Skip to content
Permalink
Browse files

gateways: ipv6 ll where appropriate

Normally, if we have an IPv6 link local monitor we use the link local
address which is always available.  If not a link local address, try
to use a global address.  If we don't have one, we can't reach the
outside anyway.

PR: https://forum.opnsense.org/index.php?topic=6028.0
  • Loading branch information...
fichtner committed Sep 24, 2017
1 parent 82a4249 commit 678a209a2337e943b25269adc33cea84d4690b5a
Showing with 17 additions and 22 deletions.
  1. +17 −22 src/etc/inc/gwlb.inc
@@ -196,32 +196,17 @@ EOD;
system_host_route($gateway['monitor'], $gateway['gateway'], false, true);
}
} elseif ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway...
if ($gateway['monitor'] == $gateway['gateway']) {
/* link locals really need a different src ip */
if (is_linklocal($gateway['gateway'])) {
$gwifip = find_interface_ipv6_ll($gateway['interface']);
} else {
$gwifip = find_interface_ipv6($gateway['interface']);
}
if (is_linklocal($gateway['monitor'])) {
/* link local monitor needs a link local address for the "src" part */
$gwifip = find_interface_ipv6_ll($gateway['interface']);
} else {
/* 'monitor' has been set, so makes sure it has precedence over
* 'gateway' in defining the source IP. Otherwise if 'gateway'
* is a local link and 'monitor' is global routable then the
* ICMP6 response would not find its way back home...
*/
/* monitor is a routable address, so use a routable address for the "src" part */
$gwifip = find_interface_ipv6($gateway['interface']);
if (is_linklocal($gateway['monitor'])) {
if (!strstr($gateway['monitor'], '%')) {
$gateway['monitor'] .= "%{$gateway['interface']}";
}
} else {
// Monitor is a routable address, so use a routable address for the "src" part
$gwifip = find_interface_ipv6($gateway['interface']);
}
}
if (!is_ipaddrv6($gwifip)) {
continue; //Skip this target
/* skip this target */
continue;
}
/* flush the monitor unconditionally */
@@ -230,7 +215,7 @@ EOD;
system_host_route($gateway['monitor'], $gateway['gateway'], true, false);
}
/* Do not monitor if such was requested */
/* do not monitor if such was requested */
if (isset($gateway['disabled']) || isset($gateway['monitor_disable'])) {
continue;
}
@@ -245,6 +230,16 @@ EOD;
log_error("Adding static route for monitor {$gateway['monitor']} via {$gateway['gateway']}");
system_host_route($gateway['monitor'], $gateway['gateway'], false, true);
}
/*
* 'monitor' has been set, so makes sure it has precedence over
* 'gateway' in defining the source IP. Otherwise if 'gateway'
* is a local link and 'monitor' is global routable then the
* ICMP6 response would not find its way back home...
*/
if (is_linklocal($gateway['monitor']) && !strstr($gateway['monitor'], '%')) {
$gateway['monitor'] .= "%{$gateway['interface']}";
}
} else {
continue;
}

0 comments on commit 678a209

Please sign in to comment.
You can’t perform that action at this time.