add update_egw6.sh

router/update_egw6.sh

+#!/bin/sh
+
+#exit
+# Usage: --show|--force
+
+cd $(dirname "$(realpath "$0")") || exit #"
+
+SETNAME=egw-ipv6
+TMPNAME=$SETNAME.ntmp
+MARK=6
+NBTABLE=openroute
+MAXELEM=5000000
+IFACE=vmbr0
+# hash:ip
+IPSTYPE="hash:net family inet6"
+
+set_rules()
+{
+# initial
+if ! ip6tables -L -t mangle | grep -q $SETNAME ; then
+	ip6tables -t mangle -A PREROUTING -i $IFACE -m set --match-set $SETNAME dst -j MARK --set-mark $MARK || exit
+fi
+
+#if ! sysctl net.ipv4.conf.tun0.rp_filter | grep -q " = 2" ; then
+#	sysctl -w net.ipv4.conf.tun0.rp_filter=2
+#fi
+
+if ! ip -6 route show table $NBTABLE | grep -q "default dev tun0" ; then
+	ip -6 route replace default table $NBTABLE scope global nexthop via fc00:eeee:eeee:eeee::1 || exit
+fi
+
+if ! ip -6 rule | grep -q "fwmark 0x$MARK" ; then
+	ip -6 rule add fwmark $MARK table $NBTABLE pref 2000 || exit
+fi
+
+# check for
+# -A POSTROUTING -o tun0 -j MASQUERADE
+}
+
+stop_rules()
+{
+	ip6tables -t mangle -D PREROUTING -i $IFACE -m set --match-set $SETNAME dst -j MARK --set-mark $MARK || exit
+}
+
+if [ "$1" = "--show" ] ; then
+	echo "Example:"
+	echo "# ip6tables -t mangle -A PREROUTING -i $IFACE -m set --match-set $SETNAME dst -j MARK --set-mark $MARK"
+	echo "ipset list size: $(ipset list $SETNAME | wc -l)"
+	exit
+fi
+
+if [ "$1" = "--set-rules" ] ; then
+	set_rules
+	exit
+fi
+
+if [ "$1" = "--stop-rules" ] ; then
+	stop_rules
+	exit
+fi
+
+# download new list
+./get_ip6s_egw.sh > $0.list || exit
+
+if [ ! -s "$0.list" ] ; then
+    echo "$0.list is empty"
+    #exit 1
+fi
+
+FIRSTRUN=''
+ipset list -n | grep -q "^$SETNAME$" || FIRSTRUN='1'
+
+if [ -s "$0.list.old" ] ; then
+    # just return if there are no changes
+    diff -u $0.list.old $0.list >$0.list.changes.tmp && [ "$FIRSTRUN" != '1' ] && [ "$1" != "--force" ] && exit
+    echo >>$0.list.changes
+    date >>$0.list.changes
+    cat $0.list.changes.tmp | grep "^[+-]" >>$0.list.changes
+fi
+
+#ip rule show | grep "lookup $NBTABLE" | sed -e "s|.*:||g" | sed -e "s|lookup|table|g" | while read str ; do
+#done
+
+ipset -exist create $SETNAME $IPSTYPE maxelem $MAXELEM
+
+
+# Obsoleted element by element
+#ipset create $SETNAME.tmp hash:ip maxelem $MAXELEM || exit
+## fill new ipset
+#./get_ips_z-i.sh | sort -u | while read ip ; do
+#	ipset add $SETNAME.tmp $ip
+#done
+
+# use previous results too
+cp $0.list $0.list.human
+[ -s "$0.list.old2" ] && cat $0.list.old2 >>$0.list
+[ -s "$0.list.old1" ] && cat $0.list.old1 >>$0.list
+mv $0.list $0.list.in
+sort -u < $0.list.in >$0.list
+
+# clean before use
+ipset destroy $TMPNAME 2>/dev/null
+
+# Use single ipset run (see https://bugs.etersoft.ru/show_bug.cgi?id=12353)
+( echo "create $TMPNAME $IPSTYPE hashsize 65536 maxelem $MAXELEM" ; \
+	cat $0.list | grep -v "^#" | grep -v "^$" | grep -v ":" | sed -e "s|^|add $TMPNAME |" ) | ipset -exist restore
+
+# remove skipped ip
+#cat a_no_egw.list | grep -v "^ *#" | while read ip ; do
+#    ipset del $TMPNAME $ip
+#done
+
+ipset list $TMPNAME >$0.ipv6
+ipset list $TMPNAME | wc -l >$0.count
+ipset list $TMPNAME | grep "/" >$0.subnet
+cat $0.list | grep "\." >$0.skipped.ipv4
+ipset swap $TMPNAME $SETNAME || echo "Can't update ipset rules" >&2
+mv $0.list $0.list.old
+
+[ -s "$0.list.old1" ] && cp -f $0.list.old1 $0.list.old2
+cp $0.list.old $0.list.old1
+
+set_rules