More work on upgrade issues/instructions

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6735 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/changelog.txt

@@ -2,6 +2,10 @@ Changes in 4.0.0 RC 1
 
 1)  shorewall-perl RPM no longer installable under shorewall 3.4.
 
+2)  Fix limited broadcast and detectnets/routeback interfaces.
+
+3)  Use optimized 'split' for faster compilation.
+
 Changes in 4.0.0 Beta 6
 
 1)  First step to adding compiler debugging facility.

Shorewall-common/releasenotes.txt

@@ -12,8 +12,9 @@ Shorewall 4.0.0 RC 1
    - Shorewall-shell ( the shell-based compiler )
    - Shorewall-perl (the Perl-based compiler )
 
-You must install Shorewall-common and at least one of the compiler
+   You must install Shorewall-common and at least one of the compiler
-packages (you may install them both).
+   packages (you may install them both). See the Migration
+   Considerations below for further information.
 
 3) The facilities for supporting bridge/firewalls under earlier
    releases are deprecated and their documentation is omitted from the
@@ -23,17 +24,30 @@ packages (you may install them both).
 
 Problems corrected in 4.0.0 Beta 7.
 
-None.
+1)  If 'routeback' and 'detectnets' were specified on an interface,
+    limited broadcasts (to 255.255.255.255) were dropped when forwarded
+    through the interface. This could cause broadcast-based
+    applications to fail when running through a bridge with
+    'detectnets'.
 
 Other changes in Shorewall 4.0.0 RC 1.
 
 1)  The shorewall-perl RPM may no longer be installed under Shorewall
     3.4. It requires shorewall_common.
 
+2)  The compiler's CPU utilization has been reduced further.
+
 Migration Considerations:
 
-1)  You cannot simply upgrade your existing Shorewall package. You must
+1)  Beginning with Shorewall 4.0.0, there is no single 'shorewall'
-    also install one or both of the compilers.
+    package. Rather there are two compiler packages (shorewall-shell
+    and shorewall-perl) and a set of base files (shorewall-common)
+    required by either compiler package.
+
+    Although the names of the packages are changing, you can upgrade
+    without having to uninstall/reinstall.
+
+    To repeat: YOU DO NOT NEED TO UNINSTALL ANY EXISTING PACKAGE.
 
     If you attempt to upgrade using the shorewall-common RPM, you get
     this result:
@@ -45,12 +59,12 @@ Migration Considerations:
 
     You must either:
 
-	rpm -U shorewall-shell-4.0.0.noarch.rpm \
+	rpm -Uvh shorewall-shell-4.0.0.noarch.rpm \
 	    shorewall-common-4.0.0.noarch.rpm
 
     or
 
-	rpm -U shorewall-shell-4.0.0.noarch.rpm \
+	rpm -Uvh shorewall-shell-4.0.0.noarch.rpm \
 	    shorewall-perl-4.0.0.noarch.rpm \
 	    shorewall-common-4.0.0.noarch.rpm
 
@@ -68,6 +82,33 @@ Migration Considerations:
     the tarball in the expected way; untar the package, and run the
     install.sh script.
 
+    Example 1: You have 'shorewall' installed and you want to continue
+    to use the shorewall-shell compiler.
+
+	tar -jxf shorewall-common-4.0.0.tar.bz2
+	tar -jxf shorewall-shell-4.0.0.tar.bz2
+
+	cd shorewall-shell-4.0.0
+	./install.sh
+	cd ../shorewall-common-4.0.0
+	./install.sh
+	shorewall check
+	shorewall restart
+
+    Example 2: You have shorewall 3.4.4 and shorewall-perl 4.0.0-Beta7
+    installed and you want to upgrade to 4.0. You do not need the
+    shell-based compiler.
+
+	tar -jxf shorewall-common-4.0.0.tar.bz2
+	tar -jxf shorewall-perl-4.0.0.tar.bz2
+
+	cd shorewall-perl-4.0.0
+	./install.sh
+	cd ../shorewall-common-4.0.0
+	./install.sh
+	shorewall check
+	shorewall restart
+
 2)  The ROUTE_FILTER and LOG_MARTIANS options in shorewall.conf work
     slightly differently in Shorewall 4.0.0. In prior releases, leaving
     these options empty was equivalent to setting them to 'No' which

Shorewall-perl/Shorewall/Rules.pm

@@ -1661,7 +1661,7 @@ sub generate_matrix() {
 		    while ( my ($interface, $sourceref) = ( each %needbroadcast ) ) {
 			if ( get_interface_option( $interface, 'bridge' ) ) {
 			    for my $source ( keys %$sourceref ) {
-				add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-m addrtype --dst-type BROADCAST -j $chain3";
+				add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 255.255.255.255 -j $chain3";
 			    }
 			}
 		    }

docs/Install.xml

@@ -360,10 +360,16 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
         package, it probably won't work.</para>
       </listitem>
 
+      <listitem>
+        <para>If you are upgrading from a 2.x or 3.x version to a 4.x version
+        or later, please see the <ulink url="upgrade_issues.htm">upgrade
+        issues</ulink> for specific instructions.</para>
+      </listitem>
+
       <listitem>
         <para>Upgrade the RPM</para>
 
-        <programlisting><command>rpm -Uvh &lt;shorewall rpm file&gt; &lt;compiler rpm file&gt; ...</command></programlisting>
+        <programlisting><command>rpm -Uvh &lt;shorewall-common rpm file&gt; &lt;compiler rpm file&gt; ...</command></programlisting>
 
         <note>
           <para>Some <trademark>SUSE</trademark> users have encountered a
@@ -371,7 +377,7 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
           though a 2.4 kernel is installed. If this happens, simply use the
           --nodeps option to rpm.</para>
 
-          <programlisting><command>rpm -Uvh --nodeps &lt;shorewall rpm&gt; &lt;compiler rpm&gt; ...</command></programlisting>
+          <programlisting><command>rpm -Uvh --nodeps &lt;shorewall-common rpm&gt; &lt;compiler rpm&gt; ...</command></programlisting>
         </note>
 
         <note>
@@ -407,6 +413,12 @@ Pin-Priority: 700</programlisting><emphasis role="bold"><emphasis>Then
   <section id="Upgrade_Tarball">
     <title>Upgrade using tarball</title>
 
+    <para><important>
+        <para>If you are upgrading from a 2.x or 3.x version to a 4.x version
+        or later, please see the <ulink url="upgrade_issues.htm">upgrade
+        issues</ulink> for specific instructions.</para>
+      </important></para>
+
     <para>If you already have Shorewall installed and are upgrading to a new
     version using the tarball:</para>
 

docs/upgrade_issues.xml

@@ -70,54 +70,60 @@
   </section>
 
   <section id="V4.0.0">
-    <title>Versions &gt;= 4.0.0-Beta1</title>
+    <title>Versions &gt;= 4.0.0-Beta7</title>
 
     <orderedlist>
       <listitem>
-        <para>This is the first Shorewall release that fully integrates the
+        <para>Beginning with Shorewall 4.0.0, there is no single 'shorewall'
-        new Shorewall-perl compiler. You are now offered a choice as to which
+        package. Rather there are two compiler packages (shorewall-shell and
-        compiler(s) you install. In Shorewall 4.0.0, there are the following
+        shorewall-perl) and a set of base files (shorewall-common) required by
-        packages:<itemizedlist>
+        either compiler package.</para>
-            <listitem>
-              <para>Shorewall-common ( common files )</para>
-            </listitem>
 
-            <listitem>
+        <para>Although the names of the packages are changing, you can upgrade
-              <para>Shorewall-shell ( the shell-based compiler )</para>
+        without having to uninstall/reinstall.</para>
-            </listitem>
 
-            <listitem>
+        <para>To repeat: <emphasis role="bold">You do not need to uninstall
-              <para>Shorewall-perl (the Perl-based compiler )</para>
+        any existing package.</emphasis></para>
-            </listitem>
 
-            <listitem>
+        <para>If you attempt to upgrade using the shorewall-common RPM, you
-              <para>Shorewall-lite</para>
+        get this result:<programlisting>gateway:~ # <command>rpm -Uvh shorewall-common-4.0.0.noarch.rpm </command>
-            </listitem>
-          </itemizedlist>You must install Shorewall-common and at least one of
-        the compiler packages (you may install them both).</para>
-
-        <para>You cannot simply upgrade your existing Shorewall package. You
-        must upgrade Shorewall-common <emphasis role="bold">and</emphasis>
-        install one or both of the compilers.</para>
-
-        <para>If you attempt to upgrade using the common RPM, you get this
-        result:<programlisting>gateway:~ # rpm -Uvh shorewall-common-4.0.0.noarch.rpm 
 error: Failed dependencies:
 shorewall_compiler is needed by shorewall-common-4.0.0-1.noarch
-gateway:~ #</programlisting> You must either:<programlisting>rpm -U shorewall-shell-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</programlisting>or<programlisting>rpm -U shorewall-shell-4.0.0.noarch.rpm shorewall-perl-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</programlisting>If
+gateway:~ #</programlisting>You must either:<programlisting><command>rpm -Uvh shorewall-shell-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</command></programlisting>or<programlisting><command>rpm -Uvh shorewall-shell-4.0.0.noarch.rpm shorewall-perl-4.0.0.noarch.rpm shorewall-common-4.0.0.noarch.rpm</command></programlisting>If
-        you are upgrading using the tarball, you must install either
+        you don't want shorewall-shell, use the second command
-        shorewall-shell or shorewall-perl before you upgrade Shorewall using
+        then<programlisting><command>rpm -e shorewall-shell</command></programlisting>If
-        the Shorewall-common tarball. Otherwise, the install.sh script fails
+        you are upgrading using the tarball, you must install shorewall-shell
-        with:<simplelist>
+        and/or shorewall-perl before you upgrade using shorewall-common.
+        Otherwise, the install.sh script fails with:<simplelist>
             <member>ERROR: No Shorewall compiler is installed</member>
           </simplelist>The shorewall-shell and shorewall-perl packages are
         installed from the tarball in the expected way; untar the package, and
         run the install.sh script.</para>
 
-        <para>The RPMs are set up so that if you upgrade an existing Shorewall
+        <para>Example 1: You have 'shorewall' installed and you want to
-        installation as part of a distribution upgrade and you have not
+        continue to use the shorewall-shell compiler.<programlisting><command>tar -jxf shorewall-common-4.0.0.tar.bz2
-        already installed shorewall-perl, then you will end up with
+tar -jxf shorewall-shell-4.0.0.tar.bz2
-        Shorewall-common and Shorewall-shell installed.</para>
+
+cd shorewall-shell-4.0.0
+./install.sh
+cd ../shorewall-common-4.0.0
+./install.sh
+shorewall check
+shorewall restart</command></programlisting>Example 2: You have shorewall
+        3.4.4 and shorewall-perl 4.0.0-Beta7 installed and you want to upgrade
+        to 4.0. You do not need the shell-based compiler.<programlisting><command>tar -jxf shorewall-common-4.0.0.tar.bz2
+tar -jxf shorewall-perl-4.0.0.tar.bz2
+
+cd shorewall-perl-4.0.0
+./install.sh
+cd ../shorewall-common-4.0.0
+./install.sh
+shorewall check
+shorewall restart</command></programlisting> The RPMs are set up so that if
+        you upgrade an existing Shorewall installation as part of a
+        distribution upgrade and you have not already installed
+        shorewall-perl, then you will end up with Shorewall-common and
+        Shorewall-shell installed.</para>
       </listitem>
 
       <listitem>