Bug 285591 - IPv4 sysctl variable name change
Summary: IPv4 sysctl variable name change
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 14.2-RELEASE
Hardware: Any Any
: --- Affects Many People
Assignee: Ed Maste
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-03-22 21:18 UTC by SBHMedia
Modified: 2025-03-27 19:31 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SBHMedia 2025-03-22 21:18:28 UTC 
Sysctl throws an unknown oid for the line
net.inet.ip.check_interface=1
The variable has been renamed
from
check_interface
to
rfc1122_strong_es

Documented as:
Enable a consistency check between the destination address
* and the arrival interface for a unicast packet (the RFC 1122
* strong ES model) with a list of additional predicates:
* - if IP forwarding is disabled
* - the packet is not locally generated
* - the packet is not subject to 'ipfw fwd'
* - Interface is not running CARP. If the packet got here, we already
* checked it with carp_iamatch() and carp_forus().

Default /etc/sysctl.conf change required:
old
IPv4 security additions
net.inet.ip.check_interface=1
new
IPv4 security additions
net.inet.ip.rfc1122_strong_es=1

==========
References
https://forums.freebsd.org/threads/sysctl-variable-throws-an-error-on-startup-net-inet-ip-check_interface.95439/
https://reviews.freebsd.org/D32912
Comment 1 Ed Maste freebsd_committer freebsd_triage 2025-03-24 14:34:56 UTC 
I cannot find the old name for this sysctl in FreeBSD documentation. I do see it in release notes for long-past-EOL releases and in tools/tools/sysdoc. https://reviews.freebsd.org/D49486 is open for changing it in the latter.

Please let us know if there are other instances of the old sysctl name in FreeBSD documentation.
Comment 2 commit-hook freebsd_committer freebsd_triage 2025-03-25 12:37:22 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=d45d070e5475466ceac8057f2e7558055267fb1b

commit d45d070e5475466ceac8057f2e7558055267fb1b
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2025-03-24 13:53:27 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2025-03-25 12:36:00 +0000

    tools/sysdoc: Chase sysctl rename

    PR:             285591
    Reviewed by:    glebius
    Fixes: 94df3271d6b2 ("Rename net.inet.ip.check_interface to rfc1122_strong_es and document it.")
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D49486

 tools/tools/sysdoc/tunables.mdoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2025-03-27 19:19:11 UTC 
A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=a75dbf419467eacec88078f9667b43de613bad56

commit a75dbf419467eacec88078f9667b43de613bad56
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2025-03-24 13:53:27 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2025-03-27 19:15:04 +0000

    tools/sysdoc: Chase sysctl rename

    PR:             285591
    Reviewed by:    glebius
    Fixes: 94df3271d6b2 ("Rename net.inet.ip.check_interface to rfc1122_strong_es and document it.")
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D49486

    (cherry picked from commit d45d070e5475466ceac8057f2e7558055267fb1b)

 tools/tools/sysdoc/tunables.mdoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
Comment 4 Ed Maste freebsd_committer freebsd_triage 2025-03-27 19:31:58 UTC 
Updated the instance of check_interface that I found in the tree. Please reopen if you are aware of other instances in the src, doc or ports trees.