1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
|
.\" $NetBSD: in_getifa.9,v 1.11 2020/01/21 07:53:51 wiz Exp $
.\"
.\" Copyright (c) 2006 David Young. All rights reserved.
.\"
.\" This code was written by David Young.
.\"
.\" Redistribution and use in source and binary forms, with or
.\" without modification, are permitted provided that the following
.\" conditions are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above
.\" copyright notice, this list of conditions and the following
.\" disclaimer in the documentation and/or other materials provided
.\" with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY
.\" EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
.\" THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
.\" PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID
.\" YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
.\" TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
.\" OF SUCH DAMAGE.
.\"
.Dd February 22, 2007
.Dt IN_GETIFA 9
.Os
.Sh NAME
.Nm in_getifa
.Nd Look up the IPv4 source address best matching an IPv4 destination
.Sh SYNOPSIS
.Cd options IPSELSRC
.In netinet/in_selsrc.h
.Ft struct ifaddr *
.Fn in_getifa "struct ifaddr *ifa" "const struct sockaddr *dst0"
.Sh DESCRIPTION
.Nm
enforces the IPv4 source-address selection policy.
Add the source-address selection policy mechanism to your kernel with
.Cd options IPSELSRC .
.Cd options IPSELSRC
lets the operator set the policy for choosing the source address
of any socket bound to the
.Dq wildcard
address,
.Dv INADDR_ANY .
Note that the policy is applied
.Em after
the kernel makes its forwarding decision, thereby choosing the
output interface;
in other words, this mechanism does not affect whether or not
.Nx
is a
.Dq strong ES .
.Pp
An operator affects the source-address selection using
.Xr sysctl 8
and
.Xr ifconfig 8 .
Operators set policies with
.Xr sysctl 8 .
Some policies consider the
.Dq preference number
of an address.
An operator may set preference numbers for each address with
.Xr ifconfig 8 .
.Pp
A source-address policy is a priority-ordered list of source-address
ranking functions.
A ranking function maps its arguments,
.Po
.Em source address ,
.Em source index ,
.Em source preference ,
.Em destination address
.Pc ,
to integers.
The
.Em source index
is the position of
.Em source address
in the interface address list; the index of the first address is 0.
The
.Em source preference
is the preference number the operator assigned
to
.Em source address .
The
.Em destination address
is the socket peer / packet destination.
.Pp
Presently, there are four ranking functions to choose from:
.Bl -tag -width "common-prefix-len"
.It index
ranks by
.Em source index ;
lower indices are ranked more highly.
.It preference
ranks by
.Em source preference ;
higher preference numbers are ranked more highly.
.It common-prefix-len
ranks each
.Em source address
by the length of the longest prefix it has in common with
.Em destination address ;
longer common prefixes rank more highly.
.It same-category
determines the "categories" of
.Em source
and
.Em destination address .
A category is one of
.Em private ,
.Em link-local ,
or
.Em other .
If the categories exactly match, same-category assigns a rank of 2.
Some sources are ranked 1 by category:
a
.Em link-local
source with a
.Em private
destination, a
.Em private
source with a
.Em link-local
destination, and a
.Em private
source with an
.Em other
destination rank 1.
All other sources rank 0.
.Pp
Categories are defined as follows.
.Bl -tag -width "link-local"
.It private
RFC1918 networks, 192.168/16, 172.16/12, and 10/8
.It link-local
169.254/16, 224/24
.It other
all other networks---i.e., not private, not link-local
.El
.El
.Pp
To apply a policy, the kernel applies all ranking functions in the policy
to every source address, producing a vector of ranks for each source.
The kernel sorts the sources in descending, lexicographical order by their
rank-vector, and chooses the highest-ranking (first) source.
The kernel breaks ties by choosing the source with the least
.Em source index .
.Pp
The operator may set a policy on individual interfaces.
The operator may also set a global policy that applies to all
interfaces whose policy they do not set individually.
.Pp
Here is the sysctl tree for the policy at system startup:
.Bd -literal -offset indent
net.inet.ip.selectsrc.default = index
net.inet.ip.interfaces.ath0.selectsrc =
net.inet.ip.interfaces.sip0.selectsrc =
net.inet.ip.interfaces.sip1.selectsrc =
net.inet.ip.interfaces.lo0.selectsrc =
net.inet.ip.interfaces.pflog0.selectsrc =
.Ed
.Pp
The policy on every interface is the
.Dq empty
policy, so the default policy applies.
The default policy,
.Em index ,
is the
.Dq historical
policy in
.Nx .
.Pp
The operator may override the default policy on ath0,
.Bd -literal -offset indent
# sysctl -w net.inet.ip.interfaces.ath0.selectsrc=same-category,common-prefix-len,preference
.Ed
.Pp
yielding this policy:
.Bd -literal -offset indent
net.inet.ip.selectsrc.default = index
net.inet.ip.interfaces.ath0.selectsrc = same-category,common-prefix-len,preference
.Ed
.Pp
The operator may set a new default,
.Bd -literal -offset indent
# sysctl -w net.inet.ip.selectsrc.debug=\
> same-category,common-prefix-len,preference
# sysctl -w net.inet.ip.interfaces.ath0.selectsrc=
.Ed
.Pp
yielding this policy:
.Bd -literal -offset indent
net.inet.ip.selectsrc.default = same-category,common-prefix-len,preference
net.inet.ip.interfaces.ath0.selectsrc =
.Ed
.Pp
In a number of applications, the policy above will usually pick
suitable source addresses if ath0 is configured in this way:
.Bd -literal -offset indent
# ifconfig ath0 inet 64.198.255.1/24
# ifconfig ath0 inet 10.0.0.1/24
# ifconfig ath0 inet 169.254.1.1/24
# ifconfig ath0 inet 192.168.49.1/24 preference 5
# ifconfig ath0 inet 192.168.37.1/24 preference 9
.Ed
A sysctl, net.inet.ip.selectsrc.debug, turns on and off debug messages
concerned with source selection.
You may set it to 0 (no messages) or 1.
.Sh SEE ALSO
.Xr ifconfig 8 ,
.Xr sysctl 8
.Sh STANDARDS
The family of IPv6 source-address selection policies defined by
.Li RFC3484
resembles the family of IPv4 policies that
.Nm
enforces.
.Sh AUTHORS
.An David Young Aq Mt dyoung@NetBSD.org
.Sh BUGS
With
.Cd options IPSELSRC ,
a new interface
.Xr ioctl 2 ,
.Dv SIOCSIFADDRPREF ,
was introduced.
It ought to be documented in
.Xr inet 4 .
Also,
.Xr options 4
ought to cross-reference this manual page.
.Pp
This work should be used to set IPv6 source-address selection
policies, especially the family of policies defined by
.Li RFC3484 .
|
