| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Add link-layer address option in RA even for IFT_L2VLAN and IFT_BRIDGE.
Reported by: philip
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r299513 (by cem):
rtadvd(8): Don't use-after-free
This whole block of code as committed fully formed in r224144. I'm not really
sure what the intent was, but it seems plausible that !persist ifis could need
other member cleanup. Don't free the object until after we've finished
cleaning its members.
CID: 1006079
r299515 (by cem):
rtadvd(8): Fix use-after-close in cm_handler_client
cm_send() closes 'fd' on error. In that case, bail out early without trying to
recv from or close 'fd' again.
CID: 1006078
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r299507 (by cem):
rtadvd(8): Fix a typo in full msg receive logic
Check against the size of the struct, not the pointer. Previously, a message
with a cm_len between 9 and 23 (inclusive) could cause int msglen to underflow
and read(2) to be invoked with msglen size (implicitly cast to signed),
overrunning the caller-provided buffer.
All users of cm_recv() supply a stack buffer.
On the other hand, the rtadvd control socket appears to only be writable by the
owner, who is probably root.
While here, correct some types to be size_t or ssize_t.
CID: 1008477
Security: unix socket remotes may overflow stack in rtadvd
|
| |
|
|
|
|
|
|
|
| |
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Reported by: Coverity
CID: 974860, 1009972, 1009973
|
| |
|
|
| |
Use strlcpy().
|
| |
|
|
|
| |
Now that we own the code, use arc4random(3) unconditionally
and remove the corresponding HAVE_ARC4RANDOM conditions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following -Werror warnings from clang 3.5.0, while building
usr.sbin/rtadvd:
usr.sbin/rtadvd/rtadvd.c:1291:7: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
abs(preferred_time - pfx->pfx_pltimeexpire) > rai->rai_clockskew) {
^
usr.sbin/rtadvd/rtadvd.c:1291:7: note: remove the call to 'abs' since unsigned values cannot be negative
abs(preferred_time - pfx->pfx_pltimeexpire) > rai->rai_clockskew) {
^~~
usr.sbin/rtadvd/rtadvd.c:1324:7: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value]
abs(valid_time - pfx->pfx_vltimeexpire) > rai->rai_clockskew) {
^
usr.sbin/rtadvd/rtadvd.c:1324:7: note: remove the call to 'abs' since unsigned values cannot be negative
abs(valid_time - pfx->pfx_vltimeexpire) > rai->rai_clockskew) {
^~~
2 errors generated.
These warnings occur because both preferred_time and pfx_pltimeexpire
are uint32_t's, so the subtraction expression is also unsigned, and
calling abs() is a no-op.
However, the intention was to look at the absolute difference between
the two unsigned quantities. Introduce a small static function to
clarify what we're doing, and call that instead.
Reviewed by: hrs
Differential Revision: https://reviews.freebsd.org/D1197
|
| |
|
|
| |
Spotted by: rpaulo
|
| |
|
|
| |
Spotted by: des
|
| |
|
|
|
|
|
|
|
| |
the prefix to the interface's prefix list. This shouldn't make a
difference, since rtadvd(8) is single-threaded, but I've seen it crash
in delete_prefix() with pfx_rainfo == NULL, and this is the only place
where a prefix can be added to the list with a NULL pfx_rainfo.
MFC after: 3 days
|
| | |
|
| |
|
|
|
|
|
|
|
| |
PF_INET6 in kernel. This fixes various malfunction when the wall time
clock is changed. Bump __FreeBSD_version to 1000041.
- Use clock_gettime(CLOCK_MONOTONIC_FAST) in userland utilities.
MFC after: 1 month
|
| |
|
|
|
|
|
| |
- Add a check for ifindex to if_indextoifinfo(). It returns NULL when
if_indextoname() fails.
MFC after: 3 days
|
| | |
|
| |
|
|
| |
Obtained From: DragonFlyBSD (commit 66e72101cc32272ae370b895ca3d9e3e99c5c3a8)
|
| |
|
|
|
| |
This can happen in a short period when a prefix is changed by a rtmsg and a
new interface arrives.
|
| |
|
|
|
|
|
|
| |
- Document the -C option.
- Allow rtadvd to be invoked without any interfaces on the command line,
and document that possibility.
MFC after: 1 week
|
| |
|
|
|
|
|
| |
PR: 168016
Submitted by: Nobuyuki Koganemaru
Approved by: gjb
MFC after: 3 days
|
| |
|
|
|
|
|
| |
Disussed with: gavin
No objection from: doc
Approved by: joel
MFC after: 3 days
|
| |
|
|
| |
Reviewed by: brueffer
|
| | |
|
| |
|
|
|
|
|
|
|
| |
clean-up RA messages for shutting down. The RA timers could prevent the rtadvd
daemon from shutting down because ra_output() just ignored !IFF_UP interfaces
and TRANSITIVE->UNCONFIGURED state transition never happened due to it.
Spotted by: kib
Approved by: re (bz)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix an abnormal termination caused by twice of "rtadvctl disable". (r224303)
- Use poll() to wait for the control message socket instead of a spin loop.
(r224304)
- s/cmsg_/cm_/ to avoid conflict with CMSG_* symbols for struct cmsghdr.
(r224619)
- Ignore an interface that never sent RAs for graceful shut-down. (r224620)
- Refine log messages. (r225148)
- Fix SIGSEGV when receiving RAs that contain RDNSS and/or DNSSL options.
(r225149)
Approved by: re (kib)
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
added/removed interfaces in a more consistent manner and reloading the
configuration file.
- Implement burst unsolicited RA sending into the internal RA timer framework
when AdvSendAdvertisements and/or configuration entries are changed as
described in RFC 4861 6.2.4. This fixes issues that make termination of the
rtadvd(8) daemon take very long time.
An interface now has three internal states, UNCONFIGURED, TRANSITIVE, or
CONFIGURED, and the burst unsolicited sending happens in TRANSITIVE.
See rtadvd.h for the details.
- rtadvd(8) now accepts non-existent interfaces as well in the command line.
- Add control socket support and rtadvctl(8) utility to show the RA information
in rtadvd(8). Dumping by SIGUSR1 has been removed in favor of it.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
added/removed interfaces in a more consistent manner and reloading
the configuration file.
- Add initial support for control socket. RA information in the
daemon can be obtained by rtadvctl(8) instead of SIGUSR1 in a similar
manner to ifconfig(8). The information dump has been removed in favor of it.
(reload the configuration file)
# rtadvctl reload
(show RA messages being sent on each interfaces)
# rtadvctl show
em0: flags=<UP,CONFIGURED,PERSIST> status=<RA_SEND> mtu 1280
DefaultLifetime: 30m
MinAdvInterval/MaxAdvInterval: 3m20s/3m20s
AdvLinkMTU: <none>, Flags: O, Preference: medium
ReachableTime: 0s, RetransTimer: 0s, CurHopLimit: 64
AdvIfPrefixes: yes
(show RA messages being sent only on em0)
# rtadvctl show em0
(rtadvctl -v show provides additional information)
# rtadvctl -v show em0
em0: flags=<UP,CONFIGURED,PERSIST> status=<RA_SEND> mtu 1280
DefaultLifetime: 30m
MinAdvInterval/MaxAdvInterval: 3m20s/3m20s
AdvLinkMTU: <none>, Flags: O, Preference: medium
ReachableTime: 0s, RetransTimer: 0s, CurHopLimit: 64
AdvIfPrefixes: yes
Prefixes (1):
2001:db8:1::/64 (CONFIG, vltime=30d, pltime=7d, flags=LA)
RDNSS entries:
2001:db8:1::128 (ltime=2m40s)
(stop rtadvd)
# rtadvctl shutdown
A remaining issue when reloading the configuration file is that
during that period rtadvd cannot communicate with rtadvctl due to some
additional RA sending for graceful shutdown. This will be fixed later.
|
| | |
| |
| |
| | |
- Fix WARNS.
|
| | |\ |
|
| | | \ | |
| | | \ | |
| | |\ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
IFF_ND6_ACCEPT_RTADV, and net.inet6.ip6.forwarding.
ra_output:
(lifetime == 0) = output
(lifetime != 0 && (ACCEPT_RTADV || !ip6.forwarding) = no output
ra_input:
ACCEPT_RTADV = input
!ACCEPT_RTADV = no input
Note that the current implementation sends RAs with zero-lifetime even if
ip6.forwarding == 0. This behavior is derived from KAME and different from
RFC 4861.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
interface addition/removal via RTM_IFANNOUNCE message and update the internal
structure.
TO BE FIXED:
The advertising interface list still depends on the command line argument.
The configuration file cannot be reloaded.
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
interfaces, not in the routing table actually.
PR: bin/152458
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
prefixes from the kernel's routing table. A rtadvd.conf with "noonlinkprefix"
+ no "addr" generates an RA message with no prefix information option.
PR: bin/152458
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
made the logic behind them unnecessarily complicated. This change is
a preparation to add support of dynamically-added/removed interfaces and the
link status changes in a more reliable way. Changes include:
- Use queue(3) for linked-list manipulation.
- Use consistent variable names.
- Use (AF_INET6, s, d, sizeof(d)) instead of (AF_INET6, s, a, INET6_ADDRSTRLEN)
for inet_ntop().
- style(9) fixes.
No functional change in this commit.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Add link-local scope check for received RA messages. RFC 4861 Section 6.1.2
requires this.
- Refer RFC 4861 instead of obsoleted RFC 2461.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
- Use IFNAMSIZ for an interface name.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Fix 8-octet boundary calculation. Extra 8 octets were added when it was
already on an 8-octet boundary.
- Typos and style(9) fixes.
Submitted by: bz
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
no '\0' in the search list and/or invalid length field.
- NI_MAXHOST is defined including \0.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Each label can have 63 octets at most, and the length of whole domain name
is limited to NI_MAXHOST.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Style(9).
- Define sin6_{linklocal,sitelocal}_all{nodes,routers} vars consistently.
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS
information received by rtsold(8) will go to resolv.conf(5) by
resolvconf(8) script. Lifetime handling is not supported at this
moment.
Note: when receiving a link-local scope address rtsold(8) adds a scope
id into addresses in the script arguments based on the received
interface in a representation defined in RFC 4007 (e.g. fe80::1%bge0).
However, there are some shell scripts using printf(1) (including
resolvconf(8)) cannot process it properly because printf(1) can
recognize the character % as special.
Based on work by: J.R. Oldroyd
PR: kern/156259
|
| | |_|/
|/| | |
|
| | |/
|/| |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
- Fix a missing back pointer assignment in struct prefix to struct rainfo
when addr="" is specified. This caused SIGSEGV.
- Insert a prefix element to a tail queue after setting parameters.
|
| | | |
|
| | |
| |
| |
| |
| | |
Submitted by: dim
Pointy hat to: hrs
|
