Re: Default rdomain for CLI commands
Hi Claudio, if you received no feedback, i think you should just go ahead and commit your manual page diff, it seems like an improvement based on what is discussed in this thread (i did not test, nor inspect the code). There may be more potential defects in the manual page login.conf(5). For example, it doesn't appear to say what it means when the "Default" column is empty in a given line of the table. Also, section 5 file format manual pages should state as clearly as possible which programs (section 1 and 8) and/or functions (section 3) use the file format, and login.conf(5) feels somewhat fuzzy to me in that respect. But such potential more fundamental issues should not stand in the way of fixing a detail that is outright misleading. Yours, Ingo On 24 Oct 2023, at 18:51, Claudio Jeker wrote: > Because I think login.conf(5) is wrong. The default rtable is not 0. If > rtable is not set the current rtable is not modified by login_cap(3). Index: login.conf.5 === RCS file: /cvs/src/share/man/man5/login.conf.5,v retrieving revision 1.70 diff -u -p -r1.70 login.conf.5 --- login.conf.531 Mar 2022 17:27:23 -1.70 +++ login.conf.524 Oct 2023 08:41:21 - @@ -284,7 +284,7 @@ Initial priority (nice) level. Require home directory to login. .\" .Pp -.It rtable Ta number Ta Dv 0 Ta +.It rtable Ta number Ta "" Ta Rtable to be set for the class. .\" .Pp
Re: Default rdomain for CLI commands
A lot of interesting responses here! And the correct answer goes to Claudio! ;) Claudio correctly noted that if I am logging into the firewall via an SSH daemon running in a non-zero rdomain, then all commands I run in that SSH VTY will also be run under that rdomain :) And I will do some more testing with my cronjobs to figure out why I had to add route -T0 exec to my crons, maybe I broke something in login.conf. As always, thanks for your time and comments everyone! Always appreciated Andy > On 24 Oct 2023, at 18:51, Claudio Jeker wrote: > > On Tue, Oct 24, 2023 at 08:39:33AM -, Stuart Henderson wrote: >>> On 2023-10-24, Andy Lemin wrote: >>> Hi all, >>> >>> Just a quick question. >>> >>> I have multiple rdomains. My outside rdomain (rdomain 0) has a single >>> default route to my ISP. And my internal rdomain 9 has multiple default >>> routes pointing to various pairX interfaces for some funky routing stuff. >>> >>> Everything works beautifully, however, every command I type on the box >>> locally or over SSH which needs internet for example, is being executed >>> under the internal rdomain, not the edge rdomain. >>> >>> So I have to run; >>> ‘route -T0 exec syspatch’ for example. >>> >>> How do I set/override the default rdomain for system level CLI commands? >> >> The basic answer to your question is "set rtable in login.conf for the >> relevant class". But that doesn't explain why your machine is not already >> using rtable 0.. >> > > Because I think login.conf(5) is wrong. The default rtable is not 0. If > rtable is not set the current rtable is not modified by login_cap(3). > > -- > :wq Claudio > > Index: login.conf.5 > === > RCS file: /cvs/src/share/man/man5/login.conf.5,v > retrieving revision 1.70 > diff -u -p -r1.70 login.conf.5 > --- login.conf.531 Mar 2022 17:27:23 -1.70 > +++ login.conf.524 Oct 2023 08:41:21 - > @@ -284,7 +284,7 @@ Initial priority (nice) level. > Require home directory to login. > .\" > .Pp > -.It rtable Ta number Ta Dv 0 Ta > +.It rtable Ta number Ta "" Ta > Rtable to be set for the class. > .\" > .Pp >
Re: Default rdomain for CLI commands
Le mar. 24 oct. 2023 à 03:24, Andy Lemin a écrit : > How do I set/override the default rdomain for system level CLI commands? > You can do that at ssh level. From sshd_config(5): RDomain Specifies an explicit routing domain that is applied after authentication has completed. The user session, as well as any forwarded or listening IP sockets, will be bound to this rdomain(4). If the routing domain is set to %D, then the domain in which the incoming connection was received will be applied. I like having this prompt to know where I am: (rtable 2) [me@mymachine]:~$ echo $PS1 (rtable $(id -R)) [\u@\h]:\w\$
Re: Default rdomain for CLI commands
On Tue, Oct 24, 2023 at 08:39:33AM -, Stuart Henderson wrote: > On 2023-10-24, Andy Lemin wrote: > > Hi all, > > > > Just a quick question. > > > > I have multiple rdomains. My outside rdomain (rdomain 0) has a single > > default route to my ISP. And my internal rdomain 9 has multiple default > > routes pointing to various pairX interfaces for some funky routing stuff. > > > > Everything works beautifully, however, every command I type on the box > > locally or over SSH which needs internet for example, is being executed > > under the internal rdomain, not the edge rdomain. > > > > So I have to run; > > ‘route -T0 exec syspatch’ for example. > > > > How do I set/override the default rdomain for system level CLI commands? > > The basic answer to your question is "set rtable in login.conf for the > relevant class". But that doesn't explain why your machine is not already > using rtable 0.. > Because I think login.conf(5) is wrong. The default rtable is not 0. If rtable is not set the current rtable is not modified by login_cap(3). -- :wq Claudio Index: login.conf.5 === RCS file: /cvs/src/share/man/man5/login.conf.5,v retrieving revision 1.70 diff -u -p -r1.70 login.conf.5 --- login.conf.531 Mar 2022 17:27:23 - 1.70 +++ login.conf.524 Oct 2023 08:41:21 - @@ -284,7 +284,7 @@ Initial priority (nice) level. Require home directory to login. .\" .Pp -.It rtable Ta number Ta Dv 0 Ta +.It rtable Ta number Ta "" Ta Rtable to be set for the class. .\" .Pp
Re: Default rdomain for CLI commands
On Tue, Oct 24, 2023 at 06:56:33PM +1100, Andy Lemin wrote: > Hi Lyndon, > That is a good trick, I will try that. > > But it is more of an unexpected nuisance as I’m expecting the default to > be rdomain 0. No rdomains are inherited. Once a process runs in rdomain X all childs will also be in rdomain X. With this logging in via sshd will inherit the rdomain of the sshd process. Now you could look into login.conf(5) and try forcing rtable to 0 for your login class. If the login respects the settings you will get rdomain 0 all the time. > It seems to switch to use the rdomain with the most default routes which > breaks things unexpectedly - for example many crontab commands break > after adding routes, so now have to _always_ prefix with route -T0 exec > (to support automated route changes etc). No it does not. > This must be unexpected behaviour to change dynamically like this? There is no dynamic change. As said the rdomain is inherited over fork. It is set probably by the rc.d script and from there on it sticks to that. > Thanks for your help, Andy. > > > > On 24 Oct 2023, at 14:09, Lyndon Nerenberg (VE7TFX/VE6BBM) > > wrote: > > > > Andy Lemin writes: > > > >> So I have to run; > >> ‘route -T0 exec syspatch’ for example. > >> > >> How do I set/override the default rdomain for system level CLI commands? > > > > If you're talking about running a bunch of interactive shell commands > > in rdomain 0, just 'route -T0 exec sh' to drop into a sub-shell in > > rdomain 0. > > > > --lyndon > -- :wq Claudio
Re: Default rdomain for CLI commands
On 2023-10-24, Andy Lemin wrote: > Hi all, > > Just a quick question. > > I have multiple rdomains. My outside rdomain (rdomain 0) has a single default > route to my ISP. And my internal rdomain 9 has multiple default routes > pointing to various pairX interfaces for some funky routing stuff. > > Everything works beautifully, however, every command I type on the box > locally or over SSH which needs internet for example, is being executed under > the internal rdomain, not the edge rdomain. > > So I have to run; > ‘route -T0 exec syspatch’ for example. > > How do I set/override the default rdomain for system level CLI commands? The basic answer to your question is "set rtable in login.conf for the relevant class". But that doesn't explain why your machine is not already using rtable 0.. -- Please keep replies on the mailing list.
Re: Default rdomain for CLI commands
Hi Lyndon, That is a good trick, I will try that. But it is more of an unexpected nuisance as I’m expecting the default to be rdomain 0. It seems to switch to use the rdomain with the most default routes which breaks things unexpectedly - for example many crontab commands break after adding routes, so now have to _always_ prefix with route -T0 exec (to support automated route changes etc). This must be unexpected behaviour to change dynamically like this? Thanks for your help, Andy. > On 24 Oct 2023, at 14:09, Lyndon Nerenberg (VE7TFX/VE6BBM) > wrote: > > Andy Lemin writes: > >> So I have to run; >> ‘route -T0 exec syspatch’ for example. >> >> How do I set/override the default rdomain for system level CLI commands? > > If you're talking about running a bunch of interactive shell commands > in rdomain 0, just 'route -T0 exec sh' to drop into a sub-shell in > rdomain 0. > > --lyndon
Re: Default rdomain for CLI commands
Am 24.10.2023 03:08 schrieb Andy Lemin: So I have to run; ‘route -T0 exec syspatch’ for example. but 0 is the "default"!? How do I set/override the default rdomain for system level CLI commands? route -T9 exec /bin/ksh everything in that shell will be in rdomain 9 HTH, PS: or tmux .. -- pb
Default rdomain for CLI commands
Hi all, Just a quick question. I have multiple rdomains. My outside rdomain (rdomain 0) has a single default route to my ISP. And my internal rdomain 9 has multiple default routes pointing to various pairX interfaces for some funky routing stuff. Everything works beautifully, however, every command I type on the box locally or over SSH which needs internet for example, is being executed under the internal rdomain, not the edge rdomain. So I have to run; ‘route -T0 exec syspatch’ for example. How do I set/override the default rdomain for system level CLI commands? Thanks for your thoughts, Andy.