Merge branch 'master' of http://github.com/illumos/illumos-gate into gcc/upgrade

Conflicts:
	usr/src/cmd/lp/cmd/lpadmin/options.c
	usr/src/cmd/man/src/man.c

222 files changed, 3941 insertions, 12745 deletions

diff --git a/usr/src/Targetdirs b/usr/src/Targetdirs
index ac56c2bcb4..aacb5d905d 100644
--- a/usr/src/Targetdirs
+++ b/usr/src/Targetdirs
@@ -21,7 +21,7 @@
 #
 # Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
 # Copyright 2011, Richard Lowe
-# Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
 #
@@ -401,7 +401,6 @@ DIRS= \
 	/usr/share/man/man3xcurses \
 	/usr/share/man/man3xnet \
 	/usr/share/man/man4 \
-	/usr/share/man/man4b \
 	/usr/share/man/man5 \
 	/usr/share/man/man7 \
 	/usr/share/man/man7d \
diff --git a/usr/src/cmd/Makefile b/usr/src/cmd/Makefile
index 839fe278c0..062a022322 100644
--- a/usr/src/cmd/Makefile
+++ b/usr/src/cmd/Makefile
@@ -21,6 +21,7 @@
 
 # Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
 # Copyright 2010 Nexenta Systems, Inc.  All rights reserved.
+# Copyright 2011 Joyent, Inc.  All rights reserved.
 
 include ../Makefile.master
 
@@ -220,6 +221,7 @@ COMMON_SUBDIRS=		\
 	krb5		\
 	ksh		\
 	kstat		\
+	kvmstat		\
 	last		\
 	lastcomm	\
 	latencytop	\
diff --git a/usr/src/cmd/beadm/beadm.c b/usr/src/cmd/beadm/beadm.c
index b1183565cf..7918e00b55 100644
--- a/usr/src/cmd/beadm/beadm.c
+++ b/usr/src/cmd/beadm/beadm.c
@@ -58,9 +58,7 @@
 
 static int be_do_activate(int argc, char **argv);
 static int be_do_create(int argc, char **argv);
-static int be_do_create_snapshot(int argc, char **argv);
 static int be_do_destroy(int argc, char **argv);
-static int be_do_destroy_snapshot(int argc, char **argv);
 static int be_do_list(int argc, char **argv);
 static int be_do_mount(int argc, char **argv);
 static int be_do_unmount(int argc, char **argv);
@@ -108,9 +106,7 @@ typedef struct be_command {
 static const be_command_t be_command_tbl[] = {
 	{ "activate",		be_do_activate },
 	{ "create",		be_do_create },
-	{ "create_snap",	be_do_create_snapshot },
 	{ "destroy",		be_do_destroy },
-	{ "destroy_snap",	be_do_destroy_snapshot },
 	{ "list",		be_do_list },
 	{ "mount",		be_do_mount },
 	{ "unmount",		be_do_unmount },
@@ -136,10 +132,8 @@ usage(void)
 	    "\t\t[-e nonActiveBe | beName@snapshot] beName\n"
 	    "\tbeadm create [-d BE_desc]\n"
 	    "\t\t[-o property=value] ... [-p zpool] beName@snapshot\n"
-	    "\tbeadm create_snap [-p policy] beName [snapshot]\n"
 	    "\tbeadm destroy [-Ffs] beName \n"
 	    "\tbeadm destroy [-F] beName@snapshot \n"
-	    "\tbeadm destroy_snap beName snapshot\n"
 	    "\tbeadm list [[-a] | [-d] [-s]] [-H] [beName]\n"
 	    "\tbeadm mount [-s ro|rw] beName [mountpoint]\n"
 	    "\tbeadm unmount [-f] beName\n"
@@ -501,12 +495,12 @@ print_fmt_nodes(const char *be_name, enum be_fmt be_fmt, boolean_t parsable,
 	struct hdr_info *hdr = NULL;
 	be_node_list_t	*cur_be;
 
-	if (!parsable) {
-		hdr = hdrs + be_fmt;
-		init_hdr_cols(be_fmt, hdr);
-		count_widths(be_fmt, hdr, nodes);
+	hdr = hdrs + be_fmt;
+	init_hdr_cols(be_fmt, hdr);
+	count_widths(be_fmt, hdr, nodes);
+
+	if (!parsable)
 		print_hdr(hdr);
-	}
 
 	for (cur_be = nodes; cur_be != NULL; cur_be = cur_be->be_next_node) {
 		char active[3] = "-\0";
@@ -946,107 +940,6 @@ out2:
 }
 
 static int
-be_do_create_snapshot(int argc, char **argv)
-{
-	nvlist_t	*be_attrs;
-	int		err = 1;
-	int		c;
-	char		*obe_name = NULL;
-	char		*snap_name = NULL;
-	char		*policy = NULL;
-
-	while ((c = getopt(argc, argv, "p:")) != -1) {
-		switch (c) {
-		case 'p':
-			policy = optarg;
-			break;
-		default:
-			usage();
-			return (1);
-		}
-	}
-
-	argc -= optind;
-	argv += optind;
-
-	if (argc < 1 || argc > 2) {
-		usage();
-		return (1);
-	}
-
-	obe_name = argv[0];
-
-	if (argc > 1) {
-		/* Snapshot name provided */
-		snap_name = argv[1];
-	}
-
-	if (be_nvl_alloc(&be_attrs) != 0)
-		return (1);
-
-
-	if (be_nvl_add_string(be_attrs, BE_ATTR_ORIG_BE_NAME, obe_name) != 0)
-		goto out;
-
-	if (policy != NULL && be_nvl_add_string(be_attrs,
-	    BE_ATTR_POLICY, policy) != 0)
-		goto out;
-
-	if (snap_name != NULL && be_nvl_add_string(be_attrs,
-	    BE_ATTR_SNAP_NAME, snap_name) != 0)
-		goto out;
-
-	err = be_create_snapshot(be_attrs);
-
-	switch (err) {
-	case BE_SUCCESS:
-		if (!snap_name) {
-			/*
-			 * We requested an auto named snapshot; find out
-			 * the snapshot name that was created for us.
-			 */
-			if (nvlist_lookup_string(be_attrs, BE_ATTR_SNAP_NAME,
-			    &snap_name) != 0) {
-				(void) fprintf(stderr, _("failed to get %s "
-				    "attribute\n"), BE_ATTR_SNAP_NAME);
-				err = 1;
-				break;
-			}
-
-			(void) printf(_("Auto named snapshot: %s\n"),
-			    snap_name);
-		}
-		(void) printf(_("Created successfully\n"));
-		break;
-	case BE_ERR_BE_NOENT:
-		(void) fprintf(stderr, _("%s does not exist or appear "
-		    "to be a valid BE.\nPlease check that the name of "
-		    "the BE provided is correct.\n"), obe_name);
-		break;
-	case BE_ERR_SS_EXISTS:
-		(void) fprintf(stderr, _("BE %s snapshot %s already exists.\n"
-		    "Please choose a different snapshot name.\n"), obe_name,
-		    snap_name);
-		break;
-	case BE_ERR_PERM:
-	case BE_ERR_ACCESS:
-		(void) fprintf(stderr, _("Unable to create snapshot %s.\n"),
-		    snap_name);
-		(void) fprintf(stderr, _("You have insufficient privileges to "
-		    "execute this command.\n"));
-		break;
-	default:
-		(void) fprintf(stderr, _("Unable to create snapshot %s.\n"),
-		    snap_name);
-		(void) fprintf(stderr, "%s\n", be_err_to_str(err));
-	}
-
-out:
-	nvlist_free(be_attrs);
-	return (err);
-}
-
-static int
 be_do_destroy(int argc, char **argv)
 {
 	nvlist_t	*be_attrs;
@@ -1164,100 +1057,6 @@ out:
 }
 
 static int
-be_do_destroy_snapshot(int argc, char **argv)
-{
-	nvlist_t	*be_attrs;
-	boolean_t	suppress_prompt = B_FALSE;
-	int		err = 1;
-	char		c;
-	char		*obe_name;
-	char		*snap_name;
-	char		*sn;
-	int		sz;
-
-	while ((c = getopt(argc, argv, "F")) != -1) {
-		switch (c) {
-		case 'F':
-			suppress_prompt = B_TRUE;
-			break;
-		default:
-			usage();
-			return (1);
-		}
-	}
-
-	argc -= optind;
-	argv += optind;
-
-	if (argc != 2) {
-		usage();
-		return (1);
-	}
-
-	obe_name = argv[0];
-	snap_name = argv[1];
-
-	sz = asprintf(&sn, "%s@%s", obe_name, snap_name);
-	if (sz < 0) {
-		(void) fprintf(stderr, _("internal error: "
-		    "out of memory\n"));
-		return (1);
-	}
-
-	if (!suppress_prompt && !confirm_destroy(sn)) {
-		(void) printf(_("%s has not been destroyed.\n"), sn);
-		free(sn);
-		return (0);
-	}
-
-	free(sn);
-
-
-	if (be_nvl_alloc(&be_attrs) != 0)
-		return (1);
-
-
-	if (be_nvl_add_string(be_attrs, BE_ATTR_ORIG_BE_NAME, obe_name) != 0)
-		goto out;
-
-	if (be_nvl_add_string(be_attrs, BE_ATTR_SNAP_NAME, snap_name) != 0)
-		goto out;
-
-	err = be_destroy_snapshot(be_attrs);
-
-	switch (err) {
-	case BE_SUCCESS:
-		(void) printf(_("Destroyed successfully\n"));
-		break;
-	case BE_ERR_BE_NOENT:
-		(void) fprintf(stderr, _("%s does not exist or appear "
-		    "to be a valid BE.\nPlease check that the name of "
-		    "the BE provided is correct.\n"), obe_name);
-		break;
-	case BE_ERR_SS_NOENT:
-		(void) fprintf(stderr, _("%s does not exist or appear "
-		    "to be a valid snapshot.\nPlease check that the name of "
-		    "the snapshot provided is correct.\n"), snap_name);
-		break;
-	case BE_ERR_PERM:
-	case BE_ERR_ACCESS:
-		(void) fprintf(stderr, _("Unable to destroy snapshot %s.\n"),
-		    snap_name);
-		(void) fprintf(stderr, _("You have insufficient privileges to "
-		    "execute this command.\n"));
-		break;
-	default:
-		(void) fprintf(stderr, _("Unable to destroy snapshot %s.\n"),
-		    snap_name);
-		(void) fprintf(stderr, "%s\n", be_err_to_str(err));
-	}
-
-out:
-	nvlist_free(be_attrs);
-	return (err);
-}
-
-static int
 be_do_list(int argc, char **argv)
 {
 	be_node_list_t	*be_nodes = NULL;
diff --git a/usr/src/cmd/cmd-inet/usr.bin/Makefile b/usr/src/cmd/cmd-inet/usr.bin/Makefile
index c56b56e724..9f44242ae9 100644
--- a/usr/src/cmd/cmd-inet/usr.bin/Makefile
+++ b/usr/src/cmd/cmd-inet/usr.bin/Makefile
@@ -22,6 +22,8 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 PROG=		dns-sd finger rdate ruptime rwho whois
 SUIDPROG=	rcp rlogin rsh
@@ -36,7 +38,7 @@ MSGSUBDIRS=	nca talk
 
 # As programs get lint-clean, add them here.  Eventually.
 # This hack should go away, and all in PROG should be lint-clean.
-LINTCLEAN=	rlogin.c rsh.c rcp.c rdate.c rwho.c
+LINTCLEAN=	rlogin.c rsh.c rcp.c rdate.c rwho.c whois.c
 
 # Likewise, as subdirs get lint-clean, add them here.  Once
 # they're all clean, replace the dependency of the lint target
@@ -81,7 +83,7 @@ rcp lint-rcp :=		LDLIBS += -lsocket -lsec -lsendfile
 rdate lint-rdate:=	LDLIBS += -lsocket
 rlogin lint-rlogin :=	LDLIBS += -lnsl -lsocket
 rsh lint-rsh :=		LDLIBS += -lsocket
-whois :=		LDLIBS += -lsocket
+whois lint-whois :=	LDLIBS += -lsocket
 
 include  $(SRC)/lib/gss_mechs/mech_krb5/Makefile.mech_krb5
 $(KCMDPROGS)	:=	LDLIBS += -lnsl -lmech_krb5
diff --git a/usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.whois b/usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.whois
new file mode 100644
index 0000000000..c4364b383c
--- /dev/null
+++ b/usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.whois
@@ -0,0 +1,28 @@
+Copyright (c) 1980, 1993
+     The Regents of the University of California.  All rights reserved.
+
+Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+4. Neither the name of the University nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
diff --git a/usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.whois.descrip b/usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.whois.descrip
new file mode 100644
index 0000000000..c29c56f5a3
--- /dev/null
+++ b/usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.whois.descrip
@@ -0,0 +1 @@
+WHOIS - INTERNET DOMAIN NAME AND NETWORK NUMBER DIRECTORY SERVICE
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile b/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile
index 7be17b13aa..d577640c90 100644
--- a/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile
+++ b/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile
@@ -22,6 +22,8 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 MINCONN =	minconn.so
 PASSPROMPT = 	passprompt.so
@@ -68,13 +70,6 @@ $(LIBPPPPLUGIN):=	FILEMODE = 0544
 
 $(LIBPPPPLUGINDIR):=	FILEMODE = 0755
 
-# This is needed because install doesn't handle -g well.
-UTILDIR=	$(ROOT)/usr/share/src/ppputil
-ROOTSRC=	$(UTILDIR)/plugins
-SRCFILES=	Makefile minconn.c passprompt.c pppd.h
-ROOTSRCFILES=	$(SRCFILES:%=$(ROOTSRC)/%)
-$(ROOTSRCFILES):=	FILEMODE= 0444
-
 .KEEP_STATE:
 
 all:	$(LIBRARIES)
@@ -91,7 +86,7 @@ $(PPPOE): pics .WAIT $$(PICS)
 	$(BUILD.SO)
 	$(POST_PROCESS_SO)
 
-install: all $(LIBPPPPLUGINDIR) $(LIBPPPPLUGIN) install_src
+install: all $(LIBPPPPLUGINDIR) $(LIBPPPPLUGIN)
 
 $(LIBPPPPLUGINDIR):
 	$(INS.dir)
@@ -99,20 +94,6 @@ $(LIBPPPPLUGINDIR):
 $(LIBPPPPLUGINDIR)/%:	%
 	$(INS.file)
 
-$(UTILDIR) $(ROOTSRC):
-	$(INS.dir)
-
-$(ROOTSRC)/Makefile%: Makefile%.dist
-	$(INS.rename)
-
-$(ROOTSRC)/%.h: ../%.h
-	$(INS.file)
-
-$(ROOTSRC)/%: %
-	$(INS.file)
-
-install_src:	$(UTILDIR) .WAIT $(ROOTSRC) .WAIT $(ROOTSRCFILES)
-
 lint:
 	$(LINT.c) $(LINTSRCS) $(LDLIBS)
 
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile.dist b/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile.dist
deleted file mode 100644
index 972e8036fd..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/Makefile.dist
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-#ident	"%Z%%M%	%I%	%E% SMI"
-#
-# Copyright (c) 2000 by Sun Microsystems, Inc.
-# All rights reserved.
-
-PLUGINS=	minconn passprompt
-TARGETS=	$(PLUGINS:%=%.so)
-OBJS=		$(PLUGINS:%=%.o)
-PLUGINDIR=	/usr/lib/inet/ppp/
-INSTALLED=	$(TARGETS:%=$(PLUGINDIR)/%)
-CFLAGS=		-DPPP_DEFS_IN_NET
-
-all:	$(TARGETS)
-
-clean:
-	$(RM) -f $(TARGETS) $(OBJS)
-
-%.so:	%.o
-	$(LD) -s -G -h $@ -o $@ $^
-
-install:	$(TARGETS)
-	@test -d $(PLUGINDIR) || mkdir -m 755 -p $(PLUGINDIR)
-	@cp $(TARGETS) $(PLUGINDIR) && strip $(INSTALLED)
-
-clobber:	clean
-	$(RM) -f $(INSTALLED)
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/CHANGES.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/CHANGES.top
deleted file mode 100644
index c27c069b17..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/CHANGES.top
+++ /dev/null
@@ -1,9 +0,0 @@
-ident	"%Z%%M%	%I%	%E% SMI"
-
-Copyright (c) 2000 by Sun Microsystems, Inc.
-All rights reserved.
-
-This code is extracted from the ANU ppp-2.4.0 package and modified to
-build in a Solaris environment.  You can get the original source here:
-
-	ftp://linuxcare.com.au/pub/ppp
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/INSTALL.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/INSTALL.top
deleted file mode 100644
index a532db765e..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/INSTALL.top
+++ /dev/null
@@ -1,14 +0,0 @@
-ident	"%Z%%M%	%I%	%E% SMI"
-
-Copyright (c) 2000 by Sun Microsystems, Inc.
-All rights reserved.
-
-To install, run make:
-
-	% make
-
-Then, as root, run "make install":
-
-	# make install
-
-See README for more details.
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/LICENSE.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/LICENSE.top
deleted file mode 100644
index bc90bcf2f3..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/LICENSE.top
+++ /dev/null
@@ -1,94 +0,0 @@
-This file contains a summary of the licenses on the software in this
-package.  Some of these source files are under GNU Public License.
-Those files may be redistributed under the terms of the GNU General
-Public License version 2 or (at your option) any later version.  See
-the COPYING file for details or the GNU web site at
-http://www.gnu.org/.
-
-Copyright (C) 1999  Paul Mackerras.  All rights reserved.
-
-  This program is free software; you can redistribute it and/or modify
-  it under the terms of the GNU General Public License as published by
-  the Free Software Foundation; either version 2 of the License, or (at
-  your option) any later version.
-
-Copyright (c) 1985, 1986 The Regents of the University of California.
-All rights reserved.
-
-  This code is derived from software contributed to Berkeley by
-  James A. Woods, derived from original work by Spencer Thomas
-  and Joseph Orost.
-
-  Redistribution and use in source and binary forms, with or without
-  modification, are permitted provided that the following conditions
-  are met:
-  1. Redistributions of source code must retain the above copyright
-     notice, this list of conditions and the following disclaimer.
-  2. Redistributions in binary form must reproduce the above copyright
-     notice, this list of conditions and the following disclaimer in the
-     documentation and/or other materials provided with the distribution.
-  3. All advertising materials mentioning features or use of this software
-     must display the following acknowledgement:
- 	This product includes software developed by the University of
- 	California, Berkeley and its contributors.
-  4. Neither the name of the University nor the names of its contributors
-     may be used to endorse or promote products derived from this software
-     without specific prior written permission.
- 
-  THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-  ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-  OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-  SUCH DAMAGE.
-
-  This file is derived from zlib.h and zconf.h from the zlib-0.95
-  distribution by Jean-loup Gailly and Mark Adler, with some additions
-  by Paul Mackerras to aid in implementing Deflate compression and
-  decompression for PPP packets.
-
-  zlib.h -- interface of the 'zlib' general purpose compression library
-  version 0.95, Aug 16th, 1995.
-
-  Copyright (C) 1995 Jean-loup Gailly and Mark Adler
-
-  This software is provided 'as-is', without any express or implied
-  warranty.  In no event will the authors be held liable for any damages
-  arising from the use of this software.
-
-  Permission is granted to anyone to use this software for any purpose,
-  including commercial applications, and to alter it and redistribute it
-  freely, subject to the following restrictions:
-
-  1. The origin of this software must not be misrepresented; you must not
-     claim that you wrote the original software. If you use this software
-     in a product, an acknowledgment in the product documentation would be
-     appreciated but is not required.
-  2. Altered source versions must be plainly marked as such, and must not be
-     misrepresented as being the original software.
-  3. This notice may not be removed or altered from any source distribution.
-
-  Jean-loup Gailly        Mark Adler
-  gzip@prep.ai.mit.edu    madler@alumni.caltech.edu
-
-  Copyright (c) 1994 The Australian National University.
-  All rights reserved.
-
-  Permission to use, copy, modify, and distribute this software and its
-  documentation is hereby granted, provided that the above copyright
-  notice appears in all copies.  This software is provided without any
-  warranty, express or implied. The Australian National University
-  makes no representations about the suitability of this software for
-  any purpose.
-
-  Copyright 1999 Paul Mackerras, Alan Curry.
- 
-   This program is free software; you can redistribute it and/or
-   modify it under the terms of the GNU General Public License
-   as published by the Free Software Foundation; either version
-   2 of the License, or (at your option) any later version.
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile b/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile
index cfb5f36b65..2e7b195b37 100644
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile
+++ b/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile
@@ -1,7 +1,6 @@
 #
 # Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
-#
-# cmd/cmd-inet/usr.bin/pppdump/Makefile
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
 PROG=		pppdump
@@ -14,59 +13,16 @@ CPPFLAGS +=	-DPPP_DEFS_IN_NET
 
 .KEEP_STATE:
 
-.PARALLEL:	$(OBJS)
-
-all: $(PROG)
-
-CLOBBERFILES += THIRDPARTYLICENSE
-
-all install: THIRDPARTYLICENSE
-
-THIRDPARTYLICENSE: LICENSE.top COPYING.top
-	$(RM) $@
-	$(CAT) LICENSE.top COPYING.top > $@
-
-$(PROG): $(OBJS)
-	$(LINK.c) $(OBJS) -o $@ $(LDLIBS)
-	$(POST_PROCESS)
-
-$(ROOTMAN1M)/pppdump.1m:=	FILEMODE=0444
-$(ROOTMAN1M)/%:	%
-	$(INS.file)
-$(ROOTMAN1M):
-	$(INS.dir)
-
-ROOTSRC= $(ROOT)/usr/share/src/ppputil
-TOPFILES=	Makefile CHANGES COPYING INSTALL LICENSE README
-ROOTTOPFILES=	$(TOPFILES:%=$(ROOTSRC)/%)
-$(ROOTTOPFILES) := FILEMODE= 0444
-ROOTDIST= $(ROOTSRC)/pppdump
-DISTFILES=	Makefile bsd-comp.c deflate.c ppp-comp.h pppdump.1m pppdump.c \
-		zlib.c zlib.h
-ROOTDISTFILES=	$(DISTFILES:%=$(ROOTDIST)/%)
-$(ROOTDISTFILES) := FILEMODE= 0444
-
-install: all $(ROOTPROG) install_src install_man
-
-install_man:	$(ROOTMAN1M) $(ROOTMAN1M)/pppdump.1m
-
-install_src:	$(ROOTSRC) .WAIT $(ROOTTOPFILES) $(ROOTDIST) .WAIT \
-		$(ROOTDISTFILES)
-
-$(ROOTSRC) $(ROOTDIST):
-	$(INS.dir)
-
-$(ROOTSRC)/%: %.top
-	$(INS.rename)
+all:		$(PROG)
 
-$(ROOTDIST)/Makefile%:	Makefile%.dist
-	$(INS.rename)
+$(PROG):	$(OBJS)
+		$(LINK.c) $(OBJS) -o $@ $(LDLIBS)
+		$(POST_PROCESS)
 
-$(ROOTDIST)/%: %
-	$(INS.file)
+install:	 all $(ROOTPROG)
 
 clean:
-	$(RM) $(OBJS)
+		$(RM) $(OBJS)
 
 lint:
 
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.dist b/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.dist
deleted file mode 100644
index 2876a13462..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.dist
+++ /dev/null
@@ -1,28 +0,0 @@
-#
-#ident	"%Z%%M%	%I%	%E% SMI"
-#
-# Copyright (c) 2000 by Sun Microsystems, Inc.
-# All rights reserved.
-
-TARGET=	pppdump
-OBJS=	bsd-comp.o deflate.o pppdump.o zlib.o
-BINDIR=	/usr/bin
-MANDIR=	/usr/share/man/man1m
-MANFILES=	pppdump.1m
-CFLAGS=	-DPPP_DEFS_IN_NET
-
-all:	$(TARGET)
-
-clean:
-	$(RM) -f $(TARGET) $(OBJS)
-
-$(TARGET):	$(OBJS)
-	$(CC) -o $@ $(OBJS)
-
-install:	$(TARGET)
-	@cp $(TARGET) $(BINDIR) && strip $(BINDIR)/$(TARGET)
-	@test -d $(MANDIR) || mkdir -m 755 -p $(MANDIR)
-	@cp $(MANFILES) $(MANDIR)
-
-clobber:	clean
-	$(RM) -f $(BINDIR)/$(TARGET) $(MANDIR)/$(MANFILES)
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.top
deleted file mode 100644
index 4f6c491757..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/Makefile.top
+++ /dev/null
@@ -1,22 +0,0 @@
-#
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-#
-# Copyright (c) 2000 by Sun Microsystems, Inc.
-# All rights reserved.
-
-DIRS=	pppdump plugins
-
-all:		$(DIRS)
-install:	$(DIRS)
-clean:		$(DIRS)
-clobber:	$(DIRS)
-
-all:=		TARGET=all
-install:=	TARGET=install
-clean:=		TARGET=clean
-clobber:=	TARGET=clobber
-
-$(DIRS):	FORCE
-	@cd $@ && make $(TARGET)
-
-FORCE:
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/README.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/README.top
deleted file mode 100644
index 53291d6390..0000000000
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/README.top
+++ /dev/null
@@ -1,32 +0,0 @@
-ident	"%Z%%M%	%I%	%E% SMI"
-
-Copyright (c) 2000 by Sun Microsystems, Inc.
-All rights reserved.
-
-These are GNU utilities that can be used with the Solaris version of
-PPP.  They provide optional features and are not needed for normal
-operation.
-
-The pppdump utility reads files produced by the pppd "record" option
-and produces human-readable output.  This can be useful when debugging
-problems with the kernel data compression modules, but is otherwise
-generally not as useful as the debugging features already built into
-pppd.
-
-The minconn.so plugin sets a minimum initial connect time when the
-"idle" option is used.
-
-The passprompt.so plugin allows PAP to be used with external prompting
-programs, such as xprompt.  This allows the password to be supplied
-interactively, in much the same manner as on PCs.
-
-To build, simply type "make".  Depending on how your system is
-configured, you may need to specify the compiler to use, like this:
-
-	% make CC=/usr/local/bin/gcc
-
-To install, you will need to be root (or at least have write
-permission to the /etc/ppp/plugins, /usr/bin, and /usr/share/man/man1m
-directories).
-
-	# make install
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/COPYING.top b/usr/src/cmd/cmd-inet/usr.bin/pppdump/THIRDPARTYLICENSE
index d60c31a97a..35a01be714 100644
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/COPYING.top
+++ b/usr/src/cmd/cmd-inet/usr.bin/pppdump/THIRDPARTYLICENSE
@@ -1,3 +1,97 @@
+This file contains a summary of the licenses on the software in this
+package.  Some of these source files are under GNU Public License.
+Those files may be redistributed under the terms of the GNU General
+Public License version 2 or (at your option) any later version.  See
+the COPYING file for details or the GNU web site at
+http://www.gnu.org/.
+
+Copyright (C) 1999  Paul Mackerras.  All rights reserved.
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or (at
+  your option) any later version.
+
+Copyright (c) 1985, 1986 The Regents of the University of California.
+All rights reserved.
+
+  This code is derived from software contributed to Berkeley by
+  James A. Woods, derived from original work by Spencer Thomas
+  and Joseph Orost.
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions
+  are met:
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
+  2. Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution.
+  3. All advertising materials mentioning features or use of this software
+     must display the following acknowledgement:
+ 	This product includes software developed by the University of
+ 	California, Berkeley and its contributors.
+  4. Neither the name of the University nor the names of its contributors
+     may be used to endorse or promote products derived from this software
+     without specific prior written permission.
+ 
+  THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+  ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+  OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  SUCH DAMAGE.
+
+  This file is derived from zlib.h and zconf.h from the zlib-0.95
+  distribution by Jean-loup Gailly and Mark Adler, with some additions
+  by Paul Mackerras to aid in implementing Deflate compression and
+  decompression for PPP packets.
+
+  zlib.h -- interface of the 'zlib' general purpose compression library
+  version 0.95, Aug 16th, 1995.
+
+  Copyright (C) 1995 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  gzip@prep.ai.mit.edu    madler@alumni.caltech.edu
+
+  Copyright (c) 1994 The Australian National University.
+  All rights reserved.
+
+  Permission to use, copy, modify, and distribute this software and its
+  documentation is hereby granted, provided that the above copyright
+  notice appears in all copies.  This software is provided without any
+  warranty, express or implied. The Australian National University
+  makes no representations about the suitability of this software for
+  any purpose.
+
+  Copyright 1999 Paul Mackerras, Alan Curry.
+ 
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public License
+   as published by the Free Software Foundation; either version
+   2 of the License, or (at your option) any later version.
 		    GNU GENERAL PUBLIC LICENSE
 		       Version 2, June 1991
 
diff --git a/usr/src/cmd/cmd-inet/usr.bin/whois.c b/usr/src/cmd/cmd-inet/usr.bin/whois.c
index 982d7001e1..e96721d89f 100644
--- a/usr/src/cmd/cmd-inet/usr.bin/whois.c
+++ b/usr/src/cmd/cmd-inet/usr.bin/whois.c
@@ -1,117 +1,385 @@
 /*
- * CDDL HEADER START
+ * Copyright (c) 1980, 1993
+ *	The Regents of the University of California.  All rights reserved.
  *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
+ * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
  *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
  *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-/*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-
-/*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
-/*	  All Rights Reserved  	*/
-
-/*
- * University Copyright- Copyright (c) 1982, 1986, 1988
- * The Regents of the University of California
- * All Rights Reserved
- *
- * University Acknowledgment- Portions of this document are derived from
- * software developed by the University of California, Berkeley, and its
- * contributors.
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
  */
 
 #include <sys/types.h>
 #include <sys/socket.h>
 
 #include <netinet/in.h>
-
-#include <stdio.h>
+#include <arpa/inet.h>
+#include <ctype.h>
+#include <err.h>
+#include <limits.h>
 #include <netdb.h>
-#include <string.h>
+#include <stdarg.h>
+#include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
+#include <sysexits.h>
 #include <unistd.h>
 
-#define	NICHOST	"whois.internic.net"
+#define	ABUSEHOST	"whois.abuse.net"
+#define	NICHOST		"whois.crsnic.net"
+#define	INICHOST	"whois.networksolutions.com"
+#define	GNICHOST	"whois.nic.gov"
+#define	ANICHOST	"whois.arin.net"
+#define	LNICHOST	"whois.lacnic.net"
+#define	KNICHOST	"whois.krnic.net"
+#define	RNICHOST	"whois.ripe.net"
+#define	PNICHOST	"whois.apnic.net"
+#define	MNICHOST	"whois.ra.net"
+#define	QNICHOST_TAIL	".whois-servers.net"
+#define	BNICHOST	"whois.registro.br"
+#define	NORIDHOST	"whois.norid.no"
+#define	IANAHOST	"whois.iana.org"
+#define	GERMNICHOST	"de.whois-servers.net"
+#define	FNICHOST	"whois.afrinic.net"
+#define	DEFAULT_PORT	"whois"
+#define	WHOIS_SERVER_ID	"Whois Server: "
+#define	WHOIS_ORG_SERVER_ID	"Registrant Street1:Whois Server:"
+
+#define	WHOIS_RECURSE		0x01
+#define	WHOIS_QUICK		0x02
+
+#define	ishost(h) (isalnum((unsigned char)h) || h == '.' || h == '-')
+
+const char *ip_whois[] = { LNICHOST, RNICHOST, PNICHOST, BNICHOST,
+    FNICHOST, NULL };
+const char *port = DEFAULT_PORT;
+
+static char *choose_server(char *);
+static struct addrinfo *gethostinfo(char const *host, int exit_on_error);
+static void s_asprintf(char **ret, const char *format, ...);
+static void usage(void);
+static void whois(const char *, const char *, int);
+static char *getln(FILE *in, size_t *lenp);
 
 int
 main(int argc, char *argv[])
 {
-	int s, rv;
-	register FILE *sfi, *sfo;
-	register int c;
-	char *host = NICHOST;
-	struct addrinfo *ai_head, *ai;
-	struct addrinfo hints;
-
-	argc--, argv++;
-	if (argc > 2 && strcmp(*argv, "-h") == 0) {
-		argv++, argc--;
-		host = *argv++;
-		argc--;
+	const char *country, *host;
+	char *qnichost;
+	int ch, flags, use_qnichost;
+
+	country = host = qnichost = NULL;
+	flags = use_qnichost = 0;
+	while ((ch = getopt(argc, argv, "aAbc:fgh:iIklmp:Qr")) != -1) {
+		switch (ch) {
+		case 'a':
+			host = ANICHOST;
+			break;
+		case 'A':
+			host = PNICHOST;
+			break;
+		case 'b':
+			host = ABUSEHOST;
+			break;
+		case 'c':
+			country = optarg;
+			break;
+		case 'f':
+			host = FNICHOST;
+			break;
+		case 'g':
+			host = GNICHOST;
+			break;
+		case 'h':
+			host = optarg;
+			break;
+		case 'i':
+			host = INICHOST;
+			break;
+		case 'I':
+			host = IANAHOST;
+			break;
+		case 'k':
+			host = KNICHOST;
+			break;
+		case 'l':
+			host = LNICHOST;
+			break;
+		case 'm':
+			host = MNICHOST;
+			break;
+		case 'p':
+			port = optarg;
+			break;
+		case 'Q':
+			flags |= WHOIS_QUICK;
+			break;
+		case 'r':
+			host = RNICHOST;
+			break;
+		case '?':
+		default:
+			usage();
+			/* NOTREACHED */
+		}
 	}
-	if (argc != 1) {
-		(void) fprintf(stderr, "usage: whois [ -h host ] name\n");
-		exit(1);
+	argc -= optind;
+	argv += optind;
+
+	if (!argc || (country != NULL && host != NULL))
+		usage();
+
+	/*
+	 * If no host or country is specified determine the top level domain
+	 * from the query.  If the TLD is a number, query ARIN.  Otherwise, use
+	 * TLD.whois-server.net.  If the domain does not contain '.', fall
+	 * back to NICHOST.
+	 */
+	if (host == NULL && country == NULL) {
+		use_qnichost = 1;
+		host = NICHOST;
+		if (!(flags & WHOIS_QUICK))
+			flags |= WHOIS_RECURSE;
 	}
+	while (argc-- > 0) {
+		if (country != NULL) {
+			s_asprintf(&qnichost, "%s%s", country, QNICHOST_TAIL);
+			whois(*argv, qnichost, flags);
+		} else if (use_qnichost)
+			if ((qnichost = choose_server(*argv)) != NULL)
+				whois(*argv, qnichost, flags);
+		if (qnichost == NULL)
+			whois(*argv, host, flags);
+		free(qnichost);
+		qnichost = NULL;
+		argv++;
+	}
+
+	return (0);
+}
+
+/*
+ * This function will remove any trailing periods from domain, after which it
+ * returns a pointer to newly allocated memory containing the whois server to
+ * be queried, or a NULL if the correct server couldn't be determined.  The
+ * caller must remember to free(3) the allocated memory.
+ */
+static char *
+choose_server(char *domain)
+{
+	char *pos, *retval;
+
+	if (strchr(domain, ':')) {
+		s_asprintf(&retval, "%s", ANICHOST);
+		return (retval);
+	}
+	for (pos = strchr(domain, '\0'); pos > domain && *--pos == '.'; )
+		*pos = '\0';
+	if (*domain == '\0')
+		errx(EX_USAGE, "can't search for a null string");
+	if (strlen(domain) > sizeof ("-NORID")-1 &&
+	    strcasecmp(domain + strlen(domain) - sizeof ("-NORID") + 1,
+	    "-NORID") == 0) {
+		s_asprintf(&retval, "%s", NORIDHOST);
+		return (retval);
+	}
+	while (pos > domain && *pos != '.')
+		--pos;
+	if (pos <= domain)
+		return (NULL);
+	if (isdigit((unsigned char)*++pos))
+		s_asprintf(&retval, "%s", ANICHOST);
+	else
+		s_asprintf(&retval, "%s%s", pos, QNICHOST_TAIL);
+	return (retval);
+}
+
+static struct addrinfo *
+gethostinfo(char const *host, int exit_on_error)
+{
+	struct addrinfo hints, *res;
+	int error;
 
-	memset(&hints, 0, sizeof (hints));
+	(void) memset(&hints, 0, sizeof (hints));
+	hints.ai_flags = 0;
+	hints.ai_family = AF_UNSPEC;
 	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-	hints.ai_flags = AI_ADDRCONFIG;
-	rv = getaddrinfo(host, "whois", &hints, &ai_head);
-	if (rv != 0) {
-		(void) fprintf(stderr, "whois: %s: %s\n", host,
-		    gai_strerror(rv));
-		exit(1);
+	error = getaddrinfo(host, port, &hints, &res);
+	if (error) {
+		warnx("%s: %s", host, gai_strerror(error));
+		if (exit_on_error)
+			exit(EX_NOHOST);
+		return (NULL);
 	}
+	return (res);
+}
 
-	for (ai = ai_head; ai != NULL; ai = ai->ai_next) {
-		s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-		if (s >= 0) {
-			rv = connect(s, ai->ai_addr, ai->ai_addrlen);
-			if (rv < 0)
-				(void) close(s);
-			else
-				break;
-		}
+/*
+ * Wrapper for asprintf(3) that exits on error.
+ */
+/* PRINTFLIKE2 */
+static void
+s_asprintf(char **ret, const char *format, ...)
+{
+	va_list ap;
+
+	va_start(ap, format);
+	if (vasprintf(ret, format, ap) == -1) {
+		va_end(ap);
+		err(EX_OSERR, "vasprintf()");
 	}
-	if (ai_head != NULL)
-		freeaddrinfo(ai_head);
-
-	if (s < 0) {
-		perror("whois: socket");
-		exit(2);
-	} else if (rv < 0) {
-		perror("whois: connect");
-		exit(5);
+	va_end(ap);
+}
+
+static void
+whois(const char *query, const char *hostname, int flags)
+{
+	FILE *sfi, *sfo;
+	struct addrinfo *hostres, *res;
+	char *buf, *host, *nhost, *p;
+	int i, s;
+	size_t c, len;
+
+	s = -1;
+	hostres = gethostinfo(hostname, 1);
+	for (res = hostres; res; res = res->ai_next) {
+		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+		if (s < 0)
+			continue;
+		if (connect(s, res->ai_addr, res->ai_addrlen) == 0)
+			break;
+		(void) close(s);
 	}
+	freeaddrinfo(hostres);
+	if (res == NULL)
+		err(EX_OSERR, "connect()");
 
 	sfi = fdopen(s, "r");
 	sfo = fdopen(s, "w");
-	if (sfi == NULL || sfo == NULL) {
-		perror("fdopen");
-		(void) close(s);
-		exit(1);
+	if (sfi == NULL || sfo == NULL)
+		err(EX_OSERR, "fdopen()");
+	if (strcmp(hostname, GERMNICHOST) == 0) {
+		(void) fprintf(sfo, "-T dn,ace -C US-ASCII %s\r\n", query);
+	} else if (strcmp(hostname, "dk" QNICHOST_TAIL) == 0) {
+		(void) fprintf(sfo, "--show-handles %s\r\n", query);
+	} else {
+		(void) fprintf(sfo, "%s\r\n", query);
 	}
-	(void) fprintf(sfo, "%s\r\n", *argv);
 	(void) fflush(sfo);
-	while ((c = getc(sfi)) != EOF)
-		(void) putchar(c);
-	return (0);
+	nhost = NULL;
+	while ((buf = getln(sfi, &len)) != NULL) {
+		while (len > 0 && isspace((unsigned char)buf[len - 1]))
+			buf[--len] = '\0';
+		(void) printf("%.*s\n", (int)len, buf);
+
+		if ((flags & WHOIS_RECURSE) && nhost == NULL) {
+			host = strnstr(buf, WHOIS_SERVER_ID, len);
+			if (host != NULL) {
+				host += sizeof (WHOIS_SERVER_ID) - 1;
+				for (p = host; p < buf + len; p++) {
+					if (!ishost(*p)) {
+						*p = '\0';
+						break;
+					}
+				}
+				s_asprintf(&nhost, "%.*s",
+				    (int)(buf + len - host), host);
+			} else if ((host =
+			    strnstr(buf, WHOIS_ORG_SERVER_ID, len)) != NULL) {
+				host += sizeof (WHOIS_ORG_SERVER_ID) - 1;
+				for (p = host; p < buf + len; p++) {
+					if (!ishost(*p)) {
+						*p = '\0';
+						break;
+					}
+				}
+				s_asprintf(&nhost, "%.*s",
+				    (int)(buf + len - host), host);
+			} else if (strcmp(hostname, ANICHOST) == 0) {
+				for (c = 0; c <= len; c++)
+					buf[c] = tolower((unsigned char)buf[c]);
+				for (i = 0; ip_whois[i] != NULL; i++) {
+					if (strnstr(buf, ip_whois[i], len) !=
+					    NULL) {
+						s_asprintf(&nhost, "%s",
+						    ip_whois[i]);
+						break;
+					}
+				}
+			}
+		}
+	}
+	if (nhost != NULL) {
+		whois(query, nhost, 0);
+		free(nhost);
+	}
+}
+
+static void
+usage(void)
+{
+	(void) fprintf(stderr,
+	    "usage: whois [-aAbfgiIklmQr] [-c country-code | -h hostname] "
+	    "[-p port] name ...\n");
+	exit(EX_USAGE);
+}
+
+static char *
+getln(FILE *in, size_t *lenp)
+{
+	static char	*buffer = NULL;
+	static size_t	sz = 0;
+
+	size_t		len = 0;
+
+	for (;;) {
+		if (sz <= (len + 1)) {
+			char *nb;
+			if ((nb = realloc(buffer, sz + LINE_MAX)) == NULL) {
+				err(1, "realloc");
+			}
+			buffer = nb;
+			sz += LINE_MAX;
+		}
+
+		buffer[len] = 0;
+
+		if (fgets(buffer + len, sz - len, in) == NULL) {
+			/* END OF FILE */
+			*lenp = len;
+			if (len == 0)
+				return (NULL);
+			break;
+		}
+
+		len += strlen(buffer + len);
+
+		if (buffer[len - 1] == '\n') {
+			/* got the new line */
+			*lenp = len;
+			break;
+		}
+	}
+
+	return (buffer);
 }
diff --git a/usr/src/cmd/cmd-inet/usr.lib/inetd/inetd.c b/usr/src/cmd/cmd-inet/usr.lib/inetd/inetd.c
index f8de58dbc3..f1f99ff74d 100644
--- a/usr/src/cmd/cmd-inet/usr.lib/inetd/inetd.c
+++ b/usr/src/cmd/cmd-inet/usr.lib/inetd/inetd.c
@@ -19,6 +19,8 @@
  * CDDL HEADER END
  */
 /*
+ * Copyright (c) 2011 Gary Mills
+ *
  * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
@@ -2695,6 +2697,7 @@ exec_method(instance_t *instance, instance_method_t method, method_info_t *mi,
 	char 		**env;
 	const char	*errf;
 	int		serrno;
+	sigset_t	mtset;
 	basic_cfg_t	*cfg = instance->config->basic;
 
 	if (method == IM_START) {
@@ -2715,6 +2718,12 @@ exec_method(instance_t *instance, instance_method_t method, method_info_t *mi,
 	(void) sigset(SIGINT, SIG_DFL);
 
 	/*
+	 * Ensure that other signals are unblocked
+	 */
+	(void) sigemptyset(&mtset);
+	(void) sigprocmask(SIG_SETMASK, &mtset, (sigset_t *)NULL);
+
+	/*
 	 * Setup exec arguments. Do this before the fd setup below, so our
 	 * logging related file fd doesn't get taken over before we call
 	 * expand_address().
diff --git a/usr/src/cmd/dtrace/test/cmd/jdtrace/exception.lst b/usr/src/cmd/dtrace/test/cmd/jdtrace/exception.lst
index 261f8707c1..19fc3aca51 100644
--- a/usr/src/cmd/dtrace/test/cmd/jdtrace/exception.lst
+++ b/usr/src/cmd/dtrace/test/cmd/jdtrace/exception.lst
@@ -23,7 +23,6 @@
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
 
 # Exception list: names tests that are bypassed when running in Java
 # mode (relative to /opt/SUNWdtrt/tst)
@@ -52,14 +51,17 @@ common/usdt/tst.enabled.ksh
 common/usdt/tst.enabled2.ksh
 common/usdt/tst.entryreturn.ksh
 common/usdt/tst.fork.ksh
-common/usdt/tst.header.ksh
 common/usdt/tst.guess32.ksh
 common/usdt/tst.guess64.ksh
+common/usdt/tst.header.ksh
 common/usdt/tst.linkpriv.ksh
 common/usdt/tst.linkunpriv.ksh
 common/usdt/tst.multiple.ksh
 common/usdt/tst.nodtrace.ksh
+common/usdt/tst.noreap.ksh
+common/usdt/tst.noreapring.ksh
 common/usdt/tst.onlyenabled.ksh
+common/usdt/tst.reap.ksh
 common/usdt/tst.reeval.ksh
 common/usdt/tst.static.ksh
 common/usdt/tst.static2.ksh
diff --git a/usr/src/cmd/dtrace/test/tst/common/usdt/tst.noreap.ksh b/usr/src/cmd/dtrace/test/tst/common/usdt/tst.noreap.ksh
new file mode 100644
index 0000000000..0125d50b80
--- /dev/null
+++ b/usr/src/cmd/dtrace/test/tst/common/usdt/tst.noreap.ksh
@@ -0,0 +1,128 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2011, Joyent, Inc. All rights reserved.
+#
+
+if [ $# != 1 ]; then
+	echo expected one argument: '<'dtrace-path'>'
+	exit 2
+fi
+
+dtrace=$1
+DIR=/var/tmp/dtest.$$
+
+mkdir $DIR
+cd $DIR
+
+cat > test.c <<EOF
+#include <unistd.h>
+#include <sys/sdt.h>
+
+int
+main(int argc, char **argv)
+{
+	DTRACE_PROBE(test_prov, probe1);
+}
+EOF
+
+cat > prov.d <<EOF
+provider test_prov {
+	probe probe1();
+};
+EOF
+
+cc -c test.c
+if [ $? -ne 0 ]; then
+	print -u2 "failed to compile test.c"
+	exit 1
+fi
+$dtrace -G -32 -s prov.d test.o
+if [ $? -ne 0 ]; then
+	print -u2 "failed to create DOF"
+	exit 1
+fi
+cc -o test test.o prov.o
+if [ $? -ne 0 ]; then
+	print -u2 "failed to link final executable"
+	exit 1
+fi
+
+script()
+{
+	$dtrace -Zwqs /dev/stdin <<EOF
+
+	BEGIN
+	{
+		spec = speculation();
+		speculate(spec);
+		printf("this is speculative!\n");
+	}
+
+	test_prov*:::
+	{
+		probeid = id;
+	}
+
+	tick-1sec
+	/probeid == 0/
+	{
+		printf("launching test\n");
+		system("./test");
+	}
+
+	tick-1sec
+	/probeid != 0/
+	{
+		printf("attempting re-enabling\n");
+		system("dtrace -e -x errtags -i %d", probeid);
+		attempts++;
+	}
+
+	tick-1sec
+	/attempts > 10/
+	{
+		exit(0);
+	}
+EOF
+}
+
+script 2>&1 | tee test.out
+
+#
+# It should be true that our probe was not reaped after the provider was made
+# defunct: the speculative tracing action prevents reaping of any ECB in the
+# enabling.
+# 
+status=0
+
+if grep D_PDESC_INVAL test.out 2> /dev/null 1>&2 ; then
+	status=1
+else
+	grep D_PROC_GRAB test.out 2> /dev/null 1>&2
+	status=$?
+fi
+
+cd /
+/usr/bin/rm -rf $DIR
+
+exit $status
diff --git a/usr/src/cmd/dtrace/test/tst/common/usdt/tst.noreapring.ksh b/usr/src/cmd/dtrace/test/tst/common/usdt/tst.noreapring.ksh
new file mode 100644
index 0000000000..1260903467
--- /dev/null
+++ b/usr/src/cmd/dtrace/test/tst/common/usdt/tst.noreapring.ksh
@@ -0,0 +1,124 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2011, Joyent, Inc. All rights reserved.
+#
+
+if [ $# != 1 ]; then
+	echo expected one argument: '<'dtrace-path'>'
+	exit 2
+fi
+
+dtrace=$1
+DIR=/var/tmp/dtest.$$
+
+mkdir $DIR
+cd $DIR
+
+cat > test.c <<EOF
+#include <unistd.h>
+#include <sys/sdt.h>
+
+int
+main(int argc, char **argv)
+{
+	DTRACE_PROBE(test_prov, probe1);
+}
+EOF
+
+cat > prov.d <<EOF
+provider test_prov {
+	probe probe1();
+};
+EOF
+
+cc -c test.c
+if [ $? -ne 0 ]; then
+	print -u2 "failed to compile test.c"
+	exit 1
+fi
+$dtrace -G -32 -s prov.d test.o
+if [ $? -ne 0 ]; then
+	print -u2 "failed to create DOF"
+	exit 1
+fi
+cc -o test test.o prov.o
+if [ $? -ne 0 ]; then
+	print -u2 "failed to link final executable"
+	exit 1
+fi
+
+script()
+{
+	$dtrace -Zwqs /dev/stdin <<EOF
+	test_prov*:::
+	{
+		probeid = id;
+	}
+
+	tick-1sec
+	/probeid == 0/
+	{
+		printf("launching test\n");
+		system("./test");
+	}
+
+	tick-1sec
+	/probeid != 0/
+	{
+		printf("attempting re-enabling\n");
+		system("dtrace -e -x errtags -i %d", probeid);
+		attempts++;
+	}
+
+	tick-1sec
+	/attempts > 10/
+	{
+		exit(0);
+	}
+EOF
+}
+
+$dtrace -x bufpolicy=ring -ZwqP test_prov\* > /dev/null 2>&1 &
+background=$!
+echo launched ring buffered enabling as pid $background
+script 2>&1 | tee test.out
+
+#
+# It should be true that our probe was not reaped after the provider was made
+# defunct: the active ring buffer in the earlier enabling prevents reaping of
+# any of the earlier enabling's ECBs.
+# 
+status=0
+
+if grep D_PDESC_INVAL test.out 2> /dev/null 1>&2 ; then
+	status=1
+else
+	grep D_PROC_GRAB test.out 2> /dev/null 1>&2
+	status=$?
+fi
+
+kill $background
+cd /
+/usr/bin/rm -rf $DIR
+
+exit $status
diff --git a/usr/src/cmd/dtrace/test/tst/common/usdt/tst.reap.ksh b/usr/src/cmd/dtrace/test/tst/common/usdt/tst.reap.ksh
new file mode 100644
index 0000000000..e9b96638fc
--- /dev/null
+++ b/usr/src/cmd/dtrace/test/tst/common/usdt/tst.reap.ksh
@@ -0,0 +1,115 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2011, Joyent, Inc. All rights reserved.
+#
+
+if [ $# != 1 ]; then
+	echo expected one argument: '<'dtrace-path'>'
+	exit 2
+fi
+
+dtrace=$1
+DIR=/var/tmp/dtest.$$
+
+mkdir $DIR
+cd $DIR
+
+cat > test.c <<EOF
+#include <unistd.h>
+#include <sys/sdt.h>
+
+int
+main(int argc, char **argv)
+{
+	DTRACE_PROBE(test_prov, probe1);
+}
+EOF
+
+cat > prov.d <<EOF
+provider test_prov {
+	probe probe1();
+};
+EOF
+
+cc -c test.c
+if [ $? -ne 0 ]; then
+	print -u2 "failed to compile test.c"
+	exit 1
+fi
+$dtrace -G -32 -s prov.d test.o
+if [ $? -ne 0 ]; then
+	print -u2 "failed to create DOF"
+	exit 1
+fi
+cc -o test test.o prov.o
+if [ $? -ne 0 ]; then
+	print -u2 "failed to link final executable"
+	exit 1
+fi
+
+script()
+{
+	$dtrace -Zwqs /dev/stdin <<EOF
+	test_prov*:::
+	{
+		probeid = id;
+	}
+
+	tick-1sec
+	/probeid == 0/
+	{
+		printf("launching test\n");
+		system("./test");
+	}
+
+	tick-1sec
+	/probeid != 0/
+	{
+		printf("attempting re-enabling\n");
+		system("dtrace -e -x errtags -i %d", probeid);
+		attempts++;
+	}
+
+	tick-1sec
+	/attempts > 10/
+	{
+		exit(0);
+	}
+EOF
+}
+
+script 2>&1 | tee test.out
+
+#
+# It should be true that our probe was reaped over the course of the enabling,
+# causing the embedded DTrace invocation to fail on an invalid probe (that is,
+# D_PDESC_INVAL) instead of an inability to grab the underlying process
+# (D_PROC_GRAB).
+# 
+grep D_PDESC_INVAL test.out 2> /dev/null 1>&2
+status=$?
+
+cd /
+/usr/bin/rm -rf $DIR
+
+exit $status
diff --git a/usr/src/cmd/format/auto_sense.c b/usr/src/cmd/format/auto_sense.c
index 2ccd4620a0..5f0f767bef 100644
--- a/usr/src/cmd/format/auto_sense.c
+++ b/usr/src/cmd/format/auto_sense.c
@@ -19,6 +19,8 @@
  * CDDL HEADER END
  */
 /*
+ * Copyright (c) 2011 Gary Mills
+ *
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
@@ -220,9 +222,6 @@ static struct disk_info *find_vbd_disk_info(struct dk_cinfo *dkinfo);
 static char		*get_sun_disk_name(
 				char		*disk_name,
 				struct scsi_inquiry *inquiry);
-static char		*get_generic_disk_name(
-				char		*disk_name,
-				struct scsi_inquiry *inquiry);
 static char		*strcopy(
 				char	*dst,
 				char	*src,
@@ -2081,7 +2080,7 @@ get_sun_disk_name(
 }
 
 
-static char *
+char *
 get_generic_disk_name(
 	char			*disk_name,
 	struct scsi_inquiry	*inquiry)
diff --git a/usr/src/cmd/format/auto_sense.h b/usr/src/cmd/format/auto_sense.h
index 31699fab20..163c6344cc 100644
--- a/usr/src/cmd/format/auto_sense.h
+++ b/usr/src/cmd/format/auto_sense.h
@@ -19,6 +19,8 @@
  * CDDL HEADER END
  */
 /*
+ * Copyright (c) 2011 Gary Mills
+ *
  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
@@ -26,12 +28,11 @@
 #ifndef	_AUTO_SENSE_H
 #define	_AUTO_SENSE_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #ifdef	__cplusplus
 extern "C" {
 #endif
 
+struct scsi_inquiry;	/* anonymous struct */
 
 #ifdef	__STDC__
 /*
@@ -53,12 +54,16 @@ int			delete_disk_type(
 				struct disk_type *disk_type);
 
 struct disk_type *auto_direct_get_geom_label(int fd, struct dk_label *label);
+char			*get_generic_disk_name(
+				char *disk_name,
+				struct scsi_inquiry *inquiry);
 #else
 
 struct disk_type	*auto_sense();
 struct disk_type	*auto_efi_sense();
 int			build_default_partition();
 struct disk_type *auto_direct_get_geom_label();
+char			*get_generic_disk_name();
 
 
 #endif	/* __STDC__ */
diff --git a/usr/src/cmd/format/startup.c b/usr/src/cmd/format/startup.c
index 33d0fd11b5..0396a62997 100644
--- a/usr/src/cmd/format/startup.c
+++ b/usr/src/cmd/format/startup.c
@@ -19,6 +19,8 @@
  * CDDL HEADER END
  */
 /*
+ * Copyright (c) 2011 Gary Mills
+ *
  * Copyright (c) 1993, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
@@ -1545,23 +1547,15 @@ static void
 get_disk_name(int fd, char *disk_name)
 {
 	struct scsi_inquiry	inquiry;
-	char	*p;
 
 	if (uscsi_inquiry(fd, (char *)&inquiry, sizeof (inquiry))) {
-		err_print("Failed to inquiry this logical disk");
+		if (option_msg)
+			err_print("\nInquiry failed - %s\n", strerror(errno));
+		(void) strcpy(disk_name, "Unknown-Unknown-0001");
 		return;
 	}
 
-	p = disk_name;
-	(void) memset(p, 0, MAXNAMELEN);
-
-	(void) strncpy(p, inquiry.inq_vid, sizeof (inquiry.inq_vid));
-	p += sizeof (inquiry.inq_vid) - 1;
-	*p++ = '-';
-	p = strncpy(p, inquiry.inq_pid, sizeof (inquiry.inq_pid));
-	p += sizeof (inquiry.inq_pid) - 1;
-	*p++ = '-';
-	p = strncpy(p, inquiry.inq_revision, sizeof (inquiry.inq_revision));
+	(void) get_generic_disk_name(disk_name, &inquiry);
 }
 
 /*
diff --git a/usr/src/cmd/fs.d/pcfs/fsck/bpb.c b/usr/src/cmd/fs.d/pcfs/fsck/bpb.c
index 3bbf531b35..0a9387a405 100644
--- a/usr/src/cmd/fs.d/pcfs/fsck/bpb.c
+++ b/usr/src/cmd/fs.d/pcfs/fsck/bpb.c
@@ -20,12 +20,12 @@
  * CDDL HEADER END
  */
 /*
+ * Copyright (c) 2011 Gary Mills
+ *
  * Copyright (c) 1999,2000 by Sun Microsystems, Inc.
  * All rights reserved.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 /*
  * fsck_pcfs -- routines for manipulating the BPB (BIOS parameter block)
  * of the file system.
@@ -66,7 +66,7 @@ computeFileAreaSize(void)
 	 * Compute bytes/cluster for later reference
 	 */
 	BytesPerCluster =  TheBIOSParameterBlock.bpb.sectors_per_cluster *
-		TheBIOSParameterBlock.bpb.bytes_per_sector;
+	    TheBIOSParameterBlock.bpb.bytes_per_sector;
 
 	/*
 	 * First we'll find total number of sectors in the file area...
@@ -80,7 +80,7 @@ computeFileAreaSize(void)
 	overhead = TheBIOSParameterBlock.bpb.resv_sectors;
 
 	RootDirSize = TheBIOSParameterBlock.bpb.num_root_entries *
-		sizeof (struct pcdir);
+	    sizeof (struct pcdir);
 	overhead += RootDirSize / TheBIOSParameterBlock.bpb.bytes_per_sector;
 
 	if (TheBIOSParameterBlock.bpb.sectors_per_fat) {
@@ -88,13 +88,13 @@ computeFileAreaSize(void)
 		 * Good old FAT12 or FAT16
 		 */
 		overhead += TheBIOSParameterBlock.bpb.num_fats *
-			TheBIOSParameterBlock.bpb.sectors_per_fat;
+		    TheBIOSParameterBlock.bpb.sectors_per_fat;
 		/*
 		 * Compute this for later - when we actually pull in a copy
 		 * of the FAT
 		 */
 		FATSize = TheBIOSParameterBlock.bpb.sectors_per_fat *
-			TheBIOSParameterBlock.bpb.bytes_per_sector;
+		    TheBIOSParameterBlock.bpb.bytes_per_sector;
 	} else {
 		/*
 		 *  FAT32
@@ -109,13 +109,13 @@ computeFileAreaSize(void)
 		 *  believing what I am told.
 		 */
 		overhead += TheBIOSParameterBlock.bpb.num_fats *
-			TheBIOSParameterBlock.bpb32.big_sectors_per_fat;
+		    TheBIOSParameterBlock.bpb32.big_sectors_per_fat;
 		/*
 		 * Compute this for later - when we actually pull in a copy
 		 * of the FAT
 		 */
 		FATSize = TheBIOSParameterBlock.bpb32.big_sectors_per_fat *
-			TheBIOSParameterBlock.bpb.bytes_per_sector;
+		    TheBIOSParameterBlock.bpb.bytes_per_sector;
 	}
 
 	/*
@@ -124,7 +124,7 @@ computeFileAreaSize(void)
 	 */
 	dataSectors -= overhead;
 	TotalClusters = dataSectors /
-		TheBIOSParameterBlock.bpb.sectors_per_cluster;
+	    TheBIOSParameterBlock.bpb.sectors_per_cluster;
 
 	/*
 	 *  Also need to compute last cluster and offset of the first cluster
@@ -153,8 +153,8 @@ computeFileAreaSize(void)
 		    "bytes.\n"), TotalClusters,
 		    TheBIOSParameterBlock.bpb.sectors_per_cluster,
 		    (uint64_t)TotalClusters *
-			TheBIOSParameterBlock.bpb.sectors_per_cluster *
-			TheBIOSParameterBlock.bpb.bytes_per_sector);
+		    TheBIOSParameterBlock.bpb.sectors_per_cluster *
+		    TheBIOSParameterBlock.bpb.bytes_per_sector);
 		(void) fprintf(stderr,
 		    gettext("File system overhead of %d sectors.\n"), overhead);
 		(void) fprintf(stderr,
@@ -193,7 +193,7 @@ readBPB(int fd)
 	if (ltohs(ubpb.mb.signature) != BOOTSECSIG) {
 		mountSanityCheckFails();
 		(void) fprintf(stderr,
-			gettext("Bad signature on BPB. Giving up.\n"));
+		    gettext("Bad signature on BPB. Giving up.\n"));
 		exit(2);
 	}
 
@@ -201,9 +201,9 @@ readBPB(int fd)
 	swap_pack_grabbpb(&TheBIOSParameterBlock, &(ubpb.bs));
 #else
 	(void) memcpy(&(TheBIOSParameterBlock.bpb), &(ubpb.bs.bs_front.bs_bpb),
-		sizeof (TheBIOSParameterBlock.bpb));
+	    sizeof (TheBIOSParameterBlock.bpb));
 	(void) memcpy(&(TheBIOSParameterBlock.ebpb), &(ubpb.bs.bs_ebpb),
-		sizeof (TheBIOSParameterBlock.ebpb));
+	    sizeof (TheBIOSParameterBlock.ebpb));
 #endif
 	/*
 	 * In general, we would expect the bytes per sector to
@@ -220,8 +220,9 @@ readBPB(int fd)
 		    gettext("Bogus bytes per sector value.  Giving up.\n"));
 		exit(2);
 	}
-	if (!(is_z_a_power_of_x_le_y(2, 128,
-		TheBIOSParameterBlock.bpb.sectors_per_cluster))) {
+	if (!(ISP2(TheBIOSParameterBlock.bpb.sectors_per_cluster) &&
+	    IN_RANGE(TheBIOSParameterBlock.bpb.sectors_per_cluster,
+	    1, 128))) {
 		mountSanityCheckFails();
 		(void) fprintf(stderr,
 		    gettext("Bogus sectors per cluster value.  Giving up.\n"));
@@ -233,8 +234,8 @@ readBPB(int fd)
 		swap_pack_grab32bpb(&TheBIOSParameterBlock, &(ubpb.bs));
 #else
 		(void) memcpy(&(TheBIOSParameterBlock.bpb32),
-			&(ubpb.bs32.bs_bpb32),
-			sizeof (TheBIOSParameterBlock.bpb32));
+		    &(ubpb.bs32.bs_bpb32),
+		    sizeof (TheBIOSParameterBlock.bpb32));
 #endif
 		IsFAT32 = 1;
 	}
@@ -246,7 +247,7 @@ readBPB(int fd)
 			mountSanityCheckFails();
 			(void) fprintf(stderr,
 			    gettext("Bogus number of root entries.  "
-				"Giving up.\n"));
+			    "Giving up.\n"));
 			exit(2);
 		}
 	} else {
@@ -254,7 +255,7 @@ readBPB(int fd)
 			mountSanityCheckFails();
 			(void) fprintf(stderr,
 			    gettext("Bogus number of root entries.  "
-				"Giving up.\n"));
+			    "Giving up.\n"));
 			exit(2);
 		}
 	}
diff --git a/usr/src/cmd/fs.d/pcfs/fsck/pcfs_common.c b/usr/src/cmd/fs.d/pcfs/fsck/pcfs_common.c
index f8a5b4e98d..a8524712ce 100644
--- a/usr/src/cmd/fs.d/pcfs/fsck/pcfs_common.c
+++ b/usr/src/cmd/fs.d/pcfs/fsck/pcfs_common.c
@@ -19,6 +19,8 @@
  * CDDL HEADER END
  */
 /*
+ * Copyright (c) 2011 Gary Mills
+ *
  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
@@ -63,23 +65,6 @@ void swap_pack_grabbpb(bpb_t *wbpb, struct _boot_sector *bsp);
 extern int AlwaysYes;
 extern int AlwaysNo;
 
-int
-is_z_a_power_of_x_le_y(int x, int y, int z)
-{
-	int ispower = 0;
-	int pow = 1;
-
-	do {
-		if (pow == z) {
-			ispower = 1;
-			break;
-		}
-		pow *= x;
-	} while (pow <= y);
-
-	return (ispower);
-}
-
 /*
  * store_16_bits
  *	Save the lower 16 bits of a 32 bit value (v) into the provided
diff --git a/usr/src/cmd/fs.d/pcfs/fsck/pcfs_common.h b/usr/src/cmd/fs.d/pcfs/fsck/pcfs_common.h
index 71fc6d7e41..71dccdbca0 100644
--- a/usr/src/cmd/fs.d/pcfs/fsck/pcfs_common.h
+++ b/usr/src/cmd/fs.d/pcfs/fsck/pcfs_common.h
@@ -20,6 +20,8 @@
  * CDDL HEADER END
  */
 /*
+ * Copyright (c) 2011 Gary Mills
+ *
  * Copyright (c) 1999 by Sun Microsystems, Inc.
  * All rights reserved.
  */
@@ -27,8 +29,6 @@
 #ifndef _PCFS_COMMON_H
 #define	_PCFS_COMMON_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 /*
  * Common routines for the pcfs user-level utilities
  */
@@ -40,8 +40,11 @@ extern "C" {
 #include <sys/isa_defs.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/sysmacros.h>
 #include "pcfs_bpb.h"
 
+#define	IN_RANGE(n, x, y) (((n) >= (x)) && ((n) <= (y)))
+
 /*
  *  A macro implementing a ceiling function for integer divides.
  */
@@ -78,7 +81,6 @@ extern void missing_arg(char *option);
 extern void dump_bytes(uchar_t *b, int n);
 extern void bad_arg(char *option);
 extern void usage(void);
-extern int  is_z_a_power_of_x_le_y(int x, int y, int z);
 extern int  yes(void);
 
 /*
diff --git a/usr/src/cmd/fs.d/pcfs/mkfs/mkfs.c b/usr/src/cmd/fs.d/pcfs/mkfs/mkfs.c
index f335a2eabc..f2f183bcef 100644
--- a/usr/src/cmd/fs.d/pcfs/mkfs/mkfs.c
+++ b/usr/src/cmd/fs.d/pcfs/mkfs/mkfs.c
@@ -19,6 +19,8 @@
  * CDDL HEADER END
  */
 /*
+ * Copyright (c) 2011 Gary Mills
+ *
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
@@ -51,6 +53,7 @@
  *
  *	XXX -- floppy opens need O_NDELAY?
  */
+#define	IN_RANGE(n, x, y) (((n) >= (x)) && ((n) <= (y)))
 #define	DEFAULT_LABEL "NONAME"
 
 static char	*BootBlkFn = NULL;
@@ -165,7 +168,6 @@ static int verify_bootblkfile(char *fn, boot_sector_t *bs,
 static int open_and_examine(char *dn, bpb_t *wbpb);
 static int verify_firstfile(char *fn, ulong_t *filesize);
 static int lookup_FAT_size(uchar_t partid);
-static int powerofx_le_y(int x, int y, int value);
 static int open_and_seek(char *dn, bpb_t *wbpb, off64_t *seekto);
 static int warn_mismatch(char *desc, char *src, int expect, int assigned);
 static int copy_bootblk(char *fn, boot_sector_t *bootsect,
@@ -231,33 +233,6 @@ yes(void)
 	return (*a);
 }
 
-/*
- * powerofx_le_y
- *	args of x,y, and value to be checked
- *	returns 1 if x**n == value and n >= 0 and value <= y
- *	returns 0 otherwise
- */
-static
-int
-powerofx_le_y(int x, int y, int value)
-{
-	int ispower = 0;
-	int pow = 1;
-
-	if (value < 1 || value > y)
-		return (ispower);
-
-	do {
-		if (pow == value) {
-			ispower = 1;
-			break;
-		}
-		pow *= x;
-	} while (pow <= y);
-
-	return (ispower);
-}
-
 static
 int
 ask_nicely(char *special)
@@ -1878,7 +1853,8 @@ read_existing_bpb(int fd, bpb_t *wbpb)
 	if (wbpb->bpb.bytes_sector != BPSEC) {
 		(void) fprintf(stderr,
 		    gettext("Bogus bytes per sector value.\n"));
-		if (!powerofx_le_y(2, BPSEC * 8, wbpb->bpb.bytes_sector)) {
+		if (!(ISP2(wbpb->bpb.bytes_sector) &&
+		    IN_RANGE(wbpb->bpb.bytes_sector, 1, BPSEC * 8))) {
 			(void) fprintf(stderr,
 			    gettext("The device name may be missing a "
 			    "logical drive specifier.\n"));
@@ -1895,7 +1871,8 @@ read_existing_bpb(int fd, bpb_t *wbpb)
 			exit(6);
 		}
 	}
-	if (!(powerofx_le_y(2, 128, wbpb->bpb.sectors_per_cluster))) {
+	if (!(ISP2(wbpb->bpb.sectors_per_cluster) &&
+	    IN_RANGE(wbpb->bpb.sectors_per_cluster, 1, 128))) {
 		(void) fprintf(stderr,
 		    gettext("Bogus sectors per cluster value.\n"));
 		(void) fprintf(stderr,
@@ -3435,7 +3412,8 @@ sanity_check_options(int argc, int optind)
 		(void) fprintf(stderr, gettext("Invalid Bits/Fat value."
 		    " Must be 12, 16 or 32.\n"));
 		exit(2);
-	} else if (!GetSPC && !powerofx_le_y(2, 128, SecPerClust)) {
+	} else if (!GetSPC && !(ISP2(SecPerClust) &&
+	    IN_RANGE(SecPerClust, 1, 128))) {
 		(void) fprintf(stderr,
 		    gettext("Invalid Sectors/Cluster value.  Must be a "
 		    "power of 2 between 1 and 128.\n"));
diff --git a/usr/src/pkg/manifests/SUNWperl584core.mf b/usr/src/cmd/kvmstat/Makefile
index c2ea18888a..2b3cce0eee 100644
--- a/usr/src/pkg/manifests/SUNWperl584core.mf
+++ b/usr/src/cmd/kvmstat/Makefile
@@ -18,12 +18,24 @@
 #
 # CDDL HEADER END
 #
-
-#
-# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, Joyent, Inc. All rights reserved.
 #
 
-set name=pkg.fmri value=pkg:/SUNWperl584core@5.8.4,5.11-0.133
-set name=pkg.renamed value=true
-set name=variant.arch value=$(ARCH)
-depend fmri=pkg:/runtime/perl-584@5.8.4,5.11-0.133 type=require
+PROG= kvmstat
+
+include ../Makefile.cmd
+
+LDLIBS += -lkstat
+
+.KEEP_STATE:
+
+all: $(PROG) 
+
+install: all $(ROOTPROG)
+
+clean:
+	$(RM) $(PROG)
+
+lint:	lint_PROG
+
+include ../Makefile.targ
diff --git a/usr/src/cmd/kvmstat/kvmstat.c b/usr/src/cmd/kvmstat/kvmstat.c
new file mode 100644
index 0000000000..526e212ef5
--- /dev/null
+++ b/usr/src/cmd/kvmstat/kvmstat.c
@@ -0,0 +1,479 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2011, Joyent, Inc. All rights reserved.
+ */
+
+#include <sys/kstat.h>
+#include <kstat.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <assert.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <alloca.h>
+#include <signal.h>
+#include <sys/varargs.h>
+#include <sys/int_limits.h>
+
+#define	KSTAT_FIELD_USEINSTANCE		0x01
+#define	KSTAT_FIELD_NODELTA		0x02
+#define	KSTAT_FIELD_FILLER		0x04
+
+typedef struct kstat_field {
+	char *ksf_header;		/* header for field */
+	char *ksf_name;			/* name of stat, if any */
+	int ksf_width;			/* width for field in output line */
+	uint32_t ksf_flags;		/* flags for this field, if any */
+	int ksf_hint;			/* index hint for field in kstat */
+} kstat_field_t;
+
+typedef struct kstat_instance {
+	char ksi_name[KSTAT_STRLEN];	/* name of the underlying kstat */
+	int ksi_instance;		/* instance identifer of this kstat */
+	kstat_t *ksi_ksp;		/* pointer to the kstat */
+	uint64_t *ksi_data[2];		/* pointer to two generations of data */
+	hrtime_t ksi_snaptime[2];	/* hrtime for data generations */
+	int ksi_gen;			/* current generation */
+	struct kstat_instance *ksi_next; /* next in instance list */
+} kstat_instance_t;
+
+const char *g_cmd = "kvmstat";
+
+static void
+fatal(char *fmt, ...)
+{
+	va_list ap;
+	int error = errno;
+
+	va_start(ap, fmt);
+
+	(void) fprintf(stderr, "%s: ", g_cmd);
+	/*LINTED*/
+	(void) vfprintf(stderr, fmt, ap);
+
+	if (fmt[strlen(fmt) - 1] != '\n')
+		(void) fprintf(stderr, ": %s\n", strerror(error));
+
+	exit(EXIT_FAILURE);
+}
+
+int
+kstat_field_hint(kstat_t *ksp, kstat_field_t *field)
+{
+	kstat_named_t *nm = KSTAT_NAMED_PTR(ksp);
+	int i;
+
+	assert(ksp->ks_type == KSTAT_TYPE_NAMED);
+
+	for (i = 0; i < ksp->ks_ndata; i++) {
+		if (strcmp(field->ksf_name, nm[i].name) == 0)
+			return (field->ksf_hint = i);
+	}
+
+	fatal("could not find field '%s' in %s:%d\n",
+	    field->ksf_name, ksp->ks_name, ksp->ks_instance);
+
+	return (0);
+}
+
+int
+kstat_instances_compare(const void *lhs, const void *rhs)
+{
+	kstat_instance_t *l = *((kstat_instance_t **)lhs);
+	kstat_instance_t *r = *((kstat_instance_t **)rhs);
+	int rval;
+
+	if ((rval = strcmp(l->ksi_name, r->ksi_name)) != 0)
+		return (rval);
+
+	if (l->ksi_instance < r->ksi_instance)
+		return (-1);
+
+	if (l->ksi_instance > r->ksi_instance)
+		return (1);
+
+	return (0);
+}
+
+void
+kstat_instances_update(kstat_ctl_t *kcp, kstat_instance_t **head,
+    boolean_t (*interested)(kstat_t *))
+{
+	int ninstances = 0, i;
+	kstat_instance_t **sorted, *ksi, *next;
+	kstat_t *ksp;
+	kid_t kid;
+
+	if ((kid = kstat_chain_update(kcp)) == 0 && *head != NULL)
+		return;
+
+	if (kid == -1)
+		fatal("failed to update kstat chain");
+
+	for (ksi = *head; ksi != NULL; ksi = ksi->ksi_next)
+		ksi->ksi_ksp = NULL;
+
+	for (ksp = kcp->kc_chain; ksp != NULL; ksp = ksp->ks_next) {
+		kstat_instance_t *last = NULL;
+
+		if (!interested(ksp))
+			continue;
+
+		/*
+		 * Now look to see if we have this instance and name.  (Yes,
+		 * this is a linear search; we're assuming that this list is
+		 * modest in size.)
+		 */
+		for (ksi = *head; ksi != NULL; ksi = ksi->ksi_next) {
+			last = ksi;
+
+			if (ksi->ksi_instance != ksp->ks_instance)
+				continue;
+
+			if (strcmp(ksi->ksi_name, ksp->ks_name) != 0)
+				continue;
+
+			ksi->ksi_ksp = ksp;
+			ninstances++;
+			break;
+		}
+
+		if (ksi != NULL)
+			continue;
+
+		if ((ksi = malloc(sizeof (kstat_instance_t))) == NULL)
+			fatal("could not allocate memory for stat instance");
+
+		bzero(ksi, sizeof (kstat_instance_t));
+		(void) strlcpy(ksi->ksi_name, ksp->ks_name, KSTAT_STRLEN);
+		ksi->ksi_instance = ksp->ks_instance;
+		ksi->ksi_ksp = ksp;
+		ksi->ksi_next = NULL;
+
+		if (last == NULL) {
+			assert(*head == NULL);
+			*head = ksi;
+		} else {
+			last->ksi_next = ksi;
+		}
+
+		ninstances++;
+	}
+
+	/*
+	 * Now we know how many instances we have; iterate back over them,
+	 * pruning the stale ones and adding the active ones to a holding
+	 * array in which to sort them.
+	 */
+	sorted = (void *)alloca(ninstances * sizeof (kstat_instance_t *));
+	ninstances = 0;
+
+	for (ksi = *head; ksi != NULL; ksi = next) {
+		next = ksi->ksi_next;
+
+		if (ksi->ksi_ksp == NULL) {
+			free(ksi);
+		} else {
+			sorted[ninstances++] = ksi;
+		}
+	}
+
+	if (ninstances == 0) {
+		*head = NULL;
+		return;
+	}
+
+	qsort(sorted, ninstances, sizeof (kstat_instance_t *),
+	    kstat_instances_compare);
+
+	*head = sorted[0];
+
+	for (i = 0; i < ninstances; i++) {
+		ksi = sorted[i];
+		ksi->ksi_next = i < ninstances - 1 ? sorted[i + 1] : NULL;
+	}
+}
+
+void
+kstat_instances_read(kstat_ctl_t *kcp, kstat_instance_t *instances,
+    kstat_field_t *fields)
+{
+	kstat_instance_t *ksi;
+	int i, nfields;
+
+	for (nfields = 0; fields[nfields].ksf_header != NULL; nfields++)
+		continue;
+
+	for (ksi = instances; ksi != NULL; ksi = ksi->ksi_next) {
+		kstat_t *ksp = ksi->ksi_ksp;
+
+		if (ksp == NULL)
+			continue;
+
+		if (kstat_read(kcp, ksp, NULL) == -1) {
+			if (errno == ENXIO) {
+				/*
+				 * Our kstat has been removed since the update;
+				 * NULL it out to prevent us from trying to read
+				 * it again (and to indicate that it should not
+				 * be displayed) and drive on.
+				 */
+				ksi->ksi_ksp = NULL;
+				continue;
+			}
+
+			fatal("failed to read kstat %s:%d",
+			    ksi->ksi_name, ksi->ksi_instance);
+		}
+
+		if (ksp->ks_type != KSTAT_TYPE_NAMED) {
+			fatal("%s:%d is not a named kstat", ksi->ksi_name,
+			    ksi->ksi_instance);
+		}
+
+		if (ksi->ksi_data[0] == NULL) {
+			size_t size = nfields * sizeof (uint64_t) * 2;
+			uint64_t *data;
+
+			if ((data = malloc(size)) == NULL)
+				fatal("could not allocate memory");
+
+			bzero(data, size);
+			ksi->ksi_data[0] = data;
+			ksi->ksi_data[1] = &data[nfields];
+		}
+
+		for (i = 0; i < nfields; i++) {
+			kstat_named_t *nm = KSTAT_NAMED_PTR(ksp);
+			kstat_field_t *field = &fields[i];
+			int hint = field->ksf_hint;
+
+			if (field->ksf_name == NULL)
+				continue;
+
+			if (hint < 0 || hint >= ksp->ks_ndata ||
+			    strcmp(field->ksf_name, nm[hint].name) != 0) {
+				hint = kstat_field_hint(ksp, field);
+			}
+
+			ksi->ksi_data[ksi->ksi_gen][i] = nm[hint].value.ui64;
+		}
+
+		ksi->ksi_snaptime[ksi->ksi_gen] = ksp->ks_snaptime;
+		ksi->ksi_gen ^= 1;
+	}
+}
+
+uint64_t
+kstat_instances_delta(kstat_instance_t *ksi, int i)
+{
+	int gen = ksi->ksi_gen;
+	uint64_t delta = ksi->ksi_data[gen ^ 1][i] - ksi->ksi_data[gen][i];
+	uint64_t tdelta = ksi->ksi_snaptime[gen ^ 1] - ksi->ksi_snaptime[gen];
+
+	return (((delta * (uint64_t)NANOSEC) + (tdelta / 2)) / tdelta);
+}
+
+void
+kstat_instances_print(kstat_instance_t *instances, kstat_field_t *fields,
+    boolean_t header)
+{
+	kstat_instance_t *ksi = instances;
+	int i, nfields;
+
+	for (nfields = 0; fields[nfields].ksf_header != NULL; nfields++)
+		continue;
+
+	if (header) {
+		for (i = 0; i < nfields; i++) {
+			(void) printf("%*s%c", fields[i].ksf_width,
+			    fields[i].ksf_header, i < nfields - 1 ? ' ' : '\n');
+		}
+	}
+
+	for (ksi = instances; ksi != NULL; ksi = ksi->ksi_next) {
+		if (ksi->ksi_snaptime[1] == 0 || ksi->ksi_ksp == NULL)
+			continue;
+
+		for (i = 0; i < nfields; i++) {
+			char trailer = i < nfields - 1 ? ' ' : '\n';
+
+			if (fields[i].ksf_flags & KSTAT_FIELD_FILLER) {
+				(void) printf("%*s%c", fields[i].ksf_width,
+				    fields[i].ksf_header, trailer);
+				continue;
+			}
+
+			(void) printf("%*lld%c", fields[i].ksf_width,
+			    fields[i].ksf_flags & KSTAT_FIELD_USEINSTANCE ?
+			    ksi->ksi_instance :
+			    fields[i].ksf_flags & KSTAT_FIELD_NODELTA ?
+			    ksi->ksi_data[ksi->ksi_gen ^ 1][i] :
+			    kstat_instances_delta(ksi, i), trailer);
+		}
+	}
+}
+
+boolean_t
+interested(kstat_t *ksp)
+{
+	const char *module = "kvm";
+	const char *class = "misc";
+	const char *name = "vcpu-";
+
+	if (strcmp(ksp->ks_module, module) != 0)
+		return (B_FALSE);
+
+	if (strcmp(ksp->ks_class, class) != 0)
+		return (B_FALSE);
+
+	if (strstr(ksp->ks_name, name) != ksp->ks_name)
+		return (B_FALSE);
+
+	return (B_TRUE);
+}
+
+/* BEGIN CSTYLED */
+char *g_usage = "Usage: kvmstat [interval [count]]\n"
+    "\n"
+    "  Displays statistics for running kernel virtual machines, with one line\n"
+    "  per virtual CPU.  All statistics are reported as per-second rates.\n"
+    "\n"
+    "  The columns are as follows:\n"
+    "\n"
+    "    pid    =>  identifier of process controlling the virtual CPU\n"
+    "    vcpu   =>  virtual CPU identifier relative to its virtual machine\n"
+    "    exits  =>  virtual machine exits for the virtual CPU\n"
+    "    haltx  =>  virtual machine exits due to the HLT instruction\n"
+    "    irqx   =>  virtual machine exits due to a pending external interrupt\n"
+    "    irqwx  =>  virtual machine exits due to an open interrupt window\n"
+    "    iox    =>  virtual machine exits due to an I/O instruction\n"
+    "    mmiox  =>  virtual machine exits due to memory mapped I/O \n"
+    "    irqs   =>  interrupts injected into the virtual CPU\n"
+    "    emul   =>  instructions emulated in the kernel\n"
+    "    eptv   =>  extended page table violations\n"
+    "\n";
+/* END CSTYLED */
+
+void
+usage()
+{
+	(void) fprintf(stderr, "%s", g_usage);
+	exit(EXIT_FAILURE);
+}
+
+/*ARGSUSED*/
+void
+intr(int sig)
+{}
+
+/*ARGSUSED*/
+int
+main(int argc, char **argv)
+{
+	kstat_ctl_t *kcp;
+	kstat_instance_t *instances = NULL;
+	int i = 0;
+	int interval = 1;
+	int count = INT32_MAX;
+	struct itimerval itimer;
+	struct sigaction act;
+	sigset_t set;
+	char *endp;
+
+	kstat_field_t fields[] =  {
+		{ "pid", "pid", 6, KSTAT_FIELD_NODELTA },
+		{ "vcpu", NULL, 4, KSTAT_FIELD_USEINSTANCE },
+		{ "|", NULL, 1, KSTAT_FIELD_FILLER },
+		{ "exits", "exits", 6 },
+		{ ":", NULL, 1, KSTAT_FIELD_FILLER },
+		{ "haltx", "halt-exits", 6 },
+		{ "irqx", "irq-exits", 6 },
+		{ "irqwx", "irq-window-exits", 6 },
+		{ "iox", "io-exits", 6 },
+		{ "mmiox", "mmio-exits", 6 },
+		{ "|", NULL, 1, KSTAT_FIELD_FILLER },
+		{ "irqs", "irq-injections", 6 },
+		{ "emul", "insn-emulation", 6 },
+		{ "eptv", "pf-fixed", 6 },
+		{ NULL }
+	};
+
+	if (argc > 1) {
+		interval = strtol(argv[1], &endp, 10);
+
+		if (*endp != '\0' || interval <= 0)
+			usage();
+	}
+
+	if (argc > 2) {
+		count = strtol(argv[2], &endp, 10);
+
+		if (*endp != '\0' || count <= 0)
+			usage();
+	}
+
+	if ((kcp = kstat_open()) == NULL)
+		fatal("could not open /dev/kstat");
+
+	(void) sigemptyset(&act.sa_mask);
+	act.sa_flags = 0;
+	act.sa_handler = intr;
+	(void) sigaction(SIGALRM, &act, NULL);
+
+	(void) sigemptyset(&set);
+	(void) sigaddset(&set, SIGALRM);
+	(void) sigprocmask(SIG_BLOCK, &set, NULL);
+
+	bzero(&itimer, sizeof (itimer));
+	itimer.it_value.tv_sec = interval;
+	itimer.it_interval.tv_sec = interval;
+
+	if (setitimer(ITIMER_REAL, &itimer, NULL) != 0) {
+		fatal("could not set timer to %d second%s", interval,
+		    interval == 1 ? "" : "s");
+	}
+
+	(void) sigemptyset(&set);
+
+	for (;;) {
+		kstat_instances_update(kcp, &instances, interested);
+		kstat_instances_read(kcp, instances, fields);
+
+		if (i++ > 0) {
+			kstat_instances_print(instances, fields,
+			    instances != NULL && instances->ksi_next == NULL ?
+			    (((i - 2) % 20) == 0) : B_TRUE);
+		}
+
+		if (i > count)
+			break;
+
+		(void) sigsuspend(&set);
+	}
+
+	/*NOTREACHED*/
+	return (0);
+}
diff --git a/usr/src/cmd/localedef/data/ctype.sh b/usr/src/cmd/localedef/data/ctype.sh
index 0d55cf92c6..d815b93590 100644
--- a/usr/src/cmd/localedef/data/ctype.sh
+++ b/usr/src/cmd/localedef/data/ctype.sh
@@ -26,21 +26,21 @@ for i in upper lower alpha space cntrl graph print punct digit xdigit blank \
 	toupper tolower; do
 	# sed can't match both range patterns on the same line so we just make
 	# it look like valid multiline class by duplicating the definition
-	sed -E "/^$i.*>$/ {
+	sed "/^$i.*>$/ {
 		s,$,;/,
 		h
-		s,^$i(.*>);/$,\1,
+		s,^$i\(.*>\);/$,\1,
 		H
 		x
 	}" $@ |\
-	sed -E -n "/^$i/,/(>|\))$/ {
+	sed -n "/^$i/,/\([>)]\)$/ {
 		s,^$i,,
-		s,(>|\))$,\1;/,
+		"'s,\([>)]\)$,\1;/,'"
 		/^$/d
 		p
 	}" |\
 	sort -u |\
-	sed -E "1 s,^,$i,;$ s,(>|\));/,\1,"
+	sed "1 s,^,$i,;$ s,\([>)]\);/,\1,"
 done
 
 printf "\nEND LC_CTYPE\n"
diff --git a/usr/src/cmd/lp/cmd/lpadmin/options.c b/usr/src/cmd/lp/cmd/lpadmin/options.c
index 025501cd98..04928e5795 100644
--- a/usr/src/cmd/lp/cmd/lpadmin/options.c
+++ b/usr/src/cmd/lp/cmd/lpadmin/options.c
@@ -571,10 +571,10 @@ void			options (argc, argv)
 				stroptsw[1] = optsw;
 
 				if (strchr(OPT_LIST, optopt))
-					LP_ERRMSG1 (ERROR, E_LP_OPTARG, 
+					LP_ERRMSG1 (ERROR, E_LP_OPTARG,
 					    stroptsw);
 				else
-					LP_ERRMSG1 (ERROR, E_LP_OPTION, 
+					LP_ERRMSG1 (ERROR, E_LP_OPTION,
 					    stroptsw);
 				done (1);
 			}
diff --git a/usr/src/cmd/ls/ls.c b/usr/src/cmd/ls/ls.c
index 567ead122a..048afb3ec2 100644
--- a/usr/src/cmd/ls/ls.c
+++ b/usr/src/cmd/ls/ls.c
@@ -1795,6 +1795,7 @@ gstat(char *file, int argfl, struct ditem *myparent)
 	rep->lct.tv_nsec = 0;
 	rep->lmt.tv_sec = time(NULL);
 	rep->lmt.tv_nsec = 0;
+	rep->aclp = NULL;
 	rep->exttr = NULL;
 	rep->extm = NULL;
 	rep->color = NULL;
diff --git a/usr/src/cmd/man/src/man.c b/usr/src/cmd/man/src/man.c
index bc6a85afec..b58527746d 100644
--- a/usr/src/cmd/man/src/man.c
+++ b/usr/src/cmd/man/src/man.c
@@ -922,15 +922,14 @@ catman(struct man_node *manp, char **argv, int argc)
 	struct dupnode *dnp = NULL;
 	char   **realsecv;
 	/*
-	 * fakesecv[0] may be overwritten in dupcheck() so must be
-	 * kept out of .rodata.
+	 * May be overwritten in dupcheck() so must be kept out of .rodata.
 	 */
-	char   *fakesecv[2];
+	char	fakename[] = " catman ";
+	char	*fakesecv[2];
 
-	fakesecv[0] = strdup(" catman ");
+	fakesecv[0] = fakename;
 	fakesecv[1] = NULL;
 
-
 	for (p = manp; p != NULL; p = p->next) {
 		/*
 		 * prevent catman from doing very heavy lifting multiple
diff --git a/usr/src/cmd/mdb/common/mdb/mdb_disasm.c b/usr/src/cmd/mdb/common/mdb/mdb_disasm.c
index 063fda5640..47788bfa02 100644
--- a/usr/src/cmd/mdb/common/mdb/mdb_disasm.c
+++ b/usr/src/cmd/mdb/common/mdb/mdb_disasm.c
@@ -22,6 +22,9 @@
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
+/*
+ * Copyright 2011 Joyent, Inc.  All rights reserved.
+ */
 
 #include <mdb/mdb_disasm_impl.h>
 #include <mdb/mdb_modapi.h>
@@ -416,9 +419,17 @@ libdisasm_create(mdb_disasm_t *dp, const char *name,
 	return (0);
 }
 
-
 #if defined(__i386) || defined(__amd64)
 static int
+ia16_create(mdb_disasm_t *dp)
+{
+	return (libdisasm_create(dp,
+	    "ia16",
+	    "Intel 16-bit disassembler",
+	    DIS_X86_SIZE16));
+}
+
+static int
 ia32_create(mdb_disasm_t *dp)
 {
 	return (libdisasm_create(dp,
@@ -546,9 +557,11 @@ defdis_create(mdb_disasm_t *dp)
 mdb_dis_ctor_f *const mdb_dis_builtins[] = {
 	defdis_create,
 #if defined(__amd64)
+	ia16_create,
 	ia32_create,
 	amd64_create,
 #elif defined(__i386)
+	ia16_create,
 	ia32_create,
 #elif defined(__sparc)
 	sparc1_create,
diff --git a/usr/src/cmd/sed/sed.1 b/usr/src/cmd/sed/sed.1
deleted file mode 100644
index 0744630b57..0000000000
--- a/usr/src/cmd/sed/sed.1
+++ /dev/null
@@ -1,636 +0,0 @@
-.\" Copyright (c) 1992, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" This code is derived from software contributed to Berkeley by
-.\" the Institute of Electrical and Electronics Engineers, Inc.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)sed.1	8.2 (Berkeley) 12/30/93
-.\" $FreeBSD$
-.\"
-.Dd May 24, 2009
-.Dt SED 1
-.Os
-.Sh NAME
-.Nm sed
-.Nd stream editor
-.Sh SYNOPSIS
-.Nm
-.Op Fl Ealnr
-.Ar command
-.Op Ar
-.Nm
-.Op Fl Ealnr
-.Op Fl e Ar command
-.Op Fl f Ar command_file
-.Op Fl I Ar extension
-.Op Fl i Ar extension
-.Op Ar
-.Sh DESCRIPTION
-The
-.Nm
-utility reads the specified files, or the standard input if no files
-are specified, modifying the input as specified by a list of commands.
-The input is then written to the standard output.
-.Pp
-A single command may be specified as the first argument to
-.Nm .
-Multiple commands may be specified by using the
-.Fl e
-or
-.Fl f
-options.
-All commands are applied to the input in the order they are specified
-regardless of their origin.
-.Pp
-The following options are available:
-.Bl -tag -width indent
-.It Fl E
-Interpret regular expressions as extended (modern) regular expressions
-rather than basic regular expressions (BRE's).
-The
-.Xr re_format 7
-manual page fully describes both formats.
-.It Fl a
-The files listed as parameters for the
-.Dq w
-functions are created (or truncated) before any processing begins,
-by default.
-The
-.Fl a
-option causes
-.Nm
-to delay opening each file until a command containing the related
-.Dq w
-function is applied to a line of input.
-.It Fl e Ar command
-Append the editing commands specified by the
-.Ar command
-argument
-to the list of commands.
-.It Fl f Ar command_file
-Append the editing commands found in the file
-.Ar command_file
-to the list of commands.
-The editing commands should each be listed on a separate line.
-.It Fl I Ar extension
-Edit files in-place, saving backups with the specified
-.Ar extension .
-If a zero-length
-.Ar extension
-is given, no backup will be saved.
-It is not recommended to give a zero-length
-.Ar extension
-when in-place editing files, as you risk corruption or partial content
-in situations where disk space is exhausted, etc.
-.Pp
-Note that in-place editing with
-.Fl I
-still takes place in a single continuous line address space covering
-all files, although each file preserves its individuality instead of
-forming one output stream.
-The line counter is never reset between files, address ranges can span
-file boundaries, and the
-.Dq $
-address matches only the last line of the last file.
-(See
-.Sx "Sed Addresses" . )
-That can lead to unexpected results in many cases of in-place editing,
-where using
-.Fl i
-is desired.
-.It Fl i Ar extension
-Edit files in-place similarly to
-.Fl I ,
-but treat each file independently from other files.
-In particular, line numbers in each file start at 1,
-the
-.Dq $
-address matches the last line of the current file,
-and address ranges are limited to the current file.
-(See
-.Sx "Sed Addresses" . )
-The net result is as though each file were edited by a separate
-.Nm
-instance.
-.It Fl l
-Make output line buffered.
-.It Fl n
-By default, each line of input is echoed to the standard output after
-all of the commands have been applied to it.
-The
-.Fl n
-option suppresses this behavior.
-.It Fl r
-Same as
-.Fl E 
-for compatibility with GNU sed.
-.El
-.Pp
-The form of a
-.Nm
-command is as follows:
-.Pp
-.Dl [address[,address]]function[arguments]
-.Pp
-Whitespace may be inserted before the first address and the function
-portions of the command.
-.Pp
-Normally,
-.Nm
-cyclically copies a line of input, not including its terminating newline
-character, into a
-.Em "pattern space" ,
-(unless there is something left after a
-.Dq D
-function),
-applies all of the commands with addresses that select that pattern space,
-copies the pattern space to the standard output, appending a newline, and
-deletes the pattern space.
-.Pp
-Some of the functions use a
-.Em "hold space"
-to save all or part of the pattern space for subsequent retrieval.
-.Sh "Sed Addresses"
-An address is not required, but if specified must have one of the
-following formats:
-.Bl -bullet -offset indent
-.It
-a number that counts
-input lines
-cumulatively across input files (or in each file independently
-if a
-.Fl i
-option is in effect);
-.It
-a dollar
-.Pq Dq $
-character that addresses the last line of input (or the last line
-of the current file if a
-.Fl i
-option was specified);
-.It
-a context address
-that consists of a regular expression preceded and followed by a
-delimiter. The closing delimiter can also optionally be followed by the 
-.Dq I
-character, to indicate that the regular expression is to be matched
-in a case-insensitive way.
-.El
-.Pp
-A command line with no addresses selects every pattern space.
-.Pp
-A command line with one address selects all of the pattern spaces
-that match the address.
-.Pp
-A command line with two addresses selects an inclusive range.
-This
-range starts with the first pattern space that matches the first
-address.
-The end of the range is the next following pattern space
-that matches the second address.
-If the second address is a number
-less than or equal to the line number first selected, only that
-line is selected.
-The number in the second address may be prefixed with a
-.Pq Dq \&+
-to specify the number of lines to match after the first pattern.
-In the case when the second address is a context
-address,
-.Nm
-does not re-match the second address against the
-pattern space that matched the first address.
-Starting at the
-first line following the selected range,
-.Nm
-starts looking again for the first address.
-.Pp
-Editing commands can be applied to non-selected pattern spaces by use
-of the exclamation character
-.Pq Dq \&!
-function.
-.Sh "Sed Regular Expressions"
-The regular expressions used in
-.Nm ,
-by default, are basic regular expressions (BREs, see
-.Xr re_format 7
-for more information), but extended (modern) regular expressions can be used
-instead if the
-.Fl E
-flag is given.
-In addition,
-.Nm
-has the following two additions to regular expressions:
-.Pp
-.Bl -enum -compact
-.It
-In a context address, any character other than a backslash
-.Pq Dq \e
-or newline character may be used to delimit the regular expression.
-The opening delimiter needs to be preceded by a backslash
-unless it is a slash.
-For example, the context address
-.Li \exabcx
-is equivalent to
-.Li /abc/ .
-Also, putting a backslash character before the delimiting character
-within the regular expression causes the character to be treated literally.
-For example, in the context address
-.Li \exabc\exdefx ,
-the RE delimiter is an
-.Dq x
-and the second
-.Dq x
-stands for itself, so that the regular expression is
-.Dq abcxdef .
-.Pp
-.It
-The escape sequence \en matches a newline character embedded in the
-pattern space.
-You cannot, however, use a literal newline character in an address or
-in the substitute command.
-.El
-.Pp
-One special feature of
-.Nm
-regular expressions is that they can default to the last regular
-expression used.
-If a regular expression is empty, i.e., just the delimiter characters
-are specified, the last regular expression encountered is used instead.
-The last regular expression is defined as the last regular expression
-used as part of an address or substitute command, and at run-time, not
-compile-time.
-For example, the command
-.Dq /abc/s//XXX/
-will substitute
-.Dq XXX
-for the pattern
-.Dq abc .
-.Sh "Sed Functions"
-In the following list of commands, the maximum number of permissible
-addresses for each command is indicated by [0addr], [1addr], or [2addr],
-representing zero, one, or two addresses.
-.Pp
-The argument
-.Em text
-consists of one or more lines.
-To embed a newline in the text, precede it with a backslash.
-Other backslashes in text are deleted and the following character
-taken literally.
-.Pp
-The
-.Dq r
-and
-.Dq w
-functions take an optional file parameter, which should be separated
-from the function letter by white space.
-Each file given as an argument to
-.Nm
-is created (or its contents truncated) before any input processing begins.
-.Pp
-The
-.Dq b ,
-.Dq r ,
-.Dq s ,
-.Dq t ,
-.Dq w ,
-.Dq y ,
-.Dq \&! ,
-and
-.Dq \&:
-functions all accept additional arguments.
-The following synopses indicate which arguments have to be separated from
-the function letters by white space characters.
-.Pp
-Two of the functions take a function-list.
-This is a list of
-.Nm
-functions separated by newlines, as follows:
-.Bd -literal -offset indent
-{ function
-  function
-  ...
-  function
-}
-.Ed
-.Pp
-The
-.Dq {
-can be preceded by white space and can be followed by white space.
-The function can be preceded by white space.
-The terminating
-.Dq }
-must be preceded by a newline or optional white space.
-.Pp
-.Bl -tag -width "XXXXXX" -compact
-.It [2addr] function-list
-Execute function-list only when the pattern space is selected.
-.Pp
-.It [1addr]a\e
-.It text
-Write
-.Em text
-to standard output immediately before each attempt to read a line of input,
-whether by executing the
-.Dq N
-function or by beginning a new cycle.
-.Pp
-.It [2addr]b[label]
-Branch to the
-.Dq \&:
-function with the specified label.
-If the label is not specified, branch to the end of the script.
-.Pp
-.It [2addr]c\e
-.It text
-Delete the pattern space.
-With 0 or 1 address or at the end of a 2-address range,
-.Em text
-is written to the standard output.
-.Pp
-.It [2addr]d
-Delete the pattern space and start the next cycle.
-.Pp
-.It [2addr]D
-Delete the initial segment of the pattern space through the first
-newline character and start the next cycle.
-.Pp
-.It [2addr]g
-Replace the contents of the pattern space with the contents of the
-hold space.
-.Pp
-.It [2addr]G
-Append a newline character followed by the contents of the hold space
-to the pattern space.
-.Pp
-.It [2addr]h
-Replace the contents of the hold space with the contents of the
-pattern space.
-.Pp
-.It [2addr]H
-Append a newline character followed by the contents of the pattern space
-to the hold space.
-.Pp
-.It [1addr]i\e
-.It text
-Write
-.Em text
-to the standard output.
-.Pp
-.It [2addr]l
-(The letter ell.)
-Write the pattern space to the standard output in a visually unambiguous
-form.
-This form is as follows:
-.Pp
-.Bl -tag -width "carriage-returnXX" -offset indent -compact
-.It backslash
-\e\e
-.It alert
-\ea
-.It form-feed
-\ef
-.It carriage-return
-\er
-.It tab
-\et
-.It vertical tab
-\ev
-.El
-.Pp
-Nonprintable characters are written as three-digit octal numbers (with a
-preceding backslash) for each byte in the character (most significant byte
-first).
-Long lines are folded, with the point of folding indicated by displaying
-a backslash followed by a newline.
-The end of each line is marked with a
-.Dq $ .
-.Pp
-.It [2addr]n
-Write the pattern space to the standard output if the default output has
-not been suppressed, and replace the pattern space with the next line of
-input.
-.Pp
-.It [2addr]N
-Append the next line of input to the pattern space, using an embedded
-newline character to separate the appended material from the original
-contents.
-Note that the current line number changes.
-.Pp
-.It [2addr]p
-Write the pattern space to standard output.
-.Pp
-.It [2addr]P
-Write the pattern space, up to the first newline character to the
-standard output.
-.Pp
-.It [1addr]q
-Branch to the end of the script and quit without starting a new cycle.
-.Pp
-.It [1addr]r file
-Copy the contents of
-.Em file
-to the standard output immediately before the next attempt to read a
-line of input.
-If
-.Em file
-cannot be read for any reason, it is silently ignored and no error
-condition is set.
-.Pp
-.It [2addr]s/regular expression/replacement/flags
-Substitute the replacement string for the first instance of the regular
-expression in the pattern space.
-Any character other than backslash or newline can be used instead of
-a slash to delimit the RE and the replacement.
-Within the RE and the replacement, the RE delimiter itself can be used as
-a literal character if it is preceded by a backslash.
-.Pp
-An ampersand
-.Pq Dq &
-appearing in the replacement is replaced by the string matching the RE.
-The special meaning of
-.Dq &
-in this context can be suppressed by preceding it by a backslash.
-The string
-.Dq \e# ,
-where
-.Dq #
-is a digit, is replaced by the text matched
-by the corresponding backreference expression (see
-.Xr re_format 7 ) .
-.Pp
-A line can be split by substituting a newline character into it.
-To specify a newline character in the replacement string, precede it with
-a backslash.
-.Pp
-The value of
-.Em flags
-in the substitute function is zero or more of the following:
-.Bl -tag -width "XXXXXX" -offset indent
-.It Ar N
-Make the substitution only for the
-.Ar N Ns 'th
-occurrence of the regular expression in the pattern space.
-.It g
-Make the substitution for all non-overlapping matches of the
-regular expression, not just the first one.
-.It p
-Write the pattern space to standard output if a replacement was made.
-If the replacement string is identical to that which it replaces, it
-is still considered to have been a replacement.
-.It w Em file
-Append the pattern space to
-.Em file
-if a replacement was made.
-If the replacement string is identical to that which it replaces, it
-is still considered to have been a replacement.
-.It I
-Match the regular expression in a case-insensitive way.
-.El
-.Pp
-.It [2addr]t [label]
-Branch to the
-.Dq \&:
-function bearing the label if any substitutions have been made since the
-most recent reading of an input line or execution of a
-.Dq t
-function.
-If no label is specified, branch to the end of the script.
-.Pp
-.It [2addr]w Em file
-Append the pattern space to the
-.Em file .
-.Pp
-.It [2addr]x
-Swap the contents of the pattern and hold spaces.
-.Pp
-.It [2addr]y/string1/string2/
-Replace all occurrences of characters in
-.Em string1
-in the pattern space with the corresponding characters from
-.Em string2 .
-Any character other than a backslash or newline can be used instead of
-a slash to delimit the strings.
-Within
-.Em string1
-and
-.Em string2 ,
-a backslash followed by any character other than a newline is that literal
-character, and a backslash followed by an ``n'' is replaced by a newline
-character.
-.Pp
-.It [2addr]!function
-.It [2addr]!function-list
-Apply the function or function-list only to the lines that are
-.Em not
-selected by the address(es).
-.Pp
-.It [0addr]:label
-This function does nothing; it bears a label to which the
-.Dq b
-and
-.Dq t
-commands may branch.
-.Pp
-.It [1addr]=
-Write the line number to the standard output followed by a newline
-character.
-.Pp
-.It [0addr]
-Empty lines are ignored.
-.Pp
-.It [0addr]#
-The
-.Dq #
-and the remainder of the line are ignored (treated as a comment), with
-the single exception that if the first two characters in the file are
-.Dq #n ,
-the default output is suppressed.
-This is the same as specifying the
-.Fl n
-option on the command line.
-.El
-.Sh ENVIRONMENT
-The
-.Ev COLUMNS , LANG , LC_ALL , LC_CTYPE
-and
-.Ev LC_COLLATE
-environment variables affect the execution of
-.Nm
-as described in
-.Xr environ 7 .
-.Sh EXIT STATUS
-.Ex -std
-.Sh SEE ALSO
-.Xr awk 1 ,
-.Xr ed 1 ,
-.Xr grep 1 ,
-.Xr regex 3 ,
-.Xr re_format 7
-.Sh STANDARDS
-The
-.Nm
-utility is expected to be a superset of the
-.St -p1003.2
-specification.
-.Pp
-The
-.Fl E , I , a
-and
-.Fl i
-options, the prefixing
-.Dq \&+
-in the second member of an address range,
-as well as the
-.Dq I
-flag to the address regular expression and substitution command are
-non-standard
-.Fx
-extensions and may not be available on other operating systems.
-.Sh HISTORY
-A
-.Nm
-command, written by
-.An L. E. McMahon ,
-appeared in
-.At v7 .
-.Sh AUTHORS
-.An "Diomidis D. Spinellis" Aq dds@FreeBSD.org
-.Sh BUGS
-Multibyte characters containing a byte with value 0x5C
-.Tn ( ASCII
-.Ql \e )
-may be incorrectly treated as line continuation characters in arguments to the
-.Dq a ,
-.Dq c
-and
-.Dq i
-commands.
-Multibyte characters cannot be used as delimiters with the
-.Dq s
-and
-.Dq y
-commands.
diff --git a/usr/src/cmd/sed/sed.txt b/usr/src/cmd/sed/sed.txt
deleted file mode 100644
index 0845895cae..0000000000
--- a/usr/src/cmd/sed/sed.txt
+++ /dev/null
@@ -1,391 +0,0 @@
-SED(1)                    BSD General Commands Manual                   SED(1)
-
-NAME
-     sed -- stream editor
-
-SYNOPSIS
-     sed [-Ealnr] _c_o_m_m_a_n_d [_f_i_l_e _._._.]
-     sed [-Ealnr] [-e _c_o_m_m_a_n_d] [-f _c_o_m_m_a_n_d___f_i_l_e] [-I _e_x_t_e_n_s_i_o_n] [-i _e_x_t_e_n_s_i_o_n]
-         [_f_i_l_e _._._.]
-
-DESCRIPTION
-     The sed utility reads the specified files, or the standard input if no
-     files are specified, modifying the input as specified by a list of com-
-     mands.  The input is then written to the standard output.
-
-     A single command may be specified as the first argument to sed.  Multiple
-     commands may be specified by using the -e or -f options.  All commands
-     are applied to the input in the order they are specified regardless of
-     their origin.
-
-     The following options are available:
-
-     -E      Interpret regular expressions as extended (modern) regular
-             expressions rather than basic regular expressions (BRE's).  The
-             re_format(7) manual page fully describes both formats.
-
-     -a      The files listed as parameters for the ``w'' functions are cre-
-             ated (or truncated) before any processing begins, by default.
-             The -a option causes sed to delay opening each file until a com-
-             mand containing the related ``w'' function is applied to a line
-             of input.
-
-     -e _c_o_m_m_a_n_d
-             Append the editing commands specified by the _c_o_m_m_a_n_d argument to
-             the list of commands.
-
-     -f _c_o_m_m_a_n_d___f_i_l_e
-             Append the editing commands found in the file _c_o_m_m_a_n_d___f_i_l_e to the
-             list of commands.  The editing commands should each be listed on
-             a separate line.
-
-     -I _e_x_t_e_n_s_i_o_n
-             Edit files in-place, saving backups with the specified _e_x_t_e_n_s_i_o_n.
-             If a zero-length _e_x_t_e_n_s_i_o_n is given, no backup will be saved.  It
-             is not recommended to give a zero-length _e_x_t_e_n_s_i_o_n when in-place
-             editing files, as you risk corruption or partial content in situ-
-             ations where disk space is exhausted, etc.
-
-             Note that in-place editing with -I still takes place in a single
-             continuous line address space covering all files, although each
-             file preserves its individuality instead of forming one output
-             stream.  The line counter is never reset between files, address
-             ranges can span file boundaries, and the ``$'' address matches
-             only the last line of the last file.  (See _S_e_d _A_d_d_r_e_s_s_e_s.)  That
-             can lead to unexpected results in many cases of in-place editing,
-             where using -i is desired.
-
-     -i _e_x_t_e_n_s_i_o_n
-             Edit files in-place similarly to -I, but treat each file indepen-
-             dently from other files.  In particular, line numbers in each
-             file start at 1, the ``$'' address matches the last line of the
-             current file, and address ranges are limited to the current file.
-             (See _S_e_d _A_d_d_r_e_s_s_e_s.)  The net result is as though each file were
-             edited by a separate sed instance.
-
-     -l      Make output line buffered.
-
-     -n      By default, each line of input is echoed to the standard output
-             after all of the commands have been applied to it.  The -n option
-             suppresses this behavior.
-
-     -r      Same as -E for compatibility with GNU sed.
-
-     The form of a sed command is as follows:
-
-           [address[,address]]function[arguments]
-
-     Whitespace may be inserted before the first address and the function por-
-     tions of the command.
-
-     Normally, sed cyclically copies a line of input, not including its termi-
-     nating newline character, into a _p_a_t_t_e_r_n _s_p_a_c_e, (unless there is some-
-     thing left after a ``D'' function), applies all of the commands with
-     addresses that select that pattern space, copies the pattern space to the
-     standard output, appending a newline, and deletes the pattern space.
-
-     Some of the functions use a _h_o_l_d _s_p_a_c_e to save all or part of the pattern
-     space for subsequent retrieval.
-
-Sed Addresses
-     An address is not required, but if specified must have one of the follow-
-     ing formats:
-
-           +o   a number that counts input lines cumulatively across input
-               files (or in each file independently if a -i option is in
-               effect);
-
-           +o   a dollar (``$'') character that addresses the last line of
-               input (or the last line of the current file if a -i option was
-               specified);
-
-           +o   a context address that consists of a regular expression pre-
-               ceded and followed by a delimiter. The closing delimiter can
-               also optionally be followed by the ``I'' character, to indicate
-               that the regular expression is to be matched in a case-insensi-
-               tive way.
-
-     A command line with no addresses selects every pattern space.
-
-     A command line with one address selects all of the pattern spaces that
-     match the address.
-
-     A command line with two addresses selects an inclusive range.  This range
-     starts with the first pattern space that matches the first address.  The
-     end of the range is the next following pattern space that matches the
-     second address.  If the second address is a number less than or equal to
-     the line number first selected, only that line is selected.  The number
-     in the second address may be prefixed with a (``+'') to specify the num-
-     ber of lines to match after the first pattern.  In the case when the sec-
-     ond address is a context address, sed does not re-match the second
-     address against the pattern space that matched the first address.  Start-
-     ing at the first line following the selected range, sed starts looking
-     again for the first address.
-
-     Editing commands can be applied to non-selected pattern spaces by use of
-     the exclamation character (``!'') function.
-
-Sed Regular Expressions
-     The regular expressions used in sed, by default, are basic regular
-     expressions (BREs, see re_format(7) for more information), but extended
-     (modern) regular expressions can be used instead if the -E flag is given.
-     In addition, sed has the following two additions to regular expressions:
-
-     1.   In a context address, any character other than a backslash (``\'')
-          or newline character may be used to delimit the regular expression.
-          The opening delimiter needs to be preceded by a backslash unless it
-          is a slash.  For example, the context address \xabcx is equivalent
-          to /abc/.  Also, putting a backslash character before the delimiting
-          character within the regular expression causes the character to be
-          treated literally.  For example, in the context address \xabc\xdefx,
-          the RE delimiter is an ``x'' and the second ``x'' stands for itself,
-          so that the regular expression is ``abcxdef''.
-
-     2.   The escape sequence \n matches a newline character embedded in the
-          pattern space.  You cannot, however, use a literal newline character
-          in an address or in the substitute command.
-
-     One special feature of sed regular expressions is that they can default
-     to the last regular expression used.  If a regular expression is empty,
-     i.e., just the delimiter characters are specified, the last regular
-     expression encountered is used instead.  The last regular expression is
-     defined as the last regular expression used as part of an address or sub-
-     stitute command, and at run-time, not compile-time.  For example, the
-     command ``/abc/s//XXX/'' will substitute ``XXX'' for the pattern ``abc''.
-
-Sed Functions
-     In the following list of commands, the maximum number of permissible
-     addresses for each command is indicated by [0addr], [1addr], or [2addr],
-     representing zero, one, or two addresses.
-
-     The argument _t_e_x_t consists of one or more lines.  To embed a newline in
-     the text, precede it with a backslash.  Other backslashes in text are
-     deleted and the following character taken literally.
-
-     The ``r'' and ``w'' functions take an optional file parameter, which
-     should be separated from the function letter by white space.  Each file
-     given as an argument to sed is created (or its contents truncated) before
-     any input processing begins.
-
-     The ``b'', ``r'', ``s'', ``t'', ``w'', ``y'', ``!'', and ``:'' functions
-     all accept additional arguments.  The following synopses indicate which
-     arguments have to be separated from the function letters by white space
-     characters.
-
-     Two of the functions take a function-list.  This is a list of sed func-
-     tions separated by newlines, as follows:
-
-           { function
-             function
-             ...
-             function
-           }
-
-     The ``{'' can be preceded by white space and can be followed by white
-     space.  The function can be preceded by white space.  The terminating
-     ``}'' must be preceded by a newline or optional white space.
-
-     [2addr] function-list
-             Execute function-list only when the pattern space is selected.
-
-     [1addr]a\
-     text    Write _t_e_x_t to standard output immediately before each attempt to
-             read a line of input, whether by executing the ``N'' function or
-             by beginning a new cycle.
-
-     [2addr]b[label]
-             Branch to the ``:'' function with the specified label.  If the
-             label is not specified, branch to the end of the script.
-
-     [2addr]c\
-     text    Delete the pattern space.  With 0 or 1 address or at the end of a
-             2-address range, _t_e_x_t is written to the standard output.
-
-     [2addr]d
-             Delete the pattern space and start the next cycle.
-
-     [2addr]D
-             Delete the initial segment of the pattern space through the first
-             newline character and start the next cycle.
-
-     [2addr]g
-             Replace the contents of the pattern space with the contents of
-             the hold space.
-
-     [2addr]G
-             Append a newline character followed by the contents of the hold
-             space to the pattern space.
-
-     [2addr]h
-             Replace the contents of the hold space with the contents of the
-             pattern space.
-
-     [2addr]H
-             Append a newline character followed by the contents of the pat-
-             tern space to the hold space.
-
-     [1addr]i\
-     text    Write _t_e_x_t to the standard output.
-
-     [2addr]l
-             (The letter ell.)  Write the pattern space to the standard output
-             in a visually unambiguous form.  This form is as follows:
-
-                   backslash          \\
-                   alert              \a
-                   form-feed          \f
-                   carriage-return    \r
-                   tab                \t
-                   vertical tab       \v
-
-             Nonprintable characters are written as three-digit octal numbers
-             (with a preceding backslash) for each byte in the character (most
-             significant byte first).  Long lines are folded, with the point
-             of folding indicated by displaying a backslash followed by a new-
-             line.  The end of each line is marked with a ``$''.
-
-     [2addr]n
-             Write the pattern space to the standard output if the default
-             output has not been suppressed, and replace the pattern space
-             with the next line of input.
-
-     [2addr]N
-             Append the next line of input to the pattern space, using an
-             embedded newline character to separate the appended material from
-             the original contents.  Note that the current line number
-             changes.
-
-     [2addr]p
-             Write the pattern space to standard output.
-
-     [2addr]P
-             Write the pattern space, up to the first newline character to the
-             standard output.
-
-     [1addr]q
-             Branch to the end of the script and quit without starting a new
-             cycle.
-
-     [1addr]r file
-             Copy the contents of _f_i_l_e to the standard output immediately
-             before the next attempt to read a line of input.  If _f_i_l_e cannot
-             be read for any reason, it is silently ignored and no error con-
-             dition is set.
-
-     [2addr]s/regular expression/replacement/flags
-             Substitute the replacement string for the first instance of the
-             regular expression in the pattern space.  Any character other
-             than backslash or newline can be used instead of a slash to
-             delimit the RE and the replacement.  Within the RE and the
-             replacement, the RE delimiter itself can be used as a literal
-             character if it is preceded by a backslash.
-
-             An ampersand (``&'') appearing in the replacement is replaced by
-             the string matching the RE.  The special meaning of ``&'' in this
-             context can be suppressed by preceding it by a backslash.  The
-             string ``\#'', where ``#'' is a digit, is replaced by the text
-             matched by the corresponding backreference expression (see
-             re_format(7)).
-
-             A line can be split by substituting a newline character into it.
-             To specify a newline character in the replacement string, precede
-             it with a backslash.
-
-             The value of _f_l_a_g_s in the substitute function is zero or more of
-             the following:
-
-                   _N       Make the substitution only for the _N'th occurrence
-                           of the regular expression in the pattern space.
-
-                   g       Make the substitution for all non-overlapping
-                           matches of the regular expression, not just the
-                           first one.
-
-                   p       Write the pattern space to standard output if a
-                           replacement was made.  If the replacement string is
-                           identical to that which it replaces, it is still
-                           considered to have been a replacement.
-
-                   w _f_i_l_e  Append the pattern space to _f_i_l_e if a replacement
-                           was made.  If the replacement string is identical
-                           to that which it replaces, it is still considered
-                           to have been a replacement.
-
-                   I       Match the regular expression in a case-insensitive
-                           way.
-
-     [2addr]t [label]
-             Branch to the ``:'' function bearing the label if any substitu-
-             tions have been made since the most recent reading of an input
-             line or execution of a ``t'' function.  If no label is specified,
-             branch to the end of the script.
-
-     [2addr]w _f_i_l_e
-             Append the pattern space to the _f_i_l_e.
-
-     [2addr]x
-             Swap the contents of the pattern and hold spaces.
-
-     [2addr]y/string1/string2/
-             Replace all occurrences of characters in _s_t_r_i_n_g_1 in the pattern
-             space with the corresponding characters from _s_t_r_i_n_g_2.  Any char-
-             acter other than a backslash or newline can be used instead of a
-             slash to delimit the strings.  Within _s_t_r_i_n_g_1 and _s_t_r_i_n_g_2, a
-             backslash followed by any character other than a newline is that
-             literal character, and a backslash followed by an ``n'' is
-             replaced by a newline character.
-
-     [2addr]!function
-     [2addr]!function-list
-             Apply the function or function-list only to the lines that are
-             _n_o_t selected by the address(es).
-
-     [0addr]:label
-             This function does nothing; it bears a label to which the ``b''
-             and ``t'' commands may branch.
-
-     [1addr]=
-             Write the line number to the standard output followed by a new-
-             line character.
-
-     [0addr]
-             Empty lines are ignored.
-
-     [0addr]#
-             The ``#'' and the remainder of the line are ignored (treated as a
-             comment), with the single exception that if the first two charac-
-             ters in the file are ``#n'', the default output is suppressed.
-             This is the same as specifying the -n option on the command line.
-
-ENVIRONMENT
-     The COLUMNS, LANG, LC_ALL, LC_CTYPE and LC_COLLATE environment variables
-     affect the execution of sed as described in environ(7).
-
-EXIT STATUS
-     The sed utility exits 0 on success, and >0 if an error occurs.
-
-SEE ALSO
-     awk(1), ed(1), grep(1), regex(3), re_format(7)
-
-STANDARDS
-     The sed utility is expected to be a superset of the IEEE Std 1003.2
-     (``POSIX.2'') specification.
-
-     The -E, -I, -a and -i options, the prefixing ``+'' in the second member
-     of an address range, as well as the ``I'' flag to the address regular
-     expression and substitution command are non-standard FreeBSD extensions
-     and may not be available on other operating systems.
-
-HISTORY
-     A sed command, written by L. E. McMahon, appeared in Version 7 AT&T UNIX.
-
-AUTHORS
-     Diomidis D. Spinellis <dds@FreeBSD.org>
-
-BUGS
-     Multibyte characters containing a byte with value 0x5C (ASCII `\') may be
-     incorrectly treated as line continuation characters in arguments to the
-     ``a'', ``c'' and ``i'' commands.  Multibyte characters cannot be used as
-     delimiters with the ``s'' and ``y'' commands.
-
-BSD                              May 24, 2009                              BSD
diff --git a/usr/src/cmd/sgs/libld/common/outfile.c b/usr/src/cmd/sgs/libld/common/outfile.c
index a817675ece..447d3a19b7 100644
--- a/usr/src/cmd/sgs/libld/common/outfile.c
+++ b/usr/src/cmd/sgs/libld/common/outfile.c
@@ -712,9 +712,9 @@ ld_create_outfile(Ofl_desc *ofl)
 					break;
 
 				d = elf_getdata(osp->os_scn, NULL);
-				assert(d != NULL);
 
-				d->d_align = pad_align;
+				if (d != NULL)
+					d->d_align = pad_align;
 			}
 		}
 	}
diff --git a/usr/src/cmd/ssh/libopenbsd-compat/common/glob.c b/usr/src/cmd/ssh/libopenbsd-compat/common/glob.c
index 87727fd96e..2688cccaee 100644
--- a/usr/src/cmd/ssh/libopenbsd-compat/common/glob.c
+++ b/usr/src/cmd/ssh/libopenbsd-compat/common/glob.c
@@ -37,18 +37,6 @@
 #include "includes.h"
 #include <ctype.h>
 
-static long
-get_arg_max(void)
-{
-#ifdef ARG_MAX
-	return(ARG_MAX);
-#elif defined(HAVE_SYSCONF) && defined(_SC_ARG_MAX)
-	return(sysconf(_SC_ARG_MAX));
-#else
-	return(256); /* XXX: arbitrary */
-#endif
-}
-
 #if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \
     !defined(GLOB_HAS_GL_MATCHC)
 
@@ -137,13 +125,21 @@ typedef char Char;
 #define	ismeta(c)	(((c)&M_QUOTE) != 0)
 
 
+#define	GLOB_LIMIT_MALLOC	65536
+#define	GLOB_LIMIT_STAT		128
+#define	GLOB_LIMIT_READDIR	16384
+
+#define	GLOB_INDEX_MALLOC	0
+#define	GLOB_INDEX_STAT		1
+#define	GLOB_INDEX_READDIR	2
+
 static int	 compare(const void *, const void *);
 static int	 g_Ctoc(const Char *, char *, u_int);
 static int	 g_lstat(Char *, struct stat *, glob_t *);
 static DIR	*g_opendir(Char *, glob_t *);
 static Char	*g_strchr(Char *, int);
 static int	 g_stat(Char *, struct stat *, glob_t *);
-static int	 glob0(const Char *, glob_t *);
+static int	 glob0(const Char *, glob_t *, size_t *);
 static int	 glob1(Char *, Char *, glob_t *, size_t *);
 static int	 glob2(Char *, Char *, Char *, Char *, Char *, Char *,
 		    glob_t *, size_t *);
@@ -152,8 +148,9 @@ static int	 glob3(Char *, Char *, Char *, Char *, Char *, Char *,
 static int	 globextend(const Char *, glob_t *, size_t *);
 static const Char *
 		 globtilde(const Char *, Char *, size_t, glob_t *);
-static int	 globexp1(const Char *, glob_t *);
-static int	 globexp2(const Char *, const Char *, glob_t *, int *);
+static int	 globexp1(const Char *, glob_t *, size_t *);
+static int	 globexp2(const Char *, const Char *, glob_t *, int *,
+			  size_t *);
 static int	 match(Char *, Char *, Char *);
 #ifdef DEBUG
 static void	 qprintf(const char *, Char *);
@@ -168,6 +165,8 @@ glob(pattern, flags, errfunc, pglob)
 	const u_char *patnext;
 	int c;
 	Char *bufnext, *bufend, patbuf[MAXPATHLEN];
+	/* 0 = malloc(), 1 = stat(), 2 = readdir() */
+	static size_t limit[] = { 0, 0, 0 };
 
 	patnext = (u_char *) pattern;
 	if (!(flags & GLOB_APPEND)) {
@@ -200,9 +199,9 @@ glob(pattern, flags, errfunc, pglob)
 	*bufnext = EOS;
 
 	if (flags & GLOB_BRACE)
-		return globexp1(patbuf, pglob);
+		return globexp1(patbuf, pglob, limit);
 	else
-		return glob0(patbuf, pglob);
+		return glob0(patbuf, pglob, limit);
 }
 
 /*
@@ -211,22 +210,23 @@ glob(pattern, flags, errfunc, pglob)
  * characters
  */
 static int
-globexp1(pattern, pglob)
+globexp1(pattern, pglob, limit)
 	const Char *pattern;
 	glob_t *pglob;
+	size_t *limit;
 {
 	const Char* ptr = pattern;
 	int rv;
 
 	/* Protect a single {}, for find(1), like csh */
 	if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS)
-		return glob0(pattern, pglob);
+		return glob0(pattern, pglob, limit);
 
 	while ((ptr = (const Char *) g_strchr((Char *) ptr, LBRACE)) != NULL)
-		if (!globexp2(ptr, pattern, pglob, &rv))
+		if (!globexp2(ptr, pattern, pglob, &rv, limit))
 			return rv;
 
-	return glob0(pattern, pglob);
+	return glob0(pattern, pglob, limit);
 }
 
 
@@ -236,10 +236,11 @@ globexp1(pattern, pglob)
  * If it fails then it tries to glob the rest of the pattern and returns.
  */
 static int
-globexp2(ptr, pattern, pglob, rv)
+globexp2(ptr, pattern, pglob, rv, limit)
 	const Char *ptr, *pattern;
 	glob_t *pglob;
 	int *rv;
+	size_t *limit;
 {
 	int     i;
 	Char   *lm, *ls;
@@ -275,7 +276,7 @@ globexp2(ptr, pattern, pglob, rv)
 
 	/* Non matching braces; just glob the pattern */
 	if (i != 0 || *pe == EOS) {
-		*rv = glob0(patbuf, pglob);
+		*rv = glob0(patbuf, pglob, limit);
 		return 0;
 	}
 
@@ -323,7 +324,7 @@ globexp2(ptr, pattern, pglob, rv)
 #ifdef DEBUG
 				qprintf("globexp2:", patbuf);
 #endif
-				*rv = globexp1(patbuf, pglob);
+				*rv = globexp1(patbuf, pglob, limit);
 
 				/* move after the comma, to the next string */
 				pl = pm + 1;
@@ -416,14 +417,14 @@ globtilde(pattern, patbuf, patbuf_len, pglob)
  * to find no matches.
  */
 static int
-glob0(pattern, pglob)
+glob0(pattern, pglob, limit)
 	const Char *pattern;
 	glob_t *pglob;
+	size_t *limit;
 {
 	const Char *qpatnext;
 	int c, err, oldpathc;
 	Char *bufnext, patbuf[MAXPATHLEN];
-	size_t limit = 0;
 
 	qpatnext = globtilde(pattern, patbuf, MAXPATHLEN, pglob);
 	oldpathc = pglob->gl_pathc;
@@ -481,7 +482,7 @@ glob0(pattern, pglob)
 	qprintf("glob0:", patbuf);
 #endif
 
-	if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, &limit)) != 0)
+	if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, limit)) != 0)
 		return(err);
 
 	/*
@@ -494,7 +495,7 @@ glob0(pattern, pglob)
 		if ((pglob->gl_flags & GLOB_NOCHECK) ||
 		    ((pglob->gl_flags & GLOB_NOMAGIC) &&
 		    !(pglob->gl_flags & GLOB_MAGCHAR)))
-			return(globextend(pattern, pglob, &limit));
+			return(globextend(pattern, pglob, limit));
 		else
 			return(GLOB_NOMATCH);
 	}
@@ -512,10 +513,10 @@ compare(p, q)
 }
 
 static int
-glob1(pattern, pattern_last, pglob, limitp)
+glob1(pattern, pattern_last, pglob, limit)
 	Char *pattern, *pattern_last;
 	glob_t *pglob;
-	size_t *limitp;
+	size_t *limit;
 {
 	Char pathbuf[MAXPATHLEN];
 
@@ -524,7 +525,7 @@ glob1(pattern, pattern_last, pglob, limitp)
 		return(0);
 	return(glob2(pathbuf, pathbuf+MAXPATHLEN-1,
 	    pathbuf, pathbuf+MAXPATHLEN-1,
-	    pattern, pattern_last, pglob, limitp));
+	    pattern, pattern_last, pglob, limit));
 }
 
 /*
@@ -534,11 +535,11 @@ glob1(pattern, pattern_last, pglob, limitp)
  */
 static int
 glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern,
-    pattern_last, pglob, limitp)
+    pattern_last, pglob, limit)
 	Char *pathbuf, *pathbuf_last, *pathend, *pathend_last;
 	Char *pattern, *pattern_last;
 	glob_t *pglob;
-	size_t *limitp;
+	size_t *limit;
 {
 	struct stat sb;
 	Char *p, *q;
@@ -554,6 +555,14 @@ glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern,
 			if (g_lstat(pathbuf, &sb, pglob))
 				return(0);
 
+			if ((pglob->gl_flags & GLOB_LIMIT) &&
+			    limit[GLOB_INDEX_STAT]++ >= GLOB_LIMIT_STAT) {
+				errno = 0;
+				*pathend++ = SEP;
+				*pathend = EOS;
+				return GLOB_NOSPACE;
+			}
+
 			if (((pglob->gl_flags & GLOB_MARK) &&
 			    pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) ||
 			    (S_ISLNK(sb.st_mode) &&
@@ -565,7 +574,7 @@ glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern,
 				*pathend = EOS;
 			}
 			++pglob->gl_matchc;
-			return(globextend(pathbuf, pglob, limitp));
+			return(globextend(pathbuf, pglob, limit));
 		}
 
 		/* Find end of next segment, copy tentatively to pathend. */
@@ -591,18 +600,18 @@ glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern,
 			/* Need expansion, recurse. */
 			return(glob3(pathbuf, pathbuf_last, pathend,
 			    pathend_last, pattern, pattern_last,
-			    p, pattern_last, pglob, limitp));
+			    p, pattern_last, pglob, limit));
 	}
 	/* NOTREACHED */
 }
 
 static int
 glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
-    restpattern, restpattern_last, pglob, limitp)
+    restpattern, restpattern_last, pglob, limit)
 	Char *pathbuf, *pathbuf_last, *pathend, *pathend_last;
 	Char *pattern, *pattern_last, *restpattern, *restpattern_last;
 	glob_t *pglob;
-	size_t *limitp;
+	size_t *limit;
 {
 	register struct dirent *dp;
 	DIR *dirp;
@@ -645,6 +654,14 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
 		register u_char *sc;
 		register Char *dc;
 
+		if ((pglob->gl_flags & GLOB_LIMIT) &&
+		    limit[GLOB_INDEX_READDIR]++ >= GLOB_LIMIT_READDIR) {
+			errno = 0;
+			*pathend++ = SEP;
+			*pathend = EOS;
+			return GLOB_NOSPACE;
+		}
+
 		/* Initial DOT must be matched literally. */
 		if (dp->d_name[0] == DOT && *pattern != DOT)
 			continue;
@@ -663,7 +680,7 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
 			continue;
 		}
 		err = glob2(pathbuf, pathbuf_last, --dc, pathend_last,
-		    restpattern, restpattern_last, pglob, limitp);
+		    restpattern, restpattern_last, pglob, limit);
 		if (err)
 			break;
 	}
@@ -691,10 +708,10 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
  *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
  */
 static int
-globextend(path, pglob, limitp)
+globextend(path, pglob, limit)
 	const Char *path;
 	glob_t *pglob;
-	size_t *limitp;
+	size_t *limit;
 {
 	register char **pathv;
 	register int i;
@@ -724,7 +741,7 @@ globextend(path, pglob, limitp)
 	for (p = path; *p++;)
 		;
 	len = (size_t)(p - path);
-	*limitp += len;
+	limit[GLOB_INDEX_MALLOC] += len;
 	if ((copy = malloc(len)) != NULL) {
 		if (g_Ctoc(path, copy, len)) {
 			free(copy);
@@ -733,11 +750,10 @@ globextend(path, pglob, limitp)
 		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
 	}
 	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
-
 	if ((pglob->gl_flags & GLOB_LIMIT) &&
-	    newsize + *limitp >= (u_int) get_arg_max()) {
+		(newsize + limit[GLOB_INDEX_MALLOC]) >= GLOB_LIMIT_MALLOC) {
 		errno = 0;
-		return(GLOB_NOSPACE);
+		return GLOB_NOSPACE;
 	}
 
 	return(copy == NULL ? GLOB_NOSPACE : 0);
@@ -915,4 +931,3 @@ qprintf(str, s)
           !defined(GLOB_HAS_GL_MATCHC) */
 
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
diff --git a/usr/src/cmd/ssh/sftp/sftp-glob.c b/usr/src/cmd/ssh/sftp/sftp-glob.c
index 856b3a2635..626e80922a 100644
--- a/usr/src/cmd/ssh/sftp/sftp-glob.c
+++ b/usr/src/cmd/ssh/sftp/sftp-glob.c
@@ -16,8 +16,6 @@
 
 /* $OpenBSD: sftp-glob.c,v 1.22 2006/08/03 03:34:42 deraadt Exp $ */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include "includes.h"
 
 #include <sys/types.h>
@@ -151,5 +149,5 @@ remote_glob(struct sftp_conn *conn, const char *pattern, int flags,
 	memset(&cur, 0, sizeof(cur));
 	cur.conn = conn;
 
-	return(glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob));
+	return(glob(pattern, flags|GLOB_LIMIT|GLOB_ALTDIRFUNC, errfunc, pglob));
 }
diff --git a/usr/src/cmd/ssh/sftp/sftp.c b/usr/src/cmd/ssh/sftp/sftp.c
index 9b5caac074..10b971f02c 100644
--- a/usr/src/cmd/ssh/sftp/sftp.c
+++ b/usr/src/cmd/ssh/sftp/sftp.c
@@ -617,7 +617,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
 
 	memset(&g, 0, sizeof(g));
 	debug3("Looking up %s", src);
-	if (glob(src, 0, NULL, &g)) {
+	if (glob(src, GLOB_LIMIT, NULL, &g)) {
 		error("File \"%s\" not found.", src);
 		err = -1;
 		goto out;
diff --git a/usr/src/cmd/svc/milestone/net-loc b/usr/src/cmd/svc/milestone/net-loc
index f5419c297c..e4d0a8c994 100644
--- a/usr/src/cmd/svc/milestone/net-loc
+++ b/usr/src/cmd/svc/milestone/net-loc
@@ -202,9 +202,11 @@ do_dns () {
 			    dns-nameservice-search`
 			;;
 		'dhcp')
-			DNS_DOMAIN=`get_dhcpinfo DNSdmain`
+			DNS_SEARCH=`get_dhcpinfo DNSdmain`
 			DNS_SERVERS=`get_dhcpinfo DNSserv`
-			# No DNS search info for IPv4
+			# Use first search list entry as default domain
+			set -- $DNS_SEARCH
+			DNS_DOMAIN=$1
 			;;
 		'*')
 			echo "Unrecognized DNS configsrc ${configsrc}; ignoring"
diff --git a/usr/src/cmd/tcpd/BLURB b/usr/src/cmd/tcpd/BLURB
deleted file mode 100644
index 69178c1ae2..0000000000
--- a/usr/src/cmd/tcpd/BLURB
+++ /dev/null
@@ -1,36 +0,0 @@
-@(#) BLURB 1.28 97/03/21 19:27:18
-
-With this package you can monitor and filter incoming requests for the
-SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other
-network services.
-
-The package provides tiny daemon wrapper programs that can be installed
-without any changes to existing software or to existing configuration
-files.  The wrappers report the name of the client host and of the
-requested service; the wrappers do not exchange information with the
-client or server applications, and impose no overhead on the actual
-conversation between the client and server applications.
-
-This patch upgrades the tcp wrappers version 7.5 source code to
-version 7.6.  The source-routing protection in version 7.5 was not
-as strong as it could be. And all this effort was not needed with
-modern UNIX systems that can already stop source-routed traffic in
-the kernel. Examples are 4.4BSD derivatives, Solaris 2.x, and Linux.
-
-This release does not introduce new features. Do not bother applying
-this patch when you built your version 7.x tcp wrapper without
-enabling the KILL_IP_OPTIONS compiler switch; when you can disable
-IP source routing options in the kernel; when you run a UNIX version
-that pre-dates 4.4BSD, such as SunOS 4. Such systems are unable to
-receive source-routed connections and are therefore not vulnerable
-to IP spoofing attacks with source-routed TCP connections.
-
-A complete change log is given in the CHANGES document.  As always,
-problem reports and suggestions for improvement are welcome.
-
-	Wietse Venema (wietse@wzv.win.tue.nl),
-	Department of Mathematics and Computing Science,
-	Eindhoven University of Technology,
-	The Netherlands.
-
-	Currently visiting IBM T.J. Watson Research, Hawthorne NY, USA.
diff --git a/usr/src/cmd/tcpd/Banners.Makefile b/usr/src/cmd/tcpd/Banners.Makefile
deleted file mode 100644
index 915e3dd967..0000000000
--- a/usr/src/cmd/tcpd/Banners.Makefile
+++ /dev/null
@@ -1,70 +0,0 @@
-# @(#) Banners.Makefile 1.3 97/02/12 02:13:18
-#
-# Install this file as the Makefile in your directory with banner files.
-# It will convert a prototype banner text to a form that is suitable for
-# the ftp, telnet, rlogin, and other services. 
-# 
-# You'll have to comment out the IN definition below if your daemon
-# names don't start with `in.'.
-#
-# The prototype text should live in the banners directory, as a file with
-# the name "prototype". In the prototype text you can use %<character>
-# sequences as described in the hosts_access.5 manual page (`nroff -man'
-# format).  The sequences will be expanded while the banner message is
-# sent to the client. For example:
-#
-#	Hello %u@%h, what brings you here?
-#
-# Expands to: Hello username@hostname, what brings you here? Note: the
-# use of %u forces a client username lookup.
-#
-# In order to use banners, build the tcp wrapper with -DPROCESS_OPTIONS
-# and use hosts.allow rules like this:
-#
-#	daemons ... : clients ... : banners /some/directory ...
-#
-# Of course, nothing prevents you from using multiple banner directories.
-# For example, one banner directory for clients that are granted service,
-# one banner directory for rejected clients, and one banner directory for
-# clients with a hostname problem.
-#
-SHELL	= /bin/sh
-IN	= in.
-BANNERS	= $(IN)telnetd $(IN)ftpd $(IN)rlogind # $(IN)fingerd $(IN)rshd
-
-all:	$(BANNERS)
-
-$(IN)telnetd: prototype
-	cp prototype $@
-	chmod 644 $@
-
-$(IN)ftpd: prototype
-	sed 's/^/220-/' prototype > $@
-	chmod 644 $@
-
-$(IN)rlogind: prototype nul
-	( ./nul ; cat prototype ) > $@
-	chmod 644 $@
-
-# Other services: banners may interfere with normal operation
-# so they should probably be used only when refusing service.
-# In particular, banners don't work with standard rsh daemons.
-# You would have to use an rshd that has built-in tcp wrapper
-# support, for example the rshd that is part of the logdaemon
-# utilities.
-
-$(IN)fingerd: prototype
-	cp prototype $@
-	chmod 644 $@
-
-$(IN)rshd: prototype nul
-	( ./nul ; cat prototype ) > $@
-	chmod 644 $@
-
-# In case no /dev/zero available, let's hope they have at least
-# a C compiler of some sort.
-
-nul:
-	echo 'main() { write(1,"",1); return(0); }' >nul.c
-	$(CC) $(CFLAGS) -s -o nul nul.c
-	rm -f nul.c
diff --git a/usr/src/cmd/tcpd/CHANGES b/usr/src/cmd/tcpd/CHANGES
deleted file mode 100644
index e68ee750e0..0000000000
--- a/usr/src/cmd/tcpd/CHANGES
+++ /dev/null
@@ -1,451 +0,0 @@
-Request: after building the programs, please run the `tcpdchk' wrapper
-configuration checker. See the `tcpdchk.8' manual page (`nroff -man'
-format) for instructions. `tcpdchk' automatically identifies the most
-common configuration problems, and will save you and me a lot of time.
-
-Changes per release 7.6 (Mar 1997)
-==================================
-
-- Improved the anti source-routing protection. The code in version
-7.5 was not as strong as it could be, because I tried to be compatible
-with Linux. That was a mistake. Sorry for the inconvenience.
-
-- The program no longer terminates case of a source-routed connection,
-making the IP-spoofing code more usable for long-running daemons.
-
-- When syslogging DNS hostname problems, always stop after a limited
-number of characters.
-
-Changes per release 7.5 (Feb 1997)
-==================================
-
-- Optionally refuse source-routed TCP connections requests altogether.
-Credits to Niels Provos of Universitaet Hamburg.  File: fix_options.c.
-
-- Support for IRIX 6 (Lael Tucker).
-
-- Support for Amdahl UTS 2.1.5 (Richard E. Richmond).
-
-- Support for SINIX 5.42 (Klaus Nielsen).
-
-- SCO 5 now has vsyslog() (Bill Golden).
-
-- Hints and tips for dealing with IRIX inetd (Niko Makila, Aaron
-M Lee).
-
-- Support for BSD/OS (Paul Borman).
-
-- Support for Tandem (Emad Qawas).
-
-- Support for ISC (Frederick B. Cohen).
-
-- Workaround for UNICOS - it would choke on a setjmp() expression
-(Bruce Kelly). File: hosts_access.c, tcpdchk.c.
-
-- Increased the level of buffer overflow paranoia when printing
-unwanted IP options.  File: fix_options.c.
-
-Changes per release 7.4 (Mar 1996)
-==================================
-
-- IRIX 5.3 (and possibly, earlier releases, too) library routines call
-the non-reentrant strtok() routine. The result is that hosts may slip
-through allow/deny filters. Workaround is to not rely on the vendor's
-strtok() routine (#ifdef LIBC_CALLS_STRTOK). Credits to Th. Eifert
-(Aachen University) for spotting this one. This fix supersedes the
-earlier workaround for a similar problem in FreeBSD 2.0.
-
-Changes per release 7.3 (Feb 1996)
-==================================
-
-- More tests added to tcpdchk and tcpdmatch: make sure that the
-REAL_DAEMON_DIR actually is a directory and not a regular file;
-detect if tcpd recursively calls itself.
-
-- Edwin Kremer found an amusing fencepost error in the xgets()
-routine: lines longer than BUFLEN characters would be garbled.
-
-- The access control routines now refuse to execute "dangerous" actions
-such as `twist' when they are called from within a resident process.
-This prevents you from shooting yourself into the foot with critical
-systems programs such as, e.g., portmap or rpcbind.
-
-- Support for Unicos 8.x (Bruce Kelly). The program now closes the
-syslog client socket before running the real daemon: Cray UNICOS
-refuses to checkpoint processes with open network ports.
-
-- Support for MachTen UNIX (Albert M.C Tam).
-
-- Support for Interactive UNIX R3.2 V4.0 (Bobby D. Wright).
-
-- Support for SCO 3.2v5.0.0 OpenServer 5 (bob@odt.handy.com)
-
-- Support for Unixware 1.x and Unixware 2.x.  The old Unixware Makefile
-rule was broken. Sorry about that.
-
-- Some FreeBSD 2.0 libc routines call strtok() and severely mess up the
-allow/deny rule processing. This is very bad. Workaround:  call our own
-strtok() clone (#ifdef USE_STRSEP).
-
-- The programs now log a warning when they detect that a non-existent
-banner directory is specified.
-
-- The hosts_access.3 manual page used obsolete names for the RQ_*
-constants.
-
-Changes per release 7.2 (Jan 1995)
-==================================
-
-- Added a note to the README and manpages on using the IDENT service to
-detect sequence number spoofing and other host impersonation attacks.
-
-- Portability: ConvexOS puts RPC version numbers before the daemon path
-name (Jukka Ukkonen).
-
-- Portability: the AIX compiler disliked the strchr() declaration
-in socket.c.  I should have removed it when I included <string.h>.
-
-- Backwards compatibility: some people relied on the old leading dot or
-trailing dot magic in daemon process names.
-
-- Backwards compatibility: hostname lookup remains enabled when
--DPARANOID is turned off. In order to disable hostname lookups you
-must turn off -DALWAYS_HOSTNAME.
-
-- Eliminated false complaints from the tcpdmatch/tcpdchk configuration
-checking programs about process names not in inetd.conf or about KNOWN
-username patterns.
-
-Changes per release 7.1 (Jan 1995)
-==================================
-
-- Portability: HP-UX permits you to break inetd.conf entries with
-backslash-newline.
-
-- Portability: EP/IX has no putenv() and some inetd.conf entries are
-spread out over two lines.
-
-- Portability: SCO with NIS support has no *netgrent() routines.
-
-Changes per release 7.0 (Jan 1995) 
-==================================
-
-- Added a last-minute workaround for a Solaris 2.4 gethostbyname()
-foulup with multi-homed hosts in DNS through NIS mode.
-
-- Added a last-minute defense against TLI weirdness: address lookups
-apparently succeed but the result netbuf is empty (ticlts transport).
-
-- Dropped several new solutions that were in need of a problem. Beta
-testers may recognize what new features were kicked out during the last
-weeks before release 7.0 came out. Such is life.
-
-- Got rid of out the environment replacement routines, at least for
-most architectures. One should not have to replace working system
-software when all that is needed is a 4.4BSD setenv() emulator.
-
-- By popular request I have added an option to send banner messages to
-clients. There is a Banners.Makefile that gives some aid for sites that
-are going to use this feature. John C. Wingenbach did some pioneering
-work here. I used to think that banners are frivolous. Now that I had
-a personal need for them I know that banners can be useful.
-
-- At last: an extensible functional interface to the pattern matching
-engine. request_init() and request_set() accept a variable-length
-name-value argument list.  The result can be passed to hosts_access().
-
-- When PARANOID mode is disabled (compile time), the wrapper does no
-hostname lookup or hostname double checks unless required by %letter
-expansions, or by access control rules that match host names.  This is
-useful for sites that don't care about internet hostnames anyway.
-Inspired by the authors of the firewalls and internet security book.
-
-- When PARANOID mode is disabled (compile time), hosts with a name/name
-or name/address conflict can be matched with the PARANOID host wildcard
-pattern, so that you can take some intelligent action instead of just
-dropping clients. Like showing a banner that explains the problem.
-
-- New percent escapes: %A expands to the server address; %H expands to
-the corresponding hostname (or address if no name is available); %n and
-%N expand to the client and server hostname (or "unknown"); %s expands
-to everything we know about the server endpoint (the opposite of the %c
-sequence for client information).
-
-- Symmetry: server and client host information is now treated on equal
-footing, so that we can reuse a lot of code.
-
-- Lazy evaluation of host names, host addresses, usernames, and so on,
-to avoid doing unnecessary work.
-
-- Dropping #ifdefs for some archaic systems made the code simpler.
-
-- Dropping the FAIL pattern made the pattern matcher much simpler.  Run
-the "tcpdchk" program to scan your access control files for any uses of
-this obscure language feature.
-
-- Moving host-specific pattern matching from string_match() to the
-host_match() routine made the code more accurate.  Run the "tcpdchk"
-program to scan your access control files for any dependencies on
-undocumented or obscure language features that are gone.
-
-- daemon@host patterns trigger on clients that connect to a specific
-internet address.  This can be useful for service providers that offer
-multiple ftp or www archives on different internet addresses, all
-belonging to one and the same host (www.foo.com, ftp.bar.com, you get
-the idea).  Inspired by a discussion with Rop Gonggrijp, Cor Bosman,
-and Casper Dik, and earlier discussions with Adrian van Bloois.
-
-- The new "tcpdchk" program critcizes all your access control rules and
-inetd.conf entries. Great for spotting obscure bugs in my own hosts.xxx
-files. This program also detects hosts with name/address conflicts and
-with other DNS-related problems. See the "tcpdchk.8" manual page.
-
-- The "tcpdmatch" program replaces the poor old "try" command. The new
-program looks in your inetd.conf file and therefore produces much more
-accurate predictions. In addition, it detects hosts with name/address
-conflicts and with other DNS-related problems. See the "tcpdmatch.8"
-manual page.  The inetd.conf lookup was suggested by Everett F Batey.
-
-- In the access control tables, the `=' between option name and value
-is no longer required.
-
-- Added 60-second timeout to the safe_finger command, to cover another
-potential problem. Suggested by Peter Wemm.
-
-- Andrew Maffei provided code that works with WIN-TCP on NCR System V.4
-UNIX. It reportedly works with versions 02.02.01 and 02.03.00. The code
-pops off all streams modules above the device driver, pushes the timod
-module to get at the peer address, and then restores the streams stack
-to the initial state.
-
-Changes per release 6.3 (Mar 1994)
-==================================
-
-- Keepalives option, to get rid of stuck daemons when people turn off
-their PC while still connected. Files: options.c, hosts_options.5.
-
-- Nice option, to calm down network daemons that take away too much CPU
-time. Files: options.c, hosts_options.5.
-
-- Ultrix perversion: the environ global pointer may be null. The
-environment replacement routines now check for this. File: environ.c.
-
-- Fixed a few places that still assumed the socket is on standard
-input. Fixed some error messages that did not provide access control
-file name and line number.  File: options.c.
-
-- Just when I was going to release 6.2 I received code for Dynix/PTX.
-That code is specific to PTX 2.x, so I'll keep around my generic
-PTX code just in case. The difference is in the handling of UDP
-services.  Files:  tli_sequent.[hc].
-
-Changes per release 6.2 (Feb 1994)
-==================================
-
-- Resurrected my year-old code to reduce DNS load by appending a dot to
-the gethostbyname() argument. This feature is still experimental and it
-may go away if it causes more problems than it solves. File: socket.c.
-
-- Auxiliary code for the Pyramid, BSD universe. Karl Vogel figured out
-what was missing: yp_get_default_domain() and vfprintf(). Files:
-workarounds.c, vfprintf.c.
-
-- Improved support for Dynix/PTX. The wrapper should now be able to
-deal with all TLI over IP services. File: ptx.c.
-
-- The try command now uses the hostname that gethostbyaddr() would
-return, instead of the hostname returned by gethostbyname(). This can
-be significant on systems with NIS that have short host names in the
-hosts map. For example, gethostbyname("wzv.win.tue.nl") returns
-"wzv.win.tue.nl"; gethostbyaddr(131.155.210.17) returns "wzv", and
-that is what we should test with. File: try.c.
-
-Changes per release 6.1 (Dec 1993)
-==================================
-
-- Re-implemented all environment access routines. Most systems have
-putenv() but no setenv(), some systems have setenv() but no putenv(),
-and there are even systems that have neither setenv() nor putenv(). The
-benefit of all this is that more systems can now be treated in the same
-way. File:  environ.c.
-
-- Workaround for a weird problem with DG/UX when the wrapper is run as
-nobody (i.e. fingerd). For some reason the ioctl(fd, I_FIND, "sockmod")
-call fails even with socket-based applications. The "fix" is to always
-assume sockets when the ioctl(fd, I_FIND, "timod") call fails. File:
-fromhost.c. Thanks to Paul de Vries (vries@dutentb.et.tudelft.nl) for
-helping me to figure out this one.
-
-- Implemented a workaround for Dynix/PTX and other systems with TLI
-that lack some essential support routines. Thanks to Bugs Brouillard
-(brouill@hsuseq.humboldt.edu) for the hospitality to try things out.
-The trick is to temporarily switch to the socket API to identify the
-client, and to switch back to TLI when done.  It still does not work
-right for basic network services such as telnet. File: fromhost.c.
-
-- Easy-to-build procedures for SCO UNIX, ConvexOS with UltraNet, EP/IX,
-Dynix 3.2, Dynix/PTX. File: Makefile.
-
-- Variable rfc931 timeout. Files: rfc931.c, options.c, log_tcp.h, try.c.
-
-- Further simplification of the rfc931 code. File: rfc931.c.
-
-- The fromhost() interface stinks: I cannot change that, but at least
-the from_sock() and from_tli() functions now accept a file descriptor
-argument.
-
-- Fixed a buglet: fromhost() would pass a garbage file descriptor to
-the isastream() call.
-
-- On some systems the finger client program lives in /usr/bsd. File:
-safe_finger.c.
-
-Changes per release 6.0 (Sept 1993)
-===================================
-
-- Easy build procedures for common platforms (sun, ultrix, aix, hpux
-and others).
-
-- TLI support, System V.4 style (Solaris, DG/UX).
-
-- Username lookup integrated with the access control language.
-Selective username lookups are now the default (was: no username
-lookups).
-
-- A safer finger command for booby traps. This one solves a host of
-possible problems with automatic reverse fingers. Thanks, Borja Marcos
-(borjam@we.lc.ehu.es) for some inspiring discussions.
-
-- KNOWN pattern that matches hosts whose name and address are known.
-
-- Cleanup of diagnostics. Errors in access-control files are now shown
-with file name and line number.
-
-- With AIX 3.2, hostnames longer than 32 would be truncated.  This
-caused hostname verification failures, so that service would be refused
-when paranoid mode was enabled.  Found by:  Adrian van Bloois
-(A.vanBloois@info.nic.surfnet.nl).
-
-- With some IRIX versions, remote username lookups failed because the
-fgets() library function does not handle partial read()s from sockets.
-Found by:  Daniel O'Callaghan (danny@austin.unimelb.edu.au).
-
-- Added a DISCLAIMER document to help you satisfy legal departments.
-
-The extension language module has undergone major revisions and
-extensions.  Thanks, John P. Rouillard (rouilj@ra.cs.umb.edu) for
-discussions, experiments, and for being a good guinea pig. The
-extensions are documented in hosts_options.5, and are enabled by
-editing the Makefile STYLE macro definition.
-
-- (Extension language) The ":" separator may now occur within options
-as long as it is protected with a backslash. A warning is issued when
-a rule ends on ":".
-
-- (Extension language) Better verification mode. When the `try' command
-is run, each option function now explains what it would do.
-
-- (Extension language) New "allow" and "deny" keywords so you can now
-have all rules within a single file. See "nroff -man hosts_options.5"
-for examples.
-
-- (Extension language) "linger" keyword to set the socket linger time
-(SO_LINGER). From:  Marc Boucher <marc@cam.org>.
-
-- (Extension language) "severity" keyword to turn the logging noise up
-or down. Many sites wanted a means to shut up the program; other sites
-wanted to emphasize specific events.  Adapted from code contributed
-by Dave Mitchell <D.Mitchell@dcs.shef.ac.uk>.
-
-Changes per release 5.1 (Mar 1993)
-==================================
-
-- The additional protection against source-routing attacks from hosts
-that pretend to have someone elses network address has become optional
-because it causes kernel panics with SunOS <= 4.1.3.
-
-Changes per release 5.0 (Mar 1993)
-==================================
-
-- Additional protection against source-routing attacks from hosts that
-pretend to have someone elses network address. For example, the address
-of a trusted host within your own network.
-
-- The access control language has been extended with a simple but
-powerful operator that greatly simplifies the design of rule sets (ALL:
-.foo.edu EXCEPT dialup.foo.edu). Blank lines are permitted, and long
-lines can be continued with backslash-newline.
-
-- All configurable stuff, including path names, has been moved into the
-Makefile so that you no longer have to hack source code to just
-configure the programs.
-
-- Ported to Solaris 2. TLI-based applications not yet supported.
-Several workarounds for System V bugs.
-
-- A small loophole in the netgroup lookup code was closed, and the
-remote username lookup code was made more portable.
-
-- Still more documentation. The README file now provides tutorial
-sections with introductions to client, server, inetd and syslogd.
-
-Changes per release 4.3 (Aug 1992) 
-==================================
-
-- Some sites reported that connections would be rejected because
-localhost != localhost.domain. The host name checking code now
-special-cases localhost (problem reported by several sites).
-
-- The programs now report an error if an existing access control file
-cannot be opened (e.g. due to lack of privileges).  Until now, the
-programs would just pretend that the access control file does not exist
-(reported by Darren Reed, avalon@coombs.anu.edu.au).
-
-- The timeout period for remote userid lookups was upped to 30 seconds,
-in order to cope with slow hosts or networks.  If this is too long for
-you, adjust the TIMEOUT definition in file rfc931.c (problem reported
-by several sites).
-
-- On hosts with more than one IP network interface, remote userid
-lookups could use the IP address of the "wrong" local interface.  The
-problem and its solution were discussed on the rfc931-users mailing
-list.  Scott Schwartz (schwartz@cs.psu.edu) folded the fix into the
-rfc931.c module.
-
-- The result of % expansion (in shell commands) is now checked for
-stuff that may confuse the shell; it is replaced by underscores
-(problem reported by Icarus Sparry, I.Sparry@gdr.bath.ac.uk).
-
-- A portability problem was fixed that caused compile-time problems
-on a CRAY (problem reported by Michael Barnett, mikeb@rmit.edu.au).
-
-Changes per release 4.0 (Jun 1992)
-==================================
-
-1 - network daemons no longer have to live within a common directory
-2 - the access control code now uses both the host address and name
-3 - an access control pattern that supports netmasks
-4 - additional protection against forged host names
-5 - a pattern that matches hosts whose name or address lookup fails
-6 - an operator that prevents hosts or services from being matched
-7 - optional remote username lookup with the RFC 931 protocol
-8 - an optional umask to prevent the creation of world-writable files
-9 - hooks for access control language extensions
-10 - last but not least, thoroughly revised documentation.
-
-Changes per release 3.0 (Oct 1991)
-==================================
-
-Enhancements over the previous release are: support for datagram (UDP
-and RPC) services, and execution of shell commands when a (remote host,
-requested service) pair matches a pattern in the access control tables.
-
-Changes per release 2.0 (May 1991)
-==================================
-
-Enhancements over the previous release are: protection against rlogin
-and rsh attacks through compromised domain name servers, optional
-netgroup support for systems with NIS (formerly YP), and an extension
-of the wild card patterns supported by the access control files.
-
-Release 1.0 (Jan 1991)
diff --git a/usr/src/cmd/tcpd/Makefile b/usr/src/cmd/tcpd/Makefile
index 2ab048cf6d..ab1318c55e 100644
--- a/usr/src/cmd/tcpd/Makefile
+++ b/usr/src/cmd/tcpd/Makefile
@@ -2,12 +2,14 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
-PROG =		safe_finger tcpd tcpdchk tcpdmatch try-from
+PROG=		safe_finger tcpd tcpdchk tcpdmatch try-from
 
-include ../Makefile.cmd
+include		../Makefile.cmd
 
-ERROFF =	-erroff=E_FUNC_HAS_NO_RETURN_STMT \
+ERROFF=		-erroff=E_FUNC_HAS_NO_RETURN_STMT \
 		-erroff=E_IMPLICIT_DECL_FUNC_RETURN_INT \
 		-_gcc=-Wno-return-type -_gcc=-Wno-implicit
 CFLAGS +=	$(CCVERBOSE) $(ERROFF)
@@ -18,126 +20,47 @@ CPPFLAGS +=	$(ACCESS) $(PARANOID) $(NETGROUP) $(TLI) \
 		-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
 		-I../../lib/libwrap
 tcpd tcpdmatch try-from := \
-	LDLIBS += -lwrap
-tcpdchk := \
-	LDLIBS += -lwrap -lnsl
+		LDLIBS += -lwrap
+tcpdchk :=	LDLIBS += -lwrap -lnsl
 
 # Various components must export interfaces, but also contain name-space
 # clashes with system libraries.
-MAPFILE.INT.D =	$(MAPFILE.NGB) mapfile-intf-tcpdchk
-MAPFILE.INT.M =	$(MAPFILE.NGB) mapfile-intf-tcpdmatch
-MAPFILE.INT.F =	$(MAPFILE.NGB) mapfile-intf-tryfrom
+MAPFILE.INT.D=	$(MAPFILE.NGB) mapfile-intf-tcpdchk
+MAPFILE.INT.M=	$(MAPFILE.NGB) mapfile-intf-tcpdmatch
+MAPFILE.INT.F=	$(MAPFILE.NGB) mapfile-intf-tryfrom
 
 tcpdchk :=	LDFLAGS +=$(MAPFILE.INT.D:%=-M%)
 tcpdmatch :=	LDFLAGS +=$(MAPFILE.INT.M:%=-M%)
 try-from :=	LDFLAGS +=$(MAPFILE.INT.F:%=-M%)
 
-# SRCONLY files are not used for building but are included in the source code
-# package SUNWtcpdS for consistency and completeness with respect to the
-# public tcp_wrappers distribution.
-SRCONLY =	BLURB Banners.Makefile CHANGES DISCLAIMER Makefile \
-		Makefile.dist Makefile.org README README.IRIX README.NIS \
-		README.ipv6 hosts_access.c.org misc.c.org miscd.c myvsyslog.c \
-		ncr.c printf.ck ptx.c rfc931.c.org scaffold.c.org \
-		socket.c.diff socket.c.org strcasecmp.c tags tcpd.h.org \
-		tcpdchk.c.org tcpdmatch.c.org tli-sequent.c tli-sequent.h \
-		tli.c.org update.c.org vfprintf.c
-
-MANDIRS =	man3 man4 man1m
-MANPAGES =	man3/hosts_access.3 man3/libwrap.3 man4/hosts_access.4 \
-		man4/hosts_options.4 man4/hosts.allow.4 man4/hosts.deny.4 \
-		man1m/tcpd.1m man1m/tcpdchk.1m man1m/tcpdmatch.1m
-DISTFILES =	environ.c fakelog.c hosts_access.3 hosts_access.4 \
-		hosts_options.4 inetcf.c inetcf.h safe_finger.c scaffold.c \
-		scaffold.h tcpd.1m tcpd.c tcpdchk.1m tcpdchk.c tcpdmatch.1m \
-		tcpdmatch.c try-from.c README.sfw $(SRCONLY)
-
-ROOTSRC =	$(ROOT)/usr/share/src/tcp_wrappers
-ROOTMAN = $(ROOT)/usr/share/man
-ROOTMANPAGES = $(MANPAGES:%=$(ROOTMAN)/%)
-ROOTMANDIRS = $(MANDIRS:%=$(ROOTMAN)/%)
-ROOTSRCFILES = $(DISTFILES:%=$(ROOTSRC)/%)
-
 .KEEP_STATE:
 
-all: $(PROG) THIRDPARTYLICENSE
+all:		$(PROG)
 
-install: all $(ROOTUSRSBINPROG) $(ROOTMANPAGES) $(ROOTSRCFILES)
+install:	all $(ROOTUSRSBINPROG)
 
 clean:
-	$(RM) *.o
-	$(RM) -r sunman
-
-lint:	lint_PROG
-
-# These Solaris-specific man page aliases are installed verbatim.
-sunman/libwrap.3: libwrap.3
-	mkdir -p sunman; cat libwrap.3 > $@
-sunman/hosts.allow.4: hosts.allow.4
-	mkdir -p sunman; cat hosts.allow.4 > $@
-sunman/hosts.deny.4: hosts.deny.4
-	mkdir -p sunman; cat hosts.deny.4 > $@
-
-# The rest of the man pages are in the form provided in the original
-# distribution, but get edited and renamed to follow Solaris man page
-# conventions.  E.g. tcpd.8 gets installed as /usr/share/man/man1m/tcpd.1m.
-# Create temporary copies in the sunman directory with modified names
-# and contents.  The sed program man.sed contains the content edits.
-
-sunman/%.1m: %.8
-	mkdir -p sunman; sed -f man.sed < $< > $@
-sunman/%.4: %.5
-	mkdir -p sunman; sed -f man.sed < $< > $@
-sunman/%.3: %.3
-	mkdir -p sunman; sed -f man.sed < $< > $@
-
-$(ROOTMANPAGES) := FILEMODE = 0444
-$(ROOTMANPAGES): $(ROOTMANDIRS) $(ROOT)/usr/share/man
-$(ROOTMANDIRS): $(ROOTMAN)
-	$(INS.dir)
-$(ROOTMAN):
-	$(INS.dir)
-$(ROOTMAN1M)/% $(ROOTMAN3)/% $(ROOTMAN)/man4/%: sunman/%
-	$(INS.file)
-
-$(ROOTSRCFILES) := FILEMODE = 0444
-$(ROOTSRCFILES): $(ROOTSRC)
-$(ROOTSRC): 
-	$(INS.dir)
-$(ROOTSRC)/%: %.sfwsrc
-	$(INS.rename)
-$(ROOTSRC)/%: sunman/%
-	$(INS.file)
-$(ROOTSRC)/%: %
-	$(INS.file)
-
-$(ROOT)/usr/share: $(ROOT)/usr
-	$(INS.dir)
-$(ROOT)/usr: $(ROOT)
-	$(INS.dir)
-
-TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
-
-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB) $(MAPFILE.INTF.M)
-	$(LINK.c) -o $@ $(TCPDMATCH_OBJ) $(LDLIBS)
-	$(POST_PROCESS)
-
-try-from: try-from.o fakelog.o $(LIB) $(MAPFILE.INTF.F)
-	$(LINK.c) -o $@ try-from.o fakelog.o $(LDLIBS)
-	$(POST_PROCESS)
-
-TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
-
-tcpdchk: $(TCPDCHK_OBJ) $(LIB) $(MAPFILE.INTF.C)
-	$(LINK.c) -o $@ $(TCPDCHK_OBJ) $(LDLIBS)
-	$(POST_PROCESS)
-
-THIRDPARTYLICENSE: DISCLAIMER
-	$(GREP) -v '\*\*\*\*' DISCLAIMER > $@
-
-CLOBBERFILES += THIRDPARTYLICENSE
-
-include ../Makefile.targ
+		$(RM) *.o
+
+lint:		lint_PROG
+
+TCPDMATCH_OBJ=	tcpdmatch.o fakelog.o inetcf.o scaffold.o
+
+tcpdmatch:	$(TCPDMATCH_OBJ) $(LIB) $(MAPFILE.INTF.M)
+		$(LINK.c) -o $@ $(TCPDMATCH_OBJ) $(LDLIBS)
+		$(POST_PROCESS)
+
+try-from:	try-from.o fakelog.o $(LIB) $(MAPFILE.INTF.F)
+		$(LINK.c) -o $@ try-from.o fakelog.o $(LDLIBS)
+		$(POST_PROCESS)
+
+TCPDCHK_OBJ=	tcpdchk.o fakelog.o inetcf.o scaffold.o
+
+tcpdchk:	$(TCPDCHK_OBJ) $(LIB) $(MAPFILE.INTF.C)
+		$(LINK.c) -o $@ $(TCPDCHK_OBJ) $(LDLIBS)
+		$(POST_PROCESS)
+
+include		../Makefile.targ
 
 # The rest of this file contains definitions more-or-less directly from the
 # original Makefile of the tcp_wrappers distribution.
diff --git a/usr/src/cmd/tcpd/Makefile.dist b/usr/src/cmd/tcpd/Makefile.dist
deleted file mode 100644
index c9d38cebfd..0000000000
--- a/usr/src/cmd/tcpd/Makefile.dist
+++ /dev/null
@@ -1,903 +0,0 @@
-# @(#) Makefile 1.23 97/03/21 19:27:20
-
-what:
-	@echo
-	@echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
-	@echo
-	@echo "	make sys-type"
-	@echo
-	@echo "If you are in a hurry you can try instead:"
-	@echo
-	@echo "	make REAL_DAEMON_DIR=/foo/bar sys-type"
-	@echo
-	@echo "And for a version with language extensions enabled:"
-	@echo
-	@echo "	make REAL_DAEMON_DIR=/foo/bar STYLE=-DPROCESS_OPTIONS sys-type"
-	@echo
-	@echo "This Makefile knows about the following sys-types:"
-	@echo
-	@echo "	generic (most bsd-ish systems with sys5 compatibility)"
-	@echo "	386bsd aix alpha apollo bsdos convex-ultranet dell-gcc dgux dgux543"
-	@echo "	dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
-	@echo "	linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
-	@echo "	ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
-	@echo "	sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
-	@echo "	uts215 uxp"
-	@echo
-	@echo "If none of these match your environment, edit the system"
-	@echo "dependencies sections in the Makefile and do a 'make other'."
-	@echo
-
-#######################################################
-# Choice between easy and advanced installation recipe.
-# 
-# Advanced installation: vendor-provided daemons are left alone, and the
-# inetd configuration file is edited. In this case, the REAL_DAEMON_DIR
-# macro should reflect the actual directory with (most of) your
-# vendor-provided network daemons.  These names can be found in the
-# inetd.conf file. Usually, the telnet, ftp and finger daemons all live
-# in the same directory.
-# 
-# Uncomment the appropriate line if you are going to edit inetd.conf.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc
-
-# Easy installation: vendor-provided network daemons are moved to "some
-# other" directory, and the tcpd wrapper fills in the "holes". For this
-# mode of operation, the REAL_DAEMON_DIR macro should be set to the "some
-# other" directory.  The "..." is here for historical reasons only; you
-# should probably use some other name. 
-# 
-# Uncomment the appropriate line if you are going to move your daemons.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc/...
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin/...
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec/...
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc/...
-
-# End of mandatory section
-##########################
-
-##########################################
-# Ready-to-use system-dependent templates.
-#
-# Ready-to-use templates are available for many systems (see the "echo"
-# commands at the start of this Makefile).  The templates take care of
-# all system dependencies: after editing the REAL_DAEMON_DIR definition
-# above, do a "make sunos4" (or whatever system type is appropriate).
-#
-# If your system is not listed (or something that comes close enough), you
-# have to edit the system dependencies section below and do a "make other".  
-#
-# Send templates for other UNIX versions to wietse@wzv.win.tue.nl.
-
-# This is good for many BSD+SYSV hybrids with NIS (formerly YP).
-generic aix osf alpha dynix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= IPV6="$(IPV6)" all
-
-# Ditto, with vsyslog
-sunos4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Generic with resolver library.
-generic-resolver:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lresolv RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# The NeXT loader needs "-m" or it barfs on redefined library functions.
-next:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-m RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# SunOS for the 386 was frozen at release 4.0.x.
-sunos40:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="setenv.o strcasecmp.o" \
-	NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Ultrix is like aix, next, etc., but has miscd and setenv().
-ultrix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
-	NETGROUP=-DNETGROUP TLI= all miscd
-
-# This works on EP/IX 1.4.3 and will likely work on Mips (reggers@julian.uwo.ca)
-epix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= SYSTYPE="-systype bsd43" all
-
-# Freebsd and linux by default have no NIS.
-386bsd netbsd bsdos:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
-	EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-freebsd:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
-	EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-linux:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
-
-# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
-hpux hpux8 hpux9 hpux10:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# ConvexOS-10.x with UltraNet support (ukkonen@csc.fi).
-convex-ultranet:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lulsock RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# Generic support for the Dynix/PTX version of TLI.
-ptx-generic:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o ptx.o" NETGROUP= TLI=-DPTX all
-
-# With UDP support optimized for PTX 2.x (timw@sequent.com).
-ptx-2.x:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o tli-sequent.o" NETGROUP= \
-	TLI=-DTLI_SEQUENT all
-
-# IRIX 4.0.x has a special ar(1) flag.
-irix4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lc -lsun" RANLIB=echo ARFLAGS=rvs AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# IRIX 5.2 is SYSV4 with several broken things (such as -lsocket -lnsl).
-irix5:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lsun RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI= all
-
-# IRIX 6.2 (tucker@math.unc.edu). Must find a better value than 200000.
-irix6:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	NETGROUP=-DNETGROUP EXTRA_CFLAGS="-DBSD=200000" TLI= all
-
-# SunOS 5.x is another SYSV4 variant.
-sunos5:
-	@$(MAKE) REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
-	BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" all
-
-# Generic SYSV40
-esix sysv4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# DG/UX 5.4.1 and 5.4.2 have an unusual inet_addr() interface.
-dgux:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
-	BUGS="$(BUGS) -DINET_ADDR_BUG" all
-
-dgux543:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# NCR UNIX 02.02.01 and 02.03.00 (Alex Chircop, msu@unimt.mt)
-ncrsvr4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lresolv -lnsl -lsocket" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI=-DTLI \
-	EXTRA_CFLAGS="" FROM_OBJ=ncr.o all
-
-# Tandem SYSV4 (eqawas@hedgehog.ac.cowan.edu.au)
-tandem:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
-	NETGROUP= AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
-uts215:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \   
-	LIBS="-lsocket" RANLIB=echo \
-	ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
-
-# UXP/DS System V.4 clone (vic@uida0.uida.es).
-uxp:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-L/usr/ucblib -lsocket -lnsl -lucb" \
-	RANLIB=echo ARFLAGS=rv NETGROUP=-DNETGROUP \
-	AUX_OBJ=setenv.o TLI="-DTLI -DDRS_XTI" all
-
-# DELL System V.4 Issue 2.2 using gcc (kim@tac.nyc.ny.us, jurban@norden1.com)
-dell-gcc:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=ranlib ARFLAGS=rv CC=gcc \
-	AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# SCO 3.2v4.1 no frills (jedwards@sol1.solinet.net).
-sco:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl_s" RANLIB=echo ARFLAGS=rv \
-	NETGROUP= AUX_OBJ=setenv.o TLI= all
-
-# SCO OpenDesktop 2.0, release 3.2 (peter@midnight.com). Please simplify.
-sco-od2:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lrpcsvc -lrpc -lyp -lrpc -lrpcsvc -lsocket" \
-	RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# SCO 3.2v4.2 with TCP/IP 1.2.1 (Eduard.Vopicka@vse.cz). Please simplify.
-sco-nis:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lyp -lrpc -lsocket -lyp -lc_s -lc" \
-	RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= EXTRA_CFLAGS="-nointl -DNO_NETGRENT" all
-
-# SCO 3.2v5.0.0 OpenServer 5 (bob@odt.handy.com, bill@razorlogic.com)
-sco-os5:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lrpcsvc -lsocket" RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	AUX_OBJ=setenv.o NETGROUP=-DNETGROUP TLI= all
-
-# sinix 5.42 setjmp workaround (szrzs023@ub3.ub.uni-kiel.de)
-sinix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl -L/usr/ccs/lib -lc -L/usr/ucblib -lucb" \
-	RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o TLI=-DTLI all
-
-# Domain SR10.4. Build under bsd, run under either sysv3 or bsd43.
-apollo:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= SYSTYPE="-A run,any -A sys,any" all
-
-# Pyramid OSx 5.1, using the BSD universe.
-pyramid:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="environ.o vfprintf.o" \
-	STRINGS="-Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy" \
-	NETGROUP="-DNETGROUP -DUSE_GETDOMAIN" TLI= all
-
-# Untested.
-mips:
-	@echo "Warning: some definitions may be wrong."
-	make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= SYSTYPE="-sysname bsd43" all
-
-# Cray (tested with UNICOS 7.0.4).
-unicos7:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lnet RANLIB=echo ARFLAGS=rv \
-	EXTRA_CFLAGS=-DINADDR_NONE="\"((unsigned long) -1)\"" \
-	AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI= all
-
-# Unicos 8.x, Cray-YMP (Bruce Kelly).
-unicos8:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=echo AR=bld ARFLAGS=rv \
-	AUX_OBJ= NETGROUP= TLI= all
-
-# Power_UNIX 2.1.1 (amantel@lerc.nasa.gov)
-power_unix_211:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lnsl -lsocket -lgen -lresolv" RANLIB=echo ARFLAGS=rv \
-	NETGROUP= AUX_OBJ=setenv.o TLI=-DTLI BUGS="$(BUGS)" all
-
-# ISC (fc@all.net)
-isc:
-	make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o" EXTRA_CFLAGS="-DENOTCONN=ENAVAIL" \
-	NETGROUP= TLI= all
-
-# Interactive UNIX R3.2 version 4.0 (Bobby D. Wright).
-iunix:
-	make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ=environ.o strcasecmp.o NETGROUP= TLI= all
-
-# RTU 6.0 on a Masscomp 5400 (ben@piglet.cr.usgs.gov). When using the
-# advanced installation, increment argv before actually looking at it.
-rtu:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP= TLI= all
-
-# Unixware sans NIS (mc@telebase.com). Compiler dislikes strcasecmp.c.
-unixware1:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl -lc -L/usr/ucblib -lucb" RANLIB=echo ARFLAGS=rv \
-	NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-unixware2:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl -lgen -lc -L/usr/ucblib -lucb" RANLIB=echo \
-	ARFLAGS=rv NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-u6000:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# MachTen
-machten:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP= TLI= all
-
-###############################################################
-# System dependencies: TLI (transport-level interface) support.
-# 
-# Uncomment the following macro if your system has System V.4-style TLI
-# support (/usr/include/sys/timod.h, /etc/netconfig, and the netdir(3)
-# routines).
-#
-#TLI	= -DTLI
-
-###############################################################################
-# System dependencies: differences between ranlib(1) and ar(1) implementations.
-#
-# Some C compilers (Ultrix 4.x) insist that ranlib(1) be run on an object
-# library; some don't care as long as the modules are in the right order;
-# some systems don't even have a ranlib(1) command. Make your choice.
-
-RANLIB	= ranlib	# have ranlib (BSD-ish UNIX)
-#RANLIB	= echo		# no ranlib (SYSV-ish UNIX)
-
-ARFLAGS	= rv		# most systems
-#ARFLAGS= rvs		# IRIX 4.0.x
-
-AR	= ar
-#AR	= bld		# Unicos 8.x
-
-#############################################################################
-# System dependencies: routines that are not present in the system libraries.
-# 
-# If your system library does not have set/putenv() or strcasecmp(), use
-# the ones provided with this source distribution. The environ.c module
-# implements setenv(), getenv(), and putenv().
-
-AUX_OBJ= setenv.o
-#AUX_OBJ= environ.o
-#AUX_OBJ= environ.o strcasecmp.o
-
-# Uncomment the following if your C library does not provide the
-# strchr/strrchr/memcmp routines, but comes with index/rindex/bcmp.
-#
-#STRINGS= -Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy
-
-#################################################################
-# System dependencies: selection of non-default object libraries.
-#
-# Most System V implementations require that you explicitly specify the
-# networking libraries. There is no general consensus, though.
-#
-#LIBS	= -lsocket -lnsl		# SysV.4 Solaris 2.x
-#LIBS	= -lsun				# IRIX
-#LIBS	= -lsocket -linet -lnsl -lnfs	# PTX
-#LIBS	= -linet -lnsl_s -ldbm		# ISC
-#LIBS	= -lnet				# Unicos 7
-#LIBS	= -linet -lsyslog -ldbm
-#LIBS	= -lsyslog -lsocket -lnsl
-
-######################################################
-# System dependencies: system-specific compiler flags.
-#
-# Apollo Domain/OS offers both bsd and sys5 environments, sometimes
-# on the same machine.  If your Apollo is primarily sys5.3 and also
-# has bsd4.3, uncomment the following to build under bsd and run under
-# either environment.
-#
-#SYSTYPE= -A run,any -A sys,any
-
-# For MIPS RISC/os 4_52.p3, uncomment the following definition.
-#
-#SYSTYPE= -sysname bsd43
-
-##################################################
-# System dependencies: working around system bugs.
-#
-# -DGETPEERNAME_BUG works around a getpeername(2) bug in some versions of
-# Apollo or SYSV.4 UNIX:  the wrapper would report that all UDP requests
-# come from address 0.0.0.0. The workaround does no harm on other systems.
-#
-# -DBROKEN_FGETS works around an fgets(3) bug in some System V versions
-# (IRIX):  fgets() gives up too fast when reading from a network socket.
-# The workaround does no harm on other systems.
-#
-# Some UNIX systems (IRIX) make the error of calling the strtok() library
-# routine from other library routines such as, e.g., gethostbyname/addr().
-# The result is that hosts can slip through the wrapper allow/deny filters.
-# Compile with -DLIBC_CALLS_STRTOK to avoid the vendor's strtok() routine.
-# The workaround does no harm on other systems.
-#
-# DG/UX 5.4.1 comes with an inet_ntoa() function that returns a structure
-# instead of a long integer. Compile with -DINET_ADDR_BUG to work around
-# this mutant behavour. Fixed in 5.4R3.
-#
-# Solaris 2.4 gethostbyname(), in DNS through NIS mode, puts only one
-# address in the host address list; all other addresses are treated as
-# host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
-# around this. The workaround does no harm on other Solaris versions.
-
-BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
-
-##########################################################################
-# System dependencies: whether or not your system has NIS (or YP) support.
-#
-# If your system supports NIS or YP-style netgroups, enable the following
-# macro definition. Netgroups are used only for host access control.
-#
-#NETGROUP= -DNETGROUP
-
-###############################################################
-# System dependencies: whether or not your system has vsyslog()
-#
-# If your system supports vsyslog(), comment out the following definition.
-# If in doubt leave it in, it won't harm.
-
-VSYSLOG	= -Dvsyslog=myvsyslog
-
-###############################################################
-# System dependencies: whether or not your system has IPV6
-#
-# If your system has IPv6 and supports getipnode* and inet_pton/inet_ntop
-# comment out the following (Solaris 8)
-
-# IPV6 = -DHAVE_IPV6
-
-# If your system does not have getipnodebyname() but uses the obsolete
-# gethostbyname2() instead, use this:
-# IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
-
-# End of the system dependencies.
-#################################
-
-##############################
-# Start of the optional stuff.
-
-###########################################
-# Optional: Turning on language extensions
-#
-# Instead of the default access control language that is documented in
-# the hosts_access.5 document, the wrappers can be configured to
-# implement an extensible language documented in the hosts_options.5
-# document.  This language is implemented by the "options.c" source
-# module, which also gives hints on how to add your own extensions.
-# Uncomment the next definition to turn on the language extensions
-# (examples: allow, deny, banners, twist and spawn).
-# 
-#STYLE	= -DPROCESS_OPTIONS	# Enable language extensions.
-
-################################################################
-# Optional: Changing the default disposition of logfile records
-#
-# By default, logfile entries are written to the same file as used for
-# sendmail transaction logs. See your /etc/syslog.conf file for actual
-# path names of logfiles. The tutorial section in the README file
-# gives a brief introduction to the syslog daemon.
-# 
-# Change the FACILITY definition below if you disagree with the default
-# disposition. Some syslog versions (including Ultrix 4.x) do not provide
-# this flexibility.
-# 
-# If nothing shows up on your system, it may be that the syslog records
-# are sent to a dedicated loghost. It may also be that no syslog daemon
-# is running at all. The README file gives pointers to surrogate syslog
-# implementations for systems that have no syslog library routines or
-# no syslog daemons. When changing the syslog.conf file, remember that
-# there must be TABs between fields.
-#
-# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
-
-FACILITY= LOG_MAIL	# LOG_MAIL is what most sendmail daemons use
-
-# The syslog priority at which successful connections are logged.
-
-SEVERITY= LOG_INFO	# LOG_INFO is normally not logged to the console
-
-###########################
-# Optional: Reduce DNS load
-#
-# When looking up the address for a host.domain name, the typical DNS
-# code will first append substrings of your own domain, so it tries
-# host.domain.your.own.domain, then host.domain.own.domain, and then
-# host.domain. The APPEND_DOT feature stops this waste of cycles. It is
-# off by default because it causes problems on sites that don't use DNS
-# and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
-# from /etc/hosts or from NIS maps. It does work with DNS through NIS.
-#
-# DOT= -DAPPEND_DOT
-
-##################################################
-# Optional: Always attempt remote username lookups
-#
-# By default, the wrappers look up the remote username only when the
-# access control rules require them to do so.
-#
-# Username lookups require that the remote host runs a daemon that
-# supports an RFC 931 like protocol.  Remote user name lookups are not
-# possible for UDP-based connections, and can cause noticeable delays
-# with connections from non-UNIX PCs.  On some systems, remote username
-# lookups can trigger a kernel bug, causing loss of service. The README
-# file describes how to find out if your UNIX kernel has that problem.
-# 
-# Uncomment the following definition if the wrappers should always
-# attempt to get the remote user name. If this is not enabled you can
-# still do selective username lookups as documented in the hosts_access.5
-# and hosts_options.5 manual pages (`nroff -man' format).
-#
-#AUTH	= -DALWAYS_RFC931
-#
-# The default username lookup timeout is 10 seconds. This may not be long
-# enough for slow hosts or networks, but is enough to irritate PC users.
-
-RFC931_TIMEOUT = 10
-
-######################################################
-# Optional: Changing the default file protection mask
-#
-# On many systems, network daemons and other system processes are started
-# with a zero umask value, so that world-writable files may be produced.
-# It is a good idea to edit your /etc/rc* files so that they begin with
-# an explicit umask setting.  On our site we use `umask 022' because it
-# does not break anything yet gives adequate protection against tampering.
-# 
-# The following macro specifies the default umask for processes run under
-# control of the daemon wrappers. Comment it out only if you are certain
-# that inetd and its children are started with a safe umask value.
-
-UMASK	= -DDAEMON_UMASK=022
-
-#######################################
-# Optional: Turning off access control
-#
-# By default, host access control is enabled.  To disable host access
-# control, comment out the following definition.  Host access control
-# can also be turned off at runtime by providing no or empty access
-# control tables.
-
-ACCESS	= -DHOSTS_ACCESS
-
-########################################################
-# Optional: Changing the access control table pathnames
-#
-# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
-# look for access control information. Watch out for the quotes and
-# backslashes when you make changes.
-
-TABLES	= -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
-
-####################################################
-# Optional: dealing with host name/address conflicts
-#
-# By default, the software tries to protect against hosts that claim to
-# have someone elses host name. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin.
-#
-# With paranoid mode on, connections will be rejected when the host name
-# does not match the host address. Connections will also be rejected when
-# the host name is available but cannot be verified.
-#
-# Comment out the following definition if you want more control over such
-# requests. When paranoid mode is off and a host name double check fails,
-# the client can be matched with the PARANOID access control pattern.
-#
-# Paranoid mode implies hostname lookup. In order to disable hostname
-# lookups altogether, see the next section.
-
-PARANOID= -DPARANOID
-
-########################################
-# Optional: turning off hostname lookups
-#
-# By default, the software always attempts to look up the client
-# hostname.  With selective hostname lookups, the client hostname
-# lookup is postponed until the name is required by an access control
-# rule or by a %letter expansion.
-# 
-# In order to perform selective hostname lookups, disable paranoid
-# mode (see previous section) and comment out the following definition.
-
-HOSTNAME= -DALWAYS_HOSTNAME
-
-#############################################
-# Optional: Turning on host ADDRESS checking
-#
-# Optionally, the software tries to protect against hosts that pretend to
-# have someone elses host address. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin,
-# because the network address is used to look up the remote host name.
-# 
-# The protection is to refuse TCP connections with IP source routing
-# options.
-#
-# This feature cannot be used with SunOS 4.x because of a kernel bug in
-# the implementation of the getsockopt() system call. Kernel panics have
-# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data
-# fault" while executing the tcp_ctloutput() kernel function.
-#
-# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x.
-#
-# Uncomment the following macro definition if your getsockopt() is OK.
-#
-# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop
-# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
-# Solaris 2.x, and Linux. See your system documentation for details.
-#
-# KILL_OPT= -DKILL_IP_OPTIONS
-
-## End configuration options
-############################
-
-# Protection against weird shells or weird make programs.
-
-SHELL	= /bin/sh
-.c.o:;	$(CC) $(CFLAGS) -c $*.c
-
-CFLAGS	= -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
-	$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
-	-DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
-	$(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
-	$(VSYSLOG) $(HOSTNAME) $(IPV6)
-
-LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
-	hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
-	$(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
-	update.o misc.o diag.o percent_m.o myvsyslog.o
-
-FROM_OBJ= fromhost.o
-
-KIT	= README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
-	tcpd.h tcpdmatch.c Makefile hosts_access.5 strcasecmp.c BLURB rfc931.c \
-	tcpd.8 eval.c hosts_access.3 hosts_ctl.c percent_x.c options.c \
-	clean_exit.c environ.c patchlevel.h fix_options.c workarounds.c \
-	socket.c tli.c DISCLAIMER fakelog.c safe_finger.c hosts_options.5 \
-	CHANGES try-from.c update.c ptx.c vfprintf.c tli-sequent.c \
-	tli-sequent.h misc.c diag.c ncr.c tcpdchk.c percent_m.c \
-	myvsyslog.c mystdarg.h printf.ck README.IRIX Banners.Makefile \
-	refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
-	scaffold.h tcpdmatch.8 README.NIS
-
-LIB	= libwrap.a
-
-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
-
-# Invalidate all object files when the compiler options (CFLAGS) have changed.
-
-config-check:
-	@set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; }
-	@set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \
-	if cmp cflags /tmp/cflags.$$$$ ; \
-	then rm /tmp/cflags.$$$$ ; \
-	else mv /tmp/cflags.$$$$ cflags ; \
-	fi >/dev/null 2>/dev/null
-
-cflags: config-check
-
-$(LIB):	$(LIB_OBJ)
-	rm -f $(LIB)
-	$(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
-	-$(RANLIB) $(LIB)
-
-tcpd:	tcpd.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
-
-miscd:	miscd.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
-
-safe_finger: safe_finger.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
-
-TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
-
-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
-	$(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
-
-try-from: try-from.o fakelog.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
-
-TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
-
-tcpdchk: $(TCPDCHK_OBJ) $(LIB)
-	$(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
-
-shar:	$(KIT)
-	@shar $(KIT)
-
-kit:	$(KIT)
-	@makekit $(KIT)
-
-files:
-	@echo $(KIT)
-
-archive:
-	$(ARCHIVE) $(KIT)
-
-clean:
-	rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
-	cflags
-
-tidy:	clean
-	chmod -R a+r .
-	chmod 755 .
-
-# Enable all bells and whistles for linting.
-
-lint: tcpd_lint miscd_lint match_lint chk_lint
-
-tcpd_lint:
-	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
-	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
-	$(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
-	-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	tcpd.c fromhost.c socket.c tli.c hosts_access.c \
-	shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
-	options.c setenv.c fix_options.c workarounds.c update.c misc.c \
-	diag.c myvsyslog.c percent_m.c
-
-miscd_lint:
-	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
-	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
-	$(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
-	-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	miscd.c fromhost.c socket.c tli.c hosts_access.c \
-	shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
-	options.c setenv.c fix_options.c workarounds.c update.c misc.c \
-	diag.c myvsyslog.c percent_m.c
-
-match_lint:
-	lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
-	-DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	tcpdmatch.c hosts_access.c eval.c percent_x.c options.c workarounds.c \
-	update.c socket.c misc.c diag.c myvsyslog.c percent_m.c setenv.c \
-	inetcf.c scaffold.c
-
-chk_lint:
-	lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
-	-DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
-	setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c
-
-printfck:
-	printfck -f printf.ck \
-	tcpd.c fromhost.c socket.c tli.c hosts_access.c \
-	shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
-	options.c setenv.c fix_options.c workarounds.c update.c misc.c \
-	diag.c myvsyslog.c percent_m.c >aap.c
-	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
-	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
-	$(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
-	-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" -Dvsyslog=myvsyslog aap.c
-	printfck -f printf.ck \
-	tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
-	setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c \
-	>aap.c
-	lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
-	-DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
-	-Dvsyslog=myvsyslog -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\"
-
-# Internal compilation dependencies.
-
-clean_exit.o: cflags
-clean_exit.o: tcpd.h
-diag.o: cflags
-diag.o: mystdarg.h
-diag.o: tcpd.h
-environ.o: cflags
-eval.o: cflags
-eval.o: tcpd.h
-fakelog.o: cflags
-fakelog.o: mystdarg.h
-fix_options.o: cflags
-fix_options.o: tcpd.h
-fromhost.o: cflags
-fromhost.o: tcpd.h
-hosts_access.o: cflags
-hosts_access.o: tcpd.h
-hosts_ctl.o: cflags
-hosts_ctl.o: tcpd.h
-inetcf.o: cflags
-inetcf.o: inetcf.h
-inetcf.o: tcpd.h
-misc.o: cflags
-misc.o: tcpd.h
-miscd.o: cflags
-miscd.o: patchlevel.h
-miscd.o: tcpd.h
-myvsyslog.o: cflags
-myvsyslog.o: mystdarg.h
-myvsyslog.o: tcpd.h
-ncr.o: cflags
-ncr.o: tcpd.h
-options.o: cflags
-options.o: tcpd.h
-percent_m.o: cflags
-percent_m.o: mystdarg.h
-percent_x.o: cflags
-percent_x.o: tcpd.h
-ptx.o: cflags
-ptx.o: tcpd.h
-refuse.o: cflags
-refuse.o: tcpd.h
-rfc931.o: cflags
-rfc931.o: tcpd.h
-safe_finger.o: cflags
-scaffold.o: cflags
-scaffold.o: scaffold.h
-scaffold.o: tcpd.h
-setenv.o: cflags
-shell_cmd.o: cflags
-shell_cmd.o: tcpd.h
-socket.o: cflags
-socket.o: tcpd.h
-strcasecmp.o: cflags
-tcpd.o: cflags
-tcpd.o: patchlevel.h
-tcpd.o: tcpd.h
-tcpdchk.o: cflags
-tcpdchk.o: inetcf.h
-tcpdchk.o: scaffold.h
-tcpdchk.o: tcpd.h
-tcpdmatch.o: cflags
-tcpdmatch.o: scaffold.h
-tcpdmatch.o: tcpd.h
-tli-sequent.o: cflags
-tli-sequent.o: tcpd.h
-tli-sequent.o: tli-sequent.h
-tli.o: cflags
-tli.o: tcpd.h
-try-from.o: cflags
-try-from.o: tcpd.h
-update.o: cflags
-update.o: mystdarg.h
-update.o: tcpd.h
-vfprintf.o: cflags
-workarounds.o: cflags
-workarounds.o: tcpd.h
diff --git a/usr/src/cmd/tcpd/Makefile.org b/usr/src/cmd/tcpd/Makefile.org
deleted file mode 100644
index 2906c52ddf..0000000000
--- a/usr/src/cmd/tcpd/Makefile.org
+++ /dev/null
@@ -1,889 +0,0 @@
-# @(#) Makefile 1.23 97/03/21 19:27:20
-
-what:
-	@echo
-	@echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
-	@echo
-	@echo "	make sys-type"
-	@echo
-	@echo "If you are in a hurry you can try instead:"
-	@echo
-	@echo "	make REAL_DAEMON_DIR=/foo/bar sys-type"
-	@echo
-	@echo "And for a version with language extensions enabled:"
-	@echo
-	@echo "	make REAL_DAEMON_DIR=/foo/bar STYLE=-DPROCESS_OPTIONS sys-type"
-	@echo
-	@echo "This Makefile knows about the following sys-types:"
-	@echo
-	@echo "	generic (most bsd-ish systems with sys5 compatibility)"
-	@echo "	386bsd aix alpha apollo bsdos convex-ultranet dell-gcc dgux dgux543"
-	@echo "	dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
-	@echo "	linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
-	@echo "	ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
-	@echo "	sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
-	@echo "	uts215 uxp"
-	@echo
-	@echo "If none of these match your environment, edit the system"
-	@echo "dependencies sections in the Makefile and do a 'make other'."
-	@echo
-
-#######################################################
-# Choice between easy and advanced installation recipe.
-# 
-# Advanced installation: vendor-provided daemons are left alone, and the
-# inetd configuration file is edited. In this case, the REAL_DAEMON_DIR
-# macro should reflect the actual directory with (most of) your
-# vendor-provided network daemons.  These names can be found in the
-# inetd.conf file. Usually, the telnet, ftp and finger daemons all live
-# in the same directory.
-# 
-# Uncomment the appropriate line if you are going to edit inetd.conf.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc
-
-# Easy installation: vendor-provided network daemons are moved to "some
-# other" directory, and the tcpd wrapper fills in the "holes". For this
-# mode of operation, the REAL_DAEMON_DIR macro should be set to the "some
-# other" directory.  The "..." is here for historical reasons only; you
-# should probably use some other name. 
-# 
-# Uncomment the appropriate line if you are going to move your daemons.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc/...
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin/...
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec/...
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc/...
-
-# End of mandatory section
-##########################
-
-##########################################
-# Ready-to-use system-dependent templates.
-#
-# Ready-to-use templates are available for many systems (see the "echo"
-# commands at the start of this Makefile).  The templates take care of
-# all system dependencies: after editing the REAL_DAEMON_DIR definition
-# above, do a "make sunos4" (or whatever system type is appropriate).
-#
-# If your system is not listed (or something that comes close enough), you
-# have to edit the system dependencies section below and do a "make other".  
-#
-# Send templates for other UNIX versions to wietse@wzv.win.tue.nl.
-
-# This is good for many BSD+SYSV hybrids with NIS (formerly YP).
-generic aix osf alpha dynix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# Ditto, with vsyslog
-sunos4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Generic with resolver library.
-generic-resolver:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lresolv RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# The NeXT loader needs "-m" or it barfs on redefined library functions.
-next:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-m RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# SunOS for the 386 was frozen at release 4.0.x.
-sunos40:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="setenv.o strcasecmp.o" \
-	NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Ultrix is like aix, next, etc., but has miscd and setenv().
-ultrix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
-	NETGROUP=-DNETGROUP TLI= all miscd
-
-# This works on EP/IX 1.4.3 and will likely work on Mips (reggers@julian.uwo.ca)
-epix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= SYSTYPE="-systype bsd43" all
-
-# Freebsd and linux by default have no NIS.
-386bsd netbsd bsdos:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
-	EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-freebsd:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
-	EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-linux:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
-
-# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
-hpux hpux8 hpux9 hpux10:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# ConvexOS-10.x with UltraNet support (ukkonen@csc.fi).
-convex-ultranet:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lulsock RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# Generic support for the Dynix/PTX version of TLI.
-ptx-generic:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o ptx.o" NETGROUP= TLI=-DPTX all
-
-# With UDP support optimized for PTX 2.x (timw@sequent.com).
-ptx-2.x:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o tli-sequent.o" NETGROUP= \
-	TLI=-DTLI_SEQUENT all
-
-# IRIX 4.0.x has a special ar(1) flag.
-irix4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lc -lsun" RANLIB=echo ARFLAGS=rvs AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# IRIX 5.2 is SYSV4 with several broken things (such as -lsocket -lnsl).
-irix5:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lsun RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI= all
-
-# IRIX 6.2 (tucker@math.unc.edu). Must find a better value than 200000.
-irix6:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	NETGROUP=-DNETGROUP EXTRA_CFLAGS="-DBSD=200000" TLI= all
-
-# SunOS 5.x is another SYSV4 variant.
-sunos5:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
-	BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" all
-
-# Generic SYSV40
-esix sysv4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# DG/UX 5.4.1 and 5.4.2 have an unusual inet_addr() interface.
-dgux:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
-	BUGS="$(BUGS) -DINET_ADDR_BUG" all
-
-dgux543:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# NCR UNIX 02.02.01 and 02.03.00 (Alex Chircop, msu@unimt.mt)
-ncrsvr4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lresolv -lnsl -lsocket" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI=-DTLI \
-	EXTRA_CFLAGS="" FROM_OBJ=ncr.o all
-
-# Tandem SYSV4 (eqawas@hedgehog.ac.cowan.edu.au)
-tandem:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
-	NETGROUP= AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
-uts215:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \   
-	LIBS="-lsocket" RANLIB=echo \
-	ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
-
-# UXP/DS System V.4 clone (vic@uida0.uida.es).
-uxp:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-L/usr/ucblib -lsocket -lnsl -lucb" \
-	RANLIB=echo ARFLAGS=rv NETGROUP=-DNETGROUP \
-	AUX_OBJ=setenv.o TLI="-DTLI -DDRS_XTI" all
-
-# DELL System V.4 Issue 2.2 using gcc (kim@tac.nyc.ny.us, jurban@norden1.com)
-dell-gcc:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=ranlib ARFLAGS=rv CC=gcc \
-	AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# SCO 3.2v4.1 no frills (jedwards@sol1.solinet.net).
-sco:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl_s" RANLIB=echo ARFLAGS=rv \
-	NETGROUP= AUX_OBJ=setenv.o TLI= all
-
-# SCO OpenDesktop 2.0, release 3.2 (peter@midnight.com). Please simplify.
-sco-od2:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lrpcsvc -lrpc -lyp -lrpc -lrpcsvc -lsocket" \
-	RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# SCO 3.2v4.2 with TCP/IP 1.2.1 (Eduard.Vopicka@vse.cz). Please simplify.
-sco-nis:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lyp -lrpc -lsocket -lyp -lc_s -lc" \
-	RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= EXTRA_CFLAGS="-nointl -DNO_NETGRENT" all
-
-# SCO 3.2v5.0.0 OpenServer 5 (bob@odt.handy.com, bill@razorlogic.com)
-sco-os5:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lrpcsvc -lsocket" RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	AUX_OBJ=setenv.o NETGROUP=-DNETGROUP TLI= all
-
-# sinix 5.42 setjmp workaround (szrzs023@ub3.ub.uni-kiel.de)
-sinix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl -L/usr/ccs/lib -lc -L/usr/ucblib -lucb" \
-	RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o TLI=-DTLI all
-
-# Domain SR10.4. Build under bsd, run under either sysv3 or bsd43.
-apollo:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= SYSTYPE="-A run,any -A sys,any" all
-
-# Pyramid OSx 5.1, using the BSD universe.
-pyramid:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="environ.o vfprintf.o" \
-	STRINGS="-Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy" \
-	NETGROUP="-DNETGROUP -DUSE_GETDOMAIN" TLI= all
-
-# Untested.
-mips:
-	@echo "Warning: some definitions may be wrong."
-	make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= SYSTYPE="-sysname bsd43" all
-
-# Cray (tested with UNICOS 7.0.4).
-unicos7:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lnet RANLIB=echo ARFLAGS=rv \
-	EXTRA_CFLAGS=-DINADDR_NONE="\"((unsigned long) -1)\"" \
-	AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI= all
-
-# Unicos 8.x, Cray-YMP (Bruce Kelly).
-unicos8:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=echo AR=bld ARFLAGS=rv \
-	AUX_OBJ= NETGROUP= TLI= all
-
-# Power_UNIX 2.1.1 (amantel@lerc.nasa.gov)
-power_unix_211:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lnsl -lsocket -lgen -lresolv" RANLIB=echo ARFLAGS=rv \
-	NETGROUP= AUX_OBJ=setenv.o TLI=-DTLI BUGS="$(BUGS)" all
-
-# ISC (fc@all.net)
-isc:
-	make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o" EXTRA_CFLAGS="-DENOTCONN=ENAVAIL" \
-	NETGROUP= TLI= all
-
-# Interactive UNIX R3.2 version 4.0 (Bobby D. Wright).
-iunix:
-	make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ=environ.o strcasecmp.o NETGROUP= TLI= all
-
-# RTU 6.0 on a Masscomp 5400 (ben@piglet.cr.usgs.gov). When using the
-# advanced installation, increment argv before actually looking at it.
-rtu:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP= TLI= all
-
-# Unixware sans NIS (mc@telebase.com). Compiler dislikes strcasecmp.c.
-unixware1:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl -lc -L/usr/ucblib -lucb" RANLIB=echo ARFLAGS=rv \
-	NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-unixware2:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl -lgen -lc -L/usr/ucblib -lucb" RANLIB=echo \
-	ARFLAGS=rv NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-u6000:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# MachTen
-machten:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP= TLI= all
-
-###############################################################
-# System dependencies: TLI (transport-level interface) support.
-# 
-# Uncomment the following macro if your system has System V.4-style TLI
-# support (/usr/include/sys/timod.h, /etc/netconfig, and the netdir(3)
-# routines).
-#
-#TLI	= -DTLI
-
-###############################################################################
-# System dependencies: differences between ranlib(1) and ar(1) implementations.
-#
-# Some C compilers (Ultrix 4.x) insist that ranlib(1) be run on an object
-# library; some don't care as long as the modules are in the right order;
-# some systems don't even have a ranlib(1) command. Make your choice.
-
-RANLIB	= ranlib	# have ranlib (BSD-ish UNIX)
-#RANLIB	= echo		# no ranlib (SYSV-ish UNIX)
-
-ARFLAGS	= rv		# most systems
-#ARFLAGS= rvs		# IRIX 4.0.x
-
-AR	= ar
-#AR	= bld		# Unicos 8.x
-
-#############################################################################
-# System dependencies: routines that are not present in the system libraries.
-# 
-# If your system library does not have set/putenv() or strcasecmp(), use
-# the ones provided with this source distribution. The environ.c module
-# implements setenv(), getenv(), and putenv().
-
-AUX_OBJ= setenv.o
-#AUX_OBJ= environ.o
-#AUX_OBJ= environ.o strcasecmp.o
-
-# Uncomment the following if your C library does not provide the
-# strchr/strrchr/memcmp routines, but comes with index/rindex/bcmp.
-#
-#STRINGS= -Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy
-
-#################################################################
-# System dependencies: selection of non-default object libraries.
-#
-# Most System V implementations require that you explicitly specify the
-# networking libraries. There is no general consensus, though.
-#
-#LIBS	= -lsocket -lnsl		# SysV.4 Solaris 2.x
-#LIBS	= -lsun				# IRIX
-#LIBS	= -lsocket -linet -lnsl -lnfs	# PTX
-#LIBS	= -linet -lnsl_s -ldbm		# ISC
-#LIBS	= -lnet				# Unicos 7
-#LIBS	= -linet -lsyslog -ldbm
-#LIBS	= -lsyslog -lsocket -lnsl
-
-######################################################
-# System dependencies: system-specific compiler flags.
-#
-# Apollo Domain/OS offers both bsd and sys5 environments, sometimes
-# on the same machine.  If your Apollo is primarily sys5.3 and also
-# has bsd4.3, uncomment the following to build under bsd and run under
-# either environment.
-#
-#SYSTYPE= -A run,any -A sys,any
-
-# For MIPS RISC/os 4_52.p3, uncomment the following definition.
-#
-#SYSTYPE= -sysname bsd43
-
-##################################################
-# System dependencies: working around system bugs.
-#
-# -DGETPEERNAME_BUG works around a getpeername(2) bug in some versions of
-# Apollo or SYSV.4 UNIX:  the wrapper would report that all UDP requests
-# come from address 0.0.0.0. The workaround does no harm on other systems.
-#
-# -DBROKEN_FGETS works around an fgets(3) bug in some System V versions
-# (IRIX):  fgets() gives up too fast when reading from a network socket.
-# The workaround does no harm on other systems.
-#
-# Some UNIX systems (IRIX) make the error of calling the strtok() library
-# routine from other library routines such as, e.g., gethostbyname/addr().
-# The result is that hosts can slip through the wrapper allow/deny filters.
-# Compile with -DLIBC_CALLS_STRTOK to avoid the vendor's strtok() routine.
-# The workaround does no harm on other systems.
-#
-# DG/UX 5.4.1 comes with an inet_ntoa() function that returns a structure
-# instead of a long integer. Compile with -DINET_ADDR_BUG to work around
-# this mutant behavour. Fixed in 5.4R3.
-#
-# Solaris 2.4 gethostbyname(), in DNS through NIS mode, puts only one
-# address in the host address list; all other addresses are treated as
-# host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
-# around this. The workaround does no harm on other Solaris versions.
-
-BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
-
-##########################################################################
-# System dependencies: whether or not your system has NIS (or YP) support.
-#
-# If your system supports NIS or YP-style netgroups, enable the following
-# macro definition. Netgroups are used only for host access control.
-#
-#NETGROUP= -DNETGROUP
-
-###############################################################
-# System dependencies: whether or not your system has vsyslog()
-#
-# If your system supports vsyslog(), comment out the following definition.
-# If in doubt leave it in, it won't harm.
-
-VSYSLOG	= -Dvsyslog=myvsyslog
-
-# End of the system dependencies.
-#################################
-
-##############################
-# Start of the optional stuff.
-
-###########################################
-# Optional: Turning on language extensions
-#
-# Instead of the default access control language that is documented in
-# the hosts_access.5 document, the wrappers can be configured to
-# implement an extensible language documented in the hosts_options.5
-# document.  This language is implemented by the "options.c" source
-# module, which also gives hints on how to add your own extensions.
-# Uncomment the next definition to turn on the language extensions
-# (examples: allow, deny, banners, twist and spawn).
-# 
-#STYLE	= -DPROCESS_OPTIONS	# Enable language extensions.
-
-################################################################
-# Optional: Changing the default disposition of logfile records
-#
-# By default, logfile entries are written to the same file as used for
-# sendmail transaction logs. See your /etc/syslog.conf file for actual
-# path names of logfiles. The tutorial section in the README file
-# gives a brief introduction to the syslog daemon.
-# 
-# Change the FACILITY definition below if you disagree with the default
-# disposition. Some syslog versions (including Ultrix 4.x) do not provide
-# this flexibility.
-# 
-# If nothing shows up on your system, it may be that the syslog records
-# are sent to a dedicated loghost. It may also be that no syslog daemon
-# is running at all. The README file gives pointers to surrogate syslog
-# implementations for systems that have no syslog library routines or
-# no syslog daemons. When changing the syslog.conf file, remember that
-# there must be TABs between fields.
-#
-# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
-
-FACILITY= LOG_MAIL	# LOG_MAIL is what most sendmail daemons use
-
-# The syslog priority at which successful connections are logged.
-
-SEVERITY= LOG_INFO	# LOG_INFO is normally not logged to the console
-
-###########################
-# Optional: Reduce DNS load
-#
-# When looking up the address for a host.domain name, the typical DNS
-# code will first append substrings of your own domain, so it tries
-# host.domain.your.own.domain, then host.domain.own.domain, and then
-# host.domain. The APPEND_DOT feature stops this waste of cycles. It is
-# off by default because it causes problems on sites that don't use DNS
-# and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
-# from /etc/hosts or from NIS maps. It does work with DNS through NIS.
-#
-# DOT= -DAPPEND_DOT
-
-##################################################
-# Optional: Always attempt remote username lookups
-#
-# By default, the wrappers look up the remote username only when the
-# access control rules require them to do so.
-#
-# Username lookups require that the remote host runs a daemon that
-# supports an RFC 931 like protocol.  Remote user name lookups are not
-# possible for UDP-based connections, and can cause noticeable delays
-# with connections from non-UNIX PCs.  On some systems, remote username
-# lookups can trigger a kernel bug, causing loss of service. The README
-# file describes how to find out if your UNIX kernel has that problem.
-# 
-# Uncomment the following definition if the wrappers should always
-# attempt to get the remote user name. If this is not enabled you can
-# still do selective username lookups as documented in the hosts_access.5
-# and hosts_options.5 manual pages (`nroff -man' format).
-#
-#AUTH	= -DALWAYS_RFC931
-#
-# The default username lookup timeout is 10 seconds. This may not be long
-# enough for slow hosts or networks, but is enough to irritate PC users.
-
-RFC931_TIMEOUT = 10
-
-######################################################
-# Optional: Changing the default file protection mask
-#
-# On many systems, network daemons and other system processes are started
-# with a zero umask value, so that world-writable files may be produced.
-# It is a good idea to edit your /etc/rc* files so that they begin with
-# an explicit umask setting.  On our site we use `umask 022' because it
-# does not break anything yet gives adequate protection against tampering.
-# 
-# The following macro specifies the default umask for processes run under
-# control of the daemon wrappers. Comment it out only if you are certain
-# that inetd and its children are started with a safe umask value.
-
-UMASK	= -DDAEMON_UMASK=022
-
-#######################################
-# Optional: Turning off access control
-#
-# By default, host access control is enabled.  To disable host access
-# control, comment out the following definition.  Host access control
-# can also be turned off at runtime by providing no or empty access
-# control tables.
-
-ACCESS	= -DHOSTS_ACCESS
-
-########################################################
-# Optional: Changing the access control table pathnames
-#
-# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
-# look for access control information. Watch out for the quotes and
-# backslashes when you make changes.
-
-TABLES	= -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
-
-####################################################
-# Optional: dealing with host name/address conflicts
-#
-# By default, the software tries to protect against hosts that claim to
-# have someone elses host name. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin.
-#
-# With paranoid mode on, connections will be rejected when the host name
-# does not match the host address. Connections will also be rejected when
-# the host name is available but cannot be verified.
-#
-# Comment out the following definition if you want more control over such
-# requests. When paranoid mode is off and a host name double check fails,
-# the client can be matched with the PARANOID access control pattern.
-#
-# Paranoid mode implies hostname lookup. In order to disable hostname
-# lookups altogether, see the next section.
-
-PARANOID= -DPARANOID
-
-########################################
-# Optional: turning off hostname lookups
-#
-# By default, the software always attempts to look up the client
-# hostname.  With selective hostname lookups, the client hostname
-# lookup is postponed until the name is required by an access control
-# rule or by a %letter expansion.
-# 
-# In order to perform selective hostname lookups, disable paranoid
-# mode (see previous section) and comment out the following definition.
-
-HOSTNAME= -DALWAYS_HOSTNAME
-
-#############################################
-# Optional: Turning on host ADDRESS checking
-#
-# Optionally, the software tries to protect against hosts that pretend to
-# have someone elses host address. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin,
-# because the network address is used to look up the remote host name.
-# 
-# The protection is to refuse TCP connections with IP source routing
-# options.
-#
-# This feature cannot be used with SunOS 4.x because of a kernel bug in
-# the implementation of the getsockopt() system call. Kernel panics have
-# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data
-# fault" while executing the tcp_ctloutput() kernel function.
-#
-# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x.
-#
-# Uncomment the following macro definition if your getsockopt() is OK.
-#
-# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop
-# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
-# Solaris 2.x, and Linux. See your system documentation for details.
-#
-# KILL_OPT= -DKILL_IP_OPTIONS
-
-## End configuration options
-############################
-
-# Protection against weird shells or weird make programs.
-
-SHELL	= /bin/sh
-.c.o:;	$(CC) $(CFLAGS) -c $*.c
-
-CFLAGS	= -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
-	$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
-	-DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
-	$(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
-	$(VSYSLOG) $(HOSTNAME)
-
-LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
-	hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
-	$(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
-	update.o misc.o diag.o percent_m.o myvsyslog.o
-
-FROM_OBJ= fromhost.o
-
-KIT	= README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
-	tcpd.h tcpdmatch.c Makefile hosts_access.5 strcasecmp.c BLURB rfc931.c \
-	tcpd.8 eval.c hosts_access.3 hosts_ctl.c percent_x.c options.c \
-	clean_exit.c environ.c patchlevel.h fix_options.c workarounds.c \
-	socket.c tli.c DISCLAIMER fakelog.c safe_finger.c hosts_options.5 \
-	CHANGES try-from.c update.c ptx.c vfprintf.c tli-sequent.c \
-	tli-sequent.h misc.c diag.c ncr.c tcpdchk.c percent_m.c \
-	myvsyslog.c mystdarg.h printf.ck README.IRIX Banners.Makefile \
-	refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
-	scaffold.h tcpdmatch.8 README.NIS
-
-LIB	= libwrap.a
-
-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
-
-# Invalidate all object files when the compiler options (CFLAGS) have changed.
-
-config-check:
-	@set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; }
-	@set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \
-	if cmp cflags /tmp/cflags.$$$$ ; \
-	then rm /tmp/cflags.$$$$ ; \
-	else mv /tmp/cflags.$$$$ cflags ; \
-	fi >/dev/null 2>/dev/null
-
-$(LIB):	$(LIB_OBJ)
-	rm -f $(LIB)
-	$(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
-	-$(RANLIB) $(LIB)
-
-tcpd:	tcpd.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
-
-miscd:	miscd.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
-
-safe_finger: safe_finger.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
-
-TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
-
-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
-	$(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
-
-try-from: try-from.o fakelog.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
-
-TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
-
-tcpdchk: $(TCPDCHK_OBJ) $(LIB)
-	$(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
-
-shar:	$(KIT)
-	@shar $(KIT)
-
-kit:	$(KIT)
-	@makekit $(KIT)
-
-files:
-	@echo $(KIT)
-
-archive:
-	$(ARCHIVE) $(KIT)
-
-clean:
-	rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
-	cflags
-
-tidy:	clean
-	chmod -R a+r .
-	chmod 755 .
-
-# Enable all bells and whistles for linting.
-
-lint: tcpd_lint miscd_lint match_lint chk_lint
-
-tcpd_lint:
-	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
-	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
-	$(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
-	-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	tcpd.c fromhost.c socket.c tli.c hosts_access.c \
-	shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
-	options.c setenv.c fix_options.c workarounds.c update.c misc.c \
-	diag.c myvsyslog.c percent_m.c
-
-miscd_lint:
-	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
-	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
-	$(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
-	-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	miscd.c fromhost.c socket.c tli.c hosts_access.c \
-	shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
-	options.c setenv.c fix_options.c workarounds.c update.c misc.c \
-	diag.c myvsyslog.c percent_m.c
-
-match_lint:
-	lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
-	-DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	tcpdmatch.c hosts_access.c eval.c percent_x.c options.c workarounds.c \
-	update.c socket.c misc.c diag.c myvsyslog.c percent_m.c setenv.c \
-	inetcf.c scaffold.c
-
-chk_lint:
-	lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
-	-DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
-	setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c
-
-printfck:
-	printfck -f printf.ck \
-	tcpd.c fromhost.c socket.c tli.c hosts_access.c \
-	shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
-	options.c setenv.c fix_options.c workarounds.c update.c misc.c \
-	diag.c myvsyslog.c percent_m.c >aap.c
-	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
-	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
-	$(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
-	-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" -Dvsyslog=myvsyslog aap.c
-	printfck -f printf.ck \
-	tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
-	setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c \
-	>aap.c
-	lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
-	-DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
-	-Dvsyslog=myvsyslog -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\"
-
-# Internal compilation dependencies.
-
-clean_exit.o: cflags
-clean_exit.o: tcpd.h
-diag.o: cflags
-diag.o: mystdarg.h
-diag.o: tcpd.h
-environ.o: cflags
-eval.o: cflags
-eval.o: tcpd.h
-fakelog.o: cflags
-fakelog.o: mystdarg.h
-fix_options.o: cflags
-fix_options.o: tcpd.h
-fromhost.o: cflags
-fromhost.o: tcpd.h
-hosts_access.o: cflags
-hosts_access.o: tcpd.h
-hosts_ctl.o: cflags
-hosts_ctl.o: tcpd.h
-inetcf.o: cflags
-inetcf.o: inetcf.h
-inetcf.o: tcpd.h
-misc.o: cflags
-misc.o: tcpd.h
-miscd.o: cflags
-miscd.o: patchlevel.h
-miscd.o: tcpd.h
-myvsyslog.o: cflags
-myvsyslog.o: mystdarg.h
-myvsyslog.o: tcpd.h
-ncr.o: cflags
-ncr.o: tcpd.h
-options.o: cflags
-options.o: tcpd.h
-percent_m.o: cflags
-percent_m.o: mystdarg.h
-percent_x.o: cflags
-percent_x.o: tcpd.h
-ptx.o: cflags
-ptx.o: tcpd.h
-refuse.o: cflags
-refuse.o: tcpd.h
-rfc931.o: cflags
-rfc931.o: tcpd.h
-safe_finger.o: cflags
-scaffold.o: cflags
-scaffold.o: scaffold.h
-scaffold.o: tcpd.h
-setenv.o: cflags
-shell_cmd.o: cflags
-shell_cmd.o: tcpd.h
-socket.o: cflags
-socket.o: tcpd.h
-strcasecmp.o: cflags
-tcpd.o: cflags
-tcpd.o: patchlevel.h
-tcpd.o: tcpd.h
-tcpdchk.o: cflags
-tcpdchk.o: inetcf.h
-tcpdchk.o: scaffold.h
-tcpdchk.o: tcpd.h
-tcpdmatch.o: cflags
-tcpdmatch.o: scaffold.h
-tcpdmatch.o: tcpd.h
-tli-sequent.o: cflags
-tli-sequent.o: tcpd.h
-tli-sequent.o: tli-sequent.h
-tli.o: cflags
-tli.o: tcpd.h
-try-from.o: cflags
-try-from.o: tcpd.h
-update.o: cflags
-update.o: mystdarg.h
-update.o: tcpd.h
-vfprintf.o: cflags
-workarounds.o: cflags
-workarounds.o: tcpd.h
diff --git a/usr/src/cmd/tcpd/Makefile.sfwsrc b/usr/src/cmd/tcpd/Makefile.sfwsrc
deleted file mode 100644
index 1e628d8c62..0000000000
--- a/usr/src/cmd/tcpd/Makefile.sfwsrc
+++ /dev/null
@@ -1,903 +0,0 @@
-# @(#) Makefile 1.23 97/03/21 19:27:20
-
-what:
-	@echo
-	@echo "Usage: edit the REAL_DAEMON_DIR definition in the Makefile then:"
-	@echo
-	@echo "	make sys-type"
-	@echo
-	@echo "If you are in a hurry you can try instead:"
-	@echo
-	@echo "	make REAL_DAEMON_DIR=/foo/bar sys-type"
-	@echo
-	@echo "And for a version with language extensions enabled:"
-	@echo
-	@echo "	make REAL_DAEMON_DIR=/foo/bar STYLE=-DPROCESS_OPTIONS sys-type"
-	@echo
-	@echo "This Makefile knows about the following sys-types:"
-	@echo
-	@echo "	generic (most bsd-ish systems with sys5 compatibility)"
-	@echo "	386bsd aix alpha apollo bsdos convex-ultranet dell-gcc dgux dgux543"
-	@echo "	dynix epix esix freebsd hpux irix4 irix5 irix6 isc iunix"
-	@echo "	linux machten mips(untested) ncrsvr4 netbsd next osf power_unix_211"
-	@echo "	ptx-2.x ptx-generic pyramid sco sco-nis sco-od2 sco-os5 sinix sunos4"
-	@echo "	sunos40 sunos5 sysv4 tandem ultrix unicos7 unicos8 unixware1 unixware2"
-	@echo "	uts215 uxp"
-	@echo
-	@echo "If none of these match your environment, edit the system"
-	@echo "dependencies sections in the Makefile and do a 'make other'."
-	@echo
-
-#######################################################
-# Choice between easy and advanced installation recipe.
-# 
-# Advanced installation: vendor-provided daemons are left alone, and the
-# inetd configuration file is edited. In this case, the REAL_DAEMON_DIR
-# macro should reflect the actual directory with (most of) your
-# vendor-provided network daemons.  These names can be found in the
-# inetd.conf file. Usually, the telnet, ftp and finger daemons all live
-# in the same directory.
-# 
-# Uncomment the appropriate line if you are going to edit inetd.conf.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc
-
-# Easy installation: vendor-provided network daemons are moved to "some
-# other" directory, and the tcpd wrapper fills in the "holes". For this
-# mode of operation, the REAL_DAEMON_DIR macro should be set to the "some
-# other" directory.  The "..." is here for historical reasons only; you
-# should probably use some other name. 
-# 
-# Uncomment the appropriate line if you are going to move your daemons.
-#
-# Ultrix 4.x SunOS 4.x ConvexOS 10.x Dynix/ptx
-#REAL_DAEMON_DIR=/usr/etc/...
-#
-# SysV.4 Solaris 2.x OSF AIX
-#REAL_DAEMON_DIR=/usr/sbin/...
-#
-# BSD 4.4
-#REAL_DAEMON_DIR=/usr/libexec/...
-#
-# HP-UX SCO Unicos
-#REAL_DAEMON_DIR=/etc/...
-
-# End of mandatory section
-##########################
-
-##########################################
-# Ready-to-use system-dependent templates.
-#
-# Ready-to-use templates are available for many systems (see the "echo"
-# commands at the start of this Makefile).  The templates take care of
-# all system dependencies: after editing the REAL_DAEMON_DIR definition
-# above, do a "make sunos4" (or whatever system type is appropriate).
-#
-# If your system is not listed (or something that comes close enough), you
-# have to edit the system dependencies section below and do a "make other".  
-#
-# Send templates for other UNIX versions to wietse@wzv.win.tue.nl.
-
-# This is good for many BSD+SYSV hybrids with NIS (formerly YP).
-generic aix osf alpha dynix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= IPV6="$(IPV6)" all
-
-# Ditto, with vsyslog
-sunos4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Generic with resolver library.
-generic-resolver:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lresolv RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# The NeXT loader needs "-m" or it barfs on redefined library functions.
-next:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-m RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# SunOS for the 386 was frozen at release 4.0.x.
-sunos40:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="setenv.o strcasecmp.o" \
-	NETGROUP=-DNETGROUP VSYSLOG= TLI= all
-
-# Ultrix is like aix, next, etc., but has miscd and setenv().
-ultrix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= \
-	NETGROUP=-DNETGROUP TLI= all miscd
-
-# This works on EP/IX 1.4.3 and will likely work on Mips (reggers@julian.uwo.ca)
-epix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= SYSTYPE="-systype bsd43" all
-
-# Freebsd and linux by default have no NIS.
-386bsd netbsd bsdos:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
-	EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-freebsd:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ= NETGROUP= TLI= \
-	EXTRA_CFLAGS=-DSYS_ERRLIST_DEFINED VSYSLOG= all
-
-linux:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP= TLI= EXTRA_CFLAGS="-DBROKEN_SO_LINGER" all
-
-# This is good for many SYSV+BSD hybrids with NIS, probably also for HP-UX 7.x.
-hpux hpux8 hpux9 hpux10:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# ConvexOS-10.x with UltraNet support (ukkonen@csc.fi).
-convex-ultranet:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lulsock RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# Generic support for the Dynix/PTX version of TLI.
-ptx-generic:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o ptx.o" NETGROUP= TLI=-DPTX all
-
-# With UDP support optimized for PTX 2.x (timw@sequent.com).
-ptx-2.x:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -linet -lnsl" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o tli-sequent.o" NETGROUP= \
-	TLI=-DTLI_SEQUENT all
-
-# IRIX 4.0.x has a special ar(1) flag.
-irix4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lc -lsun" RANLIB=echo ARFLAGS=rvs AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# IRIX 5.2 is SYSV4 with several broken things (such as -lsocket -lnsl).
-irix5:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lsun RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI= all
-
-# IRIX 6.2 (tucker@math.unc.edu). Must find a better value than 200000.
-irix6:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	NETGROUP=-DNETGROUP EXTRA_CFLAGS="-DBSD=200000" TLI= all
-
-# SunOS 5.x is another SYSV4 variant.
-sunos5:
-	@$(MAKE) REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
-	BUGS="$(BUGS) -DSOLARIS_24_GETHOSTBYNAME_BUG" IPV6="$(IPV6)" all
-
-# Generic SYSV40
-esix sysv4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# DG/UX 5.4.1 and 5.4.2 have an unusual inet_addr() interface.
-dgux:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI \
-	BUGS="$(BUGS) -DINET_ADDR_BUG" all
-
-dgux543:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lnsl RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ=setenv.o TLI=-DTLI all
-
-# NCR UNIX 02.02.01 and 02.03.00 (Alex Chircop, msu@unimt.mt)
-ncrsvr4:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lresolv -lnsl -lsocket" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI=-DTLI \
-	EXTRA_CFLAGS="" FROM_OBJ=ncr.o all
-
-# Tandem SYSV4 (eqawas@hedgehog.ac.cowan.edu.au)
-tandem:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
-	NETGROUP= AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# Amdahl UTS 2.1.5 (Richard.Richmond@bridge.bst.bls.com)
-uts215:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \   
-	LIBS="-lsocket" RANLIB=echo \
-	ARFLAGS=rv AUX_OBJ=setenv.o NETGROUP=-DNO_NETGROUP TLI= all
-
-# UXP/DS System V.4 clone (vic@uida0.uida.es).
-uxp:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-L/usr/ucblib -lsocket -lnsl -lucb" \
-	RANLIB=echo ARFLAGS=rv NETGROUP=-DNETGROUP \
-	AUX_OBJ=setenv.o TLI="-DTLI -DDRS_XTI" all
-
-# DELL System V.4 Issue 2.2 using gcc (kim@tac.nyc.ny.us, jurban@norden1.com)
-dell-gcc:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=ranlib ARFLAGS=rv CC=gcc \
-	AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# SCO 3.2v4.1 no frills (jedwards@sol1.solinet.net).
-sco:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl_s" RANLIB=echo ARFLAGS=rv \
-	NETGROUP= AUX_OBJ=setenv.o TLI= all
-
-# SCO OpenDesktop 2.0, release 3.2 (peter@midnight.com). Please simplify.
-sco-od2:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lrpcsvc -lrpc -lyp -lrpc -lrpcsvc -lsocket" \
-	RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= all
-
-# SCO 3.2v4.2 with TCP/IP 1.2.1 (Eduard.Vopicka@vse.cz). Please simplify.
-sco-nis:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lyp -lrpc -lsocket -lyp -lc_s -lc" \
-	RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= EXTRA_CFLAGS="-nointl -DNO_NETGRENT" all
-
-# SCO 3.2v5.0.0 OpenServer 5 (bob@odt.handy.com, bill@razorlogic.com)
-sco-os5:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lrpcsvc -lsocket" RANLIB=echo ARFLAGS=rv VSYSLOG= \
-	AUX_OBJ=setenv.o NETGROUP=-DNETGROUP TLI= all
-
-# sinix 5.42 setjmp workaround (szrzs023@ub3.ub.uni-kiel.de)
-sinix:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl -L/usr/ccs/lib -lc -L/usr/ucblib -lucb" \
-	RANLIB=echo ARFLAGS=rv AUX_OBJ=setenv.o TLI=-DTLI all
-
-# Domain SR10.4. Build under bsd, run under either sysv3 or bsd43.
-apollo:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=setenv.o \
-	NETGROUP=-DNETGROUP TLI= SYSTYPE="-A run,any -A sys,any" all
-
-# Pyramid OSx 5.1, using the BSD universe.
-pyramid:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ="environ.o vfprintf.o" \
-	STRINGS="-Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy" \
-	NETGROUP="-DNETGROUP -DUSE_GETDOMAIN" TLI= all
-
-# Untested.
-mips:
-	@echo "Warning: some definitions may be wrong."
-	make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP=-DNETGROUP TLI= SYSTYPE="-sysname bsd43" all
-
-# Cray (tested with UNICOS 7.0.4).
-unicos7:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS=-lnet RANLIB=echo ARFLAGS=rv \
-	EXTRA_CFLAGS=-DINADDR_NONE="\"((unsigned long) -1)\"" \
-	AUX_OBJ="setenv.o strcasecmp.o" NETGROUP= TLI= all
-
-# Unicos 8.x, Cray-YMP (Bruce Kelly).
-unicos8:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=echo AR=bld ARFLAGS=rv \
-	AUX_OBJ= NETGROUP= TLI= all
-
-# Power_UNIX 2.1.1 (amantel@lerc.nasa.gov)
-power_unix_211:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lnsl -lsocket -lgen -lresolv" RANLIB=echo ARFLAGS=rv \
-	NETGROUP= AUX_OBJ=setenv.o TLI=-DTLI BUGS="$(BUGS)" all
-
-# ISC (fc@all.net)
-isc:
-	make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ="setenv.o strcasecmp.o" EXTRA_CFLAGS="-DENOTCONN=ENAVAIL" \
-	NETGROUP= TLI= all
-
-# Interactive UNIX R3.2 version 4.0 (Bobby D. Wright).
-iunix:
-	make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-linet -lnsl_s -ldbm" RANLIB=echo ARFLAGS=rv \
-	AUX_OBJ=environ.o strcasecmp.o NETGROUP= TLI= all
-
-# RTU 6.0 on a Masscomp 5400 (ben@piglet.cr.usgs.gov). When using the
-# advanced installation, increment argv before actually looking at it.
-rtu:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP= TLI= all
-
-# Unixware sans NIS (mc@telebase.com). Compiler dislikes strcasecmp.c.
-unixware1:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl -lc -L/usr/ucblib -lucb" RANLIB=echo ARFLAGS=rv \
-	NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-unixware2:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl -lgen -lc -L/usr/ucblib -lucb" RANLIB=echo \
-	ARFLAGS=rv NETGROUP=$(NETGROUP) AUX_OBJ=environ.o TLI=-DTLI all
-
-u6000:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS="-lsocket -lnsl" RANLIB=echo ARFLAGS=rv \
-	NETGROUP=-DNETGROUP AUX_OBJ="setenv.o strcasecmp.o" TLI=-DTLI all
-
-# MachTen
-machten:
-	@make REAL_DAEMON_DIR=$(REAL_DAEMON_DIR) STYLE=$(STYLE) \
-	LIBS= RANLIB=ranlib ARFLAGS=rv AUX_OBJ=environ.o \
-	NETGROUP= TLI= all
-
-###############################################################
-# System dependencies: TLI (transport-level interface) support.
-# 
-# Uncomment the following macro if your system has System V.4-style TLI
-# support (/usr/include/sys/timod.h, /etc/netconfig, and the netdir(3)
-# routines).
-#
-#TLI	= -DTLI
-
-###############################################################################
-# System dependencies: differences between ranlib(1) and ar(1) implementations.
-#
-# Some C compilers (Ultrix 4.x) insist that ranlib(1) be run on an object
-# library; some don't care as long as the modules are in the right order;
-# some systems don't even have a ranlib(1) command. Make your choice.
-
-RANLIB	= ranlib	# have ranlib (BSD-ish UNIX)
-#RANLIB	= echo		# no ranlib (SYSV-ish UNIX)
-
-ARFLAGS	= rv		# most systems
-#ARFLAGS= rvs		# IRIX 4.0.x
-
-AR	= ar
-#AR	= bld		# Unicos 8.x
-
-#############################################################################
-# System dependencies: routines that are not present in the system libraries.
-# 
-# If your system library does not have set/putenv() or strcasecmp(), use
-# the ones provided with this source distribution. The environ.c module
-# implements setenv(), getenv(), and putenv().
-
-AUX_OBJ= setenv.o
-#AUX_OBJ= environ.o
-#AUX_OBJ= environ.o strcasecmp.o
-
-# Uncomment the following if your C library does not provide the
-# strchr/strrchr/memcmp routines, but comes with index/rindex/bcmp.
-#
-#STRINGS= -Dstrchr=index -Dstrrchr=rindex -Dmemcmp=bcmp -Dno_memcpy
-
-#################################################################
-# System dependencies: selection of non-default object libraries.
-#
-# Most System V implementations require that you explicitly specify the
-# networking libraries. There is no general consensus, though.
-#
-#LIBS	= -lsocket -lnsl		# SysV.4 Solaris 2.x
-#LIBS	= -lsun				# IRIX
-#LIBS	= -lsocket -linet -lnsl -lnfs	# PTX
-#LIBS	= -linet -lnsl_s -ldbm		# ISC
-#LIBS	= -lnet				# Unicos 7
-#LIBS	= -linet -lsyslog -ldbm
-#LIBS	= -lsyslog -lsocket -lnsl
-
-######################################################
-# System dependencies: system-specific compiler flags.
-#
-# Apollo Domain/OS offers both bsd and sys5 environments, sometimes
-# on the same machine.  If your Apollo is primarily sys5.3 and also
-# has bsd4.3, uncomment the following to build under bsd and run under
-# either environment.
-#
-#SYSTYPE= -A run,any -A sys,any
-
-# For MIPS RISC/os 4_52.p3, uncomment the following definition.
-#
-#SYSTYPE= -sysname bsd43
-
-##################################################
-# System dependencies: working around system bugs.
-#
-# -DGETPEERNAME_BUG works around a getpeername(2) bug in some versions of
-# Apollo or SYSV.4 UNIX:  the wrapper would report that all UDP requests
-# come from address 0.0.0.0. The workaround does no harm on other systems.
-#
-# -DBROKEN_FGETS works around an fgets(3) bug in some System V versions
-# (IRIX):  fgets() gives up too fast when reading from a network socket.
-# The workaround does no harm on other systems.
-#
-# Some UNIX systems (IRIX) make the error of calling the strtok() library
-# routine from other library routines such as, e.g., gethostbyname/addr().
-# The result is that hosts can slip through the wrapper allow/deny filters.
-# Compile with -DLIBC_CALLS_STRTOK to avoid the vendor's strtok() routine.
-# The workaround does no harm on other systems.
-#
-# DG/UX 5.4.1 comes with an inet_ntoa() function that returns a structure
-# instead of a long integer. Compile with -DINET_ADDR_BUG to work around
-# this mutant behavour. Fixed in 5.4R3.
-#
-# Solaris 2.4 gethostbyname(), in DNS through NIS mode, puts only one
-# address in the host address list; all other addresses are treated as
-# host name aliases. Compile with -DSOLARIS_24_GETHOSTBYNAME_BUG to work
-# around this. The workaround does no harm on other Solaris versions.
-
-BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DLIBC_CALLS_STRTOK
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DINET_ADDR_BUG
-#BUGS = -DGETPEERNAME_BUG -DBROKEN_FGETS -DSOLARIS_24_GETHOSTBYNAME_BUG
-
-##########################################################################
-# System dependencies: whether or not your system has NIS (or YP) support.
-#
-# If your system supports NIS or YP-style netgroups, enable the following
-# macro definition. Netgroups are used only for host access control.
-#
-#NETGROUP= -DNETGROUP
-
-###############################################################
-# System dependencies: whether or not your system has vsyslog()
-#
-# If your system supports vsyslog(), comment out the following definition.
-# If in doubt leave it in, it won't harm.
-
-VSYSLOG	= -Dvsyslog=myvsyslog
-
-###############################################################
-# System dependencies: whether or not your system has IPV6
-#
-# If your system has IPv6 and supports getipnode* and inet_pton/inet_ntop
-# uncomment the following (Solaris 8)
-
-# IPV6 = -DHAVE_IPV6
-
-# If your system does not have getipnodebyname() but uses the obsolete
-# gethostbyname2() instead, use this (AIX)
-# IPV6 = -DHAVE_IPV6 -DUSE_GETHOSTBYNAME2
-
-# End of the system dependencies.
-#################################
-
-##############################
-# Start of the optional stuff.
-
-###########################################
-# Optional: Turning on language extensions
-#
-# Instead of the default access control language that is documented in
-# the hosts_access.5 document, the wrappers can be configured to
-# implement an extensible language documented in the hosts_options.5
-# document.  This language is implemented by the "options.c" source
-# module, which also gives hints on how to add your own extensions.
-# Uncomment the next definition to turn on the language extensions
-# (examples: allow, deny, banners, twist and spawn).
-# 
-#STYLE	= -DPROCESS_OPTIONS	# Enable language extensions.
-
-################################################################
-# Optional: Changing the default disposition of logfile records
-#
-# By default, logfile entries are written to the same file as used for
-# sendmail transaction logs. See your /etc/syslog.conf file for actual
-# path names of logfiles. The tutorial section in the README file
-# gives a brief introduction to the syslog daemon.
-# 
-# Change the FACILITY definition below if you disagree with the default
-# disposition. Some syslog versions (including Ultrix 4.x) do not provide
-# this flexibility.
-# 
-# If nothing shows up on your system, it may be that the syslog records
-# are sent to a dedicated loghost. It may also be that no syslog daemon
-# is running at all. The README file gives pointers to surrogate syslog
-# implementations for systems that have no syslog library routines or
-# no syslog daemons. When changing the syslog.conf file, remember that
-# there must be TABs between fields.
-#
-# The LOG_XXX names below are taken from the /usr/include/syslog.h file.
-
-FACILITY= LOG_MAIL	# LOG_MAIL is what most sendmail daemons use
-
-# The syslog priority at which successful connections are logged.
-
-SEVERITY= LOG_INFO	# LOG_INFO is normally not logged to the console
-
-###########################
-# Optional: Reduce DNS load
-#
-# When looking up the address for a host.domain name, the typical DNS
-# code will first append substrings of your own domain, so it tries
-# host.domain.your.own.domain, then host.domain.own.domain, and then
-# host.domain. The APPEND_DOT feature stops this waste of cycles. It is
-# off by default because it causes problems on sites that don't use DNS
-# and with Solaris < 2.4. APPEND_DOT will not work with hostnames taken
-# from /etc/hosts or from NIS maps. It does work with DNS through NIS.
-#
-# DOT= -DAPPEND_DOT
-
-##################################################
-# Optional: Always attempt remote username lookups
-#
-# By default, the wrappers look up the remote username only when the
-# access control rules require them to do so.
-#
-# Username lookups require that the remote host runs a daemon that
-# supports an RFC 931 like protocol.  Remote user name lookups are not
-# possible for UDP-based connections, and can cause noticeable delays
-# with connections from non-UNIX PCs.  On some systems, remote username
-# lookups can trigger a kernel bug, causing loss of service. The README
-# file describes how to find out if your UNIX kernel has that problem.
-# 
-# Uncomment the following definition if the wrappers should always
-# attempt to get the remote user name. If this is not enabled you can
-# still do selective username lookups as documented in the hosts_access.5
-# and hosts_options.5 manual pages (`nroff -man' format).
-#
-#AUTH	= -DALWAYS_RFC931
-#
-# The default username lookup timeout is 10 seconds. This may not be long
-# enough for slow hosts or networks, but is enough to irritate PC users.
-
-RFC931_TIMEOUT = 10
-
-######################################################
-# Optional: Changing the default file protection mask
-#
-# On many systems, network daemons and other system processes are started
-# with a zero umask value, so that world-writable files may be produced.
-# It is a good idea to edit your /etc/rc* files so that they begin with
-# an explicit umask setting.  On our site we use `umask 022' because it
-# does not break anything yet gives adequate protection against tampering.
-# 
-# The following macro specifies the default umask for processes run under
-# control of the daemon wrappers. Comment it out only if you are certain
-# that inetd and its children are started with a safe umask value.
-
-UMASK	= -DDAEMON_UMASK=022
-
-#######################################
-# Optional: Turning off access control
-#
-# By default, host access control is enabled.  To disable host access
-# control, comment out the following definition.  Host access control
-# can also be turned off at runtime by providing no or empty access
-# control tables.
-
-ACCESS	= -DHOSTS_ACCESS
-
-########################################################
-# Optional: Changing the access control table pathnames
-#
-# The HOSTS_ALLOW and HOSTS_DENY macros define where the programs will
-# look for access control information. Watch out for the quotes and
-# backslashes when you make changes.
-
-TABLES	= -DHOSTS_DENY=\"/etc/hosts.deny\" -DHOSTS_ALLOW=\"/etc/hosts.allow\"
-
-####################################################
-# Optional: dealing with host name/address conflicts
-#
-# By default, the software tries to protect against hosts that claim to
-# have someone elses host name. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin.
-#
-# With paranoid mode on, connections will be rejected when the host name
-# does not match the host address. Connections will also be rejected when
-# the host name is available but cannot be verified.
-#
-# Comment out the following definition if you want more control over such
-# requests. When paranoid mode is off and a host name double check fails,
-# the client can be matched with the PARANOID access control pattern.
-#
-# Paranoid mode implies hostname lookup. In order to disable hostname
-# lookups altogether, see the next section.
-
-PARANOID= -DPARANOID
-
-########################################
-# Optional: turning off hostname lookups
-#
-# By default, the software always attempts to look up the client
-# hostname.  With selective hostname lookups, the client hostname
-# lookup is postponed until the name is required by an access control
-# rule or by a %letter expansion.
-# 
-# In order to perform selective hostname lookups, disable paranoid
-# mode (see previous section) and comment out the following definition.
-
-HOSTNAME= -DALWAYS_HOSTNAME
-
-#############################################
-# Optional: Turning on host ADDRESS checking
-#
-# Optionally, the software tries to protect against hosts that pretend to
-# have someone elses host address. This is relevant for network services
-# whose authentication depends on host names, such as rsh and rlogin,
-# because the network address is used to look up the remote host name.
-# 
-# The protection is to refuse TCP connections with IP source routing
-# options.
-#
-# This feature cannot be used with SunOS 4.x because of a kernel bug in
-# the implementation of the getsockopt() system call. Kernel panics have
-# been observed for SunOS 4.1.[1-3]. Symptoms are "BAD TRAP" and "Data
-# fault" while executing the tcp_ctloutput() kernel function.
-#
-# Reportedly, Sun patch 100804-03 or 101790 fixes this for SunOS 4.1.x.
-#
-# Uncomment the following macro definition if your getsockopt() is OK.
-#
-# -DKILL_IP_OPTIONS is not needed on modern UNIX systems that can stop
-# source-routed traffic in the kernel. Examples: 4.4BSD derivatives,
-# Solaris 2.x, and Linux. See your system documentation for details.
-#
-# KILL_OPT= -DKILL_IP_OPTIONS
-
-## End configuration options
-############################
-
-# Protection against weird shells or weird make programs.
-
-SHELL	= /bin/sh
-.c.o:;	$(CC) $(CFLAGS) -c $*.c
-
-CFLAGS	= -O -DFACILITY=$(FACILITY) $(ACCESS) $(PARANOID) $(NETGROUP) \
-	$(BUGS) $(SYSTYPE) $(AUTH) $(UMASK) \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" $(STYLE) $(KILL_OPT) \
-	-DSEVERITY=$(SEVERITY) -DRFC931_TIMEOUT=$(RFC931_TIMEOUT) \
-	$(UCHAR) $(TABLES) $(STRINGS) $(TLI) $(EXTRA_CFLAGS) $(DOT) \
-	$(VSYSLOG) $(HOSTNAME) $(IPV6)
-
-LIB_OBJ= hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
-	hosts_ctl.o refuse.o percent_x.o clean_exit.o $(AUX_OBJ) \
-	$(FROM_OBJ) fix_options.o socket.o tli.o workarounds.o \
-	update.o misc.o diag.o percent_m.o myvsyslog.o
-
-FROM_OBJ= fromhost.o
-
-KIT	= README miscd.c tcpd.c fromhost.c hosts_access.c shell_cmd.c \
-	tcpd.h tcpdmatch.c Makefile hosts_access.5 strcasecmp.c BLURB rfc931.c \
-	tcpd.8 eval.c hosts_access.3 hosts_ctl.c percent_x.c options.c \
-	clean_exit.c environ.c patchlevel.h fix_options.c workarounds.c \
-	socket.c tli.c DISCLAIMER fakelog.c safe_finger.c hosts_options.5 \
-	CHANGES try-from.c update.c ptx.c vfprintf.c tli-sequent.c \
-	tli-sequent.h misc.c diag.c ncr.c tcpdchk.c percent_m.c \
-	myvsyslog.c mystdarg.h printf.ck README.IRIX Banners.Makefile \
-	refuse.c tcpdchk.8 setenv.c inetcf.c inetcf.h scaffold.c \
-	scaffold.h tcpdmatch.8 README.NIS
-
-LIB	= libwrap.a
-
-all other: config-check tcpd tcpdmatch try-from safe_finger tcpdchk
-
-# Invalidate all object files when the compiler options (CFLAGS) have changed.
-
-config-check:
-	@set +e; test -n "$(REAL_DAEMON_DIR)" || { make; exit 1; }
-	@set +e; echo $(CFLAGS) >/tmp/cflags.$$$$ ; \
-	if cmp cflags /tmp/cflags.$$$$ ; \
-	then rm /tmp/cflags.$$$$ ; \
-	else mv /tmp/cflags.$$$$ cflags ; \
-	fi >/dev/null 2>/dev/null
-
-cflags: config-check
-
-$(LIB):	$(LIB_OBJ)
-	rm -f $(LIB)
-	$(AR) $(ARFLAGS) $(LIB) $(LIB_OBJ)
-	-$(RANLIB) $(LIB)
-
-tcpd:	tcpd.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ tcpd.o $(LIB) $(LIBS)
-
-miscd:	miscd.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ miscd.o $(LIB) $(LIBS)
-
-safe_finger: safe_finger.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ safe_finger.o $(LIB) $(LIBS)
-
-TCPDMATCH_OBJ = tcpdmatch.o fakelog.o inetcf.o scaffold.o
-
-tcpdmatch: $(TCPDMATCH_OBJ) $(LIB)
-	$(CC) $(CFLAGS) -o $@ $(TCPDMATCH_OBJ) $(LIB) $(LIBS)
-
-try-from: try-from.o fakelog.o $(LIB)
-	$(CC) $(CFLAGS) -o $@ try-from.o fakelog.o $(LIB) $(LIBS)
-
-TCPDCHK_OBJ = tcpdchk.o fakelog.o inetcf.o scaffold.o
-
-tcpdchk: $(TCPDCHK_OBJ) $(LIB)
-	$(CC) $(CFLAGS) -o $@ $(TCPDCHK_OBJ) $(LIB) $(LIBS)
-
-shar:	$(KIT)
-	@shar $(KIT)
-
-kit:	$(KIT)
-	@makekit $(KIT)
-
-files:
-	@echo $(KIT)
-
-archive:
-	$(ARCHIVE) $(KIT)
-
-clean:
-	rm -f tcpd miscd safe_finger tcpdmatch tcpdchk try-from *.[oa] core \
-	cflags
-
-tidy:	clean
-	chmod -R a+r .
-	chmod 755 .
-
-# Enable all bells and whistles for linting.
-
-lint: tcpd_lint miscd_lint match_lint chk_lint
-
-tcpd_lint:
-	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
-	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
-	$(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
-	-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	tcpd.c fromhost.c socket.c tli.c hosts_access.c \
-	shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
-	options.c setenv.c fix_options.c workarounds.c update.c misc.c \
-	diag.c myvsyslog.c percent_m.c
-
-miscd_lint:
-	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
-	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
-	$(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
-	-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	miscd.c fromhost.c socket.c tli.c hosts_access.c \
-	shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
-	options.c setenv.c fix_options.c workarounds.c update.c misc.c \
-	diag.c myvsyslog.c percent_m.c
-
-match_lint:
-	lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
-	-DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	tcpdmatch.c hosts_access.c eval.c percent_x.c options.c workarounds.c \
-	update.c socket.c misc.c diag.c myvsyslog.c percent_m.c setenv.c \
-	inetcf.c scaffold.c
-
-chk_lint:
-	lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
-	-DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" \
-	-Dvsyslog=myvsyslog \
-	tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
-	setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c
-
-printfck:
-	printfck -f printf.ck \
-	tcpd.c fromhost.c socket.c tli.c hosts_access.c \
-	shell_cmd.c refuse.c rfc931.c eval.c percent_x.c clean_exit.c \
-	options.c setenv.c fix_options.c workarounds.c update.c misc.c \
-	diag.c myvsyslog.c percent_m.c >aap.c
-	lint -DFACILITY=LOG_MAIL -DHOSTS_ACCESS -DPARANOID -DNETGROUP \
-	-DGETPEERNAME_BUG -DDAEMON_UMASK=022 -DSEVERITY=$(SEVERITY) \
-	$(TABLES) -DKILL_IP_OPTIONS -DPROCESS_OPTIONS \
-	-DRFC931_TIMEOUT=$(RFC931_TIMEOUT) -DALWAYS_RFC931 \
-	-DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\" -Dvsyslog=myvsyslog aap.c
-	printfck -f printf.ck \
-	tcpdchk.c eval.c percent_x.c options.c update.c workarounds.c \
-	setenv.c misc.c diag.c myvsyslog.c percent_m.c inetcf.c scaffold.c \
-	>aap.c
-	lint -DFACILITY=LOG_MAIL -DSEVERITY=$(SEVERITY) -DHOSTS_ACCESS \
-	-DPARANOID $(TABLES) -DNETGROUP -DPROCESS_OPTIONS -DRFC931_TIMEOUT=10 \
-	-Dvsyslog=myvsyslog -DREAL_DAEMON_DIR=\"$(REAL_DAEMON_DIR)\"
-
-# Internal compilation dependencies.
-
-clean_exit.o: cflags
-clean_exit.o: tcpd.h
-diag.o: cflags
-diag.o: mystdarg.h
-diag.o: tcpd.h
-environ.o: cflags
-eval.o: cflags
-eval.o: tcpd.h
-fakelog.o: cflags
-fakelog.o: mystdarg.h
-fix_options.o: cflags
-fix_options.o: tcpd.h
-fromhost.o: cflags
-fromhost.o: tcpd.h
-hosts_access.o: cflags
-hosts_access.o: tcpd.h
-hosts_ctl.o: cflags
-hosts_ctl.o: tcpd.h
-inetcf.o: cflags
-inetcf.o: inetcf.h
-inetcf.o: tcpd.h
-misc.o: cflags
-misc.o: tcpd.h
-miscd.o: cflags
-miscd.o: patchlevel.h
-miscd.o: tcpd.h
-myvsyslog.o: cflags
-myvsyslog.o: mystdarg.h
-myvsyslog.o: tcpd.h
-ncr.o: cflags
-ncr.o: tcpd.h
-options.o: cflags
-options.o: tcpd.h
-percent_m.o: cflags
-percent_m.o: mystdarg.h
-percent_x.o: cflags
-percent_x.o: tcpd.h
-ptx.o: cflags
-ptx.o: tcpd.h
-refuse.o: cflags
-refuse.o: tcpd.h
-rfc931.o: cflags
-rfc931.o: tcpd.h
-safe_finger.o: cflags
-scaffold.o: cflags
-scaffold.o: scaffold.h
-scaffold.o: tcpd.h
-setenv.o: cflags
-shell_cmd.o: cflags
-shell_cmd.o: tcpd.h
-socket.o: cflags
-socket.o: tcpd.h
-strcasecmp.o: cflags
-tcpd.o: cflags
-tcpd.o: patchlevel.h
-tcpd.o: tcpd.h
-tcpdchk.o: cflags
-tcpdchk.o: inetcf.h
-tcpdchk.o: scaffold.h
-tcpdchk.o: tcpd.h
-tcpdmatch.o: cflags
-tcpdmatch.o: scaffold.h
-tcpdmatch.o: tcpd.h
-tli-sequent.o: cflags
-tli-sequent.o: tcpd.h
-tli-sequent.o: tli-sequent.h
-tli.o: cflags
-tli.o: tcpd.h
-try-from.o: cflags
-try-from.o: tcpd.h
-update.o: cflags
-update.o: mystdarg.h
-update.o: tcpd.h
-vfprintf.o: cflags
-workarounds.o: cflags
-workarounds.o: tcpd.h
diff --git a/usr/src/cmd/tcpd/README b/usr/src/cmd/tcpd/README
deleted file mode 100644
index 98b6b472a4..0000000000
--- a/usr/src/cmd/tcpd/README
+++ /dev/null
@@ -1,1038 +0,0 @@
-@(#) README 1.30 97/03/21 19:27:21
-
-This is the 7.6 version of the TCP/IP daemon wrapper package.
-
-Thank you for using this program. If you like it, send me a postcard.
-My postal address is at the bottom of this file.
-
-Read the BLURB file for a brief summary of what is new. The CHANGES
-file gives a complete account of differences with respect to previous
-releases.
-
-Announcements of new releases of this software are posted to Usenet
-(comp.security.unix, comp.unix.admin), to the cert-tools mailing list,
-and to a dedicated mailing list.  You can subscribe to the dedicated
-mailing list by sending an email message to majordomo@wzv.win.tue.nl
-with in the body (not subject):  subscribe tcp-wrappers-announce.
-
-Table of contents
------------------
-
-    1 - Introduction
-    2 - Disclaimer
-    3 - Tutorials
-                3.1 - How it works
-                3.2 - Where the logging information goes
-    4 - Features
-                4.1 - Access control
-                4.2 - Host name spoofing
-                4.3 - Host address spoofing
-                4.4 - Client username lookups
-                4.5 - Language extensions
-		4.6 - Multiple ftp/gopher/www archives on one host
-		4.7 - Banner messages
-		4.8 - Sequence number guessing
-    5 - Other works
-                5.1 - Related documents
-                5.2 - Related software
-    6 - Limitations
-                6.1 - Known wrapper limitations
-                6.2 - Known system software bugs
-    7 - Configuration and installation
-                7.1 - Easy configuration and installation
-                7.2 - Advanced configuration and installation
-                7.3 - Daemons with arbitrary path names
-                7.4 - Building and testing the access control rules
-                7.5 - Other applications
-    8 - Acknowledgements
-
-1 - Introduction
-----------------
-
-With this package you can monitor and filter incoming requests for the
-SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other
-network services.
-
-It supports both 4.3BSD-style sockets and System V.4-style TLI. Praise
-yourself lucky if you don't know what that means.
-
-The package provides tiny daemon wrapper programs that can be installed
-without any changes to existing software or to existing configuration
-files.  The wrappers report the name of the client host and of the
-requested service; the wrappers do not exchange information with the
-client or server applications, and impose no overhead on the actual
-conversation between the client and server applications.
-
-Optional features are: access control to restrict what systems can
-connect to what network daemons; client user name lookups with the RFC
-931 etc. protocol; additional protection against hosts that pretend to
-have someone elses host name; additional protection against hosts that
-pretend to have someone elses host address.
-
-The programs are very portable. Build procedures are provided for many
-common (and not so common) environments, and guidelines are provided in
-case your environment is not among them.
-
-Requirements are that network daemons are spawned by a super server
-such as the inetd; a 4.3BSD-style socket programming interface and/or
-System V.4-style TLI programming interface; and the availability of a
-syslog(3) library and of a syslogd(8) daemon.  The wrappers should run
-without modification on any system that satisfies these requirements.
-Workarounds have been implemented for several common bugs in systems
-software.
-
-What to do if this is your first encounter with the wrapper programs:
-1) read the tutorial sections for an introduction to the relevant
-concepts and terminology; 2) glance over the security feature sections
-in this document; 3) follow the installation instructions (easy or
-advanced). I recommend that you first use the default security feature
-settings.  Run the wrappers for a few days to become familiar with
-their logs, before doing anything drastic such as cutting off access or
-installing booby traps.
-
-2 - Disclaimer
---------------
-
-The wrapper programs rely on source address information obtained from
-network packets. This information is provided by the client host. It is
-not 100 percent reliable, although the wrappers do their best to expose
-forgeries.
-
-In the absence of cryptographic protection of message contents, and of
-cryptographic authentication of message originators, all data from the
-network should be treated with sound scepticism.
-
-THIS RESTRICTION IS BY NO MEANS SPECIFIC TO THE TCP/IP PROTOCOLS.
-
-3 - Tutorials
--------------
-
-The tutorial sections give a gentle introduction to the operation of
-the wrapper programs, and introduce some of the terminology that is
-used in the remainder of the document: client, server, the inetd and
-syslogd daemons, and their configuration files.
-
-3.1 - How it works
-------------------
-
-Almost every application of the TCP/IP protocols is based on a client-
-server model. For example, when a user invokes the telnet command to
-connect to one of your systems, a telnet server process is executed on
-the target host. The telnet server process connects the user to a login
-process. A few examples of client and server programs are shown in the
-table below:
-
-              client   server    application
-              --------------------------------
-              telnet   telnetd   remote login
-              ftp      ftpd      file transfer
-              finger   fingerd   show users
-
-The usual approach is to run one single daemon process that waits for
-all kinds of incoming network connections. Whenever a connection is
-established, this daemon (usually called inetd) runs the appropriate
-server program and goes back to sleep, waiting for other connections.
-
-The wrapper programs rely on a simple, but powerful mechanism.  Instead
-of directly running the desired server program, the inetd is tricked
-into running a small wrapper program. The wrapper logs the client host
-name or address and performs some additional checks.  When all is well,
-the wrapper executes the desired server program and goes away.
-
-The wrapper programs have no interaction with the client user (or with
-the client process).  Nor do the wrappers interact with the server
-application. This has two major advantages: 1) the wrappers are
-application-independent, so that the same program can protect many
-kinds of network services; 2) no interaction also means that the
-wrappers are invisible from outside (at least for authorized users).
-
-Another important property is that the wrapper programs are active only
-when the initial contact between client and server is established. Once
-a wrapper has done its work there is no overhead on the client-server
-conversation.
-
-The simple mechanism has one major drawback: the wrappers go away after
-the initial contact between client and server processes, so the
-wrappers are of little use with network daemons that service more than
-one client.  The wrappers would only see the first client attempt to
-contact such a server. The NFS mount daemon is a typical example of a
-daemon that services requests from multiple clients. See the section on
-related software for ways to deal with such server programs.
-
-There are two ways to use the wrapper programs:
-
-1) The easy way: move network daemons to some other directory and fill
-   the resulting holes with copies of the wrapper programs.  This
-   approach involves no changes to system configuration files, so there
-   is very little risk of breaking things.
-
-2) The advanced way: leave the network daemons alone and modify the
-   inetd configuration file.  For example, an entry such as:
-
-     tftp  dgram  udp  wait  root  /usr/etc/tcpd  in.tftpd -s /tftpboot
-
-   When a tftp request arrives, inetd will run the wrapper program
-   (tcpd) with a process name `in.tftpd'.  This is the name that the
-   wrapper will use when logging the request and when scanning the
-   optional access control tables.  `in.tftpd' is also the name of the
-   server program that the wrapper will attempt to run when all is
-   well.  Any arguments (`-s /tftpboot' in this particular example) are
-   transparently passed on to the server program.
-
-For an account of the history of the wrapper programs, with real-life
-examples, see the section below on related documents.
-
-3.2 - Where the logging information goes
-----------------------------------------
-
-The wrapper programs send their logging information to the syslog
-daemon (syslogd). The disposition of the wrapper logs is determined by
-the syslog configuration file (usually /etc/syslog.conf). Messages are
-written to files, to the console, or are forwarded to a @loghost. Some
-syslogd versions can even forward messages down a |pipeline.
-
-Older syslog implementations (still found on Ultrix systems) only
-support priority levels ranging from 9 (debug-level messages) to 0
-(alerts). All logging information of the specified priority level or
-more urgent is written to the same destination.  In the syslog.conf
-file, priority levels are specified in numerical form.  For example,
-
-    8/usr/spool/mqueue/syslog
-
-causes all messages with priority 8 (informational messages), and
-anything that is more urgent, to be appended to the file
-/usr/spool/mqueue/syslog.
-
-Newer syslog implementations support message classes in addition to
-priority levels.  Examples of message classes are: mail, daemon, auth
-and news. In the syslog.conf file, priority levels are specified with
-symbolic names: debug, info, notice, ..., emerg. For example,
-
-    mail.debug                  /var/log/syslog
-
-causes all messages of class mail with priority debug (or more urgent)
-to be appended to the /var/log/syslog file.
-
-By default, the wrapper logs go to the same place as the transaction
-logs of the sendmail daemon. The disposition can be changed by editing
-the Makefile and/or the syslog.conf file. Send a `kill -HUP' to the
-syslogd after changing its configuration file. Remember that syslogd,
-just like sendmail, insists on one or more TABs between the left-hand
-side and the right-hand side expressions in its configuration file.
-
-Solaris 2.x note: the syslog daemon depends on the m4 macro processor.
-The m4 program is installed as part of the software developer packages.
-
-Trouble shooting note: when the syslogging does not work as expected,
-run the program by hand (`syslogd -d') and see what really happens.
-
-4 - Features
-------------
-
-4.1 - Access control
---------------------
-
-When compiled with -DHOSTS_ACCESS, the wrapper programs support a
-simple form of access control.  Access can be controlled per host, per
-service, or combinations thereof. The software provides hooks for the
-execution of shell commands when an access control rule fires; this
-feature may be used to install "booby traps".  For details, see the
-hosts_access.5 manual page, which is in `nroff -man' format. A later
-section describes how you can test your access control rules.
-
-Access control can also be used to connect clients to the "right"
-service. What is right may depend on the requested service, the origin
-of the request, and what host address the client connects to. Examples:
-
-(1) A gopher or www database speaks native language when contacted from
-    within the country, otherwise it speaks English.
-
-(2) A service provider offers different ftp, gopher or www services
-    with different internet hostnames from one host (section 4.6).
-
-Access control is enabled by default. It can be turned off by editing
-the Makefile, or by providing no access control tables. The install
-instructions below describe the Makefile editing process.
-
-The hosts_options.5 manual page (`nroff -man' format) documents an
-extended version of the access control language. The extensions are
-disabled by default. See the section below on language extensions.
-
-Later System V implementations provide the Transport Level Interface
-(TLI), a network programming interface that performs functions similar
-to the Berkeley socket programming interface.  Like Berkeley sockets,
-TLI was designed to cover multiple protocols, not just Internet.
-
-When the wrapper discovers that the TLI interface sits on top of a
-TCP/IP or UDP/IP conversation it uses this knowledge to provide the
-same functions as with traditional socket-based applications.  When
-some other protocol is used underneath TLI, the host address will be
-some universal magic cookie that may not even be usable for access
-control purposes.
-
-4.2 - Host name spoofing
-------------------------
-
-With some network applications, such as RSH or RLOGIN, the client host
-name plays an important role in the authentication process. Host name
-information can be reliable when lookups are done from a _local_ hosts
-table, provided that the client IP address can be trusted.
-
-With _distributed_ name services, authentication schemes that rely on
-host names become more problematic. The security of your system now may
-depend on some far-away DNS (domain name server) outside your own
-control. 
-
-The wrapper programs verify the client host name that is returned by
-the address->name DNS server, by asking for a second opinion.  To this
-end, the programs look at the name and addresses that are returned by
-the name->address DNS server, which may be an entirely different host. 
-
-If any name or address discrepancies are found, or if the second DNS
-opinion is not available, the wrappers assume that one of the two name
-servers is lying, and assume that the client host pretends to have
-someone elses host name.
-
-When compiled with -DPARANOID, the wrappers will always attempt to look
-up and double check the client host name, and will always refuse
-service in case of a host name/address discrepancy.  This is a
-reasonable policy for most systems.
-
-When compiled without -DPARANOID, the wrappers by default still perform
-hostname lookup. You can match hosts with a name/address discrepancy
-with the PARANOID wildcard and decide whether or not to grant service.
-
-Automatic hostname verification is enabled by default. Automatic
-hostname lookups and verification can be turned off by editing the
-Makefile. The configuration and installation section below describes
-the Makefile editing process.
-
-4.3 - Host address spoofing
----------------------------
-
-While host name spoofing can be found out by asking a second opinion,
-it is much harder to find out that a host claims to have someone elses
-network address. And since host names are deduced from network
-addresses, address spoofing is at least as effective as name spoofing.
-
-The wrapper programs can give additional protection against hosts that
-claim to have an address that lies outside their own network.  For
-example, some far-away host that claims to be a trusted host within
-your own network. Such things are possible even while the impersonated
-system is up and running.
-
-This additional protection is not an invention of my own; it has been
-present for at least five years in the BSD rsh and rlogin daemons.
-Unfortunately, that feature was added *after* 4.3 BSD came out, so that
-very few, if any, UNIX vendors have adopted it.  Our site, and many
-other ones, has been running these enhanced daemons for several years,
-and without any ill effects.
-
-When the wrapper programs are compiled with -DKILL_IP_OPTIONS, the
-programs refuse to service TCP connections with IP source routing
-options. -DKILL_IP_OPTIONS is not needed on modern UNIX systems
-that can stop source-routed traffic in the kernel. Examples are
-4.4BSD derivatives, Solaris 2.x, and Linux. See your system manuals
-for details.
-
-If you are going to use this feature on SunOS 4.1.x you should apply
-patch 100804-03+ or 101790-something depending on your SunOS version.
-Otherwise you may experience "BAD TRAP" and "Data fault" panics when
-the getsockopt() system call is executed after a TCP RESET has been
-received. This is a kernel bug, it is not the fault of the wrappers.
-
-The feature is disabled by default. It can be turned on by editing the
-Makefile.  The configuration and installation section below describes
-the Makefile editing process.
-
-UDP services do not benefit from this additional protection. With UDP,
-all you can be certain of is the network packet's destination address.
-
-4.4 - Client username lookups
------------------------------
-
-The protocol proposed in RFC 931 provides a means to obtain the client
-user name from the client host.  The requirement is that the client
-host runs an RFC 931-compliant daemon. The information provided by such
-a daemon is not intended to be used for authentication purposes, but it
-can provide additional information about the owner of a TCP connection.
-
-The RFC 931 protocol has diverged into different directions (IDENT,
-TAP, RFC 1413). To add to the confusion, they all use the same network
-port.  The daemon wrappers implement a common subset of the protocols.
-
-There are some limitations: the number of hosts that run an RFC 931 (or
-compatible) daemon is limited (but growing); client user name lookups
-do not work for datagram (UDP) services. More seriously, client user
-name lookups can cause noticeable delays with connections from non-UNIX
-PCs. Recent PC software seem to have fixed this (for example NCSA
-telnet). The wrappers use a 10-second timeout for RFC931 lookups, to
-accommodate slow networks and slow hosts.
-
-By default, the wrappers will do username lookup only when the access
-control rules require them to do so (via user@host client patterns, see
-the hosts_access.5 manual page) or when the username is needed for
-%<letter> expansions.
-
-You can configure the wrappers to always perform client username
-lookups, by editing the Makefile.  The client username lookup timeout
-period (10 seconds default) can be changed by editing the Makefile. The
-installation sections below describe the Makefile editing process.
-
-On System V with TLI-based network services, client username lookups
-will be possible only when the underlying network protocol is TCP/IP.
-
-4.5 - Language extensions
--------------------------
-
-The wrappers sport only a limited number of features. This is for a
-good reason: programs that run at high privilege levels must be easy to
-verify. And the smaller a program, the easier to verify. There is,
-however, a provision to add features.
-
-The options.c module provides a framework for language extensions.
-Quite a few extensions have already been implemented; they are
-documented in the hosts_options.5 document, which is in `nroff -man'
-format. Examples: changing the severity level at which a request for
-service is logged; "allow" and "deny" keywords; running a customized
-server instead of the standard one; many others.
-
-The language extensions are not enabled by default because they
-introduce an incompatible change to the access control language
-syntax.  Instructions to enable the extensions are given in the
-Makefile.
-
-4.6 - Multiple ftp/gopher/www archives on one host
---------------------------------------------------
-
-Imagine one host with multiple internet addresses. These addresses do
-not need to have the same internet hostname. Thus, it is possible to
-offer services with different internet hostnames from just one host.
-
-Service providers can use this to offer organizations a presence on the
-"net" with their own internet hostname, even when those organizations
-aren't connected to the Internet at all.  To the end user it makes no
-difference, because applications use internet hostnames.
-
-There are several ways to assign multiple addresses to one machine.
-The nice way is to take an existing network interface and to assign
-additional internet addresses with the `ifconfig' command. Examples:
-
-    Solaris 2:	ifconfig le0:1 <address> netmask <mask> up
-    4.4 BSD:	ifconfig en0 alias <address> netmask <mask>
-
-On other systems one has to increase the number of network interfaces:
-either with hardware interfaces, or with pseudo interfaces like SLIP or
-PPP.  The interfaces do not need to be attached to anything. They just
-need to be up and to be assigned a suitable internet address and mask.
-
-With the wrapper software, `daemon@host' access control patterns can be
-used to distinguish requests by the network address that they are aimed
-at.  Judicious use of the `twist' option (see the hosts_options.5 file,
-`nroff -man' format) can guide the requests to the right server.  These
-can be servers that live in separate chroot areas, or servers modified
-to take additional context from the command line, or a combination.
-
-Another way is to modify gopher or www listeners so that they bind to
-only one specific network address. Multiple gopher or www servers can
-then be run side by side, each taking requests sent to its respective
-network address.
-
-4.7 - Banner messages
----------------------
-
-Some sites are required to present an informational message to users
-before they attempt to login.  Banner messages can also be useful when
-denying service:  instead of simply dropping the connection a polite
-explanation is given first. Finally, banners can be used to give your
-system a more personal touch.
-
-The wrapper software provides easy-to-use tools to generate pre-login
-banners for ftp, telnet, rlogin etc. from a single prototype banner
-textfile.  Details on banners and on-the-fly %<letter> expansions are
-given in the hosts_options.5 manual page (`nroff -man' format). An
-example is given in the file Banners.Makefile.
-
-In order to support banner messages the wrappers have to be built with
-language extensions enabled. See the section on language extensions.
-
-4.8 - Sequence number guessing
-------------------------------
-
-Recently, systems came under attack from intruders that exploited a
-well-known weakness in TCP/IP sequence number generators.  This
-weakness allows intruders to impersonate trusted hosts. Break-ins have
-been reported via the rsh service. In fact, any network service can be
-exploited that trusts the client host name or address.
-
-A long-term solution is to stop using network services that trust the
-client host name or address, and to use data encryption instead.
-
-A short-term solution, as outlined in in CERT advisory CA-95:01, is to
-configure network routers so that they discard datagrams from "outside"
-with an "inside" source address. This approach is most fruitful when
-you do not trust any hosts outside your local network.
-
-The IDENT (RFC931 etc.) client username lookup protocol can help to
-detect host impersonation attacks.  Before accepting a client request,
-the wrappers can query the client's IDENT server and find out that the
-client never sent that request.
-
-When the client host provides IDENT service, a negative IDENT lookup
-result (the client matches `UNKNOWN@host') is strong evidence of a host
-impersonation attack.
-
-A positive IDENT lookup result (the client matches `KNOWN@host') is
-less trustworthy.  It is possible for an attacker to spoof both the
-client request and the IDENT lookup connection, although doing so
-should be much harder than spoofing just a client request. Another
-possibility is that the client's IDENT server is lying.
-
-Client username lookups are described in more detail in a previous
-section. Pointers to IDENT daemon software are described in the section
-on related software.
-
-5 - Other works
----------------
-
-5.1 - Related documents
------------------------
-
-The war story behind the tcp wrapper tools is described in:
-
-    W.Z. Venema, "TCP WRAPPER, network monitoring, access control and
-    booby traps", UNIX Security Symposium III Proceedings (Baltimore),
-    September 1992. 
-
-    ftp.win.tue.nl:/pub/security/tcp_wrapper.ps.Z (postscript)
-    ftp.win.tue.nl:/pub/security/tcp_wrapper.txt.Z (flat text)
-
-The same cracker is also described in:
-
-    W.R. Cheswick, "An Evening with Berferd, In Which a Cracker is
-    Lured, Endured, and Studied", Proceedings of the Winter USENIX
-    Conference (San Francisco), January 1992.
-
-    research.att.com:/dist/internet_security/berferd.ps
-
-An updated version of the latter paper appeared in:
-
-    W.R. Cheswick, S.M. Bellovin, "Firewalls and Internet Security",
-    Addison-Wesley, 1994.
-
-Discussions on internet firewalls are archived on ftp.greatcircle.com.
-Subscribe to the mailing list by sending a message to 
-
-    majordomo@greatcircle.com
-
-With in the body (not subject): subscribe firewalls.
-
-5.2 - Related software
-----------------------
-
-Network daemons etc. with enhanced logging capabilities can generate
-massive amounts of information: our 150+ workstations generate several
-hundred kbytes each day. egrep-based filters can help to suppress some
-of the noise.  A more powerful tool is the Swatch monitoring system by
-Stephen E. Hansen and E. Todd Atkins. Swatch can process log files in
-real time and can associate arbitrary actions with patterns; its
-applications are by no means restricted to security.  Swatch is
-available ftp.stanford.edu, directory /general/security-tools/swatch.
-
-Socks, described in the UNIX Security III proceedings, can be used to
-control network traffic from hosts on an internal network, through a
-firewall host, to the outer world. Socks consists of a daemon that is
-run on the firewall host, and of a library with routines that redirect
-application socket calls through the firewall daemon.  Socks is
-available from s1.gov in /pub/firewalls/socks.tar.Z.
-
-For a modified Socks version by Ying-Da Lee (ylee@syl.dl.nec.com) try
-ftp.nec.com, directory /pub/security/socks.cstc.
-
-Tcpr is a set of perl scripts by Paul Ziemba that enable you to run ftp
-and telnet commands across a firewall. Unlike socks it can be used with
-unmodified client software. Available from ftp.alantec.com, /pub/tcpr.
-
-The TIS firewall toolkit provides a multitude of tools to build your
-own internet firewall system. ftp.tis.com, directory /pub/firewalls.
-
-Versions of rshd and rlogind, modified to report the client user name
-in addition to the client host name, are available for anonymous ftp
-(ftp.win.tue.nl:/pub/security/logdaemon-XX.tar.Z).  These programs are
-drop-in replacements for SunOS 4.x, Ultrix 4.x, SunOS 5.x and HP-UX
-9.x. This archive also contains ftpd/rexecd/login versions that support
-S/Key or SecureNet one-time passwords in addition to traditional UNIX
-reusable passwords.
-
-The securelib shared library by William LeFebvre can be used to control
-access to network daemons that are not run under control of the inetd
-or that serve more than one client, such as the NFS mount daemon that
-runs until the machine goes down.  Available from eecs.nwu.edu, file
-/pub/securelib.tar.
-
-xinetd (posted to comp.sources.unix) is an inetd replacement that
-provides, among others, logging, username lookup and access control.
-However, it does not support the System V TLI services, and involves
-much more source code than the daemon wrapper programs. Available
-from ftp.uu.net, directory /usenet/comp.sources.unix.
-
-netlog from Texas A&M relies on the SunOS 4.x /dev/nit interface to
-passively watch all TCP and UDP network traffic on a network.  The
-current version is on net.tamu.edu in /pub/security/TAMU.
-
-Where shared libraries or router-based packet filtering are not an
-option, an alternative portmap daemon can help to prevent hackers
-from mounting your NFS file systems using the proxy RPC facility.
-ftp.win.tue.nl:/pub/security/portmap-X.shar.Z was tested with SunOS
-4.1.X Ultrix 3.0 and Ultrix 4.x, HP-UX 8.x and some version of AIX. The
-protection is less effective than that of the securelib library because
-portmap is mostly a dictionary service.
-
-An rpcbind replacement (the Solaris 2.x moral equivalent of portmap)
-can be found on ftp.win.tue.nl in /pub/security. It prevents hackers
-from mounting your NFS file systems by using the proxy RPC facility.
-
-Source for a portable RFC 931 (TAP, IDENT, RFC 1413) daemon by Peter
-Eriksson is available from ftp.lysator.liu.se:/pub/ident/servers.
-
-Some TCP/IP implementations come without syslog library. Some come with
-the library but have no syslog daemon. A replacement can be found in
-ftp.win.tue.nl:/pub/security/surrogate-syslog.tar.Z.  The fakesyslog
-library that comes with the nntp sources reportedly works well, too.
-
-6 - Limitations
----------------
-
-6.1 - Known wrapper limitations
--------------------------------
-
-Many UDP (and rpc/udp) daemons linger around for a while after they
-have serviced a request, just in case another request comes in.  In the
-inetd configuration file these daemons are registered with the `wait'
-option. Only the request that started such a daemon will be seen by the
-wrappers.  Such daemons are better protected with the securelib shared
-library (see: Related software).
-
-The wrappers do not work with RPC services over TCP. These services are
-registered as rpc/tcp in the inetd configuration file. The only non-
-trivial service that is affected by this limitation is rexd, which is
-used by the on(1) command. This is no great loss.  On most systems,
-rexd is less secure than a wildcard in /etc/hosts.equiv.
-
-Some RPC requests (for example: rwall, rup, rusers) appear to come from
-the server host. What happens is that the client broadcasts its request
-to all portmap daemons on its network; each portmap daemon forwards the
-request to a daemon on its own system. As far as the rwall etc.  daemons
-know, the request comes from the local host.
-
-Portmap and RPC (e.g. NIS and NFS) (in)security is a topic in itself.
-See the section in this document on related software.
-
-6.2 - Known system software bugs
---------------------------------
-
-Workarounds have been implemented for several bugs in system software.
-They are described in the Makefile. Unfortunately, some system software
-bugs cannot be worked around. The result is loss of functionality.
-
-IRIX has so many bugs that it has its own README.IRIX file.
-
-Older ConvexOS versions come with a broken recvfrom(2) implementation.
-This makes it impossible for the daemon wrappers to look up the
-client host address (and hence, the name) in case of UDP requests.
-A patch is available for ConvexOS 10.1; later releases should be OK.
-
-With early Solaris (SunOS 5) versions, the syslog daemon will leave
-behind zombie processes when writing to logged-in users.  Workaround:
-increase the syslogd threshold for logging to users, or reduce the
-wrapper's logging severity.
-
-On some systems, the optional RFC 931 etc. client username lookups may
-trigger a kernel bug.  When a client host connects to your system, and
-the RFC 931 connection from your system to that client is rejected by a
-router, your kernel may drop all connections with that client.  This is
-not a bug in the wrapper programs: complain to your vendor, and don't
-enable client user name lookups until the bug has been fixed.
-
-Reportedly, SunOS 4.1.1, Next 2.0a, ISC 3.0 with TCP 1.3, and AIX 3.2.2
-and later are OK.
-
-Sony News/OS 4.51, HP-UX 8-something and Ultrix 4.3 still have the bug.
-Reportedly, a fix for Ultrix is available (CXO-8919).
-
-The following procedure can be used (from outside the tue.nl domain) to
-find out if your kernel has the bug. From the system under test, do:
-
-        % ftp 131.155.70.19
-
-This command attempts to make an ftp connection to our anonymous ftp
-server (ftp.win.tue.nl).  When the connection has been established, run
-the following command from the same system under test, while keeping
-the ftp connection open:
-
-        % telnet 131.155.70.19 111
-
-Do not forget the `111' at the end of the command. This telnet command
-attempts to connect to our portmap process.  The telnet command should
-fail with:  "host not reachable", or with a timeout error. If your ftp
-connection gets messed up, you have the bug. If the telnet command does
-not fail, please let me know a.s.a.p.!
-
-For those who care, the bug is that the BSD kernel code was not careful
-enough with incoming ICMP UNREACHABLE control messages (it ignored the
-local and remote port numbers, and therefore zapped *all* connections
-with the remote system). The bug is still present in the BSD NET/1
-source release (1989) but apparently has been fixed in BSD NET/2 (1991). 
-
-7 - Configuration and installation
-----------------------------------
-
-7.1 - Easy configuration and installation
------------------------------------------
-
-The "easy" recipe requires no changes to existing software or
-configuration files.  Basically, you move the daemons that you want to
-protect to a different directory and plug the resulting holes with
-copies of the wrapper programs.
-
-If you don't run Ultrix, you won't need the miscd wrapper program.  The
-miscd daemon implements among others the SYSTAT service, which produces
-the same output as the WHO command.
-
-Type `make' and follow the instructions.  The Makefile comes with
-ready-to-use templates for many common UNIX implementations (sun,
-ultrix, hp-ux, aix, irix,...). 
-
-IRIX has so many bugs that it has its own README.IRIX file.
-
-When the `make' succeeds the result is five executables (six in case of
-Ultrix).
-
-You can use the `tcpdchk' program to identify the most common problems
-in your wrapper and inetd configuration files.  
-
-With the `tcpdmatch' program you can examine how the wrapper would
-react to specific requests for service.  
-
-The `safe_finger' command should be used when you implement booby
-traps:  it gives better protection against nasty stuff that remote
-hosts may do in response to your finger probes.
-
-The `try-from' program tests the host and username lookup code.  Run it
-from a remote shell command (`rsh host /some/where/try-from') and it
-should be able to figure out from what system it is being called.
-
-The tcpd program can be used to monitor the telnet, finger, ftp, exec,
-rsh, rlogin, tftp, talk, comsat and other tcp or udp services that have
-a one-to-one mapping onto executable files.
-
-The tcpd program can also be used for services that are marked as
-rpc/udp in the inetd configuration file, but not for rpc/tcp services
-such as rexd.  You probably do not want to run rexd anyway. On most
-systems it is even less secure than a wildcard in /etc/hosts.equiv.
-
-With System V.4-style systems, the tcpd program can also handle TLI
-services. When TCP/IP or UDP/IP is used underneath TLI, tcpd provides
-the same functions as with socket-based applications. When some other
-protocol is used underneath TLI, functionality will be limited (no
-client username lookups, weird network address formats).
-
-Decide which services you want to monitor. Move the corresponding
-vendor-provided daemon programs to the location specified by the
-REAL_DAEMON_DIR constant in the Makefile, and fill the holes with
-copies of the tcpd program. That is, one copy of (or link to) the tcpd
-program for each service that you want to monitor. For example, to
-monitor the use of your finger service:
-
-    # mkdir REAL_DAEMON_DIR
-    # mv /usr/etc/in.fingerd REAL_DAEMON_DIR
-    # cp tcpd /usr/etc/in.fingerd
-
-The example applies to SunOS 4. With other UNIX implementations the
-network daemons live in /usr/libexec, /usr/sbin or in /etc, or have no
-"in." prefix to their names, but you get the idea.
-
-File protections: the wrapper, all files used by the wrapper, and all
-directories in the path leading to those files, should be accessible
-but not writable for unprivileged users (mode 755 or mode 555). Do not
-install the wrapper set-uid.
-
-Ultrix only:  If you want to monitor the SYSTAT service, move the
-vendor-provided miscd daemon to the location specified by the
-REAL_DAEMON_DIR macro in the Makefile, and install the miscd wrapper
-at the original miscd location.
-
-In the absence of any access-control tables, the daemon wrappers
-will just maintain a record of network connections made to your system.
-
-7.2 - Advanced configuration and installation
----------------------------------------------
-
-The advanced recipe leaves your daemon executables alone, but involves
-simple modifications to the inetd configuration file.
-
-Type `make' and follow the instructions.  The Makefile comes with
-ready-to-use templates for many common UNIX implementations (sun,
-ultrix, hp-ux, aix, irix, ...). 
-
-IRIX users should read the warnings in the README.IRIX file first.
-
-When the `make' succeeds the result is five executables (six in case of
-Ultrix).
-
-You can use the `tcpdchk' program to identify the most common problems
-in your wrapper and inetd configuration files.  
-
-With the `tcpdmatch' program you can examine how the wrapper would
-react to specific requests for service.  
-
-The `try-from' program tests the host and username lookup code.  Run it
-from a remote shell command (`rsh host /some/where/try-from') and it
-should be able to figure out from what system it is being called.
-
-The `safe_finger' command should be used when you implement a booby
-trap:  it gives better protection against nasty stuff that remote hosts
-may do in response to your finger probes.
-
-The tcpd program can be used to monitor the telnet, finger, ftp, exec,
-rsh, rlogin, tftp, talk, comsat and other tcp or udp services that have
-a one-to-one mapping onto executable files.
-
-With System V.4-style systems, the tcpd program can also handle TLI
-services. When TCP/IP or UDP/IP is used underneath TLI, tcpd provides
-the same functions as with socket-based applications. When some other
-protocol is used underneath TLI, functionality will be limited (no
-client username lookups, weird network address formats).
-
-The tcpd program can also be used for services that are marked as
-rpc/udp in the inetd configuration file, but not for rpc/tcp services
-such as rexd.  You probably do not want to run rexd anyway. On most
-systems it is even less secure than a wildcard in /etc/hosts.equiv.
-
-Install the tcpd command in a suitable place. Apollo UNIX users will
-want to install it under a different name because the name "tcpd" is
-already taken; a suitable name would be "frontd".  
-
-File protections: the wrapper, all files used by the wrapper, and all
-directories in the path leading to those files, should be accessible
-but not writable for unprivileged users (mode 755 or mode 555). Do not
-install the wrapper set-uid.
-
-Then perform the following edits on the inetd configuration file
-(usually /etc/inetd.conf or /etc/inet/inetd.conf):
-
-    finger  stream  tcp     nowait  nobody  /usr/etc/in.fingerd     in.fingerd
-                                            ^^^^^^^^^^^^^^^^^^^
-becomes:
-
-    finger  stream  tcp     nowait  nobody  /usr/etc/tcpd           in.fingerd
-                                            ^^^^^^^^^^^^^
-Send a `kill -HUP' to the inetd process to make the change effective.
-Some IRIX inetd implementations require that you first disable the
-finger service (comment out the finger service and `kill -HUP' the
-inetd) before you can turn on the modified version. Sending a HUP
-twice seems to work just as well for IRIX 5.3, 6.0, 6.0.1 and 6.1.
-
-AIX note: you may have to execute the `inetimp' command after changing
-the inetd configuration file.
-
-The example applies to SunOS 4. With other UNIX implementations the
-network daemons live in /usr/libexec, /usr/sbin, or /etc, the network
-daemons have no "in." prefix to their names, or the username field in
-the inetd configuration file may be missing.
-
-When the finger service works as expected you can perform similar
-changes for other network services. Do not forget the `kill -HUP'.
-
-The miscd daemon that comes with Ultrix implements several network
-services. It decides what to do by looking at its process name. One of
-the services is systat, which is a kind of limited finger service.  If
-you want to monitor the systat service, install the miscd wrapper in a
-suitable place and update the inetd configuration file:
-
-    systat  stream  tcp     nowait  /suitable/place/miscd      systatd
-
-Ultrix 4.3 allows you to specify a user id under which the daemon will
-be executed. This feature is not documented in the manual pages.  Thus,
-the example would become:
-
-    systat  stream  tcp     nowait  nobody /suitable/place/miscd    systatd
-
-Older Ultrix systems still run all their network daemons as root.
-
-In the absence of any access-control tables, the daemon wrappers
-will just maintain a record of network connections made to your system.
-
-7.3 - Daemons with arbitrary path names
----------------------------------------
-
-The above tcpd examples work fine with network daemons that live in a
-common directory, but sometimes that is not practical. Having soft
-links all over your file system is not a clean solution, either.
-
-Instead you can specify, in the inetd configuration file, an absolute
-path name for the daemon process name.  For example,
-
-    ntalk   dgram   udp     wait    root    /usr/etc/tcpd /usr/local/lib/ntalkd
-
-When the daemon process name is an absolute path name, tcpd ignores the
-value of the REAL_DAEMON_DIR constant, and uses the last path component
-of the daemon process name for logging and for access control.
-
-7.4 - Building and testing the access control rules
----------------------------------------------------
-
-In order to support access control the wrappers must be compiled with
-the -DHOSTS_ACCESS option. The access control policy is given in the
-form of two tables (default: /etc/hosts.allow and /etc/hosts.deny).
-Access control is disabled when there are no access control tables, or
-when the tables are empty.
-
-If you haven't used the wrappers before I recommend that you first run
-them a couple of days without any access control restrictions. The
-logfile records should give you an idea of the process names and of the
-host names that you will have to build into your access control rules.
-
-The syntax of the access control rules is documented in the file
-hosts_access.5, which is in `nroff -man' format. This is a lengthy
-document, and no-one expects you to read it right away from beginning
-to end.  Instead, after reading the introductory section, skip to the
-examples at the end so that you get a general idea of the language.
-Then you can appreciate the detailed reference sections near the
-beginning of the document.
-
-The examples in the hosts_access.5 document (`nroff -man' format) show
-two specific types of access control policy:  1) mostly closed (only
-permitting access from a limited number of systems) and 2) mostly open
-(permitting access from everyone except a limited number of trouble
-makers). You will have to choose what model suits your situation best.
-Implementing a mixed policy should not be overly difficult either.
-
-Optional extensions to the access control language are described in the
-hosts_options.5 document (`nroff -man' format).
-
-The `tcpdchk' program examines all rules in your access control files
-and reports any problems it can find. `tcpdchk -v' writes to standard
-output a pretty-printed list of all rules. `tcpdchk -d' examines the
-hosts.access and hosts.allow files in the current directory. This
-program is described in the tcpdchk.8 document (`nroff -man' format).
-
-The `tcpdmatch' command can be used to try out your local access
-control files.  The command syntax is:
-
-    tcpdmatch process_name hostname (e.g.: tcpdmatch in.tftpd localhost)
-
-    tcpdmatch process_name address  (e.g.: tcpdmatch in.tftpd 127.0.0.1)
-
-This way you can simulate what decisions will be made, and what actions
-will be taken, when hosts connect to your own system. The program is
-described in the tcpdmatch.8 document (`nroff -man' format).
-
-Note 1: `tcpdmatch -d' will look for hosts.{allow,deny} tables in the
-current working directory. This is useful for testing new rules without
-bothering your users.
-
-Note 2: you cannot use the `tcpdmatch' command to simulate what happens
-when the local system connects to other hosts.
-
-In order to find out what process name to use, just use the service and
-watch the process name that shows up in the logfile.  Alternatively,
-you can look up the name from the inetd configuration file. Coming back
-to the tftp example in the tutorial section above:
-
-    tftp  dgram  udp  wait  root  /usr/etc/tcpd  in.tftpd -s /tftpboot
-
-This entry causes the inetd to run the wrapper program (tcpd) with a
-process name `in.tftpd'.  This is the name that the wrapper will use
-when scanning the access control tables. Therefore, `in.tftpd' is the
-process name that should be given to the `tcpdmatch' command. On your
-system the actual inetd.conf entry may differ (tftpd instead of
-in.tftpd, and no `root' field), but you get the idea.
-
-When you specify a host name, the `tcpdmatch' program will use both the
-host name and address. This way you can simulate the most common case
-where the wrappers know both the host address and the host name.  The
-`tcpdmatch' program will iterate over all addresses that it can find
-for the given host name.
-
-When you specify a host address instead of a host name, the `tcpdmatch'
-program will pretend that the host name is unknown, so that you can
-simulate what happens when the wrapper is unable to look up the client
-host name.
-
-7.5 - Other applications
-------------------------
-
-The access control routines can easily be integrated with other
-programs.  The hosts_access.3 manual page (`nroff -man' format)
-describes the external interface of the libwrap.a library.
-
-The tcpd program can even be used to control access to the mail
-service.  This can be useful when you suspect that someone is trying
-out some obscure sendmail bug, or when a remote site is misconfigured
-and keeps hammering your mail daemon.
-
-In that case, sendmail should not be run as a stand-alone network
-listener, but it should be registered in the inetd configuration file.
-For example:
-
-    smtp    stream  tcp     nowait  root    /usr/etc/tcpd /usr/lib/sendmail -bs
-
-You will still need to run one sendmail background process to handle
-queued-up outgoing mail. A command like:
-
-    /usr/lib/sendmail -q15m
-
-(no `-bd' flag) should take care of that. You cannot really prevent
-people from posting forged mail this way, because there are many
-unprotected smtp daemons on the network.
-
-8 - Acknowledgements
---------------------
-
-Many people contributed to the evolution of the programs, by asking
-inspiring questions, by suggesting features or bugfixes, or by
-submitting source code.  Nevertheless, all mistakes and bugs in the
-wrappers are my own.
-
-Thanks to Brendan Kehoe (cs.widener.edu), Heimir Sverrisson (hafro.is)
-and Dan Bernstein (kramden.acf.nyu.edu) for feedback on an early
-release of this product.  The host name/address check was suggested by
-John Kimball (src.honeywell.com).  Apollo's UNIX environment has some
-peculiar quirks: Willem-Jan Withagen (eb.ele.tue.nl), Pieter
-Schoenmakers (es.ele.tue.nl) and Charles S. Fuller (wccs.psc.edu)
-provided assistance.  Hal R.  Brand (addvax.llnl.gov) told me how to
-get the client IP address in case of datagram-oriented services, and
-suggested the optional shell command feature.  Shabbir Safdar
-(mentor.cc.purdue.edu) provided a first version of a much-needed manual
-page.  Granville Boman Goza, IV (sei.cmu.edu) suggested to use the
-client IP address even when the host name is available.  Casper H.S.
-Dik (fwi.uva.nl) provided additional insight into DNS spoofing
-techniques.  The bogus daemon feature was inspired by code from Andrew
-Macpherson (BNR Europe Ltd).  Steve Bellovin (research.att.com)
-confirmed some of my suspicions about the darker sides of TCP/IP
-insecurity. Risks of automated fingers were pointed out by Borja Marcos
-(we.lc.ehu.es). Brad Plecs (jhuspo.ca.jhu.edu) was kind enough to try
-my early TLI code and to work out how DG/UX differs from Solaris.
-
-John P.  Rouillard (cs.umb.edu) deserves special mention for his
-persistent, but constructive, nagging about wrong or missing things,
-and for trying out and discussing embryonic code or ideas.
-
-Last but not least, Howard Chu (hanauma.jpl.nasa.gov), Darren Reed
-(coombs.anu.edu.au), Icarus Sparry (gdr.bath.ac.uk), Scott Schwartz
-(cs.psu.edu), John A. Kunze (violet.berkeley.edu), Daniel Len Schales
-(engr.latech.edu), Chris Turbeville (cse.uta.edu), Paul Kranenburg
-(cs.few.eur.nl), Marc Boucher (cam.org), Dave Mitchell
-(dcs.shef.ac.uk), Andrew Maffei, Adrian van Bloois, Rop Gonggrijp, John
-C. Wingenbach, Everett F. Batey  and many, many others provided fixes,
-code fragments, or ideas for improvements.
-
-        Wietse Venema (wietse@wzv.win.tue.nl)
-        Department of Mathematics and Computing Science
-        Eindhoven University of Technology
-        P.O. Box 513
-        5600 MB Eindhoven
-        The Netherlands
-
-	Currently visiting IBM T.J. Watson Research, Hawthorne NY, USA.
diff --git a/usr/src/cmd/tcpd/README.IRIX b/usr/src/cmd/tcpd/README.IRIX
deleted file mode 100644
index 56d2beafaa..0000000000
--- a/usr/src/cmd/tcpd/README.IRIX
+++ /dev/null
@@ -1,54 +0,0 @@
-@(#) README.IRIX 1.2 94/12/28 18:45:58
-
-In the past few months I received several messages with questions from
-people that tried to use my tcp wrapper on IRIX 5.x. Some mysteries
-could be solved via email, and then some remained.
-
-Today I finally had a chance to do some tests on someones IRIX 5.2
-system.  Here is my first-hand experience with wrapper release 6.3.
-
-(1) Inetd is broken. Normally one edits inetd.conf, sends a HUP signal
-    to inetd and that's it. With IRIX evil things happen:  inetd is too
-    stupid to remember that it is already listening on a port.
-
-    In order to modify an entry in inetd.conf, first comment it out
-    with a # at the beginning of the line, kill -HUP the inetd, then
-    uncomment the inetd.conf entry and kill -HUP again.
-
-    Even with this amount of care I have seen inetd messing up, like
-    calling rusersd when I make a talk connection.  Even killing and
-    restarting inetd does not solve all problems.
-
-    I find it hard to believe, it but the best thing to do with IRIX is
-    to reboot after changing inetd.conf.
-
-(2) When tcpd is built according to the irix4 Makefile rules, it
-    appears to work as expected with TCP-based services such as
-    fingerd, and with UDP-based services such as ntalk and tftp.
-
-(3) It does NOT work with RPC over UDP services such as rusersd and
-    rstatd:  the wrapper hangs in the recvfrom() system call, and I
-    have spent several hours looking for ways to work around it. No
-    way.  After finding that none of the applicable socket primitives
-    can be made to work (recvfrom recvmsg) I give up. So, the IRIX RPC
-    services cannot be wrapped until SGI fixes their system so that it
-    works like everyone elses code (HP Sun Dec AIX and so on).
-
-(4) I didn't even bother to try the RPC over TCP services.
-
-(5) When an IRIX 5.2 system is a NIS client, it can have problems with
-    hosts that have more than one address: the wrapper will see only
-    one address, and may complain when PARANOID mode is on. The fix is
-    to change the name service lookup order in /etc/resolv.conf so that
-    your system tries DNS before NIS (hostresorder bind nis local).
-
-(6) IRIX 5.2 is not System V.4, and it shows. Do not link with the
-    -lsocket and -lnsl libraries. They are completely broken, and the
-    wrapper will be unable to figure out the client internet address.
-    So, TLI services cannot be wrapped until SGI fixes their system so
-    that it works the way it is supposed to.
-
-I am not impressed by the quality of the IRIX system software.  There
-are many things that work on almost every other system except with IRIX.
-
-	Wietse
diff --git a/usr/src/cmd/tcpd/README.NIS b/usr/src/cmd/tcpd/README.NIS
deleted file mode 100644
index 34d39e27cf..0000000000
--- a/usr/src/cmd/tcpd/README.NIS
+++ /dev/null
@@ -1,207 +0,0 @@
-@(#) README.NIS 1.2 96/02/11 17:24:52
-
-> Problem: I have several [machines] with multiple IP addresses, and
-> when they try to connect to a daemon with tcp wrapper, they are often
-> rejected.  I assume this is due to the -DPARANOID option, and depends
-> on which IP address is returned first from the nameserver for a given
-> name.   This behavior seems to be random, may depend on ordering in
-> the YP host map?
-
-[Note: the situation described below no longer exists. Presently, my
-internet gateway uses the same IP address on all interfaces.  To avoid
-confusion I have removed the old name wzv-gw.win.tue.nl from the DNS. I
-have kept the discussion below for educational reasons].
-
-NIS was not designed to handle multi-homed hosts.  With NIS, each
-address should have its own hostname. For example, wzv-gw is my
-gateway. It has two interfaces: one connected to the local ethernet,
-the other to a serial link. In the NIS it is registered as:
-
-        131.155.210.23  wzv-gw-ether
-        131.155.12.78   wzv-gw-slip
-
-In principle, wzv-gw could be the official name of one of these
-interfaces, or it could be an alias for both.
-
-The DNS was designed to handle multi-homed hosts. In the DNS my gateway
-is registered in zone win.tue.nl, with one name that has two A records:
-
-        wzv-gw  IN      A       131.155.210.23
-                IN      A       131.155.12.78
-
-And of course there are PTR records in zones 210.155.131.in-addr.arpa
-and 12.155.131.in-addr.arpa that point to wzv-gw.win.tue.nl.
-
-This setup does not cause any problems. You can test your name service
-with the two programs below. This is what they say on a local NIS client
-(both client and server running SunOS 4.1.3_U1):
-
-        % gethostbyname wzv-gw
-        Hostname:       wzv-gw.win.tue.nl
-        Aliases:        
-        Addresses:      131.155.210.23 131.155.12.78 
-
-        % gethostbyaddr 131.155.210.23
-        Hostname:       wzv-gw-ether
-        Aliases:        
-        Addresses:      131.155.210.23 
-
-        % gethostbyaddr 131.155.12.78
-        Hostname:       wzv-gw-slip
-        Aliases:        
-        Addresses:      131.155.12.78 
-
-Things seem less confusing when seen by a NIS client in a different
-domain (both client and server running SunOS 4.1.3_U1):
-
-        % gethostbyname wzv-gw.win.tue.nl
-        Hostname:       wzv-gw.win.tue.nl
-        Aliases:        
-        Addresses:      131.155.210.23 131.155.12.78 
-
-        % gethostbyaddr 131.155.210.23
-        Hostname:       wzv-gw.win.tue.nl
-        Aliases:        
-        Addresses:      131.155.12.78 131.155.210.23
-
-        % gethostbyaddr 131.155.12.78
-        Hostname:       wzv-gw.win.tue.nl
-        Aliases:        
-        Addresses:      131.155.210.23 131.155.12.78
-
-Alas, Solaris 2.4 still has problems. This is what I get on a Solaris
-2.4 NIS client, with a SunOS 4.1.3_U1 NIS server:
-
-	% gethostbyname wzv-gw.win.tue.nl
-	Hostname:       wzv-gw.win.tue.nl
-	Aliases:        131.155.210.23 wzv-gw.win.tue.nl 
-	Addresses:      131.155.12.78 
-
-The tcpd source comes with a workaround for this problem. The
-workaround is ugly and is not part of the programs attached below.
-
-
-#! /bin/sh
-# This is a shell archive.  Remove anything before this line, then unpack
-# it by saving it into a file and typing "sh file".  To overwrite existing
-# files, type "sh file -c".  You can also feed this as standard input via
-# unshar, or by typing "sh <file", e.g..  If this archive is complete, you
-# will see the following message at the end:
-#		"End of shell archive."
-# Contents:  gethostbyaddr.c gethostbyname.c
-# Wrapped by wietse@wzv on Sun Jan  8 17:08:48 1995
-PATH=/bin:/usr/bin:/usr/ucb ; export PATH
-if test -f gethostbyaddr.c -a "${1}" != "-c" ; then 
-  echo shar: Will not over-write existing file \"gethostbyaddr.c\"
-else
-echo shar: Extracting \"gethostbyaddr.c\" \(1073 characters\)
-sed "s/^X//" >gethostbyaddr.c <<'END_OF_gethostbyaddr.c'
-X /*
-X  * gethostbyaddr tester. compile with:
-X  * 
-X  * cc -o gethostbyaddr gethostbyaddr.c (SunOS 4.x)
-X  * 
-X  * cc -o gethostbyaddr gethostbyaddr.c -lnsl (SunOS 5.x)
-X  * 
-X  * run as: gethostbyaddr address
-X  * 
-X  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-X  */
-X
-X#include <sys/types.h>
-X#include <sys/socket.h>
-X#include <netinet/in.h>
-X#include <arpa/inet.h>
-X#include <netdb.h>
-X#include <stdio.h>
-X
-Xmain(argc, argv)
-Xint     argc;
-Xchar  **argv;
-X{
-X    struct hostent *hp;
-X    long    addr;
-X
-X    if (argc != 2) {
-X	fprintf(stderr, "usage: %s i.p.addres\n", argv[0]);
-X	exit(1);
-X    }
-X    addr = inet_addr(argv[1]);
-X    if (hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET)) {
-X	printf("Hostname:\t%s\n", hp->h_name);
-X	printf("Aliases:\t");
-X	while (hp->h_aliases[0])
-X	    printf("%s ", *hp->h_aliases++);
-X	printf("\n");
-X	printf("Addresses:\t");
-X	while (hp->h_addr_list[0])
-X	    printf("%s ", inet_ntoa(*(struct in_addr *) * hp->h_addr_list++));
-X	printf("\n");
-X	exit(0);
-X    }
-X    fprintf(stderr, "host %s not found\n", argv[1]);
-X    exit(1);
-X}
-END_OF_gethostbyaddr.c
-if test 1073 -ne `wc -c <gethostbyaddr.c`; then
-    echo shar: \"gethostbyaddr.c\" unpacked with wrong size!
-fi
-# end of overwriting check
-fi
-if test -f gethostbyname.c -a "${1}" != "-c" ; then 
-  echo shar: Will not over-write existing file \"gethostbyname.c\"
-else
-echo shar: Extracting \"gethostbyname.c\" \(999 characters\)
-sed "s/^X//" >gethostbyname.c <<'END_OF_gethostbyname.c'
-X /*
-X  * gethostbyname tester. compile with:
-X  * 
-X  * cc -o gethostbyname gethostbyname.c (SunOS 4.x)
-X  * 
-X  * cc -o gethostbyname gethostbyname.c -lnsl (SunOS 5.x)
-X  * 
-X  * run as: gethostbyname hostname
-X  * 
-X  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-X  */
-X#include <sys/types.h>
-X#include <sys/socket.h>
-X#include <netinet/in.h>
-X#include <arpa/inet.h>
-X#include <netdb.h>
-X#include <stdio.h>
-X
-Xmain(argc, argv)
-Xint     argc;
-Xchar  **argv;
-X{
-X    struct hostent *hp;
-X
-X    if (argc != 2) {
-X	fprintf(stderr, "usage: %s hostname\n", argv[0]);
-X	exit(1);
-X    }
-X    if (hp = gethostbyname(argv[1])) {
-X	printf("Hostname:\t%s\n", hp->h_name);
-X	printf("Aliases:\t");
-X	while (hp->h_aliases[0])
-X	    printf("%s ", *hp->h_aliases++);
-X	printf("\n");
-X	printf("Addresses:\t");
-X	while (hp->h_addr_list[0])
-X	    printf("%s ", inet_ntoa(*(struct in_addr *) * hp->h_addr_list++));
-X	printf("\n");
-X	exit(0);
-X    } else {
-X	fprintf(stderr, "host %s not found\n", argv[1]);
-X	exit(1);
-X    }
-X}
-END_OF_gethostbyname.c
-if test 999 -ne `wc -c <gethostbyname.c`; then
-    echo shar: \"gethostbyname.c\" unpacked with wrong size!
-fi
-# end of overwriting check
-fi
-echo shar: End of shell archive.
-exit 0
diff --git a/usr/src/cmd/tcpd/README.ipv6 b/usr/src/cmd/tcpd/README.ipv6
deleted file mode 100644
index a13ecbfd43..0000000000
--- a/usr/src/cmd/tcpd/README.ipv6
+++ /dev/null
@@ -1,37 +0,0 @@
-The IPV6 code is enabled by uncommenting
-
-IPV6 = -DHAVE_IPV6
-
-Check your system specific make line for the entry IPV6="$(IPV6)"; it has not
-been added to most yet.
-
-The code was tested on Solaris 8 Beta.  A single tcpd binary supports
-IPV6 and IPV4 sockets as well as TLI (v4/v6).
-
-The code successfully compiles on Solaris 7 + playground.sun.com IPV6 patch,
-but I have not tested the binary.
-
-The code also compiles on AIX using "-DHAVE_IPV6 -DUSE_GETHOSTBYNAME2"
-
-The KILL_IPOPTIONS option doesn't work.  (Something to do with IPV4 addresses
-mapped inside IPV6 sockets)
-
-The code extends the hosts.{allow,deny} syntax in a minor way.  You can
-now specify IPV6 address, like this:
-
-		# Ipv6 numeric address
-		someservice: [x:x:x::x]
-		# Ipv6 network
-		otherservice: [x:x:x::x/prefix]
-
-
-Note that the "[" and "]" are part of the syntax; no whitespace is allowed
-inside the [].
-
-The datastructures have been modified such that we hope that
-libwrap binary compatibility is maintained.
-
-The original tcp_wrappers-7.6 files have been renamed and have a .org
-extension; only this file (README.ipv6) was added.
-
-Casper Dik (Casper.Dik@Holland.Sun.COM)
diff --git a/usr/src/cmd/tcpd/README.sfw b/usr/src/cmd/tcpd/README.sfw
deleted file mode 100644
index bdaef58936..0000000000
--- a/usr/src/cmd/tcpd/README.sfw
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-#ident	"%Z%%M%	%I%	%E% SMI"
-#
-# Copyright (c) 2001 by Sun Microsystems, Inc.
-# All rights reserved.
-#
-
-Built with the Sun Workshop Compilers.
-
-The Makefile has been edited to define the appropriate system parameters for
-Solaris 9 except for REAL_DAEMON_DIR which must be defined on the command
-line as below or by editing the Makefile.  The sunos5 make target will build
-the Solaris compatible libwrap shared object and the executable programs
-including tcpd.
-
-There is no configure script.  Instead unset the environment variable
-HOSTNAME and build using
-
-	env \
-		MAKE="/usr/ccs/bin/make -e" \
-		/usr/ccs/bin/make -e \
-		REAL_DAEMON_DIR=/usr/sbin \
-		sunos5
-
-The header tcpd.h has been modified to define HAVE_IPV6, so that consumers of
-the file do not have to define HAVE_IPV6 and will always get data structures
-that are compatible with the libwrap.so.1 shipped with Solaris.  HAVE_IPV6 is
-defined since this is the IPv6 version of tcp_wrappers and Solaris supports
-IPv6.
diff --git a/usr/src/cmd/tcpd/DISCLAIMER b/usr/src/cmd/tcpd/THIRDPARTYLICENSE
index 42d82ca775..aaf7be6528 100644
--- a/usr/src/cmd/tcpd/DISCLAIMER
+++ b/usr/src/cmd/tcpd/THIRDPARTYLICENSE
@@ -1,4 +1,3 @@
-/************************************************************************
 * Copyright 1995 by Wietse Venema.  All rights reserved.  Some individual
 * files may be covered by other copyrights.
 *
@@ -13,4 +12,3 @@
 * This software is provided "as is" and without any expressed or implied
 * warranties, including, without limitation, the implied warranties of
 * merchantibility and fitness for any particular purpose.
-************************************************************************/
diff --git a/usr/src/cmd/tcpd/environ.c b/usr/src/cmd/tcpd/environ.c
deleted file mode 100644
index e7f846ddd6..0000000000
--- a/usr/src/cmd/tcpd/environ.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Many systems have putenv() but no setenv(). Other systems have setenv()
- * but no putenv() (MIPS). Still other systems have neither (NeXT). This is a
- * re-implementation that hopefully ends all problems.
- *
- * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#) environ.c 1.2 94/03/23 16:09:46";
-#endif
-
-/* System libraries. */
-
-extern char **environ;
-extern char *strchr();
-extern char *strcpy();
-extern char *strncpy();
-extern char *malloc();
-extern char *realloc();
-extern int strncmp();
-extern void free();
-
-#ifdef no_memcpy
-#define memcpy(d,s,l) bcopy(s,d,l)
-#else
-extern char *memcpy();
-#endif
-
-/* Local stuff. */
-
-static int addenv();			/* append entry to environment */
-
-static int allocated = 0;		/* environ is, or is not, allocated */
-
-#define DO_CLOBBER	1
-
-/* namelength - determine length of name in "name=whatever" */
-
-static int namelength(name)
-char   *name;
-{
-    char   *equal;
-
-    equal = strchr(name, '=');
-    return ((equal == 0) ? strlen(name) : (equal - name));
-}
-
-/* findenv - given name, locate name=value */
-
-static char **findenv(name, len)
-char   *name;
-int     len;
-{
-    char  **envp;
-
-    for (envp = environ; envp && *envp; envp++)
-	if (strncmp(name, *envp, len) == 0 && (*envp)[len] == '=')
-	    return (envp);
-    return (0);
-}
-
-/* getenv - given name, locate value */
-
-char   *getenv(name)
-char   *name;
-{
-    int     len = namelength(name);
-    char  **envp = findenv(name, len);
-
-    return (envp ? *envp + len + 1 : 0);
-}
-
-/* putenv - update or append environment (name,value) pair */
-
-int     putenv(nameval)
-char   *nameval;
-{
-    char   *equal = strchr(nameval, '=');
-    char   *value = (equal ? equal : "");
-
-    return (setenv(nameval, value, DO_CLOBBER));
-}
-
-/* unsetenv - remove variable from environment */
-
-void    unsetenv(name)
-char   *name;
-{
-    char  **envp;
-
-    if ((envp = findenv(name, namelength(name))) != 0)
-	while (envp[0] = envp[1])
-	    envp++;
-}
-
-/* setenv - update or append environment (name,value) pair */
-
-int     setenv(name, value, clobber)
-char   *name;
-char   *value;
-int     clobber;
-{
-    char   *destination;
-    char  **envp;
-    int     l_name;			/* length of name part */
-    int     l_nameval;			/* length of name=value */
-
-    /* Permit name= and =value. */
-
-    l_name = namelength(name);
-    envp = findenv(name, l_name);
-    if (envp != 0 && clobber == 0)
-	return (0);
-    if (*value == '=')
-	value++;
-    l_nameval = l_name + strlen(value) + 1;
-
-    /*
-     * Use available memory if the old value is long enough. Never free an
-     * old name=value entry because it may not be allocated.
-     */
-
-    destination = (envp != 0 && strlen(*envp) >= l_nameval) ?
-	*envp : malloc(l_nameval + 1);
-    if (destination == 0)
-	return (-1);
-    strncpy(destination, name, l_name);
-    destination[l_name] = '=';
-    strcpy(destination + l_name + 1, value);
-    return ((envp == 0) ? addenv(destination) : (*envp = destination, 0));
-}
-
-/* cmalloc - malloc and copy block of memory */
-
-static char *cmalloc(new_len, old, old_len)
-char   *old;
-int     old_len;
-{
-    char   *new = malloc(new_len);
-
-    if (new != 0)
-	memcpy(new, old, old_len);
-    return (new);
-}
-
-/* addenv - append environment entry */
-
-static int addenv(nameval)
-char   *nameval;
-{
-    char  **envp;
-    int     n_used;			/* number of environment entries */
-    int     l_used;			/* bytes used excl. terminator */
-    int     l_need;			/* bytes needed incl. terminator */
-
-    for (envp = environ; envp && *envp; envp++)
-	 /* void */ ;
-    n_used = envp - environ;
-    l_used = n_used * sizeof(*envp);
-    l_need = l_used + 2 * sizeof(*envp);
-
-    envp = allocated ?
-	(char **) realloc((char *) environ, l_need) :
-	(char **) cmalloc(l_need, (char *) environ, l_used);
-    if (envp == 0) {
-	return (-1);
-    } else {
-	allocated = 1;
-	environ = envp;
-	environ[n_used++] = nameval;		/* add new entry */
-	environ[n_used] = 0;			/* terminate list */
-	return (0);
-    }
-}
-
-#ifdef TEST
-
- /*
-  * Stand-alone program for test purposes.
-  */
-
-/* printenv - display environment */
-
-static void printenv()
-{
-    char  **envp;
-
-    for (envp = environ; envp && *envp; envp++)
-	printf("%s\n", *envp);
-}
-
-int     main(argc, argv)
-int     argc;
-char  **argv;
-{
-    char   *cp;
-    int     changed = 0;
-
-    if (argc < 2) {
-	printf("usage: %s name[=value]...\n", argv[0]);
-	return (1);
-    }
-    while (--argc && *++argv) {
-	if (argv[0][0] == '-') {		/* unsetenv() test */
-	    unsetenv(argv[0] + 1);
-	    changed = 1;
-	} else if (strchr(argv[0], '=') == 0) {	/* getenv() test */
-	    cp = getenv(argv[0]);
-	    printf("%s: %s\n", argv[0], cp ? cp : "not found");
-	} else {				/* putenv() test */
-	    if (putenv(argv[0])) {
-		perror("putenv");
-		return (1);
-	    }
-	    changed = 1;
-	}
-    }
-    if (changed)
-	printenv();
-    return (0);
-}
-
-#endif /* TEST */
diff --git a/usr/src/cmd/tcpd/hosts.allow.4 b/usr/src/cmd/tcpd/hosts.allow.4
deleted file mode 100644
index dd1e93d78b..0000000000
--- a/usr/src/cmd/tcpd/hosts.allow.4
+++ /dev/null
@@ -1,2 +0,0 @@
-.so man4/hosts_access.4
-.\" "#ident	"%Z%%M%	%I%	%E% SMI"
diff --git a/usr/src/cmd/tcpd/hosts.deny.4 b/usr/src/cmd/tcpd/hosts.deny.4
deleted file mode 100644
index dd1e93d78b..0000000000
--- a/usr/src/cmd/tcpd/hosts.deny.4
+++ /dev/null
@@ -1,2 +0,0 @@
-.so man4/hosts_access.4
-.\" "#ident	"%Z%%M%	%I%	%E% SMI"
diff --git a/usr/src/cmd/tcpd/hosts_access.c.org b/usr/src/cmd/tcpd/hosts_access.c.org
deleted file mode 100644
index 9bdc7bcd66..0000000000
--- a/usr/src/cmd/tcpd/hosts_access.c.org
+++ /dev/null
@@ -1,331 +0,0 @@
- /*
-  * This module implements a simple access control language that is based on
-  * host (or domain) names, NIS (host) netgroup names, IP addresses (or
-  * network numbers) and daemon process names. When a match is found the
-  * search is terminated, and depending on whether PROCESS_OPTIONS is defined,
-  * a list of options is executed or an optional shell command is executed.
-  * 
-  * Host and user names are looked up on demand, provided that suitable endpoint
-  * information is available as sockaddr_in structures or TLI netbufs. As a
-  * side effect, the pattern matching process may change the contents of
-  * request structure fields.
-  * 
-  * Diagnostics are reported through syslog(3).
-  * 
-  * Compile with -DNETGROUP if your library provides support for netgroups.
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) hosts_access.c 1.21 97/02/12 02:13:22";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <ctype.h>
-#include <errno.h>
-#include <setjmp.h>
-#include <string.h>
-
-extern char *fgets();
-extern int errno;
-
-#ifndef	INADDR_NONE
-#define	INADDR_NONE	(-1)		/* XXX should be 0xffffffff */
-#endif
-
-/* Local stuff. */
-
-#include "tcpd.h"
-
-/* Error handling. */
-
-extern jmp_buf tcpd_buf;
-
-/* Delimiters for lists of daemons or clients. */
-
-static char sep[] = ", \t\r\n";
-
-/* Constants to be used in assignments only, not in comparisons... */
-
-#define	YES		1
-#define	NO		0
-
- /*
-  * These variables are globally visible so that they can be redirected in
-  * verification mode.
-  */
-
-char   *hosts_allow_table = HOSTS_ALLOW;
-char   *hosts_deny_table = HOSTS_DENY;
-int     hosts_access_verbose = 0;
-
- /*
-  * In a long-running process, we are not at liberty to just go away.
-  */
-
-int     resident = (-1);		/* -1, 0: unknown; +1: yes */
-
-/* Forward declarations. */
-
-static int table_match();
-static int list_match();
-static int server_match();
-static int client_match();
-static int host_match();
-static int string_match();
-static int masked_match();
-
-/* Size of logical line buffer. */
-
-#define	BUFLEN 2048
-
-/* hosts_access - host access control facility */
-
-int     hosts_access(request)
-struct request_info *request;
-{
-    int     verdict;
-
-    /*
-     * If the (daemon, client) pair is matched by an entry in the file
-     * /etc/hosts.allow, access is granted. Otherwise, if the (daemon,
-     * client) pair is matched by an entry in the file /etc/hosts.deny,
-     * access is denied. Otherwise, access is granted. A non-existent
-     * access-control file is treated as an empty file.
-     * 
-     * After a rule has been matched, the optional language extensions may
-     * decide to grant or refuse service anyway. Or, while a rule is being
-     * processed, a serious error is found, and it seems better to play safe
-     * and deny service. All this is done by jumping back into the
-     * hosts_access() routine, bypassing the regular return from the
-     * table_match() function calls below.
-     */
-
-    if (resident <= 0)
-	resident++;
-    verdict = setjmp(tcpd_buf);
-    if (verdict != 0)
-	return (verdict == AC_PERMIT);
-    if (table_match(hosts_allow_table, request))
-	return (YES);
-    if (table_match(hosts_deny_table, request))
-	return (NO);
-    return (YES);
-}
-
-/* table_match - match table entries with (daemon, client) pair */
-
-static int table_match(table, request)
-char   *table;
-struct request_info *request;
-{
-    FILE   *fp;
-    char    sv_list[BUFLEN];		/* becomes list of daemons */
-    char   *cl_list;			/* becomes list of clients */
-    char   *sh_cmd;			/* becomes optional shell command */
-    int     match = NO;
-    struct tcpd_context saved_context;
-
-    saved_context = tcpd_context;		/* stupid compilers */
-
-    /*
-     * Between the fopen() and fclose() calls, avoid jumps that may cause
-     * file descriptor leaks.
-     */
-
-    if ((fp = fopen(table, "r")) != 0) {
-	tcpd_context.file = table;
-	tcpd_context.line = 0;
-	while (match == NO && xgets(sv_list, sizeof(sv_list), fp) != 0) {
-	    if (sv_list[strlen(sv_list) - 1] != '\n') {
-		tcpd_warn("missing newline or line too long");
-		continue;
-	    }
-	    if (sv_list[0] == '#' || sv_list[strspn(sv_list, " \t\r\n")] == 0)
-		continue;
-	    if ((cl_list = split_at(sv_list, ':')) == 0) {
-		tcpd_warn("missing \":\" separator");
-		continue;
-	    }
-	    sh_cmd = split_at(cl_list, ':');
-	    match = list_match(sv_list, request, server_match)
-		&& list_match(cl_list, request, client_match);
-	}
-	(void) fclose(fp);
-    } else if (errno != ENOENT) {
-	tcpd_warn("cannot open %s: %m", table);
-    }
-    if (match) {
-	if (hosts_access_verbose > 1)
-	    syslog(LOG_DEBUG, "matched:  %s line %d",
-		   tcpd_context.file, tcpd_context.line);
-	if (sh_cmd) {
-#ifdef PROCESS_OPTIONS
-	    process_options(sh_cmd, request);
-#else
-	    char    cmd[BUFSIZ];
-	    shell_cmd(percent_x(cmd, sizeof(cmd), sh_cmd, request));
-#endif
-	}
-    }
-    tcpd_context = saved_context;
-    return (match);
-}
-
-/* list_match - match a request against a list of patterns with exceptions */
-
-static int list_match(list, request, match_fn)
-char   *list;
-struct request_info *request;
-int   (*match_fn) ();
-{
-    char   *tok;
-
-    /*
-     * Process tokens one at a time. We have exhausted all possible matches
-     * when we reach an "EXCEPT" token or the end of the list. If we do find
-     * a match, look for an "EXCEPT" list and recurse to determine whether
-     * the match is affected by any exceptions.
-     */
-
-    for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) {
-	if (STR_EQ(tok, "EXCEPT"))		/* EXCEPT: give up */
-	    return (NO);
-	if (match_fn(tok, request)) {		/* YES: look for exceptions */
-	    while ((tok = strtok((char *) 0, sep)) && STR_NE(tok, "EXCEPT"))
-		 /* VOID */ ;
-	    return (tok == 0 || list_match((char *) 0, request, match_fn) == 0);
-	}
-    }
-    return (NO);
-}
-
-/* server_match - match server information */
-
-static int server_match(tok, request)
-char   *tok;
-struct request_info *request;
-{
-    char   *host;
-
-    if ((host = split_at(tok + 1, '@')) == 0) {	/* plain daemon */
-	return (string_match(tok, eval_daemon(request)));
-    } else {					/* daemon@host */
-	return (string_match(tok, eval_daemon(request))
-		&& host_match(host, request->server));
-    }
-}
-
-/* client_match - match client information */
-
-static int client_match(tok, request)
-char   *tok;
-struct request_info *request;
-{
-    char   *host;
-
-    if ((host = split_at(tok + 1, '@')) == 0) {	/* plain host */
-	return (host_match(tok, request->client));
-    } else {					/* user@host */
-	return (host_match(host, request->client)
-		&& string_match(tok, eval_user(request)));
-    }
-}
-
-/* host_match - match host name and/or address against pattern */
-
-static int host_match(tok, host)
-char   *tok;
-struct host_info *host;
-{
-    char   *mask;
-
-    /*
-     * This code looks a little hairy because we want to avoid unnecessary
-     * hostname lookups.
-     * 
-     * The KNOWN pattern requires that both address AND name be known; some
-     * patterns are specific to host names or to host addresses; all other
-     * patterns are satisfied when either the address OR the name match.
-     */
-
-    if (tok[0] == '@') {			/* netgroup: look it up */
-#ifdef  NETGROUP
-	static char *mydomain = 0;
-	if (mydomain == 0)
-	    yp_get_default_domain(&mydomain);
-	return (innetgr(tok + 1, eval_hostname(host), (char *) 0, mydomain));
-#else
-	tcpd_warn("netgroup support is disabled");	/* not tcpd_jump() */
-	return (NO);
-#endif
-    } else if (STR_EQ(tok, "KNOWN")) {		/* check address and name */
-	char   *name = eval_hostname(host);
-	return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));
-    } else if (STR_EQ(tok, "LOCAL")) {		/* local: no dots in name */
-	char   *name = eval_hostname(host);
-	return (strchr(name, '.') == 0 && HOSTNAME_KNOWN(name));
-    } else if ((mask = split_at(tok, '/')) != 0) {	/* net/mask */
-	return (masked_match(tok, mask, eval_hostaddr(host)));
-    } else {					/* anything else */
-	return (string_match(tok, eval_hostaddr(host))
-	    || (NOT_INADDR(tok) && string_match(tok, eval_hostname(host))));
-    }
-}
-
-/* string_match - match string against pattern */
-
-static int string_match(tok, string)
-char   *tok;
-char   *string;
-{
-    int     n;
-
-    if (tok[0] == '.') {			/* suffix */
-	n = strlen(string) - strlen(tok);
-	return (n > 0 && STR_EQ(tok, string + n));
-    } else if (STR_EQ(tok, "ALL")) {		/* all: match any */
-	return (YES);
-    } else if (STR_EQ(tok, "KNOWN")) {		/* not unknown */
-	return (STR_NE(string, unknown));
-    } else if (tok[(n = strlen(tok)) - 1] == '.') {	/* prefix */
-	return (STRN_EQ(tok, string, n));
-    } else {					/* exact match */
-	return (STR_EQ(tok, string));
-    }
-}
-
-/* masked_match - match address against netnumber/netmask */
-
-static int masked_match(net_tok, mask_tok, string)
-char   *net_tok;
-char   *mask_tok;
-char   *string;
-{
-    unsigned long net;
-    unsigned long mask;
-    unsigned long addr;
-
-    /*
-     * Disallow forms other than dotted quad: the treatment that inet_addr()
-     * gives to forms with less than four components is inconsistent with the
-     * access control language. John P. Rouillard <rouilj@cs.umb.edu>.
-     */
-
-    if ((addr = dot_quad_addr(string)) == INADDR_NONE)
-	return (NO);
-    if ((net = dot_quad_addr(net_tok)) == INADDR_NONE
-	|| (mask = dot_quad_addr(mask_tok)) == INADDR_NONE) {
-	tcpd_warn("bad net/mask expression: %s/%s", net_tok, mask_tok);
-	return (NO);				/* not tcpd_jump() */
-    }
-    return ((addr & mask) == net);
-}
diff --git a/usr/src/cmd/tcpd/libwrap.3 b/usr/src/cmd/tcpd/libwrap.3
deleted file mode 100644
index 625bed7b57..0000000000
--- a/usr/src/cmd/tcpd/libwrap.3
+++ /dev/null
@@ -1,2 +0,0 @@
-.so man3/hosts_access.3
-.\" "#ident	"%Z%%M%	%I%	%E% SMI"
diff --git a/usr/src/cmd/tcpd/man.sed b/usr/src/cmd/tcpd/man.sed
deleted file mode 100644
index 59f4e832db..0000000000
--- a/usr/src/cmd/tcpd/man.sed
+++ /dev/null
@@ -1,95 +0,0 @@
-#
-# ident	"%Z%%M%	%I%	%E% SMI"
-#
-# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
-# Use is subject to license terms.
-#
-# This sed command script edits the man pages distrubuted with tcp_wrappers
-# into a format appropriate for Solaris.  This mostly changes the section names
-# of these man pages and of references to Solaris man pages, but also tweaks
-# the body text in a few places to better describe the operation under Solaris.
-#
-
-1i\
-'\\" t\
-\.\\"\
-\.\\" Modified for Solaris to to add the Solaris stability classification,\
-\.\\" and to add a note about source availability.\
-\.\\"\ 
-s/#include "tcpd.h"/#include <tcpd.h>/
-
-/#include <tcpd.h>/a\
-\.\\" Begin Sun update\
-\
-cc [ flag  ... ] file ...  [ library ... ] \-lwrap\
-\.\\" End Sun update
-
-s/or \\fItlid\\fR//
-s/or \\fItlid.conf\\fR //
-s/tlid.conf(5), format of the tlid control file.//
-
-s/inetd.conf(5)/inetd.conf(4)/g
-s/hosts_access(5)/hosts_access(4)/g
-s/\\fIhosts_access\\fR(5)/\\fIhosts_access\\fR(4)/g
-s/hosts_options(5)/hosts_options(4)/g
-s/\\fIhosts_options\\fR(5)/\\fIhosts_options\\fR(4)/g
-s/syslog.conf(5)/syslog.conf(4)/g
-s/inetd(8)/inetd(1M)/g
-s/\\fIinetd\\fR(8)/\\fIinetd\\fR(1M)/g
-s/tcpd(8)/tcpd(1M)/g
-s/tcpdmatch(8)/tcpdmatch(1M)/g
-s/tcpdchk(8)/tcpdchk(1M)/g
-/^\.TH .* 8$/s/8$/1M/
-/^\.TH .* 5$/s/5$/4/
-s/\\fIlibwrap.a\\fR/\\fIlibwrap.so\\fR/g
-
-$a\
-\.\\" Begin Sun update\
-.SH ATTRIBUTES\
-See\
-.BR attributes (5)\
-for descriptions of the following attributes:\
-.sp\
-.TS\
-box;\
-cbp-1 | cbp-1\
-l | l .\
-ATTRIBUTE TYPE	ATTRIBUTE VALUE\
-=\
-Availability	SUNWtcpd\
-=\
-Interface Stability	Committed\
-.TE \
-.PP\
-.SH NOTES\
-Source for tcp_wrappers is available in the SUNWtcpdS package.\
-\.\\" End Sun update
-
-/^that pretend to have someone elses network address./a\
-.SH LIBWRAP INTERFACE\
-The same monitoring and access control functionality provided by the\
-tcpd standalone program is also available through the libwrap shared\
-library interface. Some programs, including the Solaris inetd daemon,\
-have been modified  to use the libwrap interface and thus do not\
-require replacing the real server programs with tcpd. The libwrap\
-interface is also more efficient and can be used for inetd internal\
-services. See\
-.BR inetd (1M)\
-for more information.
-
-/^from PCs./,/^\.SH EXAMPLES/c\
-from PCs.\
-.PP\
-Warning: If the local system runs an RFC 931 server it is important\
-that it be configured NOT to use TCP Wrappers, or that TCP Wrappers\
-be configured to avoid RFC 931-based access control for this service.\
-If you use usernames in the access control files, make sure that you\
-have a hosts.allow entry that allows the RFC 931 service (often called\
-"identd" or "auth") without any username restrictions. Failure to heed\
-this warning can result in two hosts getting in an endless loop of\
-consulting each other's identd services.\
-.SH EXAMPLES
-
-/format of the inetd control file./a\
-inetd(1M), how to invoke tcpd from inetd using the libwrap library.\
-inetadm(1M), managing inetd services in the Service Management Framework.
diff --git a/usr/src/cmd/tcpd/misc.c.org b/usr/src/cmd/tcpd/misc.c.org
deleted file mode 100644
index 87a765379f..0000000000
--- a/usr/src/cmd/tcpd/misc.c.org
+++ /dev/null
@@ -1,87 +0,0 @@
- /*
-  * Misc routines that are used by tcpd and by tcpdchk.
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsic[] = "@(#) misc.c 1.2 96/02/11 17:01:29";
-#endif
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "tcpd.h"
-
-extern char *fgets();
-
-#ifndef	INADDR_NONE
-#define	INADDR_NONE	(-1)		/* XXX should be 0xffffffff */
-#endif
-
-/* xgets - fgets() with backslash-newline stripping */
-
-char   *xgets(ptr, len, fp)
-char   *ptr;
-int     len;
-FILE   *fp;
-{
-    int     got;
-    char   *start = ptr;
-
-    while (fgets(ptr, len, fp)) {
-	got = strlen(ptr);
-	if (got >= 1 && ptr[got - 1] == '\n') {
-	    tcpd_context.line++;
-	    if (got >= 2 && ptr[got - 2] == '\\') {
-		got -= 2;
-	    } else {
-		return (start);
-	    }
-	}
-	ptr += got;
-	len -= got;
-	ptr[0] = 0;
-    }
-    return (ptr > start ? start : 0);
-}
-
-/* split_at - break string at delimiter or return NULL */
-
-char   *split_at(string, delimiter)
-char   *string;
-int     delimiter;
-{
-    char   *cp;
-
-    if ((cp = strchr(string, delimiter)) != 0)
-	*cp++ = 0;
-    return (cp);
-}
-
-/* dot_quad_addr - convert dotted quad to internal form */
-
-unsigned long dot_quad_addr(str)
-char   *str;
-{
-    int     in_run = 0;
-    int     runs = 0;
-    char   *cp = str;
-
-    /* Count the number of runs of non-dot characters. */
-
-    while (*cp) {
-	if (*cp == '.') {
-	    in_run = 0;
-	} else if (in_run == 0) {
-	    in_run = 1;
-	    runs++;
-	}
-	cp++;
-    }
-    return (runs == 4 ? inet_addr(str) : INADDR_NONE);
-}
diff --git a/usr/src/cmd/tcpd/miscd.c b/usr/src/cmd/tcpd/miscd.c
deleted file mode 100644
index 1ab835c450..0000000000
--- a/usr/src/cmd/tcpd/miscd.c
+++ /dev/null
@@ -1,120 +0,0 @@
- /*
-  * Front end to the ULTRIX miscd service. The front end logs the remote host
-  * name and then invokes the real miscd daemon. Install as "/usr/etc/miscd",
-  * after renaming the real miscd daemon to the name defined with the
-  * REAL_MISCD macro.
-  * 
-  * Connections and diagnostics are logged through syslog(3).
-  * 
-  * The Ultrix miscd program implements (among others) the systat service, which
-  * pipes the output from who(1) to stdout. This information is potentially
-  * useful to systems crackers.
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) miscd.c 1.10 96/02/11 17:01:30";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <stdio.h>
-#include <syslog.h>
-
-#ifndef MAXPATHNAMELEN
-#define MAXPATHNAMELEN	BUFSIZ
-#endif
-
-#ifndef STDIN_FILENO
-#define STDIN_FILENO	0
-#endif
-
-/* Local stuff. */
-
-#include "patchlevel.h"
-#include "tcpd.h"
-
-int     allow_severity = SEVERITY;	/* run-time adjustable */
-int     deny_severity = LOG_WARNING;	/* ditto */
-
-main(argc, argv)
-int     argc;
-char  **argv;
-{
-    struct request_info request;
-    char    path[MAXPATHNAMELEN];
-
-    /* Attempt to prevent the creation of world-writable files. */
-
-#ifdef DAEMON_UMASK
-    umask(DAEMON_UMASK);
-#endif
-
-    /*
-     * Open a channel to the syslog daemon. Older versions of openlog()
-     * require only two arguments.
-     */
-
-#ifdef LOG_MAIL
-    (void) openlog(argv[0], LOG_PID, FACILITY);
-#else
-    (void) openlog(argv[0], LOG_PID);
-#endif
-
-    /*
-     * Find out the endpoint addresses of this conversation. Host name
-     * lookups and double checks will be done on demand.
-     */
-
-    request_init(&request, RQ_DAEMON, argv[0], RQ_FILE, STDIN_FILENO, 0);
-    fromhost(&request);
-
-    /*
-     * Optionally look up and double check the remote host name. Sites
-     * concerned with security may choose to refuse connections from hosts
-     * that pretend to have someone elses host name.
-     */
-
-#ifdef PARANOID
-    if (STR_EQ(eval_hostname(request.client), paranoid))
-	refuse(&request);
-#endif
-
-    /*
-     * The BSD rlogin and rsh daemons that came out after 4.3 BSD disallow
-     * socket options at the IP level. They do so for a good reason.
-     * Unfortunately, we cannot use this with SunOS 4.1.x because the
-     * getsockopt() system call can panic the system.
-     */
-
-#ifdef KILL_IP_OPTIONS
-    fix_options(&request);
-#endif
-
-    /*
-     * Check whether this host can access the service in argv[0]. The
-     * access-control code invokes optional shell commands as specified in
-     * the access-control tables.
-     */
-
-#ifdef HOSTS_ACCESS
-    if (!hosts_access(&request))
-	refuse(&request);
-#endif
-
-    /* Report request and invoke the real daemon program. */
-
-    syslog(allow_severity, "connect from %s", eval_client(&request));
-    sprintf(path, "%s/miscd", REAL_DAEMON_DIR);
-    closelog();
-    (void) execv(path, argv);
-    syslog(LOG_ERR, "error: cannot execute %s: %m", path);
-    clean_exit(&request);
-    /* NOTREACHED */
-}
diff --git a/usr/src/cmd/tcpd/myvsyslog.c b/usr/src/cmd/tcpd/myvsyslog.c
deleted file mode 100644
index 20401f1f37..0000000000
--- a/usr/src/cmd/tcpd/myvsyslog.c
+++ /dev/null
@@ -1,33 +0,0 @@
- /*
-  * vsyslog() for sites without. In order to enable this code, build with
-  * -Dvsyslog=myvsyslog. We use a different name so that no accidents will
-  * happen when vsyslog() exists. On systems with vsyslog(), syslog() is
-  * typically implemented in terms of vsyslog().
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) myvsyslog.c 1.1 94/12/28 17:42:33";
-#endif
-
-#ifdef vsyslog
-
-#include <stdio.h>
-
-#include "tcpd.h"
-#include "mystdarg.h"
-
-myvsyslog(severity, format, ap)
-int     severity;
-char   *format;
-va_list ap;
-{
-    char    fbuf[BUFSIZ];
-    char    obuf[3 * STRING_LENGTH];
-
-    vsprintf(obuf, percent_m(fbuf, format), ap);
-    syslog(severity, "%s", obuf);
-}
-
-#endif
diff --git a/usr/src/cmd/tcpd/ncr.c b/usr/src/cmd/tcpd/ncr.c
deleted file mode 100644
index b903fb85a5..0000000000
--- a/usr/src/cmd/tcpd/ncr.c
+++ /dev/null
@@ -1,81 +0,0 @@
- /*
-  * This part for NCR UNIX with is from Andrew Maffei (arm@aqua.whoi.edu). It
-  * assumes TLI throughout. In order to look up endpoint address information
-  * we must talk to the "timod" streams module. For some reason "timod" wants
-  * to sit directly on top of the device driver. Therefore we pop off all
-  * streams modules except the driver, install the "timod" module so that we
-  * can figure out network addresses, and then restore the original state.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) ncr.c 1.1 94/12/28 17:42:34";
-#endif
-
-#include <sys/types.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <sys/tiuser.h>
-#include <stropts.h>
-#include <sys/conf.h>
-
-#include "tcpd.h"
-
-#define MAX_MODULE_COUNT	10	/* XXX */
-
-/* fromhost - tear down the streams stack then rebuild it */
-
-void    fromhost(request)
-struct request_info *request;
-{
-    int     i;
-    int     num_mod;
-    struct str_list str_list;
-    struct str_mlist mod_buffer[MAX_MODULE_COUNT];
-    int     fd = request->fd;
-
-    str_list.sl_nmods = MAX_MODULE_COUNT;
-    str_list.sl_modlist = &mod_buffer[0];
-
-    /*
-     * On systems with WIN streams support we have to be careful about what
-     * is on the stream we are passed. This code POPs off all modules above
-     * the pseudo driver, pushes timod, gets the host address information,
-     * pops timod and then pushes all modules back on the stream.
-     * 
-     * Some state may be lost in this process. /usr/etc/tlid seems to do special
-     * things to the stream depending on the TCP port being serviced. (not a
-     * very nice thing to do!). It is unclear what to do if this code breaks
-     * - the stream may be left in an unknown condition.
-     */
-    if ((num_mod = ioctl(fd, I_LIST, NULL)) < 0)
-	tcpd_warn("fromhost: LIST failed: %m");
-    if (ioctl(fd, I_LIST, &str_list) < 0)
-	tcpd_warn("fromhost: LIST failed: %m");
-
-    /*
-     * POP stream modules except for the driver.
-     */
-    for (i = 0; i < num_mod - 1; i++)
-	if (ioctl(fd, I_POP, 0) < 0)
-	    tcpd_warn("fromhost: POP %s: %m", mod_buffer[i].l_name);
-
-    /*
-     * PUSH timod so that host address ioctls can be executed.
-     */
-    if (ioctl(fd, I_PUSH, "timod") < 0)
-	tcpd_warn("fromhost: PUSH timod: %m");
-    tli_host(request);
-
-    /*
-     * POP timod, we're done with it now.
-     */
-    if (ioctl(fd, I_POP, 0) < 0)
-	tcpd_warn("fromhost: POP timod: %m");
-
-    /*
-     * Restore stream modules.
-     */
-    for (i = num_mod - 2; i >= 0; i--)
-	if (ioctl(fd, I_PUSH, mod_buffer[i].l_name) < 0)
-	    tcpd_warn("fromhost: PUSH %s: %m", mod_buffer[i].l_name);
-}
diff --git a/usr/src/cmd/tcpd/printf.ck b/usr/src/cmd/tcpd/printf.ck
deleted file mode 100644
index d53412b737..0000000000
--- a/usr/src/cmd/tcpd/printf.ck
+++ /dev/null
@@ -1,3 +0,0 @@
-syslog	1 0
-tcpd_warn	0 0
-tcpd_jump	0 0
diff --git a/usr/src/cmd/tcpd/ptx.c b/usr/src/cmd/tcpd/ptx.c
deleted file mode 100644
index b9c312b82c..0000000000
--- a/usr/src/cmd/tcpd/ptx.c
+++ /dev/null
@@ -1,103 +0,0 @@
- /*
-  * The Dynix/PTX TLI implementation is not quite compatible with System V
-  * Release 4. Some important functions are not present so we are limited to
-  * IP-based services.
-  * 
-  * Diagnostics are reported through syslog(3).
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) ptx.c 1.3 94/12/28 17:42:38";
-#endif
-
-#ifdef PTX
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/tiuser.h>
-#include <sys/socket.h>
-#include <stropts.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <syslog.h>
-
-/* Local stuff. */
-
-#include "tcpd.h"
-
-/* Forward declarations. */
-
-static void ptx_sink();
-
-/* tli_host - determine TLI endpoint info, PTX version */
-
-void    tli_host(request)
-struct request_info *request;
-{
-    static struct sockaddr_in client;
-    static struct sockaddr_in server;
-
-    /*
-     * getpeerinaddr() was suggested by someone at Sequent. It seems to work
-     * with connection-oriented (TCP) services such as rlogind and telnetd,
-     * but it returns 0.0.0.0 with datagram (UDP) services. No problem: UDP
-     * needs special treatment anyway, in case we must refuse service.
-     */
-
-    if (getpeerinaddr(request->fd, &client, sizeof(client)) == 0
-	&& client.sin_addr.s_addr != 0) {
-	request->client->sin = &client;
-	if (getmyinaddr(request->fd, &server, sizeof(server)) == 0) {
-	    request->server->sin = &server;
-	} else {
-	    tcpd_warn("warning: getmyinaddr: %m");
-	}
-	sock_methods(request);
-
-    } else {
-
-	/*
-	 * Another suggestion was to temporarily switch to the socket
-	 * interface, identify the endpoint addresses with socket calls, then
-	 * to switch back to TLI. This seems to works OK with UDP services,
-	 * which is exactly what we should be looking at right now.
-	 */
-
-#define SWAP_MODULE(f, old, new) (ioctl(f, I_POP, old), ioctl(f, I_PUSH, new))
-
-	if (SWAP_MODULE(request->fd, "timod", "sockmod") != 0)
-	    tcpd_warn("replace timod by sockmod: %m");
-	sock_host(request);
-	if (SWAP_MODULE(request->fd, "sockmod", "timod") != 0)
-	    tcpd_warn("replace sockmod by timod: %m");
-	if (request->sink != 0)
-	    request->sink = ptx_sink;
-    }
-}
-
-/* ptx_sink - absorb unreceived IP datagram */
-
-static void ptx_sink(fd)
-int     fd;
-{
-    char    buf[BUFSIZ];
-    struct sockaddr sa;
-    int     size = sizeof(sa);
-
-    /*
-     * Eat up the not-yet received datagram. Where needed, switch to the
-     * socket programming interface.
-     */
-
-    if (ioctl(fd, I_FIND, "timod") != 0)
-	ioctl(fd, I_POP, "timod");
-    if (ioctl(fd, I_FIND, "sockmod") == 0)
-	ioctl(fd, I_PUSH, "sockmod");
-    (void) recvfrom(fd, buf, sizeof(buf), 0, &sa, &size);
-}
-
-#endif /* PTX */
diff --git a/usr/src/cmd/tcpd/rfc931.c.org b/usr/src/cmd/tcpd/rfc931.c.org
deleted file mode 100644
index 8176417b8f..0000000000
--- a/usr/src/cmd/tcpd/rfc931.c.org
+++ /dev/null
@@ -1,165 +0,0 @@
- /*
-  * rfc931() speaks a common subset of the RFC 931, AUTH, TAP, IDENT and RFC
-  * 1413 protocols. It queries an RFC 931 etc. compatible daemon on a remote
-  * host to look up the owner of a connection. The information should not be
-  * used for authentication purposes. This routine intercepts alarm signals.
-  * 
-  * Diagnostics are reported through syslog(3).
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) rfc931.c 1.10 95/01/02 16:11:34";
-#endif
-
-/* System libraries. */
-
-#include <stdio.h>
-#include <syslog.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <setjmp.h>
-#include <signal.h>
-#include <string.h>
-
-/* Local stuff. */
-
-#include "tcpd.h"
-
-#define	RFC931_PORT	113		/* Semi-well-known port */
-#define	ANY_PORT	0		/* Any old port will do */
-
-int     rfc931_timeout = RFC931_TIMEOUT;/* Global so it can be changed */
-
-static jmp_buf timebuf;
-
-/* fsocket - open stdio stream on top of socket */
-
-static FILE *fsocket(domain, type, protocol)
-int     domain;
-int     type;
-int     protocol;
-{
-    int     s;
-    FILE   *fp;
-
-    if ((s = socket(domain, type, protocol)) < 0) {
-	tcpd_warn("socket: %m");
-	return (0);
-    } else {
-	if ((fp = fdopen(s, "r+")) == 0) {
-	    tcpd_warn("fdopen: %m");
-	    close(s);
-	}
-	return (fp);
-    }
-}
-
-/* timeout - handle timeouts */
-
-static void timeout(sig)
-int     sig;
-{
-    longjmp(timebuf, sig);
-}
-
-/* rfc931 - return remote user name, given socket structures */
-
-void    rfc931(rmt_sin, our_sin, dest)
-struct sockaddr_in *rmt_sin;
-struct sockaddr_in *our_sin;
-char   *dest;
-{
-    unsigned rmt_port;
-    unsigned our_port;
-    struct sockaddr_in rmt_query_sin;
-    struct sockaddr_in our_query_sin;
-    char    user[256];			/* XXX */
-    char    buffer[512];		/* XXX */
-    char   *cp;
-    char   *result = unknown;
-    FILE   *fp;
-
-    /*
-     * Use one unbuffered stdio stream for writing to and for reading from
-     * the RFC931 etc. server. This is done because of a bug in the SunOS
-     * 4.1.x stdio library. The bug may live in other stdio implementations,
-     * too. When we use a single, buffered, bidirectional stdio stream ("r+"
-     * or "w+" mode) we read our own output. Such behaviour would make sense
-     * with resources that support random-access operations, but not with
-     * sockets.
-     */
-
-    if ((fp = fsocket(AF_INET, SOCK_STREAM, 0)) != 0) {
-	setbuf(fp, (char *) 0);
-
-	/*
-	 * Set up a timer so we won't get stuck while waiting for the server.
-	 */
-
-	if (setjmp(timebuf) == 0) {
-	    signal(SIGALRM, timeout);
-	    alarm(rfc931_timeout);
-
-	    /*
-	     * Bind the local and remote ends of the query socket to the same
-	     * IP addresses as the connection under investigation. We go
-	     * through all this trouble because the local or remote system
-	     * might have more than one network address. The RFC931 etc.
-	     * client sends only port numbers; the server takes the IP
-	     * addresses from the query socket.
-	     */
-
-	    our_query_sin = *our_sin;
-	    our_query_sin.sin_port = htons(ANY_PORT);
-	    rmt_query_sin = *rmt_sin;
-	    rmt_query_sin.sin_port = htons(RFC931_PORT);
-
-	    if (bind(fileno(fp), (struct sockaddr *) & our_query_sin,
-		     sizeof(our_query_sin)) >= 0 &&
-		connect(fileno(fp), (struct sockaddr *) & rmt_query_sin,
-			sizeof(rmt_query_sin)) >= 0) {
-
-		/*
-		 * Send query to server. Neglect the risk that a 13-byte
-		 * write would have to be fragmented by the local system and
-		 * cause trouble with buggy System V stdio libraries.
-		 */
-
-		fprintf(fp, "%u,%u\r\n",
-			ntohs(rmt_sin->sin_port),
-			ntohs(our_sin->sin_port));
-		fflush(fp);
-
-		/*
-		 * Read response from server. Use fgets()/sscanf() so we can
-		 * work around System V stdio libraries that incorrectly
-		 * assume EOF when a read from a socket returns less than
-		 * requested.
-		 */
-
-		if (fgets(buffer, sizeof(buffer), fp) != 0
-		    && ferror(fp) == 0 && feof(fp) == 0
-		    && sscanf(buffer, "%u , %u : USERID :%*[^:]:%255s",
-			      &rmt_port, &our_port, user) == 3
-		    && ntohs(rmt_sin->sin_port) == rmt_port
-		    && ntohs(our_sin->sin_port) == our_port) {
-
-		    /*
-		     * Strip trailing carriage return. It is part of the
-		     * protocol, not part of the data.
-		     */
-
-		    if (cp = strchr(user, '\r'))
-			*cp = 0;
-		    result = user;
-		}
-	    }
-	    alarm(0);
-	}
-	fclose(fp);
-    }
-    STRN_CPY(dest, result, STRING_LENGTH);
-}
diff --git a/usr/src/cmd/tcpd/scaffold.c.org b/usr/src/cmd/tcpd/scaffold.c.org
deleted file mode 100644
index afce15a64e..0000000000
--- a/usr/src/cmd/tcpd/scaffold.c.org
+++ /dev/null
@@ -1,213 +0,0 @@
- /*
-  * Routines for testing only. Not really industrial strength.
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccs_id[] = "@(#) scaffold.c 1.6 97/03/21 19:27:24";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <setjmp.h>
-#include <string.h>
-
-#ifndef INADDR_NONE
-#define	INADDR_NONE	(-1)		/* XXX should be 0xffffffff */
-#endif
-
-extern char *malloc();
-
-/* Application-specific. */
-
-#include "tcpd.h"
-#include "scaffold.h"
-
- /*
-  * These are referenced by the options module and by rfc931.c.
-  */
-int     allow_severity = SEVERITY;
-int     deny_severity = LOG_WARNING;
-int     rfc931_timeout = RFC931_TIMEOUT;
-
-/* dup_hostent - create hostent in one memory block */
-
-static struct hostent *dup_hostent(hp)
-struct hostent *hp;
-{
-    struct hostent_block {
-	struct hostent host;
-	char   *addr_list[1];
-    };
-    struct hostent_block *hb;
-    int     count;
-    char   *data;
-    char   *addr;
-
-    for (count = 0; hp->h_addr_list[count] != 0; count++)
-	 /* void */ ;
-
-    if ((hb = (struct hostent_block *) malloc(sizeof(struct hostent_block)
-			 + (hp->h_length + sizeof(char *)) * count)) == 0) {
-	fprintf(stderr, "Sorry, out of memory\n");
-	exit(1);
-    }
-    memset((char *) &hb->host, 0, sizeof(hb->host));
-    hb->host.h_length = hp->h_length;
-    hb->host.h_addr_list = hb->addr_list;
-    hb->host.h_addr_list[count] = 0;
-    data = (char *) (hb->host.h_addr_list + count + 1);
-
-    for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
-	hb->host.h_addr_list[count] = data + hp->h_length * count;
-	memcpy(hb->host.h_addr_list[count], addr, hp->h_length);
-    }
-    return (&hb->host);
-}
-
-/* find_inet_addr - find all addresses for this host, result to free() */
-
-struct hostent *find_inet_addr(host)
-char   *host;
-{
-    struct in_addr addr;
-    struct hostent *hp;
-    static struct hostent h;
-    static char *addr_list[2];
-
-    /*
-     * Host address: translate it to internal form.
-     */
-    if ((addr.s_addr = dot_quad_addr(host)) != INADDR_NONE) {
-	h.h_addr_list = addr_list;
-	h.h_addr_list[0] = (char *) &addr;
-	h.h_length = sizeof(addr);
-	return (dup_hostent(&h));
-    }
-
-    /*
-     * Map host name to a series of addresses. Watch out for non-internet
-     * forms or aliases. The NOT_INADDR() is here in case gethostbyname() has
-     * been "enhanced" to accept numeric addresses. Make a copy of the
-     * address list so that later gethostbyXXX() calls will not clobber it.
-     */
-    if (NOT_INADDR(host) == 0) {
-	tcpd_warn("%s: not an internet address", host);
-	return (0);
-    }
-    if ((hp = gethostbyname(host)) == 0) {
-	tcpd_warn("%s: host not found", host);
-	return (0);
-    }
-    if (hp->h_addrtype != AF_INET) {
-	tcpd_warn("%d: not an internet host", hp->h_addrtype);
-	return (0);
-    }
-    if (STR_NE(host, hp->h_name)) {
-	tcpd_warn("%s: hostname alias", host);
-	tcpd_warn("(official name: %.*s)", STRING_LENGTH, hp->h_name);
-    }
-    return (dup_hostent(hp));
-}
-
-/* check_dns - give each address thorough workout, return address count */
-
-int     check_dns(host)
-char   *host;
-{
-    struct request_info request;
-    struct sockaddr_in sin;
-    struct hostent *hp;
-    int     count;
-    char   *addr;
-
-    if ((hp = find_inet_addr(host)) == 0)
-	return (0);
-    request_init(&request, RQ_CLIENT_SIN, &sin, 0);
-    sock_methods(&request);
-    memset((char *) &sin, 0, sizeof(sin));
-    sin.sin_family = AF_INET;
-
-    for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
-	memcpy((char *) &sin.sin_addr, addr, sizeof(sin.sin_addr));
-
-	/*
-	 * Force host name and address conversions. Use the request structure
-	 * as a cache. Detect hostname lookup problems. Any name/name or
-	 * name/address conflicts will be reported while eval_hostname() does
-	 * its job.
-	 */
-	request_set(&request, RQ_CLIENT_ADDR, "", RQ_CLIENT_NAME, "", 0);
-	if (STR_EQ(eval_hostname(request.client), unknown))
-	    tcpd_warn("host address %s->name lookup failed",
-		      eval_hostaddr(request.client));
-    }
-    free((char *) hp);
-    return (count);
-}
-
-/* dummy function to intercept the real shell_cmd() */
-
-/* ARGSUSED */
-
-void    shell_cmd(command)
-char   *command;
-{
-    if (hosts_access_verbose)
-	printf("command: %s", command);
-}
-
-/* dummy function  to intercept the real clean_exit() */
-
-/* ARGSUSED */
-
-void    clean_exit(request)
-struct request_info *request;
-{
-    exit(0);
-}
-
-/* dummy function  to intercept the real rfc931() */
-
-/* ARGSUSED */
-
-void    rfc931(request)
-struct request_info *request;
-{
-    strcpy(request->user, unknown);
-}
-
-/* check_path - examine accessibility */
-
-int     check_path(path, st)
-char   *path;
-struct stat *st;
-{
-    struct stat stbuf;
-    char    buf[BUFSIZ];
-
-    if (stat(path, st) < 0)
-	return (-1);
-#ifdef notdef
-    if (st->st_uid != 0)
-	tcpd_warn("%s: not owned by root", path);
-    if (st->st_mode & 020)
-	tcpd_warn("%s: group writable", path);
-#endif
-    if (st->st_mode & 002)
-	tcpd_warn("%s: world writable", path);
-    if (path[0] == '/' && path[1] != 0) {
-	strrchr(strcpy(buf, path), '/')[0] = 0;
-	(void) check_path(buf[0] ? buf : "/", &stbuf);
-    }
-    return (0);
-}
diff --git a/usr/src/cmd/tcpd/socket.c.diff b/usr/src/cmd/tcpd/socket.c.diff
deleted file mode 100644
index e6602074fb..0000000000
--- a/usr/src/cmd/tcpd/socket.c.diff
+++ /dev/null
@@ -1,289 +0,0 @@
-*** socket.c.org	Fri Mar 21 19:27:25 1997
---- socket.c	Mon Sep 27 17:21:46 1999
-***************
-*** 74,82 ****
-  void    sock_host(request)
-  struct request_info *request;
-  {
-!     static struct sockaddr_in client;
-!     static struct sockaddr_in server;
-!     int     len;
-      char    buf[BUFSIZ];
-      int     fd = request->fd;
-  
---- 74,81 ----
-  void    sock_host(request)
-  struct request_info *request;
-  {
-!     static struct sockaddr_gen client;
-!     static struct sockaddr_gen server;
-      char    buf[BUFSIZ];
-      int     fd = request->fd;
-  
-***************
-*** 91,102 ****
-       * broken library code.
-       */
-  
-!     len = sizeof(client);
-!     if (getpeername(fd, (struct sockaddr *) & client, &len) < 0) {
-  	request->sink = sock_sink;
-! 	len = sizeof(client);
-  	if (recvfrom(fd, buf, sizeof(buf), MSG_PEEK,
-! 		     (struct sockaddr *) & client, &len) < 0) {
-  	    tcpd_warn("can't get client address: %m");
-  	    return;				/* give up */
-  	}
---- 90,102 ----
-       * broken library code.
-       */
-  
-!     client.sg_len = sizeof(client.sg_addr);
-!     if (getpeername(fd, (struct sockaddr *) ADDRP(client),
-! 	    &client.sg_len) < 0) {
-  	request->sink = sock_sink;
-! 	client.sg_len = sizeof(client.sg_addr);
-  	if (recvfrom(fd, buf, sizeof(buf), MSG_PEEK,
-! 		 (struct sockaddr *) ADDRP(client), &client.sg_len) < 0) {
-  	    tcpd_warn("can't get client address: %m");
-  	    return;				/* give up */
-  	}
-***************
-*** 104,110 ****
-  	memset(buf, 0 sizeof(buf));
-  #endif
-      }
-!     request->client->sin = &client;
-  
-      /*
-       * Determine the server binding. This is used for client username
---- 104,111 ----
-  	memset(buf, 0 sizeof(buf));
-  #endif
-      }
-!     sockgen_simplify(&client);
-!     request->client->sag = &client;
-  
-      /*
-       * Determine the server binding. This is used for client username
-***************
-*** 112,123 ****
-       * address or name.
-       */
-  
-!     len = sizeof(server);
-!     if (getsockname(fd, (struct sockaddr *) & server, &len) < 0) {
-  	tcpd_warn("getsockname: %m");
-  	return;
-      }
-!     request->server->sin = &server;
-  }
-  
-  /* sock_hostaddr - map endpoint address to printable form */
---- 113,126 ----
-       * address or name.
-       */
-  
-!     server.sg_len = sizeof(server.sg_addr);
-!     if (getsockname(fd, (struct sockaddr *) ADDRP(server), 
-! 	    &server.sg_len) < 0) {
-  	tcpd_warn("getsockname: %m");
-  	return;
-      }
-!     sockgen_simplify(&server);
-!     request->server->sag = &server;
-  }
-  
-  /* sock_hostaddr - map endpoint address to printable form */
-***************
-*** 125,134 ****
-  void    sock_hostaddr(host)
-  struct host_info *host;
-  {
-!     struct sockaddr_in *sin = host->sin;
-  
-!     if (sin != 0)
-! 	STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr));
-  }
-  
-  /* sock_hostname - map endpoint address to host name */
---- 128,142 ----
-  void    sock_hostaddr(host)
-  struct host_info *host;
-  {
-!     struct sockaddr_gen *sag = host->sag;
-  
-!     if (sag != 0)
-! #ifdef HAVE_IPV6
-! 	
-! 	(void) inet_ntop(FAMILY(*sag), FADDRP(*sag), host->addr, sizeof(host->addr));
-! #else
-! 	STRN_CPY(host->addr, inet_ntoa(sag->sg_sin.sin_addr), sizeof(host->addr));
-! #endif
-  }
-  
-  /* sock_hostname - map endpoint address to host name */
-***************
-*** 136,142 ****
-  void    sock_hostname(host)
-  struct host_info *host;
-  {
-!     struct sockaddr_in *sin = host->sin;
-      struct hostent *hp;
-      int     i;
-  
---- 144,150 ----
-  void    sock_hostname(host)
-  struct host_info *host;
-  {
-!     struct sockaddr_gen *sag = host->sag;
-      struct hostent *hp;
-      int     i;
-  
-***************
-*** 146,155 ****
-       * not work the other way around: gethostbyname("INADDR_ANY") fails. We
-       * have to special-case 0.0.0.0, in order to avoid false alerts from the
-       * host name/address checking code below.
-       */
-!     if (sin != 0 && sin->sin_addr.s_addr != 0
-! 	&& (hp = gethostbyaddr((char *) &(sin->sin_addr),
-! 			       sizeof(sin->sin_addr), AF_INET)) != 0) {
-  
-  	STRN_CPY(host->name, hp->h_name, sizeof(host->name));
-  
---- 154,165 ----
-       * not work the other way around: gethostbyname("INADDR_ANY") fails. We
-       * have to special-case 0.0.0.0, in order to avoid false alerts from the
-       * host name/address checking code below.
-+      *
-+      * We assume this works correctly in the INET6 case.
-       */
-!     if (sag != 0
-! 	&& (FAMILY(*sag) != AF_INET || sag->sg_sin.sin_addr.s_addr != 0)
-! 	&& (hp = gethostbyaddr(FADDRP(*sag), FSIZE(*sag), FAMILY(*sag))) != 0) {
-  
-  	STRN_CPY(host->name, hp->h_name, sizeof(host->name));
-  
-***************
-*** 166,172 ****
-  	 * we're in big trouble anyway.
-  	 */
-  
-! 	if ((hp = gethostbyname(host->name)) == 0) {
-  
-  	    /*
-  	     * Unable to verify that the host name matches the address. This
---- 176,188 ----
-  	 * we're in big trouble anyway.
-  	 */
-  
-! #ifdef HAVE_IPV6
-! 	if (FAMILY(*sag) != AF_INET)
-! 	    hp = getipnodebyname(host->name, FAMILY(*sag), AI_DEFAULT, 0);
-! 	else
-! #endif
-! 	    hp = gethostbyname(host->name);
-! 	if (hp == 0) {
-  
-  	    /*
-  	     * Unable to verify that the host name matches the address. This
-***************
-*** 189,194 ****
---- 205,213 ----
-  		      host->name, STRING_LENGTH, hp->h_name);
-  
-  	} else {
-+ #ifdef HAVE_IPV6
-+ 	    char buf[INET6_ADDRSTRLEN];
-+ #endif
-  
-  	    /*
-  	     * The address should be a member of the address list returned by
-***************
-*** 199,207 ****
-  
-  	    for (i = 0; hp->h_addr_list[i]; i++) {
-  		if (memcmp(hp->h_addr_list[i],
-! 			   (char *) &sin->sin_addr,
-! 			   sizeof(sin->sin_addr)) == 0)
-  		    return;			/* name is good, keep it */
-  	    }
-  
-  	    /*
---- 218,231 ----
-  
-  	    for (i = 0; hp->h_addr_list[i]; i++) {
-  		if (memcmp(hp->h_addr_list[i],
-! 			   (char *) FADDRP(*sag),
-! 			   FSIZE(*sag)) == 0) {
-! #ifdef HAVE_IPV6
-! 		    if (hp != 0 && FAMILY(*sag) != AF_INET)
-! 			freehostent(hp);
-! #endif
-  		    return;			/* name is good, keep it */
-+ 		}
-  	    }
-  
-  	    /*
-***************
-*** 209,218 ****
-  	     * someone has messed up. Perhaps someone compromised a name
-  	     * server.
-  	     */
-- 
-  	    tcpd_warn("host name/address mismatch: %s != %.*s",
-! 		      inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
-  	}
-  	strcpy(host->name, paranoid);		/* name is bad, clobber it */
-      }
-  }
---- 233,250 ----
-  	     * someone has messed up. Perhaps someone compromised a name
-  	     * server.
-  	     */
-  	    tcpd_warn("host name/address mismatch: %s != %.*s",
-! #ifdef HAVE_IPV6
-! 		      inet_ntop(FAMILY(*sag), FADDRP(*sag), buf, sizeof(buf)),
-! #else
-! 		      inet_ntoa(sag->sg_sin.sin_addr),
-! #endif
-! 		      STRING_LENGTH, hp->h_name);
-  	}
-+ #ifdef HAVE_IPV6
-+ 	if (hp != 0 && FAMILY(*sag) != AF_INET)
-+ 	    freehostent(hp);
-+ #endif
-  	strcpy(host->name, paranoid);		/* name is bad, clobber it */
-      }
-  }
-***************
-*** 232,235 ****
---- 264,290 ----
-       */
-  
-      (void) recvfrom(fd, buf, sizeof(buf), 0, (struct sockaddr *) & sin, &size);
-+ }
-+ 
-+ void sockgen_simplify(sg)
-+ sockaddr_gen *sg;
-+ {
-+ #ifdef HAVE_IPV6
-+     if (sg->sg_family == AF_INET6 &&
-+ 	IN6_IS_ADDR_V4MAPPED(&sg->sg_sin6.sin6_addr)) {
-+ 	    struct sockaddr_in v4_addr;
-+ 
-+ #ifdef IN6_V4MAPPED_TO_INADDR
-+ 	    IN6_V4MAPPED_TO_INADDR(&sg->sg_sin6.sin6_addr, &v4_addr.sin_addr);
-+ #else
-+ 	    IN6_MAPPED_TO_V4(&sg->sg_sin6.sin6_addr, &v4_addr.sin_addr);
-+ #endif
-+ 	    v4_addr.sin_port = sg->sg_sin6.sin6_port;
-+ 	    v4_addr.sin_family = AF_INET;
-+ 	    memcpy(&sg->sg_sin,&v4_addr, sizeof(v4_addr));
-+ 	    sg->sg_len = sizeof(struct in_addr);
-+     }
-+ #else
-+     return;
-+ #endif
-  }
diff --git a/usr/src/cmd/tcpd/socket.c.org b/usr/src/cmd/tcpd/socket.c.org
deleted file mode 100644
index c659b16669..0000000000
--- a/usr/src/cmd/tcpd/socket.c.org
+++ /dev/null
@@ -1,235 +0,0 @@
- /*
-  * This module determines the type of socket (datagram, stream), the client
-  * socket address and port, the server socket address and port. In addition,
-  * it provides methods to map a transport address to a printable host name
-  * or address. Socket address information results are in static memory.
-  * 
-  * The result from the hostname lookup method is STRING_PARANOID when a host
-  * pretends to have someone elses name, or when a host name is available but
-  * could not be verified.
-  * 
-  * When lookup or conversion fails the result is set to STRING_UNKNOWN.
-  * 
-  * Diagnostics are reported through syslog(3).
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) socket.c 1.15 97/03/21 19:27:24";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <string.h>
-
-extern char *inet_ntoa();
-
-/* Local stuff. */
-
-#include "tcpd.h"
-
-/* Forward declarations. */
-
-static void sock_sink();
-
-#ifdef APPEND_DOT
-
- /*
-  * Speed up DNS lookups by terminating the host name with a dot. Should be
-  * done with care. The speedup can give problems with lookups from sources
-  * that lack DNS-style trailing dot magic, such as local files or NIS maps.
-  */
-
-static struct hostent *gethostbyname_dot(name)
-char   *name;
-{
-    char    dot_name[MAXHOSTNAMELEN + 1];
-
-    /*
-     * Don't append dots to unqualified names. Such names are likely to come
-     * from local hosts files or from NIS.
-     */
-
-    if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) {
-	return (gethostbyname(name));
-    } else {
-	sprintf(dot_name, "%s.", name);
-	return (gethostbyname(dot_name));
-    }
-}
-
-#define gethostbyname gethostbyname_dot
-#endif
-
-/* sock_host - look up endpoint addresses and install conversion methods */
-
-void    sock_host(request)
-struct request_info *request;
-{
-    static struct sockaddr_in client;
-    static struct sockaddr_in server;
-    int     len;
-    char    buf[BUFSIZ];
-    int     fd = request->fd;
-
-    sock_methods(request);
-
-    /*
-     * Look up the client host address. Hal R. Brand <BRAND@addvax.llnl.gov>
-     * suggested how to get the client host info in case of UDP connections:
-     * peek at the first message without actually looking at its contents. We
-     * really should verify that client.sin_family gets the value AF_INET,
-     * but this program has already caused too much grief on systems with
-     * broken library code.
-     */
-
-    len = sizeof(client);
-    if (getpeername(fd, (struct sockaddr *) & client, &len) < 0) {
-	request->sink = sock_sink;
-	len = sizeof(client);
-	if (recvfrom(fd, buf, sizeof(buf), MSG_PEEK,
-		     (struct sockaddr *) & client, &len) < 0) {
-	    tcpd_warn("can't get client address: %m");
-	    return;				/* give up */
-	}
-#ifdef really_paranoid
-	memset(buf, 0 sizeof(buf));
-#endif
-    }
-    request->client->sin = &client;
-
-    /*
-     * Determine the server binding. This is used for client username
-     * lookups, and for access control rules that trigger on the server
-     * address or name.
-     */
-
-    len = sizeof(server);
-    if (getsockname(fd, (struct sockaddr *) & server, &len) < 0) {
-	tcpd_warn("getsockname: %m");
-	return;
-    }
-    request->server->sin = &server;
-}
-
-/* sock_hostaddr - map endpoint address to printable form */
-
-void    sock_hostaddr(host)
-struct host_info *host;
-{
-    struct sockaddr_in *sin = host->sin;
-
-    if (sin != 0)
-	STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), sizeof(host->addr));
-}
-
-/* sock_hostname - map endpoint address to host name */
-
-void    sock_hostname(host)
-struct host_info *host;
-{
-    struct sockaddr_in *sin = host->sin;
-    struct hostent *hp;
-    int     i;
-
-    /*
-     * On some systems, for example Solaris 2.3, gethostbyaddr(0.0.0.0) does
-     * not fail. Instead it returns "INADDR_ANY". Unfortunately, this does
-     * not work the other way around: gethostbyname("INADDR_ANY") fails. We
-     * have to special-case 0.0.0.0, in order to avoid false alerts from the
-     * host name/address checking code below.
-     */
-    if (sin != 0 && sin->sin_addr.s_addr != 0
-	&& (hp = gethostbyaddr((char *) &(sin->sin_addr),
-			       sizeof(sin->sin_addr), AF_INET)) != 0) {
-
-	STRN_CPY(host->name, hp->h_name, sizeof(host->name));
-
-	/*
-	 * Verify that the address is a member of the address list returned
-	 * by gethostbyname(hostname).
-	 * 
-	 * Verify also that gethostbyaddr() and gethostbyname() return the same
-	 * hostname, or rshd and rlogind may still end up being spoofed.
-	 * 
-	 * On some sites, gethostbyname("localhost") returns "localhost.domain".
-	 * This is a DNS artefact. We treat it as a special case. When we
-	 * can't believe the address list from gethostbyname("localhost")
-	 * we're in big trouble anyway.
-	 */
-
-	if ((hp = gethostbyname(host->name)) == 0) {
-
-	    /*
-	     * Unable to verify that the host name matches the address. This
-	     * may be a transient problem or a botched name server setup.
-	     */
-
-	    tcpd_warn("can't verify hostname: gethostbyname(%s) failed",
-		      host->name);
-
-	} else if (STR_NE(host->name, hp->h_name)
-		   && STR_NE(host->name, "localhost")) {
-
-	    /*
-	     * The gethostbyaddr() and gethostbyname() calls did not return
-	     * the same hostname. This could be a nameserver configuration
-	     * problem. It could also be that someone is trying to spoof us.
-	     */
-
-	    tcpd_warn("host name/name mismatch: %s != %.*s",
-		      host->name, STRING_LENGTH, hp->h_name);
-
-	} else {
-
-	    /*
-	     * The address should be a member of the address list returned by
-	     * gethostbyname(). We should first verify that the h_addrtype
-	     * field is AF_INET, but this program has already caused too much
-	     * grief on systems with broken library code.
-	     */
-
-	    for (i = 0; hp->h_addr_list[i]; i++) {
-		if (memcmp(hp->h_addr_list[i],
-			   (char *) &sin->sin_addr,
-			   sizeof(sin->sin_addr)) == 0)
-		    return;			/* name is good, keep it */
-	    }
-
-	    /*
-	     * The host name does not map to the initial address. Perhaps
-	     * someone has messed up. Perhaps someone compromised a name
-	     * server.
-	     */
-
-	    tcpd_warn("host name/address mismatch: %s != %.*s",
-		      inet_ntoa(sin->sin_addr), STRING_LENGTH, hp->h_name);
-	}
-	strcpy(host->name, paranoid);		/* name is bad, clobber it */
-    }
-}
-
-/* sock_sink - absorb unreceived IP datagram */
-
-static void sock_sink(fd)
-int     fd;
-{
-    char    buf[BUFSIZ];
-    struct sockaddr_in sin;
-    int     size = sizeof(sin);
-
-    /*
-     * Eat up the not-yet received datagram. Some systems insist on a
-     * non-zero source address argument in the recvfrom() call below.
-     */
-
-    (void) recvfrom(fd, buf, sizeof(buf), 0, (struct sockaddr *) & sin, &size);
-}
diff --git a/usr/src/cmd/tcpd/strcasecmp.c b/usr/src/cmd/tcpd/strcasecmp.c
deleted file mode 100644
index a54e828161..0000000000
--- a/usr/src/cmd/tcpd/strcasecmp.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#if defined(LIBC_SCCS) && !defined(lint)
-static char sccsid[] = "@(#)strcasecmp.c	5.6 (Berkeley) 6/27/88";
-#endif /* LIBC_SCCS and not lint */
-
-/* Some environments don't define u_char -- WZV */
-#if 0
-#include <sys/types.h>
-#else
-typedef unsigned char u_char;
-#endif
-
-/*
- * This array is designed for mapping upper and lower case letter
- * together for a case independent comparison.  The mappings are
- * based upon ascii character sequences.
- */
-static u_char charmap[] = {
-	'\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
-	'\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
-	'\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
-	'\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
-	'\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
-	'\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
-	'\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
-	'\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
-	'\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
-	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
-	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
-	'\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
-	'\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
-	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
-	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
-	'\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
-	'\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
-	'\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
-	'\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
-	'\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
-	'\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
-	'\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
-	'\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
-	'\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
-	'\300', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
-	'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
-	'\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
-	'\370', '\371', '\372', '\333', '\334', '\335', '\336', '\337',
-	'\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
-	'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
-	'\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
-	'\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
-};
-
-strcasecmp(s1, s2)
-	char *s1, *s2;
-{
-	register u_char	*cm = charmap,
-			*us1 = (u_char *)s1,
-			*us2 = (u_char *)s2;
-
-	while (cm[*us1] == cm[*us2++])
-		if (*us1++ == '\0')
-			return(0);
-	return(cm[*us1] - cm[*--us2]);
-}
-
-strncasecmp(s1, s2, n)
-	char *s1, *s2;
-	register int n;
-{
-	register u_char	*cm = charmap,
-			*us1 = (u_char *)s1,
-			*us2 = (u_char *)s2;
-
-	while (--n >= 0 && cm[*us1] == cm[*us2++])
-		if (*us1++ == '\0')
-			return(0);
-	return(n < 0 ? 0 : cm[*us1] - cm[*--us2]);
-}
diff --git a/usr/src/cmd/tcpd/tags b/usr/src/cmd/tcpd/tags
deleted file mode 100644
index f4fecf6eac..0000000000
--- a/usr/src/cmd/tcpd/tags
+++ /dev/null
@@ -1,149 +0,0 @@
-HOSTNAME_KNOWN	tcpd.h	/^#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && /
-Menviron	environ.c	/^int     main(argc, argv)$/
-Mmiscd	miscd.c	/^main(argc, argv)$/
-Msafe_finger	safe_finger.c	/^main(argc, argv)$/
-Mtcpd	tcpd.c	/^main(argc, argv)$/
-Mtcpdchk	tcpdchk.c	/^int     main(argc, argv)$/
-Mtcpdmatch	tcpdmatch.c	/^int     main(argc, argv)$/
-Mtry-from	try-from.c	/^main(argc, argv)$/
-NOT_INADDR	tcpd.h	/^#define NOT_INADDR(s) (s[strspn(s,"0123456789abcde/
-SGADDRP	tcpd.h	/^#define SGADDRP(sag)		(((sag)->sg_family == AF_INE/
-SGADDRSZ	tcpd.h	/^#define SGADDRSZ(sag)		((sag)->sg_family == AF_INE/
-SGFAM	tcpd.h	/^#define SGFAM(sag)		((sag)->sg_family == AF_INET6 /
-SGPORT	tcpd.h	/^#define SGPORT(sag)		(*((sag)->sg_family == AF_INE/
-SGSOCKADDRSZ	tcpd.h	/^#define SGSOCKADDRSZ(sag)	((sag)->sg_family == AF_/
-SG_IS_UNSPECIFIED	tcpd.h	/^#define SG_IS_UNSPECIFIED(sag) \\$/
-STRN_CPY	tcpd.h	/^#define STRN_CPY(d,s,l)	{ strncpy((d),(s),(l)); (d/
-STRN_EQ	tcpd.h	/^#define STRN_EQ(x,y,l)	(strncasecmp((x),(y),(l)) =/
-STRN_NE	tcpd.h	/^#define STRN_NE(x,y,l)	(strncasecmp((x),(y),(l)) !/
-STR_EQ	tcpd.h	/^#define STR_EQ(x,y)	(strcasecmp((x),(y)) == 0)$/
-STR_NE	tcpd.h	/^#define STR_NE(x,y)	(strcasecmp((x),(y)) != 0)$/
-S_ISDIR	tcpdchk.c	/^#define S_ISDIR(m)	(((m) & S_IFMT) == S_IFDIR)$/
-VAEND	mystdarg.h	/^#define VAEND(ap)              va_end(ap)$/
-VARARGS	diag.c	/^void    VARARGS(tcpd_warn, char *, format)$/
-VASTART	mystdarg.h	/^#define VASTART(ap,type,name)  va_start(ap,name)$/
-__P	tli-sequent.h	/^#define __P(X) X$/
-addenv	environ.c	/^static int addenv(nameval)$/
-allow_option	options.c	/^static void allow_option(value, request)$/
-banners_option	options.c	/^static void banners_option(value, request)$/
-base_name	inetcf.c	/^static char *base_name(path)$/
-check_client_list	tcpdchk.c	/^static void check_client_list(list)$/
-check_daemon	tcpdchk.c	/^static void check_daemon(pat)$/
-check_daemon_list	tcpdchk.c	/^static void check_daemon_list(list)$/
-check_dns	scaffold.c	/^int     check_dns(host)$/
-check_host	tcpdchk.c	/^static int check_host(pat)$/
-check_path	scaffold.c	/^int     check_path(path, st)$/
-check_user	tcpdchk.c	/^static void check_user(pat)$/
-chop_string	options.c	/^static char *chop_string(string)$/
-clean_exit	clean_exit.c	/^void    clean_exit(request)$/
-cleanup	safe_finger.c	/^void    cleanup(sig)$/
-client_match	hosts_access.c	/^static int client_match(tok, request)$/
-closelog	fakelog.c	/^closelog()$/
-cmalloc	environ.c	/^static char *cmalloc(new_len, old, old_len)$/
-deny_option	options.c	/^static void deny_option(value, request)$/
-do_child	shell_cmd.c	/^static void do_child(command)$/
-dot_quad_addr	misc.c	/^unsigned long dot_quad_addr(str)$/
-dup_hostent	scaffold.c	/^static struct hostent *dup_hostent(hp)$/
-eval_client	eval.c	/^char   *eval_client(request)$/
-eval_daemon	tcpd.h	/^#define eval_daemon(r)	((r)->daemon)	\/* daemon pro/
-eval_hostaddr	eval.c	/^char   *eval_hostaddr(host)$/
-eval_hostinfo	eval.c	/^char   *eval_hostinfo(host)$/
-eval_hostname	eval.c	/^char   *eval_hostname(host)$/
-eval_pid	tcpd.h	/^#define eval_pid(r)	((r)->pid)	\/* process id *\/$/
-eval_server	eval.c	/^char   *eval_server(request)$/
-eval_user	eval.c	/^char   *eval_user(request)$/
-expand	tcpdmatch.c	/^static void expand(text, pattern, request)$/
-expand_arg	options.c	/^#define expand_arg(o)	((o)->flags & EXPAND_ARG)$/
-find_inet_addr	scaffold.c	/^struct hostent *find_inet_addr(host)$/
-findenv	environ.c	/^static char **findenv(name, len)$/
-fix_fgets	workarounds.c	/^char   *fix_fgets(buf, len, fp)$/
-fix_gethostbyname	workarounds.c	/^struct hostent *fix_gethostbyname(name)$/
-fix_getpeername	workarounds.c	/^int     fix_getpeername(sock, sa, len)$/
-fix_inet_addr	workarounds.c	/^long    fix_inet_addr(string)$/
-fix_options	fix_options.c	/^fix_options(request)$/
-fix_recvfrom	workarounds.c	/^int     fix_recvfrom(sock, buf, buflen, flags, fro/
-fix_strtok	workarounds.c	/^char   *fix_strtok(buf, sep)$/
-fromhost	fromhost.c	/^void    fromhost(request)$/
-fsocket	rfc931.c	/^static FILE *fsocket(domain, type, protocol)$/
-get_field	options.c	/^static char *get_field(string)$/
-getenv	environ.c	/^char   *getenv(name)$/
-gethostbyname_dot	socket.c	/^static struct hostent *gethostbyname_dot(name)$/
-group_option	options.c	/^static void group_option(value, request)$/
-host_match	hosts_access.c	/^static int host_match(tok, host)$/
-hosts_access	hosts_access.c	/^int     hosts_access(request)$/
-hosts_ctl	hosts_ctl.c	/^int     hosts_ctl(daemon, name, addr, user)$/
-inet_cfg	inetcf.c	/^char   *inet_cfg(conf)$/
-inet_chk	inetcf.c	/^static void inet_chk(protocol, path, arg0, arg1)$/
-inet_get	inetcf.c	/^int     inet_get(name)$/
-inet_set	inetcf.c	/^void    inet_set(name, type)$/
-ipv6_mask	hosts_access.c	/^static void ipv6_mask(in6p, maskbits)$/
-keepalive_option	options.c	/^static void keepalive_option(value, request)$/
-linger_option	options.c	/^static void linger_option(value, request)$/
-list_match	hosts_access.c	/^static int list_match(list, request, match_fn)$/
-masked_match	hosts_access.c	/^static int masked_match(net_tok, mask_tok, string)/
-memcpy	environ.c	/^#define memcpy(d,s,l) bcopy(s,d,l)$/
-my_strtok	workarounds.c	/^char   *my_strtok(buf, sep)$/
-myvsyslog	myvsyslog.c	/^myvsyslog(severity, format, ap)$/
-namelength	environ.c	/^static int namelength(name)$/
-need_arg	options.c	/^#define need_arg(o)	((o)->flags & NEED_ARG)$/
-nice_option	options.c	/^static void nice_option(value, request)$/
-numeric_addr	misc.c	/^int numeric_addr(str, addr, af, len)$/
-openlog	fakelog.c	/^openlog(name, logopt, facility)$/
-opt_arg	options.c	/^#define opt_arg(o)	((o)->flags & OPT_ARG)$/
-parse_table	tcpdchk.c	/^static void parse_table(table, request)$/
-percent_m	percent_m.c	/^char   *percent_m(obuf, ibuf)$/
-percent_x	percent_x.c	/^char   *percent_x(result, result_len, string, requ/
-permit_arg	options.c	/^#define permit_arg(o)	((o)->flags & (NEED_ARG | OP/
-perror_exit	safe_finger.c	/^void    perror_exit(text)$/
-pipe_stdin	safe_finger.c	/^int     pipe_stdin(argv)$/
-print_list	tcpdchk.c	/^static void print_list(title, list)$/
-printenv	environ.c	/^static void printenv()$/
-process_options	options.c	/^void    process_options(options, request)$/
-ptx_sink	ptx.c	/^static void ptx_sink(fd)$/
-putenv	environ.c	/^int     putenv(nameval)$/
-refuse	refuse.c	/^void    refuse(request)$/
-request_fill	update.c	/^static struct request_info *request_fill(request, /
-reserved_name	tcpdchk.c	/^static int reserved_name(pat)$/
-rfc931	rfc931.c	/^void    rfc931(rmt_sin, our_sin, dest)$/
-rfc931_option	options.c	/^static void rfc931_option(value, request)$/
-server_match	hosts_access.c	/^static int server_match(tok, request)$/
-setenv	environ.c	/^int     setenv(name, value, clobber)$/
-setenv_option	options.c	/^static void setenv_option(value, request)$/
-severity_map	options.c	/^static int severity_map(table, name)$/
-severity_option	options.c	/^static void severity_option(value, request)$/
-shell_cmd	scaffold.c	/^void    shell_cmd(command)$/
-skip_ipv6_addrs	misc.c	/^char *skip_ipv6_addrs(str)$/
-sock_host	socket.c	/^void    sock_host(request)$/
-sock_hostaddr	socket.c	/^void    sock_hostaddr(host)$/
-sock_hostname	socket.c	/^void    sock_hostname(host)$/
-sock_methods	tcpd.h	/^#define sock_methods(r) \\$/
-sock_sink	socket.c	/^static void sock_sink(fd)$/
-sockgen_simplify	socket.c	/^void sockgen_simplify(sg)$/
-spawn_option	options.c	/^static void spawn_option(value, request)$/
-split_at	misc.c	/^char   *split_at(string, delimiter)$/
-strcasecmp	strcasecmp.c	/^strcasecmp(s1, s2)$/
-string_match	hosts_access.c	/^static int string_match(tok, string)$/
-strncasecmp	strcasecmp.c	/^strncasecmp(s1, s2, n)$/
-table_match	hosts_access.c	/^static int table_match(table, request)$/
-tcpd_diag	diag.c	/^static void tcpd_diag(severity, tag, format, ap)$/
-tcpdmatch	tcpdmatch.c	/^static void tcpdmatch(request)$/
-timeout	rfc931.c	/^static void timeout(sig)$/
-tli_cleanup	tli.c	/^static void tli_cleanup(request)$/
-tli_endpoints	tli.c	/^static void tli_endpoints(request)$/
-tli_error	tli-sequent.c	/^static char *tli_error()$/
-tli_host	ptx.c	/^void    tli_host(request)$/
-tli_hostaddr	tli.c	/^static void tli_hostaddr(host)$/
-tli_hostname	tli.c	/^static void tli_hostname(host)$/
-tli_sink	tli-sequent.c	/^static void tli_sink(fd)$/
-tli_transport	tli.c	/^static struct netconfig *tli_transport(fd)$/
-twist_option	options.c	/^static void twist_option(value, request)$/
-umask_option	options.c	/^static void umask_option(value, request)$/
-unsetenv	environ.c	/^void    unsetenv(name)$/
-usage	tcpdchk.c	/^static void usage()$/
-use_last	options.c	/^#define use_last(o)	((o)->flags & USE_LAST)$/
-user_option	options.c	/^static void user_option(value, request)$/
-vfprintf	vfprintf.c	/^int     vfprintf(fp, format, ap)$/
-vprintf	vfprintf.c	/^vprintf(format, ap)$/
-vsyslog	fakelog.c	/^vsyslog(severity, fmt, ap)$/
-xgets	misc.c	/^char   *xgets(ptr, len, fp)$/
-yp_get_default_domain	workarounds.c	/^int     yp_get_default_domain(ptr)$/
diff --git a/usr/src/cmd/tcpd/tcpd.h.org b/usr/src/cmd/tcpd/tcpd.h.org
deleted file mode 100644
index 3eecc91159..0000000000
--- a/usr/src/cmd/tcpd/tcpd.h.org
+++ /dev/null
@@ -1,219 +0,0 @@
- /*
-  * @(#) tcpd.h 1.5 96/03/19 16:22:24
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-/* Structure to describe one communications endpoint. */
-
-#define STRING_LENGTH	128		/* hosts, users, processes */
-
-struct host_info {
-    char    name[STRING_LENGTH];	/* access via eval_hostname(host) */
-    char    addr[STRING_LENGTH];	/* access via eval_hostaddr(host) */
-    struct sockaddr_in *sin;		/* socket address or 0 */
-    struct t_unitdata *unit;		/* TLI transport address or 0 */
-    struct request_info *request;	/* for shared information */
-};
-
-/* Structure to describe what we know about a service request. */
-
-struct request_info {
-    int     fd;				/* socket handle */
-    char    user[STRING_LENGTH];	/* access via eval_user(request) */
-    char    daemon[STRING_LENGTH];	/* access via eval_daemon(request) */
-    char    pid[10];			/* access via eval_pid(request) */
-    struct host_info client[1];		/* client endpoint info */
-    struct host_info server[1];		/* server endpoint info */
-    void  (*sink) ();			/* datagram sink function or 0 */
-    void  (*hostname) ();		/* address to printable hostname */
-    void  (*hostaddr) ();		/* address to printable address */
-    void  (*cleanup) ();		/* cleanup function or 0 */
-    struct netconfig *config;		/* netdir handle */
-};
-
-/* Common string operations. Less clutter should be more readable. */
-
-#define STRN_CPY(d,s,l)	{ strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
-
-#define STRN_EQ(x,y,l)	(strncasecmp((x),(y),(l)) == 0)
-#define STRN_NE(x,y,l)	(strncasecmp((x),(y),(l)) != 0)
-#define STR_EQ(x,y)	(strcasecmp((x),(y)) == 0)
-#define STR_NE(x,y)	(strcasecmp((x),(y)) != 0)
-
- /*
-  * Initially, all above strings have the empty value. Information that
-  * cannot be determined at runtime is set to "unknown", so that we can
-  * distinguish between `unavailable' and `not yet looked up'. A hostname
-  * that we do not believe in is set to "paranoid".
-  */
-
-#define STRING_UNKNOWN	"unknown"	/* lookup failed */
-#define STRING_PARANOID	"paranoid"	/* hostname conflict */
-
-extern char unknown[];
-extern char paranoid[];
-
-#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
-
-#define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
-
-/* Global functions. */
-
-#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
-extern void fromhost();			/* get/validate client host info */
-#else
-#define fromhost sock_host		/* no TLI support needed */
-#endif
-
-extern int hosts_access();		/* access control */
-extern void shell_cmd();		/* execute shell command */
-extern char *percent_x();		/* do %<char> expansion */
-extern void rfc931();			/* client name from RFC 931 daemon */
-extern void clean_exit();		/* clean up and exit */
-extern void refuse();			/* clean up and exit */
-extern char *xgets();			/* fgets() on steroids */
-extern char *split_at();		/* strchr() and split */
-extern unsigned long dot_quad_addr();	/* restricted inet_addr() */
-
-/* Global variables. */
-
-extern int allow_severity;		/* for connection logging */
-extern int deny_severity;		/* for connection logging */
-extern char *hosts_allow_table;		/* for verification mode redirection */
-extern char *hosts_deny_table;		/* for verification mode redirection */
-extern int hosts_access_verbose;	/* for verbose matching mode */
-extern int rfc931_timeout;		/* user lookup timeout */
-extern int resident;			/* > 0 if resident process */
-
- /*
-  * Routines for controlled initialization and update of request structure
-  * attributes. Each attribute has its own key.
-  */
-
-#ifdef __STDC__
-extern struct request_info *request_init(struct request_info *,...);
-extern struct request_info *request_set(struct request_info *,...);
-#else
-extern struct request_info *request_init();	/* initialize request */
-extern struct request_info *request_set();	/* update request structure */
-#endif
-
-#define RQ_FILE		1		/* file descriptor */
-#define RQ_DAEMON	2		/* server process (argv[0]) */
-#define RQ_USER		3		/* client user name */
-#define RQ_CLIENT_NAME	4		/* client host name */
-#define RQ_CLIENT_ADDR	5		/* client host address */
-#define RQ_CLIENT_SIN	6		/* client endpoint (internal) */
-#define RQ_SERVER_NAME	7		/* server host name */
-#define RQ_SERVER_ADDR	8		/* server host address */
-#define RQ_SERVER_SIN	9		/* server endpoint (internal) */
-
- /*
-  * Routines for delayed evaluation of request attributes. Each attribute
-  * type has its own access method. The trivial ones are implemented by
-  * macros. The other ones are wrappers around the transport-specific host
-  * name, address, and client user lookup methods. The request_info and
-  * host_info structures serve as caches for the lookup results.
-  */
-
-extern char *eval_user();		/* client user */
-extern char *eval_hostname();		/* printable hostname */
-extern char *eval_hostaddr();		/* printable host address */
-extern char *eval_hostinfo();		/* host name or address */
-extern char *eval_client();		/* whatever is available */
-extern char *eval_server();		/* whatever is available */
-#define eval_daemon(r)	((r)->daemon)	/* daemon process name */
-#define eval_pid(r)	((r)->pid)	/* process id */
-
-/* Socket-specific methods, including DNS hostname lookups. */
-
-extern void sock_host();		/* look up endpoint addresses */
-extern void sock_hostname();		/* translate address to hostname */
-extern void sock_hostaddr();		/* address to printable address */
-#define sock_methods(r) \
-	{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
-
-/* The System V Transport-Level Interface (TLI) interface. */
-
-#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
-extern void tli_host();			/* look up endpoint addresses etc. */
-#endif
-
- /*
-  * Problem reporting interface. Additional file/line context is reported
-  * when available. The jump buffer (tcpd_buf) is not declared here, or
-  * everyone would have to include <setjmp.h>.
-  */
-
-#ifdef __STDC__
-extern void tcpd_warn(char *, ...);	/* report problem and proceed */
-extern void tcpd_jump(char *, ...);	/* report problem and jump */
-#else
-extern void tcpd_warn();
-extern void tcpd_jump();
-#endif
-
-struct tcpd_context {
-    char   *file;			/* current file */
-    int     line;			/* current line */
-};
-extern struct tcpd_context tcpd_context;
-
- /*
-  * While processing access control rules, error conditions are handled by
-  * jumping back into the hosts_access() routine. This is cleaner than
-  * checking the return value of each and every silly little function. The
-  * (-1) returns are here because zero is already taken by longjmp().
-  */
-
-#define AC_PERMIT	1		/* permit access */
-#define AC_DENY		(-1)		/* deny_access */
-#define AC_ERROR	AC_DENY		/* XXX */
-
- /*
-  * In verification mode an option function should just say what it would do,
-  * instead of really doing it. An option function that would not return
-  * should clear the dry_run flag to inform the caller of this unusual
-  * behavior.
-  */
-
-extern void process_options();		/* execute options */
-extern int dry_run;			/* verification flag */
-
-/* Bug workarounds. */
-
-#ifdef INET_ADDR_BUG			/* inet_addr() returns struct */
-#define inet_addr fix_inet_addr
-extern long fix_inet_addr();
-#endif
-
-#ifdef BROKEN_FGETS			/* partial reads from sockets */
-#define fgets fix_fgets
-extern char *fix_fgets();
-#endif
-
-#ifdef RECVFROM_BUG			/* no address family info */
-#define recvfrom fix_recvfrom
-extern int fix_recvfrom();
-#endif
-
-#ifdef GETPEERNAME_BUG			/* claims success with UDP */
-#define getpeername fix_getpeername
-extern int fix_getpeername();
-#endif
-
-#ifdef SOLARIS_24_GETHOSTBYNAME_BUG	/* lists addresses as aliases */
-#define gethostbyname fix_gethostbyname
-extern struct hostent *fix_gethostbyname();
-#endif
-
-#ifdef USE_STRSEP			/* libc calls strtok() */
-#define strtok	fix_strtok
-extern char *fix_strtok();
-#endif
-
-#ifdef LIBC_CALLS_STRTOK		/* libc calls strtok() */
-#define strtok	my_strtok
-extern char *my_strtok();
-#endif
diff --git a/usr/src/cmd/tcpd/tcpdchk.c.org b/usr/src/cmd/tcpd/tcpdchk.c.org
deleted file mode 100644
index 49c5c82c1b..0000000000
--- a/usr/src/cmd/tcpd/tcpdchk.c.org
+++ /dev/null
@@ -1,462 +0,0 @@
- /*
-  * tcpdchk - examine all tcpd access control rules and inetd.conf entries
-  * 
-  * Usage: tcpdchk [-a] [-d] [-i inet_conf] [-v]
-  * 
-  * -a: complain about implicit "allow" at end of rule.
-  * 
-  * -d: rules in current directory.
-  * 
-  * -i: location of inetd.conf file.
-  * 
-  * -v: show all rules.
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) tcpdchk.c 1.8 97/02/12 02:13:25";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <setjmp.h>
-#include <errno.h>
-#include <netdb.h>
-#include <string.h>
-
-extern int errno;
-extern void exit();
-extern int optind;
-extern char *optarg;
-
-#ifndef INADDR_NONE
-#define INADDR_NONE     (-1)		/* XXX should be 0xffffffff */
-#endif
-
-#ifndef S_ISDIR
-#define S_ISDIR(m)	(((m) & S_IFMT) == S_IFDIR)
-#endif
-
-/* Application-specific. */
-
-#include "tcpd.h"
-#include "inetcf.h"
-#include "scaffold.h"
-
- /*
-  * Stolen from hosts_access.c...
-  */
-static char sep[] = ", \t\n";
-
-#define	BUFLEN 2048
-
-int     resident = 0;
-int     hosts_access_verbose = 0;
-char   *hosts_allow_table = HOSTS_ALLOW;
-char   *hosts_deny_table = HOSTS_DENY;
-extern jmp_buf tcpd_buf;
-
- /*
-  * Local stuff.
-  */
-static void usage();
-static void parse_table();
-static void print_list();
-static void check_daemon_list();
-static void check_client_list();
-static void check_daemon();
-static void check_user();
-static int check_host();
-static int reserved_name();
-
-#define PERMIT	1
-#define DENY	0
-
-#define YES	1
-#define	NO	0
-
-static int defl_verdict;
-static char *myname;
-static int allow_check;
-static char *inetcf;
-
-int     main(argc, argv)
-int     argc;
-char  **argv;
-{
-    struct request_info request;
-    struct stat st;
-    int     c;
-
-    myname = argv[0];
-
-    /*
-     * Parse the JCL.
-     */
-    while ((c = getopt(argc, argv, "adi:v")) != EOF) {
-	switch (c) {
-	case 'a':
-	    allow_check = 1;
-	    break;
-	case 'd':
-	    hosts_allow_table = "hosts.allow";
-	    hosts_deny_table = "hosts.deny";
-	    break;
-	case 'i':
-	    inetcf = optarg;
-	    break;
-	case 'v':
-	    hosts_access_verbose++;
-	    break;
-	default:
-	    usage();
-	    /* NOTREACHED */
-	}
-    }
-    if (argc != optind)
-	usage();
-
-    /*
-     * When confusion really strikes...
-     */
-    if (check_path(REAL_DAEMON_DIR, &st) < 0) {
-	tcpd_warn("REAL_DAEMON_DIR %s: %m", REAL_DAEMON_DIR);
-    } else if (!S_ISDIR(st.st_mode)) {
-	tcpd_warn("REAL_DAEMON_DIR %s is not a directory", REAL_DAEMON_DIR);
-    }
-
-    /*
-     * Process the inet configuration file (or its moral equivalent). This
-     * information is used later to find references in hosts.allow/deny to
-     * unwrapped services, and other possible problems.
-     */
-    inetcf = inet_cfg(inetcf);
-    if (hosts_access_verbose)
-	printf("Using network configuration file: %s\n", inetcf);
-
-    /*
-     * These are not run from inetd but may have built-in access control.
-     */
-    inet_set("portmap", WR_NOT);
-    inet_set("rpcbind", WR_NOT);
-
-    /*
-     * Check accessibility of access control files.
-     */
-    (void) check_path(hosts_allow_table, &st);
-    (void) check_path(hosts_deny_table, &st);
-
-    /*
-     * Fake up an arbitrary service request.
-     */
-    request_init(&request,
-		 RQ_DAEMON, "daemon_name",
-		 RQ_SERVER_NAME, "server_hostname",
-		 RQ_SERVER_ADDR, "server_addr",
-		 RQ_USER, "user_name",
-		 RQ_CLIENT_NAME, "client_hostname",
-		 RQ_CLIENT_ADDR, "client_addr",
-		 RQ_FILE, 1,
-		 0);
-
-    /*
-     * Examine all access-control rules.
-     */
-    defl_verdict = PERMIT;
-    parse_table(hosts_allow_table, &request);
-    defl_verdict = DENY;
-    parse_table(hosts_deny_table, &request);
-    return (0);
-}
-
-/* usage - explain */
-
-static void usage()
-{
-    fprintf(stderr, "usage: %s [-a] [-d] [-i inet_conf] [-v]\n", myname);
-    fprintf(stderr, "	-a: report rules with implicit \"ALLOW\" at end\n");
-    fprintf(stderr, "	-d: use allow/deny files in current directory\n");
-    fprintf(stderr, "	-i: location of inetd.conf file\n");
-    fprintf(stderr, "	-v: list all rules\n");
-    exit(1);
-}
-
-/* parse_table - like table_match(), but examines _all_ entries */
-
-static void parse_table(table, request)
-char   *table;
-struct request_info *request;
-{
-    FILE   *fp;
-    int     real_verdict;
-    char    sv_list[BUFLEN];		/* becomes list of daemons */
-    char   *cl_list;			/* becomes list of requests */
-    char   *sh_cmd;			/* becomes optional shell command */
-    char    buf[BUFSIZ];
-    int     verdict;
-    struct tcpd_context saved_context;
-
-    saved_context = tcpd_context;		/* stupid compilers */
-
-    if (fp = fopen(table, "r")) {
-	tcpd_context.file = table;
-	tcpd_context.line = 0;
-	while (xgets(sv_list, sizeof(sv_list), fp)) {
-	    if (sv_list[strlen(sv_list) - 1] != '\n') {
-		tcpd_warn("missing newline or line too long");
-		continue;
-	    }
-	    if (sv_list[0] == '#' || sv_list[strspn(sv_list, " \t\r\n")] == 0)
-		continue;
-	    if ((cl_list = split_at(sv_list, ':')) == 0) {
-		tcpd_warn("missing \":\" separator");
-		continue;
-	    }
-	    sh_cmd = split_at(cl_list, ':');
-
-	    if (hosts_access_verbose)
-		printf("\n>>> Rule %s line %d:\n",
-		       tcpd_context.file, tcpd_context.line);
-
-	    if (hosts_access_verbose)
-		print_list("daemons:  ", sv_list);
-	    check_daemon_list(sv_list);
-
-	    if (hosts_access_verbose)
-		print_list("clients:  ", cl_list);
-	    check_client_list(cl_list);
-
-#ifdef PROCESS_OPTIONS
-	    real_verdict = defl_verdict;
-	    if (sh_cmd) {
-		verdict = setjmp(tcpd_buf);
-		if (verdict != 0) {
-		    real_verdict = (verdict == AC_PERMIT);
-		} else {
-		    dry_run = 1;
-		    process_options(sh_cmd, request);
-		    if (dry_run == 1 && real_verdict && allow_check)
-			tcpd_warn("implicit \"allow\" at end of rule");
-		}
-	    } else if (defl_verdict && allow_check) {
-		tcpd_warn("implicit \"allow\" at end of rule");
-	    }
-	    if (hosts_access_verbose)
-		printf("access:   %s\n", real_verdict ? "granted" : "denied");
-#else
-	    if (sh_cmd)
-		shell_cmd(percent_x(buf, sizeof(buf), sh_cmd, request));
-	    if (hosts_access_verbose)
-		printf("access:   %s\n", defl_verdict ? "granted" : "denied");
-#endif
-	}
-	(void) fclose(fp);
-    } else if (errno != ENOENT) {
-	tcpd_warn("cannot open %s: %m", table);
-    }
-    tcpd_context = saved_context;
-}
-
-/* print_list - pretty-print a list */
-
-static void print_list(title, list)
-char   *title;
-char   *list;
-{
-    char    buf[BUFLEN];
-    char   *cp;
-    char   *next;
-
-    fputs(title, stdout);
-    strcpy(buf, list);
-
-    for (cp = strtok(buf, sep); cp != 0; cp = next) {
-	fputs(cp, stdout);
-	next = strtok((char *) 0, sep);
-	if (next != 0)
-	    fputs(" ", stdout);
-    }
-    fputs("\n", stdout);
-}
-
-/* check_daemon_list - criticize daemon list */
-
-static void check_daemon_list(list)
-char   *list;
-{
-    char    buf[BUFLEN];
-    char   *cp;
-    char   *host;
-    int     daemons = 0;
-
-    strcpy(buf, list);
-
-    for (cp = strtok(buf, sep); cp != 0; cp = strtok((char *) 0, sep)) {
-	if (STR_EQ(cp, "EXCEPT")) {
-	    daemons = 0;
-	} else {
-	    daemons++;
-	    if ((host = split_at(cp + 1, '@')) != 0 && check_host(host) > 1) {
-		tcpd_warn("host %s has more than one address", host);
-		tcpd_warn("(consider using an address instead)");
-	    }
-	    check_daemon(cp);
-	}
-    }
-    if (daemons == 0)
-	tcpd_warn("daemon list is empty or ends in EXCEPT");
-}
-
-/* check_client_list - criticize client list */
-
-static void check_client_list(list)
-char   *list;
-{
-    char    buf[BUFLEN];
-    char   *cp;
-    char   *host;
-    int     clients = 0;
-
-    strcpy(buf, list);
-
-    for (cp = strtok(buf, sep); cp != 0; cp = strtok((char *) 0, sep)) {
-	if (STR_EQ(cp, "EXCEPT")) {
-	    clients = 0;
-	} else {
-	    clients++;
-	    if (host = split_at(cp + 1, '@')) {	/* user@host */
-		check_user(cp);
-		check_host(host);
-	    } else {
-		check_host(cp);
-	    }
-	}
-    }
-    if (clients == 0)
-	tcpd_warn("client list is empty or ends in EXCEPT");
-}
-
-/* check_daemon - criticize daemon pattern */
-
-static void check_daemon(pat)
-char   *pat;
-{
-    if (pat[0] == '@') {
-	tcpd_warn("%s: daemon name begins with \"@\"", pat);
-    } else if (pat[0] == '.') {
-	tcpd_warn("%s: daemon name begins with dot", pat);
-    } else if (pat[strlen(pat) - 1] == '.') {
-	tcpd_warn("%s: daemon name ends in dot", pat);
-    } else if (STR_EQ(pat, "ALL") || STR_EQ(pat, unknown)) {
-	 /* void */ ;
-    } else if (STR_EQ(pat, "FAIL")) {		/* obsolete */
-	tcpd_warn("FAIL is no longer recognized");
-	tcpd_warn("(use EXCEPT or DENY instead)");
-    } else if (reserved_name(pat)) {
-	tcpd_warn("%s: daemon name may be reserved word", pat);
-    } else {
-	switch (inet_get(pat)) {
-	case WR_UNKNOWN:
-	    tcpd_warn("%s: no such process name in %s", pat, inetcf);
-	    inet_set(pat, WR_YES);		/* shut up next time */
-	    break;
-	case WR_NOT:
-	    tcpd_warn("%s: service possibly not wrapped", pat);
-	    inet_set(pat, WR_YES);
-	    break;
-	}
-    }
-}
-
-/* check_user - criticize user pattern */
-
-static void check_user(pat)
-char   *pat;
-{
-    if (pat[0] == '@') {			/* @netgroup */
-	tcpd_warn("%s: user name begins with \"@\"", pat);
-    } else if (pat[0] == '.') {
-	tcpd_warn("%s: user name begins with dot", pat);
-    } else if (pat[strlen(pat) - 1] == '.') {
-	tcpd_warn("%s: user name ends in dot", pat);
-    } else if (STR_EQ(pat, "ALL") || STR_EQ(pat, unknown)
-	       || STR_EQ(pat, "KNOWN")) {
-	 /* void */ ;
-    } else if (STR_EQ(pat, "FAIL")) {		/* obsolete */
-	tcpd_warn("FAIL is no longer recognized");
-	tcpd_warn("(use EXCEPT or DENY instead)");
-    } else if (reserved_name(pat)) {
-	tcpd_warn("%s: user name may be reserved word", pat);
-    }
-}
-
-/* check_host - criticize host pattern */
-
-static int check_host(pat)
-char   *pat;
-{
-    char   *mask;
-    int     addr_count = 1;
-
-    if (pat[0] == '@') {			/* @netgroup */
-#ifdef NO_NETGRENT
-	/* SCO has no *netgrent() support */
-#else
-#ifdef NETGROUP
-	char   *machinep;
-	char   *userp;
-	char   *domainp;
-
-	setnetgrent(pat + 1);
-	if (getnetgrent(&machinep, &userp, &domainp) == 0)
-	    tcpd_warn("%s: unknown or empty netgroup", pat + 1);
-	endnetgrent();
-#else
-	tcpd_warn("netgroup support disabled");
-#endif
-#endif
-    } else if (mask = split_at(pat, '/')) {	/* network/netmask */
-	if (dot_quad_addr(pat) == INADDR_NONE
-	    || dot_quad_addr(mask) == INADDR_NONE)
-	    tcpd_warn("%s/%s: bad net/mask pattern", pat, mask);
-    } else if (STR_EQ(pat, "FAIL")) {		/* obsolete */
-	tcpd_warn("FAIL is no longer recognized");
-	tcpd_warn("(use EXCEPT or DENY instead)");
-    } else if (reserved_name(pat)) {		/* other reserved */
-	 /* void */ ;
-    } else if (NOT_INADDR(pat)) {		/* internet name */
-	if (pat[strlen(pat) - 1] == '.') {
-	    tcpd_warn("%s: domain or host name ends in dot", pat);
-	} else if (pat[0] != '.') {
-	    addr_count = check_dns(pat);
-	}
-    } else {					/* numeric form */
-	if (STR_EQ(pat, "0.0.0.0") || STR_EQ(pat, "255.255.255.255")) {
-	    /* void */ ;
-	} else if (pat[0] == '.') {
-	    tcpd_warn("%s: network number begins with dot", pat);
-	} else if (pat[strlen(pat) - 1] != '.') {
-	    check_dns(pat);
-	}
-    }
-    return (addr_count);
-}
-
-/* reserved_name - determine if name is reserved */
-
-static int reserved_name(pat)
-char   *pat;
-{
-    return (STR_EQ(pat, unknown)
-	    || STR_EQ(pat, "KNOWN")
-	    || STR_EQ(pat, paranoid)
-	    || STR_EQ(pat, "ALL")
-	    || STR_EQ(pat, "LOCAL"));
-}
diff --git a/usr/src/cmd/tcpd/tcpdmatch.c.org b/usr/src/cmd/tcpd/tcpdmatch.c.org
deleted file mode 100644
index b1cf75f25c..0000000000
--- a/usr/src/cmd/tcpd/tcpdmatch.c.org
+++ /dev/null
@@ -1,328 +0,0 @@
- /*
-  * tcpdmatch - explain what tcpd would do in a specific case
-  * 
-  * usage: tcpdmatch [-d] [-i inet_conf] daemon[@host] [user@]host
-  * 
-  * -d: use the access control tables in the current directory.
-  * 
-  * -i: location of inetd.conf file.
-  * 
-  * All errors are reported to the standard error stream, including the errors
-  * that would normally be reported via the syslog daemon.
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) tcpdmatch.c 1.5 96/02/11 17:01:36";
-#endif
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <setjmp.h>
-#include <string.h>
-
-extern void exit();
-extern int optind;
-extern char *optarg;
-
-#ifndef	INADDR_NONE
-#define	INADDR_NONE	(-1)		/* XXX should be 0xffffffff */
-#endif
-
-#ifndef S_ISDIR
-#define S_ISDIR(m)	(((m) & S_IFMT) == S_IFDIR)
-#endif
-
-/* Application-specific. */
-
-#include "tcpd.h"
-#include "inetcf.h"
-#include "scaffold.h"
-
-static void usage();
-static void tcpdmatch();
-
-/* The main program */
-
-int     main(argc, argv)
-int     argc;
-char  **argv;
-{
-    struct hostent *hp;
-    char   *myname = argv[0];
-    char   *client;
-    char   *server;
-    char   *addr;
-    char   *user;
-    char   *daemon;
-    struct request_info request;
-    int     ch;
-    char   *inetcf = 0;
-    int     count;
-    struct sockaddr_in server_sin;
-    struct sockaddr_in client_sin;
-    struct stat st;
-
-    /*
-     * Show what rule actually matched.
-     */
-    hosts_access_verbose = 2;
-
-    /*
-     * Parse the JCL.
-     */
-    while ((ch = getopt(argc, argv, "di:")) != EOF) {
-	switch (ch) {
-	case 'd':
-	    hosts_allow_table = "hosts.allow";
-	    hosts_deny_table = "hosts.deny";
-	    break;
-	case 'i':
-	    inetcf = optarg;
-	    break;
-	default:
-	    usage(myname);
-	    /* NOTREACHED */
-	}
-    }
-    if (argc != optind + 2)
-	usage(myname);
-
-    /*
-     * When confusion really strikes...
-     */
-    if (check_path(REAL_DAEMON_DIR, &st) < 0) {
-	tcpd_warn("REAL_DAEMON_DIR %s: %m", REAL_DAEMON_DIR);
-    } else if (!S_ISDIR(st.st_mode)) {
-	tcpd_warn("REAL_DAEMON_DIR %s is not a directory", REAL_DAEMON_DIR);
-    }
-
-    /*
-     * Default is to specify a daemon process name. When daemon@host is
-     * specified, separate the two parts.
-     */
-    if ((server = split_at(argv[optind], '@')) == 0)
-	server = unknown;
-    if (argv[optind][0] == '/') {
-	daemon = strrchr(argv[optind], '/') + 1;
-	tcpd_warn("%s: daemon name normalized to: %s", argv[optind], daemon);
-    } else {
-	daemon = argv[optind];
-    }
-
-    /*
-     * Default is to specify a client hostname or address. When user@host is
-     * specified, separate the two parts.
-     */
-    if ((client = split_at(argv[optind + 1], '@')) != 0) {
-	user = argv[optind + 1];
-    } else {
-	client = argv[optind + 1];
-	user = unknown;
-    }
-
-    /*
-     * Analyze the inetd (or tlid) configuration file, so that we can warn
-     * the user about services that may not be wrapped, services that are not
-     * configured, or services that are wrapped in an incorrect manner. Allow
-     * for services that are not run from inetd, or that have tcpd access
-     * control built into them.
-     */
-    inetcf = inet_cfg(inetcf);
-    inet_set("portmap", WR_NOT);
-    inet_set("rpcbind", WR_NOT);
-    switch (inet_get(daemon)) {
-    case WR_UNKNOWN:
-	tcpd_warn("%s: no such process name in %s", daemon, inetcf);
-	break;
-    case WR_NOT:
-	tcpd_warn("%s: service possibly not wrapped", daemon);
-	break;
-    }
-
-    /*
-     * Check accessibility of access control files.
-     */
-    (void) check_path(hosts_allow_table, &st);
-    (void) check_path(hosts_deny_table, &st);
-
-    /*
-     * Fill in what we have figured out sofar. Use socket and DNS routines
-     * for address and name conversions. We attach stdout to the request so
-     * that banner messages will become visible.
-     */
-    request_init(&request, RQ_DAEMON, daemon, RQ_USER, user, RQ_FILE, 1, 0);
-    sock_methods(&request);
-
-    /*
-     * If a server hostname is specified, insist that the name maps to at
-     * most one address. eval_hostname() warns the user about name server
-     * problems, while using the request.server structure as a cache for host
-     * address and name conversion results.
-     */
-    if (NOT_INADDR(server) == 0 || HOSTNAME_KNOWN(server)) {
-	if ((hp = find_inet_addr(server)) == 0)
-	    exit(1);
-	memset((char *) &server_sin, 0, sizeof(server_sin));
-	server_sin.sin_family = AF_INET;
-	request_set(&request, RQ_SERVER_SIN, &server_sin, 0);
-
-	for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
-	    memcpy((char *) &server_sin.sin_addr, addr,
-		   sizeof(server_sin.sin_addr));
-
-	    /*
-	     * Force evaluation of server host name and address. Host name
-	     * conflicts will be reported while eval_hostname() does its job.
-	     */
-	    request_set(&request, RQ_SERVER_NAME, "", RQ_SERVER_ADDR, "", 0);
-	    if (STR_EQ(eval_hostname(request.server), unknown))
-		tcpd_warn("host address %s->name lookup failed",
-			  eval_hostaddr(request.server));
-	}
-	if (count > 1) {
-	    fprintf(stderr, "Error: %s has more than one address\n", server);
-	    fprintf(stderr, "Please specify an address instead\n");
-	    exit(1);
-	}
-	free((char *) hp);
-    } else {
-	request_set(&request, RQ_SERVER_NAME, server, 0);
-    }
-
-    /*
-     * If a client address is specified, we simulate the effect of client
-     * hostname lookup failure.
-     */
-    if (dot_quad_addr(client) != INADDR_NONE) {
-	request_set(&request, RQ_CLIENT_ADDR, client, 0);
-	tcpdmatch(&request);
-	exit(0);
-    }
-
-    /*
-     * Perhaps they are testing special client hostname patterns that aren't
-     * really host names at all.
-     */
-    if (NOT_INADDR(client) && HOSTNAME_KNOWN(client) == 0) {
-	request_set(&request, RQ_CLIENT_NAME, client, 0);
-	tcpdmatch(&request);
-	exit(0);
-    }
-
-    /*
-     * Otherwise, assume that a client hostname is specified, and insist that
-     * the address can be looked up. The reason for this requirement is that
-     * in real life the client address is available (at least with IP). Let
-     * eval_hostname() figure out if this host is properly registered, while
-     * using the request.client structure as a cache for host name and
-     * address conversion results.
-     */
-    if ((hp = find_inet_addr(client)) == 0)
-	exit(1);
-    memset((char *) &client_sin, 0, sizeof(client_sin));
-    client_sin.sin_family = AF_INET;
-    request_set(&request, RQ_CLIENT_SIN, &client_sin, 0);
-
-    for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) {
-	memcpy((char *) &client_sin.sin_addr, addr,
-	       sizeof(client_sin.sin_addr));
-
-	/*
-	 * Force evaluation of client host name and address. Host name
-	 * conflicts will be reported while eval_hostname() does its job.
-	 */
-	request_set(&request, RQ_CLIENT_NAME, "", RQ_CLIENT_ADDR, "", 0);
-	if (STR_EQ(eval_hostname(request.client), unknown))
-	    tcpd_warn("host address %s->name lookup failed",
-		      eval_hostaddr(request.client));
-	tcpdmatch(&request);
-	if (hp->h_addr_list[count + 1])
-	    printf("\n");
-    }
-    free((char *) hp);
-    exit(0);
-}
-
-/* Explain how to use this program */
-
-static void usage(myname)
-char   *myname;
-{
-    fprintf(stderr, "usage: %s [-d] [-i inet_conf] daemon[@host] [user@]host\n",
-	    myname);
-    fprintf(stderr, "	-d: use allow/deny files in current directory\n");
-    fprintf(stderr, "	-i: location of inetd.conf file\n");
-    exit(1);
-}
-
-/* Print interesting expansions */
-
-static void expand(text, pattern, request)
-char   *text;
-char   *pattern;
-struct request_info *request;
-{
-    char    buf[BUFSIZ];
-
-    if (STR_NE(percent_x(buf, sizeof(buf), pattern, request), unknown))
-	printf("%s %s\n", text, buf);
-}
-
-/* Try out a (server,client) pair */
-
-static void tcpdmatch(request)
-struct request_info *request;
-{
-    int     verdict;
-
-    /*
-     * Show what we really know. Suppress uninteresting noise.
-     */
-    expand("client:   hostname", "%n", request);
-    expand("client:   address ", "%a", request);
-    expand("client:   username", "%u", request);
-    expand("server:   hostname", "%N", request);
-    expand("server:   address ", "%A", request);
-    expand("server:   process ", "%d", request);
-
-    /*
-     * Reset stuff that might be changed by options handlers. In dry-run
-     * mode, extension language routines that would not return should inform
-     * us of their plan, by clearing the dry_run flag. This is a bit clumsy
-     * but we must be able to verify hosts with more than one network
-     * address.
-     */
-    rfc931_timeout = RFC931_TIMEOUT;
-    allow_severity = SEVERITY;
-    deny_severity = LOG_WARNING;
-    dry_run = 1;
-
-    /*
-     * When paranoid mode is enabled, access is rejected no matter what the
-     * access control rules say.
-     */
-#ifdef PARANOID
-    if (STR_EQ(eval_hostname(request->client), paranoid)) {
-	printf("access:   denied (PARANOID mode)\n\n");
-	return;
-    }
-#endif
-
-    /*
-     * Report the access control verdict.
-     */
-    verdict = hosts_access(request);
-    printf("access:   %s\n",
-	   dry_run == 0 ? "delegated" :
-	   verdict ? "granted" : "denied");
-}
diff --git a/usr/src/cmd/tcpd/tli-sequent.c b/usr/src/cmd/tcpd/tli-sequent.c
deleted file mode 100644
index 8858966876..0000000000
--- a/usr/src/cmd/tcpd/tli-sequent.c
+++ /dev/null
@@ -1,193 +0,0 @@
- /*
-  * Warning - this relies heavily on the TLI implementation in PTX 2.X and will
-  * probably not work under PTX 4.
-  * 
-  * Author: Tim Wright, Sequent Computer Systems Ltd., UK.
-  * 
-  * Modified slightly to conform to the new internal interfaces - Wietse
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) tli-sequent.c 1.1 94/12/28 17:42:51";
-#endif
-
-#ifdef TLI_SEQUENT
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/tiuser.h>
-#include <sys/stream.h>
-#include <sys/stropts.h>
-#include <sys/tihdr.h>
-#include <sys/timod.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-
-extern int errno;
-extern char *sys_errlist[];
-extern int sys_nerr;
-extern int t_errno;
-extern char *t_errlist[];
-extern int t_nerr;
-
-/* Local stuff. */
-
-#include "tcpd.h"
-#include "tli-sequent.h"
-
-/* Forward declarations. */
-
-static char *tli_error();
-static void tli_sink();
-
-/* tli_host - determine endpoint info */
-
-int     tli_host(request)
-struct request_info *request;
-{
-    static struct sockaddr_in client;
-    static struct sockaddr_in server;
-    struct _ti_user *tli_state_ptr;
-    union T_primitives *TSI_prim_ptr;
-    struct strpeek peek;
-    int     len;
-
-    /*
-     * Use DNS and socket routines for name and address conversions.
-     */
-
-    sock_methods(request);
-
-    /*
-     * Find out the client address using getpeerinaddr(). This call is the
-     * TLI equivalent to getpeername() under Dynix/ptx.
-     */
-
-    len = sizeof(client);
-    t_sync(request->fd);
-    if (getpeerinaddr(request->fd, &client, len) < 0) {
-	tcpd_warn("can't get client address: %s", tli_error());
-	return;
-    }
-    request->client->sin = &client;
-
-    /* Call TLI utility routine to get information on endpoint */
-    if ((tli_state_ptr = _t_checkfd(request->fd)) == NULL)
-	return;
-
-    if (tli_state_ptr->ti_servtype == T_CLTS) {
-	/* UDP - may need to get address the hard way */
-	if (client.sin_addr.s_addr == 0) {
-	    /* The UDP endpoint is not connected so we didn't get the */
-	    /* remote address - get it the hard way ! */
-
-	    /* Look at the control part of the top message on the stream */
-	    /* we don't want to remove it from the stream so we use I_PEEK */
-	    peek.ctlbuf.maxlen = tli_state_ptr->ti_ctlsize;
-	    peek.ctlbuf.len = 0;
-	    peek.ctlbuf.buf = tli_state_ptr->ti_ctlbuf;
-	    /* Don't even look at the data */
-	    peek.databuf.maxlen = -1;
-	    peek.databuf.len = 0;
-	    peek.databuf.buf = 0;
-	    peek.flags = 0;
-
-	    switch (ioctl(request->fd, I_PEEK, &peek)) {
-	    case -1:
-		tcpd_warn("can't peek at endpoint: %s", tli_error());
-		return;
-	    case 0:
-		/* No control part - we're hosed */
-		tcpd_warn("can't get UDP info: %s", tli_error());
-		return;
-	    default:
-		/* FALL THROUGH */
-		;
-	    }
-	    /* Can we even check the PRIM_type ? */
-	    if (peek.ctlbuf.len < sizeof(long)) {
-		tcpd_warn("UDP control info garbage");
-		return;
-	    }
-	    TSI_prim_ptr = (union T_primitives *) peek.ctlbuf.buf;
-	    if (TSI_prim_ptr->type != T_UNITDATA_IND) {
-		tcpd_warn("wrong type for UDP control info");
-		return;
-	    }
-	    /* Validate returned unitdata indication packet */
-	    if ((peek.ctlbuf.len < sizeof(struct T_unitdata_ind)) ||
-		((TSI_prim_ptr->unitdata_ind.OPT_length != 0) &&
-		 (peek.ctlbuf.len <
-		  TSI_prim_ptr->unitdata_ind.OPT_length +
-		  TSI_prim_ptr->unitdata_ind.OPT_offset))) {
-		tcpd_warn("UDP control info garbaged");
-		return;
-	    }
-	    /* Extract the address */
-	    memcpy(&client,
-		   peek.ctlbuf.buf + TSI_prim_ptr->unitdata_ind.SRC_offset,
-		   TSI_prim_ptr->unitdata_ind.SRC_length);
-	}
-	request->sink = tli_sink;
-    }
-    if (getmyinaddr(request->fd, &server, len) < 0)
-	tcpd_warn("can't get local address: %s", tli_error());
-    else
-	request->server->sin = &server;
-}
-
-/* tli_error - convert tli error number to text */
-
-static char *tli_error()
-{
-    static char buf[40];
-
-    if (t_errno != TSYSERR) {
-	if (t_errno < 0 || t_errno >= t_nerr) {
-	    sprintf(buf, "Unknown TLI error %d", t_errno);
-	    return (buf);
-	} else {
-	    return (t_errlist[t_errno]);
-	}
-    } else {
-	if (errno < 0 || errno >= sys_nerr) {
-	    sprintf(buf, "Unknown UNIX error %d", errno);
-	    return (buf);
-	} else {
-	    return (sys_errlist[errno]);
-	}
-    }
-}
-
-/* tli_sink - absorb unreceived datagram */
-
-static void tli_sink(fd)
-int     fd;
-{
-    struct t_unitdata *unit;
-    int     flags;
-
-    /*
-     * Something went wrong. Absorb the datagram to keep inetd from looping.
-     * Allocate storage for address, control and data. If that fails, sleep
-     * for a couple of seconds in an attempt to keep inetd from looping too
-     * fast.
-     */
-
-    if ((unit = (struct t_unitdata *) t_alloc(fd, T_UNITDATA, T_ALL)) == 0) {
-	tcpd_warn("t_alloc: %s", tli_error());
-	sleep(5);
-    } else {
-	(void) t_rcvudata(fd, unit, &flags);
-	t_free((void *) unit, T_UNITDATA);
-    }
-}
-
-#endif /* TLI_SEQUENT */
diff --git a/usr/src/cmd/tcpd/tli-sequent.h b/usr/src/cmd/tcpd/tli-sequent.h
deleted file mode 100644
index 4474d3cdb6..0000000000
--- a/usr/src/cmd/tcpd/tli-sequent.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#ifdef __STDC__
-#define __P(X) X
-#else
-#define __P(X) ()
-#endif
-
-extern int t_sync __P((int));
-extern char *t_alloc __P((int, int, int));
-extern int t_free __P((char *, int));
-extern int t_rcvudata __P((int, struct t_unitdata *, int *));
-extern int getpeerinaddr __P((int, struct sockaddr_in *, int));
-extern int getmyinaddr __P((int, struct sockaddr_in *, int));
-extern struct _ti_user *_t_checkfd __P((int));
diff --git a/usr/src/cmd/tcpd/tli.c.org b/usr/src/cmd/tcpd/tli.c.org
deleted file mode 100644
index 14579d1cba..0000000000
--- a/usr/src/cmd/tcpd/tli.c.org
+++ /dev/null
@@ -1,341 +0,0 @@
- /*
-  * tli_host() determines the type of transport (connected, connectionless),
-  * the transport address of a client host, and the transport address of a
-  * server endpoint. In addition, it provides methods to map a transport
-  * address to a printable host name or address. Socket address results are
-  * in static memory; tli structures are allocated from the heap.
-  * 
-  * The result from the hostname lookup method is STRING_PARANOID when a host
-  * pretends to have someone elses name, or when a host name is available but
-  * could not be verified.
-  * 
-  * Diagnostics are reported through syslog(3).
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) tli.c 1.15 97/03/21 19:27:25";
-#endif
-
-#ifdef TLI
-
-/* System libraries. */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stream.h>
-#include <sys/stat.h>
-#include <sys/mkdev.h>
-#include <sys/tiuser.h>
-#include <sys/timod.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <stdio.h>
-#include <syslog.h>
-#include <errno.h>
-#include <netconfig.h>
-#include <netdir.h>
-#include <string.h>
-
-extern char *nc_sperror();
-extern int errno;
-extern char *sys_errlist[];
-extern int sys_nerr;
-extern int t_errno;
-extern char *t_errlist[];
-extern int t_nerr;
-
-/* Local stuff. */
-
-#include "tcpd.h"
-
-/* Forward declarations. */
-
-static void tli_endpoints();
-static struct netconfig *tli_transport();
-static void tli_hostname();
-static void tli_hostaddr();
-static void tli_cleanup();
-static char *tli_error();
-static void tli_sink();
-
-/* tli_host - look up endpoint addresses and install conversion methods */
-
-void    tli_host(request)
-struct request_info *request;
-{
-    static struct sockaddr_in client;
-    static struct sockaddr_in server;
-
-    /*
-     * If we discover that we are using an IP transport, pretend we never
-     * were here. Otherwise, use the transport-independent method and stick
-     * to generic network addresses. XXX hard-coded protocol family name.
-     */
-
-    tli_endpoints(request);
-    if ((request->config = tli_transport(request->fd)) != 0
-	&& STR_EQ(request->config->nc_protofmly, "inet")) {
-	if (request->client->unit != 0) {
-	    client = *(struct sockaddr_in *) request->client->unit->addr.buf;
-	    request->client->sin = &client;
-	}
-	if (request->server->unit != 0) {
-	    server = *(struct sockaddr_in *) request->server->unit->addr.buf;
-	    request->server->sin = &server;
-	}
-	tli_cleanup(request);
-	sock_methods(request);
-    } else {
-	request->hostname = tli_hostname;
-	request->hostaddr = tli_hostaddr;
-	request->cleanup = tli_cleanup;
-    }
-}
-
-/* tli_cleanup - cleanup some dynamically-allocated data structures */
-
-static void tli_cleanup(request)
-struct request_info *request;
-{
-    if (request->config != 0)
-	freenetconfigent(request->config);
-    if (request->client->unit != 0)
-	t_free((char *) request->client->unit, T_UNITDATA);
-    if (request->server->unit != 0)
-	t_free((char *) request->server->unit, T_UNITDATA);
-}
-
-/* tli_endpoints - determine TLI client and server endpoint information */
-
-static void tli_endpoints(request)
-struct request_info *request;
-{
-    struct t_unitdata *server;
-    struct t_unitdata *client;
-    int     fd = request->fd;
-    int     flags;
-
-    /*
-     * Determine the client endpoint address. With unconnected services, peek
-     * at the sender address of the pending protocol data unit without
-     * popping it off the receive queue. This trick works because only the
-     * address member of the unitdata structure has been allocated.
-     * 
-     * Beware of successful returns with zero-length netbufs (for example,
-     * Solaris 2.3 with ticlts transport). The netdir(3) routines can't
-     * handle that. Assume connection-less transport when TI_GETPEERNAME
-     * produces no usable result, even when t_rcvudata() is unable to figure
-     * out the peer address. Better to hang than to loop.
-     */
-
-    if ((client = (struct t_unitdata *) t_alloc(fd, T_UNITDATA, T_ADDR)) == 0) {
-	tcpd_warn("t_alloc: %s", tli_error());
-	return;
-    }
-    if (ioctl(fd, TI_GETPEERNAME, &client->addr) < 0 || client->addr.len == 0) {
-	request->sink = tli_sink;
-	if (t_rcvudata(fd, client, &flags) < 0 || client->addr.len == 0) {
-	    tcpd_warn("can't get client address: %s", tli_error());
-	    t_free((void *) client, T_UNITDATA);
-	    return;
-	}
-    }
-    request->client->unit = client;
-
-    /*
-     * Look up the server endpoint address. This can be used for filtering on
-     * server address or name, or to look up the client user.
-     */
-
-    if ((server = (struct t_unitdata *) t_alloc(fd, T_UNITDATA, T_ADDR)) == 0) {
-	tcpd_warn("t_alloc: %s", tli_error());
-	return;
-    }
-    if (ioctl(fd, TI_GETMYNAME, &server->addr) < 0) {
-	tcpd_warn("TI_GETMYNAME: %m");
-	t_free((void *) server, T_UNITDATA);
-	return;
-    }
-    request->server->unit = server;
-}
-
-/* tli_transport - find out TLI transport type */
-
-static struct netconfig *tli_transport(fd)
-int     fd;
-{
-    struct stat from_client;
-    struct stat from_config;
-    void   *handlep;
-    struct netconfig *config;
-
-    /*
-     * Assuming that the network device is a clone device, we must compare
-     * the major device number of stdin to the minor device number of the
-     * devices listed in the netconfig table.
-     */
-
-    if (fstat(fd, &from_client) != 0) {
-	tcpd_warn("fstat(fd %d): %m", fd);
-	return (0);
-    }
-    if ((handlep = setnetconfig()) == 0) {
-	tcpd_warn("setnetconfig: %m");
-	return (0);
-    }
-    while (config = getnetconfig(handlep)) {
-	if (stat(config->nc_device, &from_config) == 0) {
-	    if (minor(from_config.st_rdev) == major(from_client.st_rdev))
-		break;
-	}
-    }
-    if (config == 0) {
-	tcpd_warn("unable to identify transport protocol");
-	return (0);
-    }
-
-    /*
-     * Something else may clobber our getnetconfig() result, so we'd better
-     * acquire our private copy.
-     */
-
-    if ((config = getnetconfigent(config->nc_netid)) == 0) {
-	tcpd_warn("getnetconfigent(%s): %s", config->nc_netid, nc_sperror());
-	return (0);
-    }
-    return (config);
-}
-
-/* tli_hostaddr - map TLI transport address to printable address */
-
-static void tli_hostaddr(host)
-struct host_info *host;
-{
-    struct request_info *request = host->request;
-    struct netconfig *config = request->config;
-    struct t_unitdata *unit = host->unit;
-    char   *uaddr;
-
-    if (config != 0 && unit != 0
-	&& (uaddr = taddr2uaddr(config, &unit->addr)) != 0) {
-	STRN_CPY(host->addr, uaddr, sizeof(host->addr));
-	free(uaddr);
-    }
-}
-
-/* tli_hostname - map TLI transport address to hostname */
-
-static void tli_hostname(host)
-struct host_info *host;
-{
-    struct request_info *request = host->request;
-    struct netconfig *config = request->config;
-    struct t_unitdata *unit = host->unit;
-    struct nd_hostservlist *servlist;
-
-    if (config != 0 && unit != 0
-	&& netdir_getbyaddr(config, &servlist, &unit->addr) == ND_OK) {
-
-	struct nd_hostserv *service = servlist->h_hostservs;
-	struct nd_addrlist *addr_list;
-	int     found = 0;
-
-	if (netdir_getbyname(config, service, &addr_list) != ND_OK) {
-
-	    /*
-	     * Unable to verify that the name matches the address. This may
-	     * be a transient problem or a botched name server setup. We
-	     * decide to play safe.
-	     */
-
-	    tcpd_warn("can't verify hostname: netdir_getbyname(%.*s) failed",
-		      STRING_LENGTH, service->h_host);
-
-	} else {
-
-	    /*
-	     * Look up the host address in the address list we just got. The
-	     * comparison is done on the textual representation, because the
-	     * transport address is an opaque structure that may have holes
-	     * with uninitialized garbage. This approach obviously loses when
-	     * the address does not have a textual representation.
-	     */
-
-	    char   *uaddr = eval_hostaddr(host);
-	    char   *ua;
-	    int     i;
-
-	    for (i = 0; found == 0 && i < addr_list->n_cnt; i++) {
-		if ((ua = taddr2uaddr(config, &(addr_list->n_addrs[i]))) != 0) {
-		    found = !strcmp(ua, uaddr);
-		    free(ua);
-		}
-	    }
-	    netdir_free((void *) addr_list, ND_ADDRLIST);
-
-	    /*
-	     * When the host name does not map to the initial address, assume
-	     * someone has compromised a name server. More likely someone
-	     * botched it, but that could be dangerous, too.
-	     */
-
-	    if (found == 0)
-		tcpd_warn("host name/address mismatch: %s != %.*s",
-			  host->addr, STRING_LENGTH, service->h_host);
-	}
-	STRN_CPY(host->name, found ? service->h_host : paranoid,
-		 sizeof(host->name));
-	netdir_free((void *) servlist, ND_HOSTSERVLIST);
-    }
-}
-
-/* tli_error - convert tli error number to text */
-
-static char *tli_error()
-{
-    static char buf[40];
-
-    if (t_errno != TSYSERR) {
-	if (t_errno < 0 || t_errno >= t_nerr) {
-	    sprintf(buf, "Unknown TLI error %d", t_errno);
-	    return (buf);
-	} else {
-	    return (t_errlist[t_errno]);
-	}
-    } else {
-	if (errno < 0 || errno >= sys_nerr) {
-	    sprintf(buf, "Unknown UNIX error %d", errno);
-	    return (buf);
-	} else {
-	    return (sys_errlist[errno]);
-	}
-    }
-}
-
-/* tli_sink - absorb unreceived datagram */
-
-static void tli_sink(fd)
-int     fd;
-{
-    struct t_unitdata *unit;
-    int     flags;
-
-    /*
-     * Something went wrong. Absorb the datagram to keep inetd from looping.
-     * Allocate storage for address, control and data. If that fails, sleep
-     * for a couple of seconds in an attempt to keep inetd from looping too
-     * fast.
-     */
-
-    if ((unit = (struct t_unitdata *) t_alloc(fd, T_UNITDATA, T_ALL)) == 0) {
-	tcpd_warn("t_alloc: %s", tli_error());
-	sleep(5);
-    } else {
-	(void) t_rcvudata(fd, unit, &flags);
-	t_free((void *) unit, T_UNITDATA);
-    }
-}
-
-#endif /* TLI */
diff --git a/usr/src/cmd/tcpd/update.c.org b/usr/src/cmd/tcpd/update.c.org
deleted file mode 100644
index a76cf2bb23..0000000000
--- a/usr/src/cmd/tcpd/update.c.org
+++ /dev/null
@@ -1,119 +0,0 @@
- /*
-  * Routines for controlled update/initialization of request structures.
-  * 
-  * request_init() initializes its argument. Pointers and string-valued members
-  * are initialized to zero, to indicate that no lookup has been attempted.
-  * 
-  * request_set() adds information to an already initialized request structure.
-  * 
-  * Both functions take a variable-length name-value list.
-  * 
-  * Diagnostics are reported through syslog(3).
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) update.c 1.1 94/12/28 17:42:56";
-#endif
-
-/* System libraries */
-
-#include <stdio.h>
-#include <syslog.h>
-#include <string.h>
-
-/* Local stuff. */
-
-#include "mystdarg.h"
-#include "tcpd.h"
-
-/* request_fill - request update engine */
-
-static struct request_info *request_fill(request, ap)
-struct request_info *request;
-va_list ap;
-{
-    int     key;
-    char   *ptr;
-
-    while ((key = va_arg(ap, int)) > 0) {
-	switch (key) {
-	default:
-	    tcpd_warn("request_fill: invalid key: %d", key);
-	    return (request);
-	case RQ_FILE:
-	    request->fd = va_arg(ap, int);
-	    continue;
-	case RQ_CLIENT_SIN:
-	    request->client->sin = va_arg(ap, struct sockaddr_in *);
-	    continue;
-	case RQ_SERVER_SIN:
-	    request->server->sin = va_arg(ap, struct sockaddr_in *);
-	    continue;
-
-	    /*
-	     * All other fields are strings with the same maximal length.
-	     */
-
-	case RQ_DAEMON:
-	    ptr = request->daemon;
-	    break;
-	case RQ_USER:
-	    ptr = request->user;
-	    break;
-	case RQ_CLIENT_NAME:
-	    ptr = request->client->name;
-	    break;
-	case RQ_CLIENT_ADDR:
-	    ptr = request->client->addr;
-	    break;
-	case RQ_SERVER_NAME:
-	    ptr = request->server->name;
-	    break;
-	case RQ_SERVER_ADDR:
-	    ptr = request->server->addr;
-	    break;
-	}
-	STRN_CPY(ptr, va_arg(ap, char *), STRING_LENGTH);
-    }
-    return (request);
-}
-
-/* request_init - initialize request structure */
-
-struct request_info *VARARGS(request_init, struct request_info *, request)
-{
-    static struct request_info default_info;
-    struct request_info *r;
-    va_list ap;
-
-    /*
-     * Initialize data members. We do not assign default function pointer
-     * members, to avoid pulling in the whole socket module when it is not
-     * really needed.
-     */
-    VASTART(ap, struct request_info *, request);
-    *request = default_info;
-    request->fd = -1;
-    strcpy(request->daemon, unknown);
-    sprintf(request->pid, "%d", getpid());
-    request->client->request = request;
-    request->server->request = request;
-    r = request_fill(request, ap);
-    VAEND(ap);
-    return (r);
-}
-
-/* request_set - update request structure */
-
-struct request_info *VARARGS(request_set, struct request_info *, request)
-{
-    struct request_info *r;
-    va_list ap;
-
-    VASTART(ap, struct request_info *, request);
-    r = request_fill(request, ap);
-    VAEND(ap);
-    return (r);
-}
diff --git a/usr/src/cmd/tcpd/vfprintf.c b/usr/src/cmd/tcpd/vfprintf.c
deleted file mode 100644
index d6f37d59bf..0000000000
--- a/usr/src/cmd/tcpd/vfprintf.c
+++ /dev/null
@@ -1,125 +0,0 @@
- /*
-  * vfprintf() and vprintf() clones. They will produce unexpected results
-  * when excessive dynamic ("*") field widths are specified. To be used for
-  * testing purposes only.
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) vfprintf.c 1.2 94/03/23 17:44:46";
-#endif
-
-#include <stdio.h>
-#include <ctype.h>
-#ifdef __STDC__
-#include <stdarg.h>
-#else
-#include <varargs.h>
-#endif
-
-/* vfprintf - print variable-length argument list to stream */
-
-int     vfprintf(fp, format, ap)
-FILE   *fp;
-char   *format;
-va_list ap;
-{
-    char    fmt[BUFSIZ];		/* format specifier */
-    register char *fmtp;
-    register char *cp;
-    int     count = 0;
-
-    /*
-     * Iterate over characters in the format string, picking up arguments
-     * when format specifiers are found.
-     */
-
-    for (cp = format; *cp; cp++) {
-	if (*cp != '%') {
-	    putc(*cp, fp);			/* ordinary character */
-	    count++;
-	} else {
-
-	    /*
-	     * Format specifiers are handled one at a time, since we can only
-	     * deal with arguments one at a time. Try to determine the end of
-	     * the format specifier. We do not attempt to fully parse format
-	     * strings, since we are ging to let fprintf() do the hard work.
-	     * In regular expression notation, we recognize:
-	     * 
-	     * %-?0?([0-9]+|\*)?\.?([0-9]+|\*)?l?[a-z]
-	     * 
-	     * which includes some combinations that do not make sense.
-	     */
-
-	    fmtp = fmt;
-	    *fmtp++ = *cp++;
-	    if (*cp == '-')			/* left-adjusted field? */
-		*fmtp++ = *cp++;
-	    if (*cp == '0')			/* zero-padded field? */
-		*fmtp++ = *cp++;
-	    if (*cp == '*') {			/* dynamic field witdh */
-		sprintf(fmtp, "%d", va_arg(ap, int));
-		fmtp += strlen(fmtp);
-		cp++;
-	    } else {
-		while (isdigit(*cp))		/* hard-coded field width */
-		    *fmtp++ = *cp++;
-	    }
-	    if (*cp == '.')			/* width/precision separator */
-		*fmtp++ = *cp++;
-	    if (*cp == '*') {			/* dynamic precision */
-		sprintf(fmtp, "%d", va_arg(ap, int));
-		fmtp += strlen(fmtp);
-		cp++;
-	    } else {
-		while (isdigit(*cp))		/* hard-coded precision */
-		    *fmtp++ = *cp++;
-	    }
-	    if (*cp == 'l')			/* long whatever */
-		*fmtp++ = *cp++;
-	    if (*cp == 0)			/* premature end, punt */
-		break;
-	    *fmtp++ = *cp;			/* type (checked below) */
-	    *fmtp = 0;
-
-	    /* Execute the format string - let fprintf() do the hard work. */
-
-	    switch (fmtp[-1]) {
-	    case 's':				/* string-valued argument */
-		count += fprintf(fp, fmt, va_arg(ap, char *));
-		break;
-	    case 'c':				/* integral-valued argument */
-	    case 'd':
-	    case 'u':
-	    case 'o':
-	    case 'x':
-		if (fmtp[-2] == 'l')
-		    count += fprintf(fp, fmt, va_arg(ap, long));
-		else
-		    count += fprintf(fp, fmt, va_arg(ap, int));
-		break;
-	    case 'e':				/* float-valued argument */
-	    case 'f':
-	    case 'g':
-		count += fprintf(fp, fmt, va_arg(ap, double));
-		break;
-	    default:				/* anything else */
-		putc(fmtp[-1], fp);
-		count++;
-		break;
-	    }
-	}
-    }
-    return (count);
-}
-
-/* vprintf - print variable-length argument list to stdout */
-
-vprintf(format, ap)
-char   *format;
-va_list ap;
-{
-    return (vfprintf(stdout, format, ap));
-}
diff --git a/usr/src/cmd/zpool/zpool_main.c b/usr/src/cmd/zpool/zpool_main.c
index 9e1f30cf69..1cb2e63d1f 100644
--- a/usr/src/cmd/zpool/zpool_main.c
+++ b/usr/src/cmd/zpool/zpool_main.c
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
  */
 
 #include <assert.h>
@@ -3279,7 +3280,7 @@ print_scan_status(pool_scan_stat_t *ps)
 	double fraction_done;
 	char processed_buf[7], examined_buf[7], total_buf[7], rate_buf[7];
 
-	(void) printf(gettext(" scan: "));
+	(void) printf(gettext("  scan: "));
 
 	/* If there's never been a scan, there's not much to say. */
 	if (ps == NULL || ps->pss_func == POOL_SCAN_NONE ||
@@ -3467,10 +3468,16 @@ print_dedup_stats(nvlist_t *config)
 	 * table continue processing the stats.
 	 */
 	if (nvlist_lookup_uint64_array(config, ZPOOL_CONFIG_DDT_OBJ_STATS,
-	    (uint64_t **)&ddo, &c) != 0 || ddo->ddo_count == 0)
+	    (uint64_t **)&ddo, &c) != 0)
 		return;
 
 	(void) printf("\n");
+	(void) printf(gettext(" dedup: "));
+	if (ddo->ddo_count == 0) {
+		(void) printf(gettext("no DDT entries\n"));
+		return;
+	}
+
 	(void) printf("DDT entries %llu, size %llu on disk, %llu in core\n",
 	    (u_longlong_t)ddo->ddo_count,
 	    (u_longlong_t)ddo->ddo_dspace,
diff --git a/usr/src/common/dis/i386/dis_tables.c b/usr/src/common/dis/i386/dis_tables.c
index c402a5dab1..805a862f13 100644
--- a/usr/src/common/dis/i386/dis_tables.c
+++ b/usr/src/common/dis/i386/dis_tables.c
@@ -21,6 +21,7 @@
  */
 /*
  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, Joyent, Inc. All rights reserved.
  */
 
 /*
@@ -101,6 +102,7 @@ enum {
 	Mv,
 	Mw,
 	M,		/* register or memory */
+	MG9,		/* register or memory in group 9 (prefix optional) */
 	Mb,		/* register or memory, always byte sized */
 	MO,		/* memory only (no registers) */
 	PREF,
@@ -111,6 +113,7 @@ enum {
 	SEG,
 	MR,
 	RM,
+	RM_66r,		/* RM, but with a required 0x66 prefix */ 
 	IA,
 	MA,
 	SD,
@@ -225,7 +228,9 @@ enum {
 	VEX_RRi,        /* VEX  mod_rm, imm8                   -> mod_reg */
 	VEX_RM,         /* VEX  mod_reg                        -> mod_rm */
 	VEX_RRM,        /* VEX  VEX.vvvv, mod_reg              -> mod_rm */
-	VEX_RMX         /* VEX  VEX.vvvv, mod_rm               -> mod_reg */
+	VEX_RMX,        /* VEX  VEX.vvvv, mod_rm               -> mod_reg */
+	VMx,		/* vmcall/vmlaunch/vmresume/vmxoff */
+	VMxo		/* VMx instruction with optional prefix */
 };
 
 /*
@@ -493,7 +498,7 @@ const instable_t dis_op0F00[8] = {
  */
 const instable_t dis_op0F01[8] = {
 
-/*  [0]  */	TNSZ("sgdt",MO,6),	TNSZ("sidt",MONITOR_MWAIT,6), TNSZ("lgdt",XGETBV_XSETBV,6),	TNSZ("lidt",MO,6),
+/*  [0]  */	TNSZ("sgdt",VMx,6),	TNSZ("sidt",MONITOR_MWAIT,6), TNSZ("lgdt",XGETBV_XSETBV,6),	TNSZ("lidt",MO,6),
 /*  [4]  */	TNSZ("smsw",M,2),	INVALID, 		TNSZ("lmsw",M,2),	TNS("invlpg",SWAPGS),
 };
 
@@ -525,15 +530,34 @@ const instable_t dis_op0FBA[8] = {
 };
 
 /*
- * 	Decode table for 0x0FC7 opcode
+ * 	Decode table for 0x0FC7 opcode (group 9)
  */
 
 const instable_t dis_op0FC7[8] = {
 
 /*  [0]  */	INVALID,		TNS("cmpxchg8b",M),	INVALID,		INVALID,
-/*  [4]  */	INVALID,		INVALID,	INVALID,		 INVALID,
+/*  [4]  */	INVALID,		INVALID,		TNS("vmptrld",MG9),	TNS("vmptrst",MG9),
 };
 
+/*
+ * 	Decode table for 0x0FC7 opcode with 0x66 prefix
+ */
+
+const instable_t dis_op660FC7[8] = {
+
+/*  [0]  */	INVALID,		INVALID,		INVALID,		INVALID,
+/*  [4]  */	INVALID,		INVALID,		TNS("vmclear",M),	INVALID,
+};
+
+/*
+ * 	Decode table for 0x0FC7 opcode with 0xF3 prefix
+ */
+
+const instable_t dis_opF30FC7[8] = {
+
+/*  [0]  */	INVALID,		INVALID,		INVALID,		INVALID,
+/*  [4]  */	INVALID,		INVALID,		TNS("vmxon",M),		INVALID,
+};
 
 /*
  *	Decode table for 0x0FC8 opcode -- 486 bswap instruction
@@ -1144,7 +1168,7 @@ const instable_t dis_op0F38[256] = {
 /*  [78]  */	INVALID,		INVALID,		INVALID,		INVALID,
 /*  [7C]  */	INVALID,		INVALID,		INVALID,		INVALID,
 
-/*  [80]  */	INVALID,		INVALID,		INVALID,		INVALID,
+/*  [80]  */	TNSy("invept", RM_66r),	TNSy("invvpid", RM_66r),INVALID,		INVALID,
 /*  [84]  */	INVALID,		INVALID,		INVALID,		INVALID,
 /*  [88]  */	INVALID,		INVALID,		INVALID,		INVALID,
 /*  [8C]  */	INVALID,		INVALID,		INVALID,		INVALID,
@@ -1472,7 +1496,7 @@ const instable_t dis_op0F[16][16] = {
 }, {
 /*  [70]  */	TNSZ("pshufw",MMOPM,8),	TNS("psrXXX",MR),	TNS("psrXXX",MR),	TNS("psrXXX",MR),
 /*  [74]  */	TNSZ("pcmpeqb",MMO,8),	TNSZ("pcmpeqw",MMO,8),	TNSZ("pcmpeqd",MMO,8),	TNS("emms",NORM),
-/*  [78]  */	TNS("INVALID",XMMO),	TNS("INVALID",XMMO),	INVALID,		INVALID,
+/*  [78]  */	TNSy("vmread",RM),	TNSy("vmwrite",MR),	INVALID,		INVALID,
 /*  [7C]  */	INVALID,		INVALID,		TNSZ("movd",MMOS,4),	TNSZ("movq",MMOS,8),
 }, {
 /*  [80]  */	TNS("jo",D),		TNS("jno",D),		TNS("jb",D),		TNS("jae",D),
@@ -2902,6 +2926,7 @@ dtrace_disx86(dis86_t *x, uint_t cpu_mode)
 				goto error;
 #endif
 			switch (dp->it_adrmode) {
+				case RM_66r:
 				case XMM_66r:
 				case XMMM_66r:
 					if (opnd_size_prefix == 0) {
@@ -3051,6 +3076,42 @@ dtrace_disx86(dis86_t *x, uint_t cpu_mode)
 		}
 		break;
 
+	case MG9:
+		/*
+		 * More horribleness: the group 9 (0xF0 0xC7) instructions are
+		 * allowed an optional prefix of 0x66 or 0xF3.  This is similar
+		 * to the SIMD business described above, but with a different
+		 * addressing mode (and an indirect table), so we deal with it
+		 * separately (if similarly).
+		 */
+
+		/*
+		 * Calculate our offset in dis_op0FC7 (the group 9 table)
+		 */
+		if ((uintptr_t)dp - (uintptr_t)dis_op0FC7 > sizeof (dis_op0FC7))
+			goto error;
+
+		off = ((uintptr_t)dp - (uintptr_t)dis_op0FC7) /
+		    sizeof (instable_t);
+
+		/*
+		 * Rewrite if this instruction used one of the magic prefixes.
+		 */
+		if (rep_prefix) {
+			if (rep_prefix == 0xf3)
+				dp = (instable_t *)&dis_opF30FC7[off];
+			else
+				goto error;
+			rep_prefix = 0;
+		} else if (opnd_size_prefix) {
+			dp = (instable_t *)&dis_op660FC7[off];
+			opnd_size_prefix = 0;
+			if (opnd_size == SIZE16)
+				opnd_size = SIZE32;
+		}
+		break;
+
+
 	case MMOSH:
 		/*
 		 * As with the "normal" SIMD instructions, the MMX
@@ -3448,6 +3509,7 @@ just_mem:
 
 	/* single memory or register operand */
 	case M:
+	case MG9:
 		wbit = LONG_OPND;
 		goto just_mem;
 
@@ -3456,6 +3518,38 @@ just_mem:
 		wbit = BYTE_OPND;
 		goto just_mem;
 
+	case VMx:
+		if (mode == 3) {
+#ifdef DIS_TEXT
+			char *vminstr;
+
+			switch (r_m) {
+			case 1:
+				vminstr = "vmcall";
+				break;
+			case 2:
+				vminstr = "vmlaunch";
+				break;
+			case 3:
+				vminstr = "vmresume";
+				break;
+			case 4:
+				vminstr = "vmxoff";
+				break;
+			default:
+				goto error;
+			}
+
+			(void) strncpy(x->d86_mnem, vminstr, OPLEN);
+#else
+			if (r_m < 1 || r_m > 4)
+				goto error;
+#endif
+
+			NOMEM;
+			break;
+		}
+		/*FALLTHROUGH*/
 	case MONITOR_MWAIT:
 		if (mode == 3) {
 			if (r_m == 0) {
@@ -3594,6 +3688,7 @@ just_mem:
 		break;
 
 	case RM:
+	case RM_66r:
 		wbit = LONG_OPND;
 		STANDARD_MODRM(x, mode, reg, r_m, rex_prefix, wbit, 1);
 		break;
diff --git a/usr/src/common/elfcap/elfcap.c b/usr/src/common/elfcap/elfcap.c
index 0e1558468a..3cd9b4aedc 100644
--- a/usr/src/common/elfcap/elfcap.c
+++ b/usr/src/common/elfcap/elfcap.c
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, Joyent, Inc. All rights reserved.
  */
 
 /* LINTLIBRARY */
@@ -295,6 +296,14 @@ static const elfcap_desc_t hw1_386[ELFCAP_NUM_HW1_386] = {
 	{						/* 0x20000000 */
 		AV_386_AVX, STRDESC("AV_386_AVX"),
 		STRDESC("AVX"), STRDESC("avx"),
+	},
+	{						/* 0x40000000 */
+		AV_386_VMX, STRDESC("AV_386_VMX"),
+		STRDESC("VMX"), STRDESC("vmx"),
+	},
+	{						/* 0x80000000 */
+		AV_386_AMD_SVM, STRDESC("AV_386_AMD_SVM"),
+		STRDESC("AMD_SVM"), STRDESC("amd_svm"),
 	}
 };
 
diff --git a/usr/src/common/elfcap/elfcap.h b/usr/src/common/elfcap/elfcap.h
index 9f0ef25f09..3d09397ee5 100644
--- a/usr/src/common/elfcap/elfcap.h
+++ b/usr/src/common/elfcap/elfcap.h
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, Joyent, Inc. All rights reserved.
  */
 
 #ifndef _ELFCAP_DOT_H
@@ -113,7 +114,7 @@ typedef enum {
  */
 #define	ELFCAP_NUM_SF1			3
 #define	ELFCAP_NUM_HW1_SPARC		17
-#define	ELFCAP_NUM_HW1_386		30
+#define	ELFCAP_NUM_HW1_386		32
 
 
 /*
diff --git a/usr/src/grub/grub-0.97/stage2/fsys_zfs.c b/usr/src/grub/grub-0.97/stage2/fsys_zfs.c
index 30a66dd7d7..4eed0afe9a 100644
--- a/usr/src/grub/grub-0.97/stage2/fsys_zfs.c
+++ b/usr/src/grub/grub-0.97/stage2/fsys_zfs.c
@@ -225,10 +225,8 @@ vdev_uberblock_compare(uberblock_t *ub1, uberblock_t *ub2)
  *    -1 - Failure
  */
 static int
-uberblock_verify(uberblock_phys_t *ub, uint64_t offset)
+uberblock_verify(uberblock_t *uber, uint64_t ub_size, uint64_t offset)
 {
-
-	uberblock_t *uber = &ub->ubp_uberblock;
 	blkptr_t bp;
 
 	BP_ZERO(&bp);
@@ -236,7 +234,7 @@ uberblock_verify(uberblock_phys_t *ub, uint64_t offset)
 	BP_SET_BYTEORDER(&bp, ZFS_HOST_BYTEORDER);
 	ZIO_SET_CHECKSUM(&bp.blk_cksum, offset, 0, 0, 0);
 
-	if (zio_checksum_verify(&bp, (char *)ub, UBERBLOCK_SIZE) != 0)
+	if (zio_checksum_verify(&bp, (char *)uber, ub_size) != 0)
 		return (-1);
 
 	if (uber->ub_magic == UBERBLOCK_MAGIC &&
@@ -252,25 +250,28 @@ uberblock_verify(uberblock_phys_t *ub, uint64_t offset)
  *    Success - Pointer to the best uberblock.
  *    Failure - NULL
  */
-static uberblock_phys_t *
-find_bestub(uberblock_phys_t *ub_array, uint64_t sector)
+static uberblock_t *
+find_bestub(char *ub_array, uint64_t ashift, uint64_t sector)
 {
-	uberblock_phys_t *ubbest = NULL;
-	uint64_t offset;
+	uberblock_t *ubbest = NULL;
+	uberblock_t *ubnext;
+	uint64_t offset, ub_size;
 	int i;
 
-	for (i = 0; i < (VDEV_UBERBLOCK_RING >> VDEV_UBERBLOCK_SHIFT); i++) {
+	ub_size = VDEV_UBERBLOCK_SIZE(ashift);
+
+	for (i = 0; i < VDEV_UBERBLOCK_COUNT(ashift); i++) {
+		ubnext = (uberblock_t *)ub_array;
+		ub_array += ub_size;
 		offset = (sector << SPA_MINBLOCKSHIFT) +
-		    VDEV_UBERBLOCK_OFFSET(i);
-		if (uberblock_verify(&ub_array[i], offset) == 0) {
-			if (ubbest == NULL) {
-				ubbest = &ub_array[i];
-			} else if (vdev_uberblock_compare(
-			    &(ub_array[i].ubp_uberblock),
-			    &(ubbest->ubp_uberblock)) > 0) {
-				ubbest = &ub_array[i];
-			}
-		}
+		    VDEV_UBERBLOCK_OFFSET(ashift, i);
+
+		if (uberblock_verify(ubnext, ub_size, offset) != 0)
+			continue;
+
+		if (ubbest == NULL ||
+		    vdev_uberblock_compare(ubnext, ubbest) > 0)
+			ubbest = ubnext;
 	}
 
 	return (ubbest);
@@ -1209,7 +1210,7 @@ vdev_get_bootpath(char *nv, uint64_t inguid, char *devid, char *bootpath,
  */
 int
 check_pool_label(uint64_t sector, char *stack, char *outdevid,
-    char *outpath, uint64_t *outguid)
+    char *outpath, uint64_t *outguid, uint64_t *outashift)
 {
 	vdev_phys_t *vdev;
 	uint64_t pool_state, txg = 0;
@@ -1259,6 +1260,9 @@ check_pool_label(uint64_t sector, char *stack, char *outdevid,
 	if (nvlist_lookup_value(nvlist, ZPOOL_CONFIG_GUID, &diskguid,
 	    DATA_TYPE_UINT64, NULL))
 		return (ERR_FSYS_CORRUPT);
+	if (nvlist_lookup_value(nv, ZPOOL_CONFIG_ASHIFT, outashift,
+	    DATA_TYPE_UINT64, NULL) != 0)
+		return (ERR_FSYS_CORRUPT);
 	if (vdev_get_bootpath(nv, diskguid, outdevid, outpath, 0))
 		return (ERR_NO_BOOTPATH);
 	if (nvlist_lookup_value(nvlist, ZPOOL_CONFIG_POOL_GUID, outguid,
@@ -1278,13 +1282,13 @@ check_pool_label(uint64_t sector, char *stack, char *outdevid,
 int
 zfs_mount(void)
 {
-	char *stack;
+	char *stack, *ub_array;
 	int label = 0;
-	uberblock_phys_t *ub_array, *ubbest;
+	uberblock_t *ubbest;
 	objset_phys_t *osp;
 	char tmp_bootpath[MAXNAMELEN];
 	char tmp_devid[MAXNAMELEN];
-	uint64_t tmp_guid;
+	uint64_t tmp_guid, ashift;
 	uint64_t adjpl = (uint64_t)part_length << SPA_MINBLOCKSHIFT;
 	int err = errnum; /* preserve previous errnum state */
 
@@ -1296,7 +1300,7 @@ zfs_mount(void)
 
 	stackbase = ZFS_SCRATCH;
 	stack = stackbase;
-	ub_array = (uberblock_phys_t *)stack;
+	ub_array = stack;
 	stack += VDEV_UBERBLOCK_RING;
 
 	osp = (objset_phys_t *)stack;
@@ -1322,39 +1326,34 @@ zfs_mount(void)
 
 		/* Read in the uberblock ring (128K). */
 		if (devread(sector  +
-		    ((VDEV_SKIP_SIZE + VDEV_PHYS_SIZE) >>
-		    SPA_MINBLOCKSHIFT), 0, VDEV_UBERBLOCK_RING,
-		    (char *)ub_array) == 0)
+		    ((VDEV_SKIP_SIZE + VDEV_PHYS_SIZE) >> SPA_MINBLOCKSHIFT),
+		    0, VDEV_UBERBLOCK_RING, ub_array) == 0)
 			continue;
 
-		if ((ubbest = find_bestub(ub_array, sector)) != NULL &&
-		    zio_read(&ubbest->ubp_uberblock.ub_rootbp, osp, stack)
-		    == 0) {
-
-			VERIFY_OS_TYPE(osp, DMU_OST_META);
-
-			if (check_pool_label(sector, stack, tmp_devid,
-			    tmp_bootpath, &tmp_guid))
-				continue;
-			if (pool_guid == 0)
-				pool_guid = tmp_guid;
-
-			if (find_best_root && ((pool_guid != tmp_guid) ||
-			    vdev_uberblock_compare(&ubbest->ubp_uberblock,
-			    &(current_uberblock)) <= 0))
-				continue;
-
-			/* Got the MOS. Save it at the memory addr MOS. */
-			grub_memmove(MOS, &osp->os_meta_dnode, DNODE_SIZE);
-			grub_memmove(&current_uberblock,
-			    &ubbest->ubp_uberblock, sizeof (uberblock_t));
-			grub_memmove(current_bootpath, tmp_bootpath,
-			    MAXNAMELEN);
-			grub_memmove(current_devid, tmp_devid,
-			    grub_strlen(tmp_devid));
-			is_zfs_mount = 1;
-			return (1);
-		}
+		if (check_pool_label(sector, stack, tmp_devid,
+		    tmp_bootpath, &tmp_guid, &ashift))
+			continue;
+
+		if (pool_guid == 0)
+			pool_guid = tmp_guid;
+
+		if ((ubbest = find_bestub(ub_array, ashift, sector)) == NULL ||
+		    zio_read(&ubbest->ub_rootbp, osp, stack) != 0)
+			continue;
+
+		VERIFY_OS_TYPE(osp, DMU_OST_META);
+
+		if (find_best_root && ((pool_guid != tmp_guid) ||
+		    vdev_uberblock_compare(ubbest, &(current_uberblock)) <= 0))
+			continue;
+
+		/* Got the MOS. Save it at the memory addr MOS. */
+		grub_memmove(MOS, &osp->os_meta_dnode, DNODE_SIZE);
+		grub_memmove(&current_uberblock, ubbest, sizeof (uberblock_t));
+		grub_memmove(current_bootpath, tmp_bootpath, MAXNAMELEN);
+		grub_memmove(current_devid, tmp_devid, grub_strlen(tmp_devid));
+		is_zfs_mount = 1;
+		return (1);
 	}
 
 	/*
diff --git a/usr/src/grub/grub-0.97/stage2/fsys_zfs.h b/usr/src/grub/grub-0.97/stage2/fsys_zfs.h
index d439392f3f..b0fdc6e2e9 100644
--- a/usr/src/grub/grub-0.97/stage2/fsys_zfs.h
+++ b/usr/src/grub/grub-0.97/stage2/fsys_zfs.h
@@ -95,27 +95,8 @@ typedef	unsigned int size_t;
 #define	BSWAP_64(x)	((BSWAP_32(x) << 32) | BSWAP_32((x) >> 32))
 #define	P2ROUNDUP(x, align)	(-(-(x) & -(align)))
 
-/*
- * XXX Match these macro up with real zfs once we have nvlist support so that we
- * can support large sector disks.
- */
-#define	UBERBLOCK_SIZE		(1ULL << UBERBLOCK_SHIFT)
-#undef	offsetof
-#define	offsetof(t, m)   ((int)&(((t *)0)->m))
-#define	VDEV_UBERBLOCK_SHIFT	UBERBLOCK_SHIFT
-#define	VDEV_UBERBLOCK_OFFSET(n) \
-offsetof(vdev_label_t, vl_uberblock[(n) << VDEV_UBERBLOCK_SHIFT])
-
 typedef struct uberblock uberblock_t;
 
-/* XXX Uberblock_phys_t is no longer in the kernel zfs */
-typedef struct uberblock_phys {
-	uberblock_t	ubp_uberblock;
-	char		ubp_pad[UBERBLOCK_SIZE - sizeof (uberblock_t) -
-				sizeof (zio_eck_t)];
-	zio_eck_t	ubp_zec;
-} uberblock_phys_t;
-
 /*
  * Macros to get fields in a bp or DVA.
  */
diff --git a/usr/src/grub/grub-0.97/stage2/zfs-include/vdev_impl.h b/usr/src/grub/grub-0.97/stage2/zfs-include/vdev_impl.h
index ba427dd2bf..7363fc3d96 100644
--- a/usr/src/grub/grub-0.97/stage2/zfs-include/vdev_impl.h
+++ b/usr/src/grub/grub-0.97/stage2/zfs-include/vdev_impl.h
@@ -24,12 +24,26 @@
 #ifndef _SYS_VDEV_IMPL_H
 #define	_SYS_VDEV_IMPL_H
 
+/* helper macros */
+#undef	offsetof
+#define	offsetof(t, m)		((int)&(((t *)0)->m))
+#define	MAX(x, y)		((x) > (y) ? (x) : (y))
+
 #define	VDEV_PAD_SIZE 		(8 << 10)
 /* 2 padding areas (vl_pad1 and vl_pad2) to skip */
 #define	VDEV_SKIP_SIZE		VDEV_PAD_SIZE * 2
 #define	VDEV_PHYS_SIZE		(112 << 10)
 #define	VDEV_UBERBLOCK_RING	(128 << 10)
 
+#define	VDEV_UBERBLOCK_SHIFT(sh)		\
+	MAX((sh), UBERBLOCK_SHIFT)
+#define	VDEV_UBERBLOCK_COUNT(sh)		\
+	(VDEV_UBERBLOCK_RING >> VDEV_UBERBLOCK_SHIFT(sh))
+#define	VDEV_UBERBLOCK_OFFSET(sh, n)	\
+	offsetof(vdev_label_t, vl_uberblock[(n) << VDEV_UBERBLOCK_SHIFT(sh)])
+#define	VDEV_UBERBLOCK_SIZE(sh)			\
+	(1ULL << VDEV_UBERBLOCK_SHIFT(sh))
+
 typedef struct vdev_phys {
 	char		vp_nvlist[VDEV_PHYS_SIZE - sizeof (zio_eck_t)];
 	zio_eck_t	vp_zbt;
diff --git a/usr/src/lib/libbe/common/be_list.c b/usr/src/lib/libbe/common/be_list.c
index 420b38d7ad..b9c7882d18 100644
--- a/usr/src/lib/libbe/common/be_list.c
+++ b/usr/src/lib/libbe/common/be_list.c
@@ -488,7 +488,7 @@ be_add_children_callback(zfs_handle_t *zhp, void *data)
 	 * get past the end of the container dataset plus the trailing "/"
 	 */
 	str = str + (strlen(be_container_ds) + 1);
-	if (be_defaults.be_deflt_bename_starts_with != '\0') {
+	if (be_defaults.be_deflt_rpool_container) {
 		/* just skip if invalid */
 		if (!be_valid_be_name(str))
 			return (BE_SUCCESS);
diff --git a/usr/src/lib/libc/port/locale/lnumeric.c b/usr/src/lib/libc/port/locale/lnumeric.c
index 4fd70f1fe7..f887cf31ff 100644
--- a/usr/src/lib/libc/port/locale/lnumeric.c
+++ b/usr/src/lib/libc/port/locale/lnumeric.c
@@ -51,13 +51,17 @@ static char	*_numeric_locale_buf;
 int
 __numeric_load_locale(const char *name)
 {
+	const struct lc_numeric_T *leg = &_C_numeric_locale;
+
 	int ret;
 
 	ret = __part_load_locale(name, &_numeric_using_locale,
 	    &_numeric_locale_buf, "LC_NUMERIC", LCNUMERIC_SIZE, LCNUMERIC_SIZE,
 	    (const char **)&_numeric_locale);
-	if (ret != _LDP_ERROR)
-		__nlocale_changed = 1;
+	if (ret == _LDP_ERROR)
+		return (_LDP_ERROR);
+
+	__nlocale_changed = 1;
 	if (ret == _LDP_LOADED) {
 		/* Can't be empty according to C99 */
 		if (*_numeric_locale.decimal_point == '\0')
@@ -65,11 +69,11 @@ __numeric_load_locale(const char *name)
 			    _C_numeric_locale.decimal_point;
 		_numeric_locale.grouping =
 		    __fix_locale_grouping_str(_numeric_locale.grouping);
-
-		/* This is Solaris legacy, required for _doprnt */
-		_numeric[0] = *_numeric_locale.decimal_point;
-		_numeric[1] = *_numeric_locale.grouping;
+		leg = (const struct lc_numeric_T *)&_numeric_locale;
 	}
+	/* This is Solaris legacy, required for ABI compatability */
+	_numeric[0] = *leg->decimal_point;
+	_numeric[1] = *leg->grouping;
 	return (ret);
 }
 
diff --git a/usr/src/lib/libc/port/print/doprnt.c b/usr/src/lib/libc/port/print/doprnt.c
index 0c644c33bd..3bb54445ab 100644
--- a/usr/src/lib/libc/port/print/doprnt.c
+++ b/usr/src/lib/libc/port/print/doprnt.c
@@ -573,6 +573,9 @@ _ndoprnt(const char *format, va_list in_args, FILE *iop, int prflag)
 					/* arglst[1] is the second arg, etc */
 
 	int	starflg = 0;	/* set to 1 if * format specifier seen */
+	struct lconv *locptr = localeconv();
+	char	decimal_point = *locptr->decimal_point;
+
 	/*
 	 * Initialize args and sargs to the start of the argument list.
 	 * We don't know any portable way to copy an arbitrary C object
@@ -1343,7 +1346,7 @@ _ndoprnt(const char *format, va_list in_args, FILE *iop, int prflag)
 
 			/* put in a decimal point if needed */
 			if (prec != 0 || (flagword & FSHARP))
-				*p++ = _numeric[0];
+				*p++ = decimal_point;
 
 			/* create the rest of the mantissa */
 			rz = prec;
@@ -1449,7 +1452,7 @@ _ndoprnt(const char *format, va_list in_args, FILE *iop, int prflag)
 
 			/* Put in a decimal point if needed */
 			if (prec != 0 || (flagword & FSHARP))
-				*p++ = _numeric[0];
+				*p++ = decimal_point;
 
 			/* Create the rest of the mantissa */
 			rz = prec;
@@ -1574,7 +1577,7 @@ _ndoprnt(const char *format, va_list in_args, FILE *iop, int prflag)
 
 				/* Decide whether we need a decimal point */
 				if ((flagword & FSHARP) || prec > 0)
-					*p++ = _numeric[0];
+					*p++ = decimal_point;
 
 				/* Digits (if any) after the decimal point */
 				nn = min(prec, MAXFCVT);
diff --git a/usr/src/lib/libdtrace/common/dt_open.c b/usr/src/lib/libdtrace/common/dt_open.c
index bd60702e49..d5259c9a2e 100644
--- a/usr/src/lib/libdtrace/common/dt_open.c
+++ b/usr/src/lib/libdtrace/common/dt_open.c
@@ -403,6 +403,8 @@ static const dt_ident_t _dtrace_globals[] = {
 	&dt_idops_type, "uint32_t" },
 { "usym", DT_IDENT_ACTFUNC, 0, DT_ACT_USYM, DT_ATTR_STABCMN,
 	DT_VERS_1_2, &dt_idops_func, "_usymaddr(uintptr_t)" },
+{ "vmregs", DT_IDENT_ARRAY, 0, DIF_VAR_VMREGS, DT_ATTR_STABCMN, DT_VERS_1_7,
+	&dt_idops_regs, NULL },
 { "vtimestamp", DT_IDENT_SCALAR, 0, DIF_VAR_VTIMESTAMP,
 	DT_ATTR_STABCMN, DT_VERS_1_0,
 	&dt_idops_type, "uint64_t" },
diff --git a/usr/src/lib/libdtrace/i386/regs.d.in b/usr/src/lib/libdtrace/i386/regs.d.in
index 3328f33515..d18c5f7ff1 100644
--- a/usr/src/lib/libdtrace/i386/regs.d.in
+++ b/usr/src/lib/libdtrace/i386/regs.d.in
@@ -23,8 +23,9 @@
  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
+/*
+ * Copyright 2011 Joyent, Inc.  All rights reserved.
+ */
 
 inline int R_GS = @GS@;
 #pragma D binding "1.0" R_GS
@@ -115,3 +116,149 @@ inline int R_R14 = @REG_R14@;
 inline int R_R15 = @REG_R15@;
 #pragma D binding "1.0" R_R15
 
+enum vmregs_vmx {
+	VMX_VIRTUAL_PROCESSOR_ID			= 0x00000000,
+	VMX_GUEST_ES_SELECTOR				= 0x00000800,
+	VMX_GUEST_CS_SELECTOR				= 0x00000802,
+	VMX_GUEST_SS_SELECTOR				= 0x00000804,
+	VMX_GUEST_DS_SELECTOR				= 0x00000806,
+	VMX_GUEST_FS_SELECTOR				= 0x00000808,
+	VMX_GUEST_GS_SELECTOR				= 0x0000080a,
+	VMX_GUEST_LDTR_SELECTOR				= 0x0000080c,
+	VMX_GUEST_TR_SELECTOR				= 0x0000080e,
+	VMX_HOST_ES_SELECTOR				= 0x00000c00,
+	VMX_HOST_CS_SELECTOR				= 0x00000c02,
+	VMX_HOST_SS_SELECTOR				= 0x00000c04,
+	VMX_HOST_DS_SELECTOR				= 0x00000c06,
+	VMX_HOST_FS_SELECTOR				= 0x00000c08,
+	VMX_HOST_GS_SELECTOR				= 0x00000c0a,
+	VMX_HOST_TR_SELECTOR				= 0x00000c0c,
+	VMX_IO_BITMAP_A					= 0x00002000,
+	VMX_IO_BITMAP_A_HIGH				= 0x00002001,
+	VMX_IO_BITMAP_B					= 0x00002002,
+	VMX_IO_BITMAP_B_HIGH				= 0x00002003,
+	VMX_MSR_BITMAP					= 0x00002004,
+	VMX_MSR_BITMAP_HIGH				= 0x00002005,
+	VMX_VM_EXIT_MSR_STORE_ADDR			= 0x00002006,
+	VMX_VM_EXIT_MSR_STORE_ADDR_HIGH			= 0x00002007,
+	VMX_VM_EXIT_MSR_LOAD_ADDR			= 0x00002008,
+	VMX_VM_EXIT_MSR_LOAD_ADDR_HIGH			= 0x00002009,
+	VMX_VM_ENTRY_MSR_LOAD_ADDR			= 0x0000200a,
+	VMX_VM_ENTRY_MSR_LOAD_ADDR_HIGH			= 0x0000200b,
+	VMX_TSC_OFFSET					= 0x00002010,
+	VMX_TSC_OFFSET_HIGH				= 0x00002011,
+	VMX_VIRTUAL_APIC_PAGE_ADDR			= 0x00002012,
+	VMX_VIRTUAL_APIC_PAGE_ADDR_HIGH			= 0x00002013,
+	VMX_APIC_ACCESS_ADDR				= 0x00002014,
+	VMX_APIC_ACCESS_ADDR_HIGH			= 0x00002015,
+	VMX_EPT_POINTER					= 0x0000201a,
+	VMX_EPT_POINTER_HIGH				= 0x0000201b,
+	VMX_GUEST_PHYSICAL_ADDRESS			= 0x00002400,
+	VMX_GUEST_PHYSICAL_ADDRESS_HIGH			= 0x00002401,
+	VMX_VMCS_LINK_POINTER				= 0x00002800,
+	VMX_VMCS_LINK_POINTER_HIGH			= 0x00002801,
+	VMX_GUEST_IA32_DEBUGCTL				= 0x00002802,
+	VMX_GUEST_IA32_DEBUGCTL_HIGH			= 0x00002803,
+	VMX_GUEST_IA32_PAT				= 0x00002804,
+	VMX_GUEST_IA32_PAT_HIGH				= 0x00002805,
+	VMX_GUEST_PDPTR0				= 0x0000280a,
+	VMX_GUEST_PDPTR0_HIGH				= 0x0000280b,
+	VMX_GUEST_PDPTR1				= 0x0000280c,
+	VMX_GUEST_PDPTR1_HIGH				= 0x0000280d,
+	VMX_GUEST_PDPTR2				= 0x0000280e,
+	VMX_GUEST_PDPTR2_HIGH				= 0x0000280f,
+	VMX_GUEST_PDPTR3				= 0x00002810,
+	VMX_GUEST_PDPTR3_HIGH				= 0x00002811,
+	VMX_HOST_IA32_PAT				= 0x00002c00,
+	VMX_HOST_IA32_PAT_HIGH				= 0x00002c01,
+	VMX_PIN_BASED_VM_EXEC_CONTROL			= 0x00004000,
+	VMX_CPU_BASED_VM_EXEC_CONTROL			= 0x00004002,
+	VMX_EXCEPTION_BITMAP				= 0x00004004,
+	VMX_PAGE_FAULT_ERROR_CODE_MASK			= 0x00004006,
+	VMX_PAGE_FAULT_ERROR_CODE_MATCH			= 0x00004008,
+	VMX_CR3_TARGET_COUNT				= 0x0000400a,
+	VMX_VM_EXIT_CONTROLS				= 0x0000400c,
+	VMX_VM_EXIT_MSR_STORE_COUNT			= 0x0000400e,
+	VMX_VM_EXIT_MSR_LOAD_COUNT			= 0x00004010,
+	VMX_VM_ENTRY_CONTROLS				= 0x00004012,
+	VMX_VM_ENTRY_MSR_LOAD_COUNT			= 0x00004014,
+	VMX_VM_ENTRY_INTR_INFO_FIELD			= 0x00004016,
+	VMX_VM_ENTRY_EXCEPTION_ERROR_CODE		= 0x00004018,
+	VMX_VM_ENTRY_INSTRUCTION_LEN			= 0x0000401a,
+	VMX_TPR_THRESHOLD				= 0x0000401c,
+	VMX_SECONDARY_VM_EXEC_CONTROL			= 0x0000401e,
+	VMX_PLE_GAP					= 0x00004020,
+	VMX_PLE_WINDOW					= 0x00004022,
+	VMX_VM_INSTRUCTION_ERROR			= 0x00004400,
+	VMX_VM_EXIT_REASON				= 0x00004402,
+	VMX_VM_EXIT_INTR_INFO				= 0x00004404,
+	VMX_VM_EXIT_INTR_ERROR_CODE			= 0x00004406,
+	VMX_IDT_VECTORING_INFO_FIELD			= 0x00004408,
+	VMX_IDT_VECTORING_ERROR_CODE			= 0x0000440a,
+	VMX_VM_EXIT_INSTRUCTION_LEN			= 0x0000440c,
+	VMX_VMX_INSTRUCTION_INFO			= 0x0000440e,
+	VMX_GUEST_ES_LIMIT				= 0x00004800,
+	VMX_GUEST_CS_LIMIT				= 0x00004802,
+	VMX_GUEST_SS_LIMIT				= 0x00004804,
+	VMX_GUEST_DS_LIMIT				= 0x00004806,
+	VMX_GUEST_FS_LIMIT				= 0x00004808,
+	VMX_GUEST_GS_LIMIT				= 0x0000480a,
+	VMX_GUEST_LDTR_LIMIT				= 0x0000480c,
+	VMX_GUEST_TR_LIMIT				= 0x0000480e,
+	VMX_GUEST_GDTR_LIMIT				= 0x00004810,
+	VMX_GUEST_IDTR_LIMIT				= 0x00004812,
+	VMX_GUEST_ES_AR_BYTES				= 0x00004814,
+	VMX_GUEST_CS_AR_BYTES				= 0x00004816,
+	VMX_GUEST_SS_AR_BYTES				= 0x00004818,
+	VMX_GUEST_DS_AR_BYTES				= 0x0000481a,
+	VMX_GUEST_FS_AR_BYTES				= 0x0000481c,
+	VMX_GUEST_GS_AR_BYTES				= 0x0000481e,
+	VMX_GUEST_LDTR_AR_BYTES				= 0x00004820,
+	VMX_GUEST_TR_AR_BYTES				= 0x00004822,
+	VMX_GUEST_INTERRUPTIBILITY_INFO			= 0x00004824,
+	VMX_GUEST_ACTIVITY_STATE			= 0X00004826,
+	VMX_GUEST_SYSENTER_CS				= 0x0000482A,
+	VMX_HOST_IA32_SYSENTER_CS			= 0x00004c00,
+	VMX_CR0_GUEST_HOST_MASK				= 0x00006000,
+	VMX_CR4_GUEST_HOST_MASK				= 0x00006002,
+	VMX_CR0_READ_SHADOW				= 0x00006004,
+	VMX_CR4_READ_SHADOW				= 0x00006006,
+	VMX_CR3_TARGET_VALUE0				= 0x00006008,
+	VMX_CR3_TARGET_VALUE1				= 0x0000600a,
+	VMX_CR3_TARGET_VALUE2				= 0x0000600c,
+	VMX_CR3_TARGET_VALUE3				= 0x0000600e,
+	VMX_EXIT_QUALIFICATION				= 0x00006400,
+	VMX_GUEST_LINEAR_ADDRESS			= 0x0000640a,
+	VMX_GUEST_CR0					= 0x00006800,
+	VMX_GUEST_CR3					= 0x00006802,
+	VMX_GUEST_CR4					= 0x00006804,
+	VMX_GUEST_ES_BASE				= 0x00006806,
+	VMX_GUEST_CS_BASE				= 0x00006808,
+	VMX_GUEST_SS_BASE				= 0x0000680a,
+	VMX_GUEST_DS_BASE				= 0x0000680c,
+	VMX_GUEST_FS_BASE				= 0x0000680e,
+	VMX_GUEST_GS_BASE				= 0x00006810,
+	VMX_GUEST_LDTR_BASE				= 0x00006812,
+	VMX_GUEST_TR_BASE				= 0x00006814,
+	VMX_GUEST_GDTR_BASE				= 0x00006816,
+	VMX_GUEST_IDTR_BASE				= 0x00006818,
+	VMX_GUEST_DR7					= 0x0000681a,
+	VMX_GUEST_RSP					= 0x0000681c,
+	VMX_GUEST_RIP					= 0x0000681e,
+	VMX_GUEST_RFLAGS				= 0x00006820,
+	VMX_GUEST_PENDING_DBG_EXCEPTIONS		= 0x00006822,
+	VMX_GUEST_SYSENTER_ESP				= 0x00006824,
+	VMX_GUEST_SYSENTER_EIP				= 0x00006826,
+	VMX_HOST_CR0					= 0x00006c00,
+	VMX_HOST_CR3					= 0x00006c02,
+	VMX_HOST_CR4					= 0x00006c04,
+	VMX_HOST_FS_BASE				= 0x00006c06,
+	VMX_HOST_GS_BASE				= 0x00006c08,
+	VMX_HOST_TR_BASE				= 0x00006c0a,
+	VMX_HOST_GDTR_BASE				= 0x00006c0c,
+	VMX_HOST_IDTR_BASE				= 0x00006c0e,
+	VMX_HOST_IA32_SYSENTER_ESP			= 0x00006c10,
+	VMX_HOST_IA32_SYSENTER_EIP			= 0x00006c12,
+	VMX_HOST_RSP					= 0x00006c14,
+	VMX_HOST_RIP					= 0x00006c16
+};
diff --git a/usr/src/lib/libwrap/DISCLAIMER b/usr/src/lib/libwrap/DISCLAIMER
deleted file mode 100644
index 42d82ca775..0000000000
--- a/usr/src/lib/libwrap/DISCLAIMER
+++ /dev/null
@@ -1,16 +0,0 @@
-/************************************************************************
-* Copyright 1995 by Wietse Venema.  All rights reserved.  Some individual
-* files may be covered by other copyrights.
-*
-* This material was originally written and compiled by Wietse Venema at
-* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
-* 1992, 1993, 1994 and 1995.
-*
-* Redistribution and use in source and binary forms are permitted
-* provided that this entire copyright notice is duplicated in all such
-* copies.
-*
-* This software is provided "as is" and without any expressed or implied
-* warranties, including, without limitation, the implied warranties of
-* merchantibility and fitness for any particular purpose.
-************************************************************************/
diff --git a/usr/src/lib/libwrap/Makefile b/usr/src/lib/libwrap/Makefile
index d50ef1981c..17bab3142f 100644
--- a/usr/src/lib/libwrap/Makefile
+++ b/usr/src/lib/libwrap/Makefile
@@ -2,7 +2,7 @@
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
 include ../Makefile.lib
@@ -22,8 +22,6 @@ lint :=		TARGET = lint
 
 all clean clobber install lint: $(SUBDIRS)
 
-all install: THIRDPARTYLICENSE
-
 install_h:	$(ROOTHDRS)
 
 check:		$(CHECKHDRS)
@@ -33,9 +31,4 @@ $(SUBDIRS): FRC
 
 FRC:
 
-THIRDPARTYLICENSE: DISCLAIMER
-	$(GREP) -v '\*\*\*\*' DISCLAIMER > $@
-
-CLOBBERFILES += THIRDPARTYLICENSE
-
 include ../Makefile.targ
diff --git a/usr/src/lib/libwrap/Makefile.com b/usr/src/lib/libwrap/Makefile.com
index e205f8ec2c..aeafc46ffe 100644
--- a/usr/src/lib/libwrap/Makefile.com
+++ b/usr/src/lib/libwrap/Makefile.com
@@ -21,6 +21,8 @@
 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 LIBRARY =	libwrap.a
 MAJOR =		.1
@@ -29,7 +31,7 @@ VERS =		$(MAJOR)$(MINOR)
 OBJECTS =	hosts_access.o options.o shell_cmd.o rfc931.o eval.o \
 		hosts_ctl.o refuse.o percent_x.o clean_exit.o \
 		fromhost.o fix_options.o socket.o tli.o workarounds.o \
-		update.o misc.o diag.o percent_m.o
+		update.o misc.o diag.o percent_m.o libvars.o
 
 include ../../Makefile.lib
 
@@ -51,15 +53,6 @@ CFLAGS +=	$(CCVERBOSE) -erroff=E_FUNC_EXPECTS_TO_RETURN_VALUE \
 		-erroff=E_OLD_STYLE_DECL_HIDES_PROTO \
 		-_gcc=-Wno-return-type
 
-DISTFILES =	clean_exit.c diag.c eval.c fix_options.c fromhost.c \
-		hosts_access.c hosts_ctl.c misc.c mystdarg.h options.c \
-		patchlevel.h percent_m.c percent_x.c refuse.c rfc931.c \
-		setenv.c shell_cmd.c socket.c tcpd.h tli.c update.c \
-		workarounds.c
-
-ROOTSRC =	$(ROOT)/usr/share/src/tcp_wrappers
-ROOTSRCFILES = $(DISTFILES:%=$(ROOTSRC)/%)
-
 .KEEP_STATE:
 
 all: $(LIBS)
@@ -69,15 +62,6 @@ lint: lintcheck
 $(ROOTLIBDIR)/$(LIBLINKS)$(MAJOR): $(ROOTLIBDIR)/$(LIBLINKS)$(VERS)
 	$(INS.liblink)
 
-$(ROOTSRCFILES) := FILEMODE = 0444
-$(ROOTSRCFILES): $(ROOTSRC)
-
-$(ROOTSRC):
-	$(INS.dir)
-
-$(ROOTSRC)/%: $(SRCDIR)/%
-	$(INS.file)
-
 include ../../Makefile.targ
 
 
diff --git a/usr/src/lib/libwrap/THIRDPARTYLICENSE.descrip b/usr/src/lib/libwrap/THIRDPARTYLICENSE.descrip
deleted file mode 100644
index 63e8502e32..0000000000
--- a/usr/src/lib/libwrap/THIRDPARTYLICENSE.descrip
+++ /dev/null
@@ -1 +0,0 @@
-TCP WRAPPER SOFTWARE
diff --git a/usr/src/lib/libwrap/i386/Makefile b/usr/src/lib/libwrap/i386/Makefile
index 0e11da5547..37ad17a2e4 100644
--- a/usr/src/lib/libwrap/i386/Makefile
+++ b/usr/src/lib/libwrap/i386/Makefile
@@ -2,9 +2,9 @@
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
 include ../Makefile.com
 
-install: all $(ROOTLIBS) .WAIT $(ROOTLINKS) $(ROOTLINT) $(ROOTSRCFILES)
+install: all $(ROOTLIBS) .WAIT $(ROOTLINKS) $(ROOTLINT)
diff --git a/usr/src/lib/libwrap/libvars.c b/usr/src/lib/libwrap/libvars.c
new file mode 100644
index 0000000000..fa7a8656c0
--- /dev/null
+++ b/usr/src/lib/libwrap/libvars.c
@@ -0,0 +1,22 @@
+/*
+ * This file and its contents are supplied under the terms of the
+ * Common Development and Distribution License ("CDDL"), version 1.0.
+ * You may only use this file in accordance with the terms of version
+ * 1.0 of the CDDL.
+ *
+ * A full copy of the text of the CDDL should have accompanied this
+ * source.  A copy of the CDDL is also available via the Internet at
+ * http://www.illumos.org/license/CDDL.
+ */
+
+/*
+ * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+ */
+
+/*
+ * Add data storage for two variables which should be defined by consumers
+ * of libwrap to fix GNU configure's libwrap test.
+ */
+
+int allow_severity;
+int deny_severity;
diff --git a/usr/src/lib/libwrap/mapfile b/usr/src/lib/libwrap/mapfile
index e02d7e8c9e..a6ccfe109b 100644
--- a/usr/src/lib/libwrap/mapfile
+++ b/usr/src/lib/libwrap/mapfile
@@ -1,5 +1,6 @@
 #
 # Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
 #
@@ -25,6 +26,6 @@ $mapfile_version 2
 
 SYMBOL_SCOPE {
 	global:
-		allow_severity		{ FLAGS = extern };
-		deny_severity		{ FLAGS = extern };
+		allow_severity		{ FLAGS = NODIRECT; };
+		deny_severity		{ FLAGS = NODIRECT; };
 };
diff --git a/usr/src/lib/libwrap/setenv.c b/usr/src/lib/libwrap/setenv.c
deleted file mode 100644
index d4a53d2845..0000000000
--- a/usr/src/lib/libwrap/setenv.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
- /*
-  * Some systems do not have setenv(). This one is modeled after 4.4 BSD, but
-  * is implemented in terms of portable primitives only: getenv(), putenv()
-  * and malloc(). It should therefore be safe to use on every UNIX system.
-  * 
-  * If clobber == 0, do not overwrite an existing variable.
-  * 
-  * Returns nonzero if memory allocation fails.
-  * 
-  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
-  */
-
-#ifndef lint
-static char sccsid[] = "@(#) setenv.c 1.1 93/03/07 22:47:58";
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-
-/* setenv - update or insert environment (name,value) pair */
-
-int     setenv(name, value, clobber)
-char   *name;
-char   *value;
-int     clobber;
-{
-    char   *cp;
-
-    if (clobber == 0 && getenv(name) != 0)
-	return (0);
-    if ((cp = malloc(strlen(name) + strlen(value) + 2)) == 0)
-	return (1);
-    sprintf(cp, "%s=%s", name, value);
-    return (putenv(cp));
-}
diff --git a/usr/src/lib/libwrap/sparc/Makefile b/usr/src/lib/libwrap/sparc/Makefile
index 0e11da5547..37ad17a2e4 100644
--- a/usr/src/lib/libwrap/sparc/Makefile
+++ b/usr/src/lib/libwrap/sparc/Makefile
@@ -2,9 +2,9 @@
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
 include ../Makefile.com
 
-install: all $(ROOTLIBS) .WAIT $(ROOTLINKS) $(ROOTLINT) $(ROOTSRCFILES)
+install: all $(ROOTLIBS) .WAIT $(ROOTLINKS) $(ROOTLINT)
diff --git a/usr/src/lib/libzpool/common/sys/zfs_context.h b/usr/src/lib/libzpool/common/sys/zfs_context.h
index 3b0390dca5..c4d3c98e4b 100644
--- a/usr/src/lib/libzpool/common/sys/zfs_context.h
+++ b/usr/src/lib/libzpool/common/sys/zfs_context.h
@@ -21,6 +21,9 @@
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
  */
+/*
+ * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+ */
 
 #ifndef _SYS_ZFS_CONTEXT_H
 #define	_SYS_ZFS_CONTEXT_H
@@ -347,6 +350,16 @@ typedef struct taskq taskq_t;
 typedef uintptr_t taskqid_t;
 typedef void (task_func_t)(void *);
 
+typedef struct taskq_ent {
+	struct taskq_ent	*tqent_next;
+	struct taskq_ent	*tqent_prev;
+	task_func_t		*tqent_func;
+	void			*tqent_arg;
+	uintptr_t		tqent_flags;
+} taskq_ent_t;
+
+#define	TQENT_FLAG_PREALLOC	0x1	/* taskq_dispatch_ent used */
+
 #define	TASKQ_PREPOPULATE	0x0001
 #define	TASKQ_CPR_SAFE		0x0002	/* Use CPR safe protocol */
 #define	TASKQ_DYNAMIC		0x0004	/* Use dynamic thread scheduling */
@@ -358,6 +371,7 @@ typedef void (task_func_t)(void *);
 #define	TQ_NOQUEUE	0x02		/* Do not enqueue if can't dispatch */
 #define	TQ_FRONT	0x08		/* Queue in front */
 
+
 extern taskq_t *system_taskq;
 
 extern taskq_t	*taskq_create(const char *, int, pri_t, int, int, uint_t);
@@ -366,6 +380,8 @@ extern taskq_t	*taskq_create(const char *, int, pri_t, int, int, uint_t);
 #define	taskq_create_sysdc(a, b, d, e, p, dc, f) \
 	    (taskq_create(a, b, maxclsyspri, d, e, f))
 extern taskqid_t taskq_dispatch(taskq_t *, task_func_t, void *, uint_t);
+extern void	taskq_dispatch_ent(taskq_t *, task_func_t, void *, uint_t,
+    taskq_ent_t *);
 extern void	taskq_destroy(taskq_t *);
 extern void	taskq_wait(taskq_t *);
 extern int	taskq_member(taskq_t *, void *);
diff --git a/usr/src/lib/libzpool/common/taskq.c b/usr/src/lib/libzpool/common/taskq.c
index 8db5d11c13..f32e0a72a2 100644
--- a/usr/src/lib/libzpool/common/taskq.c
+++ b/usr/src/lib/libzpool/common/taskq.c
@@ -22,19 +22,15 @@
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
+/*
+ * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+ */
 
 #include <sys/zfs_context.h>
 
 int taskq_now;
 taskq_t *system_taskq;
 
-typedef struct task {
-	struct task	*task_next;
-	struct task	*task_prev;
-	task_func_t	*task_func;
-	void		*task_arg;
-} task_t;
-
 #define	TASKQ_ACTIVE	0x00010000
 
 struct taskq {
@@ -51,18 +47,18 @@ struct taskq {
 	int		tq_maxalloc;
 	kcondvar_t	tq_maxalloc_cv;
 	int		tq_maxalloc_wait;
-	task_t		*tq_freelist;
-	task_t		tq_task;
+	taskq_ent_t	*tq_freelist;
+	taskq_ent_t	tq_task;
 };
 
-static task_t *
+static taskq_ent_t *
 task_alloc(taskq_t *tq, int tqflags)
 {
-	task_t *t;
+	taskq_ent_t *t;
 	int rv;
 
 again:	if ((t = tq->tq_freelist) != NULL && tq->tq_nalloc >= tq->tq_minalloc) {
-		tq->tq_freelist = t->task_next;
+		tq->tq_freelist = t->tqent_next;
 	} else {
 		if (tq->tq_nalloc >= tq->tq_maxalloc) {
 			if (!(tqflags & KM_SLEEP))
@@ -87,7 +83,7 @@ again:	if ((t = tq->tq_freelist) != NULL && tq->tq_nalloc >= tq->tq_minalloc) {
 		}
 		mutex_exit(&tq->tq_lock);
 
-		t = kmem_alloc(sizeof (task_t), tqflags);
+		t = kmem_alloc(sizeof (taskq_ent_t), tqflags);
 
 		mutex_enter(&tq->tq_lock);
 		if (t != NULL)
@@ -97,15 +93,15 @@ again:	if ((t = tq->tq_freelist) != NULL && tq->tq_nalloc >= tq->tq_minalloc) {
 }
 
 static void
-task_free(taskq_t *tq, task_t *t)
+task_free(taskq_t *tq, taskq_ent_t *t)
 {
 	if (tq->tq_nalloc <= tq->tq_minalloc) {
-		t->task_next = tq->tq_freelist;
+		t->tqent_next = tq->tq_freelist;
 		tq->tq_freelist = t;
 	} else {
 		tq->tq_nalloc--;
 		mutex_exit(&tq->tq_lock);
-		kmem_free(t, sizeof (task_t));
+		kmem_free(t, sizeof (taskq_ent_t));
 		mutex_enter(&tq->tq_lock);
 	}
 
@@ -116,7 +112,7 @@ task_free(taskq_t *tq, task_t *t)
 taskqid_t
 taskq_dispatch(taskq_t *tq, task_func_t func, void *arg, uint_t tqflags)
 {
-	task_t *t;
+	taskq_ent_t *t;
 
 	if (taskq_now) {
 		func(arg);
@@ -130,26 +126,58 @@ taskq_dispatch(taskq_t *tq, task_func_t func, void *arg, uint_t tqflags)
 		return (0);
 	}
 	if (tqflags & TQ_FRONT) {
-		t->task_next = tq->tq_task.task_next;
-		t->task_prev = &tq->tq_task;
+		t->tqent_next = tq->tq_task.tqent_next;
+		t->tqent_prev = &tq->tq_task;
 	} else {
-		t->task_next = &tq->tq_task;
-		t->task_prev = tq->tq_task.task_prev;
+		t->tqent_next = &tq->tq_task;
+		t->tqent_prev = tq->tq_task.tqent_prev;
 	}
-	t->task_next->task_prev = t;
-	t->task_prev->task_next = t;
-	t->task_func = func;
-	t->task_arg = arg;
+	t->tqent_next->tqent_prev = t;
+	t->tqent_prev->tqent_next = t;
+	t->tqent_func = func;
+	t->tqent_arg = arg;
 	cv_signal(&tq->tq_dispatch_cv);
 	mutex_exit(&tq->tq_lock);
 	return (1);
 }
 
 void
+taskq_dispatch_ent(taskq_t *tq, task_func_t func, void *arg, uint_t flags,
+    taskq_ent_t *t)
+{
+	ASSERT(func != NULL);
+	ASSERT(!(tq->tq_flags & TASKQ_DYNAMIC));
+
+	/*
+	 * Mark it as a prealloc'd task.  This is important
+	 * to ensure that we don't free it later.
+	 */
+	t->tqent_flags |= TQENT_FLAG_PREALLOC;
+	/*
+	 * Enqueue the task to the underlying queue.
+	 */
+	mutex_enter(&tq->tq_lock);
+
+	if (flags & TQ_FRONT) {
+		t->tqent_next = tq->tq_task.tqent_next;
+		t->tqent_prev = &tq->tq_task;
+	} else {
+		t->tqent_next = &tq->tq_task;
+		t->tqent_prev = tq->tq_task.tqent_prev;
+	}
+	t->tqent_next->tqent_prev = t;
+	t->tqent_prev->tqent_next = t;
+	t->tqent_func = func;
+	t->tqent_arg = arg;
+	cv_signal(&tq->tq_dispatch_cv);
+	mutex_exit(&tq->tq_lock);
+}
+
+void
 taskq_wait(taskq_t *tq)
 {
 	mutex_enter(&tq->tq_lock);
-	while (tq->tq_task.task_next != &tq->tq_task || tq->tq_active != 0)
+	while (tq->tq_task.tqent_next != &tq->tq_task || tq->tq_active != 0)
 		cv_wait(&tq->tq_wait_cv, &tq->tq_lock);
 	mutex_exit(&tq->tq_lock);
 }
@@ -158,27 +186,32 @@ static void *
 taskq_thread(void *arg)
 {
 	taskq_t *tq = arg;
-	task_t *t;
+	taskq_ent_t *t;
+	boolean_t prealloc;
 
 	mutex_enter(&tq->tq_lock);
 	while (tq->tq_flags & TASKQ_ACTIVE) {
-		if ((t = tq->tq_task.task_next) == &tq->tq_task) {
+		if ((t = tq->tq_task.tqent_next) == &tq->tq_task) {
 			if (--tq->tq_active == 0)
 				cv_broadcast(&tq->tq_wait_cv);
 			cv_wait(&tq->tq_dispatch_cv, &tq->tq_lock);
 			tq->tq_active++;
 			continue;
 		}
-		t->task_prev->task_next = t->task_next;
-		t->task_next->task_prev = t->task_prev;
+		t->tqent_prev->tqent_next = t->tqent_next;
+		t->tqent_next->tqent_prev = t->tqent_prev;
+		t->tqent_next = NULL;
+		t->tqent_prev = NULL;
+		prealloc = t->tqent_flags & TQENT_FLAG_PREALLOC;
 		mutex_exit(&tq->tq_lock);
 
 		rw_enter(&tq->tq_threadlock, RW_READER);
-		t->task_func(t->task_arg);
+		t->tqent_func(t->tqent_arg);
 		rw_exit(&tq->tq_threadlock);
 
 		mutex_enter(&tq->tq_lock);
-		task_free(tq, t);
+		if (!prealloc)
+			task_free(tq, t);
 	}
 	tq->tq_nthreads--;
 	cv_broadcast(&tq->tq_wait_cv);
@@ -217,8 +250,8 @@ taskq_create(const char *name, int nthreads, pri_t pri,
 	tq->tq_nthreads = nthreads;
 	tq->tq_minalloc = minalloc;
 	tq->tq_maxalloc = maxalloc;
-	tq->tq_task.task_next = &tq->tq_task;
-	tq->tq_task.task_prev = &tq->tq_task;
+	tq->tq_task.tqent_next = &tq->tq_task;
+	tq->tq_task.tqent_prev = &tq->tq_task;
 	tq->tq_threadlist = kmem_alloc(nthreads * sizeof (thread_t), KM_SLEEP);
 
 	if (flags & TASKQ_PREPOPULATE) {
diff --git a/usr/src/man/Makefile b/usr/src/man/Makefile
index 47df33d771..c0bd2ce500 100644
--- a/usr/src/man/Makefile
+++ b/usr/src/man/Makefile
@@ -81,7 +81,6 @@ SUBDIRS=man1		\
 	man3xcurses	\
 	man3xnet	\
 	man4		\
-	man4b		\
 	man5		\
 	man7		\
 	man7d		\
diff --git a/usr/src/man/man1/Makefile b/usr/src/man/man1/Makefile
index 211fbd84f7..917c1ebae0 100644
--- a/usr/src/man/man1/Makefile
+++ b/usr/src/man/man1/Makefile
@@ -384,7 +384,6 @@ MANFILES=	acctcom.1			\
 	 	tnfdump.1			\
 	 	tnfxtract.1			\
 	 	touch.1				\
-	 	tplot.1				\
 	 	tput.1				\
 	 	tr.1				\
 	 	trap.1				\
@@ -529,11 +528,6 @@ MANSOFILES =	batch.1		\
 		strconf.1	\
 		sun.1		\
 		switch.1	\
-		t300.1		\
-		t300s.1		\
-		t4014.1		\
-		t450.1		\
-		tek.1		\
 		u370.1		\
 		u3b.1		\
 		u3b15.1		\
@@ -560,7 +554,6 @@ MANSOFILES =	batch.1		\
 		valyorn.1	\
 		vax.1		\
 		vedit.1		\
-		ver.1		\
 		whence.1	\
 		while.1		\
 		zcat.1
@@ -739,13 +732,6 @@ strconf.1	:= SOSRC = man1/strchg.1
 
 settime.1	:= SOSRC = man1/touch.1
 
-t300.1		:= SOSRC = man1/tplot.1
-t300s.1		:= SOSRC = man1/tplot.1
-t4014.1		:= SOSRC = man1/tplot.1
-t450.1		:= SOSRC = man1/tplot.1
-tek.1		:= SOSRC = man1/tplot.1
-ver.1		:= SOSRC = man1/tplot.1
-
 onintr.1	:= SOSRC = man1/trap.1
 
 false.1		:= SOSRC = man1/true.1
diff --git a/usr/src/man/man1/sed.1 b/usr/src/man/man1/sed.1
index 3b69a70403..465225cc33 100644
--- a/usr/src/man/man1/sed.1
+++ b/usr/src/man/man1/sed.1
@@ -1,545 +1,670 @@
-'\" te
-.\" Copyright 1989 AT&T
-.\" Copyright (c) 1998, Sun Microsystems, Inc.  All Rights Reserved
-.\" Portions Copyright (c) 1992, X/Open Company Limited  All Rights Reserved
-.\" Sun Microsystems, Inc. gratefully acknowledges The Open Group for permission to reproduce portions of its copyrighted documentation. Original documentation from The Open Group can be obtained online at 
-.\" http://www.opengroup.org/bookstore/.
-.\" The Institute of Electrical and Electronics Engineers and The Open Group, have given us permission to reprint portions of their documentation. In the following statement, the phrase "this text" refers to portions of the system documentation. Portions of this text are reprinted and reproduced in electronic form in the Sun OS Reference Manual, from IEEE Std 1003.1, 2004 Edition, Standard for Information Technology -- Portable Operating System Interface (POSIX), The Open Group Base Specifications Issue 6, Copyright (C) 2001-2004 by the Institute of Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between these versions and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at http://www.opengroup.org/unix/online.html.
-.\"  This notice shall appear on any product containing this material.
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH sed 1 "23 Jul 1998" "SunOS 5.11" "User Commands"
+.\" Copyright (c) 1992, 1993
+.\"     The Regents of the University of California.  All rights reserved.
+.\"
+.\" This code is derived from software contributed to Berkeley by
+.\" the Institute of Electrical and Electronics Engineers, Inc.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.TH SED 1 "May 24, 2009" ""
 .SH NAME
-sed \- stream editor
+\fBsed\fP
+\- stream editor
 .SH SYNOPSIS
-.LP
-.nf
-\fB/usr/bin/sed\fR [\fB-n\fR] \fIscript\fR [\fIfile\fR]...
-.fi
-
-.LP
-.nf
-\fB/usr/bin/sed\fR [\fB-n\fR] [\fB-e\fR \fIscript\fR]... [\fB-f\fR \fIscript_file\fR]... 
-     [\fIfile\fR]...
-.fi
-
-.LP
-.nf
-\fB/usr/xpg4/bin/sed\fR [\fB-n\fR] \fIscript\fR [\fIfile\fR]...
-.fi
-
-.LP
-.nf
-\fB/usr/xpg4/bin/sed\fR [\fB-n\fR] [\fB-e\fR \fIscript\fR]... [\fB-f\fR \fIscript_file\fR]... 
-     [\fIfile\fR]...
-.fi
-
+.br
+\fBsed\fP
+[\fB\-Ealnr\fP]
+\fIcommand\fP
+[\fIfile ...\fP]
+.br
+\fBsed\fP
+[\fB\-Ealnr\fP]
+[\fB\-e\fP \fIcommand\fP]
+[\fB\-f\fP \fIcommand_file\fP]
+[\fB\-I\fP \fIextension\fP]
+[\fB\-i\fP \fIextension\fP]
+[\fIfile ...\fP]
 .SH DESCRIPTION
-.sp
-.LP
-The \fBsed\fR utility is a stream editor that reads one or more text files,
-makes editing changes according to a script of editing commands, and writes the
-results to standard output. The script is obtained from either the \fIscript\fR
-operand string, or a combination of the option-arguments from the \fB-e\fR
-\fIscript\fR and \fB-f\fR \fIscript_file\fR options.
-.sp
-.LP
-The \fBsed\fR utility is a text editor. It cannot edit binary files or files
-containing ASCII NUL (\e0) characters or very long lines.
-.SH OPTIONS
-.sp
-.LP
-The following options are supported:
-.sp
-.ne 2
-.mk
-.na
-\fB\fB-e\fR \fIscript\fR \fR
-.ad
-.RS 19n
-.rt  
-\fIscript\fR is an edit command for \fBsed\fR. See USAGE below for more
-information on the format of \fIscript\fR. If there is just one \fB-e\fR option
-and no \fB-f\fR options, the flag \fB-e\fR may be omitted.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB-f\fR \fIscript_file\fR \fR
-.ad
-.RS 19n
-.rt  
-Takes the script from \fIscript_file\fR. \fIscript_file\fR consists of editing
-commands, one per line.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB-n\fR \fR
-.ad
-.RS 19n
-.rt  
-Suppresses the default output.
-.RE
-
-.sp
-.LP
-Multiple \fB-e\fR and \fB-f\fR options may be specified. All commands are added
-to the script in the order specified, regardless of their origin.
-.SH OPERANDS
-.sp
-.LP
-The following operands are supported:
-.sp
-.ne 2
-.mk
-.na
-\fB\fIfile\fR \fR
-.ad
-.RS 11n
-.rt  
-A path name of a file whose contents will be read and edited. If multiple
-\fIfile\fR operands are specified, the named files will be read in the order
-specified and the concatenation will be edited. If no \fIfile\fR operands are
-specified, the standard input will be used.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fIscript\fR \fR
-.ad
-.RS 11n
-.rt  
-A string to be used as the script of editing commands. The application must not
-present a \fIscript\fR that violates the restrictions of a text file except
-that the final character need not be a \fBNEWLINE\fR character.
-.RE
-
-.SH USAGE
-.sp
-.LP
-A script consists of editing commands, one per line, of the following form:
-.sp
-.LP
-[ \|\fIaddress\fR \|[ \|, \|\fIaddress\fR \|] \|] \|\fIcommand\fR \|[
-\|\fIarguments\fR \|]
-.sp
-.LP
-Zero or more blank characters are accepted before the first address and before
-\fIcommand\fR. Any number of semicolons are accepted before the first address.
-.sp
-.LP
-In normal operation, \fBsed\fR cyclically copies a line of input (less its
-terminating \fBNEWLINE\fR character) into a \fIpattern space\fR  (unless there
-is something left after a \fBD\fR command), applies in sequence all commands
-whose \fIaddresses\fR select that pattern space, and copies the resulting
-pattern space to the standard output (except under \fB-n\fR) and deletes the
-pattern space. Whenever the pattern space is written to standard output or a
-named file, \fBsed\fR will immediately follow it with a \fINEWLINE\fR
-character.
-.sp
-.LP
-Some of the commands use a \fIhold space\fR  to save all or part of the
-\fIpattern space\fR  for subsequent retrieval. The \fIpattern\fR and \fIhold
-spaces\fR will each be able to hold at least \fB8192\fR bytes.
-.SS "sed Addresses"
-.sp
-.LP
-An \fIaddress\fR is either empty, a decimal number that counts input lines
-cumulatively across files, a \fB$\fR that addresses the last line of input, or
-a context address, which consists of a \fB/\fR\fIregular expression\fR\fB/\fR
-as described on the \fBregexp\fR(5) manual page.
-.sp
-.LP
+The
+\fBsed\fP
+utility reads the specified files, or the standard input if no files
+are specified, modifying the input as specified by a list of commands.
+The input is then written to the standard output.
+
+A single command may be specified as the first argument to
+\fB.\fP
+Multiple commands may be specified by using the
+\fB\-e\fP
+or
+\fB\-f\fP
+options.
+All commands are applied to the input in the order they are specified
+regardless of their origin.
+
+The following options are available:
+.TP
+\fB\-E\fP
+Interpret regular expressions as extended (modern) regular expressions
+rather than basic regular expressions (BRE's).
+The
+\fBre_format\fP(7)
+manual page fully describes both formats.
+.TP
+\fB\-a\fP
+The files listed as parameters for the
+``w''
+functions are created (or truncated) before any processing begins,
+by default.
+The
+\fB\-a\fP
+option causes
+\fBsed\fP
+to delay opening each file until a command containing the related
+``w''
+function is applied to a line of input.
+.TP
+\fB\-e\fP \fIcommand\fP
+Append the editing commands specified by the
+\fIcommand\fP
+argument
+to the list of commands.
+.TP
+\fB\-f\fP \fIcommand_file\fP
+Append the editing commands found in the file
+\fIcommand_file\fP
+to the list of commands.
+The editing commands should each be listed on a separate line.
+.TP
+\fB\-I\fP \fIextension\fP
+Edit files in-place, saving backups with the specified
+\fIextension\fP.
+If a zero-length
+\fIextension\fP
+is given, no backup will be saved.
+It is not recommended to give a zero-length
+\fIextension\fP
+when in-place editing files, as you risk corruption or partial content
+in situations where disk space is exhausted, etc.
+
+Note that in-place editing with
+\fB\-I\fP
+still takes place in a single continuous line address space covering
+all files, although each file preserves its individuality instead of
+forming one output stream.
+The line counter is never reset between files, address ranges can span
+file boundaries, and the
+``$''
+address matches only the last line of the last file.
+(See
+.B "Sed Addresses" . )
+That can lead to unexpected results in many cases of in-place editing,
+where using
+\fB\-i\fP
+is desired.
+.TP
+\fB\-i\fP \fIextension\fP
+Edit files in-place similarly to
+\fB\-I\fP,
+but treat each file independently from other files.
+In particular, line numbers in each file start at 1,
+the
+``$''
+address matches the last line of the current file,
+and address ranges are limited to the current file.
+(See
+.B "Sed Addresses" . )
+The net result is as though each file were edited by a separate
+\fBsed\fP
+instance.
+.TP
+\fB\-l\fP
+Make output line buffered.
+.TP
+\fB\-n\fP
+By default, each line of input is echoed to the standard output after
+all of the commands have been applied to it.
+The
+\fB\-n\fP
+option suppresses this behavior.
+.TP
+\fB\-r\fP
+Same as
+\fB\-E\fP
+for compatibility with GNU sed.
+
+The form of a
+\fBsed\fP
+command is as follows:
+
+[address[,address]]function[arguments]
+
+Whitespace may be inserted before the first address and the function
+portions of the command.
+
+Normally,
+\fBsed\fP
+cyclically copies a line of input, not including its terminating newline
+character, into a
+.IR "pattern space" ,
+(unless there is something left after a
+``D''
+function),
+applies all of the commands with addresses that select that pattern space,
+copies the pattern space to the standard output, appending a newline, and
+deletes the pattern space.
+
+Some of the functions use a
+.IR "hold space"
+to save all or part of the pattern space for subsequent retrieval.
+.SH "Sed Addresses"
+An address is not required, but if specified must have one of the
+following formats:
+.IP \(bu
+a number that counts
+input lines
+cumulatively across input files (or in each file independently
+if a
+\fB\-i\fP
+option is in effect);
+.IP \(bu
+a dollar
+(``$'')
+character that addresses the last line of input (or the last line
+of the current file if a
+\fB\-i\fP
+option was specified);
+.IP \(bu
+a context address
+that consists of a regular expression preceded and followed by a
+delimiter. The closing delimiter can also optionally be followed by the 
+``I''
+character, to indicate that the regular expression is to be matched
+in a case-insensitive way.
+
 A command line with no addresses selects every pattern space.
-.sp
-.LP
-A command line with one address selects each pattern space that matches the
+
+A command line with one address selects all of the pattern spaces
+that match the address.
+
+A command line with two addresses selects an inclusive range.
+This
+range starts with the first pattern space that matches the first
 address.
-.sp
-.LP
-A command line with two addresses selects the inclusive range from the first
-pattern space that matches the first address through the next pattern space
-that matches the second address. Thereafter the process is repeated, looking
-again for the first address. (If the second address is a number less than or
-equal to the line number selected by the first address, only the line
-corresponding to the first address is selected.)
-.sp
-.LP
-Typically, address are separated from each other by a comma (,).  They may also
-be separated by a semicolon (;).
-.SS "sed Regular Expressions"
-.sp
-.LP
-\fBsed\fR supports the basic regular expressions described on the
-\fBregexp\fR(5) manual page, with the following additions:
-.sp
-.ne 2
-.mk
-.na
-\fB\fI\ecREc\fR \fR
-.ad
-.RS 11n
-.rt  
-In a context address, the construction \fI\ecREc\fR, where \fIc\fR is any
-character other than a backslash or \fBNEWLINE\fR character, is identical to
-/\fIRE\fR/. If the character designated by \fIc\fR appears following a
-backslash, then it is considered to be that literal character, which does not
-terminate the RE. For example, in the context address \fB\exabc\exdefx\fR, the
-second \fBx\fR stands for itself, so that the regular expression is
-\fBabcxdef\fR.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB\en\fR \fR
-.ad
-.RS 11n
-.rt  
-The escape sequence \fB\en\fR matches a \fINEWLINE\fR character embedded in the
-pattern space.  A literal \fBNEWLINE\fR character must not be used in the
-regular expression of a context address or in the substitute command.
-.RE
-
-.sp
-.LP
-Editing commands can be applied only to non-selected pattern spaces by use of
-the negation command \fB!\fR (described below).
-.SS "sed Editing Commands"
-.sp
-.LP
-In the following list of functions the maximum number of permissible addresses
-for each function is indicated.
-.sp
-.LP
-The \fBr\fR and \fBw\fR commands take an optional \fIrfile\fR (or \fIwfile\fR)
-parameter, separated from the command letter by one or more blank characters.
-.sp
-.LP
-Multiple commands can be specified by separating them with a semicolon
-(\fB;\fR) on the same command line.
-.sp
-.LP
-The \fItext\fR argument consists of one or more lines, all but the last of
-which end with \fB\e\fR to hide the \fBNEWLINE\fR. Each embedded \fBNEWLINE\fR
-character in the text must be preceded by a backslash. Other backslashes in
-text are removed and the following character is treated literally. Backslashes
-in text are treated like backslashes in the replacement string of an \fBs\fR
-command, and may be used to protect initial blanks and tabs against the
-stripping that is done on every script line.  The \fIrfile\fR or \fIwfile\fR
-argument must terminate the command line and must be preceded by exactly one
-blank.  The use of the \fIwfile\fR parameter causes that file to be initially
-created, if it does not exist, or will replace the contents of an existing
-file. There can be at most 10 distinct \fIwfile\fR arguments.
-.sp
-.LP
-Regular expressions match entire strings, not just individual lines, but a
-\fBNEWLINE\fR character is matched by \fB\en\fR in a \fBsed\fR RE. A
-\fBNEWLINE\fR character is not allowed in an RE. Also notice that \fB\en\fR
-cannot be used to match a \fBNEWLINE\fR character at the end of an input line;
-\fBNEWLINE\fR characters appear in the pattern space as a result of the \fBN\fR
-editing command.
-.sp
-.LP
-Two of the commands take a \fIcommand-list\fR, which is a list of \fBsed\fR
-commands separated by \fBNEWLINE\fR characters, as follows:
-.sp
-.in +2
-.nf
-{ \fIcommand\fR 
-\fIcommand\fR 
+The end of the range is the next following pattern space
+that matches the second address.
+If the second address is a number
+less than or equal to the line number first selected, only that
+line is selected.
+The number in the second address may be prefixed with a
+(``\&+'')
+to specify the number of lines to match after the first pattern.
+In the case when the second address is a context
+address,
+\fBsed\fP
+does not re-match the second address against the
+pattern space that matched the first address.
+Starting at the
+first line following the selected range,
+\fBsed\fP
+starts looking again for the first address.
+
+Editing commands can be applied to non-selected pattern spaces by use
+of the exclamation character
+(``\&!'')
+function.
+.SH "Sed Regular Expressions"
+The regular expressions used in
+\fB,\fP
+by default, are basic regular expressions (BREs, see
+\fBre_format\fP(7)
+for more information), but extended (modern) regular expressions can be used
+instead if the
+\fB\-E\fP
+flag is given.
+In addition,
+\fBsed\fP
+has the following two additions to regular expressions:
+
+.IP 1.
+In a context address, any character other than a backslash
+(``\e'')
+or newline character may be used to delimit the regular expression.
+The opening delimiter needs to be preceded by a backslash
+unless it is a slash.
+For example, the context address
+\exabcx
+is equivalent to
+/abc/ .
+Also, putting a backslash character before the delimiting character
+within the regular expression causes the character to be treated literally.
+For example, in the context address
+\exabc\exdefx ,
+the RE delimiter is an
+``x''
+and the second
+``x''
+stands for itself, so that the regular expression is
+``abcxdef''.
+
+.IP 2.
+The escape sequence \en matches a newline character embedded in the
+pattern space.
+You cannot, however, use a literal newline character in an address or
+in the substitute command.
+
+One special feature of
+\fBsed\fP
+regular expressions is that they can default to the last regular
+expression used.
+If a regular expression is empty, i.e., just the delimiter characters
+are specified, the last regular expression encountered is used instead.
+The last regular expression is defined as the last regular expression
+used as part of an address or substitute command, and at run-time, not
+compile-time.
+For example, the command
+``/abc/s//XXX/''
+will substitute
+``XXX''
+for the pattern
+``abc''.
+.SH "Sed Functions"
+In the following list of commands, the maximum number of permissible
+addresses for each command is indicated by [0addr], [1addr], or [2addr],
+representing zero, one, or two addresses.
+
+The argument
+.IR text
+consists of one or more lines.
+To embed a newline in the text, precede it with a backslash.
+Other backslashes in text are deleted and the following character
+taken literally.
+
+The
+``r''
+and
+``w''
+functions take an optional file parameter, which should be separated
+from the function letter by white space.
+Each file given as an argument to
+\fBsed\fP
+is created (or its contents truncated) before any input processing begins.
+
+The
+``b'',
+``r'',
+``s'',
+``t'',
+``w'',
+``y'',
+``\&!'',
+and
+``\&:''
+functions all accept additional arguments.
+The following synopses indicate which arguments have to be separated from
+the function letters by white space characters.
+
+Two of the functions take a function-list.
+This is a list of
+\fBsed\fP
+functions separated by newlines, as follows:
+
+{ function
+.br
+  function
+.br
+  ...
+.br
+  function
+.br
 }
-.fi
-.in -2
-
-.sp
-.LP
-The \fB{\fR can be preceded with blank characters and can be followed with
-white space. The \fIcommands\fR can be preceded by white space. The terminating
-\fB}\fR must be preceded by a \fBNEWLINE\fR character and can be preceded or
-followed by <blank>s.  The braces may be preceded or followed by <blank>s. The
-command may be preceded by <blank>s, but may not be followed by <blank>s.
-.sp
-.LP
-The following table lists the functions, with the maximum number of permissible
-addresses.
-.sp
-
-.sp
-.TS
-tab() box;
-cw(.92i) |cw(1.38i) |cw(3.21i) 
-lw(.92i) |lw(1.38i) |lw(3.21i) 
-.
-Max AddressCommandDescription
-_
-1\fBa\e\fR \fItext\fRT{
-Append by executing \fBN\fR command or beginning a new cycle. Place \fItext\fR on the output before reading the next input line.
-T}
-_
-2\fBb\fR \fIlabel\fRT{
-Branch to the \fB:\fR command bearing the \fIlabel \fR.  If \fIlabel\fR is empty, branch to the end of the script.  Labels are recognized unique up to eight characters.
-T}
-_
-2\fBc\e\fR \fItext\fRT{
-Change.  Delete the pattern space.  Place \fItext\fR on the output. Start the next cycle.
-T}
-2\fBd\fRT{
-Delete the pattern space.  Start the next cycle.
-T}
-_
-2\fBD\fRT{
-Delete the initial segment of the pattern space through the first new-line.  Start the next cycle. (See the \fBN\fR command below.)
-T}
-_
-2\fBg\fRT{
-Replace the contents of the pattern space by the contents of the hold space.
-T}
-_
-2\fBG\fRT{
-Append the contents of the hold space to the pattern space.
-T}
-_
-2\fBh\fRT{
-Replace the contents of the hold space by the contents of the pattern space.
-T}
-_
-2\fBH\fRT{
-Append the contents of the pattern space to the hold space.
-T}
-_
-1\fBi\e\fR \fItext\fRT{
-Insert.  Place \fItext\fR on the standard output.
-T}
-_
-2\fBl\fRT{
-\fB/usr/bin/sed\fR:  List the pattern space on the standard output in an unambiguous form.  Non-printable characters are displayed in octal notation and long lines are folded.
-T}
-_
-T{
-\fB/usr/xpg4/bin/sed\fR:  List the pattern space on the standard output in an unambiguous form. Non-printable characters are displayed in octal notation and long lines are folded. The characters (\fB\e\e\fR, \fB\ea\fR, \fB\eb\fR, \fB\ef\fR, \fB\er\fR, \fB\et\fR, and \fB\ev\fR) are written as the corresponding escape sequences. Non-printable characters not in that table will be written as one three-digit octal number (with a preceding backslash character) for each byte in the character (most significant byte first). If the size of a byte on the system is greater than nine bits, the format used for non-printable characters is implementation dependent. 
-T}
-T{
-Long lines are folded, with the point of folding indicated by writing a backslash followed by a \fBNEWLINE\fR; the length at which folding occurs is unspecified, but should be appropriate for the output device.  The end of each line is marked with a \fB$\fR. 
-T}
-_
-2\fBn\fRT{
-Copy the pattern space to the standard output if default output is not suppressed.  Replace the pattern space with the next line of input.
-T}
-_
-2\fBN\fRT{
-Append the next line of input to the pattern space with an embedded new-line.  (The current line number changes.)  If no next line of input is available, the \fBN\fR command verb shall branch to the end of the script and quit without starting a new cycle and without writing the pattern space.
-T}
-_
-2\fBp\fRT{
-Print.  Copy the pattern space to the standard output.
-T}
-_
-2\fBP\fRT{
-Copy the initial segment of the pattern space through the first new-line to the standard output.
-T}
-_
-1\fBq\fRT{
-Quit.  Branch to the end of the script.  Do not start a new cycle.
-T}
-_
-2\fBr\fR \fIrfile\fRT{
-Read the contents of \fI rfile\fR.  Place them on the output before reading the next input line.  If \fIrfile\fR does not exist or cannot be read, it is treated as if it were an empty file, causing no error condition.
-T}
-_
-2\fBt\fR \fIlabel\fRT{
-Test.  Branch to the \fB:\fR command bearing the \fIlabel\fR if any substitutions have been made since the most recent reading of an input line or execution of a \fBt\fR. If \fIlabel\fR is empty, branch to the end of the script.
-T}
-_
-2\fBw\fR \fIwfile\fRT{
-Write.  Append the pattern space to \fIwfile\fR. The first occurrence of \fBw\fR will cause \fIwfile\fR to be cleared.  Subsequent invocations of \fBw\fR will append.  Each time the \fBsed\fR command is used, \fIwfile\fR is overwritten.
-T}
-_
-2\fBx\fRT{
-Exchange the contents of the pattern and hold spaces.
-T}
-_
-2\fB!\fR \fIcommand\fRT{
-Don't.  Apply the \fIcommand\fR (or group, if \fIcommand\fR is \fB{\|\fR) only to lines \fInot\fR selected by the address(es).
-T}
-_
-0\fB:\fR \fIlabel\fRT{
-This command does nothing; it bears a \fIlabel\fR for \fBb\fR and \fBt\fR commands to branch to.
-T}
-_
-1\fB=\fRT{
-Place the current line number on the standard output as a line.
-T}
-_
-2\fB{\fR\fIcommand-list\fR\fB}\fRT{
-Execute \fIcommand-list\fR only when the pattern space is selected.
-T}
-0An empty command is ignored.
-_
-0\fB#\fRT{
-If a \fB#\fR appears as the first character on a line of a script file, then that entire line is treated as a comment, with one exception: if a \fB#\fR appears on the first line and the character after the \fB#\fR is an \fBn\fR, then the default output will be suppressed.  The rest of the line after \fB#n\fR is also ignored.  A script file must contain at least one non-comment line.
-T}
-.TE
-
-.sp
-
-.sp
-.TS
-tab() box;
-cw(.92i) |cw(4.58i) 
-lw(.92i) |lw(4.58i) 
-.
-Max AddrCommand (Using \fIstrings\fR) and Description
-_
-2\fBs\fR/\fIregular expression\fR/\fIreplacement\fR/\fIflags\fR
-T{
-Substitute the \fIreplacement\fR string for instances of the \fIregular expression\fR in the pattern space.  Any character other than backslash or newline can be used instead of a slash to delimit the RE and the replacement.  Within the RE and the replacement, the RE delimiter itself can be used as a literal character if it is preceded by a backslash.
-T}
-T{
-An ampersand (\fB&\fR) appearing in the \fIreplacement\fR will be replaced by the string matching the RE.  The special meaning of \fB&\fR in this context can be suppressed by preceding it by backslash.  The characters \fB\e\fR\fIn\fR, where \fIn\fR is a digit, will be replaced by the text matched by the corresponding backreference expression.  For each backslash (\e) encountered in scanning \fIreplacement\fR from beginning to end, the following character loses its special meaning (if any).  It is unspecified what special meaning is given to any character other than &, \e or digits.
-T}
-T{
-A line can be split by substituting a \fBNEWLINE \fRcharacter into it.  The application must escape the \fBNEWLINE \fRcharacter in the \fIreplacement\fR by preceding it with backslash.  A substitution is considered to have been performed even if the replacement string is identical to the string that it replaces.
-T}
-\fIflags\fR is zero or more of:
-T{
-\fIn\fR \fIn\fR= 1 - 512.  Substitute for just the \fI n\fRth occurrence of the \fIregular expression.\fR
-T}
-T{
-\fBg\fR Global.  Substitute for all nonoverlapping instances of the \fIregular expression\fR rather than just the first one.  If both \fIg\fR and \fIn\fR are specified, the results are unspecified.
-T}
-_
-T{
-\fBp\fR Print the pattern space if a replacement was made. 
-T}
-T{
-\fBP\fR Copy the initial segment of the pattern space through the first new-line to the standard output.
-T}
-T{
-\fBw\fR \fIwfile\fR Write.  Append the pattern space to \fIwfile\fR if a replacement was made. The first occurrence of \fBw\fR will cause \fIwfile\fR to be cleared.  Subsequent invocations of \fBw\fR will append.  Each time the \fBsed\fR command is used, \fIwfile\fR is overwritten.
-T}
-_
-2\fBy\fR/ \fIstring1\fR / \fIstring2\fR /
-T{
-Transform.  Replace all occurrences of characters in \fI string1\fR with the corresponding characters in \fIstring2\fR.  \fIstring1\fR and \fIstring2\fR must have the same number of characters, or if any of the characters in \fIstring1 \fR appear more than once, the results are undefined.  Any character other than backslash or \fBNEWLINE\fR can be used instead of slash to delimit the strings.  Within \fIstring1\fR and \fIstring2\fR, the delimiter itself can be used as a literal character if it is preceded by a backslash. For example, \fBy\fR/abc/ABC/ replaces a with A, b with B, and c with C.
-T}
-.TE
-
-.sp
-.LP
-See \fBlargefile\fR(5) for the description of the behavior of \fBsed\fR when
-encountering files greater than or equal to 2 Gbyte ( 2^31 bytes).
-.SH EXAMPLES
-.LP
-\fBExample 1 \fRAn example sed script
-.sp
-.LP
-This \fBsed\fR script simulates the \fBBSD \fR\fBcat\fR \fB-s\fR command,
-squeezing excess blank lines from standard input.
-
-.sp
-.in +2
-.nf
-sed \(min '
-# Write non-empty lines.
-/./     {
-        p
-        d
-        }
-# Write a single empty line, then look for more empty lines.
-/^$/        p
-# Get next line, discard the held <newline> (empty line),
-# and look for more empty lines.
-:Empty
-/^$/        {
-        N
-        s/.//
-        b Empty
-        }
-# Write the non-empty line before going back to search
-# for the first in a set of empty lines.
-        p
-\&'
-.fi
-.in -2
-
-.SH ENVIRONMENT VARIABLES
-.sp
-.LP
-See \fBenviron\fR(5) for descriptions of the following environment variables
-that affect the execution of \fBsed\fR: \fBLANG\fR, \fBLC_ALL\fR,
-\fBLC_COLLATE\fR, \fBLC_CTYPE\fR, \fBLC_MESSAGES\fR, and \fBNLSPATH\fR.
-.SH EXIT STATUS
-.sp
-.LP
-The following exit values are returned:
-.sp
-.ne 2
-.mk
-.na
-\fB\fB0\fR \fR
-.ad
-.RS 7n
-.rt  
-Successful completion.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB>0\fR \fR
-.ad
-.RS 7n
-.rt  
-An error occurred.
-.RE
-
-.SH ATTRIBUTES
-.sp
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.SS "/usr/bin/sed"
-.sp
-
-.sp
-.TS
-tab() box;
-cw(2.75i) |cw(2.75i) 
-lw(2.75i) |lw(2.75i) 
-.
-ATTRIBUTE TYPEATTRIBUTE VALUE
-_
-CSINot enabled
-.TE
-
-.SS "/usr/xpg4/bin/sed"
-.sp
-
-.sp
-.TS
-tab() box;
-cw(2.75i) |cw(2.75i) 
-lw(2.75i) |lw(2.75i) 
-.
-ATTRIBUTE TYPEATTRIBUTE VALUE
-_
-CSIEnabled
-_
-Interface StabilityStandard
-.TE
+.br
+
+The
+``{''
+can be preceded by white space and can be followed by white space.
+The function can be preceded by white space.
+The terminating
+``}''
+must be preceded by a newline or optional white space.
+
+.TP
+[2addr] function-list
+Execute function-list only when the pattern space is selected.
+
+.TP
+[1addr]a\e
+.TP
+text
+Write
+.IR text
+to standard output immediately before each attempt to read a line of input,
+whether by executing the
+``N''
+function or by beginning a new cycle.
+
+.TP
+[2addr]b[label]
+Branch to the
+``\&:''
+function with the specified label.
+If the label is not specified, branch to the end of the script.
+
+.TP
+[2addr]c\e
+.TP
+text
+Delete the pattern space.
+With 0 or 1 address or at the end of a 2-address range,
+.IR text
+is written to the standard output.
+
+.TP
+[2addr]d
+Delete the pattern space and start the next cycle.
+
+.TP
+[2addr]D
+Delete the initial segment of the pattern space through the first
+newline character and start the next cycle.
+
+.TP
+[2addr]g
+Replace the contents of the pattern space with the contents of the
+hold space.
 
+.TP
+[2addr]G
+Append a newline character followed by the contents of the hold space
+to the pattern space.
+
+.TP
+[2addr]h
+Replace the contents of the hold space with the contents of the
+pattern space.
+
+.TP
+[2addr]H
+Append a newline character followed by the contents of the pattern space
+to the hold space.
+
+.TP
+[1addr]i\e
+.TP
+text
+Write
+.IR text
+to the standard output.
+
+.TP
+[2addr]l
+(The letter ell.)
+Write the pattern space to the standard output in a visually unambiguous
+form.
+This form is as follows:
+
+.TP
+backslash
+\e\e
+.TP
+alert
+\ea
+.TP
+form-feed
+\ef
+.TP
+carriage-return
+\er
+.TP
+tab
+\et
+.TP
+vertical tab
+\ev
+
+Nonprintable characters are written as three-digit octal numbers (with a
+preceding backslash) for each byte in the character (most significant byte
+first).
+Long lines are folded, with the point of folding indicated by displaying
+a backslash followed by a newline.
+The end of each line is marked with a
+``$''.
+
+.TP
+[2addr]n
+Write the pattern space to the standard output if the default output has
+not been suppressed, and replace the pattern space with the next line of
+input.
+
+.TP
+[2addr]N
+Append the next line of input to the pattern space, using an embedded
+newline character to separate the appended material from the original
+contents.
+Note that the current line number changes.
+
+.TP
+[2addr]p
+Write the pattern space to standard output.
+
+.TP
+[2addr]P
+Write the pattern space, up to the first newline character to the
+standard output.
+
+.TP
+[1addr]q
+Branch to the end of the script and quit without starting a new cycle.
+
+.TP
+[1addr]r file
+Copy the contents of
+.IR file
+to the standard output immediately before the next attempt to read a
+line of input.
+If
+.IR file
+cannot be read for any reason, it is silently ignored and no error
+condition is set.
+
+.TP
+[2addr]s/regular expression/replacement/flags
+Substitute the replacement string for the first instance of the regular
+expression in the pattern space.
+Any character other than backslash or newline can be used instead of
+a slash to delimit the RE and the replacement.
+Within the RE and the replacement, the RE delimiter itself can be used as
+a literal character if it is preceded by a backslash.
+
+An ampersand
+(``&'')
+appearing in the replacement is replaced by the string matching the RE.
+The special meaning of
+``&''
+in this context can be suppressed by preceding it by a backslash.
+The string
+``\e#'',
+where
+``#''
+is a digit, is replaced by the text matched
+by the corresponding backreference expression (see
+\fBre_format\fP(7)) .
+
+A line can be split by substituting a newline character into it.
+To specify a newline character in the replacement string, precede it with
+a backslash.
+
+The value of
+.IR flags
+in the substitute function is zero or more of the following:
+.TP
+\fIN\fP
+Make the substitution only for the
+\fIN\fP'th
+occurrence of the regular expression in the pattern space.
+.TP
+g
+Make the substitution for all non-overlapping matches of the
+regular expression, not just the first one.
+.TP
+p
+Write the pattern space to standard output if a replacement was made.
+If the replacement string is identical to that which it replaces, it
+is still considered to have been a replacement.
+.TP
+w file
+Append the pattern space to
+.IR file
+if a replacement was made.
+If the replacement string is identical to that which it replaces, it
+is still considered to have been a replacement.
+.TP
+I
+Match the regular expression in a case-insensitive way.
+
+.TP
+[2addr]t [label]
+Branch to the
+``\&:''
+function bearing the label if any substitutions have been made since the
+most recent reading of an input line or execution of a
+``t''
+function.
+If no label is specified, branch to the end of the script.
+
+.TP
+[2addr]w file
+Append the pattern space to the
+.IR file .
+
+.TP
+[2addr]x
+Swap the contents of the pattern and hold spaces.
+
+.TP
+[2addr]y/string1/string2/
+Replace all occurrences of characters in
+.IR string1
+in the pattern space with the corresponding characters from
+.IR string2 .
+Any character other than a backslash or newline can be used instead of
+a slash to delimit the strings.
+Within
+.IR string1
+and
+.IR string2 ,
+a backslash followed by any character other than a newline is that literal
+character, and a backslash followed by an ``n'' is replaced by a newline
+character.
+
+.TP
+[2addr]!function
+.TP
+[2addr]!function-list
+Apply the function or function-list only to the lines that are
+.IR not
+selected by the address(es).
+
+.TP
+[0addr]:label
+This function does nothing; it bears a label to which the
+``b''
+and
+``t''
+commands may branch.
+
+.TP
+[1addr]=
+Write the line number to the standard output followed by a newline
+character.
+
+.TP
+[0addr]
+Empty lines are ignored.
+
+.TP
+[0addr]#
+The
+``#''
+and the remainder of the line are ignored (treated as a comment), with
+the single exception that if the first two characters in the file are
+``#n'',
+the default output is suppressed.
+This is the same as specifying the
+\fB\-n\fP
+option on the command line.
+.SH ENVIRONMENT
+The
+.IR COLUMNS , LANG , LC_ALL , LC_CTYPE
+and
+.IR LC_COLLATE
+environment variables affect the execution of
+\fBsed\fP
+as described in
+\fBenviron\fP(5).
+.SH EXIT STATUS
+The \fBsed\fP utility exits 0 on success, and >0 if an error occurs.
 .SH SEE ALSO
-.sp
-.LP
-\fBawk\fR(1), \fBed\fR(1), \fBgrep\fR(1), \fBattributes\fR(5),
-\fBenviron\fR(5), \fBlargefile\fR(5), \fBregexp\fR(5), \fBstandards\fR(5)
+\fBawk\fP(1),
+\fBed\fP(1),
+\fBgrep\fP(1),
+\fBregex\fP(3),
+\fBre_format\fP(5)
+.SH STANDARDS
+The
+\fBsed\fP
+utility is expected to be a superset of the IEEE Std 1003.2 (``POSIX.2'')
+specification.
+
+The
+\fB\-E\fP, I , a
+and
+\fB\-i\fP
+options, the prefixing
+``\&+''
+in the second member of an address range,
+as well as the
+``I''
+flag to the address regular expression and substitution command are
+non-standard extensions and may not be available on other operating systems.
+.SH HISTORY
+A
+\fBsed\fP
+command, written by L. E. McMahon, appeared in Version 7 AT&T UNIX.
+.SH AUTHORS
+
+"Diomidis D. Spinellis" <dds@FreeBSD.org>
+.SH BUGS
+Multibyte characters containing a byte with value 0x5C (ASCII `\e')
+may be incorrectly treated as line continuation characters in arguments to the
+``a'',
+``c''
+and
+``i''
+commands.
+Multibyte characters cannot be used as delimiters with the
+``s''
+and
+``y''
+commands.
diff --git a/usr/src/man/man1/tplot.1 b/usr/src/man/man1/tplot.1
deleted file mode 100644
index 61f82facf9..0000000000
--- a/usr/src/man/man1/tplot.1
+++ /dev/null
@@ -1,158 +0,0 @@
-'\" te
-.\"  Copyright (c) 1988 Sun Microsystems, Inc. - All Rights Reserved.
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH tplot 1 "14 Jul 1994" "SunOS 5.11" "User Commands"
-.SH NAME
-tplot, t300, t300s, t4014, t450, tek, ver \- graphics filters for various
-plotters
-.SH SYNOPSIS
-.LP
-.nf
-\fB/usr/bin/tplot\fR [\fB-T\fR \fIterminal\fR]
-.fi
-
-.SH DESCRIPTION
-.sp
-.LP
-\fBtplot\fR reads plotting instructions from the standard input and produces
-plotting instructions suitable for a particular \fIterminal\fR on the standard
-output.
-.sp
-.LP
-If no \fIterminal\fR is specified, the environment variable \fBTERM\fR is used.
-The default \fIterminal\fR is \fBtek\fR.
-.SH ENVIRONMENT VARIABLES
-.sp
-.LP
-Except for \fBver\fR, the following terminal-types can be used with `\fBlpr
-\fR\fB-g\fR' (see \fBlpr\fR) to produce plotted output:
-.sp
-.ne 2
-.mk
-.na
-\fB300\fR
-.ad
-.RS 15n
-.rt  
-\fBDASI\fR 300 or \fBGSI\fR terminal (Diablo\(rg mechanism).
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB300s | 300S\fR
-.ad
-.RS 15n
-.rt  
-\fBDASI\fR 300s terminal (Diablo mechanism).
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB450\fR
-.ad
-.RS 15n
-.rt  
-\fBDASI\fR Hyterm 450 terminal (Diablo mechanism).
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB4014 | tek\fR
-.ad
-.RS 15n
-.rt  
-Tektronix 4014 and 4015 storage scope with Enhanced Graphics Module. (Use 4013
-for Tektronix 4014 or 4015 without the Enhanced Graphics Module).
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fBver\fR
-.ad
-.RS 15n
-.rt  
-Versatec\(rg D1200A printer-plotter. The output is scan-converted and suitable
-input to `\fBlpr \fR\fB-v\fR'.
-.RE
-
-.SH FILES
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/lib/t300\fR\fR
-.ad
-.RS 18n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/lib/t300s\fR\fR
-.ad
-.RS 18n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/lib/t4014\fR\fR
-.ad
-.RS 18n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/lib/t450\fR\fR
-.ad
-.RS 18n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/lib/tek\fR\fR
-.ad
-.RS 18n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/lib/vplot\fR\fR
-.ad
-.RS 18n
-.rt  
-
-.RE
-
-.SH SEE ALSO
-.sp
-.LP
-\fBlp\fR(1), \fBvi\fR(1), \fBattributes\fR(5)
diff --git a/usr/src/man/man1/whois.1 b/usr/src/man/man1/whois.1
index b6634211a9..dbe4136f7f 100644
--- a/usr/src/man/man1/whois.1
+++ b/usr/src/man/man1/whois.1
@@ -1,90 +1,191 @@
-'\" te
-.\"  Copyright 1989 AT&T  Copyright (c) 1992, Sun Microsystems, Inc.  All Rights Reserved
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH whois 1 "6 Nov 2000" "SunOS 5.11" "User Commands"
+.TH WHOIS 1 "October 2, 2009" ""
 .SH NAME
-whois \- Internet user name directory service
+\fBwhois\fP
+\- Internet domain name and network number directory service
 .SH SYNOPSIS
-.LP
-.nf
-\fBwhois\fR [\fB-h\fR \fIhost\fR] \fIidentifier\fR
-.fi
-
+.br
+\fBwhois\fP
+[\fB\-aAbfgiIklmQr\fP]
+[\fB\-c\fP \fIcountry-code\fP | \fIFl\fP h \fIhost\fP]
+[\fB\-p\fP \fIport\fP]
+\fIname\fP...
 .SH DESCRIPTION
-.sp
-.LP
-\fBwhois\fR searches for an \fBInternet\fR directory entry for an
-\fIidentifier\fR which is either a name (such as ``Smith'') or a handle (such
-as ``SRI-NIC''). To force a name-only search, precede the name with a period;
-to force a handle-only search, precede the handle with an exclamation point.
-.sp
-.LP
-To search for a group or organization entry, precede the argument with \fB*\fR
-(an asterisk). The entire membership list of the group will be displayed with
-the record.
-.sp
-.LP
-You may of course use an exclamation point and asterisk, or a period and
-asterisk together.
-.SH EXAMPLES
-.LP
-\fBExample 1 \fRUsing The \fBwhois\fR Command
-.sp
-.LP
-The command:
+The
+\fBwhois\fP
+utility looks up records in the databases maintained by several
+Network Information Centers (NICs).
+
+The options are as follows:
+.TP
+\fB\-a\fP
+Use the American Registry for Internet Numbers (ARIN) database.
+It contains network numbers used in those parts of the world covered neither by
+APNIC, AfriNIC, LACNIC, nor by RIPE.
+
+(Hint: All point of contact handles in the ARIN whois database end with -ARIN.)
 
-.sp
-.in +2
-.nf
-example% whois Smith
-.fi
-.in -2
-.sp
+.TP
+\fB\-A\fP
+Use the Asia/Pacific Network Information Center (APNIC) database.
+It contains network numbers used in East Asia, Australia,
+New Zealand, and the Pacific islands.
+.TP
+\fB\-b\fP
+Use the Network Abuse Clearinghouse database.
+It contains addresses to which network abuse should be reported,
+indexed by domain name.
+.TP
+\fB\-c\fP \fIcountry-code\fP
+This is the equivalent of using the
+\fB\-h\fP
+option with an argument of \fIcountry-code\fP.whois-servers.net.
+.TP
+\fB\-f\fP
+Use the African Network Information Centre (AfriNIC) database.
+It contains network numbers used in Africa and the islands of the
+western Indian Ocean.
+.TP
+\fB\-g\fP
+Use the US non-military federal government database, which contains points of
+contact for subdomains of
+\fI\&.GOV\fP.
+.TP
+\fB\-h\fP \fIhost\fP
+Use the specified host instead of the default variant.
+Either a host name or an IP address may be specified.
 
-.sp
-.LP
-looks for the name or handle SMITH.
+By default
+\fBwhois\fP
+constructs the name of a whois server to use from the top-level domain (TLD)
+of the supplied (single) argument, and appending .whois-servers.net .
+This effectively allows a suitable whois server to be selected
+automatically for a large number of TLDs.
 
-.sp
-.LP
-The command:
+In the event that an IP
+address is specified, the whois server will default to the American
+Registry for Internet Numbers (ARIN).
+If a query to ARIN references APNIC, AfriNIC, LACNIC, or RIPE,
+that server will be queried also, provided that the
+\fB\-Q\fP
+option is not specified.
 
-.sp
-.in +2
-.nf
-example% whois !SRI-NIC
-.fi
-.in -2
-.sp
+If the query is not a domain name or IP address,
+\fBwhois\fP
+will fall back to
+\fIwhois.crsnic.net\fP.
+.TP
+\fB\-i\fP
+Use the Network Solutions Registry for Internet Numbers
+(\fIwhois.networksolutions.com\fP)
+database.
+It contains network numbers and domain contact information for most of
+\fI\&.COM\fP,.NET,.ORG
+and
+\fI\&.EDU\fP
+domains.
 
-.sp
-.LP
-looks for the handle SRI-NIC only.
+.B NOTE !
+The registration of these domains is now done by a number of
+independent and competing registrars and this database holds no information
+on the domains registered by organizations other than Network Solutions, Inc.
+Also, note that the InterNIC database
+(\fIwhois.internic.net\fP)
+is no longer handled by Network Solutions, Inc.
+For details, see
+\fIhttp://www.internic.net/\fP.
 
-.sp
-.LP
-The command:
+(Hint: Contact information, identified by the term
+.IR handle ,
+can be looked up by prefixing "handle" to the NIC
+handle in the query.)
+.TP
+\fB\-I\fP
+Use the Internet Assigned Numbers Authority (IANA) database.
+It contains network information for top-level domains.
+.TP
+\fB\-k\fP
+Use the National Internet Development Agency of Korea's (KRNIC)
+database.
+It contains network numbers and domain contact information
+for Korea.
+.TP
+\fB\-l\fP
+Use the Latin American and Caribbean IP address Regional Registry
+(Tn LACNIC)
+database.
+It contains network numbers used in much of Latin America and the
+Caribbean.
+.TP
+\fB\-m\fP
+Use the Route Arbiter Database (RADB) database.
+It contains route policy specifications for a large
+number of operators' networks.
+.TP
+\fB\-p\fP \fIport\fP
+Connect to the whois server on
+\fIport\fP.
+If this option is not specified,
+\fBwhois\fP
+defaults to port 43.
+.TP
+\fB\-Q\fP
+Do a quick lookup.
+This means that
+\fBwhois\fP
+will not attempt to lookup the name in the authoritative whois
+server (if one is listed).
+This option has no effect when combined with any other options.
+.TP
+\fB\-r\fP
+Use the R\(aaeseaux IP Europ\(aaeens (RIPE) database.
+It contains network numbers and domain contact information
+for Europe.
 
-.sp
-.in +2
-.nf
-example% whois .Smith, John
-.fi
-.in -2
-.sp
+The operands specified to
+\fBwhois\fP
+are treated independently and may be used
+as queries on different whois servers.
+.SH EXIT STATUS
+The \fBwhois\fP utility exits 0 on success, and >0 if an error occurs.
+.SH EXAMPLES
+Most types of data, such as domain names and IP addresses, can be used as
+arguments to
+\fBwhois\fP
+without any options, and
+\fBwhois\fP
+will choose the correct whois server to query.
+Some exceptions, where
+\fBwhois\fP
+will not be able to handle data correctly, are detailed below.
+
+To obtain contact information about an
+administrator located in the Russian TLD domain RU,
+use the
+\fB\-c\fP
+option as shown in the following example, where
+\fICONTACT-ID\fP
+is substituted with the actual contact identifier.
 
-.sp
-.LP
-looks for the name \fBJOHN SMITH\fR only.
+whois -c RU CONTACT-ID
 
-.sp
-.LP
-Adding \fB\&.\|.\|.\fR to the name or handle argument will match anything from
-that point; that is, \fBZU .\|.\|.\fR will match ZUL, ZUM, and so on.
+(Note: This example is specific to the TLD RU,
+but other TLDs can be queried by using a similar syntax.)
 
+The following example demonstrates how to query
+a whois server using a non-standard port, where
+``query-data''
+is the query to be sent to
+``whois.example.com''
+on port
+``rwhois''
+(written numerically as 4321).
+
+whois -h whois.example.com -p rwhois query-data
 .SH SEE ALSO
-.sp
-.LP
-\fBattributes\fR(5)
+
+Vic White and Ken Harrenstien, \fINICNAME/WHOIS\fP, 1 March 1982, RFC 812.
+.SH HISTORY
+The
+\fBwhois\fP
+command appeared in
+4.3BSD.
diff --git a/usr/src/man/man1b/Makefile b/usr/src/man/man1b/Makefile
index dc8013a719..7930c098fd 100644
--- a/usr/src/man/man1b/Makefile
+++ b/usr/src/man/man1b/Makefile
@@ -37,7 +37,6 @@ MANFILES=	basename.1b \
 		lptest.1b	\
 		mail.1b		\
 		mkstr.1b	\
-		plot.1b		\
 		printenv.1b	\
 		ps.1b		\
 		rusage.1b	\
diff --git a/usr/src/man/man1b/plot.1b b/usr/src/man/man1b/plot.1b
deleted file mode 100644
index eb7b9c7328..0000000000
--- a/usr/src/man/man1b/plot.1b
+++ /dev/null
@@ -1,391 +0,0 @@
-'\" te
-.\"  Copyright (c) 1988 Sun Microsystems, Inc. - All Rights Reserved.
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH plot 1B "3 Aug 1994" "SunOS 5.11" "SunOS/BSD Compatibility Package Commands"
-.SH NAME
-plot, aedplot, atoplot, bgplot, crtplot, dumbplot, gigiplot, hpplot, implot,
-plottoa, t300, t300s, t4013, t450, tek, vplot, hp7221plot \- graphics filters
-for various plotters
-.SH SYNOPSIS
-.LP
-.nf
-\fB/usr/ucb/plot\fR [\fB-T\fR\fIterminal\fR]
-.fi
-
-.SH DESCRIPTION
-.sp
-.LP
-The \fBplot\fR utility reads plotting instructions (see \fBplot\fR(4B)) from
-the standard input and produces plotting instructions suitable for a particular
-\fIterminal\fR on the standard output.
-.sp
-.LP
-If no \fIterminal\fR is specified, the environment variable \fBTERM\fR is used.
-The default \fIterminal\fR is \fBtek\fR.
-.SH ENVIRONMENT VARIABLES
-.sp
-.LP
-Except for \fBver\fR, the following terminal-types can be used with `\fBlpr\fR
-\fB-g\fR' (see \fBlpr\fR(1B)) to produce plotted output:
-.sp
-.ne 2
-.mk
-.na
-\fB\fB2648\fR | \fB2648a\fR |  \fBh8\fR |  \fBhp2648\fR |  \fBhp2648a\fR\fR
-.ad
-.sp .6
-.RS 4n
-Hewlett Packard 2648 graphics terminal.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBhp7221\fR | \fBhp7\fR |  \fBh7\fR |\fR
-.ad
-.sp .6
-.RS 4n
-Hewlett Packard 7221 plotter.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB300\fR\fR
-.ad
-.sp .6
-.RS 4n
-\fBDASI\fR 300 or \fBGSI\fR terminal (Diablo mechanism).
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB300s\fR | \fB300S\fR\fR
-.ad
-.sp .6
-.RS 4n
-\fBDASI\fR 300s terminal (Diablo mechanism).
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB450\fR\fR
-.ad
-.sp .6
-.RS 4n
-\fBDASI\fR Hyterm 450 terminal (Diablo mechanism).
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB4013\fR\fR
-.ad
-.sp .6
-.RS 4n
-Tektronix 4013 storage scope.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB4014\fR | \fBtek\fR\fR
-.ad
-.sp .6
-.RS 4n
-Tektronix 4014 and 4015 storage scope with Enhanced Graphics Module. (Use 4013
-for Tektronix 4014 or 4015 without the Enhanced Graphics Module).
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBaed\fR\fR
-.ad
-.sp .6
-.RS 4n
-\fBAED\fR 512 color graphics terminal.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBbgplot\fR | \fBbitgraph\fR\fR
-.ad
-.sp .6
-.RS 4n
-\fBBBN\fR bitgraph graphics terminal.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBcrt\fR\fR
-.ad
-.sp .6
-.RS 4n
-Any crt terminal capable of running \fBvi\fR(1).
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBdumb\fR | \fBun\fR |  \fBunknown\fR\fR
-.ad
-.sp .6
-.RS 4n
-Dumb terminals without cursor addressing or line printers.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBgigi\fR | \fBvt125\fR\fR
-.ad
-.sp .6
-.RS 4n
-\fBDEC\fR vt125 terminal.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBimplot\fR\fR
-.ad
-.sp .6
-.RS 4n
-Imagen plotter.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBvar\fR\fR
-.ad
-.sp .6
-.RS 4n
-Benson Varian printer-plotter
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBver\fR\fR
-.ad
-.sp .6
-.RS 4n
-Versatec D1200A printer-plotter. The output is scan-converted and suitable
-input to `\fBlpr\fR \fB-v\fR'.
-.RE
-
-.SH FILES
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/aedplot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/atoplot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/bgplot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/crtplot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/dumbplot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/gigiplot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/hp7221plot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/hpplot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/implot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/plot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/plottoa\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/t300\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/t300s\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/t4013\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/t450\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/tek\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB/usr/ucb/vplot\fR\fR
-.ad
-.RS 23n
-.rt  
-
-.RE
-
-.SH SEE ALSO
-.sp
-.LP
-\fBgraph\fR(1), \fBtplot\fR(1), \fBvi\fR(1), \fBlpr\fR(1B), \fBplot\fR(4B),
-\fBattributes\fR(5)
diff --git a/usr/src/man/man1m/Makefile b/usr/src/man/man1m/Makefile
index 9080c85755..abe1aeaede 100644
--- a/usr/src/man/man1m/Makefile
+++ b/usr/src/man/man1m/Makefile
@@ -9,7 +9,10 @@
 # at http://www.illumos.org/license/CDDL.
 #
 
+#
 # Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 include ../../Makefile.master
 
@@ -392,6 +395,7 @@ COMMON_MANFILES = 	6to4relay.1m		\
 	 	 	powertop.1m		\
 	 	 	ppdmgr.1m		\
 	 	 	pppd.1m			\
+			pppdump.1m		\
 	 	 	pppoec.1m		\
 	 	 	pppoed.1m		\
 	 	 	pppstats.1m		\
@@ -524,6 +528,9 @@ COMMON_MANFILES = 	6to4relay.1m		\
 	 	 	syseventd.1m		\
 	 	 	syslogd.1m		\
 	 	 	tapes.1m		\
+			tcpd.1m			\
+			tcpdchk.1m		\
+			tcpdmatch.1m		\
 	 	 	th_define.1m		\
 	 	 	th_manage.1m		\
 	 	 	tic.1m			\
@@ -590,7 +597,7 @@ COMMON_MANFILES = 	6to4relay.1m		\
 	 	 	zoneadmd.1m		\
 	 	 	zonecfg.1m		\
 	 	 	zpool.1m		\
-	 	 	zstreamdump.1m		\
+	 	 	zstreamdump.1m
 
 i386_MANFILES =	 	lms.1m			\
 	 	 	parted.1m		\
diff --git a/usr/src/man/man1m/beadm.1m b/usr/src/man/man1m/beadm.1m
index 56046c85ec..da73f7ee0e 100644
--- a/usr/src/man/man1m/beadm.1m
+++ b/usr/src/man/man1m/beadm.1m
@@ -46,6 +46,16 @@ beadm \- utility for managing zfs boot environments
 \fBbeadm\fR \fBactivate\fR \fIbeName\fR
 .fi
 
+.LP
+.nf
+\fBbeadm\fR \fBrollback\fR \fIbeName\fR \fIsnapshot\fR
+.fi
+
+.LP
+.nf
+\fBbeadm\fR \fBrollback\fR \fIbeName@snapshot\fR
+.fi
+
 .SH DESCRIPTION
 The \fBbeadm\fR command is the user interface for managing zfs Boot
 Environments (BEs). This utility is intended to be used by System
@@ -123,6 +133,12 @@ Rename an existing, inactive BE.
 .TP
 .ie t \(bu
 .el -
+Roll back a BE to an existing snapshot of a BE.
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el -
 Display information about your snapshots and datasets.
 .RE
 .RE
@@ -400,6 +416,18 @@ Renames the boot environment named \fIbeName\fR to \fInewBeName\fR.
 .ne 2
 .mk
 .na
+\fBbeadm\fR \fBrollback\fR \fIbeName\fR \fIsnapshot\fR | \fIbeName@snapshot\fR
+.ad
+.sp .6
+.RS 4n
+Roll back the boot environment named \fIbeName\fR to existing snapshot
+of the boot environment named \fIbeName@snapshot\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
 \fBbeadm\fR \fBactivate\fR \fIbeName\fR
 .ad
 .sp .6
@@ -553,7 +581,17 @@ and provide a description for it.
 .sp
 
 .LP
-\fBExample 14\fR: List all existing boot environments.
+\fBExample 14\fR: Roll back the BE named BE1 to snapshot BE1@now.
+.sp
+.in +2
+.nf
+\fB# beadm rollback BE1 BE1@now\fR
+.fi
+.in -2
+.sp
+
+.LP
+\fBExample 15\fR: List all existing boot environments.
 
 .sp
 .in +2
@@ -570,7 +608,7 @@ BE5 NR     /          7.25G  static 2008-09-09 16:53
 .sp
 
 .LP
-\fBExample 14\fR: List all existing boot environmets and list all dataset and
+\fBExample 16\fR: List all existing boot environmets and list all dataset and
 snapshot information about those bootenvironments.
 
 .sp
@@ -602,7 +640,7 @@ BE5
 .in -2
 .sp
 
-\fBExample 15\fR: List all dataset and snapshot information about BE5
+\fBExample 17\fR: List all dataset and snapshot information about BE5
 
 .sp
 .in +2
@@ -623,7 +661,7 @@ BE5
 .sp
 
 .LP
-\fBExample 16\fR: List machine parsable information about all boot
+\fBExample 18\fR: List machine parsable information about all boot
 environments.
 
 .sp
diff --git a/usr/src/cmd/cmd-inet/usr.bin/pppdump/pppdump.1m b/usr/src/man/man1m/pppdump.1m
index c438e55be0..73234001de 100644
--- a/usr/src/cmd/cmd-inet/usr.bin/pppdump/pppdump.1m
+++ b/usr/src/man/man1m/pppdump.1m
@@ -1,7 +1,6 @@
 .\" -*- nroff -*-
 .\" manual page for pppdump
 .\" Copyright (c) 2000 by Sun Microsystems, Inc.
-.\"	ident	"%Z%%M%	%I%	%E% SMI"
 .\" All rights reserved.
 .\"	@(#) $Id: pppdump.8,v 1.1 1999/04/01 11:44:55 paulus Exp $
 .TH PPPDUMP 1M "1 April 1999"
@@ -65,7 +64,3 @@ the link when checking for over-length PPP packets (with the \fB-p\fR
 option).
 .SH SEE ALSO
 pppd(1m)
-.SH NOTES
-The modified source for this package is available in the SUNWpppgS
-package.  You can get the original source from
-ftp://linuxcare.com.au/pub/ppp.
diff --git a/usr/src/cmd/tcpd/tcpd.8 b/usr/src/man/man1m/tcpd.1m
index b33320f5cf..5bf56a4889 100644
--- a/usr/src/cmd/tcpd/tcpd.8
+++ b/usr/src/man/man1m/tcpd.1m
@@ -1,4 +1,9 @@
-.TH TCPD 8
+'\" t
+.\"
+.\" Modified for Solaris to to add the Solaris stability classification,
+.\" and to add a note about source availability.
+.\" 
+.TH TCPD 1M
 .SH NAME
 tcpd \- access control facility for internet services
 .SH DESCRIPTION
@@ -22,6 +27,16 @@ Optional features are: pattern-based access control, client username
 lookups with the RFC 931 etc. protocol, protection against hosts that
 pretend to have someone elses host name, and protection against hosts
 that pretend to have someone elses network address.
+.SH LIBWRAP INTERFACE
+The same monitoring and access control functionality provided by the
+tcpd standalone program is also available through the libwrap shared
+library interface. Some programs, including the Solaris inetd daemon,
+have been modified  to use the libwrap interface and thus do not
+require replacing the real server programs with tcpd. The libwrap
+interface is also more efficient and can be used for inetd internal
+services. See
+.BR inetd (1M)
+for more information.
 .SH LOGGING
 Connections that are monitored by
 .I tcpd
@@ -38,7 +53,7 @@ Optionally,
 supports a simple form of access control that is based on pattern
 matching.  The access-control software provides hooks for the execution
 of shell commands when a pattern fires.  For details, see the
-\fIhosts_access\fR(5) manual page.
+\fIhosts_access\fR(4) manual page.
 .SH HOST NAME VERIFICATION
 The authentication scheme of some protocols (\fIrlogin, rsh\fR) relies
 on host names. Some implementations believe the host name that they get
@@ -73,60 +88,28 @@ succeed only if the client host runs an RFC 931-compliant daemon.
 Client user name lookups will not work for datagram-oriented
 connections, and may cause noticeable delays in the case of connections
 from PCs.
-
-.SH EXAMPLE
-In order to monitor access to the \fIfinger\fR service, run the following
-command to enable the tcp_wrapper :
-.nf
-.sp
-.ti +5
-inetadm -m network/finger tcp_wrapper=TRUE
-.sp
-.fi
-.PP
-The example assumes that the network/finger service hasn't been removed from
-your system.
-.PP
-Similar changes will be needed for the other services that are to be
-covered by \fItcpd\fR. In case a (non-standard) daemon does not exist as a
-service already, use \fIsmf(5)\fR to make it a service by creating a manifest,
-and then enable tcp_wrappers for that service as shown in the example.
-
-.SH BUGS
-Some UDP (and RPC) daemons linger around for a while after they have
-finished their work, in case another request comes in.
 .PP
-The program does not work with RPC services over TCP. The
-only non-trivial service that is affected by this limitation is
-\fIrexd\fR, which is used by the \fIon(1)\fR command. This is no great
-loss.  On most systems, \fIrexd\fR is less secure than a wildcard in
-/etc/hosts.equiv.
-.PP
-RPC broadcast requests (for example: \fIrwall, rup, rusers\fR) always
-appear to come from the responding host. What happens is that the
-client broadcasts the request to all \fIportmap\fR daemons on its
-network; each \fIportmap\fR daemon forwards the request to a local
-daemon. As far as the \fIrwall\fR etc.  daemons know, the request comes
-from the local host.
-.SH FILES
-.PP
-The default locations of the host access control tables are:
-.PP
-/etc/hosts.allow
-.br
-/etc/hosts.deny
-.SH SEE ALSO
-.na
-.nf
-hosts_access(5), format of the tcpd access control tables.
-syslog.conf(5), format of the syslogd control file.
-smf(5), service management facility.
-.SH AUTHORS
-.na
-.nf
-Wietse Venema (wietse@wzv.win.tue.nl),
-Department of Mathematics and Computing Science,
-Eindhoven University of Technology
-Den Dolech 2, P.O. Box 513, 
-5600 MB Eindhoven, The Netherlands
-\" @(#) tcpd.8 1.5 96/02/21 16:39:16
+Warning: If the local system runs an RFC 931 server it is important
+that it be configured NOT to use TCP Wrappers, or that TCP Wrappers
+be configured to avoid RFC 931-based access control for this service.
+If you use usernames in the access control files, make sure that you
+have a hosts.allow entry that allows the RFC 931 service (often called
+"identd" or "auth") without any username restrictions. Failure to heed
+this warning can result in two hosts getting in an endless loop of
+consulting each other's identd services.
+.SH EXAMPLES
+.\" Begin Sun update
+.SH ATTRIBUTES
+See
+.BR attributes (5)
+for descriptions of the following attributes:
+.sp
+.TS
+box;
+cbp-1 | cbp-1
+l | l .
+ATTRIBUTE TYPE	ATTRIBUTE VALUE
+=
+Interface Stability	Committed
+.TE 
+.\" End Sun update
diff --git a/usr/src/cmd/tcpd/tcpdchk.8 b/usr/src/man/man1m/tcpdchk.1m
index acc65e6441..ff6940ce1c 100644
--- a/usr/src/cmd/tcpd/tcpdchk.8
+++ b/usr/src/man/man1m/tcpdchk.1m
@@ -1,4 +1,9 @@
-.TH TCPDCHK 8
+'\" t
+.\"
+.\" Modified for Solaris to to add the Solaris stability classification,
+.\" and to add a note about source availability.
+.\" 
+.TH TCPDCHK 1M
 .SH NAME
 tcpdchk \- tcp wrapper configuration checker
 .SH SYNOPSYS
@@ -9,7 +14,7 @@ tcpdchk [-a] [-d] [-i inet_conf] [-v]
 potential and real problems it can find. The program examines the
 \fItcpd\fR access control files (by default, these are
 \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR), and compares the
-entries in these files against entries in the \fIinetd\fR or \fItlid\fR
+entries in these files against entries in the \fIinetd\fR 
 network configuration files.
 .PP
 \fItcpdchk\fR reports problems such as non-existent pathnames; services
@@ -33,7 +38,7 @@ Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current
 directory instead of the default ones.
 .IP "-i inet_conf"
 Specify this option when \fItcpdchk\fR is unable to find your
-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
+\fIinetd.conf\fR network configuration file, or when
 you suspect that the program uses the wrong one.
 .IP -v
 Display the contents of each access control rule.  Daemon lists, client
@@ -50,11 +55,13 @@ The default locations of the \fItcpd\fR access control tables are:
 .SH SEE ALSO
 .na
 .nf
-tcpdmatch(8), explain what tcpd would do in specific cases.
-hosts_access(5), format of the tcpd access control tables.
-hosts_options(5), format of the language extensions.
-inetd.conf(5), format of the inetd control file.
-tlid.conf(5), format of the tlid control file.
+tcpdmatch(1M), explain what tcpd would do in specific cases.
+hosts_access(4), format of the tcpd access control tables.
+hosts_options(4), format of the language extensions.
+inetd.conf(4), format of the inetd control file.
+inetd(1M), how to invoke tcpd from inetd using the libwrap library.
+inetadm(1M), managing inetd services in the Service Management Framework.
+
 .SH AUTHORS
 .na
 .nf
@@ -64,3 +71,18 @@ Eindhoven University of Technology
 Den Dolech 2, P.O. Box 513, 
 5600 MB Eindhoven, The Netherlands
 \" @(#) tcpdchk.8 1.3 95/01/08 17:00:30
+.\" Begin Sun update
+.SH ATTRIBUTES
+See
+.BR attributes (5)
+for descriptions of the following attributes:
+.sp
+.TS
+box;
+cbp-1 | cbp-1
+l | l .
+ATTRIBUTE TYPE	ATTRIBUTE VALUE
+=
+Interface Stability	Committed
+.TE 
+.\" End Sun update
diff --git a/usr/src/cmd/tcpd/tcpdmatch.8 b/usr/src/man/man1m/tcpdmatch.1m
index ebd8c7874c..2599717b2c 100644
--- a/usr/src/cmd/tcpd/tcpdmatch.8
+++ b/usr/src/man/man1m/tcpdmatch.1m
@@ -1,4 +1,9 @@
-.TH TCPDMATCH 8
+'\" t
+.\"
+.\" Modified for Solaris to to add the Solaris stability classification,
+.\" and to add a note about source availability.
+.\" 
+.TH TCPDMATCH 1M
 .SH NAME
 tcpdmatch \- tcp wrapper oracle
 .SH SYNOPSYS
@@ -13,7 +18,7 @@ request for service.  Examples are given below.
 The program examines the \fItcpd\fR access control tables (default
 \fI/etc/hosts.allow\fR and \fI/etc/hosts.deny\fR) and prints its
 conclusion.  For maximal accuracy, it extracts additional information
-from your \fIinetd\fR or \fItlid\fR network configuration file.
+from your \fIinetd\fR  network configuration file.
 .PP
 When \fItcpdmatch\fR finds a match in the access control tables, it
 identifies the matched rule. In addition, it displays the optional
@@ -50,7 +55,7 @@ Examine \fIhosts.allow\fR and \fIhosts.deny\fR files in the current
 directory instead of the default ones.
 .IP "-i inet_conf"
 Specify this option when \fItcpdmatch\fR is unable to find your
-\fIinetd.conf\fR or \fItlid.conf\fR network configuration file, or when
+\fIinetd.conf\fR network configuration file, or when
 you suspect that the program uses the wrong one.
 .SH EXAMPLES
 To predict how \fItcpd\fR would handle a telnet request from the local
@@ -82,11 +87,13 @@ The default locations of the \fItcpd\fR access control tables are:
 .SH SEE ALSO
 .na
 .nf
-tcpdchk(8), tcpd configuration checker
-hosts_access(5), format of the tcpd access control tables.
-hosts_options(5), format of the language extensions.
-inetd.conf(5), format of the inetd control file.
-tlid.conf(5), format of the tlid control file.
+tcpdchk(1M), tcpd configuration checker
+hosts_access(4), format of the tcpd access control tables.
+hosts_options(4), format of the language extensions.
+inetd.conf(4), format of the inetd control file.
+inetd(1M), how to invoke tcpd from inetd using the libwrap library.
+inetadm(1M), managing inetd services in the Service Management Framework.
+
 .SH AUTHORS
 .na
 .nf
@@ -96,3 +103,18 @@ Eindhoven University of Technology
 Den Dolech 2, P.O. Box 513, 
 5600 MB Eindhoven, The Netherlands
 \" @(#) tcpdmatch.8 1.5 96/02/11 17:01:35
+.\" Begin Sun update
+.SH ATTRIBUTES
+See
+.BR attributes (5)
+for descriptions of the following attributes:
+.sp
+.TS
+box;
+cbp-1 | cbp-1
+l | l .
+ATTRIBUTE TYPE	ATTRIBUTE VALUE
+=
+Interface Stability	Committed
+.TE 
+.\" End Sun update
diff --git a/usr/src/man/man3/Makefile b/usr/src/man/man3/Makefile
index 5d73a0b0e5..0ac3a03cd8 100644
--- a/usr/src/man/man3/Makefile
+++ b/usr/src/man/man3/Makefile
@@ -9,22 +9,28 @@
 # at http://www.illumos.org/license/CDDL.
 #
 
+#
 # Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 include ../../Makefile.master
 
 MANSECT = 	3
 
-MANSOFILES =	intro.3
+MANSOFILES =	intro.3 \
+		libwrap.3
+
 MANFILES = 	Intro.3 \
+		hosts_access.3 \
 		$(MANSOFILES)
 
-intro.3 := SOSRC = man3/Intro.3
+intro.3		:= SOSRC = man3/Intro.3
+
+libwrap.3	:= SOSRC = man3/hosts_access.3
 
 .KEEP_STATE:
 
 include ../Makefile.man
 
 install: $(ROOTMANFILES)
-
-
diff --git a/usr/src/cmd/tcpd/hosts_access.3 b/usr/src/man/man3/hosts_access.3
index 1485337ff6..ba0a7c5a01 100644
--- a/usr/src/cmd/tcpd/hosts_access.3
+++ b/usr/src/man/man3/hosts_access.3
@@ -1,6 +1,6 @@
 .TH HOSTS_ACCESS 3
 .SH NAME
-hosts_access, hosts_ctl, request_init, request_set \- access control library
+hosts_access, hosts_ctl, libwrap, request_init, request_set \- access control library
 .SH SYNOPSIS
 .nf
 #include "tcpd.h"
diff --git a/usr/src/man/man3c/Makefile b/usr/src/man/man3c/Makefile
index 4b2660a1ff..e81e80e5ea 100644
--- a/usr/src/man/man3c/Makefile
+++ b/usr/src/man/man3c/Makefile
@@ -1043,6 +1043,9 @@ MANSOFILES =	FD_CLR.3c				\
 	 	srand48.3c				\
 	 	srandom.3c				\
 	 	sscanf.3c				\
+		stderr.3c				\
+		stdin.3c				\
+		stdout.3c				\
 	 	strcasecmp.3c				\
 	 	strcat.3c				\
 	 	strchr.3c				\
@@ -1915,6 +1918,10 @@ sigtimedwait.3c				:= SOSRC = man3c/sigwaitinfo.3c
 
 gsignal.3c				:= SOSRC = man3c/ssignal.3c
 
+stderr.3c				:= SOSRC = man3c/stdio.3c
+stdin.3c				:= SOSRC = man3c/stdio.3c
+stdout.3c				:= SOSRC = man3c/stdio.3c
+
 sig2str.3c				:= SOSRC = man3c/str2sig.3c
 
 strerror_r.3c				:= SOSRC = man3c/strerror.3c
diff --git a/usr/src/man/man3c/stdio.3c b/usr/src/man/man3c/stdio.3c
index 4c9b951627..d75bc0dc28 100644
--- a/usr/src/man/man3c/stdio.3c
+++ b/usr/src/man/man3c/stdio.3c
@@ -5,7 +5,7 @@
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 .TH stdio 3C "18 May 2005" "SunOS 5.11" "Standard C Library Functions"
 .SH NAME
-stdio \- standard buffered input/output package
+stdio, stdin, stdout, stderr \- standard buffered input/output package
 .SH SYNOPSIS
 .LP
 .nf
diff --git a/usr/src/man/man4/Makefile b/usr/src/man/man4/Makefile
index 6c753abffe..fce9cb3a00 100644
--- a/usr/src/man/man4/Makefile
+++ b/usr/src/man/man4/Makefile
@@ -9,7 +9,10 @@
 # at http://www.illumos.org/license/CDDL.
 #
 
+#
 # Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 include ../../Makefile.master
 
@@ -63,7 +66,6 @@ COMMON_MANFILES = 	Intro.4				\
 		 	ds.log.4			\
 		 	ethers.4			\
 		 	exec_attr.4			\
-		 	fd.4				\
 		 	fdi.4				\
 		 	format.dat.4			\
 		 	fspec.4				\
@@ -83,6 +85,8 @@ COMMON_MANFILES = 	Intro.4				\
 		 	holidays.4			\
 		 	hosts.4				\
 		 	hosts.equiv.4			\
+			hosts_access.4			\
+			hosts_options.4			\
 		 	ib.4				\
 		 	ike.config.4			\
 		 	ike.preshared.4			\
@@ -226,6 +230,8 @@ MANSOFILES =	addresses.4			\
 		fbtab.4				\
 		forward.4			\
 		fs.4				\
+		hosts.allow.4			\
+		hosts.deny.4			\
 		intro.4				\
 		md.cf.4				\
 		mdi_ib_cache.4			\
@@ -262,6 +268,9 @@ dir.4				:= SOSRC = man4/dir_ufs.4
 
 rhosts.4			:= SOSRC = man4/hosts.equiv.4
 
+hosts.allow.4			:= SOSRC = man4/hosts_access.4
+hosts.deny.4			:= SOSRC = man4/hosts_access.4
+
 fbtab.4				:= SOSRC = man4/logindevperm.4
 
 md.cf.4				:= SOSRC = man4/md.tab.4
@@ -288,5 +297,3 @@ volume-defaults.4		:= SOSRC = man4/volume-request.4
 include ../Makefile.man
 
 install: $(ROOTMANFILES)
-
-
diff --git a/usr/src/cmd/tcpd/hosts_access.5 b/usr/src/man/man4/hosts_access.4
index 9ea58ab61a..20f0a6ef40 100644
--- a/usr/src/cmd/tcpd/hosts_access.5
+++ b/usr/src/man/man4/hosts_access.4
@@ -1,4 +1,9 @@
-.TH HOSTS_ACCESS 5
+'\" t
+.\"
+.\" Modified for Solaris to to add the Solaris stability classification,
+.\" and to add a note about source availability.
+.\" 
+.TH HOSTS_ACCESS 4
 .SH NAME
 hosts_access \- format of host access control files
 .SH DESCRIPTION
@@ -9,7 +14,7 @@ impatient reader is encouraged to skip to the EXAMPLES section for a
 quick introduction.
 .PP
 An extended version of the access control language is described in the
-\fIhosts_options\fR(5) document. The extensions are turned on at
+\fIhosts_options\fR(4) document. The extensions are turned on at
 program build time by building with -DPROCESS_OPTIONS.
 .PP
 In the following text, \fIdaemon\fR is the the process name of a
@@ -141,7 +146,7 @@ Shell commands should not rely on the PATH setting of the inetd.
 Instead, they should use absolute path names, or they should begin with
 an explicit PATH=whatever statement.
 .PP
-The \fIhosts_options\fR(5) document describes an alternative language
+The \fIhosts_options\fR(4) document describes an alternative language
 that uses the shell command field in a different and incompatible way.
 .SH % EXPANSIONS
 The following expansions are available within shell commands:
@@ -180,7 +185,7 @@ Patterns like these can be used when the machine has different internet
 addresses with different internet hostnames.  Service providers can use
 this facility to offer FTP, GOPHER or WWW archives with internet names
 that may even belong to different organizations. See also the `twist'
-option in the hosts_options(5) document. Some systems (Solaris,
+option in the hosts_options(4) document. Some systems (Solaris,
 FreeBSD) can have more than one internet address on one physical
 interface; with other systems you may have to resort to SLIP or PPP
 pseudo interfaces that live in a dedicated network address space.
@@ -365,8 +370,8 @@ that shouldn\'t.  All problems are reported via the syslog daemon.
 .fi
 .SH SEE ALSO
 .nf
-tcpd(8) tcp/ip daemon wrapper program.
-tcpdchk(8), tcpdmatch(8), test programs.
+tcpd(1M) tcp/ip daemon wrapper program.
+tcpdchk(1M), tcpdmatch(1M), test programs.
 .SH BUGS
 If a name server lookup times out, the host name will not be available
 to the access control software, even though the host is registered.
@@ -382,3 +387,19 @@ Eindhoven University of Technology
 Den Dolech 2, P.O. Box 513, 
 5600 MB Eindhoven, The Netherlands
 \" @(#) hosts_access.5 1.20 95/01/30 19:51:46
+.\" Begin Sun update
+.SH ATTRIBUTES
+See
+.BR attributes (5)
+for descriptions of the following attributes:
+.sp
+.TS
+box;
+cbp-1 | cbp-1
+l | l .
+ATTRIBUTE TYPE	ATTRIBUTE VALUE
+=
+Interface Stability	Committed
+.TE 
+Source for tcp_wrappers is available in the SUNWtcpdS package.
+.\" End Sun update
diff --git a/usr/src/cmd/tcpd/hosts_options.5 b/usr/src/man/man4/hosts_options.4
index 3bd189ee05..3126505b8b 100644
--- a/usr/src/cmd/tcpd/hosts_options.5
+++ b/usr/src/man/man4/hosts_options.4
@@ -1,9 +1,14 @@
-.TH HOSTS_OPTIONS 5
+'\" t
+.\"
+.\" Modified for Solaris to to add the Solaris stability classification,
+.\" and to add a note about source availability.
+.\" 
+.TH HOSTS_OPTIONS 4
 .SH NAME
 hosts_options \- host access control language extensions
 .SH DESCRIPTION
 This document describes optional extensions to the language described
-in the hosts_access(5) document. The extensions are enabled at program
+in the hosts_access(4) document. The extensions are enabled at program
 build time. For example, by editing the Makefile and turning on the 
 PROCESS_OPTIONS compile-time option.
 .PP
@@ -12,7 +17,7 @@ The extensible language uses the following format:
 .ti +3
 daemon_list : client_list : option : option ...
 .PP
-The first two fields are described in the hosts_access(5) manual page.
+The first two fields are described in the hosts_access(4) manual page.
 The remainder of the rules is a list of zero or more options.  Any ":"
 characters within options should be protected with a backslash.
 .PP
@@ -56,7 +61,7 @@ Notice the leading dot on the domain name patterns.
 .SH RUNNING OTHER COMMANDS
 .IP "spawn shell_command"
 Execute, in a child process, the specified shell command, after
-performing the %<letter> expansions described in the hosts_access(5)
+performing the %<letter> expansions described in the hosts_access(4)
 manual page.  The command is executed with stdin, stdout and stderr
 connected to the null device, so that it won\'t mess up the
 conversation with the client host. Example:
@@ -78,7 +83,7 @@ the data sent by the remote host.
 .IP "twist shell_command"
 Replace the current process by an instance of the specified shell
 command, after performing the %<letter> expansions described in the
-hosts_access(5) manual page.  Stdin, stdout and stderr are connected to
+hosts_access(4) manual page.  Stdin, stdout and stderr are connected to
 the client process. This option must appear at the end of a rule.
 .sp
 To send a customized bounce message to the client instead of
@@ -128,7 +133,7 @@ Look for a file in `/some/directory' with the same name as the daemon
 process (for example in.telnetd for the telnet service), and copy its
 contents to the client. Newline characters are replaced by
 carriage-return newline, and %<letter> sequences are expanded (see
-the hosts_access(5) manual page).
+the hosts_access(4) manual page).
 .sp
 The tcp wrappers source code distribution provides a sample makefile
 (Banners.Makefile) for convenient banner maintenance.
@@ -160,7 +165,7 @@ When a syntax error is found in an access control rule, the error
 is reported to the syslog daemon; further options will be ignored,
 and service is denied.
 .SH SEE ALSO
-hosts_access(5), the default access control language
+hosts_access(4), the default access control language
 .SH AUTHOR
 .na
 .nf
@@ -170,3 +175,18 @@ Eindhoven University of Technology
 Den Dolech 2, P.O. Box 513, 
 5600 MB Eindhoven, The Netherlands
 \" @(#) hosts_options.5 1.10 94/12/28 17:42:28
+.\" Begin Sun update
+.SH ATTRIBUTES
+See
+.BR attributes (5)
+for descriptions of the following attributes:
+.sp
+.TS
+box;
+cbp-1 | cbp-1
+l | l .
+ATTRIBUTE TYPE	ATTRIBUTE VALUE
+=
+Interface Stability	Committed
+.TE 
+.\" End Sun update
diff --git a/usr/src/man/man4b/Makefile b/usr/src/man/man4b/Makefile
deleted file mode 100644
index 632895acf1..0000000000
--- a/usr/src/man/man4b/Makefile
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# This file and its contents are supplied under the terms of the
-# Common Development and Distribution License ("CDDL"), version 1.0.
-# You may only use this file in accordance with the terms of version
-# 1.0 of the CDDL.
-#
-# A full copy of the text of the CDDL should have accompanied this
-# source.  A copy of the CDDL is also available via the Internet
-# at http://www.illumos.org/license/CDDL.
-#
-
-# Copyright 2011, Richard Lowe
-
-include ../../Makefile.master
-
-MANSECT = 	4b
-
-MANFILES = 	plot.4b
-
-.KEEP_STATE:
-
-include ../Makefile.man
-
-install: $(ROOTMANFILES)
diff --git a/usr/src/man/man4b/plot.4b b/usr/src/man/man4b/plot.4b
deleted file mode 100644
index f1dd2ed3bb..0000000000
--- a/usr/src/man/man4b/plot.4b
+++ /dev/null
@@ -1,197 +0,0 @@
-'\" te
-.\" Copyright (C) 2003, Sun Microsystems, Inc. All Rights Reserved
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH plot 4B "18 Feb 2003" "SunOS 5.11" "SunOS/BSD Compatibility Package File Formats"
-.SH NAME
-plot \- graphics interface
-.SH DESCRIPTION
-.sp
-.LP
-Files of this format  are interpreted for various devices by commands described
-in \fBplot\fR(1B). A graphics file is a stream of plotting instructions. Each
-instruction consists of an \fBASCII\fR letter usually followed by bytes of
-binary information. The instructions are executed in order. A point is
-designated by four bytes representing the \fIx\fR and \fIy\fR values; each
-value is a signed integer. The last designated point in an \fBl\fR, \fBm\fR,
-\fBn\fR, or \fBp\fR instruction becomes the ``current point'' for the next
-instruction.
-.sp
-.ne 2
-.mk
-.na
-\fB\fBm\fR \fR
-.ad
-.RS 6n
-.rt  
-Move: the next four bytes give a new current point.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBn\fR \fR
-.ad
-.RS 6n
-.rt  
-Cont: draw a line from the current point to the point given by the next four
-bytes. See \fBplot\fR(1B).
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBp\fR \fR
-.ad
-.RS 6n
-.rt  
-Point: plot the point given by the next four bytes.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBl\fR \fR
-.ad
-.RS 6n
-.rt  
-Line: draw a line from the point given by the next four bytes to the point
-given by the following four bytes.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBt\fR \fR
-.ad
-.RS 6n
-.rt  
-Label: place the following \fBASCII\fR string so that its first character falls
-on the current point. The string is terminated by a \fBNEWLINE.\fR
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBa\fR \fR
-.ad
-.RS 6n
-.rt  
-Arc: the first four bytes give the center, the next four give the starting
-point, and the last four give the end point of a circular arc. The least
-significant coordinate of the end point is used only to determine the quadrant.
-The arc is drawn counter-clockwise.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBc\fR \fR
-.ad
-.RS 6n
-.rt  
-Circle: the first four bytes give the center of the circle, the next two the
-radius.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBe\fR \fR
-.ad
-.RS 6n
-.rt  
-Erase: start another frame of output.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBf\fR \fR
-.ad
-.RS 6n
-.rt  
-Linemod: take the following string, up to a \fBNEWLINE,\fR as the style for
-drawing further lines. The styles are ``dotted,'' ``solid,'' ``longdashed,''
-``shortdashed,'' and ``dotdashed.'' Effective only in \fBplot\fR \fB4014\fR and
-\fBplot ver\fR.
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBs\fR \fR
-.ad
-.RS 6n
-.rt  
-Space: the next four bytes give the lower left corner of the plotting area; the
-following four give the upper right corner. The plot will be magnified or
-reduced to fit the device as closely as possible.
-.sp
-Space settings that exactly fill the plotting area with unity scaling appear
-below for devices supported by the filters of \fBplot\fR(1B). The upper limit
-is just outside the plotting area.
-.RE
-
-.sp
-.LP
-In every case the plotting area is taken to be square; points outside may be
-displayable on devices whose face is not square.
-.sp
-.ne 2
-.mk
-.na
-\fB\fB4014\fR \fR
-.ad
-.RS 14n
-.rt  
-\fBspace(0,\fR \fB0,\fR \fB3120,\fR \fB3120);\fR
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fBver\fR \fR
-.ad
-.RS 14n
-.rt  
-\fBspace(0,\fR \fB0,\fR \fB2048,\fR \fB2048);\fR
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB300\fR,\fB 300s\fR \fR
-.ad
-.RS 14n
-.rt  
-\fBspace(0,\fR \fB0,\fR \fB4096,\fR \fB4096);\fR
-.RE
-
-.sp
-.ne 2
-.mk
-.na
-\fB\fB450\fR \fR
-.ad
-.RS 14n
-.rt  
-\fBspace(0,\fR \fB0,\fR \fB4096,\fR \fB4096);\fR
-.RE
-
-.SH SEE ALSO
-.sp
-.LP
-\fBgraph\fR(1), \fBplot\fR(1B)
diff --git a/usr/src/man/man7d/si3124.7d b/usr/src/man/man7d/si3124.7d
index e687f12f27..739ff6d0fe 100644
--- a/usr/src/man/man7d/si3124.7d
+++ b/usr/src/man/man7d/si3124.7d
@@ -5,7 +5,7 @@
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 .TH si3124 7D "17 August 2007" "SunOS 5.11" "Devices"
 .SH NAME
-si3124 \- SiliconImage 3124/3132 SATA controller driver
+si3124 \- SiliconImage 3124/3132/3531 SATA controller driver
 .SH SYNOPSIS
 .LP
 .nf
@@ -16,7 +16,7 @@ si3124 \- SiliconImage 3124/3132 SATA controller driver
 .sp
 .LP
 The \fBsi3124\fR driver is a \fBSATA\fR framework-compliant HBA driver that
-supports Silicon Image 3124 and 3132 \fBSATA\fR controllers. Note that while
+supports Silicon Image 3124, 3132 and 3531 \fBSATA\fR controllers. Note that while
 the Silicon Image controllers supports standard \fBSATA\fR features including
 SATA-II disks, NCQ, hotplug, port multiplier and ATAPI disks, the \fBsi3124\fR
 driver currently does not support NCQ, port multiplier or ATAPI features.
diff --git a/usr/src/man/man7fs/Makefile b/usr/src/man/man7fs/Makefile
index e17aca0d0a..dc3755ed0d 100644
--- a/usr/src/man/man7fs/Makefile
+++ b/usr/src/man/man7fs/Makefile
@@ -9,7 +9,10 @@
 # at http://www.illumos.org/license/CDDL.
 #
 
+#
 # Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 include ../../Makefile.master
 
@@ -19,6 +22,7 @@ MANFILES = 	ctfs.7fs	\
 	 	dcfs.7fs	\
 	 	dev.7fs		\
 	 	devfs.7fs	\
+		fd.7fs		\
 	 	hsfs.7fs	\
 	 	lofs.7fs	\
 	 	objfs.7fs	\
@@ -29,10 +33,18 @@ MANFILES = 	ctfs.7fs	\
 	 	udfs.7fs	\
 	 	ufs.7fs
 
+MANSOFILES =	stderr.7fs	\
+		stdin.7fs	\
+		stdout.7fs
+
+MANFILES +=	$(MANSOFILES)
+
+stderr.7fs	:= SOSRC = man7fs/fd.7fs
+stdin.7fs	:= SOSRC = man7fs/fd.7fs
+stdout.7fs	:= SOSRC = man7fs/fd.7fs
+
 .KEEP_STATE:
 
 include ../Makefile.man
 
 install: $(ROOTMANFILES)
-
-
diff --git a/usr/src/man/man4/fd.4 b/usr/src/man/man7fs/fd.7fs
index e7137fed3a..8a9c044c0f 100644
--- a/usr/src/man/man4/fd.4
+++ b/usr/src/man/man7fs/fd.7fs
@@ -4,9 +4,9 @@
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH fd 4 "3 Jul 1990" "SunOS 5.11" "File Formats"
+.TH fd 7fs "3 Jul 1990" "SunOS 5.11" "File Systems"
 .SH NAME
-fd \- file descriptor files
+fd, stdin, stdout, stderr \- file descriptor files
 .SH DESCRIPTION
 .sp
 .LP
diff --git a/usr/src/man/man7p/tcp.7p b/usr/src/man/man7p/tcp.7p
index 578bc2d474..5e1a6e8a8f 100644
--- a/usr/src/man/man7p/tcp.7p
+++ b/usr/src/man/man7p/tcp.7p
@@ -1,5 +1,6 @@
 '\" te
 .\" Copyright (c) 2006, Sun Microsystems, Inc. All Rights Reserved.
+.\" Copyright (c) 2011 Nexenta Systems, Inc. All rights reserved.
 .\" Copyright 1989 AT&T
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
@@ -344,6 +345,14 @@ integer in milliseconds. The value zero indicates that TCP should never time
 out and abort the connection when probing. The system default is controlled by
 the TCP ndd parameter tcp_keepalive_abort_interval. The default is eight
 minutes.
+.sp
+.LP
+socket options TCP_KEEPIDLE, TCP_KEEPCNT and TCP_KEEPINTVL are also supported
+for compatibility with other Unix Flavors. TCP_KEEPIDLE option specifies the
+interval in seconds for sending out the first keep-alive probe. TCP_KEEPCNT
+specifies the number of keep-alive probes to be sent before aborting the
+connection in the event of no response from peer. TCP_KEEPINTVL specifies the
+interval in seconds between successive keep-alive probes.
 .SH SEE ALSO
 .sp
 .LP
@@ -385,7 +394,7 @@ A socket operation may fail if:
 \fB\fBEISCONN\fR\fR
 .ad
 .RS 17n
-.rt  
+.rt
 A \fBconnect()\fR operation was attempted on a socket on which a
 \fBconnect()\fR operation had already been performed.
 .RE
@@ -397,7 +406,7 @@ A \fBconnect()\fR operation was attempted on a socket on which a
 \fB\fBETIMEDOUT\fR\fR
 .ad
 .RS 17n
-.rt  
+.rt
 A connection was dropped due to excessive retransmissions.
 .RE
 
@@ -408,7 +417,7 @@ A connection was dropped due to excessive retransmissions.
 \fB\fBECONNRESET\fR\fR
 .ad
 .RS 17n
-.rt  
+.rt
 The remote peer forced the connection to be closed (usually because the remote
 machine has lost state information about the connection due to a crash).
 .RE
@@ -420,7 +429,7 @@ machine has lost state information about the connection due to a crash).
 \fB\fBECONNREFUSED\fR\fR
 .ad
 .RS 17n
-.rt  
+.rt
 The remote peer actively refused connection establishment (usually because no
 process is listening to the port).
 .RE
@@ -432,7 +441,7 @@ process is listening to the port).
 \fB\fBEADDRINUSE\fR\fR
 .ad
 .RS 17n
-.rt  
+.rt
 A \fBbind()\fR operation was attempted on a socket with a network address/port
 pair that has already been bound to another socket.
 .RE
@@ -444,7 +453,7 @@ pair that has already been bound to another socket.
 \fB\fBEADDRNOTAVAIL\fR\fR
 .ad
 .RS 17n
-.rt  
+.rt
 A \fBbind()\fR operation was attempted on a socket with a network address for
 which no network interface exists.
 .RE
@@ -456,7 +465,7 @@ which no network interface exists.
 \fB\fBEACCES\fR\fR
 .ad
 .RS 17n
-.rt  
+.rt
 A \fBbind()\fR operation was attempted with a "reserved" port number and the
 effective user \fBID\fR of the process was not the privileged user.
 .RE
@@ -468,7 +477,7 @@ effective user \fBID\fR of the process was not the privileged user.
 \fB\fBENOBUFS\fR\fR
 .ad
 .RS 17n
-.rt  
+.rt
 The system ran out of memory for internal data structures.
 .RE
 
diff --git a/usr/src/pkg/manifests/SUNWcs.man1.inc b/usr/src/pkg/manifests/SUNWcs.man1.inc
index 9e09f3389d..01e0f9b2bc 100644
--- a/usr/src/pkg/manifests/SUNWcs.man1.inc
+++ b/usr/src/pkg/manifests/SUNWcs.man1.inc
@@ -266,21 +266,15 @@ file path=usr/share/man/man1/suspend.1
 file path=usr/share/man/man1/svcprop.1
 file path=usr/share/man/man1/svcs.1
 file path=usr/share/man/man1/switch.1
-file path=usr/share/man/man1/t300.1
-file path=usr/share/man/man1/t300s.1
-file path=usr/share/man/man1/t4014.1
-file path=usr/share/man/man1/t450.1
 file path=usr/share/man/man1/tabs.1
 file path=usr/share/man/man1/tail.1
 file path=usr/share/man/man1/tar.1
 file path=usr/share/man/man1/tee.1
-file path=usr/share/man/man1/tek.1
 file path=usr/share/man/man1/test.1
 file path=usr/share/man/man1/time.1
 file path=usr/share/man/man1/times.1
 file path=usr/share/man/man1/tip.1
 file path=usr/share/man/man1/touch.1
-file path=usr/share/man/man1/tplot.1
 file path=usr/share/man/man1/tput.1
 file path=usr/share/man/man1/tr.1
 file path=usr/share/man/man1/trap.1
@@ -315,7 +309,6 @@ file path=usr/share/man/man1/valuid.1
 file path=usr/share/man/man1/valyorn.1
 file path=usr/share/man/man1/vax.1
 file path=usr/share/man/man1/vedit.1
-file path=usr/share/man/man1/ver.1
 file path=usr/share/man/man1/w.1
 file path=usr/share/man/man1/wait.1
 file path=usr/share/man/man1/wc.1
diff --git a/usr/src/pkg/manifests/SUNWcs.man4.inc b/usr/src/pkg/manifests/SUNWcs.man4.inc
index 61e9a4d9e2..8e2708ab24 100644
--- a/usr/src/pkg/manifests/SUNWcs.man4.inc
+++ b/usr/src/pkg/manifests/SUNWcs.man4.inc
@@ -9,7 +9,10 @@
 # at http://www.illumos.org/license/CDDL.
 #
 
+#
 # Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 file path=usr/share/man/man4/Intro.4
 file path=usr/share/man/man4/TIMEZONE.4
@@ -40,7 +43,6 @@ file path=usr/share/man/man4/dumpdates.4
 file path=usr/share/man/man4/ethers.4
 file path=usr/share/man/man4/exec_attr.4
 file path=usr/share/man/man4/fbtab.4
-file path=usr/share/man/man4/fd.4
 file path=usr/share/man/man4/format.dat.4
 file path=usr/share/man/man4/fs.4
 file path=usr/share/man/man4/fspec.4
diff --git a/usr/src/pkg/manifests/SUNWcs.mf b/usr/src/pkg/manifests/SUNWcs.mf
index 013f19e083..ff84521970 100644
--- a/usr/src/pkg/manifests/SUNWcs.mf
+++ b/usr/src/pkg/manifests/SUNWcs.mf
@@ -237,12 +237,12 @@ dir path=usr/sadm/sysadm/bin
 dir path=usr/sbin
 $(i386_ONLY)dir path=usr/sbin/$(ARCH32)
 dir path=usr/sbin/$(ARCH64)
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/doc group=other
 dir path=usr/share/doc/ksh
 dir path=usr/share/doc/ksh/images
 dir path=usr/share/doc/ksh/images/callouts
-dir path=usr/share/lib group=sys
+dir path=usr/share/lib
 dir path=usr/share/lib/mailx
 dir path=usr/share/lib/pub
 dir path=usr/share/lib/tabset
@@ -824,6 +824,7 @@ file path=usr/bin/kbd mode=0555
 file path=usr/bin/keylogin mode=0555
 file path=usr/bin/keylogout mode=0555
 file path=usr/bin/kmfcfg mode=0555
+file path=usr/bin/kvmstat mode=0555
 file path=usr/bin/line mode=0555
 file path=usr/bin/listdgrp mode=0555
 file path=usr/bin/listusers mode=0555
diff --git a/usr/src/pkg/manifests/SUNWperl584usr.mf b/usr/src/pkg/manifests/SUNWperl584usr.mf
deleted file mode 100644
index bbd3062db4..0000000000
--- a/usr/src/pkg/manifests/SUNWperl584usr.mf
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-
-#
-# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
-#
-
-set name=pkg.fmri value=pkg:/SUNWperl584usr@5.8.4,5.11-0.133
-set name=pkg.renamed value=true
-set name=variant.arch value=$(ARCH)
-depend fmri=pkg:/runtime/perl-584/extra@5.8.4,5.11-0.133 type=require
diff --git a/usr/src/pkg/manifests/SUNWpppgS.mf b/usr/src/pkg/manifests/SUNWpppgS.mf
index 5d35d24da5..d317186cc9 100644
--- a/usr/src/pkg/manifests/SUNWpppgS.mf
+++ b/usr/src/pkg/manifests/SUNWpppgS.mf
@@ -21,9 +21,10 @@
 
 #
 # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
-set name=pkg.fmri value=pkg:/SUNWpppgS@0.5.11,5.11-0.133
-set name=pkg.renamed value=true
+# Was renamed to source/network/pppdump, both now obsolete.
+set name=pkg.fmri value=pkg:/SUNWpppgS@0.5.11,5.11-0.148
+set name=pkg.obsolete value=true
 set name=variant.arch value=$(ARCH)
-depend fmri=pkg:/source/network/pppdump@0.5.11,5.11-0.133 type=require
diff --git a/usr/src/pkg/manifests/SUNWtcpdS.mf b/usr/src/pkg/manifests/SUNWtcpdS.mf
index 5712b74111..3c8b6e4e04 100644
--- a/usr/src/pkg/manifests/SUNWtcpdS.mf
+++ b/usr/src/pkg/manifests/SUNWtcpdS.mf
@@ -21,9 +21,10 @@
 
 #
 # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
-set name=pkg.fmri value=pkg:/SUNWtcpdS@7.6,5.11-0.133
-set name=pkg.renamed value=true
+# Was renamed to source/security/tcp-wrapper, both now obsolete.
+set name=pkg.fmri value=pkg:/SUNWtcpdS@7.6,5.11-0.148
+set name=pkg.obsolete value=true
 set name=variant.arch value=$(ARCH)
-depend fmri=pkg:/source/security/tcp-wrapper@7.6,5.11-0.133 type=require
diff --git a/usr/src/pkg/manifests/compatibility-ucb.mf b/usr/src/pkg/manifests/compatibility-ucb.mf
index e70965e67b..a98d38d698 100644
--- a/usr/src/pkg/manifests/compatibility-ucb.mf
+++ b/usr/src/pkg/manifests/compatibility-ucb.mf
@@ -69,7 +69,6 @@ file path=usr/share/man/man1b/lprm.1b
 file path=usr/share/man/man1b/lptest.1b
 file path=usr/share/man/man1b/mail.1b
 file path=usr/share/man/man1b/mkstr.1b
-file path=usr/share/man/man1b/plot.1b
 file path=usr/share/man/man1b/printenv.1b
 file path=usr/share/man/man1b/ps.1b
 file path=usr/share/man/man1b/reset.1b
diff --git a/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf b/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf
index d71b969f94..cd9fd8743e 100644
--- a/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf
+++ b/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf
@@ -46,8 +46,8 @@ dir path=usr/lib/locale
 dir path=usr/lib/locale/C
 dir path=usr/lib/locale/C/LC_MESSAGES
 dir path=usr/lib/locale/C/LC_TIME
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/locale
 dir path=usr/share/lib/locale/com
 dir path=usr/share/lib/locale/com/sun
diff --git a/usr/src/pkg/manifests/crypto-ca-certificates.mf b/usr/src/pkg/manifests/crypto-ca-certificates.mf
index bd3f579982..e1741a5b21 100644
--- a/usr/src/pkg/manifests/crypto-ca-certificates.mf
+++ b/usr/src/pkg/manifests/crypto-ca-certificates.mf
@@ -31,7 +31,6 @@ set name=pkg.summary \
 set name=info.classification \
     value=org.opensolaris.category.2008:System/Security
 set name=variant.arch value=$(ARCH)
-set name=variant.opensolaris.zone value=global value=nonglobal
 dir path=etc group=sys
 dir path=etc/certs group=sys
 dir path=etc/certs/CA group=sys
diff --git a/usr/src/pkg/manifests/developer-dtrace.mf b/usr/src/pkg/manifests/developer-dtrace.mf
index d8eac84188..2b1d42fa27 100644
--- a/usr/src/pkg/manifests/developer-dtrace.mf
+++ b/usr/src/pkg/manifests/developer-dtrace.mf
@@ -48,8 +48,8 @@ dir path=usr/lib/mdb/raw/$(ARCH64) group=sys
 dir path=usr/sbin
 dir path=usr/sbin/$(ARCH32)
 dir path=usr/sbin/$(ARCH64)
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/java group=sys
 dir path=usr/share/lib/java/javadoc group=other
 dir path=usr/share/lib/java/javadoc/dtrace group=other
diff --git a/usr/src/pkg/manifests/developer-object-file.mf b/usr/src/pkg/manifests/developer-object-file.mf
index 1c7fdfa043..8ef4a09898 100644
--- a/usr/src/pkg/manifests/developer-object-file.mf
+++ b/usr/src/pkg/manifests/developer-object-file.mf
@@ -40,8 +40,8 @@ dir path=usr/lib
 dir path=usr/lib/$(ARCH64)
 dir path=usr/lib/elfedit
 dir path=usr/lib/elfedit/$(ARCH64)
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/ccs
 dir path=usr/share/man/man1
 file path=usr/bin/$(ARCH64)/ar mode=0555
diff --git a/usr/src/pkg/manifests/driver-storage-si3124.mf b/usr/src/pkg/manifests/driver-storage-si3124.mf
index bf6bbb6d7b..6c860d7961 100644
--- a/usr/src/pkg/manifests/driver-storage-si3124.mf
+++ b/usr/src/pkg/manifests/driver-storage-si3124.mf
@@ -41,7 +41,8 @@ dir path=usr/share/man
 dir path=usr/share/man/man7d
 driver name=si3124 class=scsi-self-identifying perms="* 0644 root sys" \
     alias=pci1095,3124 \
-    alias=pci1095,3132
+    alias=pci1095,3132 \
+    alias=pci1095,3531
 file path=kernel/drv/$(ARCH64)/si3124 group=sys
 file path=kernel/drv/si3124 group=sys
 file path=usr/share/man/man7d/si3124.7d
diff --git a/usr/src/pkg/manifests/driver-usb.mf b/usr/src/pkg/manifests/driver-usb.mf
index 94907dc676..1051079159 100644
--- a/usr/src/pkg/manifests/driver-usb.mf
+++ b/usr/src/pkg/manifests/driver-usb.mf
@@ -52,7 +52,7 @@ dir path=lib/svc/manifest/system group=sys
 dir path=lib/svc/method
 dir path=sbin group=sys
 dir path=usr group=sys
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/man
 dir path=usr/share/man/man7m
 dir path=usr/share/man/man9f
diff --git a/usr/src/pkg/manifests/install-beadm.mf b/usr/src/pkg/manifests/install-beadm.mf
index 09b65f21cb..c31c2abd99 100644
--- a/usr/src/pkg/manifests/install-beadm.mf
+++ b/usr/src/pkg/manifests/install-beadm.mf
@@ -36,7 +36,7 @@ dir path=usr/lib/python2.6
 dir path=usr/lib/python2.6/vendor-packages
 dir path=usr/lib/python2.6/vendor-packages/beadm
 dir path=usr/sbin
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/man
 dir path=usr/share/man/man1m
 file path=sbin/beadm mode=0555
diff --git a/usr/src/pkg/manifests/library-demo-audio-samples.mf b/usr/src/pkg/manifests/library-demo-audio-samples.mf
index 153679dc34..e1232cfeb3 100644
--- a/usr/src/pkg/manifests/library-demo-audio-samples.mf
+++ b/usr/src/pkg/manifests/library-demo-audio-samples.mf
@@ -31,7 +31,7 @@ set name=variant.arch value=$(ARCH)
 dir path=usr group=sys
 dir path=usr/demo
 dir path=usr/demo/SOUND
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/audio
 dir path=usr/share/audio/samples
 dir path=usr/share/audio/samples/au
diff --git a/usr/src/pkg/manifests/library-security-tcp-wrapper.mf b/usr/src/pkg/manifests/library-security-tcp-wrapper.mf
index 5cd98aa2d8..c1bee96a62 100644
--- a/usr/src/pkg/manifests/library-security-tcp-wrapper.mf
+++ b/usr/src/pkg/manifests/library-security-tcp-wrapper.mf
@@ -33,7 +33,7 @@ set name=info.classification value=org.opensolaris.category.2008:System/Core
 set name=variant.arch value=$(ARCH)
 dir path=usr group=sys
 dir path=usr/sbin
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/man
 dir path=usr/share/man/man1m
 dir path=usr/share/man/man3
diff --git a/usr/src/pkg/manifests/locale-en-extra.mf b/usr/src/pkg/manifests/locale-en-extra.mf
index 213a24feb7..030f965b3f 100644
--- a/usr/src/pkg/manifests/locale-en-extra.mf
+++ b/usr/src/pkg/manifests/locale-en-extra.mf
@@ -113,7 +113,6 @@ file path=usr/lib/locale/en_IE.ISO8859-15/LC_MONETARY/LCL_DATA mode=0444
 file path=usr/lib/locale/en_IE.ISO8859-15/LC_NUMERIC/LCL_DATA mode=0444
 file path=usr/lib/locale/en_IE.ISO8859-15/LC_TIME/LCL_DATA mode=0444
 file path=usr/lib/locale/en_NZ.ISO8859-1/LC_COLLATE/LCL_DATA mode=0444
-file path=usr/lib/locale/en_NZ.ISO8859-1/LC_COLLATE/LCL_DATA mode=0444
 file path=usr/lib/locale/en_NZ.ISO8859-1/LC_CTYPE/LCL_DATA mode=0444
 file path=usr/lib/locale/en_NZ.ISO8859-1/LC_MESSAGES/LCL_DATA mode=0444
 file path=usr/lib/locale/en_NZ.ISO8859-1/LC_MONETARY/LCL_DATA mode=0444
diff --git a/usr/src/pkg/manifests/network-ipfilter.mf b/usr/src/pkg/manifests/network-ipfilter.mf
index b7c33a07a3..2af86b92df 100644
--- a/usr/src/pkg/manifests/network-ipfilter.mf
+++ b/usr/src/pkg/manifests/network-ipfilter.mf
@@ -47,7 +47,7 @@ dir path=usr/lib/ipf/$(ARCH64) group=sys
 dir path=usr/sbin
 $(i386_ONLY)dir path=usr/sbin/$(ARCH32)
 dir path=usr/sbin/$(ARCH64)
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/ipfilter
 dir path=usr/share/ipfilter/examples
 dir path=usr/share/man
diff --git a/usr/src/pkg/manifests/print-lp-print-client-commands.mf b/usr/src/pkg/manifests/print-lp-print-client-commands.mf
index cd6f930019..94fa5d31bc 100644
--- a/usr/src/pkg/manifests/print-lp-print-client-commands.mf
+++ b/usr/src/pkg/manifests/print-lp-print-client-commands.mf
@@ -36,7 +36,7 @@ dir path=usr/lib
 dir path=usr/lib/lp group=lp
 dir path=usr/lib/lp/bin group=lp
 dir path=usr/sbin
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/applications group=other
 dir path=usr/share/gnome group=other
 dir path=usr/share/gnome/autostart
diff --git a/usr/src/pkg/manifests/print-lp.mf b/usr/src/pkg/manifests/print-lp.mf
index 4b05b632eb..2e8347afa3 100644
--- a/usr/src/pkg/manifests/print-lp.mf
+++ b/usr/src/pkg/manifests/print-lp.mf
@@ -54,8 +54,8 @@ dir path=usr/lib/lp/local group=lp
 dir path=usr/lib/lp/model group=lp
 dir path=usr/lib/print group=lp
 dir path=usr/sbin
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/terminfo
 dir path=usr/share/lib/terminfo/4
 dir path=usr/share/lib/terminfo/5
diff --git a/usr/src/pkg/manifests/runtime-perl-510-module-sun-solaris.mf b/usr/src/pkg/manifests/runtime-perl-510-module-sun-solaris.mf
index 4ded6c4db0..e3899310ef 100644
--- a/usr/src/pkg/manifests/runtime-perl-510-module-sun-solaris.mf
+++ b/usr/src/pkg/manifests/runtime-perl-510-module-sun-solaris.mf
@@ -34,7 +34,6 @@ set name=pkg.summary value="Perl 5.10.0 Sun::Solaris Modules"
 set name=info.classification \
     value=org.opensolaris.category.2008:Development/Perl
 set name=variant.arch value=$(ARCH)
-set name=variant.opensolaris.zone value=global value=nonglobal
 dir path=usr group=sys
 dir path=usr/bin
 dir path=usr/perl5
@@ -153,5 +152,4 @@ file path=usr/share/man/man3perl/Ucred.3perl
 license cr_Sun license=cr_Sun
 license usr/src/cmd/perl/THIRDPARTYLICENSE \
     license=usr/src/cmd/perl/THIRDPARTYLICENSE
-depend fmri=runtime/perl-510 type=require
 depend fmri=runtime/perl-510/extra type=require
diff --git a/usr/src/pkg/manifests/service-fault-management-smtp-notify.mf b/usr/src/pkg/manifests/service-fault-management-smtp-notify.mf
index b005a71430..d44967e0f6 100644
--- a/usr/src/pkg/manifests/service-fault-management-smtp-notify.mf
+++ b/usr/src/pkg/manifests/service-fault-management-smtp-notify.mf
@@ -30,7 +30,6 @@ set name=pkg.summary value="Email Notification Daemon for System Events"
 set name=info.classification \
     value="org.opensolaris.category.2008:System/Administration and Configuration"
 set name=variant.arch value=$(ARCH)
-set name=variant.opensolaris.zone value=global value=nonglobal
 dir path=lib/svc/manifest/system group=sys
 dir path=lib/svc/manifest/system/fm group=sys
 dir path=usr/lib
@@ -41,12 +40,3 @@ file path=usr/lib/fm/notify/process_msg_template.sh mode=0555
 file path=usr/lib/fm/notify/smtp-notify mode=0555
 license cr_Sun license=cr_Sun
 license lic_CDDL license=lic_CDDL
-#
-# snmp-notify depends on libraries delivered in this package
-#
-depend fmri=service/fault-management type=require
-#
-# snmp-notify requires the sendmail-client service in order to be able to send
-# email notifications.
-#
-depend fmri=service/network/smtp/sendmail type=require
diff --git a/usr/src/pkg/manifests/service-fault-management-snmp-notify.mf b/usr/src/pkg/manifests/service-fault-management-snmp-notify.mf
index e09d091f19..c7a4d8f865 100644
--- a/usr/src/pkg/manifests/service-fault-management-snmp-notify.mf
+++ b/usr/src/pkg/manifests/service-fault-management-snmp-notify.mf
@@ -30,7 +30,6 @@ set name=pkg.summary value="SNMP Notification Daemon for System Events"
 set name=info.classification \
     value="org.opensolaris.category.2008:System/Administration and Configuration"
 set name=variant.arch value=$(ARCH)
-set name=variant.opensolaris.zone value=global value=nonglobal
 dir path=lib/svc/manifest/system group=sys
 dir path=lib/svc/manifest/system/fm group=sys
 dir path=usr/lib
@@ -40,12 +39,3 @@ file path=lib/svc/manifest/system/fm/snmp-notify.xml group=sys mode=0444
 file path=usr/lib/fm/notify/snmp-notify mode=0555
 license cr_Sun license=cr_Sun
 license lic_CDDL license=lic_CDDL
-#
-# snmp-notify depends on libraries delivered in this package
-#
-depend fmri=service/fault-management type=require
-#
-# snmp-notify requires the net-snmp service in order to be able to send
-# SNMP notifications.
-#
-depend fmri=system/management/snmp/net-snmp type=require
diff --git a/usr/src/pkg/manifests/service-fault-management.mf b/usr/src/pkg/manifests/service-fault-management.mf
index 6a4999993b..a3ae7d36d2 100644
--- a/usr/src/pkg/manifests/service-fault-management.mf
+++ b/usr/src/pkg/manifests/service-fault-management.mf
@@ -229,8 +229,8 @@ $(sparc_ONLY)dir path=usr/platform/sun4v/lib/fm/topo/plugins
 # Some directories common to both global and non-global zones:
 #
 dir path=usr/sbin variant.opensolaris.zone=__NODEFAULT
-dir path=usr/share group=sys variant.opensolaris.zone=__NODEFAULT
-dir path=usr/share/lib group=sys variant.opensolaris.zone=__NODEFAULT
+dir path=usr/share variant.opensolaris.zone=__NODEFAULT
+dir path=usr/share/lib variant.opensolaris.zone=__NODEFAULT
 dir path=usr/share/lib/xml group=sys variant.opensolaris.zone=__NODEFAULT
 dir path=usr/share/lib/xml/dtd group=sys variant.opensolaris.zone=__NODEFAULT
 dir path=usr/share/man/man1m
diff --git a/usr/src/pkg/manifests/service-hal.mf b/usr/src/pkg/manifests/service-hal.mf
index 3bd6949f36..0b8c73b9b4 100644
--- a/usr/src/pkg/manifests/service-hal.mf
+++ b/usr/src/pkg/manifests/service-hal.mf
@@ -61,8 +61,8 @@ dir path=usr/lib/hal
 dir path=usr/lib/hal/sunos
 dir path=usr/lib/pkgconfig group=other
 dir path=usr/sbin
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/xml group=sys
 dir path=usr/share/lib/xml/dtd group=sys
 dir path=usr/share/man
diff --git a/usr/src/pkg/manifests/service-network-dns-mdns.mf b/usr/src/pkg/manifests/service-network-dns-mdns.mf
index 843a88057e..a9015d9bf8 100644
--- a/usr/src/pkg/manifests/service-network-dns-mdns.mf
+++ b/usr/src/pkg/manifests/service-network-dns-mdns.mf
@@ -41,8 +41,8 @@ dir path=usr/include
 dir path=usr/lib
 dir path=usr/lib/$(ARCH64)
 dir path=usr/lib/inet
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/java group=sys
 dir path=usr/share/lib/java/javadoc group=other
 dir path=usr/share/lib/java/javadoc/dnssd group=other
diff --git a/usr/src/pkg/manifests/service-network-network-clients.mf b/usr/src/pkg/manifests/service-network-network-clients.mf
index e8aaf533dc..11f9e2ffbb 100644
--- a/usr/src/pkg/manifests/service-network-network-clients.mf
+++ b/usr/src/pkg/manifests/service-network-network-clients.mf
@@ -21,6 +21,7 @@
 
 #
 # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
 set name=pkg.fmri value=pkg:/service/network/network-clients@$(PKGVERS)
@@ -78,6 +79,8 @@ license usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.rcp \
     license=usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.rcp
 license usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.rsh \
     license=usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.rsh
+license usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.whois \
+    license=usr/src/cmd/cmd-inet/usr.bin/THIRDPARTYLICENSE.whois
 license usr/src/cmd/cmd-inet/usr.bin/rdist/THIRDPARTYLICENSE \
     license=usr/src/cmd/cmd-inet/usr.bin/rdist/THIRDPARTYLICENSE
 link path=usr/bin/remsh target=./rsh
diff --git a/usr/src/pkg/manifests/service-network-slp.mf b/usr/src/pkg/manifests/service-network-slp.mf
index a11b69679b..c8161f2009 100644
--- a/usr/src/pkg/manifests/service-network-slp.mf
+++ b/usr/src/pkg/manifests/service-network-slp.mf
@@ -43,8 +43,8 @@ dir path=usr/include
 dir path=usr/lib
 dir path=usr/lib/$(ARCH64)
 dir path=usr/lib/inet
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/slp
 dir path=usr/share/man
 dir path=usr/share/man/man1m
diff --git a/usr/src/pkg/manifests/service-resource-pools.mf b/usr/src/pkg/manifests/service-resource-pools.mf
index f0120060fa..171d61263c 100644
--- a/usr/src/pkg/manifests/service-resource-pools.mf
+++ b/usr/src/pkg/manifests/service-resource-pools.mf
@@ -44,8 +44,8 @@ dir path=usr/lib/$(ARCH64)
 dir path=usr/lib/rcm
 dir path=usr/lib/rcm/modules
 dir path=usr/sbin
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/xml group=sys
 dir path=usr/share/lib/xml/dtd group=sys
 dir path=usr/share/man
diff --git a/usr/src/pkg/manifests/source-network-pppdump.mf b/usr/src/pkg/manifests/source-network-pppdump.mf
index 658e2aca67..79255e4f1e 100644
--- a/usr/src/pkg/manifests/source-network-pppdump.mf
+++ b/usr/src/pkg/manifests/source-network-pppdump.mf
@@ -21,46 +21,9 @@
 
 #
 # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
-set name=pkg.fmri value=pkg:/source/network/pppdump@$(PKGVERS)
-set name=pkg.description \
-    value="Source for the optional GNU utilities for use with PPP"
-set name=pkg.summary value="Source for the GNU utilities for PPP"
-set name=info.classification \
-    value=org.opensolaris.category.2008:Development/GNU
+set name=pkg.fmri value=pkg:/source/network/pppdump@0.5.11,5.11-0.148
+set name=pkg.obsolete value=true
 set name=variant.arch value=$(ARCH)
-dir path=usr group=sys
-dir path=usr/share group=sys
-dir path=usr/share/src group=sys
-dir path=usr/share/src/ppputil
-dir path=usr/share/src/ppputil/plugins
-dir path=usr/share/src/ppputil/pppdump
-file path=usr/share/src/ppputil/CHANGES
-file path=usr/share/src/ppputil/COPYING
-file path=usr/share/src/ppputil/INSTALL
-file path=usr/share/src/ppputil/LICENSE
-file path=usr/share/src/ppputil/Makefile
-file path=usr/share/src/ppputil/README
-file path=usr/share/src/ppputil/plugins/Makefile
-file path=usr/share/src/ppputil/plugins/minconn.c
-file path=usr/share/src/ppputil/plugins/passprompt.c
-file path=usr/share/src/ppputil/plugins/pppd.h
-file path=usr/share/src/ppputil/pppdump/Makefile
-file path=usr/share/src/ppputil/pppdump/bsd-comp.c
-file path=usr/share/src/ppputil/pppdump/deflate.c
-file path=usr/share/src/ppputil/pppdump/ppp-comp.h
-file path=usr/share/src/ppputil/pppdump/pppdump.1m
-file path=usr/share/src/ppputil/pppdump/pppdump.c
-file path=usr/share/src/ppputil/pppdump/zlib.c
-file path=usr/share/src/ppputil/pppdump/zlib.h
-legacy pkg=SUNWpppgS \
-    desc="Source for the optional GNU utilities for use with PPP" \
-    name="Source for the GNU utilities for PPP"
-license cr_Sun license=cr_Sun
-license usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/THIRDPARTYLICENSE.minconnect \
-    license=usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/THIRDPARTYLICENSE.minconnect
-license usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/THIRDPARTYLICENSE.passwd \
-    license=usr/src/cmd/cmd-inet/usr.bin/pppd/plugins/THIRDPARTYLICENSE.passwd
-license usr/src/cmd/cmd-inet/usr.bin/pppdump/THIRDPARTYLICENSE \
-    license=usr/src/cmd/cmd-inet/usr.bin/pppdump/THIRDPARTYLICENSE
diff --git a/usr/src/pkg/manifests/source-security-tcp-wrapper.mf b/usr/src/pkg/manifests/source-security-tcp-wrapper.mf
index 4ecc4aea82..9fa05189a1 100644
--- a/usr/src/pkg/manifests/source-security-tcp-wrapper.mf
+++ b/usr/src/pkg/manifests/source-security-tcp-wrapper.mf
@@ -21,94 +21,9 @@
 
 #
 # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
 #
 
-set name=pkg.fmri \
-    value=pkg:/source/security/tcp-wrapper@7.6,$(PKGVERS_BUILTON)-$(PKGVERS_BRANCH)
-set name=pkg.description \
-    value="tcpd - access control facility for internet services (Source)"
-set name=pkg.summary \
-    value="tcpd - access control facility for internet services (Source)"
-set name=info.classification value=org.opensolaris.category.2008:System/Core
+set name=pkg.fmri value=pkg:/source/security/tcp-wrapper@7.6,5.11-0.148
+set name=pkg.obsolete value=true
 set name=variant.arch value=$(ARCH)
-dir path=usr group=sys
-dir path=usr/share group=sys
-dir path=usr/share/src group=sys
-dir path=usr/share/src/tcp_wrappers
-file path=usr/share/src/tcp_wrappers/BLURB
-file path=usr/share/src/tcp_wrappers/Banners.Makefile
-file path=usr/share/src/tcp_wrappers/CHANGES
-file path=usr/share/src/tcp_wrappers/DISCLAIMER
-file path=usr/share/src/tcp_wrappers/Makefile
-file path=usr/share/src/tcp_wrappers/Makefile.dist
-file path=usr/share/src/tcp_wrappers/Makefile.org
-file path=usr/share/src/tcp_wrappers/README
-file path=usr/share/src/tcp_wrappers/README.IRIX
-file path=usr/share/src/tcp_wrappers/README.NIS
-file path=usr/share/src/tcp_wrappers/README.ipv6
-file path=usr/share/src/tcp_wrappers/README.sfw
-file path=usr/share/src/tcp_wrappers/clean_exit.c
-file path=usr/share/src/tcp_wrappers/diag.c
-file path=usr/share/src/tcp_wrappers/environ.c
-file path=usr/share/src/tcp_wrappers/eval.c
-file path=usr/share/src/tcp_wrappers/fakelog.c
-file path=usr/share/src/tcp_wrappers/fix_options.c
-file path=usr/share/src/tcp_wrappers/fromhost.c
-file path=usr/share/src/tcp_wrappers/hosts_access.3
-file path=usr/share/src/tcp_wrappers/hosts_access.4
-file path=usr/share/src/tcp_wrappers/hosts_access.c
-file path=usr/share/src/tcp_wrappers/hosts_access.c.org
-file path=usr/share/src/tcp_wrappers/hosts_ctl.c
-file path=usr/share/src/tcp_wrappers/hosts_options.4
-file path=usr/share/src/tcp_wrappers/inetcf.c
-file path=usr/share/src/tcp_wrappers/inetcf.h
-file path=usr/share/src/tcp_wrappers/misc.c
-file path=usr/share/src/tcp_wrappers/misc.c.org
-file path=usr/share/src/tcp_wrappers/miscd.c
-file path=usr/share/src/tcp_wrappers/mystdarg.h
-file path=usr/share/src/tcp_wrappers/myvsyslog.c
-file path=usr/share/src/tcp_wrappers/ncr.c
-file path=usr/share/src/tcp_wrappers/options.c
-file path=usr/share/src/tcp_wrappers/patchlevel.h
-file path=usr/share/src/tcp_wrappers/percent_m.c
-file path=usr/share/src/tcp_wrappers/percent_x.c
-file path=usr/share/src/tcp_wrappers/printf.ck
-file path=usr/share/src/tcp_wrappers/ptx.c
-file path=usr/share/src/tcp_wrappers/refuse.c
-file path=usr/share/src/tcp_wrappers/rfc931.c
-file path=usr/share/src/tcp_wrappers/rfc931.c.org
-file path=usr/share/src/tcp_wrappers/safe_finger.c
-file path=usr/share/src/tcp_wrappers/scaffold.c
-file path=usr/share/src/tcp_wrappers/scaffold.c.org
-file path=usr/share/src/tcp_wrappers/scaffold.h
-file path=usr/share/src/tcp_wrappers/setenv.c
-file path=usr/share/src/tcp_wrappers/shell_cmd.c
-file path=usr/share/src/tcp_wrappers/socket.c
-file path=usr/share/src/tcp_wrappers/socket.c.diff
-file path=usr/share/src/tcp_wrappers/socket.c.org
-file path=usr/share/src/tcp_wrappers/strcasecmp.c
-file path=usr/share/src/tcp_wrappers/tags
-file path=usr/share/src/tcp_wrappers/tcpd.1m
-file path=usr/share/src/tcp_wrappers/tcpd.c
-file path=usr/share/src/tcp_wrappers/tcpd.h
-file path=usr/share/src/tcp_wrappers/tcpd.h.org
-file path=usr/share/src/tcp_wrappers/tcpdchk.1m
-file path=usr/share/src/tcp_wrappers/tcpdchk.c
-file path=usr/share/src/tcp_wrappers/tcpdchk.c.org
-file path=usr/share/src/tcp_wrappers/tcpdmatch.1m
-file path=usr/share/src/tcp_wrappers/tcpdmatch.c
-file path=usr/share/src/tcp_wrappers/tcpdmatch.c.org
-file path=usr/share/src/tcp_wrappers/tli-sequent.c
-file path=usr/share/src/tcp_wrappers/tli-sequent.h
-file path=usr/share/src/tcp_wrappers/tli.c
-file path=usr/share/src/tcp_wrappers/tli.c.org
-file path=usr/share/src/tcp_wrappers/try-from.c
-file path=usr/share/src/tcp_wrappers/update.c
-file path=usr/share/src/tcp_wrappers/update.c.org
-file path=usr/share/src/tcp_wrappers/vfprintf.c
-file path=usr/share/src/tcp_wrappers/workarounds.c
-legacy pkg=SUNWtcpdS \
-    desc="tcpd - access control facility for internet services (Source)" \
-    name="tcpd - access control facility for internet services (Source)"
-license usr/src/cmd/tcpd/THIRDPARTYLICENSE \
-    license=usr/src/cmd/tcpd/THIRDPARTYLICENSE
diff --git a/usr/src/pkg/manifests/source-system-grub.mf b/usr/src/pkg/manifests/source-system-grub.mf
index 45d3e506b7..848c313594 100644
--- a/usr/src/pkg/manifests/source-system-grub.mf
+++ b/usr/src/pkg/manifests/source-system-grub.mf
@@ -31,7 +31,7 @@ set name=pkg.summary \
 set name=info.classification value=org.opensolaris.category.2008:System/Core
 set name=variant.arch value=i386
 dir path=usr group=sys
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/src group=sys
 dir path=usr/share/src/grub
 dir path=usr/share/src/grub/docs
diff --git a/usr/src/pkg/manifests/storage-avs-point-in-time-copy.mf b/usr/src/pkg/manifests/storage-avs-point-in-time-copy.mf
index 6701f6e47b..f3b55e3b04 100644
--- a/usr/src/pkg/manifests/storage-avs-point-in-time-copy.mf
+++ b/usr/src/pkg/manifests/storage-avs-point-in-time-copy.mf
@@ -100,4 +100,3 @@ link path=usr/sbin/iiadm target=../bin/iiadm
 link path=usr/sbin/iiboot target=../bin/iiboot
 link path=usr/sbin/iicpbmp target=../bin/iicpbmp
 link path=usr/sbin/iicpshd target=../bin/iicpshd
-depend fmri=driver/storage/sv type=require
diff --git a/usr/src/pkg/manifests/storage-avs-remote-mirror.mf b/usr/src/pkg/manifests/storage-avs-remote-mirror.mf
index f2cc16d952..f89a81bb6c 100644
--- a/usr/src/pkg/manifests/storage-avs-remote-mirror.mf
+++ b/usr/src/pkg/manifests/storage-avs-remote-mirror.mf
@@ -119,4 +119,3 @@ license cr_Sun license=cr_Sun
 license lic_CDDL license=lic_CDDL
 link path=usr/cluster/lib/dscfg/start/10rdc target=../../../sbin/rdc
 link path=usr/cluster/lib/dscfg/stop/15rdc target=../../../sbin/rdc
-depend fmri=driver/storage/sv type=require
diff --git a/usr/src/pkg/manifests/storage-metassist.mf b/usr/src/pkg/manifests/storage-metassist.mf
index 507499cbb8..183f489cf1 100644
--- a/usr/src/pkg/manifests/storage-metassist.mf
+++ b/usr/src/pkg/manifests/storage-metassist.mf
@@ -38,8 +38,8 @@ dir path=etc group=sys
 dir path=etc/default group=sys
 dir path=usr group=sys
 dir path=usr/sbin
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/xml group=sys
 dir path=usr/share/lib/xml/dtd group=sys
 dir path=usr/share/lib/xml/style group=sys
diff --git a/usr/src/pkg/manifests/system-data-hardware-registry.mf b/usr/src/pkg/manifests/system-data-hardware-registry.mf
index b818f28a02..477eac8da0 100644
--- a/usr/src/pkg/manifests/system-data-hardware-registry.mf
+++ b/usr/src/pkg/manifests/system-data-hardware-registry.mf
@@ -31,7 +31,7 @@ set name=info.classification \
     value=org.opensolaris.category.2008:System/Hardware
 set name=variant.arch value=$(ARCH)
 dir path=usr group=sys
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/hwdata group=sys
 file path=usr/share/hwdata/pci.ids
 file path=usr/share/hwdata/usb.ids
diff --git a/usr/src/pkg/manifests/system-data-keyboard-keytables.mf b/usr/src/pkg/manifests/system-data-keyboard-keytables.mf
index 898c5eb461..82319803ef 100644
--- a/usr/src/pkg/manifests/system-data-keyboard-keytables.mf
+++ b/usr/src/pkg/manifests/system-data-keyboard-keytables.mf
@@ -32,8 +32,8 @@ set name=info.classification \
 set name=variant.arch value=$(ARCH)
 dir path=usr group=sys
 dir path=usr/lib
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/keytables
 dir path=usr/share/lib/keytables/type_101
 $(sparc_ONLY)dir path=usr/share/lib/keytables/type_4
diff --git a/usr/src/pkg/manifests/system-data-terminfo.mf b/usr/src/pkg/manifests/system-data-terminfo.mf
index 9b2fd441b0..e624311dd6 100644
--- a/usr/src/pkg/manifests/system-data-terminfo.mf
+++ b/usr/src/pkg/manifests/system-data-terminfo.mf
@@ -31,8 +31,8 @@ set name=info.classification value=org.opensolaris.category.2008:System/Core
 set name=variant.arch value=$(ARCH)
 dir path=usr group=sys
 dir path=usr/lib
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/terminfo
 dir path=usr/share/lib/terminfo/1
 dir path=usr/share/lib/terminfo/2
diff --git a/usr/src/pkg/manifests/system-dtrace-tests.mf b/usr/src/pkg/manifests/system-dtrace-tests.mf
index 233d78b624..41f730a6d6 100644
--- a/usr/src/pkg/manifests/system-dtrace-tests.mf
+++ b/usr/src/pkg/manifests/system-dtrace-tests.mf
@@ -1922,7 +1922,10 @@ file path=opt/SUNWdtrt/tst/common/usdt/tst.linkunpriv.ksh mode=0444
 file path=opt/SUNWdtrt/tst/common/usdt/tst.multiple.ksh mode=0444
 file path=opt/SUNWdtrt/tst/common/usdt/tst.multiple.ksh.out mode=0444
 file path=opt/SUNWdtrt/tst/common/usdt/tst.nodtrace.ksh mode=0444
+file path=opt/SUNWdtrt/tst/common/usdt/tst.noreap.ksh mode=0444
+file path=opt/SUNWdtrt/tst/common/usdt/tst.noreapring.ksh mode=0444
 file path=opt/SUNWdtrt/tst/common/usdt/tst.onlyenabled.ksh mode=0444
+file path=opt/SUNWdtrt/tst/common/usdt/tst.reap.ksh mode=0444
 file path=opt/SUNWdtrt/tst/common/usdt/tst.reeval.ksh mode=0444
 file path=opt/SUNWdtrt/tst/common/usdt/tst.static.ksh mode=0444
 file path=opt/SUNWdtrt/tst/common/usdt/tst.static.ksh.out mode=0444
diff --git a/usr/src/pkg/manifests/system-extended-system-utilities.mf b/usr/src/pkg/manifests/system-extended-system-utilities.mf
index bb4b2bf308..8c2409569a 100644
--- a/usr/src/pkg/manifests/system-extended-system-utilities.mf
+++ b/usr/src/pkg/manifests/system-extended-system-utilities.mf
@@ -44,8 +44,8 @@ dir path=usr/proc
 dir path=usr/proc/bin
 dir path=usr/sbin
 dir path=usr/sbin/$(ARCH64)
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/dict
 dir path=usr/share/man/man1
 dir path=usr/share/man/man1m
diff --git a/usr/src/pkg/manifests/system-header.mf b/usr/src/pkg/manifests/system-header.mf
index 85586eeab8..ddc527f31b 100644
--- a/usr/src/pkg/manifests/system-header.mf
+++ b/usr/src/pkg/manifests/system-header.mf
@@ -173,7 +173,7 @@ $(sparc_ONLY)dir path=usr/platform/sun4v group=sys
 $(sparc_ONLY)dir path=usr/platform/sun4v/include
 $(sparc_ONLY)dir path=usr/platform/sun4v/include/sys
 $(sparc_ONLY)dir path=usr/platform/sun4v/include/vm
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/man
 dir path=usr/share/man/man3head
 dir path=usr/share/man/man4
diff --git a/usr/src/pkg/manifests/system-kernel.man7fs.inc b/usr/src/pkg/manifests/system-kernel.man7fs.inc
index f81495168d..a4823bd1f2 100644
--- a/usr/src/pkg/manifests/system-kernel.man7fs.inc
+++ b/usr/src/pkg/manifests/system-kernel.man7fs.inc
@@ -9,15 +9,22 @@
 # at http://www.illumos.org/license/CDDL.
 #
 
+#
 # Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 file path=usr/share/man/man7fs/ctfs.7fs
 file path=usr/share/man/man7fs/dcfs.7fs
 file path=usr/share/man/man7fs/dev.7fs
 file path=usr/share/man/man7fs/devfs.7fs
+file path=usr/share/man/man7fs/fd.7fs
 file path=usr/share/man/man7fs/hsfs.7fs
 file path=usr/share/man/man7fs/lofs.7fs
 file path=usr/share/man/man7fs/objfs.7fs
 file path=usr/share/man/man7fs/sharefs.7fs
+file path=usr/share/man/man7fs/stderr.7fs
+file path=usr/share/man/man7fs/stdin.7fs
+file path=usr/share/man/man7fs/stdout.7fs
 file path=usr/share/man/man7fs/tmpfs.7fs
 file path=usr/share/man/man7fs/ufs.7fs
diff --git a/usr/src/pkg/manifests/system-library-security-crypto-pkcs11_kms.mf b/usr/src/pkg/manifests/system-library-security-crypto-pkcs11_kms.mf
index dc53f77492..77688afa3d 100644
--- a/usr/src/pkg/manifests/system-library-security-crypto-pkcs11_kms.mf
+++ b/usr/src/pkg/manifests/system-library-security-crypto-pkcs11_kms.mf
@@ -28,7 +28,6 @@ set name=pkg.summary value=pkcs11_kms
 set name=info.classification \
     value=org.opensolaris.category.2008:System/Security
 set name=variant.arch value=$(ARCH)
-set name=variant.opensolaris.zone value=global value=nonglobal
 dir path=usr group=sys
 dir path=usr/bin
 dir path=usr/lib
diff --git a/usr/src/pkg/manifests/system-library.man3c.inc b/usr/src/pkg/manifests/system-library.man3c.inc
index 16e72d8e37..e9a45d273b 100644
--- a/usr/src/pkg/manifests/system-library.man3c.inc
+++ b/usr/src/pkg/manifests/system-library.man3c.inc
@@ -9,7 +9,10 @@
 # at http://www.illumos.org/license/CDDL.
 #
 
+#
 # Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 file path=usr/share/man/man3c/FD_CLR.3c
 file path=usr/share/man/man3c/FD_ISSET.3c
@@ -934,7 +937,10 @@ file path=usr/share/man/man3c/stack_getbounds.3c
 file path=usr/share/man/man3c/stack_inbounds.3c
 file path=usr/share/man/man3c/stack_setbounds.3c
 file path=usr/share/man/man3c/stack_violation.3c
+file path=usr/share/man/man3c/stderr.3c
+file path=usr/share/man/man3c/stdin.3c
 file path=usr/share/man/man3c/stdio.3c
+file path=usr/share/man/man3c/stdout.3c
 file path=usr/share/man/man3c/str2sig.3c
 file path=usr/share/man/man3c/strcasecmp.3c
 file path=usr/share/man/man3c/strcat.3c
diff --git a/usr/src/pkg/manifests/system-library.mf b/usr/src/pkg/manifests/system-library.mf
index e851c5e7f9..846962beac 100644
--- a/usr/src/pkg/manifests/system-library.mf
+++ b/usr/src/pkg/manifests/system-library.mf
@@ -1265,7 +1265,6 @@ link path=usr/lib/straddr.so target=./straddr.so.2
 link path=usr/xpg4/lib/$(ARCH64)/libcurses.so target=libcurses.so.2
 link path=usr/xpg4/lib/64 target=$(ARCH64)
 link path=usr/xpg4/lib/libcurses.so target=./libcurses.so.2
-depend fmri=runtime/python-26 type=require
 #
 # libses.so needs to dlopen(3C) plugins from usr/lib/scsi/plugins/ses/vendor/,
 # a dependency which cannot be automatically derived
diff --git a/usr/src/pkg/manifests/system-management-wbem-data-management.mf b/usr/src/pkg/manifests/system-management-wbem-data-management.mf
index da59020572..cd111be704 100644
--- a/usr/src/pkg/manifests/system-management-wbem-data-management.mf
+++ b/usr/src/pkg/manifests/system-management-wbem-data-management.mf
@@ -41,5 +41,4 @@ legacy pkg=SUNWdmgtu desc="software for WBEM/CIM data device management" \
 license cr_Sun license=cr_Sun
 license lic_CDDL license=lic_CDDL
 link path=usr/lib/libfsmgt.so target=./libfsmgt.so.1
-depend fmri=system/library type=require
 depend fmri=system/library/libdiskmgt type=require
diff --git a/usr/src/pkg/manifests/system-network-ppp-pppdump.mf b/usr/src/pkg/manifests/system-network-ppp-pppdump.mf
index d87aa4c18b..95da6439aa 100644
--- a/usr/src/pkg/manifests/system-network-ppp-pppdump.mf
+++ b/usr/src/pkg/manifests/system-network-ppp-pppdump.mf
@@ -34,7 +34,7 @@ dir path=usr/bin
 dir path=usr/lib
 dir path=usr/lib/inet
 dir path=usr/lib/inet/ppp
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/man
 dir path=usr/share/man/man1m
 file path=usr/bin/pppdump mode=0555
diff --git a/usr/src/pkg/manifests/system-network-udapl-udapl-tavor.mf b/usr/src/pkg/manifests/system-network-udapl-udapl-tavor.mf
index db151bca78..be65a7f85e 100644
--- a/usr/src/pkg/manifests/system-network-udapl-udapl-tavor.mf
+++ b/usr/src/pkg/manifests/system-network-udapl-udapl-tavor.mf
@@ -44,7 +44,7 @@ dir path=kernel/drv/$(ARCH64) group=sys
 dir path=usr group=sys
 dir path=usr/lib
 dir path=usr/lib/$(ARCH64)
-dir path=usr/share group=sys
+dir path=usr/share
 dir path=usr/share/dat group=sys
 driver name=daplt perms="* 0644 root sys"
 file path=etc/init.d/dodatadm.udaplt group=sys mode=0744 \
diff --git a/usr/src/pkg/manifests/system-security-kerberos-5.mf b/usr/src/pkg/manifests/system-security-kerberos-5.mf
index 861eda0f30..add692c6cb 100644
--- a/usr/src/pkg/manifests/system-security-kerberos-5.mf
+++ b/usr/src/pkg/manifests/system-security-kerberos-5.mf
@@ -43,8 +43,8 @@ dir path=usr/lib/krb5
 dir path=usr/lib/krb5/ListResourceBundle
 dir path=usr/lib/security
 dir path=usr/sbin
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/ldif group=sys
 dir path=usr/share/man
 dir path=usr/share/man/man1m
diff --git a/usr/src/pkg/manifests/system-zones.mf b/usr/src/pkg/manifests/system-zones.mf
index 8684186433..de67c46f80 100644
--- a/usr/src/pkg/manifests/system-zones.mf
+++ b/usr/src/pkg/manifests/system-zones.mf
@@ -49,8 +49,8 @@ dir path=usr/lib/brand/ipkg group=bin
 dir path=usr/lib/brand/shared group=sys
 dir path=usr/lib/zones
 dir path=usr/sbin
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/xml group=sys
 dir path=usr/share/lib/xml/dtd group=sys
 dir path=usr/share/man
diff --git a/usr/src/pkg/manifests/text-doctools.mf b/usr/src/pkg/manifests/text-doctools.mf
index 3513334bbe..9e7f9d2704 100644
--- a/usr/src/pkg/manifests/text-doctools.mf
+++ b/usr/src/pkg/manifests/text-doctools.mf
@@ -39,8 +39,8 @@ dir path=usr/lib/font/devpost/charlib group=lp
 dir path=usr/lib/refer
 dir path=usr/lib/refer/papers
 dir path=usr/lib/sgml
-dir path=usr/share group=sys
-dir path=usr/share/lib group=sys
+dir path=usr/share
+dir path=usr/share/lib
 dir path=usr/share/lib/nterm
 dir path=usr/share/lib/pub
 dir path=usr/share/lib/sgml
@@ -54,7 +54,6 @@ dir path=usr/share/lib/tmac
 dir path=usr/share/man
 dir path=usr/share/man/man1
 dir path=usr/share/man/man1m
-dir path=usr/share/man/man4b
 dir path=usr/share/man/man5
 file path=usr/bin/addbib mode=0555
 file path=usr/bin/apropos mode=0555
@@ -372,7 +371,6 @@ file path=usr/share/man/man1/ul.1
 file path=usr/share/man/man1/vgrind.1
 file path=usr/share/man/man1/whatis.1
 file path=usr/share/man/man1m/catman.1m
-file path=usr/share/man/man4b/plot.4b
 file path=usr/share/man/man5/eqnchar.5
 file path=usr/share/man/man5/man.5
 file path=usr/share/man/man5/mansun.5
diff --git a/usr/src/pkg/transforms/defaults b/usr/src/pkg/transforms/defaults
index 9bbf75561d..b62738c664 100644
--- a/usr/src/pkg/transforms/defaults
+++ b/usr/src/pkg/transforms/defaults
@@ -78,6 +78,9 @@
 <transform file path=usr/share/.+ -> default mode 0444>
 <transform file path=usr/has/man/.+ -> default mode 0444>
 
+<transform dir path=usr/share$ -> default group sys>
+<transform dir path=usr/share/lib$ -> default group sys>
+
 #
 # For what's left, go with root:bin 0644, +x for directories
 #
diff --git a/usr/src/uts/common/dtrace/dtrace.c b/usr/src/uts/common/dtrace/dtrace.c
index e1251ff087..c352f66d5d 100644
--- a/usr/src/uts/common/dtrace/dtrace.c
+++ b/usr/src/uts/common/dtrace/dtrace.c
@@ -144,6 +144,7 @@ int		dtrace_err_verbose;
 hrtime_t	dtrace_deadman_interval = NANOSEC;
 hrtime_t	dtrace_deadman_timeout = (hrtime_t)10 * NANOSEC;
 hrtime_t	dtrace_deadman_user = (hrtime_t)30 * NANOSEC;
+hrtime_t	dtrace_unregister_defunct_reap = (hrtime_t)60 * NANOSEC;
 
 /*
  * DTrace External Variables
@@ -460,11 +461,13 @@ static dtrace_probe_t *dtrace_probe_lookup_id(dtrace_id_t id);
 static void dtrace_enabling_provide(dtrace_provider_t *);
 static int dtrace_enabling_match(dtrace_enabling_t *, int *);
 static void dtrace_enabling_matchall(void);
+static void dtrace_enabling_reap(void);
 static dtrace_state_t *dtrace_anon_grab(void);
 static uint64_t dtrace_helper(int, dtrace_mstate_t *,
     dtrace_state_t *, uint64_t, uint64_t);
 static dtrace_helpers_t *dtrace_helpers_create(proc_t *);
 static void dtrace_buffer_drop(dtrace_buffer_t *);
+static int dtrace_buffer_consumed(dtrace_buffer_t *, hrtime_t when);
 static intptr_t dtrace_buffer_reserve(dtrace_buffer_t *, size_t, size_t,
     dtrace_state_t *, dtrace_mstate_t *);
 static int dtrace_state_option(dtrace_state_t *, dtrace_optid_t,
@@ -2757,6 +2760,22 @@ dtrace_dif_variable(dtrace_mstate_t *mstate, dtrace_state_t *state, uint64_t v,
 		return (dtrace_getreg(lwp->lwp_regs, ndx));
 	}
 
+	case DIF_VAR_VMREGS: {
+		uint64_t rval;
+
+		if (!dtrace_priv_kernel(state))
+			return (0);
+
+		DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
+
+		rval = dtrace_getvmreg(ndx,
+		    &cpu_core[CPU->cpu_id].cpuc_dtrace_flags);
+
+		DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
+
+		return (rval);
+	}
+
 	case DIF_VAR_CURTHREAD:
 		if (!dtrace_priv_kernel(state))
 			return (0);
@@ -7084,7 +7103,7 @@ dtrace_unregister(dtrace_provider_id_t id)
 {
 	dtrace_provider_t *old = (dtrace_provider_t *)id;
 	dtrace_provider_t *prev = NULL;
-	int i, self = 0;
+	int i, self = 0, noreap = 0;
 	dtrace_probe_t *probe, *first = NULL;
 
 	if (old->dtpv_pops.dtps_enable ==
@@ -7141,14 +7160,31 @@ dtrace_unregister(dtrace_provider_id_t id)
 			continue;
 
 		/*
-		 * We have at least one ECB; we can't remove this provider.
+		 * If we are trying to unregister a defunct provider, and the
+		 * provider was made defunct within the interval dictated by
+		 * dtrace_unregister_defunct_reap, we'll (asynchronously)
+		 * attempt to reap our enablings.  To denote that the provider
+		 * should reattempt to unregister itself at some point in the
+		 * future, we will return a differentiable error code (EAGAIN
+		 * instead of EBUSY) in this case.
 		 */
+		if (dtrace_gethrtime() - old->dtpv_defunct >
+		    dtrace_unregister_defunct_reap)
+			noreap = 1;
+
 		if (!self) {
 			mutex_exit(&dtrace_lock);
 			mutex_exit(&mod_lock);
 			mutex_exit(&dtrace_provider_lock);
 		}
-		return (EBUSY);
+
+		if (noreap)
+			return (EBUSY);
+
+		(void) taskq_dispatch(dtrace_taskq,
+		    (task_func_t *)dtrace_enabling_reap, NULL, TQ_SLEEP);
+
+		return (EAGAIN);
 	}
 
 	/*
@@ -7239,7 +7275,7 @@ dtrace_invalidate(dtrace_provider_id_t id)
 	mutex_enter(&dtrace_provider_lock);
 	mutex_enter(&dtrace_lock);
 
-	pvp->dtpv_defunct = 1;
+	pvp->dtpv_defunct = dtrace_gethrtime();
 
 	mutex_exit(&dtrace_lock);
 	mutex_exit(&dtrace_provider_lock);
@@ -10143,6 +10179,7 @@ dtrace_buffer_switch(dtrace_buffer_t *buf)
 	caddr_t tomax = buf->dtb_tomax;
 	caddr_t xamot = buf->dtb_xamot;
 	dtrace_icookie_t cookie;
+	hrtime_t now = dtrace_gethrtime();
 
 	ASSERT(!(buf->dtb_flags & DTRACEBUF_NOSWITCH));
 	ASSERT(!(buf->dtb_flags & DTRACEBUF_RING));
@@ -10158,6 +10195,8 @@ dtrace_buffer_switch(dtrace_buffer_t *buf)
 	buf->dtb_drops = 0;
 	buf->dtb_errors = 0;
 	buf->dtb_flags &= ~(DTRACEBUF_ERROR | DTRACEBUF_DROPPED);
+	buf->dtb_interval = now - buf->dtb_switched;
+	buf->dtb_switched = now;
 	dtrace_interrupt_enable(cookie);
 }
 
@@ -10565,6 +10604,36 @@ dtrace_buffer_polish(dtrace_buffer_t *buf)
 	}
 }
 
+/*
+ * This routine determines if data generated at the specified time has likely
+ * been entirely consumed at user-level.  This routine is called to determine
+ * if an ECB on a defunct probe (but for an active enabling) can be safely
+ * disabled and destroyed.
+ */
+static int
+dtrace_buffer_consumed(dtrace_buffer_t *bufs, hrtime_t when)
+{
+	int i;
+
+	for (i = 0; i < NCPU; i++) {
+		dtrace_buffer_t *buf = &bufs[i];
+
+		if (buf->dtb_size == 0)
+			continue;
+
+		if (buf->dtb_flags & DTRACEBUF_RING)
+			return (0);
+
+		if (!buf->dtb_switched && buf->dtb_offset != 0)
+			return (0);
+
+		if (buf->dtb_switched - buf->dtb_interval < when)
+			return (0);
+	}
+
+	return (1);
+}
+
 static void
 dtrace_buffer_free(dtrace_buffer_t *bufs)
 {
@@ -11055,6 +11124,85 @@ retry:
 }
 
 /*
+ * Called to reap ECBs that are attached to probes from defunct providers.
+ */
+static void
+dtrace_enabling_reap(void)
+{
+	dtrace_provider_t *prov;
+	dtrace_probe_t *probe;
+	dtrace_ecb_t *ecb;
+	hrtime_t when;
+	int i;
+
+	mutex_enter(&cpu_lock);
+	mutex_enter(&dtrace_lock);
+
+	for (i = 0; i < dtrace_nprobes; i++) {
+		if ((probe = dtrace_probes[i]) == NULL)
+			continue;
+
+		if (probe->dtpr_ecb == NULL)
+			continue;
+
+		prov = probe->dtpr_provider;
+
+		if ((when = prov->dtpv_defunct) == 0)
+			continue;
+
+		/*
+		 * We have ECBs on a defunct provider:  we want to reap these
+		 * ECBs to allow the provider to unregister.  The destruction
+		 * of these ECBs must be done carefully:  if we destroy the ECB
+		 * and the consumer later wishes to consume an EPID that
+		 * corresponds to the destroyed ECB (and if the EPID metadata
+		 * has not been previously consumed), the consumer will abort
+		 * processing on the unknown EPID.  To reduce (but not, sadly,
+		 * eliminate) the possibility of this, we will only destroy an
+		 * ECB for a defunct provider if, for the state that
+		 * corresponds to the ECB:
+		 *
+		 *  (a)	There is no speculative tracing (which can effectively
+		 *	cache an EPID for an arbitrary amount of time).
+		 *
+		 *  (b)	The principal buffers have been switched twice since the
+		 *	provider became defunct.
+		 *
+		 *  (c)	The aggregation buffers are of zero size or have been
+		 *	switched twice since the provider became defunct.
+		 *
+		 * We use dts_speculates to determine (a) and call a function
+		 * (dtrace_buffer_consumed()) to determine (b) and (c).  Note
+		 * that as soon as we've been unable to destroy one of the ECBs
+		 * associated with the probe, we quit trying -- reaping is only
+		 * fruitful in as much as we can destroy all ECBs associated
+		 * with the defunct provider's probes.
+		 */
+		while ((ecb = probe->dtpr_ecb) != NULL) {
+			dtrace_state_t *state = ecb->dte_state;
+			dtrace_buffer_t *buf = state->dts_buffer;
+			dtrace_buffer_t *aggbuf = state->dts_aggbuffer;
+
+			if (state->dts_speculates)
+				break;
+
+			if (!dtrace_buffer_consumed(buf, when))
+				break;
+
+			if (!dtrace_buffer_consumed(aggbuf, when))
+				break;
+
+			dtrace_ecb_disable(ecb);
+			ASSERT(probe->dtpr_ecb != ecb);
+			dtrace_ecb_destroy(ecb);
+		}
+	}
+
+	mutex_exit(&dtrace_lock);
+	mutex_exit(&cpu_lock);
+}
+
+/*
  * DTrace DOF Functions
  */
 /*ARGSUSED*/
diff --git a/usr/src/uts/common/dtrace/fasttrap.c b/usr/src/uts/common/dtrace/fasttrap.c
index 42263e4ef2..8cfe4cd33b 100644
--- a/usr/src/uts/common/dtrace/fasttrap.c
+++ b/usr/src/uts/common/dtrace/fasttrap.c
@@ -24,6 +24,9 @@
  * Use is subject to license terms.
  */
 
+/*
+ * Copyright (c) 2011, Joyent, Inc. All rights reserved.
+ */
 
 #include <sys/atomic.h>
 #include <sys/errno.h>
@@ -273,7 +276,7 @@ fasttrap_pid_cleanup_cb(void *data)
 	fasttrap_provider_t **fpp, *fp;
 	fasttrap_bucket_t *bucket;
 	dtrace_provider_id_t provid;
-	int i, later;
+	int i, later, rval;
 
 	static volatile int in = 0;
 	ASSERT(in == 0);
@@ -335,9 +338,13 @@ fasttrap_pid_cleanup_cb(void *data)
 				 * clean out the unenabled probes.
 				 */
 				provid = fp->ftp_provid;
-				if (dtrace_unregister(provid) != 0) {
+				if ((rval = dtrace_unregister(provid)) != 0) {
 					if (fasttrap_total > fasttrap_max / 2)
 						(void) dtrace_condense(provid);
+
+					if (rval == EAGAIN)
+						fp->ftp_marked = 1;
+
 					later += fp->ftp_marked;
 					fpp = &fp->ftp_next;
 				} else {
@@ -363,12 +370,16 @@ fasttrap_pid_cleanup_cb(void *data)
 	 * get a chance to do that work if and when the timeout is reenabled
 	 * (if detach fails).
 	 */
-	if (later > 0 && fasttrap_timeout != (timeout_id_t)1)
-		fasttrap_timeout = timeout(&fasttrap_pid_cleanup_cb, NULL, hz);
-	else if (later > 0)
+	if (later > 0) {
+		if (fasttrap_timeout != (timeout_id_t)1) {
+			fasttrap_timeout =
+			    timeout(&fasttrap_pid_cleanup_cb, NULL, hz);
+		}
+
 		fasttrap_cleanup_work = 1;
-	else
+	} else {
 		fasttrap_timeout = 0;
+	}
 
 	mutex_exit(&fasttrap_cleanup_mtx);
 	in = 0;
diff --git a/usr/src/uts/common/fs/smbclnt/netsmb/smb_conn.h b/usr/src/uts/common/fs/smbclnt/netsmb/smb_conn.h
index b9d8c7414f..5e86f4f5ca 100644
--- a/usr/src/uts/common/fs/smbclnt/netsmb/smb_conn.h
+++ b/usr/src/uts/common/fs/smbclnt/netsmb/smb_conn.h
@@ -282,7 +282,6 @@ typedef struct smb_dev {
 	int		sd_level;	/* SMBL_VC, ... */
 	int		sd_vcgenid;	/* Generation of share or VC */
 	int		sd_poll;	/* Future use */
-	int		sd_seq;		/* Kind of minor number/instance no */
 	int		sd_flags;	/* State of connection */
 #define	NSMBFL_OPEN		0x0001
 #define	NSMBFL_IOD		0x0002
diff --git a/usr/src/uts/common/fs/smbclnt/netsmb/smb_dev.c b/usr/src/uts/common/fs/smbclnt/netsmb/smb_dev.c
index d60a3f7238..c553359ed6 100644
--- a/usr/src/uts/common/fs/smbclnt/netsmb/smb_dev.c
+++ b/usr/src/uts/common/fs/smbclnt/netsmb/smb_dev.c
@@ -28,8 +28,6 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $Id: smb_dev.c,v 1.21 2004/12/13 00:25:18 lindak Exp $
  */
 
 /*
@@ -63,7 +61,6 @@
 #include <sys/modctl.h>
 #include <sys/devops.h>
 #include <sys/thread.h>
-#include <sys/mkdev.h>
 #include <sys/types.h>
 #include <sys/zone.h>
 
@@ -76,26 +73,16 @@
 #include <netsmb/smb_dev.h>
 #include <netsmb/smb_pass.h>
 
+#define	NSMB_MIN_MINOR	1
+#define	NSMB_MAX_MINOR	L_MAXMIN32
+
 /* for version checks */
 const uint32_t nsmb_version = NSMB_VERSION;
 
-/*
- * Userland code loops through minor #s 0 to 1023, looking for one which opens.
- * Intially we create minor 0 and leave it for anyone.  Minor zero will never
- * actually get used - opening triggers creation of another (but private) minor,
- * which userland code will get to and mark busy.
- */
-#define	SMBMINORS 1024
 static void *statep;
 static major_t nsmb_major;
-static minor_t nsmb_minor = 1;
-
-#define	NSMB_MAX_MINOR  (1 << 8)
-#define	NSMB_MIN_MINOR   (NSMB_MAX_MINOR + 1)
-
-#define	ILP32	1
-#define	LP64	2
-
+static minor_t last_minor = NSMB_MIN_MINOR;
+static dev_info_t *nsmb_dip;
 static kmutex_t  dev_lck;
 
 /* Zone support */
@@ -182,11 +169,6 @@ _init(void)
 
 	/* Can initialize some mutexes also. */
 	mutex_init(&dev_lck, NULL, MUTEX_DRIVER, NULL);
-	/*
-	 * Create a major name and number.
-	 */
-	nsmb_major = ddi_name_to_major(NSMB_NAME);
-	nsmb_minor = 0;
 
 	/* Connection data structures. */
 	(void) smb_sm_init();
@@ -274,10 +256,10 @@ nsmb_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **result)
 
 	switch (cmd) {
 	case DDI_INFO_DEVT2DEVINFO:
-		*result = 0;
+		*result = nsmb_dip;
 		break;
 	case DDI_INFO_DEVT2INSTANCE:
-		*result = 0;
+		*result = NULL;
 		break;
 	default:
 		ret = DDI_FAILURE;
@@ -288,47 +270,33 @@ nsmb_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **result)
 static int
 nsmb_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
 {
-	smb_dev_t *sdp;
 
 	if (cmd != DDI_ATTACH)
 		return (DDI_FAILURE);
+
 	/*
-	 * only one instance - but we clone using the open routine
+	 * We only support only one "instance".  Note that
+	 * "instances" are different from minor units.
+	 * We get one (unique) minor unit per open.
 	 */
 	if (ddi_get_instance(dip) > 0)
 		return (DDI_FAILURE);
 
-	mutex_enter(&dev_lck);
-
-	/*
-	 * This is the Zero'th minor device which is created.
-	 */
-	if (ddi_soft_state_zalloc(statep, 0) == DDI_FAILURE) {
-		cmn_err(CE_WARN, "nsmb_attach: soft state alloc");
-		goto attach_failed;
-	}
 	if (ddi_create_minor_node(dip, "nsmb", S_IFCHR, 0, DDI_PSEUDO,
 	    NULL) == DDI_FAILURE) {
 		cmn_err(CE_WARN, "nsmb_attach: create minor");
-		goto attach_failed;
-	}
-	if ((sdp = ddi_get_soft_state(statep, 0)) == NULL) {
-		cmn_err(CE_WARN, "nsmb_attach: get soft state");
-		ddi_remove_minor_node(dip, NULL);
-		goto attach_failed;
+		return (DDI_FAILURE);
 	}
 
-	sdp->sd_dip = dip;
-	sdp->sd_seq = 0;
-	sdp->sd_smbfid = -1;
-	mutex_exit(&dev_lck);
+	/*
+	 * We need the major number a couple places,
+	 * i.e. in smb_dev2share()
+	 */
+	nsmb_major = ddi_name_to_major(NSMB_NAME);
+
+	nsmb_dip = dip;
 	ddi_report_dev(dip);
 	return (DDI_SUCCESS);
-
-attach_failed:
-	ddi_soft_state_free(statep, 0);
-	mutex_exit(&dev_lck);
-	return (DDI_FAILURE);
 }
 
 /*ARGSUSED*/
@@ -341,7 +309,7 @@ nsmb_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
 	if (ddi_get_instance(dip) > 0)
 		return (DDI_FAILURE);
 
-	ddi_soft_state_free(statep, 0);
+	nsmb_dip = NULL;
 	ddi_remove_minor_node(dip, NULL);
 
 	return (DDI_SUCCESS);
@@ -467,82 +435,50 @@ nsmb_ioctl(dev_t dev, int cmd, intptr_t arg, int flags,	/* model.h */
 	return (err);
 }
 
+/*
+ * This does "clone" open, meaning it automatically
+ * assigns an available minor unit for each open.
+ */
 /*ARGSUSED*/
 static int
 nsmb_open(dev_t *dev, int flags, int otyp, cred_t *cr)
 {
-	major_t new_major;
-	smb_dev_t *sdp, *sdv;
+	smb_dev_t *sdp;
+	minor_t m;
 
 	mutex_enter(&dev_lck);
-	for (; ; ) {
-		minor_t start = nsmb_minor;
-		do {
-			if (nsmb_minor >= MAXMIN32) {
-				if (nsmb_major == getmajor(*dev))
-					nsmb_minor = NSMB_MIN_MINOR;
-				else
-					nsmb_minor = 0;
-			} else {
-				nsmb_minor++;
-			}
-			sdv = ddi_get_soft_state(statep, nsmb_minor);
-		} while ((sdv != NULL) && (nsmb_minor != start));
-		if (nsmb_minor == start) {
-			/*
-			 * The condition we need to solve here is  all the
-			 * MAXMIN32(~262000) minors numbers are reached. We
-			 * need to create a new major number.
-			 * zfs uses getudev() to create a new major number.
-			 */
-			if ((new_major = getudev()) == (major_t)-1) {
-				cmn_err(CE_WARN,
-				    "nsmb: Can't get unique major "
-				    "device number.");
-				mutex_exit(&dev_lck);
-				return (-1);
-			}
-			nsmb_major = new_major;
-			nsmb_minor = 0;
-		} else {
-			break;
+
+	for (m = last_minor + 1; m != last_minor; m++) {
+		if (m > NSMB_MAX_MINOR)
+			m = NSMB_MIN_MINOR;
+
+		if (ddi_get_soft_state(statep, m) == NULL) {
+			last_minor = m;
+			goto found;
 		}
 	}
 
-	/*
-	 * This is called by mount or open call.
-	 * The open() routine is passed a pointer to a device number so
-	 * that  the  driver  can  change the minor number. This allows
-	 * drivers to dynamically  create minor instances of  the  dev-
-	 * ice.  An  example of this might be a  pseudo-terminal driver
-	 * that creates a new pseudo-terminal whenever it   is  opened.
-	 * A driver that chooses the minor number dynamically, normally
-	 * creates only one  minor  device  node  in   attach(9E)  with
-	 * ddi_create_minor_node(9F) then changes the minor number com-
-	 * ponent of *devp using makedevice(9F)  and  getmajor(9F)  The
-	 * driver needs to keep track of available minor numbers inter-
-	 * nally.
-	 * Stuff the structure smb_dev.
-	 * return.
-	 */
+	/* No available minor units. */
+	mutex_exit(&dev_lck);
+	return (ENXIO);
 
-	if (ddi_soft_state_zalloc(statep, nsmb_minor) == DDI_FAILURE) {
+found:
+	/* NB: dev_lck still held */
+	if (ddi_soft_state_zalloc(statep, m) == DDI_FAILURE) {
 		mutex_exit(&dev_lck);
 		return (ENXIO);
 	}
-	if ((sdp = ddi_get_soft_state(statep, nsmb_minor)) == NULL) {
+	if ((sdp = ddi_get_soft_state(statep, m)) == NULL) {
 		mutex_exit(&dev_lck);
 		return (ENXIO);
 	}
+	*dev = makedevice(nsmb_major, m);
+	mutex_exit(&dev_lck);
 
-	sdp->sd_seq = nsmb_minor;
 	sdp->sd_cred = cr;
 	sdp->sd_smbfid = -1;
 	sdp->sd_flags |= NSMBFL_OPEN;
 	sdp->zoneid = crgetzoneid(cr);
-	mutex_exit(&dev_lck);
-
-	*dev = makedevice(nsmb_major, nsmb_minor);
 
 	return (0);
 }
diff --git a/usr/src/uts/common/fs/zfs/spa.c b/usr/src/uts/common/fs/zfs/spa.c
index b6190e4cfa..5d9332a70b 100644
--- a/usr/src/uts/common/fs/zfs/spa.c
+++ b/usr/src/uts/common/fs/zfs/spa.c
@@ -22,6 +22,9 @@
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
  */
+/*
+ * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+ */
 
 /*
  * This file contains all the routines used when modifying on-disk SPA state.
@@ -610,7 +613,7 @@ static taskq_t *
 spa_taskq_create(spa_t *spa, const char *name, enum zti_modes mode,
     uint_t value)
 {
-	uint_t flags = TASKQ_PREPOPULATE;
+	uint_t flags = 0;
 	boolean_t batch = B_FALSE;
 
 	switch (mode) {
diff --git a/usr/src/uts/common/fs/zfs/sys/zfs_context.h b/usr/src/uts/common/fs/zfs/sys/zfs_context.h
index 558e9e1884..fdd0412fee 100644
--- a/usr/src/uts/common/fs/zfs/sys/zfs_context.h
+++ b/usr/src/uts/common/fs/zfs/sys/zfs_context.h
@@ -22,6 +22,9 @@
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
+/*
+ * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+ */
 
 #ifndef _SYS_ZFS_CONTEXT_H
 #define	_SYS_ZFS_CONTEXT_H
@@ -39,6 +42,7 @@ extern "C" {
 #include <sys/cmn_err.h>
 #include <sys/kmem.h>
 #include <sys/taskq.h>
+#include <sys/taskq_impl.h>
 #include <sys/buf.h>
 #include <sys/param.h>
 #include <sys/systm.h>
diff --git a/usr/src/uts/common/fs/zfs/sys/zio.h b/usr/src/uts/common/fs/zfs/sys/zio.h
index 97d8ec74d2..f6cf3f5349 100644
--- a/usr/src/uts/common/fs/zfs/sys/zio.h
+++ b/usr/src/uts/common/fs/zfs/sys/zio.h
@@ -22,6 +22,9 @@
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
  */
+/*
+ * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+ */
 
 #ifndef _ZIO_H
 #define	_ZIO_H
@@ -417,6 +420,9 @@ struct zio {
 	/* FMA state */
 	zio_cksum_report_t *io_cksum_report;
 	uint64_t	io_ena;
+
+	/* Taskq dispatching state */
+	taskq_ent_t	io_tqent;
 };
 
 extern zio_t *zio_null(zio_t *pio, spa_t *spa, vdev_t *vd,
diff --git a/usr/src/uts/common/fs/zfs/zio.c b/usr/src/uts/common/fs/zfs/zio.c
index adfe53eba9..381e519ef7 100644
--- a/usr/src/uts/common/fs/zfs/zio.c
+++ b/usr/src/uts/common/fs/zfs/zio.c
@@ -21,6 +21,7 @@
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
  * Copyright (c) 2011 by Delphix. All rights reserved.
+ * Copyright (c) 2011 Nexenta Systems, Inc. All rights reserved.
  */
 
 #include <sys/zfs_context.h>
@@ -1061,7 +1062,7 @@ zio_taskq_dispatch(zio_t *zio, enum zio_taskq_type q, boolean_t cutinline)
 {
 	spa_t *spa = zio->io_spa;
 	zio_type_t t = zio->io_type;
-	int flags = TQ_SLEEP | (cutinline ? TQ_FRONT : 0);
+	int flags = (cutinline ? TQ_FRONT : 0);
 
 	/*
 	 * If we're a config writer or a probe, the normal issue and
@@ -1085,8 +1086,15 @@ zio_taskq_dispatch(zio_t *zio, enum zio_taskq_type q, boolean_t cutinline)
 		q++;
 
 	ASSERT3U(q, <, ZIO_TASKQ_TYPES);
-	(void) taskq_dispatch(spa->spa_zio_taskq[t][q],
-	    (task_func_t *)zio_execute, zio, flags);
+
+	/*
+	 * NB: We are assuming that the zio can only be dispatched
+	 * to a single taskq at a time.  It would be a grievous error
+	 * to dispatch the zio to another taskq at the same time.
+	 */
+	ASSERT(zio->io_tqent.tqent_next == NULL);
+	taskq_dispatch_ent(spa->spa_zio_taskq[t][q],
+	    (task_func_t *)zio_execute, zio, flags, &zio->io_tqent);
 }
 
 static boolean_t
@@ -2889,9 +2897,11 @@ zio_done(zio_t *zio)
 			 * Reexecution is potentially a huge amount of work.
 			 * Hand it off to the otherwise-unused claim taskq.
 			 */
-			(void) taskq_dispatch(
+			ASSERT(zio->io_tqent.tqent_next == NULL);
+			(void) taskq_dispatch_ent(
 			    spa->spa_zio_taskq[ZIO_TYPE_CLAIM][ZIO_TASKQ_ISSUE],
-			    (task_func_t *)zio_reexecute, zio, TQ_SLEEP);
+			    (task_func_t *)zio_reexecute, zio, 0,
+			    &zio->io_tqent);
 		}
 		return (ZIO_PIPELINE_STOP);
 	}
diff --git a/usr/src/uts/common/inet/tcp.h b/usr/src/uts/common/inet/tcp.h
index 460f183884..d95f2559c6 100644
--- a/usr/src/uts/common/inet/tcp.h
+++ b/usr/src/uts/common/inet/tcp.h
@@ -21,6 +21,7 @@
 /*
  * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
  * Copyright (c) 2011, Joyent, Inc. All rights reserved.
+ * Copyright (c) 2011 Nexenta Systems, Inc. All rights reserved.
  */
 /* Copyright (c) 1990 Mentat Inc. */
 
@@ -334,11 +335,26 @@ typedef struct tcp_s {
 	} tcp_conn;
 	uint32_t tcp_syn_rcvd_timeout;	/* How many SYN_RCVD timeout in q0 */
 
-	/* TCP Keepalive Timer members */
+	/*
+	 * TCP Keepalive Timer members.
+	 * All keepalive timer intervals are in milliseconds.
+	 */
 	int32_t	tcp_ka_last_intrvl;	/* Last probe interval */
 	timeout_id_t tcp_ka_tid;	/* Keepalive timer ID */
 	uint32_t tcp_ka_interval;	/* Keepalive interval */
+
+	/*
+	 * TCP connection is terminated if we don't hear back from the peer
+	 * for tcp_ka_abort_thres milliseconds after the first keepalive probe.
+	 * tcp_ka_rinterval is the interval in milliseconds between successive
+	 * keepalive probes. tcp_ka_cnt is the number of keepalive probes to
+	 * be sent before terminating the connection, if we don't hear back from
+	 * peer.
+	 * tcp_ka_abort_thres = tcp_ka_rinterval * tcp_ka_cnt
+	 */
+	uint32_t tcp_ka_rinterval;	/* keepalive retransmit interval */
 	uint32_t tcp_ka_abort_thres;	/* Keepalive abort threshold */
+	uint32_t tcp_ka_cnt;		/* count of keepalive probes */
 
 	int32_t	tcp_client_errno;	/* How the client screwed up */
 
diff --git a/usr/src/uts/common/inet/tcp/tcp.c b/usr/src/uts/common/inet/tcp/tcp.c
index 8d3dacf35b..0734468ea0 100644
--- a/usr/src/uts/common/inet/tcp/tcp.c
+++ b/usr/src/uts/common/inet/tcp/tcp.c
@@ -22,6 +22,7 @@
 /*
  * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
  * Copyright (c) 2011, Joyent Inc. All rights reserved.
+ * Copyright (c) 2011 Nexenta Systems, Inc. All rights reserved.
  */
 /* Copyright (c) 1990 Mentat Inc. */
 
@@ -2354,6 +2355,8 @@ tcp_init_values(tcp_t *tcp, tcp_t *parent)
 
 		tcp->tcp_ka_interval = tcps->tcps_keepalive_interval;
 		tcp->tcp_ka_abort_thres = tcps->tcps_keepalive_abort_interval;
+		tcp->tcp_ka_cnt = 0;
+		tcp->tcp_ka_rinterval = 0;
 
 		/*
 		 * Default value of tcp_init_cwnd is 0, so no need to set here
diff --git a/usr/src/uts/common/inet/tcp/tcp_opt_data.c b/usr/src/uts/common/inet/tcp/tcp_opt_data.c
index c1614463c2..bcec93fcd3 100644
--- a/usr/src/uts/common/inet/tcp/tcp_opt_data.c
+++ b/usr/src/uts/common/inet/tcp/tcp_opt_data.c
@@ -20,6 +20,7 @@
  */
 /*
  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011 Nexenta Systems, Inc. All rights reserved.
  */
 
 #include <sys/types.h>
@@ -117,6 +118,12 @@ opdes_t	tcp_opt_arr[] = {
 { TCP_KEEPALIVE_THRESHOLD, IPPROTO_TCP, OA_RW, OA_RW, OP_NP, 0,
 	sizeof (int), 0	},
 
+{ TCP_KEEPIDLE, IPPROTO_TCP, OA_RW, OA_RW, OP_NP, 0, sizeof (int), 0 },
+
+{ TCP_KEEPCNT, IPPROTO_TCP, OA_RW, OA_RW, OP_NP, 0, sizeof (int), 0 },
+
+{ TCP_KEEPINTVL, IPPROTO_TCP, OA_RW, OA_RW, OP_NP, 0, sizeof (int), 0 },
+
 { TCP_KEEPALIVE_ABORT_THRESHOLD, IPPROTO_TCP, OA_RW, OA_RW, OP_NP, 0,
 	sizeof (int), 0	},
 
@@ -403,6 +410,25 @@ tcp_opt_get(conn_t *connp, int level, int name, uchar_t *ptr)
 		case TCP_KEEPALIVE_THRESHOLD:
 			*i1 = tcp->tcp_ka_interval;
 			return (sizeof (int));
+
+		/*
+		 * TCP_KEEPIDLE expects value in seconds, but
+		 * tcp_ka_interval is in milliseconds.
+		 */
+		case TCP_KEEPIDLE:
+			*i1 = tcp->tcp_ka_interval / 1000;
+			return (sizeof (int));
+		case TCP_KEEPCNT:
+			*i1 = tcp->tcp_ka_cnt;
+			return (sizeof (int));
+
+		/*
+		 * TCP_KEEPINTVL expects value in seconds, but
+		 * tcp_ka_rinterval is in milliseconds.
+		 */
+		case TCP_KEEPINTVL:
+			*i1 = tcp->tcp_ka_rinterval / 1000;
+			return (sizeof (int));
 		case TCP_KEEPALIVE_ABORT_THRESHOLD:
 			*i1 = tcp->tcp_ka_abort_thres;
 			return (sizeof (int));
@@ -682,6 +708,18 @@ tcp_opt_set(conn_t *connp, uint_t optset_context, int level, int name,
 			}
 			tcp->tcp_init_cwnd = val;
 			break;
+
+		/*
+		 * TCP_KEEPIDLE is in seconds but TCP_KEEPALIVE_THRESHOLD
+		 * is in milliseconds. TCP_KEEPIDLE is introduced for
+		 * compatibility with other Unix flavors.
+		 * We can fall through TCP_KEEPALIVE_THRESHOLD logic after
+		 * converting the input to milliseconds.
+		 */
+		case TCP_KEEPIDLE:
+			*i1 *= 1000;
+			/* FALLTHRU */
+
 		case TCP_KEEPALIVE_THRESHOLD:
 			if (checkonly)
 				break;
@@ -708,6 +746,66 @@ tcp_opt_set(conn_t *connp, uint_t optset_context, int level, int name,
 				}
 			}
 			break;
+
+		/*
+		 * tcp_ka_abort_thres = tcp_ka_rinterval * tcp_ka_cnt.
+		 * So setting TCP_KEEPCNT or TCP_KEEPINTVL can affect all the
+		 * three members - tcp_ka_abort_thres, tcp_ka_rinterval and
+		 * tcp_ka_cnt.
+		 */
+		case TCP_KEEPCNT:
+			if (checkonly)
+				break;
+
+			if (*i1 == 0) {
+				return (EINVAL);
+			} else if (tcp->tcp_ka_rinterval == 0) {
+				if ((tcp->tcp_ka_abort_thres / *i1) <
+				    tcp->tcp_rto_min ||
+				    (tcp->tcp_ka_abort_thres / *i1) >
+				    tcp->tcp_rto_max)
+					return (EINVAL);
+
+				tcp->tcp_ka_rinterval =
+				    tcp->tcp_ka_abort_thres / *i1;
+			} else {
+				if ((*i1 * tcp->tcp_ka_rinterval) <
+				    tcps->tcps_keepalive_abort_interval_low ||
+				    (*i1 * tcp->tcp_ka_rinterval) >
+				    tcps->tcps_keepalive_abort_interval_high)
+					return (EINVAL);
+				tcp->tcp_ka_abort_thres =
+				    (*i1 * tcp->tcp_ka_rinterval);
+			}
+			tcp->tcp_ka_cnt = *i1;
+			break;
+		case TCP_KEEPINTVL:
+			/*
+			 * TCP_KEEPINTVL is specified in seconds, but
+			 * tcp_ka_rinterval is in milliseconds.
+			 */
+
+			if (checkonly)
+				break;
+
+			if ((*i1 * 1000) < tcp->tcp_rto_min ||
+			    (*i1 * 1000) > tcp->tcp_rto_max)
+				return (EINVAL);
+
+			if (tcp->tcp_ka_cnt == 0) {
+				tcp->tcp_ka_cnt =
+				    tcp->tcp_ka_abort_thres / (*i1 * 1000);
+			} else {
+				if ((*i1 * tcp->tcp_ka_cnt * 1000) <
+				    tcps->tcps_keepalive_abort_interval_low ||
+				    (*i1 * tcp->tcp_ka_cnt * 1000) >
+				    tcps->tcps_keepalive_abort_interval_high)
+					return (EINVAL);
+				tcp->tcp_ka_abort_thres =
+				    (*i1 * tcp->tcp_ka_cnt * 1000);
+			}
+			tcp->tcp_ka_rinterval = *i1 * 1000;
+			break;
 		case TCP_KEEPALIVE_ABORT_THRESHOLD:
 			if (!checkonly) {
 				if (*i1 <
@@ -718,6 +816,8 @@ tcp_opt_set(conn_t *connp, uint_t optset_context, int level, int name,
 					return (EINVAL);
 				}
 				tcp->tcp_ka_abort_thres = *i1;
+				tcp->tcp_ka_cnt = 0;
+				tcp->tcp_ka_rinterval = 0;
 			}
 			break;
 		case TCP_CORK:
diff --git a/usr/src/uts/common/inet/tcp/tcp_timers.c b/usr/src/uts/common/inet/tcp/tcp_timers.c
index c883be8cfd..90e1c9178c 100644
--- a/usr/src/uts/common/inet/tcp/tcp_timers.c
+++ b/usr/src/uts/common/inet/tcp/tcp_timers.c
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011 Nexenta Systems, Inc. All rights reserved.
  */
 
 #include <sys/types.h>
@@ -390,6 +391,11 @@ tcp_timers_stop(tcp_t *tcp)
  * (tcp_ka_interval + tcp_ka_abort_thres) we have not heard anything,
  * kill the connection unless the keepalive abort threshold is 0.  In
  * that case, we will probe "forever."
+ * If tcp_ka_cnt and tcp_ka_rinterval are non-zero, then we do not follow
+ * the exponential backoff, but send probes tcp_ka_cnt times in regular
+ * intervals of tcp_ka_rinterval milliseconds until we hear back from peer.
+ * Kill the connection if we don't hear back from peer after tcp_ka_cnt
+ * probes are sent.
  */
 void
 tcp_keepalive_timer(void *arg)
@@ -455,7 +461,9 @@ tcp_keepalive_timer(void *arg)
 			if (mp != NULL) {
 				tcp_send_data(tcp, mp);
 				TCPS_BUMP_MIB(tcps, tcpTimKeepaliveProbe);
-				if (tcp->tcp_ka_last_intrvl != 0) {
+				if (tcp->tcp_ka_rinterval) {
+					firetime = tcp->tcp_ka_rinterval;
+				} else if (tcp->tcp_ka_last_intrvl != 0) {
 					int max;
 					/*
 					 * We should probe again at least
diff --git a/usr/src/uts/common/io/comstar/port/iscsit/iscsit.c b/usr/src/uts/common/io/comstar/port/iscsit/iscsit.c
index 4df6327f31..59bdf682e0 100644
--- a/usr/src/uts/common/io/comstar/port/iscsit/iscsit.c
+++ b/usr/src/uts/common/io/comstar/port/iscsit/iscsit.c
@@ -21,6 +21,9 @@
 /*
  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
  */
+/*
+ * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+ */
 
 #include <sys/cpuvar.h>
 #include <sys/types.h>
@@ -2165,7 +2168,6 @@ iscsit_post_scsi_cmd(idm_conn_t *ic, idm_pdu_t *rx_pdu)
 	}
 }
 
-/*ARGSUSED*/
 void
 iscsit_deferred_dispatch(idm_pdu_t *rx_pdu)
 {
@@ -2188,16 +2190,8 @@ iscsit_deferred_dispatch(idm_pdu_t *rx_pdu)
 	iscsit_conn_dispatch_hold(ict);
 	mutex_exit(&ict->ict_mutex);
 
-	if (taskq_dispatch(iscsit_global.global_dispatch_taskq,
-	    iscsit_deferred, rx_pdu, DDI_NOSLEEP) == NULL) {
-		/*
-		 * In the unlikely scenario that we couldn't get the resources
-		 * to dispatch the PDU then just drop it.
-		 */
-		idm_pdu_complete(rx_pdu, IDM_STATUS_FAIL);
-		idm_conn_event(ict->ict_ic, CE_TRANSPORT_FAIL, NULL);
-		iscsit_conn_dispatch_rele(ict);
-	}
+	taskq_dispatch_ent(iscsit_global.global_dispatch_taskq,
+	    iscsit_deferred, rx_pdu, 0, &rx_pdu->isp_tqent);
 }
 
 static void
diff --git a/usr/src/uts/common/io/sata/adapters/si3124/si3124.c b/usr/src/uts/common/io/sata/adapters/si3124/si3124.c
index a76b949a05..65e59612e6 100644
--- a/usr/src/uts/common/io/sata/adapters/si3124/si3124.c
+++ b/usr/src/uts/common/io/sata/adapters/si3124/si3124.c
@@ -25,7 +25,7 @@
 
 
 /*
- * SiliconImage 3124/3132 sata controller driver
+ * SiliconImage 3124/3132/3531 sata controller driver
  */
 
 /*
@@ -37,10 +37,10 @@
  * I. General notes
  *
  * Even though the driver is named as si3124, it is actually meant to
- * work with both 3124 and 3132 controllers.
+ * work with SiI3124, SiI3132 and SiI3531 controllers.
  *
  * The current file si3124.c is the main driver code. The si3124reg.h
- * holds the register definitions from SiI 3124/3132 data sheets. The
+ * holds the register definitions from SiI 3124/3132/3531 data sheets. The
  * si3124var.h holds the driver specific definitions which are not
  * directly derived from data sheets.
  *
@@ -562,10 +562,25 @@ si_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
 		si_ctlp->sictl_devid =
 		    pci_config_get16(si_ctlp->sictl_pci_conf_handle,
 		    PCI_CONF_DEVID);
-		if (si_ctlp->sictl_devid == SI3132_DEV_ID) {
-			si_ctlp->sictl_num_ports = SI3132_MAX_PORTS;
-		} else {
-			si_ctlp->sictl_num_ports = SI3124_MAX_PORTS;
+		switch (si_ctlp->sictl_devid) {
+			case SI3124_DEV_ID:
+				si_ctlp->sictl_num_ports = SI3124_MAX_PORTS;
+				break;
+
+			case SI3132_DEV_ID:
+				si_ctlp->sictl_num_ports = SI3132_MAX_PORTS;
+				break;
+
+			case SI3531_DEV_ID:
+				si_ctlp->sictl_num_ports = SI3531_MAX_PORTS;
+				break;
+
+			default:
+				/*
+				 * Driver should not have attatched if device
+				 * ID is not already known and is supported.
+				 */
+				goto err_out;
 		}
 
 		attach_state |= ATTACH_PROGRESS_CONF_HANDLE;
diff --git a/usr/src/uts/common/netinet/tcp.h b/usr/src/uts/common/netinet/tcp.h
index 9a08545ab7..f6c2fc160b 100644
--- a/usr/src/uts/common/netinet/tcp.h
+++ b/usr/src/uts/common/netinet/tcp.h
@@ -21,6 +21,7 @@
 
 /*
  * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011 Nexenta Systems, Inc. All rights reserved.
  */
 
 /*
@@ -125,6 +126,9 @@ struct tcphdr {
 /* gap for expansion of ``standard'' options */
 #define	TCP_ANONPRIVBIND		0x20	/* for internal use only  */
 #define	TCP_EXCLBIND			0x21	/* for internal use only  */
+#define	TCP_KEEPIDLE			0x22
+#define	TCP_KEEPCNT			0x23
+#define	TCP_KEEPINTVL			0x24
 
 #ifdef	__cplusplus
 }
diff --git a/usr/src/uts/common/os/taskq.c b/usr/src/uts/common/os/taskq.c
index 68dc5203f1..26e7b952d7 100644
--- a/usr/src/uts/common/os/taskq.c
+++ b/usr/src/uts/common/os/taskq.c
@@ -24,6 +24,10 @@
  */
 
 /*
+ * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+ */
+
+/*
  * Kernel task queues: general-purpose asynchronous task scheduling.
  *
  * A common problem in kernel programming is the need to schedule tasks
@@ -184,6 +188,17 @@
  *		taskq_dispatch() (especially if TQ_NOQUEUE was specified), so it
  *		is important to have backup strategies handling such failures.
  *
+ * void taskq_dispatch_ent(tq, func, arg, flags, tqent)
+ *
+ *	This is a light-weight form of taskq_dispatch(), that uses a
+ *	preallocated taskq_ent_t structure for scheduling.  As a
+ *	result, it does not perform allocations and cannot ever fail.
+ *	Note especially that it cannot be used with TASKQ_DYNAMIC
+ *	taskqs.  The memory for the tqent must not be modified or used
+ *	until the function (func) is called.  (However, func itself
+ *	may safely modify or free this memory, once it is called.)
+ *	Note that the taskq framework will NOT free this memory.
+ *
  * void taskq_wait(tq):
  *
  *	Waits for all previously scheduled tasks to complete.
@@ -1118,7 +1133,6 @@ taskq_bucket_dispatch(taskq_bucket_t *b, task_func_t func, void *arg)
  *	    Actual return value is the pointer to taskq entry that was used to
  *	    dispatch a task. This is useful for debugging.
  */
-/* ARGSUSED */
 taskqid_t
 taskq_dispatch(taskq_t *tq, task_func_t func, void *arg, uint_t flags)
 {
@@ -1134,7 +1148,7 @@ taskq_dispatch(taskq_t *tq, task_func_t func, void *arg, uint_t flags)
 		/*
 		 * TQ_NOQUEUE flag can't be used with non-dynamic task queues.
 		 */
-		ASSERT(! (flags & TQ_NOQUEUE));
+		ASSERT(!(flags & TQ_NOQUEUE));
 		/*
 		 * Enqueue the task to the underlying queue.
 		 */
@@ -1146,6 +1160,9 @@ taskq_dispatch(taskq_t *tq, task_func_t func, void *arg, uint_t flags)
 			mutex_exit(&tq->tq_lock);
 			return (NULL);
 		}
+		/* Make sure we start without any flags */
+		tqe->tqent_un.tqent_flags = 0;
+
 		if (flags & TQ_FRONT) {
 			TQ_ENQUEUE_FRONT(tq, tqe, func, arg);
 		} else {
@@ -1273,6 +1290,31 @@ taskq_dispatch(taskq_t *tq, task_func_t func, void *arg, uint_t flags)
 	return ((taskqid_t)tqe);
 }
 
+void
+taskq_dispatch_ent(taskq_t *tq, task_func_t func, void *arg, uint_t flags,
+    taskq_ent_t *tqe)
+{
+	ASSERT(func != NULL);
+	ASSERT(!(tq->tq_flags & TASKQ_DYNAMIC));
+
+	/*
+	 * Mark it as a prealloc'd task.  This is important
+	 * to ensure that we don't free it later.
+	 */
+	tqe->tqent_un.tqent_flags |= TQENT_FLAG_PREALLOC;
+	/*
+	 * Enqueue the task to the underlying queue.
+	 */
+	mutex_enter(&tq->tq_lock);
+
+	if (flags & TQ_FRONT) {
+		TQ_ENQUEUE_FRONT(tq, tqe, func, arg);
+	} else {
+		TQ_ENQUEUE(tq, tqe, func, arg);
+	}
+	mutex_exit(&tq->tq_lock);
+}
+
 /*
  * Wait for all pending tasks to complete.
  * Calling taskq_wait from a task will cause deadlock.
@@ -1460,6 +1502,7 @@ taskq_thread(void *arg)
 	taskq_ent_t *tqe;
 	callb_cpr_t cprinfo;
 	hrtime_t start, end;
+	boolean_t freeit;
 
 	curthread->t_taskq = tq;	/* mark ourselves for taskq_member() */
 
@@ -1546,6 +1589,23 @@ taskq_thread(void *arg)
 		tqe->tqent_next->tqent_prev = tqe->tqent_prev;
 		mutex_exit(&tq->tq_lock);
 
+		/*
+		 * For prealloc'd tasks, we don't free anything.  We
+		 * have to check this now, because once we call the
+		 * function for a prealloc'd taskq, we can't touch the
+		 * tqent any longer (calling the function returns the
+		 * ownershp of the tqent back to caller of
+		 * taskq_dispatch.)
+		 */
+		if ((!(tq->tq_flags & TASKQ_DYNAMIC)) &&
+		    (tqe->tqent_un.tqent_flags & TQENT_FLAG_PREALLOC)) {
+			/* clear pointers to assist assertion checks */
+			tqe->tqent_next = tqe->tqent_prev = NULL;
+			freeit = B_FALSE;
+		} else {
+			freeit = B_TRUE;
+		}
+
 		rw_enter(&tq->tq_threadlock, RW_READER);
 		start = gethrtime();
 		DTRACE_PROBE2(taskq__exec__start, taskq_t *, tq,
@@ -1560,7 +1620,8 @@ taskq_thread(void *arg)
 		tq->tq_totaltime += end - start;
 		tq->tq_executed++;
 
-		taskq_ent_free(tq, tqe);
+		if (freeit)
+			taskq_ent_free(tq, tqe);
 	}
 
 	if (tq->tq_nthreads_max == 1)
@@ -1600,7 +1661,7 @@ taskq_thread(void *arg)
 static void
 taskq_d_thread(taskq_ent_t *tqe)
 {
-	taskq_bucket_t	*bucket = tqe->tqent_bucket;
+	taskq_bucket_t	*bucket = tqe->tqent_un.tqent_bucket;
 	taskq_t		*tq = bucket->tqbucket_taskq;
 	kmutex_t	*lock = &bucket->tqbucket_lock;
 	kcondvar_t	*cv = &tqe->tqent_cv;
@@ -2115,7 +2176,7 @@ taskq_bucket_extend(void *arg)
 
 	ASSERT(tqe->tqent_thread == NULL);
 
-	tqe->tqent_bucket = b;
+	tqe->tqent_un.tqent_bucket = b;
 
 	/*
 	 * Create a thread in a TS_STOPPED state first. If it is successfully
diff --git a/usr/src/uts/common/sys/auxv_386.h b/usr/src/uts/common/sys/auxv_386.h
index f9b4867f10..2d5deed980 100644
--- a/usr/src/uts/common/sys/auxv_386.h
+++ b/usr/src/uts/common/sys/auxv_386.h
@@ -20,6 +20,7 @@
  */
 /*
  * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2011, Joyent, Inc. All rights reserved.
  */
 
 #ifndef	_SYS_AUXV_386_H
@@ -69,16 +70,18 @@ extern "C" {
 #define	AV_386_PCLMULQDQ	0x8000000 /* Intel PCLMULQDQ insn */
 #define	AV_386_XSAVE		0x10000000 /* Intel XSAVE/XRSTOR insns */
 #define	AV_386_AVX		0x20000000 /* Intel AVX insns */
+#define	AV_386_VMX		0x40000000 /* Intel VMX support */
+#define	AV_386_AMD_SVM		0x80000000 /* AMD SVM support */
 
 #define	FMT_AV_386							\
-	"\20"								\
-	"\36avx\35xsave"						\
-	"\34pclmulqdq\33aes"						\
-	"\32movbe\31sse4.2"						\
-	"\30sse4.1\27ssse3\26amd_lzcnt\25popcnt"			\
-	"\24amd_sse4a\23tscp\22ahf\21cx16"				\
-	"\17sse3\15sse2\14sse\13fxsr\12amd3dx\11amd3d"	\
-	"\10amdmmx\7mmx\6cmov\5amdsysc\4sep\3cx8\2tsc\1fpu"
+	"\020"								\
+	"\040svm\037vmx\036avx\035xsave"				\
+	"\034pclmulqdq\033aes"						\
+	"\032movbe\031sse4.2"						\
+	"\030sse4.1\027ssse3\026amd_lzcnt\025popcnt"			\
+	"\024amd_sse4a\023tscp\022ahf\021cx16"				\
+	"\017sse3\015sse2\014sse\013fxsr\012amd3dx\011amd3d"		\
+	"\010amdmmx\07mmx\06cmov\05amdsysc\04sep\03cx8\02tsc\01fpu"
 
 #ifdef __cplusplus
 }
diff --git a/usr/src/uts/common/sys/dtrace.h b/usr/src/uts/common/sys/dtrace.h
index f2339d3d3c..834cfd6d55 100644
--- a/usr/src/uts/common/sys/dtrace.h
+++ b/usr/src/uts/common/sys/dtrace.h
@@ -206,6 +206,7 @@ typedef enum dtrace_probespec {
 #define	DIF_VAR_ARGS		0x0000	/* arguments array */
 #define	DIF_VAR_REGS		0x0001	/* registers array */
 #define	DIF_VAR_UREGS		0x0002	/* user registers array */
+#define	DIF_VAR_VMREGS		0x0003	/* virtual machine registers array */
 #define	DIF_VAR_CURTHREAD	0x0100	/* thread pointer */
 #define	DIF_VAR_TIMESTAMP	0x0101	/* timestamp */
 #define	DIF_VAR_VTIMESTAMP	0x0102	/* virtual timestamp */
diff --git a/usr/src/uts/common/sys/dtrace_impl.h b/usr/src/uts/common/sys/dtrace_impl.h
index fed537e18b..dc89cb1b0b 100644
--- a/usr/src/uts/common/sys/dtrace_impl.h
+++ b/usr/src/uts/common/sys/dtrace_impl.h
@@ -24,11 +24,13 @@
  * Use is subject to license terms.
  */
 
+/*
+ * Copyright (c) 2011, Joyent, Inc. All rights reserved.
+ */
+
 #ifndef _SYS_DTRACE_IMPL_H
 #define	_SYS_DTRACE_IMPL_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #ifdef	__cplusplus
 extern "C" {
 #endif
@@ -419,8 +421,11 @@ typedef struct dtrace_buffer {
 	uint32_t dtb_errors;			/* number of errors */
 	uint32_t dtb_xamot_errors;		/* errors in inactive buffer */
 #ifndef _LP64
-	uint64_t dtb_pad1;
+	uint64_t dtb_pad1;			/* pad out to 64 bytes */
 #endif
+	uint64_t dtb_switched;			/* time of last switch */
+	uint64_t dtb_interval;			/* observed switch interval */
+	uint64_t dtb_pad2[6];			/* pad to avoid false sharing */
 } dtrace_buffer_t;
 
 /*
@@ -1139,7 +1144,7 @@ struct dtrace_provider {
 	dtrace_pops_t dtpv_pops;		/* provider operations */
 	char *dtpv_name;			/* provider name */
 	void *dtpv_arg;				/* provider argument */
-	uint_t dtpv_defunct;			/* boolean: defunct provider */
+	hrtime_t dtpv_defunct;			/* when made defunct */
 	struct dtrace_provider *dtpv_next;	/* next provider */
 };
 
@@ -1246,6 +1251,7 @@ extern void dtrace_copyoutstr(uintptr_t, uintptr_t, size_t,
     volatile uint16_t *);
 extern void dtrace_getpcstack(pc_t *, int, int, uint32_t *);
 extern ulong_t dtrace_getreg(struct regs *, uint_t);
+extern uint64_t dtrace_getvmreg(uint_t, volatile uint16_t *);
 extern int dtrace_getstackdepth(int);
 extern void dtrace_getupcstack(uint64_t *, int);
 extern void dtrace_getufpstack(uint64_t *, uint64_t *, int);
diff --git a/usr/src/uts/common/sys/idm/idm_impl.h b/usr/src/uts/common/sys/idm/idm_impl.h
index 11e9534687..72641bbfad 100644
--- a/usr/src/uts/common/sys/idm/idm_impl.h
+++ b/usr/src/uts/common/sys/idm/idm_impl.h
@@ -21,6 +21,10 @@
 /*
  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
  */
+/*
+ * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+ */
+
 #ifndef	_IDM_IMPL_H_
 #define	_IDM_IMPL_H_
 
@@ -30,6 +34,7 @@ extern "C" {
 
 #include <sys/avl.h>
 #include <sys/socket_impl.h>
+#include <sys/taskq_impl.h>
 
 /*
  * IDM lock order:
@@ -373,6 +378,9 @@ typedef struct idm_pdu_s {
 	uint_t		isp_hdrbuflen;
 	uint_t		isp_databuflen;
 	time_t		isp_queue_time;
+
+	/* Taskq dispatching state for deferred PDU */
+	taskq_ent_t	isp_tqent;
 } idm_pdu_t;
 
 /*
diff --git a/usr/src/uts/common/sys/sata/adapters/si3124/si3124reg.h b/usr/src/uts/common/sys/sata/adapters/si3124/si3124reg.h
index d77aa5ba5d..7d124b1ba7 100644
--- a/usr/src/uts/common/sys/sata/adapters/si3124/si3124reg.h
+++ b/usr/src/uts/common/sys/sata/adapters/si3124/si3124reg.h
@@ -314,6 +314,7 @@ typedef struct si_prb {
 
 #define	SI3124_DEV_ID	0x3124
 #define	SI3132_DEV_ID	0x3132
+#define	SI3531_DEV_ID	0x3531
 
 #define	PM_CSR(devid)	 ((devid == SI3124_DEV_ID) ? 0x68 : 0x58)
 
diff --git a/usr/src/uts/common/sys/sata/adapters/si3124/si3124var.h b/usr/src/uts/common/sys/sata/adapters/si3124/si3124var.h
index 3ab318c1e3..d4aade35e2 100644
--- a/usr/src/uts/common/sys/sata/adapters/si3124/si3124var.h
+++ b/usr/src/uts/common/sys/sata/adapters/si3124/si3124var.h
@@ -32,6 +32,7 @@ extern "C" {
 
 #define	SI3124_MAX_PORTS		4
 #define	SI3132_MAX_PORTS		2
+#define	SI3531_MAX_PORTS		1
 #define	SI_MAX_PORTS			SI3124_MAX_PORTS
 
 #define	SI_LOGBUF_LEN			512
@@ -164,7 +165,7 @@ typedef struct si_ctl_state {
 	int sictl_num_ports;	/* number of controller ports */
 	si_port_state_t *sictl_ports[SI_MAX_PORTS];
 
-	int sictl_devid; /* whether it is 3124 or 3132 */
+	int sictl_devid; /* device id of the controller */
 	int sictl_flags; /* some important state of controller */
 	int sictl_power_level;
 
diff --git a/usr/src/uts/common/sys/taskq_impl.h b/usr/src/uts/common/sys/taskq_impl.h
index ce32afc5ef..b75427152a 100644
--- a/usr/src/uts/common/sys/taskq_impl.h
+++ b/usr/src/uts/common/sys/taskq_impl.h
@@ -22,6 +22,9 @@
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
+/*
+ * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
+ */
 
 #ifndef	_SYS_TASKQ_IMPL_H
 #define	_SYS_TASKQ_IMPL_H
@@ -43,11 +46,16 @@ typedef struct taskq_ent {
 	struct taskq_ent	*tqent_prev;
 	task_func_t		*tqent_func;
 	void			*tqent_arg;
-	taskq_bucket_t		*tqent_bucket;
+	union {
+		taskq_bucket_t	*tqent_bucket;
+		uintptr_t	tqent_flags;
+	}			tqent_un;
 	kthread_t		*tqent_thread;
 	kcondvar_t		tqent_cv;
 } taskq_ent_t;
 
+#define	TQENT_FLAG_PREALLOC	0x1
+
 /*
  * Taskq Statistics fields are not protected by any locks.
  */
@@ -141,6 +149,10 @@ struct taskq {
 	int		tq_tdeaths;
 };
 
+/* Special form of taskq dispatch that uses preallocated entries. */
+void taskq_dispatch_ent(taskq_t *, task_func_t, void *, uint_t, taskq_ent_t *);
+
+
 #define	tq_thread tq_thr._tq_thread
 #define	tq_threadlist tq_thr._tq_threadlist
 
diff --git a/usr/src/uts/common/sys/va_list.h b/usr/src/uts/common/sys/va_list.h
index 7b79cbdecf..40aa4c210a 100644
--- a/usr/src/uts/common/sys/va_list.h
+++ b/usr/src/uts/common/sys/va_list.h
@@ -31,8 +31,6 @@
 #ifndef	_SYS_VA_LIST_H
 #define	_SYS_VA_LIST_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 /*
  * An application should not include this header directly.  Instead it
  * should be included only through the inclusion of other Sun headers.
diff --git a/usr/src/uts/i86pc/ml/locore.s b/usr/src/uts/i86pc/ml/locore.s
index 8aec1537e5..91e38307ca 100644
--- a/usr/src/uts/i86pc/ml/locore.s
+++ b/usr/src/uts/i86pc/ml/locore.s
@@ -22,6 +22,9 @@
 /*
  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
  */
+/*
+ * Copyright 2011 Joyent, Inc.  All rights reserved.
+ */
 
 /*	Copyright (c) 1990, 1991 UNIX System Laboratories, Inc.	*/
 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989, 1990 AT&T	*/
@@ -1144,28 +1147,34 @@ cmntrap()
 
 .dtrace_induced:
 	cmpw	$KCS_SEL, REGOFF_CS(%rbp)	/* test CS for user-mode trap */
-	jne	2f				/* if from user, panic */
+	jne	3f				/* if from user, panic */
 
 	cmpl	$T_PGFLT, REGOFF_TRAPNO(%rbp)
-	je	0f
+	je	1f
 
 	cmpl	$T_GPFLT, REGOFF_TRAPNO(%rbp)
-	jne	3f				/* if not PF or GP, panic */
+	je	0f
+
+	cmpl	$T_ILLINST, REGOFF_TRAPNO(%rbp)
+	je	0f
+
+	jne	4f				/* if not PF, GP or UD, panic */
 
 	/*
 	 * If we've taken a GPF, we don't (unfortunately) have the address that
 	 * induced the fault.  So instead of setting the fault to BADADDR,
 	 * we'll set the fault to ILLOP.
 	 */
+0:
 	orw	$CPU_DTRACE_ILLOP, %cx
 	movw	%cx, CPUC_DTRACE_FLAGS(%rax)
-	jmp	1f
-0:
+	jmp	2f
+1:
 	orw	$CPU_DTRACE_BADADDR, %cx
 	movw	%cx, CPUC_DTRACE_FLAGS(%rax)	/* set fault to bad addr */
 	movq	%r15, CPUC_DTRACE_ILLVAL(%rax)
 					    /* fault addr is illegal value */
-1:
+2:
 	movq	REGOFF_RIP(%rbp), %rdi
 	movq	%rdi, %r12
 	call	dtrace_instr_size
@@ -1174,11 +1183,11 @@ cmntrap()
 	INTR_POP
 	IRET
 	/*NOTREACHED*/
-2:
+3:
 	leaq	dtrace_badflags(%rip), %rdi
 	xorl	%eax, %eax
 	call	panic
-3:
+4:
 	leaq	dtrace_badtrap(%rip), %rdi
 	xorl	%eax, %eax
 	call	panic
diff --git a/usr/src/uts/i86pc/ml/mach_offsets.in b/usr/src/uts/i86pc/ml/mach_offsets.in
index 770912bf9e..b7ea0131aa 100644
--- a/usr/src/uts/i86pc/ml/mach_offsets.in
+++ b/usr/src/uts/i86pc/ml/mach_offsets.in
@@ -21,8 +21,8 @@
 \
 \ CDDL HEADER END
 \
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
+\ Copyright 2011 Joyent, Inc. All rights reserved.
+\
 
 \
 \ offsets.in: input file to produce assym.h using the ctfstabs program
@@ -92,7 +92,7 @@ regs	REGSIZE
 
 \#define	REGOFF_PC	REGOFF_EIP
 
-tss
+tss_t
 	tss_esp0		TSS_ESP0
 	tss_ss0		TSS_SS0
 	tss_ldt		TSS_LDT
diff --git a/usr/src/uts/i86pc/os/cpuid.c b/usr/src/uts/i86pc/os/cpuid.c
index 1a472c9e93..09707f151c 100644
--- a/usr/src/uts/i86pc/os/cpuid.c
+++ b/usr/src/uts/i86pc/os/cpuid.c
@@ -28,7 +28,9 @@
 /*
  * Portions Copyright 2009 Advanced Micro Devices, Inc.
  */
-
+/*
+ * Copyright (c) 2011, Joyent, Inc. All rights reserved.
+ */
 /*
  * Various routines to handle identification
  * and classification of x86 processors.
@@ -155,7 +157,10 @@ static char *x86_feature_names[NUM_X86_FEATURES] = {
 	"aes",
 	"pclmulqdq",
 	"xsave",
-	"avx" };
+	"avx",
+	"vmx",
+	"svm"
+};
 
 boolean_t
 is_x86_feature(void *featureset, uint_t feature)
@@ -1263,8 +1268,12 @@ cpuid_pass1(cpu_t *cpu, uchar_t *featureset)
 	}
 #endif	/* __xpv */
 
+	if (cp->cp_ecx & CPUID_INTC_ECX_VMX) {
+		add_x86_feature(featureset, X86FSET_VMX);
+	}
+
 	/*
-	 * Only need it first time, rest of the cpus would follow suite.
+	 * Only need it first time, rest of the cpus would follow suit.
 	 * we only capture this for the bootcpu.
 	 */
 	if (cp->cp_edx & CPUID_INTC_EDX_CLFSH) {
@@ -1421,6 +1430,10 @@ cpuid_pass1(cpu_t *cpu, uchar_t *featureset)
 			if (cp->cp_edx & CPUID_AMD_EDX_TSCP) {
 				add_x86_feature(featureset, X86FSET_TSCP);
 			}
+
+			if (cp->cp_ecx & CPUID_AMD_ECX_SVM) {
+				add_x86_feature(featureset, X86FSET_SVM);
+			}
 			break;
 		default:
 			break;
@@ -2566,6 +2579,8 @@ cpuid_pass4(cpu_t *cpu)
 			    (*ecx & CPUID_INTC_ECX_OSXSAVE))
 				hwcap_flags |= AV_386_XSAVE;
 		}
+		if (*ecx & CPUID_INTC_ECX_VMX)
+			hwcap_flags |= AV_386_VMX;
 		if (*ecx & CPUID_INTC_ECX_POPCNT)
 			hwcap_flags |= AV_386_POPCNT;
 		if (*edx & CPUID_INTC_EDX_FPU)
@@ -2653,6 +2668,8 @@ cpuid_pass4(cpu_t *cpu)
 			hwcap_flags |= AV_386_AMD_3DNow;
 		if (*edx & CPUID_AMD_EDX_3DNowx)
 			hwcap_flags |= AV_386_AMD_3DNowx;
+		if (*ecx & CPUID_AMD_ECX_SVM)
+			hwcap_flags |= AV_386_AMD_SVM;
 
 		switch (cpi->cpi_vendor) {
 		case X86_VENDOR_AMD:
diff --git a/usr/src/uts/i86pc/os/mp_pc.c b/usr/src/uts/i86pc/os/mp_pc.c
index 77e74db168..e268b8852f 100644
--- a/usr/src/uts/i86pc/os/mp_pc.c
+++ b/usr/src/uts/i86pc/os/mp_pc.c
@@ -25,6 +25,9 @@
  * Copyright (c) 2010, Intel Corporation.
  * All rights reserved.
  */
+/*
+ * Copyright 2011 Joyent, Inc. All rights reserved.
+ */
 
 /*
  * Welcome to the world of the "real mode platter".
@@ -170,7 +173,7 @@ rmp_gdt_init(rm_platter_t *rm)
 static void *
 mach_cpucontext_alloc_tables(struct cpu *cp)
 {
-	struct tss *ntss;
+	tss_t *ntss;
 	struct cpu_tables *ct;
 
 	/*
diff --git a/usr/src/uts/i86pc/os/trap.c b/usr/src/uts/i86pc/os/trap.c
index 71995cc992..1e6c4a5c32 100644
--- a/usr/src/uts/i86pc/os/trap.c
+++ b/usr/src/uts/i86pc/os/trap.c
@@ -31,6 +31,10 @@
 /*		All Rights Reserved   				*/
 /*								*/
 
+/*
+ * Copyright 2011 Joyent, Inc. All rights reserved.
+ */
+
 #include <sys/types.h>
 #include <sys/sysmacros.h>
 #include <sys/param.h>
@@ -1983,7 +1987,7 @@ static void
 dump_tss(void)
 {
 	const char tss_fmt[] = "tss.%s:\t0x%p\n";  /* Format string */
-	struct tss *tss = CPU->cpu_tss;
+	tss_t *tss = CPU->cpu_tss;
 
 	printf(tss_fmt, "tss_rsp0", (void *)tss->tss_rsp0);
 	printf(tss_fmt, "tss_rsp1", (void *)tss->tss_rsp1);
@@ -2004,7 +2008,7 @@ static void
 dump_tss(void)
 {
 	const char tss_fmt[] = "tss.%s:\t0x%p\n";  /* Format string */
-	struct tss *tss = CPU->cpu_tss;
+	tss_t *tss = CPU->cpu_tss;
 
 	printf(tss_fmt, "tss_link", (void *)(uintptr_t)tss->tss_link);
 	printf(tss_fmt, "tss_esp0", (void *)(uintptr_t)tss->tss_esp0);
diff --git a/usr/src/uts/i86pc/sys/machcpuvar.h b/usr/src/uts/i86pc/sys/machcpuvar.h
index 67b9a07439..af29f47285 100644
--- a/usr/src/uts/i86pc/sys/machcpuvar.h
+++ b/usr/src/uts/i86pc/sys/machcpuvar.h
@@ -22,6 +22,9 @@
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
+/*
+ * Copyright 2011 Joyent, Inc. All rights reserved.
+ */
 
 #ifndef	_SYS_MACHCPUVAR_H
 #define	_SYS_MACHCPUVAR_H
@@ -103,7 +106,7 @@ struct	machcpu {
 	user_desc_t	*mcpu_gdt;	/* GDT */
 	gate_desc_t	*mcpu_idt;	/* current IDT */
 
-	struct tss	*mcpu_tss;	/* TSS */
+	tss_t		*mcpu_tss;	/* TSS */
 
 	kmutex_t	mcpu_ppaddr_mutex;
 	caddr_t		mcpu_caddr1;	/* per cpu CADDR1 */
diff --git a/usr/src/uts/i86pc/sys/rm_platter.h b/usr/src/uts/i86pc/sys/rm_platter.h
index 9ca3a4908d..ea63abf77d 100644
--- a/usr/src/uts/i86pc/sys/rm_platter.h
+++ b/usr/src/uts/i86pc/sys/rm_platter.h
@@ -25,6 +25,9 @@
  * Copyright (c) 2010, Intel Corporation.
  * All rights reserved.
  */
+/*
+ * Copyright 2011 Joyent, Inc. All rights reserved.
+ */
 
 #ifndef	_SYS_RM_PLATTER_H
 #define	_SYS_RM_PLATTER_H
@@ -111,7 +114,7 @@ typedef	struct rm_platter {
  */
 struct cpu_tables {
 	char		ct_stack[DEFAULTSTKSZ];
-	struct tss	ct_tss;
+	tss_t		ct_tss;
 };
 
 /*
diff --git a/usr/src/uts/intel/amd64/ml/mach_offsets.in b/usr/src/uts/intel/amd64/ml/mach_offsets.in
index 6fbe1e8a24..24a85a5871 100644
--- a/usr/src/uts/intel/amd64/ml/mach_offsets.in
+++ b/usr/src/uts/intel/amd64/ml/mach_offsets.in
@@ -21,8 +21,8 @@
 \
 \ CDDL HEADER END
 \
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
+\ Copyright 2011 Joyent, Inc. All rights reserved.
+\
 
 \
 \ offsets.in: input file to produce assym.h using the ctfstabs program
@@ -108,7 +108,7 @@ regs	REGSIZE
 boot_syscalls
 	bsvc_putchar	BOOTSVCS_PUTCHAR
 
-tss
+tss_t
 	tss_rsp0
 	tss_rsp1
 	tss_rsp2
diff --git a/usr/src/uts/intel/dtrace/dtrace_asm.s b/usr/src/uts/intel/dtrace/dtrace_asm.s
index 47b981d1e3..3aad499599 100644
--- a/usr/src/uts/intel/dtrace/dtrace_asm.s
+++ b/usr/src/uts/intel/dtrace/dtrace_asm.s
@@ -22,8 +22,9 @@
  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
+/*
+ * Copyright 2011 Joyent, Inc.  All rights reserved.
+ */
 
 #include <sys/asm_linkage.h>
 #include <sys/regset.h>
@@ -62,6 +63,44 @@ dtrace_getfp(void)
 
 #if defined(lint) || defined(__lint)
 
+/*ARGSUSED*/
+uint64_t
+dtrace_getvmreg(uint32_t reg, volatile uint16_t *flags)
+{ return (0); }
+
+#else	/* lint */
+
+#if defined(__amd64)
+
+	ENTRY_NP(dtrace_getvmreg)
+
+	movq	%rdi, %rdx
+	vmread	%rdx, %rax
+	ret
+
+	SET_SIZE(dtrace_getvmreg)
+
+#elif defined(__i386)
+
+	ENTRY_NP(dtrace_getvmreg)
+	pushl	%ebp			/ Setup stack frame
+	movl	%esp, %ebp
+
+	movl	12(%ebp), %eax		/ Load flag pointer
+	movw	(%eax), %cx		/ Load flags
+	orw	$CPU_DTRACE_ILLOP, %cx	/ Set ILLOP
+	movw	%cx, (%eax)		/ Store flags
+
+	leave
+	ret
+	SET_SIZE(dtrace_getvmreg)
+
+#endif	/* __i386 */
+#endif	/* lint */
+
+
+#if defined(lint) || defined(__lint)
+
 uint32_t
 dtrace_cas32(uint32_t *target, uint32_t cmp, uint32_t new)
 {
diff --git a/usr/src/uts/intel/ia32/os/archdep.c b/usr/src/uts/intel/ia32/os/archdep.c
index 7603ccb97d..423b94a13e 100644
--- a/usr/src/uts/intel/ia32/os/archdep.c
+++ b/usr/src/uts/intel/ia32/os/archdep.c
@@ -962,9 +962,24 @@ bind_hwcap(void)
 	auxv_hwcap |= AV_386_AHF;
 #endif
 
-	if (auxv_hwcap_include || auxv_hwcap_exclude)
-		cmn_err(CE_CONT, "?user ABI extensions: %b\n",
-		    auxv_hwcap, FMT_AV_386);
+	if (auxv_hwcap_include || auxv_hwcap_exclude) {
+		/*
+		 * The below assignment is regrettably required to get lint
+		 * to accept the validity of our format string.  The format
+		 * string is in fact valid, but whatever intelligence in lint
+		 * understands the cmn_err()-specific %b appears to have an
+		 * off-by-one error:  it (mistakenly) complains about bit
+		 * number 32 (even though this is explicitly permitted).
+		 * Normally, one would will away such warnings with a "LINTED"
+		 * directive, but for reasons unclear and unknown, lint
+		 * refuses to be assuaged in this case.  Fortunately, lint
+		 * doesn't pretend to have solved the Halting Problem --
+		 * and as soon as the format string is programmatic, it
+		 * knows enough to shut up.
+		 */
+		const char *fmt = "?user ABI extensions: %b\n";
+		cmn_err(CE_CONT, fmt, auxv_hwcap, FMT_AV_386);
+	}
 
 #if defined(_SYSCALL32_IMPL)
 	auxv_hwcap32 = (auxv_hwcap32_include | cpu_hwcap_flags) &
@@ -986,9 +1001,13 @@ bind_hwcap(void)
 	auxv_hwcap32 |= AV_386_AHF;
 #endif
 
-	if (auxv_hwcap32_include || auxv_hwcap32_exclude)
-		cmn_err(CE_CONT, "?32-bit user ABI extensions: %b\n",
-		    auxv_hwcap32, FMT_AV_386);
+	if (auxv_hwcap32_include || auxv_hwcap32_exclude) {
+		/*
+		 * See the block comment in the cmn_err() of auxv_hwcap, above.
+		 */
+		const char *fmt = "?32-bit user ABI extensions: %b\n";
+		cmn_err(CE_CONT, fmt, auxv_hwcap32, FMT_AV_386);
+	}
 #endif
 }
 
diff --git a/usr/src/uts/intel/ia32/os/desctbls.c b/usr/src/uts/intel/ia32/os/desctbls.c
index a21e4a0386..a05137eee6 100644
--- a/usr/src/uts/intel/ia32/os/desctbls.c
+++ b/usr/src/uts/intel/ia32/os/desctbls.c
@@ -24,6 +24,10 @@
  */
 
 /*
+ * Copyright 2011 Joyent, Inc. All rights reserved.
+ */
+
+/*
  * Copyright (c) 1992 Terrence R. Lambert.
  * Copyright (c) 1990 The Regents of the University of California.
  * All rights reserved.
@@ -103,10 +107,10 @@ gate_desc_t	*idt0; 		/* interrupt descriptor table */
 desctbr_t	idt0_default_r;		/* describes idt0 in IDTR format */
 #endif
 
-struct tss	*ktss0;			/* kernel task state structure */
+tss_t		*ktss0;			/* kernel task state structure */
 
 #if defined(__i386)
-struct tss	*dftss0;		/* #DF double-fault exception */
+tss_t		*dftss0;		/* #DF double-fault exception */
 #endif	/* __i386 */
 
 user_desc_t	zero_udesc;		/* base zero user desc native procs */
@@ -1232,7 +1236,7 @@ init_desctbls(void)
 #if !defined(__lint)
 	ASSERT(sizeof (*ktss0) <= PAGESIZE);
 #endif
-	ktss0 = (struct tss *)BOP_ALLOC(bootops, (caddr_t)KTSS_VA,
+	ktss0 = (tss_t *)BOP_ALLOC(bootops, (caddr_t)KTSS_VA,
 	    PAGESIZE, PAGESIZE);
 	bzero(ktss0, PAGESIZE);
 
@@ -1240,7 +1244,7 @@ init_desctbls(void)
 #if !defined(__lint)
 	ASSERT(sizeof (*dftss0) <= PAGESIZE);
 #endif
-	dftss0 = (struct tss *)BOP_ALLOC(bootops, (caddr_t)DFTSS_VA,
+	dftss0 = (tss_t *)BOP_ALLOC(bootops, (caddr_t)DFTSS_VA,
 	    PAGESIZE, PAGESIZE);
 	bzero(dftss0, PAGESIZE);
 #endif
diff --git a/usr/src/uts/intel/sys/segments.h b/usr/src/uts/intel/sys/segments.h
index 6031bdd59f..165fe40e00 100644
--- a/usr/src/uts/intel/sys/segments.h
+++ b/usr/src/uts/intel/sys/segments.h
@@ -1,6 +1,9 @@
 /*
  * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
  */
+/*
+ * Copyright 2011 Joyent, Inc. All rights reserved.
+ */
 
 #ifndef	_SYS_SEGMENTS_H
 #define	_SYS_SEGMENTS_H
@@ -662,10 +665,10 @@ extern user_desc_t	ucs32_on;
 extern user_desc_t	ucs32_off;
 #endif  /* __amd64 */
 
-extern struct tss *ktss0;
+extern tss_t *ktss0;
 
 #if defined(__i386)
-extern struct tss *dftss0;
+extern tss_t *dftss0;
 #endif	/* __i386 */
 
 extern void div0trap(), dbgtrap(), nmiint(), brktrap(), ovflotrap();
diff --git a/usr/src/uts/intel/sys/tss.h b/usr/src/uts/intel/sys/tss.h
index e3eef4995f..ead5e9ee14 100644
--- a/usr/src/uts/intel/sys/tss.h
+++ b/usr/src/uts/intel/sys/tss.h
@@ -6,8 +6,6 @@
 #ifndef	_SYS_TSS_H
 #define	_SYS_TSS_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #ifdef	__cplusplus
 extern "C" {
 #endif
@@ -54,6 +52,9 @@ extern "C" {
  *	from: @(#)tss.h	5.4 (Berkeley) 1/18/91
  * $FreeBSD: src/sys/i386/include/tss.h,v 1.13 2002/09/23 05:04:05 peter Exp $
  */
+/*
+ * Copyright 2011 Joyent, Inc. All rights reserved.
+ */
 
 /*
  * Maximum I/O address that will be in TSS bitmap
@@ -63,14 +64,18 @@ extern "C" {
 #ifndef _ASM
 
 /*
- * Task state segment (tss). Holds the processor state assoicated with
- * a task.
+ * Task state segment (tss). Holds the processor state assoicated with a task.
+ *
+ * Historically, this header only exposed a struct tss that was relevant to the
+ * specific Intel architecture that we were deploying on. However, the tss
+ * structures are defined by the Intel Architecture and other consumers would
+ * like to use them. Rather than requiring them to duplicate all of this
+ * information, we instead expose each version under different names but in a
+ * backwards compatible manner.
  */
 
-#if defined(__amd64)
-
 #pragma	pack(4)
-struct tss {
+struct tss64 {
 	uint32_t	tss_rsvd0;	/* reserved, ignored */
 	uint64_t	tss_rsp0; 	/* stack pointer CPL = 0 */
 	uint64_t	tss_rsp1; 	/* stack pointer CPL = 1 */
@@ -89,9 +94,7 @@ struct tss {
 };
 #pragma	pack()
 
-#elif defined(__i386)
-
-struct tss {
+struct tss32 {
 	uint16_t	tss_link;	/* 16-bit prior TSS selector */
 	uint16_t	tss_rsvd0;	/* reserved, ignored */
 	uint32_t	tss_esp0;
@@ -132,6 +135,39 @@ struct tss {
 	uint16_t	tss_bitmapbase;	/* io permission bitmap base address */
 };
 
+struct tss16 {
+	uint16_t	tss_link;
+	uint16_t	tss_sp0;
+	uint16_t	tss_ss0;
+	uint16_t	tss_sp1;
+	uint16_t	tss_ss1;
+	uint16_t	tss_sp2;
+	uint16_t	tss_ss2;
+	uint16_t	tss_ip;
+	uint16_t	tss_flag;
+	uint16_t	tss_ax;
+	uint16_t	tss_cx;
+	uint16_t	tss_dx;
+	uint16_t	tss_bx;
+	uint16_t	tss_sp;
+	uint16_t	tss_bp;
+	uint16_t	tss_si;
+	uint16_t	tss_di;
+	uint16_t	tss_es;
+	uint16_t	tss_cs;
+	uint16_t	tss_ss;
+	uint16_t	tss_ds;
+	uint16_t	tss_ldt;
+};
+
+#if defined(__amd64)
+
+typedef	struct tss64	tss_t;
+
+#elif defined(__i386)
+
+typedef	struct tss32	tss_t;
+
 #endif	/* __i386 */
 
 #endif	/* !_ASM */
diff --git a/usr/src/uts/intel/sys/x86_archext.h b/usr/src/uts/intel/sys/x86_archext.h
index 383610bbee..c5516be232 100644
--- a/usr/src/uts/intel/sys/x86_archext.h
+++ b/usr/src/uts/intel/sys/x86_archext.h
@@ -25,6 +25,9 @@
  * Copyright (c) 2010, Intel Corporation.
  * All rights reserved.
  */
+/*
+ * Copyright (c) 2011, Joyent, Inc. All rights reserved.
+ */
 
 #ifndef _SYS_X86_ARCHEXT_H
 #define	_SYS_X86_ARCHEXT_H
@@ -362,6 +365,8 @@ extern "C" {
 #define	X86FSET_PCLMULQDQ	32
 #define	X86FSET_XSAVE		33
 #define	X86FSET_AVX		34
+#define	X86FSET_VMX		35
+#define	X86FSET_SVM		36
 
 /*
  * flags to patch tsc_read routine.
@@ -585,7 +590,7 @@ extern "C" {
 
 #if defined(_KERNEL) || defined(_KMEMUSER)
 
-#define	NUM_X86_FEATURES	35
+#define	NUM_X86_FEATURES	37
 extern uchar_t x86_featureset[];
 
 extern void free_x86_featureset(void *featureset);
diff --git a/usr/src/uts/sparc/dtrace/dtrace_isa.c b/usr/src/uts/sparc/dtrace/dtrace_isa.c
index 9fd9d90fc0..20d9bc420b 100644
--- a/usr/src/uts/sparc/dtrace/dtrace_isa.c
+++ b/usr/src/uts/sparc/dtrace/dtrace_isa.c
@@ -23,6 +23,9 @@
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
+/*
+ * Copyright 2011 Joyent, Inc.  All rights reserved.
+ */
 
 #include <sys/dtrace_impl.h>
 #include <sys/atomic.h>
@@ -936,3 +939,12 @@ got_fp:
 
 	return (value);
 }
+
+/*ARGSUSED*/
+uint64_t
+dtrace_getvmreg(uint_t ndx, volatile uint16_t *flags)
+{
+	*flags |= CPU_DTRACE_ILLOP;
+
+	return (0);
+}