diff options
author | Hans Dedecker <dedeckeh@gmail.com> | 2017-11-16 15:42:41 +0100 |
---|---|---|
committer | Hans Dedecker <dedeckeh@gmail.com> | 2017-11-17 16:28:36 +0100 |
commit | c92106e3048ae10cb04a7c7303ba5f53bc057953 (patch) | |
tree | 09d23a99f4d650c2459a6c368299a960fa12cf81 /interface-ip.c | |
parent | 0f96606b7040b8e14190ff055d5761744bc15f6d (diff) |
interface-ip: add missing IPv6 policy rule
Commit 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa added interface routing
table support; as a result for IPv6 the prefix route linked to the IPv6
address is added to the specified IPv6 interface routing table.
In order to route traffic having as destination the IPv6 prefix a policy
rule is required using the prefix destination as policy so the traffic is
passed to the correct routing table.
The IPv6 prefix address logic was not installing this policy rule effectively
breaking routing when trying to reach a global or ULA IPv6 address in the
lan from either the device or another wan device.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Diffstat (limited to 'interface-ip.c')
-rw-r--r-- | interface-ip.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/interface-ip.c b/interface-ip.c index 45ffc66..1490ca4 100644 --- a/interface-ip.c +++ b/interface-ip.c @@ -787,6 +787,10 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment, if (!addr.valid_until || addr.valid_until - now > 7200) addr.valid_until = now + 7200; + if (iface->ip6table) + set_ip_source_policy(false, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr, + addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false); + if (prefix->iface) { if (prefix->iface->ip6table) set_ip_source_policy(false, true, IPRULE_PRIORITY_NW, &addr.addr, @@ -803,13 +807,19 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment, } else if (add && (iface->state == IFS_UP || iface->state == IFS_SETUP) && !system_add_address(l3_downlink, &addr)) { - if (prefix->iface && !assignment->enabled) { - set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr, - addr.mask, 0, iface, "unreachable", true); + if (!assignment->enabled) { + if (iface->ip6table) + set_ip_source_policy(true, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr, + addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false); - if (prefix->iface->ip6table) - set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr, - addr.mask, prefix->iface->ip6table, iface, NULL, true); + if (prefix->iface) { + set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr, + addr.mask, 0, iface, "unreachable", true); + + if (prefix->iface->ip6table) + set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr, + addr.mask, prefix->iface->ip6table, iface, NULL, true); + } } route.metric = iface->metric; |