Re: [patch iproute2 v2 0/2] add support for IFA_F_MANAGETEMPADDR

[Thomas Haller <thaller@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 1554 bytes --]

Hi,

On Sat, 2014-01-04 at 12:15 +0100, Hannes Frederic Sowa wrote:
> On Sat, Jan 04, 2014 at 12:05:57PM +0100, Jiri Pirko wrote:
> > Sure. NM should set use_tempaddr accordingly. You are right that kernel
> > generate temporary adresses, but only for the prefixes received via
> > neighbor discovery (see addrconf_prefix_rcv). The ones that are set by
> > hand are not handled. That is the reason we introduced IFA_F_MANAGETEMPADDR.
> 
> Ah, sorry. So NM sets use_tempaddr == 2 but disables accept_ra? That's fine,
> sorry to bother!

yes, that is the plan. use_tempaddr is to configure the preference for
address selection, and without accept_ra, the kernel will not add
autoconf addresses himself -- only NM adds them with
IFA_F_MANAGETEMPADDR. I think this will work out fine.

> 
> > >So currently privacy addresses are correctly installed, but we cannot control
> > >if we want prefer them to global addresses for outgoing connections where the
> > >socket is not bound to a specific address.
> > >
> > >Also, I saw that NetworkManager switched to install autoconf addresses
> > >as /128, doesn't this break with IFA_F_MANAGETEMPADDR, as you expect a /64
> > >prefixlen?
> > 
> > /64 is required
> 
> Ok, currently NM seems to "violate" that as it installs autoconf addresses
> with 128 prefixlen, so IFA_F_MANAGETEMPADDR should not work on them.
> (currently observed on Fedora 20).

True, I noticed that too. I think that is a bug in NM to add the
addresses as /128. Probably, we will fix that soon.


Thomas

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 819 bytes --]