This change defines the RA "6" (IPv6-Only) flag which routers
may advertise, kernel logic to check if all routers on a link
have the flag set and accordingly update a per-interface flag.
If all routers agree that it is an IPv6-only link, ether_output_frame(),
based on the interface flag, will filter out all ETHERTYPE_IP/ARP
frames, drop them, and return EAFNOSUPPORT to upper layers.
The change also updates ndp to show the "6" flag, ifconfig to
display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
announcing the flag.
Further changes to tcpdump (contrib code) are availble and will
be upstreamed.
Tested the code (slightly earlier version) with 2 FreeBSD
IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
and with Win10 and OSX clients (which did not fall over with
the "6" flag set but not understood).
We may also want to (a) implement and RX filter, and (b) over
time enahnce user space to, say, stop dhclient from running
when the interface flag is set. Also we might want to start
IPv6 before IPv4 in the future.
All the code is hidden under the EXPERIMENTAL option and not
compiled by default as the draft is a work-in-progress and
we cannot rely on the fact that IANA will assign the bits
as requested by the draft and hence they may change.
Dear 6man, you have running code.
Discussed with: Bob Hinden, Brian E Carpenter
added/removed interfaces in a more consistent manner and reloading the
configuration file.
- Implement burst unsolicited RA sending into the internal RA timer framework
when AdvSendAdvertisements and/or configuration entries are changed as
described in RFC 4861 6.2.4. This fixes issues that make termination of the
rtadvd(8) daemon take very long time.
An interface now has three internal states, UNCONFIGURED, TRANSITIVE, or
CONFIGURED, and the burst unsolicited sending happens in TRANSITIVE.
See rtadvd.h for the details.
- rtadvd(8) now accepts non-existent interfaces as well in the command line.
- Add control socket support and rtadvctl(8) utility to show the RA information
in rtadvd(8). Dumping by SIGUSR1 has been removed in favor of it.
Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS
information received by rtsold(8) will go to resolv.conf(5) by
resolvconf(8) script. This is based on work by J.R. Oldroyd (kern/156259)
but revised extensively[1].
- rtadvd(8) now supports "noifprefix" to disable gathering on-link prefixes
from interfaces when no "addr" is specified[2]. An entry in rtadvd.conf
with "noifprefix" + no "addr" generates an RA message with no prefix
information option.
- rtadvd(8) now supports RTM_IFANNOUNCE message to fix crashes when an
interface is added or removed.
- Correct bogus ND_OPT_ROUTE_INFO value to one in RFC 4191.
Reviewed by: bz[1]
PR: kern/156259 [1]
PR: bin/152458 [2]
- deprecate routes#N, as it is hard to keep consistency with
rtprefixN. accept any number of "rtprefix", "rtrefix0",
..., "rtprefix99".
- deprecate "addrs#N", as it is difficult for users to keep
consistency with "addrN".
accept 100 prefix info in maximum - like "addr", "addr0"
... "addr99". WARNS=2 clean on netbsd.
old configuration file should work just fine.
behavior change:
previously, we rejected "addrN" if there's "addr", and we rejected
"addr" if there is "addrN". now we accept both without problem.
- when an advertised prefix configured from the kernel has been added
or invalidated, notice the change in a short delay.
- when invalidating a prefix, do not bark even if there is
inconsistency about prefix lifetimes.
- wrap more specific route info code into ROUTEINFO.
Obtained from: KAME
MFC after: 1 week
