From cd3b89be221b4c5b67e14aa32001cd97ac3d54a8 Mon Sep 17 00:00:00 2001 From: Mr NeilBrown Date: Fri, 16 Sep 2022 10:49:51 +1000 Subject: [PATCH] LU-10391 lnet: only use PUBLIC IP6 addresses for connections IPv6 can have temporary address. These can be used for short-lives outgoing connections to increase privacy. They are not suitable for long-term connections. So request that only PUBLIC IPv6 addresses are used when making a connection. Test-Parameters: trivial testlist=sanity-lnet Test-Parameters: serverversion=2.12 serverdistro=el7.9 testlist=runtests Test-Parameters: clientversion=2.12 testlist=runtests Signed-off-by: Mr NeilBrown Change-Id: I1414d9ea11cd5873438a4c088884cefd7d933c8c Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/48571 Tested-by: jenkins Tested-by: Maloo Reviewed-by: jsimmons Reviewed-by: Frank Sehr Reviewed-by: Serguei Smirnov Reviewed-by: Oleg Drokin --- libcfs/autoconf/lustre-libcfs.m4 | 22 ++++++++++++++++++++++ libcfs/include/libcfs/linux/linux-net.h | 9 +++++++++ lnet/lnet/lib-socket.c | 11 +++++++++++ 3 files changed, 42 insertions(+) diff --git a/libcfs/autoconf/lustre-libcfs.m4 b/libcfs/autoconf/lustre-libcfs.m4 index 9b98dab..770db1a 100644 --- a/libcfs/autoconf/lustre-libcfs.m4 +++ b/libcfs/autoconf/lustre-libcfs.m4 @@ -1643,6 +1643,27 @@ AC_DEFUN([LIBCFS_HAVE_PROC_OPS], [ ]) # LIBCFS_HAVE_PROC_OPS # +# LIBCFS_IP6_SET_PREF +# +# kernel v5.8-rc1~165^2~71^2~3 commit 18d5ad62327576cbb1e5b9938a59d63ac0c15832 +# ipv6: add ip6_sock_set_addr_preferences +# +AC_DEFUN([LIBCFS_IP6_SET_PREF], [ +tmp_flags="$EXTRA_KCFLAGS" +EXTRA_KCFLAGS="-Werror" +LB_CHECK_COMPILE([if ip6_sock_set_addr_preferences() exists], +ip6_set_pref_test, [ + #include +],[ + ip6_sock_set_addr_preferences(NULL, 0); +],[ + AC_DEFINE(HAVE_IP6_SET_PREF, 1, + [if ip6_sock_set_addr_preferences exists]) +]) +EXTRA_KCFLAGS="$tmp_flags" +]) # LIBCFS_IP6_SET_PREF + +# # LIBCFS_VMALLOC_2ARGS # # kernel v5.8-rc1~201^2~19 @@ -2054,6 +2075,7 @@ LIBCFS_KERNEL_SETSOCKOPT LIBCFS_VMALLOC_2ARGS LIBCFS_HAVE_NR_UNSTABLE_NFS LIBCFS_SEC_RELEASE_SECCTX +LIBCFS_IP6_SET_PREF # 5.10 LIBCFS_HAVE_KFREE_SENSITIVE LIBCFS_HAVE_CRYPTO_SHA2_HEADER diff --git a/libcfs/include/libcfs/linux/linux-net.h b/libcfs/include/libcfs/linux/linux-net.h index 17b1b30..c599f51 100644 --- a/libcfs/include/libcfs/linux/linux-net.h +++ b/libcfs/include/libcfs/linux/linux-net.h @@ -157,6 +157,15 @@ static inline int tcp_sock_set_keepcnt(struct sock *sk, int opt) (char *)&opt, sizeof(opt)); } #endif /* HAVE_TCP_SOCK_SET_KEEPCNT */ + +#if !defined(HAVE_IP6_SET_PREF) +static inline void ip6_sock_set_addr_preferences(struct sock *sk, + unsigned int pref) +{ + kernel_setsockopt(sk->sk_socket, SOL_IPV6, IPV6_ADDR_PREFERENCES, + (char *)&pref, sizeof(pref)); +} +#endif /* HAVE_IP6_SET_PREF */ #endif /* HAVE_KERNEL_SETSOCKOPT */ #endif /* __LIBCFS_LINUX_NET_H__ */ diff --git a/lnet/lnet/lib-socket.c b/lnet/lnet/lib-socket.c index 90cdc3e..f695895 100644 --- a/lnet/lnet/lib-socket.c +++ b/lnet/lnet/lib-socket.c @@ -416,6 +416,17 @@ lnet_sock_connect(int interface, int local_port, if (IS_ERR(sock)) return sock; + /* Avoid temporary address, they are bad for long-lived + * connections such as lustre mounts. + * RFC4941, section 3.6 suggests that: + * Individual applications, which have specific + * knowledge about the normal duration of connections, + * MAY override this as appropriate. + */ + if (peeraddr->sa_family == PF_INET6) + ip6_sock_set_addr_preferences(sock->sk, + IPV6_PREFER_SRC_PUBLIC); + rc = kernel_connect(sock, peeraddr, sizeof(struct sockaddr_in6), 0); if (rc == 0) return sock; -- 1.8.3.1