[PATCH] IPv6 stealth forwarding

Fri Jul 18 18:03:41 PDT 2003

>Submitter-Id:	current-users
>Originator:	Andy Gilligan
>Confidential:	no
>Synopsis:	[PATCH] IPv6 stealth forwarding
>Severity:	non-critical
>Priority:	low
>Category:	kern
>Class:		change-request
>Release:	FreeBSD 4.8-STABLE i386
>Environment:
System: FreeBSD vega 4.8-STABLE FreeBSD 4.8-STABLE #6: Fri Jul 18 23:46:58 BST 2003 root at vega:/usr/obj/usr/src/sys/VEGA i386


>Description:

	This patch enables stealth forwarding for IPv6.
	Similar to the functionality found in IPv4.

	A new sysctl variable has been added to control this
	behaviour: net.inet6.ip6.stealth

	The desired effect of this patch is to remove the
	router from traceroutes, in both directions.

>How-To-Repeat:

	sysctl net.inet6.ip6.stealth=1

>Fix:

Index: sys/netinet6/in6.h
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/in6.h,v
retrieving revision 1.7.2.7
diff -u -r1.7.2.7 in6.h

--- sys/netinet6/in6.h	1 Aug 2002 19:38:50 -0000	1.7.2.7
+++ sys/netinet6/in6.h	18 Jul 2003 23:36:48 -0000
@@ -567,7 +567,8 @@
 
 /* New entries should be added here from current IPV6CTL_MAXID value. */
 /* to define items, should talk with KAME guys first, for *BSD compatibility */
-#define IPV6CTL_MAXID		37
+#define IPV6CTL_STEALTH		43 /* MAXID from KAME CVS 20030719 */
+#define IPV6CTL_MAXID		44
 
 #endif /* !_XOPEN_SOURCE */
 
Index: sys/netinet6/in6_proto.c
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/in6_proto.c,v
retrieving revision 1.6.2.9
diff -u -r1.6.2.9 in6_proto.c
--- sys/netinet6/in6_proto.c	24 Jan 2003 05:11:35 -0000	1.6.2.9
+++ sys/netinet6/in6_proto.c	18 Jul 2003 19:20:02 -0000
@@ -68,6 +68,7 @@
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
+#include "opt_ipstealth.h"
 
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -302,6 +303,9 @@
 u_int32_t ip6_id = 0UL;
 int	ip6_keepfaith = 0;
 time_t	ip6_log_time = (time_t)0L;
+#ifdef IPSTEALTH
+int	ip6stealth = 0;
+#endif
 
 /* icmp6 */
 /*
@@ -432,6 +436,10 @@
 	auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal,	0, "");
 SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD,
 	&rip6stat, rip6stat, "");
+#ifdef IPSTEALTH
+SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW,
+	&ip6stealth, 0, "");
+#endif
 
 /* net.inet6.icmp6 */
 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
Index: sys/netinet6/ip6_forward.c
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/ip6_forward.c,v
retrieving revision 1.4.2.7
diff -u -r1.4.2.7 ip6_forward.c
--- sys/netinet6/ip6_forward.c	24 Jan 2003 05:11:35 -0000	1.4.2.7
+++ sys/netinet6/ip6_forward.c	18 Jul 2003 23:40:49 -0000
@@ -34,6 +34,7 @@
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
+#include "opt_ipstealth.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -156,6 +157,9 @@
 		return;
 	}
 
+#ifdef IPSTEALTH
+	if (!ip6stealth) {
+#endif
 	if (ip6->ip6_hlim <= IPV6_HLIMDEC) {
 		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
 		icmp6_error(m, ICMP6_TIME_EXCEEDED,
@@ -164,6 +168,9 @@
 	}
 	ip6->ip6_hlim -= IPV6_HLIMDEC;
 
+#ifdef IPSTEALTH
+	}
+#endif
 	/*
 	 * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
 	 * size of IPv6 + ICMPv6 headers) bytes of the packet in case
Index: sys/netinet6/ip6_var.h
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/ip6_var.h,v
retrieving revision 1.2.2.4
diff -u -r1.2.2.4 ip6_var.h
--- sys/netinet6/ip6_var.h	23 Jan 2003 21:06:47 -0000	1.2.2.4
+++ sys/netinet6/ip6_var.h	18 Jul 2003 05:19:14 -0000
@@ -284,6 +284,9 @@
 extern int   ip6_lowportmax;		/* maximum reserved port */
 
 extern int	ip6_use_tempaddr; /* whether to use temporary addresses. */
+#ifdef IPSTEALTH
+extern int	ip6stealth;
+#endif
 
 extern struct	pr_usrreqs rip6_usrreqs;
 struct sockopt;
