[PATCH] sysctl.conf/configurenetwork: Harmonize "all" and "default"

Adrian Schmutzler mail at adrianschmutzler.de
Di Jan 30 14:34:08 CET 2018 

Hallo Robert,

ich habe auch darüber nachgedacht, die einfach zu löschen.

Aber vll. weiß ja jemand, wie man sie ERSETZEN kann?

Grüße

Adrian

> -----Original Message-----
> From: robert [mailto:rlanghammer at web.de]
> Sent: Dienstag, 30. Januar 2018 14:32
> To: Adrian Schmutzler <freifunk at adrianschmutzler.de>
> Subject: Re: [PATCH] sysctl.conf/configurenetwork: Harmonize "all" and
> "default"
> 
> Ich finde auch, dass man es so machen kann. Die accept_ra explizit beim
> Konfigurieren setzen.
> 
> net.ipv6.conf.default.max_addresses = 0
> net.ipv6.conf.all.max_addresses = 0
> Das sollte noch raus, dann wird der Defaultwert 16 gesetzt. Warum man das
> mal rein hat, kann ich nicht sagen.
> 
> Und das auch weg wegen:
> 
> sysctl: error: 'net.ipv6.conf.default.accept_ra_rtr_pref' is an unknown key
> sysctl: error: 'net.ipv6.conf.all.accept_ra_rtr_pref' is an unknown key
> 
> Und die gibts auch nicht mehr:
> 
> sysctl: error: 'net.ipv4.netfilter.ip_conntrack_checksum' is an unknown key
> sysctl: error: 'net.ipv4.netfilter.ip_conntrack_max' is an unknown key
> sysctl: error: 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established'
> is an unknown key
> sysctl: error: 'net.ipv4.netfilter.ip_conntrack_udp_timeout' is an unknown
> key
> sysctl: error: 'net.ipv4.netfilter.ip_conntrack_udp_timeout_stream' is an
> unknown key
> 
> Koennte man doch gleich mit aufraeumen.
> 
> Robert
> 
> Am 30.01.2018 um 12:57 schrieb Adrian Schmutzler:
> > This harmonizes settings for all and default and applies WAN- specific
> > settings only directly to the WAN interface by using configurenetwork.
> >
> > Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
> >
> > ---
> >
> > This patch requires the configurenetwork tidy-up patches beforehand.
> >
> > It effectively reverts most of the changes in
> >
> https://github.com/FreifunkFranken/firmware/commit/118d7d8236d6e3dc6
> 7a
> > e68fa41a29fe96de21ac1#diff-e442ca9025162ec51dcb665a6f9e0327
> >
> > For more info, see
> > https://mantis.freifunk-franken.de/view.php?id=83
> >
> > Note that this does NOT FIX the ULA IPv6 issue, but only prepares the
> > way there.
> > ---
> >  bsp/default/root_file_system/etc/sysctl.conf       | 22 ++++++++++++------
> ----
> >  .../fff-network/files/usr/sbin/configurenetwork    |  5 +++--
> >  2 files changed, 15 insertions(+), 12 deletions(-)
> >
> > diff --git a/bsp/default/root_file_system/etc/sysctl.conf
> > b/bsp/default/root_file_system/etc/sysctl.conf
> > index f6d85a7..d1da18d 100644
> > --- a/bsp/default/root_file_system/etc/sysctl.conf
> > +++ b/bsp/default/root_file_system/etc/sysctl.conf
> > @@ -1,5 +1,7 @@
> >  kernel.panic=3
> >  net.ipv4.conf.default.arp_ignore=1
> > +net.ipv4.conf.default.forwarding=0
> > +net.ipv4.conf.default.send_redirects=0
> >  net.ipv4.conf.all.arp_ignore=1
> >  net.ipv4.conf.all.forwarding=0
> >  net.ipv4.conf.all.send_redirects=0
> > @@ -18,6 +20,7 @@ net.netfilter.nf_conntrack_checksum=0
> >
> >  #Controls source route verification
> >  net.ipv4.conf.default.rp_filter=1
> > +net.ipv4.conf.all.rp_filter=1
> >
> >  #Do not accept source routing
> >  net.ipv4.conf.all.accept_source_route=0
> > @@ -27,7 +30,6 @@ net.ipv4.conf.default.accept_redirects=0
> >  net.ipv4.icmp_echo_ignore_broadcasts=1
> >  net.ipv4.icmp_ignore_bogus_error_responses=1
> >  net.ipv4.ip_forward=0
> > -# net.ipv6.conf.all.forwarding=1
> >
> >  # disable bridge firewalling by default
> >  net.bridge.bridge-nf-call-arptables=0
> > @@ -38,29 +40,29 @@ net.ipv6.conf.default.accept_dad=0
> >  net.ipv6.conf.default.accept_ra=0
> >  net.ipv6.conf.default.accept_redirects=0
> >  net.ipv6.conf.all.accept_dad=0
> > -net.ipv6.conf.all.accept_ra=1
> > +net.ipv6.conf.all.accept_ra=0
> >  net.ipv6.conf.all.accept_redirects=0
> >
> >  # Number of Router Solicitations to send until assuming no routers are
> present.
> >  # This is host and not router
> >  net.ipv6.conf.default.router_solicitations = 0
> > net.ipv6.conf.all.router_solicitations = 0
> > -
> > +
> >  # Accept Router Preference in RA?
> >  net.ipv6.conf.default.accept_ra_rtr_pref = 0
> > -net.ipv6.conf.all.accept_ra_rtr_pref = 1
> > -
> > +net.ipv6.conf.all.accept_ra_rtr_pref = 0
> > +
> >  # Learn Prefix Information in Router Advertisement
> > net.ipv6.conf.default.accept_ra_pinfo = 0
> > -net.ipv6.conf.all.accept_ra_pinfo = 1
> > -
> > +net.ipv6.conf.all.accept_ra_pinfo = 0
> > +
> >  # Setting controls whether the system will accept Hop Limit settings
> > from a router advertisement  net.ipv6.conf.default.accept_ra_defrtr =
> > 0 -net.ipv6.conf.all.accept_ra_defrtr = 1
> > +net.ipv6.conf.all.accept_ra_defrtr = 0
> >
> >  #router advertisements can cause the system to assign a global
> > unicast address to an interface  net.ipv6.conf.default.autoconf = 0
> > -net.ipv6.conf.all.autoconf = 1
> > +net.ipv6.conf.all.autoconf = 0
> >
> >  #how many neighbor solicitations to send out per address?
> >  net.ipv6.conf.default.dad_transmits = 3 @@ -68,4 +70,4 @@
> > net.ipv6.conf.all.dad_transmits = 3
> >
> >  # How many global unicast IPv6 addresses can be assigned to each
> interface?
> >  net.ipv6.conf.default.max_addresses = 0
> > -net.ipv6.conf.all.max_addresses = 0 \ No newline at end of file
> > +net.ipv6.conf.all.max_addresses = 0
> > diff --git
> > a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
> > b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
> > index 16b3f8c..623eba9 100755
> > --- a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
> > +++ b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
> > @@ -136,10 +136,11 @@ else
> >  	fi
> >  fi
> >  if [ -n "$wanon" ]; then
> > -	echo "net.ipv6.conf.$WANDEV.accept_ra_defrtr=$wanon" >
> "$sysctlfile"
> > +	echo "net.ipv6.conf.$WANDEV.accept_ra=$wanon" > "$sysctlfile"
> > +	echo "net.ipv6.conf.$WANDEV.accept_ra_rtr_pref=$wanon" >>
> "$sysctlfile"
> >  	echo "net.ipv6.conf.$WANDEV.accept_ra_pinfo=$wanon" >>
> "$sysctlfile"
> > +	echo "net.ipv6.conf.$WANDEV.accept_ra_defrtr=$wanon" >>
> "$sysctlfile"
> >  	echo "net.ipv6.conf.$WANDEV.autoconf=$wanon" >> "$sysctlfile"
> > -	echo "net.ipv6.conf.$WANDEV.accept_ra_rtr_pref=$wanon" >>
> "$sysctlfile"
> >  	# Set values for current session, so no reboot is required
> >  	sysctl -p "$sysctlfile"
> >  fi

Mehr Informationen über die Mailingliste franken-dev