-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pppd: defaultroute6 is not frequent option and should not be used #257
Conversation
In pppd.8 manpage move defaultroute6 option from FREQUENTLY USED OPTIONS into OPTIONS and add a warning that this option should not be needed or used on IPv6 networks. Option defaultroute6 is needed only for broken IPv6 networks. Also add nodefaultroute6 into sample options file. Signed-off-by: Pali Rohár <pali@kernel.org>
Excuse my ignorance. I use pppd in openwrt and i noticed that with the latest release pppd started to write the routing table. I stumbled upon this. If nodefaultroute6 should not be needed, should it then not be a default. If true then why is nodefaultroute6 explicitly set in sample/config indicating that it is not a default? Should defaults not be commented out in configs instead? |
@doverride: Seems that in your post you are confused with nodefaultroute6 and defaultroute6. I think it is documented in manual page cleanly. If nodefaultroute6 is specified (e.g. in config file) then defaultroute6 option is privileged operation. So ordinary non-root users cannot use defaultroute6 option. By default both nodefaultroute6 and defaultroute6 options are disabled, meaning that defaultroute6 is not privileged operation and that by default pppd does not insert default ipv6 device route. And in sample option file is specified nodefaultroute6 as it is safe default to prevent ordinary non-root users to use defaultroute6 option. Is it clear now? |
pali <notifications@github.com> writes:
@doverride: Seems that in your post you are confused with nodefaultroute6 and defaultroute6. I think
it is documented in manual page cleanly. If nodefaultroute6 is specified (e.g. in config file) then
defaultroute6 option is privileged operation. So ordinary non-root users cannot use defaultroute6
option. By default both nodefaultroute6 and defaultroute6 options are disabled, meaning that
defaultroute6 is not privileged operation and that by default pppd does not insert default ipv6 device
route. And in sample option file is specified nodefaultroute6 as it is safe default to prevent
ordinary non-root users to use defaultroute6 option. Is it clear now?
Yes, Thanks.
Still wondering why all of a sudden pppd write the routing table with
latest release but that is unrelated and not important
…
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
--
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift
|
Maybe some another OpenWRT patch which can be harmful in some situation? Or does it happens also with upstream pppd without any custom patches? |
pali <notifications@github.com> writes:
Still wondering why all of a sudden pppd write the routing table with latest release
Maybe some another OpenWRT patch which can be harmful in some situation? Or does it happens also with
upstream pppd without any custom patches?
Maybe yes, they carry quite a few and they also dropped a few that were
adopted upstream. Not sure whether this also happens with vanilla
upstream, I might look into that but it does not visibly break anything.
Thanks again
…
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
--
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift
|
@hauke, please read the talk from @doverride here, it is linked to OpenWrt. |
@doverride between which version did you see the changed behavior? |
Hauke Mehrtens <notifications@github.com> writes:
@doverride between which version did you see the changed behavior?
did it change after this commit ***@***.*** or do you compare OpenWrt 19.07 with master or
something similar?
I only do master, I noticed the change with the last commit on
master: "hauke ppp: Update to version 2.4.9 5 days ago"
…
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
--
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift
|
In pppd.8 manpage move defaultroute6 option from FREQUENTLY USED OPTIONS
into OPTIONS and add a warning that this option should not be needed or
used on IPv6 networks. Option defaultroute6 is needed only for broken IPv6
networks. Also add nodefaultroute6 into sample options file.