[PATCH net-next 0/3] follow-up improvements for ipv6 tokens

[PATCH net-next 0/3] follow-up improvements for ipv6 tokens

[Daniel Borkmann]

This set implements follow-up suggestions from Hannes for commit
f53adae4eae5ad9 (``net: ipv6: add tokenized interface identifier
support''). Tested by myself.

Daniel Borkmann (3):
  net: ipv6: minor: use in6addr_any in token init
  net: ipv6: also allow token to be set when device not ready
  net: ipv6: only invalidate previously tokenized addresses

 include/net/if_inet6.h |    2 ++
 net/ipv6/addrconf.c    |   31 ++++++++++++++++++++++---------
 2 files changed, 24 insertions(+), 9 deletions(-)

[PATCH net-next 1/3] net: ipv6: minor: use in6addr_any in token init

[Daniel Borkmann]

Since we check for !ipv6_addr_any(&in6_dev->token) in
addrconf_prefix_rcv(), make the token initialization on
device setup more intuitive by using in6addr_any as an
initializer.

Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
---
 net/ipv6/addrconf.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 65d8139..645bf31 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -422,7 +422,7 @@ static struct inet6_dev *ipv6_add_dev(struct net_device *dev)
 		ipv6_regen_rndid((unsigned long) ndev);
 	}
 #endif
-	memset(ndev->token.s6_addr, 0, sizeof(ndev->token.s6_addr));
+	ndev->token = in6addr_any;
 
 	if (netif_running(dev) && addrconf_qdisc_ok(dev))
 		ndev->if_flags |= IF_READY;
-- 
1.7.1

Re: [PATCH net-next 1/3] net: ipv6: minor: use in6addr_any in token init

[Hannes Frederic Sowa]

On Tue, Apr 09, 2013 at 03:47:14PM +0200, Daniel Borkmann wrote:
> Since we check for !ipv6_addr_any(&in6_dev->token) in
> addrconf_prefix_rcv(), make the token initialization on
> device setup more intuitive by using in6addr_any as an
> initializer.
> 
> Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>

Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>

[PATCH net-next 2/3] net: ipv6: also allow token to be set when device not ready

[Daniel Borkmann]

When we set the iftoken in inet6_set_iftoken(), we return -EINVAL
when the device does not have flag IF_READY. This is however not
necessary and rather an artificial usability barrier, since we
simply can set the token despite that, and in case the device is
ready, we just send out our rs, otherwise ifup et al. will do
this for us anyway.

Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
---
 net/ipv6/addrconf.c |   22 ++++++++++++++++------
 1 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 645bf31..713ebe3 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4296,9 +4296,9 @@ static int inet6_fill_link_af(struct sk_buff *skb, const struct net_device *dev)
 
 static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
 {
-	struct in6_addr ll_addr;
 	struct inet6_ifaddr *ifp;
 	struct net_device *dev = idev->dev;
+	bool update_rs = false;
 
 	if (token == NULL)
 		return -EINVAL;
@@ -4306,8 +4306,6 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
 		return -EINVAL;
 	if (dev->flags & (IFF_LOOPBACK | IFF_NOARP))
 		return -EINVAL;
-	if (idev->dead || !(idev->if_flags & IF_READY))
-		return -EINVAL;
 	if (!ipv6_accept_ra(idev))
 		return -EINVAL;
 	if (idev->cnf.rtr_solicits <= 0)
@@ -4320,11 +4318,23 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
 
 	write_unlock_bh(&idev->lock);
 
-	ipv6_get_lladdr(dev, &ll_addr, IFA_F_TENTATIVE | IFA_F_OPTIMISTIC);
-	ndisc_send_rs(dev, &ll_addr, &in6addr_linklocal_allrouters);
+	if (!idev->dead && (idev->if_flags & IF_READY)) {
+		struct in6_addr ll_addr;
+
+		ipv6_get_lladdr(dev, &ll_addr, IFA_F_TENTATIVE |
+				IFA_F_OPTIMISTIC);
+
+		/* If we're not ready, then normal ifup will take care
+		 * of this. Otherwise, we need to request our rs here.
+		 */
+		ndisc_send_rs(dev, &ll_addr, &in6addr_linklocal_allrouters);
+		update_rs = true;
+	}
 
 	write_lock_bh(&idev->lock);
-	idev->if_flags |= IF_RS_SENT;
+
+	if (update_rs)
+		idev->if_flags |= IF_RS_SENT;
 
 	/* Well, that's kinda nasty ... */
 	list_for_each_entry(ifp, &idev->addr_list, if_list) {
-- 
1.7.1

Re: [PATCH net-next 2/3] net: ipv6: also allow token to be set when device not ready

[Hannes Frederic Sowa]

On Tue, Apr 09, 2013 at 03:47:15PM +0200, Daniel Borkmann wrote:
> When we set the iftoken in inet6_set_iftoken(), we return -EINVAL
> when the device does not have flag IF_READY. This is however not
> necessary and rather an artificial usability barrier, since we
> simply can set the token despite that, and in case the device is
> ready, we just send out our rs, otherwise ifup et al. will do
> this for us anyway.
> 
> Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>

Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>

[PATCH net-next 3/3] net: ipv6: only invalidate previously tokenized addresses

[Daniel Borkmann]

Instead of invalidating all IPv6 addresses with global scope
when one decides to use IPv6 tokens, we should only invalidate
previous tokens and leave the rest intact until they expire
eventually (or are intact forever). For doing this less greedy
approach, we're adding a bool at the end of inet6_ifaddr structure
instead, for two reasons: i) per-inet6_ifaddr flag space is
already used up, making it wider might not be a good idea,
since ii) also we do not necessarily need to export this
information into user space.

Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
---
 include/net/if_inet6.h |    2 ++
 net/ipv6/addrconf.c    |    7 +++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
index f1063d6..100fb8c 100644
--- a/include/net/if_inet6.h
+++ b/include/net/if_inet6.h
@@ -71,6 +71,8 @@ struct inet6_ifaddr {
 	struct inet6_ifaddr	*ifpub;
 	int			regen_count;
 #endif
+	bool			tokenized;
+
 	struct rcu_head		rcu;
 };
 
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 713ebe3..28b61e8 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -878,6 +878,7 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
 	ifa->prefix_len = pfxlen;
 	ifa->flags = flags | IFA_F_TENTATIVE;
 	ifa->cstamp = ifa->tstamp = jiffies;
+	ifa->tokenized = false;
 
 	ifa->rt = rt;
 
@@ -2134,6 +2135,7 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len, bool sllao)
 		struct inet6_ifaddr *ifp;
 		struct in6_addr addr;
 		int create = 0, update_lft = 0;
+		bool tokenized = false;
 
 		if (pinfo->prefix_len == 64) {
 			memcpy(&addr, &pinfo->prefix, 8);
@@ -2143,6 +2145,7 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len, bool sllao)
 				memcpy(addr.s6_addr + 8,
 				       in6_dev->token.s6_addr + 8, 8);
 				read_unlock_bh(&in6_dev->lock);
+				tokenized = true;
 			} else if (ipv6_generate_eui64(addr.s6_addr + 8, dev) &&
 				   ipv6_inherit_eui64(addr.s6_addr + 8, in6_dev)) {
 				in6_dev_put(in6_dev);
@@ -2185,6 +2188,7 @@ ok:
 
 			update_lft = create = 1;
 			ifp->cstamp = jiffies;
+			ifp->tokenized = tokenized;
 			addrconf_dad_start(ifp);
 		}
 
@@ -4339,8 +4343,7 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
 	/* Well, that's kinda nasty ... */
 	list_for_each_entry(ifp, &idev->addr_list, if_list) {
 		spin_lock(&ifp->lock);
-		if (ipv6_addr_src_scope(&ifp->addr) ==
-		    IPV6_ADDR_SCOPE_GLOBAL) {
+		if (ifp->tokenized) {
 			ifp->valid_lft = 0;
 			ifp->prefered_lft = 0;
 		}
-- 
1.7.1

Re: [PATCH net-next 3/3] net: ipv6: only invalidate previously tokenized addresses

[Hannes Frederic Sowa]

On Tue, Apr 09, 2013 at 03:47:16PM +0200, Daniel Borkmann wrote:
> Instead of invalidating all IPv6 addresses with global scope
> when one decides to use IPv6 tokens, we should only invalidate
> previous tokens and leave the rest intact until they expire
> eventually (or are intact forever). For doing this less greedy
> approach, we're adding a bool at the end of inet6_ifaddr structure
> instead, for two reasons: i) per-inet6_ifaddr flag space is
> already used up, making it wider might not be a good idea,
> since ii) also we do not necessarily need to export this
> information into user space.
> 
> Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
> Signed-off-by: Daniel Borkmann <dborkman@redhat.com>

Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>

Re: [PATCH net-next 0/3] follow-up improvements for ipv6 tokens

[David Miller]

From: Daniel Borkmann <dborkman@redhat.com>
Date: Tue,  9 Apr 2013 15:47:13 +0200

> This set implements follow-up suggestions from Hannes for commit
> f53adae4eae5ad9 (``net: ipv6: add tokenized interface identifier
> support''). Tested by myself.
> 
> Daniel Borkmann (3):
>   net: ipv6: minor: use in6addr_any in token init
>   net: ipv6: also allow token to be set when device not ready
>   net: ipv6: only invalidate previously tokenized addresses

All applied, thanks Daniel.