From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 67F011581D3 for ; Thu, 23 May 2024 16:12:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A46542BC021; Thu, 23 May 2024 16:12:49 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 857712BC021 for ; Thu, 23 May 2024 16:12:49 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B4AB9341C4B for ; Thu, 23 May 2024 16:12:48 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 4F73B1A2E for ; Thu, 23 May 2024 16:12:47 +0000 (UTC) From: "Patrick McLean" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Patrick McLean" Message-ID: <1716480749.7c6a8de0c521ea474bccb0dbda4338ff293cdfc6.chutzpah@OpenRC> Subject: [gentoo-commits] proj/netifrc:master commit in: init.d/, net/ X-VCS-Repository: proj/netifrc X-VCS-Files: init.d/net.lo.in net/iproute2.sh X-VCS-Directories: net/ init.d/ X-VCS-Committer: chutzpah X-VCS-Committer-Name: Patrick McLean X-VCS-Revision: 7c6a8de0c521ea474bccb0dbda4338ff293cdfc6 X-VCS-Branch: master Date: Thu, 23 May 2024 16:12:47 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 76dae4c2-aa89-4310-bdf9-6dfd39eb0194 X-Archives-Hash: a453fbaf25e9a395ddc18e21acef3ef0 commit: 7c6a8de0c521ea474bccb0dbda4338ff293cdfc6 Author: Alexander Zubkov qrator net> AuthorDate: Fri May 10 21:38:02 2024 +0000 Commit: Patrick McLean gentoo org> CommitDate: Thu May 23 16:12:29 2024 +0000 URL: https://gitweb.gentoo.org/proj/netifrc.git/commit/?id=7c6a8de0 Allow setting blackhole-like routes There were several problems preventing usage of routes of types blackhole, prohibit, throw, unreachable in IFACE_routes variables: - Those route types do not allow to use dev in the route definition, but it was added unconditionally - As there is no dev, such routes are not flushed automatically by dev, they need to be remembered and deleted while stopping the interface - Route type must go before the prefix in the command, but first parameters have special meaning Signed-off-by: Alexander Zubkov qrator.net> Closes: https://bugs.gentoo.org/637394 Closes: https://github.com/gentoo/netifrc/pull/53 X-Gentoo-Bug: 637394 X-Gentoo-Bug-URL: https://bugs.gentoo.org/637394 Signed-off-by: Patrick McLean gentoo.org> init.d/net.lo.in | 13 ++++++++++--- net/iproute2.sh | 48 +++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 55 insertions(+), 6 deletions(-) diff --git a/init.d/net.lo.in b/init.d/net.lo.in index afba99f..dbacaa2 100644 --- a/init.d/net.lo.in +++ b/init.d/net.lo.in @@ -780,9 +780,11 @@ ${routes}" fi fi + service_set_value "nodev_routes" "" + local OIFS="${IFS}" SIFS="${IFS-y}" local IFS="$__IFS" - local fam + local cmd_head fam for cmd in ${routes}; do unset IFS if ${first}; then @@ -795,8 +797,13 @@ ${routes}" -4" "*) fam="-4"; cmd=${cmd#-4 };; esac + cmd_head= + case ${cmd%% *} in + blackhole|prohibit|throw|unreachable) cmd_head="${cmd_head} ${cmd%% *}"; cmd=${cmd#* };; + esac + eindent - ebegin ${cmd} + ebegin ${cmd_head} ${cmd} # Work out if we're a host or a net if not told case ${cmd} in -net\ *|-host\ *);; @@ -808,7 +815,7 @@ ${routes}" *:*/*) cmd="-net ${cmd}";; *) cmd="-host ${cmd}";; esac - _add_route ${fam} ${cmd} + _add_route ${fam} ${cmd_head} ${cmd} eend $? eoutdent done diff --git a/net/iproute2.sh b/net/iproute2.sh index ea0a6f7..7db7f5b 100644 --- a/net/iproute2.sh +++ b/net/iproute2.sh @@ -253,6 +253,14 @@ _add_route() shift fi + local rtype= + + # Check if route type is provided that does not allow to use dev + # Route type must come first, before the prefix, also it cannot be used to list routes + case "$1" in + blackhole|prohibit|throw|unreachable) rtype="$1" ; shift ;; + esac + if [ $# -eq 3 ]; then set -- "$1" "$2" via "$3" elif [ "$3" = "gw" ]; then @@ -280,13 +288,25 @@ _add_route() cmd="${cmd} metric ${metric}" fi + # Process dev vs nodev routes + # Positional parameters are used for correct array handling + if [[ -n ${rtype} ]]; then + local nodev_routes="$(service_get_value "nodev_routes")" + service_set_value "nodev_routes" "${nodev_routes} +${family} route del ${rtype} ${cmd}" + set -- + else + set -- dev "${IFACE}" + fi + # Check for route already existing: - _ip ${family} route show ${cmd_nometric} dev "${IFACE}" 2>/dev/null | \ + _ip ${family} route show ${cmd_nometric} "$@" 2>/dev/null | \ grep -Fsq "${cmd%% *}" route_already_exists=$? - _ip -v ${family} route append ${cmd} dev "${IFACE}" + _ip -v ${family} route append ${rtype} ${cmd} "$@" rc=$? + # Check return code in some cases if [ $rc -ne 0 ]; then # If the route already exists, our default behavior is to WARN but continue. @@ -301,7 +321,7 @@ _add_route() *) msgfunc=eerror rc=1 ; eerror "Unknown error behavior: $eh_behavior" ;; esac eval $msgfunc "Route '$cmd_nometric' already existed:" - eval $msgfunc \"$(_ip $family route show ${cmd_nometric} dev "${IFACE}" 2>&1)\" + eval $msgfunc \"$(_ip $family route show ${cmd_nometric} \"$@\" 2>&1)\" else : # TODO: Handle other errors fi @@ -342,6 +362,7 @@ _trim() { # This allows for advanced routing tricks _ip_rule_runner() { local cmd rules OIFS="${IFS}" family + local ru ruN if [ "$1" = "-4" -o "$1" = "-6" ]; then family="$1" shift @@ -515,6 +536,24 @@ _iproute2_route_flush() { fi } +_iproute2_route_undo() { + local OIFS="${IFS}" + local cmd cmdN + local routes="$(service_get_value "nodev_routes")" + + veindent + local IFS="$__IFS" + for cmd in $routes ; do + unset IFS + cmdN="$(_trim "${cmd}")" + [ -z "${cmdN}" ] && continue + _ip -v ${cmd} + local IFS="$__IFS" + done + IFS="${OIFS}" + veoutdent +} + _iproute2_ipv6_tentative_output() { LC_ALL=C _ip -family inet6 addr show dev ${IFACE} tentative } @@ -571,6 +610,9 @@ iproute2_post_start() iproute2_post_stop() { + # Remove routes added without dev + _iproute2_route_undo + # Kernel may not have IP built in if [ -e /proc/net/route ]; then local rules="$(service_get_value "ip_rule")"