Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.178.2.8 retrieving revision 1.193.2.2 diff -u -p -r1.178.2.8 -r1.193.2.2 --- src/sys/netinet6/ip6_input.c 2019/09/17 18:57:23 1.178.2.8 +++ src/sys/netinet6/ip6_input.c 2018/03/22 01:44:51 1.193.2.2 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.178.2.8 2019/09/17 18:57:23 martin Exp $ */ +/* $NetBSD: ip6_input.c,v 1.193.2.2 2018/03/22 01:44:51 pgoyette Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,14 +62,13 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.178.2.8 2019/09/17 18:57:23 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.193.2.2 2018/03/22 01:44:51 pgoyette Exp $"); #ifdef _KERNEL_OPT #include "opt_gateway.h" #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" -#include "opt_compat_netbsd.h" #include "opt_net_mpsafe.h" #endif @@ -120,11 +119,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c, #include #endif /* IPSEC */ -#ifdef COMPAT_50 -#include -#include -#endif - #include #include "faith.h" @@ -136,10 +130,6 @@ extern struct domain inet6domain; u_char ip6_protox[IPPROTO_MAX]; pktqueue_t *ip6_pktq __read_mostly; -int ip6_forward_srcrt; /* XXX */ -int ip6_sourcecheck; /* XXX */ -int ip6_sourcecheck_interval; /* XXX */ - pfil_head_t *inet6_pfil_hook; percpu_t *ip6stat_percpu; @@ -151,7 +141,7 @@ static void ip6intr(void *); static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, - u_int32_t *); + u_int32_t *); static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); static void sysctl_net_inet6_ip6_setup(struct sysctllog **); @@ -212,7 +202,7 @@ static void ip6_init2(void) { - /* timer for regeneranation of temporary addresses randomize ID */ + /* timer for regeneration of temporary addresses randomize ID */ callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); callout_reset(&in6_tmpaddrtimer_ch, (ip6_temp_preferred_lifetime - ip6_desync_factor - @@ -268,6 +258,8 @@ ip6_input(struct mbuf *m, struct ifnet * } u; struct route *ro; + KASSERT(rcvif != NULL); + /* * make sure we don't have onion peering information into m_tag. */ @@ -306,7 +298,7 @@ ip6_input(struct mbuf *m, struct ifnet * */ if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { if ((m = m_copyup(m, sizeof(struct ip6_hdr), - (max_linkhdr + 3) & ~3)) == NULL) { + (max_linkhdr + 3) & ~3)) == NULL) { /* XXXJRT new stat, please */ IP6_STATINC(IP6_STAT_TOOSMALL); in6_ifstat_inc(rcvif, ifs6_in_hdrerr); @@ -329,6 +321,54 @@ ip6_input(struct mbuf *m, struct ifnet * } /* + * Check against address spoofing/corruption. + */ + if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || + IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { + /* + * XXX: "badscope" is not very suitable for a multicast source. + */ + IP6_STATINC(IP6_STAT_BADSCOPE); + in6_ifstat_inc(rcvif, ifs6_in_addrerr); + goto bad; + } + + /* + * The following check is not documented in specs. A malicious + * party may be able to use IPv4 mapped addr to confuse tcp/udp stack + * and bypass security checks (act as if it was from 127.0.0.1 by using + * IPv6 src ::ffff:127.0.0.1). Be cautious. + * + * This check chokes if we are in an SIIT cloud. As none of BSDs + * support IPv4-less kernel compilation, we cannot support SIIT + * environment at all. So, it makes more sense for us to reject any + * malicious packets for non-SIIT environment, than try to do a + * partial support for SIIT environment. + */ + if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || + IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { + IP6_STATINC(IP6_STAT_BADSCOPE); + in6_ifstat_inc(rcvif, ifs6_in_addrerr); + goto bad; + } + +#if 0 + /* + * Reject packets with IPv4 compatible addresses (auto tunnel). + * + * The code forbids auto tunnel relay case in RFC1933 (the check is + * stronger than RFC1933). We may want to re-enable it if mech-xx + * is revised to forbid relaying case. + */ + if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || + IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { + IP6_STATINC(IP6_STAT_BADSCOPE); + in6_ifstat_inc(rcvif, ifs6_in_addrerr); + goto bad; + } +#endif + + /* * Assume that we can create a fast-forward IP flow entry * based on this packet. */ @@ -358,13 +398,6 @@ ip6_input(struct mbuf *m, struct ifnet * return; if (m == NULL) return; - if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { - if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { - IP6_STATINC(IP6_STAT_TOOSMALL); - in6_ifstat_inc(rcvif, ifs6_in_hdrerr); - return; - } - } ip6 = mtod(m, struct ip6_hdr *); srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); } @@ -384,52 +417,6 @@ ip6_input(struct mbuf *m, struct ifnet * #endif /* - * Check against address spoofing/corruption. - */ - if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || - IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { - /* - * XXX: "badscope" is not very suitable for a multicast source. - */ - IP6_STATINC(IP6_STAT_BADSCOPE); - in6_ifstat_inc(rcvif, ifs6_in_addrerr); - goto bad; - } - /* - * The following check is not documented in specs. A malicious - * party may be able to use IPv4 mapped addr to confuse tcp/udp stack - * and bypass security checks (act as if it was from 127.0.0.1 by using - * IPv6 src ::ffff:127.0.0.1). Be cautious. - * - * This check chokes if we are in an SIIT cloud. As none of BSDs - * support IPv4-less kernel compilation, we cannot support SIIT - * environment at all. So, it makes more sense for us to reject any - * malicious packets for non-SIIT environment, than try to do a - * partial support for SIIT environment. - */ - if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || - IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { - IP6_STATINC(IP6_STAT_BADSCOPE); - in6_ifstat_inc(rcvif, ifs6_in_addrerr); - goto bad; - } -#if 0 - /* - * Reject packets with IPv4 compatible addresses (auto tunnel). - * - * The code forbids auto tunnel relay case in RFC1933 (the check is - * stronger than RFC1933). We may want to re-enable it if mech-xx - * is revised to forbid relaying case. - */ - if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || - IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { - IP6_STATINC(IP6_STAT_BADSCOPE); - in6_ifstat_inc(rcvif, ifs6_in_addrerr); - goto bad; - } -#endif - - /* * Disambiguate address scope zones (if there is ambiguity). * We first make sure that the original source or destination address * is not in our internal form for scoped addresses. Such addresses @@ -437,7 +424,7 @@ ip6_input(struct mbuf *m, struct ifnet * * to the usage conflict. * in6_setscope() then also checks and rejects the cases where src or * dst are the loopback address and the receiving interface - * is not loopback. + * is not loopback. */ if (__predict_false( m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) @@ -454,6 +441,7 @@ ip6_input(struct mbuf *m, struct ifnet * } ro = percpu_getref(ip6_forward_rt_percpu); + /* * Multicast check */ @@ -466,9 +454,9 @@ ip6_input(struct mbuf *m, struct ifnet * * arrival interface. */ ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); - if (ingroup) + if (ingroup) { ours = 1; - else if (!ip6_mrouter) { + } else if (!ip6_mrouter) { uint64_t *ip6s = IP6_STAT_GETREF(); ip6s[IP6_STAT_NOTMEMBER]++; ip6s[IP6_STAT_CANTFORWARD]++; @@ -483,7 +471,7 @@ ip6_input(struct mbuf *m, struct ifnet * sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); /* - * Unicast check + * Unicast check */ rt = rtcache_lookup2(ro, &u.dst, 1, &hit); if (hit) @@ -491,12 +479,15 @@ ip6_input(struct mbuf *m, struct ifnet * else IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); -#define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) - /* * Accept the packet if the forwarding interface to the destination - * according to the routing table is the loopback interface, + * (according to the routing table) is the loopback interface, * unless the associated route has a gateway. + * + * We don't explicitly match ip6_dst against an interface here. It + * is already done in rtcache_lookup2: rt->rt_ifp->if_type will be + * IFT_LOOP if the packet is for us. + * * Note that this approach causes to accept a packet if there is a * route to the loopback interface for the destination of the packet. * But we think it's even useful in some situations, e.g. when using @@ -504,14 +495,6 @@ ip6_input(struct mbuf *m, struct ifnet * */ if (rt != NULL && (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && -#if 0 - /* - * The check below is redundant since the comparison of - * the destination and the key of the rtentry has - * already done through looking up the routing table. - */ - IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && -#endif rt->rt_ifp->if_type == IFT_LOOP) { struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; int addrok; @@ -572,26 +555,6 @@ ip6_input(struct mbuf *m, struct ifnet * } #endif -#if 0 - { - /* - * Last resort: check in6_ifaddr for incoming interface. - * The code is here until I update the "goto ours hack" code above - * working right. - */ - struct ifaddr *ifa; - IFADDR_READER_FOREACH(ifa, rcvif) { - if (ifa->ifa_addr->sa_family != AF_INET6) - continue; - if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { - ours = 1; - deliverifp = ifa->ifa_ifp; - goto hbhcheck; - } - } - } -#endif - /* * Now there is no reason to process the packet if it's not our own * and we're not a router. @@ -602,10 +565,10 @@ ip6_input(struct mbuf *m, struct ifnet * goto bad_unref; } - hbhcheck: +hbhcheck: /* - * record address information into m_tag, if we don't have one yet. - * note that we are unable to record it, if the address is not listed + * Record address information into m_tag, if we don't have one yet. + * Note that we are unable to record it, if the address is not listed * as our interface address (e.g. multicast addresses, addresses * within FAITH prefixes and such). */ @@ -635,12 +598,11 @@ ip6_input(struct mbuf *m, struct ifnet * struct ip6_hbh *hbh; if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { -#if 0 /*touches NULL pointer*/ + /* m already freed */ in6_ifstat_inc(rcvif, ifs6_in_discard); -#endif rtcache_unref(rt, ro); percpu_putref(ip6_forward_rt_percpu); - return; /* m have already been freed */ + return; } /* adjust pointer */ @@ -688,10 +650,9 @@ ip6_input(struct mbuf *m, struct ifnet * nxt = ip6->ip6_nxt; /* - * Check that the amount of data in the buffers - * is as at least much as the IPv6 header would have us expect. - * Trim mbufs if longer than we expect. - * Drop packet if shorter than we expect. + * Check that the amount of data in the buffers is at least much as + * the IPv6 header would have us expect. Trim mbufs if longer than we + * expect. Drop packet if shorter than we expect. */ if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { IP6_STATINC(IP6_STAT_TOOSHORT); @@ -759,9 +720,6 @@ ip6_input(struct mbuf *m, struct ifnet * goto bad_unref; } - /* - * Tell launch routine the next header - */ #ifdef IFA_STATS if (deliverifp != NULL) { struct in6_ifaddr *ia6; @@ -818,8 +776,8 @@ ip6_input(struct mbuf *m, struct ifnet * #ifdef IPSEC if (ipsec_used) { /* - * enforce IPsec policy checking if we are seeing last - * header. note that we do not visit this with + * Enforce IPsec policy checking if we are seeing last + * header. Note that we do not visit this with * protocols with pcb layer code - like udp/tcp/raw ip. */ if ((inet6sw[ip_protox[nxt]].pr_flags @@ -831,16 +789,16 @@ ip6_input(struct mbuf *m, struct ifnet * goto bad; } } -#endif /* IPSEC */ +#endif nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); } return; - bad_unref: +bad_unref: rtcache_unref(rt, ro); percpu_putref(ip6_forward_rt_percpu); - bad: +bad: m_freem(m); return; } @@ -897,14 +855,14 @@ ip6_hopopts_input(u_int32_t *plenp, u_in /* validation of the length of the header */ IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, - sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); + sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); if (hbh == NULL) { IP6_STATINC(IP6_STAT_TOOSHORT); return -1; } hbhlen = (hbh->ip6h_len + 1) << 3; IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), - hbhlen); + hbhlen); if (hbh == NULL) { IP6_STATINC(IP6_STAT_TOOSHORT); return -1; @@ -914,12 +872,12 @@ ip6_hopopts_input(u_int32_t *plenp, u_in hbhlen -= sizeof(struct ip6_hbh); if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), - hbhlen, rtalertp, plenp) < 0) - return (-1); + hbhlen, rtalertp, plenp) < 0) + return -1; *offp = off; *mp = m; - return (0); + return 0; } /* @@ -1002,7 +960,7 @@ ip6_process_hopopts(struct mbuf *m, u_in /* * We may see jumbolen in unaligned location, so - * we'd need to perform bcopy(). + * we'd need to perform memcpy(). */ memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); jumboplen = (u_int32_t)htonl(jumboplen); @@ -1111,33 +1069,15 @@ void ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, struct ip6_hdr *ip6, struct mbuf *m) { + struct socket *so = in6p->in6p_socket; #ifdef RFC2292 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) #else #define IS2292(x, y) (y) #endif - if (in6p->in6p_socket->so_options & SO_TIMESTAMP -#ifdef SO_OTIMESTAMP - || in6p->in6p_socket->so_options & SO_OTIMESTAMP -#endif - ) { - struct timeval tv; - - microtime(&tv); -#ifdef SO_OTIMESTAMP - if (in6p->in6p_socket->so_options & SO_OTIMESTAMP) { - struct timeval50 tv50; - timeval_to_timeval50(&tv, &tv50); - *mp = sbcreatecontrol((void *) &tv50, sizeof(tv50), - SCM_OTIMESTAMP, SOL_SOCKET); - } else -#endif - *mp = sbcreatecontrol((void *) &tv, sizeof(tv), - SCM_TIMESTAMP, SOL_SOCKET); - if (*mp) - mp = &(*mp)->m_next; - } + if (SOOPT_TIMESTAMP(so->so_options)) + mp = sbsavetimestamp(so->so_options, m, mp); /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) @@ -1150,8 +1090,7 @@ ip6_savecontrol(struct in6pcb *in6p, str memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); in6_clearscope(&pi6.ipi6_addr); /* XXX */ pi6.ipi6_ifindex = m->m_pkthdr.rcvif_index; - *mp = sbcreatecontrol((void *) &pi6, - sizeof(struct in6_pktinfo), + *mp = sbcreatecontrol(&pi6, sizeof(pi6), IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); if (*mp) mp = &(*mp)->m_next; @@ -1160,7 +1099,7 @@ ip6_savecontrol(struct in6pcb *in6p, str if (in6p->in6p_flags & IN6P_HOPLIMIT) { int hlim = ip6->ip6_hlim & 0xff; - *mp = sbcreatecontrol((void *) &hlim, sizeof(int), + *mp = sbcreatecontrol(&hlim, sizeof(hlim), IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); if (*mp) mp = &(*mp)->m_next; @@ -1174,7 +1113,7 @@ ip6_savecontrol(struct in6pcb *in6p, str flowinfo >>= 20; tclass = flowinfo & 0xff; - *mp = sbcreatecontrol((void *)&tclass, sizeof(tclass), + *mp = sbcreatecontrol(&tclass, sizeof(tclass), IPV6_TCLASS, IPPROTO_IPV6); if (*mp) @@ -1222,7 +1161,7 @@ ip6_savecontrol(struct in6pcb *in6p, str * be removed before returning in the RFC 2292. * Note: this constraint is removed in RFC3542. */ - *mp = sbcreatecontrol((void *)hbh, hbhlen, + *mp = sbcreatecontrol(hbh, hbhlen, IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), IPPROTO_IPV6); if (*mp) @@ -1284,7 +1223,7 @@ ip6_savecontrol(struct in6pcb *in6p, str if (!(in6p->in6p_flags & IN6P_DSTOPTS)) break; - *mp = sbcreatecontrol((void *)ip6e, elen, + *mp = sbcreatecontrol(ip6e, elen, IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), IPPROTO_IPV6); if (*mp) @@ -1295,7 +1234,7 @@ ip6_savecontrol(struct in6pcb *in6p, str if (!(in6p->in6p_flags & IN6P_RTHDR)) break; - *mp = sbcreatecontrol((void *)ip6e, elen, + *mp = sbcreatecontrol(ip6e, elen, IS2292(IPV6_2292RTHDR, IPV6_RTHDR), IPPROTO_IPV6); if (*mp) @@ -1353,7 +1292,7 @@ ip6_notify_pmtu(struct in6pcb *in6p, con if (sa6_recoverscope(&mtuctl.ip6m_addr)) return; - if ((m_mtu = sbcreatecontrol((void *)&mtuctl, sizeof(mtuctl), + if ((m_mtu = sbcreatecontrol(&mtuctl, sizeof(mtuctl), IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) return; @@ -1472,7 +1411,7 @@ ip6_nexthdr(struct mbuf *m, int off, int /* just in case */ if (m == NULL) - panic("ip6_nexthdr: m == NULL"); + panic("%s: m == NULL", __func__); if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) return -1; @@ -1627,11 +1566,6 @@ sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS static void sysctl_net_inet6_ip6_setup(struct sysctllog **clog) { -#ifdef RFC2292 -#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) -#else -#define IS2292(x, y) (y) -#endif sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT, @@ -1667,34 +1601,6 @@ sysctl_net_inet6_ip6_setup(struct sysctl NULL, 0, &ip6_defhlim, 0, CTL_NET, PF_INET6, IPPROTO_IPV6, IPV6CTL_DEFHLIM, CTL_EOL); -#ifdef notyet - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "mtu", NULL, - NULL, 0, &, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_DEFMTU, CTL_EOL); -#endif -#ifdef __no_idea__ - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "forwsrcrt", NULL, - NULL, 0, &?, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_FORWSRCRT, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_STRUCT, "mrtstats", NULL, - NULL, 0, &?, sizeof(?), - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_MRTSTATS, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_?, "mrtproto", NULL, - NULL, 0, &?, sizeof(?), - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_MRTPROTO, CTL_EOL); -#endif sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "maxfragpackets", @@ -1703,20 +1609,6 @@ sysctl_net_inet6_ip6_setup(struct sysctl NULL, 0, &ip6_maxfragpackets, 0, CTL_NET, PF_INET6, IPPROTO_IPV6, IPV6CTL_MAXFRAGPACKETS, CTL_EOL); -#ifdef __no_idea__ - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "sourcecheck", NULL, - NULL, 0, &?, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_SOURCECHECK, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "sourcecheck_logint", NULL, - NULL, 0, &?, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); -#endif sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "accept_rtadv", @@ -1748,7 +1640,7 @@ sysctl_net_inet6_ip6_setup(struct sysctl sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "log_interval", - SYSCTL_DESCR("Minumum interval between logging " + SYSCTL_DESCR("Minimum interval between logging " "unroutable packets"), NULL, 0, &ip6_log_interval, 0, CTL_NET, PF_INET6, IPPROTO_IPV6,