Closed dtaht closed 9 years ago
sbyx
commented
9 years ago That was actually added to netifd in June. So its probably LuCI not being able to handle it. Please try:
config route foo option interface lan option target 172.23.4.0 option netmask 255.255.254.0 option type unreachable
Also FYI we do something like this automatically for IPv6 delegated prefixes / ULAs. Maybe we should do something similar for the IPv4 prefix.
dtaht
commented
9 years ago awsome... the wiki needs an update. :) But no, I just added that syntax to the bb + hnetd box (still not doing anything other than starting hnetd, no interfaces managed) and the unreach route wasnt created (or if it was, only briefly). Chaos calmer only?
dtaht
commented
9 years ago nope. not in plain old bb either.
sbyx
commented
9 years ago okay will look into it / fix it tomorrow. seing the same issue here, it was user submitted patch so meh.
sbyx
commented
9 years ago http://git.openwrt.org/?p=project/netifd.git;a=commitdiff;h=3c570d03d747f6835bfecbf8a43e0b7092015fad
proposed patch. I will push it to CC and do some more testing tomorrow.
sbyx
commented
9 years ago As temporary work-around you could probably add a script to /etc/hotplug.d/iface/ with contents similar to:
[ "$ACTION" = "ifup" -a "$INTERFACE" = "lan" ] && ip route add unreachable 172.23.4.0/23 proto static
dtaht
commented
9 years ago I deployed that change to ifup. Thanks. As for the netifd change, does that mean that uci already supports the syntax, luci doesnt?
sbyx
commented
9 years ago Correct, also I just verified that it works correctly now in trunk with the snippet above: https://github.com/sbyx/hnetd/issues/23#issuecomment-64484321
so, I have this hack that lets me use covering unreachable routes, which involves running the fw3 script to insert it in /etc/firewall.user, merely adding in this case a
ip route add unreachable 172.23.4.0/23 proto static exit 0
it looks like somehow fw3 is never getting called while hnetd is trying to sort itself out. and you cant run a script out of /etc/network. Or something is flushing all routes along the way.
0) yes, yes, what I am doing is still trying to fit hnetd into my preconceptions of an existing network... (all I really wanted was ipv6 prefix distribution... whine....)
maybe I can put that route in a different table?
1) I (or someone) should get around to making /etc/config/network (netifd and luci) capable of taking unreachable or blackhole routes directly in it. (and luci). There is no syntax in the route section capable of it.
config 'route' 'name_your_route' option 'interface' 'lan' option 'target' '172.16.123.0' option 'netmask' '255.255.255.0' option 'gateway' '172.16.123.100'