2017-11-27 15:37:16 +00:00
|
|
|
/*-
|
|
|
|
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
|
|
|
|
*
|
2009-09-12 22:08:20 +00:00
|
|
|
* Copyright (c) 2009 Hiroki Sato. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef lint
|
|
|
|
static const char rcsid[] =
|
|
|
|
"$FreeBSD$";
|
|
|
|
#endif /* not lint */
|
|
|
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
#include <net/if.h>
|
|
|
|
#include <net/route.h>
|
|
|
|
|
|
|
|
#include <err.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <ifaddrs.h>
|
|
|
|
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/in_var.h>
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <netdb.h>
|
|
|
|
|
|
|
|
#include <netinet6/nd6.h>
|
|
|
|
|
|
|
|
#include "ifconfig.h"
|
|
|
|
|
|
|
|
#define MAX_SYSCTL_TRY 5
|
Initial implementation of draft-ietf-6man-ipv6only-flag.
This change defines the RA "6" (IPv6-Only) flag which routers
may advertise, kernel logic to check if all routers on a link
have the flag set and accordingly update a per-interface flag.
If all routers agree that it is an IPv6-only link, ether_output_frame(),
based on the interface flag, will filter out all ETHERTYPE_IP/ARP
frames, drop them, and return EAFNOSUPPORT to upper layers.
The change also updates ndp to show the "6" flag, ifconfig to
display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
announcing the flag.
Further changes to tcpdump (contrib code) are availble and will
be upstreamed.
Tested the code (slightly earlier version) with 2 FreeBSD
IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
and with Win10 and OSX clients (which did not fall over with
the "6" flag set but not understood).
We may also want to (a) implement and RX filter, and (b) over
time enahnce user space to, say, stop dhclient from running
when the interface flag is set. Also we might want to start
IPv6 before IPv4 in the future.
All the code is hidden under the EXPERIMENTAL option and not
compiled by default as the draft is a work-in-progress and
we cannot rely on the fact that IANA will assign the bits
as requested by the draft and hence they may change.
Dear 6man, you have running code.
Discussed with: Bob Hinden, Brian E Carpenter
2018-10-30 20:08:48 +00:00
|
|
|
#ifdef DRAFT_IETF_6MAN_IPV6ONLY_FLAG
|
|
|
|
#define ND6BITS "\020\001PERFORMNUD\002ACCEPT_RTADV\003PREFER_SOURCE" \
|
|
|
|
"\004IFDISABLED\005DONT_SET_IFROUTE\006AUTO_LINKLOCAL" \
|
|
|
|
"\007NO_RADR\010NO_PREFER_IFACE\011NO_DAD" \
|
|
|
|
"\012IPV6_ONLY" \
|
|
|
|
"\020DEFAULTIF"
|
|
|
|
#else
|
2009-10-12 21:11:50 +00:00
|
|
|
#define ND6BITS "\020\001PERFORMNUD\002ACCEPT_RTADV\003PREFER_SOURCE" \
|
|
|
|
"\004IFDISABLED\005DONT_SET_IFROUTE\006AUTO_LINKLOCAL" \
|
2017-05-03 01:46:39 +00:00
|
|
|
"\007NO_RADR\010NO_PREFER_IFACE\011NO_DAD\020DEFAULTIF"
|
Initial implementation of draft-ietf-6man-ipv6only-flag.
This change defines the RA "6" (IPv6-Only) flag which routers
may advertise, kernel logic to check if all routers on a link
have the flag set and accordingly update a per-interface flag.
If all routers agree that it is an IPv6-only link, ether_output_frame(),
based on the interface flag, will filter out all ETHERTYPE_IP/ARP
frames, drop them, and return EAFNOSUPPORT to upper layers.
The change also updates ndp to show the "6" flag, ifconfig to
display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
announcing the flag.
Further changes to tcpdump (contrib code) are availble and will
be upstreamed.
Tested the code (slightly earlier version) with 2 FreeBSD
IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
and with Win10 and OSX clients (which did not fall over with
the "6" flag set but not understood).
We may also want to (a) implement and RX filter, and (b) over
time enahnce user space to, say, stop dhclient from running
when the interface flag is set. Also we might want to start
IPv6 before IPv4 in the future.
All the code is hidden under the EXPERIMENTAL option and not
compiled by default as the draft is a work-in-progress and
we cannot rely on the fact that IANA will assign the bits
as requested by the draft and hence they may change.
Dear 6man, you have running code.
Discussed with: Bob Hinden, Brian E Carpenter
2018-10-30 20:08:48 +00:00
|
|
|
#endif
|
2009-09-12 22:08:20 +00:00
|
|
|
|
|
|
|
static int isnd6defif(int);
|
|
|
|
void setnd6flags(const char *, int, int, const struct afswtch *);
|
|
|
|
void setnd6defif(const char *, int, int, const struct afswtch *);
|
2011-06-05 11:37:20 +00:00
|
|
|
void nd6_status(int);
|
2009-09-12 22:08:20 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
setnd6flags(const char *dummyaddr __unused,
|
|
|
|
int d, int s,
|
|
|
|
const struct afswtch *afp)
|
|
|
|
{
|
|
|
|
struct in6_ndireq nd;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
memset(&nd, 0, sizeof(nd));
|
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Use sizeof(destination) in a few places instead of IFNAMSIZ.
Cast afp->af_ridreq and afp->af_addreq to make the intent of
the code more obvious.
Reported by: Coverity
CID: 1009628, 1009630, 1009631, 1009632, 1009633, 1009635, 1009638
CID: 1009639, 1009640, 1009641, 1009642, 1009643, 1009644, 1009645
CID: 1009646, 1009647, 1010049, 1010050, 1010051, 1010052, 1010053
CID: 1010054, 1011293, 1011294, 1011295, 1011296, 1011297, 1011298
CID: 1011299, 1305821, 1351720, 1351721
MFC after: 1 week
2016-05-16 00:25:24 +00:00
|
|
|
strlcpy(nd.ifname, ifr.ifr_name, sizeof(nd.ifname));
|
2009-09-12 22:08:20 +00:00
|
|
|
error = ioctl(s, SIOCGIFINFO_IN6, &nd);
|
|
|
|
if (error) {
|
|
|
|
warn("ioctl(SIOCGIFINFO_IN6)");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (d < 0)
|
|
|
|
nd.ndi.flags &= ~(-d);
|
|
|
|
else
|
|
|
|
nd.ndi.flags |= d;
|
|
|
|
error = ioctl(s, SIOCSIFINFO_IN6, (caddr_t)&nd);
|
|
|
|
if (error)
|
|
|
|
warn("ioctl(SIOCSIFINFO_IN6)");
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
setnd6defif(const char *dummyaddr __unused,
|
|
|
|
int d, int s,
|
|
|
|
const struct afswtch *afp)
|
|
|
|
{
|
|
|
|
struct in6_ndifreq ndifreq;
|
|
|
|
int ifindex;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
memset(&ndifreq, 0, sizeof(ndifreq));
|
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Use sizeof(destination) in a few places instead of IFNAMSIZ.
Cast afp->af_ridreq and afp->af_addreq to make the intent of
the code more obvious.
Reported by: Coverity
CID: 1009628, 1009630, 1009631, 1009632, 1009633, 1009635, 1009638
CID: 1009639, 1009640, 1009641, 1009642, 1009643, 1009644, 1009645
CID: 1009646, 1009647, 1010049, 1010050, 1010051, 1010052, 1010053
CID: 1010054, 1011293, 1011294, 1011295, 1011296, 1011297, 1011298
CID: 1011299, 1305821, 1351720, 1351721
MFC after: 1 week
2016-05-16 00:25:24 +00:00
|
|
|
strlcpy(ndifreq.ifname, ifr.ifr_name, sizeof(ndifreq.ifname));
|
2009-09-12 22:08:20 +00:00
|
|
|
|
|
|
|
if (d < 0) {
|
|
|
|
if (isnd6defif(s)) {
|
|
|
|
/* ifindex = 0 means to remove default if */
|
|
|
|
ifindex = 0;
|
|
|
|
} else
|
|
|
|
return;
|
|
|
|
} else if ((ifindex = if_nametoindex(ndifreq.ifname)) == 0) {
|
|
|
|
warn("if_nametoindex(%s)", ndifreq.ifname);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
ndifreq.ifindex = ifindex;
|
|
|
|
error = ioctl(s, SIOCSDEFIFACE_IN6, (caddr_t)&ndifreq);
|
|
|
|
if (error)
|
|
|
|
warn("ioctl(SIOCSDEFIFACE_IN6)");
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
isnd6defif(int s)
|
|
|
|
{
|
|
|
|
struct in6_ndifreq ndifreq;
|
|
|
|
unsigned int ifindex;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
memset(&ndifreq, 0, sizeof(ndifreq));
|
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Use sizeof(destination) in a few places instead of IFNAMSIZ.
Cast afp->af_ridreq and afp->af_addreq to make the intent of
the code more obvious.
Reported by: Coverity
CID: 1009628, 1009630, 1009631, 1009632, 1009633, 1009635, 1009638
CID: 1009639, 1009640, 1009641, 1009642, 1009643, 1009644, 1009645
CID: 1009646, 1009647, 1010049, 1010050, 1010051, 1010052, 1010053
CID: 1010054, 1011293, 1011294, 1011295, 1011296, 1011297, 1011298
CID: 1011299, 1305821, 1351720, 1351721
MFC after: 1 week
2016-05-16 00:25:24 +00:00
|
|
|
strlcpy(ndifreq.ifname, ifr.ifr_name, sizeof(ndifreq.ifname));
|
2009-09-12 22:08:20 +00:00
|
|
|
|
|
|
|
ifindex = if_nametoindex(ndifreq.ifname);
|
|
|
|
error = ioctl(s, SIOCGDEFIFACE_IN6, (caddr_t)&ndifreq);
|
|
|
|
if (error) {
|
|
|
|
warn("ioctl(SIOCGDEFIFACE_IN6)");
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
return (ndifreq.ifindex == ifindex);
|
|
|
|
}
|
|
|
|
|
2011-06-05 11:37:20 +00:00
|
|
|
void
|
2009-09-12 22:08:20 +00:00
|
|
|
nd6_status(int s)
|
|
|
|
{
|
|
|
|
struct in6_ndireq nd;
|
|
|
|
int s6;
|
2009-10-12 21:11:50 +00:00
|
|
|
int error;
|
2011-06-05 11:37:20 +00:00
|
|
|
int isdefif;
|
2009-09-12 22:08:20 +00:00
|
|
|
|
|
|
|
memset(&nd, 0, sizeof(nd));
|
Use strlcpy() instead of strncpy() when copying ifname to ensure
that it is NUL terminated. Additional NUL padding is not required
for short names.
Use sizeof(destination) in a few places instead of IFNAMSIZ.
Cast afp->af_ridreq and afp->af_addreq to make the intent of
the code more obvious.
Reported by: Coverity
CID: 1009628, 1009630, 1009631, 1009632, 1009633, 1009635, 1009638
CID: 1009639, 1009640, 1009641, 1009642, 1009643, 1009644, 1009645
CID: 1009646, 1009647, 1010049, 1010050, 1010051, 1010052, 1010053
CID: 1010054, 1011293, 1011294, 1011295, 1011296, 1011297, 1011298
CID: 1011299, 1305821, 1351720, 1351721
MFC after: 1 week
2016-05-16 00:25:24 +00:00
|
|
|
strlcpy(nd.ifname, ifr.ifr_name, sizeof(nd.ifname));
|
2009-09-12 22:08:20 +00:00
|
|
|
if ((s6 = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
|
2013-07-03 09:50:59 +00:00
|
|
|
if (errno != EAFNOSUPPORT && errno != EPROTONOSUPPORT)
|
2012-05-11 20:01:45 +00:00
|
|
|
warn("socket(AF_INET6, SOCK_DGRAM)");
|
2009-09-12 22:08:20 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
error = ioctl(s6, SIOCGIFINFO_IN6, &nd);
|
|
|
|
if (error) {
|
2012-05-11 20:01:45 +00:00
|
|
|
if (errno != EPFNOSUPPORT)
|
|
|
|
warn("ioctl(SIOCGIFINFO_IN6)");
|
2009-09-12 22:08:20 +00:00
|
|
|
close(s6);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
isdefif = isnd6defif(s6);
|
|
|
|
close(s6);
|
|
|
|
if (nd.ndi.flags == 0 && !isdefif)
|
|
|
|
return;
|
2009-10-12 21:11:50 +00:00
|
|
|
printb("\tnd6 options",
|
|
|
|
(unsigned int)(nd.ndi.flags | (isdefif << 15)), ND6BITS);
|
|
|
|
putchar('\n');
|
2009-09-12 22:08:20 +00:00
|
|
|
}
|