Reindl Harald wrote:
Am 08.04.2012 13:05, schrieb Frantisek Hanzlik:
> Yes, I have it (as You wrote, on kernel cmdline - as having it in
> sysctl.conf seems not enough). But this nothing change on fact that
> 1) I have unwanted things included in kernel
not really relevant
we both can not say how much more overhead in kernel
code would be on different places to respect
if it is loaded or not compared with a "module"
which is aware that it is disabled
Networking code has especial position, as bugs / problems /
misconfigurations in it have strong impact to machine security.
And I simply do not want do any ip6tables and other ipv6
security configuration - because I do not want use ipv6
_entirely_
> 2) something (NetworkManager or other malware;) can easily
activate it.
who told you so?
how can NetworkManager override a KERNEL parameter?
Have I after each update supervise whether NM or other stuff
made some unwanted changes - maybe even on kernel commandline?
And after each reboot again? No, I don´t want it.
in times where it was a loadable module it was the same
you had to make sure to disable it AND it was loaded
most of the time
even if I wipe it from disk most services was able reconstruct
it and load again ;)
did you ever notice the dmesg messages about ipv6 is disabled and
you have to reboot to enable it again while it was loaded
all the time (this messages which appear if you remove "quiet"
from the kernel-parameters and most people do not recognize)
> As module, I can better control how use it and save memory too
> (although when ipv6 stack is disabled entirely, memory requirements
> may be lower - I not study about this)
the stack is disabled entirely and the memory footprint may
be the same as unloaded module and code paths on different
places which has to check this
Here I eventually agree with You.