The kernel already supports disabling Duplicate Address Detection (DAD)
by setting net.ipv6.conf.$interface.accept_dad to 0. However, for
interfaces available at boot time, the kernel brings up the interface
and sets up the link-local address before processing sysctls set on the
kernel command line; thus, setting
sysctl.net.ipv6.conf.default.accept_dad=0 on the kernel command line
does not suffice to affect such interfaces.
Add a configuration option to set the default value of accept_dad for
new interfaces.
Signed-off-by: Josh Triplett <josh@xxxxxxxxxxxxxxxx>
---
I'm in a virtualized environment, and I'm trying to bring up network
interfaces (including IPv6) extremely quickly and have them be
immediately usable. I tried many different approaches to disable DAD on
the interface, but I didn't find *any* way to successfully disable DAD
before the kernel brought up the link-local address for eth0 and set it
as tentative.
I've verified that this option *does* successfully cause the link-local
address for interfaces to not show up as "tentative".
If this approach isn't appealing, or if there's a better way to
accomplish this, I'd welcome suggestions for alternative approaches.
Documentation/networking/ip-sysctl.rst | 4 +++-
net/ipv6/Kconfig | 10 ++++++++++
net/ipv6/addrconf.c | 4 ++++
3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
index 87dd1c5283e6..302f1f208339 100644
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -2496,11 +2496,13 @@ accept_dad - INTEGER
== ==============================================================
0 Disable DAD
- 1 Enable DAD (default)
+ 1 Enable DAD
2 Enable DAD, and disable IPv6 operation if MAC-based duplicate
link-local address has been found.
== ==============================================================
+ Default: 1 if CONFIG_IPV6_DAD_DEFAULT_DISABLE is not set, otherwise 0.
+
DAD operation and mode on a given interface will be selected according
to the maximum value of conf/{all,interface}/accept_dad.
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index 658bfed1df8b..3535e1b6a38f 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -48,6 +48,16 @@ config IPV6_OPTIMISTIC_DAD
If unsure, say N.
+config IPV6_DAD_DEFAULT_DISABLE
+ bool "IPv6: Disable Duplicate Address Detection by default"
+ help
+ If enabled, this sets the default value of the
+ net.ipv6.conf.default.accept_dad sysctl to 0, disabling Duplicate
+ Address Detection (DAD). This allows the modified default to be
+ picked up early enough to affect interfaces that exist at boot time.
+
+ If unsure, say N.
+
config INET6_AH
tristate "IPv6: AH transformation"
select XFRM_AH
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index faa47f9ea73a..e931c836a5dd 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -274,7 +274,11 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
.proxy_ndp = 0,
.accept_source_route = 0, /* we do not accept RH0 by default. */
.disable_ipv6 = 0,
+#ifdef CONFIG_IPV6_DAD_DEFAULT_DISABLE
+ .accept_dad = 0,
+#else
.accept_dad = 1,
+#endif
.suppress_frag_ndisc = 1,
.accept_ra_mtu = 1,
.stable_secret = {
--
2.40.0
