Skip to content

GitLab

aports
aports
Open
Opened by Nico Schottelius@telmich1💬Contributor

[radvd] Shutting down radvd stops/breaks IPv6 forwarding

When shutting down radvd, ipv6 forwarding is turned off, even though it was on before radvd was started:

[11:02] router1.place6:~# sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 1
[11:02] router1.place6:~# /etc/init.d/radvd start; sleep 3; /etc/init.d/radvd stop; sysctl net.ipv6.conf.a
ll.forwarding
 * Enabling IPv6 forwarding ...                                                                     [ ok ]
 * Starting IPv6 Router Advertisement Daemon ...                                                    [ ok ]
 * Stopping IPv6 Router Advertisement Daemon ...                                                    [ ok ]
 * Disabling IPv6 forwarding ...                                                                    [ ok ]
net.ipv6.conf.all.forwarding = 0
[11:03] router1.place6:~#

This breaks every router which has to start/stop radvd occasionally.

I see the code block for start/and stop

# start
        if [ "${FORWARD}" != "no" ]; then
                ebegin "Enabling IPv6 forwarding"
                sysctl -w "${SYSCTL_FORWARD}=1" >/dev/null
                eend $?
        fi

# stop
        if [ "${FORWARD}" != "no" ]; then
                ebegin "Disabling IPv6 forwarding"
                sysctl -w "${SYSCTL_FORWARD}=0" > /dev/null
                eend $?
        fi

I think the logic in the init script is a bit weird.

  • If FORWARD=yes and forwarding was enabled before, it clears it on exit
  • FORWARD=no does not really disable forwarding
  • Other distros don't have the radvd init script modify the sysctl by default and radvd just fails to start if forwarding is not enabled. ** I would have expected similar behaviour here
  • Enabling ipv6 forwarding without knowing it also might have unwanted side effects (i.e. forwarding to networks that are configured, but not yet firewalled).

So my proposals (in order) are:

  • Remove the FORWARD= logic from radvd as it's unexpected and has potentially complex side effects
  • If we want to keep it, set it to FORWARD=no by default OR
  • restore the before radvd situation on exit (but this might ugly and still not as intended) ** might not have been enabled before starting radvd ** then the user modifies / uses forwarding which works due to radvd side effect ** radvd is stopped -> other services of the user break
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information