Bug 245103

Summary: IPv6: update v6 temporary address lifetime according to rfc4941bis
Product: Base System Reporter: Loganaden Velvindron <logan>
Component: standardsAssignee: freebsd-net (Nobody) <net>
Status: Open ---    
Severity: Affects Many People CC: bz, harrison.grundy, hrs, pi, standards, zarychtam, zlei
Priority: --- Keywords: ipv6, needs-qa, standards
Version: CURRENT   
Hardware: Any   
OS: Any   
URL: https://github.com/freebsd/freebsd-src/blob/main/sys/netinet6/nd6.h
Attachments:
Description Flags
[PATCH] Update v6 temp addresses lifetime according to https://tools.ietf.org/html/draft-ietf-6man-rfc4941bis-07
none
patch from the mailing list rebased on 15-CURRENT none

Description Loganaden Velvindron 2020-03-27 15:49:38 UTC 
Created attachment 212757 [details]
[PATCH]  Update v6 temp addresses lifetime according to https://tools.ietf.org/html/draft-ietf-6man-rfc4941bis-07
Comment 1 Loganaden Velvindron 2020-03-27 16:11:19 UTC 
Please see: https://tools.ietf.org/html/draft-ietf-6man-rfc4941bis-07.
Comment 2 Bjoern A. Zeeb freebsd_committer freebsd_triage 2020-03-28 17:46:31 UTC 
Wait and see what 6man will do on Monday during the virtual meeting.
Comment 3 Loganaden Velvindron 2020-03-31 17:09:42 UTC 
No objection to go forward during the interim meeting.
Comment 4 Bjoern A. Zeeb freebsd_committer freebsd_triage 2020-09-08 14:46:39 UTC 
If this hasn't happened, can someone please update this?  I have to punt on this.
Comment 6 Graham Perrin 2023-09-24 07:59:47 UTC 
(In reply to Kurt Jaeger from comment #5)

>> P.S.: The patch is also available here: 
>> <https://www.gont.com.ar/code/fgont-patch-freebsd-rfc4941bis.txt>

No longer there, but captured in the Wayback Machine: 

<https://web.archive.org/web/20220330043754/https://www.gont.com.ar/code/fgont-patch-freebsd-rfc4941bis.txt>

(In reply to Loganaden Velvindron from comment #3)
(In reply to Bjoern A. Zeeb from comment #4)

If a patch from any source can be simple and non-contentious, consider making a pull request. 

<https://github.com/freebsd/freebsd-src/blob/main/CONTRIBUTING.md>
Comment 7 Zhenlei Huang freebsd_committer freebsd_triage 2023-09-24 14:38:09 UTC 
RFC 4941 section 5 states:
> Constants defined in this document include:
>
>   TEMP_VALID_LIFETIME -- Default value: 1 week.  Users should be able
>   to override the default value.

Currently it is a compile constant. We may want a SYSCTL tunable to override it.

So, once that is done, is this patch still needed ?
Comment 8 Zhenlei Huang freebsd_committer freebsd_triage 2023-09-24 14:43:26 UTC 
(In reply to Zhenlei Huang from comment #7)
> Currently it is a compile constant. We may want a SYSCTL tunable to override it.

> So, once that is done, is this patch still needed ?

Oops, I replied too fast. 

Yes, still needed.

RFC 8981 obsoletes RFC 4941 and states:
> TEMP_VALID_LIFETIME
> Default value: 2 days. Users should be able to override the default value.
Comment 9 Zhenlei Huang freebsd_committer freebsd_triage 2023-09-24 14:45:07 UTC 
RFC 8981 was draft-ietf-6man-rfc4941bis ;)
Comment 10 Loganaden Velvindron 2023-09-25 07:17:43 UTC 
Do you want me to make a pull request against github ?
Comment 11 Marek Zarychta 2023-09-25 08:12:12 UTC 
(In reply to Zhenlei Huang from comment #9)
Yes, and we have the patch[1] from one of the authors of the RFC 8981. The patch[1] 
- reduces the Valid Lifetime from 1 week to 2 days,
- limits the number of concurrent temporary addresses per prefix to 2,
- deprecates the use of MD5 as the algorithm for computing the temporary IIDs,
- introduces using different interface-ids for each temporary address.

RFC 8981 also "Removes the recommendation that temporary addresses be disabled by default. This is in line with BCP 188 ([RFC7258]) and also with BCP 204 ([RFC7934]).", so perhaps also "net.inet6.ip6.use_tempaddr" should be bumped to "1"" Leaving "net.inet6.ip6.prefer_tempaddr" at "0" (as is) should not introduce any breakage. 

Perhaps Fernando's patch could be put on the review on Phabricator and proceeded further?

[1] https://lists.freebsd.org/pipermail/freebsd-net/2020-April/055689.html
Comment 12 Zhenlei Huang freebsd_committer freebsd_triage 2023-09-25 08:29:57 UTC 
(In reply to Loganaden Velvindron from comment #10)

There're other changes since draft-ietf-6man-rfc4941bis-07, see the diff [1].

A quick look at it, the constant `MAX_DESYNC_FACTOR` is also changed. It is `0.4 * TEMP_PREFERRED_LIFETIME` and was `10 minutes`.

The computing of `DESYNC_FACTOR` also changed.

I think we should take all the changes into account.


1. https://author-tools.ietf.org/iddiff?url1=draft-ietf-6man-rfc4941bis-07&url2=rfc8981&difftype=--html

(In reply to Marek Zarychta from comment #11)

> Perhaps Fernando's patch could be put on the review on Phabricator and proceeded further?

> [1] https://lists.freebsd.org/pipermail/freebsd-net/2020-April/055689.html

Sound good. Phabricator is a better place for the review ;)

As this is a behavior change, it can not catch up with 14.0 . And it should be completed (at best effort) before it goes into current/15.

I can put it into my working queue ;)
Comment 13 Marek Zarychta 2023-09-25 22:04:59 UTC 
Created attachment 245238 [details]
patch from the mailing list rebased on 15-CURRENT

I have given a try to Fernando's patch. It seems to work, but simplification of the logic makes all deprecated temporary addresses purged at once when "net.inet6.ip6.tempvltime" expires which is IMHO unacceptable.

For people willing to test it, I attach an almost original patch rebased on the recent 15-CURRENT.
Comment 14 Marek Zarychta 2023-09-26 13:04:01 UTC 
After testing Fernando's patch a little more, I can confirm it works OK. With the settings:
net.inet6.ip6.tempvltime=6000
net.inet6.ip6.temppltime=3000
there is always one deprecated temporary address, and address regeneration, deprecation and removal are working fine, as far as I could test.

Previous errors which were reported in comment #13 were due to setting too short and the same timers for vltime and pltime