introduced a flag bit "ND6_IFF_ACCEPT_RTADV" in the nd_ifinfo structure to
control whether to accept RAs per-interface basis. the new stuff ensures the backward compatibility; - the kernel does not accept RAs on any interfaces by default. - since the default value of the flag bit is on, the kernel accepts RAs on all interfaces when net.inet6.ip6.accept_rtadv is 1. Obtained from: KAME MFC after: 1 week
This commit is contained in:
parent
5246b4ff88
commit
07cf047d5a
@ -191,7 +191,12 @@ nd6_ifattach(ifp)
|
||||
ND.reachable = ND_COMPUTE_RTIME(ND.basereachable);
|
||||
ND.retrans = RETRANS_TIMER;
|
||||
ND.receivedra = 0;
|
||||
ND.flags = ND6_IFF_PERFORMNUD;
|
||||
/*
|
||||
* Note that the default value of ip6_accept_rtadv is 0, which means
|
||||
* we won't accept RAs by default even if we set ND6_IFF_ACCEPT_RTADV
|
||||
* here.
|
||||
*/
|
||||
ND.flags = (ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV);
|
||||
nd6_setmtu(ifp);
|
||||
#undef ND
|
||||
}
|
||||
|
@ -87,6 +87,7 @@ struct nd_ifinfo {
|
||||
};
|
||||
|
||||
#define ND6_IFF_PERFORMNUD 0x1
|
||||
#define ND6_IFF_ACCEPT_RTADV 0x2
|
||||
|
||||
struct in6_nbrinfo {
|
||||
char ifname[IFNAMSIZ]; /* if name, e.g. "en0" */
|
||||
|
@ -217,8 +217,15 @@ nd6_ra_input(m, off, icmp6len)
|
||||
union nd_opts ndopts;
|
||||
struct nd_defrouter *dr;
|
||||
|
||||
/*
|
||||
* We only accept RAs only when
|
||||
* the system-wide variable allows the acceptance, and
|
||||
* per-interface variable allows RAs on the receiving interface.
|
||||
*/
|
||||
if (ip6_accept_rtadv == 0)
|
||||
goto freeit;
|
||||
if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV))
|
||||
goto freeit;
|
||||
|
||||
if (ip6->ip6_hlim != 255) {
|
||||
nd6log((LOG_ERR,
|
||||
|
@ -135,6 +135,17 @@ which means the flag should be cleared.
|
||||
turn on or off NUD (Neighbor Unreachability Detection) on the
|
||||
interface.
|
||||
NUD is usually turned on by default.
|
||||
.It Xo
|
||||
.Ic accept_rtadv
|
||||
.Xc
|
||||
Specify whether or not to accept Router Advertisement messages
|
||||
received on the
|
||||
.Ar interface .
|
||||
Note that the kernel does not accept Router Advertisement messages
|
||||
unless the
|
||||
.Li net.inet6.ip6.accept_rtadv
|
||||
variable is non-0, even if the flag is on.
|
||||
This flag is set to 1 by default.
|
||||
.El
|
||||
.It Fl n
|
||||
Do not try to resolve numeric address to hostname.
|
||||
|
@ -939,6 +939,9 @@ ifinfo(argc, argv)
|
||||
}\
|
||||
} while (0)
|
||||
SETFLAG("nud", ND6_IFF_PERFORMNUD);
|
||||
#ifdef ND6_IFF_ACCEPT_RTADV
|
||||
SETFLAG("accept_rtadv", ND6_IFF_ACCEPT_RTADV);
|
||||
#endif
|
||||
|
||||
ND.flags = newflags;
|
||||
if (ioctl(s, SIOCSIFINFO_FLAGS, (caddr_t)&nd) < 0) {
|
||||
@ -982,9 +985,13 @@ ifinfo(argc, argv)
|
||||
#endif
|
||||
if (ND.flags) {
|
||||
printf("\nFlags: ");
|
||||
if ((ND.flags & ND6_IFF_PERFORMNUD) != 0)
|
||||
printf("PERFORMNUD ");
|
||||
}
|
||||
if ((ND.flags & ND6_IFF_PERFORMNUD))
|
||||
printf("nud ");
|
||||
#ifdef ND6_IFF_ACCEPT_RTADV
|
||||
if ((ND.flags & ND6_IFF_ACCEPT_RTADV))
|
||||
printf("accept_rtadv ");
|
||||
#endif
|
||||
}
|
||||
putc('\n', stdout);
|
||||
#undef ND
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user