Date: Thu, 28 Feb 2019 16:47:21 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: rgrimes@FreeBSD.org, freebsd@pdx.rh.CN85.dnsmgr.net Cc: bz@FreeBSD.org, freebsd-net@FreeBSD.org, rmacklem@uoguelph.ca Subject: Re: use of #ifdef INET and #ifdef INET6 in the kernel sources Message-ID: <20190228.164721.696461235015072338.hrs@allbsd.org> In-Reply-To: <201902280158.x1S1wi7s053904@pdx.rh.CN85.dnsmgr.net> References: <8EDE90B3-0C33-47B5-88D8-964B131AEE2E@FreeBSD.org> <201902280158.x1S1wi7s053904@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Thu_Feb_28_16_47_21_2019_202)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit "Rodney W. Grimes" <freebsd@pdx.rh.CN85.dnsmgr.net> wrote in <201902280158.x1S1wi7s053904@pdx.rh.CN85.dnsmgr.net>: fr> > fr> > I know both of these groups still do exist. fr> > fr> > Also every code not compiled in is not an attack surface, where you fr> > think it?s executed or not. fr> fr> This last reason is/was a prevelent one for me for a long time, fr> diven ipv6 is trying to autoconfigure stuff and interfaces fr> just get a link local address that is reachable that I would fr> have to secure. Its was/is a royal pita to do that for lots of fr> machines. fr> fr> Am I missing something in there is just some way to turn off the fr> link local ipv6 address? There is a way to disable automatic link-local address configuration but completely turning it off prevents NDP from working. Having a knob to restrict L3 communication over link-local addresses may be a good compromise. At this moment, a packet filter is required to do so. -- Hiroki ----Security_Multipart(Thu_Feb_28_16_47_21_2019_202)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iEYEABECAAYFAlx3kgkACgkQTyzT2CeTzy236gCgsl4rU2ULcUkV1MKS1mg3TMcy zFsAn3uGZUDvSBstYlT/kfach0RIYnOV =hL0g -----END PGP SIGNATURE----- ----Security_Multipart(Thu_Feb_28_16_47_21_2019_202)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190228.164721.696461235015072338.hrs>