Re: Forward: HEADS UP! Default value of ip6_v6only changed
Hajimu UMEMOTO <[EMAIL PROTECTED]> wrote: > Our default of net.inet6.ip6.v6only was off in 4.X, and was changed to > on on 5.X to follow NetBSD's practice. This behavior on 5.X breaks > RFC2553/3493, and the change was intentional from security > consideration. But, NetBSD changed it off by default. They have changed back. http://mail-index.netbsd.org/tech-net/2003/11/03/.html -- Christian "naddy" Weisgerber [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Forward: HEADS UP! Default value of ip6_v6only changed
Michael Nottebrock wrote: Christian Weisgerber wrote: If we ship with a default of v6only off, then people will not fix software to open two sockets. This in turn means that turning v6only on will break this software. I find the notion of making people "fix" their software to not rely on RFC-defined behaviour problematic. I'm actually glad to see NetBSD reversed their unfortunate decision regarding the default (and OpenBSD's stunt of not even providing a knob is very evil indeed). 100% agreed here. The standard exists for a reason. If people find the standard problematic (in fact I concur with Itojun's analysis about IPv4-mapped addresses), they should voice in the appropriate forum to fix the standard rather than just ignore the standard and implement things in their own way, which only creates and/or worsens the compatibility nightmare. (Another test knob into GNU autoconf. Sad.) It's not like IETF RFC's are particularly hard to amend, either, at least compared to other standarization bodies. IETF and its folks are *very* open and flexible IMHO. Eugene ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Forward: HEADS UP! Default value of ip6_v6only changed
I wrote: I find the notion of making people "fix" their software to not rely on RFC-defined behaviour problematic. I'm actually glad to see NetBSD reversed their unfortunate decision regarding the default (and OpenBSD's stunt of not even providing a knob is very evil indeed). I understand that itojun would like to see this aspect of RFC2553 amended. I don't know what the prospects of this happening are on the IETF level. FWIW, I wonder if the publication of http://bulk.fefe.de/scalability/, especially the paragraph: "OpenBSD also caused a lot of grief on the IPv6 front. The OpenBSD guys intentionally broke their IPv6 stack to not allow IPv4 connections to and from IPv6 sockets using the IPv4 mapped addresses that the IPv6 standard defines for thus purpose. I find this behaviour of pissing on internet standards despicable and unworthy of free operating systems." has inspired NetBSD's move. :-) -- ,_, | Michael Nottebrock | [EMAIL PROTECTED] (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org pgp0.pgp Description: PGP signature
Re: Forward: HEADS UP! Default value of ip6_v6only changed
Christian Weisgerber wrote: If we ship with a default of v6only off, then people will not fix software to open two sockets. This in turn means that turning v6only on will break this software. I find the notion of making people "fix" their software to not rely on RFC-defined behaviour problematic. I'm actually glad to see NetBSD reversed their unfortunate decision regarding the default (and OpenBSD's stunt of not even providing a knob is very evil indeed). I understand that itojun would like to see this aspect of RFC2553 amended. I don't know what the prospects of this happening are on the IETF level. Not too bad, IMHO. The IETF really is the place for this decision to be made and the knob should reflect current standards. Flipping the default when a revised RFC is published would be the right thing to do. -- ,_, | Michael Nottebrock | [EMAIL PROTECTED] (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org pgp0.pgp Description: PGP signature
Re: Forward: HEADS UP! Default value of ip6_v6only changed
On Tue, Oct 28, 2003 at 11:51:59PM +, Christian Weisgerber wrote: > Hajimu UMEMOTO <[EMAIL PROTECTED]> wrote: > > > Our default of net.inet6.ip6.v6only was off in 4.X, and was changed to > > on on 5.X to follow NetBSD's practice. This behavior on 5.X breaks > > RFC2553/3493, and the change was intentional from security > > consideration. But, NetBSD changed it off by default. > > OpenBSD's behavior is equivalent to v6only on, and OpenBSD doesn't > even provide a knob. > > Note that the default choice has a major impact on 3rd party software > (ports). If we ship with a default of v6only off, then people will > not fix software to open two sockets. This in turn means that > turning v6only on will break this software. I predict that a good > many people will then consider the v6only option to be useless. I can second this. The first time I noticed this mistake in self written software was when I tested it on NetBSD, where the default was already to v6only while FreeBSD still had it off. -- B.Walter BWCThttp://www.bwct.de [EMAIL PROTECTED] [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Forward: HEADS UP! Default value of ip6_v6only changed
Hajimu UMEMOTO <[EMAIL PROTECTED]> wrote: > Our default of net.inet6.ip6.v6only was off in 4.X, and was changed to > on on 5.X to follow NetBSD's practice. This behavior on 5.X breaks > RFC2553/3493, and the change was intentional from security > consideration. But, NetBSD changed it off by default. OpenBSD's behavior is equivalent to v6only on, and OpenBSD doesn't even provide a knob. Note that the default choice has a major impact on 3rd party software (ports). If we ship with a default of v6only off, then people will not fix software to open two sockets. This in turn means that turning v6only on will break this software. I predict that a good many people will then consider the v6only option to be useless. I understand that itojun would like to see this aspect of RFC2553 amended. I don't know what the prospects of this happening are on the IETF level. -- Christian "naddy" Weisgerber [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Forward: HEADS UP! Default value of ip6_v6only changed
Hajimu UMEMOTO wrote: > > Hi, > > Our default of net.inet6.ip6.v6only was off in 4.X, and was changed to > on on 5.X to follow NetBSD's practice. This behavior on 5.X breaks > RFC2553/3493, and the change was intentional from security > consideration. But, NetBSD changed it off by default. > How do you think our default of on? As long as it is documented well, and the workaround (setting the IPV6_V6ONLY sockopt "off") is referenced, I don't think it really matters. Application programmers realize they have *some* work to do when porting applications to V6. A single sockopt call is not unreasonable. I think "on" for the security reasons outlined is the right call - it will at least make people think about those issues, and most would not without something bringing it up. (That said, it would be nice if NetBSD would pick a direction and keep it.) jeff ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Forward: HEADS UP! Default value of ip6_v6only changed
Hi, Our default of net.inet6.ip6.v6only was off in 4.X, and was changed to on on 5.X to follow NetBSD's practice. This behavior on 5.X breaks RFC2553/3493, and the change was intentional from security consideration. But, NetBSD changed it off by default. How do you think our default of on? --- Begin Message --- The default value of ip6_v6only (sysctl net.inet6.ip6.v6only) has been changed. The new value brings us closer in line with current RFC-defined behavior and practices. Itojun still has significant concerns about the new default behavior. His concerns have been well-documented in ftp://ftp.itojun.org/pub/paper/draft-cmetz-v6ops-v4mapped-api-harmful-00.txt Best Regards, NetBSD OS PMC (core) -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED],jp.}FreeBSD.org http://www.imasy.org/~ume/ --- End Message --- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"