I would appreciate any donations. Wishlist or send e-mail type donations to maekawa AT daemon-systems.org.

Thank you.

IN_GETIFA(9)               Kernel Developer's Manual              IN_GETIFA(9)

     in_getifa -- Look up the IPv4 source address best matching an IPv4

     options IPSELSRC
     #include <netinet/in_selsrc.h>

     struct ifaddr *
     in_getifa(struct ifaddr *ifa, const struct sockaddr *dst0);

     in_getifa enforces the IPv4 source-address selection policy.  Add the
     source-address selection policy mechanism to your kernel with options
     IPSELSRC.  options IPSELSRC lets the operator set the policy for choosing
     the source address of any socket bound to the ``wildcard'' address,
     INADDR_ANY.  Note that the policy is applied after the kernel makes its
     forwarding decision, thereby choosing the output interface; in other
     words, this mechanism does not affect whether or not NetBSD is a ``strong

     An operator affects the source-address selection using sysctl(8) and
     ifconfig(8).  Operators set policies with sysctl(8).  Some policies
     consider the ``preference number'' of an address.  An operator may set
     preference numbers for each address with ifconfig(8).

     A source-address policy is a priority-ordered list of source-address
     ranking functions.  A ranking function maps its arguments, (source
     address, source index, source preference, destination address), to
     integers.  The source index is the position of source address in the
     interface address list; the index of the first address is 0.  The source
     preference is the preference number the operator assigned to source
     address.  The destination address is the socket peer / packet

     Presently, there are four ranking functions to choose from:

     index              ranks by source index; lower indices are ranked more

     preference         ranks by source preference; higher preference numbers
                        are ranked more highly.

     common-prefix-len  ranks each source address by the length of the longest
                        prefix it has in common with destination address;
                        longer common prefixes rank more highly.

     same-category      determines the "categories" of source and destination
                        address.  A category is one of private, link-local, or
                        other.  If the categories exactly match, same-category
                        assigns a rank of 2.  Some sources are ranked 1 by
                        category: a link-local source with a private
                        destination, a private source with a link-local
                        destination, and a private source with an other
                        destination rank 1.  All other sources rank 0.

                        Categories are defined as follows.

                        private     RFC1918 networks, 192.168/16, 172.16/12,
                                    and 10/8

                        link-local  169.254/16, 224/24

                        other       all other networks---i.e., not private,
                                    not link-local

     To apply a policy, the kernel applies all ranking functions in the policy
     to every source address, producing a vector of ranks for each source.
     The kernel sorts the sources in descending, lexicographical order by
     their rank-vector, and chooses the highest-ranking (first) source.  The
     kernel breaks ties by choosing the source with the least source index.

     The operator may set a policy on individual interfaces.  The operator may
     also set a global policy that applies to all interfaces whose policy he
     does not set individually.

     Here is the sysctl tree for the policy at system startup:

           net.inet.ip.selectsrc.default = index
           net.inet.ip.interfaces.ath0.selectsrc =
           net.inet.ip.interfaces.sip0.selectsrc =
           net.inet.ip.interfaces.sip1.selectsrc =
           net.inet.ip.interfaces.lo0.selectsrc =
           net.inet.ip.interfaces.pflog0.selectsrc =

     The policy on every interface is the ``empty'' policy, so the default
     policy applies.  The default policy, index, is the ``historical'' policy
     in NetBSD.

     The operator may override the default policy on ath0,

                   # sysctl -w net.inet.ip.interfaces.ath0.selectsrc=same-category,common-prefix-len,preference

     yielding this policy:

           net.inet.ip.selectsrc.default = index
           net.inet.ip.interfaces.ath0.selectsrc = same-category,common-prefix-len,preference

     The operator may set a new default,

           # sysctl -w net.inet.ip.selectsrc.debug=> same-category,common-prefix-len,preference
           # sysctl -w net.inet.ip.interfaces.ath0.selectsrc=

     yielding this policy:

           net.inet.ip.selectsrc.default = same-category,common-prefix-len,preference
           net.inet.ip.interfaces.ath0.selectsrc =

     In a number of applications, the policy above will usually pick suitable
     source addresses if ath0 is configured in this way:

           # ifconfig ath0 inet
           # ifconfig ath0 inet
           # ifconfig ath0 inet
           # ifconfig ath0 inet preference 5
           # ifconfig ath0 inet preference 9
     A sysctl, net.inet.ip.selectsrc.debug, turns on and off debug messages
     concerned with source selection.  You may set it to 0 (no messages) or 1.

     ifconfig(8), sysctl(8)

     The family of IPv6 source-address selection policies defined by RFC3484
     resembles the family of IPv4 policies that in_getifa enforces.

     David Young <dyoung@NetBSD.org>

     With options IPSELSRC, a new interface ioctl(2), SIOCSIFADDRPREF, was
     introduced.  It ought to be documented in inet(4).  Also, options(4)
     ought to cross-reference this manual page.

     This work should be used to set IPv6 source-address selection policies,
     especially the family of policies defined by RFC3484.

NetBSD 7.1.2                   February 22, 2007                  NetBSD 7.1.2