Re: disabling ipv6 (when ipv6 module is already loaded or built in)

[Arkadiusz Miskiewicz <a.miskiewicz@gmail.com>]

On Friday 25 of March 2011, Brian Haley wrote:
> On 03/25/2011 01:17 PM, Arkadiusz Miskiewicz wrote:
> > Hi,
> > 
> > There are two options for disabling some ipv6 functionality in ipv6
> > module - disable and disable_ipv6. The second option is also available
> > as sysctl and can be switched runtime.
> > 
> > First is nicer because it also prevents apps from creating sockets by
> > using socket(AF_INET6, ...). Various apps use AF_INET6 socket creation
> > to deterine if ipv6 is supported on the system. Unfortunately "disable"
> > one doesn't exist as sysctl and this is a problem.
> > 
> > Is it possible to make "disable" sysctl option, too? Currently there is
> > no runtime way to disable ipv6 (or I'm unaware of such way).
> 
> Not really, the module parameter causes IPv6 to be loaded just enough to
> allow other modules that rely on it to load, but it never registers
> any of the protocol handlers, sysctls, tables, etc. to make it usable.
> And the IPv6 module isn't unloadable, so you have to reboot to change
> this setting.
> 
> When there are no addresses it's not very usable since you can't send
> out packets...

The whole problem is that socket(AF_INET6,...) is allowed. If setting 
net.ipv6.conf.all.disable_ipv6=1 would also prevent such socket() from 
succeeding then everything would be fine.

> -Brian

-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/