introduced a flag bit "ND6_IFF_ACCEPT_RTADV" in the nd_ifinfo structure to

control whether to accept RAs per-interface basis. the new stuff ensures the backward compatibility; - the kernel does not accept RAs on any interfaces by default. - since the default value of the flag bit is on, the kernel accepts RAs on all interfaces when net.inet6.ip6.accept_rtadv is 1. Obtained from: KAME MFC after: 1 week
svn path=/head/; revision=118498
2003-08-05 14:57:11 +00:00 · 2003-08-05 14:57:11 +00:00 · 07cf047d5a · 2020-12-20 02:59:44 +00:00
commit 07cf047d5a
parent 5246b4ff88
5 changed files with 35 additions and 4 deletions
--- a/sys/netinet6/nd6.c
+++ b/sys/netinet6/nd6.c
@ -191,7 +191,12 @@ nd6_ifattach(ifp)
 	ND.reachable = ND_COMPUTE_RTIME(ND.basereachable);
 	ND.retrans = RETRANS_TIMER;
 	ND.receivedra = 0;
-	ND.flags = ND6_IFF_PERFORMNUD;
+	/*
+	 * Note that the default value of ip6_accept_rtadv is 0, which means
+	 * we won't accept RAs by default even if we set ND6_IFF_ACCEPT_RTADV
+	 * here.
+	 */
+	ND.flags = (ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV);
 	nd6_setmtu(ifp);
 #undef ND
 }
--- a/sys/netinet6/nd6.h
+++ b/sys/netinet6/nd6.h
@ -87,6 +87,7 @@ struct nd_ifinfo {
 };

 #define ND6_IFF_PERFORMNUD	0x1
+#define ND6_IFF_ACCEPT_RTADV	0x2

 struct in6_nbrinfo {
 	char ifname[IFNAMSIZ];	/* if name, e.g. "en0" */
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@ -217,8 +217,15 @@ nd6_ra_input(m, off, icmp6len)
 	union nd_opts ndopts;
 	struct nd_defrouter *dr;

+	/*
+	 * We only accept RAs only when
+	 * the system-wide variable allows the acceptance, and
+	 * per-interface variable allows RAs on the receiving interface.
+	 */
 	if (ip6_accept_rtadv == 0)
 		goto freeit;
+	if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV))
+		goto freeit;

 	if (ip6->ip6_hlim != 255) {
 		nd6log((LOG_ERR,
--- a/usr.sbin/ndp/ndp.8
+++ b/usr.sbin/ndp/ndp.8
@ -135,6 +135,17 @@ which means the flag should be cleared.
 turn on or off NUD (Neighbor Unreachability Detection) on the
 interface.
 NUD is usually turned on by default.
+.It Xo
+.Ic accept_rtadv
+.Xc
+Specify whether or not to accept Router Advertisement messages
+received on the
+.Ar interface .
+Note that the kernel does not accept Router Advertisement messages
+unless the
+.Li net.inet6.ip6.accept_rtadv
+variable is non-0, even if the flag is on.
+This flag is set to 1 by default.
 .El
 .It Fl n
 Do not try to resolve numeric address to hostname.
--- a/usr.sbin/ndp/ndp.c
+++ b/usr.sbin/ndp/ndp.c
@ -939,6 +939,9 @@ ifinfo(argc, argv)
 		}\
 	} while (0)
 		SETFLAG("nud", ND6_IFF_PERFORMNUD);
+#ifdef ND6_IFF_ACCEPT_RTADV
+		SETFLAG("accept_rtadv", ND6_IFF_ACCEPT_RTADV);
+#endif

 		ND.flags = newflags;
 		if (ioctl(s, SIOCSIFINFO_FLAGS, (caddr_t)&nd) < 0) {
@ -982,9 +985,13 @@ ifinfo(argc, argv)
 #endif
 	if (ND.flags) {
 		printf("\nFlags: ");
-		if ((ND.flags & ND6_IFF_PERFORMNUD) != 0)
-			printf("PERFORMNUD ");
-	}
+		if ((ND.flags & ND6_IFF_PERFORMNUD))
+			printf("nud ");
+#ifdef ND6_IFF_ACCEPT_RTADV
+		if ((ND.flags & ND6_IFF_ACCEPT_RTADV))
+			printf("accept_rtadv ");
+#endif
+}
 	putc('\n', stdout);
 #undef ND