Support generating opaque interface identifiers as defined by RFC 7217

Support generating opaque interface identifiers as defined by RFC 7217 for
auto-generated IPv6 link-local addresses. Opaque interface identifiers will also
be used for IPv6 addresses auto-generated via SLAAC in a later change.

Note, this change does not handle retries in response to DAD conflicts yet.
That will also come in a later change.

Tests: Test that when configured to generated opaque IIDs, they are properly
generated as outlined by RFC 7217.
PiperOrigin-RevId: 288035349

1 files changed, 15 insertions, 11 deletions

diff --git a/pkg/tcpip/stack/nic.go b/pkg/tcpip/stack/nic.go
index ddd014658..3bed0af3c 100644
--- a/pkg/tcpip/stack/nic.go
+++ b/pkg/tcpip/stack/nic.go
@@ -178,20 +178,24 @@ func (n *NIC) enable() *tcpip.Error {
 		return nil
 	}
 
-	l2addr := n.linkEP.LinkAddress()
+	var addr tcpip.Address
+	if oIID := n.stack.opaqueIIDOpts; oIID.NICNameFromID != nil {
+		addr = header.LinkLocalAddrWithOpaqueIID(oIID.NICNameFromID(n.ID()), 0, oIID.SecretKey)
+	} else {
+		l2addr := n.linkEP.LinkAddress()
+
+		// Only attempt to generate the link-local address if we have a valid MAC
+		// address.
+		//
+		// TODO(b/141011931): Validate a LinkEndpoint's link address (provided by
+		// LinkEndpoint.LinkAddress) before reaching this point.
+		if !header.IsValidUnicastEthernetAddress(l2addr) {
+			return nil
+		}
 
-	// Only attempt to generate the link-local address if we have a
-	// valid MAC address.
-	//
-	// TODO(b/141011931): Validate a LinkEndpoint's link address
-	// (provided by LinkEndpoint.LinkAddress) before reaching this
-	// point.
-	if !header.IsValidUnicastEthernetAddress(l2addr) {
-		return nil
+		addr = header.LinkLocalAddr(l2addr)
 	}
 
-	addr := header.LinkLocalAddr(l2addr)
-
 	_, err := n.addPermanentAddressLocked(tcpip.ProtocolAddress{
 		Protocol: header.IPv6ProtocolNumber,
 		AddressWithPrefix: tcpip.AddressWithPrefix{