lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Apr 2022 19:18:03 -0600 From: David Ahern <dsahern@...nel.org> To: Arun Ajith S <aajith@...sta.com>, netdev@...r.kernel.org Cc: davem@...emloft.net, linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org, yoshfuji@...ux-ipv6.org, kuba@...nel.org, pabeni@...hat.com, corbet@....net, prestwoj@...il.com, gilligan@...sta.com, noureddine@...sta.com, gk@...sta.com Subject: Re: [PATCH net-next v2] net/ipv6: Introduce accept_unsolicited_na knob to implement router-side changes for RFC9131 On 4/7/22 1:44 AM, Arun Ajith S wrote: > Add a new neighbour cache entry in STALE state for routers on receiving > an unsolicited (gratuitous) neighbour advertisement with > target link-layer-address option specified. > This is similar to the arp_accept configuration for IPv4. > A new sysctl endpoint is created to turn on this behaviour: > /proc/sys/net/ipv6/conf/interface/accept_unsolicited_na. > > Signed-off-by: Arun Ajith S <aajith@...sta.com> > Tested-by: Arun Ajith S <aajith@...sta.com> you don't need the Tested-by line since you wrote the patch; you are expected to test it. > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > index 1afc4c024981..1b4d278d0454 100644 > --- a/net/ipv6/addrconf.c > +++ b/net/ipv6/addrconf.c > @@ -5587,6 +5587,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, > array[DEVCONF_IOAM6_ID] = cnf->ioam6_id; > array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide; > array[DEVCONF_NDISC_EVICT_NOCARRIER] = cnf->ndisc_evict_nocarrier; > + array[DEVCONF_ACCEPT_UNSOLICITED_NA] = cnf->accept_unsolicited_na; > } > > static inline size_t inet6_ifla6_size(void) > @@ -7037,6 +7038,13 @@ static const struct ctl_table addrconf_sysctl[] = { > .extra1 = (void *)SYSCTL_ZERO, > .extra2 = (void *)SYSCTL_ONE, > }, > + { > + .procname = "accept_unsolicited_na", > + .data = &ipv6_devconf.accept_unsolicited_na, > + .maxlen = sizeof(int), > + .mode = 0644, > + .proc_handler = proc_dointvec, > + }, I realize drop_unsolicited_na does not have limits, but this is a new sysctl - add the upper and lower bounds via extra1 and extra2 arguments. also, please add test cases under tools/testing/selftests/net. You can use fib_tests.sh as a template. mausezahn is already used in a number of tests; it should be able to create the NA packets. Be sure to cover combinations of drop and accept settings.
Powered by blists - more mailing lists