Hello!
On Mon, 8 Jan 2007 21:17:14 +0100 Ralph Passgang <[EMAIL PROTECTED]> wrote: > Am Montag, 8. Januar 2007 03:47 schrieb Thorsten Glaser: > > Wow, finally, someone else who demands support for > > the current version of the Internet Protocol! ;-) I'm currently using OpenWRT, and don't have any time to switch right now, but maybe I'll do in the future. Anyway, I'd find *WRT having good support for IPv6 great :) > And > especially not in a way where the default setup may be attackable, because > ipv6 on eth0 could mean that each vlan (port) can access another vlan over > eth0. I am not sure, because I haven't checked yet, but it would be better to > fix that anyway. An my Asus WL-500gP eth0 is splitted into vlan0 and vlan1. The router can't communicate with addresses added directly to eth0. Therefore this doesn't seem to have any impact on this router. > So if eth0 gets activated at boot time it binds at least a link local address. > If a router is annoucing a network also a ip from this network get activated. > > Later on eth0.0 is initialized. Is eth0.0 a vlan interface, or is it a "virtual copy" of eth0 added by ifconfig? ifconfig creates them for adding more than one address to an interface, which has become superfluos with the more recent iproute2 tools. > But eth0.0 doesn't bind > additional announced ip/network on eth0.0. If eth0.0 is a virtual copy from ifconfig, no additional autoconf is the right thing. > The only correct solution can be to no activate ipv6 on eth0. But this is not > configurable via proc or something like this. You can disable "autoconf" > and "accept_ra" and stuff like this on eth0. But you can only set this AFTER > the interface is up I think this is incorrect. /proc/sys/net/ipv6/conf/<iface>/* (or most of it) can be changed as soon as the network interface is provided by the driver, but before the interface status is changed from "down" to "up". There might be a hotplug system which automatically sets interfaces to "up" as soon as the driver adds them. But this is configurable. (/etc/hotplug* or so) > I also manipulated the kernel and disabled autoconf by default. I think you can also disable autoconf by default while the driver is not loaded by doing "echo 0 > /proc/sys/net/ipv6/conf/default/autoconf" (or "sysctl net.ipv6.conf.default.autoconf=0", if available). > This hack > needs to be done in a .c file of the kernel and cannot be set at runtime. Probably not a solution one would want to do :) > But > even without autoconf the link local adress is set up on eth0. Just an > annouced network gets ignored. So hacking addrconf.c isn't clever too. > > The best solution is to run "ip -6 addr flush eth0" to disable ipv6 on eth0 > completely. I am not sure whether duplicate link-local addresses are a problem. If communication via eth0 isn't possible anyway (vlan setup) I think they should not do no harm. By the way, does someone know whether we are able to disable generation of link-local addresses? In case we simply don't want to use them. Regards, Milan
pgpo40uV3EjaX.pgp
Description: PGP signature
_______________________________________________ freewrt-developers mailing list [email protected] https://www.freewrt.org/lists/listinfo/freewrt-developers
