mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 21:03:32 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/ipv6
History
Alex Henrie f4bcbf360a net: ipv6/addrconf: clamp preferred_lft to the minimum required 
If the preferred lifetime was less than the minimum required lifetime,
ipv6_create_tempaddr would error out without creating any new address.
On my machine and network, this error happened immediately with the
preferred lifetime set to 5 seconds or less, after a few minutes with
the preferred lifetime set to 6 seconds, and not at all with the
preferred lifetime set to 7 seconds. During my investigation, I found a
Stack Exchange post from another person who seems to have had the same
problem: They stopped getting new addresses if they lowered the
preferred lifetime below 3 seconds, and they didn't really know why.

The preferred lifetime is a preference, not a hard requirement. The
kernel does not strictly forbid new connections on a deprecated address,
nor does it guarantee that the address will be disposed of the instant
its total valid lifetime expires. So rather than disable IPv6 privacy
extensions altogether if the minimum required lifetime swells above the
preferred lifetime, it is more in keeping with the user's intent to
increase the temporary address's lifetime to the minimum necessary for
the current network conditions.

With these fixes, setting the preferred lifetime to 5 or 6 seconds "just
works" because the extra fraction of a second is practically
unnoticeable. It's even possible to reduce the time before deprecation
to 1 or 2 seconds by setting /proc/sys/net/ipv6/conf/*/regen_min_advance
and /proc/sys/net/ipv6/conf/*/dad_transmits to 0. I realize that that is
a pretty niche use case, but I know at least one person who would gladly
sacrifice performance and convenience to be sure that they are getting
the maximum possible level of privacy.

Link: https://serverfault.com/a/1031168/310447
Signed-off-by: Alex Henrie <alexhenrie24@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-02-15 15:34:40 +01:00
..
ila ila: Remove unnecessary file net/ila.h 2023-08-02 12:28:16 -07:00
netfilter netfilter: xtables: allow xtables-nft only builds 2024-01-29 15:43:21 +01:00
addrconf.c net: ipv6/addrconf: clamp preferred_lft to the minimum required 2024-02-15 15:34:40 +01:00
addrconf_core.c ipv6: Ensure natural alignment of const ipv6 loopback and router addresses 2024-01-30 12:43:18 +01:00
addrlabel.c ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network 2022-11-07 12:26:15 +00:00
af_inet6.c ipv6: init the accept_queue's spinlocks in inet6_create 2024-01-23 13:44:50 +01:00
ah6.c net: ipv6: stop checking crypto_ahash_alignmask 2023-10-27 18:04:29 +08:00
anycast.c IPv6: add extack info for IPv6 address add/delete 2023-07-28 11:01:56 +01:00
calipso.c
datagram.c ipv6: annotate data-races around np->ucast_oif 2023-12-11 10:59:17 +00:00
esp6.c net: ipv6: fix typo in comments 2023-10-25 10:38:07 +01:00
esp6_offload.c xfrm: Support GRO for IPv6 ESP in UDP encapsulation 2023-10-06 07:31:14 +02:00
exthdrs.c ipv6: exthdrs: Replace opencoded swap() implementation 2023-08-08 15:36:47 -07:00
exthdrs_core.c ipv6: Fix out-of-bounds access in ipv6_find_tlv() 2023-05-24 08:43:39 +01:00
exthdrs_offload.c net: gso: add HBH extension header offload support 2024-01-05 08:11:49 -08:00
fib6_notifier.c
fib6_rules.c fib: remove unnecessary input parameters in fib_default_rule_add 2024-01-03 16:42:48 -08:00
fou6.c
icmp.c ipv6: annotate data-races around np->ucast_oif 2023-12-11 10:59:17 +00:00
inet6_connection_sock.c net: implement lockless SO_PRIORITY 2023-10-01 19:09:54 +01:00
inet6_hashtables.c net: remove duplicate INDIRECT_CALLABLE_DECLARE of udp[6]_ehashfn 2023-07-31 13:53:10 -07:00
ioam6.c
ioam6_iptunnel.c netlink: make range pointers in policies const 2023-10-26 16:24:09 -07:00
ip6_checksum.c
ip6_fib.c net/ipv6: Remove expired routes with a separated list of routes. 2024-02-12 10:24:12 +00:00
ip6_flowlabel.c ipv6: move np->repflow to atomic flags 2023-09-15 10:33:48 +01:00
ip6_gre.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-02-13 18:45:06 -08:00
ip6_icmp.c
ip6_input.c ipv6: ignore dst hint for multipath routes 2023-09-01 08:11:51 +01:00
ip6_offload.c net: gro: parse ipv6 ext headers without frag0 invalidation 2024-01-05 08:11:49 -08:00
ip6_offload.h
ip6_output.c ipv6: avoid atomic fragment on GSO packets 2023-10-25 18:04:29 -07:00
ip6_tunnel.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-02-13 18:45:06 -08:00
ip6_udp_tunnel.c ipv6: add new arguments to udp_tunnel6_dst_lookup() 2023-10-23 08:48:57 +01:00
ip6_vti.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-02-13 18:45:06 -08:00
ip6mr.c fib: remove unnecessary input parameters in fib_default_rule_add 2024-01-03 16:42:48 -08:00
ipcomp6.c xfrm: ipcomp: add extack to ipcomp{4,6}_init_state 2022-09-29 07:18:00 +02:00
ipv6_sockglue.c net: Namespace-ify sysctl_optmem_max 2023-12-15 11:01:27 +00:00
Kconfig ipv6: fix indentation of a config attribute 2023-08-16 10:03:08 +01:00
Makefile net/tcp: Introduce TCP_AO setsockopt()s 2023-10-27 10:35:44 +01:00
mcast.c ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() 2024-02-12 12:17:02 +00:00
mcast_snoop.c
mip6.c xfrm: mip6: add extack to mip6_destopt_init_state, mip6_rthdr_init_state 2022-09-29 07:18:01 +02:00
ndisc.c net/ipv6: Remove expired routes with a separated list of routes. 2024-02-12 10:24:12 +00:00
netfilter.c xfrm: pass struct net to xfrm_decode_session wrappers 2023-10-06 08:31:53 +02:00
output_core.c treewide: use get_random_u32_{above,below}() instead of manual loop 2022-11-18 02:15:22 +01:00
ping.c ipv6: annotate data-races around np->ucast_oif 2023-12-11 10:59:17 +00:00
proc.c net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2023-10-20 12:01:00 +01:00
protocol.c
raw.c ipv6: annotate data-races around np->ucast_oif 2023-12-11 10:59:17 +00:00
reassembly.c networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
route.c net/ipv6: Remove expired routes with a separated list of routes. 2024-02-12 10:24:12 +00:00
rpl.c ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv(). 2023-06-19 11:32:58 -07:00
rpl_iptunnel.c ipv6: rpl: Remove redundant skb_dst_drop(). 2023-07-12 17:12:29 -07:00
seg6.c
seg6_hmac.c
seg6_iptunnel.c seg6: Cleanup duplicates of skb_dst_drop calls 2023-05-17 09:05:47 +01:00
seg6_local.c seg6: add NEXT-C-SID support for SRv6 End.X behavior 2023-08-15 18:51:47 -07:00
sit.c net: add netdev_lockdep_set_classes() to virtual drivers 2024-02-13 18:45:06 -08:00
syncookies.c bpf: tcp: Handle BPF SYN Cookie in cookie_v[46]_check(). 2024-01-23 14:40:24 -08:00
sysctl_net_ipv6.c networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
tcp_ao.c net/tcp: Wire up l3index to TCP-AO 2023-10-27 10:35:46 +01:00
tcp_ipv6.c tcp: Revert no longer abort SYN_SENT when receiving some ICMP 2024-01-08 19:08:51 -08:00
tcpv6_offload.c net: Make gro complete function to return void 2023-05-31 09:50:17 +01:00
tunnel6.c
udp.c udp: annotate data-races around up->pending 2024-01-13 15:46:20 +00:00
udp_impl.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2022-10-12 17:50:37 -07:00
udp_offload.c net: gro: fix misuse of CB in udp socket lookup 2023-07-29 17:10:27 +01:00
udplite.c udplite: remove UDPLITE_BIT 2023-09-14 16:16:36 +02:00
xfrm6_input.c xfrm Fix use after free in __xfrm6_udp_encap_rcv. 2023-10-23 07:10:39 +02:00
xfrm6_output.c ipv6: drop feature RTAX_FEATURE_ALLFRAG 2023-10-25 18:04:29 -07:00
xfrm6_policy.c ipsec-2023-10-17 2023-10-17 18:21:13 -07:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c xfrm: tunnel: add extack to ipip_init_state, xfrm6_tunnel_init_state 2022-09-29 07:18:00 +02:00