Remove --default option

484aef7a · Joanne Hugé · f4506017 · 484aef7a · 484aef7a · 484aef7a
Commit 484aef7a authored Sep 30, 2022 by Joanne Hugé
7 changed files
--- a/demo/m10/re6stnet.conf
+++ b/demo/m10/re6stnet.conf
@@ -4,6 +4,5 @@ state m10/
 ca ca2.crt
 cert m10/cert.crt
 key m10/cert.key
-default
 client-count 2
 max-clients 2
--- a/demo/m2/re6stnet.conf
+++ b/demo/m2/re6stnet.conf
@@ -5,4 +5,3 @@ pp 1194 tcp
 ca ca.crt
 cert m2/cert.crt
 key m2/cert.key
-default
--- a/demo/m4/re6stnet.conf
+++ b/demo/m4/re6stnet.conf
@@ -5,4 +5,3 @@ pp 1194 tcp
 ca ca.crt
 cert m4/cert.crt
 key m4/cert.key
-default
--- a/demo/m5/re6stnet.conf
+++ b/demo/m5/re6stnet.conf
@@ -4,6 +4,5 @@ state m5/
 ca ca.crt
 cert m5/cert.crt
 key m5/cert.key
-default
 client-count 0
 max-clients 0
--- a/docs/re6stnet.rst
+++ b/docs/re6stnet.rst
@@ -30,8 +30,6 @@ Use ``re6stnet --help`` to get the complete list of options.
 If you already have IPv6 connectivity by autoconfiguration and still want to
 use it for communications that are unrelated to this network, then:
- your kernel must support source address based routing (because you can't
-  use ``--default`` option).
 - you must set ``net.ipv6.conf.<iface>.accept_ra`` sysctl to value 2 and
  trigger SLAAC with ``rdisc6 <iface>`` to restore the default route if the
  kernel removed while enabling forwarding.
@@ -85,20 +83,22 @@ If the `/etc/re6stnet/re6stnet.conf` configuration file exists, `re6stnet` is
 automatically started as a system daemon, by ``systemd``\ (1). Debian package
 also provides SysV init scripts.
-Important note about ``--default`` option
+Important note about re6st's default route
 -----------------------------------------
-When re6st is configured to route all your IPv6 traffic (``--default``),
+Re6st installs a default route with a source-based routing filter, your kernel
-any other interface providing IPv6 must have no default route. Otherwise,
+must therefore support source address based routing. This route allows your node
-re6st either refuses to start or aborts if it detect a default route.
+to redirect traffic to non-re6st destinations while preventing any conflict with
+already installed default routes (in case you have native IPv6 connectivity). If
+you don't have any other IPv6 default route the route will still be used to
+route all your IPv6 traffic.
 Correct usage of NetworkManager
 -------------------------------
 It is required to configure properly every connection defined in NetworkManager
-because default settings are wrong and conflict with re6st. If ``--default`` is
+because default settings are wrong and conflict with re6st. Please enable the
-used, then disable IPv6, else enable the following options in the [ipv6]
+following options in the [ipv6] section::
-section::
   ignore-auto-routes=true
   never-default=true

--- a/re6st/cli/node.py
+++ b/re6st/cli/node.py
@@ -74,13 +74,10 @@ def getConfig():
    _ = parser.add_argument_group('routing').add_argument
    _('-B', dest='babel_args', metavar='ARG', action='append', default=[],
        help="Extra arguments to forward to Babel.")
-    _('-D', '--default', action='store_true',
-        help="Access internet via this network (in this case, make sure you"
-             " don't already have a default route), or if your kernel was"
-             " compiled without support for source address based routing"
-             " (CONFIG_IPV6_SUBTREES). Meaningless with --gateway.")
    _('--table', type=int, choices=(0,),
-        help="DEPRECATED: Use --default instead of --table=0")
+        help="DEPRECATED")
+    _('--default', action='store_true',
+        help="DEPRECATED")
    _('--gateway', action='store_true',
        help="Act as a gateway for this network (the default route will be"
             " exported). Do never use it if you don't know what it means.")
@@ -160,19 +157,14 @@ def main():
        config.max_clients = cache.max_clients
    if config.table is not None:
-        logging.warning("--table option is deprecated: use --default instead")
+        logging.warning("--table option is deprecated")
-        config.default = True
+    if config.default:
-    if config.default and config.gateway:
+        logging.warning("--default option is deprecated")
-        sys.exit("error: conflicting options --default and --gateway")
    if config.disable_proto is None:
        config.disable_proto = DEFAULT_DISABLED_PROTO
    elif 'none' in config.disable_proto:
        config.disable_proto = ()
-    if config.default:
-        # Make sure we won't tunnel over re6st.
-        config.disable_proto = tuple({'tcp6', 'udp6'}.union(
-            config.disable_proto))
    def add_tunnels(iface_list):
        for iface in iface_list:
            config.babel_args += '-C', 'interface %s type tunnel' % iface
@@ -382,47 +374,19 @@ def main():
                subprocess.call(if_rt)
            if_rt[4] = my_subnet
            cleanup.append(lambda: subprocess.call(if_rt))
-            if config.default:
+            x = ['ip', '-6', 'route', 'add',
-                def check_no_default_route():
+                 'unreachable', '::/128', 'from', '::/128']
-                    for route in call(('ip', '-6', 'route', 'show',
+            if subprocess.call(x):
-                                        'default')).splitlines():
+                sys.exit('error: Source address based routing is not'
-                        if not (' proto babel ' in route
+                         ' enabled in your kernel (CONFIG_IPV6_SUBTREES).')
-                             or ' proto 42 ' in route):
+            x[3] = 'del'
-                            sys.exit("Detected default route (%s)"
+            subprocess.check_call(x)
-                                " whereas you specified --default."
-                                " Fix your configuration." % route)
-                check_no_default_route()
-                def check_no_default_route_thread():
-                    try:
-                        while True:
-                            time.sleep(60)
-                            try:
-                                check_no_default_route()
-                            except OSError, e:
-                                if e.errno != errno.ENOMEM:
-                                    raise
-                    except:
-                        utils.log_exception()
-                    finally:
-                        exit.kill_main(1)
-                t = threading.Thread(target=check_no_default_route_thread)
-                t.daemon = True
-                t.start()
-            else:
-                x = ['ip', '-6', 'route', 'add',
-                     'unreachable', '::/128', 'from', '::/128']
-                if subprocess.call(x):
-                    sys.exit('error: Source address based routing is not'
-                             ' enabled in your kernel (CONFIG_IPV6_SUBTREES).'
-                             ' Try with the --default option.')
-                x[3] = 'del'
-                subprocess.check_call(x)
            ip('route', 'unreachable', my_network)
            config.babel_args += config.iface_list
            cleanup.append(plib.router((my_ip, len(subnet)), ipv4,
-                my_network if config.gateway or config.default else None,
+                my_network if config.gateway else None,
-                config.gateway, cache.hello,
+                cache.hello,
                os.path.join(config.log, 'babeld.log'),
                os.path.join(config.state, 'babeld.state'),
                os.path.join(config.run, 'babeld.pid'),

--- a/re6st/plib.py
+++ b/re6st/plib.py
@@ -62,7 +62,7 @@ def client(iface, address_list, encrypt, *args, **kw):
    return openvpn(iface, encrypt, *remote, **kw)
-def router(ip, ip4, src, gateway, hello_interval, log_path, state_path, pidfile,
+def router(ip, ip4, src, hello_interval, log_path, state_path, pidfile,
           control_socket, default, hmac, *args, **kw):
    ip, n = ip
    hmac_sign, hmac_accept = hmac
@@ -98,10 +98,7 @@ def router(ip, ip4, src, gateway, hello_interval, log_path, state_path, pidfile,
    if ip4:
        cmd += '-C', 'redistribute ip %s/%s eq %s' % (ip4, n4, n4)
    if src:
-        if gateway:
+        cmd += '-C', 'redistribute ip ::/0 eq 0 src-prefix ' + src
-            cmd += '-C', 'redistribute ip ::/0 eq 0 src-prefix ' + src
-        else:
-            cmd += '-C', 'install ip ::/0 eq 0 src-prefix ' + src + ' pref-src ' + ip
    cmd += ('-C', 'redistribute deny',
            '-C', 'install ip ::/0 ge 1 pref-src ' + ip)
    if ip4: