lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 27 May 2020 18:42:50 +0900
From:   Lorenzo Colitti <lorenzo@...gle.com>
To:     Bram Bonné <brambonne@...gle.com>
Cc:     David Miller <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        Jakub Kicinski <kuba@...nel.org>,
        Hannes Frederic Sowa <hannes@...essinduktion.org>,
        Linux NetDev <netdev@...r.kernel.org>,
        Jeffrey Vander Stoep <jeffv@...gle.com>,
        Maciej Żenczykowski <maze@...gle.com>
Subject: Re: [PATCH] ipv6: Add IN6_ADDR_GEN_MODE_STABLE_PRIVACY_SOFTMAC mode

On Wed, May 27, 2020 at 6:30 PM Bram Bonné <brambonne@...gle.com> wrote:
> Thanks David. I was able to test the behavior of changing the MAC
> while connected to a network. It does not seem to trigger address
> generation, leaving the link-local address intact.
>
> Do we know about any scenarios (apart from dev reconfiguration) that
> would trigger address generation? My understanding based on the code
> is that any other scenario would add an additional link-local address,
> rather than removing the old one.

I don't think the stack ever regenerates link-local addresses after
the first one. I think the question was what happens to global
addresses if the MAC address is changed and then an RA is received.
Will the stack create a new global IFA_F_STABLE_PRIVACY address, such
that there are now two stable privacy addresses on the same interface?

That seems strange, but still, I suppose you could say that the user
got what they asked for. They configured IPv6 addressing that is "as
stable as the MAC address", and then they changed the MAC address,
and, well, they got a new IPv6 address. Is there anything in RFC 7217
that prohibits or discourages this? If not, maybe it's fine.

Perhaps you can add a test for what happens by adding a test case here:

https://cs.android.com/android/platform/superproject/+/master:kernel/tests/net/test/multinetwork_test.py;l=796

I think you'll need to do that anyway in order to use this on Android.

Powered by blists - more mailing lists