summaryrefslogtreecommitdiff
path: root/templates/system/ipv6/strict-dad/node.def
diff options
context:
space:
mode:
authorBob Gilligan <gilligan@vyatta.com>2010-02-23 15:49:57 -0800
committerBob Gilligan <gilligan@vyatta.com>2010-02-23 15:49:57 -0800
commit2e9a80aacef26fc72a2c0a6c1736c44355d77e87 (patch)
tree5ae2103d05c78a09374bc7a11c2f01d723da2797 /templates/system/ipv6/strict-dad/node.def
parentd83d64624e6acbc09e2e7c7f02cafb3e94695a16 (diff)
downloadvyatta-cfg-system-2e9a80aacef26fc72a2c0a6c1736c44355d77e87.tar.gz
vyatta-cfg-system-2e9a80aacef26fc72a2c0a6c1736c44355d77e87.zip
Bugfix 5377: Add parameter to control behavior when DAD fails.
RFC-4862 requires that IPv6 operation on an interface be disabled when DAD fails on a link-local address. The kernel IPv6 code supports this feature, but doesn't enable it by default. This change provides a configurable parameter to control this behavior, but, like the kenrnel, disables it by default.
Diffstat (limited to 'templates/system/ipv6/strict-dad/node.def')
-rw-r--r--templates/system/ipv6/strict-dad/node.def26
1 files changed, 26 insertions, 0 deletions
diff --git a/templates/system/ipv6/strict-dad/node.def b/templates/system/ipv6/strict-dad/node.def
new file mode 100644
index 00000000..f3947eef
--- /dev/null
+++ b/templates/system/ipv6/strict-dad/node.def
@@ -0,0 +1,26 @@
+help: Disable IPv6 operation on interface when DAD fails on LL addr
+
+# Enable strict DAD behavior. Disable IPv6 operation on an interface
+# if DAD fails on the EUI-64 based link-local address.
+#
+create:
+ sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/all/accept_dad"
+ sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/default/accept_dad"
+ for ifname in /sys/class/net/eth* ; do
+ if [ -d $ifname ]; then
+ ifname=${ifname#/sys/class/net/}
+ sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/$ifname/accept_dad"
+ fi
+ done
+
+
+# Revert back to liberal DAD behavior
+delete:
+ sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/accept_dad"
+ sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/default/accept_dad"
+ for ifname in /sys/class/net/eth* ; do
+ if [ -d $ifname ]; then
+ ifname=${ifname#/sys/class/net/}
+ sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/$ifname/accept_dad"
+ fi
+ done