gluon/patches/lede/0073-kernel-disable-accept_ra-by-default.patch

From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Thu, 12 Apr 2018 22:14:56 +0200
Subject: kernel: disable accept_ra by default

Our commands setting accept_ra to 0 on all interfaces got lost in the
transition to procd. This remained unnoticed for a long time, as we also
enable forwarding on all interfaces, which prevents RA handling by default.

Restore the commands, while also fixing a possible race condition in the
old version.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

diff --git a/package/base-files/files/etc/init.d/sysctl b/package/base-files/files/etc/init.d/sysctl
index 8722126a6612d67a3f615166a7fbec146207e97f..a236a0194b665ff56c8330930bfd44709d1b0d3d 100755
--- a/package/base-files/files/etc/init.d/sysctl
+++ b/package/base-files/files/etc/init.d/sysctl
@@ -26,6 +26,14 @@ apply_defaults() {
 		net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \
 		net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \
 		net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh"
+
+	# first set default, then all interfaces to avoid races with appearing interfaces
+	if [ -d /proc/sys/net/ipv6/conf ]; then
+		echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
+		for iface in /proc/sys/net/ipv6/conf/*/accept_ra; do
+			echo 0 > "$iface"
+		done
+	fi
 }
 
 start() {
Backport patches for improved sysctl handling 2018-04-13 10:09:40 +00:00			`From: Matthias Schiffer <mschiffer@universe-factory.net>`
			`Date: Thu, 12 Apr 2018 22:14:56 +0200`
			`Subject: kernel: disable accept_ra by default`

modules: update LEDE efb6ca189641 base-files: /lib/functions.sh: ignore errors in insert_modules b5ba01a0d3f6 fstools: update to latest lede-17.01 branch a9b607740273 kernel: bump kernel 4.4 to 4.4.126 for 17.01 09d95e44fc3d mbedtls: change libmbedcrypto.so soversion back to 0 4673a0bffc89 kernel: mtd: bcm47xxpart: improve handling TRX partition size Also switch to the upstreamed version of "kernel: disable accept_ra by default". 2018-04-17 20:23:26 +00:00			`Our commands setting accept_ra to 0 on all interfaces got lost in the`
			`transition to procd. This remained unnoticed for a long time, as we also`
Backport patches for improved sysctl handling 2018-04-13 10:09:40 +00:00			`enable forwarding on all interfaces, which prevents RA handling by default.`

modules: update LEDE efb6ca189641 base-files: /lib/functions.sh: ignore errors in insert_modules b5ba01a0d3f6 fstools: update to latest lede-17.01 branch a9b607740273 kernel: bump kernel 4.4 to 4.4.126 for 17.01 09d95e44fc3d mbedtls: change libmbedcrypto.so soversion back to 0 4673a0bffc89 kernel: mtd: bcm47xxpart: improve handling TRX partition size Also switch to the upstreamed version of "kernel: disable accept_ra by default". 2018-04-17 20:23:26 +00:00			`Restore the commands, while also fixing a possible race condition in the`
			`old version.`
Backport patches for improved sysctl handling 2018-04-13 10:09:40 +00:00
			`Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>`

modules: update LEDE efb6ca189641 base-files: /lib/functions.sh: ignore errors in insert_modules b5ba01a0d3f6 fstools: update to latest lede-17.01 branch a9b607740273 kernel: bump kernel 4.4 to 4.4.126 for 17.01 09d95e44fc3d mbedtls: change libmbedcrypto.so soversion back to 0 4673a0bffc89 kernel: mtd: bcm47xxpart: improve handling TRX partition size Also switch to the upstreamed version of "kernel: disable accept_ra by default". 2018-04-17 20:23:26 +00:00			`diff --git a/package/base-files/files/etc/init.d/sysctl b/package/base-files/files/etc/init.d/sysctl`
			`index 8722126a6612d67a3f615166a7fbec146207e97f..a236a0194b665ff56c8330930bfd44709d1b0d3d 100755`
			`--- a/package/base-files/files/etc/init.d/sysctl`
			`+++ b/package/base-files/files/etc/init.d/sysctl`
			`@@ -26,6 +26,14 @@ apply_defaults() {`
			`net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \`
			`net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \`
			`net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh"`
			`+`
			`+ # first set default, then all interfaces to avoid races with appearing interfaces`
			`+ if [ -d /proc/sys/net/ipv6/conf ]; then`
			`+ echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra`
			`+ for iface in /proc/sys/net/ipv6/conf/*/accept_ra; do`
			`+ echo 0 > "$iface"`
			`+ done`
			`+ fi`
			`}`

			`start() {`