Package: ifupdown-extra
Version: 0.27
Severity: normal
Dear Maintainer,
* What led up to the situation?
Playing with blackhole and how to set it "a standard way".
* What exactly did you do (or not do) that was effective (or
ineffective)?
I added a 'reject' line in /etc/network/routes
* What was the outcome of this action?
Nothing happened
* What outcome did you expect instead?
Get a null route.
All this because iproute2 take over old route.
The keyword and syntax has changed from
route add <ip> reject
to
ip route add blackhole <ip>
I checked 0.28 version, it has the same problem.
-- System Information:
Debian Release: 9.12
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-12-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ifupdown-extra depends on:
ii bind9-host [host] 1:9.10.3.dfsg.P4-12.3+deb9u6
ii curl 7.52.1-5+deb9u10
ii dpkg 1.18.25
ii host 1:9.10.3.dfsg.P4-12.3+deb9u6
ii iproute2 4.9.0-1+deb9u1
ii iputils-arping 3:20161105-1
ii iputils-ping [ping] 3:20161105-1
ii net-tools 1.60+git20161116.90da8a0-1
ii netcat-traditional [netcat] 1.10-41+b1
Versions of packages ifupdown-extra recommends:
ii ethtool 1:4.8-1+b1
ii ndisc6 1.0.3-3
ifupdown-extra suggests no packages.
-- Configuration Files:
/etc/init.d/networking-routes changed:
[ -x /sbin/ip ] || exit 0
ROUTEFILE="/etc/network/routes"
[ ! -r "$ROUTEFILE" ] && exit 0
. /lib/lsb/init-functions
VERBOSITY=${VERBOSITY:-0}
run_route() {
local COMMAND="ip route $*"
export LC_MESSAGES=C # We need the return messages to be in english
RETMESSAGE="$($COMMAND 2>&1)"
RETVALUE=$?
if test $RETVALUE -ne 0 ; then
[ "$VERBOSITY" -eq 1 ] && echo "DEBUG: calling: '$COMMAND'
FAILED"
# Process the messages and omits those that are not
# relevant.
case "$RETMESSAGE" in
# Omit 'File exists' since the route is already there..
*File*exists) return ;;
# 'No such process' is only omitted if the route is being
# deleted. If the route is being created, this error message
# might appear if the gateway is not reachable.
*No*such*process) [ "$1" = "del" ] && return ;;
*)
esac
log_failure_msg "Error while executing:" \
" Command '$COMMAND' returned:
${RETMESSAGE%%Usage:*}"\
" Configuration line: $LINE"
else
[ "$VERBOSITY" -eq 1 ] && echo "DEBUG: calling: '$COMMAND'
SUCCEEDED"
fi
}
del_global_routes() {
ret=0
cat $ROUTEFILE | egrep "^[^#].*$" |
while read network netmask gateway interface ; do
if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] &&
[ -n "$gateway" ] ; then
if [ "$gateway" != "blackhole" ] ; then
[ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Deleting global
route for $network / $netmask through gateway $gateway"
if [ "$interface" != "any" ] ; then
run_route del $network/$netmask via $gateway dev
$interface
else
run_route del $network/$netmask via $gateway
fi
[ $? -ne 0 ] && ret=$?
else
[ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Deleting blackhole
route for $network / $netmask"
run_route del blackhole $network/$netmask
[ $? -ne 0 ] && ret=$?
fi
else
echo "ERROR: Incorrect line for global network routes in
$ROUTEFILE: '$network $netmask $gateway $interface'"
ret=1
fi
done
return $ret
}
add_global_routes() {
ret=0
cat $ROUTEFILE | egrep "^[^#].*$" |
while read network netmask gateway interface ; do
if [ -n "$interface" ] && [ -n "$network" ] && [ -n "$netmask" ] &&
[ -n "$gateway" ] ; then
if [ "$gateway" != "blackhole" ] ; then
[ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding global route
for $network / $netmask through gateway $gateway"
if [ "$interface" != "any" ] ; then
run_route add $network/$netmask via $gateway dev
$interface
else
run_route add $network/$netmask via $gateway
fi
[ $? -ne 0 ] && ret=$?
else
[ "$VERBOSITY" -eq 1 ] && echo "DEBUG: Adding global
blackhole route for $network / $netmask"
run_route add blackhole $network/$netmask
[ $? -ne 0 ] && ret=$?
fi
else
echo "ERROR: Incorrect line for global network routes in
$ROUTEFILE: '$network $netmask $gateway $interface'"
ret=1
fi
done
return $ret
}
case "$1" in
start)
log_action_begin_msg "Configuring network routes"
if add_global_routes; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
;;
stop)
log_action_begin_msg "Deconfiguring network routes"
if del_global_routes; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
;;
reload|force-reload|restart)
log_action_begin_msg "Reconfiguring network routes"
del_global_routes
if add_global_routes; then
log_action_end_msg $?
else
log_action_end_msg $?
fi
;;
*)
echo "Usage: /etc/init.d/networking-routes {start|stop|restart|reload}"
exit 1
;;
esac
exit 0
/etc/network/routes changed:
192.0.2.0 255.255.255.128 192.168.1.1 enp0s3
198.18.0.0 255.254.0.0 192.168.1.2 enp0s3
192.0.2.128 255.255.255.128 blackhole any
198.18.2.100 255.255.255.255 blackhole any
-- no debconf information
