search

openwrt / openwrt

This repository is a mirror of https://git.openwrt.org/openwrt/openwrt.git It is for reference only and is not active for check-ins. We will continue to accept Pull Requests here. They will be merged via staging trees then into openwrt.git.
Other
20.26k stars 10.48k forks source link

FS#2933 - ip route get fails for certain IPv6 addresses #6285

Closed openwrt-bot closed 4 years ago

openwrt-bot commented 4 years ago

yogo1212:

When trying to get the route for a specific internet host (default router override with VPN), ip route fails with RTNETLINK answers: Permission denied. The command works on my computer in the same network as the router (arch linux).

tested with openwrt 3d8be08939a6492c223887582948a106d343c5ba on

[root@1212 ~] $ resolveip -6 www.google.de 2a00:1450:4001:81c::2003 [root@1212 ~] $ ip r get 2a00:1450:4001:816::2003 RTNETLINK answers: Permission denied [root@1212 ~] $ ip r get fe80::1 fe80::1 from :: dev br-n_1 proto kernel src fe80::6f0:21ff:fe4e:25d5 metric 256 pref medium

[root@1212 ~] $ ip -V ip utility, iproute2-ss5.5.0-1-openwrt [root@1212 ~] $ ip -6 r default from 2002:5476:3f1::/64 via fe80::e228:6dff:fe4e:43a2 dev br-n_1 proto static metric 512 pref medium 2002:5476:3f1::/56 from 2002:5476:3f1::/64 via fe80::e228:6dff:fe4e:43a2 dev br-n_1 proto static metric 512 pref medium 2002:5476:3f1::/64 dev br-n_1 proto static metric 256 pref medium unreachable fd4b:d18f:ec19::/48 dev lo proto static metric 2147483647 pref medium fe80::/64 dev br-n_1 proto kernel metric 256 pref medium fe80::/64 dev br-n_734 proto kernel metric 256 pref medium fe80::/64 dev uce-n_f30 proto kernel metric 256 pref medium fe80::/64 dev w1-47f proto kernel metric 256 pref medium fe80::/64 dev w1-98a proto kernel metric 256 pref medium fe80::/64 dev w1-8ed proto kernel metric 256 pref medium fe80::/64 dev w1-9 proto kernel metric 256 pref medium fe80::/64 dev nw1-1 proto kernel metric 256 pref medium fe80::/64 dev w0-47f proto kernel metric 256 pref medium fe80::/64 dev w0-98a proto kernel metric 256 pref medium fe80::/64 dev w0-8ed proto kernel metric 256 pref medium fe80::/64 dev w0-9 proto kernel metric 256 pref medium fe80::/64 dev nw0-1 proto kernel metric 256 pref medium

openwrt-bot commented 4 years ago

jow-:

This is due to:

root@jj:~# ip -6 rule [...] 4200000001: from all iif lo failed_policy 4200000005: from all iif eth0 failed_policy 4200000005: from all iif eth0 failed_policy 4200000029: from all iif br-lan failed_policy 4200000038: from all iif 6in4-wan6 failed_policy

Pass a valid prefix or IP to from in order to get proper routing results:

root@jj:~# ip r get 2a00:1450:4001:816::2003 RTNETLINK answers: Permission denied root@jj:~# ip r get 2a00:1450:4001:816::2003 from 2001:470:xxxx:: 2a00:1450:4001:816::2003 from 2001:470:xxxx:: dev 6in4-wan6 proto static src 2001:470:xxxx:xxxx::2 metric 1024 pref medium root@jj:~#

openwrt-bot commented 4 years ago

yogo1212:

so, "it's a feature"?

thank you very much! sorry for the somehow wasted time

EDIT: my aim is to get the default route belonging to a specific interface. if there are two uplinks, i want to specify the outgoing device using the 'oif' parameter. from the tests on my computer, i figured it would work on openwrt as well...

isn't there a way to avoid having to specify the address to build a route?

openwrt-bot commented 4 years ago

jow-:

I wouldn't call it a feature but it is a side effect of OpenWrt's multihomed IPv6 configuration. The IPv6 default route is chosen according to the source prefix or source IP.

This is important in cases where the router has multiple IPv6 upstreams, in this case you want to chose the upstream interface and route corresponding to the source prefix in order to avoid routing packets out of the wrong interface.