From owner-freebsd-net@freebsd.org  Thu Feb 28 01:58:48 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D60BE150F234
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Thu, 28 Feb 2019 01:58:47 +0000 (UTC)
 (envelope-from freebsd@pdx.rh.CN85.dnsmgr.net)
Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 055DE6E630;
 Thu, 28 Feb 2019 01:58:46 +0000 (UTC)
 (envelope-from freebsd@pdx.rh.CN85.dnsmgr.net)
Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1])
 by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id x1S1wivV053905;
 Wed, 27 Feb 2019 17:58:45 -0800 (PST)
 (envelope-from freebsd@pdx.rh.CN85.dnsmgr.net)
Received: (from freebsd@localhost)
 by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id x1S1wi7s053904;
 Wed, 27 Feb 2019 17:58:44 -0800 (PST) (envelope-from freebsd)
From: "Rodney W. Grimes" <freebsd@pdx.rh.CN85.dnsmgr.net>
Message-Id: <201902280158.x1S1wi7s053904@pdx.rh.CN85.dnsmgr.net>
Subject: Re: use of #ifdef INET and #ifdef INET6 in the kernel sources
In-Reply-To: <8EDE90B3-0C33-47B5-88D8-964B131AEE2E@FreeBSD.org>
To: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Wed, 27 Feb 2019 17:58:44 -0800 (PST)
CC: Rick Macklem <rmacklem@uoguelph.ca>, FreeBSD Net <freebsd-net@FreeBSD.org>,
 rgrimes@FreeBSD.org
Reply-To: rgrimes@FreeBSD.org
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Rspamd-Queue-Id: 055DE6E630
X-Spamd-Bar: ++
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [2.73 / 15.00]; ARC_NA(0.00)[];
 HAS_REPLYTO(0.00)[rgrimes@FreeBSD.org];
 RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[];
 NEURAL_SPAM_SHORT(0.90)[0.896,0]; FROM_HAS_DN(0.00)[];
 MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[];
 DMARC_NA(0.00)[dnsmgr.net]; AUTH_NA(1.00)[];
 REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; RCVD_COUNT_THREE(0.00)[3];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[cached: pdx.rh.CN85.dnsmgr.net];
 NEURAL_SPAM_LONG(0.79)[0.794,0];
 NEURAL_SPAM_MEDIUM(0.14)[0.140,0]; R_SPF_NA(0.00)[];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US];
 MID_RHS_MATCH_FROM(0.00)[];
 IP_SCORE(0.01)[ip: (0.06), ipnet: 69.59.192.0/19(0.03), asn: 13868(0.01),
 country: US(-0.07)]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 01:58:48 -0000

> On 28 Feb 2019, at 1:11, Rick Macklem wrote:
> 
> > I thought (can't remember when/how I was told) that it was no longer
> > recommended to add
> > #ifdef INET
> > or
> > #ifdef INET6
> > to the kernel sources.
> 
> Not sure who said this.
> 
> > I'll admit I think #ifdef'ng code when it isn't necessary to get it to 
> > build makes the
> > code less readable and, as such, I prefer not to do this.
> 
> We all agree on this.
> 
> 
> > So, is this still recommended for blocks of code that only execute for 
> > the version
> > of IP, but will build for kernels that do not have the particular 
> > "options INET{6}"
> > in the kernel config?
> 
> Yes.
> 
> 
> > If it is still recommended, I will do it, but I'll admit I don't 
> > understand why it should
> > be done? (All it does is reduce the size of the executable by a small 
> > amount and
> > that doesn't seem significant to me.)
> 
> That small amount is still relevant on some devices where people go to 
> great lengths to fit our constantly growing base into a tiny small 
> thingy.

Yep  Most ISP's are still not delivering ipv6 to the home in
the USA.  Using a tunnel protocol instead.

> And it allows you to lose code from your kernel that you don?t 
> need/want, such as if you?d want to rip out all INET sources from a 
> tree.

I buildworld, not just the kernel, without INET6 for all of
my ipv4 only node areas.  I know I am a mintory there, but
there are probably others.

> 
> I know both of these groups still do exist.
> 
> Also every code not compiled in is not an attack surface, where you 
> think it?s executed or not.

This last reason is/was a prevelent one for me for a long time,
diven ipv6 is trying to autoconfigure stuff and interfaces
just get a link local address that is reachable that I would
have to secure.  Its was/is a royal pita to do that for lots of
machines.

Am I missing something in there is just some way to turn off the
link local ipv6 address?

For people in the ipv6 only world disabling the ipv4 code is
the right thing to do as well.  In the future this would become
the default and the ipv4 bits shall rot, break and then be
removed.

> /bz
-- 
Rod Grimes                                                 rgrimes@freebsd.org