Bug 1224970 - backport: ipv6: support noprefixroute and mngtmpaddr
Summary: backport: ipv6: support noprefixroute and mngtmpaddr
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: iproute
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Pavel Šimerda (pavlix)
QA Contact: Jaroslav Aster
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-05-26 10:14 UTC by Thomas Haller
Modified: 2015-11-19 14:42 UTC (History)
3 users (show)

Fixed In Version: iproute-3.10.0-36.el7
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 14:42:35 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2117 normal SHIPPED_LIVE iproute bug fix and enhancement update 2015-11-19 11:35:06 UTC

Description Thomas Haller 2015-05-26 10:14:47 UTC
Kernel gained support for the address flags IFA_F_MANAGETEMPADDR and IFA_F_NOPREFIXROUTE in bug 1052884.

NetworkManager uses these flags when configuring IPv6 addresses.

As these flags can only be set/inspected via netlink commands, there is no convenient tool that can show them.


Please backport patches

https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=5b7e21c417beae648312c27ee2043e7c04134c92

https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=58c69b226fb3adff1644914654d4fad99c2ee463

Comment 5 Jaroslav Aster 2015-06-16 09:27:34 UTC
It would be nice to add reverse mode for noprefixroute, for example prefixroute, because if I change it there is no way howto change it back instead of removing the ip address.

# ip addr add 2000::1/64 dev eth0

# ip addr show dev eth0 | grep -A 1 2000::1/64
    inet6 2000::1/64 scope global 
       valid_lft forever preferred_lft forever

# ip -6 route show dev eth0 | grep '2000::0/64
2000::/64  proto kernel  metric 256

# ip addr change 2000::1/64 dev eth0 noprefixroute

# ip -6 route show dev eth0 | grep '2000::/64

# ip addr show dev eth0 | grep -A 1 2000::1/64
    inet6 2000::1/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever

I would like to do this

# ip addr change 2000::1/64 dev eth0 prefixroute

Comment 6 Jaroslav Aster 2015-06-16 10:59:48 UTC
Another issue with mngtmpaddr. I think it does not work. Temporary ipv6 addresses should be removed if mngtmpaddr address is removed, but it does not. Cite from this url: http://patchwork.ozlabs.org/patch/338242/:

"Kernel is being extended to support flag IFA_F_MANAGETEMPADDR also for
deletion of addresses. This will allow a userspace application to indicate
that for a global address the kernel should delete all related temporary
addresses as well."

Example:

# sysctl net.ipv6.conf.enp0s25.use_tempaddr=2
net.ipv6.conf.enp0s25.use_tempaddr = 2

# ip -6 a show dev enp0s25
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 28:d2:44:55:5a:fd brd ff:ff:ff:ff:ff:ff
    inet6 2620:60:1:2219:2ad2:44ff:fe25:5afd/64 scope global noprefixroute dynamic 
       valid_lft 2591982sec preferred_lft 604782sec
    inet6 fe80::2ad2:44ff:fe55:5afd/64 scope link 
       valid_lft forever preferred_lft forever

# ip a change 2620:60:1:2219:2ad2:44ff:fe25:5afd/64 dev enp0s25 mngtmpaddr

# ip -6 a show dev enp0s25
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 28:d2:44:55:5a:fd brd ff:ff:ff:ff:ff:ff
    inet6 2620:60:1:2219:5021:eb41:ea9a:3acb/64 scope global temporary dynamic 
       valid_lft 604797sec preferred_lft 85797sec
    inet6 2620:60:1:2219:2ad2:44ff:fe25:5afd/64 scope global mngtmpaddr 
       valid_lft forever preferred_lft forever
    inet6 fe80::2ad2:44ff:fe55:5afd/64 scope link 
       valid_lft forever preferred_lft forever

# ip a del 2620:60:1:2219:2ad2:44ff:fe25:5afd/64 dev enp0s25 mngtmpaddr

# ip -6 a show dev enp0s25
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 28:d2:44:55:5a:fd brd ff:ff:ff:ff:ff:ff
    inet6 2620:60:1:2219:5021:eb41:ea9a:3acb/64 scope global temporary dynamic 
       valid_lft 604780sec preferred_lft 85780sec
    inet6 fe80::2ad2:44ff:fe55:5afd/64 scope link 
       valid_lft forever preferred_lft forever

It should be nice to add opposite option to disable mngtmpaddr. Something like that

ip a change 2620:60:1:2219:2ad2:44ff:fe25:5afd/64 dev enp0s25 nomngtmpaddr

Comment 8 Pavel Šimerda (pavlix) 2015-07-08 17:44:28 UTC
(In reply to Jaroslav Aster from comment #5)
> It would be nice to add reverse mode for noprefixroute, for example
> prefixroute, because if I change it there is no way howto change it back
> instead of removing the ip address.

As this is not supported by upstream, it should be IMO filed as a new feature request either for RHEL or for Fedora.

> # ip addr add 2000::1/64 dev eth0
> 
> # ip addr show dev eth0 | grep -A 1 2000::1/64
>     inet6 2000::1/64 scope global 
>        valid_lft forever preferred_lft forever
> 
> # ip -6 route show dev eth0 | grep '2000::0/64
> 2000::/64  proto kernel  metric 256
> 
> # ip addr change 2000::1/64 dev eth0 noprefixroute
> 
> # ip -6 route show dev eth0 | grep '2000::/64
> 
> # ip addr show dev eth0 | grep -A 1 2000::1/64
>     inet6 2000::1/64 scope global noprefixroute 
>        valid_lft forever preferred_lft forever
> 
> I would like to do this
> 
> # ip addr change 2000::1/64 dev eth0 prefixroute

Comment 9 Pavel Šimerda (pavlix) 2015-07-08 17:45:19 UTC
(In reply to Jaroslav Aster from comment #6)
> Another issue with mngtmpaddr. I think it does not work. Temporary ipv6
> addresses should be removed if mngtmpaddr address is removed, but it does
> not. Cite from this url: http://patchwork.ozlabs.org/patch/338242/:
> 
> "Kernel is being extended to support flag IFA_F_MANAGETEMPADDR also for
> deletion of addresses. This will allow a userspace application to indicate
> that for a global address the kernel should delete all related temporary
> addresses as well."
> 
> Example:
> 
> # sysctl net.ipv6.conf.enp0s25.use_tempaddr=2
> net.ipv6.conf.enp0s25.use_tempaddr = 2
> 
> # ip -6 a show dev enp0s25
> 2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
>     link/ether 28:d2:44:55:5a:fd brd ff:ff:ff:ff:ff:ff
>     inet6 2620:60:1:2219:2ad2:44ff:fe25:5afd/64 scope global noprefixroute
> dynamic 
>        valid_lft 2591982sec preferred_lft 604782sec
>     inet6 fe80::2ad2:44ff:fe55:5afd/64 scope link 
>        valid_lft forever preferred_lft forever
> 
> # ip a change 2620:60:1:2219:2ad2:44ff:fe25:5afd/64 dev enp0s25 mngtmpaddr
> 
> # ip -6 a show dev enp0s25
> 2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
>     link/ether 28:d2:44:55:5a:fd brd ff:ff:ff:ff:ff:ff
>     inet6 2620:60:1:2219:5021:eb41:ea9a:3acb/64 scope global temporary
> dynamic 
>        valid_lft 604797sec preferred_lft 85797sec
>     inet6 2620:60:1:2219:2ad2:44ff:fe25:5afd/64 scope global mngtmpaddr 
>        valid_lft forever preferred_lft forever
>     inet6 fe80::2ad2:44ff:fe55:5afd/64 scope link 
>        valid_lft forever preferred_lft forever
> 
> # ip a del 2620:60:1:2219:2ad2:44ff:fe25:5afd/64 dev enp0s25 mngtmpaddr
> 
> # ip -6 a show dev enp0s25
> 2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
>     link/ether 28:d2:44:55:5a:fd brd ff:ff:ff:ff:ff:ff
>     inet6 2620:60:1:2219:5021:eb41:ea9a:3acb/64 scope global temporary
> dynamic 
>        valid_lft 604780sec preferred_lft 85780sec
>     inet6 fe80::2ad2:44ff:fe55:5afd/64 scope link 
>        valid_lft forever preferred_lft forever
> 
> It should be nice to add opposite option to disable mngtmpaddr. Something
> like that
> 
> ip a change 2620:60:1:2219:2ad2:44ff:fe25:5afd/64 dev enp0s25 nomngtmpaddr

This should be IMO reported with the kernel.

Comment 10 Phil Sutter 2015-09-15 14:47:04 UTC
Jaroslav, this is already possible, just not as explicit as expected:

Add an address like so:

# ip addr add feed:babe::1/64 dev eth0

you get:

| inet6 feed:babe::1/64 scope site

then set noprefixroute:

# ip addr change feed:babe::1/64 dev eth0 noprefixroute

and get:

| inet6 feed:babe::1/64 scope site noprefixroute

to drop the prefixroute again, just "change" the address without specifying noprefixroute:

# ip addr change feed:babe::1/64 dev eth0

and you get:

| inet6 feed:babe::1/64 scope site

The same applies to mngtmpaddr.

Comment 11 Phil Sutter 2015-09-15 17:04:18 UTC
Regarding the kernel not removing temporary addresses when the primary one with mngtmpaddr being set is removed, this is a limitation of RHEL7. The following kernel commit has not been backported:

commit 6046d5b4e464ba9b2cc8f0407069456624598dd5
Author: Heiner Kallweit <heiner.kallweit@web.de>
Date:   Sun Apr 20 21:29:36 2014 +0200

    ipv6: support IFA_F_MANAGETEMPADDR for address deletion too
    
    Userspace applications can use IFA_F_MANAGETEMPADDR with RTM_NEWADDR
    already to indicate that the kernel should take care of temporary
    address management.
    
    This patch adds related functionality to RTM_DELADDR. By setting
    IFA_F_MANAGETEMPADDR a userspace application can indicate that the kernel
    should delete all related temporary addresses as well.
    
    A corresponding patch for the "ip addr del" command has been applied to
    iproute2 already.
    
    Signed-off-by: Heiner Kallweit <heiner.kallweit@web.de>
    Reviewed-by: Jiri Pirko <jiri@resnulli.us>
    Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>


Apart from that, functionality of mngtmpaddr is given. Adding an address with mngtmpaddr like so:

# ip a a feed:babe::1/64 mngtmpaddr dev eth0

leads to the kernel creating temporary addresses automatically for it:

| inet6 feed:babe::c44c:ec5d:9329:6199/64 scope site temporary tentative dynamic
| inet6 feed:babe::1/64 scope site mngtmpaddr

While the missing functionality is worth creating a dedicated ticket for, this is definitely not a bug in iproute, furthermore it's correct functionality is proven by the above.

Comment 12 Phil Sutter 2015-09-15 17:22:11 UTC
Kernel ticket requesting the missing functionality has been added: bug 1263384.

Comment 14 errata-xmlrpc 2015-11-19 14:42:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2117.html


Note You need to log in before you can comment on or make changes to this bug.