Debian Bug report logs - #507788
sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings

version graph

Package: procps; Maintainer for procps is Craig Small <csmall@debian.org>; Source for procps is src:procps.

Reported by: martin f krafft <madduck@debian.org>

Date: Thu, 4 Dec 2008 13:30:02 UTC

Severity: important

Tags: ipv6

Found in version procps/1:3.2.7-9

Fixed in version procps/1:3.2.8-8

Done: Craig Small <csmall@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Thu, 04 Dec 2008 13:30:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to martin f krafft <madduck@debian.org>:
New Bug report received and forwarded. Copy sent to Craig Small <csmall@debian.org>. (Thu, 04 Dec 2008 13:30:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: martin f krafft <madduck@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Thu, 4 Dec 2008 14:26:54 +0100
[Message part 1 (text/plain, inline)]
Package: procps
Version: 1:3.2.7-9
Severity: serious
Tags: ipv6
File: /etc/sysctl.conf

Setting kernel variables (/etc/sysctl.conf)...error:
"net.ipv6.conf.default.autoconf" is an unknown key
error: "net.ipv6.conf.default.accept_ra" is an unknown key
error: "net.ipv6.conf.default.accept_ra_defrtr" is an unknown key
error: "net.ipv6.conf.default.accept_ra_pinfo" is an unknown key
error: "net.ipv6.conf.default.accept_source_route" is an unknown key
error: "net.ipv6.conf.default.accept_redirects" is an unknown key
error: "net.ipv6.conf.default.forwarding" is an unknown key
error: "net.ipv6.conf.all.autoconf" is an unknown key
error: "net.ipv6.conf.all.accept_ra" is an unknown key
error: "net.ipv6.conf.all.accept_ra_defrtr" is an unknown key
error: "net.ipv6.conf.all.accept_ra_pinfo" is an unknown key
error: "net.ipv6.conf.all.accept_source_route" is an unknown key
error: "net.ipv6.conf.all.accept_redirects" is an unknown key
error: "net.ipv6.conf.all.forwarding" is an unknown key
failed.
Mounting local filesystems...done.
Activating swapfile swap...done.
Setting up resolvconf...done.
Setting up networking....

The ipv6 module on Debian is loaded only by the networking code, so
either sysctl.conf should run after that, or the ipv6 module needs
to be loaded before somehow.

RC severity, since ipv6 is a release goal and this prevents me from
using sysctl.conf for setting stuff like ipv6 forwarding, but forces
me to use hooks and/or rc.local instead.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.27-1-686 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages procps depends on:
ii  libc6                      2.7-16        GNU C Library: Shared libraries
ii  libncurses5                5.7+2008115-1 shared libraries for terminal hand
ii  lsb-base                   3.2-20        Linux Standard Base 3.2 init scrip

Versions of packages procps recommends:
ii  psmisc                        22.6-1     Utilities that use the proc filesy

procps suggests no packages.

-- no debconf information


-- 
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
[digital_signature_gpg.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Fri, 05 Dec 2008 10:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Didier Raboud <didier@raboud.com>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Fri, 05 Dec 2008 10:09:03 GMT) Full text and rfc822 format available.

Message #10 received at 507788@bugs.debian.org (full text, mbox):

From: Didier Raboud <didier@raboud.com>
To: Debian Bug Tracking System <507788@bugs.debian.org>
Subject: procps: S4* instead of S04 ?
Date: Fri, 05 Dec 2008 11:05:34 +0100
Package: procps
Version: 1:3.2.7-9
Severity: normal

Hi, 

/etc/rcS.d/README tells :
* After the S40 scripts have executed, all local file systems are mounted
  and networking is available. All device drivers have been initialized.

and the link to procps is actually (on my box at least) : /etc/rcS.d/S04procps

Why not putting it in S40procps instead ?

Regards, 

OdyX

-- System Information:
Debian Release: lenny/sid
  APT prefers testing-proposed-updates
  APT policy: (750, 'testing-proposed-updates'), (700, 'testing'), (600, 'unstable'), (50, 'testing-proposed-updates'), (50, 'experimental'), (50, 'unstable'), (50, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CH.UTF-8, LC_CTYPE=fr_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages procps depends on:
ii  libc6                     2.7-16         GNU C Library: Shared libraries
ii  libncurses5               5.7+20081129-1 shared libraries for terminal hand
ii  lsb-base                  3.2-20         Linux Standard Base 3.2 init scrip

Versions of packages procps recommends:
ii  psmisc                        22.6-1     Utilities that use the proc filesy

procps suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Fri, 05 Dec 2008 11:12:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Bernhard R. Link" <brlink@debian.org>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Fri, 05 Dec 2008 11:12:02 GMT) Full text and rfc822 format available.

Message #15 received at 507788@bugs.debian.org (full text, mbox):

From: "Bernhard R. Link" <brlink@debian.org>
To: 507788@bugs.debian.org
Subject: sysctl and modules
Date: Fri, 5 Dec 2008 12:07:41 +0100
I'd like to note two things to this bug:

1) moving sysctl invocation later might open some subtile problems.
For example moving things like net.ipv4.conf.all.accept_redirects = 0
after network initialisation might open up a window for attacks.
Or some of the arp related stuff, that might break in more complex
settings when in the short time the wrong packages are received.

2) ipv6 is not the only thing that needs the module loaded first.
For example when doing an nfs4 mount, you might need to set the
tcp callback port. But you need to set it before mounting (as otherwise
the mount will not use it, and perhaps even fail due to some firewalls)
but usually the nfs module is only loaded in the init.d script also
doing the mount, so /proc/sys/fs/nfs/nfs_callback_tcpport does not exist
before, so currently you have to add nfs to /etc/modules and so you can
set that value in sysctl.conf, so you get a working mount despite of the
over-zealous firewalls.

While the best solution would of course some meachnism to load the
appropiate modules for a needed file, the lack of some usable catalog
for that most likely will not make that very scaleable.

Another way would be to just add an additional construct so that with
something like

!modprobe nfs
or
!modprobe ipv6

in sysctl config files will modprobe the appropiate module before
continuing.

Of course for the ipv6 problems this bugreport is about, adding a
comment that the ipv6 module is to be listed in /etc/modules might
also be considered a "fix" in some way.

Hochachtungsvoll,
	Bernhard R. Link




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#507788; Package procps. (Fri, 05 Dec 2008 11:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Craig Small <csmall@debian.org>:
Extra info received and forwarded to list. (Fri, 05 Dec 2008 11:12:03 GMT) Full text and rfc822 format available.

Message #20 received at 507788@bugs.debian.org (full text, mbox):

From: Craig Small <csmall@debian.org>
To: Didier Raboud <didier@raboud.com>, 507788@bugs.debian.org
Subject: Re: Bug#507788: procps: S4* instead of S04 ?
Date: Fri, 5 Dec 2008 22:07:32 +1100
On Fri, Dec 05, 2008 at 11:05:34AM +0100, Didier Raboud wrote:
> * After the S40 scripts have executed, all local file systems are mounted
>   and networking is available. All device drivers have been initialized.
> 
> and the link to procps is actually (on my box at least) : /etc/rcS.d/S04procps
Mine's S30, which is what it should be for a default installation. It's
been 30 for a while now.

> Why not putting it in S40procps instead ?
I believe its before the network is up for a reason, ie the network
related stuff is all sorted out first.

 - Craig
-- 
Craig Small      GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/                             csmall at : enc.com.au
http://www.debian.org/          Debian GNU/Linux, software should be Free 




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#507788; Package procps. (Fri, 05 Dec 2008 11:18:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Craig Small <csmall@debian.org>:
Extra info received and forwarded to list. (Fri, 05 Dec 2008 11:18:02 GMT) Full text and rfc822 format available.

Message #25 received at 507788@bugs.debian.org (full text, mbox):

From: Craig Small <csmall@debian.org>
To: martin f krafft <madduck@debian.org>, 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Fri, 5 Dec 2008 22:11:08 +1100
On Thu, Dec 04, 2008 at 02:26:54PM +0100, martin f krafft wrote:
> The ipv6 module on Debian is loaded only by the networking code, so
> either sysctl.conf should run after that, or the ipv6 module needs
> to be loaded before somehow.
There is no sensible fix for this.  The problem is that any time is the
wrong time for the init script to run, for someone.

If I shift it back, other stuff won't work. The ipv6 stuff is commented
out, for some reason I don't get this problem you experience. In any
case if there is no fix for it I'm going to downgrade the bug.

 - Craig

-- 
Craig Small      GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/                             csmall at : enc.com.au
http://www.debian.org/          Debian GNU/Linux, software should be Free 




Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Fri, 05 Dec 2008 11:24:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to martin f krafft <madduck@debian.org>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Fri, 05 Dec 2008 11:24:02 GMT) Full text and rfc822 format available.

Message #30 received at 507788@bugs.debian.org (full text, mbox):

From: martin f krafft <madduck@debian.org>
To: "Bernhard R. Link" <brlink@debian.org>, 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl and modules
Date: Fri, 5 Dec 2008 12:20:25 +0100
[Message part 1 (text/plain, inline)]
also sprach Bernhard R. Link <brlink@debian.org> [2008.12.05.1207 +0100]:
> 1) moving sysctl invocation later might open some subtile
> problems. For example moving things like
> net.ipv4.conf.all.accept_redirects = 0 after network
> initialisation might open up a window for attacks.

The key you mention should thus be disabled by default, ideally in
the kernel. Same goes for all other settings that have no real-world
use anymore.

> Or some of the arp related stuff, that might break in more complex
> settings when in the short time the wrong packages are received.

Like what?

-- 
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
[digital_signature_gpg.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Fri, 05 Dec 2008 11:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Didier Raboud <didier@raboud.com>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Fri, 05 Dec 2008 11:24:03 GMT) Full text and rfc822 format available.

Message #35 received at 507788@bugs.debian.org (full text, mbox):

From: Didier Raboud <didier@raboud.com>
To: Craig Small <csmall@debian.org>
Cc: 507788@bugs.debian.org
Subject: Re: Bug#507788: procps: S4* instead of S04 ?
Date: Fri, 5 Dec 2008 12:22:02 +0100
[Message part 1 (text/plain, inline)]
Le vendredi 5 décembre 2008 12:07:32 Craig Small, vous avez écrit :
> On Fri, Dec 05, 2008 at 11:05:34AM +0100, Didier Raboud wrote:
> > * After the S40 scripts have executed, all local file systems are mounted
> >   and networking is available. All device drivers have been initialized.
> >
> > and the link to procps is actually (on my box at least) :
> > /etc/rcS.d/S04procps
>
> Mine's S30, which is what it should be for a default installation. It's
> been 30 for a while now.

ACK. Mine is in 04 because of insserv… It is in 30 in all the machines without 
it.

> > Why not putting it in S40procps instead ?
>
> I believe its before the network is up for a reason, ie the network
> related stuff is all sorted out first.
>
>  - Craig

Regards,

OdyX

-- 
Didier Raboud, proud Debian user.
CH-1802 Corseaux
didier@raboud.com
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Fri, 05 Dec 2008 11:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to martin f krafft <madduck@debian.org>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Fri, 05 Dec 2008 11:33:02 GMT) Full text and rfc822 format available.

Message #40 received at 507788@bugs.debian.org (full text, mbox):

From: martin f krafft <madduck@debian.org>
To: Craig Small <csmall@debian.org>, 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Fri, 5 Dec 2008 12:29:43 +0100
[Message part 1 (text/plain, inline)]
also sprach Craig Small <csmall@debian.org> [2008.12.05.1211 +0100]:
> There is no sensible fix for this.  The problem is that any time is the
> wrong time for the init script to run, for someone.

Do you have specific examples that would break if procps ran at S40?

-- 
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
[digital_signature_gpg.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#507788; Package procps. (Fri, 05 Dec 2008 11:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Craig Small <csmall@debian.org>:
Extra info received and forwarded to list. (Fri, 05 Dec 2008 11:42:03 GMT) Full text and rfc822 format available.

Message #45 received at 507788@bugs.debian.org (full text, mbox):

From: Craig Small <csmall@debian.org>
To: martin f krafft <madduck@debian.org>
Cc: 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Fri, 5 Dec 2008 22:35:44 +1100
On Fri, Dec 05, 2008 at 12:29:43PM +0100, martin f krafft wrote:
> also sprach Craig Small <csmall@debian.org> [2008.12.05.1211 +0100]:
> > There is no sensible fix for this.  The problem is that any time is the
> > wrong time for the init script to run, for someone.
> Do you have specific examples that would break if procps ran at S40?
Shifting it to 40 would probably fix your ipv6 related bug, I guess.

There are some settings that need to be set before the interfaces come
online, I'm not sure of the specifics but I do know these keys are out
there and they do need to be set before networking starts.

Ideally there probably should be some sort of runlevel type sysctl
setup, that's going to be fiddly and not trivial to write, but not
impossible either.

My worry is that we move it, you're happy, people who have similiar
problems to you are happy but then suddenly another group of people
spring up with "hey, why did you move sysctl, you broke my system now"

 - Craig
-- 
Craig Small      GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/                             csmall at : enc.com.au
http://www.debian.org/          Debian GNU/Linux, software should be Free 




Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Fri, 05 Dec 2008 11:42:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Didier Raboud <didier@raboud.com>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Fri, 05 Dec 2008 11:42:04 GMT) Full text and rfc822 format available.

Message #50 received at 507788@bugs.debian.org (full text, mbox):

From: Didier Raboud <didier@raboud.com>
To: "Bernhard R. Link" <brlink@debian.org>, 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl and modules
Date: Fri, 5 Dec 2008 12:39:29 +0100
[Message part 1 (text/plain, inline)]
Le vendredi 5 décembre 2008 12:07:41 Bernhard R. Link, vous avez écrit :
> (…)
> 
> Of course for the ipv6 problems this bugreport is about, adding a
> comment that the ipv6 module is to be listed in /etc/modules might
> also be considered a "fix" in some way.
>
> Hochachtungsvoll,
> 	Bernhard R. Link

Hi tested this :

# cat ipv6 >> /etc/modules
# reboot

with net.ipv6.conf.all.autoconf=0 in /etc/sysctl.conf

It worked. BUT eth0 went autoconfigured and for some reason :

$ cat /proc/sys/net/ipv6/conf/all/autoconf
0
$ cat /proc/sys/net/ipv6/conf/eth0/autoconf
1

Putting net.ipv6.conf.eth0.autoconf=0 in /etc/sysctl.conf solves 'my' problem.

Still… Weird.

-- 
OdyX, Didier Raboud, proud Debian user.
CH-1802 Corseaux
didier@raboud.com
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#507788; Package procps. (Fri, 05 Dec 2008 12:03:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Craig Small <csmall@debian.org>:
Extra info received and forwarded to list. (Fri, 05 Dec 2008 12:03:04 GMT) Full text and rfc822 format available.

Message #55 received at 507788@bugs.debian.org (full text, mbox):

From: Craig Small <csmall@debian.org>
To: 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl and modules
Date: Fri, 5 Dec 2008 22:59:44 +1100
On Fri, Dec 05, 2008 at 12:39:29PM +0100, Didier Raboud wrote:
> It worked. BUT eth0 went autoconfigured and for some reason :
> 
> $ cat /proc/sys/net/ipv6/conf/all/autoconf
> 0
> $ cat /proc/sys/net/ipv6/conf/eth0/autoconf

I'm a little fuzzy on what the all does, but here goes:
  all means "all interfaces I have NOW"
  default means "all interfaces I will have LATER"

I think, hence for some if they are using default and we shift the
runlevel to 40 it will break things.

I'm sure it all makes fabulous sense to someone in kernel-land :)
 - Craig

-- 
Craig Small      GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/                             csmall at : enc.com.au
http://www.debian.org/          Debian GNU/Linux, software should be Free 




Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Fri, 05 Dec 2008 12:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Didier Raboud <didier@raboud.com>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Fri, 05 Dec 2008 12:48:03 GMT) Full text and rfc822 format available.

Message #60 received at 507788@bugs.debian.org (full text, mbox):

From: Didier Raboud <didier@raboud.com>
To: 507788@bugs.debian.org, Craig Small <csmall@debian.org>
Cc: martin f krafft <madduck@debian.org>
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Fri, 5 Dec 2008 13:42:50 +0100
[Message part 1 (text/plain, inline)]
Le vendredi 5 décembre 2008 12:35:44 Craig Small, vous avez écrit :
> On Fri, Dec 05, 2008 at 12:29:43PM +0100, martin f krafft wrote:
> > also sprach Craig Small <csmall@debian.org> [2008.12.05.1211 +0100]:
> > > There is no sensible fix for this.  The problem is that any time is the
> > > wrong time for the init script to run, for someone.
> >
> > Do you have specific examples that would break if procps ran at S40?
>
> Shifting it to 40 would probably fix your ipv6 related bug, I guess.
>
> There are some settings that need to be set before the interfaces come
> online, I'm not sure of the specifics but I do know these keys are out
> there and they do need to be set before networking starts.
>
> Ideally there probably should be some sort of runlevel type sysctl
> setup, that's going to be fiddly and not trivial to write, but not
> impossible either.
>
> My worry is that we move it, you're happy, people who have similiar
> problems to you are happy but then suddenly another group of people
> spring up with "hey, why did you move sysctl, you broke my system now"
>
>  - Craig

As ipv6 is a release goal, my guess is that a solution has to be found.
Then, why not getting opininons by consulting -devel about

* what would happen if procps was moved 
from	S30
		Required-Start:    mountkernfs
to	S45
		Required-Start:    mountkernfs $network

(actually, AFAII, the number is somewhat "automagic", what matters is 
the "Required-Start")

* other solution ideas

?

Regards, OdyX

-- 
Didier Raboud, proud Debian user.
CH-1802 Corseaux
didier@raboud.com
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Fri, 05 Dec 2008 12:51:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Bernhard R. Link" <brlink@debian.org>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Fri, 05 Dec 2008 12:51:07 GMT) Full text and rfc822 format available.

Message #65 received at 507788@bugs.debian.org (full text, mbox):

From: "Bernhard R. Link" <brlink@debian.org>
To: 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl and modules
Date: Fri, 5 Dec 2008 13:48:26 +0100
* martin f krafft <madduck@debian.org> [081205 12:20]:
> > Or some of the arp related stuff, that might break in more complex
> > settings when in the short time the wrong packages are received.
>
> Like what?

arp_ignore settings might be a case. As far as I do understand it, Linux
will answer on every interface to arp requests of every other interface
it has while arp_ignore changes this.
Thus not setting this option early enough opens a tiny timeframe in
which arp requests might be generated that are not wanted.
Such settings might be rare, but they are obviously not too rare for
this options to be in the kernel.
Also usually in most cases a short window where such bad responses could
be generated would not make that much a difference, but if it belongs to
the beginning of an connection that could cause a connection refused
that could cause some things to give up.
Or it might cause a dhcp server to think an address is already in use
and suddenly give some host another IP than usual and things like that.

All such situations are rare, as having multiple nets with the same IP
addresses or over-zealos arp watchers in them is not very common. But
this is only one of many options and mean that something else might have
some effects, too.

I do not think it will effect more than 1% of people and even those
it effects might not have significant problems, but is has effects and
those are hard to predict and when then happen they might very hard to
track down because of being a race condition.

Hochachtungsvoll,
	Bernhard R. Link




Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Fri, 05 Dec 2008 13:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Bernhard R. Link" <brlink@debian.org>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Fri, 05 Dec 2008 13:33:02 GMT) Full text and rfc822 format available.

Message #70 received at 507788@bugs.debian.org (full text, mbox):

From: "Bernhard R. Link" <brlink@debian.org>
To: Didier Raboud <didier@raboud.com>
Cc: 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl and modules
Date: Fri, 5 Dec 2008 14:30:10 +0100
* Didier Raboud <didier@raboud.com> [081205 12:48]:
> It worked. BUT eth0 went autoconfigured and for some reason :
> 
> $ cat /proc/sys/net/ipv6/conf/all/autoconf
> 0
> $ cat /proc/sys/net/ipv6/conf/eth0/autoconf
> 1
> 
> Putting net.ipv6.conf.eth0.autoconf=0 in /etc/sysctl.conf solves 'my' problem.
> 
> Still??? Weird.

What value is in /proc/sys/net/ipv6/conf/default/autoconf ?

Hochachtungsvoll,
	Bernhard R. Link




Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Sun, 07 Dec 2008 10:54:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to martin f krafft <madduck@debian.org>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Sun, 07 Dec 2008 10:54:08 GMT) Full text and rfc822 format available.

Message #75 received at 507788@bugs.debian.org (full text, mbox):

From: martin f krafft <madduck@debian.org>
To: Didier Raboud <didier@raboud.com>
Cc: 507788@bugs.debian.org, Craig Small <csmall@debian.org>
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Sun, 7 Dec 2008 11:52:28 +0100
[Message part 1 (text/plain, inline)]
also sprach Didier Raboud <didier@raboud.com> [2008.12.05.1342 +0100]:
> As ipv6 is a release goal, my guess is that a solution has to be found.

Maybe the easiest solution is simply to load the ipv6 module early
on, unconditionally?

-- 
 .''`.   martin f. krafft <madduck@d.o>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems
 
warning at the gates of bill:
abandon hope, all ye who press <enter> here...
[digital_signature_gpg.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#507788; Package procps. (Sun, 07 Dec 2008 21:27:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Craig Small <csmall@debian.org>:
Extra info received and forwarded to list. (Sun, 07 Dec 2008 21:27:02 GMT) Full text and rfc822 format available.

Message #80 received at 507788@bugs.debian.org (full text, mbox):

From: Craig Small <csmall@debian.org>
To: Didier Raboud <didier@raboud.com>
Cc: 507788@bugs.debian.org, martin f krafft <madduck@debian.org>
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Mon, 8 Dec 2008 08:25:01 +1100
On Fri, Dec 05, 2008 at 01:42:50PM +0100, Didier Raboud wrote:
> As ipv6 is a release goal, my guess is that a solution has to be found.
> Then, why not getting opininons by consulting -devel about
It will break things, not might, it will. The easiest examples being
anything that uses the /conf/default/ in the network setup and not
/conf/all/ and anything that needs to be there before the interfaces 
are brought online.

There will be a small but definite gap between when an interface is
brought up and when the parameters are applied. Some of those parameters
are security related and so there is a problem right there.

While IPv6 is a release goal, having sysctl handle the fact the module
is not there first is not. There are ways to have the ipv6 module load
late and to have kernel parameters setup in it.

 - Craig
-- 
Craig Small      GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/                             csmall at : enc.com.au
http://www.debian.org/          Debian GNU/Linux, software should be Free 




Severity set to `important' from `serious' Request was from Craig Small <csmall@debian.org> to control@bugs.debian.org. (Sun, 14 Dec 2008 22:18:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Thu, 13 Aug 2009 22:06:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Thu, 13 Aug 2009 22:06:07 GMT) Full text and rfc822 format available.

Message #87 received at 507788@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
To: 507788@bugs.debian.org
Subject: Re: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Fri, 14 Aug 2009 00:04:55 +0200
Hi.

Apart from the question, whether anything new has happened here?

The issue that sysctl MUST be loaded BEFORE network interfaces are  
brought up (for security reasons).... is this secured by the LSB init  
script headers?

I mean now that insserv and concurrent booting moves to be the  
default... it's quite important to secure this, IMHO.



Regards,
Chris.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#507788; Package procps. (Tue, 25 Aug 2009 05:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Craig Small <csmall@debian.org>:
Extra info received and forwarded to list. (Tue, 25 Aug 2009 05:18:03 GMT) Full text and rfc822 format available.

Message #92 received at 507788@bugs.debian.org (full text, mbox):

From: Craig Small <csmall@debian.org>
To: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>, 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Tue, 25 Aug 2009 15:04:35 +1000
On Fri, Aug 14, 2009 at 12:04:55AM +0200, Christoph Anton Mitterer wrote:
> The issue that sysctl MUST be loaded BEFORE network interfaces are
> brought up (for security reasons).... is this secured by the LSB
> init script headers?
You're saying it should be done before the interfaces are brought up,
but the bug report is about sysctl running too early.

> I mean now that insserv and concurrent booting moves to be the
> default... it's quite important to secure this, IMHO.
The problem is you are trying to satisfy two mutually exclusive
requirements.  No matter where sysctl is run, it is too early or two
late for something.

Now with insserv, perhaps there is a place it can be run, before the
interfaces are configured but after the module is loaded, if such a
place exists.

 - Craig
-- 
Craig Small      GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/                             csmall at : enc.com.au
http://www.debian.org/          Debian GNU/Linux, software should be Free 




Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Tue, 25 Aug 2009 09:27:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Tue, 25 Aug 2009 09:27:06 GMT) Full text and rfc822 format available.

Message #97 received at 507788@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
To: Craig Small <csmall@debian.org>
Cc: 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Tue, 25 Aug 2009 11:09:04 +0200
[Message part 1 (text/plain, inline)]
On Tue, 2009-08-25 at 15:04 +1000, Craig Small wrote:
> On Fri, Aug 14, 2009 at 12:04:55AM +0200, Christoph Anton Mitterer wrote:
> > The issue that sysctl MUST be loaded BEFORE network interfaces are
> > brought up (for security reasons).... is this secured by the LSB
> > init script headers?
> You're saying it should be done before the interfaces are brought up,
> but the bug report is about sysctl running too early.
Yes,... after the modules (such that the /proc entries are actually
there),.. but before the interfaces (such that no network is open, while
potential security important options are not yet set).


> > I mean now that insserv and concurrent booting moves to be the
> > default... it's quite important to secure this, IMHO.
> The problem is you are trying to satisfy two mutually exclusive
> requirements.  No matter where sysctl is run, it is too early or two
> late for something.
> 
> Now with insserv, perhaps there is a place it can be run, before the
> interfaces are configured but after the module is loaded, if such a
> place exists.
That's the thing I was asking for :) But the problem is (AFAIK) that
with LSB dependencies one can only specify depends and not kind of
reverse depends.


Chris.
[smime.p7s (application/x-pkcs7-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Thu, 01 Oct 2009 09:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Thu, 01 Oct 2009 09:57:03 GMT) Full text and rfc822 format available.

Message #102 received at 507788@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: 507788@bugs.debian.org, Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Thu, 01 Oct 2009 11:41:34 +0200
[Craig Small]
> That's the thing I was asking for :) But the problem is (AFAIK) that
> with LSB dependencies one can only specify depends and not kind of
> reverse depends.

The init.d headers can have reverse dependencies too.  Those are
X-Start-Before and X-Stop-After.  Check
<URL:http://wiki.debian.org/LSBInitScripts> for the details.

It is unclear to me which init.d script is actually loading the ipv6
kernel module, so I do not know where the procps script actually
belong in the boot.

If it should run after module-init-tools and before the network is set
up, these headers would work.

  # Should-Start:      module-init-tools
  # X-Start-Before:    $network

On my Lenny system there was nothing loading the ipv6 kernel modules,
so I am not sure if module-init-tools is the correct facility to start
after.

Happy hacking,
-- 
Petter Reinholdtsen




Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Sat, 13 Feb 2010 11:06:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Piotr Engelking <inkerman42@gmail.com>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Sat, 13 Feb 2010 11:06:07 GMT) Full text and rfc822 format available.

Message #107 received at 507788@bugs.debian.org (full text, mbox):

From: Piotr Engelking <inkerman42@gmail.com>
To: 507788@bugs.debian.org
Cc: "Marco d'Itri" <md@linux.it>
Subject: breaks /etc/sysctl.d/bindv6only.conf
Date: Sat, 13 Feb 2010 12:04:19 +0100
affects 507788 netbase
thanks

This bug breaks /etc/sysctl.d/bindv6only.conf as well (produced by netbase):

Setting kernel variables (/etc/sysctl.d/bindv6only.conf)...error:
"net.ipv6.bindv6only" is an unknown key
failed.




Added indication that 507788 affects netbase Request was from Piotr Engelking <inkerman42@gmail.com> to control@bugs.debian.org. (Sat, 13 Feb 2010 11:06:11 GMT) Full text and rfc822 format available.

Reply sent to Craig Small <csmall@debian.org>:
You have taken responsibility. (Mon, 01 Mar 2010 06:18:07 GMT) Full text and rfc822 format available.

Notification sent to martin f krafft <madduck@debian.org>:
Bug acknowledged by developer. (Mon, 01 Mar 2010 06:18:07 GMT) Full text and rfc822 format available.

Message #114 received at 507788-close@bugs.debian.org (full text, mbox):

From: Craig Small <csmall@debian.org>
To: 507788-close@bugs.debian.org
Subject: Bug#507788: fixed in procps 1:3.2.8-8
Date: Mon, 01 Mar 2010 06:17:11 +0000
Source: procps
Source-Version: 1:3.2.8-8

We believe that the bug you reported is fixed in the latest version of
procps, which is due to be installed in the Debian FTP archive:

libproc-dev_3.2.8-8_amd64.deb
  to main/p/procps/libproc-dev_3.2.8-8_amd64.deb
procps_3.2.8-8.debian.tar.gz
  to main/p/procps/procps_3.2.8-8.debian.tar.gz
procps_3.2.8-8.dsc
  to main/p/procps/procps_3.2.8-8.dsc
procps_3.2.8-8_amd64.deb
  to main/p/procps/procps_3.2.8-8_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 507788@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Craig Small <csmall@debian.org> (supplier of updated procps package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 01 Mar 2010 12:37:06 +1100
Source: procps
Binary: procps libproc-dev
Architecture: source amd64
Version: 1:3.2.8-8
Distribution: unstable
Urgency: low
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Craig Small <csmall@debian.org>
Description: 
 libproc-dev - library for accessing process information from /proc
 procps     - /proc file system utilities
Closes: 129334 434221 507788 571281 571790
Changes: 
 procps (1:3.2.8-8) unstable; urgency=low
 .
   * Work-around for kfreebsd HZ problem Bug #460331
   * Added comments about ipv6 keys to README Closes: #507788
     ipv6 is compiled in by default so this impacts custom kernels only
   * Added note the ipv4/tcp* keys effect ipv6 too Closes: #571281
   * watch interprets ANSI color Closes: #129334
   * Fixed off by one for top -u username Closes: #571790
   * Document maj_flt and min_flt in ps.1 Closes: #434221
Checksums-Sha1: 
 6cba770a707896c179388efcca324661f68cfdda 1166 procps_3.2.8-8.dsc
 0e1beaa5cd4c36afb09a5d46214d8ac26e929d04 86642 procps_3.2.8-8.debian.tar.gz
 767806723f71fbf399f8e4effe2df81976818550 248700 procps_3.2.8-8_amd64.deb
 f2738a378b94edf921df59b3f53ed8719ce51f92 65102 libproc-dev_3.2.8-8_amd64.deb
Checksums-Sha256: 
 0b698eb9dae28510ec3ed003135a795cc6dcbaf2d6de1a264e03cf0cf082e6ab 1166 procps_3.2.8-8.dsc
 3a9320c4569776ad74cf9e2b3b3d21163cc70d06af4318189012f2738eb519fc 86642 procps_3.2.8-8.debian.tar.gz
 489ad9895343981057809772139e682b01cfebe7f43b77772fd1a446bf22d126 248700 procps_3.2.8-8_amd64.deb
 103cd7f1f5badccf6beac50b737e2bfee86bb86a8f5af4ac17665c3e97ee7e34 65102 libproc-dev_3.2.8-8_amd64.deb
Files: 
 df8b98a28267d9742ce946160d6cdb61 1166 admin important procps_3.2.8-8.dsc
 087d48c2127bd722d2ea1299b7326e98 86642 admin important procps_3.2.8-8.debian.tar.gz
 de381f45713f2d5b60e39ec6199e11da 248700 admin important procps_3.2.8-8_amd64.deb
 d58644fdf6450590b24b9e1c3d0702c5 65102 libdevel optional libproc-dev_3.2.8-8_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLi1lzx2zlrBLK36URAhCrAJsGD48ZgGkyRLlnzaV15utGIDmSXQCePmI8
EHEDj80dVEnIpxVZ/uZv98s=
=eDKT
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Tue, 29 Jun 2010 09:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to jeremie.rodriguez@univ-lyon1.fr:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Tue, 29 Jun 2010 09:36:03 GMT) Full text and rfc822 format available.

Message #119 received at 507788@bugs.debian.org (full text, mbox):

From: Jérémie Rodriguez <jeremie.rodriguez@univ-lyon1.fr>
To: 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Tue, 29 Jun 2010 10:56:09 +0200
Hello,

It seems that procps version >= 3.2.8-8 doesn't fix the problem. I run a
Debian Squeeze and at boot time, I get :

Setting kernel variables ...
error: "net.ipv6.bindv6only" is an unknown key
error: "net.ipv6.conf.eth0.autoconf" is an unknown key
failed.

Theses keys are in files under the /etc/sysctl.d/ directory.

Anyone has the problem anymore ?

Thanks.

-- 
Jérémie Rodriguez

Equipe Réseau Intra et Télécom
Centre Inter-Etablissements pour les Services Réseaux (CISR)

Université Claude Bernard - Lyon 1
Bât. Doyen Braconnier
21 avenue Claude Bernard
69622 Villeurbanne Cedex

Tél. : 04-72-43-10-38 (interne : 31038)
Mobile : 06-78-00-32-82




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#507788; Package procps. (Tue, 29 Jun 2010 12:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Craig Small <csmall@debian.org>:
Extra info received and forwarded to list. (Tue, 29 Jun 2010 12:45:03 GMT) Full text and rfc822 format available.

Message #124 received at 507788@bugs.debian.org (full text, mbox):

From: Craig Small <csmall@debian.org>
To: jeremie.rodriguez@univ-lyon1.fr, 507788@bugs.debian.org
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Tue, 29 Jun 2010 22:32:36 +1000
On Tue, Jun 29, 2010 at 10:56:09AM +0200, Jérémie Rodriguez wrote:
> It seems that procps version >= 3.2.8-8 doesn't fix the problem. I run a
> Debian Squeeze and at boot time, I get :
Did you read the README file in /usr/share/doc/procps? It explains some
about this.

> Anyone has the problem anymore ?
People with stock Debian kernels do not.

 - Craig
-- 
Craig Small      GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
http://www.enc.com.au/                             csmall at : enc.com.au
http://www.debian.org/          Debian GNU/Linux, software should be Free 




Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#507788; Package procps. (Tue, 29 Jun 2010 13:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to jeremie.rodriguez@univ-lyon1.fr:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Tue, 29 Jun 2010 13:39:06 GMT) Full text and rfc822 format available.

Message #129 received at 507788@bugs.debian.org (full text, mbox):

From: Jérémie Rodriguez <jeremie.rodriguez@univ-lyon1.fr>
To: Craig Small <csmall@debian.org>
Cc: "507788@bugs.debian.org" <507788@bugs.debian.org>
Subject: Re: Bug#507788: sysctl.conf read before ipv6 module loaded, so cannot set ipv6 settings
Date: Tue, 29 Jun 2010 15:37:01 +0200
Hello,

My fault, I didn't read the README file (RTFM is always for others :) ).

I tried one of the solutions explained in this file : putting ipv6 in
/etc/modules. After a reboot, the kernel system variables concerning
IPv6 are set as expected.

For information, I use the Debian Xen kernel which doesn't have IPv6
compiled-in but use the module instead.

Cheers.


On 06/29/2010 02:32 PM, Craig Small wrote:
> On Tue, Jun 29, 2010 at 10:56:09AM +0200, Jérémie Rodriguez wrote:
>> It seems that procps version >= 3.2.8-8 doesn't fix the problem. I run a
>> Debian Squeeze and at boot time, I get :
> Did you read the README file in /usr/share/doc/procps? It explains some
> about this.
> 
>> Anyone has the problem anymore ?
> People with stock Debian kernels do not.
> 
>  - Craig

-- 
Jérémie Rodriguez

Equipe Réseau Intra et Télécom
Centre Inter-Etablissements pour les Services Réseaux (CISR)

Université Claude Bernard - Lyon 1
Bât. Doyen Braconnier
21 avenue Claude Bernard
69622 Villeurbanne Cedex

Tél. : 04-72-43-10-38 (interne : 31038)
Mobile : 06-78-00-32-82




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 19 Nov 2010 07:36:28 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 08:13:20 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.