On 07/07/17 03:19, Samuel Thibault wrote:
Hello,
Nice progress :)
Joan Lledó, on dim. 02 juil. 2017 10:29:33 +0200, wrote:
the stack offers the option of
using DAD[2] to check if the address is already in use. This isn't
likely to happen, since the interface identifier is based on the link
address, which should be unique, but I left it enabled just in case.
Yes. It does happen sometimes (particularly with VMs) that there are
duplicates. DAD can also be useful when configuring IPv6 by hand.
Also in the case where there are non-coordinated DHCPv6 servers offering
potentially overlapping prefix(s).
DHCP collision is a fairly easy attack vector in IP (v4 and v6), so a
mechanism other than implicitly trusting the DHCP server(s) is useful to
get out of trouble.
AYJ
