On 2025/09/15 12:43, florian@openbsd.org wrote:
> IPv4 does not do this and it is one of thousands of things that can go
> wrong and we do not log those either.
> 
> With that net.inet6.ip6.log_interval can go.
> 
> OK?

I have a bunch of these logged but haven't found a good use for them,
ok with me fwiw.


> diff --git lib/libc/sys/sysctl.2 lib/libc/sys/sysctl.2
> index bd31f3aa0f4..b4a34f2748c 100644
> --- lib/libc/sys/sysctl.2
> +++ lib/libc/sys/sysctl.2
> @@ -1849,7 +1849,6 @@ The currently defined protocols and names are:
>  .It ip6 Ta forwarding Ta integer Ta yes
>  .It ip6 Ta hdrnestlimit Ta integer Ta yes
>  .It ip6 Ta hlim Ta integer Ta yes
> -.It ip6 Ta log_interval Ta integer Ta yes
>  .It ip6 Ta maxdynroutes Ta integer Ta yes
>  .It ip6 Ta maxfragpackets Ta integer Ta yes
>  .It ip6 Ta maxfrags Ta integer Ta yes
> @@ -1973,12 +1972,6 @@ This value applies to all the transport protocols on top of IPv6.
>  Methods for overriding this value are documented in
>  .Xr ip6 4 .
>  .Pp
> -.It Li ip6.log_interval Pq Va net.inet6.ip6.log_interval
> -This variable permits adjusting the amount of logs generated by the
> -IPv6 packet forwarding engine.
> -The value indicates the number of
> -seconds of interval which must elapse between log output.
> -.Pp
>  .It Li ip6.maxdynroutes Pq Va net.inet6.ip6.maxdynroutes
>  Maximum number of routes created by redirect.
>  Set to negative to disable.
> diff --git sys/netinet6/in6.h sys/netinet6/in6.h
> index b3b7c28fc04..a6826e8756e 100644
> --- sys/netinet6/in6.h
> +++ sys/netinet6/in6.h
> @@ -616,7 +616,7 @@ ifatoia6(struct ifaddr *ifa)
>  	{ "sourcecheck_logint", CTLTYPE_INT }, \
>  	{ 0, 0 }, \
>  	{ 0, 0 }, \
> -	{ "log_interval", CTLTYPE_INT }, \
> +	{ 0, 0 }, \
>  	{ "hdrnestlimit", CTLTYPE_INT }, \
>  	{ "dad_count", CTLTYPE_INT }, \
>  	{ "auto_flowlabel", CTLTYPE_INT }, \
> diff --git sys/netinet6/in6_proto.c sys/netinet6/in6_proto.c
> index cf78a56d460..1f13bba4191 100644
> --- sys/netinet6/in6_proto.c
> +++ sys/netinet6/in6_proto.c
> @@ -357,7 +357,6 @@ int	ip6_defhlim = IPV6_DEFHLIM;			/* [a] */
>  int	ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; /* [a] */
>  int	ip6_maxfragpackets = 200;			/* [a] */
>  int	ip6_maxfrags = 200;	/* [a] */
> -int	ip6_log_interval = 5;	/* [a] */
>  int	ip6_hdrnestlimit = 10;	/* [a] appropriate? */
>  int	ip6_dad_count = 1;	/* [a] DupAddrDetectionTransmits */
>  int	ip6_dad_pending;	/* number of currently running DADs */
> @@ -365,7 +364,6 @@ int	ip6_auto_flowlabel = 1;	/* [a] */
>  int	ip6_mcast_pmtu = 0;	/* [a] enable pMTU discovery for multicast? */
>  int	ip6_neighborgcthresh = 2048; /* [a] Threshold # of NDP entries for GC */
>  int	ip6_maxdynroutes = 4096; /* [a] Max # of routes created via redirect */
> -time_t	ip6_log_time = (time_t)0L;
>  
>  /* raw IP6 parameters */
>  /*
> diff --git sys/netinet6/ip6_forward.c sys/netinet6/ip6_forward.c
> index 3d65103d8bb..672c02b329d 100644
> --- sys/netinet6/ip6_forward.c
> +++ sys/netinet6/ip6_forward.c
> @@ -94,7 +94,6 @@ ip6_forward(struct mbuf *m, struct route *ro, int flags)
>  #ifdef IPSEC
>  	struct tdb *tdb = NULL;
>  #endif /* IPSEC */
> -	char src6[INET6_ADDRSTRLEN], dst6[INET6_ADDRSTRLEN];
>  
>  	/*
>  	 * Do not forward packets to multicast destination (should be handled
> @@ -105,21 +104,7 @@ ip6_forward(struct mbuf *m, struct route *ro, int flags)
>  	if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
>  	    IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
>  	    IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
> -		time_t uptime;
> -
>  		ip6stat_inc(ip6s_cantforward);
> -		uptime = getuptime();
> -
> -		if (ip6_log_time + atomic_load_int(&ip6_log_interval) <
> -		    uptime) {
> -			ip6_log_time = uptime;
> -			inet_ntop(AF_INET6, &ip6->ip6_src, src6, sizeof(src6));
> -			inet_ntop(AF_INET6, &ip6->ip6_dst, dst6, sizeof(dst6));
> -			log(LOG_DEBUG,
> -			    "cannot forward "
> -			    "from %s to %s nxt %d received on interface %u\n",
> -			    src6, dst6, ip6->ip6_nxt, ifidx);
> -		}
>  		m_freem(m);
>  		goto done;
>  	}
> @@ -222,22 +207,8 @@ reroute:
>  	 */
>  	if (in6_addr2scopeid(ifidx, &ip6->ip6_src) !=
>  	    in6_addr2scopeid(rt->rt_ifidx, &ip6->ip6_src)) {
> -		time_t uptime;
> -
>  		ip6stat_inc(ip6s_cantforward);
>  		ip6stat_inc(ip6s_badscope);
> -		uptime = getuptime();
> -
> -		if (ip6_log_time + atomic_load_int(&ip6_log_interval) <
> -		    uptime) {
> -			ip6_log_time = uptime;
> -			inet_ntop(AF_INET6, &ip6->ip6_src, src6, sizeof(src6));
> -			inet_ntop(AF_INET6, &ip6->ip6_dst, dst6, sizeof(dst6));
> -			log(LOG_DEBUG,
> -			    "cannot forward "
> -			    "src %s, dst %s, nxt %d, rcvif %u, outif %u\n",
> -			    src6, dst6, ip6->ip6_nxt, ifidx, rt->rt_ifidx);
> -		}
>  		type = ICMP6_DST_UNREACH;
>  		code = ICMP6_DST_UNREACH_BEYONDSCOPE;
>  		m_freem(m);
> diff --git sys/netinet6/ip6_input.c sys/netinet6/ip6_input.c
> index f7d89316c8d..37680d7fe52 100644
> --- sys/netinet6/ip6_input.c
> +++ sys/netinet6/ip6_input.c
> @@ -1447,7 +1447,6 @@ const struct sysctl_bounded_args ipv6ctl_vars[] = {
>  #endif
>  	{ IPV6CTL_DEFHLIM, &ip6_defhlim, 0, 255 },
>  	{ IPV6CTL_MAXFRAGPACKETS, &ip6_maxfragpackets, 0, 1000 },
> -	{ IPV6CTL_LOG_INTERVAL, &ip6_log_interval, 0, INT_MAX },
>  	{ IPV6CTL_HDRNESTLIMIT, &ip6_hdrnestlimit, 0, 100 },
>  	{ IPV6CTL_DAD_COUNT, &ip6_dad_count, 0, 10 },
>  	{ IPV6CTL_AUTO_FLOWLABEL, &ip6_auto_flowlabel, 0, 1 },
> diff --git sys/netinet6/ip6_mroute.c sys/netinet6/ip6_mroute.c
> index 3b0b54af5ca..b942728b407 100644
> --- sys/netinet6/ip6_mroute.c
> +++ sys/netinet6/ip6_mroute.c
> @@ -951,18 +951,6 @@ ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m, int flags)
>  	 */
>  	if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
>  		ip6stat_inc(ip6s_cantforward);
> -		if (ip6_log_time + atomic_load_int(&ip6_log_interval) <
> -		    getuptime()) {
> -			char src[INET6_ADDRSTRLEN], dst[INET6_ADDRSTRLEN];
> -
> -			ip6_log_time = getuptime();
> -
> -			inet_ntop(AF_INET6, &ip6->ip6_src, src, sizeof(src));
> -			inet_ntop(AF_INET6, &ip6->ip6_dst, dst, sizeof(dst));
> -			log(LOG_DEBUG, "cannot forward "
> -			    "from %s to %s nxt %d received on interface %u\n",
> -			    src, dst, ip6->ip6_nxt, m->m_pkthdr.ph_ifidx);
> -		}
>  		return 0;
>  	}
>  
> diff --git sys/netinet6/ip6_var.h sys/netinet6/ip6_var.h
> index aff1126c9ee..37f733dfd7d 100644
> --- sys/netinet6/ip6_var.h
> +++ sys/netinet6/ip6_var.h
> @@ -289,8 +289,6 @@ extern struct socket *ip6_mrouter[RT_TABLEID_MAX + 1]; /* multicast routing daem
>  extern int	ip6_sendredirects;	/* send IP redirects when forwarding? */
>  extern int	ip6_maxfragpackets; /* Maximum packets in reassembly queue */
>  extern int	ip6_maxfrags;	/* Maximum fragments in reassembly queue */
> -extern int	ip6_log_interval;
> -extern time_t	ip6_log_time;
>  extern int	ip6_hdrnestlimit; /* upper limit of # of extension headers */
>  extern int	ip6_dad_count;		/* DupAddrDetectionTransmits */
>  extern int	ip6_dad_pending;	/* number of currently running DADs */
> 
> -- 
> In my defence, I have been left unsupervised.
>