From owner-freebsd-net@FreeBSD.ORG Sun Jul 20 09:04:14 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3C86C7F0; Sun, 20 Jul 2014 09:04:14 +0000 (UTC) Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id E4496216F; Sun, 20 Jul 2014 09:04:13 +0000 (UTC) Received: from mx.elandsys.com (IDENT:logan@localhost [127.0.0.1]) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s6K94B29029089 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 20 Jul 2014 02:04:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1405847052; x=1405933452; bh=brfb1nXTiwlY0ctuR3fSu6AAbS9nX4m6leTIiy/7Jsc=; h=Date:From:To:Cc:Subject; b=cXvFWSCVNYO+RgLccMnZ/IoUQtvvG8QP/ieVZOw9fyqbVC17n+mYJOGLe2N9eF9pP kHa0+DfCx2lSqkRZ82x7V60znUb3iVnUbfuq2tkL8jkgWxquI9/PqcD3c5fZ3Ah8U3 DNmqvK9T3XTfKmwwAOkQrBaPfLtE4a6LfELPXYlc= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1405847052; x=1405933452; i=@elandsys.com; bh=brfb1nXTiwlY0ctuR3fSu6AAbS9nX4m6leTIiy/7Jsc=; h=Date:From:To:Cc:Subject; b=mJ+CwQbuw0F7QdB7T5GVF4piIs8evmbk8+17KrMf3qysQJlWYscJabeSoCxqyc2SI LJfJXL25QTwGuTrudoyzNPLgF7WoTkmbM5yva+FXs/wZThOt2OGy113oQ1IyNLja2G xhossvg0Ko63qvY4jYy1f0Wo2L9LMpnCVmSV9gRo= Received: (from logan@localhost) by mx.elandsys.com (8.14.5/8.14.5/Submit) id s6K94APn007850; Sun, 20 Jul 2014 02:04:10 -0700 (PDT) X-Authentication-Warning: mx.elandsys.com: logan set sender to logan@elandsys.com using -f Date: Sun, 20 Jul 2014 02:04:10 -0700 From: Loganaden Velvindron To: freebsd-net@freebsd.org Subject: IPv6 nodeinfo default behaviour Message-ID: <20140720090410.GA7990@mx.elandsys.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Cc: gnn@freebsd.org, bz@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2014 09:04:14 -0000 Hi guys, OpenBSD recently removed support for RFC 4620 from their kernel completely. The default value is 3 in FreeBSD. According to the RFC: Security Considerations This protocol shares the security issues of ICMPv6 that are documented in the "Security Considerations" section of [5]. This protocol has the potential of revealing information useful to a would-be attacker. An implementation of this protocol MUST have a default configuration that refuses to answer queries from global- scope [3] addresses. I suggest that we switch to 0 by default to be more RFC compliant. Before I send the patch, I would like to get feedback. Kind regards, //Logan C-x-C-c