I'm trying to get shorewall-lite 3.2.6 working on my openwrt (building an ipk for it) and the package is built and now I am just trying to work my way through http://www.shorewall.net/CompiledPrograms.html#Lite. I'm at the "getting capabilities stage", and I understand that since I am running > 3.2.5 I don't actually need to run shorecap myself, but just to sanity test my openwrt port I thought I would try it. My results were disappointing:
# Shorewall 3.2.6 detected the following iptables/netfilter capabilities - Sat
Apr 7 10:30:35 EDT 2007
#
NAT_ENABLED=Yes
MANGLE_ENABLED=Yes
MULTIPORT=Yes
XMULTIPORT=Yes
CONNTRACK_MATCH=
USEPKTTYPE=
POLICY_MATCH=
PHYSDEV_MATCH=
LENGTH_MATCH=
IPRANGE_MATCH=
RECENT_MATCH=
OWNER_MATCH=
IPSET_MATCH=
CONNMARK=
XCONNMARK=
CONNMARK_MATCH=
XCONNMARK_MATCH=
RAW_TABLE=
IPP2P_MATCH=
CLASSIFY_TARGET=
ENHANCED_REJECT=Yes
KLUDGEFREE=
MARK=Yes
XMARK=
MANGLE_FORWARD=Yes
But since I know I have better than that installed I started to dig in
to shorecap and saw that it's doing:
load_kernel_modules() ->
. /usr/share/shorewall-lite/modules ->
loadmodule [ for a huge list of modules ]
and loadmodule is:
loadmodule() # $1 = module name, $2 - * arguments
{
local modulename=$1
local modulefile
local suffix
if ! list_search $modulename $MODULES ; then
shift
for suffix in $MODULE_SUFFIX ; do
for directory in $moduledirectories; do
modulefile=$directory/${modulename}.${suffix}
if [ -f $modulefile ]; then
case $moduleloader in
insmod)
insmod $modulefile $*
;;
*)
modprobe $modulename $*
;;
esac
break 2
fi
done
done
fi
}
So if the module is not already loaded (in $MODULES), then for any of of
the module extensions in $MODULE_SUFFIX, try to find and load a module.
However I cannot see how $MODULE_SUFFIX gets initialized in shorecap's
call stack. It appears that do_initialize() is supposed to do that, but
do_initialize() does not appear to get called in the codepath that
shorecap runs. In fact I can't find anywhere in the entire
shorewall-lite package that calls it.
Since $MODULE_SUFFIX doesn't get initialized to anything, loadmodule()
is for all intents and purposes a NOOP.
What am I missing?
b.
--
My other computer is your Microsoft Windows server.
Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
