MFC: supported an ndp command suboption to disable IPv6 in the given interface

src/sys/netinet6/ip6_input.c 1.84 src/sys/netinet6/nd6.c 1.58 src/sys/netinet6/nd6.h 1.20 src/usr.sbin/ndp/ndp.8 1.18 src/usr.sbin/ndp/ndp.c 1.20
2005-11-05 10:30:00 +00:00 · 2005-11-05 10:30:00 +00:00 · 87d613294f
commit 87d613294f
parent be9a4892ea
5 changed files with 34 additions and 0 deletions
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@ -278,6 +278,12 @@ ip6_input(m)
 #undef M2MMAX
 	}

+	/* drop the packet if IPv6 operation is disabled on the IF */
+	if ((ND_IFINFO(m->m_pkthdr.rcvif)->flags & ND6_IFF_IFDISABLED)) {
+		m_freem(m);
+		return;
+	}
+
 	in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive);
 	ip6stat.ip6s_total++;

--- a/sys/netinet6/nd6.c
+++ b/sys/netinet6/nd6.c
@ -1967,6 +1967,12 @@ nd6_output(ifp, origifp, m0, dst, rt0)
 	return (0);

  sendpkt:
+	/* discard the packet if IPv6 operation is disabled on the interface */
+	if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) {
+		error = ENETDOWN; /* better error? */
+		goto bad;
+	}
+
 #ifdef IPSEC
 	/* clean ipsec history once it goes out of the node */
 	ipsec_delaux(m);
--- a/sys/netinet6/nd6.h
+++ b/sys/netinet6/nd6.h
@ -88,6 +88,10 @@ struct nd_ifinfo {

 #define ND6_IFF_PERFORMNUD	0x1
 #define ND6_IFF_ACCEPT_RTADV	0x2
+#define ND6_IFF_PREFER_SOURCE	0x4 /* XXX: not related to ND. */
+#define ND6_IFF_IFDISABLED	0x8 /* IPv6 operation is disabled due to
+				     * DAD failure.  (XXX: not ND-specific)
+				     */

 #ifdef _KERNEL
 #define ND_IFINFO(ifp) \
--- a/usr.sbin/ndp/ndp.8
+++ b/usr.sbin/ndp/ndp.8
@ -196,6 +196,19 @@ For more details about the entire algorithm of source address
 selection, see the
 .Pa IMPLEMENTATION
 file supplied with the KAME kit.
+.It Xo
+.Ic disabled
+.Xc
+Disable IPv6 operation on the interface.
+When disabled, the interface discards any IPv6 packets
+received on or being sent to the interface.
+In the sending case, an error of ENETDOWN will be returned to the
+application.
+This flag is typically set automatically in the kernel as a result of
+a certain failure of Duplicate Address Detection.
+While the flag can be set or cleared by hand with the
+.Nm
+command, it is not generally advisable to modify this flag manually.
 .El
 .It Fl n
 Do not try to resolve numeric addresses to hostnames.
--- a/usr.sbin/ndp/ndp.c
+++ b/usr.sbin/ndp/ndp.c
@ -965,6 +965,7 @@ ifinfo(ifname, argc, argv)
 				newflags |= (f);\
 		}\
 	} while (0)
+		SETFLAG("disabled", ND6_IFF_IFDISABLED);
 		SETFLAG("nud", ND6_IFF_PERFORMNUD);
 #ifdef ND6_IFF_ACCEPT_RTADV
 		SETFLAG("accept_rtadv", ND6_IFF_ACCEPT_RTADV);
@ -1021,6 +1022,10 @@ ifinfo(ifname, argc, argv)
 #endif
 	if (ND.flags) {
 		printf("\nFlags: ");
+#ifdef ND6_IFF_IFDISABLED
+		if ((ND.flags & ND6_IFF_IFDISABLED))
+			printf("disabled ");
+#endif
 		if ((ND.flags & ND6_IFF_PERFORMNUD))
 			printf("nud ");
 #ifdef ND6_IFF_ACCEPT_RTADV