Bug 664550

Fixed, SR is #58625.

See
  https://bugzilla.novell.com/show_bug.cgi?id=494958#c2
as well as:
  http://bugzilla.kernel.org/show_bug.cgi?id=11655
and
  http://bugzilla.kernel.org/show_bug.cgi?id=9224

Setting "ipv6/conf/all/use_tempaddr" does not work at all. It has to be
changed to

  echo "2" > /proc/sys/net/ipv6/conf/default/use_tempaddr

(or both).

I'll rework this

done meanwhile

I'm curious about the status of this issue, and my (limited) understanding of it.

I expected that setting IPV6_PRIVACY=yes in /etc/sysconfig/sysctl would have worked, but it doesn't, because it changes it for default not 'all'.

Furthermore, the kernel bug(s) referenced above seem to indicate that 'all' doesn't work quite right for things like use_tempaddr, and that the interface name must be used explicitly. 


Am I wrong to conclude that

a) the init script in openSUSE 11.4 /as of this writing/ is not working properly (it is clearly writing to 'default' which only works for interfaces brought up after)

b) it should write to *both* default *and* all *and* all interfaces[1], since 'all' does NOT appear to work?



[1] -- how hard to fix the kernel vs. the init script such that writing to 'all' really changes 'all' ? 


My tests:




frank:/proc/sys/net/ipv6/conf # more */use_tempaddr | cat 
::::::::::::::
all/use_tempaddr
::::::::::::::
0
::::::::::::::
default/use_tempaddr
::::::::::::::
0
::::::::::::::
eth0/use_tempaddr
::::::::::::::
0
::::::::::::::
lo/use_tempaddr
::::::::::::::
-1
frank:/proc/sys/net/ipv6/conf # /etc/init.d/boot.ipconfig start
Enabling syn flood protection                                                                                          done
Disabling IP forwarding                                                                                                done
Disabling IPv6 forwarding                                                                                              done
Enabling IPv6 privacy                                                                                                  done
frank:/proc/sys/net/ipv6/conf # more */use_tempaddr | cat 
::::::::::::::
all/use_tempaddr
::::::::::::::
0
::::::::::::::
default/use_tempaddr
::::::::::::::
2
::::::::::::::
eth0/use_tempaddr
::::::::::::::
0
::::::::::::::
lo/use_tempaddr
::::::::::::::
-1
frank:/proc/sys/net/ipv6/conf # echo 2 > all/use_tempaddr 
frank:/proc/sys/net/ipv6/conf # more */use_tempaddr | cat 
::::::::::::::
all/use_tempaddr
::::::::::::::
2
::::::::::::::
default/use_tempaddr
::::::::::::::
2
::::::::::::::
eth0/use_tempaddr
::::::::::::::
0
::::::::::::::
lo/use_tempaddr
::::::::::::::
-1
frank:/proc/sys/net/ipv6/conf #

hmm. it doesn't work for interfaces that are already up when boot.ipconfig/boot.sysctl runs. I wonder why interfaces are up at this point though. Network scripts are supposed to activate them later.

(In reply to comment #5)
> Furthermore, the kernel bug(s) referenced above seem to indicate that 'all'
> doesn't work quite right for things like use_tempaddr, and that the interface
> name must be used explicitly.

This may depend on the kernel & configuration [e.g. ipv6 as module];
setting "all" usually works, except in the IPV6_PRIVACY=yes case.

When I remember correctly:
You can set "all" and the setting will be visible in ethX/use_tempaddr,
but is simply has no effect (no temp address gets assigned) until you
set down & up the interface, because the autoconfig already happened
[or it is already running using the old setting].

> Am I wrong to conclude that
> 
> a) the init script in openSUSE 11.4 /as of this writing/ is not working
> properly (it is clearly writing to 'default' which only works for interfaces
> brought up after)

No, this is not a wrong conclusion.

Currently the best way is to set it in /etc/sysconfig/network/ifsysctl;
when needed, also per interface. See "man 5 ifsysctl".

It is applied twice: via udev as soon as an interface appears and then
also before ifup calls "ip link set up", ...

> b) it should write to *both* default *and* all *and* all interfaces[1],
> since 'all' does NOT appear to work?

Well.. to catch all interfaces "all" *would* be correct -- when it would
have an effect. In the hope, that the setting gets applied early enough,
we set "default" as it works for new interfaces.

Maybe it would be a not so bad idea to set both to increase the hope :-)

> [1] -- how hard to fix the kernel vs. the init script such that writing to
> 'all' really changes 'all' ? 

This seems to be same with writting E-Mails to /dev/null. Note, that the
referenced kernel.org reports about are from 2007 & 2008 and still "NEW".

We are adding & fixing strange workarounds because of this since years...

As Jiri already wrote in comment referenced above "The change may never get
there [upstream], people have different ideas about how this should work :(".

It is a common problem we have, see also:
  https://bugzilla.novell.com/show_bug.cgi?id=559170
  http://www.spinics.net/lists/netdev/msg115260.html

boot.sysctl and boot.ipconfig simply run too late to apply global settings. The scripts would need to run even before udev loads the network drivers.

try the following:
# mkdir -p /etc/insserv/overrides
# cat <<EOF > /etc/insserv/overrides/boot.sysctl
### BEGIN INIT INFO
# Provides:          boot.sysctl
# Required-Start:    $null
# Required-Stop:     $null
# Default-Start:     B
# Default-Stop:
# Description:       run sysctl with a given config file or create it
### END INIT INFO
EOF

This is an autogenerated message for OBS integration:
This bug (664550) was mentioned in
https://build.opensuse.org/request/show/70552 11.4 / aaa_base

This is an autogenerated message for OBS integration:
This bug (664550) was mentioned in
https://build.opensuse.org/request/show/71850 Factory / procps

Update released for: aaa_base, aaa_base-debuginfo, aaa_base-debugsource, aaa_base-extras
Products:
openSUSE 11.4 (debug, i586, x86_64)