gateways: ipv6 ll where appropriate

fichtner · fichtner · commit 678a209a2337 · 2017-09-24T12:20:03.000+02:00
Normally, if we have an IPv6 link local monitor we use the link local address which is always available. If not a link local address, try to use a global address. If we don't have one, we can't reach the outside anyway. PR: https://forum.opnsense.org/index.php?topic=6028.0
diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc
@@ -196,32 +196,17 @@ EOD;
                 system_host_route($gateway['monitor'], $gateway['gateway'], false, true);
             }
         } elseif ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway...
-            if ($gateway['monitor'] == $gateway['gateway']) {
-                /* link locals really need a different src ip */
-                if (is_linklocal($gateway['gateway'])) {
-                    $gwifip = find_interface_ipv6_ll($gateway['interface']);
-                } else {
-                    $gwifip = find_interface_ipv6($gateway['interface']);
-                }
+            if (is_linklocal($gateway['monitor'])) {
+                /* link local monitor needs a link local address for the "src" part */
+                $gwifip = find_interface_ipv6_ll($gateway['interface']);
             } else {
-                /* 'monitor' has been set, so makes sure it has precedence over
-                 * 'gateway' in defining the source IP. Otherwise if 'gateway'
-                 * is a local link and 'monitor' is global routable then the
-                 * ICMP6 response would not find its way back home...
-                 */
+                /* monitor is a routable address, so use a routable address for the "src" part */
                 $gwifip = find_interface_ipv6($gateway['interface']);
-                if (is_linklocal($gateway['monitor'])) {
-                    if (!strstr($gateway['monitor'], '%')) {
-                        $gateway['monitor'] .= "%{$gateway['interface']}";
-                    }
-                } else {
-                    // Monitor is a routable address, so use a routable address for the "src" part
-                    $gwifip = find_interface_ipv6($gateway['interface']);
-                }
             }
 
             if (!is_ipaddrv6($gwifip)) {
-                continue; //Skip this target
+                /* skip this target */
+                continue;
             }
 
             /* flush the monitor unconditionally */
@@ -230,7 +215,7 @@ EOD;
                 system_host_route($gateway['monitor'], $gateway['gateway'], true, false);
             }
 
-            /* Do not monitor if such was requested */
+            /* do not monitor if such was requested */
             if (isset($gateway['disabled']) || isset($gateway['monitor_disable'])) {
                 continue;
             }
@@ -245,6 +230,16 @@ EOD;
                 log_error("Adding static route for monitor {$gateway['monitor']} via {$gateway['gateway']}");
                 system_host_route($gateway['monitor'], $gateway['gateway'], false, true);
             }
+
+            /*
+             * 'monitor' has been set, so makes sure it has precedence over
+             * 'gateway' in defining the source IP. Otherwise if 'gateway'
+             * is a local link and 'monitor' is global routable then the
+             * ICMP6 response would not find its way back home...
+             */
+            if (is_linklocal($gateway['monitor']) && !strstr($gateway['monitor'], '%')) {
+                $gateway['monitor'] .= "%{$gateway['interface']}";
+            }
         } else {
             continue;
         }
