From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 6F18B1FF183
	for <inbox@lore.proxmox.com>; Wed,  3 Dec 2025 17:03:44 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 83BB3FB7E;
	Wed,  3 Dec 2025 17:04:08 +0100 (CET)
From: Filip Schauer <f.schauer@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Wed,  3 Dec 2025 17:03:18 +0100
Message-ID: <20251203160326.118051-1-f.schauer@proxmox.com>
X-Mailer: git-send-email 2.47.3
MIME-Version: 1.0
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1764777767345
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.007 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [proxmox.com]
Subject: [pve-devel] [PATCH lxc] patch dhclient-script to set RFC3442
 classless routes
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Embed the rfc3442-classless-routes hook from isc-dhcp-client into the
LXC dhclient-script. This is needed by application containers with
host-managed DHCP network interfaces, that receive routes via DHCP
option 121 (RFC3442).

Previously these classless routes were ignored.
This was originally reported in the Proxmox forum [0].

[0] https://forum.proxmox.com/threads/no-default-gateway-on-oci-container-with-dhcp.176696/

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
 ...3-PVE-apply-rfc3442-classless-routes.patch | 106 ++++++++++++++++++
 debian/patches/series                         |   1 +
 2 files changed, 107 insertions(+)
 create mode 100644 debian/patches/pve/0003-PVE-apply-rfc3442-classless-routes.patch

diff --git a/debian/patches/pve/0003-PVE-apply-rfc3442-classless-routes.patch b/debian/patches/pve/0003-PVE-apply-rfc3442-classless-routes.patch
new file mode 100644
index 0000000..26ab883
--- /dev/null
+++ b/debian/patches/pve/0003-PVE-apply-rfc3442-classless-routes.patch
@@ -0,0 +1,106 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Filip Schauer <f.schauer@proxmox.com>
+Date: Wed, 3 Dec 2025 15:03:50 +0100
+Subject: [PATCH] dhclient-script: set RFC3442 classless routes
+
+Due to the removal of hooks in the LXC fork of dhclient-script, the
+rfc3442-classless-routes hook did not run. As a result, classless static
+routes received from the DHCP server were ignored.
+
+This commit restores support for RFC3442 classless routes by embedding
+the code from /etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes
+from the isc-dhcp-client package.
+
+Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
+---
+ hooks/dhclient-script | 67 +++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 67 insertions(+)
+
+diff --git a/hooks/dhclient-script b/hooks/dhclient-script
+index 9c9b40e69..c87792707 100755
+--- a/hooks/dhclient-script
++++ b/hooks/dhclient-script
+@@ -133,6 +133,71 @@ set_hostname() {
+     fi
+ }
+ 
++# Code adapted from isc-dhcp-client rfc3442-classless-routes hook
++set_rfc3442_classless_routes() {
++    set -- $new_rfc3442_classless_static_routes
++
++    while [ $# -gt 0 ]; do
++        net_length=$1
++        via_arg=''
++
++        case $net_length in
++            32|31|30|29|28|27|26|25)
++                if [ $# -lt 9 ]; then
++                    return 1
++                fi
++                net_address="${2}.${3}.${4}.${5}"
++                gateway="${6}.${7}.${8}.${9}"
++                shift 9
++                ;;
++            24|23|22|21|20|19|18|17)
++                if [ $# -lt 8 ]; then
++                    return 1
++                fi
++                net_address="${2}.${3}.${4}.0"
++                gateway="${5}.${6}.${7}.${8}"
++                shift 8
++                ;;
++            16|15|14|13|12|11|10|9)
++                if [ $# -lt 7 ]; then
++                    return 1
++                fi
++                net_address="${2}.${3}.0.0"
++                gateway="${4}.${5}.${6}.${7}"
++                shift 7
++                ;;
++            8|7|6|5|4|3|2|1)
++                if [ $# -lt 6 ]; then
++                    return 1
++                fi
++                net_address="${2}.0.0.0"
++                gateway="${3}.${4}.${5}.${6}"
++                shift 6
++                ;;
++            0)      # default route
++                if [ $# -lt 5 ]; then
++                    return 1
++                fi
++                net_address="0.0.0.0"
++                gateway="${2}.${3}.${4}.${5}"
++                shift 5
++                ;;
++            *)      # error
++                return 1
++                ;;
++        esac
++
++        # take care of link-local routes
++        if [ "${gateway}" != '0.0.0.0' ]; then
++            via_arg="via ${gateway}"
++        fi
++
++        # set route (ip detects host routes automatically)
++        ${ip} -4 route add "${net_address}/${net_length}" \
++            ${via_arg} dev "${interface}" >/dev/null 2>&1
++    done
++}
++
+ # Execute the operation
+ case "$reason" in
+ 
+@@ -207,6 +272,8 @@ case "$reason" in
+ 			    if_metric=$((if_metric+1))
+ 			fi
+ 		    done
++	    else
++		set_rfc3442_classless_routes
+ 	    fi
+         fi
+ 
+-- 
+2.47.3
+
diff --git a/debian/patches/series b/debian/patches/series
index 8d5d62a..47c3558 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ conf-env-split-bpo/0002-api_extensions-add-environment_runtime_hooks-extensi.pat
 conf-env-split-bpo/0003-doc-add-lxc.environment.-runtime-hooks.patch
 pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
 pve/0002-PVE-Config-attach-always-use-getent.patch
+pve/0003-PVE-apply-rfc3442-classless-routes.patch
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel