[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


> [...]
> 	Yes, this is VERY confusing.  however, they are different, and here we
> 	are talking about the former, not the latter.

In that case the following from kame source tree's IMPLEMENTATION file:


        Connection of IPv6 Domains via IPv4 Clouds without Explicit Tunnels
    * "stf" interface implements it.  Be sure to read the next item before
      configuring it, there are security issues.
        Possible abuse against IPv6 transition technologies
    * KAME does not implement RFC1933/2893 automatic tunnel.
    * "stf" interface implements some address filters.  Refer to stf(4)
      for details.  Since there's no way to make 6to4 interface 100% secure,
      we do not include "stf" interface into GENERIC.v6 compilation.
    * kame/openbsd completely disables IPv4 mapped address support.
    * kame/netbsd makes IPv4 mapped address support off by default.
    * See section 1.12.6 and 1.14 for more details.


Security issues will obviously make OpenBSD suspicious about implementing
them and hence they have disabled this stf interface.