| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42653bf5-ba76-2561-9cf9-27b0ae730210@gmail.com>
Date: Thu, 3 Feb 2022 21:16:49 -0700
From: David Ahern <dsahern@...il.com>
To: Jacques de Laval <Jacques.De.Laval@...termo.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
David Ahern <dsahern@...nel.org>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH net-next 1/1] net: Add new protocol attribute to IP
addresses
On 2/3/22 9:31 AM, Jacques de Laval wrote:
> This patch adds a new protocol attribute to IPv4 and IPv6 addresses.
> Inspiration was taken from the protocol attribute of routes. User space
> applications like iproute2 can set/get the protocol with the Netlink API.
>
> The attribute is stored as an 8-bit unsigned int. Only IFAPROT_UNSPEC is
> defined. The rest of the available ids are available for user space to
> define.
>
> Grouping addresses on their origin is useful in scenarios where you want
> to distinguish between addresses coming from a specific protocol like DHCP
> and addresses that have been statically set.
>
> Tagging addresses with a string label is an existing feature that could be
> used as a solution. Unfortunately the max length of a label is
> 15 characters, and for compatibility reasons the label must be prefixed
> with the name of the device followed by a colon. Since device names also
> have a max length of 15 characters, only -1 characters is guaranteed to be
> available for any origin tag, which is not that much.
>
> A reference implementation of user space setting and getting protocols
> is available for iproute2:
>
> Link: https://github.com/westermo/iproute2/commit/9a6ea18bd79f47f293e5edc7780f315ea42ff540
>
> Signed-off-by: Jacques de Laval <Jacques.De.Laval@...termo.com>
> ---
> include/linux/inetdevice.h | 1 +
> include/net/addrconf.h | 1 +
> include/net/if_inet6.h | 2 ++
> include/uapi/linux/if_addr.h | 4 ++++
> net/ipv4/devinet.c | 8 ++++++++
> net/ipv6/addrconf.c | 12 ++++++++++++
> 6 files changed, 28 insertions(+)
>
> diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h
> index a038feb63f23..caa6b7a5b5ac 100644
> --- a/include/linux/inetdevice.h
> +++ b/include/linux/inetdevice.h
> @@ -148,6 +148,7 @@ struct in_ifaddr {
> unsigned char ifa_prefixlen;
> __u32 ifa_flags;
> char ifa_label[IFNAMSIZ];
> + unsigned char ifa_proto;
there is a hole after ifa_prefixlen where this can go and not affect
struct size.
>
> /* In seconds, relative to tstamp. Expiry is at tstamp + HZ * lft. */
> __u32 ifa_valid_lft;
> diff --git a/include/net/addrconf.h b/include/net/addrconf.h
> index 78ea3e332688..e53d8f4f4166 100644
> --- a/include/net/addrconf.h
> +++ b/include/net/addrconf.h
> @@ -69,6 +69,7 @@ struct ifa6_config {
> u32 preferred_lft;
> u32 valid_lft;
> u16 scope;
> + u8 ifa_proto;
> };
>
> int addrconf_init(void);
> diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
> index 653e7d0f65cb..f7c270b24167 100644
> --- a/include/net/if_inet6.h
> +++ b/include/net/if_inet6.h
> @@ -73,6 +73,8 @@ struct inet6_ifaddr {
>
> struct rcu_head rcu;
> struct in6_addr peer_addr;
> +
> + __u8 ifa_proto;
similarly for this struct; couple of holes that you can put this.
> };
>
> struct ip6_sf_socklist {
> diff --git a/include/uapi/linux/if_addr.h b/include/uapi/linux/if_addr.h
> index dfcf3ce0097f..2aa46b9c9961 100644
> --- a/include/uapi/linux/if_addr.h
> +++ b/include/uapi/linux/if_addr.h
> @@ -35,6 +35,7 @@ enum {
> IFA_FLAGS,
> IFA_RT_PRIORITY, /* u32, priority/metric for prefix route */
> IFA_TARGET_NETNSID,
> + IFA_PROTO,
> __IFA_MAX,
> };
>
> @@ -69,4 +70,7 @@ struct ifa_cacheinfo {
> #define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
> #endif
>
> +/* ifa_protocol */
> +#define IFAPROT_UNSPEC 0
*If* the value is just a passthrough (userspace to kernel and back), no
need for this uapi. However, have you considered builtin protocol labels
- e.g. for autoconf, LLA, etc. Kernel generated vs RAs vs userspace
adding it.
Powered by blists - more mailing lists