| From: | Hiroki Sato <hrs@xxxxxxxxxx> |
| Date: | Sat, 01 Jan 2005 08:19:58 +0900 (JST) |
Hi, Here is a patch to set net.inet6.ip6.v6only=1 by default (this means IPv4-mapped IPv6 address is disabled). I think IPv4-mapped IPv6 address just makes things complicated and disabling it by default does not have any harmful influence.
Set ip6_v6only=1 by default. The administrators who want to use IPv4-mapped IPv6 address should tweak the sysctl manually with knowledge of the security concerns. References: KAME: kame/sys/netinet6/in6_proto.c 1.151 FreeBSD: sys/netinet6/in6_proto.c 1.18 ftp://ftp.itojun.org/pub/paper/draft-itojun-v6ops-v4mapped-harmful-01.txt Index: in6_proto.c =================================================================== RCS file: /cvs/src/sys/netinet6/in6_proto.c,v retrieving revision 1.6 diff -d -u -I\$FreeBSD:.*\$ -I\$NetBSD:.*\$ -I\$OpenBSD:.*\$ -I\$DragonFly:.*\$ -I\$Id:.*\$ -I\$hrs:.*\$ -r1.6 in6_proto.c --- in6_proto.c 15 Oct 2004 22:59:10 -0000 1.6 +++ in6_proto.c 31 Dec 2004 01:16:30 -0000 @@ -298,7 +298,7 @@ int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ int ip6_rr_prune = 5; /* router renumbering prefix * walk list every 5 sec. */ -int ip6_v6only = 0; +int ip6_v6only = 1; u_int32_t ip6_id = 0UL; int ip6_keepfaith = 0;
Attachment:
pgp00001.pgp
Description: PGP signature