Re: Bug#253590: How to turn off IPV6 (link local)

From: Bernd Eckenfels
Date: Tue Jun 15 2004 - 14:51:11 EST

Next message: Atul Sabharwal: "[Announce] Non Invasive Kernel Monitor for threads/processes"
Previous message: Sam Ravnborg: "Re: [PATCH 5/5] kbuild: external module build doc"
In reply to: Trent Lloyd: "Re: How to turn off IPV6 (link local)"
Next in thread: Felipe Alfaro Solana: "Re: Bug#253590: How to turn off IPV6 (link local)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 15, 2004 at 10:30:23AM +0800, Trent Lloyd wrote:
> >
> > net.ipv6.conf.default.autoconf does work for the received prefixes, but does
> > not avoid the link local configuration. (this is btw a documentation error)
>
> autoconf defines whether it will auto-configure an address if a router
> advertises the IPv6 prefix for the network to it.

Yes, but the configure help tells me otherwise. Especially since there are
two options (autoconfigure and accpet_ra) I dont think the current behavious
is intended:

autoconf - BOOLEAN
Configure link-local addresses using L2 hardware addresses.

Default: TRUE

accept_ra - BOOLEAN
Accept Router Advertisements; autoconfigure using them.

Functional default: enabled if local forwarding is disabled.
disabled if local forwarding is enabled.

So I think autoconf=0 should avoid adding the 3ff8 link local address (as
well as lo ::1)

> The issue is not having the link local address, because there is no
> default route and hence the connection should fail.

No, please check the bug report. The problem with netscape is that it _does_
fail and not fall back to ipv4. But I think for performance reasons, no ipv6
application should actually try to contact destinations which are not in
the scope of the configured address (dont connect to sitelocal/global of only
linklocal prefix is configured)

> The problem, in the case of thi sbug, is that he has IPv6 configured,
> but it is not working, 2001: is a real IPv6 address

That was the initial problem, but we have solved that by turning autoconf
off. The last email was only with an fe80:: prefix.

> Link-local address start with fe80:: and never have a default route so
> they will not be a problem.

They are the problem, as you see above because the applications still
prefers them over ipv4.

> You can't, but it is not the issue here, you could however not load the
> module.

Yes, if it is a module. But see my comment above, I dont think the sysctl
behaves as documented, and does not behave as expected.

I can prepare a patch for this, if everybody agrees. In addition to that, I
would like to know how application and resolver can be fixed to not use
incomplete or broken v6 setups (i.e. ignore link local prefix on non local
targets without trying to connect).

Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Mörscher_Strasse_8.76185Karlsruhe.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://www.eckes.org/
o--o 1024D/E383CD7E eckes@IRCNet v:+497211603874 f:+497211606754
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Atul Sabharwal: "[Announce] Non Invasive Kernel Monitor for threads/processes"
Previous message: Sam Ravnborg: "Re: [PATCH 5/5] kbuild: external module build doc"
In reply to: Trent Lloyd: "Re: How to turn off IPV6 (link local)"
Next in thread: Felipe Alfaro Solana: "Re: Bug#253590: How to turn off IPV6 (link local)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]