From patchwork Thu Feb 26 19:28:45 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brian Haley X-Patchwork-Id: 23780 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id B23C0DDD1C for ; Fri, 27 Feb 2009 06:29:01 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752338AbZBZT24 (ORCPT ); Thu, 26 Feb 2009 14:28:56 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752146AbZBZT24 (ORCPT ); Thu, 26 Feb 2009 14:28:56 -0500 Received: from g4t0016.houston.hp.com ([15.201.24.19]:7400 "EHLO g4t0016.houston.hp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751679AbZBZT2z (ORCPT ); Thu, 26 Feb 2009 14:28:55 -0500 Received: from g1t0039.austin.hp.com (g1t0039.austin.hp.com [16.236.32.45]) by g4t0016.houston.hp.com (Postfix) with ESMTP id DE5F2142B1; Thu, 26 Feb 2009 19:28:49 +0000 (UTC) Received: from [192.168.1.100] (squirrel.fc.hp.com [15.11.146.57]) by g1t0039.austin.hp.com (Postfix) with ESMTP id 5E4A034059; Thu, 26 Feb 2009 19:28:46 +0000 (UTC) Message-ID: <49A6ED6D.3090508@hp.com> Date: Thu, 26 Feb 2009 14:28:45 -0500 From: Brian Haley Organization: Open Source and Linux Organization User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: Jay Vosburgh CC: David Miller , arvidjaar@mail.ru, vladislav.yasevich@hp.com, chuck.lever@oracle.com, tytso@mit.edu, Valdis.Kletnieks@vt.edu, rjw@sisk.pl, netdev@vger.kernel.org, bonding-devel@lists.sourceforge.net, jamagallon@ono.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] bonding: move IPv6 support into a separate kernel module References: <49A5ADB3.2010709@hp.com> <28797.1235599858@death.nxdomain.ibm.com> <20090225.141430.166906161.davem@davemloft.net> <49A6C6ED.3070801@hp.com> <22876.1235672073@death.nxdomain.ibm.com> In-Reply-To: <22876.1235672073@death.nxdomain.ibm.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Jay Vosburgh wrote: >>>> I've been fooling with the disable_ipv6 sysctl, and one issue is >>>> that, at least on the distro I'm testing on (SLES), it's not picked up >>>> from /etc/sysctl.conf at boot time (presumably because ipv6 isn't loaded >>>> yet, although I haven't really checked). >>> Correct, that's the problem. >>> >>> We could create a blocker bitmap. Two sysctls, "block_af" and >>> "unblock_af". You write the AF_foo value for the protocol there and >>> it sets or clears the assosciated bit in the internal blocker bitmap. >>> >>> Things like sys_socket() et al. key off of this. >> I'm open to suggestions at this point in time, I just don't see how this >> will solve the bonding problem since it still wouldn't load, right? > > It would permit users to load ipv6 (thus allowing bonding to > load), but prevent ipv6 from actually doing anything. (because > sys_socket, e.g., won't open an ipv6 socket if block_af includes ipv6). Right, but it doesn't help someone that changed /etc/modprobe.conf to have "install ipv6 /bin/true" - they'll have to stop doing that. I think changing ipv6 to support a disable_ipv6 module parameter like Vlad suggested would work, as long as we're not worried about someone opening an AF_INET6 socket - even if they do they won't get anywhere. That, along with the patch below to actually not add the addresses, would work (sorry in advance for using an attachment). I'll get started on that... -Brian --- The disable_ipv6 knob was meant to be used for the kernel to disable IPv6 on an interface when DAD failed for the link-local address based on the MAC, but we should also be able to administratively disable it on an interface, or the entire system. This patch fixes the per-interface problem. Signed-off-by: Brian Haley diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index f8f76d6..90f2a81 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -603,6 +603,11 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen, goto out2; } + if (idev->cnf.disable_ipv6) { + err = -EPERM; + goto out2; + } + write_lock(&addrconf_hash_lock); /* Ignore adding duplicate addresses on an interface */