git: 29a062108405 - main - tcp: allow connections to IPv6 anycast address
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 19 May 2025 12:40:37 UTC
The branch main has been updated by ivy:
URL: https://cgit.FreeBSD.org/src/commit/?id=29a062108405cf97e16d9a82635ddc9cfd89ae06
commit 29a062108405cf97e16d9a82635ddc9cfd89ae06
Author: Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-05-19 12:33:45 +0000
Commit: Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-05-19 12:40:26 +0000
tcp: allow connections to IPv6 anycast address
currently, we reject incoming TCP connections to an IPv6 anycast address
based on IETF I-D "draft-itojun-ipv6-tcp-to-anycast-01"[0]. the
rationale is that since RFC2373 prohibits sending IPv6 packets with an
anycast address as the source address, it would be impossible to
establish a TCP connection to such an address since the destination host
could not send any replies.
however, this restriction was lifted in RFC4291 and it is no longer
forbidden to send packets from an anycast address; therefore, it's both
possible and permitted to establish a TCP connection using an anycast
address as src or dst address (or both).
based on the above, delete this restriction and allow people to do this.
while there are certain operational reasons to avoid TCP anycast (such
as the risk of the route changing while the connection is open), these
also apply to IPv4 anycast and are specific to the local environment;
for example, it's perfectly valid to have an anycast address which is
only ever assigned to one node.
[0] https://www.ietf.org/archive/id/draft-itojun-ipv6-tcp-to-anycast-01.txt
Reviewed by: tuexen, kevans, adrian
Approved by: kevans (mentor), des (mentor)
Differential Revision: https://reviews.freebsd.org/D50019
---
sys/netinet/tcp_input.c | 15 ---------------
1 file changed, 15 deletions(-)
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 817079dfe6c8..c00a102e8520 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -567,8 +567,6 @@ int
tcp6_input_with_port(struct mbuf **mp, int *offp, int proto, uint16_t port)
{
struct mbuf *m;
- struct in6_ifaddr *ia6;
- struct ip6_hdr *ip6;
m = *mp;
if (m->m_len < *offp + sizeof(struct tcphdr)) {
@@ -580,19 +578,6 @@ tcp6_input_with_port(struct mbuf **mp, int *offp, int proto, uint16_t port)
}
}
- /*
- * draft-itojun-ipv6-tcp-to-anycast
- * better place to put this in?
- */
- ip6 = mtod(m, struct ip6_hdr *);
- ia6 = in6ifa_ifwithaddr(&ip6->ip6_dst, 0 /* XXX */, false);
- if (ia6 && (ia6->ia6_flags & IN6_IFF_ANYCAST)) {
- icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADDR,
- (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);
- *mp = NULL;
- return (IPPROTO_DONE);
- }
-
*mp = m;
return (tcp_input_with_port(mp, offp, proto, port));
}