net: ipv6: allow explicitly choosing optimistic addresses

RFC 4429 ("Optimistic DAD") states that optimistic addresses should be treated as deprecated addresses. From section 2.1: Unless noted otherwise, components of the IPv6 protocol stack should treat addresses in the Optimistic state equivalently to those in the Deprecated state, indicating that the address is available for use but should not be used if another suitable address is available. Optimistic addresses are indeed avoided when other addresses are available (i.e. at source address selection time), but they have not heretofore been available for things like explicit bind() and sendmsg() with struct in6_pktinfo, etc. This change makes optimistic addresses treated more like deprecated addresses than tentative ones. Signed-off-by: Erik Kline <ek@google.com> Acked-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Erik Kline <ek@google.com> 2015-02-04 06:01:23 -0500
committer: David S. Miller <davem@davemloft.net> 2015-02-05 18:37:41 -0500
commit: c58da4c659803ac12eca5275c8a7064222adb4c7 (patch)
tree: 2be9074469ec18c9b99ba52065fe0b69d2bf3789
parent: 233c96fc077d310772375d47522fb444ff546905 (diff)
3 files changed, 23 insertions, 3 deletions
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index d13573bb879e..80456f72d70a 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -62,6 +62,9 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg);
 int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
                  const struct net_device *dev, int strict);
+int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
+                            const struct net_device *dev, int strict,
+                            u32 banned_flags);
 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
 int ipv6_chk_home_addr(struct net *net, const struct in6_addr *addr);
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index f7c8bbeb27b7..62900aee4c58 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1519,15 +1519,30 @@ static int ipv6_count_addresses(struct inet6_dev *idev)
 int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
                  const struct net_device *dev, int strict)
 {
+        return ipv6_chk_addr_and_flags(net, addr, dev, strict, IFA_F_TENTATIVE);
+}
+EXPORT_SYMBOL(ipv6_chk_addr);
+int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr,
+                            const struct net_device *dev, int strict,
+                            u32 banned_flags)
+{
        struct inet6_ifaddr *ifp;
        unsigned int hash = inet6_addr_hash(addr);
+        u32 ifp_flags;
        rcu_read_lock_bh();
        hlist_for_each_entry_rcu(ifp, &inet6_addr_lst[hash], addr_lst) {
                if (!net_eq(dev_net(ifp->idev->dev), net))
                        continue;
+                /* Decouple optimistic from tentative for evaluation here.
+                 * Ban optimistic addresses explicitly, when required.
+                 */
+                ifp_flags = (ifp->flags&IFA_F_OPTIMISTIC)
+                            ? (ifp->flags&~IFA_F_TENTATIVE)
+                            : ifp->flags;
                if (ipv6_addr_equal(&ifp->addr, addr) &&
-                    !(ifp->flags&IFA_F_TENTATIVE) &&
+                    !(ifp_flags&banned_flags) &&
                    (dev == NULL || ifp->idev->dev == dev ||
                     !(ifp->scope&(IFA_LINK|IFA_HOST) || strict))) {
                        rcu_read_unlock_bh();
@@ -1538,7 +1553,7 @@ int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
        rcu_read_unlock_bh();
        return 0;
 }
-EXPORT_SYMBOL(ipv6_chk_addr);
+EXPORT_SYMBOL(ipv6_chk_addr_and_flags);
 static bool ipv6_chk_same_addr(struct net *net, const struct in6_addr *addr,
                               struct net_device *dev)
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 682866777d53..113fc6cd5a0c 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -655,7 +655,9 @@ static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
        struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
        int probes = atomic_read(&neigh->probes);
-        if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
+        if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
+                                           dev, 1,
+                                           IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
                saddr = &ipv6_hdr(skb)->saddr;
        probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
        if (probes < 0) {
author	Erik Kline <ek@google.com>	2015-02-04 06:01:23 -0500
committer	David S. Miller <davem@davemloft.net>	2015-02-05 18:37:41 -0500
commit	c58da4c659803ac12eca5275c8a7064222adb4c7 (patch)
tree	2be9074469ec18c9b99ba52065fe0b69d2bf3789
parent	233c96fc077d310772375d47522fb444ff546905 (diff)