kernel-netlink: Install virtual IPv6 addresses as deprecated

This should prevent the kernel's IPv6 source address selection algorithm
from using this address unless it is forced to by our source route.
This is helpful if split tunneling is used.

Fixes #598.

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index bb19418684caa8cddf0c108340fe29ec6cbb986c..650a655341f67cc80cb29763b013ad0dd3a5f14f 100644 (file)
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1868,6 +1868,17 @@ static status_t manage_ipaddr(private_kernel_netlink_net_t *this, int nlmsg_type
 
        netlink_add_attribute(hdr, IFA_LOCAL, chunk, sizeof(request));
 
+       if (ip->get_family(ip) == AF_INET6 && this->rta_prefsrc_for_ipv6)
+       {       /* if source routes are possible we let the virtual IP get deprecated
+                * immediately (but mark it as valid forever) so it gets only used if
+                * forced by our route, and not by the default IPv6 address selection */
+               struct ifa_cacheinfo cache = {
+                       .ifa_valid = 0xFFFFFFFF,
+                       .ifa_prefered = 0,
+               };
+               netlink_add_attribute(hdr, IFA_CACHEINFO, chunk_from_thing(cache),
+                                                         sizeof(request));
+       }
        return this->socket->send_ack(this->socket, hdr);
 }