allow TCP connections to IPv6 anycast addresses

Fri, 07 Aug 2020 10:42:52 -0700 


No longer prevent TCP connections to IPv6 anycast addresses.

RFC 4291 dropped this requirement from RFC 3513:
   o  An anycast address must not be used as the source address of an
      IPv6 packet.

And from that requirement draft-itojun-ipv6-tcp-to-anycast rightly
concluded that TCP connections must be prevented.

The draft also states:

The proposed method MUST be removed when one of the following events
happens in the future:

o  Restriction imposed on IPv6 anycast address is loosened, so that
   anycast address can be placed into source address field of the IPv6
   header[...]

OK?

diff --git share/man/man9/mbuf.9 share/man/man9/mbuf.9
index 6f798945437..ab02c36798f 100644
--- share/man/man9/mbuf.9
+++ share/man/man9/mbuf.9
@@ -306,8 +306,6 @@ protocol-specific.
 variable is valid.
 .It Dv M_LOOP
 packet has been sent from local machine.
-.It Dv M_ACAST
-received as IPv6 anycast.
 .It Dv M_BCAST
 packet sent/received as link-level broadcast.
 .It Dv M_MCAST
diff --git sys/netinet/ip_input.c sys/netinet/ip_input.c
index 1b511d14a4b..40c2f675959 100644
--- sys/netinet/ip_input.c
+++ sys/netinet/ip_input.c
@@ -619,20 +619,6 @@ ip_deliver(struct mbuf **mp, int *offp, int nxt, int af)
                        goto bad;
                }
 
-#ifdef INET6
-               /* draft-itojun-ipv6-tcp-to-anycast */
-               if (af == AF_INET6 &&
-                   ISSET((*mp)->m_flags, M_ACAST) && (nxt == IPPROTO_TCP)) {
-                       if ((*mp)->m_len >= sizeof(struct ip6_hdr)) {
-                               icmp6_error(*mp, ICMP6_DST_UNREACH,
-                                       ICMP6_DST_UNREACH_ADDR,
-                                       offsetof(struct ip6_hdr, ip6_dst));
-                               *mp = NULL;
-                       }
-                       goto bad;
-               }
-#endif /* INET6 */
-
 #ifdef IPSEC
                if (ipsec_in_use) {
                        if (ipsec_local_check(*mp, *offp, nxt, af) != 0) {
diff --git sys/netinet6/ip6_input.c sys/netinet6/ip6_input.c
index 64489f53b48..6c1beb6866c 100644
--- sys/netinet6/ip6_input.c
+++ sys/netinet6/ip6_input.c
@@ -424,8 +424,6 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, 
struct ifnet *ifp)
         */
        if (rtisvalid(rt) && ISSET(rt->rt_flags, RTF_LOCAL)) {
                struct in6_ifaddr *ia6 = ifatoia6(rt->rt_ifa);
-               if (ia6->ia6_flags & IN6_IFF_ANYCAST)
-                       m->m_flags |= M_ACAST;
 
                if (ip6_forwarding == 0 && rt->rt_ifidx != ifp->if_index &&
                    !((ifp->if_flags & IFF_LOOPBACK) ||


-- 
I'm not entirely sure you are real.

Reply via email to