extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Delete code supporting old kernel/iproute2 IPv6 restrictions

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-10-07 11:02:36 -07:00
parent 0bf5ca7e0c
commit 3058f2fb84
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 47 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -309,27 +309,14 @@ sub balance_default_route( $$$$ ) {
emit ''; emit '';
if ( $first_default_route ) { if ( $first_default_route ) {
if ( $family == F_IPV4 ) {
if ( $gateway ) { if ( $gateway ) {
emit "DEFAULT_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\""; emit "DEFAULT_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\"";
} else { } else {
emit "DEFAULT_ROUTE=\"nexthop dev $interface weight $weight $realm\""; emit "DEFAULT_ROUTE=\"nexthop dev $interface weight $weight $realm\"";
} }
} else {
#
# IPv6 doesn't support multi-hop routes
#
if ( $gateway ) {
emit "DEFAULT_ROUTE=\"via $gateway dev $interface $realm\"";
} else {
emit "DEFAULT_ROUTE=\"dev $interface $realm\"";
}
}
$first_default_route = 0; $first_default_route = 0;
} else { } else {
fatal_error "Only one 'balance' provider is allowed with IPv6" if $family == F_IPV6;
if ( $gateway ) { if ( $gateway ) {
emit "DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop via $gateway dev $interface weight $weight $realm\""; emit "DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop via $gateway dev $interface weight $weight $realm\"";
} else { } else {
@ -346,27 +333,14 @@ sub balance_fallback_route( $$$$ ) {
emit ''; emit '';
if ( $first_fallback_route ) { if ( $first_fallback_route ) {
if ( $family == F_IPV4 ) {
if ( $gateway ) { if ( $gateway ) {
emit "FALLBACK_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\""; emit "FALLBACK_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\"";
} else { } else {
emit "FALLBACK_ROUTE=\"nexthop dev $interface weight $weight $realm\""; emit "FALLBACK_ROUTE=\"nexthop dev $interface weight $weight $realm\"";
} }
} else {
#
# IPv6 doesn't support multi-hop routes
#
if ( $gateway ) {
emit "FALLBACK_ROUTE=\"via $gateway dev $interface $realm\"";
} else {
emit "FALLBACK_ROUTE=\"dev $interface $realm\"";
}
}
$first_fallback_route = 0; $first_fallback_route = 0;
} else { } else {
fatal_error "Only one 'fallback' provider is allowed with IPv6" if $family == F_IPV6;
if ( $gateway ) { if ( $gateway ) {
emit "FALLBACK_ROUTE=\"\$FALLBACK_ROUTE nexthop via $gateway dev $interface weight $weight $realm\""; emit "FALLBACK_ROUTE=\"\$FALLBACK_ROUTE nexthop via $gateway dev $interface weight $weight $realm\"";
} else { } else {
@ -542,7 +516,6 @@ sub process_a_provider( $ ) {
$track = 0; $track = 0;
} elsif ( $option =~ /^balance=(\d+)$/ ) { } elsif ( $option =~ /^balance=(\d+)$/ ) {
fatal_error q('balance' may not be spacified when GATEWAY is 'none') if $gatewaycase eq 'none'; fatal_error q('balance' may not be spacified when GATEWAY is 'none') if $gatewaycase eq 'none';
fatal_error q('balance=<weight>' is not available in IPv6) if $family == F_IPV6;
fatal_error 'The balance setting must be non-zero' unless $1; fatal_error 'The balance setting must be non-zero' unless $1;
$balance = $1; $balance = $1;
} elsif ( $option eq 'balance' || $option eq 'primary') { } elsif ( $option eq 'balance' || $option eq 'primary') {
@ -565,7 +538,6 @@ sub process_a_provider( $ ) {
$mtu = "mtu $1 "; $mtu = "mtu $1 ";
} elsif ( $option =~ /^fallback=(\d+)$/ ) { } elsif ( $option =~ /^fallback=(\d+)$/ ) {
fatal_error q('fallback' may not be spacified when GATEWAY is 'none') if $gatewaycase eq 'none'; fatal_error q('fallback' may not be spacified when GATEWAY is 'none') if $gatewaycase eq 'none';
fatal_error q('fallback=<weight>' is not available in IPv6) if $family == F_IPV6;
$default = $1; $default = $1;
$default_balance = 0; $default_balance = 0;
fatal_error 'fallback must be non-zero' unless $default; fatal_error 'fallback must be non-zero' unless $default;
@ -827,18 +799,10 @@ sub add_a_provider( $$ ) {
emit( qq([ -z "$address" ] && return\n) ); emit( qq([ -z "$address" ] && return\n) );
if ( $hostroute ) { if ( $hostroute ) {
if ( $family == F_IPV4 ) {
emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}); emit qq(run_ip route replace $gateway src $address dev $physical ${mtu});
emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm); emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm);
emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu} > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu} > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing);
emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing);
} else {
emit qq(qt \$IP -6 route add $gateway src $address dev $physical ${mtu});
emit qq(qt \$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm);
emit qq(run_ip route add $gateway src $address dev $physical ${mtu}table $id $realm);
emit qq(echo "\$IP -6 route del $gateway src $address dev $physical ${mtu} > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing );
emit qq(echo "\$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing);
}
} }
emit( "run_ip route add default via $gateway src $address dev $physical ${mtu}table $id $realm" ); emit( "run_ip route add default via $gateway src $address dev $physical ${mtu}table $id $realm" );
@ -959,14 +923,8 @@ CEOF
$address = get_interface_address $interface unless $address; $address = get_interface_address $interface unless $address;
if ( $hostroute ) { if ( $hostroute ) {
if ( $family == F_IPV4 ) {
emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}); emit qq(run_ip route replace $gateway src $address dev $physical ${mtu});
emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm); emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm);
} else {
emit qq(qt \$IP -6 route add $gateway src $address dev $physical ${mtu});
emit qq(qt \$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm);
emit qq(run_ip route add $gateway src $address dev $physical ${mtu}table $id $realm);
}
} }
emit "run_ip route add default via $gateway src $address dev $physical ${mtu}table $id $realm"; emit "run_ip route add default via $gateway src $address dev $physical ${mtu}table $id $realm";
@ -980,13 +938,8 @@ CEOF
my $id = $providers{default}->{id}; my $id = $providers{default}->{id};
emit ''; emit '';
if ( $gateway ) { if ( $gateway ) {
if ( $family == F_IPV4 ) {
emit qq(run_ip route replace $gateway/32 dev $physical table $id) if $hostroute; emit qq(run_ip route replace $gateway/32 dev $physical table $id) if $hostroute;
emit qq(run_ip route add default via $gateway src $address dev $physical table $id metric $number); emit qq(run_ip route add default via $gateway src $address dev $physical table $id metric $number);
} else {
emit qq(qt \$IP -6 route del default via $gateway src $address dev $physical table $id metric $number);
emit qq(run_ip route add default via $gateway src $address dev $physical table $id metric $number);
}
emit qq(echo "\$IP -$family route del default via $gateway table $id > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); emit qq(echo "\$IP -$family route del default via $gateway table $id > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing);
emit qq(echo "\$IP -4 route del $gateway/32 dev $physical table $id > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing) if $family == F_IPV4; emit qq(echo "\$IP -4 route del $gateway/32 dev $physical table $id > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing) if $family == F_IPV4;
} else { } else {
@ -1062,23 +1015,12 @@ CEOF
$tbl = $providers{$default ? 'default' : $config{USE_DEFAULT_RT} ? 'balance' : 'main'}->{id}; $tbl = $providers{$default ? 'default' : $config{USE_DEFAULT_RT} ? 'balance' : 'main'}->{id};
$weight = $balance ? $balance : $default; $weight = $balance ? $balance : $default;
if ( $family == F_IPV4 ) {
if ( $gateway ) { if ( $gateway ) {
emit qq(add_gateway "nexthop via $gateway dev $physical weight $weight $realm" ) . $tbl; emit qq(add_gateway "nexthop via $gateway dev $physical weight $weight $realm" ) . $tbl;
} else { } else {
emit qq(add_gateway "nexthop dev $physical weight $weight $realm" ) . $tbl; emit qq(add_gateway "nexthop dev $physical weight $weight $realm" ) . $tbl;
} }
} else { } else {
#
# IPv6 doesn't support multi-hop routes
#
if ( $gateway ) {
emit qq(add_gateway "via $gateway dev $physical $realm" ) . $tbl;
} else {
emit qq(add_gateway "dev $physical $realm" ) . $tbl;
}
}
} else {
$weight = 1; $weight = 1;
} }
@ -1168,7 +1110,7 @@ CEOF
$via = "dev $physical"; $via = "dev $physical";
} }
$via .= " weight $weight" unless $weight < 0 or $family == F_IPV6; # IPv6 doesn't support route weights $via .= " weight $weight" unless $weight < 0;
$via .= " $realm" if $realm; $via .= " $realm" if $realm;
emit( qq(delete_gateway "$via" $tbl $physical) ); emit( qq(delete_gateway "$via" $tbl $physical) );
@ -1517,12 +1459,7 @@ sub finish_providers() {
if ( $balancing ) { if ( $balancing ) {
emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' ); emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' );
if ( $family == F_IPV4 ) {
emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" );
} else {
emit ( " qt \$IP -6 route del default scope global table $table \$DEFAULT_ROUTE" );
emit ( " run_ip route add default scope global table $table \$DEFAULT_ROUTE" );
}
if ( $config{USE_DEFAULT_RT} ) { if ( $config{USE_DEFAULT_RT} ) {
emit ( " while qt \$IP -$family route del default table $main; do", emit ( " while qt \$IP -$family route del default table $main; do",
@ -1575,12 +1512,7 @@ sub finish_providers() {
if ( $fallback ) { if ( $fallback ) {
emit ( 'if [ -n "$FALLBACK_ROUTE" ]; then' ); emit ( 'if [ -n "$FALLBACK_ROUTE" ]; then' );
if ( $family == F_IPV4 ) {
emit( " run_ip route replace default scope global table $default \$FALLBACK_ROUTE" ); emit( " run_ip route replace default scope global table $default \$FALLBACK_ROUTE" );
} else {
emit( " qt \$IP -6 route del default scope global table $default \$FALLBACK_ROUTE" );
emit( " run_ip route add default scope global table $default \$FALLBACK_ROUTE" );
}
emit( " progress_message \"Fallback route '\$(echo \$FALLBACK_ROUTE | sed 's/\$\\s*//')' Added\"", emit( " progress_message \"Fallback route '\$(echo \$FALLBACK_ROUTE | sed 's/\$\\s*//')' Added\"",
'else', 'else',

38
Shorewall6/manpages/shorewall6-providers.xml
View File

@ -159,26 +159,40 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">balance</emphasis></term> <term><emphasis
role="bold">balance[=<replaceable>weight</replaceable>]</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.25. Causes a default route to <para>Added in Shorewall 4.4.25. The providers that have
this provider's gateway to be added to the <emphasis <option>balance</option> specified will get outbound traffic
role="bold">main</emphasis> routing table (USE_DEFAULT_RT=No) load-balanced among them. By default, all interfaces with
or to the <emphasis role="bold">balance</emphasis> routing <option>balance</option> specified will have the same weight
table (USE_DEFAULT_RT=Yes). Only one provider can specify this (1). Beginning with Shorewall 5.0.13, you can change the
option.</para> weight of an interface by specifying
<option>balance=</option><replaceable>weight</replaceable>
where <replaceable>weight</replaceable> is the weight of the
route out of this interface. Prior to Shorewall 5.0.13, only
one provider can specify this option.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">fallback</emphasis></term> <term><emphasis
role="bold">fallback[=<replaceable>weight</replaceable>]</emphasis></term>
<listitem> <listitem>
<para>Added in Shorewall 4.4.25. Causes a default route to <para>Added in Shorewall 4.4.25. Indicates that a default
this provider's gateway to be added to the <emphasis route through the provider should be added to the default
role="bold">default</emphasis> routing table.At most one routing table (table 253). If a
provider can specify this option.</para> <replaceable>weight</replaceable> is given, a balanced route
is added with the weight of this provider equal to the
specified <replaceable>weight</replaceable>. If the option is
given without a <replaceable>weight</replaceable>, an separate
default route is added through the provider's gateway; the
route has a metric equal to the provider's NUMBER. Prior to
Shorewall 5.0.13, at most one provider can specify this option
and a <replaceable>weight</replaceable> may not be
given.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>