[PATCH] IPv6: Fix broken anycast usage

[PATCH] IPv6: Fix broken anycast usage

[Mika Liljeberg]

[-- Attachment #1: Type: text/plain, Size: 1370 bytes --]

This is against 2.5.75.

The patch fixes several places where anycast addresses should be treated
equivalently with unicast addresses. In particular, this includes
tunnels and routes pointing to anycast addresses.

I modified ipv6_addr_type() to return IPV6_ADDR_UNICAST also for anycast
addresses. IPV6_ADDR_ANYCAST is now added as an additional flag when the
address is one of the known anycast addresses.

I looked very hard at neighbor discovery and didn't see anything that
needs to be changed, but you might want to have a second look. One small
difference is that ND will now also try respond to neighbor
solicitations coming from known anycast addresses (very unlikely). IMHO,
this doesn't need to be policed. In general, there is no reliable way to
check if a remote address is anycast, anyway. From RFC2461:

                 Note that an anycast address is syntactically
                 indistinguishable from a unicast address.  Thus, nodes
                 sending packets to anycast addresses don't generally
                 know that an anycast address is being used.  Throughout
                 the rest of this document, references to unicast
                 addresses also apply to anycast addresses in those
                 cases where the node is unaware that a unicast address
                 is actually an anycast address.

Thanks,

	MikaL


[-- Attachment #2: 2.5.75-anycast.udiff --]
[-- Type: text/x-patch, Size: 799 bytes --]

diff -ur orig/linux-2.5.75/net/ipv6/addrconf.c linux-2.5.75/net/ipv6/addrconf.c
--- orig/linux-2.5.75/net/ipv6/addrconf.c	2003-07-10 23:14:49.000000000 +0300
+++ linux-2.5.75/net/ipv6/addrconf.c	2003-07-12 10:01:57.000000000 +0300
@@ -208,16 +208,15 @@
 				break;
 		};
 		return type;
-	}
+	} else
+		type = IPV6_ADDR_UNICAST;
+
 	/* check for reserved anycast addresses */
-	
 	if ((st & htonl(0xE0000000)) &&
 	    ((addr->s6_addr32[2] == htonl(0xFDFFFFFF) &&
 	    (addr->s6_addr32[3] | htonl(0x7F)) == (u32)~0) ||
 	    (addr->s6_addr32[2] == 0 && addr->s6_addr32[3] == 0)))
-		type = IPV6_ADDR_ANYCAST;
-	else
-		type = IPV6_ADDR_UNICAST;
+		type |= IPV6_ADDR_ANYCAST;
 
 	/* Consider all addresses with the first three bits different of
 	   000 and 111 as finished.

Re: [PATCH] IPv6: Fix broken anycast usage

[kuznet]

Hello!

> this doesn't need to be policed. In general, there is no reliable way to
> check if a remote address is anycast, anyway. From RFC2461:
> 
>                  Note that an anycast address is syntactically
>                  indistinguishable from a unicast address.

This is right. (Well, except for the fact that reserved anycasts
are very well syntactically distinguished. :-)) But this does not matter,
the patch is correct, ANYCAST is an additional attribute on unicast
addresses and it should be checked only in contexts where _this_ host
is a member of this anycast.

BTW it is an addendum to my previous mail. You were right complaining
about EINVAL for anycast nexthop. However:

Nexthop address is unique identifier of nexthop router. We do not enforce
this policy (see comments in route.c), hence it is bug to reject such routes
and you are right, but this does not make your example more reasonable.
Any non-unicast non-linklocal address used as nexthop is bad idea,
this policy is not enforced to allow use of global nexthops on BGP routers,
where it is convenient to use global addresses for nexthop resolution and
where it is legal because they are not expected to receive redirects
This is legal in your case of PtP link too, however, this is still nasty.

Alexey