Re: make get_last_resort_ifid() truely random

Florian Obser Fri, 01 Sep 2017 06:22:13 -0700

*prod*

On Tue, Aug 15, 2017 at 09:31:26AM +0000, Florian Obser wrote:
> 
> Rename in6_get_rand_ifi() to get_last_resort_ifid() and delete the old
> get_last_resort_ifid() function because eww.
> Also if your system is so constraint that you end up in
> get_last_resort_ifid() you don't deserve a random ifid that stays
> stable over reboots.
> Simplify code a bit since get_ifid() can no longer fail.
> It couldn't fail before either because that code path was #if 0'ed.
> 
> OK?
> 
> diff --git netinet6/in6.h netinet6/in6.h
> index 0caae1f586a..d80bff21370 100644
> --- netinet6/in6.h
> +++ netinet6/in6.h
> @@ -418,7 +418,6 @@ void      in6_proto_cksum_out(struct mbuf *, struct ifnet 
> *);
>  int  in6_localaddr(struct in6_addr *);
>  int  in6_addrscope(struct in6_addr *);
>  struct       in6_ifaddr *in6_ifawithscope(struct ifnet *, struct in6_addr *, 
> u_int);
> -void         in6_get_rand_ifid(struct ifnet *, struct in6_addr *);
>  int  in6_mask2len(struct in6_addr *, u_char *);
>  int  in6_nam2sin6(const struct mbuf *, struct sockaddr_in6 **);
>  
> diff --git netinet6/in6_ifattach.c netinet6/in6_ifattach.c
> index 89acde9c6a4..a8abf5fa695 100644
> --- netinet6/in6_ifattach.c
> +++ netinet6/in6_ifattach.c
> @@ -56,9 +56,9 @@
>  #include <netinet6/ip6_mroute.h>
>  #endif
>  
> -int get_last_resort_ifid(struct ifnet *, struct in6_addr *);
> +void get_last_resort_ifid(struct ifnet *, struct in6_addr *);
>  int get_hw_ifid(struct ifnet *, struct in6_addr *);
> -int get_ifid(struct ifnet *, struct in6_addr *);
> +void get_ifid(struct ifnet *, struct in6_addr *);
>  int in6_ifattach_loopback(struct ifnet *);
>  
>  #define EUI64_GBIT   0x01
> @@ -72,52 +72,13 @@ int in6_ifattach_loopback(struct ifnet *);
>  #define IFID_LOCAL(in6)              (!EUI64_LOCAL(in6))
>  #define IFID_UNIVERSAL(in6)  (!EUI64_UNIVERSAL(in6))
>  
> -/*
> - * Generate a last-resort interface identifier, when the machine has no
> - * IEEE802/EUI64 address sources.
> - * The goal here is to get an interface identifier that is
> - * (1) random enough and (2) does not change across reboot.
> - * We currently use SHA512(hostname) for it.
> - *
> - * in6 - upper 64bits are preserved
> - */
> -int
> -get_last_resort_ifid(struct ifnet *ifp, struct in6_addr *in6)
> -{
> -     SHA2_CTX ctx;
> -     u_int8_t digest[SHA512_DIGEST_LENGTH];
> -
> -#if 0
> -     /* we need at least several letters as seed for ifid */
> -     if (hostnamelen < 3)
> -             return -1;
> -#endif
> -
> -     /* generate 8 bytes of pseudo-random value. */
> -     SHA512Init(&ctx);
> -     SHA512Update(&ctx, hostname, hostnamelen);
> -     SHA512Final(digest, &ctx);
> -
> -     /* assumes sizeof(digest) > sizeof(ifid) */
> -     bcopy(digest, &in6->s6_addr[8], 8);
> -
> -     /* make sure to set "u" bit to local, and "g" bit to individual. */
> -     in6->s6_addr[8] &= ~EUI64_GBIT; /* g bit to "individual" */
> -     in6->s6_addr[8] |= EUI64_UBIT;  /* u bit to "local" */
> -
> -     /* convert EUI64 into IPv6 interface identifier */
> -     EUI64_TO_IFID(in6);
> -
> -     return 0;
> -}
> -
>  /*
>   * Generate a random interface identifier.
>   *
>   * in6 - upper 64bits are preserved
>   */
>  void
> -in6_get_rand_ifid(struct ifnet *ifp, struct in6_addr *in6)
> +get_last_resort_ifid(struct ifnet *ifp, struct in6_addr *in6)
>  {
>       arc4random_buf(&in6->s6_addr32[2], 8);
>  
> @@ -235,7 +196,7 @@ get_hw_ifid(struct ifnet *ifp, struct in6_addr *in6)
>   * available on ifp0, borrow interface identifier from other information
>   * sources.
>   */
> -int
> +void
>  get_ifid(struct ifnet *ifp0, struct in6_addr *in6)
>  {
>       struct ifnet *ifp;
> @@ -267,22 +228,15 @@ get_ifid(struct ifnet *ifp0, struct in6_addr *in6)
>       }
>  
>       /* last resort: get from random number source */
> -     if (get_last_resort_ifid(ifp, in6) == 0) {
> -             nd6log((LOG_DEBUG,
> -                 "%s: interface identifier generated by random number\n",
> -                 ifp0->if_xname));
> -             goto success;
> -     }
> -
> -     printf("%s: failed to get interface identifier\n", ifp0->if_xname);
> -     return -1;
> -
> +     get_last_resort_ifid(ifp, in6);
> +     nd6log((LOG_DEBUG,
> +         "%s: interface identifier generated by random number\n",
> +         ifp0->if_xname));
>  success:
>       nd6log((LOG_INFO, "%s: ifid: %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
>           ifp0->if_xname, in6->s6_addr[8], in6->s6_addr[9], in6->s6_addr[10],
>           in6->s6_addr[11], in6->s6_addr[12], in6->s6_addr[13],
>           in6->s6_addr[14], in6->s6_addr[15]));
> -     return 0;
>  }
>  
>  /*
> @@ -318,13 +272,8 @@ in6_ifattach_linklocal(struct ifnet *ifp, struct 
> in6_addr *ifid)
>               ifra.ifra_addr.sin6_addr.s6_addr32[1] = 0;
>               ifra.ifra_addr.sin6_addr.s6_addr[8] &= ~EUI64_GBIT;
>               ifra.ifra_addr.sin6_addr.s6_addr[8] |= EUI64_UBIT;
> -     } else {
> -             if (get_ifid(ifp, &ifra.ifra_addr.sin6_addr) != 0) {
> -                     nd6log((LOG_ERR,
> -                         "%s: no ifid available\n", ifp->if_xname));
> -                     return (-1);
> -             }
> -     }
> +     } else
> +             get_ifid(ifp, &ifra.ifra_addr.sin6_addr);
>  
>       ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
>       ifra.ifra_prefixmask.sin6_family = AF_INET6;
> 
> -- 
> I'm not entirely sure you are real.
>


-- 
I'm not entirely sure you are real.

Re: make get_last_resort_ifid() truely random

Reply via email to