-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gnrc_ipv6_nib/SLAAC: rfc8981 temporary address (privacy extensions) #20369
Open
xnumad
wants to merge
65
commits into
RIOT-OS:master
Choose a base branch
from
xnumad:rfc8981
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+715
−23
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
xnumad
requested review from
leandrolanzieri,
jia200x,
MrKevinWeiss,
miri64 and
PeterKietzmann
as code owners
February 11, 2024 01:30
github-actions
bot
added
Area: network
Area: Networking
Area: tests
Area: tests and testing framework
Area: sys
Area: System
Area: Kconfig
Area: Kconfig integration
labels
Feb 11, 2024
This was referenced Feb 11, 2024
Welcome @xnumad! And thanks for your contribution. 😄 |
xnumad
force-pushed
the
rfc8981
branch
2 times, most recently
from
August 26, 2024 09:41
5d5b8c6
to
fa54557
Compare
gnrc_ipv6_nib_pl_has_prefix
Need to check for matching address rather than prefix because for a 6LN, the SLAAC prefix is never stored in the prefix list, since everything is considered off-link.
Fix time units
Rebased. |
Changed commit message. |
Slightly simplifies the coupling by moving the prefix deletion from the inner to the outer function in the call chain, when deleting a temporary address prefix: Previously: Prefix deletion calls addr deletion, which calls a prefix deletion again, which deletes the prefix, leaving the outer prefix deletion function with no prefix to delete. Now: Outer function deletes prefix before calling address deletion function, which still calls prefix deletion function, but it's this one now that doesn't have any prefix to delete.
Increases readability Was previously also needed to enable regen to work on 6LN, because a 6LN did not store SLAAC prefix prior to PR RIOT-OS#20757.
As the ta_pfx will have an NCE with unspecified next hop, 1 NCE is needed for that.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Area: Kconfig
Area: Kconfig integration
Area: network
Area: Networking
Area: sys
Area: System
Area: tests
Area: tests and testing framework
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contribution description
This implements RFC8981.
Design
The RFC describes an implementation where lifetimes are associated directly with an address. This is not the case in GNRC, where lifetimes are associated with a prefix (prefix list - https://datatracker.ietf.org/doc/html/rfc4861#section-5.1). This PR therefore adjusts the logic to be compatible with this design, while of course still following all the RFC requirements. (The adjusted logic may even be considered simpler than the one described in the RFC!)
In particular, the changes is in the logic used to implement coupling of temporary address to lifetimes of SLAAC prefix while still retaining maximum lifetimes for a temporary address:
Therefore this PR considers an IP address to be temporary iff there exists a /128 prefix for it (i.e. with that address). This assumption is used throughout this implementation, in particular to determine whether an assigned address is a temporary address:
https://github.com/xnumad/RIOT/blob/15e8518d64f674d711f9e4d0fdd613617257a715/sys/net/gnrc/network_layer/ipv6/nib/_nib-slaac.c#L183
https://github.com/xnumad/RIOT/blob/15e8518d64f674d711f9e4d0fdd613617257a715/sys/net/gnrc/network_layer/ipv6/nib/_nib-slaac.c#L230
It is theoretically possible for this circumstance to interfere with other /128 prefixes in the prefix list (e.g. a PIO for exactly that /128 prefix). This conflict could be detected by using a flag (to indicate relation to temporary address usage), but otherwise not avoided unless further changing the lifetime management, e.g. separating it from the NIB prefix list or even using the RFC logic that associates lifetimes directly to an address.
--
Design decision of where to store (temp addr) regeneration event:
The regen event timer is associated with the prefix for the temporary address, because a refactor showed that it results in easier code than when storing it associated with the SLAAC prefix. (f33d2e6)
--
Other noteworthy implications of this PR:
SLAAC_PREFIX_LENGTH=64
requirement of RFCs (see macro definition for RFC reference)GNRC_NETIF_IPV6_ADDRS_FLAGS_IDGEN_RETRIES
, as an easy way to associate the retry counter with the address, because the value is used again if DAD failures occurThese changes are also cherry-picked to the RFC7217 implementation at gnrc_ipv6_nib/SLAAC: rfc7217 stable privacy addresses #20370
--
RFC compatibility
All but the following requirements of the RFC are implemented:
(Requirements from section 3.3.2 do not apply because this PR uses the other algorithm, i.e. from section 3.3.1)
Disable if retry limit reached
Subrange list
Currently, no such subrange list is implemented. (Although comparatively low effort to implement.)
Temporary addresses are generated for any "prefix advertised in a RA PIO with A flag set" and not for link-local addresses.
Ad-hoc toggle
Interpreting this as the need to ad-hoc disable temporary addresses. Not fulfilled; the setting is only set through a compile-time flag and cannot be changed at runtime.
Cleanup
Should this be added to
RIOT/sys/net/gnrc/network_layer/ipv6/nib/nib.c
Line 173 in 32d1cd9
Currently, only link-local addresses seem to be removed at all.
RIOT/sys/net/gnrc/network_layer/ipv6/nib/nib.c
Line 196 in 32d1cd9
Adaptability
This implementation supports Ethernet and 6LoWPAN. Supporting a new link layer only requires its REGEN_ADVANCE value to be returned by
https://github.com/xnumad/RIOT/blob/15e8518d64f674d711f9e4d0fdd613617257a715/sys/net/gnrc/netif/gnrc_netif_device_type.c#L224
The usage of IIDs which do not match the link layer address causes LOWPAN_IPHC to not be able to statelessly compress the IP address anymore. An optimization to enable compression again could be to add compression contexts (feature branch for opportunistic compression contexts: https://github.com/xnumad/RIOT/tree/feature%2Fopportunistic-compression-contexts).
Testing procedure
Add
CFLAGS += -DCONFIG_GNRC_IPV6_NIB_SLAAC_TEMPORARY_ADDRESSES=1
at the appropriate position in the Makefile ofexamples/gnrc_networking
. Tested on BOARD=nrf52840dkOutput of
ifconfig
command is expected to contain a line with a temporary address ("TMP"), likeinet6 addr: 2001:db8::6f04:c775:f9a9:dc48 scope: global VAL TMP
The temporary address is the preferred source address for the global address scope (can be tested by e.g. ping)
(And many more tests could be done)