On Fri, Nov 04, 2022 at 03:40:04PM +0100, Claudio Jeker wrote:
> So mpe(4) is a special device. It is a point-to-multipoint interface that
> does not do multicast. So setting IFF_MULTICAST on the interface is not
> correct but IPv6 depends on it because neighbor discovery.
>
> Now there is no neighbor discovery on mpe(4) the neighbors are handled via
> BGP. So lets adjust in6_ifattach() to succeed for mpe(4) interfaces and
> with that BGP IPv6 L3VPN should work.
>
> It may be an idea to move the IFF_MULTCAST check down into the
> ifp->if_type switch but right now this is good enough. I wonder if we have
> other interfaces that need similar treatment (e.g. mgre).
I think this is a better diff.
Only require the IFF_MULTCAST bit if nd6_need_cache() returns true.
In other words full ND is running on the interface.
Such tunnel interfaces will not get a link-local address automatically
assigned anymore but such an address can still be set up by hand.
--
:wq Claudio
Index: netinet6/in6_ifattach.c
===================================================================
RCS file: /cvs/src/sys/netinet6/in6_ifattach.c,v
retrieving revision 1.119
diff -u -p -r1.119 in6_ifattach.c
--- netinet6/in6_ifattach.c 8 Sep 2022 10:22:07 -0000 1.119
+++ netinet6/in6_ifattach.c 10 Nov 2022 12:18:09 -0000
@@ -373,7 +373,7 @@ in6_ifattach(struct ifnet *ifp)
if (ifp->if_mtu < IPV6_MMTU)
return (EINVAL);
- if ((ifp->if_flags & IFF_MULTICAST) == 0)
+ if (nd6_need_cache(ifp) && (ifp->if_flags & IFF_MULTICAST) == 0)
return (EINVAL);
/*
@@ -389,12 +389,12 @@ in6_ifattach(struct ifnet *ifp)
return (error);
}
- /* Interfaces that rely on strong a priori cryptographic binding of
- * IP addresses are incompatible with automatically assigned llv6. */
- switch (ifp->if_type) {
- case IFT_WIREGUARD:
+ /*
+ * Only interfaces that need the ND cache should automatically
+ * assign a link local address.
+ */
+ if (!nd6_need_cache(ifp))
return (0);
- }
/* Assign a link-local address, if there's none. */
if (in6ifa_ifpforlinklocal(ifp, 0) == NULL) {
