Re: [PATCH net-next v3] ipv6 addrconf: Implemented enhanced DAD (RFC7527)
From: Hannes Frederic Sowa <hidden>
Date: 2016-12-01 22:28:26
On 01.12.2016 00:39, Erik Nordmark wrote:
Implemented RFC7527 Enhanced DAD.
IPv6 duplicate address detection can fail if there is some temporary
loopback of Ethernet frames. RFC7527 solves this by including a random
nonce in the NS messages used for DAD, and if an NS is received with the
same nonce it is assumed to be a looped back DAD probe and is ignored.
RFC7527 is enabled by default. Can be disabled by setting both of
conf/{all,interface}/enhanced_dad to zero.
Signed-off-by: Erik Nordmark <redacted>
Signed-off-by: Bob Gilligan <redacted>
---Reviewed-by: Hannes Frederic Sowa <redacted> Thanks!
quoted hunk ↗ jump to hunk
@@ -794,6 +808,17 @@ static void ndisc_recv_ns(struct sk_buff *skb) have_ifp: if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { if (dad) { + if (nonce != 0 && ifp->dad_nonce == nonce) { + u8 *np = (u8 *)&nonce; + /* Matching nonce if looped back */ + ND_PRINTK(2, notice, + "%s: IPv6 DAD loopback for address %pI6c nonce %02x:%02x:%02x:%02x:%02x:%02x ignored\n", + ifp->idev->dev->name, + &ifp->addr, + np[0], np[1], np[2], np[3], + np[4], np[5]); + goto out; + } /* * We are colliding with another node * who is doing DAD
I think it could be a "%pM" because it looks like a MAC address, but better leave it like that. :) Bye, Hannes