From 9ec8e2b6dc8144d4d5a17e53b1c183e22497580f Mon Sep 17 00:00:00 2001 From: zsdc Date: Thu, 15 Apr 2021 00:20:44 +0300 Subject: dhclient: T3392: Changed dhclient-script hooks for VRF There were two problems with VRF support inside dhclient-script: - VRF check inside the `01-vyos-cleanup` hook was needless because it will be done inside the `03-vyos-ipwrapper` anyway; - VRF was ignored for in-kernel routes in `03-vyos-ipwrapper`. Theoretically, there must be no situation now when this can leads to a real problem, but better will be to keep both kernel and FRR backends in sync. Also, the way to get and use a VRF name was changed to an easier one. --- .../dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper | 21 +++++++++------------ src/etc/dhcp/dhclient-exit-hooks.d/01-vyos-cleanup | 10 ++-------- 2 files changed, 11 insertions(+), 20 deletions(-) (limited to 'src') diff --git a/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper b/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper index fc035766b..74a7e83bf 100644 --- a/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper +++ b/src/etc/dhcp/dhclient-enter-hooks.d/03-vyos-ipwrapper @@ -3,6 +3,9 @@ # default route distance IF_METRIC=${IF_METRIC:-210} +# Check if interface is inside a VRF +VRF_OPTION=$(/usr/sbin/ip -j -d link show ${interface} | awk '{if(match($0, /.*"master":"(\w+)".*"info_slave_kind":"vrf"/, IFACE_DETAILS)) printf("vrf %s", IFACE_DETAILS[1])}') + # get status of FRR function frr_alive () { /usr/lib/frr/watchfrr.sh all_status @@ -51,12 +54,7 @@ function iptovtysh () { shift 2 fi - # Add route to VRF routing table - local VTYSH_VRF_NAME=$(/usr/sbin/ip link show dev $VTYSH_DEV | sed -nre '1s/.* master ([^ ]*) .*/\1/p') - if /usr/sbin/ip -d link show dev $VTYSH_DEV | grep -q "vrf_slave"; then - VTYSH_VRF="vrf $VTYSH_VRF_NAME" - fi - VTYSH_CMD="ip route $VTYSH_NETADDR $VTYSH_GATEWAY $VTYSH_DEV tag $VTYSH_TAG $VTYSH_DISTANCE $VTYSH_VRF" + VTYSH_CMD="ip route $VTYSH_NETADDR $VTYSH_GATEWAY $VTYSH_DEV tag $VTYSH_TAG $VTYSH_DISTANCE $VRF_OPTION" # delete route if the command is "del" if [ "$VTYSH_ACTION" == "del" ] ; then @@ -67,10 +65,10 @@ function iptovtysh () { # delete the same route from kernel before adding new one function delroute () { - logmsg info "Checking if the route presented in kernel: $@" - if /usr/sbin/ip route show $@ | grep -qx "$1 " ; then - logmsg info "Deleting IP route: \"/usr/sbin/ip route del $@\"" - /usr/sbin/ip route del $@ + logmsg info "Checking if the route presented in kernel: $@ $VRF_OPTION" + if /usr/sbin/ip route show $@ $VRF_OPTION | grep -qx "$1 " ; then + logmsg info "Deleting IP route: \"/usr/sbin/ip route del $@ $VRF_OPTION\"" + /usr/sbin/ip route del $@ $VRF_OPTION fi } @@ -90,8 +88,7 @@ function ip () { else # add ip route to kernel logmsg info "Modifying routes in kernel: \"/usr/sbin/ip $@\"" - /usr/sbin/ip $@ + /usr/sbin/ip $@ $VRF_OPTION fi fi } - diff --git a/src/etc/dhcp/dhclient-exit-hooks.d/01-vyos-cleanup b/src/etc/dhcp/dhclient-exit-hooks.d/01-vyos-cleanup index edb7c7b27..694d53b6b 100644 --- a/src/etc/dhcp/dhclient-exit-hooks.d/01-vyos-cleanup +++ b/src/etc/dhcp/dhclient-exit-hooks.d/01-vyos-cleanup @@ -17,14 +17,8 @@ if [[ $reason =~ (EXPIRE|FAIL|RELEASE|STOP) ]]; then # try to delete default ip route for router in $old_routers; do - # check if we are bound to a VRF - local vrf_name=$(basename /sys/class/net/${interface}/upper_* | sed -e 's/upper_//') - if [ -n $vrf_name ]; then - vrf="vrf $vrf_name" - fi - - logmsg info "Deleting default route: via $router dev ${interface} ${if_metric:+metric $if_metric} ${vrf}" - ip -4 route del default via $router dev ${interface} ${if_metric:+metric $if_metric} ${vrf} + logmsg info "Deleting default route: via $router dev ${interface} ${if_metric:+metric $if_metric}" + ip -4 route del default via $router dev ${interface} ${if_metric:+metric $if_metric} if_metric=$((if_metric+1)) done -- cgit v1.2.3