lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 13 Dec 2013 11:33:23 +0100
From:	Florent Fourcot <florent.fourcot@...t-bretagne.fr>
To:	Hannes Frederic Sowa <hannes@...essinduktion.org>
CC:	netdev@...r.kernel.org, fgont@...networks.com
Subject: Re: [PATCH RFC] ipv6: stable privacy addresses


> This is a preview for the interface I envison for IPv6 stable privacy
> addresses.


Great!

> +stable_address_secret - UNSIGNED LONG
> +	If stable privacy addresses are enabled then on the first
> +	write to this file link-local addresses are generated and
> +	router solicitions are send out. The generated addresses are

s/solicitions/solicitations/

> +	based on this secret.  If the same secret is reused across
> +	reboots the generated addresses will be the same.
> +

Do you not provide a configuration via netlink for the secret?


> +idgen_delay - INTEGER
> +	Seconds to delay another attempt to generate a stable privacy address.

Perhaps s/Seconds/Milliseconds/ ?



> +config IPV6_ADDRESS_GEN_MODE_STABLE_PRIVACY_V1
> +       bool "Stable privacy address generation v1"
> +       help
> +         Stable privacy address generation mode v1. Further
> +         information can be found here:
> +	 http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-16
> +
> +	 This option may need support from distributions to install
> +	 the stable secret early at boot up (otherwise link-local
> +	 addresses will be generated too late). If you don't have
> +	 services depending on link-local addresses on boot-up you can
> +	 activate this mode and install the stable secret any time
> +	 later by hand by writing it to
> +	 /proc/sys/net/ipv6/stable_privacy_secret.
> +

Here is your documentation inconsistent with before. The right file is
probably /proc/sys/net/ipv6/stable_address_secret

You configuration is for all interfaces the same, isn't? I would like a
configuration possibility per interface, to mix EUI64 and stable privacy
addresses on the same device.

In the same way, the configuration of the secret per interface could be
useful (simple example: two NIC on the same LAN).


> -static void addrconf_dad_stop(struct inet6_ifaddr *ifp, int dad_failed)
> +static void addrconf_dad_stop(struct inet6_ifaddr *ifp, bool dad_failed)
> 

The passage of dad_failed from int to bool is not directly connected
with this feature, can you maybe split it in another patch?


Florent.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ