Bug#643805: linux-image-3.0.0-1-686-pae: ipv4/conf/all/* entries do not work in /proc/sys/net/
On Thu, Sep 29, 2011 at 10:24:36PM +0200, Alexandre Chapellon wrote:
> Package: linux-2.6
> Version: 3.0.0-3
> Severity: normal
>
> Dear Maintainer,
>
> I have a vpn gateway that periodically sends icmp redirects to the hosts of my
> network (when renegociating tunnels), I configured hosts not to accepts
> reidrects by uncommenting the default directive found in sysctl.conf:
>
> net.ipv4.conf.all.accept_redirects = 0
Settings under net.ipv4.conf.all should affect all currently
existing interfaces, but not newly created interfaces.
[...]
> If i try to echo the value in the proc filesystem, It's no better:
> root@elronde:/home/alxgomzecho 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
> root@elronde:/home/alxgomz# cat /proc/sys/net/ipv4/conf/*/accept_redirects
> 0
> 1
> 1
> 1
> 1
>
> Where I expected this to put all interfaces to zero.
That is what I would expect, too. Were any network interfaces
created in between running those two commands?
> the entry ./default/accept_redirects seems to work as expected.
Settings under net.ipv4.conf.default should affect all newly created
interfaces, but not any currently existing interfaces.
> I have seen the same behaviour for other proc entries such as send_redirects
> and notices the bug #630650 that is maybe related.
[...]
Report #630650 is incoherent.
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110929205357.GD18656@decadent.org.uk">http://lists.debian.org/20110929205357.GD18656@decadent.org.uk
09-29-2011, 09:55 PM
Alexandre
Bug#643805: linux-image-3.0.0-1-686-pae: ipv4/conf/all/* entries do not work in /proc/sys/net/
2011/9/29 Ben Hutchings <ben@decadent.org.uk>
On Thu, Sep 29, 2011 at 10:24:36PM +0200, Alexandre Chapellon wrote:
> Package: linux-2.6
> Version: 3.0.0-3
> Severity: normal
>
> Dear Maintainer,
>
> I have a vpn gateway that periodically sends icmp redirects to the hosts of my
> network (when renegociating *tunnels), I configured hosts not to accepts
> reidrects by uncommenting the default directive found in sysctl.conf:
>
> net.ipv4.conf.all.accept_redirects = 0
Settings under net.ipv4.conf.all should affect all currently
existing interfaces, but not newly created interfaces.
[...]
> If i try to echo the value in the proc filesystem, It's no better:
Bug#643805: linux-image-3.0.0-1-686-pae: ipv4/conf/all/* entries do not work in /proc/sys/net/
Any news about this issue.
The problems remains identical here:
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
Do not set the send_redirects (same problem on client machine with
accept_redirects) of existing interfaces to 0
Furthermore I have tried setting
/proc/sys/net/ipv4/conf/default/send_redirects=0 in sysctl.conf to
prohibit gateway from sending thoose icmp redirects but interfaces
defined in /etc/network/interfaces (in my case a bridge) have
send_redirect=1 after boot completes. Which leads me to think that procs
is executed after networking has been setup... and should not.
One more things. On client machine I have the following when try to get
the route:
ip r g 172.20.0.10
172.20.0.10 via 172.17.2.1 dev wlan0 src 172.17.2.65
cache <redirected> ipid 0x23f0
I haven't found a way to get rid of that "redirected" route, except
reboot (even by flushing iproute2 cache). How can I get remove such a route?
Regards.
--
<http://www.horoa.net>
Alexandre Chapellon
Ingénierie des systèmes open sources et réseaux.
Follow me on twitter: @alxgomz <http://www.twitter.com/alxgomz>
--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4EAA4FA1.7050101@horoa.net">http://lists.debian.org/4EAA4FA1.7050101@horoa.net
Bug#643805: linux-image-3.0.0-1-686-pae: ipv4/conf/all/* entries do not work in /proc/sys/net/
