Page MenuHomeFreeBSD
Files F143218378

D38644.id117810.diff
No OneTemporary
Actions

D38644.id117810.diff
View Options

diff --git a/share/man/man4/inet6.4 b/share/man/man4/inet6.4
--- a/share/man/man4/inet6.4
+++ b/share/man/man4/inet6.4
@@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd November 12, 2021
+.Dd February 22, 2023
.Dt INET6 4
.Os
.Sh NAME
@@ -185,7 +185,9 @@
.Tn ICMPv6
message protocol is accessible from a raw socket.
.Ss MIB Variables
-A number of variables are implemented in the net.inet6 branch of the
+A number of variables are implemented in the
+.Va net.inet6
+branch of the
.Xr sysctl 3
MIB.
In addition to the variables supported by the transport protocols
@@ -341,6 +343,11 @@
.Dv AF_INET6
sockets.
Defaults to on.
+.It Va ip6.log_cannot_forward
+Boolean: log packets that can't be forwarded because of unspecified source
+address or destination address beyond the scope of the source address as
+described in RFC4443.
+Enabled by default.
.It Va ip6.source_address_validation
Boolean: perform source address validation for packets destined for the local
host.
@@ -440,6 +447,15 @@
.Xr ip6 4 ,
.Xr tcp 4 ,
.Xr udp 4
+.Rs
+.%A A. Conta
+.%A S. Deering
+.%A M. Gupta
+.%T "Internet Control Message Protocol (ICMPv6) for the Internet" \
+ "Protocol Version 6 (IPv6) Specification"
+.%R RFC 4443
+.%D March 2006
+.Re
.Sh STANDARDS
.Rs
.%A Tatsuya Jinmei
diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@ -179,6 +179,7 @@
#endif
VNET_DEFINE(int, nd6_onlink_ns_rfc4861) = 0;/* allow 'on-link' nd6 NS
* (RFC 4861) */
+VNET_DEFINE(bool, ip6_log_cannot_forward) = 1;
/* icmp6 */
/*
@@ -342,6 +343,10 @@
&VNET_NAME(ip6stealth), 0,
"Forward IPv6 packets without decrementing their TTL");
#endif
+SYSCTL_BOOL(_net_inet6_ip6, OID_AUTO,
+ log_cannot_forward, CTLFLAG_VNET | CTLFLAG_RW,
+ &VNET_NAME(ip6_log_cannot_forward), 1,
+ "Log packets that can't be forwarded");
/* net.inet6.icmp6 */
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, rediraccept,
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c
--- a/sys/netinet6/ip6_forward.c
+++ b/sys/netinet6/ip6_forward.c
@@ -114,7 +114,8 @@
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
IP6STAT_INC(ip6s_cantforward);
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
- if (V_ip6_log_time + V_ip6_log_interval < time_uptime) {
+ if (V_ip6_log_cannot_forward &&
+ (V_ip6_log_time + V_ip6_log_interval < time_uptime)) {
V_ip6_log_time = time_uptime;
log(LOG_DEBUG,
"cannot forward "
@@ -221,7 +222,8 @@
IP6STAT_INC(ip6s_badscope);
in6_ifstat_inc(nh->nh_ifp, ifs6_in_discard);
- if (V_ip6_log_time + V_ip6_log_interval < time_uptime) {
+ if (V_ip6_log_cannot_forward &&
+ (V_ip6_log_time + V_ip6_log_interval < time_uptime)) {
V_ip6_log_time = time_uptime;
log(LOG_DEBUG,
"cannot forward "
diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c
--- a/sys/netinet6/ip6_mroute.c
+++ b/sys/netinet6/ip6_mroute.c
@@ -1099,7 +1099,8 @@
*/
if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
IP6STAT_INC(ip6s_cantforward);
- if (V_ip6_log_time + V_ip6_log_interval < time_uptime) {
+ if (V_ip6_log_cannot_forward &&
+ (V_ip6_log_time + V_ip6_log_interval < time_uptime)) {
V_ip6_log_time = time_uptime;
log(LOG_DEBUG,
"cannot forward "
diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@@ -339,6 +339,9 @@
#define V_nd6_ignore_ipv6_only_ra VNET(nd6_ignore_ipv6_only_ra)
#endif
+VNET_DECLARE(bool, ip6_log_cannot_forward);
+#define V_ip6_log_cannot_forward VNET(ip6_log_cannot_forward)
+
extern struct pr_usrreqs rip6_usrreqs;
struct sockopt;

File Metadata

Mime Type
text/plain
Expires
Wed, Jan 28, 3:19 PM (5 h, 31 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28066672
Default Alt Text
D38644.id117810.diff (3 KB)

Event Timeline