Mailing List Archive: nsp: ipv6

Linux Temporary Address - Premature expiry

Index | Next | Previous | View Threaded

ipv6-ops at ml

Jan 13, 2012, 7:04 AM

Post #1 of 6 (1202 views)
Permalink

Linux Temporary Address - Premature expiry

Hello,

I don't know if anyone (except me) tries to use IPv6 temporary
addresses (Privacy Extensions) on Linux.

I tried to use them but noticed that temp_prefered_lft (86400) and
temp_valid_lft (806400) are ignored. My linux changes temporary
addresses every hour and the old address disappears.

That means that every ssh-session and other permanent connections get
disconnected every hour or so which is quite annoying.

Has anybody else experienced this and/or has a fix for me?

Kernel is: 2.6.39-bpo.2-686-pae (2.6.39 from Debian Backport)

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:4dd0:f8dd:0:1dbe:9b1d:5701:82bc/64 scope global temporary dynamic
valid_lft 5076sec preferred_lft 1476sec
inet6 2001:4dd0:f8dd:0:f4e0:b756:3060:50c2/64 scope global temporary deprecated dynamic
valid_lft 1485sec preferred_lft 0sec

Regards

Sebastian

--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant

rodolfo.garciapenas at telefonica

Jan 13, 2012, 7:28 AM

Post #2 of 6 (1139 views)
Permalink

Re: Linux Temporary Address - Premature expiry [In reply to]

Hi,

Go to the kernel source folder ( /usr/src/linux-source-*/net/ipv6) and
search for "temp_prefered_lft" you will see that the variable is set at
addressconf.c

.temp_valid_lft = TEMP_VALID_LIFETIME;

If you search for this constant, is set at include/net/addrconf.h (one week
at 3.0 kernel)

#define TEMP_VALID_LIFETIME (7*86400)

Same idea for the other variable (is the next line in the files :-)

Regards,
kix

PS. I am using 3.0, the values may be change.

Sebastian
Wiesinger
<ipv6-ops [at] ml Para
arotte.org> IPv6 operators forum
Enviado por: <ipv6-ops [at] lists>
ipv6-ops-bounc cc
es
+rodolfo.garci Asunto
apenas=telefon Linux Temporary Address -
ica.es [at] lists Premature expiry
luenet.de Clasificación

13/01/2012
16:04

Hello,

I don't know if anyone (except me) tries to use IPv6 temporary
addresses (Privacy Extensions) on Linux.

I tried to use them but noticed that temp_prefered_lft (86400) and
temp_valid_lft (806400) are ignored. My linux changes temporary
addresses every hour and the old address disappears.

That means that every ssh-session and other permanent connections get
disconnected every hour or so which is quite annoying.

Has anybody else experienced this and/or has a fix for me?

Kernel is: 2.6.39-bpo.2-686-pae (2.6.39 from Debian Backport)

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:4dd0:f8dd:0:1dbe:9b1d:5701:82bc/64 scope global temporary
dynamic
valid_lft 5076sec preferred_lft 1476sec
inet6 2001:4dd0:f8dd:0:f4e0:b756:3060:50c2/64 scope global temporary
deprecated dynamic
valid_lft 1485sec preferred_lft 0sec

Regards

Sebastian

--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
SCYTHE.
-- Terry Pratchett, The Fifth Elephant

ipv6-ops at ml

Jan 13, 2012, 7:42 AM

Post #3 of 6 (1137 views)
Permalink

Re: Linux Temporary Address - Premature expiry [In reply to]

* rodolfo.garciapenas [at] telefonica <rodolfo.garciapenas [at] telefonica> [2012-01-13 16:31]:
>
>
> Hi,
>
> Go to the kernel source folder ( /usr/src/linux-source-*/net/ipv6) and
> search for "temp_prefered_lft" you will see that the variable is set at
> addressconf.c
>
> .temp_valid_lft = TEMP_VALID_LIFETIME;
>
> If you search for this constant, is set at include/net/addrconf.h (one week
> at 3.0 kernel)
>
> #define TEMP_VALID_LIFETIME (7*86400)
>
> Same idea for the other variable (is the next line in the files :-)

Hi,

yes but that doesn't explain why the addresses expire after one hour?

Regards

Sebastian

--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant

ipv6-ops at ml

Jan 13, 2012, 8:10 AM

Post #4 of 6 (1136 views)
Permalink

Re: Linux Temporary Address - Premature expiry [In reply to]

* Sebastian Wiesinger <ipv6-ops [at] ml> [2012-01-13 16:06]:
> Hello,
>
> I don't know if anyone (except me) tries to use IPv6 temporary
> addresses (Privacy Extensions) on Linux.
>
> I tried to use them but noticed that temp_prefered_lft (86400) and
> temp_valid_lft (806400) are ignored. My linux changes temporary
> addresses every hour and the old address disappears.

Okay, I think I found the problem:

My router is sending it's RAs with

Valid time : 7200 (0x00001c20) seconds
Pref. time : 3600 (0x00000e10) seconds

The linux kernel compares temp_prefered_lft / temp_valid_lft to these
and then uses the lesser of the two.

Regards

Sebastian

--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant

rodolfo.garciapenas at telefonica

Jan 13, 2012, 8:19 AM

Post #5 of 6 (1134 views)
Permalink

Re: Linux Temporary Address - Premature expiry [In reply to]

Yes, it is set in the same file, some lines below.

Regards.
kix

Sebastian
Wiesinger
<ipv6-ops [at] ml Para
arotte.org> ipv6-ops [at] lists
Enviado por: cc
ipv6-ops-bounc
es Asunto
+rodolfo.garci Re: Linux Temporary Address -
apenas=telefon Premature expiry
ica.es [at] lists Clasificación
luenet.de

13/01/2012
17:10

* Sebastian Wiesinger <ipv6-ops [at] ml> [2012-01-13 16:06]:
> Hello,
>
> I don't know if anyone (except me) tries to use IPv6 temporary
> addresses (Privacy Extensions) on Linux.
>
> I tried to use them but noticed that temp_prefered_lft (86400) and
> temp_valid_lft (806400) are ignored. My linux changes temporary
> addresses every hour and the old address disappears.

Okay, I think I found the problem:

My router is sending it's RAs with

Valid time : 7200 (0x00001c20) seconds
Pref. time : 3600 (0x00000e10) seconds

The linux kernel compares temp_prefered_lft / temp_valid_lft to these
and then uses the lesser of the two.

Regards

Sebastian

--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
SCYTHE.
-- Terry Pratchett, The Fifth Elephant
_____________________________________________________________________
Mensaje analizado y protegido por Telefonica Grandes Clientes

dr at cluenet

Jan 13, 2012, 11:18 AM

Post #6 of 6 (1131 views)
Permalink

Re: Linux Temporary Address - Premature expiry [In reply to]

On Fri, Jan 13, 2012 at 05:10:00PM +0100, Sebastian Wiesinger wrote:
> > I tried to use them but noticed that temp_prefered_lft (86400) and
> > temp_valid_lft (806400) are ignored. My linux changes temporary
> > addresses every hour and the old address disappears.
>
> Okay, I think I found the problem:
>
> My router is sending it's RAs with
>
> Valid time : 7200 (0x00001c20) seconds
> Pref. time : 3600 (0x00000e10) seconds

No, that's not the problem - it's perfectly fine.

The problem is that all Linux kernels before 3.2 did only implement the
older RFC3041 which says:

1) Process the Prefix Information Option as defined in [ADDRCONF],
either creating a public address or adjusting the lifetimes of
existing addresses, both public and temporary. When adjusting the
lifetimes of an existing temporary address, only lower the
lifetimes. Implementations must not increase the lifetimes of an
existing temporary address when processing a Prefix Information
Option.

While RFC4941 (updated version of 3041) says:

1. Process the Prefix Information Option as defined in [ADDRCONF],
either creating a new public address or adjusting the lifetimes
of existing addresses, both public and temporary. If a received
option will extend the lifetime of a public address, the
lifetimes of temporary addresses should be extended, subject to
the overall constraint that no temporary addresses should ever
remain "valid" or "preferred" for a time longer than
(TEMP_VALID_LIFETIME) or (TEMP_PREFERRED_LIFETIME -
DESYNC_FACTOR), respectively. The configuration variables
TEMP_VALID_LIFETIME and TEMP_PREFERRED_LIFETIME correspond to
approximate target lifetimes for temporary addresses.

So the behaviour you see is a shortcoming of the original specification,
fixed by RFC4941.

Lorenzo Colitti posted a patch to fix that mid last year:
http://comments.gmane.org/gmane.linux.network/202411

This one went into Linux 3.2

Best regards,
Daniel

--
CLUE-RIPE -- Jabber: dr [at] cluenet -- dr [at] IRCne -- PGP: 0xA85C8AA0

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads