I've come across some unexpected changes in interface behavior between
linux-image-5.10.0-13-amd64 and linux-image-5.10.0-17-amd64.
Consider the following script:
$ cat test.sh
#!/bin/sh
sudo ip link add test1 type veth peer test2
sudo ip link set test1 down
sudo ip link set test2 down
sudo sysctl net.ipv6.conf.test1.disable_ipv6=1
sudo sysctl net.ipv6.conf.test2.disable_ipv6=1
sudo ip link set test1 up
sudo ip link set test2 up
(There might be a simpler way to trigger it, but this one works for me.)
When I run this on a system running linux-image-5.10.0-13-amd64, I get this
behavior:
$ ./test.sh
net.ipv6.conf.test1.disable_ipv6 = 1
net.ipv6.conf.test2.disable_ipv6 = 1
$ ip addr | grep -A 3 test[12]
2370: test2@test1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP group default qlen 1000
link/ether ea:fc:8a:36:09:fc brd ff:ff:ff:ff:ff:ff
2371: test1@test2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP group default qlen 1000
link/ether e2:e0:d2:09:0d:de brd ff:ff:ff:ff:ff:ff
$ sudo sysctl net.ipv6.conf.test1.disable_ipv6
net.ipv6.conf.test1.disable_ipv6 = 1
$ sudo sysctl net.ipv6.conf.test2.disable_ipv6
net.ipv6.conf.test2.disable_ipv6 = 1
No IPv6 addresses, and IPv6 is still disabled. But when I run on a system
running linux-image-5.10.0-17-amd64, I get this behavior:
$ ./test.sh
net.ipv6.conf.test1.disable_ipv6 = 1
net.ipv6.conf.test2.disable_ipv6 = 1
$ ip addr | grep -A 3 test[12]
212: test2@test1: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default qlen 1000
link/ether ce:16:79:86:ea:16 brd ff:ff:ff:ff:ff:ff
inet6 fe80::cc16:79ff:fe86:ea16/64 scope link
valid_lft forever preferred_lft forever
213: test1@test2: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default qlen 1000
link/ether b6:8f:2e:59:1e:68 brd ff:ff:ff:ff:ff:ff
inet6 fe80::b48f:2eff:fe59:1e68/64 scope link
valid_lft forever preferred_lft forever
$ sudo sysctl net.ipv6.conf.test1.disable_ipv6
net.ipv6.conf.test1.disable_ipv6 = 0
$ sudo sysctl net.ipv6.conf.test2.disable_ipv6
net.ipv6.conf.test2.disable_ipv6 = 0
The interfaces are configured with link-local addresses, and IPv6 is no longer
disabled.
I looked through the changelog for linux-image-5.10.0-17-amd64 and saw a number
of changes from upstream involving sysctl, but I couldn't point to any one
thing that might have caused this.
So... what I'm looking for is 1) a sanity check (can others confirm the
behavior discrepancy?); 2) an expectation of *correct* behavior (seems to me
like the 5.10.0-13 behavior is "correct"); and 3) suggestions for next steps.
This has broken some software I've developed. I have a workaround, but it's not
very pretty :)
P.S. For those that are concerned that I'm disabling IPv6, this is for
teaching the link layer, and it's really hard to do that with all the activity
associated with IPv6.
