diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h index 906a9c8..5652d0c 100644 --- a/sys/netinet6/in6.h +++ b/sys/netinet6/in6.h @@ -629,8 +629,9 @@ struct ip6_mtuinfo { /* New entries should be added here from current IPV6CTL_MAXID value. */ /* to define items, should talk with KAME guys first, for *BSD compatibility */ -#define IPV6CTL_MAXID 42 +#define ICMPV6CTL_ND6_ONLINKNSRFC4861 47 +#define IPV6CTL_MAXID 48 #endif /* !_XOPEN_SOURCE */ /* diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 5ce56cc..f5b491b 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -412,6 +412,7 @@ DOMAIN_SET(inet6); #ifndef IPV6_SENDREDIRECTS #define IPV6_SENDREDIRECTS 1 #endif +int nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */ int ip6_forwarding = IPV6FORWARDING; /* act as router? */ int ip6_sendredirects = IPV6_SENDREDIRECTS; @@ -591,3 +592,5 @@ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, nd6_maxnudhint, CTLFLAG_R &nd6_maxnudhint, 0, "Max # of subsequent upper layer hints"); SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug, CTLFLAG_RW, &nd6_debug, 0, "Enable debug output"); +SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, nd6_onlink_ns_rfc4861, CTLFLAG_RW, + &nd6_onlink_ns_rfc4861, 0, "Accept 'on-link' nd6 NS in compliance with RFC 4861."); diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h index b401f2f..60879c8 100644 --- a/sys/netinet6/nd6.h +++ b/sys/netinet6/nd6.h @@ -327,6 +327,7 @@ extern struct nd_drhead nd_defrouter; extern struct nd_prhead nd_prefix; extern struct mtx nd6_mtx; extern int nd6_debug; +extern int nd6_onlink_ns_rfc4861; #define nd6log(x) do { if (nd6_debug) log x; } while (0) diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c index f5cd676..e94dcba 100644 --- a/sys/netinet6/nd6_nbr.c +++ b/sys/netinet6/nd6_nbr.c @@ -160,7 +160,7 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len) "(wrong ip6 dst)\n")); goto bad; } - } else { + } else if (!nd6_onlink_ns_rfc4861) { /* * Make sure the source address is from a neighbor's address. *