From owner-freebsd-net@FreeBSD.ORG Sat Jun 27 10:45:21 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73D00106566C; Sat, 27 Jun 2009 10:45:21 +0000 (UTC) (envelope-from rpaulo@gmail.com) Received: from mail-ew0-f213.google.com (mail-ew0-f213.google.com [209.85.219.213]) by mx1.freebsd.org (Postfix) with ESMTP id 7C3318FC24; Sat, 27 Jun 2009 10:45:20 +0000 (UTC) (envelope-from rpaulo@gmail.com) Received: by ewy9 with SMTP id 9so2427816ewy.43 for ; Sat, 27 Jun 2009 03:45:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=ZT9BwGvVqV+tGW6+8hAjJx1WC2IL5koXCAxSllGmX1U=; b=i3sXRKda4nUvr+XabDxL0373ULDyl9mEmGrTnmzmtIYoNk8XxX1zDfJioF3XhMookM X/YV4gDuZ3/YAml7qY1yBIdja3NWZ+O4XOwbM0tF8pyRwVDrPeUOm8RSDcggShxfMwjq tP+w9M+MKz9P1nTv3Ls4YKIktaA+F0K1x4Jck= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=hNXH44Yqki3urCvCzdR6wq3eusLELLej07Lr8W9ahZz3778KtD58nf16szpHhzv5TT aeRLqWN359WUMv1lgBsoywJV6qPnxle80akE0Bhftlk1JCIbMcaej9HuoSzlzwtdY2Cg FzzhlkhhhEq/zRgYBGPyoIxtPgbgQdOzwJOZw= Received: by 10.210.16.17 with SMTP id 17mr460221ebp.52.1246098007533; Sat, 27 Jun 2009 03:20:07 -0700 (PDT) Received: from omega.lan (bl5-224-235.dsl.telepac.pt [82.154.224.235]) by mx.google.com with ESMTPS id 7sm1731386eyb.25.2009.06.27.03.20.06 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 27 Jun 2009 03:20:07 -0700 (PDT) Sender: Rui Paulo Message-Id: From: Rui Paulo To: Hiroki Sato In-Reply-To: <20090626.170006.244306978.hrs@allbsd.org> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Date: Sat, 27 Jun 2009 11:20:05 +0100 References: <20090626.170006.244306978.hrs@allbsd.org> X-Mailer: Apple Mail (2.935.3) Cc: jinmei@isc.org, bz@FreeBSD.org, rwatson@FreeBSD.org, ume@FreeBSD.org, net@FreeBSD.org Subject: Re: RFC: convert net.inet6.ip6.{accept_rtadv, auto_linklocal} to per-interface flags X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2009 10:45:21 -0000 On 26 Jun 2009, at 09:00, Hiroki Sato wrote: > Hi all, > > I want to convert net.inet6.ip6.{accept_rtadv,auto_linklocal} to > per-interface flags to nuke rc.d/auto_linklocal. The motivations and > changes are as follow. If you are using IPv6 and/or familiar with > the IPv6 implementation, please let me know your comments. > > The ip6.autolinklocal had been enabled but disabled since 6.2R by > default because automatic configuration of L3 address is insecure. > However, it makes IPv6 configuration complex because of no link-local > address on an interface. Malformed address configuration can be > happened easily on a system with $ipv6_enable="NO". for example. In > addition, the rc.conf knob does not mean the IPv6 functionality is > completely disabled. Using an interface for IPv4-only is difficult. > > So, I want to add the following changes: > > 1. Use per-interface ND6 flag "ifdisabled" as a flag for if it is > IPv6-enabled or not. Set it by default. This looks okay, but "ifdisabled" seems to mean "disable the interface" instead of the actual meaning: "disable ipv6 neighbor discovery / disable ipv6 link local". Bikeshed apart, what about: # ifconfig fxp0 -nd6 (to disable ND6) # ifconfig fxp0 nd6 (to enable it) And ifconfig fxp0 will show "nd6" or "-nd6" depending on wether the bit is on or off, respectively. "accept_rtadvd" could follow the same principles. What do you think? -- Rui Paulo