![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / slaacd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.89 / (download) - annotate - [select for diffs], Sun Apr 21 17:33:05 2024 UTC (5 weeks, 6 days ago) by florian
Branch: MAIN
CVS Tags: HEAD
Changes since 1.88: +2 -1 lines
Diff to previous 1.88 (colored)
Pass advertising router to the kernel. We are using the ifra_dstaddr for this because it will always be unused with autoconf addresses since they can't be used on P2P links. OK bluhm
Revision 1.88 / (download) - annotate - [select for diffs], Sun Feb 11 21:29:12 2024 UTC (3 months, 2 weeks ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.87: +1 -2 lines
Diff to previous 1.87 (colored)
Remove needless includes of netinet6/ip6_var.h header in userland. OK millert@
Revision 1.87 / (download) - annotate - [select for diffs], Sat Feb 3 18:30:17 2024 UTC (3 months, 3 weeks ago) by florian
Branch: MAIN
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored)
Stop spamming syslog when the network does something silly. From Stefan R. Filipek, thanks!
Revision 1.86 / (download) - annotate - [select for diffs], Thu Dec 14 09:58:59 2023 UTC (5 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
Use imsg_get_fd() to access the fd passed with the imsg. Go ahead florian@ OK tb@
Revision 1.85 / (download) - annotate - [select for diffs], Sun Apr 30 13:08:40 2023 UTC (13 months ago) by phessler
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.84: +3 -12 lines
Diff to previous 1.84 (colored)
Remove artifical limit of 2 hours on a PIO lifetime, as recommended by draft-ietf-6man-slaac-renum-05 and implemented by Linux in 2020. OK florian@
Revision 1.84 / (download) - annotate - [select for diffs], Fri Aug 26 00:02:08 2022 UTC (21 months, 1 week ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.83: +3 -1 lines
Diff to previous 1.83 (colored)
Move (unused) functions under !SMALL if_state_name() and proposal_state_name() are only uesd in log_debug() calls which are NOOPs in SMALL builds. Seen with -Wunused-function warnings in distrib/special/slaacd. OK deraadt
Revision 1.83 / (download) - annotate - [select for diffs], Sat Jul 23 16:16:25 2022 UTC (22 months, 1 week ago) by florian
Branch: MAIN
Changes since 1.82: +15 -1 lines
Diff to previous 1.82 (colored)
Delete autoconf or temporary address if flag is removed. OK kn
Revision 1.82 / (download) - annotate - [select for diffs], Sat Jul 23 09:00:10 2022 UTC (22 months, 1 week ago) by florian
Branch: MAIN
Changes since 1.81: +3 -1 lines
Diff to previous 1.81 (colored)
Delete addresses when interface is no longer autoconf. This brings it in line with dhcpleased(8) as well as what we do for the default route and DNS proposals. I missed this when I rewrote the state machine to match dhcpleased(8).
Revision 1.81 / (download) - annotate - [select for diffs], Tue Jul 12 16:54:59 2022 UTC (22 months, 3 weeks ago) by florian
Branch: MAIN
Changes since 1.80: +574 -418 lines
Diff to previous 1.80 (colored)
Rewrite state machine in the style of dhcpleased(8). It is less cluttered, easier to reason about and fixes some bugs in passing that would have been difficult in the old state machine. Stale IPv6 addresses, default routes and nameservers are now correctly removed when moving from one IPv6 enabled network to another IPv6 enabled network. Default routes and nameservers correctly expire when they are not refreshed and nameservers are updated when router advertisements change the nameserver option. Testing & input caspar@ Putting it in now to get wider testing and shake out bugs, discussed with deraadt@ at r2k22.
Revision 1.80 / (download) - annotate - [select for diffs], Tue Jun 28 13:35:42 2022 UTC (23 months ago) by florian
Branch: MAIN
Changes since 1.79: +1 -2 lines
Diff to previous 1.79 (colored)
unbreak build; found the hard way by stsp
Revision 1.79 / (download) - annotate - [select for diffs], Tue Jun 28 09:21:58 2022 UTC (23 months ago) by florian
Branch: MAIN
Changes since 1.78: +1 -13 lines
Diff to previous 1.78 (colored)
gc timeout_count, it's unused and I don't remember what I wanted to use it for.
Revision 1.78 / (download) - annotate - [select for diffs], Sun Jun 26 16:01:39 2022 UTC (23 months ago) by florian
Branch: MAIN
Changes since 1.77: +1 -3 lines
Diff to previous 1.77 (colored)
remove outdated comment
Revision 1.71.2.2 / (download) - annotate - [select for diffs], Mon Mar 21 16:41:17 2022 UTC (2 years, 2 months ago) by bluhm
Branch: OPENBSD_6_9
Changes since 1.71.2.1: +2 -125 lines
Diff to previous 1.71.2.1 (colored) to branchpoint 1.71 (colored) next main 1.72 (colored)
Prevent crash of unprivileged engine process (pledged stdio). The length field of a DNS label in the DNS search list option is an 8 bit unsigned value. parse_dnssl() treats the search list option as an array of char, which are signed on most archs. When we read this value into an int variable it gets sign extended, allowing it to bypass sanity checks and eventually we pass it as the length to memcpy which treats it as a huge unsigned value leading to a heap overflow. An easy fix would be change the signature of parse_dnssl to parse_dnssl(uint8_t* data, int datalen). However, the DNS search list option is unused and the function fails to check if the parsed value is a valid domain name. The function is also getting in the way of future work so it's best to just delete it. The problem was found and reported by qualys, thanks! from florian@; OK bluhm@ this is errata/6.9/033_slaacd.patch.sig
Revision 1.74.2.2 / (download) - annotate - [select for diffs], Mon Mar 21 16:39:56 2022 UTC (2 years, 2 months ago) by bluhm
Branch: OPENBSD_7_0
Changes since 1.74.2.1: +2 -125 lines
Diff to previous 1.74.2.1 (colored) to branchpoint 1.74 (colored) next main 1.75 (colored)
Prevent crash of unprivileged engine process (pledged stdio). The length field of a DNS label in the DNS search list option is an 8 bit unsigned value. parse_dnssl() treats the search list option as an array of char, which are signed on most archs. When we read this value into an int variable it gets sign extended, allowing it to bypass sanity checks and eventually we pass it as the length to memcpy which treats it as a huge unsigned value leading to a heap overflow. An easy fix would be change the signature of parse_dnssl to parse_dnssl(uint8_t* data, int datalen). However, the DNS search list option is unused and the function fails to check if the parsed value is a valid domain name. The function is also getting in the way of future work so it's best to just delete it. The problem was found and reported by qualys, thanks! from florian@; OK bluhm@ this is errata/7.0/017_slaacd.patch.sig
Revision 1.77 / (download) - annotate - [select for diffs], Mon Mar 21 16:25:47 2022 UTC (2 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.76: +2 -125 lines
Diff to previous 1.76 (colored)
Prevent crash of unprivileged engine process (pledged stdio). The length field of a DNS label in the DNS search list option is an 8 bit unsigned value. parse_dnssl() treats the search list option as an array of char, which are signed on most archs. When we read this value into an int variable it gets sign extended, allowing it to bypass sanity checks and eventually we pass it as the length to memcpy which treats it as a huge unsigned value leading to a heap overflow. An easy fix would be change the signature of parse_dnssl to parse_dnssl(uint8_t* data, int datalen). However, the DNS search list option is unused and the function fails to check if the parsed value is a valid domain name. The function is also getting in the way of future work so it's best to just delete it. The problem was found and reported by qualys, thanks! OK bluhm
Revision 1.71.2.1 / (download) - annotate - [select for diffs], Mon Feb 21 17:44:41 2022 UTC (2 years, 3 months ago) by bluhm
Branch: OPENBSD_6_9
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored)
Nameservers in router advertisements are struct in6_addr, not struct sockaddr_in6. Copy the right amount of data so that we don't overflow the destination and potentially crash when we receive more than 7 nameservers. from florian@; OK deraadt@ this is errata/6.9/030_slaacd.patch.sig
Revision 1.74.2.1 / (download) - annotate - [select for diffs], Mon Feb 21 17:43:54 2022 UTC (2 years, 3 months ago) by bluhm
Branch: OPENBSD_7_0
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored)
Nameservers in router advertisements are struct in6_addr, not struct sockaddr_in6. Copy the right amount of data so that we don't overflow the destination and potentially crash when we receive more than 7 nameservers. from florian@; OK deraadt@ this is errata/7.0/014_slaacd.patch.sig
Revision 1.76 / (download) - annotate - [select for diffs], Sun Feb 20 19:18:16 2022 UTC (2 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.75: +2 -2 lines
Diff to previous 1.75 (colored)
Nameservers in router advertisements are struct in6_addr, not struct sockaddr_in6. Copy the right amount of data so that we don't overflow the destination and potentially crash when we receive more than 7 nameservers. This is going to be 7.0 errata 014. OK deraadt
Revision 1.75 / (download) - annotate - [select for diffs], Mon Jan 3 16:42:17 2022 UTC (2 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.74: +8 -9 lines
Diff to previous 1.74 (colored)
Prefix life time is independent from router life time. Form an IPv6 address even if the router announcing the prefix isn't a default router. Problem reported by mgraves AT brainfat.net on misc OK denis
Revision 1.74 / (download) - annotate - [select for diffs], Thu Jul 22 15:32:51 2021 UTC (2 years, 10 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE
Branch point for: OPENBSD_7_0
Changes since 1.73: +4 -34 lines
Diff to previous 1.73 (colored)
Send rDNS proposals on ramdisks Otherwise resolvd(8) will never learn nameservers and update /etc/resolv.conf with IPv6 resolvers. At the moment IPv6 only installations always prompt for nameservers anyway, but that is its own bug and will be fixed soon. This enables the upcoming fix to detect learned nameservers in the first place. Feedback OK florian
Revision 1.73 / (download) - annotate - [select for diffs], Mon Jul 12 15:09:19 2021 UTC (2 years, 10 months ago) by beck
Branch: MAIN
Changes since 1.72: +3 -3 lines
Diff to previous 1.72 (colored)
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
Revision 1.72 / (download) - annotate - [select for diffs], Sat May 1 11:53:06 2021 UTC (3 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.71: +6 -3 lines
Diff to previous 1.71 (colored)
Allow running in single user mode where /var/empty doesn't exist by
switching from chroot("/var/empty") to unveil("/", "").
This is just an extra pair of suspenders since these processes
pledge(2) to not access the filesystem.
OK deraadt
Revision 1.71 / (download) - annotate - [select for diffs], Sun Mar 21 18:25:24 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE
Branch point for: OPENBSD_6_9
Changes since 1.70: +30 -29 lines
Diff to previous 1.70 (colored)
Use new terminology of RFC 8981 and (mechanically) replace "privacy" with "temporary".
Revision 1.70 / (download) - annotate - [select for diffs], Sun Mar 21 13:59:22 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.69: +6 -5 lines
Diff to previous 1.69 (colored)
Don't warn that we can't form a temporary address when a router deprecates a prefix by sending a pltime of 0, this is normal. Continue warning when the pltime is smaller than 5 as this is almost certainly a configuration error. Found the hard way by & OK otto.
Revision 1.69 / (download) - annotate - [select for diffs], Sat Mar 20 17:07:49 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.68: +12 -3 lines
Diff to previous 1.68 (colored)
RFC 8981 allows the configuration of only temporary IPv6 addresses. Track autoconf and temporary flag individually to be able to support this. OK kn
Revision 1.68 / (download) - annotate - [select for diffs], Sat Mar 20 16:46:03 2021 UTC (3 years, 2 months ago) by kn
Branch: MAIN
Changes since 1.67: +4 -2 lines
Diff to previous 1.67 (colored)
Fix SMALL build when done from sbin/slaacd distrib/special/slaccd is the actual SMALL user but having it build from here is useful, too; in fact, it showed some more unused variables under SMALL. OK florian
Revision 1.67 / (download) - annotate - [select for diffs], Sun Mar 7 10:31:57 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.66: +17 -1 lines
Diff to previous 1.66 (colored)
Withdraw nameservers when the interface goes down. Problem reported by deraadt some time ago.
Revision 1.66 / (download) - annotate - [select for diffs], Sun Mar 7 10:31:20 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.65: +10 -24 lines
Diff to previous 1.65 (colored)
Fold get_lladdr into update_iface, now the only caller. This allows us to pass the link state over to engine here instead of in update_addr which is not available in small. This gets us more in line dhcpleased.
Revision 1.65 / (download) - annotate - [select for diffs], Sun Mar 7 10:30:13 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.64: +2 -3 lines
Diff to previous 1.64 (colored)
No need to pass the link local and hw address around, we have it already in the interface on the engine side.
Revision 1.64 / (download) - annotate - [select for diffs], Sun Mar 7 10:29:12 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.63: +22 -17 lines
Diff to previous 1.63 (colored)
reshuffle to bring more in line with dhcpleased
Revision 1.63 / (download) - annotate - [select for diffs], Sun Mar 7 10:28:44 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.62: +75 -82 lines
Diff to previous 1.62 (colored)
Introduce engine_update_if(). This was too much code in the imsg handler.
Revision 1.62 / (download) - annotate - [select for diffs], Sat Mar 6 19:02:53 2021 UTC (3 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.61: +23 -15 lines
Diff to previous 1.61 (colored)
Implement last remaining bits to update from RFC 4941 to RFC 8981. The desync factor is now tracked per temporary IP and the max value has been increased to about 9 hours. While here fix a bug where the minimum acceptable pltime in a router advertisement should be bigger than PRIV_REGEN_ADVANCE not the desync factor (which didn't make any sense at all). From Fernando Gont, thanks! OK sthen
Revision 1.61 / (download) - annotate - [select for diffs], Tue Mar 2 17:17:15 2021 UTC (3 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.60: +36 -40 lines
Diff to previous 1.60 (colored)
Fix indentation of switch / case. No binary change.
Revision 1.60 / (download) - annotate - [select for diffs], Fri Feb 26 02:28:50 2021 UTC (3 years, 3 months ago) by jsg
Branch: MAIN
Changes since 1.59: +1 -46 lines
Diff to previous 1.59 (colored)
remove some unused functions in slaacd ok florian@
Revision 1.59 / (download) - annotate - [select for diffs], Tue Jan 19 16:49:56 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.58: +3 -3 lines
Diff to previous 1.58 (colored)
Make imsg event structs static to fix -fno-common. Follows claudio's lead in ospfd et al. Problem reported by mortimer.
Revision 1.58 / (download) - annotate - [select for diffs], Tue Jan 19 16:48:20 2021 UTC (3 years, 4 months ago) by florian
Branch: MAIN
Changes since 1.57: +3 -4 lines
Diff to previous 1.57 (colored)
No need for a global slaacd_process; unbreaks -fno-common. Problem reported by mortimer
Revision 1.57 / (download) - annotate - [select for diffs], Fri Oct 30 18:30:26 2020 UTC (3 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.56: +44 -35 lines
Diff to previous 1.56 (colored)
Track creation time of address proposals to be able to establish total lifetime. Use this information to renew pltime / vltime of privacy addresses for up to 1 day / 2 days as RFC 4941. This is important when announced pltime / vltime is lower than 1 day / 2 days, privacy addresses would have expired too fast. Spotted after a remark by Fernando Gont on misc@
Revision 1.56 / (download) - annotate - [select for diffs], Fri Oct 30 18:29:13 2020 UTC (3 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.55: +3 -4 lines
Diff to previous 1.55 (colored)
If Duplicate Address Detection (DAD) fails only generate a new address if we are using Semantically Opaque Interface Identifiers (soii) otherwise we would just create the same address again and DAD will fail again.
Revision 1.55 / (download) - annotate - [select for diffs], Fri Oct 30 18:28:38 2020 UTC (3 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.54: +9 -5 lines
Diff to previous 1.54 (colored)
Follow RFC 4941 and calculate the desync_factor at startup. There is probably nothing wrong with calculating a new random value everytime we create an address, but we are also not gaining anything. Makes math in upcomming diffs easier.
Revision 1.54 / (download) - annotate - [select for diffs], Fri Oct 30 18:27:39 2020 UTC (3 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.53: +11 -11 lines
Diff to previous 1.53 (colored)
Since the RFC 4941 constants are no longer in a public header (netinet6/nd6.h) we can remove the ND6 prefix. While here use a MAX_DESYNC_FACTOR of 10 minutes as the RFC specifies. We are using arc4random_uniform which avoids modulo bias.
Revision 1.53 / (download) - annotate - [select for diffs], Fri Oct 30 18:26:24 2020 UTC (3 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.52: +7 -8 lines
Diff to previous 1.52 (colored)
Pull check for duplicate address up to skip them early, we are not going to renew them. Avoids redundant check for privacy addresses.
Revision 1.52 / (download) - annotate - [select for diffs], Fri Oct 30 18:25:54 2020 UTC (3 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.51: +115 -131 lines
Diff to previous 1.51 (colored)
update_iface_ra does too much, move prefix handling into function.
Revision 1.51 / (download) - annotate - [select for diffs], Fri Oct 30 18:25:29 2020 UTC (3 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.50: +52 -43 lines
Diff to previous 1.50 (colored)
update_iface_ra does too much, move dfr handling into function.
Revision 1.50 / (download) - annotate - [select for diffs], Fri Oct 30 18:25:06 2020 UTC (3 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.49: +47 -35 lines
Diff to previous 1.49 (colored)
update_iface_ra does too much, move rdns handling into function.
Revision 1.49 / (download) - annotate - [select for diffs], Mon Sep 14 09:07:05 2020 UTC (3 years, 8 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.48: +31 -17 lines
Diff to previous 1.48 (colored)
Let slaacd handle all rdomains in a single daemon. Suggested by claudio and matthieu Testing matthieu Putting it in now to get enough testing before release so that there is enough time to back it out, suggested by deraadt
Revision 1.48 / (download) - annotate - [select for diffs], Sat Mar 28 16:15:45 2020 UTC (4 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.47: +6 -1 lines
Diff to previous 1.47 (colored)
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
Revision 1.47 / (download) - annotate - [select for diffs], Fri Nov 22 15:30:00 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.46: +27 -35 lines
Diff to previous 1.46 (colored)
Merge DNS proposals coming from the same interface.
That way we no longer need to handle withdraws in unwind. A new
proposal from a daemon on an interface is always a replacement.
If nameservers expire or an interface goes away we sent an empty list
of nameservers.
pestering^Wprodding deraadt
Revision 1.46 / (download) - annotate - [select for diffs], Thu Nov 21 19:27:33 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.45: +1 -3 lines
Diff to previous 1.45 (colored)
We do not send lifetimes or source in DNS proposals.
Do not copy them to the main process.
Revision 1.45 / (download) - annotate - [select for diffs], Wed Nov 20 18:10:12 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.44: +34 -38 lines
Diff to previous 1.44 (colored)
Form DNS proposals from router advertisements with a router lifetime of zero. It just means that the router is not a default router. This is also true for prefixes, but not yet implemented. (The diff looks complicated but it's only a } moved up + reindent.)
Revision 1.44 / (download) - annotate - [select for diffs], Mon Nov 11 05:48:46 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.43: +332 -1 lines
Diff to previous 1.43 (colored)
Send DNS proposals on route socket when new nameservers are learned
from router advertisements.
unwind(8) can solicit DNS proposals by sending an empty RTM_PROPOSAL
message with priority RTP_PROPOSAL_SOLICIT.
Revision 1.43 / (download) - annotate - [select for diffs], Fri Nov 8 13:02:32 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.42: +40 -54 lines
Diff to previous 1.42 (colored)
There is at most one Default Router Proposal present per router.
We can just use find_dfr_proposal_by_gw() instead of looping through
the list manually. This was copied from the address proposal code
which needs to loop since usually there are two address proposals
present.
Revision 1.42 / (download) - annotate - [select for diffs], Fri Nov 8 13:01:08 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.41: +3 -1 lines
Diff to previous 1.41 (colored)
forgot to set proposal id
Revision 1.41 / (download) - annotate - [select for diffs], Thu Nov 7 08:45:31 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.40: +5 -134 lines
Diff to previous 1.40 (colored)
Remove half way implemented address and default route proposals.
This never worked out and is getting in the way of DNS proposals which
are coming next.
No (intended) functional change.
Input & OK tohe
Revision 1.40 / (download) - annotate - [select for diffs], Tue Nov 5 15:43:18 2019 UTC (4 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
trailing whitespace
Revision 1.39 / (download) - annotate - [select for diffs], Fri Aug 30 17:25:37 2019 UTC (4 years, 9 months ago) by pamela
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.38: +51 -6 lines
Diff to previous 1.38 (colored)
Remove configured IPv6 addresses remaining when slaacd(8) detects a link-state change and no new router advertisement is obtained (in accordance with RFC 6059). This should improve IPv6 -> legacy-IP-only transitions, preventing applications from believing IPv6 connectivity is available when it is not, potentially resulting in long timeouts. suggestion, input and OK florian@ phessler@
Revision 1.38 / (download) - annotate - [select for diffs], Mon Aug 26 18:50:04 2019 UTC (4 years, 9 months ago) by pamela
Branch: MAIN
Changes since 1.37: +4 -6 lines
Diff to previous 1.37 (colored)
free(3) style functions should accept NULL and do nothing OK florian
Revision 1.37 / (download) - annotate - [select for diffs], Thu Jun 27 09:48:15 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.36: +2 -5 lines
Diff to previous 1.36 (colored)
let free_address_proposal() handle the LIST_REMOVE, like free_dfr_proposal()
Revision 1.36 / (download) - annotate - [select for diffs], Thu Jun 27 09:47:16 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.35: +1 -2 lines
Diff to previous 1.35 (colored)
free_dfr_proposal() does the LIST_REMOVE for us; do not run it twice
Revision 1.35 / (download) - annotate - [select for diffs], Fri Jun 7 11:46:33 2019 UTC (4 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
Reyk's ISP sends him router advertisements from non-link local addresses about every 10 - 30 seconds. Reduce log level to debug to stop the syslog spam. OK reyk
Revision 1.34 / (download) - annotate - [select for diffs], Mon Mar 11 22:53:29 2019 UTC (5 years, 2 months ago) by pamela
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.33: +4 -2 lines
Diff to previous 1.33 (colored)
Make slaacd(8) imsg processing more paranoid. Unexpected size mismatches mean we should no longer trust processes, so we call fatal(x). The control socket is the exception, where we ignore rather than allow crashes due to data from the outside. suggestion/input and OK florian@
Revision 1.33 / (download) - annotate - [select for diffs], Mon Mar 11 15:27:07 2019 UTC (5 years, 2 months ago) by pamela
Branch: MAIN
Changes since 1.32: +14 -14 lines
Diff to previous 1.32 (colored)
Change fatal() to fatalx() where errno is not set. input and OK florian@
Revision 1.32 / (download) - annotate - [select for diffs], Sat Mar 2 05:34:59 2019 UTC (5 years, 3 months ago) by pamela
Branch: MAIN
Changes since 1.31: +33 -37 lines
Diff to previous 1.31 (colored)
Introduce the IMSG_DATA_SIZE() macro to replace recurring math on imsg.hdr.len to shorten and simplify code. correction and OK florian@
Revision 1.31 / (download) - annotate - [select for diffs], Fri Jul 27 06:23:08 2018 UTC (5 years, 10 months ago) by bket
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)
Have slaacd(8) share information on receiving a MTU advertisement with slaacctl(8). OK florian@
Revision 1.30 / (download) - annotate - [select for diffs], Fri Jul 27 06:20:01 2018 UTC (5 years, 10 months ago) by bket
Branch: MAIN
Changes since 1.29: +35 -2 lines
Diff to previous 1.29 (colored)
Enable slaacd(8) to set MTU on an interface. If a router advertisement message with the MTU option is received on an interface slaacd will set the specified MTU on that interface. Lots of help from florian@. Thank you! OK florian@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jul 23 17:25:52 2018 UTC (5 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.28: +38 -1 lines
Diff to previous 1.28 (colored)
When moving between networks slaacd configures new addresses but leaves old ones behind. The IPv6 RFCs don't seem to offer guidance on what to do in this case. (RFC 5220 discusses related issues, but not exactly this.) It seems a bit harsh to just delete old addresses - a naive implementation can easily lead to flip-flopping between two prefixes. Instead set the preferred lifetime to 0 for all addresses on an interface when the link goes down, thus marking addresses as deprecated but still usable. When the link comes back send a router solicitation. If we are still on the old network and receive a router advertisement the preferred lifetime will increase and the addresses will no longer be deprecated. If we moved to a new network we will get new router advertisements and form new addresses. The old ones will stay deprecated and the address selection algorithm will prefer new addresses. Problem reported by many. testing & OK phessler
Revision 1.28 / (download) - annotate - [select for diffs], Mon Jul 23 06:14:14 2018 UTC (5 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.27: +86 -30 lines
Diff to previous 1.27 (colored)
Handle duplicate address detection failures. We get notified when duplication is detected on the route socket. For privacy addresses simply generate a new random address. If we have soii enabled increase the dad counter on the prefix and generate a new address. For eui64 addresses nothing can be done.
Revision 1.27 / (download) - annotate - [select for diffs], Wed Jun 20 14:55:29 2018 UTC (5 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.26: +8 -17 lines
Diff to previous 1.26 (colored)
This might have been a good idea 20 years ago but in this day and age the compiler is probably better at unrolling loops. style nit fcambus OK phessler
Revision 1.26 / (download) - annotate - [select for diffs], Fri May 18 11:06:59 2018 UTC (6 years ago) by florian
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
typo, pointed out by llvm scan-build, how did this even work though?
Revision 1.25 / (download) - annotate - [select for diffs], Thu May 17 13:39:00 2018 UTC (6 years ago) by florian
Branch: MAIN
Changes since 1.24: +41 -5 lines
Diff to previous 1.24 (colored)
Handle RTM_DELETE of slaacd managed default route by re-inserting it. Problem pointed out & OK phessler
Revision 1.24 / (download) - annotate - [select for diffs], Mon Apr 23 13:49:04 2018 UTC (6 years, 1 month ago) by florian
Branch: MAIN
Changes since 1.23: +7 -3 lines
Diff to previous 1.23 (colored)
While privacy addresses do just expire and never get renewed we need to solicit a router advertisment shortly before their pltime runs out so that we generate a new one. Reported by naddy@. OK benno@
Revision 1.23 / (download) - annotate - [select for diffs], Tue Mar 13 13:57:07 2018 UTC (6 years, 2 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.22: +5 -2 lines
Diff to previous 1.22 (colored)
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit. Copy bits from the end of the digest array, not from the beginning. While here initialize iid. Problem that IPv6 addresses change while they should not pointed out by semarie@. OK sthen, phessler
Revision 1.22 / (download) - annotate - [select for diffs], Thu Mar 8 17:41:15 2018 UTC (6 years, 2 months ago) by phessler
Branch: MAIN
Changes since 1.21: +30 -39 lines
Diff to previous 1.21 (colored)
Back in the history of time, IPv4 had classes of addresses. This was widely acknowledged as a failure. At the same time IPv4 classes were declared a failure, IPv6 decided to add them back because using a mac address for IP address configuration was easy. Now that we have RFC7217 support we can remove this artificial limitation: allow non-/64 prefixes to be configured by SLAAC. Of course, if you have fewer bits for the hosts part of the address you have fewer bits for privacy and fewer bits to avoid collisions. OK florian@
Revision 1.21 / (download) - annotate - [select for diffs], Wed Mar 7 18:26:28 2018 UTC (6 years, 2 months ago) by florian
Branch: MAIN
Changes since 1.20: +2 -13 lines
Diff to previous 1.20 (colored)
RFC 7136 clarifies that the "u" and "g" bits are only significant when IPv6 unicast interface identifiers are derived from IEEE link-layer addresses. In all other cases the interface identifier should be treated as an opaque value. Accordingly stop fiddling with the bits for privacy addresses. While here initialize the whole priv_in6 struct with random data, currently no functional change but reduces amount of magic numbers, pointed out by phessler as part of a larger diff. OK phessler, sthen
Revision 1.20 / (download) - annotate - [select for diffs], Sat Feb 10 05:57:59 2018 UTC (6 years, 3 months ago) by florian
Branch: MAIN
Changes since 1.19: +62 -14 lines
Diff to previous 1.19 (colored)
RFC 7217 support for slaacd OK naddy, sthen
Revision 1.19 / (download) - annotate - [select for diffs], Sat Nov 4 17:23:05 2017 UTC (6 years, 6 months ago) by florian
Branch: MAIN
Changes since 1.18: +6 -9 lines
Diff to previous 1.18 (colored)
Don't keep blindly chugging along when receiving an unexpected imsg, something is seriously wrong.
Revision 1.18 / (download) - annotate - [select for diffs], Wed Aug 23 15:49:08 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.17: +5 -4 lines
Diff to previous 1.17 (colored)
Overhaul verbosity handling. Get rid of cmd_opts which is a leftover from daemons that handle config files. Instead use a verbose counter for the amount of -v given on the command line. One enables debug logging, two logs received router advertisements. This will make debugging unexpected RAs easier. Instead of asking for a pcap we can ask for -vv.
Revision 1.17 / (download) - annotate - [select for diffs], Wed Aug 23 14:05:26 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.16: +2 -1 lines
Diff to previous 1.16 (colored)
Ooops, we need to call timeout_from_lifetime() in configure_address() where we previously extracted the code and moved it to a function.
Revision 1.16 / (download) - annotate - [select for diffs], Wed Aug 23 10:48:01 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.15: +93 -1 lines
Diff to previous 1.15 (colored)
When starting up or when the autoconf6 flag is set on an interface collect already configured autoconf addresses and track them in the engine. That way we are not adding a new privacy address on every restart.
Revision 1.15 / (download) - annotate - [select for diffs], Wed Aug 23 10:46:40 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.14: +4 -2 lines
Diff to previous 1.14 (colored)
We will never need this on the ramdisk.
Revision 1.14 / (download) - annotate - [select for diffs], Wed Aug 23 10:45:35 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.13: +14 -7 lines
Diff to previous 1.13 (colored)
Extract timeout_from_lifetime(); to be used in more places.
Revision 1.13 / (download) - annotate - [select for diffs], Mon Aug 21 14:44:26 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.12: +1 -18 lines
Diff to previous 1.12 (colored)
Move sin6_to_str() to slaacd.c so that it can be used in more places. While here do not compile it for the ramdisk.
Revision 1.12 / (download) - annotate - [select for diffs], Fri Aug 18 07:45:03 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.11: +18 -11 lines
Diff to previous 1.11 (colored)
Timeouts should be time_t to prevent overflows. Bug report and fix tested by csszep AT gmail, thanks! This was triggered by virtualbox which sets vltime and pltime to infinity (0xffffffff).
Revision 1.11 / (download) - annotate - [select for diffs], Sat Aug 5 13:02:33 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.10: +36 -75 lines
Diff to previous 1.10 (colored)
move common debug code to sin6_to_str()
Revision 1.10 / (download) - annotate - [select for diffs], Fri Aug 4 14:17:47 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.9: +25 -26 lines
Diff to previous 1.9 (colored)
No need for LIST_FOREACH_SAFE, we want to remove exactly one interface and then stop the iteration. get_slaacd_iface_by_id() is perfectly fine for this; we also gain one level of indentation. While here LIST_REMOVE the currently deleted dfr_proposal.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Aug 4 14:00:33 2017 UTC (6 years, 9 months ago) by florian
Branch: MAIN
Changes since 1.8: +17 -7 lines
Diff to previous 1.8 (colored)
When free(3)'ing an address_proposal we need to stop the libevent timer. Resulting use-after-free found the hard way by me. Introduce free_address_proposal() to make sure we always do this. While here also stop the interface timer when deleting an interface.
Revision 1.8 / (download) - annotate - [select for diffs], Mon Jul 17 11:27:05 2017 UTC (6 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.7: +32 -17 lines
Diff to previous 1.7 (colored)
Overhaul handling of vltime and pltime processing - make sure to not send solicitations at a very high rate indefinitely if pltime is 0 (we still need some sort of rate limiting here) - implement RFC 4862 5.5.3 two hours rule wrt vltime - allow pltime of 0 so that a router can withdraw a prefix
Revision 1.7 / (download) - annotate - [select for diffs], Fri Jul 14 09:29:40 2017 UTC (6 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.6: +70 -69 lines
Diff to previous 1.6 (colored)
run IMSG_UPDATE_IF through the main process, reduces upcomming diff for RFC 7217 support
Revision 1.6 / (download) - annotate - [select for diffs], Sun Jul 9 09:00:56 2017 UTC (6 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.5: +23 -4 lines
Diff to previous 1.5 (colored)
Ignore prefixes with a pltime < ND6_PRIV_MAX_DESYNC_FACTOR seconds (512 in our case) for privacy addresses as per RFC 4941.
Revision 1.5 / (download) - annotate - [select for diffs], Sun Jul 9 08:41:47 2017 UTC (6 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.4: +3 -2 lines
Diff to previous 1.4 (colored)
If we lower the pltime for privacy addresses skew it by ND6_PRIV_MAX_DESYNC_FACTOR like RFC 4941 tells us to. Toss in a arc4random_uniform for good measure like the kernel always did.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Jul 6 15:02:53 2017 UTC (6 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.3: +11 -2 lines
Diff to previous 1.3 (colored)
Sprinkel in some #ifndef SMALL to make slaacd smaller for the installer. This removes the control socket handling which is useless because we won't have slaacctl in the installer. Also deraadt@ pointed out that this would be the first use of log.c in the installer where we don't have syslogd running so it's rather pointless. So this completely neuters logging. The log.h change doesn't interfere with benno@'s efforts of unifying log.c The installer version of slaacd won't even compile control.c and log.c
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jul 5 20:18:11 2017 UTC (6 years, 10 months ago) by florian
Branch: MAIN
Changes since 1.2: +6 -1 lines
Diff to previous 1.2 (colored)
Validate prefix information in router advertisements according to RFC 4862 Section 5.5.3. This very likely solves the problem of slaacd generating privacy addresses at a very high rate as reported by Matthias Schmidt on bugs@; thanks! The problem is that we constantly generate new privacy addresses if we receive a router advertisement with a pltime of 0 since that address will immediately be deprecated. This needs revisiting since we will run into the same problem with other low pltimes.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jul 3 19:02:04 2017 UTC (6 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.1: +31 -28 lines
Diff to previous 1.1 (colored)
s/log_warn/log_warnx/ where errno is not set
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jun 3 10:00:29 2017 UTC (7 years ago) by florian
Branch: MAIN
Move slaacd to /sbin jca points out that all the other interface configuration tools live there (like ifconfig or dhclient). Furthermore it starts so early in the boot process that /usr might not be mounted yet if it's a nfs filesystem. sthen and deraadt agree