Date: Wed, 27 Feb 2019 17:58:44 -0800 (PST) From: "Rodney W. Grimes" <freebsd@pdx.rh.CN85.dnsmgr.net> To: "Bjoern A. Zeeb" <bz@FreeBSD.org> Cc: Rick Macklem <rmacklem@uoguelph.ca>, FreeBSD Net <freebsd-net@FreeBSD.org>, rgrimes@FreeBSD.org Subject: Re: use of #ifdef INET and #ifdef INET6 in the kernel sources Message-ID: <201902280158.x1S1wi7s053904@pdx.rh.CN85.dnsmgr.net> In-Reply-To: <8EDE90B3-0C33-47B5-88D8-964B131AEE2E@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 28 Feb 2019, at 1:11, Rick Macklem wrote:
>
> > I thought (can't remember when/how I was told) that it was no longer
> > recommended to add
> > #ifdef INET
> > or
> > #ifdef INET6
> > to the kernel sources.
>
> Not sure who said this.
>
> > I'll admit I think #ifdef'ng code when it isn't necessary to get it to
> > build makes the
> > code less readable and, as such, I prefer not to do this.
>
> We all agree on this.
>
>
> > So, is this still recommended for blocks of code that only execute for
> > the version
> > of IP, but will build for kernels that do not have the particular
> > "options INET{6}"
> > in the kernel config?
>
> Yes.
>
>
> > If it is still recommended, I will do it, but I'll admit I don't
> > understand why it should
> > be done? (All it does is reduce the size of the executable by a small
> > amount and
> > that doesn't seem significant to me.)
>
> That small amount is still relevant on some devices where people go to
> great lengths to fit our constantly growing base into a tiny small
> thingy.
Yep Most ISP's are still not delivering ipv6 to the home in
the USA. Using a tunnel protocol instead.
> And it allows you to lose code from your kernel that you don?t
> need/want, such as if you?d want to rip out all INET sources from a
> tree.
I buildworld, not just the kernel, without INET6 for all of
my ipv4 only node areas. I know I am a mintory there, but
there are probably others.
>
> I know both of these groups still do exist.
>
> Also every code not compiled in is not an attack surface, where you
> think it?s executed or not.
This last reason is/was a prevelent one for me for a long time,
diven ipv6 is trying to autoconfigure stuff and interfaces
just get a link local address that is reachable that I would
have to secure. Its was/is a royal pita to do that for lots of
machines.
Am I missing something in there is just some way to turn off the
link local ipv6 address?
For people in the ipv6 only world disabling the ipv4 code is
the right thing to do as well. In the future this would become
the default and the ipv4 bits shall rot, break and then be
removed.
> /bz
--
Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902280158.x1S1wi7s053904>