Discussion:
Detached address check
(too old to reply)
Robert Swindells
2017-11-17 16:57:00 UTC
Permalink
I feel that the changes made to check whether a sending address is valid
are too strict.

The check means that an attempt to connect from the address of an
interface that is marked detached to the same address will fail even
though there is still a route for this address to the loopback device.

The change was introduced in:

<http://mail-index.netbsd.org/source-changes/2016/09/15/msg077726.html>

Robert Swindells


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Robert Swindells
2017-11-18 13:37:00 UTC
Permalink
Post by Robert Swindells
I feel that the changes made to check whether a sending address is valid
are too strict.
The check means that an attempt to connect from the address of an
interface that is marked detached to the same address will fail even
though there is still a route for this address to the loopback device.
<http://mail-index.netbsd.org/source-changes/2016/09/15/msg077726.html>
To clarify, I expect to be able to do:

# ifconfig wm0 inet 192.168.0.1 netmask 0xffffff00 up
# ping 192.168.0.1

and for it to work every time, not just when wm0 has detected a
carrier. In the traditional usage, the packets don't go through wm0
anyway they go through lo0.

The RFC 4862 referenced in the commit is for IPv6, I don't think that
IPv4 behaviour should change too.

I'm not even convinced that I want this behaviour for IPv6, I would
prefer that addresses set using ifconfig(8) should stay valid until
I change them.

Robert Swindells


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Roy Marples
2017-11-21 09:26:44 UTC
Permalink
Post by Robert Swindells
Post by Robert Swindells
I feel that the changes made to check whether a sending address is valid
are too strict.
The check means that an attempt to connect from the address of an
interface that is marked detached to the same address will fail even
though there is still a route for this address to the loopback device.
<http://mail-index.netbsd.org/source-changes/2016/09/15/msg077726.html>
# ifconfig wm0 inet 192.168.0.1 netmask 0xffffff00 up
# ping 192.168.0.1
and for it to work every time, not just when wm0 has detected a
carrier. In the traditional usage, the packets don't go through wm0
anyway they go through lo0.
Aside from ping, what else do you really want?
Post by Robert Swindells
The RFC 4862 referenced in the commit is for IPv6, I don't think that
IPv4 behaviour should change too.
I'm not even convinced that I want this behaviour for IPv6, I would
prefer that addresses set using ifconfig(8) should stay valid until
I change them.
What would you actually do with them though?
You have localhost - 127.0.0.1 which works just fine.

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Robert Swindells
2017-11-21 10:02:16 UTC
Permalink
Post by Roy Marples
Post by Robert Swindells
Post by Robert Swindells
I feel that the changes made to check whether a sending address is valid
are too strict.
The check means that an attempt to connect from the address of an
interface that is marked detached to the same address will fail even
though there is still a route for this address to the loopback device.
<http://mail-index.netbsd.org/source-changes/2016/09/15/msg077726.html>
# ifconfig wm0 inet 192.168.0.1 netmask 0xffffff00 up
# ping 192.168.0.1
and for it to work every time, not just when wm0 has detected a
carrier. In the traditional usage, the packets don't go through wm0
anyway they go through lo0.
Aside from ping, what else do you really want?
I want all network programs to work.
Post by Roy Marples
Post by Robert Swindells
The RFC 4862 referenced in the commit is for IPv6, I don't think that
IPv4 behaviour should change too.
I'm not even convinced that I want this behaviour for IPv6, I would
prefer that addresses set using ifconfig(8) should stay valid until
I change them.
What would you actually do with them though?
You have localhost - 127.0.0.1 which works just fine.
I shouldn't need to use localhost to connect to the same machine, that
isn't the way that UNIX networking has traditionally worked, there
wouldn't be any need for the route from each interface address to lo0
if we adopt your new programming model.

I feel that setting DETACHED/TENTATIVE based on link status should
be removed from IPv4 altogether. I have commented it out in my tree
and my machine is working again.

For IPv6, I would enable it with a sysctl whose value is only set to
true when ipv6mode="autohost".

If this change makes it into NetBSD-8 then I think you are going to
spend a lot of time answering user questions.

Robert Swindells


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Roy Marples
2017-11-22 11:49:17 UTC
Permalink
Post by Robert Swindells
Post by Roy Marples
Post by Robert Swindells
Post by Robert Swindells
I feel that the changes made to check whether a sending address is valid
are too strict.
The check means that an attempt to connect from the address of an
interface that is marked detached to the same address will fail even
though there is still a route for this address to the loopback device.
<http://mail-index.netbsd.org/source-changes/2016/09/15/msg077726.html>
# ifconfig wm0 inet 192.168.0.1 netmask 0xffffff00 up
# ping 192.168.0.1
and for it to work every time, not just when wm0 has detected a
carrier. In the traditional usage, the packets don't go through wm0
anyway they go through lo0.
Aside from ping, what else do you really want?
I want all network programs to work.
Post by Roy Marples
Post by Robert Swindells
The RFC 4862 referenced in the commit is for IPv6, I don't think that
IPv4 behaviour should change too.
I'm not even convinced that I want this behaviour for IPv6, I would
prefer that addresses set using ifconfig(8) should stay valid until
I change them.
What would you actually do with them though?
You have localhost - 127.0.0.1 which works just fine.
I shouldn't need to use localhost to connect to the same machine, that
isn't the way that UNIX networking has traditionally worked, there
wouldn't be any need for the route from each interface address to lo0
if we adopt your new programming model.
That's a fair comment.
I've attached a patch which should fix this for IPv4 at least.
I'll work on the IPv6 side later.
Post by Robert Swindells
I feel that setting DETACHED/TENTATIVE based on link status should
be removed from IPv4 altogether. I have commented it out in my tree
and my machine is working again.
For IPv6, I would enable it with a sysctl whose value is only set to
true when ipv6mode="autohost".
So you don't want in kernel Duplicate Address Detection?
We already have sysctls to set the DaD packets sent to zero which
effectively addresses the TENTATIVE part. The above patch handles
DETACHED (well, for IPv4 anyway).
Post by Robert Swindells
If this change makes it into NetBSD-8 then I think you are going to
spend a lot of time answering user questions.
Well, the change has been in -current for over 2.5 years and I've not
spent much time either answering question or fixing bugs with it so I
disagree with that somewhat sweeping statement.

Roy
Roy Marples
2017-11-22 16:31:42 UTC
Permalink
Post by Roy Marples
Post by Roy Marples
That's a fair comment.
I've attached a patch which should fix this for IPv4 at least.
Simpler patch attached.
Now includes IPv6.
ping/ping6 and telnet to ipv4/ipv6 detached addresses works fine.

Let me know if this fixes everything for you please.

Roy
Roy Marples
2017-11-22 17:52:14 UTC
Permalink
Post by Roy Marples
So you don't want in kernel Duplicate Address Detection?
We already have sysctls to set the DaD packets sent to zero which
effectively addresses the TENTATIVE part. The above patch handles
DETACHED (well, for IPv4 anyway).
I'm not in the habit of assigning duplicate IPv4 addresses so don't
really care about DaD. That isn't the question that I'm asking though.
I don't see why a router that isn't using stateless address autoconfig
on a downstream interface should get the address of that interface set
to DETACHED if the cable is unplugged.
But it's related.
If you want good DaD, and clearly you don't, there is a need to deny
public use of the address before it's validated.
Also, which RFC requires that IPv4 should follow the same protocol ?
RFC5227
https://tools.ietf.org/html/rfc5227
Post by Roy Marples
Post by Robert Swindells
If this change makes it into NetBSD-8 then I think you are going to
spend a lot of time answering user questions.
Well, the change has been in -current for over 2.5 years and I've not
spent much time either answering question or fixing bugs with it so I
disagree with that somewhat sweeping statement.
The final change was only in September 2016, there are plenty of people
still using NetBSD-7 on the mailing lists.
It's now November 2017 and there's a healthy amount of people posting to
netbsd-current@ or tech-net@ their own special blend of problem running
-current. I'm not really sure of your point here.

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Roy Marples
2017-11-24 14:09:30 UTC
Permalink
Post by Robert Swindells
I will look at your patches.
These have now been committed to -current and a pullup to -8 requested.

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Roy Marples
2017-11-22 12:26:41 UTC
Permalink
Post by Roy Marples
That's a fair comment.
I've attached a patch which should fix this for IPv4 at least.
Simpler patch attached.

Roy
Robert Swindells
2017-11-22 17:18:14 UTC
Permalink
Post by Roy Marples
Post by Robert Swindells
Post by Roy Marples
Post by Robert Swindells
Post by Robert Swindells
I feel that the changes made to check whether a sending address is valid
are too strict.
The check means that an attempt to connect from the address of an
interface that is marked detached to the same address will fail even
though there is still a route for this address to the loopback device.
<http://mail-index.netbsd.org/source-changes/2016/09/15/msg077726.html>
# ifconfig wm0 inet 192.168.0.1 netmask 0xffffff00 up
# ping 192.168.0.1
and for it to work every time, not just when wm0 has detected a
carrier. In the traditional usage, the packets don't go through wm0
anyway they go through lo0.
Aside from ping, what else do you really want?
I want all network programs to work.
Post by Roy Marples
Post by Robert Swindells
The RFC 4862 referenced in the commit is for IPv6, I don't think that
IPv4 behaviour should change too.
I'm not even convinced that I want this behaviour for IPv6, I would
prefer that addresses set using ifconfig(8) should stay valid until
I change them.
What would you actually do with them though?
You have localhost - 127.0.0.1 which works just fine.
I shouldn't need to use localhost to connect to the same machine, that
isn't the way that UNIX networking has traditionally worked, there
wouldn't be any need for the route from each interface address to lo0
if we adopt your new programming model.
That's a fair comment.
I've attached a patch which should fix this for IPv4 at least.
I'll work on the IPv6 side later.
I will look at your patches.
Post by Roy Marples
Post by Robert Swindells
I feel that setting DETACHED/TENTATIVE based on link status should
be removed from IPv4 altogether. I have commented it out in my tree
and my machine is working again.
For IPv6, I would enable it with a sysctl whose value is only set to
true when ipv6mode="autohost".
So you don't want in kernel Duplicate Address Detection?
We already have sysctls to set the DaD packets sent to zero which
effectively addresses the TENTATIVE part. The above patch handles
DETACHED (well, for IPv4 anyway).
I'm not in the habit of assigning duplicate IPv4 addresses so don't
really care about DaD. That isn't the question that I'm asking though.

I don't see why a router that isn't using stateless address autoconfig
on a downstream interface should get the address of that interface set
to DETACHED if the cable is unplugged.

Also, which RFC requires that IPv4 should follow the same protocol ?
Post by Roy Marples
Post by Robert Swindells
If this change makes it into NetBSD-8 then I think you are going to
spend a lot of time answering user questions.
Well, the change has been in -current for over 2.5 years and I've not
spent much time either answering question or fixing bugs with it so I
disagree with that somewhat sweeping statement.
The final change was only in September 2016, there are plenty of people
still using NetBSD-7 on the mailing lists.

Robert Swindells




--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...