please take a look at this https://bugzilla.redhat.com/show_bug.cgi?id=982740#c12
what do we do in the future to disable ipv6 entirely and why is "ipv6.disable=1" as kernel param at least with 3.10.0-1.fc20.x86_64 on F19?
On 07/13/2013 01:44 AM, Reindl Harald wrote:
please take a look at this https://bugzilla.redhat.com/show_bug.cgi?id=982740#c12
what do we do in the future to disable ipv6 entirely and why is "ipv6.disable=1" as kernel param at least with 3.10.0-1.fc20.x86_64 on F19?
Back in 2011 the preferred kernel parameter to do that was "ipv6.disable_ipv6=1": https://lists.fedoraproject.org/pipermail/kernel/2011-June/003106.html I assume it's still true today.
"ipv6.disable=1" should still work though. I still see it handled net/ipv6/af_inet6.c.
In the linked Bugzilla comment you mentioned "ipv6disable=1" (without a dot). Did this ever work? I think it's a typo.
Michal
Am 15.07.2013 16:44, schrieb Michal Schmidt:
On 07/13/2013 01:44 AM, Reindl Harald wrote:
please take a look at this https://bugzilla.redhat.com/show_bug.cgi?id=982740#c12
what do we do in the future to disable ipv6 entirely and why is "ipv6.disable=1" as kernel param at least with 3.10.0-1.fc20.x86_64 on F19?
Back in 2011 the preferred kernel parameter to do that was "ipv6.disable_ipv6=1": https://lists.fedoraproject.org/pipermail/kernel/2011-June/003106.html I assume it's still true today.
"ipv6.disable=1" should still work though. I still see it handled net/ipv6/af_inet6.c.
In the linked Bugzilla comment you mentioned "ipv6disable=1" (without a dot). Did this ever work? I think it's a typo
thanks for your feedback, yes this was a typo
however, i removed it over the weekend and disabled ipv6 with sysctl software like ntpd, smbd still insists in listening on ipv6 sockets and the maintainers of the packages says this inconsistent behavior is fine _______________________________________________________
udp 0 0 *:ntp *:* udp6 0 0 [::]:ntp [::]:*
tcp6 0 0 :::139 :::* LISTEN 3079/smbd tcp6 0 0 :::445 :::* LISTEN 3079/smbd _______________________________________________________
/etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.all.accept_redirects=0 net.ipv6.conf.all.accept_source_route=0 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.default.accept_redirects=0 net.ipv6.conf.default.accept_source_route=0
On Mon, 2013-07-15 at 16:55 +0200, Reindl Harald wrote:
Am 15.07.2013 16:44, schrieb Michal Schmidt:
On 07/13/2013 01:44 AM, Reindl Harald wrote:
please take a look at this https://bugzilla.redhat.com/show_bug.cgi?id=982740#c12
what do we do in the future to disable ipv6 entirely and why is "ipv6.disable=1" as kernel param at least with 3.10.0-1.fc20.x86_64 on F19?
Back in 2011 the preferred kernel parameter to do that was "ipv6.disable_ipv6=1": https://lists.fedoraproject.org/pipermail/kernel/2011-June/003106.html I assume it's still true today.
"ipv6.disable=1" should still work though. I still see it handled net/ipv6/af_inet6.c.
In the linked Bugzilla comment you mentioned "ipv6disable=1" (without a dot). Did this ever work? I think it's a typo
thanks for your feedback, yes this was a typo
however, i removed it over the weekend and disabled ipv6 with sysctl software like ntpd, smbd still insists in listening on ipv6 sockets and the maintainers of the packages says this inconsistent behavior is fine
It is, it's the task of the kernel to refuse to create ipv6 sockets if ipv6 is disabled, certainly not that of the software to find the platform specific way of caring if ipv6 is enabled or not.
Open a bug against the kernel if you think this is really an issue (I do not see what's the issue if ipv6 really is disabled those sockets are just harmless and will never be used).
Simo.
It is, it's the task of the kernel to refuse to create ipv6 sockets if ipv6 is disabled, certainly not that of the software to find the platform specific way of caring if ipv6 is enabled or not.
Open a bug against the kernel if you think this is really an issue (I do not see what's the issue if ipv6 really is disabled those sockets are just harmless and will never be used).
Given that the 'addresses' presented there are the undefined 'null' addresses and you are specifically meant to be able to bind to them with no addresses existing ( http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ ... :: and ::1 plus 0.0.0.0 and 127.0.0.1 are defined as unconditionally available) I'd say that was not a bug at any rate ...
In the event of addresses being added to the interfaces there is no need to bounce the service to get it to listen on them which would otherwise be the case...
On Mon, Jul 15, 2013 at 04:55:24PM +0200, Reindl Harald wrote:
Am 15.07.2013 16:44, schrieb Michal Schmidt:
On 07/13/2013 01:44 AM, Reindl Harald wrote:
please take a look at this https://bugzilla.redhat.com/show_bug.cgi?id=982740#c12
what do we do in the future to disable ipv6 entirely and why is "ipv6.disable=1" as kernel param at least with 3.10.0-1.fc20.x86_64 on F19?
Back in 2011 the preferred kernel parameter to do that was "ipv6.disable_ipv6=1": https://lists.fedoraproject.org/pipermail/kernel/2011-June/003106.html I assume it's still true today.
"ipv6.disable=1" should still work though. I still see it handled net/ipv6/af_inet6.c.
In the linked Bugzilla comment you mentioned "ipv6disable=1" (without a dot). Did this ever work? I think it's a typo
thanks for your feedback, yes this was a typo
however, i removed it over the weekend and disabled ipv6 with sysctl software like ntpd, smbd still insists in listening on ipv6 sockets and the maintainers of the packages says this inconsistent behavior is fine _______________________________________________________
udp 0 0 *:ntp *:* udp6 0 0 [::]:ntp [::]:*
tcp6 0 0 :::139 :::* LISTEN 3079/smbd tcp6 0 0 :::445 :::* LISTEN 3079/smbd _______________________________________________________
/etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.all.accept_redirects=0 net.ipv6.conf.all.accept_source_route=0 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.default.accept_redirects=0 net.ipv6.conf.default.accept_source_route=0
You're configuration indicates all interfaces should not send/recieve/forward ipv6 traffic. That in no way indicates that applications can't create ipv6 sockets, its just that those sockets will never receive data, and any data transmitted on them will be dropped.
If you really don't want to see ipv6 sockets, you need to use the ipv6.disable kernel command line option. Note however, that doing so will prevent the registration of the PF_INET6 address family, meaning that any application call to socket(PF_INET6,...) will fail with an EAFNOTSUPPORT errno return. That could cause lots of applications to get confused or otherwise misbehave, which is why most people don't use it, opting instead for the more sane options that you have above. Neil
kernel mailing list kernel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/kernel
On 2013-07-15 11:37 (GMT-0400) Neil Horman composed:
If you really don't want to see ipv6 sockets, you need to use the ipv6.disable kernel command line option.
Maybe the problem is that https://www.kernel.org/doc/Documentation/networking/ipv6.txt explicitly contains no such option? Reading there, to me it looks like ipv6.disable is a module config option, not a cmdline option. Does using disable_ipv6=0 on cmdline work better?
On Mon, Jul 15, 2013 at 12:05:56PM -0400, Felix Miata wrote:
On 2013-07-15 11:37 (GMT-0400) Neil Horman composed:
If you really don't want to see ipv6 sockets, you need to use the ipv6.disable kernel command line option.
Maybe the problem is that https://www.kernel.org/doc/Documentation/networking/ipv6.txt explicitly contains no such option? Reading there, to me it looks like ipv6.disable is a module config option, not a cmdline option. Does using disable_ipv6=0 on cmdline work better?
All module options can be specified on the kernel command line (see the top of kernel-parameters.txt):
The following is a consolidated list of the kernel parameters as implemented (mostly) by the __setup() macro and sorted into English Dictionary order (defined as ignoring all punctuation and sorting digits before letters in a case insensitive manner), and with descriptions where known.
Module parameters for loadable modules are specified only as the parameter name with optional '=' and value as appropriate, such as:
modprobe usbcore blinkenlights=1
Module parameters for modules that are built into the kernel image are specified on the kernel command line with the module name plus '.' plus parameter name, with '=' and value if appropriate, such as:
usbcore.blinkenlights=1
This facilitates specifying these options on boot when modules are built in. Neil
-- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
-
Felix Miata -
James Hogarth -
Michal Schmidt -
Neil Horman -
Reindl Harald -
Simo Sorce