Having the flag named "6" can possibly be a problem for configurations
where parsing strings and numbers can produce ambivalent results.
Rename the "6" flag to the "S"ix (or Silence-IPv4) flag.
This change defines the RA "6" (IPv6-Only) flag which routers
may advertise, kernel logic to check if all routers on a link
have the flag set and accordingly update a per-interface flag.
If all routers agree that it is an IPv6-only link, ether_output_frame(),
based on the interface flag, will filter out all ETHERTYPE_IP/ARP
frames, drop them, and return EAFNOSUPPORT to upper layers.
The change also updates ndp to show the "6" flag, ifconfig to
display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
announcing the flag.
Further changes to tcpdump (contrib code) are availble and will
be upstreamed.
Tested the code (slightly earlier version) with 2 FreeBSD
IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
and with Win10 and OSX clients (which did not fall over with
the "6" flag set but not understood).
We may also want to (a) implement and RX filter, and (b) over
time enahnce user space to, say, stop dhclient from running
when the interface flag is set. Also we might want to start
IPv6 before IPv4 in the future.
All the code is hidden under the EXPERIMENTAL option and not
compiled by default as the draft is a work-in-progress and
we cannot rely on the fact that IANA will assign the bits
as requested by the draft and hence they may change.
Dear 6man, you have running code.
Discussed with: Bob Hinden, Brian E Carpenter
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
usr.sbin/rtadvd:
usr.sbin/rtadvd/rtadvd.c:1291:7: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
abs(preferred_time - pfx->pfx_pltimeexpire) > rai->rai_clockskew) {
^
usr.sbin/rtadvd/rtadvd.c:1291:7: note: remove the call to 'abs' since unsigned values cannot be negative
abs(preferred_time - pfx->pfx_pltimeexpire) > rai->rai_clockskew) {
^~~
usr.sbin/rtadvd/rtadvd.c:1324:7: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
abs(valid_time - pfx->pfx_vltimeexpire) > rai->rai_clockskew) {
^
usr.sbin/rtadvd/rtadvd.c:1324:7: note: remove the call to 'abs' since unsigned values cannot be negative
abs(valid_time - pfx->pfx_vltimeexpire) > rai->rai_clockskew) {
^~~
2 errors generated.
These warnings occur because both preferred_time and pfx_pltimeexpire
are uint32_t's, so the subtraction expression is also unsigned, and
calling abs() is a no-op.
However, the intention was to look at the absolute difference between
the two unsigned quantities. Introduce a small static function to
clarify what we're doing, and call that instead.
Reviewed by: hrs
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D1197
PF_INET6 in kernel. This fixes various malfunction when the wall time
clock is changed. Bump __FreeBSD_version to 1000041.
- Use clock_gettime(CLOCK_MONOTONIC_FAST) in userland utilities.
MFC after: 1 month
clean-up RA messages for shutting down. The RA timers could prevent the rtadvd
daemon from shutting down because ra_output() just ignored !IFF_UP interfaces
and TRANSITIVE->UNCONFIGURED state transition never happened due to it.
Spotted by: kib
Approved by: re (bz)
- Fix an abnormal termination caused by twice of "rtadvctl disable". (r224303)
- Use poll() to wait for the control message socket instead of a spin loop.
(r224304)
- s/cmsg_/cm_/ to avoid conflict with CMSG_* symbols for struct cmsghdr.
(r224619)
- Ignore an interface that never sent RAs for graceful shut-down. (r224620)
- Refine log messages. (r225148)
- Fix SIGSEGV when receiving RAs that contain RDNSS and/or DNSSL options.
(r225149)
Approved by: re (kib)
added/removed interfaces in a more consistent manner and reloading the
configuration file.
- Implement burst unsolicited RA sending into the internal RA timer framework
when AdvSendAdvertisements and/or configuration entries are changed as
described in RFC 4861 6.2.4. This fixes issues that make termination of the
rtadvd(8) daemon take very long time.
An interface now has three internal states, UNCONFIGURED, TRANSITIVE, or
CONFIGURED, and the burst unsolicited sending happens in TRANSITIVE.
See rtadvd.h for the details.
- rtadvd(8) now accepts non-existent interfaces as well in the command line.
- Add control socket support and rtadvctl(8) utility to show the RA information
in rtadvd(8). Dumping by SIGUSR1 has been removed in favor of it.
Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS
information received by rtsold(8) will go to resolv.conf(5) by
resolvconf(8) script. This is based on work by J.R. Oldroyd (kern/156259)
but revised extensively[1].
- rtadvd(8) now supports "noifprefix" to disable gathering on-link prefixes
from interfaces when no "addr" is specified[2]. An entry in rtadvd.conf
with "noifprefix" + no "addr" generates an RA message with no prefix
information option.
- rtadvd(8) now supports RTM_IFANNOUNCE message to fix crashes when an
interface is added or removed.
- Correct bogus ND_OPT_ROUTE_INFO value to one in RFC 4191.
Reviewed by: bz[1]
PR: kern/156259 [1]
PR: bin/152458 [2]
- deprecate routes#N, as it is hard to keep consistency with
rtprefixN. accept any number of "rtprefix", "rtrefix0",
..., "rtprefix99".
- deprecate "addrs#N", as it is difficult for users to keep
consistency with "addrN".
accept 100 prefix info in maximum - like "addr", "addr0"
... "addr99". WARNS=2 clean on netbsd.
old configuration file should work just fine.
behavior change:
previously, we rejected "addrN" if there's "addr", and we rejected
"addr" if there is "addrN". now we accept both without problem.
- when an advertised prefix configured from the kernel has been added
or invalidated, notice the change in a short delay.
- when invalidating a prefix, do not bark even if there is
inconsistency about prefix lifetimes.
- wrap more specific route info code into ROUTEINFO.
Obtained from: KAME
MFC after: 1 week
was removed from the kernel;
Advertise the prefix with zero lifetimes rather than to remove the prefix
from the prefix list to be advertised.
This will help renumber a receiving host by deprecating the address
derived from the old prefix.
Obtained from: KAME
MFC after: 2 weeks
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
