Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Merge r240234, r240271, r240734 from head:

r240234:
The first part of check_priv() function, that attempts to obtain creds
from the control message, actually never worked. This means check_priv()
didn't work for local dgram sockets.

The SCM_CREDS control messages is received only in two cases:

1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case
the message is struct sockcred.
2) If sender did supplied SCM_CREDS control message in his sendmsg()
syscall. In this case the message is struct cmsgcred.

We can't rely on 2), so we will use 1) for dgram sockets. For stream
sockets it is more reliable to obtain accept-time credentials, since
SCM_CREDS control message is attached only on first read. Thus:

o Do setsockopt(LOCAL_CREDS) on local dgram sockets.
o Split check_priv() into check_priv_stream() and check_priv_dgram(),
and call them from recv_stream() and recv_dgram() respectively.
o Don't provide space for SCM_CREDS control message in recv_stream().
o Provide space for SCM_CREDS control message in recv_dgram(), but there
is no need to initialize anything in it.
o In recv_dgram() do not blindly expect that first message is SCM_CREDS,
instead use correct search cycle through control messages.

r240271:
For UDP transport set IP_RECVDSTADDR sockopt on the socket, and provide
IP_SENDSRCADDR control with datagram message we reply with. This makes
bsnmpd reply from exactly same address that request was sent to, thus
successfully bypassing stateful firewalls or other kinds of strict checking.

r240734:
Re-do r240271:
- Set IP_RECVDSTADDR sockopt on the socket only in case if
it is INADDR_ANY bound.
- Supply IP_SENDSRCADDR control message only if we did receive
IP_RECVDSTADDR control message.

This fixes operation of snmpd bound to a specific local IP address.

PR: bin/171279

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Don't spam syslog with "inet_ntop(): Address family not supported
by protocol family" when processing requests received from the
UNIX domain socket.

MFC after: 3 days

Bring in a SNMP module that allows configuration of SNMPv3 Notification targets.

Sponsored by: The FreeBSD Foundation
Reviewed by: philip
Approved by: philip

In bsnmpd(1) add support for SNMPv3 message processing model, including message authentication, packet encryption & view-based access control (RFC 3412, 3414, 3415).

Sponsored by: The FreeBSD Foundation
Reviewed by: philip@ (mostly)
Approved by: philip@

This commit was generated by cvs2svn to compensate for changes in r176892,
which included commits to RCS files with non-trunk default branches.

Vendor patch: Prevent bsnmpd from dumping core when a module's init hook
returns an error.

Approved by: bz (mentor), harti

Virgin import of bsnmpd 1.12

Vendor patch: prevent a core dump when the trace option is not followed
by an option value.

Submitted by: Shteryana Shopova <shteryana@yahoo.com>

Vendor fix: make the default read and write communities NULL. This
basically disables any access unless other strings are set in the config
file. Note, that there is no way to set the communities back to NULL once
they're set to something not NULL.

Vendor fix for the build problem of snmp_pf. Move the fallback definitions
for U?INT32_{MAX,MIN} from asn1.h into the .c files that actually require
them (the .h file doesn't refer to these macros).

Virgin import of bsnmpd 1.11

Virgin import of bsnmpd 1.10

Vendor patch: fix a bug that was introduced when moving from libisc to
libbegemot: the rpoll_start_timer function needs the timeout value in
milli-seconds, not the absolute time when the timer should tick.

Virgin import of bsnmp 1.9

Virgin import of bsnmpd 1.8

Virgin import of bsnmpd 1.7

Import of bsnmpd 1.6

Virgin import of bsnmpd 1.5a

Virgin import of bsnmp 1.4