diff options
| author | hrs <hrs@FreeBSD.org> | 2011-09-13 00:06:11 +0000 |
|---|---|---|
| committer | hrs <hrs@FreeBSD.org> | 2011-09-13 00:06:11 +0000 |
| commit | 08320280c671000afa24235eaab7869ae2dbd736 (patch) | |
| tree | 65838798bfafaaad2f247158cfaf03eb7eb3814f | |
| parent | 06dd2030acf84db5a0d9e068e527ed1d2545df04 (diff) | |
| download | FreeBSD-src-08320280c671000afa24235eaab7869ae2dbd736.zip FreeBSD-src-08320280c671000afa24235eaab7869ae2dbd736.tar.gz | |
Add $ipv6_cpe_wanif to enable functionality required for IPv6 CPE
(r225485). When setting an interface name to it, the following
configurations will be enabled:
1. "no_radr" is set to all IPv6 interfaces automatically.
2. "-no_radr accept_rtadv" will be set only for $ipv6_cpe_wanif. This is
done just before evaluating $ifconfig_IF_ipv6 in the rc.d scripts (this
means you can manually supersede this configuration if necessary).
3. The node will add RA-sending routers to the default router list
even if net.inet6.ip6.forwarding=1.
This mode is added to conform to RFC 6204 (a router which connects
the end-user network to a service provider network). To enable
packet forwarding, you still need to set ipv6_gateway_enable=YES.
Note that accepting router entries into the default router list when
packet forwarding capability and a routing daemon are enabled can
result in messing up the routing table. To minimize such unexpected
behaviors, "no_radr" is set on all interfaces but $ipv6_cpe_wanif.
Approved by: re (bz)
| -rw-r--r-- | etc/defaults/rc.conf | 3 | ||||
| -rw-r--r-- | etc/network.subr | 6 | ||||
| -rwxr-xr-x | etc/rc.d/netoptions | 13 | ||||
| -rw-r--r-- | sys/netinet6/in6.h | 4 | ||||
| -rw-r--r-- | sys/netinet6/in6_proto.c | 5 | ||||
| -rw-r--r-- | sys/netinet6/ip6_var.h | 3 | ||||
| -rw-r--r-- | sys/netinet6/nd6_rtr.c | 10 |
7 files changed, 39 insertions, 5 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index d467eaa..d959f20 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -468,6 +468,9 @@ ipv6_static_routes="" # Set to static route list (or leave empty). # route toward loopback interface. #ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1" ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway. +ipv6_cpe_wanif="NO" # Set to the upstram interface name if this + # node will work as a router to forward IPv6 + # packets not explicitly addressed to itself. ipv6_privacy="NO" # Use privacy address on RA-receiving IFs # (RFC 4193) diff --git a/etc/network.subr b/etc/network.subr index 44a5892..ae3db56 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -113,6 +113,12 @@ ifconfig_up() ;; esac + case $ipv6_cpe_wanif in + $1) + _ipv6_opts="${_ipv6_opts} -no_radr accept_rtadv" + ;; + esac + if [ -n "${_ipv6_opts}" ]; then ifconfig $1 inet6 ${_ipv6_opts} fi diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index 09ed6ef..1547ade 100755 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -106,6 +106,19 @@ netoptions_inet6() ${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null ${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null fi + + case $ipv6_cpe_wanif in + ""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + ${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null + ${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null + ;; + *) + netoptions_init + echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}" + ${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null + ${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null + ;; + esac } load_rc_config $name diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h index 5b552c9..1040d90 100644 --- a/sys/netinet6/in6.h +++ b/sys/netinet6/in6.h @@ -614,7 +614,9 @@ struct ip6_mtuinfo { #define IPV6CTL_NO_RADR 48 /* No defroute from RA */ #define IPV6CTL_NORBIT_RAIF 49 /* Disable R-bit in NA on RA * receiving IF. */ -#define IPV6CTL_MAXID 50 +#define IPV6CTL_RFC6204W3 50 /* Accept defroute even when forwarding + enabled */ +#define IPV6CTL_MAXID 51 #endif /* __BSD_VISIBLE */ /* diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index e03e640..254ec88 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -399,6 +399,7 @@ VNET_DEFINE(int, ip6_defmcasthlim) = IPV6_DEFAULT_MULTICAST_HOPS; VNET_DEFINE(int, ip6_accept_rtadv) = 0; VNET_DEFINE(int, ip6_no_radr) = 0; VNET_DEFINE(int, ip6_norbit_raif) = 0; +VNET_DEFINE(int, ip6_rfc6204w3) = 0; VNET_DEFINE(int, ip6_maxfragpackets); /* initialized in frag6.c:frag6_init() */ VNET_DEFINE(int, ip6_maxfrags); /* initialized in frag6.c:frag6_init() */ VNET_DEFINE(int, ip6_log_interval) = 5; @@ -536,6 +537,10 @@ SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_NORBIT_RAIF, norbit_raif, CTLFLAG_RW, &VNET_NAME(ip6_norbit_raif), 0, "Always set 0 to R flag in ICMPv6 NA messages when accepting RA" " on the interface."); +SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_RFC6204W3, rfc6204w3, + CTLFLAG_RW, &VNET_NAME(ip6_rfc6204w3), 0, + "Accept the default router list from ICMPv6 RA messages even " + "when packet forwarding enabled."); SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, keepfaith, CTLFLAG_RW, &VNET_NAME(ip6_keepfaith), 0, ""); SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, log_interval, diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index dbfba9a..c9d35e0 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -319,6 +319,8 @@ VNET_DECLARE(int, ip6_accept_rtadv); /* Acts as a host not a router */ VNET_DECLARE(int, ip6_no_radr); /* No defroute from RA */ VNET_DECLARE(int, ip6_norbit_raif); /* Disable R-bit in NA on RA * receiving IF. */ +VNET_DECLARE(int, ip6_rfc6204w3); /* Accept defroute from RA even when + forwarding enabled */ VNET_DECLARE(int, ip6_keepfaith); /* Firewall Aided Internet Translator */ VNET_DECLARE(int, ip6_log_interval); VNET_DECLARE(time_t, ip6_log_time); @@ -332,6 +334,7 @@ VNET_DECLARE(int, ip6_dad_count); /* DupAddrDetectionTransmits */ #define V_ip6_accept_rtadv VNET(ip6_accept_rtadv) #define V_ip6_no_radr VNET(ip6_no_radr) #define V_ip6_norbit_raif VNET(ip6_norbit_raif) +#define V_ip6_rfc6204w3 VNET(ip6_rfc6204w3) #define V_ip6_keepfaith VNET(ip6_keepfaith) #define V_ip6_log_interval VNET(ip6_log_interval) #define V_ip6_log_time VNET(ip6_log_time) diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c index e791e2e..5352dd5 100644 --- a/sys/netinet6/nd6_rtr.c +++ b/sys/netinet6/nd6_rtr.c @@ -269,11 +269,13 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len) dr0.rtaddr = saddr6; dr0.flags = nd_ra->nd_ra_flags_reserved; /* - * Effectively-disable the route in the RA packet - * when ND6_IFF_NO_RADR on the receiving interface or - * ip6.forwarding=1. + * Effectively-disable routes from RA messages when + * ND6_IFF_NO_RADR enabled on the receiving interface or + * (ip6.forwarding == 1 && ip6.rfc6204w3 != 1). */ - if (ndi->flags & ND6_IFF_NO_RADR || V_ip6_forwarding) + if (ndi->flags & ND6_IFF_NO_RADR) + dr0.rtlifetime = 0; + else if (V_ip6_forwarding && !V_ip6_rfc6204w3) dr0.rtlifetime = 0; else dr0.rtlifetime = ntohs(nd_ra->nd_ra_router_lifetime); |
