From owner-freebsd-net@FreeBSD.ORG Wed Aug 27 18:42:56 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D23E2D5A for ; Wed, 27 Aug 2014 18:42:56 +0000 (UTC) Received: from mail-ig0-x231.google.com (mail-ig0-x231.google.com [IPv6:2607:f8b0:4001:c05::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9C17A399A for ; Wed, 27 Aug 2014 18:42:56 +0000 (UTC) Received: by mail-ig0-f177.google.com with SMTP id hn18so858851igb.16 for ; Wed, 27 Aug 2014 11:42:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=t0tv59Kc5D7VqLbhutOGL+IysmB1Qrio6ZFwJK5akks=; b=H2TlttaCPCiIf7VHkBW5iTB0GQlgeozVzgbJB9gCfHOX+/qnfub/sunETp9CzLeIZN Ev/jkqz8MT+YxHOhenTeZ+QJ3YWxs00urvJeFN4n2WbPSkJyGqcoFglPpRoYaN7PJ7yE gEJHIVne1M89iBy3fTo/e7o2TZ7N++O+4HaeKI/V3tRbuWWRNGMyah7i/KNg5QU0mvdL Eph9Ky3v2bWTspRh4Yp22SNDOVD0a6dIqiRq39lDI3bSmH3EH3XC0tFMXAEGpLsiAnkR FYnUOcuF5jkTV/Nnt3ZD6a/tkiUebHxz760BMbH8vMjYQrLRENKkMrFMpR0yuXTm0RlC p3Og== MIME-Version: 1.0 X-Received: by 10.50.152.9 with SMTP id uu9mr31994566igb.32.1409164975967; Wed, 27 Aug 2014 11:42:55 -0700 (PDT) Sender: kob6558@gmail.com Received: by 10.107.163.148 with HTTP; Wed, 27 Aug 2014 11:42:55 -0700 (PDT) In-Reply-To: <2c1d74944371a4be730ff1b666489467@mail.jonathanprice.org> References: <88a42e1006e3fac7508a9419e342f1b2@mail.jonathanprice.org> <2173103.SJdXL7NPLT@overcee.wemm.org> <53FD7B34.1050408@jonathanprice.org> <2c1d74944371a4be730ff1b666489467@mail.jonathanprice.org> Date: Wed, 27 Aug 2014 11:42:55 -0700 X-Google-Sender-Auth: biiIoiEUtAMvfsIsl-5wa8D0m5w Message-ID: Subject: Re: Should I be using ipv6_activate_all_interfaces or ip6addrctl_policy="ipv6_prefer" From: Kevin Oberman To: Jonathan Price Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2014 18:42:56 -0000 On Wed, Aug 27, 2014 at 1:20 AM, wrote: > > While doubting Peter's networking answers is usually foolish, I think > this > > one is at least a bit misleading. As he says, > > ipv6_activate_all_interfaces="YES" will set all interfaces on the system > to > > -ifdisable which, since it is an IPv6 option, will enable IPv6 on all > > interfaces. NO will disable IPv6 on all interfaces. > > > > But it is related to ipaddrctl_policy as it will set ipaddrctl_policy to > > "ipv6_prefer" if no explicit setting overrides it. > > > > So IPv6 is working, and "ssh -6" does use IPv6. I'd still like to see the > > output of ip6addrctl. It should look like: > > ::1/128 50 0 > > ::/0 40 1 > > ::ffff:0:0/96 35 4 > > 2002::/16 30 2 > > 2001::/32 5 5 > > fc00::/7 3 13 > > ::/96 1 3 > > fec0::/10 1 11 > > 3ffe::/16 1 12 > > > > For more explanation, look at /etc/rc.d/ip6addrctl and /etc/network.subr. > > > > The list of prefixes set by it should match what I list above. If > > 'ipv6_activate_all_interfaces="NO"', or ipaddrctl_policy="ipv4_prefer", > > you should get: > > ::1/128 50 0 > > ::/0 40 1 > > ::ffff:0:0/96 100 4 > > 2002::/16 30 2 > > 2001::/32 5 5 > > fc00::/7 3 13 > > ::/96 1 3 > > fec0::/10 1 11 > > 3ffe::/16 1 12 > > > > Any other output indicates manual setting of the policy. the "magic" is > the > > precedence of ::ffff:0:0/96 which is an odd way of saying IPv4. > > I generally recommend ipv6_activate_all. > > > > Now I fear Peter will explain how I have misread the code. > > Please excuse me if I'm wrong, but I think > ipv6_activate_all_interfaces="NO" only > ifdisable's interfaces which don't explicitly have an ifconfig_IF_ipv6 > line. Partly > because it's set to NO by default, and partly because of the following > extract from > /etc/defaults/rc.conf: > > "If NO, interfaces which have no corresponding $ifconfig_IF_ipv6 is marked > as IFDISABLED for security reason." > > This being the case, what exactly does the ifdisable stop the interface > doing if it > doesn't have an address anyway? > > I was over-simplifying and, as you state, any interface explicitly configured for IPv6 will have IPv6 disabled. Those with explicit IPv6 configuration will not be disabled. Most end-user systems are NOT configured with an address. In most cases SLAAC (and, perhaps DHCPv6) along with things like NDP and RTSOL do allof hte configuration. If ipv6_activate_)all_interfaces is NO, only explicitly configured interfaces will run IPv6. If it i YES, any interface with no explicit configuration will auto-configure and run IPv6. The system I am typing this on is entirely auto-configured as are almost all Windows systems running 7 or 8. (Maybe Vista, too. Don't recall.) -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com