From: Jakub Kicinski <kuba@kernel.org>
To: Alex Henrie <alexhenrie24@gmail.com>
Cc: netdev@vger.kernel.org, jbohac@suse.cz,
benoit.boissinot@ens-lyon.org, davem@davemloft.net,
hideaki.yoshifuji@miraclelinux.com, dsahern@kernel.org,
pabeni@redhat.com
Subject: Re: [PATCH v2 3/5] net: ipv6/addrconf: clamp preferred_lft to the minimum required
Date: Wed, 30 Aug 2023 18:28:52 -0700 [thread overview]
Message-ID: <20230830182852.175e0ac2@kernel.org> (raw)
In-Reply-To: <20230829054623.104293-4-alexhenrie24@gmail.com>
On Mon, 28 Aug 2023 23:44:45 -0600 Alex Henrie wrote:
> If the preferred lifetime was less than the minimum required lifetime,
> ipv6_create_tempaddr would error out without creating any new address.
> On my machine and network, this error happened immediately with the
> preferred lifetime set to 1 second, after a few minutes with the
> preferred lifetime set to 4 seconds, and not at all with the preferred
> lifetime set to 5 seconds. During my investigation, I found a Stack
> Exchange post from another person who seems to have had the same
> problem: They stopped getting new addresses if they lowered the
> preferred lifetime below 3 seconds, and they didn't really know why.
>
> The preferred lifetime is a preference, not a hard requirement. The
> kernel does not strictly forbid new connections on a deprecated address,
> nor does it guarantee that the address will be disposed of the instant
> its total valid lifetime expires. So rather than disable IPv6 privacy
> extensions altogether if the minimum required lifetime swells above the
> preferred lifetime, it is more in keeping with the user's intent to
> increase the temporary address's lifetime to the minimum necessary for
> the current network conditions.
>
> With these fixes, setting the preferred lifetime to 3 or 4 seconds "just
> works" because the extra fraction of a second is practically
> unnoticeable. It's even possible to reduce the time before deprecation
> to 1 or 2 seconds by also disabling duplicate address detection (setting
> /proc/sys/net/ipv6/conf/*/dad_transmits to 0). I realize that that is a
> pretty niche use case, but I know at least one person who would gladly
> sacrifice performance and convenience to be sure that they are getting
> the maximum possible level of privacy.
Not entirely sure what the best way to handle this is.
And whether the patch should be treated as a Fix or "general
improvement" - meaning - whether we should try to backport this :(
> Link: https://serverfault.com/a/1031168/310447
> Fixes: eac55bf97094 (IPv6: do not create temporary adresses with too short preferred lifetime, 2008-04-02)
Thanks for adding the Fixes tag - you're missing the quotes inside
the parenthesis:
Fixes: eac55bf97094 ("IPv6: do not create temporary adresses with too short preferred lifetime, 2008-04-02")
The exact format is important since people may script around it.
Since we haven't heard back from Paolo or David on v2 could you repost
with that fixed?
--
pw-bot: cr
next prev parent reply other threads:[~2023-08-31 1:28 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-21 1:11 [PATCH] ipv6/addrconf: clamp preferred_lft to the minimum instead of erroring Alex Henrie
2023-08-22 9:54 ` Paolo Abeni
2023-08-23 3:41 ` Alex Henrie
2023-08-23 3:45 ` David Ahern
2023-08-23 8:36 ` Jiri Bohac
2023-08-23 11:00 ` Paolo Abeni
2023-08-29 5:44 ` [PATCH v2 0/5] net: ipv6/addrconf: ensure that temporary addresses' preferred lifetimes are in the valid range Alex Henrie
2023-08-29 5:44 ` [PATCH v2 1/5] net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr Alex Henrie
2023-09-01 4:41 ` [PATCH v3] " Alex Henrie
2023-09-01 13:53 ` David Ahern
2023-09-04 6:21 ` patchwork-bot+netdevbpf
2023-08-29 5:44 ` [PATCH v2 2/5] net: ipv6/addrconf: clamp preferred_lft to the maximum allowed Alex Henrie
2023-08-31 8:25 ` Paolo Abeni
2023-08-29 5:44 ` [PATCH v2 3/5] net: ipv6/addrconf: clamp preferred_lft to the minimum required Alex Henrie
2023-08-31 1:28 ` Jakub Kicinski [this message]
2023-08-31 5:40 ` Alex Henrie
2023-08-29 5:44 ` [PATCH v2 4/5] Documentation: networking: explain what happens if temp_valid_lft is too small Alex Henrie
2023-08-29 5:44 ` [PATCH v2 5/5] Documentation: networking: explain what happens if temp_prefered_lft is too small or too large Alex Henrie
2023-08-31 8:33 ` Paolo Abeni
2023-10-24 19:40 ` [PATCH resend 1/4] net: ipv6/addrconf: clamp preferred_lft to the maximum allowed Alex Henrie
2023-10-24 19:40 ` [PATCH resend 2/4] net: ipv6/addrconf: clamp preferred_lft to the minimum required Alex Henrie
2023-10-24 19:40 ` [PATCH resend 3/4] Documentation: networking: explain what happens if temp_valid_lft is too small Alex Henrie
2023-10-24 19:40 ` [PATCH resend 4/4] Documentation: networking: explain what happens if temp_prefered_lft is too small or too large Alex Henrie
2023-10-24 19:48 ` [PATCH resend 1/4] net: ipv6/addrconf: clamp preferred_lft to the maximum allowed Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230830182852.175e0ac2@kernel.org \
--to=kuba@kernel.org \
--cc=alexhenrie24@gmail.com \
--cc=benoit.boissinot@ens-lyon.org \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=hideaki.yoshifuji@miraclelinux.com \
--cc=jbohac@suse.cz \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).