On Sat, Mar 26, 2016 at 04:17:44PM +0100, Martin Mares wrote: > First of all, disabling ipv6.conf.(all|default).accept_ra > in /etc/sysctl.conf does not work reliably for three reasons: > > (1) With systemd, there is no dependency between sysctl and > networking, so there is a race condition. I just reported it > as bug for procps (sorry, no bug number yet).
Ok. Maybe I should add an ordering dependency in ifupdown's service file
as well, just to be sure.
> (2) conf.all.accept_ra seems to be ignored by the kernel
> (actually, conf.all works only with a couple of options like
> forwarding).
>
> (3) conf.default.accept_ra does not help if the interface
> already exists when systemd-sysctl.service runs.
Hm. So a solution is perhaps to set both conf.default.accept_ra and
conf.$IFACE.accept_ra in /etc/sysctl.conf?
> Second, if /etc/network/interfaces specifies both IPv6 and
> IPv6 addresses, the interface is already up when ifup sets
> conf.$IFACE.accept_ra=0. Hence there is a small time window
> when the RA can be accepted. Yes, our router is sometimes
> fast enough to hit it ;)
Ah. It's a feature or limitation (depending how you look at it) that
ifupdown processes iface stanzas independently and in order. So you
could try to move the inet6 stanza before the inet one.
> I wonder what is the right solution... I see these possibilities:
>
> (a) We could make ifup set accept_ra before it tries
> to up the interface for the first time.
You can try whether this works by just adding a pre-up command to the
first stanza for that interface.
> (b) ifup could explicitly flush routes with proto=ra
> before setting up the default route.
Hm, that is perhaps a good solution. Can you test that by adding the
following post-up command to your inet6 stanza?
ip address flush dev $IFACE mngtmpaddr
> (c) The kernel could drop such routes when accept_ra
> is turned off.
I don't know if that is a good idea. In any case, it's best if the
userspace tools handle it without depending on the kernel to do it
right.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <g...@debian.org>
signature.asc
Description: Digital signature
