git: 48ef7ed72a02 - main - Clarify net.inet.ip.allow_net240 and allow_net0

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Ed Maste <emaste_at_FreeBSD.org>
Date: Tue, 31 Dec 2024 14:47:47 UTC
The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=48ef7ed72a023fd9051e0db4e7c8e93b55ec5214

commit 48ef7ed72a023fd9051e0db4e7c8e93b55ec5214
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2024-12-31 14:47:32 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2024-12-31 14:47:32 +0000

    Clarify net.inet.ip.allow_net240 and allow_net0
    
    The stack has never limited use of addresses in these ranges as an
    endpoint.  The relatively recent sysctls control only forwarding of,
    and ICMP response to, these addresses.
    
    Reviewed by: bz
    Fixes: efe58855f3ea ("IPv4: experimental changes to allow net 0/8, 240/4, part of 127/8")
    Sponsored by: The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D48262
---
 share/man/man4/inet.4 | 10 +++++-----
 sys/netinet/in.c      |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/share/man/man4/inet.4 b/share/man/man4/inet.4
index c9267558d6f3..08ca67a7edad 100644
--- a/share/man/man4/inet.4
+++ b/share/man/man4/inet.4
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd September 8, 2022
+.Dd December 31, 2024
 .Dt INET 4
 .Os
 .Sh NAME
@@ -169,11 +169,11 @@ The following general variables are defined:
 .It Va accept_sourceroute
 Boolean: enable/disable accepting of source-routed IP packets (default false).
 .It Va allow_net0
-Boolean: allow use of addresses in 0.0.0.0/8 as endpoints,
-and allow forwarding of packets with these addresses.
+Boolean: allow forwarding of, and ICMP responses to, packets with addresses in
+0.0.0.0/8.
 .It Va allow_net240
-Boolean: allow use of addresses in 240.0.0.0/4 as endpoints,
-and allow forwarding of packets with these addresses.
+Boolean: allow forwarding of, and ICMP responses to, packets with addresses in
+240.0.0.0/4.
 .It Va curfrags
 Integer: Current number of IPv4 fragments across all reassembly queues
 in all VNETs (read-only).
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index a6f212e9d3ef..28d3e2093c61 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -102,13 +102,13 @@ VNET_DEFINE(bool, ip_allow_net240) = false;
 #define	V_ip_allow_net240		VNET(ip_allow_net240)
 SYSCTL_BOOL(_net_inet_ip, OID_AUTO, allow_net240,
 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip_allow_net240), 0,
-	"Allow use of Experimental addresses, aka Class E (240/4)");
+	"Allow forwarding of and ICMP response to Experimental addresses, aka Class E (240/4)");
 /* see https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240 */
 
 VNET_DEFINE(bool, ip_allow_net0) = false;
 SYSCTL_BOOL(_net_inet_ip, OID_AUTO, allow_net0,
 	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip_allow_net0), 0,
-	"Allow use of addresses in network 0/8");
+	"Allow forwarding of and ICMP response to addresses in network 0/8");
 /* see https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-0 */
 
 VNET_DEFINE(uint32_t, in_loopback_mask) = IN_LOOPBACK_MASK_DFLT;