diff options
| author | Renato Botelho <renato@netgate.com> | 2015-12-29 13:34:03 -0200 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2015-12-29 13:35:49 -0200 |
| commit | 3f4e6035cbf7b5125e1ddf51690b567e9646ff9b (patch) | |
| tree | 043b47d505336ec8e664e09e1ad71282276bbe30 /src/etc/inc/gwlb.inc | |
| parent | 4fc47b2f9a41ff8b164c96160238bdf8a4b0ee93 (diff) | |
| download | pfsense-3f4e6035cbf7b5125e1ddf51690b567e9646ff9b.zip pfsense-3f4e6035cbf7b5125e1ddf51690b567e9646ff9b.tar.gz | |
Make sure source and target addresses have scope id when they are link-local. It should fix #5695
Diffstat (limited to 'src/etc/inc/gwlb.inc')
| -rw-r--r-- | src/etc/inc/gwlb.inc | 38 |
1 files changed, 15 insertions, 23 deletions
diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc index 10b48f4..c2ef9d7 100644 --- a/src/etc/inc/gwlb.inc +++ b/src/etc/inc/gwlb.inc @@ -181,7 +181,7 @@ function setup_gateways_monitor() { } if (empty($gateway['monitor']) || !is_ipaddr($gateway['monitor'])) { if (is_ipaddr($gateway['gateway'])) { - $gateway['monitor'] = $gateway['gateway']; + $gateways_arr[$gwname]['monitor'] = $gateway['gateway']; } else { /* No chance to get an ip to monitor skip target. */ continue; } @@ -228,33 +228,25 @@ function setup_gateways_monitor() { pfSense_kill_states("0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmp"); } } else if ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway... - if ($gateway['monitor'] == $gateway['gateway']) { - /* link locals really need a different src ip */ - if (is_linklocal($gateway['gateway'])) { - if (!strpos($gateway['gateway'], '%')) { - $gateway['gateway'] .= '%' . $gateway['interface']; - } - $gwifip = find_interface_ipv6_ll($gateway['interface'], true); - } else { - $gwifip = find_interface_ipv6($gateway['interface'], true); + if (is_linklocal($gateway['gateway']) && + get_ll_scope($gateway['gateway']) == '') { + $gateways_arr[$gwname]['gateway'] .= '%' . $gateway['interface']; + } + + if (is_linklocal($gateway['monitor'])) { + if (get_ll_scope($gateway['monitor']) == '') { + $gateways_arr[$gwname]['monitor'] .= '%' . $gateway['interface']; + } + + $gwifip = find_interface_ipv6_ll($gateway['interface'], true); + + if (get_ll_scope($gwifip) == '') { + $gwifip .= '%' . $gateway['interface']; } } else { - /* 'monitor' has been set, so makes sure it has precedence over - * 'gateway' in defining the source IP. Otherwise if 'gateway' - * is a local link and 'monitor' is global routable then the - * ICMP6 response would not find its way back home... - */ $gwifip = find_interface_ipv6($gateway['interface'], true); } - /* Make sure srcip and target have scope defined when they are ll */ - if (is_linklocal($gwifip) && !strpos($gwifip, '%')) { - $gwifip .= '%' . $gateway['interface']; - } - if (is_linklocal($gateway['monitor']) && !strpos($gateway['monitor'], '%')) { - $gateway['monitor'] .= "%{$gateway['interface']}"; - } - if (!is_ipaddrv6($gwifip)) { continue; //Skip this target } |
