kernel: disable accept_ra by default
authorMatthias Schiffer <mschiffer@universe-factory.net>
Thu, 12 Apr 2018 20:14:56 +0000 (22:14 +0200)
committerMatthias Schiffer <mschiffer@universe-factory.net>
Tue, 17 Apr 2018 20:08:12 +0000 (22:08 +0200)
Our commands setting accept_ra to 0 on all interfaces got lost in the
transition to procd. This remained unnoticed for a long time, as we also
enable forwarding on all interfaces, which prevents RA handling by default.

Restore the commands, while also fixing a possible race condition in the
old version.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
package/base-files/Makefile
package/base-files/files/etc/init.d/sysctl

index 45a1f4c..7fe8642 100644 (file)
@@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk
 include $(INCLUDE_DIR)/feeds.mk
 
 PKG_NAME:=base-files
-PKG_RELEASE:=189
+PKG_RELEASE:=190
 PKG_FLAGS:=nonshared
 
 PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
index 8722126..a236a01 100755 (executable)
@@ -26,6 +26,14 @@ apply_defaults() {
                net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \
                net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \
                net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh"
+
+       # first set default, then all interfaces to avoid races with appearing interfaces
+       if [ -d /proc/sys/net/ipv6/conf ]; then
+               echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
+               for iface in /proc/sys/net/ipv6/conf/*/accept_ra; do
+                       echo 0 > "$iface"
+               done
+       fi
 }
 
 start() {