diff options
| author | Stefan Sperling <stsp@cvs.openbsd.org> | 2012-01-17 02:07:33 +0000 |
|---|---|---|
| committer | Stefan Sperling <stsp@cvs.openbsd.org> | 2012-01-17 02:07:33 +0000 |
| commit | 0e570a4f707567d1c5088f07eea2038c1b4836db (patch) | |
| tree | 725d19bb0e74227f1d574f90f08544ff102616d6 /sys/netinet6 | |
| parent | 05c0f9246182dcfc09b92218170cd4316e2dd0d8 (diff) | |
During IPv6 source address selection, give address scope higher priority
than the autoconfprivacy bit, as per by RFC3484. Prevents privacy addresses
from being erroneously used as source address if the destination address is
in a different scope. Privacy addresses are still preferred over other source
addresses from the same scope.
Problem found by sthen, fix suggested by sperreault; ok sperreault
Diffstat (limited to 'sys/netinet6')
| -rw-r--r-- | sys/netinet6/in6.c | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index cd66d7a54f9..aca6dc4e72c 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6.c,v 1.95 2012/01/03 23:41:51 bluhm Exp $ */ +/* $OpenBSD: in6.c,v 1.96 2012/01/17 02:07:32 stsp Exp $ */ /* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */ /* @@ -2310,22 +2310,6 @@ in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain) IN6_IFF_DEPRECATED) == 0) goto replace; - if (oifp == ifp) { - /* Do not replace temporary autoconf addresses - * with non-temporary addresses. */ - if ((ifa_best->ia6_flags & IN6_IFF_PRIVACY) && - !(((struct in6_ifaddr *)ifa)->ia6_flags & - IN6_IFF_PRIVACY)) - continue; - - /* Replace non-temporary autoconf addresses - * with temporary addresses. */ - if (!(ifa_best->ia6_flags & IN6_IFF_PRIVACY) && - (((struct in6_ifaddr *)ifa)->ia6_flags & - IN6_IFF_PRIVACY)) - goto replace; - } - /* * At this point, we have two cases: * 1. we are looking at a non-deprecated address, @@ -2400,7 +2384,25 @@ in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain) * At last both dscopecmp and bscopecmp must be 0. * We need address matching against dst for * tiebreaking. + * Privacy addresses are preferred over public + * addresses (RFC3484 requires a config knob for + * this which we don't provide). */ + if (oifp == ifp) { + /* Do not replace temporary autoconf addresses + * with non-temporary addresses. */ + if ((ifa_best->ia6_flags & IN6_IFF_PRIVACY) && + !(((struct in6_ifaddr *)ifa)->ia6_flags & + IN6_IFF_PRIVACY)) + continue; + + /* Replace non-temporary autoconf addresses + * with temporary addresses. */ + if (!(ifa_best->ia6_flags & IN6_IFF_PRIVACY) && + (((struct in6_ifaddr *)ifa)->ia6_flags & + IN6_IFF_PRIVACY)) + goto replace; + } tlen = in6_matchlen(IFA_IN6(ifa), dst); matchcmp = tlen - blen; if (matchcmp > 0) /* (8) */ |