IPv6 reject routes autocreation

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

IPv6 reject routes autocreation

Claudio Jeker
Similar to IPv4 this will inject all the magic reject routes for IPv6.
This includes the bad networks in the 6to4 range (2002::/16) and some
other magic.

Here it what you get:
Internet6:
Destination                        Gateway     Flags Refs   Use Mtu  Prio Iface
::/96                              ::1         UGRS 0        0 32768     8 lo2  
::1                                ::1         UHhl 10       10 32768    1 lo2  
::ffff:0.0.0.0/96                  ::1         UGRS 0        0 32768     8 lo2  
2002::/24                          ::1         UGRS 0        0 32768     8 lo2  
2002:7f00::/24                     ::1         UGRS 0        0 32768     8 lo2  
2002:e000::/20                     ::1         UGRS 0        0 32768     8 lo2  
2002:ff00::/24                     ::1         UGRS 0        0 32768     8 lo2  
fe80::/10                          ::1         UGRS 0        1 32768     8 lo2  
fec0::/10                          ::1         UGRS 0        0 32768     8 lo2  
fe80::1%lo2                        fe80::1%lo2 UHl  0        0 32768     1 lo2  
ff01::/16                          ::1         UGRS 0        0 32768     8 lo2  
ff01::%lo2/32                      ::1         Um   0        1 32768     4 lo2  
ff02::/16                          ::1         UGRS 0        0 32768     8 lo2  
ff02::%lo2/32                      ::1         Um   0        1 32768     4 lo2  

--
:wq Claudio

Index: netinet6//in6_ifattach.c
===================================================================
RCS file: /cvs/src/sys/netinet6/in6_ifattach.c,v
retrieving revision 1.105
diff -u -p -r1.105 in6_ifattach.c
--- netinet6//in6_ifattach.c 10 Feb 2018 05:52:08 -0000 1.105
+++ netinet6//in6_ifattach.c 10 Feb 2018 08:31:12 -0000
@@ -61,6 +61,8 @@ int in6_get_hw_ifid(struct ifnet *, stru
 int in6_get_soii_ifid(struct ifnet *, struct in6_addr *);
 void in6_get_ifid(struct ifnet *, struct in6_addr *);
 int in6_ifattach_loopback(struct ifnet *);
+int in6_ifattach_loopback_routes(struct ifnet *, struct in6_ifaddr *);
+
 
 #define EUI64_GBIT 0x01
 #define EUI64_UBIT 0x02
@@ -419,6 +421,63 @@ in6_ifattach_loopback(struct ifnet *ifp)
  return (in6_update_ifa(ifp, &ifra, NULL));
 }
 
+int
+in6_ifattach_loopback_routes(struct ifnet *ifp, struct in6_ifaddr *ia6)
+{
+ struct rt_addrinfo info;
+ struct sockaddr_in6 addr, mask, gate;
+ int error, i;
+
+ struct {
+ struct in6_addr addr;
+ struct in6_addr mask;
+ } reject_routes[] = {
+ { {{{ 0 }}}, IN6MASK96 },
+ { {{{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, 0, 0 }}}, IN6MASK96 },
+ { {{{ 0x20, 0x02, 0, 0 }}}, {{{ 0xff, 0xff, 0xff, 0 }}} },
+ { {{{ 0x20, 0x02, 0x7f, 0 }}}, {{{ 0xff, 0xff, 0xff, 0 }}} },
+ { {{{ 0x20, 0x02, 0xe0, 0 }}}, {{{ 0xff, 0xff, 0xf0, 0 }}} },
+ { {{{ 0x20, 0x02, 0xff, 0 }}}, {{{ 0xff, 0xff, 0xff, 0 }}} },
+ { {{{ 0xfe, 0x80, 0, 0 }}}, {{{ 0xff, 0xc0, 0, 0 }}} },
+ { {{{ 0xfe, 0xc0, 0, 0 }}}, {{{ 0xff, 0xc0, 0, 0 }}} },
+ { {{{ 0xff, 0x01, 0, 0 }}}, {{{ 0xff, 0xff, 0, 0 }}} },
+ { {{{ 0xff, 0x02, 0, 0 }}}, {{{ 0xff, 0xff, 0, 0 }}} }
+ };
+
+ KASSERT(ifp->if_flags & IFF_LOOPBACK);
+ KASSERT(ia6 != NULL);
+
+ bzero(&info, sizeof(info));
+ bzero(&addr, sizeof(addr));
+ bzero(&mask, sizeof(mask));
+ bzero(&gate, sizeof(gate));
+
+ addr.sin6_len = sizeof(struct sockaddr_in6);
+ addr.sin6_family = AF_INET6;
+ mask.sin6_len = sizeof(struct sockaddr_in6);
+ mask.sin6_family = AF_INET6;
+ gate.sin6_len = sizeof(struct sockaddr_in6);
+ gate.sin6_family = AF_INET6;
+ gate.sin6_addr = in6addr_loopback;
+
+ info.rti_flags = RTF_GATEWAY | RTF_REJECT | RTF_STATIC;
+ info.rti_ifa = &ia6->ia_ifa;
+ info.rti_info[RTAX_GATEWAY] = sin6tosa(&gate);
+
+ for (i = 0; i < nitems(reject_routes); i++) {
+ /* Now insert the reject routes */
+ addr.sin6_addr = reject_routes[i].addr;
+ mask.sin6_addr = reject_routes[i].mask;
+ info.rti_info[RTAX_DST] = sin6tosa(&addr);
+ info.rti_info[RTAX_NETMASK] = sin6tosa(&mask);
+
+ error = rtrequest(RTM_ADD, &info, 0, NULL, ifp->if_rdomain);
+ if (error)
+ return (error);
+ }
+ return (0);
+}
+
 /*
  * compute NI group address, based on the current hostname setting.
  * see draft-ietf-ipngwg-icmp-name-lookup-* (04 and later).
@@ -507,6 +566,10 @@ in6_ifattach(struct ifnet *ifp)
  return (0);
 
  error = in6_ifattach_loopback(ifp);
+ if (error)
+ return (error);
+ error = in6_ifattach_loopback_routes(ifp,
+    in6ifa_ifpwithaddr(ifp, &in6));
  if (error)
  return (error);
  }