Lightweight policy-based routing

Jo-Philipp Wich jo at mein.io
Fri Dec 4 15:00:07 EST 2020


Hi Philip,

ip rules are possible in uci, but not sure if all the bits you require are
covered:

https://openwrt.org/docs/guide-user/network/ucicheatsheet#ip_rules_for_both_rule_and_rule6

`config route` sections allow specifying `option table` as well to stage the
routes in the non-main rttable.

Since the device options for uci rules and routes require logical networks and
not Linux network device names, you might need to declare a dummy interface
for xfrm0, like this:

config interface vpn
  option proto static
  option ifname xfrm0

It might be that netifd will clear out any IP addresses on the xfrm0
interface, so you would need to encode those in uci as well:

config interface vpn
  option proto static
  option ifname xfrm0
  option ipaddr 192.168.1.0/24
  option table 200   # will instruct netifd to put any related routes into
table 200


Netifd understands aliases set up in /etc/iproute2/rt_tables but there is no
uci way to declare new symbolic aliases. So either you need to manage that
file externally or you stick to numeric table IDs.

~ Jo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20201204/75dc62e9/attachment.sig>


More information about the openwrt-devel mailing list