Date: Thu, 27 Dec 2012 20:59:22 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r244750 - in head: share/man/man4 sys/net Message-ID: <201212272059.qBRKxMfo055743@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Dec 27 20:59:22 2012 New Revision: 244750 URL: http://svnweb.freebsd.org/changeset/base/244750 Log: Add net.link.stf.permit_rfc1918 sysctl variable. It can be used to allow the use of private IPv4 addresses with stf(4). MFC after: 2 weeks Modified: head/share/man/man4/stf.4 head/sys/net/if_stf.c Modified: head/share/man/man4/stf.4 ============================================================================== --- head/share/man/man4/stf.4 Thu Dec 27 20:52:39 2012 (r244749) +++ head/share/man/man4/stf.4 Thu Dec 27 20:59:22 2012 (r244750) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 23, 2011 +.Dd December 28, 2012 .Dt STF 4 .Os .Sh NAME @@ -180,6 +180,22 @@ Note, however, there are other security If you wish to use the configuration, you must not advertise your 6to4 address to others. .\" +.Sh SYSCTL VARIABLES +The following +.Xr sysctl 8 +variables can be used to control the behavior of the +.Nm stf . +The default value is shown next to each variable. +.Bl -tag -width indent +.It Va net.link.stf.permit_rfc1918 : No 0 +The RFC3056 requires the use of globally unique 32-bit IPv4 +addresses. This sysctl variable controls the behaviour of this +requirement. When it set to not 0, +.Nm stf +allows the use of private IPv4 addresses described in the RFC1918. +This may be useful for an Intranet environment or when some mechanisms +of network address translation (NAT) are used. +.El .Sh EXAMPLES Note that .Li 8504:0506 Modified: head/sys/net/if_stf.c ============================================================================== --- head/sys/net/if_stf.c Thu Dec 27 20:52:39 2012 (r244749) +++ head/sys/net/if_stf.c Thu Dec 27 20:59:22 2012 (r244750) @@ -127,6 +127,10 @@ static int stf_route_cache = 1; SYSCTL_INT(_net_link_stf, OID_AUTO, route_cache, CTLFLAG_RW, &stf_route_cache, 0, "Caching of IPv4 routes for 6to4 Output"); +static int stf_permit_rfc1918 = 0; +SYSCTL_INT(_net_link_stf, OID_AUTO, permit_rfc1918, CTLFLAG_RW, + &stf_permit_rfc1918, 0, "Permit the use of private IPv4 addresses"); + #define STFUNIT 0 #define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002) @@ -581,9 +585,10 @@ isrfc1918addr(in) * returns 1 if private address range: * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 */ - if ((ntohl(in->s_addr) & 0xff000000) >> 24 == 10 || + if (stf_permit_rfc1918 == 0 && ( + (ntohl(in->s_addr) & 0xff000000) >> 24 == 10 || (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 || - (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168) + (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168)) return 1; return 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212272059.qBRKxMfo055743>