On Fri, Nov 15, 2024 at 12:59:27PM -0800, Sam Edwards wrote:
> Hi Hangbin,
>
> My apologies, I should have shared my version of the check function
> before. Here it is:
>
> ```bash
> # Called to validate the addresses on $IFNAME:
> #
> # 1. Every `temporary` address must have a matching `mngtmpaddr`
> # 2. Every `mngtmpaddr` address must have some un`deprecated` `temporary`
Thanks, this is much clear.
> #
> # Fails the whole test script if a problem is detected, else returns silently.
> validate()
> {
> mng_prefixes=()
> undep_prefixes=()
> temp_addrs=()
>
> while read -r line; do
> line_array=($line)
> address="${line_array[1]}"
> prefix="$(echo "$address" | cut -d: -f1-4)::/64"
> if echo "$line" | grep -q mngtmpaddr; then
> mng_prefixes+=("$prefix")
> elif echo "$line" | grep -q temporary; then
> temp_addrs+=("$address")
> if echo "$line" | grep -qv deprecated; then
> undep_prefixes+=("$prefix")
> fi
> fi
> done < <(ip -6 addr show dev $IFNAME | grep '^\s*inet6')
>
> # 1. All temporary addresses (temp and dep) must have a matching mngtmpaddr
> for address in ${temp_addrs[@]}; do
> prefix="$(echo "$address" | cut -d: -f1-4)::/64"
> if [[ ! " ${mng_prefixes[*]} " =~ " $prefix " ]]; then
> echo "FAIL: Temporary $address with no matching mngtmpaddr!";
> exit 1
> fi
> done
>
> # 2. All mngtmpaddr addresses must have a temporary address (not dep)
> for prefix in ${mng_prefixes[@]}; do
> if [[ ! " ${undep_prefixes[*]} " =~ " $prefix " ]]; then
> echo "FAIL: No undeprecated temporary in $prefix!";
> exit 1
> fi
> done
> }
> ```
>
> Of course this is using awful text parsing and not JSON output. But
> the idea is that it groups addresses by their /64 prefix, to confirm
> that every /64 containing a mngtmpaddrs address also contains an
> undeprecated temporary, and that every /64 containing a temporary
> (deprecated or not) contains a mngtmpaddrs.
And I will modify and use your checking version.
>
> This can be extended for the lifetime checking: when we build the set
> of mngtmpaddrs /64s, we also note the valid/preferred_life_time values
> for each mngtmpaddr. Then later when we confirm rule 1 (all temporary
> addresses must have a matching mngtmpaddr) we also confirm that each
> temporary does not outlive the mngtmpaddr in the same /64.
Since we add all mngtmpaddrs manually, which valid/preferred_life_time
will be forever. So we only need to check the temporary addresses'
valid/preferred_life_time, right? And on the other hand, the preferred_lft
maybe 0 in my example.
inet6 2001::743:ec1e:5c19:404f/64 scope global temporary dynamic
valid_lft 25sec preferred_lft 5sec
inet6 2001::938f:432:f32d:602f/64 scope global temporary dynamic
valid_lft 19sec preferred_lft 0sec
It looks we only need to check the valid_lft. Am I miss anything?
Thanks
Hangbin
