Date: Thu, 05 Mar 2026 19:58:17 +0000 From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: a1789fa30c0b - main - netinet6: Remove support for connecting to IN6ADDR_ANY Message-ID: <69a9e059.1f98d.33da1c36@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=a1789fa30c0b1e4c20a083c550f0ec2d50e480e4 commit a1789fa30c0b1e4c20a083c550f0ec2d50e480e4 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2026-01-27 21:29:20 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2026-03-05 19:57:36 +0000 netinet6: Remove support for connecting to IN6ADDR_ANY RFC4291 section 2.5.2: The unspecified address must not be used as the destination address of IPv6 packets or in IPv6 Routing headers. An IPv6 packet with a source address of unspecified must never be forwarded by an IPv6 router. We disallowed connections to IN6ADDR_ANY by default, as of commit 627e126dbb07 ("netinet6: Disallow connections to IN6ADDR_ANY"). As this is actually disallowed by the RFC, just remove the support. Reported by: bz (in D54306) Reviewed by: bz, glebius Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D54942 --- sys/netinet6/in6_pcb.c | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 9eb7a59fcf55..d503165979c8 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -113,14 +113,6 @@ #include <netinet6/in6_fib.h> #include <netinet6/scope6_var.h> -SYSCTL_DECL(_net_inet6); -SYSCTL_DECL(_net_inet6_ip6); -VNET_DEFINE_STATIC(int, connect_in6addr_wild) = 0; -#define V_connect_in6addr_wild VNET(connect_in6addr_wild) -SYSCTL_INT(_net_inet6_ip6, OID_AUTO, connect_in6addr_wild, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(connect_in6addr_wild), 0, - "Allow connecting to the unspecified address for connect(2)"); - int in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) { @@ -396,16 +388,9 @@ in6_pcbladdr(struct inpcb *inp, struct sockaddr_in6 *sin6, if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0) return(error); - if (V_connect_in6addr_wild && !CK_STAILQ_EMPTY(&V_in6_ifaddrhead)) { - /* - * If the destination address is UNSPECIFIED addr, - * use the loopback addr, e.g ::1. - */ - if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) - sin6->sin6_addr = in6addr_loopback; - } else if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { + /* RFC4291 section 2.5.2 */ + if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) return (ENETUNREACH); - } if ((error = prison_remote_ip6(inp->inp_cred, &sin6->sin6_addr)) != 0) return (error);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69a9e059.1f98d.33da1c36>