D23329.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D23329.diff
View Options

	Index: head/libexec/rc/rc.conf
	===================================================================
	--- head/libexec/rc/rc.conf
	+++ head/libexec/rc/rc.conf
	@@ -235,7 +235,7 @@
	tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO).
	tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN
	# NOTE: this violates the TCP specification
	-icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets
	+icmp_drop_redirect="auto" # Set to YES to ignore ICMP REDIRECT packets
	icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets
	network_interfaces="auto" # List of network interfaces (or "auto").
	cloned_interfaces="" # List of cloned network interfaces to create.
	Index: head/libexec/rc/rc.d/routed
	===================================================================
	--- head/libexec/rc/rc.d/routed
	+++ head/libexec/rc/rc.d/routed
	@@ -3,7 +3,7 @@
	# $FreeBSD$
	#

	-# PROVIDE: routed
	+# PROVIDE: routed dynamicrouting
	# REQUIRE: netif routing
	# BEFORE: NETWORK
	# KEYWORD: nojailvnet
	Index: head/libexec/rc/rc.d/routing
	===================================================================
	--- head/libexec/rc/rc.d/routing
	+++ head/libexec/rc/rc.d/routing
	@@ -292,8 +292,29 @@
	fi
	}

	+_check_dynamicrouting()
	+{
	+ local skip file name rcvar
	+
	+ # copied from /etc/rc
	+ skip="-s nostart"
	+ if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then
	+ skip="$skip -s nojail"
	+ fi
	+ [ -n "$local_startup" ] && find_local_scripts_new
	+
	+ for file in $( rcorder ${skip} /etc/rc.d/* ${local_rc} 2>/dev/null \|
	+ xargs grep -lE '^# PROVIDE:.*\<dynamicrouting\>' ); do
	+ (set -- enabled; . $file) && return 0;
	+ done
	+
	+ return 1
	+}
	+
	options_inet()
	{
	+ local _icmp_drop_redirect
	+
	_ropts_initdone=
	if checkyesno icmp_bmcastecho; then
	ropts_init inet
	@@ -303,7 +324,17 @@
	${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
	fi

	- if checkyesno icmp_drop_redirect; then
	+ _icmp_drop_redirect="${icmp_drop_redirect}"
	+ case "${_icmp_drop_redirect}" in
	+ [Aa][Uu][Tt][Oo] \| "")
	+ if _check_dynamicrouting; then
	+ _icmp_drop_redirect="yes"
	+ else
	+ _icmp_drop_redirect="no"
	+ fi
	+ ;;
	+ esac
	+ if checkyesno _icmp_drop_redirect; then
	ropts_init inet
	echo -n ' ignore ICMP redirect=YES'
	${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
	Index: head/share/man/man5/rc.conf.5
	===================================================================
	--- head/share/man/man5/rc.conf.5
	+++ head/share/man/man5/rc.conf.5
	@@ -1182,11 +1182,19 @@
	.It Va icmp_drop_redirect
	.Pq Vt bool
	Set to
	-.Dq Li NO
	-by default.
	+.Dq Li AUTO
	+by default. This setting will be identical to
	+.Dq Li YES ,
	+if a dynamicrouting daemon is enabled, because redirect processing may
	+cause perfomance issues for large routing tables. If no such service
	+is enabled, this setting behaves like a
	+.Dq Li NO .
	Setting to
	.Dq Li YES
	will cause the kernel to ignore ICMP REDIRECT packets.
	+Setting to
	+.Dq Li NO
	+will cause the kernel to process ICMP REDIRECT packets.
	Refer to
	.Xr icmp 4
	for more information.

File Metadata

Mime Type: text/plain
Expires: Sat, Nov 23, 5:46 AM (16 h, 39 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 14772457
Default Alt Text: D23329.diff (2 KB)

D23329.diffNo OneTemporaryActions

D23329.diffView Options

File Metadata

Event Timeline

D23329.diff
No OneTemporary
Actions

D23329.diff
View Options