nd6: allow address autoconf to be disabled
AcceptedPublic
Actions

Authored by ivy on Fri, May 2, 8:06 AM.

Details

Reviewers

des
kevans
gbe

Group Reviewers

network
manpages

Summary

currently, it's possible to enable SLAAC (accept_rtadv) but disable
automatic default router configuration using the nd6 flag no_radr.

add a new flag, no_prefixaddr, which does the inverse: automatically
configure the default router, but don't configure any IP addresses, even
if an autonomous on-link prefix is advertised.

this decision is made late enough that we still configure the prefix
itself and handle updates to any autoconf addresses that may already
exist on the interface, but we don't configure a new address when we
usually would.

this flag is disabled by default, so existing behaviour is unchanged.
this conforms to RFC 4862 § 5.5:

Creation of global addresses as described in this section SHOULD be
locally configurable.  However, the processing described below MUST
be enabled by default.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 63832
Build 60716: arc lint + arc unit

Event Timeline

ivy created this revision.Fri, May 2, 8:06 AM

Herald added subscribers: ziaee, glebius, melifaro and 2 others. · View Herald TranscriptFri, May 2, 8:06 AM

ivy requested review of this revision.Fri, May 2, 8:06 AM

Harbormaster completed remote builds in B63829: Diff 154682.Fri, May 2, 8:06 AM

add a test for the new flag

Herald added a subscriber: asomers. · View Herald TranscriptFri, May 2, 9:26 AM

Harbormaster completed remote builds in B63832: Diff 154685.Fri, May 2, 9:26 AM

gbe added a subscriber: gbe.Fri, May 2, 9:45 AM

LGTM for the man page part.

This revision is now accepted and ready to land.Fri, May 2, 10:22 AM

zlei added a subscriber: zlei.Tue, May 6, 7:23 AM

this decision is made late enough that we still configure the prefix
itself and handle updates to any autoconf addresses that may already
exist on the interface, but we don't configure a new address when we
usually would.

That confused me. How does that happen, that

any autoconf addresses that may already exist on the interface

sbin/ifconfig/ifconfig.8
955	ifconfig(8) has already used lots of `Clear a xxx flag`. I'd prefer to fix them all in separated commit .
sys/netinet6/ip6_input.c
233	This `TUNABLE_BOOL_FETCH` and above `TUNABLE_INT_FETCH`s is redundant since commit https://reviews.freebsd.org/rG110113bc086f5df1a9b6547edb1ab0cec698c55c .

In D50114#1145633, @zlei wrote:

That confused me. How does that happen, that

any autoconf addresses that may already exist on the interface

if an interface is brought up with accept_rtadv enabled but without no_prefixaddr, then we receive an RA on that interface, we will configure a dynamic (SLAAC) address on the interface. the admin may later enable no_prefixaddr on the interface, but we still need to process RA messages for the existing addresses, e.g. in case the RA has deprecated a prefix we previously autoconfigured before no_prefixaddr was set.

in practice this is not a very likely situation since presumably no_prefixaddr would be set before the interface is brought up, but since it could happen, we should handle it.

sys/netinet6/ip6_input.c
233	shall i just remove the one i added, or remove all of them in this diff? (i am not sure i fully understand the implications of 110113bc086f so i'll test this anyway.)

Interesting proposal - could you share the use case behind it?
I’d support this if it doesn’t impact IPv6 privacy, but in my case, it breaks temporary addresses.

There is also a conflict between this revision and D49681.

In D50114#1150308, @zarychtam_plan-b.pwste.edu.pl wrote:

Interesting proposal - could you share the use case behind it?

layer 2 access networks that use RAs for configuring routers, but where we want to configure a static IP address.

I’d support this if it doesn’t impact IPv6 privacy, but in my case, it breaks temporary addresses.

can you please provide more details about how it breaks this? with this flag set, we should never auto-configure an address including temporary addresses.

Thank you for the clarification.

sbin/ifconfig/af_nd6.c
69	This revision and D49681 conflict at this point.

ivy added inline comments.Mon, May 19, 7:17 AM

sbin/ifconfig/af_nd6.c
69	i'm not sure what you want me to do here; if you apply two patches that touch the same files you need to merge any conflicts yourself. iirc, we have not run out of bits here, so you can just change the bit that one of them uses.