[PATCH] sysctl.conf/configurenetwork: Harmonize "all" and "default"
Adrian Schmutzler
mail at adrianschmutzler.de
Di Jan 30 14:34:08 CET 2018
Hallo Robert,
ich habe auch darüber nachgedacht, die einfach zu löschen.
Aber vll. weiß ja jemand, wie man sie ERSETZEN kann?
Grüße
Adrian
> -----Original Message-----
> From: robert [mailto:rlanghammer at web.de]
> Sent: Dienstag, 30. Januar 2018 14:32
> To: Adrian Schmutzler <freifunk at adrianschmutzler.de>
> Subject: Re: [PATCH] sysctl.conf/configurenetwork: Harmonize "all" and
> "default"
>
> Ich finde auch, dass man es so machen kann. Die accept_ra explizit beim
> Konfigurieren setzen.
>
> net.ipv6.conf.default.max_addresses = 0
> net.ipv6.conf.all.max_addresses = 0
> Das sollte noch raus, dann wird der Defaultwert 16 gesetzt. Warum man das
> mal rein hat, kann ich nicht sagen.
>
> Und das auch weg wegen:
>
> sysctl: error: 'net.ipv6.conf.default.accept_ra_rtr_pref' is an unknown key
> sysctl: error: 'net.ipv6.conf.all.accept_ra_rtr_pref' is an unknown key
>
> Und die gibts auch nicht mehr:
>
> sysctl: error: 'net.ipv4.netfilter.ip_conntrack_checksum' is an unknown key
> sysctl: error: 'net.ipv4.netfilter.ip_conntrack_max' is an unknown key
> sysctl: error: 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established'
> is an unknown key
> sysctl: error: 'net.ipv4.netfilter.ip_conntrack_udp_timeout' is an unknown
> key
> sysctl: error: 'net.ipv4.netfilter.ip_conntrack_udp_timeout_stream' is an
> unknown key
>
> Koennte man doch gleich mit aufraeumen.
>
> Robert
>
> Am 30.01.2018 um 12:57 schrieb Adrian Schmutzler:
> > This harmonizes settings for all and default and applies WAN- specific
> > settings only directly to the WAN interface by using configurenetwork.
> >
> > Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
> >
> > ---
> >
> > This patch requires the configurenetwork tidy-up patches beforehand.
> >
> > It effectively reverts most of the changes in
> >
> https://github.com/FreifunkFranken/firmware/commit/118d7d8236d6e3dc6
> 7a
> > e68fa41a29fe96de21ac1#diff-e442ca9025162ec51dcb665a6f9e0327
> >
> > For more info, see
> > https://mantis.freifunk-franken.de/view.php?id=83
> >
> > Note that this does NOT FIX the ULA IPv6 issue, but only prepares the
> > way there.
> > ---
> > bsp/default/root_file_system/etc/sysctl.conf | 22 ++++++++++++------
> ----
> > .../fff-network/files/usr/sbin/configurenetwork | 5 +++--
> > 2 files changed, 15 insertions(+), 12 deletions(-)
> >
> > diff --git a/bsp/default/root_file_system/etc/sysctl.conf
> > b/bsp/default/root_file_system/etc/sysctl.conf
> > index f6d85a7..d1da18d 100644
> > --- a/bsp/default/root_file_system/etc/sysctl.conf
> > +++ b/bsp/default/root_file_system/etc/sysctl.conf
> > @@ -1,5 +1,7 @@
> > kernel.panic=3
> > net.ipv4.conf.default.arp_ignore=1
> > +net.ipv4.conf.default.forwarding=0
> > +net.ipv4.conf.default.send_redirects=0
> > net.ipv4.conf.all.arp_ignore=1
> > net.ipv4.conf.all.forwarding=0
> > net.ipv4.conf.all.send_redirects=0
> > @@ -18,6 +20,7 @@ net.netfilter.nf_conntrack_checksum=0
> >
> > #Controls source route verification
> > net.ipv4.conf.default.rp_filter=1
> > +net.ipv4.conf.all.rp_filter=1
> >
> > #Do not accept source routing
> > net.ipv4.conf.all.accept_source_route=0
> > @@ -27,7 +30,6 @@ net.ipv4.conf.default.accept_redirects=0
> > net.ipv4.icmp_echo_ignore_broadcasts=1
> > net.ipv4.icmp_ignore_bogus_error_responses=1
> > net.ipv4.ip_forward=0
> > -# net.ipv6.conf.all.forwarding=1
> >
> > # disable bridge firewalling by default
> > net.bridge.bridge-nf-call-arptables=0
> > @@ -38,29 +40,29 @@ net.ipv6.conf.default.accept_dad=0
> > net.ipv6.conf.default.accept_ra=0
> > net.ipv6.conf.default.accept_redirects=0
> > net.ipv6.conf.all.accept_dad=0
> > -net.ipv6.conf.all.accept_ra=1
> > +net.ipv6.conf.all.accept_ra=0
> > net.ipv6.conf.all.accept_redirects=0
> >
> > # Number of Router Solicitations to send until assuming no routers are
> present.
> > # This is host and not router
> > net.ipv6.conf.default.router_solicitations = 0
> > net.ipv6.conf.all.router_solicitations = 0
> > -
> > +
> > # Accept Router Preference in RA?
> > net.ipv6.conf.default.accept_ra_rtr_pref = 0
> > -net.ipv6.conf.all.accept_ra_rtr_pref = 1
> > -
> > +net.ipv6.conf.all.accept_ra_rtr_pref = 0
> > +
> > # Learn Prefix Information in Router Advertisement
> > net.ipv6.conf.default.accept_ra_pinfo = 0
> > -net.ipv6.conf.all.accept_ra_pinfo = 1
> > -
> > +net.ipv6.conf.all.accept_ra_pinfo = 0
> > +
> > # Setting controls whether the system will accept Hop Limit settings
> > from a router advertisement net.ipv6.conf.default.accept_ra_defrtr =
> > 0 -net.ipv6.conf.all.accept_ra_defrtr = 1
> > +net.ipv6.conf.all.accept_ra_defrtr = 0
> >
> > #router advertisements can cause the system to assign a global
> > unicast address to an interface net.ipv6.conf.default.autoconf = 0
> > -net.ipv6.conf.all.autoconf = 1
> > +net.ipv6.conf.all.autoconf = 0
> >
> > #how many neighbor solicitations to send out per address?
> > net.ipv6.conf.default.dad_transmits = 3 @@ -68,4 +70,4 @@
> > net.ipv6.conf.all.dad_transmits = 3
> >
> > # How many global unicast IPv6 addresses can be assigned to each
> interface?
> > net.ipv6.conf.default.max_addresses = 0
> > -net.ipv6.conf.all.max_addresses = 0 \ No newline at end of file
> > +net.ipv6.conf.all.max_addresses = 0
> > diff --git
> > a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
> > b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
> > index 16b3f8c..623eba9 100755
> > --- a/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
> > +++ b/src/packages/fff/fff-network/files/usr/sbin/configurenetwork
> > @@ -136,10 +136,11 @@ else
> > fi
> > fi
> > if [ -n "$wanon" ]; then
> > - echo "net.ipv6.conf.$WANDEV.accept_ra_defrtr=$wanon" >
> "$sysctlfile"
> > + echo "net.ipv6.conf.$WANDEV.accept_ra=$wanon" > "$sysctlfile"
> > + echo "net.ipv6.conf.$WANDEV.accept_ra_rtr_pref=$wanon" >>
> "$sysctlfile"
> > echo "net.ipv6.conf.$WANDEV.accept_ra_pinfo=$wanon" >>
> "$sysctlfile"
> > + echo "net.ipv6.conf.$WANDEV.accept_ra_defrtr=$wanon" >>
> "$sysctlfile"
> > echo "net.ipv6.conf.$WANDEV.autoconf=$wanon" >> "$sysctlfile"
> > - echo "net.ipv6.conf.$WANDEV.accept_ra_rtr_pref=$wanon" >>
> "$sysctlfile"
> > # Set values for current session, so no reboot is required
> > sysctl -p "$sysctlfile"
> > fi
Mehr Informationen über die Mailingliste franken-dev