Introduce a neighbor discovery mutex like ARP uses it. For now it
only protects nd6_list. It does not unlock ND6 from kernel lock
yet.
OK kn@

Call nd6_ns_output() without kernel lock from nd6_resolve().
OK kn@

ARP has a sysctl to show the number of packets waiting for an arp
response. Implement analog sysctl net.inet6.icmp6.nd6_queued for
ND6 to reduce places where mbufs can hide within the kernel.
Atomic operations operate on unsigned int. Make the type of total
hold queue length consistent.
Use atomic load to read the value for the sysctl. This clarifies
why no lock around sysctl_rdint() is needed.
OK mvs@ kn@

ARP has a queue of packets that should be sent after name resolution.
ND6 did only hold a single packet. Unify the logic and add a mbuf
hold queue to struct llinfo_nd6. This is MP safe and queue limits
are tracked with atomic operations. New function if_mqoutput() has
common code for ARP and ND6. ln_saddr6 holds the source address
of the requesting packet. That is easier than fiddling with mbuf
queue in nd6_ns_output().
OK kn@

Clean up struct nd_opts, use nd6_options() function local variables

nd_opts_search is really the next option, so call it next_opt.

nd_opts_done == 1 means next_opt == NULL, i.e. no more option to handle,
so zap the former and use the latter to stop.

Finally drop the useless struct members, all under _KERNEL.

OK claudio

Merge nd6_option_init() into nd6_options()

All call-sites call nd6_options() directly after nd6_option_init().
Fold them to simplify the logic and do less pointing around.

Feedback OK bluhm florian

Switch nd_opts from a union to just a struct.
The ND6 option handling in the kernel got a lot simpler since only
the tgt and src lladdr option are inspected by the kernel. The magic
of assigning options via one side of the union and accessing them
via the other is total overkill and actually quite error prone.
OK florian@

Do not store unused ICMPv6 Option PREFIX_INFORMATION

Dead since 2017 sys/netinet6/nd6_rtr.c r1.163
Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does
for, e.g., duplicate MTU options, so don't do anything with this option.

Remove access macros for other unused options while here.
Eventually, union nd_opts should be removed completely.
All under _KERNEL.

tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when
running this diff on both router and client.

OK claudio

Remove constant basereachable and retrans members from struct nd_ifinfo

Both are initalised with compile-time constants and never written to.

They are part of the Neighbour Discovery machinery and only surface
through the single-user SIOCGIFINFO_IN6:
$ ndp -i lo0
basereachable=30s0ms, reachable=39s, retrans=1s0ms

These values are read-only since 2017
sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
Remove knob and always do neighbor unreachable detection

Inline the macros (to keep meaningful names), shrink the per-interface
allocated struct nd_ifinfo to what is actually needed and inline
nd6_dad_starttimer()'s constant `msec' argument.

Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.

OK bluhm

Document struct nd_ifinfo protection, remove obsolete .initialized member

All access to struct ifnet's member *if_nd is read-only, with the one
write exception being nd6_slowtimo() updating ND information.

IPv6 Neighbour Discovery information is fully protected by the net lock.
---
nd6_ifattach() allocates and unconditionally initialises struct ifnet's
*if_nd member, so early in if_attachsetup() that there is no way to query
unitialised Neighour Unreachable Detection bits.

Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member:
Added/set since 2002 sys/netinet6/nd6.c r1.42
attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

Read since 2002 usr.sbin/ndp/ndp.c r1.16
use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.

Obsolete since 2017 sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
Remove knob and always do neighbor unreachable detection.

Feedback OK bluhm

Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37

Remove unused code manipulating a default interface and its index
This is a leftover from the on-link assumption behavior removal,
which has been deprecated by RFC4861 anyway.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45

Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Inline useless ND_IFINFO() macro

A single cast-free struct pointer dereference needs no indirection.
ND_IFINFO() is under _KERNEL.

OK mvs

Let nd6_if{at,de}tach() be void and take an ifp argument

Do it like the rest of at/detach routines which modify a struct ifnet
pointer without returning anything.

OK mvs

Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly

*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with
IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and
free single struct nd_ifinfo.

Set up a new ND-specific *if_nd member directly to avoid yet another
layer of indirection and thus make the generic domain API obsolete.

The per-interface data is only accessed in nd6.c and nd6_nbr.c through
the ND_IFINFO() macro; it is allocated and freed exactly once during
interface at/detach, so document it as [I]mmutable.

OK bluhm mvs claudio

Recommit previous "Remove useless struct in6_ifextra"

This was the right diff after all, I just confused myself between trees.

OK bluhm
---
Remove useless struct in6_ifextra

in6_var.h r1.75 removed all other struct members.

Now It only contains a single struct nd_ifinfo pointer, so address family
specific data might as well be just that.

ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is
no other usage of if_afdata[].

One allocation and unhelpful indirection less per interface.

All under _KERNEL.

OK claudio

Backout "Remove useless struct in6_ifextra" commit

I committed the wrong iteration of this diff, sorry for the noise.

Remove useless struct in6_ifextra

in6_var.h r1.75 removed all other struct members.

Now It only contains a single struct nd_ifinfo pointer, so address family
specific data might as well be just that.

ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is
no other usage of if_afdata[].

One allocation and unhelpful indirection less per interface.

All under _KERNEL.

OK claudio

Remove unused RS_LHCOOKIE macro

Added in 2014 110585f259f4974284e531f0a1e121b001a580dc
Move sending of router solicitations to the kernel; [...]
but never used.

Constify in6_addr pointer arguments in nd6_*() functions

All of them are passed to inspect/copy out fields, none of the functions
writes to the struct.

This makes it easier to argue about code (in MP context).

OK bluhm

Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()

Removed in 2015 and 2002, respectively.

OK claudio

Leftovers from florian's RS/NA purge from the kernel in 2017.

OK bluhm

Move ND6_PRIV_* constants from nd6.h to slaacd the only place where
they are used. Nobody in the wider eco system uses these.
While here reduce temporary address valid lifetime to 2 days as per
draft-ietf-6man-rfc4941bis. This should considerably reduce the amount
of addresses configured on an interface - a common complaint.
Original diff from Fernando Gont (fernando AT gont.com.ar), thanks!
Ports tree scanning by sthen@

Prevent recursions by not deleting entries inside rtable_walk(9).

rtable_walk(9) now passes a routing entry back to the caller when
a non zero value is returned and if it asked for it.
This allows us to call rtdeletemsg()/rtrequest_delete() from the
caller without creating a recursion because of rtflushclone().

Multicast code hasn't been adapted and is still possibly creating
recursions. However multicast route entries aren't cloned so if
a recursion exists it isn't because of rtflushclone().

Fix stack exhaustion triggered by the use of "-msave-args".

Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.

Use a single timer for all ND6 entries.

This prevents a use-after-free reported by Hrvoje Popovski where the
timeout function was already sleeping on the NET_LOCK() when ifconfig(8)
removed the enry from the table.

By iterating on a global list in the timeout routine we ensure that the
items are still valid when we process them. This also reduce differences
with ARP.

ok bluhm@, visa@

We are processing Router Solicitation / Advertisement messages only
for the Source Link-layer Address Options.
Merge nd6_rs_input() and nd6_ra_input() into one generic function that
does just that.

input & OK mpi

Remove knob and always do neighbor unreachable detection.

accept_rtadv doesn't do anything since some time.
OK mpi

We are no longer generating privacy addresses in the
kernel.
OK mpi

Stop running nd6_expire every second.
We know when pltime or vltime decrease to zero. Run nd6_expire then.
Input & OK mpi, bluhm

Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.

Pointed out by & OK mpi

Purging is at last at hand. Day of Doom is here. All that is evil
shall all be cleansed.

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Input & OK bluhm@, mpi@

Move nd6 timer initialisation to nd6_init() and call timeout_set()
only once during init.
OK mpi@

Remove multiple recursive splsoftnet().

ok bluhm@

Assert that prelist_update() is always called at IPL_SOFTNET.

While here use __func__ in debug strings to reduce noise when grepping.

store nd6 expiries in the route, not separately in the llinfo struct.

this makes it more consistent with arp, and makes expiries visible
via route(8) get as well as ndp(8).

ok mpi@ florian@

Kill nd6_output(), it doesn't do anything since the resolution logic
has been moved to nd6_resolve().

ok visa@, millert@, florian@, sthen@

Move ND resoluton logic from nd6_output() to nd6_storelladdr() and
rename it to nd6_resolve().

This allows us to get rid of non-Ethernet hacks by moving Ethernet
specific logic in the appropriate layer.

ok sthen@

make nd6_llinfo_settimer take seconds instead of ticks.

most callers are working in seconds, internally it uses seconds, and
you can call timeout_add_sec as easily as timeout_add.

this also fixes an issue with an nd_defrouter expire which was
incorrectly scaled with ticks in a comparison.

ok mpi@

remove code compensating for the "short" range of timeouts.

the nd6 code for managing expiries is never asked to handle intervals
greater than what timeouts can handle, so we dont need to overcompensate.

the code was also incorrect by using a long, which isnt that long
on ILP32 machines.

ok mpi@ millert@ benno@

Implement proxy ARP for ART based on mpath support.

Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.

ok bluhm@

Kill IPv6 prefix and router renumbering ioctls.

Router renumbering was never supported, prefix ioctls were deprecated
~15 years ago. Move some items in netinet6/nd6.h where they are still
used.

ok mikeb@ mpi@

Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.

Ensure that arc4random_uniform() doesn't loop by redefining
ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller
than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@

ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@

Change nd6_nud_hint() to no longer manipulate rt_ifp directly.

While here remove unused argument and convert the route check to
rtisvalid(9).

ok bluhm@

Implement the list of nd6 llinfo entries with a TAILQ.
OK millert@ mpi@

Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the
interface index directly.

ok bluhm@

Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now
die and ifp->if_mtu is the one true mtu.
Suggested by and OK mpi@

Introduce if_rtrequest() the successor of ifa_rtrequest().

L2 resolution depends on the protocol (encoded in the route entry) and
an ``ifp''. Not having to care about an ``ifa'' makes our life easier
in our MP effort. Fewer dependencies between data structures implies
fewer headaches.

Discussed with bluhm@, ok claudio@

Ignore Router Advertisment's current hop limit.

Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.

Imputs from bluhm@, ok phessler@, florian@, bluhm@

The return value of nd6_cache_lladdr() is never used so make it a void.

Fewer "struct rtentry" left in the wild!

nd6_prefix_add() is no longer used and die.

Start moving away from the global prefix list by limiting its usage to
AUTOCONF'd addresses.

This prevent the kernel from removing connected (/64) routes as soon as
it configures an AUTOCONF'd address based on a RA.

Tested by sebastia@, ok sthen@

Rework the code to decide when to perform DAD to no longer rely on the
IN6_IFF_NODAD pseudo-flag not being set.

This was just a flag for spaghetti code that should not exist in the
first place.

Tested by sebastia@, ok sthen@

Call rtfree(9) when we no longer need the route entry rather than
decrementing rt_refcnt just after rtrequest1(9).

While here reduce the differences with rt_ifa_add(9). There's still
an ambiguity about rtrequest1(9)'s return value, but bluhm@ will
address that in a different diff.

Discussed with and ok bluhm@

Merge two identical chunks to add new prefixes to the global data
structures into a function.

ok florian@

Properly layer Router Solicitation code.

Tweak and ok florian@

Remove unused arguments and the associated code from nd6_nud_hint().

ok claudio@

Rework the handling of interfaces and IPv6 addresses for local delivery.

- Unicast packets sent to any local address will have their interface
set to loobpack.

- In order to differentiate traffic from interfaces having identical
link-local addresses, provide the scoped addresses to pf(4).

- Update the icmp6 state lookup logic to match scoped MLL addresses.

- Remove a shortcut in ip6_input() that bypasses pf and always look
for an RTF_LOCAL route.

Packets sent to multicast addresses still retain their original
interface due to the fact that local multicast packet delivering
does not use if_output.

This makes ping6 to link-local addresses work even with pf enabled
and "set skip" on loopbacks, reported by Pieter Verberne.

Debugged, analysed and tested with mikeb@.

ok mikeb@, henning@, sthen@

Do not pass an ifa pointer when we already have a DAD descriptor.

Tweaks and ok florian@

Move sending of router solicitations to the kernel; receiving and
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.

The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.

input stsp@
much help & OK mpi@
tweaks & OK bluhm@

move IPv6 prefix adding from workq to taskq; as a happy benefit, we
can delete 2 dozen or so lines that check to see if we've queued
up a prefix addition multiple times.

ok stsp@

Kill the {nd6_,}useloopback buttons, using the loopback interface for
local traffic is not optional.

ok mikeb@, stsp@, jca@

Propagate an rdomain number to the nd6_lookup independently from
the ifp pointer which can be NULL. This prevents a crash reported
by David Hill <dhill at mindcry ! org>. OK bluhm

More _KERNEL namespace cleanup, just in case something out there
includes this.

Remove unused argument from *rtrequest()

ok krw@, mikeb@

No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6,
OSIOCGIFINFO_IN6 anymore. Remove them together with the structs
in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel
implementation.
OK mikeb@ henning@

To control the lifetime of IPv6 addresses, prefixes and default
routers, the kernel and ndp use a bunch of expire fields. Before
they were int or u_long, convert expire to time_t in all structs.
Move vltime and pltime to u_int32_t everywhere. Sort struct fields
by size. Struct inet6_ndpr_msghdr is not used at all, so remove
it.

Binary compatibility of rtsold and ndp break with this change as
rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix
to interact with the kernel.

OK mpi@

Do not access queue fields directly, use FOREACH() macro instead.
No binary change.
OK mikeb@ mpi@

Remove unused code manipulating a default interface and its index,
This is a leftover from the on-link assumption behavior removal,
which has been deprecated by RFC4861 anyway.

ok mikeb@, bluhm@, florian@

typo in comment.

fix typos in comments
ok deraadt henning sthen thib (though thib says he can't spell)

Simple implementation of RFC4941, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6". For those among us who are paranoid
about broadcasting their MAC address to the IPv6 internet.

Man page help from jmc, testing by weerd, arc4random API hints from djm.

ok deraadt, claudio

From KAME, allow adjustable limits on NDP entries and discovered routes.

ok mpf naddy

unifdef -U__otherBSD__

split ND6 cache timer management to per-entry. increased accuracy,
no O(N) loop. sync w/ kame. marc tested, daniel ok

gc

sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.

cope with cases where maxmtu == 0 (shouldn't happen)

be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)

improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame

no need to supply obsolete field name "receivedra"

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

First round of __P removal in sys

compatability -> compatibility.

branches: 1.14.6;
garbage-collect stale ND entries (default: 1 day).
RFC 2461 5.3. sync with kame.

remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.

when chasing nd6_llinfo chain, make sure we do not touch dangling
pointer (due to RTM_DELETE during default router list management).
from kame

use timeout_xx() throughout sys/netinet6. sync with kame.

by default, don't bark on inbound ND messages, as outsider may be able to
fill up /var with bogus packets.
setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid
ND packet and other occasions.

improve icmp6 stats.

pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).

have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument.
pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest.
3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr *
(almost noone is using it anyways).

benefit: the follwoing command now works. previously we need two route(8)
invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0

remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was
introduced by 4.3BSD-reno and never corrected.

XXX is eon_rtrequest() change correct regarding to 3rd arg?
eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno,
so i do not have correct answer in the source code.
someone with more clue about netiso-over-ip, please help.

- more icmp6/ip6 stats.
- protect IPv6 ND from being hosed (due to neighbor unreachability detection
hint) by wrong tcp traffic. still not sure if there's real attack, but
it is good to be cautious.
- avoid bitfield for router renumbering header decl.
- implement packet-per-sec limitation for icmp6 errors, turn interval
limit off (it is not very useful due to unix timer resolution).

never forward packet with link-local address.
experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF,
rcvif will be set to real outgoing interface, not the loopback, to honor scope)
sync with kame.

perform NUD on p2p link, only if the destination/gateway is real neighbor.
this removes temporary workaround (no NUD on p2p link). KAME PR 245.

revisit in6_ifattach(). (1) make it more persistent about initializaing an
interface (2) cleanup interface id selection.
run NUD on p2p interface (required by spec for bidir p2p interface).
add "ndp -i interface" (can tweak per-interface ND flag).
(sync with more recent kame)

bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)

branches: 1.3.2;
more coverage of in6_ifdetach()'s cleanup process.
bug fix in SIOCGIFADDR_IN6 (point to point case).

use arc4random() instead of random for two reasons.
1) on some architectures, random() should only be used by the scheduler
(ie. statintr() because it is uniformly distributed
2) arc4random() is actually strong, random() is not at all

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

Call nd6_ns_output() without kernel lock from nd6_resolve().
OK kn@

ARP has a sysctl to show the number of packets waiting for an arp
response. Implement analog sysctl net.inet6.icmp6.nd6_queued for
ND6 to reduce places where mbufs can hide within the kernel.
Atomic operations operate on unsigned int. Make the type of total
hold queue length consistent.
Use atomic load to read the value for the sysctl. This clarifies
why no lock around sysctl_rdint() is needed.
OK mvs@ kn@

ARP has a queue of packets that should be sent after name resolution.
ND6 did only hold a single packet. Unify the logic and add a mbuf
hold queue to struct llinfo_nd6. This is MP safe and queue limits
are tracked with atomic operations. New function if_mqoutput() has
common code for ARP and ND6. ln_saddr6 holds the source address
of the requesting packet. That is easier than fiddling with mbuf
queue in nd6_ns_output().
OK kn@

Clean up struct nd_opts, use nd6_options() function local variables

nd_opts_search is really the next option, so call it next_opt.

nd_opts_done == 1 means next_opt == NULL, i.e. no more option to handle,
so zap the former and use the latter to stop.

Finally drop the useless struct members, all under _KERNEL.

OK claudio

Merge nd6_option_init() into nd6_options()

All call-sites call nd6_options() directly after nd6_option_init().
Fold them to simplify the logic and do less pointing around.

Feedback OK bluhm florian

Switch nd_opts from a union to just a struct.
The ND6 option handling in the kernel got a lot simpler since only
the tgt and src lladdr option are inspected by the kernel. The magic
of assigning options via one side of the union and accessing them
via the other is total overkill and actually quite error prone.
OK florian@

Do not store unused ICMPv6 Option PREFIX_INFORMATION

Dead since 2017 sys/netinet6/nd6_rtr.c r1.163
Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does
for, e.g., duplicate MTU options, so don't do anything with this option.

Remove access macros for other unused options while here.
Eventually, union nd_opts should be removed completely.
All under _KERNEL.

tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when
running this diff on both router and client.

OK claudio

Remove constant basereachable and retrans members from struct nd_ifinfo

Both are initalised with compile-time constants and never written to.

They are part of the Neighbour Discovery machinery and only surface
through the single-user SIOCGIFINFO_IN6:
$ ndp -i lo0
basereachable=30s0ms, reachable=39s, retrans=1s0ms

These values are read-only since 2017
sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
Remove knob and always do neighbor unreachable detection

Inline the macros (to keep meaningful names), shrink the per-interface
allocated struct nd_ifinfo to what is actually needed and inline
nd6_dad_starttimer()'s constant `msec' argument.

Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.

OK bluhm

Document struct nd_ifinfo protection, remove obsolete .initialized member

All access to struct ifnet's member *if_nd is read-only, with the one
write exception being nd6_slowtimo() updating ND information.

IPv6 Neighbour Discovery information is fully protected by the net lock.
---
nd6_ifattach() allocates and unconditionally initialises struct ifnet's
*if_nd member, so early in if_attachsetup() that there is no way to query
unitialised Neighour Unreachable Detection bits.

Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member:
Added/set since 2002 sys/netinet6/nd6.c r1.42
attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

Read since 2002 usr.sbin/ndp/ndp.c r1.16
use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.

Obsolete since 2017 sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
Remove knob and always do neighbor unreachable detection.

Feedback OK bluhm

Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37

Remove unused code manipulating a default interface and its index
This is a leftover from the on-link assumption behavior removal,
which has been deprecated by RFC4861 anyway.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45

Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Inline useless ND_IFINFO() macro

A single cast-free struct pointer dereference needs no indirection.
ND_IFINFO() is under _KERNEL.

OK mvs

Let nd6_if{at,de}tach() be void and take an ifp argument

Do it like the rest of at/detach routines which modify a struct ifnet
pointer without returning anything.

OK mvs

Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly

*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with
IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and
free single struct nd_ifinfo.

Set up a new ND-specific *if_nd member directly to avoid yet another
layer of indirection and thus make the generic domain API obsolete.

The per-interface data is only accessed in nd6.c and nd6_nbr.c through
the ND_IFINFO() macro; it is allocated and freed exactly once during
interface at/detach, so document it as [I]mmutable.

OK bluhm mvs claudio

Recommit previous "Remove useless struct in6_ifextra"

This was the right diff after all, I just confused myself between trees.

OK bluhm
---
Remove useless struct in6_ifextra

in6_var.h r1.75 removed all other struct members.

Now It only contains a single struct nd_ifinfo pointer, so address family
specific data might as well be just that.

ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is
no other usage of if_afdata[].

One allocation and unhelpful indirection less per interface.

All under _KERNEL.

OK claudio

Backout "Remove useless struct in6_ifextra" commit

I committed the wrong iteration of this diff, sorry for the noise.

Remove useless struct in6_ifextra

in6_var.h r1.75 removed all other struct members.

Now It only contains a single struct nd_ifinfo pointer, so address family
specific data might as well be just that.

ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is
no other usage of if_afdata[].

One allocation and unhelpful indirection less per interface.

All under _KERNEL.

OK claudio

Remove unused RS_LHCOOKIE macro

Added in 2014 110585f259f4974284e531f0a1e121b001a580dc
Move sending of router solicitations to the kernel; [...]
but never used.

Constify in6_addr pointer arguments in nd6_*() functions

All of them are passed to inspect/copy out fields, none of the functions
writes to the struct.

This makes it easier to argue about code (in MP context).

OK bluhm

Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()

Removed in 2015 and 2002, respectively.

OK claudio

Leftovers from florian's RS/NA purge from the kernel in 2017.

OK bluhm

Move ND6_PRIV_* constants from nd6.h to slaacd the only place where
they are used. Nobody in the wider eco system uses these.
While here reduce temporary address valid lifetime to 2 days as per
draft-ietf-6man-rfc4941bis. This should considerably reduce the amount
of addresses configured on an interface - a common complaint.
Original diff from Fernando Gont (fernando AT gont.com.ar), thanks!
Ports tree scanning by sthen@

Prevent recursions by not deleting entries inside rtable_walk(9).

rtable_walk(9) now passes a routing entry back to the caller when
a non zero value is returned and if it asked for it.
This allows us to call rtdeletemsg()/rtrequest_delete() from the
caller without creating a recursion because of rtflushclone().

Multicast code hasn't been adapted and is still possibly creating
recursions. However multicast route entries aren't cloned so if
a recursion exists it isn't because of rtflushclone().

Fix stack exhaustion triggered by the use of "-msave-args".

Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.

Use a single timer for all ND6 entries.

This prevents a use-after-free reported by Hrvoje Popovski where the
timeout function was already sleeping on the NET_LOCK() when ifconfig(8)
removed the enry from the table.

By iterating on a global list in the timeout routine we ensure that the
items are still valid when we process them. This also reduce differences
with ARP.

ok bluhm@, visa@

We are processing Router Solicitation / Advertisement messages only
for the Source Link-layer Address Options.
Merge nd6_rs_input() and nd6_ra_input() into one generic function that
does just that.

input & OK mpi

Remove knob and always do neighbor unreachable detection.

accept_rtadv doesn't do anything since some time.
OK mpi

We are no longer generating privacy addresses in the
kernel.
OK mpi

Stop running nd6_expire every second.
We know when pltime or vltime decrease to zero. Run nd6_expire then.
Input & OK mpi, bluhm

Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.

Pointed out by & OK mpi

Purging is at last at hand. Day of Doom is here. All that is evil
shall all be cleansed.

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Input & OK bluhm@, mpi@

Move nd6 timer initialisation to nd6_init() and call timeout_set()
only once during init.
OK mpi@

Remove multiple recursive splsoftnet().

ok bluhm@

Assert that prelist_update() is always called at IPL_SOFTNET.

While here use __func__ in debug strings to reduce noise when grepping.

store nd6 expiries in the route, not separately in the llinfo struct.

this makes it more consistent with arp, and makes expiries visible
via route(8) get as well as ndp(8).

ok mpi@ florian@

Kill nd6_output(), it doesn't do anything since the resolution logic
has been moved to nd6_resolve().

ok visa@, millert@, florian@, sthen@

Move ND resoluton logic from nd6_output() to nd6_storelladdr() and
rename it to nd6_resolve().

This allows us to get rid of non-Ethernet hacks by moving Ethernet
specific logic in the appropriate layer.

ok sthen@

make nd6_llinfo_settimer take seconds instead of ticks.

most callers are working in seconds, internally it uses seconds, and
you can call timeout_add_sec as easily as timeout_add.

this also fixes an issue with an nd_defrouter expire which was
incorrectly scaled with ticks in a comparison.

ok mpi@

remove code compensating for the "short" range of timeouts.

the nd6 code for managing expiries is never asked to handle intervals
greater than what timeouts can handle, so we dont need to overcompensate.

the code was also incorrect by using a long, which isnt that long
on ILP32 machines.

ok mpi@ millert@ benno@

Implement proxy ARP for ART based on mpath support.

Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.

ok bluhm@

Kill IPv6 prefix and router renumbering ioctls.

Router renumbering was never supported, prefix ioctls were deprecated
~15 years ago. Move some items in netinet6/nd6.h where they are still
used.

ok mikeb@ mpi@

Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.

Ensure that arc4random_uniform() doesn't loop by redefining
ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller
than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@

ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@

Change nd6_nud_hint() to no longer manipulate rt_ifp directly.

While here remove unused argument and convert the route check to
rtisvalid(9).

ok bluhm@

Implement the list of nd6 llinfo entries with a TAILQ.
OK millert@ mpi@

Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the
interface index directly.

ok bluhm@

Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now
die and ifp->if_mtu is the one true mtu.
Suggested by and OK mpi@

Introduce if_rtrequest() the successor of ifa_rtrequest().

L2 resolution depends on the protocol (encoded in the route entry) and
an ``ifp''. Not having to care about an ``ifa'' makes our life easier
in our MP effort. Fewer dependencies between data structures implies
fewer headaches.

Discussed with bluhm@, ok claudio@

Ignore Router Advertisment's current hop limit.

Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.

Imputs from bluhm@, ok phessler@, florian@, bluhm@

The return value of nd6_cache_lladdr() is never used so make it a void.

Fewer "struct rtentry" left in the wild!

nd6_prefix_add() is no longer used and die.

Start moving away from the global prefix list by limiting its usage to
AUTOCONF'd addresses.

This prevent the kernel from removing connected (/64) routes as soon as
it configures an AUTOCONF'd address based on a RA.

Tested by sebastia@, ok sthen@

Rework the code to decide when to perform DAD to no longer rely on the
IN6_IFF_NODAD pseudo-flag not being set.

This was just a flag for spaghetti code that should not exist in the
first place.

Tested by sebastia@, ok sthen@

Call rtfree(9) when we no longer need the route entry rather than
decrementing rt_refcnt just after rtrequest1(9).

While here reduce the differences with rt_ifa_add(9). There's still
an ambiguity about rtrequest1(9)'s return value, but bluhm@ will
address that in a different diff.

Discussed with and ok bluhm@

Merge two identical chunks to add new prefixes to the global data
structures into a function.

ok florian@

Properly layer Router Solicitation code.

Tweak and ok florian@

Remove unused arguments and the associated code from nd6_nud_hint().

ok claudio@

Rework the handling of interfaces and IPv6 addresses for local delivery.

- Unicast packets sent to any local address will have their interface
set to loobpack.

- In order to differentiate traffic from interfaces having identical
link-local addresses, provide the scoped addresses to pf(4).

- Update the icmp6 state lookup logic to match scoped MLL addresses.

- Remove a shortcut in ip6_input() that bypasses pf and always look
for an RTF_LOCAL route.

Packets sent to multicast addresses still retain their original
interface due to the fact that local multicast packet delivering
does not use if_output.

This makes ping6 to link-local addresses work even with pf enabled
and "set skip" on loopbacks, reported by Pieter Verberne.

Debugged, analysed and tested with mikeb@.

ok mikeb@, henning@, sthen@

Do not pass an ifa pointer when we already have a DAD descriptor.

Tweaks and ok florian@

Move sending of router solicitations to the kernel; receiving and
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.

The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.

input stsp@
much help & OK mpi@
tweaks & OK bluhm@

move IPv6 prefix adding from workq to taskq; as a happy benefit, we
can delete 2 dozen or so lines that check to see if we've queued
up a prefix addition multiple times.

ok stsp@

Kill the {nd6_,}useloopback buttons, using the loopback interface for
local traffic is not optional.

ok mikeb@, stsp@, jca@

Propagate an rdomain number to the nd6_lookup independently from
the ifp pointer which can be NULL. This prevents a crash reported
by David Hill <dhill at mindcry ! org>. OK bluhm

More _KERNEL namespace cleanup, just in case something out there
includes this.

Remove unused argument from *rtrequest()

ok krw@, mikeb@

No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6,
OSIOCGIFINFO_IN6 anymore. Remove them together with the structs
in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel
implementation.
OK mikeb@ henning@

To control the lifetime of IPv6 addresses, prefixes and default
routers, the kernel and ndp use a bunch of expire fields. Before
they were int or u_long, convert expire to time_t in all structs.
Move vltime and pltime to u_int32_t everywhere. Sort struct fields
by size. Struct inet6_ndpr_msghdr is not used at all, so remove
it.

Binary compatibility of rtsold and ndp break with this change as
rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix
to interact with the kernel.

OK mpi@

Do not access queue fields directly, use FOREACH() macro instead.
No binary change.
OK mikeb@ mpi@

Remove unused code manipulating a default interface and its index,
This is a leftover from the on-link assumption behavior removal,
which has been deprecated by RFC4861 anyway.

ok mikeb@, bluhm@, florian@

typo in comment.

fix typos in comments
ok deraadt henning sthen thib (though thib says he can't spell)

Simple implementation of RFC4941, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6". For those among us who are paranoid
about broadcasting their MAC address to the IPv6 internet.

Man page help from jmc, testing by weerd, arc4random API hints from djm.

ok deraadt, claudio

From KAME, allow adjustable limits on NDP entries and discovered routes.

ok mpf naddy

unifdef -U__otherBSD__

split ND6 cache timer management to per-entry. increased accuracy,
no O(N) loop. sync w/ kame. marc tested, daniel ok

gc

sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.

cope with cases where maxmtu == 0 (shouldn't happen)

be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)

improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame

no need to supply obsolete field name "receivedra"

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

First round of __P removal in sys

compatability -> compatibility.

branches: 1.14.6;
garbage-collect stale ND entries (default: 1 day).
RFC 2461 5.3. sync with kame.

remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.

when chasing nd6_llinfo chain, make sure we do not touch dangling
pointer (due to RTM_DELETE during default router list management).
from kame

use timeout_xx() throughout sys/netinet6. sync with kame.

by default, don't bark on inbound ND messages, as outsider may be able to
fill up /var with bogus packets.
setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid
ND packet and other occasions.

improve icmp6 stats.

pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).

have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument.
pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest.
3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr *
(almost noone is using it anyways).

benefit: the follwoing command now works. previously we need two route(8)
invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0

remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was
introduced by 4.3BSD-reno and never corrected.

XXX is eon_rtrequest() change correct regarding to 3rd arg?
eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno,
so i do not have correct answer in the source code.
someone with more clue about netiso-over-ip, please help.

- more icmp6/ip6 stats.
- protect IPv6 ND from being hosed (due to neighbor unreachability detection
hint) by wrong tcp traffic. still not sure if there's real attack, but
it is good to be cautious.
- avoid bitfield for router renumbering header decl.
- implement packet-per-sec limitation for icmp6 errors, turn interval
limit off (it is not very useful due to unix timer resolution).

never forward packet with link-local address.
experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF,
rcvif will be set to real outgoing interface, not the loopback, to honor scope)
sync with kame.

perform NUD on p2p link, only if the destination/gateway is real neighbor.
this removes temporary workaround (no NUD on p2p link). KAME PR 245.

revisit in6_ifattach(). (1) make it more persistent about initializaing an
interface (2) cleanup interface id selection.
run NUD on p2p interface (required by spec for bidir p2p interface).
add "ndp -i interface" (can tweak per-interface ND flag).
(sync with more recent kame)

bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)

branches: 1.3.2;
more coverage of in6_ifdetach()'s cleanup process.
bug fix in SIOCGIFADDR_IN6 (point to point case).

use arc4random() instead of random for two reasons.
1) on some architectures, random() should only be used by the scheduler
(ie. statintr() because it is uniformly distributed
2) arc4random() is actually strong, random() is not at all

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

ARP has a sysctl to show the number of packets waiting for an arp
response. Implement analog sysctl net.inet6.icmp6.nd6_queued for
ND6 to reduce places where mbufs can hide within the kernel.
Atomic operations operate on unsigned int. Make the type of total
hold queue length consistent.
Use atomic load to read the value for the sysctl. This clarifies
why no lock around sysctl_rdint() is needed.
OK mvs@ kn@

ARP has a queue of packets that should be sent after name resolution.
ND6 did only hold a single packet. Unify the logic and add a mbuf
hold queue to struct llinfo_nd6. This is MP safe and queue limits
are tracked with atomic operations. New function if_mqoutput() has
common code for ARP and ND6. ln_saddr6 holds the source address
of the requesting packet. That is easier than fiddling with mbuf
queue in nd6_ns_output().
OK kn@

Clean up struct nd_opts, use nd6_options() function local variables

nd_opts_search is really the next option, so call it next_opt.

nd_opts_done == 1 means next_opt == NULL, i.e. no more option to handle,
so zap the former and use the latter to stop.

Finally drop the useless struct members, all under _KERNEL.

OK claudio

Merge nd6_option_init() into nd6_options()

All call-sites call nd6_options() directly after nd6_option_init().
Fold them to simplify the logic and do less pointing around.

Feedback OK bluhm florian

Switch nd_opts from a union to just a struct.
The ND6 option handling in the kernel got a lot simpler since only
the tgt and src lladdr option are inspected by the kernel. The magic
of assigning options via one side of the union and accessing them
via the other is total overkill and actually quite error prone.
OK florian@

Do not store unused ICMPv6 Option PREFIX_INFORMATION

Dead since 2017 sys/netinet6/nd6_rtr.c r1.163
Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does
for, e.g., duplicate MTU options, so don't do anything with this option.

Remove access macros for other unused options while here.
Eventually, union nd_opts should be removed completely.
All under _KERNEL.

tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when
running this diff on both router and client.

OK claudio

Remove constant basereachable and retrans members from struct nd_ifinfo

Both are initalised with compile-time constants and never written to.

They are part of the Neighbour Discovery machinery and only surface
through the single-user SIOCGIFINFO_IN6:
$ ndp -i lo0
basereachable=30s0ms, reachable=39s, retrans=1s0ms

These values are read-only since 2017
sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
Remove knob and always do neighbor unreachable detection

Inline the macros (to keep meaningful names), shrink the per-interface
allocated struct nd_ifinfo to what is actually needed and inline
nd6_dad_starttimer()'s constant `msec' argument.

Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.

OK bluhm

Document struct nd_ifinfo protection, remove obsolete .initialized member

All access to struct ifnet's member *if_nd is read-only, with the one
write exception being nd6_slowtimo() updating ND information.

IPv6 Neighbour Discovery information is fully protected by the net lock.
---
nd6_ifattach() allocates and unconditionally initialises struct ifnet's
*if_nd member, so early in if_attachsetup() that there is no way to query
unitialised Neighour Unreachable Detection bits.

Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member:
Added/set since 2002 sys/netinet6/nd6.c r1.42
attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

Read since 2002 usr.sbin/ndp/ndp.c r1.16
use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.

Obsolete since 2017 sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
Remove knob and always do neighbor unreachable detection.

Feedback OK bluhm

Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37

Remove unused code manipulating a default interface and its index
This is a leftover from the on-link assumption behavior removal,
which has been deprecated by RFC4861 anyway.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45

Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Inline useless ND_IFINFO() macro

A single cast-free struct pointer dereference needs no indirection.
ND_IFINFO() is under _KERNEL.

OK mvs

Let nd6_if{at,de}tach() be void and take an ifp argument

Do it like the rest of at/detach routines which modify a struct ifnet
pointer without returning anything.

OK mvs

Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly

*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with
IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and
free single struct nd_ifinfo.

Set up a new ND-specific *if_nd member directly to avoid yet another
layer of indirection and thus make the generic domain API obsolete.

The per-interface data is only accessed in nd6.c and nd6_nbr.c through
the ND_IFINFO() macro; it is allocated and freed exactly once during
interface at/detach, so document it as [I]mmutable.

OK bluhm mvs claudio

Recommit previous "Remove useless struct in6_ifextra"

This was the right diff after all, I just confused myself between trees.

OK bluhm
---
Remove useless struct in6_ifextra

in6_var.h r1.75 removed all other struct members.

Now It only contains a single struct nd_ifinfo pointer, so address family
specific data might as well be just that.

ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is
no other usage of if_afdata[].

One allocation and unhelpful indirection less per interface.

All under _KERNEL.

OK claudio

Backout "Remove useless struct in6_ifextra" commit

I committed the wrong iteration of this diff, sorry for the noise.

Remove useless struct in6_ifextra

in6_var.h r1.75 removed all other struct members.

Now It only contains a single struct nd_ifinfo pointer, so address family
specific data might as well be just that.

ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is
no other usage of if_afdata[].

One allocation and unhelpful indirection less per interface.

All under _KERNEL.

OK claudio

Remove unused RS_LHCOOKIE macro

Added in 2014 110585f259f4974284e531f0a1e121b001a580dc
Move sending of router solicitations to the kernel; [...]
but never used.

Constify in6_addr pointer arguments in nd6_*() functions

All of them are passed to inspect/copy out fields, none of the functions
writes to the struct.

This makes it easier to argue about code (in MP context).

OK bluhm

Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()

Removed in 2015 and 2002, respectively.

OK claudio

Leftovers from florian's RS/NA purge from the kernel in 2017.

OK bluhm

Move ND6_PRIV_* constants from nd6.h to slaacd the only place where
they are used. Nobody in the wider eco system uses these.
While here reduce temporary address valid lifetime to 2 days as per
draft-ietf-6man-rfc4941bis. This should considerably reduce the amount
of addresses configured on an interface - a common complaint.
Original diff from Fernando Gont (fernando AT gont.com.ar), thanks!
Ports tree scanning by sthen@

Prevent recursions by not deleting entries inside rtable_walk(9).

rtable_walk(9) now passes a routing entry back to the caller when
a non zero value is returned and if it asked for it.
This allows us to call rtdeletemsg()/rtrequest_delete() from the
caller without creating a recursion because of rtflushclone().

Multicast code hasn't been adapted and is still possibly creating
recursions. However multicast route entries aren't cloned so if
a recursion exists it isn't because of rtflushclone().

Fix stack exhaustion triggered by the use of "-msave-args".

Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.

Use a single timer for all ND6 entries.

This prevents a use-after-free reported by Hrvoje Popovski where the
timeout function was already sleeping on the NET_LOCK() when ifconfig(8)
removed the enry from the table.

By iterating on a global list in the timeout routine we ensure that the
items are still valid when we process them. This also reduce differences
with ARP.

ok bluhm@, visa@

We are processing Router Solicitation / Advertisement messages only
for the Source Link-layer Address Options.
Merge nd6_rs_input() and nd6_ra_input() into one generic function that
does just that.

input & OK mpi

Remove knob and always do neighbor unreachable detection.

accept_rtadv doesn't do anything since some time.
OK mpi

We are no longer generating privacy addresses in the
kernel.
OK mpi

Stop running nd6_expire every second.
We know when pltime or vltime decrease to zero. Run nd6_expire then.
Input & OK mpi, bluhm

Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.

Pointed out by & OK mpi

Purging is at last at hand. Day of Doom is here. All that is evil
shall all be cleansed.

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Input & OK bluhm@, mpi@

Move nd6 timer initialisation to nd6_init() and call timeout_set()
only once during init.
OK mpi@

Remove multiple recursive splsoftnet().

ok bluhm@

Assert that prelist_update() is always called at IPL_SOFTNET.

While here use __func__ in debug strings to reduce noise when grepping.

store nd6 expiries in the route, not separately in the llinfo struct.

this makes it more consistent with arp, and makes expiries visible
via route(8) get as well as ndp(8).

ok mpi@ florian@

Kill nd6_output(), it doesn't do anything since the resolution logic
has been moved to nd6_resolve().

ok visa@, millert@, florian@, sthen@

Move ND resoluton logic from nd6_output() to nd6_storelladdr() and
rename it to nd6_resolve().

This allows us to get rid of non-Ethernet hacks by moving Ethernet
specific logic in the appropriate layer.

ok sthen@

make nd6_llinfo_settimer take seconds instead of ticks.

most callers are working in seconds, internally it uses seconds, and
you can call timeout_add_sec as easily as timeout_add.

this also fixes an issue with an nd_defrouter expire which was
incorrectly scaled with ticks in a comparison.

ok mpi@

remove code compensating for the "short" range of timeouts.

the nd6 code for managing expiries is never asked to handle intervals
greater than what timeouts can handle, so we dont need to overcompensate.

the code was also incorrect by using a long, which isnt that long
on ILP32 machines.

ok mpi@ millert@ benno@

Implement proxy ARP for ART based on mpath support.

Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.

ok bluhm@

Kill IPv6 prefix and router renumbering ioctls.

Router renumbering was never supported, prefix ioctls were deprecated
~15 years ago. Move some items in netinet6/nd6.h where they are still
used.

ok mikeb@ mpi@

Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.

Ensure that arc4random_uniform() doesn't loop by redefining
ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller
than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@

ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@

Change nd6_nud_hint() to no longer manipulate rt_ifp directly.

While here remove unused argument and convert the route check to
rtisvalid(9).

ok bluhm@

Implement the list of nd6 llinfo entries with a TAILQ.
OK millert@ mpi@

Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the
interface index directly.

ok bluhm@

Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now
die and ifp->if_mtu is the one true mtu.
Suggested by and OK mpi@

Introduce if_rtrequest() the successor of ifa_rtrequest().

L2 resolution depends on the protocol (encoded in the route entry) and
an ``ifp''. Not having to care about an ``ifa'' makes our life easier
in our MP effort. Fewer dependencies between data structures implies
fewer headaches.

Discussed with bluhm@, ok claudio@

Ignore Router Advertisment's current hop limit.

Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.

Imputs from bluhm@, ok phessler@, florian@, bluhm@

The return value of nd6_cache_lladdr() is never used so make it a void.

Fewer "struct rtentry" left in the wild!

nd6_prefix_add() is no longer used and die.

Start moving away from the global prefix list by limiting its usage to
AUTOCONF'd addresses.

This prevent the kernel from removing connected (/64) routes as soon as
it configures an AUTOCONF'd address based on a RA.

Tested by sebastia@, ok sthen@

Rework the code to decide when to perform DAD to no longer rely on the
IN6_IFF_NODAD pseudo-flag not being set.

This was just a flag for spaghetti code that should not exist in the
first place.

Tested by sebastia@, ok sthen@

Call rtfree(9) when we no longer need the route entry rather than
decrementing rt_refcnt just after rtrequest1(9).

While here reduce the differences with rt_ifa_add(9). There's still
an ambiguity about rtrequest1(9)'s return value, but bluhm@ will
address that in a different diff.

Discussed with and ok bluhm@

Merge two identical chunks to add new prefixes to the global data
structures into a function.

ok florian@

Properly layer Router Solicitation code.

Tweak and ok florian@

Remove unused arguments and the associated code from nd6_nud_hint().

ok claudio@

Rework the handling of interfaces and IPv6 addresses for local delivery.

- Unicast packets sent to any local address will have their interface
set to loobpack.

- In order to differentiate traffic from interfaces having identical
link-local addresses, provide the scoped addresses to pf(4).

- Update the icmp6 state lookup logic to match scoped MLL addresses.

- Remove a shortcut in ip6_input() that bypasses pf and always look
for an RTF_LOCAL route.

Packets sent to multicast addresses still retain their original
interface due to the fact that local multicast packet delivering
does not use if_output.

This makes ping6 to link-local addresses work even with pf enabled
and "set skip" on loopbacks, reported by Pieter Verberne.

Debugged, analysed and tested with mikeb@.

ok mikeb@, henning@, sthen@

Do not pass an ifa pointer when we already have a DAD descriptor.

Tweaks and ok florian@

Move sending of router solicitations to the kernel; receiving and
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.

The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.

input stsp@
much help & OK mpi@
tweaks & OK bluhm@

move IPv6 prefix adding from workq to taskq; as a happy benefit, we
can delete 2 dozen or so lines that check to see if we've queued
up a prefix addition multiple times.

ok stsp@

Kill the {nd6_,}useloopback buttons, using the loopback interface for
local traffic is not optional.

ok mikeb@, stsp@, jca@

Propagate an rdomain number to the nd6_lookup independently from
the ifp pointer which can be NULL. This prevents a crash reported
by David Hill <dhill at mindcry ! org>. OK bluhm

More _KERNEL namespace cleanup, just in case something out there
includes this.

Remove unused argument from *rtrequest()

ok krw@, mikeb@

No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6,
OSIOCGIFINFO_IN6 anymore. Remove them together with the structs
in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel
implementation.
OK mikeb@ henning@

To control the lifetime of IPv6 addresses, prefixes and default
routers, the kernel and ndp use a bunch of expire fields. Before
they were int or u_long, convert expire to time_t in all structs.
Move vltime and pltime to u_int32_t everywhere. Sort struct fields
by size. Struct inet6_ndpr_msghdr is not used at all, so remove
it.

Binary compatibility of rtsold and ndp break with this change as
rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix
to interact with the kernel.

OK mpi@

Do not access queue fields directly, use FOREACH() macro instead.
No binary change.
OK mikeb@ mpi@

Remove unused code manipulating a default interface and its index,
This is a leftover from the on-link assumption behavior removal,
which has been deprecated by RFC4861 anyway.

ok mikeb@, bluhm@, florian@

typo in comment.

fix typos in comments
ok deraadt henning sthen thib (though thib says he can't spell)

Simple implementation of RFC4941, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6". For those among us who are paranoid
about broadcasting their MAC address to the IPv6 internet.

Man page help from jmc, testing by weerd, arc4random API hints from djm.

ok deraadt, claudio

From KAME, allow adjustable limits on NDP entries and discovered routes.

ok mpf naddy

unifdef -U__otherBSD__

split ND6 cache timer management to per-entry. increased accuracy,
no O(N) loop. sync w/ kame. marc tested, daniel ok

gc

sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.

cope with cases where maxmtu == 0 (shouldn't happen)

be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)

improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame

no need to supply obsolete field name "receivedra"

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

First round of __P removal in sys

compatability -> compatibility.

branches: 1.14.6;
garbage-collect stale ND entries (default: 1 day).
RFC 2461 5.3. sync with kame.

remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.

when chasing nd6_llinfo chain, make sure we do not touch dangling
pointer (due to RTM_DELETE during default router list management).
from kame

use timeout_xx() throughout sys/netinet6. sync with kame.

by default, don't bark on inbound ND messages, as outsider may be able to
fill up /var with bogus packets.
setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid
ND packet and other occasions.

improve icmp6 stats.

pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).

have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument.
pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest.
3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr *
(almost noone is using it anyways).

benefit: the follwoing command now works. previously we need two route(8)
invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0

remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was
introduced by 4.3BSD-reno and never corrected.

XXX is eon_rtrequest() change correct regarding to 3rd arg?
eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno,
so i do not have correct answer in the source code.
someone with more clue about netiso-over-ip, please help.

- more icmp6/ip6 stats.
- protect IPv6 ND from being hosed (due to neighbor unreachability detection
hint) by wrong tcp traffic. still not sure if there's real attack, but
it is good to be cautious.
- avoid bitfield for router renumbering header decl.
- implement packet-per-sec limitation for icmp6 errors, turn interval
limit off (it is not very useful due to unix timer resolution).

never forward packet with link-local address.
experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF,
rcvif will be set to real outgoing interface, not the loopback, to honor scope)
sync with kame.

perform NUD on p2p link, only if the destination/gateway is real neighbor.
this removes temporary workaround (no NUD on p2p link). KAME PR 245.

revisit in6_ifattach(). (1) make it more persistent about initializaing an
interface (2) cleanup interface id selection.
run NUD on p2p interface (required by spec for bidir p2p interface).
add "ndp -i interface" (can tweak per-interface ND flag).
(sync with more recent kame)

bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)

branches: 1.3.2;
more coverage of in6_ifdetach()'s cleanup process.
bug fix in SIOCGIFADDR_IN6 (point to point case).

use arc4random() instead of random for two reasons.
1) on some architectures, random() should only be used by the scheduler
(ie. statintr() because it is uniformly distributed
2) arc4random() is actually strong, random() is not at all

bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

Clean up struct nd_opts, use nd6_options() function local variables

nd_opts_search is really the next option, so call it next_opt.

nd_opts_done == 1 means next_opt == NULL, i.e. no more option to handle,
so zap the former and use the latter to stop.

Finally drop the useless struct members, all under _KERNEL.

OK claudio

Merge nd6_option_init() into nd6_options()

All call-sites call nd6_options() directly after nd6_option_init().
Fold them to simplify the logic and do less pointing around.

Feedback OK bluhm florian

Switch nd_opts from a union to just a struct.
The ND6 option handling in the kernel got a lot simpler since only
the tgt and src lladdr option are inspected by the kernel. The magic
of assigning options via one side of the union and accessing them
via the other is total overkill and actually quite error prone.
OK florian@

Do not store unused ICMPv6 Option PREFIX_INFORMATION

Dead since 2017 sys/netinet6/nd6_rtr.c r1.163
Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does
for, e.g., duplicate MTU options, so don't do anything with this option.

Remove access macros for other unused options while here.
Eventually, union nd_opts should be removed completely.
All under _KERNEL.

tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when
running this diff on both router and client.

OK claudio

Remove constant basereachable and retrans members from struct nd_ifinfo

Both are initalised with compile-time constants and never written to.

They are part of the Neighbour Discovery machinery and only surface
through the single-user SIOCGIFINFO_IN6:
$ ndp -i lo0
basereachable=30s0ms, reachable=39s, retrans=1s0ms

These values are read-only since 2017
sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
Remove knob and always do neighbor unreachable detection

Inline the macros (to keep meaningful names), shrink the per-interface
allocated struct nd_ifinfo to what is actually needed and inline
nd6_dad_starttimer()'s constant `msec' argument.

Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.

OK bluhm

Document struct nd_ifinfo protection, remove obsolete .initialized member

All access to struct ifnet's member *if_nd is read-only, with the one
write exception being nd6_slowtimo() updating ND information.

IPv6 Neighbour Discovery information is fully protected by the net lock.
---
nd6_ifattach() allocates and unconditionally initialises struct ifnet's
*if_nd member, so early in if_attachsetup() that there is no way to query
unitialised Neighour Unreachable Detection bits.

Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member:
Added/set since 2002 sys/netinet6/nd6.c r1.42
attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

Read since 2002 usr.sbin/ndp/ndp.c r1.16
use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.

Obsolete since 2017 sys/netinet6/nd6.c r1.217
usr.sbin/ndp/ndp.c r1.85
Remove knob and always do neighbor unreachable detection.

Feedback OK bluhm

Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37

Remove unused code manipulating a default interface and its index
This is a leftover from the on-link assumption behavior removal,
which has been deprecated by RFC4861 anyway.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45

Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.

Outside of _KERNEL, but nothing in base uses it, either.
codesearch.debian.net seems to agree.

OK mvs claudio bluhm

Inline useless ND_IFINFO() macro

A single cast-free struct pointer dereference needs no indirection.
ND_IFINFO() is under _KERNEL.

OK mvs

Let nd6_if{at,de}tach() be void and take an ifp argument

Do it like the rest of at/detach routines which modify a struct ifnet
pointer without returning anything.

OK mvs

Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly

*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with
IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and
free single struct nd_ifinfo.

Set up a new ND-specific *if_nd member directly to avoid yet another
layer of indirection and thus make the generic domain API obsolete.

The per-interface data is only accessed in nd6.c and nd6_nbr.c through
the ND_IFINFO() macro; it is allocated and freed exactly once during
interface at/detach, so document it as [I]mmutable.

OK bluhm mvs claudio

Recommit previous "Remove useless struct in6_ifextra"

This was the right diff after all, I just confused myself between trees.

OK bluhm
---
Remove useless struct in6_ifextra

in6_var.h r1.75 removed all other struct members.

Now It only contains a single struct nd_ifinfo pointer, so address family
specific data might as well be just that.

ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is
no other usage of if_afdata[].

One allocation and unhelpful indirection less per interface.

All under _KERNEL.

OK claudio

Backout "Remove useless struct in6_ifextra" commit

I committed the wrong iteration of this diff, sorry for the noise.

Remove useless struct in6_ifextra

in6_var.h r1.75 removed all other struct members.

Now It only contains a single struct nd_ifinfo pointer, so address family
specific data might as well be just that.

ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is
no other usage of if_afdata[].

One allocation and unhelpful indirection less per interface.

All under _KERNEL.

OK claudio

Remove unused RS_LHCOOKIE macro

Added in 2014 110585f259f4974284e531f0a1e121b001a580dc
Move sending of router solicitations to the kernel; [...]
but never used.

Constify in6_addr pointer arguments in nd6_*() functions

All of them are passed to inspect/copy out fields, none of the functions
writes to the struct.

This makes it easier to argue about code (in MP context).

OK bluhm

Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()

Removed in 2015 and 2002, respectively.

OK claudio

Leftovers from florian's RS/NA purge from the kernel in 2017.

OK bluhm

Move ND6_PRIV_* constants from nd6.h to slaacd the only place where
they are used. Nobody in the wider eco system uses these.
While here reduce temporary address valid lifetime to 2 days as per
draft-ietf-6man-rfc4941bis. This should considerably reduce the amount
of addresses configured on an interface - a common complaint.
Original diff from Fernando Gont (fernando AT gont.com.ar), thanks!
Ports tree scanning by sthen@

Prevent recursions by not deleting entries inside rtable_walk(9).

rtable_walk(9) now passes a routing entry back to the caller when
a non zero value is returned and if it asked for it.
This allows us to call rtdeletemsg()/rtrequest_delete() from the
caller without creating a recursion because of rtflushclone().

Multicast code hasn't been adapted and is still possibly creating
recursions. However multicast route entries aren't cloned so if
a recursion exists it isn't because of rtflushclone().

Fix stack exhaustion triggered by the use of "-msave-args".

Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.

Use a single timer for all ND6 entries.

This prevents a use-after-free reported by Hrvoje Popovski where the
timeout function was already sleeping on the NET_LOCK() when ifconfig(8)
removed the enry from the table.

By iterating on a global list in the timeout routine we ensure that the
items are still valid when we process them. This also reduce differences
with ARP.

ok bluhm@, visa@

We are processing Router Solicitation / Advertisement messages only
for the Source Link-layer Address Options.
Merge nd6_rs_input() and nd6_ra_input() into one generic function that
does just that.

input & OK mpi

Remove knob and always do neighbor unreachable detection.

accept_rtadv doesn't do anything since some time.
OK mpi

We are no longer generating privacy addresses in the
kernel.
OK mpi

Stop running nd6_expire every second.
We know when pltime or vltime decrease to zero. Run nd6_expire then.
Input & OK mpi, bluhm

Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.

Pointed out by & OK mpi

Purging is at last at hand. Day of Doom is here. All that is evil
shall all be cleansed.

Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.

Input & OK bluhm@, mpi@

Move nd6 timer initialisation to nd6_init() and call timeout_set()
only once during init.
OK mpi@

Remove multiple recursive splsoftnet().

ok bluhm@

Assert that prelist_update() is always called at IPL_SOFTNET.

While here use __func__ in debug strings to reduce noise when grepping.

store nd6 expiries in the route, not separately in the llinfo struct.

this makes it more consistent with arp, and makes expiries visible
via route(8) get as well as ndp(8).

ok mpi@ florian@

Kill nd6_output(), it doesn't do anything since the resolution logic
has been moved to nd6_resolve().

ok visa@, millert@, florian@, sthen@

Move ND resoluton logic from nd6_output() to nd6_storelladdr() and
rename it to nd6_resolve().

This allows us to get rid of non-Ethernet hacks by moving Ethernet
specific logic in the appropriate layer.

ok sthen@

make nd6_llinfo_settimer take seconds instead of ticks.

most callers are working in seconds, internally it uses seconds, and
you can call timeout_add_sec as easily as timeout_add.

this also fixes an issue with an nd_defrouter expire which was
incorrectly scaled with ticks in a comparison.

ok mpi@

remove code compensating for the "short" range of timeouts.

the nd6 code for managing expiries is never asked to handle intervals
greater than what timeouts can handle, so we dont need to overcompensate.

the code was also incorrect by using a long, which isnt that long
on ILP32 machines.

ok mpi@ millert@ benno@

Implement proxy ARP for ART based on mpath support.

Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.

ok bluhm@

Kill IPv6 prefix and router renumbering ioctls.

Router renumbering was never supported, prefix ioctls were deprecated
~15 years ago. Move some items in netinet6/nd6.h where they are still
used.

ok mikeb@ mpi@

Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.

Ensure that arc4random_uniform() doesn't loop by redefining
ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller
than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@

ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@

Change nd6_nud_hint() to no longer manipulate rt_ifp directly.

While here remove unused argument and convert the route check to
rtisvalid(9).

ok bluhm@

Implement the list of nd6 llinfo entries with a TAILQ.
OK millert@ mpi@

Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the
interface index directly.

ok bluhm@

Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now
die and ifp->if_mtu is the one true mtu.
Suggested by and OK mpi@

Introduce if_rtrequest() the successor of ifa_rtrequest().

L2 resolution depends on the protocol (encoded in the route entry) and
an ``ifp''. Not having to care about an ``ifa'' makes our life easier
in our MP effort. Fewer dependencies between data structures implies
fewer headaches.

Discussed with bluhm@, ok claudio@

Ignore Router Advertisment's current hop limit.

Appart from the usual inet6 axe murdering exercise to keep you fit, this
allows us to get rid of a lot of layer violation due to the use of per-
ifp variables to store the current hop limit.

Imputs from bluhm@, ok phessler@, florian@, bluhm@

The return value of nd6_cache_lladdr() is never used so make it a void.

Fewer "struct rtentry" left in the wild!

nd6_prefix_add() is no longer used and die.

Start moving away from the global prefix list by limiting its usage to
AUTOCONF'd addresses.

This prevent the kernel from removing connected (/64) routes as soon as
it configures an AUTOCONF'd address based on a RA.

Tested by sebastia@, ok sthen@

Rework the code to decide when to perform DAD to no longer rely on the
IN6_IFF_NODAD pseudo-flag not being set.

This was just a flag for spaghetti code that should not exist in the
first place.

Tested by sebastia@, ok sthen@

Call rtfree(9) when we no longer need the route entry rather than
decrementing rt_refcnt just after rtrequest1(9).

While here reduce the differences with rt_ifa_add(9). There's still
an ambiguity about rtrequest1(9)'s return value, but bluhm@ will
address that in a different diff.

Discussed with and ok bluhm@

Merge two identical chunks to add new prefixes to the global data
structures into a function.

ok florian@

Properly layer Router Solicitation code.

Tweak and ok florian@

Remove unused arguments and the associated code from nd6_nud_hint().

ok claudio@

Rework the handling of interfaces and IPv6 addresses for local delivery.

- Unicast packets sent to any local address will have their interface
set to loobpack.

- In order to differentiate traffic from interfaces having identical
link-local addresses, provide the scoped addresses to pf(4).

- Update the icmp6 state lookup logic to match scoped MLL addresses.

- Remove a shortcut in ip6_input() that bypasses pf and always look
for an RTF_LOCAL route.

Packets sent to multicast addresses still retain their original
interface due to the fact that local multicast packet delivering
does not use if_output.

This makes ping6 to link-local addresses work even with pf enabled
and "set skip" on loopbacks, reported by Pieter Verberne.

Debugged, analysed and tested with mikeb@.

ok mikeb@, henning@, sthen@

Do not pass an ifa pointer when we already have a DAD descriptor.

Tweaks and ok florian@

Move sending of router solicitations to the kernel; receiving and
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.

The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.

input stsp@
much help & OK mpi@
tweaks & OK bluhm@

move IPv6 prefix adding from workq to taskq; as a happy benefit, we
can delete 2 dozen or so lines that check to see if we've queued
up a prefix addition multiple times.

ok stsp@

Kill the {nd6_,}useloopback buttons, using the loopback interface for
local traffic is not optional.

ok mikeb@, stsp@, jca@

Propagate an rdomain number to the nd6_lookup independently from
the ifp pointer which can be NULL. This prevents a crash reported
by David Hill <dhill at mindcry ! org>. OK bluhm

More _KERNEL namespace cleanup, just in case something out there
includes this.

Remove unused argument from *rtrequest()

ok krw@, mikeb@

No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6,
OSIOCGIFINFO_IN6 anymore. Remove them together with the structs
in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel
implementation.
OK mikeb@ henning@

To control the lifetime of IPv6 addresses, prefixes and default
routers, the kernel and ndp use a bunch of expire fields. Before
they were int or u_long, convert expire to time_t in all structs.
Move vltime and pltime to u_int32_t everywhere. Sort struct fields
by size. Struct inet6_ndpr_msghdr is not used at all, so remove
it.

Binary compatibility of rtsold and ndp break with this change as
rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix
to interact with the kernel.

OK mpi@

Do not access queue fields directly, use FOREACH() macro instead.
No binary change.
OK mikeb@ mpi@

Remove unused code manipulating a default interface and its index,
This is a leftover from the on-link assumption behavior removal,
which has been deprecated by RFC4861 anyway.

ok mikeb@, bluhm@, florian@

typo in comment.

fix typos in comments
ok deraadt henning sthen thib (though thib says he can't spell)

Simple implementation of RFC4941, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6". For those among us who are paranoid
about broadcasting their MAC address to the IPv6 internet.

Man page help from jmc, testing by weerd, arc4random API hints from djm.

ok deraadt, claudio

From KAME, allow adjustable limits on NDP entries and discovered routes.

ok mpf naddy

unifdef -U__otherBSD__

split ND6 cache timer management to per-entry. increased accuracy,
no O(N) loop. sync w/ kame. marc tested, daniel ok

gc

sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.

cope with cases where maxmtu == 0 (shouldn't happen)

be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)

improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame

no need to supply obsolete field name "receivedra"

attach nd_ifinfo structure to if_afdata.
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame

First round of __P removal in sys