Skip to content

Commit

Permalink
8761 IPv6 default policy table needs update for RFC6724
Browse files Browse the repository at this point in the history 
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Jorge Schrauwen <sjorge@blackdot.be>
Approved by: Richard Lowe <richlowe@richlowe.net>
  • Loading branch information
@wiedi @richlowe
wiedi authored and richlowe committed Nov 11, 2017
1 parent 62ba43a commit 81f499d
Show file tree
Hide file tree
Showing 3 changed files with 80 additions and 57 deletions.
10 changes: 6 additions & 4 deletions usr/src/cmd/cmd-inet/etc/ipaddrsel.conf
View file
Expand Up @@ -20,8 +20,6 @@
# CDDL HEADER END
#
#
#ident "%Z%%M% %I% %E% SMI"
#
# Copyright 2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
Expand All @@ -31,6 +29,10 @@
# Prefix Precedence Label
::1/128 50 Loopback
::/0 40 Default
::ffff:0.0.0.0/96 35 IPv4
2002::/16 30 6to4
::/96 20 IPv4_Compatible
::ffff:0.0.0.0/96 10 IPv4
2001::/32 5 Teredo
fc00::/7 3 ULA
::/96 1 IPv4_Compatible
fec0::/10 1 Site_Local
3ffe::/16 1 6bone
91 changes: 46 additions & 45 deletions usr/src/man/man1m/ipaddrsel.1m
View file
@@ -1,9 +1,10 @@
'\" te
.\" Copyright (C) 2006, Sun Microsystems, Inc. All Rights Reserved
.\" Copyright (C) 2017, Sebastian Wiedenroth
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH IPADDRSEL 1M "Feb 6, 2006"
.TH IPADDRSEL 1M "Nov 4, 2017"
.SH NAME
ipaddrsel \- configure IPv6 default address selection
.SH SYNOPSIS
Expand All @@ -23,7 +24,6 @@ ipaddrsel \- configure IPv6 default address selection
.fi

.SH DESCRIPTION
.sp
.LP
Use the \fBipaddrsel\fR utility to configure the IPv6 default address selection
policy table. The policy table is a longest-matching-prefix lookup table that
Expand Down Expand Up @@ -57,7 +57,6 @@ true for packets that are locally generated and for applications that do not
choose a non-zero source address using \fBbind\fR(3SOCKET).
.RE
.SS "The Configuration File"
.sp
.LP
The configuration file that the \fB-f\fR option accepts can contain either
comment lines or policy entries. Comment lines have a '\fB#\fR' character as
Expand Down Expand Up @@ -102,7 +101,6 @@ The file must contain a default policy entry, which is an entry with
\fB::0/0\fR as its \fIprefix\fR and \fIprefix_length\fR. This is to ensure that
all possible addresses match a policy.
.SH OPTIONS
.sp
.LP
The \fBippadrsel\fR utility supports the following options:
.sp
Expand Down Expand Up @@ -151,11 +149,15 @@ The following example is the default policy that is located in
.in +2
.nf
# Prefix Precedence Label
::1/128 50 Loopback
::/96 20 IPv4_Compatible
::ffff:0.0.0.0/96 10 IPv4
2002::/16 30 6to4
::/0 40 Default
::1/128 50 Loopback
::/0 40 Default
::ffff:0.0.0.0/96 35 IPv4
2002::/16 30 6to4
2001::/32 5 Teredo
fc00::/7 3 ULA
::/96 1 IPv4_Compatible
fec0::/10 1 Site_Local
3ffe::/16 1 6bone
.fi
.in -2
.sp
Expand All @@ -175,14 +177,14 @@ demonstrates.
.sp
.in +2
.nf
# Prefix Precedence Label
::1/128 50 Loopback
::/0 40 Default
2002::/16 30 6to4
fec0::/10 27 Site-Local
fe80::/10 23 Link-Local
::/96 20 IPv4_Compatible
::ffff:0.0.0.0/96 10 IPv4
# Prefix Precedence Label
::1/128 50 Loopback
::/0 40 Default
2002::/16 30 6to4
fec0::/10 27 Site-Local
fe80::/10 23 Link-Local
::/96 20 IPv4_Compatible
::ffff:0.0.0.0/96 10 IPv4
.fi
.in -2
.sp
Expand All @@ -192,19 +194,23 @@ fe80::/10 23 Link-Local
.sp
.LP
By default, IPv6 addresses are ordered in front of IPv4 addresses in name
lookups. \fB::ffff:0.0.0.0/96\fR has the lowest precedence in the default
table. In the following example, IPv4 addresses are assigned higher precedence
and are ordered in front of IPv6 destinations:
lookups. \fB::ffff:0.0.0.0/96\fR has the precedence of 35 in the default table.
In the following example, IPv4 addresses are assigned higher precedence and are
ordered in front of IPv6 destinations:

.sp
.in +2
.nf
# Prefix Precedence Label
::1/128 50 Loopback
::/0 40 Default
2002::/16 30 6to4
::/96 20 IPv4_Compatible
::ffff:0.0.0.0/96 60 IPv4
# Prefix Precedence Label
::1/128 50 Loopback
::/0 40 Default
::ffff:0.0.0.0/96 60 IPv4
2002::/16 30 6to4
2001::/32 5 Teredo
fc00::/7 3 ULA
::/96 1 IPv4_Compatible
fec0::/10 1 Site_Local
3ffe::/16 1 6bone
.fi
.in -2
.sp
Expand All @@ -218,25 +224,25 @@ communicating with destinations in a particular network.

.sp
.LP
The following policy table assigns a label of 5 to a particular source address
on the local system, \fB2001:1111:1111::1\fR. The table assigns the same label
to a network, \fB2001:2222:2222::/48\fR. The result of this policy is that the
\fB2001:1111:1111::1\fR source address will only be used when communicating
The following policy table assigns the label "ClientNet" to a particular source
address on the local system, \fB2001:1111:1111::1\fR. The table assigns the same
label to a network, \fB2001:2222:2222::/48\fR. The result of this policy is that
the \fB2001:1111:1111::1\fR source address will only be used when communicating
with destinations contained in the \fB2001:2222:2222::/48\fR network. For this
example, this network is the \fBClientNet\fR, which could represent a
particular client's network.

.sp
.in +2
.nf
# Prefix Precedence Label
::1/128 50 Loopback
2001:1111:1111::1/128 40 ClientNet
2001:2222:2222::/48 40 ClientNet
::/0 40 Default
2002::/16 30 6to4
::/96 20 IPv4_Compatible
::ffff:0.0.0.0/96 10 IPv4
# Prefix Precedence Label
::1/128 50 Loopback
2001:1111:1111::1/128 40 ClientNet
2001:2222:2222::/48 40 ClientNet
::/0 40 Default
2002::/16 30 6to4
::/96 20 IPv4_Compatible
::ffff:0.0.0.0/96 10 IPv4
.fi
.in -2
.sp
Expand All @@ -247,7 +253,6 @@ This example assumes that the local system has one physical interface, and that
all global prefixes are assigned to that physical interface.

.SH EXIT STATUS
.sp
.LP
\fBipaddrsel\fR returns the following exit values:
.sp
Expand All @@ -270,7 +275,6 @@ table is unchanged.
.RE

.SH FILES
.sp
.ne 2
.na
\fB\fB/etc/inet/ipaddrsel.conf\fR\fR
Expand All @@ -282,7 +286,6 @@ started.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp
Expand All @@ -298,19 +301,17 @@ Interface Stability Evolving
.TE

.SH SEE ALSO
.sp
.LP
\fBnscd\fR(1M), \fBinet\fR(3SOCKET), \fBgetaddrinfo\fR(3SOCKET),
\fBipaddrsel.conf\fR(4), \fBattributes\fR(5), \fBinet6\fR(7P)
.SH NOTES
.sp
.LP
The ipnodes cache kept by \fBnscd\fR(1M) contains addresses that are ordered
using the destination address ordering algorithm, which is one of the reasons
why \fBipaddrsel\fR is called before \fBnscd\fR in the boot sequence. If
\fBipaddrsel\fR is used to change the address selection policy after \fBnscd\fR
has started, you should invalidate the \fBnscd\fR ipnodes cache invalidated by
invoking the following command:
has started, you should invalidate the \fBnscd\fR ipnodes cache by invoking the
following command:
.sp
.in +2
.nf
Expand Down
36 changes: 28 additions & 8 deletions usr/src/uts/common/inet/ip/ip6_asp.c
View file
Expand Up @@ -20,6 +20,7 @@
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Copyright 2017 Sebastian Wiedenroth
* Use is subject to license terms.
*/

Expand All @@ -45,13 +46,17 @@
#define IN6ADDR_MASK128_INIT \
{ 0xffffffffU, 0xffffffffU, 0xffffffffU, 0xffffffffU }
#define IN6ADDR_MASK96_INIT { 0xffffffffU, 0xffffffffU, 0xffffffffU, 0 }
#define IN6ADDR_MASK32_INIT { 0xffffffffU, 0, 0, 0 }
#ifdef _BIG_ENDIAN
#define IN6ADDR_MASK16_INIT { 0xffff0000U, 0, 0, 0 }
#define IN6ADDR_MASK10_INIT { 0xffc00000U, 0, 0, 0 }
#define IN6ADDR_MASK7_INIT { 0xfe000000U, 0, 0, 0 }
#else
#define IN6ADDR_MASK16_INIT { 0x0000ffffU, 0, 0, 0 }
#define IN6ADDR_MASK10_INIT { 0x0000c0ffU, 0, 0, 0 }
#define IN6ADDR_MASK7_INIT { 0x000000feU, 0, 0, 0 }
#endif


/*
* This table is ordered such that longest prefix matches are hit first
* (longer prefix lengths first). The last entry must be the "default"
Expand All @@ -61,17 +66,33 @@ static ip6_asp_t default_ip6_asp_table[] = {
{ IN6ADDR_LOOPBACK_INIT, IN6ADDR_MASK128_INIT,
"Loopback", 50 },
{ IN6ADDR_ANY_INIT, IN6ADDR_MASK96_INIT,
"IPv4_Compatible", 20 },
"IPv4_Compatible", 1 },
#ifdef _BIG_ENDIAN
{ { 0, 0, 0x0000ffffU, 0 }, IN6ADDR_MASK96_INIT,
"IPv4", 10 },
"IPv4", 35 },
{ { 0x20010000U, 0, 0, 0 }, IN6ADDR_MASK32_INIT,
"Teredo", 5 },
{ { 0x20020000U, 0, 0, 0 }, IN6ADDR_MASK16_INIT,
"6to4", 30 },
{ { 0x3ffe0000U, 0, 0, 0 }, IN6ADDR_MASK16_INIT,
"6bone", 1 },
{ { 0xfec00000U, 0, 0, 0 }, IN6ADDR_MASK10_INIT,
"Site_Local", 1 },
{ { 0xfc000000U, 0, 0, 0 }, IN6ADDR_MASK7_INIT,
"ULA", 3 },
#else
{ { 0, 0, 0xffff0000U, 0 }, IN6ADDR_MASK96_INIT,
"IPv4", 10 },
"IPv4", 35 },
{ { 0x00000120U, 0, 0, 0 }, IN6ADDR_MASK32_INIT,
"Teredo", 5 },
{ { 0x00000220U, 0, 0, 0 }, IN6ADDR_MASK16_INIT,
"6to4", 30 },
{ { 0x0000fe3fU, 0, 0, 0 }, IN6ADDR_MASK16_INIT,
"6bone", 1 },
{ { 0x0000c0feU, 0, 0, 0 }, IN6ADDR_MASK10_INIT,
"Site_Local", 1 },
{ { 0x000000fcU, 0, 0, 0 }, IN6ADDR_MASK7_INIT,
"ULA", 3 },
#endif
{ IN6ADDR_ANY_INIT, IN6ADDR_ANY_INIT,
"Default", 40 }
Expand Down Expand Up @@ -197,7 +218,7 @@ ip6_asp_table_refrele(ip_stack_t *ipst)
* in for the precedence, the precedence value will be set; a
* pointer to the label will be returned by the function.
*
* Since the table is only anticipated to have five or six entries
* Since the table is only anticipated to have about 10 entries
* total, the lookup algorithm hasn't been optimized to anything
* better than O(n).
*/
Expand Down Expand Up @@ -456,10 +477,9 @@ ip6_asp_copy(ip6_asp_t *src_table, ip6_asp_t *dst_table, uint_t count)
* Sort the entries in descending order of prefix lengths.
*
* Note: this should be a small table. In 99% of cases, we
* expect the table to have 5 entries. In the remaining 1%
* expect the table to have 9 entries. In the remaining 1%
* of cases, we expect the table to have one or two more
* entries. It would be very rare for the table to have
* double-digit entries.
* entries.
*/
src_limit = src_table + count;
dst_limit = dst_table + 1;
Expand Down

0 comments on commit 81f499d

Please sign in to comment.