Date: Wed, 9 Oct 2019 02:14:47 +0200 From: Wolfgang Zenker <wolfgang@lyxys.ka.sub.org> To: abi via freebsd-ports <freebsd-ports@freebsd.org> Subject: Re: Is IPV6 option still necessary? Message-ID: <20191009001447.GA73623@lyxys.ka.sub.org> In-Reply-To: <9b8c9b1b-0d26-d9d7-018a-cafa8ec98c1e@abinet.ru> References: <20191007.151841.1094708479149685365.yasu@utahime.org> <9b8c9b1b-0d26-d9d7-018a-cafa8ec98c1e@abinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, * abi via freebsd-ports <freebsd-ports@freebsd.org> [191008 21:16]: > 07.10.2019 09:18, Yasuhiro KIMURA пишет: >> On October 10, 2012 IPV6 option of all ports was enabled by >> default. Commit message said "We are in 2012, it is time to activate >> IPV6 options by default everywhere". >> And now we are in 2019. IPv6 is more widely used than 2012. So I >> wonder if IPV6 option is still necessary. >> If you use official packages then you always use IPv6-enabled >> binaries. And even if you build packages by yourself you still use >> IPv6-enabled ones unless you disable IPV6 option. So I think at most >> only a few people uses IPv6-disabled packages. >> Are there anybody who still disables IPV6 option for some serious >> reason such as working around IPv6-related problem? If there aren't >> then I think it's time to remove IPV6 option from ports framework. > I'm writing from 2019 and I build kernel and ports without IPv6. For all > this years I fail to understand why I need it. > My home devices fit 10.0.0.0/16 nicely, I have faith in NAT and I > encountered no IPv6-only sites. > But I saw CVEs in IPv6 stack. If you connect from a typical end user site to a website on my company, if you go via IPv4 your packets will go through NAT at your CPE, quite possibly NATted to IPv6, going through another NAT at the exit routers of your provider and arrive at an reverse proxy at my site being proxied to IPv6 finally reaching the website which is running on a IPv6 only jail. Thats because neither your typical DSL or mobile provider nor my webhosting company has enough IPv4 addresses to hand out a globally routable address to all nodes. An IPv6 connection would be end-to-end. So, you don't *need* IPv6. But you might *want* to have it anyway. Wolfgang
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191009001447.GA73623>