From 12cac4cb0d54f43f2bf577b9d30d05a40d655485 Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 5 Dec 2006 21:24:49 +0000 Subject: [PATCH] Change for OpenWRT compatibility git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5061 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 ++ Shorewall/lib.cli | 14 +++++++------- Shorewall/releasenotes.txt | 5 +++++ Shorewall/shorewall | 8 ++++++-- 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index c1ee9a5e4..10c9fb981 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -21,6 +21,8 @@ Changes in 3.3.6 10) Allow capabilities file to be used with Shorewall as well as Shorewall Lite. +11) Allow in-memory circular buffer for system log. + Changes in 3.3.5 1) Restore default route when there are no 'balance' providers. diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index a5b8ff29c..fb38e7778 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -130,12 +130,12 @@ packet_log() # $1 = number of messages [ -n "$realtail" ] && options="-n$1" if [ -n "$SHOWMACS" -o $VERBOSE -gt 2 ]; then - grep 'IN=.* OUT=' $LOGFILE | \ + $LOGREAD | grep 'IN=.* OUT=' | \ sed s/" kernel:"// | \ sed s/" $host $LOGFORMAT"/" "/ | \ tail $options else - grep 'IN=.* OUT=' $LOGFILE | \ + $LOGREAD | grep 'IN=.* OUT=' | \ sed s/" kernel:"// | \ sed s/" $host $LOGFORMAT"/" "/ | \ sed 's/MAC=.* SRC=/SRC=/' | \ @@ -866,10 +866,10 @@ hits_command() { timeout=30 - if [ $(grep -c 'IN=.* OUT=' $LOGFILE ) -gt 0 ] ; then + if [ $( $LOGREAD | grep -c 'IN=.* OUT=' ) -gt 0 ] ; then echo " HITS IP DATE" echo " ---- --------------- ------" - grep 'IN=.* OUT=' $LOGFILE | sed 's/\(.\{6\}\)\(.*SRC=\)\(.*\)\( DST=.*\)/\3 \1/' | sort | uniq -c | sort -rn | \ + $LOGREAD | grep 'IN=.* OUT=' | sed 's/\(.\{6\}\)\(.*SRC=\)\(.*\)\( DST=.*\)/\3 \1/' | sort | uniq -c | sort -rn | \ while read count address month day; do printf '%7d %-15s %3s %2d\n' $count $address $month $day done @@ -878,7 +878,7 @@ hits_command() { echo " HITS IP PORT" echo " ---- --------------- -----" - grep 'IN=.* OUT=' $LOGFILE | sed 's/\(.*SRC=\)\(.*\)\( DST=.*DPT=\)\([0-9]\{1,5\}\)\(.*\)/\2 \4/ + $LOGREAD | grep 'IN=.* OUT=' | sed 's/\(.*SRC=\)\(.*\)\( DST=.*DPT=\)\([0-9]\{1,5\}\)\(.*\)/\2 \4/ t s/\(.*SRC=\)\(.*\)\( DST=.*\)/\2/' | sort | uniq -c | sort -rn | \ while read count address port; do @@ -889,7 +889,7 @@ hits_command() { echo " HITS DATE" echo " ---- ------" - grep 'IN=.* OUT=' $LOGFILE | sed 's/\(.\{6\}\)\(.*\)/\1/' | sort | uniq -c | sort -rn | \ + $LOGREAD | grep 'IN=.* OUT=' | sed 's/\(.\{6\}\)\(.*\)/\1/' | sort | uniq -c | sort -rn | \ while read count month day; do printf '%7d %3s %2d\n' $count $month $day done @@ -898,7 +898,7 @@ hits_command() { echo " HITS PORT SERVICE(S)" echo " ---- ----- ----------" - grep 'IN=.* OUT=.*DPT' $LOGFILE | sed 's/\(.*DPT=\)\([0-9]\{1,5\}\)\(.*\)/\2/' | sort | uniq -c | sort -rn | \ + $LOGREAD | grep 'IN=.* OUT=.*DPT' | sed 's/\(.*DPT=\)\([0-9]\{1,5\}\)\(.*\)/\2/' | sort | uniq -c | sort -rn | \ while read count port ; do # List all services defined for the given port srv=$(grep "^[^#].*\\b$port/" /etc/services | cut -f 1 | cut -f 1 -d' ' | sort -u) diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 8b3f3659b..b931a8599 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -128,6 +128,11 @@ Other Changes in 3.3.6 When you install a new kernel and/or iptables, be sure to generate a new file. +9) When syslogd is run with the -C option (which in some + implementations causes syslogd to log to an in-memory circular + buffer), /sbin/shorewall will now use the 'logread' command to read + the log from that buffer. This is for combatibility with OpenWRT. + Migration Considerations: 1) Shorewall supports the notion of "default actions". A default diff --git a/Shorewall/shorewall b/Shorewall/shorewall index f170c8b90..e94c6bd15 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -128,7 +128,11 @@ get_config() { [ -z "$LOGFILE" ] && LOGFILE=/var/log/messages - if [ ! -f $LOGFILE ]; then + if ( ps ax 2> /dev/null | qt grep 'syslogd.*-C' ) ; then + LOGREAD="logread" + elif [ -f $LOGFILE ]; then + LOGREAD="cat $LOGFILE" + else echo "LOGFILE ($LOGFILE) does not exist!" >&2 exit 2 fi @@ -152,7 +156,7 @@ get_config() { # See if we have a real version of "tail" -- use separate redirection so # that ash (aka /bin/sh on LRP) doesn't crap # - if ( tail -n5 $LOGFILE > /dev/null 2> /dev/null ) ; then + if ( tail -n5 /dev/null > /dev/null 2> /dev/null ) ; then realtail="Yes" else realtail=""