[RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[David Ahern]

Currently, ipv6 addresses are flushed when the interface is configured down:

[root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
[root@f20 ~]# ip addr show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
    inet6 2000:11:1:1::1/64 scope global tentative
       valid_lft forever preferred_lft forever
[root@f20 ~]# ip link set dev eth1 up
[root@f20 ~]# ip link set dev eth1 down
[root@f20 ~]# ip addr show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff

Add a new sysctl to make this behavior optional. Setting defaults to flush
addresses to maintain backwards compatibility. When reset flushing is bypassed:

[root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
[root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
[root@f20 ~]# ip addr show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
    inet6 2000:11:1:1::1/64 scope global tentative
       valid_lft forever preferred_lft forever
[root@f20 ~]#  ip link set dev eth1 up
[root@f20 ~]#  ip link set dev eth1 down
[root@f20 ~]# ip addr show dev eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
    inet6 2000:11:1:1::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::4:11ff:fe22:3301/64 scope link
       valid_lft forever preferred_lft forever

Suggested-by: Hannes Frederic Sowa <hannes@redhat.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Cc: Hannes Frederic Sowa <hannes@redhat.com>
---
 include/linux/ipv6.h      |  1 +
 include/uapi/linux/ipv6.h |  1 +
 net/ipv6/addrconf.c       | 15 +++++++++++++++
 3 files changed, 17 insertions(+)

diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index c694e7baa621..1d726e39f09f 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -52,6 +52,7 @@ struct ipv6_devconf {
 	__s32		force_tllao;
 	__s32           ndisc_notify;
 	__s32		suppress_frag_ndisc;
+	__s32		flush_addr_on_down;
 	void		*sysctl;
 };
 
diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h
index e863d088b9a5..c7cb79e0f0fe 100644
--- a/include/uapi/linux/ipv6.h
+++ b/include/uapi/linux/ipv6.h
@@ -165,6 +165,7 @@ enum {
 	DEVCONF_SUPPRESS_FRAG_NDISC,
 	DEVCONF_ACCEPT_RA_FROM_LOCAL,
 	DEVCONF_USE_OPTIMISTIC,
+	DEVCONF_FLUSH_ON_DOWN,
 	DEVCONF_MAX
 };
 
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index f7c8bbeb27b7..5c0d49073cb1 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -201,6 +201,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
 	.disable_ipv6		= 0,
 	.accept_dad		= 1,
 	.suppress_frag_ndisc	= 1,
+	.flush_addr_on_down	= 1,
 };
 
 static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
@@ -238,6 +239,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
 	.disable_ipv6		= 0,
 	.accept_dad		= 1,
 	.suppress_frag_ndisc	= 1,
+	.flush_addr_on_down	= 1,
 };
 
 /* Check if a valid qdisc is available */
@@ -3083,6 +3085,9 @@ static int addrconf_ifdown(struct net_device *dev, int how)
 	if (how && del_timer(&idev->regen_timer))
 		in6_dev_put(idev);
 
+	if (!how && !idev->cnf.flush_addr_on_down)
+		goto unlock;
+
 	/* Step 3: clear tempaddr list */
 	while (!list_empty(&idev->tempaddr_list)) {
 		ifa = list_first_entry(&idev->tempaddr_list,
@@ -3123,6 +3128,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
 		write_lock_bh(&idev->lock);
 	}
 
+unlock:
 	write_unlock_bh(&idev->lock);
 
 	/* Step 5: Discard anycast and multicast list */
@@ -4376,6 +4382,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
 	array[DEVCONF_NDISC_NOTIFY] = cnf->ndisc_notify;
 	array[DEVCONF_SUPPRESS_FRAG_NDISC] = cnf->suppress_frag_ndisc;
 	array[DEVCONF_ACCEPT_RA_FROM_LOCAL] = cnf->accept_ra_from_local;
+	array[DEVCONF_FLUSH_ON_DOWN] = cnf->flush_addr_on_down;
 }
 
 static inline size_t inet6_ifla6_size(void)
@@ -5253,6 +5260,14 @@ static struct addrconf_sysctl_table
 			.proc_handler	= proc_dointvec,
 		},
 		{
+			.procname       = "flush_addr_on_down",
+			.data           = &ipv6_devconf.flush_addr_on_down,
+			.maxlen         = sizeof(int),
+			.mode           = 0644,
+			.proc_handler   = proc_dointvec,
+
+		},
+		{
 			/* sentinel */
 		}
 	},
-- 
1.9.3 (Apple Git-50)

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Hannes Frederic Sowa]

On Mi, 2015-01-14 at 12:17 -0700, David Ahern wrote:
> Currently, ipv6 addresses are flushed when the interface is configured down:
> 
> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>     inet6 2000:11:1:1::1/64 scope global tentative
>        valid_lft forever preferred_lft forever
> [root@f20 ~]# ip link set dev eth1 up
> [root@f20 ~]# ip link set dev eth1 down
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> 
> Add a new sysctl to make this behavior optional. Setting defaults to flush
> addresses to maintain backwards compatibility. When reset flushing is bypassed:
> 
> [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>     inet6 2000:11:1:1::1/64 scope global tentative
>        valid_lft forever preferred_lft forever
> [root@f20 ~]#  ip link set dev eth1 up
> [root@f20 ~]#  ip link set dev eth1 down
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>     inet6 2000:11:1:1::1/64 scope global
>        valid_lft forever preferred_lft forever
>     inet6 fe80::4:11ff:fe22:3301/64 scope link
>        valid_lft forever preferred_lft forever
> 
> Suggested-by: Hannes Frederic Sowa <hannes@redhat.com>
> Signed-off-by: David Ahern <dsahern@gmail.com>
> Cc: Hannes Frederic Sowa <hannes@redhat.com>
> ---
>  include/linux/ipv6.h      |  1 +
>  include/uapi/linux/ipv6.h |  1 +
>  net/ipv6/addrconf.c       | 15 +++++++++++++++
>  3 files changed, 17 insertions(+)
> 
> diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
> index c694e7baa621..1d726e39f09f 100644
> --- a/include/linux/ipv6.h
> +++ b/include/linux/ipv6.h
> @@ -52,6 +52,7 @@ struct ipv6_devconf {
>  	__s32		force_tllao;
>  	__s32           ndisc_notify;
>  	__s32		suppress_frag_ndisc;
> +	__s32		flush_addr_on_down;
>  	void		*sysctl;
>  };
>  
> diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h
> index e863d088b9a5..c7cb79e0f0fe 100644
> --- a/include/uapi/linux/ipv6.h
> +++ b/include/uapi/linux/ipv6.h
> @@ -165,6 +165,7 @@ enum {
>  	DEVCONF_SUPPRESS_FRAG_NDISC,
>  	DEVCONF_ACCEPT_RA_FROM_LOCAL,
>  	DEVCONF_USE_OPTIMISTIC,
> +	DEVCONF_FLUSH_ON_DOWN,
>  	DEVCONF_MAX
>  };
>  
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index f7c8bbeb27b7..5c0d49073cb1 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -201,6 +201,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
>  	.disable_ipv6		= 0,
>  	.accept_dad		= 1,
>  	.suppress_frag_ndisc	= 1,
> +	.flush_addr_on_down	= 1,
>  };
>  
>  static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
> @@ -238,6 +239,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
>  	.disable_ipv6		= 0,
>  	.accept_dad		= 1,
>  	.suppress_frag_ndisc	= 1,
> +	.flush_addr_on_down	= 1,
>  };
>  
>  /* Check if a valid qdisc is available */
> @@ -3083,6 +3085,9 @@ static int addrconf_ifdown(struct net_device *dev, int how)
>  	if (how && del_timer(&idev->regen_timer))
>  		in6_dev_put(idev);
>  
> +	if (!how && !idev->cnf.flush_addr_on_down)
> +		goto unlock;

I would still prefer that we flush automatically generated addresses and
only keep the static and permanent ones.

What do you think?

Bye,
Hannes

RE: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Harout Hedeshian]

> I would still prefer that we flush automatically generated addresses and only
> keep the static and permanent ones.
> 
> What do you think?
> 
> Bye,
> Hannes

If I may offer an opinion, I do feel that there are use cases where flushing the auto-generated addresses in ifdown would not be desirable.

We have one such use case where information regarding the state of the network beyond the interface is managed through sideband signaling. We know that the auto-generated address would still be valid on ifup because the router information is unchanged. In this case, ifup/down is solely being used as a way for user space to enable/disable all traffic on a particular netdevice for temporary periods.

That said, I'm not sure how useful this would be for the average user; I see no harm if it is configurable and the default behavior is unchanged. 

Thanks,
Harout

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Hannes Frederic Sowa]

On Mo, 2015-01-19 at 09:12 -0700, Harout Hedeshian wrote:
> > I would still prefer that we flush automatically generated addresses and only
> > keep the static and permanent ones.
> > 
> > What do you think?
> > 
> > Bye,
> > Hannes
> 
> If I may offer an opinion, I do feel that there are use cases where flushing the auto-generated addresses in ifdown would not be desirable.
> 
> We have one such use case where information regarding the state of the network beyond the interface is managed through sideband signaling. We know that the auto-generated address would still be valid on ifup because the router information is unchanged. In this case, ifup/down is solely being used as a way for user space to enable/disable all traffic on a particular netdevice for temporary periods.
> 
> That said, I'm not sure how useful this would be for the average user; I see no harm if it is configurable and the default behavior is unchanged. 

Do you think it makes sense to combine the logic with the accept_ra
sysctl?

accept_ra && !flush_addr_on_down -> flush addresses generated by accept_ra logic
!accept_ra && !flush_addr_on_down -> don't flush any addresses

I am not sure about that, feels complicated. Would that suite your usecase?

Bye,
Hannes

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[David Ahern]

On 1/19/15 8:02 AM, Hannes Frederic Sowa wrote:
>
> I would still prefer that we flush automatically generated addresses and
> only keep the static and permanent ones.
>
> What do you think?

Fine with me. Static addresses were the motivation of the patch.

David

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Stephen Hemminger]

On Wed, 14 Jan 2015 12:17:19 -0700
David Ahern <dsahern@gmail.com> wrote:

> Currently, ipv6 addresses are flushed when the interface is configured down:
> 
> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>     inet6 2000:11:1:1::1/64 scope global tentative
>        valid_lft forever preferred_lft forever
> [root@f20 ~]# ip link set dev eth1 up
> [root@f20 ~]# ip link set dev eth1 down
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> 
> Add a new sysctl to make this behavior optional. Setting defaults to flush
> addresses to maintain backwards compatibility. When reset flushing is bypassed:
> 
> [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>     inet6 2000:11:1:1::1/64 scope global tentative
>        valid_lft forever preferred_lft forever
> [root@f20 ~]#  ip link set dev eth1 up
> [root@f20 ~]#  ip link set dev eth1 down
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>     inet6 2000:11:1:1::1/64 scope global
>        valid_lft forever preferred_lft forever
>     inet6 fe80::4:11ff:fe22:3301/64 scope link
>        valid_lft forever preferred_lft forever
> 
> Suggested-by: Hannes Frederic Sowa <hannes@redhat.com>
> Signed-off-by: David Ahern <dsahern@gmail.com>
> Cc: Hannes Frederic Sowa <hannes@redhat.com>

Would this break existing application expecting a particular semantic
by listening to netlink?  What happens to packets received with the static
address when interface is down? With IPv4 Linux is mostly a weak host
model, and IPv6 somewhere in between.

For vendors that control the application stack or have limited number
of services this would work fine, but what about RHEL?

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Hannes Frederic Sowa]

On Do, 2015-01-22 at 22:40 -0800, Stephen Hemminger wrote:
> On Wed, 14 Jan 2015 12:17:19 -0700
> David Ahern <dsahern@gmail.com> wrote:
> 
> > Currently, ipv6 addresses are flushed when the interface is configured down:
> > 
> > [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> > [root@f20 ~]# ip addr show dev eth1
> > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
> >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> >     inet6 2000:11:1:1::1/64 scope global tentative
> >        valid_lft forever preferred_lft forever
> > [root@f20 ~]# ip link set dev eth1 up
> > [root@f20 ~]# ip link set dev eth1 down
> > [root@f20 ~]# ip addr show dev eth1
> > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > 
> > Add a new sysctl to make this behavior optional. Setting defaults to flush
> > addresses to maintain backwards compatibility. When reset flushing is bypassed:
> > 
> > [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
> > [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> > [root@f20 ~]# ip addr show dev eth1
> > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> >     inet6 2000:11:1:1::1/64 scope global tentative
> >        valid_lft forever preferred_lft forever
> > [root@f20 ~]#  ip link set dev eth1 up
> > [root@f20 ~]#  ip link set dev eth1 down
> > [root@f20 ~]# ip addr show dev eth1
> > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> >     inet6 2000:11:1:1::1/64 scope global
> >        valid_lft forever preferred_lft forever
> >     inet6 fe80::4:11ff:fe22:3301/64 scope link
> >        valid_lft forever preferred_lft forever
> > 
> > Suggested-by: Hannes Frederic Sowa <hannes@redhat.com>
> > Signed-off-by: David Ahern <dsahern@gmail.com>
> > Cc: Hannes Frederic Sowa <hannes@redhat.com>
> 
> Would this break existing application expecting a particular semantic
> by listening to netlink?  What happens to packets received with the static
> address when interface is down? With IPv4 Linux is mostly a weak host
> model, and IPv6 somewhere in between.

IPv6 is mostly a weak end model, too, but IFA_LINK addresses are used
much more. So yes, it is somewhere in between.

Addresses bound to interfaces which are currently down will work with
IPv6 (in contrast to IPv4).

> For vendors that control the application stack or have limited number
> of services this would work fine, but what about RHEL?

The new model is only enabled if the sysctl is set. I don't expect a lot
of vendors or distributions switching anytime soon.

I wonder if we should try to come up with a way of IPV6_NEW_WORLD_ORDER
we can make some changes to the stack which align much better with the
RFCs, e.g. no default link local address generation, no default on-link
routes etc.

Bye,
Hannes

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Brian Haley]

On 01/14/2015 02:17 PM, David Ahern wrote:
> Currently, ipv6 addresses are flushed when the interface is configured down:
> 
> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>     inet6 2000:11:1:1::1/64 scope global tentative
>        valid_lft forever preferred_lft forever
> [root@f20 ~]# ip link set dev eth1 up
> [root@f20 ~]# ip link set dev eth1 down
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> 
> Add a new sysctl to make this behavior optional. Setting defaults to flush
> addresses to maintain backwards compatibility. When reset flushing is bypassed:
> 
> [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>     inet6 2000:11:1:1::1/64 scope global tentative
>        valid_lft forever preferred_lft forever
> [root@f20 ~]#  ip link set dev eth1 up
> [root@f20 ~]#  ip link set dev eth1 down
> [root@f20 ~]# ip addr show dev eth1
> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>     inet6 2000:11:1:1::1/64 scope global
>        valid_lft forever preferred_lft forever
>     inet6 fe80::4:11ff:fe22:3301/64 scope link
>        valid_lft forever preferred_lft forever

I think this was brought up in a previous thread on this, but don't you have to
do DAD on these addresses once the interface comes back up?  Some other system
could have come along, done DAD, succeeded, and is now using it.  Or does the
use of this flag assume the user is Ok without doing DAD, and will deal with the
fallout?

-Brian

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[David Ahern]

On 1/23/15 9:09 AM, Brian Haley wrote:
> On 01/14/2015 02:17 PM, David Ahern wrote:
>> Currently, ipv6 addresses are flushed when the interface is configured down:
>>
>> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
>> [root@f20 ~]# ip addr show dev eth1
>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
>>      link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>>      inet6 2000:11:1:1::1/64 scope global tentative
>>         valid_lft forever preferred_lft forever
>> [root@f20 ~]# ip link set dev eth1 up
>> [root@f20 ~]# ip link set dev eth1 down
>> [root@f20 ~]# ip addr show dev eth1
>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>>      link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>>
>> Add a new sysctl to make this behavior optional. Setting defaults to flush
>> addresses to maintain backwards compatibility. When reset flushing is bypassed:
>>
>> [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
>> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
>> [root@f20 ~]# ip addr show dev eth1
>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>>      link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>>      inet6 2000:11:1:1::1/64 scope global tentative
>>         valid_lft forever preferred_lft forever
>> [root@f20 ~]#  ip link set dev eth1 up
>> [root@f20 ~]#  ip link set dev eth1 down
>> [root@f20 ~]# ip addr show dev eth1
>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
>>      link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>>      inet6 2000:11:1:1::1/64 scope global
>>         valid_lft forever preferred_lft forever
>>      inet6 fe80::4:11ff:fe22:3301/64 scope link
>>         valid_lft forever preferred_lft forever
>
> I think this was brought up in a previous thread on this, but don't you have to
> do DAD on these addresses once the interface comes back up?  Some other system
> could have come along, done DAD, succeeded, and is now using it.  Or does the
> use of this flag assume the user is Ok without doing DAD, and will deal with the
> fallout?

You have the same problem today, don't you? Current code allows an IPv6 
address to be configured on interface in the down state. The intent of 
this sysctl is to allow that address to stay on an up-down cycle.

I don't have a strong IPv6 background so the first email thread and this 
RFC patch are both asking first and foremost if there is any harm in 
this behavior. None has been raised - so far. To maintain backwards 
compatibility this is a new option which when reset allows the addresses 
to be retained (not flushed).

David

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[David Ahern]

On 1/22/15 11:40 PM, Stephen Hemminger wrote:
> Would this break existing application expecting a particular semantic
> by listening to netlink?  What happens to packets received with the static
> address when interface is down? With IPv4 Linux is mostly a weak host
> model, and IPv6 somewhere in between.
>
> For vendors that control the application stack or have limited number
> of services this would work fine, but what about RHEL?
>
>

The intent of making it a sysctl option is to maintain backwards 
compatibility and allow users to take the new functionality if desired - 
which includes accepting changes in behavior.

David

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Brian Haley]

On 01/23/2015 01:23 PM, David Ahern wrote:

>>> Add a new sysctl to make this behavior optional. Setting defaults to flush
>>> addresses to maintain backwards compatibility. When reset flushing is bypassed:
>>>
>>> [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
>>> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
>>> [root@f20 ~]# ip addr show dev eth1
>>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group
>>> default qlen 1000
>>>      link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>>>      inet6 2000:11:1:1::1/64 scope global tentative
>>>         valid_lft forever preferred_lft forever
>>> [root@f20 ~]#  ip link set dev eth1 up
>>> [root@f20 ~]#  ip link set dev eth1 down
>>> [root@f20 ~]# ip addr show dev eth1
>>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group
>>> default qlen 1000
>>>      link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
>>>      inet6 2000:11:1:1::1/64 scope global
>>>         valid_lft forever preferred_lft forever
>>>      inet6 fe80::4:11ff:fe22:3301/64 scope link
>>>         valid_lft forever preferred_lft forever
>>
>> I think this was brought up in a previous thread on this, but don't you have to
>> do DAD on these addresses once the interface comes back up?  Some other system
>> could have come along, done DAD, succeeded, and is now using it.  Or does the
>> use of this flag assume the user is Ok without doing DAD, and will deal with the
>> fallout?
> 
> You have the same problem today, don't you? Current code allows an IPv6 address
> to be configured on interface in the down state. The intent of this sysctl is to
> allow that address to stay on an up-down cycle.

Yes, looks like ndisc_send_skb() never returns any lower-level error back up to
the caller, so it's assumed the Neighbour Advertisement is always sent.
Although the address will be marked "tentative" until IFF_UP is set.

> I don't have a strong IPv6 background so the first email thread and this RFC
> patch are both asking first and foremost if there is any harm in this behavior.
> None has been raised - so far. To maintain backwards compatibility this is a new
> option which when reset allows the addresses to be retained (not flushed).

Seems as though you're in an RFC grey area then.  Personally, I'd do DAD, even
though the possibility of a collision is always very small.  But that's just my
opinion.

-Brian

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Hannes Frederic Sowa]

On Fr, 2015-01-23 at 16:17 -0500, Brian Haley wrote:
> On 01/23/2015 01:23 PM, David Ahern wrote:
> 
> >>> Add a new sysctl to make this behavior optional. Setting defaults to flush
> >>> addresses to maintain backwards compatibility. When reset flushing is bypassed:
> >>>
> >>> [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
> >>> [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> >>> [root@f20 ~]# ip addr show dev eth1
> >>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group
> >>> default qlen 1000
> >>>      link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> >>>      inet6 2000:11:1:1::1/64 scope global tentative
> >>>         valid_lft forever preferred_lft forever
> >>> [root@f20 ~]#  ip link set dev eth1 up
> >>> [root@f20 ~]#  ip link set dev eth1 down
> >>> [root@f20 ~]# ip addr show dev eth1
> >>> 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group
> >>> default qlen 1000
> >>>      link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> >>>      inet6 2000:11:1:1::1/64 scope global
> >>>         valid_lft forever preferred_lft forever
> >>>      inet6 fe80::4:11ff:fe22:3301/64 scope link
> >>>         valid_lft forever preferred_lft forever
> >>
> >> I think this was brought up in a previous thread on this, but don't you have to
> >> do DAD on these addresses once the interface comes back up?  Some other system
> >> could have come along, done DAD, succeeded, and is now using it.  Or does the
> >> use of this flag assume the user is Ok without doing DAD, and will deal with the
> >> fallout?
> > 
> > You have the same problem today, don't you? Current code allows an IPv6 address
> > to be configured on interface in the down state. The intent of this sysctl is to
> > allow that address to stay on an up-down cycle.
> 
> Yes, looks like ndisc_send_skb() never returns any lower-level error back up to
> the caller, so it's assumed the Neighbour Advertisement is always sent.
> Although the address will be marked "tentative" until IFF_UP is set.
> 
> > I don't have a strong IPv6 background so the first email thread and this RFC
> > patch are both asking first and foremost if there is any harm in this behavior.
> > None has been raised - so far. To maintain backwards compatibility this is a new
> > option which when reset allows the addresses to be retained (not flushed).
> 
> Seems as though you're in an RFC grey area then.  Personally, I'd do DAD, even
> though the possibility of a collision is always very small.  But that's just my
> opinion.

I agree. If the interface is in a state where it doesn't listen for
other hosts doing DAD, we must initiate DAD for that address during
bringing the interface up.

I am even not so sure if this is a grey area. Anyway, the current
behavior is not best and we should change that if the kernel does not do
DAD on addresses added during ifdown. Hopefully people don't use this
trick. :)

Bye,
Hannes

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Andy Gospodarek]

On Fri, Jan 23, 2015 at 01:22:17PM +0100, Hannes Frederic Sowa wrote:
> On Do, 2015-01-22 at 22:40 -0800, Stephen Hemminger wrote:
> > On Wed, 14 Jan 2015 12:17:19 -0700
> > David Ahern <dsahern@gmail.com> wrote:
> > 
> > > Currently, ipv6 addresses are flushed when the interface is configured down:
> > > 
> > > [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> > > [root@f20 ~]# ip addr show dev eth1
> > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
> > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > >     inet6 2000:11:1:1::1/64 scope global tentative
> > >        valid_lft forever preferred_lft forever
> > > [root@f20 ~]# ip link set dev eth1 up
> > > [root@f20 ~]# ip link set dev eth1 down
> > > [root@f20 ~]# ip addr show dev eth1
> > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > > 
> > > Add a new sysctl to make this behavior optional. Setting defaults to flush
> > > addresses to maintain backwards compatibility. When reset flushing is bypassed:
> > > 
> > > [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
> > > [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> > > [root@f20 ~]# ip addr show dev eth1
> > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > >     inet6 2000:11:1:1::1/64 scope global tentative
> > >        valid_lft forever preferred_lft forever
> > > [root@f20 ~]#  ip link set dev eth1 up
> > > [root@f20 ~]#  ip link set dev eth1 down
> > > [root@f20 ~]# ip addr show dev eth1
> > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > >     inet6 2000:11:1:1::1/64 scope global
> > >        valid_lft forever preferred_lft forever
> > >     inet6 fe80::4:11ff:fe22:3301/64 scope link
> > >        valid_lft forever preferred_lft forever
> > > 
> > > Suggested-by: Hannes Frederic Sowa <hannes@redhat.com>
> > > Signed-off-by: David Ahern <dsahern@gmail.com>
> > > Cc: Hannes Frederic Sowa <hannes@redhat.com>
> > 
> > Would this break existing application expecting a particular semantic
> > by listening to netlink?  What happens to packets received with the static
> > address when interface is down? With IPv4 Linux is mostly a weak host
> > model, and IPv6 somewhere in between.
> 
> IPv6 is mostly a weak end model, too, but IFA_LINK addresses are used
> much more. So yes, it is somewhere in between.
> 
> Addresses bound to interfaces which are currently down will work with
> IPv6 (in contrast to IPv4).
> 
> > For vendors that control the application stack or have limited number
> > of services this would work fine, but what about RHEL?
> 
> The new model is only enabled if the sysctl is set. I don't expect a lot
> of vendors or distributions switching anytime soon.

You are probably correct that many will not switch, but this sysctl
gives those who want to switch a nice option without having to carry
extra kernel patches.  I like it.

I have been pondering a few different changes to interface address and
route behavior on both interface and link (gasp!) down and would like to
use sysctls to make those options available to those who are interested
without changing the current model.

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Hannes Frederic Sowa]

Hi,

On Mo, 2015-01-26 at 23:56 -0500, Andy Gospodarek wrote:
> On Fri, Jan 23, 2015 at 01:22:17PM +0100, Hannes Frederic Sowa wrote:
> > On Do, 2015-01-22 at 22:40 -0800, Stephen Hemminger wrote:
> > > On Wed, 14 Jan 2015 12:17:19 -0700
> > > David Ahern <dsahern@gmail.com> wrote:
> > > 
> > > > Currently, ipv6 addresses are flushed when the interface is configured down:
> > > > 
> > > > [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> > > > [root@f20 ~]# ip addr show dev eth1
> > > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
> > > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > > >     inet6 2000:11:1:1::1/64 scope global tentative
> > > >        valid_lft forever preferred_lft forever
> > > > [root@f20 ~]# ip link set dev eth1 up
> > > > [root@f20 ~]# ip link set dev eth1 down
> > > > [root@f20 ~]# ip addr show dev eth1
> > > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> > > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > > > 
> > > > Add a new sysctl to make this behavior optional. Setting defaults to flush
> > > > addresses to maintain backwards compatibility. When reset flushing is bypassed:
> > > > 
> > > > [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
> > > > [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> > > > [root@f20 ~]# ip addr show dev eth1
> > > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> > > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > > >     inet6 2000:11:1:1::1/64 scope global tentative
> > > >        valid_lft forever preferred_lft forever
> > > > [root@f20 ~]#  ip link set dev eth1 up
> > > > [root@f20 ~]#  ip link set dev eth1 down
> > > > [root@f20 ~]# ip addr show dev eth1
> > > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> > > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > > >     inet6 2000:11:1:1::1/64 scope global
> > > >        valid_lft forever preferred_lft forever
> > > >     inet6 fe80::4:11ff:fe22:3301/64 scope link
> > > >        valid_lft forever preferred_lft forever
> > > > 
> > > > Suggested-by: Hannes Frederic Sowa <hannes@redhat.com>
> > > > Signed-off-by: David Ahern <dsahern@gmail.com>
> > > > Cc: Hannes Frederic Sowa <hannes@redhat.com>
> > > 
> > > Would this break existing application expecting a particular semantic
> > > by listening to netlink?  What happens to packets received with the static
> > > address when interface is down? With IPv4 Linux is mostly a weak host
> > > model, and IPv6 somewhere in between.
> > 
> > IPv6 is mostly a weak end model, too, but IFA_LINK addresses are used
> > much more. So yes, it is somewhere in between.
> > 
> > Addresses bound to interfaces which are currently down will work with
> > IPv6 (in contrast to IPv4).
> > 
> > > For vendors that control the application stack or have limited number
> > > of services this would work fine, but what about RHEL?
> > 
> > The new model is only enabled if the sysctl is set. I don't expect a lot
> > of vendors or distributions switching anytime soon.
> 
> You are probably correct that many will not switch, but this sysctl
> gives those who want to switch a nice option without having to carry
> extra kernel patches.  I like it. 

I don't see any problem with the patch in general but DAD should
definitely happen on reenabling interfaces. Current behavior does not
seem fine to me. It's ok if this patch doesn't change this behavior now
but a follow-up one will be needed then.

David, will you look after the DAD logic and do you plan a follow-up
patch?

> I have been pondering a few different changes to interface address and
> route behavior on both interface and link (gasp!) down and would like to
> use sysctls to make those options available to those who are interested
> without changing the current model.

Can you be more specific? In the last year we added some per interface
flags to e.g. handle the creation of on-link routes in case of an
address gets added to the interface. Maybe this is the better approach,
because quite a lot of stuff happens interface local in IPv6.

Thanks,
Hannes

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[David Ahern]

On 1/27/15 2:44 AM, Hannes Frederic Sowa wrote:
>> You are probably correct that many will not switch, but this sysctl
>> gives those who want to switch a nice option without having to carry
>> extra kernel patches.  I like it.
>
> I don't see any problem with the patch in general but DAD should
> definitely happen on reenabling interfaces. Current behavior does not
> seem fine to me. It's ok if this patch doesn't change this behavior now
> but a follow-up one will be needed then.
>
> David, will you look after the DAD logic and do you plan a follow-up
> patch?

Yes, I do plan a follow-up patch for this change. Will work on that this 
week.

 From the discussion a second patch is needed to make sure DAD is done 
on a link up if there is an address configured.

David

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Hannes Frederic Sowa]

On Di, 2015-01-27 at 07:55 -0700, David Ahern wrote:
> On 1/27/15 2:44 AM, Hannes Frederic Sowa wrote:
> >> You are probably correct that many will not switch, but this sysctl
> >> gives those who want to switch a nice option without having to carry
> >> extra kernel patches.  I like it.
> >
> > I don't see any problem with the patch in general but DAD should
> > definitely happen on reenabling interfaces. Current behavior does not
> > seem fine to me. It's ok if this patch doesn't change this behavior now
> > but a follow-up one will be needed then.
> >
> > David, will you look after the DAD logic and do you plan a follow-up
> > patch?
> 
> Yes, I do plan a follow-up patch for this change. Will work on that this 
> week.
> 
>  From the discussion a second patch is needed to make sure DAD is done 
> on a link up if there is an address configured.

Thank you!

Let's see if the DAD patch isn't complex, maybe it is a candidate for
stable?

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Andy Gospodarek]

On Tue, Jan 27, 2015 at 10:44:21AM +0100, Hannes Frederic Sowa wrote:
> Hi,
> 
> On Mo, 2015-01-26 at 23:56 -0500, Andy Gospodarek wrote:
> > On Fri, Jan 23, 2015 at 01:22:17PM +0100, Hannes Frederic Sowa wrote:
> > > On Do, 2015-01-22 at 22:40 -0800, Stephen Hemminger wrote:
> > > > On Wed, 14 Jan 2015 12:17:19 -0700
> > > > David Ahern <dsahern@gmail.com> wrote:
> > > > 
> > > > > Currently, ipv6 addresses are flushed when the interface is configured down:
> > > > > 
> > > > > [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> > > > > [root@f20 ~]# ip addr show dev eth1
> > > > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
> > > > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > > > >     inet6 2000:11:1:1::1/64 scope global tentative
> > > > >        valid_lft forever preferred_lft forever
> > > > > [root@f20 ~]# ip link set dev eth1 up
> > > > > [root@f20 ~]# ip link set dev eth1 down
> > > > > [root@f20 ~]# ip addr show dev eth1
> > > > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> > > > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > > > > 
> > > > > Add a new sysctl to make this behavior optional. Setting defaults to flush
> > > > > addresses to maintain backwards compatibility. When reset flushing is bypassed:
> > > > > 
> > > > > [root@f20 ~]# echo 0 > /proc/sys/net/ipv6/conf/eth1/flush_addr_on_down
> > > > > [root@f20 ~]# ip -6 addr add dev eth1 2000:11:1:1::1/64
> > > > > [root@f20 ~]# ip addr show dev eth1
> > > > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> > > > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > > > >     inet6 2000:11:1:1::1/64 scope global tentative
> > > > >        valid_lft forever preferred_lft forever
> > > > > [root@f20 ~]#  ip link set dev eth1 up
> > > > > [root@f20 ~]#  ip link set dev eth1 down
> > > > > [root@f20 ~]# ip addr show dev eth1
> > > > > 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
> > > > >     link/ether 02:04:11:22:33:01 brd ff:ff:ff:ff:ff:ff
> > > > >     inet6 2000:11:1:1::1/64 scope global
> > > > >        valid_lft forever preferred_lft forever
> > > > >     inet6 fe80::4:11ff:fe22:3301/64 scope link
> > > > >        valid_lft forever preferred_lft forever
> > > > > 
> > > > > Suggested-by: Hannes Frederic Sowa <hannes@redhat.com>
> > > > > Signed-off-by: David Ahern <dsahern@gmail.com>
> > > > > Cc: Hannes Frederic Sowa <hannes@redhat.com>
> > > > 
> > > > Would this break existing application expecting a particular semantic
> > > > by listening to netlink?  What happens to packets received with the static
> > > > address when interface is down? With IPv4 Linux is mostly a weak host
> > > > model, and IPv6 somewhere in between.
> > > 
> > > IPv6 is mostly a weak end model, too, but IFA_LINK addresses are used
> > > much more. So yes, it is somewhere in between.
> > > 
> > > Addresses bound to interfaces which are currently down will work with
> > > IPv6 (in contrast to IPv4).
> > > 
> > > > For vendors that control the application stack or have limited number
> > > > of services this would work fine, but what about RHEL?
> > > 
> > > The new model is only enabled if the sysctl is set. I don't expect a lot
> > > of vendors or distributions switching anytime soon.
> > 
> > You are probably correct that many will not switch, but this sysctl
> > gives those who want to switch a nice option without having to carry
> > extra kernel patches.  I like it. 
> 
> I don't see any problem with the patch in general but DAD should
> definitely happen on reenabling interfaces. Current behavior does not
> seem fine to me. It's ok if this patch doesn't change this behavior now
> but a follow-up one will be needed then.
> 
> David, will you look after the DAD logic and do you plan a follow-up
> patch?
> 
> > I have been pondering a few different changes to interface address and
> > route behavior on both interface and link (gasp!) down and would like to
> > use sysctls to make those options available to those who are interested
> > without changing the current model.
> 
> Can you be more specific? In the last year we added some per interface
> flags to e.g. handle the creation of on-link routes in case of an
> address gets added to the interface. Maybe this is the better approach,
> because quite a lot of stuff happens interface local in IPv6.

Unfortunately some of the work I've been doing is on a 3.2 long-term
kernel, but I've also been testing some of my hacks^Wpatches on the
latest tree as well to make control/mark FIB entries based on
link-status (carrier not I would call 'admin state' set via 'ip link
set').

Overloading the use of the onlink could be a good option -- I'll review
your patches and the functionality a bit more closely to see if I can
merge my changes with those and clean everything up.

I know that NM, netplugd, ifplugd, networkd, etc. could be used to
handle issue like this, but an in-kernel solution has a much better
chance of being reliable when you are dealing with ~100 network
interfaces and do not want to black-hole traffic when link is down to a
router in your datacenter and there is another possible route to get to
the network that was previously directly connected.

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[David Ahern]

On 01/27/2015 08:28 AM, Hannes Frederic Sowa wrote:
>>   From the discussion a second patch is needed to make sure DAD is done
>> on a link up if there is an address configured.
>
> Thank you!
>
> Let's see if the DAD patch isn't complex, maybe it is a candidate for
> stable?

Actually, DAD is done on a link up; you can see the notifications go out 
when the link is brought up:

18:46:28.519907 IP6 :: > ff02::1:ff00:10: ICMP6, neighbor solicitation, 
who has 2001:1::10, length 24
18:46:28.607650 IP6 :: > ff02::1:ff03:402: ICMP6, neighbor solicitation, 
who has fe80::1:2ff:fe03:402, length 24

So current top of tree works fine wrt DAD on addresses added when a link 
is down and then the link is brought up.

But, my previous patch does not re-send notifications on the up in a 
down-up cycle. I believe it is because the IFA_F_TENTATIVE flag is not 
set for the global address configured. I will address that in the 
revised patch.

David

Re: [RFC PATCH] net: ipv6: Make address flushing on ifdown optional

[Hannes Frederic Sowa]

On Di, 2015-01-27 at 20:21 -0700, David Ahern wrote:
> On 01/27/2015 08:28 AM, Hannes Frederic Sowa wrote:
> >>   From the discussion a second patch is needed to make sure DAD is done
> >> on a link up if there is an address configured.
> >
> > Thank you!
> >
> > Let's see if the DAD patch isn't complex, maybe it is a candidate for
> > stable?
> 
> Actually, DAD is done on a link up; you can see the notifications go out 
> when the link is brought up:

Oh, cool, sorry I did not check and misunderstood you in the other mail.

> 18:46:28.519907 IP6 :: > ff02::1:ff00:10: ICMP6, neighbor solicitation, 
> who has 2001:1::10, length 24
> 18:46:28.607650 IP6 :: > ff02::1:ff03:402: ICMP6, neighbor solicitation, 
> who has fe80::1:2ff:fe03:402, length 24
> 
> So current top of tree works fine wrt DAD on addresses added when a link 
> is down and then the link is brought up.
> 
> But, my previous patch does not re-send notifications on the up in a 
> down-up cycle. I believe it is because the IFA_F_TENTATIVE flag is not 
> set for the global address configured. I will address that in the 
> revised patch.

Sounds good, I don't see any more problems with this patch then.

Thanks!