[LEDE-DEV] [PATCH netifd] interface-ip: add missing IPv6 policy rule
Paul Oranje
por at oranjevos.nl
Thu Nov 16 09:02:25 PST 2017
git show 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa
yields:
fatal: bad object 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa
Paul
> Op 16 nov. 2017, om 15:42 heeft Hans Dedecker <dedeckeh at gmail.com> het volgende geschreven:
>
> Commit 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa added interface routing
> table support; as a result for IPv6 the prefix route linked to the IPv6
> address is added to the specified IPv6 interface routing table.
> In order to route traffic having as destination the IPv6 prefix a policy
> rule is required using the prefix destination as policy so the traffic is
> passed to the correct routing table.
> The IPv6 prefix address logic was not installing this policy rule effectively
> breaking routing when trying to reach a global or ULA IPv6 address in the
> lan from either the device or another wan device.
>
> Signed-off-by: Hans Dedecker <dedeckeh at gmail.com>
> ---
> interface-ip.c | 22 ++++++++++++++++------
> 1 file changed, 16 insertions(+), 6 deletions(-)
>
> diff --git a/interface-ip.c b/interface-ip.c
> index 45ffc66..1490ca4 100644
> --- a/interface-ip.c
> +++ b/interface-ip.c
> @@ -787,6 +787,10 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment,
> if (!addr.valid_until || addr.valid_until - now > 7200)
> addr.valid_until = now + 7200;
>
> + if (iface->ip6table)
> + set_ip_source_policy(false, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr,
> + addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false);
> +
> if (prefix->iface) {
> if (prefix->iface->ip6table)
> set_ip_source_policy(false, true, IPRULE_PRIORITY_NW, &addr.addr,
> @@ -803,13 +807,19 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment,
> } else if (add && (iface->state == IFS_UP || iface->state == IFS_SETUP) &&
> !system_add_address(l3_downlink, &addr)) {
>
> - if (prefix->iface && !assignment->enabled) {
> - set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
> - addr.mask, 0, iface, "unreachable", true);
> + if (!assignment->enabled) {
> + if (iface->ip6table)
> + set_ip_source_policy(true, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr,
> + addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false);
>
> - if (prefix->iface->ip6table)
> - set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
> - addr.mask, prefix->iface->ip6table, iface, NULL, true);
> + if (prefix->iface) {
> + set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
> + addr.mask, 0, iface, "unreachable", true);
> +
> + if (prefix->iface->ip6table)
> + set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
> + addr.mask, prefix->iface->ip6table, iface, NULL, true);
> + }
> }
>
> route.metric = iface->metric;
> --
> 1.9.1
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
More information about the Lede-dev
mailing list