2009-09-13 00:08:20 +02:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2009 Hiroki Sato. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef lint
|
|
|
|
static const char rcsid[] =
|
|
|
|
"$FreeBSD$";
|
|
|
|
#endif /* not lint */
|
|
|
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
#include <net/if.h>
|
|
|
|
#include <net/route.h>
|
|
|
|
|
|
|
|
#include <err.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <ifaddrs.h>
|
|
|
|
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <net/if_var.h>
|
|
|
|
#include <netinet/in_var.h>
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <netdb.h>
|
|
|
|
|
|
|
|
#include <netinet6/nd6.h>
|
|
|
|
|
|
|
|
#include "ifconfig.h"
|
|
|
|
|
|
|
|
#define MAX_SYSCTL_TRY 5
|
2009-10-12 23:11:50 +02:00
|
|
|
#define ND6BITS "\020\001PERFORMNUD\002ACCEPT_RTADV\003PREFER_SOURCE" \
|
|
|
|
"\004IFDISABLED\005DONT_SET_IFROUTE\006AUTO_LINKLOCAL" \
|
- Accept Router Advertisement messages even when net.inet6.ip6.forwarding=1.
- A new per-interface knob IFF_ND6_NO_RADR and sysctl IPV6CTL_NO_RADR.
This controls if accepting a route in an RA message as the default route.
The default value for each interface can be set by net.inet6.ip6.no_radr.
The system wide default value is 0.
- A new sysctl: net.inet6.ip6.norbit_raif. This controls if setting R-bit in
NA on RA accepting interfaces. The default is 0 (R-bit is set based on
net.inet6.ip6.forwarding).
Background:
IPv6 host/router model suggests a router sends an RA and a host accepts it for
router discovery. Because of that, KAME implementation does not allow
accepting RAs when net.inet6.ip6.forwarding=1. Accepting RAs on a router can
make the routing table confused since it can change the default router
unintentionally.
However, in practice there are cases where we cannot distinguish a host from
a router clearly. For example, a customer edge router often works as a host
against the ISP, and as a router against the LAN at the same time. Another
example is a complex network configurations like an L2TP tunnel for IPv6
connection to Internet over an Ethernet link with another native IPv6 subnet.
In this case, the physical interface for the native IPv6 subnet works as a
host, and the pseudo-interface for L2TP works as the default IP forwarding
route.
Problem:
Disabling processing RA messages when net.inet6.ip6.forwarding=1 and
accepting them when net.inet6.ip6.forward=0 cause the following practical
issues:
- A router cannot perform SLAAC. It becomes a problem if a box has
multiple interfaces and you want to use SLAAC on some of them, for
example. A customer edge router for IPv6 Internet access service
using an IPv6-over-IPv6 tunnel sometimes needs SLAAC on the
physical interface for administration purpose; updating firmware
and so on (link-local addresses can be used there, but GUAs by
SLAAC are often used for scalability).
- When a host has multiple IPv6 interfaces and it receives multiple RAs on
them, controlling the default route is difficult. Router preferences
defined in RFC 4191 works only when the routers on the links are
under your control.
Details of Implementation Changes:
Router Advertisement messages will be accepted even when
net.inet6.ip6.forwarding=1. More precisely, the conditions are as
follow:
(ACCEPT_RTADV && !NO_RADR && !ip6.forwarding)
=> Normal RA processing on that interface. (as IPv6 host)
(ACCEPT_RTADV && (NO_RADR || ip6.forwarding))
=> Accept RA but add the router to the defroute list with
rtlifetime=0 unconditionally. This effectively prevents
from setting the received router address as the box's
default route.
(!ACCEPT_RTADV)
=> No RA processing on that interface.
ACCEPT_RTADV and NO_RADR are per-interface knob. In short, all interface
are classified as "RA-accepting" or not. An RA-accepting interface always
processes RA messages regardless of ip6.forwarding. The difference caused by
NO_RADR or ip6.forwarding is whether the RA source address is considered as
the default router or not.
R-bit in NA on the RA accepting interfaces is set based on
net.inet6.ip6.forwarding. While RFC 6204 W-1 rule (for CPE case) suggests
a router should disable the R-bit completely even when the box has
net.inet6.ip6.forwarding=1, I believe there is no technical reason with
doing so. This behavior can be set by a new sysctl net.inet6.ip6.norbit_raif
(the default is 0).
Usage:
# ifconfig fxp0 inet6 accept_rtadv
=> accept RA on fxp0
# ifconfig fxp0 inet6 accept_rtadv no_radr
=> accept RA on fxp0 but ignore default route information in it.
# sysctl net.inet6.ip6.norbit_no_radr=1
=> R-bit in NAs on RA accepting interfaces will always be set to 0.
2011-06-06 04:14:23 +02:00
|
|
|
"\007NO_RADR\020DEFAULTIF"
|
2009-09-13 00:08:20 +02:00
|
|
|
|
|
|
|
static int isnd6defif(int);
|
|
|
|
void setnd6flags(const char *, int, int, const struct afswtch *);
|
|
|
|
void setnd6defif(const char *, int, int, const struct afswtch *);
|
2011-06-05 13:37:20 +02:00
|
|
|
void nd6_status(int);
|
2009-09-13 00:08:20 +02:00
|
|
|
|
|
|
|
void
|
|
|
|
setnd6flags(const char *dummyaddr __unused,
|
|
|
|
int d, int s,
|
|
|
|
const struct afswtch *afp)
|
|
|
|
{
|
|
|
|
struct in6_ndireq nd;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
memset(&nd, 0, sizeof(nd));
|
|
|
|
strncpy(nd.ifname, ifr.ifr_name, sizeof(nd.ifname));
|
|
|
|
error = ioctl(s, SIOCGIFINFO_IN6, &nd);
|
|
|
|
if (error) {
|
|
|
|
warn("ioctl(SIOCGIFINFO_IN6)");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (d < 0)
|
|
|
|
nd.ndi.flags &= ~(-d);
|
|
|
|
else
|
|
|
|
nd.ndi.flags |= d;
|
|
|
|
error = ioctl(s, SIOCSIFINFO_IN6, (caddr_t)&nd);
|
|
|
|
if (error)
|
|
|
|
warn("ioctl(SIOCSIFINFO_IN6)");
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
setnd6defif(const char *dummyaddr __unused,
|
|
|
|
int d, int s,
|
|
|
|
const struct afswtch *afp)
|
|
|
|
{
|
|
|
|
struct in6_ndifreq ndifreq;
|
|
|
|
int ifindex;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
memset(&ndifreq, 0, sizeof(ndifreq));
|
|
|
|
strncpy(ndifreq.ifname, ifr.ifr_name, sizeof(ndifreq.ifname));
|
|
|
|
|
|
|
|
if (d < 0) {
|
|
|
|
if (isnd6defif(s)) {
|
|
|
|
/* ifindex = 0 means to remove default if */
|
|
|
|
ifindex = 0;
|
|
|
|
} else
|
|
|
|
return;
|
|
|
|
} else if ((ifindex = if_nametoindex(ndifreq.ifname)) == 0) {
|
|
|
|
warn("if_nametoindex(%s)", ndifreq.ifname);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
ndifreq.ifindex = ifindex;
|
|
|
|
error = ioctl(s, SIOCSDEFIFACE_IN6, (caddr_t)&ndifreq);
|
|
|
|
if (error)
|
|
|
|
warn("ioctl(SIOCSDEFIFACE_IN6)");
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
isnd6defif(int s)
|
|
|
|
{
|
|
|
|
struct in6_ndifreq ndifreq;
|
|
|
|
unsigned int ifindex;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
memset(&ndifreq, 0, sizeof(ndifreq));
|
|
|
|
strncpy(ndifreq.ifname, ifr.ifr_name, sizeof(ndifreq.ifname));
|
|
|
|
|
|
|
|
ifindex = if_nametoindex(ndifreq.ifname);
|
|
|
|
error = ioctl(s, SIOCGDEFIFACE_IN6, (caddr_t)&ndifreq);
|
|
|
|
if (error) {
|
|
|
|
warn("ioctl(SIOCGDEFIFACE_IN6)");
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
return (ndifreq.ifindex == ifindex);
|
|
|
|
}
|
|
|
|
|
2011-06-05 13:37:20 +02:00
|
|
|
void
|
2009-09-13 00:08:20 +02:00
|
|
|
nd6_status(int s)
|
|
|
|
{
|
|
|
|
struct in6_ndireq nd;
|
|
|
|
int s6;
|
2009-10-12 23:11:50 +02:00
|
|
|
int error;
|
2011-06-05 13:37:20 +02:00
|
|
|
int isdefif;
|
2009-09-13 00:08:20 +02:00
|
|
|
|
|
|
|
memset(&nd, 0, sizeof(nd));
|
|
|
|
strncpy(nd.ifname, ifr.ifr_name, sizeof(nd.ifname));
|
|
|
|
if ((s6 = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
|
|
|
|
warn("socket(AF_INET6, SOCK_DGRAM)");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
error = ioctl(s6, SIOCGIFINFO_IN6, &nd);
|
|
|
|
if (error) {
|
|
|
|
warn("ioctl(SIOCGIFINFO_IN6)");
|
|
|
|
close(s6);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
isdefif = isnd6defif(s6);
|
|
|
|
close(s6);
|
|
|
|
if (nd.ndi.flags == 0 && !isdefif)
|
|
|
|
return;
|
2009-10-12 23:11:50 +02:00
|
|
|
printb("\tnd6 options",
|
|
|
|
(unsigned int)(nd.ndi.flags | (isdefif << 15)), ND6BITS);
|
|
|
|
putchar('\n');
|
2009-09-13 00:08:20 +02:00
|
|
|
}
|