xref: /onnv-gate/usr/src/lib/libnsl/nss/netdir_inet.c (revision 1914)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * This is where we have chosen to combine every useful bit of code for
 * all the Solaris frontends to lookup hosts, services, and netdir information
 * for inet family (udp, tcp) transports. gethostbyYY(), getservbyYY(), and
 * netdir_getbyYY() are all implemented on top of this code. Similarly,
 * netdir_options, taddr2uaddr, and uaddr2taddr for inet transports also
 * find a home here.
 *
 * If the netconfig structure supplied has NO nametoaddr libs (i.e. a "-"
 * in /etc/netconfig), this code calls the name service switch, and
 * therefore, /etc/nsswitch.conf is effectively the only place that
 * dictates hosts/serv lookup policy.
 * If an administrator chooses to bypass the name service switch by
 * specifying third party supplied nametoaddr libs in /etc/netconfig, this
 * implementation does NOT call the name service switch, it merely loops
 * through the nametoaddr libs. In this case, if this code was called
 * from gethost/servbyYY() we marshal the inet specific struct into
 * transport independent netbuf or hostserv, and unmarshal the resulting
 * nd_addrlist or hostservlist back into hostent and servent, as the case
 * may be.
 *
 * Goes without saying that most of the future bugs in gethost/servbyYY
 * and netdir_getbyYY are lurking somewhere here.
 */

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include "mt.h"
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stropts.h>
#include <sys/types.h>
#include <sys/byteorder.h>
#include <sys/ioctl.h>
#include <sys/param.h>
#include <sys/time.h>
#include <errno.h>
#include <fcntl.h>
#include <thread.h>
#include <synch.h>
#include <sys/utsname.h>
#include <netdb.h>
#include <netconfig.h>
#include <netdir.h>
#include <tiuser.h>
#include <sys/socket.h>
#include <sys/sockio.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <inet/ip.h>
#include <inet/ip6_asp.h>
#include <sys/dlpi.h>
#include <nss_dbdefs.h>
#include <nss_netdir.h>
#include <syslog.h>
#include <nsswitch.h>
#include "nss.h"

#define	MAXIFS 32
#define	UDPDEV	"/dev/udp"
#define	UDP6DEV	"/dev/udp6"

#ifdef PIC
#define	DOOR_GETHOSTBYNAME_R	_door_gethostbyname_r
#define	DOOR_GETHOSTBYADDR_R	_door_gethostbyaddr_r
#define	DOOR_GETIPNODEBYNAME_R	_door_getipnodebyname_r
#define	DOOR_GETIPNODEBYADDR_R	_door_getipnodebyaddr_r
#else
#define	DOOR_GETHOSTBYNAME_R	_switch_gethostbyname_r
#define	DOOR_GETHOSTBYADDR_R	_switch_gethostbyaddr_r
#define	DOOR_GETIPNODEBYNAME_R	_switch_getipnodebyname_r
#define	DOOR_GETIPNODEBYADDR_R	_switch_getipnodebyaddr_r
#endif /* PIC */

#define	DONT_SORT	"SORT_ADDRS=NO"
#define	DONT_SORT2	"SORT_ADDRS=FALSE"
#define	LINESIZE	100

/*
 * constant values of addresses for HOST_SELF_BIND, HOST_SELF_CONNECT
 * and localhost.
 *
 * The following variables are static to the extent that they should
 * not be visible outside of this file.
 */
static char *localaddr[] = {"\000\000\000\000", NULL};
static char *connectaddr[] = {"\177\000\000\001", NULL};
static char *localaddr6[] =
{"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", NULL};
static char *connectaddr6[] =
{"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001", NULL};

/* IPv4 nd_addrlist */
static mutex_t	nd_addr_lock = DEFAULTMUTEX;
static struct sockaddr_in sa_con;
static struct netbuf nd_conbuf = {sizeof (sa_con),\
    sizeof (sa_con), (char *)&sa_con};
static struct nd_addrlist nd_conaddrlist = {1, &nd_conbuf};

/* IPv6 nd_addrlist */
static mutex_t	nd6_addr_lock = DEFAULTMUTEX;
static struct sockaddr_in6 sa6_con;
static struct netbuf nd6_conbuf = {sizeof (sa6_con),\
	sizeof (sa6_con), (char *)&sa6_con};
static struct nd_addrlist nd6_conaddrlist = {1, &nd6_conbuf};

#define	LOCALHOST "localhost"

struct servent *_switch_getservbyname_r(const char *, const char *,
    struct servent *, char *, int);
struct servent *_switch_getservbyport_r(int, const char *, struct servent *,
    char *, int);

static int __herrno2netdir(int h_errnop);
static struct ifinfo *get_local_info(void);
static int getbroadcastnets(struct netconfig *, struct in_addr **);
static int hent2ndaddr(int, char **, int *, struct nd_addrlist **);
static int ndaddr2hent(int, const char *, struct nd_addrlist *,
    struct hostent *, char *, int);
static int hsents2ndhostservs(struct hostent *, struct servent *, ushort_t,
    struct nd_hostservlist **);
static int ndaddr2srent(const char *, const char *, ushort_t, struct servent *,
    char *, int);
static int ndhostserv2hent(struct netbuf *, struct nd_hostservlist *,
    struct hostent *, char *, int);
static int ndhostserv2srent(int, const char *, struct nd_hostservlist *,
    struct servent *, char *, int);
static int nd2herrno(int nerr);
static void order_haddrlist_inet(char **haddrlist, size_t addrcount);
static void order_haddrlist_inet6(char **haddrlist, size_t addrcount);
static int dstcmp(const void *, const void *);
static int nss_strioctl(int af, int cmd, void *ptr, int ilen);
static struct in_addr _inet_makeaddr(in_addr_t, in_addr_t);
static boolean_t _read_nsw_file(void);

/*
 * Begin: PART I
 * Top Level Interfaces that gethost/serv/netdir funnel through.
 */

/*
 * gethost/servbyname always call this function; if they call
 * with nametoaddr libs in nconf, we call netdir_getbyname
 * implementation: __classic_netdir_getbyname, otherwise nsswitch.
 *
 * netdir_getbyname calls this only if nametoaddr libs are NOT
 * specified for inet transports; i.e. it's supposed to follow
 * the name service switch.
 */
int
_get_hostserv_inetnetdir_byname(struct netconfig *nconf,
    struct nss_netdirbyname_in *args, union nss_netdirbyname_out *res)
{
	int	server_port;
	int *servp = &server_port;
	char	**haddrlist;
	uint32_t dotnameaddr;
	char	*dotnamelist[2];
	struct in_addr	*inaddrs = NULL;
	struct in6_addr	v6nameaddr;
	char	**baddrlist = NULL;


	if (nconf == NULL) {
		_nderror = ND_BADARG;
		return (ND_BADARG);
	}

	/*
	 * 1. gethostbyname()/netdir_getbyname() special cases:
	 */
	switch (args->op_t) {

		case NSS_HOST:
		/*
		 * Worth the performance gain -- assuming a lot of inet apps
		 * actively use "localhost".
		 */
		if (strcmp(args->arg.nss.host.name, LOCALHOST) == 0) {

			(void) mutex_lock(&nd_addr_lock);
			IN_SET_LOOPBACK_ADDR(&sa_con);
			_nderror = ndaddr2hent(AF_INET, args->arg.nss.host.name,
			    &nd_conaddrlist, res->nss.host.hent,
			    args->arg.nss.host.buf,
			    args->arg.nss.host.buflen);
			(void) mutex_unlock(&nd_addr_lock);
			if (_nderror != ND_OK)
				*(res->nss.host.herrno_p) =
				    nd2herrno(_nderror);
			return (_nderror);
		}
		/*
		 * If the caller passed in a dot separated IP notation to
		 * gethostbyname, return that back as the address.
		 * The nd_addr_lock mutex was added to be truely re-entrant.
		 */
		if (inet_aton(args->arg.nss.host.name,
		    (struct in_addr *)&dotnameaddr)) {
			(void) mutex_lock(&nd_addr_lock);
			(void) memset(&sa_con, 0, sizeof (sa_con));
			sa_con.sin_family = AF_INET;
			sa_con.sin_addr.s_addr = dotnameaddr;
			_nderror = ndaddr2hent(AF_INET, args->arg.nss.host.name,
			    &nd_conaddrlist, res->nss.host.hent,
			    args->arg.nss.host.buf,
			    args->arg.nss.host.buflen);
			(void) mutex_unlock(&nd_addr_lock);
			if (_nderror != ND_OK)
				*(res->nss.host.herrno_p) =
				    nd2herrno(_nderror);
			return (_nderror);
		}
		break;

		case NSS_HOST6:
		/*
		 * Handle case of literal address string.
		 */
		if (strchr(args->arg.nss.host6.name, ':') != NULL &&
		    (inet_pton(AF_INET6, args->arg.nss.host6.name,
		    &v6nameaddr) != 0)) {
			int	ret;

			(void) mutex_lock(&nd6_addr_lock);
			(void) memset(&sa6_con, 0, sizeof (sa6_con));
			sa6_con.sin6_family = AF_INET6;
			(void) memcpy(&(sa6_con.sin6_addr.s6_addr),
			    &v6nameaddr, sizeof (struct in6_addr));
			ret = ndaddr2hent(AF_INET6,
			    args->arg.nss.host6.name,
			    &nd6_conaddrlist, res->nss.host.hent,
			    args->arg.nss.host6.buf,
			    args->arg.nss.host6.buflen);
			(void) mutex_unlock(&nd6_addr_lock);
			if (ret != ND_OK)
				*(res->nss.host.herrno_p) = nd2herrno(ret);
			else
				res->nss.host.hent->h_aliases = NULL;
			return (ret);
		}
		break;

		case NETDIR_BY:
			if (args->arg.nd_hs == 0) {
				_nderror = ND_BADARG;
				return (ND_BADARG);
			}
			/*
			 * If servname is NULL, return 0 as the port number
			 * If servname is rpcbind, return 111 as the port number
			 * If servname is a number, return it back as the port
			 * number.
			 */
			if (args->arg.nd_hs->h_serv == 0) {
				*servp = htons(0);
			} else if (strcmp(args->arg.nd_hs->h_serv, "rpcbind")
									== 0) {
				*servp = htons(111);
			} else if (strspn(args->arg.nd_hs->h_serv, "0123456789")
				    == strlen(args->arg.nd_hs->h_serv)) {
				*servp = htons(atoi(args->arg.nd_hs->h_serv));
			} else {
				/* i.e. need to call a name service on this */
				servp = NULL;
			}

			/*
			 * If the hostname is HOST_SELF_BIND, we return 0.0.0.0
			 * so the  binding can be contacted through all
			 * interfaces. If the hostname is HOST_SELF_CONNECT,
			 * we return 127.0.0.1 so the address can be connected
			 * to locally. If the hostname is HOST_ANY, we return
			 * no addresses because IP doesn't know how to specify
			 * a service without a host. And finally if we specify
			 * HOST_BROADCAST then we ask a tli fd to tell us what
			 * the broadcast addresses are for any udp
			 * interfaces on this machine.
			 */
			if (args->arg.nd_hs->h_host == 0) {
				_nderror = ND_NOHOST;
				return (ND_NOHOST);
			} else if ((strcmp(args->arg.nd_hs->h_host,
			    HOST_SELF_BIND) == 0)) {
				haddrlist = localaddr;
			} else if ((strcmp(args->arg.nd_hs->h_host,
					    HOST_SELF_CONNECT) == 0)) {
				haddrlist = connectaddr;
			} else if ((strcmp(args->arg.nd_hs->h_host,
					    LOCALHOST) == 0)) {
				haddrlist = connectaddr;
			} else if ((int)(dotnameaddr =
				    inet_addr(args->arg.nd_hs->h_host)) != -1) {
				/*
				 * If the caller passed in a dot separated IP
				 * notation to netdir_getbyname, convert that
				 * back into address.
				 */

				dotnamelist[0] = (char *)&dotnameaddr;
				dotnamelist[1] = NULL;
				haddrlist = dotnamelist;
			} else if ((strcmp(args->arg.nd_hs->h_host,
					    HOST_BROADCAST) == 0)) {
				/*
				 * Now that inaddrs and baddrlist are
				 * dynamically allocated, care must be
				 * taken in freeing up the
				 * memory at each 'return()' point.
				 *
				 * Early return protection (using
				 * FREE_return()) is needed only in NETDIR_BY
				 * cases because dynamic allocation is used
				 * when args->op_t == NETDIR_BY.
				 *
				 * Early return protection is not needed in
				 * haddrlist==0 conditionals because dynamic
				 * allocation guarantees haddrlist!=0.
				 *
				 * Early return protection is not needed in most
				 * servp!=0 conditionals because this is handled
				 * (and returned) first.
				 */
#define	FREE_return(ret) \
				{ \
				    if (inaddrs) \
					    free(inaddrs); \
					    if (baddrlist) \
						    free(baddrlist); \
						    _nderror = ret; \
						    return (ret); \
				}
				int i, bnets;

				bnets = getbroadcastnets(nconf, &inaddrs);
				if (bnets == 0) {
					_nderror = ND_NOHOST;
					return (ND_NOHOST);
				}
				baddrlist = malloc((bnets+1)*sizeof (char *));
				if (baddrlist == NULL)
					FREE_return(ND_NOMEM);
				for (i = 0; i < bnets; i++)
					baddrlist[i] = (char *)&inaddrs[i];
				baddrlist[i] = NULL;
				haddrlist = baddrlist;
			} else {
				/* i.e. need to call a name service on this */
				haddrlist = 0;
			}

			if (haddrlist && servp) {
				int ret;
				/*
				 * Convert h_addr_list into nd_addrlist.
				 * malloc's will be done, freed using
				 * netdir_free.
				 */
				ret = hent2ndaddr(AF_INET, haddrlist, servp,
					    res->nd_alist);
				FREE_return(ret)
				}
			break;


		case NETDIR_BY6:
			if (args->arg.nd_hs == 0) {
				_nderror = ND_BADARG;
				return (ND_BADARG);
			}
			/*
			 * If servname is NULL, return 0 as the port number.
			 * If servname is rpcbind, return 111 as the port number
			 * If servname is a number, return it back as the port
			 * number.
			 */
			if (args->arg.nd_hs->h_serv == 0) {
				*servp = htons(0);
			} else if (strcmp(args->arg.nd_hs->h_serv,
				    "rpcbind") == 0) {
				*servp = htons(111);
			} else if (strspn(args->arg.nd_hs->h_serv, "0123456789")
				    == strlen(args->arg.nd_hs->h_serv)) {
				*servp = htons(atoi(args->arg.nd_hs->h_serv));
			} else {
				/* i.e. need to call a name service on this */
				servp = NULL;
			}

			/*
			 * If the hostname is HOST_SELF_BIND, we return ipv6
			 * localaddress so the binding can be contacted through
			 * all interfaces.
			 * If the hostname is HOST_SELF_CONNECT, we return
			 * ipv6 loopback address so the address can be connected
			 * to locally.
			 * If the hostname is HOST_ANY, we return no addresses
			 * because IP doesn't know how to specify a service
			 * without a host.
			 * And finally if we specify HOST_BROADCAST then we
			 * disallow since IPV6 does not have any
			 * broadcast concept.
			 */
			if (args->arg.nd_hs->h_host == 0) {
				return (ND_NOHOST);
			} else if ((strcmp(args->arg.nd_hs->h_host,
					    HOST_SELF_BIND) == 0)) {
				haddrlist = localaddr6;
			} else if ((strcmp(args->arg.nd_hs->h_host,
					    HOST_SELF_CONNECT) == 0)) {
				haddrlist = connectaddr6;
			} else if ((strcmp(args->arg.nd_hs->h_host,
					    LOCALHOST) == 0)) {
				haddrlist = connectaddr6;
			} else if (strchr(args->arg.nd_hs->h_host, ':')
						    != NULL) {

			/*
			 * If the caller passed in a dot separated IP notation
			 * to netdir_getbyname, convert that back into address.
			 */

				if ((inet_pton(AF_INET6,
					    args->arg.nd_hs->h_host,
					    &v6nameaddr)) != 0) {
					dotnamelist[0] = (char *)&v6nameaddr;
					dotnamelist[1] = NULL;
					haddrlist = dotnamelist;
				}
				else
					/* not sure what to return */
					return (ND_NOHOST);

			} else if ((strcmp(args->arg.nd_hs->h_host,
				    HOST_BROADCAST) == 0)) {
				/*
				 * Don't support broadcast in
				 * IPV6
				 */
				return (ND_NOHOST);
			} else {
				/* i.e. need to call a name service on this */
				haddrlist = 0;
			}

			if (haddrlist && servp) {
				int ret;
				/*
				 * Convert h_addr_list into nd_addrlist.
				 * malloc's will be done, freed
				 * using netdir_free.
				 */
				ret = hent2ndaddr(AF_INET6, haddrlist,
				    servp, res->nd_alist);
				FREE_return(ret)
				}
			break;


	}

	/*
	 * 2. Most common scenario. This is the way we ship /etc/netconfig.
	 *    Emphasis on improving performance in the "if" part.
	 */
	if (nconf->nc_nlookups == 0) {
		struct hostent	*he = NULL, *tmphe;
		struct servent	*se;
		int	ret;
		nss_XbyY_buf_t	*ndbuf4switch = 0;

	switch (args->op_t) {

		case NSS_HOST:

		he = DOOR_GETHOSTBYNAME_R(args->arg.nss.host.name,
		    res->nss.host.hent, args->arg.nss.host.buf,
		    args->arg.nss.host.buflen,
		    res->nss.host.herrno_p);
		if (he == NULL)
			return (_nderror = ND_NOHOST);
		return (_nderror = ND_OK);

		case NSS_HOST6:

		he = DOOR_GETIPNODEBYNAME_R(args->arg.nss.host6.name,
		    res->nss.host.hent, args->arg.nss.host.buf,
		    args->arg.nss.host6.buflen,
		    args->arg.nss.host6.af_family,
		    args->arg.nss.host6.flags,
		    res->nss.host.herrno_p);

		if (he == NULL)
			return (_nderror = ND_NOHOST);
		return (_nderror = ND_OK);

		case NSS_SERV:

		se = _switch_getservbyname_r(args->arg.nss.serv.name,
		    args->arg.nss.serv.proto,
		    res->nss.serv, args->arg.nss.serv.buf,
		    args->arg.nss.serv.buflen);

		_nderror = ND_OK;
		if (se == 0)
			_nderror = ND_NOSERV;
		return (_nderror);

		case NETDIR_BY:

		if (servp == 0) {
			char	*proto =
	    (strcmp(nconf->nc_proto, NC_TCP) == 0) ? NC_TCP : NC_UDP;

			/*
			 * We go through all this for just one port number,
			 * which is most often constant. How about linking in
			 * an indexed database of well-known ports in the name
			 * of performance ?
			 */
			ndbuf4switch = _nss_XbyY_buf_alloc(
				sizeof (struct servent), NSS_BUFLEN_SERVICES);
			if (ndbuf4switch == 0)
				FREE_return(ND_NOMEM);
			se = _switch_getservbyname_r(args->arg.nd_hs->h_serv,
				proto, ndbuf4switch->result,
				ndbuf4switch->buffer, ndbuf4switch->buflen);
			if (!se) {
				NSS_XbyY_FREE(&ndbuf4switch);
				FREE_return(ND_NOSERV)
			}
			server_port = se->s_port;
			NSS_XbyY_FREE(&ndbuf4switch);
		}

		if (haddrlist == 0) {
			int	h_errnop = 0;

			ndbuf4switch = _nss_XbyY_buf_alloc(
					sizeof (struct hostent),
					NSS_BUFLEN_HOSTS);
			if (ndbuf4switch == 0) {
				_nderror = ND_NOMEM;
				return (ND_NOMEM);
			}
			/*
			 * Search the ipnodes (v6) path first,
			 * search will return the v4 addresses
			 * as v4mapped addresses.
			 */
			if ((tmphe = DOOR_GETIPNODEBYNAME_R(
			    args->arg.nd_hs->h_host,
			    ndbuf4switch->result, ndbuf4switch->buffer,
			    ndbuf4switch->buflen, args->arg.nss.host6.af_family,
			    args->arg.nss.host6.flags, &h_errnop)) != NULL)
				he = __mappedtov4(tmphe, &h_errnop);

			if (he == NULL) {
				/* Failover case, try hosts db for v4 address */
				he = DOOR_GETHOSTBYNAME_R(
				args->arg.nd_hs->h_host,
				ndbuf4switch->result, ndbuf4switch->buffer,
				ndbuf4switch->buflen, &h_errnop);
				if (he == NULL) {
					NSS_XbyY_FREE(&ndbuf4switch);
					_nderror = h_errnop ?
					    __herrno2netdir(h_errnop) :
					    ND_NOHOST;
					return (_nderror);
				}
				/*
				 * Convert h_addr_list into nd_addrlist.
				 * malloc's will be done, freed using
				 * netdir_free.
				 */
				ret = hent2ndaddr(AF_INET, he->h_addr_list,
					&server_port, res->nd_alist);
			} else {
				/*
				 * Convert h_addr_list into nd_addrlist.
				 * malloc's will be done, freed using
				 * netdir_free.
				 */
				ret = hent2ndaddr(AF_INET, he->h_addr_list,
					&server_port, res->nd_alist);
				freehostent(he);
			}

			_nderror = ret;
			NSS_XbyY_FREE(&ndbuf4switch);
			return (ret);
		} else {
			int ret;
			/*
			 * Convert h_addr_list into nd_addrlist.
			 * malloc's will be done, freed using netdir_free.
			 */
			ret = hent2ndaddr(AF_INET, haddrlist,
				    &server_port, res->nd_alist);
			FREE_return(ret)
		}


		case NETDIR_BY6:

			if (servp == 0) {
				char	*proto =
	(strcmp(nconf->nc_proto, NC_TCP) == 0) ? NC_TCP : NC_UDP;

				/*
				 * We go through all this for just
				 * one port number,
				 * which is most often constant.
				 * How about linking in
				 * an indexed database of well-known
				 * ports in the name
				 * of performance ?
				 */
				ndbuf4switch = _nss_XbyY_buf_alloc(
					sizeof (struct servent),
					NSS_BUFLEN_SERVICES);
				if (ndbuf4switch == 0)
					FREE_return(ND_NOMEM);
				se = _switch_getservbyname_r(
					    args->arg.nd_hs->h_serv,
				    proto, ndbuf4switch->result,
				    ndbuf4switch->buffer, ndbuf4switch->buflen);
				if (!se) {
					NSS_XbyY_FREE(&ndbuf4switch);
					FREE_return(ND_NOSERV)
				}
				server_port = se->s_port;
				NSS_XbyY_FREE(&ndbuf4switch);
			}

			if (haddrlist == 0) {
				int	h_errnop = 0;

				ndbuf4switch = _nss_XbyY_buf_alloc(
					sizeof (struct hostent),
					NSS_BUFLEN_HOSTS);
				if (ndbuf4switch == 0) {
					_nderror = ND_NOMEM;
					return (ND_NOMEM);
				}
				he = DOOR_GETIPNODEBYNAME_R(
				    args->arg.nd_hs->h_host,
				    ndbuf4switch->result, ndbuf4switch->buffer,
				    ndbuf4switch->buflen,
				    args->arg.nss.host6.af_family,
				    args->arg.nss.host6.flags, &h_errnop);
				if (he == NULL) {
					NSS_XbyY_FREE(&ndbuf4switch);
					_nderror = h_errnop ?
					    __herrno2netdir(h_errnop) :
					    ND_NOHOST;
					return (_nderror);
				}
				/*
				 * Convert h_addr_list into nd_addrlist.
				 * malloc's will be done,
				 * freed using netdir_free.
				 */
				ret = hent2ndaddr(AF_INET6,
		    ((struct hostent *)(ndbuf4switch->result))->h_addr_list,
				    &server_port, res->nd_alist);
				_nderror = ret;
				NSS_XbyY_FREE(&ndbuf4switch);
				return (ret);
			} else {
				int ret;
				/*
				 * Convert h_addr_list into nd_addrlist.
				 * malloc's will be done,
				 * freed using netdir_free.
				 */
				ret = hent2ndaddr(AF_INET6, haddrlist,
					    &server_port, res->nd_alist);
				FREE_return(ret)
			}

		default:
		_nderror = ND_BADARG;
		return (ND_BADARG); /* should never happen */
	}

	} else {
		/* haddrlist is no longer used, so clean up */
		if (inaddrs)
			free(inaddrs);
		if (baddrlist)
			free(baddrlist);
	}

	/*
	 * 3. We come this far only if nametoaddr libs are specified for
	 *    inet transports and we are called by gethost/servbyname only.
	 */
	switch (args->op_t) {
		struct	nd_hostserv service;
		struct	nd_addrlist *addrs;
		int ret;

		case NSS_HOST:

		service.h_host = (char *)args->arg.nss.host.name;
		service.h_serv = NULL;
		if ((_nderror = __classic_netdir_getbyname(nconf,
			    &service, &addrs)) != ND_OK) {
			*(res->nss.host.herrno_p) = nd2herrno(_nderror);
			return (_nderror);
		}
		/*
		 * convert addresses back into sockaddr for gethostbyname.
		 */
		ret = ndaddr2hent(AF_INET, service.h_host, addrs,
		    res->nss.host.hent, args->arg.nss.host.buf,
		    args->arg.nss.host.buflen);
		if (ret != ND_OK)
			*(res->nss.host.herrno_p) = nd2herrno(ret);
		netdir_free((char *)addrs, ND_ADDRLIST);
		_nderror = ret;
		return (ret);

		case NSS_SERV:

		if (args->arg.nss.serv.proto == NULL) {
			/*
			 * A similar HACK showed up in Solaris 2.3.
			 * The caller wild-carded proto -- i.e. will
			 * accept a match using tcp or udp for the port
			 * number. Since we have no hope of getting
			 * directly to a name service switch backend
			 * from here that understands this semantics,
			 * we try calling the netdir interfaces first
			 * with "tcp" and then "udp".
			 */
			args->arg.nss.serv.proto = "tcp";
			_nderror = _get_hostserv_inetnetdir_byname(nconf, args,
			    res);
			if (_nderror != ND_OK) {
				args->arg.nss.serv.proto = "udp";
				_nderror =
				    _get_hostserv_inetnetdir_byname(nconf,
				    args, res);
			}
			return (_nderror);
		}

		/*
		 * Third-parties should optimize their nametoaddr
		 * libraries for the HOST_SELF case.
		 */
		service.h_host = HOST_SELF;
		service.h_serv = (char *)args->arg.nss.serv.name;
		if ((_nderror = __classic_netdir_getbyname(nconf,
			    &service, &addrs)) != ND_OK) {
			return (_nderror);
		}
		/*
		 * convert addresses back into servent for getservbyname.
		 */
		_nderror = ndaddr2srent(service.h_serv,
		    args->arg.nss.serv.proto,
		    /* LINTED pointer cast */
		    ((struct sockaddr_in *)addrs->n_addrs->buf)->sin_port,
		    res->nss.serv,
		    args->arg.nss.serv.buf, args->arg.nss.serv.buflen);
		netdir_free((char *)addrs, ND_ADDRLIST);
		return (_nderror);

		default:
		_nderror = ND_BADARG;
		return (ND_BADARG); /* should never happen */
	}
}

/*
 * gethostbyaddr/servbyport always call this function; if they call
 * with nametoaddr libs in nconf, we call netdir_getbyaddr
 * implementation __classic_netdir_getbyaddr, otherwise nsswitch.
 *
 * netdir_getbyaddr calls this only if nametoaddr libs are NOT
 * specified for inet transports; i.e. it's supposed to follow
 * the name service switch.
 */
int
_get_hostserv_inetnetdir_byaddr(struct netconfig *nconf,
    struct nss_netdirbyaddr_in *args, union nss_netdirbyaddr_out *res)
{
	if (nconf == 0) {
		_nderror = ND_BADARG;
		return (_nderror);
	}

	/*
	 * 1. gethostbyaddr()/netdir_getbyaddr() special cases:
	 */
	switch (args->op_t) {

		case NSS_HOST:
		/*
		 * Worth the performance gain: assuming a lot of inet apps
		 * actively use "127.0.0.1".
		 */
		/* LINTED pointer cast */
		if (*(uint32_t *)(args->arg.nss.host.addr) ==
					htonl(INADDR_LOOPBACK)) {
			(void) mutex_lock(&nd_addr_lock);
			IN_SET_LOOPBACK_ADDR(&sa_con);
			_nderror = ndaddr2hent(AF_INET, LOCALHOST,
			    &nd_conaddrlist, res->nss.host.hent,
			    args->arg.nss.host.buf,
			    args->arg.nss.host.buflen);
			(void) mutex_unlock(&nd_addr_lock);
			if (_nderror != ND_OK)
				*(res->nss.host.herrno_p) =
				    nd2herrno(_nderror);
			return (_nderror);
		}
		break;

		case NETDIR_BY:
		case NETDIR_BY_NOSRV:
		{
			struct sockaddr_in *sin;

			if (args->arg.nd_nbuf == NULL) {
				_nderror = ND_BADARG;
				return (_nderror);
			}

			/*
			 * Validate the address which was passed
			 * as the request.
			 */
			/* LINTED pointer cast */
			sin = (struct sockaddr_in *)args->arg.nd_nbuf->buf;

			if ((args->arg.nd_nbuf->len !=
				sizeof (struct sockaddr_in)) ||
			    (sin->sin_family != AF_INET)) {
				_nderror = ND_BADARG;
				return (_nderror);
			}
		}
		break;

		case NETDIR_BY6:
		case NETDIR_BY_NOSRV6:
		{
			struct sockaddr_in6 *sin6;

			if (args->arg.nd_nbuf == NULL) {
				_nderror = ND_BADARG;
				return (_nderror);
			}

			/*
			 * Validate the address which was passed
			 * as the request.
			 */
			/* LINTED pointer cast */
			sin6 = (struct sockaddr_in6 *)args->arg.nd_nbuf->buf;

			if ((args->arg.nd_nbuf->len !=
				sizeof (struct sockaddr_in6)) ||
			    (sin6->sin6_family != AF_INET6)) {
				_nderror = ND_BADARG;
				return (_nderror);
			}
		}
		break;

	}

	/*
	 * 2. Most common scenario. This is the way we ship /etc/netconfig.
	 *    Emphasis on improving performance in the "if" part.
	 */
	if (nconf->nc_nlookups == 0) {
		struct hostent	*he = NULL, *tmphe;
		struct servent	*se = NULL;
		nss_XbyY_buf_t	*ndbuf4host = 0;
		nss_XbyY_buf_t	*ndbuf4serv = 0;
		char	*proto =
		    (strcmp(nconf->nc_proto, NC_TCP) == 0) ? NC_TCP : NC_UDP;
		struct	sockaddr_in *sa;
		struct sockaddr_in6 *sin6;
		struct in_addr *addr4 = 0;
		struct in6_addr v4mapbuf;
		int	h_errnop;

	switch (args->op_t) {

		case NSS_HOST:

		he = DOOR_GETHOSTBYADDR_R(args->arg.nss.host.addr,
		    args->arg.nss.host.len, args->arg.nss.host.type,
		    res->nss.host.hent, args->arg.nss.host.buf,
		    args->arg.nss.host.buflen,
		    res->nss.host.herrno_p);
		if (he == 0)
			_nderror = ND_NOHOST;
		else
			_nderror = ND_OK;
		return (_nderror);


		case NSS_HOST6:
		he = DOOR_GETIPNODEBYADDR_R(args->arg.nss.host.addr,
		    args->arg.nss.host.len, args->arg.nss.host.type,
		    res->nss.host.hent, args->arg.nss.host.buf,
		    args->arg.nss.host.buflen,
		    res->nss.host.herrno_p);

		if (he == 0)
			return (ND_NOHOST);
		return (ND_OK);


		case NSS_SERV:

		se = _switch_getservbyport_r(args->arg.nss.serv.port,
		    args->arg.nss.serv.proto,
		    res->nss.serv, args->arg.nss.serv.buf,
		    args->arg.nss.serv.buflen);

		if (se == 0)
			_nderror = ND_NOSERV;
		else
			_nderror = ND_OK;
		return (_nderror);

		case NETDIR_BY:
		case NETDIR_BY_NOSRV:

		ndbuf4serv = _nss_XbyY_buf_alloc(sizeof (struct servent),
					NSS_BUFLEN_SERVICES);
		if (ndbuf4serv == 0) {
			_nderror = ND_NOMEM;
			return (_nderror);
		}
		/* LINTED pointer cast */
		sa = (struct sockaddr_in *)(args->arg.nd_nbuf->buf);
		addr4 = (struct in_addr *)&(sa->sin_addr);

		/*
		 * if NETDIR_BY_NOSRV or port == 0 skip the service
		 * lookup.
		 */
		if (args->op_t != NETDIR_BY_NOSRV && sa->sin_port != 0) {
			se = _switch_getservbyport_r(sa->sin_port, proto,
			    ndbuf4serv->result, ndbuf4serv->buffer,
				    ndbuf4serv->buflen);
			if (!se) {
				NSS_XbyY_FREE(&ndbuf4serv);
				/*
				 * We can live with this - i.e. the address
				 * does not
				 * belong to a well known service. The caller
				 * traditionally accepts a stringified port
				 * number
				 * as the service name. The state of se is used
				 * ahead to indicate the same.
				 * However, we do not tolerate this nonsense
				 * when we cannot get a host name. See below.
				 */
			}
		}

		ndbuf4host = _nss_XbyY_buf_alloc(sizeof (struct hostent),
					NSS_BUFLEN_HOSTS);
		if (ndbuf4host == 0) {
			if (ndbuf4serv)
				NSS_XbyY_FREE(&ndbuf4serv);
			_nderror = ND_NOMEM;
			return (_nderror);
		}

		/*
		 * Since we're going to search the ipnodes (v6) path first,
		 * we need to treat the address as a v4mapped address.
		 */

		IN6_INADDR_TO_V4MAPPED(addr4, &v4mapbuf);
		if ((tmphe = DOOR_GETIPNODEBYADDR_R((char *)&v4mapbuf,
		    16, AF_INET6, ndbuf4host->result,
			    ndbuf4host->buffer,
			    ndbuf4host->buflen, &h_errnop)) != NULL)
			he = __mappedtov4(tmphe, &h_errnop);

		if (!he) {
			/* Failover case, try hosts db for v4 address */
			he = DOOR_GETHOSTBYADDR_R((char *)
					&(sa->sin_addr.s_addr), 4,
					sa->sin_family, ndbuf4host->result,
					ndbuf4host->buffer, ndbuf4host->buflen,
					&h_errnop);
			if (!he) {
				NSS_XbyY_FREE(&ndbuf4host);
				if (ndbuf4serv)
					NSS_XbyY_FREE(&ndbuf4serv);
				_nderror = __herrno2netdir(h_errnop);
				return (_nderror);
			}
			/*
			 * Convert host names and service names into hostserv
			 * pairs. malloc's will be done, freed using
			 * netdir_free.
			 */
			h_errnop = hsents2ndhostservs(he, se,
			    sa->sin_port, res->nd_hslist);
		} else {
			/*
			 * Convert host names and service names into hostserv
			 * pairs. malloc's will be done, freed using
			 * netdir_free.
			 */
			h_errnop = hsents2ndhostservs(he, se,
			    sa->sin_port, res->nd_hslist);
			freehostent(he);
		}

		NSS_XbyY_FREE(&ndbuf4host);
		if (ndbuf4serv)
		    NSS_XbyY_FREE(&ndbuf4serv);
		_nderror = __herrno2netdir(h_errnop);
		return (_nderror);

		case NETDIR_BY6:
		case NETDIR_BY_NOSRV6:

		ndbuf4serv = _nss_XbyY_buf_alloc(sizeof (struct servent),
					NSS_BUFLEN_SERVICES);
		if (ndbuf4serv == 0) {
			_nderror = ND_NOMEM;
			return (ND_NOMEM);
		}
		/* LINTED pointer cast */
		sin6 = (struct sockaddr_in6 *)(args->arg.nd_nbuf->buf);

		/*
		 * if NETDIR_BY_NOSRV6 or port == 0 skip the service
		 * lookup.
		 */
		if (args->op_t != NETDIR_BY_NOSRV6 && sin6->sin6_port == 0) {
			se = _switch_getservbyport_r(sin6->sin6_port, proto,
			    ndbuf4serv->result, ndbuf4serv->buffer,
				    ndbuf4serv->buflen);
			if (!se) {
				NSS_XbyY_FREE(&ndbuf4serv);
				/*
				 * We can live with this - i.e. the address does
				 * not * belong to a well known service. The
				 * caller traditionally accepts a stringified
				 * port number
				 * as the service name. The state of se is used
				 * ahead to indicate the same.
				 * However, we do not tolerate this nonsense
				 * when we cannot get a host name. See below.
				 */
			}
		}

		ndbuf4host = _nss_XbyY_buf_alloc(sizeof (struct hostent),
					NSS_BUFLEN_HOSTS);
		if (ndbuf4host == 0) {
			if (ndbuf4serv)
				NSS_XbyY_FREE(&ndbuf4serv);
			_nderror = ND_NOMEM;
			return (_nderror);
		}
		he = DOOR_GETIPNODEBYADDR_R((char *)&(sin6->sin6_addr),
		    16, sin6->sin6_family, ndbuf4host->result,
			    ndbuf4host->buffer,
			    ndbuf4host->buflen, &h_errnop);
		if (!he) {
			NSS_XbyY_FREE(&ndbuf4host);
			if (ndbuf4serv)
			    NSS_XbyY_FREE(&ndbuf4serv);
			_nderror = __herrno2netdir(h_errnop);
			return (_nderror);
		}
		/*
		 * Convert host names and service names into hostserv
		 * pairs. malloc's will be done, freed using netdir_free.
		 */
		h_errnop = hsents2ndhostservs(he, se,
		    sin6->sin6_port, res->nd_hslist);

		NSS_XbyY_FREE(&ndbuf4host);
		if (ndbuf4serv)
		    NSS_XbyY_FREE(&ndbuf4serv);
		_nderror = __herrno2netdir(h_errnop);
		return (_nderror);

		default:
		_nderror = ND_BADARG;
		return (_nderror); /* should never happen */
	}

	}
	/*
	 * 3. We come this far only if nametoaddr libs are specified for
	 *    inet transports and we are called by gethost/servbyname only.
	 */
	switch (args->op_t) {
		struct	netbuf nbuf;
		struct	nd_hostservlist *addrs;
		struct	sockaddr_in sa;

		case NSS_HOST:

		/* LINTED pointer cast */
		sa.sin_addr.s_addr = *(uint32_t *)args->arg.nss.host.addr;
		sa.sin_family = AF_INET;
		/* Hopefully, third-parties get this optimization */
		sa.sin_port = 0;
		nbuf.buf = (char *)&sa;
		nbuf.len = nbuf.maxlen = sizeof (sa);
		if ((_nderror = __classic_netdir_getbyaddr(nconf,
			    &addrs, &nbuf)) != 0) {
			*(res->nss.host.herrno_p) = nd2herrno(_nderror);
			return (_nderror);
		}
		/*
		 * convert the host-serv pairs into h_aliases and hent.
		 */
		_nderror = ndhostserv2hent(&nbuf, addrs, res->nss.host.hent,
		    args->arg.nss.host.buf, args->arg.nss.host.buflen);
		if (_nderror != ND_OK)
			*(res->nss.host.herrno_p) = nd2herrno(_nderror);
		netdir_free((char *)addrs, ND_HOSTSERVLIST);
		return (_nderror);

		case NSS_SERV:

		if (args->arg.nss.serv.proto == NULL) {
			/*
			 * A similar HACK showed up in Solaris 2.3.
			 * The caller wild-carded proto -- i.e. will
			 * accept a match on tcp or udp for the port
			 * number. Since we have no hope of getting
			 * directly to a name service switch backend
			 * from here that understands this semantics,
			 * we try calling the netdir interfaces first
			 * with "tcp" and then "udp".
			 */
			args->arg.nss.serv.proto = "tcp";
			_nderror = _get_hostserv_inetnetdir_byaddr(nconf, args,
			    res);
			if (_nderror != ND_OK) {
				args->arg.nss.serv.proto = "udp";
				_nderror =
				    _get_hostserv_inetnetdir_byaddr(nconf,
					args, res);
			}
			return (_nderror);
		}

		/*
		 * Third-party nametoaddr_libs should be optimized for
		 * this case. It also gives a special semantics twist to
		 * netdir_getbyaddr. Only for the INADDR_ANY case, it gives
		 * higher priority to service lookups (over host lookups).
		 * If service lookup fails, the backend returns ND_NOSERV to
		 * facilitate lookup in the "next" naming service.
		 * BugId: 1075403.
		 */
		sa.sin_addr.s_addr = INADDR_ANY;
		sa.sin_family = AF_INET;
		sa.sin_port = (ushort_t)args->arg.nss.serv.port;
		sa.sin_zero[0] = '\0';
		nbuf.buf = (char *)&sa;
		nbuf.len = nbuf.maxlen = sizeof (sa);
		if ((_nderror = __classic_netdir_getbyaddr(nconf,
			    &addrs, &nbuf)) != ND_OK) {
			return (_nderror);
		}
		/*
		 * convert the host-serv pairs into s_aliases and servent.
		 */
		_nderror = ndhostserv2srent(args->arg.nss.serv.port,
		    args->arg.nss.serv.proto, addrs, res->nss.serv,
		    args->arg.nss.serv.buf, args->arg.nss.serv.buflen);
		netdir_free((char *)addrs, ND_HOSTSERVLIST);
		return (_nderror);

		default:
		_nderror = ND_BADARG;
		return (_nderror); /* should never happen */
	}
}

/*
 * Part II: Name Service Switch interfacing routines.
 */

static DEFINE_NSS_DB_ROOT(db_root_hosts);
static DEFINE_NSS_DB_ROOT(db_root_ipnodes);
static DEFINE_NSS_DB_ROOT(db_root_services);


/*
 * There is a copy of __nss2herrno() in nsswitch/files/gethostent.c.
 * It is there because /etc/lib/nss_files.so.1 cannot call
 * routines in libnsl.  Care should be taken to keep the two copies
 * in sync.
 */
int
__nss2herrno(nss_status_t nsstat)
{
	switch (nsstat) {
	case NSS_SUCCESS:
		/* no macro-defined success code for h_errno */
		return (0);
	case NSS_NOTFOUND:
		return (HOST_NOT_FOUND);
	case NSS_TRYAGAIN:
		return (TRY_AGAIN);
	case NSS_UNAVAIL:
		return (NO_RECOVERY);
	}
	/* NOTREACHED */
	return (0);	/* keep gcc happy */
}

nss_status_t
_herrno2nss(int h_errno)
{
	switch (h_errno) {
	case 0:
		return (NSS_SUCCESS);
	case TRY_AGAIN:
		return (NSS_TRYAGAIN);
	case NO_RECOVERY:
	case NETDB_INTERNAL:
		return (NSS_UNAVAIL);
	case HOST_NOT_FOUND:
	case NO_DATA:
	default:
		return (NSS_NOTFOUND);
	}
}

static int
__herrno2netdir(int h_errnop)
{
	switch (h_errnop) {
		case 0:
			return (ND_OK);
		case HOST_NOT_FOUND:
			return (ND_NOHOST);
		case TRY_AGAIN:
			return (ND_TRY_AGAIN);
		case NO_RECOVERY:
		case NETDB_INTERNAL:
			return (ND_NO_RECOVERY);
		case NO_DATA:
			return (ND_NO_DATA);
		default:
			return (ND_NOHOST);
	}
}

/*
 * The _switch_getXXbyYY_r() routines should be static.  They used to
 * be exported in SunOS 5.3, and in fact publicised as work-around
 * interfaces for getting CNAME/aliases, and therefore, we preserve
 * their signatures here. Just in case.
 */

struct hostent *
_switch_gethostbyname_r(const char *name, struct hostent *result, char *buffer,
    int buflen, int *h_errnop)
{
	nss_XbyY_args_t arg;
	nss_status_t	res;

	NSS_XbyY_INIT(&arg, result, buffer, buflen, str2hostent);
	arg.key.name	= name;
	arg.stayopen	= 0;
	res = nss_search(&db_root_hosts, _nss_initf_hosts,
	    NSS_DBOP_HOSTS_BYNAME, &arg);
	arg.status = res;
	*h_errnop = arg.h_errno;
	if (arg.returnval != NULL)
		order_haddrlist_af(result->h_addrtype, result->h_addr_list);
	return ((struct hostent *)NSS_XbyY_FINI(&arg));
}

struct hostent *
_switch_getipnodebyname_r(const char *name, struct hostent *result,
    char *buffer, int buflen, int af_family, int flags, int *h_errnop)
{
	nss_XbyY_args_t arg;
	nss_status_t	res;

	NSS_XbyY_INIT(&arg, result, buffer, buflen, str2hostent6);
	arg.key.ipnode.name	= name;
	arg.key.ipnode.af_family = af_family;
	arg.key.ipnode.flags = flags;
	arg.stayopen	= 0;
	res = nss_search(&db_root_ipnodes, _nss_initf_ipnodes,
	    NSS_DBOP_IPNODES_BYNAME, &arg);
	arg.status = res;
	*h_errnop = arg.h_errno;
	if (arg.returnval != NULL)
		order_haddrlist_af(result->h_addrtype, result->h_addr_list);
	return ((struct hostent *)NSS_XbyY_FINI(&arg));
}

struct hostent *
_switch_gethostbyaddr_r(const char *addr, int len, int type,
    struct hostent *result, char *buffer, int buflen, int *h_errnop)
{
	nss_XbyY_args_t arg;
	nss_status_t	res;

	NSS_XbyY_INIT(&arg, result, buffer, buflen, str2hostent);
	arg.key.hostaddr.addr	= addr;
	arg.key.hostaddr.len	= len;
	arg.key.hostaddr.type	= type;
	arg.stayopen		= 0;
	res = nss_search(&db_root_hosts, _nss_initf_hosts,
	    NSS_DBOP_HOSTS_BYADDR, &arg);
	arg.status = res;
	*h_errnop = arg.h_errno;
	return (struct hostent *)NSS_XbyY_FINI(&arg);
}

struct hostent *
_switch_getipnodebyaddr_r(const char *addr, int len, int type,
    struct hostent *result, char *buffer, int buflen, int *h_errnop)
{
	nss_XbyY_args_t arg;
	nss_status_t	res;

	NSS_XbyY_INIT(&arg, result, buffer, buflen, str2hostent6);
	arg.key.hostaddr.addr	= addr;
	arg.key.hostaddr.len	= len;
	arg.key.hostaddr.type	= type;
	arg.stayopen		= 0;
	res = nss_search(&db_root_ipnodes, _nss_initf_ipnodes,
	    NSS_DBOP_IPNODES_BYADDR, &arg);
	arg.status = res;
	*h_errnop = arg.h_errno;
	return (struct hostent *)NSS_XbyY_FINI(&arg);
}

static void
_nss_initf_services(nss_db_params_t *p)
{
	p->name	= NSS_DBNAM_SERVICES;
	p->default_config = NSS_DEFCONF_SERVICES;
}

struct servent *
_switch_getservbyname_r(const char *name, const char *proto,
    struct servent *result, char *buffer, int buflen)
{
	nss_XbyY_args_t arg;
	nss_status_t	res;

	NSS_XbyY_INIT(&arg, result, buffer, buflen, str2servent);
	arg.key.serv.serv.name	= name;
	arg.key.serv.proto	= proto;
	arg.stayopen		= 0;
	res = nss_search(&db_root_services, _nss_initf_services,
	    NSS_DBOP_SERVICES_BYNAME, &arg);
	arg.status = res;
	return ((struct servent *)NSS_XbyY_FINI(&arg));
}

struct servent *
_switch_getservbyport_r(int port, const char *proto, struct servent *result,
    char *buffer, int buflen)
{
	nss_XbyY_args_t arg;
	nss_status_t	res;

	NSS_XbyY_INIT(&arg, result, buffer, buflen, str2servent);
	arg.key.serv.serv.port	= port;
	arg.key.serv.proto	= proto;
	arg.stayopen		= 0;
	res = nss_search(&db_root_services, _nss_initf_services,
	    NSS_DBOP_SERVICES_BYPORT, &arg);
	arg.status = res;
	return ((struct servent *)NSS_XbyY_FINI(&arg));
}


/*
 * Return values: 0 = success, 1 = parse error, 2 = erange ...
 * The structure pointer passed in is a structure in the caller's space
 * wherein the field pointers would be set to areas in the buffer if
 * need be. instring and buffer should be separate areas.
 *
 * Defined here because we need it and we (libnsl) cannot have a dependency
 * on libsocket (however, libsocket always depends on libnsl).
 */
int
str2servent(const char *instr, int lenstr, void *ent, char *buffer, int buflen)
{
	struct servent	*serv	= (struct servent *)ent;
	const char	*p, *fieldstart, *limit, *namestart;
	ssize_t		fieldlen, namelen = 0;
	char		numbuf[12];
	char		*numend;

	if ((instr >= buffer && (buffer + buflen) > instr) ||
	    (buffer >= instr && (instr + lenstr) > buffer)) {
		return (NSS_STR_PARSE_PARSE);
	}

	p = instr;
	limit = p + lenstr;

	while (p < limit && isspace(*p)) {
		p++;
	}
	namestart = p;
	while (p < limit && !isspace(*p)) {
		p++;		/* Skip over the canonical name */
	}
	namelen = p - namestart;

	if (buflen <= namelen) { /* not enough buffer */
		return (NSS_STR_PARSE_ERANGE);
	}
	(void) memcpy(buffer, namestart, namelen);
	buffer[namelen] = '\0';
	serv->s_name = buffer;

	while (p < limit && isspace(*p)) {
		p++;
	}

	fieldstart = p;
	do {
		if (p > limit || isspace(*p)) {
			/* Syntax error -- no port/proto */
			return (NSS_STR_PARSE_PARSE);
		}
	}
	while (*p++ != '/');
	fieldlen = p - fieldstart - 1;
	if (fieldlen == 0 || fieldlen >= sizeof (numbuf)) {
		/* Syntax error -- supposed number is empty or too long */
		return (NSS_STR_PARSE_PARSE);
	}
	(void) memcpy(numbuf, fieldstart, fieldlen);
	numbuf[fieldlen] = '\0';
	serv->s_port = htons((int)strtol(numbuf, &numend, 10));
	if (*numend != '\0') {
		/* Syntax error -- port number isn't a number */
		return (NSS_STR_PARSE_PARSE);
	}

	fieldstart = p;
	while (p < limit && !isspace(*p)) {
		p++;		/* Scan the protocol name */
	}
	fieldlen = p - fieldstart + 1;		/* Include '\0' this time */
	if (fieldlen > buflen - namelen - 1) {
		return (NSS_STR_PARSE_ERANGE);
	}
	serv->s_proto = buffer + namelen + 1;
	(void) memcpy(serv->s_proto, fieldstart, fieldlen - 1);
	serv->s_proto[fieldlen - 1] = '\0';

	while (p < limit && isspace(*p)) {
		p++;
	}
	/*
	 * Although nss_files_XY_all calls us with # stripped,
	 * we should be able to deal with it here in order to
	 * be more useful.
	 */
	if (p >= limit || *p == '#') { /* no aliases, no problem */
		char **ptr;

		ptr = (char **)ROUND_UP(buffer + namelen + 1 + fieldlen,
		    sizeof (char *));
		if ((char *)ptr >= buffer + buflen) {
			/* hope they don't try to peek in */
			serv->s_aliases = 0;
			return (NSS_STR_PARSE_ERANGE);
		} else {
			*ptr = 0;
			serv->s_aliases = ptr;
			return (NSS_STR_PARSE_SUCCESS);
		}
	}
	serv->s_aliases = _nss_netdb_aliases(p, (int)(lenstr - (p - instr)),
	    buffer + namelen + 1 + fieldlen,
	    (int)(buflen - namelen - 1 - fieldlen));
	return (NSS_STR_PARSE_SUCCESS);
}

/*
 * Part III: All `n sundry routines that are useful only in this
 * module. In the interest of keeping this source file shorter,
 * we would create them a new module only if the linker allowed
 * "library-static" functions.
 *
 * Routines to order addresses based on local interfaces and netmasks,
 * to get and check reserved ports, and to get broadcast nets.
 */

union __v4v6addr {
	struct in6_addr	in6;
	struct in_addr	in4;
};

struct __ifaddr {
	sa_family_t		af;
	union __v4v6addr	addr;
	union __v4v6addr	mask;
};

struct ifinfo {
	int		count;
	struct __ifaddr	*addresses;
};

typedef enum {ADDR_ONLINK = 0, ADDR_OFFLINK} addr_class_t;
#define	ADDR_NUMCLASSES	2

typedef enum {IF_ADDR, IF_MASK}	__ifaddr_type;
static int	__inet_ifassign(sa_family_t, struct __ifaddr *, __ifaddr_type,
				void *);
int		__inet_address_is_local_af(void *, sa_family_t, void *);

#define	ifaf(index)	(localinfo->addresses[index].af)
#define	ifaddr4(index)	(localinfo->addresses[index].addr.in4)
#define	ifaddr6(index)	(localinfo->addresses[index].addr.in6)
#define	ifmask4(index)	(localinfo->addresses[index].mask.in4)
#define	ifmask6(index)	(localinfo->addresses[index].mask.in6)
#define	ifinfosize(n)	(sizeof (struct ifinfo) + (n)*sizeof (struct __ifaddr))

#define	lifraddrp(lifr)	((lifr.lifr_addr.ss_family == AF_INET6) ? \
	(void *)&((struct sockaddr_in6 *)&lifr.lifr_addr)->sin6_addr : \
	(void *)&((struct sockaddr_in *)&lifr.lifr_addr)->sin_addr)

#define	ifassign(lifr, index, type) \
			__inet_ifassign(lifr.lifr_addr.ss_family, \
				&localinfo->addresses[index], type, \
				lifraddrp(lifr))

/*
 * The number of nanoseconds the order_haddrlist_inet() function waits
 * to retreive IP interface information.  The default is five minutes.
 */
#define	IFINFOTIMEOUT	((hrtime_t)300 * NANOSEC)

/*
 * Sort the addresses in haddrlist.  Since the sorting algorithms are
 * address-family specific, the work is done in the address-family
 * specific order_haddrlist_<family> functions.
 *
 * Do not sort addresses if SORT_ADDRS variable is set to NO or FALSE
 * in the configuration file /etc/default/nss. This is useful in case
 * the order of addresses returned by the nameserver needs to be
 * maintained. (DNS round robin feature is one example)
 */
void
order_haddrlist_af(sa_family_t af, char **haddrlist)
{
	size_t			addrcount;
	char			**addrptr;
	static boolean_t	checksortcfg = B_TRUE;
	static boolean_t	nosort = B_FALSE;
	static mutex_t		checksortcfg_lock = DEFAULTMUTEX;

	if (haddrlist == NULL)
		return;

	/*
	 * Check if SORT_ADDRS is set to NO or FALSE in the configuration
	 * file.  We do not have to sort addresses in that case.
	 */
	(void) mutex_lock(&checksortcfg_lock);
	if (checksortcfg == B_TRUE) {
		checksortcfg = B_FALSE;
		nosort = _read_nsw_file();
	}
	(void) mutex_unlock(&checksortcfg_lock);

	if (nosort)
		return;

	/* Count the addresses to sort */
	addrcount = 0;
	for (addrptr = haddrlist; *addrptr != NULL; addrptr++)
		addrcount++;

	/*
	 * If there's only one address or no addresses to sort, then
	 * there's nothing for us to do.
	 */
	if (addrcount <= 1)
		return;

	/* Call the address-family specific sorting functions. */
	switch (af) {
	case AF_INET:
		order_haddrlist_inet(haddrlist, addrcount);
		break;
	case AF_INET6:
		order_haddrlist_inet6(haddrlist, addrcount);
		break;
	default:
		break;
	}
}

/*
 * Move any local (on-link) addresses toward the beginning of haddrlist.
 * The order within these two classes is preserved.
 *
 * The interface list is retrieved no more often than every
 * IFINFOTIMEOUT nanoseconds. Access to the interface list is
 * protected by an RW lock.
 *
 * If this function encounters an error, haddrlist is unaltered.
 */
static void
order_haddrlist_inet(char **haddrlist, size_t addrcount)
{
	static struct	ifinfo *localinfo = NULL;
	static hrtime_t	then = 0; /* the last time localinfo was updated */
	hrtime_t	now;
	static rwlock_t	localinfo_lock = DEFAULTRWLOCK;
	uint8_t		*sortbuf;
	size_t		sortbuf_size;
	struct in_addr	**inaddrlist = (struct in_addr **)haddrlist;
	struct in_addr	**sorted;
	struct in_addr	**classnext[ADDR_NUMCLASSES];
	uint_t		classcount[ADDR_NUMCLASSES];
	addr_class_t	*sortclass;
	int		i;
	int		rc;


	/*
	 * The classes in the sortclass array correspond to the class
	 * of the address in the haddrlist list of the same index.
	 * The classes are:
	 *
	 * ADDR_ONLINK	on-link address
	 * ADDR_OFFLINK	off-link address
	 */
	sortbuf_size = addrcount *
	    (sizeof (struct in_addr *) + sizeof (addr_class_t));
	if ((sortbuf = malloc(sortbuf_size)) == NULL)
		return;
	/* LINTED pointer cast */
	sorted = (struct in_addr **)sortbuf;
	/* LINTED pointer cast */
	sortclass = (addr_class_t *)(sortbuf +
	    (addrcount * sizeof (struct in_addr *)));

	/*
	 * Get a read lock, and check if the interface information
	 * is too old.
	 */
	(void) rw_rdlock(&localinfo_lock);
	now = gethrtime();
	if (localinfo == NULL || ((now - then) > IFINFOTIMEOUT)) {
		/* Need to update I/F info. Upgrade to write lock. */
		(void) rw_unlock(&localinfo_lock);
		(void) rw_wrlock(&localinfo_lock);
		/*
		 * Another thread might have updated "then" between
		 * the rw_unlock() and rw_wrlock() calls above, so
		 * re-check the timeout.
		 */
		if (localinfo == NULL || ((now - then) > IFINFOTIMEOUT)) {
			if (localinfo != NULL)
				free(localinfo);
			if ((localinfo = get_local_info()) == NULL) {
				(void) rw_unlock(&localinfo_lock);
				free(sortbuf);
				return;
			}
			then = now;
		}
		/* Downgrade to read lock */
		(void) rw_unlock(&localinfo_lock);
		(void) rw_rdlock(&localinfo_lock);
		/*
		 * Another thread may have updated the I/F info,
		 * so verify that the 'localinfo' pointer still
		 * is non-NULL.
		 */
		if (localinfo == NULL) {
			(void) rw_unlock(&localinfo_lock);
			free(sortbuf);
			return;
		}
	}

	/*
	 * Classify the addresses.  We also maintain the classcount
	 * array to keep track of the number of addresses in each
	 * class.
	 */
	(void) memset(classcount, 0, sizeof (classcount));
	for (i = 0; i < addrcount; i++) {
		if (__inet_address_is_local_af(localinfo, AF_INET,
		    inaddrlist[i]))
			sortclass[i] = ADDR_ONLINK;
		else
			sortclass[i] = ADDR_OFFLINK;
		classcount[sortclass[i]]++;
	}

	/* Don't need the interface list anymore in this call */
	(void) rw_unlock(&localinfo_lock);

	/*
	 * Each element in the classnext array points to the next
	 * element for that class in the sorted address list. 'rc' is
	 * the running count of elements as we sum the class
	 * sub-totals.
	 */
	for (rc = 0, i = 0; i < ADDR_NUMCLASSES; i++) {
		classnext[i] = &sorted[rc];
		rc += classcount[i];
	}

	/* Now for the actual rearrangement of the addresses */
	for (i = 0; i < addrcount; i++) {
		*(classnext[sortclass[i]]) = inaddrlist[i];
		classnext[sortclass[i]]++;
	}

	/* Copy the sorted list to inaddrlist */
	(void) memcpy(inaddrlist, sorted,
	    addrcount * sizeof (struct in_addr *));
	free(sortbuf);
}

/*
 * This function implements the IPv6 Default Address Selection's
 * destination address ordering mechanism.  The algorithm is described
 * in getaddrinfo(3SOCKET).
 */
static void
order_haddrlist_inet6(char **haddrlist, size_t addrcount)
{
	struct dstinforeq *dinfo, *dinfoptr;
	struct in6_addr **in6addrlist = (struct in6_addr **)haddrlist;
	struct in6_addr	**in6addr;

	if ((dinfo = calloc(addrcount, sizeof (struct dstinforeq))) == NULL)
		return;

	/* Initialize the dstinfo array we'll use for SIOCGDSTINFO */
	dinfoptr = dinfo;
	for (in6addr = in6addrlist; *in6addr != NULL; in6addr++) {
		dinfoptr->dir_daddr = **in6addr;
		dinfoptr++;
	}

	if (nss_strioctl(AF_INET6, SIOCGDSTINFO, dinfo,
	    addrcount * sizeof (struct dstinforeq)) < 0) {
		free(dinfo);
		return;
	}

	/* Sort the dinfo array */
	qsort(dinfo, addrcount, sizeof (struct dstinforeq), dstcmp);

	/* Copy the addresses back into in6addrlist */
	dinfoptr = dinfo;
	for (in6addr = in6addrlist; *in6addr != NULL; in6addr++) {
		**in6addr = dinfoptr->dir_daddr;
		dinfoptr++;
	}

	free(dinfo);
}

/*
 * Determine number of leading bits that are common between two addresses.
 * Only consider bits which fall within the prefix length plen.
 */
static uint_t
ip_addr_commonbits_v6(const in6_addr_t *a1, const in6_addr_t *a2)
{
	uint_t		bits;
	uint_t		i;
	uint32_t	diff;	/* Bits that differ */

	for (i = 0; i < 4; i++) {
		if (a1->_S6_un._S6_u32[i] != a2->_S6_un._S6_u32[i])
			break;
	}
	bits = i * 32;

	if (bits == IPV6_ABITS)
		return (IPV6_ABITS);

	/*
	 * Find number of leading common bits in the word which might
	 * have some common bits by searching for the first one from the left
	 * in the xor of the two addresses.
	 */
	diff = ntohl(a1->_S6_un._S6_u32[i] ^ a2->_S6_un._S6_u32[i]);
	if (diff & 0xffff0000ul)
		diff >>= 16;
	else
		bits += 16;
	if (diff & 0xff00)
		diff >>= 8;
	else
		bits += 8;
	if (diff & 0xf0)
		diff >>= 4;
	else
		bits += 4;
	if (diff & 0xc)
		diff >>= 2;
	else
		bits += 2;
	if (!(diff & 2))
		bits++;

	/*
	 * We don't need to shift and check for the last bit.  The
	 * check for IPV6_ABITS above would have caught that.
	 */

	return (bits);
}


/*
 * The following group of functions named rule_*() are individual
 * sorting rules for the AF_INET6 address sorting algorithm.  The
 * functions compare two addresses (described by two dstinforeq
 * structures), and determines if one is "greater" than the other, or
 * if the two are equal according to that rule.
 */
typedef	int (*rulef_t)(const struct dstinforeq *, const struct dstinforeq *);

/*
 * These values of these constants are no accident.  Since qsort()
 * implements the AF_INET6 address sorting, the comparison function
 * must return an integer less than, equal to, or greater than zero to
 * indicate if the first address is considered "less than", "equal
 * to", or "greater than" the second one.  Since we want the best
 * addresses first on the list, "less than" is considered preferrable.
 */
#define	RULE_PREFER_DA	-1
#define	RULE_PREFER_DB	1
#define	RULE_EQUAL	0

/* Prefer the addresses that is reachable. */
static int
rule_reachable(const struct dstinforeq *da, const struct dstinforeq *db)
{
	if (da->dir_dreachable == db->dir_dreachable)
		return (RULE_EQUAL);
	if (da->dir_dreachable)
		return (RULE_PREFER_DA);
	return (RULE_PREFER_DB);
}

/* Prefer the address whose scope matches that of its source address. */
static int
rule_matchscope(const struct dstinforeq *da, const struct dstinforeq *db)
{
	boolean_t da_scope_match, db_scope_match;

	da_scope_match = da->dir_dscope == da->dir_sscope;
	db_scope_match = db->dir_dscope == db->dir_sscope;

	if (da_scope_match == db_scope_match)
		return (RULE_EQUAL);
	if (da_scope_match)
		return (RULE_PREFER_DA);
	return (RULE_PREFER_DB);
}

/* Avoid the address with the link local source address. */
static int
rule_avoidlinklocal(const struct dstinforeq *da, const struct dstinforeq *db)
{
	if (da->dir_sscope == IP6_SCOPE_LINKLOCAL &&
	    da->dir_dscope != IP6_SCOPE_LINKLOCAL &&
	    db->dir_sscope != IP6_SCOPE_LINKLOCAL)
		return (RULE_PREFER_DB);
	if (db->dir_sscope == IP6_SCOPE_LINKLOCAL &&
	    db->dir_dscope != IP6_SCOPE_LINKLOCAL &&
	    da->dir_sscope != IP6_SCOPE_LINKLOCAL)
		return (RULE_PREFER_DA);
	return (RULE_EQUAL);
}

/* Prefer the address whose source address isn't deprecated. */
static int
rule_deprecated(const struct dstinforeq *da, const struct dstinforeq *db)
{
	if (da->dir_sdeprecated == db->dir_sdeprecated)
		return (RULE_EQUAL);
	if (db->dir_sdeprecated)
		return (RULE_PREFER_DA);
	return (RULE_PREFER_DB);
}

/* Prefer the address whose label matches that of its source address. */
static int
rule_label(const struct dstinforeq *da, const struct dstinforeq *db)
{
	if (da->dir_labelmatch == db->dir_labelmatch)
		return (RULE_EQUAL);
	if (da->dir_labelmatch)
		return (RULE_PREFER_DA);
	return (RULE_PREFER_DB);
}

/* Prefer the address with the higher precedence. */
static int
rule_precedence(const struct dstinforeq *da, const struct dstinforeq *db)
{
	if (da->dir_precedence == db->dir_precedence)
		return (RULE_EQUAL);
	if (da->dir_precedence > db->dir_precedence)
		return (RULE_PREFER_DA);
	return (RULE_PREFER_DB);
}

/* Prefer the address whose output interface isn't an IP tunnel */
static int
rule_native(const struct dstinforeq *da, const struct dstinforeq *db)
{
	boolean_t isatun, isbtun;

	/* Get the common case out of the way early */
	if (da->dir_dmactype == db->dir_dmactype)
		return (RULE_EQUAL);

	isatun = da->dir_dmactype == DL_IPV4 || da->dir_dmactype == DL_IPV6;
	isbtun = db->dir_dmactype == DL_IPV4 || db->dir_dmactype == DL_IPV6;

	if (isatun == isbtun)
		return (RULE_EQUAL);
	if (isbtun)
		return (RULE_PREFER_DA);
	return (RULE_PREFER_DB);
}

/* Prefer the address with the smaller scope. */
static int
rule_scope(const struct dstinforeq *da, const struct dstinforeq *db)
{
	if (da->dir_dscope == db->dir_dscope)
		return (RULE_EQUAL);
	if (da->dir_dscope < db->dir_dscope)
		return (RULE_PREFER_DA);
	return (RULE_PREFER_DB);
}

/*
 * Prefer the address that has the most leading bits in common with its
 * source address.
 */
static int
rule_prefix(const struct dstinforeq *da, const struct dstinforeq *db)
{
	uint_t da_commonbits, db_commonbits;
	boolean_t da_isipv4, db_isipv4;

	da_isipv4 = IN6_IS_ADDR_V4MAPPED(&da->dir_daddr);
	db_isipv4 = IN6_IS_ADDR_V4MAPPED(&db->dir_daddr);

	/*
	 * At this point, the order doesn't matter if the two addresses
	 * aren't of the same address family.
	 */
	if (da_isipv4 != db_isipv4)
		return (RULE_EQUAL);

	da_commonbits = ip_addr_commonbits_v6(&da->dir_daddr, &da->dir_saddr);
	db_commonbits = ip_addr_commonbits_v6(&db->dir_daddr, &db->dir_saddr);

	if (da_commonbits > db_commonbits)
		return (RULE_PREFER_DA);
	if (da_commonbits < db_commonbits)
		return (RULE_PREFER_DB);
	return (RULE_EQUAL);
}

/*
 * This is the function passed to qsort() that does the AF_INET6
 * address comparisons.  It compares two addresses using a list of
 * rules.  The rules are applied in order until one prefers one
 * address over the other.
 */
static int
dstcmp(const void *da, const void *db)
{
	int index, result;
	rulef_t rules[] = {
		rule_reachable,
		rule_matchscope,
		rule_avoidlinklocal,
		rule_deprecated,
		rule_label,
		rule_precedence,
		rule_native,
		rule_scope,
		rule_prefix,
		NULL
	};

	result = 0;
	for (index = 0; rules[index] != NULL; index++) {
		result = (rules[index])(da, db);
		if (result != RULE_EQUAL)
			break;
	}

	return (result);
}

/*
 * Given haddrlist and a port number, mallocs and populates a new
 * nd_addrlist.  The new nd_addrlist maintains the order of the addresses
 * in haddrlist, which have already been sorted by order_haddrlist_inet()
 * or order_haddrlist_inet6().  For IPv6 this function filters out
 * IPv4-mapped IPv6 addresses.
 */
int
hent2ndaddr(int af, char **haddrlist, int *servp, struct nd_addrlist **nd_alist)
{
	struct nd_addrlist	*result;
	int			num;
	struct netbuf		*na;
	struct sockaddr_in	*sinbuf, *sin;
	struct sockaddr_in6	*sin6buf, *sin6;
	struct in_addr		**inaddr, **inaddrlist;
	struct in6_addr		**in6addr, **in6addrlist;

	/* Address count */
	num = 0;
	if (af == AF_INET6) {
		in6addrlist = (struct in6_addr **)haddrlist;

		/*
		 * Exclude IPv4-mapped IPv6 addresses from the count, as
		 * these are not included in the nd_addrlist we return.
		 */
		for (in6addr = in6addrlist; *in6addr != NULL; in6addr++)
			if (!IN6_IS_ADDR_V4MAPPED(*in6addr))
				num++;
	} else {
		inaddrlist = (struct in_addr **)haddrlist;

		for (inaddr = inaddrlist; *inaddr != NULL; inaddr++)
			num++;
	}
	if (num == 0)
		return (ND_NOHOST);

	result = malloc(sizeof (struct nd_addrlist));
	if (result == 0)
		return (ND_NOMEM);

	result->n_cnt = num;
	result->n_addrs = calloc(num, sizeof (struct netbuf));
	if (result->n_addrs == 0) {
		free(result);
		return (ND_NOMEM);
	}

	na = result->n_addrs;
	if (af == AF_INET) {
		sinbuf = calloc(num, sizeof (struct sockaddr_in));
		if (sinbuf == NULL) {
			free(result->n_addrs);
			free(result);
			return (ND_NOMEM);
		}

		sin = sinbuf;
		for (inaddr = inaddrlist; *inaddr != NULL; inaddr++) {
			na->len = na->maxlen = sizeof (struct sockaddr_in);
			na->buf = (char *)sin;
			sin->sin_family = AF_INET;
			sin->sin_addr = **inaddr;
			sin->sin_port = *servp;
			na++;
			sin++;
		}
	} else if (af == AF_INET6) {
		sin6buf = calloc(num, sizeof (struct sockaddr_in6));
		if (sin6buf == NULL) {
			free(result->n_addrs);
			free(result);
			return (ND_NOMEM);
		}

		sin6 = sin6buf;
		for (in6addr = in6addrlist; *in6addr != NULL; in6addr++) {
			if (IN6_IS_ADDR_V4MAPPED(*in6addr))
				continue;

			na->len = na->maxlen = sizeof (struct sockaddr_in6);
			na->buf = (char *)sin6;
			sin6->sin6_family = AF_INET6;
			sin6->sin6_addr = **in6addr;
			sin6->sin6_port = *servp;
			na++;
			sin6++;
		}
	}
	*(nd_alist) = result;
	return (ND_OK);
}

/*
 * Given a hostent and a servent, mallocs and populates
 * a new nd_hostservlist with host and service names.
 *
 * We could be passed in a NULL servent, in which case stringify port.
 */
int
hsents2ndhostservs(struct hostent *he, struct servent *se,
    ushort_t port, struct nd_hostservlist **hslist)
{
	struct	nd_hostservlist *result;
	struct	nd_hostserv *hs;
	int	hosts, servs, i, j;
	char	**hn, **sn;

	if ((result = malloc(sizeof (struct nd_hostservlist))) == 0)
		return (ND_NOMEM);

	/*
	 * We initialize the counters to 1 rather than zero because
	 * we have to count the "official" name as well as the aliases.
	 */
	for (hn = he->h_aliases, hosts = 1; hn && *hn; hn++, hosts++);
	if (se)
		for (sn = se->s_aliases, servs = 1; sn && *sn; sn++, servs++);
	else
		servs = 1;

	if ((hs = calloc(hosts * servs, sizeof (struct nd_hostserv))) == 0) {
		free(result);
		return (ND_NOMEM);
	}

	result->h_cnt	= servs * hosts;
	result->h_hostservs = hs;

	for (i = 0, hn = he->h_aliases; i < hosts; i++) {
		sn = se ? se->s_aliases : NULL;

		for (j = 0; j < servs; j++) {
			if (i == 0)
				hs->h_host = strdup(he->h_name);
			else
				hs->h_host = strdup(*hn);
			if (j == 0) {
				if (se)
					hs->h_serv = strdup(se->s_name);
				else {
					/* Convert to a number string */
					char stmp[16];

					(void) sprintf(stmp, "%d", port);
					hs->h_serv = strdup(stmp);
				}
			} else
				hs->h_serv = strdup(*sn++);

			if ((hs->h_host == 0) || (hs->h_serv == 0)) {
				free(result->h_hostservs);
				free(result);
				return (ND_NOMEM);
			}
			hs++;
		}
		if (i)
			hn++;
	}
	*(hslist) = result;
	return (ND_OK);
}

/*
 * Process results from nd_addrlist ( returned by netdir_getbyname)
 * into a hostent using buf.
 * *** ASSUMES that nd_addrlist->n_addrs->buf contains IP addresses in
 * sockaddr_in's ***
 */
int
ndaddr2hent(int af, const char *nam, struct nd_addrlist *addrs,
    struct hostent *result, char *buffer, int buflen)
{
	int	i, count;
	struct	in_addr *addrp;
	struct	in6_addr *addr6p;
	char	**addrvec;
	struct	netbuf *na;
	size_t	len;

	result->h_name		= buffer;
	result->h_addrtype	= af;
	result->h_length	= (af == AF_INET) ? sizeof (*addrp):
						    sizeof (*addr6p);

	/*
	 * Build addrlist at start of buffer (after name);  store the
	 * addresses themselves at the end of the buffer.
	 */
	len = strlen(nam) + 1;
	addrvec = (char **)ROUND_UP(buffer + len, sizeof (*addrvec));
	result->h_addr_list 	= addrvec;

	if (af == AF_INET) {
		addrp = (struct in_addr *)ROUND_DOWN(buffer + buflen,
		    sizeof (*addrp));

		count = addrs->n_cnt;
		if ((char *)(&addrvec[count + 1]) > (char *)(&addrp[-count]))
			return (ND_NOMEM);

		(void) memcpy(buffer, nam, len);

		for (na = addrs->n_addrs, i = 0;  i < count;  na++, i++) {
			--addrp;
			(void) memcpy(addrp,
			    /* LINTED pointer cast */
			    &((struct sockaddr_in *)na->buf)->sin_addr,
			    sizeof (*addrp));
			*addrvec++ = (char *)addrp;
		}
	} else {
		addr6p = (struct in6_addr *)ROUND_DOWN(buffer + buflen,
			sizeof (*addr6p));

		count = addrs->n_cnt;
		if ((char *)(&addrvec[count + 1]) > (char *)(&addr6p[-count]))
			return (ND_NOMEM);

		(void) memcpy(buffer, nam, len);

		for (na = addrs->n_addrs, i = 0;  i < count;  na++, i++) {
			--addr6p;
			(void) memcpy(addr6p,
			    /* LINTED pointer cast */
			    &((struct sockaddr_in6 *)na->buf)->sin6_addr,
			    sizeof (*addr6p));
			*addrvec++ = (char *)addr6p;
		}
	}
	*addrvec = 0;
	result->h_aliases = addrvec;

	return (ND_OK);
}

/*
 * Process results from nd_addrlist ( returned by netdir_getbyname)
 * into a servent using buf.
 */
int
ndaddr2srent(const char *name, const char *proto, ushort_t port,
    struct servent *result, char *buffer, int buflen)
{
	size_t	i;
	char	*bufend = (buffer + buflen);

	result->s_port = (int)port;

	result->s_aliases =
	    (char **)ROUND_UP(buffer, sizeof (char *));
	result->s_aliases[0] = NULL;
	buffer = (char *)&result->s_aliases[1];
	result->s_name = buffer;
	i = strlen(name) + 1;
	if ((buffer + i) > bufend)
		return (ND_NOMEM);
	(void) memcpy(buffer, name, i);
	buffer += i;

	result->s_proto	= buffer;
	i = strlen(proto) + 1;
	if ((buffer + i) > bufend)
		return (ND_NOMEM);
	(void) memcpy(buffer, proto, i);
	buffer += i;

	return (ND_OK);
}

/*
 * Process results from nd_hostservlist ( returned by netdir_getbyaddr)
 * into a hostent using buf.
 * *** ASSUMES that nd_buf->buf is a sockaddr_in ***
 */
int
ndhostserv2hent(struct netbuf *nbuf, struct nd_hostservlist *addrs,
    struct hostent *result, char *buffer, int buflen)
{
	int	i, count;
	char	*aliasp;
	char	**aliasvec;
	struct	sockaddr_in *sa;
	struct	nd_hostserv *hs;
	const	char *la;
	size_t	length;

	/* First, give the lonely address a specious home in h_addr_list. */
	aliasp   = (char  *)ROUND_UP(buffer, sizeof (sa->sin_addr));
	/* LINTED pointer cast */
	sa = (struct sockaddr_in *)nbuf->buf;
	(void) memcpy(aliasp, &(sa->sin_addr), sizeof (sa->sin_addr));
	aliasvec = (char **)ROUND_UP(aliasp + sizeof (sa->sin_addr),
		sizeof (*aliasvec));
	result->h_addr_list = aliasvec;
	*aliasvec++ = aliasp;
	*aliasvec++ = 0;

	/*
	 * Build h_aliases at start of buffer (after addr and h_addr_list);
	 * store the alias strings at the end of the buffer (before h_name).
	 */

	aliasp = buffer + buflen;

	result->h_aliases	= aliasvec;

	hs = addrs->h_hostservs;
	if (!hs)
		return (ND_NOHOST);

	length = strlen(hs->h_host) + 1;
	aliasp -= length;
	if ((char *)(&aliasvec[1]) > aliasp)
		return (ND_NOMEM);
	(void) memcpy(aliasp, hs->h_host, length);

	result->h_name		= aliasp;
	result->h_addrtype	= AF_INET;
	result->h_length	= sizeof (sa->sin_addr);

	/*
	 * Assumption: the netdir nametoaddr_libs
	 * sort the vector of (host, serv) pairs in such a way that
	 * all pairs with the same host name are contiguous.
	 */
	la = hs->h_host;
	count = addrs->h_cnt;
	for (i = 0;  i < count;  i++, hs++)
		if (strcmp(la, hs->h_host) != 0) {
			size_t len = strlen(hs->h_host) + 1;

			aliasp -= len;
			if ((char *)(&aliasvec[2]) > aliasp)
				return (ND_NOMEM);
			(void) memcpy(aliasp, hs->h_host, len);
			*aliasvec++ = aliasp;
			la = hs->h_host;
		}
	*aliasvec = 0;

	return (ND_OK);
}

/*
 * Process results from nd_hostservlist ( returned by netdir_getbyaddr)
 * into a servent using buf.
 */
int
ndhostserv2srent(int port, const char *proto, struct nd_hostservlist *addrs,
    struct servent *result, char *buffer, int buflen)
{
	int	i, count;
	char	*aliasp;
	char	**aliasvec;
	struct	nd_hostserv *hs;
	const	char *host_cname;
	size_t	leni, lenj;

	result->s_port = port;
	/*
	 * Build s_aliases at start of buffer;
	 * store proto and aliases at the end of the buffer (before h_name).
	 */

	aliasp = buffer + buflen;
	aliasvec = (char **)ROUND_UP(buffer, sizeof (char *));

	result->s_aliases	= aliasvec;

	hs = addrs->h_hostservs;
	if (!hs)
		return (ND_NOHOST);
	host_cname = hs->h_host;

	leni = strlen(proto) + 1;
	lenj = strlen(hs->h_serv) + 1;
	if ((char *)(&aliasvec[2]) > (aliasp - leni - lenj))
		return (ND_NOMEM);

	aliasp -= leni;
	(void) memcpy(aliasp, proto, leni);
	result->s_proto = aliasp;

	aliasp -= lenj;
	(void) memcpy(aliasp, hs->h_serv, lenj);
	result->s_name = aliasp;

	/*
	 * Assumption: the netdir nametoaddr_libs
	 * do a host aliases first and serv aliases next
	 * enumeration for creating the list of hostserv
	 * structures.
	 */
	count = addrs->h_cnt;
	for (i = 0;
	    i < count && hs->h_serv && strcmp(hs->h_host, host_cname) == 0;
	    i++, hs++) {
		size_t len = strlen(hs->h_serv) + 1;

		aliasp -= len;
		if ((char *)(&aliasvec[2]) > aliasp)
			return (ND_NOMEM);
		(void) memcpy(aliasp, hs->h_serv, len);
		*aliasvec++ = aliasp;
	}
	*aliasvec = NULL;

	return (ND_OK);
}


static int
nd2herrno(int nerr)
{
	switch (nerr) {
	case ND_OK:
		return (0);
	case ND_TRY_AGAIN:
		return (TRY_AGAIN);
	case ND_NO_RECOVERY:
	case ND_BADARG:
	case ND_NOMEM:
		return (NO_RECOVERY);
	case ND_NO_DATA:
		return (NO_DATA);
	case ND_NOHOST:
	case ND_NOSERV:
		return (HOST_NOT_FOUND);
	default:
		return (NO_RECOVERY);
	}
}

/*
 * This is a utility function so that various parts of libnsl can
 * easily send ioctls down to ip.
 *
 */
int
nss_ioctl(int af, int cmd, void *arg)
{
	int	fd;
	char	*devpath;
	int	retv;

	switch (af) {
	case AF_INET6:
		devpath = UDP6DEV;
		break;
	case AF_INET:
	case AF_UNSPEC:
	default:
		devpath = UDPDEV;
	}
	if ((fd = open(devpath, O_RDONLY)) < 0) {
		return (-1);
	}
	while ((retv = ioctl(fd, cmd, arg)) == -1) {
		if (errno != EINTR)
	break;
	}
	(void) close(fd);
	return (retv);
}

static int
nss_strioctl(int af, int cmd, void *ptr, int ilen)
{
	struct strioctl str;

	str.ic_cmd = cmd;
	str.ic_timout = 0;
	str.ic_len = ilen;
	str.ic_dp = ptr;

	return (nss_ioctl(af, I_STR, &str));
}

static struct ifinfo *
get_local_info(void)
{
	int	numifs;
	int	n;
	char	*buf = NULL;
	size_t	needed;
	struct lifconf	lifc;
	struct lifreq	lifreq, *lifr;
	struct lifnum	lifn;
	struct ifinfo	*localinfo;

	lifn.lifn_family = AF_UNSPEC;
	lifn.lifn_flags = 0;

getifnum:
	if (nss_ioctl(AF_UNSPEC, SIOCGLIFNUM, &lifn) == -1) {
		numifs = MAXIFS;
	} else {
		numifs = lifn.lifn_count;
	}

	/*
	 * Add a small fudge factor in case interfaces get plumbed between
	 * the call to SIOCGLIFNUM and SIOCGLIFCONF.
	 */
	needed = (numifs + 4) * sizeof (lifreq);
	if (buf == NULL)
		buf = malloc(needed);
	else
		buf = realloc(buf, needed);
	if (buf == NULL) {
		(void) syslog(LOG_ERR, "n2a get_local_info: malloc failed: %m");
		_nderror = ND_NOMEM;
		return (NULL);
	}
	lifc.lifc_family = AF_UNSPEC;
	lifc.lifc_flags = 0;
	lifc.lifc_len = needed;
	lifc.lifc_buf = buf;
	if (nss_ioctl(AF_UNSPEC, SIOCGLIFCONF, &lifc) == -1) {
		/*
		 * IP returns EINVAL if the buffer was too small to fit
		 * all of the entries.  If that's the case, go back and
		 * try again.
		 */
		if (errno == EINVAL)
			goto getifnum;

		(void) syslog(LOG_ERR, "n2a get_local_info: "
		    "ioctl (get interface configuration): %m");
		free(buf);
		_nderror = ND_SYSTEM;
		return (NULL);
	}
	/* LINTED pointer cast */
	lifr = (struct lifreq *)buf;
	numifs = lifc.lifc_len/sizeof (lifreq);
	localinfo = malloc(ifinfosize(numifs));
	if (localinfo == NULL) {
		(void) syslog(LOG_ERR, "n2a get_local_info: malloc failed: %m");
		free(buf);
		_nderror = ND_SYSTEM;
		return (NULL);
	}

	/* LINTED pointer cast */
	localinfo->addresses = (struct __ifaddr *)
	    ((char *)localinfo + sizeof (struct ifinfo));

	for (localinfo->count = 0, n = numifs; n > 0; n--, lifr++) {
		int af;

		lifreq = *lifr;
		af = lifreq.lifr_addr.ss_family;

		/* Squirrel away the address */
		if (ifassign(lifreq, localinfo->count, IF_ADDR) == 0)
			continue;

		if (nss_ioctl(af, SIOCGLIFFLAGS, &lifreq) < 0) {
			(void) syslog(LOG_ERR,
			    "n2a get_local_info: "
			    "ioctl (get interface flags): %m");
			continue;
		}
		if (!(lifreq.lifr_flags & IFF_UP))
			continue;

		if (nss_ioctl(af, SIOCGLIFNETMASK, &lifreq) < 0) {
			(void) syslog(LOG_ERR,
			    "n2a get_local_info: "
			    "ioctl (get interface netmask): %m");
			continue;
		}

		if (ifassign(lifreq, localinfo->count, IF_MASK) == 0)
			continue;

		localinfo->count++;
	}

	free(buf);
	return (localinfo);
}

static int
__inet_ifassign(sa_family_t af, struct __ifaddr *ifa, __ifaddr_type type,
    void *addr) {
	switch (type) {
	case IF_ADDR:
		ifa->af = af;
		if (af == AF_INET6) {
			ifa->addr.in6 = *(struct in6_addr *)addr;
		} else {
			ifa->addr.in4 = *(struct in_addr *)addr;
		}
		break;
	case IF_MASK:
		if (ifa->af == af) {
			if (af == AF_INET6) {
				ifa->mask.in6 = *(struct in6_addr *)addr;
			} else {
				ifa->mask.in4 = *(struct in_addr *)addr;
			}
		} else {
			return (0);
		}
		break;
	default:
		return (0);
	}

	return (1);
}

/*
 *  Some higher-level routines for determining if an address is
 *  on a local network.
 *
 *      __inet_get_local_interfaces() - get an opaque handle with
 *          with a list of local interfaces
 *      __inet_address_is_local() - return 1 if an address is
 *          on a local network; 0 otherwise
 *      __inet_free_local_interfaces() - free handle that was
 *          returned by __inet_get_local_interfaces()
 *
 *  A typical calling sequence is:
 *
 *      p = __inet_get_local_interfaces();
 *      if (__inet_address_is_local(p, inaddr)) {
 *          ...
 *      }
 *      __inet_free_local_interfaces(p);
 */

/*
 *  Return an opaque pointer to a list of configured interfaces.
 */
void *
__inet_get_local_interfaces(void)
{
	return (get_local_info());
}

/*
 *  Free memory allocated by inet_local_interfaces().
 */
void
__inet_free_local_interfaces(void *p)
{
	free(p);
}

/*
 *  Determine if an address is on a local network.
 *
 *  Might have made sense to use SIOCTONLINK, except that it doesn't
 *  handle matching on IPv4 network addresses.
 */
int
__inet_address_is_local_af(void *p, sa_family_t af, void *addr) {

	struct ifinfo	*localinfo = (struct ifinfo *)p;
	int		i, a;
	struct in_addr	v4addr;

	if (localinfo == 0)
		return (0);

	if (af == AF_INET6 && IN6_IS_ADDR_V4MAPPED((struct in6_addr *)addr)) {
		IN6_V4MAPPED_TO_INADDR((struct in6_addr *)addr, &v4addr);
		af = AF_INET;
		addr = (void *)&v4addr;
	}

	for (i = 0; i < localinfo->count; i++) {
		if (ifaf(i) == af) {
			if (af == AF_INET6) {
				struct in6_addr *a6 = (struct in6_addr *)addr;
				for (a = 0; a < sizeof (a6->s6_addr); a++) {
					if ((a6->s6_addr[a] &
						ifmask6(i).s6_addr[a]) !=
						(ifaddr6(i).s6_addr[a] &
						ifmask6(i).s6_addr[a]))
						break;
				}
				if (a >= sizeof (a6->s6_addr))
					return (1);
			} else {
				if ((((struct in_addr *)addr)->s_addr &
						ifmask4(i).s_addr) ==
					(ifaddr4(i).s_addr &
						ifmask4(i).s_addr))
					return (1);
			}
		}
	}

	return (0);
}

int
__inet_address_is_local(void *p, struct in_addr addr)
{
	return (__inet_address_is_local_af(p, AF_INET, &addr));
}

int
__inet_uaddr_is_local(void *p, struct netconfig *nc, char *uaddr)
{
	struct netbuf		*taddr;
	sa_family_t		af;
	int			ret;

	taddr = uaddr2taddr(nc, uaddr);
	if (taddr == 0)
		return (0);

	/* LINTED pointer cast */
	af = ((struct sockaddr *)taddr->buf)->sa_family;

	ret = __inet_address_is_local_af(p, af,
		(af == AF_INET6) ?
		/* LINTED pointer cast */
		(void *)&((struct sockaddr_in6 *)taddr->buf)->sin6_addr :
		/* LINTED pointer cast */
		(void *)&((struct sockaddr_in *)taddr->buf)->sin_addr);

	netdir_free(taddr, ND_ADDR);
	return (ret);
}


int
__inet_address_count(void *p)
{
	struct ifinfo *lp = (struct ifinfo *)p;

	if (lp != 0) {
		return (lp->count);
	} else {
		return (0);
	}
}

uint32_t
__inet_get_addr(void *p, int n)
{
	struct ifinfo *localinfo = (struct ifinfo *)p;

	if (localinfo == 0 || n >= localinfo->count || ifaf(n) != AF_INET)
		return (0);

	return (ifaddr4(n).s_addr);
}

uint32_t
__inet_get_network(void *p, int n)
{
	struct ifinfo *localinfo = (struct ifinfo *)p;

	if (localinfo == 0 || n >= localinfo->count || ifaf(n) != AF_INET)
		return (0);

	return (ifaddr4(n).s_addr & ifmask4(n).s_addr);
}

char *
__inet_get_uaddr(void *p, struct netconfig *nc, int n)
{
	struct ifinfo *localinfo = (struct ifinfo *)p;
	char *uaddr;
	struct sockaddr_in sin4;
	struct sockaddr_in6 sin6;
	struct netbuf nb;

	if (localinfo == 0 || nc == 0 || n >= localinfo->count)
		return (0);

	if (ifaf(n) == AF_INET6) {
		if (strcmp(NC_INET6, nc->nc_protofmly) != 0)
			return (0);
		(void) memset(&sin6, 0, sizeof (sin6));
		sin6.sin6_family = AF_INET6;
		sin6.sin6_addr = ifaddr6(n);
		nb.buf = (char *)&sin6;
		nb.len = sizeof (sin6);
	} else {
		if (strcmp(NC_INET, nc->nc_protofmly) != 0)
			return (0);
		(void) memset(&sin4, 0, sizeof (sin4));
		sin4.sin_family = AF_INET;
		sin4.sin_addr = ifaddr4(n);
		nb.buf = (char *)&sin4;
		nb.len = sizeof (sin4);
	}

	nb.maxlen = nb.len;

	uaddr = taddr2uaddr(nc, &nb);
	return (uaddr);
}

char *
__inet_get_networka(void *p, int n)
{
	struct ifinfo	*localinfo = (struct ifinfo *)p;

	if (localinfo == 0 || n >= localinfo->count)
		return (0);

	if (ifaf(n) == AF_INET6) {
		char		buf[INET6_ADDRSTRLEN];
		struct in6_addr	in6;
		int		i;

		for (i = 0; i < sizeof (in6.s6_addr); i++) {
			in6.s6_addr[i] = ifaddr6(n).s6_addr[i] &
					ifmask6(n).s6_addr[i];
		}
		return (strdup(inet_ntop(AF_INET6, &in6, buf, sizeof (buf))));
	} else {
		struct in_addr	in4;

		in4.s_addr = ifaddr4(n).s_addr & ifmask4(n).s_addr;
		return (strdup(inet_ntoa(in4)));
	}
}

static int
in_list(struct in_addr *addrs, int n, struct in_addr a)
{
	int i;

	for (i = 0; i < n; i++) {
		if (addrs[i].s_addr == a.s_addr)
			return (1);
	}
	return (0);
}

static int
getbroadcastnets(struct netconfig *tp, struct in_addr **addrs)
{
	struct ifconf ifc;
	struct ifreq ifreq, *ifr;
	struct sockaddr_in *sin;
	struct in_addr a;
	int fd;
	int n, i, numifs;
	char *buf;
	int	use_loopback = 0;

	_nderror = ND_SYSTEM;
	fd = open(tp->nc_device, O_RDONLY);
	if (fd < 0) {
		(void) syslog(LOG_ERR,
	    "broadcast: open to get interface configuration: %m");
		return (0);
	}
	if (ioctl(fd, SIOCGIFNUM, (char *)&numifs) < 0)
		numifs = MAXIFS;
	buf = malloc(numifs * sizeof (struct ifreq));
	if (buf == NULL) {
		(void) syslog(LOG_ERR, "broadcast: malloc failed: %m");
		(void) close(fd);
		return (0);
	}
	*addrs = malloc(numifs * sizeof (struct in_addr));
	if (*addrs == NULL) {
		(void) syslog(LOG_ERR, "broadcast: malloc failed: %m");
		free(buf);
		(void) close(fd);
		return (0);
	}
	ifc.ifc_len = numifs * (int)sizeof (struct ifreq);
	ifc.ifc_buf = buf;
	/*
	 * Ideally, this ioctl should also tell me, how many bytes were
	 * finally allocated, but it doesnt.
	 */
	if (ioctl(fd, SIOCGIFCONF, (char *)&ifc) < 0) {
		(void) syslog(LOG_ERR,
	    "broadcast: ioctl (get interface configuration): %m");
		free(buf);
		free(*addrs);
		(void) close(fd);
		return (0);
	}

retry:
	/* LINTED pointer cast */
	ifr = (struct ifreq *)buf;
	for (i = 0, n = ifc.ifc_len / (int)sizeof (struct ifreq);
		n > 0; n--, ifr++) {
		ifreq = *ifr;
		if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifreq) < 0) {
			(void) syslog(LOG_ERR,
		    "broadcast: ioctl (get interface flags): %m");
			continue;
		}
		if (!(ifreq.ifr_flags & IFF_UP) ||
		    (ifr->ifr_addr.sa_family != AF_INET))
			continue;
		if (ifreq.ifr_flags & IFF_BROADCAST) {
			/* LINTED pointer cast */
			sin = (struct sockaddr_in *)&ifr->ifr_addr;
			if (ioctl(fd, SIOCGIFBRDADDR, (char *)&ifreq) < 0) {
				/* May not work with other implementation */
				a = _inet_makeaddr(
				    inet_netof(sin->sin_addr),
				    INADDR_ANY);
				if (!in_list(*addrs, i, a))
					(*addrs)[i++] = a;
			} else {
				/* LINTED pointer cast */
				a = ((struct sockaddr_in *)
				    &ifreq.ifr_addr)->sin_addr;
				if (!in_list(*addrs, i, a))
					(*addrs)[i++] = a;
			}
			continue;
		}
		if (use_loopback && (ifreq.ifr_flags & IFF_LOOPBACK)) {
			/* LINTED pointer cast */
			sin = (struct sockaddr_in *)&ifr->ifr_addr;
			a = sin->sin_addr;
			if (!in_list(*addrs, i, a))
				(*addrs)[i++] = a;
			continue;
		}
		if (ifreq.ifr_flags & IFF_POINTOPOINT) {
			if (ioctl(fd, SIOCGIFDSTADDR, (char *)&ifreq) < 0)
				continue;
			/* LINTED pointer cast */
			a = ((struct sockaddr_in *)
			    &ifreq.ifr_addr)->sin_addr;
			if (!in_list(*addrs, i, a))
				(*addrs)[i++] = a;
			continue;
		}
	}
	if (i == 0 && !use_loopback) {
		use_loopback = 1;
		goto retry;
	}
	free(buf);
	(void) close(fd);
	if (i)
		_nderror = ND_OK;
	else
		free(*addrs);
	return (i);
}

/*
 * This is lifted straight from libsocket/inet/inet_mkaddr.c.
 * Copied here to avoid our dependency on libsocket. More importantly,
 * to make sure partially static apps that use libnsl, but not
 * libsocket, don't get screwed up.
 * If you understand the above paragraph, try to get rid of
 * this copy of inet_makeaddr; if you don;t, leave it alone.
 *
 * Formulate an Internet address from network + host.  Used in
 * building addresses stored in the ifnet structure.
 */
static struct in_addr
_inet_makeaddr(in_addr_t net, in_addr_t host)
{
	in_addr_t addr;
	struct in_addr inaddr;

	if (net < 128)
		addr = (net << IN_CLASSA_NSHIFT) | (host & IN_CLASSA_HOST);
	else if (net < 65536)
		addr = (net << IN_CLASSB_NSHIFT) | (host & IN_CLASSB_HOST);
	else if (net < 16777216L)
		addr = (net << IN_CLASSC_NSHIFT) | (host & IN_CLASSC_HOST);
	else
		addr = net | host;
	inaddr.s_addr = htonl(addr);
	return (inaddr);
}

/*
 * Routine to read the default configuration file and check if SORT_ADDRS
 * is set to NO or FALSE. This routine is called by order_haddrlist_af()
 * to determine if the addresses need to be sorted.
 */
static boolean_t
_read_nsw_file(void)
{
	char	defval[LINESIZE];
	FILE	*defl;
	boolean_t	nosort = B_FALSE;


	do {
		defl = fopen(__NSW_DEFAULT_FILE, "rF");
	} while ((defl == NULL) && (errno == EINTR));

	if (defl == NULL)
		return (B_FALSE);

	while (fgets(defval, sizeof (defval), defl) != NULL) {
		if ((strncmp(DONT_SORT, defval, sizeof (DONT_SORT) - 1) == 0) ||
		    (strncmp(DONT_SORT2, defval,
			sizeof (DONT_SORT2) - 1) == 0)) {
			nosort = B_TRUE;
			break;
		}
	}
	(void) fclose(defl);
	return (nosort);
}