| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jun 2011 20:41:50 +0900 From: YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> To: "Stefan (metze) Metzmacher" <metze@...ba.org> Cc: netdev@...r.kernel.org, yoshfuji@...ux-ipv6.org Subject: Re: [ipv6] valid_lft and active connections Hello. Stefan (metze) Metzmacher wrote: > If I use ipv6 addresses with valid_lft != forever, the ipv6 addresses > are removed from the interface if the valid_lft expires, even if there're > established connection which use with address. > > Would it be possible keep the address until the last active connection > is closed? Otherwise the usable of the privacy extensions will make > very long living tcp connections impossible. > I cannot imagine why you do not hear RAs before the address expires. And well, I don't think it is a good idea because it is not what "valid lifetime" means. We have 3 states: 1) time <= preferred lifetime 2) preferred lifetime < time <= valid lifetime 3) valid lifetime < lifetime You can make new connection during the period of 1 and you can continue using that connection during the period of 1 and 2. Ask network administrator to advertise longer "valid" lifetime, if needed, and you may want to make net.ipv6.conf.*.max_addresses larger. > It would be also ok to add a new special value "used" similar to "forever", > which triggers the modified behavior. ??? --yoshfuji -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists