Bugfix 5377: Add parameter to control behavior when DAD fails.

RFC-4862 requires that IPv6 operation on an interface be disabled when
DAD fails on a link-local address.  The kernel IPv6 code supports this
feature, but doesn't enable it by default.  This change provides a
configurable parameter to control this behavior, but, like the
kenrnel, disables it by default.
(cherry picked from commit 2e9a80aacef26fc72a2c0a6c1736c44355d77e87)

1 files changed, 26 insertions, 0 deletions

diff --git a/templates/system/ipv6/strict-dad/node.def b/templates/system/ipv6/strict-dad/node.def
new file mode 100644
index 00000000..f3947eef
--- /dev/null
+++ b/templates/system/ipv6/strict-dad/node.def
@@ -0,0 +1,26 @@
+help: Disable IPv6 operation on interface when DAD fails on LL addr
+
+# Enable strict DAD behavior.  Disable IPv6 operation on an interface
+# if DAD fails on the EUI-64 based link-local address.
+#
+create:
+    sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/all/accept_dad"
+    sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/default/accept_dad"
+    for ifname in /sys/class/net/eth* ; do
+	if [ -d $ifname ]; then
+	    ifname=${ifname#/sys/class/net/}
+       	    sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/$ifname/accept_dad"
+	fi
+    done
+
+
+# Revert back to liberal DAD behavior
+delete: 
+    sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/accept_dad"
+    sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/default/accept_dad"
+    for ifname in /sys/class/net/eth* ; do
+	if [ -d $ifname ]; then
+	    ifname=${ifname#/sys/class/net/}
+       	    sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/$ifname/accept_dad"
+	fi
+    done