xref: /titanic_52/usr/src/cmd/cmd-inet/usr.sbin/ifconfig/ifconfig.c (revision 449975fd500a154ec93bafe3fc6a5913c5bb82a5)
1 /*
2  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 /*
6  * Copyright (c) 1983 Regents of the University of California.
7  * All rights reserved.  The Berkeley software License Agreement
8  * specifies the terms and conditions for redistribution.
9  */
10 
11 #pragma ident	"%Z%%M%	%I%	%E% SMI"
12 
13 #include "defs.h"
14 #include "strings.h"
15 #include "ifconfig.h"
16 #include <compat.h>
17 
18 #include <sys/dlpi.h>
19 #include <libdlpi.h>
20 
21 #include <inet/ip.h>
22 
23 #define	LOOPBACK_IF	"lo0"
24 #define	NONE_STR	"none"
25 #define	ARP_MOD_NAME	"arp"
26 #define	TUN_NAME	"tun"
27 #define	ATUN_NAME	"atun"
28 #define	TUN6TO4_NAME	"6to4tun"
29 
30 typedef struct if_flags {
31 	uint64_t iff_value;
32 	char	*iff_name;
33 } if_flags_t;
34 
35 static if_flags_t	if_flags_tbl[] = {
36 	{ IFF_UP,		"UP" },
37 	{ IFF_BROADCAST,	"BROADCAST" },
38 	{ IFF_DEBUG,		"DEBUG" },
39 	{ IFF_LOOPBACK,		"LOOPBACK" },
40 	{ IFF_POINTOPOINT,	"POINTOPOINT" },
41 	{ IFF_NOTRAILERS,	"NOTRAILERS" },
42 	{ IFF_RUNNING,		"RUNNING" },
43 	{ IFF_NOARP,		"NOARP" },
44 	{ IFF_PROMISC,		"PROMISC" },
45 	{ IFF_ALLMULTI,		"ALLMULTI" },
46 	{ IFF_INTELLIGENT,	"INTELLIGENT" },
47 	{ IFF_MULTICAST,	"MULTICAST" },
48 	{ IFF_MULTI_BCAST,	"MULTI_BCAST" },
49 	{ IFF_UNNUMBERED,	"UNNUMBERED" },
50 	{ IFF_DHCPRUNNING,	"DHCP" },
51 	{ IFF_PRIVATE,		"PRIVATE" },
52 	{ IFF_NOXMIT,		"NOXMIT" },
53 	{ IFF_NOLOCAL,		"NOLOCAL" },
54 	{ IFF_DEPRECATED,	"DEPRECATED" },
55 	{ IFF_ADDRCONF,		"ADDRCONF" },
56 	{ IFF_ROUTER,		"ROUTER" },
57 	{ IFF_NONUD,		"NONUD" },
58 	{ IFF_ANYCAST,		"ANYCAST" },
59 	{ IFF_NORTEXCH,		"NORTEXCH" },
60 	{ IFF_IPV4,		"IPv4" },
61 	{ IFF_IPV6,		"IPv6" },
62 	{ IFF_MIPRUNNING,	"MIP" },
63 	{ IFF_NOFAILOVER,	"NOFAILOVER" },
64 	{ IFF_FAILED,		"FAILED" },
65 	{ IFF_STANDBY,		"STANDBY" },
66 	{ IFF_INACTIVE,		"INACTIVE" },
67 	{ IFF_OFFLINE,		"OFFLINE" },
68 	{ IFF_XRESOLV,		"XRESOLV" },
69 	{ IFF_COS_ENABLED,	"CoS" },
70 	{ IFF_PREFERRED,	"PREFERRED" },
71 	{ IFF_TEMPORARY,	"TEMPORARY" },
72 	{ IFF_FIXEDMTU,		"FIXEDMTU" },
73 	{ IFF_VIRTUAL,		"VIRTUAL"}
74 };
75 
76 static struct	lifreq lifr;
77 /* current interface name a particular function is accessing */
78 static char	name[LIFNAMSIZ];
79 /* foreach interface saved name */
80 static char	origname[LIFNAMSIZ];
81 static char savedname[LIFNAMSIZ];	/* For addif */
82 static int	setaddr;
83 
84 /*
85  * Make sure the algorithm variables hold more than the sizeof an algorithm
86  * in PF_KEY.  (For now, more than a uint8_t.)  The NO_***_?ALG indicates that
87  * there was no algorithm requested, and in the ipsec_req that service should
88  * be disabled.  (E.g. if ah_aalg remains NO_AH_AALG, then AH will be
89  * disabled on that tunnel.)
90  */
91 #define	NO_AH_AALG 256
92 #define	NO_ESP_AALG 256
93 #define	NO_ESP_EALG 256
94 
95 /*
96  * iface_t
97  * used by setifether to create a list of interfaces to mark
98  * down-up when changing the ethernet address of an interface
99  */
100 typedef struct iface {
101 	struct lifreq lifr;
102 	struct iface *next;	/* pointer to the next list element */
103 } iface_t;
104 
105 static	iface_t	*logifs = NULL; /* list of logical interfaces */
106 static 	iface_t	*phyif	= NULL;	/* physical interface */
107 
108 int	s;
109 int	af = AF_INET;	/* default address family */
110 int	debug = 0;
111 int	all = 0;	/* setifdhcp() needs to know this */
112 int	verbose = 0;
113 int	v4compat = 0;	/* Compatible printing format */
114 
115 /*
116  * Function prototypes for command functions.
117  */
118 static int	addif(char *arg, int64_t param);
119 static int	inetplumb(char *arg, int64_t param);
120 static int	inetunplumb(char *arg, int64_t param);
121 static int	removeif(char *arg, int64_t param);
122 static int	setdebugflag(char *arg, int64_t param);
123 static int	setifaddr(char *arg, int64_t param);
124 static int	setifbroadaddr(char *arg, int64_t param);
125 static int	setifdstaddr(char *arg, int64_t param);
126 static int	setifether(char *arg, int64_t param);
127 static int	setifflags(char *arg, int64_t param);
128 static int	setifindex(char *arg, int64_t param);
129 static int	setifmetric(char *arg, int64_t param);
130 static int	setifmtu(char *arg, int64_t param);
131 static int	setifnetmask(char *arg, int64_t param);
132 static int	setifprefixlen(char *arg, int64_t param);
133 static int	setifrevarp(char *arg, int64_t param);
134 static int	setifsubnet(char *arg, int64_t param);
135 static int	setiftdst(char *arg, int64_t param);
136 static int	setiftoken(char *arg, int64_t param);
137 static int	setiftsrc(char *arg, int64_t param);
138 static int	setverboseflag(char *arg, int64_t param);
139 static int	set_tun_ah_alg(char *arg, int64_t param);
140 static int	set_tun_esp_auth_alg(char *arg, int64_t param);
141 static int	set_tun_esp_encr_alg(char *arg, int64_t param);
142 static int	modlist(char *arg, int64_t param);
143 static int	modinsert(char *arg, int64_t param);
144 static int	modremove(char *arg, int64_t param);
145 static int	setifgroupname(char *arg, int64_t param);
146 static int	configinfo(char *arg, int64_t param);
147 static void	print_config_flags(uint64_t flags);
148 static void	print_flags(uint64_t flags);
149 static void	print_ifether(char *ifname);
150 static int	set_tun_encap_limit(char *arg, int64_t param);
151 static int	clr_tun_encap_limit(char *arg, int64_t param);
152 static int	set_tun_hop_limit(char *arg, int64_t param);
153 static int	setzone(char *arg, int64_t param);
154 static int	setallzones(char *arg, int64_t param);
155 static int	setifsrc(char *arg, int64_t param);
156 
157 /*
158  * Address family specific function prototypes.
159  */
160 static void	in_getaddr(char *s, struct sockaddr *saddr, int *plenp);
161 static void	in_status(int force, uint64_t flags);
162 static void	in_configinfo(int force, uint64_t flags);
163 static void	in6_getaddr(char *s, struct sockaddr *saddr, int *plenp);
164 static void	in6_status(int force, uint64_t flags);
165 static void	in6_configinfo(int force, uint64_t flags);
166 
167 /*
168  * Misc support functions
169  */
170 static int	devfs_entry(di_node_t node, di_minor_t minor, void *arg);
171 static void	foreachinterface(void (*func)(), int argc, char *argv[],
172 		    int af, int64_t onflags, int64_t offflags,
173 		    int64_t lifc_flags);
174 static void	ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp);
175 static int	ifdad(char *ifname, struct sockaddr_in6 *laddr);
176 static boolean_t	in_getmask(struct sockaddr_in *saddr,
177 			    boolean_t addr_set);
178 static int	in_getprefixlen(char *addr, boolean_t slash, int plen);
179 static boolean_t	in_prefixlentomask(int prefixlen, int maxlen,
180 			    uchar_t *mask);
181 static int	settaddr(char *, int (*)(icfg_handle_t,
182 			    const struct sockaddr *, socklen_t));
183 static void	status(void);
184 static void	ifstatus(const char *);
185 static void	usage(void);
186 static int	strioctl(int s, int cmd, char *buf, int buflen);
187 static int	setifdhcp(const char *caller, const char *ifname,
188 		    int argc, char *argv[]);
189 static int	ip_domux2fd(int *, int *, int *, int *);
190 static int	ip_plink(int, int, int, int);
191 static int	modop(char *arg, char op);
192 static int	get_lun(char *);
193 static void	selectifs(int argc, char *argv[], int af,
194 			struct lifreq *lifrp);
195 static int	updownifs(iface_t *ifs, int up);
196 
197 #define	max(a, b)	((a) < (b) ? (b) : (a))
198 
199 /*
200  * DHCP_EXIT_IF_FAILURE indicates that the operation failed, but if there
201  * are more interfaces to act on (i.e., ifconfig was invoked with -a), keep
202  * on going rather than exit with an error.
203  */
204 
205 #define	DHCP_EXIT_IF_FAILURE	-1
206 #define	DHCP_IPC_MAX_WAIT	15	/* max seconds to wait to start agent */
207 
208 #define	NEXTARG		0xffffff	/* command takes an argument */
209 #define	OPTARG		0xfffffe 	/* command takes an optional argument */
210 #define	AF_ANY		(-1)
211 
212 /* Refer to the comments in ifconfig() on the netmask "hack" */
213 #define	NETMASK_CMD	"netmask"
214 struct sockaddr_storage	g_netmask;
215 enum { G_NETMASK_NIL, G_NETMASK_PENDING, G_NETMASK_SET }
216     g_netmask_set = G_NETMASK_NIL;
217 
218 struct	cmd {
219 	char		*c_name;
220 	int64_t		c_parameter;	/* NEXTARG means next argv */
221 	int		(*c_func)(char *, int64_t);
222 	int		c_abortonfail;	/* don't continue parsing args */
223 					/* for the current interface */
224 	int	c_af;			/* address family restrictions */
225 } cmds[] = {
226 	{ "up",		IFF_UP,		setifflags,	0,	AF_ANY },
227 	{ "down",	-IFF_UP,	setifflags,	0,	AF_ANY },
228 	{ "trailers",	-IFF_NOTRAILERS, setifflags,	0,	AF_ANY },
229 	{ "-trailers",	IFF_NOTRAILERS,	setifflags,	0,	AF_ANY },
230 	{ "arp",	-IFF_NOARP,	setifflags,	0,	AF_INET },
231 	{ "-arp",	IFF_NOARP,	setifflags,	0,	AF_INET },
232 	{ "router",	IFF_ROUTER,	setifflags,	0,	AF_ANY },
233 	{ "-router",	-IFF_ROUTER,	setifflags,	0,	AF_ANY },
234 	{ "private",	IFF_PRIVATE,	setifflags,	0,	AF_ANY },
235 	{ "-private",	-IFF_PRIVATE,	setifflags,	0,	AF_ANY },
236 	{ "xmit",	-IFF_NOXMIT,	setifflags,	0,	AF_ANY },
237 	{ "-xmit",	IFF_NOXMIT,	setifflags,	0,	AF_ANY },
238 	{ "-nud",	IFF_NONUD,	setifflags,	0,	AF_INET6 },
239 	{ "nud",	-IFF_NONUD,	setifflags,	0,	AF_INET6 },
240 	{ "anycast",	IFF_ANYCAST,	setifflags,	0,	AF_ANY },
241 	{ "-anycast",	-IFF_ANYCAST,	setifflags,	0,	AF_ANY },
242 	{ "local",	-IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
243 	{ "-local",	IFF_NOLOCAL,	setifflags,	0,	AF_ANY },
244 	{ "deprecated",	IFF_DEPRECATED,	setifflags,	0,	AF_ANY },
245 	{ "-deprecated", -IFF_DEPRECATED, setifflags,	0,	AF_ANY },
246 	{ "preferred",	IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
247 	{ "-preferred",	-IFF_PREFERRED,	setifflags,	0,	AF_INET6 },
248 	{ "debug",	0,		setdebugflag,	0,	AF_ANY },
249 	{ "verbose",	0,		setverboseflag,	0,	AF_ANY },
250 	{ NETMASK_CMD,	NEXTARG,	setifnetmask,	0,	AF_INET },
251 	{ "metric",	NEXTARG,	setifmetric,	0,	AF_ANY },
252 	{ "mtu",	NEXTARG,	setifmtu,	0,	AF_ANY },
253 	{ "index",	NEXTARG,	setifindex,	0,	AF_ANY },
254 	{ "broadcast",	NEXTARG,	setifbroadaddr,	0,	AF_INET },
255 	{ "auto-revarp", 0,		setifrevarp,	1,	AF_INET },
256 	{ "plumb",	0,		inetplumb,	1,	AF_ANY },
257 	{ "unplumb",	0,		inetunplumb,	0,	AF_ANY },
258 	{ "subnet",	NEXTARG,	setifsubnet,	0,	AF_ANY },
259 	{ "token",	NEXTARG,	setiftoken,	0,	AF_INET6 },
260 	{ "tsrc",	NEXTARG,	setiftsrc,	0,	AF_ANY },
261 	{ "tdst",	NEXTARG,	setiftdst,	0,	AF_ANY },
262 	{ "encr_auth_algs", NEXTARG,	set_tun_esp_auth_alg, 0, AF_ANY },
263 	{ "encr_algs",	NEXTARG,	set_tun_esp_encr_alg, 0, AF_ANY },
264 	{ "auth_algs",	NEXTARG,	set_tun_ah_alg,	0,	AF_ANY },
265 	{ "addif",	NEXTARG,	addif,		1,	AF_ANY },
266 	{ "removeif",	NEXTARG,	removeif,	1,	AF_ANY },
267 	{ "modlist",	0,		modlist,	1,	AF_ANY },
268 	{ "modinsert",	NEXTARG,	modinsert,	1,	AF_ANY },
269 	{ "modremove",	NEXTARG,	modremove,	1,	AF_ANY },
270 	{ "failover",	-IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
271 	{ "-failover",	IFF_NOFAILOVER, setifflags,	1,	AF_ANY },
272 	{ "standby",	IFF_STANDBY,	setifflags,	1,	AF_ANY },
273 	{ "-standby",	-IFF_STANDBY,	setifflags,	1,	AF_ANY },
274 	{ "failed",	IFF_FAILED,	setifflags,	1,	AF_ANY },
275 	{ "-failed",	-IFF_FAILED,	setifflags,	1,	AF_ANY },
276 	{ "group",	NEXTARG,	setifgroupname,	1,	AF_ANY },
277 	{ "configinfo",	0,		configinfo,	1,	AF_ANY },
278 	{ "encaplimit",	NEXTARG,	set_tun_encap_limit,	0, AF_ANY },
279 	{ "-encaplimit", 0,		clr_tun_encap_limit,	0, AF_ANY },
280 	{ "thoplimit",	NEXTARG,	set_tun_hop_limit,	0, AF_ANY },
281 	{ "set",	NEXTARG,	setifaddr,	0,	AF_ANY },
282 	{ "destination", NEXTARG,	setifdstaddr,	0,	AF_ANY },
283 	{ "zone",	NEXTARG,	setzone,	0,	AF_ANY },
284 	{ "-zone",	0,		setzone,	0,	AF_ANY },
285 	{ "all-zones",	0,		setallzones,	0,	AF_ANY },
286 	{ "ether",	OPTARG,		setifether,	0,	AF_ANY },
287 	{ "usesrc",	NEXTARG,	setifsrc,	0,	AF_ANY },
288 	{ 0,		0,		setifaddr,	0,	AF_ANY },
289 	{ 0,		0,		setifdstaddr,	0,	AF_ANY },
290 	{ 0,		0,		0,		0,	0 },
291 };
292 
293 
294 typedef struct if_config_cmd {
295 	uint64_t	iff_flag;
296 	char		*iff_name;
297 } if_config_cmd_t;
298 
299 static if_config_cmd_t	if_config_cmd_tbl[] = {
300 	{ IFF_UP,		"up" },
301 	{ IFF_NOTRAILERS,	"-trailers" },
302 	{ IFF_PRIVATE,		"private" },
303 	{ IFF_NOXMIT,		"-xmit" },
304 	{ IFF_ANYCAST,		"anycast" },
305 	{ IFF_NOLOCAL,		"-local" },
306 	{ IFF_DEPRECATED,	"deprecated" },
307 	{ IFF_NOFAILOVER,	"-failover" },
308 	{ IFF_STANDBY,		"standby" },
309 	{ IFF_FAILED,		"failed" },
310 	{ IFF_PREFERRED,	"preferred" },
311 	{ 0,			0 },
312 };
313 
314 typedef struct ni {
315 	char		ni_name[LIFNAMSIZ];
316 	struct ni	*ni_next;
317 } ni_t;
318 
319 static ni_t	*ni_list = NULL;
320 static int	num_ni = 0;
321 
322 /* End defines and structure definitions for ifconfig -a plumb */
323 
324 /* Known address families */
325 struct afswtch {
326 	char *af_name;
327 	short af_af;
328 	void (*af_status)();
329 	void (*af_getaddr)();
330 	void (*af_configinfo)();
331 } afs[] = {
332 	{ "inet", AF_INET, in_status, in_getaddr, in_configinfo },
333 	{ "inet6", AF_INET6, in6_status, in6_getaddr, in6_configinfo },
334 	{ 0, 0,	0, 0, 0 }
335 };
336 
337 #define	SOCKET_AF(af)	(((af) == AF_UNSPEC) ? AF_INET : (af))
338 
339 struct afswtch *afp;	/* the address family being set or asked about */
340 
341 int
342 main(int argc, char *argv[])
343 {
344 	/* Include IFF_NOXMIT, IFF_TEMPORARY and all zone interfaces */
345 	int64_t lifc_flags = LIFC_NOXMIT | LIFC_TEMPORARY | LIFC_ALLZONES;
346 	char *default_ip_str;
347 
348 	if (argc < 2) {
349 		usage();
350 		exit(1);
351 	}
352 	argc--, argv++;
353 	if (strlen(*argv) > sizeof (name) - 1) {
354 		(void) fprintf(stderr, "%s: interface name too long\n", *argv);
355 		exit(1);
356 	}
357 	(void) strncpy(name, *argv, sizeof (name));
358 	name[sizeof (name) - 1] = '\0';
359 	(void) strncpy(origname, name, sizeof (origname));	/* For addif */
360 	default_ip_str = NULL;
361 	v4compat = get_compat_flag(&default_ip_str);
362 	if (v4compat == DEFAULT_PROT_BAD_VALUE) {
363 		(void) fprintf(stderr,
364 		    "ifconfig: %s: Bad value for %s in %s\n", default_ip_str,
365 		    DEFAULT_IP, INET_DEFAULT_FILE);
366 		free(default_ip_str);
367 		exit(2);
368 	}
369 	free(default_ip_str);
370 	argc--, argv++;
371 	if (argc > 0) {
372 		struct afswtch *myafp;
373 
374 		for (myafp = afp = afs; myafp->af_name; myafp++) {
375 			if (strcmp(myafp->af_name, *argv) == 0) {
376 				afp = myafp; argc--; argv++;
377 				break;
378 			}
379 		}
380 		af = lifr.lifr_addr.ss_family = afp->af_af;
381 		if (af == AF_INET6) {
382 			v4compat = 0;
383 		}
384 	}
385 
386 	s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
387 	if (s < 0) {
388 		Perror0_exit("socket");
389 	}
390 
391 	/*
392 	 * Special interface names is any combination of these flags.
393 	 * Note that due to the ifconfig syntax they have to be combined
394 	 * as a single '-' option.
395 	 *	-a	All interfaces
396 	 *	-u	"up" interfaces
397 	 *	-d	"down" interfaces
398 	 *	-D	Interfaces not controlled by DHCP
399 	 *	-4	IPv4 interfaces
400 	 *	-6	IPv6 interfaces
401 	 *	-X	Turn on debug (not documented)
402 	 *	-v	Turn on verbose
403 	 *	-Z	Only interfaces in caller's zone
404 	 */
405 
406 	if (name[0] == '-') {
407 		/* One or more options */
408 		int64_t onflags = 0;
409 		int64_t offflags = 0;
410 		int c;
411 		char *av[2] = { "ifconfig", name };
412 
413 		while ((c = getopt(2, av, "audDXZ46v")) != -1) {
414 			switch ((char)c) {
415 			case 'a':
416 				all = 1;
417 				break;
418 			case 'u':
419 				onflags |= IFF_UP;
420 				break;
421 			case 'd':
422 				offflags |= IFF_UP;
423 				break;
424 			case 'D':
425 				offflags |= IFF_DHCPRUNNING;
426 				break;
427 			case 'X':
428 				debug += 3;
429 				break;
430 			case 'Z':
431 				lifc_flags &= ~LIFC_ALLZONES;
432 				break;
433 			case '4':
434 				/*
435 				 * -4 is not a compatable flag, therefore
436 				 * we assume they want v4compat turned off
437 				 */
438 				v4compat = 0;
439 				onflags |= IFF_IPV4;
440 				break;
441 			case '6':
442 				/*
443 				 * If they want IPv6, well then we'll assume
444 				 * they don't want IPv4 compat
445 				 */
446 				v4compat = 0;
447 				onflags |= IFF_IPV6;
448 				break;
449 			case 'v':
450 				verbose = 1;
451 				break;
452 			case '?':
453 				usage();
454 				exit(1);
455 			}
456 		}
457 		if (!all) {
458 			(void) fprintf(stderr,
459 			    "ifconfig: %s: no such interface\n",
460 			    name);
461 			exit(1);
462 		}
463 		foreachinterface(ifconfig, argc, argv, af, onflags, offflags,
464 		    lifc_flags);
465 	} else {
466 		ifconfig(argc, argv, af, (struct lifreq *)NULL);
467 	}
468 	return (0);
469 }
470 
471 /*
472  * For each interface, call (*func)(argc, argv, af, lifrp).
473  * Only call function if onflags and offflags are set or clear, respectively,
474  * in the interfaces flags field.
475  */
476 static void
477 foreachinterface(void (*func)(), int argc, char *argv[], int af,
478     int64_t onflags, int64_t offflags, int64_t lifc_flags)
479 {
480 	int n;
481 	char *buf;
482 	struct lifnum lifn;
483 	struct lifconf lifc;
484 	struct lifreq *lifrp;
485 	struct lifreq lifrl;	/* Local lifreq struct */
486 	int numifs;
487 	unsigned bufsize;
488 	ni_t *nip;
489 	int plumball = 0;
490 	int save_af = af;
491 
492 	/*
493 	 * Special case:
494 	 * ifconfig -a plumb should find all network interfaces
495 	 * in the machine by traversing the devinfo tree.
496 	 * Also, there is no need to  SIOCGLIF* ioctls, since
497 	 * those interfaces have already been plumbed
498 	 */
499 	if (argc > 0 && (strcmp(*argv, "plumb") == 0)) {
500 		/*
501 		 * Look through the kernel's devinfo tree for
502 		 * network devices
503 		 */
504 		di_node_t root;
505 
506 		/*
507 		 * DINFOCACHE is equivalent to DINFOSUBTREE | DINFOMINOR |
508 		 * DINFOPROP | DINFOFORCE.
509 		 */
510 		if ((root = di_init("/", DINFOCACHE)) == DI_NODE_NIL) {
511 			(void) fprintf(stderr, "ifconfig: di_init failed;"
512 			    " check the devinfo driver.\n");
513 			exit(1);
514 		}
515 
516 		(void) di_walk_minor(root, DDI_NT_NET, DI_CHECK_ALIAS, NULL,
517 		    devfs_entry);
518 		di_fini(root);
519 
520 		/*
521 		 * Now, translate the linked list into
522 		 * a struct lifreq buffer
523 		 */
524 		bufsize = num_ni * sizeof (struct lifreq);
525 		if ((buf = malloc(bufsize)) == NULL)
526 			Perror0_exit("foreachinterface: malloc failed");
527 
528 		lifc.lifc_family = AF_UNSPEC;
529 		lifc.lifc_flags = lifc_flags;
530 		lifc.lifc_len = bufsize;
531 		lifc.lifc_buf = buf;
532 
533 		for (n = 0, lifrp = lifc.lifc_req; n < num_ni; n++, lifrp++) {
534 			nip = ni_list;
535 			(void) strncpy(lifrp->lifr_name, nip->ni_name,
536 			    sizeof (lifr.lifr_name));
537 			ni_list = nip->ni_next;
538 			free(nip);
539 		}
540 
541 		plumball = 1;
542 	} else {
543 		lifn.lifn_family = AF_UNSPEC;
544 		lifn.lifn_flags = lifc_flags;
545 		if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) {
546 			Perror0_exit("Could not determine number"
547 			    " of interfaces");
548 		}
549 		numifs = lifn.lifn_count;
550 		if (debug)
551 			(void) printf("ifconfig: %d interfaces\n",  numifs);
552 
553 		bufsize = numifs * sizeof (struct lifreq);
554 		if ((buf = malloc(bufsize)) == NULL) {
555 			Perror0("out of memory\n");
556 			(void) close(s);
557 			return;
558 		}
559 
560 		lifc.lifc_family = AF_UNSPEC;
561 		lifc.lifc_flags = lifc_flags;
562 		lifc.lifc_len = bufsize;
563 		lifc.lifc_buf = buf;
564 
565 		if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) {
566 			Perror0("SIOCGLIFCONF");
567 			(void) close(s);
568 			free(buf);
569 			return;
570 		}
571 	}
572 
573 	lifrp = lifc.lifc_req;
574 	for (n = lifc.lifc_len / sizeof (struct lifreq); n > 0; n--, lifrp++) {
575 
576 		if (!plumball) {
577 			/*
578 			 * We must close and recreate the socket each time
579 			 * since we don't know what type of socket it is now
580 			 * (each status function may change it).
581 			 */
582 
583 			(void) close(s);
584 
585 			af = lifrp->lifr_addr.ss_family;
586 			s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
587 			if (s == -1) {
588 				/*
589 				 * Perror0() assumes the name to be in the
590 				 * globally defined lifreq structure.
591 				 */
592 				(void) strncpy(lifr.lifr_name,
593 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
594 				Perror0_exit("socket");
595 			}
596 		}
597 
598 		/*
599 		 * Only service interfaces that match the on and off
600 		 * flags masks.
601 		 */
602 		if (onflags || offflags) {
603 			(void) memset(&lifrl, 0, sizeof (lifrl));
604 			(void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
605 				sizeof (lifrl.lifr_name));
606 			if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifrl) < 0) {
607 				/*
608 				 * Perror0() assumes the name to be in the
609 				 * globally defined lifreq structure.
610 				 */
611 				(void) strncpy(lifr.lifr_name,
612 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
613 				Perror0_exit("foreachinterface: SIOCGLIFFLAGS");
614 			}
615 			if ((lifrl.lifr_flags & onflags) != onflags)
616 				continue;
617 			if ((~lifrl.lifr_flags & offflags) != offflags)
618 				continue;
619 		}
620 
621 		if (!plumball) {
622 			(void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
623 			    sizeof (lifrl.lifr_name));
624 			if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifrl) < 0) {
625 				/*
626 				 * Perror0() assumes the name to be in the
627 				 * globally defined lifreq structure.
628 				 */
629 				(void) strncpy(lifr.lifr_name,
630 				    lifrp->lifr_name, sizeof (lifr.lifr_name));
631 				Perror0("foreachinterface: SIOCGLIFADDR");
632 				continue;
633 			}
634 			if (lifrl.lifr_addr.ss_family != af) {
635 				/* Switch address family */
636 				af = lifrl.lifr_addr.ss_family;
637 				(void) close(s);
638 
639 				s = socket(SOCKET_AF(af), SOCK_DGRAM, 0);
640 				if (s == -1) {
641 					/*
642 					 * Perror0() assumes the name to be in
643 					 * the globally defined lifreq
644 					 * structure.
645 					 */
646 					(void) strncpy(lifr.lifr_name,
647 					    lifrp->lifr_name,
648 					    sizeof (lifr.lifr_name));
649 					Perror0_exit("socket");
650 				}
651 			}
652 		}
653 
654 		/*
655 		 * Reset global state
656 		 * setaddr: Used by parser to tear apart source and dest
657 		 * name and origname contain the name of the 'current'
658 		 * interface.
659 		 */
660 		setaddr = 0;
661 		(void) strncpy(name, lifrp->lifr_name, sizeof (name));
662 		(void) strncpy(origname, name, sizeof (origname));
663 
664 		(*func)(argc, argv, save_af, lifrp);
665 		/* the func could have overwritten origname, so restore */
666 		(void) strncpy(name, origname, sizeof (name));
667 	}
668 	free(buf);
669 }
670 
671 static void
672 tun_reality_check(void)
673 {
674 	struct iftun_req treq;
675 	ipsec_req_t *ipsr;
676 
677 	(void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name));
678 	if (strchr(name, ':') != NULL) {
679 		/* Return, we don't need to check. */
680 		return;
681 	}
682 	if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0 ||
683 	    (treq.ifta_flags & IFTUN_SECURITY) == 0) {
684 		/*
685 		 * Either not a tunnel (the SIOCGTUNPARAM fails on
686 		 * non-tunnels), or the security flag is not set.  Either
687 		 * way, return.
688 		 */
689 		return;
690 	}
691 
692 	ipsr = (ipsec_req_t *)&treq.ifta_secinfo;
693 
694 	if (ipsr->ipsr_esp_req != 0 &&
695 	    ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE &&
696 	    ipsr->ipsr_ah_req == 0)
697 		(void) fprintf(stderr, "ifconfig: WARNING - tunnel with "
698 		    "only ESP and potentially no authentication.\n");
699 }
700 
701 /*
702  * for the specified interface call (*func)(argc, argv, af, lifrp).
703  */
704 
705 static void
706 ifconfig(int argc, char *argv[], int af, struct lifreq *lifrp)
707 {
708 	static boolean_t scan_netmask = _B_FALSE;
709 	int ret;
710 
711 	if (argc == 0) {
712 		status();
713 		return;
714 	}
715 
716 	if (strcmp(*argv, "auto-dhcp") == 0 || strcmp(*argv, "dhcp") == 0) {
717 		if (af == AF_INET) {
718 
719 			/*
720 			 * some errors are ignored in the case where
721 			 * more than one interface is being operated on.
722 			 */
723 			ret = setifdhcp("ifconfig", name, argc, argv);
724 			if (ret == DHCP_EXIT_IF_FAILURE) {
725 				if (!all)
726 					exit(DHCP_EXIT_FAILURE);
727 			} else if (ret != DHCP_EXIT_SUCCESS)
728 				exit(ret);
729 		} else
730 			(void) fprintf(stderr, "ifconfig: dhcp not supported "
731 			    "for inet6\n");
732 		return;
733 	}
734 
735 	/*
736 	 * The following is a "hack" to get around the existing interface
737 	 * setting mechanism.  Currently, each interface attribute,
738 	 * such as address, netmask, broadcast, ... is set separately.  But
739 	 * sometimes two or more attributes must be set together.  For
740 	 * example, setting an address without a netmask does not make sense.
741 	 * Yet they can be set separately for IPv4 address using the current
742 	 * ifconfig(1M) syntax.  The kernel then "infers" the correct netmask
743 	 * using the deprecated "IP address classes."  This is simply not
744 	 * correct.
745 	 *
746 	 * The "hack" below is to go thru the whole command list looking for
747 	 * the netmask command first.  Then use this netmask to set the
748 	 * address.  This does not provide an extensible way to accommodate
749 	 * future need for setting more than one attributes together.
750 	 *
751 	 * Note that if the "netmask" command argument is a "+", we need
752 	 * to save this info and do the query after we know the address to
753 	 * be set.  The reason is that if "addif" is used, the working
754 	 * interface name will be changed later when the logical interface
755 	 * is created.  In in_getmask(), if an address is not provided,
756 	 * it will use the working interface's address to do the query.
757 	 * It will be wrong now as we don't know the logical interface's name.
758 	 *
759 	 * ifconfig(1M) is too overloaded and the code is so convoluted
760 	 * that it is "safer" not to re-architect the code to fix the above
761 	 * issue, hence this "hack."  We may be better off to have a new
762 	 * command with better syntax for configuring network interface
763 	 * parameters...
764 	 */
765 	if (!scan_netmask && afp->af_af == AF_INET) {
766 		int	largc;
767 		char	**largv;
768 
769 		/* Only go thru the command list once to find the netmask. */
770 		scan_netmask = _B_TRUE;
771 
772 		/*
773 		 * Currently, if multiple netmask commands are specified, the
774 		 * last one will be used as the final netmask.  So we need
775 		 * to scan the whole list to preserve this behavior.
776 		 */
777 		for (largc = argc, largv = argv; largc > 0; largc--, largv++) {
778 			if (strcmp(*largv, NETMASK_CMD) == 0) {
779 				if (--largc == 0)
780 					break;
781 				largv++;
782 				if (strcmp(*largv, "+") == 0) {
783 					g_netmask_set = G_NETMASK_PENDING;
784 				} else {
785 					in_getaddr(*largv, (struct sockaddr *)
786 					    &g_netmask, NULL);
787 					g_netmask_set = G_NETMASK_SET;
788 				}
789 				/* Continue the scan. */
790 			}
791 		}
792 	}
793 
794 	while (argc > 0) {
795 		struct cmd *p;
796 		boolean_t found_cmd;
797 
798 		if (debug)
799 			(void) printf("ifconfig: argv %s\n", *argv);
800 
801 		found_cmd = _B_FALSE;
802 		for (p = cmds; p->c_func; p++) {
803 			if (p->c_name) {
804 				if (strcmp(*argv, p->c_name) == 0) {
805 					/*
806 					 * indicate that the command was
807 					 * found and check to see if
808 					 * the address family is valid
809 					 */
810 					found_cmd = _B_TRUE;
811 					if (p->c_af == AF_ANY ||
812 					    af == p->c_af)
813 						break;
814 				}
815 			} else {
816 				if (p->c_af == AF_ANY ||
817 				    af == p->c_af)
818 					break;
819 			}
820 		}
821 		/*
822 		 * If we found the keyword, but the address family
823 		 * did not match spit out an error
824 		 */
825 		if (found_cmd && p->c_name == 0) {
826 			(void) fprintf(stderr, "ifconfig: Operation %s not"
827 			    " supported for %s\n", *argv, afp->af_name);
828 			exit(1);
829 		}
830 		/*
831 		 * else (no keyword found), we assume it's an address
832 		 * of some sort
833 		 */
834 		if (p->c_name == 0 && setaddr)
835 			p++;	/* got src, do dst */
836 		if (p->c_func) {
837 			if (p->c_af == AF_INET6) {
838 				v4compat = 0;
839 			}
840 			if (p->c_parameter == NEXTARG ||
841 			    p->c_parameter == OPTARG) {
842 				argc--, argv++;
843 				if (argc == 0 && p->c_parameter == NEXTARG) {
844 					(void) fprintf(stderr,
845 					    "ifconfig: no argument for %s\n",
846 					    p->c_name);
847 					exit(1);
848 				}
849 			}
850 			/*
851 			 *	Call the function if:
852 			 *
853 			 *		there's no address family
854 			 *		restriction
855 			 *	OR
856 			 *		we don't know the address yet
857 			 *		(because we were called from
858 			 *		main)
859 			 *	OR
860 			 *		there is a restriction AND
861 			 *		the address families match
862 			 */
863 			if ((p->c_af == AF_ANY)	||
864 			    (lifrp == (struct lifreq *)NULL) ||
865 			    (lifrp->lifr_addr.ss_family == p->c_af)) {
866 				ret = (*p->c_func)(*argv, p->c_parameter);
867 				/*
868 				 *	If c_func failed and we should
869 				 *	abort processing for this
870 				 *	interface on failure, return
871 				 *	now rather than going on to
872 				 *	process other commands for
873 				 *	the same interface.
874 				 */
875 				if (ret != 0 && p->c_abortonfail)
876 					return;
877 			}
878 		}
879 		argc--, argv++;
880 	}
881 
882 	/* Check to see if there's a security hole in the tunnel setup. */
883 	tun_reality_check();
884 }
885 
886 /* ARGSUSED */
887 static int
888 setdebugflag(char *val, int64_t arg)
889 {
890 	debug++;
891 	return (0);
892 }
893 
894 /* ARGSUSED */
895 static int
896 setverboseflag(char *val, int64_t arg)
897 {
898 	verbose++;
899 	return (0);
900 }
901 
902 /*
903  * This function fills in the given lifreq's lifr_addr field based on
904  * g_netmask_set.
905  */
906 static void
907 set_mask_lifreq(struct lifreq *lifr, struct sockaddr_storage *addr,
908     struct sockaddr_storage *mask)
909 {
910 	assert(addr != NULL);
911 	assert(mask != NULL);
912 
913 	switch (g_netmask_set) {
914 	case G_NETMASK_SET:
915 		lifr->lifr_addr = g_netmask;
916 		break;
917 
918 	case G_NETMASK_PENDING:
919 		/*
920 		 * "+" is used as the argument to "netmask" command.  Query
921 		 * the database on the correct netmask based on the address to
922 		 * be set.
923 		 */
924 		assert(afp->af_af == AF_INET);
925 		g_netmask = *addr;
926 		if (!in_getmask((struct sockaddr_in *)&g_netmask, _B_TRUE)) {
927 			lifr->lifr_addr = *mask;
928 			g_netmask_set = G_NETMASK_NIL;
929 		} else {
930 			lifr->lifr_addr = g_netmask;
931 			g_netmask_set = G_NETMASK_SET;
932 		}
933 		break;
934 
935 	case G_NETMASK_NIL:
936 	default:
937 		lifr->lifr_addr = *mask;
938 		break;
939 	}
940 }
941 
942 /*
943  * Set the interface address. Handles <addr>, <addr>/<n> as well as /<n>
944  * syntax for setting the address, the address plus netmask, and just
945  * the netmask respectively.
946  */
947 /* ARGSUSED */
948 static int
949 setifaddr(char *addr, int64_t param)
950 {
951 	int prefixlen = 0;
952 	struct	sockaddr_storage laddr;
953 	struct	sockaddr_storage netmask;
954 	struct	sockaddr_in6 *sin6;
955 	struct	sockaddr_in *sin;
956 	struct	sockaddr_storage sav_netmask;
957 
958 	if (addr[0] == '/')
959 		return (setifprefixlen(addr, 0));
960 
961 	(*afp->af_getaddr)(addr, (struct sockaddr *)&laddr, &prefixlen);
962 
963 	(void) memset(&netmask, 0, sizeof (netmask));
964 	netmask.ss_family = afp->af_af;
965 	switch (prefixlen) {
966 	case NO_PREFIX:
967 		/* Nothing there - ok */
968 		break;
969 	case BAD_ADDR:
970 		(void) fprintf(stderr, "ifconfig: Bad prefix length in %s\n",
971 		    addr);
972 		exit(1);
973 	default:
974 		if (afp->af_af == AF_INET6) {
975 			sin6 = (struct sockaddr_in6 *)&netmask;
976 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
977 			    (uchar_t *)&sin6->sin6_addr)) {
978 				(void) fprintf(stderr, "ifconfig: "
979 				    "Bad prefix length: %d\n",
980 				    prefixlen);
981 				exit(1);
982 			}
983 		} else {
984 			sin = (struct sockaddr_in *)&netmask;
985 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
986 			    (uchar_t *)&sin->sin_addr)) {
987 				(void) fprintf(stderr, "ifconfig: "
988 				    "Bad prefix length: %d\n",
989 				    prefixlen);
990 				exit(1);
991 			}
992 		}
993 		/*
994 		 * Just in case of funny setting of both prefix and netmask,
995 		 * prefix should override the netmask command.
996 		 */
997 		g_netmask_set = G_NETMASK_NIL;
998 		break;
999 	}
1000 	/* Tell parser that an address was set */
1001 	setaddr++;
1002 	/* save copy of netmask to restore in case of error */
1003 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1004 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0)
1005 		Perror0_exit("SIOCGLIFNETMASK");
1006 	sav_netmask = lifr.lifr_addr;
1007 
1008 	/*
1009 	 * Catch set of address for AF_INET6 to perform
1010 	 * duplicate address detection. Check that the interface is
1011 	 * up.
1012 	 */
1013 	if (afp->af_af == AF_INET6) {
1014 		if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
1015 			Perror0_exit("ifsetaddr: SIOCGLIFFLAGS");
1016 		}
1017 		if (lifr.lifr_flags & IFF_UP) {
1018 			if (debug)
1019 				(void) printf(
1020 				    "setifaddr: Calling ifdad flags %llx\n",
1021 				    lifr.lifr_flags);
1022 			if (ifdad(name, (struct sockaddr_in6 *)&laddr) == -1)
1023 				exit(3);
1024 		}
1025 	}
1026 
1027 	/*
1028 	 * If setting the address and not the mask, clear any existing mask
1029 	 * and the kernel will then assign the default (netmask has been set
1030 	 * to 0 in this case).  If setting both (either by using a prefix or
1031 	 * using the netmask command), set the mask first, so the address will
1032 	 * be interpreted correctly.
1033 	 */
1034 	set_mask_lifreq(&lifr, &laddr, &netmask);
1035 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1036 		Perror0_exit("SIOCSLIFNETMASK");
1037 
1038 	if (debug) {
1039 		char abuf[INET6_ADDRSTRLEN];
1040 		void *addr = (afp->af_af == AF_INET) ?
1041 		    (void *)&((struct sockaddr_in *)&laddr)->sin_addr :
1042 		    (void *)&((struct sockaddr_in6 *)&laddr)->sin6_addr;
1043 
1044 		(void) printf("Setting %s af %d addr %s\n",
1045 		    lifr.lifr_name, afp->af_af,
1046 		    inet_ntop(afp->af_af, addr, abuf, sizeof (abuf)));
1047 	}
1048 	lifr.lifr_addr = laddr;
1049 	lifr.lifr_addr.ss_family = afp->af_af;
1050 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) {
1051 		/*
1052 		 * Restore the netmask
1053 		 */
1054 		int saverr = errno;
1055 
1056 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1057 		lifr.lifr_addr = sav_netmask;
1058 		(void) ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr);
1059 		errno = saverr;
1060 		Perror0_exit("SIOCSLIFADDR");
1061 	}
1062 
1063 	return (0);
1064 }
1065 
1066 /*
1067  * The following functions are stolen from the ipseckey(1m) program.
1068  * Perhaps they should be somewhere common, but for now, we just maintain
1069  * two versions.  We do this because of the different semantics for which
1070  * algorithms we select ("requested" for ifconfig vs. "actual" for key).
1071  */
1072 
1073 static ulong_t
1074 parsenum(char *num)
1075 {
1076 	ulong_t rc;
1077 	char *end = NULL;
1078 
1079 	errno = 0;
1080 	rc = strtoul(num, &end, 0);
1081 	if (errno != 0 || end == num || *end != '\0') {
1082 		rc = (ulong_t)-1;
1083 	}
1084 
1085 	return (rc);
1086 }
1087 
1088 /*
1089  * Parse and reverse parse possible algorithm values, include numbers.
1090  * Mostly stolen from ipseckey.c. See the comments above parsenum() for why
1091  * this isn't common to ipseckey.c.
1092  *
1093  * NOTE: Static buffer in this function for the return value.  Since ifconfig
1094  *	 isn't multithreaded, this isn't a huge problem.
1095  */
1096 
1097 #define	NBUF_SIZE 20	/* Enough to print a large integer. */
1098 
1099 static char *
1100 rparsealg(uint8_t alg_value, int proto_num)
1101 {
1102 	struct ipsecalgent *alg;
1103 	static char numprint[128];	/* Enough to hold an algorithm name. */
1104 
1105 	/* Special-case 0 to return "<any-none>" */
1106 	if (alg_value == 0)
1107 		return ("<any-none>");
1108 
1109 	alg = getipsecalgbynum(alg_value, proto_num, NULL);
1110 	if (alg != NULL) {
1111 		(void) strlcpy(numprint, alg->a_names[0], sizeof (numprint));
1112 		freeipsecalgent(alg);
1113 	} else {
1114 		(void) snprintf(numprint, sizeof (numprint), "%d", alg_value);
1115 	}
1116 
1117 	return (numprint);
1118 }
1119 
1120 static uint_t
1121 parsealg(char *algname, int proto_num)
1122 {
1123 	struct ipsecalgent *alg;
1124 	ulong_t invalue;
1125 
1126 	if (algname == NULL) {
1127 		(void) fprintf(stderr, "ifconfig: Unexpected end of command "
1128 		    "line.\n");
1129 		exit(1);
1130 	}
1131 
1132 	/*
1133 	 * Special-case "none". Use strcasecmp because its length is
1134 	 * bound.
1135 	 */
1136 	if (strcasecmp("none", algname) == 0) {
1137 		return ((proto_num == IPSEC_PROTO_ESP) ?
1138 		    NO_ESP_EALG : NO_ESP_AALG);
1139 	}
1140 
1141 	alg = getipsecalgbyname(algname, proto_num, NULL);
1142 	if (alg != NULL) {
1143 		invalue = alg->a_alg_num;
1144 		freeipsecalgent(alg);
1145 		return ((uint_t)invalue);
1146 	}
1147 
1148 	/*
1149 	 * Since algorithms can be loaded during kernel run-time, check for
1150 	 * numeric algorithm values too.
1151 	 */
1152 	invalue = parsenum(algname);
1153 	if ((invalue & (ulong_t)0xff) == invalue)
1154 		return ((uint_t)invalue);
1155 
1156 	(void) fprintf(stderr, "ifconfig: %s algorithm type %s unknown.\n",
1157 	    (proto_num == IPSEC_PROTO_ESP) ?
1158 	    "Encryption" : "Authentication", algname);
1159 	exit(1);
1160 	/* NOTREACHED */
1161 }
1162 
1163 /*
1164  * Actual ifconfig functions to set tunnel security properties.
1165  */
1166 
1167 enum ipsec_alg_type { ESP_ENCR_ALG = 1, ESP_AUTH_ALG, AH_AUTH_ALG };
1168 
1169 boolean_t first_set_tun = _B_TRUE;
1170 boolean_t encr_alg_set = _B_FALSE;
1171 
1172 static int
1173 set_tun_algs(int which_alg, int alg)
1174 {
1175 	struct iftun_req treq;
1176 	ipsec_req_t *ipsr;
1177 
1178 	(void) strncpy(treq.ifta_lifr_name, name, sizeof (treq.ifta_lifr_name));
1179 	if (strchr(name, ':') != NULL) {
1180 		errno = EPERM;
1181 		Perror0_exit("Tunnel params on logical interfaces");
1182 	}
1183 	if (ioctl(s, SIOCGTUNPARAM, (caddr_t)&treq) < 0) {
1184 		if (errno == EOPNOTSUPP || errno == EINVAL)
1185 			Perror0_exit("Not a tunnel");
1186 		else Perror0_exit("SIOCGTUNPARAM");
1187 	}
1188 
1189 	ipsr = (ipsec_req_t *)&treq.ifta_secinfo;
1190 
1191 	if (treq.ifta_vers != IFTUN_VERSION) {
1192 		(void) fprintf(stderr,
1193 		    "Kernel tunnel secinfo version mismatch.\n");
1194 		exit(1);
1195 	}
1196 
1197 	/*
1198 	 * If I'm just starting off this ifconfig, I want a clean slate,
1199 	 * otherwise, I've captured the current tunnel security settings.
1200 	 * In the case of continuation, I merely add to the settings.
1201 	 */
1202 	if (first_set_tun) {
1203 		first_set_tun = _B_FALSE;
1204 		(void) memset(ipsr, 0, sizeof (*ipsr));
1205 	}
1206 
1207 	treq.ifta_flags = IFTUN_SECURITY;
1208 
1209 	switch (which_alg) {
1210 	case ESP_ENCR_ALG:
1211 		if (alg == NO_ESP_EALG) {
1212 			if (ipsr->ipsr_esp_auth_alg == SADB_AALG_NONE)
1213 				ipsr->ipsr_esp_req = 0;
1214 			ipsr->ipsr_esp_alg = SADB_EALG_NONE;
1215 		} else {
1216 			encr_alg_set = _B_TRUE;
1217 			ipsr->ipsr_esp_req =
1218 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1219 			ipsr->ipsr_esp_alg = alg;
1220 		}
1221 		break;
1222 	case ESP_AUTH_ALG:
1223 		if (alg == NO_ESP_AALG) {
1224 			if (ipsr->ipsr_esp_alg == SADB_EALG_NONE ||
1225 			    ipsr->ipsr_esp_alg == SADB_EALG_NULL)
1226 				ipsr->ipsr_esp_req = 0;
1227 			ipsr->ipsr_esp_auth_alg = SADB_AALG_NONE;
1228 		} else {
1229 			ipsr->ipsr_esp_req =
1230 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1231 			ipsr->ipsr_esp_auth_alg = alg;
1232 
1233 			/* Let the user specify NULL encryption implicitly. */
1234 			if (ipsr->ipsr_esp_alg == SADB_EALG_NONE &&
1235 			    !encr_alg_set)
1236 				ipsr->ipsr_esp_alg = SADB_EALG_NULL;
1237 		}
1238 		break;
1239 	case AH_AUTH_ALG:
1240 		if (alg == NO_AH_AALG) {
1241 			ipsr->ipsr_ah_req = 0;
1242 			ipsr->ipsr_auth_alg = SADB_AALG_NONE;
1243 		} else {
1244 			ipsr->ipsr_ah_req =
1245 			    IPSEC_PREF_REQUIRED | IPSEC_PREF_UNIQUE;
1246 			ipsr->ipsr_auth_alg = alg;
1247 		}
1248 		break;
1249 		/* Will never hit DEFAULT */
1250 	}
1251 
1252 	if (ioctl(s, SIOCSTUNPARAM, (caddr_t)&treq) < 0) {
1253 		Perror2_exit("set tunnel security properties",
1254 		    treq.ifta_lifr_name);
1255 	}
1256 
1257 	return (0);
1258 }
1259 
1260 /* ARGSUSED */
1261 static int
1262 set_tun_esp_encr_alg(char *addr, int64_t param)
1263 {
1264 	return (set_tun_algs(ESP_ENCR_ALG,
1265 		    parsealg(addr, IPSEC_PROTO_ESP)));
1266 }
1267 
1268 /* ARGSUSED */
1269 static int
1270 set_tun_esp_auth_alg(char *addr, int64_t param)
1271 {
1272 	return (set_tun_algs(ESP_AUTH_ALG,
1273 		    parsealg(addr, IPSEC_PROTO_AH)));
1274 }
1275 
1276 /* ARGSUSED */
1277 static int
1278 set_tun_ah_alg(char *addr, int64_t param)
1279 {
1280 	return (set_tun_algs(AH_AUTH_ALG,
1281 		    parsealg(addr, IPSEC_PROTO_AH)));
1282 }
1283 
1284 /* ARGSUSED */
1285 static int
1286 setifrevarp(char *arg, int64_t param)
1287 {
1288 	struct sockaddr_in	laddr;
1289 
1290 	if (afp->af_af == AF_INET6) {
1291 		(void) fprintf(stderr,
1292 		    "ifconfig: revarp not possible on IPv6 interface %s\n",
1293 		    name);
1294 		exit(1);
1295 	}
1296 	if (doifrevarp(name, &laddr)) {
1297 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1298 		laddr.sin_family = AF_INET;
1299 		(void) memcpy(&lifr.lifr_addr, &laddr, sizeof (laddr));
1300 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1301 			Perror0_exit("SIOCSLIFADDR");
1302 	}
1303 	return (0);
1304 }
1305 
1306 /* ARGSUSED */
1307 static int
1308 setifsubnet(char *addr, int64_t param)
1309 {
1310 	int prefixlen = 0;
1311 	struct	sockaddr_storage subnet;
1312 
1313 	(*afp->af_getaddr)(addr, &subnet, &prefixlen);
1314 
1315 	switch (prefixlen) {
1316 	case NO_PREFIX:
1317 		(void) fprintf(stderr,
1318 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
1319 		exit(1);
1320 		/* NOTREACHED */
1321 	case BAD_ADDR:
1322 		(void) fprintf(stderr,
1323 		    "ifconfig: Bad prefix length in %s\n", addr);
1324 		exit(1);
1325 	default:
1326 		break;
1327 	}
1328 
1329 	lifr.lifr_addr = subnet;
1330 	lifr.lifr_addrlen = prefixlen;
1331 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1332 	if (ioctl(s, SIOCSLIFSUBNET, (caddr_t)&lifr) < 0)
1333 		Perror0_exit("SIOCSLIFSUBNET");
1334 
1335 	return (0);
1336 }
1337 
1338 /* ARGSUSED */
1339 static int
1340 setifnetmask(char *addr, int64_t param)
1341 {
1342 	struct sockaddr_in netmask;
1343 
1344 	assert(afp->af_af != AF_INET6);
1345 
1346 	if (strcmp(addr, "+") == 0) {
1347 		if (!in_getmask(&netmask, _B_FALSE))
1348 			return (0);
1349 		(void) printf("Setting netmask of %s to %s\n", name,
1350 		    inet_ntoa(netmask.sin_addr));
1351 	} else {
1352 		in_getaddr(addr, (struct sockaddr *)&netmask, NULL);
1353 	}
1354 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1355 	(void) memcpy(&lifr.lifr_addr, &netmask, sizeof (netmask));
1356 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1357 		Perror0_exit("SIOCSLIFNETMASK");
1358 	return (0);
1359 }
1360 
1361 /*
1362  * Parse '/<n>' as a netmask.
1363  */
1364 /* ARGSUSED */
1365 static int
1366 setifprefixlen(char *addr, int64_t param)
1367 {
1368 	int prefixlen;
1369 	int af = afp->af_af;
1370 
1371 	prefixlen = in_getprefixlen(addr, _B_TRUE,
1372 	    (af == AF_INET) ? IP_ABITS : IPV6_ABITS);
1373 	if (prefixlen < 0) {
1374 		(void) fprintf(stderr,
1375 		    "ifconfig: Bad prefix length in %s\n", addr);
1376 		exit(1);
1377 	}
1378 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1379 	lifr.lifr_addr.ss_family = af;
1380 	if (af == AF_INET6) {
1381 		struct sockaddr_in6 *sin6;
1382 
1383 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
1384 		if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1385 		    (uchar_t *)&sin6->sin6_addr)) {
1386 			(void) fprintf(stderr, "ifconfig: "
1387 			    "Bad prefix length: %d\n",
1388 			    prefixlen);
1389 			exit(1);
1390 		}
1391 	} else if (af == AF_INET) {
1392 		struct sockaddr_in *sin;
1393 
1394 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
1395 		if (!in_prefixlentomask(prefixlen, IP_ABITS,
1396 		    (uchar_t *)&sin->sin_addr)) {
1397 			(void) fprintf(stderr, "ifconfig: "
1398 			    "Bad prefix length: %d\n",
1399 			    prefixlen);
1400 			exit(1);
1401 		}
1402 	} else {
1403 		(void) fprintf(stderr, "ifconfig: setting prefix only supported"
1404 		    " for address family inet or inet6\n");
1405 		exit(1);
1406 	}
1407 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1408 	if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1409 		Perror0_exit("SIOCSLIFNETMASK");
1410 	return (0);
1411 }
1412 
1413 /* ARGSUSED */
1414 static int
1415 setifbroadaddr(char *addr, int64_t param)
1416 {
1417 	struct	sockaddr_in broadaddr;
1418 
1419 	assert(afp->af_af != AF_INET6);
1420 
1421 	if (strcmp(addr, "+") == 0) {
1422 		/*
1423 		 * This doesn't set the broadcast address at all. Rather, it
1424 		 * gets, then sets the interface's address, relying on the fact
1425 		 * that resetting the address will reset the broadcast address.
1426 		 */
1427 		(void) strncpy(lifr.lifr_name, name,
1428 		    sizeof (lifr.lifr_name));
1429 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
1430 			if (errno != EADDRNOTAVAIL)
1431 				Perror0_exit("SIOCGLIFADDR");
1432 			return (0);
1433 		}
1434 		if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1435 			Perror0_exit("SIOCGLIFADDR");
1436 
1437 		return (0);
1438 	}
1439 	in_getaddr(addr, (struct sockaddr *)&broadaddr, NULL);
1440 
1441 	(void) memcpy(&lifr.lifr_addr, &broadaddr, sizeof (broadaddr));
1442 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1443 	if (ioctl(s, SIOCSLIFBRDADDR, (caddr_t)&lifr) < 0)
1444 		Perror0_exit("SIOCSLIFBRDADDR");
1445 	return (0);
1446 }
1447 
1448 /*
1449  * set interface destination address
1450  */
1451 /* ARGSUSED */
1452 static int
1453 setifdstaddr(char *addr, int64_t param)
1454 {
1455 	(*afp->af_getaddr)(addr, (struct sockaddr *)&lifr.lifr_addr, NULL);
1456 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1457 	if (ioctl(s, SIOCSLIFDSTADDR, (caddr_t)&lifr) < 0)
1458 		Perror0_exit("setifdstaddr: SIOCSLIFDSTADDR");
1459 	return (0);
1460 }
1461 
1462 /* ARGSUSED */
1463 static int
1464 setifflags(char *val, int64_t value)
1465 {
1466 	int phyintlen, origphyintlen;
1467 
1468 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1469 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0)
1470 		Perror0_exit("setifflags: SIOCGLIFFLAGS");
1471 
1472 	if (value == IFF_NOFAILOVER) {
1473 		/*
1474 		 * Fail if '-failover' is set after a prior addif created the
1475 		 * alias on a different interface. This can happen when the
1476 		 * interface is part of an IPMP group.
1477 		 */
1478 		phyintlen = strcspn(name, ":");
1479 		origphyintlen = strcspn(origname, ":");
1480 		if (phyintlen != origphyintlen ||
1481 		    strncmp(name, origname, phyintlen) != 0) {
1482 			(void) fprintf(stderr, "ifconfig: can't set -failover "
1483 			    "on failed/standby/offlined interface %s\n",
1484 			    origname);
1485 			exit(1);
1486 		}
1487 	}
1488 
1489 	/*
1490 	 * Catch "up" transition for AF_INET6 to perform duplicate address
1491 	 * detection. ifdad checks if an address has been set.
1492 	 */
1493 	if (afp->af_af == AF_INET6 && !(lifr.lifr_flags & IFF_UP) &&
1494 	    value == IFF_UP) {
1495 		if (debug)
1496 			(void) printf(
1497 			    "setifaddr:Calling ifdad flags %llx value 0x%llx\n",
1498 			    lifr.lifr_flags, value);
1499 		if (ifdad(name, NULL) == -1)
1500 			exit(1);
1501 	}
1502 
1503 	if (value < 0) {
1504 		value = -value;
1505 		lifr.lifr_flags &= ~value;
1506 	} else
1507 		lifr.lifr_flags |= value;
1508 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1509 	if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) {
1510 		Perror0_exit("setifflags: SIOCSLIFFLAGS");
1511 	}
1512 	return (0);
1513 }
1514 
1515 /* ARGSUSED */
1516 static int
1517 setifmetric(char *val, int64_t param)
1518 {
1519 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1520 	lifr.lifr_metric = atoi(val);
1521 	if (ioctl(s, SIOCSLIFMETRIC, (caddr_t)&lifr) < 0)
1522 		Perror0_exit("setifmetric: SIOCSLIFMETRIC");
1523 	return (0);
1524 }
1525 
1526 /* ARGSUSED */
1527 static int
1528 setifmtu(char *val, int64_t param)
1529 {
1530 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1531 	lifr.lifr_mtu = atoi(val);
1532 	if (ioctl(s, SIOCSLIFMTU, (caddr_t)&lifr) < 0)
1533 		Perror0_exit("setifmtu: SIOCSLIFMTU");
1534 	return (0);
1535 }
1536 
1537 /* ARGSUSED */
1538 static int
1539 setifindex(char *val, int64_t param)
1540 {
1541 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1542 	lifr.lifr_index = atoi(val);
1543 	if (ioctl(s, SIOCSLIFINDEX, (caddr_t)&lifr) < 0)
1544 		Perror0_exit("setifindex: SIOCSLIFINDEX");
1545 	return (0);
1546 }
1547 
1548 /* ARGSUSED */
1549 static int
1550 setifether(char *addr, int64_t param)
1551 {
1552 	uchar_t	*ea;
1553 	iface_t	*current;
1554 	int	maclen;
1555 
1556 	if (addr == NULL) {
1557 		ifstatus(name);
1558 		print_ifether(name);
1559 		return (0);
1560 	}
1561 
1562 	phyif = NULL;
1563 	logifs = NULL;
1564 
1565 	/*
1566 	 * if the IP interface in the arguments is a logical
1567 	 * interface, exit with an error now.
1568 	 */
1569 	if (strchr(name, ':') != NULL) {
1570 		(void) fprintf(stderr, "ifconfig: cannot change"
1571 		    " ethernet address of a logical interface\n");
1572 		exit(1);
1573 	}
1574 
1575 	ea = _link_aton(addr, &maclen);
1576 	if (ea == NULL) {
1577 		if (maclen == -1)
1578 			(void) fprintf(stderr,
1579 			    "ifconfig: %s: bad address\n", addr);
1580 		else
1581 			(void) fprintf(stderr, "ifconfig: malloc() failed\n");
1582 		exit(1);
1583 	}
1584 
1585 	(void) strncpy(savedname, name, sizeof (savedname));
1586 
1587 	/*
1588 	 * Call selectifs only for the IP interfaces that are ipv4.
1589 	 * offflags == IFF_IPV6 because you should not change the
1590 	 *		Ethernet address of an ipv6 interface
1591 	 */
1592 	foreachinterface(selectifs, 0, (char **)NULL, 0, 0, IFF_IPV6, 0);
1593 
1594 	/* If physical interface not found, exit now */
1595 	if (phyif == NULL) {
1596 		(void) fprintf(stderr,
1597 		    "ifconfig: interface %s not found\n", savedname);
1598 		exit(1);
1599 	}
1600 
1601 	/* Restore */
1602 	(void) strncpy(name, savedname, sizeof (name));
1603 	(void) strncpy(origname, savedname, sizeof (origname));
1604 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1605 
1606 	/*
1607 	 * close and reopen the socket
1608 	 * we don't know which type of socket we have now
1609 	 */
1610 	(void) close(s);
1611 	s = socket(SOCKET_AF(AF_UNSPEC), SOCK_DGRAM, 0);
1612 	if (s < 0) {
1613 		Perror0_exit("socket");
1614 	}
1615 
1616 	/*
1617 	 * mark down the logical interfaces first,
1618 	 * and then the physical interface
1619 	 */
1620 	if (updownifs(logifs, 0) < 0 || updownifs(phyif, 0) < 0) {
1621 		Perror0_exit("mark down interface failed");
1622 	}
1623 
1624 	/*
1625 	 * Change the physical address
1626 	 */
1627 	if (dlpi_set_address(savedname, ea, maclen) == -1) {
1628 		(void) fprintf(stderr,
1629 		    "ifconfig: failed setting mac address on %s\n",
1630 		    savedname);
1631 	}
1632 
1633 	/*
1634 	 * if any interfaces were marked down before changing the
1635 	 * ethernet address, put them up again.
1636 	 * First the physical interface, then the logical ones.
1637 	 */
1638 	if (updownifs(phyif, 1) < 0 || updownifs(logifs, 1) < 0) {
1639 		Perror0_exit("mark down interface failed");
1640 	}
1641 
1642 	/* Free the memory allocated by selectifs */
1643 	free(phyif);
1644 	for (current = logifs; current != NULL; current = logifs) {
1645 		logifs = logifs->next;
1646 		free(current);
1647 	}
1648 
1649 	return (0);
1650 }
1651 
1652 /*
1653  * Print an interface's Ethernet address, if it has one.
1654  */
1655 static void
1656 print_ifether(char *ifname)
1657 {
1658 	int		protocol;
1659 	icfg_if_t	interface;
1660 	icfg_handle_t	handle;
1661 	int		fd;
1662 
1663 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1664 
1665 	fd = socket(AF_INET, SOCK_DGRAM, 0);
1666 	if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1667 		/*
1668 		 * It's possible the interface is only configured for
1669 		 * IPv6; check again with AF_INET6.
1670 		 */
1671 		(void) close(fd);
1672 		fd = socket(AF_INET6, SOCK_DGRAM, 0);
1673 		if (fd == -1 || ioctl(fd, SIOCGLIFFLAGS, &lifr) == -1) {
1674 			(void) close(fd);
1675 			return;
1676 		}
1677 	}
1678 	(void) close(fd);
1679 
1680 	/* Virtual interfaces don't have MAC addresses */
1681 	if (lifr.lifr_flags & IFF_VIRTUAL)
1682 		return;
1683 
1684 	/*
1685 	 * We must be careful to set if_protocol based on the current
1686 	 * properties of the interface.  For instance, if "ip.tun0" is
1687 	 * configured only as an IPv6 tunnel, then if_protocol must be
1688 	 * set to AF_INET6 or icfg_get_tunnel_lower() will fail and
1689 	 * we will falsely conclude that it's not a tunnel.
1690 	 */
1691 	interface.if_protocol = AF_INET;
1692 	if (lifr.lifr_flags & IFF_IPV6)
1693 		interface.if_protocol = AF_INET6;
1694 
1695 	(void) strncpy(interface.if_name, ifname, sizeof (interface.if_name));
1696 
1697 	if (icfg_open(&handle, &interface) == ICFG_SUCCESS) {
1698 		if (icfg_get_tunnel_lower(handle, &protocol) == ICFG_SUCCESS) {
1699 			/* Tunnel op succeeded -- it's a tunnel so skip */
1700 			icfg_close(handle);
1701 			return;
1702 		}
1703 		icfg_close(handle);
1704 	}
1705 
1706 	dlpi_print_address(ifname);
1707 }
1708 
1709 /*
1710  * static void selectifs(int argc, char *argv[], int af, struct lifreq *rp)
1711  *
1712  * Called inside setifether() to create a list of interfaces to
1713  * mark down/up when changing the Ethernet address.
1714  * If the current interface is the physical interface passed
1715  * as an argument to ifconfig, update phyif.
1716  * If the current interface is a logical interface associated
1717  * to the physical interface, add it to the logifs list.
1718  */
1719 /* ARGSUSED */
1720 static void
1721 selectifs(int argc, char *argv[], int af, struct lifreq *rp)
1722 {
1723 	char		*colonp;
1724 	int		length;
1725 	iface_t		*current;
1726 
1727 	/*
1728 	 *  savedname=	name of the IP interface to which you want to
1729 	 *		change ethernet address
1730 	 *  name=	name of the current IP interface
1731 	 */
1732 	colonp = strchr(name, ':');
1733 	if (colonp == NULL)
1734 		length = max(strlen(savedname), strlen(name));
1735 	else
1736 		length = max(strlen(savedname), colonp - name);
1737 	if (strncmp(savedname, name, length) == 0) {
1738 		(void) strcpy(lifr.lifr_name, name);
1739 		if (ioctl(s, SIOCGLIFFLAGS, &lifr) < 0) {
1740 			Perror0("selectifs: SIOCGLIFFLAGS");
1741 			return;
1742 		}
1743 
1744 		if ((current = malloc(sizeof (iface_t))) == NULL) {
1745 			Perror0_exit("selectifs: malloc failed\n");
1746 		}
1747 
1748 		if (colonp == NULL) {
1749 			/* this is the physical interface */
1750 			phyif = current;
1751 			bcopy(&lifr, &phyif->lifr, sizeof (struct lifreq));
1752 			phyif->next = NULL;
1753 		} else {
1754 			/* this is a logical interface */
1755 			bcopy(&lifr, &current->lifr, sizeof (struct lifreq));
1756 			current->next = logifs;
1757 			logifs = current;
1758 		}
1759 	}
1760 }
1761 
1762 /*
1763  * static int updownifs(iface_t *ifs, int up)
1764  *
1765  * It takes in input a list of IP interfaces (ifs)
1766  * and a flag (up).
1767  * It marks each interface in the list down (up = 0)
1768  * or up (up > 0). This is done ONLY if the IP
1769  * interface was originally up.
1770  *
1771  * Return values:
1772  *  0 = everything OK
1773  * -1 = problem
1774  */
1775 static int
1776 updownifs(iface_t *ifs, int up)
1777 {
1778 	iface_t *current;
1779 	int	ret = 0;
1780 	int 	save_errno;
1781 	char	savename[LIFNAMSIZ];
1782 	uint64_t orig_flags;
1783 
1784 	for (current = ifs; current != NULL; current = current->next) {
1785 		if (current->lifr.lifr_flags & IFF_UP) {
1786 			orig_flags = current->lifr.lifr_flags;
1787 			if (!up)
1788 				current->lifr.lifr_flags &= ~IFF_UP;
1789 			if (ioctl(s, SIOCSLIFFLAGS, &current->lifr) < 0) {
1790 				save_errno = errno;
1791 				(void) strcpy(savename,
1792 				    current->lifr.lifr_name);
1793 				ret = -1;
1794 			}
1795 			if (!up) /* restore the original flags */
1796 				current->lifr.lifr_flags = orig_flags;
1797 		}
1798 	}
1799 
1800 	if (ret == -1) {
1801 		(void) strcpy(lifr.lifr_name, savename);
1802 		errno = save_errno;
1803 	}
1804 	return (ret);
1805 }
1806 
1807 /*
1808  * Create the next unused logical interface using the original name
1809  * and assign the address (and mask if '/<n>' is part of the address).
1810  * Use the new logical interface for subsequent subcommands by updating
1811  * the name variable.
1812  *
1813  * This allows syntax like:
1814  *	ifconfig le0 addif 109.106.86.130 netmask + up \
1815  *	addif 109.106.86.131 netmask + up
1816  */
1817 /* ARGSUSED */
1818 static int
1819 addif(char *str, int64_t param)
1820 {
1821 	int prefixlen = 0;
1822 	struct sockaddr_storage laddr;
1823 	struct sockaddr_storage mask;
1824 
1825 	(void) strncpy(name, origname, sizeof (name));
1826 
1827 	if (strchr(name, ':') != NULL) {
1828 		(void) fprintf(stderr,
1829 		    "ifconfig: addif: bad physical interface name %s\n",
1830 		    name);
1831 		exit(1);
1832 	}
1833 
1834 	/*
1835 	 * clear so parser will interpret next address as source followed
1836 	 * by possible dest
1837 	 */
1838 	setaddr = 0;
1839 	(*afp->af_getaddr)(str, (struct sockaddr *)&laddr, &prefixlen);
1840 
1841 	switch (prefixlen) {
1842 	case NO_PREFIX:
1843 		/* Nothing there - ok */
1844 		break;
1845 	case BAD_ADDR:
1846 		(void) fprintf(stderr,
1847 		    "ifconfig: Bad prefix length in %s\n", str);
1848 		exit(1);
1849 	default:
1850 		(void) memset(&mask, 0, sizeof (mask));
1851 		mask.ss_family = afp->af_af;
1852 		if (afp->af_af == AF_INET6) {
1853 			struct sockaddr_in6 *sin6;
1854 			sin6 = (struct sockaddr_in6 *)&mask;
1855 			if (!in_prefixlentomask(prefixlen, IPV6_ABITS,
1856 			    (uchar_t *)&sin6->sin6_addr)) {
1857 				(void) fprintf(stderr, "ifconfig: "
1858 				    "Bad prefix length: %d\n",
1859 				    prefixlen);
1860 				exit(1);
1861 			}
1862 		} else {
1863 			struct sockaddr_in *sin;
1864 
1865 			sin = (struct sockaddr_in *)&mask;
1866 			if (!in_prefixlentomask(prefixlen, IP_ABITS,
1867 			    (uchar_t *)&sin->sin_addr)) {
1868 				(void) fprintf(stderr, "ifconfig: "
1869 				    "Bad prefix length: %d\n",
1870 				    prefixlen);
1871 				exit(1);
1872 			}
1873 		}
1874 		g_netmask_set = G_NETMASK_NIL;
1875 		break;
1876 	}
1877 
1878 	/*
1879 	 * This is a "hack" to get around the problem of SIOCLIFADDIF.  The
1880 	 * problem is that this ioctl does not include the netmask when
1881 	 * adding a logical interface.  This is the same problem described
1882 	 * in the ifconfig() comments.  To get around this problem, we first
1883 	 * add the logical interface with a 0 address.  After that, we set
1884 	 * the netmask if provided.  Finally we set the interface address.
1885 	 */
1886 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1887 	(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
1888 
1889 	/* Note: no need to do DAD here since the interface isn't up yet. */
1890 
1891 	if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0)
1892 		Perror0_exit("addif: SIOCLIFADDIF");
1893 
1894 	(void) printf("Created new logical interface %s\n",
1895 	    lifr.lifr_name);
1896 	(void) strncpy(name, lifr.lifr_name, sizeof (name));
1897 
1898 	/*
1899 	 * Check and see if any "netmask" command is used and perform the
1900 	 * necessary operation.
1901 	 */
1902 	set_mask_lifreq(&lifr, &laddr, &mask);
1903 	/*
1904 	 * Only set the netmask if "netmask" command is used or a prefix is
1905 	 * provided.
1906 	 */
1907 	if (g_netmask_set == G_NETMASK_SET || prefixlen >= 0) {
1908 		if (ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0)
1909 			Perror0_exit("addif: SIOCSLIFNETMASK");
1910 	}
1911 
1912 	/* Finally, we set the interface address. */
1913 	lifr.lifr_addr = laddr;
1914 	if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0)
1915 		Perror0_exit("SIOCSLIFADDR");
1916 
1917 	/*
1918 	 * let parser know we got a source.
1919 	 * Next address, if given, should be dest
1920 	 */
1921 	setaddr++;
1922 	return (0);
1923 }
1924 
1925 /*
1926  * Remove a logical interface based on its IP address. Unlike addif
1927  * there is no '/<n>' here.
1928  * Verifies that the interface is down before it is removed.
1929  */
1930 /* ARGSUSED */
1931 static int
1932 removeif(char *str, int64_t param)
1933 {
1934 	struct sockaddr_storage laddr;
1935 
1936 	if (strchr(name, ':') != NULL) {
1937 		(void) fprintf(stderr,
1938 		    "ifconfig: removeif: bad physical interface name %s\n",
1939 		    name);
1940 		exit(1);
1941 	}
1942 
1943 	(*afp->af_getaddr)(str, &laddr, NULL);
1944 	lifr.lifr_addr = laddr;
1945 
1946 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
1947 	if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0) {
1948 		if (errno == EBUSY) {
1949 			/* This can only happen if ipif_id = 0 */
1950 			(void) fprintf(stderr,
1951 			    "ifconfig: removeif: can't remove interface: %s\n",
1952 			    name);
1953 			exit(1);
1954 		}
1955 		Perror0_exit("removeif: SIOCLIFREMOVEIF");
1956 	}
1957 	return (0);
1958 }
1959 
1960 /*
1961  * If laddr is non-NULL it is used - otherwise we use the address on
1962  * the interface.
1963  */
1964 /* ARGSUSED */
1965 static int
1966 ifdad(char *ifname, struct sockaddr_in6 *laddr)
1967 {
1968 	struct sockaddr_in6 testaddr;
1969 	struct lifreq lifr2;	/* Avoid overriting lifr */
1970 
1971 	if (debug)
1972 		(void) printf("ifdad(%s)\n", ifname);
1973 
1974 	assert(afp->af_af == AF_INET6);
1975 
1976 	/*
1977 	 * Check the address assigned to the interface.
1978 	 * Skip the check if IFF_NOLOCAL, IFF_NONUD, IFF_ANYCAST, or
1979 	 * IFF_LOOPBACK.
1980 	 * Note that IFF_NONUD turns of both NUD and DAD.
1981 	 */
1982 	(void) strncpy(lifr2.lifr_name, ifname,
1983 	    sizeof (lifr2.lifr_name));
1984 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr2) < 0) {
1985 		Perror0_exit("ifdad: SIOCGLIFFLAGS");
1986 	}
1987 	if (lifr2.lifr_flags & (IFF_NOLOCAL|IFF_LOOPBACK|IFF_NONUD|IFF_ANYCAST))
1988 		return (0);
1989 
1990 	if (laddr != NULL) {
1991 		testaddr = *laddr;
1992 	} else {
1993 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr2) < 0) {
1994 			Perror0_exit("ifdad: SIOCGLIFADDR");
1995 		}
1996 		testaddr = *(struct sockaddr_in6 *)&lifr2.lifr_addr;
1997 	}
1998 
1999 	if (IN6_IS_ADDR_UNSPECIFIED(&testaddr.sin6_addr))
2000 		return (0);
2001 
2002 	if (do_dad(name, &testaddr) != 0)
2003 		return (-1);
2004 	else
2005 		return (0);
2006 }
2007 
2008 /*
2009  * Set the address token for IPv6.
2010  */
2011 /* ARGSUSED */
2012 static int
2013 setiftoken(char *addr, int64_t param)
2014 {
2015 	int prefixlen = 0;
2016 	struct sockaddr_in6 token;
2017 
2018 	in6_getaddr(addr, (struct sockaddr *)&token, &prefixlen);
2019 	switch (prefixlen) {
2020 	case NO_PREFIX:
2021 		(void) fprintf(stderr,
2022 		    "ifconfig: Missing prefix length in subnet %s\n", addr);
2023 		exit(1);
2024 		/* NOTREACHED */
2025 	case BAD_ADDR:
2026 		(void) fprintf(stderr,
2027 		    "ifconfig: Bad prefix length in %s\n", addr);
2028 		exit(1);
2029 	default:
2030 		break;
2031 	}
2032 	(void) memcpy(&lifr.lifr_addr, &token, sizeof (token));
2033 	lifr.lifr_addrlen = prefixlen;
2034 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2035 	if (ioctl(s, SIOCSLIFTOKEN, (caddr_t)&lifr) < 0)  {
2036 		Perror0_exit("setiftoken: SIOCSLIFTOKEN");
2037 	}
2038 	return (0);
2039 }
2040 
2041 /*
2042  * Return value: 0 on success, -1 on failure.
2043  */
2044 static int
2045 connect_to_mpathd(int family)
2046 {
2047 	int s;
2048 	struct sockaddr_storage ss;
2049 	struct sockaddr_in *sin = (struct sockaddr_in *)&ss;
2050 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&ss;
2051 	struct in6_addr loopback_addr = IN6ADDR_LOOPBACK_INIT;
2052 	int addrlen;
2053 	int ret;
2054 	int on;
2055 
2056 	s = socket(family, SOCK_STREAM, 0);
2057 	if (s < 0) {
2058 		Perror0_exit("connect_to_mpathd: socket");
2059 	}
2060 	(void) bzero((char *)&ss, sizeof (ss));
2061 	ss.ss_family = family;
2062 	/*
2063 	 * Need to bind to a privileged port. For non-root, this
2064 	 * will fail. in.mpathd verifies that only commands coming
2065 	 * from privileged ports succeed so that ordinary users
2066 	 * can't connect and start talking to in.mpathd
2067 	 */
2068 	on = 1;
2069 	if (setsockopt(s, IPPROTO_TCP, TCP_ANONPRIVBIND, &on,
2070 	    sizeof (on)) < 0) {
2071 		Perror0_exit("connect_to_mpathd: setsockopt");
2072 	}
2073 	switch (family) {
2074 	case AF_INET:
2075 		sin->sin_port = 0;
2076 		sin->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
2077 		addrlen = sizeof (struct sockaddr_in);
2078 		break;
2079 	case AF_INET6:
2080 		sin6->sin6_port = 0;
2081 		sin6->sin6_addr = loopback_addr;
2082 		addrlen = sizeof (struct sockaddr_in6);
2083 		break;
2084 	}
2085 	ret = bind(s, (struct sockaddr *)&ss, addrlen);
2086 	if (ret != 0) {
2087 		(void) close(s);
2088 		return (-1);
2089 	}
2090 
2091 	switch (family) {
2092 	case AF_INET:
2093 		sin->sin_port = htons(MPATHD_PORT);
2094 		break;
2095 	case AF_INET6:
2096 		sin6->sin6_port = htons(MPATHD_PORT);
2097 		break;
2098 	}
2099 	ret = connect(s, (struct sockaddr *)&ss, addrlen);
2100 	(void) close(s);
2101 	return (ret);
2102 }
2103 
2104 /* ARGSUSED */
2105 static int
2106 setifgroupname(char *grpname, int64_t param)
2107 {
2108 	if (debug) {
2109 		(void) printf("Setting groupname %s on interface %s\n",
2110 		    grpname, name);
2111 	}
2112 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2113 	(void) strncpy(lifr.lifr_groupname, grpname,
2114 	    sizeof (lifr.lifr_groupname));
2115 	if (ioctl(s, SIOCSLIFGROUPNAME, (caddr_t)&lifr) < 0) {
2116 		Perror0_exit("setifgroupname: SIOCSLIFGROUPNAME");
2117 	}
2118 
2119 	/*
2120 	 * If the SUNW_NO_MPATHD environment variable is set then don't
2121 	 * bother starting up in.mpathd.  See PSARC/2002/249 for the
2122 	 * depressing details on this bit of stupidity.
2123 	 */
2124 	if (getenv("SUNW_NO_MPATHD") != NULL) {
2125 		return (0);
2126 	}
2127 
2128 	/*
2129 	 * Try to connect to in.mpathd using IPv4. If we succeed,
2130 	 * we conclude that in.mpathd is running, and quit.
2131 	 */
2132 	if (connect_to_mpathd(AF_INET) == 0) {
2133 		/* connect succeeded, mpathd is already running */
2134 		return (0);
2135 	}
2136 	/*
2137 	 * Try to connect to in.mpathd using IPv6. If we succeed,
2138 	 * we conclude that in.mpathd is running, and quit.
2139 	 */
2140 	if (connect_to_mpathd(AF_INET6) == 0) {
2141 		/* connect succeeded, mpathd is already running */
2142 		return (0);
2143 	}
2144 
2145 	/*
2146 	 * in.mpathd may not be running. Start it now. If it is already
2147 	 * running, in.mpathd will take care of handling multiple incarnations
2148 	 * of itself. ifconfig only tries to optimize performance by not
2149 	 * starting another incarnation of in.mpathd.
2150 	 */
2151 	switch (fork()) {
2152 
2153 	case -1:
2154 		Perror0_exit("setifgroupname: fork");
2155 		/* NOTREACHED */
2156 	case 0:
2157 		(void) execl(MPATHD_PATH, MPATHD_PATH, NULL);
2158 		_exit(1);
2159 		/* NOTREACHED */
2160 	default:
2161 		return (0);
2162 	}
2163 }
2164 
2165 
2166 /*
2167  * To list all the modules above a given network interface.
2168  */
2169 /* ARGSUSED */
2170 static int
2171 modlist(char *null, int64_t param)
2172 {
2173 	int muxfd;
2174 	int ipfd_lowstr;
2175 	int arpfd_lowstr;
2176 	int num_mods;
2177 	int i;
2178 	struct str_list strlist;
2179 	int orig_arpid;
2180 
2181 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2182 	if (ip_domux2fd(&muxfd, &ipfd_lowstr, &arpfd_lowstr,
2183 	    &orig_arpid) < 0) {
2184 		return (-1);
2185 	}
2186 	if ((num_mods = ioctl(ipfd_lowstr, I_LIST, NULL)) < 0) {
2187 		Perror0("cannot I_LIST to get the number of modules");
2188 	} else {
2189 		if (debug > 0) {
2190 			(void) printf("Listing (%d) modules above %s\n",
2191 			    num_mods, name);
2192 		}
2193 
2194 		strlist.sl_nmods = num_mods;
2195 		strlist.sl_modlist = malloc(sizeof (struct str_mlist) *
2196 		    num_mods);
2197 		if (strlist.sl_modlist == NULL) {
2198 			Perror0("cannot malloc");
2199 		} else {
2200 			if (ioctl(ipfd_lowstr, I_LIST, (caddr_t)&strlist) < 0) {
2201 				Perror0("cannot I_LIST for module names");
2202 			} else {
2203 				for (i = 0; i < strlist.sl_nmods; i++) {
2204 				    (void) printf("%d %s\n", i,
2205 				    strlist.sl_modlist[i].l_name);
2206 				}
2207 			}
2208 			free(strlist.sl_modlist);
2209 		}
2210 	}
2211 	return (ip_plink(muxfd, ipfd_lowstr, arpfd_lowstr, orig_arpid));
2212 }
2213 
2214 #define	MODINSERT_OP	'i'
2215 #define	MODREMOVE_OP	'r'
2216 
2217 /*
2218  * To insert a module to the stream of the interface.  It is just a
2219  * wrapper.  The real function is modop().
2220  */
2221 /* ARGSUSED */
2222 static int
2223 modinsert(char *arg, int64_t param)
2224 {
2225 	return (modop(arg, MODINSERT_OP));
2226 }
2227 
2228 /*
2229  * To remove a module from the stream of the interface.  It is just a
2230  * wrapper.  The real function is modop().
2231  */
2232 /* ARGSUSED */
2233 static int
2234 modremove(char *arg, int64_t param)
2235 {
2236 	return (modop(arg, MODREMOVE_OP));
2237 }
2238 
2239 /*
2240  * Open a stream on /dev/udp, pop off all undesired modules (note that
2241  * the user may have configured autopush to add modules above or below
2242  * udp), and push the arp module onto raw IP.
2243  */
2244 static int
2245 open_arp_on_udp(char *udp_dev_name)
2246 {
2247 	int fd;
2248 	boolean_t popped;
2249 
2250 	if ((fd = open(udp_dev_name, O_RDWR)) == -1) {
2251 		Perror2("open", udp_dev_name);
2252 		return (-1);
2253 	}
2254 	errno = 0;
2255 	popped = _B_FALSE;
2256 	while (ioctl(fd, I_POP, 0) != -1)
2257 		popped = _B_TRUE;
2258 	if (!popped) {
2259 		Perror2("cannot pop", udp_dev_name);
2260 	} else if (errno != EINVAL) {
2261 		Perror2("pop", udp_dev_name);
2262 	} else if (ioctl(fd, I_PUSH, ARP_MOD_NAME) == -1) {
2263 		Perror2("arp PUSH", udp_dev_name);
2264 	} else {
2265 		return (fd);
2266 	}
2267 	(void) close(fd);
2268 	return (-1);
2269 }
2270 
2271 /*
2272  * Helper function for mod*() functions.  It gets a fd to the lower IP
2273  * stream and I_PUNLINK's the lower stream.  It also initializes the
2274  * global variable lifr.
2275  *
2276  * Param:
2277  *	int *udp_fd: (referenced) fd to /dev/udp (upper IP stream).
2278  *	int *fd: (referenced) fd to the lower IP stream.
2279  *
2280  * Return:
2281  *	-1 if operation fails, 0 otherwise.
2282  *
2283  * Please see the big block comment above plumb_one_device()
2284  * for the logic of the PLINK/PUNLINK
2285  */
2286 static int
2287 ip_domux2fd(int *muxfd, int *ipfd_lowstr, int *arpfd_lowstr, int *orig_arpid)
2288 {
2289 	int		ip_fd;
2290 	uint64_t	flags;
2291 	char		*udp_dev_name;
2292 	char		*ip_dev_name;
2293 
2294 	*orig_arpid = 0;
2295 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2296 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2297 		Perror0_exit("status: SIOCGLIFFLAGS");
2298 	}
2299 	flags = lifr.lifr_flags;
2300 	if (flags & IFF_IPV4) {
2301 		udp_dev_name = UDP_DEV_NAME;
2302 		ip_dev_name  = IP_DEV_NAME;
2303 	} else if (flags & IFF_IPV6) {
2304 		udp_dev_name = UDP6_DEV_NAME;
2305 		ip_dev_name  = IP6_DEV_NAME;
2306 	} else {
2307 		return (-1);
2308 	}
2309 
2310 	if ((ip_fd = open(ip_dev_name, O_RDWR)) < 0) {
2311 		Perror2("open", ip_dev_name);
2312 		return (-1);
2313 	}
2314 	if (ioctl(ip_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
2315 		Perror2("SIOCGLIFMUXID", ip_dev_name);
2316 		return (-1);
2317 	}
2318 	if (debug > 0) {
2319 		(void) printf("ARP_muxid %d IP_muxid %d\n",
2320 		    lifr.lifr_arp_muxid, lifr.lifr_ip_muxid);
2321 	}
2322 
2323 	if ((*muxfd = open_arp_on_udp(udp_dev_name)) == -1)
2324 		return (-1);
2325 
2326 	if (lifr.lifr_arp_muxid != 0) {
2327 		if ((*arpfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2328 		    lifr.lifr_arp_muxid)) < 0) {
2329 			if ((errno == EINVAL) &&
2330 			    (flags & (IFF_NOARP | IFF_IPV6))) {
2331 				/*
2332 				 * Some plumbing utilities set the muxid to
2333 				 * -1 or some invalid value to signify that
2334 				 * there is no arp stream. Set the muxid to 0
2335 				 * before trying to unplumb the IP stream.
2336 				 * IP does not allow the IP stream to be
2337 				 * unplumbed if it sees a non-null arp muxid,
2338 				 * for consistency of IP-ARP streams.
2339 				 */
2340 				*orig_arpid = lifr.lifr_arp_muxid;
2341 				lifr.lifr_arp_muxid = 0;
2342 				(void) ioctl(*muxfd, SIOCSLIFMUXID,
2343 				    (caddr_t)&lifr);
2344 				*arpfd_lowstr = -1;
2345 			} else {
2346 				Perror0("_I_MUXID2FD");
2347 				return (-1);
2348 			}
2349 		} else if (ioctl(*muxfd, I_PUNLINK,
2350 		    lifr.lifr_arp_muxid) < 0) {
2351 			Perror2("I_PUNLINK", udp_dev_name);
2352 			return (-1);
2353 		}
2354 	} else {
2355 		*arpfd_lowstr = -1;
2356 	}
2357 
2358 	if ((*ipfd_lowstr = ioctl(*muxfd, _I_MUXID2FD,
2359 	    lifr.lifr_ip_muxid)) < 0) {
2360 		Perror0("_I_MUXID2FD");
2361 		/* Undo any changes we made */
2362 		if (*orig_arpid != 0) {
2363 			lifr.lifr_arp_muxid = *orig_arpid;
2364 			(void) ioctl(*muxfd, SIOCSLIFMUXID, (caddr_t)&lifr);
2365 		}
2366 		return (-1);
2367 	}
2368 	if (ioctl(*muxfd, I_PUNLINK, lifr.lifr_ip_muxid) < 0) {
2369 		Perror2("I_PUNLINK", udp_dev_name);
2370 		/* Undo any changes we made */
2371 		if (*orig_arpid != 0) {
2372 			lifr.lifr_arp_muxid = *orig_arpid;
2373 			(void) ioctl(*muxfd, SIOCSLIFMUXID, (caddr_t)&lifr);
2374 		}
2375 		return (-1);
2376 	}
2377 	return (0);
2378 }
2379 
2380 /*
2381  * Helper function for mod*() functions.  It I_PLINK's back the upper and
2382  * lower IP streams.  Note that this function must be called after
2383  * ip_domux2fd().  In ip_domux2fd(), the global variable lifr is initialized
2384  * and ip_plink() needs information in lifr.  So ip_domux2fd() and ip_plink()
2385  * must be called in pairs.
2386  *
2387  * Param:
2388  *	int udp_fd: fd to /dev/udp (upper IP stream).
2389  *	int fd: fd to the lower IP stream.
2390  *
2391  * Return:
2392  *	-1 if operation fails, 0 otherwise.
2393  *
2394  * Please see the big block comment above plumb_one_device()
2395  * for the logic of the PLINK/PUNLINK
2396  */
2397 static int
2398 ip_plink(int muxfd, int ipfd_lowstr, int arpfd_lowstr, int orig_arpid)
2399 {
2400 	int ip_muxid;
2401 
2402 	ip_muxid = ioctl(muxfd, I_PLINK, ipfd_lowstr);
2403 	if (ip_muxid < 0) {
2404 		Perror2("I_PLINK", UDP_DEV_NAME);
2405 		return (-1);
2406 	}
2407 
2408 	/*
2409 	 * If there is an arp stream, plink it. If there is no
2410 	 * arp stream, then it is possible that the plumbing
2411 	 * utility could have stored any value in the arp_muxid.
2412 	 * If so, restore it from orig_arpid.
2413 	 */
2414 	if (arpfd_lowstr != -1) {
2415 		if (ioctl(muxfd, I_PLINK, arpfd_lowstr) < 0) {
2416 			Perror2("I_PLINK", UDP_DEV_NAME);
2417 			return (-1);
2418 		}
2419 	} else if (orig_arpid != 0) {
2420 		/* Undo the changes we did in ip_domux2fd */
2421 		lifr.lifr_arp_muxid = orig_arpid;
2422 		lifr.lifr_ip_muxid = ip_muxid;
2423 		(void) ioctl(muxfd, SIOCSLIFMUXID, (caddr_t)&lifr);
2424 	}
2425 
2426 	return (0);
2427 }
2428 
2429 /*
2430  * The real function to perform module insertion/removal.
2431  *
2432  * Param:
2433  *	char *arg: the argument string module_name@position
2434  *	char op: operation, either MODINSERT_OP or MODREMOVE_OP.
2435  *
2436  * Return:
2437  *	Before doing ip_domux2fd(), this function calls exit(1) in case of
2438  *	error.  After ip_domux2fd() is done, it returns -1 for error, 0
2439  *	otherwise.
2440  */
2441 static int
2442 modop(char *arg, char op)
2443 {
2444 	char *pos_p;
2445 	int muxfd;
2446 	int ipfd_lowstr;  /* IP stream (lower stream of mux) to be plinked */
2447 	int arpfd_lowstr; /* ARP stream (lower stream of mux) to be plinked */
2448 	struct strmodconf mod;
2449 	char *at_char = "@";
2450 	char *arg_str;
2451 	int orig_arpid;
2452 
2453 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2454 
2455 	/* Need to save the original string for -a option. */
2456 	if ((arg_str = malloc(strlen(arg) + 1)) == NULL) {
2457 		Perror0("cannot malloc");
2458 		return (-1);
2459 	}
2460 	(void) strcpy(arg_str, arg);
2461 
2462 	if (*arg_str == *at_char) {
2463 		(void) fprintf(stderr,
2464 		    "ifconfig: must supply a module name\n");
2465 		exit(1);
2466 	}
2467 	mod.mod_name = strtok(arg_str, at_char);
2468 	if (strlen(mod.mod_name) > FMNAMESZ) {
2469 		(void) fprintf(stderr, "ifconfig: module name too long: %s\n",
2470 		    mod.mod_name);
2471 		exit(1);
2472 	}
2473 
2474 	/*
2475 	 * Need to make sure that the core TCP/IP stack modules are not
2476 	 * removed.  Otherwise, "bad" things can happen.  If a module
2477 	 * is removed and inserted back, it loses its old state.  But
2478 	 * the modules above it still have the old state.  E.g. IP assumes
2479 	 * fast data path while tunnel after re-inserted assumes that it can
2480 	 * receive M_DATA only in fast data path for which it does not have
2481 	 * any state.  This is a general caveat of _I_REMOVE/_I_INSERT.
2482 	 */
2483 	if (op == MODREMOVE_OP &&
2484 	    (strcmp(mod.mod_name, ARP_MOD_NAME) == 0 ||
2485 	    strcmp(mod.mod_name, IP_MOD_NAME) == 0 ||
2486 	    strcmp(mod.mod_name, TUN_NAME) == 0 ||
2487 	    strcmp(mod.mod_name, ATUN_NAME) == 0 ||
2488 	    strcmp(mod.mod_name, TUN6TO4_NAME) == 0)) {
2489 		(void) fprintf(stderr, "ifconfig: cannot remove %s\n",
2490 		    mod.mod_name);
2491 		exit(1);
2492 	}
2493 
2494 	if ((pos_p = strtok(NULL, at_char)) == NULL) {
2495 		(void) fprintf(stderr, "ifconfig: must supply a position\n");
2496 		exit(1);
2497 	}
2498 	mod.pos = atoi(pos_p);
2499 
2500 	if (ip_domux2fd(&muxfd, &ipfd_lowstr, &arpfd_lowstr,
2501 	    &orig_arpid) < 0) {
2502 		free(arg_str);
2503 		return (-1);
2504 	}
2505 	switch (op) {
2506 	case MODINSERT_OP:
2507 		if (debug > 0) {
2508 			(void) printf("Inserting module %s at %d\n",
2509 			    mod.mod_name, mod.pos);
2510 		}
2511 		if (ioctl(ipfd_lowstr, _I_INSERT, (caddr_t)&mod) < 0) {
2512 			Perror2("fail to insert module", mod.mod_name);
2513 		}
2514 		break;
2515 	case MODREMOVE_OP:
2516 		if (debug > 0) {
2517 			(void) printf("Removing module %s at %d\n",
2518 			    mod.mod_name, mod.pos);
2519 		}
2520 		if (ioctl(ipfd_lowstr, _I_REMOVE, (caddr_t)&mod) < 0) {
2521 			Perror2("fail to remove module", mod.mod_name);
2522 		}
2523 		break;
2524 	default:
2525 		/* Should never get to here. */
2526 		(void) fprintf(stderr, "Unknown operation\n");
2527 		break;
2528 	}
2529 	free(arg_str);
2530 	return (ip_plink(muxfd, ipfd_lowstr, arpfd_lowstr, orig_arpid));
2531 }
2532 
2533 /*
2534  * Set tunnel source address
2535  */
2536 /* ARGSUSED */
2537 static int
2538 setiftsrc(char *addr, int64_t param)
2539 {
2540 	return (settaddr(addr, icfg_set_tunnel_src));
2541 }
2542 
2543 /*
2544  * Set tunnel destination address
2545  */
2546 /* ARGSUSED */
2547 static int
2548 setiftdst(char *addr, int64_t param)
2549 {
2550 	return (settaddr(addr, icfg_set_tunnel_dest));
2551 }
2552 
2553 /*
2554  * sets tunnels src|dst address.  settaddr() expects the following:
2555  * addr: Points to a printable string containing the address to be
2556  *       set, e.g. 129.153.128.110.
2557  * fn:   Pointer to a libinetcfg routine that will do the actual work.
2558  *       The only valid functions are icfg_set_tunnel_src and
2559  *       icfg_set_tunnel_dest.
2560  */
2561 static int
2562 settaddr(char *addr,
2563     int (*fn)(icfg_handle_t, const struct sockaddr *, socklen_t))
2564 {
2565 	icfg_handle_t handle;
2566 	icfg_if_t interface;
2567 	struct sockaddr_storage laddr;
2568 	int lower;
2569 	int rc;
2570 
2571 	if (strchr(name, ':') != NULL) {
2572 		errno = EPERM;
2573 		Perror0_exit("Tunnel params on logical interfaces");
2574 	}
2575 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2576 	interface.if_protocol = SOCKET_AF(af);
2577 
2578 	/* Open interface. */
2579 	if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS)
2580 		Perror0_exit((char *)icfg_errmsg(rc));
2581 
2582 	rc = icfg_get_tunnel_lower(handle, &lower);
2583 	if (rc != ICFG_SUCCESS)
2584 		Perror0_exit((char *)icfg_errmsg(rc));
2585 
2586 	if (lower == AF_INET) {
2587 		in_getaddr(addr, (struct sockaddr *)&laddr, NULL);
2588 	} else {
2589 		in6_getaddr(addr, (struct sockaddr *)&laddr, NULL);
2590 	}
2591 
2592 	/* Call fn to do the real work, and close the interface. */
2593 	rc = (*fn)(handle, (struct sockaddr *)&laddr,
2594 	    sizeof (struct sockaddr_storage));
2595 	icfg_close(handle);
2596 
2597 	if (rc != ICFG_SUCCESS)
2598 		Perror0_exit((char *)icfg_errmsg(rc));
2599 
2600 	return (0);
2601 }
2602 
2603 /* Set tunnel encapsulation limit. */
2604 /* ARGSUSED */
2605 static int
2606 set_tun_encap_limit(char *arg, int64_t param)
2607 {
2608 	short limit;
2609 	icfg_if_t interface;
2610 	icfg_handle_t handle;
2611 	int rc;
2612 
2613 	if (strchr(name, ':') != NULL) {
2614 		errno = EPERM;
2615 		Perror0_exit("Tunnel params on logical interfaces");
2616 	}
2617 
2618 	if ((sscanf(arg, "%hd", &limit) != 1) || (limit < 0) ||
2619 	    (limit > 255)) {
2620 		errno = EINVAL;
2621 		Perror0_exit("Invalid encapsulation limit");
2622 	}
2623 
2624 	/* Open interface for configuration. */
2625 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2626 	interface.if_protocol = SOCKET_AF(af);
2627 	if (icfg_open(&handle, &interface) != ICFG_SUCCESS)
2628 		Perror0_exit("couldn't open interface");
2629 
2630 	rc = icfg_set_tunnel_encaplimit(handle, (int)limit);
2631 	icfg_close(handle);
2632 
2633 	if (rc != ICFG_SUCCESS)
2634 		Perror0_exit("Could not configure tunnel encapsulation limit");
2635 
2636 	return (0);
2637 }
2638 
2639 /* Disable encapsulation limit. */
2640 /* ARGSUSED */
2641 static int
2642 clr_tun_encap_limit(char *arg, int64_t param)
2643 {
2644 	icfg_if_t interface;
2645 	icfg_handle_t handle;
2646 	int rc;
2647 
2648 	if (strchr(name, ':') != NULL) {
2649 		errno = EPERM;
2650 		Perror0_exit("Tunnel params on logical interfaces");
2651 	}
2652 
2653 	/* Open interface for configuration. */
2654 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2655 	interface.if_protocol = SOCKET_AF(af);
2656 	if (icfg_open(&handle, &interface) != ICFG_SUCCESS)
2657 		Perror0_exit("couldn't open interface");
2658 
2659 	rc = icfg_set_tunnel_encaplimit(handle, -1);
2660 	icfg_close(handle);
2661 
2662 	if (rc != ICFG_SUCCESS)
2663 		Perror0_exit((char *)icfg_errmsg(rc));
2664 
2665 	return (0);
2666 }
2667 
2668 /* Set tunnel hop limit. */
2669 /* ARGSUSED */
2670 static int
2671 set_tun_hop_limit(char *arg, int64_t param)
2672 {
2673 	unsigned short limit;
2674 	icfg_if_t interface;
2675 	icfg_handle_t handle;
2676 	int rc;
2677 
2678 	if (strchr(name, ':') != NULL) {
2679 		errno = EPERM;
2680 		Perror0_exit("Tunnel params on logical interfaces");
2681 	}
2682 
2683 	/*
2684 	 * Check limit here since it's really only an 8-bit unsigned quantity.
2685 	 */
2686 	if ((sscanf(arg, "%hu", &limit) != 1) || (limit > 255)) {
2687 		errno = EINVAL;
2688 		Perror0_exit("Invalid hop limit");
2689 	}
2690 
2691 	/* Open interface for configuration. */
2692 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
2693 	interface.if_protocol = SOCKET_AF(af);
2694 	if (icfg_open(&handle, &interface) != ICFG_SUCCESS)
2695 		Perror0_exit("couldn't open interface");
2696 
2697 	rc = icfg_set_tunnel_hoplimit(handle, (uint8_t)limit);
2698 	icfg_close(handle);
2699 
2700 	if (rc != ICFG_SUCCESS)
2701 		Perror0_exit("Could not configure tunnel hop limit");
2702 
2703 	return (0);
2704 }
2705 
2706 /* Set zone ID */
2707 static int
2708 setzone(char *arg, int64_t param)
2709 {
2710 	zoneid_t zoneid = GLOBAL_ZONEID;
2711 
2712 	if (param == NEXTARG) {
2713 		/* zone must be active */
2714 		if ((zoneid = getzoneidbyname(arg)) == -1) {
2715 			(void) fprintf(stderr,
2716 			    "ifconfig: unknown zone '%s'\n", arg);
2717 			exit(1);
2718 		}
2719 	}
2720 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2721 	lifr.lifr_zoneid = zoneid;
2722 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2723 		Perror0_exit("SIOCSLIFZONE");
2724 	return (0);
2725 }
2726 
2727 /* Put interface into all zones */
2728 /* ARGSUSED */
2729 static int
2730 setallzones(char *arg, int64_t param)
2731 {
2732 	(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2733 	lifr.lifr_zoneid = ALL_ZONES;
2734 	if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) == -1)
2735 		Perror0_exit("SIOCSLIFZONE");
2736 	return (0);
2737 }
2738 
2739 /* Set source address to use */
2740 /* ARGSUSED */
2741 static int
2742 setifsrc(char *arg, int64_t param)
2743 {
2744 	uint_t ifindex = 0;
2745 	int rval;
2746 
2747 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2748 
2749 	/*
2750 	 * Argument can be either an interface name or "none". The latter means
2751 	 * that any previous selection is cleared.
2752 	 */
2753 
2754 	rval = strcmp(arg, name);
2755 	if (rval == 0) {
2756 		(void) fprintf(stderr,
2757 		    "ifconfig: Cannot specify same interface for usesrc"
2758 		    " group\n");
2759 		exit(1);
2760 	}
2761 
2762 	rval = strcmp(arg, NONE_STR);
2763 	if (rval != 0) {
2764 		if ((ifindex = if_nametoindex(arg)) == 0) {
2765 			(void) strncpy(lifr.lifr_name, arg, LIFNAMSIZ);
2766 			Perror0_exit("Could not get interface index");
2767 		}
2768 		lifr.lifr_index = ifindex;
2769 	} else {
2770 		if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) != 0)
2771 			Perror0_exit("Not a valid usesrc consumer");
2772 		lifr.lifr_index = 0;
2773 	}
2774 
2775 	if (debug)
2776 		(void) printf("setifsrc: lifr_name %s, lifr_index %d\n",
2777 		    lifr.lifr_name, lifr.lifr_index);
2778 
2779 	if (ioctl(s, SIOCSLIFUSESRC, (caddr_t)&lifr) == -1) {
2780 		if (rval == 0)
2781 			Perror0_exit("Cannot reset usesrc group");
2782 		else
2783 			Perror0_exit("Could not set source interface");
2784 	}
2785 
2786 	return (0);
2787 }
2788 
2789 /*
2790  * Print the interface status line associated with `ifname'
2791  */
2792 static void
2793 ifstatus(const char *ifname)
2794 {
2795 	uint64_t flags;
2796 	char if_usesrc_name[LIFNAMSIZ];
2797 	char *newbuf;
2798 	int n, numifs, rval = 0;
2799 	struct lifreq *lifrp;
2800 	struct lifsrcof lifs;
2801 
2802 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2803 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2804 		Perror0_exit("status: SIOCGLIFFLAGS");
2805 	}
2806 	flags = lifr.lifr_flags;
2807 
2808 	/*
2809 	 * In V4 compatibility mode, we don't print the IFF_IPV4 flag or
2810 	 * interfaces with IFF_IPV6 set.
2811 	 */
2812 	if (v4compat) {
2813 		flags &= ~IFF_IPV4;
2814 		if (flags & IFF_IPV6)
2815 			return;
2816 	}
2817 
2818 	(void) printf("%s: ", ifname);
2819 	print_flags(flags);
2820 
2821 	(void) strncpy(lifr.lifr_name, ifname, sizeof (lifr.lifr_name));
2822 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
2823 		Perror0_exit("status: SIOCGLIFMETRIC");
2824 	} else {
2825 		if (lifr.lifr_metric)
2826 			(void) printf(" metric %d", lifr.lifr_metric);
2827 	}
2828 	if (ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
2829 		(void) printf(" mtu %d", lifr.lifr_metric);
2830 
2831 	/* don't print index or zone when in compatibility mode */
2832 	if (!v4compat) {
2833 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
2834 			(void) printf(" index %d", lifr.lifr_index);
2835 		if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifr) >= 0 &&
2836 		    lifr.lifr_zoneid != getzoneid()) {
2837 			char zone_name[ZONENAME_MAX];
2838 
2839 			if (lifr.lifr_zoneid == ALL_ZONES) {
2840 				(void) printf("\n\tall-zones");
2841 			} else if (getzonenamebyid(lifr.lifr_zoneid, zone_name,
2842 			    sizeof (zone_name)) < 0) {
2843 				(void) printf("\n\tzone %d", lifr.lifr_zoneid);
2844 			} else {
2845 				(void) printf("\n\tzone %s", zone_name);
2846 			}
2847 		}
2848 	}
2849 
2850 	if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0) {
2851 		lifs.lifs_ifindex = lifr.lifr_index;
2852 
2853 		/*
2854 		 * Find the number of interfaces that use this interfaces'
2855 		 * address as a source address
2856 		 */
2857 		lifs.lifs_buf = NULL;
2858 		lifs.lifs_maxlen = 0;
2859 		for (;;) {
2860 			/* The first pass will give the bufsize we need */
2861 			rval = ioctl(s, SIOCGLIFSRCOF, (char *)&lifs);
2862 			if (rval < 0) {
2863 				if (lifs.lifs_buf != NULL) {
2864 					free(lifs.lifs_buf);
2865 					lifs.lifs_buf = NULL;
2866 				}
2867 				lifs.lifs_len = 0;
2868 				break;
2869 			}
2870 			if (lifs.lifs_len <= lifs.lifs_maxlen)
2871 				break;
2872 			/* Use kernel's size + a small margin to avoid loops */
2873 			lifs.lifs_maxlen = lifs.lifs_len +
2874 			    5 * sizeof (struct lifreq);
2875 			/* For the first pass, realloc acts like malloc */
2876 			newbuf = realloc(lifs.lifs_buf, lifs.lifs_maxlen);
2877 			if (newbuf == NULL) {
2878 				if (lifs.lifs_buf != NULL) {
2879 					free(lifs.lifs_buf);
2880 					lifs.lifs_buf = NULL;
2881 				}
2882 				lifs.lifs_len = 0;
2883 				break;
2884 			}
2885 			lifs.lifs_buf = newbuf;
2886 		}
2887 
2888 
2889 		numifs = lifs.lifs_len / sizeof (struct lifreq);
2890 		if (numifs > 0) {
2891 			lifrp = lifs.lifs_req;
2892 			(void) printf("\n\tsrcof");
2893 			for (n = numifs; n > 0; n--, lifrp++) {
2894 				(void) printf(" %s", lifrp->lifr_name);
2895 			}
2896 		}
2897 
2898 		if (lifs.lifs_buf != NULL)
2899 			free(lifs.lifs_buf);
2900 	}
2901 
2902 	/* Find the interface whose source address this interface uses */
2903 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
2904 		if (lifr.lifr_index != 0) {
2905 			if (if_indextoname(lifr.lifr_index,
2906 			    if_usesrc_name) == NULL) {
2907 				(void) printf("\n\tusesrc ifIndex %d",
2908 				    lifr.lifr_index);
2909 			} else {
2910 				(void) printf("\n\tusesrc %s", if_usesrc_name);
2911 			}
2912 		}
2913 	}
2914 
2915 	(void) putchar('\n');
2916 }
2917 
2918 
2919 /*
2920  * Print the status of the interface.  If an address family was
2921  * specified, show it and it only; otherwise, show them all.
2922  */
2923 static void
2924 status(void)
2925 {
2926 	struct afswtch *p = afp;
2927 	uint64_t flags;
2928 
2929 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2930 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2931 		Perror0_exit("status: SIOCGLIFFLAGS");
2932 	}
2933 
2934 	flags = lifr.lifr_flags;
2935 
2936 	/*
2937 	 * Only print the interface status if the address family matches
2938 	 * the interface family flag.
2939 	 */
2940 	if (p != NULL) {
2941 		if (((p->af_af == AF_INET6) && (flags & IFF_IPV4)) ||
2942 		    ((p->af_af == AF_INET) && (flags & IFF_IPV6)))
2943 			return;
2944 	}
2945 
2946 	/*
2947 	 * In V4 compatibility mode, don't print IFF_IPV6 interfaces.
2948 	 */
2949 	if (v4compat && (flags & IFF_IPV6))
2950 		return;
2951 
2952 	ifstatus(name);
2953 
2954 	if (p != NULL) {
2955 		(*p->af_status)(1, flags);
2956 	} else {
2957 		for (p = afs; p->af_name; p++) {
2958 			(void) close(s);
2959 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
2960 			/* set global af for use in p->af_status */
2961 			af = p->af_af;
2962 			if (s == -1) {
2963 				Perror0_exit("socket");
2964 			}
2965 			(*p->af_status)(0, flags);
2966 		}
2967 
2968 		/*
2969 		 * Historically, 'ether' has been an address family,
2970 		 * so print it here.
2971 		 */
2972 		print_ifether(name);
2973 	}
2974 }
2975 
2976 /*
2977  * Print the status of the interface in a format that can be used to
2978  * reconfigure the interface later. Code stolen from status() above.
2979  */
2980 /* ARGSUSED */
2981 static int
2982 configinfo(char *null, int64_t param)
2983 {
2984 	struct afswtch *p = afp;
2985 	uint64_t flags;
2986 	char phydevname[LIFNAMSIZ];
2987 	char if_usesrc_name[LIFNAMSIZ];
2988 	char *cp;
2989 
2990 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
2991 	if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2992 		Perror0_exit("status: SIOCGLIFFLAGS");
2993 	}
2994 	flags = lifr.lifr_flags;
2995 
2996 	if (debug) {
2997 		(void) printf("configinfo: name %s flags  0x%llx af_af %d\n",
2998 		    name, flags, p != NULL ? p->af_af : -1);
2999 	}
3000 
3001 	/* remove LIF component */
3002 	(void) strncpy(phydevname, name, sizeof (phydevname));
3003 	cp = strchr(phydevname, ':');
3004 	if (cp) {
3005 		*cp = 0;
3006 	}
3007 	phydevname[sizeof (phydevname) - 1] = '\0';
3008 
3009 	/*
3010 	 * if the interface is IPv4
3011 	 *	if we have a IPv6 address family restriction return
3012 	 *		so it won't print
3013 	 *	if we are in IPv4 compatibility mode, clear out IFF_IPV4
3014 	 *		so we don't print it.
3015 	 */
3016 	if (flags & IFF_IPV4) {
3017 		if (p && p->af_af == AF_INET6)
3018 			return (-1);
3019 		if (v4compat)
3020 			flags &= ~IFF_IPV4;
3021 
3022 		(void) printf("%s inet plumb", phydevname);
3023 	} else if (flags & IFF_IPV6) {
3024 		/*
3025 		 * else if the interface is IPv6
3026 		 *	if we have a IPv4 address family restriction return
3027 		 *	or we are in IPv4 compatibiltiy mode, return.
3028 		 */
3029 		if (p && p->af_af == AF_INET)
3030 			return (-1);
3031 		if (v4compat)
3032 			return (-1);
3033 
3034 		(void) printf("%s inet6 plumb", phydevname);
3035 	}
3036 
3037 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3038 	if (ioctl(s, SIOCGLIFMETRIC, (caddr_t)&lifr) < 0) {
3039 		Perror0_exit("configinfo: SIOCGLIFMETRIC");
3040 	} else {
3041 		if (lifr.lifr_metric)
3042 			(void) printf(" metric %d ", lifr.lifr_metric);
3043 	}
3044 	if (((flags & (IFF_VIRTUAL|IFF_LOOPBACK)) != IFF_VIRTUAL) &&
3045 		ioctl(s, SIOCGLIFMTU, (caddr_t)&lifr) >= 0)
3046 		(void) printf(" mtu %d", lifr.lifr_metric);
3047 
3048 	/* don't print index when in compatibility mode */
3049 	if (!v4compat) {
3050 		if (ioctl(s, SIOCGLIFINDEX, (caddr_t)&lifr) >= 0)
3051 			(void) printf(" index %d", lifr.lifr_index);
3052 	}
3053 
3054 	if (ioctl(s, SIOCGLIFUSESRC, (caddr_t)&lifr) == 0) {
3055 		if (lifr.lifr_index != 0) {
3056 			if (if_indextoname(lifr.lifr_index,
3057 			    if_usesrc_name) != NULL) {
3058 				(void) printf(" usesrc %s", if_usesrc_name);
3059 			}
3060 		}
3061 	}
3062 
3063 	if (p != NULL) {
3064 		(*p->af_configinfo)(1, flags);
3065 	} else {
3066 		for (p = afs; p->af_name; p++) {
3067 			(void) close(s);
3068 			s = socket(SOCKET_AF(p->af_af), SOCK_DGRAM, 0);
3069 			/* set global af for use in p->af_configinfo */
3070 			af = p->af_af;
3071 			if (s == -1) {
3072 				Perror0_exit("socket");
3073 			}
3074 			(*p->af_configinfo)(0, flags);
3075 		}
3076 	}
3077 
3078 	(void) printf("\n");
3079 
3080 	return (0);
3081 }
3082 
3083 static void
3084 print_tsec(struct iftun_req *tparams)
3085 {
3086 	ipsec_req_t *ipsr;
3087 
3088 	(void) printf("\ttunnel security settings  ");
3089 	/*
3090 	 * Deal with versioning, for now just point
3091 	 * an ipsec_req_t at ifta_secinfo.  If versions
3092 	 * change, something else will overlay ifta_secinfo.
3093 	 */
3094 	assert(tparams->ifta_vers == IFTUN_VERSION);
3095 
3096 	ipsr = (ipsec_req_t *)(&tparams->ifta_secinfo);
3097 	if (ipsr->ipsr_ah_req & IPSEC_PREF_REQUIRED) {
3098 		(void) printf("ah (%s)  ",
3099 		    rparsealg(ipsr->ipsr_auth_alg, IPSEC_PROTO_AH));
3100 	}
3101 	if (ipsr->ipsr_esp_req & IPSEC_PREF_REQUIRED) {
3102 		(void) printf("esp (%s",
3103 		    rparsealg(ipsr->ipsr_esp_alg, IPSEC_PROTO_ESP));
3104 		(void) printf("/%s)",
3105 		    rparsealg(ipsr->ipsr_esp_auth_alg, IPSEC_PROTO_AH));
3106 	}
3107 	(void) printf("\n");
3108 }
3109 
3110 static void
3111 tun_status(void)
3112 {
3113 	icfg_if_t interface;
3114 	int rc;
3115 	icfg_handle_t handle;
3116 	int protocol;
3117 	char srcbuf[INET6_ADDRSTRLEN];
3118 	char dstbuf[INET6_ADDRSTRLEN];
3119 	boolean_t tabbed;
3120 	uint8_t hoplimit;
3121 	int16_t encaplimit;
3122 	struct sockaddr_storage taddr;
3123 	socklen_t socklen = sizeof (taddr);
3124 
3125 	(void) strncpy(interface.if_name, name, sizeof (interface.if_name));
3126 	interface.if_protocol = SOCKET_AF(af);
3127 	if ((rc = icfg_open(&handle, &interface)) != ICFG_SUCCESS)
3128 		Perror0_exit((char *)icfg_errmsg(rc));
3129 
3130 	/*
3131 	 * only print tunnel info for lun 0.  If ioctl fails, assume
3132 	 * we are not a tunnel
3133 	 */
3134 	if (strchr(name, ':') != NULL ||
3135 	    icfg_get_tunnel_lower(handle, &protocol) != ICFG_SUCCESS) {
3136 		icfg_close(handle);
3137 		return;
3138 	}
3139 
3140 	switch (protocol) {
3141 	case AF_INET:
3142 		(void) printf("\tinet");
3143 		break;
3144 	case AF_INET6:
3145 		(void) printf("\tinet6");
3146 		break;
3147 	default:
3148 		Perror0_exit("\ttunnel: Illegal lower stream\n\t");
3149 		break;
3150 	}
3151 
3152 	rc = icfg_get_tunnel_src(handle, (struct sockaddr *)&taddr, &socklen);
3153 	if (rc == ICFG_NOT_SET) {
3154 		(void) strlcpy(srcbuf, (protocol == AF_INET) ? "0.0.0.0" :
3155 		    "::", sizeof (srcbuf));
3156 	} else if (rc != ICFG_SUCCESS) {
3157 		Perror0_exit((char *)icfg_errmsg(rc));
3158 	} else {
3159 		rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr,
3160 		    srcbuf, sizeof (srcbuf));
3161 		if (rc != ICFG_SUCCESS) {
3162 			Perror0_exit((char *)icfg_errmsg(rc));
3163 		}
3164 	}
3165 
3166 	(void) printf(" tunnel src %s ", srcbuf);
3167 
3168 	rc = icfg_get_tunnel_dest(handle, (struct sockaddr *)&taddr, &socklen);
3169 	if (rc == ICFG_NOT_SET) {
3170 		(void) printf("\n");
3171 	} else {
3172 		rc = icfg_sockaddr_to_str(protocol, (struct sockaddr *)&taddr,
3173 		    dstbuf, sizeof (dstbuf));
3174 		if (rc != ICFG_SUCCESS) {
3175 			Perror0_exit((char *)icfg_errmsg(rc));
3176 		}
3177 		(void) printf("tunnel dst %s\n", dstbuf);
3178 	}
3179 
3180 	if (handle->ifh_tunnel_params != NULL &&
3181 	    (handle->ifh_tunnel_params->ifta_flags & IFTUN_SECURITY))
3182 		print_tsec(handle->ifh_tunnel_params);
3183 
3184 	/*
3185 	 * tabbed indicates tabbed and printed.  Use it tell us whether
3186 	 * to tab and that we've printed something here, so we need a
3187 	 * newline
3188 	 */
3189 	tabbed = _B_FALSE;
3190 
3191 	if (icfg_get_tunnel_hoplimit(handle, &hoplimit) == ICFG_SUCCESS) {
3192 		(void) printf("\ttunnel hop limit %d ", hoplimit);
3193 		tabbed = _B_TRUE;
3194 	}
3195 
3196 	if ((protocol == AF_INET6) &&
3197 	    (icfg_get_tunnel_encaplimit(handle, &encaplimit) ==
3198 		ICFG_SUCCESS)) {
3199 		if (!tabbed) {
3200 			(void) printf("\t");
3201 			tabbed = _B_TRUE;
3202 		}
3203 		if (encaplimit >= 0) {
3204 			(void) printf("tunnel encapsulation limit %d",
3205 			    encaplimit);
3206 		} else {
3207 			(void) printf("tunnel encapsulation limit disabled");
3208 		}
3209 	}
3210 
3211 	if (tabbed)
3212 		(void) printf("\n");
3213 
3214 	icfg_close(handle);
3215 }
3216 
3217 static void
3218 in_status(int force, uint64_t flags)
3219 {
3220 	struct sockaddr_in *sin, *laddr;
3221 	struct	sockaddr_in netmask = { AF_INET };
3222 
3223 	if (debug)
3224 		(void) printf("in_status(%s) flags 0x%llx\n", name, flags);
3225 
3226 	/* only print status for IPv4 interfaces */
3227 	if (!(flags & IFF_IPV4))
3228 		return;
3229 
3230 	/* if the interface is a tunnel, print the tunnel status */
3231 	tun_status();
3232 
3233 	if (!(flags & IFF_NOLOCAL)) {
3234 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3235 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3236 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3237 			    errno == ENXIO) {
3238 				if (!force)
3239 					return;
3240 				(void) memset(&lifr.lifr_addr, 0,
3241 				    sizeof (lifr.lifr_addr));
3242 			} else
3243 				Perror0_exit("in_status: SIOCGLIFADDR");
3244 		}
3245 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3246 		(void) printf("\tinet %s ", inet_ntoa(sin->sin_addr));
3247 		laddr = sin;
3248 	} else {
3249 		(void) printf("\tinet ");
3250 	}
3251 
3252 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3253 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3254 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3255 		    errno == ENXIO) {
3256 			if (!force)
3257 				return;
3258 			(void) memset(&lifr.lifr_addr, 0,
3259 			    sizeof (lifr.lifr_addr));
3260 		} else {
3261 			Perror0_exit("in_status: SIOCGLIFSUBNET");
3262 		}
3263 	}
3264 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3265 	if ((flags & IFF_NOLOCAL) ||
3266 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3267 		(void) printf("subnet %s/%d ", inet_ntoa(sin->sin_addr),
3268 		    lifr.lifr_addrlen);
3269 	}
3270 	if (sin->sin_family != AF_INET) {
3271 		(void) printf("Wrong family: %d\n", sin->sin_family);
3272 	}
3273 
3274 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3275 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3276 		if (errno != EADDRNOTAVAIL)
3277 			Perror0_exit("in_status: SIOCGLIFNETMASK");
3278 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3279 	} else
3280 		netmask.sin_addr =
3281 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3282 	if (flags & IFF_POINTOPOINT) {
3283 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3284 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3285 			if (errno == EADDRNOTAVAIL)
3286 				(void) memset(&lifr.lifr_addr, 0,
3287 				    sizeof (lifr.lifr_addr));
3288 			else
3289 			    Perror0_exit("in_status: SIOCGLIFDSTADDR");
3290 		}
3291 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3292 		(void) printf("--> %s ", inet_ntoa(sin->sin_addr));
3293 	}
3294 	(void) printf("netmask %x ", ntohl(netmask.sin_addr.s_addr));
3295 	if (flags & IFF_BROADCAST) {
3296 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3297 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3298 			if (errno == EADDRNOTAVAIL)
3299 				(void) memset(&lifr.lifr_addr, 0,
3300 				    sizeof (lifr.lifr_addr));
3301 			else
3302 			    Perror0_exit("in_status: SIOCGLIFBRDADDR");
3303 		}
3304 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3305 		if (sin->sin_addr.s_addr != 0) {
3306 			(void) printf("broadcast %s",
3307 			    inet_ntoa(sin->sin_addr));
3308 		}
3309 	}
3310 	/* If there is a groupname, print it for lun 0 alone */
3311 	if (strchr(name, ':') == NULL) {
3312 		(void) memset(lifr.lifr_groupname, 0,
3313 		    sizeof (lifr.lifr_groupname));
3314 		if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) {
3315 			if (strlen(lifr.lifr_groupname) > 0) {
3316 				(void) printf("\n\tgroupname %s",
3317 				    lifr.lifr_groupname);
3318 			}
3319 		}
3320 	}
3321 	(void) putchar('\n');
3322 }
3323 
3324 static void
3325 in6_status(int force, uint64_t flags)
3326 {
3327 	char abuf[INET6_ADDRSTRLEN];
3328 	struct sockaddr_in6 *sin6, *laddr6;
3329 
3330 	if (debug)
3331 		(void) printf("in6_status(%s) flags 0x%llx\n", name, flags);
3332 
3333 	if (!(flags & IFF_IPV6))
3334 		return;
3335 
3336 	/* if the interface is a tunnel, print the tunnel status */
3337 	tun_status();
3338 
3339 	if (!(flags & IFF_NOLOCAL)) {
3340 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3341 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3342 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3343 			    errno == ENXIO) {
3344 				if (!force)
3345 					return;
3346 				(void) memset(&lifr.lifr_addr, 0,
3347 				    sizeof (lifr.lifr_addr));
3348 			} else
3349 				Perror0_exit("in_status6: SIOCGLIFADDR");
3350 		}
3351 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3352 		(void) printf("\tinet6 %s/%d ",
3353 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3354 		    abuf, sizeof (abuf)),
3355 		    lifr.lifr_addrlen);
3356 		laddr6 = sin6;
3357 	} else {
3358 		(void) printf("\tinet6 ");
3359 	}
3360 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3361 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3362 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3363 		    errno == ENXIO) {
3364 			if (!force)
3365 				return;
3366 			(void) memset(&lifr.lifr_addr, 0,
3367 			    sizeof (lifr.lifr_addr));
3368 		} else
3369 			Perror0_exit("in_status6: SIOCGLIFSUBNET");
3370 	}
3371 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3372 	if ((flags & IFF_NOLOCAL) ||
3373 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3374 		(void) printf("subnet %s/%d ",
3375 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3376 		    abuf, sizeof (abuf)),
3377 		    lifr.lifr_addrlen);
3378 	}
3379 	if (sin6->sin6_family != AF_INET6) {
3380 		(void) printf("Wrong family: %d\n", sin6->sin6_family);
3381 	}
3382 	if (flags & IFF_POINTOPOINT) {
3383 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3384 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3385 			if (errno == EADDRNOTAVAIL)
3386 				(void) memset(&lifr.lifr_addr, 0,
3387 				    sizeof (lifr.lifr_addr));
3388 			else
3389 			    Perror0_exit("in_status6: SIOCGLIFDSTADDR");
3390 		}
3391 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3392 		(void) printf("--> %s ",
3393 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3394 		    abuf, sizeof (abuf)));
3395 	}
3396 	if (verbose) {
3397 		(void) putchar('\n');
3398 		(void) putchar('\t');
3399 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3400 		if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3401 			if (errno == EADDRNOTAVAIL || errno == EINVAL)
3402 				(void) memset(&lifr.lifr_addr, 0,
3403 				    sizeof (lifr.lifr_addr));
3404 			else
3405 			    Perror0_exit("in_status6: SIOCGLIFTOKEN");
3406 		} else {
3407 			sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3408 			(void) printf("token %s/%d ",
3409 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3410 			    abuf, sizeof (abuf)),
3411 			    lifr.lifr_addrlen);
3412 		}
3413 		if (ioctl(s, SIOCGLIFLNKINFO, (caddr_t)&lifr) < 0) {
3414 			if (errno != EINVAL) {
3415 				Perror0_exit("in_status6: SIOCGLIFLNKINFO");
3416 			}
3417 		} else {
3418 			(void) printf("maxhops %u, reachtime %u ms, "
3419 			    "reachretrans %u ms, maxmtu %u ",
3420 			    lifr.lifr_ifinfo.lir_maxhops,
3421 			    lifr.lifr_ifinfo.lir_reachtime,
3422 			    lifr.lifr_ifinfo.lir_reachretrans,
3423 			    lifr.lifr_ifinfo.lir_maxmtu);
3424 		}
3425 	}
3426 	/* If there is a groupname, print it for lun 0 alone */
3427 	if (strchr(name, ':') == NULL) {
3428 		(void) memset(lifr.lifr_groupname, 0,
3429 		    sizeof (lifr.lifr_groupname));
3430 		if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) {
3431 			if (strlen(lifr.lifr_groupname) > 0) {
3432 				(void) printf("\n\tgroupname %s",
3433 				    lifr.lifr_groupname);
3434 			}
3435 		}
3436 	}
3437 	(void) putchar('\n');
3438 }
3439 
3440 static void
3441 in_configinfo(int force, uint64_t flags)
3442 {
3443 	struct sockaddr_in *sin, *laddr;
3444 	struct	sockaddr_in netmask = { AF_INET };
3445 
3446 	if (debug)
3447 		(void) printf("in_configinfo(%s) flags 0x%llx\n", name, flags);
3448 
3449 	/* only configinfo info for IPv4 interfaces */
3450 	if (!(flags & IFF_IPV4))
3451 		return;
3452 
3453 	if (!(flags & IFF_NOLOCAL)) {
3454 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3455 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3456 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3457 			    errno == ENXIO) {
3458 				if (!force)
3459 					return;
3460 				(void) memset(&lifr.lifr_addr, 0,
3461 				    sizeof (lifr.lifr_addr));
3462 			} else
3463 				Perror0_exit("in_configinfo: SIOCGLIFADDR");
3464 		}
3465 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3466 		if (get_lun(name) != 0) {
3467 			(void) printf(" addif %s ", inet_ntoa(sin->sin_addr));
3468 		} else {
3469 			(void) printf(" set %s ", inet_ntoa(sin->sin_addr));
3470 		}
3471 		laddr = sin;
3472 	}
3473 
3474 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3475 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3476 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3477 		    errno == ENXIO) {
3478 			if (!force)
3479 				return;
3480 			(void) memset(&lifr.lifr_addr, 0,
3481 			    sizeof (lifr.lifr_addr));
3482 		} else {
3483 			Perror0_exit("in_configinfo: SIOCGLIFSUBNET");
3484 		}
3485 	}
3486 	sin = (struct sockaddr_in *)&lifr.lifr_addr;
3487 
3488 	if ((flags & IFF_NOLOCAL) ||
3489 	    sin->sin_addr.s_addr != laddr->sin_addr.s_addr) {
3490 		(void) printf(" subnet %s/%d ", inet_ntoa(sin->sin_addr),
3491 		    lifr.lifr_addrlen);
3492 	}
3493 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3494 	if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0) {
3495 		if (errno != EADDRNOTAVAIL)
3496 			Perror0_exit("in_configinfo: SIOCGLIFNETMASK");
3497 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3498 	} else
3499 		netmask.sin_addr =
3500 		    ((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr;
3501 	if (flags & IFF_POINTOPOINT) {
3502 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3503 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3504 			if (errno == EADDRNOTAVAIL)
3505 				(void) memset(&lifr.lifr_addr, 0,
3506 				    sizeof (lifr.lifr_addr));
3507 			else
3508 			    Perror0_exit("in_configinfo: SIOCGLIFDSTADDR");
3509 		}
3510 		sin = (struct sockaddr_in *)&lifr.lifr_dstaddr;
3511 		(void) printf(" destination %s ", inet_ntoa(sin->sin_addr));
3512 	}
3513 	(void) printf(" netmask 0x%x ", ntohl(netmask.sin_addr.s_addr));
3514 	if (flags & IFF_BROADCAST) {
3515 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3516 		if (ioctl(s, SIOCGLIFBRDADDR, (caddr_t)&lifr) < 0) {
3517 			if (errno == EADDRNOTAVAIL)
3518 				(void) memset(&lifr.lifr_addr, 0,
3519 				    sizeof (lifr.lifr_addr));
3520 			else
3521 			    Perror0_exit("in_configinfo: SIOCGLIFBRDADDR");
3522 		}
3523 		sin = (struct sockaddr_in *)&lifr.lifr_addr;
3524 		if (sin->sin_addr.s_addr != 0) {
3525 			(void) printf(" broadcast %s ",
3526 			    inet_ntoa(sin->sin_addr));
3527 		}
3528 	}
3529 
3530 	/* If there is a groupname, print it for lun 0 alone */
3531 	if (get_lun(name) == 0) {
3532 		(void) memset(lifr.lifr_groupname, 0,
3533 		    sizeof (lifr.lifr_groupname));
3534 		if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) {
3535 			if (strlen(lifr.lifr_groupname) > 0) {
3536 				(void) printf(" group %s ",
3537 				    lifr.lifr_groupname);
3538 			}
3539 		}
3540 	}
3541 
3542 	/* Print flags to configure */
3543 	print_config_flags(flags);
3544 
3545 	/* IFF_NOARP applies to AF_INET only */
3546 	if (flags & IFF_NOARP) {
3547 		(void) printf("-arp ");
3548 	}
3549 }
3550 
3551 static void
3552 in6_configinfo(int force, uint64_t flags)
3553 {
3554 	char abuf[INET6_ADDRSTRLEN];
3555 	struct sockaddr_in6 *sin6, *laddr6;
3556 
3557 	if (debug)
3558 		(void) printf("in6_configinfo(%s) flags 0x%llx\n", name,
3559 		    flags);
3560 
3561 	if (!(flags & IFF_IPV6))
3562 		return;
3563 
3564 	if (!(flags & IFF_NOLOCAL)) {
3565 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3566 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
3567 			if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3568 			    errno == ENXIO) {
3569 				if (!force)
3570 					return;
3571 				(void) memset(&lifr.lifr_addr, 0,
3572 				    sizeof (lifr.lifr_addr));
3573 			} else
3574 				Perror0_exit("in6_configinfo: SIOCGLIFADDR");
3575 		}
3576 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3577 		if (get_lun(name) != 0) {
3578 			(void) printf(" addif %s/%d ",
3579 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3580 			    abuf, sizeof (abuf)),
3581 			    lifr.lifr_addrlen);
3582 		} else {
3583 			(void) printf(" set %s/%d ",
3584 			    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3585 			    abuf, sizeof (abuf)),
3586 			    lifr.lifr_addrlen);
3587 		}
3588 		laddr6 = sin6;
3589 	}
3590 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3591 	if (ioctl(s, SIOCGLIFSUBNET, (caddr_t)&lifr) < 0) {
3592 		if (errno == EADDRNOTAVAIL || errno == EAFNOSUPPORT ||
3593 		    errno == ENXIO) {
3594 			if (!force)
3595 				return;
3596 			(void) memset(&lifr.lifr_addr, 0,
3597 			    sizeof (lifr.lifr_addr));
3598 		} else
3599 			Perror0_exit("in6_configinfo: SIOCGLIFSUBNET");
3600 	}
3601 	sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3602 	if ((flags & IFF_NOLOCAL) ||
3603 	    !IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &laddr6->sin6_addr)) {
3604 		(void) printf(" subnet %s/%d ",
3605 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3606 		    abuf, sizeof (abuf)),
3607 		    lifr.lifr_addrlen);
3608 	}
3609 
3610 	if (flags & IFF_POINTOPOINT) {
3611 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3612 		if (ioctl(s, SIOCGLIFDSTADDR, (caddr_t)&lifr) < 0) {
3613 			if (errno == EADDRNOTAVAIL)
3614 				(void) memset(&lifr.lifr_addr, 0,
3615 				    sizeof (lifr.lifr_addr));
3616 			else
3617 			    Perror0_exit("in6_configinfo: SIOCGLIFDSTADDR");
3618 		}
3619 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_dstaddr;
3620 		(void) printf(" destination %s ",
3621 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3622 		    abuf, sizeof (abuf)));
3623 	}
3624 
3625 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3626 	if (ioctl(s, SIOCGLIFTOKEN, (caddr_t)&lifr) < 0) {
3627 		if (errno == EADDRNOTAVAIL || errno == EINVAL)
3628 			(void) memset(&lifr.lifr_addr, 0,
3629 			    sizeof (lifr.lifr_addr));
3630 		else
3631 		    Perror0_exit("in6_configinfo: SIOCGLIFTOKEN");
3632 	} else {
3633 		sin6 = (struct sockaddr_in6 *)&lifr.lifr_addr;
3634 		(void) printf(" token %s/%d ",
3635 		    inet_ntop(AF_INET6, (void *)&sin6->sin6_addr,
3636 		    abuf, sizeof (abuf)),
3637 		    lifr.lifr_addrlen);
3638 	}
3639 
3640 	/* If there is a groupname, print it for lun 0 alone */
3641 	if (get_lun(name) == 0) {
3642 		(void) memset(lifr.lifr_groupname, 0,
3643 		    sizeof (lifr.lifr_groupname));
3644 		if (ioctl(s, SIOCGLIFGROUPNAME, (caddr_t)&lifr) >= 0) {
3645 			if (strlen(lifr.lifr_groupname) > 0) {
3646 				(void) printf(" group %s ",
3647 				    lifr.lifr_groupname);
3648 			}
3649 		}
3650 	}
3651 
3652 	/* Print flags to configure */
3653 	print_config_flags(flags);
3654 
3655 	/* IFF_NONUD applies to AF_INET6 only */
3656 	if (flags & IFF_NONUD) {
3657 		(void) printf("-nud ");
3658 	}
3659 }
3660 
3661 /* ARGSUSED */
3662 static int
3663 get_lun(char *rsrc)
3664 {
3665 	char resource[LIFNAMSIZ];
3666 	char *cp;
3667 
3668 	(void) strcpy(resource, rsrc);
3669 
3670 	/* remove LIF component */
3671 	cp = strchr(resource, ':');
3672 	if (cp) {
3673 		cp++;
3674 		return (atoi(cp));
3675 	}
3676 
3677 	return (0);
3678 }
3679 
3680 /*
3681  * We need to plink both the arp-device stream and the arp-ip-device stream.
3682  * However the muxid is stored only in IP. Plumbing 2 streams individually
3683  * is not atomic, and if ifconfig is killed, the resulting plumbing can
3684  * be inconsistent. For eg. if only the arp stream is plumbed, we have lost
3685  * the muxid, and the half-baked plumbing can neither be unplumbed nor
3686  * replumbed, thus requiring a reboot. To avoid the above the following
3687  * scheme is used.
3688  *
3689  * Ifconfig asks IP to enforce atomicity of plumbing the arp and IP streams.
3690  * This is done by pushing arp on to the mux (/dev/udp). ARP adds some
3691  * extra information in the I_PLINK and I_PUNLINK ioctls to let IP know
3692  * that the plumbing/unplumbing has to be done atomically. Ifconfig plumbs
3693  * the IP stream first, and unplumbs it last. The kernel (IP) does not
3694  * allow IP stream to be unplumbed without unplumbing arp stream. Similarly
3695  * it does not allow arp stream to be plumbed before IP stream is plumbed.
3696  * There is no need to use SIOCSLIFMUXID, since the whole operation is atomic,
3697  * and IP uses the info in the I_PLINK message to get the muxid.
3698  *
3699  * a. STREAMS does not allow us to use /dev/ip itself as the mux. So we use
3700  *    /dev/udp[6].
3701  * b. SIOCGLIFMUXID returns the muxid corresponding to the V4 or V6 stream
3702  *    depending on the open i.e. V4 vs V6 open. So we need to use /dev/udp
3703  *    or /dev/udp6.
3704  * c. We need to push ARP in order to get the required kernel support for
3705  *    atomic plumbings. The actual work done by ARP is explained in arp.c
3706  *    Without pushing ARP, we will still be able to plumb/unplumb. But
3707  *    it is not atomic, and is supported by the kernel for backward
3708  *    compatibility for other utilities like atmifconfig etc. In this case
3709  *    the utility must use SIOCSLIFMUXID.
3710  */
3711 static void
3712 plumb_one_device(dlpi_if_attr_t *diap, int ip_fd, int af)
3713 {
3714 	int	arp_fd = -1;
3715 	int	arp_muxid = -1, ip_muxid;
3716 	int	mux_fd;
3717 	char	*udp_dev_name;
3718 	dlpi_if_attr_t	dia;
3719 
3720 	if (debug)
3721 		(void) printf("plumb_one_device: ifname %s, ppa %d\n",
3722 		    diap->ifname, diap->ppa);
3723 
3724 	if (diap->style == DL_STYLE2 && dlpi_detach(ip_fd, -1) < 0)
3725 		Perror0_exit("dlpi_detach");
3726 
3727 	if (ioctl(ip_fd, I_PUSH, IP_MOD_NAME) == -1)
3728 		Perror2_exit("I_PUSH", IP_MOD_NAME);
3729 
3730 	/*
3731 	 * Push the ARP module onto the interface stream. IP uses
3732 	 * this to send resolution requests up to ARP. We need to
3733 	 * do this before the SLIFNAME ioctl is sent down because
3734 	 * the interface becomes publicly known as soon as the SLIFNAME
3735 	 * ioctl completes. Thus some other process trying to bring up
3736 	 * the interface after SLIFNAME but before we have pushed ARP
3737 	 * could hang. We pop the module again later if it is not needed.
3738 	 */
3739 	if (ioctl(ip_fd, I_PUSH, ARP_MOD_NAME) == -1)
3740 		Perror2_exit("I_PUSH", ARP_MOD_NAME);
3741 
3742 	/*
3743 	 * Set IFF_IPV4/IFF_IPV6 flags.
3744 	 * At this point in time the kernel also allows an
3745 	 * override of the CANTCHANGE flags.
3746 	 */
3747 
3748 	lifr.lifr_name[0] = '\0';
3749 	if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1)
3750 		Perror0_exit("plumb_one_device: SIOCGLIFFLAGS");
3751 
3752 	/* Set the name string and the IFF_IPV* flag */
3753 	if (af == AF_INET6) {
3754 		lifr.lifr_flags |= IFF_IPV6;
3755 		lifr.lifr_flags &= ~(IFF_BROADCAST | IFF_IPV4);
3756 	} else {
3757 		lifr.lifr_flags |= IFF_IPV4;
3758 		lifr.lifr_flags &= ~IFF_IPV6;
3759 	}
3760 
3761 	/* record the device and module names as interface name */
3762 	lifr.lifr_ppa = diap->ppa;
3763 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3764 
3765 	/* set the interface name */
3766 	if (ioctl(ip_fd, SIOCSLIFNAME, (char *)&lifr) == -1) {
3767 		if (errno != EEXIST)
3768 			Perror0_exit("SIOCSLIFNAME for ip");
3769 		/*
3770 		 * This difference between the way we behave for EEXIST
3771 		 * and that with other errors exists to preserve legacy
3772 		 * behaviour. Earlier when foreachinterface() and matcif()
3773 		 * were doing the duplicate interface name checks, for
3774 		 * already existing interfaces, inetplumb() returned "0".
3775 		 * To preserve this behaviour, Perror0() and return are
3776 		 * called for EEXIST.
3777 		 */
3778 		Perror0("SIOCSLIFNAME for ip");
3779 		return;
3780 	}
3781 
3782 	/* Get the full set of existing flags for this stream */
3783 	if (ioctl(ip_fd, SIOCGLIFFLAGS, (char *)&lifr) == -1)
3784 		Perror0_exit("plumb_one_device: SIOCFLIFFLAGS");
3785 
3786 	if (debug) {
3787 		(void) printf("plumb_one_device: %s got flags: \n",
3788 		    lifr.lifr_name);
3789 		print_flags(lifr.lifr_flags);
3790 		(void) putchar('\n');
3791 	}
3792 
3793 	/* Check if arp is not actually needed */
3794 	if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) {
3795 		if (ioctl(ip_fd, I_POP, 0) == -1)
3796 			Perror2_exit("I_POP", ARP_MOD_NAME);
3797 	}
3798 
3799 	/*
3800 	 * Open "/dev/udp" for use as a multiplexor to PLINK the
3801 	 * interface stream under. We use "/dev/udp" instead of "/dev/ip"
3802 	 * since STREAMS will not let you PLINK a driver under itself,
3803 	 * and "/dev/ip" is typically the driver at the bottom of
3804 	 * the stream for tunneling interfaces.
3805 	 */
3806 	if (af == AF_INET6)
3807 		udp_dev_name = UDP6_DEV_NAME;
3808 	else
3809 		udp_dev_name = UDP_DEV_NAME;
3810 	if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1)
3811 		exit(EXIT_FAILURE);
3812 
3813 	/* Check if arp is not needed */
3814 	if (lifr.lifr_flags & (IFF_NOARP|IFF_IPV6)) {
3815 		/*
3816 		 * PLINK the interface stream so that ifconfig can exit
3817 		 * without tearing down the stream.
3818 		 */
3819 		if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) {
3820 			Perror0_exit("I_PLINK for ip");
3821 		}
3822 		(void) close(mux_fd);
3823 		return;
3824 	}
3825 
3826 	/*
3827 	 * This interface does use ARP, so set up a separate stream
3828 	 * from the interface to ARP.
3829 	 *
3830 	 * Note: modules specified by the user are pushed
3831 	 * only on the interface stream, not on the ARP stream.
3832 	 */
3833 
3834 	if (debug)
3835 		(void) printf("plumb_one_device: ifname: %s\n",
3836 		    diap->ifname);
3837 	arp_fd = dlpi_if_open(diap->ifname, &dia, _B_FALSE);
3838 
3839 	if (dia.style == DL_STYLE2 && dlpi_detach(arp_fd, -1) < 0)
3840 		Perror0_exit("dlpi_detach");
3841 
3842 	if (ioctl(arp_fd, I_PUSH, ARP_MOD_NAME) == -1)
3843 		Perror2_exit("I_PUSH", ARP_MOD_NAME);
3844 
3845 	/*
3846 	 * Tell ARP the name and unit number for this interface.
3847 	 * Note that arp has no support for transparent ioctls.
3848 	 */
3849 	if (strioctl(arp_fd, SIOCSLIFNAME, (char *)&lifr,
3850 	    sizeof (lifr)) == -1) {
3851 		if (errno != EEXIST)
3852 			Perror0_exit("SIOCSLIFNAME for arp");
3853 		Perror0("SIOCSLIFNAME for arp");
3854 		(void) close(arp_fd);
3855 		(void) close(mux_fd);
3856 		return;
3857 	}
3858 	/*
3859 	 * PLINK the IP and ARP streams so that ifconfig can exit
3860 	 * without tearing down the stream.
3861 	 */
3862 	if ((ip_muxid = ioctl(mux_fd, I_PLINK, ip_fd)) == -1) {
3863 		Perror0_exit("I_PLINK for ip");
3864 	}
3865 	if ((arp_muxid = ioctl(mux_fd, I_PLINK, arp_fd)) == -1) {
3866 		(void) ioctl(mux_fd, I_PUNLINK, ip_muxid);
3867 		Perror0_exit("I_PLINK for arp");
3868 	}
3869 
3870 	if (debug)
3871 		(void) printf("arp muxid = %d\n", arp_muxid);
3872 	(void) close(arp_fd);
3873 	(void) close(mux_fd);
3874 }
3875 
3876 
3877 /*
3878  * If this is a physical interface then remove it.
3879  * If it is a logical interface name use SIOCLIFREMOVEIF to
3880  * remove it. In both cases fail if it doesn't exist.
3881  */
3882 /* ARGSUSED */
3883 static int
3884 inetunplumb(char *arg, int64_t param)
3885 {
3886 	int ip_muxid, arp_muxid;
3887 	int mux_fd;
3888 	char *udp_dev_name;
3889 	char *strptr;
3890 	uint64_t flags;
3891 	boolean_t changed_arp_muxid = _B_FALSE;
3892 	int save_errno;
3893 
3894 	strptr = strchr(name, ':');
3895 	if (strptr != NULL || strcmp(name, LOOPBACK_IF) == 0) {
3896 		/* Can't unplumb logical interface zero */
3897 		if (strptr != NULL && strcmp(strptr, ":0") == 0) {
3898 			(void) fprintf(stderr, "ifconfig: unplumb:"
3899 			    " Cannot unplumb %s: Invalid interface\n", name);
3900 			exit(1);
3901 		}
3902 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3903 		(void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
3904 
3905 		if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr) < 0)
3906 			Perror0_exit("unplumb: SIOCLIFREMOVEIF");
3907 		return (0);
3908 	}
3909 
3910 	/*
3911 	 * We used /dev/udp or udp6 to set up the mux. So we have to use
3912 	 * the same now for PUNLINK also.
3913 	 */
3914 	if (afp->af_af == AF_INET6)
3915 		udp_dev_name = UDP6_DEV_NAME;
3916 	else
3917 		udp_dev_name = UDP_DEV_NAME;
3918 
3919 	if ((mux_fd = open_arp_on_udp(udp_dev_name)) == -1)
3920 		exit(EXIT_FAILURE);
3921 
3922 	(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
3923 	if (ioctl(mux_fd, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
3924 		Perror0_exit("unplumb: SIOCGLIFFLAGS");
3925 	}
3926 	flags = lifr.lifr_flags;
3927 	if (ioctl(mux_fd, SIOCGLIFMUXID, (caddr_t)&lifr) < 0) {
3928 		Perror0_exit("unplumb: SIOCGLIFMUXID");
3929 	}
3930 	arp_muxid = lifr.lifr_arp_muxid;
3931 	ip_muxid = lifr.lifr_ip_muxid;
3932 	/*
3933 	 * We don't have a good way of knowing whether the arp stream is
3934 	 * plumbed. We can't rely on IFF_NOARP because someone could
3935 	 * have turned it off later using "ifconfig xxx -arp".
3936 	 */
3937 	if (arp_muxid != 0) {
3938 		if (debug)
3939 			(void) printf("arp_muxid %d\n", arp_muxid);
3940 		if (ioctl(mux_fd, I_PUNLINK, arp_muxid) < 0) {
3941 			if ((errno == EINVAL) &&
3942 			    (flags & (IFF_NOARP | IFF_IPV6))) {
3943 				/*
3944 				 * Some plumbing utilities set the muxid to
3945 				 * -1 or some invalid value to signify that
3946 				 * there is no arp stream. Set the muxid to 0
3947 				 * before trying to unplumb the IP stream.
3948 				 * IP does not allow the IP stream to be
3949 				 * unplumbed if it sees a non-null arp muxid,
3950 				 * for consistency of IP-ARP streams.
3951 				 */
3952 				lifr.lifr_arp_muxid = 0;
3953 				(void) ioctl(mux_fd, SIOCSLIFMUXID,
3954 				    (caddr_t)&lifr);
3955 				changed_arp_muxid = _B_TRUE;
3956 			} else {
3957 				Perror0("I_PUNLINK for arp");
3958 			}
3959 		}
3960 	}
3961 	if (debug)
3962 		(void) printf("ip_muxid %d\n", ip_muxid);
3963 
3964 	if (ioctl(mux_fd, I_PUNLINK, ip_muxid) < 0) {
3965 		if (changed_arp_muxid) {
3966 			/*
3967 			 * Some error occurred, and we need to restore
3968 			 * everything back to what it was.
3969 			 */
3970 			save_errno = errno;
3971 			lifr.lifr_arp_muxid = arp_muxid;
3972 			lifr.lifr_ip_muxid = ip_muxid;
3973 			(void) ioctl(mux_fd, SIOCSLIFMUXID, (caddr_t)&lifr);
3974 			errno = save_errno;
3975 		}
3976 		Perror0_exit("I_PUNLINK for ip");
3977 	}
3978 	(void) close(mux_fd);
3979 	return (0);
3980 }
3981 
3982 /*
3983  * If this is a physical interface then create it unless it is already
3984  * present. If it is a logical interface name use SIOCLIFADDIF to
3985  * create and (and fail it if already exists.)
3986  * As a special case send SIOCLIFADDIF for the loopback interface. This
3987  * is needed since there is no other notion of plumbing the loopback
3988  * interface.
3989  */
3990 /* ARGSUSED */
3991 static int
3992 inetplumb(char *arg, int64_t param)
3993 {
3994 	char		*strptr;
3995 	int		dev_fd;
3996 	dlpi_if_attr_t	dia;
3997 	boolean_t	islo;
3998 
3999 	strptr = strchr(name, ':');
4000 	islo = (strcmp(name, LOOPBACK_IF) == 0);
4001 
4002 	if (strptr != NULL || islo) {
4003 		(void) memset(&lifr, 0, sizeof (lifr));
4004 		(void) strlcpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4005 		if (islo && ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) >= 0) {
4006 			if (debug) {
4007 				(void) fprintf(stderr,
4008 				    "ifconfig: %s already exists\n", name);
4009 			}
4010 			return (0);
4011 		}
4012 		if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) {
4013 			if (errno == EEXIST) {
4014 				if (debug) {
4015 					(void) fprintf(stderr,
4016 					    "ifconfig: %s already exists\n",
4017 					    name);
4018 				}
4019 			} else {
4020 				Perror2_exit("plumb: SIOCLIFADDIF", name);
4021 			}
4022 		}
4023 		/*
4024 		 * IP can create the new logical interface on a different
4025 		 * physical interface in the same IPMP group. Take the new
4026 		 * interface into account for further operations.
4027 		 */
4028 		(void) strncpy(name, lifr.lifr_name, sizeof (name));
4029 		return (0);
4030 	}
4031 
4032 	if (debug)
4033 		(void) printf("inetplumb: %s af %d\n", name, afp->af_af);
4034 
4035 	if ((dev_fd = dlpi_if_open(name, &dia, _B_FALSE)) < 0) {
4036 		Perror2_exit("plumb", name);
4037 		/* NOTREACHED */
4038 	}
4039 
4040 	plumb_one_device(&dia, dev_fd, afp->af_af);
4041 	(void) close(dev_fd);
4042 	return (0);
4043 }
4044 
4045 void
4046 Perror0(char *cmd)
4047 {
4048 	int save_errno;
4049 
4050 	save_errno = errno;
4051 	(void) fprintf(stderr, "ifconfig: ");
4052 	errno = save_errno;
4053 	switch (errno) {
4054 
4055 	case ENXIO:
4056 		(void) fprintf(stderr, "%s: %s: no such interface\n",
4057 			cmd, lifr.lifr_name);
4058 		break;
4059 
4060 	case EPERM:
4061 		(void) fprintf(stderr, "%s: %s: permission denied\n",
4062 			cmd, lifr.lifr_name);
4063 		break;
4064 
4065 	case EEXIST:
4066 		(void) fprintf(stderr, "%s: %s: already exists\n",
4067 			cmd, lifr.lifr_name);
4068 		break;
4069 
4070 	default: {
4071 		char buf[BUFSIZ];
4072 
4073 		(void) snprintf(buf, sizeof (buf), "%s: %s",
4074 		    cmd, lifr.lifr_name);
4075 		perror(buf);
4076 	}
4077 	}
4078 }
4079 
4080 void
4081 Perror0_exit(char *cmd)
4082 {
4083 	Perror0(cmd);
4084 	exit(1);
4085 	/* NOTREACHED */
4086 }
4087 
4088 void
4089 Perror2(char *cmd, char *str)
4090 {
4091 	int save_errno;
4092 
4093 	save_errno = errno;
4094 	(void) fprintf(stderr, "ifconfig: ");
4095 	errno = save_errno;
4096 	switch (errno) {
4097 
4098 	case ENXIO:
4099 		(void) fprintf(stderr, "%s: %s: no such interface\n",
4100 			cmd, str);
4101 		break;
4102 
4103 	case EPERM:
4104 		(void) fprintf(stderr, "%s: %s: permission denied\n",
4105 			cmd, str);
4106 		break;
4107 
4108 	default: {
4109 		char buf[BUFSIZ];
4110 
4111 		(void) snprintf(buf, sizeof (buf), "%s: %s", cmd, str);
4112 		perror(buf);
4113 	}
4114 	}
4115 }
4116 
4117 /*
4118  * Print out error message (Perror2()) and exit
4119  */
4120 void
4121 Perror2_exit(char *cmd, char *str)
4122 {
4123 	Perror2(cmd, str);
4124 	exit(1);
4125 	/* NOTREACHED */
4126 }
4127 
4128 /*
4129  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4130  * pass out <n> in *plenp.
4131  * If <n> doesn't parse return BAD_ADDR as *plenp.
4132  * If no /<n> is present return NO_PREFIX as *plenp.
4133  */
4134 static void
4135 in_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4136 {
4137 	struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
4138 	struct hostent *hp;
4139 	struct netent *np;
4140 	char str[BUFSIZ];
4141 	int error_num;
4142 
4143 	(void) strncpy(str, s, sizeof (str));
4144 
4145 	/*
4146 	 * Look for '/'<n> is plenp
4147 	 */
4148 	if (plenp != NULL) {
4149 		char *cp;
4150 
4151 		*plenp = in_getprefixlen(str, _B_TRUE, IP_ABITS);
4152 		if (*plenp == BAD_ADDR)
4153 			return;
4154 		cp = strchr(str, '/');
4155 		if (cp != NULL)
4156 			*cp = '\0';
4157 	} else if (strchr(str, '/') != NULL) {
4158 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4159 		exit(1);
4160 	}
4161 
4162 	(void) memset(sin, 0, sizeof (*sin));
4163 
4164 	/*
4165 	 *	Try to catch attempts to set the broadcast address to all 1's.
4166 	 */
4167 	if (strcmp(str, "255.255.255.255") == 0 ||
4168 	    (strtoul(str, (char **)NULL, 0) == 0xffffffffUL)) {
4169 		sin->sin_family = AF_INET;
4170 		sin->sin_addr.s_addr = 0xffffffff;
4171 		return;
4172 	}
4173 
4174 	hp = getipnodebyname(str, AF_INET, 0, &error_num);
4175 	if (hp) {
4176 		sin->sin_family = hp->h_addrtype;
4177 		(void) memcpy(&sin->sin_addr, hp->h_addr, hp->h_length);
4178 		freehostent(hp);
4179 		return;
4180 	}
4181 	np = getnetbyname(str);
4182 	if (np) {
4183 		sin->sin_family = np->n_addrtype;
4184 		sin->sin_addr = inet_makeaddr(np->n_net, INADDR_ANY);
4185 		return;
4186 	}
4187 	if (error_num == TRY_AGAIN) {
4188 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4189 		    "(try again later)\n", s);
4190 	} else {
4191 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4192 	}
4193 	exit(1);
4194 }
4195 
4196 /*
4197  * If the last argument is non-NULL allow a <addr>/<n> syntax and
4198  * pass out <n> in *plenp.
4199  * If <n> doesn't parse return BAD_ADDR as *plenp.
4200  * If no /<n> is present return NO_PREFIX as *plenp.
4201  */
4202 static void
4203 in6_getaddr(char *s, struct sockaddr *saddr, int *plenp)
4204 {
4205 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
4206 	struct hostent *hp;
4207 	char str[BUFSIZ];
4208 	int error_num;
4209 
4210 	(void) strncpy(str, s, sizeof (str));
4211 
4212 	/*
4213 	 * Look for '/'<n> is plenp
4214 	 */
4215 	if (plenp != NULL) {
4216 		char *cp;
4217 
4218 		*plenp = in_getprefixlen(str, _B_TRUE, IPV6_ABITS);
4219 		if (*plenp == BAD_ADDR)
4220 			return;
4221 		cp = strchr(str, '/');
4222 		if (cp != NULL)
4223 			*cp = '\0';
4224 	} else if (strchr(str, '/') != NULL) {
4225 		(void) fprintf(stderr, "ifconfig: %s: unexpected '/'\n", str);
4226 		exit(1);
4227 	}
4228 
4229 	(void) memset(sin6, 0, sizeof (*sin6));
4230 
4231 	hp = getipnodebyname(str, AF_INET6, 0, &error_num);
4232 	if (hp) {
4233 		sin6->sin6_family = hp->h_addrtype;
4234 		(void) memcpy(&sin6->sin6_addr, hp->h_addr, hp->h_length);
4235 		freehostent(hp);
4236 		return;
4237 	}
4238 	if (error_num == TRY_AGAIN) {
4239 		(void) fprintf(stderr, "ifconfig: %s: bad address "
4240 		    "(try again later)\n", s);
4241 	} else {
4242 		(void) fprintf(stderr, "ifconfig: %s: bad address\n", s);
4243 	}
4244 	exit(1);
4245 }
4246 
4247 /*
4248  * If "slash" is zero this parses the whole string as
4249  * an integer. With "slash" non zero it parses the tail part as an integer.
4250  *
4251  * If it is not a valid integer this returns BAD_ADDR.
4252  * If there is /<n> present this returns NO_PREFIX.
4253  */
4254 static int
4255 in_getprefixlen(char *addr, boolean_t slash, int max_plen)
4256 {
4257 	int prefixlen;
4258 	char *str, *end;
4259 
4260 	if (slash) {
4261 		str = strchr(addr, '/');
4262 		if (str == NULL)
4263 			return (NO_PREFIX);
4264 		str++;
4265 	} else
4266 		str = addr;
4267 
4268 	prefixlen = strtol(str, &end, 10);
4269 	if (prefixlen < 0)
4270 		return (BAD_ADDR);
4271 	if (str == end)
4272 		return (BAD_ADDR);
4273 	if (max_plen != 0 && max_plen < prefixlen)
4274 		return (BAD_ADDR);
4275 	return (prefixlen);
4276 }
4277 
4278 /*
4279  * Convert a prefix length to a mask.
4280  * Returns 1 if ok. 0 otherwise.
4281  * Assumes the mask array is zero'ed by the caller.
4282  */
4283 static boolean_t
4284 in_prefixlentomask(int prefixlen, int maxlen, uchar_t *mask)
4285 {
4286 	if (prefixlen < 0 || prefixlen > maxlen)
4287 		return (0);
4288 
4289 	while (prefixlen > 0) {
4290 		if (prefixlen >= 8) {
4291 			*mask++ = 0xFF;
4292 			prefixlen -= 8;
4293 			continue;
4294 		}
4295 		*mask |= 1 << (8 - prefixlen);
4296 		prefixlen--;
4297 	}
4298 	return (1);
4299 }
4300 
4301 static void
4302 print_flags(uint64_t flags)
4303 {
4304 	boolean_t first = _B_TRUE;
4305 	int cnt, i;
4306 
4307 	(void) printf("flags=%llx", flags);
4308 	cnt = sizeof (if_flags_tbl) / sizeof (if_flags_t);
4309 	for (i = 0; i < cnt; i++) {
4310 		if (flags & if_flags_tbl[i].iff_value) {
4311 			if (first) {
4312 				(void) printf("<");
4313 				first = _B_FALSE;
4314 			} else {
4315 				/*
4316 				 * It has to be here and not with the
4317 				 * printf below because for the last one,
4318 				 * we don't want a comma before the ">".
4319 				 */
4320 				(void) printf(",");
4321 			}
4322 			(void) printf("%s", if_flags_tbl[i].iff_name);
4323 		}
4324 	}
4325 	if (!first)
4326 		(void) printf(">");
4327 }
4328 
4329 static void
4330 print_config_flags(uint64_t flags)
4331 {
4332 	int cnt, i;
4333 
4334 	cnt = sizeof (if_config_cmd_tbl) / sizeof (if_config_cmd_t);
4335 	for (i = 0; i < cnt; i++) {
4336 		if (flags & if_config_cmd_tbl[i].iff_flag) {
4337 			(void) printf("%s ", if_config_cmd_tbl[i].iff_name);
4338 		}
4339 	}
4340 }
4341 
4342 /*
4343  * Use the configured directory lookup mechanism (e.g. files/NIS/NIS+/...)
4344  * to find the network mask.  Returns true if we found one to set.
4345  *
4346  * The parameter addr_set controls whether we should get the address of
4347  * the working interface for the netmask query.  If addr_set is true,
4348  * we will use the address provided.  Otherwise, we will find the working
4349  * interface's address and use it instead.
4350  */
4351 static boolean_t
4352 in_getmask(struct sockaddr_in *saddr, boolean_t addr_set)
4353 {
4354 	struct sockaddr_in ifaddr;
4355 
4356 	/*
4357 	 * Read the address from the interface if it is not passed in.
4358 	 */
4359 	if (!addr_set) {
4360 		(void) strncpy(lifr.lifr_name, name, sizeof (lifr.lifr_name));
4361 		if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
4362 			if (errno != EADDRNOTAVAIL) {
4363 				(void) fprintf(stderr, "Need net number for "
4364 				    "mask\n");
4365 			}
4366 			return (_B_FALSE);
4367 		}
4368 		ifaddr = *((struct sockaddr_in *)&lifr.lifr_addr);
4369 	} else {
4370 		ifaddr.sin_addr = saddr->sin_addr;
4371 	}
4372 	if (getnetmaskbyaddr(ifaddr.sin_addr, &saddr->sin_addr) == 0) {
4373 		saddr->sin_family = AF_INET;
4374 		return (_B_TRUE);
4375 	}
4376 	return (_B_FALSE);
4377 }
4378 
4379 static int
4380 strioctl(int s, int cmd, char *buf, int buflen)
4381 {
4382 	struct strioctl ioc;
4383 
4384 	(void) memset(&ioc, 0, sizeof (ioc));
4385 	ioc.ic_cmd = cmd;
4386 	ioc.ic_timout = 0;
4387 	ioc.ic_len = buflen;
4388 	ioc.ic_dp = buf;
4389 	return (ioctl(s, I_STR, (char *)&ioc));
4390 }
4391 
4392 static void
4393 add_ni(char *name)
4394 {
4395 	ni_t **pp;
4396 	ni_t *p;
4397 
4398 	for (pp = &ni_list; (p = *pp) != NULL; pp = &(p->ni_next)) {
4399 		if (strcmp(p->ni_name, name) == 0) {
4400 			if (debug > 2)
4401 				(void) fprintf(stderr, "'%s' is a duplicate\n",
4402 				    name);
4403 			return;
4404 		}
4405 	}
4406 
4407 	if (debug > 2)
4408 		(void) fprintf(stderr, "adding '%s'\n",
4409 		    name);
4410 
4411 	if ((p = malloc(sizeof (ni_t))) == NULL)
4412 		return;
4413 
4414 	(void) strlcpy(p->ni_name, name, sizeof (p->ni_name));
4415 	p->ni_next = NULL;
4416 
4417 	*pp = p;
4418 	num_ni++;
4419 }
4420 
4421 /* ARGSUSED2 */
4422 static int
4423 devfs_entry(di_node_t node, di_minor_t minor, void *arg)
4424 {
4425 	char *provider;
4426 	int fd;
4427 	uint_t ppa;
4428 	dl_info_ack_t dlia;
4429 	char ifname[LIFNAMSIZ];
4430 
4431 	provider = di_minor_name(minor);
4432 
4433 	if (strlen(provider) > LIFNAMSIZ)
4434 		return (DI_WALK_CONTINUE);
4435 
4436 	if (debug > 2)
4437 		fprintf(stderr, "provider = %s\n", provider);
4438 
4439 	if ((fd = dlpi_open(provider)) < 0)
4440 		return (DI_WALK_CONTINUE);
4441 
4442 	if (debug > 2)
4443 		fprintf(stderr, "getting DL_INFO_ACK\n");
4444 
4445 	if (dlpi_info(fd, -1, &dlia, NULL, NULL, NULL, NULL, NULL, NULL) < 0)
4446 		goto done;
4447 
4448 	if (dlia.dl_provider_style == DL_STYLE1) {
4449 		if (debug > 2)
4450 			fprintf(stderr, "provider is DL_STYLE1\n");
4451 		add_ni(provider);
4452 		goto done;
4453 	}
4454 
4455 	if (debug > 2)
4456 		fprintf(stderr, "provider is DL_STYLE2\n");
4457 
4458 	if (di_minor_type(minor) != DDM_ALIAS) {
4459 		if (debug > 2)
4460 			(void) fprintf(stderr,
4461 			    "non-alias node, ignoring\n");
4462 		goto done;
4463 	}
4464 
4465 	if (debug > 2)
4466 		(void) fprintf(stderr,
4467 		    "alias node, using instance\n");
4468 	ppa = di_instance(node);
4469 
4470 	if (dlpi_attach(fd, -1, ppa) < 0) {
4471 		if (debug > 2)
4472 			(void) fprintf(stderr,
4473 			    "non-existent PPA, ignoring\n");
4474 		goto done;
4475 	}
4476 
4477 	(void) snprintf(ifname, LIFNAMSIZ, "%s%d", provider, ppa);
4478 	add_ni(ifname);
4479 
4480 done:
4481 	(void) dlpi_close(fd);
4482 	return (DI_WALK_CONTINUE);
4483 }
4484 
4485 /*
4486  * dhcp-related routines
4487  */
4488 
4489 static int
4490 setifdhcp(const char *caller, const char *ifname, int argc, char *argv[])
4491 {
4492 	dhcp_ipc_request_t	*request;
4493 	dhcp_ipc_reply_t	*reply	= NULL;
4494 	int			timeout = DHCP_IPC_WAIT_DEFAULT;
4495 	dhcp_ipc_type_t		type	= DHCP_START;
4496 	int			error;
4497 	boolean_t		is_primary = _B_FALSE;
4498 	boolean_t		started = _B_FALSE;
4499 
4500 	for (argv++; --argc > 0; argv++) {
4501 
4502 		if (strcmp(*argv, "primary") == 0) {
4503 			is_primary = _B_TRUE;
4504 			continue;
4505 		}
4506 
4507 		if (strcmp(*argv, "wait") == 0) {
4508 			if (--argc <= 0) {
4509 				usage();
4510 				return (DHCP_EXIT_BADARGS);
4511 			}
4512 			argv++;
4513 
4514 			if (strcmp(*argv, "forever") == 0) {
4515 				timeout = DHCP_IPC_WAIT_FOREVER;
4516 				continue;
4517 			}
4518 
4519 			if (sscanf(*argv, "%d", &timeout) != 1) {
4520 				usage();
4521 				return (DHCP_EXIT_BADARGS);
4522 			}
4523 
4524 			if (timeout < 0) {
4525 				usage();
4526 				return (DHCP_EXIT_BADARGS);
4527 			}
4528 			continue;
4529 		}
4530 
4531 		type = dhcp_string_to_request(*argv);
4532 		if (type == -1) {
4533 			usage();
4534 			return (DHCP_EXIT_BADARGS);
4535 		}
4536 	}
4537 
4538 	/*
4539 	 * Only try to start agent on start or inform; in all other cases it
4540 	 * has to already be running for anything to make sense.
4541 	 */
4542 	if (type == DHCP_START || type == DHCP_INFORM) {
4543 		if (dhcp_start_agent(DHCP_IPC_MAX_WAIT) == -1) {
4544 			(void) fprintf(stderr, "%s: unable to start %s\n",
4545 			    caller, DHCP_AGENT_PATH);
4546 			return (DHCP_EXIT_FAILURE);
4547 		}
4548 		started = _B_TRUE;
4549 	}
4550 
4551 	if (is_primary)
4552 		type = type | DHCP_PRIMARY;
4553 
4554 	request = dhcp_ipc_alloc_request(type, ifname, NULL, 0, DHCP_TYPE_NONE);
4555 	if (request == NULL) {
4556 		(void) fprintf(stderr, "%s: out of memory\n", caller);
4557 		return (DHCP_EXIT_SYSTEM);
4558 	}
4559 
4560 	error = dhcp_ipc_make_request(request, &reply, timeout);
4561 	if (error != 0) {
4562 		free(request);
4563 		/*
4564 		 * Re-map connect error to not under control if we didn't try a
4565 		 * start operation, as this has to be true and results in a
4566 		 * clearer message, not to mention preserving compatibility
4567 		 * with the days when we always started dhcpagent for every
4568 		 * request.
4569 		 */
4570 		if (error == DHCP_IPC_E_CONNECT && !started)
4571 			error = DHCP_IPC_E_UNKIF;
4572 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4573 		    dhcp_ipc_strerror(error));
4574 		return (DHCP_EXIT_FAILURE);
4575 	}
4576 
4577 	error = reply->return_code;
4578 	if (error != 0) {
4579 		free(request);
4580 		free(reply);
4581 
4582 		if (error == DHCP_IPC_E_TIMEOUT && timeout == 0)
4583 			return (DHCP_EXIT_SUCCESS);
4584 
4585 		(void) fprintf(stderr, "%s: %s: %s\n", caller, ifname,
4586 		    dhcp_ipc_strerror(error));
4587 
4588 		if (error == DHCP_IPC_E_TIMEOUT)
4589 			return (DHCP_EXIT_TIMEOUT);
4590 		else
4591 			return (DHCP_EXIT_IF_FAILURE);
4592 	}
4593 
4594 	if (DHCP_IPC_CMD(type) == DHCP_STATUS) {
4595 		(void) printf("%s", dhcp_status_hdr_string());
4596 		(void) printf("%s", dhcp_status_reply_to_string(reply));
4597 	}
4598 
4599 	free(request);
4600 	free(reply);
4601 	return (DHCP_EXIT_SUCCESS);
4602 }
4603 
4604 static void
4605 usage(void)
4606 {
4607 	(void) fprintf(stderr,
4608 	    "usage: ifconfig <interface> | -a[ 4 | 6 | D ][ u | d ][ Z ]\n");
4609 
4610 	(void) fprintf(stderr, "%s",
4611 	    "\t[ <addr_family> ]\n"
4612 	    "\t[ <address>[/<prefix_length>] [ <dest_address> ] ]\n"
4613 	    "\t[ set [ <address>][/<prefix_length>] ]"
4614 	    " [ <address>/<prefix_length>] ]\n"
4615 	    "\t[ destination <dest_address> ]\n"
4616 	    "\t[ addif <address>[/<prefix_length>]"
4617 	    "  [ <dest_address> ] ]\n"
4618 	    "\t[ removeif <address>[/<prefix_length>] ]\n"
4619 	    "\t[ arp | -arp ]\n"
4620 	    "\t[ auto-revarp ]\n"
4621 	    "\t[ broadcast <broad_addr> ]\n"
4622 	    "\t[ index <if_index> ]\n"
4623 	    "\t[ metric <n> ] [ mtu <n> ]\n"
4624 	    "\t[ netmask <mask> ]\n"
4625 	    "\t[ plumb ] [ unplumb ]\n"
4626 	    "\t[ preferred | -preferred ]\n"
4627 	    "\t[ private | -private ]\n"
4628 	    "\t[ local | -local ]\n"
4629 	    "\t[ router | -router ]\n"
4630 	    "\t[ subnet <subnet_address>]\n"
4631 	    "\t[ trailers | -trailers ]\n"
4632 	    "\t[ token <address>/<prefix_length> ]\n"
4633 	    "\t[ tsrc <tunnel_src_address> ]\n"
4634 	    "\t[ tdst <tunnel_dest_address> ]\n"
4635 	    "\t[ auth_algs <tunnel_AH_authentication_algorithm> ]\n"
4636 	    "\t[ encr_algs <tunnel_ESP_encryption_algorithm> ]\n"
4637 	    "\t[ encr_auth_algs <tunnel_ESP_authentication_algorithm> ]\n"
4638 	    "\t[ up ] [ down ]\n"
4639 	    "\t[ xmit | -xmit ]\n"
4640 	    "\t[ modlist ]\n"
4641 	    "\t[ modinsert <module_name@position> ]\n"
4642 	    "\t[ modremove <module_name@position> ]\n"
4643 	    "\t[ group <groupname>] | [ group \"\"]\n"
4644 	    "\t[ deprecated | -deprecated ]\n"
4645 	    "\t[ standby | -standby ]\n"
4646 	    "\t[ failover | -failover ]\n"
4647 	    "\t[ zone <zonename> | -zone ]\n"
4648 	    "\t[ usesrc <interface> ]\n"
4649 	    "\t[ all-zones ]\n");
4650 
4651 	(void) fprintf(stderr, "or\n");
4652 	(void) fprintf(stderr,
4653 	    "\tifconfig <interface> |  -a[ 4 | 6 | D ] [ u | d ]\n");
4654 
4655 	(void) fprintf(stderr, "%s", "\tauto-dhcp | dhcp\n"
4656 	    "\t[ wait <time> | forever ]\n\t[ primary ]\n"
4657 	    "\tstart | drop | ping | release | status | inform\n");
4658 }
4659