From: Stan Grishin Date: Mon, 29 Dec 2025 00:55:22 +0000 (+0000) Subject: pbr: update to 1.2.1-45 X-Git-Url: http://git.openwrt.org/%22http:/oss.oetiker.ch/rrdtool//%22/%22http:/oss.oetiker.ch/rrdtool/%22?a=commitdiff_plain;h=89ef3e28e6ea6a457ad9829ba2d0035e37d48d89;p=feed%2Fpackages.git pbr: update to 1.2.1-45 Makefile: * remove traces of variants and simplify * more sensible DEPENDS section (thanks @BKPepe) Init-script: * introduce prefixlength option to speed up tables operations (thanks @egc112) Signed-off-by: Stan Grishin --- diff --git a/net/pbr/Makefile b/net/pbr/Makefile index 7358b6dabb..4dc30b0a19 100644 --- a/net/pbr/Makefile +++ b/net/pbr/Makefile @@ -5,56 +5,48 @@ include $(TOPDIR)/rules.mk PKG_NAME:=pbr PKG_VERSION:=1.2.1 -PKG_RELEASE:=41 +PKG_RELEASE:=45 PKG_LICENSE:=AGPL-3.0-or-later PKG_MAINTAINER:=Stan Grishin include $(INCLUDE_DIR)/package.mk -define Package/pbr/default +define Package/pbr SECTION:=net CATEGORY:=Network SUBMENU:=Routing and Redirection - TITLE:=Policy Based Routing Service + TITLE:=Policy Based Routing Service with nft/nft set support URL:=https://github.com/stangri/pbr/ - DEPENDS:=+ip-full +jshn +jsonfilter +resolveip - DEPENDS+=+!BUSYBOX_DEFAULT_AWK:gawk - DEPENDS+=+!BUSYBOX_DEFAULT_GREP:grep - DEPENDS+=+!BUSYBOX_DEFAULT_SED:sed - PROVIDES:=pbr PKGARCH:=all -endef - -define Package/pbr -$(call Package/pbr/default) - TITLE+= with nft/nft set support - DEPENDS+=+kmod-nft-core +kmod-nft-nat +nftables-json - VARIANT:=nftables - DEFAULT_VARIANT:=1 -endef - -define Package/pbr/default/description - This service enables policy-based routing for WAN interfaces and various VPN tunnels. + DEPENDS:= \ + +ip-full \ + +jshn \ + +jsonfilter \ + +resolveip \ + +!BUSYBOX_DEFAULT_AWK:gawk \ + +!BUSYBOX_DEFAULT_GREP:grep \ + +!BUSYBOX_DEFAULT_SED:sed \ + +kmod-nft-core \ + +kmod-nft-nat \ + +nftables-json endef define Package/pbr/description - $(call Package/pbr/default/description) + This service enables policy-based routing for WAN interfaces and various VPN tunnels. This version supports OpenWrt (23.05 and newer) with firewall4/nft. endef -define Package/pbr/default/conffiles +define Package/pbr/conffiles /etc/config/pbr endef -Package/pbr/conffiles = $(Package/pbr/default/conffiles) - define Build/Configure endef define Build/Compile endef -define Package/pbr/default/install +define Package/pbr/install $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/etc/init.d/pbr $(1)/etc/init.d/pbr $(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-r$(PKG_RELEASE)'|" $(1)/etc/init.d/pbr @@ -73,10 +65,6 @@ define Package/pbr/default/install $(INSTALL_BIN) ./files/etc/uci-defaults/99-pbr-version $(1)/etc/uci-defaults/99-pbr-version endef -define Package/pbr/install -$(call Package/pbr/default/install,$(1)) -endef - define Package/pbr/postinst #!/bin/sh # check if we are on real system diff --git a/net/pbr/files/etc/init.d/pbr b/net/pbr/files/etc/init.d/pbr index 2afa1c3073..69cc5b259c 100755 --- a/net/pbr/files/etc/init.d/pbr +++ b/net/pbr/files/etc/init.d/pbr @@ -32,7 +32,7 @@ fi readonly packageName='pbr' readonly PKG_VERSION='dev-test' -readonly packageCompat='19' +readonly packageCompat='20' readonly serviceName="$packageName $PKG_VERSION" readonly packageConfigFile="/etc/config/${packageName}" readonly packageDebugFile="/var/run/${packageName}.debug" @@ -142,6 +142,7 @@ supported_interface= verbosity= uplink_ip_rules_priority= uplink_mark= +prefixlength= nft_rule_counter= nft_set_auto_merge= nft_set_counter= @@ -365,6 +366,7 @@ is_wg_server() { local p lp; network_get_protocol p "$1"; uci_get_listen_port lp is_xray() { [ -n "$(get_xray_traffic_port "$1")" ]; } dnsmasq_kill() { pidof dnsmasq >/dev/null && kill -HUP $(pidof dnsmasq); } dnsmasq_restart() { output 3 'Restarting dnsmasq '; if /etc/init.d/dnsmasq restart >/dev/null 2>&1; then output_okn; else output_failn; fi; } +exists_lockfile() { [ -e "$packageLockFile" ]; } # shellcheck disable=SC2155 get_ss_traffic_ports() { local i="$(jsonfilter -i "$ssConfigFile" -q -e "@.inbounds[*].port")"; echo "${i:-443}"; } # shellcheck disable=SC2155 @@ -574,6 +576,7 @@ load_package_config() { config_get nft_set_policy 'config' 'nft_set_policy' 'performance' config_get nft_set_timeout 'config' 'nft_set_timeout' config_get_bool nft_user_set_counter 'config' 'nft_user_set_counter' '0' + config_get prefixlength 'config' 'prefixlength' '1' config_get procd_boot_trigger_delay 'config' 'procd_boot_trigger_delay' '5000' config_get procd_reload_delay 'config' 'procd_reload_delay' '0' config_get resolver_instance 'config' 'resolver_instance' '*' @@ -1907,14 +1910,16 @@ interface_routing() { try ip -4 route replace default via "$gw4" dev "$dev" table "$tid" || ipv4_error=1 fi # try ip -4 rule replace fwmark "${mark}/${fw_mask}" lookup 'main' suppress_prefixlength 0 priority "$((priority - 1000))" || ipv4_error=1 - { - for prio in $(ip -4 rule show | awk '/lookup main/ && /suppress_prefixlength 0/ {gsub(":", "", $1); print $1}'); do - rule="$(ip -4 rule show | awk -v p="$prio" '($1==p":"){ $1=""; sub(/^ /,""); print }')" - [ -n "$rule" ] || continue - rule="${rule/lookup main/lookup $tid}" - ip -4 rule replace priority "$prio" $rule >/dev/null 2>&1 || ipv4_error=1 - done - } + ip -4 rule del lookup 'main' suppress_prefixlength "$prefixlength" priority "$priority" >/dev/null 2>&1 + try ip -4 rule add lookup 'main' suppress_prefixlength "$prefixlength" priority "$((priority - 1))" || ipv4_error=1 + # { + # for prio in $(ip -4 rule show | awk '/lookup main/ && /suppress_prefixlength 0/ {gsub(":", "", $1); print $1}'); do + # rule="$(ip -4 rule show | awk -v p="$prio" '($1==p":"){ $1=""; sub(/^ /,""); print }')" + # [ -n "$rule" ] || continue + # rule="${rule/lookup main/lookup $tid}" + # ip -4 rule replace priority "$prio" $rule >/dev/null 2>&1 || ipv4_error=1 + # done + # } try ip -4 rule replace fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1 fi try nft add chain inet "$nftTable" "${nftPrefix}_mark_${mark}" || ipv4_error=1 @@ -1938,14 +1943,16 @@ interface_routing() { try ip -6 route replace default dev "$dev6" table "$tid" || ipv6_error=1 fi # try ip -6 rule replace fwmark "${mark}/${fw_mask}" lookup 'main' suppress_prefixlength 0 priority "$((priority - 1000))" || ipv6_error=1 - { - for prio in $(ip -6 rule show | awk '/lookup main/ && /suppress_prefixlength 0/ {gsub(":", "", $1); print $1}'); do - rule="$(ip -6 rule show | awk -v p="$prio" '($1==p":"){ $1=""; sub(/^ /,""); print }')" - [ -n "$rule" ] || continue - rule="${rule/lookup main/lookup $tid}" - ip -6 rule replace priority "$prio" $rule >/dev/null 2>&1 || ipv6_error=1 - done - } + ip -6 rule del lookup 'main' suppress_prefixlength "$prefixlength" priority "$priority" >/dev/null 2>&1 + try ip -6 rule add lookup 'main' suppress_prefixlength "$prefixlength" priority "$((priority - 1))" || ipv6_error=1 + # { + # for prio in $(ip -6 rule show | awk '/lookup main/ && /suppress_prefixlength 0/ {gsub(":", "", $1); print $1}'); do + # rule="$(ip -6 rule show | awk -v p="$prio" '($1==p":"){ $1=""; sub(/^ /,""); print }')" + # [ -n "$rule" ] || continue + # rule="${rule/lookup main/lookup $tid}" + # ip -6 rule replace priority "$prio" $rule >/dev/null 2>&1 || ipv6_error=1 + # done + # } try ip -6 rule replace fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv6_error=1 fi fi @@ -1976,8 +1983,10 @@ interface_routing() { ;; delete|destroy) is_netifd_interface "$iface" && return 0 + ip -4 rule del table 'main' suppress_prefixlength "$prefixlength" prio "$((priority - 1))" >/dev/null 2>&1 ip -4 rule del table 'main' prio "$((priority - 1000))" >/dev/null 2>&1 ip -4 rule del table "$tid" prio "$priority" >/dev/null 2>&1 + ip -6 rule del table 'main' suppress_prefixlength "$prefixlength" prio "$((priority - 1))" >/dev/null 2>&1 ip -6 rule del table 'main' prio "$((priority - 1000))" >/dev/null 2>&1 ip -6 rule del table "$tid" prio "$priority" >/dev/null 2>&1 ip -4 rule flush table "$tid" >/dev/null 2>&1 @@ -2004,14 +2013,16 @@ interface_routing() { try ip -4 route replace default via "$gw4" dev "$dev" table "$tid" || ipv4_error=1 fi # try ip -4 rule replace fwmark "${mark}/${fw_mask}" lookup 'main' suppress_prefixlength 0 priority "$((priority - 1000))" || ipv4_error=1 - { - for prio in $(ip -4 rule show | awk '/lookup main/ && /suppress_prefixlength 0/ {gsub(":", "", $1); print $1}'); do - rule="$(ip -4 rule show | awk -v p="$prio" '($1==p":"){ $1=""; sub(/^ /,""); print }')" - [ -n "$rule" ] || continue - rule="${rule/lookup main/lookup $tid}" - ip -4 rule replace priority "$prio" $rule >/dev/null 2>&1 || ipv4_error=1 - done - } + ip -4 rule del lookup 'main' suppress_prefixlength "$prefixlength" priority "$priority" >/dev/null 2>&1 + try ip -4 rule add lookup 'main' suppress_prefixlength "$prefixlength" priority "$((priority - 1))" || ipv4_error=1 + # { + # for prio in $(ip -4 rule show | awk '/lookup main/ && /suppress_prefixlength 0/ {gsub(":", "", $1); print $1}'); do + # rule="$(ip -4 rule show | awk -v p="$prio" '($1==p":"){ $1=""; sub(/^ /,""); print }')" + # [ -n "$rule" ] || continue + # rule="${rule/lookup main/lookup $tid}" + # ip -4 rule replace priority "$prio" $rule >/dev/null 2>&1 || ipv4_error=1 + # done + # } try ip -4 rule replace fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv4_error=1 fi if [ -n "$ipv6_enabled" ]; then @@ -2032,14 +2043,16 @@ interface_routing() { try ip -6 route replace default dev "$dev6" table "$tid" || ipv6_error=1 fi # try ip -6 rule replace fwmark "${mark}/${fw_mask}" lookup 'main' suppress_prefixlength 0 priority "$((priority - 1000))" || ipv6_error=1 - { - for prio in $(ip -6 rule show | awk '/lookup main/ && /suppress_prefixlength 0/ {gsub(":", "", $1); print $1}'); do - rule="$(ip -6 rule show | awk -v p="$prio" '($1==p":"){ $1=""; sub(/^ /,""); print }')" - [ -n "$rule" ] || continue - rule="${rule/lookup main/lookup $tid}" - ip -6 rule replace priority "$prio" $rule >/dev/null 2>&1 || ipv6_error=1 - done - } + ip -6 rule del lookup 'main' suppress_prefixlength "$prefixlength" priority "$priority" >/dev/null 2>&1 + try ip -6 rule add lookup 'main' suppress_prefixlength "$prefixlength" priority "$((priority - 1))" || ipv6_error=1 + # { + # for prio in $(ip -6 rule show | awk '/lookup main/ && /suppress_prefixlength 0/ {gsub(":", "", $1); print $1}'); do + # rule="$(ip -6 rule show | awk -v p="$prio" '($1==p":"){ $1=""; sub(/^ /,""); print }')" + # [ -n "$rule" ] || continue + # rule="${rule/lookup main/lookup $tid}" + # ip -6 rule replace priority "$prio" $rule >/dev/null 2>&1 || ipv6_error=1 + # done + # } try ip -6 rule replace fwmark "${mark}/${fw_mask}" table "$tid" priority "$priority" || ipv6_error=1 fi fi @@ -2321,7 +2334,7 @@ boot() { } on_interface_reload() { - if [ ! -e "$packageLockFile" ]; then + if ! exists_lockfile; then logger -t "$packageName" "Reload on interface change aborted: service is stopped." return 0 else @@ -2559,6 +2572,7 @@ stop_service() { local i nft_file_mode json init ! is_service_running && [ "$(get_rt_tables_next_id)" = "$(get_rt_tables_non_pbr_next_id)" ] && return 0 + rm -f "$packageLockFile" [ "$1" = 'quiet' ] && quiet_mode 'on' load_environment 'on_stop' if nft_file 'exists'; then @@ -2590,7 +2604,6 @@ stop_service() { output "$serviceName (nft mode) stopped "; output_okn; fi fi - rm -f "$packageLockFile" } version() { echo "$PKG_VERSION"; } @@ -2691,6 +2704,7 @@ load_validate_config() { 'ignored_interface:list(or(tor, uci("network", "@interface")))' \ 'supported_interface:list(or(ignore, tor, regex("xray_.*"), uci("network", "@interface")))' \ 'procd_boot_trigger_delay:range(1000,10000):5000' \ + 'prefixlength:uinteger:1' \ 'lan_device:list(or(network)):br-lan' \ 'procd_reload_delay:uinteger:0' \ 'uplink_interface:network:wan' \ diff --git a/net/pbr/files/etc/uci-defaults/91-pbr-netifd b/net/pbr/files/etc/uci-defaults/91-pbr-netifd deleted file mode 100644 index cba9ba4556..0000000000 --- a/net/pbr/files/etc/uci-defaults/91-pbr-netifd +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# shellcheck disable=SC3037,SC3043 - -readonly pbrFunctionsFile='/etc/init.d/pbr' -if [ -s "$pbrFunctionsFile" ]; then -# shellcheck source=../../etc/init.d/pbr - . "$pbrFunctionsFile" -else - printf "%b: pbr init.d file (%s) not found! \n" '\033[0;31mERROR\033[0m' "$pbrFunctionsFile" -fi - -if netifd 'check'; then - rc_procd stop_service 'on_netifd_install' - netifd 'install' - rc_procd start_service 'on_netifd_install' -fi - -exit 0