From nobody Wed Jul 20 13:10:40 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Lnx006f5rz4X19l; Wed, 20 Jul 2022 13:10:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lnx0066yTz3WYh; Wed, 20 Jul 2022 13:10:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658322640; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SJXou3MqAR25tMwQFZBhnVdLG/TOZ3TCt3TXyAM2bPc=; b=UdRuA5UbNpJMgdZq/2FfDv7T9kidKgo3bOCrCgltGzJEJWsJaajSf72n3UGqNFCiX/3L22 0Cke9eikA8l09RDbaYK1VpcecYH/4UIyY7ODXjPlD+4Rz4xd3XGk3QKDRzsNBQQf9tQDMv Y/GP5hWSJvJyeMsxurGn2LWA6ZoP0LdKG2UQ4DPAPDA4UKNeWtHsMuBuwIDKBPCOTP3cL9 vB1ja/03u7MiZpLHtr38F60LbAdd7j0JOCgtbMFYY8iUK6oUr8VE7ntS/OiYcog30R4v0p ZdUHkeVPenr5oRYnB+Y8zh/f6PO8HCoRAbuyaJedCcVnxPuY/VWHmOcsjER8Cw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Lnx0059cmzyht; Wed, 20 Jul 2022 13:10:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26KDAeLj039623; Wed, 20 Jul 2022 13:10:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26KDAe4W039622; Wed, 20 Jul 2022 13:10:40 GMT (envelope-from git) Date: Wed, 20 Jul 2022 13:10:40 GMT Message-Id: <202207201310.26KDAe4W039622@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mike Karels Subject: git: ace68b1f3629 - main - icmp.4 inet.4 udp.4: sort sysctl variables List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: karels X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ace68b1f362953edef79809accb128ad05ffab33 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658322640; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SJXou3MqAR25tMwQFZBhnVdLG/TOZ3TCt3TXyAM2bPc=; b=Pp2KYi8/SAiHo1xgnHvfl7x6p/PmcnBYU5sDV/95q4164a35PmEVgCILaM1o8ad7guVoLV wJy6MIHGHBRYQp6sZBO6FBZfBW4s82ySGCSF9QGxKYlvYLG3U2NEwWz0em4V9ZTT/sQy9t aUzNIEohKbXNxn+q/rngHemoXYGRsQCcAI3JhA7gtC3L2QAE9UcvYls17jtTdwi4CcOsLz 8MXg4SRhHbSjk/Jwef/xP1No10WRC6juBRiKCpkJ4YtHNEyDjGuKp5ZV9QDa028KrFRDTe koUJZ/Uye0IDyoLfzBwPf/69acG5ocgjFe4rBmHxa+WTC0gQDrNE1RaM6obQHA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1658322640; a=rsa-sha256; cv=none; b=ehSd53uB2WgB0aJF+GCGs+QQma5OJ/vJODqzYJ43OZPxM6oa/SndqK3W4m4cmF+KRb5Xhz gD5IIuP9tmrxfN7kxJwXwu9oC8rNdR4GQCBKhY0IIr8hjhIsiWGaCTG3VBlXzGmmRR80qN +r8NcOG5bo13ANzl2Dc4F6jFlLt6BE5lV102tJ7JAEwaQlY6vnsFp8BuCNLvltFviJmPoQ ARwezq4e7M4Stq2ckMFkNk5uATR3wZCOq72BIEgsPbbVj6BanzMd07pDkFaKUipaKnsFUD DshSMRJjuXFnQb4dtDgdeORtOVo5ieVUq3HCoGE69/T7kkb4V+Ro4T69gkWVqg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by karels: URL: https://cgit.FreeBSD.org/src/commit/?id=ace68b1f362953edef79809accb128ad05ffab33 commit ace68b1f362953edef79809accb128ad05ffab33 Author: Mike Karels AuthorDate: 2022-07-18 16:33:31 +0000 Commit: Mike Karels CommitDate: 2022-07-20 13:07:20 +0000 icmp.4 inet.4 udp.4: sort sysctl variables Sort the sysctl(3)/sysctl(8) variables in the MIB Variables section alphabetically. This is in preparation for adding missing variables (at least in inet.4 and icmp.4). A few other touchups suggested in review. Reviewed by: bcr Differential Revision: https://reviews.freebsd.org/D35843 MFC after: 1 week (cherry picked from commit 3b656d465127de066511b6ffd02fb9fef85c7a53) --- share/man/man4/icmp.4 | 54 ++++++++-------- share/man/man4/inet.4 | 170 +++++++++++++++++++++++++------------------------- share/man/man4/udp.4 | 20 +++--- 3 files changed, 122 insertions(+), 122 deletions(-) diff --git a/share/man/man4/icmp.4 b/share/man/man4/icmp.4 index fe932a790831..70a9562a442c 100644 --- a/share/man/man4/icmp.4 +++ b/share/man/man4/icmp.4 @@ -28,7 +28,7 @@ .\" @(#)icmp.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd March 26, 2015 +.Dd July 20, 2022 .Dt ICMP 4 .Os .Sh NAME @@ -162,18 +162,14 @@ branch of the .Xr sysctl 3 MIB. .Bl -tag -width ".Va icmplim_output" -.It Va maskrepl +.It Va bmcastecho .Pq Vt boolean -Enable/disable replies to ICMP Address Mask Request packets. +Enable/disable ICMP replies received via broadcast or multicast. +Defaults to false. +.It Va drop_redirect +.Pq Vt boolean +Enable/disable dropping of ICMP Redirect packets. Defaults to false. -.It Va maskfake -.Pq Vt "unsigned integer" -When -.Va maskrepl -is set and this value is non-zero, -it will be used instead of the real address mask when -the system replies to an ICMP Address Mask Request packet. -Defaults to 0. .It Va icmplim .Pq Vt integer Bandwidth limit for ICMP replies in packets/second. @@ -183,23 +179,27 @@ Defaults to 200. .Pq Vt boolean Enable/disable logging of ICMP replies bandwidth limiting. Defaults to true. -.It Va drop_redirect -.Pq Vt boolean -Enable/disable dropping of ICMP Redirect packets. -Defaults to false. .It Va log_redirect .Pq Vt boolean Enable/disable logging of ICMP Redirect packets. Defaults to false. -.It Va bmcastecho +.It Va maskfake +.Pq Vt "unsigned integer" +When +.Va maskrepl +is set and this value is non-zero, +it will be used instead of the real address mask when +the system replies to an ICMP Address Mask Request packet. +Defaults to 0. +.It Va maskrepl .Pq Vt boolean -Enable/disable ICMP replies received via broadcast or multicast. +Enable/disable replies to ICMP Address Mask Request packets. Defaults to false. -.It Va reply_src -.Pq Vt str -An interface name used for the ICMP reply source in response to packets -which are not directly addressed to us. -By default continue with normal source selection. +.It Va quotelen +.Pq Vt integer +Number of bytes from original packet to quote in ICMP reply. +This number is internally enforced to be at least 8 bytes (per RFC792) +and at most the maximal space left in the ICMP reply mbuf. .It Va reply_from_interface .Pq Vt boolean Use the IP address of the interface the packet came through in for @@ -209,11 +209,11 @@ By default, continue with normal source selection. Enabling this option is particularly useful on routers because it makes external traceroutes show the actual path a packet has taken instead of the possibly different return path. -.It Va quotelen -.Pq Vt integer -Number of bytes from original packet to quote in ICMP reply. -This number is internally enforced to be at least 8 bytes (per RFC792) -and at most the maximal space left in the ICMP reply mbuf. +.It Va reply_src +.Pq Vt str +An interface name used for the ICMP reply source in response to packets +which are not directly addressed to us. +By default continue with normal source selection. .It Va tstamprepl .Pq Vt boolean Enable/disable replies to ICMP Timestamp packets. diff --git a/share/man/man4/inet.4 b/share/man/man4/inet.4 index c28866893f16..c2b94ba3ecf6 100644 --- a/share/man/man4/inet.4 +++ b/share/man/man4/inet.4 @@ -28,7 +28,7 @@ .\" From: @(#)inet.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd July 14, 2022 +.Dd July 20, 2022 .Dt INET 4 .Os .Sh NAME @@ -168,25 +168,54 @@ branch of the MIB. The following general variables are defined: .Bl -tag -width ".Va accept_sourceroute" +.It Va accept_sourceroute +Boolean: enable/disable accepting of source-routed IP packets (default false). +.It Va allow_net0 +Boolean: allow experimental use of addresses in 0.0.0.0/8 as endpoints, +and allow forwarding of packets with these addresses. +.It Va allow_net240 +Boolean: allow experimental use of addresses in 240.0.0.0/4 as endpoints, +and allow forwarding of packets with these addresses. .It Va forwarding Boolean: enable/disable forwarding of IP packets. Defaults to off. -.It Va redirect -Boolean: enable/disable sending of ICMP redirects in response to -.Tn IP -packets for which a better, and for the sender directly reachable, route -and next hop is known. -Defaults to on. -.It Va ttl -Integer: default time-to-live -.Pq Dq TTL -to use for outgoing -.Tn IP -packets. -.It Va accept_sourceroute -Boolean: enable/disable accepting of source-routed IP packets (default false). -.It Va sourceroute -Boolean: enable/disable forwarding of source-routed IP packets (default false). +.It Va loopback_prefixlen +Integer: prefix length of the address space reserved for loopback purposes. +The default is 8, meaning that 127.0.0.0/8 is reserved for loopback, +and cannot be sent, received, or forwarded on a non-loopback interface. +Use of other values is experimental. +.It Va maxfragbucketsize +Integer: maximum number of reassembly queues per bucket. +Fragmented packets are hashed to buckets. +Each bucket has a list of reassembly queues. +The system must compare the incoming packets to the existing reassembly queues +in the bucket to find a matching reassembly queue. +To preserve system resources, the system limits the number of reassembly +queues allowed in each bucket. +This limit is recalculated when the number of mbuf clusters is changed or +when the value of +.Va maxfragpackets +changes. +This is a per-VNET limit. +.It Va maxfragpackets +Integer: maximum number of fragmented packets the host will accept and +simultaneously hold in the reassembly queue for a particular VNET. +0 means that the host will not accept any fragmented packets for that VNET. +\-1 means that the host will not apply this limit for that VNET. +This limit is recalculated when the number of mbuf clusters is changed. +This is a per-VNET limit. +.It Va maxfrags +Integer: maximum number of fragments the host will accept and simultaneously +hold across all reassembly queues in all VNETs. +If set to 0, reassembly is disabled. +If set to -1, this limit is not applied. +This limit is recalculated when the number of mbuf clusters is changed. +This is a global limit. +.It Va maxfragsperpacket +Integer: maximum number of fragments the host will accept and hold +in the reassembly queue for a packet. +0 means that the host will not accept any fragmented packets for the VNET. +This is a per-VNET limit. .It Va process_options Integer: control IP options processing. By setting this variable to 0, all IP options in the incoming packets @@ -202,6 +231,29 @@ This .Xr sysctl 8 variable affects packets destined for a local host as well as packets forwarded to some other host. +.It Va random_id +Boolean: control IP IDs generation behavior. +Setting this +.Xr sysctl 8 +to 1 causes the ID field in +.Em non-atomic +IP datagrams (or all IP datagrams, if +.Va rfc6864 +is disabled) to be randomized instead of incremented by 1 with each packet +generated. +This closes a minor information leak which allows remote observers to +determine the rate of packet generation on the machine by watching the +counter. +At the same time, on high-speed links, it can decrease the ID reuse +cycle greatly. +Default is 0 (sequential IP IDs). +IPv6 flow IDs and fragment IDs are always random. +.It Va redirect +Boolean: enable/disable sending of ICMP redirects in response to +.Tn IP +packets for which a better, and for the sender directly reachable, route +and next hop is known. +Defaults to on. .It Va rfc1122_strong_es Boolean: in non-forwarding mode .Pq forwarding is disabled @@ -217,14 +269,6 @@ or destination address rewriting .Xr pfil 4 filters may override and bypass this check. Disabled by default. -.It Va source_address_validation -Boolean: perform source address validation for packets destined for the local -host. -Consider this as following Section 3.2 of RFC3704/BCP84, where we treat local -host as our own infrastructure. -This has no effect on packets to be forwarded, so don't consider it as -anti-spoof feature for a router. -Enabled by default. .It Va rfc6864 Boolean: control IP IDs generation behaviour. True value enables RFC6864 support, which specifies that IP ID field of @@ -233,66 +277,22 @@ datagrams can be set to any value. The .Fx implementation sets it to zero. Enabled by default. -.It Va random_id -Boolean: control IP IDs generation behaviour. -Setting this -.Xr sysctl 8 -to 1 causes the ID field in -.Em non-atomic -IP datagrams (or all IP datagrams, if -.Va rfc6864 -is disabled) to be randomized instead of incremented by 1 with each packet -generated. -This closes a minor information leak which allows remote observers to -determine the rate of packet generation on the machine by watching the -counter. -At the same time, on high-speed links, it can decrease the ID reuse -cycle greatly. -Default is 0 (sequential IP IDs). -IPv6 flow IDs and fragment IDs are always random. -.It Va maxfrags -Integer: maximum number of fragments the host will accept and simultaneously -hold across all reassembly queues in all VNETs. -If set to 0, reassembly is disabled. -If set to -1, this limit is not applied. -This limit is recalculated when the number of mbuf clusters is changed. -This is a global limit. -.It Va maxfragpackets -Integer: maximum number of fragmented packets the host will accept and -simultaneously hold in the reassembly queue for a particular VNET. -0 means that the host will not accept any fragmented packets for that VNET. -\-1 means that the host will not apply this limit for that VNET. -This limit is recalculated when the number of mbuf clusters is changed. -This is a per-VNET limit. -.It Va maxfragbucketsize -Integer: maximum number of reassembly queues per bucket. -Fragmented packets are hashed to buckets. -Each bucket has a list of reassembly queues. -The system must compare the incoming packets to the existing reassembly queues -in the bucket to find a matching reassembly queue. -To preserve system resources, the system limits the number of reassembly -queues allowed in each bucket. -This limit is recalculated when the number of mbuf clusters is changed or -when the value of -.Va maxfragpackets -changes. -This is a per-VNET limit. -.It Va maxfragsperpacket -Integer: maximum number of fragments the host will accept and hold -in the reassembly queue for a packet. -0 means that the host will not accept any fragmented packets for the VNET. -This is a per-VNET limit. -.It Va allow_net0 -Boolean: allow experimental use of addresses in 0.0.0.0/8 as endpoints, -and allow forwarding of packets with these addresses. -.It Va allow_net240 -Boolean: allow experimental use of addresses in 240.0.0.0/4 as endpoints, -and allow forwarding of packets with these addresses. -.It Va loopback_prefixlen -Integer: prefix length of the address space reserved for loopback purposes. -The default is 8, meaning that 127.0.0.0/8 is reserved for loopback, -and cannot be sent, received, or forwarded on a non-loopback interface. -Use of other values is experimental. +.It Va source_address_validation +Boolean: perform source address validation for packets destined for the local +host. +Consider this as following Section 3.2 of RFC3704/BCP84, where we treat local +host as our own infrastructure. +Forwarded packets are unaffected by this +and it should not be considered an anti-spoof feature for a router. +Enabled by default. +.It Va sourceroute +Boolean: enable/disable forwarding of source-routed IP packets (default false). +.It Va ttl +Integer: default time-to-live +.Pq Dq TTL +to use for outgoing +.Tn IP +packets. .El .Sh SEE ALSO .Xr ioctl 2 , diff --git a/share/man/man4/udp.4 b/share/man/man4/udp.4 index 119cc6e609ff..895cd1b01adf 100644 --- a/share/man/man4/udp.4 +++ b/share/man/man4/udp.4 @@ -28,7 +28,7 @@ .\" @(#)udp.4 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd July 14, 2022 +.Dd July 20, 2022 .Dt UDP 4 .Os .Sh NAME @@ -119,21 +119,21 @@ branch of the .Xr sysctl 3 MIB: .Bl -tag -width ".Va log_in_vain" -.It Va checksum -Enable udp checksums (enabled by default). -.It Va maxdgram -Maximum outgoing UDP datagram size -.It Va recvspace -Maximum space for incoming UDP datagrams -.It Va log_in_vain -For all udp datagrams, to ports on which there is no socket -listening, log the connection attempt (disabled by default). .It Va blackhole When a datagram is received on a port where there is no socket listening, do not return an ICMP port unreachable message. (Disabled by default. See .Xr blackhole 4 . ) +.It Va checksum +Enable UDP checksums (enabled by default). +.It Va log_in_vain +For all UDP datagrams, to ports on which there is no socket +listening, log the connection attempt (disabled by default). +.It Va maxdgram +Maximum outgoing UDP datagram size +.It Va recvspace +Maximum space for incoming UDP datagrams .El .Sh ERRORS A socket operation may fail with one of the following errors returned: