[openwrt/openwrt] kernel: disable accept_ra by default

LEDE Commits lede-commits at lists.infradead.org
Tue Apr 17 13:08:52 PDT 2018 

neoraider pushed a commit to openwrt/openwrt.git, branch master:
https://git.lede-project.org/bb46520159c0119e829900e29681feea6f297fe0

commit bb46520159c0119e829900e29681feea6f297fe0
Author: Matthias Schiffer <mschiffer at universe-factory.net>
AuthorDate: Thu Apr 12 22:14:56 2018 +0200

    kernel: disable accept_ra by default
    
    Our commands setting accept_ra to 0 on all interfaces got lost in the
    transition to procd. This remained unnoticed for a long time, as we also
    enable forwarding on all interfaces, which prevents RA handling by default.
    
    Restore the commands, while also fixing a possible race condition in the
    old version.
    
    Signed-off-by: Matthias Schiffer <mschiffer at universe-factory.net>
---
 package/base-files/Makefile                | 2 +-
 package/base-files/files/etc/init.d/sysctl | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index 45a1f4c..7fe8642 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk
 include $(INCLUDE_DIR)/feeds.mk
 
 PKG_NAME:=base-files
-PKG_RELEASE:=189
+PKG_RELEASE:=190
 PKG_FLAGS:=nonshared
 
 PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
diff --git a/package/base-files/files/etc/init.d/sysctl b/package/base-files/files/etc/init.d/sysctl
index 8722126..a236a01 100755
--- a/package/base-files/files/etc/init.d/sysctl
+++ b/package/base-files/files/etc/init.d/sysctl
@@ -26,6 +26,14 @@ apply_defaults() {
 		net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \
 		net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \
 		net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh"
+
+	# first set default, then all interfaces to avoid races with appearing interfaces
+	if [ -d /proc/sys/net/ipv6/conf ]; then
+		echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
+		for iface in /proc/sys/net/ipv6/conf/*/accept_ra; do
+			echo 0 > "$iface"
+		done
+	fi
 }
 
 start() {

More information about the lede-commits mailing list