From nobody Tue Dec 31 14:47:47 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YMwmz5BtHz5jY0V;
	Tue, 31 Dec 2024 14:47:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YMwmz4dJBz4thc;
	Tue, 31 Dec 2024 14:47:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1735656467;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VbzMVwefxyncCSIr8Xbmx1oavjT+kAeEjxXxEVaTDjM=;
	b=NBCM3Ob4jXJ+kMJ6BHj8mLjxK36f0winERfBlIIKIRNB+VLBkFhnOVEnSQ+O6ewdqO3nWo
	7x9GWdmol9ThCaV9e7E3S2f0mt9bBgchTghHDLqgsl9iPicm3YHc9Q64blKNOD+jAwSiIg
	CO96CTZ7fqKMZrdnoS+qhWyQ6K2cCkVlW4UQOi9s+mzN38gWb9UzhA4cJozODuOItt7x2G
	d64BJGHUuSsYY8Oqq/Eywke9OinM0z/qWTjBg9f+AW0TcezCipKdc5StRTwitw0h1nmrxi
	vBKa1/dymMWjnNQ+wnw5Dnxuh0Cg+Nm6xcvhBWPAakmq8NYBKwE78inbF9bYQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1735656467;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VbzMVwefxyncCSIr8Xbmx1oavjT+kAeEjxXxEVaTDjM=;
	b=B2U+0awbOqTQLDneFNQJxMrlMUSXEXAmwg4MqHSXmCZwZK6hq0B1tjNw/SCgw69ifQCf99
	NhodhPwfhVcxeeyy+Ai8if+weeMKnoyTr5op7zV5CA77MQVb5uIyXEcEMf3GjzKZ9U8t9V
	Ru9wCq/mN7TmJqynjoABywFTElrOIf4BWGO1RWtCkie/mzGBYzGlSFu1oX4w+uxRFrlITR
	YANQXBx0crSXNMab9F1yU7rA6gVluaqoiQUznAwqEJZq5BmjDILpRypJVdi5k435RdcWge
	eEqb2JX3SsPgZbfyEWFn9Wk5RQ+pa24sbPB6ecZRBdPYtvnrOsi9dK3lp94Rkg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1735656467; a=rsa-sha256; cv=none;
	b=JE7loWHUw3CgHF6iT1J++puwqDPFC8flxTUynG82D8AX47u03/oz5JhyNYo9UcTwCzwS4N
	P9d8XC9Yp1TjO7bkhcKf3/VfgBv2mQGXEJxU8a9gUQM9N5k5zhHfJMNheiQRKBmPhcATod
	MWpi50FxM109kskqJ4IofZEro7Np77CZoq7orWrobr3Ea03YgyV91++Fs66eRBMv9LWiWa
	QK36mB/ODgQRoknBGkFK0N1mWRLQY9PwyqoV+Lyp3rixCyvr3FrpB8k2T+svewlxs9bsEc
	XipdS7YMHCGC7Iiipy0dT0M/VPgQolUcdOo8bg6bjoWs3XhIU5XimolMG9N95g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YMwmz3tpDzkWY;
	Tue, 31 Dec 2024 14:47:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BVEll3D038397;
	Tue, 31 Dec 2024 14:47:47 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BVEllWe038394;
	Tue, 31 Dec 2024 14:47:47 GMT
	(envelope-from git)
Date: Tue, 31 Dec 2024 14:47:47 GMT
Message-Id: <202412311447.4BVEllWe038394@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Ed Maste <emaste@FreeBSD.org>
Subject: git: 48ef7ed72a02 - main - Clarify net.inet.ip.allow_net240
  and allow_net0
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: emaste
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 48ef7ed72a023fd9051e0db4e7c8e93b55ec5214
Auto-Submitted: auto-generated

The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=48ef7ed72a023fd9051e0db4e7c8e93b55ec5214

commit 48ef7ed72a023fd9051e0db4e7c8e93b55ec5214
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2024-12-31 14:47:32 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2024-12-31 14:47:32 +0000

    Clarify net.inet.ip.allow_net240 and allow_net0
    
    The stack has never limited use of addresses in these ranges as an
    endpoint.  The relatively recent sysctls control only forwarding of,
    and ICMP response to, these addresses.
    
    Reviewed by: bz
    Fixes: efe58855f3ea ("IPv4: experimental changes to allow net 0/8, 240/4, part of 127/8")
    Sponsored by: The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D48262
---
 share/man/man4/inet.4 | 10 +++++-----
 sys/netinet/in.c      |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/share/man/man4/inet.4 b/share/man/man4/inet.4
index c9267558d6f3..08ca67a7edad 100644
--- a/share/man/man4/inet.4
+++ b/share/man/man4/inet.4
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd September 8, 2022
+.Dd December 31, 2024
 .Dt INET 4
 .Os
 .Sh NAME
@@ -169,11 +169,11 @@ The following general variables are defined:
 .It Va accept_sourceroute
 Boolean: enable/disable accepting of source-routed IP packets (default false).
 .It Va allow_net0
-Boolean: allow use of addresses in 0.0.0.0/8 as endpoints,
-and allow forwarding of packets with these addresses.
+Boolean: allow forwarding of, and ICMP responses to, packets with addresses in
+0.0.0.0/8.
 .It Va allow_net240
-Boolean: allow use of addresses in 240.0.0.0/4 as endpoints,
-and allow forwarding of packets with these addresses.
+Boolean: allow forwarding of, and ICMP responses to, packets with addresses in
+240.0.0.0/4.
 .It Va curfrags
 Integer: Current number of IPv4 fragments across all reassembly queues
 in all VNETs (read-only).
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index a6f212e9d3ef..28d3e2093c61 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -102,13 +102,13 @@ VNET_DEFINE(bool, ip_allow_net240) = false;
 #define	V_ip_allow_net240		VNET(ip_allow_net240)
 SYSCTL_BOOL(_net_inet_ip, OID_AUTO, allow_net240,
 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip_allow_net240), 0,
-	"Allow use of Experimental addresses, aka Class E (240/4)");
+	"Allow forwarding of and ICMP response to Experimental addresses, aka Class E (240/4)");
 /* see https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240 */
 
 VNET_DEFINE(bool, ip_allow_net0) = false;
 SYSCTL_BOOL(_net_inet_ip, OID_AUTO, allow_net0,
 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip_allow_net0), 0,
-	"Allow use of addresses in network 0/8");
+	"Allow forwarding of and ICMP response to addresses in network 0/8");
 /* see https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-0 */
 
 VNET_DEFINE(uint32_t, in_loopback_mask) = IN_LOOPBACK_MASK_DFLT;