[LEDE-DEV] [PATCH netifd] interface-ip: add missing IPv6 policy rule

Paul Oranje por at oranjevos.nl
Thu Nov 16 09:02:25 PST 2017 

git show 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa
yields:
fatal: bad object 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa

Paul

> Op 16 nov. 2017, om 15:42 heeft Hans Dedecker <dedeckeh at gmail.com> het volgende geschreven:
> 
> Commit 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa added interface routing
> table support; as a result for IPv6 the prefix route linked to the IPv6
> address is added to the specified IPv6 interface routing table.
> In order to route traffic having as destination the IPv6 prefix a policy
> rule is required using the prefix destination as policy so the traffic is
> passed to the correct routing table.
> The IPv6 prefix address logic was not installing this policy rule effectively
> breaking routing when trying to reach a global or ULA IPv6 address in the
> lan from either the device or another wan device.
> 
> Signed-off-by: Hans Dedecker <dedeckeh at gmail.com>
> ---
> interface-ip.c | 22 ++++++++++++++++------
> 1 file changed, 16 insertions(+), 6 deletions(-)
> 
> diff --git a/interface-ip.c b/interface-ip.c
> index 45ffc66..1490ca4 100644
> --- a/interface-ip.c
> +++ b/interface-ip.c
> @@ -787,6 +787,10 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment,
> 		if (!addr.valid_until || addr.valid_until - now > 7200)
> 			addr.valid_until = now + 7200;
> 
> +		if (iface->ip6table)
> +			set_ip_source_policy(false, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr,
> +					addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false);
> +
> 		if (prefix->iface) {
> 			if (prefix->iface->ip6table)
> 				set_ip_source_policy(false, true, IPRULE_PRIORITY_NW, &addr.addr,
> @@ -803,13 +807,19 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment,
> 	} else if (add && (iface->state == IFS_UP || iface->state == IFS_SETUP) &&
> 			!system_add_address(l3_downlink, &addr)) {
> 
> -		if (prefix->iface && !assignment->enabled) {
> -			set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
> -					addr.mask, 0, iface, "unreachable", true);
> +		if (!assignment->enabled) {
> +			if (iface->ip6table)
> +				set_ip_source_policy(true, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr,
> +						addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false);
> 
> -			if (prefix->iface->ip6table)
> -				set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
> -						addr.mask, prefix->iface->ip6table, iface, NULL, true);
> +			if (prefix->iface) {
> +				set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
> +						addr.mask, 0, iface, "unreachable", true);
> +
> +				if (prefix->iface->ip6table)
> +					set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
> +							addr.mask, prefix->iface->ip6table, iface, NULL, true);
> +			}
> 		}
> 
> 		route.metric = iface->metric;
> -- 
> 1.9.1
> 
> 
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev

More information about the Lede-dev mailing list