[PATCH] IPV6: added sysctl for maximum number of addresses

[PATCH] IPV6: added sysctl for maximum number of addresses

[YOSHIFUJI Hideaki / 吉藤英明]

Hello.

In some configuration, we need addresses more than 16 addresses per interface.
This pach adds new sysctl for configuring the maximum number of addresses 
per interface.

Thanks in advance.

===== Documentation/networking/ip-sysctl.txt 1.18 vs edited =====
--- 1.18/Documentation/networking/ip-sysctl.txt	Thu Dec 25 12:32:23 2003
+++ edited/Documentation/networking/ip-sysctl.txt	Thu Jan 15 21:25:49 2004
@@ -667,6 +667,13 @@
 	valid temporary addresses.
 	Default: 5
 
+max_addresses - INTEGER
+	Number of maximum addresses per interface.  0 disables limitation.
+	It is recommended not set too large value (or 0) because it would 
+	be too easy way to crash kernel to allow to create too much of 
+	autoconfigured addresses.
+	Default: 16
+
 icmp/*:
 ratelimit - INTEGER
 	Limit the maximal rates for sending ICMPv6 packets.
===== include/linux/ipv6.h 1.15 vs edited =====
--- 1.15/include/linux/ipv6.h	Fri Jan  2 05:28:33 2004
+++ edited/include/linux/ipv6.h	Thu Jan 15 21:17:23 2004
@@ -143,6 +143,7 @@
 	__s32		regen_max_retry;
 	__s32		max_desync_factor;
 #endif
+	__s32		max_addresses;
 	void		*sysctl;
 };
 
@@ -165,6 +166,7 @@
 	DEVCONF_REGEN_MAX_RETRY,
 	DEVCONF_MAX_DESYNC_FACTOR,
 #endif
+	DEVCONF_MAX_ADDRESSES,
 	DEVCONF_MAX
 };
 
===== include/linux/sysctl.h 1.54 vs edited =====
--- 1.54/include/linux/sysctl.h	Thu Dec 25 12:32:23 2003
+++ edited/include/linux/sysctl.h	Thu Jan 15 21:03:14 2004
@@ -418,7 +418,8 @@
 	NET_IPV6_TEMP_VALID_LFT=12,
 	NET_IPV6_TEMP_PREFERED_LFT=13,
 	NET_IPV6_REGEN_MAX_RETRY=14,
-	NET_IPV6_MAX_DESYNC_FACTOR=15
+	NET_IPV6_MAX_DESYNC_FACTOR=15,
+	NET_IPV6_MAX_ADDRESSES=16
 };
 
 /* /proc/sys/net/ipv6/icmp */
===== include/net/addrconf.h 1.11 vs edited =====
--- 1.11/include/net/addrconf.h	Sun Jul  6 02:36:23 2003
+++ edited/include/net/addrconf.h	Thu Jan 15 21:05:01 2004
@@ -15,6 +15,8 @@
 
 #define ADDR_CHECK_FREQUENCY		(120*HZ)
 
+#define IPV6_MAX_ADDRESSES		16
+
 struct prefix_info {
 	__u8			type;
 	__u8			length;
===== net/ipv6/addrconf.c 1.79 vs edited =====
--- 1.79/net/ipv6/addrconf.c	Thu Jan  8 05:17:40 2004
+++ edited/net/ipv6/addrconf.c	Thu Jan 15 21:09:43 2004
@@ -81,8 +81,6 @@
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
 
-#define IPV6_MAX_ADDRESSES 16
-
 /* Set to 3 to get tracing... */
 #define ACONF_DEBUG 2
 
@@ -160,6 +158,7 @@
 	.regen_max_retry	= REGEN_MAX_RETRY,
 	.max_desync_factor	= MAX_DESYNC_FACTOR,
 #endif
+	.max_addresses		= IPV6_MAX_ADDRESSES,
 };
 
 static struct ipv6_devconf ipv6_devconf_dflt = {
@@ -180,6 +179,7 @@
 	.regen_max_retry	= REGEN_MAX_RETRY,
 	.max_desync_factor	= MAX_DESYNC_FACTOR,
 #endif
+	.max_addresses		= IPV6_MAX_ADDRESSES,
 };
 
 /* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
@@ -630,6 +630,7 @@
 	unsigned long tmp_prefered_lft, tmp_valid_lft;
 	int tmp_plen;
 	int ret = 0;
+	int max_addresses;
 
 	if (ift) {
 		spin_lock_bh(&ift->lock);
@@ -685,9 +686,11 @@
 				 ifp->prefered_lft, 
 				 idev->cnf.temp_prefered_lft - desync_factor / HZ);
 	tmp_plen = ifp->prefix_len;
+	max_addresses = idev->cnf.max_addresses;
 	write_unlock(&idev->lock);
 	spin_unlock_bh(&ifp->lock);
-	ift = ipv6_count_addresses(idev) < IPV6_MAX_ADDRESSES ?
+	ift = !max_addresses ||
+	      ipv6_count_addresses(idev) < max_addresses ? 
 		ipv6_add_addr(idev, &addr, tmp_plen,
 			      ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, IFA_F_TEMPORARY) : 0;
 	if (!ift || IS_ERR(ift)) {
@@ -1390,10 +1393,13 @@
 		ifp = ipv6_get_ifaddr(&addr, dev);
 
 		if (ifp == NULL && valid_lft) {
+			int max_addresses = in6_dev->cnf.max_addresses;
+
 			/* Do not allow to create too much of autoconfigured
 			 * addresses; this would be too easy way to crash kernel.
 			 */
-			if (ipv6_count_addresses(in6_dev) < IPV6_MAX_ADDRESSES)
+			if (!max_addresses ||
+			    ipv6_count_addresses(in6_dev) < max_addresses)
 				ifp = ipv6_add_addr(in6_dev, &addr, pinfo->prefix_len,
 						    addr_type&IPV6_ADDR_SCOPE_MASK, 0);
 
@@ -2722,6 +2728,7 @@
 	array[DEVCONF_REGEN_MAX_RETRY] = cnf->regen_max_retry;
 	array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor;
 #endif
+	array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses;
 }
 
 static int inet6_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
@@ -3050,6 +3057,14 @@
 	 		.proc_handler	=	&proc_dointvec,
 		},
 #endif
+		{
+			.ctl_name	=	NET_IPV6_MAX_ADDRESSES,
+			.procname	=	"max_addresses",
+			.data		=	&ipv6_devconf.max_addresses,
+			.maxlen		=	sizeof(int),
+			.mode		=	0644,
+			.proc_handler	=	&proc_dointvec,
+		},
 	},
 	.addrconf_dev = {
 		{

-- 
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@linux-ipv6.org>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

Re: [PATCH] IPV6: added sysctl for maximum number of addresses

[Ville Nuorvala]

Hello Yoshifuji-san,

your patch looks good to me at least, FWIW.

Regards,
Ville
--
Ville Nuorvala
Research Assistant, Institute of Digital Communications,
Helsinki University of Technology
email: vnuorval@tcs.hut.fi, phone: +358 (0)9 451 5257

Re: [PATCH] IPV6: added sysctl for maximum number of addresses

[Pekka Savola]

On Thu, 15 Jan 2004, YOSHIFUJI Hideaki / [iso-2022-jp] ^[$B5HF#1QL@^[(B wrote:
> In some configuration, we need addresses more than 16 addresses per interface.
> This pach adds new sysctl for configuring the maximum number of addresses 
> per interface.

Doesn't 16 addresses per interface sound like an awfully small number?  
Consider a web service which wants to have a different IP address per 
virtual host.  These are not really uncommon.

Maybe 64 or 256 would be a better default?  After all, you shouldn't 
be able to crash the kernel using those numbers in any case, and if 
you can't, the default value should be something that's useful for as 
many people as reasonably?

> ===== Documentation/networking/ip-sysctl.txt 1.18 vs edited =====
> --- 1.18/Documentation/networking/ip-sysctl.txt	Thu Dec 25 12:32:23 2003
> +++ edited/Documentation/networking/ip-sysctl.txt	Thu Jan 15 21:25:49 2004
> @@ -667,6 +667,13 @@
>  	valid temporary addresses.
>  	Default: 5
>  
> +max_addresses - INTEGER
> +	Number of maximum addresses per interface.  0 disables limitation.
> +	It is recommended not set too large value (or 0) because it would 
> +	be too easy way to crash kernel to allow to create too much of 
> +	autoconfigured addresses.
> +	Default: 16
> +
>  icmp/*:
>  ratelimit - INTEGER
>  	Limit the maximal rates for sending ICMPv6 packets.
> ===== include/linux/ipv6.h 1.15 vs edited =====
> --- 1.15/include/linux/ipv6.h	Fri Jan  2 05:28:33 2004
> +++ edited/include/linux/ipv6.h	Thu Jan 15 21:17:23 2004
> @@ -143,6 +143,7 @@
>  	__s32		regen_max_retry;
>  	__s32		max_desync_factor;
>  #endif
> +	__s32		max_addresses;
>  	void		*sysctl;
>  };
>  
> @@ -165,6 +166,7 @@
>  	DEVCONF_REGEN_MAX_RETRY,
>  	DEVCONF_MAX_DESYNC_FACTOR,
>  #endif
> +	DEVCONF_MAX_ADDRESSES,
>  	DEVCONF_MAX
>  };
>  
> ===== include/linux/sysctl.h 1.54 vs edited =====
> --- 1.54/include/linux/sysctl.h	Thu Dec 25 12:32:23 2003
> +++ edited/include/linux/sysctl.h	Thu Jan 15 21:03:14 2004
> @@ -418,7 +418,8 @@
>  	NET_IPV6_TEMP_VALID_LFT=12,
>  	NET_IPV6_TEMP_PREFERED_LFT=13,
>  	NET_IPV6_REGEN_MAX_RETRY=14,
> -	NET_IPV6_MAX_DESYNC_FACTOR=15
> +	NET_IPV6_MAX_DESYNC_FACTOR=15,
> +	NET_IPV6_MAX_ADDRESSES=16
>  };
>  
>  /* /proc/sys/net/ipv6/icmp */
> ===== include/net/addrconf.h 1.11 vs edited =====
> --- 1.11/include/net/addrconf.h	Sun Jul  6 02:36:23 2003
> +++ edited/include/net/addrconf.h	Thu Jan 15 21:05:01 2004
> @@ -15,6 +15,8 @@
>  
>  #define ADDR_CHECK_FREQUENCY		(120*HZ)
>  
> +#define IPV6_MAX_ADDRESSES		16
> +
>  struct prefix_info {
>  	__u8			type;
>  	__u8			length;
> ===== net/ipv6/addrconf.c 1.79 vs edited =====
> --- 1.79/net/ipv6/addrconf.c	Thu Jan  8 05:17:40 2004
> +++ edited/net/ipv6/addrconf.c	Thu Jan 15 21:09:43 2004
> @@ -81,8 +81,6 @@
>  #include <linux/proc_fs.h>
>  #include <linux/seq_file.h>
>  
> -#define IPV6_MAX_ADDRESSES 16
> -
>  /* Set to 3 to get tracing... */
>  #define ACONF_DEBUG 2
>  
> @@ -160,6 +158,7 @@
>  	.regen_max_retry	= REGEN_MAX_RETRY,
>  	.max_desync_factor	= MAX_DESYNC_FACTOR,
>  #endif
> +	.max_addresses		= IPV6_MAX_ADDRESSES,
>  };
>  
>  static struct ipv6_devconf ipv6_devconf_dflt = {
> @@ -180,6 +179,7 @@
>  	.regen_max_retry	= REGEN_MAX_RETRY,
>  	.max_desync_factor	= MAX_DESYNC_FACTOR,
>  #endif
> +	.max_addresses		= IPV6_MAX_ADDRESSES,
>  };
>  
>  /* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
> @@ -630,6 +630,7 @@
>  	unsigned long tmp_prefered_lft, tmp_valid_lft;
>  	int tmp_plen;
>  	int ret = 0;
> +	int max_addresses;
>  
>  	if (ift) {
>  		spin_lock_bh(&ift->lock);
> @@ -685,9 +686,11 @@
>  				 ifp->prefered_lft, 
>  				 idev->cnf.temp_prefered_lft - desync_factor / HZ);
>  	tmp_plen = ifp->prefix_len;
> +	max_addresses = idev->cnf.max_addresses;
>  	write_unlock(&idev->lock);
>  	spin_unlock_bh(&ifp->lock);
> -	ift = ipv6_count_addresses(idev) < IPV6_MAX_ADDRESSES ?
> +	ift = !max_addresses ||
> +	      ipv6_count_addresses(idev) < max_addresses ? 
>  		ipv6_add_addr(idev, &addr, tmp_plen,
>  			      ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, IFA_F_TEMPORARY) : 0;
>  	if (!ift || IS_ERR(ift)) {
> @@ -1390,10 +1393,13 @@
>  		ifp = ipv6_get_ifaddr(&addr, dev);
>  
>  		if (ifp == NULL && valid_lft) {
> +			int max_addresses = in6_dev->cnf.max_addresses;
> +
>  			/* Do not allow to create too much of autoconfigured
>  			 * addresses; this would be too easy way to crash kernel.
>  			 */
> -			if (ipv6_count_addresses(in6_dev) < IPV6_MAX_ADDRESSES)
> +			if (!max_addresses ||
> +			    ipv6_count_addresses(in6_dev) < max_addresses)
>  				ifp = ipv6_add_addr(in6_dev, &addr, pinfo->prefix_len,
>  						    addr_type&IPV6_ADDR_SCOPE_MASK, 0);
>  
> @@ -2722,6 +2728,7 @@
>  	array[DEVCONF_REGEN_MAX_RETRY] = cnf->regen_max_retry;
>  	array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor;
>  #endif
> +	array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses;
>  }
>  
>  static int inet6_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
> @@ -3050,6 +3057,14 @@
>  	 		.proc_handler	=	&proc_dointvec,
>  		},
>  #endif
> +		{
> +			.ctl_name	=	NET_IPV6_MAX_ADDRESSES,
> +			.procname	=	"max_addresses",
> +			.data		=	&ipv6_devconf.max_addresses,
> +			.maxlen		=	sizeof(int),
> +			.mode		=	0644,
> +			.proc_handler	=	&proc_dointvec,
> +		},
>  	},
>  	.addrconf_dev = {
>  		{
> 
> 

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Re: [PATCH] IPV6: added sysctl for maximum number of addresses

[YOSHIFUJI Hideaki / 吉藤英明]

In article <Pine.LNX.4.44.0401151721380.16629-100000@netcore.fi> (at Thu, 15 Jan 2004 17:23:23 +0200 (EET)), Pekka Savola <pekkas@netcore.fi> says:

> On Thu, 15 Jan 2004, YOSHIFUJI Hideaki / [iso-2022-jp] ^[$B5HF#1QL@^[(B wrote:
> > In some configuration, we need addresses more than 16 addresses per interface.
> > This pach adds new sysctl for configuring the maximum number of addresses 
> > per interface.
> 
> Doesn't 16 addresses per interface sound like an awfully small number?  
> Consider a web service which wants to have a different IP address per 
> virtual host.  These are not really uncommon.

My point is the value becomes configurable.
"16" is consistent with current behavior.
I do not change the default value with this patch.

If you think it is too small, feel free to submit a patch to increase 
the default value.

Thanks.

--yoshfuji

Re: [PATCH] IPV6: added sysctl for maximum number of addresses

[David S. Miller]

On Fri, 16 Jan 2004 00:34:33 +0900 (JST)
YOSHIFUJI Hideaki / _$B5HF#1QL@ <yoshfuji@linux-ipv6.org> wrote:

> My point is the value becomes configurable.
> "16" is consistent with current behavior.
> I do not change the default value with this patch.
> 
> If you think it is too small, feel free to submit a patch to increase 
> the default value.

I agree with Yoshfuji-san, making it configurable and changing the default
are two different decisions to make and thus two different changes to make.

I will apply Yoshfuji's patch to make it configurable, and someone can submit
the change to make the default different and we can discuss that.

Re: [PATCH] IPV6: added sysctl for maximum number of addresses

[Peter Bieringer]

--On Thursday, January 15, 2004 02:10:16 PM -0800 "David S. Miller"
<davem@redhat.com> wrote:

> On Fri, 16 Jan 2004 00:34:33 +0900 (JST)
> YOSHIFUJI Hideaki / _$B5HF#1QL@ <yoshfuji@linux-ipv6.org> wrote:
> 
>> My point is the value becomes configurable.
>> "16" is consistent with current behavior.
>> I do not change the default value with this patch.
>> 
>> If you think it is too small, feel free to submit a patch to increase 
>> the default value.
> 
> I agree with Yoshfuji-san, making it configurable and changing the default
> are two different decisions to make and thus two different changes to
> make.
> 
> I will apply Yoshfuji's patch to make it configurable, and someone can
> submit the change to make the default different and we can discuss that.

Hmm, since when this limit exists?

Looks like it was introduced after 2.4.20-28.9 (RHL9 kernel)

One of my newer public servers (running upper shown kernel version) have
already 23 IPv6 addresses:

# ip addr show dev eth0|grep 2001 |wc -l
     23

Mostly used for one IPv6 address per "on-IPv6-no-longer-virtual-IP-less"
Apache2 webserver.

So I have the same opinion like Pekka, 16 would be a little bit to view, 64
would be a good default value for the limit.

Just my 2 cents,
        Peter
-- 
Dr. Peter Bieringer                     http://www.bieringer.de/pb/
GPG/PGP Key 0x958F422D               mailto: pb at bieringer dot de 
Deep Space 6 Co-Founder and Core Member  http://www.deepspace6.net/