[Battlemesh] battlemesh v6 test data postprocessing

Gui Iribarren gui at altermundi.net
Tue May 20 23:55:05 CEST 2014


On 20/05/14 15:18, Juliusz Chroboczek wrote:
>>> "Operation not permitted" is what you get if you trigger a REJECT rule
>>> in the local firewall.
> 
>> If i don't remember bad you get that message also if you have routes with 
>> target prohibit or stuff like that
> 
> Hmm, bizarrer and bizarrer.
> 
> Babel doesn't use prohibit routes

it's openwrt default iproute rules

i dug this a week ago and found out it's an openwrt-specific thing,
introduced by:
https://dev.openwrt.org/browser/trunk/target/linux/generic/patches-3.8/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch?rev=36911

which produces the following example

root at beixaflor:~# ip -6 ru
0:	from all lookup local
32766:	from all lookup main
4200000001:	from all iif lo failed_policy
4200000008:	from all iif br-lan failed_policy
4200000011:	from all iif eth1.11 failed_policy
4200000012:	from all iif eth1.12 failed_policy
4200000013:	from all iif eth1.5 failed_policy
4200000014:	from all iif wlan1_adhoc failed_policy
4200000015:	from all iif wlan0_adhoc failed_policy
4200000019:	from all iif anygw failed_policy
4200000020:	from all iif wlan0_adhoc.11 failed_policy
4200000021:	from all iif wlan0_adhoc.12 failed_policy
4200000022:	from all iif wlan1_adhoc.11 failed_policy
4200000023:	from all iif wlan1_adhoc.12 failed_policy

Cheers!

gui

> -- its loop-avoidance mechanism uses
> unreachable routes, which give (quite reasonably) EUNREACH:
> 
>   Network is unreachable
> 
> However, neither prohibit routes nor REJECT rules give the error
> above, they give EACCESS:
> 
>   Permission denied
> 
> The message shown in the logs is EPERM:
> 
>   Operation not permitted  
> 
> Confused yet?
> 
> -- Juliusz
> _______________________________________________
> Battlemesh mailing list
> Battlemesh at ml.ninux.org
> http://ml.ninux.org/mailman/listinfo/battlemesh
> 



More information about the Battlemesh mailing list