Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp471435rdb; Thu, 21 Dec 2023 15:12:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IFJZUSnPC0vfqYoMb+GzGJDi5OSUGMgzzPU5AyPABnaZdc0VfH57/yoYaTDy8XRs6srk1fP X-Received: by 2002:a05:6e02:19c5:b0:35f:b06b:2f7b with SMTP id r5-20020a056e0219c500b0035fb06b2f7bmr654277ill.34.1703200363749; Thu, 21 Dec 2023 15:12:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1703200363; cv=none; d=google.com; s=arc-20160816; b=AB+Zw4UUFIiTJ78bqowE+JizCKooWDMp/jUTo/zCh3ikqH6benSrJBQvMaZotA7WJV eVg+KZfDRSM2v5fcypIP0U+BnyQwaJtMxSYc53pnURGmPZ+nJ4PUEJ6ib59pSgYDQKTp m0euUoaeDo67cGiDGCZiw4WUFU2xHL8thNci5M39ofDZ4rbbOJ7IKSdDoFsex0+50l4/ gCw8Rq6BTsersLZz4UE7GLyDyAi0KK/PVTRFg83ixoE9JBMO+3C4/udjzcGOXHsxT9Ma 0y71Jdp4bAVdQ/Abp9iwQsm77shfo+leqXcvJqY043kqOBTnXY3ilCDSUJMTVfa1jmTr FrVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=DCyDcGB+njyvZgduAOSYZ57kEuruZLX4DxL5rDhZZEc=; fh=Ug9/6Qg50X5vTrAIW681VFlKg/lenwOOFkeWIt28l7c=; b=N6LZ0OWeThsehlMADorcL28l2rhaTxqu8fgx7QDzHD18nl8FIn39g8dKqQSgFqm1o3 gIi+KY5jSg9AREQ/UdgWvalhMsEIcY64t8wRrwX+OlnbYOKLk84p9nCG/Td1uMJUwdVI fQU++5/Giu7AAlpl/u7Uv5umGAwaRG4UnPusDzGO0tIF8iqrsC7YuCzW5u/yIStQkfae W2XzPXt4S/iw7k2llm23u+79jBDvTOQwUcYH4DE+qX1+M3w9Fbral80uDicuiY/a1qMW xDM9kEGvBhxvNJnFKWnMkaTNt+fdQPuJOFn2cfi8iRQZ0ym5AmgtumuySnLA/OevDdjZ OowQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@danm.net header.s=sig1 header.b=cXXV+fkJ; spf=pass (google.com: domain of linux-kernel+bounces-9152-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-9152-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id a71-20020a63904a000000b005be03f0da68si2301997pge.13.2023.12.21.15.12.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Dec 2023 15:12:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-9152-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@danm.net header.s=sig1 header.b=cXXV+fkJ; spf=pass (google.com: domain of linux-kernel+bounces-9152-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-9152-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 914A4B25548 for ; Thu, 21 Dec 2023 23:12:41 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C4C6F79478; Thu, 21 Dec 2023 23:12:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=danm.net header.i=@danm.net header.b="cXXV+fkJ" X-Original-To: linux-kernel@vger.kernel.org Received: from mr85p00im-zteg06022001.me.com (mr85p00im-zteg06022001.me.com [17.58.23.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2794C77620 for ; Thu, 21 Dec 2023 23:12:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=danm.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=danm.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=danm.net; s=sig1; t=1703200347; bh=DCyDcGB+njyvZgduAOSYZ57kEuruZLX4DxL5rDhZZEc=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=cXXV+fkJVcexXshAtBA9kqoVzxZi82it4LAoVoRl4eliL18HhCFsbd8RyT/tzi1Ks m7aaW3XhS8S+TqeuoeNyJ7IcQTl1s4KDvYUu07QGPU/Z6Pem/dO33pLm7xZ35AtckL FcNdEAmrnYLHV8jJgahIucatEc0iQgtfQLGeipUJeL0KtQLPx1eUKBDE5G/DyNc3k0 9dwLiRv2OwdHFU3jW3zQlhkrcX1agIKHQBMw4loHfRMDhWzIBy6kM8DZumG+tyBtqP dLuyeGgN5vb5Mb/+WL40zWSOBvIqMB24o1Rsx8uBodbrBJ1uYD+X2W2Fpc7oi8NNXZ A3hlQld2axaNw== Received: from hitch.danm.net (mr38p00im-dlb-asmtp-mailmevip.me.com [17.57.152.18]) by mr85p00im-zteg06022001.me.com (Postfix) with ESMTPSA id A7BD2800127; Thu, 21 Dec 2023 23:12:26 +0000 (UTC) From: Dan Moulding To: dan@danm.net Cc: Alex Henrie , "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [REGRESSION] net/ipv6/addrconf: Temporary addresses with short lifetimes generating when they shouldn't, causing applications to fail Date: Thu, 21 Dec 2023 16:10:57 -0700 Message-ID: <20231221231115.12402-1-dan@danm.net> X-Mailer: git-send-email 2.41.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-ORIG-GUID: 2x4J6n-3fdC5FS1JBV_-vkus0m_RhcGg X-Proofpoint-GUID: 2x4J6n-3fdC5FS1JBV_-vkus0m_RhcGg X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-21_11,2023-12-21_02,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 malwarescore=0 spamscore=0 phishscore=0 clxscore=1030 mlxlogscore=528 adultscore=0 suspectscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2312210177 I started running v6.7-rc5 on a desktop and began having problems where Chromium would frequently fail to load pages and give an "ERR_NETWORK_CHANGED" message instead. I also noticed instability in avahi-daemon (it would stop resolving local names and/or consume 100% CPU). Eventually I discovered that what is happening is that new temporary IPv6 addresses for a ULA address are being generated once every second, with very short preferred lifetimes (and I had an interface with thousands of such temporary addresses). I also found that it seems to be triggered when one of the devices on the network sends a router advertisement with a prefix that has a preferred lifetime of 0 (presumably it's sending that because it wants to deprecate that prefix). I bisected it to commit 629df6701c8a ("net: ipv6/addrconf: clamp preferred_lft to the minimum required"). Upon reviewing that change, I see that it has changed when generation of temporary addresses will be allowed. I believe that change might have inadvertently caused the kernel to violate RFC 4941 and might need to be reverted. In particular RFC 4941 specifies that the preferred lifetime of a temporary address must not be greater than the preferred lifetime of the public address it is derived from. However, this change allows a temporary address to be generated with a preferred lifetime greater than the public address' preferred lifetime. From RFC 4941: 4. When creating a temporary address, the lifetime values MUST be derived from the corresponding prefix as follows: * Its Valid Lifetime is the lower of the Valid Lifetime of the public address or TEMP_VALID_LIFETIME. * Its Preferred Lifetime is the lower of the Preferred Lifetime of the public address or TEMP_PREFERRED_LIFETIME - DESYNC_FACTOR. Previously temporary addresses would not be generated for an interface if the administratively configured preferred lifetime on that interface was too short. This change tries to avoid that, and allow generating temporary addresses even on interfaces with very short configured lifetimes, by simply increasing the preferred lifetime of the generated address. However, doing so runs afoul of the above requirement. It allows the preferred lifetime of the temporary address to be increased to a value that is larger than the public address' preferred lifetime. For example, in my case where the router advertisement causes the public address' preferred lifetime to be set to 0, the current code allows a temporary address to be generated with a preferred lifetime of (regen_advance + age + 1), which is obviously greater than 0. It also, in my case, leads to new temporary addresses with very short lifetimes being generated, about once every second, leading to the application-level issues I described above. Cheers, -- Dan