diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 06226abae..d9ba4fb0c 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -309,27 +309,14 @@ sub balance_default_route( $$$$ ) { emit ''; if ( $first_default_route ) { - if ( $family == F_IPV4 ) { - if ( $gateway ) { - emit "DEFAULT_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\""; - } else { - emit "DEFAULT_ROUTE=\"nexthop dev $interface weight $weight $realm\""; - } + if ( $gateway ) { + emit "DEFAULT_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\""; } else { - # - # IPv6 doesn't support multi-hop routes - # - if ( $gateway ) { - emit "DEFAULT_ROUTE=\"via $gateway dev $interface $realm\""; - } else { - emit "DEFAULT_ROUTE=\"dev $interface $realm\""; - } + emit "DEFAULT_ROUTE=\"nexthop dev $interface weight $weight $realm\""; } $first_default_route = 0; } else { - fatal_error "Only one 'balance' provider is allowed with IPv6" if $family == F_IPV6; - if ( $gateway ) { emit "DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop via $gateway dev $interface weight $weight $realm\""; } else { @@ -346,27 +333,14 @@ sub balance_fallback_route( $$$$ ) { emit ''; if ( $first_fallback_route ) { - if ( $family == F_IPV4 ) { - if ( $gateway ) { - emit "FALLBACK_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\""; - } else { - emit "FALLBACK_ROUTE=\"nexthop dev $interface weight $weight $realm\""; - } + if ( $gateway ) { + emit "FALLBACK_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\""; } else { - # - # IPv6 doesn't support multi-hop routes - # - if ( $gateway ) { - emit "FALLBACK_ROUTE=\"via $gateway dev $interface $realm\""; - } else { - emit "FALLBACK_ROUTE=\"dev $interface $realm\""; - } + emit "FALLBACK_ROUTE=\"nexthop dev $interface weight $weight $realm\""; } $first_fallback_route = 0; } else { - fatal_error "Only one 'fallback' provider is allowed with IPv6" if $family == F_IPV6; - if ( $gateway ) { emit "FALLBACK_ROUTE=\"\$FALLBACK_ROUTE nexthop via $gateway dev $interface weight $weight $realm\""; } else { @@ -542,7 +516,6 @@ sub process_a_provider( $ ) { $track = 0; } elsif ( $option =~ /^balance=(\d+)$/ ) { fatal_error q('balance' may not be spacified when GATEWAY is 'none') if $gatewaycase eq 'none'; - fatal_error q('balance=' is not available in IPv6) if $family == F_IPV6; fatal_error 'The balance setting must be non-zero' unless $1; $balance = $1; } elsif ( $option eq 'balance' || $option eq 'primary') { @@ -565,7 +538,6 @@ sub process_a_provider( $ ) { $mtu = "mtu $1 "; } elsif ( $option =~ /^fallback=(\d+)$/ ) { fatal_error q('fallback' may not be spacified when GATEWAY is 'none') if $gatewaycase eq 'none'; - fatal_error q('fallback=' is not available in IPv6) if $family == F_IPV6; $default = $1; $default_balance = 0; fatal_error 'fallback must be non-zero' unless $default; @@ -827,18 +799,10 @@ sub add_a_provider( $$ ) { emit( qq([ -z "$address" ] && return\n) ); if ( $hostroute ) { - if ( $family == F_IPV4 ) { - emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}); - emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm); - emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu} > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); - emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); - } else { - emit qq(qt \$IP -6 route add $gateway src $address dev $physical ${mtu}); - emit qq(qt \$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm); - emit qq(run_ip route add $gateway src $address dev $physical ${mtu}table $id $realm); - emit qq(echo "\$IP -6 route del $gateway src $address dev $physical ${mtu} > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing ); - emit qq(echo "\$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); - } + emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}); + emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm); + emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu} > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); + emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); } emit( "run_ip route add default via $gateway src $address dev $physical ${mtu}table $id $realm" ); @@ -959,14 +923,8 @@ CEOF $address = get_interface_address $interface unless $address; if ( $hostroute ) { - if ( $family == F_IPV4 ) { - emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}); - emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm); - } else { - emit qq(qt \$IP -6 route add $gateway src $address dev $physical ${mtu}); - emit qq(qt \$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm); - emit qq(run_ip route add $gateway src $address dev $physical ${mtu}table $id $realm); - } + emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}); + emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm); } emit "run_ip route add default via $gateway src $address dev $physical ${mtu}table $id $realm"; @@ -980,13 +938,8 @@ CEOF my $id = $providers{default}->{id}; emit ''; if ( $gateway ) { - if ( $family == F_IPV4 ) { - emit qq(run_ip route replace $gateway/32 dev $physical table $id) if $hostroute; - emit qq(run_ip route add default via $gateway src $address dev $physical table $id metric $number); - } else { - emit qq(qt \$IP -6 route del default via $gateway src $address dev $physical table $id metric $number); - emit qq(run_ip route add default via $gateway src $address dev $physical table $id metric $number); - } + emit qq(run_ip route replace $gateway/32 dev $physical table $id) if $hostroute; + emit qq(run_ip route add default via $gateway src $address dev $physical table $id metric $number); emit qq(echo "\$IP -$family route del default via $gateway table $id > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); emit qq(echo "\$IP -4 route del $gateway/32 dev $physical table $id > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing) if $family == F_IPV4; } else { @@ -1062,23 +1015,12 @@ CEOF $tbl = $providers{$default ? 'default' : $config{USE_DEFAULT_RT} ? 'balance' : 'main'}->{id}; $weight = $balance ? $balance : $default; - if ( $family == F_IPV4 ) { - if ( $gateway ) { - emit qq(add_gateway "nexthop via $gateway dev $physical weight $weight $realm" ) . $tbl; - } else { - emit qq(add_gateway "nexthop dev $physical weight $weight $realm" ) . $tbl; - } + if ( $gateway ) { + emit qq(add_gateway "nexthop via $gateway dev $physical weight $weight $realm" ) . $tbl; } else { - # - # IPv6 doesn't support multi-hop routes - # - if ( $gateway ) { - emit qq(add_gateway "via $gateway dev $physical $realm" ) . $tbl; - } else { - emit qq(add_gateway "dev $physical $realm" ) . $tbl; - } + emit qq(add_gateway "nexthop dev $physical weight $weight $realm" ) . $tbl; } - } else { + } else { $weight = 1; } @@ -1168,7 +1110,7 @@ CEOF $via = "dev $physical"; } - $via .= " weight $weight" unless $weight < 0 or $family == F_IPV6; # IPv6 doesn't support route weights + $via .= " weight $weight" unless $weight < 0; $via .= " $realm" if $realm; emit( qq(delete_gateway "$via" $tbl $physical) ); @@ -1517,12 +1459,7 @@ sub finish_providers() { if ( $balancing ) { emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' ); - if ( $family == F_IPV4 ) { - emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); - } else { - emit ( " qt \$IP -6 route del default scope global table $table \$DEFAULT_ROUTE" ); - emit ( " run_ip route add default scope global table $table \$DEFAULT_ROUTE" ); - } + emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); if ( $config{USE_DEFAULT_RT} ) { emit ( " while qt \$IP -$family route del default table $main; do", @@ -1575,12 +1512,7 @@ sub finish_providers() { if ( $fallback ) { emit ( 'if [ -n "$FALLBACK_ROUTE" ]; then' ); - if ( $family == F_IPV4 ) { - emit( " run_ip route replace default scope global table $default \$FALLBACK_ROUTE" ); - } else { - emit( " qt \$IP -6 route del default scope global table $default \$FALLBACK_ROUTE" ); - emit( " run_ip route add default scope global table $default \$FALLBACK_ROUTE" ); - } + emit( " run_ip route replace default scope global table $default \$FALLBACK_ROUTE" ); emit( " progress_message \"Fallback route '\$(echo \$FALLBACK_ROUTE | sed 's/\$\\s*//')' Added\"", 'else', diff --git a/Shorewall6/manpages/shorewall6-providers.xml b/Shorewall6/manpages/shorewall6-providers.xml index fab6bc365..63b799b4c 100644 --- a/Shorewall6/manpages/shorewall6-providers.xml +++ b/Shorewall6/manpages/shorewall6-providers.xml @@ -159,26 +159,40 @@ - balance + balance[=weight] - Added in Shorewall 4.4.25. Causes a default route to - this provider's gateway to be added to the main routing table (USE_DEFAULT_RT=No) - or to the balance routing - table (USE_DEFAULT_RT=Yes). Only one provider can specify this - option. + Added in Shorewall 4.4.25. The providers that have + specified will get outbound traffic + load-balanced among them. By default, all interfaces with + specified will have the same weight + (1). Beginning with Shorewall 5.0.13, you can change the + weight of an interface by specifying + weight + where weight is the weight of the + route out of this interface. Prior to Shorewall 5.0.13, only + one provider can specify this option. - fallback + fallback[=weight] - Added in Shorewall 4.4.25. Causes a default route to - this provider's gateway to be added to the default routing table.At most one - provider can specify this option. + Added in Shorewall 4.4.25. Indicates that a default + route through the provider should be added to the default + routing table (table 253). If a + weight is given, a balanced route + is added with the weight of this provider equal to the + specified weight. If the option is + given without a weight, an separate + default route is added through the provider's gateway; the + route has a metric equal to the provider's NUMBER. Prior to + Shorewall 5.0.13, at most one provider can specify this option + and a weight may not be + given.