From owner-freebsd-stable@FreeBSD.ORG Wed Jan 9 17:07:20 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id B1386209 for ; Wed, 9 Jan 2013 17:07:20 +0000 (UTC) (envelope-from ume@mahoroba.org) Received: from mail.mahoroba.org (ent.mahoroba.org [IPv6:2001:2f0:104:8010::1]) by mx1.freebsd.org (Postfix) with ESMTP id D1C43F56 for ; Wed, 9 Jan 2013 17:07:19 +0000 (UTC) Received: from yuga.mahoroba.org (ume@yuga-m.mahoroba.org [IPv6:2001:2f0:104:8016:7258:12ff:fe22:d94b]) (user=ume mech=DIGEST-MD5 bits=0) by mail.mahoroba.org (8.14.6/8.14.6) with ESMTP/inet6 id r09H7ClV064504 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 10 Jan 2013 02:07:13 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Thu, 10 Jan 2013 02:07:05 +0900 Message-ID: From: Hajimu UMEMOTO To: Ben Morrow Subject: Re: sendmail vs ipv6 broken after upgrade to 9.1 In-Reply-To: <20130109162900.GA81522@anubis.morrow.me.uk> References: <20130108151837.GF35868@acme.spoerlein.net> <50EC5922.5030600@boland.org> <20130108184051.GI35868@acme.spoerlein.net> <20130109.073354.730245417155474512.hrs@allbsd.org> <20130109162900.GA81522@anubis.morrow.me.uk> User-Agent: xcite1.60> Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?ISO-2022-JP-2?B?R29qGyQoRCtXGyhC?=) APEL/10.8 Emacs/24.2 (i386-portbld-freebsd9.1) MULE/6.0 (HANACHIRUSATO) X-Operating-System: FreeBSD 9.1-STABLE X-PGP-Key: http://www.mahoroba.org/~ume/publickey.asc X-PGP-Fingerprint: 1F00 0B9E 2164 70FC 6DC5 BF5F 04E9 F086 BF90 71FE MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (mail.mahoroba.org [IPv6:2001:2f0:104:8010::1]); Thu, 10 Jan 2013 02:07:13 +0900 (JST) X-Virus-Scanned: clamav-milter 0.97.6 at asuka.mahoroba.org X-Virus-Status: Clean X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on asuka.mahoroba.org Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 17:07:20 -0000 Hi, >>>>> On Wed, 9 Jan 2013 16:29:00 +0000 >>>>> Ben Morrow said: ben> Where does it say that? All I can find (but I might be being stupid) is ben> the bit in the description of AI_ALL where it says 'A query is first ben> made for AAAA records and if successful, the IPv6 addresses are ben> returned. Another query is then made for A records and any found are ben> returned as IPv4-mapped IPv6 addresses.'. I don't believe that is meant ben> to indicate the AAAA results are returned first in the list, just that ben> both sets of results are included. It is the sentence you mentioned. It was not thought those days that a query order and an order of the value to return were another. So, I think that it implies the order of the value to return. ben> Also, RFC 6724 (which is more recent), says 'we intend that ben> implementations of APIs such as getaddrinfo() will use the destination ben> address selection algorithm specified here to sort the list of IPv6 and ben> IPv4 addresses that they return.'. AFAICS 'APIs such as getaddrinfo()' ben> is supposed to include getipnodebyname and gethostbyname2, and the whole ben> list of v4 and v6 addresses is supposed to be sorted by those rules. I thought so at the time when I implemented it. However, getipnodebyname has IPv4-mapped addresses issue as compared with getaddrinfo. Since gethostbyname2 doesn't treat multiple families at once, it is out of scope, IMHO. gethostbyname2 in FreeBSD doesn't obey ip6addrctl. ben> However, given that FreeBSD disables the use of v4-mapped addresses on ben> AF_INET6 sockets by default, it might be sensible to change the rules a ben> little. An application making an AF_INET6 query is probably going to use ben> the result with an AF_INET6 socket, so a v4-mapped address is going to ben> be mostly useless. There is IPV6_V6ONLY socket option. Still, an application has two choices: - convert IPv4-mapped address to IPv4 address, or - issue IPV6_V6ONLY socket option. In anyway, I think it is important that an application conscious of using the IPv4-mapped address. > I've just committed to disable it: > > http://svnweb.freebsd.org/base?view=revision&revision=245225 ben> I don't think that's the right answer. Even if the code should be ben> changed to always return addresses from A records last, the IPv6 ben> addresses from AAAA records should still be sorted according to ben> ip6addrctl. Otherwise sites with multiple prefixes (say, a ULA prefix ben> and a global prefix) won't be able to control their use properly. getipnodebyname was deprecated by RFC 3493 and appropriate time has passed since then. So, it is low-priority, IMHO. Sincerely, -- Hajimu UMEMOTO ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.mahoroba.org/~ume/