diff --git a/conf/options/charon.opt b/conf/options/charon.opt index d57b3937b..cc58afda8 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -286,8 +286,16 @@ charon.prefer_configured_proposals = yes notifies). charon.prefer_temporary_addrs = no - By default public IPv6 addresses are preferred over temporary ones (RFC - 4941), to make connections more stable. Enable this option to reverse this. + Controls whether permanent or temporary IPv6 addresses are used as source, + or announced as additional addresses if MOBIKE is used. + + By default, permanent IPv6 source addresses are preferred over temporary + ones (RFC 4941), to make connections more stable. Enable this option to + reverse this. + + It also affects which IPv6 addresses are announced as additional addresses + if MOBIKE is used. If the option is disabled, only permanent addresses are + sent, and only temporary ones if it is enabled. charon.process_route = yes Process RTM_NEWROUTE and RTM_DELROUTE events. diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c index c22e37962..4abafd993 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2018 Tobias Brunner + * Copyright (C) 2008-2019 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -1603,10 +1603,19 @@ CALLBACK(filter_addresses, bool, { /* address is regular, but not requested */ continue; } - if (addr->scope >= RT_SCOPE_LINK) - { /* skip addresses with a unusable scope */ + if (addr->flags & IFA_F_DEPRECATED || + addr->scope >= RT_SCOPE_LINK) + { /* skip deprecated addresses or those with an unusable scope */ continue; } + if (addr->ip->get_family(addr->ip) == AF_INET6) + { /* handle temporary IPv6 addresses according to config */ + bool temporary = (addr->flags & IFA_F_TEMPORARY) == IFA_F_TEMPORARY; + if (data->this->prefer_temporary_addrs != temporary) + { + continue; + } + } *out = addr->ip; return TRUE; }