From andy@mx1.evo6.net  Fri Jul 18 18:03:40 2003
Return-Path: <andy@mx1.evo6.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 81EF037B401
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 18 Jul 2003 18:03:40 -0700 (PDT)
Received: from mx1.evo6.net (mx1.evo6.net [80.76.194.10])
	by mx1.FreeBSD.org (Postfix) with SMTP id A89FB43FA3
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 18 Jul 2003 18:03:38 -0700 (PDT)
	(envelope-from andy@mx1.evo6.net)
Received: (qmail 16549 invoked by uid 1001); 19 Jul 2003 01:03:36 -0000
Message-Id: <20030719010336.9667.qmail@mx1.evo6.net>
Date: 19 Jul 2003 01:03:36 -0000
From: Andy Gilligan <andy@evo6.org>
Reply-To: Andy Gilligan <andy@evo6.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: freebsd-net@freebsd.org
Subject: [PATCH] IPv6 stealth forwarding
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         54625
>Category:       kern
>Synopsis:       [PATCH] IPv6 stealth forwarding
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    suz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 18 18:10:15 PDT 2003
>Closed-Date:    Wed Aug 10 09:16:42 GMT 2005
>Last-Modified:  Wed Aug 10 09:16:42 GMT 2005
>Originator:     Andy Gilligan
>Release:        FreeBSD 4.8-STABLE i386
>Organization:
>Environment:
System: FreeBSD vega 4.8-STABLE FreeBSD 4.8-STABLE #6: Fri Jul 18 23:46:58 BST 2003 root@vega:/usr/obj/usr/src/sys/VEGA i386


>Description:

	This patch enables stealth forwarding for IPv6.
	Similar to the functionality found in IPv4.

	A new sysctl variable has been added to control this
	behaviour: net.inet6.ip6.stealth

	The desired effect of this patch is to remove the
	router from traceroutes, in both directions.

>How-To-Repeat:

	sysctl net.inet6.ip6.stealth=1

>Fix:

Index: sys/netinet6/in6.h
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/in6.h,v
retrieving revision 1.7.2.7
diff -u -r1.7.2.7 in6.h
--- sys/netinet6/in6.h	1 Aug 2002 19:38:50 -0000	1.7.2.7
+++ sys/netinet6/in6.h	18 Jul 2003 23:36:48 -0000
@@ -567,7 +567,8 @@
 
 /* New entries should be added here from current IPV6CTL_MAXID value. */
 /* to define items, should talk with KAME guys first, for *BSD compatibility */
-#define IPV6CTL_MAXID		37
+#define IPV6CTL_STEALTH		43 /* MAXID from KAME CVS 20030719 */
+#define IPV6CTL_MAXID		44
 
 #endif /* !_XOPEN_SOURCE */
 
Index: sys/netinet6/in6_proto.c
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/in6_proto.c,v
retrieving revision 1.6.2.9
diff -u -r1.6.2.9 in6_proto.c
--- sys/netinet6/in6_proto.c	24 Jan 2003 05:11:35 -0000	1.6.2.9
+++ sys/netinet6/in6_proto.c	18 Jul 2003 19:20:02 -0000
@@ -68,6 +68,7 @@
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
+#include "opt_ipstealth.h"
 
 #include <sys/param.h>
 #include <sys/socket.h>
@@ -302,6 +303,9 @@
 u_int32_t ip6_id = 0UL;
 int	ip6_keepfaith = 0;
 time_t	ip6_log_time = (time_t)0L;
+#ifdef IPSTEALTH
+int	ip6stealth = 0;
+#endif
 
 /* icmp6 */
 /*
@@ -432,6 +436,10 @@
 	auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal,	0, "");
 SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD,
 	&rip6stat, rip6stat, "");
+#ifdef IPSTEALTH
+SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW,
+	&ip6stealth, 0, "");
+#endif
 
 /* net.inet6.icmp6 */
 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
Index: sys/netinet6/ip6_forward.c
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/ip6_forward.c,v
retrieving revision 1.4.2.7
diff -u -r1.4.2.7 ip6_forward.c
--- sys/netinet6/ip6_forward.c	24 Jan 2003 05:11:35 -0000	1.4.2.7
+++ sys/netinet6/ip6_forward.c	18 Jul 2003 23:40:49 -0000
@@ -34,6 +34,7 @@
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
+#include "opt_ipstealth.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -156,6 +157,9 @@
 		return;
 	}
 
+#ifdef IPSTEALTH
+	if (!ip6stealth) {
+#endif
 	if (ip6->ip6_hlim <= IPV6_HLIMDEC) {
 		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
 		icmp6_error(m, ICMP6_TIME_EXCEEDED,
@@ -164,6 +168,9 @@
 	}
 	ip6->ip6_hlim -= IPV6_HLIMDEC;
 
+#ifdef IPSTEALTH
+	}
+#endif
 	/*
 	 * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
 	 * size of IPv6 + ICMPv6 headers) bytes of the packet in case
Index: sys/netinet6/ip6_var.h
===================================================================
RCS file: /data/cvs/freebsd/src/sys/netinet6/ip6_var.h,v
retrieving revision 1.2.2.4
diff -u -r1.2.2.4 ip6_var.h
--- sys/netinet6/ip6_var.h	23 Jan 2003 21:06:47 -0000	1.2.2.4
+++ sys/netinet6/ip6_var.h	18 Jul 2003 05:19:14 -0000
@@ -284,6 +284,9 @@
 extern int   ip6_lowportmax;		/* maximum reserved port */
 
 extern int	ip6_use_tempaddr; /* whether to use temporary addresses. */
+#ifdef IPSTEALTH
+extern int	ip6stealth;
+#endif
 
 extern struct	pr_usrreqs rip6_usrreqs;
 struct sockopt;
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->sumikawa 
Responsible-Changed-By: bms 
Responsible-Changed-When: Tue 25 Nov 2003 09:19:18 PST 
Responsible-Changed-Why:  
Your call, sumikawa-san! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=54625 
Responsible-Changed-From-To: sumikawa->suz 
Responsible-Changed-By: suz 
Responsible-Changed-When: Thu Jun 30 13:53:28 GMT 2005 
Responsible-Changed-Why:  
reviewed the patch 

http://www.freebsd.org/cgi/query-pr.cgi?pr=54625 
State-Changed-From-To: open->closed 
State-Changed-By: suz 
State-Changed-When: Wed Aug 10 09:16:14 GMT 2005 
State-Changed-Why:  
the patch is committed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=54625 
>Unformatted:
Sorry for a very delayed response.
I just took it over from sumikawa-san.

Please change the sysctl value in the following manner, since
43 and 44 have already assigned for a different use in KAME.
	 IPV6CTL_STEALTH from 43 to 45
	 IPV6CTL_MAXID from 44 to 46

Other part seems appropriate for me.
So I'd like to commit it after code freeze is over.
