| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56C3D6A3.7030605@miraclelinux.com>
Date: Wed, 17 Feb 2016 11:10:43 +0900
From: YOSHIFUJI Hideaki <hideaki.yoshifuji@...aclelinux.com>
To: David Ahern <dsa@...ulusnetworks.com>, netdev@...r.kernel.org
Cc: hideaki.yoshifuji@...aclelinux.com, hannes@...essinduktion.org
Subject: Re: [PATCH] net: ipv6: Make address flushing on ifdown optional
Hi,
David Ahern wrote:
> On 2/16/16 1:45 AM, YOSHIFUJI Hideaki wrote:
>>> diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
>>> index 24ce97f42d35..7ddbbb67f0db 100644
>>> --- a/Documentation/networking/ip-sysctl.txt
>>> +++ b/Documentation/networking/ip-sysctl.txt
>>> @@ -1563,6 +1563,12 @@ temp_prefered_lft - INTEGER
>>> Preferred lifetime (in seconds) for temporary addresses.
>>> Default: 86400 (1 day)
>>>
>>> +keep_addr_on_down - BOOLEAN
>>> + Keep all IPv6 addresses on an interface down event. If set static
>>> + global addresses with no expiration time are not flushed.
>>> +
>>> + Default: disabled
>>> +
>>
>> How about this:
>> 1: enabled
>> 0: system default
>> -1: disabled
>> so that an iterface can override system-wide config?
>
> It is my understanding that the 'all' settings override the individual
> interface settings. From Documentation/networking/ip-sysctl.txt +1346:
>
> conf/all/*:
> Change all the interface-specific settings.
Well, document is not correct.
1) Some of "all" variables set all interface specific settings.
2) Some of "all" variables override interface specific settings.
3) Some provide "fall-back" values; such an interface specific
setting overrides the corresponding "all" variable.
(Note: "default" variables are values per-interface settings
are initialized to.)
4) Others are ignored (the exists but no-ops).
>
>
> -----8<-----
>
>
>>> diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
>>> index 1c8b6820b694..01ba6a286a4b 100644
>>> --- a/include/net/if_inet6.h
>>> +++ b/include/net/if_inet6.h
>>> @@ -72,6 +72,7 @@ struct inet6_ifaddr {
>>> int regen_count;
>>>
>>> bool tokenized;
>>> + bool user_managed;
>>
>> Can't we use IFA_F_PERMANENT?
>
> I think so. Will fix.
>
>
> -----8<-----
>
>>> @@ -3356,7 +3413,9 @@ static int addrconf_ifdown(struct net_device *dev, int how)
>>> {
>>> struct net *net = dev_net(dev);
>>> struct inet6_dev *idev;
>>> - struct inet6_ifaddr *ifa;
>>> + struct inet6_ifaddr *ifa, *tmp;
>>> + struct list_head del_list;
>>> + int keep_addr;
>>> int state, i;
>>>
>>> ASSERT_RTNL();
>>> @@ -3383,6 +3442,10 @@ static int addrconf_ifdown(struct net_device *dev, int how)
>>>
>>> }
>>>
>>> + keep_addr = net->ipv6.devconf_all->keep_addr_on_down;
>>> + if (!keep_addr)
>>> + keep_addr = idev->cnf.keep_addr_on_down;
>>> +
>>> /* Step 2: clear hash table */
>>> for (i = 0; i < IN6_ADDR_HSIZE; i++) {
>>> struct hlist_head *h = &inet6_addr_lst[i];
>
> So what I have here is if the system-wide setting says keep the address
> it is kept. Else if the individual interface setting is enabled the
> address is kept.
>
>
>
Other admin may want to enable it system-wide with some exceptions.
And well, you could just check per-interface configuration; 4 above.
--
Hideaki Yoshifuji <hideaki.yoshifuji@...aclelinux.com>
Technical Division, MIRACLE LINUX CORPORATION
Powered by blists - more mailing lists