| Age | Commit message (Collapse) | Author |
|---|
|
Otherwise we just end up with an ugly "Can't assign requested address"
error from sendmsg(2).
OK phessler
|
|
Form an IPv6 address even if the router announcing the prefix isn't a
default router.
Problem reported by mgraves AT brainfat.net on misc
OK denis
|
|
|
|
macro-build a replacement for sccsid, and was done without any concern
for namespace damage. Unfortunately this practice started infecting
other code as others were unaware they didn't need the file.
ok millert guenther
|
|
When we get a route message, for example an address being added
(RTM_NEWADDR, but the problem exists with most of the route messages)
and the interface gets unplugged at just the right moment
if_nametoindex(3) will return NULL. We will pass NULL through
update_iface() to get_xflags() which will then crash because we
dereference the NULL pointer there.
OK kn
|
|
consistently. This makes the next diff easier, also consistency is
good.
OK kn
|
|
we get a RTM_IFANNOUNCE message not a RTM_IFINFO message.
Handle this message to not accumulate "unknown" interfaces.
While here fix a bug where we would remove an interface only in the
engine process but not in the frontend when an interfaces gets
unplugged while we process a RTM_IFINFO message for it.
OK benno
|
|
configuring the same IP.
I forgot to fix slaacd after fixing the same problem in dhcpleased.
Pointed out by afresh1
|
|
Otherwise resolvd(8) will never learn nameservers and update
/etc/resolv.conf with IPv6 resolvers.
At the moment IPv6 only installations always prompt for nameservers
anyway, but that is its own bug and will be fixed soon.
This enables the upcoming fix to detect learned nameservers in the
first place.
Feedback OK florian
|
|
resolvd(8), slaacd(8) and dhcpleased(8) are different from other daemons
in that there must only be a single instance.
resolvd already does this, adjust slaacd and dhcpleased accordingly while
moving the lockfile paths under /dev/ such that they work early on boot and
don't run into races should /var be (un)mounted between daemon starts.
Locking is especially required in the installer where all three daemons are
started every time the "(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? "
prompt is entered, i.e. restarting installation or dropping into a shell
and back into the prompt again would start multiple instances.
To avoid expected lockfile error messages in between installer prompts,
discard standard error when starting the autoconf daemons; none of them
has other potential failure cases in installer mode before daemon(3)izing.
Input sthen deraadt
OK deraadt
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
the control socket instead of fatal().
OK deraadt
|
|
switching from chroot("/var/empty") to unveil("/", "").
This is just an extra pair of suspenders since these processes
pledge(2) to not access the filesystem.
OK deraadt
|
|
with "temporary".
|
|
deprecates a prefix by sending a pltime of 0, this is normal.
Continue warning when the pltime is smaller than 5 as this is almost
certainly a configuration error.
Found the hard way by & OK otto.
|
|
Track autoconf and temporary flag individually to be able to support
this.
OK kn
|
|
distrib/special/slaccd is the actual SMALL user but having it build from here
is useful, too; in fact, it showed some more unused variables under SMALL.
OK florian
|
|
"privacy extensions" to "temporary address extensions"
Change ifconfig(8) to output temporary after temporary addresses and
add "temporary" option which is an alias for autoconfprivacy for now.
Also make AUTOCONF6TEMP a positiv flag that is set by default.
Previously the negative flag "INET6_NOPRIVACY" was set when privacy
addresses were disabled. This makes the flags output less ugly and
will allow us to disable autoconf addresses while having temporary
addresses enabled in the future.
More work is needed in slaacd.
input benno, jmc, deraadt
previous verison OK benno
OK jmc, kn
|
|
Problem reported by deraadt some time ago.
|
|
This allows us to pass the link state over to engine here instead of
in update_addr which is not available in small.
This gets us more in line dhcpleased.
|
|
already in the interface on the engine side.
|
|
|
|
This was too much code in the imsg handler.
|
|
The desync factor is now tracked per temporary IP and the max value
has been increased to about 9 hours.
While here fix a bug where the minimum acceptable pltime in a router
advertisement should be bigger than PRIV_REGEN_ADVANCE not the desync
factor (which didn't make any sense at all).
From Fernando Gont, thanks!
OK sthen
|
|
|
|
ok florian@
|
|
pointed out by deraadt
|
|
ok florian@
|
|
Follows claudio's lead in ospfd et al.
Problem reported by mortimer.
|
|
elsewhere and unbreaks -fno-common.
Inspired by claudio
Problem reported by mortimer
|
|
Problem reported by mortimer
|
|
find it again if and when we no longer need it. No object change.
|
|
We only want to recover the scope id if it hasn't already been
recovered.
But we want to always copy the link-local address.
|
|
initialized. If it is set assume the scope was already recovered.
OK bluhm, claudio
|
|
before accessing anything in ifa_addr. florian@ mentioned this might
be a problem in slaacd(8) and rad(8) after claudio@ fixed it in bgpd,
so i went looking...
|
|
cast in front of a strlcpy(3).
tb@ had pointed out that the use in rad(8) was not consistent.
I consider the void cast a useless annotation, either the strl*
functions must have the canonical trucation check or it must be
obvious that truncation cannot happen or is not a problem.
While at it remove a bunch more casts that snuck in over time.
|
|
otherwise we are referencing the wrong one when the rdomain changes.
Sorry for not spotting it earlier.
|
|
code gets copied around; ok florian@
|
|
waited for a FD. It's not a fatal condition if it arrives late.
OK tb
|
|
OK tb
|
|
To avoide code duplication have get_icmp6ev_by_rdomain() either
return an existing icmp6ev in the correct rdomain or allocate one.
OK tb
|
|
lifetime. Use this information to renew pltime / vltime of privacy
addresses for up to 1 day / 2 days as RFC 4941.
This is important when announced pltime / vltime is lower than 1 day /
2 days, privacy addresses would have expired too fast.
Spotted after a remark by Fernando Gont on misc@
|
|
if we are using Semantically Opaque Interface Identifiers (soii)
otherwise we would just create the same address again and DAD will
fail again.
|
|
There is probably nothing wrong with calculating a new random value
everytime we create an address, but we are also not gaining anything.
Makes math in upcomming diffs easier.
|
|
(netinet6/nd6.h) we can remove the ND6 prefix.
While here use a MAX_DESYNC_FACTOR of 10 minutes as the RFC specifies.
We are using arc4random_uniform which avoids modulo bias.
|
|
going to renew them. Avoids redundant check for privacy addresses.
|
|
|
|
|
|
|
|
filters in userland. But the packet type check was placed at the
wrong place so the hoplimit check was done against every icmpv6 packet
but no all of them have a hoplimit constraint.
tested and ok by me, committed on behalf of florian@
|
