From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=fail reason="key not found in DNS" header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202312 header.b=pWc6n9Gc; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id D3F435A026E for ; Sat, 17 Aug 2024 11:45:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1723887934; bh=95MjIazYdBjgmQJ7TVWKo2gx9y9NvZrTl09mLxUo8J0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=pWc6n9GcxasdRuWGZUbZNPRHwMs5YmMxjDtYlq4gnS31ZiodzlsugZ2/PHsdyd/Pe QIVdbnPtJBGynCfWid/gRkHIvZ/ntklLNPgPDEm5Jptd7qXUf1UHN1I60uqQCCeCr4 IKyyeCu08tU0aOauCa4GswelkMGipnJX5jFSZhdTcWGSfsHddRKZDKqWO78zXA2oab HCbcaZRqUhY1EgRcwR9K2z/XDEW5tLj74Ux8W5VRB5EVTr69GVnSpz6ffHbt05GlRD U8qTCB57/7TTqYg4aWSvjs6D1NR8eTnq4QEAcQn0DCnmcJLpAA7vnZFbjvR+nGMYg6 7OUp+B9DUW03g== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4WmDW226bcz4wc3; Sat, 17 Aug 2024 19:45:34 +1000 (AEST) Date: Sat, 17 Aug 2024 19:45:24 +1000 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH v4 4/7] netlink, pasta: Disable DAD for link-local addresses on namespace interface Message-ID: References: <20240817084308.2734874-1-sbrivio@redhat.com> <20240817084308.2734874-5-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="B2hIS3z9AZWKtebV" Content-Disposition: inline In-Reply-To: <20240817084308.2734874-5-sbrivio@redhat.com> Message-ID-Hash: BRHMYH6FECQ4TU3W5WEZ4J2UYN2ORLUJ X-Message-ID-Hash: BRHMYH6FECQ4TU3W5WEZ4J2UYN2ORLUJ X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Paul Holzinger X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --B2hIS3z9AZWKtebV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 17, 2024 at 10:43:05AM +0200, Stefano Brivio wrote: > It makes no sense for a container or a guest to try and perform > duplicate address detection for their link-local address, as we'll > anyway not relay neighbour solicitations with an unspecified source > address. >=20 > While they perform duplicate address detection, the link-local address > is not usable, which prevents us from bringing up especially > containers and communicate with them right away via IPv6. >=20 > This is not enough to prevent DAD and reach the container right away: > we'll need a couple more patches. >=20 > As we send NLM_F_REPLACE requests right away, while we still have to > read out other addresses on the same socket, we can't use nl_do(): > keep track of the last sequence we sent (last address we changed), and > deal with the answers to those NLM_F_REPLACE requests in a separate > loop, later. >=20 > Link: https://github.com/containers/podman/pull/23561#discussion_r1711639= 663 > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --B2hIS3z9AZWKtebV Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmbAcScACgkQzQJF27ox 2Gczig/8CdpfTF3fx2BHbFpTGthUjReurcmb4w4Ilegfc2YBAAFzJRUQNZJM0wtD k8j760DQAKOFZVsORMI/5e2Z5rdNdhqLhgKWc0vq9QK/B1gmu82e5ole0W3SAyS1 5O5fjMkGWDsR+EHuLpcZcd/1f21IujW28kn69SNWahZ16011dp4drCfowcd94/Yx 06BeN1kqqFsvEHsznBqvXXLgw/YvZazONQbwcgjHs/UIPww3YHLvNTK7mm7wHAaI kc1Lmga/E+K7xZWaSAUXGKilGH3aF0NBSOGk64B3nodoJbnlRJji/Gi+Iix9TcnX lpIjIEOtcqN6BDETXyTVDKx28bRC3ZyWUl0dymvNNDAjGZXxmxYt5qWzEK5NDrU7 RQlwUCYeXV+UhLR1HSnmZChv0Y1x6seUoRY8AUjeDG2qHnpGRKQIopOKaqNDkVnl jhG8jXO/+UzdVGvTtwNFaSWEUYscrK6/dCGVZD6zJT1BWqn5+wH6+f7hpsX64qpL XPjVSPSZIBqdzLg6i0zV6Il8BVCVa2Lwjz1XBsxPKnvRlfsu5CbM9htm+8r/wdMy tSXLLABi6IBAtVAWJCLTrPWX+GBp620vDuOVXnEwOUXYceHGMNDJqXPtBznGbEjb AX4iFQvop6+wor83RtS38owEz9VSHfy+WM8ZZccKnf3PohOqSzA= =8vz1 -----END PGP SIGNATURE----- --B2hIS3z9AZWKtebV--