diff options
-rw-r--r-- | doc/net.example.Linux.in | 7 | ||||
-rw-r--r-- | net/iproute2.sh | 56 |
2 files changed, 54 insertions, 9 deletions
diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in index a86eebc1..0ee83a6e 100644 --- a/doc/net.example.Linux.in +++ b/doc/net.example.Linux.in @@ -932,6 +932,8 @@ # /etc/iproute2/rt_tables, an example follows: # 2 oob # 3 external +# +# IPv6 RPDB entries are to be found in the rules6_IFVAR variables: #rules_eth0=" #from ZZZ.ZZZ.200.128/27 table oob priority 500 @@ -946,6 +948,11 @@ #XXX.XXX.112.0/24 dev eth1 table external scope link #default via XXX.XXX.112.1 dev eth1" +# IPv6 example: +#rules6_eth0=" +#from 2001:0DB8:AAAA:BBBB::/64 table vpn priority 100 +#to 2001:0DB8:AAAA:BBBB::/64 table vpn priority 150" + #----------------------------------------------------------------------------- # System diff --git a/net/iproute2.sh b/net/iproute2.sh index e177c6d9..4e7e88c8 100644 --- a/net/iproute2.sh +++ b/net/iproute2.sh @@ -211,7 +211,16 @@ _trim() { # This is our interface to Routing Policy Database RPDB # This allows for advanced routing tricks _ip_rule_runner() { - local cmd rules OIFS="${IFS}" + local cmd rules OIFS="${IFS}" family + if [ "x$1" = "-4" ]; then + family="$1" + shift + elif [ "x$1" = "-6" ]; then + family="$1" + shift + else + family="-4" + fi cmd="$1" rules="$2" veindent @@ -221,7 +230,7 @@ _ip_rule_runner() { ruN="$(_trim "${ru}")" [ -z "${ruN}" ] && continue vebegin "${cmd} ${ruN}" - ip rule ${cmd} ${ru} + ip $family rule ${cmd} ${ru} veend $? local IFS="$__IFS" done @@ -277,15 +286,30 @@ iproute2_post_start() if [ -e /proc/net/route ]; then local rules="$(_get_array "rules_${IFVAR}")" if [ -n "${rules}" ]; then - if ! ip rule list | grep -q "^"; then + if ! ip -4 rule list | grep -q "^"; then eerror "IP Policy Routing (CONFIG_IP_MULTIPLE_TABLES) needed for ip rule" else service_set_value "ip_rule" "${rules}" - einfo "Adding RPDB rules" - _ip_rule_runner add "${rules}" + einfo "Adding IPv4 RPDB rules" + _ip_rule_runner -4 add "${rules}" fi fi - ip route flush table cache dev "${IFACE}" + ip -4 route flush table cache dev "${IFACE}" + fi + + # Kernel may not have IPv6 built in + if [ -e /proc/net/ipv6_route ]; then + local rules="$(_get_array "rules6_${IFVAR}")" + if [ -n "${rules}" ]; then + if ! ip -6 rule list | grep -q "^"; then + eerror "IPv6 Policy Routing (CONFIG_IPV6_MULTIPLE_TABLES) needed for ip rule" + else + service_set_value "ip6_rule" "${rules}" + einfo "Adding IPv6 RPDB rules" + _ip_rule_runner -6 add "${rules}" + fi + fi + ip -6 route flush table cache dev "${IFACE}" fi if _iproute2_ipv6_tentative; then @@ -308,13 +332,27 @@ iproute2_post_stop() if [ -e /proc/net/route ]; then local rules="$(service_get_value "ip_rule")" if [ -n "${rules}" ]; then - einfo "Removing RPDB rules" - _ip_rule_runner del "${rules}" + einfo "Removing IPv4 RPDB rules" + _ip_rule_runner -4 del "${rules}" + fi + + # Only do something if the interface actually exist + if _exists; then + ip -4 route flush table cache dev "${IFACE}" + fi + fi + + # Kernel may not have IPv6 built in + if [ -e /proc/net/ipv6_route ]; then + local rules="$(service_get_value "ip6_rule")" + if [ -n "${rules}" ]; then + einfo "Removing IPv6 RPDB rules" + _ip_rule_runner -6 del "${rules}" fi # Only do something if the interface actually exist if _exists; then - ip route flush table cache dev "${IFACE}" + ip -6 route flush table cache dev "${IFACE}" fi fi |