From owner-freebsd-net@freebsd.org Fri Mar 1 12:19:49 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BB08D15141D6 for ; Fri, 1 Mar 2019 12:19:49 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BF3707546D; Fri, 1 Mar 2019 12:19:48 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id x21CJk3q061224; Fri, 1 Mar 2019 04:19:46 -0800 (PST) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id x21CJkIE061223; Fri, 1 Mar 2019 04:19:46 -0800 (PST) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201903011219.x21CJkIE061223@pdx.rh.CN85.dnsmgr.net> Subject: Re: use of #ifdef INET and #ifdef INET6 in the kernel sources In-Reply-To: To: Rick Macklem Date: Fri, 1 Mar 2019 04:19:46 -0800 (PST) CC: "Bjoern A. Zeeb" , FreeBSD Net , "rgrimes@freebsd.org" X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: BF3707546D X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [3.02 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_SHORT(0.92)[0.925,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[dnsmgr.net]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.69)[0.688,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: pdx.rh.CN85.dnsmgr.net]; NEURAL_SPAM_LONG(0.51)[0.512,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.01)[ip: (0.06), ipnet: 69.59.192.0/19(0.03), asn: 13868(0.01), country: US(-0.07)] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Mar 2019 12:19:50 -0000 > Bjoern A. Zeeb wrote: > [stuff snipped] > I wrote: > >> So, is this still recommended for blocks of code that only execute for > >> the version > >> of IP, but will build for kernels that do not have the particular > >> "options INET{6}" > >> in the kernel config? > > > >Yes. > Ok, I'll do it. Thank you > >> If it is still recommended, I will do it, but I'll admit I don't > >> understand why it should > >> be done? (All it does is reduce the size of the executable by a small > >> amount and > >> that doesn't seem significant to me.) > > > >That small amount is still relevant on some devices where people go to > >great lengths to fit our constantly growing base into a tiny small > >thingy. > I doubt NFS gets squeezed into such devices and, yes, it is a small amount. > Using source line counts via "wc" (ir includes comments, etc): > - This will reduce the # of lines by about 6 for a module of about 7700 lines > which is loaded when either the nfscl or nfsserver modules are loaded. > (These are both about 25000 lines and require the krpc, which is another 10000. > I haven't included the Kerberos stuff, because I can't remember if that gets loaded > unless Kerberos mounts get used.) > --> A savings of 6 lines in something like 43000. That means that nfsusrd is an extremly well behaved ipv4/ipv6 agnostic deamon that only takes a small change to make it able to run as either v4/v6 as a single stack or dual stacked, at a cost that also sounds minial, even if it took an #ifdef for each of these lines that is only 6 in 43000 lines of code, which is a small cost. The same analysis on other code probably comes out no place near this. Also didnt this use to use a unix domain? Could the unix domain be put back and knobbed so that I could actually run this without it doing the localnet thing at all? I know that it had issues as the socket is in /tmp and if /tmp isnt a right type file system, etc... But some of us do know that and do run with a /tmp that would support AF_UNIX type nfsusrd. If it takes 6 lines of ifdef to do v4 vs v6, how many lines of ifdef is it to add AF_UNIX back and make it run time choice? (Goes looking for more Nomex clothing :-) > >And it allows you to lose code from your kernel that you don?t > >need/want, such as if you?d want to rip out all INET sources from a > >tree. > Ok, I can buy into this argument. I doubt I'll see IPv4 removed in my lifetime, but > it does document where the code is. > (In Canada, network providers only give out IPv4 addresses to end users, from > what I've seen.) > > >I know both of these groups still do exist. > > > >Also every code not compiled in is not an attack surface, where you > >think it?s executed or not. > > rick -- Rod Grimes rgrimes@freebsd.org