http://bugzilla.novell.com/show_bug.cgi?id=494958 Leon Wang changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |kernel-maintainers@forge.pr |ovo.novell.com |ovo.novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 Jeff Mahoney changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low AssignedTo|kernel-maintainers@forge.pr |jbohac@novell.com |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c3 Marius Tomaschewski changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |kasievers@novell.com, | |mt@novell.com, | |ro@novell.com Info Provider|mt@novell.com | --- Comment #3 from Marius Tomaschewski 2009-11-25 14:09:13 UTC --- (In reply to comment #2)

Hmm, my long time plan: push a change to the upstream kernel that makes the /proc/sys/net/ipv[46]/conf/all/* work. This is going to take time and I don't think it is a good idea to diverge from upstream here. The change may never get there, people have different ideas about how this should work :(

Until then, this should be fixed in the sysconfig package. I checked the kernel code and:

- setting /proc/sys/net/ipv6/conf/all/use_tempaddr cannot have any effect at all.

OK... this is a bad thing.

- /proc/sys/net/ipv6/conf/default/use_tempaddr will set the default for newly registered interfaces. If this is set in the initscripts, it might already be too late, as some network drivers are compiled-in into the kernel, may be loaded from initrd, etc. I think this is unusable.

Yes, at least physical interfaces are already there...

The only way to fix this is to read the settings of IPV6_PRIVACY somewhere near ifup (don't know what to do for networkmanager?) and set /proc/sys/net/ipv6/conf//use_tempaddr accordingly.

Marius, could this be done?

rpm -qf /etc/init.d/boot.ipconfig => aaa_base added maintainer to Cc and also Kay. Hmm... This can be set per inteface also via PRE_UP_SCRIPT -- see "man 8 ifup". For virtual interfaces it has to go to sysctl.conf or sysconfig/sysctl as it is using the ..../default/use_temoaddr variable I think. Or does it work properly when the iterface is already up? It would be possible to add a per interface IPV6_PRIVACY variable to ifcfg files and apply before "ip link set up" call... But I'd prefer to use similar names as in proc/sysctl, that is e.g.: SYSCTL_NET_IPV6_CONF_USE_TEMPADDR SYSCTL_NET_IPV6_CONF_AUTOCONF or I think better via per interface ifsysctl.$INTERFACE files with content like: net.ipv6.conf.$IF.autoconf = 0 net.ipv6.conf.$IF.use_tempaddr = 1 IF is the interface name as required in sysctl: ${INTERFACE/\./\/} that can be used instead of the real interface name. In any case, this is not easy or impossible to make for all the virtual interfaces when it is too late when we do it after the ip link set up. Just think of ppp interface, that is created by pppd, not by ifup. But this would be a feature request for 11.3 to make this -- a workaround via a PRE_UP_SCRIPT exists. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c5 Marius Tomaschewski changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tambet@novell.com --- Comment #5 from Marius Tomaschewski 2009-11-27 11:27:40 UTC --- (In reply to comment #4)

(In reply to comment #3)

...

or I think better via per interface ifsysctl.$INTERFACE files with content like:

net.ipv6.conf.$IF.autoconf = 0 net.ipv6.conf.$IF.use_tempaddr = 1

This is a really good idea! Perhaps there is a way to have this in the ifcfg- file itself (to keep all the interface settings together) but at the same not requiring the scripts to individually handle the options?

...

In any case, this is not easy or impossible to make for all the virtual interfaces when it is too late when we do it after the ip link set up.

Couldn't this be handled by udev by calling a script when the interface is registered? It might be hard or impossible to make sure the script finishes before something else brings the device up, though. Kay?

Yes, udev seems to be the best place to execute it. I'll implement a script and call it from /etc/udev/rules.d/77-network.rules it will use /etc/sysconfig/network/ifsysctl-$INTERFACE to set all what's needed when NETWORKMANAGER="no". ==>> Tambet, should I call it also in NETWORKMANAGER="yes" case? The file _inside_ of the file is allowed to use $SYSCTL_IF and the $INTERFACE variables. The SYSCTL_IF variable will be set to ${INTERFACE//./\/} by the script. Example: net.ipv6.conf.$SYSCTL_IF.use_tempaddr Note: sysctl supports two separators "." (default) and "/". When "." is used, every "." in the interface name has to be replaced by "/", e.g. INTERFACE=foo1.42 => SYSCTL_IF=foo1/42 When "/" is used as separator, $INTERFACE can be passed directly, e.g. net/ipv6/conf/$INTERFACE/use_tempaddr

Right. Still, this does not solve the problem of virtual devices. That would be at least partially fixed by making boot.ipconfig set /proc/sys/net/ipv6/conf/default/use_tempaddr instead of .../all/...

yes... it is not only about use_tempaddr -- it is useful/required also for e.g. bridge port setup to tweak these settings. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c9 Tambet Ingo changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|tambet@novell.com | --- Comment #9 from Tambet Ingo 2009-11-30 08:54:15 UTC --- None of our released distributions contain NetworkManager which supports IPv6, so it probably doesn't matter much either way from my perspective. Let's leave the script from comment #8 as it is and I'll let you know if I need it changed sometime later. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c11 --- Comment #11 from Georg Müller 2009-12-01 00:52:04 UTC --- This should also work with NetworkManager. Even if NetworkManager does not support IPv6, I get my IPv6 IP via Router Advertisement (radvd) with NetworkManager enabled. I think there should be a generic ifsysctl file with settings applied to all interfaces instead of a per-interface file. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c13 --- Comment #13 from Jiri Bohac 2009-12-01 11:19:43 UTC --- Comment #12:

I first extract all "all" lines, replace all with $INTERFACE and send them to sysctl. then I grep for lines with $INTERFACE.

I thought the per-interface sysctl settings performed by the patch from Marius was a great idea. Perhaps, we could also have a global file /etc/sysconfig/network/ifsysctl-all with settings for all interfaces. These could be applied first, followed by the settings from the per-interface file. But taking the "all" settings from /etc/sysctl.conf is a hack, which is likely to bite us one day. Comment #8: The scripts seem to work fine for interfaces brought up with ifup. But in will they work correctly if something (pppd has been mentioned here earlier, networkmanager might have the same problem): 1) creates a virtual device 2) brings the device "up" immediately If I understand it correctly, 1) triggers the udev event asynchronously (?), so 2) may complete before udev runs. In case of config options like use_tempaddr, which need to be set before the interface is brought up, this might not work reliably. Any thoughts how to improve this? Is there a way to at least make the udev script run before NetworkManager discovers a newly plugged-in interface? That would probably fix the problem for NetworkManager. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c15 --- Comment #15 from Georg Müller 2009-12-01 12:03:04 UTC --- I don't think that applying "net.ipv6.conf.all.*" is a bug. If the kernel would do it's job, theses settings would have get applied either. So, this change (apply "all", apply "$INTERFACE") is how the kernel should work. You can have per-interface in /etc/sysctl.conf by specifying e.g. "net.ipv6.conf.eth0.*" in this file, the patched file would read it. I don't see the point to have a file named "ifsysctl-eth0" with placeholders in it. If I can name it *-eth0, I can also fill the placeholders in the first place. With configuration in /etc/sysctl.conf, you don't have to deal with another set of files -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c17 --- Comment #17 from Marius Tomaschewski 2009-12-01 21:16:53 UTC --- Created an attachment (id=330351) --> (http://bugzilla.novell.com/attachment.cgi?id=330351) Compromise proposal (just the code without the ifup glue). Georg, the sed s/all/${INTERFACE}/ is not acceptable. Basically "default" and not "all" is responsible for the setting of a new interface. It would also replace all all substrings... but this would be a question for a fix in the sed call. The grep ^net.ipv6.conf.${INTERFACE} /etc/sysctl.conf | sed s/all/${INTERFACE}/ does not make any sense. For what do you want to grep for the interface "grep ^net.ipv6.conf.br1" and then replace s/all/${INTERFACE}/ ? Further, create a eth1.42 interface using "brctl addbr eth1.42" and take a look to the "sysctl -a | grep ^net.ipv6.conf" output. Last, but not least, your script implements only applying of the "all" policy to interfaces. It does not support per-interface setting, that legitimates the script in sysconfig for me (independently of this bug). I'd say, we can apply the global settings from /etc/sysctl.conf first, but without any changes to it and only when a variable is enabled. (Setting "all", changes the global policy that should be set anyway, but does not modify any per interface settings, so it is fine). See the attached script, that implements this. Further, we can have a special "ifsysctl" where you can define settings for all interfaces + "ifsysctl.$INTERFACE" that _should_ have interface specific settings only. Note, that even when using -e -q, you'll get an error for each sysctl key (interface) that does not exists (perhaps this is a bug in sysctl or in the manual page ;-): # bash sysctl.sh | sysctl -e -q -p - /proc/sys/net/ipv6/conf/eth1.2/forwarding: No such file or directory /proc/sys/net/ipv6/conf/eth1.2/use_tempaddr: No such file or directory /proc/sys/net/ipv6/conf/eth1.2/disable_ipv6: No such file or directory OK, this can be solved with a 2>/dev/null. Finally, you _don't_ need to use $INTERFACE or $SYSCTL_IF, but you _can_. I think, it is possible to speak with the NetworkManager maintainer to allow to be allowed to call it when NETWORKMANAGER=no :-) Wel'll see. BTW: Use of a combination of NetworkManager and ifup is not supported. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c19 --- Comment #19 from Georg Müller 2009-12-01 22:30:00 UTC --- My script was just a quick shot to show what I mean. The second sed was a copy/paste error (it was late ;) ). The sed would not replace all "all" substrings ( sed s/all/eth0/g would do that), and since I grep for a string from the beginning (^) I only replace the 'all' at the beginning. Regarding ifup and NetworkManager: If I add an interface via vconfig, it uses the value of "net.ipv6.conf.default.use_tempaddr" - so it works here. The execution of the script is not really related to if-up, but to udev, or am I wrong? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c21 Marius Tomaschewski changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #330163|0 |1 is obsolete| | Attachment #330439|0 |1 is obsolete| | --- Comment #21 from Marius Tomaschewski 2009-12-02 09:53:29 UTC --- Created an attachment (id=330456) --> (http://bugzilla.novell.com/attachment.cgi?id=330456) ifup-sysctl script v3 Removed applying of /etc/sysctl.conf -- it may break too much. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c23 Marius Tomaschewski changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #330480|0 |1 is obsolete| | --- Comment #23 from Marius Tomaschewski 2009-12-02 11:41:57 UTC --- Created an attachment (id=330482) --> (http://bugzilla.novell.com/attachment.cgi?id=330482) ifup-sysctl script v5 Redirected sysctl error messages as info to syslog (not visible by default); it complains about any not existing key (IMO sysctl -e bug), usually the case when an interface does not exist yet. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c25 --- Comment #25 from Marius Tomaschewski 2009-12-02 14:36:27 UTC --- Created an attachment (id=330507) --> (http://bugzilla.novell.com/attachment.cgi?id=330507) ifsysctl.5 manual page -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

http://bugzilla.novell.com/show_bug.cgi?id=494958 http://bugzilla.novell.com/show_bug.cgi?id=494958#c30 Marius Tomaschewski changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #30 from Marius Tomaschewski 2010-01-14 15:11:01 UTC --- Fixed in SLE-11-SP1 and submitted to Base:System and openSUSE:Factory. There will be no update for openSUSE-11.2 providing the ifsysctl script: workaround of the problem is possible by adding udev rule(s) like this: SUBSYSTEM=="net", ACTION=="add", RUN+="/sbin/sysctl -q -w net/ipv6/conf/$env{INTERFACE}/use_tempaddr=1" [it has to use the alternative sysctl format with / separator to avoid the need of quoted dot's in the interface name] to 77-network.rules before the "ifup $env{INTERFACE} -o hotplug" rule block or also to a new rule file, e.g. 76-per-interface-sysctl.rules. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.