From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D89D18A9EF for ; Fri, 21 Oct 2022 10:16:32 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B8E021EEF0 for ; Fri, 21 Oct 2022 10:16:32 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 21 Oct 2022 10:16:32 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id EB3B244AEC; Fri, 21 Oct 2022 10:16:31 +0200 (CEST) Date: Fri, 21 Oct 2022 10:16:31 +0200 From: Wolfgang Bumiller To: "DERUMIER, Alexandre" Cc: "pve-devel@lists.proxmox.com" , "mark@tuxis.nl" Message-ID: <20221021081631.lhywt7pmr3h6q2os@wobu-vie.proxmox.com> References: <20221019222429.997436-1-aderumier@odiso.com> <20221020100557.pncxpsemrinqwghf@casey.proxmox.com> <504aecd55d5422b0f401309c938c3df69a454b9f.camel@groupe-cyllene.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <504aecd55d5422b0f401309c938c3df69a454b9f.camel@groupe-cyllene.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.246 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH pve-common] fix #4299: network : disable_ipv6: fix path checking X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Oct 2022 08:16:32 -0000 On Fri, Oct 21, 2022 at 04:55:08AM +0000, DERUMIER, Alexandre wrote: > Hi, > > This is to avoid to have ipv6 local-link ip address on every generated > tap interfaces (and fwbr bridges too). > (and have bad packets send to the network) To be more precise: it's a security measure. You don't want the host to get IPv6-link-local addresses on every tap, veth, fw-link, fw-bridge device we create, as each of those would potentially allow VMs to send packets addressed to that device, which is very unexpected :-) > > > This, of course, don't disabling ipv6 support inside the vm/ct. > > > > Le jeudi 20 octobre 2022 à 17:07 +0000, Mark Schouten via pve-devel a > écrit : > > Hi, > > > > Sorry. But I always get extremely triggered by functions called > > ‘disable_ipv6()’. > > > > Can someone hit me with a cluebat as to why that function even > > exists? > > (Since we deploy Proxmox without IPv4, so anywhere where ipv6 is > > actively disabled, will break stuff for us). You obviously don't use... ...umm ...any software out there that does networking :-D Well, maybe Ceph Hammer, that one worked, but IPv6-only got increasingly inbearable afterwards until I gave up.