| Age | Commit message (Collapse) | Author |
|---|
|
addresses about every 10 - 30 seconds. Reduce log level to debug to
stop the syslog spam.
OK reyk
|
|
descriptor keeps CLOEXEC flag then it will be closed unexpectedly by
exec().
ok tedu florian
|
|
OK pamela
|
|
mean we should no longer trust processes, so we call fatal(x). The
control socket is the exception, where we ignore rather than allow
crashes due to data from the outside.
suggestion/input and OK florian@
|
|
input and OK florian@
|
|
going on so use log_warnx to not print a useless 2nd error message.
OK pamela
|
|
those signals, so remove unnecessary signal handling code.
pointed at and OK florian@
|
|
imsg.hdr.len to shorten and simplify code.
correction and OK florian@
|
|
|
|
where the "wrong" #define was used.
ok dlg@
|
|
otherwise the main process will keep sitting in the directory from
where slaacd was started which might for example prevent an unmount.
Problem first observed by dlg in ntpd(8).
Discussed with deraadt@
|
|
be shortened by 1.
OK florian@
|
|
On the other hand it is much more powerful to get rid of cpath; slaacd
has no filesystem access whatsoever.
Triggered by mestre@'s work to fix unlinking in other daemons and a
question from deraadt@
OK mestre
|
|
slaacctl(8).
OK florian@
|
|
If a router advertisement message with the MTU option is received on an
interface slaacd will set the specified MTU on that interface.
Lots of help from florian@. Thank you!
OK florian@
|
|
leaves old ones behind. The IPv6 RFCs don't seem to offer guidance on
what to do in this case. (RFC 5220 discusses related issues, but not
exactly this.)
It seems a bit harsh to just delete old addresses - a naive
implementation can easily lead to flip-flopping between two prefixes.
Instead set the preferred lifetime to 0 for all addresses on an
interface when the link goes down, thus marking addresses as
deprecated but still usable. When the link comes back send a router
solicitation. If we are still on the old network and receive a router
advertisement the preferred lifetime will increase and the addresses
will no longer be deprecated.
If we moved to a new network we will get new router advertisements and
form new addresses. The old ones will stay deprecated and the address
selection algorithm will prefer new addresses.
Problem reported by many.
testing & OK phessler
|
|
OK deraadt, phessler, jmc
|
|
We get notified when duplication is detected on the route socket. For
privacy addresses simply generate a new random address. If we have
soii enabled increase the dad counter on the prefix and generate a new
address. For eui64 addresses nothing can be done.
|
|
It was helpfull in the beginning to know which IMSG are flying around
but unusable (and unsused) since slaacd(8) is on the ramdisk.
|
|
family on the two socket() calls to open the routing socket, so that only
v6-related and af-unspecific messages are seen.
One of the sockets is only used for sending not receiving messages;
shutdown the receive side to avoid receiving messages as suggested by
claudio@.
slaacd is run by default (watching for interface changes to add the
"autoconf" flag), so has to process route messages even where IPv6
autoconf isn't used - these changes reduce CPU use on machines processing
large numbers of route updates (in particular full-table BGP routers).
ok florian@ claudio@ benno@
|
|
the compiler is probably better at unrolling loops.
style nit fcambus
OK phessler
|
|
|
|
|
|
From brad@, OK jmc
|
|
an AF_UNIX socket (the control socket) so replace inet with
unix pledge.
|
|
|
|
|
|
|
|
|
|
Problem pointed out & OK phessler
|
|
help us if we ever get rid of KAME hack.
|
|
over the place.
|
|
over execve(2).
|
|
|
|
processes have the wrong process title leading to confusion.
|
|
|
|
|
|
|
|
that we can drop the sendfd pledge.
|
|
|
|
to solicit a router advertisment shortly before their pltime runs out
so that we generate a new one.
Reported by naddy@.
OK benno@
|
|
| The Interface Identifier is finally obtained by taking as many
| bits from the RID value (computed in the previous step) as
| necessary, starting from the least significant bit.
Copy bits from the end of the digest array, not from the beginning.
While here initialize iid.
Problem that IPv6 addresses change while they should not pointed out
by semarie@.
OK sthen, phessler
|
|
acknowledged as a failure. At the same time IPv4 classes were declared a
failure, IPv6 decided to add them back because using a mac address for
IP address configuration was easy.
Now that we have RFC7217 support we can remove this artificial limitation:
allow non-/64 prefixes to be configured by SLAAC.
Of course, if you have fewer bits for the hosts part of the address you
have fewer bits for privacy and fewer bits to avoid collisions.
OK florian@
|
|
IPv6 unicast interface identifiers are derived from IEEE link-layer
addresses. In all other cases the interface identifier should be
treated as an opaque value.
Accordingly stop fiddling with the bits for privacy addresses.
While here initialize the whole priv_in6 struct with random data,
currently no functional change but reduces amount of magic numbers,
pointed out by phessler as part of a larger diff.
OK phessler, sthen
|
|
ok benno@
|
|
solve that. Prevents bus error on armv7. ok naddy@ florian@
|
|
OK naddy, sthen
|
|
|
|
Needed for future work where we will spin up children via
fork - privdrop - exec. Child processes will no longer come
up with root privileges.
|
|
something is seriously wrong.
|
