Make sure that IPv6 source address selection only chooses a CARP

address if the interface is in master state.  Disable duplicate
address detection on CARP interfaces as the peer may have the same
addresses.
Test and OK sthen@ florian@ benno@ camield@

2 files changed, 33 insertions, 2 deletions

diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 5f2db796f6b..f15a6eff202 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6.c,v 1.101 2012/11/30 13:48:12 stsp Exp $	*/
+/*	$OpenBSD: in6.c,v 1.102 2013/03/03 00:35:13 bluhm Exp $	*/
 /*	$KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $	*/
 
 /*
@@ -97,6 +97,9 @@
 #include <netinet6/ip6_mroute.h>
 #endif
 #include <netinet6/in6_ifattach.h>
+#if NCARP > 0
+#include <netinet/ip_carp.h>
+#endif
 
 /* backward compatibility for a while... */
 #define COMPAT_IN6IFIOCTL
@@ -2145,6 +2148,9 @@ in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain)
 	struct ifaddr *ifa;
 	struct ifnet *ifp;
 	struct in6_ifaddr *ifa_best = NULL;
+#if NCARP > 0
+	struct sockaddr_dl *proxydl = NULL;
+#endif
 
 	if (oifp == NULL) {
 		printf("in6_ifawithscope: output interface is not specified\n");
@@ -2159,6 +2165,15 @@ in6_ifawithscope(struct ifnet *oifp, struct in6_addr *dst, u_int rdomain)
 	TAILQ_FOREACH(ifp, &ifnet, if_list) {
 		if (ifp->if_rdomain != rdomain)
 			continue;
+#if NCARP > 0
+		/*
+		 * Never use a carp address of an interface which is not
+		 * the master.
+		 */
+		if (ifp->if_type == IFT_CARP &&
+		    !carp_iamatch6(ifp, NULL, &proxydl))
+			continue;
+#endif
 
 		/*
 		 * We can never take an address that breaks the scope zone
@@ -2435,6 +2450,14 @@ in6if_do_dad(struct ifnet *ifp)
 		 * NS would confuse the DAD procedure.
 		 */
 		return (0);
+#if NCARP > 0
+	case IFT_CARP:
+		/*
+		 * XXX: DAD does not work currently on carp(4)
+		 * so disable it for now.
+		 */
+		return (0);
+#endif
 	default:
 		/*
 		 * Our DAD routine requires the interface up and running.
diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c
index beba12165ef..95b0e107d3d 100644
--- a/sys/netinet6/nd6_nbr.c
+++ b/sys/netinet6/nd6_nbr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: nd6_nbr.c,v 1.63 2012/05/16 09:48:38 mikeb Exp $	*/
+/*	$OpenBSD: nd6_nbr.c,v 1.64 2013/03/03 00:35:14 bluhm Exp $	*/
 /*	$KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $	*/
 
 /*
@@ -561,6 +561,9 @@ nd6_na_input(struct mbuf *m, int off, int icmp6len)
 	struct rtentry *rt;
 	struct sockaddr_dl *sdl;
 	union nd_opts ndopts;
+#if NCARP > 0
+	struct sockaddr_dl *proxydl = NULL;
+#endif
 
 	if (ip6->ip6_hlim != 255) {
 		nd6log((LOG_ERR,
@@ -617,6 +620,11 @@ nd6_na_input(struct mbuf *m, int off, int icmp6len)
 	}
 
 	ifa = &in6ifa_ifpwithaddr(ifp, &taddr6)->ia_ifa;
+#if NCARP > 0
+	if (ifp->if_type == IFT_CARP && ifa &&
+	    !carp_iamatch6(ifp, lladdr, &proxydl))
+		ifa = NULL;
+#endif
 
 	/*
 	 * Target address matches one of my interface address.