]> err.no Git - linux-2.6/commitdiff
[IPV6]: RFC3484 compliant source address selection
authorYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Tue, 8 Nov 2005 17:38:30 +0000 (09:38 -0800)
committerDavid S. Miller <davem@davemloft.net>
Tue, 8 Nov 2005 17:38:30 +0000 (09:38 -0800)
Choose more appropriate source address; e.g.
 - outgoing interface
 - non-deprecated
 - scope
 - matching label

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/addrconf.c

index ff895da6395b275dbf9b5a3cd06ce6bf6759866f..a34d1504deb9b901d5f002b69bdee761147b7d5d 100644 (file)
@@ -809,138 +809,274 @@ out:
 #endif
 
 /*
- *     Choose an appropriate source address
- *     should do:
- *     i)      get an address with an appropriate scope
- *     ii)     see if there is a specific route for the destination and use
- *             an address of the attached interface 
- *     iii)    don't use deprecated addresses
+ *     Choose an appropriate source address (RFC3484)
  */
-static int inline ipv6_saddr_pref(const struct inet6_ifaddr *ifp, u8 invpref)
+struct ipv6_saddr_score {
+       int             addr_type;
+       unsigned int    attrs;
+       int             matchlen;
+       unsigned int    scope;
+       unsigned int    rule;
+};
+
+#define IPV6_SADDR_SCORE_LOCAL         0x0001
+#define IPV6_SADDR_SCORE_PREFERRED     0x0004
+#define IPV6_SADDR_SCORE_HOA           0x0008
+#define IPV6_SADDR_SCORE_OIF           0x0010
+#define IPV6_SADDR_SCORE_LABEL         0x0020
+#define IPV6_SADDR_SCORE_PRIVACY       0x0040
+
+static int inline ipv6_saddr_preferred(int type)
 {
-       int pref;
-       pref = ifp->flags&IFA_F_DEPRECATED ? 0 : 2;
-#ifdef CONFIG_IPV6_PRIVACY
-       pref |= (ifp->flags^invpref)&IFA_F_TEMPORARY ? 0 : 1;
-#endif
-       return pref;
+       if (type & (IPV6_ADDR_MAPPED|IPV6_ADDR_COMPATv4|
+                   IPV6_ADDR_LOOPBACK|IPV6_ADDR_RESERVED))
+               return 1;
+       return 0;
 }
 
-#ifdef CONFIG_IPV6_PRIVACY
-#define IPV6_GET_SADDR_MAXSCORE(score) ((score) == 3)
-#else
-#define IPV6_GET_SADDR_MAXSCORE(score) (score)
-#endif
+/* static matching label */
+static int inline ipv6_saddr_label(const struct in6_addr *addr, int type)
+{
+ /*
+  *    prefix (longest match)  label
+  *    -----------------------------
+  *    ::1/128                 0
+  *    ::/0                    1
+  *    2002::/16               2
+  *    ::/96                   3
+  *    ::ffff:0:0/96           4
+  */
+       if (type & IPV6_ADDR_LOOPBACK)
+               return 0;
+       else if (type & IPV6_ADDR_COMPATv4)
+               return 3;
+       else if (type & IPV6_ADDR_MAPPED)
+               return 4;
+       else if (addr->s6_addr16[0] == htons(0x2002))
+               return 2;
+       return 1;
+}
 
-int ipv6_dev_get_saddr(struct net_device *dev,
+int ipv6_dev_get_saddr(struct net_device *daddr_dev,
                       struct in6_addr *daddr, struct in6_addr *saddr)
 {
-       struct inet6_ifaddr *ifp = NULL;
-       struct inet6_ifaddr *match = NULL;
-       struct inet6_dev *idev;
-       int scope;
-       int err;
-       int hiscore = -1, score;
+       struct ipv6_saddr_score hiscore;
+       struct inet6_ifaddr *ifa_result = NULL;
+       int daddr_type = __ipv6_addr_type(daddr);
+       int daddr_scope = __ipv6_addr_src_scope(daddr_type);
+       u32 daddr_label = ipv6_saddr_label(daddr, daddr_type);
+       struct net_device *dev;
 
-       scope = ipv6_addr_scope(daddr);
+       memset(&hiscore, 0, sizeof(hiscore));
 
-       /*
-        *      known dev
-        *      search dev and walk through dev addresses
-        */
+       read_lock(&dev_base_lock);
+       read_lock(&addrconf_lock);
 
-       if (dev) {
-               if (dev->flags & IFF_LOOPBACK)
-                       scope = IFA_HOST;
+       for (dev = dev_base; dev; dev=dev->next) {
+               struct inet6_dev *idev;
+               struct inet6_ifaddr *ifa;
+
+               /* Rule 0: Candidate Source Address (section 4)
+                *  - multicast and link-local destination address,
+                *    the set of candidate source address MUST only
+                *    include addresses assigned to interfaces
+                *    belonging to the same link as the outgoing
+                *    interface.
+                * (- For site-local destination addresses, the
+                *    set of candidate source addresses MUST only
+                *    include addresses assigned to interfaces
+                *    belonging to the same site as the outgoing
+                *    interface.)
+                */
+               if ((daddr_type & IPV6_ADDR_MULTICAST ||
+                    daddr_scope <= IPV6_ADDR_SCOPE_LINKLOCAL) &&
+                   daddr_dev && dev != daddr_dev)
+                       continue;
 
-               read_lock(&addrconf_lock);
                idev = __in6_dev_get(dev);
-               if (idev) {
-                       read_lock_bh(&idev->lock);
-                       for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) {
-                               if (ifp->scope == scope) {
-                                       if (ifp->flags&IFA_F_TENTATIVE)
-                                               continue;
-#ifdef CONFIG_IPV6_PRIVACY
-                                       score = ipv6_saddr_pref(ifp, idev->cnf.use_tempaddr > 1 ? IFA_F_TEMPORARY : 0);
-#else
-                                       score = ipv6_saddr_pref(ifp, 0);
-#endif
-                                       if (score <= hiscore)
-                                               continue;
+               if (!idev)
+                       continue;
 
-                                       if (match)
-                                               in6_ifa_put(match);
-                                       match = ifp;
-                                       hiscore = score;
-                                       in6_ifa_hold(ifp);
+               read_lock_bh(&idev->lock);
+               for (ifa = idev->addr_list; ifa; ifa = ifa->if_next) {
+                       struct ipv6_saddr_score score;
 
-                                       if (IPV6_GET_SADDR_MAXSCORE(score)) {
-                                               read_unlock_bh(&idev->lock);
-                                               read_unlock(&addrconf_lock);
-                                               goto out;
-                                       }
+                       score.addr_type = __ipv6_addr_type(&ifa->addr);
+
+                       /* Rule 0: Candidate Source Address (section 4)
+                        *  - In any case, anycast addresses, multicast
+                        *    addresses, and the unspecified address MUST
+                        *    NOT be included in a candidate set.
+                        */
+                       if (unlikely(score.addr_type == IPV6_ADDR_ANY ||
+                                    score.addr_type & IPV6_ADDR_MULTICAST)) {
+                               LIMIT_NETDEBUG(KERN_DEBUG
+                                              "ADDRCONF: unspecified / multicast address"
+                                              "assigned as unicast address on %s",
+                                              dev->name);
+                               continue;
+                       }
+
+                       score.attrs = 0;
+                       score.matchlen = 0;
+                       score.scope = 0;
+                       score.rule = 0;
+
+                       if (ifa_result == NULL) {
+                               /* record it if the first available entry */
+                               goto record_it;
+                       }
+
+                       /* Rule 1: Prefer same address */
+                       if (hiscore.rule < 1) {
+                               if (ipv6_addr_equal(&ifa_result->addr, daddr))
+                                       hiscore.attrs |= IPV6_SADDR_SCORE_LOCAL;
+                               hiscore.rule++;
+                       }
+                       if (ipv6_addr_equal(&ifa->addr, daddr)) {
+                               score.attrs |= IPV6_SADDR_SCORE_LOCAL;
+                               if (!(hiscore.attrs & IPV6_SADDR_SCORE_LOCAL)) {
+                                       score.rule = 1;
+                                       goto record_it;
                                }
+                       } else {
+                               if (hiscore.attrs & IPV6_SADDR_SCORE_LOCAL)
+                                       continue;
                        }
-                       read_unlock_bh(&idev->lock);
-               }
-               read_unlock(&addrconf_lock);
-       }
 
-       if (scope == IFA_LINK)
-               goto out;
+                       /* Rule 2: Prefer appropriate scope */
+                       if (hiscore.rule < 2) {
+                               hiscore.scope = __ipv6_addr_src_scope(hiscore.addr_type);
+                               hiscore.rule++;
+                       }
+                       score.scope = __ipv6_addr_src_scope(score.addr_type);
+                       if (hiscore.scope < score.scope) {
+                               if (hiscore.scope < daddr_scope) {
+                                       score.rule = 2;
+                                       goto record_it;
+                               } else
+                                       continue;
+                       } else if (score.scope < hiscore.scope) {
+                               if (score.scope < daddr_scope)
+                                       continue;
+                               else {
+                                       score.rule = 2;
+                                       goto record_it;
+                               }
+                       }
 
-       /*
-        *      dev == NULL or search failed for specified dev
-        */
+                       /* Rule 3: Avoid deprecated address */
+                       if (hiscore.rule < 3) {
+                               if (ipv6_saddr_preferred(hiscore.addr_type) ||
+                                   !(ifa_result->flags & IFA_F_DEPRECATED))
+                                       hiscore.attrs |= IPV6_SADDR_SCORE_PREFERRED;
+                               hiscore.rule++;
+                       }
+                       if (ipv6_saddr_preferred(score.addr_type) ||
+                           !(ifa->flags & IFA_F_DEPRECATED)) {
+                               score.attrs |= IPV6_SADDR_SCORE_PREFERRED;
+                               if (!(hiscore.attrs & IPV6_SADDR_SCORE_PREFERRED)) {
+                                       score.rule = 3;
+                                       goto record_it;
+                               }
+                       } else {
+                               if (hiscore.attrs & IPV6_SADDR_SCORE_PREFERRED)
+                                       continue;
+                       }
 
-       read_lock(&dev_base_lock);
-       read_lock(&addrconf_lock);
-       for (dev = dev_base; dev; dev=dev->next) {
-               idev = __in6_dev_get(dev);
-               if (idev) {
-                       read_lock_bh(&idev->lock);
-                       for (ifp=idev->addr_list; ifp; ifp=ifp->if_next) {
-                               if (ifp->scope == scope) {
-                                       if (ifp->flags&IFA_F_TENTATIVE)
-                                               continue;
-#ifdef CONFIG_IPV6_PRIVACY
-                                       score = ipv6_saddr_pref(ifp, idev->cnf.use_tempaddr > 1 ? IFA_F_TEMPORARY : 0);
-#else
-                                       score = ipv6_saddr_pref(ifp, 0);
-#endif
-                                       if (score <= hiscore)
-                                               continue;
+                       /* Rule 4: Prefer home address -- not implemented yet */
 
-                                       if (match)
-                                               in6_ifa_put(match);
-                                       match = ifp;
-                                       hiscore = score;
-                                       in6_ifa_hold(ifp);
+                       /* Rule 5: Prefer outgoing interface */
+                       if (hiscore.rule < 5) {
+                               if (daddr_dev == NULL ||
+                                   daddr_dev == ifa_result->idev->dev)
+                                       hiscore.attrs |= IPV6_SADDR_SCORE_OIF;
+                               hiscore.rule++;
+                       }
+                       if (daddr_dev == NULL ||
+                           daddr_dev == ifa->idev->dev) {
+                               score.attrs |= IPV6_SADDR_SCORE_OIF;
+                               if (!(hiscore.attrs & IPV6_SADDR_SCORE_OIF)) {
+                                       score.rule = 5;
+                                       goto record_it;
+                               }
+                       } else {
+                               if (hiscore.attrs & IPV6_SADDR_SCORE_OIF)
+                                       continue;
+                       }
 
-                                       if (IPV6_GET_SADDR_MAXSCORE(score)) {
-                                               read_unlock_bh(&idev->lock);
-                                               goto out_unlock_base;
-                                       }
+                       /* Rule 6: Prefer matching label */
+                       if (hiscore.rule < 6) {
+                               if (ipv6_saddr_label(&ifa_result->addr, hiscore.addr_type) == daddr_label)
+                                       hiscore.attrs |= IPV6_SADDR_SCORE_LABEL;
+                               hiscore.rule++;
+                       }
+                       if (ipv6_saddr_label(&ifa->addr, score.addr_type) == daddr_label) {
+                               score.attrs |= IPV6_SADDR_SCORE_LABEL;
+                               if (!(hiscore.attrs & IPV6_SADDR_SCORE_LABEL)) {
+                                       score.rule = 6;
+                                       goto record_it;
                                }
+                       } else {
+                               if (hiscore.attrs & IPV6_SADDR_SCORE_LABEL)
+                                       continue;
                        }
-                       read_unlock_bh(&idev->lock);
+
+                       /* Rule 7: Prefer public address
+                        * Note: prefer temprary address if use_tempaddr >= 2
+                        */
+                       if (hiscore.rule < 7) {
+                               if ((!(ifa_result->flags & IFA_F_TEMPORARY)) ^
+                                   (ifa_result->idev->cnf.use_tempaddr >= 2))
+                                       hiscore.attrs |= IPV6_SADDR_SCORE_PRIVACY;
+                               hiscore.rule++;
+                       }
+                       if ((!(ifa->flags & IFA_F_TEMPORARY)) ^
+                           (ifa->idev->cnf.use_tempaddr >= 2)) {
+                               score.attrs |= IPV6_SADDR_SCORE_PRIVACY;
+                               if (!(hiscore.attrs & IPV6_SADDR_SCORE_PRIVACY)) {
+                                       score.rule = 7;
+                                       goto record_it;
+                               }
+                       } else {
+                               if (hiscore.attrs & IPV6_SADDR_SCORE_PRIVACY)
+                                       continue;
+                       }
+
+                       /* Rule 8: Use longest matching prefix */
+                       if (hiscore.rule < 8)
+                               hiscore.matchlen = ipv6_addr_diff(&ifa_result->addr, daddr);
+                       score.rule++;
+                       score.matchlen = ipv6_addr_diff(&ifa->addr, daddr);
+                       if (score.matchlen > hiscore.matchlen) {
+                               score.rule = 8;
+                               goto record_it;
+                       }
+#if 0
+                       else if (score.matchlen < hiscore.matchlen)
+                               continue;
+#endif
+
+                       /* Final Rule: choose first available one */
+                       continue;
+record_it:
+                       if (ifa_result)
+                               in6_ifa_put(ifa_result);
+                       in6_ifa_hold(ifa);
+                       ifa_result = ifa;
+                       hiscore = score;
                }
+               read_unlock_bh(&idev->lock);
        }
-
-out_unlock_base:
        read_unlock(&addrconf_lock);
        read_unlock(&dev_base_lock);
 
-out:
-       err = -EADDRNOTAVAIL;
-       if (match) {
-               ipv6_addr_copy(saddr, &match->addr);
-               err = 0;
-               in6_ifa_put(match);
-       }
-
-       return err;
+       if (!ifa_result)
+               return -EADDRNOTAVAIL;
+       
+       ipv6_addr_copy(saddr, &ifa_result->addr);
+       in6_ifa_put(ifa_result);
+       return 0;
 }