In addition to the 'M' and 'O' scripts (for when 'Managed' and 'Other'
flags are set) also introduce an 'always' script that is called for any
router advertisement (so even if M and O are not set).
This is primarly useful for systems like pfSense that wish to be
informed of routers for further system configuration.
See also https://redmine.pfsense.org/issues/14072
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39931
In accordance with a SHOULD in RFC 4861, rtsol and rtsold wait a
random time between zero and one (aka MAX_RTR_SOLICITATION_DELAY)
seconds before sending a Router Solicitation, in order to avoid
network congestion if many hosts come online at once. (The
question of how many hosts would be required to cause congestion
by each sending a single packet on a Gbps+ network is left to the
reader.)
The new option -i disables this wait and instructs rtsol and rtsold
to send the Router Solicitation immediately.
Reviewed by: bz, kp (earlier version)
MFC after: 1 week
Relnotes: yes
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D32956
rtsold works fine for point to point interfaces in manual mode but will
not auto-probe them.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31517
While we do support the "O bit" running a script (usually to start a
dhcpv6 client) we have no options for setups which set the "M bit" for,
e.g., static address assignment as in EC2.
Duplicate most of the "O bit" logic to also start a script for the
"M bit" with the one difference: if the "M bit" is set we will not
start the script for the "O bit" as well (per RFC 4861, Section 4.2).
Reviewed by: hrs, markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D26099
This ensures that the program name is included in the output, which
makes it easy to identify the source of error messages printed
during boot.
MFC after: 1 week
These programs parse ND6 Router Advertisement messages; rtsold(8) has
required an SA, SA-14:20.rtsold, for a bug in this code. Thus, they
are good candidates for sandboxing.
The approach taken is to run the main executable in capability mode
and use Casper services to provide functionality that cannot be
implemented within the sandbox. In particular, several custom services
were required.
- A Casper service is used to send Router Solicitation messages on a
raw ICMP6 socket. Initially I took the approach of creating a
socket for each interface upon startup, and connect(2)ing it to
the all-routers multicast group for the interface. This permits
the use of sendmsg(2) in capability mode, but only works if the
interface's link is up when rtsol(d) starts. So, instead, the
rtsold.sendmsg service is used to transmit RS messages on behalf
of the main process. One could alternately define a service
which simply creates and connects a socket for each destination
address, and returns the socket to the sandboxed process. However,
to implement rtsold's -m option we also need to read the ND6 default
router list, and this cannot be done in capability mode.
- rtsold may execute resolvconf(8) in response to RDNSS and DNSSL
options in received RA messages. A Casper service is used to
fork and exec resolvconf(8), and to reap the child process.
- A service is used to determine whether a given interface's
link-local address is useable (i.e., not duplicated or undergoing
DAD). This information is supplied by getifaddrs(3), which reads
a sysctl not available in capability mode. The SIOCGIFCONF socket
ioctl provides equivalent information and can be used in capability
mode, but I decided against it for now because of some limitations
of that interface.
In addition to these new services, cap_syslog(3) is used to send
messages to syslogd.
Reviewed by: oshogbo
Tested by: bz (previous versions)
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17572
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
This is rather pedantic, as for most architectures it holds that
sizeof(type *) == sizeof(type **)
Found by: clang static analyzer
Reviewed by: ed
Differential Revision: https://reviews.freebsd.org/D4722
- Remove -a from the usage message example dealing with specific
interfaces. -a only makes sense when not specifying an interface,
such that it's to be run on all interfaces
- Fix the pidfile option (it's -p, not -P)
- Change `interfaces` to `interface` to match the manpage
MFC after: 3 days
PR: 173744
Sponsored by: EMC / Isilon Storage Division
PF_INET6 in kernel. This fixes various malfunction when the wall time
clock is changed. Bump __FreeBSD_version to 1000041.
- Use clock_gettime(CLOCK_MONOTONIC_FAST) in userland utilities.
MFC after: 1 month
- Add -u option to enable adding :[RA-source-address] to the interface id.
(r223149)
- s/INET6_ADDRSTRLEN/sizeof(ntopbuf)/ (r223149)
- Fix a bug that can prevent -D from being overridden by -d. (r223149)
- /-P pidfile/-p pidfile/ for consistency with rtadvd(8). (r223149)
- Fix -F flag handling to support receiving RAs even when ip6.forwarding=1.
(r225150)
Approved by: re (kib)
RFC 4861 6.3.4 clearly defines handling multiple RAs in this way.
- RDNSS/DNSSL options from multiple RAs on a single link will be
gathered and sent to resolvconf(8).
- Call "resolvconf -d" only after at least one RDNSS or DNSSL option is
received and then all of them are expired.
- The rtsold.dump output now supports displaying a list of the RA options.
- Use more human-readable expression for logging values of struct timeval.
Discussed with: ume
Options for DNS Configuration) into rtadvd(8) and rtsold(8). DNS
information received by rtsold(8) will go to resolv.conf(5) by
resolvconf(8) script. This is based on work by J.R. Oldroyd (kern/156259)
but revised extensively[1].
- rtadvd(8) now supports "noifprefix" to disable gathering on-link prefixes
from interfaces when no "addr" is specified[2]. An entry in rtadvd.conf
with "noifprefix" + no "addr" generates an RA message with no prefix
information option.
- rtadvd(8) now supports RTM_IFANNOUNCE message to fix crashes when an
interface is added or removed.
- Correct bogus ND_OPT_ROUTE_INFO value to one in RFC 4191.
Reviewed by: bz[1]
PR: kern/156259 [1]
PR: bin/152458 [2]
the interface wake up. it can be started anytime even when there is
no network interface on the list of intarfaces in the kernel.
- get a correct link ID for each interface at initialization
(using scope libraries if HAVE_SCOPELIB is defined).
- fill in sin6_scope_id correctly before sendmsg().
Obtained from: KAME
MFC after: 1 week
If the value of OtherConfigFlag changes from FALSE to TRUE, the
host should invoke the stateful autoconfiguration protocol,
requesting information.
[RFC 2462 Section 5.5.3]
Obtained from: KAME
MFC after: 1 week
