Impossible to build image without IPV6

Disabling IPV6 for packages in 'make menuconfig' (22.03.03) results in following error:

build_dir/target-mips_24kc_musl/linux-ath79_generic/packages/.pkgdir/kernel/. /etc/openwrt/../staging_dir/target-mips_24kc_musl/root-ath79/'
touch /etc/openwrt/.../staging_dir/target-mips_24kc_musl/root-ath79/stamp/.kernel_installed
ERROR: module '/etc/openwrt/.../build_dir/target-mips_24kc_musl/linux-ath79_generic/linux-5.10.161/net/ipv6/netfilter/nft_reject_ipv6.ko' is missing.
modules/ recipe for target '/etc/openwrt/.../bin/targets/ath79/generic/packages/kmod-nft-core_5.10.161-1_mips_24kc.ipk' failed

from .config:

# CONFIG_KERNEL_IPV6 is not set
# CONFIG_IPV6 is not set

Should I file official bug ?
If YES, it is for buglist 'openwrt', correct ?

Building without IPv6 is not fully supported any more. It is too tightly built into kernel related components like nftables.

You can remove met of the userspace components, but not all kernel stuff.

1 Like

Whats the reason then, to keep the no-IPV6 option for packages in menuconfig ?
I even see lot of packages, capable of being built with something like noIPv6, to save code. Which makes sense for low RAM devices.
Can be even considered a good security feature :-): Better to build a new image, with new kernel, new packages, for a low-RAM device, than to keep old openwrt, because new one too large.

I.e. new mwan3 Makefile allows noIPv6, but can not be enabled. Causing start of redundant processes to monitor IPv6 connections, which will never show up.
Anyway, the option in menuconfig allows disabling IPV6 for packages. So kernel modules still to be built incl. IPv6 support, if required. But it looks like, both ipv6 options for kernel and packages disabled. Should be called a bug, or not ?

It was already discussed last March in the developer mailing list if the option should be dropped. But that was not wanted to be done before the 22.03 branching. So 22.03 still has that option (but it is problematic).

The option was removed from master in August 2022 by

The option is now always set true and IPv6 components are enabled.

( The problem was that you could remove the userspace components and disable addressing, but in kernel some core components like netfilter are currently designed dual-stack upstream.)

I solved it by not including the ipv6 dhcp server in the build, odhcp6 I think it is called. And the other one for upstream connections.

The IPv6 is maybe there in the router background but no one gets any addressing without the dhcp server, so that pretty much inerts the function.

But low memory devices is another thing, they are not supported anyways.

Disabling IPv6 functions and services, rather than trying to remove kernel modules and packages, is probably a better approach. I expect you will find you have missed a bunch of things, if you are looking to do more than simply disable the dhcp ipv6 lease assignment on your lan interface.

You are just asking for errors in logs related to missing things expected to be there by trying to strip out libraries and kernel modules related to ipv6 that packages generally depend on to build properly, whether they use the ipv6 features or not.

One starting point is to turn off ipv6 defaults in the kernel, by dropping sysctl directives, much the same as you would on any linux based device and then to tell uci to turn off ipv6 related services that you do not want running.

Direct the kernel how you would like it to startup:

cat /etc/sysctl.d/99-ipv6off.conf 

Next, direct UCI on various IPv6 settings and services you would like to disable or remove

uci set network.wan.ipv6='0'
uci set network.lan.ipv6='0'
uci set'0'
uci set network.loopback.ipv6='0'
uci delete network.lan.ip6assign
uci set network.lan.delegate='0'
uci delete network.globals.ula_prefix
uci commit network 
uci set dhcp.lan.dhcpv6='disable'
uci set dhcp.lan.ra='disable'
uci commit dhcp

A quick ip addr on the CLI will tell you how your interfaces are setup, and should exclude any IPv6 network configuration. You might have other interfaces that may need to be considered.

A quick check of logread will help to confirm if any remaining services might be a bit noisy or slow to start due to the disabled ipv6 leading to any further configuration as determined by whatever packages you have installed.

1 Like

Not really, it is actually very quiet about this and works very well.

That is the basic approach, what you wrote. However, there are packages, really using the option of --noIPv6 during compile time. A very good example is mwan3. There is quite a lot of RAM used for supervising and tracking possible IPv6 connections, which will never show up when using your system options, in case, mwan3 built incl. IPv6. But now impossible to build without. Unless doing extensive patching of Makefile(s), which is a bit too far fetched.

There was some year ago in the mailing list a tread about IPv6 support, or more like “do we care about the IPv6 flag in menuconfig?”

And that tread resulted in most developers stopped caring of trying to make code that cared about the IPv6 flag in the general config.

The latest move by Torvald to completely drop the “no IPv6” support in the kernel was more like another nail in that coffin. Probably the last nail.

Question is, when. Actually, ( still contains menuconfig IPV6
Most of the info regarding IPv6 is found here, feel free to search it.

The thing when you build from source and use this IPv6 function is that you can build all versions ever released from 2017 to 2023 that span over a lot of kernels.

So the IPv6 on/off function must be there but it doesn’t apply to all branches based on what kernel it runs.