lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 15 Jun 2011 12:37:41 +0900
From:	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
To:	"Stefan (metze) Metzmacher" <metze@...ba.org>
Cc:	netdev@...r.kernel.org, yoshfuji@...ux-ipv6.org
Subject: Re: [ipv6] valid_lft and active connections

Stefan (metze) Metzmacher wrote:
> Am 14.06.2011 13:41, schrieb YOSHIFUJI Hideaki:
> > Hello.
> > 
> > Stefan (metze) Metzmacher wrote:
> >> If I use ipv6 addresses with valid_lft != forever, the ipv6 addresses
> >> are removed from the interface if the valid_lft expires, even if there're
> >> established connection which use with address.
> >>
> >> Would it be possible keep the address until the last active connection
> >> is closed? Otherwise the usable of the privacy extensions will make
> >> very long living tcp connections impossible.
> >>
> > 
> > I cannot imagine why you do not hear RAs before the address expires.
> 
> They do not reset the valid lifetime counter for temporary addresses.
> 
> And I think that valid_lft and preferred_lft should work with a manual
> configured setup in a similar way.

This is because of RFC3041 Section 3.3:

|   1) Process the Prefix Information Option as defined in [ADDRCONF],
|      either creating a public address or adjusting the lifetimes of
|      existing addresses, both public and temporary.  When adjusting the
|      lifetimes of an existing temporary address, only lower the
|      lifetimes.  Implementations must not increase the lifetimes of an
|      existing temporary address when processing a Prefix Information
|      Option.

It would be make sense to allow extending valid lifetime of non-deprecated
addresses, but not sure.

> > And well, I don't think it is a good idea because it is not what
> > "valid lifetime" means.
> > 
> > We have 3 states:
> > 
> > 1) time <= preferred lifetime
> > 2) preferred lifetime < time <= valid lifetime
> > 3) valid lifetime < lifetime
> > 
> > You can make new connection during the period of 1 and you can continue
> > using that connection during the period of 1 and 2.
> 
> But it means tcp connection can not last longer than the valid lifetime of
> a temporary address, which is very ugly as the application layer will
> run into
> timeouts instead of getting an immediate error when the kernel drops the
> related ip.
> 

Valid lifetime represents administrative "hard" lifetime.  If it 
expired, all address must be gone.

> > Ask network administrator to advertise longer "valid" lifetime, if
> > needed, and you may want to make net.ipv6.conf.*.max_addresses larger.
> 
> My aim is to have a preferred lifetime of say 4 hours, in order to have
> no limit
> on the lifetime of tcp connections, I'd have to set valid lifetime to
> forever,
> which means that I'll have about 180 addresses on an interface after
> a month (8760 after a year) which are mostly all unused.

This is how it works.

How can you determine if one address is not unused at all?
For UDP, applications only know, for example.

In fact, RFC3041 Section 3.4 says:
|   As an optional optimization, an implementation may wish to remove a
|   deprecated temporary address that is not in use by applications or
|   upper-layers.  For TCP connections, such information is available in
|   control blocks.  For UDP-based applications, it may be the case that
|   only the applications have knowledge about what addresses are
|   actually in use.  Consequently, one may need to use heuristics in
|   deciding when an address is no longer in use (e.g., the default
|   TEMP_VALID_LIFETIME suggested above).

Of course, we could have some sysctl (but default must be off
(or moderate; do it if the number addresses exceeds some limit).

> Do you know a better solution?

Ask your administrator to advertise larger valid lifetime.
Otherwise, other implementation will have similar issues, anyway.

We could have above "optimization" with sysctl.

And, please note that if you want to change address preference in 
an application, consider using IPV6_ADDR_PREFERENCES socket
option.

--yoshfuji

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ