summaryrefslogtreecommitdiffhomepage
path: root/iprule.h
AgeCommit message (Collapse)Author
2018-07-05iprule: rework interface based rules to handle dynamic interfacesAlexander Couzens
Previous netifd would only apply `ip rule`s while config phase. If the iprule is depending on an interface (iif or oif), the rule will fail if the interface is not up. Allow iprules to track interfaces and their devices by using the interface events. Fixes: FS#1571 Acked-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-06-11iprule: coding style line upHans Dedecker
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-11iprule: Add option to suppress unspecific routing lookupsStefan Tomanek
After applying this patch, policy routing rules can be employed that ignore parts of a routing table. The following config snippet ignores routing lookups from the specified main routing table yielding the default route, passing the lookup process on to the next rule (that might provide a special default route for marked packets): config rule option priority 10 # check main routing table first, but ignore default route result option lookup main option suppress_prefixlength 0 config rule option priority 11 # use special routing table for marked packets # (unless already consumed by previous rule) option mark 0xFF option lookup 100 The result is a ruleset like this (only visible using the full 'ip' binary): # ip rule 0: from all lookup local 10: from all lookup main suppress_prefixlength 0 11: from all fwmark 0xff lookup 100 32766: from all lookup main 32767: from all lookup default # Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
2016-01-28netifd: Route traffic from LAN to WAN using rulesKristian Evensen
After commit ebd3d8417c7a ("interface: fix moving interface address routes to the table specified by ip[46]table"), it is no longer possible for clients on LAN to reach machines on the WAN. This patch restores support for clients on LAN reaching clients on WAN by using rules. The rules are placed after the address rules, in order to make sure that traffic originating from the router is routed correctly. Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2015-09-29interface-ip: Re-enable iif lo policy rules after main table lookupHans Dedecker
2015-09-10iprule: Insert network and address ip rules before main table lookup ruleHans Dedecker
Specific IP address and network rules are now checked before the main table lookup as the main table often holds a default route. As a result the IP address and network rules pointing to a specific routing table will not be checked anymore; by reversing the order the specific routing tables are checked first if the ip rule matches. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2013-12-11IPv6: Remove IPv6 source-routing workaround (kernel is fixed)Steven Barth
Signed-off-by: Steven Barth <steven@midlink.org>
2013-10-18Add source-restricted routesSteven Barth
2013-06-10config: use the new uci_blob library codeFelix Fietkau
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-06-03IPv6: Improve source-routing policiesSteven Barth
* Set a default policy-failed rule per prefix (based on a patch by Jonas Gorski) * Use input interface in addition to source for filtering * Avoid duplicate routing policies
2013-05-17Add option to define target routing table for protocol routes.Steven Barth
This unifies source-routing for both IPv6 and IPv4 (default off). Based on a patch by Kristian Evensen
2013-04-05Maintain config order of ip rules unless user explicitely provides priorityJo-Philipp Wich
2013-04-04Add support for ip rulesJo-Philipp Wich