Currently the Linux IPv6 networking stack can be built into the Linux kernel, built as a loadable kernel module, or not built at all. With proposed patches from a SUSE engineer, the IPv6 networking stack would be limited to being a kernel built-in or not at all. In doing away with IPv6 as a loadable kernel module would allow simplifying some code and lowering the Linux networking maintenance burden.
IPv6 support in the Linux kernel would continue to be optional, but the ability to have IPv6 support as a loadable module would be avoided. This largely jives with reality though that most deployments are either having IPv6 built into the kernel itself or not at all but is it rare for a CONFIG_IPV6=m configuration.
Fernando Fernandez Mancera explained in the patch cover letter the intent and the maintenance burden currently imposed by having to support the modular IPv6 option:
“Historically, the Linux kernel has supported compiling the IPv6 stack as a loadable module. While this made sense in the early days of IPv6 adoption, modern deployments and distributions overwhelmingly either build IPv6 directly into the kernel (CONFIG_IPV6=y) or disable it entirely (CONFIG_IPV6=n). The modular IPv6 use-case offers image size and memory savings for specific setups, this benefit is outweighed by the architectural burden it imposes on the subsystems on implementation and maintenance.
To allow core networking, BPF, Netfilter, and various device drivers to safely interact with a potentially unloaded IPv6 module, the kernel relies on indirect call structures like ipv6_stub, ipv6_bpf_stub, and nf_ipv6_ops, along with dynamic RCU registrations for things like ICMPv6 senders.
This patch series addresses this by changing CONFIG_IPV6 from a tristate to a boolean, enforcing that IPv6 is either built-in or disabled. This allows us to completely rip out the stub infrastructures and safely replace them with direct function calls.”
Makes sense with IPv6 support as a kernel module being not too popular and allowing switching to more direct function calls, which has the benefit of better security and potentially more performance. The patch series making these changes is now out for review on the Linux kernel mailing list.
