Dheeraj Kandula <[email protected]> writes: > I looked into the code to figure out where the IPv6 configuration is copied > from for a new namespace. > > I came across this function addrconf_init_net. I assume this is the function > that is invoked when a new namespace is created. > > Inside this function, I came across this code, > > if (IS_ENABLED(CONFIG_SYSCTL) && > !net_eq(net, &init_net)) { > switch (sysctl_devconf_inherit_init_net) { > case 1: /* copy from init_net */ > memcpy(all, init_net.ipv6.devconf_all, > sizeof(ipv6_devconf)); > memcpy(dflt, init_net.ipv6.devconf_dflt, > sizeof(ipv6_devconf_dflt)); > break; > case 3: /* copy from the current netns */ > memcpy(all, > current->nsproxy->net_ns->ipv6.devconf_all, > sizeof(ipv6_devconf)); > memcpy(dflt, > current->nsproxy->net_ns->ipv6.devconf_dflt, > sizeof(ipv6_devconf_dflt)); > break; > case 0: > case 2: > /* use compiled values */ > break; > } > } > > If I set the value of net.core.devconf_inherit_init_net to 1, when a new > namespace is created the values in init_net(which again I assume is init > process' namespace value - global/default namespace) > > will be copied into the new namespace. A few lines later, the following code > is present. > > dflt->disable_ipv6 = ipv6_defaults.disable_ipv6; <<<<< This > ipv6_defaults.disable_ipv6 comes from the GRUB command line value of > disable_ipv6. > > Hence if I enable IPv6 before creating a new namespace, the new namespace > still will have IPv6 disabled, because of the above single line of code. Is > this correct? > > net.ipv6.conf.all.disable_ipv6 is used to change the IPv6 state for all the > currently available interfaces. > > net.ipv6.conf.default.disable_ipv6 has the default value from > ipv6_defaults.disable_ipv6 i.e. the grub one. If I change this sysctl, what > impact does it have?
Yes, this looks inconsistent. It might have been intentional to avoid breaking existing behaviour, since the inherit_init_net knob was added long after the default disable_ipv6 stuff. But there doesn't seem to have been any discussion around this when that knob was first introduced: https://lore.kernel.org/all/[email protected]/T/ This is unsuspected if it was intentional. I would have expected at least a comment in the commit message. I suggest you ask about this on the [email protected] list. They are the experts. Don't know how easy it is attracting attention to such a question though... One trick might be to send a patch fixing the problem. That should at least provoke a discussion. Or simply be applied if everyone agrees that it's correct ;-) Bjørn
