Skip to content

E
etersoft-admin-essentials
Commit 72415afa authored by Vitaly Lipatov's avatar Vitaly Lipatov
Browse files
Options

route-update.sh: remove iif from ip rule, suppress FIB flush errors

Drop iif interface restriction so policy routes apply to both forwarded and locally-generated traffic. Suppress harmless "FIB table does not exist" errors on first flush. Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
parent e8923ba7
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 9 deletions
router/route-update.sh
View file @ 72415afa
...@@ -10,8 +10,6 @@ cd "$(dirname "$(realpath "$0")")" || exit ...@@ -10,8 +10,6 @@ cd "$(dirname "$(realpath "$0")")" || exit
. ./functions . ./functions
IFACE="${IFACE:-eth0}"
IFACE6="${IFACE6:-vmbr0}"
ROUTES_DIR=routes.d ROUTES_DIR=routes.d
ROUTES6_DIR=routes6.d ROUTES6_DIR=routes6.d
STATE_DIR=.state STATE_DIR=.state
...@@ -99,7 +97,7 @@ fi ...@@ -99,7 +97,7 @@ fi
if [ -n "$FLUSH_GW" ] ; then if [ -n "$FLUSH_GW" ] ; then
table=$(ipv4_table "$FLUSH_GW") table=$(ipv4_table "$FLUSH_GW")
log "Flushing table $table (gateway $FLUSH_GW)" log "Flushing table $table (gateway $FLUSH_GW)"
[ -z "$SHOW" ] && ip route flush table "$table" [ -z "$SHOW" ] && ip route flush table "$table" 2>/dev/null
exit exit
fi fi
...@@ -193,13 +191,13 @@ process_v4() ...@@ -193,13 +191,13 @@ process_v4()
fi fi
# Flush and load via batch # Flush and load via batch
ip route flush table "$table" ip route flush table "$table" 2>/dev/null
sed "s|^|route replace |; s|$| via $gw table $table|" "$resolved_new" | \ sed "s|^|route replace |; s|$| via $gw table $table|" "$resolved_new" | \
ip -batch - 2>&1 | grep -v "^$" | head -5 ip -batch - 2>&1 | grep -v "^$" | head -5
# Ensure ip rule exists # Ensure ip rule exists
if ! ip rule show | grep -q "lookup $table.*pref $pref" ; then if ! ip rule show | grep -q "lookup $table.*pref $pref" ; then
ip rule add iif "$IFACE" lookup "$table" pref "$pref" 2>/dev/null ip rule add lookup "$table" pref "$pref" 2>/dev/null
fi fi
# Save state # Save state
...@@ -307,12 +305,12 @@ process_v6() ...@@ -307,12 +305,12 @@ process_v6()
continue continue
fi fi
ip -6 route flush table "$table" ip -6 route flush table "$table" 2>/dev/null
sed "s|^|route replace |; s|$| via $gw table $table|" "$resolved_new" | \ sed "s|^|route replace |; s|$| via $gw table $table|" "$resolved_new" | \
ip -6 -batch - 2>&1 | grep -v "^$" | head -5 ip -6 -batch - 2>&1 | grep -v "^$" | head -5
if ! ip -6 rule show | grep -q "lookup $table.*pref $pref" ; then if ! ip -6 rule show | grep -q "lookup $table.*pref $pref" ; then
ip -6 rule add iif "$IFACE6" lookup "$table" pref "$pref" 2>/dev/null ip -6 rule add lookup "$table" pref "$pref" 2>/dev/null
fi fi
echo "$current_hash" > "$STATE_DIR/$state/hash" echo "$current_hash" > "$STATE_DIR/$state/hash"
...@@ -373,7 +371,7 @@ if [ -n "$SET_RULES" ] ; then ...@@ -373,7 +371,7 @@ if [ -n "$SET_RULES" ] ; then
table=$(ipv4_table "$gw") table=$(ipv4_table "$gw")
pref=$(rule_pref "$table") pref=$(rule_pref "$table")
if ! ip rule show | grep -q "lookup $table.*pref $pref" ; then if ! ip rule show | grep -q "lookup $table.*pref $pref" ; then
ip rule add iif "$IFACE" lookup "$table" pref "$pref" ip rule add lookup "$table" pref "$pref"
fi fi
done done
for gwdir in "$ROUTES6_DIR"/*/ ; do for gwdir in "$ROUTES6_DIR"/*/ ; do
...@@ -383,7 +381,7 @@ if [ -n "$SET_RULES" ] ; then ...@@ -383,7 +381,7 @@ if [ -n "$SET_RULES" ] ; then
read -r table < "$gwdir/table" read -r table < "$gwdir/table"
pref=$(rule_pref "$table") pref=$(rule_pref "$table")
if ! ip -6 rule show | grep -q "lookup $table.*pref $pref" ; then if ! ip -6 rule show | grep -q "lookup $table.*pref $pref" ; then
ip -6 rule add iif "$IFACE6" lookup "$table" pref "$pref" ip -6 rule add lookup "$table" pref "$pref"
fi fi
done done
exit exit
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment