From 07cf047d5a4f2f47cdaba2f1ef694c62818fdf16 Mon Sep 17 00:00:00 2001 From: Hajimu UMEMOTO Date: Tue, 5 Aug 2003 14:57:11 +0000 Subject: [PATCH] introduced a flag bit "ND6_IFF_ACCEPT_RTADV" in the nd_ifinfo structure to control whether to accept RAs per-interface basis. the new stuff ensures the backward compatibility; - the kernel does not accept RAs on any interfaces by default. - since the default value of the flag bit is on, the kernel accepts RAs on all interfaces when net.inet6.ip6.accept_rtadv is 1. Obtained from: KAME MFC after: 1 week --- sys/netinet6/nd6.c | 7 ++++++- sys/netinet6/nd6.h | 1 + sys/netinet6/nd6_rtr.c | 7 +++++++ usr.sbin/ndp/ndp.8 | 11 +++++++++++ usr.sbin/ndp/ndp.c | 13 ++++++++++--- 5 files changed, 35 insertions(+), 4 deletions(-) diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index f2f09f4020e0..2a66bb674ca8 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -191,7 +191,12 @@ nd6_ifattach(ifp) ND.reachable = ND_COMPUTE_RTIME(ND.basereachable); ND.retrans = RETRANS_TIMER; ND.receivedra = 0; - ND.flags = ND6_IFF_PERFORMNUD; + /* + * Note that the default value of ip6_accept_rtadv is 0, which means + * we won't accept RAs by default even if we set ND6_IFF_ACCEPT_RTADV + * here. + */ + ND.flags = (ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV); nd6_setmtu(ifp); #undef ND } diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h index c8b531a7ae44..397a505f2453 100644 --- a/sys/netinet6/nd6.h +++ b/sys/netinet6/nd6.h @@ -87,6 +87,7 @@ struct nd_ifinfo { }; #define ND6_IFF_PERFORMNUD 0x1 +#define ND6_IFF_ACCEPT_RTADV 0x2 struct in6_nbrinfo { char ifname[IFNAMSIZ]; /* if name, e.g. "en0" */ diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index 651a14d0ff89..7714969d4f95 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -217,8 +217,15 @@ nd6_ra_input(m, off, icmp6len) union nd_opts ndopts; struct nd_defrouter *dr; + /* + * We only accept RAs only when + * the system-wide variable allows the acceptance, and + * per-interface variable allows RAs on the receiving interface. + */ if (ip6_accept_rtadv == 0) goto freeit; + if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV)) + goto freeit; if (ip6->ip6_hlim != 255) { nd6log((LOG_ERR, diff --git a/usr.sbin/ndp/ndp.8 b/usr.sbin/ndp/ndp.8 index 945f1ee7e869..e9b75ddee870 100644 --- a/usr.sbin/ndp/ndp.8 +++ b/usr.sbin/ndp/ndp.8 @@ -135,6 +135,17 @@ which means the flag should be cleared. turn on or off NUD (Neighbor Unreachability Detection) on the interface. NUD is usually turned on by default. +.It Xo +.Ic accept_rtadv +.Xc +Specify whether or not to accept Router Advertisement messages +received on the +.Ar interface . +Note that the kernel does not accept Router Advertisement messages +unless the +.Li net.inet6.ip6.accept_rtadv +variable is non-0, even if the flag is on. +This flag is set to 1 by default. .El .It Fl n Do not try to resolve numeric address to hostname. diff --git a/usr.sbin/ndp/ndp.c b/usr.sbin/ndp/ndp.c index 3ad148b4dcb5..e54b41400ec5 100644 --- a/usr.sbin/ndp/ndp.c +++ b/usr.sbin/ndp/ndp.c @@ -939,6 +939,9 @@ ifinfo(argc, argv) }\ } while (0) SETFLAG("nud", ND6_IFF_PERFORMNUD); +#ifdef ND6_IFF_ACCEPT_RTADV + SETFLAG("accept_rtadv", ND6_IFF_ACCEPT_RTADV); +#endif ND.flags = newflags; if (ioctl(s, SIOCSIFINFO_FLAGS, (caddr_t)&nd) < 0) { @@ -982,9 +985,13 @@ ifinfo(argc, argv) #endif if (ND.flags) { printf("\nFlags: "); - if ((ND.flags & ND6_IFF_PERFORMNUD) != 0) - printf("PERFORMNUD "); - } + if ((ND.flags & ND6_IFF_PERFORMNUD)) + printf("nud "); +#ifdef ND6_IFF_ACCEPT_RTADV + if ((ND.flags & ND6_IFF_ACCEPT_RTADV)) + printf("accept_rtadv "); +#endif +} putc('\n', stdout); #undef ND