diff options
Diffstat (limited to 'static/netbsd/man9/in_getifa.9')
| -rw-r--r-- | static/netbsd/man9/in_getifa.9 | 244 |
1 files changed, 244 insertions, 0 deletions
diff --git a/static/netbsd/man9/in_getifa.9 b/static/netbsd/man9/in_getifa.9 new file mode 100644 index 00000000..477e4b02 --- /dev/null +++ b/static/netbsd/man9/in_getifa.9 @@ -0,0 +1,244 @@ +.\" $NetBSD: in_getifa.9,v 1.11 2020/01/21 07:53:51 wiz Exp $ +.\" +.\" Copyright (c) 2006 David Young. All rights reserved. +.\" +.\" This code was written by David Young. +.\" +.\" Redistribution and use in source and binary forms, with or +.\" without modification, are permitted provided that the following +.\" conditions are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above +.\" copyright notice, this list of conditions and the following +.\" disclaimer in the documentation and/or other materials provided +.\" with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY +.\" EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +.\" THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +.\" PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID +.\" YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +.\" TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY +.\" OF SUCH DAMAGE. +.\" +.Dd February 22, 2007 +.Dt IN_GETIFA 9 +.Os +.Sh NAME +.Nm in_getifa +.Nd Look up the IPv4 source address best matching an IPv4 destination +.Sh SYNOPSIS +.Cd options IPSELSRC +.In netinet/in_selsrc.h +.Ft struct ifaddr * +.Fn in_getifa "struct ifaddr *ifa" "const struct sockaddr *dst0" +.Sh DESCRIPTION +.Nm +enforces the IPv4 source-address selection policy. +Add the source-address selection policy mechanism to your kernel with +.Cd options IPSELSRC . +.Cd options IPSELSRC +lets the operator set the policy for choosing the source address +of any socket bound to the +.Dq wildcard +address, +.Dv INADDR_ANY . +Note that the policy is applied +.Em after +the kernel makes its forwarding decision, thereby choosing the +output interface; +in other words, this mechanism does not affect whether or not +.Nx +is a +.Dq strong ES . +.Pp +An operator affects the source-address selection using +.Xr sysctl 8 +and +.Xr ifconfig 8 . +Operators set policies with +.Xr sysctl 8 . +Some policies consider the +.Dq preference number +of an address. +An operator may set preference numbers for each address with +.Xr ifconfig 8 . +.Pp +A source-address policy is a priority-ordered list of source-address +ranking functions. +A ranking function maps its arguments, +.Po +.Em source address , +.Em source index , +.Em source preference , +.Em destination address +.Pc , +to integers. +The +.Em source index +is the position of +.Em source address +in the interface address list; the index of the first address is 0. +The +.Em source preference +is the preference number the operator assigned +to +.Em source address . +The +.Em destination address +is the socket peer / packet destination. +.Pp +Presently, there are four ranking functions to choose from: +.Bl -tag -width "common-prefix-len" +.It index +ranks by +.Em source index ; +lower indices are ranked more highly. +.It preference +ranks by +.Em source preference ; +higher preference numbers are ranked more highly. +.It common-prefix-len +ranks each +.Em source address +by the length of the longest prefix it has in common with +.Em destination address ; +longer common prefixes rank more highly. +.It same-category +determines the "categories" of +.Em source +and +.Em destination address . +A category is one of +.Em private , +.Em link-local , +or +.Em other . +If the categories exactly match, same-category assigns a rank of 2. +Some sources are ranked 1 by category: +a +.Em link-local +source with a +.Em private +destination, a +.Em private +source with a +.Em link-local +destination, and a +.Em private +source with an +.Em other +destination rank 1. +All other sources rank 0. +.Pp +Categories are defined as follows. +.Bl -tag -width "link-local" +.It private +RFC1918 networks, 192.168/16, 172.16/12, and 10/8 +.It link-local +169.254/16, 224/24 +.It other +all other networks---i.e., not private, not link-local +.El +.El +.Pp +To apply a policy, the kernel applies all ranking functions in the policy +to every source address, producing a vector of ranks for each source. +The kernel sorts the sources in descending, lexicographical order by their +rank-vector, and chooses the highest-ranking (first) source. +The kernel breaks ties by choosing the source with the least +.Em source index . +.Pp +The operator may set a policy on individual interfaces. +The operator may also set a global policy that applies to all +interfaces whose policy they do not set individually. +.Pp +Here is the sysctl tree for the policy at system startup: +.Bd -literal -offset indent +net.inet.ip.selectsrc.default = index +net.inet.ip.interfaces.ath0.selectsrc = +net.inet.ip.interfaces.sip0.selectsrc = +net.inet.ip.interfaces.sip1.selectsrc = +net.inet.ip.interfaces.lo0.selectsrc = +net.inet.ip.interfaces.pflog0.selectsrc = +.Ed +.Pp +The policy on every interface is the +.Dq empty +policy, so the default policy applies. +The default policy, +.Em index , +is the +.Dq historical +policy in +.Nx . +.Pp +The operator may override the default policy on ath0, +.Bd -literal -offset indent + # sysctl -w net.inet.ip.interfaces.ath0.selectsrc=same-category,common-prefix-len,preference +.Ed +.Pp +yielding this policy: +.Bd -literal -offset indent +net.inet.ip.selectsrc.default = index +net.inet.ip.interfaces.ath0.selectsrc = same-category,common-prefix-len,preference +.Ed +.Pp +The operator may set a new default, +.Bd -literal -offset indent +# sysctl -w net.inet.ip.selectsrc.debug=\ +> same-category,common-prefix-len,preference +# sysctl -w net.inet.ip.interfaces.ath0.selectsrc= +.Ed +.Pp +yielding this policy: +.Bd -literal -offset indent +net.inet.ip.selectsrc.default = same-category,common-prefix-len,preference +net.inet.ip.interfaces.ath0.selectsrc = +.Ed +.Pp +In a number of applications, the policy above will usually pick +suitable source addresses if ath0 is configured in this way: +.Bd -literal -offset indent +# ifconfig ath0 inet 64.198.255.1/24 +# ifconfig ath0 inet 10.0.0.1/24 +# ifconfig ath0 inet 169.254.1.1/24 +# ifconfig ath0 inet 192.168.49.1/24 preference 5 +# ifconfig ath0 inet 192.168.37.1/24 preference 9 +.Ed +A sysctl, net.inet.ip.selectsrc.debug, turns on and off debug messages +concerned with source selection. +You may set it to 0 (no messages) or 1. +.Sh SEE ALSO +.Xr ifconfig 8 , +.Xr sysctl 8 +.Sh STANDARDS +The family of IPv6 source-address selection policies defined by +.Li RFC3484 +resembles the family of IPv4 policies that +.Nm +enforces. +.Sh AUTHORS +.An David Young Aq Mt dyoung@NetBSD.org +.Sh BUGS +With +.Cd options IPSELSRC , +a new interface +.Xr ioctl 2 , +.Dv SIOCSIFADDRPREF , +was introduced. +It ought to be documented in +.Xr inet 4 . +Also, +.Xr options 4 +ought to cross-reference this manual page. +.Pp +This work should be used to set IPv6 source-address selection +policies, especially the family of policies defined by +.Li RFC3484 . |