Re: IPv6 in FC4 - How

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2005-11-04 at 21:24 -0600, Robert Nichols wrote:
> Michael H. Warfield wrote:
> > 	Yeah...  FC3 and FC4 and beyond have IPv6 enabled by accident.  Even
> > though the configuration defaults to "no", one of the configuration
> > utilities (I suspect either "ip" or "ifconfig" or both) references
> > PF_INET6 and the kernel kmodloads it in for you and away you go.  But
> > it's not properly configured like it should be and that's caused some
> > people some problems (hence the threads on how to really REALLY turn it
> > off - which requires rebooting the system, BTW...).

> The problem is that if _any_ program (the resolver library is a big
> culprit here) tries to do anything IPv6-related the unconfigured
> kernel module gets loaded, and that module can never be unloaded.
> To stop that from happening you have to alias net-pf-10 to "off"
> in /etc/modprobe.conf, or else build a kernel that does not contain
> IPv6 support at all.  Quite an oversight!

	Actually, the resolver library is not the culprit at all (unless you've
got a v6 literal in /etc/resolv.conf).  It occurs much much earlier.
Once the module is loaded, then the resolver libraries understand that
the system is IPv6 enabled and proceed as such.  If you were to turn off
net-pf-10 in modules.conf and reboot the system and then reenable it
(and depmod), the resolver libs would not cause IPv6 to load.  OTOH...
You would get it loaded if you touched things with ifconfig or ip...
Bottom line is that ANYTHING referencing PF_INET6 or AF_INET6 on the
application layer in creating a socket is going to cause that net-pf-10
module to be loaded and, boom, there you are with IPv6 loaded and hot to
trot and tougher than hell to unload.

	I had one person in one of my classes on IPv6 claim that he was able to
unload the ipv6 module.  What he described was basically neutering the
entire network stack by downing all interfaces interfaces and removing
all routes and tunnels and such and then unloaded ipv6 and then
restarting everything.  That would NEVER work in the 2.4 kernel where
IPv6 is a "permanent" module anyways and, in the 2.6 kernel (where the
ipv6 module does maintain a module count), there's a worse than 50/50
chance you would still opps the kernel (Andrew Morton and I discussed
this face to face and we basically agree this is not a bug but a self
inflicted injury).  Yes, this dude managed it...  But he went to more
work than a reboot and he disrupted the entire system and networking so
he might as well have rebooted and he may well still opps the damn thing
on a future rev and it will STILL be his fault because he was WARNED...
So much for that.

> -- 
> Bob Nichols         Yes, "NOSPAM" is really part of my email address.

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@xxxxxxxxxxxx  
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux