OS-4683: Using the allowed-ips property prevents using dynamic addresses

Details

Issue Type:Bug
Priority:4 - Normal
Status:Resolved
Created at:2015-08-31T16:13:53.000Z
Updated at:2020-02-25T22:44:48.636Z

People

Created by:Former user
Reported by:Former user
Assigned to:Former user

Resolution

Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2018-06-08T18:50:11.031Z)

Fix Versions

2018-06-21 Underwater Reactor (Release Date: 2018-06-21)

Related Issues

Description

When the allowed-ips property is set on a VNIC, addresses obtained dynamically (via DHCPv4, DHCPv6 or SLAAC) cannot be used on the interface. The IP spoofing protection code assumes that allowed-ips precludes dynamic addresses, and SIOCSLIFADDR returns EPERM if the address isn't in the list of allowed addresses.

While at first it might seem like dynamic addresses won't be used with static addresses, this is much more reasonable when using both IPv4 and IPv6. For example, you might assign static IPv4 addresses, but then use SLAAC to get IPv6 addresses. It is also common for a host to have both SLAAC and static IPv6 addresses.

In the final notes of PSARC/2009/436, it sounds like the intention was that addresses obtained dynamically be implicitly allowed, much like the link-local address currently is. Since we'll want to maintain backwards compatibility with the current behaviour, and also allow for situations where someone does want to explicitly list the allowed addresses and prevent using ones obtained dynamically, I propose that VNICs gain a new property, dynamic-methods, which will list the permitted methods for obtaining addresses. When allowed-ips is empty, they are all implicitly enabled (the current behaviour), and when allowed-ips is non-empty, only addresses in allowed-ips and those obtained via the permitted methods can be used.

Comments

Comment by Former user
Created at 2018-06-08T00:32:21.313Z

Comment by Former user
Created at 2018-06-08T18:42:14.957Z

I also tested bringing interfaces up and down, and unplumbing then plumbing them back up again:

[root@7d155d75-eef1-48c1-9455-6dad0644ed62 ~]# ifconfig eth1 down
[root@7d155d75-eef1-48c1-9455-6dad0644ed62 ~]# ping 10.88.88.159
ping: sendto No route to host
[root@7d155d75-eef1-48c1-9455-6dad0644ed62 ~]# ifconfig eth1 up
[root@7d155d75-eef1-48c1-9455-6dad0644ed62 ~]# ping 10.88.88.159
10.88.88.159 is alive
[root@7d155d75-eef1-48c1-9455-6dad0644ed62 ~]# ifconfig eth1 unplumb
[root@7d155d75-eef1-48c1-9455-6dad0644ed62 ~]# ping 10.88.88.159
ping: unknown host 10.88.88.159
[root@7d155d75-eef1-48c1-9455-6dad0644ed62 ~]# ifconfig eth1 plumb 
[root@7d155d75-eef1-48c1-9455-6dad0644ed62 ~]# ifconfig eth1 10.88.88.159 up
[root@7d155d75-eef1-48c1-9455-6dad0644ed62 ~]# ping 10.88.88.159
10.88.88.159 is alive

Comment by Jira Bot
Created at 2018-06-08T18:47:49.845Z

illumos-joyent commit 12a82dd4a058eb86f2b6b075bde38b01424f8f30 (branch master, by Cody Peter Mello)

OS-4683 Using the allowed-ips property prevents using dynamic addresses
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Dan McDonald <danmcd@joyent.com>
Approved by: Dan McDonald <danmcd@joyent.com>


Comment by Jira Bot
Created at 2018-06-13T15:50:57.174Z

smartos-live commit 71a0dd0b0eade2e8a61d1d78c8a16fe9d899c3f7 (branch master, by Cody Peter Mello)

OS-4683 Using the allowed-ips property prevents using dynamic addresses


Comment by Jira Bot
Created at 2020-02-25T22:44:48.636Z

illumos-joyent commit 15928b62d653d40c29bbe08498913c3ac86e46d5 (branch master, by Dan McDonald)

OS-7184 IPMP broken by OS-4683 (#261)

Reviewed by: Jason King <jbk@joyent.com>
Reviewed by: Cody Mello <melloc@writev.io>
Approved by: Mike Zeller <mike.zeller@joyent.com>