git: ca4b046105f6 - main - netinet6: allow binding to anycast addresses

From: Lexi Winter <ivy_at_FreeBSD.org>
Date: Thu, 24 Apr 2025 00:52:24 UTC
The branch main has been updated by ivy:

URL: https://cgit.FreeBSD.org/src/commit/?id=ca4b046105f640ebcbdec7cb74a9eecb963264a6

commit ca4b046105f640ebcbdec7cb74a9eecb963264a6
Author:     Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-04-24 00:48:39 +0000
Commit:     Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-04-24 00:50:38 +0000

    netinet6: allow binding to anycast addresses
    
    the restriction on sending packets from anycast source addresses was
    removed in RFC4291, so there's no reason to forbid binding to such
    addresses.  this allows anycast services (e.g., DNS) to actually use
    anycast addresses, which was previously impossible.
    
    RFC4291 also removes the restriction that only routers may configure
    anycast addresses; this was never enforced in code but was documented in
    ifconfig.8.  update ifconfig.8 to document both changes.
    
    PR:     285545
    Reviewed by:    des, adrian
    Approved by:    des (mentor)
    Differential Revision:  https://reviews.freebsd.org/D49905
---
 sbin/ifconfig/ifconfig.8 | 21 +++++++++++++++------
 sys/netinet6/in6_pcb.c   |  9 ++++-----
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index dfea59dfd229..e3f094a336fb 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd June 6, 2024
+.Dd April 24, 2025
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -448,11 +448,10 @@ of specifying the host portion, removing all NS addresses will
 allow you to respecify the host portion.
 .It Cm anycast
 (Inet6 only.)
-Specify that the address configured is an anycast address.
-Based on the current specification,
-only routers may configure anycast addresses.
-Anycast address will not be used as source address of any of outgoing
-IPv6 packets.
+Specify that the address configured is an anycast address,
+as described in RFC 4291 section 2.6.
+Anycast addresses will not be used as source address of any outgoing
+IPv6 packets unless an application explicitly binds to the address.
 .It Cm arp
 Enable the use of the Address Resolution Protocol
 .Pq Xr arp 4
@@ -3326,6 +3325,16 @@ tried to alter an interface's configuration.
 .Xr rc 8 ,
 .Xr routed 8 ,
 .Xr sysctl 8
+.Rs
+.%R RFC 3484
+.%D February 2003
+.%T "Default Address Selection for Internet Protocol version 6 (IPv6)"
+.Re
+.Rs
+.%R RFC 4291
+.%D February 2006
+.%T "IP Version 6 Addressing Architecture"
+.Re
 .Sh HISTORY
 The
 .Nm
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index 65b7ead1e365..dfda0c60c0ba 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -214,14 +214,13 @@ in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, int fib,
 		}
 
 		/*
-		 * XXX: bind to an anycast address might accidentally
-		 * cause sending a packet with anycast source address.
-		 * We should allow to bind to a deprecated address, since
-		 * the application dares to use it.
+		 * We used to prohibit binding to an anycast address here,
+		 * based on RFC3513, but that restriction was removed in
+		 * RFC4291.
 		 */
 		if (ifa != NULL &&
 		    ((struct in6_ifaddr *)ifa)->ia6_flags &
-		    (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY | IN6_IFF_DETACHED)) {
+		    (IN6_IFF_NOTREADY | IN6_IFF_DETACHED)) {
 			NET_EPOCH_EXIT(et);
 			return (EADDRNOTAVAIL);
 		}