On Fri, Nov 04, 2022 at 03:40:04PM +0100, Claudio Jeker wrote: > So mpe(4) is a special device. It is a point-to-multipoint interface that > does not do multicast. So setting IFF_MULTICAST on the interface is not > correct but IPv6 depends on it because neighbor discovery. > > Now there is no neighbor discovery on mpe(4) the neighbors are handled via > BGP. So lets adjust in6_ifattach() to succeed for mpe(4) interfaces and > with that BGP IPv6 L3VPN should work. > > It may be an idea to move the IFF_MULTCAST check down into the > ifp->if_type switch but right now this is good enough. I wonder if we have > other interfaces that need similar treatment (e.g. mgre).
I think this is a better diff. Only require the IFF_MULTCAST bit if nd6_need_cache() returns true. In other words full ND is running on the interface. Such tunnel interfaces will not get a link-local address automatically assigned anymore but such an address can still be set up by hand. -- :wq Claudio Index: netinet6/in6_ifattach.c =================================================================== RCS file: /cvs/src/sys/netinet6/in6_ifattach.c,v retrieving revision 1.119 diff -u -p -r1.119 in6_ifattach.c --- netinet6/in6_ifattach.c 8 Sep 2022 10:22:07 -0000 1.119 +++ netinet6/in6_ifattach.c 10 Nov 2022 12:18:09 -0000 @@ -373,7 +373,7 @@ in6_ifattach(struct ifnet *ifp) if (ifp->if_mtu < IPV6_MMTU) return (EINVAL); - if ((ifp->if_flags & IFF_MULTICAST) == 0) + if (nd6_need_cache(ifp) && (ifp->if_flags & IFF_MULTICAST) == 0) return (EINVAL); /* @@ -389,12 +389,12 @@ in6_ifattach(struct ifnet *ifp) return (error); } - /* Interfaces that rely on strong a priori cryptographic binding of - * IP addresses are incompatible with automatically assigned llv6. */ - switch (ifp->if_type) { - case IFT_WIREGUARD: + /* + * Only interfaces that need the ND cache should automatically + * assign a link local address. + */ + if (!nd6_need_cache(ifp)) return (0); - } /* Assign a link-local address, if there's none. */ if (in6ifa_ifpforlinklocal(ifp, 0) == NULL) {