diff options
| -rw-r--r-- | distrib/miniroot/install.sh | 5 | ||||
| -rw-r--r-- | etc/examples/sysctl.conf | 3 | ||||
| -rw-r--r-- | etc/rc.conf | 3 | ||||
| -rw-r--r-- | lib/libc/gen/sysctl.3 | 10 | ||||
| -rw-r--r-- | sbin/sysctl/sysctl.8 | 5 | ||||
| -rw-r--r-- | sys/netinet/icmp6.h | 7 | ||||
| -rw-r--r-- | sys/netinet6/icmp6.c | 4 | ||||
| -rw-r--r-- | sys/netinet6/in6_proto.c | 3 | ||||
| -rw-r--r-- | usr.sbin/rtsold/rtsold.8 | 9 | ||||
| -rw-r--r-- | usr.sbin/rtsold/rtsold.c | 10 |
10 files changed, 19 insertions, 40 deletions
diff --git a/distrib/miniroot/install.sh b/distrib/miniroot/install.sh index bb8429f9cd0..8d126463ced 100644 --- a/distrib/miniroot/install.sh +++ b/distrib/miniroot/install.sh @@ -1,5 +1,5 @@ #!/bin/ksh -# $OpenBSD: install.sh,v 1.256 2014/08/10 16:32:28 rpe Exp $ +# $OpenBSD: install.sh,v 1.257 2014/08/27 14:04:15 florian Exp $ # $NetBSD: install.sh,v 1.5.2.8 1996/08/27 18:15:05 gwr Exp $ # # Copyright (c) 1997-2009 Todd Miller, Theo de Raadt, Ken Westerback @@ -309,8 +309,5 @@ fi print -r -- "$rootkey" >> /mnt/root/.ssh/authorized_keys ) -grep -qs '^rtsol' /mnt/etc/hostname.* && - echo 'net.inet6.icmp6.rediraccept=1 # 1=Accept IPv6 ICMP redirects (for hosts)' >>/mnt/etc/sysctl.conf - # Perform final steps common to both an install and an upgrade. finish_up diff --git a/etc/examples/sysctl.conf b/etc/examples/sysctl.conf index b01a20ce96a..581de99bc1f 100644 --- a/etc/examples/sysctl.conf +++ b/etc/examples/sysctl.conf @@ -1,4 +1,4 @@ -# $OpenBSD: sysctl.conf,v 1.2 2014/08/20 11:23:41 mikeb Exp $ +# $OpenBSD: sysctl.conf,v 1.3 2014/08/27 14:04:15 florian Exp $ # # This file contains a list of sysctl options the user wants set at # boot time. See sysctl(3) and sysctl(8) for more information on @@ -8,7 +8,6 @@ #net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets #net.inet.ip.multipath=1 # 1=Enable IP multipath routing #net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects -#net.inet6.icmp6.rediraccept=1 # 1=Accept IPv6 ICMP redirects (for hosts) #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets #net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets #net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing diff --git a/etc/rc.conf b/etc/rc.conf index 8a3806da333..c4af1a86b37 100644 --- a/etc/rc.conf +++ b/etc/rc.conf @@ -1,4 +1,4 @@ -# $OpenBSD: rc.conf,v 1.197 2014/08/26 19:33:48 robert Exp $ +# $OpenBSD: rc.conf,v 1.198 2014/08/27 14:04:15 florian Exp $ # DO NOT EDIT THIS FILE!! # @@ -40,7 +40,6 @@ route6d_flags=NO # for normal use: "" # be sure to set net.inet6.ip6.forwarding=1 rtsold_flags=NO # for normal use: interface # be sure to set net.inet6.ip6.forwarding=0 - # be sure to set net.inet6.icmp6.rediraccept=1 lpd_flags=NO # for normal use: "" (or "-l" for debugging) sensorsd_flags=NO # for normal use: "" hotplugd_flags=NO # for normal use: "" diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3 index eb226a7cbb3..9b181f1dc9d 100644 --- a/lib/libc/gen/sysctl.3 +++ b/lib/libc/gen/sysctl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.3,v 1.241 2014/08/20 11:23:41 mikeb Exp $ +.\" $OpenBSD: sysctl.3,v 1.242 2014/08/27 14:04:15 florian Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: August 20 2014 $ +.Dd $Mdocdate: August 27 2014 $ .Dt SYSCTL 3 .Os .Sh NAME @@ -1650,7 +1650,6 @@ The currently defined protocols and names are: .It icmp6 Ta nd6_mmaxtries Ta integer Ta yes .It icmp6 Ta nd6_prune Ta integer Ta yes .It icmp6 Ta nd6_umaxtries Ta integer Ta yes -.It icmp6 Ta rediraccept Ta integer Ta yes .It icmp6 Ta redirtimeout Ta integer Ta yes .It ip6 Ta auto_flowlabel Ta integer Ta yes .It ip6 Ta dad_count Ta integer Ta yes @@ -1741,11 +1740,6 @@ This variable specifies the constant in IPv6 neighbor discovery specification .Pq RFC 4861 . .Pp -.It Li icmp6.rediraccept -If set to non-zero, the host will accept ICMPv6 redirect packets. -Note that IPv6 routers will never accept ICMPv6 redirect packets, -so the variable is only meaningful on IPv6 hosts, not on routers. -.Pp .It Li icmp6.redirtimeout The variable specifies the lifetime of routing entries generated by incoming ICMPv6 redirects. diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 20f59696bd3..69a67762237 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.183 2014/08/20 11:23:41 mikeb Exp $ +.\" $OpenBSD: sysctl.8,v 1.184 2014/08/27 14:04:15 florian Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)sysctl.8 8.2 (Berkeley) 5/9/95 .\" -.Dd $Mdocdate: August 20 2014 $ +.Dd $Mdocdate: August 27 2014 $ .Dt SYSCTL 8 .Os .Sh NAME @@ -307,7 +307,6 @@ and a few require a kernel compiled with non-standard .It net.inet6.ip6.maxdynroutes Ta integer Ta yes .It net.inet6.ip6.dad_pending Ta integer Ta yes .It net.inet6.ip6.mtudisctimeout Ta integer Ta yes -.It net.inet6.icmp6.rediraccept Ta integer Ta yes .It net.inet6.icmp6.redirtimeout Ta integer Ta yes .It net.inet6.icmp6.nd6_prune Ta integer Ta yes .It net.inet6.icmp6.nd6_delay Ta integer Ta yes diff --git a/sys/netinet/icmp6.h b/sys/netinet/icmp6.h index 68c82666ad9..f67e2480c62 100644 --- a/sys/netinet/icmp6.h +++ b/sys/netinet/icmp6.h @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp6.h,v 1.40 2014/07/11 12:20:26 benno Exp $ */ +/* $OpenBSD: icmp6.h,v 1.41 2014/08/27 14:04:15 florian Exp $ */ /* $KAME: icmp6.h,v 1.84 2003/04/23 10:26:51 itojun Exp $ */ /* @@ -542,7 +542,7 @@ struct icmp6stat { #define ICMPV6CTL_NAMES { \ { 0, 0 }, \ { 0, 0 }, \ - { "rediraccept", CTLTYPE_INT }, \ + { 0, 0 }, \ { "redirtimeout", CTLTYPE_INT }, \ { 0, 0 }, \ { 0, 0 }, \ @@ -566,7 +566,7 @@ struct icmp6stat { #define ICMPV6CTL_VARS { \ NULL, \ NULL, \ - &icmp6_rediraccept, \ + NULL, \ &icmp6_redirtimeout, \ NULL, \ NULL, \ @@ -668,7 +668,6 @@ do { \ } \ } while (0) -extern int icmp6_rediraccept; /* accept/process redirects */ extern int icmp6_redirtimeout; /* cache time for redirect routes */ #endif /* _KERNEL */ diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 07b9a7beec7..c43857759d6 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp6.c,v 1.147 2014/07/22 11:06:10 mpi Exp $ */ +/* $OpenBSD: icmp6.c,v 1.148 2014/08/27 14:04:16 florian Exp $ */ /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ /* @@ -1386,7 +1386,7 @@ icmp6_redirect_input(struct mbuf *m, int off) /* XXX if we are router, we don't update route by icmp6 redirect */ if (ip6_forwarding) goto freeit; - if (!icmp6_rediraccept) + if (!(ifp->if_xflags & IFXF_AUTOCONF6)) goto freeit; IP6_EXTHDR_GET(nd_rd, struct nd_redirect *, m, off, icmp6len); diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 04e0a530b54..bb0387fa0e4 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_proto.c,v 1.74 2014/08/19 12:28:03 mpi Exp $ */ +/* $OpenBSD: in6_proto.c,v 1.75 2014/08/27 14:04:16 florian Exp $ */ /* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */ /* @@ -303,7 +303,6 @@ u_long rip6_sendspace = RIPV6SNDQ; u_long rip6_recvspace = RIPV6RCVQ; /* ICMPV6 parameters */ -int icmp6_rediraccept = 0; /* don't process redirects by default */ int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ int icmp6errppslim = 100; /* 100pps */ int ip6_mtudisc_timeout = IPMTUDISCTIMEOUT; diff --git a/usr.sbin/rtsold/rtsold.8 b/usr.sbin/rtsold/rtsold.8 index 41cbaecd884..0dd68bf83e8 100644 --- a/usr.sbin/rtsold/rtsold.8 +++ b/usr.sbin/rtsold/rtsold.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rtsold.8,v 1.32 2014/07/11 16:44:13 henning Exp $ +.\" $OpenBSD: rtsold.8,v 1.33 2014/08/27 14:04:16 florian Exp $ .\" $KAME: rtsold.8,v 1.17 2001/07/09 22:30:37 itojun Exp $ .\" .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: July 11 2014 $ +.Dd $Mdocdate: August 27 2014 $ .Dt RTSOLD 8 .Os .\" @@ -70,10 +70,7 @@ only. The .Va net.inet6.ip6.forwarding .Xr sysctl 8 -should be set to zero and the -.Va net.inet6.icmp6.rediraccept -.Xr sysctl 8 -should be set to a non-zero value +should be set to zero (see also the .Fl F option below). diff --git a/usr.sbin/rtsold/rtsold.c b/usr.sbin/rtsold/rtsold.c index 534bbb73d73..7ed8fca84d1 100644 --- a/usr.sbin/rtsold/rtsold.c +++ b/usr.sbin/rtsold/rtsold.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsold.c,v 1.52 2014/07/11 16:44:13 henning Exp $ */ +/* $OpenBSD: rtsold.c,v 1.53 2014/08/27 14:04:16 florian Exp $ */ /* $KAME: rtsold.c,v 1.75 2004/01/03 00:00:07 itojun Exp $ */ /* @@ -184,13 +184,9 @@ main(int argc, char *argv[]) } #endif - if (Fflag) { - setinet6sysctl(IPPROTO_ICMPV6, ICMPV6CTL_REDIRACCEPT, 1); + if (Fflag) setinet6sysctl(IPPROTO_IPV6, IPV6CTL_FORWARDING, 0); - } else { - /* warn if accepting redirects is off */ - if (!getinet6sysctl(IPPROTO_ICMPV6, ICMPV6CTL_REDIRACCEPT)) - warnx("kernel is configured not to accept redirects"); + else { /* warn if forwarding is up */ if (getinet6sysctl(IPPROTO_IPV6, IPV6CTL_FORWARDING)) warnx("kernel is configured as a router, not a host"); |