KAME netinet6 basic part(no IPsec,no V6 Multicast Forwarding, no UDP/TCP

for IPv6 yet)

With this patch, you can assigne IPv6 addr automatically, and can reply to
IPv6 ping.

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project

9 files changed, 946 insertions, 67 deletions

diff --git a/sys/net/if.c b/sys/net/if.c
index 37d3008..7c560bc 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -35,6 +35,7 @@
  */
 
 #include "opt_compat.h"
+#include "opt_inet.h"
 
 #include <sys/param.h>
 #include <sys/malloc.h>
@@ -53,6 +54,11 @@
 #include <net/if_dl.h>
 #include <net/radix.h>
 
+#ifdef INET6
+/*XXX*/
+#include <netinet/in.h>
+#endif
+
 /*
  * System initialization
  */
@@ -71,6 +77,14 @@ MALLOC_DEFINE(M_IFMADDR, "ether_multi", "link-level multicast address");
 int	ifqmaxlen = IFQ_MAXLEN;
 struct	ifnethead ifnet;	/* depend on static init XXX */
 
+#ifdef INET6
+/*
+ * XXX: declare here to avoid to include many inet6 related files..
+ * should be more generalized?
+ */
+extern void	nd6_setmtu __P((struct ifnet *));
+#endif
+
 /*
  * Network interface utility routines.
  *
@@ -98,6 +112,7 @@ ifinit(dummy)
 
 int if_index = 0;
 struct ifaddr **ifnet_addrs;
+struct ifnet **ifindex2ifnet = NULL;
 
 
 /*
@@ -131,19 +146,32 @@ if_attach(ifp)
 	 * this unlikely case.
 	 */
 	TAILQ_INIT(&ifp->if_addrhead);
+	TAILQ_INIT(&ifp->if_prefixhead);
 	LIST_INIT(&ifp->if_multiaddrs);
 	getmicrotime(&ifp->if_lastchange);
 	if (ifnet_addrs == 0 || if_index >= if_indexlim) {
 		unsigned n = (if_indexlim <<= 1) * sizeof(ifa);
-		struct ifaddr **q = (struct ifaddr **)
-					malloc(n, M_IFADDR, M_WAITOK);
-		bzero((caddr_t)q, n);
+		caddr_t q = malloc(n, M_IFADDR, M_WAITOK);
+		bzero(q, n);
 		if (ifnet_addrs) {
 			bcopy((caddr_t)ifnet_addrs, (caddr_t)q, n/2);
 			free((caddr_t)ifnet_addrs, M_IFADDR);
 		}
-		ifnet_addrs = q;
+		ifnet_addrs = (struct ifaddr **)q;
+
+		/* grow ifindex2ifnet */
+		n = if_indexlim * sizeof(struct ifnet *);
+		q = malloc(n, M_IFADDR, M_WAITOK);
+		bzero(q, n);
+		if (ifindex2ifnet) {
+			bcopy((caddr_t)ifindex2ifnet, q, n/2);
+			free((caddr_t)ifindex2ifnet, M_IFADDR);
+		}
+		ifindex2ifnet = (struct ifnet **)q;
 	}
+
+	ifindex2ifnet[if_index] = ifp;
+
 	/*
 	 * create a Link Level name for this device
 	 */
@@ -207,7 +235,7 @@ if_detach(ifp)
 	     ifa = TAILQ_FIRST(&ifp->if_addrhead)) {
 		TAILQ_REMOVE(&ifp->if_addrhead, ifa, ifa_link);
 		IFAFREE(ifa);
-	}    
+	}
 
 	TAILQ_REMOVE(&ifnet, ifp, if_link);
 }
@@ -226,13 +254,15 @@ ifa_ifwithaddr(addr)
 #define	equal(a1, a2) \
   (bcmp((caddr_t)(a1), (caddr_t)(a2), ((struct sockaddr *)(a1))->sa_len) == 0)
 	for (ifp = ifnet.tqh_first; ifp; ifp = ifp->if_link.tqe_next)
-	    for (ifa = ifp->if_addrhead.tqh_first; ifa; 
+	    for (ifa = ifp->if_addrhead.tqh_first; ifa;
 		 ifa = ifa->ifa_link.tqe_next) {
 		if (ifa->ifa_addr->sa_family != addr->sa_family)
 			continue;
 		if (equal(addr, ifa->ifa_addr))
 			return (ifa);
 		if ((ifp->if_flags & IFF_BROADCAST) && ifa->ifa_broadaddr &&
+		    /* IP6 doesn't have broadcast */
+		    ifa->ifa_broadaddr->sa_len != 0 &&
 		    equal(ifa->ifa_broadaddr, addr))
 			return (ifa);
 	}
@@ -251,7 +281,7 @@ ifa_ifwithdstaddr(addr)
 
 	for (ifp = ifnet.tqh_first; ifp; ifp = ifp->if_link.tqe_next)
 	    if (ifp->if_flags & IFF_POINTOPOINT)
-		for (ifa = ifp->if_addrhead.tqh_first; ifa; 
+		for (ifa = ifp->if_addrhead.tqh_first; ifa;
 		     ifa = ifa->ifa_link.tqe_next) {
 			if (ifa->ifa_addr->sa_family != addr->sa_family)
 				continue;
@@ -285,7 +315,7 @@ ifa_ifwithnet(addr)
 		return (ifnet_addrs[sdl->sdl_index - 1]);
 	}
 
-	/* 
+	/*
 	 * Scan though each interface, looking for ones that have
 	 * addresses in this address family.
 	 */
@@ -296,13 +326,17 @@ ifa_ifwithnet(addr)
 
 			if (ifa->ifa_addr->sa_family != af)
 next:				continue;
-			if (ifp->if_flags & IFF_POINTOPOINT) {
+			if (
+#ifdef INET6 /* XXX: for maching gif tunnel dst as routing entry gateway */
+			    addr->sa_family != AF_INET6 &&
+#endif
+			    ifp->if_flags & IFF_POINTOPOINT) {
 				/*
-				 * This is a bit broken as it doesn't 
-				 * take into account that the remote end may 
+				 * This is a bit broken as it doesn't
+				 * take into account that the remote end may
 				 * be a single node in the network we are
 				 * looking for.
-				 * The trouble is that we don't know the 
+				 * The trouble is that we don't know the
 				 * netmask for the remote end.
 				 */
 				if (ifa->ifa_dstaddr != 0
@@ -372,7 +406,7 @@ ifaof_ifpforaddr(addr, ifp)
 
 	if (af >= AF_MAX)
 		return (0);
-	for (ifa = ifp->if_addrhead.tqh_first; ifa; 
+	for (ifa = ifp->if_addrhead.tqh_first; ifa;
 	     ifa = ifa->ifa_link.tqe_next) {
 		if (ifa->ifa_addr->sa_family != af)
 			continue;
@@ -471,6 +505,9 @@ if_route(ifp, flag, fam)
 		if (fam == PF_UNSPEC || (fam == ifa->ifa_addr->sa_family))
 			pfctlinput(PRC_IFUP, ifa->ifa_addr);
 	rt_ifmsg(ifp);
+#ifdef INET6
+	in6_if_up(ifp);
+#endif
 }
 
 /*
@@ -559,9 +596,9 @@ ifunit(name)
 	/*
 	 * Look for a non numeric part
 	 */
-	end = name + IFNAMSIZ; 
+	end = name + IFNAMSIZ;
 	cp2 = namebuf;
-	cp = name; 
+	cp = name;
 	while ((cp < end) && (c = *cp)) {
 		if (c >= '0' && c <= '9')
 			break;
@@ -576,7 +613,7 @@ ifunit(name)
 	 */
 	len = cp - name + 1;
 	for (unit = 0;
-	    ((c = *cp) >= '0') && (c <= '9') && (unit < 1000000); cp++ ) 
+	    ((c = *cp) >= '0') && (c <= '9') && (unit < 1000000); cp++ )
 		unit = (unit * 10) + (c - '0');
 	if (*cp != '\0')
 		return 0;	/* no trailing garbage allowed */
@@ -592,6 +629,35 @@ ifunit(name)
 	return (ifp);
 }
 
+
+/*
+ * Map interface name in a sockaddr_dl to
+ * interface structure pointer.
+ */
+struct ifnet *
+if_withname(sa)
+	struct sockaddr *sa;
+{
+	char ifname[IFNAMSIZ+1];
+	struct sockaddr_dl *sdl = (struct sockaddr_dl *)sa;
+
+	if ( (sa->sa_family != AF_LINK) || (sdl->sdl_nlen == 0) ||
+	     (sdl->sdl_nlen > IFNAMSIZ) )
+		return NULL;
+
+	/*
+	 * ifunit wants a null-terminated name.  It may not be null-terminated
+	 * in the sockaddr.  We don't want to change the caller's sockaddr,
+	 * and there might not be room to put the trailing null anyway, so we
+	 * make a local copy that we know we can null terminate safely.
+	 */
+
+	bcopy(sdl->sdl_data, ifname, sdl->sdl_nlen);
+	ifname[sdl->sdl_nlen] = '\0';
+	return ifunit(ifname);
+}
+
+
 /*
  * Interface ioctls.
  */
@@ -606,6 +672,7 @@ ifioctl(so, cmd, data, p)
 	register struct ifreq *ifr;
 	struct ifstat *ifs;
 	int error;
+	short oif_flags;
 
 	switch (cmd) {
 
@@ -680,6 +747,9 @@ ifioctl(so, cmd, data, p)
 		return(error);
 
 	case SIOCSIFMTU:
+	{
+		u_long oldmtu = ifp->if_mtu;
+
 		error = suser(p);
 		if (error)
 			return (error);
@@ -690,7 +760,16 @@ ifioctl(so, cmd, data, p)
 		error = (*ifp->if_ioctl)(ifp, cmd, data);
 		if (error == 0)
 			getmicrotime(&ifp->if_lastchange);
-		return(error);
+		/*
+		 * If the link MTU changed, do network layer specific procedure.
+		 */
+		if (ifp->if_mtu != oldmtu) {
+#ifdef INET6
+			nd6_setmtu(ifp);
+#endif
+		}
+		return (error);
+	}
 
 	case SIOCADDMULTI:
 	case SIOCDELMULTI:
@@ -739,10 +818,11 @@ ifioctl(so, cmd, data, p)
 		return ((*ifp->if_ioctl)(ifp, cmd, data));
 
 	default:
+		oif_flags = ifp->if_flags;
 		if (so->so_proto == 0)
 			return (EOPNOTSUPP);
 #ifndef COMPAT_43
-		return ((*so->so_proto->pr_usrreqs->pru_control)(so, cmd,
+		error = ((*so->so_proto->pr_usrreqs->pru_control)(so, cmd,
 								 data,
 								 ifp, p));
 #else
@@ -793,11 +873,22 @@ ifioctl(so, cmd, data, p)
 		case OSIOCGIFBRDADDR:
 		case OSIOCGIFNETMASK:
 			*(u_short *)&ifr->ifr_addr = ifr->ifr_addr.sa_family;
-		}
-		return (error);
 
+		}
 	    }
+#endif /* COMPAT_43 */
+
+		if ((oif_flags ^ ifp->if_flags) & IFF_UP) {
+#ifdef INET6
+			if (ifp->if_flags & IFF_UP) {
+				int s = splimp();
+				in6_if_up(ifp);
+				splx(s);
+			}
 #endif
+		}
+		return (error);
+
 	}
 	return (0);
 }
@@ -960,7 +1051,7 @@ if_allmulti(ifp, onswitch)
 
 /*
  * Add a multicast listenership to the interface in question.
- * The link layer provides a routine which converts 
+ * The link layer provides a routine which converts
  */
 int
 if_addmulti(ifp, sa, retifma)
@@ -976,7 +1067,7 @@ if_addmulti(ifp, sa, retifma)
 	 * If the matching multicast address already exists
 	 * then don't add a new one, just add a reference
 	 */
-	for (ifma = ifp->if_multiaddrs.lh_first; ifma; 
+	for (ifma = ifp->if_multiaddrs.lh_first; ifma;
 	     ifma = ifma->ifma_link.le_next) {
 		if (equal(sa, ifma->ifma_addr)) {
 			ifma->ifma_refcount++;
@@ -1063,7 +1154,7 @@ if_delmulti(ifp, sa)
 	struct ifmultiaddr *ifma;
 	int s;
 
-	for (ifma = ifp->if_multiaddrs.lh_first; ifma; 
+	for (ifma = ifp->if_multiaddrs.lh_first; ifma;
 	     ifma = ifma->ifma_link.le_next)
 		if (equal(sa, ifma->ifma_addr))
 			break;
@@ -1096,7 +1187,7 @@ if_delmulti(ifp, sa)
 	 * in the record for the link-layer address.  (So we don't complain
 	 * in that case.)
 	 */
-	for (ifma = ifp->if_multiaddrs.lh_first; ifma; 
+	for (ifma = ifp->if_multiaddrs.lh_first; ifma;
 	     ifma = ifma->ifma_link.le_next)
 		if (equal(sa, ifma->ifma_addr))
 			break;
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index d6046be..dc55d54 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -56,11 +56,15 @@
 #include <net/if_dl.h>
 #include <net/if_types.h>
 
-#ifdef INET
+#if defined(INET) || defined(INET6)
 #include <netinet/in.h>
 #include <netinet/in_var.h>
 #include <netinet/if_ether.h>
 #endif
+#ifdef INET6
+#include <netinet6/nd6.h>
+#include <netinet6/in6_ifattach.h>
+#endif
 
 #ifdef IPX
 #include <netipx/ipx.h>
@@ -112,7 +116,7 @@ extern u_char	aarp_org_code[3];
 #include <net/if_vlan_var.h>
 #endif /* NVLAN > 0 */
 
-static	int ether_resolvemulti __P((struct ifnet *, struct sockaddr **, 
+static	int ether_resolvemulti __P((struct ifnet *, struct sockaddr **,
 				    struct sockaddr *));
 u_char	etherbroadcastaddr[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
 #define senderr(e) do { error = (e); goto bad;} while (0)
@@ -146,7 +150,7 @@ static struct ng_type typestruct = {
 	ngether_connect,
 	ngether_rcvdata,
 	ngether_rcvdata,
-	ngether_disconnect 
+	ngether_disconnect
 };
 
 #define AC2NG(AC) ((node_p)((AC)->ac_ng))
@@ -214,6 +218,17 @@ ether_output(ifp, m0, dst, rt0)
 		type = htons(ETHERTYPE_IP);
 		break;
 #endif
+#ifdef INET6
+	case AF_INET6:
+		if (!nd6_storelladdr(&ac->ac_if, rt, m, dst, (u_char *)edst)) {
+			/* this must be impossible, so we bark */
+			printf("nd6_storelladdr failed\n");
+			return(0);
+		}
+		off = m->m_pkthdr.len - m->m_len;
+		type = htons(ETHERTYPE_IPV6);
+		break;
+#endif
 #ifdef IPX
 	case AF_IPX:
 		type = htons(ETHERTYPE_IPX);
@@ -530,6 +545,12 @@ ether_input(ifp, eh, m)
 		inq = &ipxintrq;
 		break;
 #endif
+#ifdef INET6
+	case ETHERTYPE_IPV6:
+		schednetisr(NETISR_IPV6);
+		inq = &ip6intrq;
+		break;
+#endif
 #ifdef NS
 	case 0x8137: /* Novell Ethernet_II Ethernet TYPE II */
 		schednetisr(NETISR_NS);
@@ -741,6 +762,9 @@ ether_ifattach(ifp)
 #ifdef	NETGRAPH
 	ngether_init(ifp);
 #endif /* NETGRAPH */
+#ifdef INET6
+	in6_ifattach_getifid(ifp);
+#endif
 }
 
 SYSCTL_DECL(_net_link);
@@ -778,7 +802,7 @@ ether_ioctl(ifp, command, data)
 
 			if (ipx_nullhost(*ina))
 				ina->x_host =
-				    *(union ipx_host *) 
+				    *(union ipx_host *)
 			            ac->ac_enaddr;
 			else {
 				bcopy((caddr_t) ina->x_host.c_host,
@@ -856,11 +880,14 @@ ether_resolvemulti(ifp, llsa, sa)
 {
 	struct sockaddr_dl *sdl;
 	struct sockaddr_in *sin;
+#ifdef INET6
+	struct sockaddr_in6 *sin6;
+#endif
 	u_char *e_addr;
 
 	switch(sa->sa_family) {
 	case AF_LINK:
-		/* 
+		/*
 		 * No mapping needed. Just check that it's a valid MC address.
 		 */
 		sdl = (struct sockaddr_dl *)sa;
@@ -889,9 +916,28 @@ ether_resolvemulti(ifp, llsa, sa)
 		*llsa = (struct sockaddr *)sdl;
 		return 0;
 #endif
+#ifdef INET6
+	case AF_INET6:
+		sin6 = (struct sockaddr_in6 *)sa;
+		if (!IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr))
+			return EADDRNOTAVAIL;
+		MALLOC(sdl, struct sockaddr_dl *, sizeof *sdl, M_IFMADDR,
+		       M_WAITOK);
+		sdl->sdl_len = sizeof *sdl;
+		sdl->sdl_family = AF_LINK;
+		sdl->sdl_index = ifp->if_index;
+		sdl->sdl_type = IFT_ETHER;
+		sdl->sdl_nlen = 0;
+		sdl->sdl_alen = ETHER_ADDR_LEN;
+		sdl->sdl_slen = 0;
+		e_addr = LLADDR(sdl);
+		ETHER_MAP_IPV6_MULTICAST(&sin6->sin6_addr, e_addr);
+		*llsa = (struct sockaddr *)sdl;
+		return 0;
+#endif
 
 	default:
-		/* 
+		/*
 		 * Well, the text isn't quite right, but it's the name
 		 * that counts...
 		 */
@@ -976,8 +1022,8 @@ ngether_constructor(node_p *nodep)
 
 /*
  * Give our ok for a hook to be added...
- * 
- * Allow one hook at a time (rawdata). 
+ *
+ * Allow one hook at a time (rawdata).
  * It can eiteh rdivert everything or only unclaimed packets.
  */
 static	int
@@ -1014,10 +1060,10 @@ ngether_rcvmsg(node_p node,
 
 	ifp = node->private;
 	switch (msg->header.typecookie) {
-	    case	NGM_ETHER_COOKIE: 
+	    case	NGM_ETHER_COOKIE:
 		error = EINVAL;
 		break;
-	    case	NGM_GENERIC_COOKIE: 
+	    case	NGM_GENERIC_COOKIE:
 		switch(msg->header.cmd) {
 		    case NGM_TEXT_STATUS: {
 			    char	*arg;
@@ -1025,10 +1071,10 @@ ngether_rcvmsg(node_p node,
 			    int resplen = sizeof(struct ng_mesg) + 512;
 			    MALLOC(*resp, struct ng_mesg *, resplen,
 					M_NETGRAPH, M_NOWAIT);
-			    if (*resp == NULL) { 
+			    if (*resp == NULL) {
 				error = ENOMEM;
 				break;
-			    }       
+			    }
 			    bzero(*resp, resplen);
 			    arg = (*resp)->data;
 
@@ -1135,10 +1181,10 @@ bad:
  * pass an mbuf out to the connected hook
  * More complicated than just an m_prepend, as it tries to save later nodes
  * from needing to do lots of m_pullups.
- */	     
+ */	
 static void
 ngether_send(struct arpcom *ac, struct ether_header *eh, struct mbuf *m)
-{       
+{
 	int room;
 	node_p node = AC2NG(ac);
 	struct ether_header *eh2;
@@ -1150,15 +1196,15 @@ ngether_send(struct arpcom *ac, struct ether_header *eh, struct mbuf *m)
 		eh2 = mtod(m, struct ether_header *) - 1;
 		if ( eh == eh2) {
 			/*
-			 * This is the case so just move the markers back to 
+			 * This is the case so just move the markers back to
 			 * re-include it. We lucked out.
 			 * This allows us to avoid a yucky m_pullup
 			 * in later nodes if it works.
-			 */ 
-			m->m_len += sizeof(*eh); 
+			 */
+			m->m_len += sizeof(*eh);
 			m->m_data -= sizeof(*eh);
 			m->m_pkthdr.len += sizeof(*eh);
-		} else { 
+		} else {
 			/*
 			 * Alternatively there may be room even though
 			 * it is stored somewhere else. If so, copy it in.
@@ -1170,7 +1216,7 @@ ngether_send(struct arpcom *ac, struct ether_header *eh, struct mbuf *m)
 			 * that fall into these cases. So we are not optimising
 			 * contorted cases.
 			 */
-	      
+	
 			if (m->m_flags & M_EXT) {
 				room = (mtod(m, caddr_t) - m->m_ext.ext_buf);
 				if (room > m->m_ext.ext_size) /* garbage */
@@ -1178,14 +1224,14 @@ ngether_send(struct arpcom *ac, struct ether_header *eh, struct mbuf *m)
 			} else {
 				room = (mtod(m, caddr_t) - m->m_pktdat);
 			}
-			if (room > sizeof (*eh)) {  
+			if (room > sizeof (*eh)) {
 				/* we have room, just copy it and adjust */
 				m->m_len += sizeof(*eh);
 				m->m_data -= sizeof(*eh);
 				m->m_pkthdr.len += sizeof(*eh);
 			} else {
 				/*
-				 * Doing anything more is likely to get more 
+				 * Doing anything more is likely to get more
 				 * expensive than it's worth..
 				 * it's probable that everything else is in one
 				 * big lump. The next node will do an m_pullup()
@@ -1230,7 +1276,7 @@ ngether_connect(hook_p hook)
 /*
  * notify on hook disconnection (destruction)
  *
- * For this type, removal of the last lins no effect. The interface can run 
+ * For this type, removal of the last lins no effect. The interface can run
  * independently.
  * Since we have no per-hook information, this is rather simple.
  */
diff --git a/sys/net/if_gif.h b/sys/net/if_gif.h
new file mode 100644
index 0000000..a402471
--- /dev/null
+++ b/sys/net/if_gif.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+/*
+ * if_gif.h
+ */
+
+#ifndef _NET_IF_GIF_H_
+#define _NET_IF_GIF_H_
+
+#include <netinet/in.h>
+/* xxx sigh, why route have struct route instead of pointer? */
+
+struct gif_softc {
+	struct	ifnet		gif_if;	   /* common area */
+	struct	sockaddr	*gif_psrc; /* Physical src addr */
+	struct	sockaddr	*gif_pdst; /* Physical dst addr */
+	union {
+		struct	route  gifscr_ro;    /* xxx */
+		struct	route_in6 gifscr_ro6; /* xxx */
+	} gifsc_gifscr;
+	int	gif_flags;
+};
+
+#define	gif_ro gifsc_gifscr.gifscr_ro
+#define	gif_ro6 gifsc_gifscr.gifscr_ro6
+
+#define	GIFF_INUSE	0x1	/* gif is in use */
+
+#define	GIF_MTU		(1280)	/* Default MTU */
+#define	GIF_MTU_MIN	(1280)	/* Minimum MTU */
+#define	GIF_MTU_MAX	(8192)	/* Maximum MTU */
+
+extern int	ngif;
+extern struct	gif_softc *gif;
+
+/* Prototypes */
+void	gif_input __P((struct mbuf *, int, struct ifnet *));
+int	gif_output __P((struct ifnet *, struct mbuf *,
+		    struct sockaddr *, struct rtentry *));
+int	gif_ioctl __P((struct ifnet *, u_long, caddr_t));
+
+#endif /* _NET_IF_GIF_H_ */
diff --git a/sys/net/if_loop.c b/sys/net/if_loop.c
index de692e5..c57f857 100644
--- a/sys/net/if_loop.c
+++ b/sys/net/if_loop.c
@@ -67,6 +67,14 @@
 #include <netipx/ipx_if.h>
 #endif
 
+#ifdef INET6
+#ifndef INET
+#include <netinet/in.h>
+#endif
+#include <netinet6/in6_var.h>
+#include <netinet6/ip6.h>
+#endif
+
 #ifdef NS
 #include <netns/ns.h>
 #include <netns/ns_if.h>
@@ -93,6 +101,8 @@ static int looutput __P((struct ifnet *ifp,
 
 #ifdef TINY_LOMTU
 #define	LOMTU	(1024+512)
+#elif defined(LARGE_LOMTU)
+#define LOMTU	131072
 #else
 #define LOMTU	16384
 #endif
@@ -136,11 +146,41 @@ looutput(ifp, m, dst, rt)
 		return (rt->rt_flags & RTF_BLACKHOLE ? 0 :
 		        rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
 	}
+	/*
+	 * KAME requires that the packet to be contiguous on the
+	 * mbuf.  We need to make that sure.
+	 * this kind of code should be avoided.
+	 * XXX: fails to join if interface MTU > MCLBYTES.  jumbogram?
+	 */
+	if (m && m->m_next != NULL && m->m_pkthdr.len < MCLBYTES) {
+		struct mbuf *n;
+
+		MGETHDR(n, M_DONTWAIT, MT_HEADER);
+		if (!n)
+			goto contiguousfail;
+		MCLGET(n, M_DONTWAIT);
+		if (! (n->m_flags & M_EXT)) {
+			m_freem(n);
+			goto contiguousfail;
+		}
+
+		m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
+		n->m_pkthdr = m->m_pkthdr;
+		n->m_len = m->m_pkthdr.len;
+		m_freem(m);
+		m = n;
+	}
+	if (0) {
+contiguousfail:
+		printf("looutput: mbuf allocation failed\n");
+	}
+
 	ifp->if_opackets++;
 	ifp->if_obytes += m->m_pkthdr.len;
 #if 1	/* XXX */
 	switch (dst->sa_family) {
 	case AF_INET:
+	case AF_INET6:
 	case AF_IPX:
 	case AF_NS:
 	case AF_ISO:
@@ -227,6 +267,13 @@ if_simloop(ifp, m, dst, hlen)
 		isr = NETISR_IP;
 		break;
 #endif
+#ifdef INET6
+	case AF_INET6:
+		m->m_flags |= M_LOOP;
+		ifq = &ip6intrq;
+		isr = NETISR_IPV6;
+		break;
+#endif
 #ifdef IPX
 	case AF_IPX:
 		ifq = &ipxintrq;
@@ -285,7 +332,7 @@ lortrequest(cmd, rt, sa)
 		 * should be at least twice the MTU plus a little more for
 		 * overhead.
 		 */
-		rt->rt_rmx.rmx_recvpipe = 
+		rt->rt_rmx.rmx_recvpipe =
 			rt->rt_rmx.rmx_sendpipe = 3 * LOMTU;
 	}
 }
@@ -327,6 +374,10 @@ loioctl(ifp, cmd, data)
 		case AF_INET:
 			break;
 #endif
+#ifdef INET6
+		case AF_INET6:
+			break;
+#endif
 
 		default:
 			error = EAFNOSUPPORT;
diff --git a/sys/net/if_var.h b/sys/net/if_var.h
index 0b6e40d..8d497d4 100644
--- a/sys/net/if_var.h
+++ b/sys/net/if_var.h
@@ -166,6 +166,10 @@ typedef void if_init_f_t __P((void *));
 #define	if_xmitquota	if_data.ifi_xmitquota
 #define if_rawoutput(if, m, sa) if_output(if, m, sa, (struct rtentry *)0)
 
+/* for compatibility with other BSDs */
+#define	if_addrlist	if_addrhead
+#define	if_list		if_link
+
 /*
  * Bit values in if_ipending
  */
@@ -270,16 +274,19 @@ struct ifaddr {
 };
 #define	IFA_ROUTE	RTF_UP		/* route installed */
 
+/* for compatibility with other BSDs */
+#define	ifa_list	ifa_link
+
 /*
  * The prefix structure contains information about one prefix
  * of an interface.  They are maintained by the different address families,
  * are allocated and attached when an prefix or an address is set,
- * and are linked together so all prfefixes for an interface can be located.
+ * and are linked together so all prefixes for an interface can be located.
  */
 struct ifprefix {
 	struct	sockaddr *ifpr_prefix;	/* prefix of interface */
 	struct	ifnet *ifpr_ifp;	/* back-pointer to interface */
-	TAILQ_ENTRY(ifprefix)	*ifpr_list; /* queue macro glue */
+	TAILQ_ENTRY(ifprefix) ifpr_list; /* queue macro glue */
 	u_char	ifpr_plen;		/* prefix length in bits */
 	u_char	ifpr_type;		/* protocol dependent prefix type */
 };
@@ -321,7 +328,7 @@ int	ether_output __P((struct ifnet *,
 	   struct mbuf *, struct sockaddr *, struct rtentry *));
 int	ether_ioctl __P((struct ifnet *, int, caddr_t));
 
-int	if_addmulti __P((struct ifnet *, struct sockaddr *, 
+int	if_addmulti __P((struct ifnet *, struct sockaddr *,
 			 struct ifmultiaddr **));
 int	if_allmulti __P((struct ifnet *, int));
 void	if_attach __P((struct ifnet *));
@@ -352,7 +359,7 @@ struct	ifaddr *ifa_ifwithroute __P((int, struct sockaddr *,
 struct	ifaddr *ifaof_ifpforaddr __P((struct sockaddr *, struct ifnet *));
 void	ifafree __P((struct ifaddr *));
 
-struct	ifmultiaddr *ifmaof_ifpforaddr __P((struct sockaddr *, 
+struct	ifmultiaddr *ifmaof_ifpforaddr __P((struct sockaddr *,
 					    struct ifnet *));
 int	if_simloop __P((struct ifnet *ifp, struct mbuf *m,
 		struct sockaddr *dst, int hlen));
diff --git a/sys/net/net_osdep.c b/sys/net/net_osdep.c
new file mode 100644
index 0000000..81dd3a8
--- /dev/null
+++ b/sys/net/net_osdep.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/kernel.h>
+#include <sys/mbuf.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+#include <sys/errno.h>
+#include <sys/time.h>
+#include <sys/syslog.h>
+#include <machine/cpu.h>
+
+#include <net/if.h>
+#include <net/if_types.h>
+#include <net/netisr.h>
+#include <net/route.h>
+#include <net/bpf.h>
+#include <net/net_osdep.h>
+
+const char *
+if_name(ifp)
+	struct ifnet *ifp;
+{
+	static char nam[IFNAMSIZ + 10];	/*enough?*/
+
+	snprintf(nam, sizeof(nam), "%s%d", ifp->if_name, ifp->if_unit);
+	return nam;
+}
diff --git a/sys/net/net_osdep.h b/sys/net/net_osdep.h
new file mode 100644
index 0000000..11fc27c
--- /dev/null
+++ b/sys/net/net_osdep.h
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+/*
+ * glue for kernel code programming differences.
+ */
+
+/*
+ * OS dependencies:
+ *
+ * - privileged process
+ *	NetBSD, FreeBSD 3
+ *		struct proc *p;
+ *		if (p && !suser(p->p_ucred, &p->p_acflag))
+ *			privileged;
+ *	OpenBSD, BSDI [34], FreeBSD 2
+ *		struct socket *so;
+ *		if (so->so_state & SS_PRIV)
+ *			privileged;
+ * - foo_control
+ *	NetBSD, FreeBSD 3
+ *		needs to give struct proc * as argument
+ *	OpenBSD, BSDI [34], FreeBSD 2
+ *		do not need struct proc *
+ * - bpf:
+ *	OpenBSD, NetBSD, BSDI [34]
+ *		need caddr_t * (= if_bpf **) and struct ifnet *
+ *	FreeBSD 2, FreeBSD 3
+ *		need only struct ifnet * as argument
+ * - struct ifnet
+ *			use queue.h?	member names	if name
+ *			---		---		---
+ *	FreeBSD 2	no		old standard	if_name+unit
+ *	FreeBSD 3	yes		strange		if_name+unit
+ *	OpenBSD		yes		standard	if_xname
+ *	NetBSD		yes		standard	if_xname
+ *	BSDI [34]	no		old standard	if_name+unit
+ * - usrreq
+ *	NetBSD, OpenBSD, BSDI [34], FreeBSD 2
+ *		single function with PRU_xx, arguments are mbuf
+ *	FreeBSD 3
+ *		separates functions, non-mbuf arguments
+ * - {set,get}sockopt
+ *	NetBSD, OpenBSD, BSDI [34], FreeBSD 2
+ *		manipulation based on mbuf
+ *	FreeBSD 3
+ *		non-mbuf manipulation using sooptcopy{in,out}()
+ * - timeout() and untimeout()
+ *	NetBSD, OpenBSD, BSDI [34], FreeBSD 2
+ *		timeout() is a void function
+ *	FreeBSD 3
+ *		timeout() is non-void, must keep returned value for untimeuot()
+ * - sysctl
+ *	NetBSD, OpenBSD
+ *		foo_sysctl()
+ *	BSDI [34]
+ *		foo_sysctl() but with different style
+ *	FreeBSD 2, FreeBSD 3
+ *		linker hack
+ *
+ * - if_ioctl
+ *	NetBSD, FreeBSD 3, BSDI [34]
+ *		2nd argument is u_long cmd
+ *	FreeBSD 2
+ *		2nd argument is int cmd
+ * - if attach routines
+ *	NetBSD
+ *		void xxattach(int);
+ *	FreeBSD 2, FreeBSD 3
+ *		void xxattach(void *);
+ *		PSEUDO_SET(xxattach, if_xx);
+ *
+ * - ovbcopy()
+ *	in NetBSD 1.4 or later, ovbcopy() is not supplied in the kernel.
+ *	bcopy() is safe against overwrites.
+ * - splnet()
+ *	NetBSD 1.4 or later requires splsoftnet().
+ *	other operating systems use splnet().
+ *
+ * - dtom()
+ *	NEVER USE IT!
+ */
+
+#ifndef __NET_NET_OSDEP_H_DEFINED_
+#define	__NET_NET_OSDEP_H_DEFINED_
+#ifdef _KERNEL
+
+struct ifnet;
+extern const	char *if_name __P((struct ifnet *));
+
+#define	HAVE_OLD_BPF
+
+#endif /*_KERNEL*/
+#endif /*__NET_NET_OSDEP_H_DEFINED_ */
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
new file mode 100644
index 0000000..ac509e0
--- /dev/null
+++ b/sys/net/pfkeyv2.h
@@ -0,0 +1,420 @@
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+/* $Id: keyv2.h,v 1.1.6.1.6.4 1999/06/08 05:33:39 itojun Exp $ */
+
+/*
+ * This file has been derived rfc 2367,
+ * And added some flags of SADB_KEY_FLAGS_ as SADB_X_EXT_.
+ *	sakane@ydc.co.jp
+ */
+
+#ifndef _NET_PFKEYV2_H_
+#define	_NET_PFKEYV2_H_
+
+/*
+This file defines structures and symbols for the PF_KEY Version 2
+key management interface. It was written at the U.S. Naval Research
+Laboratory. This file is in the public domain. The authors ask that
+you leave this credit intact on any copies of this file.
+*/
+#ifndef __PFKEY_V2_H
+#define	__PFKEY_V2_H 1
+
+#define	PF_KEY_V2 2
+#define	PFKEYV2_REVISION        199806L
+
+#define	SADB_RESERVED    0
+#define	SADB_GETSPI      1
+#define	SADB_UPDATE      2
+#define	SADB_ADD         3
+#define	SADB_DELETE      4
+#define	SADB_GET         5
+#define	SADB_ACQUIRE     6
+#define	SADB_REGISTER    7
+#define	SADB_EXPIRE      8
+#define	SADB_FLUSH       9
+#define	SADB_DUMP        10
+#define	SADB_X_PROMISC   11
+#define	SADB_X_PCHANGE   12
+
+#define	SADB_X_SPDUPDATE  13	/* not yet */
+#define	SADB_X_SPDADD     14
+#define	SADB_X_SPDDELETE  15
+#define	SADB_X_SPDGET     16	/* not yet */
+#define	SADB_X_SPDACQUIRE 17	/* not yet */
+#define	SADB_X_SPDDUMP    18
+#define	SADB_X_SPDFLUSH   19
+#define	SADB_MAX          19
+
+struct sadb_msg {
+	u_int8_t	sadb_msg_version;
+	u_int8_t	sadb_msg_type;
+	u_int8_t	sadb_msg_errno;
+	u_int8_t	sadb_msg_satype;
+	u_int16_t	sadb_msg_len;
+	u_int8_t	sadb_msg_mode;	/* XXX */
+	u_int8_t	sadb_msg_reserved;
+	u_int32_t	sadb_msg_seq;
+	u_int32_t	sadb_msg_pid;
+};
+
+struct sadb_ext {
+	u_int16_t	sadb_ext_len;
+	u_int16_t	sadb_ext_type;
+};
+
+struct sadb_sa {
+	u_int16_t	sadb_sa_len;
+	u_int16_t	sadb_sa_exttype;
+	u_int32_t	sadb_sa_spi;
+	u_int8_t	sadb_sa_replay;
+	u_int8_t	sadb_sa_state;
+	u_int8_t	sadb_sa_auth;
+	u_int8_t	sadb_sa_encrypt;
+	u_int32_t	sadb_sa_flags;
+};
+
+struct sadb_lifetime {
+	u_int16_t	sadb_lifetime_len;
+	u_int16_t	sadb_lifetime_exttype;
+	u_int32_t	sadb_lifetime_allocations;
+	u_int64_t	sadb_lifetime_bytes;
+	u_int64_t	sadb_lifetime_addtime;
+	u_int64_t	sadb_lifetime_usetime;
+};
+
+struct sadb_address {
+	u_int16_t	sadb_address_len;
+	u_int16_t	sadb_address_exttype;
+	u_int8_t	sadb_address_proto;
+	u_int8_t	sadb_address_prefixlen;
+	u_int16_t	sadb_address_reserved;
+};
+
+struct sadb_key {
+	u_int16_t	sadb_key_len;
+	u_int16_t	sadb_key_exttype;
+	u_int16_t	sadb_key_bits;
+	u_int16_t	sadb_key_reserved;
+};
+
+struct sadb_ident {
+	u_int16_t	sadb_ident_len;
+	u_int16_t	sadb_ident_exttype;
+	u_int16_t	sadb_ident_type;
+	u_int16_t	sadb_ident_reserved;
+	u_int64_t	sadb_ident_id;
+};
+/* in order to use to divide sadb_ident.sadb_ident_id */
+union sadb_x_ident_id {
+	u_int64_t	sadb_x_ident_id;
+	struct	_sadb_x_ident_id_addr {
+		u_int16_t	prefix;
+		u_int16_t	ul_proto;
+		u_int32_t	reserved;
+	} sadb_x_ident_id_addr;
+};
+
+struct sadb_sens {
+	u_int16_t	sadb_sens_len;
+	u_int16_t	sadb_sens_exttype;
+	u_int32_t	sadb_sens_dpd;
+	u_int8_t	sadb_sens_sens_level;
+	u_int8_t	sadb_sens_sens_len;
+	u_int8_t	sadb_sens_integ_level;
+	u_int8_t	sadb_sens_integ_len;
+	u_int32_t	sadb_sens_reserved;
+};
+
+struct sadb_prop {
+	u_int16_t	sadb_prop_len;
+	u_int16_t	sadb_prop_exttype;
+	u_int8_t	sadb_prop_replay;
+	u_int8_t	sadb_prop_reserved[3];
+};
+
+struct sadb_comb {
+	u_int8_t	sadb_comb_auth;
+	u_int8_t	sadb_comb_encrypt;
+	u_int16_t	sadb_comb_flags;
+	u_int16_t	sadb_comb_auth_minbits;
+	u_int16_t	sadb_comb_auth_maxbits;
+	u_int16_t	sadb_comb_encrypt_minbits;
+	u_int16_t	sadb_comb_encrypt_maxbits;
+	u_int32_t	sadb_comb_reserved;
+	u_int32_t	sadb_comb_soft_allocations;
+	u_int32_t	sadb_comb_hard_allocations;
+	u_int64_t	sadb_comb_soft_bytes;
+	u_int64_t	sadb_comb_hard_bytes;
+	u_int64_t	sadb_comb_soft_addtime;
+	u_int64_t	sadb_comb_hard_addtime;
+	u_int64_t	sadb_comb_soft_usetime;
+	u_int64_t	sadb_comb_hard_usetime;
+};
+
+struct sadb_supported {
+	u_int16_t	sadb_supported_len;
+	u_int16_t	sadb_supported_exttype;
+	u_int32_t	sadb_supported_reserved;
+};
+
+struct sadb_alg {
+	u_int8_t	sadb_alg_id;
+	u_int8_t	sadb_alg_ivlen;
+	u_int16_t	sadb_alg_minbits;
+	u_int16_t	sadb_alg_maxbits;
+	u_int16_t	sadb_alg_reserved;
+};
+
+struct sadb_spirange {
+	u_int16_t	sadb_spirange_len;
+	u_int16_t	sadb_spirange_exttype;
+	u_int32_t	sadb_spirange_min;
+	u_int32_t	sadb_spirange_max;
+	u_int32_t	sadb_spirange_reserved;
+};
+
+struct sadb_x_kmprivate {
+	u_int16_t	sadb_x_kmprivate_len;
+	u_int16_t	sadb_x_kmprivate_exttype;
+	u_int32_t	sadb_x_kmprivate_reserved;
+};
+
+/* XXX Policy Extension */
+/* sizeof(struct sadb_x_policy) == 8 */
+struct sadb_x_policy {
+	u_int16_t	sadb_x_policy_len;
+	u_int16_t	sadb_x_policy_exttype;
+	/* See policy type of ipsec.h */
+	u_int16_t	sadb_x_policy_type;
+	u_int8_t	sadb_x_policy_dir;	/* direction, see ipsec.h */
+	u_int8_t	sadb_x_policy_reserved;
+};
+/*
+ * When policy_type == IPSEC, it is followed by some of
+ * the ipsec policy request.
+ * [total length of ipsec policy requests]
+ *	= (sadb_x_policy_len * sizeof(uint64_t) - sizeof(struct sadb_x_policy))
+ */
+
+/* XXX IPsec Policy Request Extension */
+/*
+ * This structure is aligned 8 bytes.
+ */
+struct sadb_x_ipsecrequest {
+	u_int16_t	sadb_x_ipsecrequest_len;
+				/* structure length aligned to 8 bytes.
+				 * This value is true length of bytes.
+				 * Not in units of 64 bits. */
+	u_int16_t	sadb_x_ipsecrequest_proto;	/* See ipsec.h */
+	/* See ipsec.h. Not SADB_SATYPE_XX */
+	u_int16_t	sadb_x_ipsecrequest_mode;
+	u_int16_t	sadb_x_ipsecrequest_level;	/* See ipsec.h */
+
+	/*
+	 * followed by source IP address of SA, and immediately followed by
+	 * destination IP address of SA.  These encoded into two of sockaddr
+	 * structure without any padding.  Must set each sa_len exactly.
+	 * Each of length of the sockaddr structure are not aligned to 64bits,
+	 * but sum of x_request and addresses is aligned to 64bits.
+	 */
+};
+
+#define	SADB_EXT_RESERVED             0
+#define	SADB_EXT_SA                   1
+#define	SADB_EXT_LIFETIME_CURRENT     2
+#define	SADB_EXT_LIFETIME_HARD        3
+#define	SADB_EXT_LIFETIME_SOFT        4
+#define	SADB_EXT_ADDRESS_SRC          5
+#define	SADB_EXT_ADDRESS_DST          6
+#define	SADB_EXT_ADDRESS_PROXY        7
+#define	SADB_EXT_KEY_AUTH             8
+#define	SADB_EXT_KEY_ENCRYPT          9
+#define	SADB_EXT_IDENTITY_SRC         10
+#define	SADB_EXT_IDENTITY_DST         11
+#define	SADB_EXT_SENSITIVITY          12
+#define	SADB_EXT_PROPOSAL             13
+#define	SADB_EXT_SUPPORTED_AUTH       14
+#define	SADB_EXT_SUPPORTED_ENCRYPT    15
+#define	SADB_EXT_SPIRANGE             16
+#define	SADB_X_EXT_KMPRIVATE          17
+#define	SADB_X_EXT_POLICY             18
+#define	SADB_EXT_MAX                  18
+
+#define	SADB_SATYPE_UNSPEC	0
+#define	SADB_SATYPE_AH		2
+#define	SADB_SATYPE_ESP		3
+#define	SADB_SATYPE_RSVP	5
+#define	SADB_SATYPE_OSPFV2	6
+#define	SADB_SATYPE_RIPV2	7
+#define	SADB_SATYPE_MIP		8
+#define	SADB_X_SATYPE_IPCOMP	9
+#define	SADB_SATYPE_MAX		9
+
+#define	SADB_SASTATE_LARVAL   0
+#define	SADB_SASTATE_MATURE   1
+#define	SADB_SASTATE_DYING    2
+#define	SADB_SASTATE_DEAD     3
+#define	SADB_SASTATE_MAX      3	
+#define	SADB_SAFLAGS_PFS      1
+
+#define	SADB_AALG_NONE          0
+#define	SADB_AALG_MD5HMAC       1	/* 2 */
+#define	SADB_AALG_SHA1HMAC      2	/* 3 */
+#define	SADB_AALG_MD5           3       /* Keyed MD5 */
+#define	SADB_AALG_SHA           4       /* Keyed SHA */
+#define	SADB_AALG_NULL          5       /* null authentication */
+#define	SADB_AALG_MAX           6	
+
+#define	SADB_EALG_NONE          0
+#define	SADB_EALG_DESCBC        1	/* 2 */
+#define	SADB_EALG_3DESCBC       2	/* 3 */
+#define	SADB_EALG_NULL          3	/* 11 */
+#define	SADB_EALG_BLOWFISHCBC   4
+#define	SADB_EALG_CAST128CBC    5
+#define	SADB_EALG_RC5CBC        6
+#define	SADB_EALG_MAX           7
+
+/*nonstandard */
+#define	SADB_X_CALG_NONE	0
+#define	SADB_X_CALG_OUI		1
+#define	SADB_X_CALG_DEFLATE	2
+#define	SADB_X_CALG_LZS		3
+
+#define	SADB_IDENTTYPE_RESERVED   0
+#define	SADB_IDENTTYPE_PREFIX     1
+#define	SADB_IDENTTYPE_FQDN       2
+#define	SADB_IDENTTYPE_USERFQDN   3
+#define	SADB_X_IDENTTYPE_ADDR     4
+#define	SADB_IDENTTYPE_MAX        4
+
+/* `flags' in sadb_sa structure holds followings */
+#define	SADB_X_EXT_NONE		0x0000	/* i.e. new format. */
+#define	SADB_X_EXT_OLD		0x0001	/* old format. */
+
+#define	SADB_X_EXT_IV4B		0x0010	/* IV length of 4 bytes in use */
+#define	SADB_X_EXT_DERIV	0x0020	/* DES derived */
+#define	SADB_X_EXT_CYCSEQ	0x0040	/* allowing to cyclic sequence. */
+
+	/* three of followings are exclusive flags each them */
+#define	SADB_X_EXT_PSEQ		0x0000	/* sequencial padding for ESP */
+#define	SADB_X_EXT_PRAND	0x0100	/* random padding for ESP */
+#define	SADB_X_EXT_PZERO	0x0200	/* zero padding for ESP */
+#define	SADB_X_EXT_PMASK	0x0300	/* mask for padding flag */
+
+#define	SADB_X_EXT_RAWCPI	0x0080	/* use well known CPI (IPComp) */
+
+#define	SADB_KEY_FLAGS_MAX	0x0fff
+
+/* SPI size for PF_KEYv2 */
+#define	PFKEY_SPI_SIZE	sizeof(u_int32_t)
+
+/* Identifier for menber of lifetime structure */
+#define	SADB_X_LIFETIME_ALLOCATIONS	0
+#define	SADB_X_LIFETIME_BYTES		1
+#define	SADB_X_LIFETIME_ADDTIME		2
+#define	SADB_X_LIFETIME_USETIME		3
+
+/* The rate for SOFT lifetime against HARD one. */
+#define	PFKEY_SOFT_LIFETIME_RATE	80
+
+/* Utilities */
+#define	PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
+#define	PFKEY_EXTLEN(msg) \
+	PFKEY_UNUNIT64(((struct sadb_ext *)(msg))->sadb_ext_len)
+#define	PFKEY_ADDR_PREFIX(ext) \
+	(((struct sadb_address *)(ext))->sadb_address_prefixlen)
+#define	PFKEY_ADDR_PROTO(ext) \
+	(((struct sadb_address *)(ext))->sadb_address_proto)
+#define	PFKEY_ADDR_SADDR(ext) \
+	((struct sockaddr *)((caddr_t)(ext) + sizeof(struct sadb_address)))
+
+/* in 64bits */
+#define	PFKEY_UNUNIT64(a)	((a) << 3)
+#define	PFKEY_UNIT64(a)		((a) >> 3)
+
+#ifndef KERNEL
+extern void	pfkey_sadump(struct sadb_msg *m);
+extern void	pfkey_spdump(struct sadb_msg *m);
+
+struct	sockaddr;
+int	ipsec_check_keylen __P((u_int supported, u_int alg_id, u_int keylen));
+u_int	pfkey_set_softrate __P((u_int type, u_int rate));
+u_int	pfkey_get_softrate __P((u_int type));
+int	pfkey_send_getspi __P((int so, u_int satype, u_int mode,
+			       struct sockaddr *src, struct sockaddr *dst,
+			       u_int32_t min, u_int32_t max, u_int32_t seq));
+int	pfkey_send_update __P((int so, u_int satype, u_int mode,
+			       struct sockaddr *src, struct sockaddr *dst,
+			       u_int32_t spi, u_int wsize, caddr_t keymat,
+			       u_int e_type, u_int e_keylen, u_int a_type,
+			       u_int a_keylen, u_int flags, u_int32_t l_alloc,
+			       u_int64_t l_bytes, u_int64_t l_addtime,
+			       u_int64_t l_usetime, u_int32_t seq));
+int	pfkey_send_add __P((int so, u_int satype, u_int mode,
+			    struct sockaddr *src, struct sockaddr *dst,
+			    u_int32_t spi, u_int wsize,	caddr_t keymat,
+			    u_int e_type, u_int e_keylen, u_int a_type,
+			    u_int a_keylen, u_int flags, u_int32_t l_alloc,
+			    u_int64_t l_bytes, u_int64_t l_addtime,
+			    u_int64_t l_usetime, u_int32_t seq));
+int	pfkey_send_delete __P((int so, u_int satype, u_int mode,
+			       struct sockaddr *src, struct sockaddr *dst,
+			       u_int32_t spi));
+int	pfkey_send_get __P((int so, u_int satype, u_int mode,
+			    struct sockaddr *src, struct sockaddr *dst,
+			    u_int32_t spi));
+int	pfkey_send_register __P((int so, u_int satype));
+int	pfkey_recv_register __P((int so));
+int	pfkey_send_flush __P((int so, u_int satype));
+int	pfkey_send_dump __P((int so, u_int satype));
+int	pfkey_send_promisc_toggle __P((int so, int flag));
+int	pfkey_send_spdadd __P((int so, struct sockaddr *src, u_int prefs,
+			       struct sockaddr *dst, u_int prefd, u_int proto,
+			       caddr_t policy, int policylen, u_int32_t seq));
+int	pfkey_send_spddelete __P((int so, struct sockaddr *src, u_int prefs,
+	struct sockaddr *dst, u_int prefd, u_int proto, u_int32_t seq));
+int	pfkey_send_spdflush __P((int so));
+int	pfkey_send_spddump __P((int so));
+
+int	pfkey_open __P((void));
+void	pfkey_close __P((int so));
+struct	 sadb_msg *pfkey_recv __P((int so));
+int	pfkey_send __P((int so, struct sadb_msg *msg, int len));
+int	pfkey_align __P((struct sadb_msg *msg, caddr_t *mhp));
+int	pfkey_check __P((caddr_t *mhp));
+
+#endif /*!KERNEL*/
+
+#endif /* __PFKEY_V2_H */
+
+#endif /* _NET_PFKEYV2_H_ */
diff --git a/sys/net/route.c b/sys/net/route.c
index eddd18a..782c471 100644
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -103,6 +103,16 @@ rtalloc_ign(ro, ignore)
 	ro->ro_rt = rtalloc1(&ro->ro_dst, 1, ignore);
 }
 
+/* for INET6 */
+void
+rtcalloc(ro)
+	register struct route *ro;
+{
+	if (ro->ro_rt && ro->ro_rt->rt_ifp && (ro->ro_rt->rt_flags & RTF_UP))
+		return;				 /* XXX */
+	ro->ro_rt = rtalloc1(&ro->ro_dst, RTF_CLONING, 0UL);
+}
+
 /*
  * Look up the route that matches the address given
  * Or, at least try.. Create a cloned route if needed.
@@ -121,7 +131,7 @@ rtalloc1(dst, report, ignflags)
 	u_long nflags;
 	int  s = splnet(), err = 0, msgtype = RTM_MISS;
 
-	/* 
+	/*
 	 * Look up the address in the table for that Address Family
 	 */
 	if (rnh && (rn = rnh->rnh_matchaddr((caddr_t)dst, rnh)) &&
@@ -151,7 +161,7 @@ rtalloc1(dst, report, ignflags)
 			}
 			if ((rt = newrt) && (rt->rt_flags & RTF_XRESOLVE)) {
 				/*
-				 * If the new route specifies it be 
+				 * If the new route specifies it be
 				 * externally resolved, then go do that.
 				 */
 				msgtype = RTM_RESOLVE;
@@ -216,7 +226,7 @@ rtfree(rt)
 	if (rt->rt_refcnt <= 0 && (rt->rt_flags & RTF_UP) == 0) {
 		if (rt->rt_nodes->rn_flags & (RNF_ACTIVE | RNF_ROOT))
 			panic ("rtfree 2");
-		/* 
+		/*
 		 * the rtentry must have been removed from the routing table
 		 * so it is represented in rttrash.. remove that now.
 		 */
@@ -229,7 +239,7 @@ rtfree(rt)
 		}
 #endif
 
-		/* 
+		/*
 		 * release references on items we hold them on..
 		 * e.g other routes and ifaddrs.
 		 */
@@ -513,7 +523,7 @@ rtrequest(req, dst, gateway, netmask, flags, ret_nrt)
 		 */
 		rt->rt_flags &= ~RTF_UP;
 
-		/* 
+		/*
 		 * give the protocol a chance to keep things in sync.
 		 */
 		if ((ifa = rt->rt_ifa) && ifa->ifa_rtrequest)
@@ -593,6 +603,7 @@ rtrequest(req, dst, gateway, netmask, flags, ret_nrt)
 		ifa->ifa_refcnt++;
 		rt->rt_ifa = ifa;
 		rt->rt_ifp = ifa->ifa_ifp;
+		/* XXX mtu manipulation will be done in rnh_addaddr -- itojun */
 
 		rn = rnh->rnh_addaddr((caddr_t)ndst, (caddr_t)netmask,
 					rnh, rt->rt_nodes);
@@ -607,7 +618,7 @@ rtrequest(req, dst, gateway, netmask, flags, ret_nrt)
 			 */
 			rt2 = rtalloc1(dst, 0, RTF_PRCLONING);
 			if (rt2 && rt2->rt_parent) {
-				rtrequest(RTM_DELETE, 
+				rtrequest(RTM_DELETE,
 					  (struct sockaddr *)rt_key(rt2),
 					  rt2->rt_gateway,
 					  rt_mask(rt2), rt2->rt_flags, 0);
@@ -638,9 +649,9 @@ rtrequest(req, dst, gateway, netmask, flags, ret_nrt)
 
 		rt->rt_parent = 0;
 
-		/* 
+		/*
 		 * If we got here from RESOLVE, then we are cloning
-		 * so clone the rest, and note that we 
+		 * so clone the rest, and note that we
 		 * are a clone (and increment the parent's references)
 		 */
 		if (req == RTM_RESOLVE) {
@@ -846,8 +857,8 @@ rt_setgate(rt0, dst, gate)
 	 */
 	Bcopy(gate, (rt->rt_gateway = (struct sockaddr *)(new + dlen)), glen);
 
-	/* 
-	 * if we are replacing the chunk (or it's new) we need to 
+	/*
+	 * if we are replacing the chunk (or it's new) we need to
 	 * replace the dst as well
 	 */
 	if (old) {
@@ -941,13 +952,15 @@ rtinit(ifa, cmd, flags)
 	 * be confusing at best and possibly worse.
 	 */
 	if (cmd == RTM_DELETE) {
-		/* 
+		/*
 		 * It's a delete, so it should already exist..
 		 * If it's a net, mask off the host bits
 		 * (Assuming we have a mask)
 		 */
 		if ((flags & RTF_HOST) == 0 && ifa->ifa_netmask) {
-			m = m_get(M_WAIT, MT_SONAME);
+			m = m_get(M_DONTWAIT, MT_SONAME);
+			if (m == NULL)
+				return(ENOBUFS);
 			deldst = mtod(m, struct sockaddr *);
 			rt_maskedcopy(dst, deldst, ifa->ifa_netmask);
 			dst = deldst;
@@ -971,7 +984,7 @@ rtinit(ifa, cmd, flags)
 				 * If the interface in the rtentry doesn't match
 				 * the interface we are using, then we don't
 				 * want to delete it, so return an error.
-				 * This seems to be the only point of 
+				 * This seems to be the only point of
 				 * this whole RTM_DELETE clause.
 				 */
 				if (m)
@@ -983,7 +996,7 @@ rtinit(ifa, cmd, flags)
 		/* XXX */
 #if 0
 		else {
-			/* 
+			/*
 			 * One would think that as we are deleting, and we know
 			 * it doesn't exist, we could just return at this point
 			 * with an "ELSE" clause, but apparently not..
@@ -1025,7 +1038,7 @@ rtinit(ifa, cmd, flags)
 		 */
 		rt->rt_refcnt--;
 		/*
-		 * If it came back with an unexpected interface, then it must 
+		 * If it came back with an unexpected interface, then it must
 		 * have already existed or something. (XXX)
 		 */
 		if (rt->rt_ifa != ifa) {
@@ -1038,7 +1051,7 @@ rtinit(ifa, cmd, flags)
 			 */
 			if (rt->rt_ifa->ifa_rtrequest)
 			    rt->rt_ifa->ifa_rtrequest(RTM_DELETE, rt, SA(0));
-			/* 
+			/*
 			 * Remove the referenve to the it's ifaddr.
 			 */
 			IFAFREE(rt->rt_ifa);
@@ -1048,6 +1061,7 @@ rtinit(ifa, cmd, flags)
 			 */
 			rt->rt_ifa = ifa;
 			rt->rt_ifp = ifa->ifa_ifp;
+			rt->rt_rmx.rmx_mtu = ifa->ifa_ifp->if_mtu;	/*XXX*/
 			ifa->ifa_refcnt++;
 			/*
 			 * Now ask the protocol to check if it needs