Re: sys/netinet6/nd6.c: add ND6_IFF_ACCEPT_RTADV flag
----Security_Multipart(Wed_Dec_29_07_16_48_2004_578)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Jeffrey Hsu <hsu@freebsd.org> wrote
in <41D1C96A.2010805@freebsd.org>:
hsu> Since the default behavior is the same, how useful is the
hsu> added functionality to optionally not accept RAs? Also, is
hsu> there a corresponding change to ifconfig required? Thanks.
For a multi-homed IPv6 host with multiple NICs, that the host
accepts all RAs can be a problem because they are not always
trusted and can confuse the routing table and so on. While
the autoconfiguration of IPv6 using RAs itself can be performed
independently on each interface, if the administrator cannot
control which interface accepts RAs (currently "all" or "nothing" can
be set via sysctl), he cannot connect the host to untrusted
IPv6 network, for example.
Changes to the userland utility are needed, too. KAME implements
ndp(8) to handle the flag and I think I will submit the patch soon.
--
| Hiroki SATO
----Security_Multipart(Wed_Dec_29_07_16_48_2004_578)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQBB0dtQTyzT2CeTzy0RAsg/AJ9TcAIRE2wtbayTDjsxuaqKpICXMQCgrvHv
tgJMc+842xdrDikUlBOa0P4=
=3ZeR
-----END PGP SIGNATURE-----
----Security_Multipart(Wed_Dec_29_07_16_48_2004_578)----
討論串 (同標題文章)
完整討論串 (本文為第 3 之 6 篇):