Welcome to the MacNN Forums.

Brit Ben · May 7, 2001, 01:37 PM

All,

According to http://playground.sun.com/pub/ipng/h....html#MacOS...

"Apple has released a development kit with IPv6 and IPsec for Mac OS X".

I am trying to find this. Any ideas or pointers appreciated...

Cheers,
Ben.

Angus_D · May 7, 2001, 04:29 PM

Whoa, that's old. That happened in about DP4 and was available from the ADC Connect site. It was a replacement kernel and so on... 15mb or so if I remember correctly....

I'm not sure what the current status of IPv6 and IPsec is at the moment, but I'm guessing it's not fully implemented yet. I'm not even sure if it's enabled in the xnus that are distributed publicly...

Brit Ben · May 8, 2001, 10:54 AM

Shoot !

Thanks for the info.

Okay, well, before I embark on kernel builds and CVS trees... If anyone out there knows the story if this stuff is even in the xnus, please let me know....

Cheers,
Ben.

Angus_D · May 8, 2001, 01:54 PM

Originally posted by Brit Ben:
before I embark on kernel builds and CVS trees... If anyone out there knows the story if this stuff is even in the xnus, please let me know....

try darwin-development@lists.apple.com

Don't even think about building xnus out-of-synch from the ones in OS X, it will most definitely break things (because of the evil inter-project dependencies and so on). For example, xnu-127 (currently the latest version in CVS) has major problems with networking that make it basically unusable, I think.

CremerK · May 8, 2001, 05:04 PM

It does look like it would have to be built into the kernel. Looking through all the documentation at freeBSD and BSDi has been enlightening, but makes it look like Apple will have to be the ones deciding to make it available - almost exactly like what they did with ipfw. It's compiled into the kernel, but not accessible through the gui.

I would love to see this happen. With a nice cheap gui like Brickhouse or TMA (my favorite), to set it up, IPSec could enable some of use to establish secure connections to work and stay home every once in a while.

battlej · May 9, 2001, 01:36 PM

unfortunately, you just _can't_ use the darwin xnu as a drop-in replacement for osx's. there's all sorts of things in osx that apple hasn't released to the public, and without them, osx breaks horribly.

OTOH, darwin builds fine with ipv6 and ipsec in the kernel. it's just that the networking tools are horribly out of date, and upgrading the tools means upgrading the kernel (the bsd net layer of xnu). I don't believe anyone is hacking on this yet (outside apple)

I'd be willing to tackle this, but I'd be more inspired if I wasn't doing it alone...

and, who knows, if we do it right, and bring darwins netcode into this century, maybe apple will pick it up and merge it into osx...

Angus_D · May 9, 2001, 02:08 PM

Originally posted by battlej:
unfortunately, you just _can't_ use the darwin xnu as a drop-in replacement for osx's. there's all sorts of things in osx that apple hasn't released to the public, and without them, osx breaks horribly.

well... most of that is due to encumbered code that apple just can't opensource... they're getting there though, I think. and I was under the impression you can build a Darwin kernel and drop it into OS X... the main problem is that OS X is using a bugfix branch of xnu-124 which isn't available publicly at the moment. if you can synch up the xnu with the tools in the OS or so, it should be possible to drop a darwin kernel in... I'm sure wilfredo sanchez said he was up to xnu-11something on the public beta, although things were breaking... (it shipped with xnu-103 i think)

lgerbarg · May 9, 2001, 03:00 PM

Originally posted by battlej:

unfortunately, you just _can't_ use the darwin xnu as a drop-in replacement for osx's. there's all sorts of things in osx that apple hasn't released to the public, and without them, osx breaks horribly.

OTOH, darwin builds fine with ipv6 and ipsec in the kernel. it's just that the networking tools are horribly out of date, and upgrading the tools means upgrading the kernel (the bsd net layer of xnu). I don't believe anyone is hacking on this yet (outside apple)

I'd be willing to tackle this, but I'd be more inspired if I wasn't doing it alone...

and, who knows, if we do it right, and bring darwins netcode into this century, maybe apple will pick it up and merge it into osx...

I have been running a Darwin xnu with OS X since the day OS X was released...

The issue is not that they are different... The issue is that they are not in sync. If you can track done the correct tags you can build a kernel that will work fine.

While I am it, I used to hack up mismatched kernels and OS X PB all the time. I kept OS X PB running up through xnu-113 or so. Things got a little weird though.

Louis

------------------
Louis Gerbarg
Darwin Developer

Brit Ben · May 11, 2001, 12:35 PM

Sorry guys, I was away for a couple of days.

1) Yes, I need IPv6 and IPSec. More specifically, I could do with IPSec to get access to my corporate network, and IPv6 cus I work in an next generation internetty kind of role. I've been doing the whole IPv6 thing since 95.

It is my understanding that we can build kernels from the CVS tree and implement them as part of the OS. It's been done and there are detailed instructions on other threads.

I'm nowhere near as familiar with the BSD kernels as I was with Linux, and as for the nettools - depends what is needed. To get the IPv6 versions of nettools up and running for example is a long process involving recompilation of everything including the resolver libraries.

How is netifo manager implemented as part of the OS, because getting that stuff all to work with custom builds of nettools may be problematic to the extreme.

Comments and thoughts are appreciated, and yep, I'll devote some time to this, provided we can make it work, and ensure that the up-to-date tools can be sent back into the CVS tree....

Ben.

battlej · May 11, 2001, 10:15 PM

Originally posted by lgerbarg:
I have been running a Darwin xnu with OS X since the day OS X was released...

The issue is not that they are different... The issue is that they are not in sync. If you can track done the correct tags you can build a kernel that will work fine.

While I am it, I used to hack up mismatched kernels and OS X PB all the time. I kept OS X PB running up through xnu-113 or so. Things got a little weird though.

Louis

you're a brave man!!! every time I've tried to use a xnu kernel, regardless of which branch I check out and build, certain things fail miserable. specifically, it whacks all the system and user prefs it can get it's hands on (annoying, but I can deal), and netinfo-type things seem broken. granted, I haven't looked too deep into why they fail, but I could...

and, every now and then, after a reboot with an xnu kernel, my tibook
can't find _any_ bootable partitions. I've got to basically reinstall/upgrade osx to get it to recognize the partition.

lgerbarg, are you using just the xnu kernel, or the frameworks that get built too? any newly built libraries, or the osx ones?

tnx,

Joe

battlej · May 11, 2001, 10:22 PM

Originally posted by Brit Ben:
Sorry guys, I was away for a couple of days.

1) Yes, I need IPv6 and IPSec. More specifically, I could do with IPSec to get access to my corporate network, and IPv6 cus I work in an next generation internetty kind of role. I've been doing the whole IPv6 thing since 95.

It is my understanding that we can build kernels from the CVS tree and implement them as part of the OS. It's been done and there are detailed instructions on other threads.

I'm nowhere near as familiar with the BSD kernels as I was with Linux, and as for the nettools - depends what is needed. To get the IPv6 versions of nettools up and running for example is a long process involving recompilation of everything including the resolver libraries.

How is netifo manager implemented as part of the OS, because getting that stuff all to work with custom builds of nettools may be problematic to the extreme.

Comments and thoughts are appreciated, and yep, I'll devote some time to this, provided we can make it work, and ensure that the up-to-date tools can be sent back into the CVS tree....

Ben.

I'd be more than willing to work on this as well. does anyone know if apple's internal guys are doing any heavy massaging of the network code, either kernel or userspace?

basically, as quick glance, the ipsec/ipv6 support in the kernel is decent. it's got a few of the major bugs that existed in the bsd tree from the time they imported it, and looks like it hasn't been touched much since.

this code should really be brought up to date with respect to current bsd trees. that would make recompiling a set of nettools trivial (at least to those of us who don't need netinfo) I'm not sure apple would see this as the right way to do things.

the other approach is to rototill the existing nettools to support ipsec/ipv6. and, while we're at it, patch up any security/os/performance proglems found since it was last touched. seems like a lot more work.

suggestions, anyone?

Brit Ben · May 13, 2001, 04:50 PM

Originally posted by battlej:
I'd be more than willing to work on this as well. does anyone know if apple's internal guys are doing any heavy massaging of the network code, either kernel or userspace?

basically, as quick glance, the ipsec/ipv6 support in the kernel is decent. it's got a few of the major bugs that existed in the bsd tree from the time they imported it, and looks like it hasn't been touched much since.

this code should really be brought up to date with respect to current bsd trees. that would make recompiling a set of nettools trivial (at least to those of us who don't need netinfo) I'm not sure apple would see this as the right way to do things.

the other approach is to rototill the existing nettools to support ipsec/ipv6. and, while we're at it, patch up any security/os/performance proglems found since it was last touched. seems like a lot more work.

suggestions, anyone?

Unfortunately, the latter option is probably the only one which would result in any work going back into Darwin. Apple has done a lot of work with netinfo. I can't see them adopting code that doesn't support it !

I'm looking into the net-tools to get a feel for how much work would be involved to build netinfo support in. What worries me is that netinfo itself may need to be updated to be v6 compliant. Certainly an update to inted will be needed, updated resolver libraries, and config files. There could be an awful lot of work involved.

Regards, Ben.

lgerbarg · May 18, 2001, 06:41 PM

Originally posted by battlej:
you're a brave man!!! every time I've tried to use a xnu kernel, regardless of which branch I check out and build, certain things fail miserable. specifically, it whacks all the system and user prefs it can get it's hands on (annoying, but I can deal), and netinfo-type things seem broken. granted, I haven't looked too deep into why they fail, but I could...

and, every now and then, after a reboot with an xnu kernel, my tibook
can't find _any_ bootable partitions. I've got to basically reinstall/upgrade osx to get it to recognize the partition.

lgerbarg, are you using just the xnu kernel, or the frameworks that get built too? any newly built libraries, or the osx ones?

tnx,

Joe

xnu-127 (which was TOT last I checked) has broken the sockets interfaces (well specifically at least a broken bind), so NetInfo can't start, which is what hoses everything else. Try "cvs -r Apple-124" (I think that is the tag...) or so, which works. 124 is where the current patches are coming off of. Anything higher than that could be unstable/incompatible with your system ;-)

Louis

------------------
Louis Gerbarg
Darwin Developer

lgerbarg · May 18, 2001, 06:42 PM

Originally posted by battlej:
you're a brave man!!! every time I've tried to use a xnu kernel, regardless of which branch I check out and build, certain things fail miserable. specifically, it whacks all the system and user prefs it can get it's hands on (annoying, but I can deal), and netinfo-type things seem broken. granted, I haven't looked too deep into why they fail, but I could...

and, every now and then, after a reboot with an xnu kernel, my tibook
can't find _any_ bootable partitions. I've got to basically reinstall/upgrade osx to get it to recognize the partition.

lgerbarg, are you using just the xnu kernel, or the frameworks that get built too? any newly built libraries, or the osx ones?

tnx,

Joe

xnu-127 (which was TOT last I checked) has broken the sockets interfaces (well specifically at least a broken bind), so NetInfo can't start, which is what hoses everything else. Try "cvs -r Apple-124" (I think that is the tag...) or so, which works. 124 is where the current patches are coming off of. Anything higher than that could be unstable/incompatible with your system ;-)

Louis

------------------
Louis Gerbarg
Darwin Developer

Angus_D · May 20, 2001, 04:32 AM

Be warned that xnu-124 is lagging behind the OS X public binary releases - the patches branch hasn't been pushed out to public CVS yet (will it ever be?)