network: include SSID in ipv6 stable prefix address generation

The SSID fills the role of the optional Network_ID input parameter suggested by RFC7217. Including the SSID allows networkd to generate a different pseudorandom address for different wireless networks, which should help to obscure the host's identity when roaming between multiple networks.
2024-10-04 15:21:01 +00:00 · 2023-10-13 20:22:49 -07:00 · 2023-10-13 20:22:49 -07:00 · 06960d1719
parent a3ad5c3140
commit 06960d1719
2 changed files with 10 additions and 0 deletions
--- a/6
+++ b/6
@ -67,6 +67,12 @@ CHANGES WITH 255 in spe:
          It is now enabled by default and is part of the new "v255" naming
          scheme.

+        * The 'prefixstable' ipv6 address generation mode now considers the
+          SSID when genrating stable addresses, so that a different stable
+          address is used when roaming between wireless networks. If you
+          already use 'prefixstable' addresses with wireless networks, the
+          stable address chosen will be changed by the update.
+
        Changes in systemd-analyze:

        * "systemd-analyze plot" has gained tooltips on each unit name with
--- a/src/network/networkd-address-generation.c
+++ b/src/network/networkd-address-generation.c
@ -117,6 +117,10 @@ static void generate_stable_private_address_one(
                siphash24_compress(&link->hw_addr.infiniband[INFINIBAND_ALEN - 8], 8, &state);
        else
                siphash24_compress(link->hw_addr.bytes, link->hw_addr.length, &state);
+
+        if (link->ssid)
+                siphash24_compress_string(link->ssid, &state);
+
        siphash24_compress(&dad_counter, sizeof(uint8_t), &state);

        rid = htole64(siphash24_finalize(&state));