Re: 2.6.29 regression? Bonding tied to IPV6 in 29-rc5

From: Brian Haley
Date: Wed Feb 18 2009 - 14:57:35 EST


Vlad Yasevich wrote:
Having worked in other environments where ipv6 has to be explicitly
enabled per interface, I've thought that this level of control was
always missing from linux. Being able to configure only the interface
that users want seems like a good thing to have.
Would a module parameter that disables ipv6 or at least addrconf be
enough of a solution?

There does seem to be a sysctl for it, just doesn't seem to work. Possible patch below.

This actually brings up the issue that the "all" ipv6 sysctl, for example net.ipv6.conf.all.disable_ipv6, doesn't actually do anything (at least it didn't seem to for me). Maybe it's time to fix that too to be like IPv4, things like IN_DEV_RPFILTER() and friends aren't looking so bad...

I tested this patch on lo and a few Ethernet devices and saw no IPv6 addresses. Don't know if EPERM is the right errno since we don't know if the user set this or DAD failed.


The disable_ipv6 knob was meant to be used for the kernel to disable IPv6 on an interface when DAD failed for the link-local address based on the MAC, but we should also be able to administratively disable it on an interface, or the entire system. This patch fixes the per-interface problem.

Signed-off-by: Brian Haley <brian.haley@xxxxxx> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 03e2a1a..9bc761f 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -603,6 +603,11 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
goto out2;
}

+ if (idev->cnf.disable_ipv6) {
+ err = -EPERM;
+ goto out2;
+ }
+
write_lock(&addrconf_hash_lock);

/* Ignore adding duplicate addresses on an interface */