[PATCH] IPv6 configurable default value for the privacy extension flag

[PATCH] IPv6 configurable default value for the privacy extension flag

[Julien Aubé]

[-- Attachment #1: Type: text/plain, Size: 1553 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

The following patch is a proposal only.

The goal is to "preset" the default value of the flag use_tempaddr for the all/ and conf/ configuration space. 

The reason why I did this patch is because frequently, I have a race between the interface coming up and the flag:
Usually, just setting the flag to 2 in /etc/sysctl.conf is not enough : At this moment of the boot, even if the interface has no
IPv4 yet, it may have already an IPv6, got by RA.

But if at this time the flag is 0, then the interface will keep the address derived from the Mac Address. Forever.
The only solution is to bring down the interface and bring it up again, manually. 

That's why I created this patch.
I'm not sure if this is the good implementation to do, or even if it is the right way to scratch my own itch, but it 
does work nevertheless.
I know the Privacy Extension is somewhat controversial, but anyway, I do prefer to have it on, for myself.

I'm willing to to listen to any comments and modify my patch accordingly. 

Thanks,

Julien Aubé - j.aube@laposte.net

- -- 
People in the embedded space don't do prototypes. They hack something until it works, then it's done.
- --- 
le reseau par terre, c'est d'la faute a renater
le nez dans le ruisseau, c'est la faute a cisco
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk1G2hkACgkQHiz1mD2sU8irLACeM9ZBiQ+WSj2dVImyorRuwEVY
9UwAoJVp3w3Vp+9HRe6BRW59y/KrnDsr
=zlk3
-----END PGP SIGNATURE-----

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: ipv6_privacy_default_setting.patch --]
[-- Type: text/x-patch, Size: 4640 bytes --]

commit 59dd205f4d8f281cd39429bbb6a9f158be8adcd1
Author: Julien Aube <j.aube@laposte.net>
Date:   Mon Jan 24 11:15:49 2011 +0100

    [IPv6]: Add a kernel parameter to preset the default value of the use_tempaddr flag.
    
    This patch add the kernel parameter '--ipv6.privacy_default=[0|1|2]' , which preset the
    value of the flags /proc/sys/net/ipv6/conf/all/use_tempaddr and
    /proc/sys/net/ipv6/conf/conf/use_tempaddr .
    
    This is usefull because some distributions does not handle this well:
    When the flag is changed in the kernel, it's often too late, the persistent address is
    already set, and the flag value is never taken into account.
    
    With this parameter, it's possible to "preset" the default value of the flag for the
    interfaces.
    
    The values [0|1|2+] have the same meaning than the corresponding use_tempaddr flag.
    
    Signed-off-by: Julien Aubé <j.aube@laposte.net>

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 01ece1b..b756214 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2081,6 +2081,9 @@ and is between 256 and 4096 characters. It is defined in the file
 	printk.time=	Show timing data prefixed to each printk message line
 			Format: <bool>  (1/Y/y=enable, 0/N/n=disable)
 
+	privacy_default= [IPV6]
+			See Documentation/networking/ipv6.txt.
+
 	processor.max_cstate=	[HW,ACPI]
 			Limit processor to maximum C-state
 			max_cstate=9 overrides any DMI blacklist limit.
diff --git a/Documentation/networking/ipv6.txt b/Documentation/networking/ipv6.txt
index 9fd7e21..076b6e6 100644
--- a/Documentation/networking/ipv6.txt
+++ b/Documentation/networking/ipv6.txt
@@ -70,3 +70,20 @@ disable_ipv6
 
 		No IPv6 addresses will be added to interfaces.
 
+privacy_default
+
+	Specifies the default value of the flag "use_tempaddr"
+	(aka. Privacy Extension, RFC 3041 and RFC 4941).
+	This is usefull to ensure the value of this flag for
+	distributions that do no takes care of it.
+
+	The possible values are the same as the one used by sysctl:
+
+	0	Privacy Extension (RFC 3041) is not used.
+		This is the default value.
+
+	1	A random address suffix is configured when a Router Advertisement
+		is received,but is not used by default for outgoing communications.
+
+	2	A random address suffix is configured when a Router Advertisement
+		is received, and is used by deault for outgoing communications.
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 848b355..c93ce71 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -15,6 +15,11 @@
 /*
  *	Changes:
  *
+ *  Julien Aubé           :   Add a configurable default value for the
+ *		use_tmpaddr flag, which control the behavior of
+ *		the kernel according to the RFC 3041 and 4941.
+ * <j.aube@laposte.net>
+ *
  *	Janos Farkas			:	delete timer on ifdown
  *	<chexum@bankinf.banki.hu>
  *	Andi Kleen			:	kill double kfree on module
@@ -125,6 +130,12 @@ static inline void addrconf_sysctl_unregister(struct inet6_dev *idev)
 static int __ipv6_regen_rndid(struct inet6_dev *idev);
 static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpaddr);
 static void ipv6_regen_rndid(unsigned long data);
+
+static int ipv6_default_privacy;
+module_param_named(privacy_default, ipv6_default_privacy, int, 0444);
+MODULE_PARM_DESC(privacy_default, "Set IPv6 privacy extension by default \
+on all interfaces (0,1 or 2)");
+
 #endif
 
 static int ipv6_generate_eui64(u8 *eui, struct net_device *dev);
@@ -4554,6 +4565,26 @@ static int __net_init addrconf_init_net(struct net *net)
 	all = &ipv6_devconf;
 	dflt = &ipv6_devconf_dflt;
 
+#ifdef CONFIG_IPV6_PRIVACY
+	if (ipv6_default_privacy == 0) {
+		printk(KERN_INFO "IPv6 Privacy Extension "
+							"is disabled by default\n");
+	} else if (ipv6_default_privacy == 1) {
+		printk(KERN_INFO "IPv6 Privacy Extension "
+							"is enabled by default\n");
+		all->use_tempaddr  = ipv6_default_privacy;
+		dflt->use_tempaddr = ipv6_default_privacy;
+	} else if (ipv6_default_privacy >= 2) {
+		printk(KERN_INFO "IPv6 Privacy Extension "
+							"is enabled and used by default\n");
+		all->use_tempaddr  = ipv6_default_privacy;
+		dflt->use_tempaddr = ipv6_default_privacy;
+	} else {
+		printk(KERN_WARNING "IPv6 Privacy Extension "
+	"is disabled by default (invalid value %d)\n", ipv6_default_privacy);
+	}
+#endif
+
 	if (!net_eq(net, &init_net)) {
 		all = kmemdup(all, sizeof(ipv6_devconf), GFP_KERNEL);
 		if (all == NULL)

Re: [PATCH] IPv6 configurable default value for the privacy extension flag

[YOSHIFUJI Hideaki]

Hello.

(2011/02/01 0:49), Julien Aubé wrote:

>+	} else {
>+		printk(KERN_WARNING "IPv6 Privacy Extension "
>+	"is disabled by default (invalid value %d)\n", ipv6_default_privacy);
>+	}

I think WARNING is too high.

--yoshfuji

Re: [PATCH] IPv6 configurable default value for the privacy extension flag

[Julien Aube]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le Tue, 01 Feb 2011 13:04:37 +0900,
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> a écrit :

> Hello.
> 
> (2011/02/01 0:49), Julien Aube wrote:
> 
> >+	} else {
> >+		printk(KERN_WARNING "IPv6 Privacy Extension "
> >+	"is disabled by default (invalid value %d)\n", ipv6_default_privacy);
> >+	}
> 
> I think WARNING is too high.

I did put KERN_WARNING because this code is used when someone explicitly set 
an invalid value, e.g.
 ipv6.privacy_default=-1

But you're right, I'll set KERN_NOTICE instead.

What do you think of the idea by itself anyhow ?

Thanks for the feedback.

Julien
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk1IAyYACgkQHiz1mD2sU8g39QCg6FY8LFCBwyX310cAZYdyVHJA
a4wAoOSDXBZGgayReuZ5wvzE7iZRiHZr
=7i5B
-----END PGP SIGNATURE-----