By paulr on May 15, 2007
An analysis of the potential misuse of IPv6 type 0 routing headers, which allow the route that network traffic takes to be influenced by its sender, has recently been published, for example here (PDF).
We thought we'd pass on some information about how this impacts Solaris.
Solaris is compliant with the IPv6 protocol definition and has support for these routing headers, however, the way these routing headers are handled is controlled by the kernel driver parameter ip6_forward_src_routed. In Solaris 9 and 10 this variable defaults to false so packets containing these headers are discarded (see bug 4408694), meaning that unmodifed Solaris 9 and 10 installations cannot be used to assist in the exploitation of these issues.
On the other hand, in Solaris 8 the default value for this variable is true, so default installations of Solaris 8 may be impacted.
To determine the value of this variable on a Solaris host, you can use a command similar to the following:
# ndd /dev/ip ip6_forward_src_routed 0
If the returned value is zero, IPv6 routing headers will be ignored.
To set the value to 0, use the following command (which is required with the default Solaris 8 configuration to avoid this issue):
# ndd -set /dev/ip ip6_forward_src_routed 0
Note that changing this value from the default is not persistent across reboots, to make it persistent the command can be placed in a script that is run at startup (for example /etc/rc2.d/S69inet on pre-S10 machines).