| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Feb 2009 07:55:45 +0100 From: Frank Blaschka <blaschka@...ux.vnet.ibm.com> To: Valdis.Kletnieks@...edu CC: David Miller <davem@...emloft.net>, arvidjaar@...l.ru, rjw@...k.pl, netdev@...r.kernel.org, bonding-devel@...ts.sourceforge.net, jamagallon@....com, linux-kernel@...r.kernel.org Subject: Re: 2.6.29 regression? Bonding tied to IPV6 in 29-rc5 We have the same issue with the qeth_l3 driver (it requires IPv6 symbols). Distributors compile with IPv6 but some customes want to disable IPv6 without building a custom kernel. If there would be a generic solution to address this kind of runtime IPv6 dependencies this would be creat. Valdis.Kletnieks@...edu schrieb: > On Tue, 17 Feb 2009 14:29:46 PST, David Miller said: >> Don't configure ipv6 into your kernel, really. >> >> There is no other way to handle this. If we want to support >> IPV6 layer things in the bonding driver, it is going to >> call helper functions in the ipv6 module and therefore must >> be able to load it and use functions in it. > > What does a poor corporate user do if they're running a distro kernel that > was built with CONFIG_IPV6, but local security policy says "Disable IPv6 > because we don't do it yet, or because it breaks mission-critical software > package XYZ?" There's a *lot* of people who implement that by the "block > the ipv6 module from loading" trick. And building a kernel that doesn't > include IPv6 may not be feasible due to vendor certification issues... > > Heck, *I*'m almost in that boat - probably need to use bonded ethernet on some > servers because we can't get 10GigE, but the software used in the project the > servers were bought for blows chunks if it gets a whiff of an IPv6 address. > Ended up spending 3 weeks doing a massive kludgery of one sort in DNS for the > rest of the world, and equally massive lying in /etc/hosts for the hosts... > (Don't ask - it was long and ugly, and just disabling the module would have > saved me about 2.95 weeks of work, so I know where those people are coming > from...) > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists