| Message ID | 20211020200618.467342-1-ssuryaextr@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 61e18ce7348bfefb5688a8bcd4b4d6b37c0f9b2a |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net-next] gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Single patches do not need cover letters |
| netdev/fixes_present | success | Fixes tag not required for -next series |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net-next |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | warning | 2 maintainers not CCed: dsahern@kernel.org yoshfuji@linux-ipv6.org |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Signed-off-by tag matches author and committer |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | No Fixes tag |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 9 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
| netdev/header_inline | success | No static functions without inline keyword in header files |
Hi, On 20/10/2021 22:06, Stephen Suryaputra wrote: > When addr_gen_mode is set to IN6_ADDR_GEN_MODE_NONE, the link-local addr > should not be generated. But it isn't the case for GRE (as well as GRE6) > and SIT tunnels. Make it so that tunnels consider the addr_gen_mode, > especially for IN6_ADDR_GEN_MODE_NONE. > > Do this in add_v4_addrs() to cover both GRE and SIT only if the addr > scope is link. > > Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> > --- > net/ipv6/addrconf.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > index d4fae16deec4..9e1463a2acae 100644 > --- a/net/ipv6/addrconf.c > +++ b/net/ipv6/addrconf.c > @@ -3110,6 +3110,9 @@ static void add_v4_addrs(struct inet6_dev *idev) > memcpy(&addr.s6_addr32[3], idev->dev->dev_addr + offset, 4); > > if (idev->dev->flags&IFF_POINTOPOINT) { > + if (idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_NONE) > + return; > + Maybe I am missing something, but why checking the mode only for pointtopoint? If mode is NONE shouldn't this routine just abort regardless of the interface setup? Cheers, > addr.s6_addr32[0] = htonl(0xfe800000); > scope = IFA_LINK; > plen = 64; >
On Thu, Oct 21, 2021 at 02:52:44PM +0200, Antonio Quartulli wrote: > > Maybe I am missing something, but why checking the mode only for > pointtopoint? If mode is NONE shouldn't this routine just abort > regardless of the interface setup? > If it isn't pointtopoint, the function sets up IPv4-compatible IPv6 address, i.e. non link-local (FE80::). addr_gen_mode NONE (1) is only controlling the generation of link-local address. Quoting from the sysctl doc: addr_gen_mode - INTEGER Defines how link-local and autoconf addresses are generated. 0: generate address based on EUI64 (default) 1: do no generate a link-local address, use EUI64 for addresses generated from autoconf 2: generate stable privacy addresses, using the secret from stable_secret (RFC7217) 3: generate stable privacy addresses, using a random secret if unset So, I thought the checking should be strictly when the link-local address is about to be generated.
Hi, On 21/10/2021 15:22, Stephen Suryaputra wrote: > On Thu, Oct 21, 2021 at 02:52:44PM +0200, Antonio Quartulli wrote: >> >> Maybe I am missing something, but why checking the mode only for >> pointtopoint? If mode is NONE shouldn't this routine just abort >> regardless of the interface setup? >> > If it isn't pointtopoint, the function sets up IPv4-compatible IPv6 > address, i.e. non link-local (FE80::). addr_gen_mode NONE (1) is only > controlling the generation of link-local address. Quoting from the > sysctl doc: > > addr_gen_mode - INTEGER > Defines how link-local and autoconf addresses are generated. > > 0: generate address based on EUI64 (default) > 1: do no generate a link-local address, use EUI64 for addresses generated > from autoconf > 2: generate stable privacy addresses, using the secret from > stable_secret (RFC7217) > 3: generate stable privacy addresses, using a random secret if unset > > So, I thought the checking should be strictly when the link-local > address is about to be generated. Right. IMHO it makes sense. Acked-by: Antonio Quartulli <a@unstable.cc>
Hello: This patch was applied to netdev/net-next.git (master) by Jakub Kicinski <kuba@kernel.org>: On Wed, 20 Oct 2021 16:06:18 -0400 you wrote: > When addr_gen_mode is set to IN6_ADDR_GEN_MODE_NONE, the link-local addr > should not be generated. But it isn't the case for GRE (as well as GRE6) > and SIT tunnels. Make it so that tunnels consider the addr_gen_mode, > especially for IN6_ADDR_GEN_MODE_NONE. > > Do this in add_v4_addrs() to cover both GRE and SIT only if the addr > scope is link. > > [...] Here is the summary with links: - [net-next] gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE https://git.kernel.org/netdev/net-next/c/61e18ce7348b You are awesome, thank you!
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index d4fae16deec4..9e1463a2acae 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -3110,6 +3110,9 @@ static void add_v4_addrs(struct inet6_dev *idev) memcpy(&addr.s6_addr32[3], idev->dev->dev_addr + offset, 4); if (idev->dev->flags&IFF_POINTOPOINT) { + if (idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_NONE) + return; + addr.s6_addr32[0] = htonl(0xfe800000); scope = IFA_LINK; plen = 64;
When addr_gen_mode is set to IN6_ADDR_GEN_MODE_NONE, the link-local addr should not be generated. But it isn't the case for GRE (as well as GRE6) and SIT tunnels. Make it so that tunnels consider the addr_gen_mode, especially for IN6_ADDR_GEN_MODE_NONE. Do this in add_v4_addrs() to cover both GRE and SIT only if the addr scope is link. Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> --- net/ipv6/addrconf.c | 3 +++ 1 file changed, 3 insertions(+)