Herbert Xu
2007-Jan-02 02:35 UTC
[Xen-devel] [LINUX] ipv6: Disable addrconf on Xen bridge device
Hi:
Back in June 2006 an attempt was made to disable IPv6 addrconf so that
the Xen bridge device does not compete with eth0 in performing IPv6
address configuration. Unfortunately it was incomplete which meant that
IPv6 autoconfiguration was still a hit and miss.
For now the easiest way to disable IPv6 addrconf is to lower the MTU
as follows.
[LINUX] ipv6: Disable addrconf on Xen bridge device
The ipv6-no-autoconf patch didn''t disable IPv6 addrconf completely.
This means that the Xen bridge device still interfered with normal
IPv6 operation by engaging the IPv6 network with a bogus MAC address.
For details please refer to
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200360
The following patch completely disables IPv6 on the Xen bridge device
by temporarily setting the MTU to a value less than the minimum allowed
for IPv6.
Upstream will provide a cleaner way to disable IPv6 addrconf in future,
possibly in the form of a proc sysctl. Of course if the Xen loopback
device is removed it would render this change unnecessary.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff -r 4fc6ffff2ac5 -r 65fe67290bbc patches/linux-2.6.16.33/series
--- a/patches/linux-2.6.16.33/series Sun Dec 31 12:26:42 2006 +0000
+++ b/patches/linux-2.6.16.33/series Tue Jan 02 13:30:59 2007 +1100
@@ -9,7 +9,6 @@ fix-hz-suspend.patch
fix-hz-suspend.patch
fix-ide-cd-pio-mode.patch
i386-mach-io-check-nmi.patch
-ipv6-no-autoconf.patch
net-csum.patch
net-gso-0-base.patch
net-gso-1-check-dodgy.patch
diff -r 4fc6ffff2ac5 -r 65fe67290bbc tools/examples/xen-network-common.sh
--- a/tools/examples/xen-network-common.sh Sun Dec 31 12:26:42 2006 +0000
+++ b/tools/examples/xen-network-common.sh Tue Jan 02 13:30:59 2007 +1100
@@ -117,7 +117,12 @@ create_bridge () {
ip link set ${bridge} arp off
ip link set ${bridge} multicast off
fi
+
+ # A small MTU disables IPv6 (and therefore IPv6 addrconf).
+ mtu=$(ip link show ${bridge} | sed -n ''s/.* mtu
\([0-9]\+\).*/\1/p'')
+ ip link set ${bridge} mtu 68
ip link set ${bridge} up
+ ip link set ${bridge} mtu ${mtu:-1500}
}
# Usage: add_to_bridge bridge dev
diff -r 4fc6ffff2ac5 -r 65fe67290bbc
patches/linux-2.6.16.33/ipv6-no-autoconf.patch
--- a/patches/linux-2.6.16.33/ipv6-no-autoconf.patch Sun Dec 31 12:26:42 2006
+0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-diff -pruN ../orig-linux-2.6.16.29/net/ipv6/addrconf.c ./net/ipv6/addrconf.c
---- ../orig-linux-2.6.16.29/net/ipv6/addrconf.c 2006-09-12 19:02:10.000000000
+0100
-+++ ./net/ipv6/addrconf.c 2006-09-19 13:59:11.000000000 +0100
-@@ -2471,6 +2471,7 @@ static void addrconf_dad_start(struct in
- spin_lock_bh(&ifp->lock);
-
- if (dev->flags&(IFF_NOARP|IFF_LOOPBACK) ||
-+ !(dev->flags&IFF_MULTICAST) ||
- !(ifp->flags&IFA_F_TENTATIVE)) {
- ifp->flags &= ~IFA_F_TENTATIVE;
- spin_unlock_bh(&ifp->lock);
-@@ -2555,6 +2556,7 @@ static void addrconf_dad_completed(struc
- if (ifp->idev->cnf.forwarding == 0 &&
- ifp->idev->cnf.rtr_solicits > 0 &&
- (dev->flags&IFF_LOOPBACK) == 0 &&
-+ (dev->flags & IFF_MULTICAST) &&
- (ipv6_addr_type(&ifp->addr) & IPV6_ADDR_LINKLOCAL)) {
- struct in6_addr all_routers;
-
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Herbert Xu
2007-Jan-23 06:53 UTC
[Xen-devel] Re: [LINUX] ipv6: Disable addrconf on Xen bridge device
On Tue, Jan 02, 2007 at 01:35:41PM +1100, herbert wrote:> > [LINUX] ipv6: Disable addrconf on Xen bridge device > > The ipv6-no-autoconf patch didn''t disable IPv6 addrconf completely. > This means that the Xen bridge device still interfered with normal > IPv6 operation by engaging the IPv6 network with a bogus MAC address. > > For details please refer to > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200360 > > The following patch completely disables IPv6 on the Xen bridge device > by temporarily setting the MTU to a value less than the minimum allowed > for IPv6. > > Upstream will provide a cleaner way to disable IPv6 addrconf in future, > possibly in the form of a proc sysctl. Of course if the Xen loopback > device is removed it would render this change unnecessary. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>Any comments on this patch? If you have a better solution I''d love to know. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2007-Jan-23 07:21 UTC
Re: [Xen-devel] Re: [LINUX] ipv6: Disable addrconf on Xen bridge device
On 23/1/07 6:53 am, "Herbert Xu" <herbert@gondor.apana.org.au> wrote:>> Upstream will provide a cleaner way to disable IPv6 addrconf in future, >> possibly in the form of a proc sysctl. Of course if the Xen loopback >> device is removed it would render this change unnecessary. >> >> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > > Any comments on this patch? If you have a better solution I''d love > to know.Not really. It''s already checked in as c/s 13364:c2fd75d7e2b7. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel