* [PATCH] net: ipv6: Make address flushing on ifdown optional - v3
@ 2015-02-12 4:27 David Ahern
2015-02-12 16:57 ` Nicolas Dichtel
0 siblings, 1 reply; 4+ messages in thread
From: David Ahern @ 2015-02-12 4:27 UTC (permalink / raw)
To: netdev; +Cc: David Ahern, Hannes Frederic Sowa
Currently, all ipv6 addresses are flushed when the interface is configured
down, even static address:
[root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
[root@f20 ~]# ip addr show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
inet6 2000:11:1:1::1/64 scope global tentative
valid_lft forever preferred_lft forever
[root@f20 ~]# ip link set dev eth1 up
[root@f20 ~]# ip link set dev eth1 down
[root@f20 ~]# ip addr show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
Add a new sysctl to make this behavior optional. The new setting defaults to
flush all addresses to maintain backwards compatibility. When the setting is
reset static addresses are not flushed:
[root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
[root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
[root@f20 ~]# ip addr show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
inet6 2000:11:1:1::1/64 scope global tentative
valid_lft forever preferred_lft forever
[root@f20 ~]# ip link set dev eth1 up
[root@f20 ~]# ip link set dev eth1 down
[root@f20 ~]# ip addr show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
inet6 2000:11:1:1::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::4:11ff:fe22:3301/64 scope link
valid_lft forever preferred_lft forever
v3:
- fix local variable ordering and comment style per Dave's comment
- consistency in DEVCONF naming per Brian Haley's comment
- added entry to Documentation/networking/ip-sysctl.txt
v2:
- only keep static addresses as suggested by Hannes
- added new managed flag to track configured addresses
- on ifdown do not remove from configured address from inet6_addr_lst
- on ifdown reset the TENTATIVE flag and set state to DAD so that DAD is
redone when link is brought up again
Suggested-by: Hannes Frederic Sowa <hannes@redhat.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Cc: Hannes Frederic Sowa <hannes@redhat.com>
---
Documentation/networking/ip-sysctl.txt | 6 ++++
include/linux/ipv6.h | 1 +
include/net/if_inet6.h | 1 +
include/uapi/linux/ipv6.h | 1 +
net/ipv6/addrconf.c | 54 +++++++++++++++++++++++++++-------
5 files changed, 53 insertions(+), 10 deletions(-)
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 1b8c964b0d17..a9e06c6ccfa4 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1341,6 +1341,12 @@ dad_transmits - INTEGER
The amount of Duplicate Address Detection probes to send.
Default: 1
+flush_addr_on_down - BOOLEAN
+ Flush all IPv6 addresses on an interface down event. If disabled
+ static addresses are not flushed.
+
+ Default: enabled
+
forwarding - INTEGER
Configure interface-specific Host/Router behaviour.
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index 4d5169f5d7d1..92973b587be0 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -53,6 +53,7 @@ struct ipv6_devconf {
__s32 ndisc_notify;
__s32 suppress_frag_ndisc;
__s32 accept_ra_mtu;
+ __s32 flush_addr_on_down;
void *sysctl;
};
diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
index 98e5f9578f86..3b6323111f77 100644
--- a/include/net/if_inet6.h
+++ b/include/net/if_inet6.h
@@ -72,6 +72,7 @@ struct inet6_ifaddr {
int regen_count;
bool tokenized;
+ bool managed;
struct rcu_head rcu;
struct in6_addr peer_addr;
diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h
index 437a6a4b125a..9c31b90db187 100644
--- a/include/uapi/linux/ipv6.h
+++ b/include/uapi/linux/ipv6.h
@@ -170,6 +170,7 @@ enum {
DEVCONF_ACCEPT_RA_FROM_LOCAL,
DEVCONF_USE_OPTIMISTIC,
DEVCONF_ACCEPT_RA_MTU,
+ DEVCONF_FLUSH_ADDR_ON_DOWN,
DEVCONF_MAX
};
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 98e4a63d72bb..939a1b37578a 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -202,6 +202,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
.accept_dad = 1,
.suppress_frag_ndisc = 1,
.accept_ra_mtu = 1,
+ .flush_addr_on_down = 1,
};
static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
@@ -240,6 +241,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
.accept_dad = 1,
.suppress_frag_ndisc = 1,
.accept_ra_mtu = 1,
+ .flush_addr_on_down = 1,
};
/* Check if a valid qdisc is available */
@@ -870,6 +872,7 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr,
ifa->prefered_lft = prefered_lft;
ifa->cstamp = ifa->tstamp = jiffies;
ifa->tokenized = false;
+ ifa->managed = false;
ifa->rt = rt;
@@ -2525,6 +2528,8 @@ static int inet6_addr_add(struct net *net, int ifindex,
valid_lft, prefered_lft);
if (!IS_ERR(ifp)) {
+ ifp->managed = true;
+
if (!(ifa_flags & IFA_F_NOPREFIXROUTE)) {
addrconf_prefix_route(&ifp->addr, ifp->prefix_len, dev,
expires, flags);
@@ -3046,8 +3051,9 @@ static void addrconf_type_change(struct net_device *dev, unsigned long event)
static int addrconf_ifdown(struct net_device *dev, int how)
{
struct net *net = dev_net(dev);
+ struct inet6_ifaddr *ifa, *tmp;
+ struct list_head del_list;
struct inet6_dev *idev;
- struct inet6_ifaddr *ifa;
int state, i;
ASSERT_RTNL();
@@ -3082,9 +3088,12 @@ static int addrconf_ifdown(struct net_device *dev, int how)
restart:
hlist_for_each_entry_rcu(ifa, h, addr_lst) {
if (ifa->idev == idev) {
- hlist_del_init_rcu(&ifa->addr_lst);
addrconf_del_dad_work(ifa);
- goto restart;
+ if (how || idev->cnf.flush_addr_on_down ||
+ !ifa->managed) {
+ hlist_del_init_rcu(&ifa->addr_lst);
+ goto restart;
+ }
}
}
spin_unlock_bh(&addrconf_hash_lock);
@@ -3118,14 +3127,34 @@ static int addrconf_ifdown(struct net_device *dev, int how)
write_lock_bh(&idev->lock);
}
- while (!list_empty(&idev->addr_list)) {
- ifa = list_first_entry(&idev->addr_list,
+ INIT_LIST_HEAD(&del_list);
+ list_for_each_entry_safe(ifa, tmp, &idev->addr_list, if_list) {
+ /* on NETDEV_DOWN events do not flush managed (user configured)
+ * addresses unless configured to do so. If the address is not
+ * deleted reset flags and state such that DAD is re-done on a
+ * subsequent link up.
+ */
+ if (!how && !idev->cnf.flush_addr_on_down && ifa->managed) {
+ if (!(ifa->flags & IFA_F_NODAD)) {
+ ifa->flags |= IFA_F_TENTATIVE;
+ ifa->state = INET6_IFADDR_STATE_DAD;
+ }
+ } else {
+ list_del(&ifa->if_list);
+ list_add(&ifa->if_list, &del_list);
+ }
+ }
+
+ write_unlock_bh(&idev->lock);
+
+ while (!list_empty(&del_list)) {
+ ifa = list_first_entry(&del_list,
struct inet6_ifaddr, if_list);
+
addrconf_del_dad_work(ifa);
list_del(&ifa->if_list);
- write_unlock_bh(&idev->lock);
spin_lock_bh(&ifa->state_lock);
state = ifa->state;
@@ -3137,12 +3166,8 @@ static int addrconf_ifdown(struct net_device *dev, int how)
inet6addr_notifier_call_chain(NETDEV_DOWN, ifa);
}
in6_ifa_put(ifa);
-
- write_lock_bh(&idev->lock);
}
- write_unlock_bh(&idev->lock);
-
/* Step 5: Discard anycast and multicast list */
if (how) {
ipv6_ac_destroy_dev(idev);
@@ -4398,6 +4423,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
array[DEVCONF_SUPPRESS_FRAG_NDISC] = cnf->suppress_frag_ndisc;
array[DEVCONF_ACCEPT_RA_FROM_LOCAL] = cnf->accept_ra_from_local;
array[DEVCONF_ACCEPT_RA_MTU] = cnf->accept_ra_mtu;
+ array[DEVCONF_FLUSH_ADDR_ON_DOWN] = cnf->flush_addr_on_down;
}
static inline size_t inet6_ifla6_size(void)
@@ -5300,6 +5326,14 @@ static struct addrconf_sysctl_table
.proc_handler = proc_dointvec,
},
{
+ .procname = "flush_addr_on_down",
+ .data = &ipv6_devconf.flush_addr_on_down,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+
+ },
+ {
/* sentinel */
}
},
--
1.9.3 (Apple Git-50)
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] net: ipv6: Make address flushing on ifdown optional - v3
2015-02-12 4:27 [PATCH] net: ipv6: Make address flushing on ifdown optional - v3 David Ahern
@ 2015-02-12 16:57 ` Nicolas Dichtel
2015-02-13 3:47 ` David Ahern
0 siblings, 1 reply; 4+ messages in thread
From: Nicolas Dichtel @ 2015-02-12 16:57 UTC (permalink / raw)
To: David Ahern, netdev; +Cc: Hannes Frederic Sowa
Le 12/02/2015 05:27, David Ahern a écrit :
> Currently, all ipv6 addresses are flushed when the interface is configured
> down, even static address:
>
[snip]
>
> [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> inet6 2000:11:1:1::1/64 scope global tentative
> valid_lft forever preferred_lft forever
> [root@f20 ~]# ip link set dev eth1 up
> [root@f20 ~]# ip link set dev eth1 down
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> inet6 2000:11:1:1::1/64 scope global
> valid_lft forever preferred_lft forever
> inet6 fe80::4:11ff:fe22:3301/64 scope link
> valid_lft forever preferred_lft forever
Can you show an output of 'ip -6 route list table local' and 'ip -6 route' ?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] net: ipv6: Make address flushing on ifdown optional - v3
2015-02-12 16:57 ` Nicolas Dichtel
@ 2015-02-13 3:47 ` David Ahern
2015-02-14 16:49 ` Nicolas Dichtel
0 siblings, 1 reply; 4+ messages in thread
From: David Ahern @ 2015-02-13 3:47 UTC (permalink / raw)
To: nicolas.dichtel, netdev; +Cc: Hannes Frederic Sowa
On 2/12/15 9:57 AM, Nicolas Dichtel wrote:
> Le 12/02/2015 05:27, David Ahern a écrit :
>> Currently, all ipv6 addresses are flushed when the interface is
>> configured
>> down, even static address:
>>
> [snip]
>>
>> [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
>> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
>> [root@f20 ~]# ip addr show dev eth1
>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN
>> group default qlen 1000
>> link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>> inet6 2000:11:1:1::1/64 scope global tentative
>> valid_lft forever preferred_lft forever
>> [root@f20 ~]# ip link set dev eth1 up
>> [root@f20 ~]# ip link set dev eth1 down
>> [root@f20 ~]# ip addr show dev eth1
>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN
>> group default qlen 1000
>> link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>> inet6 2000:11:1:1::1/64 scope global
>> valid_lft forever preferred_lft forever
>> inet6 fe80::4:11ff:fe22:3301/64 scope link
>> valid_lft forever preferred_lft forever
> Can you show an output of 'ip -6 route list table local' and 'ip -6
> route' ?
hmmmm.... interesting. once again ipv6 behavior is radically different
from ipv4.
This is *after* a configure, up, down cycle:
[root@f21 ~]# ip -6 route list table local
local ::1 dev lo proto none metric 0
local 2000:11:1:1::1 dev lo proto none metric 0
local fe80::11:22ff:fe33:4402 dev lo proto none metric 0
ff00::/8 dev eth0 metric 256
[root@f21 ~]# ip -6 route ls
unreachable ::/96 dev lo metric 1024 error -101
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
unreachable 2002:a00::/24 dev lo metric 1024 error -101
unreachable 2002:7f00::/24 dev lo metric 1024 error -101
unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
unreachable 2002:ac10::/28 dev lo metric 1024 error -101
unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
unreachable 2002:e000::/19 dev lo metric 1024 error -101
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
fe80::/64 dev eth0 proto kernel metric 256
(the ipv6 addresses on lo show up on stock 3.18.3-201.fc21.x86_64; no
idea why)
But on a subsequent ifconfig up the route is not inserted:
[root@f21 ~]# ifconfig eth1 up
[root@f21 ~]# ip -6 route ls
unreachable ::/96 dev lo metric 1024 error -101
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
unreachable 2002:a00::/24 dev lo metric 1024 error -101
unreachable 2002:7f00::/24 dev lo metric 1024 error -101
unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
unreachable 2002:ac10::/28 dev lo metric 1024 error -101
unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
unreachable 2002:e000::/19 dev lo metric 1024 error -101
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev eth1 proto kernel metric 256
So I need to look into why.
This is what happens on that stock kernel:
[root@f21 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
[root@f21 ~]# ifconfig eth1
eth1: flags=4098<BROADCAST,MULTICAST> mtu 1500
inet6 2000:11:1:1::1 prefixlen 64 scopeid 0x0<global>
ether 02:01:02:03:04:02 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Interface in down state and address configured.
[root@f21 ~]# ip -6 route list table local
local ::1 dev lo proto none metric 0
local fe80::11:22ff:fe33:4402 dev lo proto none metric 0
ff00::/8 dev eth0 metric 256
ff00::/8 dev eth1 metric 256
[root@f21 ~]# ip -6 route ls
unreachable ::/96 dev lo metric 1024 error -101
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
2000:11:1:1::/64 dev eth1 proto kernel metric 256
unreachable 2002:a00::/24 dev lo metric 1024 error -101
unreachable 2002:7f00::/24 dev lo metric 1024 error -101
unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
unreachable 2002:ac10::/28 dev lo metric 1024 error -101
unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
unreachable 2002:e000::/19 dev lo metric 1024 error -101
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
fe80::/64 dev eth0 proto kernel metric 256
And there is an entry in the FIB which just seems wrong. It's cleaned
out on an up/down cycle.
David
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] net: ipv6: Make address flushing on ifdown optional - v3
2015-02-13 3:47 ` David Ahern
@ 2015-02-14 16:49 ` Nicolas Dichtel
0 siblings, 0 replies; 4+ messages in thread
From: Nicolas Dichtel @ 2015-02-14 16:49 UTC (permalink / raw)
To: David Ahern, netdev; +Cc: Hannes Frederic Sowa, Stephen Hemminger
Le 13/02/2015 04:47, David Ahern a écrit :
> On 2/12/15 9:57 AM, Nicolas Dichtel wrote:
>> Le 12/02/2015 05:27, David Ahern a écrit :
>>> Currently, all ipv6 addresses are flushed when the interface is
>>> configured
>>> down, even static address:
>>>
>> [snip]
>>>
>>> [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
>>> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
>>> [root@f20 ~]# ip addr show dev eth1
>>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN
>>> group default qlen 1000
>>> link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>>> inet6 2000:11:1:1::1/64 scope global tentative
>>> valid_lft forever preferred_lft forever
>>> [root@f20 ~]# ip link set dev eth1 up
>>> [root@f20 ~]# ip link set dev eth1 down
>>> [root@f20 ~]# ip addr show dev eth1
>>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN
>>> group default qlen 1000
>>> link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>>> inet6 2000:11:1:1::1/64 scope global
>>> valid_lft forever preferred_lft forever
>>> inet6 fe80::4:11ff:fe22:3301/64 scope link
>>> valid_lft forever preferred_lft forever
>> Can you show an output of 'ip -6 route list table local' and 'ip -6
>> route' ?
>
> hmmmm.... interesting. once again ipv6 behavior is radically different from ipv4.
>
> This is *after* a configure, up, down cycle:
>
> [root@f21 ~]# ip -6 route list table local
> local ::1 dev lo proto none metric 0
> local 2000:11:1:1::1 dev lo proto none metric 0
> local fe80::11:22ff:fe33:4402 dev lo proto none metric 0
> ff00::/8 dev eth0 metric 256
We also need to check netlink notifications. When you set an interface down, the
kernel doesn't send rtnl notifications for IPv6 routes. Daemons have to take
care of the ifdow notification.
If your patch is going to keep some routes after an ifdown, we need to have a
way in userland to know this.
Advertising the new sysctl (flush_addr_on_down) entry via netconf may be a
solution (Stephen already talks about this feature).
>
> [root@f21 ~]# ip -6 route ls
> unreachable ::/96 dev lo metric 1024 error -101
> unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
> unreachable 2002:a00::/24 dev lo metric 1024 error -101
> unreachable 2002:7f00::/24 dev lo metric 1024 error -101
> unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
> unreachable 2002:ac10::/28 dev lo metric 1024 error -101
> unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
> unreachable 2002:e000::/19 dev lo metric 1024 error -101
> unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
> fe80::/64 dev eth0 proto kernel metric 256
>
> (the ipv6 addresses on lo show up on stock 3.18.3-201.fc21.x86_64; no idea why)
>
> But on a subsequent ifconfig up the route is not inserted:
>
> [root@f21 ~]# ifconfig eth1 up
>
> [root@f21 ~]# ip -6 route ls
> unreachable ::/96 dev lo metric 1024 error -101
> unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
> unreachable 2002:a00::/24 dev lo metric 1024 error -101
> unreachable 2002:7f00::/24 dev lo metric 1024 error -101
> unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
> unreachable 2002:ac10::/28 dev lo metric 1024 error -101
> unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
> unreachable 2002:e000::/19 dev lo metric 1024 error -101
> unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
> fe80::/64 dev eth0 proto kernel metric 256
> fe80::/64 dev eth1 proto kernel metric 256
>
> So I need to look into why.
Yes. The patch will probably have to play with this connected route.
Regards,
Nicolas
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-02-14 16:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-12 4:27 [PATCH] net: ipv6: Make address flushing on ifdown optional - v3 David Ahern
2015-02-12 16:57 ` Nicolas Dichtel
2015-02-13 3:47 ` David Ahern
2015-02-14 16:49 ` Nicolas Dichtel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).