Am Tuesday, den 03.07.2018, 14:20 +0200 schrieb Stefan Sperling:
> "RFC 7359" should be mentioned since
> it provides a wealth of context the man page cannot provide [..]
> It might also make sense to add a brief sentence in DESCRIPTION which
> already
> lists other related RFCs.
It as it is not the main functionality, I would not put it more
prominently as IKEv2, ISAKMP and IKE. That STANDARDS mentions only the
first one is IMHO alright.
>
> If iked.conf doesn't mention this behaviour, it probably should.
>
> I'm only making a fuss because this is not the first time I have seen
> someone stumble over this as an "issue"
Some mention in the debug output might help also:
Index: sbin/iked/pfkey.c
===================================================================
RCS file: /cvs/src/sbin/iked/pfkey.c,v
retrieving revision 1.59
diff -u -p -u -r1.59 pfkey.c
--- sbin/iked/pfkey.c 27 Nov 2017 18:39:35 -0000 1.59
+++ sbin/iked/pfkey.c 3 Jul 2018 12:54:30 -0000
@@ -1550,6 +1550,7 @@ pfkey_init(struct iked *env, int fd)
return;
/* Block all IPv6 traffic by default */
+ log_info("%s: blocking all IPv6 traffic by default", __func__);
pfkey_blockipv6 = 1;
if (pfkey_block(fd, AF_INET6, SADB_X_ADDFLOW))
fatal("pfkey_init: failed to block IPv6 traffic");
