bindv6only again

classic Classic list List threaded Threaded
63 messages Options
1234
Reply | Threaded
Open this post in threaded view
|

bindv6only again

Juliusz Chroboczek-2
I've been reading through the archives in order to find out if there's
been any consensus on the controversial change to the default value of
net.ipv6.bindv6only -- and unless I've missed something, I'm under the
impression that people agree that the change was a mistake.

May I therefore most humbly suggest that Debian should revert the change
to the default (/etc/sysctl.d/bindv6only.conf), and thus become once
again compatible with what RFC 3493 says and most application developers
expect?

                                        Juliusz

attachment0 (203 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Jarek Kamiński-2
Na grupie linux.debian.devel napisałe(a)ś:
> I've been reading through the archives in order to find out if there's
> been any consensus on the controversial change to the default value of
> net.ipv6.bindv6only -- and unless I've missed something, I'm under the
> impression that people agree that the change was a mistake.

Not again...

> May I therefore most humbly suggest that Debian should revert the change
> to the default (/etc/sysctl.d/bindv6only.conf), and thus become once
> again compatible with what RFC 3493 says and most application developers
> expect?

On Linux bindv6only is configurable by administrator, applications
expecting specific setting are broken anyway (on Linux), no matter what
RFC says and what default on Debian is. And ability to change the
default is definitely feature, not a bug.

If some program needs specific value of bindv6only, it should request it
explicitly with one simple setsockopt(). And according to
http://bugs.debian.org/560238, only one package in Debian (which is not
in testing) didn't manage that. There are really no reasons to revert.

Jarek.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20100426141405.GA32291@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Salvo Tomaselli-3
On Monday 26 April 2010 16:14:05 Jarek Kamiński wrote:
> If some program needs specific value of bindv6only, it should request it
> explicitly with one simple setsockopt(). And according to
> http://bugs.debian.org/560238, only one package in Debian (which is not
> in testing) didn't manage that. There are really no reasons to revert.
Did you read this mailing list? (or even that bug to the end).

Because you're stating something false.


Bye
--
Salvo Tomaselli


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/201004261646.17113.tiposchi@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Juliusz Chroboczek-2
In reply to this post by Jarek Kamiński-2
>> unless I've missed something, I'm under the impression that people
>> agree that the change was a mistake.

> Not again...

What do you mean?

The apparent consensus is being ignored -- the default value is still
the one that people don't want.

> On Linux bindv6only is configurable by administrator,

I am aware of that.  It is the default value that we are speaking about.

> applications expecting specific setting are broken anyway (on Linux),
> no matter what RFC says and what default on Debian is.

This is of course nonsense.  Choosing the default value that is
incompatible with all other Unix systems (with the exception of OpenBSD)
and then complaining about applications being broken doesn't strike me
as a particularly productive attitude.

                                        Juliusz


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/87633e5kpn.fsf@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Clint Adams
On Mon, Apr 26, 2010 at 04:53:24PM +0200, Juliusz Chroboczek wrote:
> The apparent consensus is being ignored -- the default value is still
> the one that people don't want.

It's the one that I want.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20100426151705.GA26675@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Jarek Kamiński-2
In reply to this post by Salvo Tomaselli-3
On Mon, Apr 26, 2010 at 04:46:17PM +0200, Salvo Tomaselli wrote:
> On Monday 26 April 2010 16:14:05 Jarek Kamiński wrote:
>> If some program needs specific value of bindv6only, it should request it
>> explicitly with one simple setsockopt(). And according to
>> http://bugs.debian.org/560238, only one package in Debian (which is not
>> in testing) didn't manage that. There are really no reasons to revert.
> Did you read this mailing list? (or even that bug to the end).
>
> Because you're stating something false.

560238 is blocked only by 579033, end of bug report mentions also wine,
which I've missed. Reports against other packages are already closed. Am
I missing something else?

On Mon, Apr 26, 2010 at 04:53:24PM +0200, Juliusz Chroboczek wrote:

>> On Linux bindv6only is configurable by administrator,
>
> I am aware of that.  It is the default value that we are speaking about.
>
>> applications expecting specific setting are broken anyway (on Linux),
>> no matter what RFC says and what default on Debian is.
>
> This is of course nonsense.  Choosing the default value that is
> incompatible with all other Unix systems (with the exception of OpenBSD)
> and then complaining about applications being broken doesn't strike me
> as a particularly productive attitude.

My point was, that applications claiming compatibility with Linux cannot
assume particular value of bindv6only regardless of RFC or any value
Debian chooses. I've reported bugs about incompatibility with
bindv6only=1 before the whole discussion popped up.

We are not incompatible with other Unices, only with few buggy
applications.

Jarek.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20100426153500.GA7897@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Salvo Tomaselli-3
In reply to this post by Clint Adams
On Monday 26 April 2010 17:17:05 Clint Adams wrote:
> On Mon, Apr 26, 2010 at 04:53:24PM +0200, Juliusz Chroboczek wrote:
> > The apparent consensus is being ignored -- the default value is still
> > the one that people don't want.
>
> It's the one that I want.
>
You could still change it, right?
--
Salvo Tomaselli


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/201004261735.45100.tiposchi@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Clint Adams
On Mon, Apr 26, 2010 at 05:35:45PM +0200, Salvo Tomaselli wrote:
> You could still change it, right?

So could you, but that's not going to fix the broken software,
just like disabling the Tomcat security manager doesn't magically
make Hudson less broken.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20100426154204.GA26858@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Salvo Tomaselli-3
On Monday 26 April 2010 17:42:04 Clint Adams wrote:
> So could you, but that's not going to fix the broken software,
> just like disabling the Tomcat security manager doesn't magically
> make Hudson less broken.

You have a missconception of "broken".
POSIX has a default value, the developers will read the POSIX documentation
and tell you to screw you if you do a bugreport saying that if you voluntarily
make your system non-compliant then their software doesn't work.

Bye

--
Salvo Tomaselli


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/201004261802.15602.tiposchi@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Salvo Tomaselli-3
In reply to this post by Jarek Kamiński-2
On Monday 26 April 2010 17:35:00 Jarek Kamiński wrote:
> 560238 is blocked only by 579033, end of bug report mentions also wine,
> which I've missed. Reports against other packages are already closed. Am
> I missing something else?
Read this mailing list, some packages were mentioned.

> My point was, that applications claiming compatibility with Linux cannot
> assume particular value of bindv6only regardless of RFC or any value
> Debian chooses. I've reported bugs about incompatibility with
> bindv6only=1 before the whole discussion popped up.
That application (which i maintain btw) claims compatibility with posix, not
with linux.

> We are not incompatible with other Unices, only with few buggy
> applications.
Being posix compliant is not a bug.
The only reason i applied the patch is because i didn't want the package to be
broken. I still believe the patch didn't fix any bug.


Bye
--
Salvo Tomaselli


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/201004261810.53442.tiposchi@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Matthew Johnson-12
In reply to this post by Salvo Tomaselli-3
On Mon Apr 26 18:02, Salvo Tomaselli wrote:
> You have a missconception of "broken".
> POSIX has a default value, the developers will read the POSIX documentation
> and tell you to screw you if you do a bugreport saying that if you voluntarily
> make your system non-compliant then their software doesn't work.

Default does not mean "only permittable". If POSIX allows it to be set to
either value, then no matter what the _default_ is, not coping with either is a
bug.

I don't believe that very many people are suggesting that not working with
bindv6only=1 is not a bug which should be filed and fix when it occurs in the
archive, nor that it should not be configurable to whatever setting we do not
choose as the default. I agree - programs which don't work with the current
setting are broken and should be fixed - but that does not mean we should go
out of our way to exhibit such brokenness to our users. This seems like too much
being contrary because it's technically allowed and declaiming the results not
to be our problem, even though it breaks a lot of systems.

I think we should change the default back _and_ work towards fixing all the
applications, without making them instantly RC buggy in the mean time. It
smacks of 'uncoordinated transition' to me.

Matt

--
Matthew Johnson

signature.asc (852 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Josselin Mouette
In reply to this post by Clint Adams
Le lundi 26 avril 2010 à 15:17 +0000, Clint Adams a écrit :
> On Mon, Apr 26, 2010 at 04:53:24PM +0200, Juliusz Chroboczek wrote:
> > The apparent consensus is being ignored -- the default value is still
> > the one that people don't want.
>
> It's the one that I want.

Good. Now if you or one of those who advocate this “broken by default”
behavior could provide patches for gdm3, this would be more productive.

Cheers,
--
 .''`.      Josselin Mouette
: :' :
`. `'  “If you behave this way because you are blackmailed by someone,
  `-    […] I will see what I can do for you.”  -- Jörg Schilling

signature.asc (197 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Salvo Tomaselli-3
In reply to this post by Matthew Johnson-12
On Monday 26 April 2010 18:30:29 Matthew Johnson wrote:
> Default does not mean "only permittable". If POSIX allows it to be set to
> either value, then no matter what the _default_ is, not coping with either
>  is a bug.

Default: a selection automatically used by a computer program in the absence
of a choice made by the user.

Source: http://www.merriam-webster.com/dictionary/default

Can you post your definition of the word "default" and your source? Because if
we don't speak the same language we aren't going to understand each other.

Bye

--
Salvo Tomaselli


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/201004261952.41469.tiposchi@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Julien Cristau-6
In reply to this post by Josselin Mouette
On Mon, Apr 26, 2010 at 19:30:14 +0200, Josselin Mouette wrote:

> Le lundi 26 avril 2010 à 15:17 +0000, Clint Adams a écrit :
> > On Mon, Apr 26, 2010 at 04:53:24PM +0200, Juliusz Chroboczek wrote:
> > > The apparent consensus is being ignored -- the default value is still
> > > the one that people don't want.
> >
> > It's the one that I want.
>
> Good. Now if you or one of those who advocate this “broken by default”
> behavior could provide patches for gdm3, this would be more productive.
>
Not that I advocate the broken current default, but here's a
not-even-build-tested patch against master.

Cheers,
Julien

From: Julien Cristau <[hidden email]>
Date: Mon, 26 Apr 2010 19:42:16 +0200
Subject: [PATCH] xdmcp: disable IPV6_V6ONLY for ipv6 listening sockets

This allows ipv4 connections mapped to ipv6, in case the system default
is backwards.

Signed-off-by: Julien Cristau <[hidden email]>
---
 daemon/gdm-xdmcp-display-factory.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/daemon/gdm-xdmcp-display-factory.c b/daemon/gdm-xdmcp-display-factory.c
index 447833d..87a0d1a 100644
--- a/daemon/gdm-xdmcp-display-factory.c
+++ b/daemon/gdm-xdmcp-display-factory.c
@@ -411,6 +411,14 @@ create_socket (struct addrinfo *ai)
                 return sock;
         }
 
+#if defined(ENABLE_IPV6) && defined(IPV6_V6ONLY)
+ if (ai->ai_family == AF_INET6) {
+ int zero = 0;
+ if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &zero, sizeof(zero)) < 0)
+ g_warning("setsockopt(IPV6_V6ONLY): %s", g_strerror(errno));
+ }
+#endif
+
         if (bind (sock, ai->ai_addr, ai->ai_addrlen) < 0) {
                 g_warning ("bind: %s", g_strerror (errno));
                 close (sock);
--
1.7.0.5


signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Julien Cristau-6
On Mon, Apr 26, 2010 at 19:54:53 +0200, Julien Cristau wrote:

> On Mon, Apr 26, 2010 at 19:30:14 +0200, Josselin Mouette wrote:
>
> > Le lundi 26 avril 2010 à 15:17 +0000, Clint Adams a écrit :
> > > On Mon, Apr 26, 2010 at 04:53:24PM +0200, Juliusz Chroboczek wrote:
> > > > The apparent consensus is being ignored -- the default value is still
> > > > the one that people don't want.
> > >
> > > It's the one that I want.
> >
> > Good. Now if you or one of those who advocate this “broken by default”
> > behavior could provide patches for gdm3, this would be more productive.
> >
> Not that I advocate the broken current default, but here's a
> not-even-build-tested patch against master.
>
And the chooser part...

From: Julien Cristau <[hidden email]>
Date: Mon, 26 Apr 2010 20:00:51 +0200
Subject: [PATCH] chooser: disable IPV6_V6ONLY

Signed-off-by: Julien Cristau <[hidden email]>
---
 gui/simple-chooser/gdm-host-chooser-widget.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/gui/simple-chooser/gdm-host-chooser-widget.c b/gui/simple-chooser/gdm-host-chooser-widget.c
index e694728..0c8f46c 100644
--- a/gui/simple-chooser/gdm-host-chooser-widget.c
+++ b/gui/simple-chooser/gdm-host-chooser-widget.c
@@ -544,6 +544,13 @@ xdmcp_init (GdmHostChooserWidget *widget)
         widget->priv->socket_fd = socket (AF_INET6, SOCK_DGRAM, 0);
         if (widget->priv->socket_fd != -1) {
                 widget->priv->have_ipv6 = TRUE;
+#ifdef IPV6_V6ONLY
+ {
+ int zero = 0;
+ if (setsockopt(widget->priv->socket_fd, IPPROTO_IPV6, IPV6_V6ONLY, &zero, sizeof(zero)) < 0)
+ g_warning("setsockopt(IPV6_V6ONLY): %s", g_strerror(errno));
+ }
+#endif
         }
 #endif
         if (! widget->priv->have_ipv6) {
--
1.7.0.5


signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Don Armstrong
In reply to this post by Salvo Tomaselli-3
On Mon, 26 Apr 2010, Salvo Tomaselli wrote:

> On Monday 26 April 2010 18:30:29 Matthew Johnson wrote:
> > Default does not mean "only permittable". If POSIX allows it to be
> > set to either value, then no matter what the _default_ is, not
> > coping with either is a bug.
>
> Default: a selection automatically used by a computer program in the absence
> of a choice made by the user.
>
> Source: http://www.merriam-webster.com/dictionary/default
>
> Can you post your definition of the word "default" and your source?
> Because if we don't speak the same language we aren't going to
> understand each other.

There's no conflict here. The definition quoted says nothing about
default meaning "only permittable", exactly as Matthew claims above.

If the software doesn't work properly when either of the permissible
values is set when it is possible for the software to handle either
value correctly, the software is buggy. It may not be a bug that you
rush to fix, but it certainly is one.

If the upstream maintainer doesn't want to apply patches necessary to
work properly with either value set, that's their purview, but it
doesn't make the software non-buggy in Debian.


Don Armstrong

--
LEADERSHIP -- A form of self-preservation exhibited by people with
autodestructive imaginations in order to ensure that when it comes to
the crunch it'll be someone else's bones which go crack and not their
own.
 -- The HipCrime Vocab by Chad C. Mulligan
    (John Brunner _Stand On Zanzibar_ p256-7)

http://www.donarmstrong.com              http://rzlab.ucr.edu


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20100426182207.GY21525@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Salvo Tomaselli-3
On Monday 26 April 2010 20:22:07 Don Armstrong wrote:
> There's no conflict here. The definition quoted says nothing about
> default meaning "only permittable", exactly as Matthew claims above.
>
> If the software doesn't work properly when either of the permissible
> values is set when it is possible for the software to handle either
> value correctly, the software is buggy. It may not be a bug that you
> rush to fix, but it certainly is one.
Set by whom? If the program itself doesn't change the setting, it will not
expect it to be another one.
There is a conflict, just pretending there isn't, doesn't make it go away.

Bye

--
Salvo Tomaselli


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/201004262124.15557.tiposchi@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Marco d'Itri
In reply to this post by Juliusz Chroboczek-2
On Apr 26, Juliusz Chroboczek <[hidden email]> wrote:

> The apparent consensus is being ignored -- the default value is still
Because:
- nobody cares about the consensus in the peanut gallery
- as explained in #560238, it is still not the time to make a choice

> This is of course nonsense.  Choosing the default value that is
> incompatible with all other Unix systems (with the exception of OpenBSD)
Actually it is my understanding that 1 is the only choice for all BSD
systems (and Windows).

--
ciao,
Marco

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Don Armstrong
In reply to this post by Salvo Tomaselli-3
On Mon, 26 Apr 2010, Salvo Tomaselli wrote:
> On Monday 26 April 2010 20:22:07 Don Armstrong wrote:
> > If the software doesn't work properly when either of the permissible
> > values is set when it is possible for the software to handle either
> > value correctly, the software is buggy. It may not be a bug that you
> > rush to fix, but it certainly is one.
>
> Set by whom?

It doesn't matter who sets it. If the program doesn't work properly
with either setting, and it's possible for it to work properly with
either setting by patching the code, it's a bug that should be fixed.

> If the program itself doesn't change the setting, it will not
> expect it to be another one.

If the program wants a specific behavior, it should call setsockopt
appropriately. [But I'm unfortunatly unable to parse your full meaning
particularly well.]


Don Armstrong

--
Where I sleep at night, is this important compared to what I read
during the day? What do you think defines me? Where I slept or what I
did all day?
 -- Thomas Van Orden of Van Orden v. Perry

http://www.donarmstrong.com              http://rzlab.ucr.edu


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/20100426195908.GA21525@...

Reply | Threaded
Open this post in threaded view
|

Re: bindv6only again

Salvo Tomaselli-3
On Monday 26 April 2010 21:59:08 Don Armstrong wrote:
> It doesn't matter who sets it. If the program doesn't work properly
> with either setting, and it's possible for it to work properly with
> either setting by patching the code, it's a bug that should be fixed.
It matters because in my view, the app expects it to be 0 unless the
application itself had changed it.

Bye
--
Salvo Tomaselli


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]
Archive: http://lists.debian.org/201004262232.38760.tiposchi@...

1234