diff --git a/etc/systemd/system/rx3-network.service b/etc/systemd/system/rx3-network.service index c5dc0e5..4eb97bf 100644 --- a/etc/systemd/system/rx3-network.service +++ b/etc/systemd/system/rx3-network.service @@ -3,19 +3,19 @@ Description=Rx3 Network Service Documentation=man:systemd.service(5) After=network-online.target -Wants=network-online.target # guarantees wait-online is pulled in -Before=docker.service # run *first*, because Docker needs the bridges +Wants=network-online.target +Before=docker.service [Service] -Type=oneshot # the script runs and exits +Type=oneshot ExecStart=/usr/local/sbin/rx3_net_adm start ExecStartPost=/usr/local/sbin/rx3_net_adm status ExecStop=/usr/local/sbin/rx3_net_adm stop ExecStopPost=/usr/local/sbin/rx3_net_adm status ExecReload=/usr/local/sbin/rx3_net_adm restart -RemainAfterExit=yes # keeps the unit in “active” state -TimeoutStartSec=30s # tweak to taste -TimeoutStopSec=15s # idem +RemainAfterExit=yes +TimeoutStartSec=30s +TimeoutStopSec=15s [Install] WantedBy=multi-user.target diff --git a/usr/local/lib/dns.bash b/usr/local/lib/dns.bash index e06cb8a..318225c 100644 --- a/usr/local/lib/dns.bash +++ b/usr/local/lib/dns.bash @@ -38,6 +38,12 @@ declare -g DNS_CACHE_LOCK="/var/lock/network/dns.lock" declare -g DNS_CACHE_UPDATED=0 +if [ ! -v LOG ] || [[ "${LOG}" == "" ]] +then + export LOG=":" +fi + + @@ -47,6 +53,8 @@ declare -g DNS_CACHE_UPDATED=0 dns_tab_load() { + ${LOG} 1>&2 "Loading DNS cache..." + file_lock "${DNS_CACHE_LOCK}" READ 9 if [[ ( -e "${DNS_CACHE_FILE}" ) && ( "${NETWORK_CONFIG_FILE}" -ot "${DNS_CACHE_FILE}" ) ]] @@ -88,6 +96,8 @@ dns_tab_load() dns_tab_save() { + ${LOG} 1>&2 "Saving DNS cache..." + if [[ "${DNS_CACHE_UPDATED}" != "0" ]] then file_lock "${DNS_CACHE_LOCK}" WRITE 9 diff --git a/usr/local/lib/network.bash b/usr/local/lib/network.bash index b6f70a2..fd902a6 100644 --- a/usr/local/lib/network.bash +++ b/usr/local/lib/network.bash @@ -24,6 +24,10 @@ declare -g NETWORK_BASH=1 declare -g NETWORK_OPENVPN_STATUS +declare -Ag NETWORK_IP_ROUTE_TAB +declare -g NETWORK_IP_ROUTE_ID_LIST +declare -Ag NETWORK_IP_ROUTE_IP_IDX + declare -g NETWORK_SRC_TYPE declare -Ag NETWORK_SRC_TAB declare -g NETWORK_SRC_ID_LIST @@ -48,9 +52,9 @@ file_lock ${NETWORK_CONFIG_LOCK} READ 9 file_unlock 9 -if [ ! -v LOG ] +if [ ! -v LOG ] || [[ "${LOG}" == "" ]] then - LOG=":" + export LOG=":" fi @@ -63,6 +67,8 @@ fi network_common_load() { + ${LOG} 1>&2 "Loading common..." + NETWORK_OPENVPN_STATUS="$( sudo /usr/local/sbin/openvpn-status)" NETWORK_TABLE_LIST="" } @@ -87,6 +93,94 @@ network_common_dump() +#-------------------------------------------------------------------------------------------------------------------------- +# network_ip_route_tab_load +#-------------------------------------------------------------------------------------------------------------------------- + +network_ip_route_tab_load() +{ + nirtl_id=0 + + + ${LOG} 1>&2 "Loading IP Route tab..." + + while IFS= read -r line + do + line=${line%%#*} + if [[ ! -z "$line" ]] + then + set ${line} + + nirtl_ip="$1" + nirtl_mask="$2" + nirtl_device="$3" + + var_assign NETWORK_IP_ROUTE_ID_LIST "${nirtl_id}" INC + + tab_assign NETWORK_IP_ROUTE_TAB "${nirtl_id},IP" "${nirtl_ip}" + tab_assign NETWORK_IP_ROUTE_TAB "${nirtl_id},Mask" "${nirtl_mask}" + tab_assign NETWORK_IP_ROUTE_TAB "${nirtl_id},Device" "${nirtl_device}" + + tab_assign NETWORK_IP_ROUTE_IP_IDX "${nirtl_ip}" "${nirtl_id}" + + nirtl_id=$(( ${nirtl_id} + 1)) + fi + done <<< ${NETWORK_IP_ROUTE_CONFIG} +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_ip_route_tab_get +#-------------------------------------------------------------------------------------------------------------------------- + +network_ip_route_tab_get() +{ + ip_route_id="$1" + + ip_route_ip=${NETWORK_IP_ROUTE_TAB["${ip_route_id},IP"]} + ip_route_mask=${NETWORK_IP_ROUTE_TAB["${ip_route_id},Mask"]} + ip_route_device=${NETWORK_IP_ROUTE_TAB["${ip_route_id},Device"]} +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_ip_route_tab_dump +#-------------------------------------------------------------------------------------------------------------------------- + +network_ip_route_tab_dump() +{ + echo "NETWORK_IP_ROUTE_ID_LIST: [${NETWORK_IP_ROUTE_ID_LIST}]" + echo + + echo "NETWORK_IP_ROUTE_IP_IDX:" + + for key in "${!NETWORK_IP_ROUTE_IP_IDX[@]}" + do + echo "[${key}]: [${NETWORK_IP_ROUTE_IP_IDX[${key}]}]" + done | sort -n + + echo + + echo "NETWORK_IP_ROUTE_TAB:" + + for key in "${!NETWORK_IP_ROUTE_TAB[@]}" + do + echo "[${key}]: [${NETWORK_IP_ROUTE_TAB[${key}]}]" + done | sort -n + + echo +} + + + + + #-------------------------------------------------------------------------------------------------------------------------- # network_dst_tab_load #-------------------------------------------------------------------------------------------------------------------------- @@ -96,6 +190,8 @@ network_dst_tab_load() ndtl_id=0 + ${LOG} 1>&2 "Loading Dst tab..." + while IFS= read -r line do line=${line%%#*} @@ -255,6 +351,8 @@ network_src_tab_load() nstl_port_default=3000 + ${LOG} 1>&2 "Loading Src tab..." + while IFS= read -r line do line=${line%%#*} @@ -455,10 +553,13 @@ network_src_tab_ip_lookup() network_tab_load() { + ${LOG} 1>&2 "Loading config..." + dns_tab_load network_common_load + network_ip_route_tab_load network_dst_tab_load network_src_tab_load @@ -479,6 +580,7 @@ network_tab_dump() network_common_dump + network_ip_route_tab_dump network_dst_tab_dump network_src_tab_dump } @@ -516,9 +618,11 @@ network_table_init() ${LOG} "Add Rx3 routes in VPN tables" - for route in ${IP_ROUTE} + for ip_route_id in ${NETWORK_IP_ROUTE_ID_LIST} do - ${DEBUG} ip route add ${route/:*/} table ${dst_table} dev ${route/*:/} + network_ip_route_tab_get ${ip_route_id} + + ${DEBUG} ip route add ${ip_route_ip}/${ip_route_mask} table ${dst_table} dev ${ip_route_device} done done } @@ -537,9 +641,11 @@ network_table_deinit() for table in ${NETWORK_TABLE_LIST} do - for route in ${IP_ROUTE} - do - ${DEBUG} ip route del ${route/:*/} table ${table} dev ${route/*:/} 2>/dev/null + for ip_route_id in ${NETWORK_IP_ROUTE_ID_LIST} + do + network_ip_route_tab_get ${ip_route_id} + + ${DEBUG} ip route del ${ip_route_ip}/${ip_route_mask} table ${table} dev ${ip_route_device} 2>/dev/null done done @@ -890,6 +996,50 @@ network_stop() network_status() { + echo "Number of Network IP Route entries: ${#NETWORK_IP_ROUTE_IP_IDX[@]}" + echo "Number of Network Src entries: ${#NETWORK_SRC_IP_IDX[@]}" + echo "Number of Network Dst entries: ${#NETWORK_DST_DEV_IDX[@]}" + echo "Number of DNS cache A entries: ${#DNS_A_TAB[@]}" + echo "Number of DNS cache PTR entries: ${#DNS_PTR_TAB[@]}" + + ( + echo "SRC" + + for src_id in ${NETWORK_SRC_ID_LIST} + do + network_src_tab_get ${src_id} + + echo ${src_device} + done | sort -u + + echo "DST" + for dst_id in ${NETWORK_DST_ID_LIST} + do + network_dst_tab_get ${dst_id} + + echo ${dst_device} + done | sort -u + ) | while read entry + do + case ${entry} + in + "SRC") + echo + echo "Src Devices:" + ;; + + "DST") + echo + echo "Dst Devices:" + ;; + + *) + ip address show $entry | sed -e 's/^[^:]*: //' + ;; + esac + done + + echo echo "Rules:" ip rule show diff --git a/usr/local/sbin/rx3_net_adm b/usr/local/sbin/rx3_net_adm index ad1e9e2..334b131 100755 --- a/usr/local/sbin/rx3_net_adm +++ b/usr/local/sbin/rx3_net_adm @@ -19,7 +19,7 @@ prog="rx3-net" -# Some functions to make the below more readable + #-------------------------------------------------------------------------------------------------------------------------- # Start