RFC3484 and ORCHID addresses (fwd)

Pekka Savola Thu, 13 Mar 2008 16:43:24 -0700

FYI,

While we're considering RFC3484 changes, here's one additional 
proposed modification to RFC3484 for Linux with ORCHID (RFC 4843) that 
is worth serious consideration.  (Discussion on the best 
implementation choice(s) and glibc changes is still going on.)


One may debate whether ORCHID addresses should be dealt with the 
policy table or in the spec.

---------- Forwarded message ----------
Date: Thu, 21 Feb 2008 12:08:42 +0200
From: Juha-Matti Tapio <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [PATCH 2/2] [IPV6]: Fix source address selection for ORCHID addresses

Skip the prefix length matching in source address selection for
orchid -> non-orchid addresses.

Overlay Routable Cryptographic Hash IDentifiers (RFC 4843,
2001:10::/28) are currenty not globally reachable. Without this
check a host with an ORCHID address can end up preferring those over
regular addresses when talking to other regular hosts in the 2001::/16
range thus breaking non-orchid connections.

Signed-off-by: Juha-Matti Tapio <[EMAIL PROTECTED]>
---
  include/net/ipv6.h  |   10 ++++++++++
  net/ipv6/addrconf.c |    5 +++++
  2 files changed, 15 insertions(+), 0 deletions(-)

diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index c0c019f..67e024a 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -384,6 +384,16 @@ static inline int ipv6_addr_v4mapped(const struct in6_addr 
*a)
  }

  /*
+ * Check for a RFC 4843 ORCHID address
+ * (Overlay Routable Cryptographic Hash Identifiers)
+ */
+static inline int ipv6_addr_orchid(const struct in6_addr *a)
+{
+       return ((a->s6_addr32[0] & htonl(0xfffffff0))
+               == htonl(0x20010010));
+}
+
+/*
   * find the first different bit between two addresses
   * length of address must be a multiple of 32bits
   */
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index e40213d..2474d20 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1125,6 +1125,11 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
                        if (hiscore.rule < 7)
                                hiscore.rule++;
  #endif
+
+                       /* Skip rule 8 for orchid -> non-orchid address pairs. 
*/
+                       if (ipv6_addr_orchid(&ifa->addr) && 
!ipv6_addr_orchid(daddr))
+                               continue;
+
                        /* Rule 8: Use longest matching prefix */
                        if (hiscore.rule < 8) {
                                hiscore.matchlen = 
ipv6_addr_diff(&ifa_result->addr, daddr);
--
1.5.3.8

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

RFC3484 and ORCHID addresses (fwd)

Reply via email to