Description:

I'm concerned about the handling of "IP6=no" in netctl. A quick perusal of the code suggests that this is setting:

sysctl -q -w net.ipv6.conf.<interface>.accept_ra=0

which is in line with the documentation that it blocks router advertisements. The problem is that it does this really late in the process - after the interface is up and after ipv4 DHCP (if this is requested). This gives plenty of time for router advertisements to be accepted before they are blocked. As a result, on my home network (which is IPv4/6 dual stack), "IP6=no" results in a fully configured IPv6 address just as with "IP6=stateless".

This is concerning as there is a real risk of malicious router advertisments on public IPv4-only wireless hotspots, and "IP6=no" does not prevent this at present. As a side point, I wonder whether it might be better to make a (correctly functioning) "IP6=no" be the default for the same reason.

Notice that I think that the reverse problem also occurs. If router adverisements are not accepted by default, then they are are only turned on by "IP6 = stateless" late in the process - after router adverisments have already been offered. This delays the aquisition of a global IPv6 prefix.

Thanks very much for your work on netctl - it seems like a great tool.

Additional info:
I have been using netctl 1.1

Steps to reproduce:

1. Create a netctl wireless profile file to connect to an IPv4/6 dual stack network on which radvd or a similar router advertising daemon is running and offering a global ipv6 prefix. Specifiy "IP6=no" and "IP4=dhcp".

2. Enable router advertisment acceptance with:

sysctl -q -w net.ipv6.conf.<interface>.accept_ra=1

replacing <interface> with the relevant wireless interface specified in the profile file.

3. Start the profile with
netctl start <profile>

4. Run ifconfig. Note that the interface is probably configured with the global ipv6 prefix from the router advertising daemon.