lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1423133478.16980.16.camel@stressinduktion.org>
Date:	Thu, 05 Feb 2015 11:51:18 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Erik Kline <ek@...gle.com>
Cc:	netdev@...r.kernel.org, lorenzo@...gle.com
Subject: Re: [PATCH net v4] net: ipv6: allow explicitly choosing optimistic
 addresses

Hi,

On Mi, 2015-02-04 at 20:01 +0900, Erik Kline wrote:
> RFC 4429 ("Optimistic DAD") states that optimistic addresses
> should be treated as deprecated addresses.  From section 2.1:
> 
>    Unless noted otherwise, components of the IPv6 protocol stack
>    should treat addresses in the Optimistic state equivalently to
>    those in the Deprecated state, indicating that the address is
>    available for use but should not be used if another suitable
>    address is available.
> 
> Optimistic addresses are indeed avoided when other addresses are
> available (i.e. at source address selection time), but they have
> not heretofore been available for things like explicit bind() and
> sendmsg() with struct in6_pktinfo, etc.
> 
> This change makes optimistic addresses treated more like
> deprecated addresses than tentative ones.
> 
> Signed-off-by: Erik Kline <ek@...gle.com>

Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org>

> ---
>  include/net/addrconf.h |  3 +++
>  net/ipv6/addrconf.c    | 19 +++++++++++++++++--
>  net/ipv6/ndisc.c       |  4 +++-
>  3 files changed, 23 insertions(+), 3 deletions(-)
> 
> diff --git a/include/net/addrconf.h b/include/net/addrconf.h
> index d13573b..80456f7 100644
> --- a/include/net/addrconf.h
> +++ b/include/net/addrconf.h
> @@ -62,6 +62,9 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg);
>  
>  int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
>  		  const struct net_device *dev, int strict);
> +int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
> +			    const struct net_device *dev, int strict,
> +			    u32 banned_flags);
>  
>  #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
>  int ipv6_chk_home_addr(struct net *net, const struct in6_addr *addr);
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index f7c8bbe..62900ae 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -1519,15 +1519,30 @@ static int ipv6_count_addresses(struct inet6_dev *idev)
>  int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
>  		  const struct net_device *dev, int strict)
>  {
> +	return ipv6_chk_addr_and_flags(net, addr, dev, strict, IFA_F_TENTATIVE);
> +}
> +EXPORT_SYMBOL(ipv6_chk_addr);
> +
> +int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
> +			    const struct net_device *dev, int strict,
> +			    u32 banned_flags)
> +{
>  	struct inet6_ifaddr *ifp;
>  	unsigned int hash = inet6_addr_hash(addr);
> +	u32 ifp_flags;
>  
>  	rcu_read_lock_bh();
>  	hlist_for_each_entry_rcu(ifp, &inet6_addr_lst[hash], addr_lst) {
>  		if (!net_eq(dev_net(ifp->idev->dev), net))
>  			continue;
> +		/* Decouple optimistic from tentative for evaluation here.
> +		 * Ban optimistic addresses explicitly, when required.
> +		 */
> +		ifp_flags = (ifp->flags&IFA_F_OPTIMISTIC)
> +			    ? (ifp->flags&~IFA_F_TENTATIVE)
> +			    : ifp->flags;
>  		if (ipv6_addr_equal(&ifp->addr, addr) &&
> -		    !(ifp->flags&IFA_F_TENTATIVE) &&
> +		    !(ifp_flags&banned_flags) &&
>  		    (dev == NULL || ifp->idev->dev == dev ||
>  		     !(ifp->scope&(IFA_LINK|IFA_HOST) || strict))) {
>  			rcu_read_unlock_bh();
> @@ -1538,7 +1553,7 @@ int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
>  	rcu_read_unlock_bh();
>  	return 0;
>  }
> -EXPORT_SYMBOL(ipv6_chk_addr);
> +EXPORT_SYMBOL(ipv6_chk_addr_and_flags);

Nit: I don't think the export is necessary.

Bye,
Hannes


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ