Where does the configuration for routing rules come from on boot?

KrNeki

5/20/23, 3:33 PM

I am on RHEL7 with NetworkManager disabled and no additional legacy scripts installed. Meaning, that I still use:

/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/route-eth0
/etc/sysconfig/network-scripts/rule-eth0

I have a problem with the rule-eth0 file. It loads nicely, and whenever I modify it and run $ systemctl restart networking, the new routing rules are getting picked up and are visible with $ ip rule. They also get picked up if I use the ifup-routes.

However, if I modify the rule-eth0 file, the old rules that were there before dont get removed. New ones get added though. I've tried running scripts in the network-scripts directory, they stay there unless I manually delete one after another.

I resorted to using:

$ ip rule flush

Which deleted all the rules, including the ones for the main and default table, meaning any SSH connection would get lost.

MY CONFUSION

If I delete all rule files and reboot the machine, I get my default routes back. By running $ ip rules is see:

0:      from all lookup local
32766   from all lookup main
32767   from all lookup default

Question How do I get the same behavior without a reboot?

How do I get these default rules back after running $ ip rule flush, without rebooting the machine or specifying the rules manually one after another?

0 + 0

networking

linux-networking

policy-routing

rhel7

Score:0

Server

A.B

5/21/23, 6:38 PM

These rules are the default rules set by the kernel without any userland assistance when it initializes the initial network stack (or a new network namespace).

Here's the relevant kernel source excerpt:

static int fib_default_rules_init(struct fib_rules_ops *ops)
{
  int err;

  err = fib_default_rule_add(ops, 0, RT_TABLE_LOCAL, 0);
  if (err < 0)
      return err;
  err = fib_default_rule_add(ops, 0x7FFE, RT_TABLE_MAIN, 0);
  if (err < 0)
      return err;
  err = fib_default_rule_add(ops, 0x7FFF, RT_TABLE_DEFAULT, 0);
  if (err < 0)
      return err;
  return 0;
}

0x7FFE = 32766
0x7FFF = 32767

etc.

To address the last question: have a script. There's even ip rule save/ip rule restore with very limited usefulness. You shouldn't run ip rule flush without some selector to limit its scope to an intended rules subset. Eg: ip rule flush lookup 1000 will delete any entry (even partially) matching lookup 1000.

0 + 0

KrNeki

5/25/23, 10:40 AM

I see. So the solution to persistent configuration is to manually define local, main and default rules in the rule file. Then with the script, I have to flush all the rules and readd them from the rule file. Otherwise, how would I know what rules to flush (other people are playing with the machine, my job is to undo anything they do).

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Where does the configuration for routing rules come from on boot?

TH: การกำหนดค่าสำหรับกฎการกำหนดเส้นทางมาจากไหนเมื่อบูตเครื่อง

RO: De unde vine configurația pentru regulile de rutare la pornire?

RU: Откуда берется конфигурация правил маршрутизации при загрузке?

VI: Cấu hình cho các quy tắc định tuyến đến từ đâu khi khởi động?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.