Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 22 Jun 2020 22:46:21 +0900 (JST)
From:      Hiroki Sato <hrs@FreeBSD.org>
To:        melifaro@freebsd.org
Cc:        current@freebsd.org, net@freebsd.org, freebsd-hackers@freebsd.org
Subject:   Re: routed && route6d removal proposal
Message-ID:  <20200622.224621.1160033569666141710.hrs@FreeBSD.org>
In-Reply-To: <273191592779927@mail.yandex.ru>
References:  <273191592779927@mail.yandex.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Mon_Jun_22_22_46_21_2020_256)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

"Alexander V. Chernikov" <melifaro@freebsd.org> wrote
  in <273191592779927@mail.yandex.ru>:

me> Hey,
me>
me> I would like to propose removal of  sbin/routed and usr.sbin/route6d.

 I am still using both of them in production environments because they
 work well at least for my configurations and most of promising
 alternatives are under GPL, not BSDL.

 Why do we need to rush to remove them?  Discussion about whether we
 should keep or remove such old bits tends to be controversial when
 there is a user like me.  I would agree with the removal if they were
 harmful or impossible to maintain, but would not for the reason that
 they are simply old and probably no one uses it today.  Reason 1 and
 2 look like the latter at least to me.  "too old to be worth keeping"
 is a matter of degree.  Uucp, rlogind, and timed should be removed
 (and were removed) because there are few non-FreeBSD platforms which
 support these protocols.  RIP is still widely supported---just like
 FTP, which nowadays no one prefers to use and major www browsers are
 about to drop the support of---and not be considered an inherently
 vulnerable protocol like telnet.  And keeping these daemons is not
 harmful even for users who want to use third-party routing daemons
 you listed.

me> 1.1. Nowadays the daemon name is simply misleading. Given situation
me> described above, one does expect far wider functionality from the
me> program named "route[6]d" than just RIP implementation.

 I do not think this is a good reason to remove something nor people
 have got confused actually.  If this is true, quagga or bird are much
 worse.

me> 2. Multiple routing stacks supporting all major routing protocol
me> including RIP exists these days: bird, frr, quagga. Many BGP-only
me> designs in are gaining popularity, so do bgp speakers such as exabgp
me> or gobgp.  Nowadays, if one needs dynamic routing on the host, OSPF or
me> BGP speaker is the choice. FreeBSD packages contains well-maintained
me> ports for these. Having RIP[ng] speakers in base offers no advantage.
me>
me> 3. Both routed/route6d are largely unmaintained [4] and presents an
me> additional attack vector. Here is the list of last non-trivial commits
me> to routed/route6d:

 I think this is a separate issue.  What attack vectors which are
 known to be vulnerable do they have?

 The small commit counts are not equal to its unreliability.  Older
 daemons such as ppp(8), dhclient(8), ftpd(8), or bootpd(8) have
 received few substantial changes in recent years because they are
 mature.

 I am not a strong protester and will be happy to keep them as ports
 if everyone wants to remove them and it will happen, but I would like
 consistent criteria on removing software in the base system (they do
 not need to be perfect nor strict, though).  I believe harmfulness is
 more important than the fact that it is old or we have more choices
 in the ports tree.  If we have negative factors on maintaining them,
 removing them would be one of the choices as a result.  If the
 existing routed/route6d makes difficulty on people who want to use
 third-party routing daemons, it should be fixed.  These kind of
 harmfulness look below the threshold to me at this moment though I
 may be biased because I am still using them today...

-- Hiroki

----Security_Multipart(Mon_Jun_22_22_46_21_2020_256)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iMkEABMKAC4WIQRsDSNTJ8+Ax5Ae/dLbsH3Gbx9zfwUCXvC2LRAcaHJzQGZyZWVi
c2Qub3JnAAoJENuwfcZvH3N/CMoCAwU3QXmLf0e6VHa4PKuZaDhhGrYPIu8NDMyA
1cifIfh2FZZZ9zKRnbag7ruFlWGHdiwXdznVKJPElL3n1NM2IdFlAgkBgStnQlfP
hI2LJd+sQihZYyltMumHnbaAUcrfq+NlfFSKjUvYcO9dnS+bzRK4HEd6FDr58L5d
9YydnNdsQXzK1UA=
=j9L7
-----END PGP SIGNATURE-----

----Security_Multipart(Mon_Jun_22_22_46_21_2020_256)----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200622.224621.1160033569666141710.hrs>