Date: Tue, 25 Sep 2012 19:39:21 -0400 From: "Mikhail T." <mi+thun@aldan.algebra.com> To: net@FreeBSD.org Cc: rpaulo@FreeBSD.org, kensmith@FreeBSD.org, ra@iop.kiev.ua Subject: Should not libpcap be compiled with INET6 unconditionally? Message-ID: <506240A9.1010301@aldan.algebra.com>
next in thread | raw e-mail | index | archive | help
On my systems, where I rebuild "world" by hand, I usually disable INET6
(WITHOUT_INET6 is documented in src.conf(5)) -- because it is still a waste on
today's Internet with most ISPs.
Unfortunately, this effectively disables tools like nmap, which use an
expression like:
Packet capture filter (device lo0): dst host 127.0.0.1 and (icmp *or icmp6*
or ((tcp or udp or sctp) and (src host 127.0.0.1)))
for many (most?) scans. The problem is, libpcap simply refuses to recognize the
INET6-related tokens (like the icmp6 above), unless INET6 is defined at compile
time:
Error compiling our pcap filter: *icmp6 not supported*
In addition to disabling nmap, this also prevents a non-INET6 machine to be used
to examine a network dump obtained from an INET6-using host -- by tcpdump or any
other libpcap-using tool.
Unlike other utilities, which expect INET6 support from libc, libpcap can be
compiled with -DINET6 by itself. I'd say, it should be built this way --
unconditionally:
--- Makefile (revision 240899)
+++ Makefile (working copy)
@@ -90,9 +90,7 @@
CFLAGS+=-DHAVE_CONFIG_H -Dyylval=pcapyylval -I${.CURDIR} -I.
CFLAGS+=-D_U_="__attribute__((unused))"
CFLAGS+=-DHAVE_SNPRINTF -DHAVE_VSNPRINTF
-.if ${MK_INET6_SUPPORT} != "no"
CFLAGS+=-DINET6
-.endif
.if ${MK_PF} != "no"
CFLAGS+=-DHAVE_NET_PFVAR_H
.endif
Yours,
-mi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?506240A9.1010301>