- INET6_ADDRSTRLEN does not include \0.

- Add link-local scope check for received RA messages.  RFC 4861 Section 6.1.2
  requires this.
- Refer RFC 4861 instead of obsoleted RFC 2461.

4 files changed, 56 insertions, 11 deletions

diff --git a/usr.sbin/rtadvd/config.c b/usr.sbin/rtadvd/config.c
index 2909c87..ace2b07 100644
--- a/usr.sbin/rtadvd/config.c
+++ b/usr.sbin/rtadvd/config.c
@@ -269,7 +269,7 @@ getconfig(char *intface)
 	}
 	/*
 	 * Basically, hosts MUST NOT send Router Advertisement messages at any
-	 * time (RFC 2461, Section 6.2.3). However, it would sometimes be
+	 * time (RFC 4861, Section 6.2.3). However, it would sometimes be
 	 * useful to allow hosts to advertise some parameters such as prefix
 	 * information and link MTU. Thus, we allow hosts to invoke rtadvd
 	 * only when router lifetime (on every advertising interface) is
diff --git a/usr.sbin/rtadvd/rtadvd.8 b/usr.sbin/rtadvd/rtadvd.8
index 7bc3064..3f0f2d4 100644
--- a/usr.sbin/rtadvd/rtadvd.8
+++ b/usr.sbin/rtadvd/rtadvd.8
@@ -103,7 +103,7 @@ will not watch the routing table and the whole functionality described
 above will be suppressed.
 .Pp
 Basically, hosts MUST NOT send Router Advertisement messages at any
-time (RFC 2461, Section 6.2.3).
+time (RFC 4861, Section 6.2.3).
 However, it would sometimes be useful to allow hosts to advertise some
 parameters such as prefix information and link MTU.
 Thus,
@@ -176,7 +176,7 @@ In this case,
 .Nm
 will transmit router advertisement with router lifetime 0
 to all the interfaces
-.Pq in accordance with RFC2461 6.2.5 .
+.Pq in accordance with RFC 4861 6.2.5 .
 .Sh FILES
 .Bl -tag -width Pa -compact
 .It Pa /etc/rtadvd.conf
@@ -193,6 +193,34 @@ dumps its internal state.
 .Sh SEE ALSO
 .Xr rtadvd.conf 5 ,
 .Xr rtsol 8
+.Rs
+.%A Thomas Narten
+.%A Erik Nordmark
+.%A W. A. Simpson
+.%A Hesham Soliman
+.%T Neighbor Discovery for IP version 6 (IPv6)
+.%R RFC 4861
+.Re
+.Rs
+.%A Thomas Narten
+.%A Erik Nordmark
+.%A W. A. Simpson
+.%T Neighbor Discovery for IP version 6 (IPv6)
+.%R RFC 2461 (obsoleted by RFC 4861)
+.Re
+.Rs
+.%A Richard Draves
+.%T Default Router Preferences and More-Specific Routes
+.%R draft-ietf-ipngwg-router-selection-xx.txt
+.Re
+.Rs
+.%A J. Jeong
+.%A S. Park
+.%A L. Beloeil
+.%A S. Madanapalli
+.%T IPv6 Router Advertisement Options for DNS Configuration
+.%R RFC 6106
+.Re
 .Sh HISTORY
 The
 .Nm
diff --git a/usr.sbin/rtadvd/rtadvd.c b/usr.sbin/rtadvd/rtadvd.c
index bca5c9e..41674bc 100644
--- a/usr.sbin/rtadvd/rtadvd.c
+++ b/usr.sbin/rtadvd/rtadvd.c
@@ -430,7 +430,7 @@ rtmsg_input(void)
 	struct prefix *prefix;
 	struct rainfo *rai;
 	struct in6_addr *addr;
-	char addrbuf[INET6_ADDRSTRLEN];
+	char addrbuf[INET6_ADDRSTRLEN + 1];
 	int prefixchange = 0;
 
 	n = read(rtsock, msg, sizeof(msg));
@@ -726,7 +726,7 @@ rtadvd_input(void)
 	switch (icp->icmp6_type) {
 	case ND_ROUTER_SOLICIT:
 		/*
-		 * Message verification - RFC-2461 6.1.1
+		 * Message verification - RFC 4861 6.1.1
 		 * XXX: these checks must be done in the kernel as well,
 		 *      but we can't completely rely on them.
 		 */
@@ -764,9 +764,18 @@ rtadvd_input(void)
 		break;
 	case ND_ROUTER_ADVERT:
 		/*
-		 * Message verification - RFC-2461 6.1.2
+		 * Message verification - RFC 4861 6.1.2
 		 * XXX: there's the same dilemma as above...
 		 */
+		if (!IN6_IS_ADDR_LINKLOCAL(&rcvfrom.sin6_addr)) {
+			syslog(LOG_NOTICE,
+			    "<%s> RA witn non-linklocal source address "
+			    "received from %s on %s",
+			    __func__, inet_ntop(AF_INET6, &rcvfrom.sin6_addr,
+			    ntopbuf, INET6_ADDRSTRLEN),
+			    if_indextoname(pi->ipi6_ifindex, ifnamebuf));
+			return;
+		}
 		if (*hlimp != 255) {
 			syslog(LOG_NOTICE,
 			    "<%s> RA with invalid hop limit(%d) "
@@ -857,7 +866,7 @@ rs_input(int len, struct nd_router_solicit *rs,
 	/*
 	 * If the IP source address is the unspecified address, there
 	 * must be no source link-layer address option in the message.
-	 * (RFC-2461 6.1.1)
+	 * (RFC 4861 6.1.1)
 	 */
 	if (IN6_IS_ADDR_UNSPECIFIED(&from->sin6_addr) &&
 	    ndopts.nd_opts_src_lladdr) {
@@ -925,7 +934,7 @@ set_short_delay(struct rainfo *rai)
 	 * corresponds to a time later than the time the next
 	 * multicast RA is scheduled to be sent, ignore the random
 	 * delay and send the advertisement at the
-	 * already-scheduled time. RFC-2461 6.2.6
+	 * already-scheduled time. RFC 4861 6.2.6
 	 */
 #ifdef HAVE_ARC4RANDOM
 	delay = arc4random_uniform(MAX_RA_DELAY_TIME);
@@ -994,7 +1003,7 @@ ra_input(int len, struct nd_router_advert *ra,
 	}
 
 	/*
-	 * RA consistency check according to RFC-2461 6.2.7
+	 * RA consistency check according to RFC 4861 6.2.7
 	 */
 	if ((rai = if_indextorainfo(pi->ipi6_ifindex)) == 0) {
 		syslog(LOG_INFO,
@@ -1695,7 +1704,7 @@ ra_timer_update(void *data, struct timeval *tm)
 	 * MAX_INITIAL_RTR_ADVERTISEMENTS), if the randomly chosen interval
 	 * is greater than MAX_INITIAL_RTR_ADVERT_INTERVAL, the timer
 	 * SHOULD be set to MAX_INITIAL_RTR_ADVERT_INTERVAL instead.
-	 * (RFC-2461 6.2.4)
+	 * (RFC 4861 6.2.4)
 	 */
 	if (rai->initcounter < MAX_INITIAL_RTR_ADVERTISEMENTS &&
 	    interval > MAX_INITIAL_RTR_ADVERT_INTERVAL)
diff --git a/usr.sbin/rtadvd/rtadvd.conf.5 b/usr.sbin/rtadvd/rtadvd.conf.5
index fcf887f..dee1b10 100644
--- a/usr.sbin/rtadvd/rtadvd.conf.5
+++ b/usr.sbin/rtadvd/rtadvd.conf.5
@@ -481,8 +481,16 @@ ef0:\\
 .%A Thomas Narten
 .%A Erik Nordmark
 .%A W. A. Simpson
+.%A Hesham Soliman
 .%T Neighbor Discovery for IP version 6 (IPv6)
-.%R RFC 2461
+.%R RFC 4861
+.Re
+.Rs
+.%A Thomas Narten
+.%A Erik Nordmark
+.%A W. A. Simpson
+.%T Neighbor Discovery for IP version 6 (IPv6)
+.%R RFC 2461 (obsoleted by RFC 4861)
 .Re
 .Rs
 .%A Richard Draves