pfSense - Bug #3607: Fix issue whereby the ICMP6 messages sometimes have the wrong source IP when a monitor gateway has been set.

1 files changed, 21 insertions, 5 deletions

diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc
index d9b0638..e5c5058 100644
--- a/etc/inc/gwlb.inc
+++ b/etc/inc/gwlb.inc
@@ -185,14 +185,30 @@ EOD;
 					" " . escapeshellarg($gateway['gateway']), true);
 			}
 		} else if ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway...
-			/* link locals really need a different src ip */
-			if(is_linklocal($gateway['gateway'])) {
-				$gwifip = find_interface_ipv6_ll($gateway['interface'], true);
+			if ($gateway['monitor'] == $gateway['gateway']) {
+				/* link locals really need a different src ip */
+				if (is_linklocal($gateway['gateway'])) {
+					$gwifip = find_interface_ipv6_ll($gateway['interface'], true);
+				} else {
+					$gwifip = find_interface_ipv6($gateway['interface'], true);
+				}
 			} else {
+				/* 'monitor' has been set, so makes sure it has precedence over
+				 * 'gateway' in defining the source IP. Otherwise if 'gateway'
+				 * is a local link and 'monitor' is global routable then the
+				 * ICMP6 response would not find its way back home...
+				 */
 				$gwifip = find_interface_ipv6($gateway['interface'], true);
+				if (is_linklocal($gateway['monitor'])) {
+					if (!strstr($gateway['monitor'], '%')) {
+						$gateway['monitor'] .= "%{$gateway['interface']}";
+					}
+				} else {
+					// Monitor is a routable address, so use a routable address for the "src" part
+					$gwifip = find_interface_ipv6($gateway['interface'], true);
+				}
 			}
-			if (is_linklocal($gateway['monitor']) && !strstr($gateway['monitor'], '%'))
-				$gateway['monitor'] .= "%{$gateway['interface']}";
+							
 			if (!is_ipaddrv6($gwifip))
 				continue; //Skip this target