diff options
| author | Ghanan Gowripalan <ghanan@google.com> | 2020-04-28 16:01:11 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2020-04-28 16:02:44 -0700 |
| commit | 37a59bc76da7e0b20be3cef1fcb1d5cb8fbc839d (patch) | |
| tree | ab41b29ebd011696debe27b65b5a2e88148287c3 /pkg/tcpip/stack/stack.go | |
| parent | 64723470a6f0b62ec6223ff66e9c9ca70d248b61 (diff) | |
Support IPv6 Privacy Extensions for SLAAC
Support generating temporary (short-lived) IPv6 SLAAC addresses to
address privacy concerns outlined in RFC 4941.
Tests:
- stack_test.TestAutoGenTempAddr
- stack_test.TestNoAutoGenTempAddrForLinkLocal
- stack_test.TestAutoGenTempAddrRegen
- stack_test.TestAutoGenTempAddrRegenTimerUpdates
- stack_test.TestNoAutoGenTempAddrWithoutStableAddr
- stack_test.TestAutoGenAddrInResponseToDADConflicts
PiperOrigin-RevId: 308915566
Diffstat (limited to 'pkg/tcpip/stack/stack.go')
| -rw-r--r-- | pkg/tcpip/stack/stack.go | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/pkg/tcpip/stack/stack.go b/pkg/tcpip/stack/stack.go index 41398a1b6..4a2dc3dc6 100644 --- a/pkg/tcpip/stack/stack.go +++ b/pkg/tcpip/stack/stack.go @@ -464,6 +464,10 @@ type Stack struct { // (IIDs) as outlined by RFC 7217. opaqueIIDOpts OpaqueInterfaceIdentifierOptions + // tempIIDSeed is used to seed the initial temporary interface identifier + // history value used to generate IIDs for temporary SLAAC addresses. + tempIIDSeed []byte + // forwarder holds the packets that wait for their link-address resolutions // to complete, and forwards them when each resolution is done. forwarder *forwardQueue @@ -541,6 +545,21 @@ type Options struct { // // RandSource must be thread-safe. RandSource mathrand.Source + + // TempIIDSeed is used to seed the initial temporary interface identifier + // history value used to generate IIDs for temporary SLAAC addresses. + // + // Temporary SLAAC adresses are short-lived addresses which are unpredictable + // and random from the perspective of other nodes on the network. It is + // recommended that the seed be a random byte buffer of at least + // header.IIDSize bytes to make sure that temporary SLAAC addresses are + // sufficiently random. It should follow minimum randomness requirements for + // security as outlined by RFC 4086. + // + // Note: using a nil value, the same seed across netstack program runs, or a + // seed that is too small would reduce randomness and increase predictability, + // defeating the purpose of temporary SLAAC addresses. + TempIIDSeed []byte } // TransportEndpointInfo holds useful information about a transport endpoint @@ -664,6 +683,7 @@ func New(opts Options) *Stack { uniqueIDGenerator: opts.UniqueID, ndpDisp: opts.NDPDisp, opaqueIIDOpts: opts.OpaqueIIDOpts, + tempIIDSeed: opts.TempIIDSeed, forwarder: newForwardQueue(), randomGenerator: mathrand.New(randSrc), } |