Re: 2.6.29 regression? Bonding tied to IPV6 in 29-rc5

[Brian Haley]

Vlad Yasevich wrote:
> Having worked in other environments where ipv6 has to be explicitly
> enabled per interface, I've thought that this level of control was
> always missing from linux.  Being able to configure only the interface
> that users want seems like a good thing to have.
> Would a module parameter that disables ipv6 or at least addrconf be
> enough of a solution?

There does seem to be a sysctl for it, just doesn't seem to work. 
Possible patch below.

This actually brings up the issue that the "all" ipv6 sysctl, for 
example net.ipv6.conf.all.disable_ipv6, doesn't actually do anything (at 
least it didn't seem to for me).  Maybe it's time to fix that too to be 
like IPv4, things like IN_DEV_RPFILTER() and friends aren't looking so 
bad...

I tested this patch on lo and a few Ethernet devices and saw no IPv6 
addresses.  Don't know if EPERM is the right errno since we don't know 
if the user set this or DAD failed.


The disable_ipv6 knob was meant to be used for the kernel to disable 
IPv6 on an interface when DAD failed for the link-local address based on 
the MAC, but we should also be able to administratively disable it on an 
interface, or the entire system.  This patch fixes the per-interface 
problem.

Signed-off-by: Brian Haley <brian.haley@xxxxxx>
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 03e2a1a..9bc761f 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -603,6 +603,11 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
 		goto out2;
 	}
 
+	if (idev->cnf.disable_ipv6) {
+		err = -EPERM;
+		goto out2;
+	}
+
 	write_lock(&addrconf_hash_lock);
 
 	/* Ignore adding duplicate addresses on an interface */