lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 25 Mar 2008 18:16:31 +0100
From:	Chr <chunkeey@....de>
To:	YOSHIFUJI Hideaki /
	 吉藤英明 
	<yoshfuji@...ux-ipv6.org>
Cc:	hostap@...ts.shmoo.com, netdev@...r.kernel.org
Subject: Re: IPv6 unique local address flushes on up/down

On Tuesday 25 March 2008 17:20:39 YOSHIFUJI Hideaki / 吉藤英明 wrote:
> In article <200803251707.52528.chunkeey@....de> (at Tue, 25 Mar 2008 
17:07:52 +0100), Chr <chunkeey@....de> says:
> > On Tuesday 25 March 2008 16:24:28 YOSHIFUJI Hideaki / 吉藤英明 wrote:
> > > In article <200803251557.21563.chunkeey@....de> (at Tue, 25 Mar 2008
> >
> > 15:57:21 +0100), Chr <chunkeey@....de> says:
> > > > Now my question, which _one_ should we fix the applications or the
> > > > stack?! I think the network stack, but I don't know if there are RFC
> > > > about this issue... or is there already some flag/setting which I've
> > > > missed so far?
> > >
> > > Well..., in fact, this is known as an uneasy-to-fix issue.
> > > The behavior han not been changed for long time, so you definately
> > > need to have work-around for this issue, anyway.
> > >
> > > From specification point of view, we need to re-perform DAD (duplicate
> > > address detection) after down-up cycle or even link-down and up.
> > > One possible way is to add "tentative" flag for static addresses
> > > (instead of purging them) when the interface is going down and
> > > reperform DAD for all of such addresses when the interface is coming
> > > up. If the link is being down, we might want to use "Optimistic" DAD
> > > instead.
> >
> > Ah yeah, ok... I guess... alright! ...
> >
> > but another question, about this issue form the userspace side.
> >
> > Since I'm going to use the stateful DHCPv6 way... I'm wondering how I can
> > set the tentative flag from userspace?
>
> Tentative flag cannot be set from userspace.
> So, if we're going this way, we might need new flag for "admin" or
> "static" or something alike for manual / static addresses
> (including link-local addresses, probably).
>
> --yoshfuji
ok, this is a blocker... so, what about a "static flag" per interface instead 
of  per addresses (maybe add something 
like /proc/sys/net/ipv6/conf/ethX/address_flush).

So that on the first initialization of the interface (modprobe time) we create 
always generate a link-local address (like now)... But then on every down/up 
cycle we check the _new_ static flag.

if it is not set then we do the _old_ behaviour... (flushing everything)
and if it is set we just leave everything in place.... (and on "up", we just 
use the old link-local again instead of making a new one)

Will this work? or are there some pitfalls with this approach?
 
Regards,
	Christian
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ