1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
Index: sys/netinet6/in6.h
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6.h,v
retrieving revision 1.36.2.9
diff -u -p -r1.36.2.9 in6.h
--- sys/netinet6/in6.h 1 Sep 2008 22:57:56 -0000 1.36.2.9
+++ sys/netinet6/in6.h 28 Sep 2008 21:27:09 -0000
@@ -575,7 +575,8 @@ struct ip6_mtuinfo {
/* to define items, should talk with KAME guys first, for *BSD compatibility */
#define IPV6CTL_STEALTH 45
#define IPV6CTL_RTHDR0_ALLOWED 46
-#define IPV6CTL_MAXID 47
+#define ICMPV6CTL_ND6_ONLINKNSRFC4861 47
+#define IPV6CTL_MAXID 48
#endif /* __BSD_VISIBLE */
/*
Index: sys/netinet6/in6_proto.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6_proto.c,v
retrieving revision 1.32.2.9
diff -u -p -r1.32.2.9 in6_proto.c
--- sys/netinet6/in6_proto.c 1 Sep 2008 22:57:56 -0000 1.32.2.9
+++ sys/netinet6/in6_proto.c 28 Sep 2008 21:26:24 -0000
@@ -354,6 +354,7 @@ DOMAIN_SET(inet6);
#ifndef IPV6_SENDREDIRECTS
#define IPV6_SENDREDIRECTS 1
#endif
+int nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */
int ip6_forwarding = IPV6FORWARDING; /* act as router? */
int ip6_sendredirects = IPV6_SENDREDIRECTS;
@@ -553,3 +554,6 @@ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_N
nd6_maxnudhint, CTLFLAG_RW, &nd6_maxnudhint, 0, "");
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG,
nd6_debug, CTLFLAG_RW, &nd6_debug, 0, "");
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
+ nd6_onlink_ns_rfc4861, CTLFLAG_RW, &nd6_onlink_ns_rfc4861, 0,
+ "Accept 'on-link' nd6 NS in compliance with RFC 4861.");
Index: sys/netinet6/nd6.h
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/nd6.h,v
retrieving revision 1.19.2.3
diff -u -p -r1.19.2.3 nd6.h
--- sys/netinet6/nd6.h 1 Sep 2008 22:57:56 -0000 1.19.2.3
+++ sys/netinet6/nd6.h 28 Sep 2008 21:26:24 -0000
@@ -339,6 +339,7 @@ extern struct llinfo_nd6 llinfo_nd6;
extern struct nd_drhead nd_defrouter;
extern struct nd_prhead nd_prefix;
extern int nd6_debug;
+extern int nd6_onlink_ns_rfc4861;
#define nd6log(x) do { if (nd6_debug) log x; } while (/*CONSTCOND*/ 0)
Index: sys/netinet6/nd6_nbr.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/nd6_nbr.c,v
retrieving revision 1.29.2.10
diff -u -p -r1.29.2.10 nd6_nbr.c
--- sys/netinet6/nd6_nbr.c 1 Sep 2008 22:57:56 -0000 1.29.2.10
+++ sys/netinet6/nd6_nbr.c 28 Sep 2008 21:26:24 -0000
@@ -148,6 +148,24 @@ nd6_ns_input(m, off, icmp6len)
"(wrong ip6 dst)\n"));
goto bad;
}
+ } else if (!nd6_onlink_ns_rfc4861) {
+ struct sockaddr_in6 src_sa6;
+
+ /*
+ * According to recent IETF discussions, it is not a good idea
+ * to accept a NS from an address which would not be deemed
+ * to be a neighbor otherwise. This point is expected to be
+ * clarified in future revisions of the specification.
+ */
+ bzero(&src_sa6, sizeof(src_sa6));
+ src_sa6.sin6_family = AF_INET6;
+ src_sa6.sin6_len = sizeof(src_sa6);
+ src_sa6.sin6_addr = saddr6;
+ if (!nd6_is_addr_neighbor(&src_sa6, ifp)) {
+ nd6log((LOG_INFO, "nd6_ns_input: "
+ "NS packet from non-neighbor\n"));
+ goto bad;
+ }
}
if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
|
GitWeb