diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index f2f09f4020e0..2a66bb674ca8 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -191,7 +191,12 @@ nd6_ifattach(ifp) ND.reachable = ND_COMPUTE_RTIME(ND.basereachable); ND.retrans = RETRANS_TIMER; ND.receivedra = 0; - ND.flags = ND6_IFF_PERFORMNUD; + /* + * Note that the default value of ip6_accept_rtadv is 0, which means + * we won't accept RAs by default even if we set ND6_IFF_ACCEPT_RTADV + * here. + */ + ND.flags = (ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV); nd6_setmtu(ifp); #undef ND } diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h index c8b531a7ae44..397a505f2453 100644 --- a/sys/netinet6/nd6.h +++ b/sys/netinet6/nd6.h @@ -87,6 +87,7 @@ struct nd_ifinfo { }; #define ND6_IFF_PERFORMNUD 0x1 +#define ND6_IFF_ACCEPT_RTADV 0x2 struct in6_nbrinfo { char ifname[IFNAMSIZ]; /* if name, e.g. "en0" */ diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index 651a14d0ff89..7714969d4f95 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -217,8 +217,15 @@ nd6_ra_input(m, off, icmp6len) union nd_opts ndopts; struct nd_defrouter *dr; + /* + * We only accept RAs only when + * the system-wide variable allows the acceptance, and + * per-interface variable allows RAs on the receiving interface. + */ if (ip6_accept_rtadv == 0) goto freeit; + if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV)) + goto freeit; if (ip6->ip6_hlim != 255) { nd6log((LOG_ERR, diff --git a/usr.sbin/ndp/ndp.8 b/usr.sbin/ndp/ndp.8 index 945f1ee7e869..e9b75ddee870 100644 --- a/usr.sbin/ndp/ndp.8 +++ b/usr.sbin/ndp/ndp.8 @@ -135,6 +135,17 @@ which means the flag should be cleared. turn on or off NUD (Neighbor Unreachability Detection) on the interface. NUD is usually turned on by default. +.It Xo +.Ic accept_rtadv +.Xc +Specify whether or not to accept Router Advertisement messages +received on the +.Ar interface . +Note that the kernel does not accept Router Advertisement messages +unless the +.Li net.inet6.ip6.accept_rtadv +variable is non-0, even if the flag is on. +This flag is set to 1 by default. .El .It Fl n Do not try to resolve numeric address to hostname. diff --git a/usr.sbin/ndp/ndp.c b/usr.sbin/ndp/ndp.c index 3ad148b4dcb5..e54b41400ec5 100644 --- a/usr.sbin/ndp/ndp.c +++ b/usr.sbin/ndp/ndp.c @@ -939,6 +939,9 @@ ifinfo(argc, argv) }\ } while (0) SETFLAG("nud", ND6_IFF_PERFORMNUD); +#ifdef ND6_IFF_ACCEPT_RTADV + SETFLAG("accept_rtadv", ND6_IFF_ACCEPT_RTADV); +#endif ND.flags = newflags; if (ioctl(s, SIOCSIFINFO_FLAGS, (caddr_t)&nd) < 0) { @@ -982,9 +985,13 @@ ifinfo(argc, argv) #endif if (ND.flags) { printf("\nFlags: "); - if ((ND.flags & ND6_IFF_PERFORMNUD) != 0) - printf("PERFORMNUD "); - } + if ((ND.flags & ND6_IFF_PERFORMNUD)) + printf("nud "); +#ifdef ND6_IFF_ACCEPT_RTADV + if ((ND.flags & ND6_IFF_ACCEPT_RTADV)) + printf("accept_rtadv "); +#endif +} putc('\n', stdout); #undef ND