LU-10391 lnet: only use PUBLIC IP6 addresses for connections

IPv6 can have temporary address.  These can be used for short-lives
outgoing connections to increase privacy.  They are not suitable for
long-term connections.

So request that only PUBLIC IPv6 addresses are used when making a
connection.

Test-Parameters: trivial testlist=sanity-lnet
Test-Parameters: serverversion=2.12 serverdistro=el7.9 testlist=runtests
Test-Parameters: clientversion=2.12 testlist=runtests
Signed-off-by: Mr NeilBrown <neilb@suse.de>
Change-Id: I1414d9ea11cd5873438a4c088884cefd7d933c8c
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/48571
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: jsimmons <jsimmons@infradead.org>
Reviewed-by: Frank Sehr <fsehr@whamcloud.com>
Reviewed-by: Serguei Smirnov <ssmirnov@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/libcfs/autoconf/lustre-libcfs.m4 b/libcfs/autoconf/lustre-libcfs.m4
index 9b98dab..770db1a 100644 (file)
--- a/libcfs/autoconf/lustre-libcfs.m4
+++ b/libcfs/autoconf/lustre-libcfs.m4
@@ -1643,6 +1643,27 @@ AC_DEFUN([LIBCFS_HAVE_PROC_OPS], [
 ]) # LIBCFS_HAVE_PROC_OPS
 
 #
+# LIBCFS_IP6_SET_PREF
+#
+# kernel v5.8-rc1~165^2~71^2~3 commit 18d5ad62327576cbb1e5b9938a59d63ac0c15832
+# ipv6: add ip6_sock_set_addr_preferences
+#
+AC_DEFUN([LIBCFS_IP6_SET_PREF], [
+tmp_flags="$EXTRA_KCFLAGS"
+EXTRA_KCFLAGS="-Werror"
+LB_CHECK_COMPILE([if ip6_sock_set_addr_preferences() exists],
+ip6_set_pref_test, [
+       #include <net/ipv6.h>
+],[
+       ip6_sock_set_addr_preferences(NULL, 0);
+],[
+       AC_DEFINE(HAVE_IP6_SET_PREF, 1,
+               [if ip6_sock_set_addr_preferences exists])
+])
+EXTRA_KCFLAGS="$tmp_flags"
+]) # LIBCFS_IP6_SET_PREF
+
+#
 # LIBCFS_VMALLOC_2ARGS
 #
 # kernel v5.8-rc1~201^2~19
@@ -2054,6 +2075,7 @@ LIBCFS_KERNEL_SETSOCKOPT
 LIBCFS_VMALLOC_2ARGS
 LIBCFS_HAVE_NR_UNSTABLE_NFS
 LIBCFS_SEC_RELEASE_SECCTX
+LIBCFS_IP6_SET_PREF
 # 5.10
 LIBCFS_HAVE_KFREE_SENSITIVE
 LIBCFS_HAVE_CRYPTO_SHA2_HEADER

diff --git a/libcfs/include/libcfs/linux/linux-net.h b/libcfs/include/libcfs/linux/linux-net.h
index 17b1b30..c599f51 100644 (file)
--- a/libcfs/include/libcfs/linux/linux-net.h
+++ b/libcfs/include/libcfs/linux/linux-net.h
@@ -157,6 +157,15 @@ static inline int tcp_sock_set_keepcnt(struct sock *sk, int opt)
                                 (char *)&opt, sizeof(opt));
 }
 #endif /* HAVE_TCP_SOCK_SET_KEEPCNT */
+
+#if !defined(HAVE_IP6_SET_PREF)
+static inline void ip6_sock_set_addr_preferences(struct sock *sk,
+                                                unsigned int pref)
+{
+       kernel_setsockopt(sk->sk_socket, SOL_IPV6, IPV6_ADDR_PREFERENCES,
+                         (char *)&pref, sizeof(pref));
+}
+#endif /* HAVE_IP6_SET_PREF */
 #endif /* HAVE_KERNEL_SETSOCKOPT */
 
 #endif /* __LIBCFS_LINUX_NET_H__ */

diff --git a/lnet/lnet/lib-socket.c b/lnet/lnet/lib-socket.c
index 90cdc3e..f695895 100644 (file)
--- a/lnet/lnet/lib-socket.c
+++ b/lnet/lnet/lib-socket.c
@@ -416,6 +416,17 @@ lnet_sock_connect(int interface, int local_port,
        if (IS_ERR(sock))
                return sock;
 
+       /* Avoid temporary address, they are bad for long-lived
+        * connections such as lustre mounts.
+        * RFC4941, section 3.6 suggests that:
+        *    Individual applications, which have specific
+        *    knowledge about the normal duration of connections,
+        *    MAY override this as appropriate.
+        */
+       if (peeraddr->sa_family == PF_INET6)
+               ip6_sock_set_addr_preferences(sock->sk,
+                                             IPV6_PREFER_SRC_PUBLIC);
+
        rc = kernel_connect(sock, peeraddr, sizeof(struct sockaddr_in6), 0);
        if (rc == 0)
                return sock;