Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.

IN_GETIFA(9)               Kernel Developer's Manual              IN_GETIFA(9)

     in_getifa - Look up the IPv4 source address best matching an IPv4

     options IPSELSRC
     #include <netinet/in_selsrc.h>

     struct ifaddr *
     in_getifa(struct ifaddr *ifa, const struct sockaddr *dst0);

     in_getifa enforces the IPv4 source-address selection policy.  Add the
     source-address selection policy mechanism to your kernel with options
     IPSELSRC.  options IPSELSRC lets the operator set the policy for choosing
     the source address of any socket bound to the "wildcard" address,
     INADDR_ANY.  Note that the policy is applied after the kernel makes its
     forwarding decision, thereby choosing the output interface; in other
     words, this mechanism does not affect whether or not NetBSD is a "strong

     An operator affects the source-address selection using sysctl(8) and
     ifconfig(8).  Operators set policies with sysctl(8).  Some policies
     consider the "preference number" of an address.  An operator may set
     preference numbers for each address with ifconfig(8).

     A source-address policy is a priority-ordered list of source-address
     ranking functions.  A ranking function maps its arguments, (source
     address, source index, source preference, destination address), to
     integers.  The source index is the position of source address in the
     interface address list; the index of the first address is 0.  The source
     preference is the preference number the operator assigned to source
     address.  The destination address is the socket peer / packet

     Presently, there are four ranking functions to choose from:

     index              ranks by source index; lower indices are ranked more

     preference         ranks by source preference; higher preference numbers
                        are ranked more highly.

     common-prefix-len  ranks each source address by the length of the longest
                        prefix it has in common with destination address;
                        longer common prefixes rank more highly.

     same-category      determines the "categories" of source and destination
                        address.  A category is one of private, link-local, or
                        other.  If the categories exactly match, same-category
                        assigns a rank of 2.  Some sources are ranked 1 by
                        category: a link-local source with a private
                        destination, a private source with a link-local
                        destination, and a private source with an other
                        destination rank 1.  All other sources rank 0.

                        Categories are defined as follows.

                        private     RFC1918 networks, 192.168/16, 172.16/12,
                                    and 10/8

                        link-local  169.254/16, 224/24

                        other       all other networks---i.e., not private,
                                    not link-local

     To apply a policy, the kernel applies all ranking functions in the policy
     to every source address, producing a vector of ranks for each source.
     The kernel sorts the sources in descending, lexicographical order by
     their rank-vector, and chooses the highest-ranking (first) source.  The
     kernel breaks ties by choosing the source with the least source index.

     The operator may set a policy on individual interfaces.  The operator may
     also set a global policy that applies to all interfaces whose policy they
     do not set individually.

     Here is the sysctl tree for the policy at system startup:

           net.inet.ip.selectsrc.default = index
           net.inet.ip.interfaces.ath0.selectsrc =
           net.inet.ip.interfaces.sip0.selectsrc =
           net.inet.ip.interfaces.sip1.selectsrc =
           net.inet.ip.interfaces.lo0.selectsrc =
           net.inet.ip.interfaces.pflog0.selectsrc =

     The policy on every interface is the "empty" policy, so the default
     policy applies.  The default policy, index, is the "historical" policy in

     The operator may override the default policy on ath0,

                   # sysctl -w net.inet.ip.interfaces.ath0.selectsrc=same-category,common-prefix-len,preference

     yielding this policy:

           net.inet.ip.selectsrc.default = index
           net.inet.ip.interfaces.ath0.selectsrc = same-category,common-prefix-len,preference

     The operator may set a new default,

           # sysctl -w net.inet.ip.selectsrc.debug=> same-category,common-prefix-len,preference
           # sysctl -w net.inet.ip.interfaces.ath0.selectsrc=

     yielding this policy:

           net.inet.ip.selectsrc.default = same-category,common-prefix-len,preference
           net.inet.ip.interfaces.ath0.selectsrc =

     In a number of applications, the policy above will usually pick suitable
     source addresses if ath0 is configured in this way:

           # ifconfig ath0 inet
           # ifconfig ath0 inet
           # ifconfig ath0 inet
           # ifconfig ath0 inet preference 5
           # ifconfig ath0 inet preference 9
     A sysctl, net.inet.ip.selectsrc.debug, turns on and off debug messages
     concerned with source selection.  You may set it to 0 (no messages) or 1.

     ifconfig(8), sysctl(8)

     The family of IPv6 source-address selection policies defined by RFC3484
     resembles the family of IPv4 policies that in_getifa enforces.

     David Young <dyoung@NetBSD.org>

     With options IPSELSRC, a new interface ioctl(2), SIOCSIFADDRPREF, was
     introduced.  It ought to be documented in inet(4).  Also, options(4)
     ought to cross-reference this manual page.

     This work should be used to set IPv6 source-address selection policies,
     especially the family of policies defined by RFC3484.

NetBSD 9.99                    February 22, 2007                   NetBSD 9.99