From owner-freebsd-net@FreeBSD.ORG Sat Jun 29 13:58:01 2013 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 13626768 for ; Sat, 29 Jun 2013 13:58:01 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.allbsd.org (gatekeeper.allbsd.org [IPv6:2001:2f0:104:e001::32]) by mx1.freebsd.org (Postfix) with ESMTP id 8BC271757 for ; Sat, 29 Jun 2013 13:58:00 +0000 (UTC) Received: from alph.d.allbsd.org (p3086-ipbf906funabasi.chiba.ocn.ne.jp [122.26.46.86]) (authenticated bits=128) by mail.allbsd.org (8.14.5/8.14.5) with ESMTP id r5TDvb3f063185 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 29 Jun 2013 22:57:48 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) (authenticated bits=0) by alph.d.allbsd.org (8.14.5/8.14.5) with ESMTP id r5TDvZib094097; Sat, 29 Jun 2013 22:57:37 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Sat, 29 Jun 2013 22:56:03 +0900 (JST) Message-Id: <20130629.225603.1610787044468429534.hrs@allbsd.org> To: jinmei@isc.org Subject: Re: Making net.inet6.ip6.v6only=0 default From: Hiroki Sato In-Reply-To: References: X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.5 on Emacs 24.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart(Sat_Jun_29_22_56_03_2013_155)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.97.4 at gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (mail.allbsd.org [133.31.130.32]); Sat, 29 Jun 2013 22:57:48 +0900 (JST) X-Spam-Status: No, score=-89.6 required=13.0 tests=CONTENT_TYPE_PRESENT, DIRECTOCNDYN, DYN_PBL, ISO2022JP_BODY, ONLY1HOPDIRECT, RCVD_IN_PBL, SAMEHELOBY2HOP, USER_IN_WHITELIST autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on gatekeeper.allbsd.org Cc: freebsd-net@FreeBSD.org, feld@feld.me X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Jun 2013 13:58:01 -0000 ----Security_Multipart(Sat_Jun_29_22_56_03_2013_155)-- Content-Type: Text/Plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit JINMEI Tatuya / 神明達哉 wrote in : ji> > So I guess the question is: what do we do? It looks like we're in ji> > violation of both RFC 3493, Section 5.3 and POSIX 2008, Volume 2, Section ji> > 2.10.20*. ji> ji> ...aside from what FreeBSD should do for ip6.v6only, I personally ji> believe that realistically this issue should be resolved at the ji> application side, i.e., explicitly set the IPV6_V6ONLY socket option ji> to 1 and use both AF_INET (for IPv4) and AF_INET6 (for IPv6, and only ji> for IPv6) sockets. As far as I know this is the most portable ji> behavior. Regarding the rwhois case, I'd first suggest updating the ji> patch with this socket option setting. Hopefully it can be accepted ji> by the upstream because it's most portable. If they still reject it ji> because "it's against the standard" (and even if it's less portable in ji> reality), my next suggestion is to explicitly set the IPV6_V6ONLY ji> socket option to 0. This setting is "redundant" in the sense of ji> standard purity, but hopefully less controversial for those preferring ji> the standard compliance as it only requires a small change and will ji> make it still more portable. ji> ji> Going back to the question of what FreeBSD should do for ip6.v6only: ji> Personally, I'd still suggest keeping the same default because I agree ji> this behavior is sufficiently safer (as noted above) *and* there'll ji> be portability issues anyway (OSes using the different default ji> "religiously" will never change it). But I also understand the ji> argument that standard compliance is more important than debatable ji> safety. In either case, it would help if we provide detailed ji> discussion for the description of this sysctl knob. Agreed. Honestly my patch was not intended for upstream because it was too aggressive (for them). Explicitly dropping IPV6_V6ONLY may be acceptable. I am also for keeping the sysctl knob. Except for Java, most of applications which run on FreeBSD have survived with it. In addition to the points already mentioned, I do not like s/AF_INET/AF_INET6/ replacement like rwhoisd does, and I believe this kind of network programs should be implemented in an AF-independent fashion, not depending on AF_INET6, and handle each available AF separately. It prevents issues in corner cases. -- Hiroki ----Security_Multipart(Sat_Jun_29_22_56_03_2013_155)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (FreeBSD) iEYEABECAAYFAlHO53MACgkQTyzT2CeTzy3UGQCgx0fPK9zvJl0Fj9/7GIR2ACCW an8AnjxpcFqJTIYcidp5JqcKiAtHFuFe =g1GY -----END PGP SIGNATURE----- ----Security_Multipart(Sat_Jun_29_22_56_03_2013_155)----