On 12/9/13, 12:51 AM, Hiroki Sato wrote: > Hi Peter, > > Peter Wemm <pe...@freebsd.org> wrote > in <201312080555.rb85tu8w016...@svn.freebsd.org>: > > pe> Author: peter > pe> Date: Sun Dec 8 05:55:55 2013 > pe> New Revision: 259094 > pe> URL: http://svnweb.freebsd.org/changeset/base/259094 > pe> > pe> Log: > pe> Rev 256256 had an undocumented side effect of breaking existing behavior > pe> for ipv6 jails. > pe> > pe> Among the harmful side effects included putting a route to an entire /64 > pe> onto an interface even if you were in a smaller network - eg: /80. > pe> This broke the freebsd.org cluster hosted at ISC which has /80 networks. > pe> > pe> Modified: > pe> head/etc/rc.d/jail > > The reason why it was changed is that I think an IPv6 GUA with no > prefix length information should always be interpret as a /64 because > the other tools like ifconfig do so. IPv6 is designed to always use > a correct prefix length and avoid using a /128 for aliases. Is there > a problem with specifying a /80 address to ip6.addr if a box is on a > /80 network?
I'm all for issuing warnings and advising people to correct it. However the problem is that the change silently breaks a working setup during an upgrade from 9.x to 10.x. At the ISC.org freebsd cluster site we lost the ability to talk to other services in nearby separate networks, including DNS. It had gone undetected until we tried to actually default to using IPv6 - the first reaction from some of the other admins was to revert everything back to IPv4. If breaking ipv6 jails leads to that outcome elsewhere then that would be sub-optimal for ipv6 adoption. -- Peter Wemm - pe...@wemm.org; pe...@freebsd.org; pe...@yahoo-inc.com; KI6FJV UTF-8: for when a ' just won\342\200\231t do.
signature.asc
Description: OpenPGP digital signature
