lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 14 Jun 2011 20:41:50 +0900
From:	YOSHIFUJI Hideaki <>
To:	"Stefan (metze) Metzmacher" <>
Subject: Re: [ipv6] valid_lft and active connections


Stefan (metze) Metzmacher wrote:
> If I use ipv6 addresses with valid_lft != forever, the ipv6 addresses
> are removed from the interface if the valid_lft expires, even if there're
> established connection which use with address.
> Would it be possible keep the address until the last active connection
> is closed? Otherwise the usable of the privacy extensions will make
> very long living tcp connections impossible.

I cannot imagine why you do not hear RAs before the address expires.

And well, I don't think it is a good idea because it is not what
"valid lifetime" means.

We have 3 states:

1) time <= preferred lifetime
2) preferred lifetime < time <= valid lifetime
3) valid lifetime < lifetime

You can make new connection during the period of 1 and you can continue
using that connection during the period of 1 and 2.

Ask network administrator to advertise longer "valid" lifetime, if
needed, and you may want to make net.ipv6.conf.*.max_addresses larger.

> It would be also ok to add a new special value "used" similar to "forever",
> which triggers the modified behavior.



To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists