D38644.id117768.diff
No OneTemporary
Actions

Size

3 KB

Referenced Files

None

Subscribers

None

D38644.id117768.diff
View Options

	diff --git a/share/man/man4/inet6.4 b/share/man/man4/inet6.4
	--- a/share/man/man4/inet6.4
	+++ b/share/man/man4/inet6.4
	@@ -185,7 +185,9 @@
	.Tn ICMPv6
	message protocol is accessible from a raw socket.
	.Ss MIB Variables
	-A number of variables are implemented in the net.inet6 branch of the
	+A number of variables are implemented in the
	+.Va net.inet6
	+branch of the
	.Xr sysctl 3
	MIB.
	In addition to the variables supported by the transport protocols
	@@ -341,6 +343,11 @@
	.Dv AF_INET6
	sockets.
	Defaults to on.
	+.It Va ip6.log_discarded
	+Boolean: log packets that can't be forwarded because of unspecified source
	+address or those that destination is beyond the scope of the source address
	+as described in RFC4443.
	+Enabled by default.
	.It Va ip6.source_address_validation
	Boolean: perform source address validation for packets destined for the local
	host.
	diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
	--- a/sys/netinet6/in6_proto.c
	+++ b/sys/netinet6/in6_proto.c
	@@ -198,6 +198,8 @@
	(ICMP6_NODEINFO_FQDNOK\|ICMP6_NODEINFO_NODEADDROK);
	VNET_DEFINE(int, icmp6_nodeinfo_oldmcprefix) = 1;

	+VNET_DEFINE(bool, ip6_log_discarded) = 1;
	+
	/*
	* sysctl related items.
	*/
	@@ -396,3 +398,9 @@
	"Ignore the 'IPv6-Only flag' in RA messages in compliance with "
	"draft-ietf-6man-ipv6only-flag");
	#endif
	+
	+SYSCTL_BOOL(_net_inet6_ip6, OID_AUTO,
	+ log_discarded, CTLFLAG_VNET \| CTLFLAG_RW,
	+ &VNET_NAME(ip6_log_discarded), 1,
	+ "Log packets that can't be forwarded for the reasons outside of "
	+ "firewall rules");
	diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c
	--- a/sys/netinet6/ip6_forward.c
	+++ b/sys/netinet6/ip6_forward.c
	@@ -114,7 +114,8 @@
	IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
	IP6STAT_INC(ip6s_cantforward);
	/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
	- if (V_ip6_log_time + V_ip6_log_interval < time_uptime) {
	+ if (V_ip6_log_discarded &&
	+ (V_ip6_log_time + V_ip6_log_interval < time_uptime)) {
	V_ip6_log_time = time_uptime;
	log(LOG_DEBUG,
	"cannot forward "
	@@ -221,7 +222,8 @@
	IP6STAT_INC(ip6s_badscope);
	in6_ifstat_inc(nh->nh_ifp, ifs6_in_discard);

	- if (V_ip6_log_time + V_ip6_log_interval < time_uptime) {
	+ if (V_ip6_log_discarded &&
	+ (V_ip6_log_time + V_ip6_log_interval < time_uptime)) {
	V_ip6_log_time = time_uptime;
	log(LOG_DEBUG,
	"cannot forward "
	diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c
	--- a/sys/netinet6/ip6_mroute.c
	+++ b/sys/netinet6/ip6_mroute.c
	@@ -1099,7 +1099,8 @@
	*/
	if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
	IP6STAT_INC(ip6s_cantforward);
	- if (V_ip6_log_time + V_ip6_log_interval < time_uptime) {
	+ if (V_ip6_log_discarded &&
	+ (V_ip6_log_time + V_ip6_log_interval < time_uptime)) {
	V_ip6_log_time = time_uptime;
	log(LOG_DEBUG,
	"cannot forward "
	diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
	--- a/sys/netinet6/ip6_var.h
	+++ b/sys/netinet6/ip6_var.h
	@@ -339,6 +339,9 @@
	#define V_nd6_ignore_ipv6_only_ra VNET(nd6_ignore_ipv6_only_ra)
	#endif

	+VNET_DECLARE(bool, ip6_log_discarded);
	+#define V_ip6_log_discarded VNET(ip6_log_discarded)
	+
	extern struct pr_usrreqs rip6_usrreqs;
	struct sockopt;

File Metadata

Mime Type: text/plain
Expires: Sun, Dec 21, 12:29 PM (3 h, 19 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27112885
Default Alt Text: D38644.id117768.diff (3 KB)

D38644.id117768.diffNo OneTemporaryActions

D38644.id117768.diffView Options

File Metadata

Event Timeline

D38644.id117768.diff
No OneTemporary
Actions

D38644.id117768.diff
View Options