summaryrefslogtreecommitdiffhomepage
path: root/interface-ip.c
diff options
context:
space:
mode:
authorHans Dedecker <dedeckeh@gmail.com>2017-11-16 15:42:41 +0100
committerHans Dedecker <dedeckeh@gmail.com>2017-11-17 16:28:36 +0100
commitc92106e3048ae10cb04a7c7303ba5f53bc057953 (patch)
tree09d23a99f4d650c2459a6c368299a960fa12cf81 /interface-ip.c
parent0f96606b7040b8e14190ff055d5761744bc15f6d (diff)
interface-ip: add missing IPv6 policy rule
Commit 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa added interface routing table support; as a result for IPv6 the prefix route linked to the IPv6 address is added to the specified IPv6 interface routing table. In order to route traffic having as destination the IPv6 prefix a policy rule is required using the prefix destination as policy so the traffic is passed to the correct routing table. The IPv6 prefix address logic was not installing this policy rule effectively breaking routing when trying to reach a global or ULA IPv6 address in the lan from either the device or another wan device. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Diffstat (limited to 'interface-ip.c')
-rw-r--r--interface-ip.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/interface-ip.c b/interface-ip.c
index 45ffc66..1490ca4 100644
--- a/interface-ip.c
+++ b/interface-ip.c
@@ -787,6 +787,10 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment,
if (!addr.valid_until || addr.valid_until - now > 7200)
addr.valid_until = now + 7200;
+ if (iface->ip6table)
+ set_ip_source_policy(false, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr,
+ addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false);
+
if (prefix->iface) {
if (prefix->iface->ip6table)
set_ip_source_policy(false, true, IPRULE_PRIORITY_NW, &addr.addr,
@@ -803,13 +807,19 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment,
} else if (add && (iface->state == IFS_UP || iface->state == IFS_SETUP) &&
!system_add_address(l3_downlink, &addr)) {
- if (prefix->iface && !assignment->enabled) {
- set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
- addr.mask, 0, iface, "unreachable", true);
+ if (!assignment->enabled) {
+ if (iface->ip6table)
+ set_ip_source_policy(true, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr,
+ addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false);
- if (prefix->iface->ip6table)
- set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
- addr.mask, prefix->iface->ip6table, iface, NULL, true);
+ if (prefix->iface) {
+ set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr,
+ addr.mask, 0, iface, "unreachable", true);
+
+ if (prefix->iface->ip6table)
+ set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr,
+ addr.mask, prefix->iface->ip6table, iface, NULL, true);
+ }
}
route.metric = iface->metric;