Implement rule 5.5 of RFC 6724 (Default Address Selection for IPv6)

Rule 5.5: Prefer addresses in a prefix advertised by the next-hop.

For this we have to track the (link-local) address of the advertising
router per interface address and compare it with the selected route.

Rule 5.5 is useful in multi-homing setups where we have more than one
prefix and default router. We have to use the source address with the
correct default gateway otherwise traffic is likely going to be
dropped because of BCP 38.

While here refactor in6_update_ifa() a bit to make the code clearer
and consistently use (var & flag) instead of (var & flag) != 0.

Patiently reviewed by & OK bluhm.

Combine route_cache() and rtalloc_mpath() in new route_mpath().

Fill and check the cache and call rtalloc_mpath() together. Then
the caller of route_mpath() does not have to care about the uint32_t
*src pointer and just pass struct in_addr. All the conversions are
done inside the functions.

A previous version of this diff was backed out. There was an
additional rtisvalid() in rtalloc_mpath() that prevented packet
output via interfaces that were not up. Now the route in the cache
has to be valid, but after new lookup, rtalloc_mpath() may return
invalid routes. This generates less errors in userland an preserves
existing behavior.

OK sashan@

revert "Combine route_cache() and rtalloc_mpath() in new route_mpath()"

It breaks NFS.

ok claudio@

Combine route_cache() and rtalloc_mpath() in new route_mpath().

Fill and check the cache and call rtalloc_mpath() together. Then
the caller of route_mpath() does not have to care about the uint32_t
*src pointer and just pass struct in_addr. All the conversions are
done inside the functions. ro->ro_rt is either valid or NULL. Note
that some places have a stricter rtisvalid() now compared to the
previous NULL check.

OK claudio@

Make the route cache aware of multipath routing.

Pass source address to route_cache() and store it in struct route.
Cached multipath routes are only valid if source address matches.
If sysctl multipath changes, increase route generation number.

OK claudio@

Merge struct route and struct route_in6.

Use a common struct route for both inet and inet6. Unfortunately
struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has
to be exposed from net/route.h. Struct route has to be bsd visible
for userland as netstat kvm code inspects inp_route. Internet PCB
and TCP SYN cache can use a plain struct route now. All specific
sockaddr types for inet and inet6 are embeded there.

OK claudio@

Route cache function returns hit or miss.

The route_cache() function can easily return whether it was a cache
hit or miss. Then the logic to perform a route lookup gets a bit
simpler. Some more complicated if (ro->ro_rt == NULL) checks still
exist elsewhere.
Also use route cache in in_pcbselsrc() instead of filling struct
route manually.

OK claudio@

Use the route generation number also for IPv6.

Implement route6_cache() to check whether the cached route is still
valid and otherwise fill caching parameter of struct route_in6.
Also count cache hits and misses in netstat. in_pcbrtentry() uses
route cache now.

OK claudio@

Convert some struct inpcb parameter to const pointer.

OK millert@

Use inpcb table mutex to set addresses.

Protect all remaining write access to inp_faddr and inp_laddr with
inpcb table mutex. Document inpcb locking for foreign and local
address and port and routing table id. Reading will be made MP
safe by adding per socket rw-locks in a next step.

OK sashan@ mvs@

Rename all in6p local variables to inp.

There exists no struct in6pcb in OpenBSD, this was an old kame idea.
Calling the local variable in6p does not make sense, it is actually
a struct inpcb. Also in6p is not used consistently in inet6 code.
Having the same convention for IPv4 and IPv6 is less confusing.

OK sashan@ mvs@

Make internet PCB connect more consistent.

The public interface is in_pcbconnect(). It dispatches to
in6_pcbconnect() if necessary. Call the former from tcp_connect()
and udp_connect().
In in6_pcbconnect() initialization in6a = NULL is not necessary.
in6_pcbselsrc() sets the pointer, but does not read the value.
Pass a constant in6_addr pointer to in6_pcbselsrc() and in6_selectsrc().
It returns a reference to the address of some internal data structure.
We want to be sure that in6_addr is not modified this way. IPv4
in_pcbselsrc() solves this by passing a copy of the address.

OK kn@ sashan@ mvs@

Remove struct inpcb from in6_embedscope() parameters.

rip6_output() did modify inp_outputopts6 temporarily to provide
different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6
and inp_moptions6 as separate arguments to in6_embedscope().
Simplify the code that deals with these options in in6_embedscope().
Doucument inp_moptions and inp_moptions6 as protected by net lock.

OK kn@

Delete unnecessary #includes of <sys/domain.h> and/or <sys/protosw.h>

net/if_pppx.c pointed out by jsg@
ok gnezdo@ deraadt@ jsg@ mpi@ millert@

spelling

ok gnezdo@ semarie@ mpi@

Rework source IP address setting.

- Move most of the processing out of rtable.c (reasonnable tb@, ok bluhm@)
- Remove memory allocation, store pointer to existing ifaddr
- Fix tunnel interface handling

looks fine mpi@

Replace wrong cast with satosin.

Advised by bluhm@

Add feature to force the selection of source IP address

Based/previous work on an idea from deraadt@
Input from claudio@, djm@, deraadt@, sthen@

OK deraadt@

Rremoves 'struct route_in6 *' argument from in6_selectsrc().

Move the corresponding code in in6_pcbselsrc(). This reduces
differences with IPv4 and will help us to get rid of 'struct route*'.

ok vgross@

in6_selectroute should never get a valid struct route * filled with something
else than AF_INET6.

Ok florian@

Commit in6_selectsrc() split again, with missing assignment fixed.

Revert in_selectsrc() refactoring, it breaks IPv6.

Reported by Heiko on bugs@.

ok stsp@, claudio@

Split in6_selectsrc() into a low-level part and a pcb-level part, and
convert in_selectsrc() prototype to match.

Ok bluhm@ mpi@.

Expand IN6_IFF_NOTREADY, ok bluhm@

Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magic
addresses set on p2p interfaces.

Found the hardway by naddy@

Use ``rt_addr'' rather than ``rt_ifa'' to get the source address
corresponding to a route.

ok florian@ on a previous version, input and ok bluhm@

Kill outdated comment. Reading the code is enough.

ok sthen@ bluhm@

Remove useless "if() else", multicast and unicast v6 route lookups are
actually the same. This has been introduced in r1.7 to prevent RTM_MISS
storms, but we don't send this message anymore.

ok @mpi

Kill the RT_REPORT flag to rtalloc() and stop sending RTM_MISS messages
for failed route lookups. This is something that was maybe useful in the
90is but in this modern times it is just annoying and nothing expect it
anyway. OK mpi@, sthen@

Remove IPV6_NEXTHOP implementation. Source routing is considered to be
a bad idea these days.
kill it mpi@
general agreement in the network hackers room at u2k15

Use the "modern" way to check if a route entry correspond to a local
address.

Fix a regression introduced when removing the lo0 hack.

ok florian@

Convert to rt_ifidx.

ok bluhm@

Ignore Router Advertisment's current hop limit.

Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.

Imputs from bluhm@, ok phessler@, florian@, bluhm@

Convert some if_ref() to if_get().

ok claudio@

Use rt_ifp instead of rt_ifa->ifa_ifp.

ok bluhm@

Stop checking for RTF_UP directly, call rtisvalid(9) instead.

While here add two missing ``rtableid'' checks in in6_selectsrc().

ok bluhm@

Use rtisivalid(9) to check if the given (cached) route can be used.

Note that after calling rtalloc(9) we only check if a route has been
returned or not and do not check for its validity. This cannot be
improved without a massive refactoring.

The kernel currently *do* use !RTF_UP route due to a mismatch between
the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code.

I'd explain the RTF_UP flag as follow:

. If a cached route entry w/o RTF_UP is passed to ip{6,}_output(),
. call rtalloc(9) to see if a better entry is present in the tree.

This is enough to support MPATH and route cache invalidation.

ok bluhm@

Do not manually decrement rt's refcounter in nd6_lookup() and let the
callers rtfree(9) it.

Inputs and ok bluhm@

if_put after if_get for in6_src and ip6_output which got a lot easier after
all the cleanup by mpi@ since we no longer overwrite ifps, etc. OK dlg@

Rewrite in6_selectroute() to no longer return an ifp.

The returned "struct rtentry" is either the cached one or the one passed
in options.

ok claudio@

Move the multicast option parsing out of in6_selectroute().

ok claudio@

Kill selectroute().

ok claudio@

in6_embedscope() needs to lose some weight. Remove the last argument.
In all but two calls NULL is passed and in the other 2 cases the ifp
is only used to maybe feed it to in6_selecthlim() to select the hoplimit
for the link. Since in6_embedscope() only works on link-local addresses
it does not matter what hop limit we select since the destination is
directly reachable.
OK florian@ mpi@

It is time to put inet6 on a diet. Use the flensing knife and cut out
the 3rd argument of in6_recoverscope() and make it return void.
OK dlg@ mikeb@

Revert (again!) the two uses of rtisvalid(9), they break NFS!

Found the hardway by naddy@

Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).

This introduces a behavior change as we now reject !RTF_UP routes to
output packets. This stricter check exposed a bug in the setup of
new routes and was the reason for the previous revert. This should
be now fixed by r1.229 of sys/net/route.c .

ok bluhm@

Revert the two uses of rtisvalid(9) for the moment, it breaks dhclient(8)
configured networks on RAMDISK kernels.

The problem is that the default route installed by dhclient(8) does not
have the RTF_UP flag in this environement and rtisvalid(9) doesn't allow
you to use a RTF_DOWN route.

Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).

ok bluhm@

More damned eye searing whitespace. No change to .o files.

Use an interface index instead of a pointer for multicast options.

Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.

Prevent a fault upon resume reported by frantisek holop, thanks!

ok mikeb@, claudio@

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

Rename rtalloc1() into rtalloc(9) and convert its flags to only enable
functionnality instead of a mix of enable/disable.

ok bluhm@, jca@

Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and
kill the macro.

ok mikeb@, henning@

Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer
rely on "struct route" that should die.

ok claudio@

Fewer <netinet/in_systm.h> !

Do not include <sys/malloc.h> where it is not needed.

we'll do fine without casting NULL to struct foo * / void *
ok gcc & md5 (alas, no binary change)

Invert the signature logic of in{,6}_selectsrc, make them return the
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@

Retire kernel support for SO_DONTROUTE, this time without breaking
localhost connections.

The plan is to always use the routing table for addresses and routes
resolutions, so there is no future for an option that wants to bypass
it. This option has never been implemented for IPv6 anyway, so let's
just remove the IPv4 bits that you weren't aware of.

Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@

revert "Retire kernel support for SO_DONTROUTE" diff, which does bad things
for localhost connections. discussed with deraadt@

Retire kernel support for SO_DONTROUTE, since the plan is to always
use the routing table there's no future for an option that wants to
bypass it. This option has never been implemented for IPv6 anyway,
so let's just remove the IPv4 bits that you weren't aware of.

Tested by florian@, man pages inputs from jmc@, ok benno@

ANSIfy a declaration, no object change.

Propagate an rdomain number to the nd6_lookup independently from
the ifp pointer which can be NULL. This prevents a crash reported
by David Hill <dhill at mindcry ! org>. OK bluhm

Replace most of our formating functions to convert IPv4/6 addresses from
network to presentation format to inet_ntop().

The few remaining functions will be soon converted.

ok mikeb@, deraadt@ and moral support from henning@

Back when some NRL code was merged into KAME to create the *BSD IPV6
stack (factoid: by a bunch of people in my living room), some compatibility
#define's were created to shim incompatible inpcb access methods. There
was an understanding they would eventually be removed. Since they are
error prone, and 1999 is a long time ago, now they die.
ok mikeb claudio mpi

Sprinkle a lot more IPv6 routing domains support in the kernel.

Mostly mechanical, setting and passing the rdomain and rtable correctly.
Not yet enabled.

Lots of help and hints from claudio and bluhm

OK claudio@, bluhm@

The header file netinet/in_var.h included netinet6/in6_var.h. This
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@

Remove a bunch of sockaddr_in6 pointer casts and replace others
with sin6tosa() or satosin6() inline functions. This allows the
compiler to check the types more strictly.
OK mpi@

no need for a lot of code to include proc.h

Unfortunately the satosin, sintosa, ifatoia, satosin6, sin6tosa,
ifatoia6 macros do not check the source type. They just cast
anything. Remove needless casts and do not use those macros if the
source type does not match. Remove duplicate defines.
No binary change. OK kettenis@ krw@

Introduce if_get() to retrieve an interface descriptor pointer given
an interface index and replace all the redondant checks and accesses
to a global array by a call to this function.

With imputs from and ok bluhm@, mikeb@

Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro.
No binary change.
OK claudio@

rdomain support for IPv6
ok mikeb

Several fixes for the IPV6_PKTINFO handling with sendmsg(2)

Verify that the address in the in6_pktinfo structure included
in the control message is unicast and configured on the local
host. Additional checks prevent from using non-routable
addresses and inactive interfaces.

Embed the scope identifier into the link local addresses as
required by the stack. Do not force users to provide valid
interface index in the ipi6_ifindex but look it up in place
if needed.

ok bluhm, waived by deraadt for the release.

Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1
accept flags for report and nocloning. Move the rtableid into struct route
(with a minor twist for now) and make a few more codepathes rdomain aware.
Appart from the pf.c and route.c bits the diff is mostly mechanical.
More to come...
OK michele, henning

More destatic and ansification.

ok claudio@ naddy@

When accessing cached routes make sure the route is actually still valid.
Before accessing a ro_rt make sure the route is either freshly allocated or
RTF_UP is set. If not ro_rt should be freed and reallocated or at least no
info from the ro_rt should be considered valid.
This seems to solve the crashes seen by Felipe Alfaro Solana.
some sort of OK dlg@

de-__P. noted by Dries Schellekens

switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542).
the kernel still handles RFC2292 set/getsockopts, so that compiled binary
has no trouble running. userland sees RFC3542 symbols only on header file
so new code has to use RFC3542 API.

bump libc shlib minor for function additions.

tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.

change semantics of ff01::/16 to interface local multicast
(to sync up with more recent IPv6 spec)

ok from: deraadt mcbride

Add support for equal-cost multipath IP.

To minimise path disruptions, this implements recommendations made in RFC2992 -
the hash-threshold mechanism to select paths based on source/destination IP
address pairs, and inserts multipath routes in the middle of the route table.

To enable multipath distribution, use:
sysctl net.inet.ip.multipath=1
and/or:
sysctl net.inet6.ip6.multipath=1

testing norby@
ok claudio@ henning@ hshoexer@

adjust functions dealing with the routing table to take a table ID as
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer

sin6_scope_id maps to interface indices for link local addresses only!
(unlikely to be used with other scopes for now, but we should be
correct anyway)

From drochner NetBSD

ok deraadt@

use if_indexlim (instead of if_index) and ifindex2ifnet[x] != NULL
to check if interface exists, as (1) if_index will have different meaning
(2) ifindex2ifnet could become NULL when interface gets destroyed,
when we introduce dynamically-created interfaces. markus ok

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

KNF - return is not a function. sync w/kame

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

rm obsolete comment

branches: 1.11.6;
enable FAKE_LOOPBACK_IF case by default.
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).

fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).

sync with kame.

amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only).
add in6_clearscope. sync better with kame

allow changing number of loopbacks in ukc.
change rest of the code to use lo0ifp pointing
to the corresponding struct ifnet.
itojun@ and niklas@ ok

correct in6_recoverscope() for multicast loopback case.

lookup routing table for multicast too, to allow scoped IPv6 multicast
to go out of the node. "ping6 ff02::1%wi0" will work fine with this
(and should correct route6d behavior too)

this is major issue for IPv6. i think this needs to become an erratta entry.
sorry about this.

don't panic even if in6p == NULL.
(this should have been there with tcp_ident change... sorry)

allow link-local IPv6 addres in in6_pcbbind.

branches: 1.4.2;
bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)

branches: 1.3.2;
fix include file path related to ip6.

Remove remaining unnecessary ifdefs (itojun will hate me for this :-)

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

Combine route_cache() and rtalloc_mpath() in new route_mpath().

Fill and check the cache and call rtalloc_mpath() together. Then
the caller of route_mpath() does not have to care about the uint32_t
*src pointer and just pass struct in_addr. All the conversions are
done inside the functions.

A previous version of this diff was backed out. There was an
additional rtisvalid() in rtalloc_mpath() that prevented packet
output via interfaces that were not up. Now the route in the cache
has to be valid, but after new lookup, rtalloc_mpath() may return
invalid routes. This generates less errors in userland an preserves
existing behavior.

OK sashan@

revert "Combine route_cache() and rtalloc_mpath() in new route_mpath()"

It breaks NFS.

ok claudio@

Combine route_cache() and rtalloc_mpath() in new route_mpath().

Fill and check the cache and call rtalloc_mpath() together. Then
the caller of route_mpath() does not have to care about the uint32_t
*src pointer and just pass struct in_addr. All the conversions are
done inside the functions. ro->ro_rt is either valid or NULL. Note
that some places have a stricter rtisvalid() now compared to the
previous NULL check.

OK claudio@

Make the route cache aware of multipath routing.

Pass source address to route_cache() and store it in struct route.
Cached multipath routes are only valid if source address matches.
If sysctl multipath changes, increase route generation number.

OK claudio@

Merge struct route and struct route_in6.

Use a common struct route for both inet and inet6. Unfortunately
struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has
to be exposed from net/route.h. Struct route has to be bsd visible
for userland as netstat kvm code inspects inp_route. Internet PCB
and TCP SYN cache can use a plain struct route now. All specific
sockaddr types for inet and inet6 are embeded there.

OK claudio@

Route cache function returns hit or miss.

The route_cache() function can easily return whether it was a cache
hit or miss. Then the logic to perform a route lookup gets a bit
simpler. Some more complicated if (ro->ro_rt == NULL) checks still
exist elsewhere.
Also use route cache in in_pcbselsrc() instead of filling struct
route manually.

OK claudio@

Use the route generation number also for IPv6.

Implement route6_cache() to check whether the cached route is still
valid and otherwise fill caching parameter of struct route_in6.
Also count cache hits and misses in netstat. in_pcbrtentry() uses
route cache now.

OK claudio@

Convert some struct inpcb parameter to const pointer.

OK millert@

Use inpcb table mutex to set addresses.

Protect all remaining write access to inp_faddr and inp_laddr with
inpcb table mutex. Document inpcb locking for foreign and local
address and port and routing table id. Reading will be made MP
safe by adding per socket rw-locks in a next step.

OK sashan@ mvs@

Rename all in6p local variables to inp.

There exists no struct in6pcb in OpenBSD, this was an old kame idea.
Calling the local variable in6p does not make sense, it is actually
a struct inpcb. Also in6p is not used consistently in inet6 code.
Having the same convention for IPv4 and IPv6 is less confusing.

OK sashan@ mvs@

Make internet PCB connect more consistent.

The public interface is in_pcbconnect(). It dispatches to
in6_pcbconnect() if necessary. Call the former from tcp_connect()
and udp_connect().
In in6_pcbconnect() initialization in6a = NULL is not necessary.
in6_pcbselsrc() sets the pointer, but does not read the value.
Pass a constant in6_addr pointer to in6_pcbselsrc() and in6_selectsrc().
It returns a reference to the address of some internal data structure.
We want to be sure that in6_addr is not modified this way. IPv4
in_pcbselsrc() solves this by passing a copy of the address.

OK kn@ sashan@ mvs@

Remove struct inpcb from in6_embedscope() parameters.

rip6_output() did modify inp_outputopts6 temporarily to provide
different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6
and inp_moptions6 as separate arguments to in6_embedscope().
Simplify the code that deals with these options in in6_embedscope().
Doucument inp_moptions and inp_moptions6 as protected by net lock.

OK kn@

Delete unnecessary #includes of <sys/domain.h> and/or <sys/protosw.h>

net/if_pppx.c pointed out by jsg@
ok gnezdo@ deraadt@ jsg@ mpi@ millert@

spelling

ok gnezdo@ semarie@ mpi@

Rework source IP address setting.

- Move most of the processing out of rtable.c (reasonnable tb@, ok bluhm@)
- Remove memory allocation, store pointer to existing ifaddr
- Fix tunnel interface handling

looks fine mpi@

Replace wrong cast with satosin.

Advised by bluhm@

Add feature to force the selection of source IP address

Based/previous work on an idea from deraadt@
Input from claudio@, djm@, deraadt@, sthen@

OK deraadt@

Rremoves 'struct route_in6 *' argument from in6_selectsrc().

Move the corresponding code in in6_pcbselsrc(). This reduces
differences with IPv4 and will help us to get rid of 'struct route*'.

ok vgross@

in6_selectroute should never get a valid struct route * filled with something
else than AF_INET6.

Ok florian@

Commit in6_selectsrc() split again, with missing assignment fixed.

Revert in_selectsrc() refactoring, it breaks IPv6.

Reported by Heiko on bugs@.

ok stsp@, claudio@

Split in6_selectsrc() into a low-level part and a pcb-level part, and
convert in_selectsrc() prototype to match.

Ok bluhm@ mpi@.

Expand IN6_IFF_NOTREADY, ok bluhm@

Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magic
addresses set on p2p interfaces.

Found the hardway by naddy@

Use ``rt_addr'' rather than ``rt_ifa'' to get the source address
corresponding to a route.

ok florian@ on a previous version, input and ok bluhm@

Kill outdated comment. Reading the code is enough.

ok sthen@ bluhm@

Remove useless "if() else", multicast and unicast v6 route lookups are
actually the same. This has been introduced in r1.7 to prevent RTM_MISS
storms, but we don't send this message anymore.

ok @mpi

Kill the RT_REPORT flag to rtalloc() and stop sending RTM_MISS messages
for failed route lookups. This is something that was maybe useful in the
90is but in this modern times it is just annoying and nothing expect it
anyway. OK mpi@, sthen@

Remove IPV6_NEXTHOP implementation. Source routing is considered to be
a bad idea these days.
kill it mpi@
general agreement in the network hackers room at u2k15

Use the "modern" way to check if a route entry correspond to a local
address.

Fix a regression introduced when removing the lo0 hack.

ok florian@

Convert to rt_ifidx.

ok bluhm@

Ignore Router Advertisment's current hop limit.

Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.

Imputs from bluhm@, ok phessler@, florian@, bluhm@

Convert some if_ref() to if_get().

ok claudio@

Use rt_ifp instead of rt_ifa->ifa_ifp.

ok bluhm@

Stop checking for RTF_UP directly, call rtisvalid(9) instead.

While here add two missing ``rtableid'' checks in in6_selectsrc().

ok bluhm@

Use rtisivalid(9) to check if the given (cached) route can be used.

Note that after calling rtalloc(9) we only check if a route has been
returned or not and do not check for its validity. This cannot be
improved without a massive refactoring.

The kernel currently *do* use !RTF_UP route due to a mismatch between
the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code.

I'd explain the RTF_UP flag as follow:

. If a cached route entry w/o RTF_UP is passed to ip{6,}_output(),
. call rtalloc(9) to see if a better entry is present in the tree.

This is enough to support MPATH and route cache invalidation.

ok bluhm@

Do not manually decrement rt's refcounter in nd6_lookup() and let the
callers rtfree(9) it.

Inputs and ok bluhm@

if_put after if_get for in6_src and ip6_output which got a lot easier after
all the cleanup by mpi@ since we no longer overwrite ifps, etc. OK dlg@

Rewrite in6_selectroute() to no longer return an ifp.

The returned "struct rtentry" is either the cached one or the one passed
in options.

ok claudio@

Move the multicast option parsing out of in6_selectroute().

ok claudio@

Kill selectroute().

ok claudio@

in6_embedscope() needs to lose some weight. Remove the last argument.
In all but two calls NULL is passed and in the other 2 cases the ifp
is only used to maybe feed it to in6_selecthlim() to select the hoplimit
for the link. Since in6_embedscope() only works on link-local addresses
it does not matter what hop limit we select since the destination is
directly reachable.
OK florian@ mpi@

It is time to put inet6 on a diet. Use the flensing knife and cut out
the 3rd argument of in6_recoverscope() and make it return void.
OK dlg@ mikeb@

Revert (again!) the two uses of rtisvalid(9), they break NFS!

Found the hardway by naddy@

Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).

This introduces a behavior change as we now reject !RTF_UP routes to
output packets. This stricter check exposed a bug in the setup of
new routes and was the reason for the previous revert. This should
be now fixed by r1.229 of sys/net/route.c .

ok bluhm@

Revert the two uses of rtisvalid(9) for the moment, it breaks dhclient(8)
configured networks on RAMDISK kernels.

The problem is that the default route installed by dhclient(8) does not
have the RTF_UP flag in this environement and rtisvalid(9) doesn't allow
you to use a RTF_DOWN route.

Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).

ok bluhm@

More damned eye searing whitespace. No change to .o files.

Use an interface index instead of a pointer for multicast options.

Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.

Prevent a fault upon resume reported by frantisek holop, thanks!

ok mikeb@, claudio@

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

Rename rtalloc1() into rtalloc(9) and convert its flags to only enable
functionnality instead of a mix of enable/disable.

ok bluhm@, jca@

Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and
kill the macro.

ok mikeb@, henning@

Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer
rely on "struct route" that should die.

ok claudio@

Fewer <netinet/in_systm.h> !

Do not include <sys/malloc.h> where it is not needed.

we'll do fine without casting NULL to struct foo * / void *
ok gcc & md5 (alas, no binary change)

Invert the signature logic of in{,6}_selectsrc, make them return the
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@

Retire kernel support for SO_DONTROUTE, this time without breaking
localhost connections.

The plan is to always use the routing table for addresses and routes
resolutions, so there is no future for an option that wants to bypass
it. This option has never been implemented for IPv6 anyway, so let's
just remove the IPv4 bits that you weren't aware of.

Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@

revert "Retire kernel support for SO_DONTROUTE" diff, which does bad things
for localhost connections. discussed with deraadt@

Retire kernel support for SO_DONTROUTE, since the plan is to always
use the routing table there's no future for an option that wants to
bypass it. This option has never been implemented for IPv6 anyway,
so let's just remove the IPv4 bits that you weren't aware of.

Tested by florian@, man pages inputs from jmc@, ok benno@

ANSIfy a declaration, no object change.

Propagate an rdomain number to the nd6_lookup independently from
the ifp pointer which can be NULL. This prevents a crash reported
by David Hill <dhill at mindcry ! org>. OK bluhm

Replace most of our formating functions to convert IPv4/6 addresses from
network to presentation format to inet_ntop().

The few remaining functions will be soon converted.

ok mikeb@, deraadt@ and moral support from henning@

Back when some NRL code was merged into KAME to create the *BSD IPV6
stack (factoid: by a bunch of people in my living room), some compatibility
#define's were created to shim incompatible inpcb access methods. There
was an understanding they would eventually be removed. Since they are
error prone, and 1999 is a long time ago, now they die.
ok mikeb claudio mpi

Sprinkle a lot more IPv6 routing domains support in the kernel.

Mostly mechanical, setting and passing the rdomain and rtable correctly.
Not yet enabled.

Lots of help and hints from claudio and bluhm

OK claudio@, bluhm@

The header file netinet/in_var.h included netinet6/in6_var.h. This
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@

Remove a bunch of sockaddr_in6 pointer casts and replace others
with sin6tosa() or satosin6() inline functions. This allows the
compiler to check the types more strictly.
OK mpi@

no need for a lot of code to include proc.h

Unfortunately the satosin, sintosa, ifatoia, satosin6, sin6tosa,
ifatoia6 macros do not check the source type. They just cast
anything. Remove needless casts and do not use those macros if the
source type does not match. Remove duplicate defines.
No binary change. OK kettenis@ krw@

Introduce if_get() to retrieve an interface descriptor pointer given
an interface index and replace all the redondant checks and accesses
to a global array by a call to this function.

With imputs from and ok bluhm@, mikeb@

Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro.
No binary change.
OK claudio@

rdomain support for IPv6
ok mikeb

Several fixes for the IPV6_PKTINFO handling with sendmsg(2)

Verify that the address in the in6_pktinfo structure included
in the control message is unicast and configured on the local
host. Additional checks prevent from using non-routable
addresses and inactive interfaces.

Embed the scope identifier into the link local addresses as
required by the stack. Do not force users to provide valid
interface index in the ipi6_ifindex but look it up in place
if needed.

ok bluhm, waived by deraadt for the release.

Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1
accept flags for report and nocloning. Move the rtableid into struct route
(with a minor twist for now) and make a few more codepathes rdomain aware.
Appart from the pf.c and route.c bits the diff is mostly mechanical.
More to come...
OK michele, henning

More destatic and ansification.

ok claudio@ naddy@

When accessing cached routes make sure the route is actually still valid.
Before accessing a ro_rt make sure the route is either freshly allocated or
RTF_UP is set. If not ro_rt should be freed and reallocated or at least no
info from the ro_rt should be considered valid.
This seems to solve the crashes seen by Felipe Alfaro Solana.
some sort of OK dlg@

de-__P. noted by Dries Schellekens

switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542).
the kernel still handles RFC2292 set/getsockopts, so that compiled binary
has no trouble running. userland sees RFC3542 symbols only on header file
so new code has to use RFC3542 API.

bump libc shlib minor for function additions.

tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.

change semantics of ff01::/16 to interface local multicast
(to sync up with more recent IPv6 spec)

ok from: deraadt mcbride

Add support for equal-cost multipath IP.

To minimise path disruptions, this implements recommendations made in RFC2992 -
the hash-threshold mechanism to select paths based on source/destination IP
address pairs, and inserts multipath routes in the middle of the route table.

To enable multipath distribution, use:
sysctl net.inet.ip.multipath=1
and/or:
sysctl net.inet6.ip6.multipath=1

testing norby@
ok claudio@ henning@ hshoexer@

adjust functions dealing with the routing table to take a table ID as
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer

sin6_scope_id maps to interface indices for link local addresses only!
(unlikely to be used with other scopes for now, but we should be
correct anyway)

From drochner NetBSD

ok deraadt@

use if_indexlim (instead of if_index) and ifindex2ifnet[x] != NULL
to check if interface exists, as (1) if_index will have different meaning
(2) ifindex2ifnet could become NULL when interface gets destroyed,
when we introduce dynamically-created interfaces. markus ok

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

KNF - return is not a function. sync w/kame

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

rm obsolete comment

branches: 1.11.6;
enable FAKE_LOOPBACK_IF case by default.
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).

fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).

sync with kame.

amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only).
add in6_clearscope. sync better with kame

allow changing number of loopbacks in ukc.
change rest of the code to use lo0ifp pointing
to the corresponding struct ifnet.
itojun@ and niklas@ ok

correct in6_recoverscope() for multicast loopback case.

lookup routing table for multicast too, to allow scoped IPv6 multicast
to go out of the node. "ping6 ff02::1%wi0" will work fine with this
(and should correct route6d behavior too)

this is major issue for IPv6. i think this needs to become an erratta entry.
sorry about this.

don't panic even if in6p == NULL.
(this should have been there with tcp_ident change... sorry)

allow link-local IPv6 addres in in6_pcbbind.

branches: 1.4.2;
bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)

branches: 1.3.2;
fix include file path related to ip6.

Remove remaining unnecessary ifdefs (itojun will hate me for this :-)

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

revert "Combine route_cache() and rtalloc_mpath() in new route_mpath()"

It breaks NFS.

ok claudio@

Combine route_cache() and rtalloc_mpath() in new route_mpath().

Fill and check the cache and call rtalloc_mpath() together. Then
the caller of route_mpath() does not have to care about the uint32_t
*src pointer and just pass struct in_addr. All the conversions are
done inside the functions. ro->ro_rt is either valid or NULL. Note
that some places have a stricter rtisvalid() now compared to the
previous NULL check.

OK claudio@

Make the route cache aware of multipath routing.

Pass source address to route_cache() and store it in struct route.
Cached multipath routes are only valid if source address matches.
If sysctl multipath changes, increase route generation number.

OK claudio@

Merge struct route and struct route_in6.

Use a common struct route for both inet and inet6. Unfortunately
struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has
to be exposed from net/route.h. Struct route has to be bsd visible
for userland as netstat kvm code inspects inp_route. Internet PCB
and TCP SYN cache can use a plain struct route now. All specific
sockaddr types for inet and inet6 are embeded there.

OK claudio@

Route cache function returns hit or miss.

The route_cache() function can easily return whether it was a cache
hit or miss. Then the logic to perform a route lookup gets a bit
simpler. Some more complicated if (ro->ro_rt == NULL) checks still
exist elsewhere.
Also use route cache in in_pcbselsrc() instead of filling struct
route manually.

OK claudio@

Use the route generation number also for IPv6.

Implement route6_cache() to check whether the cached route is still
valid and otherwise fill caching parameter of struct route_in6.
Also count cache hits and misses in netstat. in_pcbrtentry() uses
route cache now.

OK claudio@

Convert some struct inpcb parameter to const pointer.

OK millert@

Use inpcb table mutex to set addresses.

Protect all remaining write access to inp_faddr and inp_laddr with
inpcb table mutex. Document inpcb locking for foreign and local
address and port and routing table id. Reading will be made MP
safe by adding per socket rw-locks in a next step.

OK sashan@ mvs@

Rename all in6p local variables to inp.

There exists no struct in6pcb in OpenBSD, this was an old kame idea.
Calling the local variable in6p does not make sense, it is actually
a struct inpcb. Also in6p is not used consistently in inet6 code.
Having the same convention for IPv4 and IPv6 is less confusing.

OK sashan@ mvs@

Make internet PCB connect more consistent.

The public interface is in_pcbconnect(). It dispatches to
in6_pcbconnect() if necessary. Call the former from tcp_connect()
and udp_connect().
In in6_pcbconnect() initialization in6a = NULL is not necessary.
in6_pcbselsrc() sets the pointer, but does not read the value.
Pass a constant in6_addr pointer to in6_pcbselsrc() and in6_selectsrc().
It returns a reference to the address of some internal data structure.
We want to be sure that in6_addr is not modified this way. IPv4
in_pcbselsrc() solves this by passing a copy of the address.

OK kn@ sashan@ mvs@

Remove struct inpcb from in6_embedscope() parameters.

rip6_output() did modify inp_outputopts6 temporarily to provide
different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6
and inp_moptions6 as separate arguments to in6_embedscope().
Simplify the code that deals with these options in in6_embedscope().
Doucument inp_moptions and inp_moptions6 as protected by net lock.

OK kn@

Delete unnecessary #includes of <sys/domain.h> and/or <sys/protosw.h>

net/if_pppx.c pointed out by jsg@
ok gnezdo@ deraadt@ jsg@ mpi@ millert@

spelling

ok gnezdo@ semarie@ mpi@

Rework source IP address setting.

- Move most of the processing out of rtable.c (reasonnable tb@, ok bluhm@)
- Remove memory allocation, store pointer to existing ifaddr
- Fix tunnel interface handling

looks fine mpi@

Replace wrong cast with satosin.

Advised by bluhm@

Add feature to force the selection of source IP address

Based/previous work on an idea from deraadt@
Input from claudio@, djm@, deraadt@, sthen@

OK deraadt@

Rremoves 'struct route_in6 *' argument from in6_selectsrc().

Move the corresponding code in in6_pcbselsrc(). This reduces
differences with IPv4 and will help us to get rid of 'struct route*'.

ok vgross@

in6_selectroute should never get a valid struct route * filled with something
else than AF_INET6.

Ok florian@

Commit in6_selectsrc() split again, with missing assignment fixed.

Revert in_selectsrc() refactoring, it breaks IPv6.

Reported by Heiko on bugs@.

ok stsp@, claudio@

Split in6_selectsrc() into a low-level part and a pcb-level part, and
convert in_selectsrc() prototype to match.

Ok bluhm@ mpi@.

Expand IN6_IFF_NOTREADY, ok bluhm@

Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magic
addresses set on p2p interfaces.

Found the hardway by naddy@

Use ``rt_addr'' rather than ``rt_ifa'' to get the source address
corresponding to a route.

ok florian@ on a previous version, input and ok bluhm@

Kill outdated comment. Reading the code is enough.

ok sthen@ bluhm@

Remove useless "if() else", multicast and unicast v6 route lookups are
actually the same. This has been introduced in r1.7 to prevent RTM_MISS
storms, but we don't send this message anymore.

ok @mpi

Kill the RT_REPORT flag to rtalloc() and stop sending RTM_MISS messages
for failed route lookups. This is something that was maybe useful in the
90is but in this modern times it is just annoying and nothing expect it
anyway. OK mpi@, sthen@

Remove IPV6_NEXTHOP implementation. Source routing is considered to be
a bad idea these days.
kill it mpi@
general agreement in the network hackers room at u2k15

Use the "modern" way to check if a route entry correspond to a local
address.

Fix a regression introduced when removing the lo0 hack.

ok florian@

Convert to rt_ifidx.

ok bluhm@

Ignore Router Advertisment's current hop limit.

Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.

Imputs from bluhm@, ok phessler@, florian@, bluhm@

Convert some if_ref() to if_get().

ok claudio@

Use rt_ifp instead of rt_ifa->ifa_ifp.

ok bluhm@

Stop checking for RTF_UP directly, call rtisvalid(9) instead.

While here add two missing ``rtableid'' checks in in6_selectsrc().

ok bluhm@

Use rtisivalid(9) to check if the given (cached) route can be used.

Note that after calling rtalloc(9) we only check if a route has been
returned or not and do not check for its validity. This cannot be
improved without a massive refactoring.

The kernel currently *do* use !RTF_UP route due to a mismatch between
the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code.

I'd explain the RTF_UP flag as follow:

. If a cached route entry w/o RTF_UP is passed to ip{6,}_output(),
. call rtalloc(9) to see if a better entry is present in the tree.

This is enough to support MPATH and route cache invalidation.

ok bluhm@

Do not manually decrement rt's refcounter in nd6_lookup() and let the
callers rtfree(9) it.

Inputs and ok bluhm@

if_put after if_get for in6_src and ip6_output which got a lot easier after
all the cleanup by mpi@ since we no longer overwrite ifps, etc. OK dlg@

Rewrite in6_selectroute() to no longer return an ifp.

The returned "struct rtentry" is either the cached one or the one passed
in options.

ok claudio@

Move the multicast option parsing out of in6_selectroute().

ok claudio@

Kill selectroute().

ok claudio@

in6_embedscope() needs to lose some weight. Remove the last argument.
In all but two calls NULL is passed and in the other 2 cases the ifp
is only used to maybe feed it to in6_selecthlim() to select the hoplimit
for the link. Since in6_embedscope() only works on link-local addresses
it does not matter what hop limit we select since the destination is
directly reachable.
OK florian@ mpi@

It is time to put inet6 on a diet. Use the flensing knife and cut out
the 3rd argument of in6_recoverscope() and make it return void.
OK dlg@ mikeb@

Revert (again!) the two uses of rtisvalid(9), they break NFS!

Found the hardway by naddy@

Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).

This introduces a behavior change as we now reject !RTF_UP routes to
output packets. This stricter check exposed a bug in the setup of
new routes and was the reason for the previous revert. This should
be now fixed by r1.229 of sys/net/route.c .

ok bluhm@

Revert the two uses of rtisvalid(9) for the moment, it breaks dhclient(8)
configured networks on RAMDISK kernels.

The problem is that the default route installed by dhclient(8) does not
have the RTF_UP flag in this environement and rtisvalid(9) doesn't allow
you to use a RTF_DOWN route.

Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).

ok bluhm@

More damned eye searing whitespace. No change to .o files.

Use an interface index instead of a pointer for multicast options.

Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.

Prevent a fault upon resume reported by frantisek holop, thanks!

ok mikeb@, claudio@

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

Rename rtalloc1() into rtalloc(9) and convert its flags to only enable
functionnality instead of a mix of enable/disable.

ok bluhm@, jca@

Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and
kill the macro.

ok mikeb@, henning@

Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer
rely on "struct route" that should die.

ok claudio@

Fewer <netinet/in_systm.h> !

Do not include <sys/malloc.h> where it is not needed.

we'll do fine without casting NULL to struct foo * / void *
ok gcc & md5 (alas, no binary change)

Invert the signature logic of in{,6}_selectsrc, make them return the
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@

Retire kernel support for SO_DONTROUTE, this time without breaking
localhost connections.

The plan is to always use the routing table for addresses and routes
resolutions, so there is no future for an option that wants to bypass
it. This option has never been implemented for IPv6 anyway, so let's
just remove the IPv4 bits that you weren't aware of.

Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@

revert "Retire kernel support for SO_DONTROUTE" diff, which does bad things
for localhost connections. discussed with deraadt@

Retire kernel support for SO_DONTROUTE, since the plan is to always
use the routing table there's no future for an option that wants to
bypass it. This option has never been implemented for IPv6 anyway,
so let's just remove the IPv4 bits that you weren't aware of.

Tested by florian@, man pages inputs from jmc@, ok benno@

ANSIfy a declaration, no object change.

Propagate an rdomain number to the nd6_lookup independently from
the ifp pointer which can be NULL. This prevents a crash reported
by David Hill <dhill at mindcry ! org>. OK bluhm

Replace most of our formating functions to convert IPv4/6 addresses from
network to presentation format to inet_ntop().

The few remaining functions will be soon converted.

ok mikeb@, deraadt@ and moral support from henning@

Back when some NRL code was merged into KAME to create the *BSD IPV6
stack (factoid: by a bunch of people in my living room), some compatibility
#define's were created to shim incompatible inpcb access methods. There
was an understanding they would eventually be removed. Since they are
error prone, and 1999 is a long time ago, now they die.
ok mikeb claudio mpi

Sprinkle a lot more IPv6 routing domains support in the kernel.

Mostly mechanical, setting and passing the rdomain and rtable correctly.
Not yet enabled.

Lots of help and hints from claudio and bluhm

OK claudio@, bluhm@

The header file netinet/in_var.h included netinet6/in6_var.h. This
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@

Remove a bunch of sockaddr_in6 pointer casts and replace others
with sin6tosa() or satosin6() inline functions. This allows the
compiler to check the types more strictly.
OK mpi@

no need for a lot of code to include proc.h

Unfortunately the satosin, sintosa, ifatoia, satosin6, sin6tosa,
ifatoia6 macros do not check the source type. They just cast
anything. Remove needless casts and do not use those macros if the
source type does not match. Remove duplicate defines.
No binary change. OK kettenis@ krw@

Introduce if_get() to retrieve an interface descriptor pointer given
an interface index and replace all the redondant checks and accesses
to a global array by a call to this function.

With imputs from and ok bluhm@, mikeb@

Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro.
No binary change.
OK claudio@

rdomain support for IPv6
ok mikeb

Several fixes for the IPV6_PKTINFO handling with sendmsg(2)

Verify that the address in the in6_pktinfo structure included
in the control message is unicast and configured on the local
host. Additional checks prevent from using non-routable
addresses and inactive interfaces.

Embed the scope identifier into the link local addresses as
required by the stack. Do not force users to provide valid
interface index in the ipi6_ifindex but look it up in place
if needed.

ok bluhm, waived by deraadt for the release.

Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1
accept flags for report and nocloning. Move the rtableid into struct route
(with a minor twist for now) and make a few more codepathes rdomain aware.
Appart from the pf.c and route.c bits the diff is mostly mechanical.
More to come...
OK michele, henning

More destatic and ansification.

ok claudio@ naddy@

When accessing cached routes make sure the route is actually still valid.
Before accessing a ro_rt make sure the route is either freshly allocated or
RTF_UP is set. If not ro_rt should be freed and reallocated or at least no
info from the ro_rt should be considered valid.
This seems to solve the crashes seen by Felipe Alfaro Solana.
some sort of OK dlg@

de-__P. noted by Dries Schellekens

switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542).
the kernel still handles RFC2292 set/getsockopts, so that compiled binary
has no trouble running. userland sees RFC3542 symbols only on header file
so new code has to use RFC3542 API.

bump libc shlib minor for function additions.

tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.

change semantics of ff01::/16 to interface local multicast
(to sync up with more recent IPv6 spec)

ok from: deraadt mcbride

Add support for equal-cost multipath IP.

To minimise path disruptions, this implements recommendations made in RFC2992 -
the hash-threshold mechanism to select paths based on source/destination IP
address pairs, and inserts multipath routes in the middle of the route table.

To enable multipath distribution, use:
sysctl net.inet.ip.multipath=1
and/or:
sysctl net.inet6.ip6.multipath=1

testing norby@
ok claudio@ henning@ hshoexer@

adjust functions dealing with the routing table to take a table ID as
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer

sin6_scope_id maps to interface indices for link local addresses only!
(unlikely to be used with other scopes for now, but we should be
correct anyway)

From drochner NetBSD

ok deraadt@

use if_indexlim (instead of if_index) and ifindex2ifnet[x] != NULL
to check if interface exists, as (1) if_index will have different meaning
(2) ifindex2ifnet could become NULL when interface gets destroyed,
when we introduce dynamically-created interfaces. markus ok

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

KNF - return is not a function. sync w/kame

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

rm obsolete comment

branches: 1.11.6;
enable FAKE_LOOPBACK_IF case by default.
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).

fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).

sync with kame.

amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only).
add in6_clearscope. sync better with kame

allow changing number of loopbacks in ukc.
change rest of the code to use lo0ifp pointing
to the corresponding struct ifnet.
itojun@ and niklas@ ok

correct in6_recoverscope() for multicast loopback case.

lookup routing table for multicast too, to allow scoped IPv6 multicast
to go out of the node. "ping6 ff02::1%wi0" will work fine with this
(and should correct route6d behavior too)

this is major issue for IPv6. i think this needs to become an erratta entry.
sorry about this.

don't panic even if in6p == NULL.
(this should have been there with tcp_ident change... sorry)

allow link-local IPv6 addres in in6_pcbbind.

branches: 1.4.2;
bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)

branches: 1.3.2;
fix include file path related to ip6.

Remove remaining unnecessary ifdefs (itojun will hate me for this :-)

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

Combine route_cache() and rtalloc_mpath() in new route_mpath().

Fill and check the cache and call rtalloc_mpath() together. Then
the caller of route_mpath() does not have to care about the uint32_t
*src pointer and just pass struct in_addr. All the conversions are
done inside the functions. ro->ro_rt is either valid or NULL. Note
that some places have a stricter rtisvalid() now compared to the
previous NULL check.

OK claudio@

Make the route cache aware of multipath routing.

Pass source address to route_cache() and store it in struct route.
Cached multipath routes are only valid if source address matches.
If sysctl multipath changes, increase route generation number.

OK claudio@

Merge struct route and struct route_in6.

Use a common struct route for both inet and inet6. Unfortunately
struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has
to be exposed from net/route.h. Struct route has to be bsd visible
for userland as netstat kvm code inspects inp_route. Internet PCB
and TCP SYN cache can use a plain struct route now. All specific
sockaddr types for inet and inet6 are embeded there.

OK claudio@

Route cache function returns hit or miss.

The route_cache() function can easily return whether it was a cache
hit or miss. Then the logic to perform a route lookup gets a bit
simpler. Some more complicated if (ro->ro_rt == NULL) checks still
exist elsewhere.
Also use route cache in in_pcbselsrc() instead of filling struct
route manually.

OK claudio@

Use the route generation number also for IPv6.

Implement route6_cache() to check whether the cached route is still
valid and otherwise fill caching parameter of struct route_in6.
Also count cache hits and misses in netstat. in_pcbrtentry() uses
route cache now.

OK claudio@

Convert some struct inpcb parameter to const pointer.

OK millert@

Use inpcb table mutex to set addresses.

Protect all remaining write access to inp_faddr and inp_laddr with
inpcb table mutex. Document inpcb locking for foreign and local
address and port and routing table id. Reading will be made MP
safe by adding per socket rw-locks in a next step.

OK sashan@ mvs@

Rename all in6p local variables to inp.

There exists no struct in6pcb in OpenBSD, this was an old kame idea.
Calling the local variable in6p does not make sense, it is actually
a struct inpcb. Also in6p is not used consistently in inet6 code.
Having the same convention for IPv4 and IPv6 is less confusing.

OK sashan@ mvs@

Make internet PCB connect more consistent.

The public interface is in_pcbconnect(). It dispatches to
in6_pcbconnect() if necessary. Call the former from tcp_connect()
and udp_connect().
In in6_pcbconnect() initialization in6a = NULL is not necessary.
in6_pcbselsrc() sets the pointer, but does not read the value.
Pass a constant in6_addr pointer to in6_pcbselsrc() and in6_selectsrc().
It returns a reference to the address of some internal data structure.
We want to be sure that in6_addr is not modified this way. IPv4
in_pcbselsrc() solves this by passing a copy of the address.

OK kn@ sashan@ mvs@

Remove struct inpcb from in6_embedscope() parameters.

rip6_output() did modify inp_outputopts6 temporarily to provide
different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6
and inp_moptions6 as separate arguments to in6_embedscope().
Simplify the code that deals with these options in in6_embedscope().
Doucument inp_moptions and inp_moptions6 as protected by net lock.

OK kn@

Delete unnecessary #includes of <sys/domain.h> and/or <sys/protosw.h>

net/if_pppx.c pointed out by jsg@
ok gnezdo@ deraadt@ jsg@ mpi@ millert@

spelling

ok gnezdo@ semarie@ mpi@

Rework source IP address setting.

- Move most of the processing out of rtable.c (reasonnable tb@, ok bluhm@)
- Remove memory allocation, store pointer to existing ifaddr
- Fix tunnel interface handling

looks fine mpi@

Replace wrong cast with satosin.

Advised by bluhm@

Add feature to force the selection of source IP address

Based/previous work on an idea from deraadt@
Input from claudio@, djm@, deraadt@, sthen@

OK deraadt@

Rremoves 'struct route_in6 *' argument from in6_selectsrc().

Move the corresponding code in in6_pcbselsrc(). This reduces
differences with IPv4 and will help us to get rid of 'struct route*'.

ok vgross@

in6_selectroute should never get a valid struct route * filled with something
else than AF_INET6.

Ok florian@

Commit in6_selectsrc() split again, with missing assignment fixed.

Revert in_selectsrc() refactoring, it breaks IPv6.

Reported by Heiko on bugs@.

ok stsp@, claudio@

Split in6_selectsrc() into a low-level part and a pcb-level part, and
convert in_selectsrc() prototype to match.

Ok bluhm@ mpi@.

Expand IN6_IFF_NOTREADY, ok bluhm@

Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magic
addresses set on p2p interfaces.

Found the hardway by naddy@

Use ``rt_addr'' rather than ``rt_ifa'' to get the source address
corresponding to a route.

ok florian@ on a previous version, input and ok bluhm@

Kill outdated comment. Reading the code is enough.

ok sthen@ bluhm@

Remove useless "if() else", multicast and unicast v6 route lookups are
actually the same. This has been introduced in r1.7 to prevent RTM_MISS
storms, but we don't send this message anymore.

ok @mpi

Kill the RT_REPORT flag to rtalloc() and stop sending RTM_MISS messages
for failed route lookups. This is something that was maybe useful in the
90is but in this modern times it is just annoying and nothing expect it
anyway. OK mpi@, sthen@

Remove IPV6_NEXTHOP implementation. Source routing is considered to be
a bad idea these days.
kill it mpi@
general agreement in the network hackers room at u2k15

Use the "modern" way to check if a route entry correspond to a local
address.

Fix a regression introduced when removing the lo0 hack.

ok florian@

Convert to rt_ifidx.

ok bluhm@

Ignore Router Advertisment's current hop limit.

Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.

Imputs from bluhm@, ok phessler@, florian@, bluhm@

Convert some if_ref() to if_get().

ok claudio@

Use rt_ifp instead of rt_ifa->ifa_ifp.

ok bluhm@

Stop checking for RTF_UP directly, call rtisvalid(9) instead.

While here add two missing ``rtableid'' checks in in6_selectsrc().

ok bluhm@

Use rtisivalid(9) to check if the given (cached) route can be used.

Note that after calling rtalloc(9) we only check if a route has been
returned or not and do not check for its validity. This cannot be
improved without a massive refactoring.

The kernel currently *do* use !RTF_UP route due to a mismatch between
the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code.

I'd explain the RTF_UP flag as follow:

. If a cached route entry w/o RTF_UP is passed to ip{6,}_output(),
. call rtalloc(9) to see if a better entry is present in the tree.

This is enough to support MPATH and route cache invalidation.

ok bluhm@

Do not manually decrement rt's refcounter in nd6_lookup() and let the
callers rtfree(9) it.

Inputs and ok bluhm@

if_put after if_get for in6_src and ip6_output which got a lot easier after
all the cleanup by mpi@ since we no longer overwrite ifps, etc. OK dlg@

Rewrite in6_selectroute() to no longer return an ifp.

The returned "struct rtentry" is either the cached one or the one passed
in options.

ok claudio@

Move the multicast option parsing out of in6_selectroute().

ok claudio@

Kill selectroute().

ok claudio@

in6_embedscope() needs to lose some weight. Remove the last argument.
In all but two calls NULL is passed and in the other 2 cases the ifp
is only used to maybe feed it to in6_selecthlim() to select the hoplimit
for the link. Since in6_embedscope() only works on link-local addresses
it does not matter what hop limit we select since the destination is
directly reachable.
OK florian@ mpi@

It is time to put inet6 on a diet. Use the flensing knife and cut out
the 3rd argument of in6_recoverscope() and make it return void.
OK dlg@ mikeb@

Revert (again!) the two uses of rtisvalid(9), they break NFS!

Found the hardway by naddy@

Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).

This introduces a behavior change as we now reject !RTF_UP routes to
output packets. This stricter check exposed a bug in the setup of
new routes and was the reason for the previous revert. This should
be now fixed by r1.229 of sys/net/route.c .

ok bluhm@

Revert the two uses of rtisvalid(9) for the moment, it breaks dhclient(8)
configured networks on RAMDISK kernels.

The problem is that the default route installed by dhclient(8) does not
have the RTF_UP flag in this environement and rtisvalid(9) doesn't allow
you to use a RTF_DOWN route.

Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).

ok bluhm@

More damned eye searing whitespace. No change to .o files.

Use an interface index instead of a pointer for multicast options.

Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.

Prevent a fault upon resume reported by frantisek holop, thanks!

ok mikeb@, claudio@

Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.

ok mikeb@, krw@, bluhm@, tedu@

Rename rtalloc1() into rtalloc(9) and convert its flags to only enable
functionnality instead of a mix of enable/disable.

ok bluhm@, jca@

Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and
kill the macro.

ok mikeb@, henning@

Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer
rely on "struct route" that should die.

ok claudio@

Fewer <netinet/in_systm.h> !

Do not include <sys/malloc.h> where it is not needed.

we'll do fine without casting NULL to struct foo * / void *
ok gcc & md5 (alas, no binary change)

Invert the signature logic of in{,6}_selectsrc, make them return the
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@

Retire kernel support for SO_DONTROUTE, this time without breaking
localhost connections.

The plan is to always use the routing table for addresses and routes
resolutions, so there is no future for an option that wants to bypass
it. This option has never been implemented for IPv6 anyway, so let's
just remove the IPv4 bits that you weren't aware of.

Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@

revert "Retire kernel support for SO_DONTROUTE" diff, which does bad things
for localhost connections. discussed with deraadt@

Retire kernel support for SO_DONTROUTE, since the plan is to always
use the routing table there's no future for an option that wants to
bypass it. This option has never been implemented for IPv6 anyway,
so let's just remove the IPv4 bits that you weren't aware of.

Tested by florian@, man pages inputs from jmc@, ok benno@

ANSIfy a declaration, no object change.

Propagate an rdomain number to the nd6_lookup independently from
the ifp pointer which can be NULL. This prevents a crash reported
by David Hill <dhill at mindcry ! org>. OK bluhm

Replace most of our formating functions to convert IPv4/6 addresses from
network to presentation format to inet_ntop().

The few remaining functions will be soon converted.

ok mikeb@, deraadt@ and moral support from henning@

Back when some NRL code was merged into KAME to create the *BSD IPV6
stack (factoid: by a bunch of people in my living room), some compatibility
#define's were created to shim incompatible inpcb access methods. There
was an understanding they would eventually be removed. Since they are
error prone, and 1999 is a long time ago, now they die.
ok mikeb claudio mpi

Sprinkle a lot more IPv6 routing domains support in the kernel.

Mostly mechanical, setting and passing the rdomain and rtable correctly.
Not yet enabled.

Lots of help and hints from claudio and bluhm

OK claudio@, bluhm@

The header file netinet/in_var.h included netinet6/in6_var.h. This
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@

Remove a bunch of sockaddr_in6 pointer casts and replace others
with sin6tosa() or satosin6() inline functions. This allows the
compiler to check the types more strictly.
OK mpi@

no need for a lot of code to include proc.h

Unfortunately the satosin, sintosa, ifatoia, satosin6, sin6tosa,
ifatoia6 macros do not check the source type. They just cast
anything. Remove needless casts and do not use those macros if the
source type does not match. Remove duplicate defines.
No binary change. OK kettenis@ krw@

Introduce if_get() to retrieve an interface descriptor pointer given
an interface index and replace all the redondant checks and accesses
to a global array by a call to this function.

With imputs from and ok bluhm@, mikeb@

Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro.
No binary change.
OK claudio@

rdomain support for IPv6
ok mikeb

Several fixes for the IPV6_PKTINFO handling with sendmsg(2)

Verify that the address in the in6_pktinfo structure included
in the control message is unicast and configured on the local
host. Additional checks prevent from using non-routable
addresses and inactive interfaces.

Embed the scope identifier into the link local addresses as
required by the stack. Do not force users to provide valid
interface index in the ipi6_ifindex but look it up in place
if needed.

ok bluhm, waived by deraadt for the release.

Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1
accept flags for report and nocloning. Move the rtableid into struct route
(with a minor twist for now) and make a few more codepathes rdomain aware.
Appart from the pf.c and route.c bits the diff is mostly mechanical.
More to come...
OK michele, henning

More destatic and ansification.

ok claudio@ naddy@

When accessing cached routes make sure the route is actually still valid.
Before accessing a ro_rt make sure the route is either freshly allocated or
RTF_UP is set. If not ro_rt should be freed and reallocated or at least no
info from the ro_rt should be considered valid.
This seems to solve the crashes seen by Felipe Alfaro Solana.
some sort of OK dlg@

de-__P. noted by Dries Schellekens

switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542).
the kernel still handles RFC2292 set/getsockopts, so that compiled binary
has no trouble running. userland sees RFC3542 symbols only on header file
so new code has to use RFC3542 API.

bump libc shlib minor for function additions.

tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.

change semantics of ff01::/16 to interface local multicast
(to sync up with more recent IPv6 spec)

ok from: deraadt mcbride

Add support for equal-cost multipath IP.

To minimise path disruptions, this implements recommendations made in RFC2992 -
the hash-threshold mechanism to select paths based on source/destination IP
address pairs, and inserts multipath routes in the middle of the route table.

To enable multipath distribution, use:
sysctl net.inet.ip.multipath=1
and/or:
sysctl net.inet6.ip6.multipath=1

testing norby@
ok claudio@ henning@ hshoexer@

adjust functions dealing with the routing table to take a table ID as
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer

sin6_scope_id maps to interface indices for link local addresses only!
(unlikely to be used with other scopes for now, but we should be
correct anyway)

From drochner NetBSD

ok deraadt@

use if_indexlim (instead of if_index) and ifindex2ifnet[x] != NULL
to check if interface exists, as (1) if_index will have different meaning
(2) ifindex2ifnet could become NULL when interface gets destroyed,
when we introduce dynamically-created interfaces. markus ok

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

KNF - return is not a function. sync w/kame

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

rm obsolete comment

branches: 1.11.6;
enable FAKE_LOOPBACK_IF case by default.
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).

fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).

sync with kame.

amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only).
add in6_clearscope. sync better with kame

allow changing number of loopbacks in ukc.
change rest of the code to use lo0ifp pointing
to the corresponding struct ifnet.
itojun@ and niklas@ ok

correct in6_recoverscope() for multicast loopback case.

lookup routing table for multicast too, to allow scoped IPv6 multicast
to go out of the node. "ping6 ff02::1%wi0" will work fine with this
(and should correct route6d behavior too)

this is major issue for IPv6. i think this needs to become an erratta entry.
sorry about this.

don't panic even if in6p == NULL.
(this should have been there with tcp_ident change... sorry)

allow link-local IPv6 addres in in6_pcbbind.

branches: 1.4.2;
bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)

branches: 1.3.2;
fix include file path related to ip6.

Remove remaining unnecessary ifdefs (itojun will hate me for this :-)

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

Make the route cache aware of multipath routing.

Pass source address to route_cache() and store it in struct route.
Cached multipath routes are only valid if source address matches.
If sysctl multipath changes, increase route generation number.

OK claudio@

Merge struct route and struct route_in6.

Use a common struct route for both inet and inet6. Unfortunately
struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has
to be exposed from net/route.h. Struct route has to be bsd visible
for userland as netstat kvm code inspects inp_route. Internet PCB
and TCP SYN cache can use a plain struct route now. All specific
sockaddr types for inet and inet6 are embeded there.

OK claudio@

Route cache function returns hit or miss.

The route_cache() function can easily return whether it was a cache
hit or miss. Then the logic to perform a route lookup gets a bit
simpler. Some more complicated if (ro->ro_rt == NULL) checks still
exist elsewhere.
Also use route cache in in_pcbselsrc() instead of filling struct
route manually.

OK claudio@

Use the route generation number also for IPv6.

Implement route6_cache() to check whether the cached route is still
valid and otherwise fill caching parameter of struct route_in6.
Also count cache hits and misses in netstat. in_pcbrtentry() uses
route cache now.

OK claudio@