From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 828755A026F
	for <passt-dev@passt.top>; Mon, 11 Dec 2023 03:09:22 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1702260559;
	bh=mKx9yGU/39dT1aKuSkp6rf4Dmgl7O+Dcszji2cIt5rQ=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=YPQ88Xcb/aofSCEqAP3DpYBRcwGj9ZQ2dj91WvRqsRtC2uAiG3npvvsGoKoDFS9O0
	 KQNTXucWJ3z6053PARKmCZMMvAVhJkI6xD/kU4L2JnIfQXVjKJKlVI4f+Hl5MddocC
	 XOyM0UE6RbwkYqUryi4S32lU4yF/rR+S3LGp1j0NKmIKnLLBNTStW5WqqAUm1TaLkw
	 0SbY0/JciRj2gYYxnK7xm89Lcv2YCGwWN8iclf3GNM+LQgII83J2llxjZrifbpnb+i
	 3X6TAL6G+rLKZs+IBYLpCUe6w7APRuM/1a70zmAHSsdR0HoDLTMtKMagY7nxH/OCWx
	 U7tEvw1p4TKcw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4SpQCz6BN0z4xCg; Mon, 11 Dec 2023 13:09:19 +1100 (AEDT)
Date: Mon, 11 Dec 2023 13:09:15 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH] ndp: Extend lifetime of prefix, router, RDNSS and search
 list
Message-ID: <ZXZvS2MeNVtLk_cb@zatzit>
References: <20231208174912.3390771-1-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="X0mQm0l8Y23j7eYp"
Content-Disposition: inline
In-Reply-To: <20231208174912.3390771-1-sbrivio@redhat.com>
Message-ID-Hash: STKUNKHF4KTP5OMM52ZACYQ4VSVBCOW3
X-Message-ID-Hash: STKUNKHF4KTP5OMM52ZACYQ4VSVBCOW3
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Jon Maloy <jmaloy@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZXZvS2MeNVtLk_cb@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/STKUNKHF4KTP5OMM52ZACYQ4VSVBCOW3/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--X0mQm0l8Y23j7eYp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 08, 2023 at 06:49:12PM +0100, Stefano Brivio wrote:
> Currently, we have no mechanism to dynamically update IPv6
> addressing, routing or DNS information (which should eventually be
> implemented via netlink monitor), so it makes no sense to limit
> lifetimes of NDP information to any particular value.
>=20
> If we do, with common configurations of systemd-networkd in a guest,
> we can end up in a situation where we have a /128 address assigned
> via DHCPv6, the NDP-assigned prefix expires, and the default route
> also expires. However, as there's a valid address, the prefix is
> not renewed. As a result, the default route becomes invalid and we
> lose it altogether, which implies that the guest loses IPv6
> connectivity except for link-local communication.
>=20
> Set the router lifetime to the maximum allowed by RFC 8319, that is,
> 65535 seconds (about 18 hours). RFC 4861 limited this value to 9000
> seconds, but RFC 8319 later updated this limit.
>=20
> Set prefix and DNS information lifetime to infinity. This is allowed
> by RFC 4861 and RFC 8319.
>=20
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  ndp.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
>=20
> diff --git a/ndp.c b/ndp.c
> index adab1d2..4c85ab8 100644
> --- a/ndp.c
> +++ b/ndp.c
> @@ -94,7 +94,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const=
 struct in6_addr *saddr)
>  		ihr->icmp6_type =3D RA;
>  		ihr->icmp6_code =3D 0;
>  		ihr->icmp6_hop_limit =3D 255;
> -		ihr->icmp6_rt_lifetime =3D htons(9000);
> +		ihr->icmp6_rt_lifetime =3D htons(65535); /* RFC 8319 */
>  		ihr->icmp6_addrconf_managed =3D 1;
> =20
>  		p =3D (unsigned char *)(ihr + 1);
> @@ -103,9 +103,9 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, con=
st struct in6_addr *saddr)
>  		*p++ =3D 4;			/* length */
>  		*p++ =3D 64;			/* prefix length */
>  		*p++ =3D 0xc0;			/* prefix flags: L, A */
> -		*(uint32_t *)p =3D htonl(3600);	/* lifetime */
> +		*(uint32_t *)p =3D (uint32_t)~0U;	/* lifetime */
>  		p +=3D 4;
> -		*(uint32_t *)p =3D htonl(3600);	/* preferred lifetime */
> +		*(uint32_t *)p =3D (uint32_t)~0U;	/* preferred lifetime */
>  		p +=3D 8;
>  		memcpy(p, &c->ip6.addr, 8);	/* prefix */
>  		p +=3D 16;
> @@ -126,7 +126,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, con=
st struct in6_addr *saddr)
>  			*p++ =3D 25;				/* RDNSS */
>  			*p++ =3D 1 + 2 * n;			/* length */
>  			p +=3D 2;					/* reserved */
> -			*(uint32_t *)p =3D htonl(60);		/* lifetime */
> +			*(uint32_t *)p =3D (uint32_t)~0U;		/* lifetime */
>  			p +=3D 4;
> =20
>  			for (i =3D 0; i < n; i++) {
> @@ -142,7 +142,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, con=
st struct in6_addr *saddr)
>  			*p++ =3D 31;				/* DNSSL */
>  			*p++ =3D (dns_s_len + 8 - 1) / 8 + 1;	/* length */
>  			p +=3D 2;					/* reserved */
> -			*(uint32_t *)p =3D htonl(60);		/* lifetime */
> +			*(uint32_t *)p =3D (uint32_t)~0U;		/* lifetime */
>  			p +=3D 4;
> =20
>  			for (i =3D 0; i < n; i++) {

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--X0mQm0l8Y23j7eYp
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmV2b0oACgkQzQJF27ox
2GeQNRAApc497sSljyAtKi/4fzMMfCw3T6EbtF+bGBLbrzY83qjo6XyxrA+cRGtk
NR4AEHTvdpLF0a31esHRTKAW3OkiuFhRwb1xp3IdoIJ1bZOnq1UALHIp4OYBG/b4
Qo0Py+fslF8IebswqOFFgVKtT5aP0Cdng5QtPx4S6obr8fjemZrDLBsm8mz77NR/
1V9Czq+ppXPt0diufJrFqZv0PPQ8lMTvfMNzVUu1R673wZ1iZBq1kHaGjBiCSz5r
s9n09n/YpvoEz6wCLorAk5Cbm/CVUZhdsfWRvnYPrtUDyqCzTFrJzmkVQs2xvHWC
7U0PJ+JbgdhSGfZZKWRiC5aVAY6srdJ64t8FN0Tz5A3+7+1yujJjVRea9gJV2ilX
vm0BfWnrt7FMo8E0khXtXx1RKvHxy9FrL/UBEs6xgKPEmGSR3xLRNSclpVipazLV
Knox6af9akBeVjmFoihTipXWUaEZoqIAIgk6o2mIgqyHQamF6Sld5S0Ze5ZE8WdM
TAsnO5RQscfZO1Aa9AjPUL8zBSOnUOpALKBSzE8cYbRNiddQbFyjGyih+Mm7gtly
SkWdSj907S9oope/zh4IbYpFo+WtIq7s659Gr1DOSrh4FNyj5f5/fXBc84hWqu3b
bL9JfMDFgnSuWnVD2IRCVP8Su2Pia1igtfGfFcBkaJ6xVq3AbX4=
=3udl
-----END PGP SIGNATURE-----

--X0mQm0l8Y23j7eYp--