1.\" $NetBSD: in_getifa.9,v 1.11 2020/01/21 07:53:51 wiz Exp $ 2.\" 3.\" Copyright (c) 2006 David Young. All rights reserved. 4.\" 5.\" This code was written by David Young. 6.\" 7.\" Redistribution and use in source and binary forms, with or 8.\" without modification, are permitted provided that the following 9.\" conditions are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above 13.\" copyright notice, this list of conditions and the following 14.\" disclaimer in the documentation and/or other materials provided 15.\" with the distribution. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY 18.\" EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 19.\" THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 20.\" PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID 21.\" YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 22.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 23.\" TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 25.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 28.\" OF SUCH DAMAGE. 29.\" 30.Dd February 22, 2007 31.Dt IN_GETIFA 9 32.Os 33.Sh NAME 34.Nm in_getifa 35.Nd Look up the IPv4 source address best matching an IPv4 destination 36.Sh SYNOPSIS 37.Cd options IPSELSRC 38.In netinet/in_selsrc.h 39.Ft struct ifaddr * 40.Fn in_getifa "struct ifaddr *ifa" "const struct sockaddr *dst0" 41.Sh DESCRIPTION 42.Nm 43enforces the IPv4 source-address selection policy. 44Add the source-address selection policy mechanism to your kernel with 45.Cd options IPSELSRC . 46.Cd options IPSELSRC 47lets the operator set the policy for choosing the source address 48of any socket bound to the 49.Dq wildcard 50address, 51.Dv INADDR_ANY . 52Note that the policy is applied 53.Em after 54the kernel makes its forwarding decision, thereby choosing the 55output interface; 56in other words, this mechanism does not affect whether or not 57.Nx 58is a 59.Dq strong ES . 60.Pp 61An operator affects the source-address selection using 62.Xr sysctl 8 63and 64.Xr ifconfig 8 . 65Operators set policies with 66.Xr sysctl 8 . 67Some policies consider the 68.Dq preference number 69of an address. 70An operator may set preference numbers for each address with 71.Xr ifconfig 8 . 72.Pp 73A source-address policy is a priority-ordered list of source-address 74ranking functions. 75A ranking function maps its arguments, 76.Po 77.Em source address , 78.Em source index , 79.Em source preference , 80.Em destination address 81.Pc , 82to integers. 83The 84.Em source index 85is the position of 86.Em source address 87in the interface address list; the index of the first address is 0. 88The 89.Em source preference 90is the preference number the operator assigned 91to 92.Em source address . 93The 94.Em destination address 95is the socket peer / packet destination. 96.Pp 97Presently, there are four ranking functions to choose from: 98.Bl -tag -width "common-prefix-len" 99.It index 100ranks by 101.Em source index ; 102lower indices are ranked more highly. 103.It preference 104ranks by 105.Em source preference ; 106higher preference numbers are ranked more highly. 107.It common-prefix-len 108ranks each 109.Em source address 110by the length of the longest prefix it has in common with 111.Em destination address ; 112longer common prefixes rank more highly. 113.It same-category 114determines the "categories" of 115.Em source 116and 117.Em destination address . 118A category is one of 119.Em private , 120.Em link-local , 121or 122.Em other . 123If the categories exactly match, same-category assigns a rank of 2. 124Some sources are ranked 1 by category: 125a 126.Em link-local 127source with a 128.Em private 129destination, a 130.Em private 131source with a 132.Em link-local 133destination, and a 134.Em private 135source with an 136.Em other 137destination rank 1. 138All other sources rank 0. 139.Pp 140Categories are defined as follows. 141.Bl -tag -width "link-local" 142.It private 143RFC1918 networks, 192.168/16, 172.16/12, and 10/8 144.It link-local 145169.254/16, 224/24 146.It other 147all other networks---i.e., not private, not link-local 148.El 149.El 150.Pp 151To apply a policy, the kernel applies all ranking functions in the policy 152to every source address, producing a vector of ranks for each source. 153The kernel sorts the sources in descending, lexicographical order by their 154rank-vector, and chooses the highest-ranking (first) source. 155The kernel breaks ties by choosing the source with the least 156.Em source index . 157.Pp 158The operator may set a policy on individual interfaces. 159The operator may also set a global policy that applies to all 160interfaces whose policy they do not set individually. 161.Pp 162Here is the sysctl tree for the policy at system startup: 163.Bd -literal -offset indent 164net.inet.ip.selectsrc.default = index 165net.inet.ip.interfaces.ath0.selectsrc = 166net.inet.ip.interfaces.sip0.selectsrc = 167net.inet.ip.interfaces.sip1.selectsrc = 168net.inet.ip.interfaces.lo0.selectsrc = 169net.inet.ip.interfaces.pflog0.selectsrc = 170.Ed 171.Pp 172The policy on every interface is the 173.Dq empty 174policy, so the default policy applies. 175The default policy, 176.Em index , 177is the 178.Dq historical 179policy in 180.Nx . 181.Pp 182The operator may override the default policy on ath0, 183.Bd -literal -offset indent 184 # sysctl -w net.inet.ip.interfaces.ath0.selectsrc=same-category,common-prefix-len,preference 185.Ed 186.Pp 187yielding this policy: 188.Bd -literal -offset indent 189net.inet.ip.selectsrc.default = index 190net.inet.ip.interfaces.ath0.selectsrc = same-category,common-prefix-len,preference 191.Ed 192.Pp 193The operator may set a new default, 194.Bd -literal -offset indent 195# sysctl -w net.inet.ip.selectsrc.debug=\ 196> same-category,common-prefix-len,preference 197# sysctl -w net.inet.ip.interfaces.ath0.selectsrc= 198.Ed 199.Pp 200yielding this policy: 201.Bd -literal -offset indent 202net.inet.ip.selectsrc.default = same-category,common-prefix-len,preference 203net.inet.ip.interfaces.ath0.selectsrc = 204.Ed 205.Pp 206In a number of applications, the policy above will usually pick 207suitable source addresses if ath0 is configured in this way: 208.Bd -literal -offset indent 209# ifconfig ath0 inet 64.198.255.1/24 210# ifconfig ath0 inet 10.0.0.1/24 211# ifconfig ath0 inet 169.254.1.1/24 212# ifconfig ath0 inet 192.168.49.1/24 preference 5 213# ifconfig ath0 inet 192.168.37.1/24 preference 9 214.Ed 215A sysctl, net.inet.ip.selectsrc.debug, turns on and off debug messages 216concerned with source selection. 217You may set it to 0 (no messages) or 1. 218.Sh SEE ALSO 219.Xr ifconfig 8 , 220.Xr sysctl 8 221.Sh STANDARDS 222The family of IPv6 source-address selection policies defined by 223.Li RFC3484 224resembles the family of IPv4 policies that 225.Nm 226enforces. 227.Sh AUTHORS 228.An David Young Aq Mt dyoung@NetBSD.org 229.Sh BUGS 230With 231.Cd options IPSELSRC , 232a new interface 233.Xr ioctl 2 , 234.Dv SIOCSIFADDRPREF , 235was introduced. 236It ought to be documented in 237.Xr inet 4 . 238Also, 239.Xr options 4 240ought to cross-reference this manual page. 241.Pp 242This work should be used to set IPv6 source-address selection 243policies, especially the family of policies defined by 244.Li RFC3484 . 245