[net/dns] Resolve AF_UNSPEC on dual-stacked systems. Sort addresses according to RFC3484.

net/dns/address_sorter_posix.cc

Index: net/dns/address_sorter_posix.cc
diff --git a/net/dns/address_sorter_posix.cc b/net/dns/address_sorter_posix.cc
new file mode 100644
index 0000000000000000000000000000000000000000..d7ac4e1ad160139461e5fe7d8a628ef99df5cc25
--- /dev/null
+++ b/net/dns/address_sorter_posix.cc
@@ -0,0 +1,479 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/dns/address_sorter.h"
+
+#include <stdint.h>
+#include <netinet/in.h>

[mmenke, 2012/07/30 15:37:00]

nit:  Not in alphabetical order.

[szym, 2012/07/30 16:28:45]

"stdint.h" is needed for "netinet/in.h", but it seems that in.h includes
stdint.h, so I'll see if it builds without it.

+
+#if defined(OS_MACOSX) || defined(OS_BSD)
+#include <sys/socket.h>  // Must be included before ifaddrs.h.
+#include <ifaddrs.h>
+#include <net/if.h>
+#include <netinet/in_var.h>
+#include <string.h>

[mmenke, 2012/07/30 15:37:00]

Why is this needed?

[szym, 2012/07/30 16:28:45]

memcpy in line 453. But now I see it's included in "base/basictypes.h" so I'll
switch to that.

+#include <sys/ioctl.h>
+#endif
+
+#include <algorithm>
+#include <map>
+#include <vector>
+
+#include "base/eintr_wrapper.h"
+#include "base/logging.h"
+#include "base/memory/scoped_vector.h"
+#include "net/base/address_list.h"
+#include "net/base/net_errors.h"
+#include "net/base/net_util.h"
+#include "net/base/network_change_notifier.h"
+#include "net/socket/client_socket_factory.h"
+#include "net/udp/datagram_client_socket.h"
+
+#if defined(OS_LINUX)
+#include "net/base/address_tracker_linux.h"
+#endif
+
+namespace net {
+
+namespace {
+
+// Address sorting is performed according to RFC3484 with revisions.
+// http://tools.ietf.org/html/draft-ietf-6man-rfc3484bis-03

[mmenke, 2012/07/30 15:37:00]

They're up to http://tools.ietf.org/html/draft-ietf-6man-rfc3484bis-06 now.

+// The default policy has been updated as in Linux:
+// http://www.akkadia.org/drepper/linux-rfc3484.html

[mmenke, 2012/07/30 19:40:34]

Is this still needed?  Looks like the latest 3484bis includes a similar fix.

[szym, 2012/07/30 20:55:52]

You're right. All problems raised there are already addressed in the RFC'bis,
but I just realized there is still a difference between the current glibc
implementation and the RFC in how NATed IPv4 addresses are treated.

This is also the difference between glibc and bionic implementations. In glibc,
NATed IPv4 addresses (192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8) are assigned
site-local scope as in the original
http://tools.ietf.org/html/rfc3484#section-3.2 and the problem is fixed by using
the label policy table:
/* The next two entries differ from RFC 3484.  We need to treat
   IPv6 site-local addresses special because they are never NATed,
   unlike site-locale IPv4 addresses.  If this would not happen, on
   machines which have only IPv4 and IPv6 site-local addresses, the
   sorting would prefer the IPv6 site-local addresses, causing
   unnecessary delays when trying to connect to a global IPv6 address
   through a site-local IPv6 address.  */
//fec0::/10  label = 5
//fc00::/7   label = 6

In contrast, in bionic's _get_scope:
/*
 * According to draft-ietf-6man-rfc3484-revise-01 section 2.3,
 * it is best not to treat the private IPv4 ranges
 * (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) as being
 * in a special scope, so we don't.
 */
return IPV6_ADDR_SCOPE_GLOBAL;


RFC'bis also suggests simply assigning global scope, so I think it makes more
sense to use that.

+// Precedence and label are separate to support override through /etc/gai.conf.
+
+// Generic policy entry.
+struct PolicyEntry {
+  // IPv4 addresses must be mapped to IPv6.
+  unsigned char prefix[kIPv6AddressSize];
+  unsigned prefix_length;
+  unsigned value;
+};
+
+typedef std::vector<PolicyEntry> PolicyTable;
+
+// Returns true if |p1| should precede |p2| in the table.
+// Sorts table by decreasing prefix size to allow longest prefix matching.
+bool ComparePolicy(const PolicyEntry& p1, const PolicyEntry& p2) {
+  return p1.prefix_length > p2.prefix_length;
+}
+
+// Creates sorted PolicyTable from |table| with |size| entries.
+PolicyTable LoadPolicy(PolicyEntry* table, size_t size) {
+  PolicyTable result(table, table + size);
+  std::sort(result.begin(), result.end(), ComparePolicy);
+  return result;
+}
+
+// Search |table| for matching prefix of |address|. |table| must be sorted by
+// descending prefix (prefix of another prefix must be later in table).
+unsigned GetPolicyValue(const PolicyTable& table,
+                        const IPAddressNumber& address) {
+  if (address.size() == kIPv4AddressSize)
+    return GetPolicyValue(table, ConvertIPv4NumberToIPv6Number(address));

[mmenke, 2012/07/30 15:37:00]

I think converting everything up front may be a little less error prone, and
guarantees consistent behavior with IPv4-mapped addresses, which we don't have
now.  Only downside is we don't preserve whether something starts out as
IPv4-mapped or true IPv4, but we don't do that on Windows, either.

[szym, 2012/07/30 16:28:45]

I agree, although converting everything up front will require different logic in
|GetScope|.

+  for (unsigned i = 0; i < table.size(); ++i) {
+    const PolicyEntry& entry = table[i];
+    IPAddressNumber prefix(entry.prefix, entry.prefix + kIPv6AddressSize);
+    if (IPNumberMatchesPrefix(address, prefix, entry.prefix_length))
+      return entry.value;
+  }
+  NOTREACHED();
+  // The last entry is the least restrictive, so assume it's default.
+  return table.back().value;
+}
+
+enum AddressScope {
+  SCOPE_NODELOCAL = 1,
+  SCOPE_LINKLOCAL = 2,
+  SCOPE_SITELOCAL = 5,
+  SCOPE_ORGLOCAL = 8,
+  SCOPE_GLOBAL = 14,
+};
+
+bool IsMulticast(const IPAddressNumber& address) {
+  return address[0] == 0xFF;
+}
+
+AddressScope GetMulticastScope(const IPAddressNumber& address) {
+  return static_cast<AddressScope>(address[1] & 0x0F);
+}
+
+bool IsIPv6Loopback(const IPAddressNumber& address) {
+  // IN6_IS_ADDR_LOOPBACK
+  unsigned char kLoopback[kIPv6AddressSize] = {
+      0, 0, 0, 0, 0, 0, 0, 0,
+      0, 0, 0, 0, 0, 0, 0, 1,
+  };
+  return address == IPAddressNumber(kLoopback, kLoopback + kIPv6AddressSize);
+}
+
+bool IsLinkLocal(const IPAddressNumber& address) {
+  // IN6_IS_ADDR_LINKLOCAL
+  return (address[0] == 0xFE) && ((address[1] & 0xC0) == 0x80);
+}
+
+bool IsSiteLocal(const IPAddressNumber& address) {
+  // IN6_IS_ADDR_SITELOCAL
+  return (address[0] == 0xFE) && ((address[1] & 0xC0) == 0xC0);
+}
+
+AddressScope GetScope(const PolicyTable& table,
+                      const IPAddressNumber& address) {
+  if (address.size() == kIPv6AddressSize) {

[mmenke, 2012/07/30 15:37:00]

Should we handle IPv4 mapped addresses here?  If so, sounds like IPv4-mapped
addresses should use |table|.

[szym, 2012/07/30 16:28:45]

Good question. Now that I think about it, I wonder if DNS server can ever return
an IPv4-mapped address in AAAA record. According to
http://www.kame.net/newsletter/20000216/ IPv4 mapped addresses "MUST NOT" be
used in AAAA records nor in /etc/hosts.

+    if (IsMulticast(address)) {
+      return GetMulticastScope(address);
+    } else if (IsIPv6Loopback(address) || IsLinkLocal(address)) {
+      return SCOPE_LINKLOCAL;
+    } else if (IsSiteLocal(address)) {
+      return SCOPE_SITELOCAL;
+    } else {
+      return SCOPE_GLOBAL;
+    }
+  } else if (address.size() == kIPv4AddressSize) {
+    return static_cast<AddressScope>(GetPolicyValue(table, address));
+  } else {
+    NOTREACHED();
+    return SCOPE_NODELOCAL;
+  }
+}
+
+// Default policy table. RFC 3484, Section 2.1. Updated for glibc.
+PolicyEntry kDefaultPrecedenceTable[] = {
+  // ::1/128 -- loopback
+  { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }, 128, 60 },
+  // fc00::/7 -- multicast

[szym, 2012/07/30 20:55:52]

not "multicast", but "unique local address"

+  { { 0xFC }, 7, 50 },
+  // ::/0 -- any
+  { { }, 0, 40 },
+  // ::ffff:0:0/96 -- IPv4 mapped
+  { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF }, 96, 30 },
+  // 2002::/16 -- 6to4
+  { { 0x20, 0x02, }, 17, 20 },
+  // 2001::/32 -- Teredo
+  { { 0x20, 0x01, 0, 0 }, 32, 10 },

[mmenke, 2012/07/30 19:40:34]

The tables look a bit different from the tables in the RFC (Both the 2.1 and
10.4 tables) and the glibc ones you also link to.  Am I missing something?

[szym, 2012/07/30 20:55:52]

Ah. As bionic, this is following:
http://tools.ietf.org/html/draft-ietf-6man-rfc3484-revise-01#section-2.1.4
         Prefix        Precedence Label
         ::1/128               60     0
         fc00::/7              50     1
         ::/0                  40     2
         ::ffff:0:0/96         30     3
         2002::/16             20     4
         2001::/32             10     5
         ::/96                  1    10
         fec::/16               1    11
         3ffe::/16              1    12

I didn't realize it myself until now, but this table is slightly different in
RFC3484bis:
      Prefix        Precedence Label
      ::1/128               50     0
      ::/0                  40     1
      ::ffff:0:0/96         35     4
      2002::/16             30     2
      2001::/32              5     5
      fc00::/7               3    13   // ULA degraded from second precedence
      ::/96                  1     3
      fec0::/10              1    11   // Site-local expanded scope (reduced
prefix length)
      3ffe::/16              1    12

[The Label column is a bit perplexing to me in both tables, since the label does
not imply any order. It is compared only as "matching label".]

And the default glibc table is (contrary to man gai.conf):
     Prefix        Precedence Label
     ::1/128       50         0
     ::/0          40         1
     2002::/16     30         2
     ::/96         20         3
     ::ffff:0:0/96 10         4
     fec0::/10     x          5
     fc00::/7      x          6
     2001:0::/32   x          7
(where 'x' implies that precedence for ::/0 [40] is used)

I think I'll go with the RFC'bis table for now.

+  // ::/96 -- IPv4 compatible
+  { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, 96, 1 },
+  // fec0::/16 -- unique local address
+  { { 0xFE, 0xC0 }, 16, 1 },

[mmenke, 2012/07/30 19:40:34]

This looks wrong.

fc00::/7 is unique local.
fec0::/10 is site-local (deprecated).
fec0::/16 is a subset of site-local.

+  // 3ffe::/16 -- 6bone
+  { { 0x3F, 0xFE }, 16, 1 },
+};
+
+PolicyEntry kDefaultLabelTable[] = {
+  // ::1/128 -- loopback
+  { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }, 128, 0 },
+  // fc00::/7 -- multicast
+  { { 0xFC }, 7, 1 },
+  // ::/0 -- any
+  { { }, 0, 2 },
+  // ::ffff:0:0/96 -- IPv4 mapped
+  { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF }, 96, 3 },
+  // 2002::/16 -- 6to4
+  { { 0x20, 0x02, }, 17, 4 },
+  // 2001::/32 -- Teredo
+  { { 0x20, 0x01, 0, 0 }, 32, 5 },
+  // ::/96 -- IPv4 compatible
+  { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, 96, 10 },
+  // fec0::/16 -- unique local address
+  { { 0xFE, 0xC0 }, 16, 11 },
+  // 3ffe::/16 -- 6bone
+  { { 0x3F, 0xFE }, 16, 12 },
+};
+
+// Default mapping of IPv4 addresses to scope.
+PolicyEntry kDefaultScopeTable[] = {

[mmenke, 2012/07/30 15:37:00]

Think this name is very confusing.  May be worth just inlining the logic. 
Alternatively, explicitly call it kIPv4ScopeTable, and call it ipv4_scope_table
everywhere.

[szym, 2012/07/30 16:28:45]

The reason why this exists (and has 'Default' in name) is because /etc/gai.conf
(see scopev4 in `man gai.conf`) can override it. If we want to support that then
it needs to be explicit.

I can add 'IPv4' to the name, here and where it is used.

[mmenke, 2012/07/30 19:40:34]

Curiously, man gai.conf didn't mention the field, but the file itself did have
comments about it.

[szym, 2012/07/30 20:55:52]

My "man gai.conf" includes:
====
scopev4 mask value
    Add another rule to the RFC 3484 scope table for IPv4 address.  By default
the scope IDs described in section 3.2 in RFC 3438 are used.  Changing these
defaults should hardly ever be necessary.
====
This is referring to the original RFC3484 which assigned NATed IPv4 addresses
site-local scope.

+  { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF, 0x7F }, 104,
+      SCOPE_LINKLOCAL },
+  { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF, 0xA9, 0xFE }, 112,
+      SCOPE_LINKLOCAL },
+  { { }, 0, SCOPE_GLOBAL },
+};
+
+// Returns number of matching initial bits between the addresses |a1| and |a2|.
+unsigned CommonPrefixLength(const IPAddressNumber& a1,
+                            const IPAddressNumber& a2) {
+  DCHECK_EQ(a1.size(), a2.size());
+  for (size_t i = 0; i < a1.size(); ++i) {
+    unsigned diff = a1[i] ^ a2[i];
+    if (!diff)
+      continue;
+    for (unsigned j = 0; j < CHAR_BIT; ++j) {
+      if (diff & (1 << (CHAR_BIT - 1)))
+        return i * CHAR_BIT + j;
+      diff <<= 1;
+    }
+  }
+  return a1.size() * CHAR_BIT;
+}
+
+// Computes the number of leading 1-bits in |addr|.
+unsigned PrefixLength(const IPAddressNumber& addr) {

[mmenke, 2012/07/30 19:40:34]

Suggest you rename this MaskPrefixLength(addr_mask), since it takes masks,
rather than addresses.

+  IPAddressNumber all_ones(addr.size(), 0xFF);
+  return CommonPrefixLength(addr, all_ones);
+}
+
+struct SourceAddressInfo {
+  AddressScope scope;
+  unsigned label;
+  // Values below matter only if more than one source address in the list.
+  unsigned prefix_length;
+  bool deprecated;  // vs. preferred RFC4862
+  bool home;        // vs. care-of RFC6275
+  bool native;
+};
+
+typedef std::map<IPAddressNumber, SourceAddressInfo> SourceAddressMap;
+
+struct SortElement {
+  IPAddressNumber address;
+  AddressScope scope;
+  unsigned precedence;
+  unsigned label;
+  const SourceAddressInfo* src;
+  unsigned common_prefix_length;
+};
+
+// Returns true iff |a1| should precede |a2| in the address list.
+// RFC 3484, section 6.
+bool CompareElements(const SortElement* a1, const SortElement* a2) {

[mmenke, 2012/07/30 19:40:34]

Think a1 / a2 could be named better.  Suggest dest_a / dest_b (A/B in keeping
with the RFC).

+  // Rule 1: Avoid unusable destinations.
+  // Unusable destinations are already filtered out.
+  DCHECK(a1->src);
+  DCHECK(a2->src);
+
+  // Rule 2: Prefer matching scope.
+  bool scope_match1 = (a1->src->scope == a1->scope);
+  bool scope_match2 = (a2->src->scope == a2->scope);
+  if (scope_match1 != scope_match2)
+    return scope_match1;
+
+  // Rule 3: Avoid deprecated addresses.
+  if (a1->src->deprecated != a2->src->deprecated)
+    return !a1->src->deprecated;
+
+  // Rule 4: Prefer home addresses.
+  if (a1->src->home != a2->src->home)
+    return !a1->src->home;

[mmenke, 2012/07/30 19:40:34]

Shouldn't this be "return a1->src->home;"? (No negation)

[szym, 2012/07/30 20:55:52]

Yes.

+
+  // Rule 5: Prefer matching label.
+  bool label_match1 = (a1->src->label == a1->label);
+  bool label_match2 = (a2->src->label == a2->label);
+  if (label_match1 != label_match2)
+    return label_match1;
+
+  // Rule 6: Prefer higher precedence.
+  if (a1->precedence != a2->precedence)
+    return a1->precedence > a2->precedence;
+
+  // Rule 7: Prefer native transport.
+  if (a1->src->native != a2->src->native)
+    return !a1->src->native;

[mmenke, 2012/07/30 19:40:34]

Believe the negation here is also wrong.

[szym, 2012/07/30 20:55:52]

Yes.

+
+  // Rule 8: Prefer smaller scope.
+  if (a1->scope != a2->scope)
+    return a1->scope < a2->scope;
+
+  // Rule 9: Use longest matching prefix. Only for matching address families.
+  if (a1->address.size() == a2->address.size()) {
+    if (a1->common_prefix_length != a2->common_prefix_length)
+      return a1->common_prefix_length > a2->common_prefix_length;
+  }
+
+  // Rule 10: Leave the order unchanged.
+  // stable_sort takes care of that.
+  return false;
+}
+
+class AddressSorterPosix : public AddressSorter,
+                           public NetworkChangeNotifier::IPAddressObserver {
+ public:
+  explicit AddressSorterPosix(ClientSocketFactory* socket_factory);
+  virtual ~AddressSorterPosix();
+
+  virtual bool Sort(AddressList* list) const OVERRIDE;
+
+ private:
+  // NetworkChangeNotifier::IPAddressObserver:
+  virtual void OnIPAddressChanged() OVERRIDE;
+
+  SourceAddressMap source_info_;
+  // For the cases when the source address is not in |source_info_|.
+  // TODO(szym): Consider simply falling back to getaddrinfo in that case.
+  SourceAddressInfo mock_source_info_;
+
+  ClientSocketFactory* socket_factory_;
+  PolicyTable precedence_table_;
+  PolicyTable label_table_;
+  PolicyTable scope_table_;
+
+  DISALLOW_COPY_AND_ASSIGN(AddressSorterPosix);
+};
+
+AddressSorterPosix::AddressSorterPosix(ClientSocketFactory* socket_factory)
+    : socket_factory_(socket_factory),
+      precedence_table_(LoadPolicy(kDefaultPrecedenceTable,
+                                   arraysize(kDefaultPrecedenceTable))),
+      label_table_(LoadPolicy(kDefaultLabelTable,
+                              arraysize(kDefaultLabelTable))),
+      scope_table_(LoadPolicy(kDefaultScopeTable,
+                              arraysize(kDefaultScopeTable))) {
+  mock_source_info_.scope = SCOPE_GLOBAL;
+  mock_source_info_.deprecated = false;
+  mock_source_info_.home = false;
+  mock_source_info_.native = false;
+  mock_source_info_.label = static_cast<unsigned>(-1);
+  mock_source_info_.prefix_length = 0;
+  NetworkChangeNotifier::AddIPAddressObserver(this);
+}
+
+AddressSorterPosix::~AddressSorterPosix() {
+  NetworkChangeNotifier::RemoveIPAddressObserver(this);
+}
+
+bool AddressSorterPosix::Sort(AddressList* list) const {
+  ScopedVector<SortElement> sort_list;
+
+  for (size_t i = 0; i < list->size(); ++i) {
+    scoped_ptr<SortElement> el(new SortElement());

[mmenke, 2012/07/30 19:40:34]

Think using "el" for a variable name violates Google style.  I'd suggest
renaming SortElement (Which is also too vague, in my opinion) to
DestinationSortInfo or DestinationInfo, and using something like "dest_info" or
"sort_info", or even just "dest" here.

+    el->address = (*list)[i].address();
+    el->scope = GetScope(scope_table_, el->address);
+    el->precedence = GetPolicyValue(precedence_table_, el->address);
+    el->label = GetPolicyValue(label_table_, el->address);
+
+    // Each socket can only be bound once.
+    scoped_ptr<DatagramClientSocket> socket(
+        socket_factory_->CreateDatagramClientSocket(
+            DatagramSocket::DEFAULT_BIND,
+            RandIntCallback(),
+            NULL /* NetLog */,
+            NetLog::Source()));
+
+    // Even though no packets are sent, cannot use port 0 in Connect.
+    IPEndPoint dest(el->address, 80 /* port */);
+    int rv = socket->Connect(dest);
+    if (rv != OK) {
+      LOG(WARNING) << "Could not connect to " << dest.ToStringWithoutPort()
+                   << " reason " << rv;
+      continue;
+    }
+    // Filter out unsable destinations.

[mmenke, 2012/07/30 19:40:34]

nit:  unuseable

+    IPEndPoint src;
+    rv = socket->GetLocalAddress(&src);
+    if (rv != OK) {
+      LOG(WARNING) << "Could not get local address for "
+                   << dest.ToStringWithoutPort() << " reason " << rv;
+      continue;
+    }
+
+    SourceAddressMap::const_iterator it = source_info_.find(src.address());
+    if (it != source_info_.end()) {
+      el->src = &(it->second);
+    } else {
+      // If |source_info_| is out of date, we still want to sort, although
+      // the HostCache will need to be cleared once it is updated.
+      el->src = &mock_source_info_;

[mmenke, 2012/07/30 19:40:34]

Wonder if this case could occur often enough that it's worth getting the scope,
label, and precedence.

[szym, 2012/07/30 20:55:52]

If the AddressTrackerLinux implementation is trustworthy, then the time during
which SourceAddressMap does not have the address should be essentially none and
the results quickly eradicated by a flush in HostResolverImpl. However, since I
cannot guarantee the ordering of AddressTrackerLinux::OnIPAddressChanged and
HostResolverImpl::::OnIPAddressChanged, I need to gracefully handle the
staleness to avoid dispatching getaddrinfo (which cannot be cancelled).

If it's more comforting to provide the accurate policy values, I'll change this
to add new entry in |source_info_| if none present.

[mmenke, 2012/07/30 21:07:17]

That's probably more effort than it's worth...  Assuming the AddressTracker
doesn't spam us with address changes, and that when this happens we do have an
address change pending.

[szym, 2012/08/06 23:22:20]

I figured the code looks cleaner without mock_source_info_. The price is the
necessary "mutable" on |source_map_|.

+    }
+
+    if (el->address.size() == src.address().size()) {
+      el->common_prefix_length = std::min(
+          CommonPrefixLength(el->address, src.address()),
+          el->src->prefix_length);
+    }
+    sort_list.push_back(el.release());
+  }
+
+  std::stable_sort(sort_list.begin(), sort_list.end(), CompareElements);
+
+  list->clear();
+  for (size_t i = 0; i < sort_list.size(); ++i)
+    list->push_back(IPEndPoint(sort_list[i]->address, 0 /* port */));
+
+  return true;
+}
+
+void AddressSorterPosix::OnIPAddressChanged() {
+#if defined(OS_LINUX)
+  const internal::AddressTrackerLinux* tracker =
+      NetworkChangeNotifier::GetAddressTracker();
+  if (!tracker)
+    return;

[szym, 2012/07/30 16:28:45]

There's a potential race during shutdown of NetworkChangeNotifier. Currently,
NCN can live on any thread, so it can be destroyed on any thread. Consequently,
the result of NCN::GetAddressTracker might disappear at any time.

I see two potential solutions:
1) Make NCN live on the I/O thread and GetAddressTracker only legal on the I/O
thread.
2) Make AddressTracker internal to NCN and have another copy for
AddressSorterPosix. In the original review of AddressTracker
(https://chromiumcodereview.appspot.com/10689015), vandebo suggested that this
is redundant, but the threading around NCN complicates things.

+  typedef internal::AddressTrackerLinux::AddressMap AddressMap;
+  AddressMap map = tracker->GetAddressMap();
+  source_info_.clear();
+  for (AddressMap::const_iterator it = map.begin(); it != map.end(); ++it) {
+    const IPAddressNumber& address = it->first;
+    const struct ifaddrmsg& msg = it->second;
+    SourceAddressInfo& info = source_info_[address];
+    info.native = false;  // TODO(szym): obtain this via netlink.
+    info.deprecated = msg.ifa_flags & IFA_F_DEPRECATED;
+    info.home = msg.ifa_flags & IFA_F_HOMEADDRESS;
+    info.prefix_length = msg.ifa_prefixlen;
+    info.label = GetPolicyValue(label_table_, address);
+    info.scope = GetScope(scope_table_, address);
+  }
+#elif defined(OS_MACOSX) || defined(OS_BSD)
+  // It's not clear we will receive notification when deprecated flag changes.
+  source_info_.clear();
+  // Socket for ioctl.
+  int ioctl_socket = socket(AF_INET6, SOCK_DGRAM, 0);
+  if (ioctl_socket < 0) {
+    perror("ioctl_socket");
+    return;
+  }
+  struct ifaddrs* addrs;
+  int rv = getifaddrs(&addrs);
+  if (rv < 0) {
+    perror("getifaddrs");
+    close(ioctl_socket);
+    return;
+  }
+
+  for (struct ifaddrs* ifa = addrs; ifa != NULL; ifa = ifa->ifa_next) {
+    IPEndPoint src;
+    int rv = src.FromSockAddr(ifa->ifa_addr, ifa->ifa_addr->sa_len);
+    if (rv != OK) {
+      LOG(WARNING) << "could not ToSockAddr " << rv;

[mmenke, 2012/07/30 15:37:00]

FromSockAddr?

+      continue;
+    }
+    IPEndPoint netmask;
+    rv = netmask.FromSockAddr(ifa->ifa_netmask, ifa->ifa_addr->sa_len);
+    if (rv != OK) {
+      LOG(WARNING) << "could not ToSockAddr " << rv;

[mmenke, 2012/07/30 15:37:00]

FromSockAddr?

+      continue;
+    }
+    SourceAddressInfo& info = source_info_[src.address()];
+    // Note: no known way to fill in |native| and |home|.
+    info.native = info.home = info.deprecated = false;
+    if (ifa->ifa_addr->sa_family == AF_INET6) {
+      struct in6_ifreq ifr = {};
+      strncpy(ifr.ifr_name, ifa->ifa_name, sizeof(ifr.ifr_name) - 1);
+      DCHECK_LE(ifa->ifa_addr->sa_len, sizeof(ifr.ifr_ifru.ifru_addr));
+      memcpy(&ifr.ifr_ifru.ifru_addr, ifa->ifa_addr, ifa->ifa_addr->sa_len);
+      rv = ioctl(ioctl_socket, SIOCGIFAFLAG_IN6, &ifr);
+      if (rv < 0) {
+        perror("ioctl failed ");
+        continue;
+      }
+      info.deprecated = ifr.ifr_ifru.ifru_flags & IN6_IFF_DEPRECATED;
+    }
+    info.prefix_length = PrefixLength(netmask.address());
+    info.label = GetPolicyValue(label_table_, src.address());
+    info.scope = GetScope(scope_table_, src.address());
+  }
+  freeifaddrs(addrs);
+  close(ioctl_socket);
+#endif
+}
+
+}  // namespace
+
+// static
+scoped_ptr<AddressSorter> AddressSorter::CreateAddressSorter() {
+  return scoped_ptr<AddressSorter>(
+      new AddressSorterPosix(ClientSocketFactory::GetDefaultFactory()));
+}
+
+}  // namespace net
+