From 17f02b9665ce0ffd6147605ecaa000e42a189ffd Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Tue, 22 Sep 2009 15:56:01 -0700 Subject: Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. Handle cases where IPv6 kernel module is not loaded more gracefully. --- scripts/rl-system.init | 43 +++++++++++++++++++++++++------------------ sysconf/vyatta-sysctl.conf | 8 +++++--- 2 files changed, 30 insertions(+), 21 deletions(-) diff --git a/scripts/rl-system.init b/scripts/rl-system.init index e05e0564..3ca02ed2 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -135,23 +135,30 @@ create_ssh_host_keys () { set_ipv6_params () { - # default values for ipv6 parameters do not take effect for interfaces at boot - # time, so copy over default values to their interface specific parameter - ipv6_params=(accept_source_route accept_redirects) - num_ipv6_params=${#ipv6_params[*]} - i=0 - while [ $i -lt $num_ipv6_params ]; do - default_val=`cat /proc/sys/net/ipv6/conf/default/${ipv6_params[$i]}` - array=(`ls /proc/sys/net/ipv6/conf/`) - array_len=${#array[*]} - j=0 - while [ $j -lt $array_len ]; do - sudo sh -c "echo $default_val > \ - /proc/sys/net/ipv6/conf/${array[$j]}/${ipv6_params[$i]}" - let j++ - done - let i++ - done + # default values for ipv6 parameters do not take effect for interfaces at + # boot time, so copy over default values to their interface specific + # parameter + + if [ ! -d /proc/sys/net/ipv6 ]; then + # Skip it if IPv6 is not loaded + return + fi + + ipv6_params=(accept_source_route accept_redirects) + num_ipv6_params=${#ipv6_params[*]} + i=0 + while [ $i -lt $num_ipv6_params ]; do + default_val=`cat /proc/sys/net/ipv6/conf/default/${ipv6_params[$i]}` + array=(`ls /proc/sys/net/ipv6/conf/`) + array_len=${#array[*]} + j=0 + while [ $j -lt $array_len ]; do + sudo sh -c "echo $default_val > \ + /proc/sys/net/ipv6/conf/${array[$j]}/${ipv6_params[$i]}" + let j++ + done + let i++ + done } setup_ntp_config_file () { @@ -172,7 +179,7 @@ start () { setup_ntp_config_file add_new_serial_if || \ log_failure_msg "can\'t add serial interfaces" - sysctl -q -p /opt/vyatta/etc/vyatta-sysctl.conf || + sysctl -q -e -p /opt/vyatta/etc/vyatta-sysctl.conf || log_failure_msg "can\'t configure kernel settings" set_ipv6_params update_version_info diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index 5b888a8c..1f270d92 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -31,9 +31,6 @@ net.ipv4.icmp_ignore_bogus_error_responses=1 # Send ICMP responses with primary address of exiting interface net.ipv4.icmp_errors_use_inbound_ifaddr=1 -# Enable packet forwarding for IPv6 -net.ipv6.conf.all.forwarding=1 - # Log packets with impossible addresses to kernel log net.ipv4.conf.all.log_martians=1 @@ -58,6 +55,11 @@ net.ipv4.conf.all.accept_source_route=0 # Enable send_redirects by default net.ipv4.conf.all.send_redirects=1 +# IPv6 parameters: + +# Enable packet forwarding for IPv6 +net.ipv6.conf.all.forwarding=1 + # Disable ipv6 accept_source_route by default net.ipv6.conf.default.accept_source_route=-1 -- cgit v1.2.3 From 65cdc4e3fa328fa5586600ce925140a7744f2a5f Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Tue, 22 Sep 2009 15:56:58 -0700 Subject: 0.15.80 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index e3c51286..2b3dbae9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.15.80) unstable; urgency=low + + * Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. + + -- Bob Gilligan Tue, 22 Sep 2009 15:56:58 -0700 + vyatta-cfg-system (0.15.79) unstable; urgency=low * allow install on old compaq smart-array -- cgit v1.2.3 From 6f70fcb2e866000e591e1aa2156150b30c052a0d Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Wed, 23 Sep 2009 16:23:38 -0700 Subject: Bugfix 4892: Add a config parameter to disable IPv6 Added the parameter "system ipv6 disable". If set, the module parameter "disable_ipv6=1" will be passed to the IPv6 module. This inhibits assignment of IPv6 addresses on any interfaces, effectively preventing any IPv6 communication. But it leaves the IPv6 module loaded so that applications that depend upon its existence will not fail. --- templates/system/ipv6/disable/node.def | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 templates/system/ipv6/disable/node.def diff --git a/templates/system/ipv6/disable/node.def b/templates/system/ipv6/disable/node.def new file mode 100644 index 00000000..50aaa420 --- /dev/null +++ b/templates/system/ipv6/disable/node.def @@ -0,0 +1,10 @@ +help: Disable assignment of IPv6 addresses on all interfaces + +create: + sudo sh -c "echo options ipv6 disable_ipv6=1 > \ + /etc/modprobe.d/vyatta_disable_ipv6" + echo "This change will take affect when the system is rebooted." + +delete: + sudo sh -c "rm -f /etc/modprobe.d/vyatta_disable_ipv6" + echo "This change will take affect when the system is rebooted." -- cgit v1.2.3 From 8e984715717650648e968860a7cf0e554445ca50 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Wed, 23 Sep 2009 16:27:01 -0700 Subject: 0.15.81 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 2b3dbae9..d43437f4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +vyatta-cfg-system (0.15.81) unstable; urgency=low + + * Bugfix 4892: Add a config parameter to disable IPv6 + + -- Bob Gilligan Wed, 23 Sep 2009 16:27:00 -0700 + vyatta-cfg-system (0.15.80) unstable; urgency=low * Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. -- cgit v1.2.3