diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2018-04-12 22:14:56 +0200 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2018-04-17 22:08:12 +0200 |
commit | bb46520159c0119e829900e29681feea6f297fe0 (patch) | |
tree | b39719afb3858748ec8d12691fb09a9585ce6470 | |
parent | 030a23001b74ede5fa2e6070a8fb04f3feccfbbd (diff) | |
download | upstream-bb46520159c0119e829900e29681feea6f297fe0.tar.gz upstream-bb46520159c0119e829900e29681feea6f297fe0.tar.bz2 upstream-bb46520159c0119e829900e29681feea6f297fe0.zip |
kernel: disable accept_ra by default
Our commands setting accept_ra to 0 on all interfaces got lost in the
transition to procd. This remained unnoticed for a long time, as we also
enable forwarding on all interfaces, which prevents RA handling by default.
Restore the commands, while also fixing a possible race condition in the
old version.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
-rw-r--r-- | package/base-files/Makefile | 2 | ||||
-rwxr-xr-x | package/base-files/files/etc/init.d/sysctl | 8 |
2 files changed, 9 insertions, 1 deletions
diff --git a/package/base-files/Makefile b/package/base-files/Makefile index 45a1f4cc81..7fe8642ff5 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk include $(INCLUDE_DIR)/feeds.mk PKG_NAME:=base-files -PKG_RELEASE:=189 +PKG_RELEASE:=190 PKG_FLAGS:=nonshared PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ diff --git a/package/base-files/files/etc/init.d/sysctl b/package/base-files/files/etc/init.d/sysctl index 8722126a66..a236a0194b 100755 --- a/package/base-files/files/etc/init.d/sysctl +++ b/package/base-files/files/etc/init.d/sysctl @@ -26,6 +26,14 @@ apply_defaults() { net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \ net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \ net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh" + + # first set default, then all interfaces to avoid races with appearing interfaces + if [ -d /proc/sys/net/ipv6/conf ]; then + echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra + for iface in /proc/sys/net/ipv6/conf/*/accept_ra; do + echo 0 > "$iface" + done + fi } start() { |