From owner-freebsd-bugs@freebsd.org Tue May 26 11:24:14 2020 Return-Path: Delivered-To: freebsd-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 38D692F9BC9 for ; Tue, 26 May 2020 11:24:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 49WWnV0nW7z3gbk for ; Tue, 26 May 2020 11:24:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 1AF702F9BC8; Tue, 26 May 2020 11:24:14 +0000 (UTC) Delivered-To: bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1ABBA2F9B76 for ; Tue, 26 May 2020 11:24:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49WWnT6yLgz3gst for ; Tue, 26 May 2020 11:24:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EA4D922A36 for ; Tue, 26 May 2020 11:24:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 04QBODxY090764 for ; Tue, 26 May 2020 11:24:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 04QBODfC090760 for bugs@FreeBSD.org; Tue, 26 May 2020 11:24:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246748] feature wish: reply_from_interface and reply_src sysctl for IPv6 Date: Tue, 26 May 2020 11:24:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: gert@greenie.muc.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2020 11:24:14 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246748 Bug ID: 246748 Summary: feature wish: reply_from_interface and reply_src sysctl for IPv6 Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: gert@greenie.muc.de IPv4 has the "net.inet.icmp.reply_from_interface" and "net.inet.icmp.reply_= src" sysctls to influence source address selection for generated ICMP error responses (most typically, "administratively prohibited" or "ttl expired"). By default, these packets are sent with the source address of the interface where the generated ICMP packet is leaving out. In a router/firewall context, "many network devices" use the source address= of the interface where the original packet (that triggered the ICMP reply) came *in* on - which makes, for example "traceroute" show up the ingress interfa= ce into the router. This is a very valuable tool. If you want FreeBSD to do = the same thing, you set "net.inet.icmp.reply_from_interface=3D1" - which works = very nicely. Here comes the feature request: IPv6 support does not have either sysctl to= day (at least up to 12.1). Building a dual-stack setup with "I can do this in = IPv4 but not in IPv6" is not good. Can such functionality be added to the IPv6 ICMP generation as well? The IPv4 code path looks fairly simple (~30 lines of code), but I most certainly do not understand the networking code myself to contribute an IPv6 equivalent. Thanks :-) --=20 You are receiving this mail because: You are the assignee for the bug.=