From patchwork Mon Jul 11 14:43:50 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Bj=C3=B8rn_Mork?= <bjorn@mork.no>
X-Patchwork-Id: 646958
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3rp7Fk0QH7z9sXx
	for <patchwork-incoming@ozlabs.org>;
	Tue, 12 Jul 2016 00:46:18 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	secure) header.d=mork.no header.i=@mork.no header.b=P060k4Y1;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933904AbcGKOqO (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Mon, 11 Jul 2016 10:46:14 -0400
Received: from canardo.mork.no ([148.122.252.1]:44951 "EHLO canardo.mork.no"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S933864AbcGKOqN (ORCPT <rfc822;netdev@vger.kernel.org>);
	Mon, 11 Jul 2016 10:46:13 -0400
Received: from miraculix (ip6-localhost [IPv6:::1])
	by canardo.mork.no (8.14.4/8.14.4) with ESMTP id u6BEjxXc028004
	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO); Mon, 11 Jul 2016 16:45:59 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mork.no; s=a;
	t=1468248361; bh=AwniaH8Sy+PNjMNXMGyfBi/iz0ON6JMD2R5vgtHEBBI=;
	h=From:To:Cc:Date:Message-Id:From;
	b=P060k4Y1LhKI6Dkz+tDDL/La2pedUsekbNau+P+11/rKoEFalu6sP5PDH6kwNzBe6
	T4heU+BUewACrZheze9WmVd+hF1SNJEONDbW2q4BZOBeJot3XT2fG4sMpxt/rc2Tci
	fKDl/JU6U24Xc7/n32tcW2rsPGEBlWFL0RRfrqppj1bUwC65Q4vc++6lxVB8WSE3He
	Vixtvx1x0LLPO/BIJe/cwclwTk0ZQX1qgN6A/JygRpfaWXXk+KeG4GsdhBISwFYMmb
	qafKVKLYSDbSwVzYYlpwbLaYOamVt8JTmn+bSi3087HnEGFiuF0jvHQxzX4DEj/QMP
	wGqPzPj1vJ9ug==
Received: from bjorn by miraculix with local (Exim 4.87)
	(envelope-from <bjorn@miraculix.mork.no>)
	id 1bMcR5-0001Vb-Pi; Mon, 11 Jul 2016 16:43:51 +0200
From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
To: netdev@vger.kernel.org
Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>,
	Jonas Lippuner <jonas@lippuner.ca>,
	=?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>,
	=?UTF-8?q?=E5=90=89=E8=97=A4=E8=8B=B1=E6=98=8E?=
	<hideaki.yoshifuji@miraclelinux.com>
Subject: [PATCH v2 net] ipv6: addrconf: fix Juniper SSL VPN client regression
Date: Mon, 11 Jul 2016 16:43:50 +0200
Message-Id: <1468248230-5763-1-git-send-email-bjorn@mork.no>
X-Mailer: git-send-email 2.8.1
MIME-Version: 1.0
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
	shortcircuit=ham autolearn=disabled version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on canardo.mork.no
X-Virus-Scanned: clamav-milter 0.99.2 at canardo
X-Virus-Status: Clean
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The Juniper SSL VPN client use a "tun" interface and seems to
be picky about visible changes.to it. Commit cc9da6cc4f56
("ipv6: addrconf: use stable address generator for ARPHRD_NONE")
made such interfaces get an auto-generated IPv6 link local address
by default, similar to most other interface types. This made the
Juniper SSL VPN client fail for unknown reasons.

Fixing this regression by adding a new private netdevice flag
which disables automatic IPv6 link local address generation, and
making the flag default for "tun" devices.

Setting an explicit addrgenmode will disable the flag, so userspace
can choose to enable automatic LL generation by selecting a suitable
addrgenmode.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=121131
Fixes: cc9da6cc4f56 ("ipv6: addrconf: use stable address generator for ARPHRD_NONE")
Reported-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Reported-by: Jonas Lippuner <jonas@lippuner.ca>
Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: 吉藤英明 <hideaki.yoshifuji@miraclelinux.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Tested-by: Jonas Lippuner <jonas@lippuner.ca>
Tested-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
---
v2 changes:
 - added a netdevice private flag to suppress automatic IPv6 LL
 - suppressing only for "tun" devices


So, something like this?  It has the bonus that it can be used for *any*
type of device which does not want the automatic link local addresses.
Only enabled for "tun" for now, of course.

Is it OK to unconditionally disable the suppression if the user sets an
addrgenmode?  I find that to match *my* expectations, but I don't know
much about the ordinary user :)

And finally, Valdis and Jonas: could you please test this version too? It
works for me in my simulated setup, but I don't have the Juniper client
so I cannot verify that it actually solves the problem.


Bjørn


 drivers/net/tun.c         | 4 ++++
 include/linux/netdevice.h | 4 ++++
 net/ipv6/addrconf.c       | 7 +++++++
 3 files changed, 15 insertions(+)

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index e16487cc6a9a..6e7558f97013 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1073,6 +1073,10 @@ static void tun_net_init(struct net_device *dev)
 		/* Zero header length */
 		dev->type = ARPHRD_NONE;
 		dev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
+
+		/* IPv6 LL address is known to break some applications */
+		dev->priv_flags |= IFF_SUPPRESS_AUTO_IPV6_LL;
+
 		break;
 
 	case IFF_TAP:
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index f45929ce8157..d04ea7fcdaba 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1333,6 +1333,8 @@ struct net_device_ops {
  * @IFF_PHONY_HEADROOM: the headroom value is controlled by an external
  *	entity (i.e. the master device for bridged veth)
  * @IFF_MACSEC: device is a MACsec device
+ * @IFF_SUPPRESS_AUTO_IPV6_LL: device will not get an automatic IPv6
+ *	link local address
  */
 enum netdev_priv_flags {
 	IFF_802_1Q_VLAN			= 1<<0,
@@ -1363,6 +1365,7 @@ enum netdev_priv_flags {
 	IFF_RXFH_CONFIGURED		= 1<<25,
 	IFF_PHONY_HEADROOM		= 1<<26,
 	IFF_MACSEC			= 1<<27,
+	IFF_SUPPRESS_AUTO_IPV6_LL	= 1<<28,
 };
 
 #define IFF_802_1Q_VLAN			IFF_802_1Q_VLAN
@@ -1392,6 +1395,7 @@ enum netdev_priv_flags {
 #define IFF_TEAM			IFF_TEAM
 #define IFF_RXFH_CONFIGURED		IFF_RXFH_CONFIGURED
 #define IFF_MACSEC			IFF_MACSEC
+#define IFF_SUPPRESS_AUTO_IPV6_LL	IFF_SUPPRESS_AUTO_IPV6_LL
 
 /**
  *	struct net_device - The DEVICE structure.
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 47f837a58e0a..331ea5ebff5f 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3113,6 +3113,10 @@ static void addrconf_dev_config(struct net_device *dev)
 		return;
 	}
 
+	/* this device does not want automatic IPv6 LLs */
+	if (dev->priv_flags & IFF_SUPPRESS_AUTO_IPV6_LL)
+		return;
+
 	idev = addrconf_add_dev(dev);
 	if (IS_ERR(idev))
 		return;
@@ -5104,6 +5108,9 @@ static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla)
 
 		idev->addr_gen_mode = mode;
 		err = 0;
+
+		/* turn off suppression since user has requested addrgen */
+		dev->priv_flags &= ~IFF_SUPPRESS_AUTO_IPV6_LL;
 	}
 
 	return err;