Dennis Ferguson <dennis.c.ferguson%gmail.com@localhost> writes: > I'm not sure the first bit is right. I think TCP connections using the > LL address are okay, even when the remote address is global scope, as > long as the remote host is connected to the same wire. Since a host > can't necessarily tell whether the global addressee is on the same wire, > however, the only thing it can do is attempt to open the connection and > let the router tell it whether this is okay or not. This doesn't work > so well if the host entirely ignores the unreachables the router sends back. There's some notion, on which I am fuzzy, about doing ND for prefixes not known to be on-link. Sending a LL->global packet to a router seems odd, because unless the global is on link, it's not going to get a reply. And it seems bad to forward a packet with a LL source address in general. > I do think that if IPv6, or IPv4 for that matter, is broken for you then > a good solution is just to configure the broken protocol off, use the > one that works and just get on with it. That the IPv6 implementation > makes it hard to do this is a problem. So we probably need two sysctls to disable v4 and v6.
Attachment:
pgpAQnpG5CxFD.pgp
Description: PGP signature