Bug fixes from STABLE2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1375 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-02-16 01:39:53 +01:00 · 2004-05-29 00:40:33 +00:00 · 2004-05-29 00:40:33 +00:00 · 0881af787a
commit 0881af787a
parent 03153243eb
1 changed files with 41 additions and 25 deletions
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -1418,9 +1418,20 @@ setup_tunnels() # $1 = name of tunnels file

    setup_one_ipsec() # $1 = gateway $2 = Tunnel Kind $3 = gateway zones
    {
-    	local kind=$2 noah=
+    	local kind=$2 noah= markval=
+
+	case $kind in 
+	    *:*:*)
+		markval=${kind#*}
+		kind=${kind%%:*}
+		;;
+	esac

 	case $kind in
+	    *:[1-9]*)
+		markval=${kind#*}
+		kind=${kind%:*}
+		;;		
 	    *:*)
 	    	noah=${kind#*:}
 		[ $noah = noah -o $noah = NOAH ] || fatal_error "Invalid IPSEC modifier $noah in tunnel \"$tunnel\""
@ -2118,9 +2129,9 @@ setup_tc1() {
    # Link to the TC mangle chains from the main chains
    #

-    run_iptables -t mangle -A FORWARD    -j tcfor
-    run_iptables -t mangle -A PREROUTING -j tcpre
-    run_iptables -t mangle -A OUTPUT     -j tcout
+    run_iptables -t mangle -A FORWARD -m mark --mark 0 -j tcfor
+    run_iptables -t mangle -A PREROUTING               -j tcpre
+    run_iptables -t mangle -A OUTPUT                   -j tcout

    run_user_exit tcstart

@ -2331,8 +2342,6 @@ check_config() {

    verify_os_version

-    load_kernel_modules check
-
    echo "Determining Zones..."

    determine_zones
@ -4623,8 +4632,9 @@ add_ip_aliases()
 #
 # Load kernel modules required for Shorewall
 #
-load_kernel_modules() #1 = command
+load_kernel_modules()
 {
+    save_modules_dir=$MODULESDIR

    [ -z "$MODULESDIR" ] && \
 	MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
@ -4632,26 +4642,31 @@ load_kernel_modules() #1 = command
    modules=$(find_file modules)

    if [ -f $modules -a -d $MODULESDIR ]; then
- 	[ "$1" = silent ] || echo "Loading Modules..."
+ 	progress_message "Loading Modules..."
 	. $modules
+    fi

-	case $1 in
-	    start|restart)
-		save_progress_message "Loading kernel modules..."
-		save_command "reload_kernel_modules <<__EOF__"
+    MODULESDIR=$save_modules_dir
+}

-		while read command; do
-		    case "$command" in
-			loadmodule*)
-			    save_command $command
-			    ;;
-		    esac
-		done < $modules
-		
-		save_command __EOF__
+save_load_kernel_modules()
+{
+
+    modules=$(find_file modules)
+
+    save_progress_message "Loading kernel modules..."
+    save_command "reload_kernel_modules <<__EOF__"
+
+    while read command; do
+	case "$command" in
+	    loadmodule*)
+		save_command $command
 		;;
 	esac
-    fi
+    done < $modules
+    
+    save_command __EOF__
+
 }

 # Verify that the 'ip' program is installed
@ -5519,7 +5534,7 @@ define_firewall() # $1 = Command (Start or Restart)
    save_command "MODULESDIR=\"$MODULESDIR\""
    save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""

-    load_kernel_modules $command
+    save_load_kernel_modules

    echo "Initializing...";                    initialize_netfilter
    echo "Configuring Proxy ARP";              setup_proxy_arp
@ -6045,9 +6060,10 @@ do_initialize() {
    ensure_config_path
    #
    # Determine the capabilities of the installed iptables/netfilter
-    # We silently load the modules
+    # We load the kernel modules here to acurately determine 
+    # capabilities when module autoloading isn't enabled.
    #
-    qt load_kernel_modules silent
+    load_kernel_modules
    determine_capabilities

    [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall