On Tue, May 17, 2016 at 09:26:58AM -0600, Theo de Raadt wrote: > > Does it need the ifdef? It's standard ipv6 api.. > > It is risk, all gigantic risk. > > Anyone who enables that will (not..) discover that their pf rulesets > are wrong. >
IPV6_V6ONLY and net.inet6.ip6.v6only have no effect in OpenBSD. The setsockopt does fail if you try to set it to a different value than the sysctl. So there is no additional risk here because OpenBSD denied early on the double usage of IPv6 sockets for IPv4 connections. But I doubt this justifies that we add the compat goo (which is missing from all the other daemons as well). -- :wq Claudio
