From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 4 Oct 2019 13:34:04 +0000 (+0200)
Subject: kernel-netlink: Enumerate temporary IPv6 addresses according to config
X-Git-Tag: 5.8.2dr2~21^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f12b8a61c4759c0d74dd7c3a3454c0258e0d0bc;p=thirdparty%2Fstrongswan.git

kernel-netlink: Enumerate temporary IPv6 addresses according to config

This way we announce only permanent addresses via MOBIKE by default, and
temporary ones if the option is enabled.
---

diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index d57b3937bc..cc58afda83 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -286,8 +286,16 @@ charon.prefer_configured_proposals = yes
 	notifies).
 
 charon.prefer_temporary_addrs = no
-	By default public IPv6 addresses are preferred over temporary ones (RFC
-	4941), to make connections more stable. Enable this option to reverse this.
+	Controls whether permanent or temporary IPv6 addresses are used as source,
+	or announced as additional addresses if MOBIKE is used.
+
+	By default, permanent IPv6 source addresses are preferred over temporary
+	ones (RFC 4941), to make connections more stable. Enable this option to
+	reverse this.
+
+	It also affects which IPv6 addresses are announced as additional addresses
+	if MOBIKE is used.  If the option is disabled, only permanent addresses are
+	sent, and only temporary ones if it is enabled.
 
 charon.process_route = yes
 	Process RTM_NEWROUTE and RTM_DELROUTE events.
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 165fb42d13..4abafd9934 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2018 Tobias Brunner
+ * Copyright (C) 2008-2019 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -1608,6 +1608,14 @@ CALLBACK(filter_addresses, bool,
 		{	/* skip deprecated addresses or those with an unusable scope */
 			continue;
 		}
+		if (addr->ip->get_family(addr->ip) == AF_INET6)
+		{	/* handle temporary IPv6 addresses according to config */
+			bool temporary = (addr->flags & IFA_F_TEMPORARY) == IFA_F_TEMPORARY;
+			if (data->this->prefer_temporary_addrs != temporary)
+			{
+				continue;
+			}
+		}
 		*out = addr->ip;
 		return TRUE;
 	}