Rework socket buffers locking for shared netlock.

Shared netlock is not sufficient to call so{r,w}wakeup(). The following
sowakeup() modifies `sb_flags' and knote(9) stuff. Unfortunately, we
can't call so{r,w}wakeup() with `inp_mtx' mutex(9) because sowakeup()
also calls pgsigio() which grabs kernel lock.

However, `so*_filtops' callbacks only perform read-only access to the
socket stuff, so it is enough to hold shared netlock only, but the klist
stuff needs to be protected.

This diff introduces `sb_mtx' mutex(9) to protect sockbuf. This time
`sb_mtx' used to protect only `sb_flags' and `sb_klist'.

Now we have soassertlocked_readonly() and soassertlocked(). The first
one is happy if only shared netlock is held, meanwhile the second wants
`so_lock' or pru_lock() be held together with shared netlock.

To keep soassertlocked*() assertions soft, we need to know mutex(9)
state, so new mtx_owned() macro was introduces. Also, the new optional
(*pru_locked)() handler brings the state of pru_lock().

Tests and ok from bluhm.

Split UDP PCB table into IPv4 and IPv6.

Having two hash tables instead of a common one, reduces table size
and contention on the per table lock. The address family is always
known in advance. The lookups and loops are more specific.

OK sashan@

Change pru_abort() return type to the type of void and make pru_abort()
optional.

We have no interest on pru_abort() return value. We call it only from
soabort() which is dummy pru_abort() wrapper and has no return value.

Only the connection oriented sockets need to implement (*pru_abort)()
handler. Such sockets are tcp(4) and unix(4) sockets, so remove existing
code for all others, it doesn't called.

ok guenther@

System calls should not fail due to temporary memory shortage in
malloc(9) or pool_get(9).
Pass down a wait flag to pru_attach(). During syscall socket(2)
it is ok to wait, this logic was missing for internet pcb. Pfkey
and route sockets were already waiting.
sonewconn() must not wait when called during TCP 3-way handshake.
This logic has been preserved. Unix domain stream socket connect(2)
can wait until the other side has created the socket to accept.
OK mvs@

Use shared netlock in soreceive(). The UDP and IP divert layer
provide locking of the PCB. If that is possible, use shared instead
of exclusive netlock in soreceive(). The PCB mutex provides a per
socket lock against multiple soreceive() running in parallel.
Release and regrab both locks in sosleep_nsec().
OK mvs@

Move PRU_PEERADDR request to (*pru_peeraddr)().

Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.

Also remove *_usrreq() handlers.

ok bluhm@

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

Move PRU_ABORT request to (*pru_abort)().

We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not accessed from userland, so PRU_ABORT used to destroy them on
listening socket destruction.

Currently all our sockets support PRU_ABORT request, but actually it
required only for tcp(4) and unix(4) sockets, so i should be optional.
However, they will be removed with separate diff, and this time PRU_ABORT
requests were converted as is.

Also, the socket should be destroyed on PRU_ABORT request, but route and
key management sockets leave it alive. This was also converted as is,
because this wrong code never called.

ok bluhm@

Move PRU_SEND request to (*pru_send)().

The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().

The former pfkeyv2_send() was renamed to pfkeyv2_dosend().

ok bluhm@

Move PRU_SHUTDOWN request to (*pru_shutdown)().

ok bluhm@

Move PRU_DISCONNECT request to (*pru_disconnect).

ok bluhm@

Move PRU_CONNECT request to (*pru_connect)() handler.

ok bluhm@

Move PRU_BIND request to (*pru_bind)() handler.

For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such case. This will be done for all upcoming user request handlers.

ok bluhm@ guenther@

Introduce 'pr_usrreqs' structure and move existing user-protocol
handlers into it. We want to split existing (*pr_usrreq)() to multiple
short handlers for each PRU_ request as it was already done for
PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)()
split will be done with the following diffs.

Based on reverted diff from guenther@.

ok bluhm@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

Convert udp_sysctl to sysctl_bounded_args

Move PRU_DETACH out of pr_usrreq into per proto pr_detach
functions to pave way for more fine grained locking.

Suggested by, comments & OK mpi

Pass down the address family through the pr_input calls. This
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@

Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version

Change the IPv4 pr_input function to the way IPv6 is implemented,
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@

Reduce the difference between struct protosw and ip6protosw. The
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@

Since raw_input() and route_input() are gone from pr_input, we can
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@

turn ipstat into a set of percpu counters.

each counter is identified by an enum value which correspond to the
original members of the udpstat struct.

udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual
updates. udpstat_inc is a thin wrapper around counters_inc.

counters are still returned to userland via the udpstat struct for
now.

ok mpi@ mikeb@ deraadt@

Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.

Ok millert@ bluhm@

Don't use varargs for udp_output() and sync the argument order with
udp6_output().

ok henning@, reyk@, jca@

revert counter size changes. this breaks netstat. digging further, there
are so many inconsistancies, that moving one deck chair is pointless.
more thought required.
ok claudio

make the udpstat counters u_int32_t, for consistency with tcpstat
ok krw phessler

since the cksum rewrite the counters for hardware checksummed packets
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy

Pass the routing domain to IPv6 pr_ctlinput() like in IPv4.
OK claudio@

There is no TCP6 in our kernel, so remove the #ifndef TCP6.
No binary change.
ok claudio@ henning@

Extend the protosw pr_ctlinput function to include the rdomain. This is
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

Remove {tcp/udp}6_usrreq(); Since the normal ones now
take a proc argument, theres no need for these, since
they are just wrappers.

OK claudio@

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

implement sysctls to report IP, TCP, UDP, and ICMP statistics and
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.

discussed with deraadt@ claudio@ gilles@
ok deraadt@

switch to sysctl_int_arr(); ok henning, deraadt

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)

First round of __P removal in sys

branches: 1.12.4;
Keep stats on TCP/UDP hardware checksumming.

Inclusion protection.

sync with KAME udp6_output(). udp output logic is very different between
IPv4/v6 so the separation should make more sense.

TODO: remove IPv6 case from udp_output()
TODO: remove/comment out/#if 0 IPv4 mapped address cases

branches: 1.9.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing
SA to be used, use this SA in ip_output if available. allow mobile road
warriors for bind SAs with wildcard dst and src addresses. check IPSEC
AUTH and ESP level when receiving packets, drop them if protection is
insufficient. add stats to show dropped packets because of insufficient
IPSEC protection. -- phew. this was all done in canada. dugsong and linh
provided the ride and company.

report on no udp checksum

sysctl for def sizes for tcp/udp send/recv queues

indent

The list of tcp/udp ports not to allocate dynamically is now
a bitmask configurable via sysctl([38]). The default values
have not changed. If one wants to change the list it should
be done early on in /etc/rc.

From NetBSD: 960217 merge

from netbsd:
make netinet work on systems where pointers and longs are 64 bits
(like the alpha). Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines. Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.

branches: 1.1.1;
Initial revision

Split UDP PCB table into IPv4 and IPv6.

Having two hash tables instead of a common one, reduces table size
and contention on the per table lock. The address family is always
known in advance. The lookups and loops are more specific.

OK sashan@

Change pru_abort() return type to the type of void and make pru_abort()
optional.

We have no interest on pru_abort() return value. We call it only from
soabort() which is dummy pru_abort() wrapper and has no return value.

Only the connection oriented sockets need to implement (*pru_abort)()
handler. Such sockets are tcp(4) and unix(4) sockets, so remove existing
code for all others, it doesn't called.

ok guenther@

System calls should not fail due to temporary memory shortage in
malloc(9) or pool_get(9).
Pass down a wait flag to pru_attach(). During syscall socket(2)
it is ok to wait, this logic was missing for internet pcb. Pfkey
and route sockets were already waiting.
sonewconn() must not wait when called during TCP 3-way handshake.
This logic has been preserved. Unix domain stream socket connect(2)
can wait until the other side has created the socket to accept.
OK mvs@

Use shared netlock in soreceive(). The UDP and IP divert layer
provide locking of the PCB. If that is possible, use shared instead
of exclusive netlock in soreceive(). The PCB mutex provides a per
socket lock against multiple soreceive() running in parallel.
Release and regrab both locks in sosleep_nsec().
OK mvs@

Move PRU_PEERADDR request to (*pru_peeraddr)().

Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.

Also remove *_usrreq() handlers.

ok bluhm@

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

Move PRU_ABORT request to (*pru_abort)().

We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not accessed from userland, so PRU_ABORT used to destroy them on
listening socket destruction.

Currently all our sockets support PRU_ABORT request, but actually it
required only for tcp(4) and unix(4) sockets, so i should be optional.
However, they will be removed with separate diff, and this time PRU_ABORT
requests were converted as is.

Also, the socket should be destroyed on PRU_ABORT request, but route and
key management sockets leave it alive. This was also converted as is,
because this wrong code never called.

ok bluhm@

Move PRU_SEND request to (*pru_send)().

The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().

The former pfkeyv2_send() was renamed to pfkeyv2_dosend().

ok bluhm@

Move PRU_SHUTDOWN request to (*pru_shutdown)().

ok bluhm@

Move PRU_DISCONNECT request to (*pru_disconnect).

ok bluhm@

Move PRU_CONNECT request to (*pru_connect)() handler.

ok bluhm@

Move PRU_BIND request to (*pru_bind)() handler.

For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such case. This will be done for all upcoming user request handlers.

ok bluhm@ guenther@

Introduce 'pr_usrreqs' structure and move existing user-protocol
handlers into it. We want to split existing (*pr_usrreq)() to multiple
short handlers for each PRU_ request as it was already done for
PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)()
split will be done with the following diffs.

Based on reverted diff from guenther@.

ok bluhm@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

Convert udp_sysctl to sysctl_bounded_args

Move PRU_DETACH out of pr_usrreq into per proto pr_detach
functions to pave way for more fine grained locking.

Suggested by, comments & OK mpi

Pass down the address family through the pr_input calls. This
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@

Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version

Change the IPv4 pr_input function to the way IPv6 is implemented,
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@

Reduce the difference between struct protosw and ip6protosw. The
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@

Since raw_input() and route_input() are gone from pr_input, we can
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@

turn ipstat into a set of percpu counters.

each counter is identified by an enum value which correspond to the
original members of the udpstat struct.

udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual
updates. udpstat_inc is a thin wrapper around counters_inc.

counters are still returned to userland via the udpstat struct for
now.

ok mpi@ mikeb@ deraadt@

Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.

Ok millert@ bluhm@

Don't use varargs for udp_output() and sync the argument order with
udp6_output().

ok henning@, reyk@, jca@

revert counter size changes. this breaks netstat. digging further, there
are so many inconsistancies, that moving one deck chair is pointless.
more thought required.
ok claudio

make the udpstat counters u_int32_t, for consistency with tcpstat
ok krw phessler

since the cksum rewrite the counters for hardware checksummed packets
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy

Pass the routing domain to IPv6 pr_ctlinput() like in IPv4.
OK claudio@

There is no TCP6 in our kernel, so remove the #ifndef TCP6.
No binary change.
ok claudio@ henning@

Extend the protosw pr_ctlinput function to include the rdomain. This is
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

Remove {tcp/udp}6_usrreq(); Since the normal ones now
take a proc argument, theres no need for these, since
they are just wrappers.

OK claudio@

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

implement sysctls to report IP, TCP, UDP, and ICMP statistics and
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.

discussed with deraadt@ claudio@ gilles@
ok deraadt@

switch to sysctl_int_arr(); ok henning, deraadt

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)

First round of __P removal in sys

branches: 1.12.4;
Keep stats on TCP/UDP hardware checksumming.

Inclusion protection.

sync with KAME udp6_output(). udp output logic is very different between
IPv4/v6 so the separation should make more sense.

TODO: remove IPv6 case from udp_output()
TODO: remove/comment out/#if 0 IPv4 mapped address cases

branches: 1.9.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing
SA to be used, use this SA in ip_output if available. allow mobile road
warriors for bind SAs with wildcard dst and src addresses. check IPSEC
AUTH and ESP level when receiving packets, drop them if protection is
insufficient. add stats to show dropped packets because of insufficient
IPSEC protection. -- phew. this was all done in canada. dugsong and linh
provided the ride and company.

report on no udp checksum

sysctl for def sizes for tcp/udp send/recv queues

indent

The list of tcp/udp ports not to allocate dynamically is now
a bitmask configurable via sysctl([38]). The default values
have not changed. If one wants to change the list it should
be done early on in /etc/rc.

From NetBSD: 960217 merge

from netbsd:
make netinet work on systems where pointers and longs are 64 bits
(like the alpha). Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines. Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.

branches: 1.1.1;
Initial revision

Change pru_abort() return type to the type of void and make pru_abort()
optional.

We have no interest on pru_abort() return value. We call it only from
soabort() which is dummy pru_abort() wrapper and has no return value.

Only the connection oriented sockets need to implement (*pru_abort)()
handler. Such sockets are tcp(4) and unix(4) sockets, so remove existing
code for all others, it doesn't called.

ok guenther@

System calls should not fail due to temporary memory shortage in
malloc(9) or pool_get(9).
Pass down a wait flag to pru_attach(). During syscall socket(2)
it is ok to wait, this logic was missing for internet pcb. Pfkey
and route sockets were already waiting.
sonewconn() must not wait when called during TCP 3-way handshake.
This logic has been preserved. Unix domain stream socket connect(2)
can wait until the other side has created the socket to accept.
OK mvs@

Use shared netlock in soreceive(). The UDP and IP divert layer
provide locking of the PCB. If that is possible, use shared instead
of exclusive netlock in soreceive(). The PCB mutex provides a per
socket lock against multiple soreceive() running in parallel.
Release and regrab both locks in sosleep_nsec().
OK mvs@

Move PRU_PEERADDR request to (*pru_peeraddr)().

Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.

Also remove *_usrreq() handlers.

ok bluhm@

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

Move PRU_ABORT request to (*pru_abort)().

We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not accessed from userland, so PRU_ABORT used to destroy them on
listening socket destruction.

Currently all our sockets support PRU_ABORT request, but actually it
required only for tcp(4) and unix(4) sockets, so i should be optional.
However, they will be removed with separate diff, and this time PRU_ABORT
requests were converted as is.

Also, the socket should be destroyed on PRU_ABORT request, but route and
key management sockets leave it alive. This was also converted as is,
because this wrong code never called.

ok bluhm@

Move PRU_SEND request to (*pru_send)().

The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().

The former pfkeyv2_send() was renamed to pfkeyv2_dosend().

ok bluhm@

Move PRU_SHUTDOWN request to (*pru_shutdown)().

ok bluhm@

Move PRU_DISCONNECT request to (*pru_disconnect).

ok bluhm@

Move PRU_CONNECT request to (*pru_connect)() handler.

ok bluhm@

Move PRU_BIND request to (*pru_bind)() handler.

For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such case. This will be done for all upcoming user request handlers.

ok bluhm@ guenther@

Introduce 'pr_usrreqs' structure and move existing user-protocol
handlers into it. We want to split existing (*pr_usrreq)() to multiple
short handlers for each PRU_ request as it was already done for
PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)()
split will be done with the following diffs.

Based on reverted diff from guenther@.

ok bluhm@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

Convert udp_sysctl to sysctl_bounded_args

Move PRU_DETACH out of pr_usrreq into per proto pr_detach
functions to pave way for more fine grained locking.

Suggested by, comments & OK mpi

Pass down the address family through the pr_input calls. This
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@

Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version

Change the IPv4 pr_input function to the way IPv6 is implemented,
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@

Reduce the difference between struct protosw and ip6protosw. The
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@

Since raw_input() and route_input() are gone from pr_input, we can
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@

turn ipstat into a set of percpu counters.

each counter is identified by an enum value which correspond to the
original members of the udpstat struct.

udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual
updates. udpstat_inc is a thin wrapper around counters_inc.

counters are still returned to userland via the udpstat struct for
now.

ok mpi@ mikeb@ deraadt@

Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.

Ok millert@ bluhm@

Don't use varargs for udp_output() and sync the argument order with
udp6_output().

ok henning@, reyk@, jca@

revert counter size changes. this breaks netstat. digging further, there
are so many inconsistancies, that moving one deck chair is pointless.
more thought required.
ok claudio

make the udpstat counters u_int32_t, for consistency with tcpstat
ok krw phessler

since the cksum rewrite the counters for hardware checksummed packets
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy

Pass the routing domain to IPv6 pr_ctlinput() like in IPv4.
OK claudio@

There is no TCP6 in our kernel, so remove the #ifndef TCP6.
No binary change.
ok claudio@ henning@

Extend the protosw pr_ctlinput function to include the rdomain. This is
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

Remove {tcp/udp}6_usrreq(); Since the normal ones now
take a proc argument, theres no need for these, since
they are just wrappers.

OK claudio@

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

implement sysctls to report IP, TCP, UDP, and ICMP statistics and
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.

discussed with deraadt@ claudio@ gilles@
ok deraadt@

switch to sysctl_int_arr(); ok henning, deraadt

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)

First round of __P removal in sys

branches: 1.12.4;
Keep stats on TCP/UDP hardware checksumming.

Inclusion protection.

sync with KAME udp6_output(). udp output logic is very different between
IPv4/v6 so the separation should make more sense.

TODO: remove IPv6 case from udp_output()
TODO: remove/comment out/#if 0 IPv4 mapped address cases

branches: 1.9.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing
SA to be used, use this SA in ip_output if available. allow mobile road
warriors for bind SAs with wildcard dst and src addresses. check IPSEC
AUTH and ESP level when receiving packets, drop them if protection is
insufficient. add stats to show dropped packets because of insufficient
IPSEC protection. -- phew. this was all done in canada. dugsong and linh
provided the ride and company.

report on no udp checksum

sysctl for def sizes for tcp/udp send/recv queues

indent

The list of tcp/udp ports not to allocate dynamically is now
a bitmask configurable via sysctl([38]). The default values
have not changed. If one wants to change the list it should
be done early on in /etc/rc.

From NetBSD: 960217 merge

from netbsd:
make netinet work on systems where pointers and longs are 64 bits
(like the alpha). Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines. Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.

branches: 1.1.1;
Initial revision

System calls should not fail due to temporary memory shortage in
malloc(9) or pool_get(9).
Pass down a wait flag to pru_attach(). During syscall socket(2)
it is ok to wait, this logic was missing for internet pcb. Pfkey
and route sockets were already waiting.
sonewconn() must not wait when called during TCP 3-way handshake.
This logic has been preserved. Unix domain stream socket connect(2)
can wait until the other side has created the socket to accept.
OK mvs@

Use shared netlock in soreceive(). The UDP and IP divert layer
provide locking of the PCB. If that is possible, use shared instead
of exclusive netlock in soreceive(). The PCB mutex provides a per
socket lock against multiple soreceive() running in parallel.
Release and regrab both locks in sosleep_nsec().
OK mvs@

Move PRU_PEERADDR request to (*pru_peeraddr)().

Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.

Also remove *_usrreq() handlers.

ok bluhm@

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

Move PRU_ABORT request to (*pru_abort)().

We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not accessed from userland, so PRU_ABORT used to destroy them on
listening socket destruction.

Currently all our sockets support PRU_ABORT request, but actually it
required only for tcp(4) and unix(4) sockets, so i should be optional.
However, they will be removed with separate diff, and this time PRU_ABORT
requests were converted as is.

Also, the socket should be destroyed on PRU_ABORT request, but route and
key management sockets leave it alive. This was also converted as is,
because this wrong code never called.

ok bluhm@

Move PRU_SEND request to (*pru_send)().

The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().

The former pfkeyv2_send() was renamed to pfkeyv2_dosend().

ok bluhm@

Move PRU_SHUTDOWN request to (*pru_shutdown)().

ok bluhm@

Move PRU_DISCONNECT request to (*pru_disconnect).

ok bluhm@

Move PRU_CONNECT request to (*pru_connect)() handler.

ok bluhm@

Move PRU_BIND request to (*pru_bind)() handler.

For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such case. This will be done for all upcoming user request handlers.

ok bluhm@ guenther@

Introduce 'pr_usrreqs' structure and move existing user-protocol
handlers into it. We want to split existing (*pr_usrreq)() to multiple
short handlers for each PRU_ request as it was already done for
PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)()
split will be done with the following diffs.

Based on reverted diff from guenther@.

ok bluhm@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

Convert udp_sysctl to sysctl_bounded_args

Move PRU_DETACH out of pr_usrreq into per proto pr_detach
functions to pave way for more fine grained locking.

Suggested by, comments & OK mpi

Pass down the address family through the pr_input calls. This
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@

Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version

Change the IPv4 pr_input function to the way IPv6 is implemented,
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@

Reduce the difference between struct protosw and ip6protosw. The
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@

Since raw_input() and route_input() are gone from pr_input, we can
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@

turn ipstat into a set of percpu counters.

each counter is identified by an enum value which correspond to the
original members of the udpstat struct.

udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual
updates. udpstat_inc is a thin wrapper around counters_inc.

counters are still returned to userland via the udpstat struct for
now.

ok mpi@ mikeb@ deraadt@

Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.

Ok millert@ bluhm@

Don't use varargs for udp_output() and sync the argument order with
udp6_output().

ok henning@, reyk@, jca@

revert counter size changes. this breaks netstat. digging further, there
are so many inconsistancies, that moving one deck chair is pointless.
more thought required.
ok claudio

make the udpstat counters u_int32_t, for consistency with tcpstat
ok krw phessler

since the cksum rewrite the counters for hardware checksummed packets
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy

Pass the routing domain to IPv6 pr_ctlinput() like in IPv4.
OK claudio@

There is no TCP6 in our kernel, so remove the #ifndef TCP6.
No binary change.
ok claudio@ henning@

Extend the protosw pr_ctlinput function to include the rdomain. This is
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

Remove {tcp/udp}6_usrreq(); Since the normal ones now
take a proc argument, theres no need for these, since
they are just wrappers.

OK claudio@

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

implement sysctls to report IP, TCP, UDP, and ICMP statistics and
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.

discussed with deraadt@ claudio@ gilles@
ok deraadt@

switch to sysctl_int_arr(); ok henning, deraadt

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)

First round of __P removal in sys

branches: 1.12.4;
Keep stats on TCP/UDP hardware checksumming.

Inclusion protection.

sync with KAME udp6_output(). udp output logic is very different between
IPv4/v6 so the separation should make more sense.

TODO: remove IPv6 case from udp_output()
TODO: remove/comment out/#if 0 IPv4 mapped address cases

branches: 1.9.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing
SA to be used, use this SA in ip_output if available. allow mobile road
warriors for bind SAs with wildcard dst and src addresses. check IPSEC
AUTH and ESP level when receiving packets, drop them if protection is
insufficient. add stats to show dropped packets because of insufficient
IPSEC protection. -- phew. this was all done in canada. dugsong and linh
provided the ride and company.

report on no udp checksum

sysctl for def sizes for tcp/udp send/recv queues

indent

The list of tcp/udp ports not to allocate dynamically is now
a bitmask configurable via sysctl([38]). The default values
have not changed. If one wants to change the list it should
be done early on in /etc/rc.

From NetBSD: 960217 merge

from netbsd:
make netinet work on systems where pointers and longs are 64 bits
(like the alpha). Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines. Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.

branches: 1.1.1;
Initial revision

Use shared netlock in soreceive(). The UDP and IP divert layer
provide locking of the PCB. If that is possible, use shared instead
of exclusive netlock in soreceive(). The PCB mutex provides a per
socket lock against multiple soreceive() running in parallel.
Release and regrab both locks in sosleep_nsec().
OK mvs@

Move PRU_PEERADDR request to (*pru_peeraddr)().

Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.

Also remove *_usrreq() handlers.

ok bluhm@

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

Move PRU_ABORT request to (*pru_abort)().

We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not accessed from userland, so PRU_ABORT used to destroy them on
listening socket destruction.

Currently all our sockets support PRU_ABORT request, but actually it
required only for tcp(4) and unix(4) sockets, so i should be optional.
However, they will be removed with separate diff, and this time PRU_ABORT
requests were converted as is.

Also, the socket should be destroyed on PRU_ABORT request, but route and
key management sockets leave it alive. This was also converted as is,
because this wrong code never called.

ok bluhm@

Move PRU_SEND request to (*pru_send)().

The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().

The former pfkeyv2_send() was renamed to pfkeyv2_dosend().

ok bluhm@

Move PRU_SHUTDOWN request to (*pru_shutdown)().

ok bluhm@

Move PRU_DISCONNECT request to (*pru_disconnect).

ok bluhm@

Move PRU_CONNECT request to (*pru_connect)() handler.

ok bluhm@

Move PRU_BIND request to (*pru_bind)() handler.

For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such case. This will be done for all upcoming user request handlers.

ok bluhm@ guenther@

Introduce 'pr_usrreqs' structure and move existing user-protocol
handlers into it. We want to split existing (*pr_usrreq)() to multiple
short handlers for each PRU_ request as it was already done for
PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)()
split will be done with the following diffs.

Based on reverted diff from guenther@.

ok bluhm@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

Convert udp_sysctl to sysctl_bounded_args

Move PRU_DETACH out of pr_usrreq into per proto pr_detach
functions to pave way for more fine grained locking.

Suggested by, comments & OK mpi

Pass down the address family through the pr_input calls. This
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@

Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version

Change the IPv4 pr_input function to the way IPv6 is implemented,
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@

Reduce the difference between struct protosw and ip6protosw. The
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@

Since raw_input() and route_input() are gone from pr_input, we can
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@

turn ipstat into a set of percpu counters.

each counter is identified by an enum value which correspond to the
original members of the udpstat struct.

udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual
updates. udpstat_inc is a thin wrapper around counters_inc.

counters are still returned to userland via the udpstat struct for
now.

ok mpi@ mikeb@ deraadt@

Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.

Ok millert@ bluhm@

Don't use varargs for udp_output() and sync the argument order with
udp6_output().

ok henning@, reyk@, jca@

revert counter size changes. this breaks netstat. digging further, there
are so many inconsistancies, that moving one deck chair is pointless.
more thought required.
ok claudio

make the udpstat counters u_int32_t, for consistency with tcpstat
ok krw phessler

since the cksum rewrite the counters for hardware checksummed packets
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy

Pass the routing domain to IPv6 pr_ctlinput() like in IPv4.
OK claudio@

There is no TCP6 in our kernel, so remove the #ifndef TCP6.
No binary change.
ok claudio@ henning@

Extend the protosw pr_ctlinput function to include the rdomain. This is
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

Remove {tcp/udp}6_usrreq(); Since the normal ones now
take a proc argument, theres no need for these, since
they are just wrappers.

OK claudio@

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

implement sysctls to report IP, TCP, UDP, and ICMP statistics and
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.

discussed with deraadt@ claudio@ gilles@
ok deraadt@

switch to sysctl_int_arr(); ok henning, deraadt

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)

First round of __P removal in sys

branches: 1.12.4;
Keep stats on TCP/UDP hardware checksumming.

Inclusion protection.

sync with KAME udp6_output(). udp output logic is very different between
IPv4/v6 so the separation should make more sense.

TODO: remove IPv6 case from udp_output()
TODO: remove/comment out/#if 0 IPv4 mapped address cases

branches: 1.9.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing
SA to be used, use this SA in ip_output if available. allow mobile road
warriors for bind SAs with wildcard dst and src addresses. check IPSEC
AUTH and ESP level when receiving packets, drop them if protection is
insufficient. add stats to show dropped packets because of insufficient
IPSEC protection. -- phew. this was all done in canada. dugsong and linh
provided the ride and company.

report on no udp checksum

sysctl for def sizes for tcp/udp send/recv queues

indent

The list of tcp/udp ports not to allocate dynamically is now
a bitmask configurable via sysctl([38]). The default values
have not changed. If one wants to change the list it should
be done early on in /etc/rc.

From NetBSD: 960217 merge

from netbsd:
make netinet work on systems where pointers and longs are 64 bits
(like the alpha). Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines. Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.

branches: 1.1.1;
Initial revision

Move PRU_PEERADDR request to (*pru_peeraddr)().

Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.

Also remove *_usrreq() handlers.

ok bluhm@

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

Move PRU_ABORT request to (*pru_abort)().

We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not accessed from userland, so PRU_ABORT used to destroy them on
listening socket destruction.

Currently all our sockets support PRU_ABORT request, but actually it
required only for tcp(4) and unix(4) sockets, so i should be optional.
However, they will be removed with separate diff, and this time PRU_ABORT
requests were converted as is.

Also, the socket should be destroyed on PRU_ABORT request, but route and
key management sockets leave it alive. This was also converted as is,
because this wrong code never called.

ok bluhm@

Move PRU_SEND request to (*pru_send)().

The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().

The former pfkeyv2_send() was renamed to pfkeyv2_dosend().

ok bluhm@

Move PRU_SHUTDOWN request to (*pru_shutdown)().

ok bluhm@

Move PRU_DISCONNECT request to (*pru_disconnect).

ok bluhm@

Move PRU_CONNECT request to (*pru_connect)() handler.

ok bluhm@

Move PRU_BIND request to (*pru_bind)() handler.

For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such case. This will be done for all upcoming user request handlers.

ok bluhm@ guenther@

Introduce 'pr_usrreqs' structure and move existing user-protocol
handlers into it. We want to split existing (*pr_usrreq)() to multiple
short handlers for each PRU_ request as it was already done for
PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)()
split will be done with the following diffs.

Based on reverted diff from guenther@.

ok bluhm@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

Convert udp_sysctl to sysctl_bounded_args

Move PRU_DETACH out of pr_usrreq into per proto pr_detach
functions to pave way for more fine grained locking.

Suggested by, comments & OK mpi

Pass down the address family through the pr_input calls. This
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@

Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version

Change the IPv4 pr_input function to the way IPv6 is implemented,
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@

Reduce the difference between struct protosw and ip6protosw. The
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@

Since raw_input() and route_input() are gone from pr_input, we can
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@

turn ipstat into a set of percpu counters.

each counter is identified by an enum value which correspond to the
original members of the udpstat struct.

udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual
updates. udpstat_inc is a thin wrapper around counters_inc.

counters are still returned to userland via the udpstat struct for
now.

ok mpi@ mikeb@ deraadt@

Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.

Ok millert@ bluhm@

Don't use varargs for udp_output() and sync the argument order with
udp6_output().

ok henning@, reyk@, jca@

revert counter size changes. this breaks netstat. digging further, there
are so many inconsistancies, that moving one deck chair is pointless.
more thought required.
ok claudio

make the udpstat counters u_int32_t, for consistency with tcpstat
ok krw phessler

since the cksum rewrite the counters for hardware checksummed packets
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy

Pass the routing domain to IPv6 pr_ctlinput() like in IPv4.
OK claudio@

There is no TCP6 in our kernel, so remove the #ifndef TCP6.
No binary change.
ok claudio@ henning@

Extend the protosw pr_ctlinput function to include the rdomain. This is
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

Remove {tcp/udp}6_usrreq(); Since the normal ones now
take a proc argument, theres no need for these, since
they are just wrappers.

OK claudio@

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

implement sysctls to report IP, TCP, UDP, and ICMP statistics and
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.

discussed with deraadt@ claudio@ gilles@
ok deraadt@

switch to sysctl_int_arr(); ok henning, deraadt

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)

First round of __P removal in sys

branches: 1.12.4;
Keep stats on TCP/UDP hardware checksumming.

Inclusion protection.

sync with KAME udp6_output(). udp output logic is very different between
IPv4/v6 so the separation should make more sense.

TODO: remove IPv6 case from udp_output()
TODO: remove/comment out/#if 0 IPv4 mapped address cases

branches: 1.9.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing
SA to be used, use this SA in ip_output if available. allow mobile road
warriors for bind SAs with wildcard dst and src addresses. check IPSEC
AUTH and ESP level when receiving packets, drop them if protection is
insufficient. add stats to show dropped packets because of insufficient
IPSEC protection. -- phew. this was all done in canada. dugsong and linh
provided the ride and company.

report on no udp checksum

sysctl for def sizes for tcp/udp send/recv queues

indent

The list of tcp/udp ports not to allocate dynamically is now
a bitmask configurable via sysctl([38]). The default values
have not changed. If one wants to change the list it should
be done early on in /etc/rc.

From NetBSD: 960217 merge

from netbsd:
make netinet work on systems where pointers and longs are 64 bits
(like the alpha). Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines. Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.

branches: 1.1.1;
Initial revision

Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

Move PRU_ABORT request to (*pru_abort)().

We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not accessed from userland, so PRU_ABORT used to destroy them on
listening socket destruction.

Currently all our sockets support PRU_ABORT request, but actually it
required only for tcp(4) and unix(4) sockets, so i should be optional.
However, they will be removed with separate diff, and this time PRU_ABORT
requests were converted as is.

Also, the socket should be destroyed on PRU_ABORT request, but route and
key management sockets leave it alive. This was also converted as is,
because this wrong code never called.

ok bluhm@

Move PRU_SEND request to (*pru_send)().

The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().

The former pfkeyv2_send() was renamed to pfkeyv2_dosend().

ok bluhm@

Move PRU_SHUTDOWN request to (*pru_shutdown)().

ok bluhm@

Move PRU_DISCONNECT request to (*pru_disconnect).

ok bluhm@

Move PRU_CONNECT request to (*pru_connect)() handler.

ok bluhm@

Move PRU_BIND request to (*pru_bind)() handler.

For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such case. This will be done for all upcoming user request handlers.

ok bluhm@ guenther@

Introduce 'pr_usrreqs' structure and move existing user-protocol
handlers into it. We want to split existing (*pr_usrreq)() to multiple
short handlers for each PRU_ request as it was already done for
PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)()
split will be done with the following diffs.

Based on reverted diff from guenther@.

ok bluhm@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

Convert udp_sysctl to sysctl_bounded_args

Move PRU_DETACH out of pr_usrreq into per proto pr_detach
functions to pave way for more fine grained locking.

Suggested by, comments & OK mpi

Pass down the address family through the pr_input calls. This
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@

Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version

Change the IPv4 pr_input function to the way IPv6 is implemented,
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@

Reduce the difference between struct protosw and ip6protosw. The
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@

Since raw_input() and route_input() are gone from pr_input, we can
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@

turn ipstat into a set of percpu counters.

each counter is identified by an enum value which correspond to the
original members of the udpstat struct.

udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual
updates. udpstat_inc is a thin wrapper around counters_inc.

counters are still returned to userland via the udpstat struct for
now.

ok mpi@ mikeb@ deraadt@

Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.

Ok millert@ bluhm@

Don't use varargs for udp_output() and sync the argument order with
udp6_output().

ok henning@, reyk@, jca@

revert counter size changes. this breaks netstat. digging further, there
are so many inconsistancies, that moving one deck chair is pointless.
more thought required.
ok claudio

make the udpstat counters u_int32_t, for consistency with tcpstat
ok krw phessler

since the cksum rewrite the counters for hardware checksummed packets
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy

Pass the routing domain to IPv6 pr_ctlinput() like in IPv4.
OK claudio@

There is no TCP6 in our kernel, so remove the #ifndef TCP6.
No binary change.
ok claudio@ henning@

Extend the protosw pr_ctlinput function to include the rdomain. This is
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

Remove {tcp/udp}6_usrreq(); Since the normal ones now
take a proc argument, theres no need for these, since
they are just wrappers.

OK claudio@

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

implement sysctls to report IP, TCP, UDP, and ICMP statistics and
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.

discussed with deraadt@ claudio@ gilles@
ok deraadt@

switch to sysctl_int_arr(); ok henning, deraadt

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)

First round of __P removal in sys

branches: 1.12.4;
Keep stats on TCP/UDP hardware checksumming.

Inclusion protection.

sync with KAME udp6_output(). udp output logic is very different between
IPv4/v6 so the separation should make more sense.

TODO: remove IPv6 case from udp_output()
TODO: remove/comment out/#if 0 IPv4 mapped address cases

branches: 1.9.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing
SA to be used, use this SA in ip_output if available. allow mobile road
warriors for bind SAs with wildcard dst and src addresses. check IPSEC
AUTH and ESP level when receiving packets, drop them if protection is
insufficient. add stats to show dropped packets because of insufficient
IPSEC protection. -- phew. this was all done in canada. dugsong and linh
provided the ride and company.

report on no udp checksum

sysctl for def sizes for tcp/udp send/recv queues

indent

The list of tcp/udp ports not to allocate dynamically is now
a bitmask configurable via sysctl([38]). The default values
have not changed. If one wants to change the list it should
be done early on in /etc/rc.

From NetBSD: 960217 merge

from netbsd:
make netinet work on systems where pointers and longs are 64 bits
(like the alpha). Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines. Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.

branches: 1.1.1;
Initial revision

Move PRU_ABORT request to (*pru_abort)().

We abort only the sockets which are linked to `so_q' or `so_q0' queues of
listening socket. Such sockets have no corresponding file descriptor and
are not accessed from userland, so PRU_ABORT used to destroy them on
listening socket destruction.

Currently all our sockets support PRU_ABORT request, but actually it
required only for tcp(4) and unix(4) sockets, so i should be optional.
However, they will be removed with separate diff, and this time PRU_ABORT
requests were converted as is.

Also, the socket should be destroyed on PRU_ABORT request, but route and
key management sockets leave it alive. This was also converted as is,
because this wrong code never called.

ok bluhm@

Move PRU_SEND request to (*pru_send)().

The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9)
leak. It was fixed in new gre_send().

The former pfkeyv2_send() was renamed to pfkeyv2_dosend().

ok bluhm@

Move PRU_SHUTDOWN request to (*pru_shutdown)().

ok bluhm@

Move PRU_DISCONNECT request to (*pru_disconnect).

ok bluhm@

Move PRU_CONNECT request to (*pru_connect)() handler.

ok bluhm@

Move PRU_BIND request to (*pru_bind)() handler.

For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such case. This will be done for all upcoming user request handlers.

ok bluhm@ guenther@

Introduce 'pr_usrreqs' structure and move existing user-protocol
handlers into it. We want to split existing (*pr_usrreq)() to multiple
short handlers for each PRU_ request as it was already done for
PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)()
split will be done with the following diffs.

Based on reverted diff from guenther@.

ok bluhm@

Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com
Revert the pr_usrreqs move: syzkaller found a NULL pointer deref
and I won't be available to monitor for followup issues for a bit

Move pr_attach and pr_detach to a new structure pr_usrreqs that can
then be shared among protosw structures, following the same basic
direction as NetBSD and FreeBSD for this.

Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the
proper prototype to eliminate the previously necessary casts.

ok mvs@ bluhm@

Convert udp_sysctl to sysctl_bounded_args

Move PRU_DETACH out of pr_usrreq into per proto pr_detach
functions to pave way for more fine grained locking.

Suggested by, comments & OK mpi

Pass down the address family through the pr_input calls. This
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@

Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version

Change the IPv4 pr_input function to the way IPv6 is implemented,
to get rid of struct ip6protosw and some wrapper functions. It is
more consistent to have less different structures. The divert_input
functions cannot be called anyway, so remove them.
OK visa@ mpi@

Reduce the difference between struct protosw and ip6protosw. The
IPv4 pr_ctlinput functions did return a void pointer that was always
NULL and never used. Make all functions void like in the IPv6 case.
OK mpi@

Since raw_input() and route_input() are gone from pr_input, we can
make the variable parameters of the protocol input functions fixed.
Also add the proto to make it similar to IPv6.
OK mpi@ guenther@ millert@

turn ipstat into a set of percpu counters.

each counter is identified by an enum value which correspond to the
original members of the udpstat struct.

udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual
updates. udpstat_inc is a thin wrapper around counters_inc.

counters are still returned to userland via the udpstat struct for
now.

ok mpi@ mikeb@ deraadt@

Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.

Ok millert@ bluhm@

Don't use varargs for udp_output() and sync the argument order with
udp6_output().

ok henning@, reyk@, jca@

revert counter size changes. this breaks netstat. digging further, there
are so many inconsistancies, that moving one deck chair is pointless.
more thought required.
ok claudio

make the udpstat counters u_int32_t, for consistency with tcpstat
ok krw phessler

since the cksum rewrite the counters for hardware checksummed packets
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy

Pass the routing domain to IPv6 pr_ctlinput() like in IPv4.
OK claudio@

There is no TCP6 in our kernel, so remove the #ifndef TCP6.
No binary change.
ok claudio@ henning@

Extend the protosw pr_ctlinput function to include the rdomain. This is
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@

Remove {tcp/udp}6_usrreq(); Since the normal ones now
take a proc argument, theres no need for these, since
they are just wrappers.

OK claudio@

Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.

OK markus@, blambert@.
"go ahead" deraadt@.

Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.

implement sysctls to report IP, TCP, UDP, and ICMP statistics and
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.

discussed with deraadt@ claudio@ gilles@
ok deraadt@

switch to sysctl_int_arr(); ok henning, deraadt

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)

First round of __P removal in sys

branches: 1.12.4;
Keep stats on TCP/UDP hardware checksumming.

Inclusion protection.

sync with KAME udp6_output(). udp output logic is very different between
IPv4/v6 so the separation should make more sense.

TODO: remove IPv6 case from udp_output()
TODO: remove/comment out/#if 0 IPv4 mapped address cases

branches: 1.9.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing
SA to be used, use this SA in ip_output if available. allow mobile road
warriors for bind SAs with wildcard dst and src addresses. check IPSEC
AUTH and ESP level when receiving packets, drop them if protection is
insufficient. add stats to show dropped packets because of insufficient
IPSEC protection. -- phew. this was all done in canada. dugsong and linh
provided the ride and company.

report on no udp checksum

sysctl for def sizes for tcp/udp send/recv queues

indent

The list of tcp/udp ports not to allocate dynamically is now
a bitmask configurable via sysctl([38]). The default values
have not changed. If one wants to change the list it should
be done early on in /etc/rc.

From NetBSD: 960217 merge

from netbsd:
make netinet work on systems where pointers and longs are 64 bits
(like the alpha). Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines. Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.