Make recvmmsg and sendmmsg look more alike. change the flag type
to int like other flag parameters, NetBSD uses unsigned int, FreeBSD
and Linux do int.
OK bluhm@

add the sendmmsg syscall that allows sending multiple msghdrs at
once. libc, man page, and regress parts to come.
With input from jca@, bluhm@.
OK bluhm@

add the recvmmsg syscall that allows receiving multiple msghdrs at
once. libc, man page, and regress parts to come.
With input from jca@, guenther@, bluhm@.
OK bluhm@

pfctlinput() is already declared in <sys/protosw.h>, which is
more specific and appropriate, so delete it here

ok gnezdo@ deraadt@ jsg@ mpi@ millert@

Fix tpyo of ecma. Reported by Matthew (chohag at jtan dot com)

Forgot this directory in last commit for the UNIX-domain socket buffer
change.

Add feature to force the selection of source IP address

Based/previous work on an idea from deraadt@
Input from claudio@, djm@, deraadt@, sthen@

OK deraadt@

implement SO_DOMAIN and SO_PROTOCOL so that the domain and the protocol
can also be retrieved with getsockopt(3)
it looks like these will also be in the next issue of posix:
http://austingroupbugs.net/view.php?id=840#c2263

ok claudio@, sthen@

prepare sysctl net mib to allow runtime tuning of rx q pressure thresholds

this renames the PF_LINK bit of the mib from "link_layer" to "link".
then it makes it a node that could be used for generic link layer
bits. the first of these is an "ifrxq" node where the "pressure_return"
and "pressure_drop" things go.

ok visa@ deraadt@

AF_LOCAL was a failed attempt (by POSIX?) to seem less UNIX-specific, but
AF_UNIX is both the historical _and_ standard name, so prefer and recommend
it in the headers, manpages, and kernel.

ok miller@ deraadt@ schwarze@

new socketoption SO_ZEROIZE: zero out all mbufs sent over socket
ok deraadt bluhm

Introduce sstosa() for converting sockaddr_storage with a type safe
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@

Automatically create a default lo(4) interface per rdomain.

In order to stop abusing lo0 for all rdomains, a new loopback interface
will be created every time a rdomain is created. The unit number will
be the same as the rdomain, i.e. lo1 will be attached to rdomain 1.

If this loopback interface is already in use it wont be possible to create
the corresponding rdomain.

In order to know which lo(4) interface is attached to a rdomain, its index
is stored in the rtable/rdomain map.

This is a long overdue since the introduction of rtable/rdomain. It also
fixes a recent regression due to resetting the rdomain of an incoming
packet reported by semarie@, Andreas Bartelt and Nils Frohberg.

ok claudio@

Hide RT_TABLEID_MAX behind __BSD_VISIBLE

Alternate define location suggested by deraadt@ and kettenis@, ok kettenis@

More #include cleanup per POSIX:
- <sys/types.h>: don't pull in <sys/select.h>
- <sys/select.h>: don't pull in <sys/time.h>, but rather declare timeval
and timespec locally
- <sys/time.h>: *do* always pull in <sys/select.h>
- <sys/socket.h>: declare timeval if __BSD_VISIBLE for struct splice

Ports testing and fixed by ajacoutot@
ok deraadt@ millert@

Introduce a new sysctl NET_RT_IFNAMES that returns only ifnames to ifindex
mappings. This will be used by if_nameindex(3), if_nametoindex(3) and
if_indextoname(3) soon to fix the issues in pledge because of inet6 link
local addressing.
OK mpi@ benno@ deraadt@
The libc version will follow soon so better start updating your kernels

At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie

In socketpair(), need to mask the type argument when testing for dgram.

based on jeremy@'s diff
ok jeremy@ deraadt@

Delete option COMPAT_43: support for pre-sa_len binaries has been obsolete
for a couple decades. Keep the OSIOCGIFCONF ioctl to support COMPAT_LINUX
but move the rest of the Linux-specific ioctl() handling into linux_socket.c
This lets struct osockaddr finally move from sys/socket.h to protocols/talkd.h

ok krw@ deraadt@ mpi@

Per POSIX, <sys/socket.h> needs to expose struct iovec, and may do so
by pulling in <sys/uio.h>, so do so. Remove some stuff that we can trust
<sys/uio.h> to also provide, like cdefs.h, _types.h, and exposing size_t
and ssize_t

pointed out by naddy@
ok deraadt@

Add sockatmark()

ok millert@ manpage feedback jmc@

Add additional kernel interfaces for setting close-on-exec on fds
when creating them: pipe2(), dup3(), accept4(), MSG_CMSG_CLOEXEC,
SOCK_CLOEXEC. Includes SOCK_NONBLOCK support.

ok matthew@

Use internal types instead of the old BSD u_int#_t types in the
standard portion of the header.

Most of the diff from James Turner (james (at) calminferno.net)

Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.

Much ports testing of various versions by naddy@ and jasper@
ok matthew@, miller@

tedu struct omsghdr

SCM_CREDS can go away, since everything uses the newer APIs.
ports tree checked by naddy

remove IP_JUMBO, SO_JUMBO, and RTF_JUMBO.

no objection from mcbride@ krw@ markus@ deraadt@

add support for MSG_NOSIGNAL.
linux bits compiled on i386 by sebastia@, mikeb@ ok

Provide namespace-safe alignment macros in <machine/_types.h>, with
compat names kept in <machine/param.h>. In <sys/socket.h>, pull
in <sys/_types.h> instead of the namespace polluting <machine/param.h>
and completely eliminate __CMSG_ALIGN, replaced by _ALIGN

ok deraadt@

Remove COMPAT_OLDSOCK since no nothing sets MSG_COMPAT anymore.
The song and dance for handling 16-bit af_family on big-endian
machines remains untouched.
ok claudio miod tedu guenther

surround splice structure with __BSD_VISIBLE (the right one, noticed by
bluhm, jasper and millert -- an epic fail on my side), style nits from
deraadt, millert, ok guenther, kettenis, millert, ports tests by jasper

this must be included my previous commit.

Include PIPEX in kernel by default. And add new sysctl variable
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.

discussed with dlg@, ok deraadt@ mcbride@ claudio@

Implement an idle timeout for the socket splicing. A new `sp_idle'
field of the `splice' structure can be used to specify a period of
inactivity after which splicing will be dissolved. ETIMEDOUT error
retrieved with a SO_ERROR indicates the idle timeout expiration.
With comments from and OK bluhm.

Push COMPAT_FREEBSD in front of a whale. Buggy, out of date, no
one has been weeding it, and it makes life harder.

Toasts of Brennivin for its passing from many; diff ok henning@

Add socket option SO_SPLICE to splice together two TCP sockets.
The data received on the source socket will automatically be sent
on the drain socket. This allows to write relay daemons with zero
data copy.
ok markus@

remove compat_bsdos support

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

remove support for compat_sunos (and m68k4k). ok deraadt guenther

Put SO_PEERCRED into the non-flag area
suggested by guenther

remove compat_osf1 support from the kernel
ok deraadt miod

Add getsockopt SOL_SOCKET SO_PEERCRED support. This behaves similar to
getpeereid(2), but also supplies the remote pid. This is supplied in
a 'struct sockpeercred' (unlike Linux -- they showed how little they
know about real unix by calling theirs 'struct ucred').
ok guenther ajacoutot

Remove COMPAT_HPUX. No one wanted to support it and its fewmets were
blocking other cleanups
ok miod@

Implement a way to get information about a rtable. Currently only the rtableid
and rdomainid are returned. This is necessary to know where L2 information
of a table is stored (which will be needed soon by bgpd).
Also while there change the errno for non-existing routing tables to ENOENT.
'Fine' deraadt@

Add setrdomain() and getrdomain() system calls. Committing now to
catch the libc major bump per request from deraadt@

Diff by reyk.

ok guenther@

tab indent SO_RDOMAIN, like all the other SO_* defines.

Initial support for routing domains. This allows to bind interfaces to
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@

netstat statistics for pflow(4) via pseudo family

ok cluadio@ henning@

Add SO_BINDANY socket option from BSD/OS.

The option allows a socket to be bound to addresses which are not
local to the machine. In order to receive packets for these addresses
SO_BINDANY needs to be combined with matching outgoing pf(4) divert
rules, see pf.conf(5).

ok beck@

Make the SO_TIMESTAMP sockopt work. When set, this allows the user to
get a timestamp of when the datagram was accepted (by udp(4), for
example) rather than having to take a timestamp with gettimeofday(2)
when recv(2) returns - possibly several hundreds of microseconds later.
May be of use to those interested in precision network timing schemes
or QoS for media applications. Tested on alpha, amd64, i386 and sparc64.
manpage suggestions from jmc, ok deraadt

Import MPLS (Multi Protocol Label Switching)

MPLS support partly based on the (abandoned?) AYAME project.
Basic LSR (Label Switch Router) functionality is present, but not fully
functional yet.

It is currently possible to insert entries in the LIB (Label Information Base)
with route(8), but setting the operation type is not supported yet.

Imported to allow more people to work on this in the coming weeks.

ok claudio@ laurent@ dlg@

typos; ok jmc@
sys/dev/pci/pciide.c from naddy@

updatecomment and manpage toemtion optional seventh level (rtable id)
From: Pierre Riteau <pierre.riteau@free.fr>

Add sysctl to retrieve the routing table statisitcs. Will be used by netstat
instead of kvm access. OK henning@

Experimental support for opportunitic use of jumbograms where only some hosts
on the local network support them.

This adds a new socket option, SO_JUMBO, and a new route flag,
RTF_JUMBO. If _both_ the socket option is set and the route for the host
has RTF_JUMBO set, ip_output will fragment the packet to the largest
possible size for the link, ignoring the card's MTU.

The semantics of this feature will be evolving rapidly; talk to us
if you intend to use it.

ok deraadt@ marius@

Add sysctl for dumping the SPD
ok deraadt, ok markus some time ago

fix a typo, don't #define PF_RTIP to something nonmexistant
nothing in our tree uses it (well, would have been spotted then)
netbsd PR kern/29624 via jmc@, agreed on by claudio some time ago

First step in Bluetooth protocol stack support.

The code is adopted from the FreeBSD netgraph-based Bluetooth
implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but
all netgraph glue was replaced with usual BSD network stack
hooks. This is a work in progress. Only HCI layer works for now,
L2CAP and RFCOMM are on the way.

Help in testing from many, ok markus@.

add pfkey sysctl subtree; ok deraadt

sysctl knob for bpf tunables. some tips from canacar@
ok canacar@ deraadt@ mcbride@

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Explicit unsigned char and unsigned short instead of u_char, u_short.
Make these files usable with -D_POSIX_SOURCE
okay millert@

typo; krapht@secureops.com

typecast in CMSG_NXTHDR. spotted by hugh@openbsd

First round of __P removal in sys

Make msghdr fields usable from all languages.
ok millert@

remove duplicated decl of PF_INET6. found by kjc

branches: 1.39.4;
just as RFC2292 suggests, validate cmsg_controllen on CMSG_FIRSTHDR.
sync with kame.

implement djb's getpeereid(2), to allow local-domain servers to determine client credentials. mostly from superscript.com. deraadt@ ok

KNF

add BIOC[GS]HDRCMPLT ioctl for BPF, to disable overwriting of link level source address in forged frames. from NetBSD. art@ok

if COMPAT_OSF1 is defined, define COMPAT_OLDSOCK
and COMPAT_OLDTTY.

MSG_COMPAT is needed for COMPAT_BSDOS too.

hide CMSG_ALIGN from userland, it is not part of RFC2292/Posix.1g.

to be Posix.1g compliant, fix ancillary message alignment. it will now be
aligned to ALIGNBYTES (arch dependent).
NOTE: the change requires you to recompile IPv6 userland, if you are
on arch that is ALIGNBYTES != sizeof(long) - 1 (sparc seems to be it).
sorry for the mess.

fix alignment problem in ancillary data (alpha).

only ipv6 tools (which touches ancillary data) are affected.

From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>

branches: 1.30.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

sockaddr_storage; per rfc2553

rename sysctl names

sockaddr_union cannot be declared here, obviously, or in any other file that i know of

Changes to socket.h to include union sockaddr_union, temporarily add osdep.h,
until pfkey files are cleaned up.

sendto(2) takes socklen_t for length param

pasto

more uses of socklen_t

Use and document socklen_t

support MSG_BCAST and MSG_MCAST

add SO_NETPROC and CMSG_{FIRSTHDR,ALIGN,LEN,SPACE}; cmetz

Move in_addr_t and in_port_t to <sys/types.h> and add sa_family_t
and suseconds_t types for XPG4.2.

add SHUT_* values as defined by XPG4.2

Fix the CTLNET order.

Added PF_KEY definition.

Move AF_SIP and put AF_INET6 in the same location as BSD/OS.

I couldn't find any use of AF_SIP in the kernel, didn't check user land.

Moved everything to netinet/in.h, where they should have been in the
first place.

Per security-level defaults.

Can't make up my mind; i think this is final.

IPsec socket API.

Preliminaries for IPsec socket API.

IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz

undo last change.

wrong place for bindresvport() proto

struct sockaddr_in; prototype

int bindresvport __P((int sd, struct sockaddr_in *sin));

renumber AF_NATM to avoid a conflict with freebsd which put ISDN @ 26.
(i should have checked first)

add native mode atm socket type

From NetBSD: Merge with NetBSD 960217

branches: 1.1.1;
Initial revision

add the sendmmsg syscall that allows sending multiple msghdrs at
once. libc, man page, and regress parts to come.
With input from jca@, bluhm@.
OK bluhm@

add the recvmmsg syscall that allows receiving multiple msghdrs at
once. libc, man page, and regress parts to come.
With input from jca@, guenther@, bluhm@.
OK bluhm@

pfctlinput() is already declared in <sys/protosw.h>, which is
more specific and appropriate, so delete it here

ok gnezdo@ deraadt@ jsg@ mpi@ millert@

Fix tpyo of ecma. Reported by Matthew (chohag at jtan dot com)

Forgot this directory in last commit for the UNIX-domain socket buffer
change.

Add feature to force the selection of source IP address

Based/previous work on an idea from deraadt@
Input from claudio@, djm@, deraadt@, sthen@

OK deraadt@

implement SO_DOMAIN and SO_PROTOCOL so that the domain and the protocol
can also be retrieved with getsockopt(3)
it looks like these will also be in the next issue of posix:
http://austingroupbugs.net/view.php?id=840#c2263

ok claudio@, sthen@

prepare sysctl net mib to allow runtime tuning of rx q pressure thresholds

this renames the PF_LINK bit of the mib from "link_layer" to "link".
then it makes it a node that could be used for generic link layer
bits. the first of these is an "ifrxq" node where the "pressure_return"
and "pressure_drop" things go.

ok visa@ deraadt@

AF_LOCAL was a failed attempt (by POSIX?) to seem less UNIX-specific, but
AF_UNIX is both the historical _and_ standard name, so prefer and recommend
it in the headers, manpages, and kernel.

ok miller@ deraadt@ schwarze@

new socketoption SO_ZEROIZE: zero out all mbufs sent over socket
ok deraadt bluhm

Introduce sstosa() for converting sockaddr_storage with a type safe
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@

Automatically create a default lo(4) interface per rdomain.

In order to stop abusing lo0 for all rdomains, a new loopback interface
will be created every time a rdomain is created. The unit number will
be the same as the rdomain, i.e. lo1 will be attached to rdomain 1.

If this loopback interface is already in use it wont be possible to create
the corresponding rdomain.

In order to know which lo(4) interface is attached to a rdomain, its index
is stored in the rtable/rdomain map.

This is a long overdue since the introduction of rtable/rdomain. It also
fixes a recent regression due to resetting the rdomain of an incoming
packet reported by semarie@, Andreas Bartelt and Nils Frohberg.

ok claudio@

Hide RT_TABLEID_MAX behind __BSD_VISIBLE

Alternate define location suggested by deraadt@ and kettenis@, ok kettenis@

More #include cleanup per POSIX:
- <sys/types.h>: don't pull in <sys/select.h>
- <sys/select.h>: don't pull in <sys/time.h>, but rather declare timeval
and timespec locally
- <sys/time.h>: *do* always pull in <sys/select.h>
- <sys/socket.h>: declare timeval if __BSD_VISIBLE for struct splice

Ports testing and fixed by ajacoutot@
ok deraadt@ millert@

Introduce a new sysctl NET_RT_IFNAMES that returns only ifnames to ifindex
mappings. This will be used by if_nameindex(3), if_nametoindex(3) and
if_indextoname(3) soon to fix the issues in pledge because of inet6 link
local addressing.
OK mpi@ benno@ deraadt@
The libc version will follow soon so better start updating your kernels

At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie

In socketpair(), need to mask the type argument when testing for dgram.

based on jeremy@'s diff
ok jeremy@ deraadt@

Delete option COMPAT_43: support for pre-sa_len binaries has been obsolete
for a couple decades. Keep the OSIOCGIFCONF ioctl to support COMPAT_LINUX
but move the rest of the Linux-specific ioctl() handling into linux_socket.c
This lets struct osockaddr finally move from sys/socket.h to protocols/talkd.h

ok krw@ deraadt@ mpi@

Per POSIX, <sys/socket.h> needs to expose struct iovec, and may do so
by pulling in <sys/uio.h>, so do so. Remove some stuff that we can trust
<sys/uio.h> to also provide, like cdefs.h, _types.h, and exposing size_t
and ssize_t

pointed out by naddy@
ok deraadt@

Add sockatmark()

ok millert@ manpage feedback jmc@

Add additional kernel interfaces for setting close-on-exec on fds
when creating them: pipe2(), dup3(), accept4(), MSG_CMSG_CLOEXEC,
SOCK_CLOEXEC. Includes SOCK_NONBLOCK support.

ok matthew@

Use internal types instead of the old BSD u_int#_t types in the
standard portion of the header.

Most of the diff from James Turner (james (at) calminferno.net)

Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.

Much ports testing of various versions by naddy@ and jasper@
ok matthew@, miller@

tedu struct omsghdr

SCM_CREDS can go away, since everything uses the newer APIs.
ports tree checked by naddy

remove IP_JUMBO, SO_JUMBO, and RTF_JUMBO.

no objection from mcbride@ krw@ markus@ deraadt@

add support for MSG_NOSIGNAL.
linux bits compiled on i386 by sebastia@, mikeb@ ok

Provide namespace-safe alignment macros in <machine/_types.h>, with
compat names kept in <machine/param.h>. In <sys/socket.h>, pull
in <sys/_types.h> instead of the namespace polluting <machine/param.h>
and completely eliminate __CMSG_ALIGN, replaced by _ALIGN

ok deraadt@

Remove COMPAT_OLDSOCK since no nothing sets MSG_COMPAT anymore.
The song and dance for handling 16-bit af_family on big-endian
machines remains untouched.
ok claudio miod tedu guenther

surround splice structure with __BSD_VISIBLE (the right one, noticed by
bluhm, jasper and millert -- an epic fail on my side), style nits from
deraadt, millert, ok guenther, kettenis, millert, ports tests by jasper

this must be included my previous commit.

Include PIPEX in kernel by default. And add new sysctl variable
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.

discussed with dlg@, ok deraadt@ mcbride@ claudio@

Implement an idle timeout for the socket splicing. A new `sp_idle'
field of the `splice' structure can be used to specify a period of
inactivity after which splicing will be dissolved. ETIMEDOUT error
retrieved with a SO_ERROR indicates the idle timeout expiration.
With comments from and OK bluhm.

Push COMPAT_FREEBSD in front of a whale. Buggy, out of date, no
one has been weeding it, and it makes life harder.

Toasts of Brennivin for its passing from many; diff ok henning@

Add socket option SO_SPLICE to splice together two TCP sockets.
The data received on the source socket will automatically be sent
on the drain socket. This allows to write relay daemons with zero
data copy.
ok markus@

remove compat_bsdos support

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

remove support for compat_sunos (and m68k4k). ok deraadt guenther

Put SO_PEERCRED into the non-flag area
suggested by guenther

remove compat_osf1 support from the kernel
ok deraadt miod

Add getsockopt SOL_SOCKET SO_PEERCRED support. This behaves similar to
getpeereid(2), but also supplies the remote pid. This is supplied in
a 'struct sockpeercred' (unlike Linux -- they showed how little they
know about real unix by calling theirs 'struct ucred').
ok guenther ajacoutot

Remove COMPAT_HPUX. No one wanted to support it and its fewmets were
blocking other cleanups
ok miod@

Implement a way to get information about a rtable. Currently only the rtableid
and rdomainid are returned. This is necessary to know where L2 information
of a table is stored (which will be needed soon by bgpd).
Also while there change the errno for non-existing routing tables to ENOENT.
'Fine' deraadt@

Add setrdomain() and getrdomain() system calls. Committing now to
catch the libc major bump per request from deraadt@

Diff by reyk.

ok guenther@

tab indent SO_RDOMAIN, like all the other SO_* defines.

Initial support for routing domains. This allows to bind interfaces to
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@

netstat statistics for pflow(4) via pseudo family

ok cluadio@ henning@

Add SO_BINDANY socket option from BSD/OS.

The option allows a socket to be bound to addresses which are not
local to the machine. In order to receive packets for these addresses
SO_BINDANY needs to be combined with matching outgoing pf(4) divert
rules, see pf.conf(5).

ok beck@

Make the SO_TIMESTAMP sockopt work. When set, this allows the user to
get a timestamp of when the datagram was accepted (by udp(4), for
example) rather than having to take a timestamp with gettimeofday(2)
when recv(2) returns - possibly several hundreds of microseconds later.
May be of use to those interested in precision network timing schemes
or QoS for media applications. Tested on alpha, amd64, i386 and sparc64.
manpage suggestions from jmc, ok deraadt

Import MPLS (Multi Protocol Label Switching)

MPLS support partly based on the (abandoned?) AYAME project.
Basic LSR (Label Switch Router) functionality is present, but not fully
functional yet.

It is currently possible to insert entries in the LIB (Label Information Base)
with route(8), but setting the operation type is not supported yet.

Imported to allow more people to work on this in the coming weeks.

ok claudio@ laurent@ dlg@

typos; ok jmc@
sys/dev/pci/pciide.c from naddy@

updatecomment and manpage toemtion optional seventh level (rtable id)
From: Pierre Riteau <pierre.riteau@free.fr>

Add sysctl to retrieve the routing table statisitcs. Will be used by netstat
instead of kvm access. OK henning@

Experimental support for opportunitic use of jumbograms where only some hosts
on the local network support them.

This adds a new socket option, SO_JUMBO, and a new route flag,
RTF_JUMBO. If _both_ the socket option is set and the route for the host
has RTF_JUMBO set, ip_output will fragment the packet to the largest
possible size for the link, ignoring the card's MTU.

The semantics of this feature will be evolving rapidly; talk to us
if you intend to use it.

ok deraadt@ marius@

Add sysctl for dumping the SPD
ok deraadt, ok markus some time ago

fix a typo, don't #define PF_RTIP to something nonmexistant
nothing in our tree uses it (well, would have been spotted then)
netbsd PR kern/29624 via jmc@, agreed on by claudio some time ago

First step in Bluetooth protocol stack support.

The code is adopted from the FreeBSD netgraph-based Bluetooth
implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but
all netgraph glue was replaced with usual BSD network stack
hooks. This is a work in progress. Only HCI layer works for now,
L2CAP and RFCOMM are on the way.

Help in testing from many, ok markus@.

add pfkey sysctl subtree; ok deraadt

sysctl knob for bpf tunables. some tips from canacar@
ok canacar@ deraadt@ mcbride@

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Explicit unsigned char and unsigned short instead of u_char, u_short.
Make these files usable with -D_POSIX_SOURCE
okay millert@

typo; krapht@secureops.com

typecast in CMSG_NXTHDR. spotted by hugh@openbsd

First round of __P removal in sys

Make msghdr fields usable from all languages.
ok millert@

remove duplicated decl of PF_INET6. found by kjc

branches: 1.39.4;
just as RFC2292 suggests, validate cmsg_controllen on CMSG_FIRSTHDR.
sync with kame.

implement djb's getpeereid(2), to allow local-domain servers to determine client credentials. mostly from superscript.com. deraadt@ ok

KNF

add BIOC[GS]HDRCMPLT ioctl for BPF, to disable overwriting of link level source address in forged frames. from NetBSD. art@ok

if COMPAT_OSF1 is defined, define COMPAT_OLDSOCK
and COMPAT_OLDTTY.

MSG_COMPAT is needed for COMPAT_BSDOS too.

hide CMSG_ALIGN from userland, it is not part of RFC2292/Posix.1g.

to be Posix.1g compliant, fix ancillary message alignment. it will now be
aligned to ALIGNBYTES (arch dependent).
NOTE: the change requires you to recompile IPv6 userland, if you are
on arch that is ALIGNBYTES != sizeof(long) - 1 (sparc seems to be it).
sorry for the mess.

fix alignment problem in ancillary data (alpha).

only ipv6 tools (which touches ancillary data) are affected.

From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>

branches: 1.30.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

sockaddr_storage; per rfc2553

rename sysctl names

sockaddr_union cannot be declared here, obviously, or in any other file that i know of

Changes to socket.h to include union sockaddr_union, temporarily add osdep.h,
until pfkey files are cleaned up.

sendto(2) takes socklen_t for length param

pasto

more uses of socklen_t

Use and document socklen_t

support MSG_BCAST and MSG_MCAST

add SO_NETPROC and CMSG_{FIRSTHDR,ALIGN,LEN,SPACE}; cmetz

Move in_addr_t and in_port_t to <sys/types.h> and add sa_family_t
and suseconds_t types for XPG4.2.

add SHUT_* values as defined by XPG4.2

Fix the CTLNET order.

Added PF_KEY definition.

Move AF_SIP and put AF_INET6 in the same location as BSD/OS.

I couldn't find any use of AF_SIP in the kernel, didn't check user land.

Moved everything to netinet/in.h, where they should have been in the
first place.

Per security-level defaults.

Can't make up my mind; i think this is final.

IPsec socket API.

Preliminaries for IPsec socket API.

IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz

undo last change.

wrong place for bindresvport() proto

struct sockaddr_in; prototype

int bindresvport __P((int sd, struct sockaddr_in *sin));

renumber AF_NATM to avoid a conflict with freebsd which put ISDN @ 26.
(i should have checked first)

add native mode atm socket type

From NetBSD: Merge with NetBSD 960217

branches: 1.1.1;
Initial revision

pfctlinput() is already declared in <sys/protosw.h>, which is
more specific and appropriate, so delete it here

ok gnezdo@ deraadt@ jsg@ mpi@ millert@

Fix tpyo of ecma. Reported by Matthew (chohag at jtan dot com)

Forgot this directory in last commit for the UNIX-domain socket buffer
change.

Add feature to force the selection of source IP address

Based/previous work on an idea from deraadt@
Input from claudio@, djm@, deraadt@, sthen@

OK deraadt@

implement SO_DOMAIN and SO_PROTOCOL so that the domain and the protocol
can also be retrieved with getsockopt(3)
it looks like these will also be in the next issue of posix:
http://austingroupbugs.net/view.php?id=840#c2263

ok claudio@, sthen@

prepare sysctl net mib to allow runtime tuning of rx q pressure thresholds

this renames the PF_LINK bit of the mib from "link_layer" to "link".
then it makes it a node that could be used for generic link layer
bits. the first of these is an "ifrxq" node where the "pressure_return"
and "pressure_drop" things go.

ok visa@ deraadt@

AF_LOCAL was a failed attempt (by POSIX?) to seem less UNIX-specific, but
AF_UNIX is both the historical _and_ standard name, so prefer and recommend
it in the headers, manpages, and kernel.

ok miller@ deraadt@ schwarze@

new socketoption SO_ZEROIZE: zero out all mbufs sent over socket
ok deraadt bluhm

Introduce sstosa() for converting sockaddr_storage with a type safe
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@

Automatically create a default lo(4) interface per rdomain.

In order to stop abusing lo0 for all rdomains, a new loopback interface
will be created every time a rdomain is created. The unit number will
be the same as the rdomain, i.e. lo1 will be attached to rdomain 1.

If this loopback interface is already in use it wont be possible to create
the corresponding rdomain.

In order to know which lo(4) interface is attached to a rdomain, its index
is stored in the rtable/rdomain map.

This is a long overdue since the introduction of rtable/rdomain. It also
fixes a recent regression due to resetting the rdomain of an incoming
packet reported by semarie@, Andreas Bartelt and Nils Frohberg.

ok claudio@

Hide RT_TABLEID_MAX behind __BSD_VISIBLE

Alternate define location suggested by deraadt@ and kettenis@, ok kettenis@

More #include cleanup per POSIX:
- <sys/types.h>: don't pull in <sys/select.h>
- <sys/select.h>: don't pull in <sys/time.h>, but rather declare timeval
and timespec locally
- <sys/time.h>: *do* always pull in <sys/select.h>
- <sys/socket.h>: declare timeval if __BSD_VISIBLE for struct splice

Ports testing and fixed by ajacoutot@
ok deraadt@ millert@

Introduce a new sysctl NET_RT_IFNAMES that returns only ifnames to ifindex
mappings. This will be used by if_nameindex(3), if_nametoindex(3) and
if_indextoname(3) soon to fix the issues in pledge because of inet6 link
local addressing.
OK mpi@ benno@ deraadt@
The libc version will follow soon so better start updating your kernels

At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie

In socketpair(), need to mask the type argument when testing for dgram.

based on jeremy@'s diff
ok jeremy@ deraadt@

Delete option COMPAT_43: support for pre-sa_len binaries has been obsolete
for a couple decades. Keep the OSIOCGIFCONF ioctl to support COMPAT_LINUX
but move the rest of the Linux-specific ioctl() handling into linux_socket.c
This lets struct osockaddr finally move from sys/socket.h to protocols/talkd.h

ok krw@ deraadt@ mpi@

Per POSIX, <sys/socket.h> needs to expose struct iovec, and may do so
by pulling in <sys/uio.h>, so do so. Remove some stuff that we can trust
<sys/uio.h> to also provide, like cdefs.h, _types.h, and exposing size_t
and ssize_t

pointed out by naddy@
ok deraadt@

Add sockatmark()

ok millert@ manpage feedback jmc@

Add additional kernel interfaces for setting close-on-exec on fds
when creating them: pipe2(), dup3(), accept4(), MSG_CMSG_CLOEXEC,
SOCK_CLOEXEC. Includes SOCK_NONBLOCK support.

ok matthew@

Use internal types instead of the old BSD u_int#_t types in the
standard portion of the header.

Most of the diff from James Turner (james (at) calminferno.net)

Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.

Much ports testing of various versions by naddy@ and jasper@
ok matthew@, miller@

tedu struct omsghdr

SCM_CREDS can go away, since everything uses the newer APIs.
ports tree checked by naddy

remove IP_JUMBO, SO_JUMBO, and RTF_JUMBO.

no objection from mcbride@ krw@ markus@ deraadt@

add support for MSG_NOSIGNAL.
linux bits compiled on i386 by sebastia@, mikeb@ ok

Provide namespace-safe alignment macros in <machine/_types.h>, with
compat names kept in <machine/param.h>. In <sys/socket.h>, pull
in <sys/_types.h> instead of the namespace polluting <machine/param.h>
and completely eliminate __CMSG_ALIGN, replaced by _ALIGN

ok deraadt@

Remove COMPAT_OLDSOCK since no nothing sets MSG_COMPAT anymore.
The song and dance for handling 16-bit af_family on big-endian
machines remains untouched.
ok claudio miod tedu guenther

surround splice structure with __BSD_VISIBLE (the right one, noticed by
bluhm, jasper and millert -- an epic fail on my side), style nits from
deraadt, millert, ok guenther, kettenis, millert, ports tests by jasper

this must be included my previous commit.

Include PIPEX in kernel by default. And add new sysctl variable
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.

discussed with dlg@, ok deraadt@ mcbride@ claudio@

Implement an idle timeout for the socket splicing. A new `sp_idle'
field of the `splice' structure can be used to specify a period of
inactivity after which splicing will be dissolved. ETIMEDOUT error
retrieved with a SO_ERROR indicates the idle timeout expiration.
With comments from and OK bluhm.

Push COMPAT_FREEBSD in front of a whale. Buggy, out of date, no
one has been weeding it, and it makes life harder.

Toasts of Brennivin for its passing from many; diff ok henning@

Add socket option SO_SPLICE to splice together two TCP sockets.
The data received on the source socket will automatically be sent
on the drain socket. This allows to write relay daemons with zero
data copy.
ok markus@

remove compat_bsdos support

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

remove support for compat_sunos (and m68k4k). ok deraadt guenther

Put SO_PEERCRED into the non-flag area
suggested by guenther

remove compat_osf1 support from the kernel
ok deraadt miod

Add getsockopt SOL_SOCKET SO_PEERCRED support. This behaves similar to
getpeereid(2), but also supplies the remote pid. This is supplied in
a 'struct sockpeercred' (unlike Linux -- they showed how little they
know about real unix by calling theirs 'struct ucred').
ok guenther ajacoutot

Remove COMPAT_HPUX. No one wanted to support it and its fewmets were
blocking other cleanups
ok miod@

Implement a way to get information about a rtable. Currently only the rtableid
and rdomainid are returned. This is necessary to know where L2 information
of a table is stored (which will be needed soon by bgpd).
Also while there change the errno for non-existing routing tables to ENOENT.
'Fine' deraadt@

Add setrdomain() and getrdomain() system calls. Committing now to
catch the libc major bump per request from deraadt@

Diff by reyk.

ok guenther@

tab indent SO_RDOMAIN, like all the other SO_* defines.

Initial support for routing domains. This allows to bind interfaces to
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@

netstat statistics for pflow(4) via pseudo family

ok cluadio@ henning@

Add SO_BINDANY socket option from BSD/OS.

The option allows a socket to be bound to addresses which are not
local to the machine. In order to receive packets for these addresses
SO_BINDANY needs to be combined with matching outgoing pf(4) divert
rules, see pf.conf(5).

ok beck@

Make the SO_TIMESTAMP sockopt work. When set, this allows the user to
get a timestamp of when the datagram was accepted (by udp(4), for
example) rather than having to take a timestamp with gettimeofday(2)
when recv(2) returns - possibly several hundreds of microseconds later.
May be of use to those interested in precision network timing schemes
or QoS for media applications. Tested on alpha, amd64, i386 and sparc64.
manpage suggestions from jmc, ok deraadt

Import MPLS (Multi Protocol Label Switching)

MPLS support partly based on the (abandoned?) AYAME project.
Basic LSR (Label Switch Router) functionality is present, but not fully
functional yet.

It is currently possible to insert entries in the LIB (Label Information Base)
with route(8), but setting the operation type is not supported yet.

Imported to allow more people to work on this in the coming weeks.

ok claudio@ laurent@ dlg@

typos; ok jmc@
sys/dev/pci/pciide.c from naddy@

updatecomment and manpage toemtion optional seventh level (rtable id)
From: Pierre Riteau <pierre.riteau@free.fr>

Add sysctl to retrieve the routing table statisitcs. Will be used by netstat
instead of kvm access. OK henning@

Experimental support for opportunitic use of jumbograms where only some hosts
on the local network support them.

This adds a new socket option, SO_JUMBO, and a new route flag,
RTF_JUMBO. If _both_ the socket option is set and the route for the host
has RTF_JUMBO set, ip_output will fragment the packet to the largest
possible size for the link, ignoring the card's MTU.

The semantics of this feature will be evolving rapidly; talk to us
if you intend to use it.

ok deraadt@ marius@

Add sysctl for dumping the SPD
ok deraadt, ok markus some time ago

fix a typo, don't #define PF_RTIP to something nonmexistant
nothing in our tree uses it (well, would have been spotted then)
netbsd PR kern/29624 via jmc@, agreed on by claudio some time ago

First step in Bluetooth protocol stack support.

The code is adopted from the FreeBSD netgraph-based Bluetooth
implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but
all netgraph glue was replaced with usual BSD network stack
hooks. This is a work in progress. Only HCI layer works for now,
L2CAP and RFCOMM are on the way.

Help in testing from many, ok markus@.

add pfkey sysctl subtree; ok deraadt

sysctl knob for bpf tunables. some tips from canacar@
ok canacar@ deraadt@ mcbride@

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Explicit unsigned char and unsigned short instead of u_char, u_short.
Make these files usable with -D_POSIX_SOURCE
okay millert@

typo; krapht@secureops.com

typecast in CMSG_NXTHDR. spotted by hugh@openbsd

First round of __P removal in sys

Make msghdr fields usable from all languages.
ok millert@

remove duplicated decl of PF_INET6. found by kjc

branches: 1.39.4;
just as RFC2292 suggests, validate cmsg_controllen on CMSG_FIRSTHDR.
sync with kame.

implement djb's getpeereid(2), to allow local-domain servers to determine client credentials. mostly from superscript.com. deraadt@ ok

KNF

add BIOC[GS]HDRCMPLT ioctl for BPF, to disable overwriting of link level source address in forged frames. from NetBSD. art@ok

if COMPAT_OSF1 is defined, define COMPAT_OLDSOCK
and COMPAT_OLDTTY.

MSG_COMPAT is needed for COMPAT_BSDOS too.

hide CMSG_ALIGN from userland, it is not part of RFC2292/Posix.1g.

to be Posix.1g compliant, fix ancillary message alignment. it will now be
aligned to ALIGNBYTES (arch dependent).
NOTE: the change requires you to recompile IPv6 userland, if you are
on arch that is ALIGNBYTES != sizeof(long) - 1 (sparc seems to be it).
sorry for the mess.

fix alignment problem in ancillary data (alpha).

only ipv6 tools (which touches ancillary data) are affected.

From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>

branches: 1.30.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

sockaddr_storage; per rfc2553

rename sysctl names

sockaddr_union cannot be declared here, obviously, or in any other file that i know of

Changes to socket.h to include union sockaddr_union, temporarily add osdep.h,
until pfkey files are cleaned up.

sendto(2) takes socklen_t for length param

pasto

more uses of socklen_t

Use and document socklen_t

support MSG_BCAST and MSG_MCAST

add SO_NETPROC and CMSG_{FIRSTHDR,ALIGN,LEN,SPACE}; cmetz

Move in_addr_t and in_port_t to <sys/types.h> and add sa_family_t
and suseconds_t types for XPG4.2.

add SHUT_* values as defined by XPG4.2

Fix the CTLNET order.

Added PF_KEY definition.

Move AF_SIP and put AF_INET6 in the same location as BSD/OS.

I couldn't find any use of AF_SIP in the kernel, didn't check user land.

Moved everything to netinet/in.h, where they should have been in the
first place.

Per security-level defaults.

Can't make up my mind; i think this is final.

IPsec socket API.

Preliminaries for IPsec socket API.

IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz

undo last change.

wrong place for bindresvport() proto

struct sockaddr_in; prototype

int bindresvport __P((int sd, struct sockaddr_in *sin));

renumber AF_NATM to avoid a conflict with freebsd which put ISDN @ 26.
(i should have checked first)

add native mode atm socket type

From NetBSD: Merge with NetBSD 960217

branches: 1.1.1;
Initial revision

Fix tpyo of ecma. Reported by Matthew (chohag at jtan dot com)

Forgot this directory in last commit for the UNIX-domain socket buffer
change.

Add feature to force the selection of source IP address

Based/previous work on an idea from deraadt@
Input from claudio@, djm@, deraadt@, sthen@

OK deraadt@

implement SO_DOMAIN and SO_PROTOCOL so that the domain and the protocol
can also be retrieved with getsockopt(3)
it looks like these will also be in the next issue of posix:
http://austingroupbugs.net/view.php?id=840#c2263

ok claudio@, sthen@

prepare sysctl net mib to allow runtime tuning of rx q pressure thresholds

this renames the PF_LINK bit of the mib from "link_layer" to "link".
then it makes it a node that could be used for generic link layer
bits. the first of these is an "ifrxq" node where the "pressure_return"
and "pressure_drop" things go.

ok visa@ deraadt@

AF_LOCAL was a failed attempt (by POSIX?) to seem less UNIX-specific, but
AF_UNIX is both the historical _and_ standard name, so prefer and recommend
it in the headers, manpages, and kernel.

ok miller@ deraadt@ schwarze@

new socketoption SO_ZEROIZE: zero out all mbufs sent over socket
ok deraadt bluhm

Introduce sstosa() for converting sockaddr_storage with a type safe
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@

Automatically create a default lo(4) interface per rdomain.

In order to stop abusing lo0 for all rdomains, a new loopback interface
will be created every time a rdomain is created. The unit number will
be the same as the rdomain, i.e. lo1 will be attached to rdomain 1.

If this loopback interface is already in use it wont be possible to create
the corresponding rdomain.

In order to know which lo(4) interface is attached to a rdomain, its index
is stored in the rtable/rdomain map.

This is a long overdue since the introduction of rtable/rdomain. It also
fixes a recent regression due to resetting the rdomain of an incoming
packet reported by semarie@, Andreas Bartelt and Nils Frohberg.

ok claudio@

Hide RT_TABLEID_MAX behind __BSD_VISIBLE

Alternate define location suggested by deraadt@ and kettenis@, ok kettenis@

More #include cleanup per POSIX:
- <sys/types.h>: don't pull in <sys/select.h>
- <sys/select.h>: don't pull in <sys/time.h>, but rather declare timeval
and timespec locally
- <sys/time.h>: *do* always pull in <sys/select.h>
- <sys/socket.h>: declare timeval if __BSD_VISIBLE for struct splice

Ports testing and fixed by ajacoutot@
ok deraadt@ millert@

Introduce a new sysctl NET_RT_IFNAMES that returns only ifnames to ifindex
mappings. This will be used by if_nameindex(3), if_nametoindex(3) and
if_indextoname(3) soon to fix the issues in pledge because of inet6 link
local addressing.
OK mpi@ benno@ deraadt@
The libc version will follow soon so better start updating your kernels

At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie

In socketpair(), need to mask the type argument when testing for dgram.

based on jeremy@'s diff
ok jeremy@ deraadt@

Delete option COMPAT_43: support for pre-sa_len binaries has been obsolete
for a couple decades. Keep the OSIOCGIFCONF ioctl to support COMPAT_LINUX
but move the rest of the Linux-specific ioctl() handling into linux_socket.c
This lets struct osockaddr finally move from sys/socket.h to protocols/talkd.h

ok krw@ deraadt@ mpi@

Per POSIX, <sys/socket.h> needs to expose struct iovec, and may do so
by pulling in <sys/uio.h>, so do so. Remove some stuff that we can trust
<sys/uio.h> to also provide, like cdefs.h, _types.h, and exposing size_t
and ssize_t

pointed out by naddy@
ok deraadt@

Add sockatmark()

ok millert@ manpage feedback jmc@

Add additional kernel interfaces for setting close-on-exec on fds
when creating them: pipe2(), dup3(), accept4(), MSG_CMSG_CLOEXEC,
SOCK_CLOEXEC. Includes SOCK_NONBLOCK support.

ok matthew@

Use internal types instead of the old BSD u_int#_t types in the
standard portion of the header.

Most of the diff from James Turner (james (at) calminferno.net)

Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.

Much ports testing of various versions by naddy@ and jasper@
ok matthew@, miller@

tedu struct omsghdr

SCM_CREDS can go away, since everything uses the newer APIs.
ports tree checked by naddy

remove IP_JUMBO, SO_JUMBO, and RTF_JUMBO.

no objection from mcbride@ krw@ markus@ deraadt@

add support for MSG_NOSIGNAL.
linux bits compiled on i386 by sebastia@, mikeb@ ok

Provide namespace-safe alignment macros in <machine/_types.h>, with
compat names kept in <machine/param.h>. In <sys/socket.h>, pull
in <sys/_types.h> instead of the namespace polluting <machine/param.h>
and completely eliminate __CMSG_ALIGN, replaced by _ALIGN

ok deraadt@

Remove COMPAT_OLDSOCK since no nothing sets MSG_COMPAT anymore.
The song and dance for handling 16-bit af_family on big-endian
machines remains untouched.
ok claudio miod tedu guenther

surround splice structure with __BSD_VISIBLE (the right one, noticed by
bluhm, jasper and millert -- an epic fail on my side), style nits from
deraadt, millert, ok guenther, kettenis, millert, ports tests by jasper

this must be included my previous commit.

Include PIPEX in kernel by default. And add new sysctl variable
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.

discussed with dlg@, ok deraadt@ mcbride@ claudio@

Implement an idle timeout for the socket splicing. A new `sp_idle'
field of the `splice' structure can be used to specify a period of
inactivity after which splicing will be dissolved. ETIMEDOUT error
retrieved with a SO_ERROR indicates the idle timeout expiration.
With comments from and OK bluhm.

Push COMPAT_FREEBSD in front of a whale. Buggy, out of date, no
one has been weeding it, and it makes life harder.

Toasts of Brennivin for its passing from many; diff ok henning@

Add socket option SO_SPLICE to splice together two TCP sockets.
The data received on the source socket will automatically be sent
on the drain socket. This allows to write relay daemons with zero
data copy.
ok markus@

remove compat_bsdos support

Fix the naming of interfaces and variables for rdomains and rtables
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.

Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.

Written by claudio@, criticized^Wcritiqued by me

remove support for compat_sunos (and m68k4k). ok deraadt guenther

Put SO_PEERCRED into the non-flag area
suggested by guenther

remove compat_osf1 support from the kernel
ok deraadt miod

Add getsockopt SOL_SOCKET SO_PEERCRED support. This behaves similar to
getpeereid(2), but also supplies the remote pid. This is supplied in
a 'struct sockpeercred' (unlike Linux -- they showed how little they
know about real unix by calling theirs 'struct ucred').
ok guenther ajacoutot

Remove COMPAT_HPUX. No one wanted to support it and its fewmets were
blocking other cleanups
ok miod@

Implement a way to get information about a rtable. Currently only the rtableid
and rdomainid are returned. This is necessary to know where L2 information
of a table is stored (which will be needed soon by bgpd).
Also while there change the errno for non-existing routing tables to ENOENT.
'Fine' deraadt@

Add setrdomain() and getrdomain() system calls. Committing now to
catch the libc major bump per request from deraadt@

Diff by reyk.

ok guenther@

tab indent SO_RDOMAIN, like all the other SO_* defines.

Initial support for routing domains. This allows to bind interfaces to
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@

netstat statistics for pflow(4) via pseudo family

ok cluadio@ henning@

Add SO_BINDANY socket option from BSD/OS.

The option allows a socket to be bound to addresses which are not
local to the machine. In order to receive packets for these addresses
SO_BINDANY needs to be combined with matching outgoing pf(4) divert
rules, see pf.conf(5).

ok beck@

Make the SO_TIMESTAMP sockopt work. When set, this allows the user to
get a timestamp of when the datagram was accepted (by udp(4), for
example) rather than having to take a timestamp with gettimeofday(2)
when recv(2) returns - possibly several hundreds of microseconds later.
May be of use to those interested in precision network timing schemes
or QoS for media applications. Tested on alpha, amd64, i386 and sparc64.
manpage suggestions from jmc, ok deraadt

Import MPLS (Multi Protocol Label Switching)

MPLS support partly based on the (abandoned?) AYAME project.
Basic LSR (Label Switch Router) functionality is present, but not fully
functional yet.

It is currently possible to insert entries in the LIB (Label Information Base)
with route(8), but setting the operation type is not supported yet.

Imported to allow more people to work on this in the coming weeks.

ok claudio@ laurent@ dlg@

typos; ok jmc@
sys/dev/pci/pciide.c from naddy@

updatecomment and manpage toemtion optional seventh level (rtable id)
From: Pierre Riteau <pierre.riteau@free.fr>

Add sysctl to retrieve the routing table statisitcs. Will be used by netstat
instead of kvm access. OK henning@

Experimental support for opportunitic use of jumbograms where only some hosts
on the local network support them.

This adds a new socket option, SO_JUMBO, and a new route flag,
RTF_JUMBO. If _both_ the socket option is set and the route for the host
has RTF_JUMBO set, ip_output will fragment the packet to the largest
possible size for the link, ignoring the card's MTU.

The semantics of this feature will be evolving rapidly; talk to us
if you intend to use it.

ok deraadt@ marius@

Add sysctl for dumping the SPD
ok deraadt, ok markus some time ago

fix a typo, don't #define PF_RTIP to something nonmexistant
nothing in our tree uses it (well, would have been spotted then)
netbsd PR kern/29624 via jmc@, agreed on by claudio some time ago

First step in Bluetooth protocol stack support.

The code is adopted from the FreeBSD netgraph-based Bluetooth
implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but
all netgraph glue was replaced with usual BSD network stack
hooks. This is a work in progress. Only HCI layer works for now,
L2CAP and RFCOMM are on the way.

Help in testing from many, ok markus@.

add pfkey sysctl subtree; ok deraadt

sysctl knob for bpf tunables. some tips from canacar@
ok canacar@ deraadt@ mcbride@

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

Explicit unsigned char and unsigned short instead of u_char, u_short.
Make these files usable with -D_POSIX_SOURCE
okay millert@

typo; krapht@secureops.com

typecast in CMSG_NXTHDR. spotted by hugh@openbsd

First round of __P removal in sys

Make msghdr fields usable from all languages.
ok millert@

remove duplicated decl of PF_INET6. found by kjc

branches: 1.39.4;
just as RFC2292 suggests, validate cmsg_controllen on CMSG_FIRSTHDR.
sync with kame.

implement djb's getpeereid(2), to allow local-domain servers to determine client credentials. mostly from superscript.com. deraadt@ ok

KNF

add BIOC[GS]HDRCMPLT ioctl for BPF, to disable overwriting of link level source address in forged frames. from NetBSD. art@ok

if COMPAT_OSF1 is defined, define COMPAT_OLDSOCK
and COMPAT_OLDTTY.

MSG_COMPAT is needed for COMPAT_BSDOS too.

hide CMSG_ALIGN from userland, it is not part of RFC2292/Posix.1g.

to be Posix.1g compliant, fix ancillary message alignment. it will now be
aligned to ALIGNBYTES (arch dependent).
NOTE: the change requires you to recompile IPv6 userland, if you are
on arch that is ALIGNBYTES != sizeof(long) - 1 (sparc seems to be it).
sorry for the mess.

fix alignment problem in ancillary data (alpha).

only ipv6 tools (which touches ancillary data) are affected.

From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>

branches: 1.30.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.

GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).

sockaddr_storage; per rfc2553

rename sysctl names

sockaddr_union cannot be declared here, obviously, or in any other file that i know of

Changes to socket.h to include union sockaddr_union, temporarily add osdep.h,
until pfkey files are cleaned up.

sendto(2) takes socklen_t for length param

pasto

more uses of socklen_t

Use and document socklen_t

support MSG_BCAST and MSG_MCAST

add SO_NETPROC and CMSG_{FIRSTHDR,ALIGN,LEN,SPACE}; cmetz

Move in_addr_t and in_port_t to <sys/types.h> and add sa_family_t
and suseconds_t types for XPG4.2.

add SHUT_* values as defined by XPG4.2

Fix the CTLNET order.

Added PF_KEY definition.

Move AF_SIP and put AF_INET6 in the same location as BSD/OS.

I couldn't find any use of AF_SIP in the kernel, didn't check user land.

Moved everything to netinet/in.h, where they should have been in the
first place.

Per security-level defaults.

Can't make up my mind; i think this is final.

IPsec socket API.

Preliminaries for IPsec socket API.

IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz

undo last change.

wrong place for bindresvport() proto

struct sockaddr_in; prototype

int bindresvport __P((int sd, struct sockaddr_in *sin));

renumber AF_NATM to avoid a conflict with freebsd which put ISDN @ 26.
(i should have checked first)

add native mode atm socket type

From NetBSD: Merge with NetBSD 960217

branches: 1.1.1;
Initial revision

Forgot this directory in last commit for the UNIX-domain socket buffer
change.

Add feature to force the selection of source IP address

Based/previous work on an idea from deraadt@
Input from claudio@, djm@, deraadt@, sthen@

OK deraadt@

implement SO_DOMAIN and SO_PROTOCOL so that the domain and the protocol
can also be retrieved with getsockopt(3)
it looks like these will also be in the next issue of posix:
http://austingroupbugs.net/view.php?id=840#c2263

ok claudio@, sthen@

prepare sysctl net mib to allow runtime tuning of rx q pressure thresholds

this renames the PF_LINK bit of the mib from "link_layer" to "link".
then it makes it a node that could be used for generic link layer
bits. the first of these is an "ifrxq" node where the "pressure_return"
and "pressure_drop" things go.

ok visa@ deraadt@

AF_LOCAL was a failed attempt (by POSIX?) to seem less UNIX-specific, but
AF_UNIX is both the historical _and_ standard name, so prefer and recommend
it in the headers, manpages, and kernel.

ok miller@ deraadt@ schwarze@

new socketoption SO_ZEROIZE: zero out all mbufs sent over socket
ok deraadt bluhm

Introduce sstosa() for converting sockaddr_storage with a type safe
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@