tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: How do I keep an inet6 address from being added to an interface?

On 5 May 2010, at 13:14 , Matthew Mondor wrote:

> Hmm after looking at sysctl(8) net.inet6 stubs and in6_ifattach.c there
> seems to be no option that I see for that in netbsd-5.  It's part of
> the ipv6 standard that interfaces have an automatic link-local address,
> and that address can only be used on the local network, but I guess
> that it could be legitimate for some administrator to not want a
> link-local address configured.

It may be part of the IPv6 standard that an interface used for
IPv6 needs a link-local address, but it isn't part of any standard
that every interface in the box needs to run IPv6 (or IPv4, or Appletalk,
or anything in particular).  I'd like to use this interface for
user-space protocol processing, so I'm trying to keep the packets
it receives out of the kernel.

> However, it is possible to disable listening to router advertisements
> using net.inet6.ip6.accept_rtadv = 0 and to prevent a v6 socket from
> accepting v4 to v6 mapping using net.inet6.ip6.v6only = 1.

There is also a variable ip6_auto_linklocal which can be set to zero
(with the debugger rather than sysctl) which keeps it from adding
addresses automatically, but doing this or any of the above also screws
up ipv6 on the other interface in the box where I was hoping to keep it

> Also, have you tried removing the link-local address using ifconfig?
> If that works, that address is supposed to remain the same for that
> interface, so a script could do it easily once you know the address to
> remove.

I tried this, but ifconfig inet6 delete is disallowed for ipv6 (this
is documented on the manual page), while ifconfig -alias seems to produce
an error when trying to take off the last remaining address.  There seems
to be no way to get it off once it is on there that I can find.

I think the fundamental problem is that BSD Unix networking has never
had a way to enable or disable protocols on an interface separate from
the act of adding and deleting the protocol's adresses to/from the interface.
For ipv6's magically added addresses there is no ipv6_enabled flag to look
at to tell when this is or isn't appropriate (this is also a bug for ipv4,
actually, since it forces all interfaces enabled for ipv4 to have addresses
even though point-to-point interfaces run just fine without them).  It
would have been better if the ipv6 code had fixed this by adding explicit
protocol enable flags, however, rather than just forcing you to run
the protocol on every interface on the box if you want to run it on any
of them.

Dennis Ferguson
run ipv4 just fine without them)

Home | Main Index | Thread Index | Old Index