Replace use of route command with ip route in the firewall-turris-apply.sh script (!9) · Merge requests · Turris / fw-rules

Jan Betik requested to merge fw-rules-jbetik into master Jan 14, 2020

Full lookup in routing tables (especially in huge routing tables with thousands of records) can be time consuming process, so the route command has been replaced with ip route command with default route selector.

I ran into the issue where the firewall-turris-apply script was consuming a lot of CPU cycles just to find the WAN6 interface, and for that time I lost the information of prefix delegated by my ISP.

As my routing table consist of 78000 records and the full lookup took almost 2 minutes of CPU time, my LAN lost the RA information so the IPv6 connectivity was not reliable.

root@turris:~# ip -6 route show table all | wc -l
78305
root@turris:~# time route -n -A inet6 | sed -ne 's/ *$//;/^::\/0  /s/.* //p'
lo
pppoe-wan
pppoe-wan
lo
real    2m 7.86s
user    0m 5.36s
sys     1m 5.82s
lo
root@turris:~# time ip -6 route show default table all | awk -F1 '/dev/ {f=NR} f&&NR-1==f' RS=" "
lo
pppoe-wan
pppoe-wan
lo
lo
real    0m 0.31s
user    0m 0.03s
sys     0m 0.26s

Edited Jan 14, 2020 by Vojtech Myslivec

Admin message

Admin message

Replace use of route command with ip route in the firewall-turris-apply.sh script

Merge request reports