diff options
author | Bob Gilligan <gilligan@vyatta.com> | 2010-02-23 15:49:57 -0800 |
---|---|---|
committer | Bob Gilligan <gilligan@vyatta.com> | 2010-02-23 15:49:57 -0800 |
commit | 2e9a80aacef26fc72a2c0a6c1736c44355d77e87 (patch) | |
tree | 5ae2103d05c78a09374bc7a11c2f01d723da2797 | |
parent | d83d64624e6acbc09e2e7c7f02cafb3e94695a16 (diff) | |
download | vyatta-cfg-system-2e9a80aacef26fc72a2c0a6c1736c44355d77e87.tar.gz vyatta-cfg-system-2e9a80aacef26fc72a2c0a6c1736c44355d77e87.zip |
Bugfix 5377: Add parameter to control behavior when DAD fails.
RFC-4862 requires that IPv6 operation on an interface be disabled when
DAD fails on a link-local address. The kernel IPv6 code supports this
feature, but doesn't enable it by default. This change provides a
configurable parameter to control this behavior, but, like the
kenrnel, disables it by default.
-rw-r--r-- | templates/system/ipv6/strict-dad/node.def | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/templates/system/ipv6/strict-dad/node.def b/templates/system/ipv6/strict-dad/node.def new file mode 100644 index 00000000..f3947eef --- /dev/null +++ b/templates/system/ipv6/strict-dad/node.def @@ -0,0 +1,26 @@ +help: Disable IPv6 operation on interface when DAD fails on LL addr + +# Enable strict DAD behavior. Disable IPv6 operation on an interface +# if DAD fails on the EUI-64 based link-local address. +# +create: + sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/all/accept_dad" + sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/default/accept_dad" + for ifname in /sys/class/net/eth* ; do + if [ -d $ifname ]; then + ifname=${ifname#/sys/class/net/} + sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/$ifname/accept_dad" + fi + done + + +# Revert back to liberal DAD behavior +delete: + sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/accept_dad" + sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/default/accept_dad" + for ifname in /sys/class/net/eth* ; do + if [ -d $ifname ]; then + ifname=${ifname#/sys/class/net/} + sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/$ifname/accept_dad" + fi + done |