[arch-projects] [netctl] [RFC] Flush the interface configuration in ip_unset instead of bring_interface_down.
When switching networks in auto.action, the addresses are not flushed. This is especially problematic with stateless ipv6 autoconfigutation, as invalid IPs may stay around until their (potentially very long) lifetime has expired. bring_interface_down is always called after ip_unset everywhere else, so this change does not affect anything else. --- src/lib/ip | 3 ++- src/lib/network | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/ip b/src/lib/ip index 2a84c0d..c60b350 100644 --- a/src/lib/ip +++ b/src/lib/ip @@ -175,7 +175,7 @@ ip_set() { } -## Clean up the dynamic part of an IP configuration +## Clean up the IP configuration # $Interface: interface name # $IP: type of IPv4 configuration # $IP6: type of IPv6 configuration @@ -202,6 +202,7 @@ ip_unset() { fi [[ $DNS ]] && resolvconf -d "$Interface" + ip addr flush dev "$Interface" &>/dev/null } diff --git a/src/lib/network b/src/lib/network index 6ac9d75..7dfe0b5 100755 --- a/src/lib/network +++ b/src/lib/network @@ -31,7 +31,6 @@ bring_interface_up() { # $1: interface name bring_interface_down() { local interface=$1 - ip addr flush dev "$interface" &>/dev/null ip link set dev "$interface" down &>/dev/null # We reuse the up timeout (down normally is faster) timeout_wait "${TimeoutUp:-5}" '! interface_is_up "$interface"' -- 1.8.2.2
Am 09.05.2013 23:29, schrieb Thomas Bächler:
When switching networks in auto.action, the addresses are not flushed. This is especially problematic with stateless ipv6 autoconfigutation, as invalid IPs may stay around until their (potentially very long) lifetime has expired.
bring_interface_down is always called after ip_unset everywhere else, so this change does not affect anything else.
This may not be a good idea, since it probably flushes the link-local address. I must test more.
On Thu, May 9, 2013 at 11:53 PM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 09.05.2013 23:29, schrieb Thomas Bächler:
When switching networks in auto.action, the addresses are not flushed. This is especially problematic with stateless ipv6 autoconfigutation, as invalid IPs may stay around until their (potentially very long) lifetime has expired.
bring_interface_down is always called after ip_unset everywhere else, so this change does not affect anything else.
This may not be a good idea, since it probably flushes the link-local address. I must test more.
I think a better way is to delete all static addresses in ip_unset. - Jouke
Am 13.05.2013 19:18, schrieb Jouke Witteveen:
On Thu, May 9, 2013 at 11:53 PM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 09.05.2013 23:29, schrieb Thomas Bächler:
When switching networks in auto.action, the addresses are not flushed. This is especially problematic with stateless ipv6 autoconfigutation, as invalid IPs may stay around until their (potentially very long) lifetime has expired.
bring_interface_down is always called after ip_unset everywhere else, so this change does not affect anything else.
This may not be a good idea, since it probably flushes the link-local address. I must test more.
I think a better way is to delete all static addresses in ip_unset.
- Jouke
You also need to delete all addresses assigned by SLAAC, because they will usually take very long to expire, thus my flush idea. We should probably do this: ip addr flush dev $IF scope host ip addr flush dev $IF scope site ip addr flush dev $IF scope global This will flush everything except for the link-local address.
On Mon, May 13, 2013 at 8:27 PM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 13.05.2013 19:18, schrieb Jouke Witteveen:
On Thu, May 9, 2013 at 11:53 PM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 09.05.2013 23:29, schrieb Thomas Bächler:
When switching networks in auto.action, the addresses are not flushed. This is especially problematic with stateless ipv6 autoconfigutation, as invalid IPs may stay around until their (potentially very long) lifetime has expired.
bring_interface_down is always called after ip_unset everywhere else, so this change does not affect anything else.
This may not be a good idea, since it probably flushes the link-local address. I must test more.
I think a better way is to delete all static addresses in ip_unset.
- Jouke
You also need to delete all addresses assigned by SLAAC, because they will usually take very long to expire, thus my flush idea.
We should probably do this:
ip addr flush dev $IF scope host ip addr flush dev $IF scope site ip addr flush dev $IF scope global
This will flush everything except for the link-local address.
But we know in advance of some cases where SLAAC is not used. It might be easiest nevertheless to just put your three commands in ip_unset. - Jouke
On Thu, May 9, 2013 at 11:53 PM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 09.05.2013 23:29, schrieb Thomas Bächler:
When switching networks in auto.action, the addresses are not flushed. This is especially problematic with stateless ipv6 autoconfigutation, as invalid IPs may stay around until their (potentially very long) lifetime has expired.
bring_interface_down is always called after ip_unset everywhere else, so this change does not affect anything else.
This may not be a good idea, since it probably flushes the link-local address. I must test more.
It does indeed flush the link-local address too. When are link-local addresses added and why is it bad to flush them? - Jouke
Am 16.05.2013 10:59, schrieb Jouke Witteveen:
On Thu, May 9, 2013 at 11:53 PM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 09.05.2013 23:29, schrieb Thomas Bächler:
When switching networks in auto.action, the addresses are not flushed. This is especially problematic with stateless ipv6 autoconfigutation, as invalid IPs may stay around until their (potentially very long) lifetime has expired.
bring_interface_down is always called after ip_unset everywhere else, so this change does not affect anything else.
This may not be a good idea, since it probably flushes the link-local address. I must test more.
It does indeed flush the link-local address too. When are link-local addresses added and why is it bad to flush them?
They are added on interface creation (or maybe when bringing the interface down/up) by the kernel. Without a link-local address, lots of IPv6 functionality simply fails - it is permanently assigned to the interface and never changes (you probably can change it, but I don't see the point, unless you want to hide your MAC address somehow). Best idea is to simply flush addresses in site, global and host scope as I stated before. This flushed all ipv6 addresses except link-local, and all ipv4 addresses.
On Thu, May 16, 2013 at 11:07 AM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 16.05.2013 10:59, schrieb Jouke Witteveen:
On Thu, May 9, 2013 at 11:53 PM, Thomas Bächler <thomas@archlinux.org> wrote:
Am 09.05.2013 23:29, schrieb Thomas Bächler:
When switching networks in auto.action, the addresses are not flushed. This is especially problematic with stateless ipv6 autoconfigutation, as invalid IPs may stay around until their (potentially very long) lifetime has expired.
bring_interface_down is always called after ip_unset everywhere else, so this change does not affect anything else.
This may not be a good idea, since it probably flushes the link-local address. I must test more.
It does indeed flush the link-local address too. When are link-local addresses added and why is it bad to flush them?
They are added on interface creation (or maybe when bringing the interface down/up) by the kernel. Without a link-local address, lots of IPv6 functionality simply fails - it is permanently assigned to the interface and never changes (you probably can change it, but I don't see the point, unless you want to hide your MAC address somehow).
In my testing (with a wireless card), not on down/up. I asked because I thought maybe its okay to flush them and reinstate them in ip_set, but apparently that is not the case.
Best idea is to simply flush addresses in site, global and host scope as I stated before. This flushed all ipv6 addresses except link-local, and all ipv4 addresses.
Shall I just modify your original patch and make you the author of the commit? Thanks, - Jouke
When switching networks in auto.action, the addresses are not flushed. This is especially problematic with stateless ipv6 autoconfigutation, as invalid IPs may stay around until their (potentially very long) lifetime has expired. bring_interface_down is always called after ip_unset everywhere else, so this change does not affect anything else. V2: Make sure not to flush the link local address. --- src/lib/ip | 5 ++++- src/lib/network | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib/ip b/src/lib/ip index 2a84c0d..14ed727 100644 --- a/src/lib/ip +++ b/src/lib/ip @@ -175,7 +175,7 @@ ip_set() { } -## Clean up the dynamic part of an IP configuration +## Clean up the IP configuration # $Interface: interface name # $IP: type of IPv4 configuration # $IP6: type of IPv6 configuration @@ -202,6 +202,9 @@ ip_unset() { fi [[ $DNS ]] && resolvconf -d "$Interface" + ip addr flush dev "$Interface" scope host &>/dev/null + ip addr flush dev "$Interface" scope site &>/dev/null + ip addr flush dev "$Interface" scope global &>/dev/null } diff --git a/src/lib/network b/src/lib/network index 6ac9d75..7dfe0b5 100755 --- a/src/lib/network +++ b/src/lib/network @@ -31,7 +31,6 @@ bring_interface_up() { # $1: interface name bring_interface_down() { local interface=$1 - ip addr flush dev "$interface" &>/dev/null ip link set dev "$interface" down &>/dev/null # We reuse the up timeout (down normally is faster) timeout_wait "${TimeoutUp:-5}" '! interface_is_up "$interface"' -- 1.8.2.3
On Thu, May 16, 2013 at 11:19 PM, Thomas Bächler <thomas@archlinux.org> wrote:
When switching networks in auto.action, the addresses are not flushed. This is especially problematic with stateless ipv6 autoconfigutation, as invalid IPs may stay around until their (potentially very long) lifetime has expired.
bring_interface_down is always called after ip_unset everywhere else, so this change does not affect anything else.
V2: Make sure not to flush the link local address. --- src/lib/ip | 5 ++++- src/lib/network | 1 - 2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/lib/ip b/src/lib/ip index 2a84c0d..14ed727 100644 --- a/src/lib/ip +++ b/src/lib/ip @@ -175,7 +175,7 @@ ip_set() { }
-## Clean up the dynamic part of an IP configuration +## Clean up the IP configuration # $Interface: interface name # $IP: type of IPv4 configuration # $IP6: type of IPv6 configuration @@ -202,6 +202,9 @@ ip_unset() { fi
[[ $DNS ]] && resolvconf -d "$Interface" + ip addr flush dev "$Interface" scope host &>/dev/null + ip addr flush dev "$Interface" scope site &>/dev/null + ip addr flush dev "$Interface" scope global &>/dev/null }
diff --git a/src/lib/network b/src/lib/network index 6ac9d75..7dfe0b5 100755 --- a/src/lib/network +++ b/src/lib/network @@ -31,7 +31,6 @@ bring_interface_up() { # $1: interface name bring_interface_down() { local interface=$1 - ip addr flush dev "$interface" &>/dev/null ip link set dev "$interface" down &>/dev/null # We reuse the up timeout (down normally is faster) timeout_wait "${TimeoutUp:-5}" '! interface_is_up "$interface"' -- 1.8.2.3
Your contribution is much appreciated, thanks, - Jouke
participants (2)
-
Jouke Witteveen
-
Thomas Bächler