Date: 19 Jul 2003 01:03:36 -0000 From: Andy Gilligan <andy@evo6.org> To: FreeBSD-gnats-submit@freebsd.org Cc: freebsd-net@freebsd.org Subject: [PATCH] IPv6 stealth forwarding Message-ID: <20030719010336.9667.qmail@mx1.evo6.net>
next in thread | raw e-mail | index | archive | help
>Submitter-Id: current-users
>Originator: Andy Gilligan
>Confidential: no
>Synopsis: [PATCH] IPv6 stealth forwarding
>Severity: non-critical
>Priority: low
>Category: kern
>Class: change-request
>Release: FreeBSD 4.8-STABLE i386
>Environment:
System: FreeBSD vega 4.8-STABLE FreeBSD 4.8-STABLE #6: Fri Jul 18 23:46:58 BST 2003 root@vega:/usr/obj/usr/src/sys/VEGA i386
>Description:
This patch enables stealth forwarding for IPv6.
Similar to the functionality found in IPv4.
A new sysctl variable has been added to control this
behaviour: net.inet6.ip6.stealth
The desired effect of this patch is to remove the
router from traceroutes, in both directions.
>How-To-Repeat:
sysctl net.inet6.ip6.stealth=1
>Fix:
Index: sys/netinet6/in6.h
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/in6.h,v
retrieving revision 1.7.2.7
diff -u -r1.7.2.7 in6.h
--- sys/netinet6/in6.h 1 Aug 2002 19:38:50 -0000 1.7.2.7
+++ sys/netinet6/in6.h 18 Jul 2003 23:36:48 -0000
@@ -567,7 +567,8 @@
/* New entries should be added here from current IPV6CTL_MAXID value. */
/* to define items, should talk with KAME guys first, for *BSD compatibility */
-#define IPV6CTL_MAXID 37
+#define IPV6CTL_STEALTH 43 /* MAXID from KAME CVS 20030719 */
+#define IPV6CTL_MAXID 44
#endif /* !_XOPEN_SOURCE */
Index: sys/netinet6/in6_proto.c
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/in6_proto.c,v
retrieving revision 1.6.2.9
diff -u -r1.6.2.9 in6_proto.c
--- sys/netinet6/in6_proto.c 24 Jan 2003 05:11:35 -0000 1.6.2.9
+++ sys/netinet6/in6_proto.c 18 Jul 2003 19:20:02 -0000
@@ -68,6 +68,7 @@
#include "opt_inet.h"
#include "opt_inet6.h"
#include "opt_ipsec.h"
+#include "opt_ipstealth.h"
#include <sys/param.h>
#include <sys/socket.h>
@@ -302,6 +303,9 @@
u_int32_t ip6_id = 0UL;
int ip6_keepfaith = 0;
time_t ip6_log_time = (time_t)0L;
+#ifdef IPSTEALTH
+int ip6stealth = 0;
+#endif
/* icmp6 */
/*
@@ -432,6 +436,10 @@
auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal, 0, "");
SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD,
&rip6stat, rip6stat, "");
+#ifdef IPSTEALTH
+SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW,
+ &ip6stealth, 0, "");
+#endif
/* net.inet6.icmp6 */
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
Index: sys/netinet6/ip6_forward.c
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/ip6_forward.c,v
retrieving revision 1.4.2.7
diff -u -r1.4.2.7 ip6_forward.c
--- sys/netinet6/ip6_forward.c 24 Jan 2003 05:11:35 -0000 1.4.2.7
+++ sys/netinet6/ip6_forward.c 18 Jul 2003 23:40:49 -0000
@@ -34,6 +34,7 @@
#include "opt_inet.h"
#include "opt_inet6.h"
#include "opt_ipsec.h"
+#include "opt_ipstealth.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -156,6 +157,9 @@
return;
}
+#ifdef IPSTEALTH
+ if (!ip6stealth) {
+#endif
if (ip6->ip6_hlim <= IPV6_HLIMDEC) {
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
icmp6_error(m, ICMP6_TIME_EXCEEDED,
@@ -164,6 +168,9 @@
}
ip6->ip6_hlim -= IPV6_HLIMDEC;
+#ifdef IPSTEALTH
+ }
+#endif
/*
* Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
* size of IPv6 + ICMPv6 headers) bytes of the packet in case
Index: sys/netinet6/ip6_var.h
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/ip6_var.h,v
retrieving revision 1.2.2.4
diff -u -r1.2.2.4 ip6_var.h
--- sys/netinet6/ip6_var.h 23 Jan 2003 21:06:47 -0000 1.2.2.4
+++ sys/netinet6/ip6_var.h 18 Jul 2003 05:19:14 -0000
@@ -284,6 +284,9 @@
extern int ip6_lowportmax; /* maximum reserved port */
extern int ip6_use_tempaddr; /* whether to use temporary addresses. */
+#ifdef IPSTEALTH
+extern int ip6stealth;
+#endif
extern struct pr_usrreqs rip6_usrreqs;
struct sockopt;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030719010336.9667.qmail>