Bug 1075448
| Summary: | ifup-ipv6 should disable ipv6 on interface with IPV6INIT=no | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Tuomo Soini <tis> | ||||
| Component: | initscripts | Assignee: | initscripts Maintenance Team <initscripts-maint-list> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-daemons | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.0 | CC: | lnykryn, pwouters, riehecky | ||||
| Target Milestone: | rc | Keywords: | Reopened | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-05-07 12:59:38 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1048825 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
IPV6INIT=no is NOT about disabling ipv6 in the kernel. https://git.fedorahosted.org/cgit/initscripts.git/commit/?h=rhel6-branch&id=ff894fdcac9713314c8d3234c8a1c843a43760ad Without this patch there is no way to disable ipv6 per interface. This is really critical if you have config with several vlans which are added to bridges for guests. If host system should talk only with ONE of these bridges you need to disable ipv6 on all other bridges or neighbor discovery finds direct route to guests. There is no other mechanism to do this in initscripts. I'd like to notice that IPV6INIT=no does NOT disable ipv6 initialization of the interface. Only with this patch IPV6 is really disabled on interface. Without disabling ipv6 via sysctl link-local address is added to interface and that means neighbor discovery still works so ipv6 is not disabled. Then you specify that setting in sysctl.conf And you blame that works? If interface is not there yet when sysctl is running on startup this setting won't work. So it must be in ifup-ipv6. I really tested this before writing the patch. Also note: ifup-ipv6 includes bash only stuff so it should use #!/bin/bash instead of /bin/sh. (In reply to Tuomo Soini from comment #6) > And you blame that works? If interface is not there yet when sysctl is > running on startup this setting won't work. So it must be in ifup-ipv6. It should work. We are running our apply_sysctl at the end of start action in network initscript I can confirm we hit this issue testing openswan/libreswan on KVM with IPv6 in the guests. ipv6 packet flow is broken inside the guests. I would like to see this fix or another fix that ensures ipv6 in kvm guests work Only on /etc/rc.d/init.d/network. If interface is manually controlled setting won't be applied ever. Yes. There are similar issues in libvirt controlled bridges. By default bridges without ipv6 address should always have ipv6 disabled of they leak packets via wrong interface. or they leak. Ok I understand your use-case. But what I don't personally like is that IPV6INIT is designed as global configuration value. If we apply this patch then I am a little bit worried what impact it would have in global case. Bill mentioned several times that this is something we don't want to do, for example this one https://bugzilla.redhat.com/show_bug.cgi?id=496444 . There is a very big difference to the old patch. Old patch only enabled ipv6 init with IPV6INIT=yes. My patch disables with IPV6INIT=no but also re-enables with IPV6INIT=yes - but unset IPV6INIT will continue to work as neutral solution as before so it won't enable or disable IPV6 but will allow IPV6 link-local address creation as before. Like the old bug very clearly states IPV6INIT=no not disabling ipv6 is a bug and I agree with that - that's the case I am trying to solve with the patch. If you look at what other sysctl values are changed in ifup-ipv6 you understand my patch even better. I added reference bug about same problem in NetworkManager. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. The comment above is incorrect. The correct version is bellow. I'm sorry for any inconvenience. --------------------------------------------------------------- This request was NOT resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you need to escalate this bug. After some more thinking closing this as wontfix. IPV6INIT=no is exactly doing what it is saying "Don't initialize ipv6", it should not care if the ipv6 is really disabled on that device. |
Created attachment 873361 [details] Patch to disable ipv6 on interface with IPV6INIT=no Description of problem: IPV6INIT=no in interface config should cause disabling ipv6 on the interface. This is especially important when there are vlans + bridges configured on kvm host system without ipv6 address on bridge. If link-local ip addresses are left on "IPV6INIT=no" neighbor discovery still finds hosts and communication dooesn't work because packages are passed via bridge where host system doesn't have real ipv6 address. This patch is for rhel7b1 initscripts.