netinet6: allow binding to anycast addresses

Lexi Winter · Lexi Winter · commit ca4b046105f6 · 2025-04-24T01:50:38.000+01:00
the restriction on sending packets from anycast source addresses was removed in RFC4291, so there's no reason to forbid binding to such addresses. this allows anycast services (e.g., DNS) to actually use anycast addresses, which was previously impossible. RFC4291 also removes the restriction that only routers may configure anycast addresses; this was never enforced in code but was documented in ifconfig.8. update ifconfig.8 to document both changes. PR: 285545 Reviewed by: des, adrian Approved by: des (mentor) Differential Revision: https://reviews.freebsd.org/D49905
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd June 6, 2024
+.Dd April 24, 2025
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -448,11 +448,10 @@ of specifying the host portion, removing all NS addresses will
 allow you to respecify the host portion.
 .It Cm anycast
 (Inet6 only.)
-Specify that the address configured is an anycast address.
-Based on the current specification,
-only routers may configure anycast addresses.
-Anycast address will not be used as source address of any of outgoing
-IPv6 packets.
+Specify that the address configured is an anycast address,
+as described in RFC 4291 section 2.6.
+Anycast addresses will not be used as source address of any outgoing
+IPv6 packets unless an application explicitly binds to the address.
 .It Cm arp
 Enable the use of the Address Resolution Protocol
 .Pq Xr arp 4
@@ -3326,6 +3325,16 @@ tried to alter an interface's configuration.
 .Xr rc 8 ,
 .Xr routed 8 ,
 .Xr sysctl 8
+.Rs
+.%R RFC 3484
+.%D February 2003
+.%T "Default Address Selection for Internet Protocol version 6 (IPv6)"
+.Re
+.Rs
+.%R RFC 4291
+.%D February 2006
+.%T "IP Version 6 Addressing Architecture"
+.Re
 .Sh HISTORY
 The
 .Nm
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
@@ -214,14 +214,13 @@ in6_pcbbind_avail(struct inpcb *inp, const struct sockaddr_in6 *sin6, int fib,
 		}
 
 		/*
-		 * XXX: bind to an anycast address might accidentally
-		 * cause sending a packet with anycast source address.
-		 * We should allow to bind to a deprecated address, since
-		 * the application dares to use it.
+		 * We used to prohibit binding to an anycast address here,
+		 * based on RFC3513, but that restriction was removed in
+		 * RFC4291.
 		 */
 		if (ifa != NULL &&
 		    ((struct in6_ifaddr *)ifa)->ia6_flags &
-		    (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY | IN6_IFF_DETACHED)) {
+		    (IN6_IFF_NOTREADY | IN6_IFF_DETACHED)) {
 			NET_EPOCH_EXIT(et);
 			return (EADDRNOTAVAIL);
 		}
