Commit f713312d authored by Jan Luebbe's avatar Jan Luebbe

gluon-radv-filterd: only redirect packets addressed to routers

Packets which have a destination MAC of other local nodes should not be
redirected, as this possibly results in routing loops in networks with more
than one uplink.
Signed-off-by: shoragan's avatarJan Luebbe <sho@stratum0.net>
parent 299a1505
......@@ -2,6 +2,7 @@ chain('RADV_FILTER', 'DROP')
rule 'FORWARD -p IPv6 -i bat0 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -j RADV_FILTER'
rule 'RADV_FILTER -j ACCEPT'
chain('REDIRECT_FILTER', 'RETURN', 'nat')
chain('REDIRECT', 'RETURN', 'nat')
rule('PREROUTING -p IPv6 --logical-in br-client --ip6-destination 2000::/3 -j REDIRECT', 'nat')
rule('OUTPUT -p IPv6 --logical-out br-client --ip6-destination 2000::/3 -j REDIRECT', 'nat')
rule('PREROUTING -p IPv6 --logical-in br-client --ip6-destination 2000::/3 -j REDIRECT_FILTER', 'nat')
rule('OUTPUT -p IPv6 --logical-out br-client --ip6-destination 2000::/3 -j REDIRECT_FILTER', 'nat')
......@@ -186,6 +186,10 @@ static void cleanup(void) {
{ "ebtables-tiny", "-A", G.chain, "-j", "ACCEPT", NULL }))
DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain);
if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[])
{ "ebtables-tiny", "-t", "nat", "-F", "REDIRECT_FILTER", NULL}))
DEBUG_MSG("warning: flushing ebtables nat chain REDIRECT_FILTER failed", G.chain);
if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[])
{ "ebtables-tiny", "-t", "nat", "-F", "REDIRECT", NULL}))
DEBUG_MSG("warning: flushing ebtables nat chain REDIRECT failed", G.chain);
......@@ -699,6 +703,13 @@ static void update_redirect(void) {
}
snprintf(prefix, sizeof(prefix), "%s/64", addr);
if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[])
{ "ebtables-tiny", "-t", "nat", "-A", "REDIRECT_FILTER",
"-d", mac,
"-j", "REDIRECT",
NULL }))
error_message(0, 0, "warning: adding new rule to ebtables chain REDIRECT_FILTER failed");
if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[])
{ "ebtables-tiny", "-t", "nat", "-A", "REDIRECT",
"-p", "IPv6",
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment