From 8fd436e3720f8608b9e30132d8aa91ebb9802c74 Mon Sep 17 00:00:00 2001
From: Bob Gilligan <gilligan@vyatta.com>
Date: Tue, 23 Feb 2010 15:49:57 -0800
Subject: Bugfix 5377: Add parameter to control behavior when DAD fails.

RFC-4862 requires that IPv6 operation on an interface be disabled when
DAD fails on a link-local address.  The kernel IPv6 code supports this
feature, but doesn't enable it by default.  This change provides a
configurable parameter to control this behavior, but, like the
kenrnel, disables it by default.
(cherry picked from commit 2e9a80aacef26fc72a2c0a6c1736c44355d77e87)
---
 templates/system/ipv6/strict-dad/node.def | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 templates/system/ipv6/strict-dad/node.def

diff --git a/templates/system/ipv6/strict-dad/node.def b/templates/system/ipv6/strict-dad/node.def
new file mode 100644
index 00000000..f3947eef
--- /dev/null
+++ b/templates/system/ipv6/strict-dad/node.def
@@ -0,0 +1,26 @@
+help: Disable IPv6 operation on interface when DAD fails on LL addr
+
+# Enable strict DAD behavior.  Disable IPv6 operation on an interface
+# if DAD fails on the EUI-64 based link-local address.
+#
+create:
+    sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/all/accept_dad"
+    sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/default/accept_dad"
+    for ifname in /sys/class/net/eth* ; do
+	if [ -d $ifname ]; then
+	    ifname=${ifname#/sys/class/net/}
+       	    sudo sh -c "echo 2 > /proc/sys/net/ipv6/conf/$ifname/accept_dad"
+	fi
+    done
+
+
+# Revert back to liberal DAD behavior
+delete: 
+    sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/accept_dad"
+    sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/default/accept_dad"
+    for ifname in /sys/class/net/eth* ; do
+	if [ -d $ifname ]; then
+	    ifname=${ifname#/sys/class/net/}
+       	    sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/$ifname/accept_dad"
+	fi
+    done
-- 
cgit v1.2.3