Understanding the working of Optimistic DAD Feature.

Understanding the working of Optimistic DAD Feature.

[Chinmay Agarwal]

[-- Attachment #1.1: Type: text/plain, Size: 1794 bytes --]

Hi Team,

Had a doubt regarding Optimistic DAD implementation in linux kernel.


The RFC of Optimistic DAD states:



"Section 3.3

        A router SHOULD NOT configure an Optimistic Address."

To check the same there is a condition in kernel code wherein we check if ipv6.devconf_all is set.
Now, my query is that we are checking if forwarding is enabled on all interfaces, then we consider the system to be a router.
But even if forwarding is enabled from few interfaces(not all) isn't the system behaving like a router?


void addrconf_add_linklocal<https://elixir.bootlin.com/linux/latest/ident/addrconf_add_linklocal>(struct inet6_dev<https://elixir.bootlin.com/linux/latest/ident/inet6_dev> *idev<https://elixir.bootlin.com/linux/latest/ident/idev>,

                     const struct in6_addr<https://elixir.bootlin.com/linux/latest/ident/in6_addr> *addr, u32<https://elixir.bootlin.com/linux/latest/ident/u32> flags)

{

  .

  .

  .

  .



#ifdef<https://elixir.bootlin.com/linux/latest/ident/ifdef> CONFIG_IPV6_OPTIMISTIC_DAD

  if ((dev_net<https://elixir.bootlin.com/linux/latest/ident/dev_net>(idev<https://elixir.bootlin.com/linux/latest/ident/idev>->dev)->ipv6.devconf_all->optimistic_dad ||

       idev<https://elixir.bootlin.com/linux/latest/ident/idev>->cnf.optimistic_dad) &&

      !dev_net<https://elixir.bootlin.com/linux/latest/ident/dev_net>(idev<https://elixir.bootlin.com/linux/latest/ident/idev>->dev)->ipv6.devconf_all->forwarding<https://elixir.bootlin.com/linux/latest/ident/forwarding>)

          cfg<https://elixir.bootlin.com/linux/latest/ident/cfg>.ifa_flags |= IFA_F_OPTIMISTIC<https://elixir.bootlin.com/linux/latest/ident/IFA_F_OPTIMISTIC>;

#endif



  .

  .

  .

  .

}

Thanks
Chinmay


[-- Attachment #1.2: Type: text/html, Size: 12334 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Understanding the working of Optimistic DAD Feature.

[Valdis Klētnieks]

[-- Attachment #1.1: Type: text/plain, Size: 888 bytes --]

On Thu, 06 Feb 2020 12:19:26 +0000, Chinmay Agarwal said:

> To check the same there is a condition in kernel code wherein we check if ipv6.devconf_all is set.
> Now, my query is that we are checking if forwarding is enabled on all interfaces, then we consider the system to be a router.

> But even if forwarding is enabled from few interfaces(not all) isn't the system behaving like a router?

You can't actually configure "routing on some but not all" without setting the
global forwarding bit.

If you have the very odd use case where you have eth0, eth1, and eth2, and
you're routing between eth0 and eth1, but eth2 is a private net that should
*not* communicate with either eth0 or eth1, the way you configure that is to
turn on the global forwarding bit, and then use a combo of routing table and
firewall rules to prevent traffic going to eth2 unless it's from the local
host.




[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies