xref: /titanic_52/usr/src/cmd/cmd-inet/usr.sbin/ifconfig/ifconfig.c (revision 170affdd7228a2c069dff7e7ab890022ff6793d0)
1 /*
2  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 /*
6  * Copyright (c) 1983 Regents of the University of California.
7  * All rights reserved.  The Berkeley software License Agreement
8  * specifies the terms and conditions for redistribution.
9  */
10 
11 #include "defs.h"
12 #include "strings.h"
13 #include "ifconfig.h"
14 #include <compat.h>
15 #include <libdlpi.h>
16 #include <libdllink.h>
17 #include <libdliptun.h>
18 #include <libdllink.h>
19 #include <inet/ip.h>
20 #include <inet/ipsec_impl.h>
21 #include <libipadm.h>
22 #include <ifaddrs.h>
23 #include <libsocket_priv.h>
24 
25 #define	LOOPBACK_IF	"lo0"
26 #define	NONE_STR	"none"
27 #define	ARP_MOD_NAME	"arp"
28 #define	LIFC_DEFAULT	(LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES |\
29 			LIFC_UNDER_IPMP)
30 
31 typedef struct if_flags {
32 	uint64_t iff_value;
33 	char	*iff_name;
34 } if_flags_t;
35 
36 static if_flags_t	if_flags_tbl[] = {
37 	{ IFF_UP,		"UP" },
38 	{ IFF_BROADCAST,	"BROADCAST" },
39 	{ IFF_DEBUG,		"DEBUG" },
40 	{ IFF_LOOPBACK,		"LOOPBACK" },
41 	{ IFF_POINTOPOINT,	"POINTOPOINT" },
42 	{ IFF_NOTRAILERS,	"NOTRAILERS" },
43 	{ IFF_RUNNING,		"RUNNING" },
44 	{ IFF_NOARP,		"NOARP" },
45 	{ IFF_PROMISC,		"PROMISC" },
46 	{ IFF_ALLMULTI,		"ALLMULTI" },
47 	{ IFF_INTELLIGENT,	"INTELLIGENT" },
48 	{ IFF_MULTICAST,	"MULTICAST" },
49 	{ IFF_MULTI_BCAST,	"MULTI_BCAST" },
50 	{ IFF_UNNUMBERED,	"UNNUMBERED" },
51 	{ IFF_DHCPRUNNING,	"DHCP" },
52 	{ IFF_PRIVATE,		"PRIVATE" },
53 	{ IFF_NOXMIT,		"NOXMIT" },
54 	{ IFF_NOLOCAL,		"NOLOCAL" },
55 	{ IFF_DEPRECATED,	"DEPRECATED" },
56 	{ IFF_ADDRCONF,		"ADDRCONF" },
57 	{ IFF_ROUTER,		"ROUTER" },
58 	{ IFF_NONUD,		"NONUD" },
59 	{ IFF_ANYCAST,		"ANYCAST" },
60 	{ IFF_NORTEXCH,		"NORTEXCH" },
61 	{ IFF_IPV4,		"IPv4" },
62 	{ IFF_IPV6,		"IPv6" },
63 	{ IFF_NOFAILOVER,	"NOFAILOVER" },
64 	{ IFF_FAILED,		"FAILED" },
65 	{ IFF_STANDBY,		"STANDBY" },
66 	{ IFF_INACTIVE,		"INACTIVE" },
67 	{ IFF_OFFLINE,		"OFFLINE" },
68 	{ IFF_XRESOLV,		"XRESOLV" },
69 	{ IFF_COS_ENABLED,	"CoS" },
70 	{ IFF_PREFERRED,	"PREFERRED" },
71 	{ IFF_TEMPORARY,	"TEMPORARY" },
72 	{ IFF_FIXEDMTU,		"FIXEDMTU" },
73 	{ IFF_VIRTUAL,		"VIRTUAL" },
74 	{ IFF_DUPLICATE,	"DUPLICATE" },
75 	{ IFF_IPMP,		"IPMP"},
76 	{ IFF_VRRP,		"VRRP"},
77 	{ IFF_NOACCEPT,		"NOACCEPT"}
78 };
79 
80 typedef struct {
81 	const char		*ia_app;
82 	uint64_t		ia_flag;
83 	uint_t			ia_tries;
84 } if_appflags_t;
85 
86 static const if_appflags_t if_appflags_tbl[] = {
87 	{ "dhcpagent(1M)",	IFF_DHCPRUNNING,	1 },
88 	{ "in.ndpd(1M)",	IFF_ADDRCONF,		3 },
89 	{  NULL,		0,			0 }
90 };
91 
92 static dladm_handle_t	dlh;
93 boolean_t		dlh_opened;
94 static struct		lifreq lifr;
95 /* current interface name a particular function is accessing */
96 static char		name[LIFNAMSIZ];
97 /* foreach interface saved name */
98 static char		origname[LIFNAMSIZ];
99 static int		setaddr;
100 static boolean_t	setaddr_done = _B_FALSE;
101 static boolean_t	ipsec_policy_set;
102 static boolean_t	ipsec_auth_covered;
103 static ipadm_handle_t	iph;
104 static ipadm_addrobj_t	ipaddr;
105 
106 /*
107  * Make sure the algorithm variables hold more than the sizeof an algorithm
108  * in PF_KEY.  (For now, more than a uint8_t.)  The NO_***_?ALG indicates that
109  * there was no algorithm requested, and in the ipsec_req that service should
110  * be disabled.  (E.g. if ah_aalg remains NO_AH_AALG, then AH will be
111  * disabled on that tunnel.)
112  */
113 #define	NO_AH_AALG 256
114 #define	NO_ESP_AALG 256
115 #define	NO_ESP_EALG 256
116 
117 int	s, s4, s6;
118 int	af = AF_INET;	/* default address family */
119 int	debug = 0;
120 int	all = 0;	/* setifdhcp() needs to know this */
121 int	verbose = 0;
122 int	v4compat = 0;	/* Compatible printing format */
123 
124 /*
125  * Function prototypes for command functions.
126  */
127 static int	addif(char *arg, int64_t param);
128 static int	inetipmp(char *arg, int64_t param);
129 static int	inetplumb(char *arg, int64_t param);
130 static int	inetunplumb(char *arg, int64_t param);
131 static int	removeif(char *arg, int64_t param);
132 static int	setdebugflag(char *arg, int64_t param);
133 static int	setifaddr(char *arg, int64_t param);
134 static int	setifbroadaddr(char *arg, int64_t param);
135 static int	setifdstaddr(char *arg, int64_t param);
136 static int	setifether(char *arg, int64_t param);
137 static int	setifflags(char *arg, int64_t param);
138 static int	setifindex(char *arg, int64_t param);
139 static int	setifmetric(char *arg, int64_t param);
140 static int	setifmtu(char *arg, int64_t param);
141 static int	setifnetmask(char *arg, int64_t param);
142 static int	setifprefixlen(char *arg, int64_t param);
143 static int	setifrevarp(char *arg, int64_t param);
144 static int	setifsubnet(char *arg, int64_t param);
145 static int	setiftdst(char *arg, int64_t param);
146 static int	setiftoken(char *arg, int64_t param);
147 static int	setiftsrc(char *arg, int64_t param);
148 static int	setverboseflag(char *arg, int64_t param);
149 static int	set_tun_ah_alg(char *arg, int64_t param);
150 static int	set_tun_esp_auth_alg(char *arg, int64_t param);
151 static int	set_tun_esp_encr_alg(char *arg, int64_t param);
152 static int	modlist(char *arg, int64_t param);
153 static int	modinsert(char *arg, int64_t param);
154 static int	modremove(char *arg, int64_t param);
155 static int	setifgroupname(char *arg, int64_t param);
156 static int	configinfo(char *arg, int64_t param);
157 static void	print_config_flags(int af, uint64_t flags);
158 static void	print_flags(uint64_t flags);
159 static void	print_ifether(const char *ifname);
160 static int	set_tun_encap_limit(char *arg, int64_t param);
161 static int	clr_tun_encap_limit(char *arg, int64_t param);
162 static int	set_tun_hop_limit(char *arg, int64_t param);
163 static int	setzone(char *arg, int64_t param);
164 static int	setallzones(char *arg, int64_t param);
165 static int	setifsrc(char *arg, int64_t param);
166 static int	lifnum(const char *ifname);
167 static void	plumball(int, char **, int64_t, int64_t, int64_t);
168 
169 /*
170  * Address family specific function prototypes.
171  */
172 static void	in_getaddr(char *s, struct sockaddr *saddr, int *plenp);
173 static void	in_status(int force, uint64_t flags);
174 static void	in_configinfo(int force, uint64_t flags);
175 static void	in6_getaddr(char *s, struct sockaddr *saddr, int *plenp);
176 static void	in6_status(int force, uint64_t flags);
177 static void	in6_configinfo(int force, uint64_t flags);
178 
179 /*
180  * Misc support functions
181  */
182 static boolean_t	ni_entry(const char *, void *);
183 static void		foreachinterface(int argc, char *argv[],
184 			    int af, int64_t onflags, int64_t offflags,
185 			    int64_t lifc_flags);
186 static void		ifconfig(int argc, char *argv[], int af,
187 			    struct ifaddrs *ifa);
188 static boolean_t	in_getmask(struct sockaddr_in *saddr,
189 			    boolean_t addr_set);
190 static int		in_getprefixlen(char *addr, boolean_t slash, int plen);
191 static boolean_t	in_prefixlentomask(int prefixlen, int maxlen,
192 			    uchar_t *mask);
193 static void		status(void);
194 static void		ifstatus(const char *ifname);
195 static void		tun_status(datalink_id_t);
196 static void		usage(void);
197 static int		setifdhcp(const char *caller, const char *ifname,
198 			    int argc, char *argv[]);
199 static int		ip_domux2fd(int *, int *, int *, int *, int *);
200 static int		ip_plink(int, int, int, int, int);
201 static int		modop(char *arg, char op);
202 static int		find_all_interfaces(struct lifconf *lifcp, char **buf,
203 			    int64_t lifc_flags);
204 static int		create_ipmp(const char *grname, int af,
205 			    const char *ifname, boolean_t implicit);
206 static void		start_ipmp_daemon(void);
207 static boolean_t 	ifaddr_up(ifaddrlistx_t *ifaddrp);
208 static boolean_t 	ifaddr_down(ifaddrlistx_t *ifaddrp);
209 static dladm_status_t	ifconfig_dladm_open(const char *, datalink_class_t,
210 			    datalink_id_t *);
211 static void		dladmerr_exit(dladm_status_t status, const char *str);
212 static void		ipadmerr_exit(ipadm_status_t status, const char *str);
213 static boolean_t	ifconfig_use_libipadm(int, const char *);
214 
215 #define	max(a, b)	((a) < (b) ? (b) : (a))
216 
217 /*
218  * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there
219  * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep
220  * on going rather than exit with an error.
221  */
222 
223 #define	DHCP_EXIT_IF_FAILURE	-1
224 
225 #define	NEXTARG		0xffffff	/* command takes an argument */
226 #define	OPTARG		0xfffffe 	/* command takes an optional argument */
227 #define	AF_ANY		(-1)
228 
229 /* Refer to the comments in ifconfig() on the netmask "hack" */
230 #define	NETMASK_CMD	"netmask"
231 struct sockaddr_storage	g_netmask;
232 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET }
233     g_netmask_set = G_NETMASK_NIL;
234 
235 struct	cmd {
236 	char		*c_name;
237 	int64_t		c_parameter;	/* NEXTARG means next argv */
238 	int		(*c_func)(char *, int64_t);
239 	int		c_abortonfail;	/* don't continue parsing args */
240 					/* for the current interface */
241 	int	c_af;			/* address family restrictions */
242 } cmds[] = {
243 	{ "up",		IFF_UP,		setifflags,	0,	AF_ANY },
244 	{ "down",	-IFF_UP,	setifflags,	0,	AF_ANY },
245 	{ "trailers",	-IFF_NOTRAILERS, setifflags,	0,	AF_ANY },
246 	{ "-trailers",	IFF_NOTRAILERS,	setifflags,	0,	AF_ANY },
247 	{ "arp",	-IFF_NOARP,	setifflags,	0,	AF_INET },
248 	{ "-arp",	IFF_NOARP,	setifflags,	0,	AF_INET },
249 	{ "router",	IFF_ROUTER,	setifflags,	0,	AF_ANY },
250 	{ "-router",	-IFF_ROUTER,	setifflags,	0,	AF_ANY },
251 	{ "private",	IFF_PRIVATE,	setifflags,	0,	AF_ANY },
252 	{ "-private",	-IFF_PRIVATE,	setifflags,	0,	AF_ANY },
253 	{ "xmit",	-IFF_NOXMIT,	setifflags,	0,	AF_ANY },
254 	{ "-xmit",	IFF_NOXMIT,	setifflags,	0,	AF_ANY },
255 	{ "-nud",	IFF_NONUD,	setifflags,	0,	AF_INET6 },
256 	{ "nud",	-IFF_NONUD,	setifflags,	0,	AF_INET6 },
257 	{ "anycast",	IFF_ANYCAST,	setifflags,	0,	AF_ANY },
258 	{ "-anycast",	-IFF_ANYCAST,	setifflags,	0,	AF_ANY },
259 	{ "local",	-IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
260 	{ "-local",	IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
261 	{ "deprecated",	IFF_DEPRECATED,	setifflags,	0,	AF_ANY },
262 	{ "-deprecated", -IFF_DEPRECATED, setifflags,	0,	AF_ANY },
263 	{ "preferred",	IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
264 	{ "-preferred",	-IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
265 	{ "debug",	0,		setdebugflag,	0,	AF_ANY },
266 	{ "verbose",	0,		setverboseflag,	0,	AF_ANY },
267 	{ NETMASK_CMD,	NEXTARG,	setifnetmask,	0,	AF_INET },
268 	{ "metric",	NEXTARG,	setifmetric,	0,	AF_ANY },
269 	{ "mtu",	NEXTARG,	setifmtu,	0,	AF_ANY },
270 	{ "index",	NEXTARG,	setifindex,	0,	AF_ANY },
271 	{ "broadcast",	NEXTARG,	setifbroadaddr,	0,	AF_INET },
272 	{ "auto-revarp", 0,		setifrevarp,	1,	AF_INET },
273 	{ "ipmp",	0,		inetipmp,	1,	AF_ANY },
274 	{ "plumb",	0,		inetplumb,	1,	AF_ANY },
275 	{ "unplumb",	0,		inetunplumb,	0,	AF_ANY },
276 	{ "subnet",	NEXTARG,	setifsubnet,	0,	AF_ANY },
277 	{ "token",	NEXTARG,	setiftoken,	0,	AF_INET6 },
278 	{ "tsrc",	NEXTARG,	setiftsrc,	0,	AF_ANY },
279 	{ "tdst",	NEXTARG,	setiftdst,	0,	AF_ANY },
280 	{ "encr_auth_algs", NEXTARG,	set_tun_esp_auth_alg, 0, AF_ANY },
281 	{ "encr_algs",	NEXTARG,	set_tun_esp_encr_alg, 0, AF_ANY },
282 	{ "auth_algs",	NEXTARG,	set_tun_ah_alg,	0,	AF_ANY },
283 	{ "addif",	NEXTARG,	addif,		1,	AF_ANY },
284 	{ "removeif",	NEXTARG,	removeif,	1,	AF_ANY },
285 	{ "modlist",	0,		modlist,	1,	AF_ANY },
286 	{ "modinsert",	NEXTARG,	modinsert,	1,	AF_ANY },
287 	{ "modremove",	NEXTARG,	modremove,	1,	AF_ANY },
288 	{ "failover",	-IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
289 	{ "-failover",	IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
290 	{ "standby",	IFF_STANDBY,	setifflags,	1,	AF_ANY },
291 	{ "-standby",	-IFF_STANDBY,	setifflags,	1,	AF_ANY },
292 	{ "failed",	IFF_FAILED,	setifflags,	1,	AF_ANY },
293 	{ "-failed",	-IFF_FAILED,	setifflags,	1,	AF_ANY },
294 	{ "group",	NEXTARG,	setifgroupname,	1,	AF_ANY },
295 	{ "configinfo",	0,		configinfo,	1,	AF_ANY },
296 	{ "encaplimit",	NEXTARG,	set_tun_encap_limit,	0, AF_ANY },
297 	{ "-encaplimit", 0,		clr_tun_encap_limit,	0, AF_ANY },
298 	{ "thoplimit",	NEXTARG,	set_tun_hop_limit,	0, AF_ANY },
299 	{ "set",	NEXTARG,	setifaddr,	0,	AF_ANY },
300 	{ "destination", NEXTARG,	setifdstaddr,	0,	AF_ANY },
301 	{ "zone",	NEXTARG,	setzone,	0,	AF_ANY },
302 	{ "-zone",	0,		setzone,	0,	AF_ANY },
303 	{ "all-zones",	0,		setallzones,	0,	AF_ANY },
304 	{ "ether",	OPTARG,		setifether,	0,	AF_ANY },
305 	{ "usesrc",	NEXTARG,	setifsrc,	0,	AF_ANY },
306 
307 	/*
308 	 * NOTE: any additions to this table must also be applied to ifparse
309 	 *	(usr/src/cmd/cmd-inet/sbin/ifparse/ifparse.c)
310 	 */
311 
312 	{ 0,		0,		setifaddr,	0,	AF_ANY },
313 	{ 0,		0,		setifdstaddr,	0,	AF_ANY },
314 	{ 0,		0,		0,		0,	0 },
315 };
316 
317 
318 typedef struct if_config_cmd {
319 	uint64_t	iff_flag;
320 	int		iff_af;
321 	char		*iff_name;
322 } if_config_cmd_t;
323 
324 /*
325  * NOTE: print_config_flags() processes this table in order, so we put "up"
326  * last so that we can be sure "-failover" will take effect first.  Otherwise,
327  * IPMP test addresses will erroneously migrate to the IPMP interface.
328  */
329 static if_config_cmd_t	if_config_cmd_tbl[] = {
330 	{ IFF_NOTRAILERS,	AF_UNSPEC,	"-trailers"	},
331 	{ IFF_PRIVATE,		AF_UNSPEC,	"private"	},
332 	{ IFF_NOXMIT,		AF_UNSPEC,	"-xmit"		},
333 	{ IFF_ANYCAST,		AF_INET6,	"anycast"	},
334 	{ IFF_NOLOCAL,		AF_UNSPEC,	"-local"	},
335 	{ IFF_DEPRECATED,	AF_UNSPEC,	"deprecated"	},
336 	{ IFF_NOFAILOVER,	AF_UNSPEC,	"-failover"	},
337 	{ IFF_STANDBY,		AF_UNSPEC,	"standby"	},
338 	{ IFF_FAILED,		AF_UNSPEC,	"failed"	},
339 	{ IFF_PREFERRED,	AF_UNSPEC,	"preferred"	},
340 	{ IFF_NONUD,		AF_INET6,	"-nud"		},
341 	{ IFF_NOARP,		AF_INET,	"-arp"		},
342 	{ IFF_UP,		AF_UNSPEC, 	"up" 		},
343 	{ 0,			0,		NULL		},
344 };
345 
346 typedef struct ni {
347 	char		ni_name[LIFNAMSIZ];
348 	struct ni	*ni_next;
349 } ni_t;
350 
351 static ni_t	*ni_list = NULL;
352 static int	num_ni = 0;
353 
354 /* End defines and structure definitions for ifconfig -a plumb */
355 
356 /* Known address families */
357 struct afswtch {
358 	char *af_name;
359 	short af_af;
360 	void (*af_status)();
361 	void (*af_getaddr)();
362 	void (*af_configinfo)();
363 } afs[] = {
364 	{ "inet", AF_INET, in_status, in_getaddr, in_configinfo },
365 	{ "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo },
366 	{ 0, 0,	0, 0, 0 }
367 };
368 
369 #define	SOCKET_AF(af)	(((af) == AF_UNSPEC) ? AF_INET : (af))
370 
371 struct afswtch *afp;	/* the address family being set or asked about */
372 
373 int
374 main(int argc, char *argv[])
375 {
376 	int64_t		lifc_flags;
377 	char		*default_ip_str;
378 	ipadm_status_t	istatus;
379 
380 	lifc_flags = LIFC_DEFAULT;
381 
382 	if (argc < 2) {
383 		usage();
384 		exit(1);
385 	}
386 	argc--, argv++;
387 	if (strlen(*argv) > sizeof (name) - 1) {
388 		(void) fprintf(stderr, "%s: interface name too long\n", *argv);
389 		exit(1);
390 	}
391 	(void) strncpy(name, *argv, sizeof (name));
392 	name[sizeof (name) - 1] = '\0';
393 	(void) strncpy(origname, name, sizeof (origname));	/* For addif */
394 	default_ip_str = NULL;
395 	v4compat = get_compat_flag(&default_ip_str);
396 	if (v4compat == DEFAULT_PROT_BAD_VALUE) {
397 		(void) fprintf(stderr,
398 		    "ifconfig: %s: Bad value for %s in %s\n", default_ip_str,
399 		    DEFAULT_IP, INET_DEFAULT_FILE);
400 		free(default_ip_str);
401 		exit(2);
402 	}
403 	free(default_ip_str);
404 	argc--, argv++;
405 	if (argc > 0) {
406 		struct afswtch *myafp;
407 
408 		for (myafp = afp = afs; myafp->af_name; myafp++) {
409 			if (strcmp(myafp->af_name, *argv) == 0) {
410 				afp = myafp; argc--; argv++;
411 				break;
412 			}
413 		}
414 		af = lifr.lifr_addr.ss_family = afp->af_af;
415 		if (af == AF_INET6) {
416 			v4compat = 0;
417 		}
418 	}
419 
420 	s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
421 	s4 = socket(AF_INET, SOCK_DGRAM, 0);
422 	s6 = socket(AF_INET6, SOCK_DGRAM, 0);
423 	if (s == -1 || s4 == -1 || s6 == -1)
424 		Perror0_exit("socket");
425 	/*
426 	 * Open the global libipadm handle. The flag IPH_LEGACY has to
427 	 * be specified to indicate that logical interface names will
428 	 * be used during interface creation and address creation.
429 	 */
430 	if ((istatus = ipadm_open(&iph, IPH_LEGACY)) != IPADM_SUCCESS)
431 		ipadmerr_exit(istatus, "unable to open handle to libipadm");
432 
433 	/*
434 	 * Special interface names is any combination of these flags.
435 	 * Note that due to the ifconfig syntax they have to be combined
436 	 * as a single '-' option.
437 	 *	-a	All interfaces
438 	 *	-u	"up" interfaces
439 	 *	-d	"down" interfaces
440 	 *	-D	Interfaces not controlled by DHCP
441 	 *	-4	IPv4 interfaces
442 	 *	-6	IPv6 interfaces
443 	 *	-X	Turn on debug (not documented)
444 	 *	-v	Turn on verbose
445 	 *	-Z	Only interfaces in caller's zone
446 	 */
447 
448 	if (name[0] == '-') {
449 		/* One or more options */
450 		int64_t onflags = 0;
451 		int64_t offflags = 0;
452 		int c;
453 		char *av[2] = { "ifconfig", name };
454 
455 		while ((c = getopt(2, av, "audDXZ46v")) != -1) {
456 			switch ((char)c) {
457 			case 'a':
458 				all = 1;
459 				break;
460 			case 'u':
461 				onflags |= IFF_UP;
462 				break;
463 			case 'd':
464 				offflags |= IFF_UP;
465 				break;
466 			case 'D':
467 				offflags |= IFF_DHCPRUNNING;
468 				break;
469 			case 'X':
470 				debug += 3;
471 				break;
472 			case 'Z':
473 				lifc_flags &= ~LIFC_ALLZONES;
474 				break;
475 			case '4':
476 				/*
477 				 * -4 is not a compatable flag, therefore
478 				 * we assume they want v4compat turned off
479 				 */
480 				v4compat = 0;
481 				onflags |= IFF_IPV4;
482 				break;
483 			case '6':
484 				/*
485 				 * If they want IPv6, well then we'll assume
486 				 * they don't want IPv4 compat
487 				 */
488 				v4compat = 0;
489 				onflags |= IFF_IPV6;
490 				break;
491 			case 'v':
492 				verbose = 1;
493 				break;
494 			case '?':
495 				usage();
496 				exit(1);
497 			}
498 		}
499 		if (!all) {
500 			(void) fprintf(stderr,
501 			    "ifconfig: %s: no such interface\n", name);
502 			exit(1);
503 		}
504 		foreachinterface(argc, argv, af, onflags, offflags,
505 		    lifc_flags);
506 	} else {
507 		ifconfig(argc, argv, af, NULL);
508 	}
509 	ipadm_close(iph);
510 	return (0);
511 }
512 
513 /*
514  * For each interface, call ifconfig(argc, argv, af, ifa).
515  * Only call function if onflags and offflags are set or clear, respectively,
516  * in the interfaces flags field.
517  */
518 static void
519 foreachinterface(int argc, char *argv[], int af,
520     int64_t onflags, int64_t offflags, int64_t lifc_flags)
521 {
522 	ipadm_addr_info_t *ainfo, *ainfop;
523 	struct ifaddrs *ifa;
524 	ipadm_status_t istatus;
525 
526 	/*
527 	 * Special case:
528 	 * ifconfig -a plumb should find all network interfaces in the current
529 	 * zone.
530 	 */
531 	if (argc > 0 && (strcmp(*argv, "plumb") == 0)) {
532 		plumball(argc, argv, onflags, offflags, lifc_flags);
533 		return;
534 	}
535 	/* Get all addresses in kernel including addresses that are zero. */
536 	istatus = ipadm_addr_info(iph, NULL, &ainfo, IPADM_OPT_ZEROADDR,
537 	    lifc_flags);
538 	if (istatus != IPADM_SUCCESS)
539 		ipadmerr_exit(istatus, "could not get addresses from kernel");
540 
541 	/*
542 	 * For each logical interface, call ifconfig() with the
543 	 * given arguments.
544 	 */
545 	for (ainfop = ainfo; ainfop != NULL; ainfop = IA_NEXT(ainfop)) {
546 		if (ainfop->ia_state == IFA_DISABLED)
547 			continue;
548 		ifa = &ainfop->ia_ifa;
549 		if (onflags || offflags) {
550 			if ((ifa->ifa_flags & onflags) != onflags)
551 				continue;
552 			if ((~ifa->ifa_flags & offflags) != offflags)
553 				continue;
554 		}
555 		s = (ifa->ifa_addr->ss_family == AF_INET ? s4 : s6);
556 		(void) strncpy(name, ifa->ifa_name, sizeof (name));
557 		(void) strncpy(origname, name, sizeof (origname));
558 		ifconfig(argc, argv, af, ifa);
559 	}
560 	ipadm_free_addr_info(ainfo);
561 }
562 
563 /*
564  * Used for `ifconfig -a plumb'. Finds all datalinks and plumbs the interface.
565  */
566 static void
567 plumball(int argc, char *argv[], int64_t onflags, int64_t offflags,
568     int64_t lifc_flags)
569 {
570 	int n;
571 	struct lifreq *lifrp;
572 	struct lifconf lifc;
573 	char *buf;
574 
575 	if (onflags != 0 || offflags != 0) {
576 		(void) fprintf(stderr, "ifconfig: invalid syntax used to "
577 		    "plumb all interfaces.\n");
578 		exit(1);
579 	}
580 
581 	if (find_all_interfaces(&lifc, &buf, lifc_flags) != 0 ||
582 	    lifc.lifc_len == 0)
583 		return;
584 
585 	lifrp = lifc.lifc_req;
586 	for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) {
587 		/*
588 		 * Reset global state
589 		 * setaddr: Used by parser to tear apart source and dest
590 		 * name and origname contain the name of the 'current'
591 		 * interface.
592 		 */
593 		setaddr = 0;
594 		(void) strncpy(name, lifrp->lifr_name, sizeof (name));
595 		(void) strncpy(origname, name, sizeof (origname));
596 		ifconfig(argc, argv, af, NULL);
597 	}
598 }
599 
600 /*
601  * Parses the interface name and the command in argv[]. Calls the
602  * appropriate callback function for the given command from `cmds[]'
603  * table.
604  * If there is no command specified, it prints all addresses.
605  */
606 static void
607 ifconfig(int argc, char *argv[], int af, struct ifaddrs *ifa)
608 {
609 	static boolean_t scan_netmask = _B_FALSE;
610 	int ret;
611 	ipadm_status_t istatus;
612 	struct lifreq lifr;
613 
614 	if (argc == 0) {
615 		status();
616 		return;
617 	}
618 
619 	if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) {
620 		/*
621 		 * Some errors are ignored in the case where more than one
622 		 * interface is being operated on.
623 		 */
624 		ret = setifdhcp("ifconfig", name, argc, argv);
625 		if (ret == DHCP_EXIT_IF_FAILURE) {
626 			if (!all)
627 				exit(DHCP_EXIT_FAILURE);
628 		} else if (ret != DHCP_EXIT_SUCCESS) {
629 			exit(ret);
630 		}
631 		return;
632 	}
633 
634 	/*
635 	 * The following is a "hack" to get around the existing interface
636 	 * setting mechanism.  Currently, each interface attribute,
637 	 * such as address, netmask, broadcast, ... is set separately.  But
638 	 * sometimes two or more attributes must be set together.  For
639 	 * example, setting an address without a netmask does not make sense.
640 	 * Yet they can be set separately for IPv4 address using the current
641 	 * ifconfig(1M) syntax.  The kernel then "infers" the correct netmask
642 	 * using the deprecated "IP address classes."  This is simply not
643 	 * correct.
644 	 *
645 	 * The "hack" below is to go thru the whole command list looking for
646 	 * the netmask command first.  Then use this netmask to set the
647 	 * address.  This does not provide an extensible way to accommodate
648 	 * future need for setting more than one attributes together.
649 	 *
650 	 * Note that if the "netmask" command argument is a "+", we need
651 	 * to save this info and do the query after we know the address to
652 	 * be set.  The reason is that if "addif" is used, the working
653 	 * interface name will be changed later when the logical interface
654 	 * is created.  In in_getmask(), if an address is not provided,
655 	 * it will use the working interface's address to do the query.
656 	 * It will be wrong now as we don't know the logical interface's name.
657 	 *
658 	 * ifconfig(1M) is too overloaded and the code is so convoluted
659 	 * that it is "safer" not to re-architect the code to fix the above
660 	 * issue, hence this "hack."  We may be better off to have a new
661 	 * command with better syntax for configuring network interface
662 	 * parameters...
663 	 */
664 	if (!scan_netmask && afp->af_af == AF_INET) {
665 		int	largc;
666 		char	**largv;
667 
668 		/* Only go thru the command list once to find the netmask. */
669 		scan_netmask = _B_TRUE;
670 
671 		/*
672 		 * Currently, if multiple netmask commands are specified, the
673 		 * last one will be used as the final netmask.  So we need
674 		 * to scan the whole list to preserve this behavior.
675 		 */
676 		for (largc = argc, largv = argv; largc > 0; largc--, largv++) {
677 			if (strcmp(*largv, NETMASK_CMD) == 0) {
678 				if (--largc == 0)
679 					break;
680 				largv++;
681 				if (strcmp(*largv, "+") == 0) {
682 					g_netmask_set = G_NETMASK_PENDING;
683 				} else {
684 					in_getaddr(*largv, (struct sockaddr *)
685 					    &g_netmask, NULL);
686 					g_netmask_set = G_NETMASK_SET;
687 				}
688 				/* Continue the scan. */
689 			}
690 		}
691 	}
692 
693 	while (argc > 0) {
694 		struct cmd *p;
695 		boolean_t found_cmd;
696 
697 		if (debug)
698 			(void) printf("ifconfig: argv %s\n", *argv);
699 
700 		found_cmd = _B_FALSE;
701 		for (p = cmds; p->c_func; p++) {
702 			if (p->c_name) {
703 				if (strcmp(*argv, p->c_name) == 0) {
704 					/*
705 					 * indicate that the command was
706 					 * found and check to see if
707 					 * the address family is valid
708 					 */
709 					found_cmd = _B_TRUE;
710 					if (p->c_af == AF_ANY ||
711 					    af == p->c_af)
712 						break;
713 				}
714 			} else {
715 				if (p->c_af == AF_ANY ||
716 				    af == p->c_af)
717 					break;
718 			}
719 		}
720 		/*
721 		 * If we found the keyword, but the address family
722 		 * did not match spit out an error
723 		 */
724 		if (found_cmd && p->c_name == 0) {
725 			(void) fprintf(stderr, "ifconfig: Operation %s not"
726 			    " supported for %s\n", *argv, afp->af_name);
727 			exit(1);
728 		}
729 		/*
730 		 * else (no keyword found), we assume it's an address
731 		 * of some sort
732 		 */
733 		if (setaddr && ipaddr != NULL) {
734 			/*
735 			 * We must have already filled in a source address in
736 			 * `ipaddr' and we now got a destination address.
737 			 * Fill it in `ipaddr' and call libipadm to create
738 			 * the static address.
739 			 */
740 			if (p->c_name == 0) {
741 				istatus = ipadm_set_dst_addr(ipaddr, *argv,
742 				    (p->c_af == AF_ANY ? AF_UNSPEC : af));
743 				if (istatus != IPADM_SUCCESS) {
744 					ipadmerr_exit(istatus, "could not "
745 					    "set destination address");
746 				}
747 				/*
748 				 * finished processing dstaddr, so reset setaddr
749 				 */
750 				setaddr = 0;
751 			}
752 			/*
753 			 * Both source and destination address are in `ipaddr'.
754 			 * Add the address by calling libipadm.
755 			 */
756 			istatus = ipadm_create_addr(iph, ipaddr,
757 			    IPADM_OPT_ACTIVE);
758 			if (istatus != IPADM_SUCCESS)
759 				goto createfailed;
760 			ipadm_destroy_addrobj(ipaddr);
761 			ipaddr = NULL;
762 			setaddr_done = _B_TRUE;
763 			if (p->c_name == 0) {
764 				/* move parser along */
765 				argc--, argv++;
766 				continue;
767 			}
768 		}
769 		if (p->c_name == 0 && setaddr_done) {
770 			/*
771 			 * catch odd commands like
772 			 * "ifconfig <intf> addr1 addr2 addr3 addr4 up"
773 			 */
774 			(void) fprintf(stderr, "%s",
775 			    "ifconfig: cannot configure more than two "
776 			    "addresses in one command\n");
777 			exit(1);
778 		}
779 		if (p->c_func) {
780 			if (p->c_af == AF_INET6) {
781 				v4compat = 0;
782 			}
783 			if (p->c_parameter == NEXTARG ||
784 			    p->c_parameter == OPTARG) {
785 				argc--, argv++;
786 				if (argc == 0 && p->c_parameter == NEXTARG) {
787 					(void) fprintf(stderr,
788 					    "ifconfig: no argument for %s\n",
789 					    p->c_name);
790 					exit(1);
791 				}
792 			}
793 			/*
794 			 *	Call the function if:
795 			 *
796 			 *		there's no address family
797 			 *		restriction
798 			 *	OR
799 			 *		we don't know the address yet
800 			 *		(because we were called from
801 			 *		main)
802 			 *	OR
803 			 *		there is a restriction AND
804 			 *		the address families match
805 			 */
806 			if ((p->c_af == AF_ANY)	||
807 			    (ifa == NULL) ||
808 			    (ifa->ifa_addr->ss_family == p->c_af)) {
809 				ret = (*p->c_func)(*argv, p->c_parameter);
810 				/*
811 				 *	If c_func failed and we should
812 				 *	abort processing for this
813 				 *	interface on failure, return
814 				 *	now rather than going on to
815 				 *	process other commands for
816 				 *	the same interface.
817 				 */
818 				if (ret != 0 && p->c_abortonfail)
819 					return;
820 			}
821 		}
822 		argc--, argv++;
823 	}
824 
825 	if (setaddr && ipaddr != NULL) {
826 		/*
827 		 * Only the source address was provided, which was already
828 		 * set in `ipaddr'. Add the address by calling libipadm.
829 		 */
830 		istatus = ipadm_create_addr(iph, ipaddr, IPADM_OPT_ACTIVE);
831 		if (istatus != IPADM_SUCCESS)
832 			goto createfailed;
833 		ipadm_destroy_addrobj(ipaddr);
834 		ipaddr = NULL;
835 		setaddr_done = _B_TRUE;
836 	}
837 
838 	/* Check to see if there's a security hole in the tunnel setup. */
839 	if (ipsec_policy_set && !ipsec_auth_covered) {
840 		(void) fprintf(stderr, "ifconfig: WARNING: tunnel with only "
841 		    "ESP and no authentication.\n");
842 	}
843 	return;
844 
845 createfailed:
846 	(void) fprintf(stderr, "ifconfig: could not create address:% s\n",
847 	    ipadm_status2str(istatus));
848 	/* Remove the newly created logical interface. */
849 	if (strcmp(name, origname) != 0) {
850 		assert(strchr(name, ':') != NULL);
851 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
852 		(void) ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr);
853 	}
854 	exit(1);
855 }
856 
857 /* ARGSUSED */
858 static int
859 setdebugflag(char *val, int64_t arg)
860 {
861 	debug++;
862 	return (0);
863 }
864 
865 /* ARGSUSED */
866 static int
867 setverboseflag(char *val, int64_t arg)
868 {
869 	verbose++;
870 	return (0);
871 }
872 
873 /*
874  * This function fills in the given lifreq's lifr_addr field based on
875  * g_netmask_set.
876  */
877 static void
878 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr,
879     struct sockaddr_storage *mask)
880 {
881 	assert(addr != NULL);
882 	assert(mask != NULL);
883 
884 	switch (g_netmask_set) {
885 	case G_NETMASK_SET:
886 		lifr->lifr_addr = g_netmask;
887 		break;
888 
889 	case G_NETMASK_PENDING:
890 		/*
891 		 * "+" is used as the argument to "netmask" command.  Query
892 		 * the database on the correct netmask based on the address to
893 		 * be set.
894 		 */
895 		assert(afp->af_af == AF_INET);
896 		g_netmask = *addr;
897 		if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) {
898 			lifr->lifr_addr = *mask;
899 			g_netmask_set = G_NETMASK_NIL;
900 		} else {
901 			lifr->lifr_addr = g_netmask;
902 			g_netmask_set = G_NETMASK_SET;
903 		}
904 		break;
905 
906 	case G_NETMASK_NIL:
907 	default:
908 		lifr->lifr_addr = *mask;
909 		break;
910 	}
911 }
912 
913 /*
914  * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n>
915  * syntax for setting the address, the address plus netmask, and just
916  * the netmask respectively.
917  */
918 /* ARGSUSED */
919 static int
920 setifaddr(char *addr, int64_t param)
921 {
922 	ipadm_status_t istatus;
923 	int prefixlen = 0;
924 	struct  lifreq lifr1;
925 	struct	sockaddr_storage laddr;
926 	struct	sockaddr_storage netmask;
927 	struct	sockaddr_in6 *sin6;
928 	struct	sockaddr_in *sin;
929 	struct	sockaddr_storage sav_netmask;
930 	char cidraddr[BUFSIZ];
931 
932 	if (addr[0] == '/')
933 		return (setifprefixlen(addr, 0));
934 
935 	(*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen);
936 
937 	(void) memset(&netmask, 0, sizeof (netmask));
938 	netmask.ss_family = afp->af_af;
939 	switch (prefixlen) {
940 	case NO_PREFIX:
941 		/* Nothing there - ok */
942 		break;
943 	case BAD_ADDR:
944 		(void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n",
945 		    addr);
946 		exit(1);
947 	default:
948 		if (afp->af_af == AF_INET6) {
949 			sin6 = (struct sockaddr_in6 *)&netmask;
950 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
951 			    (uchar_t *)&sin6->sin6_addr)) {
952 				(void) fprintf(stderr, "ifconfig: "
953 				    "Bad prefix length: %d\n",
954 				    prefixlen);
955 				exit(1);
956 			}
957 		} else {
958 			sin = (struct sockaddr_in *)&netmask;
959 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
960 			    (uchar_t *)&sin->sin_addr)) {
961 				(void) fprintf(stderr, "ifconfig: "
962 				    "Bad prefix length: %d\n",
963 				    prefixlen);
964 				exit(1);
965 			}
966 		}
967 		/*
968 		 * Just in case of funny setting of both prefix and netmask,
969 		 * prefix should override the netmask command.
970 		 */
971 		g_netmask_set = G_NETMASK_NIL;
972 		break;
973 	}
974 
975 	/*
976 	 * Check and see if any "netmask" command is used and perform the
977 	 * necessary operation.
978 	 */
979 	set_mask_lifreq(&lifr, &laddr, &netmask);
980 
981 	/* This check is temporary until libipadm supports IPMP interfaces. */
982 	if (ifconfig_use_libipadm(s, name)) {
983 		istatus = ipadm_create_addrobj(IPADM_ADDR_STATIC, name,
984 		    &ipaddr);
985 		if (istatus != IPADM_SUCCESS)
986 			ipadmerr_exit(istatus, "setifaddr");
987 
988 		if (strchr(addr, '/') == NULL) {
989 			/*
990 			 * lifr.lifr_addr, which is updated by set_mask_lifreq()
991 			 * will contain the right mask to use.
992 			 */
993 			prefixlen = mask2plen(&lifr.lifr_addr);
994 			(void) snprintf(cidraddr, sizeof (cidraddr), "%s/%d",
995 			    addr, prefixlen);
996 			addr = cidraddr;
997 		}
998 		istatus = ipadm_set_addr(ipaddr, addr, af);
999 		if (istatus != IPADM_SUCCESS)
1000 			ipadmerr_exit(istatus, "could not set address");
1001 		/*
1002 		 * let parser know we got a source.
1003 		 * Next address, if given, should be dest
1004 		 */
1005 		setaddr++;
1006 
1007 		/*
1008 		 * address will be set by the parser after nextarg has
1009 		 * been scanned
1010 		 */
1011 		return (0);
1012 	}
1013 
1014 	/* Tell parser that an address was set */
1015 	setaddr++;
1016 	/* save copy of netmask to restore in case of error */
1017 	(void) strncpy(lifr1.lifr_name, name, sizeof (lifr1.lifr_name));
1018 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr1) < 0)
1019 		Perror0_exit("SIOCGLIFNETMASK");
1020 	sav_netmask = lifr1.lifr_addr;
1021 
1022 	/*
1023 	 * If setting the address and not the mask, clear any existing mask
1024 	 * and the kernel will then assign the default (netmask has been set
1025 	 * to 0 in this case).  If setting both (either by using a prefix or
1026 	 * using the netmask command), set the mask first, so the address will
1027 	 * be interpreted correctly.
1028 	 */
1029 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1030 	/* lifr.lifr_addr already contains netmask from set_mask_lifreq() */
1031 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1032 		Perror0_exit("SIOCSLIFNETMASK");
1033 
1034 	if (debug) {
1035 		char abuf[INET6_ADDRSTRLEN];
1036 		void *addr = (afp->af_af == AF_INET) ?
1037 		    (void *)&((struct sockaddr_in *)&laddr)->sin_addr :
1038 		    (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr;
1039 
1040 		(void) printf("Setting %s af %d addr %s\n",
1041 		    lifr.lifr_name, afp->af_af,
1042 		    inet_ntop(afp->af_af, addr, abuf, sizeof (abuf)));
1043 	}
1044 	lifr.lifr_addr = laddr;
1045 	lifr.lifr_addr.ss_family = afp->af_af;
1046 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) {
1047 		/*
1048 		 * Restore the netmask
1049 		 */
1050 		int saverr = errno;
1051 
1052 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1053 		lifr.lifr_addr = sav_netmask;
1054 		(void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr);
1055 		errno = saverr;
1056 		Perror0_exit("SIOCSLIFADDR");
1057 	}
1058 
1059 	return (0);
1060 }
1061 
1062 /*
1063  * The following functions are stolen from the ipseckey(1m) program.
1064  * Perhaps they should be somewhere common, but for now, we just maintain
1065  * two versions.  We do this because of the different semantics for which
1066  * algorithms we select ("requested" for ifconfig vs. "actual" for key).
1067  */
1068 
1069 static ulong_t
1070 parsenum(char *num)
1071 {
1072 	ulong_t rc;
1073 	char *end = NULL;
1074 
1075 	errno = 0;
1076 	rc = strtoul(num, &end, 0);
1077 	if (errno != 0 || end == num || *end != '\0') {
1078 		rc = (ulong_t)-1;
1079 	}
1080 
1081 	return (rc);
1082 }
1083 
1084 /*
1085  * Parse and reverse parse possible algorithm values, include numbers.
1086  * Mostly stolen from ipseckey.c. See the comments above parsenum() for why
1087  * this isn't common to ipseckey.c.
1088  *
1089  * NOTE: Static buffer in this function for the return value.  Since ifconfig
1090  *       isn't multithreaded, this isn't a huge problem.
1091  */
1092 
1093 #define	NBUF_SIZE 20	/* Enough to print a large integer. */
1094 
1095 static char *
1096 rparsealg(uint8_t alg_value, int proto_num)
1097 {
1098 	struct ipsecalgent *alg;
1099 	static char numprint[128];	/* Enough to hold an algorithm name. */
1100 
1101 	/*
1102 	 * Special cases for "any" and "none"
1103 	 * The kernel needs to be able to distinguish between "any"
1104 	 * and "none" and the APIs are underdefined in this area for auth.
1105 	 */
1106 	if (proto_num == IPSEC_PROTO_AH) {
1107 		if (alg_value == SADB_AALG_NONE)
1108 			return ("none");
1109 		if (alg_value == SADB_AALG_ANY)
1110 			return ("any");
1111 	}
1112 
1113 	alg = getipsecalgbynum(alg_value, proto_num, NULL);
1114 	if (alg != NULL) {
1115 		(void) strlcpy(numprint, alg->a_names[0], sizeof (numprint));
1116 		freeipsecalgent(alg);
1117 	} else {
1118 		(void) snprintf(numprint, sizeof (numprint), "%d", alg_value);
1119 	}
1120 
1121 	return (numprint);
1122 }
1123 
1124 static uint_t
1125 parsealg(char *algname, int proto_num)
1126 {
1127 	struct ipsecalgent *alg;
1128 	ulong_t invalue;
1129 
1130 	if (algname == NULL) {
1131 		(void) fprintf(stderr, "ifconfig: Unexpected end of command "
1132 		    "line.\n");
1133 		exit(1);
1134 	}
1135 
1136 	/*
1137 	 * Special-case "none" and "any".
1138 	 * Use strcasecmp because its length is bounded.
1139 	 */
1140 	if (strcasecmp("none", algname) == 0) {
1141 		return ((proto_num == IPSEC_PROTO_ESP) ?
1142 		    NO_ESP_EALG : NO_ESP_AALG);
1143 	}
1144 	if ((strcasecmp("any", algname) == 0) && (proto_num == IPSEC_PROTO_AH))
1145 		return (SADB_AALG_ANY);
1146 
1147 	alg = getipsecalgbyname(algname, proto_num, NULL);
1148 	if (alg != NULL) {
1149 		invalue = alg->a_alg_num;
1150 		freeipsecalgent(alg);
1151 		return ((uint_t)invalue);
1152 	}
1153 
1154 	/*
1155 	 * Since algorithms can be loaded during kernel run-time, check for
1156 	 * numeric algorithm values too.
1157 	 */
1158 	invalue = parsenum(algname);
1159 	if ((invalue & (ulong_t)0xff) == invalue)
1160 		return ((uint_t)invalue);
1161 
1162 	(void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n",
1163 	    (proto_num == IPSEC_PROTO_ESP) ?
1164 	    "Encryption" : "Authentication", algname);
1165 	exit(1);
1166 	/* NOTREACHED */
1167 }
1168 
1169 /*
1170  * Actual ifconfig functions to set tunnel security properties.
1171  */
1172 
1173 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG };
1174 
1175 static int
1176 set_tun_algs(int which_alg, int alg)
1177 {
1178 	boolean_t	encr_alg_set = _B_FALSE;
1179 	iptun_params_t	params;
1180 	dladm_status_t	status;
1181 	ipsec_req_t	*ipsr;
1182 
1183 	if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN,
1184 	    &params.iptun_param_linkid)) != DLADM_STATUS_OK)
1185 		goto done;
1186 
1187 	status = dladm_iptun_getparams(dlh, &params, DLADM_OPT_ACTIVE);
1188 	if (status != DLADM_STATUS_OK)
1189 		goto done;
1190 
1191 	ipsr = &params.iptun_param_secinfo;
1192 
1193 	/*
1194 	 * If I'm just starting off this ifconfig, I want a clean slate,
1195 	 * otherwise, I've captured the current tunnel security settings.
1196 	 * In the case of continuation, I merely add to the settings.
1197 	 */
1198 	if (!(params.iptun_param_flags & IPTUN_PARAM_SECINFO))
1199 		(void) memset(ipsr, 0, sizeof (*ipsr));
1200 
1201 	/* We're only modifying the IPsec information */
1202 	params.iptun_param_flags = IPTUN_PARAM_SECINFO;
1203 
1204 	switch (which_alg) {
1205 	case ESP_ENCR_ALG:
1206 		if (alg == NO_ESP_EALG) {
1207 			if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE)
1208 				ipsr->ipsr_esp_req = 0;
1209 			ipsr->ipsr_esp_alg = SADB_EALG_NONE;
1210 
1211 			/* Let the user specify NULL encryption implicitly. */
1212 			if (ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) {
1213 				encr_alg_set = _B_TRUE;
1214 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1215 			}
1216 		} else {
1217 			encr_alg_set = _B_TRUE;
1218 			ipsr->ipsr_esp_req =
1219 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1220 			ipsr->ipsr_esp_alg = alg;
1221 		}
1222 		break;
1223 	case ESP_AUTH_ALG:
1224 		if (alg == NO_ESP_AALG) {
1225 			if ((ipsr->ipsr_esp_alg == SADB_EALG_NONE ||
1226 			    ipsr->ipsr_esp_alg == SADB_EALG_NULL) &&
1227 			    !encr_alg_set)
1228 				ipsr->ipsr_esp_req = 0;
1229 			ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE;
1230 		} else {
1231 			ipsr->ipsr_esp_req =
1232 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1233 			ipsr->ipsr_esp_auth_alg = alg;
1234 
1235 			/* Let the user specify NULL encryption implicitly. */
1236 			if (ipsr->ipsr_esp_alg == SADB_EALG_NONE &&
1237 			    !encr_alg_set)
1238 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1239 		}
1240 		break;
1241 	case AH_AUTH_ALG:
1242 		if (alg == NO_AH_AALG) {
1243 			ipsr->ipsr_ah_req = 0;
1244 			ipsr->ipsr_auth_alg = SADB_AALG_NONE;
1245 		} else {
1246 			ipsr->ipsr_ah_req =
1247 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1248 			ipsr->ipsr_auth_alg = alg;
1249 		}
1250 		break;
1251 		/* Will never hit DEFAULT */
1252 	}
1253 
1254 	status = dladm_iptun_modify(dlh, &params, DLADM_OPT_ACTIVE);
1255 
1256 done:
1257 	if (status != DLADM_STATUS_OK)
1258 		dladmerr_exit(status, name);
1259 	else {
1260 		ipsec_policy_set = _B_TRUE;
1261 		if ((ipsr->ipsr_esp_req != 0 &&
1262 		    ipsr->ipsr_esp_auth_alg != SADB_AALG_NONE) ||
1263 		    (ipsr->ipsr_ah_req != 0 &&
1264 		    ipsr->ipsr_auth_alg != SADB_AALG_NONE))
1265 			ipsec_auth_covered = _B_TRUE;
1266 	}
1267 	return (0);
1268 }
1269 
1270 /* ARGSUSED */
1271 static int
1272 set_tun_esp_encr_alg(char *addr, int64_t param)
1273 {
1274 	return (set_tun_algs(ESP_ENCR_ALG,
1275 	    parsealg(addr, IPSEC_PROTO_ESP)));
1276 }
1277 
1278 /* ARGSUSED */
1279 static int
1280 set_tun_esp_auth_alg(char *addr, int64_t param)
1281 {
1282 	return (set_tun_algs(ESP_AUTH_ALG,
1283 	    parsealg(addr, IPSEC_PROTO_AH)));
1284 }
1285 
1286 /* ARGSUSED */
1287 static int
1288 set_tun_ah_alg(char *addr, int64_t param)
1289 {
1290 	return (set_tun_algs(AH_AUTH_ALG,
1291 	    parsealg(addr, IPSEC_PROTO_AH)));
1292 }
1293 
1294 /* ARGSUSED */
1295 static int
1296 setifrevarp(char *arg, int64_t param)
1297 {
1298 	struct sockaddr_in	laddr;
1299 
1300 	if (afp->af_af == AF_INET6) {
1301 		(void) fprintf(stderr,
1302 		    "ifconfig: revarp not possible on IPv6 interface %s\n",
1303 		    name);
1304 		exit(1);
1305 	}
1306 	if (doifrevarp(name, &laddr)) {
1307 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1308 		laddr.sin_family = AF_INET;
1309 		(void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr));
1310 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1311 			Perror0_exit("SIOCSLIFADDR");
1312 	}
1313 	return (0);
1314 }
1315 
1316 /* ARGSUSED */
1317 static int
1318 setifsubnet(char *addr, int64_t param)
1319 {
1320 	int prefixlen = 0;
1321 	struct	sockaddr_storage subnet;
1322 
1323 	(*afp->af_getaddr)(addr, &subnet, &prefixlen);
1324 
1325 	switch (prefixlen) {
1326 	case NO_PREFIX:
1327 		(void) fprintf(stderr,
1328 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
1329 		exit(1);
1330 		/* NOTREACHED */
1331 	case BAD_ADDR:
1332 		(void) fprintf(stderr,
1333 		    "ifconfig: Bad prefix length in %s\n", addr);
1334 		exit(1);
1335 	default:
1336 		break;
1337 	}
1338 
1339 	lifr.lifr_addr = subnet;
1340 	lifr.lifr_addrlen = prefixlen;
1341 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1342 	if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0)
1343 		Perror0_exit("SIOCSLIFSUBNET");
1344 
1345 	return (0);
1346 }
1347 
1348 /* ARGSUSED */
1349 static int
1350 setifnetmask(char *addr, int64_t param)
1351 {
1352 	struct sockaddr_in netmask;
1353 
1354 	assert(afp->af_af != AF_INET6);
1355 
1356 	if (strcmp(addr, "+") == 0) {
1357 		if (!in_getmask(&netmask, _B_FALSE))
1358 			return (0);
1359 		(void) printf("Setting netmask of %s to %s\n", name,
1360 		    inet_ntoa(netmask.sin_addr));
1361 	} else {
1362 		in_getaddr(addr, (struct sockaddr *)&netmask, NULL);
1363 	}
1364 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1365 	(void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask));
1366 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1367 		Perror0_exit("SIOCSLIFNETMASK");
1368 	return (0);
1369 }
1370 
1371 /*
1372  * Parse '/<n>' as a netmask.
1373  */
1374 /* ARGSUSED */
1375 static int
1376 setifprefixlen(char *addr, int64_t param)
1377 {
1378 	int prefixlen;
1379 	int af = afp->af_af;
1380 
1381 	prefixlen = in_getprefixlen(addr, _B_TRUE,
1382 	    (af == AF_INET) ? IP_ABITS : IPV6_ABITS);
1383 	if (prefixlen < 0) {
1384 		(void) fprintf(stderr,
1385 		    "ifconfig: Bad prefix length in %s\n", addr);
1386 		exit(1);
1387 	}
1388 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1389 	lifr.lifr_addr.ss_family = af;
1390 	if (af == AF_INET6) {
1391 		struct sockaddr_in6 *sin6;
1392 
1393 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
1394 		if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1395 		    (uchar_t *)&sin6->sin6_addr)) {
1396 			(void) fprintf(stderr, "ifconfig: "
1397 			    "Bad prefix length: %d\n",
1398 			    prefixlen);
1399 			exit(1);
1400 		}
1401 	} else if (af == AF_INET) {
1402 		struct sockaddr_in *sin;
1403 
1404 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
1405 		if (!in_prefixlentomask(prefixlen, IP_ABITS,
1406 		    (uchar_t *)&sin->sin_addr)) {
1407 			(void) fprintf(stderr, "ifconfig: "
1408 			    "Bad prefix length: %d\n",
1409 			    prefixlen);
1410 			exit(1);
1411 		}
1412 	} else {
1413 		(void) fprintf(stderr, "ifconfig: setting prefix only supported"
1414 		    " for address family inet or inet6\n");
1415 		exit(1);
1416 	}
1417 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1418 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1419 		Perror0_exit("SIOCSLIFNETMASK");
1420 	return (0);
1421 }
1422 
1423 /* ARGSUSED */
1424 static int
1425 setifbroadaddr(char *addr, int64_t param)
1426 {
1427 	struct	sockaddr_in broadaddr;
1428 
1429 	assert(afp->af_af != AF_INET6);
1430 
1431 	if (strcmp(addr, "+") == 0) {
1432 		/*
1433 		 * This doesn't set the broadcast address at all. Rather, it
1434 		 * gets, then sets the interface's address, relying on the fact
1435 		 * that resetting the address will reset the broadcast address.
1436 		 */
1437 		(void) strncpy(lifr.lifr_name, name,
1438 		    sizeof (lifr.lifr_name));
1439 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
1440 			if (errno != EADDRNOTAVAIL)
1441 				Perror0_exit("SIOCGLIFADDR");
1442 			return (0);
1443 		}
1444 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1445 			Perror0_exit("SIOCGLIFADDR");
1446 
1447 		return (0);
1448 	}
1449 	in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL);
1450 
1451 	(void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr));
1452 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1453 	if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0)
1454 		Perror0_exit("SIOCSLIFBRDADDR");
1455 	return (0);
1456 }
1457 
1458 /*
1459  * set interface destination address
1460  */
1461 /* ARGSUSED */
1462 static int
1463 setifdstaddr(char *addr, int64_t param)
1464 {
1465 	(*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL);
1466 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1467 	if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0)
1468 		Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR");
1469 	return (0);
1470 }
1471 
1472 /* ARGSUSED */
1473 static int
1474 setifflags(char *val, int64_t value)
1475 {
1476 	struct lifreq lifrl;	/* local lifreq struct */
1477 	boolean_t bringup = _B_FALSE;
1478 
1479 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1480 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0)
1481 		Perror0_exit("setifflags: SIOCGLIFFLAGS");
1482 
1483 	if (value < 0) {
1484 		value = -value;
1485 
1486 		if ((value & IFF_NOFAILOVER) && (lifr.lifr_flags & IFF_UP)) {
1487 			/*
1488 			 * The kernel does not allow administratively up test
1489 			 * addresses to be converted to data addresses.  Bring
1490 			 * the address down first, then bring it up after it's
1491 			 * been converted to a data address.
1492 			 */
1493 			lifr.lifr_flags &= ~IFF_UP;
1494 			(void) ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr);
1495 			bringup = _B_TRUE;
1496 		}
1497 
1498 		lifr.lifr_flags &= ~value;
1499 		if ((value & (IFF_UP | IFF_NOFAILOVER)) &&
1500 		    (lifr.lifr_flags & IFF_DUPLICATE)) {
1501 			/*
1502 			 * If the user is trying to mark an interface with a
1503 			 * duplicate address as "down," or convert a duplicate
1504 			 * test address to a data address, then fetch the
1505 			 * address and set it.  This will cause IP to clear
1506 			 * the IFF_DUPLICATE flag and stop the automatic
1507 			 * recovery timer.
1508 			 */
1509 			value = lifr.lifr_flags;
1510 			if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0)
1511 				(void) ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr);
1512 			lifr.lifr_flags = value;
1513 		}
1514 	} else {
1515 		lifr.lifr_flags |= value;
1516 	}
1517 
1518 	/*
1519 	 * If we're about to bring up an underlying physical IPv6 interface in
1520 	 * an IPMP group, ensure the IPv6 IPMP interface is also up.  This is
1521 	 * for backward compatibility with legacy configurations in which
1522 	 * there are no explicit hostname files for IPMP interfaces.  (For
1523 	 * IPv4, this is automatically handled by the kernel when migrating
1524 	 * the underlying interface's data address to the IPMP interface.)
1525 	 */
1526 	(void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ);
1527 
1528 	if (lifnum(lifr.lifr_name) == 0 &&
1529 	    (lifr.lifr_flags & (IFF_UP|IFF_IPV6)) == (IFF_UP|IFF_IPV6) &&
1530 	    ioctl(s, SIOCGLIFGROUPNAME, &lifrl) == 0 &&
1531 	    lifrl.lifr_groupname[0] != '\0') {
1532 		lifgroupinfo_t lifgr;
1533 
1534 		(void) strlcpy(lifgr.gi_grname, lifrl.lifr_groupname,
1535 		    LIFGRNAMSIZ);
1536 		if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1)
1537 			Perror0_exit("setifflags: SIOCGLIFGROUPINFO");
1538 
1539 		(void) strlcpy(lifrl.lifr_name, lifgr.gi_grifname, LIFNAMSIZ);
1540 		if (ioctl(s, SIOCGLIFFLAGS, &lifrl) == -1)
1541 			Perror0_exit("setifflags: SIOCGLIFFLAGS");
1542 		if (!(lifrl.lifr_flags & IFF_UP)) {
1543 			lifrl.lifr_flags |= IFF_UP;
1544 			if (ioctl(s, SIOCSLIFFLAGS, &lifrl) == -1)
1545 				Perror0_exit("setifflags: SIOCSLIFFLAGS");
1546 		}
1547 	}
1548 
1549 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1550 	if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0)
1551 		Perror0_exit("setifflags: SIOCSLIFFLAGS");
1552 
1553 	if (bringup) {
1554 		lifr.lifr_flags |= IFF_UP;
1555 		if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0)
1556 			Perror0_exit("setifflags: SIOCSLIFFLAGS IFF_UP");
1557 	}
1558 
1559 	return (0);
1560 }
1561 
1562 /* ARGSUSED */
1563 static int
1564 setifmetric(char *val, int64_t param)
1565 {
1566 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1567 	lifr.lifr_metric = atoi(val);
1568 	if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0)
1569 		Perror0_exit("setifmetric: SIOCSLIFMETRIC");
1570 	return (0);
1571 }
1572 
1573 /* ARGSUSED */
1574 static int
1575 setifmtu(char *val, int64_t param)
1576 {
1577 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1578 	lifr.lifr_mtu = atoi(val);
1579 	if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0)
1580 		Perror0_exit("setifmtu: SIOCSLIFMTU");
1581 	return (0);
1582 }
1583 
1584 /* ARGSUSED */
1585 static int
1586 setifindex(char *val, int64_t param)
1587 {
1588 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1589 	lifr.lifr_index = atoi(val);
1590 	if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0)
1591 		Perror0_exit("setifindex: SIOCSLIFINDEX");
1592 	return (0);
1593 }
1594 
1595 /* ARGSUSED */
1596 static void
1597 notifycb(dlpi_handle_t dh, dlpi_notifyinfo_t *dnip, void *arg)
1598 {
1599 }
1600 
1601 /* ARGSUSED */
1602 static int
1603 setifether(char *addr, int64_t param)
1604 {
1605 	uchar_t		*hwaddr;
1606 	int		hwaddrlen;
1607 	int		retval;
1608 	ifaddrlistx_t	*ifaddrp, *ifaddrs = NULL;
1609 	dlpi_handle_t	dh;
1610 	dlpi_notifyid_t id;
1611 
1612 	if (addr == NULL) {
1613 		ifstatus(name);
1614 		print_ifether(name);
1615 		return (0);
1616 	}
1617 
1618 	/*
1619 	 * if the IP interface in the arguments is a logical
1620 	 * interface, exit with an error now.
1621 	 */
1622 	if (strchr(name, ':') != NULL) {
1623 		(void) fprintf(stderr, "ifconfig: cannot change"
1624 		    " ethernet address of a logical interface\n");
1625 		exit(1);
1626 	}
1627 
1628 	if ((hwaddr = _link_aton(addr, &hwaddrlen)) == NULL) {
1629 		if (hwaddrlen == -1)
1630 			(void) fprintf(stderr,
1631 			    "ifconfig: bad ethernet address\n");
1632 		else
1633 			(void) fprintf(stderr, "ifconfig: malloc() failed\n");
1634 		exit(1);
1635 	}
1636 
1637 	if ((retval = dlpi_open(name, &dh, 0)) != DLPI_SUCCESS)
1638 		Perrdlpi_exit("cannot dlpi_open() link", name, retval);
1639 
1640 	retval = dlpi_enabnotify(dh, DL_NOTE_PHYS_ADDR, notifycb, NULL, &id);
1641 	if (retval == DLPI_SUCCESS) {
1642 		(void) dlpi_disabnotify(dh, id, NULL);
1643 	} else {
1644 		/*
1645 		 * This link does not support DL_NOTE_PHYS_ADDR: bring down
1646 		 * all of the addresses to flush the old hardware address
1647 		 * information out of IP.
1648 		 *
1649 		 * NOTE: Skipping this when DL_NOTE_PHYS_ADDR is supported is
1650 		 * more than an optimization: in.mpathd will set IFF_OFFLINE
1651 		 * if it's notified and the new address is a duplicate of
1652 		 * another in the group -- but the flags manipulation in
1653 		 * ifaddr_{down,up}() cannot be atomic and thus might clobber
1654 		 * IFF_OFFLINE, confusing in.mpathd.
1655 		 */
1656 		if (ifaddrlistx(name, IFF_UP, 0, &ifaddrs) == -1)
1657 			Perror2_exit(name, "cannot get address list");
1658 
1659 		ifaddrp = ifaddrs;
1660 		for (; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
1661 			if (!ifaddr_down(ifaddrp)) {
1662 				Perror2_exit(ifaddrp->ia_name,
1663 				    "cannot bring down");
1664 			}
1665 		}
1666 	}
1667 
1668 	/*
1669 	 * Change the hardware address.
1670 	 */
1671 	retval = dlpi_set_physaddr(dh, DL_CURR_PHYS_ADDR, hwaddr, hwaddrlen);
1672 	if (retval != DLPI_SUCCESS) {
1673 		(void) fprintf(stderr,
1674 		    "ifconfig: failed setting mac address on %s\n", name);
1675 	}
1676 	dlpi_close(dh);
1677 
1678 	/*
1679 	 * If any addresses were brought down before changing the hardware
1680 	 * address, bring them up again.
1681 	 */
1682 	for (ifaddrp = ifaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
1683 		if (!ifaddr_up(ifaddrp))
1684 			Perror2_exit(ifaddrp->ia_name, "cannot bring up");
1685 	}
1686 	ifaddrlistx_free(ifaddrs);
1687 
1688 	return (0);
1689 }
1690 
1691 /*
1692  * Print an interface's Ethernet address, if it has one.
1693  */
1694 static void
1695 print_ifether(const char *ifname)
1696 {
1697 	int fd;
1698 
1699 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1700 
1701 	fd = socket(AF_INET, SOCK_DGRAM, 0);
1702 	if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1703 		/*
1704 		 * It's possible the interface is only configured for
1705 		 * IPv6; check again with AF_INET6.
1706 		 */
1707 		(void) close(fd);
1708 		fd = socket(AF_INET6, SOCK_DGRAM, 0);
1709 		if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1710 			(void) close(fd);
1711 			return;
1712 		}
1713 	}
1714 	(void) close(fd);
1715 
1716 	/* VNI and IPMP interfaces don't have MAC addresses */
1717 	if (lifr.lifr_flags & (IFF_VIRTUAL|IFF_IPMP))
1718 		return;
1719 
1720 	/* IP tunnels also don't have Ethernet-like MAC addresses */
1721 	if (ifconfig_dladm_open(ifname, DATALINK_CLASS_IPTUN, NULL) ==
1722 	    DLADM_STATUS_OK)
1723 		return;
1724 
1725 	dlpi_print_address(ifname);
1726 }
1727 
1728 /*
1729  * static int find_all_interfaces(struct lifconf *lifcp, char **buf,
1730  *     int64_t lifc_flags)
1731  *
1732  * It finds all active data links.
1733  *
1734  * It takes in input a pointer to struct lifconf to receive interfaces
1735  * informations, a **char to hold allocated buffer, and a lifc_flags.
1736  *
1737  * Return values:
1738  *  0 = everything OK
1739  * -1 = problem
1740  */
1741 static int
1742 find_all_interfaces(struct lifconf *lifcp, char **buf, int64_t lifc_flags)
1743 {
1744 	unsigned bufsize;
1745 	int n;
1746 	ni_t *nip;
1747 	struct lifreq *lifrp;
1748 	dladm_status_t status;
1749 
1750 	if (!dlh_opened) {
1751 		status = ifconfig_dladm_open(NULL, 0, NULL);
1752 		if (status != DLADM_STATUS_OK)
1753 			dladmerr_exit(status, "unable to open dladm handle");
1754 	}
1755 
1756 	(void) dlpi_walk(ni_entry, dlh, 0);
1757 
1758 	/* Now, translate the linked list into a struct lifreq buffer */
1759 	if (num_ni == 0) {
1760 		lifcp->lifc_family = AF_UNSPEC;
1761 		lifcp->lifc_flags = lifc_flags;
1762 		lifcp->lifc_len = 0;
1763 		lifcp->lifc_buf = NULL;
1764 		return (0);
1765 	}
1766 
1767 	bufsize = num_ni * sizeof (struct lifreq);
1768 	if ((*buf = malloc(bufsize)) == NULL)
1769 		Perror0_exit("find_all_interfaces: malloc failed");
1770 
1771 	lifcp->lifc_family = AF_UNSPEC;
1772 	lifcp->lifc_flags = lifc_flags;
1773 	lifcp->lifc_len = bufsize;
1774 	lifcp->lifc_buf = *buf;
1775 
1776 	for (n = 0, lifrp = lifcp->lifc_req; n < num_ni; n++, lifrp++) {
1777 		nip = ni_list;
1778 		(void) strncpy(lifrp->lifr_name, nip->ni_name,
1779 		    sizeof (lifr.lifr_name));
1780 		ni_list = nip->ni_next;
1781 		free(nip);
1782 	}
1783 	return (0);
1784 }
1785 
1786 /*
1787  * Create the next unused logical interface using the original name
1788  * and assign the address (and mask if '/<n>' is part of the address).
1789  * Use the new logical interface for subsequent subcommands by updating
1790  * the name variable.
1791  *
1792  * This allows syntax like:
1793  *	ifconfig le0 addif 109.106.86.130 netmask + up \
1794  *	addif 109.106.86.131 netmask + up
1795  */
1796 /* ARGSUSED */
1797 static int
1798 addif(char *str, int64_t param)
1799 {
1800 	int prefixlen = 0;
1801 	struct sockaddr_storage laddr;
1802 	struct sockaddr_storage mask;
1803 	ipadm_status_t istatus;
1804 	char cidraddr[BUFSIZ];
1805 
1806 	(void) strncpy(name, origname, sizeof (name));
1807 
1808 	if (strchr(name, ':') != NULL) {
1809 		(void) fprintf(stderr,
1810 		    "ifconfig: addif: bad physical interface name %s\n",
1811 		    name);
1812 		exit(1);
1813 	}
1814 
1815 	/*
1816 	 * clear so parser will interpret next address as source followed
1817 	 * by possible dest
1818 	 */
1819 	setaddr = 0;
1820 	(*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen);
1821 
1822 	switch (prefixlen) {
1823 	case NO_PREFIX:
1824 		/* Nothing there - ok */
1825 		break;
1826 	case BAD_ADDR:
1827 		(void) fprintf(stderr,
1828 		    "ifconfig: Bad prefix length in %s\n", str);
1829 		exit(1);
1830 	default:
1831 		(void) memset(&mask, 0, sizeof (mask));
1832 		mask.ss_family = afp->af_af;
1833 		if (afp->af_af == AF_INET6) {
1834 			struct sockaddr_in6 *sin6;
1835 			sin6 = (struct sockaddr_in6 *)&mask;
1836 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1837 			    (uchar_t *)&sin6->sin6_addr)) {
1838 				(void) fprintf(stderr, "ifconfig: "
1839 				    "Bad prefix length: %d\n",
1840 				    prefixlen);
1841 				exit(1);
1842 			}
1843 		} else {
1844 			struct sockaddr_in *sin;
1845 
1846 			sin = (struct sockaddr_in *)&mask;
1847 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
1848 			    (uchar_t *)&sin->sin_addr)) {
1849 				(void) fprintf(stderr, "ifconfig: "
1850 				    "Bad prefix length: %d\n",
1851 				    prefixlen);
1852 				exit(1);
1853 			}
1854 		}
1855 		g_netmask_set = G_NETMASK_NIL;
1856 		break;
1857 	}
1858 
1859 	/*
1860 	 * This is a "hack" to get around the problem of SIOCLIFADDIF.  The
1861 	 * problem is that this ioctl does not include the netmask when
1862 	 * adding a logical interface.  This is the same problem described
1863 	 * in the ifconfig() comments.  To get around this problem, we first
1864 	 * add the logical interface with a 0 address.  After that, we set
1865 	 * the netmask if provided.  Finally we set the interface address.
1866 	 */
1867 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1868 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1869 
1870 	/* Note: no need to do DAD here since the interface isn't up yet. */
1871 
1872 	if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0)
1873 		Perror0_exit("addif: SIOCLIFADDIF");
1874 
1875 	(void) printf("Created new logical interface %s\n",
1876 	    lifr.lifr_name);
1877 	(void) strncpy(name, lifr.lifr_name, sizeof (name));
1878 
1879 	/*
1880 	 * Check and see if any "netmask" command is used and perform the
1881 	 * necessary operation.
1882 	 */
1883 	set_mask_lifreq(&lifr, &laddr, &mask);
1884 
1885 	/* This check is temporary until libipadm supports IPMP interfaces. */
1886 	if (ifconfig_use_libipadm(s, name)) {
1887 		/*
1888 		 * We added the logical interface above before calling
1889 		 * ipadm_create_addr(), because, with IPH_LEGACY, we need
1890 		 * to do an addif for `ifconfig ce0 addif <addr>' but not for
1891 		 * `ifconfig ce0 <addr>'. libipadm does not have a flag to
1892 		 * to differentiate between these two cases. To keep it simple,
1893 		 * we always create the logical interface and pass it to
1894 		 * libipadm instead of requiring libipadm to addif for some
1895 		 * cases and not do addif for other cases.
1896 		 */
1897 		istatus = ipadm_create_addrobj(IPADM_ADDR_STATIC, name,
1898 		    &ipaddr);
1899 		if (istatus != IPADM_SUCCESS)
1900 			ipadmerr_exit(istatus, "addif");
1901 
1902 		if (strchr(str, '/') == NULL) {
1903 			/*
1904 			 * lifr.lifr_addr, which is updated by set_mask_lifreq()
1905 			 * will contain the right mask to use.
1906 			 */
1907 			prefixlen = mask2plen(&lifr.lifr_addr);
1908 			(void) snprintf(cidraddr, sizeof (cidraddr), "%s/%d",
1909 			    str, prefixlen);
1910 			str = cidraddr;
1911 		}
1912 		istatus = ipadm_set_addr(ipaddr, str, af);
1913 		if (istatus != IPADM_SUCCESS)
1914 			ipadmerr_exit(istatus, "could not set address");
1915 		setaddr++;
1916 		/*
1917 		 * address will be set by the parser after nextarg
1918 		 * has been scanned
1919 		 */
1920 		return (0);
1921 	}
1922 
1923 	/*
1924 	 * Only set the netmask if "netmask" command is used or a prefix is
1925 	 * provided.
1926 	 */
1927 	if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) {
1928 		/*
1929 		 * lifr.lifr_addr already contains netmask from
1930 		 * set_mask_lifreq().
1931 		 */
1932 		if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1933 			Perror0_exit("addif: SIOCSLIFNETMASK");
1934 	}
1935 
1936 	/* Finally, we set the interface address. */
1937 	lifr.lifr_addr = laddr;
1938 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1939 		Perror0_exit("SIOCSLIFADDR");
1940 
1941 	/*
1942 	 * let parser know we got a source.
1943 	 * Next address, if given, should be dest
1944 	 */
1945 	setaddr++;
1946 	return (0);
1947 }
1948 
1949 /*
1950  * Remove a logical interface based on its IP address. Unlike addif
1951  * there is no '/<n>' here.
1952  * Verifies that the interface is down before it is removed.
1953  */
1954 /* ARGSUSED */
1955 static int
1956 removeif(char *str, int64_t param)
1957 {
1958 	struct sockaddr_storage laddr;
1959 	ipadm_status_t istatus;
1960 	ipadm_addr_info_t *ainfo, *ainfop;
1961 
1962 	if (strchr(name, ':') != NULL) {
1963 		(void) fprintf(stderr,
1964 		    "ifconfig: removeif: bad physical interface name %s\n",
1965 		    name);
1966 		exit(1);
1967 	}
1968 
1969 	(*afp->af_getaddr)(str, &laddr, NULL);
1970 
1971 	/*
1972 	 * Following check is temporary until libipadm supports
1973 	 * IPMP interfaces.
1974 	 */
1975 	if (!ifconfig_use_libipadm(s, name))
1976 		goto delete;
1977 
1978 	/*
1979 	 * Get all addresses and search this address among the active
1980 	 * addresses. If an address object was found, delete using
1981 	 * ipadm_delete_addr().
1982 	 */
1983 	istatus = ipadm_addr_info(iph, name, &ainfo, 0, LIFC_DEFAULT);
1984 	if (istatus != IPADM_SUCCESS)
1985 		ipadmerr_exit(istatus, "removeif");
1986 
1987 	for (ainfop = ainfo; ainfop != NULL; ainfop = IA_NEXT(ainfop))
1988 		if (sockaddrcmp(ainfop->ia_ifa.ifa_addr, &laddr))
1989 			break;
1990 
1991 	if (ainfop != NULL && ainfop->ia_aobjname[0] != '\0') {
1992 		istatus = ipadm_delete_addr(iph, ainfop->ia_aobjname,
1993 		    IPADM_OPT_ACTIVE);
1994 		if (istatus != IPADM_SUCCESS)
1995 			ipadmerr_exit(istatus, "could not delete address");
1996 		ipadm_free_addr_info(ainfo);
1997 		return (0);
1998 	}
1999 	ipadm_free_addr_info(ainfo);
2000 
2001 delete:
2002 	/*
2003 	 * An address object for this address was not found in ipadm.
2004 	 * Delete with SIOCLIFREMOVEIF.
2005 	 */
2006 	lifr.lifr_addr = laddr;
2007 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2008 	if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) {
2009 		if (errno == EBUSY) {
2010 			/* This can only happen if ipif_id = 0 */
2011 			(void) fprintf(stderr,
2012 			    "ifconfig: removeif: can't remove interface: %s\n",
2013 			    name);
2014 			exit(1);
2015 		}
2016 		Perror0_exit("removeif: SIOCLIFREMOVEIF");
2017 	}
2018 	return (0);
2019 }
2020 
2021 /*
2022  * Set the address token for IPv6.
2023  */
2024 /* ARGSUSED */
2025 static int
2026 setiftoken(char *addr, int64_t param)
2027 {
2028 	int prefixlen = 0;
2029 	struct sockaddr_in6 token;
2030 
2031 	in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen);
2032 	switch (prefixlen) {
2033 	case NO_PREFIX:
2034 		(void) fprintf(stderr,
2035 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
2036 		exit(1);
2037 		/* NOTREACHED */
2038 	case BAD_ADDR:
2039 		(void) fprintf(stderr,
2040 		    "ifconfig: Bad prefix length in %s\n", addr);
2041 		exit(1);
2042 	default:
2043 		break;
2044 	}
2045 	(void) memcpy(&lifr.lifr_addr, &token, sizeof (token));
2046 	lifr.lifr_addrlen = prefixlen;
2047 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2048 	if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0)  {
2049 		Perror0_exit("setiftoken: SIOCSLIFTOKEN");
2050 	}
2051 	return (0);
2052 }
2053 
2054 /* ARGSUSED */
2055 static int
2056 setifgroupname(char *grname, int64_t param)
2057 {
2058 	lifgroupinfo_t		lifgr;
2059 	struct lifreq		lifrl;
2060 	ifaddrlistx_t		*ifaddrp, *nextifaddrp;
2061 	ifaddrlistx_t		*ifaddrs = NULL, *downaddrs = NULL;
2062 	int			af;
2063 
2064 	if (debug) {
2065 		(void) printf("Setting groupname %s on interface %s\n",
2066 		    grname, name);
2067 	}
2068 
2069 	(void) strlcpy(lifrl.lifr_name, name, LIFNAMSIZ);
2070 	(void) strlcpy(lifrl.lifr_groupname, grname, LIFGRNAMSIZ);
2071 
2072 	while (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) {
2073 		switch (errno) {
2074 		case ENOENT:
2075 			/*
2076 			 * The group doesn't yet exist; create it and repeat.
2077 			 */
2078 			af = afp->af_af;
2079 			if (create_ipmp(grname, af, NULL, _B_TRUE) == -1) {
2080 				if (errno == EEXIST)
2081 					continue;
2082 
2083 				Perror2(grname, "cannot create IPMP group");
2084 				goto fail;
2085 			}
2086 			continue;
2087 
2088 		case EALREADY:
2089 			/*
2090 			 * The interface is already in another group; must
2091 			 * remove existing membership first.
2092 			 */
2093 			lifrl.lifr_groupname[0] = '\0';
2094 			if (ioctl(s, SIOCSLIFGROUPNAME, &lifrl) == -1) {
2095 				Perror2(name, "cannot remove existing "
2096 				    "IPMP group membership");
2097 				goto fail;
2098 			}
2099 			(void) strlcpy(lifrl.lifr_groupname, grname,
2100 			    LIFGRNAMSIZ);
2101 			continue;
2102 
2103 		case EAFNOSUPPORT:
2104 			/*
2105 			 * The group exists, but it's not configured with the
2106 			 * address families the interface needs.  Since only
2107 			 * two address families are currently supported, just
2108 			 * configure the "other" address family.  Note that we
2109 			 * may race with group deletion or creation by another
2110 			 * process (ENOENT or EEXIST); in such cases we repeat
2111 			 * our original SIOCSLIFGROUPNAME.
2112 			 */
2113 			(void) strlcpy(lifgr.gi_grname, grname, LIFGRNAMSIZ);
2114 			if (ioctl(s, SIOCGLIFGROUPINFO, &lifgr) == -1) {
2115 				if (errno == ENOENT)
2116 					continue;
2117 
2118 				Perror2(grname, "SIOCGLIFGROUPINFO");
2119 				goto fail;
2120 			}
2121 
2122 			af = lifgr.gi_v4 ? AF_INET6 : AF_INET;
2123 			if (create_ipmp(grname, af, lifgr.gi_grifname,
2124 			    _B_TRUE) == -1) {
2125 				if (errno == EEXIST)
2126 					continue;
2127 
2128 				Perror2(grname, "cannot configure IPMP group");
2129 				goto fail;
2130 			}
2131 			continue;
2132 
2133 		case EADDRINUSE:
2134 			/*
2135 			 * Some addresses are in-use (or under control of DAD).
2136 			 * Bring them down and retry the group join operation.
2137 			 * We will bring them back up after the interface has
2138 			 * been placed in the group.
2139 			 */
2140 			if (ifaddrlistx(lifrl.lifr_name, IFF_UP|IFF_DUPLICATE,
2141 			    0, &ifaddrs) == -1) {
2142 				Perror2(grname, "cannot get address list");
2143 				goto fail;
2144 			}
2145 
2146 			ifaddrp = ifaddrs;
2147 			for (; ifaddrp != NULL; ifaddrp = nextifaddrp) {
2148 				if (!ifaddr_down(ifaddrp)) {
2149 					ifaddrs = ifaddrp;
2150 					goto fail;
2151 				}
2152 				nextifaddrp = ifaddrp->ia_next;
2153 				ifaddrp->ia_next = downaddrs;
2154 				downaddrs = ifaddrp;
2155 			}
2156 			ifaddrs = NULL;
2157 			continue;
2158 
2159 		case EADDRNOTAVAIL: {
2160 			/*
2161 			 * Some data addresses are under application control.
2162 			 * For some of these (e.g., ADDRCONF), the application
2163 			 * should remove the address, in which case we retry a
2164 			 * few times (since the application's action is not
2165 			 * atomic with respect to us) before bailing out and
2166 			 * informing the user.
2167 			 */
2168 			int ntries, nappaddr = 0;
2169 			const if_appflags_t *iap = if_appflags_tbl;
2170 
2171 			for (; iap->ia_app != NULL; iap++) {
2172 				ntries = 0;
2173 again:
2174 				if (ifaddrlistx(lifrl.lifr_name, iap->ia_flag,
2175 				    IFF_NOFAILOVER, &ifaddrs) == -1) {
2176 					(void) fprintf(stderr, "ifconfig: %s: "
2177 					    "cannot get data addresses managed "
2178 					    "by %s\n", lifrl.lifr_name,
2179 					    iap->ia_app);
2180 					goto fail;
2181 				}
2182 
2183 				if (ifaddrs == NULL)
2184 					continue;
2185 
2186 				ifaddrlistx_free(ifaddrs);
2187 				ifaddrs = NULL;
2188 
2189 				if (++ntries < iap->ia_tries) {
2190 					(void) poll(NULL, 0, 100);
2191 					goto again;
2192 				}
2193 
2194 				(void) fprintf(stderr, "ifconfig: cannot join "
2195 				    "IPMP group: %s has data addresses managed "
2196 				    "by %s\n", lifrl.lifr_name, iap->ia_app);
2197 				nappaddr++;
2198 			}
2199 			if (nappaddr > 0)
2200 				goto fail;
2201 			continue;
2202 		}
2203 		default:
2204 			Perror2(name, "SIOCSLIFGROUPNAME");
2205 			goto fail;
2206 		}
2207 	}
2208 
2209 	/*
2210 	 * If there were addresses that we had to bring down, it's time to
2211 	 * bring them up again.  As part of bringing them up, the kernel will
2212 	 * automatically move them to the new IPMP interface.
2213 	 */
2214 	for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
2215 		if (!ifaddr_up(ifaddrp) && errno != ENXIO) {
2216 			(void) fprintf(stderr, "ifconfig: cannot bring back up "
2217 			    "%s: %s\n", ifaddrp->ia_name, strerror(errno));
2218 		}
2219 	}
2220 	ifaddrlistx_free(downaddrs);
2221 	return (0);
2222 fail:
2223 	/*
2224 	 * Attempt to bring back up any interfaces that we downed.
2225 	 */
2226 	for (ifaddrp = downaddrs; ifaddrp != NULL; ifaddrp = ifaddrp->ia_next) {
2227 		if (!ifaddr_up(ifaddrp) && errno != ENXIO) {
2228 			(void) fprintf(stderr, "ifconfig: cannot bring back up "
2229 			    "%s: %s\n", ifaddrp->ia_name, strerror(errno));
2230 		}
2231 	}
2232 	ifaddrlistx_free(downaddrs);
2233 	ifaddrlistx_free(ifaddrs);
2234 
2235 	/*
2236 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2237 	 * into the exit status, so we're forced to explicitly exit().
2238 	 */
2239 	exit(1);
2240 	/* NOTREACHED */
2241 }
2242 
2243 static boolean_t
2244 modcheck(const char *ifname)
2245 {
2246 	(void) strlcpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2247 
2248 	if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) {
2249 		Perror0("SIOCGLIFFLAGS");
2250 		return (_B_FALSE);
2251 	}
2252 
2253 	if (lifr.lifr_flags & IFF_IPMP) {
2254 		(void) fprintf(stderr, "ifconfig: %s: module operations not"
2255 		    " supported on IPMP interfaces\n", ifname);
2256 		return (_B_FALSE);
2257 	}
2258 	if (lifr.lifr_flags & IFF_VIRTUAL) {
2259 		(void) fprintf(stderr, "ifconfig: %s: module operations not"
2260 		    " supported on virtual IP interfaces\n", ifname);
2261 		return (_B_FALSE);
2262 	}
2263 	return (_B_TRUE);
2264 }
2265 
2266 /*
2267  * To list all the modules above a given network interface.
2268  */
2269 /* ARGSUSED */
2270 static int
2271 modlist(char *null, int64_t param)
2272 {
2273 	int muxid_fd;
2274 	int muxfd;
2275 	int ipfd_lowstr;
2276 	int arpfd_lowstr;
2277 	int num_mods;
2278 	int i;
2279 	struct str_list strlist;
2280 	int orig_arpid;
2281 
2282 	/*
2283 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2284 	 * into the exit status, so we're forced to explicitly exit().
2285 	 */
2286 	if (!modcheck(name))
2287 		exit(1);
2288 
2289 	if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr,
2290 	    &orig_arpid) < 0) {
2291 		return (-1);
2292 	}
2293 	if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) {
2294 		Perror0("cannot I_LIST to get the number of modules");
2295 	} else {
2296 		if (debug > 0) {
2297 			(void) printf("Listing (%d) modules above %s\n",
2298 			    num_mods, name);
2299 		}
2300 
2301 		strlist.sl_nmods = num_mods;
2302 		strlist.sl_modlist = malloc(sizeof (struct str_mlist) *
2303 		    num_mods);
2304 		if (strlist.sl_modlist == NULL) {
2305 			Perror0("cannot malloc");
2306 		} else {
2307 			if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) {
2308 				Perror0("cannot I_LIST for module names");
2309 			} else {
2310 				for (i = 0; i < strlist.sl_nmods; i++) {
2311 					(void) printf("%d %s\n", i,
2312 					    strlist.sl_modlist[i].l_name);
2313 				}
2314 			}
2315 			free(strlist.sl_modlist);
2316 		}
2317 	}
2318 	return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr,
2319 	    orig_arpid));
2320 }
2321 
2322 #define	MODINSERT_OP	'i'
2323 #define	MODREMOVE_OP	'r'
2324 
2325 /*
2326  * To insert a module to the stream of the interface.  It is just a
2327  * wrapper.  The real function is modop().
2328  */
2329 /* ARGSUSED */
2330 static int
2331 modinsert(char *arg, int64_t param)
2332 {
2333 	return (modop(arg, MODINSERT_OP));
2334 }
2335 
2336 /*
2337  * To remove a module from the stream of the interface.  It is just a
2338  * wrapper.  The real function is modop().
2339  */
2340 /* ARGSUSED */
2341 static int
2342 modremove(char *arg, int64_t param)
2343 {
2344 	return (modop(arg, MODREMOVE_OP));
2345 }
2346 
2347 /*
2348  * Helper function for mod*() functions.  It gets a fd to the lower IP
2349  * stream and I_PUNLINK's the lower stream.  It also initializes the
2350  * global variable lifr.
2351  *
2352  * Param:
2353  *	int *muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2354  *	int *muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2355  *	int *ipfd_lowstr: fd to the lower IP stream.
2356  *	int *arpfd_lowstr: fd to the lower ARP stream.
2357  *
2358  * Return:
2359  *	-1 if operation fails, 0 otherwise.
2360  *
2361  * Please see the big block comment above ifplumb() for the logic of the
2362  * PLINK/PUNLINK
2363  */
2364 static int
2365 ip_domux2fd(int *muxfd, int *muxid_fd, int *ipfd_lowstr, int *arpfd_lowstr,
2366     int *orig_arpid)
2367 {
2368 	uint64_t	flags;
2369 	char		*udp_dev_name;
2370 
2371 	*orig_arpid = 0;
2372 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2373 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2374 		Perror0_exit("status: SIOCGLIFFLAGS");
2375 	}
2376 	flags = lifr.lifr_flags;
2377 	if (flags & IFF_IPV4) {
2378 		udp_dev_name = UDP_DEV_NAME;
2379 	} else if (flags & IFF_IPV6) {
2380 		udp_dev_name = UDP6_DEV_NAME;
2381 	} else {
2382 		return (-1);
2383 	}
2384 
2385 	if ((*muxid_fd = open(udp_dev_name, O_RDWR)) < 0) {
2386 		Perror2("open", udp_dev_name);
2387 		return (-1);
2388 	}
2389 	if (ioctl(*muxid_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
2390 		Perror2("SIOCGLIFMUXID", udp_dev_name);
2391 		return (-1);
2392 	}
2393 	if (debug > 0) {
2394 		(void) printf("ARP_muxid %d IP_muxid %d\n",
2395 		    lifr.lifr_arp_muxid, lifr.lifr_ip_muxid);
2396 	}
2397 
2398 	/*
2399 	 * Use /dev/udp{,6} as the mux to avoid linkcycles.
2400 	 */
2401 	if (ipadm_open_arp_on_udp(udp_dev_name, muxfd) != IPADM_SUCCESS)
2402 		return (-1);
2403 
2404 	if (lifr.lifr_arp_muxid != 0) {
2405 		if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2406 		    lifr.lifr_arp_muxid)) < 0) {
2407 			if ((errno == EINVAL) &&
2408 			    (flags & (IFF_NOARP | IFF_IPV6))) {
2409 				/*
2410 				 * Some plumbing utilities set the muxid to
2411 				 * -1 or some invalid value to signify that
2412 				 * there is no arp stream. Set the muxid to 0
2413 				 * before trying to unplumb the IP stream.
2414 				 * IP does not allow the IP stream to be
2415 				 * unplumbed if it sees a non-null arp muxid,
2416 				 * for consistency of IP-ARP streams.
2417 				 */
2418 				*orig_arpid = lifr.lifr_arp_muxid;
2419 				lifr.lifr_arp_muxid = 0;
2420 				(void) ioctl(*muxid_fd, SIOCSLIFMUXID,
2421 				    (caddr_t)&lifr);
2422 				*arpfd_lowstr = -1;
2423 			} else {
2424 				Perror0("_I_MUXID2FD");
2425 				return (-1);
2426 			}
2427 		} else if (ioctl(*muxfd, I_PUNLINK,
2428 		    lifr.lifr_arp_muxid) < 0) {
2429 			Perror2("I_PUNLINK", udp_dev_name);
2430 			return (-1);
2431 		}
2432 	} else {
2433 		*arpfd_lowstr = -1;
2434 	}
2435 
2436 	if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2437 	    lifr.lifr_ip_muxid)) < 0) {
2438 		Perror0("_I_MUXID2FD");
2439 		/* Undo any changes we made */
2440 		if (*orig_arpid != 0) {
2441 			lifr.lifr_arp_muxid = *orig_arpid;
2442 			(void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2443 		}
2444 		return (-1);
2445 	}
2446 	if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) {
2447 		Perror2("I_PUNLINK", udp_dev_name);
2448 		/* Undo any changes we made */
2449 		if (*orig_arpid != 0) {
2450 			lifr.lifr_arp_muxid = *orig_arpid;
2451 			(void) ioctl(*muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2452 		}
2453 		return (-1);
2454 	}
2455 	return (0);
2456 }
2457 
2458 /*
2459  * Helper function for mod*() functions.  It I_PLINK's back the upper and
2460  * lower IP streams.  Note that this function must be called after
2461  * ip_domux2fd().  In ip_domux2fd(), the global variable lifr is initialized
2462  * and ip_plink() needs information in lifr.  So ip_domux2fd() and ip_plink()
2463  * must be called in pairs.
2464  *
2465  * Param:
2466  *	int muxfd: fd to /dev/udp{,6} for I_PLINK/I_PUNLINK
2467  *	int muxid_fd: fd to /dev/udp{,6} for LIFMUXID
2468  *	int ipfd_lowstr: fd to the lower IP stream.
2469  *	int arpfd_lowstr: fd to the lower ARP stream.
2470  *
2471  * Return:
2472  *	-1 if operation fails, 0 otherwise.
2473  *
2474  * Please see the big block comment above ifplumb() for the logic of the
2475  * PLINK/PUNLINK
2476  */
2477 static int
2478 ip_plink(int muxfd, int muxid_fd, int ipfd_lowstr, int arpfd_lowstr,
2479     int orig_arpid)
2480 {
2481 	int ip_muxid;
2482 
2483 	ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr);
2484 	if (ip_muxid < 0) {
2485 		Perror2("I_PLINK", UDP_DEV_NAME);
2486 		return (-1);
2487 	}
2488 
2489 	/*
2490 	 * If there is an arp stream, plink it. If there is no
2491 	 * arp stream, then it is possible that the plumbing
2492 	 * utility could have stored any value in the arp_muxid.
2493 	 * If so, restore it from orig_arpid.
2494 	 */
2495 	if (arpfd_lowstr != -1) {
2496 		if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) {
2497 			Perror2("I_PLINK", UDP_DEV_NAME);
2498 			return (-1);
2499 		}
2500 	} else if (orig_arpid != 0) {
2501 		/* Undo the changes we did in ip_domux2fd */
2502 		lifr.lifr_arp_muxid = orig_arpid;
2503 		lifr.lifr_ip_muxid = ip_muxid;
2504 		(void) ioctl(muxid_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
2505 	}
2506 
2507 	(void) close(muxfd);
2508 	(void) close(muxid_fd);
2509 	return (0);
2510 }
2511 
2512 /*
2513  * The real function to perform module insertion/removal.
2514  *
2515  * Param:
2516  *	char *arg: the argument string module_name@position
2517  *	char op: operation, either MODINSERT_OP or MODREMOVE_OP.
2518  *
2519  * Return:
2520  *	Before doing ip_domux2fd(), this function calls exit(1) in case of
2521  *	error.  After ip_domux2fd() is done, it returns -1 for error, 0
2522  *	otherwise.
2523  */
2524 static int
2525 modop(char *arg, char op)
2526 {
2527 	char *pos_p;
2528 	int muxfd;
2529 	int muxid_fd;
2530 	int ipfd_lowstr;  /* IP stream (lower stream of mux) to be plinked */
2531 	int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */
2532 	struct strmodconf mod;
2533 	char *at_char = "@";
2534 	char *arg_str;
2535 	int orig_arpid;
2536 
2537 	/*
2538 	 * We'd return -1, but foreachinterface() doesn't propagate the error
2539 	 * into the exit status, so we're forced to explicitly exit().
2540 	 */
2541 	if (!modcheck(name))
2542 		exit(1);
2543 
2544 	/* Need to save the original string for -a option. */
2545 	if ((arg_str = malloc(strlen(arg) + 1)) == NULL) {
2546 		Perror0("cannot malloc");
2547 		return (-1);
2548 	}
2549 	(void) strcpy(arg_str, arg);
2550 
2551 	if (*arg_str == *at_char) {
2552 		(void) fprintf(stderr,
2553 		    "ifconfig: must supply a module name\n");
2554 		exit(1);
2555 	}
2556 	mod.mod_name = strtok(arg_str, at_char);
2557 	if (strlen(mod.mod_name) > FMNAMESZ) {
2558 		(void) fprintf(stderr, "ifconfig: module name too long: %s\n",
2559 		    mod.mod_name);
2560 		exit(1);
2561 	}
2562 
2563 	/*
2564 	 * Need to make sure that the core TCP/IP stack modules are not
2565 	 * removed.  Otherwise, "bad" things can happen.  If a module
2566 	 * is removed and inserted back, it loses its old state.  But
2567 	 * the modules above it still have the old state.  E.g. IP assumes
2568 	 * fast data path while tunnel after re-inserted assumes that it can
2569 	 * receive M_DATA only in fast data path for which it does not have
2570 	 * any state.  This is a general caveat of _I_REMOVE/_I_INSERT.
2571 	 */
2572 	if (op == MODREMOVE_OP &&
2573 	    (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 ||
2574 	    strcmp(mod.mod_name, IP_MOD_NAME) == 0)) {
2575 		(void) fprintf(stderr, "ifconfig: cannot remove %s\n",
2576 		    mod.mod_name);
2577 		exit(1);
2578 	}
2579 
2580 	if ((pos_p = strtok(NULL, at_char)) == NULL) {
2581 		(void) fprintf(stderr, "ifconfig: must supply a position\n");
2582 		exit(1);
2583 	}
2584 	mod.pos = atoi(pos_p);
2585 
2586 	if (ip_domux2fd(&muxfd, &muxid_fd, &ipfd_lowstr, &arpfd_lowstr,
2587 	    &orig_arpid) < 0) {
2588 		free(arg_str);
2589 		return (-1);
2590 	}
2591 	switch (op) {
2592 	case MODINSERT_OP:
2593 		if (debug > 0) {
2594 			(void) printf("Inserting module %s at %d\n",
2595 			    mod.mod_name, mod.pos);
2596 		}
2597 		if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) {
2598 			Perror2("fail to insert module", mod.mod_name);
2599 		}
2600 		break;
2601 	case MODREMOVE_OP:
2602 		if (debug > 0) {
2603 			(void) printf("Removing module %s at %d\n",
2604 			    mod.mod_name, mod.pos);
2605 		}
2606 		if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) {
2607 			Perror2("fail to remove module", mod.mod_name);
2608 		}
2609 		break;
2610 	default:
2611 		/* Should never get to here. */
2612 		(void) fprintf(stderr, "Unknown operation\n");
2613 		break;
2614 	}
2615 	free(arg_str);
2616 	return (ip_plink(muxfd, muxid_fd, ipfd_lowstr, arpfd_lowstr,
2617 	    orig_arpid));
2618 }
2619 
2620 static int
2621 modify_tun(iptun_params_t *params)
2622 {
2623 	dladm_status_t status;
2624 
2625 	if ((status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN,
2626 	    &params->iptun_param_linkid)) == DLADM_STATUS_OK)
2627 		status = dladm_iptun_modify(dlh, params, DLADM_OPT_ACTIVE);
2628 	if (status != DLADM_STATUS_OK)
2629 		dladmerr_exit(status, name);
2630 	return (0);
2631 }
2632 
2633 /*
2634  * Set tunnel source address
2635  */
2636 /* ARGSUSED */
2637 static int
2638 setiftsrc(char *addr, int64_t param)
2639 {
2640 	iptun_params_t params;
2641 
2642 	params.iptun_param_flags = IPTUN_PARAM_LADDR;
2643 	(void) strlcpy(params.iptun_param_laddr, addr,
2644 	    sizeof (params.iptun_param_laddr));
2645 	return (modify_tun(&params));
2646 }
2647 
2648 /*
2649  * Set tunnel destination address
2650  */
2651 /* ARGSUSED */
2652 static int
2653 setiftdst(char *addr, int64_t param)
2654 {
2655 	iptun_params_t params;
2656 
2657 	params.iptun_param_flags = IPTUN_PARAM_RADDR;
2658 	(void) strlcpy(params.iptun_param_raddr, addr,
2659 	    sizeof (params.iptun_param_raddr));
2660 	return (modify_tun(&params));
2661 }
2662 
2663 static int
2664 set_tun_prop(const char *propname, char *value)
2665 {
2666 	dladm_status_t	status;
2667 	datalink_id_t	linkid;
2668 
2669 	status = ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid);
2670 	if (status == DLADM_STATUS_OK) {
2671 		status = dladm_set_linkprop(dlh, linkid, propname, &value, 1,
2672 		    DLADM_OPT_ACTIVE);
2673 	}
2674 	if (status != DLADM_STATUS_OK)
2675 		dladmerr_exit(status, name);
2676 	return (0);
2677 }
2678 
2679 /* Set tunnel encapsulation limit. */
2680 /* ARGSUSED */
2681 static int
2682 set_tun_encap_limit(char *arg, int64_t param)
2683 {
2684 	return (set_tun_prop("encaplimit", arg));
2685 }
2686 
2687 /* Disable encapsulation limit. */
2688 /* ARGSUSED */
2689 static int
2690 clr_tun_encap_limit(char *arg, int64_t param)
2691 {
2692 	return (set_tun_encap_limit("-1", 0));
2693 }
2694 
2695 /* Set tunnel hop limit. */
2696 /* ARGSUSED */
2697 static int
2698 set_tun_hop_limit(char *arg, int64_t param)
2699 {
2700 	return (set_tun_prop("hoplimit", arg));
2701 }
2702 
2703 /* Set zone ID */
2704 static int
2705 setzone(char *arg, int64_t param)
2706 {
2707 	zoneid_t zoneid = GLOBAL_ZONEID;
2708 
2709 	if (param == NEXTARG) {
2710 		/* zone must be active */
2711 		if ((zoneid = getzoneidbyname(arg)) == -1) {
2712 			(void) fprintf(stderr,
2713 			    "ifconfig: unknown zone '%s'\n", arg);
2714 			exit(1);
2715 		}
2716 	}
2717 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2718 	lifr.lifr_zoneid = zoneid;
2719 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2720 		Perror0_exit("SIOCSLIFZONE");
2721 	return (0);
2722 }
2723 
2724 /* Put interface into all zones */
2725 /* ARGSUSED */
2726 static int
2727 setallzones(char *arg, int64_t param)
2728 {
2729 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2730 	lifr.lifr_zoneid = ALL_ZONES;
2731 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2732 		Perror0_exit("SIOCSLIFZONE");
2733 	return (0);
2734 }
2735 
2736 /* Set source address to use */
2737 /* ARGSUSED */
2738 static int
2739 setifsrc(char *arg, int64_t param)
2740 {
2741 	uint_t ifindex = 0;
2742 	int rval;
2743 
2744 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2745 
2746 	/*
2747 	 * Argument can be either an interface name or "none". The latter means
2748 	 * that any previous selection is cleared.
2749 	 */
2750 
2751 	if (strchr(arg, ':') != NULL) {
2752 		(void) fprintf(stderr,
2753 		    "ifconfig: Cannot specify logical interface for usesrc \n");
2754 		exit(1);
2755 	}
2756 
2757 	rval = strcmp(arg, NONE_STR);
2758 	if (rval != 0) {
2759 		if ((ifindex = if_nametoindex(arg)) == 0) {
2760 			(void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ);
2761 			Perror0_exit("Could not get interface index");
2762 		}
2763 		lifr.lifr_index = ifindex;
2764 	} else {
2765 		if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0)
2766 			Perror0_exit("Not a valid usesrc consumer");
2767 		lifr.lifr_index = 0;
2768 	}
2769 
2770 	if (debug)
2771 		(void) printf("setifsrc: lifr_name %s, lifr_index %d\n",
2772 		    lifr.lifr_name, lifr.lifr_index);
2773 
2774 	if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) {
2775 		if (rval == 0)
2776 			Perror0_exit("Cannot reset usesrc group");
2777 		else
2778 			Perror0_exit("Could not set source interface");
2779 	}
2780 
2781 	return (0);
2782 }
2783 
2784 /*
2785  * Print the interface status line associated with `ifname'
2786  */
2787 static void
2788 ifstatus(const char *ifname)
2789 {
2790 	uint64_t flags;
2791 	char if_usesrc_name[LIFNAMSIZ];
2792 	char *newbuf;
2793 	int n, numifs, rval = 0;
2794 	struct lifreq *lifrp;
2795 	struct lifsrcof lifs;
2796 
2797 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2798 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2799 		Perror0_exit("status: SIOCGLIFFLAGS");
2800 	}
2801 	flags = lifr.lifr_flags;
2802 
2803 	/*
2804 	 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or
2805 	 * interfaces with IFF_IPV6 set.
2806 	 */
2807 	if (v4compat) {
2808 		flags &= ~IFF_IPV4;
2809 		if (flags & IFF_IPV6)
2810 			return;
2811 	}
2812 
2813 	(void) printf("%s: ", ifname);
2814 	print_flags(flags);
2815 
2816 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2817 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
2818 		Perror0_exit("status: SIOCGLIFMETRIC");
2819 	} else {
2820 		if (lifr.lifr_metric)
2821 			(void) printf(" metric %d", lifr.lifr_metric);
2822 	}
2823 	if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
2824 		(void) printf(" mtu %u", lifr.lifr_mtu);
2825 
2826 	/* don't print index or zone when in compatibility mode */
2827 	if (!v4compat) {
2828 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
2829 			(void) printf(" index %d", lifr.lifr_index);
2830 		/*
2831 		 * Stack instances use GLOBAL_ZONEID for IP data structures
2832 		 * even in the non-global zone.
2833 		 */
2834 		if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 &&
2835 		    lifr.lifr_zoneid != getzoneid() &&
2836 		    lifr.lifr_zoneid != GLOBAL_ZONEID) {
2837 			char zone_name[ZONENAME_MAX];
2838 
2839 			if (lifr.lifr_zoneid == ALL_ZONES) {
2840 				(void) printf("\n\tall-zones");
2841 			} else if (getzonenamebyid(lifr.lifr_zoneid, zone_name,
2842 			    sizeof (zone_name)) < 0) {
2843 				(void) printf("\n\tzone %d", lifr.lifr_zoneid);
2844 			} else {
2845 				(void) printf("\n\tzone %s", zone_name);
2846 			}
2847 		}
2848 	}
2849 
2850 	if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) {
2851 		lifs.lifs_ifindex = lifr.lifr_index;
2852 
2853 		/*
2854 		 * Find the number of interfaces that use this interfaces'
2855 		 * address as a source address
2856 		 */
2857 		lifs.lifs_buf = NULL;
2858 		lifs.lifs_maxlen = 0;
2859 		for (;;) {
2860 			/* The first pass will give the bufsize we need */
2861 			rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs);
2862 			if (rval < 0) {
2863 				if (lifs.lifs_buf != NULL) {
2864 					free(lifs.lifs_buf);
2865 					lifs.lifs_buf = NULL;
2866 				}
2867 				lifs.lifs_len = 0;
2868 				break;
2869 			}
2870 			if (lifs.lifs_len <= lifs.lifs_maxlen)
2871 				break;
2872 			/* Use kernel's size + a small margin to avoid loops */
2873 			lifs.lifs_maxlen = lifs.lifs_len +
2874 			    5 * sizeof (struct lifreq);
2875 			/* For the first pass, realloc acts like malloc */
2876 			newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen);
2877 			if (newbuf == NULL) {
2878 				if (lifs.lifs_buf != NULL) {
2879 					free(lifs.lifs_buf);
2880 					lifs.lifs_buf = NULL;
2881 				}
2882 				lifs.lifs_len = 0;
2883 				break;
2884 			}
2885 			lifs.lifs_buf = newbuf;
2886 		}
2887 
2888 
2889 		numifs = lifs.lifs_len / sizeof (struct lifreq);
2890 		if (numifs > 0) {
2891 			lifrp = lifs.lifs_req;
2892 			(void) printf("\n\tsrcof");
2893 			for (n = numifs; n > 0; n--, lifrp++) {
2894 				(void) printf(" %s", lifrp->lifr_name);
2895 			}
2896 		}
2897 
2898 		if (lifs.lifs_buf != NULL)
2899 			free(lifs.lifs_buf);
2900 	}
2901 
2902 	/* Find the interface whose source address this interface uses */
2903 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
2904 		if (lifr.lifr_index != 0) {
2905 			if (if_indextoname(lifr.lifr_index,
2906 			    if_usesrc_name) == NULL) {
2907 				(void) printf("\n\tusesrc ifIndex %d",
2908 				    lifr.lifr_index);
2909 			} else {
2910 				(void) printf("\n\tusesrc %s", if_usesrc_name);
2911 			}
2912 		}
2913 	}
2914 
2915 	(void) putchar('\n');
2916 }
2917 
2918 /*
2919  * Print the status of the interface.  If an address family was
2920  * specified, show it and it only; otherwise, show them all.
2921  */
2922 static void
2923 status(void)
2924 {
2925 	struct afswtch	*p = afp;
2926 	uint64_t	flags;
2927 	datalink_id_t	linkid;
2928 
2929 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2930 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2931 		Perror0_exit("status: SIOCGLIFFLAGS");
2932 	}
2933 
2934 	flags = lifr.lifr_flags;
2935 
2936 	/*
2937 	 * Only print the interface status if the address family matches
2938 	 * the interface family flag.
2939 	 */
2940 	if (p != NULL) {
2941 		if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) ||
2942 		    ((p->af_af == AF_INET) && (flags & IFF_IPV6)))
2943 			return;
2944 	}
2945 
2946 	/*
2947 	 * In V4 compatibility mode, don't print IFF_IPV6 interfaces.
2948 	 */
2949 	if (v4compat && (flags & IFF_IPV6))
2950 		return;
2951 
2952 	ifstatus(name);
2953 
2954 	if (ifconfig_dladm_open(name, DATALINK_CLASS_IPTUN, &linkid) ==
2955 	    DLADM_STATUS_OK)
2956 		tun_status(linkid);
2957 
2958 	if (p != NULL) {
2959 		(*p->af_status)(1, flags);
2960 	} else {
2961 		for (p = afs; p->af_name; p++) {
2962 			/* set global af for use in p->af_status */
2963 			af = p->af_af;
2964 			(*p->af_status)(0, flags);
2965 		}
2966 
2967 		/*
2968 		 * Historically, 'ether' has been an address family,
2969 		 * so print it here.
2970 		 */
2971 		print_ifether(name);
2972 	}
2973 }
2974 
2975 /*
2976  * Print the status of the interface in a format that can be used to
2977  * reconfigure the interface later. Code stolen from status() above.
2978  */
2979 /* ARGSUSED */
2980 static int
2981 configinfo(char *null, int64_t param)
2982 {
2983 	char *cp;
2984 	struct afswtch *p = afp;
2985 	uint64_t flags;
2986 	char lifname[LIFNAMSIZ];
2987 	char if_usesrc_name[LIFNAMSIZ];
2988 
2989 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2990 
2991 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2992 		Perror0_exit("status: SIOCGLIFFLAGS");
2993 	}
2994 	flags = lifr.lifr_flags;
2995 
2996 	if (debug) {
2997 		(void) printf("configinfo: name %s flags  0x%llx af_af %d\n",
2998 		    name, flags, p != NULL ? p->af_af : -1);
2999 	}
3000 
3001 	/*
3002 	 * Build the interface name to print (we can't directly use `name'
3003 	 * because one cannot "plumb" ":0" interfaces).
3004 	 */
3005 	(void) strlcpy(lifname, name, LIFNAMSIZ);
3006 	if ((cp = strchr(lifname, ':')) != NULL && atoi(cp + 1) == 0)
3007 		*cp = '\0';
3008 
3009 	/*
3010 	 * if the interface is IPv4
3011 	 *	if we have a IPv6 address family restriction return
3012 	 *		so it won't print
3013 	 *	if we are in IPv4 compatibility mode, clear out IFF_IPV4
3014 	 *		so we don't print it.
3015 	 */
3016 	if (flags & IFF_IPV4) {
3017 		if (p && p->af_af == AF_INET6)
3018 			return (-1);
3019 		if (v4compat)
3020 			flags &= ~IFF_IPV4;
3021 
3022 		(void) printf("%s inet plumb", lifname);
3023 	} else if (flags & IFF_IPV6) {
3024 		/*
3025 		 * else if the interface is IPv6
3026 		 *	if we have a IPv4 address family restriction return
3027 		 *	or we are in IPv4 compatibiltiy mode, return.
3028 		 */
3029 		if (p && p->af_af == AF_INET)
3030 			return (-1);
3031 		if (v4compat)
3032 			return (-1);
3033 
3034 		(void) printf("%s inet6 plumb", lifname);
3035 	}
3036 
3037 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3038 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
3039 		Perror0_exit("configinfo: SIOCGLIFMETRIC");
3040 	} else {
3041 		if (lifr.lifr_metric)
3042 			(void) printf(" metric %d ", lifr.lifr_metric);
3043 	}
3044 	if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) &&
3045 	    ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
3046 		(void) printf(" mtu %d", lifr.lifr_metric);
3047 
3048 	/* Index only applies to the zeroth interface */
3049 	if (lifnum(name) == 0) {
3050 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
3051 			(void) printf(" index %d", lifr.lifr_index);
3052 	}
3053 
3054 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
3055 		if (lifr.lifr_index != 0) {
3056 			if (if_indextoname(lifr.lifr_index,
3057 			    if_usesrc_name) != NULL) {
3058 				(void) printf(" usesrc %s", if_usesrc_name);
3059 			}
3060 		}
3061 	}
3062 
3063 	if (p != NULL) {
3064 		(*p->af_configinfo)(1, flags);
3065 	} else {
3066 		for (p = afs; p->af_name; p++) {
3067 			(void) close(s);
3068 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
3069 			/* set global af for use in p->af_configinfo */
3070 			af = p->af_af;
3071 			if (s == -1) {
3072 				Perror0_exit("socket");
3073 			}
3074 			(*p->af_configinfo)(0, flags);
3075 		}
3076 	}
3077 
3078 	(void) putchar('\n');
3079 	return (0);
3080 }
3081 
3082 static void
3083 print_tsec(iptun_params_t *params)
3084 {
3085 	ipsec_req_t *ipsr;
3086 
3087 	(void) printf("\ttunnel security settings  ");
3088 	if (!(params->iptun_param_flags & IPTUN_PARAM_SECINFO)) {
3089 		(void) printf("-->  use 'ipsecconf -ln -i %s'", name);
3090 	} else {
3091 		ipsr = &params->iptun_param_secinfo;
3092 		if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) {
3093 			(void) printf("ah (%s)  ",
3094 			    rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH));
3095 		}
3096 		if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) {
3097 			(void) printf("esp (%s",
3098 			    rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP));
3099 			(void) printf("/%s)",
3100 			    rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH));
3101 		}
3102 	}
3103 	(void) printf("\n");
3104 }
3105 
3106 static void
3107 tun_status(datalink_id_t linkid)
3108 {
3109 	iptun_params_t	params;
3110 	char		propval[DLADM_PROP_VAL_MAX];
3111 	char		*valptr[1];
3112 	uint_t		valcnt = 1;
3113 	boolean_t	tabbed = _B_FALSE;
3114 
3115 	params.iptun_param_linkid = linkid;
3116 
3117 	/* If dladm_iptun_getparams() fails, assume we are not a tunnel. */
3118 	assert(dlh_opened);
3119 	if (dladm_iptun_getparams(dlh, &params, DLADM_OPT_ACTIVE) !=
3120 	    DLADM_STATUS_OK)
3121 		return;
3122 
3123 	switch (params.iptun_param_type) {
3124 	case IPTUN_TYPE_IPV4:
3125 	case IPTUN_TYPE_6TO4:
3126 		(void) printf("\tinet");
3127 		break;
3128 	case IPTUN_TYPE_IPV6:
3129 		(void) printf("\tinet6");
3130 		break;
3131 	default:
3132 		dladmerr_exit(DLADM_STATUS_IPTUNTYPE, name);
3133 		break;
3134 	}
3135 
3136 	/*
3137 	 * There is always a source address.  If it hasn't been explicitly
3138 	 * set, the API will pass back a buffer containing the unspecified
3139 	 * address.
3140 	 */
3141 	(void) printf(" tunnel src %s ", params.iptun_param_laddr);
3142 
3143 	if (params.iptun_param_flags & IPTUN_PARAM_RADDR)
3144 		(void) printf("tunnel dst %s\n", params.iptun_param_raddr);
3145 	else
3146 		(void) putchar('\n');
3147 
3148 	if (params.iptun_param_flags & IPTUN_PARAM_IPSECPOL)
3149 		print_tsec(&params);
3150 
3151 	valptr[0] = propval;
3152 	if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT, "hoplimit",
3153 	    (char **)valptr, &valcnt) == DLADM_STATUS_OK) {
3154 		(void) printf("\ttunnel hop limit %s ", propval);
3155 		tabbed = _B_TRUE;
3156 	}
3157 
3158 	if (dladm_get_linkprop(dlh, linkid, DLADM_PROP_VAL_CURRENT,
3159 	    "encaplimit", (char **)valptr, &valcnt) == DLADM_STATUS_OK) {
3160 		uint32_t elim;
3161 
3162 		if (!tabbed) {
3163 			(void) putchar('\t');
3164 			tabbed = _B_TRUE;
3165 		}
3166 		elim = strtol(propval, NULL, 10);
3167 		if (elim > 0)
3168 			(void) printf("tunnel encapsulation limit %s", propval);
3169 		else
3170 			(void) printf("tunnel encapsulation limit disabled");
3171 	}
3172 
3173 	if (tabbed)
3174 		(void) putchar('\n');
3175 }
3176 
3177 static void
3178 in_status(int force, uint64_t flags)
3179 {
3180 	struct sockaddr_in	*sin, *laddr;
3181 	struct sockaddr_in	netmask = { AF_INET };
3182 
3183 	if (debug)
3184 		(void) printf("in_status(%s) flags 0x%llx\n", name, flags);
3185 
3186 	/* only print status for IPv4 interfaces */
3187 	if (!(flags & IFF_IPV4))
3188 		return;
3189 
3190 	if (!(flags & IFF_NOLOCAL)) {
3191 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3192 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3193 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3194 			    errno == ENXIO) {
3195 				if (!force)
3196 					return;
3197 				(void) memset(&lifr.lifr_addr, 0,
3198 				    sizeof (lifr.lifr_addr));
3199 			} else
3200 				Perror0_exit("in_status: SIOCGLIFADDR");
3201 		}
3202 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3203 		(void) printf("\tinet %s ", inet_ntoa(sin->sin_addr));
3204 		laddr = sin;
3205 	} else {
3206 		(void) printf("\tinet ");
3207 	}
3208 
3209 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3210 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3211 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3212 		    errno == ENXIO) {
3213 			if (!force)
3214 				return;
3215 			(void) memset(&lifr.lifr_addr, 0,
3216 			    sizeof (lifr.lifr_addr));
3217 		} else {
3218 			Perror0_exit("in_status: SIOCGLIFSUBNET");
3219 		}
3220 	}
3221 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3222 	if ((flags & IFF_NOLOCAL) ||
3223 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3224 		(void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr),
3225 		    lifr.lifr_addrlen);
3226 	}
3227 	if (sin->sin_family != AF_INET) {
3228 		(void) printf("Wrong family: %d\n", sin->sin_family);
3229 	}
3230 
3231 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3232 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3233 		if (errno != EADDRNOTAVAIL)
3234 			Perror0_exit("in_status: SIOCGLIFNETMASK");
3235 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3236 	} else
3237 		netmask.sin_addr =
3238 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3239 	if (flags & IFF_POINTOPOINT) {
3240 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3241 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3242 			if (errno == EADDRNOTAVAIL)
3243 				(void) memset(&lifr.lifr_addr, 0,
3244 				    sizeof (lifr.lifr_addr));
3245 			else
3246 				Perror0_exit("in_status: SIOCGLIFDSTADDR");
3247 		}
3248 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3249 		(void) printf("--> %s ", inet_ntoa(sin->sin_addr));
3250 	}
3251 	(void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr));
3252 	if (flags & IFF_BROADCAST) {
3253 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3254 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3255 			if (errno == EADDRNOTAVAIL)
3256 				(void) memset(&lifr.lifr_addr, 0,
3257 				    sizeof (lifr.lifr_addr));
3258 			else
3259 				Perror0_exit("in_status: SIOCGLIFBRDADDR");
3260 		}
3261 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3262 		if (sin->sin_addr.s_addr != 0) {
3263 			(void) printf("broadcast %s",
3264 			    inet_ntoa(sin->sin_addr));
3265 		}
3266 	}
3267 	/* If there is a groupname, print it for only the physical interface */
3268 	if (strchr(name, ':') == NULL) {
3269 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3270 		    lifr.lifr_groupname[0] != '\0') {
3271 			(void) printf("\n\tgroupname %s", lifr.lifr_groupname);
3272 		}
3273 	}
3274 	(void) putchar('\n');
3275 }
3276 
3277 static void
3278 in6_status(int force, uint64_t flags)
3279 {
3280 	char			abuf[INET6_ADDRSTRLEN];
3281 	struct sockaddr_in6	*sin6, *laddr6;
3282 
3283 	if (debug)
3284 		(void) printf("in6_status(%s) flags 0x%llx\n", name, flags);
3285 
3286 	if (!(flags & IFF_IPV6))
3287 		return;
3288 
3289 	if (!(flags & IFF_NOLOCAL)) {
3290 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3291 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3292 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3293 			    errno == ENXIO) {
3294 				if (!force)
3295 					return;
3296 				(void) memset(&lifr.lifr_addr, 0,
3297 				    sizeof (lifr.lifr_addr));
3298 			} else
3299 				Perror0_exit("in_status6: SIOCGLIFADDR");
3300 		}
3301 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3302 		(void) printf("\tinet6 %s/%d ",
3303 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3304 		    abuf, sizeof (abuf)),
3305 		    lifr.lifr_addrlen);
3306 		laddr6 = sin6;
3307 	} else {
3308 		(void) printf("\tinet6 ");
3309 	}
3310 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3311 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3312 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3313 		    errno == ENXIO) {
3314 			if (!force)
3315 				return;
3316 			(void) memset(&lifr.lifr_addr, 0,
3317 			    sizeof (lifr.lifr_addr));
3318 		} else
3319 			Perror0_exit("in_status6: SIOCGLIFSUBNET");
3320 	}
3321 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3322 	if ((flags & IFF_NOLOCAL) ||
3323 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3324 		(void) printf("subnet %s/%d ",
3325 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3326 		    abuf, sizeof (abuf)),
3327 		    lifr.lifr_addrlen);
3328 	}
3329 	if (sin6->sin6_family != AF_INET6) {
3330 		(void) printf("Wrong family: %d\n", sin6->sin6_family);
3331 	}
3332 	if (flags & IFF_POINTOPOINT) {
3333 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3334 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3335 			if (errno == EADDRNOTAVAIL)
3336 				(void) memset(&lifr.lifr_addr, 0,
3337 				    sizeof (lifr.lifr_addr));
3338 			else
3339 				Perror0_exit("in_status6: SIOCGLIFDSTADDR");
3340 		}
3341 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3342 		(void) printf("--> %s ",
3343 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3344 		    abuf, sizeof (abuf)));
3345 	}
3346 	if (verbose) {
3347 		(void) putchar('\n');
3348 		(void) putchar('\t');
3349 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3350 		if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3351 			if (errno == EADDRNOTAVAIL || errno == EINVAL)
3352 				(void) memset(&lifr.lifr_addr, 0,
3353 				    sizeof (lifr.lifr_addr));
3354 			else
3355 				Perror0_exit("in_status6: SIOCGLIFTOKEN");
3356 		} else {
3357 			sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3358 			(void) printf("token %s/%d ",
3359 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3360 			    abuf, sizeof (abuf)),
3361 			    lifr.lifr_addrlen);
3362 		}
3363 		if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) {
3364 			if (errno != EINVAL) {
3365 				Perror0_exit("in_status6: SIOCGLIFLNKINFO");
3366 			}
3367 		} else {
3368 			(void) printf("maxhops %u, reachtime %u ms, "
3369 			    "reachretrans %u ms, maxmtu %u ",
3370 			    lifr.lifr_ifinfo.lir_maxhops,
3371 			    lifr.lifr_ifinfo.lir_reachtime,
3372 			    lifr.lifr_ifinfo.lir_reachretrans,
3373 			    lifr.lifr_ifinfo.lir_maxmtu);
3374 		}
3375 	}
3376 	/* If there is a groupname, print it for only the physical interface */
3377 	if (strchr(name, ':') == NULL) {
3378 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3379 		    lifr.lifr_groupname[0] != '\0') {
3380 			(void) printf("\n\tgroupname %s", lifr.lifr_groupname);
3381 		}
3382 	}
3383 	(void) putchar('\n');
3384 }
3385 
3386 static void
3387 in_configinfo(int force, uint64_t flags)
3388 {
3389 	struct sockaddr_in *sin, *laddr;
3390 	struct	sockaddr_in netmask = { AF_INET };
3391 
3392 	if (debug)
3393 		(void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags);
3394 
3395 	/* only configinfo info for IPv4 interfaces */
3396 	if (!(flags & IFF_IPV4))
3397 		return;
3398 
3399 	if (!(flags & IFF_NOLOCAL)) {
3400 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3401 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3402 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3403 			    errno == ENXIO) {
3404 				if (!force)
3405 					return;
3406 				(void) memset(&lifr.lifr_addr, 0,
3407 				    sizeof (lifr.lifr_addr));
3408 			} else
3409 				Perror0_exit("in_configinfo: SIOCGLIFADDR");
3410 		}
3411 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3412 		(void) printf(" set %s ", inet_ntoa(sin->sin_addr));
3413 		laddr = sin;
3414 	}
3415 
3416 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3417 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3418 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3419 		    errno == ENXIO) {
3420 			if (!force)
3421 				return;
3422 			(void) memset(&lifr.lifr_addr, 0,
3423 			    sizeof (lifr.lifr_addr));
3424 		} else {
3425 			Perror0_exit("in_configinfo: SIOCGLIFSUBNET");
3426 		}
3427 	}
3428 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3429 
3430 	if ((flags & IFF_NOLOCAL) ||
3431 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3432 		(void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr),
3433 		    lifr.lifr_addrlen);
3434 	}
3435 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3436 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3437 		if (errno != EADDRNOTAVAIL)
3438 			Perror0_exit("in_configinfo: SIOCGLIFNETMASK");
3439 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3440 	} else
3441 		netmask.sin_addr =
3442 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3443 	if (flags & IFF_POINTOPOINT) {
3444 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3445 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3446 			if (errno == EADDRNOTAVAIL)
3447 				(void) memset(&lifr.lifr_addr, 0,
3448 				    sizeof (lifr.lifr_addr));
3449 			else
3450 				Perror0_exit("in_configinfo: SIOCGLIFDSTADDR");
3451 		}
3452 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3453 		(void) printf(" destination %s ", inet_ntoa(sin->sin_addr));
3454 	}
3455 	(void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr));
3456 	if (flags & IFF_BROADCAST) {
3457 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3458 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3459 			if (errno == EADDRNOTAVAIL)
3460 				(void) memset(&lifr.lifr_addr, 0,
3461 				    sizeof (lifr.lifr_addr));
3462 			else
3463 				Perror0_exit("in_configinfo: SIOCGLIFBRDADDR");
3464 		}
3465 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3466 		if (sin->sin_addr.s_addr != 0) {
3467 			(void) printf(" broadcast %s ",
3468 			    inet_ntoa(sin->sin_addr));
3469 		}
3470 	}
3471 
3472 	/* If there is a groupname, print it for only the zeroth interface */
3473 	if (lifnum(name) == 0) {
3474 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3475 		    lifr.lifr_groupname[0] != '\0') {
3476 			(void) printf(" group %s ", lifr.lifr_groupname);
3477 		}
3478 	}
3479 
3480 	/* Print flags to configure */
3481 	print_config_flags(AF_INET, flags);
3482 }
3483 
3484 static void
3485 in6_configinfo(int force, uint64_t flags)
3486 {
3487 	char abuf[INET6_ADDRSTRLEN];
3488 	struct sockaddr_in6 *sin6, *laddr6;
3489 
3490 	if (debug)
3491 		(void) printf("in6_configinfo(%s) flags 0x%llx\n", name,
3492 		    flags);
3493 
3494 	if (!(flags & IFF_IPV6))
3495 		return;
3496 
3497 	if (!(flags & IFF_NOLOCAL)) {
3498 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3499 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3500 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3501 			    errno == ENXIO) {
3502 				if (!force)
3503 					return;
3504 				(void) memset(&lifr.lifr_addr, 0,
3505 				    sizeof (lifr.lifr_addr));
3506 			} else
3507 				Perror0_exit("in6_configinfo: SIOCGLIFADDR");
3508 		}
3509 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3510 		(void) printf(" set %s/%d ",
3511 		    inet_ntop(AF_INET6, &sin6->sin6_addr, abuf, sizeof (abuf)),
3512 		    lifr.lifr_addrlen);
3513 		laddr6 = sin6;
3514 	}
3515 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3516 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3517 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3518 		    errno == ENXIO) {
3519 			if (!force)
3520 				return;
3521 			(void) memset(&lifr.lifr_addr, 0,
3522 			    sizeof (lifr.lifr_addr));
3523 		} else
3524 			Perror0_exit("in6_configinfo: SIOCGLIFSUBNET");
3525 	}
3526 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3527 	if ((flags & IFF_NOLOCAL) ||
3528 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3529 		(void) printf(" subnet %s/%d ",
3530 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3531 		    abuf, sizeof (abuf)),
3532 		    lifr.lifr_addrlen);
3533 	}
3534 
3535 	if (flags & IFF_POINTOPOINT) {
3536 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3537 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3538 			if (errno == EADDRNOTAVAIL)
3539 				(void) memset(&lifr.lifr_addr, 0,
3540 				    sizeof (lifr.lifr_addr));
3541 			else
3542 				Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR");
3543 		}
3544 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3545 		(void) printf(" destination %s ",
3546 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3547 		    abuf, sizeof (abuf)));
3548 	}
3549 
3550 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3551 	if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3552 		if (errno == EADDRNOTAVAIL || errno == EINVAL)
3553 			(void) memset(&lifr.lifr_addr, 0,
3554 			    sizeof (lifr.lifr_addr));
3555 		else
3556 			Perror0_exit("in6_configinfo: SIOCGLIFTOKEN");
3557 	} else {
3558 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3559 		(void) printf(" token %s/%d ",
3560 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3561 		    abuf, sizeof (abuf)),
3562 		    lifr.lifr_addrlen);
3563 	}
3564 
3565 	/* If there is a groupname, print it for only the zeroth interface */
3566 	if (lifnum(name) == 0) {
3567 		if (ioctl(s, SIOCGLIFGROUPNAME, &lifr) >= 0 &&
3568 		    lifr.lifr_groupname[0] != '\0') {
3569 			(void) printf(" group %s ", lifr.lifr_groupname);
3570 		}
3571 	}
3572 
3573 	/* Print flags to configure */
3574 	print_config_flags(AF_INET6, flags);
3575 }
3576 
3577 /*
3578  * If this is a physical interface then remove it.
3579  * If it is a logical interface name use SIOCLIFREMOVEIF to
3580  * remove it. In both cases fail if it doesn't exist.
3581  */
3582 /* ARGSUSED */
3583 static int
3584 inetunplumb(char *arg, int64_t param)
3585 {
3586 	ipadm_status_t	istatus;
3587 
3588 	istatus = ipadm_delete_if(iph, name, afp->af_af, IPADM_OPT_ACTIVE);
3589 	if (istatus != IPADM_SUCCESS) {
3590 		(void) fprintf(stderr, "ifconfig: cannot unplumb %s: %s\n",
3591 		    name, ipadm_status2str(istatus));
3592 		exit(1);
3593 	}
3594 
3595 	return (0);
3596 }
3597 
3598 /*
3599  * Create the interface in `name', using ipadm_create_if(). If `name' is a
3600  * logical interface or loopback interface, ipadm_create_if() uses
3601  * SIOCLIFADDIF to create it.
3602  */
3603 /* ARGSUSED */
3604 static int
3605 inetplumb(char *arg, int64_t param)
3606 {
3607 	ipadm_status_t	istatus;
3608 
3609 	istatus = ipadm_create_if(iph, name, afp->af_af, IPADM_OPT_ACTIVE);
3610 	if (istatus != IPADM_SUCCESS) {
3611 		(void) fprintf(stderr, "ifconfig: cannot plumb %s: %s\n",
3612 		    name, ipadm_status2str(istatus));
3613 		if (istatus != IPADM_IF_EXISTS)
3614 			exit(1);
3615 	}
3616 	return (0);
3617 }
3618 
3619 /* ARGSUSED */
3620 static int
3621 inetipmp(char *arg, int64_t param)
3622 {
3623 	int retval;
3624 
3625 	/*
3626 	 * Treat e.g. "ifconfig ipmp0:2 ipmp" as "ifconfig ipmp0:2 plumb".
3627 	 * Otherwise, try to create the requested IPMP interface.
3628 	 */
3629 	if (strchr(name, ':') != NULL)
3630 		retval = inetplumb(arg, param);
3631 	else
3632 		retval = create_ipmp(name, afp->af_af, name, _B_FALSE);
3633 
3634 	/*
3635 	 * We'd return -1, but foreachinterface() doesn't propagate the error
3636 	 * into the exit status, so we're forced to explicitly exit().
3637 	 */
3638 	if (retval == -1)
3639 		exit(1);
3640 	return (0);
3641 }
3642 
3643 /*
3644  * Create an IPMP group `grname' with address family `af'.  If `ifname' is
3645  * non-NULL, it specifies the interface name to use.  Otherwise, use the name
3646  * ipmpN, where N corresponds to the lowest available integer.  If `implicit'
3647  * is set, then the group is being created as a side-effect of placing an
3648  * underlying interface in a group.  Also start in.mpathd if necessary.
3649  */
3650 static int
3651 create_ipmp(const char *grname, int af, const char *ifname, boolean_t implicit)
3652 {
3653 	static int ipmp_daemon_started;
3654 	uint32_t flags = IPADM_OPT_IPMP|IPADM_OPT_ACTIVE;
3655 	ipadm_status_t istatus;
3656 
3657 	if (debug) {
3658 		(void) printf("create_ipmp: ifname %s grname %s af %d\n",
3659 		    ifname != NULL ? ifname : "NULL", grname, af);
3660 	}
3661 
3662 	/*
3663 	 * ipadm_create_if() creates the IPMP interface and fills in the
3664 	 * ppa in lifr.lifr_name, if `ifname'="ipmp".
3665 	 */
3666 	(void) strlcpy(lifr.lifr_name, (ifname ? ifname : "ipmp"),
3667 	    sizeof (lifr.lifr_name));
3668 	if (ifname == NULL)
3669 		flags |= IPADM_OPT_GENPPA;
3670 	istatus = ipadm_create_if(iph, lifr.lifr_name, af, flags);
3671 	if (istatus != IPADM_SUCCESS) {
3672 		(void) fprintf(stderr, "ifconfig: cannot create IPMP interface "
3673 		    "%s: %s\n", grname, ipadm_status2str(istatus));
3674 		return (-1);
3675 	}
3676 
3677 	/*
3678 	 * To preserve backward-compatibility, always bring up the link-local
3679 	 * address for implicitly-created IPv6 IPMP interfaces.
3680 	 */
3681 	if (implicit && af == AF_INET6) {
3682 		if (ioctl(s6, SIOCGLIFFLAGS, &lifr) == 0) {
3683 			lifr.lifr_flags |= IFF_UP;
3684 			(void) ioctl(s6, SIOCSLIFFLAGS, &lifr);
3685 		}
3686 	}
3687 
3688 	/*
3689 	 * If the caller requested a different group name, issue a
3690 	 * SIOCSLIFGROUPNAME on the new IPMP interface.
3691 	 */
3692 	if (strcmp(lifr.lifr_name, grname) != 0) {
3693 		(void) strlcpy(lifr.lifr_groupname, grname, LIFGRNAMSIZ);
3694 		if (ioctl(s, SIOCSLIFGROUPNAME, &lifr) == -1) {
3695 			Perror0("SIOCSLIFGROUPNAME");
3696 			return (-1);
3697 		}
3698 	}
3699 
3700 	/*
3701 	 * If we haven't done so yet, ensure in.mpathd is started.
3702 	 */
3703 	if (ipmp_daemon_started++ == 0)
3704 		start_ipmp_daemon();
3705 
3706 	return (0);
3707 }
3708 
3709 /*
3710  * Start in.mpathd if it's not already running.
3711  */
3712 static void
3713 start_ipmp_daemon(void)
3714 {
3715 	int retval;
3716 	ipmp_handle_t ipmp_handle;
3717 
3718 	/*
3719 	 * Ping in.mpathd to see if it's running already.
3720 	 */
3721 	if ((retval = ipmp_open(&ipmp_handle)) != IPMP_SUCCESS) {
3722 		(void) fprintf(stderr, "ifconfig: cannot create IPMP handle: "
3723 		    "%s\n", ipmp_errmsg(retval));
3724 		return;
3725 	}
3726 
3727 	retval = ipmp_ping_daemon(ipmp_handle);
3728 	ipmp_close(ipmp_handle);
3729 
3730 	switch (retval) {
3731 	case IPMP_ENOMPATHD:
3732 		break;
3733 	case IPMP_SUCCESS:
3734 		return;
3735 	default:
3736 		(void) fprintf(stderr, "ifconfig: cannot ping in.mpathd: %s\n",
3737 		    ipmp_errmsg(retval));
3738 		break;
3739 	}
3740 
3741 	/*
3742 	 * Start in.mpathd.  Note that in.mpathd will handle multiple
3743 	 * incarnations (ipmp_ping_daemon() is just an optimization) so we
3744 	 * don't need to worry about racing with another ifconfig process.
3745 	 */
3746 	switch (fork()) {
3747 	case -1:
3748 		Perror0_exit("start_ipmp_daemon: fork");
3749 		/* NOTREACHED */
3750 	case 0:
3751 		(void) execl(MPATHD_PATH, MPATHD_PATH, NULL);
3752 		_exit(1);
3753 		/* NOTREACHED */
3754 	default:
3755 		break;
3756 	}
3757 }
3758 
3759 /*
3760  * Bring the address named by `ifaddrp' up or down.  Doesn't trust any mutable
3761  * values in ia_flags since they may be stale.
3762  */
3763 static boolean_t
3764 ifaddr_op(ifaddrlistx_t *ifaddrp, boolean_t up)
3765 {
3766 	struct lifreq	lifrl;	/* Local lifreq struct */
3767 	int		fd = (ifaddrp->ia_flags & IFF_IPV4) ? s4 : s6;
3768 
3769 	(void) memset(&lifrl, 0, sizeof (lifrl));
3770 	(void) strlcpy(lifrl.lifr_name, ifaddrp->ia_name, LIFNAMSIZ);
3771 	if (ioctl(fd, SIOCGLIFFLAGS, &lifrl) == -1)
3772 		return (_B_FALSE);
3773 
3774 	if (up)
3775 		lifrl.lifr_flags |= IFF_UP;
3776 	else
3777 		lifrl.lifr_flags &= ~IFF_UP;
3778 
3779 	if (ioctl(fd, SIOCSLIFFLAGS, &lifrl) == -1)
3780 		return (_B_FALSE);
3781 
3782 	/*
3783 	 * If we're trying to bring the address down, ensure that DAD activity
3784 	 * (observable by IFF_DUPLICATE) has also been stopped.
3785 	 */
3786 	if (!up && ioctl(fd, SIOCGLIFFLAGS, &lifrl) != -1 &&
3787 	    lifrl.lifr_flags & IFF_DUPLICATE) {
3788 		if (ioctl(fd, SIOCGLIFADDR, &lifrl) == -1 ||
3789 		    ioctl(fd, SIOCSLIFADDR, &lifrl) == -1) {
3790 			return (_B_FALSE);
3791 		}
3792 	}
3793 	return (_B_TRUE);
3794 }
3795 
3796 static boolean_t
3797 ifaddr_up(ifaddrlistx_t *ifaddrp)
3798 {
3799 	return (ifaddr_op(ifaddrp, _B_TRUE));
3800 }
3801 
3802 static boolean_t
3803 ifaddr_down(ifaddrlistx_t *ifaddrp)
3804 {
3805 	return (ifaddr_op(ifaddrp, _B_FALSE));
3806 }
3807 
3808 /*
3809  * Open the global libdladm handle "dlh" if it isn't already opened.  The
3810  * caller may optionally supply a link name to obtain its linkid.  If a link
3811  * of a specific class or classes is required, reqclass specifies the class
3812  * mask.
3813  */
3814 static dladm_status_t
3815 ifconfig_dladm_open(const char *name, datalink_class_t reqclass,
3816     datalink_id_t *linkid)
3817 {
3818 	dladm_status_t status = DLADM_STATUS_OK;
3819 	datalink_class_t class;
3820 
3821 	if (!dlh_opened) {
3822 		if ((status = dladm_open(&dlh)) != DLADM_STATUS_OK)
3823 			return (status);
3824 		dlh_opened = _B_TRUE;
3825 	}
3826 	if (name != NULL) {
3827 		status = dladm_name2info(dlh, name, linkid, NULL, &class, NULL);
3828 		if (status == DLADM_STATUS_OK) {
3829 			if (!(class & reqclass))
3830 				status = DLADM_STATUS_LINKINVAL;
3831 		}
3832 	}
3833 	return (status);
3834 }
3835 
3836 /*
3837  * This function checks if we can use libipadm API's. We will only
3838  * call libipadm functions for non-IPMP interfaces. This check is
3839  * temporary until libipadm supports IPMP interfaces.
3840  */
3841 static boolean_t
3842 ifconfig_use_libipadm(int s, const char *lifname)
3843 {
3844 	struct lifreq lifr1;
3845 
3846 	(void) strlcpy(lifr1.lifr_name, lifname, sizeof (lifr1.lifr_name));
3847 	if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr1) < 0) {
3848 		(void) strncpy(lifr.lifr_name, lifname,
3849 		    sizeof (lifr.lifr_name));
3850 		Perror0_exit("error");
3851 	}
3852 
3853 	return (lifr1.lifr_groupname[0] == '\0');
3854 }
3855 
3856 static void
3857 ipadmerr_exit(ipadm_status_t status, const char *str)
3858 {
3859 	(void) fprintf(stderr, "ifconfig: %s: %s\n", str,
3860 	    ipadm_status2str(status));
3861 	exit(1);
3862 }
3863 
3864 static void
3865 dladmerr_exit(dladm_status_t status, const char *str)
3866 {
3867 	char errstr[DLADM_STRSIZE];
3868 
3869 	(void) fprintf(stderr, "%s: %s\n", str,
3870 	    dladm_status2str(status, errstr));
3871 	exit(1);
3872 }
3873 
3874 void
3875 Perror0(const char *cmd)
3876 {
3877 	Perror2(cmd, lifr.lifr_name);
3878 }
3879 
3880 void
3881 Perror0_exit(const char *cmd)
3882 {
3883 	Perror0(cmd);
3884 	exit(1);
3885 }
3886 
3887 void
3888 Perror2(const char *cmd, const char *str)
3889 {
3890 	int error = errno;
3891 
3892 	(void) fprintf(stderr, "ifconfig: %s: ", cmd);
3893 
3894 	switch (error) {
3895 	case ENXIO:
3896 		(void) fprintf(stderr, "%s: no such interface\n", str);
3897 		break;
3898 	case EPERM:
3899 		(void) fprintf(stderr, "%s: permission denied\n", str);
3900 		break;
3901 	case EEXIST:
3902 		(void) fprintf(stderr, "%s: already exists\n", str);
3903 		break;
3904 	case ENAMETOOLONG:
3905 		(void) fprintf(stderr, "%s: interface name too long\n", str);
3906 		break;
3907 	case ERANGE:
3908 		(void) fprintf(stderr, "%s: logical interface id is outside "
3909 		    "allowed range\n", str);
3910 		break;
3911 	default:
3912 		errno = error;
3913 		perror(str);
3914 	}
3915 }
3916 
3917 /*
3918  * Print out error message (Perror2()) and exit
3919  */
3920 void
3921 Perror2_exit(const char *cmd, const char *str)
3922 {
3923 	Perror2(cmd, str);
3924 	exit(1);
3925 	/* NOTREACHED */
3926 }
3927 
3928 void
3929 Perrdlpi(const char *cmd, const char *linkname, int err)
3930 {
3931 	(void) fprintf(stderr, "ifconfig: %s \"%s\": %s\n", cmd,
3932 	    linkname, dlpi_strerror(err));
3933 }
3934 
3935 /*
3936  * Print out error message (Perrdlpi()) and exit
3937  */
3938 void
3939 Perrdlpi_exit(const char *cmd, const char *linkname, int err)
3940 {
3941 	Perrdlpi(cmd, linkname, err);
3942 	exit(1);
3943 }
3944 
3945 /*
3946  * If the last argument is non-NULL allow a <addr>/<n> syntax and
3947  * pass out <n> in *plenp.
3948  * If <n> doesn't parse return BAD_ADDR as *plenp.
3949  * If no /<n> is present return NO_PREFIX as *plenp.
3950  */
3951 static void
3952 in_getaddr(char *s, struct sockaddr *saddr, int *plenp)
3953 {
3954 	/* LINTED: alignment */
3955 	struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
3956 	struct hostent *hp;
3957 	struct netent *np;
3958 	char str[BUFSIZ];
3959 	int error_num;
3960 
3961 	(void) strncpy(str, s, sizeof (str));
3962 
3963 	/*
3964 	 * Look for '/'<n> is plenp
3965 	 */
3966 	if (plenp != NULL) {
3967 		char *cp;
3968 
3969 		*plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS);
3970 		if (*plenp == BAD_ADDR)
3971 			return;
3972 		cp = strchr(str, '/');
3973 		if (cp != NULL)
3974 			*cp = '\0';
3975 	} else if (strchr(str, '/') != NULL) {
3976 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
3977 		exit(1);
3978 	}
3979 
3980 	(void) memset(sin, 0, sizeof (*sin));
3981 
3982 	/*
3983 	 *	Try to catch attempts to set the broadcast address to all 1's.
3984 	 */
3985 	if (strcmp(str, "255.255.255.255") == 0 ||
3986 	    (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) {
3987 		sin->sin_family = AF_INET;
3988 		sin->sin_addr.s_addr = 0xffffffff;
3989 		return;
3990 	}
3991 
3992 	hp = getipnodebyname(str, AF_INET, 0, &error_num);
3993 	if (hp) {
3994 		sin->sin_family = hp->h_addrtype;
3995 		(void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
3996 		freehostent(hp);
3997 		return;
3998 	}
3999 	np = getnetbyname(str);
4000 	if (np) {
4001 		sin->sin_family = np->n_addrtype;
4002 		sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY);
4003 		return;
4004 	}
4005 	if (error_num == TRY_AGAIN) {
4006 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4007 		    "(try again later)\n", s);
4008 	} else {
4009 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4010 	}
4011 	exit(1);
4012 }
4013 
4014 /*
4015  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4016  * pass out <n> in *plenp.
4017  * If <n> doesn't parse return BAD_ADDR as *plenp.
4018  * If no /<n> is present return NO_PREFIX as *plenp.
4019  */
4020 static void
4021 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4022 {
4023 	/* LINTED: alignment */
4024 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
4025 	struct hostent *hp;
4026 	char str[BUFSIZ];
4027 	int error_num;
4028 
4029 	(void) strncpy(str, s, sizeof (str));
4030 
4031 	/*
4032 	 * Look for '/'<n> is plenp
4033 	 */
4034 	if (plenp != NULL) {
4035 		char *cp;
4036 
4037 		*plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS);
4038 		if (*plenp == BAD_ADDR)
4039 			return;
4040 		cp = strchr(str, '/');
4041 		if (cp != NULL)
4042 			*cp = '\0';
4043 	} else if (strchr(str, '/') != NULL) {
4044 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4045 		exit(1);
4046 	}
4047 
4048 	(void) memset(sin6, 0, sizeof (*sin6));
4049 
4050 	hp = getipnodebyname(str, AF_INET6, 0, &error_num);
4051 	if (hp) {
4052 		sin6->sin6_family = hp->h_addrtype;
4053 		(void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length);
4054 		freehostent(hp);
4055 		return;
4056 	}
4057 	if (error_num == TRY_AGAIN) {
4058 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4059 		    "(try again later)\n", s);
4060 	} else {
4061 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4062 	}
4063 	exit(1);
4064 }
4065 
4066 /*
4067  * If "slash" is zero this parses the whole string as
4068  * an integer. With "slash" non zero it parses the tail part as an integer.
4069  *
4070  * If it is not a valid integer this returns BAD_ADDR.
4071  * If there is /<n> present this returns NO_PREFIX.
4072  */
4073 static int
4074 in_getprefixlen(char *addr, boolean_t slash, int max_plen)
4075 {
4076 	int prefixlen;
4077 	char *str, *end;
4078 
4079 	if (slash) {
4080 		str = strchr(addr, '/');
4081 		if (str == NULL)
4082 			return (NO_PREFIX);
4083 		str++;
4084 	} else
4085 		str = addr;
4086 
4087 	prefixlen = strtol(str, &end, 10);
4088 	if (prefixlen < 0)
4089 		return (BAD_ADDR);
4090 	if (str == end)
4091 		return (BAD_ADDR);
4092 	if (max_plen != 0 && max_plen < prefixlen)
4093 		return (BAD_ADDR);
4094 	return (prefixlen);
4095 }
4096 
4097 /*
4098  * Convert a prefix length to a mask.
4099  * Returns 1 if ok. 0 otherwise.
4100  * Assumes the mask array is zero'ed by the caller.
4101  */
4102 static boolean_t
4103 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask)
4104 {
4105 	if (prefixlen < 0 || prefixlen > maxlen)
4106 		return (0);
4107 
4108 	while (prefixlen > 0) {
4109 		if (prefixlen >= 8) {
4110 			*mask++ = 0xFF;
4111 			prefixlen -= 8;
4112 			continue;
4113 		}
4114 		*mask |= 1 << (8 - prefixlen);
4115 		prefixlen--;
4116 	}
4117 	return (1);
4118 }
4119 
4120 static void
4121 print_flags(uint64_t flags)
4122 {
4123 	boolean_t first = _B_TRUE;
4124 	int cnt, i;
4125 
4126 	(void) printf("flags=%llx", flags);
4127 	cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t);
4128 	for (i = 0; i < cnt; i++) {
4129 		if (flags & if_flags_tbl[i].iff_value) {
4130 			if (first) {
4131 				(void) printf("<");
4132 				first = _B_FALSE;
4133 			} else {
4134 				/*
4135 				 * It has to be here and not with the
4136 				 * printf below because for the last one,
4137 				 * we don't want a comma before the ">".
4138 				 */
4139 				(void) printf(",");
4140 			}
4141 			(void) printf("%s", if_flags_tbl[i].iff_name);
4142 		}
4143 	}
4144 	if (!first)
4145 		(void) printf(">");
4146 }
4147 
4148 static void
4149 print_config_flags(int af, uint64_t flags)
4150 {
4151 	if_config_cmd_t *cmdp;
4152 
4153 	for (cmdp = if_config_cmd_tbl; cmdp->iff_flag != 0; cmdp++) {
4154 		if ((flags & cmdp->iff_flag) &&
4155 		    (cmdp->iff_af == AF_UNSPEC || cmdp->iff_af == af)) {
4156 			(void) printf("%s ", cmdp->iff_name);
4157 		}
4158 	}
4159 }
4160 
4161 /*
4162  * Use the configured directory lookup mechanism (e.g. files/NIS/...)
4163  * to find the network mask.  Returns true if we found one to set.
4164  *
4165  * The parameter addr_set controls whether we should get the address of
4166  * the working interface for the netmask query.  If addr_set is true,
4167  * we will use the address provided.  Otherwise, we will find the working
4168  * interface's address and use it instead.
4169  */
4170 static boolean_t
4171 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set)
4172 {
4173 	struct sockaddr_in ifaddr;
4174 
4175 	/*
4176 	 * Read the address from the interface if it is not passed in.
4177 	 */
4178 	if (!addr_set) {
4179 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4180 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
4181 			if (errno != EADDRNOTAVAIL) {
4182 				(void) fprintf(stderr, "Need net number for "
4183 				    "mask\n");
4184 			}
4185 			return (_B_FALSE);
4186 		}
4187 		ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr);
4188 	} else {
4189 		ifaddr.sin_addr = saddr->sin_addr;
4190 	}
4191 	if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) {
4192 		saddr->sin_family = AF_INET;
4193 		return (_B_TRUE);
4194 	}
4195 	return (_B_FALSE);
4196 }
4197 
4198 static int
4199 lifnum(const char *ifname)
4200 {
4201 	const char *cp;
4202 
4203 	if ((cp = strchr(ifname, ':')) == NULL)
4204 		return (0);
4205 	else
4206 		return (atoi(cp + 1));
4207 }
4208 
4209 static void
4210 add_ni(const char *name)
4211 {
4212 	ni_t **pp;
4213 	ni_t *p;
4214 
4215 	for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) {
4216 		if (strcmp(p->ni_name, name) == 0) {
4217 			if (debug > 2)
4218 				(void) fprintf(stderr, "'%s' is a duplicate\n",
4219 				    name);
4220 			return;
4221 		}
4222 	}
4223 
4224 	if (debug > 2)
4225 		(void) fprintf(stderr, "adding '%s'\n",
4226 		    name);
4227 
4228 	if ((p = malloc(sizeof (ni_t))) == NULL)
4229 		return;
4230 
4231 	(void) strlcpy(p->ni_name, name, sizeof (p->ni_name));
4232 	p->ni_next = NULL;
4233 
4234 	*pp = p;
4235 	num_ni++;
4236 }
4237 
4238 static boolean_t
4239 ni_entry(const char *linkname, void *arg)
4240 {
4241 	dlpi_handle_t	dh;
4242 	datalink_class_t class;
4243 
4244 	(void) dladm_name2info(arg, linkname, NULL, NULL, &class, NULL);
4245 
4246 	if (class == DATALINK_CLASS_ETHERSTUB)
4247 		return (_B_FALSE);
4248 	if (dlpi_open(linkname, &dh, 0) != DLPI_SUCCESS)
4249 		return (_B_FALSE);
4250 
4251 	add_ni(linkname);
4252 
4253 	dlpi_close(dh);
4254 	return (_B_FALSE);
4255 }
4256 
4257 /*
4258  * dhcp-related routines
4259  */
4260 
4261 static int
4262 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[])
4263 {
4264 	dhcp_ipc_request_t	*request;
4265 	dhcp_ipc_reply_t	*reply	= NULL;
4266 	int			timeout = DHCP_IPC_WAIT_DEFAULT;
4267 	dhcp_ipc_type_t		type	= DHCP_START;
4268 	int			error;
4269 	boolean_t		is_primary = _B_FALSE;
4270 	boolean_t		started = _B_FALSE;
4271 
4272 	for (argv++; --argc > 0; argv++) {
4273 
4274 		if (strcmp(*argv, "primary") == 0) {
4275 			is_primary = _B_TRUE;
4276 			continue;
4277 		}
4278 
4279 		if (strcmp(*argv, "wait") == 0) {
4280 			if (--argc <= 0) {
4281 				usage();
4282 				return (DHCP_EXIT_BADARGS);
4283 			}
4284 			argv++;
4285 
4286 			if (strcmp(*argv, "forever") == 0) {
4287 				timeout = DHCP_IPC_WAIT_FOREVER;
4288 				continue;
4289 			}
4290 
4291 			if (sscanf(*argv, "%d", &timeout) != 1) {
4292 				usage();
4293 				return (DHCP_EXIT_BADARGS);
4294 			}
4295 
4296 			if (timeout < 0) {
4297 				usage();
4298 				return (DHCP_EXIT_BADARGS);
4299 			}
4300 			continue;
4301 		}
4302 
4303 		type = dhcp_string_to_request(*argv);
4304 		if (type == -1) {
4305 			usage();
4306 			return (DHCP_EXIT_BADARGS);
4307 		}
4308 	}
4309 
4310 	/*
4311 	 * Only try to start agent on start or inform; in all other cases it
4312 	 * has to already be running for anything to make sense.
4313 	 */
4314 	if (type == DHCP_START || type == DHCP_INFORM) {
4315 		if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) {
4316 			(void) fprintf(stderr, "%s: unable to start %s\n",
4317 			    caller, DHCP_AGENT_PATH);
4318 			return (DHCP_EXIT_FAILURE);
4319 		}
4320 		started = _B_TRUE;
4321 	}
4322 
4323 	if (is_primary)
4324 		type |= DHCP_PRIMARY;
4325 
4326 	if (af != AF_INET)
4327 		type |= DHCP_V6;
4328 
4329 	request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE);
4330 	if (request == NULL) {
4331 		(void) fprintf(stderr, "%s: out of memory\n", caller);
4332 		return (DHCP_EXIT_SYSTEM);
4333 	}
4334 
4335 	error = dhcp_ipc_make_request(request, &reply, timeout);
4336 	if (error != 0) {
4337 		free(request);
4338 		/*
4339 		 * Re-map connect error to not under control if we didn't try a
4340 		 * start operation, as this has to be true and results in a
4341 		 * clearer message, not to mention preserving compatibility
4342 		 * with the days when we always started dhcpagent for every
4343 		 * request.
4344 		 */
4345 		if (error == DHCP_IPC_E_CONNECT && !started)
4346 			error = DHCP_IPC_E_UNKIF;
4347 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4348 		    dhcp_ipc_strerror(error));
4349 		return (DHCP_EXIT_FAILURE);
4350 	}
4351 
4352 	error = reply->return_code;
4353 	if (error != 0) {
4354 		free(request);
4355 		free(reply);
4356 
4357 		if (error == DHCP_IPC_E_TIMEOUT && timeout == 0)
4358 			return (DHCP_EXIT_SUCCESS);
4359 
4360 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4361 		    dhcp_ipc_strerror(error));
4362 
4363 		if (error == DHCP_IPC_E_TIMEOUT)
4364 			return (DHCP_EXIT_TIMEOUT);
4365 		else
4366 			return (DHCP_EXIT_IF_FAILURE);
4367 	}
4368 
4369 	if (DHCP_IPC_CMD(type) == DHCP_STATUS) {
4370 		(void) printf("%s", dhcp_status_hdr_string());
4371 		(void) printf("%s", dhcp_status_reply_to_string(reply));
4372 	}
4373 
4374 	free(request);
4375 	free(reply);
4376 	return (DHCP_EXIT_SUCCESS);
4377 }
4378 
4379 static void
4380 usage(void)
4381 {
4382 	(void) fprintf(stderr,
4383 	    "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n");
4384 
4385 	(void) fprintf(stderr, "%s",
4386 	    "\t[ <addr_family> ]\n"
4387 	    "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n"
4388 	    "\t[ set [ <address>][/<prefix_length>] ]"
4389 	    " [ <address>/<prefix_length>] ]\n"
4390 	    "\t[ destination <dest_address> ]\n"
4391 	    "\t[ addif <address>[/<prefix_length>]"
4392 	    "  [ <dest_address> ] ]\n"
4393 	    "\t[ removeif <address>[/<prefix_length>] ]\n"
4394 	    "\t[ arp | -arp ]\n"
4395 	    "\t[ auto-revarp ]\n"
4396 	    "\t[ broadcast <broad_addr> ]\n"
4397 	    "\t[ index <if_index> ]\n"
4398 	    "\t[ metric <n> ] [ mtu <n> ]\n"
4399 	    "\t[ netmask <mask> ]\n"
4400 	    "\t[ plumb ] [ unplumb ]\n"
4401 	    "\t[ preferred | -preferred ]\n"
4402 	    "\t[ private | -private ]\n"
4403 	    "\t[ local | -local ]\n"
4404 	    "\t[ router | -router ]\n"
4405 	    "\t[ subnet <subnet_address>]\n"
4406 	    "\t[ trailers | -trailers ]\n"
4407 	    "\t[ token <address>/<prefix_length> ]\n"
4408 	    "\t[ tsrc <tunnel_src_address> ]\n"
4409 	    "\t[ tdst <tunnel_dest_address> ]\n"
4410 	    "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n"
4411 	    "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n"
4412 	    "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n"
4413 	    "\t[ up ] [ down ]\n"
4414 	    "\t[ xmit | -xmit ]\n"
4415 	    "\t[ modlist ]\n"
4416 	    "\t[ modinsert <module_name@position> ]\n"
4417 	    "\t[ modremove <module_name@position> ]\n"
4418 	    "\t[ ipmp ]\n"
4419 	    "\t[ group <groupname>] | [ group \"\"]\n"
4420 	    "\t[ deprecated | -deprecated ]\n"
4421 	    "\t[ standby | -standby ]\n"
4422 	    "\t[ failover | -failover ]\n"
4423 	    "\t[ zone <zonename> | -zone ]\n"
4424 	    "\t[ usesrc <interface> ]\n"
4425 	    "\t[ all-zones ]\n");
4426 
4427 	(void) fprintf(stderr, "or\n");
4428 	(void) fprintf(stderr,
4429 	    "\tifconfig <interface> |  -a[ 4 | 6 | D ] [ u | d ]\n");
4430 
4431 	(void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n"
4432 	    "\t[ wait <time> | forever ]\n\t[ primary ]\n"
4433 	    "\tstart | drop | ping | release | status | inform\n");
4434 }
4435