Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.123.2.1
retrieving revision 1.135
diff -u -p -r1.123.2.1 -r1.135
--- src/sys/netinet6/ip6_input.c	2009/05/13 17:22:29	1.123.2.1
+++ src/sys/netinet6/ip6_input.c	2011/12/31 20:41:59	1.135
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.123.2.1 2009/05/13 17:22:29 jym Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.135 2011/12/31 20:41:59 christos Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,8 +62,9 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.123.2.1 2009/05/13 17:22:29 jym Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.135 2011/12/31 20:41:59 christos Exp $");
 
+#include "opt_gateway.h"
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
@@ -84,6 +85,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,
 #include <sys/syslog.h>
 #include <sys/proc.h>
 #include <sys/sysctl.h>
+#include <sys/cprng.h>
 
 #include <net/if.h>
 #include <net/if_types.h>
@@ -110,7 +112,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,
 #include <netinet6/in6_ifattach.h>
 #include <netinet6/nd6.h>
 
-#ifdef IPSEC
+#ifdef KAME_IPSEC
 #include <netinet6/ipsec.h>
 #include <netinet6/ipsec_private.h>
 #endif
@@ -161,6 +163,7 @@ static struct m_tag *ip6_setdstifaddr(st
 
 static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *);
 static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int);
+static void sysctl_net_inet6_ip6_setup(struct sysctllog **);
 
 /*
  * IP6 initialization: fill in IP6 protocol switch table.
@@ -172,6 +175,7 @@ ip6_init(void)
 	const struct ip6protosw *pr;
 	int i;
 
+	sysctl_net_inet6_ip6_setup(NULL);
 	pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW);
 	if (pr == 0)
 		panic("ip6_init");
@@ -187,9 +191,9 @@ ip6_init(void)
 	addrsel_policy_init();
 	nd6_init();
 	frag6_init();
-	ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR;
+	ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR;
 
-	ip6_init2((void *)0);
+	ip6_init2(NULL);
 #ifdef GATEWAY
 	ip6flow_init(ip6_hashsize);
 #endif
@@ -275,7 +279,7 @@ ip6_input(struct mbuf *m)
 	int s, error;
 #endif
 
-#ifdef IPSEC
+#ifdef KAME_IPSEC
 	/*
 	 * should the inner packet be considered authentic?
 	 * see comment in ah4_input().
@@ -347,7 +351,7 @@ ip6_input(struct mbuf *m)
 		goto bad;
 	}
 
-#if defined(IPSEC)
+#if defined(KAME_IPSEC)
 	/* IPv6 fast forwarding is not compatible with IPsec. */
 	m->m_flags &= ~M_CANFASTFWD;
 #else
@@ -370,7 +374,7 @@ ip6_input(struct mbuf *m)
 	 * let ipfilter look at packet on the wire,
 	 * not the decapsulated packet.
 	 */
-#ifdef IPSEC
+#ifdef KAME_IPSEC
 	if (!ipsec_getnhist(m))
 #elif defined(FAST_IPSEC)
 	if (!ipsec_indone(m))
@@ -781,7 +785,7 @@ ip6_input(struct mbuf *m)
 			}
 		}
 
-#ifdef IPSEC
+#ifdef KAME_IPSEC
 		/*
 		 * enforce IPsec policy checking if we are seeing last header.
 		 * note that we do not visit this with protocols with pcb layer
@@ -1683,7 +1687,8 @@ sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS
 	return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS));
 }
 
-SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup")
+static void
+sysctl_net_inet6_ip6_setup(struct sysctllog **clog)
 {
 #ifdef RFC2292
 #define IS2292(x, y)	((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y))
@@ -1789,6 +1794,20 @@ SYSCTL_SETUP(sysctl_net_inet6_ip6_setup,
 		       IPV6CTL_ACCEPT_RTADV, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "rtadv_maxroutes",
+		       SYSCTL_DESCR("Maximum number of routes accepted via router advertisements"),
+		       NULL, 0, &ip6_rtadv_maxroutes, 0,
+		       CTL_NET, PF_INET6, IPPROTO_IPV6,
+		       IPV6CTL_RTADV_MAXROUTES, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_INT, "rtadv_numroutes",
+		       SYSCTL_DESCR("Current number of routes accepted via router advertisements"),
+		       NULL, 0, &nd6_numroutes, 0,
+		       CTL_NET, PF_INET6, IPPROTO_IPV6,
+		       IPV6CTL_RTADV_NUMROUTES, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		       CTLTYPE_INT, "keepfaith",
 		       SYSCTL_DESCR("Activate faith interface"),
 		       NULL, 0, &ip6_keepfaith, 0,