https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293525
Bug ID: 293525
Summary: netinet6: IPV6_MINHOPCOUNT is missing (IPv6 support
for RFC 5082)
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Normative reference: https://datatracker.ietf.org/doc/html/rfc5082
This is not an immediate priority for me at the moment, however, it is probably
out of scope for delegating to a GSoC student, and needs to be handled for
IXP/route-reflector consumers in particular, as FRR/BIRD and others use this.
It can be considered part of the minimum viable product (MVP) for a secure
route reflector in that regard. Passing it back up the transport layer is
another issue which I will raise a separate Bugzilla for to track the change.
OpenBSD has this already, cherry-picking the change should be a drop-in:
https://sourcegraph.com/r/github.com/openbsd/src/-/commit/e5ff19c718a7f8106479296f9aa531519e06c0f7
rwatson touched the IPv4 path for this, IP_MINTTL, a long long time ago:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=128790
Then IP_MINTTL broke in the 11-STABLE, 12-CURRENT lifetime, fixed by ae@:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239799
NOTE: As of writing, the svnweb links for the relevant commits are down.
Here's the LLM prompt and output, good for a week from 2026-02-28:
https://search.brave.com/ask?q=Do+FreeBSD+or+Linux+implement+RFC+5082%2C+The+Generalized+TTL+Security+Mechanism+%28GTSM%29+%3F&conversation=08caf132688a19b59df3fa68b90435890ead#TSdEZVG_Da_N9qbmjzDxylNgz3sKI0joIaDZDCBqdBY
Parrot: "As noted in a 2011 mailing list discussion, ICMP packets are not
passed with their TTL to upper-layer protocols, making it impossible to
enforce GTSM on ICMP error messages without kernel modifications."
--
You are receiving this mail because:
You are the assignee for the bug.
