On my systems, where I rebuild "world" by hand, I usually disable INET6
(WITHOUT_INET6 is documented in src.conf(5)) -- because it is still a waste on
today's Internet with most ISPs.
Unfortunately, this effectively disables tools like nmap, which use an
expression like:
Packet capture filter (device lo0): dst host 127.0.0.1 and (icmp *or icmp6*
or ((tcp or udp or sctp) and (src host 127.0.0.1)))
for many (most?) scans. The problem is, libpcap simply refuses to recognize the
INET6-related tokens (like the icmp6 above), unless INET6 is defined at compile
time:
Error compiling our pcap filter: *icmp6 not supported*
In addition to disabling nmap, this also prevents a non-INET6 machine to be used
to examine a network dump obtained from an INET6-using host -- by tcpdump or any
other libpcap-using tool.
Unlike other utilities, which expect INET6 support from libc, libpcap can be
compiled with -DINET6 by itself. I'd say, it should be built this way --
unconditionally:
--- Makefile (revision 240899)
+++ Makefile (working copy)
@@ -90,9 +90,7 @@
CFLAGS+=-DHAVE_CONFIG_H -Dyylval=pcapyylval -I${.CURDIR} -I.
CFLAGS+=-D_U_="__attribute__((unused))"
CFLAGS+=-DHAVE_SNPRINTF -DHAVE_VSNPRINTF
-.if ${MK_INET6_SUPPORT} != "no"
CFLAGS+=-DINET6
-.endif
.if ${MK_PF} != "no"
CFLAGS+=-DHAVE_NET_PFVAR_H
.endif
Yours,
-mi
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
