Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 09 Dec 2013 13:54:11 -0800
From:      Peter Wemm <peter@wemm.org>
To:        Hiroki Sato <hrs@FreeBSD.org>, peter@FreeBSD.org
Cc:        svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org
Subject:   Re: svn commit: r259094 - head/etc/rc.d
Message-ID:  <52A63C03.2030201@wemm.org>
In-Reply-To: <20131209.175119.597284254662875353.hrs@allbsd.org>
References:  <201312080555.rB85tu8W016979@svn.freebsd.org> <20131209.175119.597284254662875353.hrs@allbsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--80MvP1J1bf8dafClPrLbqErNKV2LKHNw9
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 12/9/13, 12:51 AM, Hiroki Sato wrote:
> Hi Peter,
>=20
> Peter Wemm <peter@FreeBSD.org> wrote
>   in <201312080555.rB85tu8W016979@svn.freebsd.org>:
>=20
> pe> Author: peter
> pe> Date: Sun Dec  8 05:55:55 2013
> pe> New Revision: 259094
> pe> URL: http://svnweb.freebsd.org/changeset/base/259094
> pe>
> pe> Log:
> pe>   Rev 256256 had an undocumented side effect of breaking existing b=
ehavior
> pe>   for ipv6 jails.
> pe>
> pe>   Among the harmful side effects included putting a route to an ent=
ire /64
> pe>   onto an interface even if you were in a smaller network - eg: /80=
=2E
> pe>   This broke the freebsd.org cluster hosted at ISC which has /80 ne=
tworks.
> pe>
> pe> Modified:
> pe>   head/etc/rc.d/jail
>=20
>  The reason why it was changed is that I think an IPv6 GUA with no
>  prefix length information should always be interpret as a /64 because
>  the other tools like ifconfig do so.  IPv6 is designed to always use
>  a correct prefix length and avoid using a /128 for aliases.  Is there
>  a problem with specifying a /80 address to ip6.addr if a box is on a
>  /80 network?

I'm all for issuing warnings and advising people to correct it.  However =
the
problem is that the change silently breaks a working setup during an upgr=
ade
from 9.x to 10.x.

At the ISC.org freebsd cluster site we lost the ability to talk to other
services in nearby separate networks, including DNS.

It had gone undetected until we tried to actually default to using IPv6 -=

the first reaction from some of the other admins was to revert everything=

back to IPv4.  If breaking ipv6 jails leads to that outcome elsewhere the=
n
that would be sub-optimal for ipv6 adoption.

--=20
Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6F=
JV
UTF-8: for when a ' just won\342\200\231t do.


--80MvP1J1bf8dafClPrLbqErNKV2LKHNw9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlKmPAgACgkQFRKuUnJ3cX8xIwCdE+i3QDsyv7s8a3BNABjW6atQ
fIYAmgLWEd+b1tXRW/wWORQ4T7NX4xWo
=Ia2w
-----END PGP SIGNATURE-----

--80MvP1J1bf8dafClPrLbqErNKV2LKHNw9--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52A63C03.2030201>