Message ID | 176458a838e.100a4c464143350.2864106687411861504@shytyi.net |
---|---|
State | Superseded |
Headers | show |
Series | [net-next,V8] net: Variable SLAAC: SLAAC with prefixes of arbitrary length in PIO | expand |
From: Dmytro Shytyi <dmytro@shytyi.net> Date: Wed, 09 Dec 2020 04:27:54 +0100 > Variable SLAAC [Can be activated via sysctl]: > SLAAC with prefixes of arbitrary length in PIO (randomly > generated hostID or stable privacy + privacy extensions). > The main problem is that SLAAC RA or PD allocates a /64 by the Wireless > carrier 4G, 5G to a mobile hotspot, however segmentation of the /64 via > SLAAC is required so that downstream interfaces can be further subnetted. > Example: uCPE device (4G + WI-FI enabled) receives /64 via Wireless, and > assigns /72 to VNF-Firewall, /72 to WIFI, /72 to VNF-Router, /72 to > Load-Balancer and /72 to wired connected devices. > IETF document that defines problem statement: > draft-mishra-v6ops-variable-slaac-problem-stmt > IETF document that specifies variable slaac: > draft-mishra-6man-variable-slaac > > Signed-off-by: Dmytro Shytyi <dmytro@shytyi.net> > --- > diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h > index dda61d150a13..67ca3925463c 100644 > --- a/include/linux/ipv6.h > +++ b/include/linux/ipv6.h > @@ -75,6 +75,7 @@ struct ipv6_devconf { > __s32 disable_policy; > __s32 ndisc_tclass; > __s32 rpl_seg_enabled; > + __s32 variable_slaac; > > struct ctl_table_header *sysctl_header; > }; > diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h > index 13e8751bf24a..f2af4f9fba2d 100644 > --- a/include/uapi/linux/ipv6.h > +++ b/include/uapi/linux/ipv6.h > @@ -189,7 +189,8 @@ enum { > DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN, > DEVCONF_NDISC_TCLASS, > DEVCONF_RPL_SEG_ENABLED, > - DEVCONF_MAX > + DEVCONF_MAX, > + DEVCONF_VARIABLE_SLAAC > }; > > > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > index eff2cacd5209..07afe4ce984e 100644 > --- a/net/ipv6/addrconf.c > +++ b/net/ipv6/addrconf.c > @@ -236,6 +236,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { > .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, > .disable_policy = 0, > .rpl_seg_enabled = 0, > + .variable_slaac = 0, > }; > > static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { > @@ -291,6 +292,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { > .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, > .disable_policy = 0, > .rpl_seg_enabled = 0, > + .variable_slaac = 0, > }; > > /* Check if link is ready: is it up and is a valid qdisc available */ > @@ -1340,9 +1342,15 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) > goto out; > } > in6_ifa_hold(ifp); > - memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); > - ipv6_gen_rnd_iid(&addr); > > + if (ifp->prefix_len == 64) { > + memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); > + ipv6_gen_rnd_iid(&addr); > + } else if (ifp->prefix_len > 0 && ifp->prefix_len <= 128 && > + idev->cnf.variable_slaac) { > + get_random_bytes(addr.s6_addr, 16); > + ipv6_addr_prefix_copy(&addr, &ifp->addr, ifp->prefix_len); > + } > age = (now - ifp->tstamp) / HZ; > > regen_advance = idev->cnf.regen_max_retry * > @@ -2569,6 +2577,37 @@ static bool is_addr_mode_generate_stable(struct inet6_dev *idev) > idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_RANDOM; > } > > +static struct inet6_ifaddr *ipv6_cmp_rcvd_prsnt_prfxs(struct inet6_ifaddr *ifp, > + struct inet6_dev *in6_dev, > + struct net *net, > + const struct prefix_info *pinfo) > +{ > + struct inet6_ifaddr *result_base = NULL; > + struct inet6_ifaddr *result = NULL; > + bool prfxs_equal; > + > + result_base = result; This is NULL, are you sure you didn't mewan to init this to 'ifp' or similar instead? Thanks.
Hello David, Thank you for your comment. Asnwers in-line. Take care, Dmytro SHYTYI ---- On Wed, 16 Dec 2020 01:00:49 +0100 David Miller <davem@davemloft.net> wrote ---- > From: Dmytro Shytyi <dmytro@shytyi.net> > Date: Wed, 09 Dec 2020 04:27:54 +0100 > > > Variable SLAAC [Can be activated via sysctl]: > > SLAAC with prefixes of arbitrary length in PIO (randomly > > generated hostID or stable privacy + privacy extensions). > > The main problem is that SLAAC RA or PD allocates a /64 by the Wireless > > carrier 4G, 5G to a mobile hotspot, however segmentation of the /64 via > > SLAAC is required so that downstream interfaces can be further subnetted. > > Example: uCPE device (4G + WI-FI enabled) receives /64 via Wireless, and > > assigns /72 to VNF-Firewall, /72 to WIFI, /72 to VNF-Router, /72 to > > Load-Balancer and /72 to wired connected devices. > > IETF document that defines problem statement: > > draft-mishra-v6ops-variable-slaac-problem-stmt > > IETF document that specifies variable slaac: > > draft-mishra-6man-variable-slaac > > > > Signed-off-by: Dmytro Shytyi <dmytro@shytyi.net> > > --- > > diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h > > index dda61d150a13..67ca3925463c 100644 > > --- a/include/linux/ipv6.h > > +++ b/include/linux/ipv6.h > > @@ -75,6 +75,7 @@ struct ipv6_devconf { > > __s32 disable_policy; > > __s32 ndisc_tclass; > > __s32 rpl_seg_enabled; > > + __s32 variable_slaac; > > > > struct ctl_table_header *sysctl_header; > > }; > > diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h > > index 13e8751bf24a..f2af4f9fba2d 100644 > > --- a/include/uapi/linux/ipv6.h > > +++ b/include/uapi/linux/ipv6.h > > @@ -189,7 +189,8 @@ enum { > > DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN, > > DEVCONF_NDISC_TCLASS, > > DEVCONF_RPL_SEG_ENABLED, > > - DEVCONF_MAX > > + DEVCONF_MAX, > > + DEVCONF_VARIABLE_SLAAC > > }; > > > > > > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > > index eff2cacd5209..07afe4ce984e 100644 > > --- a/net/ipv6/addrconf.c > > +++ b/net/ipv6/addrconf.c > > @@ -236,6 +236,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { > > .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, > > .disable_policy = 0, > > .rpl_seg_enabled = 0, > > + .variable_slaac = 0, > > }; > > > > static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { > > @@ -291,6 +292,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { > > .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, > > .disable_policy = 0, > > .rpl_seg_enabled = 0, > > + .variable_slaac = 0, > > }; > > > > /* Check if link is ready: is it up and is a valid qdisc available */ > > @@ -1340,9 +1342,15 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) > > goto out; > > } > > in6_ifa_hold(ifp); > > - memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); > > - ipv6_gen_rnd_iid(&addr); > > > > + if (ifp->prefix_len == 64) { > > + memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); > > + ipv6_gen_rnd_iid(&addr); > > + } else if (ifp->prefix_len > 0 && ifp->prefix_len <= 128 && > > + idev->cnf.variable_slaac) { > > + get_random_bytes(addr.s6_addr, 16); > > + ipv6_addr_prefix_copy(&addr, &ifp->addr, ifp->prefix_len); > > + } > > age = (now - ifp->tstamp) / HZ; > > > > regen_advance = idev->cnf.regen_max_retry * > > @@ -2569,6 +2577,37 @@ static bool is_addr_mode_generate_stable(struct inet6_dev *idev) > > idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_RANDOM; > > } > > > > +static struct inet6_ifaddr *ipv6_cmp_rcvd_prsnt_prfxs(struct inet6_ifaddr *ifp, > > + struct inet6_dev *in6_dev, > > + struct net *net, > > + const struct prefix_info *pinfo) > > +{ > > + struct inet6_ifaddr *result_base = NULL; > > + struct inet6_ifaddr *result = NULL; > > + bool prfxs_equal; > > + > > + result_base = result; > > This is NULL, are you sure you didn't mewan to init this to 'ifp' > or similar instead? [Dmytro] I put the entire function to comment below the instructions. [Dmytro]: +static struct inet6_ifaddr *ipv6_cmp_rcvd_prsnt_prfxs(struct inet6_ifaddr *ifp, + struct inet6_dev *in6_dev, + struct net *net, + const struct prefix_info *pinfo) +{ + struct inet6_ifaddr *result_base = NULL; + struct inet6_ifaddr *result = NULL; + bool prfxs_equal; + + result_base = result; + rcu_read_lock(); + list_for_each_entry_rcu(ifp, &in6_dev->addr_list, if_list) { + if (!net_eq(dev_net(ifp->idev->dev), net)) + continue; + prfxs_equal = + ipv6_prefix_equal(&pinfo->prefix, &ifp->addr, pinfo->prefix_len); + if (prfxs_equal && pinfo->prefix_len == ifp->prefix_len) { + result = ifp; + in6_ifa_hold(ifp); + break; + } + } + rcu_read_unlock(); + if (result_base != result) + ifp = result; + else + ifp = NULL; + + return ifp; +} + [Dmytro]: 1st initial stage is : + result_base = result; 2nd stage is (as you mention, 'result' will be assigned to 'ifp', in the process): + result = ifp; 3rd stage is to compare if "result_base" and "result" are not equal (and take required action). if (result_base != result) + ifp = result; + else + ifp = NULL; Looks more/less ok for me. Thanks. > Thanks. >
On Wed, 16 Dec 2020 15:01:33 +0100 Dmytro Shytyi wrote: > Hello David, > > Thank you for your comment. > Asnwers in-line. > > Take care, > > Dmytro SHYTYI > > > ---- On Wed, 16 Dec 2020 01:00:49 +0100 David Miller <davem@davemloft.net> wrote ---- > > > From: Dmytro Shytyi <dmytro@shytyi.net> > > Date: Wed, 09 Dec 2020 04:27:54 +0100 > > > > > Variable SLAAC [Can be activated via sysctl]: > > > SLAAC with prefixes of arbitrary length in PIO (randomly > > > generated hostID or stable privacy + privacy extensions). > > > The main problem is that SLAAC RA or PD allocates a /64 by the Wireless > > > carrier 4G, 5G to a mobile hotspot, however segmentation of the /64 via > > > SLAAC is required so that downstream interfaces can be further subnetted. > > > Example: uCPE device (4G + WI-FI enabled) receives /64 via Wireless, and > > > assigns /72 to VNF-Firewall, /72 to WIFI, /72 to VNF-Router, /72 to > > > Load-Balancer and /72 to wired connected devices. > > > IETF document that defines problem statement: > > > draft-mishra-v6ops-variable-slaac-problem-stmt > > > IETF document that specifies variable slaac: > > > draft-mishra-6man-variable-slaac > > > > > > Signed-off-by: Dmytro Shytyi <dmytro@shytyi.net> > > > --- > > > diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h > > > index dda61d150a13..67ca3925463c 100644 > > > --- a/include/linux/ipv6.h > > > +++ b/include/linux/ipv6.h > > > @@ -75,6 +75,7 @@ struct ipv6_devconf { > > > __s32 disable_policy; > > > __s32 ndisc_tclass; > > > __s32 rpl_seg_enabled; > > > + __s32 variable_slaac; > > > > > > struct ctl_table_header *sysctl_header; > > > }; > > > diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h > > > index 13e8751bf24a..f2af4f9fba2d 100644 > > > --- a/include/uapi/linux/ipv6.h > > > +++ b/include/uapi/linux/ipv6.h > > > @@ -189,7 +189,8 @@ enum { > > > DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN, > > > DEVCONF_NDISC_TCLASS, > > > DEVCONF_RPL_SEG_ENABLED, > > > - DEVCONF_MAX > > > + DEVCONF_MAX, > > > + DEVCONF_VARIABLE_SLAAC > > > }; > > > > > > > > > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > > > index eff2cacd5209..07afe4ce984e 100644 > > > --- a/net/ipv6/addrconf.c > > > +++ b/net/ipv6/addrconf.c > > > @@ -236,6 +236,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { > > > .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, > > > .disable_policy = 0, > > > .rpl_seg_enabled = 0, > > > + .variable_slaac = 0, > > > }; > > > > > > static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { > > > @@ -291,6 +292,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { > > > .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, > > > .disable_policy = 0, > > > .rpl_seg_enabled = 0, > > > + .variable_slaac = 0, > > > }; > > > > > > /* Check if link is ready: is it up and is a valid qdisc available */ > > > @@ -1340,9 +1342,15 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) > > > goto out; > > > } > > > in6_ifa_hold(ifp); > > > - memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); > > > - ipv6_gen_rnd_iid(&addr); > > > > > > + if (ifp->prefix_len == 64) { > > > + memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); > > > + ipv6_gen_rnd_iid(&addr); > > > + } else if (ifp->prefix_len > 0 && ifp->prefix_len <= 128 && > > > + idev->cnf.variable_slaac) { > > > + get_random_bytes(addr.s6_addr, 16); > > > + ipv6_addr_prefix_copy(&addr, &ifp->addr, ifp->prefix_len); > > > + } > > > age = (now - ifp->tstamp) / HZ; > > > > > > regen_advance = idev->cnf.regen_max_retry * > > > @@ -2569,6 +2577,37 @@ static bool is_addr_mode_generate_stable(struct inet6_dev *idev) > > > idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_RANDOM; > > > } > > > > > > +static struct inet6_ifaddr *ipv6_cmp_rcvd_prsnt_prfxs(struct inet6_ifaddr *ifp, > > > + struct inet6_dev *in6_dev, > > > + struct net *net, > > > + const struct prefix_info *pinfo) > > > +{ > > > + struct inet6_ifaddr *result_base = NULL; > > > + struct inet6_ifaddr *result = NULL; > > > + bool prfxs_equal; > > > + > > > + result_base = result; > > > > This is NULL, are you sure you didn't mewan to init this to 'ifp' > > or similar instead? > > [Dmytro] I put the entire function to comment below the instructions. > [Dmytro]: > +static struct inet6_ifaddr *ipv6_cmp_rcvd_prsnt_prfxs(struct inet6_ifaddr *ifp, > + struct inet6_dev *in6_dev, > + struct net *net, > + const struct prefix_info *pinfo) > +{ > + struct inet6_ifaddr *result_base = NULL; > + struct inet6_ifaddr *result = NULL; > + bool prfxs_equal; > + > + result_base = result; > + rcu_read_lock(); > + list_for_each_entry_rcu(ifp, &in6_dev->addr_list, if_list) { > + if (!net_eq(dev_net(ifp->idev->dev), net)) > + continue; > + prfxs_equal = > + ipv6_prefix_equal(&pinfo->prefix, &ifp->addr, pinfo->prefix_len); > + if (prfxs_equal && pinfo->prefix_len == ifp->prefix_len) { > + result = ifp; > + in6_ifa_hold(ifp); > + break; > + } > + } > + rcu_read_unlock(); > + if (result_base != result) > + ifp = result; > + else > + ifp = NULL; > + > + return ifp; > +} > + > > [Dmytro]: > 1st initial stage is : > + result_base = result; > > 2nd stage is (as you mention, 'result' will be assigned to 'ifp', in the process): > + result = ifp; > > 3rd stage is to compare if "result_base" and "result" are not equal (and take required action). > if (result_base != result) > + ifp = result; > + else > + ifp = NULL; > > Looks more/less ok for me. I think I see what you're trying to do here. Use result_base as a "marker" or the base value? But I'd say it makes the code harder to follow. It looks like this: result_base = NULL; result = NULL; result_base = result lock() for ... /* search logic */ unlock() if (result == result_base) ifp = result else ifp = NULL return NULL This would be a lot simpler, and functionally equivalent: result = NULL lock() for ... /* search logic */ unlock() return result Right?
Hello Jakub, ---- On Wed, 16 Dec 2020 18:28:31 +0100 Jakub Kicinski <kuba@kernel.org> wrote ---- > On Wed, 16 Dec 2020 15:01:33 +0100 Dmytro Shytyi wrote: > > Hello David, > > > > Thank you for your comment. > > Asnwers in-line. > > > > Take care, > > > > Dmytro SHYTYI > > > > > > ---- On Wed, 16 Dec 2020 01:00:49 +0100 David Miller <davem@davemloft.net> wrote ---- > > > > > From: Dmytro Shytyi <dmytro@shytyi.net> > > > Date: Wed, 09 Dec 2020 04:27:54 +0100 > > > > > > > Variable SLAAC [Can be activated via sysctl]: > > > > SLAAC with prefixes of arbitrary length in PIO (randomly > > > > generated hostID or stable privacy + privacy extensions). > > > > The main problem is that SLAAC RA or PD allocates a /64 by the Wireless > > > > carrier 4G, 5G to a mobile hotspot, however segmentation of the /64 via > > > > SLAAC is required so that downstream interfaces can be further subnetted. > > > > Example: uCPE device (4G + WI-FI enabled) receives /64 via Wireless, and > > > > assigns /72 to VNF-Firewall, /72 to WIFI, /72 to VNF-Router, /72 to > > > > Load-Balancer and /72 to wired connected devices. > > > > IETF document that defines problem statement: > > > > draft-mishra-v6ops-variable-slaac-problem-stmt > > > > IETF document that specifies variable slaac: > > > > draft-mishra-6man-variable-slaac > > > > > > > > Signed-off-by: Dmytro Shytyi <dmytro@shytyi.net> > > > > --- > > > > diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h > > > > index dda61d150a13..67ca3925463c 100644 > > > > --- a/include/linux/ipv6.h > > > > +++ b/include/linux/ipv6.h > > > > @@ -75,6 +75,7 @@ struct ipv6_devconf { > > > > __s32 disable_policy; > > > > __s32 ndisc_tclass; > > > > __s32 rpl_seg_enabled; > > > > + __s32 variable_slaac; > > > > > > > > struct ctl_table_header *sysctl_header; > > > > }; > > > > diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h > > > > index 13e8751bf24a..f2af4f9fba2d 100644 > > > > --- a/include/uapi/linux/ipv6.h > > > > +++ b/include/uapi/linux/ipv6.h > > > > @@ -189,7 +189,8 @@ enum { > > > > DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN, > > > > DEVCONF_NDISC_TCLASS, > > > > DEVCONF_RPL_SEG_ENABLED, > > > > - DEVCONF_MAX > > > > + DEVCONF_MAX, > > > > + DEVCONF_VARIABLE_SLAAC > > > > }; > > > > > > > > > > > > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > > > > index eff2cacd5209..07afe4ce984e 100644 > > > > --- a/net/ipv6/addrconf.c > > > > +++ b/net/ipv6/addrconf.c > > > > @@ -236,6 +236,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { > > > > .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, > > > > .disable_policy = 0, > > > > .rpl_seg_enabled = 0, > > > > + .variable_slaac = 0, > > > > }; > > > > > > > > static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { > > > > @@ -291,6 +292,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { > > > > .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, > > > > .disable_policy = 0, > > > > .rpl_seg_enabled = 0, > > > > + .variable_slaac = 0, > > > > }; > > > > > > > > /* Check if link is ready: is it up and is a valid qdisc available */ > > > > @@ -1340,9 +1342,15 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) > > > > goto out; > > > > } > > > > in6_ifa_hold(ifp); > > > > - memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); > > > > - ipv6_gen_rnd_iid(&addr); > > > > > > > > + if (ifp->prefix_len == 64) { > > > > + memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); > > > > + ipv6_gen_rnd_iid(&addr); > > > > + } else if (ifp->prefix_len > 0 && ifp->prefix_len <= 128 && > > > > + idev->cnf.variable_slaac) { > > > > + get_random_bytes(addr.s6_addr, 16); > > > > + ipv6_addr_prefix_copy(&addr, &ifp->addr, ifp->prefix_len); > > > > + } > > > > age = (now - ifp->tstamp) / HZ; > > > > > > > > regen_advance = idev->cnf.regen_max_retry * > > > > @@ -2569,6 +2577,37 @@ static bool is_addr_mode_generate_stable(struct inet6_dev *idev) > > > > idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_RANDOM; > > > > } > > > > > > > > +static struct inet6_ifaddr *ipv6_cmp_rcvd_prsnt_prfxs(struct inet6_ifaddr *ifp, > > > > + struct inet6_dev *in6_dev, > > > > + struct net *net, > > > > + const struct prefix_info *pinfo) > > > > +{ > > > > + struct inet6_ifaddr *result_base = NULL; > > > > + struct inet6_ifaddr *result = NULL; > > > > + bool prfxs_equal; > > > > + > > > > + result_base = result; > > > > > > This is NULL, are you sure you didn't mewan to init this to 'ifp' > > > or similar instead? > > > > [Dmytro] I put the entire function to comment below the instructions. > > [Dmytro]: > > +static struct inet6_ifaddr *ipv6_cmp_rcvd_prsnt_prfxs(struct inet6_ifaddr *ifp, > > + struct inet6_dev *in6_dev, > > + struct net *net, > > + const struct prefix_info *pinfo) > > +{ > > + struct inet6_ifaddr *result_base = NULL; > > + struct inet6_ifaddr *result = NULL; > > + bool prfxs_equal; > > + > > + result_base = result; > > + rcu_read_lock(); > > + list_for_each_entry_rcu(ifp, &in6_dev->addr_list, if_list) { > > + if (!net_eq(dev_net(ifp->idev->dev), net)) > > + continue; > > + prfxs_equal = > > + ipv6_prefix_equal(&pinfo->prefix, &ifp->addr, pinfo->prefix_len); > > + if (prfxs_equal && pinfo->prefix_len == ifp->prefix_len) { > > + result = ifp; > > + in6_ifa_hold(ifp); > > + break; > > + } > > + } > > + rcu_read_unlock(); > > + if (result_base != result) > > + ifp = result; > > + else > > + ifp = NULL; > > + > > + return ifp; > > +} > > + > > > > [Dmytro]: > > 1st initial stage is : > > + result_base = result; > > > > 2nd stage is (as you mention, 'result' will be assigned to 'ifp', in the process): > > + result = ifp; > > > > 3rd stage is to compare if "result_base" and "result" are not equal (and take required action). > > if (result_base != result) > > + ifp = result; > > + else > > + ifp = NULL; > > > > Looks more/less ok for me. > > I think I see what you're trying to do here. Use result_base as a > "marker" or the base value? > > But I'd say it makes the code harder to follow. It looks like this: > > result_base = NULL; > result = NULL; > > result_base = result > lock() > for ... > /* search logic */ > unlock() > > if (result == result_base) > ifp = result > else > ifp = NULL > return NULL > > This would be a lot simpler, and functionally equivalent: > > result = NULL > > lock() > for ... > /* search logic */ > unlock() > > return result > > Right? > [Dmytro]: I see and I agree. Understood.
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h index dda61d150a13..67ca3925463c 100644 --- a/include/linux/ipv6.h +++ b/include/linux/ipv6.h @@ -75,6 +75,7 @@ struct ipv6_devconf { __s32 disable_policy; __s32 ndisc_tclass; __s32 rpl_seg_enabled; + __s32 variable_slaac; struct ctl_table_header *sysctl_header; }; diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h index 13e8751bf24a..f2af4f9fba2d 100644 --- a/include/uapi/linux/ipv6.h +++ b/include/uapi/linux/ipv6.h @@ -189,7 +189,8 @@ enum { DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN, DEVCONF_NDISC_TCLASS, DEVCONF_RPL_SEG_ENABLED, - DEVCONF_MAX + DEVCONF_MAX, + DEVCONF_VARIABLE_SLAAC }; diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index eff2cacd5209..07afe4ce984e 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -236,6 +236,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, .disable_policy = 0, .rpl_seg_enabled = 0, + .variable_slaac = 0, }; static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { @@ -291,6 +292,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, .disable_policy = 0, .rpl_seg_enabled = 0, + .variable_slaac = 0, }; /* Check if link is ready: is it up and is a valid qdisc available */ @@ -1340,9 +1342,15 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) goto out; } in6_ifa_hold(ifp); - memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); - ipv6_gen_rnd_iid(&addr); + if (ifp->prefix_len == 64) { + memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); + ipv6_gen_rnd_iid(&addr); + } else if (ifp->prefix_len > 0 && ifp->prefix_len <= 128 && + idev->cnf.variable_slaac) { + get_random_bytes(addr.s6_addr, 16); + ipv6_addr_prefix_copy(&addr, &ifp->addr, ifp->prefix_len); + } age = (now - ifp->tstamp) / HZ; regen_advance = idev->cnf.regen_max_retry * @@ -2569,6 +2577,37 @@ static bool is_addr_mode_generate_stable(struct inet6_dev *idev) idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_RANDOM; } +static struct inet6_ifaddr *ipv6_cmp_rcvd_prsnt_prfxs(struct inet6_ifaddr *ifp, + struct inet6_dev *in6_dev, + struct net *net, + const struct prefix_info *pinfo) +{ + struct inet6_ifaddr *result_base = NULL; + struct inet6_ifaddr *result = NULL; + bool prfxs_equal; + + result_base = result; + rcu_read_lock(); + list_for_each_entry_rcu(ifp, &in6_dev->addr_list, if_list) { + if (!net_eq(dev_net(ifp->idev->dev), net)) + continue; + prfxs_equal = + ipv6_prefix_equal(&pinfo->prefix, &ifp->addr, pinfo->prefix_len); + if (prfxs_equal && pinfo->prefix_len == ifp->prefix_len) { + result = ifp; + in6_ifa_hold(ifp); + break; + } + } + rcu_read_unlock(); + if (result_base != result) + ifp = result; + else + ifp = NULL; + + return ifp; +} + int addrconf_prefix_rcv_add_addr(struct net *net, struct net_device *dev, const struct prefix_info *pinfo, struct inet6_dev *in6_dev, @@ -2576,9 +2615,17 @@ int addrconf_prefix_rcv_add_addr(struct net *net, struct net_device *dev, u32 addr_flags, bool sllao, bool tokenized, __u32 valid_lft, u32 prefered_lft) { - struct inet6_ifaddr *ifp = ipv6_get_ifaddr(net, addr, dev, 1); + struct inet6_ifaddr *ifp = NULL; + int plen = pinfo->prefix_len; int create = 0; + if (plen > 0 && plen <= 128 && plen != 64 && + in6_dev->cnf.addr_gen_mode != IN6_ADDR_GEN_MODE_STABLE_PRIVACY && + in6_dev->cnf.variable_slaac) + ifp = ipv6_cmp_rcvd_prsnt_prfxs(ifp, in6_dev, net, pinfo); + else + ifp = ipv6_get_ifaddr(net, addr, dev, 1); + if (!ifp && valid_lft) { int max_addresses = in6_dev->cnf.max_addresses; struct ifa6_config cfg = { @@ -2657,6 +2704,90 @@ int addrconf_prefix_rcv_add_addr(struct net *net, struct net_device *dev, } EXPORT_SYMBOL_GPL(addrconf_prefix_rcv_add_addr); +static bool ipv6_reserved_interfaceid(struct in6_addr address) +{ + if ((address.s6_addr32[2] | address.s6_addr32[3]) == 0) + return true; + + if (address.s6_addr32[2] == htonl(0x02005eff) && + ((address.s6_addr32[3] & htonl(0xfe000000)) == htonl(0xfe000000))) + return true; + + if (address.s6_addr32[2] == htonl(0xfdffffff) && + ((address.s6_addr32[3] & htonl(0xffffff80)) == htonl(0xffffff80))) + return true; + + return false; +} + +static int ipv6_gen_addr_var_plen(struct in6_addr *address, + u8 dad_count, + const struct inet6_dev *idev, + unsigned int rcvd_prfx_len, + bool stable_privacy_mode) +{ + static union { + char __data[SHA1_BLOCK_SIZE]; + struct { + struct in6_addr secret; + __be32 prefix[2]; + unsigned char hwaddr[MAX_ADDR_LEN]; + u8 dad_count; + } __packed; + } data; + static __u32 workspace[SHA1_WORKSPACE_WORDS]; + static __u32 digest[SHA1_DIGEST_WORDS]; + struct net *net = dev_net(idev->dev); + static DEFINE_SPINLOCK(lock); + struct in6_addr secret; + struct in6_addr temp; + + BUILD_BUG_ON(sizeof(data.__data) != sizeof(data)); + + if (stable_privacy_mode) { + if (idev->cnf.stable_secret.initialized) + secret = idev->cnf.stable_secret.secret; + else if (net->ipv6.devconf_dflt->stable_secret.initialized) + secret = net->ipv6.devconf_dflt->stable_secret.secret; + else + return -1; + } + +retry: + spin_lock_bh(&lock); + if (stable_privacy_mode) { + sha1_init(digest); + memset(&data, 0, sizeof(data)); + memset(workspace, 0, sizeof(workspace)); + memcpy(data.hwaddr, idev->dev->perm_addr, idev->dev->addr_len); + data.prefix[0] = address->s6_addr32[0]; + data.prefix[1] = address->s6_addr32[1]; + data.secret = secret; + data.dad_count = dad_count; + + sha1_transform(digest, data.__data, workspace); + + temp.s6_addr32[0] = (__force __be32)digest[0]; + temp.s6_addr32[1] = (__force __be32)digest[1]; + temp.s6_addr32[2] = (__force __be32)digest[2]; + temp.s6_addr32[3] = (__force __be32)digest[3]; + } else { + get_random_bytes(temp.s6_addr32, 16); + } + + spin_unlock_bh(&lock); + + if (ipv6_reserved_interfaceid(temp)) { + dad_count++; + if (dad_count > dev_net(idev->dev)->ipv6.sysctl.idgen_retries) + return -1; + goto retry; + } + ipv6_addr_prefix_copy(&temp, address, rcvd_prfx_len); + *address = temp; + return 0; +} + void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len, bool sllao) { struct prefix_info *pinfo; @@ -2781,9 +2912,34 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len, bool sllao) dev_addr_generated = true; } goto ok; + } else if (pinfo->prefix_len != 64 && + pinfo->prefix_len > 0 && pinfo->prefix_len <= 128 && + in6_dev->cnf.variable_slaac) { + /* SLAAC with prefixes of arbitrary length (Variable SLAAC). + * draft-mishra-6man-variable-slaac + * draft-mishra-v6ops-variable-slaac-problem-stmt + */ + memcpy(&addr, &pinfo->prefix, 16); + if (in6_dev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_STABLE_PRIVACY) { + if (!ipv6_gen_addr_var_plen(&addr, + 0, + in6_dev, + pinfo->prefix_len, + true)) { + addr_flags |= IFA_F_STABLE_PRIVACY; + goto ok; + } + } else if (!ipv6_gen_addr_var_plen(&addr, + 0, + in6_dev, + pinfo->prefix_len, + false)) { + goto ok; + } + } else { + net_dbg_ratelimited("IPv6: Prefix with unexpected length %d\n", + pinfo->prefix_len); } - net_dbg_ratelimited("IPv6 addrconf: prefix with wrong length %d\n", - pinfo->prefix_len); goto put; ok: @@ -3186,22 +3342,6 @@ void addrconf_add_linklocal(struct inet6_dev *idev, } EXPORT_SYMBOL_GPL(addrconf_add_linklocal); -static bool ipv6_reserved_interfaceid(struct in6_addr address) -{ - if ((address.s6_addr32[2] | address.s6_addr32[3]) == 0) - return true; - - if (address.s6_addr32[2] == htonl(0x02005eff) && - ((address.s6_addr32[3] & htonl(0xfe000000)) == htonl(0xfe000000))) - return true; - - if (address.s6_addr32[2] == htonl(0xfdffffff) && - ((address.s6_addr32[3] & htonl(0xffffff80)) == htonl(0xffffff80))) - return true; - - return false; -} - static int ipv6_generate_stable_address(struct in6_addr *address, u8 dad_count, const struct inet6_dev *idev) @@ -5517,6 +5657,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, array[DEVCONF_DISABLE_POLICY] = cnf->disable_policy; array[DEVCONF_NDISC_TCLASS] = cnf->ndisc_tclass; array[DEVCONF_RPL_SEG_ENABLED] = cnf->rpl_seg_enabled; + array[DEVCONF_VARIABLE_SLAAC] = cnf->variable_slaac; } static inline size_t inet6_ifla6_size(void) @@ -6897,6 +7038,13 @@ static const struct ctl_table addrconf_sysctl[] = { .mode = 0644, .proc_handler = proc_dointvec, }, + { + .procname = "variable_slaac", + .data = &ipv6_devconf.variable_slaac, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec, + }, { /* sentinel */ }
Variable SLAAC [Can be activated via sysctl]: SLAAC with prefixes of arbitrary length in PIO (randomly generated hostID or stable privacy + privacy extensions). The main problem is that SLAAC RA or PD allocates a /64 by the Wireless carrier 4G, 5G to a mobile hotspot, however segmentation of the /64 via SLAAC is required so that downstream interfaces can be further subnetted. Example: uCPE device (4G + WI-FI enabled) receives /64 via Wireless, and assigns /72 to VNF-Firewall, /72 to WIFI, /72 to VNF-Router, /72 to Load-Balancer and /72 to wired connected devices. IETF document that defines problem statement: draft-mishra-v6ops-variable-slaac-problem-stmt IETF document that specifies variable slaac: draft-mishra-6man-variable-slaac Signed-off-by: Dmytro Shytyi <dmytro@shytyi.net> ---