lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240214062711.608363-1-alexhenrie24@gmail.com>
Date: Tue, 13 Feb 2024 23:26:29 -0700
From: Alex Henrie <alexhenrie24@...il.com>
To: netdev@...r.kernel.org,
	dan@...m.net,
	bagasdotme@...il.com,
	davem@...emloft.net,
	dsahern@...nel.org,
	edumazet@...gle.com,
	kuba@...nel.org,
	pabeni@...hat.com,
	jikos@...nel.org
Cc: Alex Henrie <alexhenrie24@...il.com>
Subject: [PATCH net-next v2 0/3] net: ipv6/addrconf: ensure that temporary addresses' preferred lifetimes are long enough

v2 corrects and updates the documentation for these features.

Changes from v1:
- Update the typical minimum lifetime stated in the documentation, and
  make it a range to emphasize the variability
- Fix spelling of "determine" in the documentation
- Mention RFC 8981's requirements in the documentation
- Arrange variables in "reverse Christmas tree"
- Update documentation of what happens if temp_prefered_lft is less
  than the minimum required lifetime

Thanks to David, Paolo, and Dan for your feedback.

Alex Henrie (3):
  net: ipv6/addrconf: ensure that regen_advance is at least 2 seconds
  net: ipv6/addrconf: introduce a regen_min_advance sysctl
  net: ipv6/addrconf: clamp preferred_lft to the minimum required

 Documentation/networking/ip-sysctl.rst | 14 +++++-
 include/linux/ipv6.h                   |  1 +
 include/net/addrconf.h                 |  5 +-
 net/ipv6/addrconf.c                    | 67 ++++++++++++++++++++------
 4 files changed, 68 insertions(+), 19 deletions(-)

Range-diff against v1:
1:  95ff3ac2f7a9 ! 1:  6978ee9a6d9e net: ipv6/addrconf: ensure that regen_advance is at least 2 seconds
    @@ Commit message
         Link: https://datatracker.ietf.org/doc/html/rfc8981#name-defined-protocol-parameters
         Signed-off-by: Alex Henrie <alexhenrie24@...il.com>
     
    + ## Documentation/networking/ip-sysctl.rst ##
    +@@ Documentation/networking/ip-sysctl.rst: use_tempaddr - INTEGER
    + 
    + temp_valid_lft - INTEGER
    + 	valid lifetime (in seconds) for temporary addresses. If less than the
    +-	minimum required lifetime (typically 5 seconds), temporary addresses
    ++	minimum required lifetime (typically 5-7 seconds), temporary addresses
    + 	will not be created.
    + 
    + 	Default: 172800 (2 days)
    +@@ Documentation/networking/ip-sysctl.rst: temp_valid_lft - INTEGER
    + temp_prefered_lft - INTEGER
    + 	Preferred lifetime (in seconds) for temporary addresses. If
    + 	temp_prefered_lft is less than the minimum required lifetime (typically
    +-	5 seconds), temporary addresses will not be created. If
    ++	5-7 seconds), temporary addresses will not be created. If
    + 	temp_prefered_lft is greater than temp_valid_lft, the preferred lifetime
    + 	is temp_valid_lft.
    + 
    +
      ## net/ipv6/addrconf.c ##
     @@ net/ipv6/addrconf.c: static void ipv6_del_addr(struct inet6_ifaddr *ifp)
      	in6_ifa_put(ifp);
2:  c7f773887259 ! 2:  e2b3623db770 net: ipv6/addrconf: introduce a regen_min_advance sysctl
    @@ Documentation/networking/ip-sysctl.rst: max_desync_factor - INTEGER
     +	How far in advance (in seconds), at minimum, to create a new temporary
     +	address before the current one is deprecated. This value is added to
     +	the amount of time that may be required for duplicate address detection
    -+	to detemine when to create a new address.
    ++	to determine when to create a new address. Linux permits setting this
    ++	value to less than the default of 2 seconds, but a value less than 2
    ++	does not conform to RFC 8981.
     +
     +	Default: 2
     +
3:  b4e3dc5b3479 ! 3:  422f2a0a209e net: ipv6/addrconf: clamp preferred_lft to the minimum required
    @@ Commit message
         Link: https://serverfault.com/a/1031168/310447
         Signed-off-by: Alex Henrie <alexhenrie24@...il.com>
     
    + ## Documentation/networking/ip-sysctl.rst ##
    +@@ Documentation/networking/ip-sysctl.rst: temp_valid_lft - INTEGER
    + temp_prefered_lft - INTEGER
    + 	Preferred lifetime (in seconds) for temporary addresses. If
    + 	temp_prefered_lft is less than the minimum required lifetime (typically
    +-	5-7 seconds), temporary addresses will not be created. If
    ++	5-7 seconds), the preferred lifetime is the minimum required. If
    + 	temp_prefered_lft is greater than temp_valid_lft, the preferred lifetime
    + 	is temp_valid_lft.
    + 
    +
      ## net/ipv6/addrconf.c ##
     @@ net/ipv6/addrconf.c: static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block)
    + 	unsigned long tmp_tstamp, age;
      	unsigned long regen_advance;
      	unsigned long now = jiffies;
    - 	s32 cnf_temp_preferred_lft;
     +	u32 if_public_preferred_lft;
    + 	s32 cnf_temp_preferred_lft;
      	struct inet6_ifaddr *ift;
      	struct ifa6_config cfg;
    - 	long max_desync_factor;
     @@ net/ipv6/addrconf.c: static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block)
      		}
      	}
-- 
2.43.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ