6 files changed, 74 insertions, 42 deletions
diff --git a/sbin/ifconfig/af_inet6.c b/sbin/ifconfig/af_inet6.c
index 7986edf490b4..9386f5eaf513 100644
--- a/sbin/ifconfig/af_inet6.c
+++ b/sbin/ifconfig/af_inet6.c
@@ -726,6 +726,8 @@ static struct cmd inet6_cmds[] = {
 	DEF_CMD_ARG("pltime",        			setip6pltime),
 	DEF_CMD_ARG("vltime",        			setip6vltime),
 	DEF_CMD("eui64",	0,			setip6eui64),
+	DEF_CMD("stableaddr",	ND6_IFF_STABLEADDR,	setnd6flags),
+	DEF_CMD("-stableaddr",	-ND6_IFF_STABLEADDR,	setnd6flags),
 #ifdef EXPERIMENTAL
 	DEF_CMD("ipv6_only",	ND6_IFF_IPV6_ONLY_MANUAL,setnd6flags),
 	DEF_CMD("-ipv6_only",	-ND6_IFF_IPV6_ONLY_MANUAL,setnd6flags),
@@ -753,7 +755,7 @@ static struct afswtch af_inet6 = {
 #ifdef WITHOUT_NETLINK
 	.af_difaddr	= SIOCDIFADDR_IN6,
 	.af_aifaddr	= SIOCAIFADDR_IN6,
-	.af_ridreq	= &in6_addreq,
+	.af_ridreq	= &in6_ridreq,
 	.af_addreq	= &in6_addreq,
 	.af_exec	= af_exec_ioctl,
 #else
diff --git a/sbin/ifconfig/af_nd6.c b/sbin/ifconfig/af_nd6.c
index 2899ad6a0778..fb7e72028e2e 100644
--- a/sbin/ifconfig/af_nd6.c
+++ b/sbin/ifconfig/af_nd6.c
@@ -66,6 +66,7 @@ static const char *ND6BITS[] = {
 	[9]  = "IPV6_ONLY",
 	[10] = "IPV6_ONLY_MANUAL",
 #endif
+	[11]  = "STABLEADDR",
 	[15] = "DEFAULTIF",
 };
 
diff --git a/sbin/ifconfig/ifbridge.c b/sbin/ifconfig/ifbridge.c
index eff443447c13..8bcf4a638adf 100644
--- a/sbin/ifconfig/ifbridge.c
+++ b/sbin/ifconfig/ifbridge.c
@@ -811,7 +811,7 @@ unsetbridge_private(if_ctx *ctx, const char *val, int dummy __unused)
 static int
 parse_vlans(ifbvlan_set_t *set, const char *str)
 {
-	char *s, *token;
+	char *s, *free_s, *token;
 
 	/* "none" means the empty vlan set */
 	if (strcmp(str, "none") == 0) {
@@ -829,6 +829,8 @@ parse_vlans(ifbvlan_set_t *set, const char *str)
 
 	if ((s = strdup(str)) == NULL)
 		return (-1);
+	/* Keep the original value of s, since strsep() will modify it */
+	free_s = s;
 
 	while ((token = strsep(&s, ",")) != NULL) {
 		unsigned long first, last;
@@ -856,11 +858,11 @@ parse_vlans(ifbvlan_set_t *set, const char *str)
 			BRVLAN_SET(set, vlan);
 	}
 
-	free(s);
+	free(free_s);
 	return (0);
 
 err:
-	free(s);
+	free(free_s);
 	return (-1);
 }
 
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index b580191383b3..627b7cd3f9e3 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 10, 2025
+.Dd October 12, 2025
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -36,7 +36,7 @@
 .Nd configure network interface parameters
 .Sh SYNOPSIS
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Op Fl DkLmn
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
 .Ar interface
@@ -50,11 +50,11 @@
 .Oc
 .Op Ar parameters
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Ar interface
 .Cm destroy
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Fl a
 .Op Fl dDkLmuv
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
@@ -64,16 +64,16 @@
 .Nm
 .Fl C
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Fl g Ar groupname
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Fl l
 .Op Fl du
 .Op Fl g Ar groupname
 .Op Ar address_family
 .Nm
-.Op Fl j Ar jail
+.Op Fl j Ar jid
 .Op Fl dkLmuv
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
 .Sh DESCRIPTION
@@ -257,22 +257,22 @@ Setting
 to
 .Cm all
 selects all interfaces.
-.It Fl j Ar jail
-Perform the actions inside the
-.Ar jail .
+.It Fl j Ar jid
+Perform the actions inside the jail specified by
+.Ar jid ,
+which may be either a jail name or a numeric jail ID.
 .Pp
 The
-.Cm ifconfig
-will first attach to the
-.Ar jail
-(by jail id or jail name) before performing the effects.
-.Pp
-This allow network interfaces of
-.Ar jail
-to be configured even if the
-.Cm ifconfig
-binary is not available in
-.Ar jail .
+.Nm
+utility will attach to the specified jail immediately upon
+encountering the option on the command line.
+The option may be specified multiple times to attach to a nested jail
+(jail within a jail).
+.Pp
+This makes it possible to configure network interfaces within a vnet
+jail even if the
+.Nm
+binary is not available inside the jail.
 .It Fl k
 Print keying information for the
 .Ar interface ,
@@ -630,6 +630,9 @@ This is useful for devices which have multiple physical layer interfaces
 .It Cm name Ar name
 Set the interface name to
 .Ar name .
+The
+.Ar name
+may not be longer than 15 characters.
 .It Cm rxcsum , txcsum , rxcsum6 , txcsum6
 If the driver supports user-configurable checksum offloading,
 enable receive (or transmit) checksum offloading on the interface.
@@ -1004,6 +1007,36 @@ Set a flag to disable Duplicate Address Detection.
 .It Cm -no_dad
 Clear a flag
 .Cm no_dad .
+.It Cm stableaddr
+Set a flag to create SLAAC addresses using a stable algorithm according to RFC 7217
+The
+.Xr sysctl 8
+variable
+.Va net.inet6.ip6.use_stableaddr
+controls whether this flag is set by default or not for newly created interfaces.
+To get consistent defaults for interfaces created at boot it should be set as a tunable via loader.conf(8).
+The
+.Xr sysctl 8
+variable
+.Va net.inet6.ip6.stableaddr_maxretries
+sets the maximum number of retries to generate a unique IPv6 address to be performed in case of DAD failures.
+This defaults to 3 which is also the reccommended minimum value.
+The interface ID source can be configured using the
+.Xr sysctl 8
+variable
+.Va net.inet6.ip6.stableaddr_netifsource:
+.Bl -tag -compact
+.It Cm 0
+uses the interface name string (the default)
+.It Cm 1
+uses the interface ID
+.It Cm 2
+uses the MAC address of the interface (if one can be obtained for it)
+.El
+.Pp
+.It Cm -stableaddr
+Clear the flag
+.Cm stableaddr .
 .El
 .Ss IPv6 Parameters
 The following parameters are specific for IPv6 addresses.
@@ -2769,7 +2802,7 @@ Set the untagged VLAN identifier for an interface.
 Frames received on this interface without an 802.1Q tag will be assigned
 to this VLAN instead of the default VLAN 0,
 and outgoing frames on this VLAN will have their 802.1Q tag removed.
-.It Cm -ifuntagged Ar interface Ar vlan-id
+.It Cm -ifuntagged Ar interface
 Clear the untagged VLAN identifier for an interface.
 .It Cm defuntagged Ar vlan-id
 Enable the
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index 3f998b7f2b52..9aeb4a09ef49 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -463,6 +463,9 @@ args_parse(struct ifconfig_args *args, int argc, char *argv[])
 {
 	char options[1024];
 	struct option *p;
+#ifdef JAIL
+	int jid;
+#endif
 	int c;
 
 	/* Parse leading line options */
@@ -494,7 +497,11 @@ args_parse(struct ifconfig_args *args, int argc, char *argv[])
 #ifdef JAIL
 			if (optarg == NULL)
 				usage();
-			args->jail_name = optarg;
+			jid = jail_getid(optarg);
+			if (jid == -1)
+				Perror("jail not found");
+			if (jail_attach(jid) != 0)
+				Perror("cannot attach to jail");
 #else
 			Perror("not built with jail support");
 #endif
@@ -611,9 +618,6 @@ main(int ac, char *av[])
 {
 	char *envformat;
 	int flags;
-#ifdef JAIL
-	int jid;
-#endif
 	struct ifconfig_args _args = {};
 	struct ifconfig_args *args = &_args;
 
@@ -638,16 +642,6 @@ main(int ac, char *av[])
 
 	args_parse(args, ac, av);
 
-#ifdef JAIL
-	if (args->jail_name) {
-		jid = jail_getid(args->jail_name);
-		if (jid == -1)
-			Perror("jail not found");
-		if (jail_attach(jid) != 0)
-			Perror("cannot attach to jail");
-	}
-#endif
-
 	if (!args->all && !args->namesonly) {
 		/* not listing, need an argument */
 		args->ifname = args_pop(args);
@@ -1669,9 +1663,10 @@ static const char *IFCAPBITS[] = {
 	[20] = "NETMAP",
 	[21] = "RXCSUM_IPV6",
 	[22] = "TXCSUM_IPV6",
+	[23] = "HWSTATS",
 	[24] = "TXRTLMT",
 	[25] = "HWRXTSTMP",
-	[26] = "NOMAP",
+	[26] = "MEXTPG",
 	[27] = "TXTLS4",
 	[28] = "TXTLS6",
 	[29] = "VXLAN_HWCSUM",
diff --git a/sbin/ifconfig/ifconfig.h b/sbin/ifconfig/ifconfig.h
index 468c9b4e80da..672020443b8c 100644
--- a/sbin/ifconfig/ifconfig.h
+++ b/sbin/ifconfig/ifconfig.h
@@ -249,7 +249,6 @@ struct ifconfig_args {
 	const char *matchgroup;		/* Group name to match */
 	const char *nogroup;		/* Group name to exclude */
 	const struct afswtch *afp;	/* AF we're operating on */
-	const char *jail_name;	/* Jail name or jail id specified */
 };
 
 struct option {