svn commit: r259094 - head/etc/rc.d

Peter Wemm peter at wemm.org
Mon Dec 9 21:54:23 UTC 2013 

On 12/9/13, 12:51 AM, Hiroki Sato wrote:
> Hi Peter,
> 
> Peter Wemm <peter at FreeBSD.org> wrote
>   in <201312080555.rB85tu8W016979 at svn.freebsd.org>:
> 
> pe> Author: peter
> pe> Date: Sun Dec  8 05:55:55 2013
> pe> New Revision: 259094
> pe> URL: http://svnweb.freebsd.org/changeset/base/259094
> pe>
> pe> Log:
> pe>   Rev 256256 had an undocumented side effect of breaking existing behavior
> pe>   for ipv6 jails.
> pe>
> pe>   Among the harmful side effects included putting a route to an entire /64
> pe>   onto an interface even if you were in a smaller network - eg: /80.
> pe>   This broke the freebsd.org cluster hosted at ISC which has /80 networks.
> pe>
> pe> Modified:
> pe>   head/etc/rc.d/jail
> 
>  The reason why it was changed is that I think an IPv6 GUA with no
>  prefix length information should always be interpret as a /64 because
>  the other tools like ifconfig do so.  IPv6 is designed to always use
>  a correct prefix length and avoid using a /128 for aliases.  Is there
>  a problem with specifying a /80 address to ip6.addr if a box is on a
>  /80 network?

I'm all for issuing warnings and advising people to correct it.  However the
problem is that the change silently breaks a working setup during an upgrade
from 9.x to 10.x.

At the ISC.org freebsd cluster site we lost the ability to talk to other
services in nearby separate networks, including DNS.

It had gone undetected until we tried to actually default to using IPv6 -
the first reaction from some of the other admins was to revert everything
back to IPv4.  If breaking ipv6 jails leads to that outcome elsewhere then
that would be sub-optimal for ipv6 adoption.

-- 
Peter Wemm - peter at wemm.org; peter at FreeBSD.org; peter at yahoo-inc.com; KI6FJV
UTF-8: for when a ' just won\342\200\231t do.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20131209/ef20dd38/attachment.sig>

More information about the svn-src-head mailing list