Re: IPv6 by default
On 2014/04/29 23:12, Stuart Henderson wrote: > On 2014/04/29 22:25, Paul de Weerd wrote: > > Disabling IPv6 should not be necessary: it shouldn't be enabled by > > default, even link-local addresses. > > If doing this, then we need a way to enable link-local, like the opposite > of "ifconfig $if -inet6". Current process to re-enable just the link-local > is to configure some other v6 address and delete it again, which is > acceptable when the option to remove the link-local is just used by people > who explicitly don't want v6 at all, but is a bit too ugly if it's > something that people need to use just to enable v6. > > I also wonder about blocking all-nodes mcast in the sample pf.conf... > (personally there are places I find them very useful but I think this is > a saner default - it's always fun doing a node-name query on conference > wifi/etc). > > Index: pf.conf > === > RCS file: /cvs/src/etc/pf.conf,v > retrieving revision 1.53 > diff -u -p -r1.53 pf.conf > --- pf.conf 25 Jan 2014 10:28:36 - 1.53 > +++ pf.conf 29 Apr 2014 21:35:03 - > @@ -19,6 +19,8 @@ set skip on lo > block return # block stateless traffic > pass # establish keep-state > > +block in inet6 proto icmp6 to ff02::1# block all-nodes multicast > queries > + doh. this is not quite targetted enough ;) maybe drop types 128 and 139 - any others?
Re: IPv6 by default
Le 2014-04-29 22:04, Theo de Raadt a écrit : > measurements all over the world show that IPv4 is better > in every respect. Not disagreeing, but I would like to have access to more data backing this up. I'm not satisfied with what I found (see other post). > Change that, then we can talk. Working on it. ;) http://tools.ietf.org/html/rfc6888 Simon
Re: IPv6 by default
> However, based on available evidence, IPv4 is not better than IPv6 in > every respect for everyone. You've written a long mail and completely missed the point. This is not a conversation about your IPv6 connection. It is about what the sensible default should be for everyone.
Re: IPv6 by default
On Tue 29 Apr 2014 09:04:36 PM CDT, Theo de Raadt wrote: I know that what I proposed cannot go in at the moment. It's my end goal. The goal is ridiculous. If anything, it should be sorted by the "best addresses first". Today the best addresses are IPv4. There is no dynamic method to determine "best", but measurements all over the world show that IPv4 is better in every respect. Change that, then we can talk. ... Apply these kinds of changes to your entire production network, and report back in 6 months if you are still running them. You're right for almost all residential customers today and most business customers of incumbent providers. However, based on available evidence, IPv4 is not better than IPv6 in every respect for everyone. My IPv6 transit is free, and runs at 1Gbit/sec. (Thank you, Hurricane Electric. Yes, I know this will change someday.) My IPv4 transit is definitely not free, and runs at 100Mbit/sec. I have a /48 of IPv6 addresses, whereas I have only a /24 of IPv4 addresses. Both address blocks cost the same amount; the $/IP ratio is clear. IPv6 is clearly better for me, because I've taken steps to obtain native IPv6 transport. That fact skews my results. My own measurements show that for many services, Amazon's cloud being a notable example, native IPv6 provides noticeably lower latency than IPv4 - even when taking the same AS path. IPv4 routes tend to have higher hop-counts than the corresponding IPv6 routes. Using cpercival's tarsnap service as a test endpoint: from my workstation, the IPv4 route is 15 hops long and exhibits RTT in the 54msec range, whereas the IPv6 route is 9 hops long and 33msec. Google's public DNS servers are 13 [v4] vs. 11 [v6] hops and identical latency (32msec). Akamai is 8 [v4] vs. 6 [v6] hops, and nearly-identical latency, once I get past the local cache. My data (not just these two examples) shows native IPv6 having a noticeable performance advantage over IPv4. (It's not because of the 1Gb/100Mb links, either; my workstation is at the far end of a 20Mbit radio link from my routers.) In every case I can find, IPv6 is now at least as good as IPv4, and is often "better in every respect". That conclusion does still flip 180 degrees around, for obvious reasons, when the only IPv6 connectivity is through a tunnel. I've been fully[*] dual-stacked for almost a year, and well over a year since I started preferring my IPv6 tunnel wherever possible. The redundant OpenBSD-based BGP routers were installed October 26th 2013 and were routing IPv6 shortly thereafter. The topology has changed several times over that period of time, and the addition of IPv6 has not created problems for me any more significant than IPv4 has. (Renumbering is exactly as much a PITA in v6 as v4, despite what some optimists still claim.) Yes, I have had to choose software that supports IPv6, but that's not difficult nowadays... the lack of DHCPv6 in base OpenBSD is the only major gap that I've had trouble filling. Overall, OpenBSD supports IPv6 extremely well, more than well enough to run my network, which is why I don't understand the determination to passive-agressively not endorse it. I don't know anyone who seriously believes, by this point, that IPv6 is not going to take over eventually. Yes, the entire industry is doomed to repeat its mistakes, that's blazingly obvious. Yes, IPv6 has some serious flaws, and as a protocol suite, it sucks rocks in many ways. Does that mean you have to actively resist fostering IPv6 adoption? OpenBSD is already the only free OS that handles IPv6 fragmentation "correctly"... and it certainly wouldn't be the first OS to prefer IPv6. (That would actually be Windows Vista, I believe. OK, that's not a glowing endorsement...) [*] except for one software management console that doesn't support IPv6 at all. My printers, my WiFi APs, even my CEPH cluster are all IPv6-native. The worst network-stack stupidity I've seen so far was on the WiFi AP, and it only affected IPv4. -- -Adam Thompson athom...@athompso.net
Re: IPv6 by default
> Someone has to take the first/next step, and that's a very > traditional role for OpenBSD. Apply these kinds of changes to your entire production network, and report back in 6 months if you are still running them.
Re: IPv6 by default
> I know that what I proposed cannot go in at the moment. It's my end > goal. The goal is ridiculous. If anything, it should be sorted by the "best addresses first". Today the best addresses are IPv4. There is no dynamic method to determine "best", but measurements all over the world show that IPv4 is better in every respect. Change that, then we can talk.
Re: IPv6 by default
On 04/30/14 01:45, Alexander Hall wrote: However, doing the requests in parallel, each geting the same treatment as if done in sequence (timing out if need be, etc), and then sort them by the family directive as per resolv.conf could in theory cut the lookup time in half... Not that this has anything to do with the original subject.
Re: IPv6 by default
On 04/30/14 00:12, Ted Unangst wrote: On Tue, Apr 29, 2014 at 10:18, Simon Perreault wrote: Le 2014-04-29 10:12, Ted Unangst a écrit : - Run both requests in parallel. - When one response is received, start a short timer (e.g. 200ms or so). - If the second response is received before the timer expires, sort and return the results as usual. - Otherwise, kill the second request and return what you have. Yuck. You just added 200ms latency to every connection. If I'm reading the code correctly, this saves time on average even if we keep IPv4 as default, and is never worse than the current situation. getaddrinfo() queries both families in sequence. So you have to wait for the request even if the A request finishes quickly. Doesn't matter which one is first, you have to to wait for both. It makes sense to me to cap that waiting when the first request yielded results, no matter which family is the default. Please let me know if my understanding is wrong. Good point. I think I was tricked by your proposal into thinking the current code did something else. Even so, I have a new objection. :) This will introduce a lot of strange effects based on whether the second response arrives in time or not. I would not want to debug this. However, doing the requests in parallel, each geting the same treatment as if done in sequence (timing out if need be, etc), and then sort them by the family directive as per resolv.conf could in theory cut the lookup time in half... And of course, here's a diff for that: Oh, crap. The cat ate it. Sorry. /Alexander
Re: IPv6 by default
previously on this list Stuart Henderson contributed: > My thinking is that *if* someone has taken steps to enable v6, > then programs should try to use it for comms where possible. > "family inet6 inet4" is too blunt and affects people who don't want > to touch v6. I'm used to seeing NOINET6 in ifconfig and just realised it isn't set on this machine :-( still it's blocked by PF :-) If a user says none to ipv6 address in the installer why not set things appropriately. It occured to me that /etc/rc has PF settings that a default ipv6 block may prevent initial machine accessibility? -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___ I have no idea why RTFM is used so aggressively on LINUX mailing lists because whilst 'apropos' is traditionally the most powerful command on Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool to help psychopaths learn to control their anger. (Kevin Chadwick) ___
Re: IPv6 by default
On 2014/04/29 22:25, Paul de Weerd wrote: > Disabling IPv6 should not be necessary: it shouldn't be enabled by > default, even link-local addresses. If doing this, then we need a way to enable link-local, like the opposite of "ifconfig $if -inet6". Current process to re-enable just the link-local is to configure some other v6 address and delete it again, which is acceptable when the option to remove the link-local is just used by people who explicitly don't want v6 at all, but is a bit too ugly if it's something that people need to use just to enable v6. I also wonder about blocking all-nodes mcast in the sample pf.conf... (personally there are places I find them very useful but I think this is a saner default - it's always fun doing a node-name query on conference wifi/etc). Index: pf.conf === RCS file: /cvs/src/etc/pf.conf,v retrieving revision 1.53 diff -u -p -r1.53 pf.conf --- pf.conf 25 Jan 2014 10:28:36 - 1.53 +++ pf.conf 29 Apr 2014 21:35:03 - @@ -19,6 +19,8 @@ set skip on lo block return # block stateless traffic pass # establish keep-state +block in inet6 proto icmp6 to ff02::1 # block all-nodes multicast queries + # rules for spamd(8) #table persist #table persist file "/etc/mail/nospamd" > Why oh why can I bring up an interface and have attackers probe me > over IPv6 on a default OpenBSD install while they cannot do so over > IPv4? Why is IPv6 more enabled than IPv4? IPv4 takes configuration > before it will work, IPv6 works without it. I believe that's a > problem that should be fixed before changing other defaults. > > If I want IPv6 (static / RS / DHCPv6 / whatever), I should configure > my machine with it .. just like with IPv4 (static / DHCP / whatever). > Fuck this bullshit. Please note that this is the protocol where many > a developer will complain about how it's more complex than IPv4. > > Paul 'WEiRD' de Weerd > > PS: I tend to want IPv6 everywhere - I'm just opposing this STUPID > default in OpenBSD. My thinking is that *if* someone has taken steps to enable v6, then programs should try to use it for comms where possible. "family inet6 inet4" is too blunt and affects people who don't want to touch v6. But if we can be smarter about only using v6 where people have made that decision (i.e. AI_ADDRCONFIG), preferring it is a good way to get the code better exercised and bugs found.
Re: IPv6 by default
On Tue, Apr 29, 2014 at 10:18, Simon Perreault wrote: > Le 2014-04-29 10:12, Ted Unangst a écrit : >>> - Run both requests in parallel. >>> - When one response is received, start a short timer (e.g. 200ms or so). >>> - If the second response is received before the timer expires, sort and >>> return the results as usual. >>> - Otherwise, kill the second request and return what you have. >> >> Yuck. You just added 200ms latency to every connection. > > If I'm reading the code correctly, this saves time on average even if we > keep IPv4 as default, and is never worse than the current situation. > > getaddrinfo() queries both families in sequence. So you have to wait for > the request even if the A request finishes quickly. Doesn't matter > which one is first, you have to to wait for both. It makes sense to me > to cap that waiting when the first request yielded results, no matter > which family is the default. Please let me know if my understanding is > wrong. Good point. I think I was tricked by your proposal into thinking the current code did something else. Even so, I have a new objection. :) This will introduce a lot of strange effects based on whether the second response arrives in time or not. I would not want to debug this.
Re: IPv6 by default
On Tue, Apr 29, 2014 at 2:25 PM, Paul de Weerd wrote: > > > Why oh why can I bring up an interface and have attackers probe me > over IPv6 on a default OpenBSD install while they cannot do so over > IPv4? Why is IPv6 more enabled than IPv4? IPv4 takes configuration > before it will work, IPv6 works without it. I believe that's a > problem that should be fixed before changing other defaults. > > Talk from defcon last year on abusing IPV6: https://www.defcon.org/images/defcon-21/dc-21-presentations/Alonso/DEFCON-21-Alonso-Fear-the-Evil-FOCA-Updated.pdf Video is up too - Alonso is pretty funny: https://media.defcon.org/DEF%20CON%2021/DEF%20CON%2021%20video%20and%20slides/DEF%20CON%2021%20Hacking%20Conference%20Presentation%20By%20Chema%20Alonso%20-%20Fear%20the%20Evil%20FOCA%20IPv6%20attacks%20-%20Video%20and%20Slides.m4v I agree default should be IPV6 off... On Tue, Apr 29, 2014 at 2:25 PM, Paul de Weerd wrote: > On Tue, Apr 29, 2014 at 10:52:06AM -0300, Giancarlo Razzolini wrote: > | Em 29-04-2014 04:51, Stuart Henderson escreveu: > | > Too soon I think. Wait a little longer and more major ISPs will turn > | > IPv4 into the second class citizen as they fumble with their cgnat > | > deployments then this will make a lot more sense. Now that akamai have > | > their /10 taking ARIN into the final /8 run-out position that RIPE and > | > APNIC have been in for some time, this will accelerate. > | > | I disable ipv6 across all my linux desktops installations because some > | daemons aren't smart enough to not try it first. Postfix is one that > | comes from the top of my mind. Also, I believe firefox will default to > | ipv6 then ipv4 if you have it enabled. Too soon I think. I'm hoping for > | ipv6 get more traction soon, so we could end using nat on our pf rules. > > Disabling IPv6 should not be necessary: it shouldn't be enabled by > default, even link-local addresses. > > Why oh why can I bring up an interface and have attackers probe me > over IPv6 on a default OpenBSD install while they cannot do so over > IPv4? Why is IPv6 more enabled than IPv4? IPv4 takes configuration > before it will work, IPv6 works without it. I believe that's a > problem that should be fixed before changing other defaults. > > If I want IPv6 (static / RS / DHCPv6 / whatever), I should configure > my machine with it .. just like with IPv4 (static / DHCP / whatever). > Fuck this bullshit. Please note that this is the protocol where many > a developer will complain about how it's more complex than IPv4. > > Paul 'WEiRD' de Weerd > > PS: I tend to want IPv6 everywhere - I'm just opposing this STUPID > default in OpenBSD. > > -- > >[<++>-]<+++.>+++[<-->-]<.>+++[<+ > +++>-]<.>++[<>-]<+.--.[-] > http://www.weirdnet.nl/ > >
Re: IPv6 by default
Em 29-04-2014 17:25, Paul de Weerd escreveu: > Disabling IPv6 should not be necessary: it shouldn't be enabled by > default, even link-local addresses. Exactly my point. Even with only link local addresses, some daemons bind to tcp6 wildcard sockets and I can detect delays when using a linux with the dual stack. > > Why oh why can I bring up an interface and have attackers probe me > over IPv6 on a default OpenBSD install while they cannot do so over > IPv4? Why is IPv6 more enabled than IPv4? IPv4 takes configuration > before it will work, IPv6 works without it. I believe that's a > problem that should be fixed before changing other defaults. The ipv6 setup must be much simpler than ipv4. And it is. Using rtadvd on OpenBSD for example is simpler than setting up a dhcp server. > > If I want IPv6 (static / RS / DHCPv6 / whatever), I should configure > my machine with it .. just like with IPv4 (static / DHCP / whatever). > Fuck this bullshit. Please note that this is the protocol where many > a developer will complain about how it's more complex than IPv4. > > Paul 'WEiRD' de Weerd > > PS: I tend to want IPv6 everywhere - I'm just opposing this STUPID > default in OpenBSD. > IPv6 will make our life as sysadmins much easier. IPv6 will happen. The sooner the better. But this default on OpenBSD is not the way to make it happen faster. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: IPv6 by default
On Tue, Apr 29, 2014 at 10:52:06AM -0300, Giancarlo Razzolini wrote: | Em 29-04-2014 04:51, Stuart Henderson escreveu: | > Too soon I think. Wait a little longer and more major ISPs will turn | > IPv4 into the second class citizen as they fumble with their cgnat | > deployments then this will make a lot more sense. Now that akamai have | > their /10 taking ARIN into the final /8 run-out position that RIPE and | > APNIC have been in for some time, this will accelerate. | | I disable ipv6 across all my linux desktops installations because some | daemons aren't smart enough to not try it first. Postfix is one that | comes from the top of my mind. Also, I believe firefox will default to | ipv6 then ipv4 if you have it enabled. Too soon I think. I'm hoping for | ipv6 get more traction soon, so we could end using nat on our pf rules. Disabling IPv6 should not be necessary: it shouldn't be enabled by default, even link-local addresses. Why oh why can I bring up an interface and have attackers probe me over IPv6 on a default OpenBSD install while they cannot do so over IPv4? Why is IPv6 more enabled than IPv4? IPv4 takes configuration before it will work, IPv6 works without it. I believe that's a problem that should be fixed before changing other defaults. If I want IPv6 (static / RS / DHCPv6 / whatever), I should configure my machine with it .. just like with IPv4 (static / DHCP / whatever). Fuck this bullshit. Please note that this is the protocol where many a developer will complain about how it's more complex than IPv4. Paul 'WEiRD' de Weerd PS: I tend to want IPv6 everywhere - I'm just opposing this STUPID default in OpenBSD. -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: IPv6 by default
On Tue, Apr 29, 2014 at 04:57:28PM +, Christian Weisgerber wrote: > On 2014-04-29, Mark Kettenis wrote: > > >> Google's data [1] shows a few third-world countries where what you say > >> is true, plus Japan because of a single particularly broken ISP [2]. > > > > Isn't there a correlation between those countries and actual IPv6 usage? > > According to "Akamai's State of the Internet" Q4 2013 report > (figure 16, PDF page 15): > >Country/Region Q4'13 IPv6QoQ > Traffic %Change > 1 Switzerland 9.3%33% > 2 Romania 7.9% 7.8% > 3 Luxembourg 6.7%35% > 4 Germany 5.8%43% > 5 Peru5.5%41% > 6 United States 5.2%25% > 7 Belgium 4.7%23% > 8 France 4.5% -11% > 9 Ireland 4.3%14% > 10 Japan 2.2%11% > > http://www.akamai.com/stateoftheinternet/ > > -- > Christian "naddy" Weisgerber na...@mips.inka.de If you look at the stats of ams-ix, you'll see IPv6 traffic growing, but at about the same rate as IPv6. It has been hovering at about 0.5% for quite a while, and only the last 2 month it is growing a bit (to 0.6%). https://ams-ix.net/technical/statistics/sflow-stats/ether-type -Otto
Re: IPv6 by default
On 29 April 2014 12:57, Christian Weisgerber wrote: > On 2014-04-29, Mark Kettenis wrote: > >>> Google's data [1] shows a few third-world countries where what you say >>> is true, plus Japan because of a single particularly broken ISP [2]. >> >> Isn't there a correlation between those countries and actual IPv6 usage? > > According to "Akamai's State of the Internet" Q4 2013 report > (figure 16, PDF page 15): > >Country/Region Q4'13 IPv6QoQ > Traffic %Change > 1 Switzerland 9.3%33% > 2 Romania 7.9% 7.8% > 3 Luxembourg 6.7%35% > 4 Germany 5.8%43% > 5 Peru5.5%41% > 6 United States 5.2%25% > 7 Belgium 4.7%23% > 8 France 4.5% -11% > 9 Ireland 4.3%14% > 10 Japan 2.2%11% > > http://www.akamai.com/stateoftheinternet/ > > -- > Christian "naddy" Weisgerber na...@mips.inka.de > Switzerland needs to be broken out to exclude Claudio and Peter Hessler. :-) Ken
Re: IPv6 by default
On 2014-04-29, Mark Kettenis wrote: >> Google's data [1] shows a few third-world countries where what you say >> is true, plus Japan because of a single particularly broken ISP [2]. > > Isn't there a correlation between those countries and actual IPv6 usage? According to "Akamai's State of the Internet" Q4 2013 report (figure 16, PDF page 15): Country/Region Q4'13 IPv6QoQ Traffic %Change 1 Switzerland 9.3%33% 2 Romania 7.9% 7.8% 3 Luxembourg 6.7%35% 4 Germany 5.8%43% 5 Peru5.5%41% 6 United States 5.2%25% 7 Belgium 4.7%23% 8 France 4.5% -11% 9 Ireland 4.3%14% 10 Japan 2.2%11% http://www.akamai.com/stateoftheinternet/ -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: IPv6 by default
> Date: Tue, 29 Apr 2014 09:55:58 -0400 > From: Simon Perreault > > Here's the relevant data I know of: > > Google's data [1] shows a few third-world countries where what you say > is true, plus Japan because of a single particularly broken ISP [2]. Isn't there a correlation between those countries and actual IPv6 usage? > Is there anything else? IPv6 is at least an order of magnitude more complex than IPv4. Less IPv6 results in better security.
Re: IPv6 by default
Penned by Otto Moerbeek on 20140429 9:07.54, we have: | On Tue, Apr 29, 2014 at 10:04:35AM -0400, Simon Perreault wrote: | | > Le 2014-04-29 09:55, Henning Brauer a ?crit : | > >> Wouldn't it be better if libasr would run A and requests in | > >> parallel? Whichever response arrives first "wins". | > > no, since that gives extremely unpredictable results. | > | > How about this then: | > | > - Run both requests in parallel. | > - When one response is received, start a short timer (e.g. 200ms or so). | > - If the second response is received before the timer expires, sort and | > return the results as usual. | > - Otherwise, kill the second request and return what you have. | > | > Simon | | I'm still not sure what problem you bare trying to solve. I only see | added complexity here. | | -Otto Some broken routers that dish out dhcp leases and set themselves as the recursive resolver have been reported to not respond when someone queries . There may be some benifit, but for what percent of users? Added complexity seems not the direction we want to go in, indeed. Thanks, -- Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries
Re: IPv6 by default
Penned by Kenneth Westerback on 20140429 8:44.16, we have: | On 29 April 2014 08:57, Simon Perreault wrote: | > Le 2014-04-28 18:43, Kenneth Westerback a écrit : | >> Why is the burden on everyone to provide 'valid' objections? | > | > I know that what I proposed cannot go in at the moment. It's my end | > goal. Now what I want is to have a clear picture of what the issues are, | > and whether there's anything I can do to help fix them. I'm not putting | > the burden on anyone except myself. | > | | I repeat the question - what is the point of your goal to return IPv6 | addresses first? Why change? Even in a world where IPv6 was 99.99% of | the traffic, what advantages would accrue to having IPv6 addresses | returned first? I'm not hostile or opposed, I just think this appears | to be a complete waste of your time. | | >> Given the miniscule IPv6 usage out there, why should IPv6 come first? | > | > I don't see how "usage" is relevant. If IPv6 provided 1000% performance | > improvement with no downsides, we would want to use it even if global | > usage was low. | > | | Why would having the IPv6 addresses come first in the returned list be | required to 'use' them? Please explain. Many commonly used applications that have the ability to connect to both IPv4 and IPv6 will connect to the first address. This is a mere convenience. Everybody knows I use IPv6 a lot and I am fine with the resolv.conf 'family inet4 inet6' remaining as it is until a future time if/when it makes sense to change it. Doing so prematurely does not help. Thanks, -- Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries
Re: IPv6 by default
Le 2014-04-29 10:12, Ted Unangst a écrit : >> - Run both requests in parallel. >> - When one response is received, start a short timer (e.g. 200ms or so). >> - If the second response is received before the timer expires, sort and >> return the results as usual. >> - Otherwise, kill the second request and return what you have. > > Yuck. You just added 200ms latency to every connection. If I'm reading the code correctly, this saves time on average even if we keep IPv4 as default, and is never worse than the current situation. getaddrinfo() queries both families in sequence. So you have to wait for the request even if the A request finishes quickly. Doesn't matter which one is first, you have to to wait for both. It makes sense to me to cap that waiting when the first request yielded results, no matter which family is the default. Please let me know if my understanding is wrong. Thanks, Simon
Re: IPv6 by default
On 29 April 2014 09:59, Simon Perreault wrote: > Le 2014-04-29 09:44, Kenneth Westerback a écrit : >> Why would having the IPv6 addresses come first in the returned list be >> required to 'use' them? Please explain. > > Well I thought this would be obvious, but applications using > getaddrinfo() typically try connecting to each of the addresses returned > in sequence and stop as soon as connect() returns 0. So you end up using > whichever address was returned first 9 time out of 10. Not obvious at all. I only learned of the existance of getaddrinfo() last week in Marrakesh when I tried to work on some OpenSSL code. Don't make such assumptions! :-) This seems to boil down to "I want to trick programs into using IPv6 if both are available." Not a goal I agree with, but an understandable one if we were on the verge of widespread adoption of IPv6. A better one would be "IPv6 is coming. Let's try to shake out programs new enough to use getaddrinfo() but old enough to not bother handling IPv6 addresses." Especially if you made it an option to explicitly make the kernel a more hostile environment. I'd still think this is premature, but probably worth discussion. It would seem a more laudible immediate goal would be to spread getaddrinfo() more consistantly into the daemons to prepare for our new IPv6 overlords. Ken > > I'll reply to your other questions, and other similar ones from other > folks, as soon as I have a good answer. > > Simon >
Re: IPv6 by default
On Tue, Apr 29, 2014 at 10:04, Simon Perreault wrote: > - Run both requests in parallel. > - When one response is received, start a short timer (e.g. 200ms or so). > - If the second response is received before the timer expires, sort and > return the results as usual. > - Otherwise, kill the second request and return what you have. Yuck. You just added 200ms latency to every connection.
Re: IPv6 by default
On 2014/04/29 10:52, Giancarlo Razzolini wrote: > Em 29-04-2014 04:51, Stuart Henderson escreveu: > > Too soon I think. Wait a little longer and more major ISPs will turn > > IPv4 into the second class citizen as they fumble with their cgnat > > deployments then this will make a lot more sense. Now that akamai have > > their /10 taking ARIN into the final /8 run-out position that RIPE and > > APNIC have been in for some time, this will accelerate. > > I disable ipv6 across all my linux desktops installations because some > daemons aren't smart enough to not try it first. Postfix is one that > comes from the top of my mind. This is not something you should have to touch at desktops. Either you run router advs in which case you should have working v6, or you don't, in which case programs using AI_ADDRCONFIG should not automatically pick them. The two biggest problems: 1. networks which run router advs but the v6 connectivity is broken. 2. networks with a malicious user sending adv's. similar to rogue dhcp servers for v4, but less understood and fewer controls in switches to deal with it, >Also, I believe firefox will default to > ipv6 then ipv4 if you have it enabled. Too soon I think. I'm hoping for > ipv6 get more traction soon, so we could end using nat on our pf rules. Mainstream browsers have their own heuristics to use ipv6 where it works, but they way they do this only makes sense for a longer-running process. AI_ADDRCONFIG is meant to be the way to select use of v6 where it works. Problem 1 above could possibly be dealt with by caching the status as to whether v6 actually works or not somewhere and using that in the decision whether to return v4 or v6 addresses.. Problem 2, well, I think networks who sufficiently care about it can make things safer, and those that don't probably aren't blocking rogue DHCP either.
Re: IPv6 by default
On Tue, Apr 29, 2014 at 10:04:35AM -0400, Simon Perreault wrote: > Le 2014-04-29 09:55, Henning Brauer a ?crit : > >> Wouldn't it be better if libasr would run A and requests in > >> parallel? Whichever response arrives first "wins". > > no, since that gives extremely unpredictable results. > > How about this then: > > - Run both requests in parallel. > - When one response is received, start a short timer (e.g. 200ms or so). > - If the second response is received before the timer expires, sort and > return the results as usual. > - Otherwise, kill the second request and return what you have. > > Simon I'm still not sure what problem you bare trying to solve. I only see added complexity here. -Otto
Re: IPv6 by default
Le 2014-04-29 09:52, Giancarlo Razzolini a écrit : > I disable ipv6 across all my linux desktops installations because some > daemons aren't smart enough to not try it first. Postfix is one that > comes from the top of my mind. That's why we needed AI_ADDRCONFIG. The point is that getaddrinfo() shouldn't be doing IPvX lookups if you don't have at least one IPvX address configured on an interface. > Also, I believe firefox will default to > ipv6 then ipv4 if you have it enabled. It attempts both in parallel. Google for "network.http.fast-fallback-to-IPv4". Simon
Re: IPv6 by default
* Simon Perreault [2014-04-29 16:05]: > Le 2014-04-29 09:55, Henning Brauer a écrit : > >> Wouldn't it be better if libasr would run A and requests in > >> parallel? Whichever response arrives first "wins". > > no, since that gives extremely unpredictable results. > > How about this then: > > - Run both requests in parallel. > - When one response is received, start a short timer (e.g. 200ms or so). > - If the second response is received before the timer expires, sort and > return the results as usual. > - Otherwise, kill the second request and return what you have. that could work, of course. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: IPv6 by default
On Tue, Apr 29, 2014 at 08:57:57AM -0400, Simon Perreault wrote: > Le 2014-04-28 18:43, Kenneth Westerback a écrit : > > Why is the burden on everyone to provide 'valid' objections? > > I know that what I proposed cannot go in at the moment. It's my end > goal. Now what I want is to have a clear picture of what the issues are, > and whether there's anything I can do to help fix them. I'm not putting > the burden on anyone except myself. > > > Given the miniscule IPv6 usage out there, why should IPv6 come first? > > I don't see how "usage" is relevant. If IPv6 provided 1000% performance > improvement with no downsides, we would want to use it even if global > usage was low. The problem is that IPv6 is tunnels all the way down (at least in many locations) and has more delay. At the moment it is not even equal to the IPv4 performance so why should we force it on everyone using OpenBSD on this planet? At the moment people that want to taste the new and improved taste of IPv6 should edit resolv.conf or resolv.conf.tail to change the order. -- :wq Claudio
Re: IPv6 by default
Le 2014-04-29 09:55, Henning Brauer a écrit : >> Wouldn't it be better if libasr would run A and requests in >> parallel? Whichever response arrives first "wins". > no, since that gives extremely unpredictable results. How about this then: - Run both requests in parallel. - When one response is received, start a short timer (e.g. 200ms or so). - If the second response is received before the timer expires, sort and return the results as usual. - Otherwise, kill the second request and return what you have. Simon
Re: IPv6 by default
On Tue, Apr 29, 2014 at 08:57, Simon Perreault wrote: > Le 2014-04-28 18:43, Kenneth Westerback a écrit : >> Why is the burden on everyone to provide 'valid' objections? > > I know that what I proposed cannot go in at the moment. It's my end > goal. Now what I want is to have a clear picture of what the issues are, > and whether there's anything I can do to help fix them. I'm not putting > the burden on anyone except myself. > >> Given the miniscule IPv6 usage out there, why should IPv6 come first? > > I don't see how "usage" is relevant. If IPv6 provided 1000% performance > improvement with no downsides, we would want to use it even if global > usage was low. > > Thanks, > Simon
Re: IPv6 by default
Le 2014-04-29 09:44, Kenneth Westerback a écrit : > Why would having the IPv6 addresses come first in the returned list be > required to 'use' them? Please explain. Well I thought this would be obvious, but applications using getaddrinfo() typically try connecting to each of the addresses returned in sequence and stop as soon as connect() returns 0. So you end up using whichever address was returned first 9 time out of 10. I'll reply to your other questions, and other similar ones from other folks, as soon as I have a good answer. Simon
Re: IPv6 by default
Le 2014-04-28 18:54, Todd T. Fries a écrit : > IPv6 is a 2nd class netizen in terms of reliability and user > experience. Here's the relevant data I know of: Google's data [1] shows a few third-world countries where what you say is true, plus Japan because of a single particularly broken ISP [2]. RIPE Labs published numbers in 2012 showing a slight performance advantage for IPv4 [3]. I *think* I saw a more recent study showing a similarly slight advantage for IPv6, but I can't find it anymore, so it might be a brain fart. Is there anything else? Simon [1] https://www.google.com/intl/en/ipv6/statistics.html#tab=per-country-ipv6-adoption [2] http://www.jp.ipv6forum.com/201301/timetable/program/IPv6Summit2013-5_Lorenzo.pdf [3] https://labs.ripe.net/Members/emileaben/measuring-world-ipv6-launch-comparing-ipv4-and-ipv6-performance
Re: IPv6 by default
* Simon Perreault [2014-04-29 14:41]: > Le 2014-04-28 18:53, Chris Cappuccio a écrit : > >> Why is the burden on everyone to provide 'valid' objections? Should > >> not the burden be on you to at least hint at a point to this change? > >> Given the miniscule IPv6 usage out there, why should IPv6 come first? > > > > I like how IPv6 support turns primary and secondary DNS caches from > > a redundancy feature for clients to dual points of failure (for some > > resolver implementations.) No response from either server for the first > > AF you try? Just wait for a full time out before you try the second AF! > > This is a valid point IMHO. > > Wouldn't it be better if libasr would run A and requests in > parallel? Whichever response arrives first "wins". no, since that gives extremely unpredictable results. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: IPv6 by default
Em 29-04-2014 04:51, Stuart Henderson escreveu: > Too soon I think. Wait a little longer and more major ISPs will turn > IPv4 into the second class citizen as they fumble with their cgnat > deployments then this will make a lot more sense. Now that akamai have > their /10 taking ARIN into the final /8 run-out position that RIPE and > APNIC have been in for some time, this will accelerate. I disable ipv6 across all my linux desktops installations because some daemons aren't smart enough to not try it first. Postfix is one that comes from the top of my mind. Also, I believe firefox will default to ipv6 then ipv4 if you have it enabled. Too soon I think. I'm hoping for ipv6 get more traction soon, so we could end using nat on our pf rules. -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: IPv6 by default
* Simon Perreault [2014-04-29 14:58]: > I don't see how "usage" is relevant. If IPv6 provided 1000% performance > improvement with no downsides, we would want to use it even if global > usage was low. however, it provides far worse performance with shitloads of downsides... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: IPv6 by default
On 29 April 2014 08:57, Simon Perreault wrote: > Le 2014-04-28 18:43, Kenneth Westerback a écrit : >> Why is the burden on everyone to provide 'valid' objections? > > I know that what I proposed cannot go in at the moment. It's my end > goal. Now what I want is to have a clear picture of what the issues are, > and whether there's anything I can do to help fix them. I'm not putting > the burden on anyone except myself. > I repeat the question - what is the point of your goal to return IPv6 addresses first? Why change? Even in a world where IPv6 was 99.99% of the traffic, what advantages would accrue to having IPv6 addresses returned first? I'm not hostile or opposed, I just think this appears to be a complete waste of your time. >> Given the miniscule IPv6 usage out there, why should IPv6 come first? > > I don't see how "usage" is relevant. If IPv6 provided 1000% performance > improvement with no downsides, we would want to use it even if global > usage was low. > Why would having the IPv6 addresses come first in the returned list be required to 'use' them? Please explain. Ken > Thanks, > Simon
Re: IPv6 by default
Le 2014-04-28 18:43, Kenneth Westerback a écrit : > Why is the burden on everyone to provide 'valid' objections? I know that what I proposed cannot go in at the moment. It's my end goal. Now what I want is to have a clear picture of what the issues are, and whether there's anything I can do to help fix them. I'm not putting the burden on anyone except myself. > Given the miniscule IPv6 usage out there, why should IPv6 come first? I don't see how "usage" is relevant. If IPv6 provided 1000% performance improvement with no downsides, we would want to use it even if global usage was low. Thanks, Simon
Re: IPv6 by default
Le 2014-04-28 18:53, Chris Cappuccio a écrit : >> Why is the burden on everyone to provide 'valid' objections? Should >> not the burden be on you to at least hint at a point to this change? >> Given the miniscule IPv6 usage out there, why should IPv6 come first? > > I like how IPv6 support turns primary and secondary DNS caches from > a redundancy feature for clients to dual points of failure (for some > resolver implementations.) No response from either server for the first > AF you try? Just wait for a full time out before you try the second AF! This is a valid point IMHO. Wouldn't it be better if libasr would run A and requests in parallel? Whichever response arrives first "wins". Simon
Re: IPv6 by default
On 2014/04/28 18:05, Simon Perreault wrote: > Tech, > > Now that my AI_ADDRCONFIG diff is in, it's time to reveal my evil master plan: > make getaddrinfo() return IPv6 results first by default. > > The diff below would be the end goal. I guess people will have valid > objections > to it. I'd like to know what they are. > > Would it be necessary/desirable to check all calls to getaddrinfo() in base > and > add AI_ADDRCONFIG to hints.ai_flags where needed? (i.e. pretty much everywhere > except special cases which right now I can't think of any) > > Thanks, > Simon Too soon I think. Wait a little longer and more major ISPs will turn IPv4 into the second class citizen as they fumble with their cgnat deployments then this will make a lot more sense. Now that akamai have their /10 taking ARIN into the final /8 run-out position that RIPE and APNIC have been in for some time, this will accelerate.
Re: IPv6 by default
* Adam Thompson [2014-04-29 04:37]: > On April 28, 2014 5:43:34 PM CDT, Kenneth Westerback > wrote: > >On 28 April 2014 18:05, Simon Perreault wrote: > >> Now that my AI_ADDRCONFIG diff is in, it's time to reveal my evil > >master plan: > >> make getaddrinfo() return IPv6 results first by default. no way. > >Why is the burden on everyone to provide 'valid' objections? Should > >not the burden be on you to at least hint at a point to this change? > >Given the miniscule IPv6 usage out there, why should IPv6 come first? that is the right question, and there is no good answer... > Someone has to take the first/next step except that it is a step towards the drain. > Sent from my Android device with K-9 Mail. Please excuse my brevity. Sent from a computer using a keyboard and software. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: IPv6 by default
On Tue, Apr 29, 2014 at 2:05 AM, Simon Perreault wrote: > Tech, > > Now that my AI_ADDRCONFIG diff is in, it's time to reveal my evil master plan: > make getaddrinfo() return IPv6 results first by default. > > The diff below would be the end goal. I guess people will have valid > objections > to it. I'd like to know what they are. > > Would it be necessary/desirable to check all calls to getaddrinfo() in base > and > add AI_ADDRCONFIG to hints.ai_flags where needed? (i.e. pretty much everywhere > except special cases which right now I can't think of any) That seems like a good idea to me :-) > > Thanks, > Simon > > > Index: lib/libc/asr/asr.c > === > RCS file: /cvs/src/lib/libc/asr/asr.c,v > retrieving revision 1.33 > diff -u -p -r1.33 asr.c > --- lib/libc/asr/asr.c 26 Mar 2014 18:13:15 - 1.33 > +++ lib/libc/asr/asr.c 28 Apr 2014 21:43:52 - > @@ -518,8 +518,8 @@ asr_ctx_create(void) > ac->ac_options = RES_RECURSE | RES_DEFNAMES | RES_DNSRCH; > ac->ac_refcount = 1; > ac->ac_ndots = 1; > - ac->ac_family[0] = AF_INET; > - ac->ac_family[1] = AF_INET6; > + ac->ac_family[0] = AF_INET6; > + ac->ac_family[1] = AF_INET; > ac->ac_family[2] = -1; > > ac->ac_hostfile = DEFAULT_HOSTFILE; > Index: share/man/man5/resolv.conf.5 > === > RCS file: /cvs/src/share/man/man5/resolv.conf.5,v > retrieving revision 1.44 > diff -u -p -r1.44 resolv.conf.5 > --- share/man/man5/resolv.conf.514 Jul 2013 19:44:39 - 1.44 > +++ share/man/man5/resolv.conf.528 Apr 2014 21:43:52 - > @@ -217,8 +217,8 @@ For example: > .It Cm family > Specify which type of Internet protocol family to prefer, > if a host is reachable using different address families. > -By default IPv4 addresses are queried first, > -and then IPv6 addresses. > +By default IPv6 addresses are queried first, > +and then IPv4 addresses. > The syntax is: > .Bd -ragged -offset indent > .Cm family Ar family Op Ar family > -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present.
Re: IPv6 by default
On April 28, 2014 5:43:34 PM CDT, Kenneth Westerback wrote: >On 28 April 2014 18:05, Simon Perreault wrote: >> Tech, >> >> Now that my AI_ADDRCONFIG diff is in, it's time to reveal my evil >master plan: >> make getaddrinfo() return IPv6 results first by default. > >Why is the burden on everyone to provide 'valid' objections? Should >not the burden be on you to at least hint at a point to this change? >Given the miniscule IPv6 usage out there, why should IPv6 come first? > > Ken > >> >> The diff below would be the end goal. I guess people will have valid >objections >> to it. I'd like to know what they are. >> >> Would it be necessary/desirable to check all calls to getaddrinfo() >in base and >> add AI_ADDRCONFIG to hints.ai_flags where needed? (i.e. pretty much >everywhere >> except special cases which right now I can't think of any) >> >> Thanks, >> Simon >> >> >> Index: lib/libc/asr/asr.c >> === >> RCS file: /cvs/src/lib/libc/asr/asr.c,v >> retrieving revision 1.33 >> diff -u -p -r1.33 asr.c >> --- lib/libc/asr/asr.c 26 Mar 2014 18:13:15 - 1.33 >> +++ lib/libc/asr/asr.c 28 Apr 2014 21:43:52 - >> @@ -518,8 +518,8 @@ asr_ctx_create(void) >> ac->ac_options = RES_RECURSE | RES_DEFNAMES | RES_DNSRCH; >> ac->ac_refcount = 1; >> ac->ac_ndots = 1; >> - ac->ac_family[0] = AF_INET; >> - ac->ac_family[1] = AF_INET6; >> + ac->ac_family[0] = AF_INET6; >> + ac->ac_family[1] = AF_INET; >> ac->ac_family[2] = -1; >> >> ac->ac_hostfile = DEFAULT_HOSTFILE; >> Index: share/man/man5/resolv.conf.5 >> === >> RCS file: /cvs/src/share/man/man5/resolv.conf.5,v >> retrieving revision 1.44 >> diff -u -p -r1.44 resolv.conf.5 >> --- share/man/man5/resolv.conf.514 Jul 2013 19:44:39 - > 1.44 >> +++ share/man/man5/resolv.conf.528 Apr 2014 21:43:52 - >> @@ -217,8 +217,8 @@ For example: >> .It Cm family >> Specify which type of Internet protocol family to prefer, >> if a host is reachable using different address families. >> -By default IPv4 addresses are queried first, >> -and then IPv6 addresses. >> +By default IPv6 addresses are queried first, >> +and then IPv4 addresses. >> The syntax is: >> .Bd -ragged -offset indent >> .Cm family Ar family Op Ar family >> While I'm aware this post is futile, you just answered your own question. The point of making such a change is to help change that situation. This is somewhat like saying the burden should be on all browser users to manually enable support for TLSv1.2, because hardly any web servers use it. Someone has to take the first/next step, and that's a very traditional role for OpenBSD. Having said all that, I'm on the fence about this - nice idea in theory, but the timeout issue is difficult to live with, and adds an unnecessary barrier to new OpenBSD users. And before you ask, I *have* put my money where my mouth is - I'm 100% native IPv6 all the way to the 'net (at 5x the cost of just getting a much faster IPv4 service). At present, over 10% of my traffic is v6, but only *after* I manually edited resolve.conf to default to v6. -Adam -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: IPv6 by default
You may not be aware of 'family inet4 inet6' default in resolv.conf that was specifically changed to that for OpenBSD. The reasoning given is .. IPv6 is a 2nd class netizen in terms of reliability and user experience. If you disagree, consider making the world more robust where IPv6 is concerned, or perhaps just edit /etc/resolv.conf. Thanks, Penned by Simon Perreault on 20140428 17:05.36, we have: | Tech, | | Now that my AI_ADDRCONFIG diff is in, it's time to reveal my evil master plan: | make getaddrinfo() return IPv6 results first by default. | | The diff below would be the end goal. I guess people will have valid objections | to it. I'd like to know what they are. | | Would it be necessary/desirable to check all calls to getaddrinfo() in base and | add AI_ADDRCONFIG to hints.ai_flags where needed? (i.e. pretty much everywhere | except special cases which right now I can't think of any) | | Thanks, | Simon | | | Index: lib/libc/asr/asr.c | === | RCS file: /cvs/src/lib/libc/asr/asr.c,v | retrieving revision 1.33 | diff -u -p -r1.33 asr.c | --- lib/libc/asr/asr.c26 Mar 2014 18:13:15 - 1.33 | +++ lib/libc/asr/asr.c28 Apr 2014 21:43:52 - | @@ -518,8 +518,8 @@ asr_ctx_create(void) | ac->ac_options = RES_RECURSE | RES_DEFNAMES | RES_DNSRCH; | ac->ac_refcount = 1; | ac->ac_ndots = 1; | - ac->ac_family[0] = AF_INET; | - ac->ac_family[1] = AF_INET6; | + ac->ac_family[0] = AF_INET6; | + ac->ac_family[1] = AF_INET; | ac->ac_family[2] = -1; | | ac->ac_hostfile = DEFAULT_HOSTFILE; | Index: share/man/man5/resolv.conf.5 | === | RCS file: /cvs/src/share/man/man5/resolv.conf.5,v | retrieving revision 1.44 | diff -u -p -r1.44 resolv.conf.5 | --- share/man/man5/resolv.conf.5 14 Jul 2013 19:44:39 - 1.44 | +++ share/man/man5/resolv.conf.5 28 Apr 2014 21:43:52 - | @@ -217,8 +217,8 @@ For example: | .It Cm family | Specify which type of Internet protocol family to prefer, | if a host is reachable using different address families. | -By default IPv4 addresses are queried first, | -and then IPv6 addresses. | +By default IPv6 addresses are queried first, | +and then IPv4 addresses. | The syntax is: | .Bd -ragged -offset indent | .Cm family Ar family Op Ar family -- Todd T. Fries . http://todd.fries.net/pgp.txt . @unix2mars . github:toddfries
Re: IPv6 by default
Kenneth Westerback [kwesterb...@gmail.com] wrote: > > Why is the burden on everyone to provide 'valid' objections? Should > not the burden be on you to at least hint at a point to this change? > Given the miniscule IPv6 usage out there, why should IPv6 come first? > I like how IPv6 support turns primary and secondary DNS caches from a redundancy feature for clients to dual points of failure (for some resolver implementations.) No response from either server for the first AF you try? Just wait for a full time out before you try the second AF!
Re: IPv6 by default
On 28 April 2014 18:05, Simon Perreault wrote: > Tech, > > Now that my AI_ADDRCONFIG diff is in, it's time to reveal my evil master plan: > make getaddrinfo() return IPv6 results first by default. Why is the burden on everyone to provide 'valid' objections? Should not the burden be on you to at least hint at a point to this change? Given the miniscule IPv6 usage out there, why should IPv6 come first? Ken > > The diff below would be the end goal. I guess people will have valid > objections > to it. I'd like to know what they are. > > Would it be necessary/desirable to check all calls to getaddrinfo() in base > and > add AI_ADDRCONFIG to hints.ai_flags where needed? (i.e. pretty much everywhere > except special cases which right now I can't think of any) > > Thanks, > Simon > > > Index: lib/libc/asr/asr.c > === > RCS file: /cvs/src/lib/libc/asr/asr.c,v > retrieving revision 1.33 > diff -u -p -r1.33 asr.c > --- lib/libc/asr/asr.c 26 Mar 2014 18:13:15 - 1.33 > +++ lib/libc/asr/asr.c 28 Apr 2014 21:43:52 - > @@ -518,8 +518,8 @@ asr_ctx_create(void) > ac->ac_options = RES_RECURSE | RES_DEFNAMES | RES_DNSRCH; > ac->ac_refcount = 1; > ac->ac_ndots = 1; > - ac->ac_family[0] = AF_INET; > - ac->ac_family[1] = AF_INET6; > + ac->ac_family[0] = AF_INET6; > + ac->ac_family[1] = AF_INET; > ac->ac_family[2] = -1; > > ac->ac_hostfile = DEFAULT_HOSTFILE; > Index: share/man/man5/resolv.conf.5 > === > RCS file: /cvs/src/share/man/man5/resolv.conf.5,v > retrieving revision 1.44 > diff -u -p -r1.44 resolv.conf.5 > --- share/man/man5/resolv.conf.514 Jul 2013 19:44:39 - 1.44 > +++ share/man/man5/resolv.conf.528 Apr 2014 21:43:52 - > @@ -217,8 +217,8 @@ For example: > .It Cm family > Specify which type of Internet protocol family to prefer, > if a host is reachable using different address families. > -By default IPv4 addresses are queried first, > -and then IPv6 addresses. > +By default IPv6 addresses are queried first, > +and then IPv4 addresses. > The syntax is: > .Bd -ragged -offset indent > .Cm family Ar family Op Ar family >
IPv6 by default
Tech, Now that my AI_ADDRCONFIG diff is in, it's time to reveal my evil master plan: make getaddrinfo() return IPv6 results first by default. The diff below would be the end goal. I guess people will have valid objections to it. I'd like to know what they are. Would it be necessary/desirable to check all calls to getaddrinfo() in base and add AI_ADDRCONFIG to hints.ai_flags where needed? (i.e. pretty much everywhere except special cases which right now I can't think of any) Thanks, Simon Index: lib/libc/asr/asr.c === RCS file: /cvs/src/lib/libc/asr/asr.c,v retrieving revision 1.33 diff -u -p -r1.33 asr.c --- lib/libc/asr/asr.c 26 Mar 2014 18:13:15 - 1.33 +++ lib/libc/asr/asr.c 28 Apr 2014 21:43:52 - @@ -518,8 +518,8 @@ asr_ctx_create(void) ac->ac_options = RES_RECURSE | RES_DEFNAMES | RES_DNSRCH; ac->ac_refcount = 1; ac->ac_ndots = 1; - ac->ac_family[0] = AF_INET; - ac->ac_family[1] = AF_INET6; + ac->ac_family[0] = AF_INET6; + ac->ac_family[1] = AF_INET; ac->ac_family[2] = -1; ac->ac_hostfile = DEFAULT_HOSTFILE; Index: share/man/man5/resolv.conf.5 === RCS file: /cvs/src/share/man/man5/resolv.conf.5,v retrieving revision 1.44 diff -u -p -r1.44 resolv.conf.5 --- share/man/man5/resolv.conf.514 Jul 2013 19:44:39 - 1.44 +++ share/man/man5/resolv.conf.528 Apr 2014 21:43:52 - @@ -217,8 +217,8 @@ For example: .It Cm family Specify which type of Internet protocol family to prefer, if a host is reachable using different address families. -By default IPv4 addresses are queried first, -and then IPv6 addresses. +By default IPv6 addresses are queried first, +and then IPv4 addresses. The syntax is: .Bd -ragged -offset indent .Cm family Ar family Op Ar family
