mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-02 22:38:01 +00:00
ndisc: merge branch 'th/revert-ipv6-slaac-lifetimes' for nm-1-26
These two changes are from a draft. They may not yet be ready for now.
Revert the change for now.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/396#note_462123
(cherry picked from commit 3192f65d3b
)
This commit is contained in:
commit
e233e51df3
4
NEWS
4
NEWS
|
@ -18,10 +18,6 @@ USE AT YOUR OWN RISK. NOT RECOMMENDED FOR PRODUCTION USE!
|
|||
where the iptables rules would not be sufficient.
|
||||
* Add MUD URL property for connection profiles (RFC 8520) and set it
|
||||
for DHCP and DHCPv6 requests.
|
||||
* IPv6 SLAAC: improved the reaction of IPv6 SLAAC to renumbering events:
|
||||
- honor PIO Valid Lifetimes < 2 hours.
|
||||
- cap the Preferred Lifetime of PIOs to the "Router Lifetime" value
|
||||
and the Valid Lifetime of PIOs to 48 * Router Lifetime.
|
||||
* ifcfg-rh: handle "802-1x.{,phase2-}ca-path". Otherwise setting this
|
||||
property silently fails and a profile might accidentally not perform
|
||||
any authentication (CVE-2020-10754).
|
||||
|
|
|
@ -101,8 +101,6 @@ receive_ra (struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
|
|||
int offset;
|
||||
int hop_limit;
|
||||
guint32 val;
|
||||
guint32 clamp_pltime;
|
||||
guint32 clamp_vltime;
|
||||
|
||||
/* Router discovery is subject to the following RFC documents:
|
||||
*
|
||||
|
@ -167,22 +165,7 @@ receive_ra (struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
|
|||
changed |= NM_NDISC_CONFIG_GATEWAYS;
|
||||
}
|
||||
|
||||
/* Addresses & Routes
|
||||
*
|
||||
* The Preferred Lifetime and Valid Lifetime of PIOs are capped to Router Lifetime
|
||||
* and NM_NDISC_VLTIME_MULT * Preferred Lifetime, respectively.
|
||||
*
|
||||
* The Lifetime of RIOs is capped to the Router Lifetime (there is no point in
|
||||
* maintaining a route if it employs a dead router).
|
||||
*
|
||||
* See draft-gont-6man-slaac-renum
|
||||
*/
|
||||
#define NM_NDISC_VLTIME_MULT ((guint32) 48)
|
||||
clamp_pltime = ndp_msgra_router_lifetime (msgra);
|
||||
|
||||
/* clamp_pltime has at most 16 bit set, and multiplication cannot overflow. */
|
||||
clamp_vltime = clamp_pltime * NM_NDISC_VLTIME_MULT;
|
||||
|
||||
/* Addresses & Routes */
|
||||
ndp_msg_opt_for_each_offset (offset, msg, NDP_MSG_OPT_PREFIX) {
|
||||
guint8 r_plen;
|
||||
struct in6_addr r_network;
|
||||
|
@ -203,7 +186,7 @@ receive_ra (struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
|
|||
.network = r_network,
|
||||
.plen = r_plen,
|
||||
.timestamp = now,
|
||||
.lifetime = NM_MIN (ndp_msg_opt_prefix_valid_time (msg, offset), clamp_vltime),
|
||||
.lifetime = ndp_msg_opt_prefix_valid_time (msg, offset),
|
||||
};
|
||||
|
||||
if (nm_ndisc_add_route (ndisc, &route))
|
||||
|
@ -216,8 +199,8 @@ receive_ra (struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
|
|||
NMNDiscAddress address = {
|
||||
.address = r_network,
|
||||
.timestamp = now,
|
||||
.lifetime = NM_MIN (ndp_msg_opt_prefix_valid_time (msg, offset), clamp_vltime),
|
||||
.preferred = NM_MIN (ndp_msg_opt_prefix_preferred_time (msg, offset), clamp_pltime),
|
||||
.lifetime = ndp_msg_opt_prefix_valid_time (msg, offset),
|
||||
.preferred = ndp_msg_opt_prefix_preferred_time (msg, offset),
|
||||
};
|
||||
|
||||
if (address.preferred <= address.lifetime) {
|
||||
|
@ -231,7 +214,7 @@ receive_ra (struct ndp *ndp, struct ndp_msg *msg, gpointer user_data)
|
|||
.gateway = gateway_addr,
|
||||
.plen = ndp_msg_opt_route_prefix_len (msg, offset),
|
||||
.timestamp = now,
|
||||
.lifetime = NM_MIN (ndp_msg_opt_route_lifetime (msg, offset), clamp_pltime),
|
||||
.lifetime = ndp_msg_opt_route_lifetime (msg, offset),
|
||||
.preference = _route_preference_coerce (ndp_msg_opt_route_preference (msg, offset)),
|
||||
};
|
||||
|
||||
|
|
|
@ -442,15 +442,8 @@ nm_ndisc_add_address (NMNDisc *ndisc,
|
|||
}
|
||||
|
||||
if (existing) {
|
||||
/* A Valid Lifetime of 0 eliminates the corresponding address(es). This deviates
|
||||
* from RFC4862 Section 5.5.3, item e), as recommended in IETF draft draft-gont-6man-slaac-renum.
|
||||
*/
|
||||
if (new->lifetime == 0) {
|
||||
g_array_remove_index (rdata->addresses, i);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
if (from_ra) {
|
||||
const gint32 NM_NDISC_PREFIX_LFT_MIN = 7200; /* seconds, RFC4862 5.5.3.e */
|
||||
gint64 old_expiry_lifetime, old_expiry_preferred;
|
||||
|
||||
old_expiry_lifetime = get_expiry (existing);
|
||||
|
@ -459,16 +452,25 @@ nm_ndisc_add_address (NMNDisc *ndisc,
|
|||
if (new->lifetime == NM_NDISC_INFINITY)
|
||||
existing->lifetime = NM_NDISC_INFINITY;
|
||||
else {
|
||||
gint64 new_lifetime;
|
||||
gint64 new_lifetime, remaining_lifetime;
|
||||
|
||||
/* Honor small valid lifetimes, as discussed in
|
||||
* draft-gont-6man-slaac-renum, to allow for more timelier
|
||||
* reaction to renumbering events. This deviates from
|
||||
* RFC4862 Section 5.5.3, item e).
|
||||
*/
|
||||
/* see RFC4862 5.5.3.e */
|
||||
if (existing->lifetime == NM_NDISC_INFINITY)
|
||||
remaining_lifetime = G_MAXINT64;
|
||||
else
|
||||
remaining_lifetime = ((gint64) existing->timestamp) + ((gint64) existing->lifetime) - ((gint64) now_s);
|
||||
new_lifetime = ((gint64) new->timestamp) + ((gint64) new->lifetime) - ((gint64) now_s);
|
||||
existing->timestamp = now_s;
|
||||
existing->lifetime = CLAMP (new_lifetime, (gint64) 0, (gint64) (G_MAXUINT32 - 1));
|
||||
|
||||
if ( new_lifetime > (gint64) NM_NDISC_PREFIX_LFT_MIN
|
||||
|| new_lifetime > remaining_lifetime) {
|
||||
existing->timestamp = now_s;
|
||||
existing->lifetime = CLAMP (new_lifetime, (gint64) 0, (gint64) (G_MAXUINT32 - 1));
|
||||
} else if (remaining_lifetime <= (gint64) NM_NDISC_PREFIX_LFT_MIN) {
|
||||
/* keep the current lifetime. */
|
||||
} else {
|
||||
existing->timestamp = now_s;
|
||||
existing->lifetime = NM_NDISC_PREFIX_LFT_MIN;
|
||||
}
|
||||
}
|
||||
|
||||
if (new->preferred == NM_NDISC_INFINITY) {
|
||||
|
@ -485,6 +487,11 @@ nm_ndisc_add_address (NMNDisc *ndisc,
|
|||
|| old_expiry_preferred != get_expiry_preferred (existing);
|
||||
}
|
||||
|
||||
if (new->lifetime == 0) {
|
||||
g_array_remove_index (rdata->addresses, i);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
if ( get_expiry (existing) == get_expiry (new)
|
||||
&& get_expiry_preferred (existing) == get_expiry_preferred (new))
|
||||
return FALSE;
|
||||
|
|
|
@ -217,8 +217,9 @@ test_everything_changed (NMNDisc *ndisc, const NMNDiscData *rdata, guint changed
|
|||
|
||||
g_assert_cmpint (rdata->gateways_n, ==, 1);
|
||||
match_gateway (rdata, 0, "fe80::2", data->timestamp1, 10, NM_ICMPV6_ROUTER_PREF_MEDIUM);
|
||||
g_assert_cmpint (rdata->addresses_n, ==, 1);
|
||||
match_address (rdata, 0, "2001:db8:a:b::1", data->timestamp1, 10, 10);
|
||||
g_assert_cmpint (rdata->addresses_n, ==, 2);
|
||||
match_address (rdata, 0, "2001:db8:a:a::1", data->timestamp1, 10, 0);
|
||||
match_address (rdata, 1, "2001:db8:a:b::1", data->timestamp1, 10, 10);
|
||||
g_assert_cmpint (rdata->routes_n, ==, 1);
|
||||
match_route (rdata, 0, "2001:db8:a:b::", 64, "fe80::2", data->timestamp1, 10, 10);
|
||||
g_assert_cmpint (rdata->dns_servers_n, ==, 1);
|
||||
|
|
Loading…
Reference in a new issue