Fix route entry leak.

In in6_ifdetach() two struct rtentry were leaked. This was triggered
by regress/sbin/route and detected with btrace(8) refcnt. The
reference returned by rtalloc() must be freed with rtfree() in all
cases.

OK phessler@ mvs@

Not assigning a link local address by default breaks various things.
A lot of code depends on a eui64 address to be present. So revert this
bit of the last commit.
OK florian@

Relax the list of interfaces which support IPv6 a bit.

No longer require IFF_MULTICAST for all interfaces. It is save to skip
this for interfaces that don't require a ND cache. Also do not assign a
link-local address in such cases. This affects point-to-point interfaces
and the NBMA / point-to-multipoint interfaces like mpe(4), mgre(4) and wg(4).
The NBMA interfaces need some alternative way to figure out the address
mapping. In the end this allows non-multicast interfaces to work with IPv6.
OK dlg@ kn@

Rename global ifnet TAILQ

Naming the list like the struct itself makes for awful grepping.
Call the global variable "ifnetlist" from now on.

There used to be kvm(3) consumers in base picking up this symbol, but those
have long been converted to other interfaces.

A few potential ports users remain, same deal as sys/net/if_var.h r1.116
"Remove struct ifnet's unused if_switchport member": they get bumped.

Previous users pointed out by deraadt
OK bluhm

Clear AUTOCONF6TEMP flag when we detach inet6.

wireguard can do ipv6, but doesnt do link local addresses.

i feel like i should add IFT_L3IPVLAN here so mgre(4) can take
advantage of this too.

from Matt Dunwoodie and Jason A. Donenfeld

ok deraadt@

Use strlcpy instead of strncpy to ensure results are NUL terminated.

ok mpi@

convert interface address change hooks to tasks and a task_list.

this follows what's been done for detach and link state hooks, and
makes handling of hooks generally more robust.

address hooks are a bit different to detach/link state hooks in
that there's only a few things that register hooks (carp, pf, vxlan),
but a lot of places to run the hooks (lots of ipv4 and ipv6 address
configuration).

an address hook cookie was in struct pfi_kif, which is part of the
pf abi. rather than break pfctl -sI, this maintains the void * used
for the cookie and uses it to store a task, which is then used as
intended with the new api.

Remove support for semantically opace interface identifiers (RFC 7217)
for IPv6 link local addresses.

Some hosting and VM providers route customer IPv6 prefixes to link
local addresses derived from ethernet MAC addresses (RFC 2464). This
leads to hard to debug IPv6 connectivity problems and is probably not
worth the effort.

RFC 7721 lists 4 weaknesses:

3.1. Correlation of Activities over Time & 3.2. Location Tracking
These are still possible with RFC 7217 addresses for an adversary
connected to the same layer 2 network (think conference wifi). Since
the link local prefix stays the same (fe80::/64) the link local
addresses do not change between different networks.
An adversary on the same layer 2 network can probably track ethernet
MAC addresses via different means, too.

3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation
These now become possible, however, as noted above a layer 2 adversary
was probably able to do this via different means.

People concerned with these weaknesses are advised to use
ifconfig lladdr random.
OK benno
input & OK kn

change rt_ifa_add and rt_ifa_del so they take an rdomain argument.

this allows mpls interfaces (mpe, mpw) to pass the rdomain they
wish the local label to be in, rather than have it implicitly forced
to 0 by these functions. right now they'll pass 0, but it will soon
be possible to have them rx packets in other rdomains.

previously the functions used ifp->if_rdomain for the rdomain.
everything other than mpls still passes ifp->if_rdomain.

ok mpi@

remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.

MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label
that they listen on for incoming packets, while every other use of
rt_ifa_add is for adding addresses on local interfaces. MPLS does
this cos the addresses involved are in basically the same shape as
ones used for setting up local addresses.

It is appropriate for interfaces to want RTF_MPATH on local addresses,
but in the MPLS case it means you can have multiple local things
listening on the same label, which doesn't actually work. mpe in
particular keeps track of in use labels to it can handle collisions,
however, mpw does not. It is currently possible to have multiple
mpw interfaces on the same local label, and sharing the same label
as mpe or possible normal forwarding labels.

Moving the RTF_MPATH flag out of rt_ifa_add means all the callers
that still want it need to pass it themselves. The mpe and mpw
callers are left alone without the flag, and will now get EEXIST
from rt_ifa_add when a label is already in use.

ok (and a huge amount of patience and help) mpi@
claudio@ is ok with the idea, but saw a much much earlier solution
to the problem

Do not join node information multicast group (RFC 4620).
Benno removed code to answer ICMP queries over 4 years ago.
Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out
that we still joined the group though.

OK sthen, bluhm, kn

Do not add ::1 on non-default lo(4) as intended.

Reported by and ok sthen@

When an interface doesn't have a layer 2 address in6_get_soii_ifid()
failes and then later on a in in6_get_ifid() a layer 2 address is
"borrowed" from from another interface.

Do the "borrowing" in in6_get_soii_ifid(), too so that semantically
opaque interface identifiers work for these kind of interfaces, too.

OK phessler, benno

When an interface doesn't have a layer 2 address in6_get_ifid()
tries to "borrow" one from another interface.
But then it checks if the U bit is set int the generated EUI64
address and rejects it.
On the other hand for interfaces that do have a layer 2 address this
check is skipped, so relax it for the "borrowing" case, too.

With this one gets stable link local addresses on e.g. gre(4)
interfaces on certain virtualisation environments depending which mac
addresses get picked for the vio(4) interfaces while previously we
would end up with a random IP on every reboot.

Reported by Aaron A. Glenn via phessler.

OK phessler, benno

Use memcpy instead of bcopy when the memory does not overlap.

OK deraadt@ florian@

Calculate RFC7217 link-local style addresses the same way as
slaacd(8).

RFC 7217 states (section 5, page 9):
| The Interface Identifier is finally obtained by taking as many
| bits from the RID value (computed in the previous step) as
| necessary, starting from the least significant bit.

Problem in slaacd pointed out by semarie@.

OK sthen, phessler

Implement RFC 7217: "A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address Autoconfiguration."

"An IPv6 address configured using this method is stable within each
subnet, but the corresponding Interface Identifier changes when the
host moves from one network to another. This method is meant to be an
alternative to generating Interface Identifiers based on hardware
addresses."

OK naddy, sthen

Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the
get_last_resort_ifid() function because eww.
Also if your system is so constraint that you end up in
in6_get_rand_ifid() you don't deserve a random ifid that stays
stable over reboots.
Simplify code a bit since get_ifid() can no longer fail. It couldn't
fail before either because that code path was #if 0'ed.
While here sprinkle in some in6_ prefixes, pointed out by stsp.
OK stsp

Purging is at last at hand. Day of Doom is here. All that is evil
shall all be cleansed.

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Input & OK bluhm@, mpi@

Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().

ok visa@

Get rid of recursive splsoftnet() in in6_ifattach_linklocal().

ok visa@

Restore the automagically added /64 route on p2p interfaces in order to
send traffic to link-local addresses without default route.

Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@

When destroying an interface, we have to wait until all references
are not used anymore. This has to be done before any interface
fields become invalid.
As the route delete request cannot call if_get() anymore, pass down
the interface. Split rtrequest_delete() into a separate function
that may take an existing inteface.
OK mpi@

Convert to rt_ifidx.

ok bluhm@

Inspired by satosin(), use inline functions to convert sockaddr dl.
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@

Now that rtrequest1(9) properly sets RTF_UP for newly added route,
stop passing it in every rt_ifa_add(9) calls.

ok claudio@

Change the order of operations for loopback interfaces to have
::1 configured before fe80::1.

(lo0:0) in pf should resolve to 127.0.0.1 ::1.

reported by and ok mikeb@

Do not install connected routes on loopback interfaces.

Previously loopback connected routes were managed via the global list
of prefixes, which mean that systems with AUTOCONF'd addresses did not
see them in the routing table.

This also makes inet6 route creation coherent with inet.

Start moving away from the global prefix list by limiting its usage to
AUTOCONF'd addresses.

This prevent the kernel from removing connected (/64) routes as soon as
it configures an AUTOCONF'd address based on a RA.

Tested by sebastia@, ok sthen@

Rework the code to decide when to perform DAD to no longer rely on the
IN6_IFF_NODAD pseudo-flag not being set.

This was just a flag for spaghetti code that should not exist in the
first place.

Tested by sebastia@, ok sthen@

Remove anoying comment about in6_update_ifa().

Merge two identical chunks to add new prefixes to the global data
structures into a function.

ok florian@

Properly layer Router Solicitation code.

Tweak and ok florian@

More damned eye searing whitespace. No change to .o files.

Do not call nd6_purge() before purging the IPv6 addresses of a detached
interface.

Fix a use after free introduced in r1.98 of netinet6/in6.c and recently
exposed by a crazy pool/malloc damage finder being currently refined by
dlg@ and deraadt@.

ok mikeb@, henning@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).

This unify some code and notify userland for free.

blambert@ agrees, ok bluhm@

Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s
email.

Ensure that link-local addresses are correctly configured on loopback
interfaces.

When the kernel automagically configures IPv6 addresses on loopback
interfaces, start by assigning a link-local address and then try to
assign "::1".

Only the first configured loopback interface per rdomain can have the
"::1" address. But even if other loopback interfaces failed to get
this address, because it is already taken, give them a chance to have
a link-local address.

While here change in6_ifattach() to return an error value and remove
duplicated code.

Fix a regression introduced by the NOINET6 flag removal.

ok henning@, stsp@, florian@, benno@

Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll
get userland notification for free.

ok blambert@, bluhm@

Correct some comments and merge in6_if_up() into in6_ifattach() to
reflect that IPv6 link-local addresses are no longer automagically
configured the first time an interface is brought up.

ok henning@, stsp@

Clear autoconf6 flag after autoconf6 cleanup happened, not before.
Otherwise clean up code will never run.
OK mpi@, benno@, henning@

Remove the NOINET6 interface flag, a left-over from the times when IPv6
was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable
an address family for an interface (currently used for IPv6 only).

New kernel needs new ifconfig for IPv6 configuration (address assignment
still works with old ifconfig making this easy to cross over).

Committing on behalf of henning@ who is currently lebensmittelvergiftet.
ok stsp, benno, mpi

replace md5 with sha512. ok deraadt

What have no need for a variable that holds the maximum MTU size of
interfaces with an IPv6 address.

ok henning@, mikeb@, deraadt@

Nuke yet more obvious #include duplications.

ok miod@

move arc4random prototype to systm.h. more appropriate for most code
to include that than rdnvar.h. ok deraadt dlg

Rename rtalloc1() into rtalloc(9) and convert its flags to only enable
functionnality instead of a mix of enable/disable.

ok bluhm@, jca@

Move sending of router solicitations to the kernel; receiving and
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.

The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.

input stsp@
much help & OK mpi@
tweaks & OK bluhm@

When a carp interface is created with IFXF_NOINET6 flag, no link-local
address will be created when the vhid (and MAC) is set. Depending on
the order of the configuration the interface can end up with a ipv6
address, but no v6 link-local and no working neigbor discovery.

Removing this case statement will result in the link-local address
being configured by "ifconfig up" if the inet6 address was configured
before. If you are using inet6 on carp, put an "up" at the end of your
hostname.if. I will work on a better solution at g2k14.

ok henning, mpi

Calling in{6,}_purgeaddr() is not enough to remove an address from
an interface. Two other operations are performed when issuing a
SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver
ioctl function.

Since carp(4) relies on an address hook to recalculate its hash, make
sure to call this hook when IFXF_NOINET6 is set or when the rdomain is
changed.

ok henning@, mikeb@

Do not include <sys/malloc.h> where it is not needed.

Fix eui64 address generation, broken since the removal of the link-layer
address from the per-ifp list.

Found the hard way by weerd@, florian@ and stsp@, ok florian@

Do not clean the multicast records of an interface when it is destroyed
(unplugged). Even if it makes no sense to keep them around if the
interface is no more, we cannot safely remove them since pcb multicast
options might keep a pointer to them.

Fixes a user after free introduced by the multicast address linking
rewrite and reported by Alexey Suslikov, thanks!

ok claudio@

Call all local valiables of type struct in6_ifaddr "ia6". This is
consistent with struct ifaddr "ifa" and struct in_ifaddr "ia".
OK mpi@

Some follow-up fixes for IFID collision handling in IPv6CP.

Really change the link-local address in the unlikely event of an IFID
collision, instead of going into an infinite conf-nak loop with the peer.

To make the netinet6 code use the IPv6CP IFID in a new link-local address,
in6_ifattach_linklocal() must accept a provided IFID. Replace the unused
'altifp' parameter with a new 'ifid' parameter for this purpose.

Always use the latest suggested address in IPv6CP replies, even if
the task to update the interface's address hasn't run yet.
Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.

ok mpi

Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too.
The route used to linger after an interface detached from IPv6.
ok mikeb

Change the way protocol multicast addresses are linked to an interface.

Instead of linking multicast records to the first configured address of
the corresponding protocol, making this address and its position in the
global list special, add them to a new list directly linked to the
interface descriptor.

This new multicast address list is similar to the address list, all its
elements contain a protocol agnostic part. This design allows us to
be able to join a multicast group without necessarily having a configured
address. That means IPv6 multicast kludges are no longer needed.

Another benefit is to be able to add and remove an IP address from an
interface without worrying about multicast records. That means that the
global IPv4 list is no longer needed since the first configured address
of an interface is no longer special.

This new list might also be extended in the future to contain the
link-layer addresses used to configure hardware filters.

Tested by sthen@ and weerd@, ok mikeb@

Remove some FDDI/ATM leftovers.

ok mikeb@, henning@, deraadt@, brad@, miod@

The header file netinet/in_var.h included netinet6/in6_var.h. This
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@

Remove a bunch of sockaddr_in6 pointer casts and replace others
with sin6tosa() or satosin6() inline functions. This allows the
compiler to check the types more strictly.
OK mpi@

Remove a block of dead code in in6_ifdetach(). It was never executed
due to the wrong & in satosin6(&ifa->ifa_addr). The link local
prefix fe80 was not checked within the IPv6 address, but within
some pointers of the interface address struct. The whole loop
around this was also never executed as all IPv6 addresses had already
been purged.
OK sperreault@ mpi@ mikeb@

Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.

ok bluhm@, mikeb@

Remove the IFAFREE() macro, the ifafree() function it was calling already
check for the reference counter.

ok mikeb@, miod@, pelikan@, kettenis@, krw@

Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro.
No binary change.
OK claudio@

Use TAILQ_FOREACH macro for loops. No binary diff.
OK henning@

Reverse the name and meaning of the IFXF_INET6_PRIVACY interface
flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy
addresses are on by default without resetting the flag during
ifconfig down/up.
OK stsp@, sperreault@ (who wrote the same diff)

Enable IPv6 autoconfprivacy by default

diff originally by stsp@
"please commit it" deraadt@
"don't care" stsp@
"don't like" bluhm@

To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is
cleaner to access the first member via ia_ifa instead of casting.
No binary change.
ok henning@ krw@

rdomain support for IPv6
ok mikeb

Simple implementation of RFC4941, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6". For those among us who are paranoid
about broadcasting their MAC address to the IPv6 internet.

Man page help from jmc, testing by weerd, arc4random API hints from djm.

ok deraadt, claudio

More destatic and ansification.

ok claudio@ naddy@

instead of fiddling with the per-interface address lists directly in
many places create a proper API (ifa_add / ifa_del) and use it.
ok theo ryan dlg

"XXX: should this be performed under splnet()?"... Yes, yes it should.
Interface configuration causes neighbour discoverery, which runs packets
through parts of the stack that require at least splsoftnet(), like pf and
pfsync.

ok dlg

ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.

ok todd deraadt naddy bluhm

rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should
be left over. OK henning@

kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>,
some I found afterwards, ok dlg

unifdef -USCOPEDROUTING

Automatically add a IPv6 link-local address to carp interfaces when the
virtual MAC address is set. Among other things, this makes route6d work
correctly on systems with carp interfaces.

In order to ensure backwards compatibility, we do not include IPv6
link-local addresses in generating the HMAC, but we accept HMACs with AND
without the link-local addresses. They will be added to the HMAC in a future
release.

In short: this change should only affect backwards compatibility for
IPv6 users who are manually adding link-local addresses on carp interfaces.

testing mtu@ todd@
ok mpf@ henning@ deraadt@

adjust functions dealing with the routing table to take a table ID as
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer

Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding
and additionaly make the code part of the MROUTING option. Put it in deraadt@

Use more queue macros rather than doing it by hand; ok otto@ krw@

carp needs a multicast kludge storage.
Fixes PR 4211.
OK mcbride@

remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@

Convert carp(4) to behave more like a regular interface, much in the same
style as vlan(4). carp interfaces no longer require the physical interface
to be on the same subnet as the carp interface, or even that the physical
interface has an adress at all, so CARP can now be used on /30 networks.

ok deraadt@ henning@

Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.
This moves md5.c out of libkern and into sys/crypto where it belongs (as
requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it).
Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@

on interface removal, clear multicast forwarding stuff. from kame

i don't think pfsync needs a link-local addr.

it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.

configure "next" pointer correctly. from j@pureftpd.org

fix pointer signedness mixup. sync w/kame

KNF - return is not a function. sync w/kame

silence some of log(), as the codepath will be visited for IPv6-non-capable
interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will
re-enable them.

whitespace

sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.

whitespace sync w/kame

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame

simplify condition to perform DAD. sync w/kame

First round of __P removal in sys

branches: 1.21.2;
whitespace/comment sync with kame

suppress printf() on non-multicast interface.
suppress ipv6 initialization for IFT_PFLOG.

don't try to enable IPv6 on IFT_PFLOG.

avoid using malloc() during interupt context for multicast kludge entry.
allocate it on interface initialization.

No need for net/net_osdep.h

cosmetic sync with kame

by default, don't bark on inbound ND messages, as outsider may be able to
fill up /var with bogus packets.
setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid
ND packet and other occasions.

improve icmp6 stats.

do not remove default route by mistake, on interface removal.

silence the "no multicast" warning for IFT_ENC, too
deraadt ok

don't try to configure IPv6 on bridge*. comment from deraadt

fix missing \n. from doug@freebsd (sync with kame)

cope with interface detach (like pcmcia card removal). remove any
IPv6 addresses assigned to the interface. reported by ho, bunch of
help from niklas. KAME PR 231.

correct in6_ifdetach(). free oia, not ia.
Lennart says there are more problems to go (I don't own openbsd-current laptop).
From: Lennart Augustsson <augustss@augustsson.net>

revisit in6_ifattach(). (1) make it more persistent about initializaing an
interface (2) cleanup interface id selection.
run NUD on p2p interface (required by spec for bidir p2p interface).
add "ndp -i interface" (can tweak per-interface ND flag).
(sync with more recent kame)

do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no
concept for "broadcast".

branches: 1.6.2;
fix include file path related to ip6.

more coverage of in6_ifdetach()'s cleanup process.
bug fix in SIOCGIFADDR_IN6 (point to point case).

- improve in6_ifdetach to remove (1) multicast kludge list (2) route to
link-local allnode multicast (ff02:x::/32)
- fix ifnet refcnt'ing in multicast kludge list management.
- avoid dangling pointer in multicast kludge management.

(angelos, try this version of in6_ifdetach() - it should be better)

use proper type for in6_first_ifid (char -> u_int8_t)
suggested by: deraadt

Remove remaining unnecessary ifdefs (itojun will hate me for this :-)

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

Not assigning a link local address by default breaks various things.
A lot of code depends on a eui64 address to be present. So revert this
bit of the last commit.
OK florian@

Relax the list of interfaces which support IPv6 a bit.

No longer require IFF_MULTICAST for all interfaces. It is save to skip
this for interfaces that don't require a ND cache. Also do not assign a
link-local address in such cases. This affects point-to-point interfaces
and the NBMA / point-to-multipoint interfaces like mpe(4), mgre(4) and wg(4).
The NBMA interfaces need some alternative way to figure out the address
mapping. In the end this allows non-multicast interfaces to work with IPv6.
OK dlg@ kn@

Rename global ifnet TAILQ

Naming the list like the struct itself makes for awful grepping.
Call the global variable "ifnetlist" from now on.

There used to be kvm(3) consumers in base picking up this symbol, but those
have long been converted to other interfaces.

A few potential ports users remain, same deal as sys/net/if_var.h r1.116
"Remove struct ifnet's unused if_switchport member": they get bumped.

Previous users pointed out by deraadt
OK bluhm

Clear AUTOCONF6TEMP flag when we detach inet6.

wireguard can do ipv6, but doesnt do link local addresses.

i feel like i should add IFT_L3IPVLAN here so mgre(4) can take
advantage of this too.

from Matt Dunwoodie and Jason A. Donenfeld

ok deraadt@

Use strlcpy instead of strncpy to ensure results are NUL terminated.

ok mpi@

convert interface address change hooks to tasks and a task_list.

this follows what's been done for detach and link state hooks, and
makes handling of hooks generally more robust.

address hooks are a bit different to detach/link state hooks in
that there's only a few things that register hooks (carp, pf, vxlan),
but a lot of places to run the hooks (lots of ipv4 and ipv6 address
configuration).

an address hook cookie was in struct pfi_kif, which is part of the
pf abi. rather than break pfctl -sI, this maintains the void * used
for the cookie and uses it to store a task, which is then used as
intended with the new api.

Remove support for semantically opace interface identifiers (RFC 7217)
for IPv6 link local addresses.

Some hosting and VM providers route customer IPv6 prefixes to link
local addresses derived from ethernet MAC addresses (RFC 2464). This
leads to hard to debug IPv6 connectivity problems and is probably not
worth the effort.

RFC 7721 lists 4 weaknesses:

3.1. Correlation of Activities over Time & 3.2. Location Tracking
These are still possible with RFC 7217 addresses for an adversary
connected to the same layer 2 network (think conference wifi). Since
the link local prefix stays the same (fe80::/64) the link local
addresses do not change between different networks.
An adversary on the same layer 2 network can probably track ethernet
MAC addresses via different means, too.

3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation
These now become possible, however, as noted above a layer 2 adversary
was probably able to do this via different means.

People concerned with these weaknesses are advised to use
ifconfig lladdr random.
OK benno
input & OK kn

change rt_ifa_add and rt_ifa_del so they take an rdomain argument.

this allows mpls interfaces (mpe, mpw) to pass the rdomain they
wish the local label to be in, rather than have it implicitly forced
to 0 by these functions. right now they'll pass 0, but it will soon
be possible to have them rx packets in other rdomains.

previously the functions used ifp->if_rdomain for the rdomain.
everything other than mpls still passes ifp->if_rdomain.

ok mpi@

remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.

MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label
that they listen on for incoming packets, while every other use of
rt_ifa_add is for adding addresses on local interfaces. MPLS does
this cos the addresses involved are in basically the same shape as
ones used for setting up local addresses.

It is appropriate for interfaces to want RTF_MPATH on local addresses,
but in the MPLS case it means you can have multiple local things
listening on the same label, which doesn't actually work. mpe in
particular keeps track of in use labels to it can handle collisions,
however, mpw does not. It is currently possible to have multiple
mpw interfaces on the same local label, and sharing the same label
as mpe or possible normal forwarding labels.

Moving the RTF_MPATH flag out of rt_ifa_add means all the callers
that still want it need to pass it themselves. The mpe and mpw
callers are left alone without the flag, and will now get EEXIST
from rt_ifa_add when a label is already in use.

ok (and a huge amount of patience and help) mpi@
claudio@ is ok with the idea, but saw a much much earlier solution
to the problem

Do not join node information multicast group (RFC 4620).
Benno removed code to answer ICMP queries over 4 years ago.
Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out
that we still joined the group though.

OK sthen, bluhm, kn

Do not add ::1 on non-default lo(4) as intended.

Reported by and ok sthen@

When an interface doesn't have a layer 2 address in6_get_soii_ifid()
failes and then later on a in in6_get_ifid() a layer 2 address is
"borrowed" from from another interface.

Do the "borrowing" in in6_get_soii_ifid(), too so that semantically
opaque interface identifiers work for these kind of interfaces, too.

OK phessler, benno

When an interface doesn't have a layer 2 address in6_get_ifid()
tries to "borrow" one from another interface.
But then it checks if the U bit is set int the generated EUI64
address and rejects it.
On the other hand for interfaces that do have a layer 2 address this
check is skipped, so relax it for the "borrowing" case, too.

With this one gets stable link local addresses on e.g. gre(4)
interfaces on certain virtualisation environments depending which mac
addresses get picked for the vio(4) interfaces while previously we
would end up with a random IP on every reboot.

Reported by Aaron A. Glenn via phessler.

OK phessler, benno

Use memcpy instead of bcopy when the memory does not overlap.

OK deraadt@ florian@

Calculate RFC7217 link-local style addresses the same way as
slaacd(8).

RFC 7217 states (section 5, page 9):
| The Interface Identifier is finally obtained by taking as many
| bits from the RID value (computed in the previous step) as
| necessary, starting from the least significant bit.

Problem in slaacd pointed out by semarie@.

OK sthen, phessler

Implement RFC 7217: "A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address Autoconfiguration."

"An IPv6 address configured using this method is stable within each
subnet, but the corresponding Interface Identifier changes when the
host moves from one network to another. This method is meant to be an
alternative to generating Interface Identifiers based on hardware
addresses."

OK naddy, sthen

Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the
get_last_resort_ifid() function because eww.
Also if your system is so constraint that you end up in
in6_get_rand_ifid() you don't deserve a random ifid that stays
stable over reboots.
Simplify code a bit since get_ifid() can no longer fail. It couldn't
fail before either because that code path was #if 0'ed.
While here sprinkle in some in6_ prefixes, pointed out by stsp.
OK stsp

Purging is at last at hand. Day of Doom is here. All that is evil
shall all be cleansed.

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Input & OK bluhm@, mpi@

Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().

ok visa@

Get rid of recursive splsoftnet() in in6_ifattach_linklocal().

ok visa@

Restore the automagically added /64 route on p2p interfaces in order to
send traffic to link-local addresses without default route.

Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@

When destroying an interface, we have to wait until all references
are not used anymore. This has to be done before any interface
fields become invalid.
As the route delete request cannot call if_get() anymore, pass down
the interface. Split rtrequest_delete() into a separate function
that may take an existing inteface.
OK mpi@

Convert to rt_ifidx.

ok bluhm@

Inspired by satosin(), use inline functions to convert sockaddr dl.
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@

Now that rtrequest1(9) properly sets RTF_UP for newly added route,
stop passing it in every rt_ifa_add(9) calls.

ok claudio@

Change the order of operations for loopback interfaces to have
::1 configured before fe80::1.

(lo0:0) in pf should resolve to 127.0.0.1 ::1.

reported by and ok mikeb@

Do not install connected routes on loopback interfaces.

Previously loopback connected routes were managed via the global list
of prefixes, which mean that systems with AUTOCONF'd addresses did not
see them in the routing table.

This also makes inet6 route creation coherent with inet.

Start moving away from the global prefix list by limiting its usage to
AUTOCONF'd addresses.

This prevent the kernel from removing connected (/64) routes as soon as
it configures an AUTOCONF'd address based on a RA.

Tested by sebastia@, ok sthen@

Rework the code to decide when to perform DAD to no longer rely on the
IN6_IFF_NODAD pseudo-flag not being set.

This was just a flag for spaghetti code that should not exist in the
first place.

Tested by sebastia@, ok sthen@

Remove anoying comment about in6_update_ifa().

Merge two identical chunks to add new prefixes to the global data
structures into a function.

ok florian@

Properly layer Router Solicitation code.

Tweak and ok florian@

More damned eye searing whitespace. No change to .o files.

Do not call nd6_purge() before purging the IPv6 addresses of a detached
interface.

Fix a use after free introduced in r1.98 of netinet6/in6.c and recently
exposed by a crazy pool/malloc damage finder being currently refined by
dlg@ and deraadt@.

ok mikeb@, henning@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).

This unify some code and notify userland for free.

blambert@ agrees, ok bluhm@

Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s
email.

Ensure that link-local addresses are correctly configured on loopback
interfaces.

When the kernel automagically configures IPv6 addresses on loopback
interfaces, start by assigning a link-local address and then try to
assign "::1".

Only the first configured loopback interface per rdomain can have the
"::1" address. But even if other loopback interfaces failed to get
this address, because it is already taken, give them a chance to have
a link-local address.

While here change in6_ifattach() to return an error value and remove
duplicated code.

Fix a regression introduced by the NOINET6 flag removal.

ok henning@, stsp@, florian@, benno@

Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll
get userland notification for free.

ok blambert@, bluhm@

Correct some comments and merge in6_if_up() into in6_ifattach() to
reflect that IPv6 link-local addresses are no longer automagically
configured the first time an interface is brought up.

ok henning@, stsp@

Clear autoconf6 flag after autoconf6 cleanup happened, not before.
Otherwise clean up code will never run.
OK mpi@, benno@, henning@

Remove the NOINET6 interface flag, a left-over from the times when IPv6
was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable
an address family for an interface (currently used for IPv6 only).

New kernel needs new ifconfig for IPv6 configuration (address assignment
still works with old ifconfig making this easy to cross over).

Committing on behalf of henning@ who is currently lebensmittelvergiftet.
ok stsp, benno, mpi

replace md5 with sha512. ok deraadt

What have no need for a variable that holds the maximum MTU size of
interfaces with an IPv6 address.

ok henning@, mikeb@, deraadt@

Nuke yet more obvious #include duplications.

ok miod@

move arc4random prototype to systm.h. more appropriate for most code
to include that than rdnvar.h. ok deraadt dlg

Rename rtalloc1() into rtalloc(9) and convert its flags to only enable
functionnality instead of a mix of enable/disable.

ok bluhm@, jca@

Move sending of router solicitations to the kernel; receiving and
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.

The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.

input stsp@
much help & OK mpi@
tweaks & OK bluhm@

When a carp interface is created with IFXF_NOINET6 flag, no link-local
address will be created when the vhid (and MAC) is set. Depending on
the order of the configuration the interface can end up with a ipv6
address, but no v6 link-local and no working neigbor discovery.

Removing this case statement will result in the link-local address
being configured by "ifconfig up" if the inet6 address was configured
before. If you are using inet6 on carp, put an "up" at the end of your
hostname.if. I will work on a better solution at g2k14.

ok henning, mpi

Calling in{6,}_purgeaddr() is not enough to remove an address from
an interface. Two other operations are performed when issuing a
SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver
ioctl function.

Since carp(4) relies on an address hook to recalculate its hash, make
sure to call this hook when IFXF_NOINET6 is set or when the rdomain is
changed.

ok henning@, mikeb@

Do not include <sys/malloc.h> where it is not needed.

Fix eui64 address generation, broken since the removal of the link-layer
address from the per-ifp list.

Found the hard way by weerd@, florian@ and stsp@, ok florian@

Do not clean the multicast records of an interface when it is destroyed
(unplugged). Even if it makes no sense to keep them around if the
interface is no more, we cannot safely remove them since pcb multicast
options might keep a pointer to them.

Fixes a user after free introduced by the multicast address linking
rewrite and reported by Alexey Suslikov, thanks!

ok claudio@

Call all local valiables of type struct in6_ifaddr "ia6". This is
consistent with struct ifaddr "ifa" and struct in_ifaddr "ia".
OK mpi@

Some follow-up fixes for IFID collision handling in IPv6CP.

Really change the link-local address in the unlikely event of an IFID
collision, instead of going into an infinite conf-nak loop with the peer.

To make the netinet6 code use the IPv6CP IFID in a new link-local address,
in6_ifattach_linklocal() must accept a provided IFID. Replace the unused
'altifp' parameter with a new 'ifid' parameter for this purpose.

Always use the latest suggested address in IPv6CP replies, even if
the task to update the interface's address hasn't run yet.
Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.

ok mpi

Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too.
The route used to linger after an interface detached from IPv6.
ok mikeb

Change the way protocol multicast addresses are linked to an interface.

Instead of linking multicast records to the first configured address of
the corresponding protocol, making this address and its position in the
global list special, add them to a new list directly linked to the
interface descriptor.

This new multicast address list is similar to the address list, all its
elements contain a protocol agnostic part. This design allows us to
be able to join a multicast group without necessarily having a configured
address. That means IPv6 multicast kludges are no longer needed.

Another benefit is to be able to add and remove an IP address from an
interface without worrying about multicast records. That means that the
global IPv4 list is no longer needed since the first configured address
of an interface is no longer special.

This new list might also be extended in the future to contain the
link-layer addresses used to configure hardware filters.

Tested by sthen@ and weerd@, ok mikeb@

Remove some FDDI/ATM leftovers.

ok mikeb@, henning@, deraadt@, brad@, miod@

The header file netinet/in_var.h included netinet6/in6_var.h. This
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@

Remove a bunch of sockaddr_in6 pointer casts and replace others
with sin6tosa() or satosin6() inline functions. This allows the
compiler to check the types more strictly.
OK mpi@

Remove a block of dead code in in6_ifdetach(). It was never executed
due to the wrong & in satosin6(&ifa->ifa_addr). The link local
prefix fe80 was not checked within the IPv6 address, but within
some pointers of the interface address struct. The whole loop
around this was also never executed as all IPv6 addresses had already
been purged.
OK sperreault@ mpi@ mikeb@

Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.

ok bluhm@, mikeb@

Remove the IFAFREE() macro, the ifafree() function it was calling already
check for the reference counter.

ok mikeb@, miod@, pelikan@, kettenis@, krw@

Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro.
No binary change.
OK claudio@

Use TAILQ_FOREACH macro for loops. No binary diff.
OK henning@

Reverse the name and meaning of the IFXF_INET6_PRIVACY interface
flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy
addresses are on by default without resetting the flag during
ifconfig down/up.
OK stsp@, sperreault@ (who wrote the same diff)

Enable IPv6 autoconfprivacy by default

diff originally by stsp@
"please commit it" deraadt@
"don't care" stsp@
"don't like" bluhm@

To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is
cleaner to access the first member via ia_ifa instead of casting.
No binary change.
ok henning@ krw@

rdomain support for IPv6
ok mikeb

Simple implementation of RFC4941, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6". For those among us who are paranoid
about broadcasting their MAC address to the IPv6 internet.

Man page help from jmc, testing by weerd, arc4random API hints from djm.

ok deraadt, claudio

More destatic and ansification.

ok claudio@ naddy@

instead of fiddling with the per-interface address lists directly in
many places create a proper API (ifa_add / ifa_del) and use it.
ok theo ryan dlg

"XXX: should this be performed under splnet()?"... Yes, yes it should.
Interface configuration causes neighbour discoverery, which runs packets
through parts of the stack that require at least splsoftnet(), like pf and
pfsync.

ok dlg

ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.

ok todd deraadt naddy bluhm

rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should
be left over. OK henning@

kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>,
some I found afterwards, ok dlg

unifdef -USCOPEDROUTING

Automatically add a IPv6 link-local address to carp interfaces when the
virtual MAC address is set. Among other things, this makes route6d work
correctly on systems with carp interfaces.

In order to ensure backwards compatibility, we do not include IPv6
link-local addresses in generating the HMAC, but we accept HMACs with AND
without the link-local addresses. They will be added to the HMAC in a future
release.

In short: this change should only affect backwards compatibility for
IPv6 users who are manually adding link-local addresses on carp interfaces.

testing mtu@ todd@
ok mpf@ henning@ deraadt@

adjust functions dealing with the routing table to take a table ID as
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer

Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding
and additionaly make the code part of the MROUTING option. Put it in deraadt@

Use more queue macros rather than doing it by hand; ok otto@ krw@

carp needs a multicast kludge storage.
Fixes PR 4211.
OK mcbride@

remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@

Convert carp(4) to behave more like a regular interface, much in the same
style as vlan(4). carp interfaces no longer require the physical interface
to be on the same subnet as the carp interface, or even that the physical
interface has an adress at all, so CARP can now be used on /30 networks.

ok deraadt@ henning@

Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.
This moves md5.c out of libkern and into sys/crypto where it belongs (as
requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it).
Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@

on interface removal, clear multicast forwarding stuff. from kame

i don't think pfsync needs a link-local addr.

it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.

configure "next" pointer correctly. from j@pureftpd.org

fix pointer signedness mixup. sync w/kame

KNF - return is not a function. sync w/kame

silence some of log(), as the codepath will be visited for IPv6-non-capable
interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will
re-enable them.

whitespace

sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.

whitespace sync w/kame

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame

simplify condition to perform DAD. sync w/kame

First round of __P removal in sys

branches: 1.21.2;
whitespace/comment sync with kame

suppress printf() on non-multicast interface.
suppress ipv6 initialization for IFT_PFLOG.

don't try to enable IPv6 on IFT_PFLOG.

avoid using malloc() during interupt context for multicast kludge entry.
allocate it on interface initialization.

No need for net/net_osdep.h

cosmetic sync with kame

by default, don't bark on inbound ND messages, as outsider may be able to
fill up /var with bogus packets.
setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid
ND packet and other occasions.

improve icmp6 stats.

do not remove default route by mistake, on interface removal.

silence the "no multicast" warning for IFT_ENC, too
deraadt ok

don't try to configure IPv6 on bridge*. comment from deraadt

fix missing \n. from doug@freebsd (sync with kame)

cope with interface detach (like pcmcia card removal). remove any
IPv6 addresses assigned to the interface. reported by ho, bunch of
help from niklas. KAME PR 231.

correct in6_ifdetach(). free oia, not ia.
Lennart says there are more problems to go (I don't own openbsd-current laptop).
From: Lennart Augustsson <augustss@augustsson.net>

revisit in6_ifattach(). (1) make it more persistent about initializaing an
interface (2) cleanup interface id selection.
run NUD on p2p interface (required by spec for bidir p2p interface).
add "ndp -i interface" (can tweak per-interface ND flag).
(sync with more recent kame)

do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no
concept for "broadcast".

branches: 1.6.2;
fix include file path related to ip6.

more coverage of in6_ifdetach()'s cleanup process.
bug fix in SIOCGIFADDR_IN6 (point to point case).

- improve in6_ifdetach to remove (1) multicast kludge list (2) route to
link-local allnode multicast (ff02:x::/32)
- fix ifnet refcnt'ing in multicast kludge list management.
- avoid dangling pointer in multicast kludge management.

(angelos, try this version of in6_ifdetach() - it should be better)

use proper type for in6_first_ifid (char -> u_int8_t)
suggested by: deraadt

Remove remaining unnecessary ifdefs (itojun will hate me for this :-)

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

Rename global ifnet TAILQ

Naming the list like the struct itself makes for awful grepping.
Call the global variable "ifnetlist" from now on.

There used to be kvm(3) consumers in base picking up this symbol, but those
have long been converted to other interfaces.

A few potential ports users remain, same deal as sys/net/if_var.h r1.116
"Remove struct ifnet's unused if_switchport member": they get bumped.

Previous users pointed out by deraadt
OK bluhm

Clear AUTOCONF6TEMP flag when we detach inet6.

wireguard can do ipv6, but doesnt do link local addresses.

i feel like i should add IFT_L3IPVLAN here so mgre(4) can take
advantage of this too.

from Matt Dunwoodie and Jason A. Donenfeld

ok deraadt@

Use strlcpy instead of strncpy to ensure results are NUL terminated.

ok mpi@

convert interface address change hooks to tasks and a task_list.

this follows what's been done for detach and link state hooks, and
makes handling of hooks generally more robust.

address hooks are a bit different to detach/link state hooks in
that there's only a few things that register hooks (carp, pf, vxlan),
but a lot of places to run the hooks (lots of ipv4 and ipv6 address
configuration).

an address hook cookie was in struct pfi_kif, which is part of the
pf abi. rather than break pfctl -sI, this maintains the void * used
for the cookie and uses it to store a task, which is then used as
intended with the new api.

Remove support for semantically opace interface identifiers (RFC 7217)
for IPv6 link local addresses.

Some hosting and VM providers route customer IPv6 prefixes to link
local addresses derived from ethernet MAC addresses (RFC 2464). This
leads to hard to debug IPv6 connectivity problems and is probably not
worth the effort.

RFC 7721 lists 4 weaknesses:

3.1. Correlation of Activities over Time & 3.2. Location Tracking
These are still possible with RFC 7217 addresses for an adversary
connected to the same layer 2 network (think conference wifi). Since
the link local prefix stays the same (fe80::/64) the link local
addresses do not change between different networks.
An adversary on the same layer 2 network can probably track ethernet
MAC addresses via different means, too.

3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation
These now become possible, however, as noted above a layer 2 adversary
was probably able to do this via different means.

People concerned with these weaknesses are advised to use
ifconfig lladdr random.
OK benno
input & OK kn

change rt_ifa_add and rt_ifa_del so they take an rdomain argument.

this allows mpls interfaces (mpe, mpw) to pass the rdomain they
wish the local label to be in, rather than have it implicitly forced
to 0 by these functions. right now they'll pass 0, but it will soon
be possible to have them rx packets in other rdomains.

previously the functions used ifp->if_rdomain for the rdomain.
everything other than mpls still passes ifp->if_rdomain.

ok mpi@

remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.

MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label
that they listen on for incoming packets, while every other use of
rt_ifa_add is for adding addresses on local interfaces. MPLS does
this cos the addresses involved are in basically the same shape as
ones used for setting up local addresses.

It is appropriate for interfaces to want RTF_MPATH on local addresses,
but in the MPLS case it means you can have multiple local things
listening on the same label, which doesn't actually work. mpe in
particular keeps track of in use labels to it can handle collisions,
however, mpw does not. It is currently possible to have multiple
mpw interfaces on the same local label, and sharing the same label
as mpe or possible normal forwarding labels.

Moving the RTF_MPATH flag out of rt_ifa_add means all the callers
that still want it need to pass it themselves. The mpe and mpw
callers are left alone without the flag, and will now get EEXIST
from rt_ifa_add when a label is already in use.

ok (and a huge amount of patience and help) mpi@
claudio@ is ok with the idea, but saw a much much earlier solution
to the problem

Do not join node information multicast group (RFC 4620).
Benno removed code to answer ICMP queries over 4 years ago.
Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out
that we still joined the group though.

OK sthen, bluhm, kn

Do not add ::1 on non-default lo(4) as intended.

Reported by and ok sthen@

When an interface doesn't have a layer 2 address in6_get_soii_ifid()
failes and then later on a in in6_get_ifid() a layer 2 address is
"borrowed" from from another interface.

Do the "borrowing" in in6_get_soii_ifid(), too so that semantically
opaque interface identifiers work for these kind of interfaces, too.

OK phessler, benno

When an interface doesn't have a layer 2 address in6_get_ifid()
tries to "borrow" one from another interface.
But then it checks if the U bit is set int the generated EUI64
address and rejects it.
On the other hand for interfaces that do have a layer 2 address this
check is skipped, so relax it for the "borrowing" case, too.

With this one gets stable link local addresses on e.g. gre(4)
interfaces on certain virtualisation environments depending which mac
addresses get picked for the vio(4) interfaces while previously we
would end up with a random IP on every reboot.

Reported by Aaron A. Glenn via phessler.

OK phessler, benno

Use memcpy instead of bcopy when the memory does not overlap.

OK deraadt@ florian@

Calculate RFC7217 link-local style addresses the same way as
slaacd(8).

RFC 7217 states (section 5, page 9):
| The Interface Identifier is finally obtained by taking as many
| bits from the RID value (computed in the previous step) as
| necessary, starting from the least significant bit.

Problem in slaacd pointed out by semarie@.

OK sthen, phessler

Implement RFC 7217: "A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address Autoconfiguration."

"An IPv6 address configured using this method is stable within each
subnet, but the corresponding Interface Identifier changes when the
host moves from one network to another. This method is meant to be an
alternative to generating Interface Identifiers based on hardware
addresses."

OK naddy, sthen

Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the
get_last_resort_ifid() function because eww.
Also if your system is so constraint that you end up in
in6_get_rand_ifid() you don't deserve a random ifid that stays
stable over reboots.
Simplify code a bit since get_ifid() can no longer fail. It couldn't
fail before either because that code path was #if 0'ed.
While here sprinkle in some in6_ prefixes, pointed out by stsp.
OK stsp

Purging is at last at hand. Day of Doom is here. All that is evil
shall all be cleansed.

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Input & OK bluhm@, mpi@

Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().

ok visa@

Get rid of recursive splsoftnet() in in6_ifattach_linklocal().

ok visa@

Restore the automagically added /64 route on p2p interfaces in order to
send traffic to link-local addresses without default route.

Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@

When destroying an interface, we have to wait until all references
are not used anymore. This has to be done before any interface
fields become invalid.
As the route delete request cannot call if_get() anymore, pass down
the interface. Split rtrequest_delete() into a separate function
that may take an existing inteface.
OK mpi@

Convert to rt_ifidx.

ok bluhm@

Inspired by satosin(), use inline functions to convert sockaddr dl.
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@

Now that rtrequest1(9) properly sets RTF_UP for newly added route,
stop passing it in every rt_ifa_add(9) calls.

ok claudio@

Change the order of operations for loopback interfaces to have
::1 configured before fe80::1.

(lo0:0) in pf should resolve to 127.0.0.1 ::1.

reported by and ok mikeb@

Do not install connected routes on loopback interfaces.

Previously loopback connected routes were managed via the global list
of prefixes, which mean that systems with AUTOCONF'd addresses did not
see them in the routing table.

This also makes inet6 route creation coherent with inet.

Start moving away from the global prefix list by limiting its usage to
AUTOCONF'd addresses.

This prevent the kernel from removing connected (/64) routes as soon as
it configures an AUTOCONF'd address based on a RA.

Tested by sebastia@, ok sthen@

Rework the code to decide when to perform DAD to no longer rely on the
IN6_IFF_NODAD pseudo-flag not being set.

This was just a flag for spaghetti code that should not exist in the
first place.

Tested by sebastia@, ok sthen@

Remove anoying comment about in6_update_ifa().

Merge two identical chunks to add new prefixes to the global data
structures into a function.

ok florian@

Properly layer Router Solicitation code.

Tweak and ok florian@

More damned eye searing whitespace. No change to .o files.

Do not call nd6_purge() before purging the IPv6 addresses of a detached
interface.

Fix a use after free introduced in r1.98 of netinet6/in6.c and recently
exposed by a crazy pool/malloc damage finder being currently refined by
dlg@ and deraadt@.

ok mikeb@, henning@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).

This unify some code and notify userland for free.

blambert@ agrees, ok bluhm@

Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s
email.

Ensure that link-local addresses are correctly configured on loopback
interfaces.

When the kernel automagically configures IPv6 addresses on loopback
interfaces, start by assigning a link-local address and then try to
assign "::1".

Only the first configured loopback interface per rdomain can have the
"::1" address. But even if other loopback interfaces failed to get
this address, because it is already taken, give them a chance to have
a link-local address.

While here change in6_ifattach() to return an error value and remove
duplicated code.

Fix a regression introduced by the NOINET6 flag removal.

ok henning@, stsp@, florian@, benno@

Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll
get userland notification for free.

ok blambert@, bluhm@

Correct some comments and merge in6_if_up() into in6_ifattach() to
reflect that IPv6 link-local addresses are no longer automagically
configured the first time an interface is brought up.

ok henning@, stsp@

Clear autoconf6 flag after autoconf6 cleanup happened, not before.
Otherwise clean up code will never run.
OK mpi@, benno@, henning@

Remove the NOINET6 interface flag, a left-over from the times when IPv6
was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable
an address family for an interface (currently used for IPv6 only).

New kernel needs new ifconfig for IPv6 configuration (address assignment
still works with old ifconfig making this easy to cross over).

Committing on behalf of henning@ who is currently lebensmittelvergiftet.
ok stsp, benno, mpi

replace md5 with sha512. ok deraadt

What have no need for a variable that holds the maximum MTU size of
interfaces with an IPv6 address.

ok henning@, mikeb@, deraadt@

Nuke yet more obvious #include duplications.

ok miod@

move arc4random prototype to systm.h. more appropriate for most code
to include that than rdnvar.h. ok deraadt dlg

Rename rtalloc1() into rtalloc(9) and convert its flags to only enable
functionnality instead of a mix of enable/disable.

ok bluhm@, jca@

Move sending of router solicitations to the kernel; receiving and
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.

The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.

input stsp@
much help & OK mpi@
tweaks & OK bluhm@

When a carp interface is created with IFXF_NOINET6 flag, no link-local
address will be created when the vhid (and MAC) is set. Depending on
the order of the configuration the interface can end up with a ipv6
address, but no v6 link-local and no working neigbor discovery.

Removing this case statement will result in the link-local address
being configured by "ifconfig up" if the inet6 address was configured
before. If you are using inet6 on carp, put an "up" at the end of your
hostname.if. I will work on a better solution at g2k14.

ok henning, mpi

Calling in{6,}_purgeaddr() is not enough to remove an address from
an interface. Two other operations are performed when issuing a
SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver
ioctl function.

Since carp(4) relies on an address hook to recalculate its hash, make
sure to call this hook when IFXF_NOINET6 is set or when the rdomain is
changed.

ok henning@, mikeb@

Do not include <sys/malloc.h> where it is not needed.

Fix eui64 address generation, broken since the removal of the link-layer
address from the per-ifp list.

Found the hard way by weerd@, florian@ and stsp@, ok florian@

Do not clean the multicast records of an interface when it is destroyed
(unplugged). Even if it makes no sense to keep them around if the
interface is no more, we cannot safely remove them since pcb multicast
options might keep a pointer to them.

Fixes a user after free introduced by the multicast address linking
rewrite and reported by Alexey Suslikov, thanks!

ok claudio@

Call all local valiables of type struct in6_ifaddr "ia6". This is
consistent with struct ifaddr "ifa" and struct in_ifaddr "ia".
OK mpi@

Some follow-up fixes for IFID collision handling in IPv6CP.

Really change the link-local address in the unlikely event of an IFID
collision, instead of going into an infinite conf-nak loop with the peer.

To make the netinet6 code use the IPv6CP IFID in a new link-local address,
in6_ifattach_linklocal() must accept a provided IFID. Replace the unused
'altifp' parameter with a new 'ifid' parameter for this purpose.

Always use the latest suggested address in IPv6CP replies, even if
the task to update the interface's address hasn't run yet.
Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.

ok mpi

Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too.
The route used to linger after an interface detached from IPv6.
ok mikeb

Change the way protocol multicast addresses are linked to an interface.

Instead of linking multicast records to the first configured address of
the corresponding protocol, making this address and its position in the
global list special, add them to a new list directly linked to the
interface descriptor.

This new multicast address list is similar to the address list, all its
elements contain a protocol agnostic part. This design allows us to
be able to join a multicast group without necessarily having a configured
address. That means IPv6 multicast kludges are no longer needed.

Another benefit is to be able to add and remove an IP address from an
interface without worrying about multicast records. That means that the
global IPv4 list is no longer needed since the first configured address
of an interface is no longer special.

This new list might also be extended in the future to contain the
link-layer addresses used to configure hardware filters.

Tested by sthen@ and weerd@, ok mikeb@

Remove some FDDI/ATM leftovers.

ok mikeb@, henning@, deraadt@, brad@, miod@

The header file netinet/in_var.h included netinet6/in6_var.h. This
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@

Remove a bunch of sockaddr_in6 pointer casts and replace others
with sin6tosa() or satosin6() inline functions. This allows the
compiler to check the types more strictly.
OK mpi@

Remove a block of dead code in in6_ifdetach(). It was never executed
due to the wrong & in satosin6(&ifa->ifa_addr). The link local
prefix fe80 was not checked within the IPv6 address, but within
some pointers of the interface address struct. The whole loop
around this was also never executed as all IPv6 addresses had already
been purged.
OK sperreault@ mpi@ mikeb@

Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.

ok bluhm@, mikeb@

Remove the IFAFREE() macro, the ifafree() function it was calling already
check for the reference counter.

ok mikeb@, miod@, pelikan@, kettenis@, krw@

Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro.
No binary change.
OK claudio@

Use TAILQ_FOREACH macro for loops. No binary diff.
OK henning@

Reverse the name and meaning of the IFXF_INET6_PRIVACY interface
flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy
addresses are on by default without resetting the flag during
ifconfig down/up.
OK stsp@, sperreault@ (who wrote the same diff)

Enable IPv6 autoconfprivacy by default

diff originally by stsp@
"please commit it" deraadt@
"don't care" stsp@
"don't like" bluhm@

To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is
cleaner to access the first member via ia_ifa instead of casting.
No binary change.
ok henning@ krw@

rdomain support for IPv6
ok mikeb

Simple implementation of RFC4941, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6". For those among us who are paranoid
about broadcasting their MAC address to the IPv6 internet.

Man page help from jmc, testing by weerd, arc4random API hints from djm.

ok deraadt, claudio

More destatic and ansification.

ok claudio@ naddy@

instead of fiddling with the per-interface address lists directly in
many places create a proper API (ifa_add / ifa_del) and use it.
ok theo ryan dlg

"XXX: should this be performed under splnet()?"... Yes, yes it should.
Interface configuration causes neighbour discoverery, which runs packets
through parts of the stack that require at least splsoftnet(), like pf and
pfsync.

ok dlg

ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.

ok todd deraadt naddy bluhm

rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should
be left over. OK henning@

kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>,
some I found afterwards, ok dlg

unifdef -USCOPEDROUTING

Automatically add a IPv6 link-local address to carp interfaces when the
virtual MAC address is set. Among other things, this makes route6d work
correctly on systems with carp interfaces.

In order to ensure backwards compatibility, we do not include IPv6
link-local addresses in generating the HMAC, but we accept HMACs with AND
without the link-local addresses. They will be added to the HMAC in a future
release.

In short: this change should only affect backwards compatibility for
IPv6 users who are manually adding link-local addresses on carp interfaces.

testing mtu@ todd@
ok mpf@ henning@ deraadt@

adjust functions dealing with the routing table to take a table ID as
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer

Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding
and additionaly make the code part of the MROUTING option. Put it in deraadt@

Use more queue macros rather than doing it by hand; ok otto@ krw@

carp needs a multicast kludge storage.
Fixes PR 4211.
OK mcbride@

remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@

Convert carp(4) to behave more like a regular interface, much in the same
style as vlan(4). carp interfaces no longer require the physical interface
to be on the same subnet as the carp interface, or even that the physical
interface has an adress at all, so CARP can now be used on /30 networks.

ok deraadt@ henning@

Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.
This moves md5.c out of libkern and into sys/crypto where it belongs (as
requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it).
Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@

on interface removal, clear multicast forwarding stuff. from kame

i don't think pfsync needs a link-local addr.

it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.

configure "next" pointer correctly. from j@pureftpd.org

fix pointer signedness mixup. sync w/kame

KNF - return is not a function. sync w/kame

silence some of log(), as the codepath will be visited for IPv6-non-capable
interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will
re-enable them.

whitespace

sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.

whitespace sync w/kame

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame

simplify condition to perform DAD. sync w/kame

First round of __P removal in sys

branches: 1.21.2;
whitespace/comment sync with kame

suppress printf() on non-multicast interface.
suppress ipv6 initialization for IFT_PFLOG.

don't try to enable IPv6 on IFT_PFLOG.

avoid using malloc() during interupt context for multicast kludge entry.
allocate it on interface initialization.

No need for net/net_osdep.h

cosmetic sync with kame

by default, don't bark on inbound ND messages, as outsider may be able to
fill up /var with bogus packets.
setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid
ND packet and other occasions.

improve icmp6 stats.

do not remove default route by mistake, on interface removal.

silence the "no multicast" warning for IFT_ENC, too
deraadt ok

don't try to configure IPv6 on bridge*. comment from deraadt

fix missing \n. from doug@freebsd (sync with kame)

cope with interface detach (like pcmcia card removal). remove any
IPv6 addresses assigned to the interface. reported by ho, bunch of
help from niklas. KAME PR 231.

correct in6_ifdetach(). free oia, not ia.
Lennart says there are more problems to go (I don't own openbsd-current laptop).
From: Lennart Augustsson <augustss@augustsson.net>

revisit in6_ifattach(). (1) make it more persistent about initializaing an
interface (2) cleanup interface id selection.
run NUD on p2p interface (required by spec for bidir p2p interface).
add "ndp -i interface" (can tweak per-interface ND flag).
(sync with more recent kame)

do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no
concept for "broadcast".

branches: 1.6.2;
fix include file path related to ip6.

more coverage of in6_ifdetach()'s cleanup process.
bug fix in SIOCGIFADDR_IN6 (point to point case).

- improve in6_ifdetach to remove (1) multicast kludge list (2) route to
link-local allnode multicast (ff02:x::/32)
- fix ifnet refcnt'ing in multicast kludge list management.
- avoid dangling pointer in multicast kludge management.

(angelos, try this version of in6_ifdetach() - it should be better)

use proper type for in6_first_ifid (char -> u_int8_t)
suggested by: deraadt

Remove remaining unnecessary ifdefs (itojun will hate me for this :-)

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

Clear AUTOCONF6TEMP flag when we detach inet6.

wireguard can do ipv6, but doesnt do link local addresses.

i feel like i should add IFT_L3IPVLAN here so mgre(4) can take
advantage of this too.

from Matt Dunwoodie and Jason A. Donenfeld

ok deraadt@

Use strlcpy instead of strncpy to ensure results are NUL terminated.

ok mpi@

convert interface address change hooks to tasks and a task_list.

this follows what's been done for detach and link state hooks, and
makes handling of hooks generally more robust.

address hooks are a bit different to detach/link state hooks in
that there's only a few things that register hooks (carp, pf, vxlan),
but a lot of places to run the hooks (lots of ipv4 and ipv6 address
configuration).

an address hook cookie was in struct pfi_kif, which is part of the
pf abi. rather than break pfctl -sI, this maintains the void * used
for the cookie and uses it to store a task, which is then used as
intended with the new api.

Remove support for semantically opace interface identifiers (RFC 7217)
for IPv6 link local addresses.

Some hosting and VM providers route customer IPv6 prefixes to link
local addresses derived from ethernet MAC addresses (RFC 2464). This
leads to hard to debug IPv6 connectivity problems and is probably not
worth the effort.

RFC 7721 lists 4 weaknesses:

3.1. Correlation of Activities over Time & 3.2. Location Tracking
These are still possible with RFC 7217 addresses for an adversary
connected to the same layer 2 network (think conference wifi). Since
the link local prefix stays the same (fe80::/64) the link local
addresses do not change between different networks.
An adversary on the same layer 2 network can probably track ethernet
MAC addresses via different means, too.

3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation
These now become possible, however, as noted above a layer 2 adversary
was probably able to do this via different means.

People concerned with these weaknesses are advised to use
ifconfig lladdr random.
OK benno
input & OK kn

change rt_ifa_add and rt_ifa_del so they take an rdomain argument.

this allows mpls interfaces (mpe, mpw) to pass the rdomain they
wish the local label to be in, rather than have it implicitly forced
to 0 by these functions. right now they'll pass 0, but it will soon
be possible to have them rx packets in other rdomains.

previously the functions used ifp->if_rdomain for the rdomain.
everything other than mpls still passes ifp->if_rdomain.

ok mpi@

remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.

MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label
that they listen on for incoming packets, while every other use of
rt_ifa_add is for adding addresses on local interfaces. MPLS does
this cos the addresses involved are in basically the same shape as
ones used for setting up local addresses.

It is appropriate for interfaces to want RTF_MPATH on local addresses,
but in the MPLS case it means you can have multiple local things
listening on the same label, which doesn't actually work. mpe in
particular keeps track of in use labels to it can handle collisions,
however, mpw does not. It is currently possible to have multiple
mpw interfaces on the same local label, and sharing the same label
as mpe or possible normal forwarding labels.

Moving the RTF_MPATH flag out of rt_ifa_add means all the callers
that still want it need to pass it themselves. The mpe and mpw
callers are left alone without the flag, and will now get EEXIST
from rt_ifa_add when a label is already in use.

ok (and a huge amount of patience and help) mpi@
claudio@ is ok with the idea, but saw a much much earlier solution
to the problem

Do not join node information multicast group (RFC 4620).
Benno removed code to answer ICMP queries over 4 years ago.
Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out
that we still joined the group though.

OK sthen, bluhm, kn

Do not add ::1 on non-default lo(4) as intended.

Reported by and ok sthen@

When an interface doesn't have a layer 2 address in6_get_soii_ifid()
failes and then later on a in in6_get_ifid() a layer 2 address is
"borrowed" from from another interface.

Do the "borrowing" in in6_get_soii_ifid(), too so that semantically
opaque interface identifiers work for these kind of interfaces, too.

OK phessler, benno

When an interface doesn't have a layer 2 address in6_get_ifid()
tries to "borrow" one from another interface.
But then it checks if the U bit is set int the generated EUI64
address and rejects it.
On the other hand for interfaces that do have a layer 2 address this
check is skipped, so relax it for the "borrowing" case, too.

With this one gets stable link local addresses on e.g. gre(4)
interfaces on certain virtualisation environments depending which mac
addresses get picked for the vio(4) interfaces while previously we
would end up with a random IP on every reboot.

Reported by Aaron A. Glenn via phessler.

OK phessler, benno

Use memcpy instead of bcopy when the memory does not overlap.

OK deraadt@ florian@

Calculate RFC7217 link-local style addresses the same way as
slaacd(8).

RFC 7217 states (section 5, page 9):
| The Interface Identifier is finally obtained by taking as many
| bits from the RID value (computed in the previous step) as
| necessary, starting from the least significant bit.

Problem in slaacd pointed out by semarie@.

OK sthen, phessler

Implement RFC 7217: "A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address Autoconfiguration."

"An IPv6 address configured using this method is stable within each
subnet, but the corresponding Interface Identifier changes when the
host moves from one network to another. This method is meant to be an
alternative to generating Interface Identifiers based on hardware
addresses."

OK naddy, sthen

Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the
get_last_resort_ifid() function because eww.
Also if your system is so constraint that you end up in
in6_get_rand_ifid() you don't deserve a random ifid that stays
stable over reboots.
Simplify code a bit since get_ifid() can no longer fail. It couldn't
fail before either because that code path was #if 0'ed.
While here sprinkle in some in6_ prefixes, pointed out by stsp.
OK stsp

Purging is at last at hand. Day of Doom is here. All that is evil
shall all be cleansed.

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Input & OK bluhm@, mpi@

Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().

ok visa@

Get rid of recursive splsoftnet() in in6_ifattach_linklocal().

ok visa@

Restore the automagically added /64 route on p2p interfaces in order to
send traffic to link-local addresses without default route.

Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@

When destroying an interface, we have to wait until all references
are not used anymore. This has to be done before any interface
fields become invalid.
As the route delete request cannot call if_get() anymore, pass down
the interface. Split rtrequest_delete() into a separate function
that may take an existing inteface.
OK mpi@

Convert to rt_ifidx.

ok bluhm@

Inspired by satosin(), use inline functions to convert sockaddr dl.
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@

Now that rtrequest1(9) properly sets RTF_UP for newly added route,
stop passing it in every rt_ifa_add(9) calls.

ok claudio@

Change the order of operations for loopback interfaces to have
::1 configured before fe80::1.

(lo0:0) in pf should resolve to 127.0.0.1 ::1.

reported by and ok mikeb@

Do not install connected routes on loopback interfaces.

Previously loopback connected routes were managed via the global list
of prefixes, which mean that systems with AUTOCONF'd addresses did not
see them in the routing table.

This also makes inet6 route creation coherent with inet.

Start moving away from the global prefix list by limiting its usage to
AUTOCONF'd addresses.

This prevent the kernel from removing connected (/64) routes as soon as
it configures an AUTOCONF'd address based on a RA.

Tested by sebastia@, ok sthen@