[LEDE-DEV] [PATCH netifd] interface-ip: add missing IPv6 policy rule

Hans Dedecker dedeckeh at gmail.com
Thu Nov 16 06:42:41 PST 2017 

Commit 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa added interface routing
table support; as a result for IPv6 the prefix route linked to the IPv6
address is added to the specified IPv6 interface routing table.
In order to route traffic having as destination the IPv6 prefix a policy
rule is required using the prefix destination as policy so the traffic is
passed to the correct routing table.
The IPv6 prefix address logic was not installing this policy rule effectively
breaking routing when trying to reach a global or ULA IPv6 address in the
lan from either the device or another wan device.

Signed-off-by: Hans Dedecker <dedeckeh at gmail.com>
---
 interface-ip.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/interface-ip.c b/interface-ip.c
index 45ffc66..1490ca4 100644
--- a/interface-ip.c
+++ b/interface-ip.c
@@ -787,6 +787,10 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment,
 		if (!addr.valid_until || addr.valid_until - now > 7200)
 			addr.valid_until = now + 7200;
 
+		if (iface->ip6table)
+			set_ip_source_policy(false, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr,
+					addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false);
+
 		if (prefix->iface) {
 			if (prefix->iface->ip6table)
 				set_ip_source_policy(false, true, IPRULE_PRIORITY_NW, &addr.addr,
@@ -803,13 +807,19 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment,
 	} else if (add && (iface->state == IFS_UP || iface->state == IFS_SETUP) &&
 			!system_add_address(l3_downlink, &addr)) {
 
-		if (prefix->iface && !assignment->enabled) {
-			set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
-					addr.mask, 0, iface, "unreachable", true);
+		if (!assignment->enabled) {
+			if (iface->ip6table)
+				set_ip_source_policy(true, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr,
+						addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false);
 
-			if (prefix->iface->ip6table)
-				set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
-						addr.mask, prefix->iface->ip6table, iface, NULL, true);
+			if (prefix->iface) {
+				set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
+						addr.mask, 0, iface, "unreachable", true);
+
+				if (prefix->iface->ip6table)
+					set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
+							addr.mask, prefix->iface->ip6table, iface, NULL, true);
+			}
 		}
 
 		route.metric = iface->metric;
-- 
1.9.1

More information about the Lede-dev mailing list