[systemd-devel] Networkd's IPv6 Compliance Issues
Muggeridge, Matt
matt.muggeridge2 at hpe.com
Wed Jul 26 19:17:53 UTC 2023
> -----Original Message-----
> From: Stephen Hemminger <stephen at networkplumber.org>
> Sent: Thursday, July 27, 2023 2:04 AM
> To: Muggeridge, Matt <matt.muggeridge2 at hpe.com>
> Cc: systemd-devel at lists.freedesktop.org
> Subject: Re: [systemd-devel] Networkd's IPv6 Compliance Issues
>
> On Wed, 26 Jul 2023 03:23:14 +0000
> "Muggeridge, Matt" <matt.muggeridge2 at hpe.com> wrote:
>
> > Hi,
> >
> > Recently, we ran a test suite to check networkd's conformance to IPv6
> Protocol (see
> https://www.ipv6ready.org/resources.html
> NpxR!nFJaK0aGQPinj4D6Vhsk6r-oxzcFLJzPNuYIoelLyAa9wFlQ2Eass0RiLOldLz-
> OIADX3SogGJEfZSwSSDPLAFgna4U$ ). I found a large number of test failures
> (more than 80) and after examining a small number of them, it became clear
> that networkd's implementation of IPv6 protocol does not meet various RFC's
> MUST and SHOULD requirements.
> >
> > With so many IPv6 protocol compliance failures, it's not practical for me to
> raise an issue for every failing case. Instead, I created a summary in
> https://github.com/systemd/systemd/issues/28502.
> >
> > How would you like to handle these failing cases?
> >
> > Is there any more information you need from me?
> >
> > Kind regards,
> > Matt.
> > PS: Credit to the developers for quickly responding to a couple of the issues.
> >
> >
>
> Why do you think these are systemd issues?
> A quick look at the list shows most of these are from Linux kernel
> implementation
Hi Stephen,
We ran the same test suite with systemd-networkd stopped and the tests passed. i.e. the kernel implementation is conformant, the networkd implementation is not.
Evidently, systemd-networkd injects itself into the protocol exchange by intercepting IPv6 RAs. In fact, it configures the kernel to disable the sysctl accept_ra attribute, so the kernel is taken out of the RA conversation. Unfortunately, networkd does not handle the RAs in a compliant fashion.
Rather than take my word for it, as an example, look at the solutions for issues: #28437 fixed by PR#28446 and #28439 fixed by PR#28496. I started by posting issues for each failing case, but there are too many of them.
In summary, networkd is part of the IPv6 protocol and it is not IPv6 compliant.
Matt.
PS: as much as you are dismayed by this, as was I.
More information about the systemd-devel
mailing list