From: Stephen Hemminger <shemminger@vyatta.com>
To: John Dykstra <john.dykstra1@gmail.com>
Cc: Brian Haley <brian.haley@hp.com>,
jamagallon@ono.com, Valdis.Kletnieks@vt.edu,
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
bonding-devel@lists.sourceforge.net, rjw@sisk.pl,
Vlad Yasevich <vladislav.yasevich@hp.com>,
Chuck Lever <chuck.lever@oracle.com>,
Theodore Tso <tytso@mit.edu>,
arvidjaar@mail.ru, David Miller <davem@davemloft.net>
Subject: Re: [Bonding-devel] 2.6.29 regression? Bonding tied to IPV6 in 29-rc5
Date: Wed, 18 Feb 2009 13:29:01 -0800 [thread overview]
Message-ID: <20090218132901.1b76e859@extreme> (raw)
In-Reply-To: <1234992067.7692.38.camel@Maple>
On Wed, 18 Feb 2009 21:21:07 +0000
John Dykstra <john.dykstra1@gmail.com> wrote:
> On Wed, 2009-02-18 at 14:57 -0500, Brian Haley wrote:
> > Vlad Yasevich wrote:
> > > Having worked in other environments where ipv6 has to be explicitly
> > > enabled per interface, I've thought that this level of control was
> > > always missing from linux.
> >
> > There does seem to be a sysctl for it, just doesn't seem to work.
>
> While this sysctl is definitely useful, I don't think it meets the needs
> of those users and distributions that are currently blacklisting the
> ipv6 module. Even if you disable IPv6 on all interfaces, apps will
> still be able to create AF_INET6 sockets, and thus some apps will break
> or do inappropriate things because there isn't real IPv6 connectivity.
>
> I've tried to put together an RFC patch that turned off all
> externally-visible IPv6 behavior that could break something, but I keep
> running into distasteful choices.
>
> The current default behavior must be preserved--if you drop this patch
> into an existing distribution, the IPv6 stack must come up the way it
> always has. Thus the knob (let's call it ip6_disable) must default
> false.
>
> It seems desirable to make this a per-net-namespace knob. But that
> means each new net will be initialized before the distribution has a
> chance to disable the IPv6 part. This will lead to neighbor solicits
> going out for link-local addresses, which some people can't accept.
>
> The only alternative I can think of is to make it a module parameter,
> which would leverage people's current habit to disable IPv6 via the
> module configuration files, but doesn't fit well into a virtualized
> world.
>
> Exactly what to disable is unclear too. Turning off neighbor and router
> solicits, responding to same, etc.--almost certainly. Refusing to
> create AF_INET6 sockets--definitely. Erroring on ioctl() and netlink
> API calls related to IPv6--probably. Hiding /proc entries for IPv6--I
> don't know.
>
> Ideally, once ip6_disable was set true, every API, /proc and /sys
> entries, etc. would look just like the ipv6 module was not loaded. But
> to do this, while still initializing most of the IPv6 code (so that
> those hooks from other modules won't do unexpected things) is very
> invasive.
>
> So it seems to me that the only practical solution is to live with
> blacklisting module ipv6 until the apps are fixed and sending IPv6
> packets isn't considered a crime.
>
> -- John
There are also ipv6 purists who would like to see the same mechanism
exist to force ipv6 only (no ipv4). So any long term solution should
support both.
next prev parent reply other threads:[~2009-02-18 21:29 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <alpine.LFD.2.00.0902131413120.3179@localhost.localdomain>
[not found] ` <20090217095232.5da06b9f@werewolf.home>
2009-02-17 17:01 ` 2.6.29 regression? Bonding tied to IPV6 in 29-rc5 Andrey Borzenkov
2009-02-17 18:17 ` Andrey Borzenkov
2009-02-17 20:08 ` [Bonding-devel] " Jay Vosburgh
2009-02-17 22:49 ` David Miller
2009-02-17 20:10 ` Brian Haley
2009-02-17 20:56 ` Thomas Backlund
2009-02-17 21:06 ` [Bonding-devel] " Jay Vosburgh
2009-02-17 21:49 ` Brian Haley
2009-02-17 22:24 ` Jay Vosburgh
2009-03-04 11:46 ` Jan Engelhardt
2009-02-17 22:30 ` Nicolas de Pesloüan
2009-02-17 22:54 ` David Miller
2009-02-17 22:51 ` David Miller
2009-02-17 22:29 ` David Miller
2009-02-18 4:41 ` Valdis.Kletnieks
2009-02-18 5:29 ` David Miller
2009-02-18 5:55 ` Roland Dreier
2009-02-18 13:55 ` Theodore Tso
2009-02-18 16:24 ` Chuck Lever
2009-02-18 18:33 ` Vlad Yasevich
2009-02-18 19:57 ` Brian Haley
2009-02-18 21:21 ` John Dykstra
2009-02-18 21:29 ` Stephen Hemminger [this message]
2009-02-19 13:32 ` Herbert Xu
2009-02-18 22:14 ` David Miller
2009-02-19 1:11 ` Vlad Yasevich
2009-02-19 13:29 ` Herbert Xu
2009-02-18 6:55 ` Frank Blaschka
2009-02-19 18:15 ` Randy Dunlap
2009-02-19 18:19 ` Andrey Borzenkov
2009-02-19 18:20 ` Jay Vosburgh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090218132901.1b76e859@extreme \
--to=shemminger@vyatta.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=arvidjaar@mail.ru \
--cc=bonding-devel@lists.sourceforge.net \
--cc=brian.haley@hp.com \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=jamagallon@ono.com \
--cc=john.dykstra1@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rjw@sisk.pl \
--cc=tytso@mit.edu \
--cc=vladislav.yasevich@hp.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).