LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

They use the KAME stack

They use the KAME stack

Posted Mar 14, 2007 18:45 UTC (Wed) by jd (guest, #26381)
In reply to: A second remote hole for OpenBSD by copsewood
Parent article: A second remote hole for OpenBSD

(With their own custom mods.)

KAME is used by the other BSDs. A derivative, Usagi, used to be available for Linux but there have been no updates for some time and the project has fallen quiet. (KAME itself was halted after the main protagonists decided it was good enough and not worth maintaining as a separate project. A stupid decision, IMHO. If the conformance tests aren't even close to being finished, then "good enough" can't possibly be defined.)

If, as has been said elsewhere, the bugs only apply to the OpenBSD IPv6 stack, then the bugs were most likely in the port-specific code. (If it had been an interaction between the port-specific stuff and the mainline code, then the bug would have still existed in the other versions even if it couldn't be exploited to the same degree.)

All in all, I am really bothered by the very poor attitude I am seeing towards IPv6 work at the moment. Attitude is ultimately the culprit for all security flaws. Had the attitude been better and development healthier, this problem would either have been fixed much sooner or possibly never arisen at all.

(Log in to post comments)

v6

Posted Mar 16, 2007 5:46 UTC (Fri) by gvy (guest, #11981) [Link]

Maybe rare folks really need v6 right now, right? (judging on some recent conclusions it well might be the situation for at least a dozen years more)

What have the V6 folks ever done for us?

Posted Mar 16, 2007 17:33 UTC (Fri) by jd (guest, #26381) [Link]

This reminds me of that sketch in Monty Python's "Life of Brian". Here are some things that v6 supplies (aside from addresses):

  • IP Mobility (move your laptop between networks or entire Internet providers without dropping any connections and with minimal risk of even dropping packets)
  • Network Mobility (move an entire network between networks, without anybody losing connections - useful for a WAP on a bus, train or aircraft)
  • IPSec (actual high-level security at the packet level without needing application support and no risk of contextual information exposing the protected information)
  • Automatic configuration (DHCP-less, clash-resistant, admin-less)
  • Anycasting (ask for a service/information and ye shall receive from the nearest provider)

Some of these have been backported to IPv4, but the IPv4 versions aren't always terribly interoperable and aren't efficient as they're not designed in.

Some are not obviously useful - mobility? - but when you consider the headaches they're having with IP on any mass transit system (having a single monopolistic ISP is a "popular" solution, where a current solution even exists), the sole benefit of having a static solution over a dynamic one is that one ISP gets richer. Oh, you thought you got a benefit from it? Gimme a break.

(In fact, it is very likely the anti-monopolistic nature of IPv6 that is hindering adoption. If it had allowed companies like AT&T or Telus to pwn the Internet, it would have been adopted globally in a week. It is precisely because it empowers users to do their own thing that network providers are avoiding it like the plague.)

What have the V6 folks ever done for us?

Posted Mar 19, 2007 13:14 UTC (Mon) by copsewood (subscriber, #199) [Link]

Thanks for this summary. In addition to commercial monopolistic motivation (which I'm sure exists) there is also the problem of displacing an existing network with a new one suggested by Metcalf's law. This problem is likely to be overcome by new applications e.g. requiring all mobile phones having client/server IP connectivity and OLPC which can only be achieved through availability of more addresses. ISPs will be keen to make money from these new applications even if there are fewer opportunities to monopolise them.

v6

Posted Mar 22, 2007 9:53 UTC (Thu) by Cato (subscriber, #7643) [Link]

IPv6 is finally entering real practically-driven deployments - I'm not counting the various ISPs who've done IPv6 as a service for use by leading-edge business customers and research labs, only the companies that are deploying it because they more or less have to, driven by future IP address shortages.

Comcast is deploying IPv6 already in its core and will deploy it for customers, largely because it's already exhausted the 10.x address space and is having to use public IPv4 space for customers. With about 10 IP addresses per triple-play household, and 10s of millions of customers, there's a strong driver to do this sooner rather than later, and the cable world's DOCSIS 3.0 standards for cable modems are now out, and support IPv6.

For more details, including a presentation from Comcast on their IPv6 deployment plans, and some other indicators of IPv6 demand becoming real, see http://slashdot.org/comments.pl?sid=225734&cid=18286172

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds