summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/tcpip')
-rw-r--r--pkg/tcpip/header/ipv6_test.go8
-rw-r--r--pkg/tcpip/stack/ndp.go2
-rw-r--r--pkg/tcpip/stack/ndp_test.go13
-rw-r--r--pkg/tcpip/stack/nic.go2
-rw-r--r--pkg/tcpip/stack/stack.go9
-rw-r--r--pkg/tcpip/stack/stack_test.go90
6 files changed, 72 insertions, 52 deletions
diff --git a/pkg/tcpip/header/ipv6_test.go b/pkg/tcpip/header/ipv6_test.go
index cd1862e42..1994003ed 100644
--- a/pkg/tcpip/header/ipv6_test.go
+++ b/pkg/tcpip/header/ipv6_test.go
@@ -96,7 +96,7 @@ func TestAppendOpaqueInterfaceIdentifier(t *testing.T) {
secretKey: secretKeyBuf[:header.OpaqueIIDSecretKeyMinBytes*2],
},
{
- name: "Nil SecretKey",
+ name: "Nil SecretKey and empty nicName",
prefix: func() tcpip.Subnet {
addrWithPrefix := tcpip.AddressWithPrefix{
Address: "\x01\x02\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
@@ -104,7 +104,7 @@ func TestAppendOpaqueInterfaceIdentifier(t *testing.T) {
}
return addrWithPrefix.Subnet()
}(),
- nicName: "eth12",
+ nicName: "",
dadCounter: 3,
secretKey: nil,
},
@@ -178,8 +178,8 @@ func TestLinkLocalAddrWithOpaqueIID(t *testing.T) {
secretKey: secretKeyBuf[:header.OpaqueIIDSecretKeyMinBytes*2],
},
{
- name: "Nil SecretKey",
- nicName: "eth12",
+ name: "Nil SecretKey and empty nicName",
+ nicName: "",
dadCounter: 3,
secretKey: nil,
},
diff --git a/pkg/tcpip/stack/ndp.go b/pkg/tcpip/stack/ndp.go
index ba6a57e6f..238bc27dc 100644
--- a/pkg/tcpip/stack/ndp.go
+++ b/pkg/tcpip/stack/ndp.go
@@ -1030,7 +1030,7 @@ func (ndp *ndpState) handleAutonomousPrefixInformation(pi header.NDPPrefixInform
addrBytes := []byte(prefix.ID())
if oIID := ndp.nic.stack.opaqueIIDOpts; oIID.NICNameFromID != nil {
- addrBytes = header.AppendOpaqueInterfaceIdentifier(addrBytes[:header.IIDOffsetInIPv6Address], prefix, oIID.NICNameFromID(ndp.nic.ID()), 0 /* dadCounter */, oIID.SecretKey)
+ addrBytes = header.AppendOpaqueInterfaceIdentifier(addrBytes[:header.IIDOffsetInIPv6Address], prefix, oIID.NICNameFromID(ndp.nic.ID(), ndp.nic.name), 0 /* dadCounter */, oIID.SecretKey)
} else {
// Only attempt to generate an interface-specific IID if we have a valid
// link address.
diff --git a/pkg/tcpip/stack/ndp_test.go b/pkg/tcpip/stack/ndp_test.go
index 8e817e730..9430844d3 100644
--- a/pkg/tcpip/stack/ndp_test.go
+++ b/pkg/tcpip/stack/ndp_test.go
@@ -1918,6 +1918,7 @@ func TestAutoGenAddrWithOpaqueIID(t *testing.T) {
t.Parallel()
const nicID = 1
+ const nicName = "nic1"
var secretKeyBuf [header.OpaqueIIDSecretKeyMinBytes]byte
secretKey := secretKeyBuf[:]
n, err := rand.Read(secretKey)
@@ -1935,12 +1936,12 @@ func TestAutoGenAddrWithOpaqueIID(t *testing.T) {
// defined by RFC 7217.
addrBytes := []byte(subnet1.ID())
addr1 := tcpip.AddressWithPrefix{
- Address: tcpip.Address(header.AppendOpaqueInterfaceIdentifier(addrBytes[:header.IIDOffsetInIPv6Address], subnet1, "nic1", 0, secretKey)),
+ Address: tcpip.Address(header.AppendOpaqueInterfaceIdentifier(addrBytes[:header.IIDOffsetInIPv6Address], subnet1, nicName, 0, secretKey)),
PrefixLen: 64,
}
addrBytes = []byte(subnet2.ID())
addr2 := tcpip.AddressWithPrefix{
- Address: tcpip.Address(header.AppendOpaqueInterfaceIdentifier(addrBytes[:header.IIDOffsetInIPv6Address], subnet2, "nic1", 0, secretKey)),
+ Address: tcpip.Address(header.AppendOpaqueInterfaceIdentifier(addrBytes[:header.IIDOffsetInIPv6Address], subnet2, nicName, 0, secretKey)),
PrefixLen: 64,
}
@@ -1956,15 +1957,15 @@ func TestAutoGenAddrWithOpaqueIID(t *testing.T) {
},
NDPDisp: &ndpDisp,
OpaqueIIDOpts: stack.OpaqueInterfaceIdentifierOptions{
- NICNameFromID: func(nicID tcpip.NICID) string {
- return fmt.Sprintf("nic%d", nicID)
+ NICNameFromID: func(_ tcpip.NICID, nicName string) string {
+ return nicName
},
SecretKey: secretKey,
},
})
- if err := s.CreateNIC(nicID, e); err != nil {
- t.Fatalf("CreateNIC(%d, _) = %s", nicID, err)
+ if err := s.CreateNamedNIC(nicID, nicName, e); err != nil {
+ t.Fatalf("CreateNamedNIC(%d, %q, _) = %s", nicID, nicName, err)
}
expectAutoGenAddrEvent := func(addr tcpip.AddressWithPrefix, eventType ndpAutoGenAddrEventType) {
diff --git a/pkg/tcpip/stack/nic.go b/pkg/tcpip/stack/nic.go
index 3bed0af3c..044fe5298 100644
--- a/pkg/tcpip/stack/nic.go
+++ b/pkg/tcpip/stack/nic.go
@@ -180,7 +180,7 @@ func (n *NIC) enable() *tcpip.Error {
var addr tcpip.Address
if oIID := n.stack.opaqueIIDOpts; oIID.NICNameFromID != nil {
- addr = header.LinkLocalAddrWithOpaqueIID(oIID.NICNameFromID(n.ID()), 0, oIID.SecretKey)
+ addr = header.LinkLocalAddrWithOpaqueIID(oIID.NICNameFromID(n.ID(), n.name), 0, oIID.SecretKey)
} else {
l2addr := n.linkEP.LinkAddress()
diff --git a/pkg/tcpip/stack/stack.go b/pkg/tcpip/stack/stack.go
index c6e6becf3..ffb379363 100644
--- a/pkg/tcpip/stack/stack.go
+++ b/pkg/tcpip/stack/stack.go
@@ -353,8 +353,13 @@ func (u *uniqueIDGenerator) UniqueID() uint64 {
}
// NICNameFromID is a function that returns a stable name for the specified NIC,
-// even if the NIC ID changes over time.
-type NICNameFromID func(tcpip.NICID) string
+// even if different NIC IDs are used to refer to the same NIC in different
+// program runs. It is used when generating opaque interface identifiers (IIDs).
+// If the NIC was created with a name, it will be passed to NICNameFromID.
+//
+// NICNameFromID SHOULD return unique NIC names so unique opaque IIDs are
+// generated for the same prefix on differnt NICs.
+type NICNameFromID func(tcpip.NICID, string) string
// OpaqueInterfaceIdentifierOptions holds the options related to the generation
// of opaque interface indentifiers (IIDs) as defined by RFC 7217.
diff --git a/pkg/tcpip/stack/stack_test.go b/pkg/tcpip/stack/stack_test.go
index e18dfea83..f533949c0 100644
--- a/pkg/tcpip/stack/stack_test.go
+++ b/pkg/tcpip/stack/stack_test.go
@@ -1910,7 +1910,7 @@ func TestNICAutoGenAddr(t *testing.T) {
false,
linkAddr1,
stack.OpaqueInterfaceIdentifierOptions{
- NICNameFromID: func(nicID tcpip.NICID) string {
+ NICNameFromID: func(nicID tcpip.NICID, _ string) string {
return fmt.Sprintf("nic%d", nicID)
},
},
@@ -2005,6 +2005,8 @@ func TestNICAutoGenAddr(t *testing.T) {
// always be generated with opaque IIDs if configured to use them, even if the
// NIC has an invalid MAC address.
func TestNICAutoGenAddrWithOpaque(t *testing.T) {
+ const nicID = 1
+
var secretKey [header.OpaqueIIDSecretKeyMinBytes]byte
n, err := rand.Read(secretKey[:])
if err != nil {
@@ -2014,54 +2016,61 @@ func TestNICAutoGenAddrWithOpaque(t *testing.T) {
t.Fatalf("expected rand.Read to read %d bytes, read %d bytes", header.OpaqueIIDSecretKeyMinBytes, n)
}
- iidOpts := stack.OpaqueInterfaceIdentifierOptions{
- NICNameFromID: func(nicID tcpip.NICID) string {
- return fmt.Sprintf("nic%d", nicID)
- },
- SecretKey: secretKey[:],
- }
-
tests := []struct {
- name string
- autoGen bool
- linkAddr tcpip.LinkAddress
+ name string
+ nicName string
+ autoGen bool
+ linkAddr tcpip.LinkAddress
+ secretKey []byte
}{
{
- "Disabled",
- false,
- linkAddr1,
+ name: "Disabled",
+ nicName: "nic1",
+ autoGen: false,
+ linkAddr: linkAddr1,
+ secretKey: secretKey[:],
},
{
- "Enabled",
- true,
- linkAddr1,
+ name: "Enabled",
+ nicName: "nic1",
+ autoGen: true,
+ linkAddr: linkAddr1,
+ secretKey: secretKey[:],
},
// These are all cases where we would not have generated a
// link-local address if opaque IIDs were disabled.
{
- "Nil MAC",
- true,
- tcpip.LinkAddress([]byte(nil)),
+ name: "Nil MAC and empty nicName",
+ nicName: "",
+ autoGen: true,
+ linkAddr: tcpip.LinkAddress([]byte(nil)),
+ secretKey: secretKey[:1],
},
{
- "Empty MAC",
- true,
- tcpip.LinkAddress(""),
+ name: "Empty MAC and empty nicName",
+ autoGen: true,
+ linkAddr: tcpip.LinkAddress(""),
+ secretKey: secretKey[:2],
},
{
- "Invalid MAC",
- true,
- tcpip.LinkAddress("\x01\x02\x03"),
+ name: "Invalid MAC",
+ nicName: "test",
+ autoGen: true,
+ linkAddr: tcpip.LinkAddress("\x01\x02\x03"),
+ secretKey: secretKey[:3],
},
{
- "Multicast MAC",
- true,
- tcpip.LinkAddress("\x01\x02\x03\x04\x05\x06"),
+ name: "Multicast MAC",
+ nicName: "test2",
+ autoGen: true,
+ linkAddr: tcpip.LinkAddress("\x01\x02\x03\x04\x05\x06"),
+ secretKey: secretKey[:4],
},
{
- "Unspecified MAC",
- true,
- tcpip.LinkAddress("\x00\x00\x00\x00\x00\x00"),
+ name: "Unspecified MAC and nil SecretKey",
+ nicName: "test3",
+ autoGen: true,
+ linkAddr: tcpip.LinkAddress("\x00\x00\x00\x00\x00\x00"),
},
}
@@ -2069,7 +2078,12 @@ func TestNICAutoGenAddrWithOpaque(t *testing.T) {
t.Run(test.name, func(t *testing.T) {
opts := stack.Options{
NetworkProtocols: []stack.NetworkProtocol{ipv6.NewProtocol()},
- OpaqueIIDOpts: iidOpts,
+ OpaqueIIDOpts: stack.OpaqueInterfaceIdentifierOptions{
+ NICNameFromID: func(_ tcpip.NICID, nicName string) string {
+ return nicName
+ },
+ SecretKey: test.secretKey,
+ },
}
if test.autoGen {
@@ -2082,19 +2096,19 @@ func TestNICAutoGenAddrWithOpaque(t *testing.T) {
e := channel.New(10, 1280, test.linkAddr)
s := stack.New(opts)
- if err := s.CreateNIC(1, e); err != nil {
- t.Fatalf("CreateNIC(_) = %s", err)
+ if err := s.CreateNamedNIC(nicID, test.nicName, e); err != nil {
+ t.Fatalf("CreateNamedNIC(%d, %q, _) = %s", nicID, test.nicName, err)
}
- addr, err := s.GetMainNICAddress(1, header.IPv6ProtocolNumber)
+ addr, err := s.GetMainNICAddress(nicID, header.IPv6ProtocolNumber)
if err != nil {
- t.Fatalf("stack.GetMainNICAddress(_, _) err = %s", err)
+ t.Fatalf("stack.GetMainNICAddress(%d, _) err = %s", nicID, err)
}
if test.autoGen {
// Should have auto-generated an address and
// resolved immediately (DAD is disabled).
- if want := (tcpip.AddressWithPrefix{Address: header.LinkLocalAddrWithOpaqueIID("nic1", 0, secretKey[:]), PrefixLen: header.IPv6LinkLocalPrefix.PrefixLen}); addr != want {
+ if want := (tcpip.AddressWithPrefix{Address: header.LinkLocalAddrWithOpaqueIID(test.nicName, 0, test.secretKey), PrefixLen: header.IPv6LinkLocalPrefix.PrefixLen}); addr != want {
t.Fatalf("got stack.GetMainNICAddress(_, _) = %s, want = %s", addr, want)
}
} else {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 14:40:40 +0000