lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKD1Yr0uFPS5poYVPJe_LqFh1EVmepWoeEXyhuubSAU_VMBFuQ@mail.gmail.com>
Date:   Fri, 8 Jun 2018 11:52:01 +0900
From:   Lorenzo Colitti <lorenzo@...gle.com>
To:     YOSHIFUJI Hideaki <hideaki.yoshifuji@...aclelinux.com>
Cc:     Subash Abhinov Kasiviswanathan <subashab@...eaurora.org>,
        David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
        YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
Subject: Re: [PATCH net-next] net: ipv6: Generate random IID for addresses on
 RAWIP devices

On Mon, Jun 4, 2018 at 8:51 AM 吉藤英明 <hideaki.yoshifuji@...aclelinux.com> wrote:
>
> > +       if (ipv6_get_lladdr(dev, &lladdr, IFA_F_TENTATIVE))
> > +               get_random_bytes(eui, 8);
>
> Please be aware of I/G bit and G/L bit.


Actually, I think this is fine. RFC 7136 clarified this, and says:

======
   Thus, we can conclude that the value of the "u" bit in IIDs has no
   particular meaning.  In the case of an IID created from a MAC address
   according to RFC 4291, its value is determined by the MAC address,
   but that is all.
[...]
   Specifications of other forms of 64-bit IIDs MUST specify how all 64
   bits are set, but a generic semantic meaning for the "u" and "g" bits
   MUST NOT be defined.  However, the method of generating IIDs for
   specific link types MAY define some local significance for certain
   bits.

   In all cases, the bits in an IID have no generic semantics; in other
   words, they have opaque values.  In fact, the whole IID value MUST be
   viewed as an opaque bit string by third parties, except possibly in
   the local context.
======

That said - we already have a way to form all-random IIDs:
IN6_ADDR_GEN_MODE_RANDOM. Can't you just ensure that links of type
ARPHRD_RAWIP always use IN6_ADDR_GEN_MODE_RANDOM? That might lead to
less special-casing.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ