RDNSS: support more ipv6 addresses #193
Conversation
| @@ -594,6 +596,12 @@ static struct safe_buffer_list *add_ra_options_rdnss(struct safe_buffer_list *sb | |||
|
|
|||
| memset(&rdnssinfo, 0, sizeof(rdnssinfo)); | |||
|
|
|||
| size_t const bytes = sizeof(rdnssinfo) + sizeof(struct in6_addr) * rdnss->AdvRDNSSNumber; | |||
| if (bytes > (256 * 8)) { | |||
There was a problem hiding this comment.
Why did you pick 2048?
- 1280 bytes is the min IPv6 MTU; what would happen in that case?
- can radvd safely send multiple RA packets with different RDNSS entries? (other framework code for example splits large options into their own packets)
There was a problem hiding this comment.
in my opinion
1、The IPv6 MTU value may change the processing of the kernel protocol stack.
2、RDNSS 2048 is consistent with DNSSL packet maximum in radvd
Do you have any good suggestions for me?
|
Please amend the commit to include a |
|
Compile failure, wonder if you missed something? |
robbat2
changed the title
|
I've got some tests kicking around to add as well after you have it fixed. |
More testing, expected to fail until PR#193 is merged. Reference: radvd-project#193 Signed-off-by: Robin H. Johnson <[email protected]>
@WenChao1Hou that is up-to-you. So when it is day again in your time zone, please add |
it was an oversight on my part,The variable name was not updated in time when submitted, I will update MR as soon as possible |
RFC 6106 recommended that the number of RDNSS addresses thatshould be learned and maintained through the RDNSS RA option should be limited to three. RFC 8106 removes that recommendation; thus, the number of RDNSS addresses to maintain is determined by an implementer's local policy.The number of RDNSS addresses to maintain is determined by the user's own profile Signed-off-by: WenChao1Hou <[email protected]>
|
We had merged this patch downstream at this code state https://svn.dd-wrt.com/changeset/50745, I did not test it myself but clearly it caused some instability and was reverted One such report https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1275031#1275031
|
|
Just catching up here....why are more than 3 RDNS servers needed? I saw that more than three doesn't work, but I did NOT see any explanation as to why more than three are needed. |
There isn't really a huge need for more than three, but it would be nice if the program didn't crash or error out if more are listed in the config file. The problem I ran into was in a downstream project when I wanted to specify two dns servers and the program was already adding two servers it had received from another network broadcast or dhcp interaction. radvd was silently exiting in the background and my local network wasn't getting advertisements. |
|
Ack. It's been a long time since I've work on this code... Nonetheless I have concerns that not having a hard limit would eventually lead to MTU issues. At the same time I'm not sure that exiting the program is also the right thing to do. Not sure. Maybe best effort is good enough, maybe not. |
|
Dear all, All people are welcome to comment the current situation, we are in December 2024, a perfect patch is needed. It is really important to respect the RFC8106: IPv6 Router Advertisement Options for DNS Configuration: @agowa, @AdSchellevis, @fichtner, @marjohn56, @bmeirellesRJ, @mhanor, @stu-gott, @wcbonner, @the-j0k3r, @WenChao1Hou, @BrainSlayer, @Mile-Lile, @bnutzer, @stu-gott, @MarioVerbelen, @ruben-herold, @ipilcher, @pyk1998, @romanrm, @corvus1, @ihipop If you know some IPv6 specialists, please come here, there are several tickets, thanks in advance. |
|
@robbat2, @reubenhwk, @stappersg, @RICCIARDI-Adrien, @y-kzm, @fichtner, @melroy89, @xdbob, @audreylace, @XWwalker, @initramfs, @thesamesam, @jetomit, @mpontillo, @kepstin, @oskar456, @zajdee, @yas-nyan, @gaoxingwang, @juhamatk, @manonfgoo, @andrew-sayers, @jpds, @steglicd, @samboyles1, @nomis, @haegar, @ezeeyahoo, @Testsr, @landgraf, @hxx-fetch, @prometheanfire, @tlsalmin, @ffontaine, @BrainSlayer, @Chocobo1, @sshambar, @bluca, @dhallas, @florianl, @fooker, @trofi, @l29ah, @thediveo, @smlng, @candrews, @alexaring, @steglicd, @pavlix, @Erkan-Yilmaz, @abrodkin, all others: What do you think? All people are welcome to comment, help... If you know other IPv6 experts, specialists, it will be nice too. This PR needs to be followed by this @robbat2 PR: Linked to the next 2.20 release build: Some other tickets can be solved too: Thanks in advance, we need to have a good 2.20 since 2.19 (2020-09-23). |
|
|
As a compromise that should work for most reasonable cases I can imagine right now radvd could behave the following way:
One could argue that randomizing the list of excessive RDNSS each time a RA is sent and then picking as many from the top as fit within 1280 bytes would eventually allow all RDNSS to he announced at least once. However, this makes RADVD unpredictable in behavior which is bad. Predictable is important for reliable testing and debugging. It is more important than following the letter of the RFC. Well tested, reasonable behavior is better than covering all use cases. My suggestion for moving forward: Limit RDNSS to a reasonable number. 2048 is too many. We can barely fit 70 in there even if we could use the entire packet minus header for 16 bytes addresses. Now how many RDNSS can we fit in for a reasonable scenario? Maybe one where RDNSS is the only option and we don’t even have a Prefix option. That is the most somewhat reasonable scenario I can think of. The limit should be at max this number. The math shall be provided in the commit message for future archeology. HTH |
|
I would expect a test in: https://github.com/radvd-project/radvd/tree/master/test (which is normally part of the same delivery) |
Reference: radvd-project#193 Signed-off-by: Robin H. Johnson <[email protected]>
This is based on PR#193, with significant cleanups & safety checks added. - RFC 6106 section 5.3.1 recommended that the number of RDNSS addresses should be limited to three, however that was for clients, not servers. - RFC 8106 section 5.3.1 clarified the recommendation to at least 3 from multiple sources. Based on this, set the limit for a single RDNSS section to 127 servers in radvd, based on the size of the length field. Note that it may cause fragmentation as the single option exceeds usable RA option space (MTU less headers); and server configurations should generally use fewer. See also the RFC6106 errata & RFC6980 section 2 for behaviors of very large RA options. Reference: https://www.rfc-editor.org/errata/rfc6106 Reference: https://datatracker.ietf.org/doc/html/rfc6980#section-2 Reference: https://datatracker.ietf.org/doc/html/rfc6106#section-5.3.1 Reference: https://datatracker.ietf.org/doc/html/rfc8106#section-5.3.1 Based-on: radvd-project#193 Based-on-work-by: WenChao1Hou <[email protected]> Signed-off-by: Robin H. Johnson <[email protected]>
|
Replaced by #245 |
This is based on PR#193, with significant cleanups & safety checks added. - RFC 6106 section 5.3.1 recommended that the number of RDNSS addresses should be limited to three, however that was for clients, not servers. - RFC 8106 section 5.3.1 clarified the recommendation to at least 3 from multiple sources. Based on this, set the limit for a single RDNSS section to 127 servers in radvd, based on the size of the length field. Note that it may cause fragmentation as the single option exceeds usable RA option space (MTU less headers); and server configurations should generally use fewer. See also the RFC6106 errata & RFC6980 section 2 for behaviors of very large RA options. Reference: https://www.rfc-editor.org/errata/rfc6106 Reference: https://datatracker.ietf.org/doc/html/rfc6980#section-2 Reference: https://datatracker.ietf.org/doc/html/rfc6106#section-5.3.1 Reference: https://datatracker.ietf.org/doc/html/rfc8106#section-5.3.1 Based-on: radvd-project#193 Based-on-work-by: WenChao1Hou <[email protected]> Signed-off-by: Robin H. Johnson <[email protected]>
RFC 6106 recommended that the number of RDNSS addresses thatshould be learned and maintained through the RDNSS RA option should be limited to three. RFC 8106 removes that recommendation; thus, the number of RDNSS addresses to maintain is determined by an implementer's local policy.The number of RDNSS addresses to maintain is determined by the user's own profile
Fix:#182