Commit 955189ef authored by YOSHIFUJI Hideaki's avatar YOSHIFUJI Hideaki Committed by David S. Miller

[IPV6]: ADDRCONF: Use our standard algorithm for randomized ifid.

RFC 3041 describes an algorithm to generate random interface
identifier.  In RFC 3041bis, it is allowed to use different
algorithm than one described in RFC 3041.

So, let's use our standard pseudo random algorithm to simplify
our implementation.
Signed-off-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 955aaa2f
...@@ -180,11 +180,8 @@ struct inet6_dev ...@@ -180,11 +180,8 @@ struct inet6_dev
#ifdef CONFIG_IPV6_PRIVACY #ifdef CONFIG_IPV6_PRIVACY
u8 rndid[8]; u8 rndid[8];
u8 entropy[8];
struct timer_list regen_timer; struct timer_list regen_timer;
struct inet6_ifaddr *tempaddr_list; struct inet6_ifaddr *tempaddr_list;
__u8 work_eui64[8];
__u8 work_digest[16];
#endif #endif
struct neigh_parms *nd_parms; struct neigh_parms *nd_parms;
......
...@@ -6,8 +6,6 @@ ...@@ -6,8 +6,6 @@
config IPV6 config IPV6
tristate "The IPv6 protocol" tristate "The IPv6 protocol"
default m default m
select CRYPTO if IPV6_PRIVACY
select CRYPTO_MD5 if IPV6_PRIVACY
---help--- ---help---
This is complemental support for the IP version 6. This is complemental support for the IP version 6.
You will still be able to do traditional IPv4 networking as well. You will still be able to do traditional IPv4 networking as well.
...@@ -22,7 +20,7 @@ config IPV6 ...@@ -22,7 +20,7 @@ config IPV6
module will be called ipv6. module will be called ipv6.
config IPV6_PRIVACY config IPV6_PRIVACY
bool "IPv6: Privacy Extensions (RFC 3041) support" bool "IPv6: Privacy Extensions support"
depends on IPV6 depends on IPV6
---help--- ---help---
Privacy Extensions for Stateless Address Autoconfiguration in IPv6 Privacy Extensions for Stateless Address Autoconfiguration in IPv6
...@@ -30,6 +28,9 @@ config IPV6_PRIVACY ...@@ -30,6 +28,9 @@ config IPV6_PRIVACY
pseudo-random global-scope unicast address(es) will assigned to pseudo-random global-scope unicast address(es) will assigned to
your interface(s). your interface(s).
We use our standard pseudo random algorithm to generate randomized
interface identifier, instead of one described in RFC 3041.
By default, kernel do not generate temporary addresses. By default, kernel do not generate temporary addresses.
To use temporary addresses, do To use temporary addresses, do
......
...@@ -78,8 +78,6 @@ ...@@ -78,8 +78,6 @@
#ifdef CONFIG_IPV6_PRIVACY #ifdef CONFIG_IPV6_PRIVACY
#include <linux/random.h> #include <linux/random.h>
#include <linux/crypto.h>
#include <linux/scatterlist.h>
#endif #endif
#include <asm/uaccess.h> #include <asm/uaccess.h>
...@@ -110,8 +108,6 @@ static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpad ...@@ -110,8 +108,6 @@ static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpad
static void ipv6_regen_rndid(unsigned long data); static void ipv6_regen_rndid(unsigned long data);
static int desync_factor = MAX_DESYNC_FACTOR * HZ; static int desync_factor = MAX_DESYNC_FACTOR * HZ;
static struct crypto_tfm *md5_tfm;
static DEFINE_SPINLOCK(md5_tfm_lock);
#endif #endif
static int ipv6_count_addresses(struct inet6_dev *idev); static int ipv6_count_addresses(struct inet6_dev *idev);
...@@ -371,8 +367,6 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev) ...@@ -371,8 +367,6 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
in6_dev_hold(ndev); in6_dev_hold(ndev);
#ifdef CONFIG_IPV6_PRIVACY #ifdef CONFIG_IPV6_PRIVACY
get_random_bytes(ndev->rndid, sizeof(ndev->rndid));
get_random_bytes(ndev->entropy, sizeof(ndev->entropy));
init_timer(&ndev->regen_timer); init_timer(&ndev->regen_timer);
ndev->regen_timer.function = ipv6_regen_rndid; ndev->regen_timer.function = ipv6_regen_rndid;
ndev->regen_timer.data = (unsigned long) ndev; ndev->regen_timer.data = (unsigned long) ndev;
...@@ -1376,34 +1370,9 @@ static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev) ...@@ -1376,34 +1370,9 @@ static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev)
/* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */ /* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */
static int __ipv6_regen_rndid(struct inet6_dev *idev) static int __ipv6_regen_rndid(struct inet6_dev *idev)
{ {
struct net_device *dev;
struct scatterlist sg[2];
sg_set_buf(&sg[0], idev->entropy, 8);
sg_set_buf(&sg[1], idev->work_eui64, 8);
dev = idev->dev;
if (ipv6_generate_eui64(idev->work_eui64, dev)) {
printk(KERN_INFO
"__ipv6_regen_rndid(idev=%p): cannot get EUI64 identifier; use random bytes.\n",
idev);
get_random_bytes(idev->work_eui64, sizeof(idev->work_eui64));
}
regen: regen:
spin_lock(&md5_tfm_lock); get_random_bytes(idev->rndid, sizeof(idev->rndid));
if (unlikely(md5_tfm == NULL)) {
spin_unlock(&md5_tfm_lock);
return -1;
}
crypto_digest_init(md5_tfm);
crypto_digest_update(md5_tfm, sg, 2);
crypto_digest_final(md5_tfm, idev->work_digest);
spin_unlock(&md5_tfm_lock);
memcpy(idev->rndid, &idev->work_digest[0], 8);
idev->rndid[0] &= ~0x02; idev->rndid[0] &= ~0x02;
memcpy(idev->entropy, &idev->work_digest[8], 8);
/* /*
* <draft-ietf-ipngwg-temp-addresses-v2-00.txt>: * <draft-ietf-ipngwg-temp-addresses-v2-00.txt>:
...@@ -3759,13 +3728,6 @@ int __init addrconf_init(void) ...@@ -3759,13 +3728,6 @@ int __init addrconf_init(void)
register_netdevice_notifier(&ipv6_dev_notf); register_netdevice_notifier(&ipv6_dev_notf);
#ifdef CONFIG_IPV6_PRIVACY
md5_tfm = crypto_alloc_tfm("md5", 0);
if (unlikely(md5_tfm == NULL))
printk(KERN_WARNING
"failed to load transform for md5\n");
#endif
addrconf_verify(0); addrconf_verify(0);
rtnetlink_links[PF_INET6] = inet6_rtnetlink_table; rtnetlink_links[PF_INET6] = inet6_rtnetlink_table;
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
...@@ -3828,11 +3790,6 @@ void __exit addrconf_cleanup(void) ...@@ -3828,11 +3790,6 @@ void __exit addrconf_cleanup(void)
rtnl_unlock(); rtnl_unlock();
#ifdef CONFIG_IPV6_PRIVACY
crypto_free_tfm(md5_tfm);
md5_tfm = NULL;
#endif
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
proc_net_remove("if_inet6"); proc_net_remove("if_inet6");
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment