On 2015/11/01 17:41, Yury Shefer wrote:
> I'm having trouble with enabling IPv6 routing on my 5.8 gateway.
>
> (Internet)----[DHCPv6+PD]----(em0-GW-axe0)----[SLAAC/rtadvd]
>
> My box is connected to Comcast, I'm getting IPv6 address assignment over
> DHCPv6 (wide dhcp6c) on WAN interface(em0) together with prefix delegation
> and assigning this prefix to axe0 (internal interface).
>
> On axe0 i'm running rtadvd. My clients are getting IPv6 addresses properly
> assigned and i'm able to ping link-local address of my gw. but if I check
> ipv6 neighbors on my gw I see that there are no global addresses except
> permanent (GW-owned addresses).
This (static v6 addresses on a system using SLAAC) is broken in 5.8.
The following diff backported from -current may fix it, but is untested
(may not even compile, I don't have a handy 5.8 system and config(8) has
changed).
Index: sys/net/if_spppsubr.c
===================================================================
RCS file: /cvs/src/sys/net/if_spppsubr.c,v
retrieving revision 1.136
diff -u -p -r1.136 if_spppsubr.c
--- sys/net/if_spppsubr.c 18 Jul 2015 15:51:16 -0000 1.136
+++ sys/net/if_spppsubr.c 2 Nov 2015 09:20:03 -0000
@@ -4790,9 +4790,6 @@ sppp_set_ip6_addr(struct sppp *sp, const
*/
ifra->ifra_prefixmask.sin6_family = AF_UNSPEC;
- /* DAD is redundant after an IPv6CP exchange. */
- ifra->ifra_flags |= IN6_IFF_NODAD;
-
task_add(systq, &sp->ipv6cp.set_addr_task);
}
Index: sys/netinet6/in6.c
===================================================================
RCS file: /cvs/src/sys/netinet6/in6.c,v
retrieving revision 1.161
diff -u -p -r1.161 in6.c
--- sys/netinet6/in6.c 18 Jul 2015 15:05:32 -0000 1.161
+++ sys/netinet6/in6.c 2 Nov 2015 09:20:03 -0000
@@ -462,7 +462,6 @@ in6_control(struct socket *so, u_long cm
case SIOCAIFADDR_IN6:
{
- struct nd_prefix *pr;
int plen, error = 0;
/* reject read-only flags */
@@ -492,39 +491,24 @@ in6_control(struct socket *so, u_long cm
break;
}
+ /* Perform DAD, if needed. */
+ if (ia6->ia6_flags & IN6_IFF_TENTATIVE)
+ nd6_dad_start(&ia6->ia_ifa);
+
plen = in6_mask2len(&ifra->ifra_prefixmask.sin6_addr, NULL);
if (plen == 128) {
dohooks(ifp->if_addrhooks, 0);
break; /* we don't need to install a host route. */
}
- /*
- * then, make the prefix on-link on the interface.
- * XXX: we'd rather create the prefix before the address, but
- * we need at least one address to install the corresponding
- * interface route, so we configure the address first.
- */
- pr = nd6_prefix_add(ifp, &ifra->ifra_addr,
- &ifra->ifra_prefixmask, &ifra->ifra_lifetime,
- ((ifra->ifra_flags & IN6_IFF_AUTOCONF) != 0));
- if (pr == NULL) {
- log(LOG_ERR, "cannot add prefix\n");
- return (EINVAL); /* XXX panic here? */
- }
-
- /* relate the address to the prefix */
- if (ia6->ia6_ndpr == NULL) {
- ia6->ia6_ndpr = pr;
- pr->ndpr_refcnt++;
- }
-
s = splsoftnet();
- /*
- * this might affect the status of autoconfigured addresses,
- * that is, this address might make other addresses detached.
- */
- pfxlist_onlink_check();
-
+ error = rt_ifa_add(&ia6->ia_ifa,
+ RTF_UP|RTF_CLONING|RTF_CONNECTED, ia6->ia_ifa.ifa_addr);
+ if (error) {
+ in6_purgeaddr(&ia6->ia_ifa);
+ splx(s);
+ return (error);
+ }
dohooks(ifp->if_addrhooks, 0);
splx(s);
break;
@@ -946,17 +930,6 @@ in6_update_ifa(struct ifnet *ifp, struct
LIST_INSERT_HEAD(&ia6->ia6_memberships, imm, i6mm_chain);
}
- /*
- * Perform DAD, if needed.
- * XXX It may be of use, if we can administratively
- * disable DAD.
- */
- if (hostIsNew && in6if_do_dad(ifp) &&
- (ifra->ifra_flags & IN6_IFF_NODAD) == 0)
- {
- nd6_dad_start(&ia6->ia_ifa, NULL);
- }
-
return (error);
unlink:
@@ -1022,24 +995,19 @@ in6_purgeaddr(struct ifaddr *ifa)
void
in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp)
{
+ struct ifaddr *ifa = &ia6->ia_ifa;
+
splsoftassert(IPL_SOFTNET);
- ifa_del(ifp, &ia6->ia_ifa);
+ ifa_del(ifp, ifa);
TAILQ_REMOVE(&in6_ifaddr, ia6, ia_list);
/* Release the reference to the base prefix. */
if (ia6->ia6_ndpr == NULL) {
- char addr[INET6_ADDRSTRLEN];
-
- if (!IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia6)) &&
- !IN6_IS_ADDR_LOOPBACK(IA6_IN6(ia6)) &&
- !IN6_ARE_ADDR_EQUAL(IA6_MASKIN6(ia6), &in6mask128))
- log(LOG_NOTICE, "in6_unlink_ifa: interface address "
- "%s has no prefix\n",
- inet_ntop(AF_INET6, IA6_IN6(ia6), addr,
- sizeof(addr)));
+ rt_ifa_del(ifa, RTF_CLONING | RTF_CONNECTED, ifa->ifa_addr);
} else {
+ KASSERT(ia6->ia6_flags & IN6_IFF_AUTOCONF);
ia6->ia6_flags &= ~IN6_IFF_AUTOCONF;
if (--ia6->ia6_ndpr->ndpr_refcnt == 0)
prelist_remove(ia6->ia6_ndpr);
Index: sys/netinet6/in6_ifattach.c
===================================================================
RCS file: /cvs/src/sys/netinet6/in6_ifattach.c,v
retrieving revision 1.90
diff -u -p -r1.90 in6_ifattach.c
--- sys/netinet6/in6_ifattach.c 18 Jul 2015 15:05:32 -0000 1.90
+++ sys/netinet6/in6_ifattach.c 2 Nov 2015 09:20:03 -0000
@@ -292,9 +292,9 @@ success:
int
in6_ifattach_linklocal(struct ifnet *ifp, struct in6_addr *ifid)
{
- struct in6_ifaddr *ia6;
struct in6_aliasreq ifra;
- int s, error;
+ struct in6_ifaddr *ia6;
+ int s, error;
/*
* configure link-local address.
@@ -338,12 +338,6 @@ in6_ifattach_linklocal(struct ifnet *ifp
ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
/*
- * Do not let in6_update_ifa() do DAD, since we need a random delay
- * before sending an NS at the first time the interface becomes up.
- */
- ifra.ifra_flags |= IN6_IFF_NODAD;
-
- /*
* Now call in6_update_ifa() to do a bunch of procedures to configure
* a link-local address. In the case of CARP, we may be called after
* one has already been configured, so check if it's already there
@@ -368,36 +362,23 @@ in6_ifattach_linklocal(struct ifnet *ifp
return (-1);
}
+ ia6 = in6ifa_ifpforlinklocal(ifp, 0);
+
/*
- * Adjust ia6_flags so that in6_ifattach() will perform DAD.
+ * Perform DAD.
+ *
* XXX: Some P2P interfaces seem not to send packets just after
* becoming up, so we skip p2p interfaces for safety.
*/
- ia6 = in6ifa_ifpforlinklocal(ifp, 0); /* ia6 must not be NULL */
-#ifdef DIAGNOSTIC
- if (!ia6) {
- panic("ia6 == NULL in in6_ifattach_linklocal");
- /* NOTREACHED */
- }
-#endif
- if (in6if_do_dad(ifp) && ((ifp->if_flags & IFF_POINTOPOINT) ||
- (ifp->if_type == IFT_CARP)) == 0) {
- ia6->ia6_flags &= ~IN6_IFF_NODAD;
+ if (in6if_do_dad(ifp) && ((ifp->if_flags & IFF_POINTOPOINT) == 0)) {
ia6->ia6_flags |= IN6_IFF_TENTATIVE;
+ nd6_dad_start(&ia6->ia_ifa);
}
- /*
- * Make the link-local prefix (fe80::/64%link) as on-link.
- * Since we'd like to manage prefixes separately from addresses,
- * we make an ND6 prefix structure for the link-local prefix,
- * and add it to the prefix list as a never-expire prefix.
- * XXX: this change might affect some existing code base...
- */
- if (nd6_prefix_add(ifp, &ifra.ifra_addr, &ifra.ifra_prefixmask,
- &ifra.ifra_lifetime, 1) == NULL)
- return (EINVAL);
+ error = rt_ifa_add(&ia6->ia_ifa, RTF_UP|RTF_CLONING|RTF_CONNECTED,
+ ia6->ia_ifa.ifa_addr);
- return (0);
+ return (error);
}
int
@@ -435,9 +416,6 @@ in6_ifattach_loopback(struct ifnet *ifp)
ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
- /* we don't need to perform DAD on loopback interfaces. */
- ifra.ifra_flags |= IN6_IFF_NODAD;
-
/*
* We are sure that this is a newly assigned address, so we can set
* NULL to the 3rd arg.
@@ -504,9 +482,6 @@ in6_nigroup(struct ifnet *ifp, const cha
int
in6_ifattach(struct ifnet *ifp)
{
- struct ifaddr *ifa;
- int dad_delay = 0; /* delay ticks before DAD output */
-
/* some of the interfaces are inherently not IPv6 capable */
switch (ifp->if_type) {
case IFT_BRIDGE:
@@ -541,14 +516,6 @@ in6_ifattach(struct ifnet *ifp)
return (0);
return (in6_ifattach_loopback(ifp));
- }
-
- /* Perform DAD. */
- TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
- if (ifa->ifa_addr->sa_family != AF_INET6)
- continue;
- if (ifatoia6(ifa)->ia6_flags & IN6_IFF_TENTATIVE)
- nd6_dad_start(ifa, &dad_delay);
}
if (ifp->if_xflags & IFXF_AUTOCONF6)
Index: sys/netinet6/in6_var.h
===================================================================
RCS file: /cvs/src/sys/netinet6/in6_var.h,v
retrieving revision 1.52
diff -u -p -r1.52 in6_var.h
--- sys/netinet6/in6_var.h 8 Jul 2015 08:48:34 -0000 1.52
+++ sys/netinet6/in6_var.h 2 Nov 2015 09:20:03 -0000
@@ -433,9 +433,6 @@ struct in6_rrenumreq {
#define IN6_IFF_DUPLICATED 0x04 /* DAD detected duplicate */
#define IN6_IFF_DETACHED 0x08 /* may be detached from the link */
#define IN6_IFF_DEPRECATED 0x10 /* deprecated address */
-#define IN6_IFF_NODAD 0x20 /* don't perform DAD on this address
- * (used only at first SIOC* call)
- */
#define IN6_IFF_AUTOCONF 0x40 /* autoconfigurable address. */
#define IN6_IFF_PRIVACY 0x80 /* RFC 4941 temporary address */
Index: sys/netinet6/nd6.c
===================================================================
RCS file: /cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.143
diff -u -p -r1.143 nd6.c
--- sys/netinet6/nd6.c 16 Jul 2015 15:31:35 -0000 1.143
+++ sys/netinet6/nd6.c 2 Nov 2015 09:20:03 -0000
@@ -730,6 +730,8 @@ int
nd6_is_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp)
{
struct nd_prefix *pr;
+ struct in6_ifaddr *ia6;
+ struct ifaddr *ifa;
struct rtentry *rt;
/*
@@ -741,6 +743,22 @@ nd6_is_addr_neighbor(struct sockaddr_in6
if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) &&
ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index)
return (1);
+
+ TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
+ if (ifa->ifa_addr->sa_family != AF_INET6)
+ continue;
+
+ ia6 = ifatoia6(ifa);
+
+ /* Prefix check down below. */
+ if (ia6->ia6_flags & IN6_IFF_AUTOCONF)
+ continue;
+
+ if (IN6_ARE_MASKED_ADDR_EQUAL(&addr->sin6_addr,
+ &ia6->ia_addr.sin6_addr,
+ &ia6->ia_prefixmask.sin6_addr))
+ return (1);
+ }
/*
* If the address matches one of our on-link prefixes, it should be a
Index: sys/netinet6/nd6.h
===================================================================
RCS file: /cvs/src/sys/netinet6/nd6.h,v
retrieving revision 1.44
diff -u -p -r1.44 nd6.h
--- sys/netinet6/nd6.h 18 Jul 2015 15:05:32 -0000 1.44
+++ sys/netinet6/nd6.h 2 Nov 2015 09:20:03 -0000
@@ -291,7 +291,7 @@ void nd6_ns_input(struct mbuf *, int, in
void nd6_ns_output(struct ifnet *, struct in6_addr *,
struct in6_addr *, struct llinfo_nd6 *, int);
caddr_t nd6_ifptomac(struct ifnet *);
-void nd6_dad_start(struct ifaddr *, int *);
+void nd6_dad_start(struct ifaddr *);
void nd6_dad_stop(struct ifaddr *);
void nd6_ra_input(struct mbuf *, int, int);
@@ -315,7 +315,7 @@ void pfxlist_onlink_check(void);
struct nd_defrouter *defrouter_lookup(struct in6_addr *, struct ifnet *);
struct nd_prefix *nd6_prefix_add(struct ifnet *, struct sockaddr_in6 *,
- struct sockaddr_in6 *, struct in6_addrlifetime *, int);
+ struct sockaddr_in6 *, struct in6_addrlifetime *);
struct nd_prefix *nd6_prefix_lookup(struct nd_prefix *);
int in6_ifdel(struct ifnet *, struct in6_addr *);
int in6_init_prefix_ltimes(struct nd_prefix *ndpr);
Index: sys/netinet6/nd6_nbr.c
===================================================================
RCS file: /cvs/src/sys/netinet6/nd6_nbr.c,v
retrieving revision 1.91
diff -u -p -r1.91 nd6_nbr.c
--- sys/netinet6/nd6_nbr.c 16 Jul 2015 15:28:38 -0000 1.91
+++ sys/netinet6/nd6_nbr.c 2 Nov 2015 09:20:03 -0000
@@ -1128,15 +1128,14 @@ nd6_dad_stoptimer(struct dadq *dp)
/*
* Start Duplicated Address Detection (DAD) for specified interface address.
- *
- * tick - minimum delay ticks for IFF_UP event
*/
void
-nd6_dad_start(struct ifaddr *ifa, int *tick)
+nd6_dad_start(struct ifaddr *ifa)
{
struct in6_ifaddr *ia6 = ifatoia6(ifa);
struct dadq *dp;
char addr[INET6_ADDRSTRLEN];
+ int s;
if (!dad_init) {
TAILQ_INIT(&dadq);
@@ -1149,31 +1148,15 @@ nd6_dad_start(struct ifaddr *ifa, int *t
* - DAD is disabled (ip6_dad_count == 0)
* - the interface address is anycast
*/
- if (!(ia6->ia6_flags & IN6_IFF_TENTATIVE)) {
- log(LOG_DEBUG,
- "nd6_dad_start: called with non-tentative address "
- "%s(%s)\n",
- inet_ntop(AF_INET6, &ia6->ia_addr.sin6_addr,
- addr, sizeof(addr)),
- ifa->ifa_ifp ? ifa->ifa_ifp->if_xname : "???");
- return;
- }
- if (ia6->ia6_flags & IN6_IFF_ANYCAST) {
- ia6->ia6_flags &= ~IN6_IFF_TENTATIVE;
- return;
- }
- if (!ip6_dad_count) {
+ KASSERT(ia6->ia6_flags & IN6_IFF_TENTATIVE);
+ if ((ia6->ia6_flags & IN6_IFF_ANYCAST) || (!ip6_dad_count)) {
ia6->ia6_flags &= ~IN6_IFF_TENTATIVE;
return;
}
- if (!ifa->ifa_ifp)
- panic("nd6_dad_start: ifa->ifa_ifp == NULL");
- if (!(ifa->ifa_ifp->if_flags & IFF_UP))
- return;
- if (nd6_dad_find(ifa) != NULL) {
- /* DAD already in progress */
+
+ /* DAD already in progress */
+ if (nd6_dad_find(ifa) != NULL)
return;
- }
dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT | M_ZERO);
if (dp == NULL) {
@@ -1185,6 +1168,8 @@ nd6_dad_start(struct ifaddr *ifa, int *t
return;
}
bzero(&dp->dad_timer_ch, sizeof(dp->dad_timer_ch));
+
+ s = splsoftnet();
TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list);
ip6_dad_pending++;
@@ -1202,21 +1187,10 @@ nd6_dad_start(struct ifaddr *ifa, int *t
dp->dad_count = ip6_dad_count;
dp->dad_ns_icount = dp->dad_na_icount = 0;
dp->dad_ns_ocount = dp->dad_ns_tcount = 0;
- if (tick == NULL) {
- nd6_dad_ns_output(dp, ifa);
- nd6_dad_starttimer(dp,
- (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
- } else {
- int ntick;
-
- if (*tick == 0)
- ntick = arc4random_uniform(MAX_RTR_SOLICITATION_DELAY *
- hz);
- else
- ntick = *tick + arc4random_uniform(hz / 2);
- *tick = ntick;
- nd6_dad_starttimer(dp, ntick);
- }
+ nd6_dad_ns_output(dp, ifa);
+ nd6_dad_starttimer(dp,
+ (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
+ splx(s);
}
/*
Index: sys/netinet6/nd6_rtr.c
===================================================================
RCS file: /cvs/src/sys/netinet6/nd6_rtr.c,v
retrieving revision 1.113
diff -u -p -r1.113 nd6_rtr.c
--- sys/netinet6/nd6_rtr.c 18 Jul 2015 15:51:17 -0000 1.113
+++ sys/netinet6/nd6_rtr.c 2 Nov 2015 09:20:03 -0000
@@ -1077,7 +1077,7 @@ purge_detached(struct ifnet *ifp)
struct nd_prefix *
nd6_prefix_add(struct ifnet *ifp, struct sockaddr_in6 *addr,
- struct sockaddr_in6 *mask, struct in6_addrlifetime *lt, int autoconf)
+ struct sockaddr_in6 *mask, struct in6_addrlifetime *lt)
{
struct nd_prefix pr0, *pr;
int i;
@@ -1104,7 +1104,7 @@ nd6_prefix_add(struct ifnet *ifp, struct
* an intended behavior.
*/
pr0.ndpr_raf_onlink = 1; /* should be configurable? */
- pr0.ndpr_raf_auto = autoconf;
+ pr0.ndpr_raf_auto = 1;
pr0.ndpr_vltime = lt->ia6t_vltime;
pr0.ndpr_pltime = lt->ia6t_pltime;
@@ -1194,14 +1194,7 @@ prelist_remove(struct nd_prefix *pr)
/* make sure to invalidate the prefix until it is really freed. */
pr->ndpr_vltime = 0;
pr->ndpr_pltime = 0;
-#if 0
- /*
- * Though these flags are now meaningless, we'd rather keep the value
- * not to confuse users when executing "ndp -p".
- */
- pr->ndpr_raf_onlink = 0;
- pr->ndpr_raf_auto = 0;
-#endif
+
if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0 &&
(e = nd6_prefix_offlink(pr)) != 0) {
char addr[INET6_ADDRSTRLEN];
@@ -2109,7 +2102,7 @@ in6_ifadd(struct nd_prefix *pr, int priv
/* XXX: scope zone ID? */
- ifra.ifra_flags |= IN6_IFF_AUTOCONF; /* obey autoconf */
+ ifra.ifra_flags |= IN6_IFF_AUTOCONF|IN6_IFF_TENTATIVE;
/* allocate ifaddr structure, link into chain, etc. */
s = splsoftnet();
@@ -2128,7 +2121,13 @@ in6_ifadd(struct nd_prefix *pr, int priv
}
/* this is always non-NULL */
- return (in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr));
+ ia6 = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr);
+
+ /* Perform DAD, if needed. */
+ if (ia6->ia6_flags & IN6_IFF_TENTATIVE)
+ nd6_dad_start(&ia6->ia_ifa);
+
+ return (ia6);
}
int
