Date: Wed, 23 Mar 2011 01:46:03 +0900 From: Hajimu UMEMOTO <ume@freebsd.org> To: Matt Smith <matt.xtaz@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: IPv6 policy based source routing Message-ID: <ygey64714tw.wl%ume@mahoroba.org> In-Reply-To: <AANLkTi==JD7-YkSb5_Ha9q_ucXPcUCaUhcsyMxqDReAU@mail.gmail.com> References: <AANLkTi=BOnUbfnmiqgaKj6jzyLjbKMedENbQBvYm_8Rj@mail.gmail.com> <AANLkTimZ7CWWnJMOECEFvjDUVWxqX94fqZg9pvQhiYPL@mail.gmail.com> <alpine.BSF.2.00.1103212253280.64958@qvfongpu.qngnvk.ybpny> <AANLkTi==JD7-YkSb5_Ha9q_ucXPcUCaUhcsyMxqDReAU@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Multipart_Wed_Mar_23_01:46:02_2011-1
Content-Type: text/plain; charset=US-ASCII
Hi,
>>>>> On Tue, 22 Mar 2011 09:19:55 +0000
>>>>> Matt Smith <matt.xtaz@gmail.com> said:
matt> This does indeed look like exactly what I was after however I can't
matt> seem to get it to do anything unless I'm using it wrong.
matt> root@tao[~]# ip6addrctl show
matt> Prefix Prec Label Use
matt> ::1/128 50 0 0
matt> ::/0 40 1 155126
matt> 2002::/16 30 2 0
matt> ::/96 20 3 0
matt> ::ffff:0.0.0.0/96 10 4 0
matt> The IP on vr0 is 2a01:348:294::1/64 and the IP on gif0 is
matt> 2a01:348:6:45c::2/128. Right now if I ping6 ipv6.google.com I get this
matt> PING6(56=40+8+8 bytes) 2a01:348:6:45c::2 --> 2a00:1450:8002::67 so
matt> it's sourcing traffic from the gif0 IP. I assume in that list the
matt> higher the precedence the higher the priority so I ran "ip6addrctl add
matt> 2a01:348:294::/64 45 5". This makes no difference. Traffic still comes
matt> from the gif0 IP.
matt> I also tried adding the gif0 prefix with "ip6addrctl add
matt> 2a01:348:6:45c::2/128 44 6" to make it lower but same effect. In case
matt> I got the precedence the wrong way round I tried reversing it. Same
matt> effect.
matt> So I guess I'm not using it correctly. Can you enlighten me as to what
matt> I'm doing wrong with it?
Unfortunately, RFC 3484 doesn't work well for your situation because
of the existence of Rule 5 which prefers outgoing interface. This
rule is annoying for some situation such as BGP peering which requires
a global address to an interface.
I'm using the attached patches to ignore this rule, intentionally. It
breaks RFC 3484, though.
Sincerely,
--Multipart_Wed_Mar_23_01:46:02_2011-1
Content-Type: text/x-patch; type=patch; charset=US-ASCII
Content-Disposition: attachment; filename="no_prefer_iface.diff"
Content-Transfer-Encoding: 7bit
Index: sys/netinet6/in6_src.c
diff -u -p sys/netinet6/in6_src.c.orig sys/netinet6/in6_src.c
--- sys/netinet6/in6_src.c.orig 2009-10-25 10:10:29.000000000 +0900
+++ sys/netinet6/in6_src.c 2009-11-10 15:48:38.092822205 +0900
@@ -364,10 +364,12 @@ in6_selectsrc(struct sockaddr_in6 *dstso
*/
/* Rule 5: Prefer outgoing interface */
- if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
- NEXT(5);
- if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
- REPLACE(5);
+ if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) {
+ if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
+ NEXT(5);
+ if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
+ REPLACE(5);
+ }
/*
* Rule 6: Prefer matching label
Index: sys/netinet6/nd6.c
diff -u -p sys/netinet6/nd6.c.orig sys/netinet6/nd6.c
Index: sys/netinet6/nd6.h
diff -u sys/netinet6/nd6.h.orig sys/netinet6/nd6.h
--- sys/netinet6/nd6.h.orig 2009-10-25 10:10:29.000000000 +0900
+++ sys/netinet6/nd6.h 2009-11-10 15:39:48.733878468 +0900
@@ -84,6 +84,7 @@
* DAD failure. (XXX: not ND-specific)
*/
#define ND6_IFF_DONT_SET_IFROUTE 0x10
+#define ND6_IFF_NO_PREFER_IFACE 0x80 /* XXX: not related to ND. */
#define ND6_CREATE LLE_CREATE
#define ND6_EXCLUSIVE LLE_EXCLUSIVE
Index: usr.sbin/ndp/ndp.8
diff -u usr.sbin/ndp/ndp.8.orig usr.sbin/ndp/ndp.8
--- usr.sbin/ndp/ndp.8.orig 2009-10-25 10:10:29.000000000 +0900
+++ usr.sbin/ndp/ndp.8 2009-11-10 16:24:24.739126446 +0900
@@ -196,6 +196,15 @@
selection, see the
.Pa IMPLEMENTATION
file supplied with the KAME kit.
+.It Ic no_prefer_iface
+The address on the outgoing interface is preferred by source addess
+selection rule.
+If this flag is set, stop treating the address on the
+.Ar interface
+as special even when the
+.Ar interface
+is outgoing interface.
+The default value of this flag is off.
.It Ic disabled
Disable IPv6 operation on the interface.
When disabled, the interface discards any IPv6 packets
Index: usr.sbin/ndp/ndp.c
diff -u -p usr.sbin/ndp/ndp.c.orig usr.sbin/ndp/ndp.c
--- usr.sbin/ndp/ndp.c.orig 2009-10-25 10:10:29.000000000 +0900
+++ usr.sbin/ndp/ndp.c 2009-11-10 15:35:50.217958241 +0900
@@ -1007,6 +1007,9 @@ ifinfo(ifname, argc, argv)
#ifdef ND6_IFF_PREFER_SOURCE
SETFLAG("prefer_source", ND6_IFF_PREFER_SOURCE);
#endif
+#ifdef ND6_IFF_NO_PREFER_IFACE
+ SETFLAG("no_prefer_iface", ND6_IFF_NO_PREFER_IFACE);
+#endif
SETVALUE("basereachable", ND.basereachable);
SETVALUE("retrans", ND.retrans);
SETVALUE("curhlim", ND.chlim);
@@ -1080,6 +1083,10 @@ ifinfo(ifname, argc, argv)
if ((ND.flags & ND6_IFF_PREFER_SOURCE))
printf("prefer_source ");
#endif
+#ifdef ND6_IFF_NO_PREFER_IFACE
+ if ((ND.flags & ND6_IFF_NO_PREFER_IFACE))
+ printf("no_prefer_iface ");
+#endif
}
putc('\n', stdout);
#undef ND
--Multipart_Wed_Mar_23_01:46:02_2011-1
Content-Type: text/x-patch; type=patch; charset=US-ASCII
Content-Disposition: attachment; filename="ifconfig-no_prefer_iface.diff"
Content-Transfer-Encoding: 7bit
Index: sbin/ifconfig/af_inet6.c
diff -u -p sbin/ifconfig/af_inet6.c.orig sbin/ifconfig/af_inet6.c
--- sbin/ifconfig/af_inet6.c.orig 2009-12-13 21:12:12.409876457 +0900
+++ sbin/ifconfig/af_inet6.c 2009-12-13 21:12:20.039603812 +0900
@@ -506,6 +506,8 @@ static struct cmd inet6_cmds[] = {
DEF_CMD("-nud", -ND6_IFF_PERFORMNUD, setnd6flags),
DEF_CMD("prefer_source",ND6_IFF_PREFER_SOURCE, setnd6flags),
DEF_CMD("-prefer_source",-ND6_IFF_PREFER_SOURCE,setnd6flags),
+ DEF_CMD("no_prefer_iface",ND6_IFF_NO_PREFER_IFACE,setnd6flags),
+ DEF_CMD("-no_prefer_iface",-ND6_IFF_NO_PREFER_IFACE,setnd6flags),
DEF_CMD_ARG("pltime", setip6pltime),
DEF_CMD_ARG("vltime", setip6vltime),
DEF_CMD("eui64", 0, setip6eui64),
Index: sbin/ifconfig/af_nd6.c
diff -u -p sbin/ifconfig/af_nd6.c.orig sbin/ifconfig/af_nd6.c
--- sbin/ifconfig/af_nd6.c.orig 2009-12-06 18:16:27.248083649 +0900
+++ sbin/ifconfig/af_nd6.c 2009-12-06 18:16:27.417250681 +0900
@@ -58,7 +58,7 @@ static const char rcsid[] =
#define MAX_SYSCTL_TRY 5
#define ND6BITS "\020\001PERFORMNUD\002ACCEPT_RTADV\003PREFER_SOURCE" \
"\004IFDISABLED\005DONT_SET_IFROUTE\006AUTO_LINKLOCAL" \
- "\020DEFAULTIF"
+ "\010NO_PREFER_IFACE\020DEFAULTIF"
static int isnd6defif(int);
void setnd6flags(const char *, int, int, const struct afswtch *);
Index: sbin/ifconfig/ifconfig.8
diff -u sbin/ifconfig/ifconfig.8.orig sbin/ifconfig/ifconfig.8
--- sbin/ifconfig/ifconfig.8.orig 2009-12-06 18:16:27.252090244 +0900
+++ sbin/ifconfig/ifconfig.8 2009-12-06 18:16:27.436270414 +0900
@@ -644,6 +644,13 @@
.It Cm -prefer_source
Clear a flag
.Cm prefer_source .
+.It Cm no_prefer_iface
+Set a flag to not prefer address on the interface as candidates of the
+source address for outgoing packets, even when the interface is
+outgoing interface.
+.It Cm -no_prefer_iface
+Clear a flag
+.Cm no_prefer_iface .
.El
.Pp
The following parameters are specific to cloning
--Multipart_Wed_Mar_23_01:46:02_2011-1
Content-Type: text/plain; charset=US-ASCII
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
--Multipart_Wed_Mar_23_01:46:02_2011-1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ygey64714tw.wl%ume>