remove prototypes with no matching function
ok mpi@

Make ifq and ifiq interface MP safe.

Rename ifq_set_maxlen() to ifq_init_maxlen(). This function neither
uses WRITE_ONCE() nor a mutex and is called before the ifq mutex
is initialized. The new name expresses that it should be used only
during interface attach when there is no concurrency.

Protect ifq_len(), ifq_empty(), ifiq_len(), and ifiq_empty() with
READ_ONCE(). They can be used without lock as they only read a
single integer.

OK dlg@

spelling
ok jmc@ reads ok tb@

Display DNS information from sppp(4) in ifconfig(8)

Behaviour is similar to that of umb(4).

OK kn@

Give sppp(4) its own RTP_PROPOSAL priority

OK semarie@

sppp(4) - support PPP IPCP extensions for DNS

RFC 1877 extends the family of network control protocols for
establishing and configuring the IPCP over PPP, defining the negotiation
of primary and secondary DNS addresses. After negotiation,
rtm_proposal() is used to send out DNS updates.

Feedback from claudio@ and kn@.

OK claudio@, kn@

Add sizes to free() calls

These are the last ones in if_pppoe.c and if_spppsubr.c.

OK beck

Add sizes to free() calls

Simply reuse struct size or buffer length variables for free() the very
same way they are used with malloc(), often within the same scope and/or
only a few lines above.

This leaves only a few selected free() calls with size zero in due to the
fact that there is currently no variable to keep track of name and secret
string lengths.

OK mvs

Zap LOOPALIVECNT

Unused since r1.138 from 2015: "remove cisco hdlc code from sppp(4)".

OK mpi

Change users of IFQ_SET_MAXLEN() and IFQ_IS_EMPTY() to use the "new" API.

ok dlg@ tobhe@

Change users of IFQ_PURGE() to use the "new" API.

ok dlg@ tobhe@

Change users of IFQ_DEQUEUE(), IFQ_ENQUEUE() and IFQ_LEN() to use the
"new" API.

ok dlg@ tobhe@

Non root users must not set the parameters of pppoe(4) interfaces.
found by Ilja Van Sprundel; OK deraadt@ dlg@

convert interface address change hooks to tasks and a task_list.

this follows what's been done for detach and link state hooks, and
makes handling of hooks generally more robust.

address hooks are a bit different to detach/link state hooks in
that there's only a few things that register hooks (carp, pf, vxlan),
but a lot of places to run the hooks (lots of ipv4 and ipv6 address
configuration).

an address hook cookie was in struct pfi_kif, which is part of the
pf abi. rather than break pfctl -sI, this maintains the void * used
for the cookie and uses it to store a task, which is then used as
intended with the new api.

branches: 1.179.2;
Use timeout_add_sec(9)

Re-challenge timeouts are made up of single scalar factors which are
multiplied with the time unit lcp.timeout to compute the timeout period.

Simply reduce that unit of 1 * hz [ticks] to 1 [s] and use the appropiate
API.

OK mpi

Make computation of re-challenge timeout more obvious

Instead of masking the difference between lower and upper bound to yield
a random summand that fits, instruct the API to limit their result
accordingly. 0x01fe = 510 = 810 - 300.

arc4random_uniform(upper_bound) returns `upper_bound - 1' as maximum, so
add one to make 810 a possible value for `i'.

OK deraadt

Revert accidentially committed hunk from previous

Remove duplicate initialisation

OK claudio semarie

Prevent recursions by not deleting entries inside rtable_walk(9).

rtable_walk(9) now passes a routing entry back to the caller when
a non zero value is returned and if it asked for it.
This allows us to call rtdeletemsg()/rtrequest_delete() from the
caller without creating a recursion because of rtflushclone().

Multicast code hasn't been adapted and is still possibly creating
recursions. However multicast route entries aren't cloned so if
a recursion exists it isn't because of rtflushclone().

Fix stack exhaustion triggered by the use of "-msave-args".

Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.

branches: 1.174.6;
Remove almost unused `flags' argument of suser().

The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.

No objection from millert@, ok tedu@, bluhm@

Kill dead ioctl handlers.

SIOCGIF{HARD,}MTU are handled by ifioctl() and not passed down to
drivers.

ok visa@

After we stopped processing router advertisements in the kernel
sppp_update_ip6_addr() became the last user of n6_are_prefix_equal().
Since it compares /128 prefixes it doesn't need all the bells and
whistles and can be converted to a memcmp. Remove the now unused
n6_are_prefix_equal().
OK bluhm, mpi

Use the rv variable in sppp_output() as it was intended.

sppp_output has the following comment:
"Don't choke with an ENETDOWN early. It's possible that we just
started dialing out, so don't drop the packet immediately. If we
notice that we run out of buffer space below, we will however remember
that we are not ready to carry IPv6 packets, and return ENETDOWN, as
opposed to ENOBUFS."

A later revision of the code just returned ENOBUFS anyway, ignoring
the rv variable that might have ENETDOWN instead, turning rv into an
unused variable.

Coverity CID 1299246; Severity: Minor

OK sthen@

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

space after if.

Pointed out by tom@

Revision 1.139 accidentally removed an ip = mtod(), resulting in a
pointless "ip = NULL; if (ip) ..." sequence.

Coverity CID 1453286; Severity: Minor

OK sthen@ tom@

The timeval in sppp_input() is also used when the interface is not IFF_UP.

Always call getmicrouptime(&tv) to avoid an "Uninitialized scalar variable".

Coverity CID 1453266; Severity: Insignificant

OK deraadt@

Add missing splx().

I introduced this bug in 2015 but the splsoftnet()/splx() dance in the
upper layer masked it. Pseudo drivers generally don't need any splnet()
protection.

Found by Mark Patruck and Andrei-Marius Radu since the NET_LOCK() no longer
raise any IPL.

Strangely jsg@ confirmed that cppcheck nor coccinelle found the missing splx().

ok kettenis@, sthen@, deraadt@

In sppp(4), allow additional 'wildcard' addresses for the destination.
Any address within the range 0.0.0.1 - 0.0.0.255 can now be used.
This allows for multiple pppoe(4) interfaces with dynamic addresses within
the same routing table. Which used to work before OpenBSD 5.8, but since 5.8
only one interface in a routing table can use destination address 0.0.0.1.

Problem first reported by Steve (fiverings04 at australian yahoo) on misc@.
I ran into it on an EdgeRouter lite which is supposed to serve two ADSL lines.
ok sthen@ mpi@
man page help from jmc@ for an earlier variant of this change

Introduce ipv{4,6}_input(), two wrappers around IP queues.

This will help transitionning to an un-KERNEL_LOCK()ed IP
forwarding path.

Disucssed with bluhm@, ok claudio@

Avoid some false positives with cppcheck. No binary change.
OK jsg@

A space here, a space there. Soon we're talking real whitespace
rectification.

remove some extra whitespace.

no functional change (unfortunately)

No need to handle SIOCAIFADDR in drivers, it's never passed down to
them.

ok claudio@

When if_down() is called, sppp_keepalive() needs a NET_LOCK().
OK visa@ mpi@

Grab the NET_LOCK() when setting an IPv6 address, just like it is done
for IPv4.

Assert reported and diff tested by semarie@

Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.

This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.

Inputs from and ok bluhm@, ok dlg@

if_link_state_change() doesn't need to be called under splsoftnet(),
it just schedule a task.

Path MTU discovery was slightly broken. I took two ICMP packets
to create and change the dynamic route. This behavior was introduced
in net/route.c rev 1.269 when the gateway route allocation was moved
from rt_setgateway() to _rtalloc(). So rtrequest(RTM_ADD) could
return a route without a valid gateway route. To fix this, call
rt_setgwroute() from _rtalloc() and rt_setgateway().
OK mpi@

Don't hardcode vlan/queue priority for pppoe packets; inherit it from the
new "llprio" setting on the pppoe(4) interface instead.

Tested by Daniel Gillen and myself, ok mikeb

Set pppoe(4) control frames to high (NC, "network control")
priority. This is translated into an 802.1p priority tag when
sent over a vlan interface, reducing the risk of them being
crowded out by data packets on a busy link.

Some users have problems with ISPs that place specific
requirements on vlan priority (typically the packet header
value must be '0', relating to priority 1). This diff
doesn't fix that yet, but gives a single place to patch
to change tags on control packets without affecting
normal vlan priority operation on other interfaces.

ok mikeb.

Simplify life for routing table implementations by requiring that rtable_walk
callbacks return EAGAIN if they modify the routing table. While we're here,
simplify life for rtable_walk callers by moving the loop that restarts the
walk on EAGAIN into rtable_walk itself.

Flushing cloned routes on interface state changes becomes a bit more
inefficient, but this can be improved later.

ok mpi@ dlg@

Remove a bogus "else" that was causing breakage with LCP echoes,
bug introduced in r1.138.

Reported at https://twitter.com/DarkSoul4242/status/722365165262405633
(twitter is *NOT* the place to report bugs!) and in
https://marc.info/?l=openbsd-bugs&m=145988918010707&w=2,
pointed out by tb@

Remove the hack that prevents changing pppoe params at runtime.

The EBUSY hack imposes an order on the ifconfig commands issued
against the pppoe interface used to configure the sppp layer below.
To counter this we use the ENETRESET trick that other drivers use
to tell the pppoe layer that sppp has requested a stop/init reset
sequence to proceed which we oblige with in case pppoe is UP and
RUNNING.

Tested by semarie@ and Jan Schreiber <jes@posteo.de>, thanks!

branches: 1.149.2;
if_start needs splnet. help/ok dlg@

sppp(4) is now only used for pppoe(4) which doesn't use framing, so remove
support for sppp with framing, simplifying things. Remove unused ifdefs while
there.

"sppp will go away before it gets used for something else" dlg@

avoid a use after enqueue, which is like a use after free.

once you enqueue an mbuf, you no longer own it. therefore you cant
read the length out of it. this reads the length first, then tries
to enq it.

also, call if_start instead of a bare call to the underlying start
routine.

ok mpi@ sthen@

replace the ifqueue used for the pp_cpq with an mbuf_queue.

Rewrite rtalloc(9) to consider RTF_GATEWAY entries without valid next-
hop route as invalid.

Previously when such entrie was returned by rtalloc(9) a second route
lookup was done in rt_checkgate() very late in the journey of a packet.

In other words a single rtalloc(9) call can now result in multiple
route lookups if a RTF_GATEWAY entry is returned.

This is a step towards always calling L2 output functions with valid
destination information.

Tested by various including jmc@, naddy@, Hrvoje Popovski

sppp_pick is unused, it can go away.

Introduce if_rtrequest() the successor of ifa_rtrequest().

L2 resolution depends on the protocol (encoded in the route entry) and
an ``ifp''. Not having to care about an ``ifa'' makes our life easier
in our MP effort. Fewer dependencies between data structures implies
fewer headaches.

Discussed with bluhm@, ok claudio@

Some rt_ifp to rt_ifidx conversions.

ok bluhm@

Revert if_oqdrops accounting changes done in kernel, per request from mpi@.

(Especially adding IF_DROP() after IFQ_ENQUEUE() was completely wrong because
IFQ_ENQUEUE() already does it. Oops.)

After this revert, the situation becomes:

- if_snd.ifq_drops is incremented in either IFQ_ENQUEUE() or IF_DROP(), but
it is not shown to userland, and

- if_data.ifi_oqdrops is shown to userland, but it is not incremented by
anyone.

Don't count IF_DROP()'ed packets as if_oerrors too.

mpi@ plans to clean-up IF_DROP()'s, but fix consistent use of it for now.

OK dlg@

Remove remnants of sppp's special queue handling for telnet/rlogin/ftp,
the rest was done in r1.96. ok mikeb@

remove cisco hdlc code from sppp(4), it's no longer used - pppoe(4) only uses
ppp framing, and the drivers for sync serial cards have been removed so the
sppp code is now only used to support pppoe(4). ok mpi@, kill it chris@

Rework the code to decide when to perform DAD to no longer rely on the
IN6_IFF_NODAD pseudo-flag not being set.

This was just a flag for spaghetti code that should not exist in the
first place.

Tested by sebastia@, ok sthen@

Abstract the routing table internals behind an rtable_* API.

Code abusing the radix internals for the routing table should now
includes <net/rtable.h> and only deal with "struct rtentry".

Code using a radix tree for another purpose can still include
<net/radix.h>.

Inputs from and ok claudio@, mikeb@

Rename if_output() into if_enqueue() to avoid confusion with comments
talking about (*ifp->if_output)().

ok claudio@, dlg@

Store a unique ID, an interface index, rather than a pointer to the
receiving interface in the packet header of every mbuf.

The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.

Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.

Tested by jmatthew@ and krw@, discussed with many.

ok mikeb@, bluhm@, dlg@

Introduce if_output(), a function do to the last steps before enqueuing
a packet on the sending queue of an interface.

Tested by many, thanks a lot!

ok dlg@, claudio@

replace the use of ifqueues for most input queues serviced by netisr
with niqueues.

this change is so big because there's a lot of code that takes
pointers to different input queues (eg, ether_input picks between
ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through
to code to enqueue packets against the pointer. if i changed only
one of the input queues id have to add sepearate code paths, one
for ifqueues and one for niqueues in each of these places

by flipping all these input queues at once i can keep the currently
common code common.

testing by mpi@ sthen@ and rafael zalamena
ok mpi@ sthen@ claudio@ henning@

remove the congestion handling from struct ifqueue.

its only used for the ip and ip6 network stack input queues, so it
seems unfair that every instance of ifqueue has to carry a pointer
around for this specific use case.

this moves the congestion marker to a kernel global. if we detect
that we're congested, we assume the whole system is busy and punish
all input queues.

marking a system as congested is done by setting the global to the
current value of ticks. as the system moves away from that value,
it moves away from being congested until the comparison fails.

written at s2k15
ok henning@ beck@ bluhm@ claudio@

remove the second void * argument on tasks.

when workqs were introduced, we provided a second argument so you
could pass a thing and some context to work on it in. there were
very few things that took advantage of the second argument, so when
i introduced pools i suggested removing it. since tasks were meant
to replace workqs, it was requested that we keep the second argument
to make porting from workqs to tasks easier.

now that workqs are gone, i had a look at the use of the second
argument again and found only one good use of it (vdsp(4) on sparc64
if you're interested) and a tiny handful of questionable uses. the
vast majority of tasks only used a single argument. i have since
modified all tasks that used two args to only use one, so now we
can remove the second argument.

so this is a mechanical change. all tasks only passed NULL as their
second argument, so we can just remove it.

ok krw@

unifdef INET in net code as a precursor to removing the pretend option.
long live the one true internet.
ok henning mikeb

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

move arc4random prototype to systm.h. more appropriate for most code
to include that than rdnvar.h. ok deraadt dlg

print ipv6cp by name rather than number in "0x8057 output <...>" debug lines,
as already done for lcp/ipcp/pap/chap

Fewer <netinet/in_systm.h> !

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

Use a custom ifa_rtrequest function for point-to-point interfaces
instead of relying on hacks in nd6_rtrequest() to add a route to
loopback for each address configured on such interfaces.

While here document that abusing lo0 for local traffic is not safe
for interfaces in a non-default rdomain.

Tested by claudio@, jca@ and sthen@, ok sthen@

Kill annoying and useless emacs local variable. ok mikeb@

The variable would have no effect unless you use hilit19.el from
emacs21, and even there the specified value has not been kept up to date
with the file growth.

all I wanted to do is removing the altq special casing, but then it turned
out the entire codepath is unreachable. glad I'm not our ppp maintainer, he
has work to do.
kill that unreachable code, with & ok claudio

"struct pkthdr" holds a routing table ID, not a routing domain one.
Avoid the confusion by using an appropriate name for the variable.

Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:

rtableid = rdomain

But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).

claudio@ likes it, ok mikeb@

It cannot be assumed the top of the mbuf chain has required length here.
Actually, since packets from Octeon's cnmac(4) don't have enough size,
pppoe(4) is unable to connect.

ok claudio

Rename rt_gettable() into rtable_get(), swap its arguments to be
coherent with the existing rtable_* functions and document it.

While here fix some other manpage glitches pointed out by jmc@.

Call all local valiables of type struct in6_ifaddr "ia6". This is
consistent with struct ifaddr "ifa" and struct in_ifaddr "ia".
OK mpi@

Remove no-op 'HIDE' macro from sppp code. This probably existed to allow
for easy switching to static functions. But we don't usually have static
functions in the kernel.
ok deraadt mpi mikeb

Some follow-up fixes for IFID collision handling in IPv6CP.

Really change the link-local address in the unlikely event of an IFID
collision, instead of going into an infinite conf-nak loop with the peer.

To make the netinet6 code use the IPv6CP IFID in a new link-local address,
in6_ifattach_linklocal() must accept a provided IFID. Replace the unused
'altifp' parameter with a new 'ifid' parameter for this purpose.

Always use the latest suggested address in IPv6CP replies, even if
the task to update the interface's address hasn't run yet.
Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.

ok mpi

Use an u_int32_t instead of an unsigned long to store the magic number
we're about to send. Should a bug on big-endian LP64 archs reported by
James MacMahon (jwm at operand dot ca). ok millert@

Convert sppp(4) to taskq; ok mikeb@ mpi@

Improvements for address assignment and related issues in IPv6CP.

Move address assignment to process context. This uses a workq at
present, conversion to taskq is on my todo list (discussed with dlg).
Instead of rummaging around in sockaddr_in6 structs, use the proper
netinet6 APIs to configure addresses.
Deal with IFID collisions instead of ignoring them. The whole point of
IPv6CP is to avoid IFID collisions. Use arc4random() during IFID generation.
Assign destination address to /128 point-to-point links.

tested by me and sthen with pppoe(4)
ok sthen

Replace most of our formating functions to convert IPv4/6 addresses from
network to presentation format to inet_ntop().

The few remaining functions will be soon converted.

ok mikeb@, deraadt@ and moral support from henning@

Remove useless #ifdef *BSD cruft from sppp(4). No binary change.
ok sthen

Remove the number of in6_var.h inclusions by moving some functions and
global variables to in6.h.

ok deraadt@

Format string fixes: %hu/%hd for uint16_t, %u/%d/%x for uint32_t

- despite the name, ntohl returns uint32_t, not long
- also fix some %d into %u

Replace the misleading SIOC{G,S}IFGENERIC ioctls by SIOCG{G,S}PPPPARAMS.

This is another ABI break but no port rely on them as verified by naddy@.

ok claudio@, mikeb@, henning@

Remove a comment which is no longer true.

Change the structure used in the SPPPIOSDEFS and SPPPIOGDEFS ioctls
to only include what is really needed. In particular stop including
a "struct ifnet" and move kernel-only definition into the proper #if
dance.

While here remove the unused spppinfo() from ifconfig.

ok guenther@, sthen@, mikeb@

Revert previous and unbreak asr, the new include should be protected.

Reported by naddy@

Allocate the various hook head descriptors as part of the ifnet
structure rather than doing various M_WAITOK allocations during
the *attach() functions, we always rely on them anyway.

ok mikeb@, uebayasi@

Remove the scrub argument from in_ifinit() and simply call in_ifscrub()
unconditionally for SIOCSIFADDR.

ok bluhm@, henning@

do not include machine/cpu.h from a .c file; it is the responsibility of
.h files to pull it in, if needed
ok tedu

no need for a lot of code to include proc.h

Add SIOCGIFHARDMTU to allow retrieving the driver's maximum supported MTU
looks fine reyk@ ok mikeb@

decls before code

Call sppp_clear_ip_addrs from a workq. Problem reported by RD Thrush and
LEVAI Daniel, diagnosed by matthew@, original diff from RD Thrush, cleaned
up by me with feedback from mikeb@. OK mikeb dcoppa deraadt

Remove a horrible sppp(4)-specific "fast queue" used for tcp ports 21 23 513.
You should use the proper queues via pf instead. ok phessler@ henning@

Teach pppoe(4) about RFC 4638. This allows negotiating increased MTU with
compatible equipment provided that the physical interface and other layer 2
devices involved support and are configured to use jumbo frames.

Manpage to follow; typical use is to request 1500 MTU for pppoe, this
requires 1508+ MTU on the physical interface, e.g. "ifconfig em0 mtu 1508;
ifconfig pppoe0 mtu 1500". Known to be usable in the UK with some ISPs
(e.g. aaisp) using BT FTTC backhaul.

From Matt Dainty, originally based on support in NetBSD, changed to
decouple pppoe from physical interface MTU. Tested with UK FTTC by Matt,
no regressions on my standard UK ADSL setup or yasuoka@'s setup (in Japan,
NTT uses 1452 byte MTU for PPPoE and 1500 byte MTU for IPv6 on the same
network).

ok yasuoka@

another case of "clever" fiddling with ifq internals, just stumbled over
this in my monster diff and wondered that i hadn't put that in already...
claudio ryan ok

and make sppp_qflush a wrapper around IF_PURGE instead of handrolling
the same, ok'd with IFQ_PURGE with happens to break on altq kernels by
claudio, ryan and bluhm

second trial: stop messing with ifq internals, this time use IF_IS_EMPTY
and not IFQ_IS_EMPTY, the former doesn't get overloaded with altq-specific
stuffz. original oks from claudio and ryan and bluhm, i take the liberty
to assume the oks for this fixed version

cosnistently use IFQ_SET_MAXLEN, surfaced in a discussion with + ok bluhm

Revert henning's commit-n-run that broke the tree

2 cases of IFQ_IS_EMPTY instead of mucking with ifqueue internals
make sppp_flush use IFQ_PURGE instead of handrolling the same making
assumptions about ifqueue internals. ok ryan claudio

always set sppp auth secret, as other code assumes it.
confirmed to fix paul stoeber's crash. ok deraadt sthen

pass the correct size to memset
spotted by clang, ok matthew@

Collapse m_pullup and m_pullup2 into a single function, as they're
essentially identical; the only difference being that m_pullup2 is
capable of handling mbuf clusters, but called m_pullup for shorter
lengths (!).

testing dlg@ ok claudio@

in_ifinit() is not prepared to be called from interrupt context so add
addresses from process context by scheduling a work queue.
Fixes an assertwaitok panic. ok henning

for key material that is being being discarded, convert bzero() to
explicit_bzero() where required
ok markus mikeb

an extra parameter for in_ifinit, indicating wether the ifaddr passed to it
is new or an already existing one. for existing ones, call ifa_del first
tested by many as part of a larger diff, ok claudio dlg krw sthen

Using a normaly unavailable 0.0.0.1 gateway on routes on sppp(4) based
devices is a bad idea. The problem is that the default route per se works
but PMTU is unable to clone host routes because the gateway is unreachable.
Fix sppp(4) so that it walks the routing table and fixes the gateways.
This makes PMTU work again. Diff tested by weerd@ and markus@ (older version)
for a long time.

Switch some obvious network stack MAC comparisons from bcmp() to
timingsafe_bcmp().

ok deraadt@; committed over WPA.

incomming -> incoming

The ones found in gnu/ left out by intention.

ok jmc

The IMPs are history so is splimp, this needs now splnet so update comment.
Another thing found by Gleydson Soares.

rtables are stacked on rdomains (it is possible to have multiple routing
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@

tiemout_add -> timeout_add_sec

ok claudio@

Do the same rdomain checking in sppp as we do in the Ethernet case.
Encapsulated pppoe packets are moved into the rdomain of the physical interface
because it is possible that a pppoe(4) interface is in a different rdomain
then the physical interface.
OK reyk@

Free authentication data when detaching sppp from interface.

allocate the large structures instead of putting them on the stack, and
use M_CANWAIT throughout
ok sthen canacar claudio

Allow username and password to be up to 255 characters in length.
Tested by many, thanks.
Put it in" deraadt@

Remove bogus casts of integer constants SPPPIO[GS]DEFS to caddr_t
and fix typo while here.

ok canacar@

u_char is not compatible with default argument promotion type thus
can't be used with va_start. change it to u_int.

ok miod@

rename arc4random_bytes => arc4random_buf to match libc's nicer name;
ok deraadt@

Don't spam dmesg with sppp messages, instead use log(9).
OK canacar@ some time ago

Initialize the timeouts only once instead of everytime they are started
Prevents hangs as reported and tested by James Stark, PR:5795, ok henning@

Check to make sure pp_tlf is not NULL in sppp_keepalive() before calling it.

From NetBSD

ok canacar@

When passing opt[] array as an argument, use opt instead of &opt. While
they point to the same address, this is more readable. ok claudio@

1500 is a 'magic number' in the protocol that all implementations
must be able to handle as MRU but while testing pppoe(4) against a pppoe(8)
server I figured out that pppoe(8) insists on a MRU 1492. Because of this
we allow the offered MRU to be between PP_MIN_MRU and PP_MAX_MRU especially
because the MRU is not used at all as long as it is smaller then PP_MAX_MRU.
OK canacar@

typos; ok jmc@
sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@
sys/dev/pci/bktr/* ok jakemsr@

simplify sppp_chap_scr() now that we are using arc4random_bytes()

use arc4random_bytes() instead of multiple arc4random() calls;
ok deraadt@ dlg@ henric@ mcbride@

correct fix

tsk tsk tsk, noone tested this; spotted by canacar

Don't leak potentially secret authname through ioctl interface.

Suggestions from mpf@ and canacar@

ok deraadt mpf canacar

Handle incoming protocol reject packets now that we have
more than one protocol. From FreeBSD, reported and tested by jmc@

IPv6 support for sppp layer, based on NetBSD version.
ok claudio@

The m_pulldown used for aligning was not copying the header,
revert back to m_pullup2. Reported and tested by Enache Adrian
additional testing by naddy@ and claudio@
ok claudio@, deraadt@

Align the packet after the ppp header.
The earlier change was broken in sparc due to alignment problems.
reported and tested by nady@, ok deraadt@ claudio@

Make sure all the packet is in one continuous mbuf.
This is a bandaid solution, a better solution will go
in post 4.2. Reported and tested by Joerg Zinke.
ok claudio@, deraadt@

Use the length of the mbuf instead of the packet.
When sending a protocol reject. Prevents reading
past the mbuf in case the mbuf does not cover the
whole packet. ok claudio@, henning@

remove remaining IPX hooks. all inside #ifdef IPX, so no actual change

Users of arc4random() should include dev/rndvar.h directly.

ok dlg claudio

Handle IP address stuff in tls/tlf state messages
instead of open/close events. Fixes PR 5457 where
an extra open event arrived due to an authentication
timeout/retransmission and confused things. Tested
by RD Thrush and mpf@, discussions and ok mpf@

Typo in comment. From Brad.

Add support for setting the address of the ppp peer.
Use the proper in_ifscrub() / in_ifinit() calls for
address changes to generate routing messages.
The correct way to set the default route now
needs the -ifp option, e.g.
route add default -ifp pppoe0 0.0.0.1
Since the route is set right after bringing
the interface up, it still works w/out -ifp though.

Changes mostly from NetBSD.

Tested by Matthias Bauer and bluhm@
OK canacar@

Use u_int32_t instead of u_long for IP addresses.
OK claudio@

Consistently spell FALLTHROUGH to appease lint.
ok kettenis@ cloder@ tom@ henning@

Remove _KERNEL_OPT leftovers.

Missing newline in printf.

ok canacar@

Check for illegal option lengths when parsing LCP packets
and drop such bad packets. Also remove some redundant mallocs.

This fixes possible heap overflows when forming replys to such bad
packets as discovered by Martin Husemann and Pavel Cahyna.

reported by NetBSD, initial diff from markus@,
additional comments by claudio@, ok markus@

Only print link state changes if interface is in debug mode.
Affects devices using the sppp layer (pppoe, art, san, lmc)
ok deraadt@

logging should be in debug mode only. if every network driver did a
dmesg printf everytime they came up, would that be a better world?

diff from peter phillip at freenet dot de:

the "pppoe0: up" message is annoying when one is on console and the
system has been configured to recall the ISP every minute or so.
Moving the printf() to a log() fixes this and the "pppoe0: up"
message is still seen in logs and dmesg.

ok canacar@

With the exception of two other small uncommited diffs this moves
the remainder of the network stack from splimp to splnet.

ok miod@

branches: 1.38.2;
Another gem from the the-world-runs-on-i386 departement. Using u_long in
a packet format causes some troubles on 64bit archs. This fixes a sppp(4)
panic I got on alpha and makes cisco HDLC mode actually work. More cleanup
needs to be done post 3.9. OK brad@ looks good canacar@

Report interface link state changes in sppp layer
Help and ok claudio@, ok brad@

branches: 1.36.2;
Use actual packet contents when sending protocol rejects. Fixes PR 4305.
Different fix tested by the submitter, xiangbo3 at gmail com.
ok claudio@

prevent unaligned memory access when processing LCP echo packets,
making pppoe(4) work on sparc64. Fixes PR-4311
Reported and fix tested by David Coppa < dcoppa at gmail com >

bye bye netns (and a few leftover DECNET bits while here)

Fix for a panic experienced when authenticating a pppoe session on an amd64 system.

From: i4b project via FreeBSD via Jason Ackley

Fixes PR 4190 & 4196

ok canacar@

Fix cisco-mode check in lcp up/down.

Ignore lcp up/down events in cisco mode

do not mess with lcp if we are in cisco mode

Unbreak tree, mono_time may no longer be used because of timecounters.
Use getmicrouptime() instead. Found by grange@ and henning@.
OK henning@

Merge some sppp improvements from NetBSD:
1. better timeout and keepalive handling
2. fix some memory leaks on error paths.
3. use arc4random instead of random
4. always send keepalives in cHDLC mode, from claudio@
Tested by Greg Mortensen (san) and jmc@ (pppoe), ok claudio@

Follow RFC and do not reset timeouts everytime sppp_cp_change_state()
is called. Makes two sppp instances to handshake against each other.
Tested by Greg Mortensen, ok claudio@

Run address change notification hooks when the interface address is updated.
Notably, this fixes "(pppoe0)" in pf. ok markus@

In kernel pppoe client, a simple IPv4 only implementation.
Initial porting from NetBSD by David Berghoff.
Modified/simplified to match our sppp implementation.
ok deraadt@

remove netiso shitz, millert ok

This moves access to wall and uptime variables in MI code,
encapsulating all such access into wall-defined functions
that makes sure locking is done as needed.

It also cleans up some uses of wall time vs. uptime some
places, but there is sure to be more of these needed as
well, particularily in MD code. Also, many current calls
to microtime() should probably be changed to getmicrotime(),
or to the {,get}microuptime() versions.

ok art@ deraadt@ aaron@ matthieu@ beck@ sturm@ millert@ others
"Oh, that is not your problem!" from miod@

Don't use time-based random number generation

ok millert@ deraadt@

Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.
This moves md5.c out of libkern and into sys/crypto where it belongs (as
requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it).
Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@

check for input queue congestion on those as well and call if_congestion when
needed; these are slightly different so that we cannot use the new
IF_INPUT_ENQUEUE macro
deraadt ok

put an mi wrapper around stdarg.h/varargs.h. gcc3 moved stdarg/varargs macros
to built-ins, so eventually we will have one version of these files.
Special adjustments for the kernel to cope: machine/stdarg.h -> sys/stdarg.h
and machine/ansi.h needs to have a _BSD_VA_LIST_ for syslog* prototypes.
okay millert@, drahn@, miod@.

string cleaning; tedu ok

remove the altq classifier code which is replaced by pf and no longer used.

ok henning@, deraadt@

BSD-style license from Serge Vakulenko <vak@cronyx.ru>

KNF - return is not a function.

sync with KAME
ALTQify more drivers.
ok millert@

revision 1.12 lacks paren around && within || (gcc warns and compilation stops).

misplaced (), causing tcp header be examined in non-tcp packets

branches: 1.11.2;
use queue.h macros for TAILQ operations

branches: 1.10.2;
Missing breaks.
Case labels must be integral values for deterministic behavior.

introduce the ALTQ queue macros into sys/net files.
the new model removes direct references to the fields in ifp->if_snd,
and defines the following macros to manipulate ifp->if_snd.
IFQ_ENQUEUE(ifq, m, pktattr, err)
IFQ_DEQUEUE(ifq, m)
IFQ_POLL(ifq, m)
IFQ_PURGE(ifq)
IFQ_IS_EMPTY(ifq)

the new model also enforces some rules regarding how to use these macros.
details are descrined in
http://www.csl.sony.co.jp/~kjc/software/altq-new-design.txt

Minor bug. Could corrupt stat counters

new timeouts

Missing splx() calls in failure cases.

Cruft

$OpenBSD$

branches: 1.3.4;
Fix an uninitialized variable bug. Remove statics.

do not use fuword()

lmc driver; ported by chris@dqc.org

Make ifq and ifiq interface MP safe.

Rename ifq_set_maxlen() to ifq_init_maxlen(). This function neither
uses WRITE_ONCE() nor a mutex and is called before the ifq mutex
is initialized. The new name expresses that it should be used only
during interface attach when there is no concurrency.

Protect ifq_len(), ifq_empty(), ifiq_len(), and ifiq_empty() with
READ_ONCE(). They can be used without lock as they only read a
single integer.

OK dlg@

spelling
ok jmc@ reads ok tb@

Display DNS information from sppp(4) in ifconfig(8)

Behaviour is similar to that of umb(4).

OK kn@

Give sppp(4) its own RTP_PROPOSAL priority

OK semarie@

sppp(4) - support PPP IPCP extensions for DNS

RFC 1877 extends the family of network control protocols for
establishing and configuring the IPCP over PPP, defining the negotiation
of primary and secondary DNS addresses. After negotiation,
rtm_proposal() is used to send out DNS updates.

Feedback from claudio@ and kn@.

OK claudio@, kn@

Add sizes to free() calls

These are the last ones in if_pppoe.c and if_spppsubr.c.

OK beck

Add sizes to free() calls

Simply reuse struct size or buffer length variables for free() the very
same way they are used with malloc(), often within the same scope and/or
only a few lines above.

This leaves only a few selected free() calls with size zero in due to the
fact that there is currently no variable to keep track of name and secret
string lengths.

OK mvs

Zap LOOPALIVECNT

Unused since r1.138 from 2015: "remove cisco hdlc code from sppp(4)".

OK mpi

Change users of IFQ_SET_MAXLEN() and IFQ_IS_EMPTY() to use the "new" API.

ok dlg@ tobhe@

Change users of IFQ_PURGE() to use the "new" API.

ok dlg@ tobhe@

Change users of IFQ_DEQUEUE(), IFQ_ENQUEUE() and IFQ_LEN() to use the
"new" API.

ok dlg@ tobhe@

Non root users must not set the parameters of pppoe(4) interfaces.
found by Ilja Van Sprundel; OK deraadt@ dlg@

convert interface address change hooks to tasks and a task_list.

this follows what's been done for detach and link state hooks, and
makes handling of hooks generally more robust.

address hooks are a bit different to detach/link state hooks in
that there's only a few things that register hooks (carp, pf, vxlan),
but a lot of places to run the hooks (lots of ipv4 and ipv6 address
configuration).

an address hook cookie was in struct pfi_kif, which is part of the
pf abi. rather than break pfctl -sI, this maintains the void * used
for the cookie and uses it to store a task, which is then used as
intended with the new api.

branches: 1.179.2;
Use timeout_add_sec(9)

Re-challenge timeouts are made up of single scalar factors which are
multiplied with the time unit lcp.timeout to compute the timeout period.

Simply reduce that unit of 1 * hz [ticks] to 1 [s] and use the appropiate
API.

OK mpi

Make computation of re-challenge timeout more obvious

Instead of masking the difference between lower and upper bound to yield
a random summand that fits, instruct the API to limit their result
accordingly. 0x01fe = 510 = 810 - 300.

arc4random_uniform(upper_bound) returns `upper_bound - 1' as maximum, so
add one to make 810 a possible value for `i'.

OK deraadt

Revert accidentially committed hunk from previous

Remove duplicate initialisation

OK claudio semarie

Prevent recursions by not deleting entries inside rtable_walk(9).

rtable_walk(9) now passes a routing entry back to the caller when
a non zero value is returned and if it asked for it.
This allows us to call rtdeletemsg()/rtrequest_delete() from the
caller without creating a recursion because of rtflushclone().

Multicast code hasn't been adapted and is still possibly creating
recursions. However multicast route entries aren't cloned so if
a recursion exists it isn't because of rtflushclone().

Fix stack exhaustion triggered by the use of "-msave-args".

Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.

branches: 1.174.6;
Remove almost unused `flags' argument of suser().

The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.

No objection from millert@, ok tedu@, bluhm@

Kill dead ioctl handlers.

SIOCGIF{HARD,}MTU are handled by ifioctl() and not passed down to
drivers.

ok visa@

After we stopped processing router advertisements in the kernel
sppp_update_ip6_addr() became the last user of n6_are_prefix_equal().
Since it compares /128 prefixes it doesn't need all the bells and
whistles and can be converted to a memcmp. Remove the now unused
n6_are_prefix_equal().
OK bluhm, mpi

Use the rv variable in sppp_output() as it was intended.

sppp_output has the following comment:
"Don't choke with an ENETDOWN early. It's possible that we just
started dialing out, so don't drop the packet immediately. If we
notice that we run out of buffer space below, we will however remember
that we are not ready to carry IPv6 packets, and return ENETDOWN, as
opposed to ENOBUFS."

A later revision of the code just returned ENOBUFS anyway, ignoring
the rv variable that might have ENETDOWN instead, turning rv into an
unused variable.

Coverity CID 1299246; Severity: Minor

OK sthen@

Remove NET_LOCK()'s argument.

Tested by Hrvoje Popovski, ok bluhm@

space after if.

Pointed out by tom@

Revision 1.139 accidentally removed an ip = mtod(), resulting in a
pointless "ip = NULL; if (ip) ..." sequence.

Coverity CID 1453286; Severity: Minor

OK sthen@ tom@

The timeval in sppp_input() is also used when the interface is not IFF_UP.

Always call getmicrouptime(&tv) to avoid an "Uninitialized scalar variable".

Coverity CID 1453266; Severity: Insignificant

OK deraadt@

Add missing splx().

I introduced this bug in 2015 but the splsoftnet()/splx() dance in the
upper layer masked it. Pseudo drivers generally don't need any splnet()
protection.

Found by Mark Patruck and Andrei-Marius Radu since the NET_LOCK() no longer
raise any IPL.

Strangely jsg@ confirmed that cppcheck nor coccinelle found the missing splx().

ok kettenis@, sthen@, deraadt@

In sppp(4), allow additional 'wildcard' addresses for the destination.
Any address within the range 0.0.0.1 - 0.0.0.255 can now be used.
This allows for multiple pppoe(4) interfaces with dynamic addresses within
the same routing table. Which used to work before OpenBSD 5.8, but since 5.8
only one interface in a routing table can use destination address 0.0.0.1.

Problem first reported by Steve (fiverings04 at australian yahoo) on misc@.
I ran into it on an EdgeRouter lite which is supposed to serve two ADSL lines.
ok sthen@ mpi@
man page help from jmc@ for an earlier variant of this change

Introduce ipv{4,6}_input(), two wrappers around IP queues.

This will help transitionning to an un-KERNEL_LOCK()ed IP
forwarding path.

Disucssed with bluhm@, ok claudio@

Avoid some false positives with cppcheck. No binary change.
OK jsg@

A space here, a space there. Soon we're talking real whitespace
rectification.

remove some extra whitespace.

no functional change (unfortunately)

No need to handle SIOCAIFADDR in drivers, it's never passed down to
them.

ok claudio@

When if_down() is called, sppp_keepalive() needs a NET_LOCK().
OK visa@ mpi@

Grab the NET_LOCK() when setting an IPv6 address, just like it is done
for IPv4.

Assert reported and diff tested by semarie@

Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.

This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.

Inputs from and ok bluhm@, ok dlg@

if_link_state_change() doesn't need to be called under splsoftnet(),
it just schedule a task.

Path MTU discovery was slightly broken. I took two ICMP packets
to create and change the dynamic route. This behavior was introduced
in net/route.c rev 1.269 when the gateway route allocation was moved
from rt_setgateway() to _rtalloc(). So rtrequest(RTM_ADD) could
return a route without a valid gateway route. To fix this, call
rt_setgwroute() from _rtalloc() and rt_setgateway().
OK mpi@

Don't hardcode vlan/queue priority for pppoe packets; inherit it from the
new "llprio" setting on the pppoe(4) interface instead.

Tested by Daniel Gillen and myself, ok mikeb

Set pppoe(4) control frames to high (NC, "network control")
priority. This is translated into an 802.1p priority tag when
sent over a vlan interface, reducing the risk of them being
crowded out by data packets on a busy link.

Some users have problems with ISPs that place specific
requirements on vlan priority (typically the packet header
value must be '0', relating to priority 1). This diff
doesn't fix that yet, but gives a single place to patch
to change tags on control packets without affecting
normal vlan priority operation on other interfaces.

ok mikeb.

Simplify life for routing table implementations by requiring that rtable_walk
callbacks return EAGAIN if they modify the routing table. While we're here,
simplify life for rtable_walk callers by moving the loop that restarts the
walk on EAGAIN into rtable_walk itself.

Flushing cloned routes on interface state changes becomes a bit more
inefficient, but this can be improved later.

ok mpi@ dlg@

Remove a bogus "else" that was causing breakage with LCP echoes,
bug introduced in r1.138.

Reported at https://twitter.com/DarkSoul4242/status/722365165262405633
(twitter is *NOT* the place to report bugs!) and in
https://marc.info/?l=openbsd-bugs&m=145988918010707&w=2,
pointed out by tb@

Remove the hack that prevents changing pppoe params at runtime.

The EBUSY hack imposes an order on the ifconfig commands issued
against the pppoe interface used to configure the sppp layer below.
To counter this we use the ENETRESET trick that other drivers use
to tell the pppoe layer that sppp has requested a stop/init reset
sequence to proceed which we oblige with in case pppoe is UP and
RUNNING.

Tested by semarie@ and Jan Schreiber <jes@posteo.de>, thanks!

branches: 1.149.2;
if_start needs splnet. help/ok dlg@

sppp(4) is now only used for pppoe(4) which doesn't use framing, so remove
support for sppp with framing, simplifying things. Remove unused ifdefs while
there.

"sppp will go away before it gets used for something else" dlg@

avoid a use after enqueue, which is like a use after free.

once you enqueue an mbuf, you no longer own it. therefore you cant
read the length out of it. this reads the length first, then tries
to enq it.

also, call if_start instead of a bare call to the underlying start
routine.

ok mpi@ sthen@

replace the ifqueue used for the pp_cpq with an mbuf_queue.

Rewrite rtalloc(9) to consider RTF_GATEWAY entries without valid next-
hop route as invalid.

Previously when such entrie was returned by rtalloc(9) a second route
lookup was done in rt_checkgate() very late in the journey of a packet.

In other words a single rtalloc(9) call can now result in multiple
route lookups if a RTF_GATEWAY entry is returned.

This is a step towards always calling L2 output functions with valid
destination information.

Tested by various including jmc@, naddy@, Hrvoje Popovski

sppp_pick is unused, it can go away.

Introduce if_rtrequest() the successor of ifa_rtrequest().

L2 resolution depends on the protocol (encoded in the route entry) and
an ``ifp''. Not having to care about an ``ifa'' makes our life easier
in our MP effort. Fewer dependencies between data structures implies
fewer headaches.

Discussed with bluhm@, ok claudio@

Some rt_ifp to rt_ifidx conversions.

ok bluhm@

Revert if_oqdrops accounting changes done in kernel, per request from mpi@.

(Especially adding IF_DROP() after IFQ_ENQUEUE() was completely wrong because
IFQ_ENQUEUE() already does it. Oops.)

After this revert, the situation becomes:

- if_snd.ifq_drops is incremented in either IFQ_ENQUEUE() or IF_DROP(), but
it is not shown to userland, and

- if_data.ifi_oqdrops is shown to userland, but it is not incremented by
anyone.

Don't count IF_DROP()'ed packets as if_oerrors too.

mpi@ plans to clean-up IF_DROP()'s, but fix consistent use of it for now.

OK dlg@

Remove remnants of sppp's special queue handling for telnet/rlogin/ftp,
the rest was done in r1.96. ok mikeb@

remove cisco hdlc code from sppp(4), it's no longer used - pppoe(4) only uses
ppp framing, and the drivers for sync serial cards have been removed so the
sppp code is now only used to support pppoe(4). ok mpi@, kill it chris@

Rework the code to decide when to perform DAD to no longer rely on the
IN6_IFF_NODAD pseudo-flag not being set.

This was just a flag for spaghetti code that should not exist in the
first place.

Tested by sebastia@, ok sthen@

Abstract the routing table internals behind an rtable_* API.

Code abusing the radix internals for the routing table should now
includes <net/rtable.h> and only deal with "struct rtentry".

Code using a radix tree for another purpose can still include
<net/radix.h>.

Inputs from and ok claudio@, mikeb@

Rename if_output() into if_enqueue() to avoid confusion with comments
talking about (*ifp->if_output)().

ok claudio@, dlg@

Store a unique ID, an interface index, rather than a pointer to the
receiving interface in the packet header of every mbuf.

The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.

Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.

Tested by jmatthew@ and krw@, discussed with many.

ok mikeb@, bluhm@, dlg@

Introduce if_output(), a function do to the last steps before enqueuing
a packet on the sending queue of an interface.

Tested by many, thanks a lot!

ok dlg@, claudio@

replace the use of ifqueues for most input queues serviced by netisr
with niqueues.

this change is so big because there's a lot of code that takes
pointers to different input queues (eg, ether_input picks between
ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through
to code to enqueue packets against the pointer. if i changed only
one of the input queues id have to add sepearate code paths, one
for ifqueues and one for niqueues in each of these places

by flipping all these input queues at once i can keep the currently
common code common.

testing by mpi@ sthen@ and rafael zalamena
ok mpi@ sthen@ claudio@ henning@

remove the congestion handling from struct ifqueue.

its only used for the ip and ip6 network stack input queues, so it
seems unfair that every instance of ifqueue has to carry a pointer
around for this specific use case.

this moves the congestion marker to a kernel global. if we detect
that we're congested, we assume the whole system is busy and punish
all input queues.

marking a system as congested is done by setting the global to the
current value of ticks. as the system moves away from that value,
it moves away from being congested until the comparison fails.

written at s2k15
ok henning@ beck@ bluhm@ claudio@

remove the second void * argument on tasks.

when workqs were introduced, we provided a second argument so you
could pass a thing and some context to work on it in. there were
very few things that took advantage of the second argument, so when
i introduced pools i suggested removing it. since tasks were meant
to replace workqs, it was requested that we keep the second argument
to make porting from workqs to tasks easier.

now that workqs are gone, i had a look at the use of the second
argument again and found only one good use of it (vdsp(4) on sparc64
if you're interested) and a tiny handful of questionable uses. the
vast majority of tasks only used a single argument. i have since
modified all tasks that used two args to only use one, so now we
can remove the second argument.

so this is a mechanical change. all tasks only passed NULL as their
second argument, so we can just remove it.

ok krw@

unifdef INET in net code as a precursor to removing the pretend option.
long live the one true internet.
ok henning mikeb

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

move arc4random prototype to systm.h. more appropriate for most code
to include that than rdnvar.h. ok deraadt dlg

print ipv6cp by name rather than number in "0x8057 output <...>" debug lines,
as already done for lcp/ipcp/pap/chap

Fewer <netinet/in_systm.h> !

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

Use a custom ifa_rtrequest function for point-to-point interfaces
instead of relying on hacks in nd6_rtrequest() to add a route to
loopback for each address configured on such interfaces.

While here document that abusing lo0 for local traffic is not safe
for interfaces in a non-default rdomain.

Tested by claudio@, jca@ and sthen@, ok sthen@

Kill annoying and useless emacs local variable. ok mikeb@

The variable would have no effect unless you use hilit19.el from
emacs21, and even there the specified value has not been kept up to date
with the file growth.

all I wanted to do is removing the altq special casing, but then it turned
out the entire codepath is unreachable. glad I'm not our ppp maintainer, he
has work to do.
kill that unreachable code, with & ok claudio

"struct pkthdr" holds a routing table ID, not a routing domain one.
Avoid the confusion by using an appropriate name for the variable.

Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:

rtableid = rdomain

But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).

claudio@ likes it, ok mikeb@

It cannot be assumed the top of the mbuf chain has required length here.
Actually, since packets from Octeon's cnmac(4) don't have enough size,
pppoe(4) is unable to connect.

ok claudio

Rename rt_gettable() into rtable_get(), swap its arguments to be
coherent with the existing rtable_* functions and document it.

While here fix some other manpage glitches pointed out by jmc@.

Call all local valiables of type struct in6_ifaddr "ia6". This is
consistent with struct ifaddr "ifa" and struct in_ifaddr "ia".
OK mpi@

Remove no-op 'HIDE' macro from sppp code. This probably existed to allow
for easy switching to static functions. But we don't usually have static
functions in the kernel.
ok deraadt mpi mikeb

Some follow-up fixes for IFID collision handling in IPv6CP.

Really change the link-local address in the unlikely event of an IFID
collision, instead of going into an infinite conf-nak loop with the peer.

To make the netinet6 code use the IPv6CP IFID in a new link-local address,
in6_ifattach_linklocal() must accept a provided IFID. Replace the unused
'altifp' parameter with a new 'ifid' parameter for this purpose.

Always use the latest suggested address in IPv6CP replies, even if
the task to update the interface's address hasn't run yet.
Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.

ok mpi

Use an u_int32_t instead of an unsigned long to store the magic number
we're about to send. Should a bug on big-endian LP64 archs reported by
James MacMahon (jwm at operand dot ca). ok millert@

Convert sppp(4) to taskq; ok mikeb@ mpi@

Improvements for address assignment and related issues in IPv6CP.

Move address assignment to process context. This uses a workq at
present, conversion to taskq is on my todo list (discussed with dlg).
Instead of rummaging around in sockaddr_in6 structs, use the proper
netinet6 APIs to configure addresses.
Deal with IFID collisions instead of ignoring them. The whole point of
IPv6CP is to avoid IFID collisions. Use arc4random() during IFID generation.
Assign destination address to /128 point-to-point links.

tested by me and sthen with pppoe(4)
ok sthen

Replace most of our formating functions to convert IPv4/6 addresses from
network to presentation format to inet_ntop().

The few remaining functions will be soon converted.

ok mikeb@, deraadt@ and moral support from henning@

Remove useless #ifdef *BSD cruft from sppp(4). No binary change.
ok sthen

Remove the number of in6_var.h inclusions by moving some functions and
global variables to in6.h.

ok deraadt@

Format string fixes: %hu/%hd for uint16_t, %u/%d/%x for uint32_t

- despite the name, ntohl returns uint32_t, not long
- also fix some %d into %u

Replace the misleading SIOC{G,S}IFGENERIC ioctls by SIOCG{G,S}PPPPARAMS.

This is another ABI break but no port rely on them as verified by naddy@.

ok claudio@, mikeb@, henning@

Remove a comment which is no longer true.

Change the structure used in the SPPPIOSDEFS and SPPPIOGDEFS ioctls
to only include what is really needed. In particular stop including
a "struct ifnet" and move kernel-only definition into the proper #if
dance.

While here remove the unused spppinfo() from ifconfig.

ok guenther@, sthen@, mikeb@

Revert previous and unbreak asr, the new include should be protected.

Reported by naddy@

Allocate the various hook head descriptors as part of the ifnet
structure rather than doing various M_WAITOK allocations during
the *attach() functions, we always rely on them anyway.

ok mikeb@, uebayasi@

Remove the scrub argument from in_ifinit() and simply call in_ifscrub()
unconditionally for SIOCSIFADDR.

ok bluhm@, henning@

do not include machine/cpu.h from a .c file; it is the responsibility of
.h files to pull it in, if needed
ok tedu

no need for a lot of code to include proc.h

Add SIOCGIFHARDMTU to allow retrieving the driver's maximum supported MTU
looks fine reyk@ ok mikeb@

decls before code

Call sppp_clear_ip_addrs from a workq. Problem reported by RD Thrush and
LEVAI Daniel, diagnosed by matthew@, original diff from RD Thrush, cleaned
up by me with feedback from mikeb@. OK mikeb dcoppa deraadt

Remove a horrible sppp(4)-specific "fast queue" used for tcp ports 21 23 513.
You should use the proper queues via pf instead. ok phessler@ henning@

Teach pppoe(4) about RFC 4638. This allows negotiating increased MTU with
compatible equipment provided that the physical interface and other layer 2
devices involved support and are configured to use jumbo frames.

Manpage to follow; typical use is to request 1500 MTU for pppoe, this
requires 1508+ MTU on the physical interface, e.g. "ifconfig em0 mtu 1508;
ifconfig pppoe0 mtu 1500". Known to be usable in the UK with some ISPs
(e.g. aaisp) using BT FTTC backhaul.

From Matt Dainty, originally based on support in NetBSD, changed to
decouple pppoe from physical interface MTU. Tested with UK FTTC by Matt,
no regressions on my standard UK ADSL setup or yasuoka@'s setup (in Japan,
NTT uses 1452 byte MTU for PPPoE and 1500 byte MTU for IPv6 on the same
network).

ok yasuoka@

another case of "clever" fiddling with ifq internals, just stumbled over
this in my monster diff and wondered that i hadn't put that in already...
claudio ryan ok

and make sppp_qflush a wrapper around IF_PURGE instead of handrolling
the same, ok'd with IFQ_PURGE with happens to break on altq kernels by
claudio, ryan and bluhm

second trial: stop messing with ifq internals, this time use IF_IS_EMPTY
and not IFQ_IS_EMPTY, the former doesn't get overloaded with altq-specific
stuffz. original oks from claudio and ryan and bluhm, i take the liberty
to assume the oks for this fixed version

cosnistently use IFQ_SET_MAXLEN, surfaced in a discussion with + ok bluhm

Revert henning's commit-n-run that broke the tree

2 cases of IFQ_IS_EMPTY instead of mucking with ifqueue internals
make sppp_flush use IFQ_PURGE instead of handrolling the same making
assumptions about ifqueue internals. ok ryan claudio

always set sppp auth secret, as other code assumes it.
confirmed to fix paul stoeber's crash. ok deraadt sthen

pass the correct size to memset
spotted by clang, ok matthew@

Collapse m_pullup and m_pullup2 into a single function, as they're
essentially identical; the only difference being that m_pullup2 is
capable of handling mbuf clusters, but called m_pullup for shorter
lengths (!).

testing dlg@ ok claudio@

in_ifinit() is not prepared to be called from interrupt context so add
addresses from process context by scheduling a work queue.
Fixes an assertwaitok panic. ok henning

for key material that is being being discarded, convert bzero() to
explicit_bzero() where required
ok markus mikeb

an extra parameter for in_ifinit, indicating wether the ifaddr passed to it
is new or an already existing one. for existing ones, call ifa_del first
tested by many as part of a larger diff, ok claudio dlg krw sthen

Using a normaly unavailable 0.0.0.1 gateway on routes on sppp(4) based
devices is a bad idea. The problem is that the default route per se works
but PMTU is unable to clone host routes because the gateway is unreachable.
Fix sppp(4) so that it walks the routing table and fixes the gateways.
This makes PMTU work again. Diff tested by weerd@ and markus@ (older version)
for a long time.

Switch some obvious network stack MAC comparisons from bcmp() to
timingsafe_bcmp().

ok deraadt@; committed over WPA.

incomming -> incoming

The ones found in gnu/ left out by intention.

ok jmc

The IMPs are history so is splimp, this needs now splnet so update comment.
Another thing found by Gleydson Soares.

rtables are stacked on rdomains (it is possible to have multiple routing
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@

tiemout_add -> timeout_add_sec

ok claudio@

Do the same rdomain checking in sppp as we do in the Ethernet case.
Encapsulated pppoe packets are moved into the rdomain of the physical interface
because it is possible that a pppoe(4) interface is in a different rdomain
then the physical interface.
OK reyk@

Free authentication data when detaching sppp from interface.

allocate the large structures instead of putting them on the stack, and
use M_CANWAIT throughout
ok sthen canacar claudio

Allow username and password to be up to 255 characters in length.
Tested by many, thanks.
Put it in" deraadt@

Remove bogus casts of integer constants SPPPIO[GS]DEFS to caddr_t
and fix typo while here.

ok canacar@

u_char is not compatible with default argument promotion type thus
can't be used with va_start. change it to u_int.

ok miod@

rename arc4random_bytes => arc4random_buf to match libc's nicer name;
ok deraadt@

Don't spam dmesg with sppp messages, instead use log(9).
OK canacar@ some time ago

Initialize the timeouts only once instead of everytime they are started
Prevents hangs as reported and tested by James Stark, PR:5795, ok henning@

Check to make sure pp_tlf is not NULL in sppp_keepalive() before calling it.

From NetBSD

ok canacar@

When passing opt[] array as an argument, use opt instead of &opt. While
they point to the same address, this is more readable. ok claudio@

1500 is a 'magic number' in the protocol that all implementations
must be able to handle as MRU but while testing pppoe(4) against a pppoe(8)
server I figured out that pppoe(8) insists on a MRU 1492. Because of this
we allow the offered MRU to be between PP_MIN_MRU and PP_MAX_MRU especially
because the MRU is not used at all as long as it is smaller then PP_MAX_MRU.
OK canacar@

typos; ok jmc@
sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@
sys/dev/pci/bktr/* ok jakemsr@

simplify sppp_chap_scr() now that we are using arc4random_bytes()

use arc4random_bytes() instead of multiple arc4random() calls;
ok deraadt@ dlg@ henric@ mcbride@

correct fix

tsk tsk tsk, noone tested this; spotted by canacar

Don't leak potentially secret authname through ioctl interface.

Suggestions from mpf@ and canacar@

ok deraadt mpf canacar

Handle incoming protocol reject packets now that we have
more than one protocol. From FreeBSD, reported and tested by jmc@

IPv6 support for sppp layer, based on NetBSD version.
ok claudio@

The m_pulldown used for aligning was not copying the header,
revert back to m_pullup2. Reported and tested by Enache Adrian
additional testing by naddy@ and claudio@
ok claudio@, deraadt@

Align the packet after the ppp header.
The earlier change was broken in sparc due to alignment problems.
reported and tested by nady@, ok deraadt@ claudio@

Make sure all the packet is in one continuous mbuf.
This is a bandaid solution, a better solution will go
in post 4.2. Reported and tested by Joerg Zinke.
ok claudio@, deraadt@

Use the length of the mbuf instead of the packet.
When sending a protocol reject. Prevents reading
past the mbuf in case the mbuf does not cover the
whole packet. ok claudio@, henning@

remove remaining IPX hooks. all inside #ifdef IPX, so no actual change

Users of arc4random() should include dev/rndvar.h directly.

ok dlg claudio

Handle IP address stuff in tls/tlf state messages
instead of open/close events. Fixes PR 5457 where
an extra open event arrived due to an authentication
timeout/retransmission and confused things. Tested
by RD Thrush and mpf@, discussions and ok mpf@

Typo in comment. From Brad.

Add support for setting the address of the ppp peer.
Use the proper in_ifscrub() / in_ifinit() calls for
address changes to generate routing messages.
The correct way to set the default route now
needs the -ifp option, e.g.
route add default -ifp pppoe0 0.0.0.1
Since the route is set right after bringing
the interface up, it still works w/out -ifp though.

Changes mostly from NetBSD.

Tested by Matthias Bauer and bluhm@
OK canacar@

Use u_int32_t instead of u_long for IP addresses.
OK claudio@

Consistently spell FALLTHROUGH to appease lint.
ok kettenis@ cloder@ tom@ henning@

Remove _KERNEL_OPT leftovers.

Missing newline in printf.

ok canacar@

Check for illegal option lengths when parsing LCP packets
and drop such bad packets. Also remove some redundant mallocs.

This fixes possible heap overflows when forming replys to such bad
packets as discovered by Martin Husemann and Pavel Cahyna.

reported by NetBSD, initial diff from markus@,
additional comments by claudio@, ok markus@

Only print link state changes if interface is in debug mode.
Affects devices using the sppp layer (pppoe, art, san, lmc)
ok deraadt@

logging should be in debug mode only. if every network driver did a
dmesg printf everytime they came up, would that be a better world?

diff from peter phillip at freenet dot de:

the "pppoe0: up" message is annoying when one is on console and the
system has been configured to recall the ISP every minute or so.
Moving the printf() to a log() fixes this and the "pppoe0: up"
message is still seen in logs and dmesg.

ok canacar@

With the exception of two other small uncommited diffs this moves
the remainder of the network stack from splimp to splnet.

ok miod@

branches: 1.38.2;
Another gem from the the-world-runs-on-i386 departement. Using u_long in
a packet format causes some troubles on 64bit archs. This fixes a sppp(4)
panic I got on alpha and makes cisco HDLC mode actually work. More cleanup
needs to be done post 3.9. OK brad@ looks good canacar@

Report interface link state changes in sppp layer
Help and ok claudio@, ok brad@

branches: 1.36.2;
Use actual packet contents when sending protocol rejects. Fixes PR 4305.
Different fix tested by the submitter, xiangbo3 at gmail com.
ok claudio@

prevent unaligned memory access when processing LCP echo packets,
making pppoe(4) work on sparc64. Fixes PR-4311
Reported and fix tested by David Coppa < dcoppa at gmail com >

bye bye netns (and a few leftover DECNET bits while here)

Fix for a panic experienced when authenticating a pppoe session on an amd64 system.

From: i4b project via FreeBSD via Jason Ackley

Fixes PR 4190 & 4196

ok canacar@

Fix cisco-mode check in lcp up/down.

Ignore lcp up/down events in cisco mode

do not mess with lcp if we are in cisco mode

Unbreak tree, mono_time may no longer be used because of timecounters.
Use getmicrouptime() instead. Found by grange@ and henning@.
OK henning@

Merge some sppp improvements from NetBSD:
1. better timeout and keepalive handling
2. fix some memory leaks on error paths.
3. use arc4random instead of random
4. always send keepalives in cHDLC mode, from claudio@
Tested by Greg Mortensen (san) and jmc@ (pppoe), ok claudio@

Follow RFC and do not reset timeouts everytime sppp_cp_change_state()
is called. Makes two sppp instances to handshake against each other.
Tested by Greg Mortensen, ok claudio@

Run address change notification hooks when the interface address is updated.
Notably, this fixes "(pppoe0)" in pf. ok markus@

In kernel pppoe client, a simple IPv4 only implementation.
Initial porting from NetBSD by David Berghoff.
Modified/simplified to match our sppp implementation.
ok deraadt@

remove netiso shitz, millert ok

This moves access to wall and uptime variables in MI code,
encapsulating all such access into wall-defined functions
that makes sure locking is done as needed.

It also cleans up some uses of wall time vs. uptime some
places, but there is sure to be more of these needed as
well, particularily in MD code. Also, many current calls
to microtime() should probably be changed to getmicrotime(),
or to the {,get}microuptime() versions.

ok art@ deraadt@ aaron@ matthieu@ beck@ sturm@ millert@ others
"Oh, that is not your problem!" from miod@

Don't use time-based random number generation

ok millert@ deraadt@

Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.
This moves md5.c out of libkern and into sys/crypto where it belongs (as
requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it).
Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@

check for input queue congestion on those as well and call if_congestion when
needed; these are slightly different so that we cannot use the new
IF_INPUT_ENQUEUE macro
deraadt ok

put an mi wrapper around stdarg.h/varargs.h. gcc3 moved stdarg/varargs macros
to built-ins, so eventually we will have one version of these files.
Special adjustments for the kernel to cope: machine/stdarg.h -> sys/stdarg.h
and machine/ansi.h needs to have a _BSD_VA_LIST_ for syslog* prototypes.
okay millert@, drahn@, miod@.

string cleaning; tedu ok

remove the altq classifier code which is replaced by pf and no longer used.

ok henning@, deraadt@

BSD-style license from Serge Vakulenko <vak@cronyx.ru>

KNF - return is not a function.

sync with KAME
ALTQify more drivers.
ok millert@

revision 1.12 lacks paren around && within || (gcc warns and compilation stops).

misplaced (), causing tcp header be examined in non-tcp packets

branches: 1.11.2;
use queue.h macros for TAILQ operations

branches: 1.10.2;
Missing breaks.
Case labels must be integral values for deterministic behavior.

introduce the ALTQ queue macros into sys/net files.
the new model removes direct references to the fields in ifp->if_snd,
and defines the following macros to manipulate ifp->if_snd.
IFQ_ENQUEUE(ifq, m, pktattr, err)
IFQ_DEQUEUE(ifq, m)
IFQ_POLL(ifq, m)
IFQ_PURGE(ifq)
IFQ_IS_EMPTY(ifq)

the new model also enforces some rules regarding how to use these macros.
details are descrined in
http://www.csl.sony.co.jp/~kjc/software/altq-new-design.txt

Minor bug. Could corrupt stat counters

new timeouts

Missing splx() calls in failure cases.

Cruft

$OpenBSD$

branches: 1.3.4;
Fix an uninitialized variable bug. Remove statics.

do not use fuword()

lmc driver; ported by chris@dqc.org

spelling
ok jmc@ reads ok tb@

Display DNS information from sppp(4) in ifconfig(8)

Behaviour is similar to that of umb(4).

OK kn@

Give sppp(4) its own RTP_PROPOSAL priority

OK semarie@

sppp(4) - support PPP IPCP extensions for DNS

RFC 1877 extends the family of network control protocols for
establishing and configuring the IPCP over PPP, defining the negotiation
of primary and secondary DNS addresses. After negotiation,
rtm_proposal() is used to send out DNS updates.

Feedback from claudio@ and kn@.

OK claudio@, kn@

Add sizes to free() calls

These are the last ones in if_pppoe.c and if_spppsubr.c.

OK beck

Add sizes to free() calls

Simply reuse struct size or buffer length variables for free() the very
same way they are used with malloc(), often within the same scope and/or
only a few lines above.

This leaves only a few selected free() calls with size zero in due to the
fact that there is currently no variable to keep track of name and secret
string lengths.

OK mvs

Zap LOOPALIVECNT

Unused since r1.138 from 2015: "remove cisco hdlc code from sppp(4)".

OK mpi

Change users of IFQ_SET_MAXLEN() and IFQ_IS_EMPTY() to use the "new" API.

ok dlg@ tobhe@

Change users of IFQ_PURGE() to use the "new" API.

ok dlg@ tobhe@

Change users of IFQ_DEQUEUE(), IFQ_ENQUEUE() and IFQ_LEN() to use the
"new" API.

ok dlg@ tobhe@

Non root users must not set the parameters of pppoe(4) interfaces.
found by Ilja Van Sprundel; OK deraadt@ dlg@

convert interface address change hooks to tasks and a task_list.

this follows what's been done for detach and link state hooks, and
makes handling of hooks generally more robust.

address hooks are a bit different to detach/link state hooks in
that there's only a few things that register hooks (carp, pf, vxlan),
but a lot of places to run the hooks (lots of ipv4 and ipv6 address
configuration).

an address hook cookie was in struct pfi_kif, which is part of the
pf abi. rather than break pfctl -sI, this maintains the void * used
for the cookie and uses it to store a task, which is then used as
intended with the new api.

branches: 1.179.2;
Use timeout_add_sec(9)

Re-challenge timeouts are made up of single scalar factors which are
multiplied with the time unit lcp.timeout to compute the timeout period.

Simply reduce that unit of 1 * hz [ticks] to 1 [s] and use the appropiate
API.

OK mpi

Make computation of re-challenge timeout more obvious

Instead of masking the difference between lower and upper bound to yield
a random summand that fits, instruct the API to limit their result
accordingly. 0x01fe = 510 = 810 - 300.

arc4random_uniform(upper_bound) returns `upper_bound - 1' as maximum, so
add one to make 810 a possible value for `i'.

OK deraadt

Revert accidentially committed hunk from previous

Remove duplicate initialisation

OK claudio semarie

Prevent recursions by not deleting entries inside rtable_walk(9).

rtable_walk(9) now passes a routing entry back to the caller when
a non zero value is returned and if it asked for it.
This allows us to call rtdeletemsg()/rtrequest_delete() from the
caller without creating a recursion because of rtflushclone().

Multicast code hasn't been adapted and is still possibly creating
recursions. However multicast route entries aren't cloned so if
a recursion exists it isn't because of rtflushclone().

Fix stack exhaustion triggered by the use of "-msave-args".

Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.

branches: 1.174.6;
Remove almost unused `flags' argument of suser().

The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.

No objection from millert@, ok tedu@, bluhm@

Kill dead ioctl handlers.

SIOCGIF{HARD,}MTU are handled by ifioctl() and not passed down to
drivers.

ok visa@

After we stopped processing router advertisements in the kernel
sppp_update_ip6_addr() became the last user of n6_are_prefix_equal().
Since it compares /128 prefixes it doesn't need all the bells and
whistles and can be converted to a memcmp. Remove the now unused
n6_are_prefix_equal().
OK bluhm, mpi