lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 18 Mar 2009 02:06:09 +0100 (CET)
From:	Kolbjørn Barmen <linux@...la.no>
To:	Kolbjørn Barmen <linux@...la.no>
cc:	netdev@...r.kernel.org
Subject: Re: PROBLEM: IPv6 autoconf/accept_ra default values

On Tue, 24 Feb 2009, Kolbjørn Barmen wrote:

> 1. Summary of problem
> 
> autoconfig and accept_ra is by default on (by the way of forwarning) -
> this is very problematic in many ways.

[snip]

> My personal oppinion is that anything ipv6 autoconfig/accept_ra should be
> default _off_, since this simplifies all the above mentioned issues, and
> it is incredibly easy to turn on again with systcl if people want it.
> It is much easier to enable ipv6 automagic than to disable it.
> At least there should be kernel/module parameter to set default behaviour.
> 
> Part of the problem with deploying IPv6 is due to "magic" like this, all
> the autoconfig/router announcement magic looks very well on paper and in
> theory, but out in the field it quickly leads to loads of totally
> unnecessary extra work, work that could easily be avoided if default
> behaviour was to have it off. It should be in the interest of IPv6
> advocates to support a "soft" transition from IPv4-only to dual-stack,
> fencing off unwanted "magic" only adds to the frustration for those who
> actually try to deploy it.
> 
> What do you think?

Obviously noone really think much of this, one way or the other, so here's a
patch that changes the default values.

--------
--- linux/net/ipv6/addrconf.c.orig      2009-03-17 23:41:10.000000000 +0100
+++ linux/net/ipv6/addrconf.c   2009-03-17 23:42:18.000000000 +0100
@@ -157,9 +157,9 @@
        .forwarding             = 0,
        .hop_limit              = IPV6_DEFAULT_HOPLIMIT,
        .mtu6                   = IPV6_MIN_MTU,
-       .accept_ra              = 1,
+       .accept_ra              = 0,
        .accept_redirects       = 1,
-       .autoconf               = 1,
+       .autoconf               = 0,
        .force_mld_version      = 0,
        .dad_transmits          = 1,
        .rtr_solicits           = MAX_RTR_SOLICITATIONS,
@@ -192,9 +192,9 @@
        .forwarding             = 0,
        .hop_limit              = IPV6_DEFAULT_HOPLIMIT,
        .mtu6                   = IPV6_MIN_MTU,
-       .accept_ra              = 1,
+       .accept_ra              = 0,
        .accept_redirects       = 1,
-       .autoconf               = 1,
+       .autoconf               = 0,
        .dad_transmits          = 1,
        .rtr_solicits           = MAX_RTR_SOLICITATIONS,
        .rtr_solicit_interval   = RTR_SOLICITATION_INTERVAL,
--------

Cheers!

-- kolla
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ