git: 24a07b61ff28 - stable/14 - icmp6: move ICMPv6 related tunables to the files where they are used

From: Zhenlei Huang <zlei_at_FreeBSD.org>
Date: Wed, 26 Jun 2024 04:50:26 UTC
The branch stable/14 has been updated by zlei:

URL: https://cgit.FreeBSD.org/src/commit/?id=24a07b61ff28ed243615244e371ca02e326035a0

commit 24a07b61ff28ed243615244e371ca02e326035a0
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2024-03-24 16:13:23 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2024-06-26 04:48:44 +0000

    icmp6: move ICMPv6 related tunables to the files where they are used
    
    Most of them can be declared as static after the move out of in6_proto.c.
    Keeping sysctl(9) declarations with their text descriptions next to the
    variable declaration create self-documenting code.  There should be no
    functional changes.
    
    Differential Revision:  https://reviews.freebsd.org/D44481
    
    (cherry picked from commit 4f96be33fe7676c69c5abb476bb09bba0c63a3f4)
---
 sys/netinet/icmp6.h      | 10 +++-----
 sys/netinet6/icmp6.c     | 34 +++++++++++++++++++++----
 sys/netinet6/in6.c       | 14 ++++++++++-
 sys/netinet6/in6_proto.c | 65 ------------------------------------------------
 sys/netinet6/ip6_var.h   |  5 ----
 sys/netinet6/nd6.c       | 44 ++++++++++++++++++++++----------
 sys/netinet6/nd6.h       | 14 -----------
 sys/netinet6/nd6_nbr.c   |  7 ++++++
 sys/netinet6/nd6_rtr.c   | 10 +++++---
 9 files changed, 91 insertions(+), 112 deletions(-)

diff --git a/sys/netinet/icmp6.h b/sys/netinet/icmp6.h
index e93317c66a11..ea7bf74797f1 100644
--- a/sys/netinet/icmp6.h
+++ b/sys/netinet/icmp6.h
@@ -646,6 +646,10 @@ struct icmp6stat {
 #ifdef _KERNEL
 #include <sys/counter.h>
 
+#ifdef SYSCTL_DECL
+SYSCTL_DECL(_net_inet6_icmp6);
+#endif
+
 VNET_PCPUSTAT_DECLARE(struct icmp6stat, icmp6stat);
 /*
  * In-kernel consumers can use these accessor macros directly to update
@@ -774,12 +778,6 @@ do { \
 		} \
 } while (/*CONSTCOND*/ 0)
 
-VNET_DECLARE(int, icmp6_rediraccept);	/* accept/process redirects */
-VNET_DECLARE(int, icmp6_redirtimeout);	/* cache time for redirect routes */
-
-#define	V_icmp6_rediraccept	VNET(icmp6_rediraccept)
-#define	V_icmp6_redirtimeout	VNET(icmp6_redirtimeout)
-
 #define ICMP6_NODEINFO_FQDNOK		0x1
 #define ICMP6_NODEINFO_NODEADDROK	0x2
 #define ICMP6_NODEINFO_TMPADDROK	0x4
diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c
index 5b384889d422..996416856b20 100644
--- a/sys/netinet6/icmp6.c
+++ b/sys/netinet6/icmp6.c
@@ -116,22 +116,46 @@ extern ip6proto_ctlinput_t	*ip6_ctlprotox[];
 
 VNET_PCPUSTAT_DEFINE(struct icmp6stat, icmp6stat);
 VNET_PCPUSTAT_SYSINIT(icmp6stat);
+SYSCTL_VNET_PCPUSTAT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats,
+    struct icmp6stat, icmp6stat,
+    "ICMPv6 statistics (struct icmp6stat, netinet/icmp6.h)");
 
 #ifdef VIMAGE
 VNET_PCPUSTAT_SYSUNINIT(icmp6stat);
 #endif /* VIMAGE */
 
+VNET_DEFINE_STATIC(int, icmp6_rediraccept) = 1;
+#define	V_icmp6_rediraccept	VNET(icmp6_rediraccept)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, rediraccept,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_rediraccept), 0,
+    "Accept ICMPv6 redirect messages");
+
+VNET_DEFINE_STATIC(int, icmp6_redirtimeout) = 10 * 60;	/* 10 minutes */
+#define	V_icmp6_redirtimeout	VNET(icmp6_redirtimeout)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, redirtimeout,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_redirtimeout), 0,
+    "Delay in seconds before expiring redirect route");
+
+VNET_DEFINE_STATIC(int, icmp6_nodeinfo) = 0;
+#define	V_icmp6_nodeinfo	VNET(icmp6_nodeinfo)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, nodeinfo,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_nodeinfo), 0,
+    "Mask of enabled RFC4620 node information query types");
+
 VNET_DECLARE(struct inpcbinfo, ripcbinfo);
-VNET_DECLARE(int, icmp6errppslim);
+#define	V_ripcbinfo		VNET(ripcbinfo)
+
+VNET_DEFINE_STATIC(int, icmp6errppslim) = 100;
+#define	V_icmp6errppslim	VNET(icmp6errppslim)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, errppslimit,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6errppslim), 0,
+    "Maximum number of ICMPv6 error messages per second");
+
 VNET_DEFINE_STATIC(int, icmp6errpps_count) = 0;
 VNET_DEFINE_STATIC(struct timeval, icmp6errppslim_last);
-VNET_DECLARE(int, icmp6_nodeinfo);
 
-#define	V_ripcbinfo			VNET(ripcbinfo)
-#define	V_icmp6errppslim		VNET(icmp6errppslim)
 #define	V_icmp6errpps_count		VNET(icmp6errpps_count)
 #define	V_icmp6errppslim_last		VNET(icmp6errppslim_last)
-#define	V_icmp6_nodeinfo		VNET(icmp6_nodeinfo)
 
 static void icmp6_errcount(int, int);
 static int icmp6_rip6_input(struct mbuf **, int);
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 55d675417c41..e9f16dcf5c54 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -102,6 +102,7 @@
 #include <netinet/ip.h>
 #include <netinet/in_pcb.h>
 #include <netinet/ip_carp.h>
+#include <netinet/icmp6.h>
 
 #include <netinet/ip6.h>
 #include <netinet6/ip6_var.h>
@@ -125,8 +126,19 @@ _Static_assert(offsetof(struct in6_ifreq, ifr_ifru) ==
     offsetof(struct ifreq, ifr_ifru),
     "struct in6_ifreq and struct ifreq are not type punnable");
 
-VNET_DECLARE(int, icmp6_nodeinfo_oldmcprefix);
+VNET_DEFINE_STATIC(int, icmp6_nodeinfo_oldmcprefix) = 1;
 #define V_icmp6_nodeinfo_oldmcprefix	VNET(icmp6_nodeinfo_oldmcprefix)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO_OLDMCPREFIX,
+    nodeinfo_oldmcprefix, CTLFLAG_VNET | CTLFLAG_RW,
+    &VNET_NAME(icmp6_nodeinfo_oldmcprefix), 0,
+    "Join old IPv6 NI group address in draft-ietf-ipngwg-icmp-name-lookup "
+    "for compatibility with KAME implementation");
+
+VNET_DEFINE_STATIC(int, nd6_useloopback) = 1;
+#define	V_nd6_useloopback	VNET(nd6_useloopback)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, nd6_useloopback,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_useloopback), 0,
+    "Create a loopback route when configuring an IPv6 address");
 
 /*
  * Definitions of some costant IP6 addresses.
diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
index 6e7ffedc3dcd..de065f814560 100644
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@ -173,11 +173,8 @@ VNET_DEFINE(int, ip6_v6only) = 1;
 #ifdef IPSTEALTH
 VNET_DEFINE(int, ip6stealth) = 0;
 #endif
-VNET_DEFINE(int, nd6_onlink_ns_rfc4861) = 0;/* allow 'on-link' nd6 NS
-					     * (RFC 4861) */
 VNET_DEFINE(bool, ip6_log_cannot_forward) = 1;
 
-/* icmp6 */
 /*
  * BSDI4 defines these variables in in_proto.c...
  * XXX: what if we don't define INET? Should we define pmtu6_expire
@@ -186,14 +183,6 @@ VNET_DEFINE(bool, ip6_log_cannot_forward) = 1;
 VNET_DEFINE(int, pmtu_expire) = 60*10;
 VNET_DEFINE(int, pmtu_probe) = 60*2;
 
-/* ICMPV6 parameters */
-VNET_DEFINE(int, icmp6_rediraccept) = 1;/* accept and process redirects */
-VNET_DEFINE(int, icmp6_redirtimeout) = 10 * 60;	/* 10 minutes */
-VNET_DEFINE(int, icmp6errppslim) = 100;		/* 100pps */
-/* control how to respond to NI queries */
-VNET_DEFINE(int, icmp6_nodeinfo) = 0;
-VNET_DEFINE(int, icmp6_nodeinfo_oldmcprefix) = 1;
-
 VNET_DEFINE_STATIC(int, ip6_log_interval) = 5;
 VNET_DEFINE_STATIC(int, ip6_log_count) = 0;
 VNET_DEFINE_STATIC(struct timeval, ip6_log_last) = { 0 };
@@ -358,57 +347,3 @@ SYSCTL_BOOL(_net_inet6_ip6, OID_AUTO,
 	log_cannot_forward, CTLFLAG_VNET | CTLFLAG_RW,
 	&VNET_NAME(ip6_log_cannot_forward), 1,
 	"Log packets that cannot be forwarded");
-
-/* net.inet6.icmp6 */
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, rediraccept,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_rediraccept), 0,
-	"Accept ICMPv6 redirect messages");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, redirtimeout,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_redirtimeout), 0,
-	"Delay in seconds before expiring redirect route");
-SYSCTL_VNET_PCPUSTAT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats,
-	struct icmp6stat, icmp6stat,
-	"ICMPv6 statistics (struct icmp6stat, netinet/icmp6.h)");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, nd6_prune,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_prune), 0,
-	"Frequency in seconds of checks for expired prefixes and routers");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, nd6_delay,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_delay), 0,
-	"Delay in seconds before probing for reachability");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, nd6_umaxtries,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_umaxtries), 0,
-	"Number of ICMPv6 NS messages sent during reachability detection");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, nd6_mmaxtries,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_mmaxtries), 0,
-	"Number of ICMPv6 NS messages sent during address resolution");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, nd6_useloopback,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_useloopback), 0,
-	"Create a loopback route when configuring an IPv6 address");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, nodeinfo,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6_nodeinfo), 0,
-	"Mask of enabled RFC4620 node information query types");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO_OLDMCPREFIX,
-	nodeinfo_oldmcprefix, CTLFLAG_VNET | CTLFLAG_RW,
-	&VNET_NAME(icmp6_nodeinfo_oldmcprefix), 0,
-	"Join old IPv6 NI group address in draft-ietf-ipngwg-icmp-name-lookup "
-	"for compatibility with KAME implementation");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, errppslimit,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(icmp6errppslim), 0,
-	"Maximum number of ICMPv6 error messages per second");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, nd6_maxnudhint,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_maxnudhint), 0,
-	""); /* XXX unused */
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug,
-	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_debug), 0,
-	"Log NDP debug messages");
-SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
-	nd6_onlink_ns_rfc4861, CTLFLAG_VNET | CTLFLAG_RW,
-	&VNET_NAME(nd6_onlink_ns_rfc4861), 0,
-	"Accept 'on-link' ICMPv6 NS messages in compliance with RFC 4861");
-#ifdef EXPERIMENTAL
-SYSCTL_INT(_net_inet6_icmp6, OID_AUTO,
-	nd6_ignore_ipv6_only_ra, CTLFLAG_VNET | CTLFLAG_RW,
-	&VNET_NAME(nd6_ignore_ipv6_only_ra), 0,
-	"Ignore the 'IPv6-Only flag' in RA messages in compliance with "
-	"draft-ietf-6man-ipv6only-flag");
-#endif
diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
index a3b3b0cb3585..464b74c4fd88 100644
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@@ -333,11 +333,6 @@ VNET_DECLARE(int, ip6stealth);
 #define	V_ip6stealth			VNET(ip6stealth)
 #endif
 
-#ifdef EXPERIMENTAL
-VNET_DECLARE(int, nd6_ignore_ipv6_only_ra);
-#define	V_nd6_ignore_ipv6_only_ra	VNET(nd6_ignore_ipv6_only_ra)
-#endif
-
 VNET_DECLARE(bool, ip6_log_cannot_forward);
 #define	V_ip6_log_cannot_forward	VNET(ip6_log_cannot_forward)
 
diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c
index b3ca612c90d6..3eacb05f88d7 100644
--- a/sys/netinet6/nd6.c
+++ b/sys/netinet6/nd6.c
@@ -91,21 +91,37 @@
 
 MALLOC_DEFINE(M_IP6NDP, "ip6ndp", "IPv6 Neighbor Discovery");
 
-/* timer values */
-VNET_DEFINE(int, nd6_prune)	= 1;	/* walk list every 1 seconds */
-VNET_DEFINE(int, nd6_delay)	= 5;	/* delay first probe time 5 second */
-VNET_DEFINE(int, nd6_umaxtries)	= 3;	/* maximum unicast query */
-VNET_DEFINE(int, nd6_mmaxtries)	= 3;	/* maximum multicast query */
-VNET_DEFINE(int, nd6_useloopback) = 1;	/* use loopback interface for
-					 * local traffic */
-VNET_DEFINE(int, nd6_gctimer)	= (60 * 60 * 24); /* 1 day: garbage
-					 * collection timer */
+VNET_DEFINE_STATIC(int, nd6_prune) = 1;
+#define	V_nd6_prune	VNET(nd6_prune)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, nd6_prune,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_prune), 0,
+    "Frequency in seconds of checks for expired prefixes and routers");
+
+VNET_DEFINE_STATIC(int, nd6_delay) = 5;
+#define	V_nd6_delay	VNET(nd6_delay)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, nd6_delay,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_delay), 0,
+    "Delay in seconds before probing for reachability");
+
+VNET_DEFINE_STATIC(int, nd6_umaxtries) = 3;
+#define	V_nd6_umaxtries	VNET(nd6_umaxtries)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, nd6_umaxtries,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_umaxtries), 0,
+    "Number of ICMPv6 NS messages sent during reachability detection");
+
+VNET_DEFINE(int, nd6_mmaxtries) = 3;
+#define	V_nd6_mmaxtries	VNET(nd6_mmaxtries)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, nd6_mmaxtries,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_mmaxtries), 0,
+    "Number of ICMPv6 NS messages sent during address resolution");
+
+VNET_DEFINE_STATIC(int, nd6_gctimer) = (60 * 60 * 24); /* 1 day: garbage
+							* collection timer */
+#define	V_nd6_gctimer	VNET(nd6_gctimer)
 
 /* preventing too many loops in ND option parsing */
 VNET_DEFINE_STATIC(int, nd6_maxndopt) = 10; /* max # of ND options allowed */
 
-VNET_DEFINE(int, nd6_maxnudhint) = 0;	/* max # of subsequent upper
-					 * layer hints */
 VNET_DEFINE_STATIC(int, nd6_maxqueuelen) = 16; /* max pkts cached in unresolved
 					 * ND entries */
 #define	V_nd6_maxndopt			VNET(nd6_maxndopt)
@@ -116,6 +132,10 @@ VNET_DEFINE(int, nd6_debug) = 1;
 #else
 VNET_DEFINE(int, nd6_debug) = 0;
 #endif
+#define	V_nd6_debug	VNET(nd6_debug)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug,
+    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_debug), 0,
+    "Log NDP debug messages");
 
 static eventhandler_tag lle_event_eh, iflladdr_event_eh, ifnet_link_event_eh;
 
@@ -148,8 +168,6 @@ VNET_DEFINE_STATIC(struct callout, nd6_slowtimo_ch);
 VNET_DEFINE_STATIC(struct callout, nd6_timer_ch);
 #define	V_nd6_timer_ch			VNET(nd6_timer_ch)
 
-SYSCTL_DECL(_net_inet6_icmp6);
-
 static void
 nd6_lle_event(void *arg __unused, struct llentry *lle, int evt)
 {
diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h
index 3e7f2d814d47..1db1b666c60b 100644
--- a/sys/netinet6/nd6.h
+++ b/sys/netinet6/nd6.h
@@ -255,26 +255,12 @@ MALLOC_DECLARE(M_IP6NDP);
 #endif
 
 /* nd6.c */
-VNET_DECLARE(int, nd6_prune);
-VNET_DECLARE(int, nd6_delay);
-VNET_DECLARE(int, nd6_umaxtries);
 VNET_DECLARE(int, nd6_mmaxtries);
-VNET_DECLARE(int, nd6_useloopback);
-VNET_DECLARE(int, nd6_maxnudhint);
-VNET_DECLARE(int, nd6_gctimer);
 VNET_DECLARE(struct nd_prhead, nd_prefix);
 VNET_DECLARE(int, nd6_debug);
-VNET_DECLARE(int, nd6_onlink_ns_rfc4861);
-#define	V_nd6_prune			VNET(nd6_prune)
-#define	V_nd6_delay			VNET(nd6_delay)
-#define	V_nd6_umaxtries			VNET(nd6_umaxtries)
 #define	V_nd6_mmaxtries			VNET(nd6_mmaxtries)
-#define	V_nd6_useloopback		VNET(nd6_useloopback)
-#define	V_nd6_maxnudhint		VNET(nd6_maxnudhint)
-#define	V_nd6_gctimer			VNET(nd6_gctimer)
 #define	V_nd_prefix			VNET(nd_prefix)
 #define	V_nd6_debug			VNET(nd6_debug)
-#define	V_nd6_onlink_ns_rfc4861		VNET(nd6_onlink_ns_rfc4861)
 
 /* Lock for the prefix and default router lists. */
 VNET_DECLARE(struct rwlock, nd6_lock);
diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c
index 7b4fa7a8d8c9..353db66c2323 100644
--- a/sys/netinet6/nd6_nbr.c
+++ b/sys/netinet6/nd6_nbr.c
@@ -110,6 +110,13 @@ VNET_DEFINE_STATIC(int, dad_maxtry) = 15;	/* max # of *tries* to
 						   transmit DAD packet */
 #define	V_dad_maxtry			VNET(dad_maxtry)
 
+VNET_DEFINE_STATIC(int, nd6_onlink_ns_rfc4861) = 0;
+#define	V_nd6_onlink_ns_rfc4861		VNET(nd6_onlink_ns_rfc4861)
+SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
+    nd6_onlink_ns_rfc4861, CTLFLAG_VNET | CTLFLAG_RW,
+    &VNET_NAME(nd6_onlink_ns_rfc4861), 0,
+    "Accept 'on-link' ICMPv6 NS messages in compliance with RFC 4861");
+
 /*
  * Input a Neighbor Solicitation Message.
  *
diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index de991c98b6c3..845f9094f4c4 100644
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -98,11 +98,15 @@ VNET_DEFINE(u_int32_t, ip6_temp_valid_lifetime) = DEF_TEMP_VALID_LIFETIME;
 VNET_DEFINE(int, ip6_temp_regen_advance) = TEMPADDR_REGEN_ADVANCE;
 
 #ifdef EXPERIMENTAL
-VNET_DEFINE(int, nd6_ignore_ipv6_only_ra) = 1;
+VNET_DEFINE_STATIC(int, nd6_ignore_ipv6_only_ra) = 1;
+#define	V_nd6_ignore_ipv6_only_ra	VNET(nd6_ignore_ipv6_only_ra)
+SYSCTL_INT(_net_inet6_icmp6, OID_AUTO,
+    nd6_ignore_ipv6_only_ra, CTLFLAG_VNET | CTLFLAG_RW,
+    &VNET_NAME(nd6_ignore_ipv6_only_ra), 0,
+    "Ignore the 'IPv6-Only flag' in RA messages in compliance with "
+    "draft-ietf-6man-ipv6only-flag");
 #endif
 
-SYSCTL_DECL(_net_inet6_icmp6);
-
 /* RTPREF_MEDIUM has to be 0! */
 #define RTPREF_HIGH	1
 #define RTPREF_MEDIUM	0