[PATCH] ipv6: make the net.ipv6.conf.all.use_tempaddr sysctl propagate to interface settings

Fri Dec 16 19:22:58 UTC 2011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 12/16/2011 11:23 AM, Leann Ogasawara wrote:
> On Wed, 2011-12-14 at 11:10 -0500, Mathieu Trudel-Lapierre wrote:
>> Hi,
>> 
>> We're trying to enable IPv6 privacy extensions by default in 
>> Ubuntu, and I've noticed issues applying the sysctl settings: 
>> applying net.ipv6.conf.all.use_tempaddr which I'd expect, 
>> readying docs, to be propagated to the underlying 
>> interface-specific settings (e.g. 
>> net.ipv6.conf.eth0.use_tempaddr) for already-available 
>> interfaces; which does not work.
>> 
>> Ideally at boot-time, one would only need to set the following 
>> settings: net.ipv6.conf.all.use_tempaddr   (to modify 
>> already-up/added interfaces) net.ipv6.conf.default.use_tempaddr 
>> (for future new interfaces)
>> 
>> I wrote the attached patch which appears to correctly set the 
>> value of net.ipv6.conf.all.use_tempaddr on the interfaces when 
>> changed. I would be very grateful if I could get some review on 
>> that patch before submitting it upstream.
>> 
>> It seems as though the issue is generally reproduced for most of 
>> the other ipv6 settings, and my reading of 
>> Documentation/networking/ip-sysctls.txt and net/ipv6/Kconfig
>> (the help entry for IPV6_PRIVACY), but I'm concentrating on just 
>> use_tempaddr which is something we'd really need to make work.
>> 
>> For more information about these issues, I found 
>> https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQ&ItemID=91
>>
>>
>> 
which also links two bugzilla.kernel.org bugs (which I unfortunately
>> can't reach).
> 
> Hi Mathieu,
> 
> So I did some investigation and was able to uncover the following 
> information from one of the bugzilla.kernel.org bugs (11655) you 
> were unable to reach:
> 
> http://kerneltrap.org/mailarchive/linux-netdev/2008/10/3/3495284/thread
>
>
> 
Highlights include:
> 
> http://kerneltrap.org/mailarchive/linux-netdev/2008/10/13/3628434
> 
> From Dave Miller: "Not a bug.
> 
> These "global" setting have to be set to the desired value before 
> the device is created.  And it is at creation time that these 
> global values are "inherited" by the device.
> 
> Afterwards changes to the global value will not propagate to those
>  devices again, because that might override a changed setting made
>  by the user.
> 
> It is only newly created devices which get these values."
> 
> http://kerneltrap.org/mailarchive/linux-netdev/2008/10/13/3631594
> 
> From bug reporter: "I understand you are talking about 
> /proc/sys/net/ipv6/conf/default/* controls. If so, it's ok, but I 
> talked about /proc/sys/net/ipv6/conf/all/* controls. 
> Documentation/networking/ip-sysctl.txt says:
> 
> conf/default/*: Change the interface-specific default settings.
> 
> 
> conf/all/*: Change all the interface-specific settings.
> 
> so what is the difference between default and all in the context
> of your statement? In my opinion, it could be understood that
> default settings are inherited and those from "all" directory
> change values for all current devices. "
> 
> http://kerneltrap.org/mailarchive/linux-netdev/2008/10/13/3639704
> 
> From Dave Miller: "Unfortunately not all "all" knobs are treated 
> universally, only some of them all.
> 
> If you grep for "devconf_all" under net/ipv6 you'll see which ones
>  get used and in what manner.
> 
> Of course, we'll need to tweak either the docs or the 
> implementation to match :-)"
> 
> =======
> 
> Reading the above thread I would assume this is intended behavior 
> and that the documentation needs updating.  However, it can't hurt 
> sending your patch upstream.  The worst that can happen is it gets 
> Nack'd.  I would like to see this clarified with upstream before
> we consider carrying this in our tree.
> 
> Thanks, Leann
> 
>> It's also been discussed in the past on netdev 
>> (http://markmail.org/thread/pxw4o7p2k3xn5vh3#query:+page:1 
>> +mid:pxw4o7p2k3xn5vh3+state:results ) and on debian-kernel
>> (can't find the thread again).
>> 
>> Please keep me in CC; I'm not subscribed to this list.
>> 
>> Regards,
>> 
>> -- Mathieu Trudel-Lapierre 
>> <mathieu.trudel-lapierre at canonical.com> Freenode: cyphermox, 
>> Jabber: mathieu.tl at gmail.com 4096R/EE018C93 1967 8F7D 03A1 8F38 
>> 732E  FF82 C126 33E1 EE01 8C93

Hmm, should Mathieu's patch be rejected upstream, what do you suggest
we do in Ubuntu to change that setting?
Should we propose another kernel patch that'd be Ubuntu-specific and
change the hardcoded default for privacy extensions?

Just saying that /all is basically identical to /default and should be
changed before the interface appears isn't really going to help as our
sysctls are pretty much always applied after the cards appeared (we
even noticed that in some cases we are applying them too early :)).

In all cases, I agree that this should definitely be clarified as
having /all not applying to all interfaces is utterly confusing...

The initial target for privacy extensions by default was alpha-1 as we
wanted to get as much feedback from users as possible.
We currently ship a sysctl config for this but it obviously doesn't
apply to all our users so doesn't quite give us the feedback we
originally wanted.

- -- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJO65qSAAoJEMY4l01keS1nDj0P/A3I+2I00C2vZkNIi5GwPkKj
/feNuoev2TXUUiKDCkK4j3up67VkjRZqHkvgIaohnf7Dj1U31SexlRHDYFREmlIj
TFYtIg/yTbiWD3ipblFxqLYXdD3f262KbjqquIuv+zgunnrGcd1mk1UwZsoS8xPq
EHzngr5ZiYvqftv4r9aF4xjAK/Yrtvo69dYS62q5iaSl/rNzvLJhIbSLHqCpx1Ad
XA/eIkD6s29ShzoJQki2t9gRDpSvqgIy9AW75uRq4ovDMGu9lu3XR1Z7UYsjpXmY
n+hzpDoHhn3iev764Nmg/XrPpIm+O3S/eImCLXpce4eIW65GFMSPdvrif9qfPqo7
id7fXChG9O68jKuGPUgT4BwsUcByw1q+y3Ag4RoGV/J1EMIBeboxG1biz4wBNuBL
CMYA3Gmwt/mjNYfolyGHTJjHVmQ3/n7gOEzdKVpvdvtJRQAwnB3xcfb2cCMy51xG
fj4+aGCVFDcbCV4KWNwo1i+JJztr8g/xiRzD7dbVWgx8tkm1IDL+7dp1Xaui2JYn
FtrCphhwDJIoyd8fqfTpothLMZ/xryv0kV7nOcpR+unctaFsnjWGbFRXc/IstrS3
MtmfFgcqXniJcxMv0xwa+qFW2oGB56jAP+C97WnB4tAaRjWYj7ycJrtIhJ+RHV0Q
JcG9hN3EgSePvUJ8qe/J
=NHyX
-----END PGP SIGNATURE-----