| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 May 2015 16:59:45 -0700
From: Mahesh Bandewar <maheshb@...gle.com>
To: Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
Cc: linux-netdev <netdev@...r.kernel.org>,
"David S. Miller" <davem@...emloft.net>,
Jiri Benc <jbenc@...hat.com>,
Hannes Frederic Sowa <hannes@...essinduktion.org>
Subject: Re: [PATCH 3/3] ipvlan: set dev_id for l2 ports to generate unique
IPv6 addresses
On Thu, May 14, 2015 at 6:56 AM, Konstantin Khlebnikov
<khlebnikov@...dex-team.ru> wrote:
> All ipvlan ports use one MAC address, this way ipv6 RA tries to assign
> one ipv6 address to all of them. This patch assigns unique dev_id to each
> ipvlan port. This field is used instead of common FF-FE in Modified EUI-64.
>
> Signed-off-by: Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
> ---
> Documentation/networking/ipvlan.txt | 12 +++++++++++-
> drivers/net/ipvlan/ipvlan.h | 1 +
> drivers/net/ipvlan/ipvlan_main.c | 20 ++++++++++++++++++++
> 3 files changed, 32 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/networking/ipvlan.txt b/Documentation/networking/ipvlan.txt
> index cf996394e466..cb0b777bce58 100644
> --- a/Documentation/networking/ipvlan.txt
> +++ b/Documentation/networking/ipvlan.txt
> @@ -24,7 +24,7 @@ using IProute2/ip utility.
>
> ip link add link <master-dev> <slave-dev> type ipvlan mode { l2 | L3 }
>
> - e.g. ip link add link ipvl0 eth0 type ipvlan mode l2
> + e.g. ip link add link eth0 ipvl0 type ipvlan mode l2
>
>
> 4. Operating modes:
> @@ -41,6 +41,15 @@ slave device and packets are switched and queued to the master device to send
> out. In this mode the slaves will RX/TX multicast and broadcast (if applicable)
> as well.
>
> + In L2 mode slave devices receive Router Advertisements from the network
> +and perform autoconfiguration as well as master device. Each port has unique
> +16-bit device id which is used for filling octets 4-5 of Modified EUI-64.
> +That gives 65533 addresses (FF-FE used by master, FF-FF/00-00 reserved/not used).
> +
This is nice, thanks for fixing this! However how is "unique" id
guaranteed? Especially when multiple virtual drivers are stacked? Not
necessarily all of them may use the dev_id, but to avoid any possible
collision, shouldn't the device hierarchy (especially lower_dev) be
traversed before settling on the initial value?
> + Also lower half of IPv6 address could be set as interface token:
> +
> + ip token set ::aaaa:bbbb:cccc:dddd dev ipvl0
> +
> 4.2 L3 mode:
> In this mode TX processing upto L3 happens on the stack instance attached
> to the slave device and packets are switched to the stack instance of the
> @@ -105,3 +114,4 @@ namespace where L2 on the slave could be changed / misused.
> (4) ip -4 addr add 127.0.0.1 dev lo
> (5) ip -4 addr add $IPADDR dev ipvl1
> (6) ip -4 route add default via $ROUTER dev ipvl1
> +
> diff --git a/drivers/net/ipvlan/ipvlan.h b/drivers/net/ipvlan/ipvlan.h
> index 54549a6223dd..1ebab84e7a0e 100644
> --- a/drivers/net/ipvlan/ipvlan.h
> +++ b/drivers/net/ipvlan/ipvlan.h
> @@ -95,6 +95,7 @@ struct ipvl_port {
> struct rcu_head rcu;
> int count;
> u16 mode;
> + struct ida ida;
> };
>
> static inline struct ipvl_port *ipvlan_port_get_rcu(const struct net_device *d)
> diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
> index 0cafd3e6f02d..dee0e8441150 100644
> --- a/drivers/net/ipvlan/ipvlan_main.c
> +++ b/drivers/net/ipvlan/ipvlan_main.c
> @@ -53,6 +53,7 @@ static int ipvlan_port_create(struct net_device *dev)
> INIT_LIST_HEAD(&port->ipvlans);
> for (idx = 0; idx < IPVLAN_HASH_SIZE; idx++)
> INIT_HLIST_HEAD(&port->hlhead[idx]);
> + ida_init(&port->ida);
>
> err = netdev_rx_handler_register(dev, ipvlan_handle_frame, port);
> if (err)
> @@ -72,6 +73,7 @@ static void ipvlan_port_destroy(struct net_device *dev)
>
> dev->priv_flags &= ~IFF_IPVLAN_MASTER;
> netdev_rx_handler_unregister(dev);
> + ida_destroy(&port->ida);
> kfree_rcu(port, rcu);
> }
>
> @@ -484,6 +486,18 @@ static int ipvlan_link_new(struct net *src_net, struct net_device *dev,
> */
> memcpy(dev->dev_addr, phy_dev->dev_addr, ETH_ALEN);
>
> + if (port->mode == IPVLAN_MODE_L2) {
> + /*
> + * IPv6 addrconf uses it to produce unique addresses,
> + * see function addrconf_ifid_eui48.
> + */
> + err = ida_simple_get(&port->ida, 1, 0xFFFE, GFP_KERNEL);
> + if (err > 0)
> + dev->dev_id = err;
> + else if (err != -ENOSPC)
> + goto ipvlan_destroy_port;
> + }
> +
> dev->priv_flags |= IFF_IPVLAN_SLAVE;
>
> port->count += 1;
> @@ -518,6 +532,12 @@ static void ipvlan_link_delete(struct net_device *dev, struct list_head *head)
> list_del(&addr->anode);
> }
> }
> +
> + if (dev->dev_id) {
> + ida_simple_remove(&ipvlan->port->ida, dev->dev_id);
> + dev->dev_id = 0;
> + }
> +
> list_del_rcu(&ipvlan->pnode);
> unregister_netdevice_queue(dev, head);
> netdev_upper_dev_unlink(ipvlan->phy_dev, dev);
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists