git: a1789fa30c0b - main - netinet6: Remove support for connecting to IN6ADDR_ANY

Thu, 05 Mar 2026 11:58:30 -0800 

The branch main has been updated by emaste:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=a1789fa30c0b1e4c20a083c550f0ec2d50e480e4

commit a1789fa30c0b1e4c20a083c550f0ec2d50e480e4
Author:     Ed Maste <[email protected]>
AuthorDate: 2026-01-27 21:29:20 +0000
Commit:     Ed Maste <[email protected]>
CommitDate: 2026-03-05 19:57:36 +0000

    netinet6: Remove support for connecting to IN6ADDR_ANY
    
    RFC4291 section 2.5.2:
        The unspecified address must not be used as the destination address
        of IPv6 packets or in IPv6 Routing headers.  An IPv6 packet with a
        source address of unspecified must never be forwarded by an IPv6
        router.
    
    We disallowed connections to IN6ADDR_ANY by default, as of commit
    627e126dbb07 ("netinet6: Disallow connections to IN6ADDR_ANY").  As this
    is actually disallowed by the RFC, just remove the support.
    
    Reported by:    bz (in D54306)
    Reviewed by:    bz, glebius
    Relnotes:       yes
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D54942
---
 sys/netinet6/in6_pcb.c | 19 ++-----------------
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index 9eb7a59fcf55..d503165979c8 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -113,14 +113,6 @@
 #include <netinet6/in6_fib.h>
 #include <netinet6/scope6_var.h>
 
-SYSCTL_DECL(_net_inet6);
-SYSCTL_DECL(_net_inet6_ip6);
-VNET_DEFINE_STATIC(int, connect_in6addr_wild) = 0;
-#define        V_connect_in6addr_wild  VNET(connect_in6addr_wild)
-SYSCTL_INT(_net_inet6_ip6, OID_AUTO, connect_in6addr_wild,
-    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(connect_in6addr_wild), 0,
-    "Allow connecting to the unspecified address for connect(2)");
-
 int
 in6_pcbsetport(struct in6_addr *laddr, struct inpcb *inp, struct ucred *cred)
 {
@@ -396,16 +388,9 @@ in6_pcbladdr(struct inpcb *inp, struct sockaddr_in6 *sin6,
        if ((error = sa6_embedscope(sin6, V_ip6_use_defzone)) != 0)
                return(error);
 
-       if (V_connect_in6addr_wild && !CK_STAILQ_EMPTY(&V_in6_ifaddrhead)) {
-               /*
-                * If the destination address is UNSPECIFIED addr,
-                * use the loopback addr, e.g ::1.
-                */
-               if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
-                       sin6->sin6_addr = in6addr_loopback;
-       } else if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
+       /* RFC4291 section 2.5.2 */
+       if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
                return (ENETUNREACH);
-       }
 
        if ((error = prison_remote_ip6(inp->inp_cred, &sin6->sin6_addr)) != 0)
                return (error);

Reply via email to