diff mbox

[OpenWrt-Devel,netifd,3/6] interface-ip: Remove ip loop policy rules as kernel issue is fixed

Message ID 1441806352-18030-3-git-send-email-dedeckeh@gmail.com
State Accepted
Headers show

Commit Message

Hans Dedecker Sept. 9, 2015, 1:45 p.m. UTC 
Remove ip loop policy rules as workaround for the kernel using unspecified address
to lookup locally originating traffic is fixed by http://lkml.iu.edu/hypermail/linux/kernel/1505.0/03094.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
---
 interface-ip.c | 23 +----------------------
 1 file changed, 1 insertion(+), 22 deletions(-)

Comments

Kristian Evensen Sept. 23, 2015, 10:12 a.m. UTC | #1 
Hi,

On Wed, Sep 9, 2015 at 3:45 PM, Hans Dedecker <dedeckeh@gmail.com> wrote:
> Remove ip loop policy rules as workaround for the kernel using unspecified address
> to lookup locally originating traffic is fixed by http://lkml.iu.edu/hypermail/linux/kernel/1505.0/03094.html
>
> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

This patch breaks (at least) IPv4 on multihomed routers that keep all
default routes in other tables than main. Without these rules, traffic
originating from the router (and not bound to an interface) will not
be routed anywhere and dropped.

-Kristian
diff mbox

Patch

diff --git a/interface-ip.c b/interface-ip.c
index 7f8a451..6c152b6 100644
--- a/interface-ip.c
+++ b/interface-ip.c
@@ -133,23 +133,6 @@  static int set_ip_source_policy(bool add, bool v6, unsigned int priority,
 	return (add) ? system_add_iprule(&rule) : system_del_iprule(&rule);
 }
 
-static int set_ip_lo_policy(bool add, bool v6, struct interface *iface)
-{
-	struct iprule rule = {
-		.flags = IPRULE_IN | IPRULE_LOOKUP | IPRULE_PRIORITY,
-		.priority = IPRULE_PRIORITY_NW + iface->l3_dev.dev->ifindex,
-		.lookup = (v6) ? iface->ip6table : iface->ip4table,
-		.in_dev = "lo"
-	};
-
-	if (!rule.lookup)
-		return 0;
-
-	rule.flags |= (v6) ? IPRULE_INET6 : IPRULE_INET4;
-
-	return (add) ? system_add_iprule(&rule) : system_del_iprule(&rule);
-}
-
 static bool
 __find_ip_addr_target(struct interface_ip_settings *ip, union if_addr *a, bool v6)
 {
@@ -1258,13 +1241,9 @@  void interface_ip_set_enabled(struct interface_ip_settings *ip, bool enabled)
 			if (!strcmp(a->name, ip->iface->name))
 				interface_set_prefix_address(a, c, ip->iface, enabled);
 
-	if (ip->iface && ip->iface->l3_dev.dev) {
-		set_ip_lo_policy(enabled, true, ip->iface);
-		set_ip_lo_policy(enabled, false, ip->iface);
-
+	if (ip->iface && ip->iface->l3_dev.dev)
 		set_ip_source_policy(enabled, true, IPRULE_PRIORITY_REJECT + ip->iface->l3_dev.dev->ifindex,
 			NULL, 0, 0, ip->iface, "failed_policy");
-	}
 }
 
 void