Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1243352

Summary: [Docs][RFE] /etc/sysctl.conf contains no IPv6 parameters
Product: Red Hat Enterprise Linux 6 Reporter: Stephen Wadeley <swadeley>
Component: doc-Deployment_GuideAssignee: Stephen Wadeley <swadeley>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: unspecified Docs Contact:
Priority: high    
Version: 6.6CC: albert, ecs-bugs, initscripts-maint-list, lnykryn, ovasik, rsandu2004
Target Milestone: rcKeywords: Documentation, FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Cause: Consequence: Fix: Result:
Story Points: ---
Clone Of: 995478 Environment:
Last Closed: 2016-03-17 11:38:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 995478, 1243508    
Bug Blocks:    

Description Stephen Wadeley 2015-07-15 09:35:47 UTC
+++ This bug was initially created as a clone of Bug #995478 +++

Description of problem:

The default /etc/sysctl.conf file provided in the distro contains only IPv4 parameters. There is no reference to IPv6.

For example, if the machine will be used as a router, the paragraph

# Controls IP packet forwarding
net.ipv4.ip_forward = 0 (or 1)

is clearly visible. There is no IPv6 equivalent for this in the file.


Version-Release number of selected component (if applicable):
procps-3.2.8-25.el6.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Install procps package.
2. Look into the /etc/sysctl.conf file


Actual results:
The given parameters are for IPv4 only.

Expected results:
The file should contain equivalent parameters/configuration for IPv6.



--- Additional comment from RHEL Product and Program Management on 2013-10-13 19:16:45 EDT ---

This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

--- Additional comment from Jaromír Cápík on 2014-11-03 08:37:02 EST ---

Hello Răzvan.

Even when the sysctl tool itself is a part of the procps packages, the /etc/sysctl.conf config file belongs to the initscripts component. I'm changing the component to initscripts.

Regards,
Jaromir.

--- Additional comment from Lukáš Nykrýn on 2014-11-03 09:01:01 EST ---

There no such settings because we don't want to modify default kernel values.

--- Additional comment from Răzvan Sandu on 2014-11-03 09:47:16 EST ---

Hello and thanks,

One that configures a Red Hat system as a router *needs* to have a well documented way to make it "permeable" (IP forwarding) for both IPv4 and IPv6 packets.

So we can't rely on the idea "we don't want to modify default kernel values".

Any suggestions, please?

Răzvan

--- Additional comment from Lukáš Nykrýn on 2014-11-03 09:58:20 EST ---

That this looks more like a documentation issue.

--- Additional comment from Jaromír Cápík on 2014-11-03 12:26:46 EST ---

If you only need to know the ipv6 variants of the variables, then I suggest you to type all the variables with 'sysctl -a' and then choose the ones you need to override, so that you could modify your local copy of the sysctl.conf according to your needs.

--- Additional comment from Jaromír Cápík on 2014-11-03 12:30:43 EST ---

You're probably interested in the following two variables:

net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1

--- Additional comment from Răzvan Sandu on 2014-11-06 03:17:06 EST ---

Thank you, :)


IMHO, it is both a:

- "bug" concerning the maintainer of the stock (default) /etc/sysctl.conf file distributed in RHEL/CentOS/Fedora

- documentation "bug" (Red Hat official guides, etc.)


Since GNU/Linux systems are frequently used as routers or NAT gateways, the file and the docs should clearly state, for both IPv4 and IPv6:

- what kernel parameters make the system "permeable" for IPv4 and IPv6 traffic (i.e. allow the passing of IP packets from one network interface to another)

- the /etc/sysctl.conf file distributed in the official distro image should contain lines and clear comments for those parameters, for both IPv4 and IPv6, even if the lines are commented out by default.


These aspects became even more important in recent times, since new versions of these OSes have the IPv6 functions of the network interfaces *enabled* by default, after installation.


For being useful in practice, all these should integrate smoothly with popular firewall solutions for IPv4 and IPv6, such as firewalld or shorewall (http://shorewall.net/).


Thanks a lot,
Răzvan

--- Additional comment from Jaromír Cápík on 2014-11-06 11:28:10 EST ---

I see what you mean. The idea of having a pre-filled sysctl.conf file with comments might be a good way how to make the kernel tuning faster/easier/intuitive. That way it could play a role of config file and template at once.
Lukáši, I think we could start at least with the forwarding settings and at your opinion also other variables often overridden by the users. What do you think?



--- Additional comment from Stephen Wadeley on 2015-04-16 05:52:33 EDT ---

Hello

I believe this subject comes under the heading of:

Reverse Path Forwarding

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Server_Security-Reverse_Path_Forwarding.html


Perhaps I could add a section there.


Thank you

--- Additional comment from Răzvan Sandu on 2015-04-16 10:01:41 EDT ---

Hello,

Thanks to Stephen for the piece of info in comment no 12.

There are *two* issues in this thread; one of them is only collateral.

The *main* issue here is the lack of parallelism for IPv4 and IPv6 parameters in /etc/sysctl.conf and their default values. Users should be able to configure the system in IPv6 as easy as in IPv4. IMHO, this is not a "documentation bug", but one addresed to the team writing the config files that are distributed by default in the distro. Who wites the /etc/sysctl.conf default file?

The second, which is only collateral - I used it just as an example above - is the necessary IPv6 parameter for making a system "permeable" to IPv6 packets. How should one make a system "permeable" to IPv6 packets?

For the second issue, I think the correct, elegant answer is  available in /usr/share/doc/initscripts-*/sysconfig.txt: one must set
IPV6FORWARDING=yes in /etc/sysconfig/network and that's all. If you agree, *please* mention this in Red Hat manuals, in a more visible place (/usr/share/doc/initscripts-*/sysconfig.txt is too obscure).


Best regards,
Răzvan


--- Additional comment from Lukáš Nykrýn on 2015-04-28 03:18:34 EDT ---

Problem is that officially initscripts don't know the default settings, it is kernel stuff, in ideal case kernel should ship some /etc/sysctl.d/* confs with commented defaults.

--- Additional comment from Stephen Wadeley on 2015-06-10 09:37:55 EDT ---

Hello

I would like to summarise this issue.

As per comment 0, if you look in /etc/sysctl.conf you see some values for IPv4 which are overriding the kernel default values. 

 What was meant in comment 4, is that initscripts *itself* does not want to modify the default values. 

As per comment 7 and 8, if the user wants to change the values they can run `sysctl -a` to see what the values currently are, and check the kernel docs for the definitions. For examples, ~]$ less /usr/share/doc/kernel-doc-2.6.32/Documentation/networking/ip-sysctl.txt 


As is being implied in comment 15, initscripts is not the best place to override kernel default values. In an ideal world the kernel would have values widely agreed to be sensible, or patches would be applied by the distro to make changes deemed necessary for that distro. 

Therefore, the feeling is that the "lack of parallelism for IPv4 and IPv6 parameters in /etc/sysctl.conf" should be addressed by removing the need to use that file to change defaults in the kernel, rather than adding IPv6 versions of the current IPv4 settings.


Thank you



--- Additional comment from Stephen Wadeley on 2015-07-15 05:24:59 EDT ---

I will clone to ask kernel team to consider comment 15 while I review the Deployment Guide to see what improvements I can make.

--- Additional comment from Stephen Wadeley on 2015-07-15 05:29:45 EDT ---

On second thoughts, to reduce confusion, I will clone for my Docs review and reassign this original bug to kernel team (as the bug history will be easier to follow).

Sorry for the noise.

Comment 1 Stephen Wadeley 2015-07-15 11:59:03 UTC
Lets review what we have:


In the section "/proc/sys/net/"

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-proc-dir-sys.html#s3-proc-sys-net

it says:

 The file called

/usr/share/doc/kernel-doc-kernel_version/Documentation/networking/ip-sysctl.txt

contains a complete list of files and options available in the /proc/sys/net/ipv4/ directory. 

However that file contains IPv6 info too.

Idea 1: explain that ip-sysctl.txt also contains IPv6 info.

That is where routing and forwarding settings are documented.


= = =


In "Using the sysctl Command"
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-proc-sysctl.html

it says "For a quick overview of all settings configurable in the /proc/sys/ directory, type the /sbin/sysctl -a command as root. This creates a large, comprehensive list,....."

In "Additional Resources"
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-proc-additional-resources.html

It lists all the kernel docs relevant to this section and explains how to install kernel-doc.

It does not mention /usr/share/doc/initscripts-*/sysconfig.txt as that does not belong to kernel. How would a new user know that /etc/sysctl.conf belongs to initscripts? Do they need to know? If all the info you need can be obtained by running '/sbin/sysctl -a ' then maybe adding that to the conf file  is useful.

Idea 2: Add note just after /etc/sysctl.conf file is mentioned for the first time under  "Using the sysctl Command" to explain it belongs to initscripts.

I see that in  /usr/share/doc/initscripts-*/sysconfig.txt it explains that some values have been moved to /etc/sysctl.conf. We could ask for a review to see if any other values in  /usr/share/doc/initscripts-*/sysconfig.txt need that comment.

Is it necessary to refer to /usr/share/doc/initscripts-*/sysconfig.txt from  /etc/sysctl.conf ?

Idea 3: Mention that modules loaded after sysctl is run may override the settings [as per manual page sysctl(8)]

= = = 


Looking in the "/etc/sysctl.conf" file I see this:
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

Idea 4: 
Explain in that section of /etc/sysctl.conf that this file is supplied by initiscripts and is being used to override default values and therefore only a small number of parameters are present by default.

Add one line to /etc/sysctl.conf explain use of '/sbin/sysctl -a ' to list possible parameters.

= = =

Comment 4 Stephen Wadeley 2015-07-15 15:09:05 UTC
Agreed additions to improve the understanding of the role of sysctl.conf:


= = =

The /usr/share/doc/kernel-doc-kernel_version/Documentation/networking/ip-sysctl.txt file contains a list of files and options available in the /proc/sys/net/ipv4/ and /proc/sys/net/ipv6/ directories. Use the sysctl -a command to list the parameters in the sysctl key format. 


= = 

 The /etc/sysctl.conf is installed by the initscripts package to override some kernel default values and therefore only contains a few of the possible parameters. Use the sysctl -a command to list the parameters in the sysctl key format. See the /usr/share/doc/kernel-doc-kernel_version/Documentation/networking/ip-sysctl.txt file for more information on the possible settings.


 Note that modules loaded after sysctl has parsed this file might override the settings. 


= = = = = =  = =  =

Comment 5 Stephen Wadeley 2016-03-17 11:38:16 UTC
(In reply to Stephen Wadeley from comment #4)
> Agreed additions to improve the understanding of the role of sysctl.conf:
> 
> 

Changes are in the 6.8 beta Deployment Guide
> = = =
> 
> The
> /usr/share/doc/kernel-doc-kernel_version/Documentation/networking/ip-sysctl.
> txt file contains a list of files and options available in the
> /proc/sys/net/ipv4/ and /proc/sys/net/ipv6/ directories. Use the sysctl -a
> command to list the parameters in the sysctl key format. 
> 
> 

For the above, see:
E.3.9.4. /proc/sys/net/

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Deployment_Guide/s2-proc-dir-sys.html
> = = 
> 
>  The /etc/sysctl.conf is installed by the initscripts package to override
> some kernel default values and therefore only contains a few of the possible
> parameters. Use the sysctl -a command to list the parameters in the sysctl
> key format. See the
> /usr/share/doc/kernel-doc-kernel_version/Documentation/networking/ip-sysctl.
> txt file for more information on the possible settings.
> 
> 
>  Note that modules loaded after sysctl has parsed this file might override
> the settings. 
> 
> 

for the above, see: 
E.4. Using the sysctl Command
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Deployment_Guide/s1-proc-sysctl.html

> = = = = = =  = =  =