New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPv6 Compliance RFC4861: Redirected On-link: Valid (Hosts Only) [v6LC.2.3.1 Part C] #32527
Comments
So, I may misunderstand how Redirect message should be handled. If running with accept_ra=2, how kernel handles Redirect messages? What kind of entry is added to handle the subsequent echo packet in the expected way? |
Another possibility is that when the RA advertises a Prefix with Lifetime=0, then all routes with that prefix (including Redirect routes) get deleted. I'm not yet sure what the RFCs say about that |
I beilieve I have collected the evidence to direct a solution here. Please let me know your thoughts... The key question is, what mechanism is expected to remove a When using the native kernel (6.5.0-26), i.e.
Having BTW: I could not find a definitive statement in an RFC about the removal of Route to TN1:
|
Here is the RFC content that describes when to delete routes. The conclusion I draw from this is that the RFC4861, section 6.3.5: Timing out Prefixes and Default Routers
On the other topic... We were also wondering why Linux does not show the
So to observe the Destination Cache, I need to use one of:
Wrapping these commands so we can watch for changes, I get:
|
Hi @yuwata, I just wanted to clarify, that for the sake of conformance testing, we only need the routes with an expired prefix to be removed. For coordination, is this something you will be able to look into? Having a mechanism to timeout static redirect routes after a period of inactivity is a nice to have, but not a concern for conformance testing. [As an aside, To help with tracking, see the summary of current issues]. |
systemd version the issue has been seen with
256
Used distribution
Ubuntu 23
Linux kernel version used
6.5.0-17-generic
CPU architectures issue was seen on
x86_64
Component
systemd-networkd
Expected behaviour you didn't see
RA Prefix Cleanup is NOT cleaning up
This issue shows up in many tests, especially those that test REDIRECT. So I'll use this REDIRECT test (2.3.1c) as the basis for this issue.
Test v6LC.2.3.1: Redirected On-link: Valid (Hosts Only)
Purpose: Verify that a host properly processes valid Redirect messages when redirected on-link: (no Redirect Pkt Option)
Reference: RFC 4861, Section 4.6.1, 4.6.3, and 8.3
Network Configuration
Legend: TN1=Test Node, TR1=Test Router, HUT=Host Under Test
TR1 Pfx:
2001:2:0:1000/64
TN1 GA:
2001:2:0:1001:200:10ff:fe10:1180
(offlink address, but is physically onlink)HUT GA:
2001:2:0:1000:a00:27ff:fe1a:432/64
Procedure
Echo request Src="TN1 Offlink GA"
to HUT GA(2).Echo reply
to TR1 as first hop.Redirect Dst="TN1 GA" Target="TN1 GA"
to HUT.Echo request Src="TN1 Offlink GA"
to HUT GA.NS
for TN1's GA andEcho reply
to TN1 on-link.Unexpected behaviour you saw
There are two steps required to cause this failure:
networkd
recieves aREDIRECT
message targettingTN1 GA
and it updates the routing table and the test passes.REDIRECT
route persists. When we next ping theHUT
fromTN1 GA
, this causesnetworkd
to sendNS
forTN1 GA
, when the test is expecting anEcho Reply
.Comparing
networkd
behaviour with thenative kernel
behaviour, you can see that the kernel does NOT add a redirect route to the routing table. So it avoids this issue.Between test runs, if I manually delete the redirect route, the next test passes. ie. running this command after each test results in the next test passing:
Watch Systemd-Networkd Routing Table
Watch Kernel Native Routing Table
NOTE: This test was performed with
networkd
stopped and sycctlaccept_ra=2
, so this shows how the kernel native solution behaves.Steps to reproduce the problem
For reference only: Previous issue relating to Redirect is #31438.
Run the test twice. IF using tcpreplay, run the "pass" PCAP twice. The 2nd time it will fail.
v6LC_2_3_01c.zip
Additional program output to the terminal or log subsystem illustrating the issue
The text was updated successfully, but these errors were encountered: