From patchwork Wed Feb 14 06:26:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Henrie X-Patchwork-Id: 13555996 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EBFC011184 for ; Wed, 14 Feb 2024 06:28:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707892095; cv=none; b=Hkz5DH5Yd5C0PeBGce0B8ssf5ECZxzuuJPk/GpHcV9p/d5UHsX74GQI1r/9gBWxO23Vka5oFI0Uj1kbUrUOxckN4SYZy2rgNeIMJ+jhIFiX5LRod/Rm6t5v+NmAC4usnm4pyLeqHHfZgmSffnLIlonmGI4Kv+qeJ1O9S7q8dVf0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707892095; c=relaxed/simple; bh=rHQygRb37wI8CjF4pUfkF+1ThaVluQJuWA50UCngsG0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Oq0xbBYKuVuhdY0qtPZa8F6ej6fcKXzhcMFmBpbeDYQDu8j+6PGjrVImGv1MKKHoj9ttJnd8fYHpMLgupzCulHI45ngXb9OoS/j9MmwZhwwIrZGa0+vG81hOy5WS4ArJl5cllaa5pZFm5hYyX/CctoXzUVQtMqRnEV544vY8Sl0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Zl8uh1Ux; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Zl8uh1Ux" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-1d91397bd22so39300215ad.0 for ; Tue, 13 Feb 2024 22:28:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707892093; x=1708496893; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5l2G10WRscQHVrzcFySRcXO99KOvqXERni9GLl5mRxM=; b=Zl8uh1UxLzh0cLUGVIzZPTyV23OfzOXJUbJkRBUNl8H5Ua36bkqGkxImS2KYpc/LWI BynQLGtLk+vIR0zbRxg9SJ2unbQXD0NLxR/amV3c/QxBnzAOt2o5enT3y0qXIOg3iDUJ dYiVu1i6uivtM2/9gNZyN/ou0fa2PAKTBhh6/oldKyoGhzUSX9kzJSi4/EHjmWfDcHbn 1LpbXHTiGEGhYP9J+I3VFuxUaFWGh+K7weMLPXFF3vYYJDblo1xV+bGje/3qbd3qIk96 ecmZJW3XI5ZZvFNPSLeOwrUREAnCPRWSUqYP+LpP7zs9gC6l9VJnyqcGDWYdCmLmks6k fSSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707892093; x=1708496893; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5l2G10WRscQHVrzcFySRcXO99KOvqXERni9GLl5mRxM=; b=h+ur+RsN/6vzroJhq0MSAB76/SIxHMD9QadFg9jQDPOmaYSQ4HWG2shh8ZQEJ7pBdp 0EU37lRhY6/XruOuMcxXzenwaBot1WnU8gAfau1PzBN1BAY/vAyPL7C3kD7dEeU6MjKE g/lOdqvYNEfO3gCY1kiJWXcukQ6NnAXpnJD48Bkjw/Hca0o6+Rt8S+rj3s6WwFRFyFwe Tvnd317b/QM7dk8T+uJXnDjMml49qu1vOAnhxLKJJ7cqsZjOJQTIgD1TB5NwGYoMTfou DZKbsVLmSltLL+0vHsGNxnnv8/hw9Kpw/wHji+vASZrPD/LiWD8wAMUua1SS92q4cGhL 9wIA== X-Gm-Message-State: AOJu0YxLqHfKLJbimQOOmcZKkwQvKXHAzJLo8hQ8mzA9G+6UoJKJectU vh6ObHfj8btENz4lnsHyhqvgPcdVeEaHduHWCdwNVNuQxCD+Bt4UZHNHKEnvEmg= X-Google-Smtp-Source: AGHT+IEuIZeFuVilrDbGjSur8HYqZAut5c9XyJsUOkHTABD+tM4/i5MpeASj/CyD90qwESKoejQVLw== X-Received: by 2002:a17:902:efd4:b0:1db:4287:c309 with SMTP id ja20-20020a170902efd400b001db4287c309mr1556252plb.11.1707892093044; Tue, 13 Feb 2024 22:28:13 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCVeqy5JwVCl1ECrAUIdU/BAaXdP0KPOk9ykmbnHVISjuEWn0USU5chMPCf+m30w8QioJmzzY1RLD3NjMIaWplbik/Egt885CFyrBYG/Kmbly14W61l6+zHsvWFdbFZG+dyOkDVIy5sC3qCeUJZ4arsQk3/MvIOfAJCSFVKwEL+a3m8t9qT0+OhqdrwTaOQ7aUhegfaqWnO0pfpSvttexaNYSs69MjNqBqgDbzWDOiIYc8OQj5eP01VtHS0KK6cLib99rdXzpOI= Received: from xavier.lan ([2607:fa18:9ffd::2a2]) by smtp.gmail.com with ESMTPSA id q19-20020a170902e31300b001d8dd636705sm1983843plc.190.2024.02.13.22.28.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 22:28:12 -0800 (PST) From: Alex Henrie To: netdev@vger.kernel.org, dan@danm.net, bagasdotme@gmail.com, davem@davemloft.net, dsahern@kernel.org, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, jikos@kernel.org Cc: Alex Henrie Subject: [PATCH net-next v2 1/3] net: ipv6/addrconf: ensure that regen_advance is at least 2 seconds Date: Tue, 13 Feb 2024 23:26:30 -0700 Message-ID: <20240214062711.608363-2-alexhenrie24@gmail.com> X-Mailer: git-send-email 2.43.1 In-Reply-To: <20240214062711.608363-1-alexhenrie24@gmail.com> References: <20240209061035.3757-1-alexhenrie24@gmail.com> <20240214062711.608363-1-alexhenrie24@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org RFC 8981 defines REGEN_ADVANCE as follows: REGEN_ADVANCE = 2 + (TEMP_IDGEN_RETRIES * DupAddrDetectTransmits * RetransTimer / 1000) Thus, allowing it to be less than 2 seconds is technically a protocol violation. Link: https://datatracker.ietf.org/doc/html/rfc8981#name-defined-protocol-parameters Signed-off-by: Alex Henrie Reviewed-by: David Ahern --- Documentation/networking/ip-sysctl.rst | 4 ++-- net/ipv6/addrconf.c | 15 +++++++++------ 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst index 7afff42612e9..458305931345 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst @@ -2503,7 +2503,7 @@ use_tempaddr - INTEGER temp_valid_lft - INTEGER valid lifetime (in seconds) for temporary addresses. If less than the - minimum required lifetime (typically 5 seconds), temporary addresses + minimum required lifetime (typically 5-7 seconds), temporary addresses will not be created. Default: 172800 (2 days) @@ -2511,7 +2511,7 @@ temp_valid_lft - INTEGER temp_prefered_lft - INTEGER Preferred lifetime (in seconds) for temporary addresses. If temp_prefered_lft is less than the minimum required lifetime (typically - 5 seconds), temporary addresses will not be created. If + 5-7 seconds), temporary addresses will not be created. If temp_prefered_lft is greater than temp_valid_lft, the preferred lifetime is temp_valid_lft. diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index ca1b719323c0..68516493404a 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1339,6 +1339,13 @@ static void ipv6_del_addr(struct inet6_ifaddr *ifp) in6_ifa_put(ifp); } +static unsigned long ipv6_get_regen_advance(struct inet6_dev *idev) +{ + return 2 + idev->cnf.regen_max_retry * + idev->cnf.dad_transmits * + max(NEIGH_VAR(idev->nd_parms, RETRANS_TIME), HZ/100) / HZ; +} + static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) { struct inet6_dev *idev = ifp->idev; @@ -1380,9 +1387,7 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) age = (now - ifp->tstamp) / HZ; - regen_advance = idev->cnf.regen_max_retry * - idev->cnf.dad_transmits * - max(NEIGH_VAR(idev->nd_parms, RETRANS_TIME), HZ/100) / HZ; + regen_advance = ipv6_get_regen_advance(idev); /* recalculate max_desync_factor each time and update * idev->desync_factor if it's larger @@ -4595,9 +4600,7 @@ static void addrconf_verify_rtnl(struct net *net) !ifp->regen_count && ifp->ifpub) { /* This is a non-regenerated temporary addr. */ - unsigned long regen_advance = ifp->idev->cnf.regen_max_retry * - ifp->idev->cnf.dad_transmits * - max(NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME), HZ/100) / HZ; + unsigned long regen_advance = ipv6_get_regen_advance(ifp->idev); if (age + regen_advance >= ifp->prefered_lft) { struct inet6_ifaddr *ifpub = ifp->ifpub; From patchwork Wed Feb 14 06:26:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Henrie X-Patchwork-Id: 13555997 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 00B3610A33 for ; Wed, 14 Feb 2024 06:28:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707892096; cv=none; b=PSOO7ElJod/rPiUy1ROm5P+v8Vrcj0a81k2JqCF8SUmvDdegomt8BRbmUEn4s+ib99LEFU23vqqGUud2fQ8X68sFcbyBZxUBDetCbGEMiRWhCbDQT2fgbQIBAE3BsUlicp4RAkokgkJt5HmgTsjAoRp9oAnN6jbwHmDEh6EBjck= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707892096; c=relaxed/simple; bh=+JyyijEwDhHnEzka8K2uG/gVh7fdnOMcjWQmvBzyf8k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dtTqv3Ok3KkrGPNVeBPCpAVR0991aVbb6GW+K7En7mbDq46NVHDwIPYYN+DNxpYYfYQBRoQjHnqoVV3vvRQDTDztfNjz8SbJgwhmQpY7tMXN4TUpQS10QxRInD5WremqwJTOgm6hKGIcF+Yae6W1FjkkwL0q2T08aLzmbCC3Xmk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Adgevdfh; arc=none smtp.client-ip=209.85.214.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Adgevdfh" Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1d7881b1843so46972105ad.3 for ; Tue, 13 Feb 2024 22:28:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707892094; x=1708496894; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=WqyYxOeglUuSSo9617mVWGErw/1xl/DIHj8YhnK6gWQ=; b=AdgevdfhH4hpaWFkZN+fF14Hkj2UHCHPHhV1q0cUjuJrSUsfKXzWwURE1vEBLsqMq1 diXGuL/sr0vnYzNOqJMEy0lRYvR9GM6xDF3uMo1T/sPaXXEA9ANklQo9k70SShLOujfo pFE9kRM/8z2T/A0CCkpQFjRpj8y7GvKAfc3sYpwidNppmxshxjNNAexoEee0G5DNQwTG KDh2KFzhuM1dxeEunjigA5+XJ9p6qgZHIf5rwgGG4QUjj2EOPumHYV23d1HLfuL5lVMQ M0KbzGpl9yBVf/0sgnZOmgO1Glfkd+OdgbhKIYPE0XzbK0YySP4hDLv/yfNcZVSBwJj5 ykLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707892094; x=1708496894; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WqyYxOeglUuSSo9617mVWGErw/1xl/DIHj8YhnK6gWQ=; b=qtSrELkbXbNxA9o+O7uDy9KLrAtGttody3fImZeUTIvjAuIbqb4QDkoMBYkyS7Rd8u 58U86TyGqsOx5rulkdplDT6Pt8M0lKHzYq921LgZYtCtZAv+4RpUKTTMLVGfwn4aerrG U2xvQaBj0f/4NA9+yvM7g8A8F8ZnCTjAq9thDHVS89eMsQUKOQYC2lVIAO/f3Aa8eEgr xQM3txZhI67Yv5+lLBRtSlBfq4+X5uA59dQJFUHvb4kATfiwofIMWJDO9Dp7wypDLX0i VXzRk2xJZohsaf+nrvTA0vlFjH/qtt7JWNzzIOTotxrhge7ES7oH18FDAipZT/fO00sT Ulkw== X-Gm-Message-State: AOJu0YzqKiNbicBweZ0lZ+61/oWjosD1SyolDzRM0RtUAMox+MQOABC6 4NqUJZ/HPEbo5xO+I0W5lv+lLCQQfjj3/H2MEtOQ+j8Qbi1snGT6TvzhBanjGsM= X-Google-Smtp-Source: AGHT+IH+XcQFWIxZyt6nBaFDi/t94c4yW4iL3m9jo1gfgGumd+JrxvRDsa9mn275OwjRVp3GI2wjUg== X-Received: by 2002:a17:902:b589:b0:1db:3d36:507b with SMTP id a9-20020a170902b58900b001db3d36507bmr1725270pls.44.1707892094100; Tue, 13 Feb 2024 22:28:14 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCUVybW7aXUYjMQD3n4UHMxnwDjvRZDWgwfhnl1GRzXMMdtYInzEF52uOEMcUSegQ67gs2UuGWUeoU6f9jAIdjsyON6RJkDZ7qG+YTaD/A6oke3c9Ew0GbhF56mFWnBjuw810yYV9jC2UctLReHzKc0DO+YSakmWK2P/dZOXRJC3OvJuh4LEzza2MTxitMkzhEiBAozwua3Sca/CxIPWNpc26TcXnr0rCdTMKgJ1UOkeh6j5ZBP9IwwRyTt7S3wwA8YFcc3ZJbw= Received: from xavier.lan ([2607:fa18:9ffd::2a2]) by smtp.gmail.com with ESMTPSA id q19-20020a170902e31300b001d8dd636705sm1983843plc.190.2024.02.13.22.28.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 22:28:13 -0800 (PST) From: Alex Henrie To: netdev@vger.kernel.org, dan@danm.net, bagasdotme@gmail.com, davem@davemloft.net, dsahern@kernel.org, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, jikos@kernel.org Cc: Alex Henrie Subject: [PATCH net-next v2 2/3] net: ipv6/addrconf: introduce a regen_min_advance sysctl Date: Tue, 13 Feb 2024 23:26:31 -0700 Message-ID: <20240214062711.608363-3-alexhenrie24@gmail.com> X-Mailer: git-send-email 2.43.1 In-Reply-To: <20240214062711.608363-1-alexhenrie24@gmail.com> References: <20240209061035.3757-1-alexhenrie24@gmail.com> <20240214062711.608363-1-alexhenrie24@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org In RFC 8981, REGEN_ADVANCE cannot be less than 2 seconds, and the RFC does not permit the creation of temporary addresses with lifetimes shorter than that: > When processing a Router Advertisement with a > Prefix Information option carrying a prefix for the purposes of > address autoconfiguration (i.e., the A bit is set), the host MUST > perform the following steps: > 5. A temporary address is created only if this calculated preferred > lifetime is greater than REGEN_ADVANCE time units. However, some users want to change their IPv6 address as frequently as possible regardless of the RFC's arbitrary minimum lifetime. For the benefit of those users, add a regen_min_advance sysctl parameter that can be set to below or above 2 seconds. Link: https://datatracker.ietf.org/doc/html/rfc8981 Signed-off-by: Alex Henrie Reviewed-by: David Ahern --- Documentation/networking/ip-sysctl.rst | 10 ++++++++++ include/linux/ipv6.h | 1 + include/net/addrconf.h | 5 +++-- net/ipv6/addrconf.c | 11 ++++++++++- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst index 458305931345..407d917d1a36 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst @@ -2535,6 +2535,16 @@ max_desync_factor - INTEGER Default: 600 +regen_min_advance - INTEGER + How far in advance (in seconds), at minimum, to create a new temporary + address before the current one is deprecated. This value is added to + the amount of time that may be required for duplicate address detection + to determine when to create a new address. Linux permits setting this + value to less than the default of 2 seconds, but a value less than 2 + does not conform to RFC 8981. + + Default: 2 + regen_max_retry - INTEGER Number of attempts before give up attempting to generate valid temporary addresses. diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h index 5e605e384aac..ef3aa060a289 100644 --- a/include/linux/ipv6.h +++ b/include/linux/ipv6.h @@ -27,6 +27,7 @@ struct ipv6_devconf { __s32 use_tempaddr; __s32 temp_valid_lft; __s32 temp_prefered_lft; + __s32 regen_min_advance; __s32 regen_max_retry; __s32 max_desync_factor; __s32 max_addresses; diff --git a/include/net/addrconf.h b/include/net/addrconf.h index 61ebe723ee4d..30d6f1e84e46 100644 --- a/include/net/addrconf.h +++ b/include/net/addrconf.h @@ -8,8 +8,9 @@ #define MIN_VALID_LIFETIME (2*3600) /* 2 hours */ -#define TEMP_VALID_LIFETIME (7*86400) -#define TEMP_PREFERRED_LIFETIME (86400) +#define TEMP_VALID_LIFETIME (7*86400) /* 1 week */ +#define TEMP_PREFERRED_LIFETIME (86400) /* 24 hours */ +#define REGEN_MIN_ADVANCE (2) /* 2 seconds */ #define REGEN_MAX_RETRY (3) #define MAX_DESYNC_FACTOR (600) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 68516493404a..9af56b73d08c 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -195,6 +195,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { .use_tempaddr = 0, .temp_valid_lft = TEMP_VALID_LIFETIME, .temp_prefered_lft = TEMP_PREFERRED_LIFETIME, + .regen_min_advance = REGEN_MIN_ADVANCE, .regen_max_retry = REGEN_MAX_RETRY, .max_desync_factor = MAX_DESYNC_FACTOR, .max_addresses = IPV6_MAX_ADDRESSES, @@ -257,6 +258,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { .use_tempaddr = 0, .temp_valid_lft = TEMP_VALID_LIFETIME, .temp_prefered_lft = TEMP_PREFERRED_LIFETIME, + .regen_min_advance = REGEN_MIN_ADVANCE, .regen_max_retry = REGEN_MAX_RETRY, .max_desync_factor = MAX_DESYNC_FACTOR, .max_addresses = IPV6_MAX_ADDRESSES, @@ -1341,7 +1343,7 @@ static void ipv6_del_addr(struct inet6_ifaddr *ifp) static unsigned long ipv6_get_regen_advance(struct inet6_dev *idev) { - return 2 + idev->cnf.regen_max_retry * + return idev->cnf.regen_min_advance + idev->cnf.regen_max_retry * idev->cnf.dad_transmits * max(NEIGH_VAR(idev->nd_parms, RETRANS_TIME), HZ/100) / HZ; } @@ -6819,6 +6821,13 @@ static const struct ctl_table addrconf_sysctl[] = { .mode = 0644, .proc_handler = proc_dointvec, }, + { + .procname = "regen_min_advance", + .data = &ipv6_devconf.regen_min_advance, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, { .procname = "regen_max_retry", .data = &ipv6_devconf.regen_max_retry, From patchwork Wed Feb 14 06:26:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Henrie X-Patchwork-Id: 13555998 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-oa1-f54.google.com (mail-oa1-f54.google.com [209.85.160.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 618F0111A4 for ; Wed, 14 Feb 2024 06:28:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707892098; cv=none; b=POmPPOpTGUTIpAV8UngsTHknU2lv1vO2G30lvsuICr4zsDfR/2Di3HQD5X61u8uNFNqqfqryl8YccSISPG78c5DBdRl0wNBsumdx4hNklpveKXDXX8LQGM12N99THGn5geP9Ghf6tDVX8ou+i/j7yLzoxh3rBRVNL2svId/DAjY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707892098; c=relaxed/simple; bh=7zJ13E+9+aQFGrZM8A/ZDvNnVVPby3yTLqROxXTbhaY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=r2CGpa93lK2Td//8UJhDZtpCIu2VWt762yfZbrVGp+oiIhciFuXszX3KPuJotDlCILMrByHVS/GVebWECdn5UFFcw4i6mJfOKAz2/OZvv2lhHR8WFFWJFAR3Fb1nrjS83BDuMkGIIWZ+urJkr/EjRXvPkvqOnn8DF8xf1ODG+es= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gjNRKo6h; arc=none smtp.client-ip=209.85.160.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gjNRKo6h" Received: by mail-oa1-f54.google.com with SMTP id 586e51a60fabf-218642337c9so3309235fac.3 for ; Tue, 13 Feb 2024 22:28:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707892095; x=1708496895; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wJs862MZYxWmxS7n9joCUN3cXOWsaiCJCk0ksXMqllE=; b=gjNRKo6hNmKiQ6fUHoxPjpsHmIH7IXtkkloTfthXL7a06rooklexhqRAMb+8o86uak uw3rSGraxoY4+44f7ffEZTkgpNundwrxjKJqdi9ZtAAd5JC77u1ul0LpCy/MsvXGeN1j ZV2wta2VCLPb0mz7ZWPHw88DHscKwPDRwmuBwUxz6WE5BngWPYL6+9mKDRnqtlMsXTZG wwRoWUnzk1799tXywT86sFp61gP3U+8BUooboCIEpjQodfk6KD7Dkq5CmI91e31SktSg DgoToToVzsV51NPogfuE/hPWt5ViXRgyUShZRKW9juFqQ9ccbe4Dz18ltojJDujWUq/y ZEOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707892095; x=1708496895; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wJs862MZYxWmxS7n9joCUN3cXOWsaiCJCk0ksXMqllE=; b=AWSJeotMfx4MWPJsQMO+S/NX42t4MTBN05y3utTqNQxgXAXZ0Qql34SfpTe3cvOQDH qqm3mqaX7bR7xgKuW4DfpH3tNx9AkaXVdLEDtl/+AgrAFUlMmX+WM7s0cSAfjVPFl0gg LR2E7gjahqifxvYVBdxodsSTV5GG/b/iHUumB8rtCDEOJXYe3TFltGzo/vII85oRdYVC I5Zu6SHEngWv7ZpkYpJolzH29R3NNsKEl3ZmGCRizV6d+2bZEzf+Qx0XKI3OvXPCXctE dRB85tWeTIRHVV4GJhyzLde+/OdEAhFKQyKLGlNiZ8znCFEqnSefO97i7LYRT5gN7OG8 SRZg== X-Gm-Message-State: AOJu0Yw5xjP+zcAy782LEDQYwBZauio+n6saA3y9EFRQGrP4EZyPKQau rQ9fRBm1NTB2xogWZiaF3rJ7yJVy65NwIrB1J5/K0QHVTCox3tnc2NnJeLTJdkQ= X-Google-Smtp-Source: AGHT+IFxJI2KlEClzLh9wrIy5ZHtWgSAbKRzjLS0pHeXJ13UDhdYGiT9myQnt30Mp8u7CR33ZlfzcQ== X-Received: by 2002:a05:6358:5295:b0:17a:e013:9586 with SMTP id g21-20020a056358529500b0017ae0139586mr2085941rwa.29.1707892095154; Tue, 13 Feb 2024 22:28:15 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCXyaNSQZDP6eKaQfsCL5WB9q4SF2aAXWdRNhSaoycuDRy64Xr6jlgJpORtuJqo1f7Z16fLdt2uq4kjIHRBXHXhmM9TAlPN255OaZ67nVXpuUa8a8tmU/nWidzjVpxhXtKXMU4TNG33NqIWLNNLzWLyMHRo2n09X72bn/kUyKbPSRK6JdbE5j8uBFZGxTFuQQR2PbBoOAmlXy00ZMazZVlNBrzBtjhADpQpnRElOpqLjzqZo1ktGxgiAjOsmzkMgAeHJiYKvyZo= Received: from xavier.lan ([2607:fa18:9ffd::2a2]) by smtp.gmail.com with ESMTPSA id q19-20020a170902e31300b001d8dd636705sm1983843plc.190.2024.02.13.22.28.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Feb 2024 22:28:14 -0800 (PST) From: Alex Henrie To: netdev@vger.kernel.org, dan@danm.net, bagasdotme@gmail.com, davem@davemloft.net, dsahern@kernel.org, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, jikos@kernel.org Cc: Alex Henrie Subject: [PATCH net-next v2 3/3] net: ipv6/addrconf: clamp preferred_lft to the minimum required Date: Tue, 13 Feb 2024 23:26:32 -0700 Message-ID: <20240214062711.608363-4-alexhenrie24@gmail.com> X-Mailer: git-send-email 2.43.1 In-Reply-To: <20240214062711.608363-1-alexhenrie24@gmail.com> References: <20240209061035.3757-1-alexhenrie24@gmail.com> <20240214062711.608363-1-alexhenrie24@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org If the preferred lifetime was less than the minimum required lifetime, ipv6_create_tempaddr would error out without creating any new address. On my machine and network, this error happened immediately with the preferred lifetime set to 5 seconds or less, after a few minutes with the preferred lifetime set to 6 seconds, and not at all with the preferred lifetime set to 7 seconds. During my investigation, I found a Stack Exchange post from another person who seems to have had the same problem: They stopped getting new addresses if they lowered the preferred lifetime below 3 seconds, and they didn't really know why. The preferred lifetime is a preference, not a hard requirement. The kernel does not strictly forbid new connections on a deprecated address, nor does it guarantee that the address will be disposed of the instant its total valid lifetime expires. So rather than disable IPv6 privacy extensions altogether if the minimum required lifetime swells above the preferred lifetime, it is more in keeping with the user's intent to increase the temporary address's lifetime to the minimum necessary for the current network conditions. With these fixes, setting the preferred lifetime to 5 or 6 seconds "just works" because the extra fraction of a second is practically unnoticeable. It's even possible to reduce the time before deprecation to 1 or 2 seconds by setting /proc/sys/net/ipv6/conf/*/regen_min_advance and /proc/sys/net/ipv6/conf/*/dad_transmits to 0. I realize that that is a pretty niche use case, but I know at least one person who would gladly sacrifice performance and convenience to be sure that they are getting the maximum possible level of privacy. Link: https://serverfault.com/a/1031168/310447 Signed-off-by: Alex Henrie Reviewed-by: David Ahern --- Documentation/networking/ip-sysctl.rst | 2 +- net/ipv6/addrconf.c | 43 ++++++++++++++++++++------ 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst index 407d917d1a36..bd50df6a5a42 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst @@ -2511,7 +2511,7 @@ temp_valid_lft - INTEGER temp_prefered_lft - INTEGER Preferred lifetime (in seconds) for temporary addresses. If temp_prefered_lft is less than the minimum required lifetime (typically - 5-7 seconds), temporary addresses will not be created. If + 5-7 seconds), the preferred lifetime is the minimum required. If temp_prefered_lft is greater than temp_valid_lft, the preferred lifetime is temp_valid_lft. diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 9af56b73d08c..f31ab973864a 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1354,6 +1354,7 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) unsigned long tmp_tstamp, age; unsigned long regen_advance; unsigned long now = jiffies; + u32 if_public_preferred_lft; s32 cnf_temp_preferred_lft; struct inet6_ifaddr *ift; struct ifa6_config cfg; @@ -1409,11 +1410,13 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) } } + if_public_preferred_lft = ifp->prefered_lft; + memset(&cfg, 0, sizeof(cfg)); cfg.valid_lft = min_t(__u32, ifp->valid_lft, idev->cnf.temp_valid_lft + age); cfg.preferred_lft = cnf_temp_preferred_lft + age - idev->desync_factor; - cfg.preferred_lft = min_t(__u32, ifp->prefered_lft, cfg.preferred_lft); + cfg.preferred_lft = min_t(__u32, if_public_preferred_lft, cfg.preferred_lft); cfg.preferred_lft = min_t(__u32, cfg.valid_lft, cfg.preferred_lft); cfg.plen = ifp->prefix_len; @@ -1422,19 +1425,41 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) write_unlock_bh(&idev->lock); - /* A temporary address is created only if this calculated Preferred - * Lifetime is greater than REGEN_ADVANCE time units. In particular, - * an implementation must not create a temporary address with a zero - * Preferred Lifetime. + /* From RFC 4941: + * + * A temporary address is created only if this calculated Preferred + * Lifetime is greater than REGEN_ADVANCE time units. In + * particular, an implementation must not create a temporary address + * with a zero Preferred Lifetime. + * + * ... + * + * When creating a temporary address, the lifetime values MUST be + * derived from the corresponding prefix as follows: + * + * ... + * + * * Its Preferred Lifetime is the lower of the Preferred Lifetime + * of the public address or TEMP_PREFERRED_LIFETIME - + * DESYNC_FACTOR. + * + * To comply with the RFC's requirements, clamp the preferred lifetime + * to a minimum of regen_advance, unless that would exceed valid_lft or + * ifp->prefered_lft. + * * Use age calculation as in addrconf_verify to avoid unnecessary * temporary addresses being generated. */ age = (now - tmp_tstamp + ADDRCONF_TIMER_FUZZ_MINUS) / HZ; if (cfg.preferred_lft <= regen_advance + age) { - in6_ifa_put(ifp); - in6_dev_put(idev); - ret = -1; - goto out; + cfg.preferred_lft = regen_advance + age + 1; + if (cfg.preferred_lft > cfg.valid_lft || + cfg.preferred_lft > if_public_preferred_lft) { + in6_ifa_put(ifp); + in6_dev_put(idev); + ret = -1; + goto out; + } } cfg.ifa_flags = IFA_F_TEMPORARY;