Print a warning when rtsol or rtsold are used to do IPv6 autoconfiguration

but accepting redirects is turned off.  If the -F switch is given,
set sysctl net.inet6.icmp6.rediraccept to 1 instead.
ok claudio@ deraadt@ sthen@

4 files changed, 21 insertions, 15 deletions

diff --git a/usr.sbin/rtsold/if.c b/usr.sbin/rtsold/if.c
index 366a8fdd57b..541c8b78c0f 100644
--- a/usr.sbin/rtsold/if.c
+++ b/usr.sbin/rtsold/if.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if.c,v 1.24 2009/06/12 09:50:16 chl Exp $	*/
+/*	$OpenBSD: if.c,v 1.25 2011/03/23 00:59:49 bluhm Exp $	*/
 /*	$KAME: if.c,v 1.18 2002/05/31 10:10:03 itojun Exp $	*/
 
 /*
@@ -262,9 +262,9 @@ if_nametosdl(char *name)
 }
 
 int
-getinet6sysctl(int code)
+getinet6sysctl(int proto, int code)
 {
-	int mib[] = { CTL_NET, PF_INET6, IPPROTO_IPV6, 0 };
+	int mib[] = { CTL_NET, PF_INET6, proto, 0 };
 	int value;
 	size_t size;
 
@@ -277,9 +277,9 @@ getinet6sysctl(int code)
 }
 
 int
-setinet6sysctl(int code, int newval)
+setinet6sysctl(int proto, int code, int newval)
 {
-	int mib[] = { CTL_NET, PF_INET6, IPPROTO_IPV6, 0 };
+	int mib[] = { CTL_NET, PF_INET6, proto, 0 };
 	int value;
 	size_t size;
 
diff --git a/usr.sbin/rtsold/rtsold.8 b/usr.sbin/rtsold/rtsold.8
index ee682203e2b..6e963819247 100644
--- a/usr.sbin/rtsold/rtsold.8
+++ b/usr.sbin/rtsold/rtsold.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: rtsold.8,v 1.27 2010/09/03 11:22:36 jmc Exp $
+.\"	$OpenBSD: rtsold.8,v 1.28 2011/03/23 00:59:49 bluhm Exp $
 .\"	$KAME: rtsold.8,v 1.17 2001/07/09 22:30:37 itojun Exp $
 .\"
 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 3 2010 $
+.Dd $Mdocdate: March 23 2011 $
 .Dt RTSOLD 8
 .Os
 .\"
@@ -72,6 +72,8 @@ The
 .Xr sysctl 8
 should be set to zero and the
 .Va net.inet6.ip6.accept_rtadv
+and
+.Va net.inet6.icmp6.rediraccept
 .Xr sysctl 8
 should be set to a non-zero value
 (see also the
diff --git a/usr.sbin/rtsold/rtsold.c b/usr.sbin/rtsold/rtsold.c
index dd09869f0cd..6430eb7e141 100644
--- a/usr.sbin/rtsold/rtsold.c
+++ b/usr.sbin/rtsold/rtsold.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rtsold.c,v 1.46 2011/03/22 10:16:23 okan Exp $	*/
+/*	$OpenBSD: rtsold.c,v 1.47 2011/03/23 00:59:49 bluhm Exp $	*/
 /*	$KAME: rtsold.c,v 1.75 2004/01/03 00:00:07 itojun Exp $	*/
 
 /*
@@ -185,14 +185,18 @@ main(int argc, char *argv[])
 #endif
 
 	if (Fflag) {
-		setinet6sysctl(IPV6CTL_ACCEPT_RTADV, 1);
-		setinet6sysctl(IPV6CTL_FORWARDING, 0);
+		setinet6sysctl(IPPROTO_IPV6, IPV6CTL_ACCEPT_RTADV, 1);
+		setinet6sysctl(IPPROTO_ICMPV6, ICMPV6CTL_REDIRACCEPT, 1);
+		setinet6sysctl(IPPROTO_IPV6, IPV6CTL_FORWARDING, 0);
 	} else {
 		/* warn if accept_rtadv is down */
-		if (!getinet6sysctl(IPV6CTL_ACCEPT_RTADV))
+		if (!getinet6sysctl(IPPROTO_IPV6, IPV6CTL_ACCEPT_RTADV))
 			warnx("kernel is configured not to accept RAs");
+		/* warn if accepting redirects is off */
+		if (!getinet6sysctl(IPPROTO_ICMPV6, ICMPV6CTL_REDIRACCEPT))
+			warnx("kernel is configured not to accept redirects");
 		/* warn if forwarding is up */
-		if (getinet6sysctl(IPV6CTL_FORWARDING))
+		if (getinet6sysctl(IPPROTO_IPV6, IPV6CTL_FORWARDING))
 			warnx("kernel is configured as a router, not a host");
 	}
 
diff --git a/usr.sbin/rtsold/rtsold.h b/usr.sbin/rtsold/rtsold.h
index ff5758a7164..4dc3d829188 100644
--- a/usr.sbin/rtsold/rtsold.h
+++ b/usr.sbin/rtsold/rtsold.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rtsold.h,v 1.13 2009/01/30 17:25:51 rainer Exp $	*/
+/*	$OpenBSD: rtsold.h,v 1.14 2011/03/23 00:59:49 bluhm Exp $	*/
 /*	$KAME: rtsold.h,v 1.14 2002/05/31 10:10:03 itojun Exp $	*/
 
 /*
@@ -79,8 +79,8 @@ extern int interface_status(struct ifinfo *);
 extern int lladdropt_length(struct sockaddr_dl *);
 extern void lladdropt_fill(struct sockaddr_dl *, struct nd_opt_hdr *);
 extern struct sockaddr_dl *if_nametosdl(char *);
-extern int getinet6sysctl(int);
-extern int setinet6sysctl(int, int);
+extern int getinet6sysctl(int, int);
+extern int setinet6sysctl(int, int, int);
 
 /* rtsol.c */
 extern int sockopen(void);