Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC r250240:

- Fix exit status when ip6addrctl_verbose=yes [*]
- Use the absolute pathname for ip6addrctl.
- Use "install" instead of "add" to reduce the number of invocations.

Reported by: Tatsuki Makino [*]
PR: conf/175006 [*]

MFC r246255: Use the default policy table of RFC 6724.

MFC r238622

Allow to specify no source-address-selection policy

Approved by: re (kib)

MFC r230099:

Change rcvar= assignments to the literal values set_rcvar
would have returned. This will slightly reduce boot time,
and help in diff reduction to HEAD.

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Split $ipv6_prefer into $ip6addrctl_policy and $ipv6_activate_all_interfaces.

The $ip6addrctl_policy is a variable to choose a pre-defined address
selection policy set by ip6addrctl(8).
The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3,
the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484,
respectively. When "AUTO" is specified, it attempts to read
/etc/ip6addrctl.conf first. If it is found, it reads and installs it as
a policy table. If not, either of the two pre-defined policy tables is
chosen automatically according to $ipv6_activate_all_interfaces.

When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding
$ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.

The default values are ip6addrctl_policy=AUTO and
ipv6_activate_all_interfaces=NO.

Discussed with: ume and bz

Revert changes in r206408.

Discussed with: dougb, core.5, and core.6

Improve the handling of IPv6 configuration in rc.d. The ipv6_enable
and ipv6_ifconfig_<interface> options have already been deprecated,
these changes do not alter that.

With these changes any value set for ipv6_enable will emit a
warning. In order to avoid a POLA violation for the deprecation
of the option ipv6_enable=NO will still disable configuration
for all interfaces other than lo0. ipv6_enable=YES will not have
any effect, but will emit an additional warning. Support and
warnings for this option will be removed in FreeBSD 10.x.

Consistent with the current code, in order for IPv6 to be configured
on an interface (other than lo0) an ifconfig_<interface>_ipv6
option will have to be added to /etc/rc.conf[.local].

1. Clean up and minor optimizations for the following functions:
ifconfig_up (the ipv6 elements)
ipv6if
ipv6_autoconfif
get_if_var
_ifconfig_getargs
The cleanups generally were to move the "easy" tests earlier in the
functions, and consolidate duplicate code.

2. Stop overloading ipv6_prefer with the ability to disable IPv6
configuration.

3. Remove noafif() which was only ever called from ipv6_autoconfif.
Instead, simplify and integrate the tests into that function, and
convert the test to use is_wired_interface() instead of listing
wireless interfaces explicitly.

4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
into _ifconfig_getargs. This dramatically simplifies the code in
all of the callers, and avoids a lot of other code duplication.

5. In rc.d/netoptions, add code for an ipv6_privacy option to use
RFC 4193 style pseudo-random addresses (this is what windows does
by default, FYI).

6. Add support for the [NO]RTADV options in ifconfig_getargs() and
ipv6_autoconfif(). In the latter, include support for the explicit
addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
in the current code.

7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
the set_rcvar_obsolete for it. Also remove the latter from
rc.d/ip6addrctl.

8. In /etc/defaults/rc.conf:

Add an example for RTADV configuration.

Set ipv6_network_interfaces to AUTO.

Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
no effect.

Add a default for ipv6_privacy (NO).

9. Document all of this in rc.conf.5.

- Add AF_IPX and AF_NATM to afexists().

- Add afexists() check to address family specific rc.d scripts. A
script for an AF will be silently ignored if the kernel has no
support for the AF.

Fix several logic bugs in the previous IPv6 variable change and
re-add $ipv6_enable support for backward compatibility. From
UPDATING:

1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF
for IPv4. For aliases, $ifconfig_IF_aliasN should be used.
Note that both variables need the "inet6" keyword at the head.

Do not set $ipv6_network_interfaces manually if you do not
understand what you are doing. It is not needed in most cases.

$ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but
they are obsolete.

2. $ipv6_enable is obsolete. Use $ipv6_prefer and/or
"inet6 accept_rtadv" keyword in ifconfig(8) instead.

If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and
all configured interfaces have "inet6 accept_rtadv" in the
$ifconfig_IF_ipv6. These are for backward compatibility.

3. A new variable $ipv6_prefer has been added. If NO, IPv6
functionality of interfaces with no corresponding
$ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag,
and the default address selection policy of ip6addrctl(8)
is the IPv4-preferred one (see rc.d/ip6addrctl for more details).
Note that if you want to configure IPv6 functionality on the
disabled interfaces after boot, first you need to clear the flag by
using ifconfig(8) like:

ifconfig em0 inet6 -ifdisabled

If YES, the default address selection policy is set as
IPv6-preferred.

The default value of $ipv6_prefer is NO.

4. If your system need to receive Router Advertisement messages,
define "inet6 accept_rtadv" in $ifconfig_IF_ipv6. The rc(8)
scripts automatically invoke rtsol(8) when the interface becomes
UP. The Router Advertisement messages are used for SLAAC
(State-Less Address AutoConfiguration).

Integrate rc.d/network_ipv6 into rc.d/netif:

- Add rc.d/stf and rc.d/faith for stf(4) and faith(4).
- Remove rc.d/auto_linklocal and rc.d/network_ipv6.
- Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif
depends on some sysctl variables.

Reviewed by: brooks
MFC after: 3 days

As previously discussed, add the svn:executable property to all scripts

Add a dummy script, FILESYSTEMS, which depends on root and mountcritlocal
and takes over mountcritlocal's role as the early / late divider. This
makes it far easier to add rc scripts which need to run early, such as a
startup script for zfs, which is right around the corner.

This change should be a no-op; I have verified that the only change in
rcorder's output is the insertion of FILESYSTEMS immediately after
mountcritlocal.

MFC after: 3 weeks

Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days

Add ip6addrctl_enable and ip6_addrctl_verbose option. If
ip6addrctl_enable is set to YES, address selection policy is installed
into kernel.
If there is /etc/ip6addrctl.conf, it is used for address selection
policy. Even if there is no /etc/ip6addrctl.conf, we install default
policy. In this case, if ipv6_enable is set to YES, we use address
selection policy described in RFC 3484 as default. Otherwise, we
install priority policy for IPv4 address.
The default of ip6addrctl_enable is NO for now. However, it may
better to enable it by default.

Mark scripts as not usable inside a jail by adding keyword 'nojail'.

Some suggestions from: rwatson, Ruben de Groot <mail25@bzerk.org>

install address selection policy into kernel when there is
/etc/ip6addrctl.conf.
following sample of ip6addrctl.conf is a good default:

#Prefix Precedence Label
::1/128 50 0
::/0 40 1
2002::/16 30 2
::/96 20 3
::ffff:0:0/96 10 4