Summary: | IPv6: update v6 temporary address lifetime according to rfc4941bis | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Loganaden Velvindron <logan> | ||||||
Component: | standards | Assignee: | freebsd-net (Nobody) <net> | ||||||
Status: | Open --- | ||||||||
Severity: | Affects Many People | CC: | bz, harrison.grundy, hrs, pi, standards, zarychtam, zlei | ||||||
Priority: | --- | Keywords: | ipv6, needs-qa, standards | ||||||
Version: | CURRENT | ||||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
URL: | https://github.com/freebsd/freebsd-src/blob/main/sys/netinet6/nd6.h | ||||||||
Attachments: |
|
Description
Loganaden Velvindron
2020-03-27 15:49:38 UTC
Wait and see what 6man will do on Monday during the virtual meeting. No objection to go forward during the interim meeting. If this hasn't happened, can someone please update this? I have to punt on this. (In reply to Kurt Jaeger from comment #5) >> P.S.: The patch is also available here: >> <https://www.gont.com.ar/code/fgont-patch-freebsd-rfc4941bis.txt> No longer there, but captured in the Wayback Machine: <https://web.archive.org/web/20220330043754/https://www.gont.com.ar/code/fgont-patch-freebsd-rfc4941bis.txt> (In reply to Loganaden Velvindron from comment #3) (In reply to Bjoern A. Zeeb from comment #4) If a patch from any source can be simple and non-contentious, consider making a pull request. <https://github.com/freebsd/freebsd-src/blob/main/CONTRIBUTING.md> RFC 4941 section 5 states: > Constants defined in this document include: > > TEMP_VALID_LIFETIME -- Default value: 1 week. Users should be able > to override the default value. Currently it is a compile constant. We may want a SYSCTL tunable to override it. So, once that is done, is this patch still needed ? (In reply to Zhenlei Huang from comment #7) > Currently it is a compile constant. We may want a SYSCTL tunable to override it. > So, once that is done, is this patch still needed ? Oops, I replied too fast. Yes, still needed. RFC 8981 obsoletes RFC 4941 and states: > TEMP_VALID_LIFETIME > Default value: 2 days. Users should be able to override the default value. RFC 8981 was draft-ietf-6man-rfc4941bis ;) Do you want me to make a pull request against github ? (In reply to Zhenlei Huang from comment #9) Yes, and we have the patch[1] from one of the authors of the RFC 8981. The patch[1] - reduces the Valid Lifetime from 1 week to 2 days, - limits the number of concurrent temporary addresses per prefix to 2, - deprecates the use of MD5 as the algorithm for computing the temporary IIDs, - introduces using different interface-ids for each temporary address. RFC 8981 also "Removes the recommendation that temporary addresses be disabled by default. This is in line with BCP 188 ([RFC7258]) and also with BCP 204 ([RFC7934]).", so perhaps also "net.inet6.ip6.use_tempaddr" should be bumped to "1"" Leaving "net.inet6.ip6.prefer_tempaddr" at "0" (as is) should not introduce any breakage. Perhaps Fernando's patch could be put on the review on Phabricator and proceeded further? [1] https://lists.freebsd.org/pipermail/freebsd-net/2020-April/055689.html (In reply to Loganaden Velvindron from comment #10) There're other changes since draft-ietf-6man-rfc4941bis-07, see the diff [1]. A quick look at it, the constant `MAX_DESYNC_FACTOR` is also changed. It is `0.4 * TEMP_PREFERRED_LIFETIME` and was `10 minutes`. The computing of `DESYNC_FACTOR` also changed. I think we should take all the changes into account. 1. https://author-tools.ietf.org/iddiff?url1=draft-ietf-6man-rfc4941bis-07&url2=rfc8981&difftype=--html (In reply to Marek Zarychta from comment #11) > Perhaps Fernando's patch could be put on the review on Phabricator and proceeded further? > [1] https://lists.freebsd.org/pipermail/freebsd-net/2020-April/055689.html Sound good. Phabricator is a better place for the review ;) As this is a behavior change, it can not catch up with 14.0 . And it should be completed (at best effort) before it goes into current/15. I can put it into my working queue ;) Created attachment 245238 [details]
patch from the mailing list rebased on 15-CURRENT
I have given a try to Fernando's patch. It seems to work, but simplification of the logic makes all deprecated temporary addresses purged at once when "net.inet6.ip6.tempvltime" expires which is IMHO unacceptable.
For people willing to test it, I attach an almost original patch rebased on the recent 15-CURRENT.
After testing Fernando's patch a little more, I can confirm it works OK. With the settings: net.inet6.ip6.tempvltime=6000 net.inet6.ip6.temppltime=3000 there is always one deprecated temporary address, and address regeneration, deprecation and removal are working fine, as far as I could test. Previous errors which were reported in comment #13 were due to setting too short and the same timers for vltime and pltime |