From owner-freebsd-ports@freebsd.org Wed Oct 9 00:21:34 2019 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 683E113B7FD for ; Wed, 9 Oct 2019 00:21:34 +0000 (UTC) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from saturn.lyxys.ka.sub.org (saturn.lyxys.ka.sub.org [217.29.35.151]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46nvz10j1wz3DbN for ; Wed, 9 Oct 2019 00:21:32 +0000 (UTC) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from juno.lyxys.ka.sub.org (juno.lyx [IPv6:fd2a:89ca:7d54:0:240:caff:fe92:4f47]) by saturn.lyxys.ka.sub.org (8.15.2/8.15.2) with ESMTPS id x990F8Wm031950 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Wed, 9 Oct 2019 02:15:10 +0200 (CEST) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from juno.lyxys.ka.sub.org (localhost [127.0.0.1]) by juno.lyxys.ka.sub.org (8.15.2/8.15.2) with ESMTPS id x990F80t074105 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Wed, 9 Oct 2019 02:15:08 +0200 (CEST) (envelope-from wolfgang@lyxys.ka.sub.org) Received: (from wolfgang@localhost) by juno.lyxys.ka.sub.org (8.15.2/8.15.2/Submit) id x990EmcD073769 for freebsd-ports@freebsd.org; Wed, 9 Oct 2019 02:14:48 +0200 (CEST) (envelope-from wolfgang@lyxys.ka.sub.org) X-Authentication-Warning: juno.lyx: wolfgang set sender to wolfgang@lyxys.ka.sub.org using -f Date: Wed, 9 Oct 2019 02:14:47 +0200 From: Wolfgang Zenker To: abi via freebsd-ports Subject: Re: Is IPV6 option still necessary? Message-ID: <20191009001447.GA73623@lyxys.ka.sub.org> References: <20191007.151841.1094708479149685365.yasu@utahime.org> <9b8c9b1b-0d26-d9d7-018a-cafa8ec98c1e@abinet.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <9b8c9b1b-0d26-d9d7-018a-cafa8ec98c1e@abinet.ru> Organization: private site User-Agent: Mutt/1.12.2 (2019-09-21) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (saturn.lyxys.ka.sub.org [IPv6:fd2a:89ca:7d54:1:200:24ff:feca:b4cc]); Wed, 09 Oct 2019 02:15:10 +0200 (CEST) X-Rspamd-Queue-Id: 46nvz10j1wz3DbN X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of wolfgang@lyxys.ka.sub.org designates 217.29.35.151 as permitted sender) smtp.mailfrom=wolfgang@lyxys.ka.sub.org X-Spamd-Result: default: False [-3.34 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-ports@freebsd.org]; HAS_XAW(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+]; TO_DN_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; DMARC_NA(0.00)[sub.org]; IP_SCORE(-2.04)[ip: (-8.42), ipnet: 217.29.32.0/20(-1.00), asn: 16188(-0.78), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:16188, ipnet:217.29.32.0/20, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Oct 2019 00:21:34 -0000 Hi, * abi via freebsd-ports [191008 21:16]: > 07.10.2019 09:18, Yasuhiro KIMURA пишет: >> On October 10, 2012 IPV6 option of all ports was enabled by >> default. Commit message said "We are in 2012, it is time to activate >> IPV6 options by default everywhere". >> And now we are in 2019. IPv6 is more widely used than 2012. So I >> wonder if IPV6 option is still necessary. >> If you use official packages then you always use IPv6-enabled >> binaries. And even if you build packages by yourself you still use >> IPv6-enabled ones unless you disable IPV6 option. So I think at most >> only a few people uses IPv6-disabled packages. >> Are there anybody who still disables IPV6 option for some serious >> reason such as working around IPv6-related problem? If there aren't >> then I think it's time to remove IPV6 option from ports framework. > I'm writing from 2019 and I build kernel and ports without IPv6. For all > this years I fail to understand why I need it. > My home devices fit 10.0.0.0/16 nicely, I have faith in NAT and I > encountered no IPv6-only sites. > But I saw CVEs in IPv6 stack. If you connect from a typical end user site to a website on my company, if you go via IPv4 your packets will go through NAT at your CPE, quite possibly NATted to IPv6, going through another NAT at the exit routers of your provider and arrive at an reverse proxy at my site being proxied to IPv6 finally reaching the website which is running on a IPv6 only jail. Thats because neither your typical DSL or mobile provider nor my webhosting company has enough IPv4 addresses to hand out a globally routable address to all nodes. An IPv6 connection would be end-to-end. So, you don't *need* IPv6. But you might *want* to have it anyway. Wolfgang