jaredj/glotawk - Change 3EW77BFEOSHSFK3GDO6ULXRY3YTHEDNG3OF53LN7Q5ESKDNDJLAAC

make the routers policy at least parse properly

Created by jaredj on November 11, 2025

3EW77BFEOSHSFK3GDO6ULXRY3YTHEDNG3OF53LN7Q5ESKDNDJLAAC

Dependencies

In channels

main

Change contents

Replacement in lacrum/routers/pf.glotawk at line 3 [2.11804]

B:BD[2.11843] → [2.11843:12311]

  (let ((template-inputs nil)
        ((ifs (assoc-path '(:ethernet-interfaces) chromebox-networking)))
         (if-on-vlan (assoc-path '(:interface-on-vlan)
                                 chromebox-networking)))
    (dolist (if ifs)
      (do-vlans
       (when on-firewall-p
         (when (interface-on-vlan if number)
           (push (list (sprintf "INTERFACE_%d" name)
                       (sprintf "%s.%d" if number))
                 template-inputs)))))

[2.11843]

[2.12311]

  (let ((template-inputs nil))
    (do-ifs-and-vlans chromebox-networking
     (cond
      (fwp (push (list (sprintf "INTERFACE_%s" name) vif)
                 template-inputs))))

Replacement in lacrum/routers/pf.glotawk at line 10 [2.11804]
B:BD[2.12398] → [2.12398:12426]
```
     "templates/pf.conf.m4"
```
[2.12398]
[2.12426]
```
     "templates/pf.conf.tmpl"
```
Deletion in lacrum/routers/pf.glotawk at line 24 [2.11804]
B:BD[2.13116] → [2.13116:13117]
Deletion in lacrum/routers/netflow_collect.glotawk at line 1 [2.13166]
B:BD[2.13166] → [2.13167:13168]

Replacement in lacrum/routers/netflow_collect.glotawk at line 2 [2.13166]

B:BD[2.13243] → [2.13243:13456]

  (let ((ifs (assoc-path '(:ethernet-interfaces) chromebox-networking))
        (if-for-vlan (assoc-path '(:interface-for-vlan)
                                 chromebox-networking))
        (ifs-to-collect '())

[2.13243]

[2.13456]

  (let ((ifs-to-collect '())

Replacement in lacrum/routers/netflow_collect.glotawk at line 6 [2.13166]

B:BD[2.13519] → [2.13519:13634]

    (dolist (if ifs)
      (do-vlans
       (when fw
         (push (sprintf "%s_%d" if number) ifs-to-collect))))

[2.13519]

[2.13634]

    (do-ifs-and-vlans chromebox-networking
     (when fwp
       (push (sprintf "%s_%d" if number) ifs-to-collect)))

Replacement in lacrum/routers/netflow_collect.glotawk at line 10 [2.13166]
B:BD[2.13714] → [2.13714:13746]
```
    (dolist (if ifs-to-collect)
```
[2.13714]
[2.13746]
```
    (dolist (ifc ifs-to-collect)
```

Replacement in lacrum/routers/netflow_collect.glotawk at line 13 [2.13166]

B:BD[2.13775] → [2.13775:13981]

        (push (sprintf "mkpeer %s: netflow lower iface%d" if nf-port) ngc)
        (push (sprintf "name %s:lower netflow" if) ngc)
        (push (sprintf "connect %s: netflow: upper out%d" if nf-port) ngc)

[2.13775]

[2.13981]

        (push (sprintf "mkpeer %s: netflow lower iface%d" ifc nf-port) ngc)
        (push (sprintf "name %s:lower netflow" ifc) ngc)
        (push (sprintf "connect %s: netflow: upper out%d" ifc nf-port) ngc)

Replacement in lacrum/routers/netflow_collect.glotawk at line 17 [2.13166]

B:BD[2.14012] → [2.14012:14181]

       (true
        (push (sprintf "connect %s: netflow: lower iface%d" if nf-port) ngc)
        (push (sprintf "connect %s: netflow: upper out%d"   if nf-port) ngc)))

[2.14012]

[2.14181]

      (true
       (push (sprintf "connect %s: netflow: lower iface%d" ifc nf-port) ngc)
       (push (sprintf "connect %s: netflow: upper out%d"   ifc nf-port) ngc)))

Replacement in lacrum/routers/netflow_collect.glotawk at line 51 [2.13166]
B:BD[2.15637] → [2.15637:15666]
```
\tngctlshutdown exporter:\n\
```
[2.15637]
[2.15666]
```
\tngctl shutdown exporter:\n\
```
Insertion in lacrum/routers/hosts.glotawk at line 52 [3.429]
[2.16816]
[2.16816]
```
  ;; This is the interface over which the jail will route us.
```

Replacement in lacrum/routers/hosts.glotawk at line 54 [3.429]

∅:D[2.16860] → [4.1382:1473]

B:BD[4.1382] → [4.1382:1473]

B:BD[4.1473] → [2.16861:16915]

  ;; this isn't going to get an address before the jail starts but i
  ;; think that's ok.
  (sysrc-set "ifconfig_epair72_ipv6" "accept_rtadv"))

[2.16860]

  (sysrc-set "ifconfig_epair72a_ipv6" "inet6 fd74:1c54:7975:6875::6875/64")
  (sysrc-set "defaultrouter" "fd74:1c54:7975:6875::1"))

Replacement in lacrum/routers/he-6in4.glotawk at line 26 [2.17603]

B:BD[2.18732] → [2.18732:19620]

  (let ((ifs (assoc-path '(:ethernet-interfaces) chromebox-networking))
        (if-on-vlan (assoc-path '(:interface-on-vlan)
                                chromebox-networking)))
    (dolist (if ifs)
      (dolist (he6 he-6in4s)
        (let ((v (cadr he6)))
          (file-exists-templated-from
           (sprintf "/etc/dhclient-exit-hooks.d/20-henet_gif_%s"
                    (cadr (assoc :name v)))
           "644" "root" "wheel"
           "templates/henet_gif_tunnel.tmpl"
           `(("HGT_INTERFACE" interface)
             ("HGT_FAR_IPV4"  (cadr (assoc :far-ipv4  v)))
             ("HGT_USERNAME"  (cadr (assoc :username  v)))
             ("HGT_PASSWORD"  (cadr (assoc :password  v)))
             ("HGT_TUNNELID"  (cadr (assoc :tunnel-id v)))
             ("HGT_NEAR_IPV6" (cadr (assoc :near-ipv6 v)))
             ("HGT_FAR_IPV6"  (cadr (assoc :far-ipv6  v))))))))))

[2.18732]

  (do-ifs-and-vlans chromebox-networking
    (dolist (ifcpair he-6in4s)
      (when (equal (car ifcpair) vif)
        (dolist (he6 (cadr ifcpair))
          (let ((v (cadr he6)))
            (file-exists-with-contents-gsubbed
             (sprintf "/etc/dhclient-exit-hooks.d/20-henet_gif_%s"
                      (cadr (assoc :name v)))
             "644" "root" "wheel"
             "templates/henet_gif_tunnel.tmpl"
             `(("HGT_INTERFACE" interface)
               ("HGT_FAR_IPV4"  (cadr (assoc :far-ipv4  v)))
               ("HGT_USERNAME"  (cadr (assoc :username  v)))
               ("HGT_PASSWORD"  (cadr (assoc :password  v)))
               ("HGT_TUNNELID"  (cadr (assoc :tunnel-id v)))
               ("HGT_NEAR_IPV6" (cadr (assoc :near-ipv6 v)))
               ("HGT_FAR_IPV6"  (cadr (assoc :far-ipv6  v)))))))))))

Replacement in lacrum/routers/firewall.glotawk at line 27 [2.19978]

B:BD[2.20971] → [2.20971:21014]

        ;; checksums; let's let it do them

[2.20971]

[2.21014]

        ;; checksums; let's let it do them, rather than doing them in
        ;; software with netgraph.

Replacement in lacrum/routers/dnsmasq.glotawk at line 12 [2.30350]

B:BD[2.30764] → [2.30764:31592]

                                 chromebox-networking)))
    (dolist (if ifs)
      (do-vlans
       (if dnsmasq-dhcp-p
           (progn
             (let ((min 100) (max 250))
               (push (sprintf "dhcp-range=set:%s,%s.%d.%d,%s.%d.%d"
                              name
                              internal-ipv4-16 v4sub min
                              internal-ipv4-16 v4sub max)
                     ipv4-ranges))
             (push (sprintf "dhcp-range=set:%s,::,constructor:%s%s"
                            name (sprintf "%s.%d" if number)
                            (strcat "," (apply string-join "," v6opts)))
                   ipv6-ranges))
           (push (sprintf "%s.%d" if number) no-dhcp-interfaces))
       (when dnsmasq-dns-p
         (push (sprintf "%s.%d" if number) dns-listen-interfaces))))

[2.30764]

[2.31592]

                                chromebox-networking)))
    (do-ifs-and-vlans chromebox-networking
     (cond
      (dhcpp
       (let ((min 100) (max 250))
         (push (sprintf "dhcp-range=set:%s,%s.%d.%d,%s.%d.%d"
                        name
                        internal-ipv4-16 v4sub min
                        internal-ipv4-16 v4sub max)
               ipv4-ranges))
       (push (sprintf "dhcp-range=set:%s,::,constructor:%s%s"
                      name (sprintf "%s.%d" if number)
                      (strcat "," (apply string-join "," v6opts)))
             ipv6-ranges))
      (true
       (push (sprintf "%s.%d" if number) no-dhcp-interfaces)))
     (cond
      (dnsp (push (sprintf "%s.%d" if number) dns-listen-interfaces))))

Replacement in lacrum/routers/carp.glotawk at line 81 [2.33729]

B:BD[2.37625] → [2.37625:38024]

  (let ((ifs (assoc-path '(:ethernet-interfaces) chromebox-networking))
        (if-for-vlan (assoc-path '(:interface-for-vlan)
                                 chromebox-networking)))
    (dolist (if ifs)
      (do-vlans
       (when (and fw (eq kw :pfsync))
         (sysrc-set "pfsync_enable" "YES")
         (sysrc-set "pfsync_syncdev" if)
         (sysrc-set "pfsync_syncpeer" "ff12::f0"))))))

[2.37625]

  (do-ifs-and-vlans chromebox-networking
    (when (and fwp (eq kw :pfsync))
      (sysrc-set "pfsync_enable" "YES")
      (sysrc-set "pfsync_syncdev" if)
      (sysrc-set "pfsync_syncpeer" "ff12::f0"))))