router/update_z-i.sh: update routing config for igw (ipsec1, ogwroute table)

router/update_z-i.sh

@@ -8,31 +8,58 @@ cd $(dirname "$(realpath "$0")") || exit #"
 SETNAME=rkz
 TMPNAME=rkz.ntmp
 MAXELEM=5000000
-IFACE=vmbr0
+IFACE=eth0
+VPNDEV=ipsec1
 # hash:ip
 IPSTYPE=hash:net
+NBTABLE=ogwroute
+NBGW=91.232.225.12
+
+check_bgp_peer()
+{
+    birdc show protocols | grep -q "bgp$1.*master.*up.*Established"
+}
+
 
 set_rules()
 {
+
 # initial
 if ! iptables -L -t mangle | grep -q $SETNAME ; then
 	iptables -t mangle -A PREROUTING -i $IFACE -m set --match-set $SETNAME dst -j MARK --set-mark 5 || exit
 fi
 
-if ! sysctl net.ipv4.conf.tun0.rp_filter | grep -q " = 2" ; then
-	sysctl -w net.ipv4.conf.tun0.rp_filter=2
-fi
+#if ! sysctl net.ipv4.conf.$VPNDEV.rp_filter | grep -q " = 2" ; then
+#	sysctl -w net.ipv4.conf.$VPNDEV.rp_filter=2
+#fi
+
+# see /etc/net/ifaces/ether3/ipv4route
 
-if ! ip route show table openroute | grep -q "default dev tun0" ; then
-	ip route replace default table openroute scope global nexthop dev tun0 || exit
+if [ -n "$NBGW" ] ; then
+    if ! ip route show table $NBTABLE | grep -q "default" ; then
+    	ip route replace default table $NBTABLE via $NBGW || exit
+    fi
+else
+    if ! ip route show table $NBTABLE | grep -q "default dev $VPNDEV" ; then
+	ip route replace default table $NBTABLE scope global nexthop dev $VPNDEV || exit
+    fi
 fi
 
-if ! ip rule | grep -q "fwmark 0x5" ; then
-	ip rule add fwmark 5 table openroute || exit
+
+#if ! check_bgp_peer AS35000 ; then
+#    NBTABLE=openroute
+#fi
+
+# force egw
+#NBTABLE=openroute
+
+if ! ip rule | grep -q "fwmark 0x5 lookup $NBTABLE" ; then
+	ip rule del fwmark 5
+	ip rule add fwmark 5 table $NBTABLE pref 3000 || exit
 fi
 
 # check for
-# -A POSTROUTING -o tun0 -j MASQUERADE
+# -A POSTROUTING -o $VPNDEV -j MASQUERADE
 
 }
 
@@ -49,7 +76,8 @@ if [ "$1" = "--set-rules" ] ; then
 fi
 
 # download new list
-./get_ips_z-i.sh | grep -v HASH > $0.list
+#./get_ips_z-i.sh > $0.list || exit
+exit
 
 if [ ! -s "$0.list" ] ; then
     echo "$0.list is empty"
@@ -81,23 +109,33 @@ ipset -exist create $SETNAME $IPSTYPE maxelem $MAXELEM
 #	ipset add $SETNAME.tmp $ip
 #done
 
+if true ; then
+# use previous results too
+cp $0.list $0.list.human
+[ -s "$0.list.old2" ] && cat $0.list.old2 >>$0.list
+[ -s "$0.list.old1" ] && cat $0.list.old1 >>$0.list
+mv $0.list $0.list.in
+sort -u < $0.list.in >$0.list
+fi
+
+
 # clean before use
 ipset destroy $TMPNAME 2>/dev/null
 
 # Use single ipset run (see https://bugs.etersoft.ru/show_bug.cgi?id=12353)
 ( echo "create $TMPNAME $IPSTYPE hashsize 65536 maxelem $MAXELEM" ; \
-	cat $0.list | grep -v "^$" | grep -v ":" | sed -e "s|^|add $TMPNAME |" ) | ipset -exist restore
+	cat $0.list | grep -v "^#" | grep -v "^$" | grep -v ":" | sed -e "s|^|add $TMPNAME |" ) | ipset -exist restore
 
 # remove skipped ip
-cat a_no_egw.list | grep -v "^ *#" | while read ip ; do
-    ipset del $TMPNAME $ip
-done
+#cat a_no_egw.list | grep -v "^ *#" | while read ip ; do
+#    ipset del $TMPNAME $ip
+#done
 
 ipset list $TMPNAME >$0.ipv4
 ipset list $TMPNAME | wc -l >$0.count
 ipset list $TMPNAME | grep "/" >$0.subnet
 cat $0.list | grep ":" >$0.skipped.ipv6
-ipset swap $TMPNAME $SETNAME
+ipset swap $TMPNAME $SETNAME || echo "Can't update to new ipset list!" >&2
 mv $0.list $0.list.old
 
 set_rules