On Fri, Nov 15, 2024 at 12:59:27PM -0800, Sam Edwards wrote:
Hi Hangbin,
My apologies, I should have shared my version of the check function before. Here it is:
# Called to validate the addresses on $IFNAME: # # 1. Every `temporary` address must have a matching `mngtmpaddr` # 2. Every `mngtmpaddr` address must have some un`deprecated` `temporary`
Thanks, this is much clear.
# # Fails the whole test script if a problem is detected, else returns silently. validate() { mng_prefixes=() undep_prefixes=() temp_addrs=()
while read -r line; do line_array=($line) address="${line_array[1]}" prefix="$(echo "$address" | cut -d: -f1-4)::/64" if echo "$line" | grep -q mngtmpaddr; then mng_prefixes+=("$prefix") elif echo "$line" | grep -q temporary; then temp_addrs+=("$address") if echo "$line" | grep -qv deprecated; then undep_prefixes+=("$prefix") fi fi done < <(ip -6 addr show dev $IFNAME | grep '^\s*inet6') # 1. All temporary addresses (temp and dep) must have a matching mngtmpaddr for address in ${temp_addrs[@]}; do prefix="$(echo "$address" | cut -d: -f1-4)::/64" if [[ ! " ${mng_prefixes[*]} " =~ " $prefix " ]]; then echo "FAIL: Temporary $address with no matching mngtmpaddr!"; exit 1 fi done # 2. All mngtmpaddr addresses must have a temporary address (not dep) for prefix in ${mng_prefixes[@]}; do if [[ ! " ${undep_prefixes[*]} " =~ " $prefix " ]]; then echo "FAIL: No undeprecated temporary in $prefix!"; exit 1 fi done}
Of course this is using awful text parsing and not JSON output. But the idea is that it groups addresses by their /64 prefix, to confirm that every /64 containing a mngtmpaddrs address also contains an undeprecated temporary, and that every /64 containing a temporary (deprecated or not) contains a mngtmpaddrs.
And I will modify and use your checking version.
This can be extended for the lifetime checking: when we build the set of mngtmpaddrs /64s, we also note the valid/preferred_life_time values for each mngtmpaddr. Then later when we confirm rule 1 (all temporary addresses must have a matching mngtmpaddr) we also confirm that each temporary does not outlive the mngtmpaddr in the same /64.
Since we add all mngtmpaddrs manually, which valid/preferred_life_time will be forever. So we only need to check the temporary addresses' valid/preferred_life_time, right? And on the other hand, the preferred_lft maybe 0 in my example.
inet6 2001::743:ec1e:5c19:404f/64 scope global temporary dynamic valid_lft 25sec preferred_lft 5sec inet6 2001::938f:432:f32d:602f/64 scope global temporary dynamic valid_lft 19sec preferred_lft 0sec
It looks we only need to check the valid_lft. Am I miss anything?
Thanks Hangbin