From c92106e3048ae10cb04a7c7303ba5f53bc057953 Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Thu, 16 Nov 2017 15:42:41 +0100 Subject: interface-ip: add missing IPv6 policy rule Commit 2f31bff38d4dc2f36006ded6b8a7d039cb569eaa added interface routing table support; as a result for IPv6 the prefix route linked to the IPv6 address is added to the specified IPv6 interface routing table. In order to route traffic having as destination the IPv6 prefix a policy rule is required using the prefix destination as policy so the traffic is passed to the correct routing table. The IPv6 prefix address logic was not installing this policy rule effectively breaking routing when trying to reach a global or ULA IPv6 address in the lan from either the device or another wan device. Signed-off-by: Hans Dedecker --- interface-ip.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/interface-ip.c b/interface-ip.c index 45ffc66..1490ca4 100644 --- a/interface-ip.c +++ b/interface-ip.c @@ -787,6 +787,10 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment, if (!addr.valid_until || addr.valid_until - now > 7200) addr.valid_until = now + 7200; + if (iface->ip6table) + set_ip_source_policy(false, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr, + addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false); + if (prefix->iface) { if (prefix->iface->ip6table) set_ip_source_policy(false, true, IPRULE_PRIORITY_NW, &addr.addr, @@ -803,13 +807,19 @@ interface_set_prefix_address(struct device_prefix_assignment *assignment, } else if (add && (iface->state == IFS_UP || iface->state == IFS_SETUP) && !system_add_address(l3_downlink, &addr)) { - if (prefix->iface && !assignment->enabled) { - set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr, - addr.mask, 0, iface, "unreachable", true); + if (!assignment->enabled) { + if (iface->ip6table) + set_ip_source_policy(true, true, IPRULE_PRIORITY_ADDR_MASK, &addr.addr, + addr.mask < 64 ? 64 : addr.mask, iface->ip6table, NULL, NULL, false); - if (prefix->iface->ip6table) - set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr, - addr.mask, prefix->iface->ip6table, iface, NULL, true); + if (prefix->iface) { + set_ip_source_policy(true, true, IPRULE_PRIORITY_REJECT, &addr.addr, + addr.mask, 0, iface, "unreachable", true); + + if (prefix->iface->ip6table) + set_ip_source_policy(true, true, IPRULE_PRIORITY_NW, &addr.addr, + addr.mask, prefix->iface->ip6table, iface, NULL, true); + } } route.metric = iface->metric; -- cgit v1.2.3