Re: slacd(8): Implement RFC 8981 (revised RFC 4941, IPv6 Temporary Address Extensions) (revised patch)
Anyone? I'll probably put this in tomorrow. Diffs are piling up...
On Thu, Mar 04, 2021 at 11:47:10AM +0100, Florian Obser wrote:
> Works fine here, OK florian
>
> On Wed, Mar 03, 2021 at 08:50:59PM -0300, Fernando Gont wrote:
> > This revised patch adresses a minor issue pointed out by Florian (avoid
> > floating-point math). At this point this is unnecessary, since the
> > IPv6 temporary address lifetimes are not configurable.
> >
> > P.S.: Patch also available at:
> > https://www.gont.com.ar/files/fgont-patch-rfc8981-v0.3.diff
> >
> > Thanks,
> > Fernando
> >
> >
> >
> >
> > diff --git engine.c engine.c
> > index 4160d798261..3ddf0303dd9 100644
> > --- engine.c
> > +++ engine.c
> > @@ -88,11 +88,15 @@
> > #defineRTR_SOLICITATION_INTERVAL 4
> > #defineMAX_RTR_SOLICITATIONS 3
> >
> > -/* constants for RFC 4941 autoconf privacy extension */
> > -#define PRIV_MAX_DESYNC_FACTOR 600 /* 10 minutes */
> > +/*
> > + * Constants for RFC 8981 autoconf privacy extensions
> > + *
> > + * PRIV_PREFERRED_LIFETIME > (PRIV_MAX_DESYNC_FACTOR + PRIV_REGEN_ADVANCE)
> > + */
> > #define PRIV_VALID_LIFETIME172800 /* 2 days */
> > #define PRIV_PREFERRED_LIFETIME86400 /* 1 day */
> > -#definePRIV_REGEN_ADVANCE 5 /* 5 seconds */
> > +#define PRIV_MAX_DESYNC_FACTOR 34560 /* PRIV_PREFERRED_LIFETIME *
> > 0.4 */
> > +#define PRIV_REGEN_ADVANCE 5 /* 5 seconds */
> >
> > enum if_state {
> > IF_DOWN,
> > @@ -198,6 +202,7 @@ struct address_proposal {
> > uint8_t prefix_len;
> > uint32_t vltime;
> > uint32_t pltime;
> > + uint32_t desync_factor;
> > uint8_t soiikey[SLAACD_SOIIKEY_LEN];
> > uint32_t mtu;
> > };
> > @@ -327,8 +332,6 @@ static struct imsgev*iev_frontend;
> > static struct imsgev *iev_main;
> > int64_t proposal_id;
> >
> > -uint32_tdesync_factor;
> > -
> > void
> > engine_sig_handler(int sig, short event, void *arg)
> > {
> > @@ -399,8 +402,6 @@ engine(int debug, int verbose)
> >
> > LIST_INIT(_interfaces);
> >
> > - desync_factor = arc4random_uniform(PRIV_MAX_DESYNC_FACTOR);
> > -
> > event_dispatch();
> >
> > engine_shutdown();
> > @@ -1858,14 +1859,18 @@ update_iface_ra_prefix(struct slaacd_iface *iface,
> > struct radv *ra,
> >
> > if (addr_proposal->privacy) {
> > struct timespec now;
> > - int64_t ltime;
> > + int64_t ltime, mtime;
> >
> > if (clock_gettime(CLOCK_MONOTONIC, ))
> > fatal("clock_gettime");
> >
> > - ltime = MINIMUM(addr_proposal->created.tv_sec +
> > - PRIV_PREFERRED_LIFETIME - desync_factor,
> > - now.tv_sec + prefix->pltime) - now.tv_sec;
> > + mtime = addr_proposal->created.tv_sec +
> > + PRIV_PREFERRED_LIFETIME -
> > + addr_proposal->desync_factor;
> > +
> > + ltime = MINIMUM(mtime, now.tv_sec + prefix->pltime) -
> > + now.tv_sec;
> > +
> > pltime = ltime > 0 ? ltime : 0;
> >
> > ltime = MINIMUM(addr_proposal->created.tv_sec +
> > @@ -1873,7 +1878,7 @@ update_iface_ra_prefix(struct slaacd_iface *iface,
> > struct radv *ra,
> > now.tv_sec;
> > vltime = ltime > 0 ? ltime : 0;
> >
> > - if (pltime > PRIV_REGEN_ADVANCE)
> > + if ((mtime - now.tv_sec) > PRIV_REGEN_ADVANCE)
> > found_privacy = 1;
> > } else {
> > pltime = prefix->pltime;
> > @@ -1919,11 +1924,11 @@ update_iface_ra_prefix(struct slaacd_iface *iface,
> > struct radv *ra,
> >
> > /* privacy addresses do not depend on eui64 */
> > if (!found_privacy && iface->autoconfprivacy) {
> > - if (prefix->pltime < desync_factor) {
> > + if (prefix->pltime < PRIV_REGEN_ADVANCE) {
> > log_warnx("%s: pltime from %s is too small: %d < %d; "
> > "not generating privacy address", __func__,
> > sin6_to_str(>from), prefix->pltime,
> > - desync_factor);
> > + PRIV_REGEN_ADVANCE);
> > } else
> > /* new privacy proposal */
> > gen_address_proposal(iface, ra, prefix, 1);
> > @@ -2055,8 +2060,11 @@ gen_address_proposal(struct slaacd_iface *iface,
> > struct radv *ra, struct
> > if (privacy) {
> > addr_proposal->vltime = MINIMUM(prefix->vltime,
> > PRIV_VALID_LIFETIME);
> > + addr_proposal->desync_factor =
> > +
Re: slacd(8): Implement RFC 8981 (revised RFC 4941, IPv6 Temporary Address Extensions) (revised patch)
Works fine here, OK florian
On Wed, Mar 03, 2021 at 08:50:59PM -0300, Fernando Gont wrote:
> This revised patch adresses a minor issue pointed out by Florian (avoid
> floating-point math). At this point this is unnecessary, since the
> IPv6 temporary address lifetimes are not configurable.
>
> P.S.: Patch also available at:
> https://www.gont.com.ar/files/fgont-patch-rfc8981-v0.3.diff
>
> Thanks,
> Fernando
>
>
>
>
> diff --git engine.c engine.c
> index 4160d798261..3ddf0303dd9 100644
> --- engine.c
> +++ engine.c
> @@ -88,11 +88,15 @@
> #define RTR_SOLICITATION_INTERVAL 4
> #define MAX_RTR_SOLICITATIONS 3
>
> -/* constants for RFC 4941 autoconf privacy extension */
> -#define PRIV_MAX_DESYNC_FACTOR 600 /* 10 minutes */
> +/*
> + * Constants for RFC 8981 autoconf privacy extensions
> + *
> + * PRIV_PREFERRED_LIFETIME > (PRIV_MAX_DESYNC_FACTOR + PRIV_REGEN_ADVANCE)
> + */
> #define PRIV_VALID_LIFETIME 172800 /* 2 days */
> #define PRIV_PREFERRED_LIFETIME 86400 /* 1 day */
> -#define PRIV_REGEN_ADVANCE 5 /* 5 seconds */
> +#define PRIV_MAX_DESYNC_FACTOR 34560 /* PRIV_PREFERRED_LIFETIME *
> 0.4 */
> +#define PRIV_REGEN_ADVANCE 5 /* 5 seconds */
>
> enum if_state {
> IF_DOWN,
> @@ -198,6 +202,7 @@ struct address_proposal {
> uint8_t prefix_len;
> uint32_t vltime;
> uint32_t pltime;
> + uint32_t desync_factor;
> uint8_t soiikey[SLAACD_SOIIKEY_LEN];
> uint32_t mtu;
> };
> @@ -327,8 +332,6 @@ static struct imsgev *iev_frontend;
> static struct imsgev *iev_main;
> int64_t proposal_id;
>
> -uint32_t desync_factor;
> -
> void
> engine_sig_handler(int sig, short event, void *arg)
> {
> @@ -399,8 +402,6 @@ engine(int debug, int verbose)
>
> LIST_INIT(_interfaces);
>
> - desync_factor = arc4random_uniform(PRIV_MAX_DESYNC_FACTOR);
> -
> event_dispatch();
>
> engine_shutdown();
> @@ -1858,14 +1859,18 @@ update_iface_ra_prefix(struct slaacd_iface *iface,
> struct radv *ra,
>
> if (addr_proposal->privacy) {
> struct timespec now;
> - int64_t ltime;
> + int64_t ltime, mtime;
>
> if (clock_gettime(CLOCK_MONOTONIC, ))
> fatal("clock_gettime");
>
> - ltime = MINIMUM(addr_proposal->created.tv_sec +
> - PRIV_PREFERRED_LIFETIME - desync_factor,
> - now.tv_sec + prefix->pltime) - now.tv_sec;
> + mtime = addr_proposal->created.tv_sec +
> + PRIV_PREFERRED_LIFETIME -
> + addr_proposal->desync_factor;
> +
> + ltime = MINIMUM(mtime, now.tv_sec + prefix->pltime) -
> + now.tv_sec;
> +
> pltime = ltime > 0 ? ltime : 0;
>
> ltime = MINIMUM(addr_proposal->created.tv_sec +
> @@ -1873,7 +1878,7 @@ update_iface_ra_prefix(struct slaacd_iface *iface,
> struct radv *ra,
> now.tv_sec;
> vltime = ltime > 0 ? ltime : 0;
>
> - if (pltime > PRIV_REGEN_ADVANCE)
> + if ((mtime - now.tv_sec) > PRIV_REGEN_ADVANCE)
> found_privacy = 1;
> } else {
> pltime = prefix->pltime;
> @@ -1919,11 +1924,11 @@ update_iface_ra_prefix(struct slaacd_iface *iface,
> struct radv *ra,
>
> /* privacy addresses do not depend on eui64 */
> if (!found_privacy && iface->autoconfprivacy) {
> - if (prefix->pltime < desync_factor) {
> + if (prefix->pltime < PRIV_REGEN_ADVANCE) {
> log_warnx("%s: pltime from %s is too small: %d < %d; "
> "not generating privacy address", __func__,
> sin6_to_str(>from), prefix->pltime,
> - desync_factor);
> + PRIV_REGEN_ADVANCE);
> } else
> /* new privacy proposal */
> gen_address_proposal(iface, ra, prefix, 1);
> @@ -2055,8 +2060,11 @@ gen_address_proposal(struct slaacd_iface *iface,
> struct radv *ra, struct
> if (privacy) {
> addr_proposal->vltime = MINIMUM(prefix->vltime,
> PRIV_VALID_LIFETIME);
> + addr_proposal->desync_factor =
> + arc4random_uniform(PRIV_MAX_DESYNC_FACTOR);
> +
> addr_proposal->pltime = MINIMUM(prefix->pltime,
> - PRIV_PREFERRED_LIFETIME - desync_factor);
> + PRIV_PREFERRED_LIFETIME - addr_proposal->desync_factor);
> }
slacd(8): Implement RFC 8981 (revised RFC 4941, IPv6 Temporary Address Extensions) (revised patch)
This revised patch adresses a minor issue pointed out by Florian (avoid
floating-point math). At this point this is unnecessary, since the
IPv6 temporary address lifetimes are not configurable.
P.S.: Patch also available at:
https://www.gont.com.ar/files/fgont-patch-rfc8981-v0.3.diff
Thanks,
Fernando
diff --git engine.c engine.c
index 4160d798261..3ddf0303dd9 100644
--- engine.c
+++ engine.c
@@ -88,11 +88,15 @@
#defineRTR_SOLICITATION_INTERVAL 4
#defineMAX_RTR_SOLICITATIONS 3
-/* constants for RFC 4941 autoconf privacy extension */
-#define PRIV_MAX_DESYNC_FACTOR 600 /* 10 minutes */
+/*
+ * Constants for RFC 8981 autoconf privacy extensions
+ *
+ * PRIV_PREFERRED_LIFETIME > (PRIV_MAX_DESYNC_FACTOR + PRIV_REGEN_ADVANCE)
+ */
#define PRIV_VALID_LIFETIME172800 /* 2 days */
#define PRIV_PREFERRED_LIFETIME86400 /* 1 day */
-#definePRIV_REGEN_ADVANCE 5 /* 5 seconds */
+#define PRIV_MAX_DESYNC_FACTOR 34560 /* PRIV_PREFERRED_LIFETIME * 0.4 */
+#define PRIV_REGEN_ADVANCE 5 /* 5 seconds */
enum if_state {
IF_DOWN,
@@ -198,6 +202,7 @@ struct address_proposal {
uint8_t prefix_len;
uint32_t vltime;
uint32_t pltime;
+ uint32_t desync_factor;
uint8_t soiikey[SLAACD_SOIIKEY_LEN];
uint32_t mtu;
};
@@ -327,8 +332,6 @@ static struct imsgev*iev_frontend;
static struct imsgev *iev_main;
int64_t proposal_id;
-uint32_tdesync_factor;
-
void
engine_sig_handler(int sig, short event, void *arg)
{
@@ -399,8 +402,6 @@ engine(int debug, int verbose)
LIST_INIT(_interfaces);
- desync_factor = arc4random_uniform(PRIV_MAX_DESYNC_FACTOR);
-
event_dispatch();
engine_shutdown();
@@ -1858,14 +1859,18 @@ update_iface_ra_prefix(struct slaacd_iface *iface,
struct radv *ra,
if (addr_proposal->privacy) {
struct timespec now;
- int64_t ltime;
+ int64_t ltime, mtime;
if (clock_gettime(CLOCK_MONOTONIC, ))
fatal("clock_gettime");
- ltime = MINIMUM(addr_proposal->created.tv_sec +
- PRIV_PREFERRED_LIFETIME - desync_factor,
- now.tv_sec + prefix->pltime) - now.tv_sec;
+ mtime = addr_proposal->created.tv_sec +
+ PRIV_PREFERRED_LIFETIME -
+ addr_proposal->desync_factor;
+
+ ltime = MINIMUM(mtime, now.tv_sec + prefix->pltime) -
+ now.tv_sec;
+
pltime = ltime > 0 ? ltime : 0;
ltime = MINIMUM(addr_proposal->created.tv_sec +
@@ -1873,7 +1878,7 @@ update_iface_ra_prefix(struct slaacd_iface *iface, struct
radv *ra,
now.tv_sec;
vltime = ltime > 0 ? ltime : 0;
- if (pltime > PRIV_REGEN_ADVANCE)
+ if ((mtime - now.tv_sec) > PRIV_REGEN_ADVANCE)
found_privacy = 1;
} else {
pltime = prefix->pltime;
@@ -1919,11 +1924,11 @@ update_iface_ra_prefix(struct slaacd_iface *iface,
struct radv *ra,
/* privacy addresses do not depend on eui64 */
if (!found_privacy && iface->autoconfprivacy) {
- if (prefix->pltime < desync_factor) {
+ if (prefix->pltime < PRIV_REGEN_ADVANCE) {
log_warnx("%s: pltime from %s is too small: %d < %d; "
"not generating privacy address", __func__,
sin6_to_str(>from), prefix->pltime,
- desync_factor);
+ PRIV_REGEN_ADVANCE);
} else
/* new privacy proposal */
gen_address_proposal(iface, ra, prefix, 1);
@@ -2055,8 +2060,11 @@ gen_address_proposal(struct slaacd_iface *iface, struct
radv *ra, struct
if (privacy) {
addr_proposal->vltime = MINIMUM(prefix->vltime,
PRIV_VALID_LIFETIME);
+ addr_proposal->desync_factor =
+ arc4random_uniform(PRIV_MAX_DESYNC_FACTOR);
+
addr_proposal->pltime = MINIMUM(prefix->pltime,
- PRIV_PREFERRED_LIFETIME - desync_factor);
+ PRIV_PREFERRED_LIFETIME - addr_proposal->desync_factor);
} else {
addr_proposal->vltime = prefix->vltime;
addr_proposal->pltime = prefix->pltime;
diff --git slaacd.8 slaacd.8
index fb9bb3d0c60..44057ea4785 100644
--- slaacd.8
+++ slaacd.8
@@ -110,15
