- 18 Feb, 2026 13 commits
-
-
Vitaly Lipatov authored
route-update.service: loads/restores policy routes at boot and periodically (5min) route-health.service: monitors gateway health and manages failover (1min) Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
The default (no args) mode already detects missing ip rules and empty routing tables, making --set-rules redundant. This simplifies the interface and service configuration. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
When a group has set-default in options, route-health.sh now reads gateways in priority order and picks the first healthy one as default. Also refactored health checking into get_health() helper and added rt_tables lookup fallback for table resolution. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
The set-default option in group options is now handled exclusively by route-health.sh which has access to gateway health data from InfluxDB and can make informed failover decisions. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Gateway file now accepts hostnames in addition to IPs and "default". Hostnames are resolved via dig (A for IPv4, AAAA for IPv6). Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Filter out nexthop continuation lines (starting with tab) when counting routes and detecting stale entries. Fixes incorrect count with multipath. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Replace flush+load with replace-all+remove-stale approach: routes are never missing during reload. Add post-update route count verification. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Separate lists_hash tracks list file changes independently. When only gateway or options file changed, reuse saved resolved IPs instead of re-resolving all domains. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
When saved table number differs from current (e.g. after manual rt_tables edit), flush old table and ip rule before reloading into new table. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Table number is now resolved by: 1) legacy table file, 2) rt_tables by group name, 3) last octet of gateway IP (auto-registered in rt_tables). New options file support: set-default flag sets system default route via group's gateway. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 17 Feb, 2026 17 commits
-
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
System Administrator authored
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Update routes6.d structure: replace ogw with gre group (table 222) - Fix NETMAP prefix /120 → /118, show igw as gateway (not egw) - Add OpenVPN NAT66 and Xray L7 proxy sections - Update ip rule show to include gre (pref 2220), add IPv6 packet flow - Document --verbose flag and partial route loss detection (1% tolerance) Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Previously auto-recovery only triggered when routing table was completely empty. Now it also reloads when route count drops below 99% of expected (from resolved state file). Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Add --verbose/-v flag with detailed logging at all decision points: group config, hash comparison, rule/route checks, resolve stats - Use ip -N (numeric) for rule show to avoid name vs number mismatch that could cause false-positive "no changes" when rules were missing Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
- Document routes6.d/ structure and IPv6 processing - Add GRE tunnel + NPTv6 prefix translation diagram - Document "default" keyword behavior for IPv4/IPv6 - Document IPv4 filtering in IPv6 mode - Document automatic rules/routes recovery - Note routes.d/ and routes6.d/ are site-specific (not in git) - Update state section with gateway tracking Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
When processing routes6.d, pure-IP list files may contain IPv4 addresses/subnets. Filter them out by only passing lines with ":" (IPv6 addresses) in IPv6 mode. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
These directories contain deployment-specific config (gateways, tables, symlinks to local lists) that vary per installation. Add .gitignore. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Pass ip command to read_group_config() so "default" keyword resolves via "ip -6 route" for routes6.d groups instead of always using IPv4. Also detect address family from directory location instead of gateway content for --add/--del/--flush commands. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Replace fc00:eeee:eeee:eeee::1 placeholder with actual gateway 2a03:5a00:c:20::122 (CT 680 gre.hetzner). Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
When ip rules or routing tables are empty (e.g. after networkctl reconfigure), force reload even if list hashes match. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Support "default" keyword in gateway file to use the machine's default route. Add dgw route group (table 2, pref 20) to override ogw/egw for addresses that should go directly without tunnels. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 16 Feb, 2026 1 commit
-
-
Vitaly Lipatov authored
Skips the file hash check but keeps the resolved IP diff, so routes are only reloaded when DNS actually returns different IPs. Useful for cron: `*/15 * * * * ./route-update.sh --resolve` Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 15 Feb, 2026 1 commit
-
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 14 Feb, 2026 4 commits
-
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
When gateway file contains multiple IPs, generate multipath routes with nexthop per gateway (weight 1 each). Kernel distributes traffic per-flow across gateways. Single gateway: route replace IP via GW table T Multiple: route replace IP table T nexthop via GW1 weight 1 nexthop via GW2 weight 1 Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Directory name is now a logical group name (egw, ogw) with gateway and table specified in files, same as routes6.d/. Unify process_v4 and process_v6 into a single process_routes function. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
- 13 Feb, 2026 4 commits
-
-
Vitaly Lipatov authored
Drop iif interface restriction so policy routes apply to both forwarded and locally-generated traffic. Suppress harmless "FIB table does not exist" errors on first flush. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Split .list files into pure-IP (antifilter) and domain lists. Pure IP files go through cat directly, avoiding slow per-line bash processing of 155k entries through cat_expanded and is_ipv4. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
154k lines of ipresolve.lst made while-read loop extremely slow. Use grep to instantly separate IPs from domains. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Replace ipset+mangle approach with pure ip route tables. Configuration via routes.d/ (IPv4) and routes6.d/ (IPv6) directories where each subdirectory = gateway and .list symlinks = domain/IP lists. Features: - Hash-based change detection (skip if lists unchanged) - Double check: file hash + resolved IPs diff - Batch route loading via ip -batch - Automatic cleanup of orphaned state - --show/--force/--add/--del/--flush options Also adds is_ipv6() and get_ipv6_list_bulk() to functions. Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-