[Swan] IPv6: addconn handling of host=%defaultroute, peer=%any case

Frank Schmirler libreswan at schmirler.de
Wed Jun 24 12:55:39 EEST 2015


Hi,

I noticed that addconn is not able to resolve the IPv6 address for
host=%defaultroute when peer is set to %any. And indeed this is not an easy
task, because:

1) nexthop is often a link-local address. Asking netlink about the route to a
link-local address will return the host's link-local address as src.
Definitely not what we are looking for.
2) IPv6 source address selection is specified in RFC6724 section 5. It is
based on the actual destination address. So it's not very surprising that
netlink will not show src addresses for a route when dumping the whole routing
table.

I attached a proof-of-concept patch for addconn to serve as a basis for
discussion. It does two things:

1) ignore nexthop if it is a link-local address
2) as a last resort, use an arbitrary global unicast address (here: 2000::) as
destination to get the local src address.

Using an arbitrary address is probably a bad solution, but the only one I
could thing of. Any ideas (except for using static addresses of course)?

In case a DNS name has been given as peer address, addconn could try to
resolve it. Are there any reasons why this should not be done?

I appreciate your comments,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: addconn-ipv6_any.diff
Type: text/x-patch
Size: 1424 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150624/9cae9740/attachment.bin>


More information about the Swan mailing list