--- a/usr/src/cmd/dlmgmtd/dlmgmt_db.c	Mon Oct 05 19:17:50 2009 -0700
+++ b/usr/src/cmd/dlmgmtd/dlmgmt_db.c	Tue Oct 06 00:29:15 2009 -0400
@@ -1227,7 +1227,7 @@
 /*
  * Upgrade properties that have link IDs as values to link names.  Because '.'
  * is a valid linkname character, the port separater for link aggregations
- * must be changed to ':'.4
+ * must be changed to ':'.
  */
 static void
 linkattr_upgrade(dlmgmt_linkattr_t *attrp)
@@ -1243,7 +1243,7 @@
 	if (strcmp(attrp->lp_name, "linkover") == 0 ||
 	    strcmp(attrp->lp_name, "simnetpeer") == 0) {
 		if (attrp->lp_type == DLADM_TYPE_UINT64) {
-			linkid = *(datalink_id_t *)attrp->lp_val;
+			linkid = (datalink_id_t)*(uint64_t *)attrp->lp_val;
 			if ((linkp = link_by_id(linkid, GLOBAL_ZONEID)) == NULL)
 				return;
 			new_attr_sz = strlen(linkp->ll_link) + 1;

--- a/usr/src/uts/common/inet/ip/ip6_if.c	Mon Oct 05 19:17:50 2009 -0700
+++ b/usr/src/uts/common/inet/ip/ip6_if.c	Tue Oct 06 00:29:15 2009 -0400
@@ -1150,7 +1150,7 @@
 void
 ill_setdefaulttoken(ill_t *ill)
 {
-	if (!ill->ill_manual_token) {
+	if (!ill->ill_manual_token && ill->ill_phys_addr_length != 0) {
 		bzero(&ill->ill_token, sizeof (ill->ill_token));
 		MEDIA_V6INTFID(ill->ill_media, ill, &ill->ill_token);
 		ill->ill_token_length = IPV6_TOKEN_LEN;

--- a/usr/src/uts/common/inet/iptun/iptun.c	Mon Oct 05 19:17:50 2009 -0700
+++ b/usr/src/uts/common/inet/iptun/iptun.c	Tue Oct 06 00:29:15 2009 -0400
@@ -2534,6 +2534,13 @@
 	ipaddr_t v4addr;
 
 	/*
+	 * It's possible that someone sent us an IPv4-in-IPv4 packet with the
+	 * IPv4 address of a 6to4 tunnel as the destination.
+	 */
+	if (inner6 == NULL)
+		return (B_FALSE);
+
+	/*
 	 * Make sure that the IPv6 destination is within the site that this
 	 * 6to4 tunnel is routing for.  We don't want people bouncing random
 	 * tunneled IPv6 packets through this 6to4 router.

--- a/usr/src/uts/common/io/dls/dls_mgmt.c	Mon Oct 05 19:17:50 2009 -0700
+++ b/usr/src/uts/common/io/dls/dls_mgmt.c	Tue Oct 06 00:29:15 2009 -0400
@@ -66,23 +66,15 @@
 
 #define	VLAN_HASHSZ	67	/* prime */
 
-
 /*
- * The following names are default tunnel interface names for backward
- * compatibility with Solaris 10 and prior.  Opening a /dev/net node with one
- * of these names causes a tunnel link to be implicitly created in
- * dls_devnet_hold_by_name().
+ * The following macros take a link name without the trailing PPA as input.
+ * Opening a /dev/net node with one of these names causes a tunnel link to be
+ * implicitly created in dls_devnet_hold_by_name() for backward compatibility
+ * with Solaris 10 and prior.
  */
-#define	IPTUN_IPV4_NAME	"ip.tun"
-#define	IPTUN_IPV6_NAME	"ip6.tun"
-#define	IPTUN_6TO4_NAME	"ip.6to4tun"
-
-#define	IS_IPV4_TUN(name)	(					\
-    strncmp((name), IPTUN_IPV4_NAME, strlen(IPTUN_IPV4_NAME)) == 0)
-#define	IS_IPV6_TUN(name)	(					\
-    strncmp((name), IPTUN_IPV6_NAME, strlen(IPTUN_IPV6_NAME)) == 0)
-#define	IS_6TO4_TUN(name)	(					\
-    strncmp((name), IPTUN_6TO4_NAME, strlen(IPTUN_6TO4_NAME)) == 0)
+#define	IS_IPV4_TUN(name)	(strcmp((name), "ip.tun") == 0)
+#define	IS_IPV6_TUN(name)	(strcmp((name), "ip6.tun") == 0)
+#define	IS_6TO4_TUN(name)	(strcmp((name), "ip.6to4tun") == 0)
 #define	IS_IPTUN_LINK(name)	(					\
     IS_IPV4_TUN(name) || IS_IPV6_TUN(name) || IS_6TO4_TUN(name))
 
@@ -117,7 +109,8 @@
 	taskqid_t	dd_prop_taskid;
 } dls_devnet_t;
 
-static int i_dls_devnet_create_iptun(const char *, datalink_id_t *);
+static int i_dls_devnet_create_iptun(const char *, const char *,
+    datalink_id_t *);
 static int i_dls_devnet_destroy_iptun(datalink_id_t);
 static int i_dls_devnet_setzid(dls_devnet_t *, zoneid_t, boolean_t);
 static int dls_devnet_unset(const char *, datalink_id_t *, boolean_t);
@@ -1144,8 +1137,11 @@
 	if (err != ENOENT)
 		return (err);
 
-	if (IS_IPTUN_LINK(link)) {
-		if ((err = i_dls_devnet_create_iptun(link, &linkid)) != 0)
+	if (ddi_parse(link, drv, &ppa) != DDI_SUCCESS)
+		return (ENOENT);
+
+	if (IS_IPTUN_LINK(drv)) {
+		if ((err = i_dls_devnet_create_iptun(link, drv, &linkid)) != 0)
 			return (err);
 		/*
 		 * At this point, an IP tunnel MAC has registered, which
@@ -1166,9 +1162,6 @@
 		return (0);
 	}
 
-	if (ddi_parse(link, drv, &ppa) != DDI_SUCCESS)
-		return (ENOENT);
-
 	/*
 	 * If this link:
 	 * (a) is a physical device, (b) this is the first boot, (c) the MAC
@@ -1727,7 +1720,8 @@
  * Implicitly create an IP tunnel link.
  */
 static int
-i_dls_devnet_create_iptun(const char *name, datalink_id_t *linkid)
+i_dls_devnet_create_iptun(const char *linkname, const char *drvname,
+    datalink_id_t *linkid)
 {
 	int		err;
 	iptun_kparams_t	ik;
@@ -1742,20 +1736,20 @@
 	if ((iptun_dip = ddi_hold_devi_by_instance(iptun_major, 0, 0)) == NULL)
 		return (EINVAL);
 
-	if (IS_IPV4_TUN(name)) {
+	if (IS_IPV4_TUN(drvname)) {
 		ik.iptun_kparam_type = IPTUN_TYPE_IPV4;
 		media = DL_IPV4;
-	} else if (IS_6TO4_TUN(name)) {
+	} else if (IS_6TO4_TUN(drvname)) {
 		ik.iptun_kparam_type = IPTUN_TYPE_6TO4;
 		media = DL_6TO4;
-	} else if (IS_IPV6_TUN(name)) {
+	} else if (IS_IPV6_TUN(drvname)) {
 		ik.iptun_kparam_type = IPTUN_TYPE_IPV6;
 		media = DL_IPV6;
 	}
 	ik.iptun_kparam_flags = (IPTUN_KPARAM_TYPE | IPTUN_KPARAM_IMPLICIT);
 
 	/* Obtain a datalink id for this tunnel. */
-	err = dls_mgmt_create((char *)name, 0, DATALINK_CLASS_IPTUN, media,
+	err = dls_mgmt_create((char *)linkname, 0, DATALINK_CLASS_IPTUN, media,
 	    B_FALSE, &ik.iptun_kparam_linkid);
 	if (err != 0) {
 		ddi_release_devi(iptun_dip);