Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Oct 2003 08:40:19 -0700
From:      "Jeff W. Boote" <boote@internet2.edu>
To:        Hajimu UMEMOTO <ume@mahoroba.org>
Cc:        net@FreeBSD.org
Subject:   Re: Forward: HEADS UP!  Default value of ip6_v6only changed
Message-ID:  <3F9E8DE3.61A5D814@internet2.edu>
References:  <20031028063802.GC10818@canolog.ninthwonder.com> <yge65i94i7t.wl%ume@mahoroba.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hajimu UMEMOTO wrote:
> 
> Hi,
> 
> Our default of net.inet6.ip6.v6only was off in 4.X, and was changed to
> on on 5.X to follow NetBSD's practice.  This behavior on 5.X breaks
> RFC2553/3493, and the change was intentional from security
> consideration.  But, NetBSD changed it off by default.
> How do you think our default of on?

As long as it is documented well, and the workaround (setting the
IPV6_V6ONLY sockopt "off") is referenced, I don't think it really
matters. Application programmers realize they have *some* work to do
when porting applications to V6. A single sockopt call is not
unreasonable. I think "on" for the security reasons outlined is the
right call - it will at least make people think about those issues, and
most would not without something bringing it up. (That said, it would be
nice if NetBSD would pick a direction and keep it.)

jeff



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F9E8DE3.61A5D814>