| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Apr 2022 19:18:03 -0600
From: David Ahern <dsahern@...nel.org>
To: Arun Ajith S <aajith@...sta.com>, netdev@...r.kernel.org
Cc: davem@...emloft.net, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, yoshfuji@...ux-ipv6.org,
kuba@...nel.org, pabeni@...hat.com, corbet@....net,
prestwoj@...il.com, gilligan@...sta.com, noureddine@...sta.com,
gk@...sta.com
Subject: Re: [PATCH net-next v2] net/ipv6: Introduce accept_unsolicited_na
knob to implement router-side changes for RFC9131
On 4/7/22 1:44 AM, Arun Ajith S wrote:
> Add a new neighbour cache entry in STALE state for routers on receiving
> an unsolicited (gratuitous) neighbour advertisement with
> target link-layer-address option specified.
> This is similar to the arp_accept configuration for IPv4.
> A new sysctl endpoint is created to turn on this behaviour:
> /proc/sys/net/ipv6/conf/interface/accept_unsolicited_na.
>
> Signed-off-by: Arun Ajith S <aajith@...sta.com>
> Tested-by: Arun Ajith S <aajith@...sta.com>
you don't need the Tested-by line since you wrote the patch; you are
expected to test it.
> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
> index 1afc4c024981..1b4d278d0454 100644
> --- a/net/ipv6/addrconf.c
> +++ b/net/ipv6/addrconf.c
> @@ -5587,6 +5587,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
> array[DEVCONF_IOAM6_ID] = cnf->ioam6_id;
> array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide;
> array[DEVCONF_NDISC_EVICT_NOCARRIER] = cnf->ndisc_evict_nocarrier;
> + array[DEVCONF_ACCEPT_UNSOLICITED_NA] = cnf->accept_unsolicited_na;
> }
>
> static inline size_t inet6_ifla6_size(void)
> @@ -7037,6 +7038,13 @@ static const struct ctl_table addrconf_sysctl[] = {
> .extra1 = (void *)SYSCTL_ZERO,
> .extra2 = (void *)SYSCTL_ONE,
> },
> + {
> + .procname = "accept_unsolicited_na",
> + .data = &ipv6_devconf.accept_unsolicited_na,
> + .maxlen = sizeof(int),
> + .mode = 0644,
> + .proc_handler = proc_dointvec,
> + },
I realize drop_unsolicited_na does not have limits, but this is a new
sysctl - add the upper and lower bounds via extra1 and extra2 arguments.
also, please add test cases under tools/testing/selftests/net. You can
use fib_tests.sh as a template. mausezahn is already used in a number of
tests; it should be able to create the NA packets. Be sure to cover
combinations of drop and accept settings.
Powered by blists - more mailing lists