From nobody Mon Jun 26 10:28:03 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QqPF434RVz4k6jJ; Mon, 26 Jun 2023 10:28:08 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QqPF42TXRz3pnl; Mon, 26 Jun 2023 10:28:08 +0000 (UTC) (envelope-from bz@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687775288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Diw0fGC69BcjBSBy5gtCqinSA7Wodil3Ru8qAXhZIq4=; b=wzgPRsxBSuLWSs5EQIHYRnr60xCb5K+q5G9Yw5Vf8STvjvZu+BfRZa3pu+QYUXZ3o4VEvv NUfkIiI10JoQUCWf0wceI26Fwmqh7wazYdqTzY6UOCcZZ/kZDaK+PNP5B+TWehBR4/nPGg Rcw0ERuYKgpJVE4wZFTuhwHhpDIXTjm5k9wwQg4g8LnsdqOKr2MZK2bcYcZtwmaEQi1KYr NnsWe4z4XQ2wys2ids4twn+aRgb6xw0iRiv+0p4ADvu4Ju5H+MWVnaKKj2uiUEpWLQJR/7 pIWE7QEltrMJxRzRFuMgN8fWV5BZVPEvPCI21lrMjHzDTilfbOIrkov5XBo4Wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687775288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Diw0fGC69BcjBSBy5gtCqinSA7Wodil3Ru8qAXhZIq4=; b=c9TrpD6CdjYYyrYoE3qxgBCjT8pFS9vRh6NSgPMJtslJ7boewtV2RQWaVRm+m9va/+xHe9 fn7eqclwu1CeZUA3cDrUQT5BH3rB1AHSHfA3tTIamAcQeCEhj43xRLgrZzS6P2krHc1+sb wgddPawO5q/Fr4fOPnzVUaBqnMvAdX3TpphsOt7W0k28THtFXniMCw9tj9v/wsbJJC/Z9I xZcIeApgRprivwVfY13OQ8fALgzBw1b3nug/3GlZgj69GpnGfyPafy4sTplZjy0owujgzb 1crbn8SugNPL/Mg3iEgfo6T4dGcsM7OJE+MLluQuZLg6+YADJoPMGSPwTcs6KA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687775288; a=rsa-sha256; cv=none; b=u9CGYPFTddiwMtJoEHyoDb7QBDn6bMdQK3xHPM7HyX3nSMf70+0BtuYvBDnsJCxX70uhnj MgzNo0G2bS4qufi4zS+4j3cMNaQ3ewVZnEnQawRaimGmpMCUJWJKM51Yinj/YtBeHAXf+P X83lCUiluJBoExMCfkbq5fFAWiTDvEee1Bm8kctOAaVCBHEcVZKmJRWUIITwlCPWg/6nqW A4q9B5zRsiwbyuRB3SES3NXBOLkEt+dMq/mB+RErFm20yxBo99pckjB1wkdZ0GB+qHrxpy 95ll/FZvDoiP4TbNT/V3MNuulFH7uBh/Kxelqz5Hq/xM94luKGaq/7Bjp7E7sA== Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:13b:39f::9f:25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE Root Certificate Authority" (not verified)) (Authenticated sender: bz/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4QqPF4097kzsWD; Mon, 26 Jun 2023 10:28:08 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:1025]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id B24618D4A17C; Mon, 26 Jun 2023 10:28:06 +0000 (UTC) Received: from content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id EFD515C3A831; Mon, 26 Jun 2023 10:28:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:4902:0:7404:2:1025]) by content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (amavisd-new, port 10024) with ESMTP id 0FEdHoM2nKOi; Mon, 26 Jun 2023 10:28:04 +0000 (UTC) Received: from strong-iwl0.sbone.de (strong-iwl0.sbone.de [IPv6:fde9:577b:c1a9:4902:b66b:fcff:fef3:e3d2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id E44535C3A82F; Mon, 26 Jun 2023 10:28:03 +0000 (UTC) Date: Mon, 26 Jun 2023 10:28:03 +0000 (UTC) From: "Bjoern A. Zeeb" To: Ed Maste cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: b73183d1a243 - main - ipv6: disable RFC 4620 nodeinfo by default In-Reply-To: <202304261748.33QHmA7N034068@gitrepo.freebsd.org> Message-ID: <7q923q7s-381n-7537-qq21-18r104s319on@SerrOFQ.bet> References: <202304261748.33QHmA7N034068@gitrepo.freebsd.org> X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-ThisMailContainsUnwantedMimeParts: N On Wed, 26 Apr 2023, Ed Maste wrote: Hi, sorry for the late reply. > The branch main has been updated by emaste: > > URL: https://cgit.FreeBSD.org/src/commit/?id=b73183d1a243d486e3889bd71800e94812f5fa17 > > commit b73183d1a243d486e3889bd71800e94812f5fa17 > Author: Ed Maste > AuthorDate: 2023-04-24 19:41:45 +0000 > Commit: Ed Maste > CommitDate: 2023-04-26 17:47:59 +0000 > > ipv6: disable RFC 4620 nodeinfo by default > > RFC 4620 is an experimental RFC that can be used to request information > about a host, including: > > - the fully-qualified or single-component name > - some set of the Responder's IPv6 unicast addresses > - some set of the Responder's IPv4 unicast addresses > > This is not something that should be made available by default. 187069853c6565693b82dc7d2d31de68c2be32c2 already added the flag to not reply to global addresses (see nd6_input check). So by default we were only replying to loopback and link-local. Finding the slides of the talk mentioned in the PR was informational material (advise) only but no real problem shown. The Apple problem is slightly different and I wonder (a) if replying fqdn is considered not a problem still, and (b) is we do interface validation for sending out (link-local) ICMPv6 replies? Has OpenBSD changed it from 1 to 0 as well by now? If we have any doubts I would highly suggest to also handle the default case: around sys/netinet6/icmp6.c line 1404 some better as I assume that with the current code not having spent much time reading it, it is still possible to get the "FQDN" by sending an unknown qtype? Would be nice to have a test case for that... > PR: 257709 > Submitted by: ruben@verweg.com > Reviewed by: melifaro > Relnotes: Yes > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D39778 > --- > sys/netinet6/in6_proto.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c > index 971b61c74899..557edaf2e7e1 100644 > --- a/sys/netinet6/in6_proto.c > +++ b/sys/netinet6/in6_proto.c > @@ -193,8 +193,7 @@ VNET_DEFINE(int, icmp6_rediraccept) = 1;/* accept and process redirects */ > VNET_DEFINE(int, icmp6_redirtimeout) = 10 * 60; /* 10 minutes */ > VNET_DEFINE(int, icmp6errppslim) = 100; /* 100pps */ > /* control how to respond to NI queries */ > -VNET_DEFINE(int, icmp6_nodeinfo) = > - (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK); > +VNET_DEFINE(int, icmp6_nodeinfo) = 0; > VNET_DEFINE(int, icmp6_nodeinfo_oldmcprefix) = 1; > > VNET_DEFINE_STATIC(int, ip6_log_interval) = 5; > -- Bjoern A. Zeeb r15:7