[PATCH] ndp: Extend lifetime of prefix, router, RDNSS and search list

[PATCH] ndp: Extend lifetime of prefix, router, RDNSS and search list

[Stefano Brivio]

Currently, we have no mechanism to dynamically update IPv6
addressing, routing or DNS information (which should eventually be
implemented via netlink monitor), so it makes no sense to limit
lifetimes of NDP information to any particular value.

If we do, with common configurations of systemd-networkd in a guest,
we can end up in a situation where we have a /128 address assigned
via DHCPv6, the NDP-assigned prefix expires, and the default route
also expires. However, as there's a valid address, the prefix is
not renewed. As a result, the default route becomes invalid and we
lose it altogether, which implies that the guest loses IPv6
connectivity except for link-local communication.

Set the router lifetime to the maximum allowed by RFC 8319, that is,
65535 seconds (about 18 hours). RFC 4861 limited this value to 9000
seconds, but RFC 8319 later updated this limit.

Set prefix and DNS information lifetime to infinity. This is allowed
by RFC 4861 and RFC 8319.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 ndp.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ndp.c b/ndp.c
index adab1d2..4c85ab8 100644
--- a/ndp.c
+++ b/ndp.c
@@ -94,7 +94,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
 		ihr->icmp6_type = RA;
 		ihr->icmp6_code = 0;
 		ihr->icmp6_hop_limit = 255;
-		ihr->icmp6_rt_lifetime = htons(9000);
+		ihr->icmp6_rt_lifetime = htons(65535); /* RFC 8319 */
 		ihr->icmp6_addrconf_managed = 1;
 
 		p = (unsigned char *)(ihr + 1);
@@ -103,9 +103,9 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
 		*p++ = 4;			/* length */
 		*p++ = 64;			/* prefix length */
 		*p++ = 0xc0;			/* prefix flags: L, A */
-		*(uint32_t *)p = htonl(3600);	/* lifetime */
+		*(uint32_t *)p = (uint32_t)~0U;	/* lifetime */
 		p += 4;
-		*(uint32_t *)p = htonl(3600);	/* preferred lifetime */
+		*(uint32_t *)p = (uint32_t)~0U;	/* preferred lifetime */
 		p += 8;
 		memcpy(p, &c->ip6.addr, 8);	/* prefix */
 		p += 16;
@@ -126,7 +126,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
 			*p++ = 25;				/* RDNSS */
 			*p++ = 1 + 2 * n;			/* length */
 			p += 2;					/* reserved */
-			*(uint32_t *)p = htonl(60);		/* lifetime */
+			*(uint32_t *)p = (uint32_t)~0U;		/* lifetime */
 			p += 4;
 
 			for (i = 0; i < n; i++) {
@@ -142,7 +142,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
 			*p++ = 31;				/* DNSSL */
 			*p++ = (dns_s_len + 8 - 1) / 8 + 1;	/* length */
 			p += 2;					/* reserved */
-			*(uint32_t *)p = htonl(60);		/* lifetime */
+			*(uint32_t *)p = (uint32_t)~0U;		/* lifetime */
 			p += 4;
 
 			for (i = 0; i < n; i++) {
-- 
@@ -94,7 +94,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
 		ihr->icmp6_type = RA;
 		ihr->icmp6_code = 0;
 		ihr->icmp6_hop_limit = 255;
-		ihr->icmp6_rt_lifetime = htons(9000);
+		ihr->icmp6_rt_lifetime = htons(65535); /* RFC 8319 */
 		ihr->icmp6_addrconf_managed = 1;
 
 		p = (unsigned char *)(ihr + 1);
@@ -103,9 +103,9 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
 		*p++ = 4;			/* length */
 		*p++ = 64;			/* prefix length */
 		*p++ = 0xc0;			/* prefix flags: L, A */
-		*(uint32_t *)p = htonl(3600);	/* lifetime */
+		*(uint32_t *)p = (uint32_t)~0U;	/* lifetime */
 		p += 4;
-		*(uint32_t *)p = htonl(3600);	/* preferred lifetime */
+		*(uint32_t *)p = (uint32_t)~0U;	/* preferred lifetime */
 		p += 8;
 		memcpy(p, &c->ip6.addr, 8);	/* prefix */
 		p += 16;
@@ -126,7 +126,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
 			*p++ = 25;				/* RDNSS */
 			*p++ = 1 + 2 * n;			/* length */
 			p += 2;					/* reserved */
-			*(uint32_t *)p = htonl(60);		/* lifetime */
+			*(uint32_t *)p = (uint32_t)~0U;		/* lifetime */
 			p += 4;
 
 			for (i = 0; i < n; i++) {
@@ -142,7 +142,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
 			*p++ = 31;				/* DNSSL */
 			*p++ = (dns_s_len + 8 - 1) / 8 + 1;	/* length */
 			p += 2;					/* reserved */
-			*(uint32_t *)p = htonl(60);		/* lifetime */
+			*(uint32_t *)p = (uint32_t)~0U;		/* lifetime */
 			p += 4;
 
 			for (i = 0; i < n; i++) {
-- 
2.39.2

Re: [PATCH] ndp: Extend lifetime of prefix, router, RDNSS and search list

[David Gibson]

[-- Attachment #1: Type: text/plain, Size: 3258 bytes --]

On Fri, Dec 08, 2023 at 06:49:12PM +0100, Stefano Brivio wrote:
> Currently, we have no mechanism to dynamically update IPv6
> addressing, routing or DNS information (which should eventually be
> implemented via netlink monitor), so it makes no sense to limit
> lifetimes of NDP information to any particular value.
> 
> If we do, with common configurations of systemd-networkd in a guest,
> we can end up in a situation where we have a /128 address assigned
> via DHCPv6, the NDP-assigned prefix expires, and the default route
> also expires. However, as there's a valid address, the prefix is
> not renewed. As a result, the default route becomes invalid and we
> lose it altogether, which implies that the guest loses IPv6
> connectivity except for link-local communication.
> 
> Set the router lifetime to the maximum allowed by RFC 8319, that is,
> 65535 seconds (about 18 hours). RFC 4861 limited this value to 9000
> seconds, but RFC 8319 later updated this limit.
> 
> Set prefix and DNS information lifetime to infinity. This is allowed
> by RFC 4861 and RFC 8319.
> 
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  ndp.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/ndp.c b/ndp.c
> index adab1d2..4c85ab8 100644
> --- a/ndp.c
> +++ b/ndp.c
> @@ -94,7 +94,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
>  		ihr->icmp6_type = RA;
>  		ihr->icmp6_code = 0;
>  		ihr->icmp6_hop_limit = 255;
> -		ihr->icmp6_rt_lifetime = htons(9000);
> +		ihr->icmp6_rt_lifetime = htons(65535); /* RFC 8319 */
>  		ihr->icmp6_addrconf_managed = 1;
>  
>  		p = (unsigned char *)(ihr + 1);
> @@ -103,9 +103,9 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
>  		*p++ = 4;			/* length */
>  		*p++ = 64;			/* prefix length */
>  		*p++ = 0xc0;			/* prefix flags: L, A */
> -		*(uint32_t *)p = htonl(3600);	/* lifetime */
> +		*(uint32_t *)p = (uint32_t)~0U;	/* lifetime */
>  		p += 4;
> -		*(uint32_t *)p = htonl(3600);	/* preferred lifetime */
> +		*(uint32_t *)p = (uint32_t)~0U;	/* preferred lifetime */
>  		p += 8;
>  		memcpy(p, &c->ip6.addr, 8);	/* prefix */
>  		p += 16;
> @@ -126,7 +126,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
>  			*p++ = 25;				/* RDNSS */
>  			*p++ = 1 + 2 * n;			/* length */
>  			p += 2;					/* reserved */
> -			*(uint32_t *)p = htonl(60);		/* lifetime */
> +			*(uint32_t *)p = (uint32_t)~0U;		/* lifetime */
>  			p += 4;
>  
>  			for (i = 0; i < n; i++) {
> @@ -142,7 +142,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
>  			*p++ = 31;				/* DNSSL */
>  			*p++ = (dns_s_len + 8 - 1) / 8 + 1;	/* length */
>  			p += 2;					/* reserved */
> -			*(uint32_t *)p = htonl(60);		/* lifetime */
> +			*(uint32_t *)p = (uint32_t)~0U;		/* lifetime */
>  			p += 4;
>  
>  			for (i = 0; i < n; i++) {

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]