On Mon, Mar 28, 2011 at 04:45:52PM +0200, Matthieu Herrb wrote:
Hi,
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org 2011/03/22 18:59:49
Modified files:
usr.sbin/rtsold: if.c rtsold.8 rtsold.c rtsold.h
Log message:
Print a warning when rtsol or rtsold are used to do IPv6
autoconfiguration
but accepting redirects is turned off. If the -F switch is given,
set sysctl net.inet6.icmp6.rediraccept to 1 instead.
ok claudio@ deraadt@ sthen@
May I ask why this is needed? I've run IPv6 autoconfigurations on my
machines with net.inet6.icmp6.rediraccept=0 for years without
visible trouble.
We changed the net.inet6.icmp6.rediraccept default from 1 to 0.
That triggered the reconsideration of the rtsol behaviour.
RFC 4861 is relevant:
A router MUST NOT update its routing tables upon receipt of a
Redirect.
A host receiving a valid redirect SHOULD update its Destination Cache
accordingly so that subsequent traffic goes to the specified target.
My idea was to convert the system into a host with rtsol -F by
setting also the net.inet6.icmp6.rediraccept sysctl.
When accepting router advertisements, redirects are not more harmful.
A host has to trust the local network anyway. The idea of
autoconfiguration is to get the default route from the router
advertisement and all other routes from redirects. So they should
act together.
When you only have one default router in the network it makes no
difference. But if there are other routers, the default router can
tell the hosts the shortcut. This avoids additional traffic and
ignored redirect packets.
If you don't like the feature, don't use -F.
bluhm
