1. 05 Jul, 2026 3 commits
    • Vitaly Lipatov's avatar
      route-update: support explicit per-group pref override via options · 592e5f2d
      Vitaly Lipatov authored
      ip rule pref is otherwise derived from alphabetical group order, so a group
      cannot be consulted before a lexicographically-earlier one (e.g. fr vs egw)
      without renaming it — and digits sort after letters in ru_RU.UTF-8, so even
      a '0-fr' rename goes the wrong way.
      
      Allow an options line "pref N" to set the group's pref base directly,
      independent of name or locale. Used on fr (pref 900) so claude.ai via fr
      wins over the egw/ai table (pref 1210).
      
      Also call _fixup_rule_pref on the "resolved unchanged" skip path, so an
      options-only change actually migrates the ip rule to the new pref (previously
      the rule kept its old pref because load was skipped).
      Co-Authored-By: 's avatarClaude <noreply@anthropic.com>
      592e5f2d
    • Vitaly Lipatov's avatar
      route-update: support route-type keywords (blackhole/unreachable/...) in gateway · a7a51ff4
      Vitaly Lipatov authored
      Allow a group's gateway file to contain a kernel route-type keyword
      (blackhole/unreachable/prohibit/throw) instead of a next-hop. The script
      then installs routes of that type (ip route replace <kw> <dst> table N),
      so packets are rejected/dropped by the kernel instead of forwarded.
      
      unreachable/prohibit return ICMP to the client, giving instant failure
      (curl drops in ~2ms) vs hanging on a dead tunnel.
      
      Used on routes6.d/fr where the France egress (ikev2.fr) is IPv4-only and
      no IPv6 path exists: claude.ai AAAA now fast-rejects instead of timing out.
      Co-Authored-By: 's avatarClaude <noreply@anthropic.com>
      a7a51ff4
    • Vitaly Lipatov's avatar
      route-update: prune stale volatile_ips for domains removed from lists · 3b1e5c99
      Vitaly Lipatov authored
      expand_volatile_subnets() iterated the whole volatile_ips/ directory and
      re-resolved every saved entry as a domain, never removing ones whose domain
      was no longer in the .list. As a result, a domain removed from a list kept
      re-injecting its (stale) IPs into the table forever — on igw this had
      accumulated ~40 stale domains in web-bypass plus claude.ai/anthropic in ai,
      shadowing the dedicated fr/claude.ai group.
      
      Pass the current list file to expand_volatile_subnets and prune volatile_ips
      entries whose domain is absent from the list before resolving.
      Co-Authored-By: 's avatarClaude <noreply@anthropic.com>
      3b1e5c99
  2. 04 Jul, 2026 12 commits
  3. 11 Jun, 2026 2 commits
  4. 31 May, 2026 3 commits
  5. 27 May, 2026 1 commit
    • Vitaly Lipatov's avatar
      route-update: flush table when .list moves between groups · 41bffb6b
      Vitaly Lipatov authored
      When a .list is moved between groups whose `gateway` files differ
      in metric semantics (e.g., failover→multipath), the previous code
      only deleted state and kept the table.  This caused stale routes
      with the old `metric N` to coexist with newly loaded multipath
      routes, because `ip route replace` keyed on dst+metric and treated
      them as distinct entries.
      
      Two related changes:
      - cleanup_state's "moved" branch now flushes the table before the
        new group loads it, so the table starts clean.
      - cleanup_state is invoked before process_routes so the flushes
        happen prior to the new group's load (otherwise a flush after
        load would wipe out the just-installed routes).
      Co-Authored-By: 's avatarClaude Opus 4.7 (1M context) <noreply@anthropic.com>
      41bffb6b
  6. 25 May, 2026 2 commits
  7. 13 May, 2026 3 commits
  8. 09 May, 2026 14 commits