[PATCH 2/2] [IPV6]: Fix source address selection for ORCHID addresses
Skip the prefix length matching in source address selection for
orchid -> non-orchid addresses.
Overlay Routable Cryptographic Hash IDentifiers (RFC 4843,
2001:10::/28) are currenty not globally reachable. Without this
check a host with an ORCHID address can end up preferring those over
regular addresses when talking to other regular hosts in the 2001::/16
range thus breaking non-orchid connections.
Signed-off-by: Juha-Matti Tapio <[EMAIL PROTECTED]>
---
include/net/ipv6.h | 10 ++
net/ipv6/addrconf.c |5 +
2 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index c0c019f..67e024a 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -384,6 +384,16 @@ static inline int ipv6_addr_v4mapped(const struct in6_addr
*a)
}
/*
+ * Check for a RFC 4843 ORCHID address
+ * (Overlay Routable Cryptographic Hash Identifiers)
+ */
+static inline int ipv6_addr_orchid(const struct in6_addr *a)
+{
+ return ((a->s6_addr32[0] & htonl(0xfff0))
+ == htonl(0x20010010));
+}
+
+/*
* find the first different bit between two addresses
* length of address must be a multiple of 32bits
*/
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index e40213d..2474d20 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1125,6 +1125,11 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
if (hiscore.rule < 7)
hiscore.rule++;
#endif
+
+ /* Skip rule 8 for orchid -> non-orchid address pairs.
*/
+ if (ipv6_addr_orchid(&ifa->addr) &&
!ipv6_addr_orchid(daddr))
+ continue;
+
/* Rule 8: Use longest matching prefix */
if (hiscore.rule < 8) {
hiscore.matchlen =
ipv6_addr_diff(&ifa_result->addr, daddr);
--
1.5.3.8
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/2] [IPV6]: Add ORCHID prefix to address label table
Add a new label for Overlay Routable Cryptographic Hash Identifiers
(RFC 4843) prefix 2001:10::/28 to help proper source address
selection.
ORCHID addresses are used by for example Host Identity Protocol. They are
global and routable, but they currently need support from both endpoints
and therefore mixing regular and ORCHID addresses for source and
destination is a bad idea in general case.
Signed-off-by: Juha-Matti Tapio <[EMAIL PROTECTED]>
---
net/ipv6/addrlabel.c |5 +
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index a3c5a72..3a8b3f5 100644
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -58,6 +58,7 @@ static struct ip6addrlbl_table
* :::0:0/96 V4MAPPED4
* fc00::/7N/A 5 ULA (RFC 4193)
* 2001::/32 N/A 6 Teredo (RFC 4380)
+ * 2001:10::/28N/A 7 ORCHID (RFC
4843)
*
* Note: 0x is used if we do not have any policies.
*/
@@ -85,6 +86,10 @@ static const __initdata struct ip6addrlbl_init_table
.prefix = &(struct in6_addr){{{ 0x20, 0x01 }}},
.prefixlen = 32,
.label = 6,
+ },{ /* 2001:10::/28 */
+ .prefix = &(struct in6_addr){{{ 0x20, 0x01, 0x00, 0x10 }}},
+ .prefixlen = 28,
+ .label = 7,
},{ /* :::0:0 */
.prefix = &(struct in6_addr){{{ [10] = 0xff, [11] = 0xff }}},
.prefixlen = 96,
--
1.5.3.8
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] IPv6 address autoconfiguration does not work after device down/up cycle
On Wed, Feb 08, 2006 at 05:17:24PM +0200, Kristian Slavov wrote: > During NETDEV_DOWN we clear IF_READY, and we don't set it back in > NETDEV_UP. While starting to perform DAD on the link-local address, we > notice that the device is not in IF_READY, and we abort autoconfiguration > process (which would eventually send router solicitations). > The following patch seems to get the work done. Patch is against 2.6.15.3. Ack. This fixes the problems with sungem that I reported a few days ago. Thank you. signature.asc Description: Digital signature
Multicast trouble with Sun GEM in iBook
I have problems with receiving multicast on iBook's Sun GEM. 0002:20:0f.0 Ethernet controller: Apple Computer Inc. UniNorth 2 GMAC (Sun GEM) (rev 80) When I bring the interface up, it does not at first receive IPv6 multicast (waiting for a while does not help) which means that it does not process router advertisements or respond to pings to ff02::1. If I unplug the network (without taking the interface down) and plug it back in, the interface starts working after a second or so and router advertisements are applied normally. For example before the unplugging/replugging: $ ping6 -I eth0 ip6-allnodes connect: Cannot assign requested address And after: $ ping6 -I eth0 ip6-allnodes PING ip6-allnodes(ip6-allnodes) from fe80::20d:93ff:fe75:fb9c eth0: 56 data bytes 64 bytes from fe80::20d:93ff:fe75:fb9c: icmp_seq=1 ttl=64 time=0.090 ms ... This is what the kernel reports: eth0: Link is up at 100 Mbps, full-duplex. eth0: Pause is disabled eth0: Link down eth0: Link is up at 100 Mbps, full-duplex. eth0: Pause is disabled ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready I'm using kernel 2.6.15.1. Any suggestions on how to further debug this? signature.asc Description: Digital signature
