Date: Tue, 28 Oct 2003 08:40:19 -0700 From: "Jeff W. Boote" <boote@internet2.edu> To: Hajimu UMEMOTO <ume@mahoroba.org> Cc: net@FreeBSD.org Subject: Re: Forward: HEADS UP! Default value of ip6_v6only changed Message-ID: <3F9E8DE3.61A5D814@internet2.edu> References: <20031028063802.GC10818@canolog.ninthwonder.com> <yge65i94i7t.wl%ume@mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hajimu UMEMOTO wrote: > > Hi, > > Our default of net.inet6.ip6.v6only was off in 4.X, and was changed to > on on 5.X to follow NetBSD's practice. This behavior on 5.X breaks > RFC2553/3493, and the change was intentional from security > consideration. But, NetBSD changed it off by default. > How do you think our default of on? As long as it is documented well, and the workaround (setting the IPV6_V6ONLY sockopt "off") is referenced, I don't think it really matters. Application programmers realize they have *some* work to do when porting applications to V6. A single sockopt call is not unreasonable. I think "on" for the security reasons outlined is the right call - it will at least make people think about those issues, and most would not without something bringing it up. (That said, it would be nice if NetBSD would pick a direction and keep it.) jeff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F9E8DE3.61A5D814>