sys/netinet6/in6_proto.c: net.inet6.ip6.v6only=1 by default

看板DFBSD_submit作者hrs.時間21年前 (2005/01/01 08:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/2 (看更多)

----Security_Multipart0(Sat_Jan__1_08_19_58_2005_414)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Sat_Jan__1_08_19_58_2005_006)--" Content-Transfer-Encoding: 7bit ----Next_Part(Sat_Jan__1_08_19_58_2005_006)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, Here is a patch to set net.inet6.ip6.v6only=1 by default (this means IPv4-mapped IPv6 address is disabled). I think IPv4-mapped IPv6 address just makes things complicated and disabling it by default does not have any harmful influence. ----Next_Part(Sat_Jan__1_08_19_58_2005_006)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ip6_proto.c.diff" Set ip6_v6only=1 by default. The administrators who want to use IPv4-mapped IPv6 address should tweak the sysctl manually with knowledge of the security concerns. References: KAME: kame/sys/netinet6/in6_proto.c 1.151 FreeBSD: sys/netinet6/in6_proto.c 1.18 ftp://ftp.itojun.org/pub/paper/draft-itojun-v6ops-v4mapped-harmful-01.txt Index: in6_proto.c =================================================================== RCS file: /cvs/src/sys/netinet6/in6_proto.c,v retrieving revision 1.6 diff -d -u -I\$FreeBSD:.*\$ -I\$NetBSD:.*\$ -I\$OpenBSD:.*\$ -I\$DragonFly:.*\$ -I\$Id:.*\$ -I\$hrs:.*\$ -r1.6 in6_proto.c --- in6_proto.c 15 Oct 2004 22:59:10 -0000 1.6 +++ in6_proto.c 31 Dec 2004 01:16:30 -0000 @@ -298,7 +298,7 @@ int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ int ip6_rr_prune = 5; /* router renumbering prefix * walk list every 5 sec. */ -int ip6_v6only = 0; +int ip6_v6only = 1; u_int32_t ip6_id = 0UL; int ip6_keepfaith = 0; ----Next_Part(Sat_Jan__1_08_19_58_2005_006)---- ----Security_Multipart0(Sat_Jan__1_08_19_58_2005_414)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBB1d6eTyzT2CeTzy0RAmEeAKCEFrWPUZtXLvRZW9L7qDzrvijigQCfSpmH aw8CLoqZSy/Wf9kvynSEtX4= =QhPJ -----END PGP SIGNATURE----- ----Security_Multipart0(Sat_Jan__1_08_19_58_2005_414)----

‣ 返回看板[ DFBSD_submit ] DBSD

‣ 更多 hrs. 的文章

文章代碼(AID): #11rUX300 (DFBSD_submit)

討論串 (同標題文章)

完整討論串 (本文為第 1 之 2 篇)：

排序：最新先 | 最舊先 | 留言數

Re: sys/netinet6/in6_proto.c: net.inet6.ip6.v6only=1 by default Re: sys/netinet6/in6_proto.c: net.inet6.ip6.v6only=1 by default

hsu.

21年前, 01/04

sys/netinet6/in6_proto.c: net.inet6.ip6.v6only=1 by default sys/netinet6/in6_proto.c: net.inet6.ip6.v6only=1 by default

hrs.

21年前, 01/01

在新視窗開啟完整討論串 (共2篇)

‣ 返回看板[ DFBSD_submit ] DBSD

‣ 更多 hrs. 的文章

文章代碼(AID): #11rUX300 (DFBSD_submit)