| Age | Commit message (Collapse) | Author |
|---|
|
Since commit 5cf79759a24e9bb2a6a3aef7c83d73efb9bf2df3 (iprule: rework
interface based rules to handle dynamic interfaces) the rule
comparison is broken and doesn't correctly recognize matching rules.
This in turn break the reloading as adding the "new" rule fails
because it already exists and it then delete the "old" rule.
The comparison is broken because it now include fields that are not
defining the rule itself, as well as some pointer to malloced strings.
To fix this we move back the offending fields in the iprule struct
before the 'flags' field and match the malloced strings separately.
Signed-off-by: Alban Bedel <albeu@free.fr>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Previous netifd would only apply `ip rule`s while config phase.
If the iprule is depending on an interface (iif or oif), the rule
will fail if the interface is not up.
Allow iprules to track interfaces and their devices by using
the interface events.
Fixes: FS#1571
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
|
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
After applying this patch, policy routing rules can be employed that ignore
parts of a routing table. The following config snippet ignores routing lookups
from the specified main routing table yielding the default route, passing the
lookup process on to the next rule (that might provide a special default route
for marked packets):
config rule
option priority 10
# check main routing table first, but ignore default route result
option lookup main
option suppress_prefixlength 0
config rule
option priority 11
# use special routing table for marked packets
# (unless already consumed by previous rule)
option mark 0xFF
option lookup 100
The result is a ruleset like this (only visible using the full 'ip' binary):
# ip rule
0: from all lookup local
10: from all lookup main suppress_prefixlength 0
11: from all fwmark 0xff lookup 100
32766: from all lookup main
32767: from all lookup default
#
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
|
|
After commit ebd3d8417c7a ("interface: fix moving interface address routes to
the table specified by ip[46]table"), it is no longer possible for clients on
LAN to reach machines on the WAN.
This patch restores support for clients on LAN reaching clients on WAN by using
rules. The rules are placed after the address rules, in order to make sure that
traffic originating from the router is routed correctly.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
|
|
|
Specific IP address and network rules are now checked before the main table lookup as the main table
often holds a default route. As a result the IP address and network rules pointing to a specific
routing table will not be checked anymore; by reversing the order the specific routing tables
are checked first if the ip rule matches.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
Signed-off-by: Steven Barth <steven@midlink.org>
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
* Set a default policy-failed rule per prefix (based on a patch by Jonas Gorski)
* Use input interface in addition to source for filtering
* Avoid duplicate routing policies
|
|
This unifies source-routing for both IPv6 and IPv4 (default off).
Based on a patch by Kristian Evensen
|
|
|
|
|
