lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <alpine.DEB.2.00.1303182143050.2309@uplift.swm.pp.se>
Date:	Mon, 18 Mar 2013 21:49:37 +0100 (CET)
From:	Mikael Abrahamsson <swmike@....pp.se>
To:	Dan Williams <dcbw@...hat.com>
cc:	Sylvain Munaut <s.munaut@...tever-company.com>,
	Lorenzo Colitti <lorenzo@...gle.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: Who/What is supposed to remove IPv6 address from interface when
 moving from one network to another ?

On Mon, 18 Mar 2013, Dan Williams wrote:

> While I'm not an IPv6 expert I would actually expect the kernel to stop 
> using any IPv6 address or route that had expired, and that was *added 
> automatically* by the kernel as a result of a router advertisement. 
> Perhaps that's not how it actually works, but would be nice to hear from 
> some kernel IPv6 people why that's not how it works, if that's the case.

It's my experience that the kernel doesn't detect link-down events and do 
anything useful with that information. When I have asked about this, I get 
server-usage scenarios and people don't want the kernel to do anything.

In older Ubuntu, when moving between wifis with different IPv6 subnets on 
them, you after a while were sitting there with IPv6 addresses from 
several different subnets, of which just one worked. Fail. I believe 
enhancements in the connection manager fixed this, because from 12.04 or 
something, this is not a problem anymore. When eth0 or wlan0 goes down, so 
IPv6 addresses and default routes go away just like the IPv4 equivalents.

Before the IPv4 equivalents went away on link-down but IPv6 was on 
autopilot by kernel seeing RAs and they stayed there long after they 
overspent their welcome.

So, my opinion is that the connection manager needs to take care of this, 
because the kernel doesn't do it (intentionally, by design).

I'm sure the kernel will stop using addresses after they expire, but that 
doesn't happen when a link goes down.

-- 
Mikael Abrahamsson    email: swmike@....pp.se
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ