Regression #14072
closed
No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
100%
Description
On 23.01, rtsold is not firing the script at /var/etc/rtsold_<if>_script.sh unless the router advertisement received contains either the M or O flags.
On 22.05, the O script was executed even when the RA didn't have M or O set.
Because the script isn't executed, the router information doesn't get placed into /tmp/<if>_routerv6 or /tmp/<if>_defaultgwv6, so the firewall doesn't have connectivity through the interface.
Arguably the old behavior was a bug of sorts, because the parameters for rtsold only specify a script for -M and -O. There isn't a parameter to rtsold to execute a script when the RA is only a router, even though that should be usable as a gateway. Unfortunately users have no control over the messages sent by their ISP, so changing the upstream isn't a viable workaround.
The only relevant src change I see is in usr.sbin/rtsold/rtsol.c in the FreeBSD src repo, where due to a change in where a bracket was placed, the script is now only executed when it is O and not M, whereas before it was executed any time M was not set. See 4cf4fd60dad3d6eb5ed50962aa58d157873a9f16 in the src repo which is the only commit I see making that change. It may have been from a previous local patch.
The easy fix would be to restore the old behavior, but we could also add a new flag to rtsold for a script to execute no matter which flags are set, or something along those lines. We execute the same script for M and O, so a combined parameter to always execute would also simplify things that way.
To replicate, set the upstream router mode to "Router Only" and put 22.05 and 23.01 systems behind that. 22.05 will have a working gateway, 23.01 will not.
Updated by 
Updated by 
Updated by 
Updated by 
Updated by