diff options
| author | Hans Dedecker <dedeckeh@gmail.com> | 2015-09-28 08:51:06 +0200 |
|---|---|---|
| committer | Steven Barth <steven@midlink.org> | 2015-09-29 08:27:15 +0200 |
| commit | 97542f03f2c6750dc454b660c6c6331ba9377506 (patch) | |
| tree | 90a0069ac9a6185ff8d11519854cc473406c8b8c /interface-ip.c | |
| parent | e5faaa6aa420a4d144cd13350de971b6d855b231 (diff) | |
interface-ip: Re-enable iif lo policy rules after main table lookup
Diffstat (limited to 'interface-ip.c')
| -rw-r--r-- | interface-ip.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/interface-ip.c b/interface-ip.c index a177557..51a44ac 100644 --- a/interface-ip.c +++ b/interface-ip.c @@ -133,6 +133,23 @@ static int set_ip_source_policy(bool add, bool v6, unsigned int priority, return (add) ? system_add_iprule(&rule) : system_del_iprule(&rule); } +static int set_ip_lo_policy(bool add, bool v6, struct interface *iface) +{ + struct iprule rule = { + .flags = IPRULE_IN | IPRULE_LOOKUP | IPRULE_PRIORITY, + .priority = IPRULE_PRIORITY_NW + iface->l3_dev.dev->ifindex, + .lookup = (v6) ? iface->ip6table : iface->ip4table, + .in_dev = "lo" + }; + + if (!rule.lookup) + return 0; + + rule.flags |= (v6) ? IPRULE_INET6 : IPRULE_INET4; + + return (add) ? system_add_iprule(&rule) : system_del_iprule(&rule); +} + static bool __find_ip_addr_target(struct interface_ip_settings *ip, union if_addr *a, bool v6) { @@ -1283,9 +1300,13 @@ void interface_ip_set_enabled(struct interface_ip_settings *ip, bool enabled) if (!strcmp(a->name, ip->iface->name)) interface_set_prefix_address(a, c, ip->iface, enabled); - if (ip->iface && ip->iface->l3_dev.dev) + if (ip->iface && ip->iface->l3_dev.dev) { + set_ip_lo_policy(enabled, true, ip->iface); + set_ip_lo_policy(enabled, false, ip->iface); + set_ip_source_policy(enabled, true, IPRULE_PRIORITY_REJECT + ip->iface->l3_dev.dev->ifindex, NULL, 0, 0, ip->iface, "failed_policy"); + } } void |