You are not logged in.

#1 2014-09-16 16:27:11

fillo
Member
From: Saint-Petersburg, Russia
Registered: 2014-09-16
Posts: 8
Website

iproute2 and systemd

I have home router with Arch Linux. I'm using systemd-networkd for static configuration, netctl for wi-fi. I have my own units like macspoof and something like this. But now I need use iproute2 policy routing (many tables with rules) and so I need some unit. But I think that unit is monkey code and this functional must be in netctl/systemd-networkd. Maybe I'm bad at reading wiki/man? How I should solve this?

Offline

#2 2014-09-16 19:30:20

fillo
Member
From: Saint-Petersburg, Russia
Registered: 2014-09-16
Posts: 8
Website

Re: iproute2 and systemd

So, maybe someone interested in iproute2 unit, which I wrote...

Make service file:

fillo# cat /etc/systemd/system/iproute2@.service   
[Unit]
Description=iproute2 settings for %i
After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/bash -c '/usr/bin/cat /etc/conf.d/iproute2/%i | /usr/bin/sed -n \'/^\[Start\]/,/^\[Stop\]/p\' | /usr/bin/grep \'ip\' | /usr/bin/bash'
ExecStop=/usr/bin/bash -c '/usr/bin/cat /etc/conf.d/iproute2/%i | /usr/bin/sed -n '/^\[Stop\]/,//p' | /usr/bin/grep \'ip\' | /usr/bin/bash'

[Install]
WantedBy=network.target

And systemctl enable systemd-networkd-wait-online.service (http://www.freedesktop.org/wiki/Softwar … orkTarget/)

Now you can use iproute2 with systemd. For example, you have interface ethernet interface eno1. You should create file /etc/conf.d/iproute2/eno1 which contains:

fillo# cat /etc/conf.d/iproute2/eno1
[Start]
ip route add default via X.X.X.X table 100
ip rule add from Y.Y.Y.Y.Y lookup 100

[Stop]
ip route del default via X.X.X.X table 100
ip rule del from Y.Y.Y.Y.Y lookup 100

And simply systemctl enable iproute2@eno1.

Perhaps it should be added to the wiki, I'm not sure smile

p.s. But I think that this features must be in netctl/networkd.

Last edited by fillo (2014-09-16 19:35:24)

Offline

#3 2014-09-17 01:40:48

Alad
Wiki Admin/IRC Op
From: Bagelstan
Registered: 2014-05-04
Posts: 2,407
Website

Re: iproute2 and systemd

^ No, please don't add that to the wiki, especially with those horrible Exec* lines.

https://wiki.archlinux.org/index.php/Ne … ng_systemd

should give you an idea.

Last edited by Alad (2014-09-17 01:42:03)


Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

Offline

#4 2014-09-17 11:46:01

fillo
Member
From: Saint-Petersburg, Russia
Registered: 2014-09-16
Posts: 8
Website

Re: iproute2 and systemd

It's simple unix-way file parsing. Also wiki offers write ip command directly to ExecStart... What can be more horrible?

But using sys-subsystem-net-devices-%i.device and simple scripts is more easy, more true, I agree.

Thank you, Alad.

Offline

#5 2014-09-17 11:50:19

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,452
Website

Re: iproute2 and systemd

fillo wrote:

It's simple unix-way file parsing.

Are you referring to your execstart lines?  If so, nothing could be farther from the truth.  That is really hideous.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#6 2014-09-17 11:52:54

fillo
Member
From: Saint-Petersburg, Russia
Registered: 2014-09-16
Posts: 8
Website

Re: iproute2 and systemd

Please could you write beautifully, how to solve the same problem in one line with bash? I want to know a beautiful solution to write better.

Offline

#7 2014-09-17 11:57:24

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,452
Website

Re: iproute2 and systemd

I can't even make sense of what your lines are supposed to do.  But at very least there is a useless use of cat to start them off.  And in almost all cases, pipelining sed with multiple greps is just absurd.

How is yours functionally different from the following:

[Unit]
Description=iproute2 settings for %i
After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=ip route add default via X.X.X.X table 100
ExecStart=ip rule add from Y.Y.Y.Y.Y lookup 100
ExecStop=ip route del default via X.X.X.X table 100
ExecStop=ip rule del from Y.Y.Y.Y.Y lookup 100

[Install]
WantedBy=network.target

Well there are several differences: your version launches many useless subshells, and over a dozen pointless text processing commands (two useless cats, four usless greps, and each line of result piped to yet another new bash subshell).

For clarification - I don't have relevant experience to know the best way of acheiving your goals.  I merely wanted to post to point out that what you are doing is definitely not it and should not be added to the wiki.  Those original Exec lines are wrong in so many ways.

Last edited by Trilby (2014-09-17 12:04:07)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#8 2014-09-17 12:19:35

fillo
Member
From: Saint-Petersburg, Russia
Registered: 2014-09-16
Posts: 8
Website

Re: iproute2 and systemd

I needed to be able to use iproute2 with systemd for any interfaces.

My plan:

First: systemctl enable iproute2@INTERFACE

Second create file like this:

cat /etc/conf.d/iproute2/INTERFACE
[Start]
ip route add default via X.X.X.X table 100
ip rule add from Y.Y.Y.Y.Y lookup 100
[Stop]
ip route del default via X.X.X.X table 100
ip rule del from Y.Y.Y.Y.Y lookup 100

This script must be not executeable, because it placed in /etc. And unit should run this after network-online (not interface up, because, for example, after dhcp with systemd-networkd). And this ip commands must be in separate file, not in unit file in ExecStart/ExecStop.

And so I wrote that unit file. It's universal, but your example is not. Now I can create simple file and enable service if needed something for another interface.

Alan wrote:

Well there are several differences: your version launches many useless subshells, and over a dozen pointless text processing commands (two useless cats, four usless greps, and each line of result piped to yet another new bash subshell).

My script runs one cat, one sed, one grep and each line of result piped to new bash subshell. I think the only thing that's not very cool, it's subshells. But I don't know, how write this differently in another one short string.

Wiki example is more true that using scripts for this and my decision is really crooked, but doesn't horrible.

Offline

#9 2014-09-17 12:25:00

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,452
Website

Re: iproute2 and systemd

Eh - I'm not Alan.

You seem to like your approach.  That's fine.  Stick with it.  Just don't put it in the wiki.  This was the only question you really asked.  You seem resistant to finding better ways of doing what you want.  So I don't see that there is anything left to be said in this thread.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#10 2014-09-17 12:56:05

fillo
Member
From: Saint-Petersburg, Russia
Registered: 2014-09-16
Posts: 8
Website

Re: iproute2 and systemd

Trilby wrote:

Eh - I'm not Alan.

Sorry.

Trilby wrote:

You seem resistant to finding better ways of doing what you want.

I think few minutes and...

My approach:

  • Using each line subshells

  • Parsing file with executable commands (wtf?!)

  • Using only iproute2, but what if I want to add some another script?

Originally I wanted to do something like in CentOS (network scripts with rule/route for each interface). But it seems like horrible approach, you're right. It must be simple network script.

Now I'm using wiki example, but with network-online.

/etc/systemd/system/network@.service
[Unit]
Description=Network connectivity (%i)
Wants=network-online.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/net-conf-%i
ExecStart=/usr/local/bin/net-up.sh %i
ExecStop=/usr/local/bin/net-down.sh %i

[Install]
WantedBy=multi-user.target

Apparently I was taking too many drugs lately. smile

Last edited by fillo (2014-09-17 13:09:39)

Offline

#11 2014-09-17 13:22:48

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,452
Website

Re: iproute2 and systemd

That looks much better.  This was bouncing around my head while I was away from the computer and I was thinking of something like the following to replicate your goal without all the pipeline nonsense:

Keep configs in /etc/conf.d/iproute2/<interface>/{start,stop} instead.  And and example start file might look like:

route add default via X.X.X.X table 100
rule add from Y.Y.Y.Y.Y lookup 100

Note that there is no "ip" at the start of the line.  Then the service file could have something like:

ExecStart=/usr/bin/ip -b /etc/conf.d/iproute2/%i/start
ExecStop=/usr/bin/ip -b /etc/conf.d/iproute2/%i/stop

I suspect what you found in the wiki is the best way of doing it.  But if you really want the config layout you were describing, this approach should do it without any crazy pipelining.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#12 2014-09-17 14:10:22

fillo
Member
From: Saint-Petersburg, Russia
Registered: 2014-09-16
Posts: 8
Website

Re: iproute2 and systemd

Thank you. I have already use your approach. It's like mix of my idea and wiki script. smile

I didn't know about "ip -b", but it solved problem with subshells and made conf files more beautiful. Of course, you can make only one file, but then it will have to parse. I agree that it is not necessary. Disadvantage of this approach is only one: it's only about iproute, no script freedom. But I think that is more beautiful: iproute2@.service (in network.target) and, if needed for additional scripts, network@.service (in multi-user.target). smile

All my problems have been solved.

/etc/systemd/system/iproute2@.service

[Unit]
Description=iproute2 (%i)
Wants=network-online.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/ip -b /etc/conf.d/iproute2/%i/start
ExecStop=/usr/bin/ip -b /etc/conf.d/iproute2/%i/stop

[Install]
WantedBy=network.target

Example conf files:

/etc/conf.d/iproute2/wlp4s0/start
route add default via X.X.X.X table 101
rule add from Y.Y.Y.Y/29 lookup 101 pref 32768

/etc/conf.d/iproute2/wlp4s0/stop
route del default via X.X.X.X table 101
rule del from Y.Y.Y.Y/29 lookup 101 pref 32768

So, I think that iproute2@.service shouldn't use for openvpn/ppp, because they have own up/stop scripts and can have different device names.

p.s. If anyone will use this unit make sure that you enabled systemd-networkd-wait-online.service: systemctl enable systemd-networkd-wait-online.service. I think that use iproute after network-online is better.

Last edited by fillo (2014-09-17 14:13:28)

Offline

#13 2014-09-17 14:39:14

fillo
Member
From: Saint-Petersburg, Russia
Registered: 2014-09-16
Posts: 8
Website

Re: iproute2 and systemd

By the way! tc also has "-b" option, so those unit file can be rewrited for tc traffic shaping! Very cool. I have already use this.

Trilby, I think I didn't have enough experience to write to the wiki, but it's service files should be interesting. This is something like iproute2 wrapper while it is not yet included in systemd-networkd.

Last edited by fillo (2014-09-17 15:24:25)

Offline

Board footer

Powered by FluxBB