lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Jan 2015 13:22:17 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: Stephen Hemminger <stephen@...workplumber.org> Cc: David Ahern <dsahern@...il.com>, netdev@...r.kernel.org Subject: Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional On Do, 2015-01-22 at 22:40 -0800, Stephen Hemminger wrote: > On Wed, 14 Jan 2015 12:17:19 -0700 > David Ahern <dsahern@...il.com> wrote: > > > Currently, ipv6 addresses are flushed when the interface is configured down: > > > > [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64 > > [root@f20 ~]# ip addr show dev eth1 > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 > > link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff > > inet6 2000:11:1:1::1/64 scope global tentative > > valid_lft forever preferred_lft forever > > [root@f20 ~]# ip link set dev eth1 up > > [root@f20 ~]# ip link set dev eth1 down > > [root@f20 ~]# ip addr show dev eth1 > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 > > link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff > > > > Add a new sysctl to make this behavior optional. Setting defaults to flush > > addresses to maintain backwards compatibility. When reset flushing is bypassed: > > > > [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down > > [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64 > > [root@f20 ~]# ip addr show dev eth1 > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 > > link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff > > inet6 2000:11:1:1::1/64 scope global tentative > > valid_lft forever preferred_lft forever > > [root@f20 ~]# ip link set dev eth1 up > > [root@f20 ~]# ip link set dev eth1 down > > [root@f20 ~]# ip addr show dev eth1 > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 > > link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff > > inet6 2000:11:1:1::1/64 scope global > > valid_lft forever preferred_lft forever > > inet6 fe80::4:11ff:fe22:3301/64 scope link > > valid_lft forever preferred_lft forever > > > > Suggested-by: Hannes Frederic Sowa <hannes@...hat.com> > > Signed-off-by: David Ahern <dsahern@...il.com> > > Cc: Hannes Frederic Sowa <hannes@...hat.com> > > Would this break existing application expecting a particular semantic > by listening to netlink? What happens to packets received with the static > address when interface is down? With IPv4 Linux is mostly a weak host > model, and IPv6 somewhere in between. IPv6 is mostly a weak end model, too, but IFA_LINK addresses are used much more. So yes, it is somewhere in between. Addresses bound to interfaces which are currently down will work with IPv6 (in contrast to IPv4). > For vendors that control the application stack or have limited number > of services this would work fine, but what about RHEL? The new model is only enabled if the sysctl is set. I don't expect a lot of vendors or distributions switching anytime soon. I wonder if we should try to come up with a way of IPV6_NEW_WORLD_ORDER we can make some changes to the stack which align much better with the RFCs, e.g. no default link local address generation, no default on-link routes etc. Bye, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists