tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] Setting IPv6 route advertisement accepting interfaces



Tonnerre LOMBARD <tonnerre%netbsd.ch@localhost> wrote
  in <20090712221139.GJ6410%jules.pas-un-geek-en-tant-que-tel.ch@localhost>:

to> Salut,
to>
to> On Mon, Jul 13, 2009 at 06:36:22AM +0900, Hiroki Sato wrote:
to> >  I don't think adding a new flag is reasonable because there is a
to> >  per-interface flag to control accepting RA (ND6_IFF_ACCEPT_RTADV)
to> >  already.
to>
to> How would one set that flag? I've only seen it being set in one
to> single place which had no attachment whatsoever to any type of
to> logic.

 Can be set by using ndp(8) and the flag is used in nd6_ra_input().

 I fully agree with your idea and having such a per-interface flag is
 the way to go since accepting RAs should be controlled in that way on
 a system with multiple interfaces.  It is supposed that
 ND6_IFF_ACCEPT_RTADV can be used, not by adding a protocol-dependent
 flag to struct ifnet (we should avoid it if we can) , but we need
 some more change because it is not fully implemented.

 Actually I have a similar patchset to yours in another way:

 1) Add a part of ndp(8) functionality to ifconfig(8).  We have the
    ndp(8) utility for changing IPv6 NDP parameters but it is more
    reasonable that the per-interface parameters are handled by
    ifconfig(8) for consistency.  More specifically, PERFORMNUD,
    ACCEPT_RTADV, DISABLED, and default interface (ndp -I) should be
    done by ifconfig(8) like "ifconfig le0 inet6 -accept_rtadv".

 2) Use the existing sysctl net.inet6.ip6.accept_rtadv as the default
    value of the corresponding per-IF flags, not a global knob.  The
    accept_rtadv is set as 0 by default.

 3) Add (ip6.fowarding == 0 && ND6_IFF_ACCEPT_RTADV) check to
    nd6_ra_input().  The other similar checks for if the node is
    router or if the interface has ND6_IFF_ACCEPT_RTADV have been made
    consistent wherever possible.  Especially when (ip6.forwarding ==
    1) is true, ignore RAs regardless of ND6_IFF_ACCEPT_RTADV.

 4) Remove IPV6CTL_ACCEPT_RTADV check in rtsold(8).

 What do you think of this way?  I am using the patchset against a bit
 old source tree for some time.  I can send it to you for the latest
 source tree in a couple of days.

-- Hiroki

Attachment: pgprT0_VKGFCd.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index