added a knob to enable path MTU discovery for multicast packets.

(by default, it is disabled)

Submitted by:	suz
Obtained from:	KAME

4 files changed, 28 insertions, 14 deletions

diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h
index 6e5aaeb..d0435f6 100644
--- a/sys/netinet6/in6.h
+++ b/sys/netinet6/in6.h
@@ -593,10 +593,14 @@ struct ip6_mtuinfo {
 #define IPV6CTL_USE_DEFAULTZONE	39	/* use default scope zone */
 
 #define IPV6CTL_MAXFRAGS	41	/* max fragments */
+#if 0
+#define IPV6CTL_IFQ		42	/* ip6intrq node */
+#define IPV6CTL_ISATAPRTR	43	/* isatap router */
+#endif
+#define IPV6CTL_MCAST_PMTU	44	/* enable pMTU discovery for multicast? */
 
 /* New entries should be added here from current IPV6CTL_MAXID value. */
 /* to define items, should talk with KAME guys first, for *BSD compatibility */
-/* 42-44 is already used in KAME */
 #define IPV6CTL_STEALTH		45
 #define IPV6CTL_MAXID		46
 #endif /* __BSD_VISIBLE */
diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
index ce95796..a791360 100644
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@ -307,6 +307,7 @@ int	ip6_gif_hlim = 0;
 int	ip6_use_deprecated = 1;	/* allow deprecated addr (RFC2462 5.5.4) */
 int	ip6_rr_prune = 5;	/* router renumbering prefix
 				 * walk list every 5 sec. */
+int	ip6_mcast_pmtu = 0;	/* enable pMTU discovery for multicast? */
 int	ip6_v6only = 1;
 
 int	ip6_keepfaith = 0;
@@ -450,6 +451,8 @@ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE,
 	use_defaultzone, CTLFLAG_RW, &ip6_use_defzone,		0,"");
 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS,
 	maxfrags, CTLFLAG_RW,		&ip6_maxfrags,	0, "");
+SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU,
+	mcast_pmtu, CTLFLAG_RW, 	&ip6_mcast_pmtu,	0, "");
 #ifdef IPSTEALTH
 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW,
 	&ip6stealth, 0, "");
diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c
index 9c19660..7a87d8d 100644
--- a/sys/netinet6/ip6_mroute.c
+++ b/sys/netinet6/ip6_mroute.c
@@ -106,6 +106,7 @@
 
 #include <netinet/in.h>
 #include <netinet/in_var.h>
+#include <netinet/icmp6.h>
 
 #include <netinet/ip6.h>
 #include <netinet6/ip6_var.h>
@@ -1553,21 +1554,26 @@ phyint_send(ip6, mifp, m)
 			    mifp - mif6table, error);
 #endif
 	} else {
-#ifdef MULTICAST_PMTUD
-		icmp6_error(mb_copy, ICMP6_PACKET_TOO_BIG, 0, linkmtu);
-#else
+		/*
+		 * pMTU discovery is intentionally disabled by default, since
+		 * various router may notify pMTU in multicast, which can be
+		 * a DDoS to a router
+		 */
+		if (ip6_mcast_pmtu)
+			icmp6_error(mb_copy, ICMP6_PACKET_TOO_BIG, 0, linkmtu);
+		else {
 #ifdef MRT6DEBUG
-		if (mrt6debug & DEBUG_XMIT)
-			log(LOG_DEBUG,
-			    "phyint_send: packet too big on %s o %s g %s"
-			    " size %d(discarded)\n",
-			    if_name(ifp),
-			    ip6_sprintf(&ip6->ip6_src),
-			    ip6_sprintf(&ip6->ip6_dst),
-			    mb_copy->m_pkthdr.len);
+			if (mrt6debug & DEBUG_XMIT)
+				log(LOG_DEBUG,
+				    "phyint_send: packet too big on %s o %s "
+				    "g %s size %d(discarded)\n",
+				    if_name(ifp),
+				    ip6_sprintf(&ip6->ip6_src),
+				    ip6_sprintf(&ip6->ip6_dst),
+				    mb_copy->m_pkthdr.len);
 #endif /* MRT6DEBUG */
-		m_freem(mb_copy); /* simply discard the packet */
-#endif
+			m_freem(mb_copy); /* simply discard the packet */
+		}
 	}
 
 	splx(s);
diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
index 9a99873..f88f125 100644
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@@ -295,6 +295,7 @@ extern int	ip6_gif_hlim;		/* Hop limit for gif encap packet */
 extern int	ip6_use_deprecated;	/* allow deprecated addr as source */
 extern int	ip6_rr_prune;		/* router renumbering prefix
 					 * walk list every 5 sec.    */
+extern int	ip6_mcast_pmtu;		/* enable pMTU discovery for multicast? */
 extern int	ip6_v6only;
 
 extern struct socket *ip6_mrouter; 	/* multicast routing daemon */