| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Dec 2020 16:00:49 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: dmytro@...tyi.net
Cc: kuba@...nel.org, yoshfuji@...ux-ipv6.org, kuznet@....inr.ac.ru,
liuhangbin@...il.com, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next V8] net: Variable SLAAC: SLAAC with prefixes
of arbitrary length in PIO
From: Dmytro Shytyi <dmytro@...tyi.net>
Date: Wed, 09 Dec 2020 04:27:54 +0100
> Variable SLAAC [Can be activated via sysctl]:
> SLAAC with prefixes of arbitrary length in PIO (randomly
> generated hostID or stable privacy + privacy extensions).
> The main problem is that SLAAC RA or PD allocates a /64 by the Wireless
> carrier 4G, 5G to a mobile hotspot, however segmentation of the /64 via
> SLAAC is required so that downstream interfaces can be further subnetted.
> Example: uCPE device (4G + WI-FI enabled) receives /64 via Wireless, and
> assigns /72 to VNF-Firewall, /72 to WIFI, /72 to VNF-Router, /72 to
> Load-Balancer and /72 to wired connected devices.
> IETF document that defines problem statement:
> draft-mishra-v6ops-variable-slaac-problem-stmt
> IETF document that specifies variable slaac:
> draft-mishra-6man-variable-slaac
>
> Signed-off-by: Dmytro Shytyi <dmytro@...tyi.net>
> ---
> diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
> index dda61d150a13..67ca3925463c 100644
> --- a/include/linux/ipv6.h
> +++ b/include/linux/ipv6.h
> @@ -75,6 +75,7 @@ struct ipv6_devconf {
> __s32 disable_policy;
> __s32 ndisc_tclass;
> __s32 rpl_seg_enabled;
> + __s32 variable_slaac;
>
> struct ctl_table_header *sysctl_header;
> };
> diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h
> index 13e8751bf24a..f2af4f9fba2d 100644
> --- a/include/uapi/linux/ipv6.h
> +++ b/include/uapi/linux/ipv6.h
> @@ -189,7 +189,8 @@ enum {
> DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN,
> DEVCONF_NDISC_TCLASS,
> DEVCONF_RPL_SEG_ENABLED,
> - DEVCONF_MAX
> + DEVCONF_MAX,
> + DEVCONF_VARIABLE_SLAAC
> };
>
>
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index eff2cacd5209..07afe4ce984e 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -236,6 +236,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
> .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64,
> .disable_policy = 0,
> .rpl_seg_enabled = 0,
> + .variable_slaac = 0,
> };
>
> static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
> @@ -291,6 +292,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
> .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64,
> .disable_policy = 0,
> .rpl_seg_enabled = 0,
> + .variable_slaac = 0,
> };
>
> /* Check if link is ready: is it up and is a valid qdisc available */
> @@ -1340,9 +1342,15 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block)
> goto out;
> }
> in6_ifa_hold(ifp);
> - memcpy(addr.s6_addr, ifp->addr.s6_addr, 8);
> - ipv6_gen_rnd_iid(&addr);
>
> + if (ifp->prefix_len == 64) {
> + memcpy(addr.s6_addr, ifp->addr.s6_addr, 8);
> + ipv6_gen_rnd_iid(&addr);
> + } else if (ifp->prefix_len > 0 && ifp->prefix_len <= 128 &&
> + idev->cnf.variable_slaac) {
> + get_random_bytes(addr.s6_addr, 16);
> + ipv6_addr_prefix_copy(&addr, &ifp->addr, ifp->prefix_len);
> + }
> age = (now - ifp->tstamp) / HZ;
>
> regen_advance = idev->cnf.regen_max_retry *
> @@ -2569,6 +2577,37 @@ static bool is_addr_mode_generate_stable(struct inet6_dev *idev)
> idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_RANDOM;
> }
>
> +static struct inet6_ifaddr *ipv6_cmp_rcvd_prsnt_prfxs(struct inet6_ifaddr *ifp,
> + struct inet6_dev *in6_dev,
> + struct net *net,
> + const struct prefix_info *pinfo)
> +{
> + struct inet6_ifaddr *result_base = NULL;
> + struct inet6_ifaddr *result = NULL;
> + bool prfxs_equal;
> +
> + result_base = result;
This is NULL, are you sure you didn't mewan to init this to 'ifp'
or similar instead?
Thanks.
Powered by blists - more mailing lists