config IPV6
tristate "The IPv6 protocol"
default m
- select CRYPTO if IPV6_PRIVACY
- select CRYPTO_MD5 if IPV6_PRIVACY
---help---
This is complemental support for the IP version 6.
You will still be able to do traditional IPv4 networking as well.
module will be called ipv6.
config IPV6_PRIVACY
- bool "IPv6: Privacy Extensions (RFC 3041) support"
+ bool "IPv6: Privacy Extensions support"
depends on IPV6
---help---
Privacy Extensions for Stateless Address Autoconfiguration in IPv6
pseudo-random global-scope unicast address(es) will assigned to
your interface(s).
+ We use our standard pseudo random algorithm to generate randomized
+ interface identifier, instead of one described in RFC 3041.
+
By default, kernel do not generate temporary addresses.
To use temporary addresses, do
#ifdef CONFIG_IPV6_PRIVACY
#include <linux/random.h>
-#include <linux/crypto.h>
-#include <linux/scatterlist.h>
#endif
#include <asm/uaccess.h>
static void ipv6_regen_rndid(unsigned long data);
static int desync_factor = MAX_DESYNC_FACTOR * HZ;
-static struct crypto_tfm *md5_tfm;
-static DEFINE_SPINLOCK(md5_tfm_lock);
#endif
static int ipv6_count_addresses(struct inet6_dev *idev);
in6_dev_hold(ndev);
#ifdef CONFIG_IPV6_PRIVACY
- get_random_bytes(ndev->rndid, sizeof(ndev->rndid));
- get_random_bytes(ndev->entropy, sizeof(ndev->entropy));
init_timer(&ndev->regen_timer);
ndev->regen_timer.function = ipv6_regen_rndid;
ndev->regen_timer.data = (unsigned long) ndev;
/* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */
static int __ipv6_regen_rndid(struct inet6_dev *idev)
{
- struct net_device *dev;
- struct scatterlist sg[2];
-
- sg_set_buf(&sg[0], idev->entropy, 8);
- sg_set_buf(&sg[1], idev->work_eui64, 8);
-
- dev = idev->dev;
-
- if (ipv6_generate_eui64(idev->work_eui64, dev)) {
- printk(KERN_INFO
- "__ipv6_regen_rndid(idev=%p): cannot get EUI64 identifier; use random bytes.\n",
- idev);
- get_random_bytes(idev->work_eui64, sizeof(idev->work_eui64));
- }
regen:
- spin_lock(&md5_tfm_lock);
- if (unlikely(md5_tfm == NULL)) {
- spin_unlock(&md5_tfm_lock);
- return -1;
- }
- crypto_digest_init(md5_tfm);
- crypto_digest_update(md5_tfm, sg, 2);
- crypto_digest_final(md5_tfm, idev->work_digest);
- spin_unlock(&md5_tfm_lock);
-
- memcpy(idev->rndid, &idev->work_digest[0], 8);
+ get_random_bytes(idev->rndid, sizeof(idev->rndid));
idev->rndid[0] &= ~0x02;
- memcpy(idev->entropy, &idev->work_digest[8], 8);
/*
* <draft-ietf-ipngwg-temp-addresses-v2-00.txt>:
register_netdevice_notifier(&ipv6_dev_notf);
-#ifdef CONFIG_IPV6_PRIVACY
- md5_tfm = crypto_alloc_tfm("md5", 0);
- if (unlikely(md5_tfm == NULL))
- printk(KERN_WARNING
- "failed to load transform for md5\n");
-#endif
-
addrconf_verify(0);
rtnetlink_links[PF_INET6] = inet6_rtnetlink_table;
#ifdef CONFIG_SYSCTL
rtnl_unlock();
-#ifdef CONFIG_IPV6_PRIVACY
- crypto_free_tfm(md5_tfm);
- md5_tfm = NULL;
-#endif
-
#ifdef CONFIG_PROC_FS
proc_net_remove("if_inet6");
#endif