diff options
Diffstat (limited to 'sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-nd6-6.patch')
| -rw-r--r-- | sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-nd6-6.patch | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-nd6-6.patch b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-nd6-6.patch new file mode 100644 index 000000000000..dc32f71064f2 --- /dev/null +++ b/sys-freebsd/freebsd-sources/files/freebsd-sources-6.2-nd6-6.patch @@ -0,0 +1,86 @@ +Index: sys/netinet6/in6.h +=================================================================== +RCS file: /home/ncvs/src/sys/netinet6/in6.h,v +retrieving revision 1.36.2.9 +diff -u -p -r1.36.2.9 in6.h +--- sys/netinet6/in6.h 1 Sep 2008 22:57:56 -0000 1.36.2.9 ++++ sys/netinet6/in6.h 28 Sep 2008 21:27:09 -0000 +@@ -575,7 +575,8 @@ struct ip6_mtuinfo { + /* to define items, should talk with KAME guys first, for *BSD compatibility */ + #define IPV6CTL_STEALTH 45 + #define IPV6CTL_RTHDR0_ALLOWED 46 +-#define IPV6CTL_MAXID 47 ++#define ICMPV6CTL_ND6_ONLINKNSRFC4861 47 ++#define IPV6CTL_MAXID 48 + #endif /* __BSD_VISIBLE */ + + /* +Index: sys/netinet6/in6_proto.c +=================================================================== +RCS file: /home/ncvs/src/sys/netinet6/in6_proto.c,v +retrieving revision 1.32.2.9 +diff -u -p -r1.32.2.9 in6_proto.c +--- sys/netinet6/in6_proto.c 1 Sep 2008 22:57:56 -0000 1.32.2.9 ++++ sys/netinet6/in6_proto.c 28 Sep 2008 21:26:24 -0000 +@@ -354,6 +354,7 @@ DOMAIN_SET(inet6); + #ifndef IPV6_SENDREDIRECTS + #define IPV6_SENDREDIRECTS 1 + #endif ++int nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */ + + int ip6_forwarding = IPV6FORWARDING; /* act as router? */ + int ip6_sendredirects = IPV6_SENDREDIRECTS; +@@ -553,3 +554,6 @@ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_N + nd6_maxnudhint, CTLFLAG_RW, &nd6_maxnudhint, 0, ""); + SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, + nd6_debug, CTLFLAG_RW, &nd6_debug, 0, ""); ++SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, ++ nd6_onlink_ns_rfc4861, CTLFLAG_RW, &nd6_onlink_ns_rfc4861, 0, ++ "Accept 'on-link' nd6 NS in compliance with RFC 4861."); +Index: sys/netinet6/nd6.h +=================================================================== +RCS file: /home/ncvs/src/sys/netinet6/nd6.h,v +retrieving revision 1.19.2.3 +diff -u -p -r1.19.2.3 nd6.h +--- sys/netinet6/nd6.h 1 Sep 2008 22:57:56 -0000 1.19.2.3 ++++ sys/netinet6/nd6.h 28 Sep 2008 21:26:24 -0000 +@@ -339,6 +339,7 @@ extern struct llinfo_nd6 llinfo_nd6; + extern struct nd_drhead nd_defrouter; + extern struct nd_prhead nd_prefix; + extern int nd6_debug; ++extern int nd6_onlink_ns_rfc4861; + + #define nd6log(x) do { if (nd6_debug) log x; } while (/*CONSTCOND*/ 0) + +Index: sys/netinet6/nd6_nbr.c +=================================================================== +RCS file: /home/ncvs/src/sys/netinet6/nd6_nbr.c,v +retrieving revision 1.29.2.10 +diff -u -p -r1.29.2.10 nd6_nbr.c +--- sys/netinet6/nd6_nbr.c 1 Sep 2008 22:57:56 -0000 1.29.2.10 ++++ sys/netinet6/nd6_nbr.c 28 Sep 2008 21:26:24 -0000 +@@ -148,6 +148,24 @@ nd6_ns_input(m, off, icmp6len) + "(wrong ip6 dst)\n")); + goto bad; + } ++ } else if (!nd6_onlink_ns_rfc4861) { ++ struct sockaddr_in6 src_sa6; ++ ++ /* ++ * According to recent IETF discussions, it is not a good idea ++ * to accept a NS from an address which would not be deemed ++ * to be a neighbor otherwise. This point is expected to be ++ * clarified in future revisions of the specification. ++ */ ++ bzero(&src_sa6, sizeof(src_sa6)); ++ src_sa6.sin6_family = AF_INET6; ++ src_sa6.sin6_len = sizeof(src_sa6); ++ src_sa6.sin6_addr = saddr6; ++ if (!nd6_is_addr_neighbor(&src_sa6, ifp)) { ++ nd6log((LOG_INFO, "nd6_ns_input: " ++ "NS packet from non-neighbor\n")); ++ goto bad; ++ } + } + + if (IN6_IS_ADDR_MULTICAST(&taddr6)) { |