Re: [PATCH v2] bonding: move IPv6 support into a separate kernel module

From: Chuck Lever
Date: Thu Feb 26 2009 - 14:43:52 EST

Next message: Zach Brown: "[CFP, 2 days left] 2009 Linux Storage and Filesystem Workshop"
Previous message: Glauber Costa: "[PATCH] remove static declaration from wall clock version"
In reply to: Brian Haley: "Re: [PATCH v2] bonding: move IPv6 support into a separate kernelmodule"
Next in thread: Vlad Yasevich: "Re: [PATCH v2] bonding: move IPv6 support into a separate kernelmodule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 26, 2009, at Feb 26, 2009, 2:28 PM, Brian Haley wrote:

Jay Vosburgh wrote:
I've been fooling with the disable_ipv6 sysctl, and one issue is
that, at least on the distro I'm testing on (SLES), it's not picked up
from /etc/sysctl.conf at boot time (presumably because ipv6 isn't loaded
yet, although I haven't really checked).
Correct, that's the problem.

We could create a blocker bitmap. Two sysctls, "block_af" and
"unblock_af". You write the AF_foo value for the protocol there and
it sets or clears the assosciated bit in the internal blocker bitmap.

Things like sys_socket() et al. key off of this.
I'm open to suggestions at this point in time, I just don't see how this
will solve the bonding problem since it still wouldn't load, right?
It would permit users to load ipv6 (thus allowing bonding to
load), but prevent ipv6 from actually doing anything. (because
sys_socket, e.g., won't open an ipv6 socket if block_af includes ipv6).

Right, but it doesn't help someone that changed /etc/modprobe.conf to have "install ipv6 /bin/true" - they'll have to stop doing that.

I think changing ipv6 to support a disable_ipv6 module parameter like Vlad suggested would work, as long as we're not worried about someone opening an AF_INET6 socket - even if they do they won't get anywhere.

In this case, if IPV6ONLY is set on an AF_INET6 listener, it should still get AF_INET traffic, correct?

That, along with the patch below to actually not add the addresses, would work (sorry in advance for using an attachment). I'll get started on that...

-Brian

--

The disable_ipv6 knob was meant to be used for the kernel to disable IPv6 on an interface when DAD failed for the link-local address based on the MAC, but we should also be able to administratively disable it on an interface, or the entire system. This patch fixes the per-interface problem.

Signed-off-by: Brian Haley <brian.haley@xxxxxx>
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index f8f76d6..90f2a81 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -603,6 +603,11 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
goto out2;
}

+ if (idev->cnf.disable_ipv6) {
+ err = -EPERM;
+ goto out2;
+ }
+
write_lock(&addrconf_hash_lock);

/* Ignore adding duplicate addresses on an interface */

--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Zach Brown: "[CFP, 2 days left] 2009 Linux Storage and Filesystem Workshop"
Previous message: Glauber Costa: "[PATCH] remove static declaration from wall clock version"
In reply to: Brian Haley: "Re: [PATCH v2] bonding: move IPv6 support into a separate kernelmodule"
Next in thread: Vlad Yasevich: "Re: [PATCH v2] bonding: move IPv6 support into a separate kernelmodule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]