Looks like that "ip rule flush" break some internals. So further manipulation with rules may lead to unexpected results. Short example # ip rule 0: from all lookup local 32766: from all lookup main 32767: from all lookup default # ip rule flush 0: from all lookup local # ip rule add table default # ip rule add table main # ip rule 0: from all lookup local 0: from all lookup main 0: from all lookup default All rule indexes now 0. They continue to work, but there is no warranty that rules will executed in proper order. In some cases last rule appear not after rule "0: from all lookup local", it appear in some random place. Unfortunately now I can't repeat it. Most experiments with ip rules in lead to system reboot. Reproducible: Always I have tested 2 system - both show such results. System details: 1. # uname -a Linux alice 2.6.24.4-00 #2 Sat Jan 31 03:41:52 EET 2009 i586 Pentium MMX GenuineIntel GNU/Linux # eix -ce iproute2 [I] sys-apps/iproute2 (2.6.24.20080108@19.01.2009 -> (~)2.6.28): kernel routing and traffic control utilities 2. # uname -a Linux mahoro 2.6.25-hardened-r11 #4 Sat Jan 31 02:26:47 EET 2009 i686 Pentium III (Katmai) GenuineIntel GNU/Linux # eix -ce iproute2 [I] sys-apps/iproute2 (2.6.24.20080108@29.07.2008): kernel routing and traffic control utilities
Please post your `emerge --info' too.
Created attachment 181091 [details] test system1 info
Created attachment 181092 [details] test system2 info
you're saying that running `ip rule` sometimes causes your system to reboot ? the `uname` output of your system2 doesnt match the emerge info of your system2 what version of iproute2 exactly are you using ? can you test with a 2.6.28 kernel ?
No, command "ip rule" and "ip rule flush" not causes reboot. I try to say - that only reboot of system can return ip rule to initial state. Sorry for system2 info, I will now upload correct version. I use # ip -V ip utility, iproute2-ss080108 sys-apps/iproute2-2.6.24.20080108 on both systems. What version of iproute2 and kernel should I test? It must be gentoo-sources or vanilla-sources or hardened-sources?
Created attachment 181379 [details] test system2 info Now it must be correct.
any 2.6.28 kernel with 2.6.28 iproute2 should be fine, thanks
I have updated system1 to =vanilla-sources-2.6.28.4 and iproute2 to =sys-apps/iproute2-2.6.28 # ip -V ip utility, iproute2-ss090115 The problem still there. + echo part 0 part 0 + ip rule ls 0: from all lookup local 32762: from all lookup main 32763: from 77.244.36.156 lookup i_vokar 32764: from all fwmark 0x21 lookup i_vokar 32765: from 85.90.221.86 lookup i_velton 32766: from all fwmark 0x20 lookup i_velton 32767: from all lookup default + echo Flush rules Flush rules + ip rule flush + ip rule ls 0: from all lookup local + echo Restore default rules Restore default rules + ip rule add table default + ip rule add table main + echo Setup site rules Setup site rules + /etc/init.d/net.rtrules zap * Manually resetting net.rtrules to stopped state. + /etc/init.d/net.rtrules start * Activaiting iproute2 rules(set in reverse order) * Apply ip rule del table main ... [ ok ] * Apply ip rule add fwmark 32 table i_velton ... [ ok ] * Apply ip rule add from 85.90.221.86 table i_velton ... [ ok ] * Apply ip rule add fwmark 33 table i_vokar ... [ ok ] * Apply ip rule add from 77.244.36.156 table i_vokar ... [ ok ] * Apply ip rule add table main ... [ ok ] + echo Final rules layout Final rules layout + ip rule ls 0: from all lookup local 0: from all lookup default 0: from all fwmark 0x20 lookup i_velton 0: from 85.90.221.86 lookup i_velton 0: from all fwmark 0x21 lookup i_vokar 0: from 77.244.36.156 lookup i_vokar 0: from all lookup main As you can see - all rules have index 0. And rule "ip rule add table default" must be last one, in normal case rules added in reverse order, something like LIFO. Afret this script system became unavailable from network... there is nothing surprisingly because table "default" contain default routes... and system not see local routes on interfaces if table "default" will lookup first before table "main". Here is "normal" rules order afrer system reboot. Set by the same script /etc/init.d/net.rtrules # ip rule ls 0: from all lookup local 32762: from all lookup main 32763: from 77.244.36.156 lookup i_vokar 32764: from all fwmark 0x21 lookup i_vokar 32765: from 85.90.221.86 lookup i_velton 32766: from all fwmark 0x20 lookup i_velton 32767: from all lookup default
Created attachment 181872 [details] test system1 info(after update)
I don't understand what you consider to be broken. If you want to restore the rule table to its initial state, you have to use pref parameter like so: ip rule add table main pref 32766 ip rule add table default pref 32767 Closed as INVALID.
