add an endpoint command for "bridges" that use addresses as endpoints.

this can be used to add static entries on interfaces like vxlan(4).

remove unused variables

Remove switch(4) specific bits from ifconfig.
OK deraadt@ patrick@

Replace strto*l(3) with strtonum(3)

Some bridge options allow values bigger than the corresponding datatype
and thus pass overflowed values to the kernel, not all options to range
checks and setting invalid "portno" complains about "portidx" values.

Use the same, simpler strtonum() idiom across all options with consistent
error messages and proper [U]INT*_MAX defines as max values to match the
datatype and all option handlers to be consistent (in less code).

Keep deferring option dependent min/max value checking to the ioctl(2)
interface, i.e. values documented in ifconfig(8) are not duplicated in
strtonum() calls.

OK millert

Print tpmr(4) members

tpmr is a trivial bridge and has no specific ioctls, so to distinguish
it from the rest we must rely on the interface name; assuming that it
is tpmr because neither is_bridge() nor is_switch() return success is
not possible due to the way ifconfig is designed: it runs all *_status()
commands for all interface types.

OK dlg

Merge switch_status() into bridge_status()

This is to reduce duplicate code and prepare for bridge_status() to cover
all bridge like interfaces: bridge(4), switch(4) and tpmr(4).

OK dlg

Remove redundant bridge checks

bridge_status() and switch_status() do the regular sanity check with
SIOCGIFFLAGS, but both functions also call is_switch() and bridge_status()
also calls is_bridge().

is_bridge() checks SIOCGIFFLAGS again, then both is_*() helpers finally do
driver specific ioctl(2) calls to test whether the given interface is
indeed a bridge(4) or a switch(4).

SIOCGIFFLAGS serves no purpose here and is taken care of in ifconfig.c's
getinfo(), so remove its calls from brconfig.c entirely.

OK dlg

remove semicolons not needed after } statements. ok deraadt

Fix ifconfig(8) compiler warnings regarding variable "name" reuse.
Call the global variable with the name of the interface "ifname".
Do not pass it around, just use it globally. Do not use "ifname"
for anything else.
OK deraadt@

Fix some compiler warings in ifconfig(8). Move all prototypes and
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

remove unused variables

Remove switch(4) specific bits from ifconfig.
OK deraadt@ patrick@

Replace strto*l(3) with strtonum(3)

Some bridge options allow values bigger than the corresponding datatype
and thus pass overflowed values to the kernel, not all options to range
checks and setting invalid "portno" complains about "portidx" values.

Use the same, simpler strtonum() idiom across all options with consistent
error messages and proper [U]INT*_MAX defines as max values to match the
datatype and all option handlers to be consistent (in less code).

Keep deferring option dependent min/max value checking to the ioctl(2)
interface, i.e. values documented in ifconfig(8) are not duplicated in
strtonum() calls.

OK millert

Print tpmr(4) members

tpmr is a trivial bridge and has no specific ioctls, so to distinguish
it from the rest we must rely on the interface name; assuming that it
is tpmr because neither is_bridge() nor is_switch() return success is
not possible due to the way ifconfig is designed: it runs all *_status()
commands for all interface types.

OK dlg

Merge switch_status() into bridge_status()

This is to reduce duplicate code and prepare for bridge_status() to cover
all bridge like interfaces: bridge(4), switch(4) and tpmr(4).

OK dlg

Remove redundant bridge checks

bridge_status() and switch_status() do the regular sanity check with
SIOCGIFFLAGS, but both functions also call is_switch() and bridge_status()
also calls is_bridge().

is_bridge() checks SIOCGIFFLAGS again, then both is_*() helpers finally do
driver specific ioctl(2) calls to test whether the given interface is
indeed a bridge(4) or a switch(4).

SIOCGIFFLAGS serves no purpose here and is taken care of in ifconfig.c's
getinfo(), so remove its calls from brconfig.c entirely.

OK dlg

remove semicolons not needed after } statements. ok deraadt

Fix ifconfig(8) compiler warnings regarding variable "name" reuse.
Call the global variable with the name of the interface "ifname".
Do not pass it around, just use it globally. Do not use "ifname"
for anything else.
OK deraadt@

Fix some compiler warings in ifconfig(8). Move all prototypes and
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

Remove switch(4) specific bits from ifconfig.
OK deraadt@ patrick@

Replace strto*l(3) with strtonum(3)

Some bridge options allow values bigger than the corresponding datatype
and thus pass overflowed values to the kernel, not all options to range
checks and setting invalid "portno" complains about "portidx" values.

Use the same, simpler strtonum() idiom across all options with consistent
error messages and proper [U]INT*_MAX defines as max values to match the
datatype and all option handlers to be consistent (in less code).

Keep deferring option dependent min/max value checking to the ioctl(2)
interface, i.e. values documented in ifconfig(8) are not duplicated in
strtonum() calls.

OK millert

Print tpmr(4) members

tpmr is a trivial bridge and has no specific ioctls, so to distinguish
it from the rest we must rely on the interface name; assuming that it
is tpmr because neither is_bridge() nor is_switch() return success is
not possible due to the way ifconfig is designed: it runs all *_status()
commands for all interface types.

OK dlg

Merge switch_status() into bridge_status()

This is to reduce duplicate code and prepare for bridge_status() to cover
all bridge like interfaces: bridge(4), switch(4) and tpmr(4).

OK dlg

Remove redundant bridge checks

bridge_status() and switch_status() do the regular sanity check with
SIOCGIFFLAGS, but both functions also call is_switch() and bridge_status()
also calls is_bridge().

is_bridge() checks SIOCGIFFLAGS again, then both is_*() helpers finally do
driver specific ioctl(2) calls to test whether the given interface is
indeed a bridge(4) or a switch(4).

SIOCGIFFLAGS serves no purpose here and is taken care of in ifconfig.c's
getinfo(), so remove its calls from brconfig.c entirely.

OK dlg

remove semicolons not needed after } statements. ok deraadt

Fix ifconfig(8) compiler warnings regarding variable "name" reuse.
Call the global variable with the name of the interface "ifname".
Do not pass it around, just use it globally. Do not use "ifname"
for anything else.
OK deraadt@

Fix some compiler warings in ifconfig(8). Move all prototypes and
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

Replace strto*l(3) with strtonum(3)

Some bridge options allow values bigger than the corresponding datatype
and thus pass overflowed values to the kernel, not all options to range
checks and setting invalid "portno" complains about "portidx" values.

Use the same, simpler strtonum() idiom across all options with consistent
error messages and proper [U]INT*_MAX defines as max values to match the
datatype and all option handlers to be consistent (in less code).

Keep deferring option dependent min/max value checking to the ioctl(2)
interface, i.e. values documented in ifconfig(8) are not duplicated in
strtonum() calls.

OK millert

Print tpmr(4) members

tpmr is a trivial bridge and has no specific ioctls, so to distinguish
it from the rest we must rely on the interface name; assuming that it
is tpmr because neither is_bridge() nor is_switch() return success is
not possible due to the way ifconfig is designed: it runs all *_status()
commands for all interface types.

OK dlg

Merge switch_status() into bridge_status()

This is to reduce duplicate code and prepare for bridge_status() to cover
all bridge like interfaces: bridge(4), switch(4) and tpmr(4).

OK dlg

Remove redundant bridge checks

bridge_status() and switch_status() do the regular sanity check with
SIOCGIFFLAGS, but both functions also call is_switch() and bridge_status()
also calls is_bridge().

is_bridge() checks SIOCGIFFLAGS again, then both is_*() helpers finally do
driver specific ioctl(2) calls to test whether the given interface is
indeed a bridge(4) or a switch(4).

SIOCGIFFLAGS serves no purpose here and is taken care of in ifconfig.c's
getinfo(), so remove its calls from brconfig.c entirely.

OK dlg

remove semicolons not needed after } statements. ok deraadt

Fix ifconfig(8) compiler warnings regarding variable "name" reuse.
Call the global variable with the name of the interface "ifname".
Do not pass it around, just use it globally. Do not use "ifname"
for anything else.
OK deraadt@

Fix some compiler warings in ifconfig(8). Move all prototypes and
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

Print tpmr(4) members

tpmr is a trivial bridge and has no specific ioctls, so to distinguish
it from the rest we must rely on the interface name; assuming that it
is tpmr because neither is_bridge() nor is_switch() return success is
not possible due to the way ifconfig is designed: it runs all *_status()
commands for all interface types.

OK dlg

Merge switch_status() into bridge_status()

This is to reduce duplicate code and prepare for bridge_status() to cover
all bridge like interfaces: bridge(4), switch(4) and tpmr(4).

OK dlg

Remove redundant bridge checks

bridge_status() and switch_status() do the regular sanity check with
SIOCGIFFLAGS, but both functions also call is_switch() and bridge_status()
also calls is_bridge().

is_bridge() checks SIOCGIFFLAGS again, then both is_*() helpers finally do
driver specific ioctl(2) calls to test whether the given interface is
indeed a bridge(4) or a switch(4).

SIOCGIFFLAGS serves no purpose here and is taken care of in ifconfig.c's
getinfo(), so remove its calls from brconfig.c entirely.

OK dlg

remove semicolons not needed after } statements. ok deraadt

Fix ifconfig(8) compiler warnings regarding variable "name" reuse.
Call the global variable with the name of the interface "ifname".
Do not pass it around, just use it globally. Do not use "ifname"
for anything else.
OK deraadt@

Fix some compiler warings in ifconfig(8). Move all prototypes and
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

Remove redundant bridge checks

bridge_status() and switch_status() do the regular sanity check with
SIOCGIFFLAGS, but both functions also call is_switch() and bridge_status()
also calls is_bridge().

is_bridge() checks SIOCGIFFLAGS again, then both is_*() helpers finally do
driver specific ioctl(2) calls to test whether the given interface is
indeed a bridge(4) or a switch(4).

SIOCGIFFLAGS serves no purpose here and is taken care of in ifconfig.c's
getinfo(), so remove its calls from brconfig.c entirely.

OK dlg

remove semicolons not needed after } statements. ok deraadt

Fix ifconfig(8) compiler warnings regarding variable "name" reuse.
Call the global variable with the name of the interface "ifname".
Do not pass it around, just use it globally. Do not use "ifname"
for anything else.
OK deraadt@

Fix some compiler warings in ifconfig(8). Move all prototypes and
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

remove semicolons not needed after } statements. ok deraadt

Fix ifconfig(8) compiler warnings regarding variable "name" reuse.
Call the global variable with the name of the interface "ifname".
Do not pass it around, just use it globally. Do not use "ifname"
for anything else.
OK deraadt@

Fix some compiler warings in ifconfig(8). Move all prototypes and
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

Fix ifconfig(8) compiler warnings regarding variable "name" reuse.
Call the global variable with the name of the interface "ifname".
Do not pass it around, just use it globally. Do not use "ifname"
for anything else.
OK deraadt@

Fix some compiler warings in ifconfig(8). Move all prototypes and
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

Fix some compiler warings in ifconfig(8). Move all prototypes and
variables used in multiple .c files into common ifconfig.h. Basically
this renames brconfig.h to ifconfig.h and also uses it for sff.c.
Fix missing prototypes. Global variable name s is bad as it shadows
local variables. Call it sock and use it everywhere.
OK deraadt@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

When system calls indicate an error they return -1, not some arbitrary
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

Delete superfluous #includes of <ifaddrs.h>, <net/if_dl.h>, and <net/if_enc.h>

ok krw@, jsg@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

Unused variables.

ok henning@ phessler@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

return early on some unhandled ioctls rather than err().

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

Add a new '-protected' option for bridge members.

Bridge members that are part of the same protected domain, refered by
a number between 1 and 31, cannot talk to each others. This is useful
to isolate VMs or untrusted networks at layer 2.

Members can be part of multiple protected domain making it possible to
create complex protected setups.

ok ccardenas@, claudio@, dlg@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

implement an arp filter
allows arp (and rarp) requests and replies to be matched, including matching
based on the source and target host and protocol adresses, and thus control
over arp traffic and learning.
written for medical x-ray machines, but useful in many spread out L2 networks
ok claudio benno

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@

The handling of 'add' used by bridge and switch in ifconfig does not
error out if the ioctl returns EEXIST. Do the same for the switch
specific 'addlocal' and 'portno' ioctls so netstart won't error out
when rerun with the same settings in hostname.switchN.

ok reyk@

Fix clang warning about tautological compare: an unsigned long can't
be negative. ok deraadt@

Rename "flowmax" to "maxflow" and give each switch(4) ioctl a
dedicated number. Both changes for consistency.

OK rzalamena@

Make the ifconfig switch0 output nicer using a single line and the
same keys as the actual commands (datapath, maxgroup, flowmax).
flowmax should eventually renamed to maxflow for consistency.

OK rzalamena@

Use strtoull() to read the datapath id and expect "datapath" instead of
"datapathid" as stated by the man page.

ok reyk@

fix format string and remove unused variables

ok yasuoka@ goda@

Add switch(4) support to ifconfig

ok deraadt@ yasuoka@ reyk@ henning@

Indent the output of bridge rules in ifconfig.

ok reyk@

Pass NI_DGRAM to getnameinfo() to use UDP tunnel service names.

Import vxlan(4), the virtual extensible local area network tunnel
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.

put it in deraadt@

Return EEXIST to 'add' when a port is already a bridge member. This makes
reconfiguration with /etc/netstart silent again. (noticed by deraadt)

And do the same for 'addspan'.

ok deraadt

remove some unnecessary sys/param.h inclusions

get rid of unneeded \n here. err(3) family already does it for us.

OK mikeb@ camield@ reyk@ sobrado@ henning@ krw@

use warn() and warnx() instead of incorrect stderr printing.
get rid of EX_* since ifconfig(8) is not sysexits program.
discussed with claudio

remove unused variables

ok claudio@

Merge brconfig into ifconfig. It is annoying that it is impossible to do
ifconfig bridge0 add em0 add gif0 add vether0 up
instead you need to
ifconfig bridge0 create
brconfig bridge0 add em0 add gif0 add vether0 up
This is working for everything now but we may do some changes when needed.
Manpages and startup scripts are following soon.
OK deraadt@, henning@