From bb46520159c0119e829900e29681feea6f297fe0 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Thu, 12 Apr 2018 22:14:56 +0200
Subject: kernel: disable accept_ra by default

Our commands setting accept_ra to 0 on all interfaces got lost in the
transition to procd. This remained unnoticed for a long time, as we also
enable forwarding on all interfaces, which prevents RA handling by default.

Restore the commands, while also fixing a possible race condition in the
old version.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
---
 package/base-files/files/etc/init.d/sysctl | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'package/base-files/files/etc')

diff --git a/package/base-files/files/etc/init.d/sysctl b/package/base-files/files/etc/init.d/sysctl
index 8722126a66..a236a0194b 100755
--- a/package/base-files/files/etc/init.d/sysctl
+++ b/package/base-files/files/etc/init.d/sysctl
@@ -26,6 +26,14 @@ apply_defaults() {
 		net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \
 		net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \
 		net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh"
+
+	# first set default, then all interfaces to avoid races with appearing interfaces
+	if [ -d /proc/sys/net/ipv6/conf ]; then
+		echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
+		for iface in /proc/sys/net/ipv6/conf/*/accept_ra; do
+			echo 0 > "$iface"
+		done
+	fi
 }
 
 start() {
-- 
cgit v1.2.3