netstat(8): for -W, use IFNAMSIZ

If -W is specified, use IFNAMSIZ as the width of the Netif column,
instead of the default 12.

Reviewed by: imp,zlei,Mina Galić
Pull Request: https://github.com/freebsd/freebsd-src/pull/1223

netstat(1): increase width of Netif column

The previous width of Netif (10 or 8) was too short for modern interface
names; make it 12, which is long enough to display "epair0a.1000".

This came up in practice with genet(4) interfaces, since the base
interface name is long enough that with the previous limit, VLAN
identifiers would be truncated at 1 character in the IPv6 output:
"genet0.100" becomes "genet0.1".

The width is now fixed, and doesn't depend on the address family,
because there's no reason that length of the interface name would vary
based on the AF.

Reviewed by: imp,zlei,Mina Galić
Pull Request: https://github.com/freebsd/freebsd-src/pull/1223

usr.bin: Automated cleanup of cdefs and other formatting

Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.

Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/

Sponsored by: Netflix

usr.bin: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

netlink: add NETLINK/NETLINK_SUPPORT userland options.

Make userland tools such as netstat, route, arp and ndp use
either netlink or rtsock interfaces based on the NETLINK_SUPPORT
options.
Both NETLINK and NETLINK_SUPPORT options are turned on by default.

Reviewed By: eugen
Differential Revision: https://reviews.freebsd.org/D39148

netstat: export weight for single-path routes.

* Parse and export newly-added NL_RTA_WEIGHT attribute, providing path
weight for a non-multipath route. This fixes a number of tests in
sys/net/routing which rely on this data.
* Remove handling of NL_RTA_KNH_ID in multipath routes, as it is
not provided.
* Improve kernel/user nexthop index export. As a result,
for multipath routes:
* nhg-kidx attribute represents kernel nhg index (always provided)
* nhg-uidx attribute represents user-provided nhg index (if set)
for non-multipath routes:
* nhop-kidx attribute represents kernel nhop index (always provided)
* nhop-udx attribute represents user-provided nexthop index (if set)

netstat: make netstat -rn use netlink instead of rtsock

This change switches route listing in netstat to netlink, with fallback to rtsock.
The outputs are mostly identical, with an exception of not showing kernel
nexthop indexes for multipath routes.

Differential Revision: https://reviews.freebsd.org/D36529

netstat: print path weight when showing routes in structured output.

Differential Revision: https://reviews.freebsd.org/D35530
MFC after: 2 weeks

Fix `netstat -rs` reporting.

rttrash (unused but not yet delete entries) were eliminated
during routing rework. Remove reading these symbols from the kernel.

PR: 254681
Reported by: rashey@superbox.pl
MFC after: immediately

Introduce nexthop objects and new routing KPI.

This is the foundational change for the routing subsytem rearchitecture.
More details and goals are available in https://reviews.freebsd.org/D24141 .

This patch introduces concept of nexthop objects and new nexthop-based
routing KPI.

Nexthops are objects, containing all necessary information for performing
the packet output decision. Output interface, mtu, flags, gw address goes
there. For most of the cases, these objects will serve the same role as
the struct rtentry is currently serving.
Typically there will be low tens of such objects for the router even with
multiple BGP full-views, as these objects will be shared between routing
entries. This allows to store more information in the nexthop.

New KPI:

struct nhop_object *fib4_lookup(uint32_t fibnum, struct in_addr dst,
uint32_t scopeid, uint32_t flags, uint32_t flowid);
struct nhop_object *fib6_lookup(uint32_t fibnum, const struct in6_addr *dst6,
uint32_t scopeid, uint32_t flags, uint32_t flowid);

These 2 function are intended to replace all all flavours of
<in_|in6_>rtalloc[1]<_ign><_fib>, mpath functions and the previous
fib[46]-generation functions.

Upon successful lookup, they return nexthop object which is guaranteed to
exist within current NET_EPOCH. If longer lifetime is desired, one can
specify NHR_REF as a flag and get a referenced version of the nexthop.
Reference semantic closely resembles rtentry one, allowing sed-style conversion.

Additionally, another 2 functions are introduced to support uRPF functionality
inside variety of our firewalls. Their primary goal is to hide the multipath
implementation details inside the routing subsystem, greatly simplifying
firewalls implementation:

int fib4_lookup_urpf(uint32_t fibnum, struct in_addr dst, uint32_t scopeid,
uint32_t flags, const struct ifnet *src_if);
int fib6_lookup_urpf(uint32_t fibnum, const struct in6_addr *dst6, uint32_t scopeid,
uint32_t flags, const struct ifnet *src_if);

All functions have a separate scopeid argument, paving way to eliminating IPv6 scope
embedding and allowing to support IPv4 link-locals in the future.

Structure changes:
* rtentry gets new 'rt_nhop' pointer, slightly growing the overall size.
* rib_head gets new 'rnh_preadd' callback pointer, slightly growing overall sz.

Old KPI:
During the transition state old and new KPI will coexists. As there are another 4-5
decent-sized conversion patches, it will probably take a couple of weeks.
To support both KPIs, fields not required by the new KPI (most of rtentry) has to be
kept, resulting in the temporary size increase.
Once conversion is finished, rtentry will notably shrink.

More details:
* architectural overview: https://reviews.freebsd.org/D24141
* list of the next changes: https://reviews.freebsd.org/D24232

Reviewed by: ae,glebius(initial version)
Differential Revision: https://reviews.freebsd.org/D24232

Convert routing statistics to VNET_PCPUSTAT.

Submitted by: ocochard
Reviewed by: melifaro, glebius
Differential Revision: https://reviews.freebsd.org/D22834

General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

Fix userland tools that don't check the format of routing socket
messages before accessing message fields that may not be present,
removing dead/duplicate/misleading code along the way.

Document the message format for each routing socket message in
route.h.

Fix a bug in usr.bin/netstat introduced in r287351 that resulted in
pointer computation with essentially random 16-bit offsets and
dereferencing of the results.

Reviewed by: ae
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D10330

Renumber copyright clause 4

Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96

Fix typo.

MFC after: 3 days

Use strlcpy and snprintf in netstat(1).

Expand inet6name() line buffer to NI_MAXHOST and use strlcpy/snprintf
in various places.

Reported by: Anton Yuzhaninov <citrin citrin ru>
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D8916

Fix build without INET6 and with gcc. A function definition was ifdefed
for INET6, but its protototype was not, and gcc detects the error.

netstat: avoid returning uninitialized value in p_sockaddr().

In the case the width is less than 0, we are returning an uninitialized
value. For practical purposes the return value is ignored but initialize
it to avoid trouble.

CID: 1341619

At the time a destination or a gateway of `netstat -r'
protrudes its field, narrow the next field to raise
readability bit.

Don't truncate an interface name when -W option is specified.

Spotted by: Jim Thompson <jim__at__netgate.com>
MFC after: 1 week

Use returned network name from getnetbyaddr() correctly.

Revert previous workaround. This problem was fixed
by r290318.

Since sa->sa_len doesn't match sizeof(struct sockaddr_dl),
getnameinfo() fails against sockaddr_dl. This commit is workaround
for this problem.

Mask an IPv6 network address.

Simplify kvm symbol resolution and error handling. The symbol table
nl_symbols will eventually be organized into several modules depending
on MK_* variables.

- Add -W flag support for network column in intpr() (-i flag) and
routepr() (-r flag). It is too narrow to show an IPv6 prefix
in most cases.

- Accept "local" as a synonym of "unix" in protocol family name.

- Show a prefix length in CIDR notation when name resolution failed in
netname().

- Make routename() and netname() AF-independent and remove
unnecessary typecasting from struct sockaddr.

- Use getnameinfo(3) to format L2 addr in intpr().

- Fix a bug which showed "Address" when -A flag is specfied in pr_rthdr().

- Replace cryptic GETSA() macro with SA_SIZE().

- Fix declarations shadowing local variables with the same names.

- Add more static, remove unused header files and variables.

MFC after: 1 week

Properly align the header and the data columns for netstat -r with and
without the -W flag.

Adjust the string format to match the actual number of arguments.

This fix a segmentation fault on ARM when netstat -r is used together with
-W.

This issue was introduced in r279122.

Like it was already done for 'netstat -i', drop the kvm(3) support
in 'netstat -r'.

The netstat/route.c was the last abuser of struct ifnet and struct
rtentry in the tree. With this change if_var.h can become kernel
only include, _WANT_RTENTRY can go away and projects/ifnet and
projects/routing can go forward.

Differential Revision: https://reviews.freebsd.org/D2242
Reviewed by: melifaro, gnn
Sponsored by: Nginx, Inc.
Sponsored by: Netflix

Convert netstat to use libxo.

Obtained from: Phil Shafer <phil@juniper.net>
Ported to -current by: alfred@ (mostly), Kim Shrier
Formatting: marcel@
Sponsored by: Juniper Networks, Inc.

- Fix a bug which can make sysctl() fail when -F is specified.
- Increase WID_IF_DEFAULT() from 6 to 8 (the default for AF_INET6) because
we have interfaces with longer names than 6 chars like epairN{a,b}.
- Style fixes.

- Do not override sin6_scope_id in LLA when it is already set to non-zero.
This fixes destination list in output of netstat -r.
- Plug a memory leak.
- Add RTM_VERSION check.
- Minor style fixes.

Garbage collect long time obsoleted (or never used) stuff from routing API.

Remove AppleTalk support.

AppleTalk was a network transport protocol for Apple Macintosh devices
in 80s and then 90s. Starting with Mac OS X in 2000 the AppleTalk was
a legacy protocol and primary networking protocol is TCP/IP. The last
Mac OS X release to support AppleTalk happened in 2009. The same year
routing equipment vendors (namely Cisco) end their support.

Thus, AppleTalk won't be supported in FreeBSD 11.0-RELEASE.

Remove IPX support.

IPX was a network transport protocol in Novell's NetWare network operating
system from late 80s and then 90s. The NetWare itself switched to TCP/IP
as default transport in 1998. Later, in this century the Novell Open
Enterprise Server became successor of Novell NetWare. The last release
that claimed to still support IPX was OES 2 in 2007. Routing equipment
vendors (e.g. Cisco) discontinued support for IPX in 2011.

Thus, IPX won't be supported in FreeBSD 11.0-RELEASE.

Fix compilation for 32-bit machines.

Hide struct rtentry from userland.

- Remove rt_metrics_lite and simply put its members into rtentry.
- Use counter(9) for rt_pksent (former rt_rmx.rmx_pksent). This
removes another cache trashing ++ from packet forwarding path.
- Create zini/fini methods for the rtentry UMA zone. Via initialize
mutex and counter in them.
- Fix reporting of rmx_pksent to routing socket.
- Fix netstat(1) to report "Use" both in kvm(3) and sysctl(3) mode.

The change is mostly targeted for stable/10 merge. For head,
rt_pksent is expected to just disappear.

Discussed with: melifaro
Sponsored by: Netflix
Sponsored by: Nginx, Inc.

Explicitly free rt_tables to please Coverity.

Reported by: Coverity
Coverity CID: 1147174
MFC after: 2 weeks

Further split kvm(3) and sysctl interfaces for route table printing.

MFC after: 4 weeks
Sponsored by: Yandex LLC

Use more fine-grained kvm(3) symbol lookup: routing code retrieves only
necessary symbols needed per subsystem. Main kvm(3) init is now delayed
as much as possbile. This finally fixes performance issues reported in
kern/167204.
Some non-working code (ng_socket.ko symbol addresses calculation) removed.
Some global variables eliminated.

PR: kern/167204
MFC after: 4 weeks

Restore corefiles handling via kvm(3).

Found by: John-Mark Gurney <jmg at funkthat.com>
MFC after: 4 weeks

Switch netstat -rn to use standard API for retrieving list of routes
instead of peeking inside in-kernel radix via kget.
This permits us to change kernel structures without breaking userland.
Additionally, this change provide more reliable and faster output.

`Refs` and `Use` fields available in IPv4 by default (and via -W
for other families) were removed. `Refs` is radix-specific thing
which is not informative for users. `Use` field value is handy sometimes,
but a) current API does not support it and b) I'm not sure we will
support per-rte pcpu counters in near future.

Old method of retrieving data is still supported (either by defining
NewTree=0 or running netstat with -A). However, Refs/Use fields are
hidden.

Sponsored by: Yandex LLC
MFC after: 4 weeks
PR: kern/167204

Rewrite netstat/if.c to use getifaddrs(3) and getifmaddrs(3) instead of
libkvm digging in kernel memory. This is possible since r231506 made
getifaddrs(3) to supply if_data for each ifaddr.

The pros of this change is that now netstat(1) doesn't know about kernel
struct ifnet and struct ifaddr. And these structs are about to change
significantly in head soon. New netstat binary will work well with 10.0
and any future kernel.

The cons is that now it isn't possible to obtain interface statistics
from a vmcore.

Functions intpr() and sidewaysintpr() were rewritten from scratch.

The output of netstat(1) has underwent the following changes:

1) The MTU is not printed for protocol addresses, since it has no notion.
Dash is printed instead. If there would be a strong desire to return
previous output, it is doable.
2) Output interface queue drops are not printed. Currently this data isn't
available to userland via any API. We plan to drop 'struct ifqueue' from
'struct ifnet' very soon, so old kvm(3) access to queue drops is soon
to be broken, too. The plan is that drivers would handle their queues
theirselves and a new field in if_data would be updated in case of drops.
3) In-kernel reference count for multicast addresses isn't printed. I doubt
that anyone used it. Anyway, netstat(1) is sysadmin tool, not kernel
debugger.

Sponsored by: Netflix
Sponsored by: Nginx, Inc.

Add -F fibnum option to specify an FIB number for -r flag.

Fill sin6_scope_id in sockaddr_in6 before passing it from the kernel to
userland via routing socket or sysctl. This eliminates the following
KAME-specific sin6_scope_id handling routine from each userland utility:

sin6.sin6_scope_id = ntohs(*(u_int16_t *)&sin6.sin6_addr.s6_addr[2]);

This behavior can be controlled by net.inet6.ip6.deembed_scopeid. This is
set to 1 by default (sin6_scope_id will be filled in the kernel).

Reviewed by: bz

Remove unused variable. Newer versions of gcc care.

Submitted by: Sascha Wildner <saw@online.de>
Approved by: cperciva
MFC after: 3 days

Teach netstat -r (display contents of routing tables) about multi-FIB for
IPv6 in addition to IPv4.
While here harmonize naming of variables a bit with what we use in kernel.

Sponsored by: Cisco Systems, Inc.

- Hide the internal scope address representation of the KAME IPv6
stack from the output of `netstat -ani'.
- The node-local multicast address in the output of `netstat -rn'
should be handled as well.

Spotted by: Bernd Walter <ticso__at__cicely7.cicely.de>

Remove the advertising clause from UCB copyrighted files in usr.bin. This
is in accordance with the information provided at
ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change

Also add $FreeBSD$ to a few files to keep svn happy.

Discussed with: imp, rwatson

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

Revert most part of 200420 as requested, as more review and polish is
needed.

Remove unneeded header includes from usr.bin/ except contributed code.

Tested with: make universe

Merge r198118 from head to stable/8:

Print routing statistics as unsigned short rather than unsigned int,
otherwise sign extension leads to unlikely values when in the negative
range of the signed short structure fields that hold the statistics.
The type used to hold routing statistics is arguably also incorrect.

Approved by: re (bz)

Print routing statistics as unsigned short rather than unsigned int,
otherwise sign extension leads to unlikely values when in the negative
range of the signed short structure fields that hold the statistics.
The type used to hold routing statistics is arguably also incorrect.

MFC after: 3 days

Convert the two dimensional array to be malloced and introduce
an accessor function to get the correct rnh pointer back.

Update netstat to get the correct pointer using kvm_read()
as well.

This not only fixes the ABI problem depending on the kernel
option but also permits the tunable to overwrite the kernel
option at boot time up to MAXFIBS, enlarging the number of
FIBs without having to recompile. So people could just use
GENERIC now.

Reviewed by: julian, rwatson, zec
X-MFC: not possible

This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,

The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.

Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:

- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion

- Import the HEAD csup code which is the basis for the cvsmode work.

Use strlcpy() when we mean it.

Minimize changes CURRENT<->releng7.

Fix build.

Add code to allow the system to handle multiple routing tables.
This particular implementation is designed to be fully backwards compatible
and to be MFC-able to 7.x (and 6.x)

Currently the only protocol that can make use of the multiple tables is IPv4
Similar functionality exists in OpenBSD and Linux.

From my notes:

-----

One thing where FreeBSD has been falling behind, and which by chance I
have some time to work on is "policy based routing", which allows
different
packet streams to be routed by more than just the destination address.

Constraints:
------------

I want to make some form of this available in the 6.x tree
(and by extension 7.x) , but FreeBSD in general needs it so I might as
well do it in -current and back port the portions I need.

One of the ways that this can be done is to have the ability to
instantiate multiple kernel routing tables (which I will now
refer to as "Forwarding Information Bases" or "FIBs" for political
correctness reasons). Which FIB a particular packet uses to make
the next hop decision can be decided by a number of mechanisms.
The policies these mechanisms implement are the "Policies" referred
to in "Policy based routing".

One of the constraints I have if I try to back port this work to
6.x is that it must be implemented as a EXTENSION to the existing
ABIs in 6.x so that third party applications do not need to be
recompiled in timespan of the branch.

This first version will not have some of the bells and whistles that
will come with later versions. It will, for example, be limited to 16
tables in the first commit.
Implementation method, Compatible version. (part 1)
-------------------------------
For this reason I have implemented a "sufficient subset" of a
multiple routing table solution in Perforce, and back-ported it
to 6.x. (also in Perforce though not always caught up with what I
have done in -current/P4). The subset allows a number of FIBs
to be defined at compile time (8 is sufficient for my purposes in 6.x)
and implements the changes needed to allow IPV4 to use them. I have not
done the changes for ipv6 simply because I do not need it, and I do not
have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.

Other protocol families are left untouched and should there be
users with proprietary protocol families, they should continue to work
and be oblivious to the existence of the extra FIBs.

To understand how this is done, one must know that the current FIB
code starts everything off with a single dimensional array of
pointers to FIB head structures (One per protocol family), each of
which in turn points to the trie of routes available to that family.

The basic change in the ABI compatible version of the change is to
extent that array to be a 2 dimensional array, so that
instead of protocol family X looking at rt_tables[X] for the
table it needs, it looks at rt_tables[Y][X] when for all
protocol families except ipv4 Y is always 0.
Code that is unaware of the change always just sees the first row
of the table, which of course looks just like the one dimensional
array that existed before.

The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign()
are all maintained, but refer only to the first row of the array,
so that existing callers in proprietary protocols can continue to
do the "right thing".
Some new entry points are added, for the exclusive use of ipv4 code
called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(),
which have an extra argument which refers the code to the correct row.

In addition, there are some new entry points (currently called
rtalloc_fib() and friends) that check the Address family being
looked up and call either rtalloc() (and friends) if the protocol
is not IPv4 forcing the action to row 0 or to the appropriate row
if it IS IPv4 (and that info is available). These are for calling
from code that is not specific to any particular protocol. The way
these are implemented would change in the non ABI preserving code
to be added later.

One feature of the first version of the code is that for ipv4,
the interface routes show up automatically on all the FIBs, so
that no matter what FIB you select you always have the basic
direct attached hosts available to you. (rtinit() does this
automatically).

You CAN delete an interface route from one FIB should you want
to but by default it's there. ARP information is also available
in each FIB. It's assumed that the same machine would have the
same MAC address, regardless of which FIB you are using to get
to it.

This brings us as to how the correct FIB is selected for an outgoing
IPV4 packet.

Firstly, all packets have a FIB associated with them. if nothing
has been done to change it, it will be FIB 0. The FIB is changed
in the following ways.

Packets fall into one of a number of classes.

1/ locally generated packets, coming from a socket/PCB.
Such packets select a FIB from a number associated with the
socket/PCB. This in turn is inherited from the process,
but can be changed by a socket option. The process in turn
inherits it on fork. I have written a utility call setfib
that acts a bit like nice..

setfib -3 ping target.example.com # will use fib 3 for ping.

It is an obvious extension to make it a property of a jail
but I have not done so. It can be achieved by combining the setfib and
jail commands.

2/ packets received on an interface for forwarding.
By default these packets would use table 0,
(or possibly a number settable in a sysctl(not yet)).
but prior to routing the firewall can inspect them (see below).
(possibly in the future you may be able to associate a FIB
with packets received on an interface.. An ifconfig arg, but not yet.)

3/ packets inspected by a packet classifier, which can arbitrarily
associate a fib with it on a packet by packet basis.
A fib assigned to a packet by a packet classifier
(such as ipfw) would over-ride a fib associated by
a more default source. (such as cases 1 or 2).

4/ a tcp listen socket associated with a fib will generate
accept sockets that are associated with that same fib.

5/ Packets generated in response to some other packet (e.g. reset
or icmp packets). These should use the FIB associated with the
packet being reponded to.

6/ Packets generated during encapsulation.
gif, tun and other tunnel interfaces will encapsulate using the FIB
that was in effect withthe proces that set up the tunnel.
thus setfib 1 ifconfig gif0 [tunnel instructions]
will set the fib for the tunnel to use to be fib 1.

Routing messages would be associated with their
process, and thus select one FIB or another.
messages from the kernel would be associated with the fib they
refer to and would only be received by a routing socket associated
with that fib. (not yet implemented)

In addition Netstat has been edited to be able to cope with the
fact that the array is now 2 dimensional. (It looks in system
memory using libkvm (!)). Old versions of netstat see only the first FIB.

In addition two sysctls are added to give:
a) the number of FIBs compiled in (active)
b) the default FIB of the calling process.

Early testing experience:
-------------------------

Basically our (IronPort's) appliance does this functionality already
using ipfw fwd but that method has some drawbacks.

For example,
It can't fully simulate a routing table because it can't influence the
socket's choice of local address when a connect() is done.

Testing during the generating of these changes has been
remarkably smooth so far. Multiple tables have co-existed
with no notable side effects, and packets have been routes
accordingly.

ipfw has grown 2 new keywords:

setfib N ip from anay to any
count ip from any to any fib N

In pf there seems to be a requirement to be able to give symbolic names to the
fibs but I do not have that capacity. I am not sure if it is required.

SCTP has interestingly enough built in support for this, called VRFs
in Cisco parlance. it will be interesting to see how that handles it
when it suddenly actually does something.

Where to next:
--------------------

After committing the ABI compatible version and MFCing it, I'd
like to proceed in a forward direction in -current. this will
result in some roto-tilling in the routing code.

Firstly: the current code's idea of having a separate tree per
protocol family, all of the same format, and pointed to by the
1 dimensional array is a bit silly. Especially when one considers that
there is code that makes assumptions about every protocol having the
same internal structures there. Some protocols don't WANT that
sort of structure. (for example the whole idea of a netmask is foreign
to appletalk). This needs to be made opaque to the external code.

My suggested first change is to add routing method pointers to the
'domain' structure, along with information pointing the data.
instead of having an array of pointers to uniform structures,
there would be an array pointing to the 'domain' structures
for each protocol address domain (protocol family),
and the methods this reached would be called. The methods would have
an argument that gives FIB number, but the protocol would be free
to ignore it.

When the ABI can be changed it raises the possibilty of the
addition of a fib entry into the "struct route". Currently,
the structure contains the sockaddr of the desination, and the resulting
fib entry. To make this work fully, one could add a fib number
so that given an address and a fib, one can find the third element, the
fib entry.

Interaction with the ARP layer/ LL layer would need to be
revisited as well. Qing Li has been working on this already.

This work was sponsored by Ironport Systems/Cisco

PR:
Reviewed by: several including rwatson, bz and mlair (parts each)
Approved by:
Obtained from: Ironport systems/Cisco
MFC after:
Security:

Make netstat -rn more resilient to having the routing table change out from
under it while running. Note that this is still not perfect:
- Try to do something intelligent if kvm_read() fails to read a routing
table structure such as an rtentry, radix_node, or ifnet.
- Don't follow left and right node pointers in radix_nodes unless
RNF_ACTIVE is set in rn_flags. This avoids walking through freed
radix_nodes.

MFC after: 1 week

Change another argument and a variable both related to netname() to
be also 32-bit on all archs.

MFC after: 3 days

Fix netname() [1] and routename() on big-endian LP64 archs.

Submitted by: Yuri Pankov [1]
MFC after: 3 days

Add IFT_BRIDGE to the Ethernet section so l2 addresses are formatted correctly.

PR: bin/119542
Submitted by: Niki Denev

quiet compiler complaint about unused parameters

style(9)
+ kread is not a boolean, so check it as such
+ fix $FreeBSD$ Ids
+ denote copyrights with /*-
+ misc whitespace changes.

Restore netstat -M functionality for most statistics on core dumps. In
general, when support was added to netstat for fetching data using sysctl,
no provision was left for fetching equivalent data from a core dump, and
in fact, netstat would _always_ fetch data from the live kernel using
sysctl even when -M was specified resulting in the user believing they
were getting data from coredumps when they actually weren't. Some specific
changes:
- Add a global 'live' variable that is true if netstat is running against
the live kernel and false if -M has been specified.
- Stop abusing the sysctl flag in the protocol tables to hold the protocol
number. Instead, the protocol is now its own field in the tables, and
it is passed as a separate parameter to the PCB and stat routines rather
than overloading the KVM offset parameter.
- Don't run PCB or stats functions who don't have a namelist offset if we
are being run against a crash dump (!live).
- For the inet and unix PCB routines, we generate the same buffer from KVM
that the sysctl usually generates complete with the header and trailer.
- Don't run bpf stats for !live (before it would just silently always run
live).
- kread() no longer trashes memory when opening the buffer if there is an
error on open and the passed in buffer is smaller than _POSIX2_LINE_MAX.
- The multicast routing code doesn't fallback to kvm on live kernels if
the sysctl fails. Keeping this made the code rather hairy, and netstat
is already tied to the kernel ABI anyway (even when using sysctl's since
things like xinpcb contain an inpcb) so any kernels this is run against
that have the multicast routing stuff should have the sysctls.
- Don't try to dig around in the kernel linker in the netgraph PCB routine
for core dumps.

Other notes:
- sctp's PCB routine only works on live kernels, it looked rather
complicated to generate all the same stuff via KVM. Someone can always
add it later if desired though.
- Fix the ipsec removal bug where N_xxx for IPSEC stats weren't renumbered.
- Use sysctlbyname() everywhere rather than hardcoded mib values.

MFC after: 1 week
Approved by: re (rwatson)

Retire most of the classful network behaviour of netstat -r output, for IPv4.

Without -n, we now only print a "network name" without the prefix length
under the following conditions:
1) the network address and mask matches a classful network prefix;
2) getnetbyaddr(3) returns a network name for this network address.

With -n, we unconditionally print the full unabbreviated CIDR network
prefix in the form "a.b.c.d/p". 0.0.0.0/0 is still printed as "default".

This change is in preparation for changes such as equal-cost multipath, and
to more generally assist operational deployment of FreeBSD as a modern IPv4
router. There are currently no plans to backport this change.

Discussed on: freebsd-net

We should return the name in cp, not printf it.

Found by: WARNS=6
MFC after: 3 days

- Achieve WARNS=3 by using sparse initializers or avoiding initializers at all.
- Fix a nlist initialization: it should be terminated by a NULL entry.
- Constify.
- Catch an unused parameter.

Tested on: i386 amd64 ia64

Achieve WARNS=2 by using uintmax_t to pass around 64-bit quantities,
including to printf(). Using uintmax_t is also robust to further
extensions in both the C language and the bitwidth of kernel counters.

Tested on: i386 amd64 ia64

Since kernel & userland use different timebase and netstat is reading kernel
memory directly, we should do timebase conversion for route lifetime.

Approved by: glebius (mentor)

NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.

Print link level address on vlan interfaces using ether_ntoa(), to make
output on bare ethernet and vlan interfaces the same.

PR: bin/69674
Submitted by: Pawel Malachowski <pawmal-posting@freebsd.lublin.pl>
Reviewed by: ru
Approved by: julian (mentor)
MFC after: 1 week

Add __FBSDID. Replace local variable sin by sockin to not conflict with sin(3).
Use warnx() instead of warn() when error message is not of any interest. Add
prototypes.

Replace ROUNDUP/ADVANCE with SA_SIZE

Fix some minor nits in netstat whereby large interface names would be
truncated. In environments where many tunnel or vlan interfaces are created,
interface names have high numbers which overflow the field width.

PRs: bin/52349, bin/35838
Submitted by: Mike Tancsa, Scot W. Hetzel
Approved by: re (rwatson)

Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By: re (in principle)
Reviewed By: njl, imp
Tested On: i386, amd64, sparc64
Obtained From: NetBSD (if_xname)

remove unneeded include of route.h

Supported by: FreeBSD Foundation

Kill #ifdef NS and some leftover #ifdef ISO code. Re-pack the nlist[]
array, it isn't likely to find any ARPAnet IMP drivers in FreeBSD.

Warns cleanups for netstat:
1) Include arpa/inet.h for ntohs.
2) Constness fixes.
3) Fix shadowing except for "sin" which shouldn't be in scope.
4) Remove register keyword.
5) Add missing initialsers to user defined structs.
5) Make prototype of netname6 globally visable.
6) Use right macros for printing syncache stats (even though entrie isn't
a word).

Fix incorrect cast.

Use calculated column widths for the routing table display when -W is
supplied rather than arbitrarily larger widths. This (almost) guarantees
that no columns will be truncated (routing table additions between the
width calculation and display passes may create a row with column widths
larger than those calculated).

Sponsored by: NTT Multimedia Communications Labs

Use %lu instead of %ld when printing rt_use (aka rt_rmx.rmx_pksent)

Submitted by: Andre Oppermann <oppermann@pipeline.ch>
MFC after: 5 days

Print IFT_ETHER addresses with ether_ntoa(3) (with leading zeros).

Fixed bugs from revision 1.27. Specifically:

- Restore the ability to look up network names in the networks(5)
database by passing getnetbyaddr(3) shifted network numbers,
but without duplicating the old bug that was fixed in 1.27 (we
now only shift netnums with standard netmasks). For example:

Before:

$ netstat -r
[...]
127.0.1/24 localhost UGSc 0 0 lo0
127.0.2/24 localhost UGSc 0 0 lo0

After:

$ netstat -r
[...]
subnet1/24 localhost UGSc 0 0 lo0
subnet2/24 localhost UGSc 0 0 lo0

- Only try to lookup with the forged netmask if the mask was not
explicitly specified, like it was before 1.27. For example:

Before:

$ netstat -r
net-44.ampr.org/25 localhost UGSc 0 0 lo0
net-44.ampr.org/25 localhost UGSc 0 0 lo0

After:

44.108.2/25 localhost UGSc 0 0 lo0
44.108.2.128/25 localhost UGSc 0 0 lo0

- Make sure to null-terminate the resulting string.

MFC after: 1 week

Deprecate the -l option in favour of more natural -W.
The compatibility glue is still provided.

(This change is not yet reflected in the manpage, nor
in usage(). This will be fixed at a later time today,
with the general manpage cleanup commit.)

Make `rttrash' variable (#routes not in table but not freed) visible
through ``netstat -rs''.

Fixed bogon in revision 1.37. Don't bogusly print a radix node's
duped key marker (``=>'') for routes with non-positive rmx_expire
metric, such as ethernet interface routes.

MFC after: 1 week

Honor -s -s (don't show zero stats) with -r, untangle SYNOPSIS further.
(usage() still is not synchronized with SYNOPSIS, intentionally.)

remove warnings
remove superfluous declarations
make things more consistent

remove K&R support

revert removal of warning and K&R support

Requested by: bde

Line up `netstat -rl' display.

remove most of the warnings

add the option -S for printing port numbers symbolically but addresses
numerically. clean up the CFLAGS in Makefile.

Add missing column for Mtu in header when -rl is specified.

Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.

Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks

Always print at least 2 bytes for IN_CLASSB_NET networks.
Always print at least 3 bytes for IN_CLASSC_NET networks.

The standard 193.0.0 class C network for example, will now
be displayed as "193.0.0" as opposed to the confusing 193.

PR: bin/21546
MFC after: 1 week

Restore printing of routes cloned from a RTF_CLONING parent
(e.g., ARP table entries) with the default routing display.

PR: bin/26970
Reviewed by: wollman
MFC after: 3 days

net/route.c:

A route generated from an RTF_CLONING route had the RTF_WASCLONED flag
set but did not have a reference to the parent route, as documented in
the rtentry(9) manpage. This prevented such routes from being deleted
when their parent route is deleted.

Now, for example, if you delete an IP address from a network interface,
all ARP entries that were cloned from this interface route are flushed.

This also has an impact on netstat(1) output. Previously, dynamically
created ARP cache entries (RTF_STATIC flag is unset) were displayed as
part of the routing table display (-r). Now, they are only printed if
the -a option is given.

netinet/in.c, netinet/in_rmx.c:

When address is removed from an interface, also delete all routes that
point to this interface and address. Previously, for example, if you
changed the address on an interface, outgoing IP datagrams might still
use the old address. The only solution was to delete and re-add some
routes. (The problem is easily observed with the route(8) command.)

Note, that if the socket was already bound to the local address before
this address is removed, new datagrams generated from this socket will
still be sent from the old address.

PR: kern/20785, kern/21914
Reviewed by: wollman (the idea)

MAXHOSTNAMELEN includes space for a NUL.
Don't roll our own version of trimdomain(), use the one in libutil.

Not objected to by: freebsd-audit

Fixed the printing of header for IPv4 routing table without -l option.
Broken in rev 1.44.

sync with latest kame netstat. basically, more statistics

Use Garrett's new (clearer) names.

Don't suppress Flags and Refs info for IPv4 entries.
(They need to be suppressed by default for IPv6 entries to keep the column
size of each entries in 80.)

Instead of reporting all 0.0.0.0 as ``default'' only report
a true default of 0.0.0.0/0 as default.

Reviewed by: wollman

Getaddrinfo(), getnameinfo(), and etc support in libc/net.
Several udp and raw apps IPv6 support.

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project

Added missing declaration for argment specification at pr_rthdr(),
caused by my previous patch, sorry.
Also, changed its var name from 'af' to 'wid_af', to avoid confusion with
global var 'af'.

define WID_DST6 and WID_GW6 and use them only for IPv6, to keep IPv4 related
information in 80 columns.

TODO: IPv6 related information is not likely to be kept in 80 columns, anyway.
Some more print modes could be added,
but what is the priority between those modes?
-print out all information even if they don't fit into 80 columns
-strip off some information to fit them into 80 columns

Reviewed by: markm

udp IPv6 support, IPv6/IPv4 tunneling support in kernel,
packet divert at kernel for IPv6/IPv4 translater daemon

This includes queue related patch submitted by jburkhol@home.com.

Submitted by: queue related patch from jburkhol@home.com
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project

Cleanup missing includes, stale includes, and a few printf format
inconsistancies.

Whistle's Netgraph link-layer (sometimes more) networking infrastructure.
Been in production for 3 years now. Gives Instant Frame relay to if_sr
and if_ar drivers, and PPPOE support soon. See:
ftp://ftp.whistle.com/pub/archie/netgraph/index.html
for on-line manual pages.

Reviewed by: Doug Rabson (dfr@freebsd.org)
Obtained from: Whistle CVS tree

$Id$ -> $FreeBSD$

Change casts from int to u_long and formats from %x to %lx.

Didn't fix the alignment of the output fields on alpha where addresses
require 16 characters to print.

Added a dummy field to the pt_u union to help the alpha compiler align
the u_sa field in a suiable way.

Fixed type mismatches and style bugs in rev.1.30.

o Use snprintf over sprintf.
o Use strncpy correctly.
o Use enough buffer for line.

Inspired by or Obtained from: Similar changes in OpenBSD

netstat truncates info in sockaddr* between kgetsa and p_sockaddr
by dereferencing pointer to smaller structure

PR: 5256
Reviewed by: phk
Submitted by: Gregory D. Moncreaff <moncrg@bt340707.res.ray.com>

The current version of netstat does not print the interface
name for AF_LINK routing entries. This makes debugging
network problems more difficult.
PR: 4182
Reviewed by: phk
Submitted by: Craig Leres <leres@ee.lbl.gov>

Remove prog, unused variables.
Cosmetic in usage string.

Remove some quite bogus code that tried to find subnet names but instead
spammed named with bogus queries.

Add the new ipx statistics variables.

Remove the dns lookup code in the ipx functions. That is bogus and slows
things like netstat -r(f ipx) down, without gaining anything.

Remove the ipx error protocol statistics.

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Update to match changes in <net/if.h> and <netinet/ip_mroute.h>.

Fix up programs which expect <net/if.h> to include <sys/time.h> to instead
do it themselves. (Some of these programs actually depended on this
beyond compiling the definition of struct ifinfo!) Also fix up some
other #include messes while we're at it.

Eliminate unnecessary include of <sys/mbuf.h>. PCBs aren't stored in mbufs
any more.

Remove reference to oobsolete RTF_MASK flag (soon to be removed).

make appletalk networks not show an un-needed host
part in displaying the routes.

Submitted by: archie@whistle.com

slight cleanups on yesterday's patches

Submitted by: archie@whistle.com

appletalk cleanups

make netstat distinguish broadcast and blackhole routes where they appear.

(RTF_BLACKHOLE was already documented as being shown, but the code ignored
it)

Sumbitted by: Greg Lehey <grog@lemis.de>

better appletalk support.

patches to allow netstat to monitor appletalk sockets openned using the
/sys/netatalk protocol stack

more cleanups and fixes are likely

Code cleanup: remove unused variables, use correct *printf format
specifiers (some unsigned values were printed as signed, some longs
were printed as ints), and place parentheses around assignments in
if statements.

For some reason, the changes to make route.c compile didn't make it over.
Fixed.

Pointed-out-by: joerg

tidy up the domain name trimming code, and move it to a single place
rather than having the same bit of code duplicated in three places,
each with their own static copy of the host's local name.

A couple of changes of mine that I've been using for a while:
route.c: look up the netname as-is first before the shifted name. this
makes a big speed difference, as the lookups are generally local
DNS. The shifted names can be very wrong (there is still guessing
and fudging involved) and usually go remote, taking a long time
to fail. If you have the RFC reccomended netnames in your reverse
lookups, this is even faster still.
main.c: dont do a sethostent(1) - this is causing the resolver to use a
VC (tcp) connection to the resolver, which has more overheads and
is slower than the default UDP case. This once made sense when
everything was based on text host tables.

Merge in Lite-2 changes.

Import netstat from 4.4Lite-2 - this version eliminates some of the
severely bogus mask guessing in the netname code, and also reports the
mask length of the route (like linux's netstat, but in a much more compact
form)

The current code is doing bogus things like shifting c-class subnets by
4 bits and looking them up, causing a DNS lookup of 0x0C0CBxxx which
takes an eternity to fail.

Submitted by: John Hay

more IPX related fixes

Reviewed by: julian and jhay@mikom.csir.co.za
Submitted by: Mike Mitchell, supervisor@alb.asctmd.com

This is a bulk mport of Mike's IPX/SPX protocol stacks and all the
related gunf that goes with it..
it is not guaranteed to work 100% correctly at this time
but as we had several people trying to work on it
I figured it would be better to get it checked in so
they could all get teh same thing to work on..

Mikes been using it for a year or so
but on 2.0

more changes and stuff will be merged in from other developers now that this is in.

Mike Mitchell, Network Engineer
AMTECH Systems Corporation, Technology and Manufacturing
8600 Jefferson Street, Albuquerque, New Mexico 87113 (505) 856-8000
supervisor@alb.asctmd.com

Instantiate our own variables instead of depending on bogus common
declarations in system headers that will be fixed soon.

Remove trailing whitespace.

The negative expire times shown by netstat are confusing and ugly.

Destination Gateway Flags Refs Use Netif Expire
199.182.75.128 link#1 UC 0 0 ed0 -842660
Submitted by: John Capo <jc@irbs.com>

Don't print protocol-cloned routes by default (enabled by -a flag).
Print non-zero expiration timers.
Use err(3) for error reporting.

Make it possible to correctly print out new route flags, and do so.

BSD 4.4 Lite Usr.bin Sources