net/iproute2: Support routing policy for IPv6 per bug #385833
For creation of routing policy entries for IPv6, the family must be explicitly specified to 'ip'. X-Gentoo-Bug: 385833 X-Gentoo-Bug-URL: https://bugs.gentoo.org/385833 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
This commit is contained in:
parent
ac2391e0cb
commit
06f6ce408c
@ -932,6 +932,8 @@
|
|||||||
# /etc/iproute2/rt_tables, an example follows:
|
# /etc/iproute2/rt_tables, an example follows:
|
||||||
# 2 oob
|
# 2 oob
|
||||||
# 3 external
|
# 3 external
|
||||||
|
#
|
||||||
|
# IPv6 RPDB entries are to be found in the rules6_IFVAR variables:
|
||||||
|
|
||||||
#rules_eth0="
|
#rules_eth0="
|
||||||
#from ZZZ.ZZZ.200.128/27 table oob priority 500
|
#from ZZZ.ZZZ.200.128/27 table oob priority 500
|
||||||
@ -946,6 +948,11 @@
|
|||||||
#XXX.XXX.112.0/24 dev eth1 table external scope link
|
#XXX.XXX.112.0/24 dev eth1 table external scope link
|
||||||
#default via XXX.XXX.112.1 dev eth1"
|
#default via XXX.XXX.112.1 dev eth1"
|
||||||
|
|
||||||
|
# IPv6 example:
|
||||||
|
#rules6_eth0="
|
||||||
|
#from 2001:0DB8:AAAA:BBBB::/64 table vpn priority 100
|
||||||
|
#to 2001:0DB8:AAAA:BBBB::/64 table vpn priority 150"
|
||||||
|
|
||||||
|
|
||||||
#-----------------------------------------------------------------------------
|
#-----------------------------------------------------------------------------
|
||||||
# System
|
# System
|
||||||
|
@ -211,7 +211,16 @@ _trim() {
|
|||||||
# This is our interface to Routing Policy Database RPDB
|
# This is our interface to Routing Policy Database RPDB
|
||||||
# This allows for advanced routing tricks
|
# This allows for advanced routing tricks
|
||||||
_ip_rule_runner() {
|
_ip_rule_runner() {
|
||||||
local cmd rules OIFS="${IFS}"
|
local cmd rules OIFS="${IFS}" family
|
||||||
|
if [ "x$1" = "-4" ]; then
|
||||||
|
family="$1"
|
||||||
|
shift
|
||||||
|
elif [ "x$1" = "-6" ]; then
|
||||||
|
family="$1"
|
||||||
|
shift
|
||||||
|
else
|
||||||
|
family="-4"
|
||||||
|
fi
|
||||||
cmd="$1"
|
cmd="$1"
|
||||||
rules="$2"
|
rules="$2"
|
||||||
veindent
|
veindent
|
||||||
@ -221,7 +230,7 @@ _ip_rule_runner() {
|
|||||||
ruN="$(_trim "${ru}")"
|
ruN="$(_trim "${ru}")"
|
||||||
[ -z "${ruN}" ] && continue
|
[ -z "${ruN}" ] && continue
|
||||||
vebegin "${cmd} ${ruN}"
|
vebegin "${cmd} ${ruN}"
|
||||||
ip rule ${cmd} ${ru}
|
ip $family rule ${cmd} ${ru}
|
||||||
veend $?
|
veend $?
|
||||||
local IFS="$__IFS"
|
local IFS="$__IFS"
|
||||||
done
|
done
|
||||||
@ -277,15 +286,30 @@ iproute2_post_start()
|
|||||||
if [ -e /proc/net/route ]; then
|
if [ -e /proc/net/route ]; then
|
||||||
local rules="$(_get_array "rules_${IFVAR}")"
|
local rules="$(_get_array "rules_${IFVAR}")"
|
||||||
if [ -n "${rules}" ]; then
|
if [ -n "${rules}" ]; then
|
||||||
if ! ip rule list | grep -q "^"; then
|
if ! ip -4 rule list | grep -q "^"; then
|
||||||
eerror "IP Policy Routing (CONFIG_IP_MULTIPLE_TABLES) needed for ip rule"
|
eerror "IP Policy Routing (CONFIG_IP_MULTIPLE_TABLES) needed for ip rule"
|
||||||
else
|
else
|
||||||
service_set_value "ip_rule" "${rules}"
|
service_set_value "ip_rule" "${rules}"
|
||||||
einfo "Adding RPDB rules"
|
einfo "Adding IPv4 RPDB rules"
|
||||||
_ip_rule_runner add "${rules}"
|
_ip_rule_runner -4 add "${rules}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
ip route flush table cache dev "${IFACE}"
|
ip -4 route flush table cache dev "${IFACE}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Kernel may not have IPv6 built in
|
||||||
|
if [ -e /proc/net/ipv6_route ]; then
|
||||||
|
local rules="$(_get_array "rules6_${IFVAR}")"
|
||||||
|
if [ -n "${rules}" ]; then
|
||||||
|
if ! ip -6 rule list | grep -q "^"; then
|
||||||
|
eerror "IPv6 Policy Routing (CONFIG_IPV6_MULTIPLE_TABLES) needed for ip rule"
|
||||||
|
else
|
||||||
|
service_set_value "ip6_rule" "${rules}"
|
||||||
|
einfo "Adding IPv6 RPDB rules"
|
||||||
|
_ip_rule_runner -6 add "${rules}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
ip -6 route flush table cache dev "${IFACE}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if _iproute2_ipv6_tentative; then
|
if _iproute2_ipv6_tentative; then
|
||||||
@ -308,13 +332,27 @@ iproute2_post_stop()
|
|||||||
if [ -e /proc/net/route ]; then
|
if [ -e /proc/net/route ]; then
|
||||||
local rules="$(service_get_value "ip_rule")"
|
local rules="$(service_get_value "ip_rule")"
|
||||||
if [ -n "${rules}" ]; then
|
if [ -n "${rules}" ]; then
|
||||||
einfo "Removing RPDB rules"
|
einfo "Removing IPv4 RPDB rules"
|
||||||
_ip_rule_runner del "${rules}"
|
_ip_rule_runner -4 del "${rules}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Only do something if the interface actually exist
|
# Only do something if the interface actually exist
|
||||||
if _exists; then
|
if _exists; then
|
||||||
ip route flush table cache dev "${IFACE}"
|
ip -4 route flush table cache dev "${IFACE}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Kernel may not have IPv6 built in
|
||||||
|
if [ -e /proc/net/ipv6_route ]; then
|
||||||
|
local rules="$(service_get_value "ip6_rule")"
|
||||||
|
if [ -n "${rules}" ]; then
|
||||||
|
einfo "Removing IPv6 RPDB rules"
|
||||||
|
_ip_rule_runner -6 del "${rules}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Only do something if the interface actually exist
|
||||||
|
if _exists; then
|
||||||
|
ip -6 route flush table cache dev "${IFACE}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user