PATCH: More apprrpriate vltime for IPv6 temp addrs (rfc4941bis)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

PATCH: More apprrpriate vltime for IPv6 temp addrs (rfc4941bis)

Fernando Gont-2
Folks,

This changes the default Valid Lifetime of temporary addresses to 2 days
(as per draft-ietf-6man-rfc4941bis):

---- cut here ----
diff --git nd6.h nd6.h
index 4449a7ed73c..de80dc16047 100644
--- nd6.h
+++ nd6.h
@@ -91,7 +91,7 @@ struct in6_ndifreq {

  /* constants for RFC 4941 autoconf privacy extension */
  #define ND6_PRIV_MAX_DESYNC_FACTOR 512 /* largest pow2 < 10 minutes */
-#define ND6_PRIV_VALID_LIFETIME 604800 /* 1 week */
+#define ND6_PRIV_VALID_LIFETIME 172800 /* 2 days, as per rfc4941bis */
  #define ND6_PRIV_PREFERRED_LIFETIME 86400 /* 1 day */

  #ifdef _KERNEL
---- cut here ----

P.S.: Patch also available at:
https://www.gont.com.ar/code/patch-fgont-tempaddr-vltime.txt

Thanks,
--
Fernando Gont
e-mail: [hidden email] || [hidden email]
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1



Reply | Threaded
Open this post in threaded view
|

Re: PATCH: More apprrpriate vltime for IPv6 temp addrs (rfc4941bis)

Florian Obser-2
Nice,

as the draft states:
      The default Valid Lifetime for temporary addresses has been
      reduced from 1 week to 2 days, decreasing the typical number of
      concurrent temporary addresses from 7 to 2.

This had been a complained on numerous occasions.

This made me realize that we can go futher and move the ND6_PRIV
constants from a public header to slaacd(8) - the only user.
I'm pretty sure that we made these constants up - they are not used in
the wider eco system according to internet searches.

diff --git sbin/slaacd/engine.c sbin/slaacd/engine.c
index be5d3fc827b..8f2c4297225 100644
--- sbin/slaacd/engine.c
+++ sbin/slaacd/engine.c
@@ -86,6 +86,11 @@
 #define RTR_SOLICITATION_INTERVAL 4
 #define MAX_RTR_SOLICITATIONS 3
 
+/* constants for RFC 4941 autoconf privacy extension */
+#define ND6_PRIV_MAX_DESYNC_FACTOR 512 /* largest pow2 < 10 minutes */
+#define ND6_PRIV_VALID_LIFETIME 172800 /* 2 days */
+#define ND6_PRIV_PREFERRED_LIFETIME 86400 /* 1 day */
+
 enum if_state {
  IF_DOWN,
  IF_DELAY,
diff --git sys/netinet6/nd6.h sys/netinet6/nd6.h
index 4449a7ed73c..e16f40d4cd2 100644
--- sys/netinet6/nd6.h
+++ sys/netinet6/nd6.h
@@ -89,11 +89,6 @@ struct in6_ndifreq {
 
 #define ND6_INFINITE_LIFETIME 0xffffffff
 
-/* constants for RFC 4941 autoconf privacy extension */
-#define ND6_PRIV_MAX_DESYNC_FACTOR 512 /* largest pow2 < 10 minutes */
-#define ND6_PRIV_VALID_LIFETIME 604800 /* 1 week */
-#define ND6_PRIV_PREFERRED_LIFETIME 86400 /* 1 day */
-
 #ifdef _KERNEL
 
 #include <sys/queue.h>


On Fri, Mar 27, 2020 at 08:27:37AM -0300, Fernando Gont wrote:

> Folks,
>
> This changes the default Valid Lifetime of temporary addresses to 2 days (as
> per draft-ietf-6man-rfc4941bis):
>
> ---- cut here ----
> diff --git nd6.h nd6.h
> index 4449a7ed73c..de80dc16047 100644
> --- nd6.h
> +++ nd6.h
> @@ -91,7 +91,7 @@ struct in6_ndifreq {
>
>  /* constants for RFC 4941 autoconf privacy extension */
>  #define ND6_PRIV_MAX_DESYNC_FACTOR 512 /* largest pow2 < 10 minutes */
> -#define ND6_PRIV_VALID_LIFETIME 604800 /* 1 week */
> +#define ND6_PRIV_VALID_LIFETIME 172800 /* 2 days, as per rfc4941bis */
>  #define ND6_PRIV_PREFERRED_LIFETIME 86400 /* 1 day */
>
>  #ifdef _KERNEL
> ---- cut here ----
>
> P.S.: Patch also available at:
> https://www.gont.com.ar/code/patch-fgont-tempaddr-vltime.txt
>
> Thanks,
> --
> Fernando Gont
> e-mail: [hidden email] || [hidden email]
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>
>
>

--
I'm not entirely sure you are real.

Reply | Threaded
Open this post in threaded view
|

Re: PATCH: More apprrpriate vltime for IPv6 temp addrs (rfc4941bis)

Fernando Gont-2
Hello, Florian,


On 27/3/20 12:20, Florian Obser wrote:
> Nice,
>
> as the draft states:
>        The default Valid Lifetime for temporary addresses has been
>        reduced from 1 week to 2 days, decreasing the typical number of
>        concurrent temporary addresses from 7 to 2.
>
> This had been a complained on numerous occasions.

Indeed, there have been reports of networks not being able to cope with
too many IPv6 addresses (USERS * (PREFIXES * 8 + 1))   -- there are 7
concurrent temporary addresses, plus the usual stable addresses. So,
with this patch, each prefix results in at most two concurrent temporary
addresses.



> This made me realize that we can go futher and move the ND6_PRIV
> constants from a public header to slaacd(8) - the only user.
> I'm pretty sure that we made these constants up - they are not used in
> the wider eco system according to internet searches.

That's even better. In a way I was surprised that the constants being
used by slaacd were in the "kernel" header.

>
> diff --git sbin/slaacd/engine.c sbin/slaacd/engine.c
> index be5d3fc827b..8f2c4297225 100644
> --- sbin/slaacd/engine.c
> +++ sbin/slaacd/engine.c
> @@ -86,6 +86,11 @@
>   #define RTR_SOLICITATION_INTERVAL 4
>   #define MAX_RTR_SOLICITATIONS 3
>  
> +/* constants for RFC 4941 autoconf privacy extension */
> +#define ND6_PRIV_MAX_DESYNC_FACTOR 512 /* largest pow2 < 10 minutes */
> +#define ND6_PRIV_VALID_LIFETIME 172800 /* 2 days */ > +#define ND6_PRIV_PREFERRED_LIFETIME 86400 /* 1 day */

Maybe these should be in engine.h as opposed to engine.c? -- although I
see there are other #define's in engine.c

Thanks!

Cheers,
--
Fernando Gont
e-mail: [hidden email] || [hidden email]
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1



Reply | Threaded
Open this post in threaded view
|

Re: PATCH: More apprrpriate vltime for IPv6 temp addrs (rfc4941bis)

Florian Obser-2
On Fri, Mar 27, 2020 at 12:58:18PM -0300, Fernando Gont wrote:

> Hello, Florian,
>
>
> On 27/3/20 12:20, Florian Obser wrote:
> > Nice,
> >
> > as the draft states:
> >        The default Valid Lifetime for temporary addresses has been
> >        reduced from 1 week to 2 days, decreasing the typical number of
> >        concurrent temporary addresses from 7 to 2.
> >
> > This had been a complained on numerous occasions.
>
> Indeed, there have been reports of networks not being able to cope with too
> many IPv6 addresses (USERS * (PREFIXES * 8 + 1))   -- there are 7 concurrent
> temporary addresses, plus the usual stable addresses. So, with this patch,
> each prefix results in at most two concurrent temporary addresses.

Yeah, that, too. But I was more thinking of user complains:
Why do I have so many IP addresses and do I need all of them?! ;)

>
>
>
> > This made me realize that we can go futher and move the ND6_PRIV
> > constants from a public header to slaacd(8) - the only user.
> > I'm pretty sure that we made these constants up - they are not used in
> > the wider eco system according to internet searches.
>
> That's even better. In a way I was surprised that the constants being used
> by slaacd were in the "kernel" header.

Historical, remember the KAME stack processed router advertisements in
the kernel to form addresses. I forgot to remove these when I wrote
slaacd.

>
> >
> > diff --git sbin/slaacd/engine.c sbin/slaacd/engine.c
> > index be5d3fc827b..8f2c4297225 100644
> > --- sbin/slaacd/engine.c
> > +++ sbin/slaacd/engine.c
> > @@ -86,6 +86,11 @@
> >   #define RTR_SOLICITATION_INTERVAL 4
> >   #define MAX_RTR_SOLICITATIONS 3
> > +/* constants for RFC 4941 autoconf privacy extension */
> > +#define ND6_PRIV_MAX_DESYNC_FACTOR 512 /* largest pow2 < 10 minutes */
> > +#define ND6_PRIV_VALID_LIFETIME 172800 /* 2 days */ > +#define ND6_PRIV_PREFERRED_LIFETIME 86400 /* 1 day */
>
> Maybe these should be in engine.h as opposed to engine.c? -- although I see
> there are other #define's in engine.c

No, engine.h is for things the engine process provides that are
accessed from the outside. Thise constants are internal to the engine.

>
> Thanks!
>
> Cheers,
> --
> Fernando Gont
> e-mail: [hidden email] || [hidden email]
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>
>
>

--
I'm not entirely sure you are real.