rtadvd(8): support PREF64 (RFC 8781)

PREF64 allows a router to advertise the network's NAT64 prefix, allowing
clients to auto-configure CLAT. This makes it possible to deploy
IPv6-only or IPv6-mostly client access networks without the need for
DNS64.

Reviewed by: imp, glebius (prior suggetions done)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1206

rtadvd: Remove return statement at the end of void functions

Signed-off-by: Elyes Haouas <ehaouas@noos.fr>

Remove $FreeBSD$: one-line .c comment pattern

Remove /^/[*/]\s*\$FreeBSD\$.*\n/

Update the "flag" for draft-ietf-6man-ipv6only-flag.

Having the flag named "6" can possibly be a problem for configurations
where parsing strings and numbers can produce ambivalent results.
Rename the "6" flag to the "S"ix (or Silence-IPv4) flag.

Initial implementation of draft-ietf-6man-ipv6only-flag.

This change defines the RA "6" (IPv6-Only) flag which routers
may advertise, kernel logic to check if all routers on a link
have the flag set and accordingly update a per-interface flag.

If all routers agree that it is an IPv6-only link, ether_output_frame(),
based on the interface flag, will filter out all ETHERTYPE_IP/ARP
frames, drop them, and return EAFNOSUPPORT to upper layers.

The change also updates ndp to show the "6" flag, ifconfig to
display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
announcing the flag.

Further changes to tcpdump (contrib code) are availble and will
be upstreamed.

Tested the code (slightly earlier version) with 2 FreeBSD
IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
and with Win10 and OSX clients (which did not fall over with
the "6" flag set but not understood).

We may also want to (a) implement and RX filter, and (b) over
time enahnce user space to, say, stop dhclient from running
when the interface flag is set. Also we might want to start
IPv6 before IPv4 in the future.

All the code is hidden under the EXPERIMENTAL option and not
compiled by default as the draft is a work-in-progress and
we cannot rely on the fact that IANA will assign the bits
as requested by the draft and hence they may change.

Dear 6man, you have running code.

Discussed with: Bob Hinden, Brian E Carpenter

General further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

rtadvd(8): double assignment.

Remove doubtful initialization since the value will be overwritten
immediately afterwards.

Found with: coccinelle (da.cocci)

Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.

MFC after: 1 week

rtadvd(8): Don't use-after-free

This whole block of code as committed fully formed in r224144. I'm not really
sure what the intent was, but it seems plausible that !persist ifis could need
other member cleanup. Don't free the object until after we've finished
cleaning its members.

Reported by: Coverity
CID: 1006079
Sponsored by: EMC / Isilon Storage Division

- Fix a bug which prevented dnssl[0-9] and rdnss[0-9] parameters from
working.

- Fix a pointer calculation for padding when multiple dnssl[0-9]
parameters are specified [*].

Reported by: http://bugs.dragonflybsd.org/issues/2847 [*]

Stop including if_var.h from userland.

Sponsored by: Nginx, Inc.

Check buffer length more strictly.

MFC after: 1 day

Fix a crash when reloading the configuration file.

Spotted by: des

Set the back pointer from the prefix to the interface before adding
the prefix to the interface's prefix list. This shouldn't make a
difference, since rtadvd(8) is single-threaded, but I've seen it crash
in delete_prefix() with pfx_rainfo == NULL, and this is the only place
where a prefix can be added to the list with a NULL pfx_rainfo.

MFC after: 3 days

- Use time_uptime instead of time_second in data structures for
PF_INET6 in kernel. This fixes various malfunction when the wall time
clock is changed. Bump __FreeBSD_version to 1000041.

- Use clock_gettime(CLOCK_MONOTONIC_FAST) in userland utilities.

MFC after: 1 month

Add a missing white space.

Spelling fixes for usr.sbin/

- Improve interface list handling. The rtadvd(8) now supports dynamically-
added/removed interfaces in a more consistent manner and reloading the
configuration file.

- Implement burst unsolicited RA sending into the internal RA timer framework
when AdvSendAdvertisements and/or configuration entries are changed as
described in RFC 4861 6.2.4. This fixes issues that make termination of the
rtadvd(8) daemon take very long time.

An interface now has three internal states, UNCONFIGURED, TRANSITIVE, or
CONFIGURED, and the burst unsolicited sending happens in TRANSITIVE.
See rtadvd.h for the details.

- rtadvd(8) now accepts non-existent interfaces as well in the command line.

- Add control socket support and rtadvctl(8) utility to show the RA information
in rtadvd(8). Dumping by SIGUSR1 has been removed in favor of it.

Support SIGHUP for reloading /etc/rtadvd.conf.

- Use ELM_MALLOC() for struct rainfo.

- Fix a missing back pointer assignment in struct prefix to struct rainfo
when addr="" is specified. This caused SIGSEGV.

- Insert a prefix element to a tail queue after setting parameters.

Fix build on 64-bit arch.

Submitted by: dim
Pointy hat to: hrs

- Implement RDNSS and DNSSL options (RFC 6106, IPv6 Router Advertisement
Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS
information received by rtsold(8) will go to resolv.conf(5) by
resolvconf(8) script. This is based on work by J.R. Oldroyd (kern/156259)
but revised extensively[1].

- rtadvd(8) now supports "noifprefix" to disable gathering on-link prefixes
from interfaces when no "addr" is specified[2]. An entry in rtadvd.conf
with "noifprefix" + no "addr" generates an RA message with no prefix
information option.

- rtadvd(8) now supports RTM_IFANNOUNCE message to fix crashes when an
interface is added or removed.

- Correct bogus ND_OPT_ROUTE_INFO value to one in RFC 4191.

Reviewed by: bz[1]
PR: kern/156259 [1]
PR: bin/152458 [2]

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

Cleanup of userland __P use

avoid heap overrun

Obtained from: KAME
MFC after: 1 day

fixed a typo in comment

added an ioctl option in kernel so that ndp/rtadvd can change some NDP-related kernel variables based on their configurations (RFC2461 p.43 6.2.1 mandates this for IPv6 routers)

Obtained from: KAME
Reviewd by: ume, gnn
MFC after: 2 weeks

removed compilation warning

PR: bin/71624

- supported a string notation for xxflags.
- deprecate routes#N, as it is hard to keep consistency with
rtprefixN. accept any number of "rtprefix", "rtrefix0",
..., "rtprefix99".
- deprecate "addrs#N", as it is difficult for users to keep
consistency with "addrN".
accept 100 prefix info in maximum - like "addr", "addr0"
... "addr99". WARNS=2 clean on netbsd.
old configuration file should work just fine.
behavior change:
previously, we rejected "addrN" if there's "addr", and we rejected
"addr" if there is "addrN". now we accept both without problem.
- when an advertised prefix configured from the kernel has been added
or invalidated, notice the change in a short delay.
- when invalidating a prefix, do not bark even if there is
inconsistency about prefix lifetimes.
- wrap more specific route info code into ROUTEINFO.

Obtained from: KAME
MFC after: 1 week

malloc() may return NULL.

Obtained from: KAME
MFC after: 1 week

reduce #ifdef.

MFC after: 1 week

use strlcpy() and snprintf().

Obtained from: KAME
MFC after: 1 week

use int64_t instead of long long.

Obtained from: KAME
MFC after: 1 week

Drop MIP6 code. We don't support MIP6 yet.

MFC after: 1 week

KNF, correct typos and cleanup spaces.

Obtained from: KAME
MFC after: 1 week

__FUNCTION__ --> __func__

Obtained from: KAME
MFC after: 1 week

- fixed byte order of route lifetimes in route info opptions.
- corrected wording in a log message.

Obtained from: KAME
MFC after: 1 week

Use assignment, not equivalence test.

No response from: suz

fixed invalid pointer reference

Obtained from: KAME

Fix typos, mostly s/ an / a / where appropriate and a few s/an/and/
Add FreeBSD Id tag where missing.

Do not issue deprecated ioctl.

Obtained from: KAME
MFC after: 2 weeks

Changed the behavior when an interface-direct prefix being advertised
was removed from the kernel;
Advertise the prefix with zero lifetimes rather than to remove the prefix
from the prefix list to be advertised.
This will help renumber a receiving host by deprecating the address
derived from the old prefix.

Obtained from: KAME
MFC after: 2 weeks

Skip duplicated prefixes in get_prefix().

Obtained from: KAME

sprintf -> snprintf

Obtained from: KAME

Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.

Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks

zero-cleared allocated prefix information when configured.

Obtained from: KAME

make it easier to handle $FreeBSD$ tags (amount of diff matters).

Sync with latest KAME

Obtained from: KAME

Added several socket close() which were mistakenly forgotten.

Reported by: Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>

Forbid include of soem inet6 header files from wrong place

KAME put INET6 related stuff into sys/netinet6 dir, but IPv6
standard API(RFC2553) require following files to be under sys/netinet.
netinet/ip6.h
netinet/icmp6.h
Now those header files just include each following files.
netinet6/ip6.h
netinet6/icmp6.h

Also KAME has netinet6/in6.h for easy INET6 common defs
sharing between different BSDs, but RFC2553 requires only
netinet/in.h should be included from userland.
So netinet/in.h also includes netinet6/in6.h inside.

To keep apps portability, apps should not directly include
above files from netinet6 dir.
Ideally, all contents of,
netinet6/ip6.h
netinet6/icmp6.h
netinet6/in6.h
should be moved into
netinet/ip6.h
netinet/icmp6.h
netinet/in.h
but to avoid big changes in this stage, add some hack, that
-Put some special macro define into those files under neitnet
-Let files under netinet6 cause error if it is included
from some apps, and, if the specifal macro define is not
defined.
(which should have been defined if files under netinet is
included)
-And let them print an error message which tells the
correct name of the include file to be included.

Also fix apps which includes invalid header files.

Approved by: jkh

Obtained from: KAME project

libipsec and IPsec related apps. (and some KAME related man pages)

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project