src/sys/netinet6/in6_ifattach.h - view

Return to in6_ifattach.h CVS log

Up to [local] / src / sys / netinet6

File: [local] / src / sys / netinet6 / in6_ifattach.h (download)

Revision 1.10, Wed Aug 21 15:32:18 2019 UTC (4 years, 9 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE, OPENBSD_7_5, OPENBSD_7_4_BASE, OPENBSD_7_4, OPENBSD_7_3_BASE, OPENBSD_7_3, OPENBSD_7_2_BASE, OPENBSD_7_2, OPENBSD_7_1_BASE, OPENBSD_7_1, OPENBSD_7_0_BASE, OPENBSD_7_0, OPENBSD_6_9_BASE, OPENBSD_6_9, OPENBSD_6_8_BASE, OPENBSD_6_8, OPENBSD_6_7_BASE, OPENBSD_6_7, OPENBSD_6_6_BASE, OPENBSD_6_6, HEAD
Changes since 1.9: +1 -2 lines

    Remove support for semantically opace interface identifiers (RFC 7217)
    for IPv6 link local addresses.

    Some hosting and VM providers route customer IPv6 prefixes to link
    local addresses derived from ethernet MAC addresses (RFC 2464). This
    leads to hard to debug IPv6 connectivity problems and is probably not
    worth the effort.

    RFC 7721 lists 4 weaknesses:

    3.1. Correlation of Activities over Time & 3.2. Location Tracking
    These are still possible with RFC 7217 addresses for an adversary
    connected to the same layer 2 network (think conference wifi). Since
    the link local prefix stays the same (fe80::/64) the link local
    addresses do not change between different networks.
    An adversary on the same layer 2 network can probably track ethernet
    MAC addresses via different means, too.

    3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation
    These now become possible, however, as noted above a layer 2 adversary
    was probably able to do this via different means.

    People concerned with these weaknesses are advised to use
    ifconfig lladdr random.
OK benno
input & OK kn

/*	$OpenBSD: in6_ifattach.h,v 1.10 2019/08/21 15:32:18 florian Exp $	*/
/*	$KAME: in6_ifattach.h,v 1.9 2000/04/12 05:35:48 itojun Exp $	*/

/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef _NETINET6_IN6_IFATTACH_H_
#define _NETINET6_IN6_IFATTACH_H_

#ifdef _KERNEL
int in6_ifattach(struct ifnet *);
void in6_ifdetach(struct ifnet *);
int in6_ifattach_linklocal(struct ifnet *, struct in6_addr *);
#endif /* _KERNEL */

#endif /* _NETINET6_IN6_IFATTACH_H_ */