Use struct refcnt for interface address reference counting.
There was a crash due to use after free of the ifa although it is
ref counted. As ifa_refcnt was a simple integer increment, there
may be a path where multiple CPUs access it concurrently. So change
to struct refcnt which is MP safe and provides dt(4) leak debugging.
Link level address for IPsec enc(4) and various MPLS interfaces is
special. There ifa is part of struct sc. Use refcount anyway and
add a panic to detect use after free.
bug report stsp@; OK mvs@

Remove unused start routine

enc(4) does not use the ifqueue API at all; IPsec packets are directly
transformed in the IP input/output routines.

enc_start() is never called (by design) so remove it for clarity.

OK mpi

Change users of IFQ_DEQUEUE(), IFQ_ENQUEUE() and IFQ_LEN() to use the
"new" API.

ok dlg@ tobhe@

cleanup unused headers generated by config

ok tedu@ krw@ deraadt@

newlen was a dead store, but what we could use is oldlen to
simplify the code.
Pointed out by daniel@ with the help of their friend gcc9
OK kn

free(9) sizes.

ok reyk@

"id" is too generic, rename to "rdomain" for clarity and easier grepping

ok benno@ mpi@

Use the same test pattern as for enc_ifps, for consistency

ok denis@

Fix a kernelpanic when using rdomain(4) and enc(4)

OK jca@ mpi@

Last changes before running IPsec w/o KERNEL_LOCK().

Put more NET_ASSERT_LOCK() and document which globals it protects.

Add a mutex for pfkeyv2 globals.

Convert ipsp_delete_acquire() to timeout_set_proc().

Tested by Hrvoje Popovski, ok bluhm@ visa@

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Protect the global array of interfaces with the NET_LOCK().

ok sashan@

Flag pseudo-interfaces as such in order to call add_net_randomness()
only once per packet.

Fix a regression introduced when if_input() started to be called by
every pseudo-driver.

ok claudio@, dlg@

No need to handle SIOCAIFADDR in drivers, it's never passed down to
them.

ok claudio@

Make enc_output() return EAFNOSUPPORT after dropping the packet,
instead of 0. Makes it consistent with other similar interfaces.

ok mpi@ vgross@

use IFQ_DEQUEUE to pull of the send queue.

Rename rtrequest1() to rtrequest().
OK mpi@

Kill link_rtrequest(), introduce in 1990 to "fix" the result
of rt_getifa() when adding link level route from outside the
kernel.

ok claudio@

Inspired by satosin(), use inline functions to convert sockaddr dl.
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

yet more mallocarray() changes.

ok tedu@ deraadt@

There's no good reason to keep into "struct ifnet" a pointer that's only
used by enc(4) devices to attach their routes.

ok sthen@, mikeb@

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

remove uneeded route.h includes
ok miod@ mpi@

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

Fix IPsec route addition broken since the removal of the link-layer
addresses from the per-ifp list.

While here document why enc(4) needs a link-layer address, or at
least something that seems to be one.

Found the hard way and fix tested by naddy@, ok mikeb@, henning@

The error return codes for the enc interface were inconsistent.
Always return the appropriate errno.
OK reyk@ mikeb@

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

Allow to specify an alternative enc(4) interface for an SA. All
traffic for this SA will appear on the specified enc interface instead
of enc0 and can be filtered and monitored separately. This will allow
to group individual ipsec policies to virtual interfaces and
simplifies monitoring and pf filtering with many ipsec policies a lot.

This diff includes the following changes:
- Store the enc interface unit (default 0) in the TDB of an SA and pass
it to the enc_getif() lookup when running the bpf or pf_test() handlers.
- Add the pfkey SADB_X_EXT_TAP extension to communicate the encX
interface unit for a specified SA between userland and kernel.
- Update enc(4) again to use an allocate array instead of the TAILQ to
lookup the matching enc interface in enc_getif() quickly.

Discussed with many, tested by a few, will need more testing & review.

ok deraadt@

We have to add enc0 to the "enc" interface group manually on boot.
Adopted from the loop lo0 code.

Replace enc(4) with a new implementation as a cloner device. We still
create enc0 by default, but it is possible to add additional enc
interfaces. This will be used later to allow alternative encs per
policy or to have an enc per rdomain when IPsec becomes rdomain-aware.

manpage bits ok jmc@
input from henning@ deraadt@ toby@ naddy@
ok henning@ claudio@

encif is a global variable and thus pre-zeroed, don't bother bzero()ing
it after the fact.

ok henning@, claudio@

return with ENOTTY instead of EINVAL for unknown ioctl requests.

ok claudio@ krw@ jason@ dlg@

one extern seems to be better than 20 for ifqmaxlen; ok krw

ansify the enc code

ok otto@

Kill unused encrtrequest(). OK markus@

With the exception of two other small uncommited diffs this moves
the remainder of the network stack from splimp to splnet.

ok miod@

no more netns handling for the various tunnel devices and loopback

Kill more netiso ghosts.

ok millert@

string fixes; tedu ok

allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always know
the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach().
from netbsd. fgs ok

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

First round of __P removal in sys

branches: 1.36.4;
KNF

Copyright update.

One more include cleanup, just to piss off Aaron :-)

Move offsetof define into sys/param.h

For bridged IPsec, use the gif* interfaces.

initialize mtu/hlim for enc interface at encattach().

backgronud: inbound ipsec packet will have enc* as m->m_pkthdr.rcvif.
when we try to reflect the packet back in the kernel (like icmp6 echo),
we'd generate packet toward enc* interface. icmp6_reflect() will take
hoplimit value from nd_ifinfo[enc*], which was not initialized by the old code.

XXX the change to m->m_pkthdr.rcvif violates IPv6 scoped routing.
we will need to disable it, for at least IPv6.

Stats for bridge output too.

Sanity check on dequeued mbufs, also keep track of correct interface
for statistics purposes.

Fix checksum for outgoing etherip/ipip packets from enc interfaces.

Minor oops in sanity logic, IFF_RUNNING is set/unset with IFF_UP,
be paranoid with uninitialized variable.

output routine enqueues and calls start, rather than requeueing for input.

Typo.

SIOCAIFADDR.

Allow setting address.

If IFF_LINK0 is set, do IP-in-IP instead of Ethernet-in-IP. This will
be used to implement overlay networks and more flexible road-warrior
support.

Cryptographic services framework, and software "device driver". The
idea is to support various cryptographic hardware accelerators (which
may be (detachable) cards, secondary/tertiary/etc processors,
software crypto, etc). Supports session migration between crypto
devices. What it doesn't (yet) support:
- multiple instances of the same algorithm used in the same session
- use of multiple crypto drivers in the same session
- asymmetric crypto

No support for a userland device yet.

IPsec code path modified to allow for asynchronous cryptography
(callbacks used in both input and output processing). Some unrelated
code simplification done in the process (especially for AH).

Development of this code kindly supported by Network Security
Technologies (NSTI). The code was writen mostly in Greece, and is
being committed from Montreal.

branches: 1.20.2;
fix include file path related to ip6.

Ok, so setsoftnet is md.

Well, on the amiga, setsoftnet *REQUIRES* machine/cpu.h to work...
and no include mentioned in those files pulls machine/cpu.h...

Nit-fix: / * INET6 */ -> /* INET6 */

Can't bind SAs to enc0

Add missing IF_DROPs

Properly handle non-IPSEC case.

Add SRCSA and CLEARSA ioctls.

Implement ioctls for binding SAs to enc interfaces (to be used with
the bridge).

Fix *stupid* typo/error that was causing the panics in post 2.6, found
by art@

Use enc_softc instead of ifnet for encif.

remove bogus entry from if_enc address list; and rename enc_softc to encif

The enc interface should not be IFF_LOOPBACK, as AH and ESP uses that
as receiving interface for filtering

indent

make the packets which were successfully processed by IPSec available to
bpf via the enc0 interface, using linktype DLT_ENC.

first step to the setsockopt/getsockopt interface as described in
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal
userland key management applications when security services are requested.
this is only for outgoing connections at the moment, incoming packets
are not yet checked against the selected socket policy.

make it easier to add additional transforms. add blowfish and cast
encryption. some more info for kernfs/ipsec.

put old esp/ah and new esp/ah in different files.
generalised way of handling transforms.

major restructuring

BPF support ifdefed.

OpenBSD tags + some prototyping police

IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz

Remove unused start routine

enc(4) does not use the ifqueue API at all; IPsec packets are directly
transformed in the IP input/output routines.

enc_start() is never called (by design) so remove it for clarity.

OK mpi

Change users of IFQ_DEQUEUE(), IFQ_ENQUEUE() and IFQ_LEN() to use the
"new" API.

ok dlg@ tobhe@

cleanup unused headers generated by config

ok tedu@ krw@ deraadt@

newlen was a dead store, but what we could use is oldlen to
simplify the code.
Pointed out by daniel@ with the help of their friend gcc9
OK kn

free(9) sizes.

ok reyk@

"id" is too generic, rename to "rdomain" for clarity and easier grepping

ok benno@ mpi@

Use the same test pattern as for enc_ifps, for consistency

ok denis@

Fix a kernelpanic when using rdomain(4) and enc(4)

OK jca@ mpi@

Last changes before running IPsec w/o KERNEL_LOCK().

Put more NET_ASSERT_LOCK() and document which globals it protects.

Add a mutex for pfkeyv2 globals.

Convert ipsp_delete_acquire() to timeout_set_proc().

Tested by Hrvoje Popovski, ok bluhm@ visa@

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Protect the global array of interfaces with the NET_LOCK().

ok sashan@

Flag pseudo-interfaces as such in order to call add_net_randomness()
only once per packet.

Fix a regression introduced when if_input() started to be called by
every pseudo-driver.

ok claudio@, dlg@

No need to handle SIOCAIFADDR in drivers, it's never passed down to
them.

ok claudio@

Make enc_output() return EAFNOSUPPORT after dropping the packet,
instead of 0. Makes it consistent with other similar interfaces.

ok mpi@ vgross@

use IFQ_DEQUEUE to pull of the send queue.

Rename rtrequest1() to rtrequest().
OK mpi@

Kill link_rtrequest(), introduce in 1990 to "fix" the result
of rt_getifa() when adding link level route from outside the
kernel.

ok claudio@

Inspired by satosin(), use inline functions to convert sockaddr dl.
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

yet more mallocarray() changes.

ok tedu@ deraadt@

There's no good reason to keep into "struct ifnet" a pointer that's only
used by enc(4) devices to attach their routes.

ok sthen@, mikeb@

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

remove uneeded route.h includes
ok miod@ mpi@

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

Fix IPsec route addition broken since the removal of the link-layer
addresses from the per-ifp list.

While here document why enc(4) needs a link-layer address, or at
least something that seems to be one.

Found the hard way and fix tested by naddy@, ok mikeb@, henning@

The error return codes for the enc interface were inconsistent.
Always return the appropriate errno.
OK reyk@ mikeb@

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

Allow to specify an alternative enc(4) interface for an SA. All
traffic for this SA will appear on the specified enc interface instead
of enc0 and can be filtered and monitored separately. This will allow
to group individual ipsec policies to virtual interfaces and
simplifies monitoring and pf filtering with many ipsec policies a lot.

This diff includes the following changes:
- Store the enc interface unit (default 0) in the TDB of an SA and pass
it to the enc_getif() lookup when running the bpf or pf_test() handlers.
- Add the pfkey SADB_X_EXT_TAP extension to communicate the encX
interface unit for a specified SA between userland and kernel.
- Update enc(4) again to use an allocate array instead of the TAILQ to
lookup the matching enc interface in enc_getif() quickly.

Discussed with many, tested by a few, will need more testing & review.

ok deraadt@

We have to add enc0 to the "enc" interface group manually on boot.
Adopted from the loop lo0 code.

Replace enc(4) with a new implementation as a cloner device. We still
create enc0 by default, but it is possible to add additional enc
interfaces. This will be used later to allow alternative encs per
policy or to have an enc per rdomain when IPsec becomes rdomain-aware.

manpage bits ok jmc@
input from henning@ deraadt@ toby@ naddy@
ok henning@ claudio@

encif is a global variable and thus pre-zeroed, don't bother bzero()ing
it after the fact.

ok henning@, claudio@

return with ENOTTY instead of EINVAL for unknown ioctl requests.

ok claudio@ krw@ jason@ dlg@

one extern seems to be better than 20 for ifqmaxlen; ok krw

ansify the enc code

ok otto@

Kill unused encrtrequest(). OK markus@

With the exception of two other small uncommited diffs this moves
the remainder of the network stack from splimp to splnet.

ok miod@

no more netns handling for the various tunnel devices and loopback

Kill more netiso ghosts.

ok millert@

string fixes; tedu ok

allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always know
the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach().
from netbsd. fgs ok

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

First round of __P removal in sys

branches: 1.36.4;
KNF

Copyright update.

One more include cleanup, just to piss off Aaron :-)

Move offsetof define into sys/param.h

For bridged IPsec, use the gif* interfaces.

initialize mtu/hlim for enc interface at encattach().

backgronud: inbound ipsec packet will have enc* as m->m_pkthdr.rcvif.
when we try to reflect the packet back in the kernel (like icmp6 echo),
we'd generate packet toward enc* interface. icmp6_reflect() will take
hoplimit value from nd_ifinfo[enc*], which was not initialized by the old code.

XXX the change to m->m_pkthdr.rcvif violates IPv6 scoped routing.
we will need to disable it, for at least IPv6.

Stats for bridge output too.

Sanity check on dequeued mbufs, also keep track of correct interface
for statistics purposes.

Fix checksum for outgoing etherip/ipip packets from enc interfaces.

Minor oops in sanity logic, IFF_RUNNING is set/unset with IFF_UP,
be paranoid with uninitialized variable.

output routine enqueues and calls start, rather than requeueing for input.

Typo.

SIOCAIFADDR.

Allow setting address.

If IFF_LINK0 is set, do IP-in-IP instead of Ethernet-in-IP. This will
be used to implement overlay networks and more flexible road-warrior
support.

Cryptographic services framework, and software "device driver". The
idea is to support various cryptographic hardware accelerators (which
may be (detachable) cards, secondary/tertiary/etc processors,
software crypto, etc). Supports session migration between crypto
devices. What it doesn't (yet) support:
- multiple instances of the same algorithm used in the same session
- use of multiple crypto drivers in the same session
- asymmetric crypto

No support for a userland device yet.

IPsec code path modified to allow for asynchronous cryptography
(callbacks used in both input and output processing). Some unrelated
code simplification done in the process (especially for AH).

Development of this code kindly supported by Network Security
Technologies (NSTI). The code was writen mostly in Greece, and is
being committed from Montreal.

branches: 1.20.2;
fix include file path related to ip6.

Ok, so setsoftnet is md.

Well, on the amiga, setsoftnet *REQUIRES* machine/cpu.h to work...
and no include mentioned in those files pulls machine/cpu.h...

Nit-fix: / * INET6 */ -> /* INET6 */

Can't bind SAs to enc0

Add missing IF_DROPs

Properly handle non-IPSEC case.

Add SRCSA and CLEARSA ioctls.

Implement ioctls for binding SAs to enc interfaces (to be used with
the bridge).

Fix *stupid* typo/error that was causing the panics in post 2.6, found
by art@

Use enc_softc instead of ifnet for encif.

remove bogus entry from if_enc address list; and rename enc_softc to encif

The enc interface should not be IFF_LOOPBACK, as AH and ESP uses that
as receiving interface for filtering

indent

make the packets which were successfully processed by IPSec available to
bpf via the enc0 interface, using linktype DLT_ENC.

first step to the setsockopt/getsockopt interface as described in
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal
userland key management applications when security services are requested.
this is only for outgoing connections at the moment, incoming packets
are not yet checked against the selected socket policy.

make it easier to add additional transforms. add blowfish and cast
encryption. some more info for kernfs/ipsec.

put old esp/ah and new esp/ah in different files.
generalised way of handling transforms.

major restructuring

BPF support ifdefed.

OpenBSD tags + some prototyping police

IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz

Change users of IFQ_DEQUEUE(), IFQ_ENQUEUE() and IFQ_LEN() to use the
"new" API.

ok dlg@ tobhe@

cleanup unused headers generated by config

ok tedu@ krw@ deraadt@

newlen was a dead store, but what we could use is oldlen to
simplify the code.
Pointed out by daniel@ with the help of their friend gcc9
OK kn

free(9) sizes.

ok reyk@

"id" is too generic, rename to "rdomain" for clarity and easier grepping

ok benno@ mpi@

Use the same test pattern as for enc_ifps, for consistency

ok denis@

Fix a kernelpanic when using rdomain(4) and enc(4)

OK jca@ mpi@

Last changes before running IPsec w/o KERNEL_LOCK().

Put more NET_ASSERT_LOCK() and document which globals it protects.

Add a mutex for pfkeyv2 globals.

Convert ipsp_delete_acquire() to timeout_set_proc().

Tested by Hrvoje Popovski, ok bluhm@ visa@

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Protect the global array of interfaces with the NET_LOCK().

ok sashan@

Flag pseudo-interfaces as such in order to call add_net_randomness()
only once per packet.

Fix a regression introduced when if_input() started to be called by
every pseudo-driver.

ok claudio@, dlg@

No need to handle SIOCAIFADDR in drivers, it's never passed down to
them.

ok claudio@

Make enc_output() return EAFNOSUPPORT after dropping the packet,
instead of 0. Makes it consistent with other similar interfaces.

ok mpi@ vgross@

use IFQ_DEQUEUE to pull of the send queue.

Rename rtrequest1() to rtrequest().
OK mpi@

Kill link_rtrequest(), introduce in 1990 to "fix" the result
of rt_getifa() when adding link level route from outside the
kernel.

ok claudio@

Inspired by satosin(), use inline functions to convert sockaddr dl.
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

yet more mallocarray() changes.

ok tedu@ deraadt@

There's no good reason to keep into "struct ifnet" a pointer that's only
used by enc(4) devices to attach their routes.

ok sthen@, mikeb@

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

remove uneeded route.h includes
ok miod@ mpi@

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

Fix IPsec route addition broken since the removal of the link-layer
addresses from the per-ifp list.

While here document why enc(4) needs a link-layer address, or at
least something that seems to be one.

Found the hard way and fix tested by naddy@, ok mikeb@, henning@

The error return codes for the enc interface were inconsistent.
Always return the appropriate errno.
OK reyk@ mikeb@

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

Allow to specify an alternative enc(4) interface for an SA. All
traffic for this SA will appear on the specified enc interface instead
of enc0 and can be filtered and monitored separately. This will allow
to group individual ipsec policies to virtual interfaces and
simplifies monitoring and pf filtering with many ipsec policies a lot.

This diff includes the following changes:
- Store the enc interface unit (default 0) in the TDB of an SA and pass
it to the enc_getif() lookup when running the bpf or pf_test() handlers.
- Add the pfkey SADB_X_EXT_TAP extension to communicate the encX
interface unit for a specified SA between userland and kernel.
- Update enc(4) again to use an allocate array instead of the TAILQ to
lookup the matching enc interface in enc_getif() quickly.

Discussed with many, tested by a few, will need more testing & review.

ok deraadt@

We have to add enc0 to the "enc" interface group manually on boot.
Adopted from the loop lo0 code.

Replace enc(4) with a new implementation as a cloner device. We still
create enc0 by default, but it is possible to add additional enc
interfaces. This will be used later to allow alternative encs per
policy or to have an enc per rdomain when IPsec becomes rdomain-aware.

manpage bits ok jmc@
input from henning@ deraadt@ toby@ naddy@
ok henning@ claudio@

encif is a global variable and thus pre-zeroed, don't bother bzero()ing
it after the fact.

ok henning@, claudio@

return with ENOTTY instead of EINVAL for unknown ioctl requests.

ok claudio@ krw@ jason@ dlg@

one extern seems to be better than 20 for ifqmaxlen; ok krw

ansify the enc code

ok otto@

Kill unused encrtrequest(). OK markus@

With the exception of two other small uncommited diffs this moves
the remainder of the network stack from splimp to splnet.

ok miod@

no more netns handling for the various tunnel devices and loopback

Kill more netiso ghosts.

ok millert@

string fixes; tedu ok

allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always know
the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach().
from netbsd. fgs ok

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

First round of __P removal in sys

branches: 1.36.4;
KNF

Copyright update.

One more include cleanup, just to piss off Aaron :-)

Move offsetof define into sys/param.h

For bridged IPsec, use the gif* interfaces.

initialize mtu/hlim for enc interface at encattach().

backgronud: inbound ipsec packet will have enc* as m->m_pkthdr.rcvif.
when we try to reflect the packet back in the kernel (like icmp6 echo),
we'd generate packet toward enc* interface. icmp6_reflect() will take
hoplimit value from nd_ifinfo[enc*], which was not initialized by the old code.

XXX the change to m->m_pkthdr.rcvif violates IPv6 scoped routing.
we will need to disable it, for at least IPv6.

Stats for bridge output too.

Sanity check on dequeued mbufs, also keep track of correct interface
for statistics purposes.

Fix checksum for outgoing etherip/ipip packets from enc interfaces.

Minor oops in sanity logic, IFF_RUNNING is set/unset with IFF_UP,
be paranoid with uninitialized variable.

output routine enqueues and calls start, rather than requeueing for input.

Typo.

SIOCAIFADDR.

Allow setting address.

If IFF_LINK0 is set, do IP-in-IP instead of Ethernet-in-IP. This will
be used to implement overlay networks and more flexible road-warrior
support.

Cryptographic services framework, and software "device driver". The
idea is to support various cryptographic hardware accelerators (which
may be (detachable) cards, secondary/tertiary/etc processors,
software crypto, etc). Supports session migration between crypto
devices. What it doesn't (yet) support:
- multiple instances of the same algorithm used in the same session
- use of multiple crypto drivers in the same session
- asymmetric crypto

No support for a userland device yet.

IPsec code path modified to allow for asynchronous cryptography
(callbacks used in both input and output processing). Some unrelated
code simplification done in the process (especially for AH).

Development of this code kindly supported by Network Security
Technologies (NSTI). The code was writen mostly in Greece, and is
being committed from Montreal.

branches: 1.20.2;
fix include file path related to ip6.

Ok, so setsoftnet is md.

Well, on the amiga, setsoftnet *REQUIRES* machine/cpu.h to work...
and no include mentioned in those files pulls machine/cpu.h...

Nit-fix: / * INET6 */ -> /* INET6 */

Can't bind SAs to enc0

Add missing IF_DROPs

Properly handle non-IPSEC case.

Add SRCSA and CLEARSA ioctls.

Implement ioctls for binding SAs to enc interfaces (to be used with
the bridge).

Fix *stupid* typo/error that was causing the panics in post 2.6, found
by art@

Use enc_softc instead of ifnet for encif.

remove bogus entry from if_enc address list; and rename enc_softc to encif

The enc interface should not be IFF_LOOPBACK, as AH and ESP uses that
as receiving interface for filtering

indent

make the packets which were successfully processed by IPSec available to
bpf via the enc0 interface, using linktype DLT_ENC.

first step to the setsockopt/getsockopt interface as described in
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal
userland key management applications when security services are requested.
this is only for outgoing connections at the moment, incoming packets
are not yet checked against the selected socket policy.

make it easier to add additional transforms. add blowfish and cast
encryption. some more info for kernfs/ipsec.

put old esp/ah and new esp/ah in different files.
generalised way of handling transforms.

major restructuring

BPF support ifdefed.

OpenBSD tags + some prototyping police

IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz

cleanup unused headers generated by config

ok tedu@ krw@ deraadt@

newlen was a dead store, but what we could use is oldlen to
simplify the code.
Pointed out by daniel@ with the help of their friend gcc9
OK kn

free(9) sizes.

ok reyk@

"id" is too generic, rename to "rdomain" for clarity and easier grepping

ok benno@ mpi@

Use the same test pattern as for enc_ifps, for consistency

ok denis@

Fix a kernelpanic when using rdomain(4) and enc(4)

OK jca@ mpi@

Last changes before running IPsec w/o KERNEL_LOCK().

Put more NET_ASSERT_LOCK() and document which globals it protects.

Add a mutex for pfkeyv2 globals.

Convert ipsp_delete_acquire() to timeout_set_proc().

Tested by Hrvoje Popovski, ok bluhm@ visa@

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Protect the global array of interfaces with the NET_LOCK().

ok sashan@

Flag pseudo-interfaces as such in order to call add_net_randomness()
only once per packet.

Fix a regression introduced when if_input() started to be called by
every pseudo-driver.

ok claudio@, dlg@

No need to handle SIOCAIFADDR in drivers, it's never passed down to
them.

ok claudio@

Make enc_output() return EAFNOSUPPORT after dropping the packet,
instead of 0. Makes it consistent with other similar interfaces.

ok mpi@ vgross@

use IFQ_DEQUEUE to pull of the send queue.

Rename rtrequest1() to rtrequest().
OK mpi@

Kill link_rtrequest(), introduce in 1990 to "fix" the result
of rt_getifa() when adding link level route from outside the
kernel.

ok claudio@

Inspired by satosin(), use inline functions to convert sockaddr dl.
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

yet more mallocarray() changes.

ok tedu@ deraadt@

There's no good reason to keep into "struct ifnet" a pointer that's only
used by enc(4) devices to attach their routes.

ok sthen@, mikeb@

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

remove uneeded route.h includes
ok miod@ mpi@

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

Fix IPsec route addition broken since the removal of the link-layer
addresses from the per-ifp list.

While here document why enc(4) needs a link-layer address, or at
least something that seems to be one.

Found the hard way and fix tested by naddy@, ok mikeb@, henning@

The error return codes for the enc interface were inconsistent.
Always return the appropriate errno.
OK reyk@ mikeb@

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

Allow to specify an alternative enc(4) interface for an SA. All
traffic for this SA will appear on the specified enc interface instead
of enc0 and can be filtered and monitored separately. This will allow
to group individual ipsec policies to virtual interfaces and
simplifies monitoring and pf filtering with many ipsec policies a lot.

This diff includes the following changes:
- Store the enc interface unit (default 0) in the TDB of an SA and pass
it to the enc_getif() lookup when running the bpf or pf_test() handlers.
- Add the pfkey SADB_X_EXT_TAP extension to communicate the encX
interface unit for a specified SA between userland and kernel.
- Update enc(4) again to use an allocate array instead of the TAILQ to
lookup the matching enc interface in enc_getif() quickly.

Discussed with many, tested by a few, will need more testing & review.

ok deraadt@

We have to add enc0 to the "enc" interface group manually on boot.
Adopted from the loop lo0 code.

Replace enc(4) with a new implementation as a cloner device. We still
create enc0 by default, but it is possible to add additional enc
interfaces. This will be used later to allow alternative encs per
policy or to have an enc per rdomain when IPsec becomes rdomain-aware.

manpage bits ok jmc@
input from henning@ deraadt@ toby@ naddy@
ok henning@ claudio@

encif is a global variable and thus pre-zeroed, don't bother bzero()ing
it after the fact.

ok henning@, claudio@

return with ENOTTY instead of EINVAL for unknown ioctl requests.

ok claudio@ krw@ jason@ dlg@

one extern seems to be better than 20 for ifqmaxlen; ok krw

ansify the enc code

ok otto@

Kill unused encrtrequest(). OK markus@

With the exception of two other small uncommited diffs this moves
the remainder of the network stack from splimp to splnet.

ok miod@

no more netns handling for the various tunnel devices and loopback

Kill more netiso ghosts.

ok millert@

string fixes; tedu ok

allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always know
the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach().
from netbsd. fgs ok

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

First round of __P removal in sys

branches: 1.36.4;
KNF

Copyright update.

One more include cleanup, just to piss off Aaron :-)

Move offsetof define into sys/param.h

For bridged IPsec, use the gif* interfaces.

initialize mtu/hlim for enc interface at encattach().

backgronud: inbound ipsec packet will have enc* as m->m_pkthdr.rcvif.
when we try to reflect the packet back in the kernel (like icmp6 echo),
we'd generate packet toward enc* interface. icmp6_reflect() will take
hoplimit value from nd_ifinfo[enc*], which was not initialized by the old code.

XXX the change to m->m_pkthdr.rcvif violates IPv6 scoped routing.
we will need to disable it, for at least IPv6.

Stats for bridge output too.

Sanity check on dequeued mbufs, also keep track of correct interface
for statistics purposes.

Fix checksum for outgoing etherip/ipip packets from enc interfaces.

Minor oops in sanity logic, IFF_RUNNING is set/unset with IFF_UP,
be paranoid with uninitialized variable.

output routine enqueues and calls start, rather than requeueing for input.

Typo.

SIOCAIFADDR.

Allow setting address.

If IFF_LINK0 is set, do IP-in-IP instead of Ethernet-in-IP. This will
be used to implement overlay networks and more flexible road-warrior
support.

Cryptographic services framework, and software "device driver". The
idea is to support various cryptographic hardware accelerators (which
may be (detachable) cards, secondary/tertiary/etc processors,
software crypto, etc). Supports session migration between crypto
devices. What it doesn't (yet) support:
- multiple instances of the same algorithm used in the same session
- use of multiple crypto drivers in the same session
- asymmetric crypto

No support for a userland device yet.

IPsec code path modified to allow for asynchronous cryptography
(callbacks used in both input and output processing). Some unrelated
code simplification done in the process (especially for AH).

Development of this code kindly supported by Network Security
Technologies (NSTI). The code was writen mostly in Greece, and is
being committed from Montreal.

branches: 1.20.2;
fix include file path related to ip6.

Ok, so setsoftnet is md.

Well, on the amiga, setsoftnet *REQUIRES* machine/cpu.h to work...
and no include mentioned in those files pulls machine/cpu.h...

Nit-fix: / * INET6 */ -> /* INET6 */

Can't bind SAs to enc0

Add missing IF_DROPs

Properly handle non-IPSEC case.

Add SRCSA and CLEARSA ioctls.

Implement ioctls for binding SAs to enc interfaces (to be used with
the bridge).

Fix *stupid* typo/error that was causing the panics in post 2.6, found
by art@

Use enc_softc instead of ifnet for encif.

remove bogus entry from if_enc address list; and rename enc_softc to encif

The enc interface should not be IFF_LOOPBACK, as AH and ESP uses that
as receiving interface for filtering

indent

make the packets which were successfully processed by IPSec available to
bpf via the enc0 interface, using linktype DLT_ENC.

first step to the setsockopt/getsockopt interface as described in
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal
userland key management applications when security services are requested.
this is only for outgoing connections at the moment, incoming packets
are not yet checked against the selected socket policy.

make it easier to add additional transforms. add blowfish and cast
encryption. some more info for kernfs/ipsec.

put old esp/ah and new esp/ah in different files.
generalised way of handling transforms.

major restructuring

BPF support ifdefed.

OpenBSD tags + some prototyping police

IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz

newlen was a dead store, but what we could use is oldlen to
simplify the code.
Pointed out by daniel@ with the help of their friend gcc9
OK kn

free(9) sizes.

ok reyk@

"id" is too generic, rename to "rdomain" for clarity and easier grepping

ok benno@ mpi@

Use the same test pattern as for enc_ifps, for consistency

ok denis@

Fix a kernelpanic when using rdomain(4) and enc(4)

OK jca@ mpi@

Last changes before running IPsec w/o KERNEL_LOCK().

Put more NET_ASSERT_LOCK() and document which globals it protects.

Add a mutex for pfkeyv2 globals.

Convert ipsp_delete_acquire() to timeout_set_proc().

Tested by Hrvoje Popovski, ok bluhm@ visa@

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Protect the global array of interfaces with the NET_LOCK().

ok sashan@

Flag pseudo-interfaces as such in order to call add_net_randomness()
only once per packet.

Fix a regression introduced when if_input() started to be called by
every pseudo-driver.

ok claudio@, dlg@

No need to handle SIOCAIFADDR in drivers, it's never passed down to
them.

ok claudio@

Make enc_output() return EAFNOSUPPORT after dropping the packet,
instead of 0. Makes it consistent with other similar interfaces.

ok mpi@ vgross@

use IFQ_DEQUEUE to pull of the send queue.

Rename rtrequest1() to rtrequest().
OK mpi@

Kill link_rtrequest(), introduce in 1990 to "fix" the result
of rt_getifa() when adding link level route from outside the
kernel.

ok claudio@

Inspired by satosin(), use inline functions to convert sockaddr dl.
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

yet more mallocarray() changes.

ok tedu@ deraadt@

There's no good reason to keep into "struct ifnet" a pointer that's only
used by enc(4) devices to attach their routes.

ok sthen@, mikeb@

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

remove uneeded route.h includes
ok miod@ mpi@

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

Fix IPsec route addition broken since the removal of the link-layer
addresses from the per-ifp list.

While here document why enc(4) needs a link-layer address, or at
least something that seems to be one.

Found the hard way and fix tested by naddy@, ok mikeb@, henning@

The error return codes for the enc interface were inconsistent.
Always return the appropriate errno.
OK reyk@ mikeb@

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

Allow to specify an alternative enc(4) interface for an SA. All
traffic for this SA will appear on the specified enc interface instead
of enc0 and can be filtered and monitored separately. This will allow
to group individual ipsec policies to virtual interfaces and
simplifies monitoring and pf filtering with many ipsec policies a lot.

This diff includes the following changes:
- Store the enc interface unit (default 0) in the TDB of an SA and pass
it to the enc_getif() lookup when running the bpf or pf_test() handlers.
- Add the pfkey SADB_X_EXT_TAP extension to communicate the encX
interface unit for a specified SA between userland and kernel.
- Update enc(4) again to use an allocate array instead of the TAILQ to
lookup the matching enc interface in enc_getif() quickly.

Discussed with many, tested by a few, will need more testing & review.

ok deraadt@

We have to add enc0 to the "enc" interface group manually on boot.
Adopted from the loop lo0 code.

Replace enc(4) with a new implementation as a cloner device. We still
create enc0 by default, but it is possible to add additional enc
interfaces. This will be used later to allow alternative encs per
policy or to have an enc per rdomain when IPsec becomes rdomain-aware.

manpage bits ok jmc@
input from henning@ deraadt@ toby@ naddy@
ok henning@ claudio@

encif is a global variable and thus pre-zeroed, don't bother bzero()ing
it after the fact.

ok henning@, claudio@

return with ENOTTY instead of EINVAL for unknown ioctl requests.

ok claudio@ krw@ jason@ dlg@

one extern seems to be better than 20 for ifqmaxlen; ok krw

ansify the enc code

ok otto@

Kill unused encrtrequest(). OK markus@

With the exception of two other small uncommited diffs this moves
the remainder of the network stack from splimp to splnet.

ok miod@

no more netns handling for the various tunnel devices and loopback

Kill more netiso ghosts.

ok millert@

string fixes; tedu ok

allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always know
the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach().
from netbsd. fgs ok

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

First round of __P removal in sys

branches: 1.36.4;
KNF

Copyright update.

One more include cleanup, just to piss off Aaron :-)

Move offsetof define into sys/param.h

For bridged IPsec, use the gif* interfaces.

initialize mtu/hlim for enc interface at encattach().

backgronud: inbound ipsec packet will have enc* as m->m_pkthdr.rcvif.
when we try to reflect the packet back in the kernel (like icmp6 echo),
we'd generate packet toward enc* interface. icmp6_reflect() will take
hoplimit value from nd_ifinfo[enc*], which was not initialized by the old code.

XXX the change to m->m_pkthdr.rcvif violates IPv6 scoped routing.
we will need to disable it, for at least IPv6.

Stats for bridge output too.

Sanity check on dequeued mbufs, also keep track of correct interface
for statistics purposes.

Fix checksum for outgoing etherip/ipip packets from enc interfaces.

Minor oops in sanity logic, IFF_RUNNING is set/unset with IFF_UP,
be paranoid with uninitialized variable.

output routine enqueues and calls start, rather than requeueing for input.

Typo.

SIOCAIFADDR.

Allow setting address.

If IFF_LINK0 is set, do IP-in-IP instead of Ethernet-in-IP. This will
be used to implement overlay networks and more flexible road-warrior
support.

Cryptographic services framework, and software "device driver". The
idea is to support various cryptographic hardware accelerators (which
may be (detachable) cards, secondary/tertiary/etc processors,
software crypto, etc). Supports session migration between crypto
devices. What it doesn't (yet) support:
- multiple instances of the same algorithm used in the same session
- use of multiple crypto drivers in the same session
- asymmetric crypto

No support for a userland device yet.

IPsec code path modified to allow for asynchronous cryptography
(callbacks used in both input and output processing). Some unrelated
code simplification done in the process (especially for AH).

Development of this code kindly supported by Network Security
Technologies (NSTI). The code was writen mostly in Greece, and is
being committed from Montreal.

branches: 1.20.2;
fix include file path related to ip6.

Ok, so setsoftnet is md.

Well, on the amiga, setsoftnet *REQUIRES* machine/cpu.h to work...
and no include mentioned in those files pulls machine/cpu.h...

Nit-fix: / * INET6 */ -> /* INET6 */

Can't bind SAs to enc0

Add missing IF_DROPs

Properly handle non-IPSEC case.

Add SRCSA and CLEARSA ioctls.

Implement ioctls for binding SAs to enc interfaces (to be used with
the bridge).

Fix *stupid* typo/error that was causing the panics in post 2.6, found
by art@

Use enc_softc instead of ifnet for encif.

remove bogus entry from if_enc address list; and rename enc_softc to encif

The enc interface should not be IFF_LOOPBACK, as AH and ESP uses that
as receiving interface for filtering

indent

make the packets which were successfully processed by IPSec available to
bpf via the enc0 interface, using linktype DLT_ENC.

first step to the setsockopt/getsockopt interface as described in
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal
userland key management applications when security services are requested.
this is only for outgoing connections at the moment, incoming packets
are not yet checked against the selected socket policy.

make it easier to add additional transforms. add blowfish and cast
encryption. some more info for kernfs/ipsec.

put old esp/ah and new esp/ah in different files.
generalised way of handling transforms.

major restructuring

BPF support ifdefed.

OpenBSD tags + some prototyping police

IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz

free(9) sizes.

ok reyk@

"id" is too generic, rename to "rdomain" for clarity and easier grepping

ok benno@ mpi@

Use the same test pattern as for enc_ifps, for consistency

ok denis@

Fix a kernelpanic when using rdomain(4) and enc(4)

OK jca@ mpi@

Last changes before running IPsec w/o KERNEL_LOCK().

Put more NET_ASSERT_LOCK() and document which globals it protects.

Add a mutex for pfkeyv2 globals.

Convert ipsp_delete_acquire() to timeout_set_proc().

Tested by Hrvoje Popovski, ok bluhm@ visa@

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

Protect the global array of interfaces with the NET_LOCK().

ok sashan@

Flag pseudo-interfaces as such in order to call add_net_randomness()
only once per packet.

Fix a regression introduced when if_input() started to be called by
every pseudo-driver.

ok claudio@, dlg@

No need to handle SIOCAIFADDR in drivers, it's never passed down to
them.

ok claudio@

Make enc_output() return EAFNOSUPPORT after dropping the packet,
instead of 0. Makes it consistent with other similar interfaces.

ok mpi@ vgross@

use IFQ_DEQUEUE to pull of the send queue.

Rename rtrequest1() to rtrequest().
OK mpi@

Kill link_rtrequest(), introduce in 1990 to "fix" the result
of rt_getifa() when adding link level route from outside the
kernel.

ok claudio@

Inspired by satosin(), use inline functions to convert sockaddr dl.
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

yet more mallocarray() changes.

ok tedu@ deraadt@

There's no good reason to keep into "struct ifnet" a pointer that's only
used by enc(4) devices to attach their routes.

ok sthen@, mikeb@

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

remove uneeded route.h includes
ok miod@ mpi@

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

Fix IPsec route addition broken since the removal of the link-layer
addresses from the per-ifp list.

While here document why enc(4) needs a link-layer address, or at
least something that seems to be one.

Found the hard way and fix tested by naddy@, ok mikeb@, henning@

The error return codes for the enc interface were inconsistent.
Always return the appropriate errno.
OK reyk@ mikeb@

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

Allow to specify an alternative enc(4) interface for an SA. All
traffic for this SA will appear on the specified enc interface instead
of enc0 and can be filtered and monitored separately. This will allow
to group individual ipsec policies to virtual interfaces and
simplifies monitoring and pf filtering with many ipsec policies a lot.

This diff includes the following changes:
- Store the enc interface unit (default 0) in the TDB of an SA and pass
it to the enc_getif() lookup when running the bpf or pf_test() handlers.
- Add the pfkey SADB_X_EXT_TAP extension to communicate the encX
interface unit for a specified SA between userland and kernel.
- Update enc(4) again to use an allocate array instead of the TAILQ to
lookup the matching enc interface in enc_getif() quickly.

Discussed with many, tested by a few, will need more testing & review.

ok deraadt@

We have to add enc0 to the "enc" interface group manually on boot.
Adopted from the loop lo0 code.

Replace enc(4) with a new implementation as a cloner device. We still
create enc0 by default, but it is possible to add additional enc
interfaces. This will be used later to allow alternative encs per
policy or to have an enc per rdomain when IPsec becomes rdomain-aware.

manpage bits ok jmc@
input from henning@ deraadt@ toby@ naddy@
ok henning@ claudio@

encif is a global variable and thus pre-zeroed, don't bother bzero()ing
it after the fact.

ok henning@, claudio@

return with ENOTTY instead of EINVAL for unknown ioctl requests.

ok claudio@ krw@ jason@ dlg@

one extern seems to be better than 20 for ifqmaxlen; ok krw

ansify the enc code

ok otto@

Kill unused encrtrequest(). OK markus@

With the exception of two other small uncommited diffs this moves
the remainder of the network stack from splimp to splnet.

ok miod@

no more netns handling for the various tunnel devices and loopback

Kill more netiso ghosts.

ok millert@