Should I be using ipv6_activate_all_interfaces or ip6addrctl_policy="ipv6_prefer"
freebsd at jonathanprice.org
freebsd at jonathanprice.org
Wed Aug 27 08:20:39 UTC 2014
> While doubting Peter's networking answers is usually foolish, I think this
> one is at least a bit misleading. As he says,
> ipv6_activate_all_interfaces="YES" will set all interfaces on the system to
> -ifdisable which, since it is an IPv6 option, will enable IPv6 on all
> interfaces. NO will disable IPv6 on all interfaces.
>
> But it is related to ipaddrctl_policy as it will set ipaddrctl_policy to
> "ipv6_prefer" if no explicit setting overrides it.
>
> So IPv6 is working, and "ssh -6" does use IPv6. I'd still like to see the
> output of ip6addrctl. It should look like:
> ::1/128 50 0
> ::/0 40 1
> ::ffff:0:0/96 35 4
> 2002::/16 30 2
> 2001::/32 5 5
> fc00::/7 3 13
> ::/96 1 3
> fec0::/10 1 11
> 3ffe::/16 1 12
>
> For more explanation, look at /etc/rc.d/ip6addrctl and /etc/network.subr.
>
> The list of prefixes set by it should match what I list above. If
> 'ipv6_activate_all_interfaces="NO"', or ipaddrctl_policy="ipv4_prefer",
> you should get:
> ::1/128 50 0
> ::/0 40 1
> ::ffff:0:0/96 100 4
> 2002::/16 30 2
> 2001::/32 5 5
> fc00::/7 3 13
> ::/96 1 3
> fec0::/10 1 11
> 3ffe::/16 1 12
>
> Any other output indicates manual setting of the policy. the "magic" is the
> precedence of ::ffff:0:0/96 which is an odd way of saying IPv4.
> I generally recommend ipv6_activate_all.
>
> Now I fear Peter will explain how I have misread the code.
Please excuse me if I'm wrong, but I think ipv6_activate_all_interfaces="NO" only
ifdisable's interfaces which don't explicitly have an ifconfig_IF_ipv6 line. Partly
because it's set to NO by default, and partly because of the following extract from
/etc/defaults/rc.conf:
"If NO, interfaces which have no corresponding $ifconfig_IF_ipv6 is marked as IFDISABLED for security reason."
This being the case, what exactly does the ifdisable stop the interface doing if it
doesn't have an address anyway?
Yes, I'd also noticed /etc/rc.d/ip6addrctl, that's actually what got me curious about
this in the first place, as I could essentially achieve my desired effect with both
ipv6_activate_all_interfaces="YES" and ip6addrctl_policy="ipv6_prefer".
Sure, below is the output of ip6addrctl from a server without either tunable (meaning,
both were removed from rc.conf completely):
Prefix Prec Label Use
::1/128 50 0 0
::/0 40 1 90
::ffff:0.0.0.0/96 100 4 0
2002::/16 30 2 0
2001::/32 5 5 0
fc00::/7 3 13 0
::/96 1 3 0
fec0::/10 1 11 0
3ffe::/16 1 12 0
Below is the output of ip6addrctl after rebooting with just "ipv6_activate_all_interfaces=YES"
Prefix Prec Label Use
::1/128 50 0 0
::/0 40 1 68
::ffff:0.0.0.0/96 35 4 0
2002::/16 30 2 0
2001::/32 5 5 0
fc00::/7 3 13 0
::/96 1 3 0
fec0::/10 1 11 0
3ffe::/16 1 12 0
And finally, below is the output of ip6addrctl after rebooting with just ip6addrctl_policy="ipv6_prefer"
Prefix Prec Label Use
::1/128 50 0 0
::/0 40 1 72
::ffff:0.0.0.0/96 35 4 0
2002::/16 30 2 0
2001::/32 5 5 0
fc00::/7 3 13 0
::/96 1 3 0
fec0::/10 1 11 0
3ffe::/16 1 12 0
So that does prove that, at least for the purposes of ip6addrctl, the two tunables are performing
the same function.
More information about the freebsd-net
mailing list