lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <25143.1234932076@turing-police.cc.vt.edu>
Date:	Tue, 17 Feb 2009 23:41:16 -0500
From:	Valdis.Kletnieks@...edu
To:	David Miller <davem@...emloft.net>
Cc:	arvidjaar@...l.ru, rjw@...k.pl, netdev@...r.kernel.org,
	bonding-devel@...ts.sourceforge.net, jamagallon@....com,
	linux-kernel@...r.kernel.org
Subject: Re: 2.6.29 regression? Bonding tied to IPV6 in 29-rc5

On Tue, 17 Feb 2009 14:29:46 PST, David Miller said:
> Don't configure ipv6 into your kernel, really.
> 
> There is no other way to handle this.  If we want to support
> IPV6 layer things in the bonding driver, it is going to
> call helper functions in the ipv6 module and therefore must
> be able to load it and use functions in it.

What does a poor corporate user do if they're running a distro kernel that
was built with CONFIG_IPV6, but local security policy says "Disable IPv6
because we don't do it yet, or because it breaks mission-critical software
package XYZ?"  There's a *lot* of people who implement that by the "block
the ipv6 module from loading" trick.  And building a kernel that doesn't
include IPv6 may not be feasible due to vendor certification issues...

Heck, *I*'m almost in that boat - probably need to use bonded ethernet on some
servers because we can't get 10GigE, but the software used in the project the
servers were bought for blows chunks if it gets a whiff of an IPv6 address.
Ended up spending 3 weeks doing a massive kludgery of one sort in DNS for the
rest of the world, and equally massive lying in /etc/hosts for the hosts...
(Don't ask - it was long and ugly, and just disabling the module would have
saved me about 2.95 weeks of work, so I know where those people are coming
from...)


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ