[Users] Kernel panic in nf_conntrack_ipv6 IPv6 Firewall
2.6.27-aivazovsky
Michael H. Warfield
mhw at WittsEnd.com
Mon Jan 19 16:17:57 EST 2009
On Mon, 2009-01-19 at 13:42 -0500, John Drescher wrote:
> On Mon, Jan 19, 2009 at 1:32 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> > Just a warning.
> >
> > I've just run into a kernel panic in nf_conntrack_ipv6 in
> > 2.6.27-aivazovsky, that just came out. Filed in bugzilla, bug #1151.
> > Present on both an i686 and an AMD64 x86_64. If you have the IPv6
> > firewall enabled with contracking, it's going to blow chunks as soon as
> > you hit it with IPv6 traffic. Hard crash. Kills the interrupt handler
> > and you're done. No keyboard response and requires a hard reset or
> > power cycle.
> >
> Thanks, I will make sure IPV6 is not enabled in my kernel before I test again..
Just don't load the IPv6 contracking module. Disabling IPv6 is really
no longer an option and we might as well get use to it. IPv4 address
space run-out is now within the foreseeable future (ICANN and the RIR's
have no settled on the allocation of the FINAL /8's and some locals will
be out within the next year or two). I've been operational on the
global IPv6 network for well over 7 years now and there's just no more
excuse for this "head in the sand" approach to IPv6.
> John
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://openvz.org/pipermail/users/attachments/20090119/5bb82030/attachment.bin
More information about the Users
mailing list