On 2016/05/17 17:42, Claudio Jeker wrote: > On Tue, May 17, 2016 at 09:26:58AM -0600, Theo de Raadt wrote: > > > Does it need the ifdef? It's standard ipv6 api.. > > > > It is risk, all gigantic risk. > > > > Anyone who enables that will (not..) discover that their pf rulesets > > are wrong. > > > > IPV6_V6ONLY and net.inet6.ip6.v6only have no effect in OpenBSD. The > setsockopt does fail if you try to set it to a different value than the > sysctl. So there is no additional risk here because OpenBSD denied early > on the double usage of IPv6 sockets for IPv4 connections.
Exactly, it is forcing other OS to do the same thing that OpenBSD is doing in the cases where they don't do it by default. > But I doubt this justifies that we add the compat goo (which is > missing from all the other daemons as well). Whether it's in base or in portable it needs to go somewhere.
