diff options
| author |   stsp <stsp@openbsd.org> | 2014-10-22 09:48:19 +0000 |
|---|---|---|
| committer | stsp <stsp@openbsd.org> | 2014-10-22 09:48:19 +0000 |
| commit | d35187fbd083648b8e829ce411f7d9ee6d4c8e24 (patch) | |
| tree | 8886270fea5c8d89848793492a2a41259d2b81ad /lib/libcrypto/dsa/dsa_gen.c | |
| parent | URL-decode the request path. (diff) | |
| download | wireguard-openbsd-d35187fbd083648b8e829ce411f7d9ee6d4c8e24.tar.xz wireguard-openbsd-d35187fbd083648b8e829ce411f7d9ee6d4c8e24.zip | |
Introduce a special hack for carp during IPv6 source address selection:
If there is a tie then a carp interface is not allowed to win even if
it has an address with a longer bitwise match. This allows reliable IPv6
communication between carp master and backup across a shared IPv6 subnet.
Consider the carp address 2001:DB8:10::14, which is configured on firewall A
(in carp master state) and firewall B (in carp backup state), each of which
has another address in the same prefix on a non-carp interface (A has
2001:DB8:10::1 and B has 2001:DB8:10::11). In this setup, A would use
2001:DB8:10::14 as source address when sending neighbour solicitations to B.
Since 2001:DB8:10::14 is a local address from B's point of view, B never
replied to the neighbour solicitations sent by A.
With this change A uses 2001:DB8:10::1 as source address instead.
ok mpi@
Diffstat (limited to 'lib/libcrypto/dsa/dsa_gen.c')
0 files changed, 0 insertions, 0 deletions