From owner-freebsd-net@freebsd.org Sat Oct 12 09:33:05 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9490B1500B7 for ; Sat, 12 Oct 2019 09:33:05 +0000 (UTC) (envelope-from roy@marples.name) Received: from relay2.marples.name (relay2.marples.name [IPv6:2a00:da00:1800:80d6::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay2.marples.name", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46r0406S2yz3Hrj for ; Sat, 12 Oct 2019 09:33:04 +0000 (UTC) (envelope-from roy@marples.name) Received: from mail.marples.name (cpc115040-bour7-2-0-cust370.15-1.cable.virginm.net [81.108.15.115]) by relay2.marples.name (Postfix) with ESMTPS id 6807E7A0 for ; Sat, 12 Oct 2019 09:32:57 +0000 (UTC) Received: from [10.73.1.30] (unknown [10.73.1.30]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.marples.name (Postfix) with ESMTPSA id ABAEC1CD553; Sat, 12 Oct 2019 10:31:15 +0100 (BST) Subject: Re: DHCPv6 client in base To: Hiroki Sato Cc: woodsb02@gmail.com, hrs@freebsd.org, freebsd-net@freebsd.org, driesm.michiels@gmail.com References: <20191012.044034.19725945241254130.hrs@allbsd.org> <20191012.110455.1650077722278454495.hrs@allbsd.org> From: Roy Marples Message-ID: Date: Sat, 12 Oct 2019 10:32:54 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20191012.110455.1650077722278454495.hrs@allbsd.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 46r0406S2yz3Hrj X-Spamd-Bar: / X-Spamd-Result: default: False [-0.99 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[marples.name:s=mail]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:relay2.marples.name:c]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; TAGGED_RCPT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; NEURAL_HAM_MEDIUM(-0.90)[-0.897,0]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[marples.name:+]; DMARC_POLICY_ALLOW(-0.50)[marples.name,quarantine]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.40)[asn: 8560(2.04), country: DE(-0.01)]; ASN(0.00)[asn:8560, ipnet:2a00:da00::/32, country:DE]; FREEMAIL_CC(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; SUSPICIOUS_RECIPS(1.50)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Oct 2019 09:33:05 -0000 On 12/10/2019 03:04, Hiroki Sato wrote: > I emphasize again here that people who want to use dhcpcd are still > able to install net/dhcpcd and override a combination of utilities > such as rtsold. Ditto for ISC's IPv6-capable dhclient. My opinion > about the import is that if we adopt dhcpcd in the base system, we > should replace all of the current dhclient for IPv4 and rtsold > together. Of course we should consider it will need Capsicum or > privsep for sandboxing and involve a bigger impact for IPv4 users at > least. I agree with what you say entirely - and I would imagine similar work would be needed for any DHCP6 client. I have no idea how privsep or Capsicum should work under dhcpcd (I have zero knowledge in these areas) and would welcome any discussion to move this forwards. For privsep, would it be enough to open ports, drop privs, read the message, validate the message and then send it to the root process? Or is there something more expected? Roy