I looked into the code to figure out where the IPv6 configuration is copied from for a new namespace.
I came across this function addrconf_init_net. I assume this is the function that is invoked when a new namespace is created.
if (IS_ENABLED(CONFIG_SYSCTL) &&
!net_eq(net, &init_net)) {
switch (sysctl_devconf_inherit_init_net) {
case 1: /* copy from init_net */
memcpy(all, init_net.ipv6.devconf_all,
sizeof(ipv6_devconf));
memcpy(dflt, init_net.ipv6.devconf_dflt,
sizeof(ipv6_devconf_dflt));
break;
case 3: /* copy from the current netns */
memcpy(all, current->nsproxy->net_ns->ipv6.devconf_all,
sizeof(ipv6_devconf));
memcpy(dflt,
current->nsproxy->net_ns->ipv6.devconf_dflt,
sizeof(ipv6_devconf_dflt));
break;
case 0:
case 2:
/* use compiled values */
break;
}
}
If I set the value of net.core.devconf_inherit_init_net to 1, when a new namespace is created the values in init_net(which again I assume is init process' namespace value - global/default namespace)
will be copied into the new namespace. A few lines later, the following code is present.
dflt->disable_ipv6 = ipv6_defaults.disable_ipv6; <<<<< This ipv6_defaults.disable_ipv6 comes from the GRUB command line value of disable_ipv6.
Hence if I enable IPv6 before creating a new namespace, the new namespace still will have IPv6 disabled, because of the above single line of code. Is this correct?
net.ipv6.conf.all.disable_ipv6 is used to change the IPv6 state for all the currently available interfaces.
net.ipv6.conf.default.disable_ipv6 has the default value from ipv6_defaults.disable_ipv6 i.e. the grub one. If I change this sysctl, what impact does it have?
Dheeraj