Date: Tue, 26 May 2020 11:24:13 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246748] feature wish: reply_from_interface and reply_src sysctl for IPv6 Message-ID: <bug-246748-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246748 Bug ID: 246748 Summary: feature wish: reply_from_interface and reply_src sysctl for IPv6 Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: gert@greenie.muc.de IPv4 has the "net.inet.icmp.reply_from_interface" and "net.inet.icmp.reply_= src" sysctls to influence source address selection for generated ICMP error responses (most typically, "administratively prohibited" or "ttl expired"). By default, these packets are sent with the source address of the interface where the generated ICMP packet is leaving out. In a router/firewall context, "many network devices" use the source address= of the interface where the original packet (that triggered the ICMP reply) came *in* on - which makes, for example "traceroute" show up the ingress interfa= ce into the router. This is a very valuable tool. If you want FreeBSD to do = the same thing, you set "net.inet.icmp.reply_from_interface=3D1" - which works = very nicely. Here comes the feature request: IPv6 support does not have either sysctl to= day (at least up to 12.1). Building a dual-stack setup with "I can do this in = IPv4 but not in IPv6" is not good. Can such functionality be added to the IPv6 ICMP generation as well? The IPv4 code path looks fairly simple (~30 lines of code), but I most certainly do not understand the networking code myself to contribute an IPv6 equivalent. Thanks :-) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246748-227>