On Sat, Mar 9, 2013 at 2:07 PM, Jouke Witteveen <j.witteveen@gmail.com> wrote:
On Wed, Mar 6, 2013 at 7:20 PM, Sébastien Luttringer <seblu@seblu.net> wrote:
On Fri, Feb 8, 2013 at 5:16 PM, Jouke Witteveen <j.witteveen@gmail.com> wrote:
On Fri, Feb 8, 2013 at 1:03 AM, Sébastien Luttringer <seblu@seblu.net> wrote:
On Wed, Feb 6, 2013 at 11:48 PM, Sébastien Luttringer <seblu@seblu.net> wrote:
DAD detection is detected via the presence of tentative flag in ip command. This flag can only be setted if interface is up (obviously).
So, setting an IPv6 address will fail when you: - the cable is not plugged - any interface of a bridge is not set
The code was (before rewriting of netctl) reference this bug report: https://bugs.archlinux.org/task/28887
This bug will reopen after your proposed changes. I don't think so. The bug was about DAD no waiting enough time. This
On Thu, Feb 7, 2013 at 12:36 PM, Jouke Witteveen <j.witteveen@gmail.com> wrote: patch drop the DAD check logic by userland (same behaviour than ipv4).
The lines you delete are exactly the lines that were added to fix the bug.
If the cable is not plugged there is no point in trying to connect anyway Connect, but configure? Setting a IP address to an interface doesn't mean trying to connect to anything or having an internet connection. It just mean setting an ip. Port can be up or down, or change of states every minutes. We don't care. netctl should not fail to setup a static ip on iface when no link is detected at boot. Sometimes, setting an IP on iface can be used to allow kernel to accept packet to this destination without really own it (lvs by example)
so it would be nice if you describe in some more detail what problem your changes solve. Imagine a router on archlinux, with a bridge of n ports. People can plug (or not) their computers when they wants. Mostly, when you boot your router, noboby is plugged. When the router starts, it defines IPv4 and IPv6 on the bridge (where all ethernet ports are added). With the current netcfg/netctl, it's impossible because when nobody is plugged, DAD cannot do is job of checking ip address, because all the underlying interface can't send icmpv6 ND messages.
I've tested to disable dad (sysctl accept_dad)[1] but interface stay in tentative mode and netctl timeout and rollback configuration.[2]
The way to prevent your interface from entering the 'tentative' state is by specifying addresses as follows:
Address6=('1234:bcd::11/64 nodad') Tested for 4 weeks and avoid netctl units to fail during tentative mode.
I will soon add a note on such modifiers to the manual.
Unfortunately on normal setup, where we should not disable DAD, I got a DAD failure sometimes. It append more on slow computer.
So here you say we should not disable DAD on normal setups, with which I agree and which is the default behavior of `ip`.
It's a bit rude to fail the network, sometimes the only way to connect to the computer, because dad is not finished. Up the value of the timeout is a quick workaround, but a good value is difficult to guess and can let us without network if hardware lag. Why not reverse the logic and check for the dadfailed flag (with a TIMEOUT) and only consider the network failed with this flag?
Here you state the reverse: we should disable DAD by default. The timeout isn't really a workaround, it depends on your network setup what timeouts are to be expected.
I don't state the reverse. We should always let DAD enabled (in the kernel) as RFC recommend. My point is to avoid disabling of kernel DAD handling because netctl make it difficult to let it enabled because it fails randomly based on meaningless timeout. The kernel is in charge of DAD, and advertise us by being in tentative mode and then dadfailed if an address is already taken. Here netctl try to guess if there is a conflict by looking tentative flag, which doesn't means there is a conflict or not. It only tells us if kernel as finished its job. My suggestion, if we want to keeps the timeout logic on ip6 static address, we can try to really detect failure and not guess there is an ip conflict whereas the DAD process is still ongoing. With the both approach, on the network layer, they will never have conflict on ip, as DAD is done by kernel. The only difference is netctl will not mark interface failed if the result of DAD is not available before the timeout. This will save us of a lot of false positive DAD failure, as conflict in ipv6 is less frequent. Cheers, -- Sébastien "Seblu" Luttringer https://www.seblu.net GPG: 0x2072D77A