Skip to content

Releases: Optic00/IPv6Monitor

1.3.0

Choose a tag to compare

@Optic00 Optic00 released this 02 Jul 21:10

This release focuses on robustness and privilege-model hardening, driven by an independent architecture review of the app's core repair loop and privileged-helper security model.

Security: sudoers surface reduced

route add/route delete no longer run through a broad NOPASSWD: /sbin/route sudoers grant. They're now two validated subcommands (route-add, route-delete) on the existing root-owned ipv6monitor-pf wrapper, which validates the interface and gateway in root-context code before building the route command - the same hardening the RA-protection feature already had.

Action required for existing installs: the old sudoers rule does nothing for this version. Run:

sudo Scripts/apply-sudoers-update.sh

This reinstalls the wrapper, replaces your /etc/sudoers.d/ipv6monitor with the wrapper-only rule (backing up the old one first), and verifies it works without a password prompt. Until this is run, automated route repair will fail on the next route loss.

Fixes

  • Closed a real cross-queue data race in the core monitoring loop: currentInterface/routerIP are now consistently confined to the app's serial repair queue on both the write and read side (menu, connectivity window, health-poll timer), matching the discipline already used for RA Protection's state.
  • Removed a deadlock-prone shell helper. A legacy process-execution path could hang forever on large command output (e.g. a big ndp -an neighbor cache); both callers now use the hardened, concurrent-drain runner.
  • Fixed silently-disabled snapshot rate-limiting after a successful auto-repair. The episode-tracking state that throttles forensic snapshots during route flapping never restarted its clock after a successful repair - the most common recovery path - so a rapid string of losses right after a repair could re-trigger full disk-writing snapshots. The route-loss/repair state machine has been extracted into a small, independently unit-tested RouteEpisodeTracker.
  • Fixed a hazard where the app could delete a live VPN's default route. The stale-foreign-route cleanup added for a prior incident used an overly broad condition; it's now tightened so a route is only removed when the foreign interface is both inactive and has no real global IPv6 address (a live utun/VPN interface never satisfies both).

Also in this release

  • MECHANICS.md - a maintained architecture map of the codebase.
  • Scripts/tests/run-all.sh - runs the full test suite in one command.
  • Unified three duplicate process-execution implementations into one shared, hardened runner.

All changes were verified with a full local build + test suite pass, two independent Codex review passes (the second confirmed a fix to a race the first pass had found), and a live test of the new route-add/route-delete path against the real routing table (delete -> verify loss -> repair -> verify recovery, plus interface/gateway input-validation checks).

Note

The bundled app is ad-hoc signed (no paid Apple Developer account). On first launch you may need to right-click -> Open, or remove the quarantine attribute. Building from source (see README) is equally supported.

1.2.0

Choose a tag to compare

@Optic00 Optic00 released this 01 Jul 16:44

Adds an optional, advanced feature to actively prevent the IPv6 default-route loss instead of only detecting/repairing it — built on the host-side pf filter proven over a 48h A/B test (0 losses, ndp -rn collapsed from 8 routers to 1).

New: RA Protection (advanced, opt-in)

  • What it does: blocks incoming IPv6 Router Advertisements on your primary interface except from the real gateway, removing the multi-RA trigger of the default-route bug. The existing detect-and-repair stays active as a safety net regardless.
  • Hidden by default — only offered when your network actually shows the risk pattern (multiple RA senders, or a prior recorded route loss).
  • Requires a one-time setup: a small privileged helper (Scripts/ipv6monitor-pf) installed to /Library/PrivilegedHelperTools plus a narrow sudoers rule (fixed subcommands only — never broad pfctl access). See Scripts/README-ra-protection.md for the exact steps.
  • Safety built in: an explicit confirm step before arming (shows the detected gateway and freshness), a live progress indicator during detection, pings the gateway before and after arming and auto-reverts if it becomes unreachable, continuous health monitoring that auto-disarms if the filter stops helping (gateway RAs stop arriving, the interface changes, or the rule disappears externally), a menu-bar status line with an always-available one-click Off, and an optional "re-arm on launch" setting that re-validates before ever applying anything automatically.
  • Fully German-localized, matching the rest of the app.

Note

The bundled app is ad-hoc signed (no paid Apple Developer account). On first launch you may need to right-click → Open, or remove the quarantine attribute. Building from source (see README) is equally supported.

1.1.2

Choose a tag to compare

@Optic00 Optic00 released this 27 Jun 06:35
3259377

Continues the diagnostics work, focused on capturing evidence for the sporadic IPv6 default-route loss.

New

  • Scoped default-route probe: when a loss is detected, the diagnostic snapshot now records route -n get -inet6 default -ifscope <iface> right after the existing unscoped route -n get -inet6 default. When the unscoped lookup returns "not in table", the scoped variant shows whether the interface-scoped default route still resolves — making the scoped-vs-unscoped split explicit and giving direct evidence for the kernel scoped-route ↔ unscoped-lookup consistency discrepancy.

Note

The bundled app is ad-hoc signed (no paid Apple Developer account). On first launch you may need to right-click → Open, or remove the quarantine attribute. Building from source (see README) is equally supported.

1.1.1

Choose a tag to compare

@Optic00 Optic00 released this 26 Jun 21:06
cb19641

Builds on the diagnostics work in 1.1.0, focused on capturing evidence for the sporadic IPv6 default-route loss.

New

  • Boot baseline: shortly after a real system boot the app records the full IPv6 router/route state — a dated RA@boot total=… high=[…] medium=[…] log line plus a startup-<timestamp>.txt snapshot (ndp -rn, netstat -rn -f inet6, scutil, ifconfig, configd/networkd logs). This makes it possible to compare a "clean" boot against a "fragile" one (the loss is suspected to depend on the boot-time convergence of the default-router list). Gated to the first ~10 minutes after boot (via kern.boottime), so ordinary app relaunches don't create snapshots.
  • Running version is now shown at the top of the menu (IPv6Monitor <version> (<build>)).

Note

The bundled app is ad-hoc signed (no paid Apple Developer account). On first launch you may need to right-click → Open, or remove the quarantine attribute. Building from source (see README) is equally supported.

1.1.0

Choose a tag to compare

@Optic00 Optic00 released this 26 Jun 19:43
e694305

Diagnostics-focused release. The goal of this work is better evidence gathering about why macOS drops the IPv6 default route (multiple RA senders on the LAN), to support an Apple Feedback report.

New

  • Connectivity Check → "IPv6 routers on the network" panel: lists every RA-learned default router on the monitored interface with its preference (high/medium/low) and remaining lifetime (expire); warns when more than one is present. Window is now resizable.
  • Loss forensics: on every route loss the app now logs a compact, dated, greppable line and adds it to the diagnostic snapshot:
    RA@loss total=8 high=[29m50s] medium=[1h59m55s,…] low=[]
    
    Over many losses this shows whether losses correlate with the high-preference gateway's RA lifetime lapsing, and which RA senders are present each time.
  • Interface picker: the interface that carries the default route and has a global-unicast IPv6 address is marked Recommended and sorted to the top; the IPv6 badge now reflects a real global address (not link-local).
  • Log window: full-text search, type filter, an "events only" toggle (hides the route-OK heartbeat), and date separators.
  • Docs: added a root-cause analysis note (docs/root-cause-analysis.md).

Note

The bundled app is ad-hoc signed (no paid Apple Developer account). On first launch you may need to right-click → Open, or remove the quarantine attribute. Building from source (see README) is equally supported.

1.0.0

Choose a tag to compare

@IngmarStein IngmarStein released this 24 Jan 14:33
f2a4ab2

First release