aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2023-12-08 17:43:17 +0100
committerStefano Brivio <sbrivio@redhat.com>2023-12-27 19:22:29 +0100
commit00358b782852f5b66bf413251ead0d1ee5d724c5 (patch)
tree1aa2edab4cd026b80fbc714ca6b3e27fe918d4e0
parentd491a4099b8db6199225812562b4dfc315accc6d (diff)
downloadpasst-00358b782852f5b66bf413251ead0d1ee5d724c5.tar
passt-00358b782852f5b66bf413251ead0d1ee5d724c5.tar.gz
passt-00358b782852f5b66bf413251ead0d1ee5d724c5.tar.bz2
passt-00358b782852f5b66bf413251ead0d1ee5d724c5.tar.lz
passt-00358b782852f5b66bf413251ead0d1ee5d724c5.tar.xz
passt-00358b782852f5b66bf413251ead0d1ee5d724c5.tar.zst
passt-00358b782852f5b66bf413251ead0d1ee5d724c5.zip
ndp: Extend lifetime of prefix, router, RDNSS and search list
Currently, we have no mechanism to dynamically update IPv6 addressing, routing or DNS information (which should eventually be implemented via netlink monitor), so it makes no sense to limit lifetimes of NDP information to any particular value. If we do, with common configurations of systemd-networkd in a guest, we can end up in a situation where we have a /128 address assigned via DHCPv6, the NDP-assigned prefix expires, and the default route also expires. However, as there's a valid address, the prefix is not renewed. As a result, the default route becomes invalid and we lose it altogether, which implies that the guest loses IPv6 connectivity except for link-local communication. Set the router lifetime to the maximum allowed by RFC 8319, that is, 65535 seconds (about 18 hours). RFC 4861 limited this value to 9000 seconds, but RFC 8319 later updated this limit. Set prefix and DNS information lifetime to infinity. This is allowed by RFC 4861 and RFC 8319. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
-rw-r--r--ndp.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/ndp.c b/ndp.c
index adab1d2..4c85ab8 100644
--- a/ndp.c
+++ b/ndp.c
@@ -94,7 +94,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
ihr->icmp6_type = RA;
ihr->icmp6_code = 0;
ihr->icmp6_hop_limit = 255;
- ihr->icmp6_rt_lifetime = htons(9000);
+ ihr->icmp6_rt_lifetime = htons(65535); /* RFC 8319 */
ihr->icmp6_addrconf_managed = 1;
p = (unsigned char *)(ihr + 1);
@@ -103,9 +103,9 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
*p++ = 4; /* length */
*p++ = 64; /* prefix length */
*p++ = 0xc0; /* prefix flags: L, A */
- *(uint32_t *)p = htonl(3600); /* lifetime */
+ *(uint32_t *)p = (uint32_t)~0U; /* lifetime */
p += 4;
- *(uint32_t *)p = htonl(3600); /* preferred lifetime */
+ *(uint32_t *)p = (uint32_t)~0U; /* preferred lifetime */
p += 8;
memcpy(p, &c->ip6.addr, 8); /* prefix */
p += 16;
@@ -126,7 +126,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
*p++ = 25; /* RDNSS */
*p++ = 1 + 2 * n; /* length */
p += 2; /* reserved */
- *(uint32_t *)p = htonl(60); /* lifetime */
+ *(uint32_t *)p = (uint32_t)~0U; /* lifetime */
p += 4;
for (i = 0; i < n; i++) {
@@ -142,7 +142,7 @@ int ndp(struct ctx *c, const struct icmp6hdr *ih, const struct in6_addr *saddr)
*p++ = 31; /* DNSSL */
*p++ = (dns_s_len + 8 - 1) / 8 + 1; /* length */
p += 2; /* reserved */
- *(uint32_t *)p = htonl(60); /* lifetime */
+ *(uint32_t *)p = (uint32_t)~0U; /* lifetime */
p += 4;
for (i = 0; i < n; i++) {