list = NULL;
343 static int	num_ni = 0;
344 
345 /* End defines and structure definitions for ifconfig -a plumb */
346 
347 /* Known address families */
348 struct afswtch {
349 	char *af_name;
350 	short af_af;
351 	void (*af_status)();
352 	void (*af_getaddr)();
353 	void (*af_configinfo)();
354 } afs[] = {
355 	{ "inet", AF_INET, in_status, in_getaddr, in_configinfo },
356 	{ "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo },
357 	{ 0, 0,	0, 0, 0 }
358 };
359 
360 #define	SOCKET_AF(af)	(((af) == AF_UNSPEC) ? AF_INET : (af))
361 
362 struct afswtch *afp;	/* the address family being set or asked about */
363 
364 int
365 main(int argc, char *argv[])
366 {
367 	int64_t		lifc_flags;
368 	char		*default_ip_str;
369 
370 	lifc_flags = LIFC_NOXMIT|LIFC_TEMPORARY|LIFC_ALLZONES|LIFC_UNDER_IPMP;
371 
372 	if (argc < 2) {
373 		usage();
374 		exit(1);
375 	}
376 	argc--, argv++;
377 	if (strlen(*argv) > sizeof (name) - 1) {
378 		(void) fprintf(stderr, "%s: interface name too long\n", *argv);
379 		exit(1);
380 	}
381 	(void) strncpy(name, *argv, sizeof (name));
382 	name[sizeof (name) - 1] = '\0';
383 	(void) strncpy(origname, name, sizeof (origname));	/* For addif */
384 	default_ip_str = NULL;
385 	v4compat = get_compat_flag(&default_ip_str);
386 	if (v4compat == DEFAULT_PROT_BAD_VALUE) {
387 		(void) fprintf(stderr,
388 		    "ifconfig: %s: Bad value for %s in %s\n", default_ip_str,
389 		    DEFAULT_IP, INET_DEFAULT_FILE);
390 		free(default_ip_str);
391 		exit(2);
392 	}
393 	free(default_ip_str);
394 	argc--, argv++;
395 	if (argc > 0) {
396 		struct afswtch *myafp;
397 
398 		for (myafp = afp = afs; myafp->af_name; myafp++) {
399 			if (strcmp(myafp->af_name, *argv) == 0) {
400 				afp = myafp; argc--; argv++;
401 				break;
402 			}
403 		}
404 		af = lifr.lifr_addr.ss_family = afp->af_af;
405 		if (af == AF_INET6) {
406 			v4compat = 0;
407 		}
408 	}
409 
410 	s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
411 	s4 = socket(AF_INET, SOCK_DGRAM, 0);
412 	s6 = socket(AF_INET6, SOCK_DGRAM, 0);
413 	if (s == -1 || s4 == -1 || s6 == -1)
414 		Perror0_exit("socket");
415 
416 	/*
417 	 * Special interface names is any combination of these flags.
418 	 * Note that due to the ifconfig syntax they have to be combined
419 	 * as a single '-' option.
420 	 *	-a	All interfaces
421 	 *	-u	"up" interfaces
422 	 *	-d	"down" interfaces
423 	 *	-D	Interfaces not controlled by DHCP
424 	 *	-4	IPv4 interfaces
425 	 *	-6	IPv6 interfaces
426 	 *	-X	Turn on debug (not documented)
427 	 *	-v	Turn on verbose
428 	 *	-Z	Only interfaces in caller's zone
429 	 */
430 
431 	if (name[0] == '-') {
432 		/* One or more options */
433 		int64_t onflags = 0;
434 		int64_t offflags = 0;
435 		int c;
436 		char *av[2] = { "ifconfig", name };
437 
438 		while ((c = getopt(2, av, "audDXZ46v")) != -1) {
439 			switch ((char)c) {
440 			case 'a':
441 				all = 1;
442 				break;
443 			case 'u':
444 				onflags |= IFF_UP;
445 				break;
446 			case 'd':
447 				offflags |= IFF_UP;
448 				break;
449 			case 'D':
450 				offflags |= IFF_DHCPRUNNING;
451 				break;
452 			case 'X':
453 				debug += 3;
454 				break;
455 			case 'Z':
456 				lifc_flags &= ~LIFC_ALLZONES;
457 				break;
458 			case '4':
459 				/*
460 				 * -4 is not a compatable flag, therefore
461 				 * we assume they want v4compat turned off
462 				 */
463 				v4compat = 0;
464 				onflags |= IFF_IPV4;
465 				break;
466 			case '6':
467 				/*
468 				 * If they want IPv6, well then we'll assume
469 				 * they don't want IPv4 compat
470 				 */
471 				v4compat = 0;
472 				onflags |= IFF_IPV6;
473 				break;
474 			case 'v':
475 				verbose = 1;
476 				break;
477 			case '?':
478 				usage();
479 				exit(1);
480 			}
481 		}
482 		if (!all) {
483 			(void) fprintf(stderr,
484 			    "ifconfig: %s: no such interface\n", name);
485 			exit(1);
486 		}
487 		foreachinterface(ifconfig, argc, argv, af, onflags, offflags,
488 		    lifc_flags);
489 	} else {
490 		ifconfig(argc, argv, af, (struct lifreq *)NULL);
491 	}
492 	return (0);
493 }
494 
495 /*
496  * For each interface, call (*func)(argc, argv, af, lifrp).
497  * Only call function if onflags and offflags are set or clear, respectively,
498  * in the interfaces flags field.
499  */
500 static void
501 foreachinterface(void (*func)(), int argc, char *argv[], int af,
502     int64_t onflags, int64_t offflags, int64_t lifc_flags)
503 {
504 	int n;
505 	char *buf;
506 	struct lifnum lifn;
507 	struct lifconf lifc;
508 	struct lifreq *lifrp;
509 	struct lifreq lifrl;	/* Local lifreq struct */
510 	int numifs;
511 	unsigned bufsize;
512 	int plumball = 0;
513 	int save_af = af;
514 
515 	buf = NULL;
516 	/*
517 	 * Special case:
518 	 * ifconfig -a plumb should find all network interfaces in the current
519 	 * zone.
520 	 */
521 	if (argc > 0 && (strcmp(*argv, "plumb") == 0)) {
522 		if (find_all_interfaces(&lifc, &buf, lifc_flags) != 0 ||
523 		    lifc.lifc_len == 0)
524 			return;
525 		plumball = 1;
526 	} else {
527 		lifn.lifn_family = AF_UNSPEC;
528 		lifn.lifn_flags = lifc_flags;
529 		if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) {
530 			Perror0_exit("Could not determine number"
531 			    " of interfaces");
532 		}
533 		numifs = lifn.lifn_count;
534 		if (debug)
535 			(void) printf("ifconfig: %d interfaces\n",  numifs);
536 
537 		bufsize = numifs * sizeof (struct lifreq);
538 		if ((buf = malloc(bufsize)) == NULL) {
539 			Perror0("out of memory\n");
540 			(void) close(s);
541 			return;
542 		}
543 
544 		lifc.lifc_family = AF_UNSPEC;
545 		lifc.lifc_flags = lifc_flags;
546 		lifc.lifc_len = bufsize;
547 		lifc.lifc_buf = buf;
548 
549 		if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) {
550 			Perror0("SIOCGLIFCONF");
551 			(void) close(s);
552 			free(buf);
553 			return;
554 		}
555 	}
556 
557 	lifrp = lifc.lifc_req;
558 	for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) {
559 
560 		if (!plumball) {
561 			/*
562 			 * We must close and recreate the socket each time
563 			 * since we don't know what type of socket it is now
564 			 * (each status function may change it).
565 			 */
566 
567 			(void) close(s);
568 
569 			af = lifrp->lifr_addr.ss_family;
570 			s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
571 			if (s == -1) {
572 				/*
573 				 * Perror0() assumes the name to be in the
574 				 * globally defined lifreq structure.
575 				 */
576 				(void) strncpy(lifr.lifr_name,
577 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
578 				Perror0_exit("socket");
579 			}
580 		}
581 
582 		/*
583 		 * Only service interfaces that match the on and off
584 		 * flags masks.
585 		 */
586 		if (onflags || offflags) {
587 			(void) memset(&lifrl, 0, sizeof (lifrl));
588 			(void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
589 			    sizeof (lifrl.lifr_name));
590 			if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrl) < 0) {
591 				/*
592 				 * Perror0() assumes the name to be in the
593 				 * globally defined lifreq structure.
594 				 */
595 				(void) strncpy(lifr.lifr_name,
596 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
597 				Perror0_exit("foreachinterface: SIOCGLIFFLAGS");
598 			}
599 			if ((lifrl.lifr_flags & onflags) != onflags)
600 				continue;
601 			if ((~lifrl.lifr_flags & offflags) != offflags)
602 				continue;
603 		}
604 
605 		if (!plumball) {
606 			(void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
607 			    sizeof (lifrl.lifr_name));
608 			if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifrl) < 0) {
609 				/*
610 				 * Perror0() assumes the name to be in the
611 				 * globally defined lifreq structure.
612 				 */
613 				(void) strncpy(lifr.lifr_name,
614 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
615 				Perror0("foreachinterface: SIOCGLIFADDR");
616 				continue;
617 			}
618 			if (lifrl.lifr_addr.ss_family != af) {
619 				/* Switch address family */
620 				af = lifrl.lifr_addr.ss_family;
621 				(void) close(s);
622 
623 				s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
624 				if (s == -1) {
625 					/*
626 					 * Perror0() assumes the name to be in
627 					 * the globally defined lifreq
628 					 * structure.
629 					 */
630 					(void) strncpy(lifr.lifr_name,
631 					    lifrp->lifr_name,
632 					    sizeof (lifr.lifr_name));
633 					Perror0_exit("socket");
634 				}
635 			}
636 		}
637 
638 		/*
639 		 * Reset global state
640 		 * setaddr: Used by parser to tear apart source and dest
641 		 * name and origname contain the name of the 'current'
642 		 * interface.
643 		 */
644 		setaddr = 0;
645 		(void) strncpy(name, lifrp->lifr_name, sizeof (name));
646 		(void) strncpy(origname, name, sizeof (origname));
647 
648 		(*func)(argc, argv, save_af, lifrp);
649 		/* the func could have overwritten origname, so restore */
650 		(void) strncpy(name, origname, sizeof (name));
651 	}
652 	if (buf != NULL)
653 		free(buf);
654 }
655 
656 /*
657  * for the specified interface call (*func)(argc, argv, af, lifrp).
658  */
659 
660 static void
661 ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp)
662 {
663 	static boolean_t scan_netmask = _B_FALSE;
664 	int ret;
665 
666 	if (argc == 0) {
667 		status();
668 		return;
669 	}
670 
671 	if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) {
672 		/*
673 		 * Some errors are ignored in the case where more than one
674 		 * interface is being operated on.
675 		 */
676 		ret = setifdhcp("ifconfig", name, argc, argv);
677 		if (ret == DHCP_EXIT_IF_FAILURE) {
678 			if (!all)
679 				exit(DHCP_EXIT_FAILURE);
680 		} else if (ret != DHCP_EXIT_SUCCESS) {
681 			exit(ret);
682 		}
683 		return;
684 	}
685 
686 	/*
687 	 * The following is a "hack" to get around the existing interface
688 	 * setting mechanism.  Currently, each interface attribute,
689 	 * such as address, netmask, broadcast, ... is set separately.  But
690 	 * sometimes two or more attributes must be set together.  For
691 	 * example, setting an address without a netmask does not make sense.
692 	 * Yet they can be set separately for IPv4 address using the current
693 	 * ifconfig(1M) syntax.  The kernel then "infers" the correct netmask
694 	 * using the deprecated "IP address classes."  This is simply not
695 	 * correct.
696 	 *
697 	 * The "hack" below is to go thru the whole command list looking for
698 	 * the netmask command first.  Then use this netmask to set the
699 	 * address.  This does not provide an extensible way to accommodate
700 	 * future need for setting more than one attributes together.
701 	 *
702 	 * Note that if the "netmask" command argument is a "+", we need
703 	 * to save this info and do the query after we know the address to
704 	 * be set.  The reason is that if "addif" is used, the working
705 	 * interface name will be changed later when the logical interface
706 	 * is created.  In in_getmask(), if an address is not provided,
707 	 * it will use the working interface's address to do the query.
708 	 * It will be wrong now as we don't know the logical interface's name.
709 	 *
710 	 * ifconfig(1M) is too overloaded and the code is so convoluted
711 	 * that it is "safer" not to re-architect the code to fix the above
712 	 * issue, hence this "hack."  We may be better off to have a new
713 	 * command with better syntax for configuring network interface
714 	 * parameters...
715 	 */
716 	if (!scan_netmask && afp->af_af == AF_INET) {
717 		int	largc;
718 		char	**largv;
719 
720 		/* Only go thru the command list once to find the netmask. */
721 		scan_netmask = _B_TRUE;
722 
723 		/*
724 		 * Currently, if multiple netmask commands are specified, the
725 		 * last one will be used as the final netmask.  So we need
726 		 * to scan the whole list to preserve this behavior.
727 		 */
728 		for (largc = argc, largv = argv; largc > 0; largc--, largv++) {
729 			if (strcmp(*largv, NETMASK_CMD) == 0) {
730 				if (--largc == 0)
731 					break;
732 				largv++;
733 				if (strcmp(*largv, "+") == 0) {
734 					g_netmask_set = G_NETMASK_PENDING;
735 				} else {
736 					in_getaddr(*largv, (struct sockaddr *)
737 					    &g_netmask, NULL);
738 					g_netmask_set = G_NETMASK_SET;
739 				}
740 				/* Continue the scan. */
741 			}
742 		}
743 	}
744 
745 	while (argc > 0) {
746 		struct cmd *p;
747 		boolean_t found_cmd;
748 
749 		if (debug)
750 			(void) printf("ifconfig: argv %s\n", *argv);
751 
752 		found_cmd = _B_FALSE;
753 		for (p = cmds; p->c_func; p++) {
754 			if (p->c_name) {
755 				if (strcmp(*argv, p->c_name) == 0) {
756 					/*
757 					 * indicate that the command was
758 					 * found and check to see if
759 					 * the address family is valid
760 					 */
761 					found_cmd = _B_TRUE;
762 					if (p->c_af == AF_ANY ||
763 					    af == p->c_af)
764 						break;
765 				}
766 			} else {
767 				if (p->c_af == AF_ANY ||
768 				    af == p->c_af)
769 					break;
770 			}
771 		}
772 		/*
773 		 * If we found the keyword, but the address family
774 		 * did not match spit out an error
775 		 */
776 		if (found_cmd && p->c_name == 0) {
777 			(void) fprintf(stderr, "ifconfig: Operation %s not"
778 			    " supported for %s\n", *argv, afp->af_name);
779 			exit(1);
780 		}
781 		/*
782 		 * else (no keyword found), we assume it's an address
783 		 * of some sort
784 		 */
785 		if (p->c_name == 0 && setaddr)
786 			p++;	/* got src, do dst */
787 		if (p->c_func) {
788 			if (p->c_af == AF_INET6) {
789 				v4compat = 0;
790 			}
791 			if (p->c_parameter == NEXTARG ||
792 			    p->c_parameter == OPTARG) {
793 				argc--, argv++;
794 				if (argc == 0 && p->c_parameter == NEXTARG) {
795 					(void) fprintf(stderr,
796 					    "ifconfig: no argument for %s\n",
797 					    p->c_name);
798 					exit(1);
799 				}
800 			}
801 			/*
802 			 *	Call the function if:
803 			 *
804 			 *		there's no address family
805 			 *		restriction
806 			 *	OR
807 			 *		we don't know the address yet
808 			 *		(because we were called from
809 			 *		main)
810 			 *	OR
811 			 *		there is a restriction AND
812 			 *		the address families match
813 			 */
814 			if ((p->c_af == AF_ANY)	||
815 			    (lifrp == (struct lifreq *)NULL) ||
816 			    (lifrp->lifr_addr.ss_family == p->c_af)) {
817 				ret = (*p->c_func)(*argv, p->c_parameter);
818 				/*
819 				 *	If c_func failed and we should
820 				 *	abort processing for this
821 				 *	interface on failure, return
822 				 *	now rather than going on to
823 				 *	process other commands for
824 				 *	the same interface.
825 				 */
826 				if (ret != 0 && p->c_abortonfail)
827 					return;
828 			}
829 		}
830 		argc--, argv++;
831 	}
832 
833 	/* Check to see if there's a security hole in the tunnel setup. */
834 	if (ipsec_policy_set && !ipsec_auth_covered) {
835 		(void) fprintf(stderr, "ifconfig: WARNING: tunnel with only "
836 		    "ESP and no authentication.\n");
837 	}
838 }
839 
840 /* ARGSUSED */
841 static int
842 setdebugflag(char *val, int64_t arg)
843 {
844 	debug++;
845 	return (0);
846 }
847 
848 /* ARGSUSED */
849 static int
850 setverboseflag(char *val, int64_t arg)
851 {
852 	verbose++;
853 	return (0);
854 }
855 
856 /*
857  * This function fills in the given lifreq's lifr_addr field based on
858  * g_netmask_set.
859  */
860 static void
861 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr,
862     struct sockaddr_storage *mask)
863 {
864 	assert(addr != NULL);
865 	assert(mask != NULL);
866 
867 	switch (g_netmask_set) {
868 	case G_NETMASK_SET:
869 		lifr->lifr_addr = g_netmask;
870 		break;
871 
872 	case G_NETMASK_PENDING:
873 		/*
874 		 * "+" is used as the argument to "netmask" command.  Query
875 		 * the database on the correct netmask based on the address to
876 		 * be set.
877 		 */
878 		assert(afp->af_af == AF_INET);
879 		g_netmask = *addr;
880 		if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) {
881 			lifr->lifr_addr = *mask;
882 			g_netmask_set = G_NETMASK_NIL;
883 		} else {
884 			lifr->lifr_addr = g_netmask;
885 			g_netmask_set = G_NETMASK_SET;
886 		}
887 		break;
888 
889 	case G_NETMASK_NIL:
890 	default:
891 		lifr->lifr_addr = *mask;
892 		break;
893 	}
894 }
895 
896 /*
897  * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n>
898  * syntax for setting the address, the address plus netmask, and just
899  * the netmask respectively.
900  */
901 /* ARGSUSED */
902 static int
903 setifaddr(char *addr, int64_t param)
904 {
905 	int prefixlen = 0;
906 	struct	sockaddr_storage laddr;
907 	struct	sockaddr_storage netmask;
908 	struct	sockaddr_in6 *sin6;
909 	struct	sockaddr_in *sin;
910 	struct	sockaddr_storage sav_netmask;
911 
912 	if (addr[0] == '/')
913 		return (setifprefixlen(addr, 0));
914 
915 	(*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen);
916 
917 	(void) memset(&netmask, 0, sizeof (netmask));
918 	netmask.ss_family = afp->af_af;
919 	switch (prefixlen) {
920 	case NO_PREFIX:
921 		/* Nothing there - ok */
922 		break;
923 	case BAD_ADDR:
924 		(void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n",
925 		    addr);
926 		exit(1);
927 	default:
928 		if (afp->af_af == AF_INET6) {
929 			sin6 = (struct sockaddr_in6 *)&netmask;
930 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
931 			    (uchar_t *)&sin6->sin6_addr)) {
932 				(void) fprintf(stderr, "ifconfig: "
933 				    "Bad prefix length: %d\n",
934 				    prefixlen);
935 				exit(1);
936 			}
937 		} else {
938 			sin = (struct sockaddr_in *)&netmask;
939 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
940 			    (uchar_t *)&sin->sin_addr)) {
941 				(void) fprintf(stderr, "ifconfig: "
942 				    "Bad prefix length: %d\n",
943 				    prefixlen);
944 				exit(1);
945 			}
946 		}
947 		/*
948 		 * Just in case of funny setting of both prefix and netmask,
949 		 * prefix should override the netmask command.
950 		 */
951 		g_netmask_set = G_NETMASK_NIL;
952 		break;
953 	}
954 	/* Tell parser that an address was set */
955 	setaddr++;
956 	/* save copy of netmask to restore in case of error */
957 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
958 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0)
959 		Perror0_exit("SIOCGLIFNETMASK");
960 	sav_netmask = lifr.lifr_addr;
961 
962 	/*
963 	 * If setting the address and not the mask, clear any existing mask
964 	 * and the kernel will then assign the default (netmask has been set
965 	 * to 0 in this case).  If setting both (either by using a prefix or
966 	 * using the netmask command), set the mask first, so the address will
967 	 * be interpreted correctly.
968 	 */
969 	set_mask_lifreq(&lifr, &laddr, &netmask);
970 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
971 		Perror0_exit("SIOCSLIFNETMASK");
972 
973 	if (debug) {
974 		char abuf[INET6_ADDRSTRLEN];
975 		void *addr = (afp->af_af == AF_INET) ?
976 		    (void *)&((struct sockaddr_in *)&laddr)->sin_addr :
977 		    (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr;
978 
979 		(void) printf("Setting %s af %d addr %s\n",
980 		    lifr.lifr_name, afp->af_af,
981 		    inet_ntop(afp->af_af, addr, abuf, sizeof (abuf)));
982 	}
983 	lifr.lifr_addr = laddr;
984 	lifr.lifr_addr.ss_family = afp->af_af;
985 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) {
986 		/*
987 		 * Restore the netmask
988 		 */
989 		int saverr = errno;
990 
991 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
992 		lifr.lifr_addr = sav_netmask;
993 		(void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr);
994 		errno = saverr;
995 		Perror0_exit("SIOCSLIFADDR");
996 	}
997 
998 	return (0);
999 }
1000 
1001 /*
1002  * The following functions are stolen from the ipseckey(1m) program.
1003  * Perhaps they should be somewhere common, but for now, we just maintain
1004  * two versions.  We do this because of the different semantics for which
1005  * algorithms we select ("requested" for ifconfig vs. "actual" for key).
1006  */
1007 
1008 static ulong_t
1009 parsenum(char *num)
1010 {
1011 	ulong_t rc;
1012 	char *end = NULL;
1013 
1014 	errno = 0;
1015 	rc = strtoul(num, &end, 0);
1016 	if (errno != 0 || end == num || *end != '\0') {
1017 		rc = (ulong_t)-1;
1018 	}
1019 
1020 	return (rc);
1021 }
1022 
1023 /*
1024  * Parse and reverse parse possible algorithm values, include numbers.
1025  * Mostly stolen from ipseckey.c. See the comments above parsenum() for why
1026  * this isn't common to ipseckey.c.
1027  *
1028  * NOTE: Static buffer in this function for the return value.  Since ifconfig
1029  *       isn't multithreaded, this isn't a huge problem.
1030  */
1031 
1032 #define	NBUF_SIZE 20	/* Enough to print a large integer. */
1033 
1034 static char *
1035 rparsealg(uint8_t alg_value, int proto_num)
1036 {
1037 	struct ipsecalgent *alg;
1038 	static char numprint[128];	/* Enough to hold an algorithm name. */
1039 
1040 	/*
1041 	 * Special cases for "any" and "none"
1042 	 * The kernel needs to be able to distinguish between "any"
1043 	 * and "none" and the APIs are underdefined in this area for auth.
1044 	 */
1045 	if (proto_num == IPSEC_PROTO_AH) {
1046 		if (alg_value == SADB_AALG_NONE)
1047 			return ("none");
1048 		if (alg_value == SADB_AALG_ANY)
1049 			return ("any");
1050 	}
1051 
1052 	alg = getipsecalgbynum(alg_value, proto_num, NULL);
1053 	if (alg != NULL) {
1054 		(void) strlcpy(numprint, alg->a_names[0], sizeof (numprint));
1055 		freeipsecalgent(alg);
1056 	} else {
1057 		(void) snprintf(numprint, sizeof (numprint), "%d", alg_value);
1058 	}
1059 
1060 	return (numprint);
1061 }
1062 
1063 static uint_t
1064 parsealg(char *algname, int proto_num)
1065 {
1066 	struct ipsecalgent *alg;
1067 	ulong_t invalue;
1068 
1069 	if (algname == NULL) {
1070 		(void) fprintf(stderr, "ifconfig: Unexpected end of command "
1071 		    "line.\n");
1072 		exit(1);
1073 	}
1074 
1075 	/*
1076 	 * Special-case "none" and "any".
1077 	 * Use strcasecmp because its length is bounded.
1078 	 */
1079 	if (strcasecmp("none", algname) == 0) {
1080 		return ((proto_num == IPSEC_PROTO_ESP) ?
1081 		    NO_ESP_EALG : NO_ESP_AALG);
1082 	}
1083 	if ((strcasecmp("any", algname) == 0) && (proto_num == IPSEC_PROTO_AH))
1084 		return (SADB_AALG_ANY);
1085 
1086 	alg = getipsecalgbyname(algname, proto_num, NULL);
1087 	if (alg != NULL) {
1088 		invalue = alg->a_alg_num;
1089 		freeipsecalgent(alg);
1090 		return ((uint_t)invalue);
1091 	}
1092 
1093 	/*
1094 	 * Since algorithms can be loaded during kernel run-time, check for
1095 	 * numeric algorithm values too.
1096 	 */
1097 	invalue = parsenum(algname);
1098 	if ((invalue & (ulong_t)0xff) == invalue)
1099 		return ((uint_t)invalue);
1100 
1101 	(void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n",
1102 	    (proto_num == IPSEC_PROTO_ESP) ?
1103 	    "Encryption" : "Authentication", algname);
1104 	exit(1);
1105 	/* NOTREACHED */
1106 }
1107 
1108 /*
1109  * Actual ifconfig functions to set tunnel security properties.
1110  */
1111 
1112 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG };
1113 
1114 static int
1115 set_tun_algs(int which_alg, int alg)
1116 {
1117 	boolean_t	encr_alg_set = _B_FALSE;
1118 	iptun_params_t	params;
1119 	dladm_status_t	status;
1120 	ipsec_req_t	*ipsr;
1121 
1122 	if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN,
1123 	    &params.iptun_param_linkid)) != DLADM_STATUS_OK)
1124 		goto done;
1125 
1126 	status = dladm_iptun_getparams(dlh, &params, DLADM_OPT_ACTIVE);
1127 	if (status != DLADM_STATUS_OK)
1128 		goto done;
1129 
1130 	ipsr = &params.iptun_param_secinfo;
1131 
1132 	/*
1133 	 * If I'm just starting off this ifconfig, I want a clean slate,
1134 	 * otherwise, I've captured the current tunnel security settings.
1135 	 * In the case of continuation, I merely add to the settings.
1136 	 */
1137 	if (!(params.iptun_param_flags & IPTUN_PARAM_SECINFO))
1138 		(void) memset(ipsr, 0, sizeof (*ipsr));
1139 
1140 	/* We're only modifying the IPsec information */
1141 	params.iptun_param_flags = IPTUN_PARAM_SECINFO;
1142 
1143 	switch (which_alg) {
1144 	case ESP_ENCR_ALG:
1145 		if (alg == NO_ESP_EALG) {
1146 			if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE)
1147 				ipsr->ipsr_esp_req = 0;
1148 			ipsr->ipsr_esp_alg = SADB_EALG_NONE;
1149 
1150 			/* Let the user specify NULL encryption implicitly. */
1151 			if (ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) {
1152 				encr_alg_set = _B_TRUE;
1153 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1154 			}
1155 		} else {
1156 			encr_alg_set = _B_TRUE;
1157 			ipsr->ipsr_esp_req =
1158 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1159 			ipsr->ipsr_esp_alg = alg;
1160 		}
1161 		break;
1162 	case ESP_AUTH_ALG:
1163 		if (alg == NO_ESP_AALG) {
1164 			if ((ipsr->ipsr_esp_alg == SADB_EALG_NONE ||
1165 			    ipsr->ipsr_esp_alg == SADB_EALG_NULL) &&
1166 			    !encr_alg_set)
1167 				ipsr->ipsr_esp_req = 0;
1168 			ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE;
1169 		} else {
1170 			ipsr->ipsr_esp_req =
1171 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1172 			ipsr->ipsr_esp_auth_alg = alg;
1173 
1174 			/* Let the user specify NULL encryption implicitly. */
1175 			if (ipsr->ipsr_esp_alg == SADB_EALG_NONE &&
1176 			    !encr_alg_set)
1177 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1178 		}
1179 		break;
1180 	case AH_AUTH_ALG:
1181 		if (alg == NO_AH_AALG) {
1182 			ipsr->ipsr_ah_req = 0;
1183 			ipsr->ipsr_auth_alg = SADB_AALG_NONE;
1184 		} else {
1185 			ipsr->ipsr_ah_req =
1186 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1187 			ipsr->ipsr_auth_alg = alg;
1188 		}
1189 		break;
1190 		/* Will never hit DEFAULT */
1191 	}
1192 
1193 	status = dladm_iptun_modify(dlh, &params, DLADM_OPT_ACTIVE);
1194 
1195 done:
1196 	if (status != DLADM_STATUS_OK)
1197 		dladmerr_exit(status, name);
1198 	else {
1199 		ipsec_policy_set = _B_TRUE;
1200 		if ((ipsr->ipsr_esp_req != 0 &&
1201 		    ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) ||
1202 		    (ipsr->ipsr_ah_req != 0 &&
1203 		    ipsr->ipsr_auth_alg != SADB_AALG_NONE))
1204 			ipsec_auth_covered = _B_TRUE;
1205 	}
1206 	return (0);
1207 }
1208 
1209 /* ARGSUSED */
1210 static int
1211 set_tun_esp_encr_alg(char *addr, int64_t param)
1212 {
1213 	return (set_tun_algs(ESP_ENCR_ALG,
1214 	    parsealg(addr, IPSEC_PROTO_ESP)));
1215 }
1216 
1217 /* ARGSUSED */
1218 static int
1219 set_tun_esp_auth_alg(char *addr, int64_t param)
1220 {
1221 	return (set_tun_algs(ESP_AUTH_ALG,
1222 	    parsealg(addr, IPSEC_PROTO_AH)));
1223 }
1224 
1225 /* ARGSUSED */
1226 static int
1227 set_tun_ah_alg(char *addr, int64_t param)
1228 {
1229 	return (set_tun_algs(AH_AUTH_ALG,
1230 	    parsealg(addr, IPSEC_PROTO_AH)));
1231 }
1232 
1233 /* ARGSUSED */
1234 static int
1235 setifrevarp(char *arg, int64_t param)
1236 {
1237 	struct sockaddr_in	laddr;
1238 
1239 	if (afp->af_af == AF_INET6) {
1240 		(void) fprintf(stderr,
1241 		    "ifconfig: revarp not possible on IPv6 interface %s\n",
1242 		    name);
1243 		exit(1);
1244 	}
1245 	if (doifrevarp(name, &laddr)) {
1246 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1247 		laddr.sin_family = AF_INET;
1248 		(void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr));
1249 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1250 			Perror0_exit("SIOCSLIFADDR");
1251 	}
1252 	return (0);
1253 }
1254 
1255 /* ARGSUSED */
1256 static int
1257 setifsubnet(char *addr, int64_t param)
1258 {
1259 	int prefixlen = 0;
1260 	struct	sockaddr_storage subnet;
1261 
1262 	(*afp->af_getaddr)(addr, &subnet, &prefixlen);
1263 
1264 	switch (prefixlen) {
1265 	case NO_PREFIX:
1266 		(void) fprintf(stderr,
1267 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
1268 		exit(1);
1269 		/* NOTREACHED */
1270 	case BAD_ADDR:
1271 		(void) fprintf(stderr,
1272 		    "ifconfig: Bad prefix length in %s\n", addr);
1273 		exit(1);
1274 	default:
1275 		break;
1276 	}
1277 
1278 	lifr.lifr_addr = subnet;
1279 	lifr.lifr_addrlen = prefixlen;
1280 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1281 	if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0)
1282 		Perror0_exit("SIOCSLIFSUBNET");
1283 
1284 	return (0);
1285 }
1286 
1287 /* ARGSUSED */
1288 static int
1289 setifnetmask(char *addr, int64_t param)
1290 {
1291 	struct sockaddr_in netmask;
1292 
1293 	assert(afp->af_af != AF_INET6);
1294 
1295 	if (strcmp(addr, "+") == 0) {
1296 		if (!in_getmask(&netmask, _B_FALSE))
1297 			return (0);
1298 		(void) printf("Setting netmask of %s to %s\n", name,
1299 		    inet_ntoa(netmask.sin_addr));
1300 	} else {
1301 		in_getaddr(addr, (struct sockaddr *)&netmask, NULL);
1302 	}
1303 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1304 	(void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask));
1305 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1306 		Perror0_exit("SIOCSLIFNETMASK");
1307 	return (0);
1308 }
1309 
1310 /*
1311  * Parse '/<n>' as a netmask.
1312  */
1313 /* ARGSUSED */
1314 static int
1315 setifprefixlen(char *addr, int64_t param)
1316 {
1317 	int prefixlen;
1318 	int af = afp->af_af;
1319 
1320 	prefixlen = in_getprefixlen(addr, _B_TRUE,
1321 	    (af == AF_INET) ? IP_ABITS : IPV6_ABITS);
1322 	if (prefixlen < 0) {
1323 		(void) fprintf(stderr,
1324 		    "ifconfig: Bad prefix length in %s\n", addr);
1325 		exit(1);
1326 	}
1327 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1328 	lifr.lifr_addr.ss_family = af;
1329 	if (af == AF_INET6) {
1330 		struct sockaddr_in6 *sin6;
1331 
1332 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
1333 		if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1334 		    (uchar_t *)&sin6->sin6_addr)) {
1335 			(void) fprintf(stderr, "ifconfig: "
1336 			    "Bad prefix length: %d\n",
1337 			    prefixlen);
1338 			exit(1);
1339 		}
1340 	} else if (af == AF_INET) {
1341 		struct sockaddr_in *sin;
1342 
1343 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
1344 		if (!in_prefixlentomask(prefixlen, IP_ABITS,
1345 		    (uchar_t *)&sin->sin_addr)) {
1346 			(void) fprintf(stderr, "ifconfig: "
1347 			    "Bad prefix length: %d\n",
1348 			    prefixlen);
1349 			exit(1);
1350 		}
1351 	} else {
1352 		(void) fprintf(stderr, "ifconfig: setting prefix only supported"
1353 		    " for address family inet or inet6\n");
1354 		exit(1);
1355 	}
1356 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1357 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1358 		Perror0_exit("SIOCSLIFNETMASK");
1359 	return (0);
1360 }
1361 
1362 /* ARGSUSED */
1363 static int
1364 setifbroadaddr(char *addr, int64_t param)
1365 {
1366 	struct	sockaddr_in broadaddr;
1367 
1368 	assert(afp->af_af != AF_INET6);
1369 
1370 	if (strcmp(addr, "+") == 0) {
1371 		/*
1372 		 * This doesn't set the broadcast address at all. Rather, it
1373 		 * gets, then sets the interface's address, relying on the fact
1374 		 * that resetting the address will reset the broadcast address.
1375 		 */
1376 		(void) strncpy(lifr.lifr_name, name,
1377 		    sizeof (lifr.lifr_name));
1378 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
1379 			if (errno != EADDRNOTAVAIL)
1380 				Perror0_exit("SIOCGLIFADDR");
1381 			return (0);
1382 		}
1383 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1384 			Perror0_exit("SIOCGLIFADDR");
1385 
1386 		return (0);
1387 	}
1388 	in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL);
1389 
1390 	(void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr));
1391 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1392 	if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0)
1393 		Perror0_exit("SIOCSLIFBRDADDR");
1394 	return (0);
1395 }
1396 
1397 /*
1398  * set interface destination address
1399  */
1400 /* ARGSUSED */
1401 static int
1402 setifdstaddr(char *addr, int64_t param)
1403 {
1404 	(*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL);
1405 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1406 	if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0)
1407 		Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR");
1408 	return (0);
1409 }
1410 
1411 /* ARGSUSED */
1412 static int
1413 setifflags(char *val, int64_t value)
1414 {
1415 	struct lifreq lifrl;	/* local lifreq struct */
1416 	boolean_t bringup = _B_FALSE;
1417 
1418 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1419 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0)
1420 		Perror0_exit("setifflags: SIOCGLIFFLAGS");
1421 
1422 	if (value < 0) {
1423 		value = -value;
1424 
1425 		if ((value & IFF_NOFAILOVER) && (lifr.lifr_flags & IFF_UP)) {
1426 			/*
1427 			 * The kernel does not allow administratively up test
1428 			 * addresses to be converted to data addresses.  Bring
1429 			 * the address down first, then bring it up after it's
1430 			 * been converted to a data address.
1431 			 */
1432 			lifr.lifr_flags &= ~IFF_UP;
1433 			(void) ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr);
1434 			bringup = _B_TRUE;
1435 		}
1436 
1437 		lifr.lifr_flags &= ~value;
1438 		if ((value & (IFF_UP | IFF_NOFAILOVER)) &&
1439 		    (lifr.lifr_flags & IFF_DUPLICATE)) {
1440 			/*
1441 			 * If the user is trying to mark an interface with a
1442 			 * duplicate address as "down," or convert a duplicate
1443 			 * test address to a data address, then fetch the
1444 			 * address and set it.  This will cause IP to clear
1445 			 * the IFF_DUPLICATE flag and stop the automatic
1446 			 * recovery timer.
1447 			 */
1448 			value = lifr.lifr_flags;
1449 			if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0)
1450 				(void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr);
1451 			lifr.lifr_flags = value;
1452 		}
1453 	} else {
1454 		lifr.lifr_flags |= value;
1455 	}
1456 
1457 	/*
1458 	 * If we're about to bring up an underlying physical IPv6 interface in
1459 	 * an IPMP group, ensure the IPv6 IPMP interface is also up.  This is
1460 	 * for backward compatibility with legacy configurations in which
1461 	 * there are no explicit hostname files for IPMP interfaces.  (For
1462 	 * IPv4, this is automatically handled by the kernel when migrating
1463 	 * the underlying interface's data address to the IPMP interface.)
1464 	 */
1465 	(void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ);
1466 
1467 	if (lifnum(lifr.lifr_name) == 0 &&
1468 	    (lifr.lifr_flags & (IFF_UP|IFF_IPV6)) == (IFF_UP|IFF_IPV6) &&
1469 	    ioctl(s, SIOCGLIFGROUPNAME, &lifrl) == 0 &&
1470 	    lifrl.lifr_groupname[0] != '\0') {
1471 		lifgroupinfo_t lifgr;
1472 
1473 		(void) strlcpy(lifgr.gi_grname, lifrl.lifr_groupname,
1474 		    LIFGRNAMSIZ);
1475 		if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1)
1476 			Perror0_exit("setifflags: SIOCGLIFGROUPINFO");
1477 
1478 		(void) strlcpy(lifrl.lifr_name, lifgr.gi_grifname, LIFNAMSIZ);
1479 		if (ioctl(s, SIOCGLIFFLAGS, &lifrl) == -1)
1480 			Perror0_exit("setifflags: SIOCGLIFFLAGS");
1481 		if (!(lifrl.lifr_flags & IFF_UP)) {
1482 			lifrl.lifr_flags |= IFF_UP;
1483 			if (ioctl(s, SIOCSLIFFLAGS, &lifrl) == -1)
1484 				Perror0_exit("setifflags: SIOCSLIFFLAGS");
1485 		}
1486 	}
1487 
1488 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1489 	if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0)
1490 		Perror0_exit("setifflags: SIOCSLIFFLAGS");
1491 
1492 	if (bringup) {
1493 		lifr.lifr_flags |= IFF_UP;
1494 		if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0)
1495 			Perror0_exit("setifflags: SIOCSLIFFLAGS IFF_UP");
1496 	}
1497 
1498 	return (0);
1499 }
1500 
1501 /* ARGSUSED */
1502 static int
1503 setifmetric(char *val, int64_t param)
1504 {
1505 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1506 	lifr.lifr_metric = atoi(val);
1507 	if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0)
1508 		Perror0_exit("setifmetric: SIOCSLIFMETRIC");
1509 	return (0);
1510 }
1511 
1512 /* ARGSUSED */
1513 static int
1514 setifmtu(char *val, int64_t param)
1515 {
1516 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1517 	lifr.lifr_mtu = atoi(val);
1518 	if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0)
1519 		Perror0_exit("setifmtu: SIOCSLIFMTU");
1520 	return (0);
1521 }
1522 
1523 /* ARGSUSED */
1524 static int
1525 setifindex(char *val, int64_t param)
1526 {
1527 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1528 	lifr.lifr_index = atoi(val);
1529 	if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0)
1530 		Perror0_exit("setifindex: SIOCSLIFINDEX");
1531 	return (0);
1532 }
1533 
1534 /* ARGSUSED */
1535 static void
1536 notifycb(dlpi_handle_t dh, dlpi_notifyinfo_t *dnip, void *arg)
1537 {
1538 }
1539 
1540 /* ARGSUSED */
1541 static int
1542 setifether(char *addr, int64_t param)
1543 {
1544 	uchar_t		*hwaddr;
1545 	int		hwaddrlen;
1546 	int		retval;
1547 	ifaddrlistx_t	*ifaddrp, *ifaddrs = NULL;
1548 	dlpi_handle_t	dh;
1549 	dlpi_notifyid_t id;
1550 
1551 	if (addr == NULL) {
1552 		ifstatus(name);
1553 		print_ifether(name);
1554 		return (0);
1555 	}
1556 
1557 	/*
1558 	 * if the IP interface in the arguments is a logical
1559 	 * interface, exit with an error now.
1560 	 */
1561 	if (strchr(name, ':') != NULL) {
1562 		(void) fprintf(stderr, "ifconfig: cannot change"
1563 		    " ethernet address of a logical interface\n");
1564 		exit(1);
1565 	}
1566 
1567 	if ((hwaddr = _link_aton(addr, &hwaddrlen)) == NULL) {
1568 		if (hwaddrlen == -1)
1569 			(void) fprintf(stderr,
1570 			    "ifconfig: %s: bad address\n", hwaddr);
1571 		else
1572 			(void) fprintf(stderr, "ifconfig: malloc() failed\n");
1573 		exit(1);
1574 	}
1575 
1576 	if ((retval = dlpi_open(name, &dh, 0)) != DLPI_SUCCESS)
1577 		Perrdlpi_exit("cannot dlpi_open() link", name, retval);
1578 
1579 	retval = dlpi_enabnotify(dh, DL_NOTE_PHYS_ADDR, notifycb, NULL, &id);
1580 	if (retval == DLPI_SUCCESS) {
1581 		(void) dlpi_disabnotify(dh, id, NULL);
1582 	} else {
1583 		/*
1584 		 * This link does not support DL_NOTE_PHYS_ADDR: bring down
1585 		 * all of the addresses to flush the old hardware address
1586 		 * information out of IP.
1587 		 *
1588 		 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is
1589 		 * more than an optimization: in.mpathd will set IFF_OFFLINE
1590 		 * if it's notified and the new address is a duplicate of
1591 		 * another in the group -- but the flags manipulation in
1592 		 * ifaddr_{down,up}() cannot be atomic and thus might clobber
1593 		 * IFF_OFFLINE, confusing in.mpathd.
1594 		 */
1595 		if (ifaddrlistx(name, IFF_UP, 0, &ifaddrs) == -1)
1596 			Perror2_exit(name, "cannot get address list");
1597 
1598 		ifaddrp = ifaddrs;
1599 		for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
1600 			if (!ifaddr_down(ifaddrp)) {
1601 				Perror2_exit(ifaddrp->ia_name,
1602 				    "cannot bring down");
1603 			}
1604 		}
1605 	}
1606 
1607 	/*
1608 	 * Change the hardware address.
1609 	 */
1610 	retval = dlpi_set_physaddr(dh, DL_CURR_PHYS_ADDR, hwaddr, hwaddrlen);
1611 	if (retval != DLPI_SUCCESS) {
1612 		(void) fprintf(stderr,
1613 		    "ifconfig: failed setting mac address on %s\n", name);
1614 	}
1615 	dlpi_close(dh);
1616 
1617 	/*
1618 	 * If any addresses were brought down before changing the hardware
1619 	 * address, bring them up again.
1620 	 */
1621 	for (ifaddrp = ifaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
1622 		if (!ifaddr_up(ifaddrp))
1623 			Perror2_exit(ifaddrp->ia_name, "cannot bring up");
1624 	}
1625 	ifaddrlistx_free(ifaddrs);
1626 
1627 	return (0);
1628 }
1629 
1630 /*
1631  * Print an interface's Ethernet address, if it has one.
1632  */
1633 static void
1634 print_ifether(char *ifname)
1635 {
1636 	int fd;
1637 
1638 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1639 
1640 	fd = socket(AF_INET, SOCK_DGRAM, 0);
1641 	if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1642 		/*
1643 		 * It's possible the interface is only configured for
1644 		 * IPv6; check again with AF_INET6.
1645 		 */
1646 		(void) close(fd);
1647 		fd = socket(AF_INET6, SOCK_DGRAM, 0);
1648 		if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1649 			(void) close(fd);
1650 			return;
1651 		}
1652 	}
1653 	(void) close(fd);
1654 
1655 	/* VNI and IPMP interfaces don't have MAC addresses */
1656 	if (lifr.lifr_flags & (IFF_VIRTUAL|IFF_IPMP))
1657 		return;
1658 
1659 	/* IP tunnels also don't have Ethernet-like MAC addresses */
1660 	if (ifconfig_dladm_open(ifname, DATALINK_CLASS_IPTUN, NULL) ==
1661 	    DLADM_STATUS_OK)
1662 		return;
1663 
1664 	dlpi_print_address(ifname);
1665 }
1666 
1667 /*
1668  * static int find_all_interfaces(struct lifconf *lifcp, char **buf,
1669  *     int64_t lifc_flags)
1670  *
1671  * It finds all active data links.
1672  *
1673  * It takes in input a pointer to struct lifconf to receive interfaces
1674  * informations, a **char to hold allocated buffer, and a lifc_flags.
1675  *
1676  * Return values:
1677  *  0 = everything OK
1678  * -1 = problem
1679  */
1680 static int
1681 find_all_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags)
1682 {
1683 	unsigned bufsize;
1684 	int n;
1685 	ni_t *nip;
1686 	struct lifreq *lifrp;
1687 	dladm_status_t status;
1688 
1689 	if (!dlh_opened) {
1690 		status = ifconfig_dladm_open(NULL, 0, NULL);
1691 		if (status != DLADM_STATUS_OK)
1692 			dladmerr_exit(status, "unable to open dladm handle");
1693 	}
1694 
1695 	(void) dlpi_walk(ni_entry, dlh, 0);
1696 
1697 	/* Now, translate the linked list into a struct lifreq buffer */
1698 	if (num_ni == 0) {
1699 		lifcp->lifc_family = AF_UNSPEC;
1700 		lifcp->lifc_flags = lifc_flags;
1701 		lifcp->lifc_len = 0;
1702 		lifcp->lifc_buf = NULL;
1703 		return (0);
1704 	}
1705 
1706 	bufsize = num_ni * sizeof (struct lifreq);
1707 	if ((*buf = malloc(bufsize)) == NULL)
1708 		Perror0_exit("find_all_interfaces: malloc failed");
1709 
1710 	lifcp->lifc_family = AF_UNSPEC;
1711 	lifcp->lifc_flags = lifc_flags;
1712 	lifcp->lifc_len = bufsize;
1713 	lifcp->lifc_buf = *buf;
1714 
1715 	for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) {
1716 		nip = ni_list;
1717 		(void) strncpy(lifrp->lifr_name, nip->ni_name,
1718 		    sizeof (lifr.lifr_name));
1719 		ni_list = nip->ni_next;
1720 		free(nip);
1721 	}
1722 	return (0);
1723 }
1724 
1725 /*
1726  * Create the next unused logical interface using the original name
1727  * and assign the address (and mask if '/<n>' is part of the address).
1728  * Use the new logical interface for subsequent subcommands by updating
1729  * the name variable.
1730  *
1731  * This allows syntax like:
1732  *	ifconfig le0 addif 109.106.86.130 netmask + up \
1733  *	addif 109.106.86.131 netmask + up
1734  */
1735 /* ARGSUSED */
1736 static int
1737 addif(char *str, int64_t param)
1738 {
1739 	int prefixlen = 0;
1740 	struct sockaddr_storage laddr;
1741 	struct sockaddr_storage mask;
1742 
1743 	(void) strncpy(name, origname, sizeof (name));
1744 
1745 	if (strchr(name, ':') != NULL) {
1746 		(void) fprintf(stderr,
1747 		    "ifconfig: addif: bad physical interface name %s\n",
1748 		    name);
1749 		exit(1);
1750 	}
1751 
1752 	/*
1753 	 * clear so parser will interpret next address as source followed
1754 	 * by possible dest
1755 	 */
1756 	setaddr = 0;
1757 	(*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen);
1758 
1759 	switch (prefixlen) {
1760 	case NO_PREFIX:
1761 		/* Nothing there - ok */
1762 		break;
1763 	case BAD_ADDR:
1764 		(void) fprintf(stderr,
1765 		    "ifconfig: Bad prefix length in %s\n", str);
1766 		exit(1);
1767 	default:
1768 		(void) memset(&mask, 0, sizeof (mask));
1769 		mask.ss_family = afp->af_af;
1770 		if (afp->af_af == AF_INET6) {
1771 			struct sockaddr_in6 *sin6;
1772 			sin6 = (struct sockaddr_in6 *)&mask;
1773 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1774 			    (uchar_t *)&sin6->sin6_addr)) {
1775 				(void) fprintf(stderr, "ifconfig: "
1776 				    "Bad prefix length: %d\n",
1777 				    prefixlen);
1778 				exit(1);
1779 			}
1780 		} else {
1781 			struct sockaddr_in *sin;
1782 
1783 			sin = (struct sockaddr_in *)&mask;
1784 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
1785 			    (uchar_t *)&sin->sin_addr)) {
1786 				(void) fprintf(stderr, "ifconfig: "
1787 				    "Bad prefix length: %d\n",
1788 				    prefixlen);
1789 				exit(1);
1790 			}
1791 		}
1792 		g_netmask_set = G_NETMASK_NIL;
1793 		break;
1794 	}
1795 
1796 	/*
1797 	 * This is a "hack" to get around the problem of SIOCLIFADDIF.  The
1798 	 * problem is that this ioctl does not include the netmask when
1799 	 * adding a logical interface.  This is the same problem described
1800 	 * in the ifconfig() comments.  To get around this problem, we first
1801 	 * add the logical interface with a 0 address.  After that, we set
1802 	 * the netmask if provided.  Finally we set the interface address.
1803 	 */
1804 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1805 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1806 
1807 	/* Note: no need to do DAD here since the interface isn't up yet. */
1808 
1809 	if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0)
1810 		Perror0_exit("addif: SIOCLIFADDIF");
1811 
1812 	(void) printf("Created new logical interface %s\n",
1813 	    lifr.lifr_name);
1814 	(void) strncpy(name, lifr.lifr_name, sizeof (name));
1815 
1816 	/*
1817 	 * Check and see if any "netmask" command is used and perform the
1818 	 * necessary operation.
1819 	 */
1820 	set_mask_lifreq(&lifr, &laddr, &mask);
1821 	/*
1822 	 * Only set the netmask if "netmask" command is used or a prefix is
1823 	 * provided.
1824 	 */
1825 	if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) {
1826 		if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1827 			Perror0_exit("addif: SIOCSLIFNETMASK");
1828 	}
1829 
1830 	/* Finally, we set the interface address. */
1831 	lifr.lifr_addr = laddr;
1832 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1833 		Perror0_exit("SIOCSLIFADDR");
1834 
1835 	/*
1836 	 * let parser know we got a source.
1837 	 * Next address, if given, should be dest
1838 	 */
1839 	setaddr++;
1840 	return (0);
1841 }
1842 
1843 /*
1844  * Remove a logical interface based on its IP address. Unlike addif
1845  * there is no '/<n>' here.
1846  * Verifies that the interface is down before it is removed.
1847  */
1848 /* ARGSUSED */
1849 static int
1850 removeif(char *str, int64_t param)
1851 {
1852 	struct sockaddr_storage laddr;
1853 
1854 	if (strchr(name, ':') != NULL) {
1855 		(void) fprintf(stderr,
1856 		    "ifconfig: removeif: bad physical interface name %s\n",
1857 		    name);
1858 		exit(1);
1859 	}
1860 
1861 	(*afp->af_getaddr)(str, &laddr, NULL);
1862 	lifr.lifr_addr = laddr;
1863 
1864 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1865 	if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) {
1866 		if (errno == EBUSY) {
1867 			/* This can only happen if ipif_id = 0 */
1868 			(void) fprintf(stderr,
1869 			    "ifconfig: removeif: can't remove interface: %s\n",
1870 			    name);
1871 			exit(1);
1872 		}
1873 		Perror0_exit("removeif: SIOCLIFREMOVEIF");
1874 	}
1875 	return (0);
1876 }
1877 
1878 /*
1879  * Set the address token for IPv6.
1880  */
1881 /* ARGSUSED */
1882 static int
1883 setiftoken(char *addr, int64_t param)
1884 {
1885 	int prefixlen = 0;
1886 	struct sockaddr_in6 token;
1887 
1888 	in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen);
1889 	switch (prefixlen) {
1890 	case NO_PREFIX:
1891 		(void) fprintf(stderr,
1892 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
1893 		exit(1);
1894 		/* NOTREACHED */
1895 	case BAD_ADDR:
1896 		(void) fprintf(stderr,
1897 		    "ifconfig: Bad prefix length in %s\n", addr);
1898 		exit(1);
1899 	default:
1900 		break;
1901 	}
1902 	(void) memcpy(&lifr.lifr_addr, &token, sizeof (token));
1903 	lifr.lifr_addrlen = prefixlen;
1904 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1905 	if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0)  {
1906 		Perror0_exit("setiftoken: SIOCSLIFTOKEN");
1907 	}
1908 	return (0);
1909 }
1910 
1911 /* ARGSUSED */
1912 static int
1913 setifgroupname(char *grname, int64_t param)
1914 {
1915 	lifgroupinfo_t		lifgr;
1916 	struct lifreq		lifrl;
1917 	ifaddrlistx_t		*ifaddrp, *nextifaddrp;
1918 	ifaddrlistx_t		*ifaddrs = NULL, *downaddrs = NULL;
1919 	int			af;
1920 
1921 	if (debug) {
1922 		(void) printf("Setting groupname %s on interface %s\n",
1923 		    grname, name);
1924 	}
1925 
1926 	(void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ);
1927 	(void) strlcpy(lifrl.lifr_groupname, grname, LIFGRNAMSIZ);
1928 
1929 	while (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) {
1930 		switch (errno) {
1931 		case ENOENT:
1932 			/*
1933 			 * The group doesn't yet exist; create it and repeat.
1934 			 */
1935 			af = afp->af_af;
1936 			if (create_ipmp(grname, af, NULL, _B_TRUE) == -1) {
1937 				if (errno == EEXIST)
1938 					continue;
1939 
1940 				Perror2(grname, "cannot create IPMP group");
1941 				goto fail;
1942 			}
1943 			continue;
1944 
1945 		case EALREADY:
1946 			/*
1947 			 * The interface is already in another group; must
1948 			 * remove existing membership first.
1949 			 */
1950 			lifrl.lifr_groupname[0] = '\0';
1951 			if (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) {
1952 				Perror2(name, "cannot remove existing "
1953 				    "IPMP group membership");
1954 				goto fail;
1955 			}
1956 			(void) strlcpy(lifrl.lifr_groupname, grname,
1957 			    LIFGRNAMSIZ);
1958 			continue;
1959 
1960 		case EAFNOSUPPORT:
1961 			/*
1962 			 * The group exists, but it's not configured with the
1963 			 * address families the interface needs.  Since only
1964 			 * two address families are currently supported, just
1965 			 * configure the "other" address family.  Note that we
1966 			 * may race with group deletion or creation by another
1967 			 * process (ENOENT or EEXIST); in such cases we repeat
1968 			 * our original SIOCSLIFGROUPNAME.
1969 			 */
1970 			(void) strlcpy(lifgr.gi_grname, grname, LIFGRNAMSIZ);
1971 			if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) {
1972 				if (errno == ENOENT)
1973 					continue;
1974 
1975 				Perror2(grname, "SIOCGLIFGROUPINFO");
1976 				goto fail;
1977 			}
1978 
1979 			af = lifgr.gi_v4 ? AF_INET6 : AF_INET;
1980 			if (create_ipmp(grname, af, lifgr.gi_grifname,
1981 			    _B_TRUE) == -1) {
1982 				if (errno == EEXIST)
1983 					continue;
1984 
1985 				Perror2(grname, "cannot configure IPMP group");
1986 				goto fail;
1987 			}
1988 			continue;
1989 
1990 		case EADDRINUSE:
1991 			/*
1992 			 * Some addresses are in-use (or under control of DAD).
1993 			 * Bring them down and retry the group join operation.
1994 			 * We will bring them back up after the interface has
1995 			 * been placed in the group.
1996 			 */
1997 			if (ifaddrlistx(lifrl.lifr_name, IFF_UP|IFF_DUPLICATE,
1998 			    0, &ifaddrs) == -1) {
1999 				Perror2(grname, "cannot get address list");
2000 				goto fail;
2001 			}
2002 
2003 			ifaddrp = ifaddrs;
2004 			for (; ifaddrp != NULL; ifaddrp = nextifaddrp) {
2005 				if (!ifaddr_down(ifaddrp)) {
2006 					ifaddrs = ifaddrp;
2007 					goto fail;
2008 				}
2009 				nextifaddrp = ifaddrp->ia_next;
2010 				ifaddrp->ia_next = downaddrs;
2011 				downaddrs = ifaddrp;
2012 			}
2013 			ifaddrs = NULL;
2014 			continue;
2015 
2016 		case EADDRNOTAVAIL: {
2017 			/*
2018 			 * Some data addresses are under application control.
2019 			 * For some of these (e.g., ADDRCONF), the application
2020 			 * should remove the address, in which case we retry a
2021 			 * few times (since the application's action is not
2022 			 * atomic with respect to us) before bailing out and
2023 			 * informing the user.
2024 			 */
2025 			int ntries, nappaddr = 0;
2026 			const if_appflags_t *iap = if_appflags_tbl;
2027 
2028 			for (; iap->ia_app != NULL; iap++) {
2029 				ntries = 0;
2030 again:
2031 				if (ifaddrlistx(lifrl.lifr_name, iap->ia_flag,
2032 				    IFF_NOFAILOVER, &ifaddrs) == -1) {
2033 					(void) fprintf(stderr, "ifconfig: %s: "
2034 					    "cannot get data addresses managed "
2035 					    "by %s\n", lifrl.lifr_name,
2036 					    iap->ia_app);
2037 					goto fail;
2038 				}
2039 
2040 				if (ifaddrs == NULL)
2041 					continue;
2042 
2043 				ifaddrlistx_free(ifaddrs);
2044 				ifaddrs = NULL;
2045 
2046 				if (++ntries < iap->ia_tries) {
2047 					(void) poll(NULL, 0, 100);
2048 					goto again;
2049 				}
2050 
2051 				(void) fprintf(stderr, "ifconfig: cannot join "
2052 				    "IPMP group: %s has data addresses managed "
2053 				    "by %s\n", lifrl.lifr_name, iap->ia_app);
2054 				nappaddr++;
2055 			}
2056 			if (nappaddr > 0)
2057 				goto fail;
2058 			continue;
2059 		}
2060 		default:
2061 			Perror2(name, "SIOCSLIFGROUPNAME");
2062 			goto fail;
2063 		}
2064 	}
2065 
2066 	/*
2067 	 * If there were addresses that we had to bring down, it's time to
2068 	 * bring them up again.  As part of bringing them up, the kernel will
2069 	 * automatically move them to the new IPMP interface.
2070 	 */
2071 	for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
2072 		if (!ifaddr_up(ifaddrp) && errno != ENXIO) {
2073 			(void) fprintf(stderr, "ifconfig: cannot bring back up "
2074 			    "%s: %s\n", ifaddrp->ia_name, strerror(errno));
2075 		}
2076 	}
2077 	ifaddrlistx_free(downaddrs);
2078 	return (0);
2079 fail:
2080 	/*
2081 	 * Attempt to bring back up any interfaces that we downed.
2082 	 */
2083 	for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
2084 		if (!ifaddr_up(ifaddrp) && errno != ENXIO) {
2085 			(void) fprintf(stderr, "ifconfig: cannot bring back up "
2086 			    "%s: %s\n", ifaddrp->ia_name, strerror(errno));
2087 		}
2088 	}
2089 	ifaddrlistx_free(downaddrs);
2090 	ifaddrlistx_free(ifaddrs);
2091 
2092 	/*
2093 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2094 	 * into the exit status, so we're forced to explicitly exit().
2095 	 */
2096 	exit(1);
2097 	/* NOTREACHED */
2098 }
2099 
2100 static boolean_t
2101 modcheck(const char *ifname)
2102 {
2103 	(void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2104 
2105 	if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) {
2106 		Perror0("SIOCGLIFFLAGS");
2107 		return (_B_FALSE);
2108 	}
2109 
2110 	if (lifr.lifr_flags & IFF_IPMP) {
2111 		(void) fprintf(stderr, "ifconfig: %s: module operations not"
2112 		    " supported on IPMP interfaces\n", ifname);
2113 		return (_B_FALSE);
2114 	}
2115 	if (lifr.lifr_flags & IFF_VIRTUAL) {
2116 		(void) fprintf(stderr, "ifconfig: %s: module operations not"
2117 		    " supported on virtual IP interfaces\n", ifname);
2118 		return (_B_FALSE);
2119 	}
2120 	return (_B_TRUE);
2121 }
2122 
2123 /*
2124  * To list all the modules above a given network interface.
2125  */
2126 /* ARGSUSED */
2127 static int
2128 modlist(char *null, int64_t param)
2129 {
2130 	int muxid_fd;
2131 	int muxfd;
2132 	int ipfd_lowstr;
2133 	int arpfd_lowstr;
2134 	int num_mods;
2135 	int i;
2136 	struct str_list strlist;
2137 	int orig_arpid;
2138 
2139 	/*
2140 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2141 	 * into the exit status, so we're forced to explicitly exit().
2142 	 */
2143 	if (!modcheck(name))
2144 		exit(1);
2145 
2146 	if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr,
2147 	    &orig_arpid) < 0) {
2148 		return (-1);
2149 	}
2150 	if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) {
2151 		Perror0("cannot I_LIST to get the number of modules");
2152 	} else {
2153 		if (debug > 0) {
2154 			(void) printf("Listing (%d) modules above %s\n",
2155 			    num_mods, name);
2156 		}
2157 
2158 		strlist.sl_nmods = num_mods;
2159 		strlist.sl_modlist = malloc(sizeof (struct str_mlist) *
2160 		    num_mods);
2161 		if (strlist.sl_modlist == NULL) {
2162 			Perror0("cannot malloc");
2163 		} else {
2164 			if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) {
2165 				Perror0("cannot I_LIST for module names");
2166 			} else {
2167 				for (i = 0; i < strlist.sl_nmods; i++) {
2168 					(void) printf("%d %s\n", i,
2169 					    strlist.sl_modlist[i].l_name);
2170 				}
2171 			}
2172 			free(strlist.sl_modlist);
2173 		}
2174 	}
2175 	return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr,
2176 	    orig_arpid));
2177 }
2178 
2179 #define	MODINSERT_OP	'i'
2180 #define	MODREMOVE_OP	'r'
2181 
2182 /*
2183  * To insert a module to the stream of the interface.  It is just a
2184  * wrapper.  The real function is modop().
2185  */
2186 /* ARGSUSED */
2187 static int
2188 modinsert(char *arg, int64_t param)
2189 {
2190 	return (modop(arg, MODINSERT_OP));
2191 }
2192 
2193 /*
2194  * To remove a module from the stream of the interface.  It is just a
2195  * wrapper.  The real function is modop().
2196  */
2197 /* ARGSUSED */
2198 static int
2199 modremove(char *arg, int64_t param)
2200 {
2201 	return (modop(arg, MODREMOVE_OP));
2202 }
2203 
2204 /*
2205  * Open a stream on /dev/udp{,6}, pop off all undesired modules (note that
2206  * the user may have configured autopush to add modules above
2207  * udp), and push the arp module onto the resulting stream.
2208  * This is used to make IP+ARP be able to atomically track the muxid
2209  * for the I_PLINKed STREAMS, thus it isn't related to ARP running the ARP
2210  * protocol.
2211  */
2212 static int
2213 open_arp_on_udp(char *udp_dev_name)
2214 {
2215 	int fd;
2216 
2217 	if ((fd = open(udp_dev_name, O_RDWR)) == -1) {
2218 		Perror2("open", udp_dev_name);
2219 		return (-1);
2220 	}
2221 	errno = 0;
2222 	while (ioctl(fd, I_POP, 0) != -1)
2223 		;
2224 	if (errno != EINVAL) {
2225 		Perror2("pop", udp_dev_name);
2226 	} else if (ioctl(fd, I_PUSH, ARP_MOD_NAME) == -1) {
2227 		Perror2("arp PUSH", udp_dev_name);
2228 	} else {
2229 		return (fd);
2230 	}
2231 	(void) close(fd);
2232 	return (-1);
2233 }
2234 
2235 /*
2236  * Helper function for mod*() functions.  It gets a fd to the lower IP
2237  * stream and I_PUNLINK's the lower stream.  It also initializes the
2238  * global variable lifr.
2239  *
2240  * Param:
2241  *	int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2242  *	int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2243  *	int *ipfd_lowstr: fd to the lower IP stream.
2244  *	int *arpfd_lowstr: fd to the lower ARP stream.
2245  *
2246  * Return:
2247  *	-1 if operation fails, 0 otherwise.
2248  *
2249  * Please see the big block comment above ifplumb() for the logic of the
2250  * PLINK/PUNLINK
2251  */
2252 static int
2253 ip_domux2fd(int *muxfd, int *muxid_fd, int *ipfd_lowstr, int *arpfd_lowstr,
2254     int *orig_arpid)
2255 {
2256 	uint64_t	flags;
2257 	char		*udp_dev_name;
2258 
2259 	*orig_arpid = 0;
2260 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2261 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2262 		Perror0_exit("status: SIOCGLIFFLAGS");
2263 	}
2264 	flags = lifr.lifr_flags;
2265 	if (flags & IFF_IPV4) {
2266 		udp_dev_name = UDP_DEV_NAME;
2267 	} else if (flags & IFF_IPV6) {
2268 		udp_dev_name = UDP6_DEV_NAME;
2269 	} else {
2270 		return (-1);
2271 	}
2272 
2273 	if ((*muxid_fd = open(udp_dev_name, O_RDWR)) < 0) {
2274 		Perror2("open", udp_dev_name);
2275 		return (-1);
2276 	}
2277 	if (ioctl(*muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
2278 		Perror2("SIOCGLIFMUXID", udp_dev_name);
2279 		return (-1);
2280 	}
2281 	if (debug > 0) {
2282 		(void) printf("ARP_muxid %d IP_muxid %d\n",
2283 		    lifr.lifr_arp_muxid, lifr.lifr_ip_muxid);
2284 	}
2285 
2286 	/*
2287 	 * Use /dev/udp{,6} as the mux to avoid linkcycles.
2288 	 */
2289 	if ((*muxfd = open_arp_on_udp(udp_dev_name)) == -1)
2290 		return (-1);
2291 
2292 	if (lifr.lifr_arp_muxid != 0) {
2293 		if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2294 		    lifr.lifr_arp_muxid)) < 0) {
2295 			if ((errno == EINVAL) &&
2296 			    (flags & (IFF_NOARP | IFF_IPV6))) {
2297 				/*
2298 				 * Some plumbing utilities set the muxid to
2299 				 * -1 or some invalid value to signify that
2300 				 * there is no arp stream. Set the muxid to 0
2301 				 * before trying to unplumb the IP stream.
2302 				 * IP does not allow the IP stream to be
2303 				 * unplumbed if it sees a non-null arp muxid,
2304 				 * for consistency of IP-ARP streams.
2305 				 */
2306 				*orig_arpid = lifr.lifr_arp_muxid;
2307 				lifr.lifr_arp_muxid = 0;
2308 				(void) ioctl(*muxid_fd, SIOCSLIFMUXID,
2309 				    (caddr_t)&lifr);
2310 				*arpfd_lowstr = -1;
2311 			} else {
2312 				Perror0("_I_MUXID2FD");
2313 				return (-1);
2314 			}
2315 		} else if (ioctl(*muxfd, I_PUNLINK,
2316 		    lifr.lifr_arp_muxid) < 0) {
2317 			Perror2("I_PUNLINK", udp_dev_name);
2318 			return (-1);
2319 		}
2320 	} else {
2321 		*arpfd_lowstr = -1;
2322 	}
2323 
2324 	if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2325 	    lifr.lifr_ip_muxid)) < 0) {
2326 		Perror0("_I_MUXID2FD");
2327 		/* Undo any changes we made */
2328 		if (*orig_arpid != 0) {
2329 			lifr.lifr_arp_muxid = *orig_arpid;
2330 			(void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2331 		}
2332 		return (-1);
2333 	}
2334 	if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) {
2335 		Perror2("I_PUNLINK", udp_dev_name);
2336 		/* Undo any changes we made */
2337 		if (*orig_arpid != 0) {
2338 			lifr.lifr_arp_muxid = *orig_arpid;
2339 			(void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2340 		}
2341 		return (-1);
2342 	}
2343 	return (0);
2344 }
2345 
2346 /*
2347  * Helper function for mod*() functions.  It I_PLINK's back the upper and
2348  * lower IP streams.  Note that this function must be called after
2349  * ip_domux2fd().  In ip_domux2fd(), the global variable lifr is initialized
2350  * and ip_plink() needs information in lifr.  So ip_domux2fd() and ip_plink()
2351  * must be called in pairs.
2352  *
2353  * Param:
2354  *	int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2355  *	int muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2356  *	int ipfd_lowstr: fd to the lower IP stream.
2357  *	int arpfd_lowstr: fd to the lower ARP stream.
2358  *
2359  * Return:
2360  *	-1 if operation fails, 0 otherwise.
2361  *
2362  * Please see the big block comment above ifplumb() for the logic of the
2363  * PLINK/PUNLINK
2364  */
2365 static int
2366 ip_plink(int muxfd, int muxid_fd, int ipfd_lowstr, int arpfd_lowstr,
2367     int orig_arpid)
2368 {
2369 	int ip_muxid;
2370 
2371 	ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr);
2372 	if (ip_muxid < 0) {
2373 		Perror2("I_PLINK", UDP_DEV_NAME);
2374 		return (-1);
2375 	}
2376 
2377 	/*
2378 	 * If there is an arp stream, plink it. If there is no
2379 	 * arp stream, then it is possible that the plumbing
2380 	 * utility could have stored any value in the arp_muxid.
2381 	 * If so, restore it from orig_arpid.
2382 	 */
2383 	if (arpfd_lowstr != -1) {
2384 		if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) {
2385 			Perror2("I_PLINK", UDP_DEV_NAME);
2386 			return (-1);
2387 		}
2388 	} else if (orig_arpid != 0) {
2389 		/* Undo the changes we did in ip_domux2fd */
2390 		lifr.lifr_arp_muxid = orig_arpid;
2391 		lifr.lifr_ip_muxid = ip_muxid;
2392 		(void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2393 	}
2394 
2395 	(void) close(muxfd);
2396 	(void) close(muxid_fd);
2397 	return (0);
2398 }
2399 
2400 /*
2401  * The real function to perform module insertion/removal.
2402  *
2403  * Param:
2404  *	char *arg: the argument string module_name@position
2405  *	char op: operation, either MODINSERT_OP or MODREMOVE_OP.
2406  *
2407  * Return:
2408  *	Before doing ip_domux2fd(), this function calls exit(1) in case of
2409  *	error.  After ip_domux2fd() is done, it returns -1 for error, 0
2410  *	otherwise.
2411  */
2412 static int
2413 modop(char *arg, char op)
2414 {
2415 	char *pos_p;
2416 	int muxfd;
2417 	int muxid_fd;
2418 	int ipfd_lowstr;  /* IP stream (lower stream of mux) to be plinked */
2419 	int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */
2420 	struct strmodconf mod;
2421 	char *at_char = "@";
2422 	char *arg_str;
2423 	int orig_arpid;
2424 
2425 	/*
2426 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2427 	 * into the exit status, so we're forced to explicitly exit().
2428 	 */
2429 	if (!modcheck(name))
2430 		exit(1);
2431 
2432 	/* Need to save the original string for -a option. */
2433 	if ((arg_str = malloc(strlen(arg) + 1)) == NULL) {
2434 		Perror0("cannot malloc");
2435 		return (-1);
2436 	}
2437 	(void) strcpy(arg_str, arg);
2438 
2439 	if (*arg_str == *at_char) {
2440 		(void) fprintf(stderr,
2441 		    "ifconfig: must supply a module name\n");
2442 		exit(1);
2443 	}
2444 	mod.mod_name = strtok(arg_str, at_char);
2445 	if (strlen(mod.mod_name) > FMNAMESZ) {
2446 		(void) fprintf(stderr, "ifconfig: module name too long: %s\n",
2447 		    mod.mod_name);
2448 		exit(1);
2449 	}
2450 
2451 	/*
2452 	 * Need to make sure that the core TCP/IP stack modules are not
2453 	 * removed.  Otherwise, "bad" things can happen.  If a module
2454 	 * is removed and inserted back, it loses its old state.  But
2455 	 * the modules above it still have the old state.  E.g. IP assumes
2456 	 * fast data path while tunnel after re-inserted assumes that it can
2457 	 * receive M_DATA only in fast data path for which it does not have
2458 	 * any state.  This is a general caveat of _I_REMOVE/_I_INSERT.
2459 	 */
2460 	if (op == MODREMOVE_OP &&
2461 	    (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 ||
2462 	    strcmp(mod.mod_name, IP_MOD_NAME) == 0)) {
2463 		(void) fprintf(stderr, "ifconfig: cannot remove %s\n",
2464 		    mod.mod_name);
2465 		exit(1);
2466 	}
2467 
2468 	if ((pos_p = strtok(NULL, at_char)) == NULL) {
2469 		(void) fprintf(stderr, "ifconfig: must supply a position\n");
2470 		exit(1);
2471 	}
2472 	mod.pos = atoi(pos_p);
2473 
2474 	if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr,
2475 	    &orig_arpid) < 0) {
2476 		free(arg_str);
2477 		return (-1);
2478 	}
2479 	switch (op) {
2480 	case MODINSERT_OP:
2481 		if (debug > 0) {
2482 			(void) printf("Inserting module %s at %d\n",
2483 			    mod.mod_name, mod.pos);
2484 		}
2485 		if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) {
2486 			Perror2("fail to insert module", mod.mod_name);
2487 		}
2488 		break;
2489 	case MODREMOVE_OP:
2490 		if (debug > 0) {
2491 			(void) printf("Removing module %s at %d\n",
2492 			    mod.mod_name, mod.pos);
2493 		}
2494 		if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) {
2495 			Perror2("fail to remove module", mod.mod_name);
2496 		}
2497 		break;
2498 	default:
2499 		/* Should never get to here. */
2500 		(void) fprintf(stderr, "Unknown operation\n");
2501 		break;
2502 	}
2503 	free(arg_str);
2504 	return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr,
2505 	    orig_arpid));
2506 }
2507 
2508 static int
2509 modify_tun(iptun_params_t *params)
2510 {
2511 	dladm_status_t status;
2512 
2513 	if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN,
2514 	    &params->iptun_param_linkid)) == DLADM_STATUS_OK)
2515 		status = dladm_iptun_modify(dlh, params, DLADM_OPT_ACTIVE);
2516 	if (status != DLADM_STATUS_OK)
2517 		dladmerr_exit(status, name);
2518 	return (0);
2519 }
2520 
2521 /*
2522  * Set tunnel source address
2523  */
2524 /* ARGSUSED */
2525 static int
2526 setiftsrc(char *addr, int64_t param)
2527 {
2528 	iptun_params_t params;
2529 
2530 	params.iptun_param_flags = IPTUN_PARAM_LADDR;
2531 	(void) strlcpy(params.iptun_param_laddr, addr,
2532 	    sizeof (params.iptun_param_laddr));
2533 	return (modify_tun(&params));
2534 }
2535 
2536 /*
2537  * Set tunnel destination address
2538  */
2539 /* ARGSUSED */
2540 static int
2541 setiftdst(char *addr, int64_t param)
2542 {
2543 	iptun_params_t params;
2544 
2545 	params.iptun_param_flags = IPTUN_PARAM_RADDR;
2546 	(void) strlcpy(params.iptun_param_raddr, addr,
2547 	    sizeof (params.iptun_param_raddr));
2548 	return (modify_tun(&params));
2549 }
2550 
2551 static int
2552 set_tun_prop(const char *propname, char *value)
2553 {
2554 	dladm_status_t	status;
2555 	datalink_id_t	linkid;
2556 
2557 	status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid);
2558 	if (status == DLADM_STATUS_OK) {
2559 		status = dladm_set_linkprop(dlh, linkid, propname, &value, 1,
2560 		    DLADM_OPT_ACTIVE);
2561 	}
2562 	if (status != DLADM_STATUS_OK)
2563 		dladmerr_exit(status, name);
2564 	return (0);
2565 }
2566 
2567 /* Set tunnel encapsulation limit. */
2568 /* ARGSUSED */
2569 static int
2570 set_tun_encap_limit(char *arg, int64_t param)
2571 {
2572 	return (set_tun_prop("encaplimit", arg));
2573 }
2574 
2575 /* Disable encapsulation limit. */
2576 /* ARGSUSED */
2577 static int
2578 clr_tun_encap_limit(char *arg, int64_t param)
2579 {
2580 	return (set_tun_encap_limit("-1", 0));
2581 }
2582 
2583 /* Set tunnel hop limit. */
2584 /* ARGSUSED */
2585 static int
2586 set_tun_hop_limit(char *arg, int64_t param)
2587 {
2588 	return (set_tun_prop("hoplimit", arg));
2589 }
2590 
2591 /* Set zone ID */
2592 static int
2593 setzone(char *arg, int64_t param)
2594 {
2595 	zoneid_t zoneid = GLOBAL_ZONEID;
2596 
2597 	if (param == NEXTARG) {
2598 		/* zone must be active */
2599 		if ((zoneid = getzoneidbyname(arg)) == -1) {
2600 			(void) fprintf(stderr,
2601 			    "ifconfig: unknown zone '%s'\n", arg);
2602 			exit(1);
2603 		}
2604 	}
2605 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2606 	lifr.lifr_zoneid = zoneid;
2607 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2608 		Perror0_exit("SIOCSLIFZONE");
2609 	return (0);
2610 }
2611 
2612 /* Put interface into all zones */
2613 /* ARGSUSED */
2614 static int
2615 setallzones(char *arg, int64_t param)
2616 {
2617 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2618 	lifr.lifr_zoneid = ALL_ZONES;
2619 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2620 		Perror0_exit("SIOCSLIFZONE");
2621 	return (0);
2622 }
2623 
2624 /* Set source address to use */
2625 /* ARGSUSED */
2626 static int
2627 setifsrc(char *arg, int64_t param)
2628 {
2629 	uint_t ifindex = 0;
2630 	int rval;
2631 
2632 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2633 
2634 	/*
2635 	 * Argument can be either an interface name or "none". The latter means
2636 	 * that any previous selection is cleared.
2637 	 */
2638 
2639 	rval = strcmp(arg, name);
2640 	if (rval == 0) {
2641 		(void) fprintf(stderr,
2642 		    "ifconfig: Cannot specify same interface for usesrc"
2643 		    " group\n");
2644 		exit(1);
2645 	}
2646 
2647 	rval = strcmp(arg, NONE_STR);
2648 	if (rval != 0) {
2649 		if ((ifindex = if_nametoindex(arg)) == 0) {
2650 			(void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ);
2651 			Perror0_exit("Could not get interface index");
2652 		}
2653 		lifr.lifr_index = ifindex;
2654 	} else {
2655 		if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0)
2656 			Perror0_exit("Not a valid usesrc consumer");
2657 		lifr.lifr_index = 0;
2658 	}
2659 
2660 	if (debug)
2661 		(void) printf("setifsrc: lifr_name %s, lifr_index %d\n",
2662 		    lifr.lifr_name, lifr.lifr_index);
2663 
2664 	if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) {
2665 		if (rval == 0)
2666 			Perror0_exit("Cannot reset usesrc group");
2667 		else
2668 			Perror0_exit("Could not set source interface");
2669 	}
2670 
2671 	return (0);
2672 }
2673 
2674 /*
2675  * Print the interface status line associated with `ifname'
2676  */
2677 static void
2678 ifstatus(const char *ifname)
2679 {
2680 	uint64_t flags;
2681 	char if_usesrc_name[LIFNAMSIZ];
2682 	char *newbuf;
2683 	int n, numifs, rval = 0;
2684 	struct lifreq *lifrp;
2685 	struct lifsrcof lifs;
2686 
2687 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2688 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2689 		Perror0_exit("status: SIOCGLIFFLAGS");
2690 	}
2691 	flags = lifr.lifr_flags;
2692 
2693 	/*
2694 	 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or
2695 	 * interfaces with IFF_IPV6 set.
2696 	 */
2697 	if (v4compat) {
2698 		flags &= ~IFF_IPV4;
2699 		if (flags & IFF_IPV6)
2700 			return;
2701 	}
2702 
2703 	(void) printf("%s: ", ifname);
2704 	print_flags(flags);
2705 
2706 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2707 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
2708 		Perror0_exit("status: SIOCGLIFMETRIC");
2709 	} else {
2710 		if (lifr.lifr_metric)
2711 			(void) printf(" metric %d", lifr.lifr_metric);
2712 	}
2713 	if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
2714 		(void) printf(" mtu %u", lifr.lifr_mtu);
2715 
2716 	/* don't print index or zone when in compatibility mode */
2717 	if (!v4compat) {
2718 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
2719 			(void) printf(" index %d", lifr.lifr_index);
2720 		/*
2721 		 * Stack instances use GLOBAL_ZONEID for IP data structures
2722 		 * even in the non-global zone.
2723 		 */
2724 		if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 &&
2725 		    lifr.lifr_zoneid != getzoneid() &&
2726 		    lifr.lifr_zoneid != GLOBAL_ZONEID) {
2727 			char zone_name[ZONENAME_MAX];
2728 
2729 			if (lifr.lifr_zoneid == ALL_ZONES) {
2730 				(void) printf("\n\tall-zones");
2731 			} else if (getzonenamebyid(lifr.lifr_zoneid, zone_name,
2732 			    sizeof (zone_name)) < 0) {
2733 				(void) printf("\n\tzone %d", lifr.lifr_zoneid);
2734 			} else {
2735 				(void) printf("\n\tzone %s", zone_name);
2736 			}
2737 		}
2738 	}
2739 
2740 	if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) {
2741 		lifs.lifs_ifindex = lifr.lifr_index;
2742 
2743 		/*
2744 		 * Find the number of interfaces that use this interfaces'
2745 		 * address as a source address
2746 		 */
2747 		lifs.lifs_buf = NULL;
2748 		lifs.lifs_maxlen = 0;
2749 		for (;;) {
2750 			/* The first pass will give the bufsize we need */
2751 			rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs);
2752 			if (rval < 0) {
2753 				if (lifs.lifs_buf != NULL) {
2754 					free(lifs.lifs_buf);
2755 					lifs.lifs_buf = NULL;
2756 				}
2757 				lifs.lifs_len = 0;
2758 				break;
2759 			}
2760 			if (lifs.lifs_len <= lifs.lifs_maxlen)
2761 				break;
2762 			/* Use kernel's size + a small margin to avoid loops */
2763 			lifs.lifs_maxlen = lifs.lifs_len +
2764 			    5 * sizeof (struct lifreq);
2765 			/* For the first pass, realloc acts like malloc */
2766 			newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen);
2767 			if (newbuf == NULL) {
2768 				if (lifs.lifs_buf != NULL) {
2769 					free(lifs.lifs_buf);
2770 					lifs.lifs_buf = NULL;
2771 				}
2772 				lifs.lifs_len = 0;
2773 				break;
2774 			}
2775 			lifs.lifs_buf = newbuf;
2776 		}
2777 
2778 
2779 		numifs = lifs.lifs_len / sizeof (struct lifreq);
2780 		if (numifs > 0) {
2781 			lifrp = lifs.lifs_req;
2782 			(void) printf("\n\tsrcof");
2783 			for (n = numifs; n > 0; n--, lifrp++) {
2784 				(void) printf(" %s", lifrp->lifr_name);
2785 			}
2786 		}
2787 
2788 		if (lifs.lifs_buf != NULL)
2789 			free(lifs.lifs_buf);
2790 	}
2791 
2792 	/* Find the interface whose source address this interface uses */
2793 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
2794 		if (lifr.lifr_index != 0) {
2795 			if (if_indextoname(lifr.lifr_index,
2796 			    if_usesrc_name) == NULL) {
2797 				(void) printf("\n\tusesrc ifIndex %d",
2798 				    lifr.lifr_index);
2799 			} else {
2800 				(void) printf("\n\tusesrc %s", if_usesrc_name);
2801 			}
2802 		}
2803 	}
2804 
2805 	(void) putchar('\n');
2806 }
2807 
2808 
2809 /*
2810  * Print the status of the interface.  If an address family was
2811  * specified, show it and it only; otherwise, show them all.
2812  */
2813 static void
2814 status(void)
2815 {
2816 	struct afswtch	*p = afp;
2817 	uint64_t	flags;
2818 	datalink_id_t	linkid;
2819 
2820 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2821 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2822 		Perror0_exit("status: SIOCGLIFFLAGS");
2823 	}
2824 
2825 	flags = lifr.lifr_flags;
2826 
2827 	/*
2828 	 * Only print the interface status if the address family matches
2829 	 * the interface family flag.
2830 	 */
2831 	if (p != NULL) {
2832 		if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) ||
2833 		    ((p->af_af == AF_INET) && (flags & IFF_IPV6)))
2834 			return;
2835 	}
2836 
2837 	/*
2838 	 * In V4 compatibility mode, don't print IFF_IPV6 interfaces.
2839 	 */
2840 	if (v4compat && (flags & IFF_IPV6))
2841 		return;
2842 
2843 	ifstatus(name);
2844 
2845 	if (ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid) ==
2846 	    DLADM_STATUS_OK)
2847 		tun_status(linkid);
2848 
2849 	if (p != NULL) {
2850 		(*p->af_status)(1, flags);
2851 	} else {
2852 		for (p = afs; p->af_name; p++) {
2853 			(void) close(s);
2854 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
2855 			/* set global af for use in p->af_status */
2856 			af = p->af_af;
2857 			if (s == -1) {
2858 				Perror0_exit("socket");
2859 			}
2860 			(*p->af_status)(0, flags);
2861 		}
2862 
2863 		/*
2864 		 * Historically, 'ether' has been an address family,
2865 		 * so print it here.
2866 		 */
2867 		print_ifether(name);
2868 	}
2869 }
2870 
2871 /*
2872  * Print the status of the interface in a format that can be used to
2873  * reconfigure the interface later. Code stolen from status() above.
2874  */
2875 /* ARGSUSED */
2876 static int
2877 configinfo(char *null, int64_t param)
2878 {
2879 	char *cp;
2880 	struct afswtch *p = afp;
2881 	uint64_t flags;
2882 	char lifname[LIFNAMSIZ];
2883 	char if_usesrc_name[LIFNAMSIZ];
2884 
2885 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2886 
2887 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2888 		Perror0_exit("status: SIOCGLIFFLAGS");
2889 	}
2890 	flags = lifr.lifr_flags;
2891 
2892 	if (debug) {
2893 		(void) printf("configinfo: name %s flags  0x%llx af_af %d\n",
2894 		    name, flags, p != NULL ? p->af_af : -1);
2895 	}
2896 
2897 	/*
2898 	 * Build the interface name to print (we can't directly use `name'
2899 	 * because one cannot "plumb" ":0" interfaces).
2900 	 */
2901 	(void) strlcpy(lifname, name, LIFNAMSIZ);
2902 	if ((cp = strchr(lifname, ':')) != NULL && atoi(cp + 1) == 0)
2903 		*cp = '\0';
2904 
2905 	/*
2906 	 * if the interface is IPv4
2907 	 *	if we have a IPv6 address family restriction return
2908 	 *		so it won't print
2909 	 *	if we are in IPv4 compatibility mode, clear out IFF_IPV4
2910 	 *		so we don't print it.
2911 	 */
2912 	if (flags & IFF_IPV4) {
2913 		if (p && p->af_af == AF_INET6)
2914 			return (-1);
2915 		if (v4compat)
2916 			flags &= ~IFF_IPV4;
2917 
2918 		(void) printf("%s inet plumb", lifname);
2919 	} else if (flags & IFF_IPV6) {
2920 		/*
2921 		 * else if the interface is IPv6
2922 		 *	if we have a IPv4 address family restriction return
2923 		 *	or we are in IPv4 compatibiltiy mode, return.
2924 		 */
2925 		if (p && p->af_af == AF_INET)
2926 			return (-1);
2927 		if (v4compat)
2928 			return (-1);
2929 
2930 		(void) printf("%s inet6 plumb", lifname);
2931 	}
2932 
2933 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2934 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
2935 		Perror0_exit("configinfo: SIOCGLIFMETRIC");
2936 	} else {
2937 		if (lifr.lifr_metric)
2938 			(void) printf(" metric %d ", lifr.lifr_metric);
2939 	}
2940 	if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) &&
2941 	    ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
2942 		(void) printf(" mtu %d", lifr.lifr_metric);
2943 
2944 	/* Index only applies to the zeroth interface */
2945 	if (lifnum(name) == 0) {
2946 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
2947 			(void) printf(" index %d", lifr.lifr_index);
2948 	}
2949 
2950 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
2951 		if (lifr.lifr_index != 0) {
2952 			if (if_indextoname(lifr.lifr_index,
2953 			    if_usesrc_name) != NULL) {
2954 				(void) printf(" usesrc %s", if_usesrc_name);
2955 			}
2956 		}
2957 	}
2958 
2959 	if (p != NULL) {
2960 		(*p->af_configinfo)(1, flags);
2961 	} else {
2962 		for (p = afs; p->af_name; p++) {
2963 			(void) close(s);
2964 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
2965 			/* set global af for use in p->af_configinfo */
2966 			af = p->af_af;
2967 			if (s == -1) {
2968 				Perror0_exit("socket");
2969 			}
2970 			(*p->af_configinfo)(0, flags);
2971 		}
2972 	}
2973 
2974 	(void) putchar('\n');
2975 	return (0);
2976 }
2977 
2978 static void
2979 print_tsec(iptun_params_t *params)
2980 {
2981 	ipsec_req_t *ipsr;
2982 
2983 	(void) printf("\ttunnel security settings  ");
2984 	if (!(params->iptun_param_flags & IPTUN_PARAM_SECINFO)) {
2985 		(void) printf("-->  use 'ipsecconf -ln -i %s'", name);
2986 	} else {
2987 		ipsr = &params->iptun_param_secinfo;
2988 		if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) {
2989 			(void) printf("ah (%s)  ",
2990 			    rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH));
2991 		}
2992 		if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) {
2993 			(void) printf("esp (%s",
2994 			    rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP));
2995 			(void) printf("/%s)",
2996 			    rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH));
2997 		}
2998 	}
2999 	(void) printf("\n");
3000 }
3001 
3002 static void
3003 tun_status(datalink_id_t linkid)
3004 {
3005 	iptun_params_t	params;
3006 	char		propval[DLADM_PROP_VAL_MAX];
3007 	char		*valptr[1];
3008 	uint_t		valcnt = 1;
3009 	boolean_t	tabbed = _B_FALSE;
3010 
3011 	params.iptun_param_linkid = linkid;
3012 
3013 	/* If dladm_iptun_getparams() fails, assume we are not a tunnel. */
3014 	assert(dlh_opened);
3015 	if (dladm_iptun_getparams(dlh, &params, DLADM_OPT_ACTIVE) !=
3016 	    DLADM_STATUS_OK)
3017 		return;
3018 
3019 	switch (params.iptun_param_type) {
3020 	case IPTUN_TYPE_IPV4:
3021 	case IPTUN_TYPE_6TO4:
3022 		(void) printf("\tinet");
3023 		break;
3024 	case IPTUN_TYPE_IPV6:
3025 		(void) printf("\tinet6");
3026 		break;
3027 	default:
3028 		dladmerr_exit(DLADM_STATUS_IPTUNTYPE, name);
3029 		break;
3030 	}
3031 
3032 	/*
3033 	 * There is always a source address.  If it hasn't been explicitly
3034 	 * set, the API will pass back a buffer containing the unspecified
3035 	 * address.
3036 	 */
3037 	(void) printf(" tunnel src %s ", params.iptun_param_laddr);
3038 
3039 	if (params.iptun_param_flags & IPTUN_PARAM_RADDR)
3040 		(void) printf("tunnel dst %s\n", params.iptun_param_raddr);
3041 	else
3042 		(void) putchar('\n');
3043 
3044 	if (params.iptun_param_flags & IPTUN_PARAM_IPSECPOL)
3045 		print_tsec(&params);
3046 
3047 	valptr[0] = propval;
3048 	if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT, "hoplimit",
3049 	    (char **)valptr, &valcnt) == DLADM_STATUS_OK) {
3050 		(void) printf("\ttunnel hop limit %s ", propval);
3051 		tabbed = _B_TRUE;
3052 	}
3053 
3054 	if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT,
3055 	    "encaplimit", (char **)valptr, &valcnt) == DLADM_STATUS_OK) {
3056 		uint32_t elim;
3057 
3058 		if (!tabbed) {
3059 			(void) putchar('\t');
3060 			tabbed = _B_TRUE;
3061 		}
3062 		elim = strtol(propval, NULL, 10);
3063 		if (elim > 0)
3064 			(void) printf("tunnel encapsulation limit %s", propval);
3065 		else
3066 			(void) printf("tunnel encapsulation limit disabled");
3067 	}
3068 
3069 	if (tabbed)
3070 		(void) putchar('\n');
3071 }
3072 
3073 static void
3074 in_status(int force, uint64_t flags)
3075 {
3076 	struct sockaddr_in	*sin, *laddr;
3077 	struct sockaddr_in	netmask = { AF_INET };
3078 
3079 	if (debug)
3080 		(void) printf("in_status(%s) flags 0x%llx\n", name, flags);
3081 
3082 	/* only print status for IPv4 interfaces */
3083 	if (!(flags & IFF_IPV4))
3084 		return;
3085 
3086 	if (!(flags & IFF_NOLOCAL)) {
3087 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3088 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3089 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3090 			    errno == ENXIO) {
3091 				if (!force)
3092 					return;
3093 				(void) memset(&lifr.lifr_addr, 0,
3094 				    sizeof (lifr.lifr_addr));
3095 			} else
3096 				Perror0_exit("in_status: SIOCGLIFADDR");
3097 		}
3098 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3099 		(void) printf("\tinet %s ", inet_ntoa(sin->sin_addr));
3100 		laddr = sin;
3101 	} else {
3102 		(void) printf("\tinet ");
3103 	}
3104 
3105 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3106 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3107 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3108 		    errno == ENXIO) {
3109 			if (!force)
3110 				return;
3111 			(void) memset(&lifr.lifr_addr, 0,
3112 			    sizeof (lifr.lifr_addr));
3113 		} else {
3114 			Perror0_exit("in_status: SIOCGLIFSUBNET");
3115 		}
3116 	}
3117 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3118 	if ((flags & IFF_NOLOCAL) ||
3119 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3120 		(void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr),
3121 		    lifr.lifr_addrlen);
3122 	}
3123 	if (sin->sin_family != AF_INET) {
3124 		(void) printf("Wrong family: %d\n", sin->sin_family);
3125 	}
3126 
3127 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3128 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3129 		if (errno != EADDRNOTAVAIL)
3130 			Perror0_exit("in_status: SIOCGLIFNETMASK");
3131 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3132 	} else
3133 		netmask.sin_addr =
3134 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3135 	if (flags & IFF_POINTOPOINT) {
3136 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3137 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3138 			if (errno == EADDRNOTAVAIL)
3139 				(void) memset(&lifr.lifr_addr, 0,
3140 				    sizeof (lifr.lifr_addr));
3141 			else
3142 				Perror0_exit("in_status: SIOCGLIFDSTADDR");
3143 		}
3144 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3145 		(void) printf("--> %s ", inet_ntoa(sin->sin_addr));
3146 	}
3147 	(void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr));
3148 	if (flags & IFF_BROADCAST) {
3149 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3150 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3151 			if (errno == EADDRNOTAVAIL)
3152 				(void) memset(&lifr.lifr_addr, 0,
3153 				    sizeof (lifr.lifr_addr));
3154 			else
3155 				Perror0_exit("in_status: SIOCGLIFBRDADDR");
3156 		}
3157 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3158 		if (sin->sin_addr.s_addr != 0) {
3159 			(void) printf("broadcast %s",
3160 			    inet_ntoa(sin->sin_addr));
3161 		}
3162 	}
3163 	/* If there is a groupname, print it for only the physical interface */
3164 	if (strchr(name, ':') == NULL) {
3165 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3166 		    lifr.lifr_groupname[0] != '\0') {
3167 			(void) printf("\n\tgroupname %s", lifr.lifr_groupname);
3168 		}
3169 	}
3170 	(void) putchar('\n');
3171 }
3172 
3173 static void
3174 in6_status(int force, uint64_t flags)
3175 {
3176 	char			abuf[INET6_ADDRSTRLEN];
3177 	struct sockaddr_in6	*sin6, *laddr6;
3178 
3179 	if (debug)
3180 		(void) printf("in6_status(%s) flags 0x%llx\n", name, flags);
3181 
3182 	if (!(flags & IFF_IPV6))
3183 		return;
3184 
3185 	if (!(flags & IFF_NOLOCAL)) {
3186 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3187 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3188 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3189 			    errno == ENXIO) {
3190 				if (!force)
3191 					return;
3192 				(void) memset(&lifr.lifr_addr, 0,
3193 				    sizeof (lifr.lifr_addr));
3194 			} else
3195 				Perror0_exit("in_status6: SIOCGLIFADDR");
3196 		}
3197 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3198 		(void) printf("\tinet6 %s/%d ",
3199 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3200 		    abuf, sizeof (abuf)),
3201 		    lifr.lifr_addrlen);
3202 		laddr6 = sin6;
3203 	} else {
3204 		(void) printf("\tinet6 ");
3205 	}
3206 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3207 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3208 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3209 		    errno == ENXIO) {
3210 			if (!force)
3211 				return;
3212 			(void) memset(&lifr.lifr_addr, 0,
3213 			    sizeof (lifr.lifr_addr));
3214 		} else
3215 			Perror0_exit("in_status6: SIOCGLIFSUBNET");
3216 	}
3217 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3218 	if ((flags & IFF_NOLOCAL) ||
3219 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3220 		(void) printf("subnet %s/%d ",
3221 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3222 		    abuf, sizeof (abuf)),
3223 		    lifr.lifr_addrlen);
3224 	}
3225 	if (sin6->sin6_family != AF_INET6) {
3226 		(void) printf("Wrong family: %d\n", sin6->sin6_family);
3227 	}
3228 	if (flags & IFF_POINTOPOINT) {
3229 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3230 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3231 			if (errno == EADDRNOTAVAIL)
3232 				(void) memset(&lifr.lifr_addr, 0,
3233 				    sizeof (lifr.lifr_addr));
3234 			else
3235 				Perror0_exit("in_status6: SIOCGLIFDSTADDR");
3236 		}
3237 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3238 		(void) printf("--> %s ",
3239 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3240 		    abuf, sizeof (abuf)));
3241 	}
3242 	if (verbose) {
3243 		(void) putchar('\n');
3244 		(void) putchar('\t');
3245 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3246 		if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3247 			if (errno == EADDRNOTAVAIL || errno == EINVAL)
3248 				(void) memset(&lifr.lifr_addr, 0,
3249 				    sizeof (lifr.lifr_addr));
3250 			else
3251 				Perror0_exit("in_status6: SIOCGLIFTOKEN");
3252 		} else {
3253 			sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3254 			(void) printf("token %s/%d ",
3255 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3256 			    abuf, sizeof (abuf)),
3257 			    lifr.lifr_addrlen);
3258 		}
3259 		if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) {
3260 			if (errno != EINVAL) {
3261 				Perror0_exit("in_status6: SIOCGLIFLNKINFO");
3262 			}
3263 		} else {
3264 			(void) printf("maxhops %u, reachtime %u ms, "
3265 			    "reachretrans %u ms, maxmtu %u ",
3266 			    lifr.lifr_ifinfo.lir_maxhops,
3267 			    lifr.lifr_ifinfo.lir_reachtime,
3268 			    lifr.lifr_ifinfo.lir_reachretrans,
3269 			    lifr.lifr_ifinfo.lir_maxmtu);
3270 		}
3271 	}
3272 	/* If there is a groupname, print it for only the physical interface */
3273 	if (strchr(name, ':') == NULL) {
3274 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3275 		    lifr.lifr_groupname[0] != '\0') {
3276 			(void) printf("\n\tgroupname %s", lifr.lifr_groupname);
3277 		}
3278 	}
3279 	(void) putchar('\n');
3280 }
3281 
3282 static void
3283 in_configinfo(int force, uint64_t flags)
3284 {
3285 	struct sockaddr_in *sin, *laddr;
3286 	struct	sockaddr_in netmask = { AF_INET };
3287 
3288 	if (debug)
3289 		(void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags);
3290 
3291 	/* only configinfo info for IPv4 interfaces */
3292 	if (!(flags & IFF_IPV4))
3293 		return;
3294 
3295 	if (!(flags & IFF_NOLOCAL)) {
3296 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3297 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3298 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3299 			    errno == ENXIO) {
3300 				if (!force)
3301 					return;
3302 				(void) memset(&lifr.lifr_addr, 0,
3303 				    sizeof (lifr.lifr_addr));
3304 			} else
3305 				Perror0_exit("in_configinfo: SIOCGLIFADDR");
3306 		}
3307 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3308 		(void) printf(" set %s ", inet_ntoa(sin->sin_addr));
3309 		laddr = sin;
3310 	}
3311 
3312 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3313 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3314 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3315 		    errno == ENXIO) {
3316 			if (!force)
3317 				return;
3318 			(void) memset(&lifr.lifr_addr, 0,
3319 			    sizeof (lifr.lifr_addr));
3320 		} else {
3321 			Perror0_exit("in_configinfo: SIOCGLIFSUBNET");
3322 		}
3323 	}
3324 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3325 
3326 	if ((flags & IFF_NOLOCAL) ||
3327 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3328 		(void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr),
3329 		    lifr.lifr_addrlen);
3330 	}
3331 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3332 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3333 		if (errno != EADDRNOTAVAIL)
3334 			Perror0_exit("in_configinfo: SIOCGLIFNETMASK");
3335 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3336 	} else
3337 		netmask.sin_addr =
3338 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3339 	if (flags & IFF_POINTOPOINT) {
3340 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3341 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3342 			if (errno == EADDRNOTAVAIL)
3343 				(void) memset(&lifr.lifr_addr, 0,
3344 				    sizeof (lifr.lifr_addr));
3345 			else
3346 				Perror0_exit("in_configinfo: SIOCGLIFDSTADDR");
3347 		}
3348 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3349 		(void) printf(" destination %s ", inet_ntoa(sin->sin_addr));
3350 	}
3351 	(void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr));
3352 	if (flags & IFF_BROADCAST) {
3353 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3354 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3355 			if (errno == EADDRNOTAVAIL)
3356 				(void) memset(&lifr.lifr_addr, 0,
3357 				    sizeof (lifr.lifr_addr));
3358 			else
3359 				Perror0_exit("in_configinfo: SIOCGLIFBRDADDR");
3360 		}
3361 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3362 		if (sin->sin_addr.s_addr != 0) {
3363 			(void) printf(" broadcast %s ",
3364 			    inet_ntoa(sin->sin_addr));
3365 		}
3366 	}
3367 
3368 	/* If there is a groupname, print it for only the zeroth interface */
3369 	if (lifnum(name) == 0) {
3370 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3371 		    lifr.lifr_groupname[0] != '\0') {
3372 			(void) printf(" group %s ", lifr.lifr_groupname);
3373 		}
3374 	}
3375 
3376 	/* Print flags to configure */
3377 	print_config_flags(AF_INET, flags);
3378 }
3379 
3380 static void
3381 in6_configinfo(int force, uint64_t flags)
3382 {
3383 	char abuf[INET6_ADDRSTRLEN];
3384 	struct sockaddr_in6 *sin6, *laddr6;
3385 
3386 	if (debug)
3387 		(void) printf("in6_configinfo(%s) flags 0x%llx\n", name,
3388 		    flags);
3389 
3390 	if (!(flags & IFF_IPV6))
3391 		return;
3392 
3393 	if (!(flags & IFF_NOLOCAL)) {
3394 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3395 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3396 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3397 			    errno == ENXIO) {
3398 				if (!force)
3399 					return;
3400 				(void) memset(&lifr.lifr_addr, 0,
3401 				    sizeof (lifr.lifr_addr));
3402 			} else
3403 				Perror0_exit("in6_configinfo: SIOCGLIFADDR");
3404 		}
3405 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3406 		(void) printf(" set %s/%d ",
3407 		    inet_ntop(AF_INET6, &sin6->sin6_addr, abuf, sizeof (abuf)),
3408 		    lifr.lifr_addrlen);
3409 		laddr6 = sin6;
3410 	}
3411 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3412 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3413 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3414 		    errno == ENXIO) {
3415 			if (!force)
3416 				return;
3417 			(void) memset(&lifr.lifr_addr, 0,
3418 			    sizeof (lifr.lifr_addr));
3419 		} else
3420 			Perror0_exit("in6_configinfo: SIOCGLIFSUBNET");
3421 	}
3422 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3423 	if ((flags & IFF_NOLOCAL) ||
3424 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3425 		(void) printf(" subnet %s/%d ",
3426 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3427 		    abuf, sizeof (abuf)),
3428 		    lifr.lifr_addrlen);
3429 	}
3430 
3431 	if (flags & IFF_POINTOPOINT) {
3432 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3433 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3434 			if (errno == EADDRNOTAVAIL)
3435 				(void) memset(&lifr.lifr_addr, 0,
3436 				    sizeof (lifr.lifr_addr));
3437 			else
3438 				Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR");
3439 		}
3440 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3441 		(void) printf(" destination %s ",
3442 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3443 		    abuf, sizeof (abuf)));
3444 	}
3445 
3446 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3447 	if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3448 		if (errno == EADDRNOTAVAIL || errno == EINVAL)
3449 			(void) memset(&lifr.lifr_addr, 0,
3450 			    sizeof (lifr.lifr_addr));
3451 		else
3452 			Perror0_exit("in6_configinfo: SIOCGLIFTOKEN");
3453 	} else {
3454 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3455 		(void) printf(" token %s/%d ",
3456 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3457 		    abuf, sizeof (abuf)),
3458 		    lifr.lifr_addrlen);
3459 	}
3460 
3461 	/* If there is a groupname, print it for only the zeroth interface */
3462 	if (lifnum(name) == 0) {
3463 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3464 		    lifr.lifr_groupname[0] != '\0') {
3465 			(void) printf(" group %s ", lifr.lifr_groupname);
3466 		}
3467 	}
3468 
3469 	/* Print flags to configure */
3470 	print_config_flags(AF_INET6, flags);
3471 }
3472 
3473 /*
3474  * We need to plink both the arp-device stream and the arp-ip-device stream.
3475  * However the muxid is stored only in IP. Plumbing 2 streams individually
3476  * is not atomic, and if ifconfig is killed, the resulting plumbing can
3477  * be inconsistent. For eg. if only the arp stream is plumbed, we have lost
3478  * the muxid, and the half-baked plumbing can neither be unplumbed nor
3479  * replumbed, thus requiring a reboot. To avoid the above the following
3480  * scheme is used.
3481  *
3482  * Ifconfig asks IP to enforce atomicity of plumbing the arp and IP streams.
3483  * This is done by pushing arp on to the mux (/dev/udp). ARP adds some
3484  * extra information in the I_PLINK and I_PUNLINK ioctls to let IP know
3485  * that the plumbing/unplumbing has to be done atomically. Ifconfig plumbs
3486  * the IP stream first, and unplumbs it last. The kernel (IP) does not
3487  * allow IP stream to be unplumbed without unplumbing arp stream. Similarly
3488  * it does not allow arp stream to be plumbed before IP stream is plumbed.
3489  * There is no need to use SIOCSLIFMUXID, since the whole operation is atomic,
3490  * and IP uses the info in the I_PLINK message to get the muxid.
3491  *
3492  * a. STREAMS does not allow us to use /dev/ip itself as the mux. So we use
3493  *    /dev/udp{,6}.
3494  * b. SIOCGLIFMUXID returns the muxid corresponding to the V4 or V6 stream
3495  *    depending on the open i.e. V4 vs V6 open. So we need to use /dev/udp
3496  *    or /dev/udp6 for SIOCGLIFMUXID and SIOCSLIFMUXID.
3497  * c. We need to push ARP in order to get the required kernel support for
3498  *    atomic plumbings. The actual work done by ARP is explained in arp.c
3499  *    Without pushing ARP, we will still be able to plumb/unplumb. But
3500  *    it is not atomic, and is supported by the kernel for backward
3501  *    compatibility for other utilities like atmifconfig etc. In this case
3502  *    the utility must use SIOCSLIFMUXID.
3503  */
3504 static int
3505 ifplumb(const char *linkname, const char *ifname, boolean_t genppa, int af)
3506 {
3507 	int	arp_muxid = -1, ip_muxid;
3508 	int	mux_fd, ip_fd, arp_fd;
3509 	int 	retval;
3510 	char	*udp_dev_name;
3511 	uint64_t flags;
3512 	uint_t	dlpi_flags;
3513 	dlpi_handle_t	dh_arp, dh_ip;
3514 
3515 	/*
3516 	 * Always dlpi_open() with DLPI_NOATTACH because the IP and ARP module
3517 	 * will do the attach themselves for DLPI style-2 links.
3518 	 */
3519 	dlpi_flags = DLPI_NOATTACH;
3520 
3521 	/*
3522 	 * If `linkname' is the special token IPMPSTUB, then this is a request
3523 	 * to create an IPMP interface atop /dev/ipmpstub0.  (We can't simply
3524 	 * pass "ipmpstub0" as `linkname' since an admin *could* have a normal
3525 	 * vanity-named link named "ipmpstub0" that they'd like to plumb.)
3526 	 */
3527 	if (linkname == IPMPSTUB) {
3528 		linkname = "ipmpstub0";
3529 		dlpi_flags |= DLPI_DEVONLY;
3530 	}
3531 
3532 	retval = dlpi_open(linkname, &dh_ip, dlpi_flags);
3533 	if (retval != DLPI_SUCCESS)
3534 		Perrdlpi_exit("cannot open link", linkname, retval);
3535 
3536 	if (debug) {
3537 		(void) printf("ifconfig: ifplumb: link %s, ifname %s, "
3538 		    "genppa %u\n", linkname, ifname, genppa);
3539 	}
3540 
3541 	ip_fd = dlpi_fd(dh_ip);
3542 	if (ioctl(ip_fd, I_PUSH, IP_MOD_NAME) == -1)
3543 		Perror2_exit("I_PUSH", IP_MOD_NAME);
3544 
3545 	/*
3546 	 * Prepare to set IFF_IPV4/IFF_IPV6 flags as part of SIOCSLIFNAME.
3547 	 * (At this point in time the kernel also allows an override of the
3548 	 * IFF_CANTCHANGE flags.)
3549 	 */
3550 	lifr.lifr_name[0] = '\0';
3551 	if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1)
3552 		Perror0_exit("ifplumb: SIOCGLIFFLAGS");
3553 
3554 	if (af == AF_INET6) {
3555 		flags = lifr.lifr_flags | IFF_IPV6;
3556 		flags &= ~(IFF_BROADCAST | IFF_IPV4);
3557 	} else {
3558 		flags = lifr.lifr_flags | IFF_IPV4;
3559 		flags &= ~IFF_IPV6;
3560 	}
3561 
3562 	/*
3563 	 * Set the interface name.  If we've been asked to generate the PPA,
3564 	 * then find the lowest available PPA (only currently used for IPMP
3565 	 * interfaces).  Otherwise, use the interface name as-is.
3566 	 */
3567 	if (genppa) {
3568 		int ppa;
3569 
3570 		/*
3571 		 * We'd like to just set lifr_ppa to UINT_MAX and have the
3572 		 * kernel pick a PPA.  Unfortunately, that would mishandle
3573 		 * two cases:
3574 		 *
3575 		 *	1. If the PPA is available but the groupname is taken
3576 		 *	   (e.g., the "ipmp2" IP interface name is available
3577 		 *	   but the "ipmp2" groupname is taken) then the
3578 		 *	   auto-assignment by the kernel will fail.
3579 		 *
3580 		 *	2. If we're creating (e.g.) an IPv6-only IPMP
3581 		 *	   interface, and there's already an IPv4-only IPMP
3582 		 *	   interface, the kernel will allow us to accidentally
3583 		 *	   reuse the IPv6 IPMP interface name (since
3584 		 *	   SIOCSLIFNAME uniqueness is per-interface-type).
3585 		 *	   This will cause administrative confusion.
3586 		 *
3587 		 * Thus, we instead take a brute-force approach of checking
3588 		 * whether the IPv4 or IPv6 name is already in-use before
3589 		 * attempting the SIOCSLIFNAME.  As per (1) above, the
3590 		 * SIOCSLIFNAME may still fail, in which case we just proceed
3591 		 * to the next one.  If this approach becomes too slow, we
3592 		 * can add a new SIOC* to handle this case in the kernel.
3593 		 */
3594 		for (ppa = 0; ppa < UINT_MAX; ppa++) {
3595 			(void) snprintf(lifr.lifr_name, LIFNAMSIZ, "%s%d",
3596 			    ifname, ppa);
3597 
3598 			if (ioctl(s4, SIOCGLIFFLAGS, &lifr) != -1 ||
3599 			    errno != ENXIO)
3600 				continue;
3601 
3602 			if (ioctl(s6, SIOCGLIFFLAGS, &lifr) != -1 ||
3603 			    errno != ENXIO)
3604 				continue;
3605 
3606 			lifr.lifr_ppa = ppa;
3607 			lifr.lifr_flags = flags;
3608 			retval = ioctl(ip_fd, SIOCSLIFNAME, &lifr);
3609 			if (retval != -1 || errno != EEXIST)
3610 				break;
3611 		}
3612 	} else {
3613 		ifspec_t ifsp;
3614 
3615 		/*
3616 		 * The interface name could have come from the command-line;
3617 		 * check it.
3618 		 */
3619 		if (!ifparse_ifspec(ifname, &ifsp) || ifsp.ifsp_lunvalid)
3620 			Perror2_exit("invalid IP interface name", ifname);
3621 
3622 		/*
3623 		 * Before we call SIOCSLIFNAME, ensure that the IPMP group
3624 		 * interface for this address family exists.  Otherwise, the
3625 		 * kernel will kick the interface out of the group when we do
3626 		 * the SIOCSLIFNAME.
3627 		 *
3628 		 * Example: suppose bge0 is plumbed for IPv4 and in group "a".
3629 		 * If we're now plumbing bge0 for IPv6, but the IPMP group
3630 		 * interface for "a" is not plumbed for IPv6, the SIOCSLIFNAME
3631 		 * will kick bge0 out of group "a", which is undesired.
3632 		 */
3633 		if (create_ipmp_peer(af, ifname) == -1) {
3634 			(void) fprintf(stderr, "ifconfig: warning: cannot "
3635 			    "create %s IPMP group; %s will be removed from "
3636 			    "group\n", af == AF_INET ? "IPv4" : "IPv6", ifname);
3637 		}
3638 
3639 		lifr.lifr_ppa = ifsp.ifsp_ppa;
3640 		lifr.lifr_flags = flags;
3641 		(void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ);
3642 		retval = ioctl(ip_fd, SIOCSLIFNAME, &lifr);
3643 	}
3644 
3645 	if (retval == -1) {
3646 		if (errno != EEXIST)
3647 			Perror0_exit("SIOCSLIFNAME for ip");
3648 		/*
3649 		 * This difference between the way we behave for EEXIST
3650 		 * and that with other errors exists to preserve legacy
3651 		 * behaviour. Earlier when foreachinterface() and matchif()
3652 		 * were doing the duplicate interface name checks, for
3653 		 * already existing interfaces, inetplumb() returned "0".
3654 		 * To preserve this behaviour, Perror0() and return are
3655 		 * called for EEXIST.
3656 		 */
3657 		Perror0("SIOCSLIFNAME for ip");
3658 		return (-1);
3659 	}
3660 
3661 	/* Get the full set of existing flags for this stream */
3662 	if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1)
3663 		Perror0_exit("ifplumb: SIOCGLIFFLAGS");
3664 
3665 	if (debug) {
3666 		(void) printf("ifconfig: ifplumb: %s got flags:\n",
3667 		    lifr.lifr_name);
3668 		print_flags(lifr.lifr_flags);
3669 		(void) putchar('\n');
3670 	}
3671 
3672 	/*
3673 	 * Open "/dev/udp" for use as a multiplexor to PLINK the
3674 	 * interface stream under. We use "/dev/udp" instead of "/dev/ip"
3675 	 * since STREAMS will not let you PLINK a driver under itself,
3676 	 * and "/dev/ip" is typically the driver at the bottom of
3677 	 * the stream for tunneling interfaces.
3678 	 */
3679 	if (af == AF_INET6)
3680 		udp_dev_name = UDP6_DEV_NAME;
3681 	else
3682 		udp_dev_name = UDP_DEV_NAME;
3683 	if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1)
3684 		exit(EXIT_FAILURE);
3685 
3686 	/* Check if arp is not needed */
3687 	if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) {
3688 		/*
3689 		 * PLINK the interface stream so that ifconfig can exit
3690 		 * without tearing down the stream.
3691 		 */
3692 		if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1)
3693 			Perror0_exit("I_PLINK for ip");
3694 		(void) close(mux_fd);
3695 		return (lifr.lifr_ppa);
3696 	}
3697 
3698 	/*
3699 	 * This interface does use ARP, so set up a separate stream
3700 	 * from the interface to ARP.
3701 	 */
3702 	if (debug)
3703 		(void) printf("ifconfig: ifplumb: interface %s", ifname);
3704 
3705 	retval = dlpi_open(linkname, &dh_arp, dlpi_flags);
3706 	if (retval != DLPI_SUCCESS)
3707 		Perrdlpi_exit("cannot open link", linkname, retval);
3708 
3709 	arp_fd = dlpi_fd(dh_arp);
3710 	if (ioctl(arp_fd, I_PUSH, ARP_MOD_NAME) == -1)
3711 		Perror2_exit("I_PUSH", ARP_MOD_NAME);
3712 
3713 	/*
3714 	 * Tell ARP the name and unit number for this interface.
3715 	 * Note that arp has no support for transparent ioctls.
3716 	 */
3717 	if (strioctl(arp_fd, SIOCSLIFNAME, &lifr, sizeof (lifr)) == -1) {
3718 		if (errno != EEXIST)
3719 			Perror0_exit("SIOCSLIFNAME for arp");
3720 		Perror0("SIOCSLIFNAME for arp");
3721 		goto out;
3722 	}
3723 
3724 	/*
3725 	 * PLINK the IP and ARP streams so that ifconfig can exit
3726 	 * without tearing down the stream.
3727 	 */
3728 	if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1)
3729 		Perror0_exit("I_PLINK for ip");
3730 	if ((arp_muxid = ioctl(mux_fd, I_PLINK, arp_fd)) == -1) {
3731 		(void) ioctl(mux_fd, I_PUNLINK, ip_muxid);
3732 		Perror0_exit("I_PLINK for arp");
3733 	}
3734 
3735 	if (debug)
3736 		(void) printf("arp muxid = %d\n", arp_muxid);
3737 out:
3738 	dlpi_close(dh_ip);
3739 	dlpi_close(dh_arp);
3740 	(void) close(mux_fd);
3741 	return (lifr.lifr_ppa);
3742 }
3743 
3744 /*
3745  * If this is a physical interface then remove it.
3746  * If it is a logical interface name use SIOCLIFREMOVEIF to
3747  * remove it. In both cases fail if it doesn't exist.
3748  */
3749 /* ARGSUSED */
3750 static int
3751 inetunplumb(char *arg, int64_t param)
3752 {
3753 	int ip_muxid, arp_muxid;
3754 	int mux_fd;
3755 	int muxid_fd;
3756 	char *udp_dev_name;
3757 	char *strptr;
3758 	uint64_t flags;
3759 	boolean_t changed_arp_muxid = _B_FALSE;
3760 	int save_errno;
3761 	boolean_t v6 = (afp->af_af == AF_INET6);
3762 
3763 	strptr = strchr(name, ':');
3764 	if (strptr != NULL || strcmp(name, LOOPBACK_IF) == 0) {
3765 		/* Can't unplumb logical interface zero */
3766 		if (strptr != NULL && strcmp(strptr, ":0") == 0) {
3767 			(void) fprintf(stderr, "ifconfig: unplumb:"
3768 			    " Cannot unplumb %s: Invalid interface\n", name);
3769 			exit(1);
3770 		}
3771 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3772 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3773 
3774 		if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0)
3775 			Perror0_exit("unplumb: SIOCLIFREMOVEIF");
3776 		return (0);
3777 	}
3778 
3779 	/*
3780 	 * We used /dev/udp or udp6 to set up the mux. So we have to use
3781 	 * the same now for PUNLINK also.
3782 	 */
3783 	if (v6)
3784 		udp_dev_name = UDP6_DEV_NAME;
3785 	else
3786 		udp_dev_name = UDP_DEV_NAME;
3787 
3788 	if ((muxid_fd = open(udp_dev_name, O_RDWR)) == -1)
3789 		exit(EXIT_FAILURE);
3790 
3791 	if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1)
3792 		exit(EXIT_FAILURE);
3793 
3794 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3795 	if (ioctl(muxid_fd, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
3796 		Perror0_exit("unplumb: SIOCGLIFFLAGS");
3797 	}
3798 	flags = lifr.lifr_flags;
3799 again:
3800 	if (flags & IFF_IPMP) {
3801 		lifgroupinfo_t lifgr;
3802 		ifaddrlistx_t *ifaddrs, *ifaddrp;
3803 
3804 		/*
3805 		 * There are two reasons the I_PUNLINK can fail with EBUSY:
3806 		 * (1) if IP interfaces are in the group, or (2) if IPMP data
3807 		 * addresses are administratively up.  For case (1), we fail
3808 		 * here with a specific error message.  For case (2), we bring
3809 		 * down the addresses prior to doing the I_PUNLINK.  If the
3810 		 * I_PUNLINK still fails with EBUSY then the configuration
3811 		 * must have changed after our checks, in which case we branch
3812 		 * back up to `again' and rerun this logic.  The net effect is
3813 		 * that unplumbing an IPMP interface will only fail with EBUSY
3814 		 * if IP interfaces are in the group.
3815 		 */
3816 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) == -1)
3817 			Perror0_exit("unplumb: SIOCGLIFGROUPNAME");
3818 
3819 		(void) strlcpy(lifgr.gi_grname, lifr.lifr_groupname,
3820 		    LIFGRNAMSIZ);
3821 		if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1)
3822 			Perror0_exit("unplumb: SIOCGLIFGROUPINFO");
3823 
3824 		if ((v6 && lifgr.gi_nv6 != 0) || (!v6 && lifgr.gi_nv4 != 0)) {
3825 			(void) fprintf(stderr, "ifconfig: %s: cannot unplumb:"
3826 			    " IPMP group is not empty\n", name);
3827 			exit(1);
3828 		}
3829 
3830 		/*
3831 		 * The kernel will fail the I_PUNLINK if the IPMP interface
3832 		 * has administratively up addresses; bring 'em down.
3833 		 */
3834 		if (ifaddrlistx(name, IFF_UP|IFF_DUPLICATE, 0, &ifaddrs) == -1)
3835 			Perror2_exit(name, "cannot get address list");
3836 
3837 		ifaddrp = ifaddrs;
3838 		for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
3839 			if (((ifaddrp->ia_flags & IFF_IPV6) && !v6) ||
3840 			    (!(ifaddrp->ia_flags & IFF_IPV6) && v6))
3841 				continue;
3842 
3843 			if (!ifaddr_down(ifaddrp)) {
3844 				Perror2_exit(ifaddrp->ia_name,
3845 				    "cannot bring down");
3846 			}
3847 		}
3848 		ifaddrlistx_free(ifaddrs);
3849 	}
3850 
3851 	if (ioctl(muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
3852 		Perror0_exit("unplumb: SIOCGLIFMUXID");
3853 	}
3854 	arp_muxid = lifr.lifr_arp_muxid;
3855 	ip_muxid = lifr.lifr_ip_muxid;
3856 	/*
3857 	 * We don't have a good way of knowing whether the arp stream is
3858 	 * plumbed. We can't rely on IFF_NOARP because someone could
3859 	 * have turned it off later using "ifconfig xxx -arp".
3860 	 */
3861 	if (arp_muxid != 0) {
3862 		if (debug)
3863 			(void) printf("arp_muxid %d\n", arp_muxid);
3864 		if (ioctl(mux_fd, I_PUNLINK, arp_muxid) < 0) {
3865 			/*
3866 			 * See the comment before the SIOCGLIFGROUPNAME call.
3867 			 */
3868 			if (errno == EBUSY && (flags & IFF_IPMP))
3869 				goto again;
3870 
3871 			if ((errno == EINVAL) &&
3872 			    (flags & (IFF_NOARP | IFF_IPV6))) {
3873 				/*
3874 				 * Some plumbing utilities set the muxid to
3875 				 * -1 or some invalid value to signify that
3876 				 * there is no arp stream. Set the muxid to 0
3877 				 * before trying to unplumb the IP stream.
3878 				 * IP does not allow the IP stream to be
3879 				 * unplumbed if it sees a non-null arp muxid,
3880 				 * for consistency of IP-ARP streams.
3881 				 */
3882 				lifr.lifr_arp_muxid = 0;
3883 				(void) ioctl(muxid_fd, SIOCSLIFMUXID,
3884 				    (caddr_t)&lifr);
3885 				changed_arp_muxid = _B_TRUE;
3886 			} else {
3887 				Perror0("I_PUNLINK for arp");
3888 			}
3889 		}
3890 	}
3891 	if (debug)
3892 		(void) printf("ip_muxid %d\n", ip_muxid);
3893 
3894 	if (ioctl(mux_fd, I_PUNLINK, ip_muxid) < 0) {
3895 		if (changed_arp_muxid) {
3896 			/*
3897 			 * Some error occurred, and we need to restore
3898 			 * everything back to what it was.
3899 			 */
3900 			save_errno = errno;
3901 			lifr.lifr_arp_muxid = arp_muxid;
3902 			lifr.lifr_ip_muxid = ip_muxid;
3903 			(void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
3904 			errno = save_errno;
3905 		}
3906 
3907 		/*
3908 		 * See the comment before the SIOCGLIFGROUPNAME call.
3909 		 */
3910 		if (errno == EBUSY && (flags & IFF_IPMP))
3911 			goto again;
3912 
3913 		Perror0_exit("I_PUNLINK for ip");
3914 	}
3915 	(void) close(mux_fd);
3916 	(void) close(muxid_fd);
3917 	return (0);
3918 }
3919 
3920 /*
3921  * If this is a physical interface then create it unless it is already
3922  * present. If it is a logical interface name use SIOCLIFADDIF to
3923  * create and (and fail it if already exists.)
3924  * As a special case send SIOCLIFADDIF for the loopback interface. This
3925  * is needed since there is no other notion of plumbing the loopback
3926  * interface.
3927  */
3928 /* ARGSUSED */
3929 static int
3930 inetplumb(char *arg, int64_t param)
3931 {
3932 	char		*strptr;
3933 	boolean_t	islo;
3934 	zoneid_t	zoneid;
3935 	datalink_id_t	linkid;
3936 
3937 	strptr = strchr(name, ':');
3938 	islo = (strcmp(name, LOOPBACK_IF) == 0);
3939 
3940 	if (strptr != NULL || islo) {
3941 		(void) memset(&lifr, 0, sizeof (lifr));
3942 		(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3943 		if (islo && ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) {
3944 			if (debug) {
3945 				(void) fprintf(stderr,
3946 				    "ifconfig: %s already exists\n", name);
3947 			}
3948 			return (0);
3949 		}
3950 		if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) {
3951 			if (errno == EEXIST) {
3952 				if (debug) {
3953 					(void) fprintf(stderr,
3954 					    "ifconfig: %s already exists\n",
3955 					    name);
3956 				}
3957 			} else {
3958 				Perror2_exit("plumb: SIOCLIFADDIF", name);
3959 			}
3960 		}
3961 		return (0);
3962 	}
3963 
3964 	/*
3965 	 * If we're in the global zone and we're plumbing a datalink, make
3966 	 * sure that the datalink is not assigned to a non-global zone.  Note
3967 	 * that the non-global zones don't need this check, because zoneadm
3968 	 * has taken care of this when the zones boot.
3969 	 */
3970 	zoneid = getzoneid();
3971 	if (zoneid == GLOBAL_ZONEID &&
3972 	    ifconfig_dladm_open(name, DATALINK_CLASS_ALL, &linkid) ==
3973 	    DLADM_STATUS_OK) {
3974 		int ret;
3975 
3976 		zoneid = ALL_ZONES;
3977 		ret = zone_check_datalink(&zoneid, linkid);
3978 		if (ret == 0) {
3979 			char zonename[ZONENAME_MAX];
3980 
3981 			(void) getzonenamebyid(zoneid, zonename, ZONENAME_MAX);
3982 			(void) fprintf(stderr, "%s is used by non-global"
3983 			    "zone: %s\n", name, zonename);
3984 			return (1);
3985 		}
3986 	}
3987 
3988 	if (debug)
3989 		(void) printf("inetplumb: %s af %d\n", name, afp->af_af);
3990 
3991 	(void) ifplumb(name, name, _B_FALSE, afp->af_af);
3992 	return (0);
3993 }
3994 
3995 /* ARGSUSED */
3996 static int
3997 inetipmp(char *arg, int64_t param)
3998 {
3999 	int retval;
4000 
4001 	/*
4002 	 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb".
4003 	 * Otherwise, try to create the requested IPMP interface.
4004 	 */
4005 	if (strchr(name, ':') != NULL)
4006 		retval = inetplumb(arg, param);
4007 	else
4008 		retval = create_ipmp(name, afp->af_af, name, _B_FALSE);
4009 
4010 	/*
4011 	 * We'd return -1, but foreachinterface() doesn't propagate the error
4012 	 * into the exit status, so we're forced to explicitly exit().
4013 	 */
4014 	if (retval == -1)
4015 		exit(1);
4016 	return (0);
4017 }
4018 
4019 /*
4020  * Create an IPMP group `grname' with address family `af'.  If `ifname' is
4021  * non-NULL, it specifies the interface name to use.  Otherwise, use the name
4022  * ipmpN, where N corresponds to the lowest available integer.  If `implicit'
4023  * is set, then the group is being created as a side-effect of placing an
4024  * underlying interface in a group.  Also start in.mpathd if necessary.
4025  */
4026 static int
4027 create_ipmp(const char *grname, int af, const char *ifname, boolean_t implicit)
4028 {
4029 	int ppa;
4030 	static int ipmp_daemon_started;
4031 
4032 	if (debug) {
4033 		(void) printf("create_ipmp: ifname %s grname %s af %d\n",
4034 		    ifname != NULL ? ifname : "NULL", grname, af);
4035 	}
4036 
4037 	if (ifname != NULL)
4038 		ppa = ifplumb(IPMPSTUB, ifname, _B_FALSE, af);
4039 	else
4040 		ppa = ifplumb(IPMPSTUB, "ipmp", _B_TRUE, af);
4041 
4042 	if (ppa == -1) {
4043 		Perror2(grname, "cannot create IPMP interface");
4044 		return (-1);
4045 	}
4046 
4047 	if (ifname != NULL)
4048 		(void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ);
4049 	else
4050 		(void) snprintf(lifr.lifr_name, LIFNAMSIZ, "ipmp%d", ppa);
4051 
4052 	/*
4053 	 * To preserve backward-compatibility, always bring up the link-local
4054 	 * address for implicitly-created IPv6 IPMP interfaces.
4055 	 */
4056 	if (implicit && af == AF_INET6) {
4057 		if (ioctl(s6, SIOCGLIFFLAGS, &lifr) == 0) {
4058 			lifr.lifr_flags |= IFF_UP;
4059 			(void) ioctl(s6, SIOCSLIFFLAGS, &lifr);
4060 		}
4061 	}
4062 
4063 	/*
4064 	 * If the caller requested a different group name, issue a
4065 	 * SIOCSLIFGROUPNAME on the new IPMP interface.
4066 	 */
4067 	if (strcmp(lifr.lifr_name, grname) != 0) {
4068 		(void) strlcpy(lifr.lifr_groupname, grname, LIFGRNAMSIZ);
4069 		if (ioctl(s, SIOCSLIFGROUPNAME, &lifr) == -1) {
4070 			Perror0("SIOCSLIFGROUPNAME");
4071 			return (-1);
4072 		}
4073 	}
4074 
4075 	/*
4076 	 * If we haven't done so yet, ensure in.mpathd is started.
4077 	 */
4078 	if (ipmp_daemon_started++ == 0)
4079 		start_ipmp_daemon();
4080 
4081 	return (0);
4082 }
4083 
4084 /*
4085  * Check if `ifname' is plumbed and in an IPMP group on its "other" address
4086  * family.  If so, create a matching IPMP group for address family `af'.
4087  */
4088 static int
4089 create_ipmp_peer(int af, const char *ifname)
4090 {
4091 	int		fd;
4092 	lifgroupinfo_t	lifgr;
4093 
4094 	assert(af == AF_INET || af == AF_INET6);
4095 
4096 	/*
4097 	 * Get the socket for the "other" address family.
4098 	 */
4099 	fd = (af == AF_INET) ? s6 : s4;
4100 
4101 	(void) strlcpy(lifr.lifr_name, ifname, LIFNAMSIZ);
4102 	if (ioctl(fd, SIOCGLIFGROUPNAME, &lifr) != 0)
4103 		return (0);
4104 
4105 	(void) strlcpy(lifgr.gi_grname, lifr.lifr_groupname, LIFGRNAMSIZ);
4106 	if (ioctl(fd, SIOCGLIFGROUPINFO, &lifgr) != 0)
4107 		return (0);
4108 
4109 	/*
4110 	 * If `ifname' *is* the IPMP group interface, or if the relevant
4111 	 * address family is already configured, then there's nothing to do.
4112 	 */
4113 	if (strcmp(lifgr.gi_grifname, ifname) == 0 ||
4114 	    (af == AF_INET && lifgr.gi_v4) || (af == AF_INET6 && lifgr.gi_v6))
4115 		return (0);
4116 
4117 	return (create_ipmp(lifgr.gi_grname, af, lifgr.gi_grifname, _B_TRUE));
4118 }
4119 
4120 /*
4121  * Start in.mpathd if it's not already running.
4122  */
4123 static void
4124 start_ipmp_daemon(void)
4125 {
4126 	int retval;
4127 	ipmp_handle_t ipmp_handle;
4128 
4129 	/*
4130 	 * Ping in.mpathd to see if it's running already.
4131 	 */
4132 	if ((retval = ipmp_open(&ipmp_handle)) != IPMP_SUCCESS) {
4133 		(void) fprintf(stderr, "ifconfig: cannot create IPMP handle: "
4134 		    "%s\n", ipmp_errmsg(retval));
4135 		return;
4136 	}
4137 
4138 	retval = ipmp_ping_daemon(ipmp_handle);
4139 	ipmp_close(ipmp_handle);
4140 
4141 	switch (retval) {
4142 	case IPMP_ENOMPATHD:
4143 		break;
4144 	case IPMP_SUCCESS:
4145 		return;
4146 	default:
4147 		(void) fprintf(stderr, "ifconfig: cannot ping in.mpathd: %s\n",
4148 		    ipmp_errmsg(retval));
4149 		break;
4150 	}
4151 
4152 	/*
4153 	 * Start in.mpathd.  Note that in.mpathd will handle multiple
4154 	 * incarnations (ipmp_ping_daemon() is just an optimization) so we
4155 	 * don't need to worry about racing with another ifconfig process.
4156 	 */
4157 	switch (fork()) {
4158 	case -1:
4159 		Perror0_exit("start_ipmp_daemon: fork");
4160 		/* NOTREACHED */
4161 	case 0:
4162 		(void) execl(MPATHD_PATH, MPATHD_PATH, NULL);
4163 		_exit(1);
4164 		/* NOTREACHED */
4165 	default:
4166 		break;
4167 	}
4168 }
4169 
4170 /*
4171  * Bring the address named by `ifaddrp' up or down.  Doesn't trust any mutable
4172  * values in ia_flags since they may be stale.
4173  */
4174 static boolean_t
4175 ifaddr_op(ifaddrlistx_t *ifaddrp, boolean_t up)
4176 {
4177 	struct lifreq	lifrl;	/* Local lifreq struct */
4178 	int		fd = (ifaddrp->ia_flags & IFF_IPV4) ? s4 : s6;
4179 
4180 	(void) memset(&lifrl, 0, sizeof (lifrl));
4181 	(void) strlcpy(lifrl.lifr_name, ifaddrp->ia_name, LIFNAMSIZ);
4182 	if (ioctl(fd, SIOCGLIFFLAGS, &lifrl) == -1)
4183 		return (_B_FALSE);
4184 
4185 	if (up)
4186 		lifrl.lifr_flags |= IFF_UP;
4187 	else
4188 		lifrl.lifr_flags &= ~IFF_UP;
4189 
4190 	if (ioctl(fd, SIOCSLIFFLAGS, &lifrl) == -1)
4191 		return (_B_FALSE);
4192 
4193 	/*
4194 	 * If we're trying to bring the address down, ensure that DAD activity
4195 	 * (observable by IFF_DUPLICATE) has also been stopped.
4196 	 */
4197 	if (!up && ioctl(fd, SIOCGLIFFLAGS, &lifrl) != -1 &&
4198 	    lifrl.lifr_flags & IFF_DUPLICATE) {
4199 		if (ioctl(fd, SIOCGLIFADDR, &lifrl) == -1 ||
4200 		    ioctl(fd, SIOCSLIFADDR, &lifrl) == -1) {
4201 			return (_B_FALSE);
4202 		}
4203 	}
4204 	return (_B_TRUE);
4205 }
4206 
4207 static boolean_t
4208 ifaddr_up(ifaddrlistx_t *ifaddrp)
4209 {
4210 	return (ifaddr_op(ifaddrp, _B_TRUE));
4211 }
4212 
4213 static boolean_t
4214 ifaddr_down(ifaddrlistx_t *ifaddrp)
4215 {
4216 	return (ifaddr_op(ifaddrp, _B_FALSE));
4217 }
4218 
4219 /*
4220  * Open the global libdladm handle "dlh" if it isn't already opened.  The
4221  * caller may optionally supply a link name to obtain its linkid.  If a link
4222  * of a specific class or classes is required, reqclass specifies the class
4223  * mask.
4224  */
4225 static dladm_status_t
4226 ifconfig_dladm_open(const char *name, datalink_class_t reqclass,
4227     datalink_id_t *linkid)
4228 {
4229 	dladm_status_t status = DLADM_STATUS_OK;
4230 	datalink_class_t class;
4231 
4232 	if (!dlh_opened) {
4233 		if ((status = dladm_open(&dlh)) != DLADM_STATUS_OK)
4234 			return (status);
4235 		dlh_opened = _B_TRUE;
4236 	}
4237 	if (name != NULL) {
4238 		status = dladm_name2info(dlh, name, linkid, NULL, &class, NULL);
4239 		if (status == DLADM_STATUS_OK) {
4240 			if (!(class & reqclass))
4241 				status = DLADM_STATUS_LINKINVAL;
4242 		}
4243 	}
4244 	return (status);
4245 }
4246 
4247 void
4248 dladmerr_exit(dladm_status_t status, const char *str)
4249 {
4250 	char errstr[DLADM_STRSIZE];
4251 
4252 	(void) fprintf(stderr, "%s: %s\n", str,
4253 	    dladm_status2str(status, errstr));
4254 	exit(1);
4255 }
4256 
4257 void
4258 Perror0(const char *cmd)
4259 {
4260 	Perror2(cmd, lifr.lifr_name);
4261 }
4262 
4263 void
4264 Perror0_exit(const char *cmd)
4265 {
4266 	Perror0(cmd);
4267 	exit(1);
4268 }
4269 
4270 void
4271 Perror2(const char *cmd, const char *str)
4272 {
4273 	int error = errno;
4274 
4275 	(void) fprintf(stderr, "ifconfig: %s: ", cmd);
4276 
4277 	switch (error) {
4278 	case ENXIO:
4279 		(void) fprintf(stderr, "%s: no such interface\n", str);
4280 		break;
4281 	case EPERM:
4282 		(void) fprintf(stderr, "%s: permission denied\n", str);
4283 		break;
4284 	case EEXIST:
4285 		(void) fprintf(stderr, "%s: already exists\n", str);
4286 		break;
4287 	default:
4288 		errno = error;
4289 		perror(str);
4290 	}
4291 }
4292 
4293 /*
4294  * Print out error message (Perror2()) and exit
4295  */
4296 void
4297 Perror2_exit(const char *cmd, const char *str)
4298 {
4299 	Perror2(cmd, str);
4300 	exit(1);
4301 	/* NOTREACHED */
4302 }
4303 
4304 void
4305 Perrdlpi(const char *cmd, const char *linkname, int err)
4306 {
4307 	(void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd,
4308 	    linkname, dlpi_strerror(err));
4309 }
4310 
4311 /*
4312  * Print out error message (Perrdlpi()) and exit
4313  */
4314 void
4315 Perrdlpi_exit(const char *cmd, const char *linkname, int err)
4316 {
4317 	Perrdlpi(cmd, linkname, err);
4318 	exit(1);
4319 }
4320 
4321 /*
4322  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4323  * pass out <n> in *plenp.
4324  * If <n> doesn't parse return BAD_ADDR as *plenp.
4325  * If no /<n> is present return NO_PREFIX as *plenp.
4326  */
4327 static void
4328 in_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4329 {
4330 	/* LINTED: alignment */
4331 	struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
4332 	struct hostent *hp;
4333 	struct netent *np;
4334 	char str[BUFSIZ];
4335 	int error_num;
4336 
4337 	(void) strncpy(str, s, sizeof (str));
4338 
4339 	/*
4340 	 * Look for '/'<n> is plenp
4341 	 */
4342 	if (plenp != NULL) {
4343 		char *cp;
4344 
4345 		*plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS);
4346 		if (*plenp == BAD_ADDR)
4347 			return;
4348 		cp = strchr(str, '/');
4349 		if (cp != NULL)
4350 			*cp = '\0';
4351 	} else if (strchr(str, '/') != NULL) {
4352 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4353 		exit(1);
4354 	}
4355 
4356 	(void) memset(sin, 0, sizeof (*sin));
4357 
4358 	/*
4359 	 *	Try to catch attempts to set the broadcast address to all 1's.
4360 	 */
4361 	if (strcmp(str, "255.255.255.255") == 0 ||
4362 	    (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) {
4363 		sin->sin_family = AF_INET;
4364 		sin->sin_addr.s_addr = 0xffffffff;
4365 		return;
4366 	}
4367 
4368 	hp = getipnodebyname(str, AF_INET, 0, &error_num);
4369 	if (hp) {
4370 		sin->sin_family = hp->h_addrtype;
4371 		(void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
4372 		freehostent(hp);
4373 		return;
4374 	}
4375 	np = getnetbyname(str);
4376 	if (np) {
4377 		sin->sin_family = np->n_addrtype;
4378 		sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY);
4379 		return;
4380 	}
4381 	if (error_num == TRY_AGAIN) {
4382 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4383 		    "(try again later)\n", s);
4384 	} else {
4385 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4386 	}
4387 	exit(1);
4388 }
4389 
4390 /*
4391  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4392  * pass out <n> in *plenp.
4393  * If <n> doesn't parse return BAD_ADDR as *plenp.
4394  * If no /<n> is present return NO_PREFIX as *plenp.
4395  */
4396 static void
4397 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4398 {
4399 	/* LINTED: alignment */
4400 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
4401 	struct hostent *hp;
4402 	char str[BUFSIZ];
4403 	int error_num;
4404 
4405 	(void) strncpy(str, s, sizeof (str));
4406 
4407 	/*
4408 	 * Look for '/'<n> is plenp
4409 	 */
4410 	if (plenp != NULL) {
4411 		char *cp;
4412 
4413 		*plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS);
4414 		if (*plenp == BAD_ADDR)
4415 			return;
4416 		cp = strchr(str, '/');
4417 		if (cp != NULL)
4418 			*cp = '\0';
4419 	} else if (strchr(str, '/') != NULL) {
4420 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4421 		exit(1);
4422 	}
4423 
4424 	(void) memset(sin6, 0, sizeof (*sin6));
4425 
4426 	hp = getipnodebyname(str, AF_INET6, 0, &error_num);
4427 	if (hp) {
4428 		sin6->sin6_family = hp->h_addrtype;
4429 		(void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length);
4430 		freehostent(hp);
4431 		return;
4432 	}
4433 	if (error_num == TRY_AGAIN) {
4434 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4435 		    "(try again later)\n", s);
4436 	} else {
4437 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4438 	}
4439 	exit(1);
4440 }
4441 
4442 /*
4443  * If "slash" is zero this parses the whole string as
4444  * an integer. With "slash" non zero it parses the tail part as an integer.
4445  *
4446  * If it is not a valid integer this returns BAD_ADDR.
4447  * If there is /<n> present this returns NO_PREFIX.
4448  */
4449 static int
4450 in_getprefixlen(char *addr, boolean_t slash, int max_plen)
4451 {
4452 	int prefixlen;
4453 	char *str, *end;
4454 
4455 	if (slash) {
4456 		str = strchr(addr, '/');
4457 		if (str == NULL)
4458 			return (NO_PREFIX);
4459 		str++;
4460 	} else
4461 		str = addr;
4462 
4463 	prefixlen = strtol(str, &end, 10);
4464 	if (prefixlen < 0)
4465 		return (BAD_ADDR);
4466 	if (str == end)
4467 		return (BAD_ADDR);
4468 	if (max_plen != 0 && max_plen < prefixlen)
4469 		return (BAD_ADDR);
4470 	return (prefixlen);
4471 }
4472 
4473 /*
4474  * Convert a prefix length to a mask.
4475  * Returns 1 if ok. 0 otherwise.
4476  * Assumes the mask array is zero'ed by the caller.
4477  */
4478 static boolean_t
4479 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask)
4480 {
4481 	if (prefixlen < 0 || prefixlen > maxlen)
4482 		return (0);
4483 
4484 	while (prefixlen > 0) {
4485 		if (prefixlen >= 8) {
4486 			*mask++ = 0xFF;
4487 			prefixlen -= 8;
4488 			continue;
4489 		}
4490 		*mask |= 1 << (8 - prefixlen);
4491 		prefixlen--;
4492 	}
4493 	return (1);
4494 }
4495 
4496 static void
4497 print_flags(uint64_t flags)
4498 {
4499 	boolean_t first = _B_TRUE;
4500 	int cnt, i;
4501 
4502 	(void) printf("flags=%llx", flags);
4503 	cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t);
4504 	for (i = 0; i < cnt; i++) {
4505 		if (flags & if_flags_tbl[i].iff_value) {
4506 			if (first) {
4507 				(void) printf("<");
4508 				first = _B_FALSE;
4509 			} else {
4510 				/*
4511 				 * It has to be here and not with the
4512 				 * printf below because for the last one,
4513 				 * we don't want a comma before the ">".
4514 				 */
4515 				(void) printf(",");
4516 			}
4517 			(void) printf("%s", if_flags_tbl[i].iff_name);
4518 		}
4519 	}
4520 	if (!first)
4521 		(void) printf(">");
4522 }
4523 
4524 static void
4525 print_config_flags(int af, uint64_t flags)
4526 {
4527 	if_config_cmd_t *cmdp;
4528 
4529 	for (cmdp = if_config_cmd_tbl; cmdp->iff_flag != 0; cmdp++) {
4530 		if ((flags & cmdp->iff_flag) &&
4531 		    (cmdp->iff_af == AF_UNSPEC || cmdp->iff_af == af)) {
4532 			(void) printf("%s ", cmdp->iff_name);
4533 		}
4534 	}
4535 }
4536 
4537 /*
4538  * Use the configured directory lookup mechanism (e.g. files/NIS/NIS+/...)
4539  * to find the network mask.  Returns true if we found one to set.
4540  *
4541  * The parameter addr_set controls whether we should get the address of
4542  * the working interface for the netmask query.  If addr_set is true,
4543  * we will use the address provided.  Otherwise, we will find the working
4544  * interface's address and use it instead.
4545  */
4546 static boolean_t
4547 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set)
4548 {
4549 	struct sockaddr_in ifaddr;
4550 
4551 	/*
4552 	 * Read the address from the interface if it is not passed in.
4553 	 */
4554 	if (!addr_set) {
4555 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4556 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
4557 			if (errno != EADDRNOTAVAIL) {
4558 				(void) fprintf(stderr, "Need net number for "
4559 				    "mask\n");
4560 			}
4561 			return (_B_FALSE);
4562 		}
4563 		ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr);
4564 	} else {
4565 		ifaddr.sin_addr = saddr->sin_addr;
4566 	}
4567 	if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) {
4568 		saddr->sin_family = AF_INET;
4569 		return (_B_TRUE);
4570 	}
4571 	return (_B_FALSE);
4572 }
4573 
4574 static int
4575 lifnum(const char *ifname)
4576 {
4577 	const char *cp;
4578 
4579 	if ((cp = strchr(ifname, ':')) == NULL)
4580 		return (0);
4581 	else
4582 		return (atoi(cp + 1));
4583 }
4584 
4585 static int
4586 strioctl(int s, int cmd, void *buf, int buflen)
4587 {
4588 	struct strioctl ioc;
4589 
4590 	(void) memset(&ioc, 0, sizeof (ioc));
4591 	ioc.ic_cmd = cmd;
4592 	ioc.ic_timout = 0;
4593 	ioc.ic_len = buflen;
4594 	ioc.ic_dp = buf;
4595 	return (ioctl(s, I_STR, (char *)&ioc));
4596 }
4597 
4598 static void
4599 add_ni(const char *name)
4600 {
4601 	ni_t **pp;
4602 	ni_t *p;
4603 
4604 	for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) {
4605 		if (strcmp(p->ni_name, name) == 0) {
4606 			if (debug > 2)
4607 				(void) fprintf(stderr, "'%s' is a duplicate\n",
4608 				    name);
4609 			return;
4610 		}
4611 	}
4612 
4613 	if (debug > 2)
4614 		(void) fprintf(stderr, "adding '%s'\n",
4615 		    name);
4616 
4617 	if ((p = malloc(sizeof (ni_t))) == NULL)
4618 		return;
4619 
4620 	(void) strlcpy(p->ni_name, name, sizeof (p->ni_name));
4621 	p->ni_next = NULL;
4622 
4623 	*pp = p;
4624 	num_ni++;
4625 }
4626 
4627 static boolean_t
4628 ni_entry(const char *linkname, void *arg)
4629 {
4630 	dlpi_handle_t	dh;
4631 	datalink_class_t class;
4632 
4633 	(void) dladm_name2info(arg, linkname, NULL, NULL, &class, NULL);
4634 
4635 	if (class == DATALINK_CLASS_ETHERSTUB)
4636 		return (_B_FALSE);
4637 	if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS)
4638 		return (_B_FALSE);
4639 
4640 	add_ni(linkname);
4641 
4642 	dlpi_close(dh);
4643 	return (_B_FALSE);
4644 }
4645 
4646 /*
4647  * dhcp-related routines
4648  */
4649 
4650 static int
4651 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[])
4652 {
4653 	dhcp_ipc_request_t	*request;
4654 	dhcp_ipc_reply_t	*reply	= NULL;
4655 	int			timeout = DHCP_IPC_WAIT_DEFAULT;
4656 	dhcp_ipc_type_t		type	= DHCP_START;
4657 	int			error;
4658 	boolean_t		is_primary = _B_FALSE;
4659 	boolean_t		started = _B_FALSE;
4660 
4661 	for (argv++; --argc > 0; argv++) {
4662 
4663 		if (strcmp(*argv, "primary") == 0) {
4664 			is_primary = _B_TRUE;
4665 			continue;
4666 		}
4667 
4668 		if (strcmp(*argv, "wait") == 0) {
4669 			if (--argc <= 0) {
4670 				usage();
4671 				return (DHCP_EXIT_BADARGS);
4672 			}
4673 			argv++;
4674 
4675 			if (strcmp(*argv, "forever") == 0) {
4676 				timeout = DHCP_IPC_WAIT_FOREVER;
4677 				continue;
4678 			}
4679 
4680 			if (sscanf(*argv, "%d", &timeout) != 1) {
4681 				usage();
4682 				return (DHCP_EXIT_BADARGS);
4683 			}
4684 
4685 			if (timeout < 0) {
4686 				usage();
4687 				return (DHCP_EXIT_BADARGS);
4688 			}
4689 			continue;
4690 		}
4691 
4692 		type = dhcp_string_to_request(*argv);
4693 		if (type == -1) {
4694 			usage();
4695 			return (DHCP_EXIT_BADARGS);
4696 		}
4697 	}
4698 
4699 	/*
4700 	 * Only try to start agent on start or inform; in all other cases it
4701 	 * has to already be running for anything to make sense.
4702 	 */
4703 	if (type == DHCP_START || type == DHCP_INFORM) {
4704 		if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) {
4705 			(void) fprintf(stderr, "%s: unable to start %s\n",
4706 			    caller, DHCP_AGENT_PATH);
4707 			return (DHCP_EXIT_FAILURE);
4708 		}
4709 		started = _B_TRUE;
4710 	}
4711 
4712 	if (is_primary)
4713 		type |= DHCP_PRIMARY;
4714 
4715 	if (af != AF_INET)
4716 		type |= DHCP_V6;
4717 
4718 	request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE);
4719 	if (request == NULL) {
4720 		(void) fprintf(stderr, "%s: out of memory\n", caller);
4721 		return (DHCP_EXIT_SYSTEM);
4722 	}
4723 
4724 	error = dhcp_ipc_make_request(request, &reply, timeout);
4725 	if (error != 0) {
4726 		free(request);
4727 		/*
4728 		 * Re-map connect error to not under control if we didn't try a
4729 		 * start operation, as this has to be true and results in a
4730 		 * clearer message, not to mention preserving compatibility
4731 		 * with the days when we always started dhcpagent for every
4732 		 * request.
4733 		 */
4734 		if (error == DHCP_IPC_E_CONNECT && !started)
4735 			error = DHCP_IPC_E_UNKIF;
4736 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4737 		    dhcp_ipc_strerror(error));
4738 		return (DHCP_EXIT_FAILURE);
4739 	}
4740 
4741 	error = reply->return_code;
4742 	if (error != 0) {
4743 		free(request);
4744 		free(reply);
4745 
4746 		if (error == DHCP_IPC_E_TIMEOUT && timeout == 0)
4747 			return (DHCP_EXIT_SUCCESS);
4748 
4749 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4750 		    dhcp_ipc_strerror(error));
4751 
4752 		if (error == DHCP_IPC_E_TIMEOUT)
4753 			return (DHCP_EXIT_TIMEOUT);
4754 		else
4755 			return (DHCP_EXIT_IF_FAILURE);
4756 	}
4757 
4758 	if (DHCP_IPC_CMD(type) == DHCP_STATUS) {
4759 		(void) printf("%s", dhcp_status_hdr_string());
4760 		(void) printf("%s", dhcp_status_reply_to_string(reply));
4761 	}
4762 
4763 	free(request);
4764 	free(reply);
4765 	return (DHCP_EXIT_SUCCESS);
4766 }
4767 
4768 static void
4769 usage(void)
4770 {
4771 	(void) fprintf(stderr,
4772 	    "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n");
4773 
4774 	(void) fprintf(stderr, "%s",
4775 	    "\t[ <addr_family> ]\n"
4776 	    "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n"
4777 	    "\t[ set [ <address>][/<prefix_length>] ]"
4778 	    " [ <address>/<prefix_length>] ]\n"
4779 	    "\t[ destination <dest_address> ]\n"
4780 	    "\t[ addif <address>[/<prefix_length>]"
4781 	    "  [ <dest_address> ] ]\n"
4782 	    "\t[ removeif <address>[/<prefix_length>] ]\n"
4783 	    "\t[ arp | -arp ]\n"
4784 	    "\t[ auto-revarp ]\n"
4785 	    "\t[ broadcast <broad_addr> ]\n"
4786 	    "\t[ index <if_index> ]\n"
4787 	    "\t[ metric <n> ] [ mtu <n> ]\n"
4788 	    "\t[ netmask <mask> ]\n"
4789 	    "\t[ plumb ] [ unplumb ]\n"
4790 	    "\t[ preferred | -preferred ]\n"
4791 	    "\t[ private | -private ]\n"
4792 	    "\t[ local | -local ]\n"
4793 	    "\t[ router | -router ]\n"
4794 	    "\t[ subnet <subnet_address>]\n"
4795 	    "\t[ trailers | -trailers ]\n"
4796 	    "\t[ token <address>/<prefix_length> ]\n"
4797 	    "\t[ tsrc <tunnel_src_address> ]\n"
4798 	    "\t[ tdst <tunnel_dest_address> ]\n"
4799 	    "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n"
4800 	    "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n"
4801 	    "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n"
4802 	    "\t[ up ] [ down ]\n"
4803 	    "\t[ xmit | -xmit ]\n"
4804 	    "\t[ modlist ]\n"
4805 	    "\t[ modinsert <module_name@position> ]\n"
4806 	    "\t[ modremove <module_name@position> ]\n"
4807 	    "\t[ ipmp ]\n"
4808 	    "\t[ group <groupname>] | [ group \"\"]\n"
4809 	    "\t[ deprecated | -deprecated ]\n"
4810 	    "\t[ standby | -standby ]\n"
4811 	    "\t[ failover | -failover ]\n"
4812 	    "\t[ zone <zonename> | -zone ]\n"
4813 	    "\t[ usesrc <interface> ]\n"
4814 	    "\t[ all-zones ]\n");
4815 
4816 	(void) fprintf(stderr, "or\n");
4817 	(void) fprintf(stderr,
4818 	    "\tifconfig <interface> |  -a[ 4 | 6 | D ] [ u | d ]\n");
4819 
4820 	(void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n"
4821 	    "\t[ wait <time> | forever ]\n\t[ primary ]\n"
4822 	    "\tstart | drop | ping | release | status | inform\n");
4823 }
4824