From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 08:20:39 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A5B63A9E for ; Wed, 27 Aug 2014 08:20:39 +0000 (UTC) Received: from bravo.jonathanprice.org (bravo.jonathanprice.org [5.135.154.174]) by mx1.freebsd.org (Postfix) with ESMTP id 6777B3284 for ; Wed, 27 Aug 2014 08:20:39 +0000 (UTC) Received: by bravo.jonathanprice.org (Postfix, from userid 58) id 5AABB1E67; Wed, 27 Aug 2014 08:20:38 +0000 (UTC) Received: from mail.jonathanprice.org (bravo.jonathanprice.org [5.135.154.174]) by bravo.jonathanprice.org (Postfix) with ESMTPSA id 06B4E1E61; Wed, 27 Aug 2014 08:20:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=jonathanprice.org; s=default; t=1409127636; bh=CB3ibd/JjWTZZn2Oep9dTqc5tJ42yxRWsC7PCL2/7WI=; h=Date:From:Subject:To:Cc:In-Reply-To:References; b=N0PuWsJUOlt20Wbq+PZS7nY7A9lUICJhGLKDTS4zPye4DxnD1Mp5t/RoIvkiWXtbl 4J7Cr3tiiHpc24BnUbqyYDjiebTQVYJvi8O6D1ylF3K8dqtbOAEEja8Y7MBjZJdXfD pufXL1q6OK+6astrzr9/88S/NCZ8fs8pi+2E8WTY= Mime-Version: 1.0 Date: Wed, 27 Aug 2014 08:20:35 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: Quoted-Printable Message-ID: <2c1d74944371a4be730ff1b666489467@mail.jonathanprice.org> X-Mailer: RainLoop/1.6.8.153 From: freebsd@jonathanprice.org Subject: Re: Should I be using ipv6_activate_all_interfaces or ip6addrctl_policy="ipv6_prefer" To: "Kevin Oberman" In-Reply-To: References: <88a42e1006e3fac7508a9419e342f1b2@mail.jonathanprice.org> <2173103.SJdXL7NPLT@overcee.wemm.org> <53FD7B34.1050408@jonathanprice.org> Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2014 08:20:39 -0000 > While doubting Peter's networking answers is usually foolish, I think t= his=0A> one is at least a bit misleading. As he says,=0A> ipv6_activate_a= ll_interfaces=3D"YES" will set all interfaces on the system to=0A> -ifdis= able which, since it is an IPv6 option, will enable IPv6 on all=0A> inter= faces. NO will disable IPv6 on all interfaces.=0A> =0A> But it is related= to ipaddrctl_policy as it will set ipaddrctl_policy to=0A> "ipv6_prefer"= if no explicit setting overrides it.=0A> =0A> So IPv6 is working, and "s= sh -6" does use IPv6. I'd still like to see the=0A> output of ip6addrctl.= It should look like:=0A> ::1/128 50 0=0A> ::/0 40 1=0A> ::ffff:0:0/96 35= 4=0A> 2002::/16 30 2=0A> 2001::/32 5 5=0A> fc00::/7 3 13=0A> ::/96 1 3= =0A> fec0::/10 1 11=0A> 3ffe::/16 1 12=0A> =0A> For more explanation, loo= k at /etc/rc.d/ip6addrctl and /etc/network.subr.=0A> =0A> The list of pre= fixes set by it should match what I list above. If=0A> 'ipv6_activate_all= _interfaces=3D"NO"', or ipaddrctl_policy=3D"ipv4_prefer",=0A> you should = get:=0A> ::1/128 50 0=0A> ::/0 40 1=0A> ::ffff:0:0/96 100 4=0A> 2002::/16= 30 2=0A> 2001::/32 5 5=0A> fc00::/7 3 13=0A> ::/96 1 3=0A> fec0::/10 1 1= 1=0A> 3ffe::/16 1 12=0A> =0A> Any other output indicates manual setting o= f the policy. the "magic" is the=0A> precedence of ::ffff:0:0/96 which is= an odd way of saying IPv4.=0A> I generally recommend ipv6_activate_all.= =0A> =0A> Now I fear Peter will explain how I have misread the code.=0A= =0APlease excuse me if I'm wrong, but I think ipv6_activate_all_interface= s=3D"NO" only=0Aifdisable's interfaces which don't explicitly have an ifc= onfig_IF_ipv6 line. Partly=0Abecause it's set to NO by default, and partl= y because of the following extract from=0A/etc/defaults/rc.conf:=0A=0A"If= NO, interfaces which have no corresponding $ifconfig_IF_ipv6 is marked a= s IFDISABLED for security reason."=0A=0AThis being the case, what exactly= does the ifdisable stop the interface doing if it=0Adoesn't have an addr= ess anyway?=0A=0AYes, I'd also noticed /etc/rc.d/ip6addrctl, that's actua= lly what got me curious about=0Athis in the first place, as I could essen= tially achieve my desired effect with both =0Aipv6_activate_all_interface= s=3D"YES" and ip6addrctl_policy=3D"ipv6_prefer".=0A=0ASure, below is the = output of ip6addrctl from a server without either tunable (meaning,=0Abot= h were removed from rc.conf completely):=0A=0APrefix = Prec Label Use=0A::1/128 50 0 = 0=0A::/0 40 1 90=0A::ffff:0.0.= 0.0/96 100 4 0=0A2002::/16 = 30 2 0=0A2001::/32 5 5 = 0=0Afc00::/7 3 13 0=0A::/96 = 1 3 0=0Afec0::/10 = 1 11 0=0A3ffe::/16 1 12 0= =0A=0ABelow is the output of ip6addrctl after rebooting with just "ipv6_a= ctivate_all_interfaces=3DYES"=0A=0APrefix Prec L= abel Use=0A::1/128 50 0 0=0A::/= 0 40 1 68=0A::ffff:0.0.0.0/96 = 35 4 0=0A2002::/16 30 = 2 0=0A2001::/32 5 5 0=0Afc00::= /7 3 13 0=0A::/96 = 1 3 0=0Afec0::/10 1 11 = 0=0A3ffe::/16 1 12 0=0A=0AAnd fi= nally, below is the output of ip6addrctl after rebooting with just ip6add= rctl_policy=3D"ipv6_prefer"=0A=0APrefix Prec Lab= el Use=0A::1/128 50 0 0=0A::/0 = 40 1 72=0A::ffff:0.0.0.0/96 = 35 4 0=0A2002::/16 30 2 = 0=0A2001::/32 5 5 0=0Afc00::/7= 3 13 0=0A::/96 = 1 3 0=0Afec0::/10 1 11 = 0=0A3ffe::/16 1 12 0=0A=0ASo that = does prove that, at least for the purposes of ip6addrctl, the two tunable= s are performing=0Athe same function.