[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: connect() with AF_INET6 freezes on some Debian/unstable machine

On 2015-04-08 01:41:58 +0300, Reco wrote:
> On Wed, Apr 08, 2015 at 12:00:59AM +0200, Vincent Lefevre wrote:
> > > Can I see the output of the following, please:
> > > 
> > > ip -6 a l dev eth0
> > 
> > ypig:~> ip -6 a l dev eth0
> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> >     inet6 2001:1::21f:29ff:fe04:3efb/64 scope global mngtmpaddr dynamic 
> >        valid_lft 2557017sec preferred_lft 569817sec
> This. Every time you see this - that means your host received an advice
> to configure IPv6 address from an advertised network and to use the
> sender as a router. Your host's routing table shows exactly the same.
> SLAAC is a good thing if the host that advertises RA is an actual
> router. If it is not - you get exactly the behavior you got.

Thanks for the information. Do you mean that random machines on
the network can send fake advertising? Otherwise how is "the host
that advertises RA" determined?

If SLAAC can be a bad thing on arbitrary networks, why is it enabled
by default? (IMHO, the default should be the safest.)

> The correct way to deal with this then is to disable accepting RAs on
> your host:
> echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra

I did *not* do that yet, but I can see:

ypig:~> cat /proc/sys/net/ipv6/conf/all/accept_ra

i.e. it is already 1 (ditto for /proc/sys/net/ipv6/conf/eth0/accept_ra).
Or do you mean 0?

But on the other machine that doesn't have this "scope global",
/proc/sys/net/ipv6/conf/*/accept_ra is also 1, so that I'm confused.

Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to: