From b94057911554e04df9b709f8354e2e220131096a Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Tue, 16 Jan 2018 16:20:01 +0100
Subject: Filter: Allow silent filter execution

A filter should log messages only if executed explicitly (e.g., during
route export or route import). When a filter is executed for technical
reasons (e.g., to establish whether a route was exported before), it
should run silently.
---
 sysdep/unix/krt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sysdep/unix')

diff --git a/sysdep/unix/krt.c b/sysdep/unix/krt.c
index 07a55c0d..526c0cab 100644
--- a/sysdep/unix/krt.c
+++ b/sysdep/unix/krt.c
@@ -632,7 +632,7 @@ krt_export_net(struct krt_proto *p, net *net, rte **rt_free, ea_list **tmpa)
   if (filter == FILTER_ACCEPT)
     goto accept;
 
-  if (f_run(filter, &rt, tmpa, krt_filter_lp, FF_FORCE_TMPATTR) > F_ACCEPT)
+  if (f_run(filter, &rt, tmpa, krt_filter_lp, FF_FORCE_TMPATTR | FF_SILENT) > F_ACCEPT)
     goto reject;
 
 
-- 
cgit v1.2.3


From e5ff7929c4d85b84496cdfc46f006b8cd1b4c0e5 Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Tue, 23 Jan 2018 14:48:07 +0100
Subject: KRT: Remove useless option

---
 sysdep/unix/krt.Y | 1 -
 sysdep/unix/krt.c | 2 +-
 sysdep/unix/krt.h | 1 -
 3 files changed, 1 insertion(+), 3 deletions(-)

(limited to 'sysdep/unix')

diff --git a/sysdep/unix/krt.Y b/sysdep/unix/krt.Y
index 1cb28389..31f5f1d4 100644
--- a/sysdep/unix/krt.Y
+++ b/sysdep/unix/krt.Y
@@ -78,7 +78,6 @@ kern_item:
 	cf_error("Learning of kernel routes not supported on this platform");
 #endif
    }
- | DEVICE ROUTES bool { THIS_KRT->devroutes = $3; }
  | GRACEFUL RESTART bool { THIS_KRT->graceful_restart = $3; }
  | MERGE PATHS bool kern_mp_limit {
       krt_set_merge_paths(this_channel, $3, $4);
diff --git a/sysdep/unix/krt.c b/sysdep/unix/krt.c
index 29d2d01e..d4c0db72 100644
--- a/sysdep/unix/krt.c
+++ b/sysdep/unix/krt.c
@@ -1159,7 +1159,7 @@ krt_reconfigure(struct proto *p, struct proto_config *CF)
     return 0;
 
   /* persist, graceful restart need not be the same */
-  return o->scan_time == n->scan_time && o->learn == n->learn && o->devroutes == n->devroutes;
+  return o->scan_time == n->scan_time && o->learn == n->learn;
 }
 
 struct proto_config *
diff --git a/sysdep/unix/krt.h b/sysdep/unix/krt.h
index 3bfccfc2..8d3add0e 100644
--- a/sysdep/unix/krt.h
+++ b/sysdep/unix/krt.h
@@ -49,7 +49,6 @@ struct krt_config {
   btime scan_time;		/* How often we re-scan routes */
   int persist;			/* Keep routes when we exit */
   int learn;			/* Learn routes from other sources */
-  int devroutes;		/* XXX: remove */
   int graceful_restart;		/* Regard graceful restart recovery */
 };
 
-- 
cgit v1.2.3


From ace3072e09e445b2fd8554492b80bea5cc1f3411 Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Tue, 23 Jan 2018 15:12:43 +0100
Subject: KRT: Fix option 'merge paths'

---
 sysdep/unix/krt.Y | 12 +-----------
 sysdep/unix/krt.c |  9 ++++++++-
 sysdep/unix/krt.h |  1 +
 3 files changed, 10 insertions(+), 12 deletions(-)

(limited to 'sysdep/unix')

diff --git a/sysdep/unix/krt.Y b/sysdep/unix/krt.Y
index 31f5f1d4..9aac8668 100644
--- a/sysdep/unix/krt.Y
+++ b/sysdep/unix/krt.Y
@@ -16,16 +16,6 @@ CF_DEFINES
 #define THIS_KIF ((struct kif_config *) this_proto)
 #define KIF_IFACE ((struct kif_iface_config *) this_ipatt)
 
-static void
-krt_set_merge_paths(struct channel_config *cc, uint merge, uint limit)
-{
-  if ((limit <= 0) || (limit > 255))
-    cf_error("Merge paths limit must be in range 1-255");
-
-  cc->ra_mode = merge ? RA_MERGED : RA_OPTIMAL;
-  cc->merge_limit = limit;
-}
-
 static void
 kif_set_preferred(ip_addr ip)
 {
@@ -80,7 +70,7 @@ kern_item:
    }
  | GRACEFUL RESTART bool { THIS_KRT->graceful_restart = $3; }
  | MERGE PATHS bool kern_mp_limit {
-      krt_set_merge_paths(this_channel, $3, $4);
+      THIS_KRT->merge_paths = $3 ? $4 : 0;
 #ifndef KRT_ALLOW_MERGE_PATHS
       if ($3)
 	cf_error("Path merging not supported on this platform");
diff --git a/sysdep/unix/krt.c b/sysdep/unix/krt.c
index d4c0db72..bfdbfa4e 100644
--- a/sysdep/unix/krt.c
+++ b/sysdep/unix/krt.c
@@ -1059,11 +1059,18 @@ krt_postconfig(struct proto_config *CF)
     cf_error("All kernel syncers must use the same table scan interval");
 #endif
 
-  struct rtable_config *tab = proto_cf_main_channel(CF)->table;
+  struct channel_config *cc = proto_cf_main_channel(CF);
+  struct rtable_config *tab = cc->table;
   if (tab->krt_attached)
     cf_error("Kernel syncer (%s) already attached to table %s", tab->krt_attached->name, tab->name);
   tab->krt_attached = CF;
 
+  if (cf->merge_paths)
+  {
+    cc->ra_mode = RA_MERGED;
+    cc->merge_limit = cf->merge_paths;
+  }
+
   krt_sys_postconfig(cf);
 }
 
diff --git a/sysdep/unix/krt.h b/sysdep/unix/krt.h
index 8d3add0e..b627882d 100644
--- a/sysdep/unix/krt.h
+++ b/sysdep/unix/krt.h
@@ -50,6 +50,7 @@ struct krt_config {
   int persist;			/* Keep routes when we exit */
   int learn;			/* Learn routes from other sources */
   int graceful_restart;		/* Regard graceful restart recovery */
+  int merge_paths;		/* Exported routes are merged for ECMP */
 };
 
 struct krt_proto {
-- 
cgit v1.2.3


From d6cf996151307d083c30e4ecde0f1d7449b19253 Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Tue, 23 Jan 2018 17:05:45 +0100
Subject: IO: Fix socket priority

On Linux, setting the ToS will also set the priority and the range of
accepted values is quite limited (masked by 0x1e). Therefore, 0xc0 is
translated to a priority of 0, not something we want, overriding the
"7" priority which was set previously explicitely. To avoid that, just
move setting priority later in the code.

Thanks to Vincent Bernat for the patch.
---
 sysdep/unix/io.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'sysdep/unix')

diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c
index 6d6a0990..53a37a50 100644
--- a/sysdep/unix/io.c
+++ b/sysdep/unix/io.c
@@ -1238,10 +1238,6 @@ sk_setup(sock *s)
 #endif
   }
 
-  if (s->priority >= 0)
-    if (sk_set_priority(s, s->priority) < 0)
-      return -1;
-
   if (sk_is_ipv4(s))
   {
     if (s->flags & SKF_LADDR_RX)
@@ -1292,6 +1288,11 @@ sk_setup(sock *s)
 	return -1;
   }
 
+  /* Must be after sk_set_tos4() as setting ToS on Linux also mangles priority */
+  if (s->priority >= 0)
+    if (sk_set_priority(s, s->priority) < 0)
+      return -1;
+
   return 0;
 }
 
-- 
cgit v1.2.3


From 28b3b551222ab58456a067a9be4790824cdbb60e Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Tue, 6 Feb 2018 16:08:45 +0100
Subject: KRT: Fix IPv6 route learn

Internal table used for route learn was created with non-matching net
type for IPv6 kernel proto.

Thanks to Toke Hoiland-Jorgensen for the bugreport
---
 bird.conf         |  7 ++++---
 nest/route.h      |  2 +-
 nest/rt-table.c   | 19 ++++++++-----------
 sysdep/unix/krt.c |  8 +++++++-
 4 files changed, 20 insertions(+), 16 deletions(-)

(limited to 'sysdep/unix')

diff --git a/bird.conf b/bird.conf
index 410f190c..e383c934 100644
--- a/bird.conf
+++ b/bird.conf
@@ -22,13 +22,14 @@ protocol direct {
 
 # Feed routes to kernel FIB
 protocol kernel {
-	ipv4 { export all; };
-#	learn;			# Learn all routes from the kernel
+	ipv4 { export all; import all; };
+	learn;			# Learn all routes from the kernel
 #	scan time 10;		# Scan kernel tables every 10 seconds
 }
 
 protocol kernel {
-	ipv6;
+	ipv6 { import all; };
+	learn;
 }
 
 # Static route feed
diff --git a/nest/route.h b/nest/route.h
index 43d7d696..1c86110b 100644
--- a/nest/route.h
+++ b/nest/route.h
@@ -282,7 +282,7 @@ void rt_preconfig(struct config *);
 void rt_commit(struct config *new, struct config *old);
 void rt_lock_table(rtable *);
 void rt_unlock_table(rtable *);
-void rt_setup(pool *, rtable *, char *, struct rtable_config *);
+void rt_setup(pool *, rtable *, struct rtable_config *);
 static inline net *net_find(rtable *tab, const net_addr *addr) { return (net *) fib_find(&tab->fib, addr); }
 static inline net *net_find_valid(rtable *tab, const net_addr *addr)
 { net *n = net_find(tab, addr); return (n && rte_is_valid(n->routes)) ? n : NULL; }
diff --git a/nest/rt-table.c b/nest/rt-table.c
index 6ee261e8..784f6cfb 100644
--- a/nest/rt-table.c
+++ b/nest/rt-table.c
@@ -1599,22 +1599,19 @@ rt_event(void *ptr)
 }
 
 void
-rt_setup(pool *p, rtable *t, char *name, struct rtable_config *cf)
+rt_setup(pool *p, rtable *t, struct rtable_config *cf)
 {
   bzero(t, sizeof(*t));
-  t->name = name;
+  t->name = cf->name;
   t->config = cf;
-  t->addr_type = cf ? cf->addr_type : NET_IP4;
+  t->addr_type = cf->addr_type;
   fib_init(&t->fib, p, t->addr_type, sizeof(net), OFFSETOF(net, n), 0, NULL);
   init_list(&t->channels);
 
-  if (cf)
-    {
-      t->rt_event = ev_new(p);
-      t->rt_event->hook = rt_event;
-      t->rt_event->data = t;
-      t->gc_time = current_time();
-    }
+  t->rt_event = ev_new(p);
+  t->rt_event->hook = rt_event;
+  t->rt_event->data = t;
+  t->gc_time = current_time();
 }
 
 /**
@@ -2090,7 +2087,7 @@ rt_commit(struct config *new, struct config *old)
       {
 	rtable *t = mb_alloc(rt_table_pool, sizeof(struct rtable));
 	DBG("\t%s: created\n", r->name);
-	rt_setup(rt_table_pool, t, r->name, r);
+	rt_setup(rt_table_pool, t, r);
 	add_tail(&routing_tables, &t->n);
 	r->table = t;
       }
diff --git a/sysdep/unix/krt.c b/sysdep/unix/krt.c
index e7bd79e3..a3cbb336 100644
--- a/sysdep/unix/krt.c
+++ b/sysdep/unix/krt.c
@@ -506,7 +506,13 @@ static void
 krt_learn_init(struct krt_proto *p)
 {
   if (KRT_CF->learn)
-    rt_setup(p->p.pool, &p->krt_table, "Inherited", NULL);
+  {
+    struct rtable_config *cf = mb_allocz(p->p.pool, sizeof(struct rtable_config));
+    cf->name = "Inherited";
+    cf->addr_type = p->p.net_type;
+
+    rt_setup(p->p.pool, &p->krt_table, cf);
+  }
 }
 
 static void
-- 
cgit v1.2.3


From be17805c0bbd37e865dc9b17b56e8e8d210c2c6c Mon Sep 17 00:00:00 2001
From: "Ondrej Zajicek (work)" <santiago@crfreenet.org>
Date: Tue, 13 Feb 2018 16:27:57 +0100
Subject: Add support for source-specific IPv6 routes to BIRD core

This patch adds support for source-specific IPv6 routes to BIRD core.
This is based on Dean Luga's original patch, with the review comments
addressed. SADR support is added to network address parsing in confbase.Y
and to the kernel protocol on Linux.

Currently there is no way to mix source-specific and non-source-specific
routes (i.e., SADR tables cannot be connected to non-SADR tables).

Thanks to Toke Hoiland-Jorgensen for the original patch.
Minor changes by Ondrej Santiago Zajicek.
---
 conf/confbase.Y        | 24 ++++++++++++--
 lib/net.c              | 23 +++++++++++++
 lib/net.h              | 90 +++++++++++++++++++++++++++++++++++++++++++++-----
 nest/config.Y          | 13 ++++++--
 nest/rt-fib.c          |  2 ++
 nest/rt-table.c        | 42 +++++++++++++++++++++++
 sysdep/cf/linux.h      |  1 +
 sysdep/linux/netlink.c | 43 +++++++++++++++++++-----
 sysdep/unix/krt.c      | 25 +++++++++-----
 9 files changed, 233 insertions(+), 30 deletions(-)

(limited to 'sysdep/unix')

diff --git a/conf/confbase.Y b/conf/confbase.Y
index 7e0537c5..c2d647eb 100644
--- a/conf/confbase.Y
+++ b/conf/confbase.Y
@@ -83,7 +83,7 @@ CF_DECLS
 %type <time> expr_us time
 %type <a> ipa
 %type <net> net_ip4_ net_ip6_ net_ip6 net_ip_ net_ip net_or_ipa
-%type <net_ptr> net_ net_any net_vpn4_ net_vpn6_ net_vpn_ net_roa4_ net_roa6_ net_roa_ net_mpls_
+%type <net_ptr> net_ net_any net_vpn4_ net_vpn6_ net_vpn_ net_roa4_ net_roa6_ net_roa_ net_ip6_sadr_ net_mpls_
 %type <mls> label_stack_start label_stack
 
 %type <t> text opttext
@@ -96,7 +96,7 @@ CF_DECLS
 %left '!'
 %nonassoc '.'
 
-CF_KEYWORDS(DEFINE, ON, OFF, YES, NO, S, MS, US, PORT, VPN, MPLS)
+CF_KEYWORDS(DEFINE, ON, OFF, YES, NO, S, MS, US, PORT, VPN, MPLS, FROM)
 
 CF_GRAMMAR
 
@@ -206,6 +206,25 @@ net_ip6_: IP6 '/' NUM
 	     n->prefix, n->pxlen, ip6_and(n->prefix, ip6_mkmask(n->pxlen)), n->pxlen);
 };
 
+net_ip6_sadr_: IP6 '/' NUM FROM IP6 '/' NUM
+{
+  if ($3 > IP6_MAX_PREFIX_LENGTH)
+    cf_error("Invalid prefix length %u", $3);
+
+  if ($7 > IP6_MAX_PREFIX_LENGTH)
+    cf_error("Invalid prefix length %u", $7);
+
+  $$ = cfg_alloc(sizeof(net_addr_ip6_sadr));
+  net_fill_ip6_sadr($$, $1, $3, $5, $7);
+
+  net_addr_ip6_sadr *n = (void *) $$;
+  if (!net_validate_ip6_sadr(n))
+    cf_error("Invalid SADR IPv6 prefix %I6/%d from %I6/%d, maybe you wanted %I6/%d from %I6/%d",
+	     n->dst_prefix, n->dst_pxlen, n->src_prefix, n->src_pxlen,
+	     ip6_and(n->dst_prefix, ip6_mkmask(n->dst_pxlen)), n->dst_pxlen,
+	     ip6_and(n->src_prefix, ip6_mkmask(n->src_pxlen)), n->src_pxlen);
+};
+
 net_vpn4_: VPN_RD net_ip4_
 {
   $$ = cfg_alloc(sizeof(net_addr_vpn4));
@@ -249,6 +268,7 @@ net_:
  | net_vpn_
  | net_roa_
  | net_flow_
+ | net_ip6_sadr_
  | net_mpls_
  ;
 
diff --git a/lib/net.c b/lib/net.c
index 3e5d62e2..976ddbcc 100644
--- a/lib/net.c
+++ b/lib/net.c
@@ -14,6 +14,7 @@ const char * const net_label[] = {
   [NET_ROA6]	= "roa6",
   [NET_FLOW4]	= "flow4",
   [NET_FLOW6]	= "flow6",
+  [NET_IP6_SADR]= "ipv6-sadr",
   [NET_MPLS]	= "mpls",
 };
 
@@ -26,6 +27,7 @@ const u16 net_addr_length[] = {
   [NET_ROA6]	= sizeof(net_addr_roa6),
   [NET_FLOW4]	= 0,
   [NET_FLOW6]	= 0,
+  [NET_IP6_SADR]= sizeof(net_addr_ip6_sadr),
   [NET_MPLS]	= sizeof(net_addr_mpls),
 };
 
@@ -38,6 +40,7 @@ const u8 net_max_prefix_length[] = {
   [NET_ROA6]	= IP6_MAX_PREFIX_LENGTH,
   [NET_FLOW4]	= IP4_MAX_PREFIX_LENGTH,
   [NET_FLOW6]	= IP6_MAX_PREFIX_LENGTH,
+  [NET_IP6_SADR]= IP6_MAX_PREFIX_LENGTH,
   [NET_MPLS]	= 0,
 };
 
@@ -50,6 +53,7 @@ const u16 net_max_text_length[] = {
   [NET_ROA6]	= 60,	/* "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128-128 AS4294967295" */
   [NET_FLOW4]	= 0,	/* "flow4 { ... }" */
   [NET_FLOW6]	= 0,	/* "flow6 { ... }" */
+  [NET_IP6_SADR]= 92,	/* "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 from ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128" */
   [NET_MPLS]	= 7,	/* "1048575" */
 };
 
@@ -102,6 +106,8 @@ net_format(const net_addr *N, char *buf, int buflen)
     return flow4_net_format(buf, buflen, &n->flow4);
   case NET_FLOW6:
     return flow6_net_format(buf, buflen, &n->flow6);
+  case NET_IP6_SADR:
+    return bsnprintf(buf, buflen, "%I6/%d from %I6/%d", n->ip6_sadr.dst_prefix, n->ip6_sadr.dst_pxlen, n->ip6_sadr.src_prefix, n->ip6_sadr.src_pxlen);
   case NET_MPLS:
     return bsnprintf(buf, buflen, "%u", n->mpls.label);
   }
@@ -124,6 +130,7 @@ net_pxmask(const net_addr *a)
   case NET_VPN6:
   case NET_ROA6:
   case NET_FLOW6:
+  case NET_IP6_SADR:
     return ipa_from_ip6(ip6_mkmask(net6_pxlen(a)));
 
   case NET_MPLS:
@@ -156,6 +163,8 @@ net_compare(const net_addr *a, const net_addr *b)
     return net_compare_flow4((const net_addr_flow4 *) a, (const net_addr_flow4 *) b);
   case NET_FLOW6:
     return net_compare_flow6((const net_addr_flow6 *) a, (const net_addr_flow6 *) b);
+  case NET_IP6_SADR:
+    return net_compare_ip6_sadr((const net_addr_ip6_sadr *) a, (const net_addr_ip6_sadr *) b);
   case NET_MPLS:
     return net_compare_mpls((const net_addr_mpls *) a, (const net_addr_mpls *) b);
   }
@@ -177,6 +186,7 @@ net_hash(const net_addr *n)
   case NET_ROA6: return NET_HASH(n, roa6);
   case NET_FLOW4: return NET_HASH(n, flow4);
   case NET_FLOW6: return NET_HASH(n, flow6);
+  case NET_IP6_SADR: return NET_HASH(n, ip6_sadr);
   case NET_MPLS: return NET_HASH(n, mpls);
   default: bug("invalid type");
   }
@@ -198,6 +208,7 @@ net_validate(const net_addr *n)
   case NET_ROA6: return NET_VALIDATE(n, roa6);
   case NET_FLOW4: return NET_VALIDATE(n, flow4);
   case NET_FLOW6: return NET_VALIDATE(n, flow6);
+  case NET_IP6_SADR: return NET_VALIDATE(n, ip6_sadr);
   case NET_MPLS: return NET_VALIDATE(n, mpls);
   default: return 0;
   }
@@ -222,6 +233,9 @@ net_normalize(net_addr *N)
   case NET_FLOW6:
     return net_normalize_ip6(&n->ip6);
 
+  case NET_IP6_SADR:
+    return net_normalize_ip6_sadr(&n->ip6_sadr);
+
   case NET_MPLS:
     return;
   }
@@ -246,6 +260,9 @@ net_classify(const net_addr *N)
   case NET_FLOW6:
     return ip6_zero(n->ip6.prefix) ? (IADDR_HOST | SCOPE_UNIVERSE) : ip6_classify(&n->ip6.prefix);
 
+  case NET_IP6_SADR:
+    return ip6_zero(n->ip6_sadr.dst_prefix) ? (IADDR_HOST | SCOPE_UNIVERSE) : ip6_classify(&n->ip6_sadr.dst_prefix);
+
   case NET_MPLS:
     return IADDR_HOST | SCOPE_UNIVERSE;
   }
@@ -274,6 +291,11 @@ ipa_in_netX(const ip_addr a, const net_addr *n)
     return ip6_zero(ip6_and(ip6_xor(ipa_to_ip6(a), net6_prefix(n)),
 			    ip6_mkmask(net6_pxlen(n))));
 
+  case NET_IP6_SADR:
+    if (ipa_is_ip4(a)) return 0;
+    return ip6_zero(ip6_and(ip6_xor(ipa_to_ip6(a), net6_prefix(n)),
+			    ip6_mkmask(net6_pxlen(n))));
+
   case NET_MPLS:
   default:
     return 0;
@@ -304,5 +326,6 @@ net_init(void)
   CHECK_NET(net_addr_roa6,	28);
   CHECK_NET(net_addr_flow4,	 8);
   CHECK_NET(net_addr_flow6,	20);
+  CHECK_NET(net_addr_ip6_sadr,	40);
   CHECK_NET(net_addr_mpls,	 8);
 }
diff --git a/lib/net.h b/lib/net.h
index 69f00641..ad4000fd 100644
--- a/lib/net.h
+++ b/lib/net.h
@@ -21,8 +21,9 @@
 #define NET_ROA6	6
 #define NET_FLOW4	7
 #define NET_FLOW6	8
-#define NET_MPLS	9
-#define NET_MAX		10
+#define NET_IP6_SADR	9
+#define NET_MPLS	10
+#define NET_MAX		11
 
 #define NB_IP4		(1 << NET_IP4)
 #define NB_IP6		(1 << NET_IP6)
@@ -32,12 +33,13 @@
 #define NB_ROA6		(1 << NET_ROA6)
 #define NB_FLOW4	(1 << NET_FLOW4)
 #define NB_FLOW6	(1 << NET_FLOW6)
+#define NB_IP6_SADR	(1 << NET_IP6_SADR)
 #define NB_MPLS		(1 << NET_MPLS)
 
 #define NB_IP		(NB_IP4 | NB_IP6)
 #define NB_VPN		(NB_VPN4 | NB_VPN6)
 #define NB_FLOW		(NB_FLOW4 | NB_FLOW6)
-#define NB_DEST		(NB_IP | NB_VPN | NB_MPLS)
+#define NB_DEST		(NB_IP | NB_IP6_SADR | NB_VPN | NB_MPLS)
 #define NB_ANY		0xffffffff
 
 
@@ -121,6 +123,15 @@ typedef struct net_addr_mpls {
   u32 label;
 } net_addr_mpls;
 
+typedef struct net_addr_ip6_sadr {
+  u8 type;
+  u8 dst_pxlen;
+  u16 length;
+  ip6_addr dst_prefix;
+  s32 src_pxlen; /* s32 to avoid padding */
+  ip6_addr src_prefix;
+} net_addr_ip6_sadr;
+
 typedef union net_addr_union {
   net_addr n;
   net_addr_ip4 ip4;
@@ -131,6 +142,7 @@ typedef union net_addr_union {
   net_addr_roa6 roa6;
   net_addr_flow4 flow4;
   net_addr_flow6 flow6;
+  net_addr_ip6_sadr ip6_sadr;
   net_addr_mpls mpls;
 } net_addr_union;
 
@@ -167,6 +179,9 @@ extern const u16 net_max_text_length[];
 #define NET_ADDR_FLOW6(prefix,pxlen,dlen) \
   ((net_addr_flow6) { NET_FLOW6, pxlen, sizeof(net_addr_ip6) + dlen, prefix })
 
+#define NET_ADDR_IP6_SADR(dst_prefix,dst_pxlen,src_prefix,src_pxlen) \
+  ((net_addr_ip6_sadr) { NET_IP6_SADR, dst_pxlen, sizeof(net_addr_ip6_sadr), dst_prefix, src_pxlen, src_prefix })
+
 #define NET_ADDR_MPLS(label) \
   ((net_addr_mpls) { NET_MPLS, 20, sizeof(net_addr_mpls), label })
 
@@ -189,6 +204,9 @@ static inline void net_fill_roa4(net_addr *a, ip4_addr prefix, uint pxlen, uint
 static inline void net_fill_roa6(net_addr *a, ip6_addr prefix, uint pxlen, uint max_pxlen, u32 asn)
 { *(net_addr_roa6 *)a = NET_ADDR_ROA6(prefix, pxlen, max_pxlen, asn); }
 
+static inline void net_fill_ip6_sadr(net_addr *a, ip6_addr dst_prefix, uint dst_pxlen, ip6_addr src_prefix, uint src_pxlen)
+{ *(net_addr_ip6_sadr *)a = NET_ADDR_IP6_SADR(dst_prefix, dst_pxlen, src_prefix, src_pxlen); }
+
 static inline void net_fill_mpls(net_addr *a, u32 label)
 { *(net_addr_mpls *)a = NET_ADDR_MPLS(label); }
 
@@ -222,6 +240,16 @@ static inline void net_fill_flow6(net_addr *a, ip6_addr prefix, uint pxlen, byte
   memcpy(f->data, data, dlen);
 }
 
+/* Make NET_IP6_SADR from NET_IP6, assuming there is enough space */
+static inline void net_make_ip6_sadr(net_addr *a)
+{
+  net_addr_ip6_sadr *n = (void *) a;
+  n->type = NET_IP6_SADR;
+  n->length = sizeof(net_addr_ip6_sadr);
+  n->src_pxlen = 0;
+  n->src_prefix = IP6_NONE;
+}
+
 static inline int net_val_match(u8 type, u32 mask)
 { return !!((1 << type) & mask); }
 
@@ -261,6 +289,7 @@ static inline ip_addr net_prefix(const net_addr *a)
   case NET_VPN6:
   case NET_ROA6:
   case NET_FLOW6:
+  case NET_IP6_SADR:
     return ipa_from_ip6(net6_prefix(a));
 
   case NET_MPLS:
@@ -328,6 +357,9 @@ static inline int net_equal_flow4(const net_addr_flow4 *a, const net_addr_flow4
 static inline int net_equal_flow6(const net_addr_flow6 *a, const net_addr_flow6 *b)
 { return net_equal((const net_addr *) a, (const net_addr *) b); }
 
+static inline int net_equal_ip6_sadr(const net_addr_ip6_sadr *a, const net_addr_ip6_sadr *b)
+{ return !memcmp(a, b, sizeof(net_addr_ip6_sadr)); }
+
 static inline int net_equal_mpls(const net_addr_mpls *a, const net_addr_mpls *b)
 { return !memcmp(a, b, sizeof(net_addr_mpls)); }
 
@@ -338,6 +370,12 @@ static inline int net_equal_prefix_roa4(const net_addr_roa4 *a, const net_addr_r
 static inline int net_equal_prefix_roa6(const net_addr_roa6 *a, const net_addr_roa6 *b)
 { return ip6_equal(a->prefix, b->prefix) && (a->pxlen == b->pxlen); }
 
+static inline int net_equal_dst_ip6_sadr(const net_addr_ip6_sadr *a, const net_addr_ip6_sadr *b)
+{ return ip6_equal(a->dst_prefix, b->dst_prefix) && (a->dst_pxlen == b->dst_pxlen); }
+
+static inline int net_equal_src_ip6_sadr(const net_addr_ip6_sadr *a, const net_addr_ip6_sadr *b)
+{ return ip6_equal(a->src_prefix, b->src_prefix) && (a->src_pxlen == b->src_pxlen); }
+
 
 static inline int net_zero_ip4(const net_addr_ip4 *a)
 { return !a->pxlen && ip4_zero(a->prefix); }
@@ -391,6 +429,13 @@ static inline int net_compare_flow4(const net_addr_flow4 *a, const net_addr_flow
 static inline int net_compare_flow6(const net_addr_flow6 *a, const net_addr_flow6 *b)
 { return ip6_compare(a->prefix, b->prefix) ?: uint_cmp(a->pxlen, b->pxlen) ?: uint_cmp(a->length, b->length) ?: memcmp(a->data, b->data, a->length - sizeof(net_addr_flow6)); }
 
+static inline int net_compare_ip6_sadr(const net_addr_ip6_sadr *a, const net_addr_ip6_sadr *b)
+{
+  return
+    ip6_compare(a->dst_prefix, b->dst_prefix) ?: uint_cmp(a->dst_pxlen, b->dst_pxlen) ?:
+    ip6_compare(a->src_prefix, b->src_prefix) ?: uint_cmp(a->src_pxlen, b->src_pxlen);
+}
+
 static inline int net_compare_mpls(const net_addr_mpls *a, const net_addr_mpls *b)
 { return uint_cmp(a->label, b->label); }
 
@@ -424,6 +469,9 @@ static inline void net_copy_flow4(net_addr_flow4 *dst, const net_addr_flow4 *src
 static inline void net_copy_flow6(net_addr_flow6 *dst, const net_addr_flow6 *src)
 { memcpy(dst, src, src->length); }
 
+static inline void net_copy_ip6_sadr(net_addr_ip6_sadr *dst, const net_addr_ip6_sadr *src)
+{ memcpy(dst, src, sizeof(net_addr_ip6_sadr)); }
+
 static inline void net_copy_mpls(net_addr_mpls *dst, const net_addr_mpls *src)
 { memcpy(dst, src, sizeof(net_addr_mpls)); }
 
@@ -456,6 +504,9 @@ static inline u32 net_hash_flow4(const net_addr_flow4 *n)
 static inline u32 net_hash_flow6(const net_addr_flow6 *n)
 { return ip6_hash(n->prefix) ^ ((u32) n->pxlen << 26); }
 
+static inline u32 net_hash_ip6_sadr(const net_addr_ip6_sadr *n)
+{ return net_hash_ip6((net_addr_ip6 *) n); }
+
 static inline u32 net_hash_mpls(const net_addr_mpls *n)
 { return n->label; }
 
@@ -508,6 +559,9 @@ static inline int net_validate_flow6(const net_addr_flow6 *n)
 static inline int net_validate_mpls(const net_addr_mpls *n)
 { return n->label < (1 << 20); }
 
+static inline int net_validate_ip6_sadr(const net_addr_ip6_sadr *n)
+{ return net_validate_px6(n->dst_prefix, n->dst_pxlen) && net_validate_px6(n->src_prefix, n->src_pxlen); }
+
 int net_validate(const net_addr *N);
 
 
@@ -523,6 +577,12 @@ static inline void net_normalize_vpn4(net_addr_vpn4 *n)
 static inline void net_normalize_vpn6(net_addr_vpn6 *n)
 { net_normalize_ip6((net_addr_ip6 *) n); }
 
+static inline void net_normalize_ip6_sadr(net_addr_ip6_sadr *n)
+{
+  n->dst_prefix = ip6_and(n->dst_prefix, ip6_mkmask(n->dst_pxlen));
+  n->src_prefix = ip6_and(n->src_prefix, ip6_mkmask(n->src_pxlen));
+}
+
 void net_normalize(net_addr *N);
 
 
@@ -530,17 +590,29 @@ int net_classify(const net_addr *N);
 int net_format(const net_addr *N, char *buf, int buflen);
 int rd_format(const u64 rd, char *buf, int buflen);
 
-static inline int ipa_in_net_ip4(ip4_addr a, const net_addr_ip4 *n)
-{ return ip4_zero(ip4_and(ip4_xor(a, n->prefix), ip4_mkmask(n->pxlen))); }
+static inline int ipa_in_px4(ip4_addr a, ip4_addr prefix, uint pxlen)
+{ return ip4_zero(ip4_and(ip4_xor(a, prefix), ip4_mkmask(pxlen))); }
 
-static inline int net_in_net_ip4(const net_addr_ip4 *a, const net_addr_ip4 *b)
-{ return (a->pxlen >= b->pxlen) && ipa_in_net_ip4(a->prefix, b); }
+static inline int ipa_in_px6(ip6_addr a, ip6_addr prefix, uint pxlen)
+{ return ip6_zero(ip6_and(ip6_xor(a, prefix), ip6_mkmask(pxlen))); }
+
+static inline int ipa_in_net_ip4(ip4_addr a, const net_addr_ip4 *n)
+{ return ipa_in_px4(a, n->prefix, n->pxlen); }
 
 static inline int ipa_in_net_ip6(ip6_addr a, const net_addr_ip6 *n)
-{ return ip6_zero(ip6_and(ip6_xor(a, n->prefix), ip6_mkmask(n->pxlen))); }
+{ return ipa_in_px6(a, n->prefix, n->pxlen); }
+
+static inline int net_in_net_ip4(const net_addr_ip4 *a, const net_addr_ip4 *b)
+{ return (a->pxlen >= b->pxlen) && ipa_in_px4(a->prefix, b->prefix, b->pxlen); }
 
 static inline int net_in_net_ip6(const net_addr_ip6 *a, const net_addr_ip6 *b)
-{ return (a->pxlen >= b->pxlen) && ipa_in_net_ip6(a->prefix, b); }
+{ return (a->pxlen >= b->pxlen) && ipa_in_px6(a->prefix, b->prefix, b->pxlen); }
+
+static inline int net_in_net_dst_ip6_sadr(const net_addr_ip6_sadr *a, const net_addr_ip6_sadr *b)
+{ return (a->dst_pxlen >= b->dst_pxlen) && ipa_in_px6(a->dst_prefix, b->dst_prefix, b->dst_pxlen); }
+
+static inline int net_in_net_src_ip6_sadr(const net_addr_ip6_sadr *a, const net_addr_ip6_sadr *b)
+{ return (a->src_pxlen >= b->src_pxlen) && ipa_in_px6(a->src_prefix, b->src_prefix, b->src_pxlen); }
 
 int ipa_in_netX(const ip_addr A, const net_addr *N);
 int net_in_netX(const net_addr *A, const net_addr *N);
diff --git a/nest/config.Y b/nest/config.Y
index af5114f5..ab09a10c 100644
--- a/nest/config.Y
+++ b/nest/config.Y
@@ -66,7 +66,7 @@ CF_DECLS
 
 CF_KEYWORDS(ROUTER, ID, PROTOCOL, TEMPLATE, PREFERENCE, DISABLED, DEBUG, ALL, OFF, DIRECT)
 CF_KEYWORDS(INTERFACE, IMPORT, EXPORT, FILTER, NONE, VRF, TABLE, STATES, ROUTES, FILTERS)
-CF_KEYWORDS(IPV4, IPV6, VPN4, VPN6, ROA4, ROA6)
+CF_KEYWORDS(IPV4, IPV6, VPN4, VPN6, ROA4, ROA6, FLOW4, FLOW6, SADR, MPLS)
 CF_KEYWORDS(RECEIVE, LIMIT, ACTION, WARN, BLOCK, RESTART, DISABLE, KEEP, FILTERED)
 CF_KEYWORDS(PASSWORD, FROM, PASSIVE, TO, ID, EVENTS, PACKETS, PROTOCOLS, INTERFACES)
 CF_KEYWORDS(ALGORITHM, KEYED, HMAC, MD5, SHA1, SHA256, SHA384, SHA512)
@@ -77,7 +77,7 @@ CF_KEYWORDS(TIMEFORMAT, ISO, SHORT, LONG, ROUTE, PROTOCOL, BASE, LOG, S, MS, US)
 CF_KEYWORDS(GRACEFUL, RESTART, WAIT, MAX, FLUSH, AS)
 
 /* For r_args_channel */
-CF_KEYWORDS(IPV4, IPV4_MC, IPV4_MPLS, IPV6, IPV6_MC, IPV6_MPLS, VPN4, VPN4_MC, VPN4_MPLS, VPN6, VPN6_MC, VPN6_MPLS, ROA4, ROA6, FLOW4, FLOW6, MPLS, PRI, SEC)
+CF_KEYWORDS(IPV4, IPV4_MC, IPV4_MPLS, IPV6, IPV6_MC, IPV6_MPLS, IPV6_SADR, VPN4, VPN4_MC, VPN4_MPLS, VPN6, VPN6_MC, VPN6_MPLS, ROA4, ROA6, FLOW4, FLOW6, MPLS, PRI, SEC)
 
 CF_ENUM(T_ENUM_RTS, RTS_, DUMMY, STATIC, INHERIT, DEVICE, STATIC_DEVICE, REDIRECT,
 	RIP, OSPF, OSPF_IA, OSPF_EXT1, OSPF_EXT2, BGP, PIPE, BABEL)
@@ -134,6 +134,7 @@ gr_opts: GRACEFUL RESTART WAIT expr ';' { new_config->gr_wait = $4; } ;
 net_type:
    IPV4 { $$ = NET_IP4; }
  | IPV6 { $$ = NET_IP6; }
+ | IPV6 SADR { $$ = NET_IP6_SADR; }
  | VPN4 { $$ = NET_VPN4; }
  | VPN6 { $$ = NET_VPN6; }
  | ROA4 { $$ = NET_ROA4; }
@@ -143,7 +144,7 @@ net_type:
  | MPLS { $$ = NET_MPLS; }
  ;
 
-CF_ENUM(T_ENUM_NETTYPE, NET_, IP4, IP6, VPN4, VPN6, ROA4, ROA6, FLOW4, FLOW6)
+CF_ENUM(T_ENUM_NETTYPE, NET_, IP4, IP6, VPN4, VPN6, ROA4, ROA6, FLOW4, FLOW6, IP6_SADR)
 
 
 /* Creation of routing tables */
@@ -625,6 +626,7 @@ r_args_for:
   }
  | net_vpn4_
  | net_vpn6_
+ | net_ip6_sadr_
  | VPN_RD IP4 {
     $$ = cfg_alloc(sizeof(net_addr_vpn4));
     net_fill_vpn4($$, $2, IP4_MAX_PREFIX_LENGTH, $1);
@@ -633,6 +635,10 @@ r_args_for:
     $$ = cfg_alloc(sizeof(net_addr_vpn6));
     net_fill_vpn6($$, $2, IP6_MAX_PREFIX_LENGTH, $1);
   }
+ | IP6 FROM IP6 {
+    $$ = cfg_alloc(sizeof(net_addr_ip6_sadr));
+    net_fill_ip6_sadr($$, $1, IP6_MAX_PREFIX_LENGTH, $3, IP6_MAX_PREFIX_LENGTH);
+  }
  | SYM {
      if ($1->class == (SYM_CONSTANT | T_IP))
      {
@@ -666,6 +672,7 @@ r_args_channel:
  | IPV6		{ $$ = "ipv6"; }
  | IPV6_MC	{ $$ = "ipv6-mc"; }
  | IPV6_MPLS	{ $$ = "ipv6-mpls"; }
+ | IPV6_SADR	{ $$ = "ipv6-sadr"; }
  | VPN4		{ $$ = "vpn4"; }
  | VPN4_MC	{ $$ = "vpn4-mc"; }
  | VPN4_MPLS	{ $$ = "vpn4-mpls"; }
diff --git a/nest/rt-fib.c b/nest/rt-fib.c
index 169d6a4f..18ccbfc3 100644
--- a/nest/rt-fib.c
+++ b/nest/rt-fib.c
@@ -236,6 +236,7 @@ fib_find(struct fib *f, const net_addr *a)
   case NET_ROA6: return FIB_FIND(f, a, roa6);
   case NET_FLOW4: return FIB_FIND(f, a, flow4);
   case NET_FLOW6: return FIB_FIND(f, a, flow6);
+  case NET_IP6_SADR: return FIB_FIND(f, a, ip6_sadr);
   case NET_MPLS: return FIB_FIND(f, a, mpls);
   default: bug("invalid type");
   }
@@ -256,6 +257,7 @@ fib_insert(struct fib *f, const net_addr *a, struct fib_node *e)
   case NET_ROA6: FIB_INSERT(f, a, e, roa6); return;
   case NET_FLOW4: FIB_INSERT(f, a, e, flow4); return;
   case NET_FLOW6: FIB_INSERT(f, a, e, flow6); return;
+  case NET_IP6_SADR: FIB_INSERT(f, a, e, ip6_sadr); return;
   case NET_MPLS: FIB_INSERT(f, a, e, mpls); return;
   default: bug("invalid type");
   }
diff --git a/nest/rt-table.c b/nest/rt-table.c
index 0f53c93f..686d0e84 100644
--- a/nest/rt-table.c
+++ b/nest/rt-table.c
@@ -85,6 +85,45 @@ net_route_ip6(rtable *t, net_addr_ip6 *n)
   return r;
 }
 
+static inline void *
+net_route_ip6_sadr(rtable *t, net_addr_ip6_sadr *n)
+{
+  struct fib_node *fn;
+
+  while (1)
+  {
+    net *best = NULL;
+    int best_pxlen = 0;
+
+    /* We need to do dst first matching. Since sadr addresses are hashed on dst
+       prefix only, find the hash table chain and go through it to find the
+       match with the smallest matching src prefix. */
+    for (fn = fib_get_chain(&t->fib, (net_addr *) n); fn; fn = fn->next)
+    {
+      net_addr_ip6_sadr *a = (void *) fn->addr;
+
+      if (net_equal_dst_ip6_sadr(n, a) &&
+	  net_in_net_src_ip6_sadr(n, a) &&
+	  (a->src_pxlen >= best_pxlen))
+      {
+	best = fib_node_to_user(&t->fib, fn);
+	best_pxlen = a->src_pxlen;
+      }
+    }
+
+    if (best)
+      return best;
+
+    if (!n->dst_pxlen)
+      break;
+
+    n->dst_pxlen--;
+    ip6_clrbit(&n->dst_prefix, n->dst_pxlen);
+  }
+
+  return NULL;
+}
+
 void *
 net_route(rtable *tab, const net_addr *n)
 {
@@ -105,6 +144,9 @@ net_route(rtable *tab, const net_addr *n)
   case NET_ROA6:
     return net_route_ip6(tab, (net_addr_ip6 *) n0);
 
+  case NET_IP6_SADR:
+    return net_route_ip6_sadr(tab, (net_addr_ip6_sadr *) n0);
+
   default:
     return NULL;
   }
diff --git a/sysdep/cf/linux.h b/sysdep/cf/linux.h
index 3a3a15da..047d3764 100644
--- a/sysdep/cf/linux.h
+++ b/sysdep/cf/linux.h
@@ -10,6 +10,7 @@
 #define CONFIG_SELF_CONSCIOUS
 #define CONFIG_MULTIPLE_TABLES
 #define CONFIG_ALL_TABLES_AT_ONCE
+#define CONFIG_IP6_SADR_KERNEL
 
 #define CONFIG_MC_PROPER_SRC
 #define CONFIG_UNIX_DONTROUTE
diff --git a/sysdep/linux/netlink.c b/sysdep/linux/netlink.c
index 4cb51519..84591eb2 100644
--- a/sysdep/linux/netlink.c
+++ b/sysdep/linux/netlink.c
@@ -374,6 +374,7 @@ static struct nl_want_attrs rtm_attr_want4[BIRD_RTA_MAX] = {
 
 static struct nl_want_attrs rtm_attr_want6[BIRD_RTA_MAX] = {
   [RTA_DST]	  = { 1, 1, sizeof(ip6_addr) },
+  [RTA_SRC]	  = { 1, 1, sizeof(ip6_addr) },
   [RTA_IIF]	  = { 1, 1, sizeof(u32) },
   [RTA_OIF]	  = { 1, 1, sizeof(u32) },
   [RTA_GATEWAY]	  = { 1, 1, sizeof(ip6_addr) },
@@ -1221,8 +1222,18 @@ nl_send_route(struct krt_proto *p, rte *e, struct ea_list *eattrs, int op, int d
   }
   else
 #endif
+  {
     nl_add_attr_ipa(&r->h, rsize, RTA_DST, net_prefix(net->n.addr));
 
+    /* Add source address for IPv6 SADR routes */
+    if (net->n.addr->type == NET_IP6_SADR)
+    {
+      net_addr_ip6_sadr *a = (void *) &net->n.addr;
+      nl_add_attr_ip6(&r->h, rsize, RTA_SRC, a->src_prefix);
+      r->r.rtm_src_len = a->src_pxlen;
+    }
+  }
+
   /*
    * Strange behavior for RTM_DELROUTE:
    * 1) rtm_family is ignored in IPv6, works for IPv4
@@ -1447,12 +1458,12 @@ nl_parse_route(struct nl_parse_state *s, struct nlmsghdr *h)
   struct rtattr *a[BIRD_RTA_MAX];
   int new = h->nlmsg_type == RTM_NEWROUTE;
 
-  net_addr dst;
+  net_addr dst, src = {};
   u32 oif = ~0;
   u32 table_id;
   u32 priority = 0;
   u32 def_scope = RT_SCOPE_UNIVERSE;
-  int src;
+  int krt_src;
 
   if (!(i = nl_checkin(h, sizeof(*i))))
     return;
@@ -1477,6 +1488,11 @@ nl_parse_route(struct nl_parse_state *s, struct nlmsghdr *h)
 	net_fill_ip6(&dst, rta_get_ip6(a[RTA_DST]), i->rtm_dst_len);
       else
 	net_fill_ip6(&dst, IP6_NONE, 0);
+
+      if (a[RTA_SRC])
+	net_fill_ip6(&src, rta_get_ip6(a[RTA_SRC]), i->rtm_src_len);
+      else
+	net_fill_ip6(&src, IP6_NONE, 0);
       break;
 
 #ifdef HAVE_MPLS_KERNEL
@@ -1511,6 +1527,9 @@ nl_parse_route(struct nl_parse_state *s, struct nlmsghdr *h)
   if (!p)
     SKIP("unknown table %d\n", table);
 
+  if (a[RTA_SRC] && (p->p.net_type != NET_IP6_SADR))
+    SKIP("src prefix for non-SADR channel\n");
+
   if (a[RTA_IIF])
     SKIP("IIF set\n");
 
@@ -1533,25 +1552,33 @@ nl_parse_route(struct nl_parse_state *s, struct nlmsghdr *h)
       SKIP("proto unspec\n");
 
     case RTPROT_REDIRECT:
-      src = KRT_SRC_REDIRECT;
+      krt_src = KRT_SRC_REDIRECT;
       break;
 
     case RTPROT_KERNEL:
-      src = KRT_SRC_KERNEL;
+      krt_src = KRT_SRC_KERNEL;
       return;
 
     case RTPROT_BIRD:
       if (!s->scan)
 	SKIP("echo\n");
-      src = KRT_SRC_BIRD;
+      krt_src = KRT_SRC_BIRD;
       break;
 
     case RTPROT_BOOT:
     default:
-      src = KRT_SRC_ALIEN;
+      krt_src = KRT_SRC_ALIEN;
     }
 
-  net *net = net_get(p->p.main_channel->table, &dst);
+  net_addr *n = &dst;
+  if (p->p.net_type == NET_IP6_SADR)
+  {
+    n = alloca(sizeof(net_addr_ip6_sadr));
+    net_fill_ip6_sadr(n, net6_prefix(&dst), net6_pxlen(&dst),
+		      net6_prefix(&src), net6_pxlen(&src));
+  }
+
+  net *net = net_get(p->p.main_channel->table, n);
 
   if (s->net && !nl_mergable_route(s, net, p, priority, i->rtm_type))
     nl_announce_route(s);
@@ -1755,7 +1782,7 @@ nl_parse_route(struct nl_parse_state *s, struct nlmsghdr *h)
     s->attrs = ra;
     s->proto = p;
     s->new = new;
-    s->krt_src = src;
+    s->krt_src = krt_src;
     s->krt_type = i->rtm_type;
     s->krt_proto = i->rtm_protocol;
     s->krt_metric = priority;
diff --git a/sysdep/unix/krt.c b/sysdep/unix/krt.c
index a3cbb336..b4fb1967 100644
--- a/sysdep/unix/krt.c
+++ b/sysdep/unix/krt.c
@@ -1108,10 +1108,11 @@ krt_start(struct proto *P)
 
   switch (p->p.net_type)
   {
-  case NET_IP4:	p->af = AF_INET; break;
-  case NET_IP6:	p->af = AF_INET6; break;
+  case NET_IP4:		p->af = AF_INET; break;
+  case NET_IP6:		p->af = AF_INET6; break;
+  case NET_IP6_SADR:	p->af = AF_INET6; break;
 #ifdef AF_MPLS
-  case NET_MPLS: p->af = AF_MPLS; break;
+  case NET_MPLS:	p->af = AF_MPLS; break;
 #endif
   default: log(L_ERR "KRT: Tried to start with strange net type: %d", p->p.net_type); return PS_START; break;
   }
@@ -1219,16 +1220,24 @@ krt_get_attr(eattr *a, byte *buf, int buflen)
 }
 
 
+#ifdef CONFIG_IP6_SADR_KERNEL
+#define MAYBE_IP6_SADR	NB_IP6_SADR
+#else
+#define MAYBE_IP6_SADR	0
+#endif
+
+#ifdef HAVE_MPLS_KERNEL
+#define MAYBE_MPLS	NB_MPLS
+#else
+#define MAYBE_MPLS	0
+#endif
+
 struct protocol proto_unix_kernel = {
   .name =		"Kernel",
   .template =		"kernel%d",
   .attr_class =		EAP_KRT,
   .preference =		DEF_PREF_INHERITED,
-#ifdef HAVE_MPLS_KERNEL
-  .channel_mask =	NB_IP | NB_MPLS,
-#else
-  .channel_mask =	NB_IP,
-#endif
+  .channel_mask =	NB_IP | MAYBE_IP6_SADR | MAYBE_MPLS,
   .proto_size =		sizeof(struct krt_proto),
   .config_size =	sizeof(struct krt_config),
   .preconfig =		krt_preconfig,
-- 
cgit v1.2.3