Page MenuHomeFreeBSD
Differential D50415

nd6: don't force inet6 params off for bridge
AcceptedPublic
Actions

Authored by ivy on Mon, May 19, 11:39 AM.
Tags
None
Referenced Files
F117873832: D50415.id155691.diff
Sat, May 24, 3:32 AM
F117865739: D50415.id.diff
Sat, May 24, 1:21 AM
F117862401: D50415.id155692.diff
Sat, May 24, 12:26 AM
Unknown Object (File)
Fri, May 23, 2:21 PM
Unknown Object (File)
Thu, May 22, 11:49 PM
Unknown Object (File)
Wed, May 21, 2:00 PM
Subscribers
ae
glebius
imp
melifaro
p.mousavizadeh_protonmail.com

Details

Reviewers
des
kevans
p.mousavizadeh_protonmail.com
hrs
kp
Group Reviewers
network
Summary

currently, nd6 forces ND6_IFF_AUTO_LINKLOCAL and ND6_IFF_ACCEPT_RTADV to
be disabled for IFT_BRIDGE interfaces. delete this, as there is no
reason to behave this way.

in the past, this might have made sense when adding IP addresses to a
bridge could create strange behaviour, in particular relating to
link-local scope violations as described in the "IPv6 support" section
of bridge(4).

however, nowadays the only reason IPv6 would be enabled on a bridge is
because the admin explicitly enabled that, in which case they will
expect this to work like any other interface.

PR: 254445

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 64287
Build 61171: arc lint + arc unit

Event Timeline

ivy created this revision.Mon, May 19, 11:39 AM
Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptMon, May 19, 11:39 AM
ivy requested review of this revision.Mon, May 19, 11:39 AM
Harbormaster completed remote builds in B64287: Diff 155691.Mon, May 19, 11:39 AM
ivy updated this revision to Diff 155692.Mon, May 19, 11:46 AM

add Reported by:

Harbormaster completed remote builds in B64288: Diff 155692.Mon, May 19, 11:46 AM
p.mousavizadeh_protonmail.com accepted this revision.Mon, May 19, 1:02 PM
p.mousavizadeh_protonmail.com added a subscriber: p.mousavizadeh_protonmail.com.

The ip6.auto_linklocal is enabled by default, and it could create link-local scope violations without any explicit admin configuration.
However, I tested the situation without your patch, and the if_bridge wouldn't allow a user to add an interface member without removing its IP addresses, including the link-local one. Therefore, this shouldn't become an issue in this case.

This revision is now accepted and ready to land.Mon, May 19, 1:02 PM
ivy added a comment.Tue, May 20, 6:52 PM
In D50415#1150645, @p.mousavizadeh_protonmail.com wrote:

The ip6.auto_linklocal is enabled by default, and it could create link-local scope violations without any explicit admin configuration.

but:

  1. the bridge will be inet6 ifdisabled on boot by default, so it shouldn't have any link-local addresses unless the admin explicitly enabled inet6 on the bridge, in which case they should expect this
  2. even if the ifdisabled flag is removed, bridge will automatically remove link-local addresses from interfaces added to the bridge to prevent scope violation; this is controlled by allow_llz_overlap and predates the recent member_ifaddrs change

so the only way this should be possible, unless i'm missing something here, is for the admin to enable inet6 on the bridge and change the default value of allow_llz_overlap.

kp accepted this revision.Wed, May 21, 9:04 AM
kp added a reviewer: hrs.
kp added a comment.Thu, May 22, 8:17 AM

This panics with a KMSAN violation in the sys/netinet/carp:unicast_v6 test. I'm still digging into that but I don't think it's a problem with this patch itself, rather I think it's an existing problem that's being revealed.

p.mousavizadeh_protonmail.com added a comment.Thu, May 22, 5:32 PM
In D50415#1151177, @ivy wrote:
In D50415#1150645, @p.mousavizadeh_protonmail.com wrote:

The ip6.auto_linklocal is enabled by default, and it could create link-local scope violations without any explicit admin configuration.

but:

  1. the bridge will be inet6 ifdisabled on boot by default, so it shouldn't have any link-local addresses unless the admin explicitly enabled inet6 on the bridge, in which case they should expect this

It's important to note that most people who use IPv6 have the ipv6_activate_all_interfaces="YES" setting enabled.
I am not sure why IPv6 is not activated by default. I always have IPv6 enabled on all of my interfaces.

ivy added a comment.EditedThu, May 22, 5:38 PM
In D50415#1151928, @p.mousavizadeh_protonmail.com wrote:

It's important to note that most people who use IPv6 have the ipv6_activate_all_interfaces="YES" setting enabled.

that's true; i never use this myself but i expect there are a lot of people who do. but, this will still be “fixed” by the default setting of allow_llz_overlap, right? (“fixed” in the sense that the bridge will call in6_detach and remove all the IP addresses, preventing any scope violation.)

I am not sure why IPv6 is not activated by default.

personally i don't like IP addresses (including link-local addresses) randomly appearing on interfaces without explicitly enabling that. i believe this is different to how other OSs work by default (Windows, Linux?) but that's not necessarily a bad thing. :-)

Revision Contents
Changeset List

PathSize
sys/
netinet6/
15 lines

Diff 155691

View Options

sys/netinet6/nd6.c

Loading...