MFS r260638 (MFC r260636):

Fix bsnmpd remote denial of service vulnerability.

Reported by: dinoex
Submitted by: harti
Security: FreeBSD-SA-14:01.bsnmpd
Security: CVE-2014-1452
Approved by: re (gjb)

- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Register OID for HAST module.

MFC after: 2 weeks

Restore the ipNetToMedia MIB, that was broken with new ARP commit
in the r186119.

Submitted by: Konstantin Kukushkin <dark rambler-co.ru>

Clean some 'svn:executable' properties in the tree.

Submitted by: Christoph Mallon
MFC after: 3 days

Looks like support.h is really not needed here.

put another bandaid on the build until i figure out bsnmp headers

fix build

MFC after: 1 week

Re-do r240271:
- Set IP_RECVDSTADDR sockopt on the socket only in case if
it is INADDR_ANY bound.
- Supply IP_SENDSRCADDR control message only if we did receive
IP_RECVDSTADDR control message.

This fixes operation of snmpd bound to a specific local IP address.

PR: bin/171279

For UDP transport set IP_RECVDSTADDR sockopt on the socket, and provide
IP_SENDSRCADDR control with datagram message we reply with. This makes
bsnmpd reply from exactly same address that request was sent to, thus
successfully bypassing stateful firewalls or other kinds of strict checking.

PR: bin/171279

The first part of check_priv() function, that attempts to obtain creds
from the control message, actually never worked. This means check_priv()
didn't work for local dgram sockets.

The SCM_CREDS control messages is received only in two cases:

1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case
the message is struct sockcred.
2) If sender did supplied SCM_CREDS control message in his sendmsg()
syscall. In this case the message is struct cmsgcred.

We can't rely on 2), so we will use 1) for dgram sockets. For stream
sockets it is more reliable to obtain accept-time credentials, since
SCM_CREDS control message is attached only on first read. Thus:

o Do setsockopt(LOCAL_CREDS) on local dgram sockets.
o Split check_priv() into check_priv_stream() and check_priv_dgram(),
and call them from recv_stream() and recv_dgram() respectively.
o Don't provide space for SCM_CREDS control message in recv_stream().
o Provide space for SCM_CREDS control message in recv_dgram(), but there
is no need to initialize anything in it.
o In recv_dgram() do not blindly expect that first message is SCM_CREDS,
instead use correct search cycle through control messages.

Fully initialize the stack-allocated "struct sockaddr_in sa" structure.

Remove end of line whitespace.

Minor mdoc fixes.

Count both IPv4 and IPv6 TCP connections in tcpCurrEstab

Timeout from: current, syrinx
MFC after: 1 week

General mdoc(7) and typo fixes.

PR: 167734
Submitted by: Nobuyuki Koganemaru (kogane!jp.freebsd.org)
MFC after: 3 days

memset() wants the size of the structure to clear, not the size
of the pointer to it.

Submitted by: Pawel Worach

Adter r228571 unbreak architectures with strict alignment rules
by copying rather than casting.

Include sys/queue.h: snmpmod.h uses TAILQ.

PR: bin/153153
MFC after: 2 weeks

Fix broken mdoc.

Found by: manlint
Approved by: re (kib)

Properly detect interface's state in the LINK_STATE_UNKNOWN case.

MFC after: 1 week

Don't spam syslog with "inet_ntop(): Address family not supported
by protocol family" when processing requests received from the
UNIX domain socket.

MFC after: 3 days

Bring the list of OIDs up-to-date to prevent conflicts.

Unbreak the build by temprorarily not using include directives in
bsnmpd(1)' def files, until bsd.snmpmod.mk & Makefiles are fixed to
pass proper include path flags to gensnmptree.

Bring in a SNMP module that allows configuration of SNMPv3 Notification targets.

Sponsored by: The FreeBSD Foundation
Reviewed by: philip
Approved by: philip

Silence the compiler warnings in libbsnmp by removing several (now)
unsed parameters.

Sponsored by: The FreeBSD Foundation
Reviewed by: philip@

Add a forgotten file from r216294 and unbreak the build.

Sponsored by: The FreeBSD Foundation
Reviewed by: philip@ (mostly)
Approved by: philip@

In bsnmpd(1) add support for SNMPv3 message processing model, including message authentication, packet encryption & view-based access control (RFC 3412, 3414, 3415).

Sponsored by: The FreeBSD Foundation
Reviewed by: philip@ (mostly)
Approved by: philip@

Remove mention of non-existant -o flag for debugging options.

MFC after: 3 days

mdoc: drop even more redundant .Pp calls

No change in rendered output, less mandoc lint warnings.

Tool provided by: Nobuyuki Koganemaru n-kogane at syd.odn.ne.jp

Fix two minor typos.

Bump document date after content changes.

Pointy hat to: uqs

Wordsmithing of bsnmpd.1

PR: docs/149157
Submitted by: Warren Block <wblock@wonkity.com>
MFC after: 1 week

Fix a typo introduced in r210936 which broke build.

Ethernet vlan(4) interfaces have valid Ethernet link layer addresses but
use a different interface type (IFT_L2VLAN vs IFT_ETHER). Treat IFT_L2VLAN
interfaces like IFT_ETHER interfaces when handling link layer addresses.

Reviewed by: syrinx (bsnmpd)
MFC after: 1 week

mdoc: consistently spell our email addresses <foo@FreeBSD.org>

Reviewed by: ru
Approved by: harti

(S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.

Approved by: harti@

Fix typo in macro name and macro usage.

Found by: make manlint
Reviewed by: ru
Approved by: harti, philip (mentor)

Fix a problem with high CPU consumption (up to 30%) by bsnmpd on a loaded system.
Instead of constantly calling the mibII_idle function when the server is not busy
call the function only once every 10 seconds to avoid bsnmpd constantly doing
gettimeofday syscalls. Make the idle polling interval confugurable via
begemotIfDataPoll.

Reported and tested by: misho (at) aitbg (dot) com
Oked by: harti
MFC after: 1 week

Add an extra (void *) cast. The struct if_msghdr has an 8 byte
alignment requirement, while rt_msghdr has a 4 byte alignment
requirement. The root cause is that if_msghdr has an struct if_data
which has an 8-byte alignment requirement due to a time_t that's
embedded in it. On MIPS, time_t is a 64-bit number, so must be 64-bit
aligned.

Since we don't access ifm_data.ifi_epoch, a simple cast is all that's
necessary here. It is likely the case that ifi_epoch should *NOT* be
a time_t because it is an uptime (time delta) an not an absolute time
since 1970. u_long is likely sufficient there since that gives an
uptime of 136 years will suffice for the foreseeable future.

This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,

The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.

Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:

- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion

This commit was generated by cvs2svn to compensate for changes in r176892,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r163820,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r163799,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r159063,
which included commits to RCS files with non-trunk default branches.

Don't import tree.h from the distribution - we have our own one in sys.

This commit was generated by cvs2svn to compensate for changes in r156066,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r155602,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r155506,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r155429,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r155094,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r154184,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r154182,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r154180,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r154178,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r151970,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r150974,
which included commits to RCS files with non-trunk default branches.

Add snmp_ntp/Makefile.in to the exclude list.

These files are not needed and were imported by accident in the
previous import.

This commit was generated by cvs2svn to compensate for changes in r150920,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r146609,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r146525,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r145673,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r145557,
which included commits to RCS files with non-trunk default branches.

Don't extract the .gdbinit file from the distribution.

This commit was generated by cvs2svn to compensate for changes in r142810,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r133594,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r133429,
which included commits to RCS files with non-trunk default branches.

List some more files to be excluded from the original distribution.

This commit was generated by cvs2svn to compensate for changes in r133211,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r128237,
which included commits to RCS files with non-trunk default branches.

Add an exclusion list that lists all the files from the original
distribution that we don't need.

Update the upgrade instructions to account for the fact, that
there is no need anymore to re-create files. Also give a hint to
look for changes needed to the Makefiles.

This commit was generated by cvs2svn to compensate for changes in r124861,
which included commits to RCS files with non-trunk default branches.

Add update instructions for bsnmp. Bsnmp is the base for the NgATM
ILMI daemon.

This commit was generated by cvs2svn to compensate for changes in r122394,
which included commits to RCS files with non-trunk default branches.