[Swan-dev] [libreswan/libreswan] IPv6 config fails to get loaded when IPv6 interface is restarted, as there is a delay in IPv6 address update to /proc/net/if_inet6 (Issue #1287)

[Paul Wouters]

On Sun, 24 Sep 2023, Pidda wrote:

> find_raw_ifaces6() skips IPv6 addresses in tentative state when read from /proc/net/if_inet6, whenever whack listens.
> This is actually a concern because my IPv6 configuration did not get loaded on interface restart.
> The IPv6 address assignment happens post DAD (Duplicate Address Detection). During this process the IPv6 addresses if present in /proc/net/if_inet6
> will be marked as tentative. Since libreswan's find_raw_ifaces6() relies on /proc/net/if_inet6 file to read, it will skip the addresses in
> tentative state.
> 
> For now, as a workaround, I am polling the /proc/net/if_inet6 file to have IPv6 address for DAD completion. If not done, then the delay imposed by
> DAD will affect libreswan reading the IPv6 addresses.
> 
> Let me know if this behavior from libreswan will remain as it is or you have some plans to handle it efficiently?

This behaviour should be changed. The pluto deamon should look for IPv6
updates via netlink and then rerun the connection orienting code.