Use the IFF_NO_PI option on Linux to simplify (and speed up) WritePac…

…ket()

and unify the linux and the freebsd code, so both can use the same code.

Disable the 4-byte Packet Information header by setting the IFF_NO_PI flag when creating tun interfaces in Linux. Now userspace reads raw IPv6 packets from the kernel without needing to strip the header. The packet information header had 1) a protocol field (determine protocol instead from first nibble, the version, of packet) and 2) a truncation flag to indicate whether the read was truncated (assume irrelevant, b/c buffer sizes exceed MTU).

Consider packets without a complete IP datagram an error
This is slightly different from the earlier code, which only considered
it a ErrShortRead if the 4 byte header was missing. But it's what we
should be checking anyway. Callers aren't checking.

Trim off extra bytes after the IP payload. Our
callers aren't sneaking data after the IP payload.

We don't need that copy during WritePacket anymore
This was, I thought, the point of using IFF_NO_PI in the first place.
But it got forgotten in the rest of the changes.

Eliminate error case first with a return. Remaining happy path code no longer needs an if-else statement
and one step of indent.

NOTE: this change removes the Packet.Truncated flag from the Packet struct (because
it will never be set). Calling code may need to be adjusted to assume
packets are not truncated.

add two more bounds checks, just in case we get passed

too large a packet to write, or read and receive too short
a packet from /dev/tun

bump dependencies to sept 2024 values just to keep up

with bug fixes there. Not for any particular reason.

parse IPv6 fragment header correctly, and check for truncated packets

MIST-122666 was due to a bug in parsing IPv6 fragmentation headers:
`at` was moved forward before reading the fragment offset value, which
is wrong. Also continuing to decode inside a non-first fragment is
wrong. And lastly bounds checks are better than panics.

go mod tidy so github's dependabot stops complaining

that an unused entry in go.sum points to a vulnerable version

specify O_ClOLEXEC explicitly. The change from os.OpenFile to unix.Open

removed this flag, and now child processes hold the tun device open
after the parent/createor exits. For example when ep-control exits,
tun0 sticks around because of the child processes created by ep-control
configuration code.

get ready for go modules

add **Packet).String method for pretty printing