the documents are out of sync with the latest situation. remove them.

branches: 1.14.4;
sync with latest kame tree (tiny update in IPv4 mapped issue)

sync with latest kame document.
- update 6to4 i-d #.
- update descr on source address selection.

sync with reality in netbsd-current.
- pcb layer changes
- officially supported net interfaces
- minor typo
- draft # updates

branches: 1.11.2;
correct references. update ipsec description (sync with kame).

support draft-ietf-ipngwg-icmp-name-lookups-05.txt, drop support for
draft-ietf-ipngwg-icmp-name-lookups-04.txt.

There are certain bitfield change in 04 draft to 05 draft, which makes
04 "ping6 -a" and 05 "ping6 -a" not interoperable. sigh.

sync description on proxy NDP with latest KAME doc.

sync with latest KAME document.
- updates in I-D/RFC #
- scoped address syntax change
- remove ALTQ and other portion to avoid confusion

sync with extended scoped address syntax change.

add notice on site-locals. typo fix. (sync with kame)

sync with current code. now IMPLEMENTATION doc is almost identical
to the latest KAME one.

update tcp/udp v4 mapped addr issues.

sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)

branches: 1.2.2; 1.2.8;
RCS ID police.

branches: 1.1.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

Remove netinet6/ipsec.h.

branches: 1.9.12; 1.9.14;
add l2tp(4) L2TPv3 interface.

originally implemented by IIJ SEIL team.

branches: 1.8.6; 1.8.24; 1.8.28; 1.8.32;
more IPSEC header cleanup: don't install unneeded headers to userland,
and remove some differences berween KAME and FAST_IPSEC

-consistently use "char *" for the compiled policy buffer in the
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
differences between KAME ans FAST_IPSEC

branches: 1.6.36; 1.6.100; 1.6.144; 1.6.148;
Remove KDIR=, since SYS_INCLUDE=symlinks and KDIR are not supported any more.

gather stats on raw ip6 socket. sync with kame

branches: 1.4.4; 1.4.6;
remove include files in nonstandard path
(has been #error for couple of months).

branches: 1.3.2; 1.3.10;
remove reference to in6_systm.h (file itself will be removed afterwords)

branches: 1.2.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

branches: 1.1.2;
file Makefile was initially added on branch kame.

the documents are out of sync with the latest situation. remove them.

branches: 1.12.6;
need PRC_IF{UP,CHANGE}.

sync with reality.
- getipnodeby{name,addr} is now non-issue as RFC2553bis will be dropping it
- if_detach is mostly done
- add some items

- if_detach
- xx_control calls from interrupt thread should be removed
- LP64

sync with current code. now IMPLEMENTATION doc is almost identical
to the latest KAME one.

remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...

better sync with reality.

synchronize list of IPv6 TODOs with reality.

branches: 1.5.2; 1.5.8;
typo fix (from koji@dti.ad.jp).
remove things that are already done.

remove TIME_WAIT issue, it was false.

add tcp6 port # oddity.
add splnet/splsoftnet issue.

branches: 1.2.2;
document issues in libc extensions.

IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.26.12; 1.26.16;
Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.25.2; 1.25.10; 1.25.16;
Merge the socket locking patch:

- Socket layer becomes MP safe.
- Unix protocols become MP safe.
- Allows protocol processing interrupts to safely block on locks.
- Fixes a number of race conditions.

With much feedback from matt@ and plunky@.

Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().

branches: 1.23.38; 1.23.40;
KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.

Cosmetic: don't open-code TAILQ_FOREACH().

Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.

Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.

Constify:

1 Introduce const accessor for route->ro_dst, rtcache_getdst().

2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.

3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.

4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.

branches: 1.22.26;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.

branches: 1.21.16;
increase AH_MAXSUMSIZE to 512/8, for hmac-sha2-512

add hmac-sha2 support. various cleanups (like avoid hardcoding '16').
from kame

avoid assuming result buffer size in AH logic. sync w/kame

branches: 1.18.6;
correct pointer signedness mixups. sync w/kame

reduce diff with kame. whitespace changes only.

branches: 1.16.2;
use _KERNEL_OPT

branches: 1.15.2;
memcpy -> bcopy, for sync with kame tree

verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA.
TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6,
it is rather important for us to support those cases.
TODO: more testing
TODO: kame sync

Restructure the Path MTU Discovery code somewhat to avoid
entering rtentry's for hosts we're not actually communicating
with.

Do this by invoking the ctlinput for the protocol, which is
responsible for validating the ICMP message:
* TCP -- Lookup the connection based on the address/port
pairs in the ICMP message.
* AH/ESP -- Lookup the SA based on the SPI in the ICMP message.

If validation succeeds, ctlinput is responsible for calling
icmp_mtudisc(). icmp_mtudisc() then invokes callbacks registered
by protocols (such as TCP) which want to take some sort of special
action when a path's MTU changes. For TCP, this is where we now
refresh cached routes and re-enter slow-start.

As a side-effect, this fixes the problem where TCP would not be
notified when a path's MTU changed if AH/ESP were being used.

XXX Note, this is only a fix for the IPv4 case. For the IPv6
XXX case, we need to wait for the KAME folks.

Reviewed by sommerfeld@netbsd.org and itojun@netbsd.org.

pre-compute and cache intermediate crypto key. suggestion from sommerfeld,
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)

correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)

branches: 1.10.2;
add algorithm name into algorithm table. (commit to crypto-intl will follow)

sync with more recent kame. cope with malloc failure more gracefully
some cosmetics.

branches: 1.8.2;
bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon

remove too much portability code in KAME, to improve readability.

avoid namespace polution ("#ifdef KERNEL" was mistakingly used)

branches: 1.5.2; 1.5.8;
sync with recent KAME.
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).

defopt INET6, and put it in opt_inet.h (most places already include this
file, which is why the file list is so short).

RCS ID police.

branches: 1.2.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

branches: 1.1.2;
file ah.h was initially added on branch kame.

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.7.12; 1.7.16;
Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch

bcopy -> memcpy

branches: 1.5.2;
use M_ZERO on malloc() and remove subsequent bzero().

branches: 1.4.28; 1.4.32; 1.4.42;
Ansify + add a few comments, from Karl Sjödahl

branches: 1.3.30; 1.3.32;
merge ktrace-lwp.

PR/30821: SUZUKI, Shinsuike: IPsec-AH is always calculated using the same
key in AES-XCBC-MAC

branches: 1.1.2; 1.1.4; 1.1.8; 1.1.16; 1.1.18;
AES XCBC MAC (for AH)
AES counter mode (for ESP)

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.3.12; 1.3.16;
Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.2.74; 1.2.84; 1.2.90;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.

branches: 1.1.4; 1.1.18;
AES XCBC MAC (for AH)
AES counter mode (for ESP)

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.48.12; 1.48.16;
Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch

bcopy -> memcpy

bzero -> memset

Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.44.32; 1.44.42; 1.44.48;
Ansify + add a few comments, from Karl Sjödahl

branches: 1.43.2; 1.43.4;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

branches: 1.42.4;
__unused removal on arguments; approved by core.

what was <crypto/sha2/sha2.h> and <crypto/ripemd160/rmd160.h> is now
<sys/sha2.h> and <sys/rmd160.h>.

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

branches: 1.39.18; 1.39.20;
Better support of IPv6 scoped addresses.

- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.

This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.

From the KAME project via JINMEI Tatuya.
Approved by core@.

branches: 1.38.2;
merge ktrace-lwp.

Remove unnecessary bzero() calls before calling the algorithm specific
init function.

branches: 1.36.14; 1.36.16;
constify AH algorithm function table. suggested by robert watson

minor KNF

typo

add AH/ESP algorithms: hmac-ripemd160 (AH), AES XCBC MAC (AH),
AES counter mode (ESP)

unifdef -U_IP_VHL

add hmac-sha2 support. various cleanups (like avoid hardcoding '16').
from kame

avoid assuming result buffer size in AH logic. sync w/kame

branches: 1.29.2;
style

correct pointer signedness mixups. sync w/kame

panic() if NULL is passed to ah_sumsiz_xx. suggested by sam leffler, sync w/kame

branches: 1.26.8;
add RCSIDs

always check extension header length.

branches: 1.24.2;
reduce diff with kame. whitespace changes only.

branches: 1.23.2; 1.23.4;
tighten AH IPv4 option chasing more. drop too short (< 2) option.
sync with kame.

correct IPv4 option header chasing. the old code may overrun the buffer
if the option header is truncated. sync with kame

fix compilation without INET. fix confusion between ipsecstat and ipsec6stat.
sync with kame.

correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)

branches: 1.19.2;
add algorithm name into algorithm table. (commit to crypto-intl will follow)

sync with more recent kame. cope with malloc failure more gracefully
some cosmetics.

branches: 1.17.2;
cleanup AH/policy processing.
- parse IPv6 header by using common function, ip6_{last,next}hdr.
- fix behaivior in multiple AH cases.
make strict boundary checks on mbuf chasing.
(sync with latest kame)

fix include pathname for better rfc2292 compliance.

bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon

add missing ipcomp cases.

remove too much portability code in KAME, to improve readability.

do not overwrite traffic class field when we write IPv6 version field.

branches: 1.11.2; 1.11.8;
eliminate unnecessary splnet().

sync with kame; typo in comment.

fix AH computation for HbB options.

sync with recent KAME.
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).

remove reference to in6_systm.h (file itself will be removed afterwords)

defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).

fix IPSEC (but not INET6) build.

PR: 7921, 7922, 7924
From: rafal@mediaone.net

s/splnet/splsoftnet/ in IPv6/IPsec part.
hope I made no mistake (the kernel works fine but I need a regress test)

Suggested by: thorpej

RCS ID police.

branches: 1.2.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

branches: 1.1.2;
file ah_core.c was initially added on branch kame.

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.59.2; 1.59.6; 1.59.8; 1.59.12; 1.59.14;
Retire varargs.h support. Move machine/stdarg.h logic into MI
sys/stdarg.h and expect compiler to provide proper builtins, defaulting
to the GCC interface. lint still has a special fallback.
Reduce abuse of _BSD_VA_LIST_ by defining __va_list by default and
derive va_list as required by standards.

bcmp -> memcmp

branches: 1.57.2; 1.57.10; 1.57.16;
Merge the socket locking patch:

- Socket layer becomes MP safe.
- Unix protocols become MP safe.
- Allows protocol processing interrupts to safely block on locks.
- Fixes a number of race conditions.

With much feedback from matt@ and plunky@.

Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().

branches: 1.55.16; 1.55.18;
machine/{bus,cpu,intr}.h -> sys/{bus,cpu,intr}.h

branches: 1.54.6; 1.54.8; 1.54.12;
Ansify + add a few comments, from Karl Sjödahl

branches: 1.53.2; 1.53.4;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.

Cosmetic: don't open-code TAILQ_FOREACH().

Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.

Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.

Constify:

1 Introduce const accessor for route->ro_dst, rtcache_getdst().

2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.

3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.

4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.

branches: 1.51.4;
__unused removal on arguments; approved by core.

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

branches: 1.49.20; 1.49.22;
merge ktrace-lwp.

Defopt IPSEC_NAT_T.

branches: 1.47.2;
Use NAT-T ports for AH and IPcomp too.

move decl of inetsw to its own header to avoid array of incomplete type.
found by gcc4. reported by Adam Ciarcinski.

Enhance IPSEC_NAT_T so that it can work with multiple machines behind the
same NAT.

branches: 1.44.8; 1.44.14;
KNF

fix uninitialized variables

Remove some code that breaks AH tunnels completely. The comment describing
the purpose of this code appears to be on crack -- it's talking about
end-to-end authentication, but the purpose of an AH tunnel is NOT end-to-end
authentication; it's authentication of the tunnel endpoints.

NB: This does not fix the fact that IPsec leaks "packet tags."

m_cat may free mbuf on 2nd arg, so m_pkthdr manipulation has to happen
before m_cat call. from Julian Coleman via kame.

unifdef -U_IP_VHL

remove obsolete comment on the use of m_pullup

branches: 1.38.2;
always use PULLDOWN_TEST codepath.

correct pointer signedness mixups. sync w/kame

correct signedness mixup in pointer passing. sync w/kame

avoid swapping endian of ip_len and ip_off on mbuf, to meet with M_LEADINGSPACE
optimization made last year. should solve PR 17867 and 10195.

IP_HDRINCL behavior of raw ip socket is kept unchanged. we may want to
provide IP_HDRINCL variant that does not swap endian.

whitespace cleanup

avoid unneeded malloc/free. sync w/kame

branches: 1.32.4; 1.32.6;
esp/ah_ctlinput: pass useful address to key_alloc.

whitespace/costmetic sync w/kame

remove obsolete #if 0'ed section. sync w/kame

add RCSIDs

reduce diff with kame. whitespace changes only.

branches: 1.27.2;
Remove the use of splimp() from the NetBSD kernel. splnet()
and only splnet() is allowed for the protection of data structures
used by network devices.

branches: 1.26.2;
make sure to enforce inbound ipsec policy checking, for any protocols on top
of ip (check it when final header is visited). sync with kame.
XXX kame team will need to re-check policy engine code

pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery
behavior with other protocols (i.e. validation, use of hiwat/lowat).

- record IPsec packet history into m_aux structure.
- let ipfilter look at wire-format packet only (not the decapsulated ones),
so that VPN setting can work with NAT/ipfilter settings.
sync with kame.

TODO: use header history for stricter inbound validation

update icmp6 too big validation. the change is necessary since pmtud is
mandatory for IPv6 (so we can't just validate by using connected pcb - we need
to allow traffic from unconnected pcb to do pmtud).
- if the traffic is validated by xx_ctlinput, allow up to "hiwat" pmtud
route entries.
- if the traffic was not validated by xx_ctlinput, allow up to "lowat" pmtud
route entries (there's upper limit, so bad guys cannot blow up our routing
table).
sync with kame

XXX need to think again about default hiwat/lowat value.
XXX victim selection to help starvation case

memcpy -> bcopy, for sync with kame tree

verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA.
TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6,
it is rather important for us to support those cases.
TODO: more testing
TODO: kame sync

Restructure the Path MTU Discovery code somewhat to avoid
entering rtentry's for hosts we're not actually communicating
with.

Do this by invoking the ctlinput for the protocol, which is
responsible for validating the ICMP message:
* TCP -- Lookup the connection based on the address/port
pairs in the ICMP message.
* AH/ESP -- Lookup the SA based on the SPI in the ICMP message.

If validation succeeds, ctlinput is responsible for calling
icmp_mtudisc(). icmp_mtudisc() then invokes callbacks registered
by protocols (such as TCP) which want to take some sort of special
action when a path's MTU changes. For TCP, this is where we now
refresh cached routes and re-enter slow-start.

As a side-effect, this fixes the problem where TCP would not be
notified when a path's MTU changed if AH/ESP were being used.

XXX Note, this is only a fix for the IPv4 case. For the IPv6
XXX case, we need to wait for the KAME folks.

Reviewed by sommerfeld@netbsd.org and itojun@netbsd.org.

fix compilation without INET. fix confusion between ipsecstat and ipsec6stat.
sync with kame.

add missing splx, when outgoing interface queue is full on tunnelled
ESP packet output. KAME PR 280.

Make this compile without INET6 again.

correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)

branches: 1.15.2;
sync with more recent kame. cope with malloc failure more gracefully
some cosmetics.

branches: 1.14.2;
Oops; fix thinko.

Update byte count and time stamps for received packets (as in ESP).
May help fix stalls.

cleanup AH/policy processing.
- parse IPv6 header by using common function, ip6_{last,next}hdr.
- fix behaivior in multiple AH cases.
make strict boundary checks on mbuf chasing.
(sync with latest kame)

with IPv4 AH, strip off AH from the packet. this is to make some
of IPv4 transport layer code work correctly (specifically, ICMPv4
will transmit wrong packet if we don't strip AH here)

this is just for m_pulldown case. normal installations are not affected.

make variable initialization safer.
(IP6_EXTHDR_CHECK can call m_pullup under rare condition)

Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc. The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list. This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also. The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.

fix include pathname for better rfc2292 compliance.

bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon

remove too much portability code in KAME, to improve readability.

branches: 1.5.2;
remove reference to in6_systm.h (file itself will be removed afterwords)

checked build on alpha and i386, with GENERIC.v6.
fixed several sizeof(void *) and sizeof(size_t) issues on alpha.

Thanks to: Dave Huang and Tim Rightnour

RCS ID police.

branches: 1.2.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

branches: 1.1.2;
file ah_input.c was initially added on branch kame.

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.33.12; 1.33.16;
bzero -> memset

Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.31.2; 1.31.10; 1.31.16;
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().

branches: 1.30.20; 1.30.22;
{ah,esp,ipcomp}_output must return 0 on success. On failure, it returns the
error and m is freed. Previously, it was not the case in ipcomp and esp case
(aka in some case, it returns 0 with m freed, or an error and m was not freed).

In ipcomp_output, fix some leak of mcopy too.

Use the same error path in {ah,esp,ipcomp}_output.

Problem was reported by Wolfgang Stukenbrock in pr/36768.

branches: 1.29.6; 1.29.8;
Ansify + add a few comments, from Karl Sjödahl

branches: 1.28.2; 1.28.8; 1.28.10; 1.28.16;
fix spelling of accommodate; from Zapher.

branches: 1.27.8; 1.27.10;
XXX: GCC uninitialized.

branches: 1.26.4; 1.26.6; 1.26.8; 1.26.12;
merge ktrace-lwp.

branches: 1.25.2;
- avoid shadowed variables
- sprinkle const.

branches: 1.24.14;
- prepare for RFC2401bis 64bit sequence number (no behavior change yet)
- use hash for SPI-based SAD entry lookup (should be faster, i hope)
- cleanup keydb.c and key.c. key.c is responsible for refcounting secasvar,
keydb.c is responsible for alloc/free.

typo in log message

unifdef -U_IP_VHL

branches: 1.21.6;
remove trailing \n in panic(). approved perry.

correct pointer signedness mixups. sync w/kame

KNF - return is not a function. sync w/kame.

avoid hardcoded "16" for max AH sum size. use AH_MAXSUMSIZE.

whitespace cleanup

branches: 1.16.8;
add RCSIDs

reduce diff with kame. whitespace changes only.

branches: 1.14.2; 1.14.4;
tighten AH IPv4 option chasing more. drop too short (< 2) option.
sync with kame.

correct IPv4 option handling.

fix compilation without INET. fix confusion between ipsecstat and ipsec6stat.
sync with kame.

correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)

remove unnecessary #include <netkey/key_debug.h>. from kame.

branches: 1.9.2;
sync with more recent kame. cope with malloc failure more gracefully
some cosmetics.

branches: 1.8.2;
cleanup AH/policy processing.
- parse IPv6 header by using common function, ip6_{last,next}hdr.
- fix behaivior in multiple AH cases.
make strict boundary checks on mbuf chasing.
(sync with latest kame)

fix include pathname for better rfc2292 compliance.

bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon

remove too much portability code in KAME, to improve readability.

branches: 1.4.2;
remove reference to in6_systm.h (file itself will be removed afterwords)

RCS ID police.

branches: 1.2.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

branches: 1.1.2;
file ah_output.c was initially added on branch kame.

inpcb: rename functions to in6pcb_*

Adjust dccp and sctp for struct inpcb separation

Adjust pf, wg, dccp and sctp for struct inpcb integration

Make it compile after change to non-variadic pr_input.

branches: 1.11.12; 1.11.14; 1.11.16;
Tweak softnet_lock and NET_MPSAFE

- Don't hold softnet_lock in some functions if NET_MPSAFE
- Add softnet_lock to sysctl_net_inet_icmp_redirtimeout
- Add softnet_lock to expire_upcalls of ip_mroute.c
- Restore softnet_lock for in{,6}_pcbpurgeif{,0} if NET_MPSAFE
- Mark some softnet_lock for future work

branches: 1.10.2;
Remove unnecessary inclusions of nd6.h

fix: "ifconfig destory" can stalls when "ifconfig" is done parallel.
This problem occurs only if NET_MPSAFE on.

ifconfig destroy side:
kernel entry point is ifioctl => if_clone_destroy.
pr_purgeif() acquires softnet_lock, and then ifa_remove() calls
pserialize_perform() holding softnet_lock.
ifconfig side:
kernel entry point is socreate.
pr_attach()(udp_attach_wrapper()) calls sosetlock(). In this call path,
sosetlock() try to acquire softnet_lock.
These can cause dead lock.

branches: 1.8.2;
Sweep unnecessary route.h inclusions

sprinkle _KERNEL_OPT

make connect syscall use sockaddr_big and modify pr_{send,connect}
nam parameter type from buf * to sockaddr *.

final commit for parameter type changes to protocol user requests

* bump kernel version to 7.99.15 for parameter type changes to pr_{send,connect}

remove pr_generic from struct pr_usrreqs and all implementations of
pr_generic in protocols.

bump to 7.99.13

approved by rmind@

fix missed parameter type change in dccp6_accept() to sockaddr * from mbuf *

make accept, getsockname and getpeername syscalls use sockaddr_big and modify
pr_{accept,sockname,peername} nam parameter type from mbuf * to sockaddr *.

* retained use of mbuftypes[MT_SONAME] for now.
* bump to netbsd version 7.99.12 for parameter type change.

patch posted to tech-net@ 2015/04/19

branches: 1.2.2;
* update dccp_bind for struct mbuf * to struct sockaddr * parameter change
* pass NULL instead of casting 0 to a pointer when calling in_pcbbind()

Add DCCP protocol support from KAME.

branches: 1.4.16;
make connect syscall use sockaddr_big and modify pr_{send,connect}
nam parameter type from buf * to sockaddr *.

final commit for parameter type changes to protocol user requests

* bump kernel version to 7.99.15 for parameter type changes to pr_{send,connect}

fix missed parameter type change in dccp6_accept() to sockaddr * from mbuf *

branches: 1.2.2;
* update dccp_bind for struct mbuf * to struct sockaddr * parameter change
* pass NULL instead of casting 0 to a pointer when calling in_pcbbind()

Add DCCP protocol support from KAME.

style

branches: 1.21.2;
Fix the calculation of the ICMP6 error pointer. It is not correct to use

pointer = opt - mtod(m, u_int8_t *)

because m may have gone through m_pulldown, and it is possible that
m->m_data is no longer the beginning of the packet.

branches: 1.20.8;
Get rid of unnecessary header inclusions

branches: 1.19.2;
Sweep unnecessary route.h inclusions

branches: 1.18.2;
Do not uselessly include <sys/malloc.h>.

branches: 1.17.48; 1.17.66;
Make ip6 and icmp6 stats per-cpu.

Change IPv6 stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old ip6stat structure; old netstat
binaries will continue to work properly.

branches: 1.15.44; 1.15.48;
__unused removal on arguments; approved by core.

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

branches: 1.13.18; 1.13.20;
<netinet6/in6_pcb.h> is not needed.

branches: 1.12.18; 1.12.30;
always use PULLDOWN_TEST codepath.

add RCSIDs

branches: 1.10.2; 1.10.4;
be more more picky about option length parsing. sync with kame

make validation code more strict for ND6/dest6 variable length headers.
check duplicated nd6_ifinfo table initialization in a better way.
sync with kame

minimize diff with the latest kame tree.

branches: 1.7.4;
fix include pathname for better rfc2292 compliance.

remove too much portability code in KAME, to improve readability.

sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)

branches: 1.4.2; 1.4.8;
remove reference to in6_systm.h (file itself will be removed afterwords)

RCS ID police.

branches: 1.2.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

branches: 1.1.2;
file dest6.c was initially added on branch kame.

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.26.12; 1.26.16;
Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.25.2; 1.25.10; 1.25.16;
Merge the socket locking patch:

- Socket layer becomes MP safe.
- Unix protocols become MP safe.
- Allows protocol processing interrupts to safely block on locks.
- Fixes a number of race conditions.

With much feedback from matt@ and plunky@.

Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().

branches: 1.23.38; 1.23.40;
KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.

Cosmetic: don't open-code TAILQ_FOREACH().

Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.

Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.

Constify:

1 Introduce const accessor for route->ro_dst, rtcache_getdst().

2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.

3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.

4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.

branches: 1.22.26;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.

branches: 1.21.16;
change ESP xx_schedlen() return type to size_t. sync w/kame

branches: 1.20.6;
use correct padding boundary, to correctly estimate ESP header size.
problem found by Arto Selonen <arto@selonen.org>

cut and paste error in comment. From: Arto Selonen <arto@selonen.org>

branches: 1.18.10; 1.18.12;
reduce diff with kame. whitespace changes only.

branches: 1.17.2;
use _KERNEL_OPT

branches: 1.16.2;
memcpy -> bcopy, for sync with kame tree

verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA.
TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6,
it is rather important for us to support those cases.
TODO: more testing
TODO: kame sync

Restructure the Path MTU Discovery code somewhat to avoid
entering rtentry's for hosts we're not actually communicating
with.

Do this by invoking the ctlinput for the protocol, which is
responsible for validating the ICMP message:
* TCP -- Lookup the connection based on the address/port
pairs in the ICMP message.
* AH/ESP -- Lookup the SA based on the SPI in the ICMP message.

If validation succeeds, ctlinput is responsible for calling
icmp_mtudisc(). icmp_mtudisc() then invokes callbacks registered
by protocols (such as TCP) which want to take some sort of special
action when a path's MTU changes. For TCP, this is where we now
refresh cached routes and re-enter slow-start.

As a side-effect, this fixes the problem where TCP would not be
notified when a path's MTU changed if AH/ESP were being used.

XXX Note, this is only a fix for the IPv4 case. For the IPv6
XXX case, we need to wait for the KAME folks.

Reviewed by sommerfeld@netbsd.org and itojun@netbsd.org.

do not hardcode maximum IV length.

use per-block cipher function + esp_cbc_{de,en}crypt. do not use
cbc-over-mbuf functions in sys/crypto.

the change should make it much easier to switch crypto function to
machine-dependent ones (like assembly code under sys/arch/i386/crypto?).
also it should be much easier to import AES algorithms.

XXX: it looks that past blowfish-cbc code was buggy. i ran some test pattern,
and new blowfish-cbc code looks more correct. there's no interoperability
between the old code (before the commit) and the new code (after the commit).

XXX: need serious interop tests before move it into 1.5 branch

wrap kernel function prototype by #ifdef _KERNEL.

pre-compute and cache intermediate crypto key. suggestion from sommerfeld,
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)

correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)

branches: 1.8.2;
add algorithm name into algorithm table. (commit to crypto-intl will follow)

branches: 1.7.2;
bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon

remove too much portability code in KAME, to improve readability.

avoid namespace polution ("#ifdef KERNEL" was mistakingly used)

branches: 1.4.2; 1.4.8;
sync with recent KAME.
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).

defopt INET6, and put it in opt_inet.h (most places already include this
file, which is why the file list is so short).

branches: 1.2.2;
RCS ID police.

branches: 1.1.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.13.8; 1.13.12;
Fix some code paths where pointers are dereferenced after checking that
they are NULL (oops?)

XXX pull-ups for NetBSD-4 and NetBSD-5.

branches: 1.12.2; 1.12.4;
Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch

Correct two more bungled bcopy() -> memcpy() conversions.

bcopy -> memcpy

bzero -> memset

branches: 1.8.10; 1.8.18; 1.8.20; 1.8.24;
Convert many of the uses of __attribute__ to equivalent
__packed, __unused and __dead macros from cdefs.h

branches: 1.7.8; 1.7.14; 1.7.16; 1.7.20;
Ansify + add a few comments, from Karl Sjödahl

branches: 1.6.2; 1.6.4;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

branches: 1.5.2; 1.5.4;
__unused removal on arguments; approved by core.

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

branches: 1.3.20; 1.3.22;
merge ktrace-lwp.

branches: 1.2.2;
AES counter mode uses 8byte IV, not 16 bytes.
msa@burp.tkv.asdf.org, Juha.Leppilahti@iki.fi

branches: 1.1.2; 1.1.4; 1.1.8; 1.1.10; 1.1.16;
AES XCBC MAC (for AH)
AES counter mode (for ESP)

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.3.12; 1.3.16;
Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.2.74; 1.2.84; 1.2.90;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.

branches: 1.1.4; 1.1.18;
AES XCBC MAC (for AH)
AES counter mode (for ESP)

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.46.8; 1.46.12;
Fix some code paths where pointers are dereferenced after checking that
they are NULL (oops?)

XXX pull-ups for NetBSD-4 and NetBSD-5.

branches: 1.45.2; 1.45.4;
Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch

bcopy -> memcpy

bzero -> memset

Ansify function definitions w/o arguments. Generated with sed.

Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.40.32; 1.40.42; 1.40.44; 1.40.48;
Ansify + add a few comments, from Karl Sjödahl

branches: 1.39.2; 1.39.4;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

branches: 1.38.2; 1.38.4;
__unused removal on arguments; approved by core.

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

branches: 1.36.2; 1.36.4;
fix incomplete initializer

branches: 1.35.4; 1.35.8;
merge ktrace-lwp.

Remove write-only variable "derived" in esp_cbc_encrypt().

branches: 1.33.14; 1.33.16;
Use BF_ecb_encrypt() instead of using BF_encrypt()/BF_decrypt()
directly. Reviewed by itojun.

Move the opencrypto CAST-128 implementation to crypto/cast128, removing
the old one. Rename the functions/structures from cast_* to cast128_*.
Adapt the KAME IPsec to use the new CAST-128 code, which has a simpler
API and smaller footprint.

add AH/ESP algorithms: hmac-ripemd160 (AH), AES XCBC MAC (AH),
AES counter mode (ESP)

clear scheduled key before freeing, for safety

cosmetic

avoid assuming result buffer size in AH logic. sync w/kame

due to previous type change, sav->schedlen never go negative. sync w/kame

change ESP xx_schedlen() return type to size_t. sync w/kame

branches: 1.25.6;
correct pointer signedness mixups. sync w/kame

use correct padding boundary, to correctly estimate ESP header size.
problem found by Arto Selonen <arto@selonen.org>

whitespace cleanup

whitespace cleanup

branches: 1.21.8; 1.21.10;
sync blowfish function prototype between i386 assembly and C.
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>

whitespace/costmetic sync w/kame

fix cast128 with shorter key length. sync with kame

add RCSIDs

reduce diff with kame. whitespace changes only.

minor style

Add asm versions of blowfish and des transforms for i386.

This also involved updating the in-kernel DES functions to correspond
to the versions in our in-tree OpenSSL, because the des_SPtrans table
has changed; the asm code will not work with the old permutation table!

C and i386 asm code for the DES, 3DES, and Blowfish CBC modes is also
included; it is not currently built as the ESP processing in esp_core.c
splits the CBC operation and the cipher transform apart. Hopefully that
will be fixed as there is a substantial performance improvement to be had
from doing so. It will remain necessary to use the C version of the
Blowfish CBC function on some i386 machines, however, as the asm version
uses bswapl, which ony 486 and later processors have. The DES CBC code
doesn't have this problem.

Finally, change esp_core.c to use the ecb3_encrypt function instead of
calling ecb_encrypt three times; this improves performance a bit, in
particular in the asm case.

branches: 1.14.2; 1.14.4; 1.14.6; 1.14.8;
avoid possible align issue

[13]des fix for big endian machines. from: shigeru@iij.ad.jp

always use rnd(4) for IPsec random number source. avoid random(9).
if there's no rnd(4), random(9) will be used with one-time warning printf(9).

XXX not sure how good rnd_extract_data(RND_EXTRACT_ANY) is, under entropy-
starvation situation

correct merge failure in key size validation.

add ESP rijndael logic. yet to be usable (until algorithm # is assigned)

do not hardcode maximum IV length.

repair blowfish-cbc. BF_encrypt() takes value in host byteorder, yuck!
(no effect to 1.5 branch)

repair DES on LP64. past code did not interoperate with non-LP64, due to
incorrect computed results.
remove unnecessary #ifdef/#define. sync with kame.

LP64 fix (cast to u_long when printing size_t)

improve code sharing for esp_schedule(). add some diagnostics cases
for esp_cbc_{en,de}crypt(). sync with kame.

use per-block cipher function + esp_cbc_{de,en}crypt. do not use
cbc-over-mbuf functions in sys/crypto.

the change should make it much easier to switch crypto function to
machine-dependent ones (like assembly code under sys/arch/i386/crypto?).
also it should be much easier to import AES algorithms.

XXX: it looks that past blowfish-cbc code was buggy. i ran some test pattern,
and new blowfish-cbc code looks more correct. there's no interoperability
between the old code (before the commit) and the new code (after the commit).

XXX: need serious interop tests before move it into 1.5 branch

pre-compute and cache intermediate crypto key. suggestion from sommerfeld,
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)

correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)

branches: 1.1.1;
Initial revision

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.50.2; 1.50.6; 1.50.8; 1.50.12; 1.50.14;
Retire varargs.h support. Move machine/stdarg.h logic into MI
sys/stdarg.h and expect compiler to provide proper builtins, defaulting
to the GCC interface. lint still has a special fallback.
Reduce abuse of _BSD_VA_LIST_ by defining __va_list by default and
derive va_list as required by standards.

bzero -> memset

bcmp -> memcmp

branches: 1.47.2; 1.47.10; 1.47.16;
Merge the socket locking patch:

- Socket layer becomes MP safe.
- Unix protocols become MP safe.
- Allows protocol processing interrupts to safely block on locks.
- Fixes a number of race conditions.

With much feedback from matt@ and plunky@.

Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().

branches: 1.45.16; 1.45.18;
machine/{bus,cpu,intr}.h -> sys/{bus,cpu,intr}.h

branches: 1.44.6; 1.44.8; 1.44.12;
Ansify + add a few comments, from Karl Sjödahl

branches: 1.43.2; 1.43.4;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.

Cosmetic: don't open-code TAILQ_FOREACH().

Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.

Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.

Constify:

1 Introduce const accessor for route->ro_dst, rtcache_getdst().

2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.

3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.

4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.

branches: 1.41.4;
__unused removal on arguments; approved by core.

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

branches: 1.39.20; 1.39.22;
merge ktrace-lwp.

Defopt IPSEC_NAT_T.

branches: 1.37.2;
move decl of inetsw to its own header to avoid array of incomplete type.
found by gcc4. reported by Adam Ciarcinski.

Enhance IPSEC_NAT_T so that it can work with multiple machines behind the
same NAT.

branches: 1.35.8; 1.35.14;
KNF

fix uninitialized variables

m_cat may free mbuf on 2nd arg, so m_pkthdr manipulation has to happen
before m_cat call. from Julian Coleman via kame.

unifdef -U_IP_VHL

remove obsolete comment on the use of m_pullup

fix missing check for taillen against pkthdr.len. markus@openbsd

branches: 1.29.2;
always use PULLDOWN_TEST codepath.

Remove variable that is only assigned too but not referenced.

increase correct stat. KAME pr 445

correct pointer signedness mixups. sync w/kame

correct signedness mixup in pointer passing. sync w/kame

check packet length before fetching ESP crypto checksum. sync w/kame

avoid swapping endian of ip_len and ip_off on mbuf, to meet with M_LEADINGSPACE
optimization made last year. should solve PR 17867 and 10195.

IP_HDRINCL behavior of raw ip socket is kept unchanged. we may want to
provide IP_HDRINCL variant that does not swap endian.

whitespace cleanup

branches: 1.21.4; 1.21.6;
esp/ah_ctlinput: pass useful address to key_alloc.

remove obsolete #if 0'ed portion.

add RCSIDs

reduce diff with kame. whitespace changes only.

branches: 1.17.2;
Remove the use of splimp() from the NetBSD kernel. splnet()
and only splnet() is allowed for the protection of data structures
used by network devices.

branches: 1.16.2;
make sure to enforce inbound ipsec policy checking, for any protocols on top
of ip (check it when final header is visited). sync with kame.
XXX kame team will need to re-check policy engine code

pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery
behavior with other protocols (i.e. validation, use of hiwat/lowat).

- record IPsec packet history into m_aux structure.
- let ipfilter look at wire-format packet only (not the decapsulated ones),
so that VPN setting can work with NAT/ipfilter settings.
sync with kame.

TODO: use header history for stricter inbound validation

update icmp6 too big validation. the change is necessary since pmtud is
mandatory for IPv6 (so we can't just validate by using connected pcb - we need
to allow traffic from unconnected pcb to do pmtud).
- if the traffic is validated by xx_ctlinput, allow up to "hiwat" pmtud
route entries.
- if the traffic was not validated by xx_ctlinput, allow up to "lowat" pmtud
route entries (there's upper limit, so bad guys cannot blow up our routing
table).
sync with kame

XXX need to think again about default hiwat/lowat value.
XXX victim selection to help starvation case

branches: 1.12.2;
memcpy -> bcopy, for sync with kame tree

verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA.
TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6,
it is rather important for us to support those cases.
TODO: more testing
TODO: kame sync

Restructure the Path MTU Discovery code somewhat to avoid
entering rtentry's for hosts we're not actually communicating
with.

Do this by invoking the ctlinput for the protocol, which is
responsible for validating the ICMP message:
* TCP -- Lookup the connection based on the address/port
pairs in the ICMP message.
* AH/ESP -- Lookup the SA based on the SPI in the ICMP message.

If validation succeeds, ctlinput is responsible for calling
icmp_mtudisc(). icmp_mtudisc() then invokes callbacks registered
by protocols (such as TCP) which want to take some sort of special
action when a path's MTU changes. For TCP, this is where we now
refresh cached routes and re-enter slow-start.

As a side-effect, this fixes the problem where TCP would not be
notified when a path's MTU changed if AH/ESP were being used.

XXX Note, this is only a fix for the IPv4 case. For the IPv6
XXX case, we need to wait for the KAME folks.

Reviewed by sommerfeld@netbsd.org and itojun@netbsd.org.

fix compilation without INET. fix confusion between ipsecstat and ipsec6stat.
sync with kame.

pullup IPv6 and subsequent headers, on IPv6 IPsec transport mode input.
(not normally visited - we have switched to m_pulldown. just for completeness)

improve code sharing for esp_schedule(). add some diagnostics cases
for esp_cbc_{en,de}crypt(). sync with kame.

use per-block cipher function + esp_cbc_{de,en}crypt. do not use
cbc-over-mbuf functions in sys/crypto.

the change should make it much easier to switch crypto function to
machine-dependent ones (like assembly code under sys/arch/i386/crypto?).
also it should be much easier to import AES algorithms.

XXX: it looks that past blowfish-cbc code was buggy. i ran some test pattern,
and new blowfish-cbc code looks more correct. there's no interoperability
between the old code (before the commit) and the new code (after the commit).

XXX: need serious interop tests before move it into 1.5 branch

add missing splx, when outgoing interface queue is full on tunnelled
ESP packet output. KAME PR 280.

clarify comment. from jhawk. sync with kame.

pre-compute and cache intermediate crypto key. suggestion from sommerfeld,
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)

correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)

branches: 1.1.1;
Initial revision

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.36.12; 1.36.16;
Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch

bcopy -> memcpy

bzero -> memset

Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.32.2; 1.32.10; 1.32.16;
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().

branches: 1.31.10; 1.31.12;
Kill _IP_VHL ifdef (from netinet/ip.h history, it has never been used in NetBSD so ...)

branches: 1.30.8; 1.30.10;
{ah,esp,ipcomp}_output must return 0 on success. On failure, it returns the
error and m is freed. Previously, it was not the case in ipcomp and esp case
(aka in some case, it returns 0 with m freed, or an error and m was not freed).

In ipcomp_output, fix some leak of mcopy too.

Use the same error path in {ah,esp,ipcomp}_output.

Problem was reported by Wolfgang Stukenbrock in pr/36768.

In the IPSEC_NAT_T case, we must set the udp length even if the ESP entry
doesn't have an integrity algorithm.

Reported by Wolfgang Stukenbrock in pr/36781 . Thanks you a lot.

branches: 1.28.6; 1.28.8;
fix typos in previous

Ansify + add a few comments, from Karl Sjödahl

branches: 1.26.2; 1.26.8; 1.26.10; 1.26.16;
fix spelling of accommodate; from Zapher.

branches: 1.25.2; 1.25.4;
comment out comparison always false

branches: 1.24.4; 1.24.8;
merge ktrace-lwp.

Defopt IPSEC_NAT_T.

branches: 1.22.2;
- avoid shadowed variables
- sprinkle const.

Enhance IPSEC_NAT_T so that it can work with multiple machines behind the
same NAT.

branches: 1.20.2;
nuke trailing whitespace

Add support for IPsec Network Address Translator traversal (NAT-T), as
described by RFC 3947 and 3948.

branches: 1.18.8; 1.18.10;
- prepare for RFC2401bis 64bit sequence number (no behavior change yet)
- use hash for SPI-based SAD entry lookup (should be faster, i hope)
- cleanup keydb.c and key.c. key.c is responsible for refcounting secasvar,
keydb.c is responsible for alloc/free.

unifdef -U_IP_VHL

branches: 1.16.6;
remove trailing \n in panic(). approved perry.

avoid hardcoded "16" for max AH sum size. use AH_MAXSUMSIZE.

use correct padding boundary, to correctly estimate ESP header size.
problem found by Arto Selonen <arto@selonen.org>

whitespace cleanup

branches: 1.12.8; 1.12.10;
add RCSIDs

reduce diff with kame. whitespace changes only.

branches: 1.10.2; 1.10.4; 1.10.6;
always use rnd(4) for IPsec random number source. avoid random(9).
if there's no rnd(4), random(9) will be used with one-time warning printf(9).

XXX not sure how good rnd_extract_data(RND_EXTRACT_ANY) is, under entropy-
starvation situation

fix compilation without INET. fix confusion between ipsecstat and ipsec6stat.
sync with kame.

do not hardcode maximum IV length.

improve code sharing for esp_schedule(). add some diagnostics cases
for esp_cbc_{en,de}crypt(). sync with kame.

use per-block cipher function + esp_cbc_{de,en}crypt. do not use
cbc-over-mbuf functions in sys/crypto.

the change should make it much easier to switch crypto function to
machine-dependent ones (like assembly code under sys/arch/i386/crypto?).
also it should be much easier to import AES algorithms.

XXX: it looks that past blowfish-cbc code was buggy. i ran some test pattern,
and new blowfish-cbc code looks more correct. there's no interoperability
between the old code (before the commit) and the new code (after the commit).

XXX: need serious interop tests before move it into 1.5 branch

clarify comment. from jhawk. sync with kame.

pre-compute and cache intermediate crypto key. suggestion from sommerfeld,
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)

correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)

remove unnecessary #include <netkey/key_debug.h>. from kame.

branches: 1.1.1;
Initial revision

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.20.88; 1.20.92;
__unused removal on arguments; approved by core.

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

branches: 1.18.20; 1.18.22;
merge ktrace-lwp.

branches: 1.17.16;
simplify rijndael.c API - always schedule encrypt/decrypt key.
reviewed by thorpej

rijndael encryption context/scheduled key is assymmetric; need to setup two
(one for encryption, one for decryption)

Use the simplified rijndael API (which this was essentially a duplicate
of). XXX This file can now be merged into esp_core.c.

add AH/ESP algorithms: hmac-ripemd160 (AH), AES XCBC MAC (AH),
AES counter mode (ESP)

change ESP xx_schedlen() return type to size_t. sync w/kame

assymetric -> asymmetric

rijndael is assymmetric, correction from markus@openbsd

simplify and update rijndael code. markus@openbsd

branches: 1.9.2;
allocate route_in6 in struct secashead, to avoid mistakenly overrun
the end of secashead. Fixes PR18751.

correct pointer signedness mixups. sync w/kame

branches: 1.7.10;
add RCSIDs

sync with kame.
net.inet6.icmp6.nodeinfo is now a bitmap (2^0 = ping6 -w, 2^1 = ping6 -a).
give up local if there's mbuf alloc failures.
cope with ".." in hostname.
sync comments/whitespaces.

branches: 1.5.2;
Symmetric has one s and two m's.

branches: 1.4.2;
pass key to rijndael logic as binary, not hexadecimal string.
sync with kame

branches: 1.3.2;
save a little bit of CPU time (avoid computing CBC IV we do not use).
sync with kame.

branches: 1.2.2;
remove #ifdef freebsd

add ESP rijndael logic. yet to be usable (until algorithm # is assigned)

remove KAME IPSEC, replaced by FAST_IPSEC

branches: 1.4.12; 1.4.16;
Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.3.74; 1.3.84; 1.3.90;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.

branches: 1.2.16;
change ESP xx_schedlen() return type to size_t. sync w/kame

branches: 1.1.2; 1.1.4; 1.1.28;
add ESP rijndael logic. yet to be usable (until algorithm # is assigned)

remove KAME IPSEC, replaced by FAST_IPSEC

Make FAST_IPSEC the default IPSEC implementation which is built
into the kernel if the "IPSEC" kernel option is given.
The old implementation is still available as KAME_IPSEC.
Do some minimal manpage adjustment -- kame_ipsec(4) is a copy
of the old ipsec(4) and the latter is now a copy of fast_ipsec(4).

rename the IPSEC in-kernel CPP variable and config(8) option to
KAME_IPSEC, and make IPSEC define it so that existing kernel
config files work as before
Now the default can be easily be changed to FAST_IPSEC just by
setting the IPSEC alias to FAST_IPSEC.

branches: 1.6.2;
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:

An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.

A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.

The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.

An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.

A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.

An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.

In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.

The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.

The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.

A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.

The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.

Manual pages for the new kernel interfaces are forthcoming.

branches: 1.5.88;
Merge kernel and userland rmd160 and sha2 implementation.
XXX: We still install rmd160.h and sha2.h in /usr/include/crypto, unlike
the other hash functions which get installed in /usr/include for compatibility.

branches: 1.4.20; 1.4.22;
merge ktrace-lwp.

Defopt IPSEC_NAT_T.

branches: 1.2.4; 1.2.16; 1.2.18;
separate netkey/key* and netipsec/key*

change confusing filename

no need for ip6_id.c...

branches: 1.13.16;
Move udp6_output() into udp6_usrreq.c, and remove udp6_output.c. This is
more consistent with IPv4, and there is no good reason for keeping a
separate file only for one function. FreeBSD did the same.

ip6flow refactor like ipflow.

- move ip6flow sysctls into ip6_flow.c like ip_flow.c:r1.64
- build ip6_flow.c only if GATEWAY kernel option is enabled

branches: 1.11.2;
Add core networking support for SCTP.

Add DCCP protocol support from KAME.

add routines to print in6_addr and sockaddr_in6 (in6_print, sin6_print)

branches: 1.8.2; 1.8.54; 1.8.74;
Refactor in_cksum/in4_cksum/in6_cksum implementations:
- All three functions are included in the kernel by default.
They call a backend function cpu_in_cksum after possibly
computing the checksum of the pseudo header.
- cpu_in_cksum is the core to implement the one-complement sum.
The default implementation is moderate fast on most platforms
and provides a 32bit accumulator with 16bit addends for L32 platforms
and a 64bit accumulator with 32bit addends for L64 platforms.
It handles edge cases like very large mbuf chains (could happen with
native IPv6 in the future) and provides a good base for new native
implementations.
- Modify i386 and amd64 assembly to use the new interface.

This disables the MD implementations on !x86 until the conversion is
done. For Alpha, the portable version is faster.

branches: 1.7.16; 1.7.22;
Add IPv6 Fast Forward - the IPv4 counterpart:

If ip6_forward successfully forwards a packet, a cache, in this case a
ip6flow struct entry, will be created. ether_input and friends will
then be able to call ip6flow_fastforward with the packet which will then
be passed to if_output (unless an issue is found - in that case the packet
is passed back to ip6_input).

ok matt@ christos@ dyoung@ and joerg@

branches: 1.6.4;
move tso-by-software code to their own files. no functional changes.

branches: 1.5.8; 1.5.10;
Add support for RFC 3542 Adv. Socket API for IPv6 (which obsoletes 2292).
* RFC 3542 isn't binary compatible with RFC 2292.
* RFC 2292 support is on by default but can be disabled.
* update ping6, telnet and traceroute6 to the new API.

From the KAME project (www.kame.net).
Reviewed by core.

branches: 1.4.2; 1.4.4; 1.4.6; 1.4.8; 1.4.10;
Better support of IPv6 scoped addresses.

- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.

This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.

From the KAME project via JINMEI Tatuya.
Approved by core@.

branches: 1.3.2;
merge ktrace-lwp.

branches: 1.2.16;
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability
of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.

branches: 1.1.2; 1.1.8;
Move netinet, netinet6, ipsec, and ipfilter config defns to
netinet/files.ipfilter, etinet/files.netinet, netinet6/files.netinet6,
and netinet6/files.netipsec.

XXX There are still a few stragglers in conf/files, which are entangled
with other network protocols.

change confusing filename

add AH/ESP algorithms: hmac-ripemd160 (AH), AES XCBC MAC (AH),
AES counter mode (ESP)

sha2 is needed for AH, not ESP

add hmac-sha2 support. various cleanups (like avoid hardcoding '16').
from kame

branches: 1.2.2; 1.2.8;
IPSEC_ESP depends on the "des", "blowfish", "cast128", and "rijndael"
attributes.

Move netinet, netinet6, ipsec, and ipfilter config defns to
netinet/files.ipfilter, etinet/files.netinet, netinet6/files.netinet6,
and netinet6/files.netipsec.

XXX There are still a few stragglers in conf/files, which are entangled
with other network protocols.

frag6: fix calculation of fragment length

Because of the miscalculation, 32 bytes fragmented IPv6 packets
have been wrongly dropped.

See https://mail-index.netbsd.org/tech-net/2024/04/14/msg008741.html
for more details.

Patch from Yasuyuki KOZAKAI (with minor tweaks)

Add a check for FreeBSD-SA-23:06.ipv6, although it is not reproducible for us.
factor out code copied 3 times (and now would have been a 4th)

branches: 1.76.2;
frag6: don't use spin mutex for frag6_lock

frag6_lock is held during sending a packet (icmp6_error), so we must
not use a spin mutex because we can acquire sleep locks on sending
a packet.

Also we don't need to use spin mutex for frag6_lock anymore because
frag6_lock is now not used from hardware interrupt context.

Get rid of unnecessary NULL checks for rt_ifa and ifa_ifp

They are always non-NULL nowadays.

branches: 1.74.2; 1.74.6;
When reassembling IPv4/IPv6 packets, ensure each fragment has been subject
to the same IPsec processing. That is to say, that all fragments are ESP,
or AH, or AH+ESP, or none.

The reassembly mechanism can be used both on the wire and inside an IPsec
tunnel, so we need to make sure all fragments of a packet were received
on only one side.

Even though I haven't tried, I believe there are configurations where it
would be possible for an attacker to inject an unencrypted fragment into a
legitimate stream of already-decrypted-and-authenticated fragments.

Typically on IPsec gateways with ESP tunnels, where we can encapsulate
fragments (as opposed to the general case, where we fragment encapsulated
data).

Note, for the record: a funnier thing, under IPv4, would be to send a
zero-sized !MFF fragment at the head of the packet, and manage to trigger
an ICMP error; M_DECRYPTED gets lost by the reassembly, and ICMP will reply
with the packet in clear (not encrypted).

Rename m_pkthdr_remove -> m_remove_pkthdr, to match the existing naming
convention, eg m_copy_pkthdr and m_move_pkthdr.

Remove now unused net_osdep.h includes, the other BSDs did the same.

Localify global variables, style, and add two XXXs.

Add XXX, using a pool would be better than kmem.

Release the lock a little earlier.

Add XXX. In fact, it would be better, if all the fragments were offloaded,
to quickly recompute the checksum on the fly, and keep it in the mbuf
header.

Remove M_PKTHDR from secondary mbufs when reassembling packets.

This is a real problem, because I found at least one component that relies
on the fact that only the first mbuf has M_PKTHDR: far from here, in
m_splithdr, we don't update m->m_pkthdr.len if M_PKTHDR is found in a
secondary mbuf. (The initial intention there was to avoid updating
m_pkthdr.len twice, the assumption was that if M_PKTHDR is set then we're
dealing with the first mbuf.) Therefore, when handling fragmented IPsec
packets (in particular IPv6, IPv4 is a bit more complicated), we may end
up with an incorrect m_pkthdr.len after authentication or decryption. In
the case of ESP, this can lead to a remote crash on this instruction:

m_copydata(m, m->m_pkthdr.len - 3, 3, lastthree);

m_pkthdr.len is bigger than the actual mbuf chain.

It seems possible to me to trigger this bug even if you don't have the ESP
key, because the fragmentation part is outside of the encrypted ESP
payload.

So if you MITM the target, and intercept an incoming ESP packet (which you
can't decrypt), you should be able to forge a new specially-crafted,
fragmented packet and stuff the ESP payload (still encrypted, as you
intercepted it) into it. The decryption succeeds and the target crashes.

branches: 1.66.2;
Rename back to ip6af_mff. It was actually clearer than ip6af_more.

Fix a buffer overflow in ip6_get_prevhdr. Doing

mtod(m, char *) + len

is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.

The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.

But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.

However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.

As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.

Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.

Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.

This place is still fragile.

Kick zero-sized fragments. We can't allow them to enter; two fragments
could be put at the same offset.

Remove outdated comment and fix typo.

Several changes:

* Move the structure definitions into frag6.c, they should not be used
elsewhere.

* Rename ip6af_mff -> ip6af_more, and switch it to bool, easier to
understand.

* Remove IP6_REASS_MBUF, no point in keeping this.

* Remove ip6q_arrive and ip6q_nxtp, unused.

* Style.

Provide macros for softnet_lock and KERNEL_LOCK hiding NET_MPSAFE switch

It reduces C&P codes such as "#ifndef NET_MPSAFE KERNEL_LOCK(1, NULL); ..."
scattered all over the source code and makes it easy to identify remaining
KERNEL_LOCK and/or softnet_lock that are held even if NET_MPSAFE.

No functional change

branches: 1.60.6;
Tweak softnet_lock and NET_MPSAFE

- Don't hold softnet_lock in some functions if NET_MPSAFE
- Add softnet_lock to sysctl_net_inet_icmp_redirtimeout
- Add softnet_lock to expire_upcalls of ip_mroute.c
- Restore softnet_lock for in{,6}_pcbpurgeif{,0} if NET_MPSAFE
- Mark some softnet_lock for future work

branches: 1.59.2;
Get rid of unnecessary header inclusions

Add rtcache_unref to release points of rtentry stemming from rtcache

In the MP-safe world, a rtentry stemming from a rtcache can be freed at any
points. So we need to protect rtentries somehow say by reference couting or
passive references. Regardless of the method, we need to call some release
function of a rtentry after using it.

The change adds a new function rtcache_unref to release a rtentry. At this
point, this function does nothing because for now we don't add a reference
to a rtentry when we get one from a rtcache. We will add something useful
in a further commit.

This change is a part of changes for MP-safe routing table. It is separated
to avoid one big change that makes difficult to debug by bisecting.

Reduce the number of return points of frag6_input

No functional change.

branches: 1.56.2; 1.56.4;
Don't use new as a variable name.

branches: 1.55.4; 1.55.6; 1.55.10;
draft-gont-6man-ipv6-atomic-fragment-00 is now RFC 6949 (Loganaden Velvindron
logan at elandsys dot com)

branches: 1.54.2;
Loganaden Velvindron:

From "http://tools.ietf.org/html/draft-ietf-6man-ipv6-atomic-fragments-00":

A host that receives an IPv6 packet which includes a Fragment
Header with the "Fragment Offset" equal to 0 and the "M" bit equal
to 0 MUST process such packet in isolation from any other packets/
fragments, even if such packets/fragments contain the same set
{IPV6 Source Address, IPv6 Destination Address, Fragment
Identification}. That is, the Fragment Header of "atomic
fragments" should be removed by the receiving host, and the
resulting packet should be processed as a non-fragmented IPv6
datagram. Additionally, any fragments already queued with the
same set {IPV6 Source Address, IPv6 Destination Address, Fragment
Identification} should not be discarded upon receipt of the
"colliding" IPv6 atomic fragment, since IPv6 atomic fragments do
not really interfere with "normal" fragmented traffic.

branches: 1.53.2;
Remove the wrapper of frag6_input(), restore the behaviour changed in r1.50.
Fix ip6_reass_packet() wrapper used by NPF. Remove #if 0 code for handling
overlaping fragments - IPv6 desupported them anyway. Convert to kmem(9).

branches: 1.52.2;
- fix offsetof usage, and redundant defines
- kill pointer casts to 0

Take softnet_lock and kernel lock in frag6_slowtimo and frag6_fasttimo,
similar to how it's done with other protocols.

If we don't do this sending ICMPv6 messages in this path can cause races
in network interface drivers.

branches: 1.50.4;
Change the IPv6 reassembly mechanism to use mutex(9).
Also add ip6_reass_packet() to be used by NPF.

branches: 1.49.4;
*_drain() routines may be called with locks held, so instead of doing
any work in *_drain(), set a drain-needed flag. Do the work in the
fasttimo handler.

Contributed by Coyote Point Systems, Inc.

When deleting a fragment header use the simple copy operation only if it fits
completely into the mbuf.

branches: 1.47.4; 1.47.6; 1.47.8;
bzero -> memset

branches: 1.46.6; 1.46.12;
protocol "drain" functions can be called in interrupt context, so
don't acquire softnet_lock
approved by ad

branches: 1.45.2; 1.45.4;
Merge the socket locking patch:

- Socket layer becomes MP safe.
- Unix protocols become MP safe.
- Allows protocol processing interrupts to safely block on locks.
- Fixes a number of race conditions.

With much feedback from matt@ and plunky@.

branches: 1.44.2;
Make ip6 and icmp6 stats per-cpu.