Fix the use os sysctls to prevent router_ads

Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>

bsp/default/root_file_system/etc/sysctl.conf

@@ -22,6 +22,8 @@ net.ipv4.conf.default.rp_filter=1
 #Do not accept source routing
 net.ipv4.conf.all.accept_source_route=0
 net.ipv4.conf.all.accept_redirects=0
+net.ipv4.conf.default.accept_source_route=0
+net.ipv4.conf.default.accept_redirects=0
 net.ipv4.icmp_echo_ignore_broadcasts=1
 net.ipv4.icmp_ignore_bogus_error_responses=1
 net.ipv4.ip_forward=0
@@ -32,27 +34,38 @@ net.bridge.bridge-nf-call-arptables=0
 net.bridge.bridge-nf-call-ip6tables=0
 net.bridge.bridge-nf-call-iptables=0
 
+net.ipv6.conf.default.accept_dad=0
+net.ipv6.conf.default.accept_ra=0
+net.ipv6.conf.default.accept_redirects=0
 net.ipv6.conf.all.accept_dad=0
 net.ipv6.conf.all.accept_ra=0
 net.ipv6.conf.all.accept_redirects=0
+
 # Number of Router Solicitations to send until assuming no routers are present.
 # This is host and not router
 net.ipv6.conf.default.router_solicitations = 0
+net.ipv6.conf.all.router_solicitations = 0
  
 # Accept Router Preference in RA?
 net.ipv6.conf.default.accept_ra_rtr_pref = 0
+net.ipv6.conf.all.accept_ra_rtr_pref = 0
  
 # Learn Prefix Information in Router Advertisement
 net.ipv6.conf.default.accept_ra_pinfo = 0
+net.ipv6.conf.all.accept_ra_pinfo = 0
  
 # Setting controls whether the system will accept Hop Limit settings from a router advertisement
 net.ipv6.conf.default.accept_ra_defrtr = 0
+net.ipv6.conf.all.accept_ra_defrtr = 0
 
 #router advertisements can cause the system to assign a global unicast address to an interface
 net.ipv6.conf.default.autoconf = 0
+net.ipv6.conf.all.autoconf = 0
 
 #how many neighbor solicitations to send out per address?
-net.ipv6.conf.default.dad_transmits = 0
+net.ipv6.conf.default.dad_transmits = 3
+net.ipv6.conf.all.dad_transmits = 3
 
 # How many global unicast IPv6 addresses can be assigned to each interface?
-net.ipv6.conf.default.max_addresses = 1
+net.ipv6.conf.default.max_addresses = 0
+net.ipv6.conf.all.max_addresses = 0

build_patches/invoke_sysctl_before_network.patch

@@ -0,0 +1,15 @@
+Index: package/netifd/files/etc/init.d/network
+===================================================================
+--- package/netifd/files/etc/init.d/network	(Revision 35298)
++++ package/netifd/files/etc/init.d/network	(Arbeitskopie)
+@@ -12,6 +12,10 @@
+ 		ulimit -c unlimited
+ 		echo '/tmp/%e.%p.%s.%t.core' > /proc/sys/kernel/core_pattern
+ 	}
++
++    # some RAs come to early otherwise:
++    [ -f /etc/sysctl.conf ] && sysctl -p -e >&-
++
+ 	service_start /sbin/netifd
+ 
+ 	setup_switch() { return 0; }

buildscript

@@ -19,6 +19,9 @@ prepare() {
     # This changes the default behavior of sysupgrade to not save the config 
     cat build_patches/sysupgrade_no_config_save.patch | patch -p0 -d $target
 
+    # This adds the sysctl load just before the network comes up
+    cat build_patches/invoke_sysctl_before_network.patch | patch -p0 -d $target
+
 	board_prepare
 }