Re: nd6_free assumes all routers are processed by kernel RA

To: Gert Doering <gert%greenie.muc.de@localhost>
Subject: Re: nd6_free assumes all routers are processed by kernel RA
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Sun, 25 Aug 2019 07:45:26 +0700

    Date:        Sat, 24 Aug 2019 21:33:30 +0200
    From:        Gert Doering <gert%greenie.muc.de@localhost>
    Message-ID:  <20190824193330.GZ1349%greenie.muc.de@localhost>

  | "Only LL addresses and have v6 enabled" would be "any recent operating
  | system in an IPv4 only environment", of which there are many.

Unfortunately still, yes...    But it also requires that the host do
lookups for AAAA addresses which raises another potential solution to
my real problem.  That is, another solution would be to have getaddrinfo()
not request v6 addresses unless the host has a non-LL v6 address of its
own.   I don't mych like this. first because it makes getaddrinfo() (slightly)
more expensive for everyone, and second because it prevents obtaining a
v6 address for a target that could have been reached, even with a LL source
addr (ie: a target on the same link as the host wanting to contact it).

  | To make that work, the neighbour discovery code could would need to
  | communicate the timeout back to the TCP SYN sender (or more generic,

No, not really.   Note that the initial problem needs to be fixed first.

We need to avoid, one way or another, sending packets from LL source
addresses to a router to forward to a global (or ULA) address.

That can be done by not installing routes (by default) when there are no
non-LL addresses, so there is nothing to forward via, or by allowing the
routes to be installed but refusing to use them.  I prefer the former as
it would be "not automatically install" rather than "cannot install", so
if there is a need, the admin can always add a route, and it would be used
(even if I think that's a dumb thing to actually want to do.)

Once the system looks like that, then sending a SYN from a LL address
can send a local NS, if that fails (no response after a short wait, repeat
NS< and another short wait), the TCP connect simply fails (EHOSTUNREACH)
as there is no other way to send the SYN packet.  If the NS succeeds, then
the SYN is sent and whatever happens after happens.   No magic required.

This is the way v6 autoconfig should work - the intent was always that
hosts could simply connect to a network (including ad-hoc routerless nets)
and communicate with other connected hosts, with no manual config required.

kre

References:
- Re: nd6_free assumes all routers are processed by kernel RA
  - From: Gert Doering
- Re: nd6_free assumes all routers are processed by kernel RA
  - From: Gert Doering
- nd6_free assumes all routers are processed by kernel RA
  - From: Roy Marples
- Re: nd6_free assumes all routers are processed by kernel RA
  - From: Robert Elz
- Re: nd6_free assumes all routers are processed by kernel RA
  - From: Roy Marples
- Re: nd6_free assumes all routers are processed by kernel RA
  - From: Robert Elz

Prev by Date: Making network drivers MPSAFE
Next by Date: Re: Making network drivers MPSAFE
Previous by Thread: Re: nd6_free assumes all routers are processed by kernel RA
Next by Thread: Re: nd6_free assumes all routers are processed by kernel RA
Indexes:

Home | Main Index | Thread Index | Old Index