Re: IPv6 policy based source routing

Tue, 22 Mar 2011 09:46:43 -0700 

Hi,

>>>>> On Tue, 22 Mar 2011 09:19:55 +0000
>>>>> Matt Smith <matt.x...@gmail.com> said:

matt> This does indeed look like exactly what I was after however I can't
matt> seem to get it to do anything unless I'm using it wrong.

matt> root@tao[~]# ip6addrctl show
matt> Prefix                          Prec Label      Use
matt> ::1/128                           50     0        0
matt> ::/0                              40     1   155126
matt> 2002::/16                         30     2        0
matt> ::/96                             20     3        0
matt> ::ffff:0.0.0.0/96                 10     4        0

matt> The IP on vr0 is 2a01:348:294::1/64 and the IP on gif0 is
matt> 2a01:348:6:45c::2/128. Right now if I ping6 ipv6.google.com I get this
matt> PING6(56=40+8+8 bytes) 2a01:348:6:45c::2 --> 2a00:1450:8002::67 so
matt> it's sourcing traffic from the gif0 IP. I assume in that list the
matt> higher the precedence the higher the priority so I ran "ip6addrctl add
matt> 2a01:348:294::/64 45 5". This makes no difference. Traffic still comes
matt> from the gif0 IP.

matt> I also tried adding the gif0 prefix with "ip6addrctl add
matt> 2a01:348:6:45c::2/128 44 6" to make it lower but same effect. In case
matt> I got the precedence the wrong way round I tried reversing it. Same
matt> effect.

matt> So I guess I'm not using it correctly. Can you enlighten me as to what
matt> I'm doing wrong with it?

Unfortunately, RFC 3484 doesn't work well for your situation because
of the existence of Rule 5 which prefers outgoing interface.  This
rule is annoying for some situation such as BGP peering which requires
a global address to an interface.
I'm using the attached patches to ignore this rule, intentionally.  It
breaks RFC 3484, though.

Sincerely,

Index: sys/netinet6/in6_src.c
diff -u -p sys/netinet6/in6_src.c.orig sys/netinet6/in6_src.c
--- sys/netinet6/in6_src.c.orig	2009-10-25 10:10:29.000000000 +0900
+++ sys/netinet6/in6_src.c	2009-11-10 15:48:38.092822205 +0900
@@ -364,10 +364,12 @@ in6_selectsrc(struct sockaddr_in6 *dstso
 		 */
 
 		/* Rule 5: Prefer outgoing interface */
-		if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
-			NEXT(5);
-		if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
-			REPLACE(5);
+		if (!(ND_IFINFO(ifp)->flags & ND6_IFF_NO_PREFER_IFACE)) {
+			if (ia_best->ia_ifp == ifp && ia->ia_ifp != ifp)
+				NEXT(5);
+			if (ia_best->ia_ifp != ifp && ia->ia_ifp == ifp)
+				REPLACE(5);
+		}
 
 		/*
 		 * Rule 6: Prefer matching label
Index: sys/netinet6/nd6.c
diff -u -p sys/netinet6/nd6.c.orig sys/netinet6/nd6.c
Index: sys/netinet6/nd6.h
diff -u sys/netinet6/nd6.h.orig sys/netinet6/nd6.h
--- sys/netinet6/nd6.h.orig	2009-10-25 10:10:29.000000000 +0900
+++ sys/netinet6/nd6.h	2009-11-10 15:39:48.733878468 +0900
@@ -84,6 +84,7 @@
 				     * DAD failure.  (XXX: not ND-specific)
 				     */
 #define ND6_IFF_DONT_SET_IFROUTE	0x10
+#define ND6_IFF_NO_PREFER_IFACE	0x80 /* XXX: not related to ND. */
 
 #define	ND6_CREATE		LLE_CREATE
 #define	ND6_EXCLUSIVE		LLE_EXCLUSIVE
Index: usr.sbin/ndp/ndp.8
diff -u usr.sbin/ndp/ndp.8.orig usr.sbin/ndp/ndp.8
--- usr.sbin/ndp/ndp.8.orig	2009-10-25 10:10:29.000000000 +0900
+++ usr.sbin/ndp/ndp.8	2009-11-10 16:24:24.739126446 +0900
@@ -196,6 +196,15 @@
 selection, see the
 .Pa IMPLEMENTATION
 file supplied with the KAME kit.
+.It Ic no_prefer_iface
+The address on the outgoing interface is preferred by source addess
+selection rule.
+If this flag is set, stop treating the address on the
+.Ar interface
+as special even when the
+.Ar interface
+is outgoing interface.
+The default value of this flag is off.
 .It Ic disabled
 Disable IPv6 operation on the interface.
 When disabled, the interface discards any IPv6 packets
Index: usr.sbin/ndp/ndp.c
diff -u -p usr.sbin/ndp/ndp.c.orig usr.sbin/ndp/ndp.c
--- usr.sbin/ndp/ndp.c.orig	2009-10-25 10:10:29.000000000 +0900
+++ usr.sbin/ndp/ndp.c	2009-11-10 15:35:50.217958241 +0900
@@ -1007,6 +1007,9 @@ ifinfo(ifname, argc, argv)
 #ifdef ND6_IFF_PREFER_SOURCE
 		SETFLAG("prefer_source", ND6_IFF_PREFER_SOURCE);
 #endif
+#ifdef ND6_IFF_NO_PREFER_IFACE
+		SETFLAG("no_prefer_iface", ND6_IFF_NO_PREFER_IFACE);
+#endif
 		SETVALUE("basereachable", ND.basereachable);
 		SETVALUE("retrans", ND.retrans);
 		SETVALUE("curhlim", ND.chlim);
@@ -1080,6 +1083,10 @@ ifinfo(ifname, argc, argv)
 		if ((ND.flags & ND6_IFF_PREFER_SOURCE))
 			printf("prefer_source ");
 #endif
+#ifdef ND6_IFF_NO_PREFER_IFACE
+		if ((ND.flags & ND6_IFF_NO_PREFER_IFACE))
+			printf("no_prefer_iface ");
+#endif
 	}
 	putc('\n', stdout);
 #undef ND

Index: sbin/ifconfig/af_inet6.c
diff -u -p sbin/ifconfig/af_inet6.c.orig sbin/ifconfig/af_inet6.c
--- sbin/ifconfig/af_inet6.c.orig	2009-12-13 21:12:12.409876457 +0900
+++ sbin/ifconfig/af_inet6.c	2009-12-13 21:12:20.039603812 +0900
@@ -506,6 +506,8 @@ static struct cmd inet6_cmds[] = {
 	DEF_CMD("-nud",		-ND6_IFF_PERFORMNUD,	setnd6flags),
 	DEF_CMD("prefer_source",ND6_IFF_PREFER_SOURCE,	setnd6flags),
 	DEF_CMD("-prefer_source",-ND6_IFF_PREFER_SOURCE,setnd6flags),
+	DEF_CMD("no_prefer_iface",ND6_IFF_NO_PREFER_IFACE,setnd6flags),
+	DEF_CMD("-no_prefer_iface",-ND6_IFF_NO_PREFER_IFACE,setnd6flags),
 	DEF_CMD_ARG("pltime",        			setip6pltime),
 	DEF_CMD_ARG("vltime",        			setip6vltime),
 	DEF_CMD("eui64",	0,			setip6eui64),
Index: sbin/ifconfig/af_nd6.c
diff -u -p sbin/ifconfig/af_nd6.c.orig sbin/ifconfig/af_nd6.c
--- sbin/ifconfig/af_nd6.c.orig	2009-12-06 18:16:27.248083649 +0900
+++ sbin/ifconfig/af_nd6.c	2009-12-06 18:16:27.417250681 +0900
@@ -58,7 +58,7 @@ static const char rcsid[] =
 #define	MAX_SYSCTL_TRY	5
 #define	ND6BITS	"\020\001PERFORMNUD\002ACCEPT_RTADV\003PREFER_SOURCE" \
 		"\004IFDISABLED\005DONT_SET_IFROUTE\006AUTO_LINKLOCAL" \
-		"\020DEFAULTIF"
+		"\010NO_PREFER_IFACE\020DEFAULTIF"
 
 static int isnd6defif(int);
 void setnd6flags(const char *, int, int, const struct afswtch *);
Index: sbin/ifconfig/ifconfig.8
diff -u sbin/ifconfig/ifconfig.8.orig sbin/ifconfig/ifconfig.8
--- sbin/ifconfig/ifconfig.8.orig	2009-12-06 18:16:27.252090244 +0900
+++ sbin/ifconfig/ifconfig.8	2009-12-06 18:16:27.436270414 +0900
@@ -644,6 +644,13 @@
 .It Cm -prefer_source
 Clear a flag
 .Cm prefer_source .
+.It Cm no_prefer_iface
+Set a flag to not prefer address on the interface as candidates of the
+source address for outgoing packets, even when the interface is
+outgoing interface.
+.It Cm -no_prefer_iface
+Clear a flag
+.Cm no_prefer_iface .
 .El
 .Pp
 The following parameters are specific to cloning

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
u...@mahoroba.org  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to