From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Valentin Spreckels <valentin@spreckels.dev>
Cc: Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
wireguard@lists.zx2c4.com, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH wireguard] wireguard: prevent ipv6 addrconf via IFF_NO_ADDRCONF flag
Date: Sun, 3 May 2026 21:18:18 +0200 [thread overview]
Message-ID: <afefejiY8SX8UfTm@zx2c4.com> (raw)
In-Reply-To: <c486b63c-521f-4972-80bf-ebb2bfe04724@spreckels.dev>
On Sat, Mar 21, 2026 at 08:20:53PM +0100, Valentin Spreckels wrote:
> Hi Jason,
>
> On 11/03/2026 23:59, Jason A. Donenfeld wrote:
> > Hi Valentin,
> >
> > On Sun, Feb 08, 2026 at 06:05:45PM +0100, Valentin Spreckels wrote:
> >> Use the flag introduced in commit 8a321cf7becc6 ("net: add
> >> IFF_NO_ADDRCONF and use it in bonding to prevent ipv6 addrconf")
> >> instead of mangling the addr_gen_mode to prevent ipv6 addrconf.
> >
> > Can you give some more context here? Why was IFF_NO_ADDRCONF added when
> > the IN6_ADDR_GEN_MODE_NONE method has been working fine? What's the
> > difference between these approaches? I don't doubt that your patch is
> > correct, but I would like to better understand this.
>
> Only wireguard configures addr_gen_mode inside the kernel, otherwise it
> is only set by userspace; userspace is also able to overwrite the
> IFF_NO_ADDRCONF set by wireguard.
>
> Commit 8a321cf7becc ("net: add IFF_NO_ADDRCONF and use it in bonding to
> prevent ipv6 addrconf") introduces the private interface flag
> IFF_NO_ADDRCONF, which isn't accessible by userspace.
>
> Thus use the IFF_NO_ADDRCONF flag in wireguard.
>
>
> Does that answer your questions? If yes, I will submit a v2 with this as
> commit message.
I applied this here:
https://git.zx2c4.com/wireguard-linux/commit/?id=88427bcbe5bd3711de387b1c1f6540ef6fc05a78
Sorry for the delay! Patch looks good as-is, once I looked into the
internal mechanism.
Jason
next prev parent reply other threads:[~2026-05-03 19:18 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-08 17:05 [PATCH wireguard] wireguard: prevent ipv6 addrconf via IFF_NO_ADDRCONF flag Valentin Spreckels
2026-03-11 22:59 ` Jason A. Donenfeld
2026-03-21 19:20 ` Valentin Spreckels
2026-05-03 19:18 ` Jason A. Donenfeld [this message]
2026-05-05 15:05 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afefejiY8SX8UfTm@zx2c4.com \
--to=jason@zx2c4.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=valentin@spreckels.dev \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.