Similar to IPv4 this will inject all the magic reject routes for IPv6.
This includes the bad networks in the 6to4 range (2002::/16) and some
other magic.
Here it what you get:
Internet6:
Destination Gateway Flags Refs Use Mtu Prio Iface
::/96 ::1 UGRS 0 0 32768 8 lo2
::1 ::1 UHhl 10 10 32768 1 lo2
::ffff:0.0.0.0/96 ::1 UGRS 0 0 32768 8 lo2
2002::/24 ::1 UGRS 0 0 32768 8 lo2
2002:7f00::/24 ::1 UGRS 0 0 32768 8 lo2
2002:e000::/20 ::1 UGRS 0 0 32768 8 lo2
2002:ff00::/24 ::1 UGRS 0 0 32768 8 lo2
fe80::/10 ::1 UGRS 0 1 32768 8 lo2
fec0::/10 ::1 UGRS 0 0 32768 8 lo2
fe80::1%lo2 fe80::1%lo2 UHl 0 0 32768 1 lo2
ff01::/16 ::1 UGRS 0 0 32768 8 lo2
ff01::%lo2/32 ::1 Um 0 1 32768 4 lo2
ff02::/16 ::1 UGRS 0 0 32768 8 lo2
ff02::%lo2/32 ::1 Um 0 1 32768 4 lo2
--
:wq Claudio
Index: netinet6//in6_ifattach.c
===================================================================
RCS file: /cvs/src/sys/netinet6/in6_ifattach.c,v
retrieving revision 1.105
diff -u -p -r1.105 in6_ifattach.c
--- netinet6//in6_ifattach.c 10 Feb 2018 05:52:08 -0000 1.105
+++ netinet6//in6_ifattach.c 10 Feb 2018 08:31:12 -0000
@@ -61,6 +61,8 @@ int in6_get_hw_ifid(struct ifnet *, stru
int in6_get_soii_ifid(struct ifnet *, struct in6_addr *);
void in6_get_ifid(struct ifnet *, struct in6_addr *);
int in6_ifattach_loopback(struct ifnet *);
+int in6_ifattach_loopback_routes(struct ifnet *, struct in6_ifaddr *);
+
#define EUI64_GBIT 0x01
#define EUI64_UBIT 0x02
@@ -419,6 +421,63 @@ in6_ifattach_loopback(struct ifnet *ifp)
return (in6_update_ifa(ifp, &ifra, NULL));
}
+int
+in6_ifattach_loopback_routes(struct ifnet *ifp, struct in6_ifaddr *ia6)
+{
+ struct rt_addrinfo info;
+ struct sockaddr_in6 addr, mask, gate;
+ int error, i;
+
+ struct {
+ struct in6_addr addr;
+ struct in6_addr mask;
+ } reject_routes[] = {
+ { {{{ 0 }}}, IN6MASK96 },
+ { {{{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 0, 0 }}}, IN6MASK96 },
+ { {{{ 0x20, 0x02, 0, 0 }}}, {{{ 0xff, 0xff, 0xff, 0 }}} },
+ { {{{ 0x20, 0x02, 0x7f, 0 }}}, {{{ 0xff, 0xff, 0xff, 0 }}} },
+ { {{{ 0x20, 0x02, 0xe0, 0 }}}, {{{ 0xff, 0xff, 0xf0, 0 }}} },
+ { {{{ 0x20, 0x02, 0xff, 0 }}}, {{{ 0xff, 0xff, 0xff, 0 }}} },
+ { {{{ 0xfe, 0x80, 0, 0 }}}, {{{ 0xff, 0xc0, 0, 0 }}} },
+ { {{{ 0xfe, 0xc0, 0, 0 }}}, {{{ 0xff, 0xc0, 0, 0 }}} },
+ { {{{ 0xff, 0x01, 0, 0 }}}, {{{ 0xff, 0xff, 0, 0 }}} },
+ { {{{ 0xff, 0x02, 0, 0 }}}, {{{ 0xff, 0xff, 0, 0 }}} }
+ };
+
+ KASSERT(ifp->if_flags & IFF_LOOPBACK);
+ KASSERT(ia6 != NULL);
+
+ bzero(&info, sizeof(info));
+ bzero(&addr, sizeof(addr));
+ bzero(&mask, sizeof(mask));
+ bzero(&gate, sizeof(gate));
+
+ addr.sin6_len = sizeof(struct sockaddr_in6);
+ addr.sin6_family = AF_INET6;
+ mask.sin6_len = sizeof(struct sockaddr_in6);
+ mask.sin6_family = AF_INET6;
+ gate.sin6_len = sizeof(struct sockaddr_in6);
+ gate.sin6_family = AF_INET6;
+ gate.sin6_addr = in6addr_loopback;
+
+ info.rti_flags = RTF_GATEWAY | RTF_REJECT | RTF_STATIC;
+ info.rti_ifa = &ia6->ia_ifa;
+ info.rti_info[RTAX_GATEWAY] = sin6tosa(&gate);
+
+ for (i = 0; i < nitems(reject_routes); i++) {
+ /* Now insert the reject routes */
+ addr.sin6_addr = reject_routes[i].addr;
+ mask.sin6_addr = reject_routes[i].mask;
+ info.rti_info[RTAX_DST] = sin6tosa(&addr);
+ info.rti_info[RTAX_NETMASK] = sin6tosa(&mask);
+
+ error = rtrequest(RTM_ADD, &info, 0, NULL, ifp->if_rdomain);
+ if (error)
+ return (error);
+ }
+ return (0);
+}
+
/*
* compute NI group address, based on the current hostname setting.
* see draft-ietf-ipngwg-icmp-name-lookup-* (04 and later).
@@ -507,6 +566,10 @@ in6_ifattach(struct ifnet *ifp)
return (0);
error = in6_ifattach_loopback(ifp);
+ if (error)
+ return (error);
+ error = in6_ifattach_loopback_routes(ifp,
+ in6ifa_ifpwithaddr(ifp, &in6));
if (error)
return (error);
}