Date: 19 Jul 2003 01:03:36 -0000 From: Andy Gilligan <andy@evo6.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: freebsd-net@FreeBSD.org Subject: kern/54625: [PATCH] IPv6 stealth forwarding Message-ID: <20030719010336.9667.qmail@mx1.evo6.net> Resent-Message-ID: <200307190110.h6J1AGkQ030529@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 54625 >Category: kern >Synopsis: [PATCH] IPv6 stealth forwarding >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Jul 18 18:10:15 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Andy Gilligan >Release: FreeBSD 4.8-STABLE i386 >Organization: >Environment: System: FreeBSD vega 4.8-STABLE FreeBSD 4.8-STABLE #6: Fri Jul 18 23:46:58 BST 2003 root@vega:/usr/obj/usr/src/sys/VEGA i386 >Description: This patch enables stealth forwarding for IPv6. Similar to the functionality found in IPv4. A new sysctl variable has been added to control this behaviour: net.inet6.ip6.stealth The desired effect of this patch is to remove the router from traceroutes, in both directions. >How-To-Repeat: sysctl net.inet6.ip6.stealth=1 >Fix: Index: sys/netinet6/in6.h =================================================================== RCS file: /data/cvs/freebsd/src/sys/netinet6/in6.h,v retrieving revision 1.7.2.7 diff -u -r1.7.2.7 in6.h --- sys/netinet6/in6.h 1 Aug 2002 19:38:50 -0000 1.7.2.7 +++ sys/netinet6/in6.h 18 Jul 2003 23:36:48 -0000 @@ -567,7 +567,8 @@ /* New entries should be added here from current IPV6CTL_MAXID value. */ /* to define items, should talk with KAME guys first, for *BSD compatibility */ -#define IPV6CTL_MAXID 37 +#define IPV6CTL_STEALTH 43 /* MAXID from KAME CVS 20030719 */ +#define IPV6CTL_MAXID 44 #endif /* !_XOPEN_SOURCE */ Index: sys/netinet6/in6_proto.c =================================================================== RCS file: /data/cvs/freebsd/src/sys/netinet6/in6_proto.c,v retrieving revision 1.6.2.9 diff -u -r1.6.2.9 in6_proto.c --- sys/netinet6/in6_proto.c 24 Jan 2003 05:11:35 -0000 1.6.2.9 +++ sys/netinet6/in6_proto.c 18 Jul 2003 19:20:02 -0000 @@ -68,6 +68,7 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" +#include "opt_ipstealth.h" #include <sys/param.h> #include <sys/socket.h> @@ -302,6 +303,9 @@ u_int32_t ip6_id = 0UL; int ip6_keepfaith = 0; time_t ip6_log_time = (time_t)0L; +#ifdef IPSTEALTH +int ip6stealth = 0; +#endif /* icmp6 */ /* @@ -432,6 +436,10 @@ auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal, 0, ""); SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD, &rip6stat, rip6stat, ""); +#ifdef IPSTEALTH +SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW, + &ip6stealth, 0, ""); +#endif /* net.inet6.icmp6 */ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, Index: sys/netinet6/ip6_forward.c =================================================================== RCS file: /data/cvs/freebsd/src/sys/netinet6/ip6_forward.c,v retrieving revision 1.4.2.7 diff -u -r1.4.2.7 ip6_forward.c --- sys/netinet6/ip6_forward.c 24 Jan 2003 05:11:35 -0000 1.4.2.7 +++ sys/netinet6/ip6_forward.c 18 Jul 2003 23:40:49 -0000 @@ -34,6 +34,7 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" +#include "opt_ipstealth.h" #include <sys/param.h> #include <sys/systm.h> @@ -156,6 +157,9 @@ return; } +#ifdef IPSTEALTH + if (!ip6stealth) { +#endif if (ip6->ip6_hlim <= IPV6_HLIMDEC) { /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ icmp6_error(m, ICMP6_TIME_EXCEEDED, @@ -164,6 +168,9 @@ } ip6->ip6_hlim -= IPV6_HLIMDEC; +#ifdef IPSTEALTH + } +#endif /* * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU - * size of IPv6 + ICMPv6 headers) bytes of the packet in case Index: sys/netinet6/ip6_var.h =================================================================== RCS file: /data/cvs/freebsd/src/sys/netinet6/ip6_var.h,v retrieving revision 1.2.2.4 diff -u -r1.2.2.4 ip6_var.h --- sys/netinet6/ip6_var.h 23 Jan 2003 21:06:47 -0000 1.2.2.4 +++ sys/netinet6/ip6_var.h 18 Jul 2003 05:19:14 -0000 @@ -284,6 +284,9 @@ extern int ip6_lowportmax; /* maximum reserved port */ extern int ip6_use_tempaddr; /* whether to use temporary addresses. */ +#ifdef IPSTEALTH +extern int ip6stealth; +#endif extern struct pr_usrreqs rip6_usrreqs; struct sockopt; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030719010336.9667.qmail>