LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 01-11-2013, 09:11 AM   #1
Celyr
Member
 
Registered: Mar 2012
Location: Italy
Distribution: Slackware+Debian
Posts: 315

Rep: Reputation: 78
blacklist ipv6 not working -current


Hi,

I'm trying with no luck to blacklist ipv6 module.
As first attempt I've added
Code:
blacklist ipv6
at the bottom of /etc/modprobe.d/blacklist.conf and it was not working(rebooted and ipv6 module still loaded). I removed then that line and used
Code:
echo "blacklist ipv6" > /etc/modprobe.d/ipv6.conf
Still no luck after a reboot and
Code:
/lib/modprobe.d/ipv6.conf
was not created.
So i tried
Code:
cp /etc/modprobe.d/ipv6.conf /lib/modprobe.d/ipv6.conf
and after a reboot still no luck.
I'm using 3.7.1 kernel generic kernel.
Suggestions ?
 
Old 01-11-2013, 09:52 AM   #2
GazL
Senior Member
 
Registered: May 2008
Posts: 3,580

Rep: Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073
Yes, blacklisting doesn't work any more, depending on how the particular module is loaded.

This is the way I am doing it::
Code:
gazl@ws1:~$ cat /etc/modprobe.d/ipv6.conf 
options ipv6 disable=1
There's also a "disable_ipv6=1" option you can use instead which does a slightly different thing, but I use the one above which means it can't be reenabled without rebooting, which is either good or bad depending on your point of view.

See /usr/src/linux/Documentation/networking/ipv6.txt for details.
 
3 members found this post helpful.
Old 01-11-2013, 11:13 AM   #3
Celyr
Member
 
Registered: Mar 2012
Location: Italy
Distribution: Slackware+Debian
Posts: 315

Original Poster
Rep: Reputation: 78
Thanks, this solved the issue.
I just wonder if this is the excpeted behavior.
Reading the manual:
Code:
       blacklist modulename
           Modules can contain their own aliases: usually these are aliases
           describing the devices they support, such as "pci:123...". These
           "internal" aliases can be overridden by normal "alias" keywords,
           but there are cases where two or more modules both support the same
           devices, or a module invalidly claims to support a device that it
           does not: the blacklist keyword indicates that all of that
           particular module's internal aliases are to be ignored.
This doesn't give a clue on how blacklist should behave with a module like ipv6 just "all aliases are disbled". I'm starting to think that blacklist is a false friend, it should be something like remove-all-alias and we miss a way to prevent the loading of a module.
Am I wrong?
 
Old 01-11-2013, 04:38 PM   #4
jtsn
Member
 
Registered: Sep 2011
Location: Europe
Distribution: Slackware
Posts: 922

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
Quote:
Originally Posted by Celyr View Post
I just wonder if this is the excpeted behavior.
Blacklisting a module is not the correct way to disable a network protocol. It never was.

Add ipv6.disable_ipv6=1 to the kernel command line to disable IPv6.
 
2 members found this post helpful.
Old 01-12-2013, 03:20 AM   #5
FeyFre
Member
 
Registered: Jun 2010
Location: Ukraine, Vinnitsa
Distribution: Slackware
Posts: 310

Rep: Reputation: 22
Quote:
Blacklisting a module is not the correct way to disable a network protocol. It never was.
Yes, correct way to do that is "find /lib/modules/$(uname -r) -name ipv6.ko |xargs rm -f" :sarcasm-icon:
Where does original poster stated he want "to disable a network protocol"? None of his words here explicitly mentioned any "network" "protocol". I see prevention of module load question only.
 
Old 01-12-2013, 11:30 AM   #6
Woodsman
Senior Member
 
Registered: Oct 2005
Distribution: Slackware 14.1
Posts: 3,482

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
The following in /etc/modprobe.d/aliases.conf seems to work:

alias net-pf-10 off # INET6, IPv6 Protocol
 
Old 01-12-2013, 06:44 PM   #7
jtsn
Member
 
Registered: Sep 2011
Location: Europe
Distribution: Slackware
Posts: 922

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
Quote:
Originally Posted by FeyFre View Post
Where does original poster stated he want "to disable a network protocol"? None of his words here explicitly mentioned any "network" "protocol". I see prevention of module load question only.
He mentioned a network protocol directly in the title.
 
Old 01-12-2013, 08:01 PM   #8
FeyFre
Member
 
Registered: Jun 2010
Location: Ukraine, Vinnitsa
Distribution: Slackware
Posts: 310

Rep: Reputation: 22
jtsn, "He mentioned a network protocol directly in the title" whose name accidentally matches module name. He mentioned "ipv6 module" explicitly (see "module" word?) in message, and never mentioned word "protocol" neither "network". Conclusion: he wants to disable loading of module named "ipv6". If it is to hard to you to ignore coincidence of names, just replace name "ipv6" with other, for instance "battery", and then try to solve problem.

This logical conclusion was made judging of question text. I understand, probably OP jsut wishes to disable IPv6 protocol... but question is still open: how to disable load "ipv6.ko" kernel module. I interested in this kind of solution.
 
Old 01-13-2013, 04:10 AM   #9
GazL
Senior Member
 
Registered: May 2008
Posts: 3,580

Rep: Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073
I don't accept jstn's position, but, you guys are just arguing semantics:
If someone gets on a bus, then they are getting on it because they want to go to somewhere along it's route, not because they want to get on a bus (Well, unless they are a little odd).

If one does not need ipv6 functionality then I see nothing wrong with disabling the loading of the ipv6 module that provides it. Clearly, as this thread demonstrates, blacklisting a module from loading isn't as straight forward as it once was because not everything respects the blacklist any more, but that is a separate issue.

If disabling the loading of the module now requires one to alter module alias definitions then IMO that is getting a little too ugly and is best avoided. That doesn't mean I agree that blacklisting the module is wrong in and of itself, merely inconvenient or impractical.

Last edited by GazL; 01-13-2013 at 04:37 AM.
 
Old 01-13-2013, 05:46 AM   #10
jtsn
Member
 
Registered: Sep 2011
Location: Europe
Distribution: Slackware
Posts: 922

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
Quote:
Originally Posted by GazL View Post
If one does not need ipv6 functionality then I see nothing wrong with disabling the loading of the ipv6 module that provides it.
Breaking IPv6 is a side-effect of blacklisting the ipv6 module. The side-effect only occurs under special circumstances. It never happens, if you boot a kernel, which has IPv6 compiled in or the initrd loads ipv6.ko.

Disabling IPv6 intentionally via the kernel command line always works and doesn't depend on side-effects.
 
1 members found this post helpful.
Old 01-13-2013, 06:41 AM   #11
GazL
Senior Member
 
Registered: May 2008
Posts: 3,580

Rep: Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073
Quote:
Originally Posted by jtsn View Post
Breaking IPv6 is a side-effect of blacklisting the ipv6 module. The side-effect only occurs under special circumstances. It never happens, if you boot a kernel, which has IPv6 compiled in or the initrd loads ipv6.ko.

Disabling IPv6 intentionally via the kernel command line always works and doesn't depend on side-effects.
I guess where we differ is that I don't see disabling the module as 'breaking' anything. If the module is not loaded then the code within it that provides ipv6 functionality is not part of the kernel, and there is nothing to "break" or disable. Yes, this solution is specific to a system that has ipv6 configured as a module, but that is the case with the slackware generic kernel.

I think we're in agreement on the best approach to take, even if not on some of the background behind wshhy, so I'll leave it at that.

Last edited by GazL; 01-13-2013 at 07:12 AM. Reason: shortened reply.
 
Old 01-13-2013, 07:42 AM   #12
Celyr
Member
 
Registered: Mar 2012
Location: Italy
Distribution: Slackware+Debian
Posts: 315

Original Poster
Rep: Reputation: 78
Quote:
Originally Posted by jtsn View Post
Breaking IPv6 is a side-effect of blacklisting the ipv6 module. The side-effect only occurs under special circumstances. It never happens, if you boot a kernel, which has IPv6 compiled in or the initrd loads ipv6.ko.

Disabling IPv6 intentionally via the kernel command line always works and doesn't depend on side-effects.
Disabling ipv6 via kernel command line has the side effect of loading a kernel module for no reason.
It's like to load a driver for a device that you don't have

Last edited by Celyr; 01-13-2013 at 07:43 AM.
 
Old 01-13-2013, 10:11 PM   #13
jtsn
Member
 
Registered: Sep 2011
Location: Europe
Distribution: Slackware
Posts: 922

Rep: Reputation: 459Reputation: 459Reputation: 459Reputation: 459Reputation: 459
Quote:
Originally Posted by GazL View Post
I guess where we differ is that I don't see disabling the module as 'breaking' anything. If the module is not loaded then the code within it that provides ipv6 functionality is not part of the kernel, and there is nothing to "break" or disable.
The code is still part of the kernel, it's just residing in its own kernel object file.

If you want a kernel without IPv6 you have to explicitly build one with CONFIG_IPV6=N.

Please understand what monolithic kernels are and how they work.
 
Old 01-13-2013, 11:48 PM   #14
T3slider
Senior Member
 
Registered: Jul 2007
Distribution: Slackware64-14.1
Posts: 2,330

Rep: Reputation: 771Reputation: 771Reputation: 771Reputation: 771Reputation: 771Reputation: 771Reputation: 771
Quote:
Originally Posted by jtsn View Post
The code is still part of the kernel, it's just residing in its own kernel object file.

If you want a kernel without IPv6 you have to explicitly build one with CONFIG_IPV6=N.

Please understand what monolithic kernels are and how they work.
You're erroneously patronizing. Modules not currently loaded exist as object files but do not exist 'in the kernel' at run-time (ie. they are not loaded into RAM and are not currently functional). The generic kernel has tons of modules that do not normally get loaded -- they are only relevant at run-time if they actually get loaded. Being a monolithic kernel means that the modules, despite existing as standalone parts, still have the capability of evoking a kernel oops that brings the whole damn machine down -- but if the module is not loaded...then obviously nothing is going to happen in regards to that module. You're arguing over semantics in an attempt to prove your correctness but in previous kernels blacklisting certain modules prevented them from being loaded and thus prevented their activity from being used. In today's kernel blacklisting ipv6 does exactly nothing but in general blacklisting a module is not 'improper' and will not 'break' anything.
 
Old 01-14-2013, 04:43 AM   #15
GazL
Senior Member
 
Registered: May 2008
Posts: 3,580

Rep: Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073Reputation: 1073
Quote:
Originally Posted by jtsn View Post
Please understand what monolithic kernels are and how they work.
I have treated you with respect during this discussion despite taking issue with some of your points.
Kindly do me the same courtesy. Even if I were wrong, which I'm not, that tone is unwarranted.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Working but Not Accepting Blacklist mascom. Linux - Newbie 1 11-17-2011 08:43 AM
[SOLVED] blacklist ipv6 not sticking mrmnemo Linux - Networking 5 08-25-2010 08:43 PM
[SOLVED] Slackpkg blacklist ignored when using clean-system on current octoberblu3 Slackware 6 05-02-2010 09:45 PM
slackpkg/blacklist for AlienBob's current multilib and kde 4.4.2 packages damgar Slackware 7 04-08-2010 09:33 PM
Blacklist ipv6 to speed up internet connections. Mol_Bolom Linux - Networking 5 10-05-2009 07:26 PM


All times are GMT -5. The time now is 06:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration