lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.0903202217590.4741@firda.kolla.no>
Date:	Fri, 20 Mar 2009 22:50:50 +0100 (CET)
From:	Kolbjørn Barmen <linux@...la.no>
To:	Brian Haley <brian.haley@...com>
cc:	Kolbjørn Barmen <linux@...la.no>,
	David Miller <davem@...emloft.net>, yoshfuji@...paulia.net,
	netdev@...r.kernel.org, yoshfuji@...ux-ipv6.org
Subject: Re: PROBLEM: IPv6 autoconf/accept_ra default values

On Fri, 20 Mar 2009, Brian Haley wrote:

> Kolbjørn Barmen wrote:
> > I personally really dont care what is default as long as I have a _very
> > easy_ way to turn it off, kernel module paramters and boot parameters -
> > great! If the rest of the world has decided they want to fight this
> > manually by default, fine by me :)
> 
> I'll work on the module parameters Yoshifuji mentioned, the "harder"
> version since to me it seems more useful.  Since it's of interest to you
> can you give me some input? 

Definetly! Thanks alot for the effort! :)

> Are the two parameters he described for this going to be good enough for
> you?  I was thinking of also adding a "default" keyword to control
> net.ipv6.conf.default.*, for example:
> 
> 	disable_ipv6=all,default,eth0,eth1
> 	autoconf=all,default,eth2,eth3
> 
> This is because "default" is what's inherited by all the ethX values,
> "all" is the big hammer.

This is still unclear for me. I've been assuming that by changing
"default" all future devices will inherit the value, but leaving existing
devices as is. "all" I've assumed takes all existing interfaces, but
leaving default as is. Is this what you are saying?

> And also adding an "enable_ipv6" one:
> 
> 	enable_ipv6=lo,eth4,eth5
> 
> This would let you do:
> 
> 	disable_ipv6=default
> 	enable_ipv6=lo,eth0
> 
> Which saves you from listing many interfaces:
> 
> 	disable_ipv6=eth1,eth2,eth3,eth4....
> 
> Of course I could be over-thinking this and the simple solution could work just
> fine:
> 
> 	disable_ipv6=1
> 	autoconf=0
> 
> Then just let you put things in sysctl.conf to enable what you want.  I'll play
> with that first to see if it's enough.

I think this would be enough yes. Probably best to think about how one
would be able to set boot paramets so that a machine gets static address
and no autoconf, for example for NFS-root etc. This falls under same
"mission"?

> I'd rather get this right the first time...

Ofcourse :)

> > How about the behaviour that I described:
> > 
> >     root:~# sysctl net.ipv6.conf.all.accept_ra 
> >     net.ipv6.conf.all.accept_ra = 1 
> >     root:~# sysctl -w net.ipv6.conf.all.accept_ra=0 
> >     net.ipv6.conf.all.accept_ra = 0 
> >     root:~# sysctl net.ipv6.conf.eth0.accept_ra 
> >     net.ipv6.conf.all.accept_ra = 1  
> > 
> > Is this intended behaviour or not? Bug or (mis)feature?
> 
> I *think* that's intended, at least it's one of the ways IPv6 differs from IPv4
> - setting "all" doesn't reset to individual nic settings.  But the code in
> ndisc_router_discovery() should probably check the "all" flag and drop the RA.
> The other "all" sysctl's should behave the same, so someone needs to take a
> deeper look.

OK, I have this weird feeling that this "worked" some years ago, but I
dont have any old systems to try out that theory on. I fail to see wht
purpose "all" has, if it isn't setting the value of all interfaces.

Again, thank you very much for looking into this! :)

-- kolla
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ