remove prototype with no matching function

correct indentation; no functional change
ok tb@

add an endpoint command for "bridges" that use addresses as endpoints.

this can be used to add static entries on interfaces like vxlan(4).

add support for specifying ports on the src address in tunnel endpoints.

Use clock_gettime(), not timespec_get() like other parts of ifconfig.
This makes is possible to build the base system with a C99 compiler.
OK deraadt@ mvs@

Readd "-wgpsk", accidentially dropped in r1.465 adding "wgdescr"

Noticed by Bradley Latus
Diff from Jane Johansson
OK tb

Rename ifconfig tcprecvoffload to tcplro. It is shorter and
more consistent.
discussed with jan@ mvs@ chris@ claudio@ dlg@

Add support for wireguard peer descriptions

"wgdescr[iption] foo" to label one peer (amongst many) on a wg(4) interface,
"-wgdescr[iption]" or "wgdescr ''" to remove the label, completely analogous
to existing interface discriptions.

Idea/initial diff from Mikolaj Kucharski (OK sthen)
Tests/prodded by Hrvoje Popovski
Tweaks/manual bits from me
Feedback deraadt sthen mvs claudio
OK claudio

Use separate IFCAPs for LRO and TSO.

This diff introduces separate capabilities for TCP offloading. We split this
into LRO (large receive offloading) and TSO (TCP segmentation offloading).
LRO can be turned on/off via tcprecvoffload option of ifconfig and is not
inherited to sub interfaces.

TSO is inherited by sub interfaces to signal this hardware offloading capability
to the network stack.

With tweaks from bluhm, claudio and dlg

ok bluhm, claudio

Add interface names in front of error messages.

Suggested by Hrvoje Popovski.

ok phessler@

Delete obsolete /* ARGSUSED */ lint comments.

ok miod@ millert@

remove redundant SIOCS80211JOIN ioctl call in ifconfig delifjoinlist()
Found by Mathias Koehler, thanks!

Unify RSSI check

Two spots in ifconfig print the signal strength, one for the "ieee80211: "
line and one for each SSID in scan output.

Only the former checks nr_rssi, which is not needed as nr_max_rssi alone
indicates whether the driver reports signal strength in percentage or dBm.

Zap the nr_rssi check to simplify; "worst case" we display 0% or 0dBm
instead of nothing.

Feedback OK stsp

- in SYNOPSIS, redo the formatting for "address" and "dest address" to avoid
an ugly line split on narrower terminals
- in usage(), match the output

ifconfig -M <mac> finds the address on an interface and prints it.
cloned (virtual) interfaces are skipped, and if the MAC is on more
than 1 interface, no answer either. The mac must be in same format
as the ifconfig lladdr output (complete lowercase with :)
idea from florian, ok afresh1

Limit wireguard peers listing to -A or wg-interface

ifconfig(8) output can get too long when always printing `wgpeers' for all
wg(4) interfaces, so omit it output is requested and/or output is limited
to the interface group "wg" or a specific interface "wgX".

No install media size change as wireguard code is under #ifndef SMALL.

Diff from Mikolaj Kucharski <mikolaj AT kucharski DOT name>
makes Hrvoje Popovski happy
manual bits from jmc
OK sthen

remove unused variables

Introduce Large Receive Offloading of TCP segment offloading for ix(4). It is
disabled by default. Also add a tso option to ifconfig(8) to enable and
disable this feature.

ok deraadt

constify ifmedia descriptions; ok deraadt@ miod@

rename net80211 ioctl struct ieee80211_channel to struct ieee80211_chaninfo

ioctls should use dedicated names for their structs, but SIOCG80211ALLCHANS
duplicated struct ieee80211_channel. We cannot make changes to the kernel's
version of ieee80211_channel while an ioctl is squatting on the struct name.

Helpful guidance from deraadt@
Tested in a ports bulk build by sthen@, and tested by Mikhail.

ok sthen@

don't hide the mtu on "bridge" interfaces.

interfaces like vxlan and nvgre have bridges inside them and respond
to bridge ioctls, but they are still interfaces that handle l3
traffic so the mtu means something on them. if we don't want bridge
to show an mtu, that can be done by bridge(4) instead of having
ifconfig make assumptions like this.

noticed by jason tubnor
ok deraadt@ claudio@

Use system uptime not UTC time to calculate PPPoE session duration

Systems without RTC are likely to boot with wrong time, but pppoe(4) used
microtime(9) anyway to remember when a new session began.

(In)adequately, ifconfig(8) used gettimeofday(2) and calculated the
difference between two absoloute dates to infer the PPPoE session duration.

This goes off the rails if the wall clock jumps in between, e.g. due to NTP
kicking in.

Use getmicrouptime(9) and clock_gettime(2)/CLOCK_BOOTTIME instead to rely
on the monotonically increasing system uptime instead to fix this.

Reported and tested by Peter J. Philipp <pjp AT delphinusdns DOT org> on
some octeon box without RTC.
I've seen this on a Edgerouter 4 as well (2m uptime, 19d session).

OK claudio

Display DNS information from sppp(4) in ifconfig(8)

Behaviour is similar to that of umb(4).

OK kn@

Remove switch(4) specific bits from ifconfig.
OK deraadt@ patrick@

Zap swapips remnants

There since 1998, probably dead long before.

"I am sure swabips died before you were born." deraadt

fix previous

Return non-zero on failed "nwkey" command

Fail early and exit non-zero immediately instead of indicating success and
possibly carrying the next ifconfig command.

Found at install when wifi interfaces are reset with "-nwid -nwkey -wpa":

Which network interface do you wish to configure? (or 'done') [bse0] bwfm0
ifconfig: SIOCS80211NWKEY: Operation not supported by device
Access point? (ESSID, 'any', list# or '?') [any] 2
Security protocol? (O)pen, (W)EP, WPA-(P)SK [O]

bwfm(4) currently does not support WEP.

OK stsp

Remove autoconfprivacy deprecation warning.
OK deraadt

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

store provider ID in umb(4), and display it in ifconfig. OK stsp deraadt

Previously only the provider's display name was used. The text used depends
on how the SIM is configured and not just on the network in use (for example,
an MVNO SIM on another network will often display the MVNO's name rather
than that of the underlying network).

I have a SIM that roams to any network in my country - whichever network
it roams onto, the display name is the same, so you can't tell which
network you're really using. By printing the provider ID (in GSM-land this
is MCC+MNC) it's easy to lookup and check this.

As the provider was printed on the ifconfig line also showing subscriber-id
and ICCID it was already a bit long, and adding the provider-id there is
a bit too much, so move it to the output line showing APN, now looking like

: subscriber-id 2400xxxxxxxxxxx ICC-id 8946203xxxxxxxxxxxxx
: device EM7455 IMEI 01458xxxxxxxxxx firmware SWI9X30C_02.24.0
: APN key provider Tele2 IoT provider-id 23420

RFC 8981 allows the configuration of only temporary IPv6 addresses.
Keep "temporary" the default when setting inet6 autoconf but make it
possible to disable the "autoconf" flag but keep "temporary" enabled.
The normal usecase to only have temporary autoconf addresses would be
"inet6 temporary" in hostname.if
OK kn

Move setifrtlabel() and *keepalive() prototypes out of SMALL

Those commands are not supported under SMALL; unless I overlooked others,
this should be the last bit to declare all prototypes correctly wrt. SMALL
(the overall unsorted order of both prototypes and commands makes this hard
to spot).

No object change, with and without SMALL.

Remove "deletetunnel" (deprecated with 6.4)

OK deraadt

Move all rdomain bits under SMALL

"[-]rdomain" commands are ignored under SMALL but their prototypes,
the global and therefore dead print logic are still in.

OK deraadt

Move MPLS related function prototypes under SMALL

OK deraadt

Add deprecation warning for autoconfprivacy.
While here check address family for 'temporary' option, only inet6 is
allowed.
OK kn

When RFC 8981 obsoleted RFC 4941 the terminology changed from
"privacy extensions" to "temporary address extensions"

Change ifconfig(8) to output temporary after temporary addresses and
add "temporary" option which is an alias for autoconfprivacy for now.

Also make AUTOCONF6TEMP a positiv flag that is set by default.
Previously the negative flag "INET6_NOPRIVACY" was set when privacy
addresses were disabled. This makes the flags output less ugly and
will allow us to disable autoconf addresses while having temporary
addresses enabled in the future.

More work is needed in slaacd.

input benno, jmc, deraadt
previous verison OK benno
OK jmc, kn

remove extra argument to printf

add support for handling the interface monitor flag

ok benno@

Use the same check in kernel and ifconfig for group names. ifconfig
delete group does not need name sanitation. The kernel will just
report that it does not exist.
OK deraadt@ gnezdo@ anton@ mvs@ claudio@

Only recover the scope_id if it was not set. This way this code works
both with and without embedded scope.
OK bluhm@ florian@

getifaddrs() can return entries where ifa_addr is NULL. Check for this
before accessing anything in ifa_addr.
ok claudio@

Keep track of allowed ips pointer correctly

Someone reported wg(4) not working on macppc; fix ifconfig(8)'s "wgaip" to
interate over data structures in the same way as the kernel does.

Analysis and fiff from Jason A. Donenfeld
Tested on macppc, sparc64 and amd64 by me

Fix display of P2P link to be consistent over all AF.

OK kn@, input from claudio@

Reverse previous, needs discussion.

Fix display of P2P link to be consistent over all AF.

umb(4) shows the speed of the LTE connection but misses the b in Mbps.
OK kettenis@

Merge switch_status() into bridge_status()

This is to reduce duplicate code and prepare for bridge_status() to cover
all bridge like interfaces: bridge(4), switch(4) and tpmr(4).

OK dlg

Rename IN6_IFF_PRIVACY to IN6_IFF_TEMPORARY.
This is the name the other BSDs use for this, there is no reason to
be different, the IPv6 RFCs call these addresses temporary, and some
software in ports wants to use this as well.
Most recently pointed out for firefox by landry.
OK claudio, sthen

use (undocumented) base64 code in libc instead of libcrypto.

naddy gave me a pointer in the right direction
ok millert@ deraadt@
looks good to matt dunwoodie

teach ifconfig about wireguard.

note that this links ifconfig with libcrypto to get at base64
encoding and decoding routines. im looking at an alternative way
to do that, so hopefully this is temporary.

secondly, note that all the wireguard stuff is under ifndef SMALL,
so the special build of ifconfig for install media does include
wireguard support, and also does not need libcrypto.

from Matt Dunwoodie and Jason A. Donenfeld

ok deraadt@

Do not set A_JOIN unconditionally. Otherwise join "" takes effect even
though that is not what the user intended, e.g. if an invalid hex SSID
was given on the command line.

ok sthen@

fix column alignment of 'ifconfig joinlist'; padding had an extra " "

Don't needlessly cap SSID width in 'ifconfig joinlist' (matters with hex SSIDs).

ok kevlo@

Add IPv6 support to umb(4).

ok job@ bluhm@ claudio@

job@ tested with 'telnet -6 towel.blinkenlights.nl' on Fibocom L831-EAU on
IIJ MIO's network (Japan), with 'inet6 autoconf' in /etc/hostname.umb0.

Fix ifconfig WPA key installation with max allowed length SSIDs.
ok claudio phessler deraadt sthen

ifconfig(8) did silently ignore the netmask parameter for inet6 and
interpreted only prefixlen. Also accept netmask for IPv6. This
is consistent to our man page and the route(8) command.
OK benno@

use _PATH_ names for unveil if possible

Fix ifconfig(8) compiler warnings regarding variable "name" reuse.
Call the global variable with the name of the interface "ifname".
Do not pass it around, just use it globally. Do not use "ifname"
for anything else.
OK deraadt@

Fix some compiler warings in ifconfig(8). Move all prototypes and
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@

Make net80211 expose reasons for association failures to userland and have
ifconfig display them in 'scan' output and on the ieee80211 status line if
the failure is applicable to an already selected AP (e.g. wrong WPA key).

This will hopefully reduce the amount of help requests for what often
turn out to be trivial misconfiguration issues that were previously
hard to diagnose without debug mode.

ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in
sync with the kernel. A full 'make build' will do the right thing!

Very helpful input by mpi@ and deraadt@

whitespace, found while pondering improvements to sffdump

Adjust umb DNS printing code since the type of those addresses changed.
OK gerhard@

added /* no filesystem visibility */ above unveil("/", "") since "" is too easy
to misread.

as per suggestion by and OK deraadt@

AF_INET comes before AF_INET6. Shorten line to <80 chars.

pointed out by claudio@

Add IFXF_AUTOCONF4 to if_xflags to match IFXF_AUTOCONF6. Let
ifconfig set/unset it.

ok deraadt@ kmos@

make a half-hearted attempt to shrink trunkport info a bit

it's hard to balance being understandable without a legend or a big
manpage, and not using a lot of space.

ok deraadt@

print out lacp actor and parter info

this is useful for diagnosing mismatches between configurations on
sets of ports (and debugging aggr(4)).

snprintf/vsnprintf return < 0 on error, rather than -1.

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

add support for getting and setting rxprio

this complements txprio and should finish support for RFC 2983

ok claudio@

Remove old vlan and [-]vlandev code

These were deprecated with 6.3, but instead of removing them all together,
keep [-]vlan and [-]vlandev as aliases for [-]vnetid and [-]parent.

Alias idea from sthen
OK dlg sthen benno

print transceiver information inline with standard interface details
(like media/joinlist do) rather than totally separate; this also allows
"ifconfig -a sff" or "ifconfig ix sff".

tweak display format to make it look closer to the standard lines.

ok deraadt

add support for fetching and parsing SFF module info and diags

this is very basic, and will get cut up a lot by sthen@ soon, but
it was enough to get us started with. at the moment it shows the
type of module, some vendor and products strings, and detects if
the device supports diag and then shows it. qsfp info is structured
very differently, but i'll let sfp support settle before trying to
make it look the same.

so far only ix(4) and some ixl(4) with up to date firmware implement
the backend ioctl for this. no em(4) yet :(

suggestions from mikeb@
ok deraadt@ sthen@

this was started because of a question from rachel roch

remove an extra ; on a line

no functional change

get rid of the mpw goop

this reduces the output that mpw interfaces generate from 3 lines
to the one generic mpls and pwe3 line.

mpw can be configured with the individual ioctls, and gains the
ability to do flow aware transport.

implement support for pwe3 ioctls

this allows individual configuration of the use of control words,
flow aware tranport labels, and the local and remote label plus
neighbor individually.

discussed with claudio@ at a2k19
ok mpi@

Tweak previous, use the same wording everywhere

ok deraadt@

avoid abbreviation "AF" when "address family" fits on the line; noted by Alfred Morgan

Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

Nuke unused variable.

ok phessler@

properly error out instead of only printing a warning when some join commands
failed

OK deraadt@

let users automatically use join to connect to any open wifi network.
if a known network is visible, always prefer that instead.

requested by many, OK stsp@

do not allow users to specify "join" or "nwid" twice on the same ifconfig call

handle tunnel ecn configuration and reporting.

tested with normal and special ifconfig builds.

ok claudio@

print more details about the join'd networks we have saved when a user runs
ifconfig if joinlist

OK stsp@

merge the wpa related settings, instead of overriding them
this fixes setting wpaprotos (e.g. enabling wpa1)

OK stsp@

when printing essids return the number of chars we printed, like printf

OK stsp@

Warn on deprecated 'vlan' and 'vlandev' option usage

These were superseeded by 'vnetid' and 'parent' in june 2017 and will be
removed in the future.

"Looks right" deraadt, OK benno

add support for txprio settings on interfaces

display of the currently configured txprio setting is added to the
encap line, since it's configuring something that affects the
population of an encapsulation header.

it also adds a txprio argument to ifconfig so the setting can be
changed to "payload", "packet", or a number between 0 and 7.

ok claudio@

Fix vnetid range

0 and 4095 are reserved IDs as per 802.1Q and vlan(4), setting them will
fail.

OK denis

The struct members addr and dstaddr in struct if_laddrreq are struct
sockaddr_storage which is guarantee to be large enough, no need to
check ai_addrlen. We can also trust the resolver to give us a
sockaddr_in6 sized object if we ask for AF_INET6
OK kn, deraadt

deny non-contiguous netmask

OK job@

convert the things we save in 'join' into a single ioctl. mixing related
settings over multiple calls was risky and racy. Pass essid, wpa, and wep
paramaters in a single ioctl and process it atomically.

no change for 'nwid' users

OK stsp@ benno@

Enforce that "join" and "nwid" may not be used at the same time.

OK stsp@

Restore ability to use hostnames to configure ip addresses.
Unveil /etc/{resolv.conf,hosts,services} which keeps it in sync with
the kernel bypass for pledge("dns").
OK deraadt
pointed out by & OK stsp

Add administrative options to LACP trunk implementation.

The trunk driver now has a new ioctl (SIOCxTRUNKOPTS), which for now only
has options for LACP:
* Mode - Active or Passive (default Active)
* Timeout - Fast or Slow (default Slow)
* System Priority - 1(high) to 65535(low) (default 32768/0x8000)
* Port Priority - 1(high) to 65535(low) (default 32768/0x8000)
* IFQ Priority - 0 to NUM_QUEUES (default 6)

At the moment, ifconfig only has options for lacpmode and lacptimeout
plumbed as those are the immediate need.

The approach taken for the options was to make them on a "trunk" vs a
"port" as what's typically seen on various NOSes (JunOS, NXOS, etc...)
as it's uncommon for a host to have one link "Passive" and the other
"Active" in a given trunk.

Just like on a NOS, when applying lacpmode or lacptimeout, the settings
are immediately applied to all existing ports in the trunk and to all
future ports brought into the trunk.

Tested by many on a plethora of NIC drivers and switches.

Ok remi@

Make ifconfig's -joinlist command work as advertised.
ok deraadt phessler

Fix problems ofthe ifconfig argument parser with "ifconfig <if> join".
Due to the way the parsing works, you cannot have an option that
accepts strings as argument or no argument, without side effects: for
example "join <nwid>" could only join networks that did not have a
nwid identical to another ifconfig option, i.e. "join mtu" or "join
join" would not work.

Solve this by making join always require an nwid. Listing all the
configured nwids for auto-join is moved to the new option "joinlist".
Removing _all_ auto-join configuration is moved to "-joinlist".

deraadt@ likes it and ok phessler@ stsp@

ifconfig cannot be pledged because of its overwhelming amount of
used ioctls. Furthermore due to the way the command line parser is
written it is difficult to apply the traditional first initialize then
pledge pattern.

unveil(2) gives us a different approach:
By veiling everything with unveil("/", "") and then locking down
unveil with unveil(NULL, NULL) we remove all filesystem access from
ifconfig kind of like giving a regular user a chroot without any
files.

OK deraadt

tabs are ok at start of line, but internally space seperation is the norm

make ifconfig <if> join display the list of networks configured for
auto-join
with feedback from florian and stsp
ok florian@ phessler@ (on previous versions of the diff) stsp@

Unused variables.

ok henning@ phessler@

Introduce 'auto-join' to the wifi 802.11 stack.

This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.

Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.

example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up

OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years

Remove unused <sys/param.h>

OK sthen mpi

Make LACP_STATE_BITS accessible to userland

Update ifconfig to display LACP State (Actor and Partner) on
each trunk port

Ok benno@, phessler@, and tb@

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

Do not try getnetbyname(3) if gethostbyname(3) returns no result.
This is part of the project to delete /etc/networks support.
OK deraadt@

Add a '-tunneldomain' ifconfig(8) option as shorthand for 'tunneldomain 0'
to be consistent with the '-rdomain' option.

Suggested by dlg
OK benno, jca, kn, phessler, jmc

handle "tunnels" without a destination address

this is used for mgre, which has a local address but dynamically
addresses other endpoints based on routing information.

"tunneladdr" takes a single address (where "tunnel" takes two) and
sets the destination address in the ioctl to an AF_UNSPEC destination.

tunnel status is changed so it recognises this and only outputs the
local address if the destination is AF_UNSPEC. the tunnel status
is also changed so it can tell the difference between tunnels being
unsupported on the interface (ie, ENOTTY comes back) or if there's
just no address configured yet (EADDRNOTAVAIL), which allows the
other tunnel params like ttl and df to be shown.

tested with and without -DSMALL

Add unsetrdomain() and option -rdomain to return an interface to routing
domain 0.

OK phessler, henning, deraadt, stsp, benno

Move getvnetflowid() out of #ifndef SMALL to unbreak 'make release'.

Diff from jsg, ok millert, benno

add support for toggling partitioning a vnetid into a netid and flowid

"vnetflowid" enables it on an interface, and "-vnetflowid" disables it.
a vnetid will be suffixed with + on the encap line if it an interface
reports that it is enabled.

add support for setting and displaying whether a tunnel allows fragmentation

ifconfig will output "nodf" or "df" on tunnel interfaces that support
the ioctl., and accepts "tunneldf" and "-tunneldf" as options to
try and configure it.

ifconfig can be used to to set interface flag to not do RFC 7217.

OK naddy, sthen
man page bits input & OK jmc

when using tunnelttl, let -1 mean "copy the ttl from the inner traffic".

tunnelttl now accepts "copy" as an argument, and prints "copy" when
it sees -1.

ok claudio@

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

Make 'ifconfig if0 wpaakms 802.1x' implicitly enable WPA.
Requring WPA to be enabled separately via 'ifconfig if0 wpa' was confusing.
ok mlarkin phessler mpi

Recycle IFF_NOTRAILERS into IFF_STATICARP and document ownerhsip
of IFF* flags.

inputs from jmc@, ok bluhm@, visa@

Stop printing <not displayed> for wireless keys we know the kernel no
longer export them to userland.

ok stsp@, deraadt@, jca@

replace the deletetunnel option with -tunnel
ok bluhm@

ifconfig <if> giftunnel was deprecated in 2001, it's never too late to
remove it
ok phessler@ beck@

Exit printing an error message if SIOCSIFMEDIA fails.

from Jesper Wallin.

quarterly rescan of the tree: remove unneccessary sys/param.h, and
annotate the ones which are needed.

Don't use isset() from sys/param.h in ifconfig. Requested by deraadt

use AI_NUMERICHOST for getaddrinfo(), we can only configure ip
adresses on pflow(4) interfaces, so don't try to resolve hostnames.
Report and fix from pjp -AT- centroid.eu
ok florian@

Make ifconfig(8) default to prefixlen 128 when setting an IPv6 destination
address on a point-to-point interface. Makes it easier to configure IPv6 on
interfaces such as gif(4). Specifying 'prefixlen 128' is no longer required.
This is consistent with IPv4 where a netmask is not required either.
ok mpi@ bluhm@ benno@

remove the timeslot code, it was only for now deleted T1 devices.
ok sthen

make vnetid and parent commands available in SMALL ifconfigs.

the code behind the commands has been built on SMALL forever, this just
moves it available in the cmd table. the binary doesnt change size.

remove vlan(4) specific output handling

vlan(4) now understands the generic vnetid and ifparent ioctls, so
this is redundant.

ok henning@

fold the vnetid and parent lines into a single encap line.

this is a modest attempt to shorten the ifconfig output. encap wont
show up if neither vnetid or parent are supplied by an interface.

whitespace tweaks from benno@
output tweaks from reyk@
ok deraadt@ henning@

Replace a magic number with the corresponding macro from ieee80211_ioctl.h.
No functional change.
ok deraadt@ tb@

Make ifconfig scan display both wpa1 and wpa2 if both are supported.
ok henning@ phessler@

Make 'ifconfig scan' display AP encryption correctly if WEP is configured
on the local wifi interface. ifconfig was mistakenly showing the common
supported subset of client and AP, rather than showing the AP's capabilities.
Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means
ifconfig must be recompiled to run on a new kernel.
ok deraadt@ mpi@

Nuke whitespace foolish enough to expose itself during the great
"warning:" rectification.

gcc says "if you define labels and don't use them, I will whine."

ok tom@

Make 'ifconfig if0 wpa' and 'ifconfig if0 -wpa' reset WPA params (does not
include the wpakey) to their defaults.
And make 'ifconfig if0 wpaprotos' reset WPA crypto parameters to settings
which are appropriate for the specified WPA protocol version.

make setting and getting tunnel addresses wrt to ipv6 scope handling.

setting a tunnel addresses uses a sockaddr_in6 from getaddrinfo, which
sets sin6_scope_id for scoped addresses. this is nice and portable.

reading a tunnel address assumed the scope was embedded in link local
addresses in sin6_addr, and unpacked the scope back into sin6_scope_id.
this is inconsistent with the code that sets tunnel addresses.

this fixes the read path so it assumes the kernel sets sin6_scope_id
like it it assumes the kernel will read on the set side. noone likes
the kame hack of embedding the scope id in the addreses.

ok mpi@

The simple UTF-16 decode routine stopped too early due to wrong calculation
of the output buffer size. Thus elements like subscriber-id, ICC-id, IMEI
were shown truncated.

Some modules report a phone number that already has the '+' prefix.
Don't add another one when printing it.

Patch from Bryan Vyhmeister
ok otto

- Declare usage() as __dead void (remaining prototypes are not declared as
static, so keep it that way for consistency)
- s/usage(1)/usage() and inside call exit(1) explicitly since all usage() calls
always use that value (also update comment to reflect this change)
- Remove main() prototype
- s/exit/return in main() to enable SSP

Feedback from jca@ and tb@ and OK from both (with their remarks in)

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

Add support for a multipoint-to-multipoint mode in vxlan(4). In this
mode, vxlan(4) must be configured to accept any virtual network
identifier with "vnetid any" and added to a bridge(4) or switch(4).
This way the driver will dynamically learn the tunnel endpoints and
their vnetids for the responses and can be used to dynamically bridge
between VXLANs. It is also being used in combination with switch(4)
and the OpenFlow tunnel classifiers.

With input from yasuoka@ goda@
OK deraadt@ dlg@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Rename ifconfig's setinstance() function to setrdomain(). Less confusing.
ok claudio@ jca@

correct a rate test introduced in rev 1.326
ok stsp@

When running 'ifconfig scan' in hostap mode display the current Tx rate our
AP is using to send frames to an associated node. This used to always display
the node's highest supported Rx rate, which isn't all that interesting.
ok mpi@

Fix typo, spotted by Holger Mikolon <holger@mikolon.com>

Add umb(4) - a driver for the Mobile Broadband Interface Model (MBIM)

The umb(4) driver provides support for USB MBIM devices.
Those devices establish connections via celluar networks such as
GPRS, UMTS, and LTE.

ok mpi@ sthen@
additional feedback from deraadt@ jmc@ stsp@ kettenis@

Add the "llprio" field to struct ifnet, and the corresponding keyword
to ifconfig.

"llprio" allows one to set the priority of packets that do not go through
pf(4), as the case is for arp(4) or bpf(4).

ok sthen@ mikeb@

Remove INET6 #ifdefs

ifconfig.c doesn't build without -DINET6, and those #ifdefs clutter the
code. ok bluhm@ henning@

Show 11n HT rate in ifconfig scan output. Needs a new kernel.
ok mpi@

Print interface index after priority.

Suggestion from claudio@, ok benno@, sthen@

move the parent and vnetid stuff around so it builds on ramdisks too.

ramdisk breakage found by jsg@
ok jsg@

move getting the vnetid out next to getting the ifparent

its now separate to getting the tunnel address.

ok mpi@

repair for ramdisk builds

provide generic ioctls for managing an interfaces parent

in the future this will subsume the individual vlandev, carpdev,
pppoedev, foodev options for things like vlan, carp, pppoe, etc.

inspired by vnetid

ok mpi@ jmatthew@

Make 'ifconfig $if mode' a valid subcommand that works independently of
the 'media' subcommand. Allow clearing the mode with 'ifconfig $if -mode'.

This makes commands such as 'ifconfig iwn0 mode 11a' work without having
to type all of 'ifconfig iwn0 media autoselect mode 11a'.

ok sthen@ deraadt@ jmc@

correct format string. ok deraadt stsp

Remove obsolete and undocumented "-carpdev" option, from Fabian Raetz.

ok benno@, claudio@

rmeove unused noprint variable

from Fabian Raetz via tech@

ok krw

Remove NULL-checks before free(). ok tb@

Revert SIOCDIFADDR_IN6 fix.

It's not possible to fix this issue in ifconfig(8) because in_control()
and in6_control() have a subtle semantic difference which result in
breaking alias for IPv4.

in_control() always select the first address on the list of an interface
whereas in6_control() doesn't. That's why ifconfig(8) passes an empty
"struct in_aliasreq" and that fails in netinet6.

Breakage reported by deraadt@

remove trailers option that was already obsolete when this code was imported.
ok benno krw

remove txpower option. only relevant to the now irrelevant wi driver.
(several other drivers misleadingly claim generic 802.11 txpower, but
do not in fact do anything. the knob is not connected to the radio.)
ok benno jsg krw reyk

Put back 1.305 without breaking the hand rolled inet_net_pton(3) case
for IPv4.

Tested by sebastia@ and krw@

Revert previous it introduces a regression found by krw@

Initialize SIOCDIFADDR{_IN6,} argument as intended.

How this could have been unotified for so long? Thanks to sebastia@
for reporting a breakage when re-configuring an IPv6 static address.

ok sebastia@

Add pair(4), a vether-based virtual Ethernet driver to interconnect
rdomains and bridges on the local system. This can be used to route
through local rdomains, to create L2 devices (like trunks) between
them, and many other things.

Discussed with many, with input from mpi@
OK sthen@ phessler@ yasuoka@ mikeb@

tweak the vnetid so it can be optional and therefore cleared/deleted.

the abstract vnetid is promoted to a uin32_t, and adds a SIOCDVNETID
ioctl so it can be cleared.

this is all because i set an assignment on implementing a virtual
network interface and the students got confused when vnetid 0 didnt
show up in ifconfig output.

the vnetid in the vxlan(4) protocol is optional, but the current
code confuses 0 with no vnetid being set. this makes it clear.

ok reyk@ who also simplified my diff

IPv6 transport for pflow data.
Input deraadt@
Bug fix & OK benno@

In `ifconfig media` output, stop advertising media with fixed data
rates on wireless interfaces. They are not needed by mere mortals.
ok phessler miod kettenis deraadt mpi

Fix ifconfig for ifmedia64.

remove unused variable

ok mpi@ rzalamena@

process_mpw_commands should not go to install-media ifconfig

Teach ifconfig(8) about mpw(4) commands.

ok claudio@, renato@, mpi@.

implement "ifconfig <if> -inet", removing all inet addresses
for symmetry with -inet6 mostly. ok phessler theo

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

Change rssi passed to ifconfig(8) to a signed value to fix printing signal
strengths on 802.11 interfaces. ok stsp@

Power on wireless interfaces is usually scaled in dBm. rssi (received signal
strength) is expected to be a -ve dBm values (i.e. [much] <1mW). Some (though
not all!) drivers store this as negative values, so it needs to be passed to
ifconfig that way for printing, not cast to an unsigned value. Valid range is
something like -40 to -90dBm, so the range available with a signed char is
reasonable whether it's stored as a +ve or -ve number.

Remove the NOINET6 interface flag, a left-over from the times when IPv6
was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable
an address family for an interface (currently used for IPv6 only).

New kernel needs new ifconfig for IPv6 configuration (address assignment
still works with old ifconfig making this easy to cross over).

Committing on behalf of henning@ who is currently lebensmittelvergiftet.
ok stsp, benno, mpi

Sort wireless nodes by signal strength, from Simon Nicolussi.

ok stsp@, deraadt@

move the list_cloners() prototype out of #ifndef SMALL
missed in rev 1.290

Enable 'ifconfig -C' (list dynamic interface types) on install
media. Use this feature in install scripts to eliminate manually
maintained list of dynamic interface types.

'-C' brought to my attention by reyk@, tweaks to install script to
use -C in get_ifdevs() from rpe@.

ok rpe@ deraadt@

sort names for -C. ok reyk

move the trunk related functions out of ifdef SMALL, to allow trunk on
RAMDISKs. grows ifconfig on SMALL media slightly, verified to still fit on
amd64 i386 sparc64 alpha hppa macppc by me. ok krw reyk

ewps, that giant table has -inet6 twice, for SMALL and !SMALL
no breakage involved, but wasn't correct in the SMALL case either

allow IFXF_AUTOCONF6 to be set and cleared.
"ifconfig <if> inet6 autoconf" to turn it on, -autoconf to turn it off.
show AUTOCONF6 in the flags line.
-inet6 turns IFXF_AUTOCONF6 off as well.
ok stsp benno florian bluhm

Return RSN (WPA) information to userland during wireless scan, and
make ifconfig show whether a wireless network uses WEP or WPA.
Since struct ieee80211_nodereq grows in size old ifconfig won't be
able to scan when running on a new kernel.
While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP.
ok jsg@

make "ifconfig <if> inet6 eui64" reset the NOINET6 flag
(unconditionally), so a link-local will be assigned if there isn't one
yet. ok krw benno todd sthen

Make ifconfig do something intelligent based on the required length of
WEP keys rather then being silently dumb, so when using WEP:
1) If the key is a plausible size try to use it.
2) If they key would be a plausible size with '0x' in front of it, add that.
3) If the key is not a plausible size, emit a warning and do not try to use it.
ok sthen@

fix a null test, from remco.
and then modernize some other function pointer calls.

allow pflow(4) to determine the src IP address based on the route
table if flowsrc is not set. Now works with new udp checksum code.
From Nathanael Rensen (nathanael.openbsd AT list DOT polymorpheus DOT
com), tweak and ok florian@

Make ifconfig scan show the nwid, channel, and bssid for IBSS networks.
These were only shown for access points, so getting useful information
about IBSS networks in the area was somewhat difficult.
ok deraadt

Whole bunch of (unsigned char) casts carefully added for ctype calls.
Careful second audit by millert

Make the bit string unsigned char * in printb() and printb_status().
In practice we shouldn't have chars > 127 in these but it is better
not to assume this. OK deraadt@

add a variety of missing prototypes

Fix ifconfig with IPv6 tunnel addresses which was broken by the
vxlan(4) commit.
found by todd@; OK reyk@

use %d instead of %i in a few fprintf for clarity

The header file netinet/in_var.h included netinet6/in6_var.h. This
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@

whitespace

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Change "physical address" to "tunnel:" in ifconfig's tunnel address
output. This is more consistent with the current ifconfig style and
matches the "tunnel" configuration command.

ok claudio@ jmc@ deraadt@

pflow(4) does not work without flowsrc set.
OK benno@

Add missing util.h

ok otto@ mpi@ mikeb@

Replace the misleading SIOC{G,S}IFGENERIC ioctls by SIOCG{G,S}PPPPARAMS.

This is another ABI break but no port rely on them as verified by naddy@.

ok claudio@, mikeb@, henning@

Make sure the ioctl(2) has been processed by sppp(4) before printing
any phase error.

This prevents ifconfig(8) from priting 'sppp: phase...' messages for
vlan(4) interfaces attached to interfaces with a long name. A better
fix should be cooked because various pseudo-interfaces still use the
same set of ioctl(2)s for different purposes.

Issue reported by jca@, ok claudio@, jca@

Change the structure used in the SPPPIOSDEFS and SPPPIOGDEFS ioctls
to only include what is really needed. In particular stop including
a "struct ifnet" and move kernel-only definition into the proper #if
dance.

While here remove the unused spppinfo() from ifconfig.

ok guenther@, sthen@, mikeb@

Long passwords could not be replaced completely with shorter
passwords. ioctl(SIOCGVH) fills the carpr_key with the old value.
strlcpy() overwrites only the beginning of the key. Add a bzero()
to clear the rest.
Testing Jan Klemkow; OK florian@ mpf@

Correct the range checks in ifconfig properly for vhid, advbase and advskew.
Clarify about the ranges in the man page.

ok mpf mcbride

fix format string; found while scaning the tree for time_t/ino_t problems;
ok deraadt@ krw@

remove comment about "make gcc happy" for variables which WERE being
used uninitialized... clean up time related variables too for 2038++
ok millert

handle larger time_t types; toss some unused code
ok guenther

add group support back (for the ramdisk version)
spotted by rpe and sthen; ok krw

only needs sys/types.h not sys/param.h

Display hardmtu value when "ifconfig hwfeatures" is used.
Looks fine reyk@ ok mikeb@

move pkcs5_pbkdf5 function to libutil so everybody can play with it
ok deraadt jsing matthew

Reverse the name and meaning of the IFXF_INET6_PRIVACY interface
flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy
addresses are on by default without resetting the flag during
ifconfig down/up.
OK stsp@, sperreault@ (who wrote the same diff)

fix a leak
ok krw@

add netflow v9/ipfix support to pflow(4).
large parts written by Florian Obser (florian -at- narrans -dot- de).
feedback from sperreault@ gollo@ sthen@
ok from gollo@ dlg@ henning@

Cleanup recently removed flags from ifconfig.c and its manpage.

ok jmc@ mikeb@

Tie the 802.1p (CoS) value in vlan(4) with the new prio scheme in pf.

When transmitting through vlan(4), it will now use the prio value in
pf packet header. When receiving, we save the incoming Cos in the same
place, this gives us the hability to preserve the CoS value across two
different vlan interfaces.

This kills the SIOC[GS]VLANPRIO ioctls and removes the corresponding
buttons from ifconfig(8).

ok henning@ claudio@ mcbride@

Expose if_capabilities to userland so that ifconfig can display the
device hardware features.
Tune ifconfig to show them with 'hwfeatures' argument.
While here, kill some old unused capabilities and respect 80 columns
in brconfig.h.

ok mcbride@, henning@, mpf@.

kill prototypes for long removed functions, Rafael Sadowski <rafael at
sizeofvoid.org>

Remove old wpapsk entries. Cleanup casts and use timerclear.
ok mcbride

rmove rotten netatalk bits

Don't provide an af hint to getaddrinfo in settunnel(), this function
already checks that families of source and destination addresses match
and that's all we need.

This allows "ifconfig foo tunnel 1::1 2::2" syntax rather than requiring
"ifconfig foo inet6 tunnel 1::1 2::2", which in turn allows hostname.if
files to create an IPv4-in-IPv6 tunnel without games with shell escapes.

ok dcoppa@, seems ok todd@, "Yes, yes and yes" claudio@

use the define for max rdomain with tunneldomain as well
ok claudio@

Add a way to enable/disable Wake On LAN with ifconfig.
ok deraadt

Introduce a dummy function in the SMALL case to digest arguments like
"rdomain", "description", etc. so that the ifconfig on ramdisk is able
to parse hostname.if files on updates.
OK deraadt@

0-4095 inclusive is the correct (12 bit) vlan range

ok henning claudio miod

when setting the rdomain, use the same define as the kernel
for the maximum route-id instead of a currently incorrect number
ok claudio@

add support for (full length only) hex keys to the wpakey code. for the
remainder of the 4.8->4.9 transition, alias wpapsk to wpakey (since
it swings both ways)
ok damien halex tedu

Add wpakey/-wpakey options. This was originally written by halex and
has gone many times around now (it is smaller now). man page diff
coming soon. Fits onto the media that need it.
ok halex

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

make lint a bit happier

Add a way to enable and set the keepalive parameters for gre(4).
OK deraadt, reyk

Oups, an unused prototype sneaked into ifconfig. Found by jsg@

Merge interface flags and xflags before printing them. So it is possible to
see if a interface is using the INET6_PRIVACY or is MPLS enabled.
If xflags uses more then 16 flags something else must be figured out.
OK stsp@ deraadt@

Stop requiring the 'inet6' keyword when the 'autoconfprivacy' option is used.
Simplifies enabling autoconf privacy from hostname.if files. A line such as
'rtsol autoconfprivacy' will now work, as documented in ifconfig(8).
Pointed out by steven@.
ok deraadt@ steven@ todd@

Add mpls/-mpls commands to enable MPLS label switching on an interface.

Print the link state for devices not having if_media support by looking at
ifdata->ifi_link_state. Don't print in case of a unknown linkstate since
some devices (lo0) just have none.
OK sthen, dlg, blambert

Simple implementation of RFC4941, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6". For those among us who are paranoid
about broadcasting their MAC address to the IPv6 internet.

Man page help from jmc, testing by weerd, arc4random API hints from djm.

ok deraadt, claudio

On the random MAC address also turn off the 'local administered' bit,
since it is our intent to deceive. Prompted by weerd.
ok ckuethe

randomized mac addresses, avaliable via 'ifconfig $if lladdr random'.
Note that not all device drivers do the work of the SIOCSIFLLADDR ioctl
correctly, but this is just more reason to get them fixed.
ok beck kettenis

s/setpriority/setifpriority/ to eliminate a conflict with setpriority()
To quote henning, 'ok gcc'

re-adding a group that exists is not an error
ok claudio

make ifconfig return with failure of bridge_rule; ok claudio

use strtonum() instead of atoi(). idea from Vladimir Kirillov, but had
to rewrite it because it was another mangled diff in mail. When will
people learn that the tabs and spaces are important?

off by one in carp configuration; found by parfait, ok jsg

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

Fix ifconfig -a vs. ifconfig -A and make ifconfig without any arg behave
like ifconfig -a by setting the aflag to 1. Found with and OK deraadt@

Add new option tunneldomain to ifconfig to specify the routing table
to be used for sending out gre/gif encoded packets. OK deraadt@, henning@

after long discussion with many...
ifconfig <if> inet6 used to print all inet6 addresses, and last not least
the installer relies on that behaviour. so don't. to turn inet6 on again
you have to assign any inet6 address or run rtsol.
nobody happy about this asymmetry, but that is the best we could come up
with for now.

enable support for deferring the packet that creates a state so that your
sync peers are able to get the states before the replies. previously there
was a race where the reply could hit a partner firewall before it had the
state for it, which caused the reply to get processed by the ruleset which
probably would drop it.

this behaviour is off by default because it does delay packets, which is
only wanted in active-active firewalls or when an upstream router is slow
to learn that you're moved the active member of the pfsync cluster. it also
uses memory keeping the packets in the kernel.

use "ifconfig pfsync0 defer" to enable it, "ifconfig pfsync0 -defer" to
disable.

tested by sthen@ who loves it. he's got manpage changes coming up for me.

remove unused variable

ok claudio@

Make it possible to bind an interface to a rdomain. Manpage will follow soon.

allow IPvShit to be turned off completely per-interface.
ifconfig em0 -inet6
deletes all v6 addresses including link-local and prevents new ones from
being added.
ifconfig em0 inet6 <addr>
re-enables v6, brings the link local back and adds optional <addr>
ok theo reyk

let vlan functionality make it into the -DSMALL ifconfig binary
ok sthen

Allow username and password to be up to 255 characters in length.
Tested by many, thanks.
Put it in" deraadt@

make "ifconfig if0 chan" list the channels supported by the device.
add "ifconfig if0 scan" to scan for access points or to list known
stations in Host AP mode.
remove the [-]wmm command while i'm here. QoS is mandatory with
802.11n so there's not much point into making it an option.
fix parsing of the "powersave" command too.

discussed with deraadt@
man page hints from jmc@
display hints from sobrado@
"i like it" cnst@, grange@

Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'.
Some supplicants will autoselect 802.1X without giving users the
possibility to choose between PSK or 802.1X.

Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined
in Draft 802.11w) by default in the RSN IE of beacons and probe responses
as it confuses some broken supplicants. This kind of sacrifies security
for interoperability with shitty (but unfortunately widespread) clients
that do not follow the 802.11 standard properly.
This fixes associations from Intel PROSet on XP and also reportedly fixes
some Mac OS clients. I will likely make `psk-sha256' configurable through
ifconfig wpaakms after the 4.5 release.

Remove bogus casts of integer constants SPPPIO[GS]DEFS to caddr_t
and fix typo while here.

ok canacar@

remove unused vars; damien@ ok.

ifconfig(8) part to make it possible to set an interface priority.
OK deraadt@

remove trailing "\n" from errx()

Fix printing of partner link aggregation group ID.
OK brad@

compress powersleep commands into one; ok damien

fix printing by group name (eg. ifconfig em), do not abort in the
initial getinfo(), and remove a few superfluous warnings there.

ok deraadt@

welcome pflow(4), a netflow v5 compatible flow export interface.
flows export data gathered from pf states.
initial implementation by Joerg Goltermann <jg@osn.de>, guidance and many
changes by me. 'put it in' theo

Allow some set-style commands to have zero arguments. If there is an
argument after that command, check if it is a keyword, and if it is,
that means the original command really has no argument. Get it?
Now.. replace -m with media (no options), and -M with chan (no options).
Try 'ifconfig -a media chan' on a wireless & ethernet machine after this.
ok henning, reyk, thanks for the comments from others

Pasto in error message for setspppkey()
ok mbalmer@

First pass at removing clauses 3 and 4 from NetBSD licenses.

Not sure what's more surprising: how long it took for NetBSD to
catch up to the rest of the BSDs (including UCB), or the amount of
code that NetBSD has claimed for itself without attributing to the
actual authors.

OK deraadt@

Add 802.3ad LACP support for trunk(4).
Implementation from NetBSD. Ported via FreeBSD's version in trunk^Wlagg(4).
This is still work in progress. Tested with a HP ProCurve 3500.
OK reyk@

add carppeer; an option to specify a different multicast address or
even the unicast address of the remote carp peer. this especially
helps when the multicast carp advertisements are causing problems in
the network (some crappy switches don't do well with multicast), there
are conflicts with VRRP, or the policy of the network does not allow
multicast (most Internet eXchange points didn't allow carped OpenBGP
routers because of the multicast advertisements).

discussed with many
ok mpf@

INADDR_PFSYNC_GROUP is defined as network byte order in the kernel but
as host byte order in userland. ifconfig didn't get this and always printed
the pfsync syncpeer on little endian machines because the check to prevent
printing the default address assumed the wrong byte order.

ok claudio@ rainer@

bring in the mpe interface - for ``MPLS Provider Edge'' - this is a work
in progress and some bits need to be cleaned up but will be in-tree for
convenience.

ok claudio@, norby@

print IN6_IFF_AUTOCONF flag, too; ok henning some time ago

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

fix a free(NULL) in setcarp_nodes().

ok mpf@, chl@
"i agree with the diagnosis" oga@

Move carp load balancing (ARP/IP) to a simpler configuration scheme.
Instead of using the same IP on multiple interfaces, carp has to be
configured with the new "carpnodes" and "balancing" options.
# ifconfig carp0 carpnodes 1:0,2:100,3:100 balancing ip carpdev sis0 192.168.5.50

Please note, that this is a flag day for anyone using carp balancing.
You'll need to adjust your configuration accordingly.

Addititionally this diff adds IPv6 NDP balancing support.

Tested and OK mcbride@, reyk@.
Manpage help by jmc@.

fix format strings

ok mpf@

fix format strings

ok mpf@ henning@

Factor out the virtual host portion of carp into a separate struct
that is kept in a list per carp interface. This is the huge first
step necessary to make carp load balancing nice and easy. One carp
interface can now contain up to 32 virtual host instances.
This doesn't do anything useful yet, but here is how an ifconfig
for multiple entries now looks like:

# ifconfig carp2 carpnodes 5:0,6:100 192.168.5.88

carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:05
carp: carpdev sis0 advbase 1
state MASTER vhid 5 advskew 0
state BACKUP vhid 6 advskew 100
groups: carp
inet 192.168.5.88 netmask 0xffffff00 broadcast 192.168.5.255

OK mcbride@

Don't leak potentially secret authname through ioctl interface.

Suggestions from mpf@ and canacar@

ok deraadt mpf canacar

Fix range check for carp vhid: vhid 0 isn't valid

use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg

missing free, Igor Zinovik <zinovik@cs.karelia.ru>

When setting the vlandevice without specifying a tag, infer the tag
from the interface name, this allows constructs like:
ifconfig vlan15 vlandev smth0

ok reyk@, ``makes sense'' henning@

strlen returns size_t.
ok henning, mbalmer.

avoid segfault when empty string is passed as interface name.
ok henning@

Allow IPv6 addresses to use the CIDR notation too, no need for separate
prefixlen specification when using this form.
man page bits by jmc.

ok henning@, ``looks sane'' djm@.

Add a new "rtlabel" option to ifconfig. It allows to specify a route label
which will be used for new interface routes. For example,
ifconfig em0 10.1.1.0 255.255.255.0 rtlabel RING_1
will set the new interface address and attach the route label RING_1 to
the corresponding route.

manpage bits from jmc@
ok claudio@ henning@

allow IPv4 addresses to be specified in CIDR notation, no need for seperate
mask in that case. initially from rivo nurges <rix@estpak.ee>, but changed
quite a bit. this has annoyed me so long that I wonder why I hadn't fixed
that earlier... input & ok markus deraadt, manpage also jmc

remove support for ipx. okay claudio@

When the SIOCGIFMEDIA ioctl fails, don't report a problem with
'SGIOCGIFMEDIA'.

Noticed by Stuart Henderson.

remove KAME_SCOPEID #ifdef.
__KAME__ should suffice (__KAME__ should be nuked too?)

Add -nwid command to allow wireless interfaces to not prefer a specific
access point. Does the same as nwid "" but since we have -nwkey for nwkey
etc. this is nice for consistency.

ok mbalmer reyk
man stuff also ok jmc

Don't use uninitialized variable.

From Peter Philipp <peter underscore philipp at freenet dot de>.

OK deraadt@.

allow a numeric argument to "carpdemote" to in-/decrease the demotion
counter by more than one. manpage help by jmc, ok mcbride mpf deraadt

make non-root -M use not cut ifconfig output; ok jsg

remove trailing blanks in output of ieee80211_status() as well.

help from claudio@, and ok claudio@ mickey@ mpf@

ifconfig output contained trailing whites in inet and groups: lines
fix that by rearranging spaces in printf format strings

ok claudio@ mpf@ mickey@

knf

add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode
and "nwflag nobridge" to prevent inter-station communications.
"hidenwid" will also work with wi(4) to replace the old -E 3 option of
wicontrol.

ok damien@ jmc@

allow ifconfig to print the signal quality of the current ap. if the
driver reports a RSSI Max value, print the signal quality as a
percentage instead of the arbitrary "dB" value, this also applies to
the output of ifconfig -M (scan/node list).

ok damien@ jsg@

unused variable, spotted by pedro

unused var, wrong check for too many keys; mrd@alkemio.org

simplify usage(); ok krw deraadt

Do not set newaddr to 1 if "delete" was specified beforhands. In this case
doalias is < 0. This fixes the problem where ifconfig em0 delete 10.0.0.1
created a 0.0.0.0/0 route entry and created a total mess because of that.
Diff from markus@ OK beck@ markus@

Introduce attributes to interface groups.
As a first user, move the global carp(4) demotion counter
into the interface group. Thus we have the possibility
to define which carp interfaces are demoted together.

Put the demotion counter into the reserved field of the carp header.
With this, we can have carp act smarter if multiple errors occur.
It now always takes over other carp peers, that are advertising
with a higher demote count. As a side effect, we can also have
group failovers without the need of running in preempt mode.
The protocol change does not break compability with older
implementations.

Collaborative work with mcbride@

OK mcbride@, henning@

Revert last commit. Modifing a interface does a remove and then an add.
We need to figure out a better way to fix this.
Brought up by markus@ OK beck@

ifconfig should be either deleting an interface address, or adding one in one
invocation, not both.

This change ensures that a delete does not also do an add.

Fixes stupid problem where deleting the last address with
ifconfig delete addr
worked differently than
ifconfig addr delete

where the first way would re-add an address of 0.0.0.0/0 after deleting
the address.

ok claudio@, krw@

implement support for sppp(4) in ifconfig. have a look at the updated
manual pages pppoe(4) and sppp(4) for examples.

the spppcontrol(8) utility is not required anymore and will probably
be removed in the near future.

ok deraadt@

Print the lladdr on carp interfaces.

ok henning@

Correctly check for the end of the cmds table. There is no need to check for
c_func2. Until now ifconfig accepted something like ifconfig tun0 1.2.3.4
1.2.3.5 foobar without error. Additionally change the error message to
a more comprehensible message. OK markus@, henning@

Don't increment a pointer *before* testing it for NULL

ok deraadt@

Make it possible to set a default vlan priority to a vlan interface.

ok claudio@ brad@

do not overflow ifr.ifr_addr; ok mpf, henning, hshoexer, deraadt

add "-description" to usage();
ok henning@

add -descr / -description to clear the interface description, noticed todd

missing freeaddrinfo(); maticd@gmail.com

getifaddrs() slightly later in printif(), prevents possible memleak
Andrey Matveev <evol@online.ptt.ru>

print all trunk flags

ok brad@

Clean up compilation with -Wall, okay deraadt@
From: Leonardo Chiquitto Filho <leonardo@iken.com.br>

print session time in fixed width

ok henning, deraadt

err -> errx

iface description is not an array of ptr but rather just a string; jcs@ ok

let 'ifconfig <group>' work, displaying all the interfaces which are member
of the given group, markus ok

netns crap i missed earlier... damn unreliable tools

tidy up the trunk stuff;

remove hiding of interface family groups

disallow interface group names that end in a digit to differentiate them from
true interfaces
ok henning@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

support trunk stacking (trunks as trunk ports) and some fixes

ok brad@

initial import of a trunking (link aggregation and link failover)
implementation. it currently supports round robin mode with link state
checking, additional modes will be added later.

ok brad@, deraadt@

rewrite the interface groups printing code:
don't rely on the interface's driver-name based group to be the first in
the list
don't rely on one group == only default one
do not print the "all" group
don't segfault on interfaces with no group at all
ok mcbride

shave off a few bytes, alpha floppies fit again now

lladdr w/o colon; ok henning

Handle getnameinfo failure. OK niallo

print lladdr instead of address; pointed out by a few

add lladdr command to ifconfig to set MAC address. diffs from freebsd via
Kyunghwan KIM (prs 2117 and 2118) and Fredrik Widlund. ok deraadt

add txpower support to ifconfig

ok bob@ robert@ danh@ and others

Use syncdev instead of syncif in ifconfig, and modify ioctl struct pfsyncreq
in kernel code to match. Brings pfsync in line with carp, vlan and pppoe
devices. Old syncif and -syncif options still work, will be removed later.

ok markus@

Print configured timeslot mask for PDH/TDM interfaces.
OK deraadt@

Don't shift the timeslot map so that timeslot 1 ends in bit 0. E1 may need
to specify timeslot 0 and it is more intuitive.
From alex@ Ok deraadt@

Put settimeslot() into #ifndef SMALL as it is not needed on ramdisks.
OK deraadt@

#ifndef SMALL throughout this, for install media; ok mcbride

Add the 'carpdev' option, to set the carp devices physical interface.
If not specified, the kernel will attempt to select the correct interface
by the subnet (this is the current behaviour).

ok deraadt@ henning@

KNF

note that -a is the default if no params given;
`interface' is now optional;

default to interface printing, instead of help message. any illegal -
option goes to usage. initial work by ian, changed by me, ok mcbride

add pppoe stuff to usage();
ok jaredy@

In kernel pppoe client, a simple IPv4 only implementation.
Initial porting from NetBSD by David Berghoff.
Modified/simplified to match our sppp implementation.
ok deraadt@

remove NI_WITHSCOPEID (which is not standard)

added the "bssid" command to ifconfig, an extended ieee80211
status output and the missing man page entries for ifconfig.8
(from jared).

ok deraadt@, henning@

KNF - reyk, look at this diff
not that ifconfig is our prime example for nicely KNF'd and readable code tho

spacing

added new commands to ifconfig used by net80211 interfaces:
mode (set mode for multi-mode interfaces) and chan (set the radio channel).
some additional output will be printed by "ifconfig -m".

ok deraadt@ millert@ damien@

ifgroups reqrite
there is now a TAILQ with all interface groups as members, and
in struct ofnet there is only a pointer to the group structure stored
and not its name.
mostly hacked at c2k4 and somewhere over the atlantic ocean
ok markus mcbride

ARGSUSED, remove unused, ...

spacing

Allow a unicast ip address to be specified for pfsync with the 'syncpeer'
keyword. This address is used instead of the multicast address to send state
updates; this allows pairs of pfsync firewalls to protect the traffic
with IPSec.

ifconfig must be updated to match the kernel.

zap INET_ONLY, compress usage(); jared

ansi; jared

cleanup ioctl for ifgroups; ok pb@

Add option that allows to change timeslot range forn network card.
ok mcbride@

ignore IFGROUP errs in ifconfig -a for "too old" kernels right now

more netiso leftovers

by pointer from yared janovich

henning@ ok

groups in usage() - from jared yanovich

introduce "interface groups"

by "ifconfig fxp0 group foobar" "ifconfig xl0 group foobar"
these two interfaces are in one group.
Every interface has its if-family as default group.

idea/design from henning@, based on some work/disucssion from Joris Vink.

henning@, mcbride@ ok.

remove netiso stuff

Make printing of 802.11 fields consistent with the rest by printing
a colon (':') after the field name. Noticed by markus@, OK deraadt@

introduce SIOCSIFDESCR and SIOCGIFDESCR to maintain interface
descriptions, configurable with ifconfig

help from various, ok deraadt@

Trailers are really wonders of the past. Remove them from man page and
usage. ok millert@

missing casts spotted by 64 bit cc

use strtonum all over the place; ok pb millert

clean up ifdef hell

reworking of man page and sync/update usage();

this stuff is based mostly on diffs from jared yanovich, with some stuff
from myself and otto;

ok naddy@ otto@ markus@ deraadt@

missing ';' in actually unreached code (pointed out by logix(at)franken.de)

Allow the state of a carp interface to be changed explicitly.

ok markus@

some small knf

Prevent user from specifying an interface name longer than IFNAMSIZ.

ok millert@

Deal correctly with printing interfaces with multiple trailing digits.
E.g. "ifconfig vlan1" should only match vlan1, not vlan1, vlan10, vlan11,
etc. OK tdeval@, hshoexer@, otto@. Closes PR 3693.

Allow ifconfig to print out all interfaces of a given type.
ie. 'ifconfig carp' prints out all carp interfaces.

ok hshoexer@ tdeval@

automagically create pseudo-network interfaces; ok deraadt@

Add initial support for pf state synchronization over the network.
Implemented as an in-kernel multicast IP protocol.

Turn it on like this:

# ifconfig pfsync0 up syncif fxp0

There is not yet any authentication on this protocol, so the syncif
must be on a trusted network. ie, a crossover cable between the two
firewalls.

NOTABLE CHANGES:
- A new index based on a unique (creatorid, stateid) tuple has been
added to the state tree.
- Updates now appear on the pfsync(4) interface; multiple updates may
be compressed into a single update.
- Applications which use bpf on pfsync(4) will need modification;
packets on pfsync no longer contains regular pf_state structs,
but pfsync_state structs which contain no pointers.

Much more to come.

ok deraadt@

add IOCIFGCLONERS; ifconfig -C; from netbsd; ok henning, deraadt

ANSI

add support for ifconfig clone; from netbsd; ok deraadt, henning

Unbreak printing of vlan interface information, commented out accidentally
in CARP import.

Remove commented out debug line committed by mistake.

Common Address Redundancy Protocol

Allows multiple hosts to share an IP address, providing high availability
and load balancing.

Based on code by mickey@, with additional help from markus@
and Marco_Pfatschbacher@genua.de

ok deraadt@

realloc fix

fix a few strlcpy

change SIOCDIFADDR/SIOCAIFADDR warnings into errors (now this has correct
return code in certain cases); ok henning itojun

bring protypes into scope. this requires some quirky handling, but in
the end everything is much clearer; ok tedu (itojun might like to see
how ifconfig looks after this)

ansification

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

move ETHERTYPE_xx declarations to <net/ethertypes.h>. meets netbsd practice.
deraadt ok

modifed -> modified

KNF

consistency: use sin6 as variable name for sockaddr_in6, not sin
no functional changes

ok millert@ pval@

typo (in #ifdef'd out code, but well...); Michal Ludvig <michal at logix.cz>

make failed SIOCG80211NWKEY print alert more clearly; jolan@norm.encryptedemail.net

Since we can no longer count on isprint() to tell us whether or not
a character is 7-bit ASCII, check the high bit by hand when deciding
whether to print a WEP key as ASCII or hex.

add "eui64" option. from ww@styx.org. sync usage with reality.

metric and mtu are u_long, not int.

print ethernet address; ok provos@, itojun@

strcpy, sprintf death; mpech ok

use struct in_aliasreq instead of ifaliasreq when setting new inet
address. solves a sigbus error seen on sparc64 with new binutils.
from itojun@

no need for __alignment__, it was paste error. from fgs/deraadt

Add missing IFM_OPTIONS macro. Previously 'ifconfig -mediaopt' could
clear bits other than media options. Fix from NetBSD.

Add support for nwkey and powersave; from NetBSD

i_nwid is not a NUL-terminated string. Use the length parameter for the
length and sanity check against IEEE80211_NWID_LEN.

when printing out the option list compare the option part only; fixes 802.11 mediaopt printing

Manual cleanup of remaining userland __P use (excluding packages maintained outside the tree)

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

make setting ipx frame type work; from Ian McWilliam <ianm@cit.uws.edu.au>

kill more registers;

millert@ ok

strncpy() -> strlcpy(); from Jean-Francois Brousseau

fix buffer underrun on 1.51

more careful with snprintf result code

do not write into s6_addr[16] (out of bounds).

major -Wall cleanup, almost complete

tunneldelete -> deletetunnel

implement "deletetunnel" (removes tunnel outer IP address pair)
rename "giftunnel" intto "tunnel", to reduce diffs with netbsd.
(giftunnel is still usable for backward compat)

markus and niels ok'ed.