RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1318644 - /etc/sysctl.conf contains no IPv6 parameters
Summary: /etc/sysctl.conf contains no IPv6 parameters
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: procps
Version: 6.6
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Jan Rybar
QA Contact: David Jež
URL:
Whiteboard:
Depends On:
Blocks: 1356056 1439837
TreeView+ depends on / blocked
 
Reported: 2016-03-17 12:31 UTC by Stephen Wadeley
Modified: 2017-04-06 16:00 UTC (History)
12 users (show)

Fixed In Version: procps-3.2.8-40.el6
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of: 1243508
: 1439837 (view as bug list)
Environment:
Last Closed: 2017-03-21 11:40:00 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Proposed manpage note (713 bytes, patch)
2016-08-12 10:05 UTC, Jan Rybar
no flags Details | Diff
New NOTES section patch (723 bytes, patch)
2016-09-19 17:22 UTC, Jan Rybar
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0769 0 normal SHIPPED_LIVE procps bug fix update 2017-03-21 12:47:52 UTC

Description Stephen Wadeley 2016-03-17 12:31:23 UTC
+++ This bug was initially created as a clone of Bug #1243508 +++

+++ This bug was initially created as a clone of Bug #995478 +++

Description of problem:

The default /etc/sysctl.conf file provided in the distro contains only IPv4 parameters. There is no reference to IPv6.

For example, if the machine will be used as a router, the paragraph

# Controls IP packet forwarding
net.ipv4.ip_forward = 0 (or 1)

is clearly visible. There is no IPv6 equivalent for this in the file.


Version-Release number of selected component (if applicable):
procps-3.2.8-25.el6.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Install procps package.
2. Look into the /etc/sysctl.conf file


Actual results:
The given parameters are for IPv4 only.

Expected results:
The file should contain equivalent parameters/configuration for IPv6.



--- Additional comment from RHEL Product and Program Management on 2013-10-13 19:16:45 EDT ---

This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

--- Additional comment from Jaromír Cápík on 2014-11-03 08:37:02 EST ---

Hello Răzvan.

Even when the sysctl tool itself is a part of the procps packages, the /etc/sysctl.conf config file belongs to the initscripts component. I'm changing the component to initscripts.

Regards,
Jaromir.

--- Additional comment from Lukáš Nykrýn on 2014-11-03 09:01:01 EST ---

There no such settings because we don't want to modify default kernel values.

--- Additional comment from Răzvan Sandu on 2014-11-03 09:47:16 EST ---

Hello and thanks,

One that configures a Red Hat system as a router *needs* to have a well documented way to make it "permeable" (IP forwarding) for both IPv4 and IPv6 packets.

So we can't rely on the idea "we don't want to modify default kernel values".

Any suggestions, please?

Răzvan

--- Additional comment from Lukáš Nykrýn on 2014-11-03 09:58:20 EST ---

That this looks more like a documentation issue.

--- Additional comment from Jaromír Cápík on 2014-11-03 12:26:46 EST ---

If you only need to know the ipv6 variants of the variables, then I suggest you to type all the variables with 'sysctl -a' and then choose the ones you need to override, so that you could modify your local copy of the sysctl.conf according to your needs.

--- Additional comment from Jaromír Cápík on 2014-11-03 12:30:43 EST ---

You're probably interested in the following two variables:

net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1

--- Additional comment from Răzvan Sandu on 2014-11-06 03:17:06 EST ---

Thank you, :)


IMHO, it is both a:

- "bug" concerning the maintainer of the stock (default) /etc/sysctl.conf file distributed in RHEL/CentOS/Fedora

- documentation "bug" (Red Hat official guides, etc.)


Since GNU/Linux systems are frequently used as routers or NAT gateways, the file and the docs should clearly state, for both IPv4 and IPv6:

- what kernel parameters make the system "permeable" for IPv4 and IPv6 traffic (i.e. allow the passing of IP packets from one network interface to another)

- the /etc/sysctl.conf file distributed in the official distro image should contain lines and clear comments for those parameters, for both IPv4 and IPv6, even if the lines are commented out by default.


These aspects became even more important in recent times, since new versions of these OSes have the IPv6 functions of the network interfaces *enabled* by default, after installation.


For being useful in practice, all these should integrate smoothly with popular firewall solutions for IPv4 and IPv6, such as firewalld or shorewall (http://shorewall.net/).


Thanks a lot,
Răzvan

--- Additional comment from Jaromír Cápík on 2014-11-06 11:28:10 EST ---

I see what you mean. The idea of having a pre-filled sysctl.conf file with comments might be a good way how to make the kernel tuning faster/easier/intuitive. That way it could play a role of config file and template at once.
Lukáši, I think we could start at least with the forwarding settings and at your opinion also other variables often overridden by the users. What do you think?



--- Additional comment from Stephen Wadeley on 2015-04-16 05:52:33 EDT ---

Hello

I believe this subject comes under the heading of:

Reverse Path Forwarding

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Server_Security-Reverse_Path_Forwarding.html


Perhaps I could add a section there.


Thank you

--- Additional comment from Răzvan Sandu on 2015-04-16 10:01:41 EDT ---

Hello,

Thanks to Stephen for the piece of info in comment no 12.

There are *two* issues in this thread; one of them is only collateral.

The *main* issue here is the lack of parallelism for IPv4 and IPv6 parameters in /etc/sysctl.conf and their default values. Users should be able to configure the system in IPv6 as easy as in IPv4. IMHO, this is not a "documentation bug", but one addresed to the team writing the config files that are distributed by default in the distro. Who wites the /etc/sysctl.conf default file?

The second, which is only collateral - I used it just as an example above - is the necessary IPv6 parameter for making a system "permeable" to IPv6 packets. How should one make a system "permeable" to IPv6 packets?

For the second issue, I think the correct, elegant answer is  available in /usr/share/doc/initscripts-*/sysconfig.txt: one must set
IPV6FORWARDING=yes in /etc/sysconfig/network and that's all. If you agree, *please* mention this in Red Hat manuals, in a more visible place (/usr/share/doc/initscripts-*/sysconfig.txt is too obscure).


Best regards,
Răzvan



--- Additional comment from Lukáš Nykrýn on 2015-04-28 03:18:34 EDT ---

Problem is that officially initscripts don't know the default settings, it is kernel stuff, in ideal case kernel should ship some /etc/sysctl.d/* confs with commented defaults.

--- Additional comment from Stephen Wadeley on 2015-06-10 09:37:55 EDT ---

Hello

I would like to summarise this issue.

As per comment 0, if you look in /etc/sysctl.conf you see some values for IPv4 which are overriding the kernel default values. 

 What was meant in comment 4, is that initscripts *itself* does not want to modify the default values. 

As per comment 7 and 8, if the user wants to change the values they can run `sysctl -a` to see what the values currently are, and check the kernel docs for the definitions. For examples, ~]$ less /usr/share/doc/kernel-doc-2.6.32/Documentation/networking/ip-sysctl.txt 


As is being implied in comment 15, initscripts is not the best place to override kernel default values. In an ideal world the kernel would have values widely agreed to be sensible, or patches would be applied by the distro to make changes deemed necessary for that distro. 

Therefore, the feeling is that the "lack of parallelism for IPv4 and IPv6 parameters in /etc/sysctl.conf" should be addressed by removing the need to use that file to change defaults in the kernel, rather than adding IPv6 versions of the current IPv4 settings.


Thank you



--- Additional comment from Stephen Wadeley on 2015-07-15 05:24:59 EDT ---

I will clone to ask kernel team to consider comment 15 while I review the Deployment Guide to see what improvements I can make.

--- Additional comment from Stephen Wadeley on 2015-07-15 05:29:45 EDT ---

On second thoughts, to reduce confusion, I will clone for my Docs review and reassign this original bug to kernel team (as the bug history will be easier to follow).

Sorry for the noise.

--- Additional comment from Stephen Wadeley on 2015-07-15 05:42:29 EDT ---

Hello kernel team

Please consider comment 10 and comment 15

Thank you

= = = =

             Cloning to ask for some minor additions to sysctl.conf and the sysctl.conf manual page.

--- Additional comment from Stephen Wadeley on 2015-07-15 11:59:58 EDT ---

Hello Lukas


Looking in the "/etc/sysctl.conf" file I see this:
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.


How about adding:


#
# Use '/sbin/sysctl -a ' to list all possible parameters.



WRT to manual page sysctl.conf(5)

How about adding:

As the /etc/sysctl.conf file is being used to override default kernel values there are only a small number of parameters present by default. Use '/sbin/sysctl -a ' to list all possible parameters. See /usr/share/doc/kernel-doc-<kernel_version>/Documentation/networking/ip-sysctl.txt for more information on the parameters.


Not use if it is appropriate or necessary to mention initscripts any where there.


Thank you

--- Additional comment from Lukáš Nykrýn on 2015-07-16 03:43:40 EDT ---

Sounds reasonable -> devel_ack

--- Additional comment from Lukáš Nykrýn on 2016-01-14 04:05:01 EST ---

https://git.fedorahosted.org/cgit/initscripts.git/commit/?h=rhel6-branch&id=8f1d77780d59e43e7cc514df9875ccb0ce54944a



--- Additional comment from Leos Pol on 2016-03-03 03:55:16 EST ---

I've reviewed the patch and change is present in all binary initscripts-9.03.51-1.el6 packages as well.

--- Additional comment from Stephen Wadeley on 2016-03-17 07:22:43 EDT ---

Hello


What happened to the second point in comment 1?


i.e.:

WRT to manual page sysctl.conf(5)

How about adding:

As the /etc/sysctl.conf file is being used to override default kernel values there are only a small number of parameters present by default. Use '/sbin/sysctl -a ' to list all possible parameters. See /usr/share/doc/kernel-doc-<kernel_version>/Documentation/networking/ip-sysctl.txt for more information on the parameters.

Do I need to clone this bug for that man page?

--- Additional comment from Lukáš Nykrýn on 2016-03-17 08:05:54 EDT ---

Yep that manpage is in procps-ng package

--- Additional comment from Stephen Wadeley on 2016-03-17 08:23:59 EDT ---

(In reply to Lukáš Nykrýn from comment #7)
> Yep that manpage is in procps-ng package

Thank you Lukas

Comment 1 Jan Rybar 2016-07-21 14:19:14 UTC
Yes, I agree on the additional note. However in my opinion the link to doc file should be omitted simply because kernel-doc seems unavailable in /usr/share/doc that is shipped with RHEL.

Comment 2 Stephen Wadeley 2016-07-21 14:28:43 UTC
Hello Jan

It is not installed by default but it is now in the main channel (I filed BZ#1096839 to get it moved).

Linking to kernel.org would mean you loose version control, so that is also not good.

Can we give the reader some other clue how to find the docs?

Thank you

Comment 6 Jan Rybar 2016-08-12 10:05:20 UTC
Created attachment 1190332 [details]
Proposed manpage note

Comment 9 Jan Rybar 2016-09-19 17:22:26 UTC
Created attachment 1202564 [details]
New NOTES section patch

Comment 17 errata-xmlrpc 2017-03-21 11:40:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0769.html


Note You need to log in before you can comment on or make changes to this bug.