From owner-freebsd-arch@FreeBSD.ORG  Tue Oct 28 07:40:23 2003
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2B36F16A4CF; Tue, 28 Oct 2003 07:40:23 -0800 (PST)
Received: from basie.internet2.edu (basie.internet2.edu [207.75.164.22])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 38E3543F85; Tue, 28 Oct 2003 07:40:22 -0800 (PST)
	(envelope-from boote@internet2.edu)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by basie.internet2.edu (Postfix) with ESMTP
	id A36353F8; Tue, 28 Oct 2003 10:40:21 -0500 (EST)
Received: from internet2.edu (unknown [127.0.0.1])
	by basie.internet2.edu (Postfix) with ESMTP
	id 2B8AC32A; Tue, 28 Oct 2003 10:40:20 -0500 (EST)
Message-ID: <3F9E8DE3.61A5D814@internet2.edu>
Date: Tue, 28 Oct 2003 08:40:19 -0700
From: "Jeff W. Boote" <boote@internet2.edu>
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Hajimu UMEMOTO <ume@mahoroba.org>
References: <20031028063802.GC10818@canolog.ninthwonder.com>
	<yge65i94i7t.wl%ume@mahoroba.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by mail.internet2.edu virus scanner
cc: arch@FreeBSD.org
cc: current@FreeBSD.org
cc: net@FreeBSD.org
Subject: Re: Forward: HEADS UP!  Default value of ip6_v6only changed
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2003 15:40:23 -0000

Hajimu UMEMOTO wrote:
> 
> Hi,
> 
> Our default of net.inet6.ip6.v6only was off in 4.X, and was changed to
> on on 5.X to follow NetBSD's practice.  This behavior on 5.X breaks
> RFC2553/3493, and the change was intentional from security
> consideration.  But, NetBSD changed it off by default.
> How do you think our default of on?

As long as it is documented well, and the workaround (setting the
IPV6_V6ONLY sockopt "off") is referenced, I don't think it really
matters. Application programmers realize they have *some* work to do
when porting applications to V6. A single sockopt call is not
unreasonable. I think "on" for the security reasons outlined is the
right call - it will at least make people think about those issues, and
most would not without something bringing it up. (That said, it would be
nice if NetBSD would pick a direction and keep it.)

jeff