NDP and RIPng daemon for a router.
ndpd-router [ -r] [ -p] [ -M] [ -O] [ -s] [ -q] [ -g] [ -n] [ -R] [ -S] [ -d] [ -t] [ -v] [ -H ] [ -m ] [ -u port] [ -D max[min[/life]]] [ -P [invlife]/[deplife]] [ -T [reachtim]/[retrans]/[hlim]] [ -e [ off | compatible | only ] ]
The ndpd-router daemon manages the Neighbor Discovery Protocol (NDP) for non-kernel activities. It receives Router Solicitations and sends Router Advertisements. It can also exchange routing information using the RIPng protocol.
The /etc/gateway6 file provides options for ndpd-router. This file can be modified while the program is running. The changes are checked before any emission or reception of message, or on reception of the HUP signal. The file contains directives, one by line (with # as comment). All the IPv6 addresses and prefixes in the file must be in numeric form. No symbolic name is allowed. Except for the gateway directive, each line begins with a keyword and is made of options of the form key=argument.
Interfaces
The ndpd-router daemon knows about IEEE and CTI point to point interfaces. The ndpd-router daemon exchanges packets on all the known interfaces UP with a Link-Local Address. Any change of status of an interface is detected. If an interface goes down or loses its Link-Local address, the NDP and RIPng processing is stopped on this interface. If an interface goes up, the NDP and RIPng processing is started.
To send Router Advertisements or RIPng packets or both, local and remote Link-Local addresses must be configured.
Item | Description |
---|---|
-e [off | compatible | only ] | Specifies the SEND mode:
|
-H | Enables the system to process NDP features needed to function as a mobile IPv6 home agent |
-m | Enables the system to aid movement detection for mobile IPv6 mobile nodes. |
-D max [min[/life]] | Sends Unsolicited Router Advertisements at intervals from min to max seconds. Default max value is 600 seconds, valid range is 4 to 1800 seconds. Default min equals to max / 3, valid range is from 1 to 0.75 * max. The router lifetime is set with life, default value is 10 * max. Valid range is 0 to 65535 seconds. |
-T [reachtim] / [retrans] / [hlim] | Sets the BaseReachableTime field to reachim seconds, if reachim is not zero. If retrans is not zero, sets the RetransTime field to retrans seconds. If hlim is not zero, sets the hop limit field in Router Advertisements to hlim. |
-M | Sets the M flag (stateful configuration) in advertisements. |
-O | Sets the O flag (other stateful information) in advertisements |
-p | Does not offer prefixes (learned from interface configuration). |
-P [invlife]/[deplife] | Sets the invalid life value and the deprecated life value for announced prefixes (in seconds). The default value is 0xffffffff (infinite). |
-r | Does not offer to be the default router in Router Advertisements. |
-s | Enables the RIPng protocol (the default is: RIPng disabled). |
-q | Enables the RIPng protocol, but does not send RIPng packets. |
-g | Broadcast a default route in RIPng. |
-n | Does not install routes received by RIPng. |
-u port | Uses UDP port port for RIPng. The default is 521. |
-R | Uses split horizon without corrupting reverse for RIPng. |
-S | Does not use any split horizon for RIPng. |
-d | Enables debugging (exceptional conditions and dump). |
-v | Logs all interesting events (daemon.info and console). |
-t | Adds time stamps in logged messages. |
The option directive
Sets different per-interface options.
Syntax:
option [ if=n1,n2 ] ripin=(y|n),ripout=(y|n|S|R),rtadv=(y|n|min[/max]),flag=[M|O],life=Seconds,reach=Seconds,retrans=Seconds
Item | Description |
---|---|
if=list interface=list | If there is no keyword, the option directive is a default option. If there is an interface field, the option parameters apply only to the listed interfaces. The list is comma-separated. You can use le* to match all the leX interfaces. The default option must be the first line in the /etc/gateway6 file. |
mtu[=mtuval] | Advertises a MTU value of mtuval in router advertisements. If there is no mtuval argument, the advertised MTU is the MTU of the interface. If mtuval is 0, suppress the advertisement of MTU. |
ripin=(n|y) | Does not listen (listen) to incoming RIPng packets. Does not send (send) RIPng packets. With the -S flag, do not use split horizon. With the -R flag, use split horizon without poisoning reverse. |
rtadv=(n|y|min [/max]) | Does not send (send) router advertisements. With min[/max] option, set the interval (in seconds) between router advertisements. |
flag={M|O} | Sets the stateful mode flags in router advertisements.
|
life=Seconds | Sets the router life field in router advertisements (in seconds). |
reach=Seconds | Sets the reachable field in router advertisements (in seconds). |
retrans=Seconds | Sets the retransmit interval field in router advertisements (in seconds). |
The prefix directive
Defines the prefixes announced in Router advertisement directives. If there is no prefix-directive for an interface, the router advertisement contains the list of prefixes deduced from the address list of the interface. If there are prefix-directives, the router advertisement contains the list of prefixes defined by the different prefix directives (in order). No prefix is installed in the kernel. If there is one directive of the form prefix prefix=none, no prefix list is advertised.
Syntax:
prefix if=n prefix=(none|xxx::/PrefixLength) flag=[L][A] valid=Seconds deprec=Seconds
Item | Description |
---|---|
if=Interface or interface=Interface | Specifies the interface on which the directive applies. The if keyword is mandatory for the prefix directive. It is not an option. |
prefix=xxx::/PrefixLength | The advertised prefix. |
flag=[L][A] | Set the L and/or A flag for the prefix (the default is LA). |
deprec=Seconds | Set the deprecated time (in seconds) for the prefix. |
valid=Seconds | Set the validity time (in seconds) for the prefix. |
The filter directive
Define a filter pattern for incoming (filter=in) or outgoing (filter=out) RIPng packets. There is one incoming and one outgoing filter per interface, and one default incoming and one default outgoing filter for interfaces without explicit filter.
Any received RIPng information is tested against the input filter of the interface, or, if there is none, against the default input filter. The static interface routes are seen as input information coming from the interface and from a gateway with the link local address of the interface. The routes set by a gateway directive with a gateway keyword are seen as input information coming from the specified interface and gateway. The default route (-g flag) and the routes set by a gateway directive without a gateway keyword are seen as input information coming from gateway :: and no interface (the default input filter applies).
Any sent RIPng information is tested against the output filter of the interface, or, if there is none, against the default output filter.
Each filter is a sequence of matching patterns. The patterns are tested in order. Each pattern can test the prefix length, the source gateway (for input filters and that the prefix (padded with zeroes) matches a fixed prefix. If a pattern contains more than one test description, the match is the conjunction of all the tests. The first matching pattern defines the action to perform. If no pattern matches, the default action is accept. The possible actions are accept, reject and truncate/NumberOfBits. The truncate/NumberOfBits action means: if the pattern matches and if prefix length is greater or equal to NumberOfBits, accept the prefix with new length NumberOfBits. The accepted prefix is immediately accepted, that is, not checked again against the filters.
filter=out length==128 action=reject
Syntax:
filter=(in|out) [if=n1,n2] prefix=xx::/NumberOfBits gateway=xxx length=(=|>=|<=|<|>)NumberOfBits action=(accept|reject|truncate/xx)
Item | Description |
---|---|
if=list or interface=list | If there is no interface keyword, the filter directive is a default option. If there is an interface field, the filter pattern is added at the end of the filters of all specified interfaces. The list is comma-separated. For example, you can specify interface=le* to specify all the leX interfaces. |
prefix=xxx::/NumberOfBits | The pattern matches only if xxx::/NumberOfBits is a prefix of the prefix in the RIPng packet. |
gateway=xxx | The pattern matches only if the RIPng message comes from source address xxx, only in incoming filters. |
length=(=|>=|<=|<|>)NumberOfBits | The pattern match only if the prefix length in the RIPng message is equal to (or greater than, less than, etc., depending on the operator specified) to NumberOfBits. |
action=(accept|reject|truncate/NumberOfBits) | Specify the action to perform if the pattern matches: accept the message, reject the message, accept but truncate the prefix to NumberOfBits bits. |
Gateway directives
The gateway directives allow the user to set up routes in RIPng packets and/or in the kernel. These directives must appear at the end of the /etc/gateway6 file, after the other directives.
Syntax:
xxx::/NumberOfBits metric Value
xxx::/NumberOfBits metric Value gateway IPv6Address ifname
The second syntax is used to add the route to the kernel.
The following examples are of the /etc/gateway6 file.
On a site where all addresses are of the form 5f06:2200:c001:0200:xxxx, the following example means that only one route, describing all the site, is exported on all the Configured Tunnel Interface (CTI) ctiX interfaces. The keyword abbreviations shown are valid.
filt=out if=cti* pref=5f06:2200:c001:0200::/64 len=>=64 act=trunc/64
Setting a default outgoing route:
::/0 metric 2 gateway 5f06:2200:c102:0200::1 cti0
Declare that any CTI interface active with RIPng defines a default route:
filter=in if=cti* act=trunc/0
The following example defines a site with an exterior connection cti0, which aggregates other sites connected through ctiX, and which uses split horizon without poisoned reverse. The order of the lines is important, as all filter descriptions apply to cti0.
option if=cti* ripout=R
filter=out if=cti0 prefix=5f06:2200::/24 len=>=24 act=trunc/24
filt=out if=cti* pref=5f06:2200:c001:0200::/64 len=>=64 act=trunc/64
filter=in if=cti0 act=trunc/0
filter=in if=cti* prefix=5f06:2200::/24 len=>=24 act=trunc/64
filter=in if=cti* act=reject
All errors are logged at the daemon.err level, unless the debug option is set. This includes all the syntax errors in the /etc/gateway6 file and configuration mismatches between different routers.
ndpd-router responds to the following signals:
Item | Description |
---|---|
SIGINT | Dumps its current state to syslog, if syslog is defined. Otherwise, dumped to stdout. |
SIGHUP | The /etc/gateway6 file is read again. |
SIGUSR1 | Verbosity is incremented. |
SIGUSR2 | Verbosity is reset. |
SIGTERM | Resets to a resonable state and stops. |
SIGQUIT | Resets to a resonable state and stops. |
Item | Description |
---|---|
/etc/gateway6 | |
/etc/ndpd/sendr_anchor | The SEND router anchor file for the certificate chain. |