From: "Julien Aubé" <jul.aube@gmail.com>
To: netdev@vger.kernel.org
Subject: [PATCH] IPv6 configurable default value for the privacy extension flag
Date: Mon, 31 Jan 2011 16:49:45 +0100 [thread overview]
Message-ID: <20110131164945.3370cbcd@baileys.at.home> (raw)
[-- Attachment #1: Type: text/plain, Size: 1553 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
The following patch is a proposal only.
The goal is to "preset" the default value of the flag use_tempaddr for the all/ and conf/ configuration space.
The reason why I did this patch is because frequently, I have a race between the interface coming up and the flag:
Usually, just setting the flag to 2 in /etc/sysctl.conf is not enough : At this moment of the boot, even if the interface has no
IPv4 yet, it may have already an IPv6, got by RA.
But if at this time the flag is 0, then the interface will keep the address derived from the Mac Address. Forever.
The only solution is to bring down the interface and bring it up again, manually.
That's why I created this patch.
I'm not sure if this is the good implementation to do, or even if it is the right way to scratch my own itch, but it
does work nevertheless.
I know the Privacy Extension is somewhat controversial, but anyway, I do prefer to have it on, for myself.
I'm willing to to listen to any comments and modify my patch accordingly.
Thanks,
Julien Aubé - j.aube@laposte.net
- --
People in the embedded space don't do prototypes. They hack something until it works, then it's done.
- ---
le reseau par terre, c'est d'la faute a renater
le nez dans le ruisseau, c'est la faute a cisco
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1G2hkACgkQHiz1mD2sU8irLACeM9ZBiQ+WSj2dVImyorRuwEVY
9UwAoJVp3w3Vp+9HRe6BRW59y/KrnDsr
=zlk3
-----END PGP SIGNATURE-----
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: ipv6_privacy_default_setting.patch --]
[-- Type: text/x-patch, Size: 4640 bytes --]
commit 59dd205f4d8f281cd39429bbb6a9f158be8adcd1
Author: Julien Aube <j.aube@laposte.net>
Date: Mon Jan 24 11:15:49 2011 +0100
[IPv6]: Add a kernel parameter to preset the default value of the use_tempaddr flag.
This patch add the kernel parameter '--ipv6.privacy_default=[0|1|2]' , which preset the
value of the flags /proc/sys/net/ipv6/conf/all/use_tempaddr and
/proc/sys/net/ipv6/conf/conf/use_tempaddr .
This is usefull because some distributions does not handle this well:
When the flag is changed in the kernel, it's often too late, the persistent address is
already set, and the flag value is never taken into account.
With this parameter, it's possible to "preset" the default value of the flag for the
interfaces.
The values [0|1|2+] have the same meaning than the corresponding use_tempaddr flag.
Signed-off-by: Julien Aubé <j.aube@laposte.net>
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 01ece1b..b756214 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2081,6 +2081,9 @@ and is between 256 and 4096 characters. It is defined in the file
printk.time= Show timing data prefixed to each printk message line
Format: <bool> (1/Y/y=enable, 0/N/n=disable)
+ privacy_default= [IPV6]
+ See Documentation/networking/ipv6.txt.
+
processor.max_cstate= [HW,ACPI]
Limit processor to maximum C-state
max_cstate=9 overrides any DMI blacklist limit.
diff --git a/Documentation/networking/ipv6.txt b/Documentation/networking/ipv6.txt
index 9fd7e21..076b6e6 100644
--- a/Documentation/networking/ipv6.txt
+++ b/Documentation/networking/ipv6.txt
@@ -70,3 +70,20 @@ disable_ipv6
No IPv6 addresses will be added to interfaces.
+privacy_default
+
+ Specifies the default value of the flag "use_tempaddr"
+ (aka. Privacy Extension, RFC 3041 and RFC 4941).
+ This is usefull to ensure the value of this flag for
+ distributions that do no takes care of it.
+
+ The possible values are the same as the one used by sysctl:
+
+ 0 Privacy Extension (RFC 3041) is not used.
+ This is the default value.
+
+ 1 A random address suffix is configured when a Router Advertisement
+ is received,but is not used by default for outgoing communications.
+
+ 2 A random address suffix is configured when a Router Advertisement
+ is received, and is used by deault for outgoing communications.
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 848b355..c93ce71 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -15,6 +15,11 @@
/*
* Changes:
*
+ * Julien Aubé : Add a configurable default value for the
+ * use_tmpaddr flag, which control the behavior of
+ * the kernel according to the RFC 3041 and 4941.
+ * <j.aube@laposte.net>
+ *
* Janos Farkas : delete timer on ifdown
* <chexum@bankinf.banki.hu>
* Andi Kleen : kill double kfree on module
@@ -125,6 +130,12 @@ static inline void addrconf_sysctl_unregister(struct inet6_dev *idev)
static int __ipv6_regen_rndid(struct inet6_dev *idev);
static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr);
static void ipv6_regen_rndid(unsigned long data);
+
+static int ipv6_default_privacy;
+module_param_named(privacy_default, ipv6_default_privacy, int, 0444);
+MODULE_PARM_DESC(privacy_default, "Set IPv6 privacy extension by default \
+on all interfaces (0,1 or 2)");
+
#endif
static int ipv6_generate_eui64(u8 *eui, struct net_device *dev);
@@ -4554,6 +4565,26 @@ static int __net_init addrconf_init_net(struct net *net)
all = &ipv6_devconf;
dflt = &ipv6_devconf_dflt;
+#ifdef CONFIG_IPV6_PRIVACY
+ if (ipv6_default_privacy == 0) {
+ printk(KERN_INFO "IPv6 Privacy Extension "
+ "is disabled by default\n");
+ } else if (ipv6_default_privacy == 1) {
+ printk(KERN_INFO "IPv6 Privacy Extension "
+ "is enabled by default\n");
+ all->use_tempaddr = ipv6_default_privacy;
+ dflt->use_tempaddr = ipv6_default_privacy;
+ } else if (ipv6_default_privacy >= 2) {
+ printk(KERN_INFO "IPv6 Privacy Extension "
+ "is enabled and used by default\n");
+ all->use_tempaddr = ipv6_default_privacy;
+ dflt->use_tempaddr = ipv6_default_privacy;
+ } else {
+ printk(KERN_WARNING "IPv6 Privacy Extension "
+ "is disabled by default (invalid value %d)\n", ipv6_default_privacy);
+ }
+#endif
+
if (!net_eq(net, &init_net)) {
all = kmemdup(all, sizeof(ipv6_devconf), GFP_KERNEL);
if (all == NULL)
next reply other threads:[~2011-01-31 15:52 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-31 15:49 Julien Aubé [this message]
2011-02-01 4:04 ` [PATCH] IPv6 configurable default value for the privacy extension flag YOSHIFUJI Hideaki
2011-02-01 12:57 ` Julien Aube
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110131164945.3370cbcd@baileys.at.home \
--to=jul.aube@gmail.com \
--cc=j.aube@laposte.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).