Re: Multiple IPv6 RAs and specific routes broken?

From: Stuart Gathman <stuart gathman org>
To: networkmanager-list gnome org
Subject: Re: Multiple IPv6 RAs and specific routes broken?
Date: Fri, 01 Feb 2013 22:29:23 -0500

According to the IPv6 guys, the reason the kernel defaults to max_plen=0
is because otherwise it is too trivial to grab packets surreptitiously
by advertising a subnet.  So you should configure this to 64 or more -
but only on interfaces with trusted routers.

Long ago, Nostradamus foresaw that on 02/01/2013 01:28 PM, Stuart
Gathman would write:
> Long ago, Nostradamus foresaw that on 01/31/2013 01:19 PM, Pavel Simerda
> would write:
>> ----- Original Message -----
>>> I have a single default router sending RAs, and another router which
>>> does *not* advertise a default route, but instead advertises two
>>> specific routes.  I'm not sure whether NM or the kernel is to blame,
>>> but
>>> while radvdump shows both RAs arriving, the only route installed is
>>> the
>>> default route.  The specific routes are ignored.
>> This is done by kernel. This may actually resolve as two separate problems.sysctl -w net.ipv6.conf.eth0.accept_ra_rt_info_max_plen=64
>>
>> For now I reported it as:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=906505
>>
> I did some playing around on both Fedora 17 and EL6.  I find that you
> must set net.ipv6.conf.eth0.accept_ra_rt_info_max_plen=64
> For specific routes to be installed.  By default, this config is 0.
>

Follow-Ups:
- Re: Multiple IPv6 RAs and specific routes broken?
  - From: Pavel Simerda

References:
- Re: Multiple IPv6 RAs and specific routes broken?
  - From: Stuart Gathman

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]