From dd4d5a5ffbfa65b61d30b3bfac0e09a75a8cbe3b Mon Sep 17 00:00:00 2001 From: "Bjoern A. Zeeb" Date: Wed, 25 Nov 2020 20:58:01 +0000 Subject: [PATCH] IPv6: set ifdisabled in the kernel rather than in rc Enable ND6_IFF_IFDISABLED when the interface is created in the kernel before return to user space. This avoids a race when an interface is create by a program which also calls ifconfig IF inet6 -ifdisabled and races with the devd -> /etc/pccard_ether -> .. netif start IF -> ifdisabled calls (the devd/rc framework disabling IPv6 again after the program had enabled it already). In case the global net.inet6.ip6.accept_rtadv was turned on, we also default to enabling IPv6 on the interfaces, rather than disabling them. PR: 248172 Reported by: Gert Doering (gert greenie.muc.de) Reviewed by: glebius (, phk) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D27324 --- libexec/rc/network.subr | 2 -- sys/netinet6/nd6.c | 9 ++++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/libexec/rc/network.subr b/libexec/rc/network.subr index 1a83421b87b..808e48532a1 100644 --- a/libexec/rc/network.subr +++ b/libexec/rc/network.subr @@ -134,8 +134,6 @@ ifconfig_up() if ! noafif $1 && afexists inet6; then if checkyesno ipv6_activate_all_interfaces; then _ipv6_opts="-ifdisabled" - elif [ "$1" != "lo0" ]; then - _ipv6_opts="ifdisabled" fi # backward compatibility: $ipv6_enable diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c index 1597a4cb6b9..8ff6d1aafc7 100644 --- a/sys/netinet6/nd6.c +++ b/sys/netinet6/nd6.c @@ -273,6 +273,10 @@ nd6_ifattach(struct ifnet *ifp) nd->flags = ND6_IFF_PERFORMNUD; + /* Set IPv6 disabled on all interfaces but loopback by default. */ + if ((ifp->if_flags & IFF_LOOPBACK) == 0) + nd->flags |= ND6_IFF_IFDISABLED; + /* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL. * XXXHRS: Clear ND6_IFF_AUTO_LINKLOCAL on an IFT_BRIDGE interface by * default regardless of the V_ip6_auto_linklocal configuration to @@ -290,8 +294,11 @@ nd6_ifattach(struct ifnet *ifp) */ if (V_ip6_accept_rtadv && !(ifp->if_flags & IFF_LOOPBACK) && - (ifp->if_type != IFT_BRIDGE)) + (ifp->if_type != IFT_BRIDGE)) { nd->flags |= ND6_IFF_ACCEPT_RTADV; + /* If we globally accept rtadv, assume IPv6 on. */ + nd->flags &= ~ND6_IFF_IFDISABLED; + } if (V_ip6_no_radr && !(ifp->if_flags & IFF_LOOPBACK)) nd->flags |= ND6_IFF_NO_RADR;