On Mon, Mar 28, 2011 at 04:45:52PM +0200, Matthieu Herrb wrote: > Hi, > > > CVSROOT: /cvs > > Module name: src > > Changes by: [email protected] 2011/03/22 18:59:49 > > > Modified files: > > usr.sbin/rtsold: if.c rtsold.8 rtsold.c rtsold.h > > > Log message: > > Print a warning when rtsol or rtsold are used to do IPv6 > > autoconfiguration > > but accepting redirects is turned off. If the -F switch is given, > > set sysctl net.inet6.icmp6.rediraccept to 1 instead. > > ok claudio@ deraadt@ sthen@ > > May I ask why this is needed? I've run IPv6 autoconfigurations on my > machines with net.inet6.icmp6.rediraccept=0 for years without > visible trouble.
We changed the net.inet6.icmp6.rediraccept default from 1 to 0. That triggered the reconsideration of the rtsol behaviour. RFC 4861 is relevant: A router MUST NOT update its routing tables upon receipt of a Redirect. A host receiving a valid redirect SHOULD update its Destination Cache accordingly so that subsequent traffic goes to the specified target. My idea was to convert the system into a host with rtsol -F by setting also the net.inet6.icmp6.rediraccept sysctl. When accepting router advertisements, redirects are not more harmful. A host has to trust the local network anyway. The idea of autoconfiguration is to get the default route from the router advertisement and all other routes from redirects. So they should act together. When you only have one default router in the network it makes no difference. But if there are other routers, the default router can tell the hosts the shortcut. This avoids additional traffic and ignored redirect packets. If you don't like the feature, don't use -F. bluhm
