* [PATCH 1/1] net/ipv6: add sysctl option accept_ra_min_hop_limit
@ 2016-01-04 8:37 Yuki Machida
2016-01-05 10:17 ` YOSHIFUJI Hideaki
0 siblings, 1 reply; 6+ messages in thread
From: Yuki Machida @ 2016-01-04 8:37 UTC (permalink / raw)
To: netdev; +Cc: Yuki Machida, Hangbin Liu, David S. Miller
Please apply the following patch to v4.1.x.
By ommit 6fd99094de2b ("ipv6: Don't reduce hop limit for an interface")
that have been added in the 4.0-rc7, it no longer comply with RFC4861.
This problem has been fixed in the commit 8013d1d7eafb
("net/ipv6: add sysctl option accept_ra_min_hop_limit")
in 4.3-rc1, but 4.1.x is still.
[ Upstream 8013d1d7eafb0589ca766db6b74026f76b7f5cb4 ]
Commit 6fd99094de2b ("ipv6: Don't reduce hop limit for an interface")
disabled accept hop limit from RA if it is smaller than the current hop
limit for security stuff. But this behavior kind of break the RFC definition.
RFC 4861, 6.3.4. Processing Received Router Advertisements
A Router Advertisement field (e.g., Cur Hop Limit, Reachable Time,
and Retrans Timer) may contain a value denoting that it is
unspecified. In such cases, the parameter should be ignored and the
host should continue using whatever value it is already using.
If the received Cur Hop Limit value is non-zero, the host SHOULD set
its CurHopLimit variable to the received value.
So add sysctl option accept_ra_min_hop_limit to let user choose the minimum
hop limit value they can accept from RA. And set default to 1 to meet RFC
standards.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Acked-by: YOSHIFUJI Hideaki <hideaki.yoshifuji@miraclelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
Documentation/networking/ip-sysctl.txt | 8 ++++++++
include/linux/ipv6.h | 1 +
include/uapi/linux/ipv6.h | 1 +
net/ipv6/addrconf.c | 10 ++++++++++
net/ipv6/ndisc.c | 16 +++++++---------
5 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 071fb18..07fad3d 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1321,6 +1321,14 @@ accept_ra_from_local - BOOLEAN
disabled if accept_ra_from_local is disabled
on a specific interface.
+accept_ra_min_hop_limit - INTEGER
+ Minimum hop limit Information in Router Advertisement.
+
+ Hop limit Information in Router Advertisement less than this
+ variable shall be ignored.
+
+ Default: 1
+
accept_ra_pinfo - BOOLEAN
Learn Prefix Information in Router Advertisement.
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index e4b4649..01c2592 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -29,6 +29,7 @@ struct ipv6_devconf {
__s32 max_desync_factor;
__s32 max_addresses;
__s32 accept_ra_defrtr;
+ __s32 accept_ra_min_hop_limit;
__s32 accept_ra_pinfo;
#ifdef CONFIG_IPV6_ROUTER_PREF
__s32 accept_ra_rtr_pref;
diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h
index 5efa54a..68094e33 100644
--- a/include/uapi/linux/ipv6.h
+++ b/include/uapi/linux/ipv6.h
@@ -171,6 +171,7 @@ enum {
DEVCONF_USE_OPTIMISTIC,
DEVCONF_ACCEPT_RA_MTU,
DEVCONF_STABLE_SECRET,
+ DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
DEVCONF_MAX
};
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index fd3aa61..366d010 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -195,6 +195,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
.max_addresses = IPV6_MAX_ADDRESSES,
.accept_ra_defrtr = 1,
.accept_ra_from_local = 0,
+ .accept_ra_min_hop_limit= 1,
.accept_ra_pinfo = 1,
#ifdef CONFIG_IPV6_ROUTER_PREF
.accept_ra_rtr_pref = 1,
@@ -236,6 +237,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
.max_addresses = IPV6_MAX_ADDRESSES,
.accept_ra_defrtr = 1,
.accept_ra_from_local = 0,
+ .accept_ra_min_hop_limit= 1,
.accept_ra_pinfo = 1,
#ifdef CONFIG_IPV6_ROUTER_PREF
.accept_ra_rtr_pref = 1,
@@ -4559,6 +4561,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor;
array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses;
array[DEVCONF_ACCEPT_RA_DEFRTR] = cnf->accept_ra_defrtr;
+ array[DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT] = cnf->accept_ra_min_hop_limit;
array[DEVCONF_ACCEPT_RA_PINFO] = cnf->accept_ra_pinfo;
#ifdef CONFIG_IPV6_ROUTER_PREF
array[DEVCONF_ACCEPT_RA_RTR_PREF] = cnf->accept_ra_rtr_pref;
@@ -5455,6 +5458,13 @@ static struct addrconf_sysctl_table
.proc_handler = proc_dointvec,
},
{
+ .procname = "accept_ra_min_hop_limit",
+ .data = &ipv6_devconf.accept_ra_min_hop_limit,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+ {
.procname = "accept_ra_pinfo",
.data = &ipv6_devconf.accept_ra_pinfo,
.maxlen = sizeof(int),
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 96f153c..abb0bdd 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1225,18 +1225,16 @@ static void ndisc_router_discovery(struct sk_buff *skb)
if (rt)
rt6_set_expires(rt, jiffies + (HZ * lifetime));
- if (ra_msg->icmph.icmp6_hop_limit) {
- /* Only set hop_limit on the interface if it is higher than
- * the current hop_limit.
- */
- if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
+ if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
+ ra_msg->icmph.icmp6_hop_limit) {
+ if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
+ if (rt)
+ dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
+ ra_msg->icmph.icmp6_hop_limit);
} else {
- ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
+ ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
}
- if (rt)
- dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
- ra_msg->icmph.icmp6_hop_limit);
}
skip_defrtr:
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] net/ipv6: add sysctl option accept_ra_min_hop_limit
2016-01-04 8:37 [PATCH 1/1] net/ipv6: add sysctl option accept_ra_min_hop_limit Yuki Machida
@ 2016-01-05 10:17 ` YOSHIFUJI Hideaki
2016-01-06 2:23 ` Yuki Machida
2016-01-15 9:25 ` Yuki Machida
0 siblings, 2 replies; 6+ messages in thread
From: YOSHIFUJI Hideaki @ 2016-01-05 10:17 UTC (permalink / raw)
To: Yuki Machida, netdev, YOSHIFUJI Hideaki/吉藤英明
Cc: hideaki.yoshifuji, Hangbin Liu, David S. Miller,
YOSHIFUJI Hideaki (USAGI Project)
Hi, Machida-san.
Yuki Machida wrote:
> Please apply the following patch to v4.1.x.
>
> By ommit 6fd99094de2b ("ipv6: Don't reduce hop limit for an interface")
s/ommit/commit/
Futher comment below.
:
> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
> Acked-by: YOSHIFUJI Hideaki <hideaki.yoshifuji@miraclelinux.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> ---
> Documentation/networking/ip-sysctl.txt | 8 ++++++++
> include/linux/ipv6.h | 1 +
> include/uapi/linux/ipv6.h | 1 +
> net/ipv6/addrconf.c | 10 ++++++++++
> net/ipv6/ndisc.c | 16 +++++++---------
> 5 files changed, 27 insertions(+), 9 deletions(-)
>
> diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
> index 071fb18..07fad3d 100644
:
> --- a/include/uapi/linux/ipv6.h
> +++ b/include/uapi/linux/ipv6.h
> @@ -171,6 +171,7 @@ enum {
> DEVCONF_USE_OPTIMISTIC,
> DEVCONF_ACCEPT_RA_MTU,
> DEVCONF_STABLE_SECRET,
You have to add a hole for DEVCONF_USE_OIF_ADDRS_ONLY.
--yoshfuji
> + DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
> DEVCONF_MAX
> };
>
--
Hideaki Yoshifuji <hideaki.yoshifuji@miraclelinux.com>
Technical Division, MIRACLE LINUX CORPORATION
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] net/ipv6: add sysctl option accept_ra_min_hop_limit
2016-01-05 10:17 ` YOSHIFUJI Hideaki
@ 2016-01-06 2:23 ` Yuki Machida
2016-01-15 9:25 ` Yuki Machida
1 sibling, 0 replies; 6+ messages in thread
From: Yuki Machida @ 2016-01-06 2:23 UTC (permalink / raw)
To: YOSHIFUJI Hideaki, netdev
Cc: Hangbin Liu, David S. Miller, YOSHIFUJI Hideaki (USAGI Project),
Yuki Machida
Hi, Yoshifuji-san.
Thanks for your kindly check.
I will correct it in Patch v2.
Best Regards,
Yuki Machida
On 2016年01月05日 19:17, YOSHIFUJI Hideaki wrote:
> Hi, Machida-san.
>
> Yuki Machida wrote:
>> Please apply the following patch to v4.1.x.
>>
>> By ommit 6fd99094de2b ("ipv6: Don't reduce hop limit for an interface")
>
> s/ommit/commit/
>
> Futher comment below.
>
> :
>> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
>> Acked-by: YOSHIFUJI Hideaki <hideaki.yoshifuji@miraclelinux.com>
>> Signed-off-by: David S. Miller <davem@davemloft.net>
>> ---
>> Documentation/networking/ip-sysctl.txt | 8 ++++++++
>> include/linux/ipv6.h | 1 +
>> include/uapi/linux/ipv6.h | 1 +
>> net/ipv6/addrconf.c | 10 ++++++++++
>> net/ipv6/ndisc.c | 16 +++++++---------
>> 5 files changed, 27 insertions(+), 9 deletions(-)
>>
>> diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
>> index 071fb18..07fad3d 100644
> :
>> --- a/include/uapi/linux/ipv6.h
>> +++ b/include/uapi/linux/ipv6.h
>> @@ -171,6 +171,7 @@ enum {
>> DEVCONF_USE_OPTIMISTIC,
>> DEVCONF_ACCEPT_RA_MTU,
>> DEVCONF_STABLE_SECRET,
>
> You have to add a hole for DEVCONF_USE_OIF_ADDRS_ONLY.
>
> --yoshfuji
>
>> + DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
>> DEVCONF_MAX
>> };
>>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] net/ipv6: add sysctl option accept_ra_min_hop_limit
2016-01-05 10:17 ` YOSHIFUJI Hideaki
2016-01-06 2:23 ` Yuki Machida
@ 2016-01-15 9:25 ` Yuki Machida
2016-01-18 8:33 ` YOSHIFUJI Hideaki
1 sibling, 1 reply; 6+ messages in thread
From: Yuki Machida @ 2016-01-15 9:25 UTC (permalink / raw)
To: YOSHIFUJI Hideaki, netdev
Cc: Hangbin Liu, David S. Miller, YOSHIFUJI Hideaki (USAGI Project)
Hi, Yoshifuji-san
It is currently under investigation.
It takes still time.
Futher comment below.
On 2016年01月05日 19:17, YOSHIFUJI Hideaki wrote:
> Hi, Machida-san.
>
> Yuki Machida wrote:
>> Please apply the following patch to v4.1.x.
>>
>> By ommit 6fd99094de2b ("ipv6: Don't reduce hop limit for an interface")
>
> s/ommit/commit/
I will correct this typo.
>
> Futher comment below.
>
> :
>> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
>> Acked-by: YOSHIFUJI Hideaki <hideaki.yoshifuji@miraclelinux.com>
>> Signed-off-by: David S. Miller <davem@davemloft.net>
>> ---
>> Documentation/networking/ip-sysctl.txt | 8 ++++++++
>> include/linux/ipv6.h | 1 +
>> include/uapi/linux/ipv6.h | 1 +
>> net/ipv6/addrconf.c | 10 ++++++++++
>> net/ipv6/ndisc.c | 16 +++++++---------
>> 5 files changed, 27 insertions(+), 9 deletions(-)
>>
>> diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
>> index 071fb18..07fad3d 100644
> :
>> --- a/include/uapi/linux/ipv6.h
>> +++ b/include/uapi/linux/ipv6.h
>> @@ -171,6 +171,7 @@ enum {
>> DEVCONF_USE_OPTIMISTIC,
>> DEVCONF_ACCEPT_RA_MTU,
>> DEVCONF_STABLE_SECRET,
>
> You have to add a hole for DEVCONF_USE_OIF_ADDRS_ONLY.
For addition a hole of DEVCONF_USE_OIF_ADDRS_ONLY,
It needs following two patches.
commit 9131f3de24db4dc12199aede7d931e6703e97f3b
commit 3985e8a3611a93bb36789f65db862e5700aab65e
When It apply two patches to 4.1.15,
It doesn't conform to RFC 2460 and RFC 4443.
(I used IPv6 Ready Logo Core Conformance Test.)
I am looking for a patch for fix.
> --yoshfuji
>
>> + DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
>> DEVCONF_MAX
>> };
>>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] net/ipv6: add sysctl option accept_ra_min_hop_limit
2016-01-15 9:25 ` Yuki Machida
@ 2016-01-18 8:33 ` YOSHIFUJI Hideaki
2016-02-02 8:49 ` Yuki Machida
0 siblings, 1 reply; 6+ messages in thread
From: YOSHIFUJI Hideaki @ 2016-01-18 8:33 UTC (permalink / raw)
To: Yuki Machida, netdev
Cc: hideaki.yoshifuji, Hangbin Liu, David S. Miller,
YOSHIFUJI Hideaki (USAGI Project)
Hi,
Yuki Machida wrote:
> Hi, Yoshifuji-san
>
> It is currently under investigation.
> It takes still time.
>
> Futher comment below.
>
> On 2016年01月05日 19:17, YOSHIFUJI Hideaki wrote:
>> Hi, Machida-san.
>>
>> Yuki Machida wrote:
>>> Please apply the following patch to v4.1.x.
>>>
>>> By ommit 6fd99094de2b ("ipv6: Don't reduce hop limit for an interface")
>>
>> s/ommit/commit/
> I will correct this typo.
>
>>
>> Futher comment below.
>>
>> :
>>> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
>>> Acked-by: YOSHIFUJI Hideaki <hideaki.yoshifuji@miraclelinux.com>
>>> Signed-off-by: David S. Miller <davem@davemloft.net>
>>> ---
>>> Documentation/networking/ip-sysctl.txt | 8 ++++++++
>>> include/linux/ipv6.h | 1 +
>>> include/uapi/linux/ipv6.h | 1 +
>>> net/ipv6/addrconf.c | 10 ++++++++++
>>> net/ipv6/ndisc.c | 16 +++++++---------
>>> 5 files changed, 27 insertions(+), 9 deletions(-)
>>>
>>> diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
>>> index 071fb18..07fad3d 100644
>> :
>>> --- a/include/uapi/linux/ipv6.h
>>> +++ b/include/uapi/linux/ipv6.h
>>> @@ -171,6 +171,7 @@ enum {
>>> DEVCONF_USE_OPTIMISTIC,
>>> DEVCONF_ACCEPT_RA_MTU,
>>> DEVCONF_STABLE_SECRET,
>>
>> You have to add a hole for DEVCONF_USE_OIF_ADDRS_ONLY.
>
> For addition a hole of DEVCONF_USE_OIF_ADDRS_ONLY,
> It needs following two patches.
> commit 9131f3de24db4dc12199aede7d931e6703e97f3b
> commit 3985e8a3611a93bb36789f65db862e5700aab65e
>
> When It apply two patches to 4.1.15,
> It doesn't conform to RFC 2460 and RFC 4443.
> (I used IPv6 Ready Logo Core Conformance Test.)
> I am looking for a patch for fix.
You do not have to implement that interface if you
do not need. You just have to reserve that number
to maintain binary compatibility:
:
__DEVCONF_USE_OIF_ADDRS_ONLY, /* not implemented */
DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
DEVCONF_MAX
This is because those enums in include/"uapi"/linux/ipv6.h
are exported to userspace.
>
>> --yoshfuji
>>
>>> + DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
>>> DEVCONF_MAX
>>> };
>>>
>>
--
Hideaki Yoshifuji <hideaki.yoshifuji@miraclelinux.com>
Technical Division, MIRACLE LINUX CORPORATION
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/1] net/ipv6: add sysctl option accept_ra_min_hop_limit
2016-01-18 8:33 ` YOSHIFUJI Hideaki
@ 2016-02-02 8:49 ` Yuki Machida
0 siblings, 0 replies; 6+ messages in thread
From: Yuki Machida @ 2016-02-02 8:49 UTC (permalink / raw)
To: YOSHIFUJI Hideaki, netdev, YOSHIFUJI Hideaki (USAGI Project)
Cc: Hangbin Liu, David S. Miller
Hi Yoshifuji-san.
On 2016年01月18日 17:33, YOSHIFUJI Hideaki wrote:
> Hi,
>
> Yuki Machida wrote:
>> Hi, Yoshifuji-san
>>
>> It is currently under investigation.
>> It takes still time.
>>
>> Futher comment below.
>>
>> On 2016年01月05日 19:17, YOSHIFUJI Hideaki wrote:
>>> Hi, Machida-san.
>>>
>>> Yuki Machida wrote:
>>>> Please apply the following patch to v4.1.x.
>>>>
>>>> By ommit 6fd99094de2b ("ipv6: Don't reduce hop limit for an interface")
>>>
>>> s/ommit/commit/
>> I will correct this typo.
>>
>>>
>>> Futher comment below.
>>>
>>> :
>>>> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
>>>> Acked-by: YOSHIFUJI Hideaki <hideaki.yoshifuji@miraclelinux.com>
>>>> Signed-off-by: David S. Miller <davem@davemloft.net>
>>>> ---
>>>> Documentation/networking/ip-sysctl.txt | 8 ++++++++
>>>> include/linux/ipv6.h | 1 +
>>>> include/uapi/linux/ipv6.h | 1 +
>>>> net/ipv6/addrconf.c | 10 ++++++++++
>>>> net/ipv6/ndisc.c | 16 +++++++---------
>>>> 5 files changed, 27 insertions(+), 9 deletions(-)
>>>>
>>>> diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
>>>> index 071fb18..07fad3d 100644
>>> :
>>>> --- a/include/uapi/linux/ipv6.h
>>>> +++ b/include/uapi/linux/ipv6.h
>>>> @@ -171,6 +171,7 @@ enum {
>>>> DEVCONF_USE_OPTIMISTIC,
>>>> DEVCONF_ACCEPT_RA_MTU,
>>>> DEVCONF_STABLE_SECRET,
>>>
>>> You have to add a hole for DEVCONF_USE_OIF_ADDRS_ONLY.
>>
>> For addition a hole of DEVCONF_USE_OIF_ADDRS_ONLY,
>> It needs following two patches.
>> commit 9131f3de24db4dc12199aede7d931e6703e97f3b
>> commit 3985e8a3611a93bb36789f65db862e5700aab65e
>>
>> When It apply two patches to 4.1.15,
>> It doesn't conform to RFC 2460 and RFC 4443.
>> (I used IPv6 Ready Logo Core Conformance Test.)
>> I am looking for a patch for fix.
It doesn't need these patches to solve this problem.
>
> You do not have to implement that interface if you
> do not need. You just have to reserve that number
> to maintain binary compatibility:
> :
> __DEVCONF_USE_OIF_ADDRS_ONLY, /* not implemented */
> DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
> DEVCONF_MAX
>
> This is because those enums in include/"uapi"/linux/ipv6.h
> are exported to userspace.
Thank you for your advice.
I will resend a patch of V2.
>>
>>> --yoshfuji
>>>
>>>> + DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
>>>> DEVCONF_MAX
>>>> };
>>>>
>>>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-02-02 8:49 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-04 8:37 [PATCH 1/1] net/ipv6: add sysctl option accept_ra_min_hop_limit Yuki Machida
2016-01-05 10:17 ` YOSHIFUJI Hideaki
2016-01-06 2:23 ` Yuki Machida
2016-01-15 9:25 ` Yuki Machida
2016-01-18 8:33 ` YOSHIFUJI Hideaki
2016-02-02 8:49 ` Yuki Machida
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).