| Age | Commit message (Collapse) | Author |
|---|
|
Luckily routesock would never be <= 2 so shutdown would always failing
with EINVAL and not shutting down random other sockets.
The kernel was just uselessly piling up route messages that we were
never reading.
This mistake first showed up in slaacd(8) and then was copied to the
other daemons.
Reported & fixed by Josiah Frentsos (jfrent at tilde.team), thanks!
OK kn
|
|
When started manuall from single-user mode (/ still read-only), the current
error is misleading:
# slaacd -dv
slaacd: already running
The lock was specifically added to prevent multiple instances in the
installer, which discards the error message entirely anyway.
Retain the useful EAGAIN/"already running" message, but otherwise print the
real error reason:
# slaacd -dv
slaacd: /dev/slaacd.lock: Read-only file system
Feedback OK deraadt millert
|
|
This will happen when an address expires because the vltime drops to
zero. The kernel then deletes the address and slaacd tries to do so,
too. The correct fix is to track in slaacd that the kernel already
deleted the address for us, but that's too much work shortly before a
release so just hide the ugly warning for now, it's harmless.
Problem reported by semarie some time ago.
OK deraadt, benno
|
|
It is less cluttered, easier to reason about and fixes some bugs in
passing that would have been difficult in the old state machine.
Stale IPv6 addresses, default routes and nameservers are now correctly
removed when moving from one IPv6 enabled network to another IPv6
enabled network.
Default routes and nameservers correctly expire when they are not
refreshed and nameservers are updated when router advertisements
change the nameserver option.
Testing & input caspar@
Putting it in now to get wider testing and shake out bugs, discussed
with deraadt@ at r2k22.
|
|
we get a RTM_IFANNOUNCE message not a RTM_IFINFO message.
Handle this message to not accumulate "unknown" interfaces.
While here fix a bug where we would remove an interface only in the
engine process but not in the frontend when an interfaces gets
unplugged while we process a RTM_IFINFO message for it.
OK benno
|
|
configuring the same IP.
I forgot to fix slaacd after fixing the same problem in dhcpleased.
Pointed out by afresh1
|
|
Otherwise resolvd(8) will never learn nameservers and update
/etc/resolv.conf with IPv6 resolvers.
At the moment IPv6 only installations always prompt for nameservers
anyway, but that is its own bug and will be fixed soon.
This enables the upcoming fix to detect learned nameservers in the
first place.
Feedback OK florian
|
|
resolvd(8), slaacd(8) and dhcpleased(8) are different from other daemons
in that there must only be a single instance.
resolvd already does this, adjust slaacd and dhcpleased accordingly while
moving the lockfile paths under /dev/ such that they work early on boot and
don't run into races should /var be (un)mounted between daemon starts.
Locking is especially required in the installer where all three daemons are
started every time the "(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? "
prompt is entered, i.e. restarting installation or dropping into a shell
and back into the prompt again would start multiple instances.
To avoid expected lockfile error messages in between installer prompts,
discard standard error when starting the autoconf daemons; none of them
has other potential failure cases in installer mode before daemon(3)izing.
Input sthen deraadt
OK deraadt
|
|
the control socket instead of fatal().
OK deraadt
|
|
with "temporary".
|
|
This allows us to pass the link state over to engine here instead of
in update_addr which is not available in small.
This gets us more in line dhcpleased.
|
|
pointed out by deraadt
|
|
Follows claudio's lead in ospfd et al.
Problem reported by mortimer.
|
|
Problem reported by mortimer
|
|
find it again if and when we no longer need it. No object change.
|
|
cast in front of a strlcpy(3).
tb@ had pointed out that the use in rad(8) was not consistent.
I consider the void cast a useless annotation, either the strl*
functions must have the canonical trucation check or it must be
obvious that truncation cannot happen or is not a problem.
While at it remove a bunch more casts that snuck in over time.
|
|
Make setsockopt non-fatal in this case and just ignore the request.
Spotted in a diff by reyk for rad(8); discussed with claudio
|
|
Suggested by claudio and matthieu
Testing matthieu
Putting it in now to get enough testing before release so that there
is enough time to back it out, suggested by deraadt
|
|
This is the name the other BSDs use for this, there is no reason to
be different, the IPv6 RFCs call these addresses temporary, and some
software in ports wants to use this as well.
Most recently pointed out for firefox by landry.
OK claudio, sthen
|
|
slaacd and unwind start very early in the boot process and syslog is
not fully available yet so these messages tend to get lost.
But they are also not particularly useful.
Prompted by a report by Jason Mader on bugs@
OK deraadt, claudio, bluhm
Note that this code has been copied around to all our privsep daemons
and also lives in usr.sbin. Leave it alone there because multiple people
said they find it useful for those daemons.
|
|
That way, when slaacd gets started in a different rdomain with
route exec things just work, no need to provide an alternative
control socket.
Pointed out by claudio
Original diff by benno, but I like my bikeshed purple.
OK benno, claudio
|
|
sends router solicitations and receives router advertisements only
from interfaces that are in its own rdomain.
It also only sees interfaces arriving, or departing in its own
rdomain.
However, for the default route there is rdomain cross-talk because
slaacd configures the default route in the default rdomain (and
fails).
Make slaacd honour the rdomain it's running in as well.
OK denis, phessler, benno
|
|
ipv6 address, but was actually oversize (a large union). correct access
to the right subfield.
ok florian semarie
|
|
empty proposal with if_index 0.
It is possible that the set of autoconf interfaces changed between a
stop -> start transition and slaacd would never withdraw nameservers
for interfaces that had the autoconf flag previously but no longer
after the restart.
|
|
That way we no longer need to handle withdraws in unwind. A new
proposal from a daemon on an interface is always a replacement.
If nameservers expire or an interface goes away we sent an empty list
of nameservers.
pestering^Wprodding deraadt
|
|
different priorities for wired vs. wireless interfaces for us.
Gleaned from dhclient.
|
|
from router advertisements.
unwind(8) can solicit DNS proposals by sending an empty RTM_PROPOSAL
message with priority RTP_PROPOSAL_SOLICIT.
|
|
This never worked out and is getting in the way of DNS proposals which
are coming next.
No (intended) functional change.
Input & OK tohe
|
|
|
|
link-state change and no new router advertisement is obtained (in accordance
with RFC 6059).
This should improve IPv6 -> legacy-IP-only transitions, preventing
applications from believing IPv6 connectivity is available when it is
not, potentially resulting in long timeouts.
suggestion, input and OK florian@ phessler@
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().
ok tedu florian
|
|
mean we should no longer trust processes, so we call fatal(x). The
control socket is the exception, where we ignore rather than allow
crashes due to data from the outside.
suggestion/input and OK florian@
|
|
input and OK florian@
|
|
those signals, so remove unnecessary signal handling code.
pointed at and OK florian@
|
|
imsg.hdr.len to shorten and simplify code.
correction and OK florian@
|
|
where the "wrong" #define was used.
ok dlg@
|
|
otherwise the main process will keep sitting in the directory from
where slaacd was started which might for example prevent an unmount.
Problem first observed by dlg in ntpd(8).
Discussed with deraadt@
|
|
be shortened by 1.
OK florian@
|
|
On the other hand it is much more powerful to get rid of cpath; slaacd
has no filesystem access whatsoever.
Triggered by mestre@'s work to fix unlinking in other daemons and a
question from deraadt@
OK mestre
|
|
If a router advertisement message with the MTU option is received on an
interface slaacd will set the specified MTU on that interface.
Lots of help from florian@. Thank you!
OK florian@
|
|
leaves old ones behind. The IPv6 RFCs don't seem to offer guidance on
what to do in this case. (RFC 5220 discusses related issues, but not
exactly this.)
It seems a bit harsh to just delete old addresses - a naive
implementation can easily lead to flip-flopping between two prefixes.
Instead set the preferred lifetime to 0 for all addresses on an
interface when the link goes down, thus marking addresses as
deprecated but still usable. When the link comes back send a router
solicitation. If we are still on the old network and receive a router
advertisement the preferred lifetime will increase and the addresses
will no longer be deprecated.
If we moved to a new network we will get new router advertisements and
form new addresses. The old ones will stay deprecated and the address
selection algorithm will prefer new addresses.
Problem reported by many.
testing & OK phessler
|
|
We get notified when duplication is detected on the route socket. For
privacy addresses simply generate a new random address. If we have
soii enabled increase the dad counter on the prefix and generate a new
address. For eui64 addresses nothing can be done.
|
|
It was helpfull in the beginning to know which IMSG are flying around
but unusable (and unsused) since slaacd(8) is on the ramdisk.
|
|
family on the two socket() calls to open the routing socket, so that only
v6-related and af-unspecific messages are seen.
One of the sockets is only used for sending not receiving messages;
shutdown the receive side to avoid receiving messages as suggested by
claudio@.
slaacd is run by default (watching for interface changes to add the
"autoconf" flag), so has to process route messages even where IPv6
autoconf isn't used - these changes reduce CPU use on machines processing
large numbers of route updates (in particular full-table BGP routers).
ok florian@ claudio@ benno@
|
|
|
|
Problem pointed out & OK phessler
|
|
help us if we ever get rid of KAME hack.
|
|
over the place.
|
|
over execve(2).
|
