diff options
| author | Pawel Biernacki <kaktus@FreeBSD.org> | 2023-03-13 16:36:11 +0000 |
|---|---|---|
| committer | Pawel Biernacki <kaktus@FreeBSD.org> | 2023-03-13 16:46:21 +0000 |
| commit | 3eaffc626589eb2fc20a3c9c87eb8ab0ee89e783 (patch) | |
| tree | a89ba3569a19e5b27742506735be22f67dfa8fbf /sys | |
| parent | fc76ddee9be0d7f98c9f9a162627950f8102964e (diff) | |
| download | src-3eaffc626589eb2fc20a3c9c87eb8ab0ee89e783.tar.gz src-3eaffc626589eb2fc20a3c9c87eb8ab0ee89e783.zip | |
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet6/in6_proto.c | 5 | ||||
| -rw-r--r-- | sys/netinet6/ip6_forward.c | 6 | ||||
| -rw-r--r-- | sys/netinet6/ip6_mroute.c | 3 | ||||
| -rw-r--r-- | sys/netinet6/ip6_var.h | 3 |
4 files changed, 14 insertions, 3 deletions
diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index ca1257456326..1f2a41dd51de 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -179,6 +179,7 @@ VNET_DEFINE(int, ip6stealth) = 0; #endif VNET_DEFINE(int, nd6_onlink_ns_rfc4861) = 0;/* allow 'on-link' nd6 NS * (RFC 4861) */ +VNET_DEFINE(bool, ip6_log_cannot_forward) = 1; /* icmp6 */ /* @@ -342,6 +343,10 @@ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6stealth), 0, "Forward IPv6 packets without decrementing their TTL"); #endif +SYSCTL_BOOL(_net_inet6_ip6, OID_AUTO, + log_cannot_forward, CTLFLAG_VNET | CTLFLAG_RW, + &VNET_NAME(ip6_log_cannot_forward), 1, + "Log packets that cannot be forwarded"); /* net.inet6.icmp6 */ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, rediraccept, diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index a95e58ba09a1..fc00eab4b784 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -114,7 +114,8 @@ ip6_forward(struct mbuf *m, int srcrt) IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { IP6STAT_INC(ip6s_cantforward); /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ - if (V_ip6_log_time + V_ip6_log_interval < time_uptime) { + if (V_ip6_log_cannot_forward && + (V_ip6_log_time + V_ip6_log_interval < time_uptime)) { V_ip6_log_time = time_uptime; log(LOG_DEBUG, "cannot forward " @@ -221,7 +222,8 @@ again: IP6STAT_INC(ip6s_badscope); in6_ifstat_inc(nh->nh_ifp, ifs6_in_discard); - if (V_ip6_log_time + V_ip6_log_interval < time_uptime) { + if (V_ip6_log_cannot_forward && + (V_ip6_log_time + V_ip6_log_interval < time_uptime)) { V_ip6_log_time = time_uptime; log(LOG_DEBUG, "cannot forward " diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index e690cb64894f..cdccd04abc63 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -1099,7 +1099,8 @@ X_ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m) */ if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { IP6STAT_INC(ip6s_cantforward); - if (V_ip6_log_time + V_ip6_log_interval < time_uptime) { + if (V_ip6_log_cannot_forward && + (V_ip6_log_time + V_ip6_log_interval < time_uptime)) { V_ip6_log_time = time_uptime; log(LOG_DEBUG, "cannot forward " diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index 32158534ef5b..469b49459e2c 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -339,6 +339,9 @@ VNET_DECLARE(int, nd6_ignore_ipv6_only_ra); #define V_nd6_ignore_ipv6_only_ra VNET(nd6_ignore_ipv6_only_ra) #endif +VNET_DECLARE(bool, ip6_log_cannot_forward); +#define V_ip6_log_cannot_forward VNET(ip6_log_cannot_forward) + extern struct pr_usrreqs rip6_usrreqs; struct sockopt; |