diff options
| -rw-r--r-- | include/net/if_inet6.h | 3 | ||||
| -rw-r--r-- | net/ipv6/Kconfig | 7 | ||||
| -rw-r--r-- | net/ipv6/addrconf.c | 45 |
3 files changed, 5 insertions, 50 deletions
diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h index eb8afe3499a9..e459e1a0ae4a 100644 --- a/include/net/if_inet6.h +++ b/include/net/if_inet6.h | |||
| @@ -180,11 +180,8 @@ struct inet6_dev | |||
| 180 | 180 | ||
| 181 | #ifdef CONFIG_IPV6_PRIVACY | 181 | #ifdef CONFIG_IPV6_PRIVACY |
| 182 | u8 rndid[8]; | 182 | u8 rndid[8]; |
| 183 | u8 entropy[8]; | ||
| 184 | struct timer_list regen_timer; | 183 | struct timer_list regen_timer; |
| 185 | struct inet6_ifaddr *tempaddr_list; | 184 | struct inet6_ifaddr *tempaddr_list; |
| 186 | __u8 work_eui64[8]; | ||
| 187 | __u8 work_digest[16]; | ||
| 188 | #endif | 185 | #endif |
| 189 | 186 | ||
| 190 | struct neigh_parms *nd_parms; | 187 | struct neigh_parms *nd_parms; |
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig index ab7a9124f985..f925f206d8ff 100644 --- a/net/ipv6/Kconfig +++ b/net/ipv6/Kconfig | |||
| @@ -6,8 +6,6 @@ | |||
| 6 | config IPV6 | 6 | config IPV6 |
| 7 | tristate "The IPv6 protocol" | 7 | tristate "The IPv6 protocol" |
| 8 | default m | 8 | default m |
| 9 | select CRYPTO if IPV6_PRIVACY | ||
| 10 | select CRYPTO_MD5 if IPV6_PRIVACY | ||
| 11 | ---help--- | 9 | ---help--- |
| 12 | This is complemental support for the IP version 6. | 10 | This is complemental support for the IP version 6. |
| 13 | You will still be able to do traditional IPv4 networking as well. | 11 | You will still be able to do traditional IPv4 networking as well. |
| @@ -22,7 +20,7 @@ config IPV6 | |||
| 22 | module will be called ipv6. | 20 | module will be called ipv6. |
| 23 | 21 | ||
| 24 | config IPV6_PRIVACY | 22 | config IPV6_PRIVACY |
| 25 | bool "IPv6: Privacy Extensions (RFC 3041) support" | 23 | bool "IPv6: Privacy Extensions support" |
| 26 | depends on IPV6 | 24 | depends on IPV6 |
| 27 | ---help--- | 25 | ---help--- |
| 28 | Privacy Extensions for Stateless Address Autoconfiguration in IPv6 | 26 | Privacy Extensions for Stateless Address Autoconfiguration in IPv6 |
| @@ -30,6 +28,9 @@ config IPV6_PRIVACY | |||
| 30 | pseudo-random global-scope unicast address(es) will assigned to | 28 | pseudo-random global-scope unicast address(es) will assigned to |
| 31 | your interface(s). | 29 | your interface(s). |
| 32 | 30 | ||
| 31 | We use our standard pseudo random algorithm to generate randomized | ||
| 32 | interface identifier, instead of one described in RFC 3041. | ||
| 33 | |||
| 33 | By default, kernel do not generate temporary addresses. | 34 | By default, kernel do not generate temporary addresses. |
| 34 | To use temporary addresses, do | 35 | To use temporary addresses, do |
| 35 | 36 | ||
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 441eeacfc851..c92f3d6a8f13 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c | |||
| @@ -78,8 +78,6 @@ | |||
| 78 | 78 | ||
| 79 | #ifdef CONFIG_IPV6_PRIVACY | 79 | #ifdef CONFIG_IPV6_PRIVACY |
| 80 | #include <linux/random.h> | 80 | #include <linux/random.h> |
| 81 | #include <linux/crypto.h> | ||
| 82 | #include <linux/scatterlist.h> | ||
| 83 | #endif | 81 | #endif |
| 84 | 82 | ||
| 85 | #include <asm/uaccess.h> | 83 | #include <asm/uaccess.h> |
| @@ -110,8 +108,6 @@ static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpad | |||
| 110 | static void ipv6_regen_rndid(unsigned long data); | 108 | static void ipv6_regen_rndid(unsigned long data); |
| 111 | 109 | ||
| 112 | static int desync_factor = MAX_DESYNC_FACTOR * HZ; | 110 | static int desync_factor = MAX_DESYNC_FACTOR * HZ; |
| 113 | static struct crypto_tfm *md5_tfm; | ||
| 114 | static DEFINE_SPINLOCK(md5_tfm_lock); | ||
| 115 | #endif | 111 | #endif |
| 116 | 112 | ||
| 117 | static int ipv6_count_addresses(struct inet6_dev *idev); | 113 | static int ipv6_count_addresses(struct inet6_dev *idev); |
| @@ -371,8 +367,6 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev) | |||
| 371 | in6_dev_hold(ndev); | 367 | in6_dev_hold(ndev); |
| 372 | 368 | ||
| 373 | #ifdef CONFIG_IPV6_PRIVACY | 369 | #ifdef CONFIG_IPV6_PRIVACY |
| 374 | get_random_bytes(ndev->rndid, sizeof(ndev->rndid)); | ||
| 375 | get_random_bytes(ndev->entropy, sizeof(ndev->entropy)); | ||
| 376 | init_timer(&ndev->regen_timer); | 370 | init_timer(&ndev->regen_timer); |
| 377 | ndev->regen_timer.function = ipv6_regen_rndid; | 371 | ndev->regen_timer.function = ipv6_regen_rndid; |
| 378 | ndev->regen_timer.data = (unsigned long) ndev; | 372 | ndev->regen_timer.data = (unsigned long) ndev; |
| @@ -1376,34 +1370,9 @@ static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev) | |||
| 1376 | /* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */ | 1370 | /* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */ |
| 1377 | static int __ipv6_regen_rndid(struct inet6_dev *idev) | 1371 | static int __ipv6_regen_rndid(struct inet6_dev *idev) |
| 1378 | { | 1372 | { |
| 1379 | struct net_device *dev; | ||
| 1380 | struct scatterlist sg[2]; | ||
| 1381 | |||
| 1382 | sg_set_buf(&sg[0], idev->entropy, 8); | ||
| 1383 | sg_set_buf(&sg[1], idev->work_eui64, 8); | ||
| 1384 | |||
| 1385 | dev = idev->dev; | ||
| 1386 | |||
| 1387 | if (ipv6_generate_eui64(idev->work_eui64, dev)) { | ||
| 1388 | printk(KERN_INFO | ||
| 1389 | "__ipv6_regen_rndid(idev=%p): cannot get EUI64 identifier; use random bytes.\n", | ||
| 1390 | idev); | ||
| 1391 | get_random_bytes(idev->work_eui64, sizeof(idev->work_eui64)); | ||
| 1392 | } | ||
| 1393 | regen: | 1373 | regen: |
| 1394 | spin_lock(&md5_tfm_lock); | 1374 | get_random_bytes(idev->rndid, sizeof(idev->rndid)); |
| 1395 | if (unlikely(md5_tfm == NULL)) { | ||
| 1396 | spin_unlock(&md5_tfm_lock); | ||
| 1397 | return -1; | ||
| 1398 | } | ||
| 1399 | crypto_digest_init(md5_tfm); | ||
| 1400 | crypto_digest_update(md5_tfm, sg, 2); | ||
| 1401 | crypto_digest_final(md5_tfm, idev->work_digest); | ||
| 1402 | spin_unlock(&md5_tfm_lock); | ||
| 1403 | |||
| 1404 | memcpy(idev->rndid, &idev->work_digest[0], 8); | ||
| 1405 | idev->rndid[0] &= ~0x02; | 1375 | idev->rndid[0] &= ~0x02; |
| 1406 | memcpy(idev->entropy, &idev->work_digest[8], 8); | ||
| 1407 | 1376 | ||
| 1408 | /* | 1377 | /* |
| 1409 | * <draft-ietf-ipngwg-temp-addresses-v2-00.txt>: | 1378 | * <draft-ietf-ipngwg-temp-addresses-v2-00.txt>: |
| @@ -3759,13 +3728,6 @@ int __init addrconf_init(void) | |||
| 3759 | 3728 | ||
| 3760 | register_netdevice_notifier(&ipv6_dev_notf); | 3729 | register_netdevice_notifier(&ipv6_dev_notf); |
| 3761 | 3730 | ||
| 3762 | #ifdef CONFIG_IPV6_PRIVACY | ||
| 3763 | md5_tfm = crypto_alloc_tfm("md5", 0); | ||
| 3764 | if (unlikely(md5_tfm == NULL)) | ||
| 3765 | printk(KERN_WARNING | ||
| 3766 | "failed to load transform for md5\n"); | ||
| 3767 | #endif | ||
| 3768 | |||
| 3769 | addrconf_verify(0); | 3731 | addrconf_verify(0); |
| 3770 | rtnetlink_links[PF_INET6] = inet6_rtnetlink_table; | 3732 | rtnetlink_links[PF_INET6] = inet6_rtnetlink_table; |
| 3771 | #ifdef CONFIG_SYSCTL | 3733 | #ifdef CONFIG_SYSCTL |
| @@ -3828,11 +3790,6 @@ void __exit addrconf_cleanup(void) | |||
| 3828 | 3790 | ||
| 3829 | rtnl_unlock(); | 3791 | rtnl_unlock(); |
| 3830 | 3792 | ||
| 3831 | #ifdef CONFIG_IPV6_PRIVACY | ||
| 3832 | crypto_free_tfm(md5_tfm); | ||
| 3833 | md5_tfm = NULL; | ||
| 3834 | #endif | ||
| 3835 | |||
| 3836 | #ifdef CONFIG_PROC_FS | 3793 | #ifdef CONFIG_PROC_FS |
| 3837 | proc_net_remove("if_inet6"); | 3794 | proc_net_remove("if_inet6"); |
| 3838 | #endif | 3795 | #endif |