From: Sabrina Dubroca <sd@queasysnail.net>
To: David Miller <davem@davemloft.net>
Cc: dsahern@gmail.com, netdev@vger.kernel.org
Subject: Re: [PATCH net-next] ipv6: allow userspace to add IFA_F_OPTIMISTIC addresses
Date: Mon, 26 Feb 2018 16:41:32 +0100 [thread overview]
Message-ID: <20180226154132.GA7083@bistromath.localdomain> (raw)
In-Reply-To: <20180221.153421.1122190571211818853.davem@davemloft.net>
2018-02-21, 15:34:21 -0500, David Miller wrote:
> From: Sabrina Dubroca <sd@queasysnail.net>
> Date: Tue, 20 Feb 2018 19:17:17 +0100
>
> > 2018-02-20, 10:25:41 -0700, David Ahern wrote:
> >> On 2/20/18 9:43 AM, Sabrina Dubroca wrote:
> >> > According to RFC 4429 (section 3.1), adding new IPv6 addresses as
> >> > optimistic addresses is acceptable, as long as the implementation
> >> > follows some rules:
> >> >
> >> > * Optimistic DAD SHOULD only be used when the implementation is aware
> >> > that the address is based on a most likely unique interface
> >> > identifier (such as in [RFC2464]), generated randomly [RFC3041],
> >> > or by a well-distributed hash function [RFC3972] or assigned by
> >> > Dynamic Host Configuration Protocol for IPv6 (DHCPv6) [RFC3315].
> >> > Optimistic DAD SHOULD NOT be used for manually entered
> >> > addresses.
> >>
> >> That last line suggests this patch should not be allowed.
> >
> > I think it should. Some tools perform autoconfiguration in userspace,
> > why should the kernel prevent them from requesting optimistic DAD?
> >
> > If the administrator decides to enable optimistic DAD on
> > poorly-choosen addresses, or to disable DAD entirely, that's their
> > problem.
>
> See, this is the slippery slope we go down once we have allowed
> userspace to engage in the ipv6 autoconfiguration process.
>
> Whether the kernel is in control or not, or enforcing the rules
> properly, is always going to be ambiguous and hard to determine.
>
> I somewhat regret allowing us to go down this path...
It's not just autoconf (slaac), but DHCPv6 as well. This would happen
in userspace and produce addresses expected to be unique as well.
What are you concerned about, if we let userspace set this flag?
--
Sabrina
next prev parent reply other threads:[~2018-02-26 15:41 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-20 16:43 [PATCH net-next] ipv6: allow userspace to add IFA_F_OPTIMISTIC addresses Sabrina Dubroca
2018-02-20 17:25 ` David Ahern
2018-02-20 18:17 ` Sabrina Dubroca
2018-02-21 20:34 ` David Miller
2018-02-26 15:41 ` Sabrina Dubroca [this message]
2018-02-26 15:57 ` David Miller
2018-02-26 16:56 ` Sabrina Dubroca
2018-02-26 17:11 ` David Miller
2018-02-27 14:13 ` Sabrina Dubroca
2018-02-27 15:47 ` David Miller
2018-02-27 23:22 ` Sabrina Dubroca
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180226154132.GA7083@bistromath.localdomain \
--to=sd@queasysnail.net \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).