network: include SSID in ipv6 stable prefix address generation

The SSID fills the role of the optional Network_ID input parameter
suggested by RFC7217. Including the SSID allows networkd to generate a
different pseudorandom address for different wireless networks, which
should help to obscure the host's identity when roaming between multiple
networks.

diff --git a/NEWS b/NEWS
index c469ad650c8668a838bd0bfacd8927f521d49bff..b265a645e25d9c88c6f5397dfbf60438a396164b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -67,6 +67,12 @@ CHANGES WITH 255 in spe:
           It is now enabled by default and is part of the new "v255" naming
           scheme.
 
+        * The 'prefixstable' ipv6 address generation mode now considers the
+          SSID when genrating stable addresses, so that a different stable
+          address is used when roaming between wireless networks. If you
+          already use 'prefixstable' addresses with wireless networks, the
+          stable address chosen will be changed by the update.
+
         Changes in systemd-analyze:
 
         * "systemd-analyze plot" has gained tooltips on each unit name with

diff --git a/src/network/networkd-address-generation.c b/src/network/networkd-address-generation.c
index 79fde024a365ef456e53b4ed24ed1c3527cd056e..65f00094780012524013f2efbd55d59f998ac175 100644 (file)
--- a/src/network/networkd-address-generation.c
+++ b/src/network/networkd-address-generation.c
@@ -117,6 +117,10 @@ static void generate_stable_private_address_one(
                 siphash24_compress(&link->hw_addr.infiniband[INFINIBAND_ALEN - 8], 8, &state);
         else
                 siphash24_compress(link->hw_addr.bytes, link->hw_addr.length, &state);
+
+        if (link->ssid)
+                siphash24_compress_string(link->ssid, &state);
+
         siphash24_compress(&dad_counter, sizeof(uint8_t), &state);
 
         rid = htole64(siphash24_finalize(&state));