1. 30 Sep, 2017 2 commits
    • Maciej Żenczykowski's avatar
      net-ipv6: add support for sockopt(SOL_IPV6, IPV6_FREEBIND) · 84e14fe3
      Maciej Żenczykowski authored
      So far we've been relying on sockopt(SOL_IP, IP_FREEBIND) being usable
      even on IPv6 sockets.
      
      However, it turns out it is perfectly reasonable to want to set freebind
      on an AF_INET6 SOCK_RAW socket - but there is no way to set any SOL_IP
      socket option on such a socket (they're all blindly errored out).
      
      One use case for this is to allow spoofing src ip on a raw socket
      via sendmsg cmsg.
      
      Tested:
        built, and booted
        # python
        >>> import socket
        >>> SOL_IP = socket.SOL_IP
        >>> SOL_IPV6 = socket.IPPROTO_IPV6
        >>> IP_FREEBIND = 15
        >>> IPV6_FREEBIND = 78
        >>> s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM, 0)
        >>> s.getsockopt(SOL_IP, IP_FREEBIND)
        0
        >>> s.getsockopt(SOL_IPV6, IPV6_FREEBIND)
        0
        >>> s.setsockopt(SOL_IPV6, IPV6_FREEBIND, 1)
        >>> s.getsockopt(SOL_IP, IP_FREEBIND)
        1
        >>> s.getsockopt(SOL_IPV6, IPV6_FREEBIND)
        1
      Signed-off-by: default avatarMaciej Żenczykowski <maze@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      84e14fe3
    • Mike Manning's avatar
      net: ipv6: send NS for DAD when link operationally up · 1f372c7b
      Mike Manning authored
      The NS for DAD are sent on admin up as long as a valid qdisc is found.
      A race condition exists by which these packets will not egress the
      interface if the operational state of the lower device is not yet up.
      The solution is to delay DAD until the link is operationally up
      according to RFC2863. Rather than only doing this, follow the existing
      code checks by deferring IPv6 device initialization altogether. The fix
      allows DAD on devices like tunnels that are controlled by userspace
      control plane. The fix has no impact on regular deployments, but means
      that there is no IPv6 connectivity until the port has been opened in
      the case of port-based network access control, which should be
      desirable.
      Signed-off-by: default avatarMike Manning <mmanning@brocade.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1f372c7b
  2. 29 Sep, 2017 10 commits
  3. 28 Sep, 2017 28 commits