ndpd-router Daemon

Purpose

NDP and RIPng daemon for a router.

Syntax

ndpd-router [ -r] [ -p] [ -M] [ -O] [ -s] [ -q] [ -g] [ -n] [ -R] [ -S] [ -d] [ -t] [ -v] [ -H ] [ -m ] [ -u port] [ -D max[min[/life]]] [ -P [invlife]/[deplife]] [ -T [reachtim]/[retrans]/[hlim]] [ -e [ off | compatible | only ] ]

Description

The ndpd-router daemon manages the Neighbor Discovery Protocol (NDP) for non-kernel activities. It receives Router Solicitations and sends Router Advertisements. It can also exchange routing information using the RIPng protocol.

The /etc/gateway6 file provides options for ndpd-router. This file can be modified while the program is running. The changes are checked before any emission or reception of message, or on reception of the HUP signal. The file contains directives, one by line (with # as comment). All the IPv6 addresses and prefixes in the file must be in numeric form. No symbolic name is allowed. Except for the gateway directive, each line begins with a keyword and is made of options of the form key=argument.

Interfaces

The ndpd-router daemon knows about IEEE and CTI point to point interfaces. The ndpd-router daemon exchanges packets on all the known interfaces UP with a Link-Local Address. Any change of status of an interface is detected. If an interface goes down or loses its Link-Local address, the NDP and RIPng processing is stopped on this interface. If an interface goes up, the NDP and RIPng processing is started.

To send Router Advertisements or RIPng packets or both, local and remote Link-Local addresses must be configured.

Flags

Item Description
-e [off | compatible | only ] Specifies the SEND mode:
off
Implies that the SEND option is not enabled. For example, the router behaves as is prior to RFC 3971/3972.
compatible
Implies that the router complies to RFC 3971/3972 but does not require the options specified in the RFC. The environment can be one where certain nodes are SEND capable while others are not. However, if the SEND options are embedded in the incoming packets, they must be correct.
only
Implies that all message must conform to RFC 3971/3972, or the message will be rejected.
In order to enable the SEND option, you must install the clic.rte fileset and OpenSSL.
-H Enables the system to process NDP features needed to function as a mobile IPv6 home agent
-m Enables the system to aid movement detection for mobile IPv6 mobile nodes.
-D max [min[/life]] Sends Unsolicited Router Advertisements at intervals from min to max seconds. Default max value is 600 seconds, valid range is 4 to 1800 seconds. Default min equals to max / 3, valid range is from 1 to 0.75 * max. The router lifetime is set with life, default value is 10 * max. Valid range is 0 to 65535 seconds.
-T [reachtim] / [retrans] / [hlim] Sets the BaseReachableTime field to reachim seconds, if reachim is not zero. If retrans is not zero, sets the RetransTime field to retrans seconds. If hlim is not zero, sets the hop limit field in Router Advertisements to hlim.
-M Sets the M flag (stateful configuration) in advertisements.
-O Sets the O flag (other stateful information) in advertisements
-p Does not offer prefixes (learned from interface configuration).
-P [invlife]/[deplife] Sets the invalid life value and the deprecated life value for announced prefixes (in seconds). The default value is 0xffffffff (infinite).
-r Does not offer to be the default router in Router Advertisements.
-s Enables the RIPng protocol (the default is: RIPng disabled).
-q Enables the RIPng protocol, but does not send RIPng packets.
-g Broadcast a default route in RIPng.
-n Does not install routes received by RIPng.
-u port Uses UDP port port for RIPng. The default is 521.
-R Uses split horizon without corrupting reverse for RIPng.
-S Does not use any split horizon for RIPng.
-d Enables debugging (exceptional conditions and dump).
-v Logs all interesting events (daemon.info and console).
-t Adds time stamps in logged messages.

Available directives

The main directives for the /etc/gateway6 file are:
option [option-directive ...]
Sets per-interface/default options.
prefix [prefix-directive ...]
Sets per-interface/default prefix processing options.
filter [filter-directive ...]
Sets per-interface/default filters.
gateway directives
Sets routes in RIPng packets or in the kernel.
Each of these directives is explained in more detail below.

The option directive

Sets different per-interface options.

Any value settings for the option directive which follow the if option must appear in a comma-separated list.
Note: At least one option (other than the if option) must be specified following the option directive. If the if option is specified, it must be the first option following the option directive. There must be a space between the if option and any comma-separated list of options which follow.

Syntax:

option [ if=n1,n2 ] ripin=(y|n),ripout=(y|n|S|R),rtadv=(y|n|min[/max]),flag=[M|O],life=Seconds,reach=Seconds,retrans=Seconds

Item Description
if=list interface=list If there is no keyword, the option directive is a default option. If there is an interface field, the option parameters apply only to the listed interfaces. The list is comma-separated. You can use le* to match all the leX interfaces. The default option must be the first line in the /etc/gateway6 file.
mtu[=mtuval] Advertises a MTU value of mtuval in router advertisements. If there is no mtuval argument, the advertised MTU is the MTU of the interface. If mtuval is 0, suppress the advertisement of MTU.
ripin=(n|y) Does not listen (listen) to incoming RIPng packets. Does not send (send) RIPng packets. With the -S flag, do not use split horizon. With the -R flag, use split horizon without poisoning reverse.
rtadv=(n|y|min [/max]) Does not send (send) router advertisements. With min[/max] option, set the interval (in seconds) between router advertisements.
flag={M|O} Sets the stateful mode flags in router advertisements.
M
Uses stateful configuration
O
Uses stateful configuration, but not for addresses
life=Seconds Sets the router life field in router advertisements (in seconds).
reach=Seconds Sets the reachable field in router advertisements (in seconds).
retrans=Seconds Sets the retransmit interval field in router advertisements (in seconds).

The prefix directive

Defines the prefixes announced in Router advertisement directives. If there is no prefix-directive for an interface, the router advertisement contains the list of prefixes deduced from the address list of the interface. If there are prefix-directives, the router advertisement contains the list of prefixes defined by the different prefix directives (in order). No prefix is installed in the kernel. If there is one directive of the form prefix prefix=none, no prefix list is advertised.

Syntax:

prefix if=n prefix=(none|xxx::/PrefixLength) flag=[L][A] valid=Seconds deprec=Seconds

Item Description
if=Interface or interface=Interface Specifies the interface on which the directive applies. The if keyword is mandatory for the prefix directive. It is not an option.
prefix=xxx::/PrefixLength The advertised prefix.
flag=[L][A] Set the L and/or A flag for the prefix (the default is LA).
deprec=Seconds Set the deprecated time (in seconds) for the prefix.
valid=Seconds Set the validity time (in seconds) for the prefix.

The filter directive

Define a filter pattern for incoming (filter=in) or outgoing (filter=out) RIPng packets. There is one incoming and one outgoing filter per interface, and one default incoming and one default outgoing filter for interfaces without explicit filter.

Any received RIPng information is tested against the input filter of the interface, or, if there is none, against the default input filter. The static interface routes are seen as input information coming from the interface and from a gateway with the link local address of the interface. The routes set by a gateway directive with a gateway keyword are seen as input information coming from the specified interface and gateway. The default route (-g flag) and the routes set by a gateway directive without a gateway keyword are seen as input information coming from gateway :: and no interface (the default input filter applies).

Any sent RIPng information is tested against the output filter of the interface, or, if there is none, against the default output filter.

Each filter is a sequence of matching patterns. The patterns are tested in order. Each pattern can test the prefix length, the source gateway (for input filters and that the prefix (padded with zeroes) matches a fixed prefix. If a pattern contains more than one test description, the match is the conjunction of all the tests. The first matching pattern defines the action to perform. If no pattern matches, the default action is accept. The possible actions are accept, reject and truncate/NumberOfBits. The truncate/NumberOfBits action means: if the pattern matches and if prefix length is greater or equal to NumberOfBits, accept the prefix with new length NumberOfBits. The accepted prefix is immediately accepted, that is, not checked again against the filters.

For example, the following directive inhibits sending host routes on any interface without an explicit outgoing filter:
filter=out length==128 action=reject

Syntax:

filter=(in|out) [if=n1,n2] prefix=xx::/NumberOfBits gateway=xxx length=(=|>=|<=|<|>)NumberOfBits action=(accept|reject|truncate/xx)

Item Description
if=list or interface=list If there is no interface keyword, the filter directive is a default option. If there is an interface field, the filter pattern is added at the end of the filters of all specified interfaces. The list is comma-separated. For example, you can specify interface=le* to specify all the leX interfaces.
prefix=xxx::/NumberOfBits The pattern matches only if xxx::/NumberOfBits is a prefix of the prefix in the RIPng packet.
gateway=xxx The pattern matches only if the RIPng message comes from source address xxx, only in incoming filters.
length=(=|>=|<=|<|>)NumberOfBits The pattern match only if the prefix length in the RIPng message is equal to (or greater than, less than, etc., depending on the operator specified) to NumberOfBits.
action=(accept|reject|truncate/NumberOfBits) Specify the action to perform if the pattern matches: accept the message, reject the message, accept but truncate the prefix to NumberOfBits bits.

Gateway directives

The gateway directives allow the user to set up routes in RIPng packets and/or in the kernel. These directives must appear at the end of the /etc/gateway6 file, after the other directives.

Syntax:

xxx::/NumberOfBits metric Value

xxx::/NumberOfBits metric Value gateway IPv6Address ifname

The second syntax is used to add the route to the kernel.

Examples

The following examples are of the /etc/gateway6 file.

On a site where all addresses are of the form 5f06:2200:c001:0200:xxxx, the following example means that only one route, describing all the site, is exported on all the Configured Tunnel Interface (CTI) ctiX interfaces. The keyword abbreviations shown are valid.

filt=out if=cti* pref=5f06:2200:c001:0200::/64 len=>=64 act=trunc/64

Setting a default outgoing route:

::/0 metric 2 gateway 5f06:2200:c102:0200::1 cti0

Declare that any CTI interface active with RIPng defines a default route:

filter=in if=cti* act=trunc/0

The following example defines a site with an exterior connection cti0, which aggregates other sites connected through ctiX, and which uses split horizon without poisoned reverse. The order of the lines is important, as all filter descriptions apply to cti0.

option if=cti* ripout=R
filter=out if=cti0 prefix=5f06:2200::/24 len=>=24 act=trunc/24
filt=out if=cti* pref=5f06:2200:c001:0200::/64 len=>=64 act=trunc/64
filter=in if=cti0 act=trunc/0
filter=in if=cti* prefix=5f06:2200::/24 len=>=24 act=trunc/64
filter=in if=cti* act=reject

Diagnostics

All errors are logged at the daemon.err level, unless the debug option is set. This includes all the syntax errors in the /etc/gateway6 file and configuration mismatches between different routers.

Signals

ndpd-router responds to the following signals:

Item Description
SIGINT Dumps its current state to syslog, if syslog is defined. Otherwise, dumped to stdout.
SIGHUP The /etc/gateway6 file is read again.
SIGUSR1 Verbosity is incremented.
SIGUSR2 Verbosity is reset.
SIGTERM Resets to a resonable state and stops.
SIGQUIT Resets to a resonable state and stops.

Files

Item Description
/etc/gateway6  
/etc/ndpd/sendr_anchor The SEND router anchor file for the certificate chain.