Date: Wed, 27 Aug 2014 11:42:55 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: Jonathan Price <freebsd@jonathanprice.org> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Should I be using ipv6_activate_all_interfaces or ip6addrctl_policy="ipv6_prefer" Message-ID: <CAN6yY1vU_aQKhhoKXGPSRQJSPSvz-mqeh3GFkkCg50irbpk-3A@mail.gmail.com> In-Reply-To: <2c1d74944371a4be730ff1b666489467@mail.jonathanprice.org> References: <88a42e1006e3fac7508a9419e342f1b2@mail.jonathanprice.org> <2173103.SJdXL7NPLT@overcee.wemm.org> <53FD7B34.1050408@jonathanprice.org> <CAN6yY1uxft_3cTkWV8NTnOai-928DnS3uW-XyD3BwcCvjBKeQw@mail.gmail.com> <2c1d74944371a4be730ff1b666489467@mail.jonathanprice.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 27, 2014 at 1:20 AM, <freebsd@jonathanprice.org> wrote: > > While doubting Peter's networking answers is usually foolish, I think > this > > one is at least a bit misleading. As he says, > > ipv6_activate_all_interfaces="YES" will set all interfaces on the system > to > > -ifdisable which, since it is an IPv6 option, will enable IPv6 on all > > interfaces. NO will disable IPv6 on all interfaces. > > > > But it is related to ipaddrctl_policy as it will set ipaddrctl_policy to > > "ipv6_prefer" if no explicit setting overrides it. > > > > So IPv6 is working, and "ssh -6" does use IPv6. I'd still like to see the > > output of ip6addrctl. It should look like: > > ::1/128 50 0 > > ::/0 40 1 > > ::ffff:0:0/96 35 4 > > 2002::/16 30 2 > > 2001::/32 5 5 > > fc00::/7 3 13 > > ::/96 1 3 > > fec0::/10 1 11 > > 3ffe::/16 1 12 > > > > For more explanation, look at /etc/rc.d/ip6addrctl and /etc/network.subr. > > > > The list of prefixes set by it should match what I list above. If > > 'ipv6_activate_all_interfaces="NO"', or ipaddrctl_policy="ipv4_prefer", > > you should get: > > ::1/128 50 0 > > ::/0 40 1 > > ::ffff:0:0/96 100 4 > > 2002::/16 30 2 > > 2001::/32 5 5 > > fc00::/7 3 13 > > ::/96 1 3 > > fec0::/10 1 11 > > 3ffe::/16 1 12 > > > > Any other output indicates manual setting of the policy. the "magic" is > the > > precedence of ::ffff:0:0/96 which is an odd way of saying IPv4. > > I generally recommend ipv6_activate_all. > > > > Now I fear Peter will explain how I have misread the code. > > Please excuse me if I'm wrong, but I think > ipv6_activate_all_interfaces="NO" only > ifdisable's interfaces which don't explicitly have an ifconfig_IF_ipv6 > line. Partly > because it's set to NO by default, and partly because of the following > extract from > /etc/defaults/rc.conf: > > "If NO, interfaces which have no corresponding $ifconfig_IF_ipv6 is marked > as IFDISABLED for security reason." > > This being the case, what exactly does the ifdisable stop the interface > doing if it > doesn't have an address anyway? > > I was over-simplifying and, as you state, any interface explicitly configured for IPv6 will have IPv6 disabled. Those with explicit IPv6 configuration will not be disabled. Most end-user systems are NOT configured with an address. In most cases SLAAC (and, perhaps DHCPv6) along with things like NDP and RTSOL do allof hte configuration. If ipv6_activate_)all_interfaces is NO, only explicitly configured interfaces will run IPv6. If it i YES, any interface with no explicit configuration will auto-configure and run IPv6. The system I am typing this on is entirely auto-configured as are almost all Windows systems running 7 or 8. (Maybe Vista, too. Don't recall.) -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vU_aQKhhoKXGPSRQJSPSvz-mqeh3GFkkCg50irbpk-3A>