Remove in_pcb_hdr.h

tcp: separate syn cache stuffs into tcp_syncache.[ch] files

No functional change.

Remove the network ATM code.

Fix build. pf_ioctl.c needs netinet/in_offload.h (after previous change).
Because this is in a module, apparently, that means that netinet_in_offload.h
needs to get installed in /usr/include, so do that as well.

Feel free to fix this in a better way...

branches: 1.28.12; 1.28.14;
add l2tp(4) L2TPv3 interface.

originally implemented by IIJ SEIL team.

branches: 1.27.2; 1.27.4;
Add core networking support for SCTP.

Add DCCP protocol support from KAME.

branches: 1.25.14;

install header files from IPF 5.1.2 (sys/external/bsd/ipf) instead of
older IPF (sys/dist/ipf).

This adds ipf_rb.h

branches: 1.24.2;
rename rfc6056 -> portalgo, requested by yamt

Back out the recent import of IPFilter 5.1.1 for the upcoming branch,
which will now have IPFilter 4.1.34. IPFilter 5.1.1 will be restored
post-branch.

ok: core, releng.

Patch to include ipf_rb.h missed from merge.

branches: 1.21.2; 1.21.6;
install the header.

Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.

branches: 1.19.14; 1.19.44; 1.19.50;
Work in progress: use a raw socket for GRE in IP encapsulation
instead of adding/subtracting our own IPv4 header.

There are many benefits: gre(4) needn't grok the outer encapsulation
header any longer, so this simplifies the gre(4) code. The IP
stack needn't grok GRE, so it is simplified, too. gre(4) will
benefit from optimizations in the socket code. Eventually, gre(4)
will gain an IPv6 encapsulation with very few new lines of code.

There is a small performance loss. A 133 MHz, 486-class AMD Elan
sinks/sources a TCP stream over GRE with about 93% the throughput
of the old code. TCP throughput on a 266 MHz, 586-class AMD Geode
is about 96% the throughput of the old code. A 175-MHz ADM5120
(MIPS) only sinks a TCP stream over GRE at about 90% of the old
code; I am still investigating that.

I produced stripped-down versions of sosend() and soreceive() for
gre(4) to use. They are guaranteed not to block, so they can be
called from a software interrupt and from a socket upcall,
respectively.

A kernel thread is no longer necessary for socket transmit/receive,
but I didn't get around to removing it, yet.

Thanks to Matt Thomas for suggesting the use of stripped-down socket
code and software interrupts, and to Andrew Doran for advice and
answers concerning software interrupts, threads, and performance.

branches: 1.18.6; 1.18.8; 1.18.10;
Remove obsolete files netinet/in_route.[ch].

branches: 1.17.2; 1.17.6; 1.17.8;
Here are various changes designed to protect against bad IPv4
routing caused by stale route caches (struct route). Route caches
are sprinkled throughout PCBs, the IP fast-forwarding table, and
IP tunnel interfaces (gre, gif, stf).

Stale IPv6 and ISO route caches will be treated by separate patches.

Thank you to Christoph Badura for suggesting the general approach
to invalidating route caches that I take here.

Here are the details:

Add hooks to struct domain for tracking and for invalidating each
domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.

Introduce helper subroutines, rtflush(ro) for invalidating a route
cache, rtflushall(family) for invalidating all route caches in a
routing domain, and rtcache(ro) for notifying the domain of a new
cached route.

Chain together all IPv4 route caches where ro_rt != NULL. Provide
in_rtcache() for adding a route to the chain. Provide in_rtflush()
and in_rtflushall() for invalidating IPv4 route caches. In
in_rtflush(), set ro_rt to NULL, and remove the route from the
chain. In in_rtflushall(), walk the chain and remove every route
cache.

In rtrequest1(), call rtflushall() to invalidate route caches when
a route is added.

In gif(4), discard the workaround for stale caches that involves
expiring them every so often.

Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a
call to rtflush(ro).

Update ipflow_fastforward() and all other users of route caches so
that they expect a cached route, ro->ro_rt, to turn to NULL.

Take care when moving a 'struct route' to rtflush() the source and
to rtcache() the destination.

In domain initializers, use .dom_xxx tags.

KNF here and there.

Add a source-address selection policy mechanism to the kernel.

Also, add ioctls SIOCGIFADDRPREF/SIOCSIFADDRPREF to get/set preference
numbers for addresses. Make ifconfig(8) set/display preference
numbers.

To activate source-address selection policies in your kernel, add
'options IPSELSRC' to your kernel configuration.

Miscellaneous changes in support of source-address selection:

1 Factor out some common code, producing rt_replace_ifa().

2 Abbreviate a for-loop with TAILQ_FOREACH().

3 Add the predicates on IPv4 addresses IN_LINKLOCAL() and
IN_PRIVATE(), that are true for link-local unicast
(169.254/16) and RFC1918 private addresses, respectively.
Add the predicate IN_ANY_LOCAL() that is true for link-local
unicast and multicast.

4 Add IPv4-specific interface attach/detach routines,
in_domifattach and in_domifdetach, which build #ifdef
IPSELSRC.

See in_getifa(9) for a more thorough description of source-address
selection policy.

branches: 1.15.8; 1.15.10;
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD

'pseudo-device carp'

Thanks to: joerg@ christos@ riz@ and others who tested
Ok: core@

branches: 1.14.4; 1.14.6; 1.14.8; 1.14.12;
merge ktrace-lwp.

Move ipl.h into the ipfilter block, which is the right place.

branches: 1.12.2;
Install netinet/ipl.h (bin/30095)

branches: 1.11.2;
Add MKIPFILTER; if set to no, don't build and install the ipf(4) programs,
headers and LKM.

Add MKPF; if set to no, don't build and install the pf(4) programs,
headers, LKM and spamd.

Both options default to yes, so nothing changed in the default build.

Reviewed by lukem.

branches: 1.10.4; 1.10.6;
move ipf headers and add a comment.

Move ipf to sys/dist/ipf; Note that I followed the pattern used for pf.
I think though that the files.ipfilter and Makefile glue should go to
the dist directory, not like it is done now.

IPv4 PIM support, based on a submission from Pavlin Radoslavov posted on
tech-net@

Upgraded IPFilter to 4.1.3

branches: 1.6.2;
Sync with official IPFilter

revamp inpcb/in6pcb so that they are more aligned with each other.
in6pcb lookup now uses hash(9).

branches: 1.4.6;
Remove KDIR=, since SYS_INCLUDE=symlinks and KDIR are not supported any more.

branches: 1.3.6;
add net/if_stf.h and netinet/ip_encap.h (almost noone will include them though)

branches: 1.2.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

branches: 1.1.10; 1.1.12;
Rework the way kernel include files are installed. In the new method,
as with user-land programs, include files are installed by each directory
in the tree that has includes to install. (This allows more flexibility
as to what gets installed, makes 'partial installs' easier, and gives us
more options as to which machines' includes get installed at any given
time.) The old SYS_INCLUDES={symlinks,copies} behaviours are _both_
still supported, though at least one bug in the 'symlinks' case is
fixed by this change. Include files can't be build before installation,
so directories that have includes as targets (e.g. dev/pci) have to move
those targets into a different Makefile.

s/creting/creating/

branches: 1.2.2; 1.2.4; 1.2.6; 1.2.18;
Change copyright statement to NetBSD 2-clause with correct attribution.

Add accept filters, ported from FreeBSD by Coyote Point Systems. Add inetd
support for specifying an accept filter for a service (mostly as a usage
example, but it can be handy for other things). Manual pages to follow
in a day or so.

OK core@.

KNF. Remove extra spaces. No functional change.

include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.

branches: 1.6.22; 1.6.40;
Add a direction argument to socket upcalls, so they can tell why they've
been called when, for example, they're waiting for space to write. From
Ritesh Agrawal at Coyote Point.

branches: 1.5.6;
Oops, make these build.

Rename the accept filter modules to make module name match filter name.

Remove LKMs and switch to the module framework, pass 1.

Proposed on tech-kern@.

branches: 1.2.2; 1.2.4;
Use designated initializers for struct accept_filter.

branches: 1.1.2; 1.1.4;
Add accept filters, ported from FreeBSD by Coyote Point Systems. Add inetd
support for specifying an accept filter for a service (mostly as a usage
example, but it can be handy for other things). Manual pages to follow
in a day or so.

OK core@.

Use the module subsystem's ability to process SYSCTL_SETUP() entries to
automate installation of sysctl nodes.

Note that there are still a number of device and pseudo-device modules
that create entries tied to individual device units, rather than to the
module itself. These are not changed.

branches: 1.9.18;
include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.

branches: 1.8.6;
Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before
the sysctl link sets are processed, and remove redundancy.

Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicate
lines of code.

branches: 1.7.12; 1.7.22; 1.7.26;
Add a direction argument to socket upcalls, so they can tell why they've
been called when, for example, they're waiting for space to write. From
Ritesh Agrawal at Coyote Point.

branches: 1.6.6;
Fix indentation.

Oops, make these build.

Rename the accept filter modules to make module name match filter name.

Remove LKMs and switch to the module framework, pass 1.

Proposed on tech-kern@.

branches: 1.2.2; 1.2.4;
Use designated initializers for struct accept_filter.

branches: 1.1.2; 1.1.4;
Add accept filters, ported from FreeBSD by Coyote Point Systems. Add inetd
support for specifying an accept filter for a service (mostly as a usage
example, but it can be handy for other things). Manual pages to follow
in a day or so.

OK core@.

No need to update mlen also in the case of (mlen & 16) != 0.

branches: 1.1.2; 1.1.4; 1.1.12; 1.1.102; 1.1.104;
Refactor in_cksum/in4_cksum/in6_cksum implementations:
- All three functions are included in the kernel by default.
They call a backend function cpu_in_cksum after possibly
computing the checksum of the pseudo header.
- cpu_in_cksum is the core to implement the one-complement sum.
The default implementation is moderate fast on most platforms
and provides a 32bit accumulator with 16bit addends for L32 platforms
and a 64bit accumulator with 32bit addends for L64 platforms.
It handles edge cases like very large mbuf chains (could happen with
native IPv6 in the future) and provides a good base for new native
implementations.
- Modify i386 and amd64 assembly to use the new interface.

This disables the MD implementations on !x86 until the conversion is
done. For Alpha, the portable version is faster.

branches: 1.1.2; 1.1.18;
Add DCCP protocol support from KAME.

branches: 1.3.16;
Sweep unnecessary route.h inclusions

sprinkle _KERNEL_OPT

branches: 1.1.2;
Add DCCP protocol support from KAME.

branches: 1.1.2; 1.1.18;
Add DCCP protocol support from KAME.

fix various small typos, mainly in comments.

Fix typo (s/recevie/receive/).

branches: 1.3.16; 1.3.20;
Sweep unnecessary route.h inclusions

sprinkle _KERNEL_OPT

branches: 1.1.2;
Add DCCP protocol support from KAME.

Fix typo (s/recevie/receive/).

branches: 1.2.16; 1.2.20;
KNF. Remove extra spaces. No functional change.

branches: 1.1.2;
Add DCCP protocol support from KAME.

s/unitialized/uninitialized/

avoid uninitialised variable use.

found by GCC 12.

fix indentation issues.

found by GCC 12.

branches: 1.9.4;
s/occured/occurred/ in comments, log messages and man pages.

s/receieve/receive/

s/aquire/acquire/ in comments, also one typo fix acqure->acquire.

s/inital/initial/

Fix typo (s/recevie/receive/).

branches: 1.4.16; 1.4.20;
KNF. Remove extra spaces. No functional change.

Sweep unnecessary route.h inclusions

sprinkle _KERNEL_OPT

branches: 1.1.2;
Add DCCP protocol support from KAME.

Fix typo (s/recevie/receive/).

branches: 1.2.16; 1.2.20;
KNF. Remove extra spaces. No functional change.

branches: 1.1.2;
Add DCCP protocol support from KAME.

branches: 1.1.2; 1.1.18;
Add DCCP protocol support from KAME.

sys: Drop redundant NULL check before m_freem(9)

m_freem(9) safely has accepted NULL argument at least since 4.2BSD:
https://www.tuhs.org/cgi-bin/utree.pl?file=4.2BSD/usr/src/sys/sys/uipc_mbuf.c

Compile-tested on amd64/ALL.

Suggested by knakahara@

branches: 1.26.8;
inpcb: rename functions to in6pcb_*

inpcb: rename functions to inpcb_*

Inspired by rmind-smpnet patches.

Adjust dccp and sctp for struct inpcb separation

Adjust pf, wg, dccp and sctp for struct inpcb integration

fix typos in comments and log messages, mainly in establish(ed).

sbspace() does not return negative values anymore and that broke OOB data
sending. Instead of depending on negative values, account for the 1024
bytes sosend() adds so that it can use all the space here in a separate
function sbspace_oob(). Idea from mlelstv@

Use non-variadic function pointer in protosw::pr_input.

branches: 1.19.2;
IP6_EXTHDR_GET -> M_REGION_GET, no functional change.

Remove m_copy completely.

branches: 1.17.2;
Typos.

branches: 1.16.8;
Change bzero -> memset, bcopy -> memcpy.

Change SPL around call to in_pcbbind().

Remove some foreign conditional code, NFC intended.

branches: 1.13.4;
Pass inpcb/in6pcb instead of socket to ip_output/ip6_output

- Passing a socket to Layer 3 is layer violation and even unnecessary
- The change makes codes of callers and IPsec a bit simple

ip6_sprintf -> IN6_PRINT so that we pass the size.

Make ip6_sprintf(), in_fmtaddr(), lla_snprintf() and icmp6_redirect_diag() mpsafe.

Reviewed by ozaki-r@

branches: 1.10.2;
Remove unnecessary inclusions of nd6.h

branches: 1.9.2;
KNF. Remove extra spaces. No functional change.

Introduce m_set_rcvif and m_reset_rcvif

The API is used to set (or reset) a received interface of a mbuf.
They are counterpart of m_get_rcvif, which will come in another
commit, hide internal of rcvif operation, and reduce the diff of
the upcoming change.

No functional change.

sprinkle _KERNEL_OPT

make connect syscall use sockaddr_big and modify pr_{send,connect}
nam parameter type from buf * to sockaddr *.

final commit for parameter type changes to protocol user requests

* bump kernel version to 7.99.15 for parameter type changes to pr_{send,connect}

Introduce in6_selecthlim_rt to consolidate an idiom for rt->rt_ifp

It consolidates a scattered routine:
(rt = rtcache_validate(&in6p->in6p_route)) != NULL ? rt->rt_ifp : NULL

remove pr_generic from struct pr_usrreqs and all implementations of
pr_generic in protocols.

bump to 7.99.13

approved by rmind@

make accept, getsockname and getpeername syscalls use sockaddr_big and modify
pr_{accept,sockname,peername} nam parameter type from mbuf * to sockaddr *.

* retained use of mbuftypes[MT_SONAME] for now.
* bump to netbsd version 7.99.12 for parameter type change.

patch posted to tech-net@ 2015/04/19

branches: 1.2.2;
* update dccp_bind for struct mbuf * to struct sockaddr * parameter change
* pass NULL instead of casting 0 to a pointer when calling in_pcbbind()

Add DCCP protocol support from KAME.

Adjust pf, wg, dccp and sctp for struct inpcb integration

fix various typos, mainly s/prefered/preferred/

Use non-variadic function pointer in protosw::pr_input.

- Cleanup for dynamic sysctl:
- Remove unused *_NAMES macros for sysctl.
- Remove unused *_MAXID for sysctls.
- Move CTL_MACHDEP sysctl definitions for m68k into m68k/include/cpu.h and
use them on all m68k machines.

branches: 1.3.16; 1.3.18; 1.3.20;
KNF. Remove extra spaces. No functional change.

make connect syscall use sockaddr_big and modify pr_{send,connect}
nam parameter type from buf * to sockaddr *.

final commit for parameter type changes to protocol user requests

* bump kernel version to 7.99.15 for parameter type changes to pr_{send,connect}

branches: 1.1.2;
Add DCCP protocol support from KAME.

Move ipf to sys/dist/ipf; Note that I followed the pattern used for pf.
I think though that the files.ipfilter and Makefile glue should go to
the dist directory, not like it is done now.

Do not allow packets flagged with "out-of-window" (oow) to match "keep state"
rules and try to prevent such rules ("keep state with oow") from being loaded
into the kernel.

Pr: kern/26581

Don't try and add a state session if the packet has already been checked
and marked as out of window - trying to do the add will result in a failure
and the packet being blocked, incorrectly.

Committed By: darrenr
Tested By: smb

fix m_pulldown() usage, it's different from m_pullup().
fixes PRs 26666 and 26701.

Upgraded IPFilter to 4.1.3

Correct two errors in fr_check():
1.) Make sure that "pass" is always initialized.
2.) Make sure the code doesn't use a stale mbuf pointer after fr_makefrip()
has been called. This fixes PR kern/25868.

Analyzed and reviewed by Steve Woodford.

PR/25622: IPV6 return RST and through cloned interfaces was broken.
- checksum was computed incorrectly.
- ipv6 packet was not initialized properly.
- fixed code to be more similar to the v4 counterpart.

PR/24969: Arto Selonen: /usr/sbin/ipfs from ipfilter 4.1.1 does not work
patch applied.

Fix to update all references to mbuf. Fixes case where mbuf is freed twice.

A few more ioctl vs. copyin changes, spotted by Bill Studenmund.

branches: 1.61.2;
Sync with official IPFilter

Upgraded IPFilter to 4.1.1

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.58.6;
Resync with official IPF

Upgraded IPFilter to 3.4.29

whitespace

branches: 1.55.2; 1.55.4;
Fix compilation problems

Upgraded IPFilter to 3.4.27

Upgraded IPFilter to 3.4.25

Re-sync with IPFilter

Upgraded IPFilter to 3.4.23

don't need <sys/types.h> when including <sys/param.h>

add RCSIDs

Convert netinet to not use the internal <sys/queue.h> field names
but instead the access macros. Use the FOREACH macros where appropriate.

branches: 1.47.2; 1.47.6;
Implement support for IP/TCP/UDP checksum offloading provided by
network interfaces. This works by pre-computing the pseudo-header
checksum and caching it, delaying the actual checksum to ip_output()
if the hardware cannot perform the sum for us. In-bound checksums
can either be fully-checked by hardware, or summed up for final
verification by software. This method was modeled after how this
is done in FreeBSD, although the code is significantly different in
most places.

We don't delay checksums for IPv6/TCP, but we do take advantage of the
cached pseudo-header checksum.

Note: hardware-assisted checksumming defaults to "off". It is
enabled with ifconfig(8). See the manual page for details.

Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet,
3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.

Resolve conflicts.

branches: 1.45.2;
expose the definitions of MIN() and MAX() in sys/param.h to the kernel
and use those in favor of a dozen copies scattered around the source tree.

constify

Due to a quirk (err, bug?) in IP Filter (mbuf freed without setting *mp
to NULL), the NULL check is insufficient. Also make sure fr_check()
returned 0.

Oops, the mbuf may have been freed -- do a NULL check in the wrapper.

Restructure the PFIL_HOOKS mechanism a bit:
- All packets are passed to PFIL_HOOKS as they come off the wire, i.e.
fields in protocol headers in network order, etc.
- Allow for multiple hooks to be registered, using a "key" and a "dlt".
The "dlt" is a BPF data link type, indicating what type of header is
present.
- INET and INET6 register with key == AF_INET or AF_INET6, and
dlt == DLT_RAW.
- PFIL_HOOKS now take an argument for the filter hook, and mbuf **,
an ifnet *, and a direction (PFIL_IN or PFIL_OUT), thus making them
less IP (really, IP Filter) centric.

Maintain compatibility with IP Filter by adding wrapper functions for
IP Filter.

ipfilter currently supports IPv4 only. do not try to touch non-IPv4
packets. PR 11082.

This is a short-term workaround. whenever new ipfilter comes out with
proper non-IPv4 support, we should migrate to the new ipfilter.

Put # endif directive after the right (i.e., matching) close brace
to prevent compilation error.

Protect a IPLLOG with ifdef IPFILTER_LOG. Patch from Darren Reed.

Resolve conflicts.

branches: 1.36.2;
Resolve conflicts.

branches: 1.35.2;
Resolve conflicts.

Resolve conflicts.

Resolve conflicts and fix a compile error in ip_ftp_pxy.c.

correct out-of-bound access when hlen == 1 and opt > 1.
reviewed by darren, darren committed to freebsd fil.c (1.12 -> 1.13)
so it should be correct enough.

Resolve conflicts.

Remove register declarations.

Resolve conflicts.

Resolve conflicts and small fixes.

branches: 1.27.2; 1.27.6; 1.27.8; 1.27.14;
Remove SCCS markers and make these compile in $NetBSD$ IDs.

Fix problems with fr_tcpsum() that prevented the FTP proxy from working.

add a patch from darren reed, to make ipfilter use our cksum routine.

merge ipf 3.2.10

Resolve conflicts from the import.

Another demonstration that when you're converting variables from 'long's
to fixed 32-bit integers, you have to exercise care.

Resolve conflicts from the import of IPFilter 3.2.7.

Resolve conflicts

If packets are passed through IP Filter at all, don't allow fast-forward
flow entries to be created for them.

Eventually, IP Filter should be extended to allow IP src/dst pairs to
be specified as "fast forward OK".

fix checksum problems (from marc boucher via darren reed).

merge ip-filter 3.2.1

sigh. merge ipfilter 3.2 onto the trunk. merge to the branch was a mistake.

branches: 1.15.2;
Resolve conflicts from the merge of ipf 3.2beta5.

branches: 1.14.2;
put back IPFILTER_DEFAULT_BLOCK, as documented in options(4).

Restore original RCS IDs.

Fix a bug caught by gcc: add parenthesis to properly group a test.

fix conflicts from import

make it "options IPFILTER_DEFAULT_BLOCK".

Resolve conflicts from merge of 3.2a7, take 2. Also, eliminate some
silly differences between the NetBSD copy of the code and the
vendor branch, keeping only those which are necessary. Of those
differences that currently exist, several "portability to NetBSD"
issues, which will be fed back to the ipfilter author.

Make this compile on 32-bit architectures again:
- garbage-collect unused variables, or #ifdef them as appropriate.

fix conflicts

use IPLLOG instead of ipllog to easily mask parameters, fix up prototype
problems for compiling to user programs.

Resolve conflicts from merge.

XXX !!! XXX !!!
I noticed a few semi-serious bugs while doing this merge, one of which
has existed for a fairly long time. Some of them are addressed in this
commit (because they caused the kernel to not compile), and are annoted
by "XXX" and "--thorpej". The other one will be addressed shortly in
a future commit, and, as far as I can tell, affects all operating systems
which IP Filter supports.

Don't include ipfilter.h if building an LKM.

pseudo-device ipfilter brings in PFIL_HOOKS.

branches: 1.2.4;
Add $NetBSD$ id's and restore the orginal Id's.

branches: 1.1.1;
initial import of darren reed's ip-filter, version 3.1.2.

Build ip_sync.c with -Wno-error to avoid failing due to excessive stack
usage.

branches: 1.15.52;
move back to 5.1.1 in the new place

Back out the recent import of IPFilter 5.1.1 for the upcoming branch,
which will now have IPFilter 4.1.34. IPFilter 5.1.1 will be restored
post-branch.

ok: core, releng.

New files required to build ipfilter into the kernel

branches: 1.12.8; 1.12.12;
Defopt the rest of the Ipfilter options and tunables.
Per discussion with darrenr@ a year ago.

fix spelling mistake: netient -> netinet

add IPFILTER_COMPAT to kernel config options recognised for IPFilter

branches: 1.9.2; 1.9.4;
ipfilter depends on bpf_filter, not bpfilter (since the year 2000).

branches: 1.8.54;
defflag IPFILTER_LOOKUP.

branches: 1.7.20;
merge ktrace-lwp.

branches: 1.6.2;
defopt IPFILTER_DEFAULT_BLOCK

branches: 1.5.4;
Move ipf to sys/dist/ipf; Note that I followed the pattern used for pf.
I think though that the files.ipfilter and Makefile glue should go to
the dist directory, not like it is done now.

Upgraded IPFilter to 4.1.3

branches: 1.3.2;
Sync with official IPFilter

branches: 1.2.2; 1.2.8;
Add missing "needs-flag".

Move netinet, netinet6, ipsec, and ipfilter config defns to
netinet/files.ipfilter, etinet/files.netinet, netinet6/files.netinet6,
and netinet6/files.netipsec.

XXX There are still a few stragglers in conf/files, which are entangled
with other network protocols.

tcp: separate syn cache stuffs into tcp_syncache.[ch] files

No functional change.

remove now unused pseudo-random ip id code.

branches: 1.28.16;
Remove TCP_COMPAT_42.

Add core networking support for SCTP.

Add DCCP protocol support from KAME.

add routines to print in_addr and sockaddr_in (in_print and sin_print)

branches: 1.24.2; 1.24.16;
rename rfc6056 -> portalgo, requested by yamt

branches: 1.23.2;
Add inet4 part of the rfc6056 code contributed by Vlad Balan as part of
Google SoC-2011

Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.

branches: 1.21.2;
Split-off IPv4 re-assembly mechanism into a separate module. Abstract
into ip_reass_init(), ip_reass_lookup(), etc (note: abstraction is not
yet complete). No functional changes to the actual mechanism.

OK matt@

branches: 1.20.10; 1.20.30; 1.20.32;
Refactor in_cksum/in4_cksum/in6_cksum implementations:
- All three functions are included in the kernel by default.
They call a backend function cpu_in_cksum after possibly
computing the checksum of the pseudo header.
- cpu_in_cksum is the core to implement the one-complement sum.
The default implementation is moderate fast on most platforms
and provides a 32bit accumulator with 16bit addends for L32 platforms
and a 64bit accumulator with 32bit addends for L64 platforms.
It handles edge cases like very large mbuf chains (could happen with
native IPv6 in the future) and provides a good base for new native
implementations.
- Modify i386 and amd64 assembly to use the new interface.

This disables the MD implementations on !x86 until the conversion is
done. For Alpha, the portable version is faster.

branches: 1.19.8; 1.19.14;
Remove obsolete files netinet/in_route.[ch].

Remove unused option.

branches: 1.17.2; 1.17.6; 1.17.8;
Here are various changes designed to protect against bad IPv4
routing caused by stale route caches (struct route). Route caches
are sprinkled throughout PCBs, the IP fast-forwarding table, and
IP tunnel interfaces (gre, gif, stf).

Stale IPv6 and ISO route caches will be treated by separate patches.

Thank you to Christoph Badura for suggesting the general approach
to invalidating route caches that I take here.

Here are the details:

Add hooks to struct domain for tracking and for invalidating each
domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.

Introduce helper subroutines, rtflush(ro) for invalidating a route
cache, rtflushall(family) for invalidating all route caches in a
routing domain, and rtcache(ro) for notifying the domain of a new
cached route.

Chain together all IPv4 route caches where ro_rt != NULL. Provide
in_rtcache() for adding a route to the chain. Provide in_rtflush()
and in_rtflushall() for invalidating IPv4 route caches. In
in_rtflush(), set ro_rt to NULL, and remove the route from the
chain. In in_rtflushall(), walk the chain and remove every route
cache.

In rtrequest1(), call rtflushall() to invalidate route caches when
a route is added.

In gif(4), discard the workaround for stale caches that involves
expiring them every so often.

Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a
call to rtflush(ro).

Update ipflow_fastforward() and all other users of route caches so
that they expect a cached route, ro->ro_rt, to turn to NULL.

Take care when moving a 'struct route' to rtflush() the source and
to rtcache() the destination.

In domain initializers, use .dom_xxx tags.

KNF here and there.

move tso-by-software code to their own files. no functional changes.

Backout accidental commit which broke kernel builds.

New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld.
Notable changes:
* Fixes PR 34268.
* Separates the code from gif(4) (which is more cleaner).
* Allows the usage of STP (Spanning Tree Protocol).
* Removed EtherIP implementation from gif(4)/tap(4).

Some input from Christos.

Add a source-address selection policy mechanism to the kernel.

Also, add ioctls SIOCGIFADDRPREF/SIOCSIFADDRPREF to get/set preference
numbers for addresses. Make ifconfig(8) set/display preference
numbers.

To activate source-address selection policies in your kernel, add
'options IPSELSRC' to your kernel configuration.

Miscellaneous changes in support of source-address selection:

1 Factor out some common code, producing rt_replace_ifa().

2 Abbreviate a for-loop with TAILQ_FOREACH().

3 Add the predicates on IPv4 addresses IN_LINKLOCAL() and
IN_PRIVATE(), that are true for link-local unicast
(169.254/16) and RFC1918 private addresses, respectively.
Add the predicate IN_ANY_LOCAL() that is true for link-local
unicast and multicast.

4 Add IPv4-specific interface attach/detach routines,
in_domifattach and in_domifdetach, which build #ifdef
IPSELSRC.

See in_getifa(9) for a more thorough description of source-address
selection policy.

Modular (I tried ;-) TCP congestion control API. Whenever certain conditions
happen in the TCP stack, this interface calls the specified callback to
handle the situation according to the currently selected congestion
control algorithm.
A new sysctl node was created: net.inet.tcp.congctl.{available,selected}
with obvious meanings.
The old net.inet.tcp.newreno MIB was removed.
The API is discussed in tcp_congctl(9).

In the near future, it will be possible to selected a congestion control
algorithm on a per-socket basis.

Discussed on tech-net and reviewed by <yamt>.

branches: 1.11.20; 1.11.22;
merge ktrace-lwp.

branches: 1.10.4;
Commit TCP SACK patches from Kentaro A. Karahone's patch at:
http://www.sigusr1.org/~kurahone/tcp-sack-netbsd-02152005.diff.gz

Fixes in that patch for pre-existing TCP pcb initializations were already
committed to NetBSD-current, so are not included in this commit.

The SACK patch has been observed to correctly negotiate and respond,
to SACKs in wide-area traffic.

There are two indepenently-observed, as-yet-unresolved anomalies:
First, seeing unexplained delays between in fast retransmission
(potentially explainable by an 0.2sec RTT between adjacent
ethernet/wifi NICs); and second, peculiar and unepxlained TCP
retransmits observed over an ath0 card.

After discussion with several interested developers, I'm committing
this now, as-is, for more eyes to use and look over. Current hypothesis
is that the anomalies above may in fact be due to link/level (hardware,
driver, HAL, firmware) abberations in the test setup, affecting both
Kentaro's wired-Ethernet NIC and in my two (different) WiFi NICs.

branches: 1.9.2; 1.9.4;
compile tcp_debug.c only if the TCP_DEBUG option is set,
and remove the "#ifdef TCP_DEBUG" around everything

IPv4 PIM support, based on a submission from Pavlin Radoslavov posted on
tech-net@

defflag TCP_OUTPUT_COUNTERS and TCP_REASS_COUNTERS

Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.

This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).


NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.

In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:

sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15

Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.

always compile ip_id.c

define RANDOM_IP_ID by default (unifdef -DRANDOM_IP_ID).
one use remains in sys/netipsec, which is kept for freebsd source code compat.

Revert the (default) ip_id algorithm to the pre-randomid algorithm,
due to demonstrated low-period repeated IDs from the randomized IP_id
code. Consensus is that the low-period repetition (much less than
2^15) is not suitable for general-purpose use.

Allocators of new IPv4 IDs should now call the function ip_newid().
Randomized IP_ids is now a config-time option, "options RANDOM_IP_ID".
ip_newid() can use ip_random-id()_IP_ID if and only if configured
with RANDOM_IP_ID. A sysctl knob should be provided.

This API may be reworked in the near future to support linear ip_id
counters per (src,dst) IP-address pair.

randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability
of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.

branches: 1.1.2; 1.1.8;
Move netinet, netinet6, ipsec, and ipfilter config defns to
netinet/files.ipfilter, etinet/files.netinet, netinet6/files.netinet6,
and netinet6/files.netipsec.

XXX There are still a few stragglers in conf/files, which are entangled
with other network protocols.

netinet/icmp6.h: Nix trailing whitespace.

No functional change intended.

netinet/icmp6.h: Need sys/types.h and netinet/in.h.

- sys/types.h for u_intN_t
- netinet/in.h for struct in6_addr

branches: 1.59.10;
Add sysctl entry to control to send routing message for RTM_DYNAMIC.

Some routing daemons require such routing message to keep coherency.

If we want to let kernel send such message, set net.inet.icmp.dynamic_rt_msg=1
for IPv4, net.inet6.icmp6.dynamic_rt_msg=1 for IPv6.
Default(=0) is the same as before, that is, not send such routing message.

Add sysctl entry to enable/disable to use path MTU discovery for icmpv6 reflecting.

If we want to use path MTU discovery for icmp reflecting set
net.inet6.icmp6.reflect_pmtu=1. Default(=0) is the same as before, that is,
use IPV6_MINMTU.

icmp6: Remove __packed attribute from icmp6 structures

They should naturally align.
Add compile time assertations to icmp6.c to prove this.

icmp6.h: #define ND_RA_FLAG_PROXY

RFC 4389, experimental. Maybe someone will implement it one day.

icmp6.h: #define ND_OPT_PI_FLAG_ROUTER

We already define ND_RA_FLAG_HOME_AGENT and that kind of requires
ND_OPT_PI_FLAG_ROUTER.

Remove in-kernel handling of Router Advertisements

This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html

Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.

Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.

Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).

route: RTM_MISS now puts the message source address in RTA_AUTHOR

route(8) also reports this.
A userland app could use this to blacklist nodes who probe for machines
that doesn't exist on a subnet / prefix.

- Cleanup for dynamic sysctl:
- Remove unused *_NAMES macros for sysctl.
- Remove unused *_MAXID for sysctls.
- Move CTL_MACHDEP sysctl definitions for m68k into m68k/include/cpu.h and
use them on all m68k machines.

branches: 1.51.2;
Add code 3 of paramprob, part of RFC7112: "IPv6 First Fragment has
incomplete IPv6 Header Chain". Handle this code in ping6.

nd6: add a nonce to DaD probes in-case they are looped back to us

This implements RFC 7527, based a similar change in FreeBSD.

branches: 1.49.2;
Style, localify, remove XXX when there's no issue, and switch 'extra'
to int.

Remove unnecessary forward struct declarations

branches: 1.47.8; 1.47.12;
Add MLD_LISTENER_REDUCTION per RFC 3542. Requested by Lorenzo Colitti.

branches: 1.46.2; 1.46.4;
<grmbl>whitespace</grmbl>

this commit contains two sets of unrelated changes:
"while I was here" I checked other KAME implementations for their icmp6.h
version, and thus:
- added a define for MLDV2_LISTENER_REPORT from FreeBSD
- added defines for the missing ICMP6_DST_UNREACH codes

then on to what I actually wanted to do:
- adds strings for the types and codes (encapsulated by ICMP6_STRINGS)
for the use of npfctl and other tools that might want to parse
human-friendly names instead of the corresponding number for ipv6-icmp
types and codes.
The strings are ordered such that their index is (as far as is practical)
the number belonging to the name, which is why there are
icmp6_type_err (use directly) and icmp6_type_info (add 128)

branches: 1.44.2;
Add RDNSS and DNSSL support, RFC6106.
Replace custom lists with TAILQ lists.
Clean up plently of signed vs unsigned warnings and set WARNS=4.

Adapted from FreeBSD.

branches: 1.43.4;
Move RTF_ANNOUNCE flag so that it no longer conflicts with RTF_PROTO2.

RTF_ANNOUNCE was defined as RTF_PROTO2. The flag is used to indicated
that host should act as a proxy for a link level arp or ndp request.
(If RTF_PROTO2 is used as an experimental flag (as advertised),
various problems can occur.)

This commit provides a first-class definition with its own bit for
RTF_ANNOUNCE, removes the old aliasing definitions, and adds support
for the new RTF_ANNOUNCE flag to netstat(8) and route(8).,

Also, remove unused RTF_ flags that collide with RTF_PROTO1:
netinet/icmp6.h defined RTF_PROBEMTU as RTF_PROTO1
netinet/if_inarp.h defined RTF_USETRAILERS as RTF_PROTO1
(Neither of these flags are used anywhere. Both have been removed
to reduce chances of collision with RTF_PROTO1.)

Figuring this out and the diff are the work of Beverly Schwartz of
BBN.

(Passed release build, boot in VM, with no apparently related atf
failures.)

Approved for Public Release, Distribution Unlimited
This material is based upon work supported by the Defense Advanced
Research Projects Agency and Space and Naval Warfare Systems Center,
Pacific, under Contract No. N66001-09-C-2073.

branches: 1.42.4;
RA flood mitigation via a limit on accepted routes:
- introduce a limit for the routes accepted via IPv6 Router Advertisement:
a common 2 interface client will have 6, the default limit is 100 and
can be adjusted via sysctl
- report the current number of routes installed via RA via sysctl
- count discarded route additions. Note that one RA message is two routes.
This is at present only across all interfaces even though per-interface
would be more useful, since the per-interface structure complies to RFC2466
- bump kernel version due to the previous change
- adjust netstat to use the new value (with netstat -p icmp6)

update (unused) ND option identifiers and corresponding comments

branches: 1.40.4; 1.40.6;
add enough info to let rtadvd compile with route-info.

Add IANA allocation and header for RFC 5006 (RA RDNSS) IPv6 Router
Advertisement option.

branches: 1.38.4; 1.38.6; 1.38.8; 1.38.10;
Make ip6 and icmp6 stats per-cpu.

Change ICMP6 stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old icmp6stat structure; old netstat
binaries will continue to work properly.

branches: 1.36.2; 1.36.6;
Convert many of the uses of __attribute__ to equivalent
__packed, __unused and __dead macros from cdefs.h

branches: 1.35.36; 1.35.42; 1.35.46; 1.35.50;
'advertisment' -> 'advertisement', from leonardo chiquitto filho
via jmc@openbsd.

branches: 1.34.2;
NDP-related improvements:
RFC4191
- supports host-side router-preference

RFC3542
- if DAD fails on a interface, disables IPv6 operation on the
interface
- don't advertise MLD report before DAD finishes

Others
- fixes integer overflow for valid and preferred lifetimes
- improves timer granularity for MLD, using callout-timer.
- reflects rtadvd's IPv6 host variable information into kernel
(router only)
- adds a sysctl option to enable/disable pMTUd for multicast
packets
- performs NUD on PPP/GRE interface by default
- Redirect works regardless of ip6_accept_rtadv
- removes RFC1885-related code

From the KAME project via SUZUKI Shinsuke.
Reviewed by core.

branches: 1.33.2; 1.33.4; 1.33.6;
Better support of IPv6 scoped addresses.

- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.

This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.

From the KAME project via JINMEI Tatuya.
Approved by core@.

branches: 1.32.2;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.

branches: 1.31.2;
remove stupid hand-rolled loop and kernel conditional.

no space between function name and paren: foo (blah) -> foo(blah)

De __P()

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.27.2;
separate RFC2292 decls for MLD; sync w/ kame

- sync up MLD declaration with RFC3542 (s/MLD6/MLD/)
- routing header declaration with RFC3542
(note: sizeof(ip6_rthdr0) has changed!)
also, sync up with RFC2460 routing header definition (no "strict" source
routing mode any more)

part of advanced API update (RFC2292 -> 3542).

/*CONTCOND*/ while (0)'ed macros

whitespace

sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.

move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame

branches: 1.21.8;
have packed attribute to protocol structs. sync with kame

correct timing to increment icmp6 MIB variables. sync with kame

branches: 1.19.2; 1.19.4;
during ip6/icmp6 inbound packet processing, do not call log() nor printf() in
normal operation (/var can get filled up by flodding bogus packets).
sysctl net.inet6.icmp6.nd6_debug will turn on diagnostic messages.
(#define ND6_DEBUG will turn it on by default)

improve stats in ND6 code.

lots of synchronziation with kame (including comments and cometic ones).

fix RR result bit in little endian systems. sync with kame

sync with latest kame.
- make icmp6.h spec conformant to 2292bis-02, regarding to router reumbering
flag bit.
- latest rtadvd.

update icmp6 too big validation. the change is necessary since pmtud is
mandatory for IPv6 (so we can't just validate by using connected pcb - we need
to allow traffic from unconnected pcb to do pmtud).
- if the traffic is validated by xx_ctlinput, allow up to "hiwat" pmtud
route entries.
- if the traffic was not validated by xx_ctlinput, allow up to "lowat" pmtud
route entries (there's upper limit, so bad guys cannot blow up our routing
table).
sync with kame

XXX need to think again about default hiwat/lowat value.
XXX victim selection to help starvation case

verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA.
TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6,
it is rather important for us to support those cases.
TODO: more testing
TODO: kame sync

sync with kame ($KAME$)

clearifications in icmp6 node query support.
XXX previous commit included "supported qtypes" icmp6 node query support.
sorry commit message was mistaken.

correct typo in #define. ICMP6_NI_SUCESS -> SUCCESS (notice missing C).
sync with kame.

nuke the following sysctl variables. "ppsratelimit" should work better.
need to recompile sbin/sysctl after updating /usr/include.
net.inet.tcp.rstratelimit
net.inet.icmp.errratelimit
net.inet6.icmp6.errratelimit

- do not use bitfield for router renumbering header.
- add protection mechanism against ND cache corruption due to bad NUD hints.
- more stats
- icmp6 pps limitation. TOOD: should implement ppsratecheck(9).

branches: 1.9.2;
better conformance to draft-ietf-ipngwg-icmp-name-lookups-05.
the old code was chimera of 03 and 05 draft.

-n by default, since IPv6 reverse lookup takes too much time.
use -H to enable reverse name lookup.

branches: 1.8.2;
change member name for icmp6_filter, to be conformant to RFC2292.
From: Francis Dupont

support draft-ietf-ipngwg-icmp-name-lookups-05.txt, drop support for
draft-ietf-ipngwg-icmp-name-lookups-04.txt.

There are certain bitfield change in 04 draft to 05 draft, which makes
04 "ping6 -a" and 05 "ping6 -a" not interoperable. sigh.

remove some of cross-BSD portability #ifdef.
remove xxCTL_VARS, which is BSDI specific.

bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.

to be more rfc2292 complient, move ip6.h and icmp6.h into netinet.
(netinet6/{ip6,icmp6}.h is non-standard path - these files should go away)

it was not possible to use cvsmove in this case.
when you try to look at history, chase it toward netinet6/{ip6,icmp6}.h.

branches: 1.3.2;
RCS ID police.

branches: 1.2.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

branches: 1.1.2;
file icmp6.h was initially added on branch kame.

- pass the alignment instead of the mask (as Roy asked and to match the
other macro)
- use alignof to determine that alignment and CTASSERT what we expect
- remove unused macros

- centralize header align and pullup into a single inline function
- use a single macro to align pointers and expose the alignment, instead
of hard-coding 3 in 1/2 the macros.
- fix an issue in the ipv6 lt2p where it was aligning for ipv4 and pulling
for ipv6.

branches: 1.3.4; 1.3.102;
Remove clause 3 and 4 from TNF licenses

branches: 1.2.2;
Use <net/net_stats.h> / netstat_sysctl().

branches: 1.1.2;
Make IP, TCP, UDP, and ICMP statistics per-CPU. The stats are collated
when the user requests them via sysctl.

Add sysctl entry to control to send routing message for RTM_DYNAMIC.

Some routing daemons require such routing message to keep coherency.

If we want to let kernel send such message, set net.inet.icmp.dynamic_rt_msg=1
for IPv4, net.inet6.icmp6.dynamic_rt_msg=1 for IPv6.
Default(=0) is the same as before, that is, not send such routing message.

- Cleanup for dynamic sysctl:
- Remove unused *_NAMES macros for sysctl.
- Remove unused *_MAXID for sysctls.
- Move CTL_MACHDEP sysctl definitions for m68k into m68k/include/cpu.h and
use them on all m68k machines.

branches: 1.30.16; 1.30.18;
PR/49676: Ryo Shimizu: ICMP_STATINC() buffer overflows
XXX: pullup-7

branches: 1.29.2; 1.29.6; 1.29.8; 1.29.16; 1.29.22; 1.29.24;
put the histograms last and make them autosize (breaks compat with netstat).

branches: 1.28.12; 1.28.16;
PR/42243: Yasuoka Masahiko: Add "net.inet.icmp.bmcastecho" sysctl support,
to disable icmp replies to the broadcast address.

branches: 1.27.4;
Make IP, TCP, UDP, and ICMP statistics per-CPU. The stats are collated
when the user requests them via sysctl.

Change ICMP stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old icmpstat structure; old netstat
binaries will continue to work properly.

branches: 1.25.70;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.

Add sysctls for IP, ICMP, TCP, and UDP statistics.

branches: 1.23.12;
Remove a common (icmpstat).

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.21.6;
Changes to allow the IPv4 and IPv6 layers to align headers themseves,
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
m_pullup(), except that it always prepends and copies, rather
than only doing so if the desired length is larger than m->m_len.
m_copyup() also allows an offset into the destination mbuf, which
allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP. These
macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
architectures which do not have strict alignment constraints don't
pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
assert that it already is, as appropriate.

Note: This code is still somewhat experimental. However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).

whitespace

branches: 1.19.8;
Add in support for timing out IPv4 routes added due to redirects,
as discussed in tech-net several weeks ago. It turned out that
KAME had already added this functionality to the IPv6 stack, so
I followed their example in adding the sysctl variables
net.inet.icmp.rediraccept and net.inet.icmp.redirtimeout.

branches: 1.18.2; 1.18.4; 1.18.8;
count successful path MTU changes. good for debugging.
(there could be some discussion on when to increase the counter...)

nuke the following sysctl variables. "ppsratelimit" should work better.
need to recompile sbin/sysctl after updating /usr/include.
net.inet.tcp.rstratelimit
net.inet.icmp.errratelimit
net.inet6.icmp6.errratelimit

implement net.inet.icmp.errppslimit.
make default value for net.inet.icmp.erratelimit to 0, as < 10ms value
does not do the right thing.

branches: 1.15.2;
add icmpreturndatabytes kernel variable (default 8) which specifies the
number of extra data bytes to return in ICMP error messages. This is
also available via sysctl as net.icmp.returndatabytes and is limited to
[8,512].

branches: 1.14.2;
Add ICMP error rate limiting, based on the same for ICMP6.

Note, we're reusing the previously unused slot for "MTU discovery" (which
was moved to the "net.inet.ip" branch of the sysctl tree quite some time
ago).

Update protocoles and interfaces stats counters to 64bit.
RTM_IFINFO is now 0xf, 0xe is RTM_OIFINFO which returns the old (if_msghdr14)
struct with 32bit counters (binary compat, conditioned on COMPAT_14).
Same for sysctl: node 3 is renamed NET_RT_OIFLIST, NET_RT_IFLIST is now node 4.
Change rt_msg1() to add an mbuf to the mbuf chain instead of just panic()
when the message is larger than MHLEN.

branches: 1.12.14; 1.12.20;
add/cleanup multiple inclusion protection.

remove extraneous icmp_do_mtudisc

change sysctl net.inet.icmp.mtudisc to net.inet.ip.mtudisc

Path MTU Discovery support. This is turned off by default.
Use sysctl -w net.inet.icmp.mtudisc=1 to turn on.
Still to come: path removal after some period, black hole detection

KERNEL -> _KERNEL

New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD'

Update to 4.4-Lite networking code, with a few local changes.

Change the counters to be all the same type -- u_long.

Fix some inconsistent spacing; spaces at the end of lines, etc.

more rcsid additions and file header cleanups

Add consistent multiple-inclusion protection.

branches: 1.1.1;
Initial revision

move if_arc.h to sys/net

New ARP system, supports IPv4 over any hardware link.

Some of the stuff (e.g., rarpd, bootpd, dhcpd etc., libsa) still will
only support Ethernet. Tcpdump itself should be ok, but libpcap needs
lot of work.

For the detailed change history, look at the commit log entries for
the is-newarp branch.

branches: 1.5.8;
update from Ignatios Souvatzis

update arc_input() proto to match reality.

KERNEL -> _KERNEL

add prototypes

preliminary arcnet support. uses lame but RFC address resolution

arp: clear csum_flags before sending an ARP reply packet

A mbuf used for Rx is reused for reply, so we have to clear csum_flags
used for Rx. Otherwise, Tx processing like ether_sw_offload_tx() is
confused with it.

ARP/ND6: Revert prior

Turns out some people actually use this behaviour and strictly speaking
it is allowed by RFC5227 2.4 where it says:

At any time, if a host receives
an ARP packet (Request *or* Reply) where the 'sender IP address' is
(one of) the host's own IP address(es) configured on that interface,
but the 'sender hardware address' does not match any of the host's
own interface addresses, then this is a conflicting ARP packet

The key part is "any of the host's own interface addreses".

ARP: only ignore messages from the receving interface

This means that you can no longer share the same IP addresses
on different interfaces connected to the same subnet.
This was a very non standard solution and you can now
get the same functionality by using lagg(4) instead.

While here, flip log movements sysctl back to 1.

This reverts r1.253 and r1.286.

arp: allow to send packets without an ARP resolution just after receiving an ARP request

On receiving an ARP request, the current implemention creates an ARP
cache entry but with ND_LLINFO_NOSTATE. Such an entry still needs
an ARP resolution to send back a packet to the requester. The original
behavior before introducing the common ND framework didn't need the
resolution. IPv6 doesn't as well. To restore the original behavior,
make a new ARP cache entry with ND_LLINFO_STALE like IPv6 does.

arp: fix the behavior on detecting an address duplication without IPv4 DAD

On receiving an ARP request that has the same source protocol address as
the own address, i.e., address duplication, the original behavior of
a kernel prior to supporing IPv4 DAD is to send an ARP reply. It is
the same with a latest kernel with DAD enabled. However, a latest
kernel without DAD sends back an GARP packet. Restore the original
behavior.

branches: 1.313.2;
netinet: Use _NET_STAT* API instead of direct array access.

PR kern/58380

Attribute debug message.
Fixes PR 57959

branches: 1.311.2;
arp: Validate ARP source hardware address matches Ethernet source

RFC 5227 section 1.1 states that for a DaD ARP probe the sender hardware
address must match the hardware address of the interface sending the
packet.

We can now verify this by checking the mbuf tag PACKET_TAG_ETHERNET_SRC.

This fixes an obsure issue where an old router was sending out bogus
ARP probes.

Thanks to Ryo Shimizu <ryo@nerv.org> for the re-implementation.

Revert prior.

arp: Validate L2 sender hardware address matches ARP probe

RFC 5227 section 1.1 states that for a DaD ARP probe the sender hardware
address must match the hardware address of the interface sending the
packet.

We can now verify this by checking the mbuf packet header.

This fixes an obsure issue where an old router was sending out bogus
ARP probes.

Convert ARP from a legacy netisr to pktqueue.

- Make ALIGNED_POINTER use __alignof(t) instead of sizeof(t). This is more
correct because it works with non-primitive types and provides the ABI
alignment for the type the compiler will use.
- Remove all the *_HDR_ALIGNMENT macros and asserts
- Replace POINTER_ALIGNED_P with ACCESSIBLE_POINTER which is identical to
ALIGNED_POINTER, but returns that the pointer is always aligned if the
CPU supports unaligned accesses.
[ as proposed in tech-kern ]

One more time: backout arp header alignment, now that the alignment
asserted has been aligned to reality.
Also remove unused ARP_HDR_ALIGNED_P macro. Pointed out by roy.

Undo previous backout: alignment is needed here.
The reason for the previous backout was a misunderstanding (POINTER_ALIGNED_P
was broken, but the assertion fired even after it got fixed).

Undo previous; POINTER_ALIGNED_P was broken.

put back alignment (reported by martin@)

- centralize header align and pullup into a single inline function
- use a single macro to align pointers and expose the alignment, instead
of hard-coding 3 in 1/2 the macros.
- fix an issue in the ipv6 lt2p where it was aligning for ipv4 and pulling
for ipv6.

if_arp: Just KASSERT that arphrd is aligned

While here improve readability of checking ARP IEEE1394 matches interface.

Prior alignment fixes should not use an offset

if_arp: Ensure that arphdr is aligned

arp: Plug an mbuf leak

branches: 1.297.2;
Implement RFC 7048, making Neighbor Unreachability Detection less impatient

RFC 7048 Section 3 says in the UNREACHABLE state packets continue to be
sent to the link-layer address and then backoff exponentially.
We adjust this slightly and move to the INCOMPLETE state after
`nd_mmaxtries` probes and then start backing off.

This results in simpler code whilst providing a more robust model which
doubles the time to failure over what we did before.
We don't want to be back to the old ARP model where no unreachability
errors are returned because very few applications would look at
unreachability hints provided such as ND_LLINFO_UNREACHABLE or RTM_MISS.

nd: Name l3addr union of llentry and use in-place of nd_addr.

Probably makes more sense and makes nd.h less messy.

ARP: Use ND rather than our own.

This brings the benefit of Neighbour Unreachability Detection which is
something ARP sorely lacks.

The new timings mirror those of IPv6 and are adjustable via sysctl(8).
Unlike IPv6 ND, these are global and not per interface.

route: RTM_MISS now puts the message source address in RTA_AUTHOR

route(8) also reports this.
A userland app could use this to blacklist nodes who probe for machines
that doesn't exist on a subnet / prefix.

arp: report RTM_MISS when removing an unresolved entry in the arp table

Otherwise we only get it when renewing and we've sent too many requests.
This mirrors INET6 behaviour.

arp: find source address then target address when processing input

This fixes the case where another host having a duplicate ip address
starts using it right away without probing for it's availability.

While here, prefer ifatoia over a strict cast.

Remove FDDI support.

Remove Token Ring support.

branches: 1.289.2;
ARP: Don't defend ARP probes.

We should let the nature of ARP takes it's course here when our address
is neither tentative nor duplicated.
This allows the host to work with ARP ping, which was broken in r1.279.

Initialize DAD components properly

The original code initialized each component in non-init functions such as
arp_dad_start and nd6_dad_find, conditionally based on a global flag for each.
However, it was racy because the flag and the code around it were not
protected by a lock and could cause a kernel panic at worst.

Fix the issue by initializing the components in bootup as usual.

inet: Send RTM_MISS when we fail to resolve an address.

Takes the same approach as when adding a new address - we no longer
announce the new lladdr right away but we announce the result.
This will either be RTM_ADD or RTM_MISS.
RTM_DELETE is only sent if we have a lladdr assigned OR gc'ed.

This tells us when a new lladdr has been added (RTM_ADD),
changed (RTM_CHANGE), deleted (RTM_DELETED) or has failed to been
resolved (RTM_MISS). The latter case can be interpreted as unreachable.

ARP: change default sysctl entry log_movements to 0

IP address sharing is a thing and shouldn't cause needless diagnostics
by default.

ARP: remove unused sysctl entry log_unknown_network

rtsock: rework rt_clonedmsg to take a message type and lladdr

We will use this in a future patch to notify userland of lladdr
changes.

XXX pullup -8 -9

Initialize dom_mowner for MBUFTRACE

branches: 1.282.2;
Introduce rt_addrmsg_src which adds RTA_AUTHOR to the message.
Use this when we notify userland of a duplicate address
and set RTA_AUTHOR to the hardware address of the sender.

While here, match the logging diagnostic of INET6 to the simpler one
of INET so it's consistent.

Move lla_snprintf from if_arp.c to dl_print.c

rtsock: Route address message simplification

Rename rt_newaddrmsg to rt_addrmsg_rt.
Add rt_addrmsg which drops the error and route arguments which are only
needed by one caller.

ARP: Enable Address Defence again.

Revert the tentative/duplicated check and test for if it's been broadcast
or not. This reverts r1.245.

Replace M_ALIGN and MH_ALIGN by m_align.

Introduce and use ip_dad_enabled() and ip6_dad_enabled() functions

Avoid double rt_replace_ifa on rtrequest1(RTM_ADD)

Some callers of rtrequest1(RTM_ADD) adjust rt_ifa of an rtentry created by
rtrequest1 that may change rt_ifa (in ifa_rtrequest) with another ifa that is
different from requested one. It's wasteful and even worse introduces a race
condition. rtrequest1 should just use a passed ifa as is if a caller hopes so.

branches: 1.275.2;
static

Remove now unused net_osdep.h includes, the other BSDs did the same.

Add XXX.

Remove unused mbuf argument from arpcreate() and arplookup().

Fix a race condition on DAD destructions (again)

The previous fix to DAD timers was wrong; it avoided a use-after-free but
instead introduced a memory leak. The destruction method had delegated
a destruction of a DAD timer to the timer itself and told that by setting NULL
to dp->dad_ifa. However, the previous fix made DAD timers do nothing on
the sign.

Fixing the issue with using callout_stop isn't easy. One approach is to have
a refcount on dp but it introduces extra complexity that we want to avoid.

The new fix falls back to using callout_halt, which was abandoned because of
softnet_lock. Fortunately now the network stack is protected by KERNEL_LOCK
so we can remove softnet_lock from DAD timers (callout) and use callout_halt
safely.

Fix reference leaks of llentry

callout_reset and callout_halt can cancel a pending callout without telling us.
Detect a cancel and remove a reference by using callout_pending and
callout_stop (it's a bit tricy though, we can detect it).

While here, we can remove remaining abuses of mutex_owned for softnet_lock.

Tweak sanity checks

Scheduling a timer of static entries is wrong.

branches: 1.268.2;
Sprinkle some const.

Avoid a race condition of DAD timer destructions

When we see dp->dad_ifa == NULL, it means that the ifa is being deleted and also
the callout is scheduled again by someone. We shouldn't rely on a result of
callout_pending to know if the callout is scheduled because it returns false if
the subsequent callout handler is already on the fly.

We have to always delegate the destruction of dp to the subsequent handler
unconditionally if dp->dad_ifa == NULL. Otherwise, the first handler destroys
the dp and the second handler tries to handle destroyed dp.

Remove IFF_STATICARP, we don't support this, and the code is useless in its
current form.

ok ozaki-r@

Mmh. Add a missing check: if ARP was disabled on the interface, don't
process ARP packets. Otherwise the kernel will add ARP entries even if

ifconfig wm0 -arp

was entered.

Be tougher:

* In arpintr(), don't allow IEEE1394 packets on non-IEEE1394 interfaces.

* In revarpinput(), kick IEEE1394 packets right away. They are not
supported.

Same change as rev1.258, but this time in revarpinput: use m_pullup.

Minor stylistic changes, and use C99 types.

Replace dead code by KASSERT.

Don't force ARPHRD_IEEE1394 on IEEE1394 interfaces. If it's not there, then
kick the packet. And do this earlier.

Use only one label, clearer.

Fix three things in arpintr():

* mtod can't return NULL.

* It is wrong to kick the packet if m->m_len < arplen. While this check
always returns false for native Ethernet interfaces, it may not if the
frame is encapsulated in EtherIP/L2TP. Use m_pullup instead.

* Remove XXX, it is fine. Reduce the indentation level afterwards.

Style, no functional change.

Make DAD destructions (MP-)safe with callout_stop

arp_dad_stoptimer and nd6_dad_stoptimer can be called with or without
softnet_lock held and unfortunately we have no easy way to statically know which.
So it is hard to use callout_halt there.

To address the situation, we use callout_stop to make the code safe. The new
approach copes with the issue by delegating the destruction of a callout to
callout itself, which allows us to not wait the callout to finish. This can be
done thanks to that DAD objects are separated from other data such as ifa.

The approach is suggested by riastradh@
Proposed on tech-kern@ and tech-net@

Provide macros for softnet_lock and KERNEL_LOCK hiding NET_MPSAFE switch

It reduces C&P codes such as "#ifndef NET_MPSAFE KERNEL_LOCK(1, NULL); ..."
scattered all over the source code and makes it easy to identify remaining
KERNEL_LOCK and/or softnet_lock that are held even if NET_MPSAFE.

No functional change

Fix a deadlock between a route update and lltable

It happens because rtalloc1 is called from lltable with holding
IF_AFDATA_WLOCK.

If a route update is in action, rtalloc1 would wait for its completion with
holding IF_AFDATA_WLOCK. At the same moment, a softint (e.g., arpintr) may try
to take IF_AFDATA_WLOCK and get stuck on it. Unfortunately the stuck softint
prevents the route update from progressing because the route update calls
psref_target_destroy that needs the softint to complete.

A resource allocation graph of the senario looks like this:
route update =(psref_target_destroy)=> softint => IF_AFDATA_WLOCK
=(rt_update_wait)=> route update

Fix the deadlock by pulling rtalloc1 out of the lltable codes inside
IF_AFDATA_WLOCK.

Note that the deadlock happens only if NET_MPSAFE is enabled.

Use if_get_bylla() instead of just looking at the lla of the interface
the address belongs to.
This allows any ARP message we receieved from another interface to
be correctly dropped.

While here, move the protocol length check higher up the food chain.

Don't create a permanent L2 cache entry on adding an address to an interface

It was created to copy FreeBSD, however actually the cache isn't
necessary. Remove it to simplify the code and reduce the cost to
maintain it (e.g., keep a consistency with a corresponding local
route).

Sending a routing message (RTM_ADD) on adding an llentry

A message used to be sent on adding a cloned route. Restore the
behavior for backward compatibility.

Requested by ryo@

branches: 1.250.2;
Lookup caches from a CARP interface if the packet is routed to the interface

This fixes CARP setups without carpdev (physical interface) having any IPs.

replace in_fmtaddr() by IN_PRINT(), and delete function in_fmtaddr()

branches: 1.248.4;
Get rid of unused macros

If we're not doing DAD, don't set IN_IFF_TENTATIVE.

If an ARP packet is received to the null host (0.0.0.0) then look for
an address matching the sender IP address on the interface.
This allows DAD to fail during the probe phase when a reverse ARP
proxy is present.

Only check target address collision if the sender address is the null
address (ie a DAD probe) or our matching address is either TENTATIVE
or DUPLICATED.

Only do DaD if the interface actually has the address.

Replace malloc for DAD with kmem and move them out of the lock for DAD

Allow Unicast Poll from RFC 1122 to bypass DaD checking.

Add missing NULL checks for m_get_rcvif

Tweak softnet_lock and NET_MPSAFE

- Don't hold softnet_lock in some functions if NET_MPSAFE
- Add softnet_lock to sysctl_net_inet_icmp_redirtimeout
- Add softnet_lock to expire_upcalls of ip_mroute.c
- Restore softnet_lock for in{,6}_pcbpurgeif{,0} if NET_MPSAFE
- Mark some softnet_lock for future work

Add some checks, mostly same as in_arpinput.

Make sure the protocol address length equals that of IPv4. Also, make sure
the hardware address length equals that of the interface we received the
packet on. Otherwise a packet could easily set them both to zero and make
the kernel read beyond the allocated mbuf, which is terrible.

Note: for the latter we drop the packet instead of replying, since it is
malformed.

Note: I also added an ugly hack in CARP, since it apparently expects at
least six bytes.

Style

Reput a nullcheck that was mistakenly removed in rev1.204. ar_hrd is
packet-controlled.

rename arplog -> ARPLOG to make it clear that it is a macro and tuck-in the
buffer used for address formatting.

Make ip6_sprintf(), in_fmtaddr(), lla_snprintf() and icmp6_redirect_diag() mpsafe.

Reviewed by ozaki-r@

branches: 1.233.2;
Make the routing table and rtcaches MP-safe

See the following descriptions for details.

Proposed on tech-kern and tech-net


Overview

Don't handle ARP duplication for the unspecified address.

Don't hold global locks if NET_MPSAFE is enabled

If NET_MPSAFE is enabled, don't hold KERNEL_LOCK and softnet_lock in
part of the network stack such as IP forwarding paths. The aim of the
change is to make it easy to test the network stack without the locks
and reduce our local diffs.

By default (i.e., if NET_MPSAFE isn't enabled), the locks are held
as they used to be.

Reviewed by knakahara@

Implement RFC 5227 2.4 Ongoing Conflict Detection and Address Defence.

If ip_dad_count is 0, then the conflict is just logged and the address
is not marked as duplicated.

Mark arprequest static and introduce arpannounce so that gratuitous
ARP requests are only send from valid addresses.

Fix race condition on ifqueue used by traditional netisr

If a underlying network device driver supports MSI/MSI-X, RX interrupts
can be delivered to arbitrary CPUs. This means that Layer 2 subroutines
such as ether_input (softint) and subsequent Layer 3 subroutines (softint)
which are called via traditional netisr can be dispatched on an arbitrary
CPU. Layer 2 subroutines now run without any locks (expected) and so a
Layer 2 subroutine and a Layer 3 subroutine can run in parallel.

There is a shared data between a Layer 2 routine and a Layer 3 routine,
that is ifqueue and IF_ENQUEUE (from L2) and IF_DEQUEUE (from L3) on it
are racy now.

To fix the race condition, use ifqueue#ifq_lock to protect ifqueue
instead of splnet that is meaningless now.

The same race condition exists in route_intr. Fix it as well.

Reviewed by knakahara@

Dealing with arplog is a bit more complicated...

Clear IN_IFF_TENTATIVE when stopping DaD here.

Don't setup DaD for INADDR_ANY

Allow arplog to be used outside of if_arp.c

Refine arplog to be like nd6log.

Restore ARP_STAT_DFRTOTAL deleted unexpectedly

Apply pserialize and psref to struct ifaddr and its variants

This change makes struct ifaddr and its variants (in_ifaddr and in6_ifaddr)
MP-safe by using pserialize and psref. At this moment, pserialize_perform
and psref_target_destroy are disabled because (1) we don't need them
because of softnet_lock (2) they cause a deadlock because of softnet_lock.
So we'll enable them when we remove softnet_lock in the future.

Fix panic on adding/deleting IP addresses under network load

Adding and deleting IP addresses aren't serialized with other network
opeartions, e.g., forwarding packets. So if we add or delete an IP
address under network load, a kernel panic may happen on manipulating
network-related shared objects such as rtentry and rtcache.

To avoid such panicks, we still need to hold softnet_lock in in_control
and in6_control that are called via ioctl and do network-related operations
including IP address additions/deletions.

Fix PR kern/51356

Make DAD of ARP/NDP MP-safe with coarse-grained locks

The change also prevents arp_dad_timer/nd6_dad_timer from running if
arp_dad_stop/nd6_dad_stop is called, which makes sure that callout_reset
won't be called during callout_halt.

Use KASSERT for checking non-NULL of ifa->ifa_ifp

ifa->ifa_ifp should be always non-NULL, so doing the check only if
DIAGNOSTIC is ok.

branches: 1.217.2;
Replace macros to get an IP address with proper inline functions

The inline functions are more friendly for applying psz/psref;
they consist of only simple interations.

Tweak indentation

Make sure to free all interface addresses in if_detach

Addresses of an interface (struct ifaddr) have a (reverse) pointer of an
interface object (ifa->ifa_ifp). If the addresses are surely freed when
their interface is destroyed, the pointer is always valid and we don't
need a tweak of replacing the pointer to if_index like mbuf.

In order to make sure the assumption, the following changes are required:
- Deactivate the interface at the firstish of if_detach. This prevents
in6_unlink_ifa from saving multicast addresses (wrongly)
- Invalidate rtcache(s) and clear a rtentry referencing an address on
RTM_DELETE. rtcache(s) may delay freeing an address
- Replace callout_stop with callout_halt of DAD timers to ensure stopping
such timers in if_detach

Make sure that ifaddr is published after its initialization finished

Basically we should insert an item to a collection (say a list) after
item's initialization has been completed to avoid accessing an item
that is initialized halfway. ifaddr (in{,6}_ifaddr) isn't processed
like so and needs to be fixed.

In order to do so, we need to tweak {arp,nd6}_rtrequest that depend
on that an ifaddr is inserted during its initialization; they explore
interface's address list to determine that rt_getkey(rt) of a given
rtentry is in the list to know whether the route's interface should
be a loopback, which doesn't work after the change. To make it work,
first check RTF_LOCAL flag that is set in rt_ifa_addlocal that calls
{arp,nd6}_rtrequest eventually. Note that we still need the original
code for the case to remove and re-add a local interface route.

Add missing NULL checks for m_get_rcvif_psref

apply if_output_lock() to L3 callers which call ifp->if_output() of L2(or L3 tunneling).

Avoid storing a pointer of an interface in a mbuf

Having a pointer of an interface in a mbuf isn't safe if we remove big
kernel locks; an interface object (ifnet) can be destroyed anytime in any
packet processing and accessing such object via a pointer is racy. Instead
we have to get an object from the interface collection (ifindex2ifnet) via
an interface index (if_index) that is stored to a mbuf instead of an
pointer.

The change provides two APIs: m_{get,put}_rcvif_psref that use psref(9)
for sleep-able critical sections and m_{get,put}_rcvif that use
pserialize(9) for other critical sections. The change also adds another
API called m_get_rcvif_NOMPSAFE, that is NOT MP-safe and for transition
moratorium, i.e., it is intended to be used for places where are not
planned to be MP-ified soon.

The change adds some overhead due to psref to performance sensitive paths,
however the overhead is not serious, 2% down at worst.

Proposed on tech-kern and tech-net.

Get rid of unnecessary assignment

Check error of rt_setgate and rt_settag

Constify rtentry of arpresolve

We don't need to (rather shouldn't) modify rtentry in there.

Fix panic on receiving an ARP request

The panic happened if an ARP request has a spa (i.e., IP address) whose
ARP entry already exists in the table as a static ARP entry.

ddb: rename show arptab to show routes

show arptab command of ddb is now inappropriate because it actually dumps
routes but arp entries aren't routes anymore. So rename it to show routes
and move the code from if_arp.c to route.c.

ok christos@

- tidy up error messages
- add a length argument to arpresolve()
- add KASSERT for overflow

Separate nexthop caches from the routing table

By this change, nexthop caches (IP-MAC address pair) are not stored
in the routing table anymore. Instead nexthop caches are stored in
each network interface; we already have lltable/llentry data structure
for this purpose. This change also obsoletes the concept of cloning/cloned
routes. Cloned routes no longer exist while cloning routes still exist
with renamed to connected routes.

Noticeable changes are:
- Nexthop caches aren't listed in route show/netstat -r
- sysctl(NET_RT_DUMP) doesn't return them
- If RTF_LLDATA is specified, it returns nexthop caches
- Several definitions of routing flags and messages are removed
- RTF_CLONING, RTF_XRESOLVE, RTF_LLINFO, RTF_CLONED and RTM_RESOLVE
- RTF_CONNECTED is added
- It has the same value of RTF_CLONING for backward compatibility
- route's -xresolve, -[no]cloned and -llinfo options are removed
- -[no]cloning remains because it seems there are users
- -[no]connected is introduced and recommended
to be used instead of -[no]cloning
- route show/netstat -r drops some flags
- 'L' and 'c' are not seen anymore
- 'C' now indicates a connected route
- Gateway value of a route of an interface address is now not
a L2 address but "link#N" like a connected (cloning) route
- Proxy ARP: "arp -s ... pub" doesn't create a route

You can know details of behavior changes by seeing diffs under tests/.

Proposed on tech-net and tech-kern:
http://mail-index.netbsd.org/tech-net/2016/03/11/msg005701.html

Remove unnecessary LLE_REMREF

The code around it was copied from arptimer, but LLE_REMREF
is unnecessary because it is needed only for arptimer that
is called after LLE_ADDREF.

This is a possible fix for PR#50548, PR#50702 and PR#50704.

Revert previous: ran cvs commit when I meant cvs diff. Sorry!

Hit up-arrow one too few times.

Give proper prototype to ip_output.

Eliminate struct protosw::pr_output.

You can't use this unless you know what it is a priori: the formal
prototype is variadic, and the different instances (e.g., ip_output,
route_output) have different real prototypes.

Convert the only user of it, raw_send in net/raw_cb.c, to take an
explicit callback argument. Convert the only instances of it,
route_output and key_output, to such explicit callbacks for raw_send.
Use assertions to make sure the conversion to explicit callbacks is
warranted.

Discussed on tech-net with no objections:
https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html

Make revarprequest static

Fix memory leak of llentry#la_opaque

llentry#la_opaque which is for token ring is allocated in arp.c
and freed in arp.c when freeing llentry. However, llentry can be
freed from other places, e.g., lltable_free. In such cases,
la_opaque is never freed.

To fix that, add a new callback (lle_ll_free) to llentry and
register a destruction function of la_opque to it. On freeing a
llentry, we can surely free la_opque via the callback.

Fix token_rif extractions from llentry

Introduce arp_settimer

No functional change.

Get rid of a big block in in_arpinput

No functional change.

Restore softnet_lock and KERNEL_LOCK for rtrequest and rtfree

We still need them for rt operations.

Fix db_print_llinfo

rt_llinfo is now struct llentry.

Fix inappropriate rt_flags check

It depended on either RTF_CLONED or RTF_CLONING must be set, however,
the assumption didn't meet for userland problems that create a route
via RTM_ADD.

This fixes an issue that running rarpd causes the following kernel panic
reported by nonaka@:
panic: kernel diagnostic assertion "(la->la_flags & LLE_STATIC) == 0"
failed: file "/usr/src/sys/netinet/if_arp.c", line 1339

Stop callout in arp_rtrequest(RTM_DELETE)

This change fixes arptimer panic after removing an interface
(say by drvctl -d), which is reported by Takahiro Hayashi.

This change also fixes llentry's reference counting; we have
to take into account rtentry#rt_llinfo as well as arptimer.

Stop using softnet_lock (fix possible deadlock)

Using softnet_lock for mutual exclusion between lltable_free and
arptimer was wrong and had an issue causing a deadlock between
them; lltable_free waits arptimer completion by calling
callout_halt with softnet_lock that is held in arptimer, however
lltable_free also holds llentry's lock that is also held in
arptimer so arptimer never obtain the lock and both never go
forward eventually. We have to pass llentry's lock to
callout_halt instead.

In the event of an error within arpresolve(), delete the cloned route
otherwise it would never be deleted.

Save and clear the la route while we have a write lock

arpresolve() now returns 0 on success otherwise an error code.
Callers of arpresolve() now pass the error code back to their caller,
masking out EWOULDBLOCK.

This allows applications such as ping(8) to display a suitable error
condition.

Move the NOARP check up a bit so that it works when an la is created
but hasn't been resolved yet.
Fixes PR kern/17611.

Simplify la handling in arpresolve() by asking arplookup() not to create
a la. If a la is needed arpresolve() will then create it or mark the
current la as writable.

Create a temporary define involving IFF_STATICARP if we have it
instead of just testing for __FreeBSD__.
No functional change.

ok: ozaki-r@

Create an llentry after fixing an interface to store

In case of RTF_LOCAL routes, we change an output interface
of a route from original one to lo0ifp. An llentry also
has to be stored to lo0ifp in such cases.

Problem reported by roy@

Fix arplookup logic

It should first lookup and then create an entry if not found (and if
creation is requested).

If, for whatever reason, a local interface route is removed and then
re-added, mark it as a local route.

While here, if changing the route to go via the loopback interface
remove any inherited MTU value.

Remove wrong KASSERT in arptfree

la_rt can be NULL because arptimer that calls arptfree doesn't always
free llentry so llentry can remain with la_rt == NULL. So we instead
check whether la_rt is NULL or not and do arptfree if not.

This fixes PR kern/50184 (confirmed by martin@) and
PR kern/50186 (maybe).

Revert v1.176 for further proper fix

CID 1322880: remove unnecessary m != NULL checks

CID 1322878: simplify log output flow

XXX: Disable KASSERT for now since locking is broken for interface removals.

Remove obsolete global variables and sysctl MIBs

Replace ARP cache (llinfo) with lltable/llentry

Highlights of the change are:
- Use llentry instead of llinfo to manage ARP caches
- ARP specific data are stored in the hashed list
of an interface instead of the global list (llinfo_arp)
- Fine-grain locking on llentry
- arptimer (callout) per ARP cache
- the global timer callout with the big locks can be
removed (though softnet_lock is still required for now)
- net.inet.arp.prune is now obsoleted
- it was the interval of the global timer callout
- net.inet.arp.refresh is now obsoleted
- it was a parameter that prevents expiration of active caches
- Removed to simplify the timer logic, but we may be able to
restore the feature if really needed

Proposed on tech-kern and tech-net.

sprinkle _KERNEL_OPT

Move insane goto label

Use time_uptime instead of time_second to avoid time leaps

Some codes in sys/net* use time_second to manage time periods such as
cache expirations. However, time_second doesn't increase monotonically
and can leap by say settimeofday(2) according to time_second(9). We
should use time_uptime instead of it to avoid such time leaps.

This change replaces time_second with time_uptime. Additionally it
converts a time based on time_uptime to a time based on time_second
when the kernel passes the time to userland programs that expect
the latter, and vice versa.

Note that we shouldn't leak time_uptime to other hosts over the
netowrk. My investigation shows there is no such leak:
http://mail-index.netbsd.org/tech-net/2015/08/06/msg005332.html

Discussed on tech-kern and tech-net.

Make global variables static

Replace NARC with NARCNET to follow renaming at 2007

Hmm, is anyone using this?

Use LIST_FOREACH{,_SAFE}

The first loop doesn't remove any items in it, so we can use
LIST_FOREACH instead of LIST_FOREACH_SAFE.

Use NULL instead of 0 for pointers

Make arp_init, in_revarpinput and revarprequest static

Separate ARP handling DAD from inet.
This is done by signalling the intent to try tentative addresses
and then clearing the intent once the address is setup.
When the ARP handler is installed (arp_ifinit) then it adds
dad start and stop functions to the address which are used instead
of calling ARP directly.

Rename delay variable as it shadows a global on arm.

Add IPv4 address flags IN_IFF_TENTATIVE, IN_IFF_DUPLICATED and
IN_IFF_DETATCHED to mimic the IPv6 address behaviour.
Add SIOCGIFAFLAG_IN ioctl to retrieve the address flag via the
ifreq structure.
Add IPv4 DAD detection via the ARP methods described in RFC 5227.
Add sysctls net.inet.ip.dad_count and net.inet.arp.debug.

Discussed on tech-net@

Add RTF_BROADCAST to mark routes used for the broadcast address when
they are created on the fly. This makes it clear what the route is for
and allows an optimisation in ip_output() by avoiding a call to
in_broadcast() because most of the time we do talk to a host.
It also avoids a needless allocation for the storage of llinfo_arp and
thus vanishes from arp(8) - it showed as incomplete anyway so this
is a nice side effect.

Guard against this and routes marked with RTF_BLACKHOLE in
ip_fastforward().
While here, guard against routes marked with RTF_BLACKHOLE in
ip6_fastforward().
RTF_BROADCAST is IPv4 only, so don't bother checking that here.

Introduce the routing flag RTF_LOCAL to track local address routes.
Add functions rt_ifa_addlocal() and rt_ifa_remlocal() to add and remove
local routes for the address and announce the new address and route
to the routing socket.

Add in_ifaddlocal() and in_ifremlocal() to use these functions.
Rename in6_if{add,rem}loop() to in6_if{add,rem}local() and use these
functions.

rtinit() no longer announces the address, just the network route for the
address. As such, calls to rt_newaddrmsg() have been removed from
in_addprefix() and in_scrubprefix().

This solves the problem of potentially more than one announcement, or no
announcement at all for the address in certain situations.

branches: 1.160.2;
Add sysctl to selectively log arp packets from unknown network. (Adrien URBAN).

Deanonymize structure for llinfo_arp.

branches: 1.158.2; 1.158.4;
Call ifp->if_output in revarprequest with KERNEL_LOCK held

Otherwise, it hits KASSERT(KERNEL_LOCKED_P()) in ether_output
when nfs_boot fails and tries RARP.

Add struct pr_usrreqs with a pr_generic function and prepare for the
dismantling of pr_usrreq in the protocols; no functional change intended.
PRU_ATTACH/PRU_DETACH changes will follow soon.

Bump for struct protosw. Welcome to 6.99.62!

revarprequest: Avoid leaking mbuf.

In revarprequest, an mbuf could perhaps be leaked in an error path.
My reading of the code is that this is not possible, because ar_pro is
set to ETHERNET_IP, and ar_tha can only be null in the 1394 case.
But, better to have the free call anyway; ar_tha does not have a
documented interface contract :-)

Pointed out by Maxime Villard.

branches: 1.155.2;
Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before
the sysctl link sets are processed, and remove redundancy.

Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicate
lines of code.

branches: 1.154.2; 1.154.6; 1.154.8; 1.154.10; 1.154.16;
Remove dead variable

- fix offsetof usage, and redundant defines
- kill pointer casts to 0

branches: 1.152.2; 1.152.6;
Add 3 logging sysctls for arp from freebsd:

1. log_movements: do you want to log the arp overwritten message or not?
2. log_wrong_iface: do you want to log when an arp arrives at the wrong
interface?
3. log_permanent_modify: do you want to log when an arp message attempts
to overwrite a static entry?

I did not call the sysctls log_arp like FreeBSD does, because we already
have an arp sysctl level. The default is on for all three of them.

arp_drain() may be called with locks held, so instead of doing any work
in arp_drain(), set a drain-needed flag. Do the work in the fasttimo
handler.

Contributed by Coyote Point Systems, Inc.

Add a new AF/PF_ROUTE which is 64-bit clean which makes the routing socket
interface (and its associated sysctls) act identically for both 32 and 64 bit
programs. The old unclean one remains for backward compatibility.

branches: 1.149.4; 1.149.6; 1.149.8;
ar_tha() can return NULL; treat this as an error.

Handle RFC 5227 ARP probes properly, don't drop 0.0.0.0 source packets
silently. (Patrik Lahti <plahti at qnx dot com>)

Replace a large number of link set based sysctl node creations with
calls from subsystem constructors. Benefits both future kernel
modules and rump.

no change to sysctl nodes on i386/MONOLITHIC & build tested i386/ALL

Don't require the gateway address to have room for both an interface
name and address. Room for an address will do. This should fix
a regression in 'arp -s ...' on interfaces such as xennet0 with
unusually long names.

I will request a pull-up to netbsd-5.

merge christos-time_t

*** Summary ***

When a link-layer address changes (e.g., ifconfig ex0 link
02:de:ad:be:ef:02 active), send a gratuitous ARP and/or a Neighbor
Advertisement to update the network-/link-layer address bindings
on our LAN peers.

Refuse a change of ethernet address to the address 00:00:00:00:00:00
or to any multicast/broadcast address. (Thanks matt@.)

Reorder ifnet ioctl operations so that driver ioctls may inherit
the functions of their "class"---ether_ioctl(), fddi_ioctl(), et
cetera---and the class ioctls may inherit from the generic ioctl,
ifioctl_common(), but both driver- and class-ioctls may override
the generic behavior. Make network drivers share more code.

Distinguish a "factory" link-layer address from others for the
purposes of both protecting that address from deletion and computing
EUI64.

Return consistent, appropriate error codes from network drivers.

Improve readability. KNF.

*** Details ***

In if_attach(), always initialize the interface ioctl routine,
ifnet->if_ioctl, if the driver has not already initialized it.
Delete if_ioctl == NULL tests everywhere else, because it cannot
happen.

In the ioctl routines of network interfaces, inherit common ioctl
behaviors by calling either ifioctl_common() or whichever ioctl
routine is appropriate for the class of interface---e.g., ether_ioctl()
for ethernets.

Stop (ab)using SIOCSIFADDR and start to use SIOCINITIFADDR. In
the user->kernel interface, SIOCSIFADDR's argument was an ifreq,
but on the protocol->ifnet interface, SIOCSIFADDR's argument was
an ifaddr. That was confusing, and it would work against me as I
make it possible for a network interface to overload most ioctls.
On the protocol->ifnet interface, replace SIOCSIFADDR with
SIOCINITIFADDR. In ifioctl(), return EPERM if userland tries to
invoke SIOCINITIFADDR.

In ifioctl(), give the interface the first shot at handling most
interface ioctls, and give the protocol the second shot, instead
of the other way around. Finally, let compatibility code (COMPAT_OSOCK)
take a shot.

Pull device initialization out of switch statements under
SIOCINITIFADDR. For example, pull ..._init() out of any switch
statement that looks like this:

switch (...->sa_family) {
case ...:
..._init();
...
break;
...
default:
..._init();
...
break;
}

Rewrite many if-else clauses that handle all permutations of IFF_UP
and IFF_RUNNING to use a switch statement,

switch (x & (IFF_UP|IFF_RUNNING)) {
case 0:
...
break;
case IFF_RUNNING:
...
break;
case IFF_UP:
...
break;
case IFF_UP|IFF_RUNNING:
...
break;
}

unifdef lots of code containing #ifdef FreeBSD, #ifdef NetBSD, and
#ifdef SIOCSIFMTU, especially in fwip(4) and in ndis(4).

In ipw(4), remove an if_set_sadl() call that is out of place.

In nfe(4), reuse the jumbo MTU logic in ether_ioctl().

Let ethernets register a callback for setting h/w state such as
promiscuous mode and the multicast filter in accord with a change
in the if_flags: ether_set_ifflags_cb() registers a callback that
returns ENETRESET if the caller should reset the ethernet by calling
if_init(), 0 on success, != 0 on failure. Pull common code from
ex(4), gem(4), nfe(4), sip(4), tlp(4), vge(4) into ether_ioctl(),
and register if_flags callbacks for those drivers.

Return ENOTTY instead of EINVAL for inappropriate ioctls. In
zyd(4), use ENXIO instead of ENOTTY to indicate that the device is
not any longer attached.

Add to if_set_sadl() a boolean 'factory' argument that indicates
whether a link-layer address was assigned by the factory or some
other source. In a comment, recommend using the factory address
for generating an EUI64, and update in6_get_hw_ifid() to prefer a
factory address to any other link-layer address.

Add a routing message, RTM_LLINFO_UPD, that tells protocols to
update the binding of network-layer addresses to link-layer addresses.
Implement this message in IPv4 and IPv6 by sending a gratuitous
ARP or a neighbor advertisement, respectively. Generate RTM_LLINFO_UPD
messages on a change of an interface's link-layer address.

In ether_ioctl(), do not let SIOCALIFADDR set a link-layer address
that is broadcast/multicast or equal to 00:00:00:00:00:00.

Make ether_ioctl() call ifioctl_common() to handle ioctls that it
does not understand.

In gif(4), initialize if_softc and use it, instead of assuming that
the gif_softc and ifp overlap.

Let ifioctl_common() handle SIOCGIFADDR.

Sprinkle rtcache_invariants(), which checks on DIAGNOSTIC kernels
that certain invariants on a struct route are satisfied.

In agr(4), rewrite agr_ioctl_filter() to be a bit more explicit
about the ioctls that we do not allow on an agr(4) member interface.

bzero -> memset. Delete unnecessary casts to void *. Use
sockaddr_in_init() and sockaddr_in6_init(). Compare pointers with
NULL instead of "testing truth". Replace some instances of (type
*)0 with NULL. Change some K&R prototypes to ANSI C, and join
lines.