diff options
| -rw-r--r-- | doc/net.example.Linux.in | 5 | ||||
| -rw-r--r-- | net/iproute2.sh | 71 |
2 files changed, 47 insertions, 29 deletions
diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in index d8fa084..ff8e7cd 100644 --- a/doc/net.example.Linux.in +++ b/doc/net.example.Linux.in @@ -1008,6 +1008,11 @@ #from 2001:0DB8:AAAA:BBBB::/64 table vpn priority 100 #to 2001:0DB8:AAAA:BBBB::/64 table vpn priority 150" +# On rare occasions you may want routing policy rules to be applied +# before routes are applied, rather than after. This can be controlled +# via 'policy_rules_before_routes', which defaults to 'no'. See +# https://bugs.gentoo.org/show_bug.cgi?id=446606 for a discussion. +#policy_rules_before_routes_eth0="yes" #----------------------------------------------------------------------------- # System diff --git a/net/iproute2.sh b/net/iproute2.sh index 3bab7b7..7aeeb99 100644 --- a/net/iproute2.sh +++ b/net/iproute2.sh @@ -252,6 +252,39 @@ _ip_rule_runner() { veoutdent } +_iproute2_policy_routing() +{ + # Kernel may not have IP built in + if [ -e /proc/net/route ]; then + local rules="$(_get_array "rules_${IFVAR}")" + if [ -n "${rules}" ]; then + if ! ip -4 rule list | grep -q "^"; then + eerror "IP Policy Routing (CONFIG_IP_MULTIPLE_TABLES) needed for ip rule" + else + service_set_value "ip_rule" "${rules}" + einfo "Adding IPv4 RPDB rules" + _ip_rule_runner -4 add "${rules}" + fi + fi + ip -4 route flush table cache dev "${IFACE}" + fi + + # Kernel may not have IPv6 built in + if [ -e /proc/net/ipv6_route ]; then + local rules="$(_get_array "rules6_${IFVAR}")" + if [ -n "${rules}" ]; then + if ! ip -6 rule list | grep -q "^"; then + eerror "IPv6 Policy Routing (CONFIG_IPV6_MULTIPLE_TABLES) needed for ip rule" + else + service_set_value "ip6_rule" "${rules}" + einfo "Adding IPv6 RPDB rules" + _ip_rule_runner -6 add "${rules}" + fi + fi + ip -6 route flush table cache dev "${IFACE}" + fi +} + iproute2_pre_start() { local tunnel= @@ -281,6 +314,11 @@ iproute2_pre_start() eval len=\$txqueuelen_${IFVAR} [ -n "${len}" ] && ip link set dev "${IFACE}" txqueuelen "${len}" + local policyroute_order= + eval policyroute_order=\$policy_rules_before_routes_${IFVAR} + [ -z "$policyroute_order" ] && policyroute_order=${policy_rules_before_routes:-no} + yesno "$policyroute_order" && _iproute2_policy_routing + return 0 } @@ -296,35 +334,10 @@ iproute2_post_start() { local n=5 - # Kernel may not have IP built in - if [ -e /proc/net/route ]; then - local rules="$(_get_array "rules_${IFVAR}")" - if [ -n "${rules}" ]; then - if ! ip -4 rule list | grep -q "^"; then - eerror "IP Policy Routing (CONFIG_IP_MULTIPLE_TABLES) needed for ip rule" - else - service_set_value "ip_rule" "${rules}" - einfo "Adding IPv4 RPDB rules" - _ip_rule_runner -4 add "${rules}" - fi - fi - ip -4 route flush table cache dev "${IFACE}" - fi - - # Kernel may not have IPv6 built in - if [ -e /proc/net/ipv6_route ]; then - local rules="$(_get_array "rules6_${IFVAR}")" - if [ -n "${rules}" ]; then - if ! ip -6 rule list | grep -q "^"; then - eerror "IPv6 Policy Routing (CONFIG_IPV6_MULTIPLE_TABLES) needed for ip rule" - else - service_set_value "ip6_rule" "${rules}" - einfo "Adding IPv6 RPDB rules" - _ip_rule_runner -6 add "${rules}" - fi - fi - ip -6 route flush table cache dev "${IFACE}" - fi + local policyroute_order= + eval policyroute_order=\$policy_rules_before_routes_${IFVAR} + [ -z "$policyroute_order" ] && policyroute_order=${policy_rules_before_routes:-no} + yesno "$policyroute_order" || _iproute2_policy_routing if _iproute2_ipv6_tentative; then ebegin "Waiting for IPv6 addresses" |