domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kernel: disable accept_ra by default

Browse Source 
Our commands setting accept_ra to 0 on all interfaces got lost in the
transition to procd. This remained unnoticed for a long time, as we also
enable forwarding on all interfaces, which prevents RA handling by default.

Restore the commands, while also fixing a possible race condition in the
old version.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This commit is contained in:
Matthias Schiffer
2018-04-12 22:14:56 +02:00
parent 030a23001b
commit bb46520159
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package/base-files/Makefile
View File

@@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk
include $(INCLUDE_DIR)/feeds.mk include $(INCLUDE_DIR)/feeds.mk
PKG_NAME:=base-files PKG_NAME:=base-files
PKG_RELEASE:=189 PKG_RELEASE:=190
PKG_FLAGS:=nonshared PKG_FLAGS:=nonshared
PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/

8
package/base-files/files/etc/init.d/sysctl
View File

@@ -26,6 +26,14 @@ apply_defaults() {
net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \ net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \
net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \ net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \
net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh" net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh"
# first set default, then all interfaces to avoid races with appearing interfaces
if [ -d /proc/sys/net/ipv6/conf ]; then
echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
for iface in /proc/sys/net/ipv6/conf/*/accept_ra; do
echo 0 > "$iface"
done
fi
} }
start() { start() {