shithub: 9ferno

Download patch

ref: c11957a7915d355d80ff7e6a21721ba05441ca29
parent: d8b894afc0ff3c81fc750826ac0016250e4f81e4
author: 9ferno <gophone2015@gmail.com>
date: Sat Aug 21 01:39:52 EDT 2021

replacing ip with 9front ip

ape/diff: b/os/ip.original/null: No such file or directory
--- a/os/ip/arp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/arp.c	Sat Aug 21 01:39:52 2021
@@ -47,7 +47,8 @@
 
 #define haship(s) ((s)[IPaddrlen-1]%NHASH)
 
-extern int 	ReTransTimer = RETRANS_TIMER;
+int 	ReTransTimer = RETRANS_TIMER;
+
 static void 	rxmitproc(void *v);
 
 void
@@ -57,145 +58,121 @@
 	f->arp->f = f;
 	f->arp->rxmt = nil;
 	f->arp->dropf = f->arp->dropl = nil;
-	kproc("rxmitproc", rxmitproc, f->arp, 0);
+	kproc("rxmitproc", rxmitproc, f->arp);
 }
 
-/*
- *  create a new arp entry for an ip address.
- */
-static Arpent*
-newarp6(Arp *arp, uchar *ip, Ipifc *ifc, int addrxt)
+static void
+freeblistchain(Block *bp)
 {
-	uint t;
-	Block *next, *xp;
-	Arpent *a, *e, *f, **l;
-	Medium *m = ifc->m;
-	int empty;
+	Block *next;
 
-	/* find oldest entry */
-	e = &arp->cache[NCACHE];
-	a = arp->cache;
-	t = a->utime;
-	for(f = a; f < e; f++){
-		if(f->utime < t){
-			t = f->utime;
-			a = f;
-		}
+	while(bp != nil){
+		next = bp->list;
+		freeblist(bp);
+		bp = next;
 	}
+}
 
-	/* dump waiting packets */
-	xp = a->hold;
-	a->hold = nil;
+/* take out of re-transmit chain */
+static Arpent**
+rxmtunchain(Arp *arp, Arpent *a)
+{
+	Arpent **l;
 
-	if(isv4(a->ip)){
-		while(xp){
-			next = xp->list;
-			freeblist(xp);
-			xp = next;
+	for(l = &arp->rxmt; *l != nil; l = &((*l)->nextrxt)){
+		if(*l == a){
+			*l = a->nextrxt;
+			break;
 		}
 	}
-	else {	// queue icmp unreachable for rxmitproc later on, w/o arp lock
-		if(xp){
-			if(arp->dropl == nil) 
-				arp->dropf = xp;
-			else
-				arp->dropl->list = xp;
+	a->nextrxt = nil;
+	return l;
+}
 
-			for(next = xp->list; next; next = next->list)
-				xp = next;
-			arp->dropl = xp;
-			wakeup(&arp->rxmtq);
-		}
-	}
+static void
+cleanarpent(Arp *arp, Arpent *a)
+{
+	Arpent **l;
+	Block *bp;
 
 	/* take out of current chain */
-	l = &arp->hash[haship(a->ip)];
-	for(f = *l; f; f = f->hash){
-		if(f == a){
+	for(l = &arp->hash[haship(a->ip)]; *l != nil; l = &((*l)->hash)){
+		if(*l == a){
 			*l = a->hash;
 			break;
 		}
-		l = &f->hash;
 	}
+	a->hash = nil;
 
-	/* insert into new chain */
-	l = &arp->hash[haship(ip)];
-	a->hash = *l;
-	*l = a;
-
-	memmove(a->ip, ip, sizeof(a->ip));
-	a->utime = NOW;
-	a->ctime = 0;
-	a->type = m;
+	/* dump waiting packets */
+	bp = a->hold;
+	a->hold = nil;
+	if(isv4(a->ip))
+		freeblistchain(bp);
+	else {
+		rxmtunchain(arp, a);
 
-	a->rtime = NOW + ReTransTimer;
-	a->rxtsrem = MAX_MULTICAST_SOLICIT;
-	a->ifc = ifc;
-	a->ifcid = ifc->ifcid;
+		/* queue icmp unreachable for rxmitproc later on, w/o arp lock */
+		if(bp != nil){
+			if(arp->dropf == nil)
+				arp->dropf = bp;
+			else
+				arp->dropl->list = bp;
+			arp->dropl = a->last;
 
-	/* put to the end of re-transmit chain; addrxt is 0 when isv4(a->ip) */
-	if(!ipismulticast(a->ip) && addrxt){
-		l = &arp->rxmt;
-		empty = (*l==nil);
-
-		for(f = *l; f; f = f->nextrxt){
-			if(f == a){
-				*l = a->nextrxt;
-				break;
-			}
-			l = &f->nextrxt;
-		}
-		for(f = *l; f; f = f->nextrxt){
-			l = &f->nextrxt;
+			if(bp == arp->dropf)
+				wakeup(&arp->rxmtq);
 		}
-		*l = a;
-		if(empty) 
-			wakeup(&arp->rxmtq);
 	}
+	a->last = nil;
 
-	a->nextrxt = nil;
+	a->ifc = nil;
+	a->ifcid = 0;
 
-	return a;
-}
+	a->state = 0;
+	a->rxtsrem = 0;
+
+	a->utime = 0;
+	a->ctime = 0;
 
-/* called with arp qlocked */
+	memset(a->ip, 0, sizeof(a->ip));
+	memset(a->mac, 0, sizeof(a->mac));
+}
 
-void
-cleanarpent(Arp *arp, Arpent *a)
+/*
+ *  create a new arp entry for an ip address on ifc.
+ */
+static Arpent*
+newarpent(Arp *arp, uchar *ip, Ipifc *ifc)
 {
-	Arpent *f, **l;
+	Arpent *a, *e, *f, **l;
+	ulong t;
 
-	a->utime = 0;
-	a->ctime = 0;
-	a->type = 0;
-	a->state = 0;
-	
-	/* take out of current chain */
-	l = &arp->hash[haship(a->ip)];
-	for(f = *l; f; f = f->hash){
-		if(f == a){
-			*l = a->hash;
-			break;
+	/* find oldest entry */
+	e = &arp->cache[NCACHE];
+	a = arp->cache;
+	t = a->utime;
+	for(f = a; f < e; f++){
+		if(f->utime < t){
+			t = f->utime;
+			a = f;
 		}
-		l = &f->hash;
 	}
+	cleanarpent(arp, a);
 
-	/* take out of re-transmit chain */
-	l = &arp->rxmt;
-	for(f = *l; f; f = f->nextrxt){
-		if(f == a){
-			*l = a->nextrxt;
-			break;
-		}
-		l = &f->nextrxt;
-	}
-	a->nextrxt = nil;
-	a->hash = nil;
-	a->hold = nil;
-	a->last = nil;
-	a->ifc = nil;
+	ipmove(a->ip, ip);
+	a->ifc = ifc;
+	a->ifcid = ifc->ifcid;
+
+	/* insert into new chain */
+	l = &arp->hash[haship(ip)];
+	a->hash = *l;
+	*l = a;
+
+	return a;
 }
 
+
 /*
  *  fill in the media address if we have it.  Otherwise return an
  *  Arpent that represents the state of the address resolution FSM
@@ -207,7 +184,6 @@
 {
 	int hash;
 	Arpent *a;
-	Medium *type = ifc->m;
 	uchar v6ip[IPaddrlen];
 
 	if(version == V4){
@@ -217,30 +193,28 @@
 
 	qlock(arp);
 	hash = haship(ip);
-	for(a = arp->hash[hash]; a; a = a->hash){
-		if(memcmp(ip, a->ip, sizeof(a->ip)) == 0)
-		if(type == a->type)
+	for(a = arp->hash[hash]; a != nil; a = a->hash){
+		if(a->ifc == ifc && a->ifcid == ifc->ifcid && ipcmp(ip, a->ip) == 0)
 			break;
 	}
-
 	if(a == nil){
-		a = newarp6(arp, ip, ifc, (version != V4));
+		a = newarpent(arp, ip, ifc);
 		a->state = AWAIT;
 	}
 	a->utime = NOW;
 	if(a->state == AWAIT){
 		if(bp != nil){
-			if(a->hold)
-				a->last->list = bp;
-			else
+			bp->list = nil; 
+			if(a->hold == nil)
 				a->hold = bp;
+			else
+				a->last->list = bp;
 			a->last = bp;
-			bp->list = nil; 
 		}
 		return a;		/* return with arp qlocked */
 	}
 
-	memmove(mac, a->mac, a->type->maclen);
+	memmove(mac, a->mac, ifc->m->maclen);
 
 	/* remove old entries */
 	if(NOW - a->ctime > 15*60*1000)
@@ -269,145 +243,94 @@
 arpresolve(Arp *arp, Arpent *a, Medium *type, uchar *mac)
 {
 	Block *bp;
-	Arpent *f, **l;
-
-	if(!isv4(a->ip)){
-		l = &arp->rxmt;
-		for(f = *l; f; f = f->nextrxt){
-			if(f == a){
-				*l = a->nextrxt;
-				break;
-			}
-			l = &f->nextrxt;
-		}
-	}
 
 	memmove(a->mac, mac, type->maclen);
-	a->type = type;
+	if(a->state == AWAIT && !isv4(a->ip)){
+		rxmtunchain(arp, a);
+		a->rxtsrem = 0;
+	}
 	a->state = AOK;
-	a->utime = NOW;
+	a->ctime = a->utime = NOW;
 	bp = a->hold;
-	a->hold = nil;
+	a->hold = a->last = nil;
 	qunlock(arp);
 
 	return bp;
 }
 
-void
-arpenter(Fs *fs, int version, uchar *ip, uchar *mac, int n, int refresh)
+int
+arpenter(Fs *fs, int version, uchar *ip, uchar *mac, int n, uchar *ia, Ipifc *ifc, int refresh)
 {
-	Arp *arp;
-	Route *r;
-	Arpent *a, *f, **l;
-	Ipifc *ifc;
-	Medium *type;
-	Block *bp, *next;
 	uchar v6ip[IPaddrlen];
+	Block *bp, *next;
+	Arpent *a;
+	Route *r;
+	Arp *arp;
 
-	arp = fs->arp;
-
-	if(n != 6){
-//		print("arp: len = %d\n", n);
-		return;
-	}
+	if(ifc->m == nil || ifc->m->maclen != n || ifc->m->maclen == 0)
+		return -1;
 
 	switch(version){
 	case V4:
-		r = v4lookup(fs, ip, nil);
+		r = v4lookup(fs, ip, ia, nil);
 		v4tov6(v6ip, ip);
 		ip = v6ip;
 		break;
 	case V6:
-		r = v6lookup(fs, ip, nil);
+		r = v6lookup(fs, ip, ia, nil);
 		break;
 	default:
 		panic("arpenter: version %d", version);
-		return;	/* to supress warnings */
+		return -1;	/* to supress warnings */
 	}
 
-	if(r == nil){
-//		print("arp: no route for entry\n");
-		return;
-	}
-
-	ifc = r->ifc;
-	type = ifc->m;
+	if(r == nil || r->ifc != ifc || (r->type & (Rbcast|Rmulti)) != 0)
+		return -1;
 
+	arp = fs->arp;
 	qlock(arp);
-	for(a = arp->hash[haship(ip)]; a; a = a->hash){
-		if(a->type != type || (a->state != AWAIT && a->state != AOK))
+	for(a = arp->hash[haship(ip)]; a != nil; a = a->hash){
+		if(a->ifc != ifc || a->ifcid != ifc->ifcid)
 			continue;
-
 		if(ipcmp(a->ip, ip) == 0){
-			a->state = AOK;
-			memmove(a->mac, mac, type->maclen);
-
-			if(version == V6){
-				/* take out of re-transmit chain */
-				l = &arp->rxmt;
-				for(f = *l; f; f = f->nextrxt){
-					if(f == a){
-						*l = a->nextrxt;
-						break;
-					}
-					l = &f->nextrxt;
-				}
-			}
-
-			a->ifc = ifc;
-			a->ifcid = ifc->ifcid;
-			bp = a->hold;
-			a->hold = nil;
 			if(version == V4)
 				ip += IPv4off;
-			a->utime = NOW;
-			a->ctime = a->utime;
-			qunlock(arp);
-
-			while(bp){
+			bp = arpresolve(arp, a, ifc->m, mac);	/* unlocks arp */
+			for(; bp != nil; bp = next){
 				next = bp->list;
-				if(ifc != nil){
-					if(waserror()){
-						runlock(ifc);
-						nexterror();
-					}
-					rlock(ifc);
-					if(ifc->m != nil)
-						ifc->m->bwrite(ifc, bp, version, ip);
-					else
-						freeb(bp);
-					runlock(ifc);
-					poperror();
-				} else
-					freeb(bp);
-				bp = next;
+				bp->list = nil;
+				if(waserror()){
+					freeblistchain(next);
+					break;
+				}
+				ipifcoput(ifc, bp, version, ip);
+				poperror();
 			}
-			return;
+			return 1;
 		}
 	}
 
 	if(refresh == 0){
-		a = newarp6(arp, ip, ifc, 0);
+		a = newarpent(arp, ip, ifc);
 		a->state = AOK;
-		a->type = type;
-		a->ctime = NOW;
-		memmove(a->mac, mac, type->maclen);
+		a->ctime = a->utime = NOW;
+		memmove(a->mac, mac, n);
 	}
-
 	qunlock(arp);
+
+	return refresh == 0;
 }
 
 int
 arpwrite(Fs *fs, char *s, int len)
 {
 	int n;
-	Route *r;
 	Arp *arp;
-	Block *bp;
-	Arpent *a, *fl, **l;
+	Arpent *a, *x;
 	Medium *m;
-	char *f[4], buf[256];
-	uchar ip[IPaddrlen], mac[MAClen];
+	Ipifc *ifc;
+	char *f[5], buf[256];
+	uchar ip[IPaddrlen], ia[IPaddrlen], mac[MAClen];
 
 	arp = fs->arp;
 
@@ -420,89 +343,79 @@
 	if(len > 0 && buf[len-1] == '\n')
 		buf[len-1] = 0;
 
-	n = getfields(buf, f, 4, 1, " ");
+	n = getfields(buf, f, nelem(f), 1, " ");
 	if(strcmp(f[0], "flush") == 0){
 		qlock(arp);
 		for(a = arp->cache; a < &arp->cache[NCACHE]; a++){
 			memset(a->ip, 0, sizeof(a->ip));
 			memset(a->mac, 0, sizeof(a->mac));
 			a->hash = nil;
+			a->nextrxt = nil;
+			a->ifc = nil;
+			a->ifcid = 0;
 			a->state = 0;
+			a->rxtsrem = 0;
+			a->ctime = 0;
 			a->utime = 0;
-			while(a->hold != nil){
-				bp = a->hold->list;
-				freeblist(a->hold);
-				a->hold = bp;
-			}
+			freeblistchain(a->hold);
+			a->hold = a->last = nil;
 		}
 		memset(arp->hash, 0, sizeof(arp->hash));
-// clear all pkts on these lists (rxmt, dropf/l)
+		freeblistchain(arp->dropf);
+		arp->dropf = arp->dropl = nil;
 		arp->rxmt = nil;
-		arp->dropf = nil;
-		arp->dropl = nil;
 		qunlock(arp);
 	} else if(strcmp(f[0], "add") == 0){
 		switch(n){
 		default:
 			error(Ebadarg);
 		case 3:
-			parseip(ip, f[1]);
-			if(isv4(ip))
-				r = v4lookup(fs, ip+IPv4off, nil);
-			else
-				r = v6lookup(fs, ip, nil);
-			if(r == nil)
-				error("Destination unreachable");
-			m = r->ifc->m;
-			n = parsemac(mac, f[2], m->maclen);
+			if(parseip(ip, f[1]) == -1)
+				error(Ebadip);
+			if((n = parsemac(mac, f[2], sizeof(mac))) <= 0)
+				error(Ebadarp);
+			findlocalip(fs, ia, ip);
 			break;
 		case 4:
 			m = ipfindmedium(f[1]);
-			if(m == nil)
+			if(m == nil || m->maclen == 0)
+				error(Ebadarp);
+			if(parseip(ip, f[2]) == -1)
+				error(Ebadip);
+			if((n = parsemac(mac, f[3], sizeof(mac))) != m->maclen)
 				error(Ebadarp);
-			parseip(ip, f[2]);
-			n = parsemac(mac, f[3], m->maclen);
+			findlocalip(fs, ia, ip);
+			break;
+		case 5:
+			m = ipfindmedium(f[1]);
+			if(m == nil || m->maclen == 0)
+				error(Ebadarp);
+			if(parseip(ip, f[2]) == -1)
+				error(Ebadip);
+			if((n = parsemac(mac, f[3], sizeof(mac))) != m->maclen)
+				error(Ebadarp);
+			if(parseip(ia, f[4]) == -1)
+				error(Ebadip);
 			break;
 		}
-
-		if(m->ares == nil)
-			error(Ebadarp);
-
-		m->ares(fs, V6, ip, mac, n, 0);
+		if((ifc = findipifc(fs, ia, ia, Runi)) == nil)
+			error("no interface");
+		rlock(ifc);
+		if(!ipv6local(ifc, ia, 0, ip) || arpenter(fs, V6, ip, mac, n, ia, ifc, 0) < 0){
+			runlock(ifc);
+			error("destination unreachable");
+		}
+		runlock(ifc);
 	} else if(strcmp(f[0], "del") == 0){
-		if(n != 2)
+		if (n != 2)
 			error(Ebadarg);
-
-		parseip(ip, f[1]);
+		if (parseip(ip, f[1]) == -1)
+			error(Ebadip);
 		qlock(arp);
-
-		l = &arp->hash[haship(ip)];
-		for(a = *l; a; a = a->hash){
-			if(memcmp(ip, a->ip, sizeof(a->ip)) == 0){
-				*l = a->hash;
-				break;
-			}
-			l = &a->hash;
-		}
-	
-		if(a){
-			/* take out of re-transmit chain */
-			l = &arp->rxmt;
-			for(fl = *l; fl; fl = fl->nextrxt){
-				if(fl == a){
-					*l = a->nextrxt;
-					break;
-				}
-				l = &fl->nextrxt;
-			}
-
-			a->nextrxt = nil;
-			a->hash = nil;
-			a->hold = nil;
-			a->last = nil;
-			a->ifc = nil;
-			memset(a->ip, 0, sizeof(a->ip));
-			memset(a->mac, 0, sizeof(a->mac));
+		for(a = arp->hash[haship(ip)]; a != nil; a = x){
+			x = a->hash;
+			if(ipcmp(ip, a->ip) == 0)
+				cleanarpent(arp, a);
 		}
 		qunlock(arp);
 	} else
@@ -511,13 +424,6 @@
 	return len;
 }
 
-enum
-{
-	Alinelen=	90,
-};
-
-char *aformat = "%-6.6s %-8.8s %-40.40I %-32.32s\n";
-
 static void
 convmac(char *p, uchar *mac, int n)
 {
@@ -526,156 +432,151 @@
 }
 
 int
-arpread(Arp *arp, char *p, ulong offset, int len)
+arpread(Arp *arp, char *s, ulong offset, int len)
 {
+	char mac[2*MAClen+1], *state, *mname, *p;
+	uchar ip[IPaddrlen], ia[IPaddrlen];
+	Ipifc *ifc;
 	Arpent *a;
-	int n;
-	char mac[2*MAClen+1];
-
-	if(offset % Alinelen)
-		return 0;
-
-	offset = offset/Alinelen;
-	len = len/Alinelen;
+	long n, o;
 
-	n = 0;
+	p = s;
+	o = -offset;
 	for(a = arp->cache; len > 0 && a < &arp->cache[NCACHE]; a++){
-		if(a->state == 0)
+		if(a->state == 0 || (ifc = a->ifc) == nil)
 			continue;
-		if(offset > 0){
-			offset--;
+
+		rlock(ifc);
+		qlock(arp);
+		state = arpstate[a->state];
+		ipmove(ip, a->ip);
+		if(ifc->m == nil || a->ifcid != ifc->ifcid || !ipv6local(ifc, ia, 0, ip)){
+			qunlock(arp);
+			runlock(ifc);
 			continue;
 		}
-		len--;
-		qlock(arp);
-		convmac(mac, a->mac, a->type->maclen);
-		n += sprint(p+n, aformat, a->type->name, arpstate[a->state], a->ip, mac);
+		mname = ifc->m->name;
+		convmac(mac, a->mac, ifc->m->maclen);
 		qunlock(arp);
+		runlock(ifc);
+
+		n = snprint(up->genbuf, sizeof up->genbuf,
+			"%-6.6s %-4.4s %-40.40I %-16.16s %I\n",
+			mname, state, ip, mac, ia);
+		o += n;
+		if(o <= 0)
+			continue;
+		if(n > len)
+			break;
+		memmove(p, up->genbuf, n);
+		len -= n;
+		p += n;
 	}
 
-	return n;
+	return p - s;
 }
 
-extern int
-rxmitsols(Arp *arp)
+void
+ndpsendsol(Fs *f, Ipifc *ifc, Arpent *a)
 {
-	uint sflag;
-	Block *next, *xp;
-	Arpent *a, *b, **l;
-	Fs *f;
-	uchar ipsrc[IPaddrlen];
-	Ipifc *ifc = nil;
-	long nrxt;
+	uchar targ[IPaddrlen], src[IPaddrlen];
+	Arpent **l;
 
-	qlock(arp);
-	f = arp->f;
+	a->ctime = NOW;
+	if(a->rxtsrem == 0)
+		a->rxtsrem = MAX_MULTICAST_SOLICIT;
+	else
+		a->rxtsrem--;
+
+	/* put on end of re-transmit chain */
+	for(l = rxmtunchain(f->arp, a); *l != nil; l = &(*l)->nextrxt)
+		;
+	*l = a;
 
-	a = arp->rxmt;
-	if(a==nil){
-		nrxt = 0;
-		goto dodrops; 		//return nrxt;
-	}
-	nrxt = a->rtime - NOW;
-	if(nrxt > 3*ReTransTimer/4) 
-		goto dodrops; 		//return nrxt;
-
-	for(; a; a = a->nextrxt){
-		ifc = a->ifc;
-		assert(ifc != nil);
-		if((a->rxtsrem <= 0) || !(canrlock(ifc)) || (a->ifcid != ifc->ifcid)){
-			xp = a->hold;
-			a->hold = nil;
-
-			if(xp){
-				if(arp->dropl == nil) 
-					arp->dropf = xp;
-				else
-					arp->dropl->list = xp;
-			}
+	if(l == &f->arp->rxmt)
+		wakeup(&f->arp->rxmtq);
 
-			cleanarpent(arp, a);
-		}
-		else
-			break;
+	/* try to use source address of original packet */
+	ipmove(targ, a->ip);
+	if(a->last != nil){
+		ipmove(src, ((Ip6hdr*)a->last->rp)->src);
+		arprelease(f->arp, a);
+
+		if(iplocalonifc(ifc, src) != nil || ipproxyifc(f, ifc, src))
+			goto send;
+	} else {
+		arprelease(f->arp, a);
 	}
-	if(a == nil)
-		goto dodrops;
-
-
-	qunlock(arp);	/* for icmpns */
-	if((sflag = ipv6anylocal(ifc, ipsrc)) != SRC_UNSPEC) 
-		icmpns(f, ipsrc, sflag, a->ip, TARG_MULTI, ifc->mac); 
+	if(!ipv6local(ifc, src, 0, targ))
+		return;
+send:
+	if(!waserror()){
+		icmpns(f, src, SRC_UNI, targ, TARG_MULTI, ifc->mac);
+		poperror();
+	}
+}
 
-	runlock(ifc);
-	qlock(arp);	
+static void
+rxmitsols(Arp *arp)
+{
+	Block *next, *bp;
+	Arpent *a;
+	Ipifc *ifc;
+	Route *r;
 
-	/* put to the end of re-transmit chain */
-	l = &arp->rxmt;
-	for(b = *l; b; b = b->nextrxt){
-		if(b == a){
-			*l = a->nextrxt;
-			break;
+	qlock(arp);
+	while((a = arp->rxmt) != nil && NOW - a->ctime > 3*ReTransTimer/4){
+		if(a->rxtsrem > 0 && (ifc = a->ifc) != nil && canrlock(ifc)){
+			if(a->ifcid == ifc->ifcid){
+				ndpsendsol(arp->f, ifc, a);	/* unlocks arp */
+				runlock(ifc);
+				qlock(arp);
+				continue;
+			}
+			runlock(ifc);
 		}
-		l = &b->nextrxt;
-	}
-	for(b = *l; b; b = b->nextrxt){
-		l = &b->nextrxt;
+		cleanarpent(arp, a);
 	}
-	*l = a;
-	a->rxtsrem--;
-	a->nextrxt = nil;
-	a->rtime = NOW + ReTransTimer;
-
-	a = arp->rxmt;
-	if(a==nil)
-		nrxt = 0;
-	else 
-		nrxt = a->rtime - NOW;
-
-dodrops:
-	xp = arp->dropf;
-	arp->dropf = nil;
-	arp->dropl = nil;
+	bp = arp->dropf;
+	arp->dropf = arp->dropl = nil;
 	qunlock(arp);
 
-	for(; xp; xp = next){
-		next = xp->list;
-		icmphostunr(f, ifc, xp, icmp6_adr_unreach, 1);
+	for(; bp != nil; bp = next){
+		next = bp->list;
+		bp->list = nil;
+		r = v6lookup(arp->f, ((Ip6hdr*)bp->rp)->src, ((Ip6hdr*)bp->rp)->dst, nil);
+		if(r != nil && (ifc = r->ifc) != nil && canrlock(ifc)){
+			if(!waserror()){
+				icmphostunr6(arp->f, ifc, bp, Icmp6_adr_unreach, (r->type & Runi) != 0);
+				poperror();
+			}
+			runlock(ifc);
+		}
+		freeblist(bp);
 	}
-
-	return nrxt;
-
 }
 
 static int
 rxready(void *v)
 {
-	Arp *arp = (Arp *) v;
-	int x;
-
-	x = ((arp->rxmt != nil) || (arp->dropf != nil));
+	Arp *arp = (Arp *)v;
 
-	return x;
+	return arp->rxmt != nil || arp->dropf != nil;
 }
 
 static void
 rxmitproc(void *v)
 {
 	Arp *arp = v;
-	long wakeupat;
 
 	arp->rxmitp = up;
-	//print("arp rxmitproc started\n");
 	if(waserror()){
-		arp->rxmitp = 0;
+		arp->rxmitp = nil;
 		pexit("hangup", 1);
 	}
 	for(;;){
-		wakeupat = rxmitsols(arp);
-		if(wakeupat == 0) 
-			sleep(&arp->rxmtq, rxready, v); 
-		else if(wakeupat > ReTransTimer/4) 
-			tsleep(&arp->rxmtq, return0, 0, wakeupat); 
+		sleep(&arp->rxmtq, rxready, v);
+		rxmitsols(arp);
+		tsleep(&arp->rxmtq, return0, nil, ReTransTimer/4);
 	}
 }
-
--- a/os/ip/bootp.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,231 +0,0 @@
-#include "u.h"
-#include "../port/lib.h"
-#include "mem.h"
-#include "dat.h"
-#include "fns.h"
-#include "../port/error.h"
-#include "kernel.h"
-#include "ip.h"
-
-static	ulong	fsip;
-static	ulong	auip;
-static	ulong	gwip;
-static	ulong	ipmask;
-static	ulong	ipaddr;
-
-enum
-{
-	Bootrequest = 1,
-	Bootreply   = 2,
-};
-
-typedef struct Bootp
-{
-	/* udp.c oldheader */
-	uchar	raddr[IPaddrlen];
-	uchar	laddr[IPaddrlen];
-	uchar	rport[2];
-	uchar	lport[2];
-	/* bootp itself */
-	uchar	op;		/* opcode */
-	uchar	htype;		/* hardware type */
-	uchar	hlen;		/* hardware address len */
-	uchar	hops;		/* hops */
-	uchar	xid[4];		/* a random number */
-	uchar	secs[2];	/* elapsed snce client started booting */
-	uchar	pad[2];
-	uchar	ciaddr[4];	/* client IP address (client tells server) */
-	uchar	yiaddr[4];	/* client IP address (server tells client) */
-	uchar	siaddr[4];	/* server IP address */
-	uchar	giaddr[4];	/* gateway IP address */
-	uchar	chaddr[16];	/* client hardware address */
-	uchar	sname[64];	/* server host name (optional) */
-	uchar	file[128];	/* boot file name */
-	uchar	vend[128];	/* vendor-specific goo */
-} Bootp;
-
-/*
- * bootp returns:
- *
- * "fsip d.d.d.d
- * auip d.d.d.d
- * gwip d.d.d.d
- * ipmask d.d.d.d
- * ipaddr d.d.d.d"
- *
- * where d.d.d.d is the IP address in dotted decimal notation, and each
- * address is followed by a newline.
- */
-
-static	Bootp	req;
-static	Proc*	rcvprocp;
-static	int	recv;
-static	int	done;
-static	Rendez	bootpr;
-static	char	rcvbuf[512+2*IPaddrlen+2*2];
-
-static void
-rcvbootp(void *a)
-{
-	int n, fd;
-	Bootp *rp;
-	char *field[4];
-	uchar ip[IPaddrlen];
-
-	if(waserror())
-		pexit("", 0);
-	rcvprocp = up;	/* store for postnote below */
-	fd = (int)a;	/* at compilation: warning: ../ip/bootp.c:78 conversion of pointer to shorter integer */
-	while(done == 0) {
-		n = kread(fd, rcvbuf, sizeof(rcvbuf));
-		if(n <= 0)
-			break;
-		rp = (Bootp*)rcvbuf;
-		/* currently ignore udp's header */
-		if(memcmp(req.chaddr, rp->chaddr, 6) == 0
-		&& rp->htype == 1 && rp->hlen == 6
-		&& getfields((char*)rp->vend+4, field, 4, 1, " ") == 4
-		&& strncmp((char*)rp->vend, "p9  ", 4) == 0){
-			if(ipaddr == 0)
-				ipaddr = nhgetl(rp->yiaddr);
-			if(ipmask == 0)
-				ipmask = parseip(ip, field[0]);
-			if(fsip == 0)
-				fsip = parseip(ip, field[1]);
-			if(auip == 0)
-				auip = parseip(ip, field[2]);
-			if(gwip == 0)
-				gwip = parseip(ip, field[3]);
-			break;
-		}
-	}
-	poperror();
-	rcvprocp = nil;
-
-	recv = 1;
-	wakeup(&bootpr);
-	pexit("", 0);
-}
-
-static char*
-rbootp(Ipifc *ifc)
-{
-	int cfd, dfd, tries, n;
-	char ia[5+3*24], im[16], *av[3];
-	uchar nipaddr[4], ngwip[4], nipmask[4];
-	char dir[Maxpath];
-
-	av[1] = "0.0.0.0";
-	av[2] = "0.0.0.0";
-	ipifcadd(ifc, av, 3, 0, nil);
-
-	cfd = kannounce("udp!*!68", dir);
-	if(cfd < 0)
-		return "bootp announce failed";
-	strcat(dir, "/data");
-	if(kwrite(cfd, "headers", 7) < 0){
-		kclose(cfd);
-		return "bootp ctl headers failed";
-	}
-	kwrite(cfd, "oldheaders", 10);
-	dfd = kopen(dir, ORDWR);
-	if(dfd < 0){
-		kclose(cfd);
-		return "bootp open data failed";
-	}
-	kclose(cfd);
-	
-
-	/* create request */
-	memset(&req, 0, sizeof(req));
-	ipmove(req.raddr, IPv4bcast);
-	hnputs(req.rport, 67);
-	req.op = Bootrequest;
-	req.htype = 1;			/* ethernet (all we know) */
-	req.hlen = 6;			/* ethernet (all we know) */
-
-	/* Hardware MAC address */
-	memmove(req.chaddr, ifc->mac, 6);
-	/* Fill in the local IP address if we know it */
-	ipv4local(ifc, req.ciaddr);
-	memset(req.file, 0, sizeof(req.file));
-	strcpy((char*)req.vend, "p9  ");
-
-	done = 0;
-	recv = 0;
-
-	kproc("rcvbootp", rcvbootp, (void*)dfd, KPDUPFDG);
-
-	/*
-	 * broadcast bootp's till we get a reply,
-	 * or fixed number of tries
-	 */
-	tries = 0;
-	while(recv == 0) {
-		if(kwrite(dfd, &req, sizeof(req)) < 0)
-			print("bootp: write: %s\n", commonerror());
-
-		tsleep(&bootpr, return0, 0, 1000);
-		if(++tries > 10) {
-			print("bootp: timed out\n");
-			break;
-		}
-	}
-	kclose(dfd);
-	done = 1;
-	if(rcvprocp != nil){
-		postnote(rcvprocp, 1, "timeout", 0);
-		rcvprocp = nil;
-	}
-
-	av[1] = "0.0.0.0";
-	av[2] = "0.0.0.0";
-	ipifcrem(ifc, av, 3);
-
-	hnputl(nipaddr, ipaddr);
-	sprint(ia, "%V", nipaddr);
-	hnputl(nipmask, ipmask);
-	sprint(im, "%V", nipmask);
-	av[1] = ia;
-	av[2] = im;
-	ipifcadd(ifc, av, 3, 0, nil);
-
-	if(gwip != 0) {
-		hnputl(ngwip, gwip);
-		n = snprint(ia, sizeof(ia), "add 0.0.0.0 0.0.0.0 %V", ngwip);
-		routewrite(ifc->conv->p->f, nil, ia, n);
-	}
-	return nil;
-}
-
-static int
-rbootpread(char *bp, ulong offset, int len)
-{
-	int n;
-	char *buf;
-	uchar a[4];
-
-	buf = smalloc(READSTR);
-	if(waserror()){
-		free(buf);
-		nexterror();
-	}
-	hnputl(a, fsip);
-	n = snprint(buf, READSTR, "fsip %15V\n", a);
-	hnputl(a, auip);
-	n += snprint(buf + n, READSTR-n, "auip %15V\n", a);
-	hnputl(a, gwip);
-	n += snprint(buf + n, READSTR-n, "gwip %15V\n", a);
-	hnputl(a, ipmask);
-	n += snprint(buf + n, READSTR-n, "ipmask %15V\n", a);
-	hnputl(a, ipaddr);
-	snprint(buf + n, READSTR-n, "ipaddr %15V\n", a);
-
-	len = readstr(offset, bp, len, buf);
-	poperror();
-	free(buf);
-	return len;
-}
-
-char*	(*bootp)(Ipifc*) = rbootp;
-int	(*bootpread)(char*, ulong, int) = rbootpread;
--- a/os/ip/compress.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,520 +0,0 @@
-#include	"u.h"
-#include	"../port/lib.h"
-#include	"mem.h"
-#include	"dat.h"
-#include	"fns.h"
-#include	"../port/error.h"
-
-#include	"ip.h"
-#include	"ppp.h"
-
-typedef struct Iphdr	Iphdr;
-typedef struct Tcphdr	Tcphdr;
-typedef struct Ilhdr	Ilhdr;
-typedef struct Hdr	Hdr;
-typedef struct Tcpc	Tcpc;
-
-struct Iphdr
-{
-	uchar	vihl;		/* Version and header length */
-	uchar	tos;		/* Type of service */
-	uchar	length[2];	/* packet length */
-	uchar	id[2];		/* Identification */
-	uchar	frag[2];	/* Fragment information */
-	uchar	ttl;		/* Time to live */
-	uchar	proto;		/* Protocol */
-	uchar	cksum[2];	/* Header checksum */
-	ulong	src;		/* Ip source (byte ordering unimportant) */
-	ulong	dst;		/* Ip destination (byte ordering unimportant) */
-};
-
-struct Tcphdr
-{
-	ulong	ports;		/* defined as a ulong to make comparisons easier */
-	uchar	seq[4];
-	uchar	ack[4];
-	uchar	flag[2];
-	uchar	win[2];
-	uchar	cksum[2];
-	uchar	urg[2];
-};
-
-struct Ilhdr
-{
-	uchar	sum[2];	/* Checksum including header */
-	uchar	len[2];	/* Packet length */
-	uchar	type;		/* Packet type */
-	uchar	spec;		/* Special */
-	uchar	src[2];	/* Src port */
-	uchar	dst[2];	/* Dst port */
-	uchar	id[4];	/* Sequence id */
-	uchar	ack[4];	/* Acked sequence */
-};
-
-enum
-{
-	URG		= 0x20,		/* Data marked urgent */
-	ACK		= 0x10,		/* Aknowledge is valid */
-	PSH		= 0x08,		/* Whole data pipe is pushed */
-	RST		= 0x04,		/* Reset connection */
-	SYN		= 0x02,		/* Pkt. is synchronise */
-	FIN		= 0x01,		/* Start close down */
-
-	IP_DF		= 0x4000,	/* Don't fragment */
-
-	IP_TCPPROTO	= 6,
-	IP_ILPROTO	= 40,
-	IL_IPHDR	= 20,
-};
-
-struct Hdr
-{
-	uchar	buf[128];
-	Iphdr	*ip;
-	Tcphdr	*tcp;
-	int	len;
-};
-
-struct Tcpc
-{
-	uchar	lastrecv;
-	uchar	lastxmit;
-	uchar	basexmit;
-	uchar	err;
-	uchar	compressid;
-	Hdr	t[MAX_STATES];
-	Hdr	r[MAX_STATES];
-};
-
-enum
-{	/* flag bits for what changed in a packet */
-	NEW_U=(1<<0),	/* tcp only */
-	NEW_W=(1<<1),	/* tcp only */
-	NEW_A=(1<<2),	/* il tcp */
-	NEW_S=(1<<3),	/* tcp only */
-	NEW_P=(1<<4),	/* tcp only */
-	NEW_I=(1<<5),	/* il tcp */
-	NEW_C=(1<<6),	/* il tcp */
-	NEW_T=(1<<7),	/* il only */
-	TCP_PUSH_BIT	= 0x10,
-};
-
-/* reserved, special-case values of above for tcp */
-#define SPECIAL_I (NEW_S|NEW_W|NEW_U)		/* echoed interactive traffic */
-#define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U)	/* unidirectional data */
-#define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U)
-
-int
-encode(void *p, ulong n)
-{
-	uchar	*cp;
-
-	cp = p;
-	if(n >= 256 || n == 0) {
-		*cp++ = 0;
-		cp[0] = n >> 8;
-		cp[1] = n;
-		return 3;
-	} else 
-		*cp = n;
-	return 1;
-}
-
-#define DECODEL(f) { \
-	if (*cp == 0) {\
-		hnputl(f, nhgetl(f) + ((cp[1] << 8) | cp[2])); \
-		cp += 3; \
-	} else { \
-		hnputl(f, nhgetl(f) + (ulong)*cp++); \
-	} \
-}
-#define DECODES(f) { \
-	if (*cp == 0) {\
-		hnputs(f, nhgets(f) + ((cp[1] << 8) | cp[2])); \
-		cp += 3; \
-	} else { \
-		hnputs(f, nhgets(f) + (ulong)*cp++); \
-	} \
-}
-
-ushort
-tcpcompress(Tcpc *comp, Block *b, Fs *)
-{
-	Iphdr	*ip;		/* current packet */
-	Tcphdr	*tcp;		/* current pkt */
-	ulong 	iplen, tcplen, hlen;	/* header length in bytes */
-	ulong 	deltaS, deltaA;	/* general purpose temporaries */
-	ulong 	changes;	/* change mask */
-	uchar	new_seq[16];	/* changes from last to current */
-	uchar	*cp;
-	Hdr	*h;		/* last packet */
-	int 	i, j;
-
-	/*
-	 * Bail if this is not a compressible TCP/IP packet
-	 */
-	ip = (Iphdr*)b->rp;
-	iplen = (ip->vihl & 0xf) << 2;
-	tcp = (Tcphdr*)(b->rp + iplen);
-	tcplen = (tcp->flag[0] & 0xf0) >> 2;
-	hlen = iplen + tcplen;
-	if((tcp->flag[1] & (SYN|FIN|RST|ACK)) != ACK)
-		return Pip;	/* connection control */
-
-	/*
-	 * Packet is compressible, look for a connection
-	 */
-	changes = 0;
-	cp = new_seq;
-	j = comp->lastxmit;
-	h = &comp->t[j];
-	if(ip->src != h->ip->src || ip->dst != h->ip->dst
-	|| tcp->ports != h->tcp->ports) {
-		for(i = 0; i < MAX_STATES; ++i) {
-			j = (comp->basexmit + i) % MAX_STATES;
-			h = &comp->t[j];
-			if(ip->src == h->ip->src && ip->dst == h->ip->dst
-			&& tcp->ports == h->tcp->ports)
-				goto found;
-		}
-
-		/* no connection, reuse the oldest */
-		if(i == MAX_STATES) {
-			j = comp->basexmit;
-			j = (j + MAX_STATES - 1) % MAX_STATES;
-			comp->basexmit = j;
-			h = &comp->t[j];
-			goto raise;
-		}
-	}
-found:
-
-	/*
-	 * Make sure that only what we expect to change changed. 
-	 */
-	if(ip->vihl  != h->ip->vihl || ip->tos   != h->ip->tos ||
-	   ip->ttl   != h->ip->ttl  || ip->proto != h->ip->proto)
-		goto raise;	/* headers changed */
-	if(iplen != sizeof(Iphdr) && memcmp(ip+1, h->ip+1, iplen - sizeof(Iphdr)))
-		goto raise;	/* ip options changed */
-	if(tcplen != sizeof(Tcphdr) && memcmp(tcp+1, h->tcp+1, tcplen - sizeof(Tcphdr)))
-		goto raise;	/* tcp options changed */
-
-	if(tcp->flag[1] & URG) {
-		cp += encode(cp, nhgets(tcp->urg));
-		changes |= NEW_U;
-	} else if(memcmp(tcp->urg, h->tcp->urg, sizeof(tcp->urg)) != 0)
-		goto raise;
-	if(deltaS = nhgets(tcp->win) - nhgets(h->tcp->win)) {
-		cp += encode(cp, deltaS);
-		changes |= NEW_W;
-	}
-	if(deltaA = nhgetl(tcp->ack) - nhgetl(h->tcp->ack)) {
-		if(deltaA > 0xffff)
-			goto raise;
-		cp += encode(cp, deltaA);
-		changes |= NEW_A;
-	}
-	if(deltaS = nhgetl(tcp->seq) - nhgetl(h->tcp->seq)) {
-		if (deltaS > 0xffff)
-			goto raise;
-		cp += encode(cp, deltaS);
-		changes |= NEW_S;
-	}
-
-	/*
-	 * Look for the special-case encodings.
-	 */
-	switch(changes) {
-	case 0:
-		/*
-		 * Nothing changed. If this packet contains data and the last
-		 * one didn't, this is probably a data packet following an
-		 * ack (normal on an interactive connection) and we send it
-		 * compressed. Otherwise it's probably a retransmit,
-		 * retransmitted ack or window probe.  Send it uncompressed
-		 * in case the other side missed the compressed version.
-		 */
-		if(nhgets(ip->length) == nhgets(h->ip->length) ||
-		   nhgets(h->ip->length) != hlen)
-			goto raise;
-		break;
-	case SPECIAL_I:
-	case SPECIAL_D:
-		/*
-		 * Actual changes match one of our special case encodings --
-		 * send packet uncompressed.
-		 */
-		goto raise;
-	case NEW_S | NEW_A:
-		if (deltaS == deltaA &&
-			deltaS == nhgets(h->ip->length) - hlen) {
-			/* special case for echoed terminal traffic */
-			changes = SPECIAL_I;
-			cp = new_seq;
-		}
-		break;
-	case NEW_S:
-		if (deltaS == nhgets(h->ip->length) - hlen) {
-			/* special case for data xfer */
-			changes = SPECIAL_D;
-			cp = new_seq;
-		}
-		break;
-	}
-	deltaS = nhgets(ip->id) - nhgets(h->ip->id);
-	if(deltaS != 1) {
-		cp += encode(cp, deltaS);
-		changes |= NEW_I;
-	}
-	if (tcp->flag[1] & PSH)
-		changes |= TCP_PUSH_BIT;
-	/*
-	 * Grab the cksum before we overwrite it below. Then update our
-	 * state with this packet's header.
-	 */
-	deltaA = nhgets(tcp->cksum);
-	memmove(h->buf, b->rp, hlen);
-	h->len = hlen;
-	h->tcp = (Tcphdr*)(h->buf + iplen);
-
-	/*
-	 * We want to use the original packet as our compressed packet. (cp -
-	 * new_seq) is the number of bytes we need for compressed sequence
-	 * numbers. In addition we need one byte for the change mask, one
-	 * for the connection id and two for the tcp checksum. So, (cp -
-	 * new_seq) + 4 bytes of header are needed. hlen is how many bytes
-	 * of the original packet to toss so subtract the two to get the new
-	 * packet size. The temporaries are gross -egs.
-	 */
-	deltaS = cp - new_seq;
-	cp = b->rp;
-	if(comp->lastxmit != j || comp->compressid == 0) {
-		comp->lastxmit = j;
-		hlen -= deltaS + 4;
-		cp += hlen;
-		*cp++ = (changes | NEW_C);
-		*cp++ = j;
-	} else {
-		hlen -= deltaS + 3;
-		cp += hlen;
-		*cp++ = changes;
-	}
-	b->rp += hlen;
-	hnputs(cp, deltaA);
-	cp += 2;
-	memmove(cp, new_seq, deltaS);
-	return Pvjctcp;
-
-raise:
-	/*
-	 * Update connection state & send uncompressed packet
-	 */
-	memmove(h->buf, b->rp, hlen);
-	h->tcp = (Tcphdr*)(h->buf + iplen);
-	h->len = hlen;
-	h->ip->proto = j;
-	comp->lastxmit = j;
-	return Pvjutcp;
-}
-
-Block*
-tcpuncompress(Tcpc *comp, Block *b, ushort type, Fs *f)
-{
-	uchar	*cp, changes;
-	int	i;
-	int	iplen, len;
-	Iphdr	*ip;
-	Tcphdr	*tcp;
-	Hdr	*h;
-
-	if(type == Pvjutcp) {
-		/*
-		 *  Locate the saved state for this connection. If the state
-		 *  index is legal, clear the 'discard' flag.
-		 */
-		ip = (Iphdr*)b->rp;
-		if(ip->proto >= MAX_STATES)
-			goto raise;
-		iplen = (ip->vihl & 0xf) << 2;
-		tcp = (Tcphdr*)(b->rp + iplen);
-		comp->lastrecv = ip->proto;
-		len = iplen + ((tcp->flag[0] & 0xf0) >> 2);
-		comp->err = 0;
-netlog(f, Logcompress, "uncompressed %d\n", comp->lastrecv);
-		/*
-		 * Restore the IP protocol field then save a copy of this
-		 * packet header. The checksum is zeroed in the copy so we
-		 * don't have to zero it each time we process a compressed
-		 * packet.
-		 */
-		ip->proto = IP_TCPPROTO;
-		h = &comp->r[comp->lastrecv];
-		memmove(h->buf, b->rp, len);
-		h->tcp = (Tcphdr*)(h->buf + iplen);
-		h->len = len;
-		h->ip->cksum[0] = h->ip->cksum[1] = 0;
-		return b;
-	}
-
-	cp = b->rp;
-	changes = *cp++;
-	if(changes & NEW_C) {
-		/*
-		 * Make sure the state index is in range, then grab the
-		 * state. If we have a good state index, clear the 'discard'
-		 * flag.
-		 */
-		if(*cp >= MAX_STATES)
-			goto raise;
-		comp->err = 0;
-		comp->lastrecv = *cp++;
-netlog(f, Logcompress, "newc %d\n", comp->lastrecv);
-	} else {
-		/*
-		 * This packet has no state index. If we've had a
-		 * line error since the last time we got an explicit state
-		 * index, we have to toss the packet.
-		 */
-		if(comp->err != 0){
-			freeblist(b);
-			return nil;
-		}
-netlog(f, Logcompress, "oldc %d\n", comp->lastrecv);
-	}
-
-	/*
-	 * Find the state then fill in the TCP checksum and PUSH bit.
-	 */
-	h = &comp->r[comp->lastrecv];
-	ip = h->ip;
-	tcp = h->tcp;
-	len = h->len;
-	memmove(tcp->cksum, cp, sizeof tcp->cksum);
-	cp += 2;
-	if(changes & TCP_PUSH_BIT)
-		tcp->flag[1] |= PSH;
-	else
-		tcp->flag[1] &= ~PSH;
-	/*
-	 * Fix up the state's ack, seq, urg and win fields based on the
-	 * changemask.
-	 */
-	switch (changes & SPECIALS_MASK) {
-	case SPECIAL_I:
-		i = nhgets(ip->length) - len;
-		hnputl(tcp->ack, nhgetl(tcp->ack) + i);
-		hnputl(tcp->seq, nhgetl(tcp->seq) + i);
-		break;
-
-	case SPECIAL_D:
-		hnputl(tcp->seq, nhgetl(tcp->seq) + nhgets(ip->length) - len);
-		break;
-
-	default:
-		if(changes & NEW_U) {
-			tcp->flag[1] |= URG;
-			if(*cp == 0){
-				hnputs(tcp->urg, nhgets(cp+1));
-				cp += 3;
-			}else
-				hnputs(tcp->urg, *cp++);
-		} else
-			tcp->flag[1] &= ~URG;
-		if(changes & NEW_W)
-			DECODES(tcp->win)
-		if(changes & NEW_A)
-			DECODEL(tcp->ack)
-		if(changes & NEW_S)
-			DECODEL(tcp->seq)
-		break;
-	}
-
-	/* Update the IP ID */
-	if(changes & NEW_I)
-		DECODES(ip->id)
-	else
-		hnputs(ip->id, nhgets(ip->id) + 1);
-
-	/*
-	 *  At this point, cp points to the first byte of data in the packet.
-	 *  Back up cp by the TCP/IP header length to make room for the
-	 *  reconstructed header.
-	 *  We assume the packet we were handed has enough space to prepend
-	 *  up to 128 bytes of header.
-	 */
-	b->rp = cp;
-	if(b->rp - b->base < len){
-		b = padblock(b, len);
-		b = pullupblock(b, blocklen(b));
-	} else
-		b->rp -= len;
-	hnputs(ip->length, BLEN(b));
-	memmove(b->rp, ip, len);
-	
-	/* recompute the ip header checksum */
-	ip = (Iphdr*)b->rp;
-	hnputs(ip->cksum, ipcsum(b->rp));
-	return b;
-
-raise:
-	netlog(f, Logcompress, "Bad Packet!\n");
-	comp->err = 1;
-	freeblist(b);
-	return nil;
-}
-
-Tcpc*
-compress_init(Tcpc *c)
-{
-	int i;
-	Hdr *h;
-
-	if(c == nil){
-		c = malloc(sizeof(Tcpc));
-		if(c == nil)
-			return nil;
-	}
-	memset(c, 0, sizeof(*c));
-	for(i = 0; i < MAX_STATES; i++){
-		h = &c->t[i];
-		h->ip = (Iphdr*)h->buf;
-		h->tcp = (Tcphdr*)(h->buf + 10);
-		h->len = 20;
-		h = &c->r[i];
-		h->ip = (Iphdr*)h->buf;
-		h->tcp = (Tcphdr*)(h->buf + 10);
-		h->len = 20;
-	}
-
-	return c;
-}
-
-ushort
-compress(Tcpc *tcp, Block *b, Fs *f)
-{
-	Iphdr		*ip;
-
-	/*
-	 * Bail if this is not a compressible IP packet
-	 */
-	ip = (Iphdr*)b->rp;
-	if((nhgets(ip->frag) & 0x3fff) != 0)
-		return Pip;
-
-	switch(ip->proto) {
-	case IP_TCPPROTO:
-		return tcpcompress(tcp, b, f);
-	default:
-		return Pip;
-	}
-}
-
-int
-compress_negotiate(Tcpc *tcp, uchar *data)
-{
-	if(data[0] != MAX_STATES - 1)
-		return -1;
-	tcp->compressid = data[1];
-	return 0;
-}
--- a/os/ip/devip.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/devip.c	Sat Aug 21 01:39:52 2021
@@ -14,7 +14,6 @@
 	Qbootp,
 	Qndb,
 	Qiproute,
-	Qiprouter,
 	Qipselftab,
 	Qlog,
 
@@ -43,11 +42,11 @@
 	Maskproto=	(1<<Logproto)-1,
 	Shiftproto=	Logtype + Logconv,
 
-	Nfs=		32,
+	Nfs=		128,
 };
-#define TYPE(x) 	( ((u32)(x).path) & Masktype )
-#define CONV(x) 	( (((u32)(x).path) >> Shiftconv) & Maskconv )
-#define PROTO(x) 	( (((u32)(x).path) >> Shiftproto) & Maskproto )
+#define TYPE(x) 	( ((ulong)(x).path) & Masktype )
+#define CONV(x) 	( (((ulong)(x).path) >> Shiftconv) & Maskconv )
+#define PROTO(x) 	( (((ulong)(x).path) >> Shiftproto) & Maskproto )
 #define QID(p, c, y) 	( ((p)<<(Shiftproto)) | ((c)<<Shiftconv) | (y) )
 
 static char network[] = "network";
@@ -58,8 +57,7 @@
 
 extern	void nullmediumlink(void);
 extern	void pktmediumlink(void);
-static	long ndbwrite(Fs*, char*, ulong, int);
-extern void    closeconv(Conv*);
+	long ndbwrite(Fs *f, char *a, ulong off, int n);
 
 static int
 ip3gen(Chan *c, int i, Dir *dp)
@@ -121,7 +119,7 @@
 		mkqid(&q, QID(PROTO(c->qid), 0, Qstats), 0, QTFILE);
 		devdir(c, q, "stats", 0, network, 0444, dp);
 		return 1;
-	}	
+	}
 	return -1;
 }
 
@@ -144,11 +142,10 @@
 		return -1;
 	case Qarp:
 		p = "arp";
+		prot = 0664;
 		break;
 	case Qbootp:
 		p = "bootp";
-		if(bootp == nil)
-			return 0;
 		break;
 	case Qndb:
 		p = "ndb";
@@ -157,14 +154,12 @@
 		break;
 	case Qiproute:
 		p = "iproute";
+		prot = 0664;
 		break;
 	case Qipselftab:
 		p = "ipselftab";
 		prot = 0444;
 		break;
-	case Qiprouter:
-		p = "iprouter";
-		break;
 	case Qlog:
 		p = "log";
 		break;
@@ -188,7 +183,7 @@
 	case Qtopdir:
 		if(s == DEVDOTDOT){
 			mkqid(&q, QID(0, 0, Qtopdir), 0, QTDIR);
-			sprint(up->genbuf, "#I%ud", c->dev);
+			snprint(up->genbuf, sizeof up->genbuf, "#I%lud", c->dev);
 			devdir(c, q, up->genbuf, 0, network, 0555, dp);
 			return 1;
 		}
@@ -206,19 +201,18 @@
 	case Qndb:
 	case Qlog:
 	case Qiproute:
-	case Qiprouter:
 	case Qipselftab:
 		return ip1gen(c, TYPE(c->qid), dp);
 	case Qprotodir:
 		if(s == DEVDOTDOT){
 			mkqid(&q, QID(0, 0, Qtopdir), 0, QTDIR);
-			sprint(up->genbuf, "#I%ud", c->dev);
+			snprint(up->genbuf, sizeof up->genbuf, "#I%lud", c->dev);
 			devdir(c, q, up->genbuf, 0, network, 0555, dp);
 			return 1;
 		}
 		if(s < f->p[PROTO(c->qid)]->ac) {
 			cv = f->p[PROTO(c->qid)]->conv[s];
-			sprint(up->genbuf, "%d", s);
+			snprint(up->genbuf, sizeof up->genbuf, "%d", s);
 			mkqid(&q, QID(PROTO(c->qid), s, Qconvdir), 0, QTDIR);
 			devdir(c, q, up->genbuf, 0, cv->owner, 0555, dp);
 			return 1;
@@ -262,45 +256,14 @@
 	fmtinstall('M', eipfmt);
 }
 
-static Fs*
-ipgetfs(int dev)
-{
-	extern void (*ipprotoinit[])(Fs*);
-	Fs *f;
-	int i;
-
-	if(dev >= Nfs)
-		return nil;
-
-	qlock(&fslock);
-	if(ipfs[dev] == nil){
-		f = smalloc(sizeof(Fs));
-		ip_init(f);
-		arpinit(f);
-		netloginit(f);
-		for(i = 0; ipprotoinit[i]; i++)
-			ipprotoinit[i](f);
-		f->dev = dev;
-		ipfs[dev] = f;
-	}
-	qunlock(&fslock);
-
-	return ipfs[dev];
-}
-
 IPaux*
 newipaux(char *owner, char *tag)
 {
 	IPaux *a;
-	int n;
 
 	a = smalloc(sizeof(*a));
 	kstrdup(&a->owner, owner);
-	memset(a->tag, ' ', sizeof(a->tag));
-	n = strlen(tag);
-	if(n > sizeof(a->tag))
-		n = sizeof(a->tag);
-	memmove(a->tag, tag, n);
+	strncpy(a->tag, tag, sizeof(a->tag));
 	return a;
 }
 
@@ -310,13 +273,29 @@
 ipattach(char* spec)
 {
 	Chan *c;
-	int dev;
+	ulong dev;
 
-	dev = atoi(spec);
+	dev = strtoul(spec, nil, 10);
 	if(dev >= Nfs)
-		error("bad specification");
+		error(Enodev);
+
+	qlock(&fslock);
+	if(ipfs[dev] == nil){
+		extern void (*ipprotoinit[])(Fs*);
+		Fs *f;
+		int i;
+
+		f = smalloc(sizeof(Fs));
+		ip_init(f);
+		arpinit(f);
+		netloginit(f);
+		for(i = 0; ipprotoinit[i]; i++)
+			ipprotoinit[i](f);
+		f->dev = dev;
+		ipfs[dev] = f;
+	}
+	qunlock(&fslock);
 
-	ipgetfs(dev);
 	c = devattach('I', spec);
 	mkqid(&c->qid, QID(0, 0, Qtopdir), 0, QTDIR);
 	c->dev = dev;
@@ -327,7 +306,7 @@
 }
 
 static Walkqid*
-ipwalk(Chan* c, Chan *nc, char **name, s32 nname)
+ipwalk(Chan* c, Chan *nc, char **name, int nname)
 {
 	IPaux *a = c->aux;
 	Walkqid* w;
@@ -338,8 +317,9 @@
 	return w;
 }
 
-static s32
-ipstat(Chan* c, uchar* db, s32 n)
+
+static int
+ipstat(Chan* c, uchar* db, int n)
 {
 	return devstat(c, db, n, nil, 0, ipgen);
 }
@@ -360,7 +340,7 @@
 };
 
 static Chan*
-ipopen(Chan* c, u32 omode)
+ipopen(Chan* c, int omode)
 {
 	Conv *cv, *nc;
 	Proto *p;
@@ -375,7 +355,7 @@
 	default:
 		break;
 	case Qndb:
-		if(omode & (OWRITE|OTRUNC) && !iseve())
+		if((omode & (OWRITE|OTRUNC)) != 0 && !iseve())
 			error(Eperm);
 		if((omode & (OWRITE|OTRUNC)) == (OWRITE|OTRUNC))
 			f->ndb[0] = 0;
@@ -383,10 +363,10 @@
 	case Qlog:
 		netlogopen(f);
 		break;
-	case Qiprouter:
-		iprouteropen(f);
-		break;
 	case Qiproute:
+	case Qarp:
+		if(omode != OREAD && !iseve())
+			error(Eperm);
 		break;
 	case Qtopdir:
 	case Qprotodir:
@@ -412,13 +392,8 @@
 	case Qclone:
 		p = f->p[PROTO(c->qid)];
 		qlock(p);
-		if(waserror()){
-			qunlock(p);
-			nexterror();
-		}
 		cv = Fsprotoclone(p, ATTACHER(c));
 		qunlock(p);
-		poperror();
 		if(cv == nil) {
 			error(Enodev);
 			break;
@@ -437,15 +412,12 @@
 			qunlock(p);
 			nexterror();
 		}
-		if((perm & (cv->perm>>6)) != perm) {
-			if(strcmp(ATTACHER(c), cv->owner) != 0)
-				error(Eperm);
-		 	if((perm & cv->perm) != perm)
-				error(Eperm); 
+		if(strcmp(ATTACHER(c), cv->owner) == 0)
+			perm <<= 6;
+		if((perm & cv->perm) != perm && !iseve())
+			error(Eperm);
 
-		}
-		cv->inuse++;
-		if(cv->inuse == 1){
+		if(++cv->inuse == 1){
 			kstrdup(&cv->owner, ATTACHER(c));
 			cv->perm = 0660;
 		}
@@ -455,24 +427,26 @@
 		break;
 	case Qlisten:
 		cv = f->p[PROTO(c->qid)]->conv[CONV(c->qid)];
-		if((perm & (cv->perm>>6)) != perm) {
-			if(strcmp(ATTACHER(c), cv->owner) != 0)
-				error(Eperm);
-		 	if((perm & cv->perm) != perm)
-				error(Eperm); 
-
+		qlock(cv);
+		if(waserror()){
+			qunlock(cv);
+			nexterror();
 		}
+		if(strcmp(ATTACHER(c), cv->owner) == 0)
+			perm <<= 6;
+		if((perm & cv->perm) != perm && !iseve())
+			error(Eperm);
 
 		if(cv->state != Announced)
 			error("not announced");
 
+		cv->inuse++;
+		qunlock(cv);
+		poperror();
 		if(waserror()){
 			closeconv(cv);
 			nexterror();
 		}
-		qlock(cv);
-		cv->inuse++;
-		qunlock(cv);
 
 		nc = nil;
 		while(nc == nil) {
@@ -494,7 +468,6 @@
 			if(nc != nil){
 				cv->incall = nc->next;
 				mkqid(&c->qid, QID(PROTO(c->qid), nc->x, Qctl), 0, QTFILE);
-				kstrdup(&cv->owner, ATTACHER(c));
 			}
 			qunlock(cv);
 
@@ -511,13 +484,25 @@
 	return c;
 }
 
-static s32
-ipwstat(Chan *c, uchar *dp, s32 n)
+static Chan*
+ipcreate(Chan*, char*, int, ulong)
+{
+	error(Eperm);
+	return 0;
+}
+
+static void
+ipremove(Chan*)
 {
-	Dir *d;
+	error(Eperm);
+}
+
+static int
+ipwstat(Chan *c, uchar *dp, int n)
+{
+	Dir *dir;
 	Conv *cv;
 	Fs *f;
-	Proto *p;
 
 	f = ipfs[c->dev];
 	switch(TYPE(c->qid)) {
@@ -529,28 +514,40 @@
 		break;
 	}
 
-	d = smalloc(sizeof(*d)+n);
+	dir = smalloc(sizeof(Dir)+n);
 	if(waserror()){
-		free(d);
+		free(dir);
 		nexterror();
 	}
-	n = convM2D(dp, n, d, (char*)&d[1]);
+	n = convM2D(dp, n, &dir[0], (char*)&dir[1]);
 	if(n == 0)
 		error(Eshortstat);
-	p = f->p[PROTO(c->qid)];
-	cv = p->conv[CONV(c->qid)];
-	if(!iseve() && strcmp(ATTACHER(c), cv->owner) != 0)
+
+	cv = f->p[PROTO(c->qid)]->conv[CONV(c->qid)];
+	qlock(cv);
+	if(waserror()){
+		qunlock(cv);
+		nexterror();
+	}
+	if(strcmp(ATTACHER(c), cv->owner) != 0 && !iseve())
 		error(Eperm);
-	if(!emptystr(d->uid))
-		kstrdup(&cv->owner, d->uid);
-	if(d->mode != ~0UL)
-		cv->perm = d->mode & 0777;
+	if(!emptystr(dir->uid)){
+		if(strcmp(dir->uid, commonuser()) != 0 && !iseve())
+			error(Eperm);
+		kstrdup(&cv->owner, dir->uid);
+	}
+	if(dir->mode != ~0UL)
+		cv->perm = dir->mode & 0666;
+	qunlock(cv);
 	poperror();
-	free(d);
+
+	free(dir);
+	poperror();
+
 	return n;
 }
 
-extern void
+void
 closeconv(Conv *cv)
 {
 	Conv *nc;
@@ -564,7 +561,7 @@
 	}
 
 	/* close all incoming calls since no listen will ever happen */
-	for(nc = cv->incall; nc; nc = cv->incall){
+	for(nc = cv->incall; nc != nil; nc = cv->incall){
 		cv->incall = nc->next;
 		closeconv(nc);
 	}
@@ -576,9 +573,9 @@
 	while((mp = cv->multi) != nil)
 		ipifcremmulti(cv, mp->ma, mp->ia);
 
-	cv->r = nil;
-	cv->rgen = 0;
-	cv->p->close(cv);
+	if(cv->p->close != nil)
+		(*cv->p->close)(cv);
+
 	cv->state = Idle;
 	qunlock(cv);
 }
@@ -596,10 +593,6 @@
 		if(c->flag & COPEN)
 			netlogclose(f);
 		break;
-	case Qiprouter:
-		if(c->flag & COPEN)
-			iprouterclose(f);
-		break;
 	case Qdata:
 	case Qctl:
 	case Qerr:
@@ -620,13 +613,13 @@
 	Statelen=	32*1024,
 };
 
-static s32
-ipread(Chan *ch, void *a, s32 n, s64 off)
+static long
+ipread(Chan *ch, void *a, long n, vlong off)
 {
 	Conv *c;
 	Proto *x;
 	char *buf, *p;
-	s32 rv;
+	long rv;
 	Fs *f;
 	ulong offset = off;
 
@@ -648,21 +641,22 @@
 		return readstr(offset, a, n, f->ndb);
 	case Qiproute:
 		return routeread(f, a, offset, n);
-	case Qiprouter:
-		return iprouterread(f, a, n);
 	case Qipselftab:
 		return ipselftabread(f, a, offset, n);
 	case Qlog:
 		return netlogread(f, a, offset, n);
 	case Qctl:
-		sprint(up->genbuf, "%ud", CONV(ch->qid));
-		return readstr(offset, p, n, up->genbuf);
+		buf = smalloc(16);
+		snprint(buf, 16, "%lud", CONV(ch->qid));
+		rv = readstr(offset, p, n, buf);
+		free(buf);
+		return rv;
 	case Qremote:
 		buf = smalloc(Statelen);
 		x = f->p[PROTO(ch->qid)];
 		c = x->conv[CONV(ch->qid)];
 		if(x->remote == nil) {
-			sprint(buf, "%I!%d\n", c->raddr, c->rport);
+			snprint(buf, Statelen, "%I!%d\n", c->raddr, c->rport);
 		} else {
 			(*x->remote)(c, buf, Statelen-2);
 		}
@@ -674,7 +668,7 @@
 		x = f->p[PROTO(ch->qid)];
 		c = x->conv[CONV(ch->qid)];
 		if(x->local == nil) {
-			sprint(buf, "%I!%d\n", c->laddr, c->lport);
+			snprint(buf, Statelen, "%I!%d\n", c->laddr, c->lport);
 		} else {
 			(*x->local)(c, buf, Statelen-2);
 		}
@@ -711,7 +705,7 @@
 }
 
 static Block*
-ipbread(Chan* ch, s32 n, u32 offset)
+ipbread(Chan* ch, long n, ulong offset)
 {
 	Conv *c;
 	Proto *x;
@@ -740,7 +734,7 @@
 /*
  *  set a local port making sure the quad of raddr,rport,laddr,lport is unique
  */
-static char*
+char*
 setluniqueport(Conv* c, int lport)
 {
 	Proto *p;
@@ -771,58 +765,70 @@
 }
 
 /*
+ * is lport in use by anyone?
+ */
+static int
+lportinuse(Proto *p, ushort lport)
+{
+	int x;
+
+	for(x = 0; x < p->nc && p->conv[x]; x++)
+		if(p->conv[x]->lport == lport)
+			return 1;
+	return 0;
+}
+
+/*
  *  pick a local port and set it
  */
-extern void
+char *
 setlport(Conv* c)
 {
 	Proto *p;
-	ushort *pp;
-	int x, found;
+	int i, port;
 
 	p = c->p;
-	if(c->restricted)
-		pp = &p->nextrport;
-	else
-		pp = &p->nextport;
 	qlock(p);
-	for(;;(*pp)++){
+	if(c->restricted){
+		/* Restricted ports cycle between 600 and 1024. */
+		for(i=0; i<1024-600; i++){
+			if(p->nextrport >= 1024 || p->nextrport < 600)
+				p->nextrport = 600;
+			port = p->nextrport++;
+			if(!lportinuse(p, port))
+				goto chosen;
+		}
+	}else{
 		/*
-		 * Fsproto initialises p->nextport to 0 and the restricted
-		 * ports (p->nextrport) to 600.
-		 * Restricted ports must lie between 600 and 1024.
-		 * For the initial condition or if the unrestricted port number
-		 * has wrapped round, select a random port between 5000 and 1<<15
-		 * to start at.
+		 * Unrestricted ports are chosen randomly
+		 * between 2^15 and 2^16.  There are at most
+		 * 4*Nchan = 4096 ports in use at any given time,
+		 * so even in the worst case, a random probe has a
+		 * 1 - 4096/2^15 = 87% chance of success.
+		 * If 64 successive probes fail, there is a bug somewhere
+		 * (or a once in 10^58 event has happened, but that's
+		 * less likely than a venti collision).
 		 */
-		if(c->restricted){
-			if(*pp >= 1024)
-				*pp = 600;
-		}
-		else while(*pp < 5000)
-			*pp = nrand(1<<15);
-
-		found = 0;
-		for(x = 0; x < p->nc; x++){
-			if(p->conv[x] == nil)
-				break;
-			if(p->conv[x]->lport == *pp){
-				found = 1;
-				break;
-			}
+		for(i=0; i<64; i++){
+			port = (1<<15) + nrand(1<<15);
+			if(!lportinuse(p, port))
+				goto chosen;
 		}
-		if(found == 0)
-			break;
 	}
-	c->lport = (*pp)++;
 	qunlock(p);
+	return "no ports available";
+
+chosen:
+	c->lport = port;
+	qunlock(p);
+	return nil;
 }
 
 /*
  *  set a local address and port from a string of the form
  *	[address!]port[!r]
  */
-static char*
+char*
 setladdrport(Conv* c, char* str, int announcing)
 {
 	char *p;
@@ -830,8 +836,6 @@
 	ushort lport;
 	uchar addr[IPaddrlen];
 
-	rv = nil;
-
 	/*
 	 *  ignore restricted part if it exists.  it's
 	 *  meaningless on local ports.
@@ -854,8 +858,9 @@
 		if(strcmp(str, "*") == 0)
 			ipmove(c->laddr, IPnoaddr);
 		else {
-			parseip(addr, str);
-			if(ipforme(c->p->f, addr))
+			if(parseip(addr, str) == -1)
+				return Ebadip;
+			if(ipforme(c->p->f, addr) != 0 || ipismulticast(addr))
 				ipmove(c->laddr, addr);
 			else
 				return "not a local IP address";
@@ -869,9 +874,13 @@
 		return setluniqueport(c, 0);
 	}
 
-	lport = atoi(p);
+	str = p;
+	lport = strtol(str, &p, 10);
+	if(p <= str || strchr("!", *p) == nil)
+		return "bad numeric port";
+
 	if(lport <= 0)
-		setlport(c);
+		rv = setlport(c);
 	else
 		rv = setluniqueport(c, lport);
 	return rv;
@@ -886,13 +895,17 @@
 	if(p == nil)
 		return "malformed address";
 	*p++ = 0;
-	parseip(c->raddr, str);
-	c->rport = atoi(p);
-	p = strchr(p, '!');
-	if(p){
-		if(strstr(p, "!r") != nil)
-			c->restricted = 1;
-	}
+	if(parseip(c->raddr, str) == -1)
+		return Ebadip;
+
+	str = p;
+	c->rport = strtol(str, &p, 10);
+	if(p <= str || strchr("!", *p) == nil)
+		return "bad numeric port";
+
+	if(strstr(p, "!r") != nil)
+		c->restricted = 1;
+
 	return nil;
 }
 
@@ -912,7 +925,9 @@
 		if(p != nil)
 			return p;
 		setladdr(c);
-		setlport(c);
+		p = setlport(c);
+		if (p != nil)
+			return p;
 		break;
 	case 3:
 		p = setraddrport(c, argv[1]);
@@ -923,12 +938,7 @@
 			return p;
 	}
 
-	if((memcmp(c->raddr, v4prefix, IPv4off) == 0 &&
-		memcmp(c->laddr, v4prefix, IPv4off) == 0)
-		|| ipcmp(c->raddr, IPnoaddr) == 0)
-		c->ipversion = V4;
-	else
-		c->ipversion = V6;
+	c->ipversion = convipvers(c);
 
 	return nil;
 }
@@ -978,10 +988,11 @@
 	c->rport = 0;
 	switch(argc){
 	default:
-		return "bad args to announce";
+		break;
 	case 2:
 		return setladdrport(c, argv[1], 1);
 	}
+	return "bad args to announce";
 }
 
 /*
@@ -1028,10 +1039,11 @@
 {
 	switch(argc){
 	default:
-		return "bad args to bind";
+		break;
 	case 2:
 		return setladdrport(c, argv[1], 0);
 	}
+	return "bad args to bind";
 }
 
 static void
@@ -1042,7 +1054,7 @@
 	if(x->bind == nil)
 		p = Fsstdbind(c, cb->f, cb->nf);
 	else
-		p = x->bind(c, cb->f, cb->nf);
+		p = (*x->bind)(c, cb->f, cb->nf);
 	if(p != nil)
 		error(p);
 }
@@ -1065,8 +1077,8 @@
 		c->ttl = atoi(cb->f[1]);
 }
 
-static s32
-ipwrite(Chan* ch, void *v, s32 n, s64 off)
+static long
+ipwrite(Chan* ch, void *v, long n, vlong off)
 {
 	Conv *c;
 	Proto *x;
@@ -1075,6 +1087,7 @@
 	uchar ia[IPaddrlen], ma[IPaddrlen];
 	Fs *f;
 	char *a;
+	ulong offset = off;
 
 	a = v;
 	f = ipfs[ch->dev];
@@ -1099,7 +1112,8 @@
 		netlogctl(f, a, n);
 		return n;
 	case Qndb:
-		return ndbwrite(f, a, off, n);
+		return ndbwrite(f, a, offset, n);
+		break;
 	case Qctl:
 		x = f->p[PROTO(ch->qid)];
 		c = x->conv[CONV(ch->qid)];
@@ -1131,13 +1145,15 @@
 			if(cb->nf == 2){
 				if(!ipismulticast(c->raddr))
 					error("addmulti for a non multicast address");
-				parseip(ia, cb->f[1]);
+				if (parseip(ia, cb->f[1]) == -1)
+					error(Ebadip);
 				ipifcaddmulti(c, c->raddr, ia);
 			} else {
-				parseip(ma, cb->f[2]);
+				if (parseip(ia, cb->f[1]) == -1 ||
+				    parseip(ma, cb->f[2]) == -1)
+					error(Ebadip);
 				if(!ipismulticast(ma))
 					error("addmulti for a non multicast address");
-				parseip(ia, cb->f[1]);
 				ipifcaddmulti(c, ma, ia);
 			}
 		} else if(strcmp(cb->f[0], "remmulti") == 0){
@@ -1145,10 +1161,11 @@
 				error("remmulti needs interface address");
 			if(!ipismulticast(c->raddr))
 				error("remmulti for a non multicast address");
-			parseip(ia, cb->f[1]);
+			if (parseip(ia, cb->f[1]) == -1)
+				error(Ebadip);
 			ipifcremmulti(c, c->raddr, ia);
 		} else if(x->ctl != nil) {
-			p = x->ctl(c, cb->f, cb->nf);
+			p = (*x->ctl)(c, cb->f, cb->nf);
 			if(p != nil)
 				error(p);
 		} else
@@ -1160,13 +1177,12 @@
 	return n;
 }
 
-static s32
-ipbwrite(Chan* ch, Block* bp, u32 offset)
+static long
+ipbwrite(Chan* ch, Block* bp, ulong offset)
 {
 	Conv *c;
 	Proto *x;
 	Fs *f;
-	int n;
 
 	switch(TYPE(ch->qid)){
 	case Qdata:
@@ -1177,11 +1193,7 @@
 		if(c->wq == nil)
 			error(Eperm);
 
-		if(bp->next)
-			bp = concatblock(bp);
-		n = BLEN(bp);
-		qbwrite(c->wq, bp);
-		return n;
+		return qbwrite(c->wq, bp);
 	default:
 		return devbwrite(ch, bp, offset);
 	}
@@ -1198,13 +1210,13 @@
 	ipwalk,
 	ipstat,
 	ipopen,
-	devcreate,
+	ipcreate,
 	ipclose,
 	ipread,
 	ipbread,
 	ipwrite,
 	ipbwrite,
-	devremove,
+	ipremove,
 	ipwstat,
 };
 
@@ -1224,12 +1236,15 @@
 
 	p->qid.type = QTDIR;
 	p->qid.path = QID(f->np, 0, Qprotodir);
+	if(p->nc > Maskconv+1){
+		print("Fsproto: %s nc %d > %d\n", p->name, p->nc, Maskconv+1);
+		p->nc = Maskconv+1;
+	}
 	p->conv = malloc(sizeof(Conv*)*(p->nc+1));
 	if(p->conv == nil)
 		panic("Fsproto");
 
 	p->x = f->np;
-	p->nextport = 0;
 	p->nextrport = 600;
 	f->p[f->np++] = p;
 
@@ -1262,21 +1277,33 @@
 		if(c == nil){
 			c = malloc(sizeof(Conv));
 			if(c == nil)
-				error(Enomem);
-			qlock(c);
+				return nil;
+			if(waserror()){
+				qfree(c->rq);
+				qfree(c->wq);
+				qfree(c->eq);
+				qfree(c->sq);
+				free(c->ptcl);
+				free(c);
+				return nil;
+			}
 			c->p = p;
 			c->x = pp - p->conv;
 			if(p->ptclsize != 0){
 				c->ptcl = malloc(p->ptclsize);
-				if(c->ptcl == nil) {
-					free(c);
+				if(c->ptcl == nil)
 					error(Enomem);
-				}
 			}
-			*pp = c;
-			p->ac++;
 			c->eq = qopen(1024, Qmsg, 0, 0);
+			if(c->eq == nil)
+				error(Enomem);
 			(*p->create)(c);
+			if(c->rq == nil || c->wq == nil)
+				error(Enomem);
+			poperror();
+			qlock(c);
+			*pp = c;
+			p->ac++;
 			break;
 		}
 		if(canqlock(c)){
@@ -1291,8 +1318,11 @@
 		}
 	}
 	if(pp >= ep) {
-		if(p->gc != nil && (*p->gc)(p))
-			goto retry;
+		if(p->gc != nil){
+			print("Fsprotoclone: garbage collecting %s Convs\n", p->name);
+			if((*p->gc)(p))
+				goto retry;
+		}
 		return nil;
 	}
 
@@ -1307,8 +1337,9 @@
 	c->lport = 0;
 	c->rport = 0;
 	c->restricted = 0;
+	c->ignoreadvice = 0;
 	c->ttl = MAXTTL;
-	c->tos = DFLTTOS;
+	c->tos = 0;
 	qreopen(c->rq);
 	qreopen(c->wq);
 	qreopen(c->eq);
@@ -1321,7 +1352,7 @@
 Fsconnected(Conv* c, char* msg)
 {
 	if(msg != nil && *msg != '\0')
-		kstrcpy(c->cerr, msg, sizeof(c->cerr));
+		strncpy(c->cerr, msg, ERRMAX-1);
 
 	switch(c->state){
 
@@ -1368,12 +1399,19 @@
 	for(l = &c->incall; *l; l = &(*l)->next)
 		i++;
 	if(i >= Maxincall) {
+		static int beenhere;
+
 		qunlock(c);
+		if (!beenhere) {
+			beenhere = 1;
+			print("Fsnewcall: incall queue full (%d) on port %d\n",
+				i, c->lport);
+		}
 		return nil;
 	}
 
 	/* find a free conversation */
-	nc = Fsprotoclone(c->p, network);
+	nc = Fsprotoclone(c->p, c->owner);
 	if(nc == nil) {
 		qunlock(c);
 		return nil;
@@ -1394,12 +1432,12 @@
 	return nc;
 }
 
-static long
+long
 ndbwrite(Fs *f, char *a, ulong off, int n)
 {
 	if(off > strlen(f->ndb))
 		error(Eio);
-	if(off+n >= sizeof(f->ndb)-1)
+	if(off+n >= sizeof(f->ndb))
 		error(Eio);
 	memmove(f->ndb+off, a, n);
 	f->ndb[off+n] = 0;
@@ -1411,7 +1449,7 @@
 ulong
 scalednconv(void)
 {
-	if(conf.npage*BY2PG >= 128*MB)
+	if(cpuserver && conf.npage*BY2PG >= 128*MB)
 		return Nchans*4;
 	return Nchans;
 }
--- a/os/ip/dhcp.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,447 +0,0 @@
-#include "u.h"
-#include "../port/lib.h"
-#include "mem.h"
-#include "dat.h"
-#include "fns.h"
-#include "../port/error.h"
-#include "kernel.h"
-#include "ip.h"
-#include "ppp.h"
-
-Ipaddr pppdns[2];
-
-static	ulong	fsip;
-static	ulong	auip;
-static	ulong	gwip;
-static	ulong	ipmask;
-static	ulong	ipaddr;
-static	ulong	dns1ip;
-static	ulong	dns2ip;
-
-int		dhcpmsgtype;
-int		debug=0;
-enum
-{
-	Bootrequest = 1,
-	Bootreply   = 2,
-};
-
-typedef struct Bootp
-{
-	/* udp.c oldheader */
-	uchar	raddr[IPaddrlen];
-	uchar	laddr[IPaddrlen];
-	uchar	rport[2];
-	uchar	lport[2];
-	/* bootp itself */
-	uchar	op;			/* opcode */
-	uchar	htype;		/* hardware type */
-	uchar	hlen;			/* hardware address len */
-	uchar	hops;		/* hops */
-	uchar	xid[4];		/* a random number */
-	uchar	secs[2];		/* elapsed snce client started booting */
-	uchar	flags[2];		/* flags */
-	uchar	ciaddr[4];		/* client IP address (client tells server) */
-	uchar	yiaddr[4];		/* client IP address (server tells client) */
-	uchar	siaddr[4];		/* server IP address */
-	uchar	giaddr[4];		/* gateway IP address */
-	uchar	chaddr[16];	/* client hardware address */
-	uchar	sname[64];	/* server host name (optional) */
-	uchar	file[128];		/* boot file name */
-	uchar	vend[128];	/* vendor-specific goo 340 */
-} Bootp;
-
-static	Bootp	req;
-static	Proc*	rcvprocp;
-static	int	recv;
-static	int	done;
-static	Rendez	bootpr;
-static	char	rcvbuf[512+2*IPaddrlen+2*2];	  /* 576 */
-static	uchar sid[4];
-static	ulong iplease;
-
-/*
- * bootp returns:
- *
- * "fsip d.d.d.d
- * auip d.d.d.d
- * gwip d.d.d.d
- * ipmask d.d.d.d
- * ipaddr d.d.d.d
- * dns1ip	d.d.d.d
- * dns2ip	d.d.d.d
- *
- * where d.d.d.d is the IP address in dotted decimal notation, and each
- * address is followed by a newline.
-	Last change:  SUN  13 Sep 2001    4:36 pm
- */
-
-/*
- * Parse the vendor specific fields according to RFC 1084.
- * We are overloading the "cookie server" to be the Inferno 
- * authentication server and the "resource location server"
- * to be the Inferno file server.
- *
- * If the vendor specific field is formatted properly, it
- * will being with the four bytes 99.130.83.99 and end with
- * an 0xFF byte.
- */
-static int
-parsevend(uchar* pvend)
-{	
-	uchar *vend=pvend;
-	int dhcpmsg=0;
-	/* The field must start with 99.130.83.99 to be compliant */
-	if ((vend[0] != 99) || (vend[1] != 130) || (vend[2] != 83) || (vend[3] != 99)){
-		print("bad bootp vendor field: %.2x%.2x%.2x%.2x", vend[0], vend[1], vend[2], vend[3]);
-		return -1;
-	}
-
-	/* Skip over the magic cookie */
-	vend += 4;
-
-	while ((vend[0] != 0) && (vend[0] != 0xFF)) {
-		int i;
-//	
-		if(debug){
-			print(">>>Opt[%d] [%d]", vend[0], vend[1]);
-			for(i=0; i<vend[1]; i++)
-				print(" %2.2x", vend[i+2]);
-			print("\n");
-		}
-//
-		switch (vend[0]) {
-		case 1:	/* Subnet mask field */
-			/* There must be only one subnet mask */
-			if (vend[1] == 4)
-				ipmask = (vend[2]<<24)|(vend[3]<<16)| (vend[4]<<8)| vend[5];
-			else{ 
-				return -1;
-			}
-			break;
-
-		case 3:	/* Gateway/router field */
-			/* We are only concerned with first address */
-			if (vend[1] >0 && vend[1]%4==0)
-				gwip = (vend[2]<<24)|(vend[3]<<16)|(vend[4]<<8)|vend[5];
-			else 
-				return -1;
-			break;
-		case 6:	/* domain name server */
-			if(vend[1]>0 && vend[1] %4==0){
-				dns1ip=(vend[2]<<24)|(vend[3]<<16)|(vend[4]<<8)|vend[5];
-				if(vend[1]>4)
-					dns2ip=(vend[6]<<24)|(vend[7]<<16)|(vend[8]<<8)|vend[9];
-			}else
-				return -1;
-			break;
-
-		case 8:	/* "Cookie server" (auth server) field */
-			/* We are only concerned with first address */
-			if (vend[1] > 0 && vend[1]%4==0)
-				auip = (vend[2]<<24)|(vend[3]<<16)|(vend[4]<<8)|vend[5];
-			else
-				return -1;
-			break;
-
-		case 11:	/* "Resource loc server" (file server) field */
-			/* We are only concerned with first address */
-			if (vend[1] > 0 && vend[1]%4==0)
-				fsip = (vend[2]<<24)| (vend[3]<<16)| (vend[4]<<8)| vend[5];
-			else
-				return -1;
-			break;
-		case 51:	/* ip lease time */
-			if(vend[1]==4){
-				iplease=(vend[2]<<24)|(vend[3]<<16)|(vend[4]<<8)|vend[5];
-			}else
-				return -1;
-			break;
-		case 53:	/* DHCP message type */
-			if(vend[1]==1)
-				dhcpmsg=vend[2];
-			else
-				return -1;
-			break;
-		case 54:	/* server identifier */
-			if(vend[1]==4){
-				memmove(sid, vend+2, 4);
-			}else
-				return -1;
-			break;
-
-		default:	/* Everything else stops us */
-			break;
-		}
-
-		/* Skip over the field */
-		vend += vend[1] + 2;
-	}
-	if(debug)
-		print(">>>Opt[%d] [%d]\n", vend[0], vend[1]);
-	return dhcpmsg;
-}
-
-static void
-dispvend(uchar* pvend)
-{	
-	uchar *vend=pvend;
-
-	//print("<<<Magic : %2.2x%2.2x%2.2x%2.2x\n", vend[0], vend[1], vend[2], vend[3]);
-	
-	vend += 4;		/* Skip over the magic cookie */
-	while ((vend[0] != 0) && (vend[0] != 0xFF)) {
-	//	int i;
-	  //	print("<<<Opt[%d] [%d]", vend[0], vend[1]);
-		//for(i=0; i<vend[1]; i++)
-		//	print(" %2.2x", vend[i+2]);
-		//print("\n");
-	
-		vend += vend[1] + 2;
-	}
-	//print("<<<Opt[ %2.2x] [%2.2x]\n", vend[0], vend[1]);
-}
-
-static void
-rcvbootp(void *a)
-{
-	int n, fd, dhcp;
-	Bootp *rp;
-
-	if(waserror())
-		pexit("", 0);
-	rcvprocp = up;	/* store for postnote below */
-	fd = (int)a;
-	while(done == 0) {
-		if(debug)
-			print("rcvbootp:looping\n");
-
-		n = kread(fd, rcvbuf, sizeof(rcvbuf));
-		if(n <= 0)
-			break;
-		rp = (Bootp*)rcvbuf;
-		if (memcmp(req.chaddr, rp->chaddr, 6) == 0 && rp->htype == 1 && rp->hlen == 6) {
-			ipaddr = (rp->yiaddr[0]<<24)| (rp->yiaddr[1]<<16)| (rp->yiaddr[2]<<8)| rp->yiaddr[3];
-			if(debug)
-				print("ipaddr = %2.2x %2.2x %2.2x %2.2x \n", rp->yiaddr[0], rp->yiaddr[1], rp->yiaddr[2], rp->yiaddr[3]);
-			//memmove(req.siaddr, rp->siaddr, 4);	/* siaddr */
-			dhcp = parsevend(rp->vend);
-	
-			if(dhcpmsgtype < dhcp){
-				dhcpmsgtype=dhcp;
-				recv = 1;
-				wakeup(&bootpr);
-				if(dhcp==0 || dhcp ==5 || dhcp == 6 )
-					break;
-			}
-		}
-	}
-	poperror();
-	rcvprocp = nil;
-
-	if(debug)
-		print("rcvbootp exit\n");
-	pexit("", 0);
-}
-
-static char*
-rbootp(Ipifc *ifc)
-{
-	int cfd, dfd, tries, n;
-	char ia[5+3*16], im[16], *av[3];
-	uchar nipaddr[4], ngwip[4], nipmask[4];
-	char dir[Maxpath];
-	static uchar vend_rfc1048[] = { 99, 130, 83, 99 };
-	uchar *vend;
-
-	/*
-	 * broadcast bootp's till we get a reply,
-	 * or fixed number of tries
-	 */
-	if(debug)
-	    print("dhcp: bootp() called\n");
-	tries = 0;
-	av[1] = "0.0.0.0";
-	av[2] = "0.0.0.0";
-	ipifcadd(ifc, av, 3, 0, nil);
-
-	cfd = kannounce("udp!*!68", dir);
-	if(cfd < 0)
-		return "dhcp announce failed";
-	strcat(dir, "/data");
-	if(kwrite(cfd, "headers", 7) < 0){
-		kclose(cfd);
-		return "dhcp ctl headers failed";
-	}
-	kwrite(cfd, "oldheaders", 10);
-	dfd = kopen(dir, ORDWR);
-	if(dfd < 0){
-		kclose(cfd);
-		return "dhcp open data failed";
-	}
-	kclose(cfd);
-	
-	while(tries<1){
-		tries++;
-		memset(sid, 0, 4);
-		iplease=0;
-		dhcpmsgtype=-2;
-/* DHCPDISCOVER*/
-		done = 0;
-		recv = 0;
-		kproc("rcvbootp", rcvbootp, (void*)dfd, KPDUPFDG);
-		/* Prepare DHCPDISCOVER */	
-		memset(&req, 0, sizeof(req));
-		ipmove(req.raddr, IPv4bcast);
-		hnputs(req.rport, 67);
-		req.op = Bootrequest;
-		req.htype = 1;			/* ethernet (all we know) */
-		req.hlen = 6;			/* ethernet (all we know) */
-		
-		memmove(req.chaddr, ifc->mac, 6);	/* Hardware MAC address */
-		//ipv4local(ifc, req.ciaddr);				/* Fill in the local IP address if we know it */
-		memset(req.file, 0, sizeof(req.file));
-		vend=req.vend;
-		memmove(vend, vend_rfc1048, 4); vend+=4;
-		*vend++=53; *vend++=1;*vend++=1;		/* dhcp msg type==3, dhcprequest */
-		
-		*vend++=61;*vend++=7;*vend++=1;
-		memmove(vend, ifc->mac, 6);vend+=6;
-		*vend=0xff;
-
-		if(debug)
-			dispvend(req.vend); 
-		for(n=0;n<4;n++){
-			if(kwrite(dfd, &req, sizeof(req))<0)	/* SEND DHCPDISCOVER */
-				print("DHCPDISCOVER: %r");
-		
-			tsleep(&bootpr, return0, 0, 1000);	/* wait DHCPOFFER */
-			if(debug)
-				print("[DHCP] DISCOVER: msgtype = %d\n", dhcpmsgtype);
-
-			if(dhcpmsgtype==2)		/* DHCPOFFER */
-				break;
-			else if(dhcpmsgtype==0)	/* bootp */
-				return nil;
-			else if(dhcpmsgtype== -2)	/* time out */
-				continue;
-			else
-				break;
-			
-		}
-		if(dhcpmsgtype!=2)
-			continue;
-
-/* DHCPREQUEST */	
-		memset(req.vend, 0, sizeof(req.vend));
-		vend=req.vend;
-		memmove(vend, vend_rfc1048, 4);vend+=4;	
-
-		*vend++=53; *vend++=1;*vend++=3;		/* dhcp msg type==3, dhcprequest */
-
-		*vend++=50;	*vend++=4;				/* requested ip address */
-		*vend++=(ipaddr >> 24)&0xff;
-		*vend++=(ipaddr >> 16)&0xff;
-		*vend++=(ipaddr >> 8) & 0xff;
-		*vend++=ipaddr & 0xff;
-
-		*vend++=51;*vend++=4;					/* lease time */
-		*vend++=(iplease>>24)&0xff; *vend++=(iplease>>16)&0xff; *vend++=(iplease>>8)&0xff; *vend++=iplease&0xff;
-
-		*vend++=54; *vend++=4;					/* server identifier */
-		memmove(vend, sid, 4);	vend+=4;
-	
-		*vend++=61;*vend++=07;*vend++=01;		/* client identifier */
-		memmove(vend, ifc->mac, 6);vend+=6;
-		*vend=0xff;
-		if(debug) 
-			dispvend(req.vend); 
-		if(kwrite(dfd, &req, sizeof(req))<0){
-			print("DHCPREQUEST: %r");
-			continue;
-		}
-		tsleep(&bootpr, return0, 0, 2000);
-		if(dhcpmsgtype==5)		/* wait for DHCPACK */
-			break;
-		else
-			continue;
-		/* CHECK ARP */
-		/* DHCPDECLINE */
-	}
-	kclose(dfd);
-	done = 1;
-	if(rcvprocp != nil){
-		postnote(rcvprocp, 1, "timeout", 0);
-		rcvprocp = nil;
-	}
-
-	av[1] = "0.0.0.0";
-	av[2] = "0.0.0.0";
-	ipifcrem(ifc, av, 3);
-
-	hnputl(nipaddr, ipaddr);
-	sprint(ia, "%V", nipaddr);
-	hnputl(nipmask, ipmask);
-	sprint(im, "%V", nipmask);
-	av[1] = ia;
-	av[2] = im;
-	ipifcadd(ifc, av, 3, 0, nil);
-
-	if(gwip != 0) {
-		hnputl(ngwip, gwip);
-		n = sprint(ia, "add 0.0.0.0 0.0.0.0 %V", ngwip);
-		routewrite(ifc->conv->p->f, nil, ia, n);
-	}
-	return nil;
-}
-
-static int
-rbootpread(char *bp, ulong offset, int len)
-{
-	int n, i;
-	char *buf;
-	uchar a[4];
-
-	if(debug)
-		print("dhcp: bootpread() \n");
-	buf = smalloc(READSTR);
-	if(waserror()){
-		free(buf);
-		nexterror();
-	}
-
-	hnputl(a, fsip);
-	n = snprint(buf, READSTR, "fsip %15V\n", a);
-	hnputl(a, auip);
-	n += snprint(buf + n, READSTR-n, "auip %15V\n", a);
-	hnputl(a, gwip);
-	n += snprint(buf + n, READSTR-n, "gwip %15V\n", a);
-	hnputl(a, ipmask);
-	n += snprint(buf + n, READSTR-n, "ipmask %15V\n", a);
-	hnputl(a, ipaddr);
-	n += snprint(buf + n, READSTR-n, "ipaddr %15V\n", a);
-	n += snprint(buf+n, READSTR-n, "expired %lud\n", iplease);
-
-	n += snprint(buf + n, READSTR-n, "dns");
-	if(dns2ip){
-		hnputl(a, dns2ip);
-		n+=snprint(buf + n, READSTR-n, " %15V", a);
-	}
-	if(dns1ip){
-		hnputl(a, dns1ip);
-		n += snprint(buf + n, READSTR-n, " %15V", a);
-	}
-
-	for(i=0; i<2; i++)
-		if(ipcmp(pppdns[i], IPnoaddr) != 0 && ipcmp(pppdns[i], v4prefix) != 0)
-			n += snprint(buf + n, READSTR-n, " %15I", pppdns[i]);
-
-	snprint(buf + n, READSTR-n, "\n");
-	len = readstr(offset, bp, len, buf);
-	poperror();
-	free(buf);
-	return len;
-}
-
-char*	(*bootp)(Ipifc*) = rbootp;
-int	(*bootpread)(char*, ulong, int) = rbootpread;
--- a/os/ip/eipconvtest.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,152 +0,0 @@
-#include <u.h>
-#include <libc.h>
-
-enum
-{
-	Isprefix= 16,
-};
-
-uchar prefixvals[256] =
-{
-[0x00] 0 | Isprefix,
-[0x80] 1 | Isprefix,
-[0xC0] 2 | Isprefix,
-[0xE0] 3 | Isprefix,
-[0xF0] 4 | Isprefix,
-[0xF8] 5 | Isprefix,
-[0xFC] 6 | Isprefix,
-[0xFE] 7 | Isprefix,
-[0xFF] 8 | Isprefix,
-};
-
-uchar v4prefix[16] = {
-	0, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0xff, 0xff,
-	0, 0, 0, 0
-};
-
-void
-hnputl(void *p, ulong v)
-{
-	uchar *a;
-
-	a = p;
-	a[0] = v>>24;
-	a[1] = v>>16;
-	a[2] = v>>8;
-	a[3] = v;
-}
-
-int
-eipconv(va_list *arg, Fconv *f)
-{
-	char buf[8*5];
-	static char *efmt = "%.2lux%.2lux%.2lux%.2lux%.2lux%.2lux";
-	static char *ifmt = "%d.%d.%d.%d";
-	uchar *p, ip[16];
-	ulong *lp;
-	ushort s;
-	int i, j, n, eln, eli;
-
-	switch(f->chr) {
-	case 'E':		/* Ethernet address */
-		p = va_arg(*arg, uchar*);
-		sprint(buf, efmt, p[0], p[1], p[2], p[3], p[4], p[5]);
-		break;
-	case 'I':		/* Ip address */
-		p = va_arg(*arg, uchar*);
-common:
-		if(memcmp(p, v4prefix, 12) == 0)
-			sprint(buf, ifmt, p[12], p[13], p[14], p[15]);
-		else {
-			/* find longest elision */
-			eln = eli = -1;
-			for(i = 0; i < 16; i += 2){
-				for(j = i; j < 16; j += 2)
-					if(p[j] != 0 || p[j+1] != 0)
-						break;
-				if(j > i && j - i > eln){
-					eli = i;
-					eln = j - i;
-				}
-			}
-
-			/* print with possible elision */
-			n = 0;
-			for(i = 0; i < 16; i += 2){
-				if(i == eli){
-					n += sprint(buf+n, "::");
-					i += eln;
-					if(i >= 16)
-						break;
-				} else if(i != 0)
-					n += sprint(buf+n, ":");
-				s = (p[i]<<8) + p[i+1];
-				n += sprint(buf+n, "%ux", s);
-			}
-		}
-		break;
-	case 'i':		/* v6 address as 4 longs */
-		lp = va_arg(*arg, ulong*);
-		for(i = 0; i < 4; i++)
-			hnputl(ip+4*i, *lp++);
-		p = ip;
-		goto common;
-	case 'V':		/* v4 ip address */
-		p = va_arg(*arg, uchar*);
-		sprint(buf, ifmt, p[0], p[1], p[2], p[3]);
-		break;
-	case 'M':		/* ip mask */
-		p = va_arg(*arg, uchar*);
-
-		/* look for a prefix mask */
-		for(i = 0; i < 16; i++)
-			if(p[i] != 0xff)
-				break;
-		if(i < 16){
-			if((prefixvals[p[i]] & Isprefix) == 0)
-				goto common;
-			for(j = i+1; j < 16; j++)
-				if(p[j] != 0)
-					goto common;
-			n = 8*i + (prefixvals[p[i]] & ~Isprefix);
-		} else
-			n = 8*16;
-
-		/* got one, use /xx format */
-		sprint(buf, "/%d", n);
-		break;
-	default:
-		strcpy(buf, "(eipconv)");
-	}
-	strconv(buf, f);
-	return sizeof(uchar*);
-}
-
-uchar testvec[11][16] =
-{
- { 0,0,0,0, 0,0,0,0, 0,0,0xff,0xff, 1,3,4,5, },
- { 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, },
- { 0xff,0xff,0x80,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, },
- { 0xff,0xff,0xff,0xc0, 0,0,0,0, 0,0,0,0, 0,0,0,0, },
- { 0xff,0xff,0xff,0xff, 0xe0,0,0,0, 0,0,0,0, 0,0,0,0, },
- { 0xff,0xff,0xff,0xff, 0xff,0xf0,0,0, 0,0,0,0, 0,0,0,0, },
- { 0xff,0xff,0xff,0xff, 0xff,0xff,0xf8,0, 0,0,0,0, 0,0,0,0, },
- { 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, },
- { 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, },
- { 0,0,0,0, 0,0x11,0,0, 0,0,0,0, 0,0,0,0, },
- { 0,0,0,0x11, 0,0,0,0, 0,0,0,0, 0,0,0,0x12, },
-};
-
-void
-main(void)
-{
-	int i;
-
-	fmtinstall('I', eipconv);
-	fmtinstall('M', eipconv);
-	for(i = 0; i < 11; i++)
-		print("%I\n%M\n", testvec[i], testvec[i]);
-	exits(0);
-}
--- a/os/ip/esp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/esp.c	Sat Aug 21 01:39:52 2021
@@ -1,3 +1,11 @@
+/*
+ * Encapsulating Security Payload for IPsec for IPv4, rfc1827.
+ * extended to IPv6.
+ * rfc2104 defines hmac computation.
+ *	currently only implements tunnel mode.
+ * TODO: verify aes algorithms;
+ *	transport mode (host-to-host)
+ */
 #include	"u.h"
 #include	"../port/lib.h"
 #include	"mem.h"
@@ -6,45 +14,77 @@
 #include	"../port/error.h"
 
 #include	"ip.h"
+#include	"ipv6.h"
+#include	<libsec.h>
 
-#include	"libsec.h"
+#define BITS2BYTES(bi) (((bi) + BI2BY - 1) / BI2BY)
+#define BYTES2BITS(by)  ((by) * BI2BY)
 
+typedef struct Algorithm Algorithm;
+typedef struct Esp4hdr Esp4hdr;
+typedef struct Esp6hdr Esp6hdr;
+typedef struct Espcb Espcb;
 typedef struct Esphdr Esphdr;
+typedef struct Esppriv Esppriv;
 typedef struct Esptail Esptail;
 typedef struct Userhdr Userhdr;
-typedef struct Esppriv Esppriv;
-typedef struct Espcb Espcb;
-typedef struct Algorithm Algorithm;
-typedef struct Esprc4 Esprc4;
 
-#define DPRINT if(0)print
+enum {
+	Encrypt,
+	Decrypt,
 
-enum
-{
-	IP_ESPPROTO	= 50,
-	EsphdrSize	= 28,	// includes IP header
-	IphdrSize	= 20,	// options have been striped
-	EsptailSize	= 2,	// does not include pad or auth data
-	UserhdrSize	= 4,	// user visable header size - if enabled
+	IP_ESPPROTO	= 50,	/* IP v4 and v6 protocol number */
+	Esp4hdrlen	= IP4HDR + 8,
+	Esp6hdrlen	= IP6HDR + 8,
+
+	Esptaillen	= 2,	/* does not include pad or auth data */
+	Userhdrlen	= 4,	/* user-visible header size - if enabled */
+
+	Desblk	 = BITS2BYTES(64),
+	Des3keysz = BITS2BYTES(192),
+
+	Aesblk	 = BITS2BYTES(128),
+	Aeskeysz = BITS2BYTES(128),
 };
 
 struct Esphdr
 {
-	/* ip header */
+	uchar	espspi[4];	/* Security parameter index */
+	uchar	espseq[4];	/* Sequence number */
+	uchar	payload[];
+};
+
+/*
+ * tunnel-mode (network-to-network, etc.) layout is:
+ * new IP hdrs | ESP hdr |
+ *	 enc { orig IP hdrs | TCP/UDP hdr | user data | ESP trailer } | ESP ICV
+ *
+ * transport-mode (host-to-host) layout would be:
+ *	orig IP hdrs | ESP hdr |
+ *			enc { TCP/UDP hdr | user data | ESP trailer } | ESP ICV
+ */
+struct Esp4hdr
+{
+	/* ipv4 header */
 	uchar	vihl;		/* Version and header length */
 	uchar	tos;		/* Type of service */
 	uchar	length[2];	/* packet length */
 	uchar	id[2];		/* Identification */
 	uchar	frag[2];	/* Fragment information */
-	uchar	Unused;	
+	uchar	Unused;
 	uchar	espproto;	/* Protocol */
 	uchar	espplen[2];	/* Header plus data length */
 	uchar	espsrc[4];	/* Ip source */
 	uchar	espdst[4];	/* Ip destination */
 
-	/* esp header */
-	uchar	espspi[4];	/* Security parameter index */
-	uchar	espseq[4];	/* Sequence number */
+	Esphdr;
+};
+
+/* tunnel-mode layout */
+struct Esp6hdr
+{
+	IPV6HDR;
+	Esphdr;
 };
 
 struct Esptail
@@ -53,16 +93,28 @@
 	uchar	nexthdr;
 };
 
+/* IP-version-dependent data */
+typedef struct Versdep Versdep;
+struct Versdep
+{
+	ulong	version;
+	ulong	iphdrlen;
+	ulong	hdrlen;		/* iphdrlen + esp hdr len */
+	ulong	spi;
+	uchar	laddr[IPaddrlen];
+	uchar	raddr[IPaddrlen];
+};
+
 /* header as seen by the user */
 struct Userhdr
 {
-	uchar	nexthdr;	// next protocol
+	uchar	nexthdr;	/* next protocol */
 	uchar	unused[3];
 };
 
 struct Esppriv
 {
-	ulong	in;
+	uvlong	in;
 	ulong	inerrors;
 };
 
@@ -72,77 +124,68 @@
 struct Espcb
 {
 	int	incoming;
-	int	header;		// user user level header
+	int	header;		/* user-level header */
 	ulong	spi;
-	ulong	seq;		// last seq sent
-	ulong	window;		// for replay attacks
+	ulong	seq;		/* last seq sent */
+	ulong	window;		/* for replay attacks */
+
 	char	*espalg;
-	void	*espstate;	// other state for esp
-	int	espivlen;	// in bytes
+	void	*espstate;	/* other state for esp */
+	int	espivlen;	/* in bytes */
 	int	espblklen;
 	int	(*cipher)(Espcb*, uchar *buf, int len);
+
 	char	*ahalg;
-	void	*ahstate;	// other state for esp
-	int	ahlen;		// auth data length in bytes
+	void	*ahstate;	/* other state for esp */
+	int	ahlen;		/* auth data length in bytes */
 	int	ahblklen;
 	int	(*auth)(Espcb*, uchar *buf, int len, uchar *hash);
+	DigestState *ds;
 };
 
 struct Algorithm
 {
 	char 	*name;
-	int	keylen;		// in bits
-	void	(*init)(Espcb*, char* name, uchar *key, int keylen);
-};
-
-
-enum {
-	RC4forward	= 10*1024*1024,	// maximum skip forward
-	RC4back = 100*1024,		// maximum look back
-};
-
-struct Esprc4
-{
-	ulong cseq;	// current byte sequence number
-	RC4state current;
-
-	int ovalid;	// old is valid
-	ulong lgseq; // last good sequence
-	ulong oseq;	// old byte sequence number
-	RC4state old;
+	int	keylen;		/* in bits */
+	void	(*init)(Espcb*, char* name, uchar *key, unsigned keylen);
 };
 
 static	Conv* convlookup(Proto *esp, ulong spi);
 static	char *setalg(Espcb *ecb, char **f, int n, Algorithm *alg);
-static	void nullespinit(Espcb*, char*, uchar *key, int keylen);
-static	void nullahinit(Espcb*, char*, uchar *key, int keylen);
-static	void shaahinit(Espcb*, char*, uchar *key, int keylen);
-static	void md5ahinit(Espcb*, char*, uchar *key, int keylen);
-static	void desespinit(Espcb *ecb, char *name, uchar *k, int n);
-static	void rc4espinit(Espcb *ecb, char *name, uchar *k, int n);
 static	void espkick(void *x);
 
+static	void nullespinit(Espcb*, char*, uchar *key, unsigned keylen);
+static	void des3espinit(Espcb*, char*, uchar *key, unsigned keylen);
+static	void aescbcespinit(Espcb*, char*, uchar *key, unsigned keylen);
+static	void aesctrespinit(Espcb*, char*, uchar *key, unsigned keylen);
+static	void desespinit(Espcb *ecb, char *name, uchar *k, unsigned n);
+
+static	void nullahinit(Espcb*, char*, uchar *key, unsigned keylen);
+static	void shaahinit(Espcb*, char*, uchar *key, unsigned keylen);
+static	void md5ahinit(Espcb*, char*, uchar *key, unsigned keylen);
+
 static Algorithm espalg[] =
 {
-	"null",			0,	nullespinit,
-	"des_56_cbc",		64,	desespinit,
-	"rc4_128",		128,	rc4espinit,
-	nil,			0,	nil,
+	"null",		0,	nullespinit,
+	"des3_cbc",	192,	des3espinit,	/* new rfc2451, des-ede3 */
+	"aes_128_cbc",	128,	aescbcespinit,	/* new rfc3602 */
+	"aes_ctr",	128,	aesctrespinit,	/* new rfc3686 */
+	"des_56_cbc",	64,	desespinit,	/* rfc2405, deprecated */
+	nil,		0,	nil,
 };
 
 static Algorithm ahalg[] =
 {
-	"null",			0,	nullahinit,
-	"hmac_sha1_96",		128,	shaahinit,
-	"hmac_md5_96",		128,	md5ahinit,
-	nil,			0,	nil,
+	"null",		0,	nullahinit,
+	"hmac_sha1_96",	128,	shaahinit,	/* rfc2404 */
+	"hmac_md5_96",	128,	md5ahinit,	/* rfc2403 */
+	nil,		0,	nil,
 };
 
 static char*
 espconnect(Conv *c, char **argv, int argc)
 {
-	char *p, *pp;
-	char *e = nil;
+	char *p, *pp, *e = nil;
 	ulong spi;
 	Espcb *ecb = (Espcb*)c->ptcl;
 
@@ -157,7 +200,10 @@
 			break;
 		}
 		*p++ = 0;
-		parseip(c->raddr, argv[1]);
+		if (parseip(c->raddr, argv[1]) == -1) {
+			e = Ebadip;
+			break;
+		}
 		findlocalip(c->p->f, c->laddr, c->raddr);
 		ecb->incoming = 0;
 		ecb->seq = 0;
@@ -215,26 +261,86 @@
 	ipmove(c->raddr, IPnoaddr);
 
 	ecb = (Espcb*)c->ptcl;
-	free(ecb->espstate);
-	free(ecb->ahstate);
+	secfree(ecb->espstate);
+	secfree(ecb->ahstate);
 	memset(ecb, 0, sizeof(Espcb));
 }
 
+static int
+pktipvers(Fs *f, Block **bpp)
+{
+	if (*bpp == nil || BLEN(*bpp) == 0) {
+		/* get enough to identify the IP version */
+		*bpp = pullupblock(*bpp, IP4HDR);
+		if(*bpp == nil) {
+			netlog(f, Logesp, "esp: short packet\n");
+			return 0;
+		}
+	}
+	return (((Esp4hdr*)(*bpp)->rp)->vihl & 0xf0) == IP_VER4? V4: V6;
+}
+
+static void
+getverslens(int version, Versdep *vp)
+{
+	vp->version = version;
+	switch(vp->version) {
+	case V4:
+		vp->iphdrlen = IP4HDR;
+		vp->hdrlen   = Esp4hdrlen;
+		break;
+	case V6:
+		vp->iphdrlen = IP6HDR;
+		vp->hdrlen   = Esp6hdrlen;
+		break;
+	default:
+		panic("esp: getverslens version %d wrong", version);
+	}
+}
+
+static void
+getpktspiaddrs(uchar *pkt, Versdep *vp)
+{
+	Esp4hdr *eh4;
+	Esp6hdr *eh6;
+
+	switch(vp->version) {
+	case V4:
+		eh4 = (Esp4hdr*)pkt;
+		v4tov6(vp->raddr, eh4->espsrc);
+		v4tov6(vp->laddr, eh4->espdst);
+		vp->spi = nhgetl(eh4->espspi);
+		break;
+	case V6:
+		eh6 = (Esp6hdr*)pkt;
+		ipmove(vp->raddr, eh6->src);
+		ipmove(vp->laddr, eh6->dst);
+		vp->spi = nhgetl(eh6->espspi);
+		break;
+	default:
+		panic("esp: getpktspiaddrs vp->version %ld wrong", vp->version);
+	}
+}
+
+/*
+ * encapsulate next IP packet on x's write queue in IP/ESP packet
+ * and initiate output of the result.
+ */
 static void
 espkick(void *x)
 {
+	int nexthdr, payload, pad, align;
+	uchar *auth;
+	Block *bp;
 	Conv *c = x;
-	Esphdr *eh;
+	Esp4hdr *eh4;
+	Esp6hdr *eh6;
+	Espcb *ecb;
 	Esptail *et;
 	Userhdr *uh;
-	Espcb *ecb;
-	Block *bp;
-	int nexthdr;
-	int payload;
-	int pad;
-	int align;
-	uchar *auth;
+	Versdep vers;
 
+	getverslens(convipvers(c), &vers);
 	bp = qget(c->wq);
 	if(bp == nil)
 		return;
@@ -244,99 +350,118 @@
 
 	if(ecb->header) {
 		/* make sure the message has a User header */
-		bp = pullupblock(bp, UserhdrSize);
+		bp = pullupblock(bp, Userhdrlen);
 		if(bp == nil) {
 			qunlock(c);
 			return;
 		}
 		uh = (Userhdr*)bp->rp;
 		nexthdr = uh->nexthdr;
-		bp->rp += UserhdrSize;
+		bp->rp += Userhdrlen;
 	} else {
-		nexthdr = 0;  // what should this be?
+		nexthdr = 0;	/* what should this be? */
 	}
 
 	payload = BLEN(bp) + ecb->espivlen;
 
 	/* Make space to fit ip header */
-	bp = padblock(bp, EsphdrSize + ecb->espivlen);
+	bp = padblock(bp, vers.hdrlen + ecb->espivlen);
+	getpktspiaddrs(bp->rp, &vers);
 
 	align = 4;
 	if(ecb->espblklen > align)
 		align = ecb->espblklen;
 	if(align % ecb->ahblklen != 0)
 		panic("espkick: ahblklen is important after all");
-	pad = (align-1) - (payload + EsptailSize-1)%align;
+	pad = (align-1) - (payload + Esptaillen-1)%align;
 
 	/*
 	 * Make space for tail
 	 * this is done by calling padblock with a negative size
 	 * Padblock does not change bp->wp!
 	 */
-	bp = padblock(bp, -(pad+EsptailSize+ecb->ahlen));
-	bp->wp += pad+EsptailSize+ecb->ahlen;
+	bp = padblock(bp, -(pad+Esptaillen+ecb->ahlen));
+	bp->wp += pad+Esptaillen+ecb->ahlen;
 
-	eh = (Esphdr *)(bp->rp);
-	et = (Esptail*)(bp->rp + EsphdrSize + payload + pad);
+	et = (Esptail*)(bp->rp + vers.hdrlen + payload + pad);
 
-	// fill in tail
+	/* fill in tail */
 	et->pad = pad;
 	et->nexthdr = nexthdr;
 
-	ecb->cipher(ecb, bp->rp+EsphdrSize, payload+pad+EsptailSize);
-	auth = bp->rp + EsphdrSize + payload + pad + EsptailSize;
+	/* encrypt the payload */
+	ecb->cipher(ecb, bp->rp + vers.hdrlen, payload + pad + Esptaillen);
+	auth = bp->rp + vers.hdrlen + payload + pad + Esptaillen;
+
+	/* fill in head; construct a new IP header and an ESP header */
+	if (vers.version == V4) {
+		eh4 = (Esp4hdr *)bp->rp;
+		eh4->vihl = IP_VER4;
+		v6tov4(eh4->espsrc, c->laddr);
+		v6tov4(eh4->espdst, c->raddr);
+		eh4->espproto = IP_ESPPROTO;
+		eh4->frag[0] = 0;
+		eh4->frag[1] = 0;
 
-	// fill in head
-	eh->vihl = IP_VER4;
-	hnputl(eh->espspi, ecb->spi);
-	hnputl(eh->espseq, ++ecb->seq);
-	v6tov4(eh->espsrc, c->laddr);
-	v6tov4(eh->espdst, c->raddr);
-	eh->espproto = IP_ESPPROTO;
-	eh->frag[0] = 0;
-	eh->frag[1] = 0;
+		hnputl(eh4->espspi, ecb->spi);
+		hnputl(eh4->espseq, ++ecb->seq);
+	} else {
+		eh6 = (Esp6hdr *)bp->rp;
+		eh6->vcf[0] = IP_VER6;
+		ipmove(eh6->src, c->laddr);
+		ipmove(eh6->dst, c->raddr);
+		eh6->proto = IP_ESPPROTO;
+
+		hnputl(eh6->espspi, ecb->spi);
+		hnputl(eh6->espseq, ++ecb->seq);
+	}
 
-	ecb->auth(ecb, bp->rp+IphdrSize, (EsphdrSize-IphdrSize)+payload+pad+EsptailSize, auth);
+	/* compute secure hash */
+	ecb->auth(ecb, bp->rp + vers.iphdrlen, (vers.hdrlen - vers.iphdrlen) +
+		payload + pad + Esptaillen, auth);
 
 	qunlock(c);
-	//print("esp: pass down: %uld\n", BLEN(bp));
-	ipoput4(c->p->f, bp, 0, c->ttl, c->tos, c);
+	/* print("esp: pass down: %uld\n", BLEN(bp)); */
+	if (vers.version == V4)
+		ipoput4(c->p->f, bp, 0, c->ttl, c->tos, c);
+	else
+		ipoput6(c->p->f, bp, 0, c->ttl, c->tos, c);
 }
 
+/*
+ * decapsulate IP packet from IP/ESP packet in bp and
+ * pass the result up the spi's Conv's read queue.
+ */
 void
 espiput(Proto *esp, Ipifc*, Block *bp)
 {
-	Esphdr *eh;
-	Esptail *et;
-	Userhdr *uh;
+	int payload, nexthdr;
+	uchar *auth, *espspi;
 	Conv *c;
 	Espcb *ecb;
-	uchar raddr[IPaddrlen], laddr[IPaddrlen];
+	Esptail *et;
 	Fs *f;
-	uchar *auth;
-	ulong spi;
-	int payload, nexthdr;
+	Userhdr *uh;
+	Versdep vers;
 
 	f = esp->f;
 
-	bp = pullupblock(bp, EsphdrSize+EsptailSize);
+	getverslens(pktipvers(f, &bp), &vers);
+
+	bp = pullupblock(bp, vers.hdrlen + Esptaillen);
 	if(bp == nil) {
 		netlog(f, Logesp, "esp: short packet\n");
 		return;
 	}
-
-	eh = (Esphdr*)(bp->rp);
-	spi = nhgetl(eh->espspi);
-	v4tov6(raddr, eh->espsrc);
-	v4tov6(laddr, eh->espdst);
+	getpktspiaddrs(bp->rp, &vers);
 
 	qlock(esp);
 	/* Look for a conversation structure for this port */
-	c = convlookup(esp, spi);
+	c = convlookup(esp, vers.spi);
 	if(c == nil) {
 		qunlock(esp);
-		netlog(f, Logesp, "esp: no conv %I -> %I!%d\n", raddr,
-			laddr, spi);
+		netlog(f, Logesp, "esp: no conv %I -> %I!%lud\n", vers.raddr,
+			vers.laddr, vers.spi);
 		icmpnoconv(f, bp);
 		freeblist(bp);
 		return;
@@ -346,76 +471,83 @@
 	qunlock(esp);
 
 	ecb = c->ptcl;
-	// too hard to do decryption/authentication on block lists
-	if(bp->next)
+	/* too hard to do decryption/authentication on block lists */
+	if(bp->next != nil)
 		bp = concatblock(bp);
 
-	if(BLEN(bp) < EsphdrSize + ecb->espivlen + EsptailSize + ecb->ahlen) {
+	if(BLEN(bp) < vers.hdrlen + ecb->espivlen + Esptaillen + ecb->ahlen) {
 		qunlock(c);
-		netlog(f, Logesp, "esp: short block %I -> %I!%d\n", raddr,
-			laddr, spi);
+		netlog(f, Logesp, "esp: short block %I -> %I!%lud\n", vers.raddr,
+			vers.laddr, vers.spi);
 		freeb(bp);
 		return;
 	}
 
-	eh = (Esphdr*)(bp->rp);
 	auth = bp->wp - ecb->ahlen;
-	if(!ecb->auth(ecb, eh->espspi, auth-eh->espspi, auth)) {
+	espspi = vers.version == V4?	((Esp4hdr*)bp->rp)->espspi:
+					((Esp6hdr*)bp->rp)->espspi;
+
+	/* compute secure hash and authenticate */
+	if(!ecb->auth(ecb, espspi, auth - espspi, auth)) {
 		qunlock(c);
-print("esp: bad auth %I -> %I!%ld\n", raddr, laddr, spi);
-		netlog(f, Logesp, "esp: bad auth %I -> %I!%d\n", raddr,
-			laddr, spi);
+print("esp: bad auth %I -> %I!%ld\n", vers.raddr, vers.laddr, vers.spi);
+		netlog(f, Logesp, "esp: bad auth %I -> %I!%lud\n", vers.raddr,
+			vers.laddr, vers.spi);
 		freeb(bp);
 		return;
 	}
 
-	payload = BLEN(bp)-EsphdrSize-ecb->ahlen;
-	if(payload<=0 || payload%4 != 0 || payload%ecb->espblklen!=0) {
+	payload = BLEN(bp) - vers.hdrlen - ecb->ahlen;
+	if(payload <= 0 || payload % 4 != 0 || payload % ecb->espblklen != 0) {
 		qunlock(c);
-		netlog(f, Logesp, "esp: bad length %I -> %I!%d payload=%d BLEN=%d\n", raddr,
-			laddr, spi, payload, BLEN(bp));
+		netlog(f, Logesp, "esp: bad length %I -> %I!%lud payload=%d BLEN=%zd\n",
+			vers.raddr, vers.laddr, vers.spi, payload, BLEN(bp));
 		freeb(bp);
 		return;
 	}
-	if(!ecb->cipher(ecb, bp->rp+EsphdrSize, payload)) {
+
+	/* decrypt payload */
+	if(!ecb->cipher(ecb, bp->rp + vers.hdrlen, payload)) {
 		qunlock(c);
-print("esp: cipher failed %I -> %I!%ld: %r\n", raddr, laddr, spi);
-		netlog(f, Logesp, "esp: cipher failed %I -> %I!%d: %r\n", raddr,
-			laddr, spi);
+print("esp: cipher failed %I -> %I!%ld: %s\n", vers.raddr, vers.laddr, vers.spi, up->errstr);
+		netlog(f, Logesp, "esp: cipher failed %I -> %I!%lud: %s\n",
+			vers.raddr, vers.laddr, vers.spi, up->errstr);
 		freeb(bp);
 		return;
 	}
 
-	payload -= EsptailSize;
-	et = (Esptail*)(bp->rp + EsphdrSize + payload);
+	payload -= Esptaillen;
+	et = (Esptail*)(bp->rp + vers.hdrlen + payload);
 	payload -= et->pad + ecb->espivlen;
 	nexthdr = et->nexthdr;
 	if(payload <= 0) {
 		qunlock(c);
-		netlog(f, Logesp, "esp: short packet after decrypt %I -> %I!%d\n", raddr,
-			laddr, spi);
+		netlog(f, Logesp, "esp: short packet after decrypt %I -> %I!%lud\n",
+			vers.raddr, vers.laddr, vers.spi);
 		freeb(bp);
 		return;
 	}
 
-	// trim packet
-	bp->rp += EsphdrSize + ecb->espivlen;
+	/* trim packet */
+	bp->rp += vers.hdrlen + ecb->espivlen; /* toss original IP & ESP hdrs */
 	bp->wp = bp->rp + payload;
 	if(ecb->header) {
-		// assume UserhdrSize < EsphdrSize
-		bp->rp -= UserhdrSize;
+		/* assume Userhdrlen < Esp4hdrlen < Esp6hdrlen */
+		bp->rp -= Userhdrlen;
 		uh = (Userhdr*)bp->rp;
-		memset(uh, 0, UserhdrSize);
+		memset(uh, 0, Userhdrlen);
 		uh->nexthdr = nexthdr;
 	}
 
+	/* ingress filtering here? */
+
 	if(qfull(c->rq)){
-		netlog(f, Logesp, "esp: qfull %I -> %I.%uld\n", raddr,
-			laddr, spi);
+		netlog(f, Logesp, "esp: qfull %I -> %I.%uld\n", vers.raddr,
+			vers.laddr, vers.spi);
 		freeblist(bp);
 	}else {
-//print("esp: pass up: %uld\n", BLEN(bp));
-		qpass(c->rq, bp);
+//		print("esp: pass up: %uld\n", BLEN(bp));
+		qpass(c->rq, bp);	/* pass packet up the read queue */
 	}
 
 	qunlock(c);
@@ -440,19 +572,19 @@
 	return e;
 }
 
+/* called from icmp(v6) for unreachable hosts, time exceeded, etc. */
 void
 espadvise(Proto *esp, Block *bp, char *msg)
 {
-	Esphdr *h;
 	Conv *c;
-	ulong spi;
+	Versdep vers;
 
-	h = (Esphdr*)(bp->rp);
+	getverslens(pktipvers(esp->f, &bp), &vers);
+	getpktspiaddrs(bp->rp, &vers);
 
-	spi = nhgets(h->espspi);
 	qlock(esp);
-	c = convlookup(esp, spi);
-	if(c != nil) {
+	c = convlookup(esp, vers.spi);
+	if(c != nil && !c->ignoreadvice) {
 		qhangup(c->rq, msg);
 		qhangup(c->wq, msg);
 	}
@@ -466,7 +598,7 @@
 	Esppriv *upriv;
 
 	upriv = esp->priv;
-	return snprint(buf, len, "%lud %lud\n",
+	return snprint(buf, len, "%llud %lud\n",
 		upriv->in,
 		upriv->inerrors);
 }
@@ -520,10 +652,10 @@
 setalg(Espcb *ecb, char **f, int n, Algorithm *alg)
 {
 	uchar *key;
-	int i, nbyte, nchar;
-	int c;
+	int c, nbyte, nchar;
+	uint i;
 
-	if(n < 2)
+	if(n < 2 || n > 3)
 		return "bad format";
 	for(; alg->name; alg++)
 		if(strcmp(f[1], alg->name) == 0)
@@ -531,10 +663,14 @@
 	if(alg->name == nil)
 		return "unknown algorithm";
 
-	if(n != 3)
-		return "bad format";
 	nbyte = (alg->keylen + 7) >> 3;
-	nchar = strlen(f[2]);
+	if (n == 2)
+		nchar = 0;
+	else
+		nchar = strlen(f[2]);
+	if(nchar != 2 * nbyte)			/* TODO: maybe < is ok */
+		return "key not required length";
+	/* convert hex digits from ascii, in place */
 	for(i=0; i<nchar; i++) {
 		c = f[2][i];
 		if(c >= '0' && c <= '9')
@@ -544,21 +680,27 @@
 		else if(c >= 'A' && c <= 'F')
 			f[2][i] -= 'A'-10;
 		else
-			return "bad character in key";
+			return "non-hex character in key";
 	}
-	key = smalloc(nbyte);
-	for(i=0; i<nchar && i*2<nbyte; i++) {
+	/* collapse hex digits into complete bytes in reverse order in key */
+	key = secalloc(nbyte);
+	for(i = 0; i < nchar && i/2 < nbyte; i++) {
 		c = f[2][nchar-i-1];
 		if(i&1)
 			c <<= 4;
-		key[i>>1] |= c;
+		key[i/2] |= c;
 	}
-
+	memset(f[2], 0, nchar);
 	alg->init(ecb, alg->name, key, alg->keylen);
-	free(key);
+	secfree(key);
 	return nil;
 }
 
+
+/*
+ * null encryption
+ */
+
 static int
 nullcipher(Espcb*, uchar*, int)
 {
@@ -566,7 +708,7 @@
 }
 
 static void
-nullespinit(Espcb *ecb, char *name, uchar*, int)
+nullespinit(Espcb *ecb, char *name, uchar*, unsigned)
 {
 	ecb->espalg = name;
 	ecb->espblklen = 1;
@@ -581,7 +723,7 @@
 }
 
 static void
-nullahinit(Espcb *ecb, char *name, uchar*, int)
+nullahinit(Espcb *ecb, char *name, uchar*, unsigned)
 {
 	ecb->ahalg = name;
 	ecb->ahblklen = 1;
@@ -589,77 +731,201 @@
 	ecb->auth = nullauth;
 }
 
-void
+
+/*
+ * sha1
+ */
+
+static void
 seanq_hmac_sha1(uchar hash[SHA1dlen], uchar *t, long tlen, uchar *key, long klen)
 {
-	uchar ipad[65], opad[65];
 	int i;
+	uchar ipad[Hmacblksz+1], opad[Hmacblksz+1], innerhash[SHA1dlen];
 	DigestState *digest;
-	uchar innerhash[SHA1dlen];
 
-	for(i=0; i<64; i++){
-		ipad[i] = 0x36;
-		opad[i] = 0x5c;
-	}
-	ipad[64] = opad[64] = 0;
-	for(i=0; i<klen; i++){
+	memset(ipad, 0x36, Hmacblksz);
+	memset(opad, 0x5c, Hmacblksz);
+	ipad[Hmacblksz] = opad[Hmacblksz] = 0;
+	for(i = 0; i < klen; i++){
 		ipad[i] ^= key[i];
 		opad[i] ^= key[i];
 	}
-	digest = sha1(ipad, 64, nil, nil);
+	digest = sha1(ipad, Hmacblksz, nil, nil);
 	sha1(t, tlen, innerhash, digest);
-	digest = sha1(opad, 64, nil, nil);
+	digest = sha1(opad, Hmacblksz, nil, nil);
 	sha1(innerhash, SHA1dlen, hash, digest);
 }
 
 static int
 shaauth(Espcb *ecb, uchar *t, int tlen, uchar *auth)
 {
-	uchar hash[SHA1dlen];
 	int r;
+	uchar hash[SHA1dlen];
 
 	memset(hash, 0, SHA1dlen);
-	seanq_hmac_sha1(hash, t, tlen, (uchar*)ecb->ahstate, 16);
+	seanq_hmac_sha1(hash, t, tlen, (uchar*)ecb->ahstate, BITS2BYTES(128));
 	r = memcmp(auth, hash, ecb->ahlen) == 0;
 	memmove(auth, hash, ecb->ahlen);
 	return r;
 }
 
 static void
-shaahinit(Espcb *ecb, char *name, uchar *key, int klen)
+shaahinit(Espcb *ecb, char *name, uchar *key, unsigned klen)
 {
 	if(klen != 128)
 		panic("shaahinit: bad keylen");
-	klen >>= 8;	// convert to bytes
+	klen /= BI2BY;
 
 	ecb->ahalg = name;
 	ecb->ahblklen = 1;
-	ecb->ahlen = 12;
+	ecb->ahlen = BITS2BYTES(96);
 	ecb->auth = shaauth;
-	ecb->ahstate = smalloc(klen);
+	ecb->ahstate = secalloc(klen);
 	memmove(ecb->ahstate, key, klen);
 }
 
-void
+
+/*
+ * aes
+ */
+static int
+aescbccipher(Espcb *ecb, uchar *p, int n)	/* 128-bit blocks */
+{
+	uchar tmp[AESbsize], q[AESbsize];
+	uchar *pp, *tp, *ip, *eip, *ep;
+	AESstate *ds = ecb->espstate;
+
+	ep = p + n;
+	if(ecb->incoming) {
+		memmove(ds->ivec, p, AESbsize);
+		p += AESbsize;
+		while(p < ep){
+			memmove(tmp, p, AESbsize);
+			aes_decrypt(ds->dkey, ds->rounds, p, q);
+			memmove(p, q, AESbsize);
+			tp = tmp;
+			ip = ds->ivec;
+			for(eip = ip + AESbsize; ip < eip; ){
+				*p++ ^= *ip;
+				*ip++ = *tp++;
+			}
+		}
+	} else {
+		memmove(p, ds->ivec, AESbsize);
+		for(p += AESbsize; p < ep; p += AESbsize){
+			pp = p;
+			ip = ds->ivec;
+			for(eip = ip + AESbsize; ip < eip; )
+				*pp++ ^= *ip++;
+			aes_encrypt(ds->ekey, ds->rounds, p, q);
+			memmove(ds->ivec, q, AESbsize);
+			memmove(p, q, AESbsize);
+		}
+	}
+	return 1;
+}
+
+static void
+aescbcespinit(Espcb *ecb, char *name, uchar *k, unsigned n)
+{
+	uchar key[Aeskeysz], ivec[Aeskeysz];
+
+	n = BITS2BYTES(n);
+	if(n > Aeskeysz)
+		n = Aeskeysz;
+	memset(key, 0, sizeof(key));
+	memmove(key, k, n);
+	prng(ivec, Aeskeysz);
+	ecb->espalg = name;
+	ecb->espblklen = Aesblk;
+	ecb->espivlen = Aesblk;
+	ecb->cipher = aescbccipher;
+	ecb->espstate = secalloc(sizeof(AESstate));
+	setupAESstate(ecb->espstate, key, n /* keybytes */, ivec);
+	memset(ivec, 0, sizeof(ivec));
+	memset(key, 0, sizeof(key));
+}
+
+static int
+aesctrcipher(Espcb *ecb, uchar *p, int n)	/* 128-bit blocks */
+{
+	uchar tmp[AESbsize], q[AESbsize];
+	uchar *pp, *tp, *ip, *eip, *ep;
+	AESstate *ds = ecb->espstate;
+
+	ep = p + n;
+	if(ecb->incoming) {
+		memmove(ds->ivec, p, AESbsize);
+		p += AESbsize;
+		while(p < ep){
+			memmove(tmp, p, AESbsize);
+			aes_decrypt(ds->dkey, ds->rounds, p, q);
+			memmove(p, q, AESbsize);
+			tp = tmp;
+			ip = ds->ivec;
+			for(eip = ip + AESbsize; ip < eip; ){
+				*p++ ^= *ip;
+				*ip++ = *tp++;
+			}
+		}
+	} else {
+		memmove(p, ds->ivec, AESbsize);
+		for(p += AESbsize; p < ep; p += AESbsize){
+			pp = p;
+			ip = ds->ivec;
+			for(eip = ip + AESbsize; ip < eip; )
+				*pp++ ^= *ip++;
+			aes_encrypt(ds->ekey, ds->rounds, p, q);
+			memmove(ds->ivec, q, AESbsize);
+			memmove(p, q, AESbsize);
+		}
+	}
+	return 1;
+}
+
+static void
+aesctrespinit(Espcb *ecb, char *name, uchar *k, unsigned n)
+{
+	uchar key[Aesblk], ivec[Aesblk];
+
+	n = BITS2BYTES(n);
+	if(n > Aeskeysz)
+		n = Aeskeysz;
+	memset(key, 0, sizeof(key));
+	memmove(key, k, n);
+	prng(ivec, Aesblk);
+	ecb->espalg = name;
+	ecb->espblklen = Aesblk;
+	ecb->espivlen = Aesblk;
+	ecb->cipher = aesctrcipher;
+	ecb->espstate = secalloc(sizeof(AESstate));
+	setupAESstate(ecb->espstate, key, n /* keybytes */, ivec);
+	memset(ivec, 0, sizeof(ivec));
+	memset(key, 0, sizeof(key));
+}
+
+
+/*
+ * md5
+ */
+
+static void
 seanq_hmac_md5(uchar hash[MD5dlen], uchar *t, long tlen, uchar *key, long klen)
 {
-	uchar ipad[65], opad[65];
 	int i;
+	uchar ipad[Hmacblksz+1], opad[Hmacblksz+1], innerhash[MD5dlen];
 	DigestState *digest;
-	uchar innerhash[MD5dlen];
 
-	for(i=0; i<64; i++){
-		ipad[i] = 0x36;
-		opad[i] = 0x5c;
-	}
-	ipad[64] = opad[64] = 0;
-	for(i=0; i<klen; i++){
+	memset(ipad, 0x36, Hmacblksz);
+	memset(opad, 0x5c, Hmacblksz);
+	ipad[Hmacblksz] = opad[Hmacblksz] = 0;
+	for(i = 0; i < klen; i++){
 		ipad[i] ^= key[i];
 		opad[i] ^= key[i];
 	}
-	digest = md5(ipad, 64, nil, nil);
+	digest = md5(ipad, Hmacblksz, nil, nil);
 	md5(t, tlen, innerhash, digest);
-	digest = md5(opad, 64, nil, nil);
+	digest = md5(opad, Hmacblksz, nil, nil);
 	md5(innerhash, MD5dlen, hash, digest);
 }
 
@@ -670,175 +936,109 @@
 	int r;
 
 	memset(hash, 0, MD5dlen);
-	seanq_hmac_md5(hash, t, tlen, (uchar*)ecb->ahstate, 16);
+	seanq_hmac_md5(hash, t, tlen, (uchar*)ecb->ahstate, BITS2BYTES(128));
 	r = memcmp(auth, hash, ecb->ahlen) == 0;
 	memmove(auth, hash, ecb->ahlen);
 	return r;
 }
 
 static void
-md5ahinit(Espcb *ecb, char *name, uchar *key, int klen)
+md5ahinit(Espcb *ecb, char *name, uchar *key, unsigned klen)
 {
 	if(klen != 128)
 		panic("md5ahinit: bad keylen");
-	klen >>= 3;	// convert to bytes
-
-
+	klen = BITS2BYTES(klen);
 	ecb->ahalg = name;
 	ecb->ahblklen = 1;
-	ecb->ahlen = 12;
+	ecb->ahlen = BITS2BYTES(96);
 	ecb->auth = md5auth;
-	ecb->ahstate = smalloc(klen);
+	ecb->ahstate = secalloc(klen);
 	memmove(ecb->ahstate, key, klen);
 }
 
+
+/*
+ * des, single and triple
+ */
+
 static int
 descipher(Espcb *ecb, uchar *p, int n)
 {
-	uchar tmp[8];
-	uchar *pp, *tp, *ip, *eip, *ep;
 	DESstate *ds = ecb->espstate;
 
-	ep = p + n;
 	if(ecb->incoming) {
-		memmove(ds->ivec, p, 8);
-		p += 8;
-		while(p < ep){
-			memmove(tmp, p, 8);
-			block_cipher(ds->expanded, p, 1);
-			tp = tmp;
-			ip = ds->ivec;
-			for(eip = ip+8; ip < eip; ){
-				*p++ ^= *ip;
-				*ip++ = *tp++;
-			}
-		}
+		memmove(ds->ivec, p, Desblk);
+		desCBCdecrypt(p + Desblk, n - Desblk, ds);
 	} else {
-		memmove(p, ds->ivec, 8);
-		for(p += 8; p < ep; p += 8){
-			pp = p;
-			ip = ds->ivec;
-			for(eip = ip+8; ip < eip; )
-				*pp++ ^= *ip++;
-			block_cipher(ds->expanded, p, 0);
-			memmove(ds->ivec, p, 8);
-		}
+		memmove(p, ds->ivec, Desblk);
+		desCBCencrypt(p + Desblk, n - Desblk, ds);
 	}
 	return 1;
 }
-	
+
+static int
+des3cipher(Espcb *ecb, uchar *p, int n)
+{
+	DES3state *ds = ecb->espstate;
+
+	if(ecb->incoming) {
+		memmove(ds->ivec, p, Desblk);
+		des3CBCdecrypt(p + Desblk, n - Desblk, ds);
+	} else {
+		memmove(p, ds->ivec, Desblk);
+		des3CBCencrypt(p + Desblk, n - Desblk, ds);
+	}
+	return 1;
+}
+
 static void
-desespinit(Espcb *ecb, char *name, uchar *k, int n)
+desespinit(Espcb *ecb, char *name, uchar *k, unsigned n)
 {
-	uchar key[8];
-	uchar ivec[8];
-	int i;
-	
-	// bits to bytes
-	n = (n+7)>>3;
-	if(n > 8)
-		n = 8;
+	uchar key[Desblk], ivec[Desblk];
+
+	n = BITS2BYTES(n);
+	if(n > Desblk)
+		n = Desblk;
 	memset(key, 0, sizeof(key));
 	memmove(key, k, n);
-	for(i=0; i<8; i++)
-		ivec[i] = nrand(256);
+	prng(ivec, Desblk);
 	ecb->espalg = name;
-	ecb->espblklen = 8;
-	ecb->espivlen = 8;
+	ecb->espblklen = Desblk;
+	ecb->espivlen = Desblk;
+
 	ecb->cipher = descipher;
-	ecb->espstate = smalloc(sizeof(DESstate));
+	ecb->espstate = secalloc(sizeof(DESstate));
 	setupDESstate(ecb->espstate, key, ivec);
+	memset(ivec, 0, sizeof(ivec));
+	memset(key, 0, sizeof(key));
 }
 
-static int
-rc4cipher(Espcb *ecb, uchar *p, int n)
+static void
+des3espinit(Espcb *ecb, char *name, uchar *k, unsigned n)
 {
-	Esprc4 *esprc4;
-	RC4state tmpstate;
-	ulong seq;
-	long d, dd;
+	uchar key[3][Desblk], ivec[Desblk];
 
-	if(n < 4)
-		return 0;
-
-	esprc4 = ecb->espstate;
-	if(ecb->incoming) {
-		seq = nhgetl(p);
-		p += 4;
-		n -= 4;
-		d = seq-esprc4->cseq;
-		if(d == 0) {
-			rc4(&esprc4->current, p, n);
-			esprc4->cseq += n;
-			if(esprc4->ovalid) {
-				dd = esprc4->cseq - esprc4->lgseq;
-				if(dd > RC4back)
-					esprc4->ovalid = 0;
-			}
-		} else if(d > 0) {
-print("missing packet: %uld %ld\n", seq, d);
-			// this link is hosed
-			if(d > RC4forward) {
-				strcpy(up->errstr, "rc4cipher: skipped too much");
-				return 0;
-			}
-			esprc4->lgseq = seq;
-			if(!esprc4->ovalid) {
-				esprc4->ovalid = 1;
-				esprc4->oseq = esprc4->cseq;
-				memmove(&esprc4->old, &esprc4->current, sizeof(RC4state));
-			}
-			rc4skip(&esprc4->current, d);
-			rc4(&esprc4->current, p, n);
-			esprc4->cseq = seq+n;
-		} else {
-print("reordered packet: %uld %ld\n", seq, d);
-			dd = seq - esprc4->oseq;
-			if(!esprc4->ovalid || -d > RC4back || dd < 0) {
-				strcpy(up->errstr, "rc4cipher: too far back");
-				return 0;
-			}
-			memmove(&tmpstate, &esprc4->old, sizeof(RC4state));
-			rc4skip(&tmpstate, dd);
-			rc4(&tmpstate, p, n);
-			return 1;
-		}
+	n = BITS2BYTES(n);
+	if(n > Des3keysz)
+		n = Des3keysz;
+	memset(key, 0, sizeof(key));
+	memmove(key, k, n);
+	prng(ivec, Desblk);
+	ecb->espalg = name;
+	ecb->espblklen = Desblk;
+	ecb->espivlen = Desblk;
 
-		// move old state up
-		if(esprc4->ovalid) {
-			dd = esprc4->cseq - RC4back - esprc4->oseq;
-			if(dd > 0) {
-				rc4skip(&esprc4->old, dd);
-				esprc4->oseq += dd;
-			}
-		}
-	} else {
-		hnputl(p, esprc4->cseq);
-		p += 4;
-		n -= 4;
-		rc4(&esprc4->current, p, n);
-		esprc4->cseq += n;
-	}
-	return 1;
+	ecb->cipher = des3cipher;
+	ecb->espstate = secalloc(sizeof(DES3state));
+	setupDES3state(ecb->espstate, key, ivec);
+	memset(ivec, 0, sizeof(ivec));
+	memset(key, 0, sizeof(key));
 }
 
-static void
-rc4espinit(Espcb *ecb, char *name, uchar *k, int n)
-{	
-	Esprc4 *esprc4;
-
-	// bits to bytes
-	n = (n+7)>>3;
-	esprc4 = smalloc(sizeof(Esprc4));
-	memset(esprc4, 0, sizeof(Esprc4));
-	setupRC4state(&esprc4->current, k, n);
-	ecb->espalg = name;
-	ecb->espblklen = 4;
-	ecb->espivlen = 4;
-	ecb->cipher = rc4cipher;
-	ecb->espstate = esprc4;
-}
-	
+
+/*
+ * interfacing to devip
+ */
 void
 espinit(Fs *fs)
 {
--- a/os/ip/ethermedium.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/ethermedium.c	Sat Aug 21 01:39:52 2021
@@ -5,9 +5,9 @@
 #include "fns.h"
 #include "../port/error.h"
 
+#include "../port/netif.h"
 #include "ip.h"
 #include "ipv6.h"
-#include "kernel.h"
 
 typedef struct Etherhdr Etherhdr;
 struct Etherhdr
@@ -18,9 +18,9 @@
 };
 
 static uchar ipbroadcast[IPaddrlen] = {
-	0xff,0xff,0xff,0xff,  
-	0xff,0xff,0xff,0xff,  
-	0xff,0xff,0xff,0xff,  
+	0xff,0xff,0xff,0xff,
+	0xff,0xff,0xff,0xff,
+	0xff,0xff,0xff,0xff,
 	0xff,0xff,0xff,0xff,
 };
 
@@ -33,12 +33,12 @@
 static void	etherbwrite(Ipifc *ifc, Block *bp, int version, uchar *ip);
 static void	etheraddmulti(Ipifc *ifc, uchar *a, uchar *ia);
 static void	etherremmulti(Ipifc *ifc, uchar *a, uchar *ia);
+static void	etherareg(Fs *f, Ipifc *ifc, Iplifc *lifc, uchar *ip);
 static Block*	multicastarp(Fs *f, Arpent *a, Medium*, uchar *mac);
 static void	sendarp(Ipifc *ifc, Arpent *a);
-static void	sendgarp(Ipifc *ifc, uchar*);
+static void	sendndp(Ipifc *ifc, Arpent *a);
 static int	multicastea(uchar *ea, uchar *ip);
 static void	recvarpproc(void*);
-static void	resolveaddr6(Ipifc *ifc, Arpent *a);
 static void	etherpref2addr(uchar *pref, uchar *ea);
 
 Medium ethermedium =
@@ -53,8 +53,7 @@
 .bwrite=	etherbwrite,
 .addmulti=	etheraddmulti,
 .remmulti=	etherremmulti,
-.ares=		arpenter,
-.areg=		sendgarp,
+.areg=		etherareg,
 .pref2addr=	etherpref2addr,
 };
 
@@ -70,8 +69,7 @@
 .bwrite=	etherbwrite,
 .addmulti=	etheraddmulti,
 .remmulti=	etherremmulti,
-.ares=		arpenter,
-.areg=		sendgarp,
+.areg=		etherareg,
 .pref2addr=	etherpref2addr,
 };
 
@@ -94,9 +92,6 @@
  */
 enum
 {
-	ETARP		= 0x0806,
-	ETIP4		= 0x0800,
-	ETIP6		= 0x86DD,
 	ARPREQUEST	= 1,
 	ARPREPLY	= 2,
 };
@@ -127,128 +122,92 @@
 static void
 etherbind(Ipifc *ifc, int argc, char **argv)
 {
-	Chan *mchan4, *cchan4, *achan, *mchan6, *cchan6;
-	char addr[Maxpath];	//char addr[2*KNAMELEN];
-	char dir[Maxpath];	//char dir[2*KNAMELEN];
-	char *buf;
-	int fd, cfd, n;
-	char *ptr;
+	char addr[Maxpath], dir[Maxpath];
 	Etherrock *er;
+	Chan *c;
+	int n;
 
 	if(argc < 2)
 		error(Ebadarg);
 
-	mchan4 = cchan4 = achan = mchan6 = cchan6 = nil;
-	buf = nil;
+	/*
+	 *  get mac address
+	 */
+	snprint(addr, sizeof(addr), "%s/addr", argv[2]);
+	c = namec(addr, Aopen, OREAD, 0);
+	if(waserror()){
+		cclose(c);
+		nexterror();
+	}
+	n = devtab[c->type]->read(c, addr, sizeof(addr)-1, 0);
+	if(n < 0)
+		error(Eio);
+	addr[n] = 0;
+	if(parsemac(ifc->mac, addr, sizeof(ifc->mac)) != 6)
+		error("could not find mac address");
+	cclose(c);
+	poperror();
+
+	er = smalloc(sizeof(*er));
+	er->read4p = er->read6p = er->arpp = (void*)-1;
+	er->mchan4 = er->cchan4 = er->mchan6 = er->cchan6 = er->achan = nil;
+	er->f = ifc->conv->p->f;
+
 	if(waserror()){
-		if(mchan4 != nil)
-			cclose(mchan4);
-		if(cchan4 != nil)
-			cclose(cchan4);
-		if(achan != nil)
-			cclose(achan);
-		if(mchan6 != nil)
-			cclose(mchan6);
-		if(cchan6 != nil)
-			cclose(cchan6);
-		if(buf != nil)
-			free(buf);
-		nexterror(); 
+		if(er->mchan4 != nil)
+			cclose(er->mchan4);
+		if(er->cchan4 != nil)
+			cclose(er->cchan4);
+		if(er->mchan6 != nil)
+			cclose(er->mchan6);
+		if(er->cchan6 != nil)
+			cclose(er->cchan6);
+		if(er->achan != nil)
+			cclose(er->achan);
+		free(er);
+		nexterror();
 	}
 
 	/*
-	 *  open ip converstation
+	 *  open ipv4 conversation
 	 *
 	 *  the dial will fail if the type is already open on
 	 *  this device.
 	 */
-	snprint(addr, sizeof(addr), "%s!0x800", argv[2]);
-	fd = kdial(addr, nil, dir, &cfd);
-	if(fd < 0)
-		errorf("dial 0x800 failed: %s", up->env->errstr);
-	mchan4 = commonfdtochan(fd, ORDWR, 0, 1);
-	cchan4 = commonfdtochan(cfd, ORDWR, 0, 1);
-	kclose(fd);
-	kclose(cfd);
+	snprint(addr, sizeof(addr), "%s!0x800", argv[2]);	/* ETIP4 */
+	er->mchan4 = chandial(addr, nil, dir, &er->cchan4);
 
 	/*
 	 *  make it non-blocking
 	 */
-	devtab[cchan4->type]->write(cchan4, nbmsg, strlen(nbmsg), 0);
-
-	/*
-	 *  get mac address and speed
-	 */
-	snprint(addr, sizeof(addr), "%s/stats", dir);
-	fd = kopen(addr, OREAD);
-	if(fd < 0)
-		errorf("can't open ether stats: %s", up->env->errstr);
-
-	buf = smalloc(512);
-	n = kread(fd, buf, 511);
-	kclose(fd);
-	if(n <= 0)
-		error(Eio);
-	buf[n] = 0;
-
-	ptr = strstr(buf, "addr: ");
-	if(!ptr)
-		error(Eio);
-	ptr += 6;
-	parsemac(ifc->mac, ptr, 6);
-
-	ptr = strstr(buf, "mbps: ");
-	if(ptr){
-		ptr += 6;
-		ifc->mbps = atoi(ptr);
-	} else
-		ifc->mbps = 100;
-
-	/*
- 	 *  open arp conversation
-	 */
-	snprint(addr, sizeof(addr), "%s!0x806", argv[2]);
-	fd = kdial(addr, nil, nil, nil);
-	if(fd < 0)
-		errorf("dial 0x806 failed: %s", up->env->errstr);
-	achan = commonfdtochan(fd, ORDWR, 0, 1);
-	kclose(fd);
+	devtab[er->cchan4->type]->write(er->cchan4, nbmsg, strlen(nbmsg), 0);
 
 	/*
-	 *  open ip conversation
+	 *  open ipv6 conversation
 	 *
 	 *  the dial will fail if the type is already open on
 	 *  this device.
 	 */
-	snprint(addr, sizeof(addr), "%s!0x86DD", argv[2]);
-	fd = kdial(addr, nil, dir, &cfd);
-	if(fd < 0)
-		errorf("dial 0x86DD failed: %s", up->env->errstr);
-	mchan6 = commonfdtochan(fd, ORDWR, 0, 1);
-	cchan6 = commonfdtochan(cfd, ORDWR, 0, 1);
-	kclose(fd);
-	kclose(cfd);
+	snprint(addr, sizeof(addr), "%s!0x86DD", argv[2]);	/* ETIP6 */
+	er->mchan6 = chandial(addr, nil, dir, &er->cchan6);
 
 	/*
 	 *  make it non-blocking
 	 */
-	devtab[cchan6->type]->write(cchan6, nbmsg, strlen(nbmsg), 0);
-
-	er = smalloc(sizeof(*er));
-	er->mchan4 = mchan4;
-	er->cchan4 = cchan4;
-	er->achan = achan;
-	er->mchan6 = mchan6;
-	er->cchan6 = cchan6;
-	er->f = ifc->conv->p->f;
-	ifc->arg = er;
+	devtab[er->cchan6->type]->write(er->cchan6, nbmsg, strlen(nbmsg), 0);
 
-	free(buf);
+	/*
+ 	 *  open arp conversation
+	 */
+	snprint(addr, sizeof(addr), "%s!0x806", argv[2]);	/* ETARP */
+	er->achan = chandial(addr, nil, nil, nil);
 	poperror();
 
-	kproc("etherread4", etherread4, ifc, 0);
-	kproc("recvarpproc", recvarpproc, ifc, 0);
-	kproc("etherread6", etherread6, ifc, 0);
+	ifc->arg = er;
+
+	kproc("etherread4", etherread4, ifc);
+	kproc("etherread6", etherread6, ifc);
+	kproc("recvarpproc", recvarpproc, ifc);
 }
 
 /*
@@ -259,27 +218,43 @@
 {
 	Etherrock *er = ifc->arg;
 
-	if(er->read4p)
+	while(waserror())
+		;
+
+	/* wait for readers to start */
+	while(er->arpp == (void*)-1 || er->read4p == (void*)-1 || er->read6p == (void*)-1)
+		tsleep(&up->sleep, return0, 0, 300);
+
+	if(er->read4p != nil)
 		postnote(er->read4p, 1, "unbind", 0);
-	if(er->read6p)
+	if(er->read6p != nil)
 		postnote(er->read6p, 1, "unbind", 0);
-	if(er->arpp)
+	if(er->arpp != nil)
 		postnote(er->arpp, 1, "unbind", 0);
 
+	poperror();
+
+	wunlock(ifc);
+	while(waserror())
+		;
+
 	/* wait for readers to die */
-	while(er->arpp != 0 || er->read4p != 0 || er->read6p != 0)
+	while(er->arpp != nil || er->read4p != nil || er->read6p != nil)
 		tsleep(&up->sleep, return0, 0, 300);
 
+	poperror();
+	wlock(ifc);
+
 	if(er->mchan4 != nil)
 		cclose(er->mchan4);
-	if(er->achan != nil)
-		cclose(er->achan);
 	if(er->cchan4 != nil)
 		cclose(er->cchan4);
 	if(er->mchan6 != nil)
 		cclose(er->mchan6);
 	if(er->cchan6 != nil)
 		cclose(er->cchan6);
+	if(er->achan != nil)
+		cclose(er->achan);
 
 	free(er);
 }
@@ -297,16 +272,16 @@
 
 	/* get mac address of destination */
 	a = arpget(er->f->arp, bp, version, ifc, ip, mac);
-	if(a){
+	if(a != nil){
 		/* check for broadcast or multicast */
 		bp = multicastarp(er->f, a, ifc->m, mac);
-		if(bp==nil){
+		if(bp == nil){
 			switch(version){
 			case V4:
 				sendarp(ifc, a);
 				break;
-			case V6: 
-				resolveaddr6(ifc, a);
+			case V6:
+				sendndp(ifc, a);
 				break;
 			default:
 				panic("etherbwrite: version %d", version);
@@ -317,8 +292,6 @@
 
 	/* make it a single block with space for the ether header */
 	bp = padblock(bp, ifc->m->hsize);
-	if(bp->next)
-		bp = concatblock(bp);
 	if(BLEN(bp) < ifc->mintu)
 		bp = adjustblock(bp, ifc->mintu);
 	eh = (Etherhdr*)bp->rp;
@@ -358,29 +331,28 @@
 	ifc = a;
 	er = ifc->arg;
 	er->read4p = up;	/* hide identity under a rock for unbind */
-	if(waserror()){
-		er->read4p = 0;
-		pexit("hangup", 1);
-	}
+	if(!waserror())
 	for(;;){
 		bp = devtab[er->mchan4->type]->bread(er->mchan4, ifc->maxtu, 0);
-		if(!canrlock(ifc)){
-			freeb(bp);
-			continue;
-		}
+		if(bp == nil)
+			break;
+		rlock(ifc);
 		if(waserror()){
 			runlock(ifc);
 			nexterror();
 		}
 		ifc->in++;
-		bp->rp += ifc->m->hsize;
-		if(ifc->lifc == nil)
+		if(ifc->lifc == nil || BLEN(bp) <= ifc->m->hsize)
 			freeb(bp);
-		else
+		else {
+			bp->rp += ifc->m->hsize;
 			ipiput4(er->f, ifc, bp);
+		}
 		runlock(ifc);
 		poperror();
 	}
+	er->read4p = nil;
+	pexit("hangup", 1);
 }
 
 
@@ -397,29 +369,28 @@
 	ifc = a;
 	er = ifc->arg;
 	er->read6p = up;	/* hide identity under a rock for unbind */
-	if(waserror()){
-		er->read6p = 0;
-		pexit("hangup", 1);
-	}
+	if(!waserror())
 	for(;;){
 		bp = devtab[er->mchan6->type]->bread(er->mchan6, ifc->maxtu, 0);
-		if(!canrlock(ifc)){
-			freeb(bp);
-			continue;
-		}
+		if(bp == nil)
+			break;
+		rlock(ifc);
 		if(waserror()){
 			runlock(ifc);
 			nexterror();
 		}
 		ifc->in++;
-		bp->rp += ifc->m->hsize;
-		if(ifc->lifc == nil)
+		if(ifc->lifc == nil || BLEN(bp) <= ifc->m->hsize)
 			freeb(bp);
-		else
+		else {
+			bp->rp += ifc->m->hsize;
 			ipiput6(er->f, ifc, bp);
+		}
 		runlock(ifc);
 		poperror();
 	}
+	er->read6p = nil;
+	pexit("hangup", 1);
 }
 
 static void
@@ -477,6 +448,7 @@
 	Block *bp;
 	Etherarp *e;
 	Etherrock *er = ifc->arg;
+	uchar targ[IPv4addrlen], src[IPv4addrlen];
 
 	/* don't do anything if it's been less than a second since the last */
 	if(NOW - a->ctime < 1000){
@@ -484,6 +456,9 @@
 		return;
 	}
 
+	/* try to keep it around for a second more */
+	a->ctime = NOW;
+
 	/* remove all but the last message */
 	while((bp = a->hold) != nil){
 		if(bp == a->last)
@@ -492,18 +467,20 @@
 		freeblist(bp);
 	}
 
-	/* try to keep it around for a second more */
-	a->ctime = NOW;
+	memmove(targ, a->ip+IPv4off, IPv4addrlen);
 	arprelease(er->f->arp, a);
 
+	if(!ipv4local(ifc, src, 0, targ))
+		return;
+
 	n = sizeof(Etherarp);
-	if(n < a->type->mintu)
-		n = a->type->mintu;
+	if(n < ifc->m->mintu)
+		n = ifc->m->mintu;
 	bp = allocb(n);
 	memset(bp->rp, 0, n);
 	e = (Etherarp*)bp->rp;
-	memmove(e->tpa, a->ip+IPv4off, sizeof(e->tpa));
-	ipv4local(ifc, e->spa);
+	memmove(e->tpa, targ, sizeof(e->tpa));
+	memmove(e->spa, src, sizeof(e->spa));
 	memmove(e->sha, ifc->mac, sizeof(e->sha));
 	memset(e->d, 0xff, sizeof(e->d));		/* ethernet broadcast */
 	memmove(e->s, ifc->mac, sizeof(e->s));
@@ -516,18 +493,14 @@
 	hnputs(e->op, ARPREQUEST);
 	bp->wp += n;
 
-	n = devtab[er->achan->type]->bwrite(er->achan, bp, 0);
-	if(n < 0)
-		print("arp: send: %r\n");
+	devtab[er->achan->type]->bwrite(er->achan, bp, 0);
 }
 
 static void
-resolveaddr6(Ipifc *ifc, Arpent *a)
+sendndp(Ipifc *ifc, Arpent *a)
 {
-	int sflag;
 	Block *bp;
 	Etherrock *er = ifc->arg;
-	uchar ipsrc[IPaddrlen];
 
 	/* don't do anything if it's been less than a second since the last */
 	if(NOW - a->ctime < ReTransTimer){
@@ -543,19 +516,7 @@
 		freeblist(bp);
 	}
 
-	/* try to keep it around for a second more */
-	a->ctime = NOW;
-	a->rtime = NOW + ReTransTimer;
-	if(a->rxtsrem <= 0) {
-		arprelease(er->f->arp, a);
-		return;
-	}
-
-	a->rxtsrem--;
-	arprelease(er->f->arp, a);
-
-	if(sflag = ipv6anylocal(ifc, ipsrc)) 
-		icmpns(er->f, ipsrc, sflag, a->ip, TARG_MULTI, ifc->mac);
+	ndpsendsol(er->f, ifc, a);	/* unlocks arp */
 }
 
 /*
@@ -569,10 +530,6 @@
 	Etherarp *e;
 	Etherrock *er = ifc->arg;
 
-	/* don't arp for our initial non address */
-	if(ipcmp(ip, IPnoaddr) == 0)
-		return;
-
 	n = sizeof(Etherarp);
 	if(n < ifc->m->mintu)
 		n = ifc->m->mintu;
@@ -593,15 +550,13 @@
 	hnputs(e->op, ARPREQUEST);
 	bp->wp += n;
 
-	n = devtab[er->achan->type]->bwrite(er->achan, bp, 0);
-	if(n < 0)
-		print("garp: send: %r\n");
+	devtab[er->achan->type]->bwrite(er->achan, bp, 0);
 }
 
 static void
 recvarp(Ipifc *ifc)
 {
-	int n;
+	int n, forme;
 	Block *ebp, *rbp;
 	Etherarp *e, *r;
 	uchar ip[IPaddrlen];
@@ -609,10 +564,10 @@
 	Etherrock *er = ifc->arg;
 
 	ebp = devtab[er->achan->type]->bread(er->achan, ifc->maxtu, 0);
-	if(ebp == nil) {
-		print("arp: rcv: %r\n");
+	if(ebp == nil)
 		return;
-	}
+
+	rlock(ifc);
 
 	e = (Etherarp*)ebp->rp;
 	switch(nhgets(e->op)) {
@@ -620,9 +575,13 @@
 		break;
 
 	case ARPREPLY:
+		/* make sure not to enter multi/broadcat address */
+		if(e->sha[0] & 1)
+			break;
+
 		/* check for machine using my ip address */
 		v4tov6(ip, e->spa);
-		if(iplocalonifc(ifc, ip) || ipproxyifc(er->f, ifc, ip)){
+		if(iplocalonifc(ifc, ip) != nil || ipproxyifc(er->f, ifc, ip)){
 			if(memcmp(e->sha, ifc->mac, sizeof(e->sha)) != 0){
 				print("arprep: 0x%E/0x%E also has ip addr %V\n",
 					e->s, e->sha, e->spa);
@@ -630,46 +589,47 @@
 			}
 		}
 
-		/* make sure we're not entering broadcast addresses */
-		if(ipcmp(ip, ipbroadcast) == 0 ||
-			!memcmp(e->sha, etherbroadcast, sizeof(e->sha))){
-			print("arprep: 0x%E/0x%E cannot register broadcast address %I\n",
-				e->s, e->sha, e->spa);
-			break;
-		}
-
-		arpenter(er->f, V4, e->spa, e->sha, sizeof(e->sha), 0);
+		/* refresh what we know about sender */
+		arpenter(er->f, V4, e->spa, e->sha, sizeof(e->sha), e->tpa, ifc, 1);
 		break;
 
 	case ARPREQUEST:
+		/* don't reply to multi/broadcat addresses */
+		if(e->sha[0] & 1)
+			break;
+
 		/* don't answer arps till we know who we are */
-		if(ifc->lifc == 0)
+		if(ifc->lifc == nil)
 			break;
 
 		/* check for machine using my ip or ether address */
 		v4tov6(ip, e->spa);
-		if(iplocalonifc(ifc, ip) || ipproxyifc(er->f, ifc, ip)){
+		if(iplocalonifc(ifc, ip) != nil || ipproxyifc(er->f, ifc, ip)){
 			if(memcmp(e->sha, ifc->mac, sizeof(e->sha)) != 0){
-				if (memcmp(eprinted, e->spa, sizeof(e->spa))){
+				if(memcmp(eprinted, e->spa, sizeof(e->spa)) != 0){
 					/* print only once */
-					print("arpreq: 0x%E also has ip addr %V\n", e->sha, e->spa);
+					print("arpreq: 0x%E also has ip addr %V\n",
+						e->sha, e->spa);
 					memmove(eprinted, e->spa, sizeof(e->spa));
 				}
+				break;
 			}
 		} else {
 			if(memcmp(e->sha, ifc->mac, sizeof(e->sha)) == 0){
-				print("arpreq: %V also has ether addr %E\n", e->spa, e->sha);
+				print("arpreq: %V also has ether addr %E\n",
+					e->spa, e->sha);
 				break;
 			}
 		}
 
-		/* refresh what we know about sender */
-		arpenter(er->f, V4, e->spa, e->sha, sizeof(e->sha), 1);
-
-		/* answer only requests for our address or systems we're proxying for */
+		/*
+		 * when request is for our address or systems we're proxying for,
+		 * enter senders address into arp table and reply, otherwise just
+		 * refresh the senders address.
+		 */
 		v4tov6(ip, e->tpa);
-		if(!iplocalonifc(ifc, ip))
-		if(!ipproxyifc(er->f, ifc, ip))
+		forme = iplocalonifc(ifc, ip) != nil || ipproxyifc(er->f, ifc, ip);
+		if(arpenter(er->f, V4, e->spa, e->sha, sizeof(e->sha), e->tpa, ifc, !forme) < 0 || !forme)
 			break;
 
 		n = sizeof(Etherarp);
@@ -692,10 +652,14 @@
 		memmove(r->s, ifc->mac, sizeof(r->s));
 		rbp->wp += n;
 
-		n = devtab[er->achan->type]->bwrite(er->achan, rbp, 0);
-		if(n < 0)
-			print("arp: write: %r\n");
+		runlock(ifc);
+		freeb(ebp);
+
+		devtab[er->achan->type]->bwrite(er->achan, rbp, 0);
+		return;
 	}
+
+	runlock(ifc);
 	freeb(ebp);
 }
 
@@ -707,7 +671,7 @@
 
 	er->arpp = up;
 	if(waserror()){
-		er->arpp = 0;
+		er->arpp = nil;
 		pexit("hangup", 1);
 	}
 	for(;;)
@@ -749,14 +713,9 @@
 multicastarp(Fs *f, Arpent *a, Medium *medium, uchar *mac)
 {
 	/* is it broadcast? */
-	switch(ipforme(f, a->ip)){
-	case Runi:
-		return nil;
-	case Rbcast:
-		memset(mac, 0xff, 6);
+	if(ipforme(f, a->ip) == Rbcast){
+		memset(mac, 0xff, medium->maclen);
 		return arpresolve(f->arp, a, medium, mac);
-	default:
-		break;
 	}
 
 	/* if multicast, fill in mac */
@@ -778,15 +737,52 @@
 }
 
 
-static void 
+static void
 etherpref2addr(uchar *pref, uchar *ea)
 {
-	pref[8]  = ea[0] | 0x2;
-	pref[9]  = ea[1];
+	pref[8] = ea[0] ^ 0x2;
+	pref[9] = ea[1];
 	pref[10] = ea[2];
 	pref[11] = 0xFF;
 	pref[12] = 0xFE;
 	pref[13] = ea[3];
 	pref[14] = ea[4];
 	pref[15] = ea[5];
+}
+
+static void
+etherareg(Fs *f, Ipifc *ifc, Iplifc *lifc, uchar *ip)
+{
+	static char tdad[] = "dad6";
+	uchar a[IPaddrlen];
+
+	if(ipcmp(ip, IPnoaddr) == 0 || ipcmp(ip, v4prefix) == 0)
+		return;
+
+	if(isv4(ip)){
+		sendgarp(ifc, ip);
+		return;
+	}
+
+	if((lifc->type&Rv4) != 0)
+		return;
+
+	if(!lifc->tentative){
+		icmpna(f, lifc->local, v6allnodesL, ip, ifc->mac, 1<<5);
+		return;
+	}
+
+	if(ipcmp(lifc->local, ip) != 0)
+		return;
+
+	/* temporarily add route for duplicate address detection */
+	ipv62smcast(a, ip);
+	addroute(f, a, IPallbits, v6Unspecified, IPallbits, ip, Rmulti, ifc, tdad);
+	if(waserror()){
+		remroute(f, a, IPallbits, v6Unspecified, IPallbits, ip, Rmulti, ifc, tdad);
+		nexterror();
+	}
+	icmpns(f, 0, SRC_UNSPEC, ip, TARG_MULTI, ifc->mac);
+	poperror();
+	remroute(f, a, IPallbits, v6Unspecified, IPallbits, ip, Rmulti, ifc, tdad);
 }
--- a/os/ip/gre.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/gre.c	Sat Aug 21 01:39:52 2021
@@ -1,3 +1,6 @@
+/*
+ * Generic Routing Encapsulation over IPv4, rfc1702
+ */
 #include "u.h"
 #include "../port/lib.h"
 #include "mem.h"
@@ -7,10 +10,7 @@
 
 #include "ip.h"
 
-#define DPRINT if(0)print
-
-enum
-{
+enum {
 	GRE_IPONLY	= 12,		/* size of ip header */
 	GRE_IPPLUSGRE	= 12,		/* minimum size of GRE header */
 	IP_GREPROTO	= 47,
@@ -18,17 +18,40 @@
 	GRErxms		= 200,
 	GREtickms	= 100,
 	GREmaxxmit	= 10,
+
+	K		= 1024,
+	GREqlen		= 256 * K,
+
+	GRE_cksum	= 0x8000,
+	GRE_routing	= 0x4000,
+	GRE_key		= 0x2000,
+	GRE_seq		= 0x1000,
+
+	Nring		= 1 << 10,	/* power of two, please */
+	Ringmask	= Nring - 1,
+
+	GREctlraw	= 0,
+	GREctlcooked,
+	GREctlretunnel,
+	GREctlreport,
+	GREctldlsuspend,
+	GREctlulsuspend,
+	GREctldlresume,
+	GREctlulresume,
+	GREctlforward,
+	GREctlulkey,
+	Ncmds,
 };
 
-typedef struct GREhdr
-{
+typedef struct GREhdr GREhdr;
+struct GREhdr{
 	/* ip header */
 	uchar	vihl;		/* Version and header length */
 	uchar	tos;		/* Type of service */
 	uchar	len[2];		/* packet length (including headers) */
 	uchar	id[2];		/* Identification */
 	uchar	frag[2];	/* Fragment information */
-	uchar	Unused;	
+	uchar	ttl;
 	uchar	proto;		/* Protocol */
 	uchar	cksum[2];	/* checksum */
 	uchar	src[4];		/* Ip source */
@@ -37,21 +60,115 @@
 	/* gre header */
 	uchar	flags[2];
 	uchar	eproto[2];	/* encapsulation protocol */
-} GREhdr;
+};
 
 typedef struct GREpriv GREpriv;
-struct GREpriv
-{
-	int		raw;			/* Raw GRE mode */
-
+struct GREpriv{
 	/* non-MIB stats */
-	ulong		csumerr;		/* checksum errors */
-	ulong		lenerr;			/* short packet */
+	uvlong	lenerr;			/* short packet */
+};
+
+typedef struct Bring	Bring;
+struct Bring{
+	Block	*ring[Nring];
+	long	produced;
+	long	consumed;
+};
+
+typedef struct GREconv	GREconv;
+struct GREconv{
+	int	raw;
+
+	/* Retunnelling information.  v4 only */
+	uchar	north[4];			/* HA */
+	uchar	south[4];			/* Base station */
+	uchar	hoa[4];				/* Home address */
+	uchar	coa[4];				/* Careof address */
+	ulong	seq;				/* Current sequence # */
+	int	dlsusp;				/* Downlink suspended? */
+	int	ulsusp;				/* Uplink suspended? */
+	ulong	ulkey;				/* GRE key */
+
+	QLock	lock;				/* Lock for rings */
+	Bring	dlpending;			/* Ring of pending packets */
+	Bring	dlbuffered;			/* Received while suspended */
+	Bring	ulbuffered;			/* Received while suspended */
+};
+
+typedef struct Metablock Metablock;
+struct Metablock{
+	uchar	*rp;
+	ulong	seq;
+};
+
+static char *grectlcooked(Conv *, int, char **);
+static char *grectldlresume(Conv *, int, char **);
+static char *grectldlsuspend(Conv *, int, char **);
+static char *grectlforward(Conv *, int, char **);
+static char *grectlraw(Conv *, int, char **);
+static char *grectlreport(Conv *, int, char **);
+static char *grectlretunnel(Conv *, int, char **);
+static char *grectlulkey(Conv *, int, char **);
+static char *grectlulresume(Conv *, int, char **);
+static char *grectlulsuspend(Conv *, int, char **);
+
+static struct{
+	char	*cmd;
+	int	argc;
+	char	*(*f)(Conv *, int, char **);
+} grectls[Ncmds] = {
+[GREctlraw]	=	{	"raw",		1,	grectlraw,	},
+[GREctlcooked]	=	{	"cooked",	1,	grectlcooked,	},
+[GREctlretunnel]=	{	"retunnel",	5,	grectlretunnel,	},
+[GREctlreport]	=	{	"report",	2,	grectlreport,	},
+[GREctldlsuspend]=	{	"dlsuspend",	1,	grectldlsuspend,},
+[GREctlulsuspend]=	{	"ulsuspend",	1,	grectlulsuspend,},
+[GREctldlresume]=	{	"dlresume",	1,	grectldlresume,	},
+[GREctlulresume]=	{	"ulresume",	1,	grectlulresume,	},
+[GREctlforward]	=	{	"forward",	2,	grectlforward,	},
+[GREctlulkey]	=	{	"ulkey",	2,	grectlulkey,	},
 };
 
+static uchar nulladdr[4];
+static char *sessend = "session end";
+
 static void grekick(void *x, Block *bp);
+static char *gresetup(Conv *, char *, char *, char *);
 
-static char*
+uvlong grepdin, grepdout, grebdin, grebdout;
+uvlong grepuin, grepuout, grebuin, grebuout;
+
+static Block *
+getring(Bring *r)
+{
+	Block *bp;
+
+	if(r->consumed == r->produced)
+		return nil;
+
+	bp = r->ring[r->consumed & Ringmask];
+	r->ring[r->consumed & Ringmask] = nil;
+	r->consumed++;
+	return bp;
+}
+
+static void
+addring(Bring *r, Block *bp)
+{
+	Block *tbp;
+
+	if(r->produced - r->consumed > Ringmask){
+		/* Full! */
+		tbp = r->ring[r->produced & Ringmask];
+		assert(tbp);
+		freeb(tbp);
+		r->consumed++;
+	}
+	r->ring[r->produced & Ringmask] = bp;
+	r->produced++;
+}
+
+static char *
 greconnect(Conv *c, char **argv, int argc)
 {
 	Proto *p;
@@ -91,141 +208,439 @@
 static void
 grecreate(Conv *c)
 {
-	c->rq = qopen(64*1024, Qmsg, 0, c);
+	c->rq = qopen(GREqlen, Qmsg, 0, c);
 	c->wq = qbypass(grekick, c);
 }
 
 static int
 grestate(Conv *c, char *state, int n)
 {
-	USED(c);
-	return snprint(state, n, "%s", "Datagram");
+	GREconv *grec;
+	char *ep, *p;
+
+	grec = c->ptcl;
+	p    = state;
+	ep   = p + n;
+	p    = seprint(p, ep, "%s%s%s%shoa %V north %V south %V seq %ulx "
+	 "pending %uld  %uld buffered dl %uld %uld ul %uld %uld ulkey %.8ulx\n",
+			c->inuse? "Open ": "Closed ",
+			grec->raw? "raw ": "",
+			grec->dlsusp? "DL suspended ": "",
+			grec->ulsusp? "UL suspended ": "",
+			grec->hoa, grec->north, grec->south, grec->seq,
+			grec->dlpending.consumed, grec->dlpending.produced,
+			grec->dlbuffered.consumed, grec->dlbuffered.produced,
+			grec->ulbuffered.consumed, grec->ulbuffered.produced,
+			grec->ulkey);
+	return p - state;
 }
 
 static char*
 greannounce(Conv*, char**, int)
 {
-	return "pktifc does not support announce";
+	return "gre does not support announce";
 }
 
 static void
 greclose(Conv *c)
 {
-	qclose(c->rq);
-	qclose(c->wq);
-	qclose(c->eq);
+	GREconv *grec;
+	Block *bp;
+
+	grec = c->ptcl;
+
+	/* Make sure we don't forward any more packets */
+	memset(grec->hoa, 0, sizeof grec->hoa);
+	memset(grec->north, 0, sizeof grec->north);
+	memset(grec->south, 0, sizeof grec->south);
+
+	qlock(&grec->lock);
+	while((bp = getring(&grec->dlpending)) != nil)
+		freeb(bp);
+
+	while((bp = getring(&grec->dlbuffered)) != nil)
+		freeb(bp);
+
+	while((bp = getring(&grec->ulbuffered)) != nil)
+		freeb(bp);
+
+	grec->dlpending.produced = grec->dlpending.consumed = 0;
+	grec->dlbuffered.produced = grec->dlbuffered.consumed = 0;
+	grec->ulbuffered.produced = grec->ulbuffered.consumed = 0;
+	qunlock(&grec->lock);
+
+	grec->raw = 0;
+	grec->seq = 0;
+	grec->dlsusp = grec->ulsusp = 1;
+
+	qhangup(c->rq, sessend);
+	qhangup(c->wq, sessend);
+	qhangup(c->eq, sessend);
 	ipmove(c->laddr, IPnoaddr);
 	ipmove(c->raddr, IPnoaddr);
-	c->lport = 0;
-	c->rport = 0;
+	c->lport = c->rport = 0;
 }
 
-int drop;
-
 static void
 grekick(void *x, Block *bp)
 {
-	Conv *c = x;
-	GREhdr *ghp;
+	Conv *c;
+	GREconv *grec;
+	GREhdr *gre;
 	uchar laddr[IPaddrlen], raddr[IPaddrlen];
 
 	if(bp == nil)
 		return;
 
+	c    = x;
+	grec = c->ptcl;
+
 	/* Make space to fit ip header (gre header already there) */
 	bp = padblock(bp, GRE_IPONLY);
-	if(bp == nil)
-		return;
 
 	/* make sure the message has a GRE header */
 	bp = pullupblock(bp, GRE_IPONLY+GRE_IPPLUSGRE);
 	if(bp == nil)
 		return;
 
-	ghp = (GREhdr *)(bp->rp);
-	ghp->vihl = IP_VER4;
+	gre = (GREhdr *)bp->rp;
+	gre->vihl = IP_VER4;
 
-	if(!((GREpriv*)c->p->priv)->raw){
-		v4tov6(raddr, ghp->dst);
+	if(grec->raw == 0){
+		v4tov6(raddr, gre->dst);
 		if(ipcmp(raddr, v4prefix) == 0)
-			memmove(ghp->dst, c->raddr + IPv4off, IPv4addrlen);
-		v4tov6(laddr, ghp->src);
+			memmove(gre->dst, c->raddr + IPv4off, IPv4addrlen);
+		v4tov6(laddr, gre->src);
 		if(ipcmp(laddr, v4prefix) == 0){
 			if(ipcmp(c->laddr, IPnoaddr) == 0)
-				findlocalip(c->p->f, c->laddr, raddr); /* pick interface closest to dest */
-			memmove(ghp->src, c->laddr + IPv4off, IPv4addrlen);
+				/* pick interface closest to dest */
+				findlocalip(c->p->f, c->laddr, raddr);
+			memmove(gre->src, c->laddr + IPv4off, sizeof gre->src);
 		}
-		hnputs(ghp->eproto, c->rport);
+		hnputs(gre->eproto, c->rport);
 	}
 
-	ghp->proto = IP_GREPROTO;
-	ghp->frag[0] = 0;
-	ghp->frag[1] = 0;
+	gre->proto = IP_GREPROTO;
+	gre->frag[0] = gre->frag[1] = 0;
 
+	grepdout++;
+	grebdout += BLEN(bp);
 	ipoput4(c->p->f, bp, 0, c->ttl, c->tos, nil);
 }
 
 static void
-greiput(Proto *gre, Ipifc*, Block *bp)
+gredownlink(Conv *c, Block *bp)
 {
-	int len;
-	GREhdr *ghp;
-	Conv *c, **p;
-	ushort eproto;
+	Metablock *m;
+	GREconv *grec;
+	GREhdr *gre;
+	int hdrlen, suspended, extra;
+	ushort flags;
+	ulong seq;
+
+	gre = (GREhdr *)bp->rp;
+	if(gre->ttl == 1){
+		freeb(bp);
+		return;
+	}
+
+	/*
+	 * We've received a packet with a GRE header and we need to
+	 * re-adjust the packet header to strip all unwanted parts
+	 * but leave room for only a sequence number.
+	 */
+	grec   = c->ptcl;
+	flags  = nhgets(gre->flags);
+	hdrlen = 0;
+	if(flags & GRE_cksum)
+		hdrlen += 2;
+	if(flags & GRE_routing){
+		print("%V routing info present.  Discarding packet", gre->src);
+		freeb(bp);
+		return;
+	}
+	if(flags & (GRE_cksum|GRE_routing))
+		hdrlen += 2;			/* Offset field */
+	if(flags & GRE_key)
+		hdrlen += 4;
+	if(flags & GRE_seq)
+		hdrlen += 4;
+
+	/*
+	 * The outgoing packet only has the sequence number set.  Make room
+	 * for the sequence number.
+	 */
+	if(hdrlen != sizeof(ulong)){
+		extra = hdrlen - sizeof(ulong);
+		if(extra < 0 && bp->rp - bp->base < -extra){
+			print("gredownlink: cannot add sequence number\n");
+			freeb(bp);
+			return;
+		}
+		memmove(bp->rp + extra, bp->rp, sizeof(GREhdr));
+		bp->rp += extra;
+		assert(BLEN(bp) >= sizeof(GREhdr) + sizeof(ulong));
+		gre = (GREhdr *)bp->rp;
+	}
+	seq = grec->seq++;
+	hnputs(gre->flags, GRE_seq);
+	hnputl(bp->rp + sizeof(GREhdr), seq);
+
+	/*
+	 * Keep rp and seq at the base.  ipoput4 consumes rp for
+	 * refragmentation.
+	 */
+	assert(bp->rp - bp->base >= sizeof(Metablock));
+	m = (Metablock *)bp->base;
+	m->rp  = bp->rp;
+	m->seq = seq;
+
+	/*
+	 * Here we make a decision what we're doing with the packet.  We're
+	 * doing this w/o holding a lock which means that later on in the
+	 * process we may discover we've done the wrong thing.  I don't want
+	 * to call ipoput with the lock held.
+	 */
+restart:
+	suspended = grec->dlsusp;
+	if(suspended){
+		if(!canqlock(&grec->lock)){
+			/*
+			 * just give up.  too bad, we lose a packet.  this
+			 * is just too hard and my brain already hurts.
+			 */
+			freeb(bp);
+			return;
+		}
+
+		if(!grec->dlsusp){
+			/*
+			 * suspend race.  We though we were suspended, but
+			 * we really weren't.
+			 */
+			qunlock(&grec->lock);
+			goto restart;
+		}
+
+		/* Undo the incorrect ref count addition */
+		addring(&grec->dlbuffered, bp);
+		qunlock(&grec->lock);
+		return;
+	}
+
+	/*
+	 * When we get here, we're not suspended.  Proceed to send the
+	 * packet.
+	 */
+	memmove(gre->src, grec->coa, sizeof gre->dst);
+	memmove(gre->dst, grec->south, sizeof gre->dst);
+
+	ipoput4(c->p->f, copyblock(bp, BLEN(bp)), 0, gre->ttl - 1, gre->tos, nil);
+	grepdout++;
+	grebdout += BLEN(bp);
+
+	/*
+	 * Now make sure we didn't do the wrong thing.
+	 */
+	if(!canqlock(&grec->lock)){
+		freeb(bp);		/* The packet just goes away */
+		return;
+	}
+
+	/* We did the right thing */
+	addring(&grec->dlpending, bp);
+	qunlock(&grec->lock);
+}
+
+static void
+greuplink(Conv *c, Block *bp)
+{
+	GREconv *grec;
+	GREhdr *gre;
+	ushort flags;
+
+	gre = (GREhdr *)bp->rp;
+	if(gre->ttl == 1)
+		return;
+
+	grec = c->ptcl;
+	memmove(gre->src, grec->coa, sizeof gre->src);
+	memmove(gre->dst, grec->north, sizeof gre->dst);
+
+	/*
+	 * Add a key, if needed.
+	 */
+	if(grec->ulkey){
+		flags = nhgets(gre->flags);
+		if(flags & (GRE_cksum|GRE_routing)){
+			print("%V routing info present.  Discarding packet\n",
+				gre->src);
+			freeb(bp);
+			return;
+		}
+
+		if((flags & GRE_key) == 0){
+			/* Make room for the key */
+			if(bp->rp - bp->base < sizeof(ulong)){
+				print("%V can't add key\n", gre->src);
+				freeb(bp);
+				return;
+			}
+
+			bp->rp -= 4;
+			memmove(bp->rp, bp->rp + 4, sizeof(GREhdr));
+
+			gre = (GREhdr *)bp->rp;
+			hnputs(gre->flags, flags | GRE_key);
+		}
+
+		/* Add the key */
+		hnputl(bp->rp + sizeof(GREhdr), grec->ulkey);
+	}
+
+	if(!canqlock(&grec->lock)){
+		freeb(bp);
+		return;
+	}
+
+	if(grec->ulsusp)
+		addring(&grec->ulbuffered, bp);
+	else{
+		ipoput4(c->p->f, bp, 0, gre->ttl - 1, gre->tos, nil);
+		grepuout++;
+		grebuout += BLEN(bp);
+	}
+	qunlock(&grec->lock);
+}
+
+static void
+greiput(Proto *proto, Ipifc *, Block *bp)
+{
+	int len, hdrlen;
+	ushort eproto, flags;
 	uchar raddr[IPaddrlen];
+	Conv *c, **p;
+	GREconv *grec;
+	GREhdr *gre;
 	GREpriv *gpriv;
+	Ip4hdr *ip;
 
-	gpriv = gre->priv;
-	ghp = (GREhdr*)(bp->rp);
+	/*
+	 * We don't want to deal with block lists.  Ever.  The problem is
+	 * that when the block is forwarded, devether.c puts the block into
+	 * a queue that also uses ->next.  Just do not use ->next here!
+	 */
+	if(bp->next != nil)
+		bp = pullupblock(bp, blocklen(bp));
 
-	v4tov6(raddr, ghp->src);
-	eproto = nhgets(ghp->eproto);
-	qlock(gre);
-
-	/* Look for a conversation structure for this port and address */
-	c = nil;
-	for(p = gre->conv; *p; p++) {
+	gre = (GREhdr *)bp->rp;
+	if(BLEN(bp) < sizeof(GREhdr) || gre->proto != IP_GREPROTO){
+		freeb(bp);
+		return;
+	}
+
+	v4tov6(raddr, gre->src);
+	eproto = nhgets(gre->eproto);
+	flags  = nhgets(gre->flags);
+	hdrlen = sizeof(GREhdr);
+
+	if(flags & GRE_cksum)
+		hdrlen += 2;
+	if(flags & GRE_routing){
+		print("%I routing info present.  Discarding packet\n", raddr);
+		freeb(bp);
+		return;
+	}
+	if(flags & (GRE_cksum|GRE_routing))
+		hdrlen += 2;			/* Offset field */
+	if(flags & GRE_key)
+		hdrlen += 4;
+	if(flags & GRE_seq)
+		hdrlen += 4;
+
+	qlock(proto);
+
+	if(eproto != 0x880B && BLEN(bp) - hdrlen >= sizeof(Ip4hdr)){
+		ip = (Ip4hdr *)(bp->rp + hdrlen);
+
+		/*
+		 * Look for a conversation structure for this port and address, or
+		 * match the retunnel part, or match on the raw flag.
+		 */
+		for(p = proto->conv; *p; p++) {
+			c = *p;
+
+			if(c->inuse == 0)
+				continue;
+
+			/*
+			 * Do not stop this session - blocking here
+			 * implies that etherread is blocked.
+			 */
+			grec = c->ptcl;
+			if(memcmp(ip->dst, grec->hoa, sizeof ip->dst) == 0){
+				grepdin++;
+				grebdin += BLEN(bp);
+				gredownlink(c, bp);
+				qunlock(proto);
+				return;
+			}
+
+			if(memcmp(ip->src, grec->hoa, sizeof ip->src) == 0){
+				grepuin++;
+				grebuin += BLEN(bp);
+				greuplink(c, bp);
+				qunlock(proto);
+				return;
+			}
+		}
+	}
+
+
+	/*
+	 * when we get here, none of the forwarding tunnels matched.  now
+	 * try to match on raw and conversational sessions.
+	 */
+	for(c = nil, p = proto->conv; *p; p++) {
 		c = *p;
+
 		if(c->inuse == 0)
 			continue;
-		if(c->rport == eproto && 
-			(gpriv->raw || ipcmp(c->raddr, raddr) == 0))
+
+		/*
+		 * Do not stop this session - blocking here
+		 * implies that etherread is blocked.
+		 */
+		grec = c->ptcl;
+		if(c->rport == eproto &&
+		    (grec->raw || ipcmp(c->raddr, raddr) == 0))
 			break;
 	}
 
-	if(*p == nil) {
-		qunlock(gre);
-		freeblist(bp);
+	qunlock(proto);
+
+	if(*p == nil){
+		freeb(bp);
 		return;
 	}
 
-	qunlock(gre);
-
 	/*
 	 * Trim the packet down to data size
 	 */
-	len = nhgets(ghp->len) - GRE_IPONLY;
+	len = nhgets(gre->len) - GRE_IPONLY;
 	if(len < GRE_IPPLUSGRE){
-		freeblist(bp);
+		freeb(bp);
 		return;
 	}
+
 	bp = trimblock(bp, GRE_IPONLY, len);
 	if(bp == nil){
+		gpriv = proto->priv;
 		gpriv->lenerr++;
 		return;
 	}
 
-	/*
-	 *  Can't delimit packet so pull it all into one block.
-	 */
-	if(qlen(c->rq) > 64*1024)
-		freeblist(bp);
-	else{
-		bp = concatblock(bp);
-		if(bp == 0)
-			panic("greiput");
-		qpass(c->rq, bp);
-	}
+	qpass(c->rq, bp);
 }
 
 int
@@ -234,27 +649,256 @@
 	GREpriv *gpriv;
 
 	gpriv = gre->priv;
+	return snprint(buf, len,
+		"gre: %llud %llud %llud %llud %llud %llud %llud %llud, lenerrs %llud\n",
+		grepdin, grepdout, grepuin, grepuout,
+		grebdin, grebdout, grebuin, grebuout, gpriv->lenerr);
+}
 
-	return snprint(buf, len, "gre: len %lud\n", gpriv->lenerr);
+static char *
+grectlraw(Conv *c, int, char **)
+{
+	GREconv *grec;
+
+	grec = c->ptcl;
+	grec->raw = 1;
+	return nil;
 }
 
-char*
-grectl(Conv *c, char **f, int n)
+static char *
+grectlcooked(Conv *c, int, char **)
 {
-	GREpriv *gpriv;
+	GREconv *grec;
 
-	gpriv = c->p->priv;
-	if(n == 1){
-		if(strcmp(f[0], "raw") == 0){
-			gpriv->raw = 1;
-			return nil;
-		}
-		else if(strcmp(f[0], "cooked") == 0){
-			gpriv->raw = 0;
-			return nil;
-		}
+	grec = c->ptcl;
+	grec->raw = 0;
+	return nil;
+}
+
+static char *
+grectlretunnel(Conv *c, int, char **argv)
+{
+	GREconv *grec;
+	uchar ipaddr[4];
+
+	grec = c->ptcl;
+	if(memcmp(grec->hoa, nulladdr, sizeof grec->hoa))
+		return "tunnel already set up";
+
+	v4parseip(ipaddr, argv[1]);
+	if(memcmp(ipaddr, nulladdr, sizeof ipaddr) == 0)
+		return "bad hoa";
+	memmove(grec->hoa, ipaddr, sizeof grec->hoa);
+	v4parseip(ipaddr, argv[2]);
+	memmove(grec->north, ipaddr, sizeof grec->north);
+	v4parseip(ipaddr, argv[3]);
+	memmove(grec->south, ipaddr, sizeof grec->south);
+	v4parseip(ipaddr, argv[4]);
+	memmove(grec->coa, ipaddr, sizeof grec->coa);
+	grec->ulsusp = 1;
+	grec->dlsusp = 0;
+
+	return nil;
+}
+
+static char *
+grectlreport(Conv *c, int, char **argv)
+{
+	ulong seq;
+	Block *bp;
+	Bring *r;
+	GREconv *grec;
+	Metablock *m;
+
+	grec = c->ptcl;
+	seq  = strtoul(argv[1], nil, 0);
+
+	qlock(&grec->lock);
+	r = &grec->dlpending;
+	while(r->produced - r->consumed > 0){
+		bp = r->ring[r->consumed & Ringmask];
+
+		assert(bp && bp->rp - bp->base >= sizeof(Metablock));
+		m = (Metablock *)bp->base;
+		if((long)(seq - m->seq) <= 0)
+			break;
+
+		r->ring[r->consumed & Ringmask] = nil;
+		r->consumed++;
+
+		freeb(bp);
 	}
-	return "unknown control request";
+	qunlock(&grec->lock);
+	return nil;
+}
+
+static char *
+grectldlsuspend(Conv *c, int, char **)
+{
+	GREconv *grec;
+
+	grec = c->ptcl;
+	if(grec->dlsusp)
+		return "already suspended";
+
+	grec->dlsusp = 1;
+	return nil;
+}
+
+static char *
+grectlulsuspend(Conv *c, int, char **)
+{
+	GREconv *grec;
+
+	grec = c->ptcl;
+	if(grec->ulsusp)
+		return "already suspended";
+
+	grec->ulsusp = 1;
+	return nil;
+}
+
+static char *
+grectldlresume(Conv *c, int, char **)
+{
+	GREconv *grec;
+	GREhdr *gre;
+	Block *bp;
+
+	grec = c->ptcl;
+
+	qlock(&grec->lock);
+	if(!grec->dlsusp){
+		qunlock(&grec->lock);
+		return "not suspended";
+	}
+
+	while((bp = getring(&grec->dlbuffered)) != nil){
+		gre = (GREhdr *)bp->rp;
+		qunlock(&grec->lock);
+
+		ipoput4(c->p->f, copyblock(bp, BLEN(bp)), 0, gre->ttl - 1, gre->tos, nil);
+
+		qlock(&grec->lock);
+		addring(&grec->dlpending, bp);
+	}
+	grec->dlsusp = 0;
+	qunlock(&grec->lock);
+	return nil;
+}
+
+static char *
+grectlulresume(Conv *c, int, char **)
+{
+	GREconv *grec;
+	GREhdr *gre;
+	Block *bp;
+
+	grec = c->ptcl;
+
+	qlock(&grec->lock);
+	while((bp = getring(&grec->ulbuffered)) != nil){
+		gre = (GREhdr *)bp->rp;
+
+		qunlock(&grec->lock);
+		ipoput4(c->p->f, bp, 0, gre->ttl - 1, gre->tos, nil);
+		qlock(&grec->lock);
+	}
+	grec->ulsusp = 0;
+	qunlock(&grec->lock);
+	return nil;
+}
+
+static char *
+grectlforward(Conv *c, int, char **argv)
+{
+	Block *bp;
+	GREconv *grec;
+	GREhdr *gre;
+	Metablock *m;
+
+	grec = c->ptcl;
+
+	v4parseip(grec->south, argv[1]);
+	memmove(grec->north, grec->south, sizeof grec->north);
+
+	qlock(&grec->lock);
+	if(!grec->dlsusp){
+		qunlock(&grec->lock);
+		return "not suspended";
+	}
+	grec->dlsusp = 0;
+	grec->ulsusp = 0;
+
+	while((bp = getring(&grec->dlpending)) != nil){
+
+		assert(bp->rp - bp->base >= sizeof(Metablock));
+		m = (Metablock *)bp->base;
+		assert(m->rp >= bp->base && m->rp < bp->lim);
+
+		bp->rp = m->rp;
+
+		gre = (GREhdr *)bp->rp;
+		memmove(gre->src, grec->coa, sizeof gre->dst);
+		memmove(gre->dst, grec->south, sizeof gre->dst);
+
+		qunlock(&grec->lock);
+		ipoput4(c->p->f, bp, 0, gre->ttl - 1, gre->tos, nil);
+		qlock(&grec->lock);
+	}
+
+	while((bp = getring(&grec->dlbuffered)) != nil){
+		gre = (GREhdr *)bp->rp;
+		memmove(gre->src, grec->coa, sizeof gre->dst);
+		memmove(gre->dst, grec->south, sizeof gre->dst);
+
+		qunlock(&grec->lock);
+		ipoput4(c->p->f, bp, 0, gre->ttl - 1, gre->tos, nil);
+		qlock(&grec->lock);
+	}
+
+	while((bp = getring(&grec->ulbuffered)) != nil){
+		gre = (GREhdr *)bp->rp;
+
+		memmove(gre->src, grec->coa, sizeof gre->dst);
+		memmove(gre->dst, grec->south, sizeof gre->dst);
+
+		qunlock(&grec->lock);
+		ipoput4(c->p->f, bp, 0, gre->ttl - 1, gre->tos, nil);
+		qlock(&grec->lock);
+	}
+	qunlock(&grec->lock);
+	return nil;
+}
+
+static char *
+grectlulkey(Conv *c, int, char **argv)
+{
+	GREconv *grec;
+
+	grec = c->ptcl;
+	grec->ulkey = strtoul(argv[1], nil, 0);
+	return nil;
+}
+
+char *
+grectl(Conv *c, char **f, int n)
+{
+	int i;
+
+	if(n < 1)
+		return "too few arguments";
+
+	for(i = 0; i < Ncmds; i++)
+		if(strcmp(f[0], grectls[i].cmd) == 0)
+			break;
+
+	if(i == Ncmds)
+		return "no such command";
+	if(grectls[i].argc != 0 && grectls[i].argc != n)
+		return "incorrect number of arguments";
+
+	return grectls[i].f(c, n, f);
 }
 
 void
@@ -276,7 +920,7 @@
 	gre->stats = grestats;
 	gre->ipproto = IP_GREPROTO;
 	gre->nc = 64;
-	gre->ptclsize = 0;
+	gre->ptclsize = sizeof(GREconv);
 
 	Fsproto(fs, gre);
 }
--- a/os/ip/icmp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/icmp.c	Sat Aug 21 01:39:52 2021
@@ -44,11 +44,6 @@
 	Maxtype		= 18,
 };
 
-enum
-{
-	MinAdvise	= 24,	/* minimum needed for us to advise another protocol */ 
-};
-
 char *icmpnames[Maxtype+1] =
 {
 [EchoReply]		"EchoReply",
@@ -70,6 +65,8 @@
 	IP_ICMPPROTO	= 1,
 	ICMP_IPSIZE	= 20,
 	ICMP_HDRSIZE	= 8,
+
+	MinAdvise	= ICMP_IPSIZE+4,	/* minimum needed for us to advise another protocol */ 
 };
 
 enum
@@ -113,7 +110,7 @@
 	c->wq = qbypass(icmpkick, c);
 }
 
-extern char*
+char*
 icmpconnect(Conv *c, char **argv, int argc)
 {
 	char *e;
@@ -126,18 +123,18 @@
 	return nil;
 }
 
-extern int
+int
 icmpstate(Conv *c, char *state, int n)
 {
 	USED(c);
-	return snprint(state, n, "%s qin %d qout %d",
+	return snprint(state, n, "%s qin %d qout %d\n",
 		"Datagram",
 		c->rq ? qlen(c->rq) : 0,
 		c->wq ? qlen(c->wq) : 0
 	);
 }
 
-extern char*
+char*
 icmpannounce(Conv *c, char **argv, int argc)
 {
 	char *e;
@@ -150,7 +147,7 @@
 	return nil;
 }
 
-extern void
+void
 icmpclose(Conv *c)
 {
 	qclose(c->rq);
@@ -169,8 +166,7 @@
 
 	if(bp == nil)
 		return;
-
-	if(blocklen(bp) < ICMP_IPSIZE + ICMP_HDRSIZE){
+	if(BLEN(bp) < ICMP_IPSIZE + ICMP_HDRSIZE){
 		freeblist(bp);
 		return;
 	}
@@ -190,21 +186,50 @@
 	ipoput4(c->p->f, bp, 0, c->ttl, c->tos, nil);
 }
 
-extern void
-icmpttlexceeded(Fs *f, uchar *ia, Block *bp)
+static int
+ip4reply(Fs *f, uchar ip4[4])
+{
+	uchar addr[IPaddrlen];
+	int i;
+
+	v4tov6(addr, ip4);
+	if(ipismulticast(addr))
+		return 0;
+	i = ipforme(f, addr);
+	return i == 0 || i == Runi;
+}
+
+static int
+ip4me(Fs *f, uchar ip4[4])
+{
+	uchar addr[IPaddrlen];
+
+	v4tov6(addr, ip4);
+	if(ipismulticast(addr))
+		return 0;
+	return ipforme(f, addr) == Runi;
+}
+
+void
+icmpttlexceeded(Fs *f, Ipifc *ifc, Block *bp)
 {
 	Block	*nbp;
 	Icmp	*p, *np;
+	uchar	ia[IPv4addrlen];
 
 	p = (Icmp *)bp->rp;
+	if(!ip4reply(f, p->src) || !ipv4local(ifc, ia, 0, p->src))
+		return;
+
+	netlog(f, Logicmp, "sending icmpttlexceeded %V -> src %V dst %V\n",
+		ia, p->src, p->dst);
 
-	netlog(f, Logicmp, "sending icmpttlexceeded -> %V\n", p->src);
 	nbp = allocb(ICMP_IPSIZE + ICMP_HDRSIZE + ICMP_IPSIZE + 8);
 	nbp->wp += ICMP_IPSIZE + ICMP_HDRSIZE + ICMP_IPSIZE + 8;
 	np = (Icmp *)nbp->rp;
 	np->vihl = IP_VER4;
+	memmove(np->src, ia, sizeof(np->src));
 	memmove(np->dst, p->src, sizeof(np->dst));
-	v6tov4(np->src, ia);
 	memmove(np->data, bp->rp, ICMP_IPSIZE + 8);
 	np->type = TimeExceed;
 	np->code = 0;
@@ -214,7 +239,6 @@
 	memset(np->cksum, 0, sizeof(np->cksum));
 	hnputs(np->cksum, ptclcsum(nbp, ICMP_IPSIZE, blocklen(nbp) - ICMP_IPSIZE));
 	ipoput4(f, nbp, 0, MAXTTL, DFLTTOS, nil);
-
 }
 
 static void
@@ -222,19 +246,9 @@
 {
 	Block	*nbp;
 	Icmp	*p, *np;
-	int	i;
-	uchar	addr[IPaddrlen];
 
 	p = (Icmp *)bp->rp;
-
-	/* only do this for unicast sources and destinations */
-	v4tov6(addr, p->dst);
-	i = ipforme(f, addr);
-	if((i&Runi) == 0)
-		return;
-	v4tov6(addr, p->src);
-	i = ipforme(f, addr);
-	if(i != 0 && (i&Runi) == 0)
+	if(!ip4me(f, p->dst) || !ip4reply(f, p->src))
 		return;
 
 	netlog(f, Logicmp, "sending icmpnoconv -> %V\n", p->src);
@@ -255,13 +269,13 @@
 	ipoput4(f, nbp, 0, MAXTTL, DFLTTOS, nil);
 }
 
-extern void
+void
 icmpnoconv(Fs *f, Block *bp)
 {
 	icmpunreachable(f, bp, 3, 0);
 }
 
-extern void
+void
 icmpcantfrag(Fs *f, Block *bp, int mtu)
 {
 	icmpunreachable(f, bp, 4, mtu);
@@ -270,35 +284,34 @@
 static void
 goticmpkt(Proto *icmp, Block *bp)
 {
+	ushort	recid;
+	uchar	dst[IPaddrlen], src[IPaddrlen];
 	Conv	**c, *s;
 	Icmp	*p;
-	uchar	dst[IPaddrlen];
-	ushort	recid;
 
 	p = (Icmp *) bp->rp;
-	v4tov6(dst, p->src);
+	v4tov6(dst, p->dst);
+	v4tov6(src, p->src);
 	recid = nhgets(p->icmpid);
 
-	for(c = icmp->conv; *c; c++) {
-		s = *c;
+	for(c = icmp->conv; (s = *c) != nil; c++){
 		if(s->lport == recid)
-		if(ipcmp(s->raddr, dst) == 0){
-			bp = concatblock(bp);
-			if(bp != nil)
-				qpass(s->rq, bp);
-			return;
-		}
+		if(ipcmp(s->laddr, dst) == 0 || ipcmp(s->raddr, src) == 0)
+			qpass(s->rq, copyblock(bp, blocklen(bp)));
 	}
 	freeblist(bp);
 }
 
 static Block *
-mkechoreply(Block *bp)
+mkechoreply(Block *bp, Fs *f)
 {
 	Icmp	*q;
 	uchar	ip[4];
 
 	q = (Icmp *)bp->rp;
+	if(!ip4me(f, q->dst) || !ip4reply(f, q->src))
+		return nil;
+
 	q->vihl = IP_VER4;
 	memmove(ip, q->src, sizeof(q->dst));
 	memmove(q->src, q->dst, sizeof(q->src));
@@ -318,12 +331,22 @@
 [3]	"port unreachable",
 [4]	"fragmentation needed and DF set",
 [5]	"source route failed",
+[6]	"destination network unknown",
+[7]	"destination host unknown",
+[8]	"source host isolated",
+[9]	"network administratively prohibited",
+[10]	"host administratively prohibited",
+[11]	"network unreachable for tos",
+[12]	"host unreachable for tos",
+[13]	"communication administratively prohibited",
+[14]	"host precedence violation",
+[15]	"precedence cutoff in effect",
 };
 
 static void
 icmpiput(Proto *icmp, Ipifc*, Block *bp)
 {
-	int	n, iplen;
+	int	n;
 	Icmp	*p;
 	Block	*r;
 	Proto	*pr;
@@ -332,81 +355,67 @@
 	Icmppriv *ipriv;
 
 	ipriv = icmp->priv;
-	
 	ipriv->stats[InMsgs]++;
 
-	p = (Icmp *)bp->rp;
-	netlog(icmp->f, Logicmp, "icmpiput %d %d\n", p->type, p->code);
-	n = blocklen(bp);
+	bp = concatblock(bp);
+	n = BLEN(bp);
 	if(n < ICMP_IPSIZE+ICMP_HDRSIZE){
 		ipriv->stats[InErrors]++;
 		ipriv->stats[HlenErrs]++;
 		netlog(icmp->f, Logicmp, "icmp hlen %d\n", n);
 		goto raise;
 	}
-	iplen = nhgets(p->length);
-	if(iplen > n || (iplen % 1)){
-		ipriv->stats[LenErrs]++;
-		ipriv->stats[InErrors]++;
-		netlog(icmp->f, Logicmp, "icmp length %d\n", iplen);
-		goto raise;
-	}
-	if(ptclcsum(bp, ICMP_IPSIZE, iplen - ICMP_IPSIZE)){
+	if(ptclcsum(bp, ICMP_IPSIZE, n - ICMP_IPSIZE)){
 		ipriv->stats[InErrors]++;
 		ipriv->stats[CsumErrs]++;
 		netlog(icmp->f, Logicmp, "icmp checksum error\n");
 		goto raise;
 	}
+	p = (Icmp *)bp->rp;
+	netlog(icmp->f, Logicmp, "icmpiput %s (%d) %d\n",
+		(p->type < nelem(icmpnames)? icmpnames[p->type]: ""),
+		p->type, p->code);
 	if(p->type <= Maxtype)
 		ipriv->in[p->type]++;
 
 	switch(p->type) {
 	case EchoRequest:
-		if (iplen < n)
-			bp = trimblock(bp, 0, iplen);
-		r = mkechoreply(bp);
+		r = mkechoreply(bp, icmp->f);
+		if(r == nil)
+			goto raise;
 		ipriv->out[EchoReply]++;
 		ipoput4(icmp->f, r, 0, MAXTTL, DFLTTOS, nil);
 		break;
 	case Unreachable:
-		if(p->code > 5)
-			msg = unreachcode[1];
-		else
+		if(p->code >= nelem(unreachcode)) {
+			snprint(m2, sizeof m2, "unreachable %V -> %V code %d",
+				p->src, p->dst, p->code);
+			msg = m2;
+		} else
 			msg = unreachcode[p->code];
 
+	Advise:
 		bp->rp += ICMP_IPSIZE+ICMP_HDRSIZE;
-		if(blocklen(bp) < MinAdvise){
+		if(BLEN(bp) < MinAdvise){
 			ipriv->stats[LenErrs]++;
 			goto raise;
 		}
 		p = (Icmp *)bp->rp;
-		pr = Fsrcvpcolx(icmp->f, p->proto);
-		if(pr != nil && pr->advise != nil) {
-			(*pr->advise)(pr, bp, msg);
-			return;
+		if((nhgets(p->frag) & IP_FO) == 0){
+			pr = Fsrcvpcolx(icmp->f, p->proto);
+			if(pr != nil && pr->advise != nil) {
+				(*pr->advise)(pr, bp, msg);
+				return;
+			}
 		}
-
 		bp->rp -= ICMP_IPSIZE+ICMP_HDRSIZE;
 		goticmpkt(icmp, bp);
 		break;
 	case TimeExceed:
 		if(p->code == 0){
-			sprint(m2, "ttl exceeded at %V", p->src);
-
-			bp->rp += ICMP_IPSIZE+ICMP_HDRSIZE;
-			if(blocklen(bp) < MinAdvise){
-				ipriv->stats[LenErrs]++;
-				goto raise;
-			}
-			p = (Icmp *)bp->rp;
-			pr = Fsrcvpcolx(icmp->f, p->proto);
-			if(pr != nil && pr->advise != nil) {
-				(*pr->advise)(pr, bp, m2);
-				return;
-			}
-			bp->rp -= ICMP_IPSIZE+ICMP_HDRSIZE;
+			snprint(msg = m2, sizeof m2, "ttl exceeded at %V", p->src);
+			goto Advise;
 		}
-
 		goticmpkt(icmp, bp);
 		break;
 	default:
@@ -419,22 +428,25 @@
 	freeblist(bp);
 }
 
-void
+static void
 icmpadvise(Proto *icmp, Block *bp, char *msg)
 {
+	ushort	recid;
+	uchar	dst[IPaddrlen], src[IPaddrlen];
 	Conv	**c, *s;
 	Icmp	*p;
-	uchar	dst[IPaddrlen];
-	ushort	recid;
 
 	p = (Icmp *) bp->rp;
 	v4tov6(dst, p->dst);
+	v4tov6(src, p->src);
 	recid = nhgets(p->icmpid);
 
-	for(c = icmp->conv; *c; c++) {
-		s = *c;
+	for(c = icmp->conv; (s = *c) != nil; c++){
 		if(s->lport == recid)
+		if(ipcmp(s->laddr, src) == 0)
 		if(ipcmp(s->raddr, dst) == 0){
+			if(s->ignoreadvice)
+				break;
 			qhangup(s->rq, msg);
 			qhangup(s->wq, msg);
 			break;
@@ -443,7 +455,7 @@
 	freeblist(bp);
 }
 
-int
+static int
 icmpstats(Proto *icmp, char *buf, int len)
 {
 	Icmppriv *priv;
@@ -456,20 +468,14 @@
 	for(i = 0; i < Nstats; i++)
 		p = seprint(p, e, "%s: %lud\n", statnames[i], priv->stats[i]);
 	for(i = 0; i <= Maxtype; i++){
-		if(icmpnames[i])
+		if(icmpnames[i] != nil)
 			p = seprint(p, e, "%s: %lud %lud\n", icmpnames[i], priv->in[i], priv->out[i]);
 		else
 			p = seprint(p, e, "%d: %lud %lud\n", i, priv->in[i], priv->out[i]);
 	}
 	return p - buf;
 }
-
-int
-icmpgc(Proto *icmp)
-{
-	return natgc(icmp->ipproto);
-}
-
+	
 void
 icmpinit(Fs *fs)
 {
@@ -487,7 +493,7 @@
 	icmp->stats = icmpstats;
 	icmp->ctl = nil;
 	icmp->advise = icmpadvise;
-	icmp->gc = icmpgc;
+	icmp->gc = nil;
 	icmp->ipproto = IP_ICMPPROTO;
 	icmp->nc = 128;
 	icmp->ptclsize = 0;
--- a/os/ip/icmp6.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/icmp6.c	Sat Aug 21 01:39:52 2021
@@ -1,3 +1,6 @@
+/*
+ * Internet Control Message Protocol for IPv6
+ */
 #include "u.h"
 #include "../port/lib.h"
 #include "mem.h"
@@ -7,41 +10,36 @@
 #include "ip.h"
 #include "ipv6.h"
 
-typedef struct ICMPpkt ICMPpkt;
-typedef struct IPICMP IPICMP;
-typedef struct Ndpkt Ndpkt;
-typedef struct NdiscC NdiscC;
-
-struct ICMPpkt {
-	uchar	type;
-	uchar	code;
-	uchar	cksum[2];
-	uchar	icmpid[2];
-	uchar	seq[2];
-};
+enum
+{
+	InMsgs6,
+	InErrors6,
+	OutMsgs6,
+	CsumErrs6,
+	LenErrs6,
+	HlenErrs6,
+	HoplimErrs6,
+	IcmpCodeErrs6,
+	TargetErrs6,
+	OptlenErrs6,
+	AddrmxpErrs6,
+	RouterAddrErrs6,
 
-struct IPICMP {
-	Ip6hdr;
-	ICMPpkt;
+	Nstats6,
 };
 
-struct NdiscC
-{
-	IPICMP;
-	uchar target[IPaddrlen];
+enum {
+	ICMP_USEAD6	= 40,
 };
 
-struct Ndpkt
-{
-	NdiscC;
-	uchar otype;
-	uchar olen;	// length in units of 8 octets(incl type, code),
-				// 1 for IEEE 802 addresses
-	uchar lnaddr[6];	// link-layer address
+enum {
+	Oflag	= 1<<5,
+	Sflag	= 1<<6,
+	Rflag	= 1<<7,
 };
 
-enum {	
-	// ICMPv6 types
+enum {
+	/* ICMPv6 types */
 	EchoReply	= 0,
 	UnreachableV6	= 1,
 	PacketTooBigV6	= 2,
@@ -69,6 +67,65 @@
 	Maxtype6	= 137,
 };
 
+enum {
+	MinAdvise	= IP6HDR+4,	/* minimum needed for us to advise another protocol */ 
+};
+
+/* on-the-wire packet formats */
+typedef struct IPICMP IPICMP;
+typedef struct Ndpkt Ndpkt;
+typedef struct NdiscC NdiscC;
+
+/* we do this to avoid possible struct padding  */
+#define ICMPHDR \
+	IPV6HDR; \
+	uchar	type; \
+	uchar	code; \
+	uchar	cksum[2]; \
+	uchar	icmpid[2]; \
+	uchar	seq[2]
+
+struct IPICMP {
+	ICMPHDR;
+	uchar	payload[];
+};
+
+#define IPICMPSZ offsetof(IPICMP, payload[0])
+
+struct NdiscC {
+	ICMPHDR;
+	uchar	target[IPaddrlen];
+	uchar	payload[];
+};
+
+#define NDISCSZ offsetof(NdiscC, payload[0])
+
+struct Ndpkt {
+	ICMPHDR;
+	uchar	target[IPaddrlen];
+	uchar	otype;
+	uchar	olen;		/* length in units of 8 octets(incl type, code),
+				 * 1 for IEEE 802 addresses */
+	uchar	lnaddr[6];	/* link-layer address */
+	uchar	payload[];
+};
+
+#define NDPKTSZ offsetof(Ndpkt, payload[0])
+
+typedef struct Icmppriv6
+{
+	ulong	stats[Nstats6];
+
+	/* message counts */
+	ulong	in[Maxtype6+1];
+	ulong	out[Maxtype6+1];
+} Icmppriv6;
+
+typedef struct Icmpcb6
+{
+	uchar	headers;
+} Icmpcb6;
+
 char *icmpnames6[Maxtype6+1] =
 {
 [EchoReply]		"EchoReply",
@@ -95,24 +152,6 @@
 [RedirectV6]		"RedirectV6",
 };
 
-enum
-{
-	InMsgs6,
-	InErrors6,
-	OutMsgs6,
-	CsumErrs6,
-	LenErrs6,
-	HlenErrs6,
-	HoplimErrs6,
-	IcmpCodeErrs6,
-	TargetErrs6,
-	OptlenErrs6,
-	AddrmxpErrs6,
-	RouterAddrErrs6,
-
-	Nstats6,
-};
-
 static char *statnames6[Nstats6] =
 {
 [InMsgs6]	"InMsgs",
@@ -129,47 +168,16 @@
 [RouterAddrErrs6]	"RouterAddrErrs",
 };
 
-typedef struct Icmppriv6
-{
-	ulong	stats[Nstats6];
-
-	/* message counts */
-	ulong	in[Maxtype6+1];
-	ulong	out[Maxtype6+1];
-} Icmppriv6;
-
-typedef struct Icmpcb6 
-{
-	QLock;
-	uchar headers;
-} Icmpcb6;
-
 static char *unreachcode[] =
 {
-[icmp6_no_route]	"no route to destination",
-[icmp6_ad_prohib]	"comm with destination administratively prohibited",
-[icmp6_unassigned]	"icmp unreachable: unassigned error code (2)",
-[icmp6_adr_unreach]	"address unreachable",
-[icmp6_port_unreach]	"port unreachable",
-[icmp6_unkn_code]	"icmp unreachable: unknown code",
-};
-
-enum {
-	ICMP_USEAD6	= 40,
-};
-
-enum {
-	Oflag	= 1<<5,
-	Sflag	= 1<<6,
-	Rflag	= 1<<7,
-};
-
-enum {
-	slladd	= 1,
-	tlladd	= 2,
-	prfinfo	= 3,
-	redhdr	= 4,
-	mtuopt	= 5,
+[Icmp6_no_route]	"no route to destination",
+[Icmp6_ad_prohib]	"comm with destination administratively prohibited",
+[Icmp6_out_src_scope]	"beyond scope of source address",
+[Icmp6_adr_unreach]	"address unreachable",
+[Icmp6_port_unreach]	"port unreachable",
+[Icmp6_gress_src_fail]	"source address failed ingress/egress policy",
+[Icmp6_rej_route]	"reject route to destination",
+[Icmp6_unknown]		"icmp unreachable: unknown code",
 };
 
 static void icmpkick6(void *x, Block *bp);
@@ -185,40 +193,44 @@
 set_cksum(Block *bp)
 {
 	IPICMP *p = (IPICMP *)(bp->rp);
+	int n = blocklen(bp);
 
-	hnputl(p->vcf, 0);  // borrow IP header as pseudoheader
-	hnputs(p->ploadlen, blocklen(bp)-IPV6HDR_LEN);
+	hnputl(p->vcf, 0);  	/* borrow IP header as pseudoheader */
+	hnputs(p->ploadlen, n - IP6HDR);
 	p->proto = 0;
-	p->ttl = ICMPv6;	// ttl gets set later
+	p->ttl = ICMPv6;	/* ttl gets set later */
 	hnputs(p->cksum, 0);
-	hnputs(p->cksum, ptclcsum(bp, 0, blocklen(bp)));
+	hnputs(p->cksum, ptclcsum(bp, 0, n));
 	p->proto = ICMPv6;
 }
 
 static Block *
 newIPICMP(int packetlen)
 {
-	Block	*nbp;
+	Block *nbp;
+
 	nbp = allocb(packetlen);
 	nbp->wp += packetlen;
 	memset(nbp->rp, 0, packetlen);
 	return nbp;
 }
 
-void
+static void
 icmpadvise6(Proto *icmp, Block *bp, char *msg)
 {
-	Conv	**c, *s;
-	IPICMP	*p;
-	ushort	recid;
+	ushort recid;
+	Conv **c, *s;
+	IPICMP *p;
 
-	p = (IPICMP *) bp->rp;
+	p = (IPICMP *)bp->rp;
 	recid = nhgets(p->icmpid);
 
-	for(c = icmp->conv; *c; c++) {
-		s = *c;
+	for(c = icmp->conv; (s = *c) != nil; c++){
 		if(s->lport == recid)
+		if(ipcmp(s->laddr, p->src) == 0)
 		if(ipcmp(s->raddr, p->dst) == 0){
+			if(s->ignoreadvice)
+				break;
 			qhangup(s->rq, msg);
 			qhangup(s->wq, msg);
 			break;
@@ -230,9 +242,9 @@
 static void
 icmpkick6(void *x, Block *bp)
 {
+	uchar laddr[IPaddrlen], raddr[IPaddrlen];
 	Conv *c = x;
 	IPICMP *p;
-	uchar laddr[IPaddrlen], raddr[IPaddrlen];
 	Icmppriv6 *ipriv = c->p->priv;
 	Icmpcb6 *icb = (Icmpcb6*)c->ptcl;
 
@@ -249,10 +261,10 @@
 		bp->rp += IPaddrlen;
 		ipmove(raddr, bp->rp);
 		bp->rp += IPaddrlen;
-		bp = padblock(bp, sizeof(Ip6hdr));
+		bp = padblock(bp, IP6HDR);
 	}
 
-	if(blocklen(bp) < sizeof(IPICMP)){
+	if(BLEN(bp) < IPICMPSZ){
 		freeblist(bp);
 		return;
 	}
@@ -268,23 +280,20 @@
 
 	set_cksum(bp);
 	p->vcf[0] = 0x06 << 4;
-	if(p->type <= Maxtype6)	
+	if(p->type <= Maxtype6)
 		ipriv->out[p->type]++;
 	ipoput6(c->p->f, bp, 0, c->ttl, c->tos, nil);
 }
 
-char*
+static char*
 icmpctl6(Conv *c, char **argv, int argc)
 {
 	Icmpcb6 *icb;
 
 	icb = (Icmpcb6*) c->ptcl;
-
-	if(argc==1) {
-		if(strcmp(argv[0], "headers")==0) {
-			icb->headers = 6;
-			return nil;
-		}
+	if(argc==1 && strcmp(argv[0], "headers")==0) {
+		icb->headers = 6;
+		return nil;
 	}
 	return "unknown control request";
 }
@@ -292,41 +301,39 @@
 static void
 goticmpkt6(Proto *icmp, Block *bp, int muxkey)
 {
-	Conv	**c, *s;
-	IPICMP	*p = (IPICMP *)bp->rp;
-	ushort	recid; 
-	uchar 	*addr;
+	ushort recid;
+	uchar *addr;
+	Conv **c, *s;
+	IPICMP *p = (IPICMP *)bp->rp;
 
 	if(muxkey == 0) {
 		recid = nhgets(p->icmpid);
 		addr = p->src;
-	}
-	else {
+	} else {
 		recid = muxkey;
 		addr = p->dst;
 	}
-
-	for(c = icmp->conv; *c; c++){
-		s = *c;
-		if(s->lport == recid && ipcmp(s->raddr, addr) == 0){
-			bp = concatblock(bp);
-			if(bp != nil)
-				qpass(s->rq, bp);
-			return;
-		}
+	for(c = icmp->conv; (s = *c) != nil; c++){
+		if(s->lport == recid)
+		if(ipcmp(s->laddr, p->dst) == 0 || ipcmp(s->raddr, addr) == 0)
+			qpass(s->rq, copyblock(bp, blocklen(bp)));
 	}
-
 	freeblist(bp);
 }
 
 static Block *
-mkechoreply6(Block *bp)
+mkechoreply6(Block *bp, Ipifc *ifc)
 {
+	uchar addr[IPaddrlen];
 	IPICMP *p = (IPICMP *)(bp->rp);
-	uchar	addr[IPaddrlen];
 
+	if(isv6mcast(p->src))
+		return nil;
 	ipmove(addr, p->src);
-	ipmove(p->src, p->dst);
+	if(!isv6mcast(p->dst))
+		ipmove(p->src, p->dst);
+	else if (!ipv6local(ifc, p->src, 0, addr))
+		return nil;
 	ipmove(p->dst, addr);
 	p->type = EchoReplyV6;
 	set_cksum(bp);
@@ -335,49 +342,43 @@
 
 /*
  * sends out an ICMPv6 neighbor solicitation
- * 	suni == SRC_UNSPEC or SRC_UNI, 
+ * 	suni == SRC_UNSPEC or SRC_UNI,
  *	tuni == TARG_MULTI => multicast for address resolution,
  * 	and tuni == TARG_UNI => neighbor reachability.
  */
-
-extern void
+void
 icmpns(Fs *f, uchar* src, int suni, uchar* targ, int tuni, uchar* mac)
 {
-	Block	*nbp;
+	Block *nbp;
 	Ndpkt *np;
 	Proto *icmp = f->t2p[ICMPv6];
 	Icmppriv6 *ipriv = icmp->priv;
 
-
-	nbp = newIPICMP(sizeof(Ndpkt));
+	nbp = newIPICMP(NDPKTSZ);
 	np = (Ndpkt*) nbp->rp;
 
-
-	if(suni == SRC_UNSPEC) 
-		memmove(np->src, v6Unspecified, IPaddrlen);
-	else 
-		memmove(np->src, src, IPaddrlen);
+	if(suni == SRC_UNSPEC)
+		ipmove(np->src, v6Unspecified);
+	else
+		ipmove(np->src, src);
 
 	if(tuni == TARG_UNI)
-		memmove(np->dst, targ, IPaddrlen);
+		ipmove(np->dst, targ);
 	else
 		ipv62smcast(np->dst, targ);
 
 	np->type = NbrSolicit;
 	np->code = 0;
-	memmove(np->target, targ, IPaddrlen);
+	ipmove(np->target, targ);
 	if(suni != SRC_UNSPEC) {
-		np->otype = SRC_LLADDRESS;
-		np->olen = 1;	/* 1+1+6 = 8 = 1 8-octet */
+		np->otype = SRC_LLADDR;
+		np->olen = 1;		/* 1+1+6 = 8 = 1 8-octet */
 		memmove(np->lnaddr, mac, sizeof(np->lnaddr));
-	}
-	else {
-		int r = sizeof(Ndpkt)-sizeof(NdiscC);
-		nbp->wp -= r;
-	}
+	} else
+		nbp->wp -= NDPKTSZ - NDISCSZ;
 
 	set_cksum(nbp);
-	np = (Ndpkt*) nbp->rp;
+	np = (Ndpkt*)nbp->rp;
 	np->ttl = HOP_LIMIT;
 	np->vcf[0] = 0x06 << 4;
 	ipriv->out[NbrSolicit]++;
@@ -388,122 +389,101 @@
 /*
  * sends out an ICMPv6 neighbor advertisement. pktflags == RSO flags.
  */
-extern void
+void
 icmpna(Fs *f, uchar* src, uchar* dst, uchar* targ, uchar* mac, uchar flags)
 {
-	Block	*nbp;
+	Block *nbp;
 	Ndpkt *np;
 	Proto *icmp = f->t2p[ICMPv6];
 	Icmppriv6 *ipriv = icmp->priv;
 
-	nbp = newIPICMP(sizeof(Ndpkt));
-	np = (Ndpkt*) nbp->rp;
+	nbp = newIPICMP(NDPKTSZ);
+	np = (Ndpkt*)nbp->rp;
 
-	memmove(np->src, src, IPaddrlen);
-	memmove(np->dst, dst, IPaddrlen);
+	ipmove(np->src, src);
+	ipmove(np->dst, dst);
 
 	np->type = NbrAdvert;
 	np->code = 0;
 	np->icmpid[0] = flags;
-	memmove(np->target, targ, IPaddrlen);
+	ipmove(np->target, targ);
 
-	np->otype = TARGET_LLADDRESS;
-	np->olen = 1;	
+	np->otype = TARGET_LLADDR;
+	np->olen = 1;
 	memmove(np->lnaddr, mac, sizeof(np->lnaddr));
 
 	set_cksum(nbp);
-	np = (Ndpkt*) nbp->rp;
+	np = (Ndpkt*)nbp->rp;
 	np->ttl = HOP_LIMIT;
 	np->vcf[0] = 0x06 << 4;
 	ipriv->out[NbrAdvert]++;
-	netlog(f, Logicmp, "sending neighbor advertisement %I\n", src);
+	netlog(f, Logicmp, "sending neighbor advertisement %I\n", targ);
 	ipoput6(f, nbp, 0, MAXTTL, DFLTTOS, nil);
 }
 
-extern void
-icmphostunr(Fs *f, Ipifc *ifc, Block *bp, int code, int free)
+void
+icmphostunr6(Fs *f, Ipifc *ifc, Block *bp, int code, int tome)
 {
+	int osz = BLEN(bp);
+	int sz = MIN(IPICMPSZ + osz, v6MINTU);
 	Block *nbp;
 	IPICMP *np;
-	Ip6hdr	*p;
-	int osz = BLEN(bp);
-	int sz = MIN(sizeof(IPICMP) + osz, v6MINTU);
-	Proto	*icmp = f->t2p[ICMPv6];
+	Ip6hdr *p;
+	Proto *icmp = f->t2p[ICMPv6];
 	Icmppriv6 *ipriv = icmp->priv;
+	uchar ia[IPaddrlen];
 
-	p = (Ip6hdr *) bp->rp;
+	p = (Ip6hdr *)bp->rp;
+	if(isv6mcast(p->dst) || isv6mcast(p->src) || !ipv6local(ifc, ia, 0, p->src))
+		return;
 
-	if(isv6mcast(p->src)) 
-		goto clean;
+	netlog(f, Logicmp, "send icmphostunr %I -> src %I dst %I\n",
+		ia, p->src, p->dst);
 
 	nbp = newIPICMP(sz);
-	np = (IPICMP *) nbp->rp;
-
-	rlock(ifc);
-	if(ipv6anylocal(ifc, np->src)) {
-		netlog(f, Logicmp, "send icmphostunr -> s%I d%I\n", p->src, p->dst);
-	}
-	else {
-		netlog(f, Logicmp, "icmphostunr fail -> s%I d%I\n", p->src, p->dst);
-		freeblist(nbp);
-		if(free) 
-			goto clean;
-		else
-			return;
-	}
-
-	memmove(np->dst, p->src, IPaddrlen);
+	np = (IPICMP *)nbp->rp;
+	ipmove(np->src, ia);
+	ipmove(np->dst, p->src);
 	np->type = UnreachableV6;
 	np->code = code;
-	memmove(nbp->rp + sizeof(IPICMP), bp->rp, sz - sizeof(IPICMP));
+	memmove(nbp->rp + IPICMPSZ, bp->rp, sz - IPICMPSZ);
 	set_cksum(nbp);
 	np->ttl = HOP_LIMIT;
 	np->vcf[0] = 0x06 << 4;
 	ipriv->out[UnreachableV6]++;
 
-	if(free)
+	if(tome)
 		ipiput6(f, ifc, nbp);
-	else {
+	else 
 		ipoput6(f, nbp, 0, MAXTTL, DFLTTOS, nil);
-		return;
-	}
-
-clean:
-	runlock(ifc);
-	freeblist(bp);
 }
 
-extern void
+void
 icmpttlexceeded6(Fs *f, Ipifc *ifc, Block *bp)
 {
+	int osz = BLEN(bp);
+	int sz = MIN(IPICMPSZ + osz, v6MINTU);
 	Block *nbp;
 	IPICMP *np;
-	Ip6hdr	*p;
-	int osz = BLEN(bp);
-	int sz = MIN(sizeof(IPICMP) + osz, v6MINTU);
-	Proto	*icmp = f->t2p[ICMPv6];
+	Ip6hdr *p;
+	Proto *icmp = f->t2p[ICMPv6];
 	Icmppriv6 *ipriv = icmp->priv;
+	uchar ia[IPaddrlen];
 
-	p = (Ip6hdr *) bp->rp;
-
-	if(isv6mcast(p->src)) 
+	p = (Ip6hdr *)bp->rp;
+	if(isv6mcast(p->dst) || isv6mcast(p->src) || !ipv6local(ifc, ia, 0, p->src))
 		return;
 
+	netlog(f, Logicmp, "send icmpttlexceeded6 %I -> src %I dst %I\n",
+		ia, p->src, p->dst);
+
 	nbp = newIPICMP(sz);
 	np = (IPICMP *) nbp->rp;
-
-	if(ipv6anylocal(ifc, np->src)) {
-		netlog(f, Logicmp, "send icmpttlexceeded6 -> s%I d%I\n", p->src, p->dst);
-	}
-	else {
-		netlog(f, Logicmp, "icmpttlexceeded6 fail -> s%I d%I\n", p->src, p->dst);
-		return;
-	}
-
-	memmove(np->dst, p->src, IPaddrlen);
+	ipmove(np->src, ia);
+	ipmove(np->dst, p->src);
 	np->type = TimeExceedV6;
 	np->code = 0;
-	memmove(nbp->rp + sizeof(IPICMP), bp->rp, sz - sizeof(IPICMP));
+	memmove(nbp->rp + IPICMPSZ, bp->rp, sz - IPICMPSZ);
 	set_cksum(nbp);
 	np->ttl = HOP_LIMIT;
 	np->vcf[0] = 0x06 << 4;
@@ -511,38 +491,33 @@
 	ipoput6(f, nbp, 0, MAXTTL, DFLTTOS, nil);
 }
 
-extern void
+void
 icmppkttoobig6(Fs *f, Ipifc *ifc, Block *bp)
 {
+	int osz = BLEN(bp);
+	int sz = MIN(IPICMPSZ + osz, v6MINTU);
 	Block *nbp;
 	IPICMP *np;
-	Ip6hdr	*p;
-	int osz = BLEN(bp);
-	int sz = MIN(sizeof(IPICMP) + osz, v6MINTU);
-	Proto	*icmp = f->t2p[ICMPv6];
+	Ip6hdr *p;
+	Proto *icmp = f->t2p[ICMPv6];
 	Icmppriv6 *ipriv = icmp->priv;
+	uchar ia[IPaddrlen];
 
-	p = (Ip6hdr *) bp->rp;
-
-	if(isv6mcast(p->src)) 
+	p = (Ip6hdr *)bp->rp;
+	if(isv6mcast(p->dst) || isv6mcast(p->src) || !ipv6local(ifc, ia, 0, p->src))
 		return;
 
-	nbp = newIPICMP(sz);
-	np = (IPICMP *) nbp->rp;
-
-	if(ipv6anylocal(ifc, np->src)) {
-		netlog(f, Logicmp, "send icmppkttoobig6 -> s%I d%I\n", p->src, p->dst);
-	}
-	else {
-		netlog(f, Logicmp, "icmppkttoobig6 fail -> s%I d%I\n", p->src, p->dst);
-		return;
-	}
+	netlog(f, Logicmp, "send icmppkttoobig6 %I -> src %I dst %I\n",
+		ia, p->src, p->dst);
 
-	memmove(np->dst, p->src, IPaddrlen);
+	nbp = newIPICMP(sz);
+	np = (IPICMP *)nbp->rp;
+	ipmove(np->src, ia);
+	ipmove(np->dst, p->src);
 	np->type = PacketTooBigV6;
 	np->code = 0;
 	hnputl(np->icmpid, ifc->maxtu - ifc->m->hsize);
-	memmove(nbp->rp + sizeof(IPICMP), bp->rp, sz - sizeof(IPICMP));
+	memmove(nbp->rp + IPICMPSZ, bp->rp, sz - IPICMPSZ);
 	set_cksum(nbp);
 	np->ttl = HOP_LIMIT;
 	np->vcf[0] = 0x06 << 4;
@@ -554,31 +529,23 @@
  * RFC 2461, pages 39-40, pages 57-58.
  */
 static int
-valid(Proto *icmp, Ipifc *ifc, Block *bp, Icmppriv6 *ipriv) {
-	int 	sz, osz, unsp, n, ttl, iplen;
-	int 	pktsz = BLEN(bp);
-	uchar	*packet = bp->rp;
-	IPICMP	*p = (IPICMP *) packet;
-	Ndpkt	*np;
-
-	USED(ifc);
-	n = blocklen(bp);
-	if(n < sizeof(IPICMP)) {
-		ipriv->stats[HlenErrs6]++;
-		netlog(icmp->f, Logicmp, "icmp hlen %d\n", n);
-		goto err;
-	}
+valid(Proto *icmp, Ipifc *, Block *bp, Icmppriv6 *ipriv)
+{
+	int sz, osz, unsp, ttl;
+	int pktsz = BLEN(bp);
+	uchar *packet = bp->rp;
+	IPICMP *p = (IPICMP *) packet;
+	Ndpkt *np;
 
-	iplen = nhgets(p->ploadlen);
-	if(iplen > n-IPV6HDR_LEN || (iplen % 1)) {
-		ipriv->stats[LenErrs6]++;
-		netlog(icmp->f, Logicmp, "icmp length %d\n", iplen);
+	if(pktsz < IPICMPSZ) {
+		ipriv->stats[HlenErrs6]++;
+		netlog(icmp->f, Logicmp, "icmp hlen %d\n", pktsz);
 		goto err;
 	}
 
-	// Rather than construct explicit pseudoheader, overwrite IPv6 header
+	/* Rather than construct explicit pseudoheader, overwrite IPv6 header */
 	if(p->proto != ICMPv6) {
-		// This code assumes no extension headers!!!
+		/* This code assumes no extension headers!!! */
 		netlog(icmp->f, Logicmp, "icmp error: extension header\n");
 		goto err;
 	}
@@ -586,7 +553,7 @@
 	ttl = p->ttl;
 	p->ttl = p->proto;
 	p->proto = 0;
-	if(ptclcsum(bp, 0, iplen + IPV6HDR_LEN)) {
+	if(ptclcsum(bp, 0, pktsz)) {
 		ipriv->stats[CsumErrs6]++;
 		netlog(icmp->f, Logicmp, "icmp checksum error\n");
 		goto err;
@@ -595,19 +562,16 @@
 	p->ttl = ttl;
 
 	/* additional tests for some pkt types */
-	if( (p->type == NbrSolicit) ||
-		(p->type == NbrAdvert) ||
-		(p->type == RouterAdvert) ||
-		(p->type == RouterSolicit) ||
-		(p->type == RedirectV6) ) {
-
+	if (p->type == NbrSolicit   || p->type == NbrAdvert ||
+	    p->type == RouterAdvert || p->type == RouterSolicit ||
+	    p->type == RedirectV6) {
 		if(p->ttl != HOP_LIMIT) {
-			ipriv->stats[HoplimErrs6]++; 
-			goto err; 
+			ipriv->stats[HoplimErrs6]++;
+			goto err;
 		}
 		if(p->code != 0) {
-			ipriv->stats[IcmpCodeErrs6]++; 
-			goto err; 
+			ipriv->stats[IcmpCodeErrs6]++;
+			goto err;
 		}
 
 		switch (p->type) {
@@ -615,82 +579,78 @@
 		case NbrAdvert:
 			np = (Ndpkt*) p;
 			if(isv6mcast(np->target)) {
-				ipriv->stats[TargetErrs6]++; 
-				goto err; 
+				ipriv->stats[TargetErrs6]++;
+				goto err;
 			}
-			if(optexsts(np) && (np->olen == 0)) {
-				ipriv->stats[OptlenErrs6]++; 
-				goto err; 
+			if(optexsts(np) && np->olen == 0) {
+				ipriv->stats[OptlenErrs6]++;
+				goto err;
 			}
-		
-			if(p->type == NbrSolicit) {
-				if(ipcmp(np->src, v6Unspecified) == 0) { 
-					if(!issmcast(np->dst) || optexsts(np))  {
-						ipriv->stats[AddrmxpErrs6]++; 
-						goto err;
-					}
+
+			if (p->type == NbrSolicit &&
+			    ipcmp(np->src, v6Unspecified) == 0)
+				if(!issmcast(np->dst) || optexsts(np)) {
+					ipriv->stats[AddrmxpErrs6]++;
+					goto err;
 				}
-			}
-		
-			if(p->type == NbrAdvert) {
-				if((isv6mcast(np->dst))&&(nhgets(np->icmpid) & Sflag)){
-					ipriv->stats[AddrmxpErrs6]++; 
-					goto err; 
+
+			if(p->type == NbrAdvert)
+				if(isv6mcast(np->dst) &&
+				    (nhgets(np->icmpid) & Sflag)){
+					ipriv->stats[AddrmxpErrs6]++;
+					goto err;
 				}
-			}
 			break;
-	
+
 		case RouterAdvert:
-			if(pktsz - sizeof(Ip6hdr) < 16) {
-				ipriv->stats[HlenErrs6]++; 
-				goto err; 
+			if(pktsz - IP6HDR < 16) {
+				ipriv->stats[HlenErrs6]++;
+				goto err;
 			}
 			if(!islinklocal(p->src)) {
-				ipriv->stats[RouterAddrErrs6]++; 
-				goto err; 
+				ipriv->stats[RouterAddrErrs6]++;
+				goto err;
 			}
-			sz = sizeof(IPICMP) + 8;
-			while ((sz+1) < pktsz) {
-				osz = *(packet+sz+1);
+			sz = IPICMPSZ + 8;
+			while (sz+8 <= pktsz) {
+				osz = packet[sz+1];
 				if(osz <= 0) {
-					ipriv->stats[OptlenErrs6]++; 
-					goto err; 
-				}	
+					ipriv->stats[OptlenErrs6]++;
+					goto err;
+				}
 				sz += 8*osz;
 			}
 			break;
-	
+
 		case RouterSolicit:
-			if(pktsz - sizeof(Ip6hdr) < 8) {
-				ipriv->stats[HlenErrs6]++; 
-				goto err; 
+			if(pktsz - IP6HDR < 8) {
+				ipriv->stats[HlenErrs6]++;
+				goto err;
 			}
 			unsp = (ipcmp(p->src, v6Unspecified) == 0);
-			sz = sizeof(IPICMP) + 8;
-			while ((sz+1) < pktsz) {
-				osz = *(packet+sz+1);
-				if((osz <= 0) ||
-					(unsp && (*(packet+sz) == slladd)) ) {
-					ipriv->stats[OptlenErrs6]++; 
-					goto err; 
+			sz = IPICMPSZ + 8;
+			while (sz+8 <= pktsz) {
+				osz = packet[sz+1];
+				if(osz <= 0 ||
+				    (unsp && packet[sz] == SRC_LLADDR)) {
+					ipriv->stats[OptlenErrs6]++;
+					goto err;
 				}
 				sz += 8*osz;
 			}
 			break;
-	
+
 		case RedirectV6:
-			//to be filled in
+			/* to be filled in */
 			break;
-	
+
 		default:
 			goto err;
 		}
 	}
-
 	return 1;
-
 err:
-	ipriv->stats[InErrors6]++; 
+	ipriv->stats[InErrors6]++;
 	return 0;
 }
 
@@ -700,169 +660,162 @@
 	Iplifc *lifc;
 	int t;
 
-	rlock(ifc);
-	if(ipproxyifc(f, ifc, target)) {
-		runlock(ifc);
-		return t_uniproxy;
-	}
-
-	for(lifc = ifc->lifc; lifc; lifc = lifc->next) {
-		if(ipcmp(lifc->local, target) == 0) {
-			t = (lifc->tentative) ? t_unitent : t_unirany; 
-			runlock(ifc);
-			return t;
-		}
-	}
-
-	runlock(ifc);
-	return 0;
+	if((lifc = iplocalonifc(ifc, target)) != nil)
+		t = lifc->tentative? Tunitent: Tunirany;
+	else if(ipproxyifc(f, ifc, target))
+		t = Tuniproxy;
+	else
+		t = 0;
+	return t;
 }
 
 static void
-icmpiput6(Proto *icmp, Ipifc *ipifc, Block *bp)
+icmpiput6(Proto *icmp, Ipifc *ifc, Block *bp)
 {
-	uchar	*packet = bp->rp;
-	IPICMP	*p = (IPICMP *)packet;
-	Icmppriv6 *ipriv = icmp->priv;
-	Block	*r;
-	Proto	*pr;
-	char	*msg, m2[128];
-	Ndpkt* np;
+	char *msg, m2[128];
 	uchar pktflags;
-	uchar lsrc[IPaddrlen];
-	int refresh = 1;
+	uchar ia[IPaddrlen];
+	Block *r;
+	IPICMP *p;
+	Icmppriv6 *ipriv = icmp->priv;
 	Iplifc *lifc;
+	Ndpkt* np;
+	Proto *pr;
 
-	if(!valid(icmp, ipifc, bp, ipriv)) 
-		goto raise;
+	bp = concatblock(bp);
+	p = (IPICMP*)bp->rp;
 
-	if(p->type <= Maxtype6)
-		ipriv->in[p->type]++;
-	else
+	if(!valid(icmp, ifc, bp, ipriv) || p->type > Maxtype6)
 		goto raise;
 
+	ipriv->in[p->type]++;
+
 	switch(p->type) {
 	case EchoRequestV6:
-		r = mkechoreply6(bp);
+		r = mkechoreply6(bp, ifc);
+		if(r == nil)
+			goto raise;
 		ipriv->out[EchoReply]++;
 		ipoput6(icmp->f, r, 0, MAXTTL, DFLTTOS, nil);
 		break;
 
 	case UnreachableV6:
-		if(p->code > 4)
-			msg = unreachcode[icmp6_unkn_code];
+		if(p->code >= nelem(unreachcode))
+			msg = unreachcode[Icmp6_unknown];
 		else
 			msg = unreachcode[p->code];
-
-		bp->rp += sizeof(IPICMP);
-		if(blocklen(bp) < 8){
+	Advise:
+		bp->rp += IPICMPSZ;
+		if(BLEN(bp) < MinAdvise){
 			ipriv->stats[LenErrs6]++;
 			goto raise;
 		}
 		p = (IPICMP *)bp->rp;
-		pr = Fsrcvpcolx(icmp->f, p->proto);
-		if(pr != nil && pr->advise != nil) {
-			(*pr->advise)(pr, bp, msg);
-			return;
-		}
-
-		bp->rp -= sizeof(IPICMP);
-		goticmpkt6(icmp, bp, 0);
-		break;
-
-	case TimeExceedV6:
-		if(p->code == 0){
-			sprint(m2, "ttl exceeded at %I", p->src);
 
-			bp->rp += sizeof(IPICMP);
-			if(blocklen(bp) < 8){
-				ipriv->stats[LenErrs6]++;
-				goto raise;
+		/* get rid of fragment header if this is the first fragment */
+		if(p->proto == FH && BLEN(bp) >= MinAdvise+IP6FHDR && MinAdvise > IP6HDR){
+			Fraghdr6 *fh = (Fraghdr6*)(bp->rp + IP6HDR);
+			if((nhgets(fh->offsetRM) & ~7) == 0){	/* first fragment */
+				p->proto = fh->nexthdr;
+				/* copy down payload over fragment header */
+				bp->rp += IP6HDR;
+				bp->wp -= IP6FHDR;
+				memmove(bp->rp, bp->rp+IP6FHDR, BLEN(bp));
+				hnputs(p->ploadlen, BLEN(bp));
+				bp->rp -= IP6HDR;
 			}
-			p = (IPICMP *)bp->rp;
+		}
+		if(p->proto != FH){
 			pr = Fsrcvpcolx(icmp->f, p->proto);
 			if(pr != nil && pr->advise != nil) {
-				(*pr->advise)(pr, bp, m2);
+				(*pr->advise)(pr, bp, msg);
 				return;
 			}
-			bp->rp -= sizeof(IPICMP);
 		}
+		bp->rp -= IPICMPSZ;
+		goticmpkt6(icmp, bp, 0);
+		break;
 
+	case TimeExceedV6:
+		if(p->code == 0){
+			snprint(msg = m2, sizeof m2, "ttl exceeded at %I", p->src);
+			goto Advise;
+		}
+		if(p->code == 1){
+			snprint(msg = m2, sizeof m2, "frag time exceeded at %I", p->src);
+			goto Advise;
+		}
 		goticmpkt6(icmp, bp, 0);
 		break;
 
+	case PacketTooBigV6:
+		snprint(msg = m2, sizeof(m2), "packet too big for %lud mtu at %I",
+			(ulong)nhgetl(p->icmpid), p->src);
+		goto Advise;
+
 	case RouterAdvert:
 	case RouterSolicit:
-		/* using lsrc as a temp, munge hdr for goticmp6 
-		memmove(lsrc, p->src, IPaddrlen);
-		memmove(p->src, p->dst, IPaddrlen);
-		memmove(p->dst, lsrc, IPaddrlen); */
-
 		goticmpkt6(icmp, bp, p->type);
 		break;
 
 	case NbrSolicit:
-		np = (Ndpkt*) p;
+		np = (Ndpkt*)p;
 		pktflags = 0;
-		switch (targettype(icmp->f, ipifc, np->target)) {
-		case t_unirany:
+		if(ifc->sendra6)
+			pktflags |= Rflag;
+		switch (targettype(icmp->f, ifc, np->target)) {
+		case Tunirany:
 			pktflags |= Oflag;
 			/* fall through */
 
-		case t_uniproxy: 
-			if(ipcmp(np->src, v6Unspecified) != 0) {
-				arpenter(icmp->f, V6, np->src, np->lnaddr, 8*np->olen-2, 0);
+		case Tuniproxy:
+			if(ipv6local(ifc, ia, 0, np->src)) {
+				if(arpenter(icmp->f, V6, np->src, np->lnaddr, 8*np->olen-2, ia, ifc, 0) < 0)
+					break;
 				pktflags |= Sflag;
-			}
-			if(ipv6local(ipifc, lsrc)) {
-				icmpna(icmp->f, lsrc, 
-				   (ipcmp(np->src, v6Unspecified)==0)?v6allnodesL:np->src,
-				   np->target, ipifc->mac, pktflags); 
-			}
-			else
-				freeblist(bp);
+			} else
+				ipmove(ia, np->target);
+			icmpna(icmp->f, ia, (pktflags & Sflag)? np->src: v6allnodesL,
+				np->target, ifc->mac, pktflags);
+			break;
+		case Tunitent:
+			/*
+			 * not clear what needs to be done. send up
+			 * an icmp mesg saying don't use this address?
+			 */
 			break;
-
-		case t_unitent:
-			/* not clear what needs to be done. send up
-			 * an icmp mesg saying don't use this address? */
-
-		default:
-			freeblist(bp);
 		}
-
+		freeblist(bp);
 		break;
 
 	case NbrAdvert:
-		np = (Ndpkt*) p;
+		np = (Ndpkt*)p;
 
-		/* if the target address matches one of the local interface 
-		 * address and the local interface address has tentative bit set, 
-		 * then insert into ARP table. this is so the duplication address 
-		 * detection part of ipconfig can discover duplication through 
-		 * the arp table
+		/*
+		 * if the target address matches one of the local interface
+		 * addresses and the local interface address has tentative bit
+		 * set, insert into ARP table. this is so the duplicate address
+		 * detection part of ipconfig can discover duplication through
+		 * the arp table.
 		 */
-		lifc = iplocalonifc(ipifc, np->target);
-		if(lifc && lifc->tentative)
-			refresh = 0;
-		arpenter(icmp->f, V6, np->target, np->lnaddr, 8*np->olen-2, refresh);
+		lifc = iplocalonifc(ifc, np->target);
+		if(lifc != nil && lifc->tentative)
+			arpenter(icmp->f, V6, np->target, np->lnaddr, 8*np->olen-2, np->target, ifc, 0);
+		else if(ipv6local(ifc, ia, 0, np->target))
+			arpenter(icmp->f, V6, np->target, np->lnaddr, 8*np->olen-2, ia, ifc, 1);
 		freeblist(bp);
 		break;
 
-	case PacketTooBigV6:
-
 	default:
 		goticmpkt6(icmp, bp, 0);
 		break;
 	}
 	return;
-
 raise:
 	freeblist(bp);
-
 }
 
-int
+static int
 icmpstats6(Proto *icmp6, char *buf, int len)
 {
 	Icmppriv6 *priv;
@@ -874,23 +827,28 @@
 	e = p+len;
 	for(i = 0; i < Nstats6; i++)
 		p = seprint(p, e, "%s: %lud\n", statnames6[i], priv->stats[i]);
-	for(i = 0; i <= Maxtype6; i++){
+	for(i = 0; i <= Maxtype6; i++)
 		if(icmpnames6[i])
-			p = seprint(p, e, "%s: %lud %lud\n", icmpnames6[i], priv->in[i], priv->out[i]);
-/*		else
-			p = seprint(p, e, "%d: %lud %lud\n", i, priv->in[i], priv->out[i]);
-*/
-	}
+			p = seprint(p, e, "%s: %lud %lud\n", icmpnames6[i],
+				priv->in[i], priv->out[i]);
 	return p - buf;
 }
 
 
-// need to import from icmp.c
+/* import from icmp.c */
 extern int	icmpstate(Conv *c, char *state, int n);
 extern char*	icmpannounce(Conv *c, char **argv, int argc);
 extern char*	icmpconnect(Conv *c, char **argv, int argc);
 extern void	icmpclose(Conv *c);
 
+static void
+icmpclose6(Conv *c)
+{
+	Icmpcb6 *icb = (Icmpcb6*)c->ptcl;
+	icb->headers = 0;
+	icmpclose(c);
+}
+
 void
 icmp6init(Fs *fs)
 {
@@ -902,7 +860,7 @@
 	icmp6->announce = icmpannounce;
 	icmp6->state = icmpstate;
 	icmp6->create = icmpcreate6;
-	icmp6->close = icmpclose;
+	icmp6->close = icmpclose6;
 	icmp6->rcv = icmpiput6;
 	icmp6->stats = icmpstats6;
 	icmp6->ctl = icmpctl6;
@@ -914,4 +872,3 @@
 
 	Fsproto(fs, icmp6);
 }
-
--- a/os/ip/igmp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/igmp.c	Sat Aug 21 01:39:52 2021
@@ -1,3 +1,7 @@
+/*
+ * igmp - internet group management protocol
+ * unfinished.
+ */
 #include "u.h"
 #include "../port/lib.h"
 #include "mem.h"
@@ -40,8 +44,12 @@
 	uchar	unused;
 	uchar	igmpcksum[2];		/* checksum of igmp portion */
 	uchar	group[IPaddrlen];	/* multicast group */
+
+	uchar	payload[];
 };
 
+#define IGMPPKTSZ offsetof(IGMPpkt, payload[0])
+
 /*
  *  lists for group reports
  */
@@ -49,7 +57,7 @@
 struct IGMPrep
 {
 	IGMPrep		*next;
-	Media		*m;
+	Medium		*m;
 	int		ticks;
 	Multicast	*multi;
 };
@@ -76,19 +84,17 @@
 } stats;
 
 void
-igmpsendreport(Media *m, uchar *addr)
+igmpsendreport(Medium *m, uchar *addr)
 {
 	IGMPpkt *p;
 	Block *bp;
 
 	bp = allocb(sizeof(IGMPpkt));
-	if(bp == nil)
-		return;
 	p = (IGMPpkt*)bp->wp;
 	p->vihl = IP_VER4;
-	bp->wp += sizeof(IGMPpkt);
-	memset(bp->rp, 0, sizeof(IGMPpkt));
-	hnputl(p->src, Mediagetaddr(m));
+	bp->wp += IGMPPKTSZ;
+	memset(bp->rp, 0, IGMPPKTSZ);
+	hnputl(p->src, Mediumgetaddr(m));
 	hnputl(p->dst, Ipallsys);
 	p->vertype = (1<<4) | IGMPreport;
 	p->proto = IP_IGMPPROTO;
@@ -166,7 +172,7 @@
 }
 
 void
-igmpiput(Media *m, Ipifc *, Block *bp)
+igmpiput(Medium *m, Ipifc *, Block *bp)
 {
 	int n;
 	IGMPpkt *ghp;
@@ -206,7 +212,7 @@
 		if(rp != nil)
 			break;	/* already reporting */
 
-		mp = Mediacopymulti(m);
+		mp = Mediumcopymulti(m);
 		if(mp == nil)
 			break;
 
@@ -285,7 +291,7 @@
 	igmp.ptclsize = 0;
 
 	igmpreportfn = igmpsendreport;
-	kproc("igmpproc", igmpproc, 0, 0);
+	kproc("igmpproc", igmpproc, 0);
 
 	Fsproto(fs, &igmp);
 }
--- a/os/ip/ihbootp.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,323 +0,0 @@
-#include "u.h"
-#include "../port/lib.h"
-#include "mem.h"
-#include "dat.h"
-#include "fns.h"
-#include "../port/error.h"
-#include "kernel.h"
-#include "ip.h"
-
-static	ulong	fsip;
-static	ulong	auip;
-static	ulong	gwip;
-static	ulong	ipmask;
-static	ulong	ipaddr;
-static	ulong	dnsip;
-
-enum
-{
-	Bootrequest = 1,
-	Bootreply   = 2,
-};
-
-typedef struct Bootp
-{
-	/* udp.c oldheader */
-	uchar	raddr[IPaddrlen];
-	uchar	laddr[IPaddrlen];
-	uchar	rport[2];
-	uchar	lport[2];
-	/* bootp itself */
-	uchar	op;		/* opcode */
-	uchar	htype;		/* hardware type */
-	uchar	hlen;		/* hardware address len */
-	uchar	hops;		/* hops */
-	uchar	xid[4];		/* a random number */
-	uchar	secs[2];	/* elapsed snce client started booting */
-	uchar	pad[2];
-	uchar	ciaddr[4];	/* client IP address (client tells server) */
-	uchar	yiaddr[4];	/* client IP address (server tells client) */
-	uchar	siaddr[4];	/* server IP address */
-	uchar	giaddr[4];	/* gateway IP address */
-	uchar	chaddr[16];	/* client hardware address */
-	uchar	sname[64];	/* server host name (optional) */
-	uchar	file[128];	/* boot file name */
-	uchar	vend[128];	/* vendor-specific goo */
-} Bootp;
-
-/*
- * bootp returns:
- *
- * "fsip d.d.d.d
- * auip d.d.d.d
- * gwip d.d.d.d
- * ipmask d.d.d.d
- * ipaddr d.d.d.d
- * dnsip d.d.d.d"
- *
- * where d.d.d.d is the IP address in dotted decimal notation, and each
- * address is followed by a newline.
- */
-
-static	Bootp	req;
-static	Proc*	rcvprocp;
-static	int	recv;
-static	int	done;
-static	Rendez	bootpr;
-static	char	rcvbuf[512];
-static	int	bootpdebug;
-
-/*
- * Parse the vendor specific fields according to RFC 1084.
- * We are overloading the "cookie server" to be the Inferno 
- * authentication server and the "resource location server"
- * to be the Inferno file server.
- *
- * If the vendor specific field is formatted properly, it
- * will begin with the four bytes 99.130.83.99 and end with
- * an 0xFF byte.
- */
-static void
-parsevend(uchar* vend)
-{
-	/* The field must start with 99.130.83.99 to be compliant */
-	if ((vend[0] != 99) || (vend[1] != 130) ||
-	    (vend[2] != 83) || (vend[3] != 99)){
-		if(bootpdebug)
-			print("bad bootp vendor field: %.2x%.2x%.2x%.2x", vend[0], vend[1], vend[2], vend[3]);
-		return;
-	}
-
-	/* Skip over the magic cookie */
-	vend += 4;
-
-	while ((vend[0] != 0) && (vend[0] != 0xFF)) {
-		if(bootpdebug){
-			int i;
-			print("vend %d [%d]", vend[0], vend[1]);
-			for(i=0; i<vend[1]; i++)
-				print(" %2.2x", vend[i]);
-			print("\n");
-		}
-		switch (vend[0]) {
-		case 1:	/* Subnet mask field */
-			/* There must be only one subnet mask */
-			if (vend[1] != 4)
-				return;
-
-			ipmask = (vend[2]<<24)|
-				 (vend[3]<<16)|
-				 (vend[4]<<8)|
-				  vend[5];
-			break;
-
-		case 3:	/* Gateway/router field */
-			/* We are only concerned with first address */
-			if (vend[1] < 4)
-				break;
-
-			gwip =	(vend[2]<<24)|
-				(vend[3]<<16)|
-				(vend[4]<<8)|
-				 vend[5];
-			break;
-
-		case 6:	/* DNS server */
-			/* We are only concerned with first address */
-			if (vend[1] < 4)
-				break;
-
-			dnsip =	(vend[2]<<24)|
-				(vend[3]<<16)|
-				(vend[4]<<8)|
-				 vend[5];
-			break;
-
-		case 8:	/* "Cookie server" (auth server) field */
-			/* We are only concerned with first address */
-			if (vend[1] < 4)
-				break;
-
-			auip =	(vend[2]<<24)|
-				(vend[3]<<16)|
-				(vend[4]<<8)|
-				 vend[5];
-			break;
-
-		case 11:	/* "Resource loc server" (file server) field */
-			/* We are only concerned with first address */
-			if (vend[1] < 4)
-				break;
-
-			fsip =	(vend[2]<<24)|
-				(vend[3]<<16)|
-				(vend[4]<<8)|
-				 vend[5];
-			break;
-
-		default:	/* Ignore everything else */
-			break;
-		}
-
-		/* Skip over the field */
-		vend += vend[1] + 2;
-	}
-}
-
-static void
-rcvbootp(void *a)
-{
-	int n, fd;
-	Bootp *rp;
-
-	if(waserror())
-		pexit("", 0);
-	rcvprocp = up;	/* store for postnote below */
-	fd = (int)a;
-	while(done == 0) {
-		n = kread(fd, rcvbuf, sizeof(rcvbuf));
-		if(n <= 0)
-			break;
-		rp = (Bootp*)rcvbuf;
-		if (memcmp(req.chaddr, rp->chaddr, 6) == 0 &&
-		   rp->htype == 1 && rp->hlen == 6) {
-			ipaddr = (rp->yiaddr[0]<<24)|
-				 (rp->yiaddr[1]<<16)|
-				 (rp->yiaddr[2]<<8)|
-				  rp->yiaddr[3];
-			parsevend(rp->vend);
-			break;
-		}
-	}
-	poperror();
-	rcvprocp = nil;
-
-	recv = 1;
-	wakeup(&bootpr);
-	pexit("", 0);
-}
-
-static char*
-rbootp(Ipifc *ifc)
-{
-	int cfd, dfd, tries, n;
-	char ia[5+3*16], im[16], *av[3];
-	uchar nipaddr[4], ngwip[4], nipmask[4];
-	char dir[Maxpath];
-	static uchar vend_rfc1048[] = { 99, 130, 83, 99 };
-
-	av[1] = "0.0.0.0";
-	av[2] = "0.0.0.0";
-	ipifcadd(ifc, av, 3, 0, nil);
-
-	cfd = kannounce("udp!*!68", dir);
-	if(cfd < 0)
-		return "bootp announce failed";
-	strcat(dir, "/data");
-	if(kwrite(cfd, "headers", 7) < 0){
-		kclose(cfd);
-		return "bootp ctl headers failed";
-	}
-	kwrite(cfd, "oldheaders", 10);
-	dfd = kopen(dir, ORDWR);
-	if(dfd < 0){
-		kclose(cfd);
-		return "bootp open data failed";
-	}
-	kclose(cfd);
-
-	/* create request */
-	memset(&req, 0, sizeof(req));
-	ipmove(req.raddr, IPv4bcast);
-	hnputs(req.rport, 67);
-	req.op = Bootrequest;
-	req.htype = 1;			/* ethernet (all we know) */
-	req.hlen = 6;			/* ethernet (all we know) */
-
-	/* Hardware MAC address */
-	memmove(req.chaddr, ifc->mac, 6);
-	/* Fill in the local IP address if we know it */
-	ipv4local(ifc, req.ciaddr);
-	memset(req.file, 0, sizeof(req.file));
-	memmove(req.vend, vend_rfc1048, 4);
-
-	done = 0;
-	recv = 0;
-
-	kproc("rcvbootp", rcvbootp, (void*)dfd, KPDUPFDG);
-
-	/*
-	 * broadcast bootp's till we get a reply,
-	 * or fixed number of tries
-	 */
-	tries = 0;
-	while(recv == 0) {
-		if(kwrite(dfd, &req, sizeof(req)) < 0)
-			print("bootp: write: %r");
-
-		tsleep(&bootpr, return0, 0, 1000);
-		if(++tries > 10) {
-			print("bootp: timed out\n");
-			break;
-		}
-	}
-	kclose(dfd);
-	done = 1;
-	if(rcvprocp != nil){
-		postnote(rcvprocp, 1, "timeout", 0);
-		rcvprocp = nil;
-	}
-
-	av[1] = "0.0.0.0";
-	av[2] = "0.0.0.0";
-	ipifcrem(ifc, av, 3);
-
-	hnputl(nipaddr, ipaddr);
-	sprint(ia, "%V", nipaddr);
-	hnputl(nipmask, ipmask);
-	sprint(im, "%V", nipmask);
-	av[1] = ia;
-	av[2] = im;
-	ipifcadd(ifc, av, 3, 0, nil);
-
-	if(gwip != 0) {
-		hnputl(ngwip, gwip);
-		n = sprint(ia, "add 0.0.0.0 0.0.0.0 %V", ngwip);
-		routewrite(ifc->conv->p->f, nil, ia, n);
-	}
-	return nil;
-}
-
-static int
-rbootpread(char *bp, ulong offset, int len)
-{
-	int n;
-	char *buf;
-	uchar a[4];
-
-	buf = smalloc(READSTR);
-	if(waserror()){
-		free(buf);
-		nexterror();
-	}
-	hnputl(a, fsip);
-	n = snprint(buf, READSTR, "fsip %15V\n", a);
-	hnputl(a, auip);
-	n += snprint(buf + n, READSTR-n, "auip %15V\n", a);
-	hnputl(a, gwip);
-	n += snprint(buf + n, READSTR-n, "gwip %15V\n", a);
-	hnputl(a, ipmask);
-	n += snprint(buf + n, READSTR-n, "ipmask %15V\n", a);
-	hnputl(a, ipaddr);
-	n += snprint(buf + n, READSTR-n, "ipaddr %15V\n", a);
-	hnputl(a, dnsip);
-	snprint(buf + n, READSTR-n, "dnsip %15V\n", a);
-
-	len = readstr(offset, bp, len, buf);
-	poperror();
-	free(buf);
-	return len;
-}
-
-char*	(*bootp)(Ipifc*) = rbootp;
-int	(*bootpread)(char*, ulong, int) = rbootpread;
--- a/os/ip/il.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/il.c	Sat Aug 21 01:39:52 2021
@@ -189,7 +189,7 @@
 {
 	Ipht	ht;
 
-	ulong	stats[Nstats];
+	uvlong	stats[Nstats];
 
 	ulong	csumerr;		/* checksum errors */
 	ulong	hlenerr;		/* header length error */
@@ -208,7 +208,7 @@
 
 
 void	ilrcvmsg(Conv*, Block*);
-void	ilsendctl(Conv*, Ilhdr*, int, ulong, ulong, int);
+int	ilsendctl(Conv*, Ilhdr*, int, ulong, ulong, int);
 void	ilackq(Ilcb*, Block*);
 void	ilprocess(Conv*, Ilhdr*, Block*);
 void	ilpullup(Conv*);
@@ -251,6 +251,9 @@
 	e = Fsstdconnect(c, argv, argc);
 	if(e != nil)
 		return e;
+	if(c->ipversion != V4)
+		return "only IP version 4 supported";
+		
 	return ilstart(c, IL_CONNECT, fast);
 }
 
@@ -260,7 +263,7 @@
 	Ilcb *ic;
 
 	ic = (Ilcb*)(c->ptcl);
-	return snprint(state, n, "%s qin %d qout %d del %5.5d Br %5.5d md %5.5d una %5.5lud rex %5.5d rxq %5.5d max %5.5d",
+	return snprint(state, n, "%s qin %d qout %d del %5.5d Br %5.5d md %5.5d una %5.5lud rex %5.5d rxq %5.5d max %5.5d\n",
 		ilstates[ic->state],
 		c->rq ? qlen(c->rq) : 0,
 		c->wq ? qlen(c->wq) : 0,
@@ -434,7 +437,7 @@
 	p = buf;
 	e = p+len;
 	for(i = 0; i < Nstats; i++)
-		p = seprint(p, e, "%s: %lud\n", statnames[i], priv->stats[i]);
+		p = seprint(p, e, "%s: %llud\n", statnames[i], priv->stats[i]);
 	return p - buf;
 }
 
@@ -548,6 +551,9 @@
 
 	ih = (Ilhdr *)bp->rp;
 	plen = blocklen(bp);
+	if(plen > 0 && (ih->vihl&0xF0)!=IP_VER4)
+		goto raise;	/* ignore non V4 packets */
+
 	if(plen < IL_IPSIZE+IL_HDRSIZE){
 		netlog(il->f, Logil, "il: hlenerr\n");
 		ipriv->stats[HlenErrs]++;
@@ -572,7 +578,7 @@
 		else
 			st = iltype[ih->iltype];
 		ipriv->stats[CsumErrs]++;
-		netlog(il->f, Logil, "il: cksum %ux %ux, pkt(%s id %lud ack %lud %I/%d->%d)\n",
+		netlog(il->f, Logil, "il: cksum %ux %s, pkt(%ux id %ud ack %I/%d->%d)\n",
 			csum, st, nhgetl(ih->ilid), nhgetl(ih->ilack), raddr, sp, dp);
 		goto raise;
 	}
@@ -595,7 +601,7 @@
 			else
 				st = iltype[ih->iltype];
 			ilreject(il->f, ih);		/* no channel and not sync */
-			netlog(il->f, Logil, "il: no channel, pkt(%s id %lud ack %lud %I/%ud->%ud)\n",
+			netlog(il->f, Logil, "il: no channel, pkt(%s id %ud ack %ud %I/%ud->%ud)\n",
 				st, nhgetl(ih->ilid), nhgetl(ih->ilack), raddr, sp, dp); 
 			goto raise;
 		}
@@ -829,7 +835,7 @@
 
 	c = ic->conv;
 	id = nhgetl(h->ilid);
-	netlog(c->p->f, Logil, "il: rexmit %d %ud: %d %d: %i %d/%d\n", id, ic->recvd,
+	netlog(c->p->f, Logil, "il: rexmit %lud %lud: %d %lud: %I %d/%d\n", id, ic->recvd,
 		ic->rexmit, ic->timeout,
 		c->raddr, c->lport, c->rport);
 
@@ -852,14 +858,14 @@
 	ic = (Ilcb*)s->ptcl;
 
 	USED(ic);
-	netlog(s->p->f, Logilmsg, "%11s rcv %d/%d snt %d/%d pkt(%s id %d ack %d %d->%d) ",
+	netlog(s->p->f, Logilmsg, "%11s rcv %lud/%lud snt %lud/%lud pkt(%s id %d ack %ud %ud->%ud) ",
 		ilstates[ic->state],  ic->rstart, ic->recvd, ic->start, 
 		ic->next, iltype[h->iltype], nhgetl(h->ilid), 
 		nhgetl(h->ilack), nhgets(h->ilsrc), nhgets(h->ildst));
 
 	_ilprocess(s, h, bp);
 
-	netlog(s->p->f, Logilmsg, "%11s rcv %d snt %d\n", ilstates[ic->state], ic->recvd, ic->next);
+	netlog(s->p->f, Logilmsg, "%11s rcv %lud snt %lud\n", ilstates[ic->state], ic->recvd, ic->next);
 }
 
 void
@@ -917,17 +923,12 @@
 		bp->list = nil;
 		dlen = nhgets(oh->illen)-IL_HDRSIZE;
 		bp = trimblock(bp, IL_IPSIZE+IL_HDRSIZE, dlen);
+			
 		/*
 		 * Upper levels don't know about multiple-block
 		 * messages so copy all into one (yick).
 		 */
-		bp = concatblock(bp);
-		if(bp == 0)
-			panic("ilpullup");
-		bp = packblock(bp);
-		if(bp == 0)
-			panic("ilpullup2");
-		qpass(s->rq, bp);
+		qpass(s->rq, packblock(concatblock(bp)));
 	}
 	qunlock(&ic->outo);
 }
@@ -948,7 +949,7 @@
 	id = nhgetl(h->ilid);
 	/* Window checks */
 	if(id <= ic->recvd || id > ic->recvd+ic->window) {
-		netlog(s->p->f, Logil, "il: message outside window %ud <%ud-%ud>: %i %d/%d\n",
+		netlog(s->p->f, Logil, "il: message outside window %lud <%lud-%lud>: %I %d/%d\n",
 			id, ic->recvd, ic->recvd+ic->window, s->raddr, s->lport, s->rport);
 		freeblist(bp);
 		return;
@@ -983,7 +984,7 @@
 	qunlock(&ic->outo);
 }
 
-void
+int
 ilsendctl(Conv *ipc, Ilhdr *inih, int type, ulong id, ulong ack, int ilspec)
 {
 	Ilhdr *ih;
@@ -1034,7 +1035,7 @@
 		hnputs(ih->ilsum, ptclcsum(bp, IL_IPSIZE, IL_HDRSIZE));
 
 if(ipc==nil)
-	panic("ipc is nil caller is %.8lux", getcallerpc(&ipc));
+	panic("ipc is nil caller is %#p", getcallerpc(&ipc));
 if(ipc->p==nil)
 	panic("ipc->p is nil");
 
@@ -1042,7 +1043,7 @@
 		iltype[ih->iltype], nhgetl(ih->ilid), nhgetl(ih->ilack), 
 		nhgets(ih->ilsrc), nhgets(ih->ildst));
 
-	ipoput4(ipc->p->f, bp, 0, ttl, tos, ipc);
+	return ipoput4(ipc->p->f, bp, 0, ttl, tos, ipc);
 }
 
 void
@@ -1145,6 +1146,8 @@
 
 	il = x;
 
+	while(waserror())
+		;
 loop:
 	tsleep(&up->sleep, return0, 0, Iltickms);
 	for(s = il->conv; s && *s; s++) {
@@ -1248,7 +1251,7 @@
 		qlock(&ipriv->apl);
 		if(ipriv->ackprocstarted == 0){
 			sprint(kpname, "#I%dilack", c->p->f->dev);
-			kproc(kpname, ilackproc, c->p, 0);
+			kproc(kpname, ilackproc, c->p);
 			ipriv->ackprocstarted = 1;
 		}
 		qunlock(&ipriv->apl);
@@ -1280,7 +1283,8 @@
 	case IL_CONNECT:
 		ic->state = Ilsyncer;
 		iphtadd(&ipriv->ht, c);
-		ilsendctl(c, nil, Ilsync, ic->start, ic->recvd, 0);
+		if(ilsendctl(c, nil, Ilsync, ic->start, ic->recvd, 0) < 0)
+			ilhangup(c, "no route");
 		break;
 	}
 
@@ -1332,6 +1336,8 @@
 		if(s->lport == psource)
 		if(ipcmp(s->laddr, source) == 0)
 		if(ipcmp(s->raddr, dest) == 0){
+			if(s->ignoreadvice)
+				break;
 			qunlock(il);
 			ic = (Ilcb*)s->ptcl;
 			switch(ic->state){
@@ -1380,12 +1386,6 @@
 	}
 }
 
-int
-ilgc(Proto *il)
-{
-	return natgc(il->ipproto);
-}
-
 void
 ilinit(Fs *f)
 {
@@ -1406,7 +1406,7 @@
 	il->advise = iladvise;
 	il->stats = ilxstats;
 	il->inuse = ilinuse;
-	il->gc = ilgc;
+	il->gc = nil;
 	il->ipproto = IP_ILPROTO;
 	il->nc = scalednconv();
 	il->ptclsize = sizeof(Ilcb);
--- a/os/ip/ip.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/ip.c	Sat Aug 21 01:39:52 2021
@@ -7,94 +7,6 @@
 
 #include	"ip.h"
 
-typedef struct IP		IP;
-typedef struct Fragment4	Fragment4;
-typedef struct Fragment6	Fragment6;
-typedef struct Ipfrag		Ipfrag;
-
-enum
-{
-	IP4HDR		= 20,		/* sizeof(Ip4hdr) */
-	IP6HDR		= 40,		/* sizeof(Ip6hdr) */
-	IP_HLEN4	= 0x05,		/* Header length in words */
-	IP_DF		= 0x4000,	/* Don't fragment */
-	IP_MF		= 0x2000,	/* More fragments */
-	IP6FHDR		= 8, 		/* sizeof(Fraghdr6) */
-	IP_MAX		= 64*1024,	/* Maximum Internet packet size */
-};
-
-#define BLKIPVER(xp)	(((Ip4hdr*)((xp)->rp))->vihl&0xF0)
-
-/* MIB II counters */
-enum
-{
-	Forwarding,
-	DefaultTTL,
-	InReceives,
-	InHdrErrors,
-	InAddrErrors,
-	ForwDatagrams,
-	InUnknownProtos,
-	InDiscards,
-	InDelivers,
-	OutRequests,
-	OutDiscards,
-	OutNoRoutes,
-	ReasmTimeout,
-	ReasmReqds,
-	ReasmOKs,
-	ReasmFails,
-	FragOKs,
-	FragFails,
-	FragCreates,
-
-	Nstats,
-};
-
-struct Fragment4
-{
-	Block*	blist;
-	Fragment4*	next;
-	ulong 	src;
-	ulong 	dst;
-	ushort	id;
-	ulong 	age;
-};
-
-struct Fragment6
-{
-	Block*	blist;
-	Fragment6*	next;
-	uchar 	src[IPaddrlen];
-	uchar 	dst[IPaddrlen];
-	uint	id;
-	ulong 	age;
-};
-
-struct Ipfrag
-{
-	ushort	foff;
-	ushort	flen;
-};
-
-/* an instance of IP */
-struct IP
-{
-	ulong		stats[Nstats];
-
-	QLock		fraglock4;
-	Fragment4*	flisthead4;
-	Fragment4*	fragfree4;
-	Ref		id4;
-
-	QLock		fraglock6;
-	Fragment6*	flisthead6;
-	Fragment6*	fragfree6;
-	Ref		id6;
-
-	int		iprouting;	/* true if we route like a gateway */
-};
-
 static char *statnames[] =
 {
 [Forwarding]	"Forwarding",
@@ -118,45 +30,11 @@
 [FragCreates]	"FragCreates",
 };
 
-#define BLKIP(xp)	((Ip4hdr*)((xp)->rp))
-/*
- * This sleazy macro relies on the media header size being
- * larger than sizeof(Ipfrag). ipreassemble checks this is true
- */
-#define BKFG(xp)	((Ipfrag*)((xp)->base))
-
-ushort		ipcsum(uchar*);
-Block*		ip4reassemble(IP*, int, Block*, Ip4hdr*);
-void		ipfragfree4(IP*, Fragment4*);
-Fragment4*	ipfragallo4(IP*);
-
-
-void
-ip_init_6(Fs *f)
-{
-	V6params *v6p;
-
-	v6p = smalloc(sizeof(V6params));
-	
-	v6p->rp.mflag		= 0;		// default not managed
-	v6p->rp.oflag		= 0;
-	v6p->rp.maxraint	= 600000;	// millisecs
-	v6p->rp.minraint	= 200000;
-	v6p->rp.linkmtu		= 0;		// no mtu sent
-	v6p->rp.reachtime	= 0;
-	v6p->rp.rxmitra		= 0;
-	v6p->rp.ttl		= MAXTTL;
-	v6p->rp.routerlt	= 3*(v6p->rp.maxraint);	
+static Block*		ip4reassemble(IP*, int, Block*);
+static void		ipfragfree4(IP*, Fragment4*);
+static Fragment4*	ipfragallo4(IP*);
 
-	v6p->hp.rxmithost	= 1000;		// v6 RETRANS_TIMER
-
-	v6p->cdrouter 		= -1;
-
-	f->v6p			= v6p;
-
-}
-
-void
+static void
 initfrag(IP *ip, int size)
 {
 	Fragment4 *fq4, *eq4;
@@ -189,6 +67,7 @@
 	IP *ip;
 
 	ip = smalloc(sizeof(IP));
+	ip->stats[DefaultTTL] = MAXTTL;
 	initfrag(ip, 100);
 	f->ip = ip;
 
@@ -202,77 +81,52 @@
 	if(f->ip->iprouting==0)
 		f->ip->stats[Forwarding] = 2;
 	else
-		f->ip->stats[Forwarding] = 1;	
+		f->ip->stats[Forwarding] = 1;
 }
 
 int
-ipoput4(Fs *f, Block *bp, int gating, int ttl, int tos, Conv *c)
+ipoput4(Fs *f, Block *bp, int gating, int ttl, int tos, Routehint *rh)
 {
 	Ipifc *ifc;
 	uchar *gate;
 	ulong fragoff;
 	Block *xp, *nb;
 	Ip4hdr *eh, *feh;
-	int lid, len, seglen, chunk, dlen, blklen, offset, medialen;
-	Route *r, *sr;
+	int lid, len, seglen, chunk, hlen, dlen, blklen, offset, medialen;
+	Route *r;
 	IP *ip;
 	int rv = 0;
 
 	ip = f->ip;
-
-	/* Fill out the ip header */
-	eh = (Ip4hdr*)(bp->rp);
-
 	ip->stats[OutRequests]++;
 
-	/* Number of uchars in data and ip header to write */
+	/* Fill out the ip header */
+	eh = (Ip4hdr*)bp->rp;
+	assert(BLEN(bp) >= IP4HDR);
 	len = blocklen(bp);
-
-	if(gating){
-		chunk = nhgets(eh->length);
-		if(chunk > len){
-			ip->stats[OutDiscards]++;
-			netlog(f, Logip, "short gated packet\n");
-			goto free;
-		}
-		if(chunk < len)
-			len = chunk;
-	}
 	if(len >= IP_MAX){
 		ip->stats[OutDiscards]++;
-		netlog(f, Logip, "exceeded ip max size %V\n", eh->dst);
+		netlog(f, Logip, "%V -> %V: exceeded ip max size: %d\n", eh->src, eh->dst, len);
 		goto free;
 	}
 
-	r = v4lookup(f, eh->dst, c);
-	if(r == nil){
+	r = v4lookup(f, eh->dst, eh->src, rh);
+	if(r == nil || (ifc = r->ifc) == nil){
 		ip->stats[OutNoRoutes]++;
-		netlog(f, Logip, "no interface %V\n", eh->dst);
+		netlog(f, Logip, "%V -> %V: no interface\n", eh->src, eh->dst);
 		rv = -1;
 		goto free;
 	}
 
-	ifc = r->ifc;
-	if(r->type & (Rifc|Runi))
-		gate = eh->dst;
-	else
-	if(r->type & (Rbcast|Rmulti)) {
+	if(r->type & (Rifc|Runi|Rbcast|Rmulti))
 		gate = eh->dst;
-		sr = v4lookup(f, eh->src, nil);
-		if(sr != nil && (sr->type & Runi))
-			ifc = sr->ifc;
-	}
 	else
 		gate = r->v4.gate;
 
-	if(!gating)
-		eh->vihl = IP_VER4|IP_HLEN4;
-	eh->ttl = ttl;
-	if(!gating)
-		eh->tos = tos;
-
-	if(!canrlock(ifc))
+	if(!canrlock(ifc)){
+		ip->stats[OutDiscards]++;
 		goto free;
+	}
 	if(waserror()){
 		runlock(ifc);
 		nexterror();
@@ -280,56 +134,57 @@
 	if(ifc->m == nil)
 		goto raise;
 
-	/* Output NAT */
-	if(nato(bp, ifc, f) != 0)
-		goto raise;
+	if(!gating){
+		eh->vihl = IP_VER4|IP_HLEN4;
+		eh->tos = tos;
+	}
+	eh->ttl = ttl;
 
 	/* If we dont need to fragment just send it */
 	medialen = ifc->maxtu - ifc->m->hsize;
 	if(len <= medialen) {
-		if(!gating)
-			hnputs(eh->id, incref(&ip->id4));
 		hnputs(eh->length, len);
 		if(!gating){
+			hnputs(eh->id, incref(&ip->id4));
 			eh->frag[0] = 0;
 			eh->frag[1] = 0;
 		}
 		eh->cksum[0] = 0;
 		eh->cksum[1] = 0;
 		hnputs(eh->cksum, ipcsum(&eh->vihl));
-		ifc->m->bwrite(ifc, bp, V4, gate);
+
+		ipifcoput(ifc, bp, V4, gate);
 		runlock(ifc);
 		poperror();
 		return 0;
 	}
 
-if((eh->frag[0] & (IP_DF>>8)) && !gating) print("%V: DF set\n", eh->dst);
-
 	if(eh->frag[0] & (IP_DF>>8)){
 		ip->stats[FragFails]++;
 		ip->stats[OutDiscards]++;
 		icmpcantfrag(f, bp, medialen);
-		netlog(f, Logip, "%V: eh->frag[0] & (IP_DF>>8)\n", eh->dst);
+		netlog(f, Logip, "%V -> %V: can't fragment with DF flag set\n", eh->src, eh->dst);
 		goto raise;
 	}
 
-	seglen = (medialen - IP4HDR) & ~7;
+	hlen = (eh->vihl & 0xF)<<2;
+	seglen = (medialen - hlen) & ~7;
 	if(seglen < 8){
 		ip->stats[FragFails]++;
 		ip->stats[OutDiscards]++;
-		netlog(f, Logip, "%V seglen < 8\n", eh->dst);
+		netlog(f, Logip, "%V -> %V: can't fragment with seglen < 8\n", eh->src, eh->dst);
 		goto raise;
 	}
 
-	dlen = len - IP4HDR;
+	dlen = len - hlen;
 	xp = bp;
 	if(gating)
 		lid = nhgets(eh->id);
 	else
 		lid = incref(&ip->id4);
 
-	offset = IP4HDR;
-	while(xp != nil && offset && offset >= BLEN(xp)) {
+	offset = hlen;
+	while(offset && offset >= BLEN(xp)) {
 		offset -= BLEN(xp);
 		xp = xp->next;
 	}
@@ -341,30 +196,30 @@
 		fragoff = 0;
 	dlen += fragoff;
 	for(; fragoff < dlen; fragoff += seglen) {
-		nb = allocb(IP4HDR+seglen);
-		feh = (Ip4hdr*)(nb->rp);
+		nb = allocb(hlen+seglen);
+		feh = (Ip4hdr*)nb->rp;
 
-		memmove(nb->wp, eh, IP4HDR);
-		nb->wp += IP4HDR;
+		memmove(nb->wp, eh, hlen);
+		nb->wp += hlen;
 
 		if((fragoff + seglen) >= dlen) {
 			seglen = dlen - fragoff;
 			hnputs(feh->frag, fragoff>>3);
 		}
-		else	
+		else
 			hnputs(feh->frag, (fragoff>>3)|IP_MF);
 
-		hnputs(feh->length, seglen + IP4HDR);
+		hnputs(feh->length, seglen + hlen);
 		hnputs(feh->id, lid);
 
 		/* Copy up the data area */
 		chunk = seglen;
 		while(chunk) {
-			if(!xp) {
+			if(xp == nil) {
 				ip->stats[OutDiscards]++;
 				ip->stats[FragFails]++;
 				freeblist(nb);
-				netlog(f, Logip, "!xp: chunk %d\n", chunk);
+				netlog(f, Logip, "xp == nil: chunk %d\n", chunk);
 				goto raise;
 			}
 			blklen = chunk;
@@ -376,12 +231,13 @@
 			chunk -= blklen;
 			if(xp->rp == xp->wp)
 				xp = xp->next;
-		} 
+		}
 
 		feh->cksum[0] = 0;
 		feh->cksum[1] = 0;
 		hnputs(feh->cksum, ipcsum(&feh->vihl));
-		ifc->m->bwrite(ifc, nb, V4, gate);
+
+		ipifcoput(ifc, nb, V4, gate);
 		ip->stats[FragCreates]++;
 	}
 	ip->stats[FragOKs]++;
@@ -396,17 +252,14 @@
 void
 ipiput4(Fs *f, Ipifc *ifc, Block *bp)
 {
-	int hl;
-	int hop, tos, proto, olen;
+	int hl, len, hop, tos;
+	uchar v6dst[IPaddrlen];
+	ushort frag;
 	Ip4hdr *h;
 	Proto *p;
-	ushort frag;
-	int notforme;
-	uchar *dp, v6dst[IPaddrlen];
 	IP *ip;
-	Route *r;
 
-	if(BLKIPVER(bp) != IP_VER4) {
+	if((bp->rp[0]&0xF0) != IP_VER4) {
 		ipiput6(f, ifc, bp);
 		return;
 	}
@@ -430,108 +283,93 @@
 			return;
 	}
 
-	h = (Ip4hdr*)(bp->rp);
-
-	/* Input NAT */
-	nati(bp, ifc);
-
-	/* dump anything that whose header doesn't checksum */
+	h = (Ip4hdr*)bp->rp;
+	hl = (h->vihl & 0xF)<<2;
+	if(hl < IP4HDR || hl > BLEN(bp)) {
+		ip->stats[InHdrErrors]++;
+		netlog(f, Logip, "%V -> %V: bad ip header length: %d\n", h->src, h->dst, hl);
+		goto drop;
+	}
 	if((bp->flag & Bipck) == 0 && ipcsum(&h->vihl)) {
 		ip->stats[InHdrErrors]++;
-		netlog(f, Logip, "ip: checksum error %V\n", h->src);
-		freeblist(bp);
-		return;
+		netlog(f, Logip, "%V -> %V: bad ip header checksum\n", h->src, h->dst);
+		goto drop;
 	}
-	v4tov6(v6dst, h->dst);
-	notforme = ipforme(f, v6dst) == 0;
-
-	/* Check header length and version */
-	if((h->vihl&0x0F) != IP_HLEN4) {
-		hl = (h->vihl&0xF)<<2;
-		if(hl < (IP_HLEN4<<2)) {
-			ip->stats[InHdrErrors]++;
-			netlog(f, Logip, "ip: %V bad hivl %ux\n", h->src, h->vihl);
-			freeblist(bp);
-			return;
-		}
-	  /* If this is not routed strip off the options */
-		if(notforme == 0) {
-			olen = nhgets(h->length);
-			dp = bp->rp + (hl - (IP_HLEN4<<2));
-			memmove(dp, h, IP_HLEN4<<2);
-			bp->rp = dp;
-			h = (Ip4hdr*)(bp->rp);
-			h->vihl = (IP_VER4|IP_HLEN4);
-			hnputs(h->length, olen-hl+(IP_HLEN4<<2));
-		}
+	len = nhgets(h->length);
+	if(len < hl || (bp = trimblock(bp, 0, len)) == nil){
+		ip->stats[InHdrErrors]++;
+		netlog(f, Logip, "%V -> %V: bogus packet length: %d\n", h->src, h->dst, len);
+		if(bp != nil)
+			goto drop;
+		return;
 	}
+	h = (Ip4hdr*)bp->rp;
 
 	/* route */
-	if(notforme) {
-		Conv conv;
+	v4tov6(v6dst, h->dst);
+	if(!ipforme(f, v6dst)) {
+		Route *r;
+		Routehint rh;
+		Ipifc *nifc;
 
-		if(!ip->iprouting){
-			freeb(bp);
-			return;
-		}
+		if(!ip->iprouting)
+			goto drop;
 
 		/* don't forward to source's network */
-		conv.r = nil;
-		r = v4lookup(f, h->dst, &conv);
-		if(r == nil || r->ifc == ifc){
+		rh.r = nil;
+		r = v4lookup(f, h->dst, h->src, &rh);
+		if(r == nil || (nifc = r->ifc) == nil
+		|| (nifc == ifc && !ifc->reflect)){
 			ip->stats[OutDiscards]++;
-			freeblist(bp);
-			return;
+			goto drop;
 		}
 
 		/* don't forward if packet has timed out */
 		hop = h->ttl;
 		if(hop < 1) {
 			ip->stats[InHdrErrors]++;
-			icmpttlexceeded(f, ifc->lifc->local, bp);
-			freeblist(bp);
-			return;
+			icmpttlexceeded(f, ifc, bp);
+			goto drop;
 		}
 
 		/* reassemble if the interface expects it */
-if(r->ifc == nil) panic("nil route rfc");
-		if(r->ifc->reassemble){
+		if(nifc->reassemble){
 			frag = nhgets(h->frag);
-			if(frag) {
-				h->tos = 0;
-				if(frag & IP_MF)
-					h->tos = 1;
-				bp = ip4reassemble(ip, frag, bp, h);
+			if(frag & (IP_MF|IP_FO)) {
+				bp = ip4reassemble(ip, frag, bp);
 				if(bp == nil)
 					return;
-				h = (Ip4hdr*)(bp->rp);
+				h = (Ip4hdr*)bp->rp;
 			}
 		}
 
 		ip->stats[ForwDatagrams]++;
 		tos = h->tos;
 		hop = h->ttl;
-		ipoput4(f, bp, 1, hop - 1, tos, &conv);
+		ipoput4(f, bp, 1, hop - 1, tos, &rh);
 		return;
 	}
 
+	/* If this is not routed strip off the options */
+	if(hl > IP4HDR) {
+		hl -= IP4HDR;
+		len -= hl;
+		bp->rp += hl;
+		memmove(bp->rp, h, IP4HDR);
+		h = (Ip4hdr*)bp->rp;
+		h->vihl = IP_VER4|IP_HLEN4;
+		hnputs(h->length, len);
+	}
+
 	frag = nhgets(h->frag);
-	if(frag) {
-		h->tos = 0;
-		if(frag & IP_MF)
-			h->tos = 1;
-		bp = ip4reassemble(ip, frag, bp, h);
+	if(frag & (IP_MF|IP_FO)) {
+		bp = ip4reassemble(ip, frag, bp);
 		if(bp == nil)
 			return;
-		h = (Ip4hdr*)(bp->rp);
+		h = (Ip4hdr*)bp->rp;
 	}
 
-	/* don't let any frag info go up the stack */
-	h->frag[0] = 0;
-	h->frag[1] = 0;
-
-	proto = h->proto;
-	p = Fsrcvpcol(f, proto);
+	p = Fsrcvpcol(f, h->proto);
 	if(p != nil && p->rcv != nil) {
 		ip->stats[InDelivers]++;
 		(*p->rcv)(p, ifc, bp);
@@ -539,6 +377,7 @@
 	}
 	ip->stats[InDiscards]++;
 	ip->stats[InUnknownProtos]++;
+drop:
 	freeblist(bp);
 }
 
@@ -550,45 +389,43 @@
 	int i;
 
 	ip = f->ip;
-	ip->stats[DefaultTTL] = MAXTTL;
-
 	p = buf;
 	e = p+len;
-	for(i = 0; i < Nstats; i++)
-		p = seprint(p, e, "%s: %lud\n", statnames[i], ip->stats[i]);
+	for(i = 0; i < Nipstats; i++)
+		p = seprint(p, e, "%s: %llud\n", statnames[i], ip->stats[i]);
 	return p - buf;
 }
 
-Block*
-ip4reassemble(IP *ip, int offset, Block *bp, Ip4hdr *ih)
+static Block*
+ip4reassemble(IP *ip, int offset, Block *bp)
 {
-	int fend;
+	int ovlap, fragsize, len;
+	ulong src, dst;
 	ushort id;
+	Block *bl, **l, *prev;
 	Fragment4 *f, *fnext;
-	ulong src, dst;
-	Block *bl, **l, *last, *prev;
-	int ovlap, len, fragsize, pktposn;
+	Ipfrag *fp, *fq;
+	Ip4hdr *ih;
+
+	/*
+	 *  block lists are too hard, concatblock into a single block
+	 */
+	bp = concatblock(bp);
 
+	ih = (Ip4hdr*)bp->rp;
 	src = nhgetl(ih->src);
 	dst = nhgetl(ih->dst);
 	id = nhgets(ih->id);
-
-	/*
-	 *  block lists are too hard, pullupblock into a single block
-	 */
-	if(bp->next){
-		bp = pullupblock(bp, blocklen(bp));
-		ih = (Ip4hdr*)(bp->rp);
-	}
+	fragsize = BLEN(bp) - ((ih->vihl&0xF)<<2);
 
 	qlock(&ip->fraglock4);
 
 	/*
 	 *  find a reassembly queue for this fragment
 	 */
-	for(f = ip->flisthead4; f; f = fnext){
+	for(f = ip->flisthead4; f != nil; f = fnext){
 		fnext = f->next;	/* because ipfragfree4 changes the list */
-		if(f->src == src && f->dst == dst && f->id == id)
+		if(f->id == id && f->src == src && f->dst == dst)
 			break;
 		if(f->age < NOW){
 			ip->stats[ReasmTimeout]++;
@@ -601,22 +438,23 @@
 	 *  and get rid of any fragments that might go
 	 *  with it.
 	 */
-	if(!ih->tos && (offset & ~(IP_MF|IP_DF)) == 0) {
+	if((offset & (IP_MF|IP_FO)) == 0) {
 		if(f != nil) {
-			ipfragfree4(ip, f);
 			ip->stats[ReasmFails]++;
+			ipfragfree4(ip, f);
 		}
 		qunlock(&ip->fraglock4);
 		return bp;
 	}
 
-	if(bp->base+sizeof(Ipfrag) >= bp->rp){
-		bp = padblock(bp, sizeof(Ipfrag));
-		bp->rp += sizeof(Ipfrag);
+	if(bp->base+IPFRAGSZ > bp->rp){
+		bp = padblock(bp, IPFRAGSZ);
+		bp->rp += IPFRAGSZ;
 	}
 
-	BKFG(bp)->foff = offset<<3;
-	BKFG(bp)->flen = nhgets(ih->length)-IP4HDR;
+	fp = (Ipfrag*)bp->base;
+	fp->foff = (offset & IP_FO)<<3;
+	fp->flen = fragsize;
 
 	/* First fragment allocates a reassembly queue */
 	if(f == nil) {
@@ -627,8 +465,9 @@
 
 		f->blist = bp;
 
-		qunlock(&ip->fraglock4);
 		ip->stats[ReasmReqds]++;
+		qunlock(&ip->fraglock4);
+
 		return nil;
 	}
 
@@ -638,22 +477,23 @@
 	prev = nil;
 	l = &f->blist;
 	bl = f->blist;
-	while(bl != nil && BKFG(bp)->foff > BKFG(bl)->foff) {
+	while(bl != nil && fp->foff > ((Ipfrag*)bl->base)->foff) {
 		prev = bl;
 		l = &bl->next;
 		bl = bl->next;
 	}
 
 	/* Check overlap of a previous fragment - trim away as necessary */
-	if(prev) {
-		ovlap = BKFG(prev)->foff + BKFG(prev)->flen - BKFG(bp)->foff;
+	if(prev != nil) {
+		fq = (Ipfrag*)prev->base;
+		ovlap = fq->foff + fq->flen - fp->foff;
 		if(ovlap > 0) {
-			if(ovlap >= BKFG(bp)->flen) {
-				freeblist(bp);
+			if(ovlap >= fp->flen) {
 				qunlock(&ip->fraglock4);
+				freeb(bp);
 				return nil;
 			}
-			BKFG(prev)->flen -= ovlap;
+			fq->flen -= ovlap;
 		}
 	}
 
@@ -662,26 +502,26 @@
 	*l = bp;
 
 	/* Check to see if succeeding segments overlap */
-	if(bp->next) {
+	if(bp->next != nil) {
 		l = &bp->next;
-		fend = BKFG(bp)->foff + BKFG(bp)->flen;
+		offset = fp->foff + fp->flen;
 		/* Take completely covered segments out */
-		while(*l) {
-			ovlap = fend - BKFG(*l)->foff;
+		while((bl = *l) != nil) {
+			fq = (Ipfrag*)bl->base;
+			ovlap = offset - fq->foff;
 			if(ovlap <= 0)
 				break;
-			if(ovlap < BKFG(*l)->flen) {
-				BKFG(*l)->flen -= ovlap;
-				BKFG(*l)->foff += ovlap;
-				/* move up ih hdrs */
-				memmove((*l)->rp + ovlap, (*l)->rp, IP4HDR);
-				(*l)->rp += ovlap;
+			if(ovlap < fq->flen) {
+				/* move up ip header */
+				memmove(bl->rp + ovlap, bl->rp, BLEN(bl) - fq->flen);
+				bl->rp += ovlap;
+				fq->flen -= ovlap;
+				fq->foff += ovlap;
 				break;
 			}
-			last = (*l)->next;
-			(*l)->next = nil;
-			freeblist(*l);
-			*l = last;
+			*l = bl->next;
+			bl->next = nil;
+			freeb(bl);
 		}
 	}
 
@@ -689,35 +529,50 @@
 	 *  look for a complete packet.  if we get to a fragment
 	 *  without IP_MF set, we're done.
 	 */
-	pktposn = 0;
-	for(bl = f->blist; bl; bl = bl->next) {
-		if(BKFG(bl)->foff != pktposn)
+	offset = 0;
+	for(bl = f->blist; bl != nil; bl = bl->next, offset += fp->flen) {
+		fp = (Ipfrag*)bl->base;
+		if(fp->foff != offset)
 			break;
-		if((BLKIP(bl)->frag[0]&(IP_MF>>8)) == 0) {
-			bl = f->blist;
-			len = nhgets(BLKIP(bl)->length);
-			bl->wp = bl->rp + len;
-
-			/* Pullup all the fragment headers and
-			 * return a complete packet
-			 */
-			for(bl = bl->next; bl; bl = bl->next) {
-				fragsize = BKFG(bl)->flen;
-				len += fragsize;
-				bl->rp += IP4HDR;
-				bl->wp = bl->rp + fragsize;
-			}
 
-			bl = f->blist;
-			f->blist = nil;
+		ih = (Ip4hdr*)bl->rp;
+		if(ih->frag[0]&(IP_MF>>8))
+			continue;
+
+		bl = f->blist;
+		len = BLEN(bl);
+
+		/*
+		 * Pullup all the fragment headers and
+		 * return a complete packet
+		 */
+		for(bl = bl->next; bl != nil && len < IP_MAX; bl = bl->next) {
+			fq = (Ipfrag*)bl->base;
+			fragsize = fq->flen;
+			bl->rp = bl->wp - fragsize;
+			len += fragsize;
+		}
+
+		if(len >= IP_MAX){
 			ipfragfree4(ip, f);
-			ih = BLKIP(bl);
-			hnputs(ih->length, len);
+			ip->stats[ReasmFails]++;
 			qunlock(&ip->fraglock4);
-			ip->stats[ReasmOKs]++;
-			return bl;		
+			return nil;
 		}
-		pktposn += BKFG(bl)->flen;
+
+		bl = f->blist;
+		f->blist = nil;
+		ipfragfree4(ip, f);
+
+		ih = (Ip4hdr*)bl->rp;
+		ih->frag[0] = 0;
+		ih->frag[1] = 0;
+		hnputs(ih->length, len);
+
+		ip->stats[ReasmOKs]++;
+		qunlock(&ip->fraglock4);
+
+		return bl;
 	}
 	qunlock(&ip->fraglock4);
 	return nil;
@@ -726,20 +581,20 @@
 /*
  * ipfragfree4 - Free a list of fragments - assume hold fraglock4
  */
-void
+static void
 ipfragfree4(IP *ip, Fragment4 *frag)
 {
 	Fragment4 *fl, **l;
 
-	if(frag->blist)
+	if(frag->blist != nil)
 		freeblist(frag->blist);
-
-	frag->src = 0;
-	frag->id = 0;
 	frag->blist = nil;
+	frag->id = 0;
+	frag->src = 0;
+	frag->dst = 0;
 
 	l = &ip->flisthead4;
-	for(fl = *l; fl; fl = fl->next) {
+	for(fl = *l; fl != nil; fl = fl->next) {
 		if(fl == frag) {
 			*l = frag->next;
 			break;
@@ -755,14 +610,14 @@
 /*
  * ipfragallo4 - allocate a reassembly queue - assume hold fraglock4
  */
-Fragment4 *
+static Fragment4*
 ipfragallo4(IP *ip)
 {
 	Fragment4 *f;
 
 	while(ip->fragfree4 == nil) {
 		/* free last entry on fraglist */
-		for(f = ip->flisthead4; f->next; f = f->next)
+		for(f = ip->flisthead4; f->next != nil; f = f->next)
 			;
 		ipfragfree4(ip, f);
 	}
--- a/os/ip/ip.h	Thu Aug 12 23:08:35 2021
+++ b/os/ip/ip.h	Sat Aug 21 01:39:52 2021
@@ -1,35 +1,33 @@
 typedef struct	Conv	Conv;
+typedef struct	Fragment4 Fragment4;
+typedef struct	Fragment6 Fragment6;
 typedef struct	Fs	Fs;
 typedef union	Hwaddr	Hwaddr;
 typedef struct	IP	IP;
 typedef struct	IPaux	IPaux;
+typedef struct	Ip4hdr	Ip4hdr;
+typedef struct	Ipfrag	Ipfrag;
 typedef struct	Ipself	Ipself;
 typedef struct	Ipselftab	Ipselftab;
 typedef struct	Iplink	Iplink;
 typedef struct	Iplifc	Iplifc;
 typedef struct	Ipmulti	Ipmulti;
-typedef struct	IProuter IProuter;
 typedef struct	Ipifc	Ipifc;
 typedef struct	Iphash	Iphash;
 typedef struct	Ipht	Ipht;
 typedef struct	Netlog	Netlog;
-typedef struct	Ifclog	Ifclog;
 typedef struct	Medium	Medium;
 typedef struct	Proto	Proto;
 typedef struct	Arpent	Arpent;
 typedef struct	Arp Arp;
 typedef struct	Route	Route;
+typedef struct	Routehint Routehint;
 
 typedef struct	Routerparams	Routerparams;
 typedef struct 	Hostparams	Hostparams;
-typedef struct 	V6router	V6router;
-typedef struct	V6params	V6params;
-
-typedef struct Ip4hdr     Ip4hdr;
-typedef struct Nat	Nat;
+typedef struct	v6params	v6params;
 
 #pragma incomplete Arp
-#pragma	incomplete Ifclog
 #pragma incomplete Ipself
 #pragma incomplete Ipselftab
 #pragma incomplete IP
@@ -39,10 +37,9 @@
 {
 	Addrlen=	64,
 	Maxproto=	20,
-	Nhash=		64,
-	Maxincall=	5,
-	Nchans=		16383,
-	MAClen=		16,		/* longest mac address */
+	Maxincall=	10,
+	Nchans=		1024,
+	MAClen=		8,		/* longest mac address */
 
 	MAXTTL=		255,
 	DFLTTOS=	0,
@@ -57,6 +54,12 @@
 	V6=		6,
 	IP_VER4= 	0x40,
 	IP_VER6=	0x60,
+	IP_HLEN4=	5,		/* v4: Header length in words */
+	IP_DF=		0x4000,		/* v4: Don't fragment */
+	IP_MF=		0x2000,		/* v4: More fragments */
+	IP_FO=		0x1fff,		/* v4: Fragment offset */
+	IP4HDR=		IP_HLEN4<<2,	/* sizeof(Ip4hdr) */
+	IP_MAX=		64*1024,	/* Max. Internet packet size, v4 & v6 */
 
 	/* 2^Lroot trees in the root table */
 	Lroot=		10,
@@ -73,6 +76,79 @@
 	Connected=	4,
 };
 
+/* MIB II counters */
+enum
+{
+	Forwarding,
+	DefaultTTL,
+	InReceives,
+	InHdrErrors,
+	InAddrErrors,
+	ForwDatagrams,
+	InUnknownProtos,
+	InDiscards,
+	InDelivers,
+	OutRequests,
+	OutDiscards,
+	OutNoRoutes,
+	ReasmTimeout,
+	ReasmReqds,
+	ReasmOKs,
+	ReasmFails,
+	FragOKs,
+	FragFails,
+	FragCreates,
+
+	Nipstats,
+};
+
+struct Fragment4
+{
+	Block*	blist;
+	Fragment4*	next;
+	ulong 	src;
+	ulong 	dst;
+	ushort	id;
+	ulong 	age;
+};
+
+struct Fragment6
+{
+	Block*	blist;
+	Fragment6*	next;
+	uchar 	src[IPaddrlen];
+	uchar 	dst[IPaddrlen];
+	uint	id;
+	ulong 	age;
+};
+
+struct Ipfrag
+{
+	ushort	foff;
+	ushort	flen;
+	uchar	payload[];
+};
+
+#define IPFRAGSZ offsetof(Ipfrag, payload[0])
+
+/* an instance of IP */
+struct IP
+{
+	uvlong		stats[Nipstats];
+
+	QLock		fraglock4;
+	Fragment4*	flisthead4;
+	Fragment4*	fragfree4;
+	Ref		id4;
+
+	QLock		fraglock6;
+	Fragment6*	flisthead6;
+	Fragment6*	fragfree6;
+	Ref		id6;
+
+	int		iprouting;	/* true if we route like a gateway */
+};
+
 /* on the wire packet header */
 struct Ip4hdr
 {
@@ -86,7 +162,12 @@
 	uchar	cksum[2];	/* Header checksum */
 	uchar	src[4];		/* IP source */
 	uchar	dst[4];		/* IP destination */
-	uchar	data[1];	/* start of data */
+};
+
+struct Routehint
+{
+	Route	*r;			/* last route used */
+	ulong	rgen;			/* routetable generation for *r */
 };
 
 /*
@@ -100,9 +181,9 @@
 	Proto*	p;
 
 	int	restricted;		/* remote port is restricted */
+	int	ignoreadvice;		/* don't terminate connection on icmp errors */
 	uint	ttl;			/* max time to live */
 	uint	tos;			/* type of service */
-	int	ignoreadvice;		/* don't terminate connection on icmp errors */
 
 	uchar	ipversion;
 	uchar	laddr[IPaddrlen];	/* local IP address */
@@ -139,8 +220,7 @@
 
 	void*	ptcl;			/* protocol specific stuff */
 
-	Route	*r;			/* last route used */
-	ulong	rgen;			/* routetable generation for *r */
+	Routehint;
 };
 
 struct Medium
@@ -161,18 +241,8 @@
 	/* process packets written to 'data' */
 	void	(*pktin)(Fs *f, Ipifc *ifc, Block *bp);
 
-	/* routes for router boards */
-	void	(*addroute)(Ipifc *ifc, int, uchar*, uchar*, uchar*, int);
-	void	(*remroute)(Ipifc *ifc, int, uchar*, uchar*);
-	void	(*flushroutes)(Ipifc *ifc);
-
-	/* for routing multicast groups */
-	void	(*joinmulti)(Ipifc *ifc, uchar *a, uchar *ia);
-	void	(*leavemulti)(Ipifc *ifc, uchar *a, uchar *ia);
-
 	/* address resolution */
-	void	(*ares)(Fs*, int, uchar*, uchar*, int, int);	/* resolve */
-	void	(*areg)(Ipifc*, uchar*);			/* register */
+	void	(*areg)(Fs *f, Ipifc *ifc, Iplifc *lifc, uchar *ip);
 
 	/* v6 address generation */
 	void	(*pref2addr)(uchar *pref, uchar *ea);
@@ -187,12 +257,13 @@
 	uchar	mask[IPaddrlen];
 	uchar	remote[IPaddrlen];
 	uchar	net[IPaddrlen];
+	uchar	type;		/* route type */
 	uchar	tentative;	/* =1 => v6 dup disc on, =0 => confirmed unique */
 	uchar	onlink;		/* =1 => onlink, =0 offlink. */
 	uchar	autoflag;	/* v6 autonomous flag */
-	long 	validlt;	/* v6 valid lifetime */
-	long 	preflt;		/* v6 preferred lifetime */
-	long	origint;	/* time when addr was added */
+	ulong 	validlt;	/* v6 valid lifetime */
+	ulong 	preflt;		/* v6 preferred lifetime */
+	ulong	origint;	/* time when addr was added */
 	Iplink	*link;		/* addresses linked to this lifc */
 	Iplifc	*next;
 };
@@ -203,25 +274,25 @@
 	Ipself	*self;
 	Iplifc	*lifc;
 	Iplink	*selflink;	/* next link for this local address */
-	Iplink	*lifclink;	/* next link for this ifc */
-	ulong	expire;
+	Iplink	*lifclink;	/* next link for this lifc */
 	Iplink	*next;		/* free list */
+	ulong	expire;
 	int	ref;
 };
 
-/* rfc 2461, pp.40--43. */
+/* rfc 2461, pp.40—43. */
 
 /* default values, one per stack */
 struct Routerparams {
-	int	mflag;
-	int	oflag;
-	int 	maxraint;
-	int	minraint;
-	int	linkmtu;
-	int	reachtime;
-	int	rxmitra;
-	int	ttl;
-	int	routerlt;	
+	int	mflag;		/* flag: managed address configuration */
+	int	oflag;		/* flag: other stateful configuration */
+	int 	maxraint;	/* max. router adv interval (ms) */
+	int	minraint;	/* min. router adv interval (ms) */
+	int	linkmtu;	/* mtu options */
+	int	reachtime;	/* reachable time */
+	int	rxmitra;	/* retransmit interval */
+	int	ttl;		/* cur hop count limit */
+	int	routerlt;	/* router lifetime */
 };
 
 struct Hostparams {
@@ -231,22 +302,18 @@
 struct Ipifc
 {
 	RWlock;
-	
+
 	Conv	*conv;		/* link to its conversation structure */
 	char	dev[64];	/* device we're attached to */
 	Medium	*m;		/* Media pointer */
 	int	maxtu;		/* Maximum transfer unit */
 	int	mintu;		/* Minumum tranfer unit */
-	int	mbps;		/* megabits per second */
 	void	*arg;		/* medium specific */
-	int	reassemble;	/* reassemble IP packets before forwarding */
 
-	/* these are used so that we can unbind on the fly */
-	Lock	idlock;
+	uchar	reflect;	/* allow forwarded packets to go out the same interface */
+	uchar	reassemble;	/* reassemble IP packets before forwarding to this interface */
+	
 	uchar	ifcid;		/* incremented each 'bind/unbind/add/remove' */
-	int	ref;		/* number of proc's using this ipifc */
-	Rendez	wait;		/* where unbinder waits for ref == 0 */
-	int	unbinding;
 
 	uchar	mac[MAClen];	/* MAC address */
 
@@ -255,10 +322,16 @@
 	ulong	in, out;	/* message statistics */
 	ulong	inerr, outerr;	/* ... */
 
-	uchar	sendra6;	/* == 1 => send router advs on this ifc	*/
-	uchar	recvra6;	/* == 1 => recv router advs on this ifc */
-	Routerparams rp;	/* router parameters as in RFC 2461, pp.40--43. 
+	uchar	sendra6;	/* flag: send router advs on this ifc */
+	uchar	recvra6;	/* flag: recv router advs on this ifc */
+	Routerparams rp;	/* router parameters as in RFC 2461, pp.40—43.
 					used only if node is router */
+
+	int	speed;		/* link speed in bits per second */
+	int	delay;		/* burst delay in ms */
+	int	burst;		/* burst delay in bytes */
+	int	load;		/* bytes in flight */
+	ulong	ticks;
 };
 
 /*
@@ -330,20 +403,11 @@
 	int		nc;		/* number of conversations */
 	int		ac;
 	Qid		qid;		/* qid for protocol directory */
-	ushort		nextport;
 	ushort		nextrport;
 
 	void		*priv;
 };
 
-/*
- *  Stream for sending packets to user level
- */
-struct IProuter {
-	QLock;
-	int	opens;
-	Queue	*q;
-};
 
 /*
  *  one per IP protocol stack
@@ -362,38 +426,23 @@
 	IP	*ip;
 	Ipselftab	*self;
 	Arp	*arp;
-	V6params	*v6p;
-	IProuter iprouter;
+	v6params	*v6p;
 
 	Route	*v4root[1<<Lroot];	/* v4 routing forest */
 	Route	*v6root[1<<Lroot];	/* v6 routing forest */
 	Route	*queue;			/* used as temp when reinjecting routes */
 
 	Netlog	*alog;
-	Ifclog	*ilog;
 
 	char	ndb[1024];		/* an ndb entry for this interface */
 	int	ndbvers;
 	long	ndbmtime;
 };
 
-/* one per default router known to host */
-struct V6router {
-	uchar	inuse;
-	Ipifc	*ifc;
-	int	ifcid;
-	uchar	routeraddr[IPaddrlen];
-	long	ltorigin;
-	Routerparams	rp;
-};
-
-struct V6params
+struct v6params
 {
 	Routerparams	rp;		/* v6 params, one copy per node now */
 	Hostparams	hp;
-	V6router	v6rlist[3];	/* max 3 default routers, currently */
-	int		cdrouter;	/* uses only v6rlist[cdrouter] if   */ 
-					/* cdrouter >= 0. */
 };
 
 
@@ -410,8 +459,7 @@
 char*	Fsstdbind(Conv*, char**, int);
 ulong	scalednconv(void);
 void	closeconv(Conv*);
-
-/* 
+/*
  *  logging
  */
 enum
@@ -434,7 +482,6 @@
 	Logrudpmsg=	1<<16,
 	Logesp=		1<<17,
 	Logtcpwin=	1<<18,
-	Lognat=		1<<19,
 };
 
 void	netloginit(Fs*);
@@ -449,17 +496,17 @@
 void	ifclogopen(Fs*, Chan*);
 void	ifclogclose(Fs*, Chan*);
 
+#pragma varargck argpos netlog	3
+
 /*
  *  iproute.c
  */
 typedef	struct RouteTree RouteTree;
-typedef struct Routewalk Routewalk;
 typedef struct V4route V4route;
 typedef struct V6route V6route;
 
 enum
 {
-
 	/* type bits */
 	Rv4=		(1<<0),		/* this is a version 4 route */
 	Rifc=		(1<<1),		/* this route is a directly connected interface */
@@ -468,27 +515,18 @@
 	Rbcast=		(1<<4),		/* a broadcast self address */
 	Rmulti=		(1<<5),		/* a multicast self address */
 	Rproxy=		(1<<6),		/* this route should be proxied */
-};
-
-struct Routewalk
-{
-	int	o;
-	int	h;
-	char*	p;
-	char*	e;
-	void*	state;
-	void	(*walk)(Route*, Routewalk*);
+	Rsrc=		(1<<7),		/* source specific route */
 };
 
 struct	RouteTree
 {
-	Route*	right;
-	Route*	left;
-	Route*	mid;
+	Route	*mid;
+	Route	*left;
+	Route	*right;
+	Ipifc	*ifc;
+	uchar	ifcid;		/* must match ifc->id */
 	uchar	depth;
 	uchar	type;
-	uchar	ifcid;		/* must match ifc->id */
-	Ipifc	*ifc;
 	char	tag[4];
 	int	ref;
 };
@@ -497,6 +535,10 @@
 {
 	ulong	address;
 	ulong	endaddress;
+
+	ulong	source;
+	ulong	endsource;
+
 	uchar	gate[IPv4addrlen];
 };
 
@@ -504,6 +546,10 @@
 {
 	ulong	address[IPllen];
 	ulong	endaddress[IPllen];
+
+	ulong	source[IPllen];
+	ulong	endsource[IPllen];
+
 	uchar	gate[IPaddrlen];
 };
 
@@ -516,17 +562,16 @@
 		V4route v4;
 	};
 };
-extern void	v4addroute(Fs *f, char *tag, uchar *a, uchar *mask, uchar *gate, int type);
-extern void	v6addroute(Fs *f, char *tag, uchar *a, uchar *mask, uchar *gate, int type);
-extern void	v4delroute(Fs *f, uchar *a, uchar *mask, int dolock);
-extern void	v6delroute(Fs *f, uchar *a, uchar *mask, int dolock);
-extern Route*	v4lookup(Fs *f, uchar *a, Conv *c);
-extern Route*	v6lookup(Fs *f, uchar *a, Conv *c);
+
+extern void	addroute(Fs *f, uchar *a, uchar *mask, uchar *s, uchar *smask, uchar *gate, int type, Ipifc *ifc, char *tag);
+extern void	remroute(Fs *f, uchar *a, uchar *mask, uchar *s, uchar *smask, uchar *gate, int type, Ipifc *ifc, char *tag);
+extern Route*	v4lookup(Fs *f, uchar *a, uchar *s, Routehint *h);
+extern Route*	v6lookup(Fs *f, uchar *a, uchar *s, Routehint *h);
+extern Route*	v4source(Fs *f, uchar *a, uchar *s);
+extern Route*	v6source(Fs *f, uchar *a, uchar *s);
 extern long	routeread(Fs *f, char*, ulong, int);
 extern long	routewrite(Fs *f, Chan*, char*, int);
-extern void	routetype(int, char*);
-extern void	ipwalkroutes(Fs*, Routewalk*);
-extern void	convroute(Route*, uchar*, uchar*, uchar*, char*, int*);
+extern void	routetype(int type, char p[8]);
 
 /*
  *  devip.c
@@ -543,7 +588,6 @@
 };
 
 extern IPaux*	newipaux(char*, char*);
-extern void	setlport(Conv*);
 
 /*
  *  arp.c
@@ -552,18 +596,16 @@
 {
 	uchar	ip[IPaddrlen];
 	uchar	mac[MAClen];
-	Medium	*type;			/* media type */
-	Arpent*	hash;
-	Block*	hold;
-	Block*	last;
-	uint	ctime;			/* time entry was created or refreshed */
-	uint	utime;			/* time entry was last used */
-	uchar	state;
+	Arpent	*hash;
 	Arpent	*nextrxt;		/* re-transmit chain */
-	uint	rtime;			/* time for next retransmission */
-	uchar	rxtsrem;
+	Block	*hold;
+	Block	*last;
 	Ipifc	*ifc;
 	uchar	ifcid;			/* must match ifc->id */
+	uchar	state;
+	uchar	rxtsrem;		/* re-tranmissions remaining */
+	ulong	ctime;			/* time entry was created or refreshed */
+	ulong	utime;			/* time entry was last used */
 };
 
 extern void	arpinit(Fs*);
@@ -572,15 +614,17 @@
 extern Arpent*	arpget(Arp*, Block *bp, int version, Ipifc *ifc, uchar *ip, uchar *h);
 extern void	arprelease(Arp*, Arpent *a);
 extern Block*	arpresolve(Arp*, Arpent *a, Medium *type, uchar *mac);
-extern void	arpenter(Fs*, int version, uchar *ip, uchar *mac, int len, int norefresh);
+extern int	arpenter(Fs*, int version, uchar *ip, uchar *mac, int n, uchar *ia, Ipifc *ifc, int refresh);
+extern void	ndpsendsol(Fs*, Ipifc*, Arpent*);
 
 /*
  * ipaux.c
  */
 
-extern int	myetheraddr(uchar*, char*);
-extern ulong	parseip(uchar*, char*);
-extern ulong	parseipmask(uchar*, char*);
+extern int	parseether(uchar*, char*);
+extern vlong	parseip(uchar*, char*);
+extern vlong	parseipmask(uchar*, char*, int);
+extern vlong	parseipandmask(uchar*, uchar*, char*, char*);
 extern char*	v4parseip(uchar*, char*);
 extern void	maskip(uchar *from, uchar *mask, uchar *to);
 extern int	parsemac(uchar *to, char *from, int len);
@@ -589,12 +633,10 @@
 extern void	v4tov6(uchar *v6, uchar *v4);
 extern int	v6tov4(uchar *v4, uchar *v6);
 extern int	eipfmt(Fmt*);
+extern int	convipvers(Conv *c);
 
 #define	ipmove(x, y) memmove(x, y, IPaddrlen)
 #define	ipcmp(x, y) ( (x)[IPaddrlen-1] != (y)[IPaddrlen-1] || memcmp(x, y, IPaddrlen) )
- 
-#define	ip4move(x, y) memmove(x, y, IPv4addrlen)
-#define	ip4cmp(x, y) ( (x)[IPv4addrlen-1] != (y)[IPv4addrlen-1] || memcmp(x, y, IPv4addrlen) )
 
 extern uchar IPv4bcast[IPaddrlen];
 extern uchar IPv4bcastobs[IPaddrlen];
@@ -612,77 +654,56 @@
 extern Medium	ethermedium;
 extern Medium	nullmedium;
 extern Medium	pktmedium;
-extern Medium	tripmedium;
 
 /*
  *  ipifc.c
  */
 extern Medium*	ipfindmedium(char *name);
 extern void	addipmedium(Medium *med);
+extern void	ipifcoput(Ipifc *ifc, Block *bp, int version, uchar *ip);
 extern int	ipforme(Fs*, uchar *addr);
-extern int	iptentative(Fs*, uchar *addr);
-extern int	ipisbm(uchar *);
-extern int	ipismulticast(uchar *);
-extern Ipifc*	findipifc(Fs*, uchar *remote, int type);
-extern void	findprimaryip(Fs*, uchar*);
+extern int	ipismulticast(uchar *ip);
+extern Ipifc*	findipifc(Fs*, uchar *local, uchar *remote, int type);
+extern Ipifc*	findipifcstr(Fs *f, char *s);
 extern void	findlocalip(Fs*, uchar *local, uchar *remote);
-extern int	ipv4local(Ipifc *ifc, uchar *addr);
-extern int	ipv6local(Ipifc *ifc, uchar *addr);
-extern int	ipv6anylocal(Ipifc *ifc, uchar *addr);
+extern int	ipv4local(Ipifc *ifc, uchar *local, int prefixlen, uchar *remote);
+extern int	ipv6local(Ipifc *ifc, uchar *local, int prefixlen, uchar *remote);
 extern Iplifc*	iplocalonifc(Ipifc *ifc, uchar *ip);
+extern Iplifc*	ipremoteonifc(Ipifc *ifc, uchar *ip);
 extern int	ipproxyifc(Fs *f, Ipifc *ifc, uchar *ip);
-extern int	ipismulticast(uchar *ip);
-extern int	ipisbooting(void);
-extern int	ipifccheckin(Ipifc *ifc, Medium *med);
-extern void	ipifccheckout(Ipifc *ifc);
-extern int	ipifcgrab(Ipifc *ifc);
-extern void	ipifcaddroute(Fs*, int, uchar*, uchar*, uchar*, int);
-extern void	ipifcremroute(Fs*, int, uchar*, uchar*);
 extern void	ipifcremmulti(Conv *c, uchar *ma, uchar *ia);
 extern void	ipifcaddmulti(Conv *c, uchar *ma, uchar *ia);
 extern char*	ipifcrem(Ipifc *ifc, char **argv, int argc);
 extern char*	ipifcadd(Ipifc *ifc, char **argv, int argc, int tentative, Iplifc *lifcp);
 extern long	ipselftabread(Fs*, char *a, ulong offset, int n);
-extern char*	ipifcaddpref6(Ipifc *ifc, char**argv, int argc);
-extern void	ipsendra6(Fs *f, int on);
-
+extern char*	ipifcadd6(Ipifc *ifc, char**argv, int argc);
+extern char*	ipifcremove6(Ipifc *ifc, char**argv, int argc);
 /*
  *  ip.c
  */
 extern void	iprouting(Fs*, int);
 extern void	icmpnoconv(Fs*, Block*);
 extern void	icmpcantfrag(Fs*, Block*, int);
-extern void	icmpttlexceeded(Fs*, uchar*, Block*);
+extern void	icmpttlexceeded(Fs*, Ipifc*, Block*);
 extern ushort	ipcsum(uchar*);
 extern void	ipiput4(Fs*, Ipifc*, Block*);
 extern void	ipiput6(Fs*, Ipifc*, Block*);
-extern int	ipoput4(Fs*, Block*, int, int, int, Conv*);
-extern int	ipoput6(Fs*, Block*, int, int, int, Conv*);
+extern int	ipoput4(Fs*, Block*, int, int, int, Routehint*);
+extern int	ipoput6(Fs*, Block*, int, int, int, Routehint*);
 extern int	ipstats(Fs*, char*, int);
 extern ushort	ptclbsum(uchar*, int);
 extern ushort	ptclcsum(Block*, int, int);
 extern void	ip_init(Fs*);
-extern void	update_mtucache(uchar*, ulong);
-extern ulong	restrict_mtu(uchar*, ulong);
+extern void	ip_init_6(Fs*);
 
 /*
  * bootp.c
  */
-char*	(*bootp)(Ipifc*);
-int	(*bootpread)(char*, ulong, int);
-
-/*
- *  iprouter.c
- */
-void	useriprouter(Fs*, Ipifc*, Block*);
-void	iprouteropen(Fs*);
-void	iprouterclose(Fs*);
-long	iprouterread(Fs*, void*, int);
+extern int	bootpread(char*, ulong, int);
 
 /*
  *  resolving inferno/plan9 differences
  */
-Chan*		commonfdtochan(int, int, int, int);
 char*		commonuser(void);
 char*		commonerror(void);
 
@@ -695,15 +716,3 @@
  *  global to all of the stack
  */
 extern void	(*igmpreportfn)(Ipifc*, uchar*);
-
-/*
- * nat.c
- */
-extern int	nato(Block*, Ipifc*, Fs*);
-extern void	nati(Block*, Ipifc*);
-extern int	natgc(uchar);
-
-extern int	addnataddr(uchar*, uchar*, Iplifc*);
-extern int	removenataddr(uchar*, uchar*, Iplifc*);
-extern void	shownataddr(void);
-extern void flushnataddr(void);
--- a/os/ip/ipaux.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/ipaux.c	Sat Aug 21 01:39:52 2021
@@ -5,48 +5,7 @@
 #include	"fns.h"
 #include	"../port/error.h"
 #include	"ip.h"
-#include  "ipv6.h"
-
-/*
- *  well known IP addresses
- */
-uchar IPv4bcast[IPaddrlen] = {
-	0, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0xff, 0xff,
-	0xff, 0xff, 0xff, 0xff
-};
-uchar IPv4allsys[IPaddrlen] = {
-	0, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0xff, 0xff,
-	0xe0, 0, 0, 0x01
-};
-uchar IPv4allrouter[IPaddrlen] = {
-	0, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0xff, 0xff,
-	0xe0, 0, 0, 0x02
-};
-uchar IPallbits[IPaddrlen] = {
-	0xff, 0xff, 0xff, 0xff,
-	0xff, 0xff, 0xff, 0xff,
-	0xff, 0xff, 0xff, 0xff,
-	0xff, 0xff, 0xff, 0xff
-};
-
-uchar IPnoaddr[IPaddrlen];
-
-/*
- *  prefix of all v4 addresses
- */
-uchar v4prefix[IPaddrlen] = {
-	0, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0xff, 0xff,
-	0, 0, 0, 0
-};
-
+#include	"ipv6.h"
 
 char *v6hdrtypes[Maxhdrtype] =
 {
@@ -54,7 +13,7 @@
 	[ICMP]		"ICMP",
 	[IGMP]		"IGMP",
 	[GGP]		"GGP",
-	[IPINIP]		"IP",
+	[IPINIP]	"IP",
 	[ST]		"ST",
 	[TCP]		"TCP",
 	[UDP]		"UDP",
@@ -87,6 +46,7 @@
 	0, 0, 0, 0,
 	0, 0, 0, 0x01
 };
+
 uchar v6linklocal[IPaddrlen] = {
 	0xfe, 0x80, 0, 0,
 	0, 0, 0, 0,
@@ -99,26 +59,8 @@
 	0, 0, 0, 0,
 	0, 0, 0, 0
 };
-int v6llpreflen = 8;	// link-local prefix length
-uchar v6sitelocal[IPaddrlen] = {
-	0xfe, 0xc0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0, 0
-};
-uchar v6sitelocalmask[IPaddrlen] = {
-	0xff, 0xff, 0xff, 0xff,
-	0xff, 0xff, 0xff, 0xff,
-	0, 0, 0, 0,
-	0, 0, 0, 0
-};
-int v6slpreflen = 6;	// site-local prefix length
-uchar v6glunicast[IPaddrlen] = {
-	0x08, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0, 0
-};
+int v6llpreflen = 8;	/* link-local prefix length in bytes */
+
 uchar v6multicast[IPaddrlen] = {
 	0xff, 0, 0, 0,
 	0, 0, 0, 0,
@@ -131,51 +73,48 @@
 	0, 0, 0, 0,
 	0, 0, 0, 0
 };
-int v6mcpreflen = 1;	// multicast prefix length
+int v6mcpreflen = 1;	/* multicast prefix length */
+
 uchar v6allnodesN[IPaddrlen] = {
 	0xff, 0x01, 0, 0,
 	0, 0, 0, 0,
 	0, 0, 0, 0,
 	0, 0, 0, 0x01
 };
+uchar v6allroutersN[IPaddrlen] = {
+	0xff, 0x01, 0, 0,
+	0, 0, 0, 0,
+	0, 0, 0, 0,
+	0, 0, 0, 0x02
+};
 uchar v6allnodesNmask[IPaddrlen] = {
 	0xff, 0xff, 0, 0,
 	0, 0, 0, 0,
 	0, 0, 0, 0,
 	0, 0, 0, 0
 };
-int v6aNpreflen = 2;	// all nodes (N) prefix
+int v6aNpreflen = 2;	/* all nodes (N) prefix */
+
 uchar v6allnodesL[IPaddrlen] = {
 	0xff, 0x02, 0, 0,
 	0, 0, 0, 0,
 	0, 0, 0, 0,
 	0, 0, 0, 0x01
 };
-uchar v6allnodesLmask[IPaddrlen] = {
-	0xff, 0xff, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0, 0
-};
-int v6aLpreflen = 2;	// all nodes (L) prefix
-uchar v6allroutersN[IPaddrlen] = {
-	0xff, 0x01, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0, 0x02
-};
 uchar v6allroutersL[IPaddrlen] = {
 	0xff, 0x02, 0, 0,
 	0, 0, 0, 0,
 	0, 0, 0, 0,
 	0, 0, 0, 0x02
 };
-uchar v6allroutersS[IPaddrlen] = {
-	0xff, 0x05, 0, 0,
+uchar v6allnodesLmask[IPaddrlen] = {
+	0xff, 0xff, 0, 0,
 	0, 0, 0, 0,
 	0, 0, 0, 0,
-	0, 0, 0, 0x02
+	0, 0, 0, 0
 };
+int v6aLpreflen = 2;	/* all nodes (L) prefix */
+
 uchar v6solicitednode[IPaddrlen] = {
 	0xff, 0x02, 0, 0,
 	0, 0, 0, 0,
@@ -190,9 +129,6 @@
 };
 int v6snpreflen = 13;
 
-
-
-
 ushort
 ptclcsum(Block *bp, int offset, int len)
 {
@@ -215,7 +151,7 @@
 	if(bp->next == nil) {
 		if(blocklen < len)
 			len = blocklen;
-		return ~ptclbsum(addr, len) & 0xffff;
+		return ptclbsum(addr, len) ^ 0xffff;
 	}
 
 	losum = 0;
@@ -247,7 +183,7 @@
 	while((csum = losum>>16) != 0)
 		losum = csum + (losum & 0xffff);
 
-	return ~losum & 0xffff;
+	return losum ^ 0xffff;
 }
 
 enum
@@ -255,305 +191,8 @@
 	Isprefix= 16,
 };
 
-static uchar prefixvals[256] =
-{
-[0x00] 0 | Isprefix,
-[0x80] 1 | Isprefix,
-[0xC0] 2 | Isprefix,
-[0xE0] 3 | Isprefix,
-[0xF0] 4 | Isprefix,
-[0xF8] 5 | Isprefix,
-[0xFC] 6 | Isprefix,
-[0xFE] 7 | Isprefix,
-[0xFF] 8 | Isprefix,
-};
-
-int
-eipfmt(Fmt *f)
-{
-	char buf[5*8];
-	static char *efmt = "%.2lux%.2lux%.2lux%.2lux%.2lux%.2lux";
-	static char *ifmt = "%d.%d.%d.%d";
-	uchar *p, ip[16];
-	ulong *lp;
-	ushort s;
-	int i, j, n, eln, eli;
-
-	switch(f->r) {
-	case 'E':		/* Ethernet address */
-		p = va_arg(f->args, uchar*);
-		return fmtprint(f, efmt, p[0], p[1], p[2], p[3], p[4], p[5]);
-
-	case 'I':		/* Ip address */
-		p = va_arg(f->args, uchar*);
-common:
-		if(memcmp(p, v4prefix, 12) == 0)
-			return fmtprint(f, ifmt, p[12], p[13], p[14], p[15]);
-
-		/* find longest elision */
-		eln = eli = -1;
-		for(i = 0; i < 16; i += 2){
-			for(j = i; j < 16; j += 2)
-				if(p[j] != 0 || p[j+1] != 0)
-					break;
-			if(j > i && j - i > eln){
-				eli = i;
-				eln = j - i;
-			}
-		}
-
-		/* print with possible elision */
-		n = 0;
-		for(i = 0; i < 16; i += 2){
-			if(i == eli){
-				n += sprint(buf+n, "::");
-				i += eln;
-				if(i >= 16)
-					break;
-			} else if(i != 0)
-				n += sprint(buf+n, ":");
-			s = (p[i]<<8) + p[i+1];
-			n += sprint(buf+n, "%ux", s);
-		}
-		return fmtstrcpy(f, buf);
-
-	case 'i':		/* v6 address as 4 longs */
-		lp = va_arg(f->args, ulong*);
-		for(i = 0; i < 4; i++)
-			hnputl(ip+4*i, *lp++);
-		p = ip;
-		goto common;
-
-	case 'V':		/* v4 ip address */
-		p = va_arg(f->args, uchar*);
-		return fmtprint(f, ifmt, p[0], p[1], p[2], p[3]);
-
-	case 'M':		/* ip mask */
-		p = va_arg(f->args, uchar*);
-
-		/* look for a prefix mask */
-		for(i = 0; i < 16; i++)
-			if(p[i] != 0xff)
-				break;
-		if(i < 16){
-			if((prefixvals[p[i]] & Isprefix) == 0)
-				goto common;
-			for(j = i+1; j < 16; j++)
-				if(p[j] != 0)
-					goto common;
-			n = 8*i + (prefixvals[p[i]] & ~Isprefix);
-		} else
-			n = 8*16;
-
-		/* got one, use /xx format */
-		return fmtprint(f, "/%d", n);
-	}
-	return fmtstrcpy(f, "(eipfmt)");
-}
-
 #define CLASS(p) ((*(uchar*)(p))>>6)
 
-extern char*
-v4parseip(uchar *to, char *from)
-{
-	int i;
-	char *p;
-
-	p = from;
-	for(i = 0; i < 4 && *p; i++){
-		to[i] = strtoul(p, &p, 0);
-		if(*p == '.')
-			p++;
-	}
-	switch(CLASS(to)){
-	case 0:	/* class A - 1 uchar net */
-	case 1:
-		if(i == 3){
-			to[3] = to[2];
-			to[2] = to[1];
-			to[1] = 0;
-		} else if(i == 2){
-			to[3] = to[1];
-			to[1] = 0;
-		}
-		break;
-	case 2:	/* class B - 2 uchar net */
-		if(i == 3){
-			to[3] = to[2];
-			to[2] = 0;
-		}
-		break;
-	}
-	return p;
-}
-
-int
-isv4(uchar *ip)
-{
-	return memcmp(ip, v4prefix, IPv4off) == 0;
-}
-
-
-/*
- *  the following routines are unrolled with no memset's to speed
- *  up the usual case
- */
-void
-v4tov6(uchar *v6, uchar *v4)
-{
-	v6[0] = 0;
-	v6[1] = 0;
-	v6[2] = 0;
-	v6[3] = 0;
-	v6[4] = 0;
-	v6[5] = 0;
-	v6[6] = 0;
-	v6[7] = 0;
-	v6[8] = 0;
-	v6[9] = 0;
-	v6[10] = 0xff;
-	v6[11] = 0xff;
-	v6[12] = v4[0];
-	v6[13] = v4[1];
-	v6[14] = v4[2];
-	v6[15] = v4[3];
-}
-
-int
-v6tov4(uchar *v4, uchar *v6)
-{
-	if(v6[0] == 0
-	&& v6[1] == 0
-	&& v6[2] == 0
-	&& v6[3] == 0
-	&& v6[4] == 0
-	&& v6[5] == 0
-	&& v6[6] == 0
-	&& v6[7] == 0
-	&& v6[8] == 0
-	&& v6[9] == 0
-	&& v6[10] == 0xff
-	&& v6[11] == 0xff)
-	{
-		v4[0] = v6[12];
-		v4[1] = v6[13];
-		v4[2] = v6[14];
-		v4[3] = v6[15];
-		return 0;
-	} else {
-		memset(v4, 0, 4);
-		return -1;
-	}
-}
-
-ulong
-parseip(uchar *to, char *from)
-{
-	int i, elipsis = 0, v4 = 1;
-	ulong x;
-	char *p, *op;
-
-	memset(to, 0, IPaddrlen);
-	p = from;
-	for(i = 0; i < 16 && *p; i+=2){
-		op = p;
-		x = strtoul(p, &p, 16);
-		if(*p == '.' || (*p == 0 && i == 0)){
-			p = v4parseip(to+i, op);
-			i += 4;
-			break;
-		} else {
-			to[i] = x>>8;
-			to[i+1] = x;
-		}
-		if(*p == ':'){
-			v4 = 0;
-			if(*++p == ':'){
-				elipsis = i+2;
-				p++;
-			}
-		}
-	}
-	if(i < 16){
-		memmove(&to[elipsis+16-i], &to[elipsis], i-elipsis);
-		memset(&to[elipsis], 0, 16-i);
-	}
-	if(v4){
-		to[10] = to[11] = 0xff;
-		return nhgetl(to+12);
-	} else
-		return 6;
-}
-
-/*
- *  hack to allow ip v4 masks to be entered in the old
- *  style
- */
-ulong
-parseipmask(uchar *to, char *from)
-{
-	ulong x;
-	int i;
-	uchar *p;
-
-	if(*from == '/'){
-		/* as a number of prefix bits */
-		i = atoi(from+1);
-		if(i < 0)
-			i = 0;
-		if(i > 128)
-			i = 128;
-		memset(to, 0, IPaddrlen);
-		for(p = to; i >= 8; i -= 8)
-			*p++ = 0xff;
-		if(i > 0)
-			*p = ~((1<<(8-i))-1);
-		x = nhgetl(to+IPv4off);
-	} else {
-		/* as a straight bit mask */
-		x = parseip(to, from);
-		if(memcmp(to, v4prefix, IPv4off) == 0)
-			memset(to, 0xff, IPv4off);
-	}
-	return x;
-}
-
-void
-maskip(uchar *from, uchar *mask, uchar *to)
-{
-	int i;
-
-	for(i = 0; i < IPaddrlen; i++)
-		to[i] = from[i] & mask[i];
-}
-
-uchar classmask[4][16] = {
-	0xff,0xff,0xff,0xff,  0xff,0xff,0xff,0xff,  0xff,0xff,0xff,0xff,  0xff,0x00,0x00,0x00,
-	0xff,0xff,0xff,0xff,  0xff,0xff,0xff,0xff,  0xff,0xff,0xff,0xff,  0xff,0x00,0x00,0x00,
-	0xff,0xff,0xff,0xff,  0xff,0xff,0xff,0xff,  0xff,0xff,0xff,0xff,  0xff,0xff,0x00,0x00,
-	0xff,0xff,0xff,0xff,  0xff,0xff,0xff,0xff,  0xff,0xff,0xff,0xff,  0xff,0xff,0xff,0x00,
-};
-
-uchar*
-defmask(uchar *ip)
-{
-	if(isv4(ip))
-		return classmask[ip[IPv4off]>>6];
-	else {
-		if(ipcmp(ip, v6loopback) == 0)
-			return IPallbits;
-		else if(memcmp(ip, v6linklocal, v6llpreflen) == 0)
-			return v6linklocalmask;
-		else if(memcmp(ip, v6sitelocal, v6slpreflen) == 0)
-			return v6sitelocalmask;
-		else if(memcmp(ip, v6solicitednode, v6snpreflen) == 0)
-			return v6solicitednodemask;
-		else if(memcmp(ip, v6multicast, v6mcpreflen) == 0)
-			return v6multicastmask;
-		return IPallbits;
-	}
-}
-
 void
 ipv62smcast(uchar *smcast, uchar *a)
 {
@@ -599,7 +238,7 @@
 ulong
 iphash(uchar *sa, ushort sp, uchar *da, ushort dp)
 {
-	return ((sa[IPaddrlen-1]<<24) ^ (sp << 16) ^ (da[IPaddrlen-1]<<8) ^ dp ) % Nhash;
+	return ((sa[IPaddrlen-1]<<24) ^ (sp << 16) ^ (da[IPaddrlen-1]<<8) ^ dp ) % Nipht;
 }
 
 void
@@ -678,7 +317,7 @@
 			return c;
 		}
 	}
-	
+
 	/* match local address and port */
 	hv = iphash(IPnoaddr, 0, da, dp);
 	for(h = ht->tab[hv]; h != nil; h = h->next){
@@ -690,7 +329,7 @@
 			return c;
 		}
 	}
-	
+
 	/* match just port */
 	hv = iphash(IPnoaddr, 0, IPnoaddr, dp);
 	for(h = ht->tab[hv]; h != nil; h = h->next){
@@ -702,7 +341,7 @@
 			return c;
 		}
 	}
-	
+
 	/* match local address */
 	hv = iphash(IPnoaddr, 0, da, 0);
 	for(h = ht->tab[hv]; h != nil; h = h->next){
@@ -714,7 +353,7 @@
 			return c;
 		}
 	}
-	
+
 	/* look for something that matches anything */
 	hv = iphash(IPnoaddr, 0, IPnoaddr, 0);
 	for(h = ht->tab[hv]; h != nil; h = h->next){
@@ -726,4 +365,13 @@
 	}
 	unlock(ht);
 	return nil;
+}
+
+int
+convipvers(Conv *c)
+{
+	if(isv4(c->raddr) && isv4(c->laddr) || ipcmp(c->raddr, IPnoaddr) == 0)
+		return V4;
+	else
+		return V6;
 }
--- a/os/ip/ipifc.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/ipifc.c	Sat Aug 21 01:39:52 2021
@@ -11,17 +11,14 @@
 #define DPRINT if(0)print
 
 enum {
-	Maxmedia = 32,
-	Nself = Maxmedia*5,
-	NHASH = (1<<6),
-	NCACHE = 256,
-	QMAX = 64*1024-1,
+	Maxmedia	= 32,
+	Nself		= Maxmedia*5,
+	NHASH		= 1<<6,
+	NCACHE		= 256,
+	QMAX		= 192*1024-1,
 };
 
-Medium *media[Maxmedia] =
-{
-	0
-};
+Medium *media[Maxmedia] = { 0 };
 
 /*
  *  cache of local addresses (addresses we answer to)
@@ -29,12 +26,10 @@
 struct Ipself
 {
 	uchar	a[IPaddrlen];
-	Ipself	*hnext;		/* next address in the hash table */
+	Ipself	*next;		/* next address in the hash table */
 	Iplink	*link;		/* binding twixt Ipself and Ipifc */
 	ulong	expire;
 	uchar	type;		/* type of address */
-	int	ref;
-	Ipself	*next;		/* free list */
 };
 
 struct Ipselftab
@@ -64,10 +59,46 @@
 
 static void	addselfcache(Fs *f, Ipifc *ifc, Iplifc *lifc, uchar *a, int type);
 static void	remselfcache(Fs *f, Ipifc *ifc, Iplifc *lifc, uchar *a);
-static char*	ipifcjoinmulti(Ipifc *ifc, char **argv, int argc);
-static char*	ipifcleavemulti(Ipifc *ifc, char **argv, int argc);
-static void	ipifcregisterproxy(Fs*, Ipifc*, uchar*);
-static char*	ipifcremlifc(Ipifc*, Iplifc*);
+static void	ipifcregisteraddr(Fs*, Ipifc*, Iplifc*, uchar*);
+static void	ipifcregisterproxy(Fs*, Ipifc*, uchar*, int);
+static char*	ipifcremlifc(Ipifc*, Iplifc**);
+
+static char Ebound[] = "interface already bound";
+static char Eunbound[] = "interface not bound";
+
+enum {
+	unknownv6,		/* UGH */
+	unspecifiedv6,
+	linklocalv6,
+	globalv6,
+};
+
+static int
+v6addrtype(uchar *addr)
+{
+	if(isv4(addr) || ipcmp(addr, IPnoaddr) == 0)
+		return unknownv6;
+	else if(islinklocal(addr) || ipcmp(addr, v6loopback) == 0 ||
+	    isv6mcast(addr) && (addr[1] & 0xF) <= Link_local_scop)
+		return linklocalv6;
+	else
+		return globalv6;
+}
+
+static int
+comprefixlen(uchar *a, uchar *b, int n)
+{
+	int i, c;
+
+	for(i = 0; i < n; i++){
+		if((c = a[i] ^ b[i]) == 0)
+			continue;
+		for(i <<= 3; (c & 0x80) == 0; i++)
+			c <<= 1;
+		return i;
+	}
+	return i << 3;
+}
 
 /*
  *  link in a new medium
@@ -121,7 +152,7 @@
 	wlock(ifc);
 	if(ifc->m != nil){
 		wunlock(ifc);
-		return "interface already bound";	
+		return Ebound;
 	}
 	if(waserror()){
 		wunlock(ifc);
@@ -142,17 +173,13 @@
 	ifc->m = m;
 	ifc->mintu = ifc->m->mintu;
 	ifc->maxtu = ifc->m->maxtu;
+	ifc->delay = 40;
+	ifc->speed = 0;
 	if(ifc->m->unbindonclose == 0)
 		ifc->conv->inuse++;
-	ifc->rp.mflag = 0;		// default not managed
-	ifc->rp.oflag = 0;
-	ifc->rp.maxraint = 600000;	// millisecs
-	ifc->rp.minraint = 200000;
-	ifc->rp.linkmtu = 0;		// no mtu sent
-	ifc->rp.reachtime = 0;
-	ifc->rp.rxmitra = 0;
-	ifc->rp.ttl = MAXTTL;
-	ifc->rp.routerlt = 3*(ifc->rp.maxraint);
+
+	/* default router paramters */
+	ifc->rp = c->p->f->v6p->rp;
 
 	/* any ancillary structures (like routes) no longer pertain */
 	ifc->ifcid++;
@@ -170,29 +197,44 @@
 
 /*
  *  detach a device from an interface, close the interface
- *  called with ifc->conv closed
  */
 static char*
 ipifcunbind(Ipifc *ifc)
 {
-	char *err;
+	Medium *m;
 
-	if(waserror()){
+	wlock(ifc);
+	m = ifc->m;
+	if(m == nil){
 		wunlock(ifc);
-		nexterror();
+		return Eunbound;
 	}
-	wlock(ifc);
 
-	/* dissociate routes */
-	if(ifc->m != nil && ifc->m->unbindonclose == 0)
-		ifc->conv->inuse--;
-	ifc->ifcid++;
+	/* disassociate logical interfaces (before zeroing ifc->arg) */
+	while(ifc->lifc != nil)
+		ipifcremlifc(ifc, &ifc->lifc);
 
 	/* disassociate device */
-	if(ifc->m != nil && ifc->m->unbind)
-		(*ifc->m->unbind)(ifc);
+	if(m->unbind != nil){
+		extern Medium nullmedium;
+
+		/*
+		 * unbind() might unlock the ifc, so change the medium
+		 * to the nullmedium to prevent packets from getting
+		 * sent while the medium is shutting down.
+		 */
+		ifc->m = &nullmedium;
+
+		if(!waserror()){
+			(*m->unbind)(ifc);
+			poperror();
+		}
+	}
+
 	memset(ifc->dev, 0, sizeof(ifc->dev));
 	ifc->arg = nil;
+
+	ifc->reflect = 0;
 	ifc->reassemble = 0;
 
 	/* close queues to stop queuing of packets */
@@ -200,26 +242,22 @@
 	qclose(ifc->conv->wq);
 	qclose(ifc->conv->sq);
 
-	/* disassociate logical interfaces */
-	while(ifc->lifc){
-		err = ipifcremlifc(ifc, ifc->lifc);
-		if(err)
-			error(err);
-	}
-
+	/* dissociate routes */
+	ifc->ifcid++;
+	if(m->unbindonclose == 0)
+		ifc->conv->inuse--;
 	ifc->m = nil;
 	wunlock(ifc);
-	poperror();
+
 	return nil;
 }
 
-
-
-char sfixedformat[] = "device %s maxtu %d sendra %d recvra %d mflag %d oflag %d maxraint %d minraint %d linkmtu %d reachtime %d rxmitra %d ttl %d routerlt %d pktin %lud pktout %lud errin %lud errout %lud\n";
+char sfixedformat[] = "device %s maxtu %d sendra %d recvra %d mflag %d oflag %d"
+" maxraint %d minraint %d linkmtu %d reachtime %d rxmitra %d ttl %d routerlt %d"
+" pktin %lud pktout %lud errin %lud errout %lud speed %d delay %d\n";
 
 char slineformat[] = "	%-40I %-10M %-40I %-12lud %-12lud\n";
 
-
 static int
 ipifcstate(Conv *c, char *state, int n)
 {
@@ -228,19 +266,18 @@
 	int m;
 
 	ifc = (Ipifc*)c->ptcl;
-
 	m = snprint(state, n, sfixedformat,
 		ifc->dev, ifc->maxtu, ifc->sendra6, ifc->recvra6,
 		ifc->rp.mflag, ifc->rp.oflag, ifc->rp.maxraint,
 		ifc->rp.minraint, ifc->rp.linkmtu, ifc->rp.reachtime,
 		ifc->rp.rxmitra, ifc->rp.ttl, ifc->rp.routerlt,
-		ifc->in, ifc->out, ifc->inerr, ifc->outerr);
+		ifc->in, ifc->out, ifc->inerr, ifc->outerr,
+		ifc->speed, ifc->delay);
 
 	rlock(ifc);
-	for(lifc = ifc->lifc; lifc && n > m; lifc = lifc->next)
-		m += snprint(state+m, n - m, slineformat,
-			lifc->local, lifc->mask, lifc->remote,
-			lifc->validlt, lifc->preflt);
+	for(lifc = ifc->lifc; lifc != nil && n > m; lifc = lifc->next)
+		m += snprint(state+m, n - m, slineformat, lifc->local,
+			lifc->mask, lifc->remote, lifc->validlt, lifc->preflt);
 	if(ifc->lifc == nil)
 		m += snprint(state+m, n - m, "\n");
 	runlock(ifc);
@@ -256,13 +293,11 @@
 	int m;
 
 	ifc = (Ipifc*)c->ptcl;
-
-	m = 0;
-
 	rlock(ifc);
-	for(lifc = ifc->lifc; lifc; lifc = lifc->next){
+	m = 0;
+	for(lifc = ifc->lifc; lifc != nil; lifc = lifc->next){
 		m += snprint(state+m, n - m, "%-40.40I ->", lifc->local);
-		for(link = lifc->link; link; link = link->lifclink)
+		for(link = lifc->link; link != nil; link = link->lifclink)
 			m += snprint(state+m, n - m, " %-40.40I", link->self->a);
 		m += snprint(state+m, n - m, "\n");
 	}
@@ -279,6 +314,59 @@
 	return ifc->m != nil;
 }
 
+static void
+ipifcadjustburst(Ipifc *ifc)
+{
+	int burst;
+
+	burst = ((vlong)ifc->delay * ifc->speed) / 8000;
+	if(burst < ifc->maxtu)
+		burst = ifc->maxtu;
+	ifc->burst = burst;
+}
+
+static void
+ipifcsetdelay(Ipifc *ifc, int delay)
+{
+	if(delay < 0)
+		delay = 0;
+	else if(delay > 1000)
+		delay = 1000;
+	ifc->delay = delay;
+	ipifcadjustburst(ifc);
+}
+
+static void
+ipifcsetspeed(Ipifc *ifc, int speed)
+{
+	if(speed < 0)
+		speed = 0;
+	ifc->speed = speed;
+	ifc->load = 0;
+	ipifcadjustburst(ifc);
+}
+
+void
+ipifcoput(Ipifc *ifc, Block *bp, int version, uchar *ip)
+{
+	if(ifc->speed){
+		ulong now = MACHP(0)->ticks;
+		int dt = TK2MS(now - ifc->ticks);
+		ifc->ticks = now;
+		ifc->load -= ((vlong)dt * ifc->speed) / 8000;
+		if(ifc->load < 0 || dt < 0 || dt > 1000)
+			ifc->load = 0;
+		else if(ifc->load > ifc->burst){
+			freeblist(bp);
+			return;
+		}
+	}
+	bp = concatblock(bp);
+	ifc->load += BLEN(bp);
+	ifc->m->bwrite(ifc, bp, version, ip);
+}
+
+
 /*
  *  called when a process writes to an interface's 'data'
  */
@@ -294,18 +382,15 @@
 		return;
 
 	ifc = (Ipifc*)c->ptcl;
-	if(!canrlock(ifc)){
-		freeb(bp);
-		return;
-	}
+	rlock(ifc);
 	if(waserror()){
 		runlock(ifc);
 		nexterror();
 	}
-	if(ifc->m == nil || ifc->m->pktin == nil)
-		freeb(bp);
-	else
+	if(ifc->m != nil && ifc->m->pktin != nil)
 		(*ifc->m->pktin)(c->p->f, ifc, bp);
+	else
+		freeb(bp);
 	runlock(ifc);
 	poperror();
 }
@@ -319,27 +404,26 @@
 	Ipifc *ifc;
 
 	c->rq = qopen(QMAX, 0, 0, 0);
-	c->sq = qopen(2*QMAX, 0, 0, 0);
 	c->wq = qopen(QMAX, Qkick, ipifckick, c);
+	c->sq = qopen(QMAX, 0, 0, 0);
+	if(c->rq == nil || c->wq == nil || c->sq == nil)
+		error(Enomem);
 	ifc = (Ipifc*)c->ptcl;
 	ifc->conv = c;
-	ifc->unbinding = 0;
 	ifc->m = nil;
+	ifc->reflect = 0;
 	ifc->reassemble = 0;
 }
 
 /*
  *  called after last close of ipifc data or ctl
- *  called with c locked, we must unlock
  */
 static void
 ipifcclose(Conv *c)
 {
-	Ipifc *ifc;
-	Medium *m;
+	Ipifc *ifc = (Ipifc*)c->ptcl;
+	Medium *m = ifc->m;
 
-	ifc = (Ipifc*)c->ptcl;
-	m = ifc->m;
 	if(m != nil && m->unbindonclose)
 		ipifcunbind(ifc);
 }
@@ -347,19 +431,17 @@
 /*
  *  change an interface's mtu
  */
-char*
-ipifcsetmtu(Ipifc *ifc, char **argv, int argc)
+static char*
+ipifcsetmtu(Ipifc *ifc, int mtu)
 {
-	int mtu;
+	Medium *m = ifc->m;
 
-	if(argc < 2)
-		return Ebadarg;
-	if(ifc->m == nil)
-		return Ebadarg;
-	mtu = strtoul(argv[1], 0, 0);
-	if(mtu < ifc->m->mintu || mtu > ifc->m->maxtu)
+	if(m == nil)
+		return Eunbound;
+	if(mtu < m->mintu || mtu > m->maxtu)
 		return Ebadarg;
 	ifc->maxtu = mtu;
+	ipifcadjustburst(ifc);
 	return nil;
 }
 
@@ -374,13 +456,8 @@
 	Iplifc *lifc, **l;
 	int i, type, mtu;
 	Fs *f;
-	int sendnbrdisc = 0;
-
-	if(ifc->m == nil)
-		return "ipifc not yet bound to device";
-
-	f = ifc->conv->p->f;
 
+	mtu = 0;
 	type = Rifc;
 	memset(ip, 0, IPaddrlen);
 	memset(mask, 0, IPaddrlen);
@@ -392,49 +469,76 @@
 		/* fall through */
 	case 5:
 		mtu = strtoul(argv[4], 0, 0);
-		if(mtu >= ifc->m->mintu && mtu <= ifc->m->maxtu)
-			ifc->maxtu = mtu;
 		/* fall through */
 	case 4:
-		parseip(ip, argv[1]);
-		parseipmask(mask, argv[2]);
-		parseip(rem, argv[3]);
+		if (parseipandmask(ip, mask, argv[1], argv[2]) == -1 || parseip(rem, argv[3]) == -1)
+			return Ebadip;
 		maskip(rem, mask, net);
 		break;
 	case 3:
-		parseip(ip, argv[1]);
-		parseipmask(mask, argv[2]);
+		if (parseipandmask(ip, mask, argv[1], argv[2]) == -1)
+			return Ebadip;
 		maskip(ip, mask, rem);
 		maskip(rem, mask, net);
 		break;
 	case 2:
-		parseip(ip, argv[1]);
+		if (parseip(ip, argv[1]) == -1)
+			return Ebadip;
 		memmove(mask, defmask(ip), IPaddrlen);
 		maskip(ip, mask, rem);
 		maskip(rem, mask, net);
 		break;
 	default:
 		return Ebadarg;
-		break;
 	}
-	if(isv4(ip))
+
+	/* check for point-to-point interface */
+	if(ipcmp(ip, v6loopback) != 0) /* skip v6 loopback, it's a special address */
+	if(ipcmp(mask, IPallbits) == 0)
+		type |= Rptpt;
+
+	if(isv4(ip) || ipcmp(ip, IPnoaddr) == 0){
+		type |= Rv4;
 		tentative = 0;
+	}
+
 	wlock(ifc);
+	if(ifc->m == nil){
+		wunlock(ifc);
+		return Eunbound;
+	}
+	f = ifc->conv->p->f;
+	if(waserror()){
+		wunlock(ifc);
+		return up->errstr;
+	}
+
+	if(mtu > 0)
+		ipifcsetmtu(ifc, mtu);
 
 	/* ignore if this is already a local address for this ifc */
-	for(lifc = ifc->lifc; lifc; lifc = lifc->next) {
-		if(ipcmp(lifc->local, ip) == 0) {
-			if(lifc->tentative != tentative)
-				lifc->tentative = tentative;
-			if(lifcp != nil) {
-				lifc->onlink = lifcp->onlink;
-				lifc->autoflag = lifcp->autoflag;
-				lifc->validlt = lifcp->validlt;
-				lifc->preflt = lifcp->preflt;
-				lifc->origint = lifcp->origint;
+	if((lifc = iplocalonifc(ifc, ip)) != nil){
+		if(lifcp != nil) {
+			if(!lifc->onlink && lifcp->onlink){
+				lifc->onlink = 1;
+				addroute(f, lifc->remote, lifc->mask, ip, IPallbits,
+					lifc->remote, lifc->type, ifc, tifc);
+				if(v6addrtype(ip) != linklocalv6)
+					addroute(f, lifc->remote, lifc->mask, ip, IPnoaddr,
+						lifc->remote, lifc->type, ifc, tifc);
 			}
-			goto out;
+			lifc->autoflag = lifcp->autoflag;
+			lifc->validlt = lifcp->validlt;
+			lifc->preflt = lifcp->preflt;
+			lifc->origint = lifcp->origint;
+		}
+		if(lifc->tentative != tentative){
+			lifc->tentative = tentative;
+			goto done;
 		}
+		wunlock(ifc);
+		poperror();
+		return nil;
 	}
 
 	/* add the address to the list of logical ifc's for this ifc */
@@ -443,6 +547,7 @@
 	ipmove(lifc->mask, mask);
 	ipmove(lifc->remote, rem);
 	ipmove(lifc->net, net);
+	lifc->type = type;
 	lifc->tentative = tentative;
 	if(lifcp != nil) {
 		lifc->onlink = lifcp->onlink;
@@ -450,39 +555,34 @@
 		lifc->validlt = lifcp->validlt;
 		lifc->preflt = lifcp->preflt;
 		lifc->origint = lifcp->origint;
-	}
-	else {		// default values
-		lifc->onlink = 1;
-		lifc->autoflag = 1;
-		lifc->validlt = 0xffffffff;
-		lifc->preflt = 0xffffffff;
-		lifc->origint = NOW / 10^3;
+	} else {		/* default values */
+		lifc->onlink = lifc->autoflag = 1;
+		lifc->validlt = lifc->preflt = ~0UL;
+		lifc->origint = NOW / 1000;
 	}
 	lifc->next = nil;
 
-	for(l = &ifc->lifc; *l; l = &(*l)->next)
+	for(l = &ifc->lifc; *l != nil; l = &(*l)->next)
 		;
 	*l = lifc;
 
-	/* check for point-to-point interface */
-	if(ipcmp(ip, v6loopback))  /* skip v6 loopback, it's a special address */
-	if(ipcmp(mask, IPallbits) == 0)
-		type |= Rptpt;
-
-	/* add local routes */
-	if(isv4(ip))
-		v4addroute(f, tifc, rem+IPv4off, mask+IPv4off, rem+IPv4off, type);
-	else
-		v6addroute(f, tifc, rem, mask, rem, type);
+	/* add route for this logical interface */
+	if(lifc->onlink){
+		addroute(f, rem, mask, ip, IPallbits, rem, type, ifc, tifc);
+		if(v6addrtype(ip) != linklocalv6)
+			addroute(f, rem, mask, ip, IPnoaddr, rem, type, ifc, tifc);
+	}
 
 	addselfcache(f, ifc, lifc, ip, Runi);
 
-	if((type & (Rproxy|Rptpt)) == (Rproxy|Rptpt)){
-		ipifcregisterproxy(f, ifc, rem);
-		goto out;
+	/* register proxy */
+	if(type & Rptpt){
+		if(type & Rproxy)
+			ipifcregisterproxy(f, ifc, rem, 1);
+		goto done;
 	}
 
-	if(isv4(ip) || ipcmp(ip, IPnoaddr) == 0) {
+	if(type & Rv4) {
 		/* add subnet directed broadcast address to the self cache */
 		for(i = 0; i < IPaddrlen; i++)
 			bcast[i] = (ip[i] & mask[i]) | ~mask[i];
@@ -504,171 +604,132 @@
 		for(i = 0; i < IPaddrlen; i++)
 			bcast[i] = (ip[i] & mask[i]) & mask[i];
 		addselfcache(f, ifc, lifc, bcast, Rbcast);
-		
+
 		addselfcache(f, ifc, lifc, IPv4bcast, Rbcast);
-	}
-	else {
+	} else {
 		if(ipcmp(ip, v6loopback) == 0) {
 			/* add node-local mcast address */
 			addselfcache(f, ifc, lifc, v6allnodesN, Rmulti);
 
 			/* add route for all node multicast */
-			v6addroute(f, tifc, v6allnodesN, v6allnodesNmask, v6allnodesN, Rmulti);
+			addroute(f, v6allnodesN, v6allnodesNmask,
+				ip, IPallbits,
+				v6allnodesN, Rmulti, ifc, tifc);
 		}
 
 		/* add all nodes multicast address */
 		addselfcache(f, ifc, lifc, v6allnodesL, Rmulti);
-		
+
 		/* add route for all nodes multicast */
-		v6addroute(f, tifc, v6allnodesL, v6allnodesLmask, v6allnodesL, Rmulti);
-		
+		addroute(f, v6allnodesL, v6allnodesLmask,
+			ip, IPallbits,
+			v6allnodesL, Rmulti, ifc, tifc);
+
 		/* add solicited-node multicast address */
 		ipv62smcast(bcast, ip);
 		addselfcache(f, ifc, lifc, bcast, Rmulti);
-
-		sendnbrdisc = 1;
 	}
 
-	/* register the address on this network for address resolution */
-	if(isv4(ip) && ifc->m->areg != nil)
-		(*ifc->m->areg)(ifc, ip);
-
-out:
+done:
 	wunlock(ifc);
-	if(tentative && sendnbrdisc)
-		icmpns(f, 0, SRC_UNSPEC, ip, TARG_MULTI, ifc->mac);
+	poperror();
+
+	rlock(ifc);
+	ipifcregisteraddr(f, ifc, lifc, ip);
+	runlock(ifc);
+
 	return nil;
 }
 
 /*
  *  remove a logical interface from an ifc
- *  always called with ifc wlock'd
+ *	called with ifc wlock'd
  */
 static char*
-ipifcremlifc(Ipifc *ifc, Iplifc *lifc)
+ipifcremlifc(Ipifc *ifc, Iplifc **l)
 {
-	Iplifc **l;
-	Fs *f;
+	Iplifc *lifc = *l;
+	Fs *f = ifc->conv->p->f;
 
-	f = ifc->conv->p->f;
-
-	/*
-	 *  find address on this interface and remove from chain.
-	 *  for pt to pt we actually specify the remote address as the
-	 *  addresss to remove.
-	 */
-	for(l = &ifc->lifc; *l != nil && *l != lifc; l = &(*l)->next)
-		;
-	if(*l == nil)
+	if(lifc == nil)
 		return "address not on this interface";
 	*l = lifc->next;
 
 	/* disassociate any addresses */
-	while(lifc->link)
+	while(lifc->link != nil)
 		remselfcache(f, ifc, lifc, lifc->link->self->a);
 
 	/* remove the route for this logical interface */
-	if(isv4(lifc->local))
-		v4delroute(f, lifc->remote+IPv4off, lifc->mask+IPv4off, 1);
-	else {
-		v6delroute(f, lifc->remote, lifc->mask, 1);
+	if(lifc->onlink){
+		remroute(f, lifc->remote, lifc->mask,
+			lifc->local, IPallbits,
+			lifc->remote, lifc->type, ifc, tifc);
+		if(v6addrtype(lifc->local) != linklocalv6)
+			remroute(f, lifc->remote, lifc->mask,
+				lifc->local, IPnoaddr,
+				lifc->remote, lifc->type, ifc, tifc);
+	}
+
+	/* unregister proxy */
+	if(lifc->type & Rptpt){
+		if(lifc->type & Rproxy)
+			ipifcregisterproxy(f, ifc, lifc->remote, 0);
+		goto done;
+	}
+
+	/* remove route for all nodes multicast */
+	if((lifc->type & Rv4) == 0){
 		if(ipcmp(lifc->local, v6loopback) == 0)
-			/* remove route for all node multicast */
-			v6delroute(f, v6allnodesN, v6allnodesNmask, 1);
-		else if(memcmp(lifc->local, v6linklocal, v6llpreflen) == 0)
-			/* remove route for all link multicast */
-			v6delroute(f, v6allnodesL, v6allnodesLmask, 1);
+			remroute(f, v6allnodesN, v6allnodesNmask,
+				lifc->local, IPallbits,
+				v6allnodesN, Rmulti, ifc, tifc);
+
+		remroute(f, v6allnodesL, v6allnodesLmask,
+			lifc->local, IPallbits,
+			v6allnodesL, Rmulti, ifc, tifc);
 	}
 
+done:
 	free(lifc);
 	return nil;
-
 }
 
 /*
  *  remove an address from an interface.
- *  called with c locked
  */
 char*
 ipifcrem(Ipifc *ifc, char **argv, int argc)
 {
-	uchar ip[IPaddrlen];
-	uchar mask[IPaddrlen];
-	uchar rem[IPaddrlen];
-	Iplifc *lifc;
-	char *rv;
+	uchar ip[IPaddrlen], mask[IPaddrlen], rem[IPaddrlen];
+	Iplifc *lifc, **l;
+	char *err;
 
 	if(argc < 3)
 		return Ebadarg;
-
-	parseip(ip, argv[1]);
-	parseipmask(mask, argv[2]);
+	if(parseipandmask(ip, mask, argv[1], argv[2]) == -1)
+		return Ebadip;
 	if(argc < 4)
 		maskip(ip, mask, rem);
-	else
-		parseip(rem, argv[3]);
-
-	wlock(ifc);
+	else if(parseip(rem, argv[3]) == -1)
+		return Ebadip;
 
 	/*
 	 *  find address on this interface and remove from chain.
 	 *  for pt to pt we actually specify the remote address as the
 	 *  addresss to remove.
 	 */
+	wlock(ifc);
+	l = &ifc->lifc;
 	for(lifc = ifc->lifc; lifc != nil; lifc = lifc->next) {
-		if (memcmp(ip, lifc->local, IPaddrlen) == 0
-		&& memcmp(mask, lifc->mask, IPaddrlen) == 0
-		&& memcmp(rem, lifc->remote, IPaddrlen) == 0)
+		if(ipcmp(ip, lifc->local) == 0
+		&& ipcmp(mask, lifc->mask) == 0
+		&& ipcmp(rem, lifc->remote) == 0)
 			break;
+		l = &lifc->next;
 	}
-
-	rv = ipifcremlifc(ifc, lifc);
+	err = ipifcremlifc(ifc, l);
 	wunlock(ifc);
-	return rv;
-}
-
-/*
- * distribute routes to active interfaces like the
- * TRIP linecards
- */
-void
-ipifcaddroute(Fs *f, int vers, uchar *addr, uchar *mask, uchar *gate, int type)
-{
-	Medium *m;
-	Conv **cp, **e;
-	Ipifc *ifc;
-
-	e = &f->ipifc->conv[f->ipifc->nc];
-	for(cp = f->ipifc->conv; cp < e; cp++){
-		if(*cp != nil) {
-			ifc = (Ipifc*)(*cp)->ptcl;
-			m = ifc->m;
-			if(m == nil)
-				continue;
-			if(m->addroute != nil)
-				m->addroute(ifc, vers, addr, mask, gate, type);
-		}
-	}
-}
-
-void
-ipifcremroute(Fs *f, int vers, uchar *addr, uchar *mask)
-{
-	Medium *m;
-	Conv **cp, **e;
-	Ipifc *ifc;
-
-	e = &f->ipifc->conv[f->ipifc->nc];
-	for(cp = f->ipifc->conv; cp < e; cp++){
-		if(*cp != nil) {
-			ifc = (Ipifc*)(*cp)->ptcl;
-			m = ifc->m;
-			if(m == nil)
-				continue;
-			if(m->remroute != nil)
-				m->remroute(ifc, vers, addr, mask);
-		}
-	}
+	return err;
 }
 
 /*
@@ -679,206 +740,127 @@
 static char*
 ipifcconnect(Conv* c, char **argv, int argc)
 {
+	Ipifc *ifc = (Ipifc*)c->ptcl;
 	char *err;
-	Ipifc *ifc;
-
-	ifc = (Ipifc*)c->ptcl;
-
-	if(ifc->m == nil)
-		 return "ipifc not yet bound to device";
 
-	if(waserror()){
-		wunlock(ifc);
-		nexterror();
-	}
 	wlock(ifc);
-	while(ifc->lifc){
-		err = ipifcremlifc(ifc, ifc->lifc);
-		if(err)
-			error(err);
-	}
+	while(ifc->lifc != nil)
+		ipifcremlifc(ifc, &ifc->lifc);
 	wunlock(ifc);
-	poperror();
 
 	err = ipifcadd(ifc, argv, argc, 0, nil);
-	if(err)
+	if(err != nil)
 		return err;
 
 	Fsconnected(c, nil);
-
 	return nil;
 }
 
 char*
-ipifcsetpar6(Ipifc *ifc, char **argv, int argc)
+ipifcra6(Ipifc *ifc, char **argv, int argc)
 {
-	int i, argsleft, vmax = ifc->rp.maxraint, vmin = ifc->rp.minraint;
+	int i, argsleft;
+	uchar sendra, recvra;
+	Routerparams rp;
 
-	argsleft = argc - 1;
 	i = 1;
-
-	if(argsleft % 2 != 0)
+	argsleft = argc - 1;
+	if((argsleft % 2) != 0)
 		return Ebadarg;
 
+	sendra = ifc->sendra6;
+	recvra = ifc->recvra6;
+	rp = ifc->rp;
+
 	while (argsleft > 1) {
-		if(strcmp(argv[i],"recvra")==0)
-			ifc->recvra6 = (atoi(argv[i+1]) != 0);
-		else if(strcmp(argv[i],"sendra")==0)
-			ifc->sendra6 = (atoi(argv[i+1]) != 0);
-		else if(strcmp(argv[i],"mflag")==0)
-			ifc->rp.mflag = (atoi(argv[i+1]) != 0);
-		else if(strcmp(argv[i],"oflag")==0)
-			ifc->rp.oflag = (atoi(argv[i+1]) != 0);
-		else if(strcmp(argv[i],"maxraint")==0)
-			ifc->rp.maxraint = atoi(argv[i+1]);
-		else if(strcmp(argv[i],"minraint")==0)
-			ifc->rp.minraint = atoi(argv[i+1]);
-		else if(strcmp(argv[i],"linkmtu")==0)
-			ifc->rp.linkmtu = atoi(argv[i+1]);
-		else if(strcmp(argv[i],"reachtime")==0)
-			ifc->rp.reachtime = atoi(argv[i+1]);
-		else if(strcmp(argv[i],"rxmitra")==0)
-			ifc->rp.rxmitra = atoi(argv[i+1]);
-		else if(strcmp(argv[i],"ttl")==0)
-			ifc->rp.ttl = atoi(argv[i+1]);
-		else if(strcmp(argv[i],"routerlt")==0)
-			ifc->rp.routerlt = atoi(argv[i+1]);
+		if(strcmp(argv[i], "recvra") == 0)
+			recvra = atoi(argv[i+1]) != 0;
+		else if(strcmp(argv[i], "sendra") == 0)
+			sendra = atoi(argv[i+1]) != 0;
+		else if(strcmp(argv[i], "mflag") == 0)
+			rp.mflag = atoi(argv[i+1]) != 0;
+		else if(strcmp(argv[i], "oflag") == 0)
+			rp.oflag = atoi(argv[i+1]) != 0;
+		else if(strcmp(argv[i], "maxraint") == 0)
+			rp.maxraint = atoi(argv[i+1]);
+		else if(strcmp(argv[i], "minraint") == 0)
+			rp.minraint = atoi(argv[i+1]);
+		else if(strcmp(argv[i], "linkmtu") == 0)
+			rp.linkmtu = atoi(argv[i+1]);
+		else if(strcmp(argv[i], "reachtime") == 0)
+			rp.reachtime = atoi(argv[i+1]);
+		else if(strcmp(argv[i], "rxmitra") == 0)
+			rp.rxmitra = atoi(argv[i+1]);
+		else if(strcmp(argv[i], "ttl") == 0)
+			rp.ttl = atoi(argv[i+1]);
+		else if(strcmp(argv[i], "routerlt") == 0)
+			rp.routerlt = atoi(argv[i+1]);
 		else
-			return Ebadarg;	
+			return Ebadarg;
 
 		argsleft -= 2;
 		i += 2;
 	}
 
-	// consistency check
-	if(ifc->rp.maxraint < ifc->rp.minraint) {
-		ifc->rp.maxraint = vmax;
-		ifc->rp.minraint = vmin;
-		return Ebadarg;
-	}
-
-	return nil;
-}
-
-char*
-ipifcsendra6(Ipifc *ifc, char **argv, int argc)
-{
-	int i;
-	
-	i = 0;
-	if(argc > 1)
-		i = atoi(argv[1]);
-	ifc->sendra6 = (i!=0);
-	return nil;
-}
-
-char*
-ipifcrecvra6(Ipifc *ifc, char **argv, int argc)
-{
-	int i;
-	
-	i = 0;
-	if(argc > 1)
-		i = atoi(argv[1]);
-	ifc->recvra6 = (i!=0);	
-	return nil;
-}
-
-char*
-ipifcnat(Ipifc *ifc, char **argv, int argc)
-{
-	uchar src[IPaddrlen], mask[IPaddrlen], dst[IPaddrlen];
-	Iplifc *lifc;
-
-	if(argc == 2){
-		if((strcmp(argv[1], "show") == 0)){
-			shownataddr();
-			return nil;
-		}else if((strcmp(argv[1], "flush") == 0)){
-			flushnataddr();
-			return nil;
-		}else
-			return Ebadarg;
-	}
-
-	if(argc != 5)
+	/* consistency check */
+	if(rp.maxraint < rp.minraint)
 		return Ebadarg;
 
-	if (parseip(src, argv[2]) == -1)
-		return Ebadip;
-
-	if (parseipmask(mask, argv[3]) == -1)
-		return Ebadip;
-
-	if (parseip(dst, argv[4]) == -1)
-		return Ebadip;
-
-	if((lifc=iplocalonifc(ifc, dst)) == nil)
-		return Ebadip;
-
-	if(strcmp(argv[1], "add") == 0){
-		if(addnataddr(src, mask, lifc) != 0)
-			return Ebadarg;
-	}else if(strcmp(argv[1], "remove") == 0){
-		if(removenataddr(src, mask, lifc) != 0)
-			return Ebadarg;
-	}else
-		return Ebadarg;
+	ifc->rp = rp;
+	ifc->sendra6 = sendra;
+	ifc->recvra6 = recvra;
 
 	return nil;
 }
 
 /*
  *  non-standard control messages.
- *  called with c locked.
  */
 static char*
-ipifcctl(Conv* c, char**argv, int argc)
+ipifcctl(Conv* c, char **argv, int argc)
 {
-	Ipifc *ifc;
-	int i;
+	Ipifc *ifc = (Ipifc*)c->ptcl;
 
-	ifc = (Ipifc*)c->ptcl;
 	if(strcmp(argv[0], "add") == 0)
 		return ipifcadd(ifc, argv, argc, 0, nil);
-	else if(strcmp(argv[0], "bootp") == 0)
-		return bootp(ifc);
 	else if(strcmp(argv[0], "try") == 0)
 		return ipifcadd(ifc, argv, argc, 1, nil);
 	else if(strcmp(argv[0], "remove") == 0)
 		return ipifcrem(ifc, argv, argc);
 	else if(strcmp(argv[0], "unbind") == 0)
 		return ipifcunbind(ifc);
-	else if(strcmp(argv[0], "joinmulti") == 0)
-		return ipifcjoinmulti(ifc, argv, argc);
-	else if(strcmp(argv[0], "leavemulti") == 0)
-		return ipifcleavemulti(ifc, argv, argc);
 	else if(strcmp(argv[0], "mtu") == 0)
-		return ipifcsetmtu(ifc, argv, argc);
-	else if(strcmp(argv[0], "reassemble") == 0){
-		ifc->reassemble = 1;
+		return ipifcsetmtu(ifc, argc>1? strtoul(argv[1], 0, 0): 0);
+	else if(strcmp(argv[0], "speed") == 0){
+		ipifcsetspeed(ifc, argc>1? atoi(argv[1]): 0);
+		return nil;
+	}
+	else if(strcmp(argv[0], "delay") == 0){
+		ipifcsetdelay(ifc, argc>1? atoi(argv[1]): 0);
 		return nil;
 	}
 	else if(strcmp(argv[0], "iprouting") == 0){
-		i = 1;
-		if(argc > 1)
-			i = atoi(argv[1]);
-		iprouting(c->p->f, i);
+		iprouting(c->p->f, argc>1? atoi(argv[1]): 1);
 		return nil;
 	}
-	else if(strcmp(argv[0], "addpref6") == 0)
-		return ipifcaddpref6(ifc, argv, argc);
-	else if(strcmp(argv[0], "setpar6") == 0)
-		return ipifcsetpar6(ifc, argv, argc);
-	else if(strcmp(argv[0], "sendra6") == 0)
-		return ipifcsendra6(ifc, argv, argc);
-	else if(strcmp(argv[0], "recvra6") == 0)
-		return ipifcrecvra6(ifc, argv, argc);
-	else if(strcmp(argv[0], "nat") == 0)
-		return ipifcnat(ifc, argv, argc);
+	else if(strcmp(argv[0], "reflect") == 0){
+		ifc->reflect = argc>1? atoi(argv[1]): 1;
+		return nil;
+	}
+	else if(strcmp(argv[0], "reassemble") == 0){
+		ifc->reassemble = argc>1? atoi(argv[1]): 1;
+		return nil;
+	}
+	else if(strcmp(argv[0], "add6") == 0)
+		return ipifcadd6(ifc, argv, argc);
+	else if(strcmp(argv[0], "remove6") == 0)
+		return ipifcremove6(ifc, argv, argc);
+	else if(strcmp(argv[0], "ra6") == 0)
+		return ipifcra6(ifc, argv, argc);
 	return "unsupported ctl";
 }
 
+int
 ipifcstats(Proto *ipifc, char *buf, int len)
 {
 	return ipstats(ipifc->f, buf, len);
@@ -907,7 +889,7 @@
 	ipifc->nc = Maxmedia;
 	ipifc->ptclsize = sizeof(Ipifc);
 
-	f->ipifc = ipifc;			/* hack for ipifcremroute, findipifc, ... */
+	f->ipifc = ipifc;	/* hack for ipifcremroute, findipifc, ... */
 	f->self = smalloc(sizeof(Ipselftab));	/* hack for ipforme */
 
 	Fsproto(f, ipifc);
@@ -915,21 +897,25 @@
 
 /*
  *  add to self routing cache
- *	called with c locked
  */
 static void
 addselfcache(Fs *f, Ipifc *ifc, Iplifc *lifc, uchar *a, int type)
 {
-	Ipself *p;
 	Iplink *lp;
+	Ipself *p;
 	int h;
 
+	type |= (lifc->type & Rv4);
 	qlock(f->self);
+	if(waserror()){
+		qunlock(f->self);
+		nexterror();
+	}
 
 	/* see if the address already exists */
 	h = hashipa(a);
-	for(p = f->self->hash[h]; p; p = p->next)
-		if(memcmp(a, p->a, IPaddrlen) == 0)
+	for(p = f->self->hash[h]; p != nil; p = p->next)
+		if(ipcmp(a, p->a) == 0)
 			break;
 
 	/* allocate a local address and add to hash chain */
@@ -946,7 +932,7 @@
 	}
 
 	/* look for a link for this lifc */
-	for(lp = p->link; lp; lp = lp->selflink)
+	for(lp = p->link; lp != nil; lp = lp->selflink)
 		if(lp->lifc == lifc)
 			break;
 
@@ -962,18 +948,19 @@
 		lifc->link = lp;
 
 		/* add to routing table */
-		if(isv4(a))
-			v4addroute(f, tifc, a+IPv4off, IPallbits+IPv4off, a+IPv4off, type);
-		else
-			v6addroute(f, tifc, a, IPallbits, a, type);
+		addroute(f, a, IPallbits,
+			lifc->local, 
+			((type & (Rbcast|Rmulti)) != 0 || v6addrtype(a) == linklocalv6) ?
+				IPallbits : IPnoaddr,
+			a, type, ifc, tifc);
 
 		if((type & Rmulti) && ifc->m->addmulti != nil)
 			(*ifc->m->addmulti)(ifc, a, lifc->local);
-	} else {
+	} else
 		lp->ref++;
-	}
 
 	qunlock(f->self);
+	poperror();
 }
 
 /*
@@ -992,18 +979,19 @@
 	ulong now = NOW;
 
 	l = &freeiplink;
-	for(np = *l; np; np = *l){
-		if(np->expire > now){
+	for(np = *l; np != nil; np = *l){
+		if((long)(now - np->expire) >= 0){
 			*l = np->next;
 			free(np);
 			continue;
 		}
 		l = &np->next;
 	}
-	p->expire = now + 5000;		/* give other threads 5 secs to get out */
+	p->expire = now + 5000;	/* give other threads 5 secs to get out */
 	p->next = nil;
 	*l = p;
 }
+
 static void
 ipselffree(Ipself *p)
 {
@@ -1011,15 +999,15 @@
 	ulong now = NOW;
 
 	l = &freeipself;
-	for(np = *l; np; np = *l){
-		if(np->expire > now){
+	for(np = *l; np != nil; np = *l){
+		if((long)(now - np->expire) >= 0){
 			*l = np->next;
 			free(np);
 			continue;
 		}
 		l = &np->next;
 	}
-	p->expire = now + 5000;		/* give other threads 5 secs to get out */
+	p->expire = now + 5000;	/* give other threads 5 secs to get out */
 	p->next = nil;
 	*l = p;
 }
@@ -1027,7 +1015,6 @@
 /*
  *  Decrement reference for this address on this link.
  *  Unlink from selftab if this is the last ref.
- *	called with c locked
  */
 static void
 remselfcache(Fs *f, Ipifc *ifc, Iplifc *lifc, uchar *a)
@@ -1039,7 +1026,7 @@
 
 	/* find the unique selftab entry */
 	l = &f->self->hash[hashipa(a)];
-	for(p = *l; p; p = *l){
+	for(p = *l; p != nil; p = *l){
 		if(ipcmp(p->a, a) == 0)
 			break;
 		l = &p->next;
@@ -1053,7 +1040,7 @@
 	 *  that matches the selftab entry
 	 */
 	l_lifc = &lifc->link;
-	for(link = *l_lifc; link; link = *l_lifc){
+	for(link = *l_lifc; link != nil; link = *l_lifc){
 		if(link->self == p)
 			break;
 		l_lifc = &link->lifclink;
@@ -1067,8 +1054,8 @@
 	 *  the one we just found
 	 */
 	l_self = &p->link;
-	for(link = *l_self; link; link = *l_self){
-		if(link == *(l_lifc))
+	for(link = *l_self; link != nil; link = *l_self){
+		if(link == *l_lifc)
 			break;
 		l_self = &link->selflink;
 	}
@@ -1079,8 +1066,19 @@
 	if(--(link->ref) != 0)
 		goto out;
 
-	if((p->type & Rmulti) && ifc->m->remmulti != nil)
-		(*ifc->m->remmulti)(ifc, a, lifc->local);
+	/* remove from routing table */
+	remroute(f, a, IPallbits,
+		lifc->local, 
+		((p->type & (Rbcast|Rmulti)) != 0 || v6addrtype(a) == linklocalv6) ?
+			IPallbits : IPnoaddr,
+		a, p->type, ifc, tifc);
+
+	if((p->type & Rmulti) && ifc->m->remmulti != nil){
+		if(!waserror()){
+			(*ifc->m->remmulti)(ifc, a, lifc->local);
+			poperror();
+		}
+	}
 
 	/* ref == 0, remove from both chains and free the link */
 	*l_lifc = link->lifclink;
@@ -1090,30 +1088,18 @@
 	if(p->link != nil)
 		goto out;
 
-	/* remove from routing table */
-	if(isv4(a))
-		v4delroute(f, a+IPv4off, IPallbits+IPv4off, 1);
-	else
-		v6delroute(f, a, IPallbits, 1);
-	
+	/* if null address, forget */
+	if(ipcmp(a, v4prefix) == 0 || ipcmp(a, IPnoaddr) == 0)
+		f->self->acceptall = 0;
+
 	/* no more links, remove from hash and free */
 	*l = p->next;
 	ipselffree(p);
 
-	/* if IPnoaddr, forget */
-	if(ipcmp(a, v4prefix) == 0 || ipcmp(a, IPnoaddr) == 0)
-		f->self->acceptall = 0;
-
 out:
 	qunlock(f->self);
 }
 
-static char *stformat = "%-44.44I %2.2d %4.4s\n";
-enum
-{
-	Nstformat= 41,
-};
-
 long
 ipselftabread(Fs *f, char *cp, ulong offset, int n)
 {
@@ -1124,55 +1110,38 @@
 
 	m = 0;
 	off = offset;
-	qlock(f->self);
 	for(i = 0; i < NHASH && m < n; i++){
 		for(p = f->self->hash[i]; p != nil && m < n; p = p->next){
 			nifc = 0;
-			for(link = p->link; link; link = link->selflink)
+			for(link = p->link; link != nil; link = link->selflink)
 				nifc++;
 			routetype(p->type, state);
-			m += snprint(cp + m, n - m, stformat, p->a, nifc, state);
+			m += snprint(cp + m, n - m, "%-44.44I %2.2d %4.4s\n",
+				p->a, nifc, state);
 			if(off > 0){
 				off -= m;
 				m = 0;
 			}
 		}
 	}
-	qunlock(f->self);
 	return m;
 }
 
-int
-iptentative(Fs *f, uchar *addr)
-{
- 	Ipself *p;
-
-	p = f->self->hash[hashipa(addr)];
-	for(; p; p = p->next){
-		if(ipcmp(addr, p->a) == 0) {
-			return p->link->lifc->tentative;
-		}
-	}
-	return 0;
-}
-
 /*
  *  returns
  *	0		- no match
  *	Runi
  *	Rbcast
- *	Rmcast
+ *	Rmulti
  */
 int
 ipforme(Fs *f, uchar *addr)
 {
 	Ipself *p;
 
-	p = f->self->hash[hashipa(addr)];
-	for(; p; p = p->next){
+	for(p = f->self->hash[hashipa(addr)]; p != nil; p = p->next)
 		if(ipcmp(addr, p->a) == 0)
-			return p->type;
-	}
+			return p->type & (Runi|Rbcast|Rmulti);
 
 	/* hack to say accept anything */
 	if(f->self->acceptall)
@@ -1186,254 +1155,237 @@
  *  return nil.
  */
 Ipifc*
-findipifc(Fs *f, uchar *remote, int type)
+findipifc(Fs *f, uchar *local, uchar *remote, int type)
 {
+	uchar gnet[IPaddrlen];
+	int spec, xspec;
 	Ipifc *ifc, *x;
 	Iplifc *lifc;
-	Conv **cp, **e;
-	uchar gnet[IPaddrlen];
-	uchar xmask[IPaddrlen];
-
-	x = nil; memset(xmask, 0, IPaddrlen);
-
-	/* find most specific match */
-	e = &f->ipifc->conv[f->ipifc->nc];
-	for(cp = f->ipifc->conv; cp < e; cp++){
-		if(*cp == 0)
-			continue;
+	Conv **cp;
 
+	x = nil;
+	xspec = 0;
+	for(cp = f->ipifc->conv; *cp != nil; cp++){
 		ifc = (Ipifc*)(*cp)->ptcl;
-
-		for(lifc = ifc->lifc; lifc; lifc = lifc->next){
+		if(!canrlock(ifc))
+			continue;
+		for(lifc = ifc->lifc; lifc != nil; lifc = lifc->next){
+			if(type & Runi){
+				if(ipcmp(remote, lifc->local) == 0){
+				Found:
+					runlock(ifc);
+					return ifc;
+				}
+			} else if(type & (Rbcast|Rmulti)) {
+				if(ipcmp(local, lifc->local) == 0)
+					goto Found;
+			}
 			maskip(remote, lifc->mask, gnet);
 			if(ipcmp(gnet, lifc->net) == 0){
-				if(x == nil || ipcmp(lifc->mask, xmask) > 0){
+				spec = comprefixlen(remote, lifc->local, IPaddrlen);
+				if(spec > xspec){
 					x = ifc;
-					ipmove(xmask, lifc->mask);
+					xspec = spec;
 				}
 			}
 		}
+		runlock(ifc);
 	}
-	if(x != nil)
-		return x;
-
-	/* for now for broadcast and multicast, just use first interface */
-	if(type & (Rbcast|Rmulti)){
-		for(cp = f->ipifc->conv; cp < e; cp++){
-			if(*cp == 0)
-				continue;
-			ifc = (Ipifc*)(*cp)->ptcl;
-			if(ifc->lifc != nil)
-				return ifc;
-		}
-	}
-		
-	return nil;
+	return x;
 }
 
-enum {
-	unknownv6,
-	multicastv6,
-	unspecifiedv6,
-	linklocalv6,
-	sitelocalv6,
-	globalv6,
-};
-
-int
-v6addrtype(uchar *addr)
+Ipifc*
+findipifcstr(Fs *f, char *s)
 {
-	if(isv6global(addr))
-		return globalv6;
-	if(islinklocal(addr))
-		return linklocalv6;
-	if(isv6mcast(addr))
-		return multicastv6;
-	if(issitelocal(addr))
-		return sitelocalv6;
-	return unknownv6;
+	uchar ip[IPaddrlen];
+	Conv *c;
+	char *p;
+	long x;
+
+	x = strtol(s, &p, 10);
+	if(p > s && *p == '\0'){
+		if(x < 0)
+			return nil;
+		if(x < f->ipifc->nc && (c = f->ipifc->conv[x]) != nil && ipifcinuse(c))
+			return (Ipifc*)c->ptcl;
+	}
+	if(parseip(ip, s) != -1)
+		return findipifc(f, ip, ip, Runi);
+	return nil;
 }
 
-#define v6addrcurr(lifc) (( (lifc)->origint + (lifc)->preflt >= (NOW/10^3) ) || ( (lifc)->preflt == 0xffffffff ))
-
+/*
+ *  find "best" (global > link local > unspecified)
+ *  local address; address must be current.
+ */
 static void
 findprimaryipv6(Fs *f, uchar *local)
 {
-	Conv **cp, **e;
-	Ipifc *ifc;
-	Iplifc *lifc;
+	ulong now = NOW/1000;
 	int atype, atypel;
+	Iplifc *lifc;
+	Ipifc *ifc;
+	Conv **cp;
 
 	ipmove(local, v6Unspecified);
 	atype = unspecifiedv6;
 
-	/* find "best" (global > sitelocal > link local > unspecified)
-	 * local address; address must be current */
-
-	e = &f->ipifc->conv[f->ipifc->nc];
-	for(cp = f->ipifc->conv; cp < e; cp++){
-		if(*cp == 0)
-			continue;
+	for(cp = f->ipifc->conv; *cp != nil; cp++){
 		ifc = (Ipifc*)(*cp)->ptcl;
-		for(lifc = ifc->lifc; lifc; lifc = lifc->next){
+		rlock(ifc);
+		for(lifc = ifc->lifc; lifc != nil; lifc = lifc->next){
 			atypel = v6addrtype(lifc->local);
 			if(atypel > atype)
-			if(v6addrcurr(lifc)) {
+			if(lifc->preflt == ~0UL || lifc->preflt >= now-lifc->origint) {
 				ipmove(local, lifc->local);
 				atype = atypel;
-				if(atype == globalv6)
+				if(atype == globalv6){
+					runlock(ifc);
 					return;
+				}
 			}
 		}
+		runlock(ifc);
 	}
 }
 
 /*
- *  returns first ip address configured
+ *  returns first v4 address configured
  */
 static void
 findprimaryipv4(Fs *f, uchar *local)
 {
-	Conv **cp, **e;
-	Ipifc *ifc;
 	Iplifc *lifc;
+	Ipifc *ifc;
+	Conv **cp;
 
 	/* find first ifc local address */
-	e = &f->ipifc->conv[f->ipifc->nc];
-	for(cp = f->ipifc->conv; cp < e; cp++){
-		if(*cp == 0)
-			continue;
+	for(cp = f->ipifc->conv; *cp != nil; cp++){
 		ifc = (Ipifc*)(*cp)->ptcl;
-		if((lifc = ifc->lifc) != nil){
-			ipmove(local, lifc->local);
-			return;
+		rlock(ifc);
+		for(lifc = ifc->lifc; lifc != nil; lifc = lifc->next){
+			if((lifc->type & Rv4) != 0){
+				ipmove(local, lifc->local);
+				runlock(ifc);
+				return;
+			}
 		}
+		runlock(ifc);
 	}
+	ipmove(local, IPnoaddr);
 }
 
 /*
- *  find the local address 'closest' to the remote system, copy it to
- *  local and return the ifc for that address
+ * ipv4local, ipv6local:
+ *  return a local address associated with an interface close to remote.
+ *  prefixlen is the number of leading bits in the local address that
+ *  have to match an interface address to be considered. this is used
+ *  by source specific routes to filter on the source address.
+ *  return non-zero on success or zero when no address was found.
+ *
+ *  for ipv4local, all addresses are 4 byte format.
  */
-void
-findlocalip(Fs *f, uchar *local, uchar *remote)
+int
+ipv4local(Ipifc *ifc, uchar *local, int prefixlen, uchar *remote)
 {
-	Ipifc *ifc;
 	Iplifc *lifc;
-	Route *r;
-	uchar gate[IPaddrlen];
-	uchar gnet[IPaddrlen];
-	int version;
-	int atype = unspecifiedv6, atypel = unknownv6;
+	int a, b;
 
-	USED(atype);
-	USED(atypel);
-	qlock(f->ipifc);
-	r = v6lookup(f, remote, nil);
- 	version = (memcmp(remote, v4prefix, IPv4off) == 0) ? V4 : V6;
-	
-	if(r != nil){
-		ifc = r->ifc;
-		if(r->type & Rv4)
-			v4tov6(gate, r->v4.gate);
-		else {
-			ipmove(gate, r->v6.gate);
-			ipmove(local, v6Unspecified);
-		}
-
-		/* find ifc address closest to the gateway to use */
-		switch(version) {
-		case V4:
-			for(lifc = ifc->lifc; lifc; lifc = lifc->next){
-				maskip(gate, lifc->mask, gnet);
-				if(ipcmp(gnet, lifc->net) == 0){
-					ipmove(local, lifc->local);
-					goto out;
-				}
-			}
-			break;
-		case V6:
-			for(lifc = ifc->lifc; lifc; lifc = lifc->next){
-				atypel = v6addrtype(lifc->local);
-				maskip(gate, lifc->mask, gnet);
-				if(ipcmp(gnet, lifc->net) == 0)
-				if(atypel > atype)
-				if(v6addrcurr(lifc)) {
-					ipmove(local, lifc->local);
-					atype = atypel;
-					if(atype == globalv6)
-						break;
-				}
-			}
-			if(atype > unspecifiedv6)
-				goto out;
-			break;
-		default:
-			panic("findlocalip: version %d", version);
-		}
-	}
+	b = -1;
+	for(lifc = ifc->lifc; lifc != nil; lifc = lifc->next){
+		if((lifc->type & Rv4) == 0 || ipcmp(lifc->local, IPnoaddr) == 0)
+			continue;
 
-	switch(version){
-	case V4:
-		findprimaryipv4(f, local);
-		break;
-	case V6:
-		findprimaryipv6(f, local);
-		break;
-	default:
-		panic("findlocalip2: version %d", version);
+		if(prefixlen && comprefixlen(lifc->local+IPv4off, local, IPv4addrlen) < prefixlen)
+			continue;
+		
+		a = comprefixlen(lifc->local+IPv4off, remote, IPv4addrlen);
+		if(a > b){
+			b = a;
+			memmove(local, lifc->local+IPv4off, IPv4addrlen);
+		}
 	}
-
-out:
-	qunlock(f->ipifc);
+	return b >= 0;
 }
 
-/*
- *  return first v4 address associated with an interface
- */
 int
-ipv4local(Ipifc *ifc, uchar *addr)
+ipv6local(Ipifc *ifc, uchar *local, int prefixlen, uchar *remote)
 {
+	struct {
+		int	atype;
+		int	deprecated;
+		int	comprefixlen;
+	} a, b;
+	int atype;
+	ulong now;
 	Iplifc *lifc;
 
-	for(lifc = ifc->lifc; lifc; lifc = lifc->next){
-		if(isv4(lifc->local)){
-			memmove(addr, lifc->local+IPv4off, IPv4addrlen);
-			return 1;
-		}
+	if(isv4(remote)){
+		memmove(local, v4prefix, IPv4off);
+		if((prefixlen -= IPv4off*8) < 0)
+			prefixlen = 0;
+		return ipv4local(ifc, local+IPv4off, prefixlen, remote+IPv4off);
 	}
-	return 0;
-}
 
-/*
- *  return first v6 address associated with an interface
- */
-int
-ipv6local(Ipifc *ifc, uchar *addr)
-{
-	Iplifc *lifc;
+	atype = v6addrtype(remote);
+	b.atype = unknownv6;
+	b.deprecated = 1;
+	b.comprefixlen = 0;
+
+	now = NOW/1000;
+	for(lifc = ifc->lifc; lifc != nil; lifc = lifc->next){
+		if(lifc->tentative)
+			continue;
+
+		if(prefixlen && comprefixlen(lifc->local, local, IPaddrlen) < prefixlen)
+			continue;
 
-	for(lifc = ifc->lifc; lifc; lifc = lifc->next){
-		if(!isv4(lifc->local) && !(lifc->tentative)){
-			ipmove(addr, lifc->local);
-			return 1;
+		a.atype = v6addrtype(lifc->local);
+		a.deprecated = lifc->preflt != ~0UL && lifc->preflt < now-lifc->origint;
+		a.comprefixlen = comprefixlen(lifc->local, remote, IPaddrlen);
+
+		/* prefer appropriate scope */
+		if(a.atype != b.atype){
+			if(a.atype > b.atype && b.atype < atype ||
+			   a.atype < b.atype && b.atype > atype)
+				goto Good;
+			continue;
+		}
+		/* prefer non-deprecated addresses */
+		if(a.deprecated != b.deprecated){
+			if(b.deprecated)
+				goto Good;
+			continue;
+		}
+		/* prefer longer common prefix */
+		if(a.comprefixlen != b.comprefixlen){
+			if(a.comprefixlen > b.comprefixlen)
+				goto Good;
+			continue;
 		}
+		continue;
+	Good:
+		b = a;
+		ipmove(local, lifc->local);
 	}
-	return 0;
+
+	return b.atype >= atype;
 }
 
-int
-ipv6anylocal(Ipifc *ifc, uchar *addr)
+/*
+ *  find the local address for a remote destination
+ */
+void
+findlocalip(Fs *f, uchar *local, uchar *remote)
 {
-	Iplifc *lifc;
-
-	for(lifc = ifc->lifc; lifc; lifc = lifc->next){
-		if(!isv4(lifc->local)){
-			ipmove(addr, lifc->local);
-			return SRC_UNI;
-		}
+	if(isv4(remote)) {
+		memmove(local, v4prefix, IPv4off);
+		if(v4source(f, remote+IPv4off, local+IPv4off) == nil)
+			findprimaryipv4(f, local);
+	} else {
+		if(v6source(f, remote, local) == nil)
+			findprimaryipv6(f, local);
 	}
-	return SRC_UNSPEC;
 }
 
 /*
@@ -1444,9 +1396,24 @@
 {
 	Iplifc *lifc;
 
-	for(lifc = ifc->lifc; lifc; lifc = lifc->next)
+	for(lifc = ifc->lifc; lifc != nil; lifc = lifc->next)
 		if(ipcmp(ip, lifc->local) == 0)
 			return lifc;
+
+	return nil;
+}
+
+Iplifc*
+ipremoteonifc(Ipifc *ifc, uchar *ip)
+{
+	uchar net[IPaddrlen];
+	Iplifc *lifc;
+
+	for(lifc = ifc->lifc; lifc != nil; lifc = lifc->next){
+		maskip(ip, lifc->mask, net);
+		if(ipcmp(net, lifc->remote) == 0)
+			return lifc;
+	}
 	return nil;
 }
 
@@ -1458,24 +1425,13 @@
 ipproxyifc(Fs *f, Ipifc *ifc, uchar *ip)
 {
 	Route *r;
-	uchar net[IPaddrlen];
-	Iplifc *lifc;
 
 	/* see if this is a direct connected pt to pt address */
-	r = v6lookup(f, ip, nil);
-	if(r == nil)
+	r = v6lookup(f, ip, ip, nil);
+	if(r == nil || (r->type & (Rifc|Rproxy)) != (Rifc|Rproxy))
 		return 0;
-	if((r->type & (Rifc|Rproxy)) != (Rifc|Rproxy))
-		return 0;
-
-	/* see if this is on the right interface */
-	for(lifc = ifc->lifc; lifc; lifc = lifc->next){
-		maskip(ip, lifc->mask, net);
-		if(ipcmp(net, lifc->remote) == 0)
-			return 1;
-	}
 
-	return 0;
+	return ipremoteonifc(ifc, ip) != nil;
 }
 
 /*
@@ -1487,88 +1443,64 @@
 	if(isv4(ip)){
 		if(ip[IPv4off] >= 0xe0 && ip[IPv4off] < 0xf0)
 			return V4;
-	} else {
-		if(ip[0] == 0xff)
-			return V6;
 	}
+	else if(ip[0] == 0xff)
+		return V6;
 	return 0;
 }
 
-int
-ipisbm(uchar *ip)
-{
-	if(isv4(ip)){
-		if(ip[IPv4off] >= 0xe0 && ip[IPv4off] < 0xf0)
-			return V4;
-		if(ipcmp(ip, IPv4bcast) == 0)
-			return V4;
-	} else {
-		if(ip[0] == 0xff)
-			return V6;
-	}
-	return 0;
-}
-
-
 /*
- *  add a multicast address to an interface, called with c locked
+ *  add a multicast address to an interface.
  */
 void
 ipifcaddmulti(Conv *c, uchar *ma, uchar *ia)
 {
-	Ipifc *ifc;
-	Iplifc *lifc;
-	Conv **p;
 	Ipmulti *multi, **l;
+	Iplifc *lifc;
+	Ipifc *ifc;
 	Fs *f;
 
-	f = c->p->f;
-	
-	for(l = &c->multi; *l; l = &(*l)->next)
-		if(ipcmp(ma, (*l)->ma) == 0)
-		if(ipcmp(ia, (*l)->ia) == 0)
-			return;		/* it's already there */
+	if(isv4(ma) != isv4(ia))
+		error("incompatible multicast/interface ip address");
 
-	multi = *l = smalloc(sizeof(*multi));
-	ipmove(multi->ma, ma);
-	ipmove(multi->ia, ia);
-	multi->next = nil;
+	for(l = &c->multi; *l != nil; l = &(*l)->next)
+		if(ipcmp(ma, (*l)->ma) == 0 && ipcmp(ia, (*l)->ia) == 0)
+			return;		/* it's already there */
 
-	for(p = f->ipifc->conv; *p; p++){
-		if((*p)->inuse == 0)
-			continue;
-		ifc = (Ipifc*)(*p)->ptcl;
+	f = c->p->f;
+	if((ifc = findipifc(f, ia, ma, Rmulti)) != nil){
+		rlock(ifc);
 		if(waserror()){
-			wunlock(ifc);
+			runlock(ifc);
 			nexterror();
 		}
-		wlock(ifc);
-		for(lifc = ifc->lifc; lifc; lifc = lifc->next)
-			if(ipcmp(ia, lifc->local) == 0)
-				addselfcache(f, ifc, lifc, ma, Rmulti);
-		wunlock(ifc);
+		if((lifc = iplocalonifc(ifc, ia)) != nil)
+			addselfcache(f, ifc, lifc, ma, Rmulti);
+		runlock(ifc);
 		poperror();
 	}
+
+	multi = smalloc(sizeof(*multi));
+	ipmove(multi->ma, ma);
+	ipmove(multi->ia, ia);
+	multi->next = nil;
+	*l = multi;
 }
 
 
 /*
- *  remove a multicast address from an interface, called with c locked
+ *  remove a multicast address from an interface.
  */
 void
 ipifcremmulti(Conv *c, uchar *ma, uchar *ia)
 {
 	Ipmulti *multi, **l;
 	Iplifc *lifc;
-	Conv **p;
 	Ipifc *ifc;
 	Fs *f;
 
-	f = c->p->f;
-	
-	for(l = &c->multi; *l; l = &(*l)->next)
-		if(ipcmp(ma, (*l)->ma) == 0)
-		if(ipcmp(ia, (*l)->ia) == 0)
+	for(l = &c->multi; *l != nil; l = &(*l)->next)
+		if(ipcmp(ma, (*l)->ma) == 0 && ipcmp(ia, (*l)->ia) == 0)
 			break;
 
 	multi = *l;
@@ -1576,192 +1508,145 @@
 		return; 	/* we don't have it open */
 
 	*l = multi->next;
+	multi->next = nil;
 
-	for(p = f->ipifc->conv; *p; p++){
-		if((*p)->inuse == 0)
-			continue;
-
-		ifc = (Ipifc*)(*p)->ptcl;
-		if(waserror()){
-			wunlock(ifc);
-			nexterror();
-		}
-		wlock(ifc);
-		for(lifc = ifc->lifc; lifc; lifc = lifc->next)
-			if(ipcmp(ia, lifc->local) == 0)
+	f = c->p->f;
+	if((ifc = findipifc(f, ia, ma, Rmulti)) != nil){
+		rlock(ifc);
+		if(!waserror()){
+			if((lifc = iplocalonifc(ifc, ia)) != nil)
 				remselfcache(f, ifc, lifc, ma);
-		wunlock(ifc);
-		poperror();
+			poperror();
+		}
+		runlock(ifc);
 	}
-
 	free(multi);
 }
 
-/*
- *  make lifc's join and leave multicast groups
- */
-static char*
-ipifcjoinmulti(Ipifc *ifc, char **argv, int argc)
-{
-	USED(ifc, argv, argc);
-	return nil;
-}
-
-static char*
-ipifcleavemulti(Ipifc *ifc, char **argv, int argc)
+/* register the address on this network for address resolution */
+static void
+ipifcregisteraddr(Fs *f, Ipifc *ifc, Iplifc *lifc, uchar *ip)
 {
-	USED(ifc, argv, argc);
-	return nil;
+	if(waserror()){
+		print("ipifcregisteraddr %s %I %I: %s\n", ifc->dev, lifc->local, ip, up->errstr);
+		return;
+	}
+	if(ifc->m != nil && ifc->m->areg != nil)
+		(*ifc->m->areg)(f, ifc, lifc, ip);
+	poperror();
 }
 
 static void
-ipifcregisterproxy(Fs *f, Ipifc *ifc, uchar *ip)
+ipifcregisterproxy(Fs *f, Ipifc *ifc, uchar *ip, int add)
 {
-	Conv **cp, **e;
-	Ipifc *nifc;
+	uchar a[IPaddrlen];
 	Iplifc *lifc;
-	Medium *m;
-	uchar net[IPaddrlen];
+	Ipifc *nifc;
+	Conv **cp;
 
-	/* register the address on any network that will proxy for us */
-	e = &f->ipifc->conv[f->ipifc->nc];
+	/* register the address on any interface that will proxy for the ip */
+	for(cp = f->ipifc->conv; *cp != nil; cp++){
+		nifc = (Ipifc*)(*cp)->ptcl;
+		if(nifc == ifc || !canrlock(nifc))
+			continue;
 
-	if(!isv4(ip)) { // V6
-		for(cp = f->ipifc->conv; cp < e; cp++){
-			if(*cp == nil)
-				continue;
-			nifc = (Ipifc*)(*cp)->ptcl;
-			if(nifc == ifc)
-				continue;
-	
-			rlock(nifc);
-			m = nifc->m;
-			if(m == nil || m->addmulti == nil) {
-				runlock(nifc);
-				continue;
-			}
-			for(lifc = nifc->lifc; lifc; lifc = lifc->next){
-				maskip(ip, lifc->mask, net);
-				if(ipcmp(net, lifc->remote) == 0) { /* add solicited-node multicast address */
-					ipv62smcast(net, ip);
-					addselfcache(f, nifc, lifc, net, Rmulti);
-					arpenter(f, V6, ip, nifc->mac, 6, 0);
-					//(*m->addmulti)(nifc, net, ip);
-					break;
-				}
-			}
-			runlock(nifc);
-		}
-		return;
-	}
-	else { // V4
-		for(cp = f->ipifc->conv; cp < e; cp++){
-			if(*cp == nil)
-				continue;
-			nifc = (Ipifc*)(*cp)->ptcl;
-			if(nifc == ifc)
-				continue;
-	
-			rlock(nifc);
-			m = nifc->m;
-			if(m == nil || m->areg == nil){
-				runlock(nifc);
-				continue;
-			}
-			for(lifc = nifc->lifc; lifc; lifc = lifc->next){
-				maskip(ip, lifc->mask, net);
-				if(ipcmp(net, lifc->remote) == 0){
-					(*m->areg)(nifc, ip);
-					break;
-				}
-			}
+		if(nifc->m == nil
+		|| (lifc = ipremoteonifc(nifc, ip)) == nil
+		|| (lifc->type & Rptpt) != 0
+		|| waserror()){
 			runlock(nifc);
+			continue;
 		}
+		if((lifc->type & Rv4) == 0){
+			/* add solicited-node multicast addr */
+			ipv62smcast(a, ip);
+			if(add)
+				addselfcache(f, nifc, lifc, a, Rmulti);
+			else
+				remselfcache(f, nifc, lifc, a);
+		}
+		if(add)
+			ipifcregisteraddr(f, nifc, lifc, ip);
+		runlock(nifc);
+		poperror();
 	}
 }
 
-
-// added for new v6 mesg types
-static void
-adddefroute6(Fs *f, uchar *gate, int force)
-{
-	Route *r;
-
-	r = v6lookup(f, v6Unspecified, nil);
-	if(r!=nil)
-	if(!(force) && (strcmp(r->tag,"ra")!=0))	// route entries generated
-		return;			// by all other means take
-					// precedence over router annc
-
-	v6delroute(f, v6Unspecified, v6Unspecified, 1);
-	v6addroute(f, "ra", v6Unspecified, v6Unspecified, gate, 0);
-}
-
-enum
-{
-	Ngates = 3,
-};
-
 char*
-ipifcaddpref6(Ipifc *ifc, char**argv, int argc)
+ipifcadd6(Ipifc *ifc, char **argv, int argc)
 {
-	uchar	onlink = 1;
-	uchar	autoflag = 1;
-	long 	validlt = 0xffffffff;
-	long 	preflt = 0xffffffff;
-	long	origint = NOW / 10^3;
-	uchar	prefix[IPaddrlen];
-	int	plen = 64;
-	Iplifc	*lifc;
-	char	addr[40], preflen[6];
-	char	*params[3];
+	int plen = 64;
+	char addr[40], preflen[6];
+	char *params[3];
+	uchar prefix[IPaddrlen];
+	Iplifc lifc;
+	Medium *m;
+
+	lifc.onlink = 1;
+	lifc.autoflag = 1;
+	lifc.validlt = lifc.preflt = ~0UL;
+	lifc.origint = NOW / 1000;
 
 	switch(argc) {
 	case 7:
-		preflt = atoi(argv[6]);
+		lifc.preflt = strtoul(argv[6], 0, 10);
 		/* fall through */
 	case 6:
-		validlt = atoi(argv[5]);
+		lifc.validlt = strtoul(argv[5], 0, 10);
 		/* fall through */
 	case 5:
-		autoflag =  atoi(argv[4]);
+		lifc.autoflag = atoi(argv[4]) != 0;
 		/* fall through */
 	case 4:
-		onlink = atoi(argv[3]);
+		lifc.onlink = atoi(argv[3]) != 0;
 		/* fall through */
 	case 3:
 		plen = atoi(argv[2]);
+		/* fall through */
 	case 2:
 		break;
 	default:
 		return Ebadarg;
 	}
 
-	if((parseip(prefix, argv[1])!=6) ||
-	 	(validlt < preflt) ||
-		(plen < 0) || (plen > 64) ||
-		(islinklocal(prefix))
-	)
+	if (parseip(prefix, argv[1]) != 6 || lifc.validlt < lifc.preflt || plen < 0 ||
+	    plen > 64 || islinklocal(prefix))
 		return Ebadarg;
 
-	lifc = smalloc(sizeof(Iplifc));
-	lifc->onlink = (onlink!=0);
-	lifc->autoflag = (autoflag!=0);
-	lifc->validlt = validlt;
-	lifc->preflt = preflt;
-	lifc->origint = origint;
+	/* issue "add" ctl msg for v6 link-local addr and prefix len */
+	m = ifc->m;
+	if(m == nil || m->pref2addr == nil)
+		return Eunbound;
+	(*m->pref2addr)(prefix, ifc->mac);	/* mac → v6 link-local addr */
 
-	if(ifc->m->pref2addr!=nil)
-		ifc->m->pref2addr(prefix, ifc->mac);
-	else
-		return Ebadarg;
-	
 	sprint(addr, "%I", prefix);
 	sprint(preflen, "/%d", plen);
 	params[0] = "add";
 	params[1] = addr;
 	params[2] = preflen;
 
-	return ipifcadd(ifc, params, 3, 0, lifc);
+	return ipifcadd(ifc, params, 3, 0, &lifc);
 }
 
+char*
+ipifcremove6(Ipifc *ifc, char**, int argc)
+{
+	Iplifc *lifc, **l;
+	ulong now;
+
+	if(argc != 1)
+		return Ebadarg;
+
+	wlock(ifc);
+	now = NOW/1000;
+	for(l = &ifc->lifc; (lifc = *l) != nil;) {
+		if((lifc->type & Rv4) == 0)
+		if(lifc->validlt != ~0UL && lifc->validlt < now-lifc->origint)
+			if(ipifcremlifc(ifc, l) == nil)
+				continue;
+		l = &lifc->next;
+	}
+	wunlock(ifc);
+
+	return nil;
+}
--- a/os/ip/ipmux.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/ipmux.c	Sat Aug 21 01:39:52 2021
@@ -1,3 +1,6 @@
+/*
+ * IP packet filter
+ */
 #include "u.h"
 #include "../port/lib.h"
 #include "mem.h"
@@ -6,56 +9,20 @@
 #include "../port/error.h"
 
 #include "ip.h"
-#define DPRINT if(0)print
+#include "ipv6.h"
 
 typedef struct Ipmuxrock  Ipmuxrock;
 typedef struct Ipmux      Ipmux;
-typedef struct Ip6hdr     Ip6hdr;
-
-enum
-{
-	IPHDR		= 20,		/* sizeof(Ip4hdr) */
-};
-
-struct Ip6hdr
-{
-	uchar vcf[4];		/* version, class label, and flow label */ 
-	uchar ploadlen[2];	/* payload length */
-	uchar proto;		/* next header, i.e. proto */
-	uchar ttl;		/* hop limit, i.e. ttl */
-	uchar src[16];		/* IP source */
-	uchar dst[16];		/* IP destination */
-};
-
 
 enum
 {
+	Tver,
 	Tproto,
 	Tdata,
 	Tiph,
 	Tdst,
 	Tsrc,
 	Tifc,
-
-	Cother = 0,
-	Cbyte,		/* single byte */
-	Cmbyte,		/* single byte with mask */
-	Cshort,		/* single short */
-	Cmshort,	/* single short with mask */
-	Clong,		/* single long */
-	Cmlong,		/* single long with mask */
-	Cifc,
-	Cmifc,
-};
-
-char *ftname[] = 
-{
-[Tproto]	"proto",
-[Tdata]		"data",
-[Tiph]	 	"iph",
-[Tdst]		"dst",
-[Tsrc]		"src",
-[Tifc]		"ifc",
 };
 
 /*
@@ -66,16 +33,12 @@
 	Ipmux	*yes;
 	Ipmux	*no;
 	uchar	type;		/* type of field(Txxxx) */
-	uchar	ctype;		/* tupe of comparison(Cxxxx) */
 	uchar	len;		/* length in bytes of item to compare */
 	uchar	n;		/* number of items val points to */
-	short	off;		/* offset of comparison */
-	short	eoff;		/* end offset of comparison */
-	uchar	skiphdr;	/* should offset start after ipheader */
+	int	off;		/* offset of comparison */
 	uchar	*val;
 	uchar	*mask;
 	uchar	*e;		/* val+n*len*/
-
 	int	ref;		/* so we can garbage collect */
 	Conv	*conv;
 };
@@ -90,6 +53,7 @@
 
 static int	ipmuxsprint(Ipmux*, int, char*, int);
 static void	ipmuxkick(void *x);
+static void	ipmuxfree(Ipmux *f);
 
 static char*
 skipwhite(char *p)
@@ -122,27 +86,33 @@
 	Ipmux *f;
 
 	p = skipwhite(p);
-	if(strncmp(p, "dst", 3) == 0){
+	if(strncmp(p, "ver", 3) == 0){
+		type = Tver;
+		off = 0;
+		len = 1;
+		p += 3;
+	}
+	else if(strncmp(p, "dst", 3) == 0){
 		type = Tdst;
-		off = offsetof(Ip4hdr, dst[0]);
-		len = IPv4addrlen;
+		off = offsetof(Ip6hdr, dst[0]);
+		len = IPaddrlen;
 		p += 3;
 	}
 	else if(strncmp(p, "src", 3) == 0){
 		type = Tsrc;
-		off = offsetof(Ip4hdr, src[0]);
-		len = IPv4addrlen;
+		off = offsetof(Ip6hdr, src[0]);
+		len = IPaddrlen;
 		p += 3;
 	}
 	else if(strncmp(p, "ifc", 3) == 0){
 		type = Tifc;
-		off = -IPv4addrlen;
-		len = IPv4addrlen;
+		off = -IPaddrlen;
+		len = IPaddrlen;
 		p += 3;
 	}
 	else if(strncmp(p, "proto", 5) == 0){
 		type = Tproto;
-		off = offsetof(Ip4hdr, proto);
+		off = offsetof(Ip6hdr, proto);
 		len = 1;
 		p += 5;
 	}
@@ -160,7 +130,7 @@
 			return nil;
 		p++;
 		off = strtoul(p, &p, 0);
-		if(off < 0 || off > (64-IPHDR))
+		if(off < 0)
 			return nil;
 		p = skipwhite(p);
 		if(*p != ':')
@@ -189,11 +159,6 @@
 	f->mask = nil;
 	f->n = 1;
 	f->ref = 1;
-	if(type == Tdata)
-		f->skiphdr = 1;
-	else
-		f->skiphdr = 0;
-
 	return f;	
 }
 
@@ -229,7 +194,7 @@
 static Ipmux*
 parsemux(char *p)
 {
-	int n, nomask;
+	int n;
 	Ipmux *f;
 	char *val;
 	char *mask;
@@ -247,14 +212,14 @@
 		goto parseerror;
 
 	/* parse mask */
-	mask = follows(val, '&');
+	mask = follows(p, '&');
 	if(mask != nil){
 		switch(f->type){
 		case Tsrc:
 		case Tdst:
 		case Tifc:
 			f->mask = smalloc(f->len);
-			v4parseip(f->mask, mask);
+			parseipmask(f->mask, mask, 0);
 			break;
 		case Tdata:
 		case Tiph:
@@ -264,25 +229,34 @@
 		default:
 			goto parseerror;
 		}
-		nomask = 0;
-	} else {
-		nomask = 1;
+	} else if(f->type == Tver){
 		f->mask = smalloc(f->len);
-		memset(f->mask, 0xff, f->len);
+		f->mask[0] = 0xF0;
 	}
 
 	/* parse vals */
-	f->n = getfields(val, vals, sizeof(vals)/sizeof(char*), 1, "|");
+	f->n = getfields(val, vals, nelem(vals), 1, "|");
 	if(f->n == 0)
 		goto parseerror;
 	f->val = smalloc(f->n*f->len);
 	v = f->val;
 	for(n = 0; n < f->n; n++){
 		switch(f->type){
+		case Tver:
+			if(f->n != 1)
+				goto parseerror;
+			if(strcmp(vals[n], "6") == 0)
+				*v = IP_VER6;
+			else if(strcmp(vals[n], "4") == 0)
+				*v = IP_VER4;
+			else
+				goto parseerror;
+			break;
 		case Tsrc:
 		case Tdst:
 		case Tifc:
-			v4parseip(v, vals[n]);
+			if(parseip(v, vals[n]) == -1)
+				goto parseerror;
 			break;
 		case Tproto:
 		case Tdata:
@@ -292,34 +266,11 @@
 		}
 		v += f->len;
 	}
-
-	f->eoff = f->off + f->len;
 	f->e = f->val + f->n*f->len;
-	f->ctype = Cother;
-	if(f->n == 1){
-		switch(f->len){
-		case 1:
-			f->ctype = nomask ? Cbyte : Cmbyte;
-			break;
-		case 2:
-			f->ctype = nomask ? Cshort : Cmshort;
-			break;
-		case 4:
-			if(f->type == Tifc)
-				f->ctype = nomask ? Cifc : Cmifc;
-			else
-				f->ctype = nomask ? Clong : Cmlong;
-			break;
-		}
-	}
 	return f;
 
 parseerror:
-	if(f->mask)
-		free(f->mask);
-	if(f->val)
-		free(f->val);
-	free(f);
+	ipmuxfree(f);
 	return nil;
 }
 
@@ -342,8 +293,7 @@
 		return n;
 
 	/* compare offsets, call earlier ones more specific */
-	n = (a->off+((int)a->skiphdr)*offsetof(Ip4hdr, data[0])) - 
-		(b->off+((int)b->skiphdr)*offsetof(Ip4hdr, data[0]));
+	n = a->off - b->off;
 	if(n != 0)
 		return n;
 
@@ -413,6 +363,10 @@
 	*nf = *f;
 	nf->no = ipmuxcopy(f->no);
 	nf->yes = ipmuxcopy(f->yes);
+	if(f->mask != nil){
+		nf->mask = smalloc(f->len);
+		memmove(nf->mask, f->mask, f->len);
+	}
 	nf->val = smalloc(f->n*f->len);
 	nf->e = nf->val + f->len*f->n;
 	memmove(nf->val, f->val, f->n*f->len);
@@ -422,8 +376,10 @@
 static void
 ipmuxfree(Ipmux *f)
 {
-	if(f->val != nil)
-		free(f->val);
+	if(f == nil)
+		return;
+	free(f->val);
+	free(f->mask);
 	free(f);
 }
 
@@ -432,10 +388,8 @@
 {
 	if(f == nil)
 		return;
-	if(f->no != nil)
-		ipmuxfree(f->no);
-	if(f->yes != nil)
-		ipmuxfree(f->yes);
+	ipmuxfree(f->no);
+	ipmuxfree(f->yes);
 	ipmuxfree(f);
 }
 
@@ -510,6 +464,8 @@
 		return ipmuxremove(&ft->no, f);
 	}
 
+	ipmuxremove(&ft->no, f->no);
+
 	/* we found a match */
 	if(--(ft->ref) == 0){
 		/*
@@ -531,8 +487,55 @@
 }
 
 /*
+ * convert to ipv4 filter
+ */
+static Ipmux*
+ipmuxconv4(Ipmux *f)
+{
+	int i, n;
+
+	if(f == nil)
+		return nil;
+
+	switch(f->type){
+	case Tproto:
+		f->off = offsetof(Ip4hdr, proto);
+		break;
+	case Tdst:
+		f->off = offsetof(Ip4hdr, dst[0]);
+		if(0){
+	case Tsrc:
+		f->off = offsetof(Ip4hdr, src[0]);
+		}
+		if(f->len != IPaddrlen)
+			break;
+		n = 0;
+		for(i = 0; i < f->n; i++){
+			if(isv4(f->val + i*IPaddrlen)){
+				memmove(f->val + n*IPv4addrlen, f->val + i*IPaddrlen + IPv4off, IPv4addrlen);
+				n++;
+			}
+		}
+		if(n == 0){
+			ipmuxtreefree(f);
+			return nil;
+		}
+		f->n = n;
+		f->len = IPv4addrlen;
+		if(f->mask != nil)
+			memmove(f->mask, f->mask+IPv4off, IPv4addrlen);
+	}
+	f->e = f->val + f->n*f->len;
+
+	f->yes = ipmuxconv4(f->yes);
+	f->no = ipmuxconv4(f->no);
+
+	return f;
+}
+
+/*
  *  connection request is a semi separated list of filters
- *  e.g. proto=17;dat[0:4]=11aa22bb;ifc=135.104.9.2&255.255.255.0
+ *  e.g. ver=4;proto=17;data[0:4]=11aa22bb;ifc=135.104.9.2&255.255.255.0
  *
  *  there's no protection against overlapping specs.
  */
@@ -568,6 +571,18 @@
 		return Ebadarg;
 	mux->conv = c;
 
+	if(chain->type != Tver) {
+		char ver6[] = "ver=6";
+		mux = parsemux(ver6);
+		mux->yes = chain;
+		mux->no = ipmuxcopy(chain);
+		chain = mux;
+	}
+	if(*chain->val == IP_VER4)
+		chain->yes = ipmuxconv4(chain->yes);
+	else
+		chain->no = ipmuxconv4(chain->no);
+
 	/* save a copy of the chain so we can later remove it */
 	mux = ipmuxcopy(chain);
 	r = (Ipmuxrock*)(c->ptcl);
@@ -642,95 +657,84 @@
 	Block *bp;
 
 	bp = qget(c->wq);
-	if(bp == nil)
-		return;
-	else {
+	if(bp != nil) {
 		Ip4hdr *ih4 = (Ip4hdr*)(bp->rp);
-		if((ih4->vihl)&0xF0 != 0x60)
+
+		if((ih4->vihl & 0xF0) != IP_VER6)
 			ipoput4(c->p->f, bp, 0, ih4->ttl, ih4->tos, nil);
-		else {
-			Ip6hdr *ih6 = (Ip6hdr*)(bp->rp);
-			ipoput6(c->p->f, bp, 0, ih6->ttl, 0, nil);
-		}
+		else
+			ipoput6(c->p->f, bp, 0, ((Ip6hdr*)ih4)->ttl, 0, nil);
 	}
 }
 
+static int
+maskmemcmp(uchar *m, uchar *v, uchar *c, int n)
+{
+	int i;
+
+	if(m == nil)
+		return memcmp(v, c, n) != 0;
+
+	for(i = 0; i < n; i++)
+		if((v[i] & m[i]) != c[i])
+			return 1;
+	return 0;
+}
+
 static void
 ipmuxiput(Proto *p, Ipifc *ifc, Block *bp)
 {
-	int len, hl;
 	Fs *f = p->f;
-	uchar *m, *h, *v, *e, *ve, *hp;
 	Conv *c;
+	Iplifc *lifc;
 	Ipmux *mux;
-	Ip4hdr *ip;
+	uchar *v;
+	Ip4hdr *ip4;
 	Ip6hdr *ip6;
+	int off, hl;
 
-	ip = (Ip4hdr*)bp->rp;
-	hl = (ip->vihl&0x0F)<<2;
+	ip4 = (Ip4hdr*)bp->rp;
+	if((ip4->vihl & 0xF0) == IP_VER4) {
+		hl = (ip4->vihl&0x0F)<<2;
+		ip6 = nil;
+	} else {
+		hl = IP6HDR;
+		ip6 = (Ip6hdr*)ip4;
+	}
 
 	if(p->priv == nil)
 		goto nomatch;
 
-	h = bp->rp;
-	len = BLEN(bp);
+	c = nil;
+	lifc = nil;
 
-	/* run the v4 filter */
+	/* run the filter */
 	rlock(f);
-	c = nil;
 	mux = f->ipmux->priv;
 	while(mux != nil){
-		if(mux->eoff > len){
-			mux = mux->no;
-			continue;
-		}
-		hp = h + mux->off + ((int)mux->skiphdr)*hl;
-		switch(mux->ctype){
-		case Cbyte:
-			if(*mux->val == *hp)
-				goto yes;
-			break;
-		case Cmbyte:
-			if((*hp & *mux->mask) == *mux->val)
-				goto yes;
-			break;
-		case Cshort:
-			if(*((ushort*)mux->val) == *(ushort*)hp)
-				goto yes;
-			break;
-		case Cmshort:
-			if((*(ushort*)hp & (*((ushort*)mux->mask))) == *((ushort*)mux->val))
-				goto yes;
-			break;
-		case Clong:
-			if(*((ulong*)mux->val) == *(ulong*)hp)
-				goto yes;
-			break;
-		case Cmlong:
-			if((*(ulong*)hp & (*((ulong*)mux->mask))) == *((ulong*)mux->val))
-				goto yes;
-			break;
-		case Cifc:
-			if(*((ulong*)mux->val) == *(ulong*)(ifc->lifc->local + IPv4off))
-				goto yes;
-			break;
-		case Cmifc:
-			if((*(ulong*)(ifc->lifc->local + IPv4off) & (*((ulong*)mux->mask))) == *((ulong*)mux->val))
-				goto yes;
+		switch(mux->type){
+		case Tifc:
+			if(mux->len != IPaddrlen)
+				goto no;
+			for(lifc = ifc->lifc; lifc != nil; lifc = lifc->next)
+				for(v = mux->val; v < mux->e; v += IPaddrlen)
+					if(maskmemcmp(mux->mask, lifc->local, v, IPaddrlen) == 0)
+						goto yes;
+			goto no;
+		case Tdata:
+			off = hl;
 			break;
 		default:
-			v = mux->val;
-			for(e = mux->e; v < e; v = ve){
-				m = mux->mask;
-				hp = h + mux->off;
-				for(ve = v + mux->len; v < ve; v++){
-					if((*hp++ & *m++) != *v)
-						break;
-				}
-				if(v == ve)
-					goto yes;
-			}
+			off = 0;
+			break;
 		}
+		off += mux->off;
+		if(off < 0 || off + mux->len > BLEN(bp))
+			goto no;
+		for(v = mux->val; v < mux->e; v += mux->len)
+			if(maskmemcmp(mux->mask, bp->rp + off, v, mux->len) == 0)
+				goto yes;
+no:
 		mux = mux->no;
 		continue;
 yes:
@@ -743,28 +747,24 @@
 	if(c != nil){
 		/* tack on interface address */
 		bp = padblock(bp, IPaddrlen);
-		ipmove(bp->rp, ifc->lifc->local);
-		bp = concatblock(bp);
-		if(bp != nil)
-			if(qpass(c->rq, bp) < 0)
-				print("Q");
+		if(lifc == nil)
+			lifc = ifc->lifc;
+		ipmove(bp->rp, lifc != nil ? lifc->local : IPnoaddr);
+		qpass(c->rq, concatblock(bp));
 		return;
 	}
 
 nomatch:
 	/* doesn't match any filter, hand it to the specific protocol handler */
-	ip = (Ip4hdr*)bp->rp;
-	if((ip->vihl&0xF0)==0x40) {
-		p = f->t2p[ip->proto];
-	} else {
-		ip6 = (Ip6hdr*)bp->rp;
+	if(ip6 != nil)
 		p = f->t2p[ip6->proto];
-	}
-	if(p && p->rcv)
-		(*p->rcv)(p, ifc, bp);
 	else
-		freeblist(bp);
-	return;
+		p = f->t2p[ip4->proto];
+	if(p != nil && p->rcv != nil){
+		(*p->rcv)(p, ifc, bp);
+		return;
+	}
+	freeblist(bp);
 }
 
 static int
@@ -780,11 +780,14 @@
 		n += snprint(buf+n, len-n, "\n");
 		return n;
 	}
-	n += snprint(buf+n, len-n, "h[%d:%d]&", 
-               mux->off+((int)mux->skiphdr)*((int)offsetof(Ip4hdr, data[0])), 
-               mux->off+(((int)mux->skiphdr)*((int)offsetof(Ip4hdr, data[0])))+mux->len-1);
-	for(i = 0; i < mux->len; i++)
-		n += snprint(buf+n, len - n, "%2.2ux", mux->mask[i]);
+	n += snprint(buf+n, len-n, "%s[%d:%d]", 
+		mux->type == Tdata ? "data": "iph",
+		mux->off, mux->off+mux->len-1);
+	if(mux->mask != nil){
+		n += snprint(buf+n, len-n, "&");
+		for(i = 0; i < mux->len; i++)
+			n += snprint(buf+n, len - n, "%2.2ux", mux->mask[i]);
+	}
 	n += snprint(buf+n, len-n, "=");
 	v = mux->val;
 	for(j = 0; j < mux->n; j++){
--- a/os/ip/iproute.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/iproute.c	Sat Aug 21 01:39:52 2021
@@ -12,16 +12,17 @@
 static void	calcd(Route*);
 
 /* these are used for all instances of IP */
-Route*	v4freelist;
-Route*	v6freelist;
-RWlock	routelock;
-ulong	v4routegeneration, v6routegeneration;
+static Route*	v4freelist;
+static Route*	v6freelist;
+static RWlock	routelock;
+static ulong	v4routegeneration, v6routegeneration;
 
 static void
 freeroute(Route *r)
 {
 	Route **l;
 
+	r->ref = 0;
 	r->left = nil;
 	r->right = nil;
 	if(r->type & Rv4)
@@ -35,9 +36,8 @@
 static Route*
 allocroute(int type)
 {
-	Route *r;
+	Route *r, **l;
 	int n;
-	Route **l;
 
 	if(type & Rv4){
 		n = sizeof(RouteTree) + sizeof(V4route);
@@ -72,9 +72,9 @@
 		return;
 
 	l = allocroute(r->type);
+	l->left = r;
 	l->mid = *q;
 	*q = l;
-	l->left = r;
 }
 
 /*
@@ -99,11 +99,11 @@
  */
 enum
 {
-	Rpreceeds,
-	Rfollows,
-	Requals,
-	Rcontains,
-	Rcontained,
+	Rpreceeds,	/* a left of b */
+	Rfollows,	/* a right of b */
+	Requals,	/* a equals b */
+	Rcontains,	/* a contians b */
+	Roverlaps,	/* a overlaps b */
 };
 
 static int
@@ -112,44 +112,88 @@
 	if(a->type & Rv4){
 		if(a->v4.endaddress < b->v4.address)
 			return Rpreceeds;
-
 		if(a->v4.address > b->v4.endaddress)
 			return Rfollows;
-
 		if(a->v4.address <= b->v4.address
 		&& a->v4.endaddress >= b->v4.endaddress){
 			if(a->v4.address == b->v4.address
-			&& a->v4.endaddress == b->v4.endaddress)
-				return Requals;
+			&& a->v4.endaddress == b->v4.endaddress){
+				if(a->v4.source <= b->v4.source
+				&& a->v4.endsource >= b->v4.endsource){
+					if(a->v4.source == b->v4.source
+					&& a->v4.endsource == b->v4.endsource)
+						return Requals;
+					return Rcontains;
+				}
+				return Roverlaps;
+			}
 			return Rcontains;
 		}
-		return Rcontained;
+		return Roverlaps;
 	}
 
 	if(lcmp(a->v6.endaddress, b->v6.address) < 0)
 		return Rpreceeds;
-
 	if(lcmp(a->v6.address, b->v6.endaddress) > 0)
 		return Rfollows;
-
 	if(lcmp(a->v6.address, b->v6.address) <= 0
 	&& lcmp(a->v6.endaddress, b->v6.endaddress) >= 0){
 		if(lcmp(a->v6.address, b->v6.address) == 0
-		&& lcmp(a->v6.endaddress, b->v6.endaddress) == 0)
-				return Requals;
+		&& lcmp(a->v6.endaddress, b->v6.endaddress) == 0){
+			if(lcmp(a->v6.source, b->v6.source) <= 0
+			&& lcmp(a->v6.endsource, b->v6.endsource) >= 0){
+				if(lcmp(a->v6.source, b->v6.source) == 0
+				&& lcmp(a->v6.endsource, b->v6.endsource) == 0)
+					return Requals;
+				return Rcontains;
+			}
+			return Roverlaps;
+		}
 		return Rcontains;
 	}
+	return Roverlaps;
+}
+
+/* return 1 if a matches b, otherwise 0 */
+static int
+matchroute(Route *a, Route *b)
+{
+	if(a == b)
+		return 1;
 
-	return Rcontained;
+	if((a->type^b->type) & (Rifc|Runi|Rmulti|Rbcast))
+		return 0;
+
+	if(a->type & Rv4){
+		if(memcmp(a->v4.gate, IPnoaddr+IPv4off, IPv4addrlen) != 0
+		&& memcmp(a->v4.gate, b->v4.gate, IPv4addrlen) != 0)
+			return 0;
+	} else {
+		if(ipcmp(a->v6.gate, IPnoaddr) != 0
+		&& ipcmp(a->v6.gate, b->v6.gate) != 0)
+			return 0;
+	}
+
+	if(a->ifc != nil && b->ifc != nil && (a->ifc != b->ifc || a->ifcid != b->ifcid))
+		return 0;
+
+	if(*a->tag != 0 && strncmp(a->tag, b->tag, sizeof(a->tag)) != 0)
+		return 0;
+
+	return 1;
 }
 
 static void
 copygate(Route *old, Route *new)
 {
+	old->type = new->type;
+	old->ifc = new->ifc;
+	old->ifcid = new->ifcid;
 	if(new->type & Rv4)
 		memmove(old->v4.gate, new->v4.gate, IPv4addrlen);
 	else
-		memmove(old->v6.gate, new->v6.gate, IPaddrlen);
+		ipmove(old->v6.gate, new->v6.gate);
+	strncpy(old->tag, new->tag, sizeof(new->tag));
 }
 
 /*
@@ -162,12 +206,12 @@
 
 	l = p->left;
 	r = p->right;
-	p->left = 0;
-	p->right = 0;
+	p->left = nil;
+	p->right = nil;
 	addnode(f, root, p);
-	if(l)
+	if(l != nil)
 		walkadd(f, root, l);
-	if(r)
+	if(r != nil)
 		walkadd(f, root, r);
 }
 
@@ -180,16 +224,16 @@
 	Route *q;
 	int d;
 
-	if(p) {
+	if(p != nil) {
 		d = 0;
 		q = p->left;
-		if(q)
+		if(q != nil)
 			d = q->depth;
 		q = p->right;
-		if(q && q->depth > d)
+		if(q != nil && q->depth > d)
 			d = q->depth;
 		q = p->mid;
-		if(q && q->depth > d)
+		if(q != nil && q->depth > d)
 			d = q->depth;
 		p->depth = d+1;
 	}
@@ -210,8 +254,8 @@
 	 * rotate tree node
 	 */
 	p = *cur;
-	dl = 0; if(l = p->left) dl = l->depth;
-	dr = 0; if(r = p->right) dr = r->depth;
+	dl = 0; if((l = p->left) != nil) dl = l->depth;
+	dr = 0; if((r = p->right) != nil) dr = r->depth;
 
 	if(dl > dr+1) {
 		p->left = l->right;
@@ -239,7 +283,7 @@
 	Route *p;
 
 	p = *cur;
-	if(p == 0) {
+	if(p == nil) {
 		*cur = new;
 		new->depth = 1;
 		return;
@@ -269,15 +313,13 @@
 		 *  supercede the old entry if the old one isn't
 		 *  a local interface.
 		 */
-		if((p->type & Rifc) == 0){
-			p->type = new->type;
-			p->ifcid = -1;
+		if((p->type & Rifc) == 0)
 			copygate(p, new);
-		} else if(new->type & Rifc)
+		else if(new->type & Rifc)
 			p->ref++;
 		freeroute(new);
 		break;
-	case Rcontained:
+	case Roverlaps:
 		addnode(f, &p->mid, new);
 		break;
 	}
@@ -285,270 +327,351 @@
 	balancetree(cur);
 }
 
-#define	V4H(a)	((a&0x07ffffff)>>(32-Lroot-5))
-
-void
-v4addroute(Fs *f, char *tag, uchar *a, uchar *mask, uchar *gate, int type)
+/*
+ *  find node matching r
+ */
+static Route**
+looknode(Route **cur, Route *r)
 {
 	Route *p;
-	ulong sa;
-	ulong m;
-	ulong ea;
-	int h, eh;
-
-	m = nhgetl(mask);
-	sa = nhgetl(a) & m;
-	ea = sa | ~m;
-
-	eh = V4H(ea);
-	for(h=V4H(sa); h<=eh; h++) {
-		p = allocroute(Rv4 | type);
-		p->v4.address = sa;
-		p->v4.endaddress = ea;
-		memmove(p->v4.gate, gate, sizeof(p->v4.gate));
-		memmove(p->tag, tag, sizeof(p->tag));
 
-		wlock(&routelock);
-		addnode(f, &f->v4root[h], p);
-		while(p = f->queue) {
-			f->queue = p->mid;
-			walkadd(f, &f->v4root[h], p->left);
-			freeroute(p);
+	for(;;){
+		p = *cur;
+		if(p == nil)
+			return nil;
+		switch(rangecompare(r, p)){
+		case Rcontains:
+			return nil;
+		case Rpreceeds:
+			cur = &p->left;
+			break;
+		case Rfollows:
+			cur = &p->right;
+			break;
+		case Roverlaps:
+			cur = &p->mid;
+			break;
+		case Requals:
+			if((p->type & Rifc) == 0 && !matchroute(r, p))
+				return nil;
+			return cur;
 		}
-		wunlock(&routelock);
 	}
-	v4routegeneration++;
+}
+
+static Route*
+looknodetag(Route *r, char *tag)
+{
+	Route *x;
+
+	if(r == nil)
+		return nil;
+
+	if((x = looknodetag(r->mid, tag)) != nil)
+		return x;
+	if((x = looknodetag(r->left, tag)) != nil)
+		return x;
+	if((x = looknodetag(r->right, tag)) != nil)
+		return x;
+
+	if((r->type & Rifc) == 0){
+		if(tag == nil || strncmp(tag, r->tag, sizeof(r->tag)) == 0)
+			return r;
+	}
 
-	ipifcaddroute(f, Rv4, a, mask, gate, type);
+	return nil;
 }
 
-#define	V6H(a)	(((a)[IPllen-1] & 0x07ffffff)>>(32-Lroot-5))
-#define ISDFLT(a, mask, tag) ((ipcmp((a),v6Unspecified)==0) && (ipcmp((mask),v6Unspecified)==0) && (strcmp((tag), "ra")!=0))
+#define	V4H(a)	((a&0x07ffffff)>>(32-Lroot-5))
+#define	V6H(a)	(((a)[IPllen-1]&0x07ffffff)>>(32-Lroot-5))
 
-void
-v6addroute(Fs *f, char *tag, uchar *a, uchar *mask, uchar *gate, int type)
+static void
+routeadd(Fs *f, Route *r)
 {
-	Route *p;
-	ulong sa[IPllen], ea[IPllen];
-	ulong x, y;
-	int h, eh;
+	Route **h, **e, *p;
 
-	/*
-	if(ISDFLT(a, mask, tag))
-		f->v6p->cdrouter = -1;
-	*/
+	if(r->type & Rv4){
+		h = &f->v4root[V4H(r->v4.address)];
+		e = &f->v4root[V4H(r->v4.endaddress)];
+	} else {
+		h = &f->v6root[V6H(r->v6.address)];
+		e = &f->v6root[V6H(r->v6.endaddress)];
+	}
 
+	for(; h <= e; h++) {
+		p = allocroute(r->type);
 
-	for(h = 0; h < IPllen; h++){
-		x = nhgetl(a+4*h);
-		y = nhgetl(mask+4*h);
-		sa[h] = x & y;
-		ea[h] = x | ~y;
-	}
+		p->ifc = r->ifc;
+		p->ifcid = r->ifcid;
 
-	eh = V6H(ea);
-	for(h = V6H(sa); h <= eh; h++) {
-		p = allocroute(type);
-		memmove(p->v6.address, sa, IPaddrlen);
-		memmove(p->v6.endaddress, ea, IPaddrlen);
-		memmove(p->v6.gate, gate, IPaddrlen);
-		memmove(p->tag, tag, sizeof(p->tag));
+		if(r->type & Rv4)
+			memmove(&p->v4, &r->v4, sizeof(r->v4));
+		else
+			memmove(&p->v6, &r->v6, sizeof(r->v6));
 
-		wlock(&routelock);
-		addnode(f, &f->v6root[h], p);
-		while(p = f->queue) {
+		memmove(p->tag, r->tag, sizeof(r->tag));
+
+		addnode(f, h, p);
+		while((p = f->queue) != nil) {
 			f->queue = p->mid;
-			walkadd(f, &f->v6root[h], p->left);
+			walkadd(f, h, p->left);
 			freeroute(p);
 		}
-		wunlock(&routelock);
 	}
-	v6routegeneration++;
 
-	ipifcaddroute(f, 0, a, mask, gate, type);
+	if(r->type & Rv4)
+		v4routegeneration++;
+	else
+		v6routegeneration++;
 }
 
-Route**
-looknode(Route **cur, Route *r)
+static void
+routerem(Fs *f, Route *r)
 {
-	Route *p;
+	Route **h, **e, **l, *p;
 
-	for(;;){
-		p = *cur;
-		if(p == 0)
-			return 0;
-	
-		switch(rangecompare(r, p)){
-		case Rcontains:
-			return 0;
-		case Rpreceeds:
-			cur = &p->left;
-			break;
-		case Rfollows:
-			cur = &p->right;
-			break;
-		case Rcontained:
-			cur = &p->mid;
-			break;
-		case Requals:
-			return cur;
+	if(r->type & Rv4){
+		h = &f->v4root[V4H(r->v4.address)];
+		e = &f->v4root[V4H(r->v4.endaddress)];
+	} else {
+		h = &f->v6root[V6H(r->v6.address)];
+		e = &f->v6root[V6H(r->v6.endaddress)];
+	}
+
+	for(; h <= e; h++) {
+		if((l = looknode(h, r)) == nil)
+			continue;
+		p = *l;
+		if(--(p->ref) != 0)
+			continue;
+		*l = nil;
+		addqueue(&f->queue, p->left);
+		addqueue(&f->queue, p->mid);
+		addqueue(&f->queue, p->right);
+		freeroute(p);
+
+		while((p = f->queue) != nil) {
+			f->queue = p->mid;
+			walkadd(f, h, p->left);
+			freeroute(p);
 		}
 	}
+
+	if(r->type & Rv4)
+		v4routegeneration++;
+	else
+		v6routegeneration++;
 }
 
-void
-v4delroute(Fs *f, uchar *a, uchar *mask, int dolock)
+static Route
+mkroute(uchar *a, uchar *mask, uchar *s, uchar *smask, uchar *gate, int type, Ipifc *ifc, char *tag)
 {
-	Route **r, *p;
-	Route rt;
-	int h, eh;
-	ulong m;
-
-	m = nhgetl(mask);
-	rt.v4.address = nhgetl(a) & m;
-	rt.v4.endaddress = rt.v4.address | ~m;
-	rt.type = Rv4;
-
-	eh = V4H(rt.v4.endaddress);
-	for(h=V4H(rt.v4.address); h<=eh; h++) {
-		if(dolock)
-			wlock(&routelock);
-		r = looknode(&f->v4root[h], &rt);
-		if(r) {
-			p = *r;
-			if(--(p->ref) == 0){
-				*r = 0;
-				addqueue(&f->queue, p->left);
-				addqueue(&f->queue, p->mid);
-				addqueue(&f->queue, p->right);
-				freeroute(p);
-				while(p = f->queue) {
-					f->queue = p->mid;
-					walkadd(f, &f->v4root[h], p->left);
-					freeroute(p);
-				}
-			}
+	ulong x, y;
+	Route r;
+	int h;
+
+	memset(&r, 0, sizeof(r));
+
+	r.type = type;
+
+	if(type & Rv4){
+		x = nhgetl(a+IPv4off);
+		y = nhgetl(mask+IPv4off);
+		r.v4.address = x & y;
+		r.v4.endaddress = x | ~y;
+
+		x = nhgetl(s+IPv4off);
+		y = nhgetl(smask+IPv4off);
+		if(y != 0)
+			r.type |= Rsrc;
+		r.v4.source = x & y;
+		r.v4.endsource = x | ~y;
+
+		memmove(r.v4.gate, gate+IPv4off, IPv4addrlen);
+	} else {
+		for(h = 0; h < IPllen; h++){
+			x = nhgetl(a+4*h);
+			y = nhgetl(mask+4*h);
+			r.v6.address[h] = x & y;
+			r.v6.endaddress[h] = x | ~y;
+
+			x = nhgetl(s+4*h);
+			y = nhgetl(smask+4*h);
+			if(y != 0)
+				r.type |= Rsrc;
+			r.v6.source[h] = x & y;
+			r.v6.endsource[h] = x | ~y;
 		}
-		if(dolock)
-			wunlock(&routelock);
+
+		memmove(r.v6.gate, gate, IPaddrlen);
+	}
+
+	if(ifc != nil){
+		r.ifc = ifc;
+		r.ifcid = ifc->ifcid;
 	}
-	v4routegeneration++;
 
-	ipifcremroute(f, Rv4, a, mask);
+	if(tag != nil)
+		strncpy(r.tag, tag, sizeof(r.tag));
+
+	return r;
+}
+
+void
+addroute(Fs *f, uchar *a, uchar *mask, uchar *s, uchar *smask, uchar *gate, int type, Ipifc *ifc, char *tag)
+{
+	Route r = mkroute(a, mask, s, smask, gate, type, ifc, tag);
+	wlock(&routelock);
+	routeadd(f, &r);
+	wunlock(&routelock);
 }
 
 void
-v6delroute(Fs *f, uchar *a, uchar *mask, int dolock)
+remroute(Fs *f, uchar *a, uchar *mask, uchar *s, uchar *smask, uchar *gate, int type, Ipifc *ifc, char *tag)
 {
-	Route **r, *p;
-	Route rt;
-	int h, eh;
-	ulong x, y;
+	Route r = mkroute(a, mask, s, smask, gate, type, ifc, tag);
+	wlock(&routelock);
+	routerem(f, &r);
+	wunlock(&routelock);
+}
 
-	for(h = 0; h < IPllen; h++){
-		x = nhgetl(a+4*h);
-		y = nhgetl(mask+4*h);
-		rt.v6.address[h] = x & y;
-		rt.v6.endaddress[h] = x | ~y;
-	}
-	rt.type = 0;
-
-	eh = V6H(rt.v6.endaddress);
-	for(h=V6H(rt.v6.address); h<=eh; h++) {
-		if(dolock)
-			wlock(&routelock);
-		r = looknode(&f->v6root[h], &rt);
-		if(r) {
-			p = *r;
-			if(--(p->ref) == 0){
-				*r = 0;
-				addqueue(&f->queue, p->left);
-				addqueue(&f->queue, p->mid);
-				addqueue(&f->queue, p->right);
-				freeroute(p);
-				while(p = f->queue) {
-					f->queue = p->mid;
-					walkadd(f, &f->v6root[h], p->left);
-					freeroute(p);
-				}
-			}
+/* get the outgoing interface for route r */
+static Ipifc*
+routefindipifc(Route *r, Fs *f)
+{
+	uchar local[IPaddrlen], gate[IPaddrlen];
+	Ipifc *ifc;
+	int i;
+
+	ifc = r->ifc;
+	if(ifc != nil && ifc->ifcid == r->ifcid)
+		return ifc;
+
+	if(r->type & Rsrc) {
+		if(r->type & Rv4) {
+			hnputl(local+IPv4off, r->v4.source);
+			memmove(local, v4prefix, IPv4off);
+		} else {
+			for(i = 0; i < IPllen; i++)
+				hnputl(local+4*i, r->v6.source[i]);
 		}
-		if(dolock)
-			wunlock(&routelock);
+	} else {
+		ipmove(local, IPnoaddr);
 	}
-	v6routegeneration++;
 
-	ipifcremroute(f, 0, a, mask);
+	if(r->type & Rifc) {
+		if(r->type & Rv4) {
+			hnputl(gate+IPv4off, r->v4.address);
+			memmove(gate, v4prefix, IPv4off);
+		} else {
+			for(i = 0; i < IPllen; i++)
+				hnputl(gate+4*i, r->v6.address[i]);
+		}
+	} else {
+		if(r->type & Rv4)
+			v4tov6(gate, r->v4.gate);
+		else
+			ipmove(gate, r->v6.gate);
+	}
+
+	if((ifc = findipifc(f, local, gate, r->type)) == nil)
+		return nil;
+
+	r->ifc = ifc;
+	r->ifcid = ifc->ifcid;
+	return ifc;
 }
 
+/*
+ * v4lookup, v6lookup:
+ *  lookup a route to destination address a from source address s
+ *  and return the route. returns nil if no route was found.
+ *  an optional Routehint can be passed in rh to cache the lookup.
+ *
+ *  for v4lookup, addresses are in 4 byte format.
+ */
 Route*
-v4lookup(Fs *f, uchar *a, Conv *c)
+v4lookup(Fs *f, uchar *a, uchar *s, Routehint *rh)
 {
+	ulong la, ls;
 	Route *p, *q;
-	ulong la;
-	uchar gate[IPaddrlen];
 	Ipifc *ifc;
 
-	if(c != nil && c->r != nil && c->r->ifc != nil && c->rgen == v4routegeneration)
-		return c->r;
+	if(rh != nil
+	&& rh->rgen == v4routegeneration
+	&& (q = rh->r) != nil
+	&& (ifc = q->ifc) != nil
+	&& q->ifcid == ifc->ifcid
+	&& q->ref > 0)
+		return q;
 
 	la = nhgetl(a);
+	ls = nhgetl(s);
 	q = nil;
-	for(p=f->v4root[V4H(la)]; p;)
-		if(la >= p->v4.address) {
-			if(la <= p->v4.endaddress) {
-				q = p;
-				p = p->mid;
-			} else
-				p = p->right;
-		} else
+	for(p = f->v4root[V4H(la)]; p != nil;){
+		if(la < p->v4.address){
 			p = p->left;
-
-	if(q && (q->ifc == nil || q->ifcid != q->ifc->ifcid)){
-		if(q->type & Rifc) {
-			hnputl(gate+IPv4off, q->v4.address);
-			memmove(gate, v4prefix, IPv4off);
-		} else
-			v4tov6(gate, q->v4.gate);
-		ifc = findipifc(f, gate, q->type);
-		if(ifc == nil)
-			return nil;
-		q->ifc = ifc;
-		q->ifcid = ifc->ifcid;
+			continue;
+		}
+		if(la > p->v4.endaddress){
+			p = p->right;
+			continue;
+		}
+		if(p->type & Rsrc){
+			if(ls < p->v4.source){
+				p = p->mid;
+				continue;
+			}
+			if(ls > p->v4.endsource){
+				p = p->mid;
+				continue;
+			}
+		}
+		q = p;
+		p = p->mid;
 	}
 
-	if(c != nil){
-		c->r = q;
-		c->rgen = v4routegeneration;
+	if(q == nil || q->ref == 0 || routefindipifc(q, f) == nil)
+		return nil;
+
+	if(rh != nil){
+		rh->r = q;
+		rh->rgen = v4routegeneration;
 	}
 
 	return q;
 }
 
 Route*
-v6lookup(Fs *f, uchar *a, Conv *c)
+v6lookup(Fs *f, uchar *a, uchar *s, Routehint *rh)
 {
-	Route *p, *q;
-	ulong la[IPllen];
-	int h;
+	ulong la[IPllen], ls[IPllen];
 	ulong x, y;
-	uchar gate[IPaddrlen];
+	Route *p, *q;
 	Ipifc *ifc;
+	int h;
 
-	if(memcmp(a, v4prefix, IPv4off) == 0){
-		q = v4lookup(f, a+IPv4off, c);
-		if(q != nil)
-			return q;
+	if(isv4(s)){
+		if(isv4(a))
+			return v4lookup(f, a+IPv4off, s+IPv4off, rh);
+		return nil;
 	}
 
-	if(c != nil && c->r != nil && c->r->ifc != nil && c->rgen == v6routegeneration)
-		return c->r;
+	if(rh != nil
+	&& rh->rgen == v6routegeneration
+	&& (q = rh->r) != nil
+	&& (ifc = q->ifc) != nil
+	&& q->ifcid == ifc->ifcid
+	&& q->ref > 0)
+		return q;
 
-	for(h = 0; h < IPllen; h++)
+	for(h = 0; h < IPllen; h++){
 		la[h] = nhgetl(a+4*h);
+		ls[h] = nhgetl(s+4*h);
+	}
 
-	q = 0;
-	for(p=f->v6root[V6H(la)]; p;){
+	q = nil;
+	for(p = f->v6root[V6H(la)]; p != nil;){
 		for(h = 0; h < IPllen; h++){
 			x = la[h];
 			y = p->v6.address[h];
@@ -571,280 +694,462 @@
 			}
 			break;
 		}
+		if(p->type & Rsrc){
+			for(h = 0; h < IPllen; h++){
+				x = ls[h];
+				y = p->v6.source[h];
+				if(x == y)
+					continue;
+				if(x < y){
+					p = p->mid;
+					goto next;
+				}
+				break;
+			}
+			for(h = 0; h < IPllen; h++){
+				x = ls[h];
+				y = p->v6.endsource[h];
+				if(x == y)
+					continue;
+				if(x > y){
+					p = p->mid;
+					goto next;
+				}
+				break;
+			}
+		}
 		q = p;
 		p = p->mid;
 next:		;
 	}
 
-	if(q && (q->ifc == nil || q->ifcid != q->ifc->ifcid)){
-		if(q->type & Rifc) {
-			for(h = 0; h < IPllen; h++)
-				hnputl(gate+4*h, q->v6.address[h]);
-			ifc = findipifc(f, gate, q->type);
-		} else
-			ifc = findipifc(f, q->v6.gate, q->type);
-		if(ifc == nil)
-			return nil;
-		q->ifc = ifc;
-		q->ifcid = ifc->ifcid;
-	}
-	if(c != nil){
-		c->r = q;
-		c->rgen = v6routegeneration;
+	if(q == nil || q->ref == 0 || routefindipifc(q, f) == nil)
+		return nil;
+
+	if(rh != nil){
+		rh->r = q;
+		rh->rgen = v6routegeneration;
 	}
 	
 	return q;
 }
 
+/*
+ * v4source, v6source:
+ *  lookup a route to destination address a and also find
+ *  a suitable source address s on the outgoing interface.
+ *  return the route on success or nil when no route
+ *  was found.
+ *
+ *  for v4source, addresses are in 4 byte format.
+ */
+Route*
+v4source(Fs *f, uchar *a, uchar *s)
+{
+	uchar src[IPv4addrlen];
+	int splen;
+	ulong x, la;
+	Route *p, *q;
+	Ipifc *ifc;
+
+	q = nil;
+	la = nhgetl(a);
+	rlock(&routelock);
+	for(p = f->v4root[V4H(la)]; p != nil;){
+		if(la < p->v4.address){
+			p = p->left;
+			continue;
+		}
+		if(la > p->v4.endaddress){
+			p = p->right;
+			continue;
+		}
+		splen = 0;
+		if(p->type & Rsrc){
+			/* calculate local prefix length for source specific routes */
+			for(x = ~(p->v4.endsource ^ p->v4.source); x & 0x80000000UL; x <<= 1)
+				splen++;
+			hnputl(src, p->v4.source);
+		}
+		if((ifc = routefindipifc(p, f)) == nil
+		|| !ipv4local(ifc, src, splen, (p->type & (Rifc|Rbcast|Rmulti|Rv4))==Rv4? p->v4.gate: a)){
+			p = p->mid;
+			continue;
+		}
+		memmove(s, src, IPv4addrlen);
+		q = p;
+		p = p->mid;
+	}
+	runlock(&routelock);
+	return q;
+}
+
+Route*
+v6source(Fs *f, uchar *a, uchar *s)
+{
+	uchar src[IPaddrlen];
+	int splen, h;
+	ulong x, y, la[IPllen];
+	Route *p, *q;
+	Ipifc *ifc;
+
+	q = nil;
+	for(h = 0; h < IPllen; h++)
+		la[h] = nhgetl(a+4*h);
+	rlock(&routelock);
+	for(p = f->v6root[V6H(la)]; p != nil;){
+		for(h = 0; h < IPllen; h++){
+			x = la[h];
+			y = p->v6.address[h];
+			if(x == y)
+				continue;
+			if(x < y){
+				p = p->left;
+				goto next;
+			}
+			break;
+		}
+		for(h = 0; h < IPllen; h++){
+			x = la[h];
+			y = p->v6.endaddress[h];
+			if(x == y)
+				continue;
+			if(x > y){
+				p = p->right;
+				goto next;
+			}
+			break;
+		}
+		splen = 0;
+		if(p->type & Rsrc){
+			/* calculate local prefix length for source specific routes */
+			for(h = 0; h < IPllen; h++){
+				hnputl(src+4*h, p->v6.source[h]);
+				if((x = ~(p->v6.endsource[h] ^ p->v6.source[h])) != ~0UL){
+					for(; x & 0x80000000UL; x <<= 1)
+						splen++;
+					break;
+				}
+				splen += 32;
+			}
+		}
+		if((ifc = routefindipifc(p, f)) == nil
+		|| !ipv6local(ifc, src, splen, a)){
+			p = p->mid;
+			continue;
+		}
+		ipmove(s, src);
+		q = p;
+		p = p->mid;
+next:		;
+	}
+	runlock(&routelock);
+	return q;
+}
+
+static int
+parseroutetype(char *p)
+{
+	int type = 0;
+	switch(*p++){
+	default:	return -1;	
+	case '4':	type |= Rv4;
+	case '6':	break;
+	}
+	for(;;) switch(*p++){
+	default: 
+		return -1;
+	case 'i':
+		if(((type ^= Rifc) & Rifc) != Rifc) return -1;
+		break;
+	case 'u':
+		if(((type ^= Runi) & (Runi|Rbcast|Rmulti)) != Runi) return -1;
+		break;
+	case 'b':
+		if(((type ^= Rbcast) & (Runi|Rbcast|Rmulti)) != Rbcast) return -1;
+		break;
+	case 'm':
+		if(((type ^= Rmulti) & (Runi|Rbcast|Rmulti)) != Rmulti) return -1;
+		break;
+	case 'p':
+		if(((type ^= Rptpt) & Rptpt) != Rptpt) return -1;
+		break;
+	case '\0':
+		return type;
+	}
+}
+
 void
-routetype(int type, char *p)
+routetype(int type, char p[8])
 {
-	memset(p, ' ', 4);
-	p[4] = 0;
 	if(type & Rv4)
 		*p++ = '4';
 	else
 		*p++ = '6';
+
 	if(type & Rifc)
 		*p++ = 'i';
+
 	if(type & Runi)
 		*p++ = 'u';
 	else if(type & Rbcast)
 		*p++ = 'b';
 	else if(type & Rmulti)
 		*p++ = 'm';
+
 	if(type & Rptpt)
-		*p = 'p';
+		*p++ = 'p';
+	*p = 0;
 }
 
-char *rformat = "%-15I %-4M %-15I %4.4s %4.4s %3s\n";
-
-void
-convroute(Route *r, uchar *addr, uchar *mask, uchar *gate, char *t, int *nifc)
+static void
+convroute(Route *r, uchar *addr, uchar *mask, uchar *src, uchar *smask, uchar *gate)
 {
 	int i;
 
 	if(r->type & Rv4){
 		memmove(addr, v4prefix, IPv4off);
 		hnputl(addr+IPv4off, r->v4.address);
+
 		memset(mask, 0xff, IPv4off);
 		hnputl(mask+IPv4off, ~(r->v4.endaddress ^ r->v4.address));
+
+		memmove(src, v4prefix, IPv4off);
+		hnputl(src+IPv4off, r->v4.source);
+
+		memset(smask, 0xff, IPv4off);
+		hnputl(smask+IPv4off, ~(r->v4.endsource ^ r->v4.source));
+
 		memmove(gate, v4prefix, IPv4off);
 		memmove(gate+IPv4off, r->v4.gate, IPv4addrlen);
 	} else {
 		for(i = 0; i < IPllen; i++){
 			hnputl(addr + 4*i, r->v6.address[i]);
 			hnputl(mask + 4*i, ~(r->v6.endaddress[i] ^ r->v6.address[i]));
+			hnputl(src + 4*i, r->v6.source[i]);
+			hnputl(smask + 4*i, ~(r->v6.endsource[i] ^ r->v6.source[i]));
 		}
 		memmove(gate, r->v6.gate, IPaddrlen);
 	}
+}
 
-	routetype(r->type, t);
+static char*
+seprintroute(char *p, char *e, Route *r)
+{
+	uchar addr[IPaddrlen], mask[IPaddrlen], src[IPaddrlen], smask[IPaddrlen], gate[IPaddrlen];
+	char type[8], ifbuf[4], *iname;
 
-	if(r->ifc)
-		*nifc = r->ifc->conv->x;
+	convroute(r, addr, mask, src, smask, gate);
+	routetype(r->type, type);
+	if(r->ifc != nil && r->ifcid == r->ifc->ifcid)
+		snprint(iname = ifbuf, sizeof ifbuf, "%d", r->ifc->conv->x);
 	else
-		*nifc = -1;
+		iname = "-";
+	return seprint(p, e, "%-15I %-4M %-15I %-4s %4.4s %3s %-15I %-4M\n",
+		addr, mask, gate, type, r->tag, iname, src, smask);
 }
 
-/*
- *  this code is not in rr to reduce stack size
- */
-static void
-sprintroute(Route *r, Routewalk *rw)
+typedef struct Routewalk Routewalk;
+struct Routewalk
+{
+	int	o;
+	int	h;
+	char*	p;
+	char*	e;
+};
+
+static int
+rr1(Routewalk *rw, Route *r)
 {
-	int nifc, n;
-	char t[5], *iname, ifbuf[5];
-	uchar addr[IPaddrlen], mask[IPaddrlen], gate[IPaddrlen];
-	char *p;
-
-	convroute(r, addr, mask, gate, t, &nifc);
-	iname = "-";
-	if(nifc != -1) {
-		iname = ifbuf;
-		snprint(ifbuf, sizeof ifbuf, "%d", nifc);
-	}
-	p = seprint(rw->p, rw->e, rformat, addr, mask, gate, t, r->tag, iname);
+	int n = seprintroute(rw->p, rw->e, r) - rw->p;
 	if(rw->o < 0){
-		n = p - rw->p;
 		if(n > -rw->o){
-			memmove(rw->p, rw->p-rw->o, n+rw->o);
-			rw->p = p + rw->o;
+			memmove(rw->p, rw->p - rw->o, n + rw->o);
+			rw->p += n + rw->o;
 		}
 		rw->o += n;
 	} else
-		rw->p = p;
+		rw->p += n;
+	return rw->p < rw->e;
 }
 
-/*
- *  recurse descending tree, applying the function in Routewalk
- */
 static int
 rr(Route *r, Routewalk *rw)
 {
 	int h;
 
-	if(rw->e <= rw->p)
-		return 0;
 	if(r == nil)
 		return 1;
-
 	if(rr(r->left, rw) == 0)
 		return 0;
-
 	if(r->type & Rv4)
 		h = V4H(r->v4.address);
 	else
 		h = V6H(r->v6.address);
-
-	if(h == rw->h)
-		rw->walk(r, rw);
-
+	if(h == rw->h){
+		if(rr1(rw, r) == 0)
+			return 0;
+	}
 	if(rr(r->mid, rw) == 0)
 		return 0;
-
 	return rr(r->right, rw);
 }
 
-void
-ipwalkroutes(Fs *f, Routewalk *rw)
+long
+routeread(Fs *f, char *p, ulong offset, int n)
 {
+	Routewalk rw[1];
+
+	rw->p = p;
+	rw->e = p+n;
+	rw->o = -offset;
+	if(rw->o > 0)
+		return 0;
+
 	rlock(&routelock);
-	if(rw->e > rw->p) {
+	if(rw->p < rw->e) {
 		for(rw->h = 0; rw->h < nelem(f->v4root); rw->h++)
 			if(rr(f->v4root[rw->h], rw) == 0)
 				break;
 	}
-	if(rw->e > rw->p) {
+	if(rw->p < rw->e) {
 		for(rw->h = 0; rw->h < nelem(f->v6root); rw->h++)
 			if(rr(f->v6root[rw->h], rw) == 0)
 				break;
 	}
 	runlock(&routelock);
-}
 
-long
-routeread(Fs *f, char *p, ulong offset, int n)
-{
-	Routewalk rw;
-
-	rw.p = p;
-	rw.e = p+n;
-	rw.o = -offset;
-	rw.walk = sprintroute;
-
-	ipwalkroutes(f, &rw);
-
-	return rw.p - p;
+	return rw->p - p;
 }
 
 /*
- *  this code is not in routeflush to reduce stack size
+ *	4	add	addr	mask	gate
+ *	5	add	addr	mask	gate			ifc
+ *	6	add	addr	mask	gate				src	smask
+ *	7	add	addr	mask	gate			ifc	src	smask
+ *	8	add	addr	mask	gate		tag	ifc	src	smask
+ *	9	add	addr	mask	gate	type	tag	ifc	src	smask
+ *	3	remove	addr	mask
+ *	4	remove	addr	mask	gate
+ *	5	remove	addr	mask					src	smask
+ *	6	remove	addr	mask	gate				src	smask
+ *	7	remove	addr	mask	gate			ifc	src	smask
+ *	8	remove	addr	mask	gate		tag	ifc	src	smask
+ *	9	remove	addr	mask	gate	type	tag	ifc	src	smask
  */
-void
-delroute(Fs *f, Route *r, int dolock)
+static Route
+parseroute(Fs *f, char **argv, int argc)
 {
-	uchar addr[IPaddrlen];
-	uchar mask[IPaddrlen];
+	uchar addr[IPaddrlen], mask[IPaddrlen];
+	uchar src[IPaddrlen], smask[IPaddrlen];
 	uchar gate[IPaddrlen];
-	char t[5];
-	int nifc;
+	Ipifc *ifc;
+	char *tag;
+	int type;
 
-	convroute(r, addr, mask, gate, t, &nifc);
-	if(r->type & Rv4)
-		v4delroute(f, addr+IPv4off, mask+IPv4off, dolock);
-	else
-		v6delroute(f, addr, mask, dolock);
-}
+	type = 0;
+	tag = nil;
+	ifc = nil;
+	ipmove(gate, IPnoaddr);
+	ipmove(src, IPnoaddr);
+	ipmove(smask, IPnoaddr);
+
+	if(argc < 3)
+		error(Ebadctl);
+	if(parseipandmask(addr, mask, argv[1], argv[2]) == -1)
+		error(Ebadip);
+
+	if(strcmp(argv[0], "add") == 0 || (argc > 3 && argc != 5)){
+		if(argc < 4)
+			error(Ebadctl);
+		if(parseip(gate, argv[3]) == -1)
+			error(Ebadip);
+	}
+	if(argc > 4 && (strcmp(argv[0], "add") != 0 || argc != 5)){
+		if(parseipandmask(src, smask, argv[argc-2], argv[argc-1]) == -1)
+			error(Ebadip);
+	}
+	if(argc == 5 && strcmp(argv[0], "add") == 0)
+		ifc = findipifcstr(f, argv[4]);
+	if(argc > 6)
+		ifc = findipifcstr(f, argv[argc-3]);
+	if(argc > 7)
+		tag = argv[argc-4];
+	if(argc > 8){
+		if((type = parseroutetype(argv[argc-5])) < 0)
+			error(Ebadctl);
+	} else {
+		if(isv4(addr))
+			type |= Rv4;
+	}
+	if(argc > 9)
+		error(Ebadctl);
 
-/*
- *  recurse until one route is deleted
- *    returns 0 if nothing is deleted, 1 otherwise
- */
-int
-routeflush(Fs *f, Route *r, char *tag)
-{
-	if(r == nil)
-		return 0;
-	if(routeflush(f, r->mid, tag))
-		return 1;
-	if(routeflush(f, r->left, tag))
-		return 1;
-	if(routeflush(f, r->right, tag))
-		return 1;
-	if((r->type & Rifc) == 0){
-		if(tag == nil || strncmp(tag, r->tag, sizeof(r->tag)) == 0){
-			delroute(f, r, 0);
-			return 1;
-		}
+	if(type & Rv4){
+		if(!isv4(addr))
+			error(Ebadip);
+		if(ipcmp(smask, IPnoaddr) != 0 && !isv4(src))
+			error(Ebadip);
+		if(ipcmp(gate, IPnoaddr) != 0 && !isv4(gate))
+			error(Ebadip);
+	} else {
+		if(isv4(addr))
+			error(Ebadip);
 	}
-	return 0;
+
+	return mkroute(addr, mask, src, smask, gate, type, ifc, tag);	
 }
 
 long
 routewrite(Fs *f, Chan *c, char *p, int n)
 {
-	int h, changed;
-	char *tag;
 	Cmdbuf *cb;
-	uchar addr[IPaddrlen];
-	uchar mask[IPaddrlen];
-	uchar gate[IPaddrlen];
-	IPaux *a, *na;
+	IPaux *a;
+	Route *x, r;
 
 	cb = parsecmd(p, n);
 	if(waserror()){
 		free(cb);
 		nexterror();
 	}
-
+	if(cb->nf < 1)
+		error("short control request");
 	if(strcmp(cb->f[0], "flush") == 0){
-		tag = cb->f[1];
+		char *tag = cb->nf < 2 ? nil : cb->f[1];
+		int h;
+
+		wlock(&routelock);
 		for(h = 0; h < nelem(f->v4root); h++)
-			for(changed = 1; changed;){
-				wlock(&routelock);
-				changed = routeflush(f, f->v4root[h], tag);
-				wunlock(&routelock);
+			while((x = looknodetag(f->v4root[h], tag)) != nil){
+				memmove(&r, x, sizeof(RouteTree) + sizeof(V4route));
+				routerem(f, &r);
 			}
 		for(h = 0; h < nelem(f->v6root); h++)
-			for(changed = 1; changed;){
-				wlock(&routelock);
-				changed = routeflush(f, f->v6root[h], tag);
-				wunlock(&routelock);
+			while((x = looknodetag(f->v6root[h], tag)) != nil){
+				memmove(&r, x, sizeof(RouteTree) + sizeof(V6route));
+				routerem(f, &r);
 			}
-	} else if(strcmp(cb->f[0], "remove") == 0){
-		if(cb->nf < 3)
-			error(Ebadarg);
-		parseip(addr, cb->f[1]);
-		parseipmask(mask, cb->f[2]);
-		if(memcmp(addr, v4prefix, IPv4off) == 0)
-			v4delroute(f, addr+IPv4off, mask+IPv4off, 1);
-		else
-			v6delroute(f, addr, mask, 1);
-	} else if(strcmp(cb->f[0], "add") == 0){
-		if(cb->nf < 4)
-			error(Ebadarg);
-		parseip(addr, cb->f[1]);
-		parseipmask(mask, cb->f[2]);
-		parseip(gate, cb->f[3]);
-		tag = "none";
-		if(c != nil){
+		wunlock(&routelock);
+	} else if(strcmp(cb->f[0], "add") == 0 || strcmp(cb->f[0], "remove") == 0){
+		r = parseroute(f, cb->f, cb->nf);
+		if(*r.tag == 0){
 			a = c->aux;
-			tag = a->tag;
+			strncpy(r.tag, a->tag, sizeof(r.tag));
 		}
-		if(memcmp(addr, v4prefix, IPv4off) == 0)
-			v4addroute(f, tag, addr+IPv4off, mask+IPv4off, gate+IPv4off, 0);
+		wlock(&routelock);
+		if(strcmp(cb->f[0], "add") == 0)
+			routeadd(f, &r);
 		else
-			v6addroute(f, tag, addr, mask, gate, 0);
+			routerem(f, &r);
+		wunlock(&routelock);
 	} else if(strcmp(cb->f[0], "tag") == 0) {
 		if(cb->nf < 2)
 			error(Ebadarg);
-
 		a = c->aux;
-		na = newipaux(a->owner, cb->f[1]);
-		c->aux = na;
+		c->aux = newipaux(a->owner, cb->f[1]);
 		free(a);
-	}
+	} else
+		error(Ebadctl);
 
 	poperror();
 	free(cb);
--- a/os/ip/iprouter.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,56 +0,0 @@
-#include	"u.h"
-#include	"../port/lib.h"
-#include	"mem.h"
-#include	"dat.h"
-#include	"fns.h"
-#include	"../port/error.h"
-#include	"../ip/ip.h"
-
-IProuter iprouter;
-
-/*
- *  User level routing.  Ip packets we don't know what to do with
- *  come here.
- */
-void
-useriprouter(Fs *f, Ipifc *ifc, Block *bp)
-{
-	qlock(&f->iprouter);
-	if(f->iprouter.q != nil){
-		bp = padblock(bp, IPaddrlen);
-		if(bp == nil)
-			return;
-		ipmove(bp->rp, ifc->lifc->local);
-		qpass(f->iprouter.q, bp);
-	}else
-		freeb(bp);
-	qunlock(&f->iprouter);
-}
-
-void
-iprouteropen(Fs *f)
-{
-	qlock(&f->iprouter);
-	f->iprouter.opens++;
-	if(f->iprouter.q == nil)
-		f->iprouter.q = qopen(64*1024, 0, 0, 0);
-	else if(f->iprouter.opens == 1)
-		qreopen(f->iprouter.q);
-	qunlock(&f->iprouter);
-}
-
-void
-iprouterclose(Fs *f)
-{
-	qlock(&f->iprouter);
-	f->iprouter.opens--;
-	if(f->iprouter.opens == 0)
-		qclose(f->iprouter.q);
-	qunlock(&f->iprouter);
-}
-
-long
-iprouterread(Fs *f, void *a, int n)
-{
-	return qread(f->iprouter.q, a, n);
-}
--- a/os/ip/ipv6.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/ipv6.c	Sat Aug 21 01:39:52 2021
@@ -8,250 +8,127 @@
 #include	"ip.h"
 #include	"ipv6.h"
 
-enum
-{
-	IP4HDR		= 20,		/* sizeof(Ip4hdr) */
-	IP6HDR		= 40,		/* sizeof(Ip6hdr) */
-	IP_HLEN4	= 0x05,		/* Header length in words */
-	IP_DF		= 0x4000,	/* Don't fragment */
-	IP_MF		= 0x2000,	/* More fragments */
-	IP6FHDR		= 8, 		/* sizeof(Fraghdr6) */
-	IP_MAX		= (32*1024),	/* Maximum Internet packet size */
-};
-
-#define IPV6CLASS(hdr) ((hdr->vcf[0]&0x0F)<<2 | (hdr->vcf[1]&0xF0)>>2)
-#define BLKIPVER(xp)	(((Ip6hdr*)((xp)->rp))->vcf[0]&0xF0)
-/*
- * This sleazy macro is stolen shamelessly from ip.c, see comment there.
- */
-#define BKFG(xp)	((Ipfrag*)((xp)->base))
-
-typedef struct	IP	IP;
-typedef struct	Fragment4	Fragment4;
-typedef struct	Fragment6	Fragment6;
-typedef struct	Ipfrag	Ipfrag;
-
-Block*		ip6reassemble(IP*, int, Block*, Ip6hdr*);
-void		ipfragfree6(IP*, Fragment6*);
-Fragment6*	ipfragallo6(IP*);
+static Block*		ip6reassemble(IP*, int, Block*);
+static Fragment6*	ipfragallo6(IP*);
+static void		ipfragfree6(IP*, Fragment6*);
+static Block*		procopts(Block *bp);
 static Block*		procxtns(IP *ip, Block *bp, int doreasm);
-int		unfraglen(Block *bp, uchar *nexthdr, int setfh);
-Block*		procopts(Block *bp);
-
-/* MIB II counters */
-enum
-{
-	Forwarding,
-	DefaultTTL,
-	InReceives,
-	InHdrErrors,
-	InAddrErrors,
-	ForwDatagrams,
-	InUnknownProtos,
-	InDiscards,
-	InDelivers,
-	OutRequests,
-	OutDiscards,
-	OutNoRoutes,
-	ReasmTimeout,
-	ReasmReqds,
-	ReasmOKs,
-	ReasmFails,
-	FragOKs,
-	FragFails,
-	FragCreates,
-
-	Nstats,
-};
-
-static char *statnames[] =
-{
-[Forwarding]	"Forwarding",
-[DefaultTTL]	"DefaultTTL",
-[InReceives]	"InReceives",
-[InHdrErrors]	"InHdrErrors",
-[InAddrErrors]	"InAddrErrors",
-[ForwDatagrams]	"ForwDatagrams",
-[InUnknownProtos]	"InUnknownProtos",
-[InDiscards]	"InDiscards",
-[InDelivers]	"InDelivers",
-[OutRequests]	"OutRequests",
-[OutDiscards]	"OutDiscards",
-[OutNoRoutes]	"OutNoRoutes",
-[ReasmTimeout]	"ReasmTimeout",
-[ReasmReqds]	"ReasmReqds",
-[ReasmOKs]	"ReasmOKs",
-[ReasmFails]	"ReasmFails",
-[FragOKs]	"FragOKs",
-[FragFails]	"FragFails",
-[FragCreates]	"FragCreates",
-};
+static int		unfraglen(Block *bp, uchar *nexthdr, int setfh, int popfh);
 
-struct Fragment4
+void
+ip_init_6(Fs *f)
 {
-	Block*	blist;
-	Fragment4*	next;
-	ulong 	src;
-	ulong 	dst;
-	ushort	id;
-	ulong 	age;
-};
+	v6params *v6p;
 
-struct Fragment6
-{
-	Block*	blist;
-	Fragment6*	next;
-	uchar 	src[IPaddrlen];
-	uchar 	dst[IPaddrlen];
-	uint	id;
-	ulong 	age;
-};
+	v6p = smalloc(sizeof(v6params));
 
-struct Ipfrag
-{
-	ushort	foff;
-	ushort	flen;
-};
+	v6p->rp.mflag		= 0;		/* default not managed */
+	v6p->rp.oflag		= 0;
+	v6p->rp.maxraint	= 600000;	/* millisecs */
+	v6p->rp.minraint	= 200000;
+	v6p->rp.linkmtu		= 0;		/* no mtu sent */
+	v6p->rp.reachtime	= 0;
+	v6p->rp.rxmitra		= 0;
+	v6p->rp.ttl		= MAXTTL;
+	v6p->rp.routerlt	= (3 * v6p->rp.maxraint) / 1000;
 
-/* an instance of IP */
-struct IP
-{
-	ulong		stats[Nstats];
+	v6p->hp.rxmithost	= 1000;		/* v6 RETRANS_TIMER */
 
-	QLock		fraglock4;
-	Fragment4*	flisthead4;
-	Fragment4*	fragfree4;
-	Ref		id4;
-
-	QLock		fraglock6;
-	Fragment6*	flisthead6;
-	Fragment6*	fragfree6;
-	Ref		id6;
-
-	int		iprouting;	/* true if we route like a gateway */
-};
+	f->v6p			= v6p;
+}
 
 int
-ipoput6(Fs *f, Block *bp, int gating, int ttl, int tos, Conv *c)
+ipoput6(Fs *f, Block *bp, int gating, int ttl, int tos, Routehint *rh)
 {
-	int tentative;
-	Ipifc *ifc;
+	int medialen, len, chunk, uflen, flen, seglen, lid, offset, fragoff;
+	int morefrags, blklen, rv = 0;
 	uchar *gate, nexthdr;
-	Ip6hdr *eh;
-	int medialen, len, chunk, uflen, flen, seglen, lid, offset, fragoff, morefrags, blklen;
-	Route *r, *sr;
-	Fraghdr6 fraghdr;
 	Block *xp, *nb;
+	Fraghdr6 fraghdr;
 	IP *ip;
-	int rv = 0;
+	Ip6hdr *eh;
+	Ipifc *ifc;
+	Route *r;
 
 	ip = f->ip;
-
-	/* Fill out the ip header */
-	eh = (Ip6hdr*)(bp->rp);
-
 	ip->stats[OutRequests]++;
 
-	/* Number of uchars in data and ip header to write */
+	/* Fill out the ip header */
+	eh = (Ip6hdr*)bp->rp;
+	assert(BLEN(bp) >= IP6HDR);
 	len = blocklen(bp);
-	
-	tentative = iptentative(f, eh->src);
-	if(tentative){
-		netlog(f, Logip, "reject tx of packet with tentative src address\n");
-		goto free;
-	}
-
-	if(gating){
-		chunk = nhgets(eh->ploadlen);
-		if(chunk > len){
-			ip->stats[OutDiscards]++;
-			netlog(f, Logip, "short gated packet\n");
-			goto free;
-		}
-		if(chunk + IPV6HDR_LEN < len)
-			len = chunk + IPV6HDR_LEN;
-	}
-
 	if(len >= IP_MAX){
-//		print("len > IP_MAX, free\n");
 		ip->stats[OutDiscards]++;
-		netlog(f, Logip, "exceeded ip max size %I\n", eh->dst);
+		netlog(f, Logip, "%I -> %I: exceeded ip max size: %d\n", eh->src, eh->dst, len);
 		goto free;
 	}
 
-	r = v6lookup(f, eh->dst, c);
-	if(r == nil){
-//		print("no route for %I, src %I free\n", eh->dst, eh->src);
+	r = v6lookup(f, eh->dst, eh->src, rh);
+	if(r == nil || (r->type & Rv4) != 0 || (ifc = r->ifc) == nil){
 		ip->stats[OutNoRoutes]++;
-		netlog(f, Logip, "no interface %I\n", eh->dst);
+		netlog(f, Logip, "%I -> %I: no interface\n", eh->src, eh->dst);
 		rv = -1;
 		goto free;
 	}
 
-	ifc = r->ifc;
-	if(r->type & (Rifc|Runi))
-		gate = eh->dst;
-	else
-	if(r->type & (Rbcast|Rmulti)) {
+	if(r->type & (Rifc|Runi|Rbcast|Rmulti))
 		gate = eh->dst;
-		sr = v6lookup(f, eh->src, nil);
-		if(sr != nil && (sr->type & Runi))
-			ifc = sr->ifc;
-	}
 	else
 		gate = r->v6.gate;
 
-	if(!gating)
-		eh->vcf[0] = IP_VER6;
-	eh->ttl = ttl;
-	if(!gating) {
-		eh->vcf[0] |= (tos >> 4);
-		eh->vcf[1] = (tos << 4);
-	}
-
-	if(!canrlock(ifc)) {
+	if(!canrlock(ifc)){
+		ip->stats[OutDiscards]++;
 		goto free;
 	}
-
 	if(waserror()){
 		runlock(ifc);
 		nexterror();
 	}
 
-	if(ifc->m == nil) {
+	if(ifc->m == nil)
 		goto raise;
+
+	if(!gating){
+		eh->vcf[0] = IP_VER6;
+		eh->vcf[0] |= tos >> 4;
+		eh->vcf[1]  = tos << 4;
 	}
+	eh->ttl = ttl;
 
 	/* If we dont need to fragment just send it */
 	medialen = ifc->maxtu - ifc->m->hsize;
 	if(len <= medialen) {
-		hnputs(eh->ploadlen, len-IPV6HDR_LEN);
-		ifc->m->bwrite(ifc, bp, V6, gate);
+		hnputs(eh->ploadlen, len - IP6HDR);
+		ipifcoput(ifc, bp, V6, gate);
 		runlock(ifc);
 		poperror();
 		return 0;
 	}
 
-	if(gating) 
-	if(ifc->reassemble <= 0) {
-
-		/* v6 intermediate nodes are not supposed to fragment pkts;
-		   we fragment if ifc->reassemble is turned on; an exception
-		   needed for nat.
+	if(gating && !ifc->reassemble) {
+		/*
+		 * v6 intermediate nodes are not supposed to fragment pkts;
+		 * we fragment if ifc->reassemble is turned on; an exception
+		 * needed for nat.
 		 */
-
 		ip->stats[OutDiscards]++;
 		icmppkttoobig6(f, ifc, bp);
-		netlog(f, Logip, "%I: gated pkts not fragmented\n", eh->dst);
+		netlog(f, Logip, "%I -> %I: gated pkts not fragmented\n", eh->src, eh->dst);
 		goto raise;
 	}
-		
+
 	/* start v6 fragmentation */
-	uflen = unfraglen(bp, &nexthdr, 1);
+	uflen = unfraglen(bp, &nexthdr, 1, 0);
+	if(uflen < IP6HDR || nexthdr == FH) {
+		ip->stats[FragFails]++;
+		ip->stats[OutDiscards]++;
+		netlog(f, Logip, "%I -> %I: fragment header botch\n", eh->src, eh->dst);
+		goto raise;
+	}
 	if(uflen > medialen) {
 		ip->stats[FragFails]++;
 		ip->stats[OutDiscards]++;
-		netlog(f, Logip, "%I: unfragmentable part too big\n", eh->dst);
+		netlog(f, Logip, "%I -> %I: unfragmentable part too big: %d\n", eh->src, eh->dst, uflen);
 		goto raise;
 	}
 
@@ -260,7 +137,7 @@
 	if(seglen < 8) {
 		ip->stats[FragFails]++;
 		ip->stats[OutDiscards]++;
-		netlog(f, Logip, "%I: seglen < 8\n", eh->dst);
+		netlog(f, Logip, "%I -> %I: seglen < 8\n", eh->src, eh->dst);
 		goto raise;
 	}
 
@@ -271,13 +148,13 @@
 
 	xp = bp;
 	offset = uflen;
-	while (xp != nil && offset && offset >= BLEN(xp)) {
+	while (offset && offset >= BLEN(xp)) {
 		offset -= BLEN(xp);
 		xp = xp->next;
 	}
 	xp->rp += offset;
 
-	fragoff = 0; 
+	fragoff = 0;
 	morefrags = 1;
 
 	for(; fragoff < flen; fragoff += seglen) {
@@ -292,7 +169,7 @@
 		memmove(nb->wp, eh, uflen);
 		nb->wp += uflen;
 
-		hnputs(fraghdr.offsetRM, fragoff); // last 3 bits must be 0
+		hnputs(fraghdr.offsetRM, fragoff); /* last 3 bits must be 0 */
 		fraghdr.offsetRM[1] |= morefrags;
 		memmove(nb->wp, &fraghdr, IP6FHDR);
 		nb->wp += IP6FHDR;
@@ -300,11 +177,11 @@
 		/* Copy data */
 		chunk = seglen;
 		while (chunk) {
-			if(!xp) {
+			if(xp == nil) {
 				ip->stats[OutDiscards]++;
 				ip->stats[FragFails]++;
 				freeblist(nb);
-				netlog(f, Logip, "!xp: chunk in v6%d\n", chunk);
+				netlog(f, Logip, "xp == nil: chunk in v6%d\n", chunk);
 				goto raise;
 			}
 			blklen = chunk;
@@ -316,10 +193,9 @@
 			xp->rp += blklen;
 			chunk -= blklen;
 			if(xp->rp == xp->wp)
-				xp = xp->next; 
+				xp = xp->next;
 		}
-
-		ifc->m->bwrite(ifc, nb, V6, gate);
+		ipifcoput(ifc, nb, V6, gate);
 		ip->stats[FragCreates]++;
 	}
 	ip->stats[FragOKs]++;
@@ -328,23 +204,17 @@
 	runlock(ifc);
 	poperror();
 free:
-	freeblist(bp);	
+	freeblist(bp);
 	return rv;
 }
 
 void
 ipiput6(Fs *f, Ipifc *ifc, Block *bp)
 {
-	int hl;
-	int hop, tos;
-	uchar proto;
+	int hl, len, hop, tos;
+	IP *ip;
 	Ip6hdr *h;
 	Proto *p;
-	int notforme;
-	int tentative;
-	uchar v6dst[IPaddrlen];
-	IP *ip;
-	Route *r, *sr;
 
 	ip = f->ip;
 	ip->stats[InReceives]++;
@@ -365,40 +235,44 @@
 			return;
 	}
 
-	h = (Ip6hdr *)(bp->rp);
-
-	memmove(&v6dst[0], &(h->dst)[0], IPaddrlen);
-	notforme = ipforme(f, v6dst) == 0;
-	tentative = iptentative(f, v6dst);
-  
-	if(tentative && (h->proto != ICMPv6)) {
-		print("tentative addr, drop\n");
-		freeblist(bp);
-		return;
-	}
-
 	/* Check header version */
-	if(BLKIPVER(bp) != IP_VER6) {
+	h = (Ip6hdr*)bp->rp;
+	if((h->vcf[0] & 0xF0) != IP_VER6) {
 		ip->stats[InHdrErrors]++;
 		netlog(f, Logip, "ip: bad version %ux\n", (h->vcf[0]&0xF0)>>2);
-		freeblist(bp);
+		goto drop;
+	}
+	len = IP6HDR + nhgets(h->ploadlen);
+	if((bp = trimblock(bp, 0, len)) == nil){
+		ip->stats[InHdrErrors]++;
+		netlog(f, Logip, "%I -> %I: bogus packet length: %d\n", h->src, h->dst, len);
 		return;
 	}
+	h = (Ip6hdr*)bp->rp;
 
 	/* route */
-	if(notforme) {
-		if(!ip->iprouting){
-			freeb(bp);
-			return;
+	if(!ipforme(f, h->dst)) {
+		Route *r;
+		Routehint rh;
+		Ipifc *nifc;
+
+		if(!ip->iprouting)
+			goto drop;
+
+		/* don't forward to link-local destinations */
+		if(islinklocal(h->dst) ||
+		   (isv6mcast(h->dst) && (h->dst[1]&0xF) <= Link_local_scop)){
+			ip->stats[OutDiscards]++;
+			goto drop;
 		}
+			
 		/* don't forward to source's network */
-		sr = v6lookup(f, h->src, nil);
-		r = v6lookup(f, h->dst, nil);
-
-		if(r == nil || sr == r){
+		rh.r = nil;
+		r  = v6lookup(f, h->dst, h->src, &rh);
+		if(r == nil || (nifc = r->ifc) == nil || (r->type & Rv4) != 0
+		|| (nifc == ifc && !ifc->reflect)){
 			ip->stats[OutDiscards]++;
-			freeblist(bp);
-			return;
+			goto drop;
 		}
 
 		/* don't forward if packet has timed out */
@@ -406,33 +280,29 @@
 		if(hop < 1) {
 			ip->stats[InHdrErrors]++;
 			icmpttlexceeded6(f, ifc, bp);
-			freeblist(bp);
-			return;
+			goto drop;
 		}
 
 		/* process headers & reassemble if the interface expects it */
-		bp = procxtns(ip, bp, r->ifc->reassemble);
-
+		bp = procxtns(ip, bp, nifc->reassemble);
 		if(bp == nil)
 			return;
 
 		ip->stats[ForwDatagrams]++;
-		h = (Ip6hdr *) (bp->rp);
-		tos = IPV6CLASS(h);
+		h = (Ip6hdr*)bp->rp;
+		tos = (h->vcf[0]&0x0F)<<2 | (h->vcf[1]&0xF0)>>2;
 		hop = h->ttl;
-		ipoput6(f, bp, 1, hop-1, tos, nil);
+		ipoput6(f, bp, 1, hop-1, tos, &rh);
 		return;
 	}
 
 	/* reassemble & process headers if needed */
 	bp = procxtns(ip, bp, 1);
-
 	if(bp == nil)
 		return;
 
-	h = (Ip6hdr *) (bp->rp);
-	proto = h->proto;
-	p = Fsrcvpcol(f, proto);
+	h = (Ip6hdr*)bp->rp;
+	p = Fsrcvpcol(f, h->proto);
 	if(p != nil && p->rcv != nil) {
 		ip->stats[InDelivers]++;
 		(*p->rcv)(p, ifc, bp);
@@ -441,26 +311,27 @@
 
 	ip->stats[InDiscards]++;
 	ip->stats[InUnknownProtos]++;
+drop:
 	freeblist(bp);
 }
 
 /*
  * ipfragfree6 - copied from ipfragfree4 - assume hold fraglock6
  */
-void
+static void
 ipfragfree6(IP *ip, Fragment6 *frag)
 {
 	Fragment6 *fl, **l;
 
-	if(frag->blist)
+	if(frag->blist != nil)
 		freeblist(frag->blist);
-
-	memset(frag->src, 0, IPaddrlen);
-	frag->id = 0;
 	frag->blist = nil;
+	frag->id = 0;
+	memset(frag->src, 0, IPaddrlen);
+	memset(frag->dst, 0, IPaddrlen);
 
 	l = &ip->flisthead6;
-	for(fl = *l; fl; fl = fl->next) {
+	for(fl = *l; fl != nil; fl = fl->next) {
 		if(fl == frag) {
 			*l = frag->next;
 			break;
@@ -470,20 +341,19 @@
 
 	frag->next = ip->fragfree6;
 	ip->fragfree6 = frag;
-
 }
 
 /*
  * ipfragallo6 - copied from ipfragalloc4
  */
-Fragment6*
+static Fragment6*
 ipfragallo6(IP *ip)
 {
 	Fragment6 *f;
 
 	while(ip->fragfree6 == nil) {
 		/* free last entry on fraglist */
-		for(f = ip->flisthead6; f->next; f = f->next)
+		for(f = ip->flisthead6; f->next != nil; f = f->next)
 			;
 		ipfragfree6(ip, f);
 	}
@@ -497,108 +367,109 @@
 }
 
 static Block*
-procxtns(IP *ip, Block *bp, int doreasm) {
-
-	int offset;
+procxtns(IP *ip, Block *bp, int doreasm)
+{
 	uchar proto;
-	Ip6hdr *h;
-
-	h = (Ip6hdr *) (bp->rp);
-	offset = unfraglen(bp, &proto, 0);
+	int offset;
 
-	if((proto == FH) && (doreasm != 0)) {
-		bp = ip6reassemble(ip, offset, bp, h);
-		if(bp == nil) 
-			return nil; 
-		offset = unfraglen(bp, &proto, 0);
+	offset = unfraglen(bp, &proto, 0, doreasm);
+	if(offset >= IP6HDR && proto == FH && doreasm) {
+		bp = ip6reassemble(ip, offset, bp);
+		if(bp == nil)
+			return nil;
+		offset = unfraglen(bp, &proto, 0, 0);
+		if(proto == FH)
+			offset = -1;
 	}
-
-	if(proto == DOH || offset > IP6HDR) 
+	if(offset < IP6HDR){
+		ip->stats[InHdrErrors]++;
+		ip->stats[InDiscards]++;
+		freeblist(bp);
+		return nil;
+	}
+	if(proto == DOH || offset > IP6HDR)
 		bp = procopts(bp);
-
 	return bp;
 }
 
-
-/*	returns length of "Unfragmentable part", i.e., sum of lengths of ipv6 hdr,
- *	hop-by-hop & routing headers if present; *nexthdr is set to nexthdr value
- *	of the last header in the "Unfragmentable part"; if setfh != 0, nexthdr
- *	field of the last header in the "Unfragmentable part" is set to FH.
+/*
+ * returns length of "Unfragmentable part", i.e., sum of lengths of ipv6 hdr,
+ * hop-by-hop & routing headers if present; *nexthdr is set to nexthdr value
+ * of the last header in the "Unfragmentable part"; if setfh != 0, nexthdr
+ * field of the last header in the "Unfragmentable part" is set to FH.
+ * When the last header is a fragment header and popfh != 0 then set
+ * the nexthdr value of the previous header to the nexthdr value of the
+ * fragment header. returns -1 on error.
  */
-int
-unfraglen(Block *bp, uchar *nexthdr, int setfh)
+static int
+unfraglen(Block *bp, uchar *nexthdr, int setfh, int popfh)
 {
-	uchar *p, *q;
-	int ufl, hs;
+	uchar *e, *p, *q;
 
+	e = bp->wp;
 	p = bp->rp;
-	q = p+6;	/* proto, = p+sizeof(Ip6hdr.vcf)+sizeof(Ip6hdr.ploadlen) */
+	q = p+6;   /* proto, = p+sizeof(Ip6hdr.vcf)+sizeof(Ip6hdr.ploadlen) */
 	*nexthdr = *q;
-	ufl = IP6HDR;
-	p += ufl;
-
-	for(;;) {
-		if(*nexthdr == HBH || *nexthdr == RH) {
-			*nexthdr = *p;
-			hs = ((int)*(p+1) + 1) * 8;
-			ufl += hs;
-			q = p;
-			p += hs;
-		}
-		else
-			break;
-	}
-
-	if(*nexthdr == FH)
-		*q = *p;
-
-	if(setfh)
+	p += IP6HDR;
+	while(*nexthdr == HBH || *nexthdr == RH){
+		if(p+2 > e)
+			return -1;
+		q = p;
+		*nexthdr = *q;
+		p += ((int)p[1] + 1) * 8;
+	}
+	if(p > e)
+		return -1;
+	if(*nexthdr == FH){
+		if(p+IP6FHDR > e || *p == FH)
+			return -1;
+		if(popfh)
+			*q = *p;
+	} else if(setfh)
 		*q = FH;
-
-	return ufl;
+	return p - bp->rp;
 }
 
-Block*
+static Block*
 procopts(Block *bp)
 {
 	return bp;
 }
 
-Block*
-ip6reassemble(IP* ip, int uflen, Block* bp, Ip6hdr* ih)
+static Block*
+ip6reassemble(IP* ip, int uflen, Block* bp)
 {
-
-	int fend, offset;
+	int offset, ovlap, fragsize, len;
+	uchar src[IPaddrlen], dst[IPaddrlen];
 	uint id;
-	Fragment6 *f, *fnext;
+	Block *bl, **l, *prev;
 	Fraghdr6 *fraghdr;
-	uchar src[IPaddrlen], dst[IPaddrlen];
-	Block *bl, **l, *last, *prev;
-	int ovlap, len, fragsize, pktposn;
-
-	fraghdr = (Fraghdr6 *) (bp->rp + uflen);
-	memmove(src, ih->src, IPaddrlen);
-	memmove(dst, ih->dst, IPaddrlen);
-	id = nhgetl(fraghdr->id);
-	offset = nhgets(fraghdr->offsetRM) & ~7;
+	Fragment6 *f, *fnext;
+	Ipfrag *fp, *fq;
+	Ip6hdr* ih;
 
 	/*
-	 *  block lists are too hard, pullupblock into a single block
+	 *  block lists are too hard, concatblock into a single block
 	 */
-	if(bp->next){
-		bp = pullupblock(bp, blocklen(bp));
-		ih = (Ip6hdr *)(bp->rp);
-	}
+	bp = concatblock(bp);
+
+	ih = (Ip6hdr*)bp->rp;
+	fraghdr = (Fraghdr6*)(bp->rp + uflen);
+	id = nhgetl(fraghdr->id);
+	offset = nhgets(fraghdr->offsetRM);
+	fragsize = BLEN(bp) - uflen - IP6FHDR;
 
+	memmove(src, ih->src, IPaddrlen);
+	memmove(dst, ih->dst, IPaddrlen);
 
 	qlock(&ip->fraglock6);
 
 	/*
 	 *  find a reassembly queue for this fragment
 	 */
-	for(f = ip->flisthead6; f; f = fnext){
+	for(f = ip->flisthead6; f != nil; f = fnext){
 		fnext = f->next;
-		if(ipcmp(f->src, src)==0 && ipcmp(f->dst, dst)==0 && f->id == id)
+		if(f->id == id && ipcmp(f->src, src) == 0 && ipcmp(f->dst, dst) == 0)
 			break;
 		if(f->age < NOW){
 			ip->stats[ReasmTimeout]++;
@@ -606,28 +477,35 @@
 		}
 	}
 
-
 	/*
 	 *  if this isn't a fragmented packet, accept it
 	 *  and get rid of any fragments that might go
 	 *  with it.
 	 */
-	if(nhgets(fraghdr->offsetRM)==0) {	// first frag is also the last
+	if((offset & ~6) == 0) {	/* 1st frag is also last */
 		if(f != nil) {
-			ipfragfree6(ip, f);
 			ip->stats[ReasmFails]++;
+			ipfragfree6(ip, f);
 		}
 		qunlock(&ip->fraglock6);
+
+		/* get rid of frag header */
+		memmove(bp->rp + IP6FHDR, bp->rp, uflen);
+		bp->rp += IP6FHDR;
+		ih = (Ip6hdr*)bp->rp;
+		hnputs(ih->ploadlen, BLEN(bp)-IP6HDR);
+
 		return bp;
 	}
 
-	if(bp->base+sizeof(Ipfrag) >= bp->rp){
-		bp = padblock(bp, sizeof(Ipfrag));
-		bp->rp += sizeof(Ipfrag);
+	if(bp->base+IPFRAGSZ > bp->rp){
+		bp = padblock(bp, IPFRAGSZ);
+		bp->rp += IPFRAGSZ;
 	}
 
-	BKFG(bp)->foff = offset;
-	BKFG(bp)->flen = nhgets(ih->ploadlen) + IP6HDR - uflen - IP6FHDR;
+	fp = (Ipfrag*)bp->base;
+	fp->foff = offset & ~7;
+	fp->flen = fragsize;
 
 	/* First fragment allocates a reassembly queue */
 	if(f == nil) {
@@ -638,8 +516,9 @@
 
 		f->blist = bp;
 
-		qunlock(&ip->fraglock6);
 		ip->stats[ReasmReqds]++;
+		qunlock(&ip->fraglock6);
+
 		return nil;
 	}
 
@@ -649,22 +528,23 @@
 	prev = nil;
 	l = &f->blist;
 	bl = f->blist;
-	while(bl != nil && BKFG(bp)->foff > BKFG(bl)->foff) {
+	while(bl != nil && fp->foff > ((Ipfrag*)bl->base)->foff) {
 		prev = bl;
 		l = &bl->next;
 		bl = bl->next;
 	}
 
 	/* Check overlap of a previous fragment - trim away as necessary */
-	if(prev) {
-		ovlap = BKFG(prev)->foff + BKFG(prev)->flen - BKFG(bp)->foff;
+	if(prev != nil) {
+		fq = (Ipfrag*)prev->base;
+		ovlap = fq->foff + fq->flen - fp->foff;
 		if(ovlap > 0) {
-			if(ovlap >= BKFG(bp)->flen) {
-				freeblist(bp);
+			if(ovlap >= fp->flen) {
 				qunlock(&ip->fraglock6);
+				freeb(bp);
 				return nil;
 			}
-			BKFG(prev)->flen -= ovlap;
+			fq->flen -= ovlap;
 		}
 	}
 
@@ -673,29 +553,27 @@
 	*l = bp;
 
 	/* Check to see if succeeding segments overlap */
-	if(bp->next) {
+	if(bp->next != nil) {
 		l = &bp->next;
-		fend = BKFG(bp)->foff + BKFG(bp)->flen;
+		offset = fp->foff + fp->flen;
 
 		/* Take completely covered segments out */
-
-		while(*l) {
-			ovlap = fend - BKFG(*l)->foff;
-
-			if(ovlap <= 0) 
-				break; 
-			if(ovlap < BKFG(*l)->flen) {
-				BKFG(*l)->flen -= ovlap;
-				BKFG(*l)->foff += ovlap;
-				/* move up ih hdrs */
-				memmove((*l)->rp + ovlap, (*l)->rp, uflen);
-				(*l)->rp += ovlap;
+		while((bl = *l) != nil) {
+			fq = (Ipfrag*)bl->base;
+			ovlap = offset - fq->foff;
+			if(ovlap <= 0)
+				break;
+			if(ovlap < fq->flen) {
+				/* move up ip and frag header */
+				memmove(bl->rp + ovlap, bl->rp, BLEN(bl) - fq->flen);
+				bl->rp += ovlap;
+				fq->flen -= ovlap;
+				fq->foff += ovlap;
 				break;
 			}
-			last = (*l)->next;
-			(*l)->next = nil;
-			freeblist(*l);
-			*l = last;
+			*l = bl->next;
+			bl->next = nil;
+			freeb(bl);
 		}
 	}
 
@@ -703,45 +581,55 @@
 	 *  look for a complete packet.  if we get to a fragment
 	 *  with the trailing bit of fraghdr->offsetRM[1] set, we're done.
 	 */
-	pktposn = 0;
-	for(bl = f->blist; bl; bl = bl->next) {
-		if(BKFG(bl)->foff != pktposn)
+	offset = 0;
+	for(bl = f->blist; bl != nil; bl = bl->next, offset += fp->flen) {
+		fp = (Ipfrag*)bl->base;
+		if(fp->foff != offset)
 			break;
-	
-		fraghdr = (Fraghdr6 *) (bl->rp + uflen);
-		if((fraghdr->offsetRM[1] & 1) == 0) {
-
-			bl = f->blist;
-
-			/* get rid of frag header in first fragment */
-
-			memmove(bl->rp + IP6FHDR, bl->rp, uflen);
-			bl->rp += IP6FHDR;
-			len = nhgets(((Ip6hdr*)(bl->rp))->ploadlen) - IP6FHDR;
-			bl->wp = bl->rp + len + IP6HDR;
-
-			/* Pullup all the fragment headers and
-			 * return a complete packet
-			 */
-			for(bl = bl->next; bl; bl = bl->next) {
-				fragsize = BKFG(bl)->flen;
-				len += fragsize;
-				bl->rp += uflen + IP6FHDR;
-				bl->wp = bl->rp + fragsize;
-			}
 
-			bl = f->blist;
-			f->blist = nil;
+		fraghdr = (Fraghdr6*)(bl->wp - fp->flen - IP6FHDR);
+		if(fraghdr->offsetRM[1] & 1)
+			continue;
+
+		bl = f->blist;
+		fq = (Ipfrag*)bl->base;
+
+		/* get rid of frag header in first fragment */
+		memmove(bl->rp + IP6FHDR, bl->rp, BLEN(bl) - fq->flen - IP6FHDR);
+		bl->rp += IP6FHDR;
+		len = BLEN(bl);
+
+		/*
+		 * Pullup all the fragment headers and
+		 * return a complete packet
+		 */
+		for(bl = bl->next; bl != nil && len < IP_MAX; bl = bl->next) {
+			fq = (Ipfrag*)bl->base;
+			fragsize = fq->flen;
+			bl->rp = bl->wp - fragsize;
+			len += fragsize;
+		}
+
+		if(len >= IP_MAX){
 			ipfragfree6(ip, f);
-			ih = (Ip6hdr*)(bl->rp);
-			hnputs(ih->ploadlen, len);
+			ip->stats[ReasmFails]++;
 			qunlock(&ip->fraglock6);
-			ip->stats[ReasmOKs]++;
-			return bl;		
+
+			return nil;
 		}
-		pktposn += BKFG(bl)->flen;
+
+		bl = f->blist;
+		f->blist = nil;
+		ipfragfree6(ip, f);
+
+		ih = (Ip6hdr*)bl->rp;
+		hnputs(ih->ploadlen, len-IP6HDR);
+
+		ip->stats[ReasmOKs]++;
+		qunlock(&ip->fraglock6);
+
+		return bl;
 	}
 	qunlock(&ip->fraglock6);
 	return nil;
 }
-
--- a/os/ip/ipv6.h	Thu Aug 12 23:08:35 2021
+++ b/os/ip/ipv6.h	Sat Aug 21 01:39:52 2021
@@ -1,53 +1,31 @@
-#undef MIN
-#define MIN(a, b) ((a) <= (b) ? (a) : (b))
-
-/* rfc 3513 defines the address prefices */
+/*
+ * Internet Protocol Version 6
+ *
+ * rfc2460 defines the protocol, rfc2461 neighbour discovery, and
+ * rfc2462 address autoconfiguration.  rfc4443 defines ICMP; was rfc2463.
+ * rfc4291 defines the address architecture (including prefices), was rfc3513.
+ * rfc4007 defines the scoped address architecture.
+ *
+ * global unicast is anything but unspecified (::), loopback (::1),
+ * multicast (ff00::/8), and link-local unicast (fe80::/10).
+ *
+ * site-local (fec0::/10) is now deprecated, originally by rfc3879.
+ *
+ * Unique Local IPv6 Unicast Addresses are defined by rfc4193.
+ * prefix is fc00::/7, scope is global, routing is limited to roughly a site.
+ */
 #define isv6mcast(addr)	  ((addr)[0] == 0xff)
 #define islinklocal(addr) ((addr)[0] == 0xfe && ((addr)[1] & 0xc0) == 0x80)
-#define issitelocal(addr) ((addr)[0] == 0xfe && ((addr)[1] & 0xc0) == 0xc0)
-#define isv6global(addr) (((addr)[0] & 0xe0) == 0x20)
-
-#define optexsts(np) (nhgets((np)->ploadlen) > 24)
-#define issmcast(addr) (memcmp((addr), v6solicitednode, 13) == 0)
-
-/* from RFC 2460 */
-
-typedef struct Ip6hdr     Ip6hdr;
-typedef struct Opthdr     Opthdr;
-typedef struct Routinghdr Routinghdr;
-typedef struct Fraghdr6    Fraghdr6;
 
-struct Ip6hdr {
-	uchar vcf[4];       	// version:4, traffic class:8, flow label:20
-	uchar ploadlen[2];  	// payload length: packet length - 40
-	uchar proto;		// next header type
-	uchar ttl;          	// hop limit
-	uchar src[IPaddrlen];
-	uchar dst[IPaddrlen];
-};
+#define optexsts(np)	(nhgets((np)->ploadlen) > 24)
+#define issmcast(addr)	(memcmp((addr), v6solicitednode, 13) == 0)
 
-struct Opthdr {
-	uchar nexthdr;
-	uchar len;
-};
+#ifndef MIN
+#define MIN(a, b) ((a) <= (b)? (a): (b))
+#endif
 
-struct Routinghdr {
-	uchar nexthdr;
-	uchar len;
-	uchar rtetype;
-	uchar segrem;
-};
-
-struct Fraghdr6 {
-	uchar nexthdr;
-	uchar res;
-	uchar offsetRM[2];	// Offset, Res, M flag
-	uchar id[4];
-};
-
-
-enum {			/* Header Types */
-	HBH		= 0,	//?
+enum {				/* Header Types */
+	HBH		= 0,	/* hop-by-hop multicast routing protocol */
 	ICMP		= 1,
 	IGMP		= 2,
 	GGP		= 3,
@@ -72,88 +50,112 @@
 	Maxhdrtype	= 256,
 };
 
-
 enum {
-	//	multicast flgs and scop
+	/* multicast flags and scopes */
 
-	well_known_flg				= 0,
-	transient_flg				= 1,
+//	Well_known_flg	= 0,
+//	Transient_flg	= 1,
 
-	node_local_scop 			= 1,
-	link_local_scop 			= 2,
-	site_local_scop 			= 5,
-	org_local_scop				= 8,
-	global_scop				= 14,
-
-	//	various prefix lengths
-
-	SOLN_PREF_LEN				= 13,
-
-	//	icmpv6 unreach codes
-	icmp6_no_route				= 0,
-	icmp6_ad_prohib				= 1,
-	icmp6_unassigned			= 2,
-	icmp6_adr_unreach			= 3,
-	icmp6_port_unreach			= 4,
-	icmp6_unkn_code				= 5,
-
-	// 	various flags & constants
-
-	v6MINTU      				= 1280,
-	HOP_LIMIT    				= 255,
-	ETHERHDR_LEN 				= 14,
-	IPV6HDR_LEN  				= 40,
-	IPV4HDR_LEN  				= 20,
-
-	// 	option types
-
-	SRC_LLADDRESS    			= 1,
-	TARGET_LLADDRESS 			= 2,
-	PREFIX_INFO      			= 3,
-	REDIR_HEADER     			= 4,
-	MTU_OPTION       			= 5,
-
-	SRC_UNSPEC  				= 0,
-	SRC_UNI     				= 1,
-	TARG_UNI    				= 2,
-	TARG_MULTI  				= 3,
-
-	t_unitent   				= 1,
-	t_uniproxy  				= 2,
-	t_unirany   				= 3,
-
-	//	Router constants (all times in milliseconds)
-
-	MAX_INITIAL_RTR_ADVERT_INTERVAL 	= 16000,
-	MAX_INITIAL_RTR_ADVERTISEMENTS  	= 3,
-	MAX_FINAL_RTR_ADVERTISEMENTS    	= 3,
-	MIN_DELAY_BETWEEN_RAS 			= 3000,
-	MAX_RA_DELAY_TIME     			= 500,
-
-	//	Host constants
-
-	MAX_RTR_SOLICITATION_DELAY 		= 1000,
-	RTR_SOLICITATION_INTERVAL  		= 4000,
-	MAX_RTR_SOLICITATIONS      		= 3,
-
-	//	Node constants
-
-	MAX_MULTICAST_SOLICIT   		= 3,
-	MAX_UNICAST_SOLICIT     		= 3,
-	MAX_ANYCAST_DELAY_TIME  		= 1000,
-	MAX_NEIGHBOR_ADVERTISEMENT 		= 3,
-	REACHABLE_TIME 				= 30000,
-	RETRANS_TIMER  				= 1000,
-	DELAY_FIRST_PROBE_TIME 			= 5000,
-
-};
-
-extern void ipv62smcast(uchar *, uchar *);
-extern void icmpns(Fs *f, uchar* src, int suni, uchar* targ, int tuni, uchar* mac);
-extern void icmpna(Fs *f, uchar* src, uchar* dst, uchar* targ, uchar* mac, uchar flags);
-extern void icmpttlexceeded6(Fs *f, Ipifc *ifc, Block *bp);
-extern void icmppkttoobig6(Fs *f, Ipifc *ifc, Block *bp);
-extern void icmphostunr(Fs *f, Ipifc *ifc, Block *bp, int code, int free);
+//	Interface_local_scop = 1,
+	Link_local_scop	= 2,
+//	Site_local_scop	= 5,
+//	Org_local_scop	= 8,
+	Global_scop	= 14,
+
+	/* various prefix lengths */
+	SOLN_PREF_LEN	= 13,
+
+	/* icmpv6 unreachability codes */
+	Icmp6_no_route		= 0,
+	Icmp6_ad_prohib		= 1,
+	Icmp6_out_src_scope	= 2,
+	Icmp6_adr_unreach	= 3,
+	Icmp6_port_unreach	= 4,
+	Icmp6_gress_src_fail	= 5,
+	Icmp6_rej_route		= 6,
+	Icmp6_unknown		= 7,  /* our own invention for internal use */
+
+	/* various flags & constants */
+	v6MINTU		= 1280,
+	HOP_LIMIT	= 255,
+	IP6HDR		= 40,		/* sizeof(Ip6hdr) = 8 + 2*16 */
+	IP6FHDR		= 8, 		/* sizeof(Fraghdr6) */
+
+	/* option types */
+
+	/* neighbour discovery */
+	SRC_LLADDR	= 1,
+	TARGET_LLADDR	= 2,
+	PREFIX_INFO	= 3,
+	REDIR_HEADER	= 4,
+	MTU_OPTION	= 5,
+	/* new since rfc2461; see iana.org/assignments/icmpv6-parameters */
+	V6nd_home	= 8,
+	V6nd_srcaddrs	= 9,		/* rfc3122 */
+	V6nd_ip		= 17,
+	/* /lib/rfc/drafts/draft-jeong-dnsop-ipv6-dns-discovery-12.txt */
+	V6nd_rdns	= 25,
+	/* plan 9 extensions */
+	V6nd_9fs	= 250,
+	V6nd_9auth	= 251,
+
+	SRC_UNSPEC	= 0,
+	SRC_UNI		= 1,
+	TARG_UNI	= 2,
+	TARG_MULTI	= 3,
+
+	Tunitent	= 1,
+	Tuniproxy	= 2,
+	Tunirany	= 3,
+
+	/* Node constants */
+	MAX_MULTICAST_SOLICIT	= 3,
+	RETRANS_TIMER		= 1000,
+};
+
+typedef struct Ip6hdr	Ip6hdr;
+typedef struct Opthdr	Opthdr;
+typedef struct Routinghdr Routinghdr;
+typedef struct Fraghdr6	Fraghdr6;
+
+/* we do this in case there's padding at the end of Ip6hdr */
+#define IPV6HDR \
+	uchar	vcf[4];		/* version:4, traffic class:8, flow label:20 */\
+	uchar	ploadlen[2];	/* payload length: packet length - 40 */ \
+	uchar	proto;		/* next header type */ \
+	uchar	ttl;		/* hop limit */ \
+	uchar	src[IPaddrlen]; \
+	uchar	dst[IPaddrlen]
+
+struct	Ip6hdr {
+	IPV6HDR;
+	uchar	payload[];
+};
+
+struct	Opthdr {		/* unused */
+	uchar	nexthdr;
+	uchar	len;
+};
+
+/*
+ * Beware routing header type 0 (loose source routing); see
+ * http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf.
+ * Type 1 is unused.  Type 2 is for MIPv6 (mobile IPv6) filtering
+ * against type 0 header.
+ */
+struct	Routinghdr {		/* unused */
+	uchar	nexthdr;
+	uchar	len;
+	uchar	rtetype;
+	uchar	segrem;
+};
+
+struct	Fraghdr6 {
+	uchar	nexthdr;
+	uchar	res;
+	uchar	offsetRM[2];	/* Offset, Res, M flag */
+	uchar	id[4];
+};
 
 extern uchar v6allnodesN[IPaddrlen];
 extern uchar v6allnodesL[IPaddrlen];
@@ -161,26 +163,26 @@
 extern uchar v6allroutersL[IPaddrlen];
 extern uchar v6allnodesNmask[IPaddrlen];
 extern uchar v6allnodesLmask[IPaddrlen];
-extern uchar v6allroutersS[IPaddrlen];
 extern uchar v6solicitednode[IPaddrlen];
 extern uchar v6solicitednodemask[IPaddrlen];
 extern uchar v6Unspecified[IPaddrlen];
 extern uchar v6loopback[IPaddrlen];
-extern uchar v6loopbackmask[IPaddrlen];
 extern uchar v6linklocal[IPaddrlen];
 extern uchar v6linklocalmask[IPaddrlen];
-extern uchar v6sitelocal[IPaddrlen];
-extern uchar v6sitelocalmask[IPaddrlen];
-extern uchar v6glunicast[IPaddrlen];
 extern uchar v6multicast[IPaddrlen];
 extern uchar v6multicastmask[IPaddrlen];
 
 extern int v6llpreflen;
-extern int v6slpreflen;
-extern int v6lbpreflen;
 extern int v6mcpreflen;
 extern int v6snpreflen;
 extern int v6aNpreflen;
 extern int v6aLpreflen;
 
 extern int ReTransTimer;
+
+void ipv62smcast(uchar *, uchar *);
+void icmpns(Fs *f, uchar* src, int suni, uchar* targ, int tuni, uchar* mac);
+void icmpna(Fs *f, uchar* src, uchar* dst, uchar* targ, uchar* mac, uchar flags);
+void icmpttlexceeded6(Fs *f, Ipifc *ifc, Block *bp);
+void icmppkttoobig6(Fs *f, Ipifc *ifc, Block *bp);
+void icmphostunr6(Fs *f, Ipifc *ifc, Block *bp, int code, int tome);
--- a/os/ip/kernel.h	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,10 +0,0 @@
-extern	int	kclose(int);
-extern	int	kdial(char*, char*, char*, int*);
-extern	int	kannounce(char*, char*);
-extern	void	kerrstr(char*);
-extern	void	kgerrstr(char*);
-extern	int	kopen(char*, int);
-extern	long	kread(int, void*, long);
-extern	long	kseek(int, vlong, int);
-extern	long	kwrite(int, void*, long);
-extern	void	kwerrstr(char *, ...);
--- a/os/ip/loopbackmedium.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/loopbackmedium.c	Sat Aug 21 01:39:52 2021
@@ -28,13 +28,12 @@
 	LB *lb;
 
 	lb = smalloc(sizeof(*lb));
+	lb->readp = (void*)-1;
 	lb->f = ifc->conv->p->f;
-	/* TO DO: make queue size a function of kernel memory */
-	lb->q = qopen(128*1024, Qmsg, nil, nil);
+	lb->q = qopen(1024*1024, Qmsg, nil, nil);
 	ifc->arg = lb;
-	ifc->mbps = 1000;
 
-	kproc("loopbackread", loopbackread, ifc, 0);
+	kproc("loopbackread", loopbackread, ifc);
 
 }
 
@@ -43,13 +42,29 @@
 {
 	LB *lb = ifc->arg;
 
-	if(lb->readp)
+	while(waserror())
+		;
+
+	/* wat for reader to start */
+	while(lb->readp == (void*)-1)
+		tsleep(&up->sleep, return0, 0, 300);
+		
+	if(lb->readp != nil)
 		postnote(lb->readp, 1, "unbind", 0);
 
+	poperror();
+
+	wunlock(ifc);
+	while(waserror())
+		;
+
 	/* wait for reader to die */
-	while(lb->readp != 0)
+	while(lb->readp != nil)
 		tsleep(&up->sleep, return0, 0, 300);
 
+	poperror();
+	wlock(ifc);
+
 	/* clean up */
 	qfree(lb->q);
 	free(lb);
@@ -76,23 +91,14 @@
 	ifc = a;
 	lb = ifc->arg;
 	lb->readp = up;	/* hide identity under a rock for unbind */
-	if(waserror()){
-		lb->readp = 0;
-		pexit("hangup", 1);
-	}
-	for(;;){
-		bp = qbread(lb->q, Maxtu);
-		if(bp == nil)
-			continue;
-		ifc->in++;
-		if(!canrlock(ifc)){
-			freeb(bp);
-			continue;
-		}
+	if(!waserror())
+	while((bp = qbread(lb->q, Maxtu)) != nil){
+		rlock(ifc);
 		if(waserror()){
 			runlock(ifc);
 			nexterror();
 		}
+		ifc->in++;
 		if(ifc->lifc == nil)
 			freeb(bp);
 		else
@@ -100,6 +106,8 @@
 		runlock(ifc);
 		poperror();
 	}
+	lb->readp = nil;
+	pexit("hangup", 1);
 }
 
 Medium loopbackmedium =
--- a/os/ip/nat.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,549 +0,0 @@
-#include		"u.h"
-#include		"../port/lib.h"
-#include		"mem.h"
-#include		"dat.h"
-#include		"fns.h"
-#include		"../port/error.h"
-
-#include		"ip.h"
-
-typedef struct NatProto NatProto;
-typedef struct NatAddr NatAddr;
-
-/*
- * NAT.
- */
-struct Nat
-{
-	uchar	src[IPv4addrlen];	/* Source address */
-	uchar	sport[2];		/* Source port */
-	uchar	lport[2];		/* Local port */
-	uchar	proto;			/* Protocol */
-	long	time;			/* Time */
-	Conv	*conv;			/* Conversation */
-	Nat	*next;			/* Next node */
-};
-
-/*
- * Protocol list.
- */
-struct NatProto
-{
-	uchar	proto;			/* Protocol */
-	int	sport;			/* Source port offset */
-	int	dport;			/* Destination port offset */
-	int	cksum;			/* Checksum offset */
-	int	timeout;		/* Timeout */
-};
-
-/*
- * Address list.
- */
-struct NatAddr
-{
-	uchar	src[IPaddrlen];		/* Source address */
-	uchar	mask[IPaddrlen];	/* Source address mask */
-	uchar	net[IPaddrlen];		/* Source network address */
-	Iplifc	*dst;			/* Destination interface */
-	NatAddr	*next;			/* Next node */
-};
-
-static Nat *head = nil;
-static NatAddr *addrhead = nil;
-
-/*
- * Timeouts for ICMP, TCP and UDP are respectively confirmed
- * in RFC 5508, RFC 5382 and RFC 4787.
- */
-static NatProto prototab[] =
-{
-	{ 1, 4, 4, 2, 60*1000 },		/* ICMP */
-	{ 6, 0, 2, 16, (2*60*60+4*60)*1000 },	/* TCP */
-	{ 17, 0, 2, 6, 2*60*1000 },		/* UDP */
-	{ 40, 6, 8, 0, 10*30*1000 },		/* IL */
-	{ 255, 0, 2, 6, 2*60*1000 },		/* RUDP */
-	{ 0 }
-};
-
-NatProto*	parseproto(uchar);
-void		natprepend(Nat*);
-Nat*		natexistout(uchar*, uchar, uchar*);
-Nat*		natexistin(uchar, uchar*);
-int		natdelete(uchar*, uchar, uchar*);
-int		natpurge(uchar);
-Nat*		natlport(Proto*, Ip4hdr*, uchar*);
-int		natgc(uchar);
-void		checksumadjust(uchar*, uchar*, int, uchar*, int);
-Iplifc*		natonifco(Ipifc*, Ip4hdr*);
-Iplifc*		natonifci(Ipifc*);
-void		nataddrprepend(NatAddr*);
-NatAddr*	nataddrexist(uchar*, uchar*, Iplifc*);
-int		addnataddr(uchar*, uchar*, Iplifc*);
-int		removenataddr(uchar*, uchar*, Iplifc*);
-void		shownataddr(void);
-void		flushnataddr(void);
-
-/*
- * Return protocol attributes if known.
- */
-NatProto*
-parseproto(uchar proto)
-{
-	NatProto *np;
-
-	for(np = prototab; np->proto; np++)
-		if(proto == np->proto)
-			return np;
-
-	return nil;
-}
-
-/*
- * Output NAT.
- * Return -1 if the packet must be NATed but the protocol is unknown.
- */
-int
-nato(Block *b, Ipifc *ifc, Fs *f)
-{
-	Nat *n;		/* NAT table */
-	NatProto *np;	/* Protocol list */
-	Iplifc *lifc;	/* Logical interface */
-	Ip4hdr *h;	/* Source IPv4 header */
-	Proto *p;	/* New protocol */
-	uchar *laddr;	/* Local address on Iplifc */
-	uchar *sport;	/* Source port */
-	uchar *cksum;	/* Source checksum */
-
-	h = (Ip4hdr*)(b->rp);
-
-	/* Verify on which logical interface NAT is enabled,
-           and if this source address must be translated */
-	if((lifc=natonifco(ifc, h)) == nil)
-		return 0;
-
-	laddr = lifc->local+IPv4off;
-	p = Fsrcvpcolx(f, h->proto);
-
-	if(ip4cmp(h->src, laddr) != 0){
-		if((np=parseproto(h->proto)) != nil){
-			/* Protocol layer */
-			sport = (b->rp)+sizeof(Ip4hdr)+np->sport;
-			cksum = (b->rp)+sizeof(Ip4hdr)+np->cksum;
-			if((n = natlport(p, h, sport)) == nil)
-				return -1;
-			memmove(sport, n->lport, 2);
-			checksumadjust(cksum, n->sport, 2, n->lport, 2);
-			if(np->proto != 1)
-				/* ICMP checksum doesn't include IP header */
-				checksumadjust(cksum, n->src, IPv4addrlen,
-					laddr, IPv4addrlen);
-			/* IP layer */
-			ip4move(h->src, laddr);
-			checksumadjust(h->cksum, n->src, IPv4addrlen,
-				h->src, IPv4addrlen);
-			return 0;
-		}else{
-			netlog(f, Lognat, "nat: unknown protocol %d\n", h->proto);
-			return -1;
-		}
-	}
-
-	return 0;
-}
-
-/*
- * Input NAT.
- */
-void
-nati(Block *b, Ipifc *ifc)
-{
-	Nat *n;		/* NAT table */
-	NatProto *np;	/* Protocol list */
-	Ip4hdr *h;	/* Source IPv4 header */
-	uchar *lport;	/* Our local port, and dst port for the packet */
-	uchar *cksum;	/* Source checksum */
-
-	h = (Ip4hdr*)(b->rp);
-
-	/* Verify if NAT is enabled on this interface */
-	if(natonifci(ifc) == nil)
-		return;
-
-	if((np=parseproto(h->proto)) != nil){
-		lport = (b->rp)+sizeof(Ip4hdr)+np->dport;
-		if((n=natexistin(h->proto, lport)) != nil){
-			/* Protocol layer */
-			cksum = (b->rp)+sizeof(Ip4hdr)+np->cksum;
-			checksumadjust(cksum, lport, 2, n->sport, 2);
-			memmove(lport, n->sport, 2);
-			if(np->proto != 1)
-				/* ICMP checksum doesn't include IP header */
-		   		checksumadjust(cksum, h->dst, IPv4addrlen,
-					n->src, IPv4addrlen);
-			/* IP layer */
-			checksumadjust(h->cksum, h->dst, IPv4addrlen,
-				n->src, IPv4addrlen);
-			ip4move(h->dst, n->src);
-		}
-	}
-}
-
-/*
- * Add Nat to Nat list.
- */
-void
-natprepend(Nat *n)
-{
-	n->next = head;
-	head = n;
-}
-
-/*
- * Return Nat if it exists in Nat list.
- */
-Nat*
-natexistout(uchar *src, uchar proto, uchar *sport)
-{
-	Nat *c;		/* Current node */
-
-	for(c=head; c!=nil; c=c->next)
-		if(ip4cmp(src, c->src) == 0 &&
-			memcmp(sport, c->sport, 2) == 0 &&
-			proto == c->proto){
-			c->time = NOW;
-			return c;
-		}
-
-	return nil;
-}
-
-/*
- * Return Nat if it exists in Nat list.
- */
-Nat*
-natexistin(uchar proto, uchar *lport)
-{
-	Nat *c;		/* Current node */
-
-	for(c=head; c!=nil; c=c->next)
-		if(memcmp(lport, c->lport, 2) == 0 &&
-			proto == c->proto){
-			c->time = NOW;
-			return c;
-		}
-
-	return nil;
-}
-
-/*
- * Delete Nat in Nat list.
- * Return -1 if it doesn't exist.
- */
-int
-natdelete(uchar src[IPv4addrlen], uchar proto, uchar sport[2])
-{
-	Nat *p;		/* Precedent node */
-	Nat *c;		/* Current node */
-
-	for(p=nil, c=head; c!=nil; p=c, c=c->next)
-		if(ip4cmp(src, c->src) == 0 &&
-			memcmp(sport, c->sport, 2) == 0 &&
-			proto == c->proto)
-			break;
-
-	if(c == nil)
-		return -1;
-
-	if(p == nil)
-		head = head->next;
-	else
-		p->next = c->next;
-
-	closeconv(c->conv);
-	free(c);
-
-	return 0;
-}
-
-/*
- * Purge Nat list.
- */
-int
-natpurge(uchar proto)
-{
-	Nat *c;		/* Current node */
-	int n;		/* Number of purged connections */
-
-	for(n = 0;; n++){
-		do{
-			if((c = head) == nil)
-				return n;
-			head = head->next;
-		}while(c->proto != proto);
-		closeconv(c->conv);
-		free(c);
-	}
-}
-
-/*
- * Create a new Nat if necessary.
- */
-Nat*
-natlport(Proto *p, Ip4hdr *h, uchar *sport)
-{
-	Nat *n;		/* New NAT node */
-	Conv *s;	/* New conversation */
-
-	if((n=natexistout(h->src, h->proto, sport)) == nil){
-		qlock(p);
-		s = Fsprotoclone(p, "network");
-		qunlock(p);
-		if(s == nil){
-			error(Enodev);
-			return nil;
-		}
-		setlport(s);
-		n = malloc(sizeof(Nat));
-		ip4move(n->src, h->src);
-		memmove(n->sport, sport, 2);
-		memmove(n->lport, &s->lport, 2);
-		n->proto = h->proto;
-		n->time = NOW;
-		n->conv = s;
-		natprepend(n);
-	}
-
-	return n;
-}
-
-/*
- * Nat list garbage collector.
- */
-int
-natgc(uchar proto){
-	Nat *p;		/* Precedent node */
-	Nat *c;		/* Current node */
-	NatProto *np;	/* Protocol list */
-	int n;		/* Number of garbage collected connections */
-
-	n = 0;
-	p = nil;
-	c = head;
-
-	np = parseproto(proto);
-
-	while(c != nil){
-		if(NOW - c->time > np->timeout){
- 			if(p == nil){
- 				head = head->next;
-				if(proto == c->proto)
-					n++;
-				closeconv(c->conv);
-				free(c);
-				p = nil;
-				c = head;
- 			}else{
- 				p->next = c->next;
-				if(proto == c->proto)
-					n++;
-				closeconv(c->conv);
-				free(c);
- 				c = p->next;
- 			}
-		}else{
-			p = c;
-			c = c->next;
-		}
-	}
-
-	if(n == 0)	/* Prevent Conv saturation */
-		n = natpurge(proto);
-
-	return n;
-}
-
-/*
- * Function checksumadjust from RFC 3022.
- */
-void
-checksumadjust(uchar *chksum, uchar *optr, int olen, uchar *nptr, int nlen)
-{
-	long x, old, new;
-
-	x=chksum[0]*256+chksum[1];
-	x=~x & 0xffff;
-	while(olen){
-		old=optr[0]*256+optr[1];
-		optr+=2;
-		x-=old & 0xffff;
-		if(x<=0){
-			x--;
-			x&=0xffff;
-		}
-		olen-=2;
-	}
-	while(nlen){
-		new=nptr[0]*256+nptr[1];
-		nptr+=2;
-		x+=new & 0xffff;
-		if(x & 0x10000){
-			x++;
-			x&=0xffff;
-		}
-		nlen-=2;
-	}
-	x=~x & 0xffff;
-	chksum[0]=x/256;
-	chksum[1]=x & 0xff;
-}
-
-/*
- * Add NatAddr to NatAddr list.
- */
-void
-nataddrprepend(NatAddr *na)
-{
-	na->next = addrhead;
-	addrhead = na;
-}
-
-/*
- * Return NatAddr if it exists in NatAddr list.
- */
-NatAddr*
-nataddrexist(uchar *src, uchar *mask, Iplifc *dst)
-{
-	NatAddr *c;	/* Current node */
-
-	for(c=addrhead; c!=nil; c=c->next)
-		if(ipcmp(src, c->src) == 0 &&
-			ipcmp(mask, c->mask) == 0 &&
-			dst == c->dst)
-			return c;
-
-	return nil;
-}
-
-/*
- * Create a new NatAddr.
- * Return -1 if it already exist.
- */
-int
-addnataddr(uchar *src, uchar *mask, Iplifc *dst)
-{
-	NatAddr *na;		/* New address node */
-	uchar net[IPaddrlen];	/* Network address */
-
-	maskip(src, mask, net);
-
-	if(nataddrexist(src, mask, dst) != nil)
-		return -1;
-
-	na = malloc(sizeof(NatAddr));
-	ipmove(na->src, src);
-	ipmove(na->mask, mask);
-	ipmove(na->net, net);
-	na->dst = dst;
-
-	nataddrprepend(na);
-
-	return 0;
-}
-
-/*
- * Remove a NatAddr.
- * Return -1 if it doesn't exist.
- */
-int
-removenataddr(uchar *src, uchar *mask, Iplifc *dst)
-{
-	NatAddr *c;	/* Current node */
-	NatAddr *p;	/* Precedent node */
-
-	for(p=nil, c=addrhead; c!=nil; p=c, c=c->next)
-		if(ipcmp(src, c->src) == 0 &&
-			ipcmp(mask, c->mask) == 0 &&
-			dst == c->dst)
-			break;
-
-	if(c == nil)
-		return -1;
-
-	if(p == nil)
-		addrhead = addrhead->next;
-	else
-		p->next = c->next;
-
-	return 0;
-}
-
-/*
- * Display NatAddr list.
- */
-void
-shownataddr(void)
-{
-	NatAddr *c;	/* Current node */
-
-	for(c=addrhead; c!=nil; c=c->next)
-		print("%I %V %I\n", c->src, c->mask+IPv4off, c->dst->local);
-}
-
-/*
- * Flush NatAddr list.
- */
-void
-flushnataddr(void)
-{
-	NatAddr *c;	/* Current node */
-
-	while((c=addrhead) != nil){
-		addrhead = addrhead->next;
-		free(c);
-	}
-}
-
-/*
- * Return logical interface if NAT is enabled on this interface,
- * and the source address must be translated.
- */
-Iplifc*
-natonifco(Ipifc *ifc, Ip4hdr* h)
-{
-	NatAddr *na;		/* Address list */
-	Iplifc *lifc;		/* Logical interface */
-	uchar src[IPaddrlen];	/* Source address */
-	uchar net[IPaddrlen];	/* Source network address */
-
-	for(lifc=ifc->lifc; lifc!=nil; lifc=lifc->next)
-		for(na=addrhead; na; na=na->next)
-			if(lifc == na->dst){
-				/* NAT enabled on this logical interface */
-				v4tov6(src, h->src);
-				maskip(src, na->mask, net);
-				if(ipcmp(net, na->net) == 0)
-					/* Source address must be translated */
-					return lifc;
-			}
-
-	return nil;
-}
-
-/*
- * Return logical interface if NAT is enabled on this interface.
- */
-Iplifc*
-natonifci(Ipifc *ifc)
-{
-	NatAddr *na;		/* Address list */
-	Iplifc *lifc;		/* Logical interface */
-
-	for(lifc=ifc->lifc; lifc!=nil; lifc=lifc->next)
-		for(na=addrhead; na; na=na->next)
-			if(lifc == na->dst){
-				/* NAT enabled on this logical interface */
-				return lifc;
-			}
-
-	return nil;
-}
--- a/os/ip/netdevmedium.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/netdevmedium.c	Sat Aug 21 01:39:52 2021
@@ -49,12 +49,13 @@
 	mchan = namec(argv[2], Aopen, ORDWR, 0);
 
 	er = smalloc(sizeof(*er));
+	er->readp = (void*)-1;
 	er->mchan = mchan;
 	er->f = ifc->conv->p->f;
 
 	ifc->arg = er;
 
-	kproc("netdevread", netdevread, ifc, 0);
+	kproc("netdevread", netdevread, ifc);
 }
 
 /*
@@ -65,13 +66,29 @@
 {
 	Netdevrock *er = ifc->arg;
 
+	while(waserror())
+		;
+
+	/* wait for reader to start */
+	while(er->readp == (void*)-1)
+		tsleep(&up->sleep, return0, 0, 300);
+
 	if(er->readp != nil)
 		postnote(er->readp, 1, "unbind", 0);
 
-	/* wait for readers to die */
+	poperror();
+
+	wunlock(ifc);
+	while(waserror())
+		;
+
+	/* wait for reader to die */
 	while(er->readp != nil)
 		tsleep(&up->sleep, return0, 0, 300);
 
+	poperror();
+	wlock(ifc);
+
 	if(er->mchan != nil)
 		cclose(er->mchan);
 
@@ -86,8 +103,6 @@
 {
 	Netdevrock *er = ifc->arg;
 
-	if(bp->next)
-		bp = concatblock(bp);
 	if(BLEN(bp) < ifc->mintu)
 		bp = adjustblock(bp, ifc->mintu);
 
@@ -104,34 +119,22 @@
 	Ipifc *ifc;
 	Block *bp;
 	Netdevrock *er;
-	char *argv[1];
 
 	ifc = a;
 	er = ifc->arg;
 	er->readp = up;	/* hide identity under a rock for unbind */
-	if(waserror()){
-		er->readp = nil;
-		pexit("hangup", 1);
-	}
+	if(!waserror())
 	for(;;){
 		bp = devtab[er->mchan->type]->bread(er->mchan, ifc->maxtu, 0);
 		if(bp == nil){
-			/*
-			 * get here if mchan is a pipe and other side hangs up
-			 * clean up this interface & get out
-ZZZ is this a good idea?
-			 */
 			poperror();
-			er->readp = nil;
-			argv[0] = "unbind";
-			if(!waserror())
+			if(!waserror()){
+				static char *argv[]  = { "unbind" };
 				ifc->conv->p->ctl(ifc->conv, argv, 1);
-			pexit("hangup", 1);
-		}
-		if(!canrlock(ifc)){
-			freeb(bp);
-			continue;
+			}
+			break;
 		}
+		rlock(ifc);
 		if(waserror()){
 			runlock(ifc);
 			nexterror();
@@ -144,6 +147,8 @@
 		runlock(ifc);
 		poperror();
 	}
+	er->readp = nil;
+	pexit("hangup", 1);
 }
 
 void
--- a/os/ip/netlog.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/netlog.c	Sat Aug 21 01:39:52 2021
@@ -7,7 +7,7 @@
 #include	"../ip/ip.h"
 
 enum {
-	Nlog		= 4*1024,
+	Nlog		= 16*1024,
 };
 
 /*
@@ -39,12 +39,12 @@
 	{ "ppp",	Logppp, },
 	{ "ip",		Logip, },
 	{ "fs",		Logfs, },
-	{ "tcp",	Logtcp, },
 	{ "il",		Logil, },
+	{ "tcp",	Logtcp, },
 	{ "icmp",	Logicmp, },
 	{ "udp",	Logudp, },
 	{ "compress",	Logcompress, },
-	{ "ilmsg",	Logil|Logilmsg, },
+	{ "logilmsg",	Logilmsg, },
 	{ "gre",	Loggre, },
 	{ "tcpwin",	Logtcp|Logtcpwin, },
 	{ "tcprxmt",	Logtcp|Logtcprxmt, },
@@ -85,8 +85,11 @@
 		nexterror();
 	}
 	if(f->alog->opens == 0){
-		if(f->alog->buf == nil)
+		if(f->alog->buf == nil){
 			f->alog->buf = malloc(Nlog);
+			if(f->alog->buf == nil)
+				error(Enomem);
+		}
 		f->alog->rptr = f->alog->buf;
 		f->alog->end = f->alog->buf + Nlog;
 	}
@@ -202,6 +205,7 @@
 		else
 			f->alog->iponlyset = 1;
 		free(cb);
+		poperror();
 		return;
 
 	default:
@@ -227,7 +231,7 @@
 void
 netlog(Fs *f, int mask, char *fmt, ...)
 {
-	char buf[128], *t, *fp;
+	char buf[256], *t, *fp;
 	int i, n;
 	va_list arg;
 
--- a/os/ip/nullmedium.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/nullmedium.c	Sat Aug 21 01:39:52 2021
@@ -19,8 +19,9 @@
 }
 
 static void
-nullbwrite(Ipifc*, Block*, int, uchar*)
+nullbwrite(Ipifc*, Block *bp, int, uchar*)
 {
+	freeb(bp);
 	error("nullbwrite");
 }
 
--- a/os/ip/pktmedium.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/pktmedium.c	Sat Aug 21 01:39:52 2021
@@ -16,10 +16,10 @@
 Medium pktmedium =
 {
 .name=		"pkt",
-.hsize=		14,
-.mintu=		40,
+.hsize=		0,
+.mintu=		0,
 .maxtu=		4*1024,
-.maclen=	6,
+.maclen=	0,
 .bind=		pktbind,
 .unbind=	pktunbind,
 .bwrite=	pktbwrite,
@@ -28,12 +28,13 @@
 };
 
 /*
- *  called to bind an IP ifc to an ethernet device
+ *  called to bind an IP ifc to an packet device
  *  called with ifc wlock'd
  */
 static void
-pktbind(Ipifc*, int, char**)
+pktbind(Ipifc*, int argc, char **argv)
 {
+	USED(argc, argv);
 }
 
 /*
@@ -51,7 +52,6 @@
 pktbwrite(Ipifc *ifc, Block *bp, int, uchar*)
 {
 	/* enqueue onto the conversation's rq */
-	bp = concatblock(bp);
 	if(ifc->conv->snoopers.ref > 0)
 		qpass(ifc->conv->sq, copyblock(bp, BLEN(bp)));
 	qpass(ifc->conv->rq, bp);
--- a/os/ip/plan9.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,36 +0,0 @@
-#include	"u.h"
-#include	"../port/lib.h"
-#include	"mem.h"
-#include	"dat.h"
-#include	"fns.h"
-#include	"../port/error.h"
-#include	"ip.h"
-
-/*
- *  some hacks for commonality twixt inferno and plan9
- */
-
-char*
-commonuser(void)
-{
-	return up->env->user;
-}
-
-Chan*
-commonfdtochan(int fd, int mode, int a, int b)
-{
-	return fdtochan(up->env->fgrp, fd, mode, a, b);
-}
-
-char*
-commonerror(void)
-{
-	return up->env->errstr;
-}
-
-int
-postnote(Proc *p, int, char *, int)
-{
-	swiproc(p, 0);
-	return 0;
-}
--- a/os/ip/ppp.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,1656 +0,0 @@
-#include	"u.h"
-#include	"../port/lib.h"
-#include	"mem.h"
-#include	"dat.h"
-#include	"fns.h"
-#include	"../port/error.h"
-#include	<libcrypt.h>
-#include	<kernel.h>
-#include	"ip.h"
-#include	"ppp.h"
-
-int	nocompress;
-Ipaddr	pppdns[2];
-
-/*
- * Calculate FCS - rfc 1331
- */
-ushort fcstab[256] =
-{
-      0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf,
-      0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7,
-      0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e,
-      0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876,
-      0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd,
-      0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5,
-      0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c,
-      0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974,
-      0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb,
-      0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3,
-      0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a,
-      0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72,
-      0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9,
-      0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1,
-      0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738,
-      0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70,
-      0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7,
-      0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff,
-      0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036,
-      0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e,
-      0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5,
-      0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd,
-      0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134,
-      0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c,
-      0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3,
-      0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb,
-      0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232,
-      0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a,
-      0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1,
-      0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9,
-      0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
-      0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
-};
-
-static char *snames[] =
-{
-	"Sclosed",
-	"Sclosing",
-	"Sreqsent",
-	"Sackrcvd",
-	"Sacksent",
-	"Sopened",
-};
-
-static void	init(PPP*);
-static void	setphase(PPP*, int);
-static void	pinit(PPP*, Pstate*);
-static void	ppptimer(void*);
-static void	ptimer(PPP*, Pstate*);
-static int	getframe(PPP*, Block**);
-static Block*	putframe(PPP*, int, Block*);
-static uchar*	escapebyte(PPP*, ulong, uchar*, ushort*);
-static void	config(PPP*, Pstate*, int);
-static int	getopts(PPP*, Pstate*, Block*);
-static void	rejopts(PPP*, Pstate*, Block*, int);
-static void	newstate(PPP*, Pstate*, int);
-static void	rcv(PPP*, Pstate*, Block*);
-static void	getchap(PPP*, Block*);
-static void	getpap(PPP*, Block*);
-static void	sendpap(PPP*);
-static void	getlqm(PPP*, Block*);
-static void	putlqm(PPP*);
-static void	hangup(PPP*);
-static void	remove(PPP*);
-
-static	int		validv4(Ipaddr);
-static	void		invalidate(Ipaddr);
-static	void		ipconnect(PPP *);
-static	void		setdefroute(PPP *, Ipaddr);
-static	void		printopts(PPP *, Pstate*, Block*, int);
-static	void		sendtermreq(PPP*, Pstate*);
-
-static void
-errlog(PPP *ppp, char *err)
-{
-	int n;
-	char msg[64];
-
-	n = snprint(msg, sizeof(msg), "%s\n", err);
-	qproduce(ppp->ifc->conv->eq, msg, n);
-}
-
-static void
-init(PPP* ppp)
-{
-	if(ppp->inbuf == nil){
-		ppp->inbuf = allocb(4096);
-		ppp->outbuf = allocb(4096);
-
-		ppp->lcp = malloc(sizeof(Pstate));
-		ppp->ipcp = malloc(sizeof(Pstate));
-		if(ppp->lcp == nil || ppp->ipcp == nil)
-			error("ppp init: malloc");
-
-		ppp->lcp->proto = Plcp;
-		ppp->lcp->state = Sclosed;
-		ppp->ipcp->proto = Pipcp;
-		ppp->ipcp->state = Sclosed;
-
-		kproc("ppptimer", ppptimer, ppp, KPDUPPG|KPDUPFDG);
-	}
-
-	pinit(ppp, ppp->lcp);
-	setphase(ppp, Plink);
-}
-
-static void
-setphase(PPP *ppp, int phase)
-{
-	int oldphase;
-
-	oldphase = ppp->phase;
-
-	ppp->phase = phase;
-	switch(phase){
-	default:
-		panic("ppp: unknown phase %d", phase);
-	case Pdead:
-		/* restart or exit? */
-		pinit(ppp, ppp->lcp);
-		setphase(ppp, Plink);
-		break;
-	case Plink:
-		/* link down */
-		switch(oldphase) {
-		case Pnet:
-			newstate(ppp, ppp->ipcp, Sclosed);
-		}
-		break;
-	case Pauth:
-		if(ppp->usepap)
-			sendpap(ppp);
-		else if(!ppp->usechap)
-			setphase(ppp, Pnet);
-		break;
-	case Pnet:
-		pinit(ppp, ppp->ipcp);
-		break;
-	case Pterm:
-		/* what? */
-		break;
-	}
-}
-
-static void
-pinit(PPP *ppp, Pstate *p)
-{
-	p->timeout = 0;
-
-	switch(p->proto){
-	case Plcp:
-		ppp->magic = TK2MS(MACHP(0)->ticks);
-		ppp->xctlmap = 0xffffffff;
-		ppp->period = 0;
-		p->optmask = 0xffffffff;
-		ppp->rctlmap = 0;
-		ppp->ipcp->state = Sclosed;
-		ppp->ipcp->optmask = 0xffffffff;
-
-		/* quality goo */
-		ppp->timeout = 0;
-		memset(&ppp->in, 0, sizeof(ppp->in));
-		memset(&ppp->out, 0, sizeof(ppp->out));
-		memset(&ppp->pin, 0, sizeof(ppp->pin));
-		memset(&ppp->pout, 0, sizeof(ppp->pout));
-		memset(&ppp->sin, 0, sizeof(ppp->sin));
-		break;
-	case Pipcp:
-		if(ppp->localfrozen == 0)
-			invalidate(ppp->local);
-		if(ppp->remotefrozen == 0)
-			invalidate(ppp->remote);
-		p->optmask = 0xffffffff;
-		ppp->ctcp = compress_init(ppp->ctcp);
-		ppp->usedns = 3;
-		invalidate(ppp->dns1);
-		invalidate(ppp->dns2);
-		break;
-	}
-	p->confid = p->rcvdconfid = -1;
-	config(ppp, p, 1);
-	newstate(ppp, p, Sreqsent);
-}
-
-/*
- *  change protocol to a new state.
- */
-static void
-newstate(PPP *ppp, Pstate *p, int state)
-{
-	netlog(ppp->f, Logppp, "%ux %ux %s->%s ctlmap %lux/%lux flags %ux mtu %d mru %d\n", ppp, p->proto,
-		snames[p->state], snames[state], ppp->rctlmap, ppp->xctlmap, p->flags,
-		ppp->mtu, ppp->mru);
-
-	if(p->proto == Plcp) {
-		if(state == Sopened)
-			setphase(ppp, Pauth);
-		else if(state == Sclosed)
-			setphase(ppp, Pdead);
-		else if(p->state == Sopened)
-			setphase(ppp, Plink);
-	}
-
-	if(p->proto == Pipcp && state == Sopened && validv4(ppp->local) && validv4(ppp->remote)){
-		netlog(ppp->f, Logppp, "pppnewstate: local %I remote %I\n", ppp->local, ppp->remote);
-		ipmove(pppdns[0], ppp->dns1);
-		ipmove(pppdns[1], ppp->dns2);
-		ipconnect(ppp);
-		/* if this is the only network, set up a default route */
-//		if(ppp->ifc->link==nil)		/* how??? */
-			setdefroute(ppp, ppp->remote);
-		errlog(ppp, Enoerror);
-	}
-
-	p->state = state;
-}
-
-static void
-remove(PPP *ppp)
-{
-	free(ppp->ipcp);
-	ppp->ipcp = 0;
-	free(ppp->ctcp);
-	ppp->ctcp = 0;
-	free(ppp->lcp);
-	ppp->lcp = 0;
-	if (ppp->inbuf) {
-		freeb(ppp->inbuf);
-		ppp->inbuf = nil;
-	}
-	if (ppp->outbuf) {
-		freeb(ppp->outbuf);
-		ppp->outbuf = nil;
-	}
-	free(ppp);
-}
-
-void
-pppclose(PPP *ppp)
-{
-	hangup(ppp);
-	remove(ppp);
-}
-
-static void
-dumpblock(Block *b)
-{
-	char x[256];
-	int i;
-
-	for(i = 0; i < (sizeof(x)-1)/3 && b->rp+i < b->wp; i++)
-		sprint(&x[3*i], "%2.2ux ", b->rp[i]);
-	print("%s\n", x);
-}
-
-/* returns (protocol, information) */
-static int
-getframe(PPP *ppp, Block **info)
-{
-	uchar *p, *from, *to;
-	int n, len, proto;
-	ulong c;
-	ushort fcs;
-	Block *buf, *b;
-
-	buf = ppp->inbuf;
-	for(;;){
-		/* read till we hit a frame byte or run out of room */
-		for(p = buf->rp; buf->wp < buf->lim;){
-			for(; p < buf->wp; p++)
-				if(*p == HDLC_frame)
-					goto break2;
-
-			len = buf->lim - buf->wp;
-			n = 0;
-			if(ppp->dchan != nil)
-				n = kchanio(ppp->dchan, buf->wp, len, OREAD);
-				netlog(ppp->f, Logppp, "ppp kchanio %d bytes\n", n);
-			if(n <= 0){
-				buf->wp = buf->rp;
-//				if(n < 0)
-//					print("ppp kchanio(%s) returned %d: %r",
-//						ppp->dchan->path->elem, n);
-				*info = nil;
-				return 0;
-			}
-			buf->wp += n;
-		}
-break2:
-
-		/* copy into block, undoing escapes, and caculating fcs */
-		fcs = PPP_initfcs;
-		b = allocb(p - buf->rp);
-		to = b->wp;
-		for(from = buf->rp; from != p;){
-			c = *from++;
-			if(c == HDLC_esc){
-				if(from == p)
-					break;
-				c = *from++ ^ 0x20;
-			} else if((c < 0x20) && (ppp->rctlmap & (1 << c)))
-				continue;
-			*to++ = c;
-			fcs = (fcs >> 8) ^ fcstab[(fcs ^ c) & 0xff];
-		}
-
-		/* copy down what's left in buffer */
-		p++;
-		memmove(buf->rp, p, buf->wp - p);
-		n = p - buf->rp;
-		buf->wp -= n;
-		b->wp = to - 2;
-
-		/* return to caller if checksum matches */
-		if(fcs == PPP_goodfcs){
-			if(b->rp[0] == PPP_addr && b->rp[1] == PPP_ctl)
-				b->rp += 2;
-			proto = *b->rp++;
-			if((proto & 0x1) == 0)
-				proto = (proto<<8) | *b->rp++;
-			if(b->rp < b->wp){
-				ppp->in.bytes += n;
-				ppp->in.packets++;
-				*info = b;
-				return proto;
-			}
-		} else if(BLEN(b) > 0){
-			ppp->ifc->inerr++;
-			ppp->in.discards++;
-			netlog(ppp->f, Logppp, "len %d/%d cksum %ux (%ux %ux %ux %ux)\n",
-				BLEN(b), BLEN(buf), fcs, b->rp[0],
-				b->rp[1], b->rp[2], b->rp[3]);
-		}
-
-		freeblist(b);
-	}
-	*info = nil;
-	return 0;
-}
-
-/* send a PPP frame */
-static Block *
-putframe(PPP *ppp, int proto, Block *b)
-{
-	Block *buf;
-	uchar *to, *from;
-	ushort fcs;
-	ulong ctlmap;
-	int c;
-	Block *bp;
-
-	if(ppp->dchan == nil){
-		netlog(ppp->f, Logppp, "putframe: dchan down\n");
-		errlog(ppp, Ehungup);
-		return b;
-	}
-	netlog(ppp->f, Logppp, "putframe %ux %d %d (%d bytes)\n", proto, b->rp[0], b->rp[1], BLEN(b));
-
-	ppp->out.packets++;
-
-	if(proto == Plcp)
-		ctlmap = 0xffffffff;
-	else
-		ctlmap = ppp->xctlmap;
-
-	/* make sure we have head room */
-	if(b->rp - b->base < 4){
-		b = padblock(b, 4);
-		b->rp += 4;
-	}
-
-	/* add in the protocol and address, we'd better have left room */
-	from = b->rp;
-	*--from = proto;
-	if(!(ppp->lcp->flags&Fpc) || proto > 0x100 || proto == Plcp)
-		*--from = proto>>8;
-	if(!(ppp->lcp->flags&Fac) || proto == Plcp){
-		*--from = PPP_ctl;
-		*--from = PPP_addr;
-	}
-
-	qlock(&ppp->outlock);
-	buf = ppp->outbuf;
-
-	/* escape and checksum the body */
-	fcs = PPP_initfcs;
-	to = buf->rp;
-
-	*to++ = HDLC_frame;
-
-	for(bp = b; bp; bp = bp->next){
-		if(bp != b)
-			from = bp->rp;
-		for(; from < bp->wp; from++){
-			c = *from;
-			if(c == HDLC_frame || c == HDLC_esc
-			   || (c < 0x20 && ((1<<c) & ctlmap))){
-				*to++ = HDLC_esc;
-				*to++ = c ^ 0x20;
-			} else 
-				*to++ = c;
-			fcs = (fcs >> 8) ^ fcstab[(fcs ^ c) & 0xff];
-		}
-	}
-
-	/* add on and escape the checksum */
-	fcs = ~fcs;
-	c = fcs;
-	if(c == HDLC_frame || c == HDLC_esc
-	   || (c < 0x20 && ((1<<c) & ctlmap))){
-		*to++ = HDLC_esc;
-		*to++ = c ^ 0x20;
-	} else 
-		*to++ = c;
-	c = fcs>>8;
-	if(c == HDLC_frame || c == HDLC_esc
-	   || (c < 0x20 && ((1<<c) & ctlmap))){
-		*to++ = HDLC_esc;
-		*to++ = c ^ 0x20;
-	} else 
-		*to++ = c;
-
-	/* add frame marker and send */
-	*to++ = HDLC_frame;
-	buf->wp = to;
-	if(ppp->dchan == nil){
-		netlog(ppp->f, Logppp, "putframe: dchan down\n");
-		errlog(ppp, Ehungup);
-	}else{
-		kchanio(ppp->dchan, buf->rp, BLEN(buf), OWRITE);
-		ppp->out.bytes += BLEN(buf);
-	}
-
-	qunlock(&ppp->outlock);
-	return b;
-}
-
-#define IPB2LCP(b) ((Lcpmsg*)((b)->wp-4))
-
-static Block*
-alloclcp(int code, int id, int len)
-{
-	Block *b;
-	Lcpmsg *m;
-
-	/*
-	 *  leave room for header
-	 */
-	b = allocb(len);
-
-	m = (Lcpmsg*)b->wp;
-	m->code = code;
-	m->id = id;
-	b->wp += 4;
-
-	return b;
-}
-
-static void
-putao(Block *b, int type, int aproto, int alg)
-{
-	*b->wp++ = type;
-	*b->wp++ = 5;
-	hnputs(b->wp, aproto);
-	b->wp += 2;
-	*b->wp++ = alg;
-}
-
-static void
-putlo(Block *b, int type, ulong val)
-{
-	*b->wp++ = type;
-	*b->wp++ = 6;
-	hnputl(b->wp, val);
-	b->wp += 4;
-}
-
-static void
-putv4o(Block *b, int type, Ipaddr val)
-{
-	*b->wp++ = type;
-	*b->wp++ = 6;
-	if(v6tov4(b->wp, val) < 0){
-		/*panic("putv4o")*/;
-	}
-	b->wp += 4;
-}
-
-static void
-putso(Block *b, int type, ulong val)
-{
-	*b->wp++ = type;
-	*b->wp++ = 4;
-	hnputs(b->wp, val);
-	b->wp += 2;
-}
-
-static void
-puto(Block *b, int type)
-{
-	*b->wp++ = type;
-	*b->wp++ = 2;
-}
-
-/*
- *  send configuration request
- */
-static void
-config(PPP *ppp, Pstate *p, int newid)
-{
-	Block *b;
-	Lcpmsg *m;
-	int id;
-
-	if(newid){
-		id = ++(p->id);
-		p->confid = id;
-		p->timeout = Timeout;
-	} else
-		id = p->confid;
-	b = alloclcp(Lconfreq, id, 256);
-	m = IPB2LCP(b);
-	USED(m);
-
-	switch(p->proto){
-	case Plcp:
-		if(p->optmask & Fmagic)
-			putlo(b, Omagic, ppp->magic);
-		if(p->optmask & Fmtu)
-			putso(b, Omtu, ppp->mru);
-		if(p->optmask & Fac)
-			puto(b, Oac);
-		if(p->optmask & Fpc)
-			puto(b, Opc);
-		if(p->optmask & Fctlmap)
-			putlo(b, Octlmap, 0);	/* we don't want anything escaped */
-		break;
-	case Pipcp:
-		if((p->optmask & Fipaddr) /*&& validv4(ppp->local)*/)
-			putv4o(b, Oipaddr, ppp->local);
-		if(!nocompress && (p->optmask & Fipcompress)){
-			*b->wp++ = Oipcompress;
-			*b->wp++ = 6;
-			hnputs(b->wp, Pvjctcp);
-			b->wp += 2;
-			*b->wp++ = MAX_STATES-1;
-			*b->wp++ = 1;
-		}
-		if(ppp->usedns & 1)
-			putlo(b, Oipdns, 0);
-		if(ppp->usedns & 2)
-			putlo(b, Oipdns2, 0);
-		break;
-	}
-
-	hnputs(m->len, BLEN(b));
-	b = putframe(ppp, p->proto, b);
-	freeblist(b);
-}
-
-/*
- *  parse configuration request, sends an ack or reject packet
- *
- *	returns:	-1 if request was syntacticly incorrect
- *			 0 if packet was accepted
- *			 1 if packet was rejected
- */
-static int
-getopts(PPP *ppp, Pstate *p, Block *b)
-{
-	Lcpmsg *m, *repm;	
-	Lcpopt *o;
-	uchar *cp;
-	ulong rejecting, nacking, flags, proto;
-	ulong mtu, ctlmap, period;
-	ulong x;
-	Block *repb;
-	Ipaddr ipaddr;
-
-	rejecting = 0;
-	nacking = 0;
-	flags = 0;
-
-	/* defaults */
-	invalidate(ipaddr);
-	mtu = ppp->mtu;
-
-	ctlmap = 0xffffffff;
-	period = 0;
-
-	m = (Lcpmsg*)b->rp;
-	repb = alloclcp(Lconfack, m->id, BLEN(b));
-	repm = IPB2LCP(repb);
-
-	/* copy options into ack packet */
-	memmove(repm->data, m->data, b->wp - m->data);
-	repb->wp += b->wp - m->data;
-
-	/* look for options we don't recognize or like */
-	for(cp = m->data; cp < b->wp; cp += o->len){
-		o = (Lcpopt*)cp;
-		if(cp + o->len > b->wp || o->len == 0){
-			freeblist(repb);
-			netlog(ppp->f, Logppp, "ppp %s: bad option length %ux\n", ppp->ifc->dev,
-				o->type);
-			return -1;
-		}
-
-		switch(p->proto){
-		case Plcp:
-			switch(o->type){
-			case Oac:
-				flags |= Fac;
-				continue;
-			case Opc:
-				flags |= Fpc;
-				continue;
-			case Omtu:
-				mtu = nhgets(o->data);
-				if(mtu < ppp->ifc->m->mintu){
-					netlog(ppp->f, Logppp, "bogus mtu %d\n", mtu);
-					mtu = ppp->ifc->m->mintu;
-				}
-				continue;
-			case Omagic:
-				if(ppp->magic == nhgetl(o->data))
-					netlog(ppp->f, Logppp, "ppp: possible loop\n");
-				continue;
-			case Octlmap:
-				ctlmap = nhgetl(o->data);
-				continue;
-			case Oquality:
-				proto = nhgets(o->data);
-				if(proto != Plqm)
-					break;
-				x = nhgetl(o->data+2)*10;
-				period = (x+Period-1)/Period;
-				continue;
-			case Oauth:
-				proto = nhgets(o->data);
-				if(proto == Ppap && ppp->chapname[0] && ppp->secret[0]){
-					ppp->usepap = 1;
-					netlog(ppp->f, Logppp, "PPP %s: select PAP\n", ppp->ifc->dev);
-					continue;
-				}
-				if(proto != Pchap || o->data[2] != APmd5){
-					if(!nacking){
-						nacking = 1;
-						repb->wp = repm->data;
-						repm->code = Lconfnak;
-					}
-					putao(repb, Oauth, Pchap, APmd5);
-				}
-				else
-					ppp->usechap = 1;
-				ppp->usepap = 0;
-				continue;
-			}
-			break;
-		case Pipcp:
-			switch(o->type){
-			case Oipaddr:	
-				v4tov6(ipaddr, o->data);
-				if(!validv4(ppp->remote))
-					continue;
-				if(!validv4(ipaddr) && !rejecting){
-					/* other side requesting an address */
-					if(!nacking){
-						nacking = 1;
-						repb->wp = repm->data;
-						repm->code = Lconfnak;
-					}
-					putv4o(repb, Oipaddr, ppp->remote);
-				}
-				continue;
-			case Oipcompress:
-				proto = nhgets(o->data);
-				if(nocompress || proto != Pvjctcp || compress_negotiate(ppp->ctcp, o->data+2) < 0)
-					break;
-				flags |= Fipcompress;
-				continue;
-			}
-			break;
-		}
-
-		/* come here if option is not recognized */
-		if(!rejecting){
-			rejecting = 1;
-			repb->wp = repm->data;
-			repm->code = Lconfrej;
-		}
-		netlog(ppp->f, Logppp, "ppp %s: bad %ux option %d\n", ppp->ifc->dev, p->proto, o->type);
-		memmove(repb->wp, o, o->len);
-		repb->wp += o->len;
-	}
-
-	/* permanent changes only after we know that we liked the packet */
-	if(!rejecting && !nacking){
-		switch(p->proto){
-		case Plcp:
-			netlog(ppp->f, Logppp, "Plcp: mtu: %d %d x:%lux/r:%lux %lux\n", mtu, ppp->mtu, ppp->xctlmap, ppp->rctlmap, ctlmap);
-			ppp->period = period;
-			ppp->xctlmap = ctlmap;
-			if(mtu > Maxmtu)
-				mtu = Maxmtu;
-			if(mtu < Minmtu)
-				mtu = Minmtu;
-			ppp->mtu = mtu;
-			break;
-		case Pipcp:
-			if(validv4(ipaddr) && ppp->remotefrozen == 0)
- 				ipmove(ppp->remote, ipaddr);
-			break;
-		}
-		p->flags = flags;
-	}
-
-	hnputs(repm->len, BLEN(repb));
-	repb = putframe(ppp, p->proto, repb);
-	freeblist(repb);
-
-	return rejecting || nacking;
-}
-
-/*
- *  parse configuration rejection, just stop sending anything that they
- *  don't like (except for ipcp address nak).
- */
-static void
-rejopts(PPP *ppp, Pstate *p, Block *b, int code)
-{
-	Lcpmsg *m;
-	Lcpopt *o;
-
-	/* just give up trying what the other side doesn't like */
-	m = (Lcpmsg*)b->rp;
-	for(b->rp = m->data; b->rp < b->wp; b->rp += o->len){
-		o = (Lcpopt*)b->rp;
-		if(b->rp + o->len > b->wp || o->len == 0){
-			netlog(ppp->f, Logppp, "ppp %s: bad roption length %ux\n", ppp->ifc->dev,
-				o->type);
-			return;
-		}
-
-		if(code == Lconfrej){
-			if(o->type < 8*sizeof(p->optmask))
-				p->optmask &= ~(1<<o->type);
-			if(o->type == Oipdns)
-				ppp->usedns &= ~1;
-			else if(o->type == Oipdns2)
-				ppp->usedns &= ~2;
-			netlog(ppp->f, Logppp, "ppp %s: %ux rejecting %d\n", ppp->ifc->dev, p->proto,
-				o->type);
-			continue;
-		}
-
-		switch(p->proto){
-		case Plcp:
-			switch(o->type){
-			case Octlmap:
-				ppp->rctlmap = nhgetl(o->data);
-				break;
-			default:
-				if(o->type < 8*sizeof(p->optmask))
-					p->optmask &= ~(1<<o->type);
-				break;
-			};
-		case Pipcp:
-			switch(o->type){
-			case Oipaddr:
-				if(!validv4(ppp->local))
-					v4tov6(ppp->local, o->data);
-//				if(o->type < 8*sizeof(p->optmask))
-//					p->optmask &= ~(1<<o->type);
-				break;
-			case Oipdns:
-				if(!validv4(ppp->dns1))
-					v4tov6(ppp->dns1, o->data);
-				ppp->usedns &= ~1;
-				break;
-			case Oipdns2:
-				if(!validv4(ppp->dns2))
-					v4tov6(ppp->dns2, o->data);
-				ppp->usedns &= ~2;
-				break;
-			default:
-				if(o->type < 8*sizeof(p->optmask))
-					p->optmask &= ~(1<<o->type);
-				break;
-			}
-			break;
-		}
-	}
-}
-
-
-/*
- *  put a messages through the lcp or ipcp state machine.  They are
- *  very similar.
- */
-static void
-rcv(PPP *ppp, Pstate *p, Block *b)
-{
-	ulong len;
-	int err;
-	Lcpmsg *m;
-
-	if(BLEN(b) < 4){
-		netlog(ppp->f, Logppp, "ppp %s: short lcp message\n", ppp->ifc->dev);
-		freeblist(b);
-		return;
-	}
-	m = (Lcpmsg*)b->rp;
-	len = nhgets(m->len);
-	if(BLEN(b) < len){
-		netlog(ppp->f, Logppp, "ppp %s: short lcp message\n", ppp->ifc->dev);
-		freeblist(b);
-		return;
-	}
-
-	netlog(ppp->f, Logppp, "ppp: %ux rcv %d len %d id %d/%d/%d\n",
-		p->proto, m->code, len, m->id, p->confid, p->id);
-
-	if(p->proto != Plcp && ppp->lcp->state != Sopened){
-		netlog(ppp->f, Logppp, "ppp: non-lcp with lcp not open\n");
-		freeb(b);
-		return;
-	}
-
-	qlock(ppp);
-	switch(m->code){
-	case Lconfreq:
-		/* flush the output queue */
-		if(p->state == Sopened && p->proto == Plcp)
-			kchanio(ppp->cchan, "f", 1, OWRITE);
-
-		printopts(ppp, p, b, 0);
-		err = getopts(ppp, p, b);
-		if(err < 0)
-			break;
-
-		if(m->id == p->rcvdconfid)
-			break;			/* don't change state for duplicates */
-		p->rcvdconfid = m->id;
-
-		switch(p->state){
-		case Sackrcvd:
-			if(err)
-				break;
-			newstate(ppp, p, Sopened);
-			break;
-		case Sclosed:
-		case Sopened:
-			config(ppp, p, 1);
-			if(err == 0)
-				newstate(ppp, p, Sacksent);
-			else
-				newstate(ppp, p, Sreqsent);
-			break;
-			break;
-		case Sreqsent:
-		case Sacksent:
-			if(err == 0)
-				newstate(ppp, p, Sacksent);
-			else
-				newstate(ppp, p, Sreqsent);
-			break;
-		}
-		break;
-	case Lconfack:
-		if(p->confid != m->id){
-			/* ignore if it isn't the message we're sending */
-			netlog(ppp->f, Logppp, "ppp: dropping confack\n");
-			break;
-		}
-		p->confid = -1;		/* ignore duplicates */
-		p->id++;		/* avoid sending duplicates */
-
-		switch(p->state){
-		case Sopened:
-		case Sackrcvd:
-			config(ppp, p, 1);
-			newstate(ppp, p, Sreqsent);
-			break;
-		case Sreqsent:
-			newstate(ppp, p, Sackrcvd);
-			break;
-		case Sacksent:
-			newstate(ppp, p, Sopened);
-			break;
-		}
-		break;
-	case Lconfrej:
-	case Lconfnak:
-		if(p->confid != m->id) {
-			/* ignore if it isn't the message we're sending */
-			netlog(ppp->f, Logppp, "ppp: dropping confrej or confnak\n");
-			break;
-		}
-		p->confid = -1;		/* ignore duplicates */
-		p->id++;		/* avoid sending duplicates */
-
-		switch(p->state){
-		case Sopened:
-		case Sackrcvd:
-			config(ppp, p, 1);
-			newstate(ppp, p, Sreqsent);
-			break;
-		case Sreqsent:
-		case Sacksent:
-			printopts(ppp, p, b, 0);
-			rejopts(ppp, p, b, m->code);
-			config(ppp, p, 1);
-			break;
-		}
-		break;
-	case Ltermreq:
-		m->code = Ltermack;
-		b = putframe(ppp, p->proto, b);
-
-		switch(p->state){
-		case Sackrcvd:
-		case Sacksent:
-			newstate(ppp, p, Sreqsent);
-			break;
-		case Sopened:
-			newstate(ppp, p, Sclosing);
-			break;
-		}
-		break;
-	case Ltermack:
-		if(p->termid != m->id)	/* ignore if it isn't the message we're sending */
-			break;
-
-		if(p->proto == Plcp)
-			ppp->ipcp->state = Sclosed;
-		switch(p->state){
-		case Sclosing:
-			newstate(ppp, p, Sclosed);
-			break;
-		case Sackrcvd:
-			newstate(ppp, p, Sreqsent);
-			break;
-		case Sopened:
-			config(ppp, p, 0);
-			newstate(ppp, p, Sreqsent);
-			break;
-		}
-		break;
-	case Lcoderej:
-		netlog(ppp->f, Logppp, "ppp %s: code reject %d\n", ppp->ifc->dev, m->data[0]);
-		break;
-	case Lprotorej:
-		netlog(ppp->f, Logppp, "ppp %s: proto reject %lux\n", ppp->ifc->dev, nhgets(m->data));
-		break;
-	case Lechoreq:
-		m->code = Lechoack;
-		b = putframe(ppp, p->proto, b);
-		break;
-	case Lechoack:
-	case Ldiscard:
-		/* nothing to do */
-		break;
-	}
-
-	qunlock(ppp);
-	freeblist(b);
-}
-
-/*
- *  timer for protocol state machine
- */
-static void
-ptimer(PPP *ppp, Pstate *p)
-{
-	if(p->state == Sopened || p->state == Sclosed)
-		return;
-
-	p->timeout--;
-	switch(p->state){
-	case Sclosing:
-		sendtermreq(ppp, p);
-		break;
-	case Sreqsent:
-	case Sacksent:
-		if(p->timeout <= 0){
-			if(p->proto && ppp->cchan != nil)
-				kchanio(ppp->cchan, "f", 1, OWRITE); /* flush output queue */
-			newstate(ppp, p, Sclosed);
-		} else {
-			config(ppp, p, 0);
-		}
-		break;
-	case Sackrcvd:
-		if(p->timeout <= 0){
-			if(p->proto && ppp->cchan != nil)
-				kchanio(ppp->cchan, "f", 1, OWRITE); /* flush output queue */
-			newstate(ppp, p, Sclosed);
-		}
-		else {
-			config(ppp, p, 0);
-			newstate(ppp, p, Sreqsent);
-		}
-		break;
-	}
-}
-
-/*
- *  timer for ppp
- */
-static void
-ppptimer(void *arg)
-{
-	PPP *ppp;
-
-	ppp = arg;
-	ppp->timep = up;
-	if(waserror()){
-		netlog(ppp->f, Logppp, "ppptimer: %I: %s\n", ppp->local, up->env->errstr);
-		ppp->timep = 0;
-		pexit("hangup", 1);
-	}
-	for(;;){
-		tsleep(&up->sleep, return0, nil, Period);
-		if(ppp->pppup){
-			qlock(ppp);
-
-			ptimer(ppp, ppp->lcp);
-			if(ppp->lcp->state == Sopened)
-				ptimer(ppp, ppp->ipcp);
-
-			if(ppp->period && --(ppp->timeout) <= 0){
-				ppp->timeout = ppp->period;
-				putlqm(ppp);
-			}
-
-			qunlock(ppp);
-		}
-	}
-}
-
-static void
-setdefroute(PPP *ppp, Ipaddr gate)
-{
-	int fd, n;
-	char path[128], msg[128];
-
-	snprint(path, sizeof path, "#I%d/iproute", ppp->f->dev);
-	fd = kopen(path, ORDWR);
-	if(fd < 0)
-		return;
-	n = snprint(msg, sizeof(msg), "add 0 0 %I", gate);
-	kwrite(fd, msg, n);
-	kclose(fd);
-}
-
-static void
-ipconnect(PPP *ppp)
-{
-	int fd, n;
-	char path[128], msg[128];
-
-	snprint(path, sizeof path, "#I%d/ipifc/%d/ctl", ppp->f->dev, ppp->ifc->conv->x);
-	fd = kopen(path, ORDWR);
-	if(fd < 0)
-		return;
-	n = snprint(msg, sizeof(msg), "connect %I 255.255.255.255 %I", ppp->local, ppp->remote);
-	if (kwrite(fd, msg, n) != n)
-		print("ppp ipconnect: %s: %r\n", msg);
-	kclose(fd);
-}
-
-PPP*
-pppopen(PPP *ppp, char *dev,
-	Ipaddr ipaddr, Ipaddr remip,
-	int mtu, int framing,
-	char *chapname, char *secret)
-{
-	int fd, cfd;
-	char ctl[Maxpath];
-
-	invalidate(ppp->remote);
-	invalidate(ppp->local);
-	invalidate(ppp->dns1);
-	invalidate(ppp->dns2);
-	ppp->mtu = Defmtu;
-	ppp->mru = mtu;
-	ppp->framing = framing;
-
-	if(remip != nil && validv4(remip)){
-		ipmove(ppp->remote, remip);
-		ppp->remotefrozen = 1;
-	}
-	if(ipaddr != nil && validv4(ipaddr)){
-		ipmove(ppp->local, ipaddr);
-		ppp->localfrozen = 1;
-	}
-
-	/* authentication goo */
-	ppp->secret[0] = 0;
-	if(secret != nil)
-		strncpy(ppp->secret, secret, sizeof(ppp->secret));
-	ppp->chapname[0] = 0;
-	if(chapname != nil)
-		strncpy(ppp->chapname, chapname, sizeof(ppp->chapname));
-
-	if(strchr(dev, '!'))
-		fd = kdial(dev, nil, nil, nil);
-	else
-		fd = kopen(dev, ORDWR);
-	if(fd < 0){
-		netlog(ppp->f, Logppp, "ppp: can't open %s\n", dev);
-		return nil;
-	}
-	ppp->dchan = fdtochan(up->env->fgrp, fd, ORDWR, 0, 1);
-	kclose(fd);
-
-	/* set up serial line */
-/* XXX this stuff belongs in application, not driver */
-	sprint(ctl, "%sctl", dev);
-	cfd = kopen(ctl, ORDWR);
-	if(cfd >= 0){
-		ppp->cchan = fdtochan(up->env->fgrp, cfd, ORDWR, 0, 1);
-		kclose(cfd);
-		kchanio(ppp->cchan, "m1", 2, OWRITE);	/* cts/rts flow control/fifo's) on */
-		kchanio(ppp->cchan, "q64000", 6, OWRITE);/* increas q size to 64k */
-		kchanio(ppp->cchan, "n1", 2, OWRITE);	/* nonblocking writes on */
-		kchanio(ppp->cchan, "r1", 2, OWRITE);	/* rts on */
-		kchanio(ppp->cchan, "d1", 2, OWRITE);	/* dtr on */
-	}
-
-	ppp->pppup = 1;
-	init(ppp);
-	return ppp;
-}
-
-static void
-hangup(PPP *ppp)
-{
-	qlock(ppp);
-	if(waserror()){
-		qunlock(ppp);
-		nexterror();
-	}
-	netlog(ppp->f, Logppp, "PPP Hangup\n");
-	errlog(ppp, Ehungup);
-	if(ppp->pppup && ppp->cchan != nil){
-		kchanio(ppp->cchan, "f", 1, OWRITE);	/* flush */
-		kchanio(ppp->cchan, "h", 1, OWRITE);	/* hangup */
-	}
-	cclose(ppp->dchan);
-	cclose(ppp->cchan);
-	ppp->dchan = nil;
-	ppp->cchan = nil;
-	ppp->pppup = 0;
-	qunlock(ppp);
-	poperror();
-}
-
-/* return next input IP packet */
-Block*
-pppread(PPP *ppp)
-{
-	Block *b;
-	int proto;
-	Lcpmsg *m;
-
-	for(;;){
-		proto = getframe(ppp, &b);
-		if(b == nil)
-			return nil;
-		netlog(ppp->f, Logppp, "ppp: read proto %d len %d\n", proto, blocklen(b));
-		switch(proto){
-		case Plcp:
-			rcv(ppp, ppp->lcp, b);
-			break;
-		case Pipcp:
-			rcv(ppp, ppp->ipcp, b);
-			break;
-		case Pip:
-			if(ppp->ipcp->state == Sopened)
-				return b;
-			freeblist(b);
-			break;
-		case Plqm:
-			getlqm(ppp, b);
-			break;
-		case Pchap:
-			getchap(ppp, b);
-			break;
-		case Ppap:
-			getpap(ppp, b);
-			break;
-		case Pvjctcp:
-		case Pvjutcp:
-			if(ppp->ipcp->state == Sopened){
-				b = tcpuncompress(ppp->ctcp, b, proto, ppp->f);
-				if(b != nil)
-					return b;
-			}
-			freeblist(b);
-			break;
-		default:
-			netlog(ppp->f, Logppp, "unknown proto %ux\n", proto);
-			if(ppp->lcp->state == Sopened){
-				/* reject the protocol */
-				b->rp -= 6;
-				m = (Lcpmsg*)b->rp;
-				m->code = Lprotorej;
-				m->id = ++ppp->lcp->id;
-				hnputs(m->data, proto);
-				hnputs(m->len, BLEN(b));
-				b = putframe(ppp, Plcp, b);
-			}
-			freeblist(b);
-			break;
-		}
-	}
-	return nil;		/* compiler confused */
-}
-
-/* transmit an IP packet */
-int
-pppwrite(PPP *ppp, Block *b)
-{
-	ushort proto;
-	int r;
-
-	qlock(ppp);
-
-	/* can't send ip packets till we're established */
-	if(ppp->ipcp->state != Sopened)
-		goto ret;
-
-	/* link hung up */
-	if(ppp->dchan == nil)
-		goto ret;
-
-	b = concatblock(b);		/* or else compression will barf */
-
-	proto = Pip;
-	if(ppp->ipcp->flags & Fipcompress)
-		proto = compress(ppp->ctcp, b, ppp->f);
-	b = putframe(ppp, proto, b);
-
-
-ret:
-	qunlock(ppp);
-
-	r = blocklen(b);
-	netlog(ppp->f, Logppp, "ppp wrt len %d\n", r);
-
-	freeblist(b);
-	return r;
-}
-
-/*
- *  link quality management
- */
-static void
-getlqm(PPP *ppp, Block *b)
-{
-	Qualpkt *p;
-
-	p = (Qualpkt*)b->rp;
-	if(BLEN(b) == sizeof(Qualpkt)){
-		ppp->in.reports++;
-		ppp->pout.reports = nhgetl(p->peeroutreports);
-		ppp->pout.packets = nhgetl(p->peeroutpackets);
-		ppp->pout.bytes = nhgetl(p->peeroutbytes);
-		ppp->pin.reports = nhgetl(p->peerinreports);
-		ppp->pin.packets = nhgetl(p->peerinpackets);
-		ppp->pin.discards = nhgetl(p->peerindiscards);
-		ppp->pin.errors = nhgetl(p->peerinerrors);
-		ppp->pin.bytes = nhgetl(p->peerinbytes);
-
-		/* save our numbers at time of reception */
-		memmove(&ppp->sin, &ppp->in, sizeof(Qualstats));
-
-	}
-	freeblist(b);
-	if(ppp->period == 0)
-		putlqm(ppp);
-
-}
-static void
-putlqm(PPP *ppp)
-{
-	Qualpkt *p;
-	Block *b;
-
-	b = allocb(sizeof(Qualpkt));
-	b->wp += sizeof(Qualpkt);
-	p = (Qualpkt*)b->rp;
-	hnputl(p->magic, 0);
-
-	/* heresay (what he last told us) */
-	hnputl(p->lastoutreports, ppp->pout.reports);
-	hnputl(p->lastoutpackets, ppp->pout.packets);
-	hnputl(p->lastoutbytes, ppp->pout.bytes);
-
-	/* our numbers at time of last reception */
-	hnputl(p->peerinreports, ppp->sin.reports);
-	hnputl(p->peerinpackets, ppp->sin.packets);
-	hnputl(p->peerindiscards, ppp->sin.discards);
-	hnputl(p->peerinerrors, ppp->sin.errors);
-	hnputl(p->peerinbytes, ppp->sin.bytes);
-
-	/* our numbers now */
-	hnputl(p->peeroutreports, ppp->out.reports+1);
-	hnputl(p->peeroutpackets, ppp->out.packets+1);
-	hnputl(p->peeroutbytes, ppp->out.bytes+53/*hack*/);
-
-	b = putframe(ppp, Plqm, b);
-	freeblist(b);
-	ppp->out.reports++;
-}
-
-/*
- *  challenge response dialog
- */
-static void
-getchap(PPP *ppp, Block *b)
-{
-	Lcpmsg *m;
-	int len, vlen, n;
-	char md5buf[512];
-
-	m = (Lcpmsg*)b->rp;
-	len = nhgets(m->len);
-	if(BLEN(b) < len){
-		netlog(ppp->f, Logppp, "ppp %s: short chap message\n", ppp->ifc->dev);
-		freeblist(b);
-		return;
-	}
-
-	switch(m->code){
-	case Cchallenge:
-		vlen = m->data[0];
-		if(vlen > len - 5){
-			netlog(ppp->f, Logppp, "PPP %s: bad challenge len\n", ppp->ifc->dev);
-			freeblist(b);
-			break;
-		}
-
-		netlog(ppp->f, Logppp, "PPP %s: CHAP Challenge\n", ppp->ifc->dev);
-netlog(ppp->f, Logppp, "(secret %s chapname %s id %d)\n", ppp->secret, ppp->chapname, m->id);
-		/* create string to hash */
-		md5buf[0] = m->id;
-		strcpy(md5buf+1, ppp->secret);
-		n = strlen(ppp->secret) + 1;
-		memmove(md5buf+n, m->data+1, vlen);
-		n += vlen;
-		freeblist(b);
-
-		/* send reply */
-		len = 4 + 1 + 16 + strlen(ppp->chapname);
-		b = alloclcp(2, md5buf[0], len);
-		m = IPB2LCP(b);
-		m->data[0] = 16;
-		md5((uchar*)md5buf, n, m->data+1, 0);
-		memmove((char*)m->data+17, ppp->chapname, strlen(ppp->chapname));
-		hnputs(m->len, len);
-		b->wp += len-4;
-		b = putframe(ppp, Pchap, b);
-		break;
-	case Cresponse:
-		netlog(ppp->f, Logppp, "PPP %s: chap response?\n", ppp->ifc->dev);
-		break;
-	case Csuccess:
-		netlog(ppp->f, Logppp, "PPP %s: chap succeeded\n", ppp->ifc->dev);
-		setphase(ppp, Pnet);
-		break;
-	case Cfailure:
-		netlog(ppp->f, Logppp, "PPP %s: chap failed: %.*s\n", ppp->ifc->dev, len-4, m->data);
-		errlog(ppp, Eperm);
-		break;
-	default:
-		netlog(ppp->f, Logppp, "PPP %s: chap code %d?\n", ppp->ifc->dev, m->code);
-		break;
-	}
-	freeblist(b);
-}
-
-/*
- *  password authentication protocol dialog
- *	-- obsolete but all we know how to use with NT just now
- */
-static void
-sendpap(PPP *ppp)
-{
-	Lcpmsg *m;
-	int clen, slen, len;
-	Block *b;
-	uchar *p;
-
-	clen = strlen(ppp->chapname);
-	slen = strlen(ppp->secret);
-	len = 4 + 1 + clen + 1 + slen;
-	ppp->papid = ++ppp->lcp->id;
-	b = alloclcp(Cpapreq, ppp->papid, len);
-	m = IPB2LCP(b);
-	p = m->data;
-	p[0] = clen;
-	memmove(p+1, ppp->chapname, clen);
-	p += clen + 1;
-	p[0] = slen;
-	memmove(p+1, ppp->secret, slen);
-	hnputs(m->len, len);
-	b->wp += len-4;
-	b = putframe(ppp, Ppap, b);
-	netlog(ppp->f, Logppp, "PPP %s: sent pap auth req (%d)\n", ppp->ifc->dev, len);
-	freeblist(b);
-}
-
-static void
-getpap(PPP *ppp, Block *b)
-{
-	Lcpmsg *m;
-	int len;
-
-	m = (Lcpmsg*)b->rp;
-	len = nhgets(m->len);
-	if(BLEN(b) < len){
-		netlog(ppp->f, Logppp, "ppp %s: short pap message\n", ppp->ifc->dev);
-		freeblist(b);
-		return;
-	}
-
-	switch(m->code){
-	case Cpapreq:
-		netlog(ppp->f, Logppp, "PPP %s: pap request?\n", ppp->ifc->dev);
-		break;
-	case Cpapack:
-		netlog(ppp->f, Logppp, "PPP %s: PAP succeeded\n", ppp->ifc->dev);
-		setphase(ppp, Pnet);
-		break;
-	case Cpapnak:
-		if(m->data[0])
-			netlog(ppp->f, Logppp, "PPP %s: PAP failed: %.*s\n", ppp->ifc->dev, len-5, m->data+1);
-		else
-			netlog(ppp->f, Logppp, "PPP %s: PAP failed\n", ppp->ifc->dev);
-		errlog(ppp, Eperm);
-		break;
-	default:
-		netlog(ppp->f, Logppp, "PPP %s: pap code %d?\n", ppp->ifc->dev, m->code);
-		break;
-	}
-	freeblist(b);
-}
-
-static void
-printopts(PPP *ppp, Pstate *p, Block *b, int send)
-{
-	Lcpmsg *m;	
-	Lcpopt *o;
-	int proto, x, period;
-	uchar *cp;
-	char *code, *dir;
-
-	m = (Lcpmsg*)b->rp;
-	switch(m->code) {
-	default: code = "<unknown>"; break;
-	case Lconfreq: code = "confrequest"; break;
-	case Lconfack: code = "confack"; break;
-	case Lconfnak: code = "confnak"; break;
-	case Lconfrej: code = "confreject"; break;
-	}
-
-	if(send)
-		dir = "send";
-	else
-		dir = "recv";
-
-	netlog(ppp->f, Logppp, "ppp: %s %s: id=%d\n", dir, code, m->id);
-
-	for(cp = m->data; cp < b->wp; cp += o->len){
-		o = (Lcpopt*)cp;
-		if(cp + o->len > b->wp || o->len == 0){
-			netlog(ppp->f, Logppp, "\tbad option length %ux\n", o->type);
-			return;
-		}
-
-		switch(p->proto){
-		case Plcp:
-			switch(o->type){
-			default:
-				netlog(ppp->f, Logppp, "\tunknown %d len=%d\n", o->type, o->len);
-				break;
-			case Omtu:
-				netlog(ppp->f, Logppp, "\tmtu = %d\n", nhgets(o->data));
-				break;
-			case Octlmap:
-				netlog(ppp->f, Logppp, "\tctlmap = %ux\n", nhgetl(o->data));
-				break;
-			case Oauth:
-				netlog(ppp->f, Logppp, "\tauth = ", nhgetl(o->data));
-				proto = nhgets(o->data);
-				switch(proto) {
-				default:
-					netlog(ppp->f, Logppp, "unknown auth proto %d\n", proto);
-					break;
-				case Ppap:
-					netlog(ppp->f, Logppp, "password\n");
-					break;
-				case Pchap:
-					netlog(ppp->f, Logppp, "chap %ux\n", o->data[2]);
-					break;
-				}
-				break;
-			case Oquality:
-				proto = nhgets(o->data);
-				switch(proto) {
-				default:
-					netlog(ppp->f, Logppp, "\tunknown quality proto %d\n", proto);
-					break;
-				case Plqm:
-					x = nhgetl(o->data+2)*10;
-					period = (x+Period-1)/Period;
-					netlog(ppp->f, Logppp, "\tlqm period = %d\n", period);
-					break;
-				}
-			case Omagic:
-				netlog(ppp->f, Logppp, "\tmagic = %ux\n", nhgetl(o->data));
-				break;
-			case Opc:
-				netlog(ppp->f, Logppp, "\tprotocol compress\n");
-				break;
-			case Oac:
-				netlog(ppp->f, Logppp, "\taddr compress\n");
-				break;
-			}
-			break;
-		case Pccp:
-			switch(o->type){
-			default:
-				netlog(ppp->f, Logppp, "\tunknown %d len=%d\n", o->type, o->len);
-				break;
-			case Ocoui:	
-				netlog(ppp->f, Logppp, "\tOUI\n");
-				break;
-			case Ocstac:
-				netlog(ppp->f, Logppp, "\tstac LZS\n");
-				break;
-			case Ocmppc:	
-				netlog(ppp->f, Logppp, "\tMicrosoft PPC len=%d %ux\n", o->len, nhgetl(o->data));
-				break;
-			}
-			break;
-		case Pecp:
-			switch(o->type){
-			default:
-				netlog(ppp->f, Logppp, "\tunknown %d len=%d\n", o->type, o->len);
-				break;
-			case Oeoui:	
-				netlog(ppp->f, Logppp, "\tOUI\n");
-				break;
-			case Oedese:
-				netlog(ppp->f, Logppp, "\tDES\n");
-				break;
-			}
-			break;
-		case Pipcp:
-			switch(o->type){
-			default:
-				netlog(ppp->f, Logppp, "\tunknown %d len=%d\n", o->type, o->len);
-				break;
-			case Oipaddrs:	
-				netlog(ppp->f, Logppp, "\tip addrs - deprecated\n");
-				break;
-			case Oipcompress:
-				netlog(ppp->f, Logppp, "\tip compress\n");
-				break;
-			case Oipaddr:	
-				netlog(ppp->f, Logppp, "\tip addr %V\n", o->data);
-				break;
-			case Oipdns:
-				netlog(ppp->f, Logppp, "\tdns addr %V\n", o->data);
-				break;
-			case Oipwins:	
-				netlog(ppp->f, Logppp, "\twins addr %V\n", o->data);
-				break;
-			case Oipdns2:
-				netlog(ppp->f, Logppp, "\tdns2 addr %V\n", o->data);
-				break;
-			case Oipwins2:	
-				netlog(ppp->f, Logppp, "\twins2 addr %V\n", o->data);
-				break;
-			}
-			break;
-		}
-	}
-}
-
-static void
-sendtermreq(PPP *ppp, Pstate *p)
-{
-	Block *b;
-	Lcpmsg *m;
-
-	p->termid = ++(p->id);
-	b = alloclcp(Ltermreq, p->termid, 4);
-	m = IPB2LCP(b);
-	hnputs(m->len, 4);
-	putframe(ppp, p->proto, b);
-	freeb(b);
-	newstate(ppp, p, Sclosing);
-}
-
-static void
-sendechoreq(PPP *ppp, Pstate *p)
-{
-	Block *b;
-	Lcpmsg *m;
-
-	p->termid = ++(p->id);
-	b = alloclcp(Lechoreq, p->id, 4);
-	m = IPB2LCP(b);
-	hnputs(m->len, 4);
-	putframe(ppp, p->proto, b);
-	freeb(b);
-}
-
-/*
- *  return non-zero if this is a valid v4 address
- */
-static int
-validv4(Ipaddr addr)
-{
-	return memcmp(addr, v4prefix, IPv4off) == 0;
-}
-
-static void
-invalidate(Ipaddr addr)
-{
-	ipmove(addr, IPnoaddr);
-}
--- a/os/ip/ppp.h	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,258 +0,0 @@
-typedef struct PPP	PPP;
-typedef struct Pstate	Pstate;
-typedef struct Lcpmsg	Lcpmsg;
-typedef struct Lcpopt	Lcpopt;
-typedef struct Qualpkt	Qualpkt;
-typedef struct Qualstats Qualstats;
-typedef struct Tcpc	Tcpc;
-
-typedef uchar Ipaddr[IPaddrlen];
-
-enum
-{
-	HDLC_frame=	0x7e,
-	HDLC_esc=	0x7d,
-
-	/* PPP frame fields */
-	PPP_addr=	0xff,
-	PPP_ctl=	0x3,
-	PPP_initfcs=	0xffff,
-	PPP_goodfcs=	0xf0b8,
-
-	/* PPP phases */
-	Pdead=		0,	
-	Plink,				/* doing LCP */
-	Pauth,				/* doing chap */
-	Pnet,				/* doing IPCP, CCP */
-	Pterm,				/* closing down */
-
-	/* PPP protocol types */
-	Pip=		0x21,		/* internet */
-	Pvjctcp=	0x2d,		/* compressing van jacobson tcp */
-	Pvjutcp=	0x2f,		/* uncompressing van jacobson tcp */
-	Pcdata=		0xfd,		/* compressed datagram */
-	Pipcp=		0x8021,		/* ip control */
-	Pecp=		0x8053,		/* encryption control */
-	Pccp=		0x80fd,		/* compressed datagram control */
-	Plcp=		0xc021,		/* link control */
-	Ppap=		0xc023,		/* password auth. protocol */
-	Plqm=		0xc025,		/* link quality monitoring */
-	Pchap=		0xc223,		/* challenge/response */
-
-	/* LCP codes */
-	Lconfreq=	1,
-	Lconfack=	2,
-	Lconfnak=	3,
-	Lconfrej=	4,
-	Ltermreq=	5,
-	Ltermack=	6,
-	Lcoderej=	7,
-	Lprotorej=	8,
-	Lechoreq=	9,
-	Lechoack=	10,
-	Ldiscard=	11,
-
-	/* Lcp configure options */
-	Omtu=		1,
-	Octlmap=	2,
-	Oauth=		3,
-	Oquality=	4,
-	Omagic=		5,
-	Opc=		7,
-	Oac=		8,
-	Obad=		12,		/* for testing */
-
-	/* authentication protocols */
-	APmd5=		5,
-
-	/* lcp flags */
-	Fmtu=		1<<Omtu,
-	Fctlmap=	1<<Octlmap,
-	Fauth=		1<<Oauth,
-	Fquality=	1<<Oquality,
-	Fmagic=		1<<Omagic,
-	Fpc=		1<<Opc,
-	Fac=		1<<Oac,
-	Fbad=		1<<Obad,
-
-	/* Chap codes */
-	Cchallenge=	1,
-	Cresponse=	2,
-	Csuccess=	3,
-	Cfailure=	4,
-
-	/* Pap codes */
-	Cpapreq=		1,
-	Cpapack=		2,
-	Cpapnak=		3,
-
-	/* link states */
-	Sclosed=		0,
-	Sclosing,
-	Sreqsent,
-	Sackrcvd,
-	Sacksent,
-	Sopened,
-
-	/* ccp configure options */
-	Ocoui=		0,	/* proprietary compression */
-	Ocstac=		17,	/* stac electronics LZS */
-	Ocmppc=		18,	/* microsoft ppc */
-
-	/* ccp flags */
-	Fcoui=		1<<Ocoui,
-	Fcstac=		1<<Ocstac,
-	Fcmppc=		1<<Ocmppc,
-
-	/* ecp configure options */
-	Oeoui=		0,	/* proprietary compression */
-	Oedese=		1,	/* DES */
-
-	/* ecp flags */
-	Feoui=		1<<Oeoui,
-	Fedese=		1<<Oedese,
-
-	/* ipcp configure options */
-	Oipaddrs=	1,
-	Oipcompress=	2,
-	Oipaddr=	3,
-	Oipdns=		129,
-	Oipwins=	130,
-	Oipdns2=	131,
-	Oipwins2=	132,
-
-	/* ipcp flags */
-	Fipaddrs=	1<<Oipaddrs,
-	Fipcompress=	1<<Oipcompress,
-	Fipaddr=	1<<Oipaddr,
-
-	Period=		3*1000,	/* period of retransmit process (in ms) */
-	Timeout=	10,	/* xmit timeout (in Periods) */
-
-	MAX_STATES	= 16,		/* van jacobson compression states */
-	Defmtu=		1450,		/* default that we will ask for */
-	Minmtu=		128,		/* minimum that we will accept */
-	Maxmtu=		2000,		/* maximum that we will accept */
-};
-
-
-struct Pstate
-{
-	int	proto;		/* protocol type */
-	int	timeout;		/* for current state */
-	int	rxtimeout;	/* for current retransmit */
-	ulong	flags;		/* options received */
-	uchar	id;		/* id of current message */
-	uchar	confid;		/* id of current config message */
-	uchar	termid;		/* id of current termination message */
-	uchar	rcvdconfid;	/* id of last conf message received */
-	uchar	state;		/* PPP link state */
-	ulong	optmask;		/* which options to request */
-	int	echoack;	/* recieved echo ack */
-	int	echotimeout;	/* echo timeout */
-};
-
-struct Qualstats
-{
-	ulong	reports;
-	ulong	packets;
-	ulong	bytes;
-	ulong	discards;
-	ulong	errors;
-};
-
-struct PPP
-{
-	QLock;
-
-	Chan*	dchan;			/* serial line */
-	Chan*	cchan;			/* serial line control */
-	int		framing;	/* non-zero to use framing characters */
-	Ipaddr	local;
-	int		localfrozen;
-	Ipaddr	remote;
-	int		remotefrozen;
-
-	int	pppup;
-	Fs	*f;		/* file system we belong to */
-	Ipifc*	ifc;
-	Proc*	readp;			/* reading process */
-	Proc*	timep;			/* timer process */
-	Block*	inbuf;			/* input buffer */
-	Block*	outbuf;			/* output buffer */
-	QLock	outlock;		/*  and its lock */
-
-	ulong	magic;			/* magic number to detect loop backs */
-	ulong	rctlmap;		/* map of chars to ignore in rcvr */
-	ulong	xctlmap;		/* map of chars to excape in xmit */
-	int		phase;		/* PPP phase */
-	Pstate*	lcp;			/* lcp state */
-	Pstate*	ipcp;			/* ipcp state */
-	char	secret[256];		/* md5 key */
-	char	chapname[256];		/* chap system name */
-	Tcpc*	ctcp;
-	ulong		mtu;		/* maximum xmit size */
-	ulong		mru;		/* maximum recv size */
-
-	int	baud;
-	int	usepap;	/* authentication is PAP in every sense, not CHAP */
-	int	papid;
-	int	usechap;
-
-	/* rfc */
-	int	usedns;
-	Ipaddr	dns1;
-	Ipaddr	dns2;
-
-	/* link quality monitoring */
-	int		period;		/* lqm period */
-	int		timeout;	/* time to next lqm packet */
-	Qualstats	in;		/* local */
-	Qualstats	out;
-	Qualstats	pin;		/* peer */
-	Qualstats	pout;
-	Qualstats	sin;		/* saved */
-};
-
-PPP*		pppopen(PPP*, char*, Ipaddr, Ipaddr, int, int, char*, char*);
-Block*	pppread(PPP*);
-int		pppwrite(PPP*, Block*);
-void		pppclose(PPP*);
-
-struct Lcpmsg
-{
-	uchar	code;
-	uchar	id;
-	uchar	len[2];
-	uchar	data[1];
-};
-
-struct Lcpopt
-{
-	uchar	type;
-	uchar	len;
-	uchar	data[1];
-};
-
-struct Qualpkt
-{
-	uchar	magic[4];
-
-	uchar	lastoutreports[4];
-	uchar	lastoutpackets[4];
-	uchar	lastoutbytes[4];
-	uchar	peerinreports[4];
-	uchar	peerinpackets[4];
-	uchar	peerindiscards[4];
-	uchar	peerinerrors[4];
-	uchar	peerinbytes[4];
-	uchar	peeroutreports[4];
-	uchar	peeroutpackets[4];
-	uchar	peeroutbytes[4];
-};
-
-ushort	compress(Tcpc*, Block*, Fs*);
-Tcpc*	compress_init(Tcpc*);
-int		compress_negotiate(Tcpc*, uchar*);
-ushort	tcpcompress(Tcpc*, Block*, Fs*);
-Block*	tcpuncompress(Tcpc*, Block*, ushort, Fs*);
--- a/os/ip/pppmedium.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,192 +0,0 @@
-#include "u.h"
-#include "../port/lib.h"
-#include "mem.h"
-#include "dat.h"
-#include "fns.h"
-#include "../port/error.h"
-
-#include "ip.h"
-#include "kernel.h"
-#include "ppp.h"
-
-static void	pppreader(void *a);
-static void	pppbind(Ipifc *ifc, int argc, char **argv);
-static void	pppunbind(Ipifc *ifc);
-static void	pppbwrite(Ipifc *ifc, Block *bp, int version, uchar *ip);
-static void	deadremote(Ipifc *ifc);
-
-Medium pppmedium =
-{
-.name=	"ppp",
-.hsize=	4,
-.mintu=	Minmtu,
-.maxtu=	Maxmtu,
-.maclen=	0,
-.bind=	pppbind,
-.unbind=	pppunbind,
-.bwrite=	pppbwrite,
-.unbindonclose=	0,		/* don't unbind on last close */
-};
-
-/*
- *  called to bind an IP ifc to an ethernet device
- *  called with ifc wlock'd
- */
-static void
-pppbind(Ipifc *ifc, int argc, char **argv)
-{
-	PPP *ppp;
-	Ipaddr ipaddr, remip;
-	int mtu, framing;
-	char *chapname, *secret;
-
-	if(argc < 3)
-		error(Ebadarg);
-
-	ipmove(ipaddr, IPnoaddr);
-	ipmove(remip, IPnoaddr);
-	mtu = Defmtu;
-	framing = 1;
-	chapname = nil;
-	secret = nil;
-
-	switch(argc){
-	default:
-	case 9:
-		if(argv[8][0] != '-')
-			secret = argv[8];
-	case 8:
-		if(argv[7][0] != '-')
-			chapname = argv[7];
-	case 7:
-		if(argv[6][0] != '-')
-			framing = strtoul(argv[6], 0, 0);
-	case 6:
-		if(argv[5][0] != '-')
-			mtu = strtoul(argv[5], 0, 0);
-	case 5:
-		if(argv[4][0] != '-')
-			parseip(remip, argv[4]);
-	case 4:
-		if(argv[3][0] != '-')
-			parseip(ipaddr, argv[3]);
-	case 3:
-		break;
-	}
-
-	ppp = smalloc(sizeof(*ppp));
-	ppp->ifc = ifc;
-	ppp->f = ifc->conv->p->f;
-	ifc->arg = ppp;
-	if(waserror()){
-		pppunbind(ifc);
-		nexterror();
-	}
-	if(pppopen(ppp, argv[2], ipaddr, remip, mtu, framing, chapname, secret) == nil)
-		error("ppp open failed");
-	poperror();
-	kproc("pppreader", pppreader, ifc, KPDUPPG|KPDUPFDG);
-}
-
-static void
-pppreader(void *a)
-{
-	Ipifc *ifc;
-	Block *bp;
-	PPP *ppp;
-
-	ifc = a;
-	ppp = ifc->arg;
-	ppp->readp = up;	/* hide identity under a rock for unbind */
-	setpri(PriHi);
-
-	if(waserror()){
-		netlog(ppp->f, Logppp, "pppreader: %I: %s\n", ppp->local, up->env->errstr);
-		ppp->readp = 0;
-		deadremote(ifc);
-		pexit("hangup", 1);
-	}
-
-	for(;;){
-		bp = pppread(ppp);
-		if(bp == nil)
-			error("hungup");
-		if(!canrlock(ifc)){
-			freeb(bp);
-			continue;
-		}
-		if(waserror()){
-			runlock(ifc);
-			nexterror();
-		}
-		ifc->in++;
-		if(ifc->lifc == nil)
-			freeb(bp);
-		else
-			ipiput(ppp->f, ifc, bp);
-		runlock(ifc);
-		poperror();
-	}
-}
-
-/*
- *  called with ifc wlock'd
- */
-static void
-pppunbind(Ipifc *ifc)
-{
-	PPP *ppp = ifc->arg;
-
-	if(ppp == nil)
-		return;
-	if(ppp->readp)
-		postnote(ppp->readp, 1, "unbind", 0);
-	if(ppp->timep)
-		postnote(ppp->timep, 1, "unbind", 0);
-
-	/* wait for kprocs to die */
-	while(ppp->readp != 0 || ppp->timep != 0)
-		tsleep(&up->sleep, return0, 0, 300);
-
-	pppclose(ppp);
-	qclose(ifc->conv->eq);
-	ifc->arg = nil;
-}
-
-/*
- *  called by ipoput with a single packet to write with ifc rlock'd
- */
-static void
-pppbwrite(Ipifc *ifc, Block *bp, int, uchar*)
-{
-	PPP *ppp = ifc->arg;
-
-	pppwrite(ppp, bp);
-	ifc->out++;
-}
-
-/*
- *	If the other end hangs up, we have to unbind the interface.  An extra
- *	unbind (in the case where we are hanging up) won't do any harm.
- */
-static void
-deadremote(Ipifc *ifc)
-{
-	int fd;
-	char path[128];
-	PPP *ppp;
-
-	ppp = ifc->arg;
-	snprint(path, sizeof path, "#I%d/ipifc/%d/ctl", ppp->f->dev, ifc->conv->x);
-	fd = kopen(path, ORDWR);
-	if(fd < 0)
-		return;
-	kwrite(fd, "unbind", sizeof("unbind")-1);
-	kclose(fd);
-}
-
-void
-pppmediumlink(void)
-{
-	addipmedium(&pppmedium);
-}
--- a/os/ip/ptclbsum.c	Thu Aug 12 23:08:35 2021
+++ /dev/null	Mon Oct 18 12:05:45 2021
@@ -1,72 +0,0 @@
-#include	"u.h"
-#include	"../port/lib.h"
-#include	"mem.h"
-#include	"dat.h"
-#include	"fns.h"
-#include	"../port/error.h"
-#include	"ip.h"
-
-static	short	endian	= 1;
-static	uchar*	aendian	= (uchar*)&endian;
-#define	LITTLE	*aendian
-
-ushort
-ptclbsum(uchar *addr, int len)
-{
-	ulong losum, hisum, mdsum, x;
-	ulong t1, t2;
-
-	losum = 0;
-	hisum = 0;
-	mdsum = 0;
-
-	x = 0;
-	if((uintptr)addr & 1) {
-		if(len) {
-			hisum += addr[0];
-			len--;
-			addr++;
-		}
-		x = 1;
-	}
-	while(len >= 16) {
-		t1 = *(ushort*)(addr+0);
-		t2 = *(ushort*)(addr+2);	mdsum += t1;
-		t1 = *(ushort*)(addr+4);	mdsum += t2;
-		t2 = *(ushort*)(addr+6);	mdsum += t1;
-		t1 = *(ushort*)(addr+8);	mdsum += t2;
-		t2 = *(ushort*)(addr+10);	mdsum += t1;
-		t1 = *(ushort*)(addr+12);	mdsum += t2;
-		t2 = *(ushort*)(addr+14);	mdsum += t1;
-		mdsum += t2;
-		len -= 16;
-		addr += 16;
-	}
-	while(len >= 2) {
-		mdsum += *(ushort*)addr;
-		len -= 2;
-		addr += 2;
-	}
-	if(x) {
-		if(len)
-			losum += addr[0];
-		if(LITTLE)
-			losum += mdsum;
-		else
-			hisum += mdsum;
-	} else {
-		if(len)
-			hisum += addr[0];
-		if(LITTLE)
-			hisum += mdsum;
-		else
-			losum += mdsum;
-	}
-
-	losum += hisum >> 8;
-	losum += (hisum & 0xff) << 8;
-	while(hisum = losum>>16)
-		losum = hisum + (losum & 0xffff);
-
-	return losum & 0xffff;
-}
--- a/os/ip/rudp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/rudp.c	Sat Aug 21 01:39:52 2021
@@ -1,4 +1,5 @@
 /*
+ *  Reliable User Datagram Protocol, currently only for IPv4.
  *  This protocol is compatible with UDP's packet format.
  *  It could be done over UDP if need be.
  */
@@ -25,20 +26,17 @@
 
 enum
 {
-	UDP_HDRSIZE	= 20,	/* pseudo header + udp header */
 	UDP_PHDRSIZE	= 12,	/* pseudo header */
+//	UDP_HDRSIZE	= 20,	/* pseudo header + udp header */
 	UDP_RHDRSIZE	= 36,	/* pseudo header + udp header + rudp header */
 	UDP_IPHDR	= 8,	/* ip header */
 	IP_UDPPROTO	= 254,
-	UDP_USEAD7	= 52,
-	UDP_USEAD6	= 36,
-	UDP_USEAD4	= 12,
+	UDP_USEAD7	= 52,	/* size of new ipv6 headers struct */
 
 	Rudprxms	= 200,
 	Rudptickms	= 50,
 	Rudpmaxxmit	= 10,
 	Maxunacked	= 100,
-
 };
 
 #define Hangupgen	0xffffffff	/* used only in hangup messages */
@@ -205,7 +203,7 @@
 		qlock(&rpriv->apl);
 		if(rpriv->ackprocstarted == 0){
 			sprint(kpname, "#I%drudpack", rudp->f->dev);
-			kproc(kpname, relackproc, rudp, 0);
+			kproc(kpname, relackproc, rudp);
 			rpriv->ackprocstarted = 1;
 		}
 		qunlock(&rpriv->apl);
@@ -240,6 +238,7 @@
 	qlock(ucb);
 	for(r = ucb->r; r; r = r->next)
 		m += snprint(state+m, n-m, " %I/%ld", r->addr, UNACKED(r));
+	m += snprint(state+m, n-m, "\n");
 	qunlock(ucb);
 	return m;
 }
@@ -281,7 +280,7 @@
 	/* force out any delayed acks */
 	ucb = (Rudpcb*)c->ptcl;
 	qlock(ucb);
-	for(r = ucb->r; r; r = r->next){
+	for(r = ucb->r; r != nil; r = r->next){
 		if(r->acksent != r->rcvseq)
 			relsendack(c, r, 0);
 	}
@@ -374,27 +373,10 @@
 		rport = nhgets(bp->rp);
 		bp->rp += 2+2;			/* Ignore local port */
 		break;
-	case 6:
-		/* get user specified addresses */
-		bp = pullupblock(bp, UDP_USEAD6);
-		if(bp == nil)
-			return;
-		ipmove(raddr, bp->rp);
-		bp->rp += IPaddrlen;
-		ipmove(laddr, bp->rp);
-		bp->rp += IPaddrlen;
-		/* pick interface closest to dest */
-		if(ipforme(f, laddr) != Runi)
-			findlocalip(f, laddr, raddr);
-		rport = nhgets(bp->rp);
-
-		bp->rp += 4;			/* Igonore local port */
-		break;
 	default:
 		ipmove(raddr, c->raddr);
 		ipmove(laddr, c->laddr);
 		rport = c->rport;
-
 		break;
 	}
 
@@ -402,9 +384,6 @@
 
 	/* Make space to fit rudp & ip header */
 	bp = padblock(bp, UDP_IPHDR+UDP_RHDRSIZE);
-	if(bp == nil)
-		return;
-
 	uh = (Udphdr *)(bp->rp);
 	uh->vihl = IP_VER4;
 
@@ -417,7 +396,6 @@
 	uh->frag[1] = 0;
 	hnputs(uh->udpplen, ptcllen);
 	switch(ucb->headers){
-	case 6:
 	case 7:
 		v6tov4(uh->udpdst, raddr);
 		hnputs(uh->udpdport, rport);
@@ -528,7 +506,7 @@
 
 	c = iphtlook(&upriv->ht, raddr, rport, laddr, lport);
 	if(c == nil){
-		/* no converstation found */
+		/* no conversation found */
 		upriv->ustats.rudpNoPorts++;
 		qunlock(rudp);
 		netlog(f, Logudp, "udp: no conv %I!%d -> %I!%d\n", raddr, rport,
@@ -574,45 +552,32 @@
 		p = bp->rp;
 		ipmove(p, raddr); p += IPaddrlen;
 		ipmove(p, laddr); p += IPaddrlen;
-		ipmove(p, ifc->lifc->local); p += IPaddrlen;
-		hnputs(p, rport); p += 2;
-		hnputs(p, lport);
-		break;
-	case 6:
-		/* pass the src address */
-		bp = padblock(bp, UDP_USEAD6);
-		p = bp->rp;
-		ipmove(p, raddr); p += IPaddrlen;
-		ipmove(p, ipforme(f, laddr)==Runi ? laddr : ifc->lifc->local); p += IPaddrlen;
+		if(!ipv6local(ifc, p, 0, raddr))
+			ipmove(p, ifc->lifc != nil ? ifc->lifc->local : IPnoaddr);
+		p += IPaddrlen;
 		hnputs(p, rport); p += 2;
 		hnputs(p, lport);
 		break;
 	default:
 		/* connection oriented rudp */
 		if(ipcmp(c->raddr, IPnoaddr) == 0){
-			/* save the src address in the conversation */
+			/* reply with the same ip address (if not broadcast) */
+			if(ipforme(f, laddr) != Runi)
+				ipv6local(ifc, laddr, 0, raddr);
+			ipmove(c->laddr, laddr);
 		 	ipmove(c->raddr, raddr);
 			c->rport = rport;
-
-			/* reply with the same ip address (if not broadcast) */
-			if(ipforme(f, laddr) == Runi)
-				ipmove(c->laddr, laddr);
-			else
-				v4tov6(c->laddr, ifc->lifc->local);
 		}
 		break;
 	}
-	if(bp->next)
-		bp = concatblock(bp);
 
 	if(qfull(c->rq)) {
-		netlog(f, Logrudp, "rudp: qfull %I.%d -> %I.%d\n", raddr, rport,
-			laddr, lport);
+		netlog(f, Logrudp, "rudp: qfull %I.%d -> %I.%d\n",
+			raddr, rport, laddr, lport);
 		freeblist(bp);
+	} else {
+		qpass(c->rq, concatblock(bp));
 	}
-	else
-		qpass(c->rq, bp);
-	
 	qunlock(ucb);
 }
 
@@ -629,23 +594,21 @@
 	if(n < 1)
 		return rudpunknown;
 
-	if(strcmp(f[0], "headers++4") == 0){
-		ucb->headers = 7;
-		return nil;
-	} else if(strcmp(f[0], "headers") == 0){
-		ucb->headers = 6;
+	if(strcmp(f[0], "headers") == 0){
+		ucb->headers = 7;		/* new headers format */
 		return nil;
 	} else if(strcmp(f[0], "hangup") == 0){
 		if(n < 3)
 			return "bad syntax";
-		parseip(ip, f[1]);
+		if (parseip(ip, f[1]) == -1)
+			return Ebadip;
 		x = atoi(f[2]);
 		qlock(ucb);
 		relforget(c, ip, x, 1);
 		qunlock(ucb);
 		return nil;
 	} else if(strcmp(f[0], "randdrop") == 0){
-		x = 10;		/* default is 10% */
+		x = 10;			/* default is 10% */
 		if(n > 1)
 			x = atoi(f[1]);
 		if(x > 100 || x < 0)
@@ -672,12 +635,13 @@
 	pdest = nhgets(h->udpdport);
 
 	/* Look for a connection */
-	for(p = rudp->conv; *p; p++) {
-		s = *p;
+	for(p = rudp->conv; (s = *p) != nil; p++) {
 		if(s->rport == pdest)
 		if(s->lport == psource)
 		if(ipcmp(s->raddr, dest) == 0)
 		if(ipcmp(s->laddr, source) == 0){
+			if(s->ignoreadvice)
+				break;
 			qhangup(s->rq, msg);
 			qhangup(s->wq, msg);
 			break;
@@ -701,12 +665,6 @@
 		upriv->orders);
 }
 
-int
-rudpgc(Proto *rudp)
-{
-	return natgc(rudp->ipproto);
-}
-
 void
 rudpinit(Fs *fs)
 {
@@ -725,9 +683,8 @@
 	rudp->rcv = rudpiput;
 	rudp->advise = rudpadvise;
 	rudp->stats = rudpstats;
-	rudp->gc = rudpgc;
 	rudp->ipproto = IP_UDPPROTO;
-	rudp->nc = 16;
+	rudp->nc = 32;
 	rudp->ptclsize = sizeof(Rudpcb);
 
 	Fsproto(fs, rudp);
@@ -770,6 +727,8 @@
 
 	rudp = (Proto *)a;
 
+	while(waserror())
+		;
 loop:
 	tsleep(&up->sleep, return0, 0, Rudptickms);
 
@@ -989,8 +948,6 @@
 	Fs *f;
 
 	bp = allocb(UDP_IPHDR + UDP_RHDRSIZE);
-	if(bp == nil)
-		return;
 	bp->wp += UDP_IPHDR + UDP_RHDRSIZE;
 	f = c->p->f;
 	uh = (Udphdr *)(bp->rp);
--- a/os/ip/tcp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/tcp.c	Sat Aug 21 01:39:52 2021
@@ -41,13 +41,13 @@
 	EOLOPT		= 0,
 	NOOPOPT		= 1,
 	MSSOPT		= 2,
-	MSS_LENGTH	= 4,		/* Mean segment size */
+	MSS_LENGTH	= 4,		/* Maximum segment size */
 	WSOPT		= 3,
 	WS_LENGTH	= 3,		/* Bits to scale window size by */
 	MSL2		= 10,
 	MSPTICK		= 50,		/* Milliseconds per timer tick */
-	DEF_MSS		= 1460,		/* Default mean segment */
-	DEF_MSS6	= 1280,		/* Default mean segment (min) for v6 */
+	DEF_MSS		= 1460,		/* Default maximum segment */
+	DEF_MSS6	= 1220,		/* Default maximum segment (min) for v6 */
 	DEF_RTT		= 500,		/* Default round trip */
 	DEF_KAT		= 120000,	/* Default time (ms) between keep alives */
 	TCP_LISTEN	= 0,		/* Listen connection */
@@ -81,7 +81,13 @@
 	NLHT		= 256,		/* hash table size, must be a power of 2 */
 	LHTMASK		= NLHT-1,
 
-	HaveWS		= 1<<8,
+	/*
+	 * window is 64kb · 2ⁿ
+	 * these factors determine the ultimate bandwidth-delay product.
+	 * 64kb · 2⁵ = 2mb, or 2x overkill for 100mbps · 70ms.
+	 */
+	Maxqscale	= 4,		/* maximum queuing scale */
+	Defadvscale	= 4,		/* default advertisement */
 };
 
 /* Must correspond to the enumeration above */
@@ -169,8 +175,9 @@
 	ulong	seq;
 	ulong	ack;
 	uchar	flags;
-	ushort	ws;	/* window scale option (if not zero) */
-	ulong	wnd;
+	uchar	update;
+	ushort	ws;	/* window scale option */
+	ulong	wnd;	/* prescaled window*/
 	ushort	urg;
 	ushort	mss;	/* max segment size option (if not zero) */
 	ushort	len;	/* size of data */
@@ -205,44 +212,53 @@
 		ulong	wnd;		/* Tcp send window */
 		ulong	urg;		/* Urgent data pointer */
 		ulong	wl2;
-		int	scale;		/* how much to right shift window in xmitted packets */
+		uint	scale;		/* how much to right shift window in xmitted packets */
 		/* to implement tahoe and reno TCP */
 		ulong	dupacks;	/* number of duplicate acks rcvd */
+		ulong	partialack;
 		int	recovery;	/* loss recovery flag */
-		ulong	rxt;		/* right window marker for recovery */
+		int	retransmit;	/* retransmit 1 packet @ una flag */
+		int	rto;
+		ulong	rxt;		/* right window marker for recovery "recover" rfc3782 */
 	} snd;
 	struct {
 		ulong	nxt;		/* Receive pointer to next uchar slot */
 		ulong	wnd;		/* Receive window incoming */
+		ulong	wsnt;		/* Last wptr sent.  important to track for large bdp */
+		ulong	wptr;
 		ulong	urg;		/* Urgent pointer */
+		ulong	ackptr;		/* last acked sequence */
 		int	blocked;
-		int	una;		/* unacked data segs */
-		int	scale;		/* how much to left shift window in rcved packets */
+		uint	scale;		/* how much to left shift window in rcv'd packets */
 	} rcv;
 	ulong	iss;			/* Initial sequence number */
-	int	sawwsopt;		/* true if we saw a wsopt on the incoming SYN */
 	ulong	cwind;			/* Congestion window */
-	int	scale;			/* desired snd.scale */
-	ushort	ssthresh;		/* Slow start threshold */
+	ulong	abcbytes;		/* appropriate byte counting rfc 3465 */
+	uint	scale;			/* desired snd.scale */
+	ulong	ssthresh;		/* Slow start threshold */
 	int	resent;			/* Bytes just resent */
 	int	irs;			/* Initial received squence */
-	ushort	mss;			/* Mean segment size */
+	ushort	mss;			/* Maximum segment size */
 	int	rerecv;			/* Overlap of data rerecevived */
-	ulong	window;			/* Recevive window */
+	ulong	window;			/* Our receive window (queue) */
+	uint	qscale;			/* Log2 of our receive window (queue) */
 	uchar	backoff;		/* Exponential backoff counter */
 	int	backedoff;		/* ms we've backed off for rexmits */
 	uchar	flags;			/* State flags */
 	Reseq	*reseq;			/* Resequencing queue */
+	int	nreseq;
+	int	reseqlen;
 	Tcptimer	timer;			/* Activity timer */
 	Tcptimer	acktimer;		/* Acknowledge timer */
 	Tcptimer	rtt_timer;		/* Round trip timer */
 	Tcptimer	katimer;		/* keep alive timer */
 	ulong	rttseq;			/* Round trip sequence */
-	int	srtt;			/* Shortened round trip */
+	int	srtt;			/* Smoothed round trip */
 	int	mdev;			/* Mean deviation of round trip */
 	int	kacounter;		/* count down for keep alive */
 	uint	sndsyntime;		/* time syn sent */
 	ulong	time;			/* time Finwait2 or Syn_received was sent */
+	ulong	timeuna;			/* snd.una when time was set */
 	int	nochecksum;		/* non-zero means don't send checksums */
 	int	flgcnt;			/* number of flags in the sequence (FIN,SEQ) */
 
@@ -285,11 +301,11 @@
 };
 
 int	tcp_irtt = DEF_RTT;	/* Initial guess at round trip time */
-ushort	tcp_mss = DEF_MSS;	/* Maximum segment size to be sent */
 
 enum {
 	/* MIB stats */
 	MaxConn,
+	Mss,
 	ActiveOpens,
 	PassiveOpens,
 	EstabResets,
@@ -297,6 +313,7 @@
 	InSegs,
 	OutSegs,
 	RetransSegs,
+	RetransSegsSent,
 	RetransTimeouts,
 	InErrs,
 	OutRsts,
@@ -305,14 +322,27 @@
 	CsumErrs,
 	HlenErrs,
 	LenErrs,
+	Resequenced,
 	OutOfOrder,
+	ReseqBytelim,
+	ReseqPktlim,
+	Delayack,
+	Wopenack,
+
+	Recovery,
+	RecoveryDone,
+	RecoveryRTO,
+	RecoveryNoSeq,
+	RecoveryCwind,
+	RecoveryPA,
 
 	Nstats
 };
 
-static char *statnames[] =
+static char *statnames[Nstats] =
 {
 [MaxConn]	"MaxConn",
+[Mss]		"MaxSegment",
 [ActiveOpens]	"ActiveOpens",
 [PassiveOpens]	"PassiveOpens",
 [EstabResets]	"EstabResets",
@@ -320,6 +350,7 @@
 [InSegs]	"InSegs",
 [OutSegs]	"OutSegs",
 [RetransSegs]	"RetransSegs",
+[RetransSegsSent]	"RetransSegsSent",
 [RetransTimeouts]	"RetransTimeouts",
 [InErrs]	"InErrs",
 [OutRsts]	"OutRsts",
@@ -327,6 +358,19 @@
 [HlenErrs]	"HlenErrs",
 [LenErrs]	"LenErrs",
 [OutOfOrder]	"OutOfOrder",
+[Resequenced]	"Resequenced",
+[ReseqBytelim]	"ReseqBytelim",
+[ReseqPktlim]	"ReseqPktlim",
+[Delayack]	"Delayack",
+[Wopenack]	"Wopenack",
+
+[Recovery]	"Recovery",
+[RecoveryDone]	"RecoveryDone",
+[RecoveryRTO]	"RecoveryRTO",
+
+[RecoveryNoSeq]	"RecoveryNoSeq",
+[RecoveryCwind]	"RecoveryCwind",
+[RecoveryPA]	"RecoveryPA",
 };
 
 typedef struct Tcppriv Tcppriv;
@@ -347,7 +391,7 @@
 	QLock	apl;
 	int	ackprocstarted;
 
-	ulong	stats[Nstats];
+	uvlong	stats[Nstats];
 };
 
 /*
@@ -356,34 +400,34 @@
  *  of DoS attack.
  *
  *  To avoid stateless Conv hogs, we pick a sequence number at random.  If
- *  it that number gets acked by the other end, we shut down the connection.
- *  Look for tcpporthogedefense in the code.
+ *  that number gets acked by the other end, we shut down the connection.
+ *  Look for tcpporthogdefense in the code.
  */
 int tcpporthogdefense = 0;
 
-int	addreseq(Tcpctl*, Tcppriv*, Tcp*, Block*, ushort);
-void	getreseq(Tcpctl*, Tcp*, Block**, ushort*);
-void	localclose(Conv*, char*);
-void	procsyn(Conv*, Tcp*);
-void	tcpiput(Proto*, Ipifc*, Block*);
-void	tcpoutput(Conv*);
-int	tcptrim(Tcpctl*, Tcp*, Block**, ushort*);
-void	tcpstart(Conv*, int);
-void	tcptimeout(void*);
-void	tcpsndsyn(Conv*, Tcpctl*);
-void	tcprcvwin(Conv*);
-void	tcpacktimer(void*);
-void	tcpkeepalive(void*);
-void	tcpsetkacounter(Tcpctl*);
-void	tcprxmit(Conv*);
-void	tcpsettimer(Tcpctl*);
-void	tcpsynackrtt(Conv*);
-void	tcpsetscale(Conv*, Tcpctl*, ushort, ushort);
-
-static void limborexmit(Proto*);
-static void limbo(Conv*, uchar*, uchar*, Tcp*, int);
+static	int	addreseq(Fs*, Tcpctl*, Tcppriv*, Tcp*, Block*, ushort);
+static	int	dumpreseq(Tcpctl*);
+static	void	getreseq(Tcpctl*, Tcp*, Block**, ushort*);
+static	void	limbo(Conv*, uchar*, uchar*, Tcp*, int);
+static	void	limborexmit(Proto*);
+static	void	localclose(Conv*, char*);
+static	void	procsyn(Conv*, Tcp*);
+static	void	tcpacktimer(void*);
+static	void	tcpiput(Proto*, Ipifc*, Block*);
+static	void	tcpkeepalive(void*);
+static	void	tcpoutput(Conv*);
+static	void	tcprcvwin(Conv*);
+static	void	tcprxmit(Conv*);
+static	void	tcpsetkacounter(Tcpctl*);
+static	void	tcpsetscale(Conv*, Tcpctl*, ushort, ushort);
+static	void	tcpsettimer(Tcpctl*);
+static	void	tcpsndsyn(Conv*, Tcpctl*);
+static	void	tcpstart(Conv*, int);
+static	void	tcpsynackrtt(Conv*);
+static	void	tcptimeout(void*);
+static	int	tcptrim(Tcpctl*, Tcp*, Block**, ushort*);
 
-void
+static void
 tcpsetstate(Conv *s, uchar newstate)
 {
 	Tcpctl *tcb;
@@ -403,11 +447,6 @@
 	if(newstate == Established)
 		tpriv->stats[CurrEstab]++;
 
-	/**
-	print( "%d/%d %s->%s CurrEstab=%d\n", s->lport, s->rport,
-		tcpstates[oldstate], tcpstates[newstate], tpriv->tstats.tcpCurrEstab );
-	**/
-
 	switch(newstate) {
 	case Closed:
 		qclose(s->rq);
@@ -430,6 +469,11 @@
 tcpconnect(Conv *c, char **argv, int argc)
 {
 	char *e;
+	Tcpctl *tcb;
+
+	tcb = (Tcpctl*)(c->ptcl);
+	if(tcb->state != Closed)
+		return Econinuse;
 
 	e = Fsstdconnect(c, argv, argc);
 	if(e != nil)
@@ -447,12 +491,14 @@
 	s = (Tcpctl*)(c->ptcl);
 
 	return snprint(state, n,
-		"%s qin %d qout %d srtt %d mdev %d cwin %lud swin %lud>>%d rwin %lud>>%d timer.start %d timer.count %d rerecv %d katimer.start %d katimer.count %d\n",
+		"%s qin %d qout %d rq %d.%d srtt %d mdev %d sst %lud cwin %lud swin %lud>>%d rwin %lud>>%d qscale %d timer.start %d timer.count %d rerecv %d katimer.start %d katimer.count %d\n",
 		tcpstates[s->state],
 		c->rq ? qlen(c->rq) : 0,
 		c->wq ? qlen(c->wq) : 0,
-		s->srtt, s->mdev,
-		s->cwind, s->snd.wnd, s->rcv.scale, s->rcv.wnd, s->snd.scale,
+		s->nreseq, s->reseqlen,
+		s->srtt, s->mdev, s->ssthresh,
+		s->cwind, s->snd.wnd, s->snd.scale, s->rcv.wnd, s->rcv.scale,
+		s->qscale,
 		s->timer.start, s->timer.count, s->rerecv,
 		s->katimer.start, s->katimer.count);
 }
@@ -470,6 +516,11 @@
 tcpannounce(Conv *c, char **argv, int argc)
 {
 	char *e;
+	Tcpctl *tcb;
+
+	tcb = (Tcpctl*)(c->ptcl);
+	if(tcb->state != Closed)
+		return Econinuse;
 
 	e = Fsstdannounce(c, argv, argc);
 	if(e != nil)
@@ -524,7 +575,7 @@
 	}
 }
 
-void
+static void
 tcpkick(void *x)
 {
 	Conv *s = x;
@@ -546,7 +597,6 @@
 		/*
 		 * Push data
 		 */
-		tcprcvwin(s);
 		tcpoutput(s);
 		break;
 	default:
@@ -558,7 +608,9 @@
 	poperror();
 }
 
-void
+static int seq_lt(ulong, ulong);
+
+static void
 tcprcvwin(Conv *s)				/* Call with tcb locked */
 {
 	int w;
@@ -568,12 +620,20 @@
 	w = tcb->window - qlen(s->rq);
 	if(w < 0)
 		w = 0;
-	tcb->rcv.wnd = w;
-	if(w == 0)
+	/* RFC 1122 § 4.2.2.17 do not move right edge of window left */
+	if(seq_lt(tcb->rcv.nxt + w, tcb->rcv.wptr))
+		w = tcb->rcv.wptr - tcb->rcv.nxt;
+	if(w != tcb->rcv.wnd)
+	if(w>>tcb->rcv.scale == 0 || tcb->window > 4*tcb->mss && w < tcb->mss/4){
 		tcb->rcv.blocked = 1;
+		netlog(s->p->f, Logtcp, "tcprcvwin: window %lud qlen %d ws %ud lport %d\n",
+			tcb->window, qlen(s->rq), tcb->rcv.scale, s->lport);
+	}
+	tcb->rcv.wnd = w;
+	tcb->rcv.wptr = tcb->rcv.nxt + w;
 }
 
-void
+static void
 tcpacktimer(void *v)
 {
 	Tcpctl *tcb;
@@ -589,7 +649,6 @@
 	qlock(s);
 	if(tcb->state != Closed){
 		tcb->flags |= FORCE;
-		tcprcvwin(s);
 		tcpoutput(s);
 	}
 	qunlock(s);
@@ -597,10 +656,52 @@
 }
 
 static void
+tcpcongestion(Tcpctl *tcb)
+{
+	ulong inflight;
+
+	inflight = tcb->snd.nxt - tcb->snd.una;
+	if(inflight > tcb->cwind)
+		inflight = tcb->cwind;
+	tcb->ssthresh = inflight / 2;
+	if(tcb->ssthresh < 2*tcb->mss)
+		tcb->ssthresh = 2*tcb->mss;
+}
+
+enum {
+	L		= 2,		/* aggressive slow start; legal values ∈ (1.0, 2.0) */
+};
+
+static void
+tcpabcincr(Tcpctl *tcb, uint acked)
+{
+	uint limit;
+
+	tcb->abcbytes += acked;
+	if(tcb->cwind < tcb->ssthresh){
+		/* slow start */
+		if(tcb->snd.rto)
+			limit = 1*tcb->mss;
+		else
+			limit = L*tcb->mss;
+		tcb->cwind += MIN(tcb->abcbytes, limit);
+		tcb->abcbytes = 0;
+	}
+	else{
+		tcb->snd.rto = 0;
+		/* avoidance */
+		if(tcb->abcbytes >= tcb->cwind){
+			tcb->abcbytes -= tcb->cwind;
+			tcb->cwind += tcb->mss;
+		}
+	}
+}
+
+static void
 tcpcreate(Conv *c)
 {
 	c->rq = qopen(QMAX, Qcoalesce, tcpacktimer, c);
-	c->wq = qopen((3*QMAX)/2, Qkick, tcpkick, c);
+	c->wq = qopen(QMAX, Qkick, tcpkick, c);
 }
 
 static void
@@ -608,7 +709,7 @@
 {
 	if(newstate != TcptimerON){
 		if(t->state == TcptimerON){
-			// unchain
+			/* unchain */
 			if(priv->timers == t){
 				priv->timers = t->next;
 				if(t->prev != nil)
@@ -622,7 +723,7 @@
 		}
 	} else {
 		if(t->state != TcptimerON){
-			// chain
+			/* chain */
 			if(t->prev != nil || t->next != nil)
 				panic("timerstate2");
 			t->prev = nil;
@@ -635,7 +736,7 @@
 	t->state = newstate;
 }
 
-void
+static void
 tcpackproc(void *a)
 {
 	Tcptimer *t, *tp, *timeo;
@@ -646,6 +747,9 @@
 	tcp = a;
 	priv = tcp->priv;
 
+	while(waserror())
+		;
+
 	for(;;) {
 		tsleep(&up->sleep, return0, 0, MSPTICK);
 
@@ -681,7 +785,7 @@
 	}
 }
 
-void
+static void
 tcpgo(Tcppriv *priv, Tcptimer *t)
 {
 	if(t == nil || t->start == 0)
@@ -693,7 +797,7 @@
 	qunlock(&priv->tl);
 }
 
-void
+static void
 tcphalt(Tcppriv *priv, Tcptimer *t)
 {
 	if(t == nil)
@@ -704,17 +808,16 @@
 	qunlock(&priv->tl);
 }
 
-int
+static int
 backoff(int n)
 {
 	return 1 << n;
 }
 
-void
+static void
 localclose(Conv *s, char *reason)	/* called with tcb locked */
 {
 	Tcpctl *tcb;
-	Reseq *rp,*rp1;
 	Tcppriv *tpriv;
 
 	tpriv = s->p->priv;
@@ -728,12 +831,7 @@
 	tcphalt(tpriv, &tcb->katimer);
 
 	/* Flush reassembly queue; nothing more can arrive */
-	for(rp = tcb->reseq; rp != nil; rp = rp1) {
-		rp1 = rp->next;
-		freeblist(rp->bp);
-		free(rp);
-	}
-	tcb->reseq = nil;
+	dumpreseq(tcb);
 
 	if(tcb->state == Syn_sent)
 		Fsconnected(s, reason);
@@ -747,52 +845,53 @@
 }
 
 /* mtu (- TCP + IP hdr len) of 1st hop */
-int
-tcpmtu(Proto *tcp, uchar *addr, int version, int *scale)
+static int
+tcpmtu(Route *r, int version, uint *scale)
 {
 	Ipifc *ifc;
 	int mtu;
 
-	ifc = findipifc(tcp->f, addr, 0);
-	switch(version){
-	default:
-	case V4:
-		mtu = DEF_MSS;
-		if(ifc != nil)
-			mtu = ifc->maxtu - ifc->m->hsize - (TCP4_PKT + TCP4_HDRSIZE);
-		break;
-	case V6:
-		mtu = DEF_MSS6;
-		if(ifc != nil)
-			mtu = ifc->maxtu - ifc->m->hsize - (TCP6_PKT + TCP6_HDRSIZE);
-		break;
-	}
-	if(ifc != nil){
-		if(ifc->mbps > 100)
-			*scale = HaveWS | 3;
-		else if(ifc->mbps > 10)
-			*scale = HaveWS | 1;
-		else
-			*scale = HaveWS | 0;
-	} else
-		*scale = HaveWS | 0;
+	/*
+	 * set the ws.  it doesn't commit us to anything.
+	 * ws is the ultimate limit to the bandwidth-delay product.
+	 */
+	*scale = Defadvscale;
 
-	return mtu;
+	/*
+	 * currently we do not implement path MTU discovery
+	 * so use interface MTU *only* if directly reachable
+	 * or when we use V4 which allows routers to fragment.
+	 * otherwise, we use the default MSS which assumes a
+	 * safe minimum MTU of 1280 bytes for V6.
+	 */  
+	if(r != nil && (ifc = r->ifc) != nil){
+		mtu = ifc->maxtu - ifc->m->hsize;
+		if(version == V4)
+			return mtu - (TCP4_PKT + TCP4_HDRSIZE);
+		mtu -= TCP6_PKT + TCP6_HDRSIZE;
+		if((r->type & (Rifc|Runi)) != 0 || mtu <= DEF_MSS6)
+			return mtu;
+	}
+	if(version == V6)
+		return DEF_MSS6;
+	else
+		return DEF_MSS;
 }
 
-void
+static void
 inittcpctl(Conv *s, int mode)
 {
 	Tcpctl *tcb;
 	Tcp4hdr* h4;
 	Tcp6hdr* h6;
+	Tcppriv *tpriv;
 	int mss;
 
 	tcb = (Tcpctl*)s->ptcl;
 
 	memset(tcb, 0, sizeof(Tcpctl));
 
-	tcb->ssthresh = 65535;
+	tcb->ssthresh = QMAX;			/* reset by tcpsetscale() */
 	tcb->srtt = tcp_irtt<<LOGAGAIN;
 	tcb->mdev = 0;
 
@@ -841,19 +940,18 @@
 	}
 
 	tcb->mss = tcb->cwind = mss;
+	tcb->abcbytes = 0;
+	tpriv = s->p->priv;
+	tpriv->stats[Mss] = tcb->mss;
 
 	/* default is no window scaling */
-	tcb->window = QMAX;
-	tcb->rcv.wnd = QMAX;
-	tcb->rcv.scale = 0;
-	tcb->snd.scale = 0;
-	qsetlimit(s->rq, QMAX);
+	tcpsetscale(s, tcb, 0, 0);
 }
 
 /*
  *  called with s qlocked
  */
-void
+static void
 tcpstart(Conv *s, int mode)
 {
 	Tcpctl *tcb;
@@ -865,8 +963,8 @@
 	if(tpriv->ackprocstarted == 0){
 		qlock(&tpriv->apl);
 		if(tpriv->ackprocstarted == 0){
-			sprint(kpname, "#I%dtcpack", s->p->f->dev);
-			kproc(kpname, tcpackproc, s->p, 0);
+			snprint(kpname, sizeof(kpname), "#I%dtcpack", s->p->f->dev);
+			kproc(kpname, tcpackproc, s->p);
 			tpriv->ackprocstarted = 1;
 		}
 		qunlock(&tpriv->apl);
@@ -895,28 +993,28 @@
 }
 
 static char*
-tcpflag(ushort flag)
+tcpflag(char *buf, char *e, ushort flag)
 {
-	static char buf[128];
+	char *p;
 
-	sprint(buf, "%d", flag>>10);	/* Head len */
+	p = seprint(buf, e, "%d", flag>>10);	/* Head len */
 	if(flag & URG)
-		strcat(buf, " URG");
+		p = seprint(p, e, " URG");
 	if(flag & ACK)
-		strcat(buf, " ACK");
+		p = seprint(p, e, " ACK");
 	if(flag & PSH)
-		strcat(buf, " PSH");
+		p = seprint(p, e, " PSH");
 	if(flag & RST)
-		strcat(buf, " RST");
+		p = seprint(p, e, " RST");
 	if(flag & SYN)
-		strcat(buf, " SYN");
+		p = seprint(p, e, " SYN");
 	if(flag & FIN)
-		strcat(buf, " FIN");
-
+		p = seprint(p, e, " FIN");
+	USED(p);
 	return buf;
 }
 
-Block *
+static Block*
 htontcp6(Tcp *tcph, Block *data, Tcp6hdr *ph, Tcpctl *tcb)
 {
 	int dlen;
@@ -940,14 +1038,10 @@
 	if(data) {
 		dlen = blocklen(data);
 		data = padblock(data, hdrlen + TCP6_PKT);
-		if(data == nil)
-			return nil;
 	}
 	else {
 		dlen = 0;
 		data = allocb(hdrlen + TCP6_PKT + 64);	/* the 64 pad is to meet mintu's */
-		if(data == nil)
-			return nil;
 		data->wp += hdrlen + TCP6_PKT;
 	}
 
@@ -1000,7 +1094,7 @@
 	return data;
 }
 
-Block *
+static Block*
 htontcp4(Tcp *tcph, Block *data, Tcp4hdr *ph, Tcpctl *tcb)
 {
 	int dlen;
@@ -1013,7 +1107,7 @@
 	if(tcph->flags & SYN){
 		if(tcph->mss)
 			hdrlen += MSS_LENGTH;
-		if(tcph->ws)
+		if(1)
 			hdrlen += WS_LENGTH;
 		optpad = hdrlen & 3;
 		if(optpad)
@@ -1024,14 +1118,10 @@
 	if(data) {
 		dlen = blocklen(data);
 		data = padblock(data, hdrlen + TCP4_PKT);
-		if(data == nil)
-			return nil;
 	}
 	else {
 		dlen = 0;
 		data = allocb(hdrlen + TCP4_PKT + 64);	/* the 64 pad is to meet mintu's */
-		if(data == nil)
-			return nil;
 		data->wp += hdrlen + TCP4_PKT;
 	}
 
@@ -1055,7 +1145,8 @@
 			hnputs(opt, tcph->mss);
 			opt += 2;
 		}
-		if(tcph->ws != 0){
+		/* always offer.  rfc1323 §2.2 */
+		if(1){
 			*opt++ = WSOPT;
 			*opt++ = WS_LENGTH;
 			*opt++ = tcph->ws;
@@ -1074,7 +1165,7 @@
 	return data;
 }
 
-int
+static int
 ntohtcp6(Tcp *tcph, Block **bpp)
 {
 	Tcp6hdr *h;
@@ -1103,6 +1194,7 @@
 	tcph->urg = nhgets(h->tcpurg);
 	tcph->mss = 0;
 	tcph->ws = 0;
+	tcph->update = 0;
 	tcph->len = nhgets(h->ploadlen) - hdrlen;
 
 	*bpp = pullupblock(*bpp, hdrlen+TCP6_PKT);
@@ -1127,7 +1219,7 @@
 			break;
 		case WSOPT:
 			if(optlen == WS_LENGTH && *(optr+2) <= 14)
-				tcph->ws = HaveWS | *(optr+2);
+				tcph->ws = *(optr+2);
 			break;
 		}
 		n -= optlen;
@@ -1136,7 +1228,7 @@
 	return hdrlen;
 }
 
-int
+static int
 ntohtcp4(Tcp *tcph, Block **bpp)
 {
 	Tcp4hdr *h;
@@ -1166,6 +1258,7 @@
 	tcph->urg = nhgets(h->tcpurg);
 	tcph->mss = 0;
 	tcph->ws = 0;
+	tcph->update = 0;
 	tcph->len = nhgets(h->length) - (hdrlen + TCP4_PKT);
 
 	*bpp = pullupblock(*bpp, hdrlen+TCP4_PKT);
@@ -1190,7 +1283,7 @@
 			break;
 		case WSOPT:
 			if(optlen == WS_LENGTH && *(optr+2) <= 14)
-				tcph->ws = HaveWS | *(optr+2);
+				tcph->ws = *(optr+2);
 			break;
 		}
 		n -= optlen;
@@ -1200,16 +1293,19 @@
 }
 
 /*
- *  For outgiing calls, generate an initial sequence
+ *  For outgoing calls, generate an initial sequence
  *  number and put a SYN on the send queue
  */
-void
+static void
 tcpsndsyn(Conv *s, Tcpctl *tcb)
 {
+	Tcppriv *tpriv;
+
 	tcb->iss = (nrand(1<<16)<<16)|nrand(1<<16);
 	tcb->rttseq = tcb->iss;
 	tcb->snd.wl2 = tcb->iss;
 	tcb->snd.una = tcb->iss;
+	tcb->snd.rxt = tcb->iss;
 	tcb->snd.ptr = tcb->rttseq;
 	tcb->snd.nxt = tcb->rttseq;
 	tcb->flgcnt++;
@@ -1217,7 +1313,9 @@
 	tcb->sndsyntime = NOW;
 
 	/* set desired mss and scale */
-	tcb->mss = tcpmtu(s->p, s->laddr, s->ipversion, &tcb->scale);
+	tcb->mss = tcpmtu(v6lookup(s->p->f, s->raddr, s->laddr, s), s->ipversion, &tcb->scale);
+	tpriv = s->p->priv;
+	tpriv->stats[Mss] = tcb->mss;
 }
 
 void
@@ -1229,7 +1327,7 @@
 	Tcp4hdr ph4;
 	Tcp6hdr ph6;
 
-	netlog(tcp->f, Logtcp, "sndrst: %s", reason);
+	netlog(tcp->f, Logtcp, "sndrst: %s\n", reason);
 
 	tpriv = tcp->priv;
 
@@ -1307,7 +1405,7 @@
  *  send a reset to the remote side and close the conversation
  *  called with s qlocked
  */
-char*
+static char*
 tcphangup(Conv *s)
 {
 	Tcp seg;
@@ -1322,7 +1420,7 @@
 			memset(&seg, 0, sizeof seg);
 			seg.flags = RST | ACK;
 			seg.ack = tcb->rcv.nxt;
-			tcb->rcv.una = 0;
+			tcb->rcv.ackptr = seg.ack;
 			seg.seq = tcb->snd.ptr;
 			seg.wnd = 0;
 			seg.urg = 0;
@@ -1353,14 +1451,14 @@
 /*
  *  (re)send a SYN ACK
  */
-int
+static int
 sndsynack(Proto *tcp, Limbo *lp)
 {
 	Block *hbp;
 	Tcp4hdr ph4;
 	Tcp6hdr ph6;
 	Tcp seg;
-	int scale;
+	uint scale;
 
 	/* make pseudo header */
 	switch(lp->version) {
@@ -1388,11 +1486,12 @@
 		panic("sndrst: version %d", lp->version);
 	}
 
+	memset(&seg, 0, sizeof seg);
 	seg.seq = lp->iss;
 	seg.ack = lp->irs+1;
 	seg.flags = SYN|ACK;
 	seg.urg = 0;
-	seg.mss = tcpmtu(tcp, lp->laddr, lp->version, &scale);
+	seg.mss = tcpmtu(v6lookup(tcp->f, lp->raddr, lp->laddr, nil), lp->version, &scale);
 	seg.wnd = QMAX;
 
 	/* if the other side set scale, we should too */
@@ -1570,6 +1669,18 @@
 	}
 }
 
+static void
+initialwindow(Tcpctl *tcb)
+{
+	/* RFC 3390 initial window */
+	if(tcb->mss < 1095)
+		tcb->cwind = 4*tcb->mss;
+	else if(tcb->mss < 2190)
+		tcb->cwind = 4380;
+	else
+		tcb->cwind = 2*tcb->mss;
+}
+
 /*
  *  come here when we finally get an ACK to our SYN-ACK.
  *  lookup call in limbo.  if found, create a new conversation
@@ -1596,7 +1707,7 @@
 	/* find a call in limbo */
 	h = hashipa(src, segp->source);
 	for(l = &tpriv->lht[h]; (lp = *l) != nil; l = &lp->next){
-		netlog(s->p->f, Logtcp, "tcpincoming s %I,%ux/%I,%ux d %I,%ux/%I,%ux v %d/%d",
+		netlog(s->p->f, Logtcp, "tcpincoming s %I!%ud/%I!%ud d %I!%ud/%I!%ud v %d/%d\n",
 			src, segp->source, lp->raddr, lp->rport,
 			dst, segp->dest, lp->laddr, lp->lport,
 			version, lp->version
@@ -1611,7 +1722,7 @@
 
 		/* we're assuming no data with the initial SYN */
 		if(segp->seq != lp->irs+1 || segp->ack != lp->iss+1){
-			netlog(s->p->f, Logtcp, "tcpincoming s %lux/%lux a %lux %lux",
+			netlog(s->p->f, Logtcp, "tcpincoming s %lux/%lux a %lux %lux\n",
 				segp->seq, lp->irs+1, segp->ack, lp->iss+1);
 			lp = nil;
 		} else {
@@ -1641,6 +1752,8 @@
 
 	tcb->irs = lp->irs;
 	tcb->rcv.nxt = tcb->irs+1;
+	tcb->rcv.wptr = tcb->rcv.nxt;
+	tcb->rcv.wsnt = 0;
 	tcb->rcv.urg = tcb->rcv.nxt;
 
 	tcb->iss = lp->iss;
@@ -1649,19 +1762,24 @@
 	tcb->snd.una = tcb->iss+1;
 	tcb->snd.ptr = tcb->iss+1;
 	tcb->snd.nxt = tcb->iss+1;
+	tcb->snd.rxt = tcb->iss+1;
 	tcb->flgcnt = 0;
 	tcb->flags |= SYNACK;
 
+	/* set desired mss and scale */
+	tcb->mss = tcpmtu(v6lookup(s->p->f, src, dst, s), version, &tcb->scale);
+
 	/* our sending max segment size cannot be bigger than what he asked for */
 	if(lp->mss != 0 && lp->mss < tcb->mss)
 		tcb->mss = lp->mss;
+	tpriv->stats[Mss] = tcb->mss;
 
 	/* window scaling */
 	tcpsetscale(new, tcb, lp->rcvscale, lp->sndscale);
 
-	/* the congestion window always starts out as a single segment */
+	/* congestion window */
 	tcb->snd.wnd = segp->wnd;
-	tcb->cwind = tcb->mss;
+	initialwindow(tcb);
 
 	/* set initial round trip time */
 	tcb->sndsyntime = lp->lastsend+lp->rexmits*SYNACK_RXTIMER;
@@ -1700,7 +1818,7 @@
 	return new;
 }
 
-int
+static int
 seq_within(ulong x, ulong low, ulong high)
 {
 	if(low <= high){
@@ -1714,25 +1832,25 @@
 	return 0;
 }
 
-int
+static int
 seq_lt(ulong x, ulong y)
 {
 	return (int)(x-y) < 0;
 }
 
-int
+static int
 seq_le(ulong x, ulong y)
 {
 	return (int)(x-y) <= 0;
 }
 
-int
+static int
 seq_gt(ulong x, ulong y)
 {
 	return (int)(x-y) > 0;
 }
 
-int
+static int
 seq_ge(ulong x, ulong y)
 {
 	return (int)(x-y) >= 0;
@@ -1742,7 +1860,7 @@
  *  use the time between the first SYN and it's ack as the
  *  initial round trip time
  */
-void
+static void
 tcpsynackrtt(Conv *s)
 {
 	Tcpctl *tcb;
@@ -1760,46 +1878,59 @@
 	tcphalt(tpriv, &tcb->rtt_timer);
 }
 
-void
+static void
 update(Conv *s, Tcp *seg)
 {
 	int rtt, delta;
 	Tcpctl *tcb;
 	ulong acked;
-	ulong expand;
 	Tcppriv *tpriv;
 
+	if(seg->update)
+		return;
+	seg->update = 1;
+
 	tpriv = s->p->priv;
 	tcb = (Tcpctl*)s->ptcl;
 
-	/* if everything has been acked, force output(?) */
-	if(seq_gt(seg->ack, tcb->snd.nxt)) {
-		tcb->flags |= FORCE;
-		return;
+	/* catch zero-window updates, update window & recover */
+	if(tcb->snd.wnd == 0 && seg->wnd > 0)
+	if(seq_lt(seg->ack,  tcb->snd.ptr)){
+		netlog(s->p->f, Logtcp, "tcp: zwu ack %lud una %lud ptr %lud win %lud\n",
+			seg->ack,  tcb->snd.una, tcb->snd.ptr, seg->wnd);
+		tcb->snd.wnd = seg->wnd;
+		goto recovery;
 	}
 
-	/* added by Dong Lin for fast retransmission */
-	if(seg->ack == tcb->snd.una
-	&& tcb->snd.una != tcb->snd.nxt
-	&& seg->len == 0
-	&& seg->wnd == tcb->snd.wnd) {
-
-		/* this is a pure ack w/o window update */
-		netlog(s->p->f, Logtcprxmt, "dupack %lud ack %lud sndwnd %d advwin %d\n",
-			tcb->snd.dupacks, seg->ack, tcb->snd.wnd, seg->wnd);
-
-		if(++tcb->snd.dupacks == TCPREXMTTHRESH) {
-			/*
-			 *  tahoe tcp rxt the packet, half sshthresh,
- 			 *  and set cwnd to one packet
-			 */
+	/* newreno fast retransmit */
+	if(seg->ack == tcb->snd.una)
+	if(tcb->snd.una != tcb->snd.nxt)
+	if(++tcb->snd.dupacks == 3){
+recovery:
+		if(tcb->snd.recovery){
+			tpriv->stats[RecoveryCwind]++;
+			tcb->cwind += tcb->mss;
+		}else if(seq_le(tcb->snd.rxt, seg->ack)){
+			tpriv->stats[Recovery]++;
+			tcb->abcbytes = 0;
 			tcb->snd.recovery = 1;
+			tcb->snd.partialack = 0;
 			tcb->snd.rxt = tcb->snd.nxt;
-			netlog(s->p->f, Logtcprxmt, "fast rxt %lud, nxt %lud\n", tcb->snd.una, tcb->snd.nxt);
+			tcpcongestion(tcb);
+			tcb->cwind = tcb->ssthresh + 3*tcb->mss;
+			netlog(s->p->f, Logtcpwin, "recovery inflate %ld ss %ld @%lud\n",
+				tcb->cwind, tcb->ssthresh, tcb->snd.rxt);
 			tcprxmit(s);
-		} else {
-			/* do reno tcp here. */
-		}
+		}else{
+			tpriv->stats[RecoveryNoSeq]++;
+			netlog(s->p->f, Logtcpwin, "!recov %lud not ≤ %lud %ld\n",
+				tcb->snd.rxt, seg->ack, tcb->snd.rxt - seg->ack);
+			/* do not enter fast retransmit */
+			/* do not change ssthresh */
+		}
+	}else if(tcb->snd.recovery){
+		tpriv->stats[RecoveryCwind]++;
+		tcb->cwind += tcb->mss;
 	}
 
 	/*
@@ -1807,6 +1938,9 @@
 	 */
 	if(seq_gt(seg->ack, tcb->snd.wl2)
 	|| (tcb->snd.wl2 == seg->ack && seg->wnd > tcb->snd.wnd)){
+		/* clear dupack if we advance wl2 */
+		if(tcb->snd.wl2 != seg->ack)
+			tcb->snd.dupacks = 0;
 		tcb->snd.wnd = seg->wnd;
 		tcb->snd.wl2 = seg->ack;
 	}
@@ -1816,22 +1950,11 @@
 		 *  don't let us hangup if sending into a closed window and
 		 *  we're still getting acks
 		 */
-		if((tcb->flags&RETRAN) && tcb->snd.wnd == 0){
+		if((tcb->flags&RETRAN) && tcb->snd.wnd == 0)
 			tcb->backedoff = MAXBACKMS/4;
-		}
 		return;
 	}
 
-	/*
-	 *  any positive ack turns off fast rxt,
-	 *  (should we do new-reno on partial acks?)
-	 */
-	if(!tcb->snd.recovery || seq_ge(seg->ack, tcb->snd.rxt)) {
-		tcb->snd.dupacks = 0;
-		tcb->snd.recovery = 0;
-	} else
-		netlog(s->p->f, Logtcp, "rxt next %lud, cwin %ud\n", seg->ack, tcb->cwind);
-
 	/* Compute the new send window size */
 	acked = seg->ack - tcb->snd.una;
 
@@ -1843,24 +1966,41 @@
 		goto done;
 	}
 
-	/* slow start as long as we're not recovering from lost packets */
-	if(tcb->cwind < tcb->snd.wnd && !tcb->snd.recovery) {
-		if(tcb->cwind < tcb->ssthresh) {
-			expand = tcb->mss;
-			if(acked < expand)
-				expand = acked;
+	/*
+	 *  congestion control
+	 */
+	if(tcb->snd.recovery){
+		if(seq_ge(seg->ack, tcb->snd.rxt)){
+			/* recovery finished; deflate window */
+			tpriv->stats[RecoveryDone]++;
+			tcb->snd.dupacks = 0;
+			tcb->snd.recovery = 0;
+			tcb->cwind = (tcb->snd.nxt - tcb->snd.una) + tcb->mss;
+			if(tcb->ssthresh < tcb->cwind)
+				tcb->cwind = tcb->ssthresh;
+			netlog(s->p->f, Logtcpwin, "recovery deflate %ld %ld\n",
+				tcb->cwind, tcb->ssthresh);
+		} else {
+			/* partial ack; we lost more than one segment */
+			tpriv->stats[RecoveryPA]++;
+			if(tcb->cwind > acked)
+				tcb->cwind -= acked;
+			else{
+				netlog(s->p->f, Logtcpwin, "partial ack neg\n");
+				tcb->cwind = tcb->mss;
+			}
+			netlog(s->p->f, Logtcpwin, "partial ack %ld left %ld cwind %ld\n",
+				acked, tcb->snd.rxt - seg->ack, tcb->cwind);
+
+			if(acked >= tcb->mss)
+				tcb->cwind += tcb->mss;
+			tcb->snd.partialack++;
 		}
-		else
-			expand = ((int)tcb->mss * tcb->mss) / tcb->cwind;
-
-		if(tcb->cwind + expand < tcb->cwind)
-			expand = tcb->snd.wnd - tcb->cwind;
-		if(tcb->cwind + expand > tcb->snd.wnd)
-			expand = tcb->snd.wnd - tcb->cwind;
-		tcb->cwind += expand;
-	}
+	} else
+		tcpabcincr(tcb, acked);
 
 	/* Adjust the timers according to the round trip time */
+	/* todo: fix sloppy treatment of overflow cases here. */
 	if(tcb->rtt_timer.state == TcptimerON && seq_ge(seg->ack, tcb->rttseq)) {
 		tcphalt(tpriv, &tcb->rtt_timer);
 		if((tcb->flags&RETRAN) == 0) {
@@ -1891,25 +2031,36 @@
 done:
 	if(qdiscard(s->wq, acked) < acked)
 		tcb->flgcnt--;
-
 	tcb->snd.una = seg->ack;
+
+	/* newreno fast recovery */
+	if(tcb->snd.recovery)
+		tcprxmit(s);
+
 	if(seq_gt(seg->ack, tcb->snd.urg))
 		tcb->snd.urg = seg->ack;
 
-	if(tcb->snd.una != tcb->snd.nxt)
-		tcpgo(tpriv, &tcb->timer);
+	if(tcb->snd.una != tcb->snd.nxt){
+		/* “impatient” variant */
+		if(!tcb->snd.recovery || tcb->snd.partialack == 1){
+			tcb->time = NOW;
+			tcb->timeuna = tcb->snd.una;
+			tcpgo(tpriv, &tcb->timer);
+		}
+	}
 	else
 		tcphalt(tpriv, &tcb->timer);
 
 	if(seq_lt(tcb->snd.ptr, tcb->snd.una))
 		tcb->snd.ptr = tcb->snd.una;
 
-	tcb->flags &= ~RETRAN;
+	if(!tcb->snd.recovery)
+		tcb->flags &= ~RETRAN;
 	tcb->backoff = 0;
 	tcb->backedoff = 0;
 }
 
-void
+static void
 tcpiput(Proto *tcp, Ipifc*, Block *bp)
 {
 	Tcp seg;
@@ -1917,7 +2068,7 @@
 	Tcp6hdr *h6;
 	int hdrlen;
 	Tcpctl *tcb;
-	ushort length;
+	ushort length, csum;
 	uchar source[IPaddrlen], dest[IPaddrlen];
 	Conv *s;
 	Fs *f;
@@ -1980,10 +2131,12 @@
 		h6->ttl = proto;
 		hnputl(h6->vcf, length);
 		if((h6->tcpcksum[0] || h6->tcpcksum[1]) &&
-			ptclcsum(bp, TCP6_IPLEN, length+TCP6_PHDRSIZE)) {
+		    (csum = ptclcsum(bp, TCP6_IPLEN, length+TCP6_PHDRSIZE)) != 0) {
 			tpriv->stats[CsumErrs]++;
 			tpriv->stats[InErrs]++;
-			netlog(f, Logtcp, "bad tcp proto cksum\n");
+			netlog(f, Logtcp,
+			    "bad tcpv6 proto cksum: got %#ux, computed %#ux\n",
+				h6->tcpcksum[0]<<8 | h6->tcpcksum[1], csum);
 			freeblist(bp);
 			return;
 		}
@@ -1995,7 +2148,7 @@
 		if(hdrlen < 0){
 			tpriv->stats[HlenErrs]++;
 			tpriv->stats[InErrs]++;
-			netlog(f, Logtcp, "bad tcp hdr len\n");
+			netlog(f, Logtcp, "bad tcpv6 hdr len\n");
 			return;
 		}
 
@@ -2005,7 +2158,7 @@
 		if(bp == nil){
 			tpriv->stats[LenErrs]++;
 			tpriv->stats[InErrs]++;
-			netlog(f, Logtcp, "tcp len < 0 after trim\n");
+			netlog(f, Logtcp, "tcpv6 len < 0 after trim\n");
 			return;
 		}
 	}
@@ -2016,7 +2169,8 @@
 	/* Look for a matching conversation */
 	s = iphtlook(&tpriv->ht, source, seg.source, dest, seg.dest);
 	if(s == nil){
-		netlog(f, Logtcp, "iphtlook failed");
+		netlog(f, Logtcp, "iphtlook(src %I!%d, dst %I!%d) failed\n",
+			source, seg.source, dest, seg.dest);
 reset:
 		qunlock(tcp);
 		sndrst(tcp, source, dest, length, &seg, version, "no conversation");
@@ -2136,8 +2290,12 @@
 	}
 
 	/* Cut the data to fit the receive window */
+	tcprcvwin(s);
 	if(tcptrim(tcb, &seg, &bp, &length) == -1) {
-		netlog(f, Logtcp, "tcp len < 0, %lud %d\n", seg.seq, length);
+		if(seg.seq+1 != tcb->rcv.nxt || length != 1)
+		netlog(f, Logtcp, "tcp: trim: !inwind: seq %lud-%lud win %lud-%lud l %d from %I\n", 
+			seg.seq, seg.seq + length - 1, 
+			tcb->rcv.nxt, tcb->rcv.nxt + tcb->rcv.wnd-1, length, s->raddr);
 		update(s, &seg);
 		if(qlen(s->wq)+tcb->flgcnt == 0 && tcb->state == Closing) {
 			tcphalt(tpriv, &tcb->rtt_timer);
@@ -2168,12 +2326,15 @@
 	if(seg.seq != tcb->rcv.nxt)
 	if(length != 0 || (seg.flags & (SYN|FIN))) {
 		update(s, &seg);
-		if(addreseq(tcb, tpriv, &seg, bp, length) < 0)
+		if(addreseq(f, tcb, tpriv, &seg, bp, length) < 0)
 			print("reseq %I.%d -> %I.%d\n", s->raddr, s->rport, s->laddr, s->lport);
-		tcb->flags |= FORCE;
+		tcb->flags |= FORCE;		/* force duplicate ack; RFC 5681 §3.2 */
 		goto output;
 	}
 
+	if(tcb->nreseq > 0)
+		tcb->flags |= FORCE;		/* filled hole in sequence space; RFC 5681 §3.2 */
+
 	/*
 	 *  keep looping till we've processed this packet plus any
 	 *  adjacent packets in the resequence queue
@@ -2238,7 +2399,8 @@
 				goto raise;
 			}
 		case Time_wait:
-			tcb->flags |= FORCE;
+			if(seg.flags & FIN)
+				tcb->flags |= FORCE;
 			if(tcb->timer.state != TcptimerON)
 				tcpgo(tpriv, &tcb->timer);
 		}
@@ -2272,34 +2434,12 @@
 				 * receive queue
 				 */
 				if(bp) {
-					bp = packblock(bp);
-					if(bp == nil)
-						panic("tcp packblock");
-					qpassnolim(s->rq, bp);
+					qpassnolim(s->rq, packblock(bp));
 					bp = nil;
-
-					/*
-					 *  Force an ack every 2 data messages.  This is
-					 *  a hack for rob to make his home system run
-					 *  faster.
-					 *
-					 *  this also keeps the standard TCP congestion
-					 *  control working since it needs an ack every
-					 *  2 max segs worth.  This is not quite that,
-					 *  but under a real stream is equivalent since
-					 *  every packet has a max seg in it.
-					 */
-					if(++(tcb->rcv.una) >= 2)
-						tcb->flags |= FORCE;
 				}
 				tcb->rcv.nxt += length;
 
 				/*
-				 *  update our rcv window
-				 */
-				tcprcvwin(s);
-
-				/*
 				 *  turn on the acktimer if there's something
 				 *  to ack
 				 */
@@ -2373,8 +2513,11 @@
 
 			getreseq(tcb, &seg, &bp, &length);
 
-			if(tcptrim(tcb, &seg, &bp, &length) == 0)
+			tcprcvwin(s);
+			if(tcptrim(tcb, &seg, &bp, &length) == 0){
+				tcb->flags |= FORCE;
 				break;
+			}
 		}
 	}
 output:
@@ -2394,15 +2537,15 @@
  *  the lock to ipoput the packet so some care has to be
  *  taken by callers.
  */
-void
+static void
 tcpoutput(Conv *s)
 {
 	Tcp seg;
-	int msgs;
+	uint msgs;
 	Tcpctl *tcb;
 	Block *hbp, *bp;
-	int sndcnt, n;
-	ulong ssize, dsize, usable, sent;
+	int sndcnt;
+	ulong ssize, dsize, sent;
 	Fs *f;
 	Tcppriv *tpriv;
 	uchar version;
@@ -2411,9 +2554,26 @@
 	tpriv = s->p->priv;
 	version = s->ipversion;
 
-	for(msgs = 0; msgs < 100; msgs++) {
-		tcb = (Tcpctl*)s->ptcl;
+	tcb = (Tcpctl*)s->ptcl;
+
+	/* force ack every 2*mss */
+	if((tcb->flags & FORCE) == 0)
+	if(tcb->rcv.nxt - tcb->rcv.ackptr >= 2*tcb->mss){
+		tpriv->stats[Delayack]++;
+		tcb->flags |= FORCE;
+	}
 
+	/* force ack if window opening */
+	if(0)
+	if((tcb->flags & FORCE) == 0){
+		tcprcvwin(s);
+		if((int)(tcb->rcv.wptr - tcb->rcv.wsnt) >= 2*tcb->mss){
+			tpriv->stats[Wopenack]++;
+			tcb->flags |= FORCE;
+		}
+	}
+
+	for(msgs = 0; msgs < 100; msgs++) {
 		switch(tcb->state) {
 		case Listen:
 		case Closed:
@@ -2421,7 +2581,12 @@
 			return;
 		}
 
+		/* Don't send anything else until our SYN has been acked */
+		if(tcb->snd.ptr != tcb->iss && (tcb->flags & SYNACK) == 0)
+			break;
+
 		/* force an ack when a window has opened up */
+		tcprcvwin(s);
 		if(tcb->rcv.blocked && tcb->rcv.wnd > 0){
 			tcb->rcv.blocked = 0;
 			tcb->flags |= FORCE;
@@ -2429,54 +2594,57 @@
 
 		sndcnt = qlen(s->wq)+tcb->flgcnt;
 		sent = tcb->snd.ptr - tcb->snd.una;
-
-		/* Don't send anything else until our SYN has been acked */
-		if(tcb->snd.ptr != tcb->iss && (tcb->flags & SYNACK) == 0)
-			break;
-
-		/* Compute usable segment based on offered window and limit
-		 * window probes to one
-		 */
+		ssize = sndcnt;
 		if(tcb->snd.wnd == 0){
-			if(sent != 0) {
-				if((tcb->flags&FORCE) == 0)
-					break;
-//				tcb->snd.ptr = tcb->snd.una;
+			/* zero window probe */
+			if(sent > 0)
+			if(!(tcb->flags & FORCE))
+				break;	/* already probing, rto re-probes */
+			if(ssize < sent)
+				ssize = 0;
+			else{
+				ssize -= sent;
+				if(ssize > 0)
+					ssize = 1;
+			}
+		} else {
+			/* calculate usable segment size */
+			if(ssize > tcb->cwind)
+				ssize = tcb->cwind;
+			if(ssize > tcb->snd.wnd)
+				ssize = tcb->snd.wnd;
+
+			if(ssize < sent)
+				ssize = 0;
+			else {
+				ssize -= sent;
+				if(ssize > tcb->mss)
+					ssize = tcb->mss;
 			}
-			usable = 1;
 		}
-		else {
-			usable = tcb->cwind;
-			if(tcb->snd.wnd < usable)
-				usable = tcb->snd.wnd;
-			usable -= sent;
-		}
-		ssize = sndcnt-sent;
-		if(ssize && usable < 2)
-			netlog(s->p->f, Logtcp, "throttled snd.wnd %lud cwind %lud\n",
-				tcb->snd.wnd, tcb->cwind);
-		if(usable < ssize)
-			ssize = usable;
-		if(tcb->mss < ssize)
-			ssize = tcb->mss;
+
 		dsize = ssize;
 		seg.urg = 0;
 
-		if(ssize == 0)
-		if((tcb->flags&FORCE) == 0)
-			break;
+		if(!(tcb->flags & FORCE)){
+			if(ssize == 0)
+				break;
+			if(ssize < tcb->mss)
+			if(tcb->snd.nxt == tcb->snd.ptr)
+			if(sent > TCPREXMTTHRESH*tcb->mss)
+				break;
+		}
 
 		tcb->flags &= ~FORCE;
-		tcprcvwin(s);
 
 		/* By default we will generate an ack */
 		tcphalt(tpriv, &tcb->acktimer);
-		tcb->rcv.una = 0;
 		seg.source = s->lport;
 		seg.dest = s->rport;
 		seg.flags = ACK;
 		seg.mss = 0;
 		seg.ws = 0;
+		seg.update = 0;
 		switch(tcb->state){
 		case Syn_sent:
 			seg.flags = 0;
@@ -2516,20 +2684,9 @@
 			}
 		}
 
-		if(sent+dsize == sndcnt)
+		if(sent+dsize == sndcnt && dsize)
 			seg.flags |= PSH;
 
-		/* keep track of balance of resent data */
-		if(seq_lt(tcb->snd.ptr, tcb->snd.nxt)) {
-			n = tcb->snd.nxt - tcb->snd.ptr;
-			if(ssize < n)
-				n = ssize;
-			tcb->resent += n;
-			netlog(f, Logtcp, "rexmit: %I.%d -> %I.%d ptr %lux nxt %lux\n",
-				s->raddr, s->rport, s->laddr, s->lport, tcb->snd.ptr, tcb->snd.nxt);
-			tpriv->stats[RetransSegs]++;
-		}
-
 		tcb->snd.ptr += ssize;
 
 		/* Pull up the send pointer so we can accept acks
@@ -2565,13 +2722,17 @@
 		 * expect acknowledges
 		 */
 		if(ssize != 0){
-			if(tcb->timer.state != TcptimerON)
+			if(tcb->timer.state != TcptimerON){
+				tcb->time = NOW;
+				tcb->timeuna = tcb->snd.una;
 				tcpgo(tpriv, &tcb->timer);
+			}
 
 			/*  If round trip timer isn't running, start it.
 			 *  measure the longest packet only in case the
 			 *  transmission time dominates RTT
 			 */
+			if(tcb->snd.retransmit == 0)
 			if(tcb->rtt_timer.state != TcptimerON)
 			if(ssize == tcb->mss) {
 				tcpgo(tpriv, &tcb->rtt_timer);
@@ -2580,6 +2741,10 @@
 		}
 
 		tpriv->stats[OutSegs]++;
+		if(tcb->snd.retransmit)
+			tpriv->stats[RetransSegsSent]++;
+		tcb->rcv.ackptr = seg.ack;
+		tcb->rcv.wsnt = tcb->rcv.wptr;
 
 		/* put off the next keep alive */
 		tcpgo(tpriv, &tcb->katimer);
@@ -2600,9 +2765,8 @@
 		default:
 			panic("tcpoutput2: version %d", version);
 		}
-		if((msgs%4) == 1){
+		if((msgs%4) == 3){
 			qunlock(s);
-			sched();
 			qlock(s);
 		}
 	}
@@ -2611,7 +2775,7 @@
 /*
  *  the BSD convention (hack?) for keep alives.  resend last uchar acked.
  */
-void
+static void
 tcpsendka(Conv *s)
 {
 	Tcp seg;
@@ -2621,6 +2785,7 @@
 	tcb = (Tcpctl*)s->ptcl;
 
 	dbp = nil;
+	memset(&seg, 0, sizeof seg);
 	seg.urg = 0;
 	seg.source = s->lport;
 	seg.dest = s->rport;
@@ -2632,7 +2797,8 @@
 	else
 		seg.seq = tcb->snd.una-1;
 	seg.ack = tcb->rcv.nxt;
-	tcb->rcv.una = 0;
+	tcb->rcv.ackptr = seg.ack;
+	tcprcvwin(s);
 	seg.wnd = tcb->rcv.wnd;
 	if(tcb->state == Finwait2){
 		seg.flags |= FIN;
@@ -2666,7 +2832,7 @@
 /*
  *  set connection to time out after 12 minutes
  */
-void
+static void
 tcpsetkacounter(Tcpctl *tcb)
 {
 	tcb->kacounter = (12 * 60 * 1000) / (tcb->katimer.start*MSPTICK);
@@ -2678,7 +2844,7 @@
  *  if we've timed out, close the connection
  *  otherwise, send a keepalive and restart the timer
  */
-void
+static void
 tcpkeepalive(void *v)
 {
 	Tcpctl *tcb;
@@ -2706,7 +2872,7 @@
 /*
  *  start keepalive timer
  */
-char*
+static char*
 tcpstartka(Conv *s, char **f, int n)
 {
 	Tcpctl *tcb;
@@ -2729,7 +2895,7 @@
 /*
  *  turn checksums on/off
  */
-char*
+static char*
 tcpsetchecksum(Conv *s, char **f, int)
 {
 	Tcpctl *tcb;
@@ -2740,30 +2906,38 @@
 	return nil;
 }
 
-void
+/*
+ *  retransmit (at most) one segment at snd.una.
+ *  preserve cwind & snd.ptr
+ */
+static void
 tcprxmit(Conv *s)
 {
 	Tcpctl *tcb;
+	Tcppriv *tpriv;
+	ulong tcwind, tptr;
 
 	tcb = (Tcpctl*)s->ptcl;
-
 	tcb->flags |= RETRAN|FORCE;
-	tcb->snd.ptr = tcb->snd.una;
-
-	/*
-	 *  We should be halving the slow start threshhold (down to one
-	 *  mss) but leaving it at mss seems to work well enough
-	 */
- 	tcb->ssthresh = tcb->mss;
 
-	/*
-	 *  pull window down to a single packet
-	 */
+	tptr = tcb->snd.ptr;
+	tcwind = tcb->cwind;
+	tcb->snd.ptr = tcb->snd.una;
 	tcb->cwind = tcb->mss;
+	tcb->snd.retransmit = 1;
 	tcpoutput(s);
+	tcb->snd.retransmit = 0;
+	tcb->cwind = tcwind;
+	tcb->snd.ptr = tptr;
+
+	tpriv = s->p->priv;
+	tpriv->stats[RetransSegs]++;
 }
 
-void
+/*
+ *  todo: RFC 4138 F-RTO
+ */
+static void
 tcptimeout(void *arg)
 {
 	Conv *s;
@@ -2792,11 +2966,29 @@
 			localclose(s, Etimedout);
 			break;
 		}
-		netlog(s->p->f, Logtcprxmt, "timeout rexmit 0x%lux %d/%d\n", tcb->snd.una, tcb->timer.start, NOW);
+		netlog(s->p->f, Logtcprxmt, "rxm %d/%d %ldms %lud rto %d %lud %s\n",
+			tcb->srtt, tcb->mdev, NOW-tcb->time,
+			tcb->snd.una-tcb->timeuna, tcb->snd.rto, tcb->snd.ptr,
+			tcpstates[s->state]);
 		tcpsettimer(tcb);
+		if(tcb->snd.rto == 0)
+			tcpcongestion(tcb);
 		tcprxmit(s);
+		tcb->snd.ptr = tcb->snd.una;
+		tcb->cwind = tcb->mss;
+		tcb->snd.rto = 1;
 		tpriv->stats[RetransTimeouts]++;
-		tcb->snd.dupacks = 0;
+
+		if(tcb->snd.recovery){
+			tcb->snd.dupacks = 0;			/* reno rto */
+			tcb->snd.recovery = 0;
+			tpriv->stats[RecoveryRTO]++;
+			tcb->snd.rxt = tcb->snd.nxt;
+			netlog(s->p->f, Logtcpwin,
+				"rto recovery rxt @%lud\n", tcb->snd.nxt);
+		}
+
+		tcb->abcbytes = 0;
 		break;
 	case Time_wait:
 		localclose(s, nil);
@@ -2808,7 +3000,7 @@
 	poperror();
 }
 
-int
+static int
 inwindow(Tcpctl *tcb, int seq)
 {
 	return seq_within(seq, tcb->rcv.nxt, tcb->rcv.nxt+tcb->rcv.wnd-1);
@@ -2817,36 +3009,83 @@
 /*
  *  set up state for a received SYN (or SYN ACK) packet
  */
-void
+static void
 procsyn(Conv *s, Tcp *seg)
 {
 	Tcpctl *tcb;
+	Tcppriv *tpriv;
 
 	tcb = (Tcpctl*)s->ptcl;
 	tcb->flags |= FORCE;
 
 	tcb->rcv.nxt = seg->seq + 1;
+	tcb->rcv.wptr = tcb->rcv.nxt;
+	tcb->rcv.wsnt = 0;
 	tcb->rcv.urg = tcb->rcv.nxt;
 	tcb->irs = seg->seq;
 
 	/* our sending max segment size cannot be bigger than what he asked for */
-	if(seg->mss != 0 && seg->mss < tcb->mss)
+	if(seg->mss != 0 && seg->mss < tcb->mss) {
 		tcb->mss = seg->mss;
+		tpriv = s->p->priv;
+		tpriv->stats[Mss] = tcb->mss;
+	}
+
+	/* if the server does not support ws option, disable window scaling */
+	if(seg->ws == 0){
+		tcb->scale = 0;
+		tcb->snd.scale = 0;
+	}
 
-	/* the congestion window always starts out as a single segment */
 	tcb->snd.wnd = seg->wnd;
-	tcb->cwind = tcb->mss;
+	initialwindow(tcb);
 }
 
-int
-addreseq(Tcpctl *tcb, Tcppriv *tpriv, Tcp *seg, Block *bp, ushort length)
+static int
+dumpreseq(Tcpctl *tcb)
+{
+	Reseq *r, *next;
+
+	for(r = tcb->reseq; r != nil; r = next){
+		next = r->next;
+		freeblist(r->bp);
+		free(r);
+	}
+	tcb->reseq = nil;
+	tcb->nreseq = 0;
+	tcb->reseqlen = 0;
+	return -1;
+}
+
+static void
+logreseq(Fs *f, Reseq *r, ulong n)
 {
-	Reseq *rp, *rp1;
-	int i, rqlen, qmax;
+	char *s;
+
+	for(; r != nil; r = r->next){
+		s = nil;
+		if(r->next == nil && r->seg.seq != n)
+			s = "hole/end";
+		else if(r->next == nil)
+			s = "end";
+		else if(r->seg.seq != n)
+			s = "hole";
+		if(s != nil)
+			netlog(f, Logtcp, "%s %lud-%lud (%ld) %#ux\n", s,
+				n, r->seg.seq, r->seg.seq-n, r->seg.flags);
+		n = r->seg.seq + r->seg.len;
+	}
+}
+
+static int
+addreseq(Fs *f, Tcpctl *tcb, Tcppriv *tpriv, Tcp *seg, Block *bp, ushort length)
+{
+	Reseq *rp, **rr;
+	int qmax;
 
 	rp = malloc(sizeof(Reseq));
 	if(rp == nil){
-		freeblist(bp);	/* bp always consumed by add_reseq */
+		freeblist(bp);	/* bp always consumed by addreseq */
 		return 0;
 	}
 
@@ -2854,56 +3093,39 @@
 	rp->bp = bp;
 	rp->length = length;
 
-	/* Place on reassembly list sorting by starting seq number */
-	rp1 = tcb->reseq;
-	if(rp1 == nil || seq_lt(seg->seq, rp1->seg.seq)) {
-		rp->next = rp1;
-		tcb->reseq = rp;
-		if(rp->next != nil)
-			tpriv->stats[OutOfOrder]++;
-		return 0;
-	}
+	tcb->reseqlen += length;
+	tcb->nreseq++;
 
-	rqlen = 0;
-	for(i = 0;; i++) {
-		rqlen += rp1->length;
-		if(rp1->next == nil || seq_lt(seg->seq, rp1->next->seg.seq)) {
-			rp->next = rp1->next;
-			rp1->next = rp;
+	/* Place on reassembly list sorting by starting seq number */
+	for(rr = &tcb->reseq;; rr = &(*rr)->next)
+		if(*rr == nil || seq_lt(seg->seq, (*rr)->seg.seq)){
+			rp->next = *rr;
+			*rr = rp;
+			tpriv->stats[Resequenced]++;
 			if(rp->next != nil)
 				tpriv->stats[OutOfOrder]++;
 			break;
 		}
-		rp1 = rp1->next;
-	}
-	qmax = QMAX<<tcb->rcv.scale;
-	if(rqlen > qmax){
-		print("resequence queue > window: %d > %d\n", rqlen, qmax);
-		i = 0;
-	  	for(rp1 = tcb->reseq; rp1 != nil; rp1 = rp1->next){
-	  		print("%#lux %#lux %#ux\n", rp1->seg.seq,
-	  			rp1->seg.ack, rp1->seg.flags);
-			if(i++ > 10){
-				print("...\n");
-				break;
-			}
-		}
-
-		// delete entire reassembly queue; wait for retransmit.
-		// - should we be smarter and only delete the tail?
-		for(rp = tcb->reseq; rp != nil; rp = rp1){
-			rp1 = rp->next;
-			freeblist(rp->bp);
-			free(rp);
-		}
-		tcb->reseq = nil;
 
-	  	return -1;
+	qmax = tcb->window;
+	if(tcb->reseqlen > qmax){
+		netlog(f, Logtcp, "tcp: reseq: queue > window: %d > %d; %d packets\n", tcb->reseqlen, qmax, tcb->nreseq);
+		logreseq(f, tcb->reseq, tcb->rcv.nxt);
+		tpriv->stats[ReseqBytelim]++;
+		return dumpreseq(tcb);
+	}
+	qmax = tcb->window / tcb->mss;		/* ~190 for qscale==2, 390 for qscale=3 */
+	if(tcb->nreseq > qmax){
+		netlog(f, Logtcp, "resequence queue > packets: %d %d; %d bytes\n", tcb->nreseq, qmax, tcb->reseqlen);
+		logreseq(f, tcb->reseq, tcb->rcv.nxt);
+		tpriv->stats[ReseqPktlim]++;
+		return dumpreseq(tcb);
 	}
+
 	return 0;
 }
 
-void
+static void
 getreseq(Tcpctl *tcb, Tcp *seg, Block **bp, ushort *length)
 {
 	Reseq *rp;
@@ -2918,10 +3140,13 @@
 	*bp = rp->bp;
 	*length = rp->length;
 
+	tcb->nreseq--;
+	tcb->reseqlen -= rp->length;
+
 	free(rp);
 }
 
-int
+static int
 tcptrim(Tcpctl *tcb, Tcp *seg, Block **bp, ushort *length)
 {
 	ushort len;
@@ -2992,7 +3217,7 @@
 	return 0;
 }
 
-void
+static void
 tcpadvise(Proto *tcp, Block *bp, char *msg)
 {
 	Tcp4hdr *h4;
@@ -3011,8 +3236,7 @@
 		v4tov6(source, h4->tcpsrc);
 		psource = nhgets(h4->tcpsport);
 		pdest = nhgets(h4->tcpdport);
-	}
-	else {
+	} else {
 		ipmove(dest, h6->tcpdst);
 		ipmove(source, h6->tcpsrc);
 		psource = nhgets(h6->tcpsport);
@@ -3021,14 +3245,15 @@
 
 	/* Look for a connection */
 	qlock(tcp);
-	for(p = tcp->conv; *p; p++) {
-		s = *p;
+	for(p = tcp->conv; (s = *p) != nil; p++) {
 		tcb = (Tcpctl*)s->ptcl;
 		if(s->rport == pdest)
 		if(s->lport == psource)
 		if(tcb->state != Closed)
 		if(ipcmp(s->raddr, dest) == 0)
 		if(ipcmp(s->laddr, source) == 0){
+			if(s->ignoreadvice)
+				break;
 			qlock(s);
 			qunlock(tcp);
 			switch(tcb->state){
@@ -3058,9 +3283,11 @@
 }
 
 /* called with c qlocked */
-char*
+static char*
 tcpctl(Conv* c, char** f, int n)
 {
+	if(n == 1 && strcmp(f[0], "close") == 0)
+		return tcpclose(c), nil;
 	if(n == 1 && strcmp(f[0], "hangup") == 0)
 		return tcphangup(c);
 	if(n >= 1 && strcmp(f[0], "keepalive") == 0)
@@ -3072,7 +3299,7 @@
 	return "unknown control request";
 }
 
-int
+static int
 tcpstats(Proto *tcp, char *buf, int len)
 {
 	Tcppriv *priv;
@@ -3083,7 +3310,7 @@
 	p = buf;
 	e = p+len;
 	for(i = 0; i < Nstats; i++)
-		p = seprint(p, e, "%s: %lud\n", statnames[i], priv->stats[i]);
+		p = seprint(p, e, "%s: %llud\n", statnames[i], priv->stats[i]);
 	return p - buf;
 }
 
@@ -3096,7 +3323,7 @@
  *  of questionable validity so we try to use them only when we're
  *  up against the wall.
  */
-int
+static int
 tcpgc(Proto *tcp)
 {
 	Conv *c, **pp, **ep;
@@ -3104,7 +3331,7 @@
 	Tcpctl *tcb;
 
 
-	n = natgc(tcp->ipproto);
+	n = 0;
 	ep = &tcp->conv[tcp->nc];
 	for(pp = tcp->conv; pp < ep; pp++) {
 		c = *pp;
@@ -3116,13 +3343,13 @@
 		switch(tcb->state){
 		case Syn_received:
 			if(NOW - tcb->time > 5000){
-				localclose(c, "timed out");
+				localclose(c, Etimedout);
 				n++;
 			}
 			break;
 		case Finwait2:
 			if(NOW - tcb->time > 5*60*1000){
-				localclose(c, "timed out");
+				localclose(c, Etimedout);
 				n++;
 			}
 			break;
@@ -3132,7 +3359,7 @@
 	return n;
 }
 
-void
+static void
 tcpsettimer(Tcpctl *tcb)
 {
 	int x;
@@ -3141,9 +3368,9 @@
 	x = backoff(tcb->backoff) *
 		(tcb->mdev + (tcb->srtt>>LOGAGAIN) + MSPTICK) / MSPTICK;
 
-	/* bounded twixt 1/2 and 64 seconds */
-	if(x < 500/MSPTICK)
-		x = 500/MSPTICK;
+	/* bounded twixt 0.3 and 64 seconds */
+	if(x < 300/MSPTICK)
+		x = 300/MSPTICK;
 	else if(x > (64000/MSPTICK))
 		x = 64000/MSPTICK;
 	tcb->timer.start = x;
@@ -3177,18 +3404,37 @@
 	Fsproto(fs, tcp);
 }
 
-void
+static void
 tcpsetscale(Conv *s, Tcpctl *tcb, ushort rcvscale, ushort sndscale)
 {
-	if(rcvscale){
-		tcb->rcv.scale = rcvscale & 0xff;
-		tcb->snd.scale = sndscale & 0xff;
-		tcb->window = QMAX<<tcb->snd.scale;
-		qsetlimit(s->rq, tcb->window);
-	} else {
-		tcb->rcv.scale = 0;
-		tcb->snd.scale = 0;
-		tcb->window = QMAX;
-		qsetlimit(s->rq, tcb->window);
-	}
+	/*
+	 * guess at reasonable queue sizes.  there's no current way 
+	 * to know how many nic receive buffers we can safely tie up in the
+	 * tcp stack, and we don't adjust our queues to maximize throughput
+	 * and minimize bufferbloat.  n.b. the offer (rcvscale) needs to be
+	 * respected, but we still control our own buffer commitment by
+	 * keeping a seperate qscale.
+	 */
+	tcb->rcv.scale = rcvscale & 0xff;
+	tcb->snd.scale = sndscale & 0xff;
+	tcb->qscale = rcvscale & 0xff;
+	if(rcvscale > Maxqscale)
+		tcb->qscale = Maxqscale;
+
+	if(rcvscale != tcb->rcv.scale)
+		netlog(s->p->f, Logtcp, "tcpsetscale: window %lud qlen %d >> window %ud lport %d\n",
+			tcb->window, qlen(s->rq), QMAX<<tcb->qscale, s->lport);
+	tcb->window = QMAX<<tcb->qscale;
+	tcb->ssthresh = tcb->window;
+
+	/*
+	 * it's important to set wq large enough to cover the full
+	 * bandwidth-delay product.  it's possible to be in loss
+	 * recovery with a big window, and we need to keep sending
+	 * into the inflated window.  the difference can be huge
+	 * for even modest (70ms) ping times.
+	 */
+	qsetlimit(s->rq, QMAX<<tcb->qscale);
+	qsetlimit(s->wq, QMAX<<tcb->qscale);
+	tcprcvwin(s);
 }
--- a/os/ip/udp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/udp.c	Sat Aug 21 01:39:52 2021
@@ -24,7 +24,6 @@
 
 	IP_UDPPROTO	= 17,
 	UDP_USEAD7	= 52,
-	UDP_USEAD6	= 36,
 
 	Udprxms		= 200,
 	Udptickms	= 100,
@@ -40,7 +39,7 @@
 	uchar	length[2];	/* packet length */
 	uchar	id[2];		/* Identification */
 	uchar	frag[2];	/* Fragment information */
-	uchar	Unused;	
+	uchar	Unused;
 	uchar	udpproto;	/* Protocol */
 	uchar	udpplen[2];	/* Header plus data length */
 	uchar	udpsrc[IPv4addrlen];	/* Ip source */
@@ -73,10 +72,10 @@
 typedef struct Udpstats Udpstats;
 struct Udpstats
 {
-	ulong	udpInDatagrams;
+	uvlong	udpInDatagrams;
 	ulong	udpNoPorts;
 	ulong	udpInErrors;
-	ulong	udpOutDatagrams;
+	uvlong	udpOutDatagrams;
 };
 
 typedef struct Udppriv Udppriv;
@@ -101,7 +100,6 @@
 typedef struct Udpcb Udpcb;
 struct Udpcb
 {
-	QLock;
 	uchar	headers;
 };
 
@@ -125,7 +123,7 @@
 static int
 udpstate(Conv *c, char *state, int n)
 {
-	return snprint(state, n, "%s qin %d qout %d",
+	return snprint(state, n, "%s qin %d qout %d\n",
 		c->inuse ? "Open" : "Closed",
 		c->rq ? qlen(c->rq) : 0,
 		c->wq ? qlen(c->wq) : 0
@@ -151,7 +149,7 @@
 static void
 udpcreate(Conv *c)
 {
-	c->rq = qopen(64*1024, Qmsg, 0, 0);
+	c->rq = qopen(512*1024, Qmsg, 0, 0);
 	c->wq = qbypass(udpkick, c);
 }
 
@@ -175,8 +173,6 @@
 
 	ucb = (Udpcb*)c->ptcl;
 	ucb->headers = 0;
-
-	qunlock(c);
 }
 
 void
@@ -192,12 +188,13 @@
 	Udppriv *upriv;
 	Fs *f;
 	int version;
-	Conv *rc;
+	Routehint *rh;
+	ushort csum;
 
 	upriv = c->p->priv;
 	f = c->p->f;
 
-	netlog(c->p->f, Logudp, "udp: kick\n");
+//	netlog(c->p->f, Logudp, "udp: kick\n");	/* frequent and uninteresting */
 	if(bp == nil)
 		return;
 
@@ -219,39 +216,18 @@
 		rport = nhgets(bp->rp);
 		bp->rp += 2+2;			/* Ignore local port */
 		break;
-	case 6:
-		/* get user specified addresses */
-		bp = pullupblock(bp, UDP_USEAD6);
-		if(bp == nil)
-			return;
-		ipmove(raddr, bp->rp);
-		bp->rp += IPaddrlen;
-		ipmove(laddr, bp->rp);
-		bp->rp += IPaddrlen;
-		/* pick interface closest to dest */
-		if(ipforme(f, laddr) != Runi)
-			findlocalip(f, laddr, raddr);
-		rport = nhgets(bp->rp);
-		bp->rp += 2+2;			/* Ignore local port */
-		break;
 	default:
 		rport = 0;
 		break;
 	}
 
 	if(ucb->headers) {
-		if(memcmp(laddr, v4prefix, IPv4off) == 0 ||
-		    ipcmp(laddr, IPnoaddr) == 0)
+		if(isv4(laddr) || ipcmp(laddr, IPnoaddr) == 0)
 			version = V4;
 		else
 			version = V6;
 	} else {
-		if( (memcmp(c->raddr, v4prefix, IPv4off) == 0 &&
-			memcmp(c->laddr, v4prefix, IPv4off) == 0)
-			|| ipcmp(c->raddr, IPnoaddr) == 0)
-			version = V4;
-		else
-			version = V6;
+		version = convipvers(c);
 	}
 
 	dlen = blocklen(bp);
@@ -260,9 +236,6 @@
 	switch(version){
 	case V4:
 		bp = padblock(bp, UDP4_IPHDR_SZ+UDP_UDPHDR_SZ);
-		if(bp == nil)
-			return;
-
 		uh4 = (Udp4hdr *)(bp->rp);
 		ptcllen = dlen + UDP_UDPHDR_SZ;
 		uh4->Unused = 0;
@@ -274,32 +247,33 @@
 			v6tov4(uh4->udpdst, raddr);
 			hnputs(uh4->udpdport, rport);
 			v6tov4(uh4->udpsrc, laddr);
-			rc = nil;
+			rh = nil;
 		} else {
 			v6tov4(uh4->udpdst, c->raddr);
 			hnputs(uh4->udpdport, c->rport);
 			if(ipcmp(c->laddr, IPnoaddr) == 0)
 				findlocalip(f, c->laddr, c->raddr);
 			v6tov4(uh4->udpsrc, c->laddr);
-			rc = c;
+			rh = c;
 		}
 		hnputs(uh4->udpsport, c->lport);
 		hnputs(uh4->udplen, ptcllen);
 		uh4->udpcksum[0] = 0;
 		uh4->udpcksum[1] = 0;
-		hnputs(uh4->udpcksum, 
-		       ptclcsum(bp, UDP4_PHDR_OFF, dlen+UDP_UDPHDR_SZ+UDP4_PHDR_SZ));
+		csum = ptclcsum(bp, UDP4_PHDR_OFF, dlen+UDP_UDPHDR_SZ+UDP4_PHDR_SZ);
+		if(csum == 0)
+			csum = 0xffff;	/* -0 */
+		hnputs(uh4->udpcksum, csum);
 		uh4->vihl = IP_VER4;
-		ipoput4(f, bp, 0, c->ttl, c->tos, rc);
+		ipoput4(f, bp, 0, c->ttl, c->tos, rh);
 		break;
 
 	case V6:
+		/*
+		 * using the v6 ip header to create pseudo header
+		 * first then reset it to the normal ip header
+		 */
 		bp = padblock(bp, UDP6_IPHDR_SZ+UDP_UDPHDR_SZ);
-		if(bp == nil)
-			return;
-
-		// using the v6 ip header to create pseudo header 
-		// first then reset it to the normal ip header
 		uh6 = (Udp6hdr *)(bp->rp);
 		memset(uh6, 0, 8);
 		ptcllen = dlen + UDP_UDPHDR_SZ;
@@ -309,26 +283,28 @@
 			ipmove(uh6->udpdst, raddr);
 			hnputs(uh6->udpdport, rport);
 			ipmove(uh6->udpsrc, laddr);
-			rc = nil;
+			rh = nil;
 		} else {
 			ipmove(uh6->udpdst, c->raddr);
 			hnputs(uh6->udpdport, c->rport);
 			if(ipcmp(c->laddr, IPnoaddr) == 0)
 				findlocalip(f, c->laddr, c->raddr);
 			ipmove(uh6->udpsrc, c->laddr);
-			rc = c;
+			rh = c;
 		}
 		hnputs(uh6->udpsport, c->lport);
 		hnputs(uh6->udplen, ptcllen);
 		uh6->udpcksum[0] = 0;
 		uh6->udpcksum[1] = 0;
-		hnputs(uh6->udpcksum, 
-		       ptclcsum(bp, UDP6_PHDR_OFF, dlen+UDP_UDPHDR_SZ+UDP6_PHDR_SZ));
+		csum = ptclcsum(bp, UDP6_PHDR_OFF, dlen+UDP_UDPHDR_SZ+UDP6_PHDR_SZ);
+		if(csum == 0)
+			csum = 0xffff;	/* -0 */
+		hnputs(uh6->udpcksum, csum);
 		memset(uh6, 0, 8);
 		uh6->viclfl[0] = IP_VER6;
 		hnputs(uh6->len, ptcllen);
 		uh6->nextheader = IP_UDPPROTO;
-		ipoput6(f, bp, 0, c->ttl, c->tos, rc);
+		ipoput6(f, bp, 0, c->ttl, c->tos, rh);
 		break;
 
 	default:
@@ -360,10 +336,8 @@
 	uh4 = (Udp4hdr*)(bp->rp);
 	version = ((uh4->vihl&0xF0)==IP_VER6) ? V6 : V4;
 
-	/*
-	 * Put back pseudo header for checksum 
-	 * (remember old values for icmpnoconv())
-	 */
+	/* Put back pseudo header for checksum
+	 * (remember old values for icmpnoconv()) */
 	switch(version) {
 	case V4:
 		ottl = uh4->Unused;
@@ -423,7 +397,7 @@
 
 	c = iphtlook(&upriv->ht, raddr, rport, laddr, lport);
 	if(c == nil){
-		/* no converstation found */
+		/* no conversation found */
 		upriv->ustats.udpNoPorts++;
 		qunlock(udp);
 		netlog(f, Logudp, "udp: no conv %I!%d -> %I!%d\n", raddr, rport,
@@ -434,7 +408,7 @@
 			icmpnoconv(f, bp);
 			break;
 		case V6:
-			icmphostunr(f, ifc, bp, icmp6_port_unreach, 0);
+			icmphostunr6(f, ifc, bp, Icmp6_port_unreach, 0);
 			break;
 		default:
 			panic("udpiput2: version %d", version);
@@ -448,18 +422,8 @@
 	if(c->state == Announced){
 		if(ucb->headers == 0){
 			/* create a new conversation */
-			if(ipforme(f, laddr) != Runi) {
-				switch(version){
-				case V4:
-					v4tov6(laddr, ifc->lifc->local);
-					break;
-				case V6:
-					ipmove(laddr, ifc->lifc->local);
-					break;
-				default:
-					panic("udpiput3: version %d", version);
-				}
-			}
+			if(ipforme(f, laddr) != Runi)
+				ipv6local(ifc, laddr, 0, raddr);
 			c = Fsnewcall(c, raddr, rport, laddr, lport, version);
 			if(c == nil){
 				qunlock(udp);
@@ -507,33 +471,21 @@
 		p = bp->rp;
 		ipmove(p, raddr); p += IPaddrlen;
 		ipmove(p, laddr); p += IPaddrlen;
-		ipmove(p, ifc->lifc->local); p += IPaddrlen;
-		hnputs(p, rport); p += 2;
-		hnputs(p, lport);
-		break;
-	case 6:
-		/* pass the src address */
-		bp = padblock(bp, UDP_USEAD6);
-		p = bp->rp;
-		ipmove(p, raddr); p += IPaddrlen;
-		ipmove(p, ipforme(f, laddr)==Runi ? laddr : ifc->lifc->local); p += IPaddrlen;
+		if(!ipv6local(ifc, p, 0, raddr))
+			ipmove(p, ifc->lifc != nil ? ifc->lifc->local : IPnoaddr);
+		p += IPaddrlen;
 		hnputs(p, rport); p += 2;
 		hnputs(p, lport);
 		break;
 	}
 
-	if(bp->next)
-		bp = concatblock(bp);
-
 	if(qfull(c->rq)){
-		qunlock(c);
-		netlog(f, Logudp, "udp: qfull %I.%d -> %I.%d\n", raddr, rport,
-		       laddr, lport);
+		netlog(f, Logudp, "udp: qfull %I.%d -> %I.%d\n",
+			raddr, rport, laddr, lport);
 		freeblist(bp);
-		return;
+	} else {
+		qpass(c->rq, concatblock(bp));
 	}
-
-	qpass(c->rq, bp);
 	qunlock(c);
 
 }
@@ -545,11 +497,13 @@
 
 	ucb = (Udpcb*)c->ptcl;
 	if(n == 1){
-		if(strcmp(f[0], "oldheaders") == 0){
-			ucb->headers = 6;
+		if(strcmp(f[0], "hangup") == 0){
+			qhangup(c->rq, nil);
+			qhangup(c->wq, nil);
 			return nil;
-		} else if(strcmp(f[0], "headers") == 0){
-			ucb->headers = 7;
+		}
+		if(strcmp(f[0], "headers") == 0){
+			ucb->headers = 7;	/* new headers format */
 			return nil;
 		}
 	}
@@ -564,34 +518,25 @@
 	uchar source[IPaddrlen], dest[IPaddrlen];
 	ushort psource, pdest;
 	Conv *s, **p;
-	int version;
 
 	h4 = (Udp4hdr*)(bp->rp);
-	version = ((h4->vihl&0xF0)==IP_VER6) ? V6 : V4;
+	h6 = (Udp6hdr*)(bp->rp);
 
-	switch(version) {
-	case V4:
+	if((h4->vihl&0xF0)==IP_VER4) {
 		v4tov6(dest, h4->udpdst);
 		v4tov6(source, h4->udpsrc);
 		psource = nhgets(h4->udpsport);
 		pdest = nhgets(h4->udpdport);
-		break;
-	case V6:
-		h6 = (Udp6hdr*)(bp->rp);
+	} else {
 		ipmove(dest, h6->udpdst);
 		ipmove(source, h6->udpsrc);
 		psource = nhgets(h6->udpsport);
 		pdest = nhgets(h6->udpdport);
-		break;
-	default:
-		panic("udpadvise: version %d", version);
-		return;  /* to avoid a warning */
 	}
 
 	/* Look for a connection */
 	qlock(udp);
-	for(p = udp->conv; *p; p++) {
-		s = *p;
+	for(p = udp->conv; (s = *p) != nil; p++) {
 		if(s->rport == pdest)
 		if(s->lport == psource)
 		if(ipcmp(s->raddr, dest) == 0)
@@ -617,19 +562,14 @@
 	Udppriv *upriv;
 
 	upriv = udp->priv;
-	return snprint(buf, len, "InDatagrams: %lud\nNoPorts: %lud\nInErrors: %lud\nOutDatagrams: %lud\n",
+	return snprint(buf, len, "InDatagrams: %llud\nNoPorts: %lud\n"
+		"InErrors: %lud\nOutDatagrams: %llud\n",
 		upriv->ustats.udpInDatagrams,
 		upriv->ustats.udpNoPorts,
 		upriv->ustats.udpInErrors,
 		upriv->ustats.udpOutDatagrams);
 }
 
-int
-udpgc(Proto *udp)
-{
-	return natgc(udp->ipproto);
-}
-
 void
 udpinit(Fs *fs)
 {
@@ -647,7 +587,6 @@
 	udp->rcv = udpiput;
 	udp->advise = udpadvise;
 	udp->stats = udpstats;
-	udp->gc = udpgc;
 	udp->ipproto = IP_UDPPROTO;
 	udp->nc = Nchans;
 	udp->ptclsize = sizeof(Udpcb);
diff -urN a/os/ip/arp.c b/os/ip/arp.c
--- a/os/ip/arp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/arp.c	Sat Aug 21 01:39:52 2021
@@ -47,7 +47,8 @@
 
 #define haship(s) ((s)[IPaddrlen-1]%NHASH)
 
-extern int 	ReTransTimer = RETRANS_TIMER;
+int 	ReTransTimer = RETRANS_TIMER;
+
 static void 	rxmitproc(void *v);
 
 void
@@ -57,145 +58,121 @@
 	f->arp->f = f;
 	f->arp->rxmt = nil;
 	f->arp->dropf = f->arp->dropl = nil;
-	kproc("rxmitproc", rxmitproc, f->arp, 0);
+	kproc("rxmitproc", rxmitproc, f->arp);
 }
 
-/*
- *  create a new arp entry for an ip address.
- */
-static Arpent*
-newarp6(Arp *arp, uchar *ip, Ipifc *ifc, int addrxt)
+static void
+freeblistchain(Block *bp)
 {
-	uint t;
-	Block *next, *xp;
-	Arpent *a, *e, *f, **l;
-	Medium *m = ifc->m;
-	int empty;
+	Block *next;
 
-	/* find oldest entry */
-	e = &arp->cache[NCACHE];
-	a = arp->cache;
-	t = a->utime;
-	for(f = a; f < e; f++){
-		if(f->utime < t){
-			t = f->utime;
-			a = f;
-		}
+	while(bp != nil){
+		next = bp->list;
+		freeblist(bp);
+		bp = next;
 	}
+}
 
-	/* dump waiting packets */
-	xp = a->hold;
-	a->hold = nil;
+/* take out of re-transmit chain */
+static Arpent**
+rxmtunchain(Arp *arp, Arpent *a)
+{
+	Arpent **l;
 
-	if(isv4(a->ip)){
-		while(xp){
-			next = xp->list;
-			freeblist(xp);
-			xp = next;
+	for(l = &arp->rxmt; *l != nil; l = &((*l)->nextrxt)){
+		if(*l == a){
+			*l = a->nextrxt;
+			break;
 		}
 	}
-	else {	// queue icmp unreachable for rxmitproc later on, w/o arp lock
-		if(xp){
-			if(arp->dropl == nil) 
-				arp->dropf = xp;
-			else
-				arp->dropl->list = xp;
+	a->nextrxt = nil;
+	return l;
+}
 
-			for(next = xp->list; next; next = next->list)
-				xp = next;
-			arp->dropl = xp;
-			wakeup(&arp->rxmtq);
-		}
-	}
+static void
+cleanarpent(Arp *arp, Arpent *a)
+{
+	Arpent **l;
+	Block *bp;
 
 	/* take out of current chain */
-	l = &arp->hash[haship(a->ip)];
-	for(f = *l; f; f = f->hash){
-		if(f == a){
+	for(l = &arp->hash[haship(a->ip)]; *l != nil; l = &((*l)->hash)){
+		if(*l == a){
 			*l = a->hash;
 			break;
 		}
-		l = &f->hash;
 	}
+	a->hash = nil;
 
-	/* insert into new chain */
-	l = &arp->hash[haship(ip)];
-	a->hash = *l;
-	*l = a;
-
-	memmove(a->ip, ip, sizeof(a->ip));
-	a->utime = NOW;
-	a->ctime = 0;
-	a->type = m;
+	/* dump waiting packets */
+	bp = a->hold;
+	a->hold = nil;
+	if(isv4(a->ip))
+		freeblistchain(bp);
+	else {
+		rxmtunchain(arp, a);
 
-	a->rtime = NOW + ReTransTimer;
-	a->rxtsrem = MAX_MULTICAST_SOLICIT;
-	a->ifc = ifc;
-	a->ifcid = ifc->ifcid;
+		/* queue icmp unreachable for rxmitproc later on, w/o arp lock */
+		if(bp != nil){
+			if(arp->dropf == nil)
+				arp->dropf = bp;
+			else
+				arp->dropl->list = bp;
+			arp->dropl = a->last;
 
-	/* put to the end of re-transmit chain; addrxt is 0 when isv4(a->ip) */
-	if(!ipismulticast(a->ip) && addrxt){
-		l = &arp->rxmt;
-		empty = (*l==nil);
-
-		for(f = *l; f; f = f->nextrxt){
-			if(f == a){
-				*l = a->nextrxt;
-				break;
-			}
-			l = &f->nextrxt;
-		}
-		for(f = *l; f; f = f->nextrxt){
-			l = &f->nextrxt;
+			if(bp == arp->dropf)
+				wakeup(&arp->rxmtq);
 		}
-		*l = a;
-		if(empty) 
-			wakeup(&arp->rxmtq);
 	}
+	a->last = nil;
 
-	a->nextrxt = nil;
+	a->ifc = nil;
+	a->ifcid = 0;
 
-	return a;
-}
+	a->state = 0;
+	a->rxtsrem = 0;
+
+	a->utime = 0;
+	a->ctime = 0;
 
-/* called with arp qlocked */
+	memset(a->ip, 0, sizeof(a->ip));
+	memset(a->mac, 0, sizeof(a->mac));
+}
 
-void
-cleanarpent(Arp *arp, Arpent *a)
+/*
+ *  create a new arp entry for an ip address on ifc.
+ */
+static Arpent*
+newarpent(Arp *arp, uchar *ip, Ipifc *ifc)
 {
-	Arpent *f, **l;
+	Arpent *a, *e, *f, **l;
+	ulong t;
 
-	a->utime = 0;
-	a->ctime = 0;
-	a->type = 0;
-	a->state = 0;
-	
-	/* take out of current chain */
-	l = &arp->hash[haship(a->ip)];
-	for(f = *l; f; f = f->hash){
-		if(f == a){
-			*l = a->hash;
-			break;
+	/* find oldest entry */
+	e = &arp->cache[NCACHE];
+	a = arp->cache;
+	t = a->utime;
+	for(f = a; f < e; f++){
+		if(f->utime < t){
+			t = f->utime;
+			a = f;
 		}
-		l = &f->hash;
 	}
+	cleanarpent(arp, a);
 
-	/* take out of re-transmit chain */
-	l = &arp->rxmt;
-	for(f = *l; f; f = f->nextrxt){
-		if(f == a){
-			*l = a->nextrxt;
-			break;
-		}
-		l = &f->nextrxt;
-	}
-	a->nextrxt = nil;
-	a->hash = nil;
-	a->hold = nil;
-	a->last = nil;
-	a->ifc = nil;
+	ipmove(a->ip, ip);
+	a->ifc = ifc;
+	a->ifcid = ifc->ifcid;
+
+	/* insert into new chain */
+	l = &arp->hash[haship(ip)];
+	a->hash = *l;
+	*l = a;
+
+	return a;
 }
 
+
 /*
  *  fill in the media address if we have it.  Otherwise return an
  *  Arpent that represents the state of the address resolution FSM
@@ -207,7 +184,6 @@
 {
 	int hash;
 	Arpent *a;
-	Medium *type = ifc->m;
 	uchar v6ip[IPaddrlen];
 
 	if(version == V4){
@@ -217,30 +193,28 @@
 
 	qlock(arp);
 	hash = haship(ip);
-	for(a = arp->hash[hash]; a; a = a->hash){
-		if(memcmp(ip, a->ip, sizeof(a->ip)) == 0)
-		if(type == a->type)
+	for(a = arp->hash[hash]; a != nil; a = a->hash){
+		if(a->ifc == ifc && a->ifcid == ifc->ifcid && ipcmp(ip, a->ip) == 0)
 			break;
 	}
-
 	if(a == nil){
-		a = newarp6(arp, ip, ifc, (version != V4));
+		a = newarpent(arp, ip, ifc);
 		a->state = AWAIT;
 	}
 	a->utime = NOW;
 	if(a->state == AWAIT){
 		if(bp != nil){
-			if(a->hold)
-				a->last->list = bp;
-			else
+			bp->list = nil; 
+			if(a->hold == nil)
 				a->hold = bp;
+			else
+				a->last->list = bp;
 			a->last = bp;
-			bp->list = nil; 
 		}
 		return a;		/* return with arp qlocked */
 	}
 
-	memmove(mac, a->mac, a->type->maclen);
+	memmove(mac, a->mac, ifc->m->maclen);
 
 	/* remove old entries */
 	if(NOW - a->ctime > 15*60*1000)
@@ -269,145 +243,94 @@
 arpresolve(Arp *arp, Arpent *a, Medium *type, uchar *mac)
 {
 	Block *bp;
-	Arpent *f, **l;
-
-	if(!isv4(a->ip)){
-		l = &arp->rxmt;
-		for(f = *l; f; f = f->nextrxt){
-			if(f == a){
-				*l = a->nextrxt;
-				break;
-			}
-			l = &f->nextrxt;
-		}
-	}
 
 	memmove(a->mac, mac, type->maclen);
-	a->type = type;
+	if(a->state == AWAIT && !isv4(a->ip)){
+		rxmtunchain(arp, a);
+		a->rxtsrem = 0;
+	}
 	a->state = AOK;
-	a->utime = NOW;
+	a->ctime = a->utime = NOW;
 	bp = a->hold;
-	a->hold = nil;
+	a->hold = a->last = nil;
 	qunlock(arp);
 
 	return bp;
 }
 
-void
-arpenter(Fs *fs, int version, uchar *ip, uchar *mac, int n, int refresh)
+int
+arpenter(Fs *fs, int version, uchar *ip, uchar *mac, int n, uchar *ia, Ipifc *ifc, int refresh)
 {
-	Arp *arp;
-	Route *r;
-	Arpent *a, *f, **l;
-	Ipifc *ifc;
-	Medium *type;
-	Block *bp, *next;
 	uchar v6ip[IPaddrlen];
+	Block *bp, *next;
+	Arpent *a;
+	Route *r;
+	Arp *arp;
 
-	arp = fs->arp;
-
-	if(n != 6){
-//		print("arp: len = %d\n", n);
-		return;
-	}
+	if(ifc->m == nil || ifc->m->maclen != n || ifc->m->maclen == 0)
+		return -1;
 
 	switch(version){
 	case V4:
-		r = v4lookup(fs, ip, nil);
+		r = v4lookup(fs, ip, ia, nil);
 		v4tov6(v6ip, ip);
 		ip = v6ip;
 		break;
 	case V6:
-		r = v6lookup(fs, ip, nil);
+		r = v6lookup(fs, ip, ia, nil);
 		break;
 	default:
 		panic("arpenter: version %d", version);
-		return;	/* to supress warnings */
+		return -1;	/* to supress warnings */
 	}
 
-	if(r == nil){
-//		print("arp: no route for entry\n");
-		return;
-	}
-
-	ifc = r->ifc;
-	type = ifc->m;
+	if(r == nil || r->ifc != ifc || (r->type & (Rbcast|Rmulti)) != 0)
+		return -1;
 
+	arp = fs->arp;
 	qlock(arp);
-	for(a = arp->hash[haship(ip)]; a; a = a->hash){
-		if(a->type != type || (a->state != AWAIT && a->state != AOK))
+	for(a = arp->hash[haship(ip)]; a != nil; a = a->hash){
+		if(a->ifc != ifc || a->ifcid != ifc->ifcid)
 			continue;
-
 		if(ipcmp(a->ip, ip) == 0){
-			a->state = AOK;
-			memmove(a->mac, mac, type->maclen);
-
-			if(version == V6){
-				/* take out of re-transmit chain */
-				l = &arp->rxmt;
-				for(f = *l; f; f = f->nextrxt){
-					if(f == a){
-						*l = a->nextrxt;
-						break;
-					}
-					l = &f->nextrxt;
-				}
-			}
-
-			a->ifc = ifc;
-			a->ifcid = ifc->ifcid;
-			bp = a->hold;
-			a->hold = nil;
 			if(version == V4)
 				ip += IPv4off;
-			a->utime = NOW;
-			a->ctime = a->utime;
-			qunlock(arp);
-
-			while(bp){
+			bp = arpresolve(arp, a, ifc->m, mac);	/* unlocks arp */
+			for(; bp != nil; bp = next){
 				next = bp->list;
-				if(ifc != nil){
-					if(waserror()){
-						runlock(ifc);
-						nexterror();
-					}
-					rlock(ifc);
-					if(ifc->m != nil)
-						ifc->m->bwrite(ifc, bp, version, ip);
-					else
-						freeb(bp);
-					runlock(ifc);
-					poperror();
-				} else
-					freeb(bp);
-				bp = next;
+				bp->list = nil;
+				if(waserror()){
+					freeblistchain(next);
+					break;
+				}
+				ipifcoput(ifc, bp, version, ip);
+				poperror();
 			}
-			return;
+			return 1;
 		}
 	}
 
 	if(refresh == 0){
-		a = newarp6(arp, ip, ifc, 0);
+		a = newarpent(arp, ip, ifc);
 		a->state = AOK;
-		a->type = type;
-		a->ctime = NOW;
-		memmove(a->mac, mac, type->maclen);
+		a->ctime = a->utime = NOW;
+		memmove(a->mac, mac, n);
 	}
-
 	qunlock(arp);
+
+	return refresh == 0;
 }
 
 int
 arpwrite(Fs *fs, char *s, int len)
 {
 	int n;
-	Route *r;
 	Arp *arp;
-	Block *bp;
-	Arpent *a, *fl, **l;
+	Arpent *a, *x;
 	Medium *m;
-	char *f[4], buf[256];
-	uchar ip[IPaddrlen], mac[MAClen];
+	Ipifc *ifc;
+	char *f[5], buf[256];
+	uchar ip[IPaddrlen], ia[IPaddrlen], mac[MAClen];
 
 	arp = fs->arp;
 
@@ -420,89 +343,79 @@
 	if(len > 0 && buf[len-1] == '\n')
 		buf[len-1] = 0;
 
-	n = getfields(buf, f, 4, 1, " ");
+	n = getfields(buf, f, nelem(f), 1, " ");
 	if(strcmp(f[0], "flush") == 0){
 		qlock(arp);
 		for(a = arp->cache; a < &arp->cache[NCACHE]; a++){
 			memset(a->ip, 0, sizeof(a->ip));
 			memset(a->mac, 0, sizeof(a->mac));
 			a->hash = nil;
+			a->nextrxt = nil;
+			a->ifc = nil;
+			a->ifcid = 0;
 			a->state = 0;
+			a->rxtsrem = 0;
+			a->ctime = 0;
 			a->utime = 0;
-			while(a->hold != nil){
-				bp = a->hold->list;
-				freeblist(a->hold);
-				a->hold = bp;
-			}
+			freeblistchain(a->hold);
+			a->hold = a->last = nil;
 		}
 		memset(arp->hash, 0, sizeof(arp->hash));
-// clear all pkts on these lists (rxmt, dropf/l)
+		freeblistchain(arp->dropf);
+		arp->dropf = arp->dropl = nil;
 		arp->rxmt = nil;
-		arp->dropf = nil;
-		arp->dropl = nil;
 		qunlock(arp);
 	} else if(strcmp(f[0], "add") == 0){
 		switch(n){
 		default:
 			error(Ebadarg);
 		case 3:
-			parseip(ip, f[1]);
-			if(isv4(ip))
-				r = v4lookup(fs, ip+IPv4off, nil);
-			else
-				r = v6lookup(fs, ip, nil);
-			if(r == nil)
-				error("Destination unreachable");
-			m = r->ifc->m;
-			n = parsemac(mac, f[2], m->maclen);
+			if(parseip(ip, f[1]) == -1)
+				error(Ebadip);
+			if((n = parsemac(mac, f[2], sizeof(mac))) <= 0)
+				error(Ebadarp);
+			findlocalip(fs, ia, ip);
 			break;
 		case 4:
 			m = ipfindmedium(f[1]);
-			if(m == nil)
+			if(m == nil || m->maclen == 0)
+				error(Ebadarp);
+			if(parseip(ip, f[2]) == -1)
+				error(Ebadip);
+			if((n = parsemac(mac, f[3], sizeof(mac))) != m->maclen)
 				error(Ebadarp);
-			parseip(ip, f[2]);
-			n = parsemac(mac, f[3], m->maclen);
+			findlocalip(fs, ia, ip);
+			break;
+		case 5:
+			m = ipfindmedium(f[1]);
+			if(m == nil || m->maclen == 0)
+				error(Ebadarp);
+			if(parseip(ip, f[2]) == -1)
+				error(Ebadip);
+			if((n = parsemac(mac, f[3], sizeof(mac))) != m->maclen)
+				error(Ebadarp);
+			if(parseip(ia, f[4]) == -1)
+				error(Ebadip);
 			break;
 		}
-
-		if(m->ares == nil)
-			error(Ebadarp);
-
-		m->ares(fs, V6, ip, mac, n, 0);
+		if((ifc = findipifc(fs, ia, ia, Runi)) == nil)
+			error("no interface");
+		rlock(ifc);
+		if(!ipv6local(ifc, ia, 0, ip) || arpenter(fs, V6, ip, mac, n, ia, ifc, 0) < 0){
+			runlock(ifc);
+			error("destination unreachable");
+		}
+		runlock(ifc);
 	} else if(strcmp(f[0], "del") == 0){
-		if(n != 2)
+		if (n != 2)
 			error(Ebadarg);
-
-		parseip(ip, f[1]);
+		if (parseip(ip, f[1]) == -1)
+			error(Ebadip);
 		qlock(arp);
-
-		l = &arp->hash[haship(ip)];
-		for(a = *l; a; a = a->hash){
-			if(memcmp(ip, a->ip, sizeof(a->ip)) == 0){
-				*l = a->hash;
-				break;
-			}
-			l = &a->hash;
-		}
-	
-		if(a){
-			/* take out of re-transmit chain */
-			l = &arp->rxmt;
-			for(fl = *l; fl; fl = fl->nextrxt){
-				if(fl == a){
-					*l = a->nextrxt;
-					break;
-				}
-				l = &fl->nextrxt;
-			}
-
-			a->nextrxt = nil;
-			a->hash = nil;
-			a->hold = nil;
-			a->last = nil;
-			a->ifc = nil;
-			memset(a->ip, 0, sizeof(a->ip));
-			memset(a->mac, 0, sizeof(a->mac));
+		for(a = arp->hash[haship(ip)]; a != nil; a = x){
+			x = a->hash;
+			if(ipcmp(ip, a->ip) == 0)
+				cleanarpent(arp, a);
 		}
 		qunlock(arp);
 	} else
@@ -511,13 +424,6 @@
 	return len;
 }
 
-enum
-{
-	Alinelen=	90,
-};
-
-char *aformat = "%-6.6s %-8.8s %-40.40I %-32.32s\n";
-
 static void
 convmac(char *p, uchar *mac, int n)
 {
@@ -526,156 +432,151 @@
 }
 
 int
-arpread(Arp *arp, char *p, ulong offset, int len)
+arpread(Arp *arp, char *s, ulong offset, int len)
 {
+	char mac[2*MAClen+1], *state, *mname, *p;
+	uchar ip[IPaddrlen], ia[IPaddrlen];
+	Ipifc *ifc;
 	Arpent *a;
-	int n;
-	char mac[2*MAClen+1];
-
-	if(offset % Alinelen)
-		return 0;
-
-	offset = offset/Alinelen;
-	len = len/Alinelen;
+	long n, o;
 
-	n = 0;
+	p = s;
+	o = -offset;
 	for(a = arp->cache; len > 0 && a < &arp->cache[NCACHE]; a++){
-		if(a->state == 0)
+		if(a->state == 0 || (ifc = a->ifc) == nil)
 			continue;
-		if(offset > 0){
-			offset--;
+
+		rlock(ifc);
+		qlock(arp);
+		state = arpstate[a->state];
+		ipmove(ip, a->ip);
+		if(ifc->m == nil || a->ifcid != ifc->ifcid || !ipv6local(ifc, ia, 0, ip)){
+			qunlock(arp);
+			runlock(ifc);
 			continue;
 		}
-		len--;
-		qlock(arp);
-		convmac(mac, a->mac, a->type->maclen);
-		n += sprint(p+n, aformat, a->type->name, arpstate[a->state], a->ip, mac);
+		mname = ifc->m->name;
+		convmac(mac, a->mac, ifc->m->maclen);
 		qunlock(arp);
+		runlock(ifc);
+
+		n = snprint(up->genbuf, sizeof up->genbuf,
+			"%-6.6s %-4.4s %-40.40I %-16.16s %I\n",
+			mname, state, ip, mac, ia);
+		o += n;
+		if(o <= 0)
+			continue;
+		if(n > len)
+			break;
+		memmove(p, up->genbuf, n);
+		len -= n;
+		p += n;
 	}
 
-	return n;
+	return p - s;
 }
 
-extern int
-rxmitsols(Arp *arp)
+void
+ndpsendsol(Fs *f, Ipifc *ifc, Arpent *a)
 {
-	uint sflag;
-	Block *next, *xp;
-	Arpent *a, *b, **l;
-	Fs *f;
-	uchar ipsrc[IPaddrlen];
-	Ipifc *ifc = nil;
-	long nrxt;
+	uchar targ[IPaddrlen], src[IPaddrlen];
+	Arpent **l;
 
-	qlock(arp);
-	f = arp->f;
+	a->ctime = NOW;
+	if(a->rxtsrem == 0)
+		a->rxtsrem = MAX_MULTICAST_SOLICIT;
+	else
+		a->rxtsrem--;
+
+	/* put on end of re-transmit chain */
+	for(l = rxmtunchain(f->arp, a); *l != nil; l = &(*l)->nextrxt)
+		;
+	*l = a;
 
-	a = arp->rxmt;
-	if(a==nil){
-		nrxt = 0;
-		goto dodrops; 		//return nrxt;
-	}
-	nrxt = a->rtime - NOW;
-	if(nrxt > 3*ReTransTimer/4) 
-		goto dodrops; 		//return nrxt;
-
-	for(; a; a = a->nextrxt){
-		ifc = a->ifc;
-		assert(ifc != nil);
-		if((a->rxtsrem <= 0) || !(canrlock(ifc)) || (a->ifcid != ifc->ifcid)){
-			xp = a->hold;
-			a->hold = nil;
-
-			if(xp){
-				if(arp->dropl == nil) 
-					arp->dropf = xp;
-				else
-					arp->dropl->list = xp;
-			}
+	if(l == &f->arp->rxmt)
+		wakeup(&f->arp->rxmtq);
 
-			cleanarpent(arp, a);
-		}
-		else
-			break;
+	/* try to use source address of original packet */
+	ipmove(targ, a->ip);
+	if(a->last != nil){
+		ipmove(src, ((Ip6hdr*)a->last->rp)->src);
+		arprelease(f->arp, a);
+
+		if(iplocalonifc(ifc, src) != nil || ipproxyifc(f, ifc, src))
+			goto send;
+	} else {
+		arprelease(f->arp, a);
 	}
-	if(a == nil)
-		goto dodrops;
-
-
-	qunlock(arp);	/* for icmpns */
-	if((sflag = ipv6anylocal(ifc, ipsrc)) != SRC_UNSPEC) 
-		icmpns(f, ipsrc, sflag, a->ip, TARG_MULTI, ifc->mac); 
+	if(!ipv6local(ifc, src, 0, targ))
+		return;
+send:
+	if(!waserror()){
+		icmpns(f, src, SRC_UNI, targ, TARG_MULTI, ifc->mac);
+		poperror();
+	}
+}
 
-	runlock(ifc);
-	qlock(arp);	
+static void
+rxmitsols(Arp *arp)
+{
+	Block *next, *bp;
+	Arpent *a;
+	Ipifc *ifc;
+	Route *r;
 
-	/* put to the end of re-transmit chain */
-	l = &arp->rxmt;
-	for(b = *l; b; b = b->nextrxt){
-		if(b == a){
-			*l = a->nextrxt;
-			break;
+	qlock(arp);
+	while((a = arp->rxmt) != nil && NOW - a->ctime > 3*ReTransTimer/4){
+		if(a->rxtsrem > 0 && (ifc = a->ifc) != nil && canrlock(ifc)){
+			if(a->ifcid == ifc->ifcid){
+				ndpsendsol(arp->f, ifc, a);	/* unlocks arp */
+				runlock(ifc);
+				qlock(arp);
+				continue;
+			}
+			runlock(ifc);
 		}
-		l = &b->nextrxt;
-	}
-	for(b = *l; b; b = b->nextrxt){
-		l = &b->nextrxt;
+		cleanarpent(arp, a);
 	}
-	*l = a;
-	a->rxtsrem--;
-	a->nextrxt = nil;
-	a->rtime = NOW + ReTransTimer;
-
-	a = arp->rxmt;
-	if(a==nil)
-		nrxt = 0;
-	else 
-		nrxt = a->rtime - NOW;
-
-dodrops:
-	xp = arp->dropf;
-	arp->dropf = nil;
-	arp->dropl = nil;
+	bp = arp->dropf;
+	arp->dropf = arp->dropl = nil;
 	qunlock(arp);
 
-	for(; xp; xp = next){
-		next = xp->list;
-		icmphostunr(f, ifc, xp, icmp6_adr_unreach, 1);
+	for(; bp != nil; bp = next){
+		next = bp->list;
+		bp->list = nil;
+		r = v6lookup(arp->f, ((Ip6hdr*)bp->rp)->src, ((Ip6hdr*)bp->rp)->dst, nil);
+		if(r != nil && (ifc = r->ifc) != nil && canrlock(ifc)){
+			if(!waserror()){
+				icmphostunr6(arp->f, ifc, bp, Icmp6_adr_unreach, (r->type & Runi) != 0);
+				poperror();
+			}
+			runlock(ifc);
+		}
+		freeblist(bp);
 	}
-
-	return nrxt;
-
 }
 
 static int
 rxready(void *v)
 {
-	Arp *arp = (Arp *) v;
-	int x;
-
-	x = ((arp->rxmt != nil) || (arp->dropf != nil));
+	Arp *arp = (Arp *)v;
 
-	return x;
+	return arp->rxmt != nil || arp->dropf != nil;
 }
 
 static void
 rxmitproc(void *v)
 {
 	Arp *arp = v;
-	long wakeupat;
 
 	arp->rxmitp = up;
-	//print("arp rxmitproc started\n");
 	if(waserror()){
-		arp->rxmitp = 0;
+		arp->rxmitp = nil;
 		pexit("hangup", 1);
 	}
 	for(;;){
-		wakeupat = rxmitsols(arp);
-		if(wakeupat == 0) 
-			sleep(&arp->rxmtq, rxready, v); 
-		else if(wakeupat > ReTransTimer/4) 
-			tsleep(&arp->rxmtq, return0, 0, wakeupat); 
+		sleep(&arp->rxmtq, rxready, v);
+		rxmitsols(arp);
+		tsleep(&arp->rxmtq, return0, nil, ReTransTimer/4);
 	}
 }
-
diff -urN a/os/ip/bootp.c b/os/ip/bootp.c
--- a/os/ip/bootp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/bootp.c	Wed Dec 31 19:00:00 1969
@@ -1,231 +0,0 @@
-#include "u.h"
-#include "../port/lib.h"
-#include "mem.h"
-#include "dat.h"
-#include "fns.h"
-#include "../port/error.h"
-#include "kernel.h"
-#include "ip.h"
-
-static	ulong	fsip;
-static	ulong	auip;
-static	ulong	gwip;
-static	ulong	ipmask;
-static	ulong	ipaddr;
-
-enum
-{
-	Bootrequest = 1,
-	Bootreply   = 2,
-};
-
-typedef struct Bootp
-{
-	/* udp.c oldheader */
-	uchar	raddr[IPaddrlen];
-	uchar	laddr[IPaddrlen];
-	uchar	rport[2];
-	uchar	lport[2];
-	/* bootp itself */
-	uchar	op;		/* opcode */
-	uchar	htype;		/* hardware type */
-	uchar	hlen;		/* hardware address len */
-	uchar	hops;		/* hops */
-	uchar	xid[4];		/* a random number */
-	uchar	secs[2];	/* elapsed snce client started booting */
-	uchar	pad[2];
-	uchar	ciaddr[4];	/* client IP address (client tells server) */
-	uchar	yiaddr[4];	/* client IP address (server tells client) */
-	uchar	siaddr[4];	/* server IP address */
-	uchar	giaddr[4];	/* gateway IP address */
-	uchar	chaddr[16];	/* client hardware address */
-	uchar	sname[64];	/* server host name (optional) */
-	uchar	file[128];	/* boot file name */
-	uchar	vend[128];	/* vendor-specific goo */
-} Bootp;
-
-/*
- * bootp returns:
- *
- * "fsip d.d.d.d
- * auip d.d.d.d
- * gwip d.d.d.d
- * ipmask d.d.d.d
- * ipaddr d.d.d.d"
- *
- * where d.d.d.d is the IP address in dotted decimal notation, and each
- * address is followed by a newline.
- */
-
-static	Bootp	req;
-static	Proc*	rcvprocp;
-static	int	recv;
-static	int	done;
-static	Rendez	bootpr;
-static	char	rcvbuf[512+2*IPaddrlen+2*2];
-
-static void
-rcvbootp(void *a)
-{
-	int n, fd;
-	Bootp *rp;
-	char *field[4];
-	uchar ip[IPaddrlen];
-
-	if(waserror())
-		pexit("", 0);
-	rcvprocp = up;	/* store for postnote below */
-	fd = (int)a;	/* at compilation: warning: ../ip/bootp.c:78 conversion of pointer to shorter integer */
-	while(done == 0) {
-		n = kread(fd, rcvbuf, sizeof(rcvbuf));
-		if(n <= 0)
-			break;
-		rp = (Bootp*)rcvbuf;
-		/* currently ignore udp's header */
-		if(memcmp(req.chaddr, rp->chaddr, 6) == 0
-		&& rp->htype == 1 && rp->hlen == 6
-		&& getfields((char*)rp->vend+4, field, 4, 1, " ") == 4
-		&& strncmp((char*)rp->vend, "p9  ", 4) == 0){
-			if(ipaddr == 0)
-				ipaddr = nhgetl(rp->yiaddr);
-			if(ipmask == 0)
-				ipmask = parseip(ip, field[0]);
-			if(fsip == 0)
-				fsip = parseip(ip, field[1]);
-			if(auip == 0)
-				auip = parseip(ip, field[2]);
-			if(gwip == 0)
-				gwip = parseip(ip, field[3]);
-			break;
-		}
-	}
-	poperror();
-	rcvprocp = nil;
-
-	recv = 1;
-	wakeup(&bootpr);
-	pexit("", 0);
-}
-
-static char*
-rbootp(Ipifc *ifc)
-{
-	int cfd, dfd, tries, n;
-	char ia[5+3*24], im[16], *av[3];
-	uchar nipaddr[4], ngwip[4], nipmask[4];
-	char dir[Maxpath];
-
-	av[1] = "0.0.0.0";
-	av[2] = "0.0.0.0";
-	ipifcadd(ifc, av, 3, 0, nil);
-
-	cfd = kannounce("udp!*!68", dir);
-	if(cfd < 0)
-		return "bootp announce failed";
-	strcat(dir, "/data");
-	if(kwrite(cfd, "headers", 7) < 0){
-		kclose(cfd);
-		return "bootp ctl headers failed";
-	}
-	kwrite(cfd, "oldheaders", 10);
-	dfd = kopen(dir, ORDWR);
-	if(dfd < 0){
-		kclose(cfd);
-		return "bootp open data failed";
-	}
-	kclose(cfd);
-	
-
-	/* create request */
-	memset(&req, 0, sizeof(req));
-	ipmove(req.raddr, IPv4bcast);
-	hnputs(req.rport, 67);
-	req.op = Bootrequest;
-	req.htype = 1;			/* ethernet (all we know) */
-	req.hlen = 6;			/* ethernet (all we know) */
-
-	/* Hardware MAC address */
-	memmove(req.chaddr, ifc->mac, 6);
-	/* Fill in the local IP address if we know it */
-	ipv4local(ifc, req.ciaddr);
-	memset(req.file, 0, sizeof(req.file));
-	strcpy((char*)req.vend, "p9  ");
-
-	done = 0;
-	recv = 0;
-
-	kproc("rcvbootp", rcvbootp, (void*)dfd, KPDUPFDG);
-
-	/*
-	 * broadcast bootp's till we get a reply,
-	 * or fixed number of tries
-	 */
-	tries = 0;
-	while(recv == 0) {
-		if(kwrite(dfd, &req, sizeof(req)) < 0)
-			print("bootp: write: %s\n", commonerror());
-
-		tsleep(&bootpr, return0, 0, 1000);
-		if(++tries > 10) {
-			print("bootp: timed out\n");
-			break;
-		}
-	}
-	kclose(dfd);
-	done = 1;
-	if(rcvprocp != nil){
-		postnote(rcvprocp, 1, "timeout", 0);
-		rcvprocp = nil;
-	}
-
-	av[1] = "0.0.0.0";
-	av[2] = "0.0.0.0";
-	ipifcrem(ifc, av, 3);
-
-	hnputl(nipaddr, ipaddr);
-	sprint(ia, "%V", nipaddr);
-	hnputl(nipmask, ipmask);
-	sprint(im, "%V", nipmask);
-	av[1] = ia;
-	av[2] = im;
-	ipifcadd(ifc, av, 3, 0, nil);
-
-	if(gwip != 0) {
-		hnputl(ngwip, gwip);
-		n = snprint(ia, sizeof(ia), "add 0.0.0.0 0.0.0.0 %V", ngwip);
-		routewrite(ifc->conv->p->f, nil, ia, n);
-	}
-	return nil;
-}
-
-static int
-rbootpread(char *bp, ulong offset, int len)
-{
-	int n;
-	char *buf;
-	uchar a[4];
-
-	buf = smalloc(READSTR);
-	if(waserror()){
-		free(buf);
-		nexterror();
-	}
-	hnputl(a, fsip);
-	n = snprint(buf, READSTR, "fsip %15V\n", a);
-	hnputl(a, auip);
-	n += snprint(buf + n, READSTR-n, "auip %15V\n", a);
-	hnputl(a, gwip);
-	n += snprint(buf + n, READSTR-n, "gwip %15V\n", a);
-	hnputl(a, ipmask);
-	n += snprint(buf + n, READSTR-n, "ipmask %15V\n", a);
-	hnputl(a, ipaddr);
-	snprint(buf + n, READSTR-n, "ipaddr %15V\n", a);
-
-	len = readstr(offset, bp, len, buf);
-	poperror();
-	free(buf);
-	return len;
-}
-
-char*	(*bootp)(Ipifc*) = rbootp;
-int	(*bootpread)(char*, ulong, int) = rbootpread;
diff -urN a/os/ip/chandial.c b/os/ip/chandial.c
--- a/os/ip/chandial.c	Wed Dec 31 19:00:00 1969
+++ b/os/ip/chandial.c	Sat Aug 21 01:39:52 2021
@@ -0,0 +1,126 @@
+#include	"u.h"
+#include	"../port/lib.h"
+#include	"mem.h"
+#include	"dat.h"
+#include	"fns.h"
+#include	"../port/error.h"
+#include	"../ip/ip.h"
+
+typedef struct DS DS;
+static Chan*	call(char*, char*, DS*);
+static void	_dial_string_parse(char*, DS*);
+
+enum
+{
+	Maxstring=	128,
+};
+
+struct DS
+{
+	char	buf[Maxstring];			/* dist string */
+	char	*netdir;
+	char	*proto;
+	char	*rem;
+	char	*local;				/* other args */
+	char	*dir;
+	Chan	**ctlp;
+};
+
+/*
+ *  the dialstring is of the form '[/net/]proto!dest'
+ */
+Chan*
+chandial(char *dest, char *local, char *dir, Chan **ctlp)
+{
+	DS ds;
+	char clone[Maxpath];
+
+	ds.local = local;
+	ds.dir = dir;
+	ds.ctlp = ctlp;
+
+	_dial_string_parse(dest, &ds);
+	if(ds.netdir == nil)
+		ds.netdir = "/net";
+
+	/* no connection server, don't translate */
+	snprint(clone, sizeof(clone), "%s/%s/clone", ds.netdir, ds.proto);
+	return call(clone, ds.rem, &ds);
+}
+
+static Chan*
+call(char *clone, char *dest, DS *ds)
+{
+	int n;
+	Chan *dchan, *cchan;
+	char name[Maxpath], data[Maxpath], *p;
+
+	cchan = namec(clone, Aopen, ORDWR, 0);
+
+	/* get directory name */
+	if(waserror()){
+		cclose(cchan);
+		nexterror();
+	}
+	n = devtab[cchan->type]->read(cchan, name, sizeof(name)-1, 0);
+	name[n] = 0;
+	for(p = name; *p == ' '; p++)
+		;
+	sprint(name, "%lud", strtoul(p, 0, 0));
+	p = strrchr(clone, '/');
+	*p = 0;
+	if(ds->dir)
+		snprint(ds->dir, Maxpath, "%s/%s", clone, name);
+	snprint(data, sizeof(data), "%s/%s/data", clone, name);
+
+	/* connect */
+	if(ds->local)
+		snprint(name, sizeof(name), "connect %s %s", dest, ds->local);
+	else
+		snprint(name, sizeof(name), "connect %s", dest);
+	devtab[cchan->type]->write(cchan, name, strlen(name), 0);
+
+	/* open data connection */
+	dchan = namec(data, Aopen, ORDWR, 0);
+	if(ds->ctlp)
+		*ds->ctlp = cchan;
+	else
+		cclose(cchan);
+	poperror();
+	return dchan;
+
+}
+
+/*
+ *  parse a dial string
+ */
+static void
+_dial_string_parse(char *str, DS *ds)
+{
+	char *p, *p2;
+
+	strncpy(ds->buf, str, Maxstring);
+	ds->buf[Maxstring-1] = 0;
+
+	p = strchr(ds->buf, '!');
+	if(p == 0) {
+		ds->netdir = 0;
+		ds->proto = "net";
+		ds->rem = ds->buf;
+	} else {
+		if(*ds->buf != '/' && *ds->buf != '#'){
+			ds->netdir = nil;
+			ds->proto = ds->buf;
+		} else {
+			for(p2 = p; *p2 != '/' && p2 != ds->buf; p2--)
+				;
+			if(p2 == ds->buf)
+				error(Ebadarg);
+			*p2++ = 0;
+			ds->netdir = ds->buf;
+			ds->proto = p2;
+		}
+		*p = 0;
+		ds->rem = p + 1;
+	}
+}
diff -urN a/os/ip/compress.c b/os/ip/compress.c
--- a/os/ip/compress.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/compress.c	Wed Dec 31 19:00:00 1969
@@ -1,520 +0,0 @@
-#include	"u.h"
-#include	"../port/lib.h"
-#include	"mem.h"
-#include	"dat.h"
-#include	"fns.h"
-#include	"../port/error.h"
-
-#include	"ip.h"
-#include	"ppp.h"
-
-typedef struct Iphdr	Iphdr;
-typedef struct Tcphdr	Tcphdr;
-typedef struct Ilhdr	Ilhdr;
-typedef struct Hdr	Hdr;
-typedef struct Tcpc	Tcpc;
-
-struct Iphdr
-{
-	uchar	vihl;		/* Version and header length */
-	uchar	tos;		/* Type of service */
-	uchar	length[2];	/* packet length */
-	uchar	id[2];		/* Identification */
-	uchar	frag[2];	/* Fragment information */
-	uchar	ttl;		/* Time to live */
-	uchar	proto;		/* Protocol */
-	uchar	cksum[2];	/* Header checksum */
-	ulong	src;		/* Ip source (byte ordering unimportant) */
-	ulong	dst;		/* Ip destination (byte ordering unimportant) */
-};
-
-struct Tcphdr
-{
-	ulong	ports;		/* defined as a ulong to make comparisons easier */
-	uchar	seq[4];
-	uchar	ack[4];
-	uchar	flag[2];
-	uchar	win[2];
-	uchar	cksum[2];
-	uchar	urg[2];
-};
-
-struct Ilhdr
-{
-	uchar	sum[2];	/* Checksum including header */
-	uchar	len[2];	/* Packet length */
-	uchar	type;		/* Packet type */
-	uchar	spec;		/* Special */
-	uchar	src[2];	/* Src port */
-	uchar	dst[2];	/* Dst port */
-	uchar	id[4];	/* Sequence id */
-	uchar	ack[4];	/* Acked sequence */
-};
-
-enum
-{
-	URG		= 0x20,		/* Data marked urgent */
-	ACK		= 0x10,		/* Aknowledge is valid */
-	PSH		= 0x08,		/* Whole data pipe is pushed */
-	RST		= 0x04,		/* Reset connection */
-	SYN		= 0x02,		/* Pkt. is synchronise */
-	FIN		= 0x01,		/* Start close down */
-
-	IP_DF		= 0x4000,	/* Don't fragment */
-
-	IP_TCPPROTO	= 6,
-	IP_ILPROTO	= 40,
-	IL_IPHDR	= 20,
-};
-
-struct Hdr
-{
-	uchar	buf[128];
-	Iphdr	*ip;
-	Tcphdr	*tcp;
-	int	len;
-};
-
-struct Tcpc
-{
-	uchar	lastrecv;
-	uchar	lastxmit;
-	uchar	basexmit;
-	uchar	err;
-	uchar	compressid;
-	Hdr	t[MAX_STATES];
-	Hdr	r[MAX_STATES];
-};
-
-enum
-{	/* flag bits for what changed in a packet */
-	NEW_U=(1<<0),	/* tcp only */
-	NEW_W=(1<<1),	/* tcp only */
-	NEW_A=(1<<2),	/* il tcp */
-	NEW_S=(1<<3),	/* tcp only */
-	NEW_P=(1<<4),	/* tcp only */
-	NEW_I=(1<<5),	/* il tcp */
-	NEW_C=(1<<6),	/* il tcp */
-	NEW_T=(1<<7),	/* il only */
-	TCP_PUSH_BIT	= 0x10,
-};
-
-/* reserved, special-case values of above for tcp */
-#define SPECIAL_I (NEW_S|NEW_W|NEW_U)		/* echoed interactive traffic */
-#define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U)	/* unidirectional data */
-#define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U)
-
-int
-encode(void *p, ulong n)
-{
-	uchar	*cp;
-
-	cp = p;
-	if(n >= 256 || n == 0) {
-		*cp++ = 0;
-		cp[0] = n >> 8;
-		cp[1] = n;
-		return 3;
-	} else 
-		*cp = n;
-	return 1;
-}
-
-#define DECODEL(f) { \
-	if (*cp == 0) {\
-		hnputl(f, nhgetl(f) + ((cp[1] << 8) | cp[2])); \
-		cp += 3; \
-	} else { \
-		hnputl(f, nhgetl(f) + (ulong)*cp++); \
-	} \
-}
-#define DECODES(f) { \
-	if (*cp == 0) {\
-		hnputs(f, nhgets(f) + ((cp[1] << 8) | cp[2])); \
-		cp += 3; \
-	} else { \
-		hnputs(f, nhgets(f) + (ulong)*cp++); \
-	} \
-}
-
-ushort
-tcpcompress(Tcpc *comp, Block *b, Fs *)
-{
-	Iphdr	*ip;		/* current packet */
-	Tcphdr	*tcp;		/* current pkt */
-	ulong 	iplen, tcplen, hlen;	/* header length in bytes */
-	ulong 	deltaS, deltaA;	/* general purpose temporaries */
-	ulong 	changes;	/* change mask */
-	uchar	new_seq[16];	/* changes from last to current */
-	uchar	*cp;
-	Hdr	*h;		/* last packet */
-	int 	i, j;
-
-	/*
-	 * Bail if this is not a compressible TCP/IP packet
-	 */
-	ip = (Iphdr*)b->rp;
-	iplen = (ip->vihl & 0xf) << 2;
-	tcp = (Tcphdr*)(b->rp + iplen);
-	tcplen = (tcp->flag[0] & 0xf0) >> 2;
-	hlen = iplen + tcplen;
-	if((tcp->flag[1] & (SYN|FIN|RST|ACK)) != ACK)
-		return Pip;	/* connection control */
-
-	/*
-	 * Packet is compressible, look for a connection
-	 */
-	changes = 0;
-	cp = new_seq;
-	j = comp->lastxmit;
-	h = &comp->t[j];
-	if(ip->src != h->ip->src || ip->dst != h->ip->dst
-	|| tcp->ports != h->tcp->ports) {
-		for(i = 0; i < MAX_STATES; ++i) {
-			j = (comp->basexmit + i) % MAX_STATES;
-			h = &comp->t[j];
-			if(ip->src == h->ip->src && ip->dst == h->ip->dst
-			&& tcp->ports == h->tcp->ports)
-				goto found;
-		}
-
-		/* no connection, reuse the oldest */
-		if(i == MAX_STATES) {
-			j = comp->basexmit;
-			j = (j + MAX_STATES - 1) % MAX_STATES;
-			comp->basexmit = j;
-			h = &comp->t[j];
-			goto raise;
-		}
-	}
-found:
-
-	/*
-	 * Make sure that only what we expect to change changed. 
-	 */
-	if(ip->vihl  != h->ip->vihl || ip->tos   != h->ip->tos ||
-	   ip->ttl   != h->ip->ttl  || ip->proto != h->ip->proto)
-		goto raise;	/* headers changed */
-	if(iplen != sizeof(Iphdr) && memcmp(ip+1, h->ip+1, iplen - sizeof(Iphdr)))
-		goto raise;	/* ip options changed */
-	if(tcplen != sizeof(Tcphdr) && memcmp(tcp+1, h->tcp+1, tcplen - sizeof(Tcphdr)))
-		goto raise;	/* tcp options changed */
-
-	if(tcp->flag[1] & URG) {
-		cp += encode(cp, nhgets(tcp->urg));
-		changes |= NEW_U;
-	} else if(memcmp(tcp->urg, h->tcp->urg, sizeof(tcp->urg)) != 0)
-		goto raise;
-	if(deltaS = nhgets(tcp->win) - nhgets(h->tcp->win)) {
-		cp += encode(cp, deltaS);
-		changes |= NEW_W;
-	}
-	if(deltaA = nhgetl(tcp->ack) - nhgetl(h->tcp->ack)) {
-		if(deltaA > 0xffff)
-			goto raise;
-		cp += encode(cp, deltaA);
-		changes |= NEW_A;
-	}
-	if(deltaS = nhgetl(tcp->seq) - nhgetl(h->tcp->seq)) {
-		if (deltaS > 0xffff)
-			goto raise;
-		cp += encode(cp, deltaS);
-		changes |= NEW_S;
-	}
-
-	/*
-	 * Look for the special-case encodings.
-	 */
-	switch(changes) {
-	case 0:
-		/*
-		 * Nothing changed. If this packet contains data and the last
-		 * one didn't, this is probably a data packet following an
-		 * ack (normal on an interactive connection) and we send it
-		 * compressed. Otherwise it's probably a retransmit,
-		 * retransmitted ack or window probe.  Send it uncompressed
-		 * in case the other side missed the compressed version.
-		 */
-		if(nhgets(ip->length) == nhgets(h->ip->length) ||
-		   nhgets(h->ip->length) != hlen)
-			goto raise;
-		break;
-	case SPECIAL_I:
-	case SPECIAL_D:
-		/*
-		 * Actual changes match one of our special case encodings --
-		 * send packet uncompressed.
-		 */
-		goto raise;
-	case NEW_S | NEW_A:
-		if (deltaS == deltaA &&
-			deltaS == nhgets(h->ip->length) - hlen) {
-			/* special case for echoed terminal traffic */
-			changes = SPECIAL_I;
-			cp = new_seq;
-		}
-		break;
-	case NEW_S:
-		if (deltaS == nhgets(h->ip->length) - hlen) {
-			/* special case for data xfer */
-			changes = SPECIAL_D;
-			cp = new_seq;
-		}
-		break;
-	}
-	deltaS = nhgets(ip->id) - nhgets(h->ip->id);
-	if(deltaS != 1) {
-		cp += encode(cp, deltaS);
-		changes |= NEW_I;
-	}
-	if (tcp->flag[1] & PSH)
-		changes |= TCP_PUSH_BIT;
-	/*
-	 * Grab the cksum before we overwrite it below. Then update our
-	 * state with this packet's header.
-	 */
-	deltaA = nhgets(tcp->cksum);
-	memmove(h->buf, b->rp, hlen);
-	h->len = hlen;
-	h->tcp = (Tcphdr*)(h->buf + iplen);
-
-	/*
-	 * We want to use the original packet as our compressed packet. (cp -
-	 * new_seq) is the number of bytes we need for compressed sequence
-	 * numbers. In addition we need one byte for the change mask, one
-	 * for the connection id and two for the tcp checksum. So, (cp -
-	 * new_seq) + 4 bytes of header are needed. hlen is how many bytes
-	 * of the original packet to toss so subtract the two to get the new
-	 * packet size. The temporaries are gross -egs.
-	 */
-	deltaS = cp - new_seq;
-	cp = b->rp;
-	if(comp->lastxmit != j || comp->compressid == 0) {
-		comp->lastxmit = j;
-		hlen -= deltaS + 4;
-		cp += hlen;
-		*cp++ = (changes | NEW_C);
-		*cp++ = j;
-	} else {
-		hlen -= deltaS + 3;
-		cp += hlen;
-		*cp++ = changes;
-	}
-	b->rp += hlen;
-	hnputs(cp, deltaA);
-	cp += 2;
-	memmove(cp, new_seq, deltaS);
-	return Pvjctcp;
-
-raise:
-	/*
-	 * Update connection state & send uncompressed packet
-	 */
-	memmove(h->buf, b->rp, hlen);
-	h->tcp = (Tcphdr*)(h->buf + iplen);
-	h->len = hlen;
-	h->ip->proto = j;
-	comp->lastxmit = j;
-	return Pvjutcp;
-}
-
-Block*
-tcpuncompress(Tcpc *comp, Block *b, ushort type, Fs *f)
-{
-	uchar	*cp, changes;
-	int	i;
-	int	iplen, len;
-	Iphdr	*ip;
-	Tcphdr	*tcp;
-	Hdr	*h;
-
-	if(type == Pvjutcp) {
-		/*
-		 *  Locate the saved state for this connection. If the state
-		 *  index is legal, clear the 'discard' flag.
-		 */
-		ip = (Iphdr*)b->rp;
-		if(ip->proto >= MAX_STATES)
-			goto raise;
-		iplen = (ip->vihl & 0xf) << 2;
-		tcp = (Tcphdr*)(b->rp + iplen);
-		comp->lastrecv = ip->proto;
-		len = iplen + ((tcp->flag[0] & 0xf0) >> 2);
-		comp->err = 0;
-netlog(f, Logcompress, "uncompressed %d\n", comp->lastrecv);
-		/*
-		 * Restore the IP protocol field then save a copy of this
-		 * packet header. The checksum is zeroed in the copy so we
-		 * don't have to zero it each time we process a compressed
-		 * packet.
-		 */
-		ip->proto = IP_TCPPROTO;
-		h = &comp->r[comp->lastrecv];
-		memmove(h->buf, b->rp, len);
-		h->tcp = (Tcphdr*)(h->buf + iplen);
-		h->len = len;
-		h->ip->cksum[0] = h->ip->cksum[1] = 0;
-		return b;
-	}
-
-	cp = b->rp;
-	changes = *cp++;
-	if(changes & NEW_C) {
-		/*
-		 * Make sure the state index is in range, then grab the
-		 * state. If we have a good state index, clear the 'discard'
-		 * flag.
-		 */
-		if(*cp >= MAX_STATES)
-			goto raise;
-		comp->err = 0;
-		comp->lastrecv = *cp++;
-netlog(f, Logcompress, "newc %d\n", comp->lastrecv);
-	} else {
-		/*
-		 * This packet has no state index. If we've had a
-		 * line error since the last time we got an explicit state
-		 * index, we have to toss the packet.
-		 */
-		if(comp->err != 0){
-			freeblist(b);
-			return nil;
-		}
-netlog(f, Logcompress, "oldc %d\n", comp->lastrecv);
-	}
-
-	/*
-	 * Find the state then fill in the TCP checksum and PUSH bit.
-	 */
-	h = &comp->r[comp->lastrecv];
-	ip = h->ip;
-	tcp = h->tcp;
-	len = h->len;
-	memmove(tcp->cksum, cp, sizeof tcp->cksum);
-	cp += 2;
-	if(changes & TCP_PUSH_BIT)
-		tcp->flag[1] |= PSH;
-	else
-		tcp->flag[1] &= ~PSH;
-	/*
-	 * Fix up the state's ack, seq, urg and win fields based on the
-	 * changemask.
-	 */
-	switch (changes & SPECIALS_MASK) {
-	case SPECIAL_I:
-		i = nhgets(ip->length) - len;
-		hnputl(tcp->ack, nhgetl(tcp->ack) + i);
-		hnputl(tcp->seq, nhgetl(tcp->seq) + i);
-		break;
-
-	case SPECIAL_D:
-		hnputl(tcp->seq, nhgetl(tcp->seq) + nhgets(ip->length) - len);
-		break;
-
-	default:
-		if(changes & NEW_U) {
-			tcp->flag[1] |= URG;
-			if(*cp == 0){
-				hnputs(tcp->urg, nhgets(cp+1));
-				cp += 3;
-			}else
-				hnputs(tcp->urg, *cp++);
-		} else
-			tcp->flag[1] &= ~URG;
-		if(changes & NEW_W)
-			DECODES(tcp->win)
-		if(changes & NEW_A)
-			DECODEL(tcp->ack)
-		if(changes & NEW_S)
-			DECODEL(tcp->seq)
-		break;
-	}
-
-	/* Update the IP ID */
-	if(changes & NEW_I)
-		DECODES(ip->id)
-	else
-		hnputs(ip->id, nhgets(ip->id) + 1);
-
-	/*
-	 *  At this point, cp points to the first byte of data in the packet.
-	 *  Back up cp by the TCP/IP header length to make room for the
-	 *  reconstructed header.
-	 *  We assume the packet we were handed has enough space to prepend
-	 *  up to 128 bytes of header.
-	 */
-	b->rp = cp;
-	if(b->rp - b->base < len){
-		b = padblock(b, len);
-		b = pullupblock(b, blocklen(b));
-	} else
-		b->rp -= len;
-	hnputs(ip->length, BLEN(b));
-	memmove(b->rp, ip, len);
-	
-	/* recompute the ip header checksum */
-	ip = (Iphdr*)b->rp;
-	hnputs(ip->cksum, ipcsum(b->rp));
-	return b;
-
-raise:
-	netlog(f, Logcompress, "Bad Packet!\n");
-	comp->err = 1;
-	freeblist(b);
-	return nil;
-}
-
-Tcpc*
-compress_init(Tcpc *c)
-{
-	int i;
-	Hdr *h;
-
-	if(c == nil){
-		c = malloc(sizeof(Tcpc));
-		if(c == nil)
-			return nil;
-	}
-	memset(c, 0, sizeof(*c));
-	for(i = 0; i < MAX_STATES; i++){
-		h = &c->t[i];
-		h->ip = (Iphdr*)h->buf;
-		h->tcp = (Tcphdr*)(h->buf + 10);
-		h->len = 20;
-		h = &c->r[i];
-		h->ip = (Iphdr*)h->buf;
-		h->tcp = (Tcphdr*)(h->buf + 10);
-		h->len = 20;
-	}
-
-	return c;
-}
-
-ushort
-compress(Tcpc *tcp, Block *b, Fs *f)
-{
-	Iphdr		*ip;
-
-	/*
-	 * Bail if this is not a compressible IP packet
-	 */
-	ip = (Iphdr*)b->rp;
-	if((nhgets(ip->frag) & 0x3fff) != 0)
-		return Pip;
-
-	switch(ip->proto) {
-	case IP_TCPPROTO:
-		return tcpcompress(tcp, b, f);
-	default:
-		return Pip;
-	}
-}
-
-int
-compress_negotiate(Tcpc *tcp, uchar *data)
-{
-	if(data[0] != MAX_STATES - 1)
-		return -1;
-	tcp->compressid = data[1];
-	return 0;
-}
diff -urN a/os/ip/devip.c b/os/ip/devip.c
--- a/os/ip/devip.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/devip.c	Sat Aug 21 01:39:52 2021
@@ -14,7 +14,6 @@
 	Qbootp,
 	Qndb,
 	Qiproute,
-	Qiprouter,
 	Qipselftab,
 	Qlog,
 
@@ -43,11 +42,11 @@
 	Maskproto=	(1<<Logproto)-1,
 	Shiftproto=	Logtype + Logconv,
 
-	Nfs=		32,
+	Nfs=		128,
 };
-#define TYPE(x) 	( ((u32)(x).path) & Masktype )
-#define CONV(x) 	( (((u32)(x).path) >> Shiftconv) & Maskconv )
-#define PROTO(x) 	( (((u32)(x).path) >> Shiftproto) & Maskproto )
+#define TYPE(x) 	( ((ulong)(x).path) & Masktype )
+#define CONV(x) 	( (((ulong)(x).path) >> Shiftconv) & Maskconv )
+#define PROTO(x) 	( (((ulong)(x).path) >> Shiftproto) & Maskproto )
 #define QID(p, c, y) 	( ((p)<<(Shiftproto)) | ((c)<<Shiftconv) | (y) )
 
 static char network[] = "network";
@@ -58,8 +57,7 @@
 
 extern	void nullmediumlink(void);
 extern	void pktmediumlink(void);
-static	long ndbwrite(Fs*, char*, ulong, int);
-extern void    closeconv(Conv*);
+	long ndbwrite(Fs *f, char *a, ulong off, int n);
 
 static int
 ip3gen(Chan *c, int i, Dir *dp)
@@ -121,7 +119,7 @@
 		mkqid(&q, QID(PROTO(c->qid), 0, Qstats), 0, QTFILE);
 		devdir(c, q, "stats", 0, network, 0444, dp);
 		return 1;
-	}	
+	}
 	return -1;
 }
 
@@ -144,11 +142,10 @@
 		return -1;
 	case Qarp:
 		p = "arp";
+		prot = 0664;
 		break;
 	case Qbootp:
 		p = "bootp";
-		if(bootp == nil)
-			return 0;
 		break;
 	case Qndb:
 		p = "ndb";
@@ -157,14 +154,12 @@
 		break;
 	case Qiproute:
 		p = "iproute";
+		prot = 0664;
 		break;
 	case Qipselftab:
 		p = "ipselftab";
 		prot = 0444;
 		break;
-	case Qiprouter:
-		p = "iprouter";
-		break;
 	case Qlog:
 		p = "log";
 		break;
@@ -188,7 +183,7 @@
 	case Qtopdir:
 		if(s == DEVDOTDOT){
 			mkqid(&q, QID(0, 0, Qtopdir), 0, QTDIR);
-			sprint(up->genbuf, "#I%ud", c->dev);
+			snprint(up->genbuf, sizeof up->genbuf, "#I%lud", c->dev);
 			devdir(c, q, up->genbuf, 0, network, 0555, dp);
 			return 1;
 		}
@@ -206,19 +201,18 @@
 	case Qndb:
 	case Qlog:
 	case Qiproute:
-	case Qiprouter:
 	case Qipselftab:
 		return ip1gen(c, TYPE(c->qid), dp);
 	case Qprotodir:
 		if(s == DEVDOTDOT){
 			mkqid(&q, QID(0, 0, Qtopdir), 0, QTDIR);
-			sprint(up->genbuf, "#I%ud", c->dev);
+			snprint(up->genbuf, sizeof up->genbuf, "#I%lud", c->dev);
 			devdir(c, q, up->genbuf, 0, network, 0555, dp);
 			return 1;
 		}
 		if(s < f->p[PROTO(c->qid)]->ac) {
 			cv = f->p[PROTO(c->qid)]->conv[s];
-			sprint(up->genbuf, "%d", s);
+			snprint(up->genbuf, sizeof up->genbuf, "%d", s);
 			mkqid(&q, QID(PROTO(c->qid), s, Qconvdir), 0, QTDIR);
 			devdir(c, q, up->genbuf, 0, cv->owner, 0555, dp);
 			return 1;
@@ -262,45 +256,14 @@
 	fmtinstall('M', eipfmt);
 }
 
-static Fs*
-ipgetfs(int dev)
-{
-	extern void (*ipprotoinit[])(Fs*);
-	Fs *f;
-	int i;
-
-	if(dev >= Nfs)
-		return nil;
-
-	qlock(&fslock);
-	if(ipfs[dev] == nil){
-		f = smalloc(sizeof(Fs));
-		ip_init(f);
-		arpinit(f);
-		netloginit(f);
-		for(i = 0; ipprotoinit[i]; i++)
-			ipprotoinit[i](f);
-		f->dev = dev;
-		ipfs[dev] = f;
-	}
-	qunlock(&fslock);
-
-	return ipfs[dev];
-}
-
 IPaux*
 newipaux(char *owner, char *tag)
 {
 	IPaux *a;
-	int n;
 
 	a = smalloc(sizeof(*a));
 	kstrdup(&a->owner, owner);
-	memset(a->tag, ' ', sizeof(a->tag));
-	n = strlen(tag);
-	if(n > sizeof(a->tag))
-		n = sizeof(a->tag);
-	memmove(a->tag, tag, n);
+	strncpy(a->tag, tag, sizeof(a->tag));
 	return a;
 }
 
@@ -310,13 +273,29 @@
 ipattach(char* spec)
 {
 	Chan *c;
-	int dev;
+	ulong dev;
 
-	dev = atoi(spec);
+	dev = strtoul(spec, nil, 10);
 	if(dev >= Nfs)
-		error("bad specification");
+		error(Enodev);
+
+	qlock(&fslock);
+	if(ipfs[dev] == nil){
+		extern void (*ipprotoinit[])(Fs*);
+		Fs *f;
+		int i;
+
+		f = smalloc(sizeof(Fs));
+		ip_init(f);
+		arpinit(f);
+		netloginit(f);
+		for(i = 0; ipprotoinit[i]; i++)
+			ipprotoinit[i](f);
+		f->dev = dev;
+		ipfs[dev] = f;
+	}
+	qunlock(&fslock);
 
-	ipgetfs(dev);
 	c = devattach('I', spec);
 	mkqid(&c->qid, QID(0, 0, Qtopdir), 0, QTDIR);
 	c->dev = dev;
@@ -327,7 +306,7 @@
 }
 
 static Walkqid*
-ipwalk(Chan* c, Chan *nc, char **name, s32 nname)
+ipwalk(Chan* c, Chan *nc, char **name, int nname)
 {
 	IPaux *a = c->aux;
 	Walkqid* w;
@@ -338,8 +317,9 @@
 	return w;
 }
 
-static s32
-ipstat(Chan* c, uchar* db, s32 n)
+
+static int
+ipstat(Chan* c, uchar* db, int n)
 {
 	return devstat(c, db, n, nil, 0, ipgen);
 }
@@ -360,7 +340,7 @@
 };
 
 static Chan*
-ipopen(Chan* c, u32 omode)
+ipopen(Chan* c, int omode)
 {
 	Conv *cv, *nc;
 	Proto *p;
@@ -375,7 +355,7 @@
 	default:
 		break;
 	case Qndb:
-		if(omode & (OWRITE|OTRUNC) && !iseve())
+		if((omode & (OWRITE|OTRUNC)) != 0 && !iseve())
 			error(Eperm);
 		if((omode & (OWRITE|OTRUNC)) == (OWRITE|OTRUNC))
 			f->ndb[0] = 0;
@@ -383,10 +363,10 @@
 	case Qlog:
 		netlogopen(f);
 		break;
-	case Qiprouter:
-		iprouteropen(f);
-		break;
 	case Qiproute:
+	case Qarp:
+		if(omode != OREAD && !iseve())
+			error(Eperm);
 		break;
 	case Qtopdir:
 	case Qprotodir:
@@ -412,13 +392,8 @@
 	case Qclone:
 		p = f->p[PROTO(c->qid)];
 		qlock(p);
-		if(waserror()){
-			qunlock(p);
-			nexterror();
-		}
 		cv = Fsprotoclone(p, ATTACHER(c));
 		qunlock(p);
-		poperror();
 		if(cv == nil) {
 			error(Enodev);
 			break;
@@ -437,15 +412,12 @@
 			qunlock(p);
 			nexterror();
 		}
-		if((perm & (cv->perm>>6)) != perm) {
-			if(strcmp(ATTACHER(c), cv->owner) != 0)
-				error(Eperm);
-		 	if((perm & cv->perm) != perm)
-				error(Eperm); 
+		if(strcmp(ATTACHER(c), cv->owner) == 0)
+			perm <<= 6;
+		if((perm & cv->perm) != perm && !iseve())
+			error(Eperm);
 
-		}
-		cv->inuse++;
-		if(cv->inuse == 1){
+		if(++cv->inuse == 1){
 			kstrdup(&cv->owner, ATTACHER(c));
 			cv->perm = 0660;
 		}
@@ -455,24 +427,26 @@
 		break;
 	case Qlisten:
 		cv = f->p[PROTO(c->qid)]->conv[CONV(c->qid)];
-		if((perm & (cv->perm>>6)) != perm) {
-			if(strcmp(ATTACHER(c), cv->owner) != 0)
-				error(Eperm);
-		 	if((perm & cv->perm) != perm)
-				error(Eperm); 
-
+		qlock(cv);
+		if(waserror()){
+			qunlock(cv);
+			nexterror();
 		}
+		if(strcmp(ATTACHER(c), cv->owner) == 0)
+			perm <<= 6;
+		if((perm & cv->perm) != perm && !iseve())
+			error(Eperm);
 
 		if(cv->state != Announced)
 			error("not announced");
 
+		cv->inuse++;
+		qunlock(cv);
+		poperror();
 		if(waserror()){
 			closeconv(cv);
 			nexterror();
 		}
-		qlock(cv);
-		cv->inuse++;
-		qunlock(cv);
 
 		nc = nil;
 		while(nc == nil) {
@@ -494,7 +468,6 @@
 			if(nc != nil){
 				cv->incall = nc->next;
 				mkqid(&c->qid, QID(PROTO(c->qid), nc->x, Qctl), 0, QTFILE);
-				kstrdup(&cv->owner, ATTACHER(c));
 			}
 			qunlock(cv);
 
@@ -511,13 +484,25 @@
 	return c;
 }
 
-static s32
-ipwstat(Chan *c, uchar *dp, s32 n)
+static Chan*
+ipcreate(Chan*, char*, int, ulong)
+{
+	error(Eperm);
+	return 0;
+}
+
+static void
+ipremove(Chan*)
 {
-	Dir *d;
+	error(Eperm);
+}
+
+static int
+ipwstat(Chan *c, uchar *dp, int n)
+{
+	Dir *dir;
 	Conv *cv;
 	Fs *f;
-	Proto *p;
 
 	f = ipfs[c->dev];
 	switch(TYPE(c->qid)) {
@@ -529,28 +514,40 @@
 		break;
 	}
 
-	d = smalloc(sizeof(*d)+n);
+	dir = smalloc(sizeof(Dir)+n);
 	if(waserror()){
-		free(d);
+		free(dir);
 		nexterror();
 	}
-	n = convM2D(dp, n, d, (char*)&d[1]);
+	n = convM2D(dp, n, &dir[0], (char*)&dir[1]);
 	if(n == 0)
 		error(Eshortstat);
-	p = f->p[PROTO(c->qid)];
-	cv = p->conv[CONV(c->qid)];
-	if(!iseve() && strcmp(ATTACHER(c), cv->owner) != 0)
+
+	cv = f->p[PROTO(c->qid)]->conv[CONV(c->qid)];
+	qlock(cv);
+	if(waserror()){
+		qunlock(cv);
+		nexterror();
+	}
+	if(strcmp(ATTACHER(c), cv->owner) != 0 && !iseve())
 		error(Eperm);
-	if(!emptystr(d->uid))
-		kstrdup(&cv->owner, d->uid);
-	if(d->mode != ~0UL)
-		cv->perm = d->mode & 0777;
+	if(!emptystr(dir->uid)){
+		if(strcmp(dir->uid, commonuser()) != 0 && !iseve())
+			error(Eperm);
+		kstrdup(&cv->owner, dir->uid);
+	}
+	if(dir->mode != ~0UL)
+		cv->perm = dir->mode & 0666;
+	qunlock(cv);
 	poperror();
-	free(d);
+
+	free(dir);
+	poperror();
+
 	return n;
 }
 
-extern void
+void
 closeconv(Conv *cv)
 {
 	Conv *nc;
@@ -564,7 +561,7 @@
 	}
 
 	/* close all incoming calls since no listen will ever happen */
-	for(nc = cv->incall; nc; nc = cv->incall){
+	for(nc = cv->incall; nc != nil; nc = cv->incall){
 		cv->incall = nc->next;
 		closeconv(nc);
 	}
@@ -576,9 +573,9 @@
 	while((mp = cv->multi) != nil)
 		ipifcremmulti(cv, mp->ma, mp->ia);
 
-	cv->r = nil;
-	cv->rgen = 0;
-	cv->p->close(cv);
+	if(cv->p->close != nil)
+		(*cv->p->close)(cv);
+
 	cv->state = Idle;
 	qunlock(cv);
 }
@@ -596,10 +593,6 @@
 		if(c->flag & COPEN)
 			netlogclose(f);
 		break;
-	case Qiprouter:
-		if(c->flag & COPEN)
-			iprouterclose(f);
-		break;
 	case Qdata:
 	case Qctl:
 	case Qerr:
@@ -620,13 +613,13 @@
 	Statelen=	32*1024,
 };
 
-static s32
-ipread(Chan *ch, void *a, s32 n, s64 off)
+static long
+ipread(Chan *ch, void *a, long n, vlong off)
 {
 	Conv *c;
 	Proto *x;
 	char *buf, *p;
-	s32 rv;
+	long rv;
 	Fs *f;
 	ulong offset = off;
 
@@ -648,21 +641,22 @@
 		return readstr(offset, a, n, f->ndb);
 	case Qiproute:
 		return routeread(f, a, offset, n);
-	case Qiprouter:
-		return iprouterread(f, a, n);
 	case Qipselftab:
 		return ipselftabread(f, a, offset, n);
 	case Qlog:
 		return netlogread(f, a, offset, n);
 	case Qctl:
-		sprint(up->genbuf, "%ud", CONV(ch->qid));
-		return readstr(offset, p, n, up->genbuf);
+		buf = smalloc(16);
+		snprint(buf, 16, "%lud", CONV(ch->qid));
+		rv = readstr(offset, p, n, buf);
+		free(buf);
+		return rv;
 	case Qremote:
 		buf = smalloc(Statelen);
 		x = f->p[PROTO(ch->qid)];
 		c = x->conv[CONV(ch->qid)];
 		if(x->remote == nil) {
-			sprint(buf, "%I!%d\n", c->raddr, c->rport);
+			snprint(buf, Statelen, "%I!%d\n", c->raddr, c->rport);
 		} else {
 			(*x->remote)(c, buf, Statelen-2);
 		}
@@ -674,7 +668,7 @@
 		x = f->p[PROTO(ch->qid)];
 		c = x->conv[CONV(ch->qid)];
 		if(x->local == nil) {
-			sprint(buf, "%I!%d\n", c->laddr, c->lport);
+			snprint(buf, Statelen, "%I!%d\n", c->laddr, c->lport);
 		} else {
 			(*x->local)(c, buf, Statelen-2);
 		}
@@ -711,7 +705,7 @@
 }
 
 static Block*
-ipbread(Chan* ch, s32 n, u32 offset)
+ipbread(Chan* ch, long n, ulong offset)
 {
 	Conv *c;
 	Proto *x;
@@ -740,7 +734,7 @@
 /*
  *  set a local port making sure the quad of raddr,rport,laddr,lport is unique
  */
-static char*
+char*
 setluniqueport(Conv* c, int lport)
 {
 	Proto *p;
@@ -771,58 +765,70 @@
 }
 
 /*
+ * is lport in use by anyone?
+ */
+static int
+lportinuse(Proto *p, ushort lport)
+{
+	int x;
+
+	for(x = 0; x < p->nc && p->conv[x]; x++)
+		if(p->conv[x]->lport == lport)
+			return 1;
+	return 0;
+}
+
+/*
  *  pick a local port and set it
  */
-extern void
+char *
 setlport(Conv* c)
 {
 	Proto *p;
-	ushort *pp;
-	int x, found;
+	int i, port;
 
 	p = c->p;
-	if(c->restricted)
-		pp = &p->nextrport;
-	else
-		pp = &p->nextport;
 	qlock(p);
-	for(;;(*pp)++){
+	if(c->restricted){
+		/* Restricted ports cycle between 600 and 1024. */
+		for(i=0; i<1024-600; i++){
+			if(p->nextrport >= 1024 || p->nextrport < 600)
+				p->nextrport = 600;
+			port = p->nextrport++;
+			if(!lportinuse(p, port))
+				goto chosen;
+		}
+	}else{
 		/*
-		 * Fsproto initialises p->nextport to 0 and the restricted
-		 * ports (p->nextrport) to 600.
-		 * Restricted ports must lie between 600 and 1024.
-		 * For the initial condition or if the unrestricted port number
-		 * has wrapped round, select a random port between 5000 and 1<<15
-		 * to start at.
+		 * Unrestricted ports are chosen randomly
+		 * between 2^15 and 2^16.  There are at most
+		 * 4*Nchan = 4096 ports in use at any given time,
+		 * so even in the worst case, a random probe has a
+		 * 1 - 4096/2^15 = 87% chance of success.
+		 * If 64 successive probes fail, there is a bug somewhere
+		 * (or a once in 10^58 event has happened, but that's
+		 * less likely than a venti collision).
 		 */
-		if(c->restricted){
-			if(*pp >= 1024)
-				*pp = 600;
-		}
-		else while(*pp < 5000)
-			*pp = nrand(1<<15);
-
-		found = 0;
-		for(x = 0; x < p->nc; x++){
-			if(p->conv[x] == nil)
-				break;
-			if(p->conv[x]->lport == *pp){
-				found = 1;
-				break;
-			}
+		for(i=0; i<64; i++){
+			port = (1<<15) + nrand(1<<15);
+			if(!lportinuse(p, port))
+				goto chosen;
 		}
-		if(found == 0)
-			break;
 	}
-	c->lport = (*pp)++;
 	qunlock(p);
+	return "no ports available";
+
+chosen:
+	c->lport = port;
+	qunlock(p);
+	return nil;
 }
 
 /*
  *  set a local address and port from a string of the form
  *	[address!]port[!r]
  */
-static char*
+char*
 setladdrport(Conv* c, char* str, int announcing)
 {
 	char *p;
@@ -830,8 +836,6 @@
 	ushort lport;
 	uchar addr[IPaddrlen];
 
-	rv = nil;
-
 	/*
 	 *  ignore restricted part if it exists.  it's
 	 *  meaningless on local ports.
@@ -854,8 +858,9 @@
 		if(strcmp(str, "*") == 0)
 			ipmove(c->laddr, IPnoaddr);
 		else {
-			parseip(addr, str);
-			if(ipforme(c->p->f, addr))
+			if(parseip(addr, str) == -1)
+				return Ebadip;
+			if(ipforme(c->p->f, addr) != 0 || ipismulticast(addr))
 				ipmove(c->laddr, addr);
 			else
 				return "not a local IP address";
@@ -869,9 +874,13 @@
 		return setluniqueport(c, 0);
 	}
 
-	lport = atoi(p);
+	str = p;
+	lport = strtol(str, &p, 10);
+	if(p <= str || strchr("!", *p) == nil)
+		return "bad numeric port";
+
 	if(lport <= 0)
-		setlport(c);
+		rv = setlport(c);
 	else
 		rv = setluniqueport(c, lport);
 	return rv;
@@ -886,13 +895,17 @@
 	if(p == nil)
 		return "malformed address";
 	*p++ = 0;
-	parseip(c->raddr, str);
-	c->rport = atoi(p);
-	p = strchr(p, '!');
-	if(p){
-		if(strstr(p, "!r") != nil)
-			c->restricted = 1;
-	}
+	if(parseip(c->raddr, str) == -1)
+		return Ebadip;
+
+	str = p;
+	c->rport = strtol(str, &p, 10);
+	if(p <= str || strchr("!", *p) == nil)
+		return "bad numeric port";
+
+	if(strstr(p, "!r") != nil)
+		c->restricted = 1;
+
 	return nil;
 }
 
@@ -912,7 +925,9 @@
 		if(p != nil)
 			return p;
 		setladdr(c);
-		setlport(c);
+		p = setlport(c);
+		if (p != nil)
+			return p;
 		break;
 	case 3:
 		p = setraddrport(c, argv[1]);
@@ -923,12 +938,7 @@
 			return p;
 	}
 
-	if((memcmp(c->raddr, v4prefix, IPv4off) == 0 &&
-		memcmp(c->laddr, v4prefix, IPv4off) == 0)
-		|| ipcmp(c->raddr, IPnoaddr) == 0)
-		c->ipversion = V4;
-	else
-		c->ipversion = V6;
+	c->ipversion = convipvers(c);
 
 	return nil;
 }
@@ -978,10 +988,11 @@
 	c->rport = 0;
 	switch(argc){
 	default:
-		return "bad args to announce";
+		break;
 	case 2:
 		return setladdrport(c, argv[1], 1);
 	}
+	return "bad args to announce";
 }
 
 /*
@@ -1028,10 +1039,11 @@
 {
 	switch(argc){
 	default:
-		return "bad args to bind";
+		break;
 	case 2:
 		return setladdrport(c, argv[1], 0);
 	}
+	return "bad args to bind";
 }
 
 static void
@@ -1042,7 +1054,7 @@
 	if(x->bind == nil)
 		p = Fsstdbind(c, cb->f, cb->nf);
 	else
-		p = x->bind(c, cb->f, cb->nf);
+		p = (*x->bind)(c, cb->f, cb->nf);
 	if(p != nil)
 		error(p);
 }
@@ -1065,8 +1077,8 @@
 		c->ttl = atoi(cb->f[1]);
 }
 
-static s32
-ipwrite(Chan* ch, void *v, s32 n, s64 off)
+static long
+ipwrite(Chan* ch, void *v, long n, vlong off)
 {
 	Conv *c;
 	Proto *x;
@@ -1075,6 +1087,7 @@
 	uchar ia[IPaddrlen], ma[IPaddrlen];
 	Fs *f;
 	char *a;
+	ulong offset = off;
 
 	a = v;
 	f = ipfs[ch->dev];
@@ -1099,7 +1112,8 @@
 		netlogctl(f, a, n);
 		return n;
 	case Qndb:
-		return ndbwrite(f, a, off, n);
+		return ndbwrite(f, a, offset, n);
+		break;
 	case Qctl:
 		x = f->p[PROTO(ch->qid)];
 		c = x->conv[CONV(ch->qid)];
@@ -1131,13 +1145,15 @@
 			if(cb->nf == 2){
 				if(!ipismulticast(c->raddr))
 					error("addmulti for a non multicast address");
-				parseip(ia, cb->f[1]);
+				if (parseip(ia, cb->f[1]) == -1)
+					error(Ebadip);
 				ipifcaddmulti(c, c->raddr, ia);
 			} else {
-				parseip(ma, cb->f[2]);
+				if (parseip(ia, cb->f[1]) == -1 ||
+				    parseip(ma, cb->f[2]) == -1)
+					error(Ebadip);
 				if(!ipismulticast(ma))
 					error("addmulti for a non multicast address");
-				parseip(ia, cb->f[1]);
 				ipifcaddmulti(c, ma, ia);
 			}
 		} else if(strcmp(cb->f[0], "remmulti") == 0){
@@ -1145,10 +1161,11 @@
 				error("remmulti needs interface address");
 			if(!ipismulticast(c->raddr))
 				error("remmulti for a non multicast address");
-			parseip(ia, cb->f[1]);
+			if (parseip(ia, cb->f[1]) == -1)
+				error(Ebadip);
 			ipifcremmulti(c, c->raddr, ia);
 		} else if(x->ctl != nil) {
-			p = x->ctl(c, cb->f, cb->nf);
+			p = (*x->ctl)(c, cb->f, cb->nf);
 			if(p != nil)
 				error(p);
 		} else
@@ -1160,13 +1177,12 @@
 	return n;
 }
 
-static s32
-ipbwrite(Chan* ch, Block* bp, u32 offset)
+static long
+ipbwrite(Chan* ch, Block* bp, ulong offset)
 {
 	Conv *c;
 	Proto *x;
 	Fs *f;
-	int n;
 
 	switch(TYPE(ch->qid)){
 	case Qdata:
@@ -1177,11 +1193,7 @@
 		if(c->wq == nil)
 			error(Eperm);
 
-		if(bp->next)
-			bp = concatblock(bp);
-		n = BLEN(bp);
-		qbwrite(c->wq, bp);
-		return n;
+		return qbwrite(c->wq, bp);
 	default:
 		return devbwrite(ch, bp, offset);
 	}
@@ -1198,13 +1210,13 @@
 	ipwalk,
 	ipstat,
 	ipopen,
-	devcreate,
+	ipcreate,
 	ipclose,
 	ipread,
 	ipbread,
 	ipwrite,
 	ipbwrite,
-	devremove,
+	ipremove,
 	ipwstat,
 };
 
@@ -1224,12 +1236,15 @@
 
 	p->qid.type = QTDIR;
 	p->qid.path = QID(f->np, 0, Qprotodir);
+	if(p->nc > Maskconv+1){
+		print("Fsproto: %s nc %d > %d\n", p->name, p->nc, Maskconv+1);
+		p->nc = Maskconv+1;
+	}
 	p->conv = malloc(sizeof(Conv*)*(p->nc+1));
 	if(p->conv == nil)
 		panic("Fsproto");
 
 	p->x = f->np;
-	p->nextport = 0;
 	p->nextrport = 600;
 	f->p[f->np++] = p;
 
@@ -1262,21 +1277,33 @@
 		if(c == nil){
 			c = malloc(sizeof(Conv));
 			if(c == nil)
-				error(Enomem);
-			qlock(c);
+				return nil;
+			if(waserror()){
+				qfree(c->rq);
+				qfree(c->wq);
+				qfree(c->eq);
+				qfree(c->sq);
+				free(c->ptcl);
+				free(c);
+				return nil;
+			}
 			c->p = p;
 			c->x = pp - p->conv;
 			if(p->ptclsize != 0){
 				c->ptcl = malloc(p->ptclsize);
-				if(c->ptcl == nil) {
-					free(c);
+				if(c->ptcl == nil)
 					error(Enomem);
-				}
 			}
-			*pp = c;
-			p->ac++;
 			c->eq = qopen(1024, Qmsg, 0, 0);
+			if(c->eq == nil)
+				error(Enomem);
 			(*p->create)(c);
+			if(c->rq == nil || c->wq == nil)
+				error(Enomem);
+			poperror();
+			qlock(c);
+			*pp = c;
+			p->ac++;
 			break;
 		}
 		if(canqlock(c)){
@@ -1291,8 +1318,11 @@
 		}
 	}
 	if(pp >= ep) {
-		if(p->gc != nil && (*p->gc)(p))
-			goto retry;
+		if(p->gc != nil){
+			print("Fsprotoclone: garbage collecting %s Convs\n", p->name);
+			if((*p->gc)(p))
+				goto retry;
+		}
 		return nil;
 	}
 
@@ -1307,8 +1337,9 @@
 	c->lport = 0;
 	c->rport = 0;
 	c->restricted = 0;
+	c->ignoreadvice = 0;
 	c->ttl = MAXTTL;
-	c->tos = DFLTTOS;
+	c->tos = 0;
 	qreopen(c->rq);
 	qreopen(c->wq);
 	qreopen(c->eq);
@@ -1321,7 +1352,7 @@
 Fsconnected(Conv* c, char* msg)
 {
 	if(msg != nil && *msg != '\0')
-		kstrcpy(c->cerr, msg, sizeof(c->cerr));
+		strncpy(c->cerr, msg, ERRMAX-1);
 
 	switch(c->state){
 
@@ -1368,12 +1399,19 @@
 	for(l = &c->incall; *l; l = &(*l)->next)
 		i++;
 	if(i >= Maxincall) {
+		static int beenhere;
+
 		qunlock(c);
+		if (!beenhere) {
+			beenhere = 1;
+			print("Fsnewcall: incall queue full (%d) on port %d\n",
+				i, c->lport);
+		}
 		return nil;
 	}
 
 	/* find a free conversation */
-	nc = Fsprotoclone(c->p, network);
+	nc = Fsprotoclone(c->p, c->owner);
 	if(nc == nil) {
 		qunlock(c);
 		return nil;
@@ -1394,12 +1432,12 @@
 	return nc;
 }
 
-static long
+long
 ndbwrite(Fs *f, char *a, ulong off, int n)
 {
 	if(off > strlen(f->ndb))
 		error(Eio);
-	if(off+n >= sizeof(f->ndb)-1)
+	if(off+n >= sizeof(f->ndb))
 		error(Eio);
 	memmove(f->ndb+off, a, n);
 	f->ndb[off+n] = 0;
@@ -1411,7 +1449,7 @@
 ulong
 scalednconv(void)
 {
-	if(conf.npage*BY2PG >= 128*MB)
+	if(cpuserver && conf.npage*BY2PG >= 128*MB)
 		return Nchans*4;
 	return Nchans;
 }
diff -urN a/os/ip/dhcp.c b/os/ip/dhcp.c
--- a/os/ip/dhcp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/dhcp.c	Wed Dec 31 19:00:00 1969
@@ -1,447 +0,0 @@
-#include "u.h"
-#include "../port/lib.h"
-#include "mem.h"
-#include "dat.h"
-#include "fns.h"
-#include "../port/error.h"
-#include "kernel.h"
-#include "ip.h"
-#include "ppp.h"
-
-Ipaddr pppdns[2];
-
-static	ulong	fsip;
-static	ulong	auip;
-static	ulong	gwip;
-static	ulong	ipmask;
-static	ulong	ipaddr;
-static	ulong	dns1ip;
-static	ulong	dns2ip;
-
-int		dhcpmsgtype;
-int		debug=0;
-enum
-{
-	Bootrequest = 1,
-	Bootreply   = 2,
-};
-
-typedef struct Bootp
-{
-	/* udp.c oldheader */
-	uchar	raddr[IPaddrlen];
-	uchar	laddr[IPaddrlen];
-	uchar	rport[2];
-	uchar	lport[2];
-	/* bootp itself */
-	uchar	op;			/* opcode */
-	uchar	htype;		/* hardware type */
-	uchar	hlen;			/* hardware address len */
-	uchar	hops;		/* hops */
-	uchar	xid[4];		/* a random number */
-	uchar	secs[2];		/* elapsed snce client started booting */
-	uchar	flags[2];		/* flags */
-	uchar	ciaddr[4];		/* client IP address (client tells server) */
-	uchar	yiaddr[4];		/* client IP address (server tells client) */
-	uchar	siaddr[4];		/* server IP address */
-	uchar	giaddr[4];		/* gateway IP address */
-	uchar	chaddr[16];	/* client hardware address */
-	uchar	sname[64];	/* server host name (optional) */
-	uchar	file[128];		/* boot file name */
-	uchar	vend[128];	/* vendor-specific goo 340 */
-} Bootp;
-
-static	Bootp	req;
-static	Proc*	rcvprocp;
-static	int	recv;
-static	int	done;
-static	Rendez	bootpr;
-static	char	rcvbuf[512+2*IPaddrlen+2*2];	  /* 576 */
-static	uchar sid[4];
-static	ulong iplease;
-
-/*
- * bootp returns:
- *
- * "fsip d.d.d.d
- * auip d.d.d.d
- * gwip d.d.d.d
- * ipmask d.d.d.d
- * ipaddr d.d.d.d
- * dns1ip	d.d.d.d
- * dns2ip	d.d.d.d
- *
- * where d.d.d.d is the IP address in dotted decimal notation, and each
- * address is followed by a newline.
-	Last change:  SUN  13 Sep 2001    4:36 pm
- */
-
-/*
- * Parse the vendor specific fields according to RFC 1084.
- * We are overloading the "cookie server" to be the Inferno 
- * authentication server and the "resource location server"
- * to be the Inferno file server.
- *
- * If the vendor specific field is formatted properly, it
- * will being with the four bytes 99.130.83.99 and end with
- * an 0xFF byte.
- */
-static int
-parsevend(uchar* pvend)
-{	
-	uchar *vend=pvend;
-	int dhcpmsg=0;
-	/* The field must start with 99.130.83.99 to be compliant */
-	if ((vend[0] != 99) || (vend[1] != 130) || (vend[2] != 83) || (vend[3] != 99)){
-		print("bad bootp vendor field: %.2x%.2x%.2x%.2x", vend[0], vend[1], vend[2], vend[3]);
-		return -1;
-	}
-
-	/* Skip over the magic cookie */
-	vend += 4;
-
-	while ((vend[0] != 0) && (vend[0] != 0xFF)) {
-		int i;
-//	
-		if(debug){
-			print(">>>Opt[%d] [%d]", vend[0], vend[1]);
-			for(i=0; i<vend[1]; i++)
-				print(" %2.2x", vend[i+2]);
-			print("\n");
-		}
-//
-		switch (vend[0]) {
-		case 1:	/* Subnet mask field */
-			/* There must be only one subnet mask */
-			if (vend[1] == 4)
-				ipmask = (vend[2]<<24)|(vend[3]<<16)| (vend[4]<<8)| vend[5];
-			else{ 
-				return -1;
-			}
-			break;
-
-		case 3:	/* Gateway/router field */
-			/* We are only concerned with first address */
-			if (vend[1] >0 && vend[1]%4==0)
-				gwip = (vend[2]<<24)|(vend[3]<<16)|(vend[4]<<8)|vend[5];
-			else 
-				return -1;
-			break;
-		case 6:	/* domain name server */
-			if(vend[1]>0 && vend[1] %4==0){
-				dns1ip=(vend[2]<<24)|(vend[3]<<16)|(vend[4]<<8)|vend[5];
-				if(vend[1]>4)
-					dns2ip=(vend[6]<<24)|(vend[7]<<16)|(vend[8]<<8)|vend[9];
-			}else
-				return -1;
-			break;
-
-		case 8:	/* "Cookie server" (auth server) field */
-			/* We are only concerned with first address */
-			if (vend[1] > 0 && vend[1]%4==0)
-				auip = (vend[2]<<24)|(vend[3]<<16)|(vend[4]<<8)|vend[5];
-			else
-				return -1;
-			break;
-
-		case 11:	/* "Resource loc server" (file server) field */
-			/* We are only concerned with first address */
-			if (vend[1] > 0 && vend[1]%4==0)
-				fsip = (vend[2]<<24)| (vend[3]<<16)| (vend[4]<<8)| vend[5];
-			else
-				return -1;
-			break;
-		case 51:	/* ip lease time */
-			if(vend[1]==4){
-				iplease=(vend[2]<<24)|(vend[3]<<16)|(vend[4]<<8)|vend[5];
-			}else
-				return -1;
-			break;
-		case 53:	/* DHCP message type */
-			if(vend[1]==1)
-				dhcpmsg=vend[2];
-			else
-				return -1;
-			break;
-		case 54:	/* server identifier */
-			if(vend[1]==4){
-				memmove(sid, vend+2, 4);
-			}else
-				return -1;
-			break;
-
-		default:	/* Everything else stops us */
-			break;
-		}
-
-		/* Skip over the field */
-		vend += vend[1] + 2;
-	}
-	if(debug)
-		print(">>>Opt[%d] [%d]\n", vend[0], vend[1]);
-	return dhcpmsg;
-}
-
-static void
-dispvend(uchar* pvend)
-{	
-	uchar *vend=pvend;
-
-	//print("<<<Magic : %2.2x%2.2x%2.2x%2.2x\n", vend[0], vend[1], vend[2], vend[3]);
-	
-	vend += 4;		/* Skip over the magic cookie */
-	while ((vend[0] != 0) && (vend[0] != 0xFF)) {
-	//	int i;
-	  //	print("<<<Opt[%d] [%d]", vend[0], vend[1]);
-		//for(i=0; i<vend[1]; i++)
-		//	print(" %2.2x", vend[i+2]);
-		//print("\n");
-	
-		vend += vend[1] + 2;
-	}
-	//print("<<<Opt[ %2.2x] [%2.2x]\n", vend[0], vend[1]);
-}
-
-static void
-rcvbootp(void *a)
-{
-	int n, fd, dhcp;
-	Bootp *rp;
-
-	if(waserror())
-		pexit("", 0);
-	rcvprocp = up;	/* store for postnote below */
-	fd = (int)a;
-	while(done == 0) {
-		if(debug)
-			print("rcvbootp:looping\n");
-
-		n = kread(fd, rcvbuf, sizeof(rcvbuf));
-		if(n <= 0)
-			break;
-		rp = (Bootp*)rcvbuf;
-		if (memcmp(req.chaddr, rp->chaddr, 6) == 0 && rp->htype == 1 && rp->hlen == 6) {
-			ipaddr = (rp->yiaddr[0]<<24)| (rp->yiaddr[1]<<16)| (rp->yiaddr[2]<<8)| rp->yiaddr[3];
-			if(debug)
-				print("ipaddr = %2.2x %2.2x %2.2x %2.2x \n", rp->yiaddr[0], rp->yiaddr[1], rp->yiaddr[2], rp->yiaddr[3]);
-			//memmove(req.siaddr, rp->siaddr, 4);	/* siaddr */
-			dhcp = parsevend(rp->vend);
-	
-			if(dhcpmsgtype < dhcp){
-				dhcpmsgtype=dhcp;
-				recv = 1;
-				wakeup(&bootpr);
-				if(dhcp==0 || dhcp ==5 || dhcp == 6 )
-					break;
-			}
-		}
-	}
-	poperror();
-	rcvprocp = nil;
-
-	if(debug)
-		print("rcvbootp exit\n");
-	pexit("", 0);
-}
-
-static char*
-rbootp(Ipifc *ifc)
-{
-	int cfd, dfd, tries, n;
-	char ia[5+3*16], im[16], *av[3];
-	uchar nipaddr[4], ngwip[4], nipmask[4];
-	char dir[Maxpath];
-	static uchar vend_rfc1048[] = { 99, 130, 83, 99 };
-	uchar *vend;
-
-	/*
-	 * broadcast bootp's till we get a reply,
-	 * or fixed number of tries
-	 */
-	if(debug)
-	    print("dhcp: bootp() called\n");
-	tries = 0;
-	av[1] = "0.0.0.0";
-	av[2] = "0.0.0.0";
-	ipifcadd(ifc, av, 3, 0, nil);
-
-	cfd = kannounce("udp!*!68", dir);
-	if(cfd < 0)
-		return "dhcp announce failed";
-	strcat(dir, "/data");
-	if(kwrite(cfd, "headers", 7) < 0){
-		kclose(cfd);
-		return "dhcp ctl headers failed";
-	}
-	kwrite(cfd, "oldheaders", 10);
-	dfd = kopen(dir, ORDWR);
-	if(dfd < 0){
-		kclose(cfd);
-		return "dhcp open data failed";
-	}
-	kclose(cfd);
-	
-	while(tries<1){
-		tries++;
-		memset(sid, 0, 4);
-		iplease=0;
-		dhcpmsgtype=-2;
-/* DHCPDISCOVER*/
-		done = 0;
-		recv = 0;
-		kproc("rcvbootp", rcvbootp, (void*)dfd, KPDUPFDG);
-		/* Prepare DHCPDISCOVER */	
-		memset(&req, 0, sizeof(req));
-		ipmove(req.raddr, IPv4bcast);
-		hnputs(req.rport, 67);
-		req.op = Bootrequest;
-		req.htype = 1;			/* ethernet (all we know) */
-		req.hlen = 6;			/* ethernet (all we know) */
-		
-		memmove(req.chaddr, ifc->mac, 6);	/* Hardware MAC address */
-		//ipv4local(ifc, req.ciaddr);				/* Fill in the local IP address if we know it */
-		memset(req.file, 0, sizeof(req.file));
-		vend=req.vend;
-		memmove(vend, vend_rfc1048, 4); vend+=4;
-		*vend++=53; *vend++=1;*vend++=1;		/* dhcp msg type==3, dhcprequest */
-		
-		*vend++=61;*vend++=7;*vend++=1;
-		memmove(vend, ifc->mac, 6);vend+=6;
-		*vend=0xff;
-
-		if(debug)
-			dispvend(req.vend); 
-		for(n=0;n<4;n++){
-			if(kwrite(dfd, &req, sizeof(req))<0)	/* SEND DHCPDISCOVER */
-				print("DHCPDISCOVER: %r");
-		
-			tsleep(&bootpr, return0, 0, 1000);	/* wait DHCPOFFER */
-			if(debug)
-				print("[DHCP] DISCOVER: msgtype = %d\n", dhcpmsgtype);
-
-			if(dhcpmsgtype==2)		/* DHCPOFFER */
-				break;
-			else if(dhcpmsgtype==0)	/* bootp */
-				return nil;
-			else if(dhcpmsgtype== -2)	/* time out */
-				continue;
-			else
-				break;
-			
-		}
-		if(dhcpmsgtype!=2)
-			continue;
-
-/* DHCPREQUEST */	
-		memset(req.vend, 0, sizeof(req.vend));
-		vend=req.vend;
-		memmove(vend, vend_rfc1048, 4);vend+=4;	
-
-		*vend++=53; *vend++=1;*vend++=3;		/* dhcp msg type==3, dhcprequest */
-
-		*vend++=50;	*vend++=4;				/* requested ip address */
-		*vend++=(ipaddr >> 24)&0xff;
-		*vend++=(ipaddr >> 16)&0xff;
-		*vend++=(ipaddr >> 8) & 0xff;
-		*vend++=ipaddr & 0xff;
-
-		*vend++=51;*vend++=4;					/* lease time */
-		*vend++=(iplease>>24)&0xff; *vend++=(iplease>>16)&0xff; *vend++=(iplease>>8)&0xff; *vend++=iplease&0xff;
-
-		*vend++=54; *vend++=4;					/* server identifier */
-		memmove(vend, sid, 4);	vend+=4;
-	
-		*vend++=61;*vend++=07;*vend++=01;		/* client identifier */
-		memmove(vend, ifc->mac, 6);vend+=6;
-		*vend=0xff;
-		if(debug) 
-			dispvend(req.vend); 
-		if(kwrite(dfd, &req, sizeof(req))<0){
-			print("DHCPREQUEST: %r");
-			continue;
-		}
-		tsleep(&bootpr, return0, 0, 2000);
-		if(dhcpmsgtype==5)		/* wait for DHCPACK */
-			break;
-		else
-			continue;
-		/* CHECK ARP */
-		/* DHCPDECLINE */
-	}
-	kclose(dfd);
-	done = 1;
-	if(rcvprocp != nil){
-		postnote(rcvprocp, 1, "timeout", 0);
-		rcvprocp = nil;
-	}
-
-	av[1] = "0.0.0.0";
-	av[2] = "0.0.0.0";
-	ipifcrem(ifc, av, 3);
-
-	hnputl(nipaddr, ipaddr);
-	sprint(ia, "%V", nipaddr);
-	hnputl(nipmask, ipmask);
-	sprint(im, "%V", nipmask);
-	av[1] = ia;
-	av[2] = im;
-	ipifcadd(ifc, av, 3, 0, nil);
-
-	if(gwip != 0) {
-		hnputl(ngwip, gwip);
-		n = sprint(ia, "add 0.0.0.0 0.0.0.0 %V", ngwip);
-		routewrite(ifc->conv->p->f, nil, ia, n);
-	}
-	return nil;
-}
-
-static int
-rbootpread(char *bp, ulong offset, int len)
-{
-	int n, i;
-	char *buf;
-	uchar a[4];
-
-	if(debug)
-		print("dhcp: bootpread() \n");
-	buf = smalloc(READSTR);
-	if(waserror()){
-		free(buf);
-		nexterror();
-	}
-
-	hnputl(a, fsip);
-	n = snprint(buf, READSTR, "fsip %15V\n", a);
-	hnputl(a, auip);
-	n += snprint(buf + n, READSTR-n, "auip %15V\n", a);
-	hnputl(a, gwip);
-	n += snprint(buf + n, READSTR-n, "gwip %15V\n", a);
-	hnputl(a, ipmask);
-	n += snprint(buf + n, READSTR-n, "ipmask %15V\n", a);
-	hnputl(a, ipaddr);
-	n += snprint(buf + n, READSTR-n, "ipaddr %15V\n", a);
-	n += snprint(buf+n, READSTR-n, "expired %lud\n", iplease);
-
-	n += snprint(buf + n, READSTR-n, "dns");
-	if(dns2ip){
-		hnputl(a, dns2ip);
-		n+=snprint(buf + n, READSTR-n, " %15V", a);
-	}
-	if(dns1ip){
-		hnputl(a, dns1ip);
-		n += snprint(buf + n, READSTR-n, " %15V", a);
-	}
-
-	for(i=0; i<2; i++)
-		if(ipcmp(pppdns[i], IPnoaddr) != 0 && ipcmp(pppdns[i], v4prefix) != 0)
-			n += snprint(buf + n, READSTR-n, " %15I", pppdns[i]);
-
-	snprint(buf + n, READSTR-n, "\n");
-	len = readstr(offset, bp, len, buf);
-	poperror();
-	free(buf);
-	return len;
-}
-
-char*	(*bootp)(Ipifc*) = rbootp;
-int	(*bootpread)(char*, ulong, int) = rbootpread;
diff -urN a/os/ip/eipconvtest.c b/os/ip/eipconvtest.c
--- a/os/ip/eipconvtest.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/eipconvtest.c	Wed Dec 31 19:00:00 1969
@@ -1,152 +0,0 @@
-#include <u.h>
-#include <libc.h>
-
-enum
-{
-	Isprefix= 16,
-};
-
-uchar prefixvals[256] =
-{
-[0x00] 0 | Isprefix,
-[0x80] 1 | Isprefix,
-[0xC0] 2 | Isprefix,
-[0xE0] 3 | Isprefix,
-[0xF0] 4 | Isprefix,
-[0xF8] 5 | Isprefix,
-[0xFC] 6 | Isprefix,
-[0xFE] 7 | Isprefix,
-[0xFF] 8 | Isprefix,
-};
-
-uchar v4prefix[16] = {
-	0, 0, 0, 0,
-	0, 0, 0, 0,
-	0, 0, 0xff, 0xff,
-	0, 0, 0, 0
-};
-
-void
-hnputl(void *p, ulong v)
-{
-	uchar *a;
-
-	a = p;
-	a[0] = v>>24;
-	a[1] = v>>16;
-	a[2] = v>>8;
-	a[3] = v;
-}
-
-int
-eipconv(va_list *arg, Fconv *f)
-{
-	char buf[8*5];
-	static char *efmt = "%.2lux%.2lux%.2lux%.2lux%.2lux%.2lux";
-	static char *ifmt = "%d.%d.%d.%d";
-	uchar *p, ip[16];
-	ulong *lp;
-	ushort s;
-	int i, j, n, eln, eli;
-
-	switch(f->chr) {
-	case 'E':		/* Ethernet address */
-		p = va_arg(*arg, uchar*);
-		sprint(buf, efmt, p[0], p[1], p[2], p[3], p[4], p[5]);
-		break;
-	case 'I':		/* Ip address */
-		p = va_arg(*arg, uchar*);
-common:
-		if(memcmp(p, v4prefix, 12) == 0)
-			sprint(buf, ifmt, p[12], p[13], p[14], p[15]);
-		else {
-			/* find longest elision */
-			eln = eli = -1;
-			for(i = 0; i < 16; i += 2){
-				for(j = i; j < 16; j += 2)
-					if(p[j] != 0 || p[j+1] != 0)
-						break;
-				if(j > i && j - i > eln){
-					eli = i;
-					eln = j - i;
-				}
-			}
-
-			/* print with possible elision */
-			n = 0;
-			for(i = 0; i < 16; i += 2){
-				if(i == eli){
-					n += sprint(buf+n, "::");
-					i += eln;
-					if(i >= 16)
-						break;
-				} else if(i != 0)
-					n += sprint(buf+n, ":");
-				s = (p[i]<<8) + p[i+1];
-				n += sprint(buf+n, "%ux", s);
-			}
-		}
-		break;
-	case 'i':		/* v6 address as 4 longs */
-		lp = va_arg(*arg, ulong*);
-		for(i = 0; i < 4; i++)
-			hnputl(ip+4*i, *lp++);
-		p = ip;
-		goto common;
-	case 'V':		/* v4 ip address */
-		p = va_arg(*arg, uchar*);
-		sprint(buf, ifmt, p[0], p[1], p[2], p[3]);
-		break;
-	case 'M':		/* ip mask */
-		p = va_arg(*arg, uchar*);
-
-		/* look for a prefix mask */
-		for(i = 0; i < 16; i++)
-			if(p[i] != 0xff)
-				break;
-		if(i < 16){
-			if((prefixvals[p[i]] & Isprefix) == 0)
-				goto common;
-			for(j = i+1; j < 16; j++)
-				if(p[j] != 0)
-					goto common;
-			n = 8*i + (prefixvals[p[i]] & ~Isprefix);
-		} else
-			n = 8*16;
-
-		/* got one, use /xx format */
-		sprint(buf, "/%d", n);
-		break;
-	default:
-		strcpy(buf, "(eipconv)");
-	}
-	strconv(buf, f);
-	return sizeof(uchar*);
-}
-
-uchar testvec[11][16] =
-{
- { 0,0,0,0, 0,0,0,0, 0,0,0xff,0xff, 1,3,4,5, },
- { 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, },
- { 0xff,0xff,0x80,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, },
- { 0xff,0xff,0xff,0xc0, 0,0,0,0, 0,0,0,0, 0,0,0,0, },
- { 0xff,0xff,0xff,0xff, 0xe0,0,0,0, 0,0,0,0, 0,0,0,0, },
- { 0xff,0xff,0xff,0xff, 0xff,0xf0,0,0, 0,0,0,0, 0,0,0,0, },
- { 0xff,0xff,0xff,0xff, 0xff,0xff,0xf8,0, 0,0,0,0, 0,0,0,0, },
- { 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, },
- { 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, },
- { 0,0,0,0, 0,0x11,0,0, 0,0,0,0, 0,0,0,0, },
- { 0,0,0,0x11, 0,0,0,0, 0,0,0,0, 0,0,0,0x12, },
-};
-
-void
-main(void)
-{
-	int i;
-
-	fmtinstall('I', eipconv);
-	fmtinstall('M', eipconv);
-	for(i = 0; i < 11; i++)
-		print("%I\n%M\n", testvec[i], testvec[i]);
-	exits(0);
-}
diff -urN a/os/ip/esp.c b/os/ip/esp.c
--- a/os/ip/esp.c	Thu Aug 12 23:08:35 2021
+++ b/os/ip/esp.c	Sat Aug 21 01:39:52 2021
@@ -1,3 +1,11 @@
+/*
+ * Encapsulating Security Payload for IPsec for IPv4, rfc1827.
+ * extended to IPv6.
+ * rfc2104 defines hmac computation.
+ *	currently only implements tunnel mode.
+ * TODO: verify aes algorithms;
+ *	transport mode (host-to-host)
+ */
 #include	"u.h"
 #include	"../port/lib.h"
 #include	"mem.h"
@@ -6,45 +14,77 @@
 #include	"../port/error.h"
 
 #include	"ip.h"
+#include	"ipv6.h"
+#include	<libsec.h>
 
-#include	"libsec.h"
+#define BITS2BYTES(bi) (((bi) + BI2BY - 1) / BI2BY)
+#define BYTES2BITS(by)  ((by) * BI2BY)
 
+typedef struct Algorithm Algorithm;
+typedef struct Esp4hdr Esp4hdr;
+typedef struct Esp6hdr Esp6hdr;
+typedef struct Espcb Espcb;
 typedef struct Esphdr Esphdr;
+typedef struct Esppriv Esppriv;
 typedef struct Esptail Esptail;
 typedef struct Userhdr Userhdr;
-typedef struct Esppriv Esppriv;
-typedef struct Espcb Espcb;
-typedef struct Algorithm Algorithm;
-typedef struct Esprc4 Esprc4;
 
-#define DPRINT if(0)print
+enum {
+	Encrypt,
+	Decrypt,
 
-enum
-{
-	IP_ESPPROTO	= 50,
-	EsphdrSize	= 28,	// includes IP header
-	IphdrSize	= 20,	// options have been striped
-	EsptailSize	= 2,	// does not include pad or auth data
-	UserhdrSize	= 4,	// user visable header size - if enabled
+	IP_ESPPROTO	= 50,	/* IP v4 and v6 protocol number */
+	Esp4hdrlen	= IP4HDR + 8,
+	Esp6hdrlen	= IP6HDR + 8,
+
+	Esptaillen	= 2,	/* does not include pad or auth data */
+	Userhdrlen	= 4,	/* user-visible header size - if enabled */
+
+	Desblk	 = BITS2BYTES(64),
+	Des3keysz = BITS2BYTES(192),
+
+	Aesblk	 = BITS2BYTES(128),
+	Aeskeysz = BITS2BYTES(128),
 };
 
 struct Esphdr
 {
-	/* ip header */
+	uchar	espspi[4];	/* Security parameter index */
+	uchar	espseq[4];	/* Sequence number */
+	uchar	payload[];
+};
+
+/*
+ * tunnel-mode (network-to-network, etc.) layout is:
+ * new IP hdrs | ESP hdr |
+ *	 enc { orig IP hdrs | TCP/UDP hdr | user data | ESP trailer } | ESP ICV
+