diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2026-01-27 21:29:20 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2026-03-05 19:57:36 +0000 |
| commit | a1789fa30c0b1e4c20a083c550f0ec2d50e480e4 (patch) | |
| tree | 1108d8f99c6b5d361f3e2a36811340a407c40c70 | |
| parent | 54bf594851f671e231d2786cdacaf68f290ff738 (diff) | |
netinet6: Remove support for connecting to IN6ADDR_ANY
RFC4291 section 2.5.2:
The unspecified address must not be used as the destination address
of IPv6 packets or in IPv6 Routing headers. An IPv6 packet with a
source address of unspecified must never be forwarded by an IPv6
router.
We disallowed connections to IN6ADDR_ANY by default, as of commit
627e126dbb07 ("netinet6: Disallow connections to IN6ADDR_ANY"). As this
is actually disallowed by the RFC, just remove the support.
Reported by: bz (in D54306)
Reviewed by: bz, glebius
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54942
| -rw-r--r-- | sys/netinet6/in6_pcb.c | 19 |
1 files changed, 2 insertions, 17 deletions
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index 9eb7a59fcf55..d503165979c8 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -113,14 +113,6 @@ #include <netinet6/in6_fib.h> #include <netinet6/scope6_var.h> -SYSCTL_DECL(_net_inet6); -SYSCTL_DECL(_net_inet6_ip6); -VNET_DEFINE_STATIC(int, connect_in6addr_wild) = 0; -#define V_connect_in6addr_wild VNET(connect_in6addr_wild) -SYSCTL_INT(_net_inet6_ip6, OID_AUTO, connect_in6addr_wild, - CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(connect_in6addr_wild), 0, - "Allow connecting to the unspecified address for connect(2)"); - int in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred) { @@ -396,16 +388,9 @@ in6_pcbladdr(struct inpcb *inp, struct sockaddr_in6 *sin6, if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0) return(error); - if (V_connect_in6addr_wild && !CK_STAILQ_EMPTY(&V_in6_ifaddrhead)) { - /* - * If the destination address is UNSPECIFIED addr, - * use the loopback addr, e.g ::1. - */ - if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) - sin6->sin6_addr = in6addr_loopback; - } else if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { + /* RFC4291 section 2.5.2 */ + if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) return (ENETUNREACH); - } if ((error = prison_remote_ip6(inp->inp_cred, &sin6->sin6_addr)) != 0) return (error); |