From 909363f5b9bc4c3c6cad05727aceabb221a1a5d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@c0d3.blue>
Date: Thu, 15 Nov 2018 01:43:49 +0100
Subject: [PATCH] gluon-mesh-batman-adv: fix source MAC for the IPv6 local-node
 address
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Before, IPv6 packets from the local-node interface using the IPv6 ULA
were wrongly using the MAC address from br-client (64:70:02:ae:72:e4):

client$ tcpdump -i enp0s31f6 -e -n "ether src 16:41:95:40:f7:dc or ether src 64:70:02:ae:72:e4 or ether src 8c:16:45:66:ba:11"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes
00:02:51.202570 8c:16:45:66:ba:11 > 16:41:95:40:f7:dc, ethertype IPv6 (0x86dd), length 118: fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11 > fdef:ffc0:3dd7::1: ICMP6, echo request, seq 3, length 64
00:02:51.203040 64:70:02:ae:72:e4 > 8c:16:45:66:ba:11, ethertype IPv6 (0x86dd), length 118: fdef:ffc0:3dd7::1 > fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11: ICMP6, echo reply, seq 3, length 64
00:02:52.226566 8c:16:45:66:ba:11 > 16:41:95:40:f7:dc, ethertype IPv6 (0x86dd), length 118: fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11 > fdef:ffc0:3dd7::1: ICMP6, echo request, seq 4, length 64
00:02:52.227255 64:70:02:ae:72:e4 > 8c:16:45:66:ba:11, ethertype IPv6 (0x86dd), length 118: fdef:ffc0:3dd7::1 > fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11: ICMP6, echo reply, seq 4, length 64

(br-client: 64:70:02:ae:72:e4, local-node: 16:41:95:40:f7:dc, client device: 8c:16:45:66:ba:11)

$ ip a s dev local-node
10: local-node@local-port: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
qdisc noqueue state UP qlen 1000
    link/ether 16:41:95:40:f7:dc brd ff:ff:ff:ff:ff:ff
    inet 10.130.0.1/20 brd 10.130.15.255 scope global local-node
       valid_lft forever preferred_lft forever
    inet6 fdef:ffc0:3dd7::1/128 scope global deprecated
       valid_lft forever preferred_lft 0sec
    inet6 fe80::1441:95ff:fe40:f7dc/64 scope link
       valid_lft forever preferred_lft forever

With this patch applied ICMPv6 uses the correct source MAC
address from the local-node interface (16:41:95:40:f7:dc):

$ tcpdump -i enp0s31f6 -e -n "ether src 16:41:95:40:f7:dc or ether src 64:70:02:ae:72:e4 or ether src 8c:16:45:66:ba:11"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes
00:15:19.757790 8c:16:45:66:ba:11 > 16:41:95:40:f7:dc, ethertype IPv6 (0x86dd), length 118: fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11 > fdef:ffc0:3dd7::1: ICMP6, echo request, seq 1, length 64
00:15:19.758567 16:41:95:40:f7:dc > 33:33:ff:66:ba:11, ethertype IPv6 (0x86dd), length 86: fdef:ffc0:3dd7::1 > ff02::1:ff66:ba11: ICMP6, neighbor solicitation, who has fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11, length 32
00:15:19.758617 8c:16:45:66:ba:11 > 16:41:95:40:f7:dc, ethertype IPv6 (0x86dd), length 86: fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11 > fdef:ffc0:3dd7::1: ICMP6, neighbor advertisement, tgt is fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11, length 32
00:15:19.759220 16:41:95:40:f7:dc > 8c:16:45:66:ba:11, ethertype IPv6 (0x86dd), length 118: fdef:ffc0:3dd7::1 > fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11: ICMP6, echo reply, seq 1, length 64
00:15:20.759425 8c:16:45:66:ba:11 > 16:41:95:40:f7:dc, ethertype IPv6 (0x86dd), length 118: fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11 > fdef:ffc0:3dd7::1: ICMP6, echo request, seq 2, length 64
00:15:20.759966 16:41:95:40:f7:dc > 8c:16:45:66:ba:11, ethertype IPv6 (0x86dd), length 118: fdef:ffc0:3dd7::1 > fdef:ffc0:3dd7:0:8e16:45ff:fe66:ba11: ICMP6, echo reply, seq 2, length 64

In practice, this wrong MAC address does not seem to cause any
issues so far, though, as ebtables rules are filtering to bat0 for both
local-node MAC, IPv4 and IPv6 addresses and the IPv6 stack (at least in
Linux) does not seem to update its neighbor table from IPv6 data packets
(interestingly, contrary to the Linux IPv4 stack, as was observed
with 3ef28a46842b
("gluon-client-bridge: Revert "move IPv4 local subnet route to br-client (#1312)").

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
---
 .../upgrade/320-gluon-mesh-batman-adv-client-bridge   | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge
index 85c21ac4..4658b419 100755
--- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge
+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge
@@ -8,6 +8,7 @@ local site = require 'gluon.site'
 local sysconfig = require 'gluon.sysconfig'
 local util = require 'gluon.util'
 local uci = require('simple-uci').cursor()
+local next_node = site.next_node({})
 
 
 uci:section('network', 'interface', 'client', {
@@ -26,11 +27,17 @@ uci:delete('network', 'client_lan')
 
 uci:delete('network', 'local_node_route')
 
+uci:section('network', 'rule6', 'local_node_rule6', {
+	src = next_node.ip6 .. '/128',
+	lookup = 2,
+})
+uci:set('network', 'local_node_rule6', 'in', 'loopback')
+
 uci:delete('network', 'local_node_route6')
 uci:section('network', 'route6', 'local_node_route6', {
-	interface = 'client',
+	interface = 'local_node',
 	target = site.prefix6(),
-	gateway = '::',
+	table = 2,
 })
 
 uci:save('network')