Date: Mon, 05 Apr 2010 16:04:16 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: freebsd-current@FreeBSD.org Subject: Re: ipv6_enable Message-ID: <20100405.160416.107652240.hrs@allbsd.org> In-Reply-To: <4BB95564.1070604@FreeBSD.org> References: <20100404053352.E6F751CC13@ptavv.es.net> <20100404.184141.03733377.hrs@allbsd.org> <4BB95564.1070604@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Mon_Apr__5_16_04_16_2010_540)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Doug Barton <dougb@FreeBSD.org> wrote in <4BB95564.1070604@FreeBSD.org>: do> On 04/04/10 02:41, Hiroki Sato wrote: do> > "Kevin Oberman" <oberman@es.net> wrote do> > in <20100404053352.E6F751CC13@ptavv.es.net>: do> > do> > ob> The use of FACILITY_enable in rc.conf predates /etc/rc.d scripts and I do> > ob> see no reason not to use them to enable or disable functionality whether do> > ob> it involves a script in rc.d or not. The idea is to have a clear, do> > ob> obvious way to enable or disable functionality. I see nothing in Hiroki's do> > ob> proposal that is nearly as clear and to the point as 'ipv6_enable'. do> > do> > Another reason I lean to not using xxx_enable is that an rc.d knob do> > cannot control enabling/disabling the IPv6 functionality actually. do> > It was true even when we were using the network_ipv6 script. do> do> But that's equally true of how you're using ipv6_prefer. :) You've do> basically just moved the overloading of 2 of the 3 previous functions of do> ipv6_enable to ipv6_prefer. I am suggesting that we split all 3 do> functions into different knobs. No, the current ipv6_prefer=NO has nothing to do with disabling IPv6. It is just related to source address selection and a seatbelt for IPv4-only people. I do not think I just moved the old functions. Let me explain how these changes happened. As I explained earlier, I added $ipv6_prefer to *enable IPv6 by default*. IPv6 needs some configuration even if you do not use IPv4 when the kernel supports it, and skipping all of IPv6 configuration in the old rc.d/network_ipv6 script caused another problems. So, I thought it was possible to enable IPv6 by default and initialize the functionality with reasonable default parameters. This parameters included "disable ACCEPT_RTADV by default", which is one of the topics we are discussing now. After I moved the initialization outside of the $ipv6_enable, then I noticed that the rest which should be inside of the $ipv6_enable is IPv6 GUA address assignments and routing settings only. Here I stepped further; I changed the disabling feature of $ipv6_enable into "whether an IPv6 address is assigned or not". That was the whole story. The old rc.d/network_ipv6 had a lot more for IPv6 configuration in the $ipv6_enable conditional clause and ipv6_enable=NO meant to disable them, too. This is a big difference. The new ipv6_enable in your patch is not the same in this regard. Well, I can understand and agree that people want a handy knob to disable IPv6. I think it is more constructive for this discussion to be more specific what should be disabled, then. I am still not sure what you and other people mean by "disable IPv6". My opinion is "ipv6_enable=NO" should mean disabling IPv6 functionality completely. I do not want to call a knob just to ignore ifconfig_IF_ipv6 lines as "ipv6_enable" as well as do not want to disable IPv6 functionality completely by default. So I am interested in what people want more precisely. -- Hiroki ----Security_Multipart(Mon_Apr__5_16_04_16_2010_540)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEABECAAYFAku5i3AACgkQTyzT2CeTzy3ZpACfbA+xpauXCH9nTfHuZcS45JRZ UhMAnjcH2Ql0uKRF4qy4sfiNGHRrMw6U =s7gB -----END PGP SIGNATURE----- ----Security_Multipart(Mon_Apr__5_16_04_16_2010_540)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100405.160416.107652240.hrs>