Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

Capsicumize rtsol(8) and rtsold(8).

These programs parse ND6 Router Advertisement messages; rtsold(8) has
required an SA, SA-14:20.rtsold, for a bug in this code. Thus, they
are good candidates for sandboxing.

The approach taken is to run the main executable in capability mode
and use Casper services to provide functionality that cannot be
implemented within the sandbox. In particular, several custom services
were required.

- A Casper service is used to send Router Solicitation messages on a
raw ICMP6 socket. Initially I took the approach of creating a
socket for each interface upon startup, and connect(2)ing it to
the all-routers multicast group for the interface. This permits
the use of sendmsg(2) in capability mode, but only works if the
interface's link is up when rtsol(d) starts. So, instead, the
rtsold.sendmsg service is used to transmit RS messages on behalf
of the main process. One could alternately define a service
which simply creates and connects a socket for each destination
address, and returns the socket to the sandboxed process. However,
to implement rtsold's -m option we also need to read the ND6 default
router list, and this cannot be done in capability mode.
- rtsold may execute resolvconf(8) in response to RDNSS and DNSSL
options in received RA messages. A Casper service is used to
fork and exec resolvconf(8), and to reap the child process.
- A service is used to determine whether a given interface's
link-local address is useable (i.e., not duplicated or undergoing
DAD). This information is supplied by getifaddrs(3), which reads
a sysctl not available in capability mode. The SIOCGIFCONF socket
ioctl provides equivalent information and can be used in capability
mode, but I decided against it for now because of some limitations
of that interface.

In addition to these new services, cap_syslog(3) is used to send
messages to syslogd.

Reviewed by: oshogbo
Tested by: bz (previous versions)
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17572

Now that we own the code, use arc4random(3) unconditionally
and remove the corresponding HAVE_ARC4RANDOM conditions.

MFC after: 2 weeks

- Remove #ifdef HAVE_POLL_H.
- Use nitems().

MFC after: 3 days

rtsold does not need to link to libkvm

Convert usr.sbin to LIBADD
Reduce overlinking

Lower WARNS level to 3 to eliminate alignment warnings related to
casting inherent in CMSG_DATA().

Remove redundant assignments to WARNS.

For these directories, WARNS is already implied to be 6.

- Implement RDNSS and DNSSL options (RFC 6106, IPv6 Router Advertisement
Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS
information received by rtsold(8) will go to resolv.conf(5) by
resolvconf(8) script. This is based on work by J.R. Oldroyd (kern/156259)
but revised extensively[1].

- rtadvd(8) now supports "noifprefix" to disable gathering on-link prefixes
from interfaces when no "addr" is specified[2]. An entry in rtadvd.conf
with "noifprefix" + no "addr" generates an RA message with no prefix
information option.

- rtadvd(8) now supports RTM_IFANNOUNCE message to fix crashes when an
interface is added or removed.

- Correct bogus ND_OPT_ROUTE_INFO value to one in RFC 4191.

Reviewed by: bz[1]
PR: kern/156259 [1]
PR: bin/152458 [2]

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

rtsol(8)/rtsold(8): make WARNS=3 clean

It is actually WARNS=6 clean for non-strict alignment archs.

Approved by: ed (co-mentor)

The last big commit: let usr.sbin/ use WARNS=6 by default.

- Import the HEAD csup code which is the basis for the cvsmode work.

These IPv6-only tools have no explicit dependency on the INET6 macro.

Tested with: cmp(1)

support poll(2).

Obtained from: KAME
MFC after: 1 week

drop the code for the environment where getifaddrs(3) is not
supported.

Obtained from: KAME
MFC after: 1 week

style.Makefile(5)

Add -DHAVE_ARC4RANDOM to CFLAGS

Perform a major cleanup of the usr.sbin Makefiles.
These are not perfectly in agreement with each other style-wise, but they
are orders of orders of magnitude more consistent style-wise than before.

Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.

Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks

- Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.

Set the default manual section for usr.sbin/ to 8.

Correct style bugs

Sync with latest KAME.

Obtained from: KAME

Getaddrinfo(), getnameinfo(), and etc support in libc/net.
Several udp and raw apps IPv6 support.

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project