[PATCH net-next] ipv6: remove old token ipv6 address as soon as possible

[PATCH net-next] ipv6: remove old token ipv6 address as soon as possible

[Hannes Frederic Sowa]

If the tokenized ip address is re-set on an interface we depend on the
arrival of a new router advertisment to call addrconf_verify to clean
up the old address (which valid_lft is now set to 0). Old addresses can
linger around for a longer time if e.g. the source of router advertisments
vanishes.

So, call addrconf_verify immediately after setting the new tokenized
address to get rid of the old tokenized addresses.

Cc: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
---
 net/ipv6/addrconf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 90788a1..ffc280f 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4363,6 +4363,7 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
 	}
 
 	write_unlock_bh(&idev->lock);
+	addrconf_verify(0);
 	return 0;
 }
 
-- 
1.8.1.4

Re: [PATCH net-next] ipv6: remove old token ipv6 address as soon as possible

[Daniel Borkmann]

On 06/24/2013 10:03 PM, Hannes Frederic Sowa wrote:
> If the tokenized ip address is re-set on an interface we depend on the
> arrival of a new router advertisment to call addrconf_verify to clean
> up the old address (which valid_lft is now set to 0). Old addresses can
> linger around for a longer time if e.g. the source of router advertisments
> vanishes.
>
> So, call addrconf_verify immediately after setting the new tokenized
> address to get rid of the old tokenized addresses.
>
> Cc: Daniel Borkmann <dborkman@redhat.com>
> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>

Agreed. This is also done when simply adding or modifying an address, so this
would be good for tokenized addresses, too. I've tested it also and it looks
good. Thanks Hannes !

Acked-by: Daniel Borkmann <dborkman@redhat.com>

Re: [PATCH net-next] ipv6: remove old token ipv6 address as soon as possible

[David Miller]

From: Hannes Frederic Sowa <hannes@stressinduktion.org>
Date: Mon, 24 Jun 2013 22:03:28 +0200

> If the tokenized ip address is re-set on an interface we depend on the
> arrival of a new router advertisment to call addrconf_verify to clean
> up the old address (which valid_lft is now set to 0). Old addresses can
> linger around for a longer time if e.g. the source of router advertisments
> vanishes.
> 
> So, call addrconf_verify immediately after setting the new tokenized
> address to get rid of the old tokenized addresses.
> 
> Cc: Daniel Borkmann <dborkman@redhat.com>
> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>

Applied.