IPv6 TODO

This page aims to be a collection of open IPv6 tasks need to be done in the FreeBSD kernel and userland.

Add a task to the "New/Unclassified" section as you find something new, take a task and let us know if you have the resources to work on it or ask if you are looking for someone to fix it for you. Main contact persons are BjoernZeeb (bz@), HirokiSato (hrs@). GeorgeNevilleNeil (gnn@) and others might also volunteer to help.

Further details for each task are given below.

Google Summer of Code

For Google Summer of Code some projects are too simple tasks and you might want to pick multiple. But be careful - some easy sounding tasks are really big. In case you have your own ideas we'd like to hear about them as well. We'd suggest you'd get in contact with the aforementioned committers and discuss things.

TOC

Contents

  1. IPv6 TODO
    1. Google Summer of Code
    2. TOC
  2. Kernel
    1. nd6 locking
    2. mld6 locking
    3. unlocked globals
    4. Rename in6p macros
    5. Assimilate v4 and v6 code
    6. PULLDOWN_TESTS and m_pullup
    7. No modification of in-flight variables
    8. IPv6 IPsec fallout
    9. MRT IPv6 support missing
    10. CARP IPv6
    11. IPv6 offloading capabilities
    12. in6_ifattach and bridge
    13. embedded scope in KAME
    14. NFS over IPv6
    15. IPv6 class
    16. Remove ip6protosw
    17. TCP-MD5 incoming support (GSoC)
    18. gre(4) over IPv6 (GSoC)
    19. PMTU blackhole detection
    20. IPv6 Loopback performance
    21. INET6 only
    22. Mobile IPv6
    23. RA and forwarding
    24. ff01/2::1 not ok in 9
    25. Make sure we pass TAHI again
  3. Firewalls
    1. pf frag6 handling
    2. ipfw(8) me[46]
    3. natd/divert/rdr/fwd IPv6 support
    4. ipfw frag6 issues
    5. NAT66
    6. cleanup ipfw syntax completely
  4. Transition Technologie
    1. stf icmp ratelimit issue for pmtu
    2. 6RD
    3. stf(4) performance
    4. DS-Lite (GSoC)
    5. XLATE
    6. NAT64/DNS64
  5. Userland
    1. IPv6 userland problems (GSoC)
    2. rpc and nfs code is very legacy IPish in places (GSoC)
    3. inetd.conf requires {tcp,udp}6 instead of just tcp in v6 only env
    4. cvs client inet only
    5. hast not v6 ready (GSoC)
    6. openssl s_client
    7. gethostbyname() (GSoC)
    8. routed broken
    9. DHCPv6
    10. rtadvd/rtsol(d)
    11. ntpd is logging multicast setsockopt errors
  6. New/Unclassified

Kernel

nd6 locking

The current locking is incomplete and cannot be easily implmented in some places leaving possible race conditions.

This should possibly addressed with reworking the if/ifaddr locking using a read-mostly lock.

mld6 locking

mld6 locking state is unknown after the update from BruceSimpson for 8.0. Re-check.

unlocked globals

Some global variables are used to cache state either for fast lookup or to actually keep state between different functions in the input/output paths. There is no locking and thus races are easy leading to panics or invalid results.

Some of these have been removed in the past. Review the list which is easier to identify these days due to the VNET flagging.

Rename in6p macros

For IPv6 a lot of inp values are aliased to in6p using macros. This is confusing and unhelpful these days when searching for certain fields for example.

Quite a few have been renamed already. Recheck for current leftovers.

Should have been done with VIMAGE integration to not mangle the trees too often?

Assimilate v4 and v6 code

IPv4 and IPv6 have a lot of similar code for upper layer protocols. A lot of those duplicate code can be merged into a single function without code obfuscation or much effort and will help maintanance and make sure the one or other IPv[46] implementation is not missed.

Quite a bit of that has happened already.

PULLDOWN_TESTS and m_pullup

The original KAME (regression) checks based on certain mbuf assumptions are intermangled in the code. We should make sure that things just work with the general mbuf usage we do, not assuming anything more special and remove the tests to make the code more readable.

Coordinate with whomever will touch mbufs next (jeffr, rwatson, ..?)

There is an outdated work in progress in p4:bz_ipv6(?).

No modification of in-flight variables

For IPv4 inp handling we are trying hard to be able to not have any comitted changes in case of error. For IPv6 inp handling and in general on the stack we sometimes update state for called functions to have it availabale but can no longer properly rollback in case of error leaving us in an unknown state.

Some initial changes were done along with the inp and jail+v6 changes.

IPv6 IPsec fallout

With implementing IPv6 support for FAST_IPSEC (now know as IPSEC) and removing KAME IPsec there are some lose ends and problems that need to be addressed, including panics and missing features like v4-over-v6 or v6-over-v4 support.

MRT IPv6 support missing

Multiple Routing Tables (MRT) [actually mulit-FIB] support was added for IPv4 only and is limited to 16 FIBS due to the usage of left over mbuf bits. IPv6 support is completly missing.

CARP IPv6

Carp and IPv6 did not work out of the box. It seemed to be a rc.* startup problem.

Review if still true. Might most likely be fixed.

PR kern/153848

IPv6 offloading capabilities

WE have various offload capabilities these days but are lacking fine grained flags to turn them on and off individually for IPv4 and IPv6, which are needed due to buggy silicons or cards only able to do one but not the other. In addition we are missing glue code for TSO, LRO, .. that modern cards already support but we cannot make use of.

in6_ifattach and bridge

in6_ifattach() behaves special when trying to assign a link-local address to a bridge. That should not be fixed.

embedded scope in KAME

KAME did embed the scope in the address (probably for memory reasons back then). This troubles things here and then. We should try to see if we can normalize things.

NFS over IPv6

Old NFS v6 mount "hangs", was that nlm or not? NFS v6 netboot code support from loader onwards (nfsclient basically). UEFI/EFI netboot?

struct sockaddr_in {}s everywhere. Can see endless mount retries and failures if going IPv6 only.

IPv6 class

Implement IPv6 class support in all places.

Remove ip6protosw

ip6protosw is special and we are doing casts in code. Assimilate with IPv4 code and remove ip6protosw.

There is an outdated work in progress in p4:bz_ipv6(?).

TCP-MD5 incoming support (GSoC)

TCP-MD5 incoming validation support is missing (for IPv4 as well).

Comments:

can be combined with other kernel tasks.

gre(4) over IPv6 (GSoC)

Implement gre(4) over IPv6 suport, possibly take from NetBSD. bz might still have patches.

Comments:

can be combined with other kernel tasks.

PMTU blackhole detection

MTU blackhole detection (RFC 2923) for IPv6.

Note: ume points out the patch in the PR is not good enough.

IPv6 Loopback performance

IPv6 Loopback performance is significantly lower than IPv4. Run PCM, figure out all the bottlenecks -- it's not (only) the checksumming.

INET6 only

Update perforce branch and start moving #ifdef INET checks to SVN HEAD permitting compiling out IPv4. Start introducint WIHTOUT_INET src.conf option for userland.

Snapshots available: IPv6Only

Mobile IPv6

Should we try to pick up Mobile IPv6 work, update the locking and get it in?

HirokiSato could contact people with SHISA (ex KAME implementation).

RA and forwarding

RA and forwarding is currently undefined but discussed at IETF. Add default route with zero lifetime?

Committed necessary changes: http://svnweb.freebsd.org/base?view=revision&revision=222728

In 9.X, RA messages arrived at an RA-receiving interface can be used for SLAAC even if the IPv6 packet forwarding is enabled. A knob to control whether updating the default router list has been added.

ff01/2::1 not ok in 9

ff01/2::1 handling seems ok in 8.1 but not in 9.0.

Make sure we pass TAHI again

FreeBSD is currently not passing all TAHI tests.

Firewalls

pf frag6 handling

pf cannot handle IPv6 fragements. There is a gap in the code even though the comment for that might be gone today.

2011-01 Simon Perreault has a patch for the latest pf in OpenBSD. Ask bz@

ipfw(8) me[46]

ipfw(8) has "me" and "me6", suggest to add "me4" as a synonym for IPv4.

natd/divert/rdr/fwd IPv6 support

natd(8) doesn't support IPv6 (probably caused by absence of an IPv6 divert socket) divert(4) should have an IPv6 equivalent.

Follow nat66 etc. discussion in IETF before implementing anything.

According to ErmalLuci pf can do prefix rewriting. Anyone Checked?

ipfw frag6 issues

See PR.

NAT66

Do we want to support prefix rewriting (NAT66)? According to Ermal pf support it. Really?

cleanup ipfw syntax completely

ipfw syntax with reagrd to ipv6 (if not also ipv4) is awkward and complicated and non-intuitive. Break backward compatibility and clean the mess up. Maybe have a coverter?

Transition Technologie

stf icmp ratelimit issue for pmtu

Should (at least) be documented in the man page.

6RD

A patch on top of stf(4) was posted to net@. It might need minor improvements but we should get it finished and in.

stf(4) performance

Someone had mentioned to him that stf(4) has performance issues. Shuld we consider fixing it given that 6to4 is considered "bad"? On the other hand people will have to run it for another couple of years.

DS-Lite (GSoC)

IETF work. Shoud we implement it. Might be simple enough to support?

Be aware of ISC AFTR which implements the 'other side' and can be used to tests against.

XLATE

Hoh, why are people pondering some many different names for transition technology. What's this and is it worth looking?

NAT64/DNS64

There is a patch for unbound from Viagenie and newer BINDs support DNS64. There is also a NAT64 implementation for pf based on a patch from Viagenie. need to get these in.

Userland

IPv6 userland problems (GSoC)

Many userland network utilities do not work correctly with IPv6.

who(1) truncates IPv6 addresses in its output (still true?). This project could also include a broader survey of other network services in userland to make sure they are all IPv6 clean.

rpc and nfs code is very legacy IPish in places (GSoC)

rpc.statd(8) is not IPv6 clean. rpc.rquotad(8) is not IPv6 clean.

inetd.conf requires {tcp,udp}6 instead of just tcp in v6 only env

If running inetd in an IPv6 only setup all services need changing to tcp6 oder udp6 rather than working with the default of tcp and udp.

cvs client inet only

Our in-tree cvs client is INET-only for pserver mode. Patch available for testing: http://people.freebsd.org/~bz/patch-20110103-01-cvs-client-ipv6-pserver.diff

hast not v6 ready (GSoC)

Hastd(8) is not IPv6 ready yet. Configuration needs to be adjusted as well as socket handling.

doing thorough regression tests.

openssl s_client

openssl is a gethostbyname() user as well, not only for s_client.

gethostbyname() (GSoC)

Given the experience with cvs and openssl, scan the entire tree for gethostbyname() et. al consumers and fix them to do better name lookups.

routed broken

routed / route6d are broken? Keep in base and fix or remove from base and possibly use ports?

DHCPv6

Evaluate and integrate one of the DCHPv6 implementations.

rtadvd/rtsol(d)

Bring rtadvd and rtsol(d) up-to-date implementing the latest RFCs. Consider redoing parts to avoid races, be more dynamic and support script hooks on certain events. Make it carp/HA friendly. Provide backward compatibility for non-official (experimental) IDs.

openresolv got imported. http://lists.freebsd.org/pipermail/freebsd-net/2011-March/028299.html

RDNSS and DNSSL option in RFC 6106 handling got committed: http://svnweb.freebsd.org/base?view=revision&revision=222732

ntpd is logging multicast setsockopt errors

ntpd is regularly logging setsockopt IP_MULTICAST_LOOP failure.

Patch to correct the logging submitted upstream; it should say IPV6_MULTICAST_LOOP. Still need to investigate the cause.

New/Unclassified

CategoryTODO

IPv6TODO (last edited 2012-02-03 03:17:33 by BjoernZeeb)