lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <49CA4C39.7020701@hp.com>
Date:	Wed, 25 Mar 2009 11:22:33 -0400
From:	Brian Haley <brian.haley@...com>
To:	Vlad Yasevich <vladislav.yasevich@...com>
Cc:	davem@...emloft.net, yoshfuji@...ux-ipv6.org, linux@...la.no,
	netdev@...r.kernel.org
Subject: Re: [PATCH] IPv6: Add 'autoconf' and 'disable_ipv6' module parameters

Vlad Yasevich wrote:
> Brian Haley wrote:
>> This is the quick and easy patch to add autoconf and
>> disable_ipv6 module parameters to IPv6.  I don't think anything
>> more complicated is needed, assuming you play with the /etc
>> configuration files.
>>
>> For example, if you wanted to enable IPv6 just on 'lo' you
>> would:
>>
>> 1. Add "ipv6" to /etc/modules (if you don't, step #3 might fail)
>>
>> 2. Add this to /etc/modprobe.conf:
>>
>> 	options ipv6 disable_ipv6=1
>>
>> 3. Add these to /etc/sysctl.conf:
>>
>> 	net.ipv6.conf.all.disable_ipv6=0
>> 	net.ipv6.conf.lo.disable_ipv6=0
> 
> This is kind of confusing.  First you say, disable IPv6, then you say enable IPv6, but
> nothing happens.  Unless you typo-ed the 'all.disable_ipv6 = 0'...

Well, at least on my test system, this worked.  Loading the IPv6 module 
with disable_ipv6=1 sets the .all and .default (and all interfaces) to 
disable, then sysctl turns them back on selectively.  If you don't 
enable the .all.disable_ipv6 knob nothing will actually work - see the 
change in addrconf_prefix_rcv().  You still have to enable it on each 
interface for anything to happen.

> Also, it looks like if someone decides to switch IPv6 back on for a particular
> interface, they would have to wait until the next RA to get an address.  Not an
> optimum solution.

Yes, if someone later-on enables IPv6 on an interface they'll need to 
ifdown/ifup.

>> +	} else {
>> +		/* these will be inherited by all namespaces */
>> +		all->autoconf = dflt->autoconf = ipv6_defaults.autoconf;
>> +		all->disable_ipv6 = dflt->disable_ipv6 =
>> +			ipv6_defaults.disable_ipv6;
> 
> Why set 'all'?  Since no interfaces are created yet, setting dflt accomplishes
> what you want.

Yeah, that's probably not necessary, I assumed if the user passed the 
parameter and saw .all.foo different than .default.foo they might be 
confused.

-Brian
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ