lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 1 Jul 2021 16:51:18 +0800
From:   Rocco Yue <rocco.yue@...iatek.com>
To:     David Ahern <dsahern@...il.com>
CC:     "David S . Miller" <davem@...emloft.net>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Ahern <dsahern@...nel.org>,
        Jakub Kicinski <kuba@...nel.org>,
        Matthias Brugger <matthias.bgg@...il.com>,
        <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-mediatek@...ts.infradead.org>, <wsd_upstream@...iatek.com>,
        <rocco.yue@...il.com>, <chao.song@...iatek.com>,
        <kuohong.wang@...iatek.com>, <zhuoliang.zhang@...iatek.com>,
        Rocco Yue <rocco.yue@...iatek.com>
Subject: Re: [PATCH] net: ipv6: don't generate link-local address in any addr_gen_mode

On Wed, 2021-06-30 at 22:41 -0600, David Ahern wrote:
> On 6/30/21 9:39 PM, Rocco Yue wrote:
>> 
>> Hi David,
>> 
>> Thanks for your review.
>> 
>> This patch is different with IN6_ADDR_GEN_MODE_NONE.
>> 
>> When the addr_gen_mode == IN6_ADDR_GEN_MODE_NONE, the Linux kernel
>> doesn't automatically generate the ipv6 link-local address.
>> 
> 
> ...
> 
>> 
>> After this patch, when the "disable_gen_linklocal_addr" value of a device
>> is 1, no matter in which addr_gen_mode, the Linux kernel will not automatically
>> generate an ipv6 link-local for this device.
>> 
> 
> those 2 sentences are saying the same thing to me.
> 
> for your use case, why is setting addr_gen_mode == 1 for the device not
> sufficient?
> 

For mobile operators that don't need to support RFC7217, setting
addr_gen_mode == 1 is sufficient;

But for some other mobile operators that need to support RFC7217, such as AT&T,
the mobile device's addr_gen_mode will be switched to the
IN6_ADDR_GEN_MODE_STABLE_PRIVACY, instead of using IN6_ADDR_GEN_MODE_NONE.
The purpose is: in the IN6_ADDR_GEN_MODE_STABLE_PRIVACY mode, kernel can
gererate a stable privacy global ipv6 address after receiveing RA, and
network processes can use this global address to communicate with the
outside network.

Of course, mobile operators that need to support RFC7217 should also meet
the requirement of 3GPP TS 29.061, that is, MT should use IID assigned by
the GGSN to build its ipv6 link-local address and use this address to send RS.
We don't want the kernel to automatically generate an ipv6 link-local address
when addr_gen_mode == 2. Otherwise, using the stable privacy ipv6 link-local
address automatically generated by the kernel to send RS message, GGSN will
not be able to respond to the RS and reply a RA message.

Therefore, after this patch, kernel will not generate ipv6 link-local address
for the corresponding device when addr_gen_mode == 1 or addr_gen_mode == 2.

Thanks,
Rocco

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ