Debian Bug report logs - #560238
net.ipv6.bindv6only=1 breaks some buggy programs

version graph

Package: netbase; Maintainer for netbase is Marco d'Itri <md@linux.it>; Source for netbase is src:netbase.

Reported by: pseelig@debian.org

Date: Wed, 9 Dec 2009 21:54:16 UTC

Severity: critical

Found in version netbase/4.38

Fixed in version netbase/4.42

Done: Marco d'Itri <md@linux.it>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Wed, 09 Dec 2009 21:54:19 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvo Tomaselli <tiposchi@tiscali.it>:
New Bug report received and forwarded. Copy sent to Marco d'Itri <md@linux.it>. (Wed, 09 Dec 2009 21:54:19 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Salvo Tomaselli <tiposchi@tiscali.it>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: netbase: new setting breaks RFC compliant software
Date: Wed, 09 Dec 2009 22:52:45 +0100
Package: netbase
Version: 4.39
Severity: critical
Justification: breaks unrelated software

>From RFC 3493

> This socket option restricts AF_INET6 sockets to IPv6 communications
> only.  As stated in section <3.7 Compatibility with IPv4 Nodes>,
> AF_INET6 sockets may be used for both IPv4 and IPv6 communications.

I don't think there is anything else to add to show that the
net.ipv6.bindv6only=1 is wrong since it makes debian non compliant.

I also remind that it is possible to fill bugreports to upstream authors
of uncompliant software.
Filling bugreports to authors of compliant software is not a good practice.

Have a nice day


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32ares (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages netbase depends on:
ii  initscripts                   2.87dsf-8  scripts for initializing and shutt
ii  lsb-base                      3.2-23     Linux Standard Base 3.2 init scrip

Versions of packages netbase recommends:
ii  ifupdown                      0.6.9      high level tools to configure netw

netbase suggests no packages.

-- debconf information:
  netbase/upgrade-note/etc-network-interfaces-pre-3.17-1:
  netbase/upgrade-note/init.d-split-pre-3.16-1:
  netbase/upgrade-note/radius-ports-pre-3.05:
  netbase/upgrade-note/portmap-restart-pre-3.11-2:




Reply sent to md@Linux.IT (Marco d'Itri):
You have taken responsibility. (Wed, 09 Dec 2009 22:54:06 GMT) Full text and rfc822 format available.

Notification sent to Salvo Tomaselli <tiposchi@tiscali.it>:
Bug acknowledged by developer. (Wed, 09 Dec 2009 22:54:06 GMT) Full text and rfc822 format available.

Message #10 received at 560238-done@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: Salvo Tomaselli <tiposchi@tiscali.it>, 560238-done@bugs.debian.org
Subject: Re: Bug#560238: netbase: new setting breaks RFC compliant software
Date: Wed, 9 Dec 2009 23:50:42 +0100
[Message part 1 (text/plain, inline)]
On Dec 09, Salvo Tomaselli <tiposchi@tiscali.it> wrote:

> >From RFC 3493
3493 is informational, so whatever it says it is not normative.
Before you start quoting RFCs to people you should learn how they work
and hopefully have followed the relevant working groups for a few years.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Thu, 10 Dec 2009 00:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to pseelig@debian.org:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Thu, 10 Dec 2009 00:48:03 GMT) Full text and rfc822 format available.

Message #15 received at 560238@bugs.debian.org (full text, mbox):

From: Paul Seelig <pseelig@debian.org>
To: control@bugs.debian.org
Cc: 560238@bugs.debian.org
Subject: net.ipv6.bindv6only configuration breaks xdmcp
Date: Thu, 10 Dec 2009 01:45:51 +0100
reopen 560238 !
# thanks

Hi,

just want to remark that i actualy had to move the newly created file
/etc/sysctl.d/bindv6only.conf out of the way in order to restore the
xdmcp functionality it completely broke.

If you introduce new configuration files containing untested settings
which might break stuff like xdmcp, please be very careful. Please do
ship it in a neutral way, e.g. for formerly unrequired configuration
items having the settings conveniently commented out, or better even,
ship them without creating any unexpected and obscure changes to the
system behavior. It took me much more time i could currently afford to
find out what the breakage was caused by.

Thanks a lot for your work!

Cheers
P. *8^)




Changed Bug submitter to 'pseelig@debian.org' from 'Salvo Tomaselli <tiposchi@tiscali.it>' Request was from Paul Seelig <pseelig@debian.org> to control@bugs.debian.org. (Thu, 10 Dec 2009 00:48:04 GMT) Full text and rfc822 format available.

Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 10 Dec 2009 00:48:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Thu, 10 Dec 2009 00:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Thu, 10 Dec 2009 00:57:05 GMT) Full text and rfc822 format available.

Message #24 received at 560238@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: pseelig@debian.org, 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only configuration breaks xdmcp
Date: Thu, 10 Dec 2009 01:53:57 +0100
[Message part 1 (text/plain, inline)]
On Dec 10, Paul Seelig <pseelig@debian.org> wrote:

> just want to remark that i actualy had to move the newly created file
> /etc/sysctl.d/bindv6only.conf out of the way in order to restore the
> xdmcp functionality it completely broke.
XDMCP is a protocol, which package is actually broken and how?
It should be fixed, because it will not work on the kfreebsd ports for a
start.

> If you introduce new configuration files containing untested settings
> which might break stuff like xdmcp, please be very careful. Please do
Then we would never find out what breaks.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Thu, 10 Dec 2009 02:36:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to pseelig@debian.org:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Thu, 10 Dec 2009 02:36:05 GMT) Full text and rfc822 format available.

Message #29 received at 560238@bugs.debian.org (full text, mbox):

From: Paul Seelig <pseelig@debian.org>
To: Marco d'Itri <md@Linux.IT>
Cc: 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only configuration breaks xdmcp
Date: Thu, 10 Dec 2009 03:32:46 +0100
On 12/10/2009 01:53 AM, Marco d'Itri wrote:
> XDMCP is a protocol, which package is actually broken and how?
>
It was not possible anymore to connect to a remote system via xdmcp both
via gdm and Xephyr. The remote X server appeared to have become
completely unvisible within the local network.





Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Thu, 10 Dec 2009 02:36:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Thu, 10 Dec 2009 02:36:07 GMT) Full text and rfc822 format available.

Message #34 received at 560238@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: Paul Seelig <pseelig@debian.org>
Cc: 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only configuration breaks xdmcp
Date: Thu, 10 Dec 2009 03:34:17 +0100
[Message part 1 (text/plain, inline)]
On Dec 10, Paul Seelig <pseelig@debian.org> wrote:

> On 12/10/2009 01:53 AM, Marco d'Itri wrote:
> > XDMCP is a protocol, which package is actually broken and how?
> It was not possible anymore to connect to a remote system via xdmcp both
> via gdm and Xephyr. The remote X server appeared to have become
> completely unvisible within the local network.
But was bindv6only=1 set on the client or on the server?

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Thu, 10 Dec 2009 08:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvo Tomaselli <tiposchi@tiscali.it>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Thu, 10 Dec 2009 08:03:03 GMT) Full text and rfc822 format available.

Message #39 received at 560238@bugs.debian.org (full text, mbox):

From: Salvo Tomaselli <tiposchi@tiscali.it>
To: 560238@bugs.debian.org
Subject: comment
Date: Thu, 10 Dec 2009 08:55:40 +0100
I think you should at least change the comment:

> # When IPV6_V6ONLY is enabled, daemons interested in both IPv4 and IPv6
> # connections must open two listening sockets.
> # This is the default behaviour of all modern operating systems.

Into:

> # When IPV6_V6ONLY is enabled, daemons interested in both IPv4 and IPv6
> # connections can open two listening sockets or use a setsockopt to
> # change this setting.
> # This is the default behaviour of all modern operating systems.

Which in my opinion makes the documentation say something true rather then 
something false.

-- 
Salvo Tomaselli




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Thu, 10 Dec 2009 08:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvo Tomaselli <tiposchi@tiscali.it>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Thu, 10 Dec 2009 08:27:05 GMT) Full text and rfc822 format available.

Message #44 received at 560238@bugs.debian.org (full text, mbox):

From: Salvo Tomaselli <tiposchi@tiscali.it>
To: 560238@bugs.debian.org
Subject: Postinstall script
Date: Thu, 10 Dec 2009 09:25:19 +0100
I forgot to add:

Like Paul Seelig suggested, those big changes should not happen in an hidden 
way.
You should modify the package to introduce a postinst script that shows some 
dialog, that tells the user what is going on, why is this change happening, 
give some links on where to find further informations, how to revert the 
change and most of all put a "YES/NO" to let the user decide if he wants to do 
the change, after he is aware that the change might break his system.
-- 
Salvo Tomaselli




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Thu, 10 Dec 2009 14:57:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to pseelig@debian.org:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Thu, 10 Dec 2009 14:57:08 GMT) Full text and rfc822 format available.

Message #49 received at 560238@bugs.debian.org (full text, mbox):

From: Paul Seelig <pseelig@debian.org>
To: Marco d'Itri <md@Linux.IT>
Cc: 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only configuration breaks xdmcp
Date: Thu, 10 Dec 2009 15:54:09 +0100
On 12/10/2009 03:34 AM, Marco d'Itri wrote:
> But was bindv6only=1 set on the client or on the server?
> 
Both server and client had this very same setting and, acting as both
server and client, none of both could see each other anymore. Once i
removed the file from one of them, and after a reboot, it could be seen
from the other. Removing the same file on the other side, and after
having rebooted it too, it was also seen again on the network.

While the functionality was broken, it was not even possible to connect
a local session to localhost, when it was connected under either its IP,
or via 127.0.0.1, or its very own hostname. Interestingly enough it
worked when trying to connect to "localhost".

Thanks for all your efforts!

Cheers
P. *8^)




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sat, 12 Dec 2009 23:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Martin Roll <martin.roll@elementum.org>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sat, 12 Dec 2009 23:39:03 GMT) Full text and rfc822 format available.

Message #54 received at 560238@bugs.debian.org (full text, mbox):

From: Martin Roll <martin.roll@elementum.org>
To: 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only configuration breaks xdmcp
Date: Sun, 13 Dec 2009 00:33:09 +0100
Hi,

a similar problem now appears in sun-java6-plugin (6-17-1).

If bindv6only is set to 1 many java applets can no longer be processed
properly. A simple example is the java installation test located at
http://java.com/en/download/installed.jsp?detect=jre&try=1. The applet
fails to load and throws the following exception:

java.net.ConnectException: Network is unreachable

If bindv6only is set to 0 the affected applets load fine.


Cheers,
Martin




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sat, 12 Dec 2009 23:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sat, 12 Dec 2009 23:45:03 GMT) Full text and rfc822 format available.

Message #59 received at 560238@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: Martin Roll <martin.roll@elementum.org>, 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only configuration breaks xdmcp
Date: Sun, 13 Dec 2009 00:42:12 +0100
[Message part 1 (text/plain, inline)]
On Dec 13, Martin Roll <martin.roll@elementum.org> wrote:

> a similar problem now appears in sun-java6-plugin (6-17-1).
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560056

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Added blocking bug(s) of 560238: 560137, 560056, and 560142 Request was from Marco d'Itri <md@linux.it> to control@bugs.debian.org. (Sat, 12 Dec 2009 23:45:04 GMT) Full text and rfc822 format available.

Changed Bug title to 'net.ipv6.bindv6only=1 breaks some buggy programs' from 'netbase: new setting breaks RFC compliant software' Request was from Marco d'Itri <md@linux.it> to control@bugs.debian.org. (Sun, 13 Dec 2009 11:33:05 GMT) Full text and rfc822 format available.

Added indication that 560238 affects sun-java6-jre Request was from Marcus Better <marcus@better.se> to control@bugs.debian.org. (Sun, 13 Dec 2009 13:24:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sun, 13 Dec 2009 13:57:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sun, 13 Dec 2009 13:57:06 GMT) Full text and rfc822 format available.

Message #70 received at 560238@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: 560238@bugs.debian.org
Subject: process for the resolution of this bug
Date: Sun, 13 Dec 2009 14:54:07 +0100
[Message part 1 (text/plain, inline)]
This bug will be kept open with a RC priority to prevent the transition
to testing.
Bugs in affected packages will be marked as blockers of this bug.

Scenario 1: all important enough packages affected will have been fixed
in time for being released with squeeze: the bug will be closed and
netbase will have a Break directive listing the unfixed versions of
these packages.

Scenario 2: close enough to the release date, some package will still
not have been fixed: the bug will be downgraded and the package will
stop trying to create /etc/sysctl.d/bindv6only.conf.


Currently the important unresolved issues are:
- jdk (should be trivial to fix by somebody who understands the code)
- X (I do not use XDMCP and cannot investigate it myself right now,
  for a start somebody should do some tests to find out exactly which
  package is affected and open a bug)


Rationale for this change:
http://groups.google.com/group/linux.debian.devel/browse_frm/thread/d00bb828b0fd536d/5cf8145c69ca0fa6?#5cf8145c69ca0fa6

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Thu, 24 Dec 2009 17:21:28 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Elizabeth B." <sunshinekisses@gmail.com>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Thu, 24 Dec 2009 17:21:28 GMT) Full text and rfc822 format available.

Message #75 received at 560238@bugs.debian.org (full text, mbox):

From: "Elizabeth B." <sunshinekisses@gmail.com>
To: Debian Bug Tracking System <560238@bugs.debian.org>
Subject: netbase: broke dwww & lighttpd (localhost)
Date: Thu, 24 Dec 2009 11:20:23 -0600
Package: netbase
Version: 4.40
Severity: normal


HTTP connections to localhost for dwww & lighttpd were refused after
netbase transitioned from 4.37 -> 4.40. Changing

	net.ipv6.bindv6only = 1

to

	net.ipv6.bindv6only = 0

in /etc/sysctl.d/bindv6only.conf and rebooting resolved the issue.


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages netbase depends on:
ii  initscripts                   2.87dsf-8  scripts for initializing and shutt
ii  lsb-base                      3.2-23     Linux Standard Base 3.2 init scrip

Versions of packages netbase recommends:
ii  ifupdown                      0.6.9      high level tools to configure netw

netbase suggests no packages.

-- debconf information:
  netbase/upgrade-note/etc-network-interfaces-pre-3.17-1:
  netbase/upgrade-note/init.d-split-pre-3.16-1:
  netbase/upgrade-note/radius-ports-pre-3.05:
  netbase/upgrade-note/portmap-restart-pre-3.11-2:




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Fri, 25 Dec 2009 08:12:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Michael(tm) Smith" <mike@w3.org>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Fri, 25 Dec 2009 08:12:05 GMT) Full text and rfc822 format available.

Message #80 received at 560238@bugs.debian.org (full text, mbox):

From: "Michael(tm) Smith" <mike@w3.org>
To: Marco d'Itri <md@Linux.IT>
Cc: Salvo Tomaselli <tiposchi@tiscali.it>, Paul Seelig <pseelig@debian.org>, 560238@bugs.debian.org
Subject: emitting notification of net.ipv6.bindv6only=1 change during netbase package upgrade
Date: Fri, 25 Dec 2009 16:42:36 +0900
Hi Marco,

First off, thanks very much, genuinely, for all the work you do as
the maintainer for the netbase package. I can understand that one
of the unfortunate things about being a Debian developer is that
you probably almost never hear from users unless they have bugs to
report. So please do know that you have my sincere appreciation
and respect and admiration for your work.

Along with that, I do want to add a couple of comments about bug
560238, as replies to comments that Salvo and Paul posted earlier.

Salvo Tomaselli <tiposchi@tiscali.it>, 2009-12-10 09:25 +0100:

> You should modify the package to introduce a postinst script that shows some 
> dialog, that tells the user what is going on, why is this change happening, 
> give some links on where to find further informations, how to revert the 
> change and most of all put a "YES/NO" to let the user decide if he wants to do 
> the change, after he is aware that the change might break his system.

FWIW, I agree with that. I think the package upgrade should at
least do the apt-listchanges thing where it puts up a message on
the console and/or mails a copy to an admin address.

Paul Seelig <pseelig@debian.org>, 2009-12-10 15:54 +0100:

> While the functionality was broken, it was not even possible to connect
> a local session to localhost, when it was connected under either its IP,
> or via 127.0.0.1, or its very own hostname.

I ran into the same issue, and at first had no idea at all what
the cause was. It took me a significant amount of time to get it
figured out -- tried at first using netstat and lsof, etc., and
not seeing any problems and just completely baffled as to what was
going on.

Paul Seelig <pseelig@debian.org>, 2009-12-10 01:45 +0100:

> It took me much more time i could currently afford to find out
> what the breakage was caused by.

That's the core concern here, I think. It's that unless/until the
package is updated to emit some kind of user notification about
the net.ipv6.bindv6only=1 change, you are risking to end up with a
significant number of frustrated users -- because you're going to
have N different users getting bitten by it when they run into
problems on upgrade, and each of them needing to take probably at
least something like 30 minutes or an hour go through the process
of first probably thinking they must have done something wrong
themselves, then checking their environment, tweaking other config
options in their environment and finding that they have no effect,
then (hopefully) resorting to using a search engine and finding
out that it's a known issue and what the fix is.

Yeah, the first step for users when something like this happens
probably should be to try the search engine first, but for
whatever reason, it often doesn't seem to be the first thing that
people try.

Again, thanks for your work on this package, and please just
consider my comments for what they're worth to you.

Regards,

  --Mike

-- 
Michael(tm) Smith
http://people.w3.org/mike/




Added blocking bug(s) of 560238: 560837 Request was from md@Linux.IT (Marco d'Itri) to control@bugs.debian.org. (Fri, 25 Dec 2009 18:27:06 GMT) Full text and rfc822 format available.

Reply sent to md@Linux.IT (Marco d'Itri):
You have taken responsibility. (Fri, 25 Dec 2009 18:27:11 GMT) Full text and rfc822 format available.

Notification sent to pseelig@debian.org:
Bug acknowledged by developer. (Fri, 25 Dec 2009 18:27:11 GMT) Full text and rfc822 format available.

Message #87 received at 560238-done@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: "Elizabeth B." <sunshinekisses@gmail.com>, 560238-done@bugs.debian.org
Subject: Re: Bug#560238: netbase: broke dwww & lighttpd (localhost)
Date: Fri, 25 Dec 2009 19:24:47 +0100
[Message part 1 (text/plain, inline)]
On Dec 24, "Elizabeth B." <sunshinekisses@gmail.com> wrote:

> HTTP connections to localhost for dwww & lighttpd were refused after
> netbase transitioned from 4.37 -> 4.40. Changing
This issue is tracked in #560238 and #560837.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 26 Dec 2009 11:19:46 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Mon, 28 Dec 2009 02:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Mon, 28 Dec 2009 02:48:03 GMT) Full text and rfc822 format available.

Message #94 received at 560238@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: pseelig@debian.org, 560238@bugs.debian.org
Cc: gdm@packages.debian.org, kdm@packages.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only configuration breaks xdmcp
Date: Mon, 28 Dec 2009 03:45:32 +0100
[Message part 1 (text/plain, inline)]
# kdm
clone 560238 -1
severity -1 critical
block 560238 by -1
# gdm
severity 562126 critical
block 560238 by 562126
thanks

On Dec 10, Paul Seelig <pseelig@debian.org> wrote:

> > XDMCP is a protocol, which package is actually broken and how?
> It was not possible anymore to connect to a remote system via xdmcp both
> via gdm and Xephyr. The remote X server appeared to have become
> completely unvisible within the local network.
I verified that, while the X server itself correctly opens the two
sockets, both gdm and kdm only open a v6 one even when bindv6only=1.

Considering the complexity of the program and that they already deal
with mapped addresses, it is probably simpler to just patch to
explicitly set IPV6_V6ONLY = 0.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Bug 560238 cloned as bug 562804. Request was from md@Linux.IT (Marco d'Itri) to control@bugs.debian.org. (Mon, 28 Dec 2009 03:00:07 GMT) Full text and rfc822 format available.

Added blocking bug(s) of 560238: 562804 Request was from md@Linux.IT (Marco d'Itri) to control@bugs.debian.org. (Mon, 28 Dec 2009 03:00:13 GMT) Full text and rfc822 format available.

Added blocking bug(s) of 560238: 562126 Request was from md@Linux.IT (Marco d'Itri) to control@bugs.debian.org. (Mon, 28 Dec 2009 03:00:15 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Tue, 29 Dec 2009 15:18:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Tue, 29 Dec 2009 15:18:06 GMT) Full text and rfc822 format available.

Message #105 received at 560238@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: 560238@bugs.debian.org
Subject: Re: Postinstall script
Date: Tue, 29 Dec 2009 15:59:45 +0100
On 2009-12-10 09:25:19 +0100, Salvo Tomaselli wrote:
> You should modify the package to introduce a postinst script that
> shows some dialog, that tells the user what is going on, why is this
> change happening, give some links on where to find further
> informations, how to revert the change and most of all put a
> "YES/NO" to let the user decide if he wants to do the change, after
> he is aware that the change might break his system.

Such an important change should also be written in the NEWS file.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)




Added blocking bug(s) of 560238: 562954 Request was from Rene Engelhard <rene@debian.org> to control@bugs.debian.org. (Tue, 29 Dec 2009 16:48:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Mon, 04 Jan 2010 11:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to 563406@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Mon, 04 Jan 2010 11:15:03 GMT) Full text and rfc822 format available.

Message #112 received at 560238@bugs.debian.org (full text, mbox):

From: Josselin Mouette <joss@debian.org>
To: Andrzej Zięba <a-zieba@go2.pl>, 563406@bugs.debian.org
Cc: 560238@bugs.debian.org
Subject: Re: Bug#563406: [gdm] XDMCP remote login dos not work
Date: Mon, 04 Jan 2010 12:11:13 +0100
Le samedi 02 janvier 2010 à 18:54 +0100, Andrzej Zięba a écrit :
> 
> so I thought it should listen, but I have also done network sniff with 
> wireshark on the server and I get:
> 
> 4	0.004196	192.168.178.22	192.168.178.23	XDMCP	Query
> 5	0.004251	192.168.178.23	192.168.178.22	ICMP	Destination unreachable 
> (Port unreachable)
> 
> There is no firewall on 192.168.178.23.

Probably another functionality broken by the uncoordinated bindv6only
change.

A look at "netstat -nlptu|grep gdm" should give you the answer.

Cheers,
-- 
 .''`.      Josselin Mouette
: :' :
`. `'   “I recommend you to learn English in hope that you in
  `-     future understand things”  -- Jörg Schilling






Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Thu, 07 Jan 2010 17:57:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ross Vandegrift <ross@kallisti.us>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Thu, 07 Jan 2010 17:57:12 GMT) Full text and rfc822 format available.

Message #117 received at 560238@bugs.debian.org (full text, mbox):

From: Ross Vandegrift <ross@kallisti.us>
To: Debian Bug Tracking System <560238@bugs.debian.org>
Subject: netbase: racoon is also broken by net.ipv6.bindv6only change
Date: Thu, 07 Jan 2010 12:48:56 -0500
Package: netbase
Version: 4.40
Severity: normal

Hello,

I recently had a VPN break and have traced it back to the
net.ipv6.bindv6only change.  When racoon initiates IKE, I can see the
response packet from the IPSec responder but racoon never receives it.

I disabled net.ipv6.bindv6only and rebooted.  Now racoon is able to
bring up my VPN as previously.

Ross

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (50, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages netbase depends on:
ii  initscripts                   2.87dsf-8  scripts for initializing and shutt
ii  lsb-base                      3.2-23     Linux Standard Base 3.2 init scrip

Versions of packages netbase recommends:
ii  ifupdown                      0.6.9      high level tools to configure netw

netbase suggests no packages.

-- debconf information:
  netbase/upgrade-note/etc-network-interfaces-pre-3.17-1:
  netbase/upgrade-note/init.d-split-pre-3.16-1:
  netbase/upgrade-note/radius-ports-pre-3.05:
  netbase/upgrade-note/portmap-restart-pre-3.11-2:




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Wed, 13 Jan 2010 06:33:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dominique Brazziel <dbrazziel@snet.net>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Wed, 13 Jan 2010 06:33:05 GMT) Full text and rfc822 format available.

Message #122 received at 560238@bugs.debian.org (full text, mbox):

From: Dominique Brazziel <dbrazziel@snet.net>
To: 560238@bugs.debian.org
Subject: This change also broke vino (vino-server)
Date: Tue, 12 Jan 2010 19:19:06 -0500
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561440.









Added blocking bug(s) of 560238: 561440 Request was from Marco d'Itri <md@linux.it> to control@bugs.debian.org. (Wed, 13 Jan 2010 11:36:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Wed, 20 Jan 2010 08:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guillaume Gimenez <ggimenez@free.fr>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Wed, 20 Jan 2010 08:06:04 GMT) Full text and rfc822 format available.

Message #129 received at 560238@bugs.debian.org (full text, mbox):

From: Guillaume Gimenez <ggimenez@free.fr>
To: Debian Bug Tracking System <560238@bugs.debian.org>
Subject: netbase: ipv6 and ipv4 stack connection
Date: Wed, 20 Jan 2010 09:02:34 +0100
Package: netbase
Version: 4.40
Severity: normal


The bindv6only parameter doesn't limit its effect to server sockets.

As a side effect, it also disables the possibility of addressing ipv4 only hosts with ipv6 compatibility adresses like ::ffff:192.168.0.1.

$ cat /proc/sys/net/ipv6/bindv6only
0
$ telnet ::ffff:192.168.0.1 80
Trying ::ffff:192.168.0.1...
Connected to ::ffff:192.168.0.1.
Escape character is '^]'.
^]

telnet> quit
Connection closed.
$ echo 1 | su0 tee -a /proc/sys/net/ipv6/bindv6only 
1
$ telnet ::ffff:192.168.0.1 80
Trying ::ffff:192.168.0.1...
telnet: Unable to connect to remote host: Network is unreachable
$

IMHO it doesn't keep things simple and
 - for the client side part of this issue, it forces applications which migrate from ipv4 to ipv6 to keep legacy code.
 - for the server part of this issue, it is a good thing to unify TCP part of TCP/IP(V4) and TCP/IP(v6). And it's not a sufficient reason for debian to take the wrong way because "all major OSes" go ahead in the wall.

I definitly put a 0 in bindv6only.

regards,
Guillaume




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Wed, 20 Jan 2010 11:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Wed, 20 Jan 2010 11:51:06 GMT) Full text and rfc822 format available.

Message #134 received at 560238@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: Guillaume Gimenez <ggimenez@free.fr>, 560238@bugs.debian.org
Subject: Re: Bug#560238: netbase: ipv6 and ipv4 stack connection
Date: Wed, 20 Jan 2010 12:27:17 +0100
[Message part 1 (text/plain, inline)]
On Jan 20, Guillaume Gimenez <ggimenez@free.fr> wrote:

>  - for the client side part of this issue, it forces applications which migrate from ipv4 to ipv6 to keep legacy code.
If your application is broken, you use the setsockopt to enable the
compatibility mode for its sockets.

>  - for the server part of this issue, it is a good thing to unify TCP part of TCP/IP(V4) and TCP/IP(v6). And it's not a sufficient reason for debian to take the wrong way because "all major OSes" go ahead in the wall.
Unification happens in the kernel, the API does not matter.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Wed, 20 Jan 2010 13:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guillaume Gimenez <ggimenez@free.fr>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Wed, 20 Jan 2010 13:21:03 GMT) Full text and rfc822 format available.

Message #139 received at 560238@bugs.debian.org (full text, mbox):

From: Guillaume Gimenez <ggimenez@free.fr>
To: Marco d'Itri <md@Linux.IT>
Cc: Guillaume Gimenez <ggimenez@free.fr>, 560238@bugs.debian.org
Subject: Re: Bug#560238: netbase: ipv6 and ipv4 stack connection
Date: Wed, 20 Jan 2010 14:15:40 +0100
Marco d'Itri a écrit :
> On Jan 20, Guillaume Gimenez <ggimenez@free.fr> wrote:
> 
>>  - for the client side part of this issue, it forces applications
>>    which migrate from ipv4 to ipv6 to keep legacy code.
> If your application is broken, you use the setsockopt to enable the
> compatibility mode for its sockets.
You are off topic, I mean that this parameter related to bind breaks the 
operation of "IPv4-compatible IPv6 address" on client side. Isn't 
::ffff:206.12.19.114 a valid IPv6 address ?

> 
>>  - for the server part of this issue, it is a good thing to unify
>>  TCP part of TCP/IP(V4) and TCP/IP(v6). And it's not a sufficient reason
>> for debian to take the wrong way because "all major OSes" go ahead 
in the wall.
> Unification happens in the kernel, the API does not matter.
> 

if an application needs a socket only binded to IPv6, it must use 
IPV6_V6ONLY socket option on ALL OSes, if not it's broken.

Remember, keep things simples :
- a simple IPv4 server socket accepts all IPv4 connections
- a simple IPv6 server socket accepts both IPv4 and IPv6 connections 
(with IPv4 mapped addresses)
- a simple IPv6 server socket wich wants only IPv6 connections uses 
IPV6_V6ONLY

By the way you can continue to code your picky program which bind twice 
on IPv4 and IPv6 and then separate logs for both protocols (if it is all 
what matters)

Finaly if unification happens in the kernel why to separate both stacks 
at tcp level ? (I do not speak about API, but you do by saying that such 
and such program is broken)

Regards,
Guillaume




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sat, 23 Jan 2010 16:12:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thorsten Glaser <tg@mirbsd.de>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sat, 23 Jan 2010 16:12:06 GMT) Full text and rfc822 format available.

Message #144 received at 560238@bugs.debian.org (full text, mbox):

From: Thorsten Glaser <tg@mirbsd.de>
To: control@bugs.debian.org
Cc: 562804@bugs.debian.org, 560238@bugs.debian.org
Subject: cleanup
Date: Sat, 23 Jan 2010 16:05:45 +0000 (UTC)
block 560238 by 560137
block 560238 by 560056
block 560238 by 560142
close 562804
thanks

Move blocks from #562804 to #560238 and close #562804 (Md says it was
apparently cloned by mistake).

bye,
//mirabilos
-- 
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font.	-- Rob Pike in "Notes on Programming in C"




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Mon, 25 Jan 2010 21:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petr Baudis <pasky@ucw.cz>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Mon, 25 Jan 2010 21:33:03 GMT) Full text and rfc822 format available.

Message #149 received at 560238@bugs.debian.org (full text, mbox):

From: Petr Baudis <pasky@ucw.cz>
To: 560238@bugs.debian.org
Subject: Re: net.ipv6.bindv6only=1 breaks some buggy programs
Date: Mon, 25 Jan 2010 22:22:36 +0100
Hi!

> This bug will be kept open with a RC priority to prevent the transition
> to testing.
> Bugs in affected packages will be marked as blockers of this bug.

I'm confused. Testing _is_ broken now, netbase is at 4.40. Did I
misunderstand what is this saying, or how could get netbase with this
bug get to testing?

P.S.: It seems there is still no NEWS entry informing about this major
change. :-(

Thanks,
				Petr "Pasky" Baudis




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Mon, 25 Jan 2010 23:09:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Mon, 25 Jan 2010 23:09:02 GMT) Full text and rfc822 format available.

Message #154 received at 560238@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: Petr Baudis <pasky@ucw.cz>, 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only=1 breaks some buggy programs
Date: Tue, 26 Jan 2010 00:07:59 +0100
[Message part 1 (text/plain, inline)]
On Jan 25, Petr Baudis <pasky@ucw.cz> wrote:

> I'm confused. Testing _is_ broken now, netbase is at 4.40. Did I
> misunderstand what is this saying, or how could get netbase with this
> bug get to testing?
I do not understand why but the package moved to testing even with the
RC bug open...

> P.S.: It seems there is still no NEWS entry informing about this major
> change. :-(
I have no plan to add one, either the change will be unnoticeable by
most users or it should be reverted.
Hopefully this will not be needed: the broken packages are a small
number and except for Java they should all be trivial to fix.
If some kind of notice is really needed then I think it should go in the
release notes instead, since netbase is installed on every system anyway.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Added blocking bug(s) of 560238: 566758 Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Tue, 26 Jan 2010 00:18:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sun, 31 Jan 2010 14:33:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Quinn Li <quinn.liqin@gmail.com>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sun, 31 Jan 2010 14:33:09 GMT) Full text and rfc822 format available.

Message #161 received at 560238@bugs.debian.org (full text, mbox):

From: Quinn Li <quinn.liqin@gmail.com>
To: 560238@bugs.debian.org
Subject: Re: net.ipv6.bindv6only=1 breaks some buggy programs
Date: Sun, 31 Jan 2010 22:31:10 +0800
I face the same problem and I would like to understand why introducing
bindv6only=1 to Debian, and how it effects current applications.

From what I read in the discussion, I think there are 4 types if
applications here:

  A: a server creates two sockets, one binds to IPv4 address, and the
other binds to IPv6;
  B: a server creates one socket, binds to IPv4 address, and accepts
only IPv4 connection;
  C: a server creates one socket, binds to IPv6 address, and accepts
only IPv6 connection;
  D: a server creates one sockets, binds to ::, accepts both IPv4 and
IPv6 connections;

And sysctl parameter net.ipv6.bindv6only has no effect on type A and
type B servers, however it will effect type C and D servers.

When net.ipv6.bindv6only was set to 0, applications in type C must use
IPV6_V6ONLY to explicitly specify it only wants IPv6 connections. And
"many already do this".

So, this is not OK?

But, after net.ipv6.bindv6only was set to 1, applications in type D
must use IPV6_V6ONLY to explicitly specify it want both IPv4 and IPv6
connections. None of them need to do this before.

So this is OK?

Since in many other OSes, the applications in type C would not need to
do setsockopt IPV6_V6ONLY, we have to release many of them from
"already do so"? Or since applications in type D are so ill designed,
we have to modified them to use setsockopt explicitly in order to let
type C application use default net.ipv6.bindv6only value implicitly,
even when many of them already do setsockopt explicitly?

I just don't understand, what's the intention of this feature? All
application should use setsocketopt IPV6_V6ONLY explicitly? Or type C
applications should not exist, it should be modified to type A, no
matter what cost. Or "make the system behavior match the one of all
other operating systems"?

If the intention is the last one, how can it be achieved when some
OSes does not even support binding to both v4 and v6. No matter what
default value we choose to set net.ipv6.bindv6only, all 4 types of
applications can exists on Linux, but type C application cannot run on
OSes which do not support it. Isn't this a different behavior?

Linux is a major player in OS market, why should Linux or Debian Linux
change the default behavior to match others, not the other way around?
Which way creates more problem? By stating "many applications already
do so (setsockopt IPV6_V6ONLY)" in Linux, I think the answer is clear.
--
Vi veri veniversum vivus vici




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sun, 31 Jan 2010 19:03:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sun, 31 Jan 2010 19:03:12 GMT) Full text and rfc822 format available.

Message #166 received at 560238@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: Quinn Li <quinn.liqin@gmail.com>, 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only=1 breaks some buggy programs
Date: Sun, 31 Jan 2010 15:46:01 +0100
[Message part 1 (text/plain, inline)]
On Jan 31, Quinn Li <quinn.liqin@gmail.com> wrote:

>   A: a server creates two sockets, one binds to IPv4 address, and the
> other binds to IPv6;
This cannot work with bindv6only=0, and is the real problem we need to
solve.
The issue was discussed in more details on debian-devel and apparently
you do not understand well sockets programming, please read the whole
thread and only come back if you have new arguments.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sun, 31 Jan 2010 23:12:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Quinn Li <quinn.liqin@gmail.com>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sun, 31 Jan 2010 23:12:08 GMT) Full text and rfc822 format available.

Message #171 received at 560238@bugs.debian.org (full text, mbox):

From: Quinn Li <quinn.liqin@gmail.com>
To: "Marco d'Itri" <md@linux.it>
Cc: 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only=1 breaks some buggy programs
Date: Mon, 1 Feb 2010 07:11:32 +0800
I think I've already read all the discussion in debian-devel, as I
said there isn't much information besides your first post, which I
already read.
Please see the comments inline.

On Sun, Jan 31, 2010 at 10:46 PM, Marco d'Itri <md@linux.it> wrote:
> On Jan 31, Quinn Li <quinn.liqin@gmail.com> wrote:
>
>>   A: a server creates two sockets, one binds to IPv4 address, and the
>> other binds to IPv6;
> This cannot work with bindv6only=0, and is the real problem we need to
> solve.

Sorry I can't find any discussion/information saying that current dual
stack application was broken unless we set net.ipv6.bindv6only to 1.
In contrary, yo said many of these applications works well using
setsockopt to set IPV6_V6ONLY to 1 explicitly, and IPV6_V6ONLY was
implemented way back in 2.4.24, from the google book that you are
referring. (however with bizarre code to deal with different v6
binding behaviors among OSes). Correct me if I'm wrong.

Resetting the default value of net.ipv6.bindv6only doesn't help
unblocking these applications, only allowing them to replace some
complex code with more simple ones (I admit). And more importantly, it
blocks other applications which simply use one socket to accept both
v4 and v6 connections, these applications needs to be patched. (Maybe
these applications is hard to port to Windows which does not even
support v4 mapped address, without rewriting to use multiple sockets,
but who's to blame?)

So main purpose of this bug/feature is to help application refining their code?

RFC specifies IPv4 mapped address in an effort to support writing dual
stack server in a 'simple' way. Yes it's informational, and some OSes
don't respect that effort by ignoring IPv4 mapped address, so that
many 'big' applications need to deal with it. Yes, it is a mess, we
should do some thing to unify the behavior among most OSes.

But setting net.ipv6.bindv6only to 1 (on Debian) doesn't clean the
mess, only brings more mess. Now that 'big' applications not only
should still setsockopt IPV6_BINDV6ONLY to 1 explicitly in code
(remember application shouldn't assume it will only run on Debian
squeeze), other 'simple' applications should also setsockopt
IPV6_BINDV6ONLY to 0 explicitly, even if they don't want to port to
other OS, even if they just want to write simple dual stack server
with one binding socket.

> The issue was discussed in more details on debian-devel and apparently
> you do not understand well sockets programming, please read the whole
> thread and only come back if you have new arguments.

I don't know how 'apparently' I am, but it would be very kind of you
to point out my mistake.

I admit I haven't written big and multi-platform applications that
bind to many address to support dual stack. But I've fixed a simple
application that binds to 1 socket when it stopped receiving ipv4
connection after recently upgraded to squeeze. I think this qualifies
me for asking about it.

>
> --
> ciao,
> Marco
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAktll6kACgkQFGfw2OHuP7EXfgCcCX2QJ7oyfcIOoLIUx3puoPIY
> 1TMAoKDIaVL5lrcaEW7cIhC1za8KKeYt
> =C971
> -----END PGP SIGNATURE-----
>
>



-- 
Vi veri veniversum vivus vici




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sun, 31 Jan 2010 23:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Quinn Li <quinn.liqin@gmail.com>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sun, 31 Jan 2010 23:48:03 GMT) Full text and rfc822 format available.

Message #176 received at 560238@bugs.debian.org (full text, mbox):

From: Quinn Li <quinn.liqin@gmail.com>
To: "Marco d'Itri" <md@linux.it>
Cc: 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only=1 breaks some buggy programs
Date: Mon, 1 Feb 2010 07:44:55 +0800
I think I found all the discussions, there are many that I've missed
before, I'll try to catchup.
Sorry.

On Mon, Feb 1, 2010 at 7:11 AM, Quinn Li <quinn.liqin@gmail.com> wrote:
> I think I've already read all the discussion in debian-devel




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Mon, 15 Feb 2010 04:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Mon, 15 Feb 2010 04:30:03 GMT) Full text and rfc822 format available.

Message #181 received at 560238@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: Ross Vandegrift <ross@kallisti.us>, 560238@bugs.debian.org
Subject: Re: Bug#560238: netbase: racoon is also broken by net.ipv6.bindv6only change
Date: Mon, 15 Feb 2010 05:27:45 +0100
[Message part 1 (text/plain, inline)]
clone 560238 -1
blog 560238 by -1
thanks

On Jan 07, Ross Vandegrift <ross@kallisti.us> wrote:

> I recently had a VPN break and have traced it back to the
> net.ipv6.bindv6only change.  When racoon initiates IKE, I can see the
> response packet from the IPSec responder but racoon never receives it.
> 
> I disabled net.ipv6.bindv6only and rebooted.  Now racoon is able to
> bring up my VPN as previously.
OK, thank you for your report.

BTW, the ipsec-tools package which builds racoon is orphaned (#565362)
so it should be adopted and cleaned up by somebody who uses it.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Bug 560238 cloned as bug 569937. Request was from Marco d'Itri <md@Linux.IT> to control@bugs.debian.org. (Mon, 15 Feb 2010 10:12:10 GMT) Full text and rfc822 format available.

Added blocking bug(s) of 560238: 569937 Request was from Marco d'Itri <md@Linux.IT> to control@bugs.debian.org. (Mon, 15 Feb 2010 10:12:23 GMT) Full text and rfc822 format available.

Removed blocking bug(s) of 560238: 562954, 560056, 560142, and 561835 Request was from Torsten Werner <twerner@debian.org> to control@bugs.debian.org. (Wed, 03 Mar 2010 08:24:06 GMT) Full text and rfc822 format available.

Removed indication that 560238 affects sun-java6-jre Added indication that 560238 affects release-notes Request was from Simon Paillard <simon.paillard@resel.enst-bretagne.fr> to control@bugs.debian.org. (Sun, 11 Apr 2010 12:06:11 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sat, 24 Apr 2010 12:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Steinar H. Gunderson" <sgunderson@bigfoot.com>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sat, 24 Apr 2010 12:51:03 GMT) Full text and rfc822 format available.

Message #194 received at 560238@bugs.debian.org (full text, mbox):

From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
To: Salvo Tomaselli <tiposchi@tiscali.it>, 560238@bugs.debian.org
Subject: Re: Bug#560238: netbase: new setting breaks RFC compliant software
Date: Sat, 24 Apr 2010 14:21:32 +0200
On Wed, Dec 09, 2009 at 10:52:45PM +0100, Salvo Tomaselli wrote:
> I also remind that it is possible to fill bugreports to upstream authors
> of uncompliant software.
> Filling bugreports to authors of compliant software is not a good practice.

FWIW, this also breaks IPv6 applications running under WINE, since WINE does
not let the IPV6_V6ONLY socket option through at all.

/* Steinar */
-- 
Homepage: http://www.sesse.net/




Added blocking bug(s) of 560238: 579033 Request was from Josselin Mouette <joss@debian.org> to control@bugs.debian.org. (Sat, 24 Apr 2010 16:46:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sun, 25 Apr 2010 17:24:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Juliusz Chroboczek <jch@pps.jussieu.fr>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sun, 25 Apr 2010 17:24:06 GMT) Full text and rfc822 format available.

Message #201 received at 560238@bugs.debian.org (full text, mbox):

From: Juliusz Chroboczek <jch@pps.jussieu.fr>
To: md@Linux.IT
Cc: Quinn Li <quinn.liqin@gmail.com>, 560238@bugs.debian.org
Subject: Re: Bug#560238: net.ipv6.bindv6only=1 breaks some buggy programs
Date: Sun, 25 Apr 2010 19:01:00 +0200
[Message part 1 (text/plain, inline)]
>>   A: a server creates two sockets, one binds to IPv4 address, and the
>> other binds to IPv6;

> This cannot work with bindv6only=0, and is the real problem we need to
> solve.

Yes, it can.  You just need to bind the sockets in the right order (v4
before v6).

Marco, I am unable to find any rationale for this change.  I stand by my
opinion, which is that the change

  * is incompatible with other Linux systems;
  * contradicts RFC 3493 Section 3.7;
  * breaks a bunch of software, notably all Java software.

I therefore strongly urge you to revert it.

I would be grateful to hear any rationale in favour of the new default.

                                        Juliusz


[Message part 2 (application/pgp-signature, inline)]

Changed Bug title to 'net.ipv6.bindv6only=1 breaks programs which assume POSIX compliancy' from 'net.ipv6.bindv6only=1 breaks some buggy programs' Request was from Adam Borowski <kilobyte@angband.pl> to control@bugs.debian.org. (Tue, 27 Apr 2010 10:33:11 GMT) Full text and rfc822 format available.

Changed Bug title to 'net.ipv6.bindv6only=1 breaks some buggy programs' from 'net.ipv6.bindv6only=1 breaks programs which assume POSIX compliancy' Request was from Marco d'Itri <md@linux.it> to control@bugs.debian.org. (Tue, 27 Apr 2010 10:39:03 GMT) Full text and rfc822 format available.

Added blocking bug(s) of 560238: 560044, 576568, and 562923 Request was from Marco d'Itri <md@linux.it> to control@bugs.debian.org. (Tue, 27 Apr 2010 11:45:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Tue, 27 Apr 2010 12:09:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Simon Huggins <huggie@earth.li>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Tue, 27 Apr 2010 12:09:08 GMT) Full text and rfc822 format available.

Message #212 received at 560238@bugs.debian.org (full text, mbox):

From: Simon Huggins <huggie@earth.li>
To: debian-devel@lists.debian.org
Cc: 560238@bugs.debian.org
Subject: Re: bindv6only again
Date: Tue, 27 Apr 2010 12:39:56 +0100
[Message part 1 (text/plain, inline)]
On Mon, Apr 26, 2010 at 09:46:48PM +0200, Marco d'Itri wrote:
> - as explained in #560238, it is still not the time to make a choice

Not sure what you mean here.

Anyway, is there a reason that #560238 isn't blocked by #560044 given it
breaks that package or are you not bothered about breaking non-free
software?

Simon.

-- 
Just another wannabie | "I get mail; therefore I am."  |  Just another fool
----------------------+           - Dilbert            +-------------------
This message was brought to you by the letter H and the number 20.
htag.pl 0.0.24 -- http://www.earth.li/projectpurple/progs/htag.html
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Wed, 26 May 2010 20:21:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jesse Molina <jesse@opendreams.net>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Wed, 26 May 2010 20:21:07 GMT) Full text and rfc822 format available.

Message #217 received at 560238@bugs.debian.org (full text, mbox):

From: Jesse Molina <jesse@opendreams.net>
To: Debian Bug Tracking System <560238@bugs.debian.org>
Subject: courier-base: MeToo, bugs#560238 and #560238
Date: Wed, 26 May 2010 13:11:30 -0700
Package: courier-base
Version: 0.64.2-1
Severity: normal


This is just a MeToo.

See bug # 560238 for additional info on this issue.

Note that to fix, rebooting is necessary.


-- System Information:
Debian Release: squeeze/sid
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages courier-base depends on:
hi  courier-authdaemon           0.63.0-2    Courier authentication daemon
ii  courier-authlib              0.63.0-2    Courier authentication library
ii  courier-authlib-userdb       0.63.0-2    userdb support for the Courier aut
ii  debconf [debconf-2.0]        1.5.32      Debian configuration management sy
ii  libc6                        2.10.2-8    Embedded GNU C Library: Shared lib
ii  libgamin0 [libfam0]          0.1.10-2+b1 Client library for the gamin file 
ii  libgdbm3                     1.8.3-9     GNU dbm database routines (runtime
ii  lsb-base                     3.2-23.1    Linux Standard Base 3.2 init scrip
ii  perl                         5.10.1-12   Larry Wall's Practical Extraction 

courier-base recommends no packages.

courier-base suggests no packages.

-- debconf information:
* courier-base/authlib-initial:
* courier-base/maildir: Maildir
  courier-base/authnotice:
  courier-base/maildirpath:
* courier-base/suitenotice:
* courier-base/webadmin-configmode: true




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sun, 30 May 2010 16:51:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sun, 30 May 2010 16:51:07 GMT) Full text and rfc822 format available.

Message #222 received at 560238@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: 560238@bugs.debian.org
Subject: Status, client-side breakage
Date: Sun, 30 May 2010 18:08:34 +0200
What's the status here?

I think the client-side breakage of v4-mapped addresses reported by
Guillaume Gimenez in

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560238#129>

pretty much settles this.




Information forwarded to debian-bugs-dist@lists.debian.org, Marco d'Itri <md@linux.it>:
Bug#560238; Package netbase. (Sun, 13 Jun 2010 11:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guus Sliepen <guus@debian.org>:
Extra info received and forwarded to list. Copy sent to Marco d'Itri <md@linux.it>. (Sun, 13 Jun 2010 11:39:03 GMT) Full text and rfc822 format available.

Message #227 received at 560238@bugs.debian.org (full text, mbox):

From: Guus Sliepen <guus@debian.org>
To: 560238@bugs.debian.org
Cc: debian-devel@bugs.debian.org
Subject: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Sun, 13 Jun 2010 13:24:39 +0200
[Message part 1 (text/plain, inline)]
reassign 560238 tech-ctte
thanks

Dear members of the Technical Committee,

There has been an extensive discussion about the proper default value of the
net.ipv6.bindv6only sysctl, both on the debian-devel mailing list and in
bugreport 560238. Since people are clearly divided on the issue, and it is
unlikely a compromise can be found, I have forwarded it to you for a decision.
Please read the past discussion, but to summarise the arguments for both
possible default values:


net.ipv6.bindv6only = 0
-----------------------

* This is the default value of the Linux kernel.

* This value is used as a default in many other Linux distributions.

* This behaviour is the opposite of the default of the FreeBSD kernel.

* Many applications work properly (ie, support both IPv4 and IPv6
  simultaneously) only with this setting.

* The behaviour of the network stack with this value conforms to RFC 3493
  sections 3.7 and 5.3.

* It is said to conform to POSIX 2008, Volume 2, Section 2.10.20.

* Instead of IPv4 addresses, sockets return IPv6-mapped addresses, and not all
  software handles this properly (ie, and ACL for an IPv4 address gets ignored
  because the software only sees an IPv6 address).

* This value does not introduce new bugs.

* Setting this value now will keep unstable in a more usable state.

net.ipv6.bindv6only = 1
-----------------------

* This restricts IPv6 addresses to IPv6 sockets, and IPv4 address to IPv4
  sockets, making interpretation of addresses unambiguous, and hence increases
  security of programs.

* This requires some applications to be adapted to support multiple sockets.

* The behaviour of the network stack with this value is the same as the default
  behaviour of FreeBSD.

* This value reduces security bugs, but introduces new bugs since some
  applications no longer work as expected.

* This value will flush out all applications that cannot handle an alternative
  setting of net.ipv6.bindv6only.

* Setting this value now will get more bugs fixed before the next release.


In the past maintainers have pushed for new ways for doing things that upset
the status quo. The idea is that introducing new functionality, although it
will break some existing functionality, will result in faster convergence to a
better situation. Opponents will argue that new functionality should
preferrably only be introduced when it will not break exisiting functionality.
I hope the Committee will issue a statement whether the former is, in general,
accepted behaviour, or if Debian should be more conservative.

-- 
Met vriendelijke groet / with kind regards,
      Guus Sliepen <guus@debian.org>
[signature.asc (application/pgp-signature, inline)]

Bug reassigned from package 'netbase' to 'tech-ctte'. Request was from Guus Sliepen <guus@debian.org> to control@bugs.debian.org. (Sun, 13 Jun 2010 11:54:12 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions netbase/4.40, courier/0.64.2-1, and netbase/4.39. Request was from Guus Sliepen <guus@debian.org> to control@bugs.debian.org. (Sun, 13 Jun 2010 11:54:12 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Technical Committee <debian-ctte@lists.debian.org>:
Bug#560238; Package tech-ctte. (Sun, 13 Jun 2010 12:03:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Technical Committee <debian-ctte@lists.debian.org>. (Sun, 13 Jun 2010 12:03:03 GMT) Full text and rfc822 format available.

Message #236 received at 560238@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Guus Sliepen <guus@debian.org>, 560238@bugs.debian.org
Subject: Re: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Sun, 13 Jun 2010 14:01:08 +0200
[Message part 1 (text/plain, inline)]
On Sun, Jun 13, 2010 at 13:24:39 +0200, Guus Sliepen wrote:

> net.ipv6.bindv6only = 1
> -----------------------
> 
> * This restricts IPv6 addresses to IPv6 sockets, and IPv4 address to IPv4
>   sockets, making interpretation of addresses unambiguous, and hence increases
>   security of programs.
> 
> * This requires some applications to be adapted to support multiple sockets.
> 
The most likely way applications are going to be adapted is to use
setsockopt to set IPV6_V6ONLY to 0, not to support multiple sockets...

[...]
> * This value reduces security bugs, but introduces new bugs since some
>   applications no longer work as expected.
> 
... in which case those (hypothetical) security bugs aren't reduced.

[...]
> * Setting this value now will get more bugs fixed before the next release.

I'm unconvinced.

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Technical Committee <debian-ctte@lists.debian.org>:
Bug#560238; Package tech-ctte. (Mon, 21 Jun 2010 23:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Barth <aba@not.so.argh.org>:
Extra info received and forwarded to list. Copy sent to Technical Committee <debian-ctte@lists.debian.org>. (Mon, 21 Jun 2010 23:09:03 GMT) Full text and rfc822 format available.

Message #241 received at 560238@bugs.debian.org (full text, mbox):

From: Andreas Barth <aba@not.so.argh.org>
To: 560238@bugs.debian.org
Subject: Re: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Tue, 22 Jun 2010 01:04:50 +0200
* Guus Sliepen (guus@debian.org) [100621 22:57]:
> There has been an extensive discussion about the proper default value of the
> net.ipv6.bindv6only sysctl, both on the debian-devel mailing list and in
> bugreport 560238. Since people are clearly divided on the issue, and it is
> unlikely a compromise can be found, I have forwarded it to you for a decision.
> Please read the past discussion, but to summarise the arguments for both
> possible default values:

Thanks for bringing that to our attention. After reading the bug log,
I don't think there is much which isn't said yet, so I'll try to avoid
repeating.

I need to admit that I consider the reasons to stay with the previous
default, i.e. an value of 0 to be more convincing. It might had been
an error a few years ago to set 0 as the default, but well - now we
are here. I don't see why we should break otherwise working software.

I would however welcome to have some bugfixing campaign (release goals
for anyone?) which gets rid of the old interfaces in our code base.
We should also think if we want to get the default changed on kbsd -
basically kbsd is the new kid, so I don't think it warrants that we do
strange stuff on Debian. Also, perhaps just an appropriate warning for
ksbd in the release notes might be enough (at least for squeeze).


Having said this, I would like to call for an vote with the options
A set net.ipv6.bindv6only to 0
B set net.ipv6.bindv6only to 1
C further discussion
unless someone from the tech ctte sees the need for further
discussions (or options) right now.




Andi




Information forwarded to debian-bugs-dist@lists.debian.org, Technical Committee <debian-ctte@lists.debian.org>:
Bug#560238; Package tech-ctte. (Mon, 21 Jun 2010 23:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Technical Committee <debian-ctte@lists.debian.org>. (Mon, 21 Jun 2010 23:21:03 GMT) Full text and rfc822 format available.

Message #246 received at 560238@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: 560238@bugs.debian.org
Subject: Re: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Mon, 21 Jun 2010 16:16:00 -0700
Andreas Barth <aba@not.so.argh.org> writes:

> I would however welcome to have some bugfixing campaign (release goals
> for anyone?) which gets rid of the old interfaces in our code base.  We
> should also think if we want to get the default changed on kbsd -
> basically kbsd is the new kid, so I don't think it warrants that we do
> strange stuff on Debian. Also, perhaps just an appropriate warning for
> ksbd in the release notes might be enough (at least for squeeze).

Having a different default on BSD than on other platforms strikes me as
asking for trouble (in particular, asking for obscure portability issues
to BSD systems that most developers don't test on).

> Having said this, I would like to call for an vote with the options
> A set net.ipv6.bindv6only to 0
> B set net.ipv6.bindv6only to 1
> C further discussion
> unless someone from the tech ctte sees the need for further
> discussions (or options) right now.

There's also the meta-question of whether we need to make a decision at
all.  Marco's last message on this topic to debian-devel said basically
that he thinks the default should be set back to 0, so possibly this is
happening without our involvement?

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Technical Committee <debian-ctte@lists.debian.org>:
Bug#560238; Package tech-ctte. (Mon, 21 Jun 2010 23:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ian Jackson <ijackson@chiark.greenend.org.uk>:
Extra info received and forwarded to list. Copy sent to Technical Committee <debian-ctte@lists.debian.org>. (Mon, 21 Jun 2010 23:24:03 GMT) Full text and rfc822 format available.

Message #251 received at 560238@bugs.debian.org (full text, mbox):

From: Ian Jackson <ijackson@chiark.greenend.org.uk>
To: 560238@bugs.debian.org
Subject: Re: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Tue, 22 Jun 2010 00:21:44 +0100
Andreas Barth writes ("Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl"):
> Having said this, I would like to call for an vote with the options
> A set net.ipv6.bindv6only to 0
> B set net.ipv6.bindv6only to 1
> C further discussion
> unless someone from the tech ctte sees the need for further
> discussions (or options) right now.

Just to be clear, do you intend that a vote for A is a vote to
overrule the netbase maintainer ?

On the basis that the answer is "yes" I vote as follows
  1: A set net.ipv6.bindv6only to 0 (overruling maintainer)
  2: B set net.ipv6.bindv6only to 1
  3: C further discussion

Ian.




Information forwarded to debian-bugs-dist@lists.debian.org, Technical Committee <debian-ctte@lists.debian.org>:
Bug#560238; Package tech-ctte. (Mon, 21 Jun 2010 23:27:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ian Jackson <ijackson@chiark.greenend.org.uk>:
Extra info received and forwarded to list. Copy sent to Technical Committee <debian-ctte@lists.debian.org>. (Mon, 21 Jun 2010 23:27:06 GMT) Full text and rfc822 format available.

Message #256 received at 560238@bugs.debian.org (full text, mbox):

From: Ian Jackson <ijackson@chiark.greenend.org.uk>
To: 560238@bugs.debian.org
Subject: Re: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Tue, 22 Jun 2010 00:23:59 +0100
Russ Allbery writes ("Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl"):
> Having a different default on BSD than on other platforms strikes me as
> asking for trouble (in particular, asking for obscure portability issues
> to BSD systems that most developers don't test on).

I think the bug logs are talking about other BSDs, not Debian
GNU/kFreeBSD.  Our decision will bind Debian GNU/kFreeBSD although the
exact mechanism will vary.  I agree that both should do the same.

> There's also the meta-question of whether we need to make a decision at
> all.  Marco's last message on this topic to debian-devel said basically
> that he thinks the default should be set back to 0, so possibly this is
> happening without our involvement?

That's nice but I think we should continue anyway.  (I'm not up to
date with debian-devel.)  As a matter of procedure, I think it's fine
for us to carry on with making a decision provided it isn't actually
moot yet.

Ian.




Information forwarded to debian-bugs-dist@lists.debian.org, Technical Committee <debian-ctte@lists.debian.org>:
Bug#560238; Package tech-ctte. (Mon, 21 Jun 2010 23:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Barth <aba@not.so.argh.org>:
Extra info received and forwarded to list. Copy sent to Technical Committee <debian-ctte@lists.debian.org>. (Mon, 21 Jun 2010 23:42:03 GMT) Full text and rfc822 format available.

Message #261 received at 560238@bugs.debian.org (full text, mbox):

From: Andreas Barth <aba@not.so.argh.org>
To: 560238@bugs.debian.org
Subject: Re: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Tue, 22 Jun 2010 01:39:53 +0200
* Russ Allbery (rra@debian.org) [100622 01:21]:
> Andreas Barth <aba@not.so.argh.org> writes:
> 
> > I would however welcome to have some bugfixing campaign (release goals
> > for anyone?) which gets rid of the old interfaces in our code base.  We
> > should also think if we want to get the default changed on kbsd -
> > basically kbsd is the new kid, so I don't think it warrants that we do
> > strange stuff on Debian. Also, perhaps just an appropriate warning for
> > ksbd in the release notes might be enough (at least for squeeze).
> 
> Having a different default on BSD than on other platforms strikes me as
> asking for trouble (in particular, asking for obscure portability issues
> to BSD systems that most developers don't test on).

I agree with you. However, I currently view the BSD platforms as
"addon", i.e. I don't think we should do for our linux platforms a
different decision just because kBSD exists. Of course, this calls for
changing the default on kBSD - but this is the second step IMHO, not
the first step. And I would like to keep that decision with the kBSD
porters unless someone puts that question in front of us (i.e. I don't
believe we need or should answer that question within this request).


> > Having said this, I would like to call for an vote with the options
> > A set net.ipv6.bindv6only to 0
> > B set net.ipv6.bindv6only to 1
> > C further discussion
> > unless someone from the tech ctte sees the need for further
> > discussions (or options) right now.

> There's also the meta-question of whether we need to make a decision at
> all.  Marco's last message on this topic to debian-devel said basically
> that he thinks the default should be set back to 0, so possibly this is
> happening without our involvement?

Hm. As it currently looks to me, the decision was delegated to us. If Marco
removes that delegation, that'd be fine with me. If not, we need to
make a decision (at least I believe it's sensible to not wait until
someone just does it for us).


Andi




Information forwarded to debian-bugs-dist@lists.debian.org, Technical Committee <debian-ctte@lists.debian.org>:
Bug#560238; Package tech-ctte. (Tue, 22 Jun 2010 00:45:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Technical Committee <debian-ctte@lists.debian.org>. (Tue, 22 Jun 2010 00:45:06 GMT) Full text and rfc822 format available.

Message #266 received at 560238@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: 560238@bugs.debian.org
Subject: Re: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Mon, 21 Jun 2010 17:40:28 -0700
Andreas Barth <aba@not.so.argh.org> writes:
> * Russ Allbery (rra@debian.org) [100622 01:21]:

>> Having a different default on BSD than on other platforms strikes me as
>> asking for trouble (in particular, asking for obscure portability
>> issues to BSD systems that most developers don't test on).

> I agree with you. However, I currently view the BSD platforms as
> "addon", i.e. I don't think we should do for our linux platforms a
> different decision just because kBSD exists.

Oh, I agree with that part.  The only point that I was driving at is that
I think an implication of saying the default should be 0 is that we're
asking the kFreeBSD porters to change their default as well, and we should
probably ensure that they're aware of the decision and the reasoning.

> Of course, this calls for changing the default on kBSD - but this is the
> second step IMHO, not the first step. And I would like to keep that
> decision with the kBSD porters unless someone puts that question in
> front of us (i.e. I don't believe we need or should answer that question
> within this request).

If we're taking that approach, we should be very explicit here:

>>> Having said this, I would like to call for an vote with the options
>>> A set net.ipv6.bindv6only to 0
>>> B set net.ipv6.bindv6only to 1
>>> C further discussion

that we're only talking about the Linux kernel Debian architectures.

> Hm. As it currently looks to me, the decision was delegated to us. If
> Marco removes that delegation, that'd be fine with me. If not, we need
> to make a decision (at least I believe it's sensible to not wait until
> someone just does it for us).

Oh, okay, I had missed that side of things.  I'm certainly fine with us
making a decision that was delegated to us.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information stored :
Bug#560238; Package tech-ctte. (Tue, 22 Jun 2010 07:45:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stefano Zacchiroli <zack@debian.org>:
Extra info received and filed, but not forwarded. (Tue, 22 Jun 2010 07:45:07 GMT) Full text and rfc822 format available.

Message #271 received at 560238-quiet@bugs.debian.org (full text, mbox):

From: Stefano Zacchiroli <zack@debian.org>
To: debian-ctte@lists.debian.org
Cc: Marco d'Itri <md@linux.it>, 560238-quiet@bugs.debian.org
Subject: Re: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Tue, 22 Jun 2010 09:36:14 +0200
[Message part 1 (text/plain, inline)]
On Tue, Jun 22, 2010 at 01:39:53AM +0200, Andreas Barth wrote:
> Hm. As it currently looks to me, the decision was delegated to us. If Marco
> removes that delegation, that'd be fine with me. If not, we need to
> make a decision (at least I believe it's sensible to not wait until
> someone just does it for us).

Sorry to jump in, but how so?  The last message I can find from the
maintainer to this bug log is <1272368497-1114-bts-md@linux.it> (dated
27/04/2010), which I agree can be interpreted as a delegation to
tech-ctte to address the issue.

However in <20100614063558.GB28689@bongo.bofh.it>, dated 14/06/2010
(which I believe is the message Russ was referring to), the maintainer
claims that the change will be reverted "Unless the maintainer [of some
broken packages] believes that we can get a fixed version before the
release". From that, several people included myself deduced that the
default is that the change *will* be reverted.

Maybe Marco, Cc:-ed, can clarify whether he still wants the tech-ctte to
take a decision in place of him or not?

Thanks tech-ctte for your activity on this!
Cheers.

-- 
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..|  .  |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...........| ..: |.... Je dis tu à tous ceux que j'aime
[signature.asc (application/pgp-signature, inline)]

Information stored :
Bug#560238; Package tech-ctte. (Tue, 22 Jun 2010 08:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to md@Linux.IT (Marco d'Itri):
Extra info received and filed, but not forwarded. (Tue, 22 Jun 2010 08:45:03 GMT) Full text and rfc822 format available.

Message #276 received at 560238-quiet@bugs.debian.org (full text, mbox):

From: md@Linux.IT (Marco d'Itri)
To: Stefano Zacchiroli <zack@debian.org>
Cc: debian-ctte@lists.debian.org, 560238-quiet@bugs.debian.org
Subject: Re: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Tue, 22 Jun 2010 10:38:11 +0200
[Message part 1 (text/plain, inline)]
On Jun 22, Stefano Zacchiroli <zack@debian.org> wrote:

> Maybe Marco, Cc:-ed, can clarify whether he still wants the tech-ctte to
> take a decision in place of him or not?
Indeed my plan is to revert the change in a few days.

-- 
ciao,
Marco
[signature.asc (application/pgp-signature, inline)]

Reply sent to Andreas Barth <aba@not.so.argh.org>:
You have taken responsibility. (Tue, 22 Jun 2010 17:39:06 GMT) Full text and rfc822 format available.

Notification sent to pseelig@debian.org:
Bug acknowledged by developer. (Tue, 22 Jun 2010 17:39:06 GMT) Full text and rfc822 format available.

Message #281 received at 560238-done@bugs.debian.org (full text, mbox):

From: Andreas Barth <aba@not.so.argh.org>
To: md@Linux.IT, Stefano Zacchiroli <zack@debian.org>, debian-ctte@lists.debian.org, 560238-done@bugs.debian.org
Subject: Re: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Date: Tue, 22 Jun 2010 19:36:15 +0200
* Marco d'Itri (md@Linux.IT) [100622 10:41]:
> On Jun 22, Stefano Zacchiroli <zack@debian.org> wrote:
> 
> > Maybe Marco, Cc:-ed, can clarify whether he still wants the tech-ctte to
> > take a decision in place of him or not?
> Indeed my plan is to revert the change in a few days.

Thanks for the clarification. In this case I'd say there is nothing
for us to decide, unless someone wants us to overrule the
revert-decision.

I'm closing this bug report now - in case someone wants us to overrule
specifically this decision from Marco:
> Indeed my plan is to revert the change in a few days.
please raise a new bug report asking for an overruling.


Thanks.


Andi




Information forwarded to debian-bugs-dist@lists.debian.org, Technical Committee <debian-ctte@lists.debian.org>:
Bug#560238; Package tech-ctte. (Tue, 22 Jun 2010 17:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Technical Committee <debian-ctte@lists.debian.org>. (Tue, 22 Jun 2010 17:54:03 GMT) Full text and rfc822 format available.

Message #286 received at 560238@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: 560238@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#560238: marked as done (net.ipv6.bindv6only=1 breaks some buggy programs)
Date: Tue, 22 Jun 2010 18:50:31 +0100
[Message part 1 (text/plain, inline)]
reopen 560238
reassign 560238 netbase 4.38
kthxbye

On Tue, Jun 22, 2010 at 17:39:06 +0000, Debian Bug Tracking System wrote:

> Thanks for the clarification. In this case I'd say there is nothing
> for us to decide, unless someone wants us to overrule the
> revert-decision.
> 
> I'm closing this bug report now - in case someone wants us to overrule
> specifically this decision from Marco:
> > Indeed my plan is to revert the change in a few days.
> please raise a new bug report asking for an overruling.
> 
Then please don't close this one and reassign it back to netbase
instead.

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Did not alter fixed versions and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 22 Jun 2010 17:54:04 GMT) Full text and rfc822 format available.

Bug reassigned from package 'tech-ctte' to 'netbase'. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Tue, 22 Jun 2010 17:54:05 GMT) Full text and rfc822 format available.

Bug Marked as found in versions netbase/4.38. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Tue, 22 Jun 2010 17:54:05 GMT) Full text and rfc822 format available.

Reply sent to Marco d'Itri <md@linux.it>:
You have taken responsibility. (Fri, 25 Jun 2010 21:54:03 GMT) Full text and rfc822 format available.

Notification sent to pseelig@debian.org:
Bug acknowledged by developer. (Fri, 25 Jun 2010 21:54:04 GMT) Full text and rfc822 format available.

Message #297 received at 560238-close@bugs.debian.org (full text, mbox):

From: Marco d'Itri <md@linux.it>
To: 560238-close@bugs.debian.org
Subject: Bug#560238: fixed in netbase 4.42
Date: Fri, 25 Jun 2010 21:51:57 +0000
Source: netbase
Source-Version: 4.42

We believe that the bug you reported is fixed in the latest version of
netbase, which is due to be installed in the Debian FTP archive:

netbase_4.42.dsc
  to main/n/netbase/netbase_4.42.dsc
netbase_4.42.tar.gz
  to main/n/netbase/netbase_4.42.tar.gz
netbase_4.42_all.deb
  to main/n/netbase/netbase_4.42_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 560238@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marco d'Itri <md@linux.it> (supplier of updated netbase package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 25 Jun 2010 22:17:24 +0200
Source: netbase
Binary: netbase
Architecture: source all
Version: 4.42
Distribution: unstable
Urgency: low
Maintainer: Marco d'Itri <md@linux.it>
Changed-By: Marco d'Itri <md@linux.it>
Description: 
 netbase    - Basic TCP/IP networking system
Closes: 560238 579752 585708 586396
Changes: 
 netbase (4.42) unstable; urgency=low
 .
   * Stop setting net.ipv6.bindv6only=1 by default. (Closes: #560238)
   * Remove /etc/hosts and /etc/networks on purge to please mindless
     nitpickers and piuparts. (Closes: #585708)
   * Do not add IPv6-related names to /etc/hosts on upgrades to allow
     people to remove them and break their own systems. (Closes: #579752)
   * Create /etc/hosts and /etc/networks if missing on the first install
     (e.g. when installing with debootstrap).
   * etc-services: added dcap (22125/tcp), gsidcap (22128/tcp).
     (Closes: #586396)
Checksums-Sha1: 
 03ec8783ac16594af7795de4e97148b6d3e9e85e 682 netbase_4.42.dsc
 f8d54376790ee5c2a478c212a76d028740f37281 34808 netbase_4.42.tar.gz
 68ab8e33576b85ed4f355d24fa3d0c4cd05638e5 20406 netbase_4.42_all.deb
Checksums-Sha256: 
 a4ee51242cc2faf221377b7948123619087f03422bca23abfc673d9e71b14acf 682 netbase_4.42.dsc
 055d30d36f189769d79f8e5b216117a22d6366393365361c23ef6bebac349965 34808 netbase_4.42.tar.gz
 55435d7f49683d7971b0fc4f6237f1ca1b75fd07eb139be3a68a4550a61104bf 20406 netbase_4.42_all.deb
Files: 
 475c49d8a82c3093c67f1ffdf7f3a1b7 682 admin important netbase_4.42.dsc
 bdf6d24a148ae76c5d268af24a855613 34808 admin important netbase_4.42.tar.gz
 2289686774802ba565a506cb1ebc5568 20406 admin important netbase_4.42_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwlG64ACgkQFGfw2OHuP7H8JQCgjupO6FFt9ScNXPFtLrdcnsqs
kE4AoJTDazEF9hJ/SXiD0rRUH7GQd9fc
=Fwm6
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 03 Aug 2010 07:32:19 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 07:48:09 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.