[Bug 246748] feature wish: reply_from_interface and reply_src sysctl for IPv6

Tue May 26 11:24:14 UTC 2020

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246748

            Bug ID: 246748
           Summary: feature wish: reply_from_interface and reply_src
                    sysctl for IPv6
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: gert at greenie.muc.de

IPv4 has the "net.inet.icmp.reply_from_interface" and "net.inet.icmp.reply_src"
sysctls to influence source address selection for generated ICMP error
responses (most typically, "administratively prohibited" or "ttl expired").

By default, these packets are sent with the source address of the interface
where the generated ICMP packet is leaving out.

In a router/firewall context, "many network devices" use the source address of
the interface where the original packet (that triggered the ICMP reply) came
*in* on - which makes, for example "traceroute" show up the ingress interface
into the router.  This is a very valuable tool.  If you want FreeBSD to do the
same thing, you set "net.inet.icmp.reply_from_interface=1" - which works very
nicely.

Here comes the feature request: IPv6 support does not have either sysctl today
(at least up to 12.1).  Building a dual-stack setup with "I can do this in IPv4
but not in IPv6" is not good.

Can such functionality be added to the IPv6 ICMP generation as well?

The IPv4 code path looks fairly simple (~30 lines of code), but I most
certainly do not understand the networking code myself to contribute an IPv6
equivalent.

Thanks :-)

-- 
You are receiving this mail because:
You are the assignee for the bug.