[systemd-devel] Networkd's IPv6 Compliance Issues

Stephen Hemminger stephen at networkplumber.org
Wed Jul 26 19:52:11 UTC 2023


On Wed, 26 Jul 2023 19:17:53 +0000
"Muggeridge, Matt" <matt.muggeridge2 at hpe.com> wrote:

> > -----Original Message-----
> > From: Stephen Hemminger <stephen at networkplumber.org>
> > Sent: Thursday, July 27, 2023 2:04 AM
> > To: Muggeridge, Matt <matt.muggeridge2 at hpe.com>
> > Cc: systemd-devel at lists.freedesktop.org
> > Subject: Re: [systemd-devel] Networkd's IPv6 Compliance Issues
> > 
> > On Wed, 26 Jul 2023 03:23:14 +0000
> > "Muggeridge, Matt" <matt.muggeridge2 at hpe.com> wrote:
> >   
> > > Hi,
> > >
> > > Recently, we ran a test suite to check networkd's conformance to IPv6  
> > Protocol (see
> > https://www.ipv6ready.org/resources.html
> > NpxR!nFJaK0aGQPinj4D6Vhsk6r-oxzcFLJzPNuYIoelLyAa9wFlQ2Eass0RiLOldLz-
> > OIADX3SogGJEfZSwSSDPLAFgna4U$ ).  I found a large number of test failures
> > (more than 80) and after examining a small number of them, it became clear
> > that networkd's implementation of IPv6 protocol does not meet various RFC's
> > MUST and SHOULD requirements.  
> > >
> > > With so many IPv6 protocol compliance failures, it's not practical for me to  
> > raise an issue for every failing case. Instead, I created a summary in
> > https://github.com/systemd/systemd/issues/28502.  
> > >
> > > How would you like to handle these failing cases?
> > >
> > > Is there any more information you need from me?
> > >
> > > Kind regards,
> > > Matt.
> > > PS: Credit to the developers for quickly responding to a couple of the issues.
> > >
> > >  
> > 
> > Why do you think these are systemd issues?
> > A quick look at the list shows most of these are from Linux kernel
> > implementation	  
> 
> Hi Stephen,
> 
> We ran the same test suite with systemd-networkd stopped and the tests passed. i.e. the kernel implementation is conformant, the networkd implementation is not.
> 
> Evidently, systemd-networkd injects itself into the protocol exchange by intercepting IPv6 RAs. In fact, it configures the kernel to disable the sysctl accept_ra attribute, so the kernel is taken out of the RA conversation. Unfortunately, networkd does not handle the RAs in a compliant fashion.
> 
> Rather than take my word for it, as an example, look at the solutions for issues: #28437 fixed by PR#28446 and #28439 fixed by PR#28496. I started by posting issues for each failing case, but there are too many of them.
> 
> In summary, networkd is part of the IPv6 protocol and it is not IPv6 compliant.
> 
> Matt.
> PS: as much as you are dismayed by this, as was I.
> 

Ok, I was looking at the multipath issues and thinking it was part of the routing stack.
But right if NM captures RA's it is the problem.


More information about the systemd-devel mailing list