From b73183d1a243d486e3889bd71800e94812f5fa17 Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Mon, 24 Apr 2023 15:41:45 -0400 Subject: [PATCH] ipv6: disable RFC 4620 nodeinfo by default RFC 4620 is an experimental RFC that can be used to request information about a host, including: - the fully-qualified or single-component name - some set of the Responder's IPv6 unicast addresses - some set of the Responder's IPv4 unicast addresses This is not something that should be made available by default. PR: 257709 Submitted by: ruben@verweg.com Reviewed by: melifaro Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D39778 --- sys/netinet6/in6_proto.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 971b61c7489..557edaf2e7e 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -193,8 +193,7 @@ VNET_DEFINE(int, icmp6_rediraccept) = 1;/* accept and process redirects */ VNET_DEFINE(int, icmp6_redirtimeout) = 10 * 60; /* 10 minutes */ VNET_DEFINE(int, icmp6errppslim) = 100; /* 100pps */ /* control how to respond to NI queries */ -VNET_DEFINE(int, icmp6_nodeinfo) = - (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK); +VNET_DEFINE(int, icmp6_nodeinfo) = 0; VNET_DEFINE(int, icmp6_nodeinfo_oldmcprefix) = 1; VNET_DEFINE_STATIC(int, ip6_log_interval) = 5;