On Fri, May 16, 2014 at 12:43:52AM -0500, Todd T. Fries wrote: > Penned by Henning Brauer on 20140516 0:26.37, we have: > | * Claudio Jeker <cje...@diehard.n-r-g.com> [2014-05-15 09:33]: > | > On Wed, May 14, 2014 at 11:29:20PM +0200, Henning Brauer wrote: > | > > so as discussed recently having the inet6 link-local addrs on every > | > > interface by default is stupid and a security risk. > | > > > | > > this diff fixes that. well, really two independent parts. > | > > one: set the NOINET6 flag by default on each and every interface. > | > > two: implement "ifconfig <if> +inet6" to turn inet6 on and assign > | > > the link-local addr. > | > > > | > > this should be transparent for almost all real use cases of inet6 > | > > since assigning any inet6 address also resets the flag (and ll is > | > > assigned then as well). > | > > lo0 still gets it's ::1 and fe80::1%lo0 by default. > | > > > | > > the only use case that needs config adoption: people ONLY using > | > > link-local, they will need to put +inet6 in the corresponding > | > > hostname.if file. > | > > > | > > ok? > | > > | > To be honest the right fix would be to get rid of IFXF_NOINET6 and > | > just make it the default. There is no need for such a flag anymore. > | > | very valid point, I'll happily clean that up right after - one thing > | at a time. > > When I travel between networks.. at home with rtsol capable networks .. > and at e.g. a library that does not have native IPv6 .. I find it invaluable > to 'zzz' then upon resume 'ifconfig wpi0 -inet6' for the library and then > 'rtsol wpi0' at home. > > Just because the new default will be the equivalent of 'ifconfig wpi0 -inet6' > until configured doesn't mean there isn't a use for clearing it later on as > well. > > I wish there were an equivalent for IPv4, but at least dhclient clears the old > address on 'ifconfig wpi0 down' ... >
I did not talk about -inet6 but about the kernel IFXF_NOINET6 flag. It is not needed to use a flag on the interface for this. Instead we handle it all when creating / removing IPv6 addresses on the interface. In the long run I would like to have a -inet as well so that you can remove all IPv4 addresses of an interface in a easy way. -- :wq Claudio