[RFC][PATCH] Export all RA options that we don't handle to userspace

[Pierre Ossman <pierre-list@ossman.eu>]

[-- Attachment #1.1: Type: text/plain, Size: 897 bytes --]

Second patch that exports everything. If noone objects to this model,
then merge the two patches and just use the commit message from the
second one.

Pros:
- Kernel doesn't need to be updated for every new RA option that might
  show up.

Cons:
- Possible security issue if it requires less privilege to read these
  netlink messages than to open a raw ICMPv6 socket.
- List of types the kernel is interested in is now in two places in the
  code, creating a risk for getting out of sync. I tried to come up
  with a structure that would prevent this, but couldn't think of
  anything that wouldn't require large changes. Ideas welcome...

Rgds
-- 
     -- Pierre Ossman

  WARNING: This correspondence is being monitored by FRA, a
  Swedish intelligence agency. Make sure your server uses
  encryption for SMTP traffic and consider using PGP for
  end-to-end encryption.

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0002-ipv6-give-userspace-all-RA-options-that-we-do-not-ca.patch --]
[-- Type: text/x-patch, Size: 2561 bytes --]

From 00cdbb6f65ad4c8d71aec12a615a83aeedcf541c Mon Sep 17 00:00:00 2001
From: Pierre Ossman <pierre@ossman.eu>
Date: Sun, 12 Dec 2010 12:49:29 +0100
Subject: [PATCH 2/2] ipv6: give userspace all RA options that we do not care about

Instead of having to update the kernel for every new RA option that needs
to be dealt with in userspace, just send over everything that we don't
handle ourselves in the kernel.

Signed-off-by: Pierre Ossman <pierre@ossman.eu>
---
 net/ipv6/ndisc.c |   38 +++++++++++++++++++-------------------
 1 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index c5b01e3..192e90b 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -233,12 +233,17 @@ static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
 
 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
 {
+	/* Keep in sync with ndisc_parse_options() ! */
 	switch (opt->nd_opt_type) {
-	case ND_OPT_RDNSS:
-	case ND_OPT_DNSSL:
-		return 1;
-	default:
+	case ND_OPT_SOURCE_LL_ADDR:
+	case ND_OPT_TARGET_LL_ADDR:
+	case ND_OPT_MTU:
+	case ND_OPT_REDIRECT_HDR:
+	case ND_OPT_PREFIX_INFO:
+	case ND_OPT_ROUTE_INFO:
 		return 0;
+	default:
+		return 1;
 	}
 }
 
@@ -268,6 +273,7 @@ static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
 		l = nd_opt->nd_opt_len << 3;
 		if (opt_len < l || l == 0)
 			return NULL;
+		/* Keep in sync with ndisc_is_useropt() ! */
 		switch (nd_opt->nd_opt_type) {
 		case ND_OPT_SOURCE_LL_ADDR:
 		case ND_OPT_TARGET_LL_ADDR:
@@ -295,21 +301,15 @@ static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
 			break;
 #endif
 		default:
-			if (ndisc_is_useropt(nd_opt)) {
-				ndopts->nd_useropts_end = nd_opt;
-				if (!ndopts->nd_useropts)
-					ndopts->nd_useropts = nd_opt;
-			} else {
-				/*
-				 * Unknown options must be silently ignored,
-				 * to accommodate future extension to the
-				 * protocol.
-				 */
-				ND_PRINTK2(KERN_NOTICE
-					   "%s(): ignored unsupported option; type=%d, len=%d\n",
-					   __func__,
-					   nd_opt->nd_opt_type, nd_opt->nd_opt_len);
-			}
+			/*
+			 * Unknown options must be silently ignored,
+			 * to accommodate future extension to the
+			 * protocol. We also provide them to userspace
+			 * for things like DNS configuration.
+			 */
+			ndopts->nd_useropts_end = nd_opt;
+			if (!ndopts->nd_useropts)
+				ndopts->nd_useropts = nd_opt;
 		}
 		opt_len -= l;
 		nd_opt = ((void *)nd_opt) + l;
-- 
1.7.2.3


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 230 bytes --]