lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Mar 2009 05:28:27 +0100 (CET) From: Kolbjørn Barmen <linux@...la.no> To: Vlad Yasevich <vladislav.yasevich@...com> cc: Brian Haley <brian.haley@...com>, davem@...emloft.net, yoshfuji@...ux-ipv6.org, linux@...la.no, netdev@...r.kernel.org Subject: Re: [PATCH] IPv6: Add 'autoconf' and 'disable_ipv6' module parameters On Tue, 24 Mar 2009, Vlad Yasevich wrote: > Brian Haley wrote: > > This is the quick and easy patch to add autoconf and > > disable_ipv6 module parameters to IPv6. I don't think anything > > more complicated is needed, assuming you play with the /etc > > configuration files. > > > > For example, if you wanted to enable IPv6 just on 'lo' you > > would: > > > > 1. Add "ipv6" to /etc/modules (if you don't, step #3 might fail) > > > > 2. Add this to /etc/modprobe.conf: > > > > options ipv6 disable_ipv6=1 > > > > 3. Add these to /etc/sysctl.conf: > > > > net.ipv6.conf.all.disable_ipv6=0 > > net.ipv6.conf.lo.disable_ipv6=0 > > This is kind of confusing. First you say, disable IPv6, then you say enable IPv6, but > nothing happens. Unless you typo-ed the 'all.disable_ipv6 = 0'... I bet that should have been "net.ipv6.conf.all.disable_ipv6=1" yes. :) > Also, it looks like if someone decides to switch IPv6 back on for a particular > interface, they would have to wait until the next RA to get an address. Not an > optimum solution. Isnt this the normal way anyways, or do new interfaces send some sort of "I'm new here, give me a prefix and router announcement, please!" normally when they go online? If so, maybe that should be done here as well. > > # ip -6 a > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 > > inet6 ::1/128 scope host > > valid_lft forever preferred_lft forever > > > > The wording can probably be cleaned-up a little in ipv6.txt, > > comments welcome. > > > > > > --------------------------------------------------------------- > > > > Add 'autoconf' and 'disable_ipv6' parameters to the IPv6 module. > > > > The first controls if IPv6 addresses are autoconfigured from > > prefixes received in Router Advertisements. The IPv6 loopback > > (::1) and link-local addresses are still configured. > > > > The second controls if IPv6 addresses are desired at all. No > > IPv6 addresses will be added to any interfaces. > > > > Signed-off-by: Brian Haley <brian.haley@...com> > > --- > > Documentation/networking/ipv6.txt | 37 +++++++++++++++++++++++++++++++++++++ > > include/linux/ipv6.h | 6 ++++++ > > net/ipv6/addrconf.c | 12 +++++++++--- > > net/ipv6/af_inet6.c | 22 +++++++++++++++++----- > > 4 files changed, 69 insertions(+), 8 deletions(-) > > > > diff --git a/Documentation/networking/ipv6.txt b/Documentation/networking/ipv6.txt > > index 268e5c1..9fd7e21 100644 > > --- a/Documentation/networking/ipv6.txt > > +++ b/Documentation/networking/ipv6.txt > > @@ -33,3 +33,40 @@ disable > > > > A reboot is required to enable IPv6. > > > > +autoconf > > + > > + Specifies whether to enable IPv6 address autoconfiguration > > + on all interfaces. This might be used when one does not wish > > + for addresses to be automatically generated from prefixes > > + received in Router Advertisements. > > + > > + The possible values and their effects are: > > + > > + 0 > > + IPv6 address autoconfiguration is disabled on all interfaces. > > + > > + Only the IPv6 loopback address (::1) and link-local addresses > > + will be added to interfaces. > > + > > + 1 > > + IPv6 address autoconfiguration is enabled on all interfaces. > > + > > + This is the default value. > > + > > +disable_ipv6 > > + > > + Specifies whether to disable IPv6 on all interfaces. > > + This might be used when no IPv6 addresses are desired. > > + > > + The possible values and their effects are: > > + > > + 0 > > + IPv6 is enabled on all interfaces. > > + > > + This is the default value. > > + > > + 1 > > + IPv6 is disabled on all interfaces. > > + > > + No IPv6 addresses will be added to interfaces. > > + > > diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h > > index 476d946..c662efa 100644 > > --- a/include/linux/ipv6.h > > +++ b/include/linux/ipv6.h > > @@ -169,6 +169,12 @@ struct ipv6_devconf { > > __s32 accept_dad; > > void *sysctl; > > }; > > + > > +struct ipv6_params { > > + __s32 disable_ipv6; > > + __s32 autoconf; > > +}; > > +extern struct ipv6_params ipv6_defaults; > > #endif > > > > /* index values for the variables in ipv6_devconf */ > > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > > index 8499da9..da6f01e 100644 > > --- a/net/ipv6/addrconf.c > > +++ b/net/ipv6/addrconf.c > > @@ -1784,6 +1784,7 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len) > > __u32 prefered_lft; > > int addr_type; > > struct inet6_dev *in6_dev; > > + struct net *net = dev_net(dev); > > > > pinfo = (struct prefix_info *) opt; > > > > @@ -1841,7 +1842,7 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len) > > if (addrconf_finite_timeout(rt_expires)) > > rt_expires *= HZ; > > > > - rt = rt6_lookup(dev_net(dev), &pinfo->prefix, NULL, > > + rt = rt6_lookup(net, &pinfo->prefix, NULL, > > dev->ifindex, 1); > > > > if (rt && addrconf_is_prefix_route(rt)) { > > @@ -1874,11 +1875,11 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len) > > > > /* Try to figure out our local address for this prefix */ > > > > - if (pinfo->autoconf && in6_dev->cnf.autoconf) { > > + if (pinfo->autoconf && in6_dev->cnf.autoconf && > > + net->ipv6.devconf_all->autoconf) { > > struct inet6_ifaddr * ifp; > > struct in6_addr addr; > > int create = 0, update_lft = 0; > > - struct net *net = dev_net(dev); > > > > if (pinfo->prefix_len == 64) { > > memcpy(&addr, &pinfo->prefix, 8); > > @@ -4378,6 +4379,11 @@ static int addrconf_init_net(struct net *net) > > dflt = kmemdup(dflt, sizeof(ipv6_devconf_dflt), GFP_KERNEL); > > if (dflt == NULL) > > goto err_alloc_dflt; > > + } else { > > + /* these will be inherited by all namespaces */ > > + all->autoconf = dflt->autoconf = ipv6_defaults.autoconf; > > + all->disable_ipv6 = dflt->disable_ipv6 = > > + ipv6_defaults.disable_ipv6; > > Why set 'all'? Since no interfaces are created yet, setting dflt accomplishes > what you want. How do you know that no interfaces are created? The IPv6 modules might not have been loaded on boot, but at a later stage. > > } > > > > net->ipv6.devconf_all = all; > > diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c > > index fbf533c..7278dce 100644 > > --- a/net/ipv6/af_inet6.c > > +++ b/net/ipv6/af_inet6.c > > @@ -72,9 +72,21 @@ MODULE_LICENSE("GPL"); > > static struct list_head inetsw6[SOCK_MAX]; > > static DEFINE_SPINLOCK(inetsw6_lock); > > > > -static int disable_ipv6 = 0; > > -module_param_named(disable, disable_ipv6, int, 0); > > -MODULE_PARM_DESC(disable, "Disable IPv6 such that it is non-functional"); > > +struct ipv6_params ipv6_defaults = { > > + .disable_ipv6 = 0, > > + .autoconf = 1, > > +}; > > + > > +static int disable_ipv6_mod = 0; > > + > > +module_param_named(disable, disable_ipv6_mod, int, 0444); > > +MODULE_PARM_DESC(disable, "Disable IPv6 module such that it is non-functional"); > > + > > +module_param_named(disable_ipv6, ipv6_defaults.disable_ipv6, int, 0444); > > +MODULE_PARM_DESC(disable_ipv6, "Disable IPv6 on all interfaces"); > > + > > +module_param_named(autoconf, ipv6_defaults.autoconf, int, 0444); > > +MODULE_PARM_DESC(autoconf, "Enable IPv6 address autoconfiguration on all interfaces"); > > > > static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk) > > { > > @@ -1013,7 +1025,7 @@ static int __init inet6_init(void) > > for(r = &inetsw6[0]; r < &inetsw6[SOCK_MAX]; ++r) > > INIT_LIST_HEAD(r); > > > > - if (disable_ipv6) { > > + if (disable_ipv6_mod) { > > printk(KERN_INFO > > "IPv6: Loaded, but administratively disabled, " > > "reboot required to enable\n"); > > @@ -1202,7 +1214,7 @@ module_init(inet6_init); > > > > static void __exit inet6_exit(void) > > { > > - if (disable_ipv6) > > + if (disable_ipv6_mod) > > return; > > > > /* First of all disallow new sockets creation. */ -- kolla -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists