Hello, up to Fedora 15 including, there was ipv6 as loadable kernel module and was not problem disable/not load it. But recent F15 and F16 kernels have IPV6 support compiled in kernel, know anyone for which reason? For IPv4-only sites (which is absolute majority) this is unneeded...
Frantisek Hanzlik wrote:
Hello, up to Fedora 15 including, there was ipv6 as loadable kernel module and was not problem disable/not load it. But recent F15 and F16 kernels have IPV6 support compiled in kernel, know anyone for which reason? For IPv4-only sites (which is absolute majority) this is unneeded...
http://lists.fedoraproject.org/pipermail/kernel/2011-June/003105.html
It is future ;)
Frantisek Hanzlik wrote:
Hello, up to Fedora 15 including, there was ipv6 as loadable kernel module and was not problem disable/not load it. But recent F15 and F16 kernels have IPV6 support compiled in kernel, know anyone for which reason? For IPv4-only sites (which is absolute majority) this is unneeded...
The only reason I can see is to allow the ip6tables firewall stuff to work rather than take unknown protocol processing paths. Download the kernel source and rebuild if it really bugs you on memory.
Bill Davidsen wrote:
Frantisek Hanzlik wrote:
Hello, up to Fedora 15 including, there was ipv6 as loadable kernel module and was not problem disable/not load it. But recent F15 and F16 kernels have IPV6 support compiled in kernel, know anyone for which reason? For IPv4-only sites (which is absolute majority) this is unneeded...
The only reason I can see is to allow the ip6tables firewall stuff to work rather than take unknown protocol processing paths.
I think all know modular kernel advantages over modules fixly compiled into, thus I cannot understand why ipv6 should be exception. And about some dependencies - from F15 new systemd should perhaps serve all dependencies much better and easily, it's true?
Download the kernel source and rebuild if it really bugs you on memory.
You mean it seriously? Of course, it is way... But switch to another distro is in some cases more easier.
Am 08.04.2012 05:13, schrieb Frantisek Hanzlik:
I think all know modular kernel advantages over modules fixly compiled into, thus I cannot understand why ipv6 should be exception. And about some dependencies - from F15 new systemd should perhaps serve all dependencies much better and easily, it's true?
Download the kernel source and rebuild if it really bugs you on memory.
You mean it seriously? Of course, it is way... But switch to another distro is in some cases more easier.
is this so? and you are 100% sure that in the next release there will not happen the same?
so why do you simply not calm down and add "ipv6.disable=1" to your kernel-parameters so you will not notice anything about ipv6 after the next boot?
Reindl Harald wrote:
Am 08.04.2012 05:13, schrieb Frantisek Hanzlik:
I think all know modular kernel advantages over modules fixly compiled into, thus I cannot understand why ipv6 should be exception. And about some dependencies - from F15 new systemd should perhaps serve all dependencies much better and easily, it's true?
Download the kernel source and rebuild if it really bugs you on memory.
You mean it seriously? Of course, it is way... But switch to another distro is in some cases more easier.
is this so? and you are 100% sure that in the next release there will not happen the same?
so why do you simply not calm down and add "ipv6.disable=1" to your kernel-parameters so you will not notice anything about ipv6 after the next boot?
Yes, I have it (as You wrote, on kernel cmdline - as having it in sysctl.conf seems not enough). But this nothing change on fact that 1) I have unwanted things included in kernel, and 2) something (NetworkManager or other malware;) can easily activate it. As module, I can better control how use it and save memory too (although when ipv6 stack is disabled entirely, memory requirements may be lower - I not study about this).
Am 08.04.2012 13:05, schrieb Frantisek Hanzlik:
Yes, I have it (as You wrote, on kernel cmdline - as having it in sysctl.conf seems not enough). But this nothing change on fact that
- I have unwanted things included in kernel
not really relevant
we both can not say how much more overhead in kernel code would be on different places to respect if it is loaded or not compared with a "module" which is aware that it is disabled
- something (NetworkManager or other malware;) can easily activate it.
who told you so? how can NetworkManager override a KERNEL parameter?
in times where it was a loadable module it was the same you had to make sure to disable it AND it was loaded most of the time
did you ever notice the dmesg messages about ipv6 is disabled and you have to reboot to enable it again while it was loaded all the time (this messages which appear if you remove "quiet" from the kernel-parameters and most people do not recognize)
As module, I can better control how use it and save memory too (although when ipv6 stack is disabled entirely, memory requirements may be lower - I not study about this)
the stack is disabled entirely and the memory footprint may be the same as unloaded module and code paths on different places which has to check this
I have disabled ipv6 permanently since F14, and no problem. Just add "install ipv6 /bin/true to /etc/modprobe.d/dist.conf"(old variant) or "blacklist ipv6" to /etc/modprobe.d/blacklist.conf and "net.ipv6.conf.all.disable_ipv6 = 1" to /etc/sysctl.conf. There is nothing you cant control in your Fedora setup.
Am 08.04.2012 13:27, schrieb Alchemist:
I have disabled ipv6 permanently since F14, and no problem. Just add "install ipv6 /bin/true to /etc/modprobe.d/dist.conf"(old variant) or "blacklist ipv6" to /etc/modprobe.d/blacklist.conf and "net.ipv6.conf.all.disable_ipv6 = 1" to /etc/sysctl.conf. There is nothing you cant control in your Fedora setup.
but if you would take a look now you would recognize that this all does no longer work since we are no longer speak about a loadable module
and that is why you have to add "ipv6.disable=1" as kernel parameter with recent kernel builds of F15/F16
net.ipv6.conf.all.disable_ipv6 = 1
this is nice but only a part of the game and does not disbale ipv6 completly!
try "netstat --numeric-hosts --numeric-ports --notrim --programs -u -t -l" and you will see ntpd and samba as example listen on the ipv6 loopback and also error messages in this context in several services if you do this after machine has bootet
AGAIN: "ipv6.disable=1" as kernel-param is the only real way to disable ipv6 at all in recent kernels and after that even your proposed sysctl parameters will lead in errors because after disable it they are no longer present
2012/4/8 Reindl Harald h.reindl@thelounge.net:
Am 08.04.2012 13:27, schrieb Alchemist:
I have disabled ipv6 permanently since F14, and no problem. Just add "install ipv6 /bin/true to /etc/modprobe.d/dist.conf"(old variant) or "blacklist ipv6" to /etc/modprobe.d/blacklist.conf and "net.ipv6.conf.all.disable_ipv6 = 1" to /etc/sysctl.conf. There is nothing you cant control in your Fedora setup.
but if you would take a look now you would recognize that this all does no longer work since we are no longer speak about a loadable module
and that is why you have to add "ipv6.disable=1" as kernel parameter with recent kernel builds of F15/F16
net.ipv6.conf.all.disable_ipv6 = 1
this is nice but only a part of the game and does not disbale ipv6 completly!
try "netstat --numeric-hosts --numeric-ports --notrim --programs -u -t -l" and you will see ntpd and samba as example listen on the ipv6 loopback and also error messages in this context in several services if you do this after machine has bootet
AGAIN: "ipv6.disable=1" as kernel-param is the only real way to disable ipv6 at all in recent kernels and after that even your proposed sysctl parameters will lead in errors because after disable it they are no longer present
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
I have not ntpd or samba installed neither, but i will take deeper research. On my systems i use lsof -i6, and everything seems ok.
Reindl Harald wrote:
Am 08.04.2012 13:05, schrieb Frantisek Hanzlik:
Yes, I have it (as You wrote, on kernel cmdline - as having it in sysctl.conf seems not enough). But this nothing change on fact that
- I have unwanted things included in kernel
not really relevant
we both can not say how much more overhead in kernel code would be on different places to respect if it is loaded or not compared with a "module" which is aware that it is disabled
Networking code has especial position, as bugs / problems / misconfigurations in it have strong impact to machine security. And I simply do not want do any ip6tables and other ipv6 security configuration - because I do not want use ipv6 _entirely_
- something (NetworkManager or other malware;) can easily activate it.
who told you so? how can NetworkManager override a KERNEL parameter?
Have I after each update supervise whether NM or other stuff made some unwanted changes - maybe even on kernel commandline? And after each reboot again? No, I don´t want it.
in times where it was a loadable module it was the same you had to make sure to disable it AND it was loaded most of the time
even if I wipe it from disk most services was able reconstruct it and load again ;)
did you ever notice the dmesg messages about ipv6 is disabled and you have to reboot to enable it again while it was loaded all the time (this messages which appear if you remove "quiet" from the kernel-parameters and most people do not recognize)
As module, I can better control how use it and save memory too (although when ipv6 stack is disabled entirely, memory requirements may be lower - I not study about this)
the stack is disabled entirely and the memory footprint may be the same as unloaded module and code paths on different places which has to check this
Here I eventually agree with You.
Am 08.04.2012 14:07, schrieb Frantisek Hanzlik:
Networking code has especial position, as bugs / problems / misconfigurations in it have strong impact to machine security. And I simply do not want do any ip6tables and other ipv6 security configuration - because I do not want use ipv6 _entirely_
so disable it what is your exactly problem?
i maintain 20 public fedora machines and no single one has any ipv6 configuration becuase i disabled it as explained - why can you do not the same?
- something (NetworkManager or other malware;) can easily activate it.
who told you so? how can NetworkManager override a KERNEL parameter?
Have I after each update supervise whether NM or other stuff made some unwanted changes - maybe even on kernel commandline? And after each reboot again? No, I don´t want it.
boah you have to disable it once for years as you gad to disable the odule all the years before
NM is not in the position to overrdie kernel-parameters kernel-parameters are not changed by updates
so again: what is your problem?
in times where it was a loadable module it was the same you had to make sure to disable it AND it was loaded most of the time
even if I wipe it from disk most services was able reconstruct it and load again ;)
so and what is the difference now?
the stack is disabled entirely and the memory footprint may be the same as unloaded module and code paths on different places which has to check this
Here I eventually agree with You
hm you agree about memory fooprint you can disable ipv6 entirely
so again: what is your problem?
Reindl Harald wrote:
Am 08.04.2012 14:07, schrieb Frantisek Hanzlik:
Networking code has especial position, as bugs / problems / misconfigurations in it have strong impact to machine security. And I simply do not want do any ip6tables and other ipv6 security configuration - because I do not want use ipv6 _entirely_
so disable it what is your exactly problem?
i maintain 20 public fedora machines and no single one has any ipv6 configuration becuase i disabled it as explained - why can you do not the same?
- something (NetworkManager or other malware;) can easily activate it.
who told you so? how can NetworkManager override a KERNEL parameter?
Have I after each update supervise whether NM or other stuff made some unwanted changes - maybe even on kernel commandline? And after each reboot again? No, I don´t want it.
boah you have to disable it once for years as you gad to disable the odule all the years before
NM is not in the position to overrdie kernel-parameters kernel-parameters are not changed by updates
so again: what is your problem?
in times where it was a loadable module it was the same you had to make sure to disable it AND it was loaded most of the time
even if I wipe it from disk most services was able reconstruct it and load again ;)
so and what is the difference now?
the stack is disabled entirely and the memory footprint may be the same as unloaded module and code paths on different places which has to check this
Here I eventually agree with You
hm you agree about memory fooprint you can disable ipv6 entirely
so again: what is your problem?
Yeah, finitely we are back at my beginning question, fine. Maybe $SUBJECT is incomprehensible, my English is poor. I was asked for any reason(s) why now is ipv6 compiled in kernel instead of previous (several months ago) state when it was kernel module, for years. For the present I cannot see any good arguments or references.
Am 08.04.2012 21:24, schrieb Frantisek Hanzlik:
the stack is disabled entirely and the memory footprint may be the same as unloaded module and code paths on different places which has to check this
Here I eventually agree with You
hm you agree about memory fooprint you can disable ipv6 entirely
so again: what is your problem?
Yeah, finitely we are back at my beginning question, fine. Maybe $SUBJECT is incomprehensible, my English is poor. I was asked for any reason(s) why now is ipv6 compiled in kernel instead of previous (several months ago) state when it was kernel module, for years. For the present I cannot see any good arguments or references.
well, this link was posted as the last one came up with this question some days ago:
http://lists.fedoraproject.org/pipermail/kernel/2011-June/003105.html
Frantisek Hanzlik wrote:
Reindl Harald wrote:
Am 08.04.2012 14:07, schrieb Frantisek Hanzlik:
Networking code has especial position, as bugs / problems / misconfigurations in it have strong impact to machine security. And I simply do not want do any ip6tables and other ipv6 security configuration - because I do not want use ipv6 _entirely_
so disable it what is your exactly problem?
i maintain 20 public fedora machines and no single one has any ipv6 configuration becuase i disabled it as explained - why can you do not the same?
- something (NetworkManager or other malware;) can easily activate it.
who told you so? how can NetworkManager override a KERNEL parameter?
Have I after each update supervise whether NM or other stuff made some unwanted changes - maybe even on kernel commandline? And after each reboot again? No, I don´t want it.
boah you have to disable it once for years as you gad to disable the odule all the years before
NM is not in the position to overrdie kernel-parameters kernel-parameters are not changed by updates
so again: what is your problem?
in times where it was a loadable module it was the same you had to make sure to disable it AND it was loaded most of the time
even if I wipe it from disk most services was able reconstruct it and load again ;)
so and what is the difference now?
the stack is disabled entirely and the memory footprint may be the same as unloaded module and code paths on different places which has to check this
Here I eventually agree with You
hm you agree about memory fooprint you can disable ipv6 entirely
so again: what is your problem?
Yeah, finitely we are back at my beginning question, fine. Maybe $SUBJECT is incomprehensible, my English is poor. I was asked for any reason(s) why now is ipv6 compiled in kernel instead of previous (several months ago) state when it was kernel module, for years. For the present I cannot see any good arguments or references.
I can't see any reason to beat this topic further, it's the default because the developers believe it is most useful to the majority of users. You can build your kernel with as many things added or removed as you please and add patches as you find are needed.
You understand how to solve what seems a trouble for you, you have the answer "it's more generally useful" and you are entitled to your opinion but it's not done by vote. So I guess you live with it or fix it on your machines. I fix things, many people do, I don't think any deiscussion here is likely to be more useful to you.