[PATCH] ipv6: make the net.ipv6.conf.all.use_tempaddr sysctl propagate to interface settings

Fri Dec 16 21:03:37 UTC 2011

On Fri, 2011-12-16 at 14:22 -0500, Stéphane Graber wrote:
> On 12/16/2011 11:23 AM, Leann Ogasawara wrote:
> > On Wed, 2011-12-14 at 11:10 -0500, Mathieu Trudel-Lapierre wrote:
> >> Hi,
> >> 
> >> We're trying to enable IPv6 privacy extensions by default in 
> >> Ubuntu, and I've noticed issues applying the sysctl settings: 
> >> applying net.ipv6.conf.all.use_tempaddr which I'd expect, 
> >> readying docs, to be propagated to the underlying 
> >> interface-specific settings (e.g. 
> >> net.ipv6.conf.eth0.use_tempaddr) for already-available 
> >> interfaces; which does not work.
> >> 
> >> Ideally at boot-time, one would only need to set the following 
> >> settings: net.ipv6.conf.all.use_tempaddr   (to modify 
> >> already-up/added interfaces) net.ipv6.conf.default.use_tempaddr 
> >> (for future new interfaces)
> >> 
> >> I wrote the attached patch which appears to correctly set the 
> >> value of net.ipv6.conf.all.use_tempaddr on the interfaces when 
> >> changed. I would be very grateful if I could get some review on 
> >> that patch before submitting it upstream.
> >> 
> >> It seems as though the issue is generally reproduced for most of 
> >> the other ipv6 settings, and my reading of 
> >> Documentation/networking/ip-sysctls.txt and net/ipv6/Kconfig
> >> (the help entry for IPV6_PRIVACY), but I'm concentrating on just 
> >> use_tempaddr which is something we'd really need to make work.
> >> 
> >> For more information about these issues, I found 
> >> https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQ&ItemID=91
> >>
> >>
> >> 
> which also links two bugzilla.kernel.org bugs (which I unfortunately
> >> can't reach).
> > 
> > Hi Mathieu,
> > 
> > So I did some investigation and was able to uncover the following 
> > information from one of the bugzilla.kernel.org bugs (11655) you 
> > were unable to reach:
> > 
> > http://kerneltrap.org/mailarchive/linux-netdev/2008/10/3/3495284/thread
> >
> >
> > 
> Highlights include:
> > 
> > http://kerneltrap.org/mailarchive/linux-netdev/2008/10/13/3628434
> > 
> > From Dave Miller: "Not a bug.
> > 
> > These "global" setting have to be set to the desired value before 
> > the device is created.  And it is at creation time that these 
> > global values are "inherited" by the device.
> > 
> > Afterwards changes to the global value will not propagate to those
> >  devices again, because that might override a changed setting made
> >  by the user.
> > 
> > It is only newly created devices which get these values."
> > 
> > http://kerneltrap.org/mailarchive/linux-netdev/2008/10/13/3631594
> > 
> > From bug reporter: "I understand you are talking about 
> > /proc/sys/net/ipv6/conf/default/* controls. If so, it's ok, but I 
> > talked about /proc/sys/net/ipv6/conf/all/* controls. 
> > Documentation/networking/ip-sysctl.txt says:
> > 
> > conf/default/*: Change the interface-specific default settings.
> > 
> > 
> > conf/all/*: Change all the interface-specific settings.
> > 
> > so what is the difference between default and all in the context
> > of your statement? In my opinion, it could be understood that
> > default settings are inherited and those from "all" directory
> > change values for all current devices. "
> > 
> > http://kerneltrap.org/mailarchive/linux-netdev/2008/10/13/3639704
> > 
> > From Dave Miller: "Unfortunately not all "all" knobs are treated 
> > universally, only some of them all.
> > 
> > If you grep for "devconf_all" under net/ipv6 you'll see which ones
> >  get used and in what manner.
> > 
> > Of course, we'll need to tweak either the docs or the 
> > implementation to match :-)"
> > 
> > =======
> > 
> > Reading the above thread I would assume this is intended behavior 
> > and that the documentation needs updating.  However, it can't hurt 
> > sending your patch upstream.  The worst that can happen is it gets 
> > Nack'd.  I would like to see this clarified with upstream before
> > we consider carrying this in our tree.
> > 
> > Thanks, Leann
> > 
> >> It's also been discussed in the past on netdev 
> >> (http://markmail.org/thread/pxw4o7p2k3xn5vh3#query:+page:1 
> >> +mid:pxw4o7p2k3xn5vh3+state:results ) and on debian-kernel
> >> (can't find the thread again).
> >> 
> >> Please keep me in CC; I'm not subscribed to this list.
> >> 
> >> Regards,
> >> 
> >> -- Mathieu Trudel-Lapierre 
> >> <mathieu.trudel-lapierre at canonical.com> Freenode: cyphermox, 
> >> Jabber: mathieu.tl at gmail.com 4096R/EE018C93 1967 8F7D 03A1 8F38 
> >> 732E  FF82 C126 33E1 EE01 8C93
> 
> 
> Hmm, should Mathieu's patch be rejected upstream, what do you suggest
> we do in Ubuntu to change that setting?
> Should we propose another kernel patch that'd be Ubuntu-specific and
> change the hardcoded default for privacy extensions?

Lets wait and see what feedback we get from upstream.  That way we can
make an educated decision on how we should proceed.  From our point of
view, we really prefer to not have to deviate from upstream where
possible.

> Just saying that /all is basically identical to /default and should be
> changed before the interface appears isn't really going to help as our
> sysctls are pretty much always applied after the cards appeared (we
> even noticed that in some cases we are applying them too early :)).
> 
> In all cases, I agree that this should definitely be clarified as
> having /all not applying to all interfaces is utterly confusing...

I believe Mathieu has already started this conversation with upstream
[1].  It unfortunately appears he has not received a response.  I
mentioned to him on IRC that he should just send his patch as it's more
likely to get a response and should hopefully provide the clarification
he's looking for.

Thanks,
Leann

[1] http://marc.info/?l=linux-netdev&m=132285083905998&w=2