This change defines the RA "6" (IPv6-Only) flag which routers
may advertise, kernel logic to check if all routers on a link
have the flag set and accordingly update a per-interface flag.
If all routers agree that it is an IPv6-only link, ether_output_frame(),
based on the interface flag, will filter out all ETHERTYPE_IP/ARP
frames, drop them, and return EAFNOSUPPORT to upper layers.
The change also updates ndp to show the "6" flag, ifconfig to
display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
announcing the flag.
Further changes to tcpdump (contrib code) are availble and will
be upstreamed.
Tested the code (slightly earlier version) with 2 FreeBSD
IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
and with Win10 and OSX clients (which did not fall over with
the "6" flag set but not understood).
We may also want to (a) implement and RX filter, and (b) over
time enahnce user space to, say, stop dhclient from running
when the interface flag is set. Also we might want to start
IPv6 before IPv4 in the future.
All the code is hidden under the EXPERIMENTAL option and not
compiled by default as the draft is a work-in-progress and
we cannot rely on the fact that IANA will assign the bits
as requested by the draft and hence they may change.
Dear 6man, you have running code.
Discussed with: Bob Hinden, Brian E Carpenter
added/removed interfaces in a more consistent manner and reloading the
configuration file.
- Implement burst unsolicited RA sending into the internal RA timer framework
when AdvSendAdvertisements and/or configuration entries are changed as
described in RFC 4861 6.2.4. This fixes issues that make termination of the
rtadvd(8) daemon take very long time.
An interface now has three internal states, UNCONFIGURED, TRANSITIVE, or
CONFIGURED, and the burst unsolicited sending happens in TRANSITIVE.
See rtadvd.h for the details.
- rtadvd(8) now accepts non-existent interfaces as well in the command line.
- Add control socket support and rtadvctl(8) utility to show the RA information
in rtadvd(8). Dumping by SIGUSR1 has been removed in favor of it.
added/removed interfaces in a more consistent manner and reloading
the configuration file.
- Add initial support for control socket. RA information in the
daemon can be obtained by rtadvctl(8) instead of SIGUSR1 in a similar
manner to ifconfig(8). The information dump has been removed in favor of it.
(reload the configuration file)
# rtadvctl reload
(show RA messages being sent on each interfaces)
# rtadvctl show
em0: flags=<UP,CONFIGURED,PERSIST> status=<RA_SEND> mtu 1280
DefaultLifetime: 30m
MinAdvInterval/MaxAdvInterval: 3m20s/3m20s
AdvLinkMTU: <none>, Flags: O, Preference: medium
ReachableTime: 0s, RetransTimer: 0s, CurHopLimit: 64
AdvIfPrefixes: yes
(show RA messages being sent only on em0)
# rtadvctl show em0
(rtadvctl -v show provides additional information)
# rtadvctl -v show em0
em0: flags=<UP,CONFIGURED,PERSIST> status=<RA_SEND> mtu 1280
DefaultLifetime: 30m
MinAdvInterval/MaxAdvInterval: 3m20s/3m20s
AdvLinkMTU: <none>, Flags: O, Preference: medium
ReachableTime: 0s, RetransTimer: 0s, CurHopLimit: 64
AdvIfPrefixes: yes
Prefixes (1):
2001:db8:1::/64 (CONFIG, vltime=30d, pltime=7d, flags=LA)
RDNSS entries:
2001:db8:1::128 (ltime=2m40s)
(stop rtadvd)
# rtadvctl shutdown
A remaining issue when reloading the configuration file is that
during that period rtadvd cannot communicate with rtadvctl due to some
additional RA sending for graceful shutdown. This will be fixed later.
Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS
information received by rtsold(8) will go to resolv.conf(5) by
resolvconf(8) script. This is based on work by J.R. Oldroyd (kern/156259)
but revised extensively[1].
- rtadvd(8) now supports "noifprefix" to disable gathering on-link prefixes
from interfaces when no "addr" is specified[2]. An entry in rtadvd.conf
with "noifprefix" + no "addr" generates an RA message with no prefix
information option.
- rtadvd(8) now supports RTM_IFANNOUNCE message to fix crashes when an
interface is added or removed.
- Correct bogus ND_OPT_ROUTE_INFO value to one in RFC 4191.
Reviewed by: bz[1]
PR: kern/156259 [1]
PR: bin/152458 [2]
Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS
information received by rtsold(8) will go to resolv.conf(5) by
resolvconf(8) script. Lifetime handling is not supported at this
moment.
Note: when receiving a link-local scope address rtsold(8) adds a scope
id into addresses in the script arguments based on the received
interface in a representation defined in RFC 4007 (e.g. fe80::1%bge0).
However, there are some shell scripts using printf(1) (including
resolvconf(8)) cannot process it properly because printf(1) can
recognize the character % as special.
Based on work by: J.R. Oldroyd
PR: kern/156259
- deprecate routes#N, as it is hard to keep consistency with
rtprefixN. accept any number of "rtprefix", "rtrefix0",
..., "rtprefix99".
- deprecate "addrs#N", as it is difficult for users to keep
consistency with "addrN".
accept 100 prefix info in maximum - like "addr", "addr0"
... "addr99". WARNS=2 clean on netbsd.
old configuration file should work just fine.
behavior change:
previously, we rejected "addrN" if there's "addr", and we rejected
"addr" if there is "addrN". now we accept both without problem.
- when an advertised prefix configured from the kernel has been added
or invalidated, notice the change in a short delay.
- when invalidating a prefix, do not bark even if there is
inconsistency about prefix lifetimes.
- wrap more specific route info code into ROUTEINFO.
Obtained from: KAME
MFC after: 1 week
