Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
>> "Everybody does it" is an argumentum ad populum. It's not right >> because all systems do this. All systems do this because some RFC >> told them to and apparently nobody considered the downsides (or they >> dismissed them). >> >> I'm arguing it should be different since it is unexpected behavior >> (keep in mind that you say 'none' to the "IPv6 address for em0? (or >> 'rtsol' or 'none')" question in the installer - a link-local address >> is not "none"), it goes against the OpenBSD philosophy and it exposes >> an extra attack surface. > > Just to remind everybody here. The last time we had to bump the remote > hole counter in OpenBSD was because of IPv6. Because of that I'm all for > not having IPv6 link local addresses set by default. > > It will also save us from some troubles with unnumbered interfaces (e.g. > as part of a bridge(4)) that get an IPv6 address by default unless -inet6 > is used. Amen! I am just a user and follow this tread with much interest. I have to say I wasn't used to OpenBSD lie to me from 2.6 when I started to use it. When I say None to a question I expect None, not a partial None. I have no say in the subject, but if I may, please make the question reflect the truth when asked and KILL IT! As a side effect of this, I got used to do this in pf.conf in every install. block in quick inet6 all Thanks for always considering better setup and default every time. Daniel
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
On Sat, May 03, 2014 at 10:03:30AM +0200, Paul de Weerd wrote: > On Fri, May 02, 2014 at 11:20:38PM +0200, Jérémie Courrèges-Anglas wrote: > | > I'm not referring to SLAAC. I'm referring to addresses that are > | > configured on interfaces without the user even requesting them. > | > link-local addresses, specifically. > | > | I was actually answering your question about link-local addresses. > > Fair enough, that wasn't clear to me. > > | > Bring up an interface and you > | > have IPv6. Accessible (and attackable) by everyone on the local > | > network (i.e., not firewalled by default). > | > | If you have no use for this interface, why do you bring it up? Why do > | you have services listening on it, be it an IPv4 address or an IPv6 > | link-local one? > > This is the default behavior from the installer when I install my > machine and pick 'none' for IPv6 addresses, but (e.g.) DHCP for v4. I > have an SSHD listening on link-local by default. > > | > Why do you expect this to > | > work without specific configuration (either setting up a static > | > address, configuring SLAAC, by using DHCPv6, or whatever means)? > | > | You know why. This is how v6 works, and I heard OpenBSD made a pretty > | good job at making it work in a pretty safe way. > > I know why, I'm challenging the status quo. And yes, I prefer it to > be OpenBSD, but it still goes against the OpenBSD philosophy. > > | > | > I believe your expectation here is wrong (although it is the current > | > | > state of IPv6 on OpenBSD). Can you explain why you disagree? > | > | > | > | Not really, I'm puzzled by your question. It works and has always > | > | worked but I shouldn't expect them to work... > | > > | > I'm puzzled by the fact it has always been this way in OpenBSD. It > | > goes against the OpenBSD philosophy. > | > | Maybe it is, or maybe not. I am not the one that says that (almost?) > | all the IPv6 implementations out there, running ND by default, are > | wrong. What's the actual impact? What are the risks? How do you > | evaluate them? How much may someone be surprised by this fact? > > I think you *are* the one to say that, together with a comunity that > values sane defaults over adhering to bad standards. If we, as a > group, move in this direction, we can set the example. How many > systems are running telnetd these days? This service used to be > enabled by default on many systems, look at history to see how great > an idea that was. It is OK to question the status quo. > > Users may be unaware they are running services accessible over IPv6, > forgetting to do proper filtering in pf, when they specify "none" for > IPv6 addresses in the installer. The risks seem obvious to me, ssh > scanners present the bulk of logging data on my machines that have ssh > open for the world, > > | > I'll try to rephrase the > | > question: > | > > | > Why do you expect that you are accessible on IPv6 > | > when you configure an interface with IPv4? You > | > don't expect to get IPv4 connectivity when you > | > configure IPv6, do you? > | > | Same answer. The current practice is to run ND and configure > | link-local addresses by default, yet I have to explain why this > | assumption should be valid. This is tiresome. > > "Everybody does it" is an argumentum ad populum. It's not right > because all systems do this. All systems do this because some RFC > told them to and apparently nobody considered the downsides (or they > dismissed them). > > I'm arguing it should be different since it is unexpected behavior > (keep in mind that you say 'none' to the "IPv6 address for em0? (or > 'rtsol' or 'none')" question in the installer - a link-local address > is not "none"), it goes against the OpenBSD philosophy and it exposes > an extra attack surface. Just to remind everybody here. The last time we had to bump the remote hole counter in OpenBSD was because of IPv6. Because of that I'm all for not having IPv6 link local addresses set by default. It will also save us from some troubles with unnumbered interfaces (e.g. as part of a bridge(4)) that get an IPv6 address by default unless -inet6 is used. -- :wq Claudio
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
On Fri, May 02, 2014 at 11:29:11PM +0200, Henning Brauer wrote: | > > Anyway, I believe at least -inet6 is a better default than the current | > > situation. | > -inet6 as the default seems more OpenBSD'ish to me. Everything off | > that can be off, but not more. | | there is way more to it than "the default". | there is no easy way to get rid of ipvshit completely, short of | recompiling w/o option INET6. | every interface you take up has that linklocal shit, unless you give | -inet6 for each and every one every time, which is very easy to miss. | thus I do think we want a net.inet6.ip.enable sysctl or the like, | which, if not set to 1, enforces -inet6 on all ifs. | | what the default of such a sysctl would be is another discussion - | any value is fine with me as long as it is 0. Well, I would expect to get ::1 as much as I get 127.0.0.1. I believe the tendency to treat IPv4 different than IPv6 is wrong. Just -inet6 on interfaces except lo0 seems like a step in the right direction. Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
On Fri, May 02, 2014 at 11:20:38PM +0200, Jérémie Courrèges-Anglas wrote: | > I'm not referring to SLAAC. I'm referring to addresses that are | > configured on interfaces without the user even requesting them. | > link-local addresses, specifically. | | I was actually answering your question about link-local addresses. Fair enough, that wasn't clear to me. | > Bring up an interface and you | > have IPv6. Accessible (and attackable) by everyone on the local | > network (i.e., not firewalled by default). | | If you have no use for this interface, why do you bring it up? Why do | you have services listening on it, be it an IPv4 address or an IPv6 | link-local one? This is the default behavior from the installer when I install my machine and pick 'none' for IPv6 addresses, but (e.g.) DHCP for v4. I have an SSHD listening on link-local by default. | > Why do you expect this to | > work without specific configuration (either setting up a static | > address, configuring SLAAC, by using DHCPv6, or whatever means)? | | You know why. This is how v6 works, and I heard OpenBSD made a pretty | good job at making it work in a pretty safe way. I know why, I'm challenging the status quo. And yes, I prefer it to be OpenBSD, but it still goes against the OpenBSD philosophy. | > | > I believe your expectation here is wrong (although it is the current | > | > state of IPv6 on OpenBSD). Can you explain why you disagree? | > | | > | Not really, I'm puzzled by your question. It works and has always | > | worked but I shouldn't expect them to work... | > | > I'm puzzled by the fact it has always been this way in OpenBSD. It | > goes against the OpenBSD philosophy. | | Maybe it is, or maybe not. I am not the one that says that (almost?) | all the IPv6 implementations out there, running ND by default, are | wrong. What's the actual impact? What are the risks? How do you | evaluate them? How much may someone be surprised by this fact? I think you *are* the one to say that, together with a comunity that values sane defaults over adhering to bad standards. If we, as a group, move in this direction, we can set the example. How many systems are running telnetd these days? This service used to be enabled by default on many systems, look at history to see how great an idea that was. It is OK to question the status quo. Users may be unaware they are running services accessible over IPv6, forgetting to do proper filtering in pf, when they specify "none" for IPv6 addresses in the installer. The risks seem obvious to me, ssh scanners present the bulk of logging data on my machines that have ssh open for the world, | > I'll try to rephrase the | > question: | > | > Why do you expect that you are accessible on IPv6 | > when you configure an interface with IPv4? You | > don't expect to get IPv4 connectivity when you | > configure IPv6, do you? | | Same answer. The current practice is to run ND and configure | link-local addresses by default, yet I have to explain why this | assumption should be valid. This is tiresome. "Everybody does it" is an argumentum ad populum. It's not right because all systems do this. All systems do this because some RFC told them to and apparently nobody considered the downsides (or they dismissed them). I'm arguing it should be different since it is unexpected behavior (keep in mind that you say 'none' to the "IPv6 address for em0? (or 'rtsol' or 'none')" question in the installer - a link-local address is not "none"), it goes against the OpenBSD philosophy and it exposes an extra attack surface. At any rate, you did answer my original question why you'd expect this behavior (if I read your answer correctly, it is because "that's the way it is" and "that's what everybody does"). Since you seem annoyed with the discussion, I'll leave it at that. Thanks anyway. Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
* Kenneth Westerback [2014-05-02 22:14]: > On 2 May 2014 16:08, Paul de Weerd wrote: > > Well, I think -inet6 would be a good default, but I think there's more > > to it. Enabling net.inet6.ip6.accept_rtadv should still get me a > > link-local address (and, if router advertisements are present on the > > local network, an autoconfigured (autoconfprivacy) address too). But > > if I have multiple interfaces and configure my system for SLAAC, what > > should happen? To me, it seems that accept_rtadv should be a > > per-interface thing. > > > > Anyway, I believe at least -inet6 is a better default than the current > > situation. > -inet6 as the default seems more OpenBSD'ish to me. Everything off > that can be off, but not more. there is way more to it than "the default". there is no easy way to get rid of ipvshit completely, short of recompiling w/o option INET6. every interface you take up has that linklocal shit, unless you give -inet6 for each and every one every time, which is very easy to miss. thus I do think we want a net.inet6.ip.enable sysctl or the like, which, if not set to 1, enforces -inet6 on all ifs. what the default of such a sysctl would be is another discussion - any value is fine with me as long as it is 0. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
Henning Brauer writes: > * Paul de Weerd [2014-05-02 21:20]: >> On Fri, May 02, 2014 at 06:53:08PM +0200, Jérémie Courrèges-Anglas wrote: > [connectivity via link-local] >> | Not really, I'm puzzled by your question. It works and has always >> | worked but I shouldn't expect them to work... >> I'm puzzled by the fact it has always been this way in OpenBSD. It >> goes against the OpenBSD philosophy. > > see where the v6 zealots got us? So there can't be a middle ground between the opinions of the v6 zealots and those of the v6 haters, great. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
Paul de Weerd writes: > On Fri, May 02, 2014 at 06:53:08PM +0200, Jérémie Courrèges-Anglas wrote: > | > | What's a regular OpenBSD host with no IPv6? I'd assume that it is > | > | a host that can perform IPv6 connections to ::1 / localhost and reach > | > | its neighbors through link-local addresses. > | > > | > Why would you expect to be able to reach your neighbors through > | > link-local addresses if you have "no IPv6" (which I take to mean 'no > | > *configured* IPv6', please correct me if I'm wrong here)? > | > | I don't make a big difference between automatically or "manually" > | configured addresses. They're here and supposed to be usable for > | whatever purpose, limited only by their intrinsic limitations. > > I'm not referring to SLAAC. I'm referring to addresses that are > configured on interfaces without the user even requesting them. > link-local addresses, specifically. I was actually answering your question about link-local addresses. > Bring up an interface and you > have IPv6. Accessible (and attackable) by everyone on the local > network (i.e., not firewalled by default). If you have no use for this interface, why do you bring it up? Why do you have services listening on it, be it an IPv4 address or an IPv6 link-local one? > Why do you expect this to > work without specific configuration (either setting up a static > address, configuring SLAAC, by using DHCPv6, or whatever means)? You know why. This is how v6 works, and I heard OpenBSD made a pretty good job at making it work in a pretty safe way. > | > I believe your expectation here is wrong (although it is the current > | > state of IPv6 on OpenBSD). Can you explain why you disagree? > | > | Not really, I'm puzzled by your question. It works and has always > | worked but I shouldn't expect them to work... > > I'm puzzled by the fact it has always been this way in OpenBSD. It > goes against the OpenBSD philosophy. Maybe it is, or maybe not. I am not the one that says that (almost?) all the IPv6 implementations out there, running ND by default, are wrong. What's the actual impact? What are the risks? How do you evaluate them? How much may someone be surprised by this fact? > I'll try to rephrase the > question: > > Why do you expect that you are accessible on IPv6 > when you configure an interface with IPv4? You > don't expect to get IPv4 connectivity when you > configure IPv6, do you? Same answer. The current practice is to run ND and configure link-local addresses by default, yet I have to explain why this assumption should be valid. This is tiresome. > I hope this question is less puzzling, apologies if that's still not > the case. It's not puzzling anymore, it's merely annoying. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
On 2 May 2014 16:25, Philip Guenther wrote: > On Fri, May 2, 2014 at 1:14 PM, Kenneth Westerback > wrote: >> >> -inet6 as the default seems more OpenBSD'ish to me. Everything off >> that can be off, but not more. > > > "That is not off which can eternal lie, > And with strange aeons even inet4 may die." > > "Their hand is at your throats, yet ye see Them not; and Their habitation is even one with your guarded interface." Ken
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
On Fri, May 2, 2014 at 1:14 PM, Kenneth Westerback wrote: > > -inet6 as the default seems more OpenBSD'ish to me. Everything off > that can be off, but not more. > "That is not off which can eternal lie, And with strange aeons even inet4 may die."
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
On 2 May 2014 16:08, Paul de Weerd wrote: > On Fri, May 02, 2014 at 09:59:09PM +0200, Henning Brauer wrote: > | * Paul de Weerd [2014-05-02 21:20]: > | > On Fri, May 02, 2014 at 06:53:08PM +0200, Jérémie Courrèges-Anglas wrote: > | [connectivity via link-local] > | > | Not really, I'm puzzled by your question. It works and has always > | > | worked but I shouldn't expect them to work... > | > I'm puzzled by the fact it has always been this way in OpenBSD. It > | > goes against the OpenBSD philosophy. > | > | see where the v6 zealots got us? > > Well, I do consider myself an IPv6 enthusiast. Probably not a zealot; > I'm not one for zealotry myself... :) > > | > I'll try to rephrase the question: > | > > | > Why do you expect that you are accessible on IPv6 > | > when you configure an interface with IPv4? You > | > don't expect to get IPv4 connectivity when you > | > configure IPv6, do you? > | > | a very good question to ask. > | > | i wish -inet6 was default. > | > | i'll probably add a sysctl to globally nuke v6 from all interfaces > | soon. somebody pls remind me at the next hackathon. > > Well, I think -inet6 would be a good default, but I think there's more > to it. Enabling net.inet6.ip6.accept_rtadv should still get me a > link-local address (and, if router advertisements are present on the > local network, an autoconfigured (autoconfprivacy) address too). But > if I have multiple interfaces and configure my system for SLAAC, what > should happen? To me, it seems that accept_rtadv should be a > per-interface thing. > > Anyway, I believe at least -inet6 is a better default than the current > situation. > > Paul 'WEiRD' de Weerd > > -- >>[<++>-]<+++.>+++[<-->-]<.>+++[<+ > +++>-]<.>++[<>-]<+.--.[-] > http://www.weirdnet.nl/ > -inet6 as the default seems more OpenBSD'ish to me. Everything off that can be off, but not more. Ken
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
On Fri, May 02, 2014 at 09:59:09PM +0200, Henning Brauer wrote: | * Paul de Weerd [2014-05-02 21:20]: | > On Fri, May 02, 2014 at 06:53:08PM +0200, Jérémie Courrèges-Anglas wrote: | [connectivity via link-local] | > | Not really, I'm puzzled by your question. It works and has always | > | worked but I shouldn't expect them to work... | > I'm puzzled by the fact it has always been this way in OpenBSD. It | > goes against the OpenBSD philosophy. | | see where the v6 zealots got us? Well, I do consider myself an IPv6 enthusiast. Probably not a zealot; I'm not one for zealotry myself... :) | > I'll try to rephrase the question: | > | > Why do you expect that you are accessible on IPv6 | > when you configure an interface with IPv4? You | > don't expect to get IPv4 connectivity when you | > configure IPv6, do you? | | a very good question to ask. | | i wish -inet6 was default. | | i'll probably add a sysctl to globally nuke v6 from all interfaces | soon. somebody pls remind me at the next hackathon. Well, I think -inet6 would be a good default, but I think there's more to it. Enabling net.inet6.ip6.accept_rtadv should still get me a link-local address (and, if router advertisements are present on the local network, an autoconfigured (autoconfprivacy) address too). But if I have multiple interfaces and configure my system for SLAAC, what should happen? To me, it seems that accept_rtadv should be a per-interface thing. Anyway, I believe at least -inet6 is a better default than the current situation. Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
* Paul de Weerd [2014-05-02 21:20]: > On Fri, May 02, 2014 at 06:53:08PM +0200, Jérémie Courrèges-Anglas wrote: [connectivity via link-local] > | Not really, I'm puzzled by your question. It works and has always > | worked but I shouldn't expect them to work... > I'm puzzled by the fact it has always been this way in OpenBSD. It > goes against the OpenBSD philosophy. see where the v6 zealots got us? > I'll try to rephrase the question: > > Why do you expect that you are accessible on IPv6 > when you configure an interface with IPv4? You > don't expect to get IPv4 connectivity when you > configure IPv6, do you? a very good question to ask. i wish -inet6 was default. i'll probably add a sysctl to globally nuke v6 from all interfaces soon. somebody pls remind me at the next hackathon. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
On Fri, May 02, 2014 at 06:53:08PM +0200, Jérémie Courrèges-Anglas wrote: | > | What's a regular OpenBSD host with no IPv6? I'd assume that it is | > | a host that can perform IPv6 connections to ::1 / localhost and reach | > | its neighbors through link-local addresses. | > | > Why would you expect to be able to reach your neighbors through | > link-local addresses if you have "no IPv6" (which I take to mean 'no | > *configured* IPv6', please correct me if I'm wrong here)? | | I don't make a big difference between automatically or "manually" | configured addresses. They're here and supposed to be usable for | whatever purpose, limited only by their intrinsic limitations. I'm not referring to SLAAC. I'm referring to addresses that are configured on interfaces without the user even requesting them. link-local addresses, specifically. Bring up an interface and you have IPv6. Accessible (and attackable) by everyone on the local network (i.e., not firewalled by default). Why do you expect this to work without specific configuration (either setting up a static address, configuring SLAAC, by using DHCPv6, or whatever means)? | > I believe your expectation here is wrong (although it is the current | > state of IPv6 on OpenBSD). Can you explain why you disagree? | | Not really, I'm puzzled by your question. It works and has always | worked but I shouldn't expect them to work... I'm puzzled by the fact it has always been this way in OpenBSD. It goes against the OpenBSD philosophy. I'll try to rephrase the question: Why do you expect that you are accessible on IPv6 when you configure an interface with IPv4? You don't expect to get IPv4 connectivity when you configure IPv6, do you? I hope this question is less puzzling, apologies if that's still not the case. Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
As somone who has paid out of his own pocket for ARIN access to allocate v6 space for things, I can assure you I am not anti-v6. What I am is anti-I-am-a-v6-zealot-and-submit-diffs-with-no-thought-to-how-everyone-but-my-own-setup-works-and-because-I-am-a-zealot-I-am-right-until-proven-wrong. No. You can't just break how everyone else works to make your life better, or get the mystic portal here sooner. People who really want to promote v6 should be testing their diffs on a v4 only setup first. and verify they do no harm or make things better - not saying "this makes v6 better can everyone else who doesn't use it think of a downside" - that's not anti v6 - that's anti-bad-attitude. Sorry too many people: 1) have v4 only setups because they have no choice 2) have v4 only because their v6 connectivity is crap. 3) have v4 only setups because they have a choice and don't want that much extra code surface exposed in a security sensitive environment. All those reasons will be valid for a long time. long enough that I bet philip's time_t fixes will be tested for real before they are not. It doesn't mean we don't want good v6 - it means we do not want v6 at the expense of such things, and the burden is on the v6 diff submitter to prove it, not tell everyone else it's the way and they should prove otherwise. On Fri, May 2, 2014 at 11:39 AM, Kenneth Westerback wrote: > On 2 May 2014 13:24, Bob Beck wrote: >> Honestly folks, I'm sick of the attitude of "The future is nigh, the >> mystic portal awaits! V6 is coming!" as an excuse for >> we *MUST* change things related to this. >> >> We've been hearing the mystic portal awaits for 15 years - and yet >> MANY of us in MANY parts of the world still can not >> get reasonable v6 connectivity - or it's is substantially worse than >> v4 for what we normally do. It's not our fault, >> our providers are useless. >> >> I have no problem with having changes to make V6 more usable. but >> here's what I have a problem with. >> >> 1) Here is wonderful V6 diff - many standards idiots of the same type >> that designed V6 say this is good. Can you >> show me a down side? >> >> My answer to this is simple. No.. We've been bit before. You want me >> to pay attention to this discussion and encourage >> that a diff goes in do this instead: >> >> 2) Here is a diff that makes V6 better - I'm not talking to you about >> the standards bodies related to V6 because they are all >> ivory tower idiots, but it *does* make things better because I've >> tested it under *these* v6 scenarios and hit helps *AND* I tested it >> under the default and these normal scenarios WITH ONLY V4, and NOTHING >> SLOWED DOWN OR GOT FUCKED UP. >> >> Having now experienced more than enough "show me a down side" V6 diffs >> in the tree over the years, I do not want to >> "show a down side" - PROVE TO ME THERE ISN'T ONE, or go away. >> > > Careful Bob, or you will be lumped in with Theo and I as roadblocks to > IPv6 adoption! > > Ken > >> >> >> >> >> >> >> On Fri, May 2, 2014 at 10:53 AM, Jérémie Courrèges-Anglas >> wrote: >>> Paul de Weerd writes: >>> On Fri, May 02, 2014 at 05:35:13PM +0200, Jérémie Courrèges-Anglas wrote: | > If you're running on a host without IPv6, why would you want | > getaddrinfo() to return any IPv6 results? What good would it do to you? | | What's a regular OpenBSD host with no IPv6? I'd assume that it is | a host that can perform IPv6 connections to ::1 / localhost and reach | its neighbors through link-local addresses. Why would you expect to be able to reach your neighbors through link-local addresses if you have "no IPv6" (which I take to mean 'no *configured* IPv6', please correct me if I'm wrong here)? >>> >>> I don't make a big difference between automatically or "manually" >>> configured addresses. They're here and supposed to be usable for >>> whatever purpose, limited only by their intrinsic limitations. >>> I believe your expectation here is wrong (although it is the current state of IPv6 on OpenBSD). Can you explain why you disagree? >>> >>> Not really, I'm puzzled by your question. It works and has always >>> worked but I shouldn't expect them to work... >>> (sorry to hijack the thread, your remark piqued my interest) Paul 'WEiRD' de Weerd >>> >>> -- >>> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE >>> >>
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
On 2 May 2014 13:24, Bob Beck wrote: > Honestly folks, I'm sick of the attitude of "The future is nigh, the > mystic portal awaits! V6 is coming!" as an excuse for > we *MUST* change things related to this. > > We've been hearing the mystic portal awaits for 15 years - and yet > MANY of us in MANY parts of the world still can not > get reasonable v6 connectivity - or it's is substantially worse than > v4 for what we normally do. It's not our fault, > our providers are useless. > > I have no problem with having changes to make V6 more usable. but > here's what I have a problem with. > > 1) Here is wonderful V6 diff - many standards idiots of the same type > that designed V6 say this is good. Can you > show me a down side? > > My answer to this is simple. No.. We've been bit before. You want me > to pay attention to this discussion and encourage > that a diff goes in do this instead: > > 2) Here is a diff that makes V6 better - I'm not talking to you about > the standards bodies related to V6 because they are all > ivory tower idiots, but it *does* make things better because I've > tested it under *these* v6 scenarios and hit helps *AND* I tested it > under the default and these normal scenarios WITH ONLY V4, and NOTHING > SLOWED DOWN OR GOT FUCKED UP. > > Having now experienced more than enough "show me a down side" V6 diffs > in the tree over the years, I do not want to > "show a down side" - PROVE TO ME THERE ISN'T ONE, or go away. > Careful Bob, or you will be lumped in with Theo and I as roadblocks to IPv6 adoption! Ken > > > > > > > On Fri, May 2, 2014 at 10:53 AM, Jérémie Courrèges-Anglas > wrote: >> Paul de Weerd writes: >> >>> On Fri, May 02, 2014 at 05:35:13PM +0200, Jérémie Courrèges-Anglas wrote: >>> | > If you're running on a host without IPv6, why would you want >>> | > getaddrinfo() to return any IPv6 results? What good would it do to you? >>> | >>> | What's a regular OpenBSD host with no IPv6? I'd assume that it is >>> | a host that can perform IPv6 connections to ::1 / localhost and reach >>> | its neighbors through link-local addresses. >>> >>> Why would you expect to be able to reach your neighbors through >>> link-local addresses if you have "no IPv6" (which I take to mean 'no >>> *configured* IPv6', please correct me if I'm wrong here)? >> >> I don't make a big difference between automatically or "manually" >> configured addresses. They're here and supposed to be usable for >> whatever purpose, limited only by their intrinsic limitations. >> >>> I believe your expectation here is wrong (although it is the current >>> state of IPv6 on OpenBSD). Can you explain why you disagree? >> >> Not really, I'm puzzled by your question. It works and has always >> worked but I shouldn't expect them to work... >> >>> (sorry to hijack the thread, your remark piqued my interest) >>> >>> Paul 'WEiRD' de Weerd >> >> -- >> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE >> >
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
Honestly folks, I'm sick of the attitude of "The future is nigh, the mystic portal awaits! V6 is coming!" as an excuse for we *MUST* change things related to this. We've been hearing the mystic portal awaits for 15 years - and yet MANY of us in MANY parts of the world still can not get reasonable v6 connectivity - or it's is substantially worse than v4 for what we normally do. It's not our fault, our providers are useless. I have no problem with having changes to make V6 more usable. but here's what I have a problem with. 1) Here is wonderful V6 diff - many standards idiots of the same type that designed V6 say this is good. Can you show me a down side? My answer to this is simple. No.. We've been bit before. You want me to pay attention to this discussion and encourage that a diff goes in do this instead: 2) Here is a diff that makes V6 better - I'm not talking to you about the standards bodies related to V6 because they are all ivory tower idiots, but it *does* make things better because I've tested it under *these* v6 scenarios and hit helps *AND* I tested it under the default and these normal scenarios WITH ONLY V4, and NOTHING SLOWED DOWN OR GOT FUCKED UP. Having now experienced more than enough "show me a down side" V6 diffs in the tree over the years, I do not want to "show a down side" - PROVE TO ME THERE ISN'T ONE, or go away. On Fri, May 2, 2014 at 10:53 AM, Jérémie Courrèges-Anglas wrote: > Paul de Weerd writes: > >> On Fri, May 02, 2014 at 05:35:13PM +0200, Jérémie Courrèges-Anglas wrote: >> | > If you're running on a host without IPv6, why would you want >> | > getaddrinfo() to return any IPv6 results? What good would it do to you? >> | >> | What's a regular OpenBSD host with no IPv6? I'd assume that it is >> | a host that can perform IPv6 connections to ::1 / localhost and reach >> | its neighbors through link-local addresses. >> >> Why would you expect to be able to reach your neighbors through >> link-local addresses if you have "no IPv6" (which I take to mean 'no >> *configured* IPv6', please correct me if I'm wrong here)? > > I don't make a big difference between automatically or "manually" > configured addresses. They're here and supposed to be usable for > whatever purpose, limited only by their intrinsic limitations. > >> I believe your expectation here is wrong (although it is the current >> state of IPv6 on OpenBSD). Can you explain why you disagree? > > Not really, I'm puzzled by your question. It works and has always > worked but I shouldn't expect them to work... > >> (sorry to hijack the thread, your remark piqued my interest) >> >> Paul 'WEiRD' de Weerd > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE >
Re: [RFC] Ai_ADDRCONFIG^WAIAIAIAIAIAIAEEEEEEEEE tweaks?
Paul de Weerd writes: > On Fri, May 02, 2014 at 05:35:13PM +0200, Jérémie Courrèges-Anglas wrote: > | > If you're running on a host without IPv6, why would you want > | > getaddrinfo() to return any IPv6 results? What good would it do to you? > | > | What's a regular OpenBSD host with no IPv6? I'd assume that it is > | a host that can perform IPv6 connections to ::1 / localhost and reach > | its neighbors through link-local addresses. > > Why would you expect to be able to reach your neighbors through > link-local addresses if you have "no IPv6" (which I take to mean 'no > *configured* IPv6', please correct me if I'm wrong here)? I don't make a big difference between automatically or "manually" configured addresses. They're here and supposed to be usable for whatever purpose, limited only by their intrinsic limitations. > I believe your expectation here is wrong (although it is the current > state of IPv6 on OpenBSD). Can you explain why you disagree? Not really, I'm puzzled by your question. It works and has always worked but I shouldn't expect them to work... > (sorry to hijack the thread, your remark piqued my interest) > > Paul 'WEiRD' de Weerd -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE