lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 20 Aug 2011 09:30:59 -0700 From: Stephen Hemminger <shemminger@...tta.com> To: Marc Haber <mh+netdev@...schlus.de> Cc: netdev@...r.kernel.org, Sven-Haegar Koch <haegar@...net.de> Subject: Re: Bridge stays down until a port is added On Sat, 20 Aug 2011 11:47:12 +0200 Marc Haber <mh+netdev@...schlus.de> wrote: > Hi, > > I was a little bit confused. The problem is that with IPv6 an IP > address configured on a bridge which is still in the NO-CARRIER state > will never leave tentative state and will thus not get useable. > > On Fri, Aug 12, 2011 at 02:22:27PM +0200, Sven-Haegar Koch wrote: > > For me (using kernel 3.0.0) it seems to work as I expect it: > > > > aurora:~# brctl addbr br0 > > aurora:~# ifconfig br0 192.168.254.1 netmask 255.255.255.0 up > > aurora:~# ping 192.168.254.1 > > PING 192.168.254.1 (192.168.254.1) 56(84) bytes of data. > > 64 bytes from 192.168.254.1: icmp_req=1 ttl=64 time=0.087 ms > > Now try it with IPv6. > The problem is that IPv6 Duplicate Address Detection needs to work. This is not a simple problem. If the bridge asserted carrier with no ports then: 1. IPv6 address assigned and IPv6 decides it is okay. 2. Port added later 3. Another system has the same address. *broke* If you want to avoid DAD, then you can configure disable DAD by setting /proc/sys/net/ipv6/conf/br0/accept_dad to 0 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists