Fw4 and hotplug

Rod · February 6, 2023, 7:38pm

Does fw4 "publish" events to hotplug like fw3 does?

In 21.02.x, fw3 apparently calls /sbin/hotplug-call.

In 22.03.3 I couldn't find anything similar for fw4.
Furthermore, the suggested test on
hotplug produces nothing with fw4. It works with fw3.

Rod · February 7, 2023, 12:25am

Tried to get the events with:

ubus subscribe service

But got nothing when doing service firewall (reload/restart)

Maybe this should be better placed in the 'For Developers' category, not sure.

stangri · February 7, 2023, 4:41am

Not obvious what you're trying to accomplish, but either or both of the two options may be of use:

Place custom scripts into /usr/share/nftables.d (check the README in there for usage)
Create a fw4-compatible include file and edit firewall config, like this:

config include 'pbr'
	option fw4_compatible '1'
	option type 'script'
	option path '/usr/share/pbr/pbr.firewall.include'

Rod · February 7, 2023, 5:21am

Hey, thanks for the suggestions.

I admit I didn't provide any detail on the intent, because I don't need help with that.
Just need to know if it is intentional that fw4 doesn't "publish" events to hotplug, like fw3 does.

Looking at a default v22.03.3 image, there are subfolders in /etc/hotplug.d for dhcp, net, iface, etc but not for firewall. So, it looks like that is the case; but looking for an "official" confirmation that this changed with fw4/v22.03.x and onwards.

RuralRoots · February 10, 2023, 7:46am

I am not clear about the meaning of "events fw3 publishes to hotplug"?

Hotplug works with procd (process management daemon). When procd detects a trigger event, it just calls all scripts in the trigger event directory in alpha order.

/sbin/hotplug-call is a helper script that ensures the procd trigger event is pointed to the correct directory in /etc/hotplug.d

You can find other packages that utilize it here: https://github.com/openwrt/packages/search?p=1&q=hotplug-call

FWIW, I don't have any entries in /etc/hotplug.d/firewall in 21.02.3/5 or Master Snapshot, at least not since I stopped using vpn-policy-routing.

Well, if you are looking for the environment variables used in each hotplug directory you could add something like this to each of the Trigger Directories - block/button/dhcp/dsl/firewall/iface/neigh/net/tftp/usb :

cat << "EOF" >  /etc/hotplug.d/<trigger directory>/00-logger
logger -t PROCD-<Trigger Dir> $(env) > /var/log/procd/procd_<Trigger Dir>
EOF

This will log every possible trigger whenever the system triggers the event.

jow · February 10, 2023, 8:09am

Yes, this is intentional. The current fw4 implementation does not emit firewall hotplug events.

Rod · February 10, 2023, 1:07pm

Well, fw4 doesn't trigger any event. Fw3 does.

RuralRoots:

Furthermore, the suggested test on
'https://openwrt.org/docs/guide-user/base-system/hotplug#usagetroubleshooting'
produces nothing with fw4. It works with fw3.

Well, if you are looking for the environment variables used in each hotplug directory you could add something like this to each of the Trigger Directories - block/button/dhcp/dsl/firewall/iface/neigh/net/tftp/usb :
cat << "EOF" >  /etc/hotplug.d/<trigger directory>/00-logger
logger -t PROCD-<Trigger Dir> $(env) > /var/log/procd/procd_<Trigger Dir>
EOF
This will log every possible trigger whenever the system triggers the event.

As noted on my post, already did that but not looking for the environment variables used in each hotplug directory. Instead looking to confirm if fw4 doesn't trigger any event by design OR because of a bug.

Got the answer: #6
Thanks

system · February 20, 2023, 1:08pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.