From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 2B75B158083 for ; Wed, 25 Sep 2024 10:00:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 53CF7E2BB5; Wed, 25 Sep 2024 10:00:46 +0000 (UTC) Received: from out.packetderm.com (out.packetderm.com [173.166.91.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 02338E2BB0 for ; Wed, 25 Sep 2024 10:00:45 +0000 (UTC) Received: from localhost (out.packetderm.com[173.166.91.13]) by smtp (5.7.4/5.7.4) with ESMTPSA id 48PA0hxH068271 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 25 Sep 2024 06:00:44 -0400 (EDT) (envelope-from waltdnes@waltdnes.org) Date: Wed, 25 Sep 2024 06:00:36 -0400 From: Walter Dnes To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Wayland! Beware of! Message-ID: References: <65e5de50-e053-46ff-be61-52f472d95025@gentoo.org> <6af6d0dd-f081-4345-b574-ea6d6c9358bb@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6af6d0dd-f081-4345-b574-ea6d6c9358bb@gentoo.org> X-Archives-Salt: dfb4f25b-c99b-4364-bd9c-0fb5a0135599 X-Archives-Hash: 4fe5abbde7976d0f46d6b35b2eb80ed0 On Tue, Sep 24, 2024 at 09:42:23PM -0400, Eli Schwartz wrote > If you actually want to disable ipv6, instead of insanely rebuilding > binaries to use untested broken segfaulting code, use the sysctl > knob to tell the kernel "when asked to give some application a bit > of internet traffic, don't use ipv6". > > net.ipv6.conf.all.disable_ipv6 My system is actually very stable. In the shitstorm that erupted on this list at "ipv6" enabling I did not see any mention of sysctl. In my /etc/default/grub file I have... GRUB_CMDLINE_LINUX_DEFAULT="noexec=on net.ifnames=0 ipv6.disable=1" With this setting is it guaranteed that a program compiled with "ipv6" flag will not try IPV6 first and timeout before dropping down to IPV4? How OS-specific is this? I "asked Mr. Google" and the NordVPN web page recommended for Redhat based distros... net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.tun0.disable_ipv6=1 For Debian-based distros... net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.tun0.disable_ipv6 = 1 Other answers for disabling IPV6 include stuff like... net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.eth0.disable_ipv6 = 1 BTW, I did *NOT* have IPV6 enabled when the USE flag changed... [x8940][root][~] grep IPV6 /usr/src/linux/.config # CONFIG_IPV6 is not set > That's quite the bloated collection of enabled USE flags you have > there -- lots of stuff that are much more bloated than ipv6, in > fact. :) Stuff that I don't use is left disabled. I occasionally look at my package.use file. If a flag is enabled for multiple apps there, I run USE="flag" emerge -pv --changed-use --deep --pdate @world If there isn't much new stuff pulled in I'll... * enable the flag in make.conf * delete the enabling entries in package.use * disable, in package.use, the flag for new stuff that tha flag pulls in This minimizes the size of my package.use file. Note: this is optimal for the collection of apps *THAT I USE*. YMMV. -- There are 2 types of people 1) Those who can extrapolate from incomplete data