lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090218135537.GF3600@mini-me.lan>
Date:	Wed, 18 Feb 2009 08:55:37 -0500
From:	Theodore Tso <tytso@....edu>
To:	David Miller <davem@...emloft.net>
Cc:	Valdis.Kletnieks@...edu, arvidjaar@...l.ru, rjw@...k.pl,
	netdev@...r.kernel.org, bonding-devel@...ts.sourceforge.net,
	jamagallon@....com, linux-kernel@...r.kernel.org
Subject: Re: 2.6.29 regression? Bonding tied to IPV6 in 29-rc5

On Tue, Feb 17, 2009 at 09:29:19PM -0800, David Miller wrote:
> Next, if it's just an issue of IPV6 traffic, install a packet
> scheduler rule that rejects all packets with ethernet proto
> ETH_P_IPV6
> 
> If openning up ipv6 sockets is problematic, that can be blocked
> using the security layer, which your super-duper distro kernel
> is guarenteed to have enabled. :-)
> 
> I'm sure there is someone who has legacy problems with ipv4
> and that can't be disabled, and somehow people cope.  Amazing.

The reality is that there are far more people who have legacy problems
with ipv6 than ipv4 (which has been around and in active use for about
3 decades, after all), whereas ipv6 has been around and largely
ignored for about a decade.  :-/

I'll admit that I ran into some wierd sh*t problems with some open
source software or another failing mysteriously when IPv6 was enabled,
and I dealt with it by simply disabling IPv6 (yeah, I blocked the
module).  I was in a hurry, and it just didn't work, and I had better
thing to do than to spend time trying to debug why the presense of an
IPv6 enabled interface caused programs to misbehave in random ways.

I think I can pretty much guarantee that distro users will be
clamoring for a quick and easy way to block ipv6, and it's in our
interest to document the recomended way to block it that doesn't cause
weird problems with bonding, etc.

						- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ