On 11/20/2012 05:13 AM, Steven Jan Springl wrote:
In the attached config. shorewall2A, interface ssp+ generates the following
line in /var/lib/shorewall/.start
start_interface_ssp+() {
which produces the following error message:
/var/lib/shorewall/.start: 1892: Syntax error: Bad function name
Attached is patch commit-ebb4e1f that ignores wildcard optional
interfaces with respect to enable/disable.
----------------------------------------------------------------------------------------------------
In the attached config. shorewall2A1, interface br0 is specified in tcclasses &
tcdevices but is missing from the interfaces file. This config. produces the
following messages:
Use of uninitialized value $phyrdev in concatenation (.) or string at
/usr/share/shorewall/Shorewall/Tc.pm line 2018. /Zones.pm
..
>
Use of uninitialized value in numeric comparison (<=>) at
/usr/share/shorewall/Shorewall/Zones.pm line 1610.
Corrected by patch commit-67ae9df.
-----------------------------------------------------------------------------
If a capabilities file is created it correctly sets CHECKSUM_TARGET=Yes.
If the capabilities file is not created, the following tcrules file entry:
CHECKSUM:T br0 eth0 .....
produces the following error message:
ERROR: The CHECKSUM action requires Checksum Target in your kernel and
iptables /etc/shorewall2/tcrules (line 74)
Corrected by patch commit-f458e99.
Thanks Steven,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
commit 67ae9df0f893a6706f67df0b4eeea66e31ba9fa9
Author: Tom Eastep <[email protected]>
Date: Tue Nov 20 08:07:42 2012 -0800
Correct handling of unknown interfaces in TC.
Signed-off-by: Tom Eastep <[email protected]>
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 5f3cfd6..20147f5 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -2014,7 +2014,7 @@ sub process_traffic_shaping() {
handle_in_bandwidth( $device, $devref->{in_bandwidth} );
for my $rdev ( @{$devref->{redirected}} ) {
- my $phyrdev = get_physical( $rdev );
+ my $phyrdev = physical_name( $rdev );
emit ( "run_tc qdisc add dev $phyrdev handle ffff: ingress" );
emit( "run_tc filter add dev $phyrdev parent ffff: protocol all
u32 match u32 0 0 action mirred egress redirect dev $device > /dev/null" );
}
commit ebb4e1f6e4d953faaf197a697fbfe5e33713b63e
Author: Tom Eastep <[email protected]>
Date: Tue Nov 20 07:06:27 2012 -0800
Don't generate start/stop functions for wildcard optional interfaces
Signed-off-by: Tom Eastep <[email protected]>
diff --git a/Shorewall/Perl/Shorewall/Providers.pm
b/Shorewall/Perl/Shorewall/Providers.pm
index 3fc04f0..e6d6255 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -404,6 +404,11 @@ sub process_a_provider( $ ) {
my $physical = get_physical $interface;
my $gatewaycase = '';
+ if ( $physical =~ /\+$/ ) {
+ return 0 if $pseudo;
+ fatal_error "Wildcard interfaces ($physical) may not be used as
provider interfaces";
+ }
+
if ( $gateway eq 'detect' ) {
fatal_error "Configuring multiple providers through one interface
requires an explicit gateway" if $shared;
$gateway = get_interface_gateway $interface;
@@ -600,6 +605,8 @@ sub process_a_provider( $ ) {
push @providers, $table;
progress_message " Provider \"$currentline\" $done" unless $pseudo;
+
+ return 1;
}
#
@@ -1255,7 +1262,7 @@ sub process_providers( $ ) {
if ( my $fn = open_file 'providers' ) {
first_entry "$doing $fn...";
- process_a_provider(0), $providers++ while read_a_line( NORMAL_READ );
+ $providers += process_a_provider(0) while read_a_line( NORMAL_READ );
}
#
# Treat optional interfaces as pseudo-providers
@@ -1265,7 +1272,7 @@ sub process_providers( $ ) {
# TABLE NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
COPY
$currentline = "$_ 0 - - $_ - -
-";
#
- process_a_provider(1), $pseudoproviders++;
+ $pseudoproviders += process_a_provider(1);
}
if ( $providers ) {
commit f458e9939085bd64c2ea39b35af6e5f3a9c5ca19
Author: Tom Eastep <[email protected]>
Date: Tue Nov 20 06:59:40 2012 -0800
Correct the compiler's CHECKSUM detection
Signed-off-by: Tom Eastep <[email protected]>
diff --git a/Shorewall/Perl/Shorewall/Config.pm
b/Shorewall/Perl/Shorewall/Config.pm
index 8812b48..3f9355a 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -3496,7 +3496,7 @@ sub GeoIP_Match() {
}
sub Checksum_Target() {
- have_capability 'MANGLE_ENABLED' && qt1( "iptables -m mangle -A $sillyname
-j CHECKSUM --checksum-fill" );
+ have_capability 'MANGLE_ENABLED' && qt1( "iptables -t mangle -A $sillyname
-j CHECKSUM --checksum-fill" );
}
our %detect_capability =
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
