[ECOS] Disable IPv6 at startup?

[ECOS] Disable IPv6 at startup?

[Grant Edwards]

What's the simplest/best way to "disable" IPv6 at runtime?

For IPv4 if you never set up any addresses or routes, then that's
"disabled enough" since it won't respond visibly to any IPv4 packets
(AFAICT).

However, for IPv6, there is a default link-local address and a
link-local route -- so even if the user application never sets up any
IPv6 configuration, the device will respond to IPv6 packets (neighbor
discovery, ping, etc).

-- 
Grant Edwards               grant.b.edwards        Yow! What's the MATTER
                                  at               Sid? ... Is your BEVERAGE
                              gmail.com            unsatisfactory?


-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Re: [ECOS] Disable IPv6 at startup?

[Andrew Lunn]

On Thu, Feb 16, 2012 at 08:06:19PM +0000, Grant Edwards wrote:
> What's the simplest/best way to "disable" IPv6 at runtime?
> 
> For IPv4 if you never set up any addresses or routes, then that's
> "disabled enough" since it won't respond visibly to any IPv4 packets
> (AFAICT).
> 
> However, for IPv6, there is a default link-local address and a
> link-local route -- so even if the user application never sets up any
> IPv6 configuration, the device will respond to IPv6 packets (neighbor
> discovery, ping, etc).

Hi Grant

I think link-local is mandatory. See section 2.8 of RFC 4291.

So i _guess_ you need to ensure IPv6 is not bound to the interface. It
should then not have this mandatory addresses. No idea how to actually
do that....

   Andrew

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

[ECOS] Re: Disable IPv6 at startup?

[Grant Edwards]

On 2012-02-16, Andrew Lunn <andrew@lunn.ch> wrote:
> On Thu, Feb 16, 2012 at 08:06:19PM +0000, Grant Edwards wrote:
>> What's the simplest/best way to "disable" IPv6 at runtime?
>> 
>> For IPv4 if you never set up any addresses or routes, then that's
>> "disabled enough" since it won't respond visibly to any IPv4 packets
>> (AFAICT).
>> 
>> However, for IPv6, there is a default link-local address and a
>> link-local route -- so even if the user application never sets up any
>> IPv6 configuration, the device will respond to IPv6 packets (neighbor
>> discovery, ping, etc).
>
> Hi Grant
>
> I think link-local is mandatory. See section 2.8 of RFC 4291.

It's definitely mandatory if you're doing IPv6.  What I want is to
_not_ do IPv6.  Except I don't know whether or not I want to do IPv6
or not until runtime, so the eCos network stack has to be built with
IPv6 enabled.

If "no IPv6 at all" isn't possible, then I'll settle for no IPv6
externally visible (never send an IPv6 packet and no visible effects
from receiving them).

> So i _guess_ you need to ensure IPv6 is not bound to the interface.

Yea, that's sort of what I was thinking, but my browsing around the
source code hasn't illuminated a way to do it.

There are three prime suspects:

 ip6_init()     

    I can't find anywhere that appears to be called. 
    
 ip6_init2()

    That's gets registered in the SYS_INIT table.
 
 DOMAIN_SET(inet6) 

    Registers something in a table, but I haven't figured out what.
 
> It should then not have this mandatory addresses. No idea how to
> actually do that....

-- 
Grant Edwards               grant.b.edwards        Yow! I request a weekend in
                                  at               Havana with Phil Silvers!
                              gmail.com            


-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Re: [ECOS] Disable IPv6 at startup?

[Jay Foster]

Perhaps the IPV6CTL_AUTO_LINKLOCAL sysctl() (enable 
CYGPKG_NET_FREEBSD_SYSCTL) might work?

Jay

On 2/16/2012 12:06 PM, Grant Edwards wrote:
> What's the simplest/best way to "disable" IPv6 at runtime?
>
> For IPv4 if you never set up any addresses or routes, then that's
> "disabled enough" since it won't respond visibly to any IPv4 packets
> (AFAICT).
>
> However, for IPv6, there is a default link-local address and a
> link-local route -- so even if the user application never sets up any
> IPv6 configuration, the device will respond to IPv6 packets (neighbor
> discovery, ping, etc).
>

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

[ECOS] Re: Disable IPv6 at startup?

[Grant Edwards]

On 2012-02-16, Jay Foster <jay@systech.com> wrote:

> Perhaps the IPV6CTL_AUTO_LINKLOCAL sysctl() (enable 
> CYGPKG_NET_FREEBSD_SYSCTL) might work?

Thanks, I'll look into that.

-- 
Grant


-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

[ECOS] Re: Disable IPv6 at startup?

[Grant Edwards]

On 2012-02-16, Grant Edwards <grant.b.edwards@gmail.com> wrote:

> What's the simplest/best way to "disable" IPv6 at runtime?

Here's my first try at disabling ipv6 at runtime.

It seems to work well enough, but it's not as clean as I had hoped.
Could a patch using this approach be accepted?

Of course I'd clean up the formatting, add a changelog entry and so
on.  I'd also be happy to make this something that has to be enabled
via CDL -- though with the changes shown below, the stack behaves
exactly as before by default. I'm not keen on the "add a globally
visible flag" approach, but it seemed like the only simple solution.

The three things I'm trying to disable are all called via init-table
entries, and AFAICT there's no practical way to remove/skip a table
entry at runtime.

The declaration and definition of the globally visible
cyg_ipv6_runtime_disable flag probably belong somewhere else, but I
haven't figured out where.



Index: net/bsd_tcpip/current/src/sys/kern/uipc_domain.c
===================================================================
--- net/bsd_tcpip/current/src/sys/kern/uipc_domain.c	(revision 6840)
+++ net/bsd_tcpip/current/src/sys/kern/uipc_domain.c	(working copy)
@@ -106,32 +106,42 @@
 			(*pr->pr_init)();
 	}
 	/*
 	 * update global informatio about maximums
 	 */
 	max_hdr = max_linkhdr + max_protohdr;
 	max_datalen = MHLEN - max_hdr;
 	splx(s);
 }
 
+int cyg_ipv6_runtime_disable;
+
 /*
  * Add a new protocol domain to the list of supported domains
  * Note: you cant unload it again because  a socket may be using it.
  * XXX can't fail at this time.
  */
 void
 net_add_domain(void *data)
 {
 	int	s;
 	struct domain *dp;
+        extern struct domain inet6domain;
 
 	dp = (struct domain *)data;
+
+        if (cyg_ipv6_runtime_disable && dp == &inet6domain)
+          {
+            diag_printf("net_add_domain(&inet6domain) -- skipped\n");
+            return;
+          }
+
 	s = splnet();
 	dp->dom_next = domains;
 	domains = dp;
 	splx(s);
 	net_init_domain(dp);
 }
 
 /* ARGSUSED*/
 static void
 domaininit(void *dummy)
Index: net/bsd_tcpip/current/src/sys/netinet6/ip6_input.c
===================================================================
--- net/bsd_tcpip/current/src/sys/netinet6/ip6_input.c	(revision 6840)
+++ net/bsd_tcpip/current/src/sys/netinet6/ip6_input.c	(working copy)
@@ -260,33 +260,41 @@
 add_performance_log(val, addr)
 	unsigned long long val;
 	struct in6_addr *addr;
 {
 	ip6_logentry = (ip6_logentry + 1) % ip6_logsize;
 	ip6_performance_log[ip6_logentry] = val;
 	ip6_performance_addrlog[ip6_logentry] = *addr;
 }
 #endif
 
+extern int cyg_ipv6_runtime_disable;
+
 /*
  * IP6 initialization: fill in IP6 protocol switch table.
  * All protocols not implemented in kernel go to raw IP6 protocol handler.
  */
 void
 ip6_init()
 {
 	struct ip6protosw *pr;
 	int i;
 #ifndef __OpenBSD__
 	struct timeval tv;
 #endif
 
+        if (cyg_ipv6_runtime_disable)
+          {
+            diag_printf("ip6_init() -- skipping\n");
+            return;
+          }
+
 #ifdef RADIX_ART
 	rt_tables[AF_INET6]->rnh_addrsize = sizeof(struct in6_addr);
 #endif
 
 #ifdef DIAGNOSTIC
 	if (sizeof(struct protosw) != sizeof(struct ip6protosw))
 		panic("sizeof(protosw) != sizeof(ip6protosw)");
 #endif
 	pr = (struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW);
 	if (pr == 0)
@@ -338,20 +346,26 @@
 #endif
 }
 
 static void
 ip6_init2(dummy)
 	void *dummy;
 {
 #if defined(__bsdi__) && _BSDI_VERSION < 199802
 	struct ifnet *loifp = &loif;
 #endif
+ 
+        if (cyg_ipv6_runtime_disable)
+          {
+            diag_printf("ip6_init2() -- skipping\n");
+            return;
+          }
 
 	/*
 	 * to route local address of p2p link to loopback,
 	 * assign loopback address first.
 	 */
 #ifdef __bsdi__
 	in6_ifattach(loifp, NULL);
 #elif defined(__OpenBSD__)
 	in6_ifattach(lo0ifp, NULL);
 #else




-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Re: [ECOS] Re: Disable IPv6 at startup?

[Sergei Gavrikov]

On Wed, 29 Feb 2012, Grant Edwards wrote:

[snip]

> OK, I've come up with something I like a little better.  The only
> change it requires to the network stack is that ip6_init2() needs to
> be globally visible (ip6_init already is, so I don't see the harm in
> making ip6_init2 visible).  If ip6_init2 is visible, then you can
> disable ipv6 support with this code:
> 
> static void init_noop(void* dummy)
> {
> }
> 
> static void disable_ipv6(void)
> {
>   extern void cyg_net_add_domain(void *);
>   extern void ip6_init2(void *);
>   extern char inet6domain[];
>   extern struct init_tab_entry __NET_INIT_TAB__[], __NET_INIT_TAB_END__;
>   struct init_tab_entry *init_entry;
> 
>   for (init_entry = __NET_INIT_TAB__; init_entry != &__NET_INIT_TAB_END__;  init_entry++) 
>       if ((init_entry->fun == cyg_net_add_domain && init_entry->data == (void*)inet6domain) ||
>           (init_entry->fun == ip6_init2))
>           init_entry->fun = init_noop;
> }

IMHO, it is neat solution. Thanks for usage example. BTW, the KAME's
successors had declared ip6_init2() as you suggest:

  http://ftp.fr.openbsd.org/pub/OpenBSD/src/sys/netinet6/ip6_input.c

Please, submit the patch.

Sergei

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

[ECOS] Re: Disable IPv6 at startup?

[Grant Edwards]

On 2012-03-01, Sergei Gavrikov <sergei.gavrikov@gmail.com> wrote:
> On Wed, 29 Feb 2012, Grant Edwards wrote:
>
> [snip]
>
>> OK, I've come up with something I like a little better.  The only
>> change it requires to the network stack is that ip6_init2() needs to
>> be globally visible (ip6_init already is, so I don't see the harm in
>> making ip6_init2 visible).  If ip6_init2 is visible, then you can
>> disable ipv6 support with this code:
>> 
>> static void init_noop(void* dummy)
>> {
>> }
>> 
>> static void disable_ipv6(void)
>> {
>>   extern void cyg_net_add_domain(void *);
>>   extern void ip6_init2(void *);
>>   extern char inet6domain[];
>>   extern struct init_tab_entry __NET_INIT_TAB__[], __NET_INIT_TAB_END__;
>>   struct init_tab_entry *init_entry;
>> 
>>   for (init_entry = __NET_INIT_TAB__; init_entry != &__NET_INIT_TAB_END__;  init_entry++) 
>>       if ((init_entry->fun == cyg_net_add_domain && init_entry->data == (void*)inet6domain) ||
>>           (init_entry->fun == ip6_init2))
>>           init_entry->fun = init_noop;
>> }

In case anybody is wondering, ip6_init() is called via the domain
startup code via a pointer that's present in the "struct domain"
initializer for inet6domain. Disabling the call to
cyg_net_add_domain(&inet6domain) as shown above is what prevents
ip6_init() from being called.

> IMHO, it is neat solution. Thanks for usage example. BTW, the KAME's
> successors had declared ip6_init2() as you suggest:
>
>   http://ftp.fr.openbsd.org/pub/OpenBSD/src/sys/netinet6/ip6_input.c
>
> Please, submit the patch.

OK, will do.  I noticed after that last post that ip6_init is renamed
to cyg_ip6_init by one of the include files.  I assume I should do the
same thing for ip6_init2 if it's going to be global?

-- 
Grant Edwards               grant.b.edwards        Yow! But was he mature
                                  at               enough last night at the
                              gmail.com            lesbian masquerade?


-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Re: [ECOS] Re: Disable IPv6 at startup?

[Sergei Gavrikov]

On Thu, 1 Mar 2012, Grant Edwards wrote:

> On 2012-03-01, Sergei Gavrikov wrote:
> > On Wed, 29 Feb 2012, Grant Edwards wrote:
> >
> > [snip]
> >
> >> OK, I've come up with something I like a little better.  The only
> >> change it requires to the network stack is that ip6_init2() needs to
> >> be globally visible (ip6_init already is, so I don't see the harm in
> >> making ip6_init2 visible).  If ip6_init2 is visible, then you can
> >> disable ipv6 support with this code:
> >> 
> >> static void init_noop(void* dummy)
> >> {
> >> }
> >> 
> >> static void disable_ipv6(void)
> >> {
> >>   extern void cyg_net_add_domain(void *);
> >>   extern void ip6_init2(void *);
> >>   extern char inet6domain[];
> >>   extern struct init_tab_entry __NET_INIT_TAB__[], __NET_INIT_TAB_END__;
> >>   struct init_tab_entry *init_entry;
> >> 
> >>   for (init_entry = __NET_INIT_TAB__; init_entry != &__NET_INIT_TAB_END__;  init_entry++) 
> >>       if ((init_entry->fun == cyg_net_add_domain && init_entry->data == (void*)inet6domain) ||
> >>           (init_entry->fun == ip6_init2))
> >>           init_entry->fun = init_noop;
> >> }
> 
> In case anybody is wondering, ip6_init() is called via the domain
> startup code via a pointer that's present in the "struct domain"
> initializer for inet6domain. Disabling the call to
> cyg_net_add_domain(&inet6domain) as shown above is what prevents
> ip6_init() from being called.
> 
> > IMHO, it is neat solution. Thanks for usage example. BTW, the KAME's
> > successors had declared ip6_init2() as you suggest:
> >
> >   http://ftp.fr.openbsd.org/pub/OpenBSD/src/sys/netinet6/ip6_input.c
> >
> > Please, submit the patch.
> 
> OK, will do.  I noticed after that last post that ip6_init is renamed
> to cyg_ip6_init by one of the include files.

Yes, I'm seeing that was entered in a merge/fix patch from Kelvin Lawson
in 2011. But there is also

  include/sys/param.h:224:#define ip6_init cyg_ip6_init

> I assume I should do the same thing for ip6_init2 if it's going to be
> global?

I have doubt.  May be to change a scope of the function in ip6_input.c
will be enough for the case?  As for me I would not propagate the
definition {cyg_,}ip6_init2 in the headers.  Though, may be I wrong
here. I would stop on your first proposal:

 -static void ...
 +void ...

Sergei

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

[ECOS] Re: Disable IPv6 at startup?

[Grant Edwards]

On 2012-03-01, Sergei Gavrikov <sergei.gavrikov@gmail.com> wrote:

>>> IMHO, it is neat solution. Thanks for usage example. BTW, the KAME's
>>> successors had declared ip6_init2() as you suggest:
>>>
>>>   http://ftp.fr.openbsd.org/pub/OpenBSD/src/sys/netinet6/ip6_input.c
>>>
>>> Please, submit the patch.
>> 
>> OK, will do.  I noticed after that last post that ip6_init is renamed
>> to cyg_ip6_init by one of the include files.
>
> Yes, I'm seeing that was entered in a merge/fix patch from Kelvin Lawson
> in 2011. But there is also
>
>   include/sys/param.h:224:#define ip6_init cyg_ip6_init
>
>> I assume I should do the same thing for ip6_init2 if it's going to be
>> global?
>
> I have doubt.  May be to change a scope of the function in ip6_input.c
> will be enough for the case?  As for me I would not propagate the
> definition {cyg_,}ip6_init2 in the headers.  Though, may be I wrong
> here. I would stop on your first proposal:
>
>  -static void ...
>  +void ...

I've already submitted a patch with the #define added, but if the
consensus is to leave the symbol un-mangled, then I can submit a new
patch.

-- 
Grant Edwards               grant.b.edwards        Yow! ... I want to perform
                                  at               cranial activities with
                              gmail.com            Tuesday Weld!!


-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Re: [ECOS] Re: Disable IPv6 at startup?

[Sergei Gavrikov]

On Thu, 1 Mar 2012, Grant Edwards wrote:

> On 2012-03-01, Sergei Gavrikov wrote:
> 
> >>> IMHO, it is neat solution. Thanks for usage example. BTW, the KAME's
> >>> successors had declared ip6_init2() as you suggest:
> >>>
> >>>   http://ftp.fr.openbsd.org/pub/OpenBSD/src/sys/netinet6/ip6_input.c
> >>>
> >>> Please, submit the patch.
> >> 
> >> OK, will do.  I noticed after that last post that ip6_init is renamed
> >> to cyg_ip6_init by one of the include files.
> >
> > Yes, I'm seeing that was entered in a merge/fix patch from Kelvin Lawson
> > in 2011. But there is also
> >
> >   include/sys/param.h:224:#define ip6_init cyg_ip6_init
> >
> >> I assume I should do the same thing for ip6_init2 if it's going to be
> >> global?
> >
> > I have doubt.  May be to change a scope of the function in ip6_input.c
> > will be enough for the case?  As for me I would not propagate the
> > definition {cyg_,}ip6_init2 in the headers.  Though, may be I wrong
> > here. I would stop on your first proposal:
> >
> >  -static void ...
> >  +void ...
> 
> I've already submitted a patch with the #define added, but if the
> consensus is to leave the symbol un-mangled, then I can submit a new
> patch.
 
Or maybe you're right. In any case we will get a way to manage ip6 init.

Thank you for contribution.

Sergei

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss