Skip to content

Commit f77ab1b

Browse files
fichtnerfichtner
committed
gateways: ipv6 ll where appropriate
Normally, if we have an IPv6 link local monitor we use the link local address which is always available. If not a link local address, try to use a global address. If we don't have one, we can't reach the outside anyway. PR: https://forum.opnsense.org/index.php?topic=6028.0
1 parent 8f39669 commit f77ab1b

File tree

1 file changed

+23
-21
lines changed

1 file changed

+23
-21
lines changed

src/etc/inc/gwlb.inc

Lines changed: 23 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -196,32 +196,31 @@ EOD;
196196
system_host_route($gateway['monitor'], $gateway['gateway'], false, true);
197197
}
198198
} elseif ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway...
199-
if ($gateway['monitor'] == $gateway['gateway']) {
200-
/* link locals really need a different src ip */
201-
if (is_linklocal($gateway['gateway'])) {
202-
$gwifip = find_interface_ipv6_ll($gateway['interface']);
203-
} else {
204-
$gwifip = find_interface_ipv6($gateway['interface']);
205-
}
199+
if (is_linklocal($gateway['monitor'])) {
200+
/* link local monitor needs a link local address for the "src" part */
201+
$gwifip = find_interface_ipv6_ll($gateway['interface']);
206202
} else {
207-
/* 'monitor' has been set, so makes sure it has precedence over
208-
* 'gateway' in defining the source IP. Otherwise if 'gateway'
209-
* is a local link and 'monitor' is global routable then the
210-
* ICMP6 response would not find its way back home...
211-
*/
203+
/* monitor is a routable address, so use a routable address for the "src" part */
212204
$gwifip = find_interface_ipv6($gateway['interface']);
213-
if (is_linklocal($gateway['monitor'])) {
214-
if (!strstr($gateway['monitor'], '%')) {
215-
$gateway['monitor'] .= "%{$gateway['interface']}";
216-
}
217-
} else {
218-
// Monitor is a routable address, so use a routable address for the "src" part
219-
$gwifip = find_interface_ipv6($gateway['interface']);
220-
}
221205
}
222206

223207
if (!is_ipaddrv6($gwifip)) {
224-
continue; //Skip this target
208+
/* skip this target */
209+
continue;
210+
}
211+
212+
/*
213+
* If gateway is a local link and 'monitor' is global routable
214+
* then the ICMP6 response would not find its way back home.
215+
*/
216+
if (is_linklocal($gateway['monitor']) && strpos($gateway['monitor'], '%') === false) {
217+
$gateway['monitor'] .= "%{$gateway['interface']}";
218+
}
219+
if (is_linklocal($gateway['gateway']) && strpos($gateway['gateway'], '%') === false) {
220+
$gateway['gateway'] .= "%{$gateway['interface']}";
221+
}
222+
if (is_linklocal($gwifip) && strpos($gwifip, '%') === false) {
223+
$gwifip .= "%{$gateway['interface']}";
225224
}
226225

227226
/* flush the monitor unconditionally */
@@ -902,6 +901,9 @@ function lookup_gateway_ip_by_name($name)
902901

903902
foreach ($gateways_arr as $gname => $gw) {
904903
if ($gw['name'] === $name || $gname === $name) {
904+
if (is_linklocal($gw['gateway']) && strpos($gw['gateway'], '%') === false) {
905+
$gw['gateway'] .= "%{$gw['interface']}";
906+
}
905907
return $gw['gateway'];
906908
}
907909
}

0 commit comments

Comments
 (0)