From ee4abe513bce5a44e9be140c1f3c8f3ed94ade0d Mon Sep 17 00:00:00 2001 From: Andre Fernando Zanella Kantek Date: Thu, 19 May 2022 10:54:56 -0300 Subject: [PATCH] Debian: accept netmask or prefix-length on /etc/network/routes file This change add support to accept netmask or prefix-length on the routes file, internally the commands will use prefix-len Change the command from "route" to "ip route" as this one have better support for IPv6 (route --inet6 add is failing on Debian). Also, on the validation functions, the address family is set to allow IPv6 route check. Test Plan: PASS add IPv6 static routes with system host-route-add PASS add IPv4 static routes with system host-route-add PASS remove IPv6 static routes with system host-route-delete PASS remove IPv4 static routes with system host-route-delete Closes-Bug: 1974229 Signed-off-by: Andre Fernando Zanella Kantek Change-Id: I33d249892b717f4e808a995ced455c4c9ac763f2 --- debian_pkg_dirs | 1 + ...r-prefix-length-on-etc-network-route.patch | 252 ++++++++++++++++++ .../ifupdown-extra/debian/deb_patches/series | 1 + .../ifupdown-extra/debian/meta_data.yaml | 7 + 4 files changed, 261 insertions(+) create mode 100644 networking/ifupdown-extra/debian/deb_patches/0001-Accept-netmask-or-prefix-length-on-etc-network-route.patch create mode 100644 networking/ifupdown-extra/debian/deb_patches/series create mode 100644 networking/ifupdown-extra/debian/meta_data.yaml diff --git a/debian_pkg_dirs b/debian_pkg_dirs index 30b3f485d..3d6d4ab95 100644 --- a/debian_pkg_dirs +++ b/debian_pkg_dirs @@ -61,6 +61,7 @@ kubernetes/runc ldap/ldapscripts ldap/openldap livepatch/kpatch +networking/ifupdown-extra networking/lldpd networking/net-tools ostree/initramfs-ostree diff --git a/networking/ifupdown-extra/debian/deb_patches/0001-Accept-netmask-or-prefix-length-on-etc-network-route.patch b/networking/ifupdown-extra/debian/deb_patches/0001-Accept-netmask-or-prefix-length-on-etc-network-route.patch new file mode 100644 index 000000000..5ec9b9a1c --- /dev/null +++ b/networking/ifupdown-extra/debian/deb_patches/0001-Accept-netmask-or-prefix-length-on-etc-network-route.patch @@ -0,0 +1,252 @@ +From d6b8917a04b72bc59c641b7a6fdce27e160e9b31 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Javier=20Fernandez-Sanguino=20Pe=C3=B1a?= +Date: Thu, 19 May 2022 10:11:21 -0300 +Subject: [PATCH] Accept netmask or prefix-length on /etc/network/routes file +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This change adds support for both netmask or prefix-length on the +routes file. Internally "route" command is deprecated in favor of +"ip route" as it support better newer kernels + +Signed-off-by: Andre Fernando Zanella Kantek +--- + debian/ifupdown-extra.networking-routes.init | 61 +++++++++++++++++--- + debian/network-routes | 12 +++- + if-up-scripts/static-routes | 50 ++++++++++++++-- + 3 files changed, 107 insertions(+), 16 deletions(-) + +diff --git a/debian/ifupdown-extra.networking-routes.init b/debian/ifupdown-extra.networking-routes.init +index c10b658..db1254d 100755 +--- a/debian/ifupdown-extra.networking-routes.init ++++ b/debian/ifupdown-extra.networking-routes.init +@@ -55,6 +55,32 @@ ROUTEFILE="/etc/network/routes" + VERBOSITY=${VERBOSITY:-0} + + ++function get_prefix_length { ++ netmask=$1 ++ if [[ ${netmask} =~ .*:.* ]]; then ++ # IPv6 ++ awk -F: '{ ++ split($0, octets) ++ for (i in octets) { ++ decval = strtonum("0x"octets[i]) ++ mask += 16 - log(2**16 - decval)/log(2); ++ } ++ print "/" mask ++ }' <<< ${netmask} ++ elif [[ ${netmask} =~ .*\..* ]]; then ++ # IPv4 ++ awk -F. '{ ++ split($0, octets) ++ for (i in octets) { ++ mask += 8 - log(2**8 - octets[i])/log(2); ++ } ++ print "/" mask ++ }' <<< ${netmask} ++ elif [[ ${netmask} =~ ^[0-9]+$ ]]; then ++ echo "/${netmask}" ++ fi ++} ++ + # Functions to read the route file and process it + + +@@ -92,17 +118,19 @@ del_global_routes() { + cat $ROUTEFILE | egrep "^[^#].*$" | + while read network netmask gateway interface ; do + if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] && [ -n "$gateway" ] ; then ++ local prefix_len ++ prefix_len=$(get_prefix_length ${netmask}) + if [ "$gateway" != "reject" ] ; then + [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Deleting global route for $network / $netmask through gateway $gateway" + if [ "$interface" != "any" ] ; then +- run_route del $network/$netmask via $gateway dev $interface ++ run_route del ${network}${prefix_len} via ${gateway} dev ${interface} + else +- run_route del $network/$netmask via $gateway ++ run_route del ${network}${prefix_len} via ${gateway} + fi + [ $? -ne 0 ] && ret=$? + else + [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Deleting reject route for $network / $netmask" +- run_route del $network/$netmask reject ++ run_route del ${network}${prefix_len} reject + [ $? -ne 0 ] && ret=$? + fi + +@@ -119,17 +147,19 @@ add_global_routes() { + cat $ROUTEFILE | egrep "^[^#].*$" | + while read network netmask gateway interface ; do + if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] && [ -n "$gateway" ] ; then ++ local prefix_len ++ prefix_len=$(get_prefix_length ${netmask}) + if [ "$gateway" != "reject" ] ; then + [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding global route for $network / $netmask through gateway $gateway" + if [ "$interface" != "any" ] ; then +- run_route add $network/$netmask via $gateway dev $interface ++ run_route add ${network}${prefix_len} via ${gateway} dev ${interface} + else +- run_route add $network/$netmask via $gateway ++ run_route add ${network}${prefix_len} via ${gateway} + fi + [ $? -ne 0 ] && ret=$? + else + [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding global reject route for $network / $netmask" +- run_route add $network/$netmask reject ++ run_route add ${network}${prefix_len} reject + [ $? -ne 0 ] && ret=$? + fi + +@@ -146,14 +176,29 @@ check_global_routes() { + cat $ROUTEFILE | egrep "^[^#].*$" | + while read network netmask gateway interface ; do + if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] && [ -n "$gateway" ] ; then ++ local af='--inet' + if [ "$gateway" != "reject" ] ; then + if [ "$interface" != "any" ] ; then +- if ! route | egrep -q "^${network}\s+${gateway}\s+${netmask}.*${interface}" ; then ++ local search_str="^${network}\s+${gateway}\s+${netmask}.*${interface}" ++ if [[ ${network} =~ .*:.* ]]; then ++ local prefix_len ++ prefix_len=$(get_prefix_length ${netmask}) ++ af='--inet6'; ++ search_str="${network}${prefix_len}\s+${gateway}.*${interface}" ++ fi ++ if ! route ${af} -n | egrep -q ${search_str} ; then + ret=1 + log_failure_msg "Route to network ${network}/${netmask} via ${gateway} is not configured in interface ${interface}" + fi + else +- if ! route | egrep -q "^${network}\s+${gateway}\s+${netmask}" ; then ++ local search_str="^${network}\s+${gateway}\s+${netmask}" ++ if [[ ${network} =~ .*:.* ]]; then ++ local prefix_len ++ prefix_len=$(get_prefix_length ${netmask}) ++ af='--inet6'; ++ search_str="${network}${prefix_len}\s+${gateway}" ++ fi ++ if ! route ${af} -n | egrep -q ${search_str} ; then + log_failure_msg "Route to network ${network}/${netmask} via ${gateway} is not configured" + ret=1 + fi +diff --git a/debian/network-routes b/debian/network-routes +index 78de41a..789c51d 100644 +--- a/debian/network-routes ++++ b/debian/network-routes +@@ -7,10 +7,18 @@ + # + # This file includes a list of routes for different networks following + # the format: # Network Netmask Gateway Interface ++# Netmask can be set as the mask or the prefix length + # + # Example: +-# 172.1.1.0 255.255.255.0 192.168.0.1 eth0 +-# ++# IPv4: ++# 172.1.1.0 255.255.255.0 192.168.0.1 eth0 ++# or ++# 172.1.1.0 24 192.168.0.1 eth0 ++# ++# IPv6: ++# 2001:2002:2003:: ffff:ffff:ffff:ffff:: fd00::1 eth0 ++# or ++# 2001:2002:2003:: 64 fd00::1 eth0 + # + # If you want to add a route that will be added regardless of interfaces + # you will have to use the 'any' interface. This can be handy if you want +diff --git a/if-up-scripts/static-routes b/if-up-scripts/static-routes +index 3db5f29..867303d 100755 +--- a/if-up-scripts/static-routes ++++ b/if-up-scripts/static-routes +@@ -59,6 +59,32 @@ VERBOSITY=${VERBOSITY:-0} + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901612 + if [ ${IFACE} = "--all" ]; then IFACE="[[:alnum:]]+"; fi + ++function get_prefix_length { ++ netmask=$1 ++ if [[ ${netmask} =~ .*:.* ]]; then ++ # IPv6 ++ awk -F: '{ ++ split($0, octets) ++ for (i in octets) { ++ decval = strtonum("0x"octets[i]) ++ mask += 16 - log(2**16 - decval)/log(2); ++ } ++ print "/" mask ++ }' <<< ${netmask} ++ elif [[ ${netmask} =~ .*\..* ]]; then ++ # IPv4 ++ awk -F. '{ ++ split($0, octets) ++ for (i in octets) { ++ mask += 8 - log(2**8 - octets[i])/log(2); ++ } ++ print "/" mask ++ }' <<< ${netmask} ++ elif [[ ${netmask} =~ ^[0-9]+$ ]]; then ++ echo "/${netmask}" ++ fi ++} ++ + del_static_routes() { + # NOTE: We actually don't have to remove routes if downing an interface + # since they will be removed nevertheless. In any case, this +@@ -67,12 +93,14 @@ del_static_routes() { + cat $ROUTEFILE | egrep "^[^#].*[[:space:]]${IFACE}[[:space:]]*$" | + while read network netmask gateway interface ; do + if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] && [ -n "$gateway" ] ; then ++ local prefix_len ++ prefix_len=$(get_prefix_length ${netmask}) + if [ "$gateway" != "reject" ] ; then + [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Deleting route for $network / $netmask through gateway $gateway at $interface" +- route del -net $network netmask $netmask gw $gateway dev $interface ++ ip route del ${network}${prefix_len} via ${gateway} dev ${interface} + else + [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Deleting reject route for $network / $netmask when bringing up $interface" +- route del -net $network netmask $netmask reject ++ ip route del ${network}${prefix_len} reject + fi + + else +@@ -85,12 +113,14 @@ add_static_routes() { + cat $ROUTEFILE | egrep "^[^#].*[[:space:]]${IFACE}[[:space:]]*$" | + while read network netmask gateway interface ; do + if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] && [ -n "$gateway" ] ; then ++ local prefix_len ++ prefix_len=$(get_prefix_length ${netmask}) + if [ "$gateway" != "reject" ] && [ "$gateway" != "blackhole" ] ; then +- [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding route for $network / $netmask through gateway $gateway at $interface" +- route add -net $network netmask $netmask gw $gateway dev $interface ++ [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding route for $network / $netmask through gateway $gateway at $interface" ++ ip route add ${network}${prefix_len} via ${gateway} dev ${interface} + else + [ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding reject/blackhole route for $network / $netmask when bringing up $interface" +- ip route add blackhole $network/$netmask ++ ip route add blackhole ${network}${prefix_len} + fi + + else +@@ -103,8 +133,16 @@ check_static_routes() { + cat $ROUTEFILE | egrep "^[^#].*[[:space:]]${IFACE}[[:space:]]*$" | + while read network netmask gateway interface ; do + if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] && [ -n "$gateway" ] ; then ++ local af='--inet' + if [ "$gateway" != "reject" ] ; then +- if ! route -n | egrep -q "${network}\s+${gateway}\s+${netmask}.*${interface}"; then ++ local search_str="${network}\s+${gateway}\s+${netmask}.*${interface}" ++ if [[ ${network} =~ .*:.* ]]; then ++ local prefix_len ++ prefix_len=$(get_prefix_length ${netmask}) ++ af='--inet6'; ++ search_str="${network}${prefix_len}\s+${gateway}.*${interface}" ++ fi ++ if ! route ${af} -n | egrep -q ${search_str}; then + echo "ERROR: Route '$network $netmask $gateway $interface' defined in $ROUTEFILE is not configured" + fi + fi +-- +2.17.1 + diff --git a/networking/ifupdown-extra/debian/deb_patches/series b/networking/ifupdown-extra/debian/deb_patches/series new file mode 100644 index 000000000..a613dcd78 --- /dev/null +++ b/networking/ifupdown-extra/debian/deb_patches/series @@ -0,0 +1 @@ +0001-Accept-netmask-or-prefix-length-on-etc-network-route.patch \ No newline at end of file diff --git a/networking/ifupdown-extra/debian/meta_data.yaml b/networking/ifupdown-extra/debian/meta_data.yaml new file mode 100644 index 000000000..fa158d50f --- /dev/null +++ b/networking/ifupdown-extra/debian/meta_data.yaml @@ -0,0 +1,7 @@ +--- +debver: 0.32 +debname: ifupdown-extra +archive: https://snapshot.debian.org/archive/debian/20220519T084715Z/pool/main/i/ifupdown-extra/ +revision: + dist: $STX_DIST + PKG_GITREVCOUNT: true