On Fri, 2005-11-04 at 21:24 -0600, Robert Nichols wrote: > Michael H. Warfield wrote: > > Yeah... FC3 and FC4 and beyond have IPv6 enabled by accident. Even > > though the configuration defaults to "no", one of the configuration > > utilities (I suspect either "ip" or "ifconfig" or both) references > > PF_INET6 and the kernel kmodloads it in for you and away you go. But > > it's not properly configured like it should be and that's caused some > > people some problems (hence the threads on how to really REALLY turn it > > off - which requires rebooting the system, BTW...). > The problem is that if _any_ program (the resolver library is a big > culprit here) tries to do anything IPv6-related the unconfigured > kernel module gets loaded, and that module can never be unloaded. > To stop that from happening you have to alias net-pf-10 to "off" > in /etc/modprobe.conf, or else build a kernel that does not contain > IPv6 support at all. Quite an oversight! Actually, the resolver library is not the culprit at all (unless you've got a v6 literal in /etc/resolv.conf). It occurs much much earlier. Once the module is loaded, then the resolver libraries understand that the system is IPv6 enabled and proceed as such. If you were to turn off net-pf-10 in modules.conf and reboot the system and then reenable it (and depmod), the resolver libs would not cause IPv6 to load. OTOH... You would get it loaded if you touched things with ifconfig or ip... Bottom line is that ANYTHING referencing PF_INET6 or AF_INET6 on the application layer in creating a socket is going to cause that net-pf-10 module to be loaded and, boom, there you are with IPv6 loaded and hot to trot and tougher than hell to unload. I had one person in one of my classes on IPv6 claim that he was able to unload the ipv6 module. What he described was basically neutering the entire network stack by downing all interfaces interfaces and removing all routes and tunnels and such and then unloaded ipv6 and then restarting everything. That would NEVER work in the 2.4 kernel where IPv6 is a "permanent" module anyways and, in the 2.6 kernel (where the ipv6 module does maintain a module count), there's a worse than 50/50 chance you would still opps the kernel (Andrew Morton and I discussed this face to face and we basically agree this is not a bug but a self inflicted injury). Yes, this dude managed it... But he went to more work than a reboot and he disrupted the entire system and networking so he might as well have rebooted and he may well still opps the damn thing on a future rev and it will STILL be his fault because he was WARNED... So much for that. > -- > Bob Nichols Yes, "NOSPAM" is really part of my email address. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
signature.asc
Description: This is a digitally signed message part
