MFC r326362:
Disallow TUN and TAP character device IOCTLs to modify the network device
type to any value. This can cause page faults and panics due to accessing
uninitialized fields in the "struct ifnet" which are specific to the network
device type.

Found by: jau@iki.fi
PR: 223767
Sponsored by: Mellanox Technologies

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Remove EOL whitespace.

Found with: mandoc -Tlint

Cross reference tap(4) and tun(4) and include a short explanation as
to how they differ. This will assist users in selecting which interface
is more appropriate for their purposes.

Approved by: grog (co-mentor)
MFC after: 2 week

Typo.
(Oh well, I guess that's the danger of updating two three-letter-named
entities at the same time.)

Submitted by: Simon L. Nielsen
MFC after: 4 weeks

Implement ifnet cloning for tun(4)/tap(4).
Make devfs cloning a sysctl/tunable which defaults to on.

If devfs cloning is enabled, only the super-user may create
tun(4)/tap(4)/vmnet(4) instances. Devfs cloning is still enabled by
default; it may be disabled from the loader or via sysctl with
"net.link.tap.devfs_cloning" and "net.link.tun.devfs_cloning".

Disabling its use affects potentially all tun(4)/tap(4) consumers
including OpenSSH, OpenVPN and VMware.

PR: 105228 (potentially also 90413, 105570)
Submitted by: Landon Fuller
Tested by: Andrej Tobola
Approved by: core (rwatson)
MFC after: 4 weeks

Patch in previous commit should have bumped doc date.
Fix spelling of ioctl.
Note that previous commit was actually submitted by bz. I'm not yet used
to the code boxes yet.

Noticed by: ru

The SIOCSIFNETMASK ioctl was removed from tun.c, thus remove mention of
it in the tun.4 manual page.

PR: 98541
Submitted by: David Gilbert

Expand *n't contractions.

Correct the misuse of \- (mdoc(7) mathematical minus) when - (mdoc(7)
hyphen) is meant.

Mdoc(7) clue by: ru
Reviewed by: ru

mdoc(7): Use the new feature of the .In macro.

Delete MAKEDEV references and update the text about /dev/foo control
devices that return the next available device when opened.

PR: 50280, 50281, 50282, 50283
Submitted by: Sergey A.Osokin <osa@FreeBSD.org.ru>

Document that IFF_MULTICAST should be ORd with IFF_POINTOPOINT or
IFF_BROADCAST for the TUNSIFMODE ioctl.

mdoc(7) police: -xwidth has been fold into -width.

mdoc(7) police: fixed markup and spelling.

Talk a bit about how cloning works with devfs(5).
Make it clearer about what's going on with TUNSIFHEAD and TUNSLMODE.
Tidy up a little.

pseudo-device -> device in kernel config lines. Removed whitespace at EOL.
Reviewed by: joerg, dd

mdoc(7) police: split punctuation characters + misc fixes.

document TUNSIFINFO, TUNGIFINFO, TUNSIFPID, TUNSIFHEAD, TUNGIFHEAD

mdoc(7) police: use the new features of the Nm macro.

Add a missing "either".
Fix a parenthetic bogon.

Reported by: "Alexander N. Kabaev" <kabaev@mail.ru>
Obtained from: NetBSD

Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.

Remove ``count'' argument of the pseudo-devices that do not
use it anymore.

$Id$ -> $FreeBSD$

Correct a minor spacing error.

.Sh AUTHOR -> .Sh AUTHORS according to mdoc specs.
Use .An/.Aq.

Sort cross refereces in section SEE ALSO.

Wire tun(4) into the Makefile.
Slightly change the way how to credit NetBSD.

This commit was generated by cvs2svn to compensate for changes in r29195,
which included commits to RCS files with non-trunk default branches.

Import NetBSD's tun(4) man page.
Obtained from: NetBSD