Index | Thread | Search

From:
Florian Obser <florian@openbsd.org>
Subject:
Re: Use IPv6 /128 instead of /64 for PPP interfaces
To:
Denis Fondras <denis@openbsd.org>
Cc:
tech@openbsd.org
Date:
Sat, 16 Nov 2024 22:25:17 +0100

Download raw body.

Thread 
I'm probably missing something because I've never used PPP with IPv6.

What does this solve? It's not like you are going to run out of space in fe80::/10 and if the PPP server is attacking your ndp table you have bigger problems...
-- 
Sent from a small device. Please excuse interesting auto-correct.

16 Nov 2024 19:50:32 Denis Fondras <denis@openbsd.org>:

> While working on IPv6 for pppd(8), I tried to use the EUI64 address as the PPP
> local address and failed because the kernel does not allow to change the netmask
> from /64 to /128.
> I propose we change the netmask for PPP interfaces to /128. Having a /64 is
> useless anyway on a PPP link.
> 
> (the alternative would be to generate another local address in pppd(8) but it
> seems overkill to me and we end up we 2 link-local addresses).
> 
> What do you think ?
> 
> Denis
> 
> Index: share/man/man4/pppoe.4
> ===================================================================
> RCS file: /cvs/src/share/man/man4/pppoe.4,v
> diff -u -p -r1.36 pppoe.4
> --- share/man/man4/pppoe.4  27 May 2022 15:45:02 -0000  1.36
> +++ share/man/man4/pppoe.4  16 Nov 2024 17:51:53 -0000
> @@ -102,7 +102,7 @@ inet 0.0.0.0 255.255.255.255 NONE \e
> dest 0.0.0.1
> inet6 eui64
> !/sbin/route add default -ifp pppoe0 0.0.0.1
> -!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0
> +!/sbin/route add -inet6 default -ifp pppoe0 -iface fe80::%pppoe0
> .Ed
> .Pp
> The physical interface must also be marked
> Index: sys/netinet6/in6_ifattach.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet6/in6_ifattach.c,v
> diff -u -p -r1.122 in6_ifattach.c
> --- sys/netinet6/in6_ifattach.c 9 Jul 2023 19:06:48 -0000   1.122
> +++ sys/netinet6/in6_ifattach.c 16 Nov 2024 17:51:53 -0000
> @@ -266,7 +266,11 @@ in6_ifattach_linklocal(struct ifnet *ifp
> 
>     ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
>     ifra.ifra_prefixmask.sin6_family = AF_INET6;
> -   ifra.ifra_prefixmask.sin6_addr = in6mask64;
> +   if (ifp->if_type == IFT_PPP)
> +       /* There is no need to get a /64 for P2P links */
> +       ifra.ifra_prefixmask.sin6_addr = in6mask128;
> +   else
> +       ifra.ifra_prefixmask.sin6_addr = in6mask64;
>     /* link-local addresses should NEVER expire. */
>     ifra.ifra_lifetime.ia6t_vltime = ND6_INFINITE_LIFETIME;
>     ifra.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;