Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src make IPV6_BINDV6ONLY setsockopt available. it controls beha...
details: https://anonhg.NetBSD.org/src/rev/0dcc7f887cf9
branches: trunk
changeset: 480189:0dcc7f887cf9
user: itojun <itojun%NetBSD.org@localhost>
date: Thu Jan 06 06:41:18 2000 +0000
description:
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of
AF_INET6 wildcard listening socket. heavily documented in ip6(4).
net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports
IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
diffstat:
lib/libc/gen/sysctl.3 | 16 ++++++-
share/man/man4/ip6.4 | 71 +++++++++++++++++++++++++++++-------
sys/netinet/udp_usrreq.c | 16 +++++++-
sys/netinet6/in6.h | 29 +++++++++++---
sys/netinet6/in6_pcb.c | 90 ++++++++++++++++++++++++++++++++++++++++++----
sys/netinet6/in6_proto.c | 13 ++++++-
sys/netinet6/ip6_input.c | 11 ++++-
sys/netinet6/ip6_output.c | 22 ++++++++++-
sys/netinet6/ip6_var.h | 5 ++-
usr.sbin/sysctl/sysctl.8 | 3 +-
10 files changed, 233 insertions(+), 43 deletions(-)
diffs (truncated from 557 to 300 lines):
diff -r 52ce672d964c -r 0dcc7f887cf9 lib/libc/gen/sysctl.3
--- a/lib/libc/gen/sysctl.3 Thu Jan 06 06:24:29 2000 +0000
+++ b/lib/libc/gen/sysctl.3 Thu Jan 06 06:41:18 2000 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: sysctl.3,v 1.45 2000/01/06 03:43:03 itojun Exp $
+.\" $NetBSD: sysctl.3,v 1.46 2000/01/06 06:41:18 itojun Exp $
.\"
.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
@@ -752,8 +752,9 @@
.It ip6 defmcasthlim integer yes
.It ip6 gif_hlim integer yes
.It ip6 kame_version string no
-.It ip6 use_deprecated integer yes
-.It ip6 rr_prune integer yes
+.It ip6 use_deprecated integer yes
+.It ip6 rr_prune integer yes
+.It ip6 bindv6only integer yes
.It icmp6 rediraccept integer yes
.It icmp6 redirtimeout integer yes
.It icmp6 errratelimit integer yes
@@ -849,6 +850,15 @@
.It Li ip6.rr_prune
The variable specifies interval between IPv6 router renumbering prefix
babysitting, in seconds.
+.It Li ip6.bindv6only
+The variable specifies initial value for
+.Dv IPV6_BINDV6ONLY
+socket option for
+.Dv AF_INET6
+socket.
+Please refer to
+.Xr ip6 4
+for detail.
.It Li icmp6.rediraccept
If set to non-zero, the host will accept ICMPv6 redirect packets.
Note that IPv6 routers will never accept ICMPv6 redirect packets,
diff -r 52ce672d964c -r 0dcc7f887cf9 share/man/man4/ip6.4
--- a/share/man/man4/ip6.4 Thu Jan 06 06:24:29 2000 +0000
+++ b/share/man/man4/ip6.4 Thu Jan 06 06:41:18 2000 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: ip6.4,v 1.2 1999/12/22 06:51:15 itojun Exp $
+.\" $NetBSD: ip6.4,v 1.3 2000/01/06 06:41:18 itojun Exp $
.\"
.\" Copyright (C) 1999 WIDE Project.
.\" All rights reserved.
@@ -58,7 +58,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" KAME Id: ip6.4,v 1.6 1999/12/22 06:49:12 itojun Exp
+.\" KAME Id: ip6.4,v 1.7 2000/01/06 06:00:30 itojun Exp
.\"
.Dd December 17, 1999
.Dt IP6 4
@@ -228,18 +228,55 @@
.Fa mreq6
contains the same values as used to add the membership.
Memberships are dropped when the socket is closed or the process exits.
+.\" .Pp
+.\" .Dv IPV6_PORTRANGE
+.\" controls how ephemeral ports are allocated for
+.\" .Dv SOCK_STREAM
+.\" and
+.\" .Dv SOCK_DGRAM
+.\" sockets.
+.\" For example,
+.\" .Bd -literal -offset indent
+.\" int range = IPV6_PORTRANGE_LOW; /* see <netinet/in.h> */
+.\" setsockopt(s, IPPROTO_IPV6, IPV6_PORTRANGE, &range, sizeof(range));
+.\" .Ed
.Pp
-.Dv IPV6_PORTRANGE
-controls how ephemeral ports are allocated for
-.Dv SOCK_STREAM
+.Dv IPV6_BINDV6ONLY
+controls behavior of
+.Dv AF_INET6
+wildcard listening socket.
+The following example sets the option to 1:
+.Bd -literal -offset indent
+int on = 1;
+setsockopt(s, IPPROTO_IPV6, IPV6_BINDV6ONLY, &on, sizeof(on));
+.Ed
+.Pp
+If set to 1,
+.Dv AF_INET6
+wildcard listening socket will accept IPv6 traffic only.
+If set to 0, it will accept IPv4 traffic as well,
+as if it was from IPv4 mapped address like
+.Li ::ffff:10.1.1.1 .
+.\" RFC2553 defines the behavior when the variable is set to 0.
+Note that if you set it this to 0,
+IPv4 access control gets much more complicated.
+For example, even if you have no listening
+.Dv AF_INET
+listening socket on port
+.Li X ,
+you will end up accepting IPv4 traffic by
+.Dv AF_INET6
+listening socket on the same port.
+The default value for this flag is copied at socket instantiation time,
+from
+.Li net.inet6.ip6.bindv6only
+.Xr sysctl 3
+variable.
+The option affects
+.Tn TCP
and
-.Dv SOCK_DGRAM
-sockets.
-For example,
-.Bd -literal -offset indent
-int range = IPV6_PORTRANGE_LOW; /* see <netinet/in.h> */
-setsockopt(s, IPPROTO_IPV6, IPV6_PORTRANGE, &range, sizeof(range));
-.Ed
+.Tn UDP
+sockets only.
.\"
.Ss Advanced IPv6 sockets API
The advanced IPv6 sockets API lets userland programs specify or obtain
@@ -648,9 +685,13 @@
.Sh STANDARDS
Most of the socket options are defined in
RFC2292 and/or RFC2553.
-.Dv IPV6_PORTRANGE
-and conflict resolution rule
-is not defined in the RFCs and should be considered implementation dependent.
+.\" .Dv IPV6_PORTRANGE ,
+.Dv IPV6_BINDV6ONLY
+and
+conflict resolution rule
+are not defined in the RFCs and should be considered implementation dependent.
+.\" .Dv IPV6_BINDV6ONLY
+.\" is supplied on KAME/NetBSD only.
.\"
.Sh HISTORY
The implementation is based on KAME stack
diff -r 52ce672d964c -r 0dcc7f887cf9 sys/netinet/udp_usrreq.c
--- a/sys/netinet/udp_usrreq.c Thu Jan 06 06:24:29 2000 +0000
+++ b/sys/netinet/udp_usrreq.c Thu Jan 06 06:41:18 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: udp_usrreq.c,v 1.54 1999/12/22 04:03:01 itojun Exp $ */
+/* $NetBSD: udp_usrreq.c,v 1.55 2000/01/06 06:41:19 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -765,11 +765,25 @@
&& !in6_mcmatch(in6p, dst6, m->m_pkthdr.rcvif))
continue;
}
+#ifndef INET6_BINDV6ONLY
+ else {
+ if (IN6_IS_ADDR_V4MAPPED(dst6)
+ && (in6p->in6p_flags & IN6P_BINDV6ONLY))
+ continue;
+ }
+#endif
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, src6)
|| in6p->in6p_fport != *sport)
continue;
}
+#ifndef INET6_BINDV6ONLY
+ else {
+ if (IN6_IS_ADDR_V4MAPPED(src6)
+ && (in6p->in6p_flags & IN6P_BINDV6ONLY))
+ continue;
+ }
+#endif
last = in6p;
udp6_sendup(m, off, (struct sockaddr *)src,
diff -r 52ce672d964c -r 0dcc7f887cf9 sys/netinet6/in6.h
--- a/sys/netinet6/in6.h Thu Jan 06 06:24:29 2000 +0000
+++ b/sys/netinet6/in6.h Thu Jan 06 06:41:18 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in6.h,v 1.7 1999/12/13 15:17:22 itojun Exp $ */
+/* $NetBSD: in6.h,v 1.8 2000/01/06 06:41:19 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -521,21 +521,34 @@
#define IPV6CTL_KAME_VERSION 20
#define IPV6CTL_USE_DEPRECATED 21 /* use deprecated addr (RFC2462 5.5.4) */
#define IPV6CTL_RR_PRUNE 22 /* walk timer for router renumbering */
-#ifdef MAPPED_ADDR_ENABLED
+#if (defined(__FreeBSD__) && __FreeBSD__ >= 3)
#define IPV6CTL_MAPPED_ADDR 23
-#endif /* MAPPED_ADDR_ENABLED */
+#endif
+#if defined(__NetBSD__)
+#define IPV6CTL_BINDV6ONLY 24
+#endif
/* New entries should be added here from current IPV6CTL_MAXID value. */
-#define IPV6CTL_MAXID 24
+#define IPV6CTL_MAXID 25
-#ifdef MAPPED_ADDR_ENABLED
+#ifdef IPV6CTL_MAPPED_ADDR
#define IPV6CTL_NAMES_MAPPED_ADDR "mapped_addr"
#define IPV6CTL_TYPE_MAPPED_ADDR CTLTYPE_INT
#define IPV6CTL_VARS_MAPPED_ADDR &ip6_mapped_addr_on
-#else /* MAPPED_ADDR_ENABLED */
+#else
#define IPV6CTL_NAMES_MAPPED_ADDR 0
#define IPV6CTL_TYPE_MAPPED_ADDR 0
#define IPV6CTL_VARS_MAPPED_ADDR 0
-#endif /* MAPPED_ADDR_ENABLED */
+#endif
+
+#ifdef IPV6CTL_BINDV6ONLY
+#define IPV6CTL_NAMES_BINDV6ONLY "bindv6only"
+#define IPV6CTL_TYPE_BINDV6ONLY CTLTYPE_INT
+#define IPV6CTL_VARS_BINDV6ONLY &ip6_bindv6only
+#else
+#define IPV6CTL_NAMES_BINDV6ONLY 0
+#define IPV6CTL_TYPE_BINDV6ONLY 0
+#define IPV6CTL_VARS_BINDV6ONLY 0
+#endif
#define IPV6CTL_NAMES { \
{ 0, 0 }, \
@@ -562,6 +575,7 @@
{ "use_deprecated", CTLTYPE_INT }, \
{ "rr_prune", CTLTYPE_INT }, \
{ IPV6CTL_NAMES_MAPPED_ADDR, IPV6CTL_TYPE_MAPPED_ADDR }, \
+ { IPV6CTL_NAMES_BINDV6ONLY, IPV6CTL_TYPE_BINDV6ONLY }, \
}
#define IPV6CTL_VARS { \
@@ -589,6 +603,7 @@
&ip6_use_deprecated, \
&ip6_rr_prune, \
IPV6CTL_VARS_MAPPED_ADDR, \
+ IPV6CTL_VARS_BINDV6ONLY, \
}
#endif /* !_XOPEN_SOURCE */
diff -r 52ce672d964c -r 0dcc7f887cf9 sys/netinet6/in6_pcb.c
--- a/sys/netinet6/in6_pcb.c Thu Jan 06 06:24:29 2000 +0000
+++ b/sys/netinet6/in6_pcb.c Thu Jan 06 06:41:18 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: in6_pcb.c,v 1.10 1999/12/13 15:17:22 itojun Exp $ */
+/* $NetBSD: in6_pcb.c,v 1.11 2000/01/06 06:41:19 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -89,8 +89,8 @@
#include <netinet/ip.h>
#include <netinet/in_pcb.h>
#include <netinet6/ip6.h>
+#include <netinet6/ip6_var.h>
#include <netinet6/in6_pcb.h>
-#include <netinet6/ip6_var.h>
#include <netinet6/nd6.h>
#ifndef __bsdi__
@@ -132,6 +132,12 @@
in6p->in6p_prev = head;
in6p->in6p_next->in6p_prev = in6p;
#endif
+#if defined(__NetBSD__) && !defined(INET6_BINDV6ONLY)
+ if (ip6_bindv6only)
+ in6p->in6p_flags |= IN6P_BINDV6ONLY;
+#else
+ in6p->in6p_flags |= IN6P_BINDV6ONLY; /*just for safety*/
+#endif
so->so_pcb = (caddr_t)in6p;
return(0);
}
@@ -641,8 +647,14 @@
ro->ro_rt = rtalloc1(&((struct route *)ro)
->ro_dst, 0);
#endif /*__bsdi__*/
- } else
+ } else {
+#ifdef __bsdi__ /* bsdi needs rtcalloc to make a host route */
+ rtcalloc((struct route *)ro);
+#else
rtalloc((struct route *)ro);
+#endif
+ }
+
}
/*
@@ -937,8 +949,29 @@
wildcard++;
else if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, laddr6))
continue;
- } else {
- if (!IN6_IS_ADDR_UNSPECIFIED(laddr6))
+ }
+#ifndef TCP6
+ else if (IN6_IS_ADDR_V4MAPPED(&in6p->in6p_laddr)
+ && in6p->in6p_laddr.s6_addr32[3] == 0) {
+ if (!IN6_IS_ADDR_V4MAPPED(laddr6))
+ continue;
+ if (laddr6->s6_addr32[3] == 0)
Home |
Main Index |
Thread Index |
Old Index