Re: connect() with AF_INET6 freezes on some Debian/unstable machine

To: debian-user@lists.debian.org
Subject: Re: connect() with AF_INET6 freezes on some Debian/unstable machine
From: Reco <recoverym4n@gmail.com>
Date: Fri, 10 Apr 2015 15:55:38 +0300
Message-id: <[🔎] 20150410125536.GA24534@x101h>
In-reply-to: <[🔎] 20150410123344.GA9029@ypig.lip.ens-lyon.fr>
References: <[🔎] 20150407104218.GA9480@ypig.lip.ens-lyon.fr> <[🔎] 20150407125747.GA1917@x101h> <[🔎] 20150407131914.GC17708@ypig.lip.ens-lyon.fr> <[🔎] 20150407142241.GA4148@x101h> <[🔎] 20150407220059.GA22619@xvii.vinc17.org> <[🔎] 20150407224157.GA32441@x101h> <[🔎] 20150407233544.GA26378@xvii.vinc17.org> <[🔎] 20150408065726.GA2934@x101h> <[🔎] 20150410123344.GA9029@ypig.lip.ens-lyon.fr>

 Hi.

On Fri, Apr 10, 2015 at 02:33:44PM +0200, Vincent Lefevre wrote:
> On 2015-04-08 09:57:28 +0300, Reco wrote:
> > On Wed, Apr 08, 2015 at 01:35:44AM +0200, Vincent Lefevre wrote:
> > > On 2015-04-08 01:41:58 +0300, Reco wrote:
> > > > The correct way to deal with this then is to disable accepting RAs on
> > > > your host:
> > > > 
> > > > echo 1 > /proc/sys/net/ipv6/conf/all/accept_ra
> > > 
> > > I did *not* do that yet, but I can see:
> > > 
> > > ypig:~> cat /proc/sys/net/ipv6/conf/all/accept_ra
> > > 1
> > > 
> > > i.e. it is already 1 (ditto for /proc/sys/net/ipv6/conf/eth0/accept_ra).
> > > Or do you mean 0?
> > 
> > My bad. Zero to disable, one to enable.
> 
> This has no effect. The problem occurs again. I've reported a bug:
> 
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782323
> 
> The SLAAC seems to have occurred about 2 hours after I rebooted the
> machine, since I can see in the logs:
> 
> Apr  9 14:35:07 ypig avahi-daemon[2511]: Leaving mDNS multicast group on interface eth0.IPv6 with address fe80::21f:29ff:fe04:3efb.
> Apr  9 14:35:07 ypig avahi-daemon[2511]: Joining mDNS multicast group on interface eth0.IPv6 with address 2001:1::21f:29ff:fe04:3efb.
> Apr  9 14:35:07 ypig avahi-daemon[2511]: Registering new address record for 2001:1::21f:29ff:fe04:3efb on eth0.*.
> Apr  9 14:35:07 ypig avahi-daemon[2511]: Withdrawing address record for fe80::21f:29ff:fe04:3efb on eth0.

Out of curiosity, does the problem reproduce if avahi-daemon is
stopped?

And, there's always ip6tables, i.e.

ip6tables -I INPUT -p icmpv6 --icmpv6-type 134 -j DROP


> Apr  9 14:35:09 ypig ntpd[2694]: Listen normally on 6 eth0 2001:1::21f:29ff:fe04:3efb UDP 123
> Apr  9 14:35:09 ypig ntpd[2694]: peers refreshed
> 
> I'm wondering. Since ntpd listens on the new address, could this
> be done to modify the date of the machine, thus introducing a huge
> security hole (e.g. concerning normally expired certificates)?

Unlikely. ntpd should limit time slew to 128ms by default. Unless you
run ntpd with '-x' option, of course.

Reco

Reply to:

Follow-Ups:
- Re: connect() with AF_INET6 freezes on some Debian/unstable machine
  - From: Vincent Lefevre <vincent@vinc17.net>

References:
- connect() with AF_INET6 freezes on some Debian/unstable machine
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: connect() with AF_INET6 freezes on some Debian/unstable machine
  - From: Reco <recoverym4n@gmail.com>
- Re: connect() with AF_INET6 freezes on some Debian/unstable machine
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: connect() with AF_INET6 freezes on some Debian/unstable machine
  - From: Reco <recoverym4n@gmail.com>
- Re: connect() with AF_INET6 freezes on some Debian/unstable machine
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: connect() with AF_INET6 freezes on some Debian/unstable machine
  - From: Reco <recoverym4n@gmail.com>
- Re: connect() with AF_INET6 freezes on some Debian/unstable machine
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: connect() with AF_INET6 freezes on some Debian/unstable machine
  - From: Reco <recoverym4n@gmail.com>
- Re: connect() with AF_INET6 freezes on some Debian/unstable machine
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Re: connect() with AF_INET6 freezes on some Debian/unstable machine
Next by Date: Re: debian 8
Previous by thread: Re: connect() with AF_INET6 freezes on some Debian/unstable machine
Next by thread: Re: connect() with AF_INET6 freezes on some Debian/unstable machine
Index(es):
- Date
- Thread