- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1
builds.
- Update newvers.sh to reflect RC1.
- Update __FreeBSD_version to reflect 10.3.
- Update default pkg(8) configuration to use the quarterly branch.

Approved by: re (implicit)

MFC r269289, r269290, r269291, r269292, r269293:

r269289:
sort(1): Remove trailing '.' from See Also section.

r269290:
acpi_wmi(4): Remove trailing comma from standalone Xref.

r269291:
hptiop(4): Remove trailing comma from ending Xref.

r269292:
pf.conf(5): Remove trailing comma from ending Xref.

r269293:
kernel_mount(9): Remove trailing comma from ending Xref.

Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

mdoc sweep

o Create directory sys/netpfil, where all packet filters should
reside, and move there ipfw(4) and pf(4).

o Move most modified parts of pf out of contrib.

Actual movements:

sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5

sys/netinet/ipfw -> sys/netpfil/ipfw

The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.

Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.

The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.

Discussed with: bz, luigi

Merge the projects/pf/head branch, that was worked on for last six months,
into head. The most significant achievements in the new code:

o Fine grained locking, thus much better performance.
o Fixes to many problems in pf, that were specific to FreeBSD port.

New code doesn't have that many ifdefs and much less OpenBSDisms, thus
is more attractive to our developers.

Those interested in details, can browse through SVN log of the
projects/pf/head branch. And for reference, here is exact list of
revisions merged:

r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330,
r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656,
r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782,
r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868,
r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223,
r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456,
r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505,
r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168,
r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230,
r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398,
r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548,
r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672,
r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169,
r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442,
r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522,
r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661,
r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212.

I'd like to thank people who participated in early testing:

Tested by: Florian Smeets <flo freebsd.org>
Tested by: Chekaluk Vitaly <artemrts ukr.net>
Tested by: Ben Wilber <ben desync.com>
Tested by: Ian FREISLICH <ianf cloudseed.co.za>

Update packet filter (pf) code to OpenBSD 4.5.

You need to update userland (world and ports) tools
to be in sync with the kernel.

Submitted by: mlaier
Submitted by: eri

Adapt OpenBSD pf's "sloopy" TCP state machine which is useful for Direct
Server Return mode, where not all packets would be visible to the load
balancer or gateway.

This commit should be reverted when we merge future pf versions. The
benefit it would provide is that this version does not break any existing
public interface and thus won't be a problem if we want to MFC it to
earlier FreeBSD releases.

Discussed with: mlaier
Obtained from: OpenBSD
Sponsored by: iXsystems, Inc.
MFC after: 1 month

MFOpenBSD rev 1.393 pf.conf.5

do not describe `/' as solidus; from Allen (freebsd pr120484);

PR: 120484
Submitted by: Allen <alandsidel at 1001islington dot com>
MFC After: 3 days

Commit resolved import of OpenBSD 4.1 pf userland from perforce.

Approved by: re (kensmith)

Revert my previous change, add an MLINK from securelevel.7 to security.7

Discussed with: brueffer

Change securelevel(7) to security(7). Yes i am aware
that this is within the contrib directory.

PR: docs/104402
Submitted by: Dr. Markus Waldeck <waldeck at gmx dot de>

Discussed with: mlaier

From OpenBSD, rev. 1.379
Document how 'allow-opts' applies to routing headers in IPv6.

MFC after: 1 week
Discussed with: mlaier

Mention that we do not support route labels in the BUGS section.

PR: docs/93590
Reported by: Niki Denev

Redirect bridge(4) to if_bridge(4). These should have pointed to if_bridge
from the begining.

Reminded by: ru

Resolve conflicts created during the import of pf 3.7 Some features are
missing and will be implemented in a second step. This is functional as is.

Tested by: freebsd-pf, pfsense.org
Obtained from: OpenBSD

Fix sloppy use of "manpage", bump .Dd where applicable and rename RED to
Random Early Detection (not ... Drop) in order to be consistent with other
documentation on ALTQ

Pointed out by: simon, ru, Brad Davis

Be more verbose about altq SYNOPSIS and add more linkage in the relating pf
documents.

Inspired by: scottl
Reviewed by: Brad Davis <so14kNOso14kSPAMcom>
MFC after: 3 days

Fix a reference from pool(9) -> zone(9), but keep on talking about "memory
pools" as that is what UMA provides.

Submitted by: Jay <jay NO meangrape SPAM com>

Rename the QUEUEING section to QUEUEING/ALTQ to make it easier to find the
appropiate section when redirected from ALTQ(4).

MFC after: 2 days

Document a problem with user/group filtering. With debug.mpsafenet=1 this
might result in a deadlock. The fix involves critical changes in the PF
locking strategy (which will happen after 5.3R). For now advise users to set
debug.mpsafenet=0 if they use this kind of filtering.

The same problem exists for IPFW.

mdoc help from: simon
MFC after: 2 days

Bring in some examples (and create space for future work here):
- Add OpenBSD example rulesets as advertised in etc/pf.conf and pf.conf(5)
- Tweak the pointer to fit the FreeBSD default location share/examples/pf
- Account for the new directory in BSD.usr.dist (no hier(7) change required
as share/examples is an opaque item there).

Obtained from: OpenBSD
Reminded by: Thomas T. Veldhouse
PR: docs/71691
MFC after: 2 days

This commit was generated by cvs2svn to compensate for changes in r130614,
which included commits to RCS files with non-trunk default branches.

Import userland of pf 3.5 from OpenBSD (OPENBSD_3_5_BASE).

Vendor import of OpenBSD's pf userland as of OpenBSD 3.4

Approved by: bms(mentor), core(in general)