From: Ronan Pigott Date: Sat, 14 Oct 2023 03:22:49 +0000 (-0700) Subject: network: include SSID in ipv6 stable prefix address generation X-Git-Tag: v255-rc1~214 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=06960d171982be0b80dc29ec8477b8e7ce204c87;p=thirdparty%2Fsystemd.git network: include SSID in ipv6 stable prefix address generation The SSID fills the role of the optional Network_ID input parameter suggested by RFC7217. Including the SSID allows networkd to generate a different pseudorandom address for different wireless networks, which should help to obscure the host's identity when roaming between multiple networks. --- diff --git a/NEWS b/NEWS index c469ad650c8..b265a645e25 100644 --- a/NEWS +++ b/NEWS @@ -67,6 +67,12 @@ CHANGES WITH 255 in spe: It is now enabled by default and is part of the new "v255" naming scheme. + * The 'prefixstable' ipv6 address generation mode now considers the + SSID when genrating stable addresses, so that a different stable + address is used when roaming between wireless networks. If you + already use 'prefixstable' addresses with wireless networks, the + stable address chosen will be changed by the update. + Changes in systemd-analyze: * "systemd-analyze plot" has gained tooltips on each unit name with diff --git a/src/network/networkd-address-generation.c b/src/network/networkd-address-generation.c index 79fde024a36..65f00094780 100644 --- a/src/network/networkd-address-generation.c +++ b/src/network/networkd-address-generation.c @@ -117,6 +117,10 @@ static void generate_stable_private_address_one( siphash24_compress(&link->hw_addr.infiniband[INFINIBAND_ALEN - 8], 8, &state); else siphash24_compress(link->hw_addr.bytes, link->hw_addr.length, &state); + + if (link->ssid) + siphash24_compress_string(link->ssid, &state); + siphash24_compress(&dad_counter, sizeof(uint8_t), &state); rid = htole64(siphash24_finalize(&state));