From: Vincent Bernat <bernat@luffy.cx>
To: David Miller <davem@davemloft.net>
Cc: zenczykowski@gmail.com, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
Subject: Re: nonlocal_bind and IPv6
Date: Sat, 17 Dec 2011 11:52:01 +0100 [thread overview]
Message-ID: <m38vmb8o8e.fsf@neo.luffy.cx> (raw)
In-Reply-To: <20111216.131833.2127398230815526406.davem@davemloft.net> (David Miller's message of "Fri, 16 Dec 2011 13:18:33 -0500 (EST)")
OoO Pendant le repas du vendredi 16 décembre 2011, vers 19:18, David
Miller <davem@davemloft.net> disait :
>> Moreover, I am just adding the IPv6 version of this setting. The IPv4
>> version already exists.
> I don't think the ipv4 feature was a wise thing to add, so just because
> ipv4 has something doesn't automatically make it appropriate to support
> it in ipv6 too. So please don't use arguments like that.
Here are my arguments against using IP_FREEBIND:
1. It needs to be applied to all services, this will take years. All
services will need an option just for that (because usually a user
does not want to be able to bind to a non local IP). We could use
some hacks with LD_PRELOAD, but that's just an hack.
2. This option may just be unavailable because it is too low-level. For
example, it is not available in Python socket implementation (but I
can still hardcode the numerical value). If I use some web
framework, I will also have hard time to set this option.
3. This is a Linux only option.
Here are the arguments for a sysctl:
1. It is a system-wide configuration: you configure VRRP on your
system, you enable this sysctl, nothing else to do.
2. This is essentially a one-line modification. This will be quite easy
to maintain for years.
3. This is the natural option for many people. See for example:
http://thread.gmane.org/gmane.comp.web.haproxy/7317/focus=7318
4. Without it, people just do horrible things:
http://thread.gmane.org/gmane.comp.web.haproxy/7317/focus=7321
Did I convince you?
--
Vincent Bernat ☯ http://vincent.bernat.im
/*
* We used to try various strange things. Let's not.
*/
2.2.16 /usr/src/linux/fs/buffer.c
next prev parent reply other threads:[~2011-12-17 10:52 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-14 16:20 nonlocal_bind and IPv6 Vincent Bernat
2011-12-14 16:20 ` [PATCH 1/2] net/ipv6: add ip_nonlocal_bind sysctl for IPv6 Vincent Bernat
2011-12-14 16:20 ` [PATCH 2/2] net/ipv4: bind ip_nonlocal_bind to current netns Vincent Bernat
2011-12-16 3:58 ` nonlocal_bind and IPv6 Maciej Żenczykowski
2011-12-16 6:24 ` Vincent Bernat
2011-12-16 7:06 ` David Miller
2011-12-16 9:53 ` Vincent Bernat
2011-12-16 11:10 ` Francois Romieu
2011-12-16 18:20 ` David Miller
2011-12-16 18:18 ` David Miller
2011-12-17 10:52 ` Vincent Bernat [this message]
2011-12-16 6:46 ` YOSHIFUJI Hideaki
2011-12-16 9:46 ` Vincent Bernat
-- strict thread matches above, loose matches on Subject: below --
2011-12-12 13:18 Vincent Bernat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m38vmb8o8e.fsf@neo.luffy.cx \
--to=bernat@luffy.cx \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
--cc=zenczykowski@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.