2

在 Linux 中为传出流量选择 IPv6 源地址的上下文中:

我在接口上有一些 IPv6 地址。我希望内核选择其中一个作为源 IPv6 地址。我不希望内核选择我将要发送的这个地址作为传出数据包的源地址。

更具体地说,在这个片段中,当 dontUseAsSourceAddressForOutgoingPkts 为真时,我希望内核选择该接口上已经存在的任何其他 IPv6 地址。什么标志会产生这种效果?如果我为 IPv6 寻址使用了错误的 ifaddrmsg 结构,我应该使用哪一个?

包含更多上下文的片段:

int
NetLnkSock::IpAdd(const std::string &ifname,
                  const IpAddr &ipaddr,
                  int prefixlen,
                  bool dontUseAsSourceAddressForOutgoingPkts)
    ifreq ifr;
    nlmsghdr *nlh;
    ifaddrmsg *ifa;
    nlmsgerr *nlerr;
    static uint32_t msg_seq = 0;
    NlSock nlsock;
    LogDev::Ostream logostr;

    nlsock.bind();
    memset(&ifr, 0, sizeof(ifr));

    if (ifname.size() > IFNAMSIZ)
        throw NetLnkNameErr();

    copy(ifname.begin(), ifname.end(), ifr.ifr_name);
    ifr.ifr_name[ifname.end() - ifname.begin()] = '\0';

    nlh = (nlmsghdr *)rcvbuf;

    nlh->nlmsg_len = sizeof(nlmsghdr);

    nlh->nlmsg_type = RTM_NEWADDR;
    nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;

    nlh->nlmsg_seq = ++msg_seq;
    nlh->nlmsg_pid = 0;

    ifa = (ifaddrmsg *)&nlh[1];
    ifa->ifa_family = (ipaddr.is_v4()) ? AF_INET : AF_INET6;
    ifa->ifa_prefixlen = prefixlen;
    /*
     * My question is about the behavior of the kernel
     * vis a vis source address selection for outgoing traffic
     * where there are multiple IP's on this interface.
     * How do the flags below impact the kernel's choice
     * for source address selection?
     */
    ifa->ifa_flags = 
    (dontUseAsSourceAddressForOutgoingPkts && ipaddr.is_v6()) ?
        (IFA_F_SECONDARY | IFA_F_DEPRECATED) : 0;
    /*
     * I would like for the kernel to select any other IPv6
     * address already on this interface when
     * dontUseAsSourceAddressForOutgoingPkts is true.
     * Will these flags yield that effect?
     */
    ifa->ifa_scope = RT_SCOPE_UNIVERSE;
    ifa->ifa_index = ifr.ifr_ifindex;
    nlh->nlmsg_len += sizeof(ifaddrmsg);
    if (ipaddr.is_v4()) {
        IpAddr ip4_bcast;
        char *buf = rcvbuf + nlh->nlmsg_len;

        ip4_bcast.create_netmask(prefixlen, ipaddr);
        ip4_bcast.from_v4(~ip4_bcast.get_v4() | ipaddr.get_v4());

        nlh->nlmsg_len += NLMSG_ALIGN(setRtAttr(buf, IFA_LOCAL,
                                  &ipaddr.get_v4(), sizeof(in_addr_t)));

        /*
         * Always send the netmask and broadcast even on delete.
         * Linux seems to ignore the prefixlen set in the original
         * message and simply matches by ip address on deletes.
         */
        buf = rcvbuf + nlh->nlmsg_len;
        nlh->nlmsg_len += NLMSG_ALIGN(setRtAttr(buf, IFA_ADDRESS,
                                  &ipaddr.get_v4(), sizeof(in_addr_t)));

        buf = rcvbuf + nlh->nlmsg_len;
        nlh->nlmsg_len += NLMSG_ALIGN(setRtAttr(buf, IFA_BROADCAST,
                                  &ip4_bcast.get_v4(), sizeof(in_addr_t)));


    } else { /* AF_INET6 */
        char *buf = rcvbuf + nlh->nlmsg_len;

        buf = rcvbuf + nlh->nlmsg_len;
        if (ipaddr.domain() != RD_DEFAULT_ID) {       // Hal doesn't support route domains
            throw NetLnkIpAddrErr();
        }
        nlh->nlmsg_len += NLMSG_ALIGN(setRtAttr(buf, IFA_LOCAL,
                                      &ipaddr.get_v6(), sizeof(in6_addr)));
        buf = rcvbuf + nlh->nlmsg_len;
        nlh->nlmsg_len += NLMSG_ALIGN(setRtAttr(buf, IFA_ADDRESS,
                                      &ipaddr.get_v6(), sizeof(in6_addr)));

    }
    nlsock.sendNlReq(rcvbuf);
}
4

2 回答 2

2

RFC 3484规定:

  1. 源地址选择

    <...>

    规则 3:避免弃用地址。地址 SA 和 SB 具有相同的范围。如果两个源地址之一是“首选”而其中一个是“不推荐”(在 RFC 2462 意义上),那么首选“首选”那个。

    <...>

rtnetlink(7) 手册页简要提到了一个名为 ifa_cacheinfo 的结构。

此结构包含两个显着导入标志:ifa_valid 和 ifa_prefered。 要将 IPv6 地址标记为已弃用,请将其 prefered_lft 设置为零。此外,似乎习惯也将 valid_lft 设置为 0xffffffff(永远)以强调此 IPv6 地址的明确弃用性质。

/* 
 * You have just put a new IPv6 address on the kernel with
 * net link. You don't want it chosen as the source address
 * of packets leaving this interface if there's at least one
 * other IPv6 address already on this interface.
 *
 * Mark this IPv6 address as Deprecated on this interface,
 * Causing LINUX not to choose it for source address of
 * packets outgoing from this interface when there exists
 * another, non-deprecated IPv6 address on this interface
 */
struct ifa_cacheinfo ci;
// This address is valid forever
ci.ifa_valid = 0xffffffff;
// A prefered ttl of 0 immediately deprecates this IPv6
ci.ifa_preferred = 0;
// <Send this cacheinfo to the kernel using net link>
于 2018-05-01T18:52:44.933 回答
0

rtnetlink(7)手册页只是说:

ifa_flagsIFA_F_SECONDARY用于辅助地址(旧别名接口)的标志字,用于IFA_F_PERMANENT用户设置的永久地址和其他未记录的标志。

事实上,内核源代码似乎没有记录它们:

/* ifa_flags */
#define IFA_F_SECONDARY      0x01
#define IFA_F_TEMPORARY      IFA_F_SECONDARY

#define IFA_F_NODAD          0x02
#define IFA_F_OPTIMISTIC     0x04
#define IFA_F_DADFAILED      0x08
#define IFA_F_HOMEADDRESS    0x10
#define IFA_F_DEPRECATED     0x20
#define IFA_F_TENTATIVE      0x40
#define IFA_F_PERMANENT      0x80
#define IFA_F_MANAGETEMPADDR 0x100
#define IFA_F_NOPREFIXROUTE  0x200
#define IFA_F_MCAUTOJOIN     0x400
#define IFA_F_STABLE_PRIVACY 0x800

然而,RFC 3549“Linux Netlink as an IP Services Protocol”澄清了更多:

   Flags: 8 bits
   IFA_F_SECONDARY  For secondary address (alias interface).
   IFA_F_PERMANENT  For a permanent address set by the user.
                    When this is not set, it means the address
                    was dynamically created (e.g., by stateless
                    autoconfiguration).
   IFA_F_DEPRECATED Defines deprecated (IPV4) address.
   IFA_F_TENTATIVE  Defines tentative (IPV4) address (duplicate
                    address detection is still in progress).

所以看起来这两个标志是不相关的:一个将接口地址标记为次要(临时);而另一个定义了 IPv4 地址(“已弃用”)。

如果您需要确切了解每个标志的含义,您可以查看源代码中该符号的引用,例如 atIFA_F_SECONDARYIFA_F_DEPRECATED

于 2018-04-26T21:40:01.540 回答