From ff89e7db2a5a3f45033555b806273e1fcc8abd25 Mon Sep 17 00:00:00 2001 From: ume Date: Fri, 4 Nov 2005 20:55:31 +0000 Subject: [PATCH] MFC: added a knob to enable path MTU discovery for multicast packets. (by default, it is disabled) sys/netinet6/in6.h: 1.40 sys/netinet6/in6_proto.c: 1.36 sys/netinet6/ip6_mroute.c: 1.32 sys/netinet6/ip6_var.h: 1.35 --- sys/netinet6/in6.h | 6 +++++- sys/netinet6/in6_proto.c | 3 +++ sys/netinet6/ip6_mroute.c | 32 +++++++++++++++++++------------- sys/netinet6/ip6_var.h | 1 + 4 files changed, 28 insertions(+), 14 deletions(-) diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h index 6e5aaeb54680..d0435f6645fb 100644 --- a/sys/netinet6/in6.h +++ b/sys/netinet6/in6.h @@ -593,10 +593,14 @@ struct ip6_mtuinfo { #define IPV6CTL_USE_DEFAULTZONE 39 /* use default scope zone */ #define IPV6CTL_MAXFRAGS 41 /* max fragments */ +#if 0 +#define IPV6CTL_IFQ 42 /* ip6intrq node */ +#define IPV6CTL_ISATAPRTR 43 /* isatap router */ +#endif +#define IPV6CTL_MCAST_PMTU 44 /* enable pMTU discovery for multicast? */ /* New entries should be added here from current IPV6CTL_MAXID value. */ /* to define items, should talk with KAME guys first, for *BSD compatibility */ -/* 42-44 is already used in KAME */ #define IPV6CTL_STEALTH 45 #define IPV6CTL_MAXID 46 #endif /* __BSD_VISIBLE */ diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index e8e48cd91dee..cbdb77701a3f 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -307,6 +307,7 @@ int ip6_gif_hlim = 0; int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ int ip6_rr_prune = 5; /* router renumbering prefix * walk list every 5 sec. */ +int ip6_mcast_pmtu = 0; /* enable pMTU discovery for multicast? */ int ip6_v6only = 1; int ip6_keepfaith = 0; @@ -450,6 +451,8 @@ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE, use_defaultzone, CTLFLAG_RW, &ip6_use_defzone, 0,""); SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS, maxfrags, CTLFLAG_RW, &ip6_maxfrags, 0, ""); +SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU, + mcast_pmtu, CTLFLAG_RW, &ip6_mcast_pmtu, 0, ""); #ifdef IPSTEALTH SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW, &ip6stealth, 0, ""); diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index 46bf7b796ca7..6d7ecfab6324 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -106,6 +106,7 @@ #include #include +#include #include #include @@ -1561,21 +1562,26 @@ phyint_send(ip6, mifp, m) mifp - mif6table, error); #endif } else { -#ifdef MULTICAST_PMTUD - icmp6_error(mb_copy, ICMP6_PACKET_TOO_BIG, 0, linkmtu); -#else + /* + * pMTU discovery is intentionally disabled by default, since + * various router may notify pMTU in multicast, which can be + * a DDoS to a router + */ + if (ip6_mcast_pmtu) + icmp6_error(mb_copy, ICMP6_PACKET_TOO_BIG, 0, linkmtu); + else { #ifdef MRT6DEBUG - if (mrt6debug & DEBUG_XMIT) - log(LOG_DEBUG, - "phyint_send: packet too big on %s o %s g %s" - " size %d(discarded)\n", - if_name(ifp), - ip6_sprintf(&ip6->ip6_src), - ip6_sprintf(&ip6->ip6_dst), - mb_copy->m_pkthdr.len); + if (mrt6debug & DEBUG_XMIT) + log(LOG_DEBUG, + "phyint_send: packet too big on %s o %s " + "g %s size %d(discarded)\n", + if_name(ifp), + ip6_sprintf(&ip6->ip6_src), + ip6_sprintf(&ip6->ip6_dst), + mb_copy->m_pkthdr.len); #endif /* MRT6DEBUG */ - m_freem(mb_copy); /* simply discard the packet */ -#endif + m_freem(mb_copy); /* simply discard the packet */ + } } splx(s); diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index 9a99873d3833..f88f125f6cbe 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -295,6 +295,7 @@ extern int ip6_gif_hlim; /* Hop limit for gif encap packet */ extern int ip6_use_deprecated; /* allow deprecated addr as source */ extern int ip6_rr_prune; /* router renumbering prefix * walk list every 5 sec. */ +extern int ip6_mcast_pmtu; /* enable pMTU discovery for multicast? */ extern int ip6_v6only; extern struct socket *ip6_mrouter; /* multicast routing daemon */