[LEDE-DEV] [PATCH netifd] interface-ip: add missing IPv6 policy rule
Hans Dedecker
dedeckeh at gmail.com
Thu Nov 16 09:15:51 PST 2017
On Thu, Nov 16, 2017 at 6:02 PM, Paul Oranje <por at oranjevos.nl> wrote:
> git show 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa
> yields:
> fatal: bad object 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa
Are you sure you're doing git show in the netifd git repo ?
The link to the netifd commit is
https://git.lede-project.org/?p=project/netifd.git;a=commit;h=2f31bff38d4dc2f36006ded6b8a7d039cb569eaa
Hans
>
> Paul
>
>> Op 16 nov. 2017, om 15:42 heeft Hans Dedecker <dedeckeh at gmail.com> het volgende geschreven:
>>
>> Commit 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa added interface routing
>> table support; as a result for IPv6 the prefix route linked to the IPv6
>> address is added to the specified IPv6 interface routing table.
>> In order to route traffic having as destination the IPv6 prefix a policy
>> rule is required using the prefix destination as policy so the traffic is
>> passed to the correct routing table.
>> The IPv6 prefix address logic was not installing this policy rule effectively
>> breaking routing when trying to reach a global or ULA IPv6 address in the
>> lan from either the device or another wan device.
>>
>> Signed-off-by: Hans Dedecker <dedeckeh at gmail.com>
>> ---
>> interface-ip.c | 22 ++++++++++++++++------
>> 1 file changed, 16 insertions(+), 6 deletions(-)
>>
>> diff --git a/interface-ip.c b/interface-ip.c
>> index 45ffc66..1490ca4 100644
>> --- a/interface-ip.c
>> +++ b/interface-ip.c
>> @@ -787,6 +787,10 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment,
>> if (!addr.valid_until || addr.valid_until - now > 7200)
>> addr.valid_until = now + 7200;
>>
>> + if (iface->ip6table)
>> + set_ip_source_policy(false, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr,
>> + addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false);
>> +
>> if (prefix->iface) {
>> if (prefix->iface->ip6table)
>> set_ip_source_policy(false, true, IPRULE_PRIORITY_NW, &addr.addr,
>> @@ -803,13 +807,19 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment,
>> } else if (add && (iface->state == IFS_UP || iface->state == IFS_SETUP) &&
>> !system_add_address(l3_downlink, &addr)) {
>>
>> - if (prefix->iface && !assignment->enabled) {
>> - set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
>> - addr.mask, 0, iface, "unreachable", true);
>> + if (!assignment->enabled) {
>> + if (iface->ip6table)
>> + set_ip_source_policy(true, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr,
>> + addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false);
>>
>> - if (prefix->iface->ip6table)
>> - set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
>> - addr.mask, prefix->iface->ip6table, iface, NULL, true);
>> + if (prefix->iface) {
>> + set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
>> + addr.mask, 0, iface, "unreachable", true);
>> +
>> + if (prefix->iface->ip6table)
>> + set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
>> + addr.mask, prefix->iface->ip6table, iface, NULL, true);
>> + }
>> }
>>
>> route.metric = iface->metric;
>> --
>> 1.9.1
>>
>>
>> _______________________________________________
>> Lede-dev mailing list
>> Lede-dev at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/lede-dev
>
More information about the Lede-dev
mailing list