tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] Setting IPv6 route advertisement accepting interfaces


On Mon, Jul 13, 2009 at 08:01:27AM +0900, Hiroki Sato wrote:
>  1) Add a part of ndp(8) functionality to ifconfig(8).  We have the
>     ndp(8) utility for changing IPv6 NDP parameters but it is more
>     reasonable that the per-interface parameters are handled by
>     ifconfig(8) for consistency.  More specifically, PERFORMNUD,
>     ACCEPT_RTADV, DISABLED, and default interface (ndp -I) should be
>     done by ifconfig(8) like "ifconfig le0 inet6 -accept_rtadv".

Well, it's not as easy as adding flags, but yeah. Alternatively,
we should use ndp in the startup scripts.

>  2) Use the existing sysctl net.inet6.ip6.accept_rtadv as the default
>     value of the corresponding per-IF flags, not a global knob.  The
>     accept_rtadv is set as 0 by default.

I wonder if that sysctl should be there at all. We should possibly
eliminate all related sysctls entirely if they're not required. ;-)

(Yeah, I know I was doing the opposite.)

>  3) Add (ip6.fowarding == 0 && ND6_IFF_ACCEPT_RTADV) check to
>     nd6_ra_input().  The other similar checks for if the node is
>     router or if the interface has ND6_IFF_ACCEPT_RTADV have been made
>     consistent wherever possible.  Especially when (ip6.forwarding ==
>     1) is true, ignore RAs regardless of ND6_IFF_ACCEPT_RTADV.

I'm not sure a global ip_forwarding ban is the right step either.
I mean, what's the problem with having a system which accepts a
default route on em0 and routes for people on em1?

This concept has holesâ

>  4) Remove IPV6CTL_ACCEPT_RTADV check in rtsold(8).

rtsold is a beast I'm turning my mind to later when I'm implementing
RFC5006 support (correctly). I'm somewhat tired of abusing mdns.

>  What do you think of this way?  I am using the patchset against a bit
>  old source tree for some time.  I can send it to you for the latest
>  source tree in a couple of days.

Yeah, why not? Sounds great.

But another question, do you have any existent procedures for
differenciating between "Calculate an address on that interface"
and "accept default routes on that interface"?

I don't mean default route preference but complete denial to learn
default routes on an interface.


Attachment: pgp0CB6eZU0do.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index