From bc591ccee4191dd903aff23fd364d69d3abf8b8e Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 30 Sep 2016 14:01:16 -0700 Subject: [PATCH 1/2] Don't assume that statistically balanced providers are optional Signed-off-by: Tom Eastep --- Shorewall/Perl/lib.runtime | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Shorewall/Perl/lib.runtime b/Shorewall/Perl/lib.runtime index 6020a76f7..a1b5edc61 100644 --- a/Shorewall/Perl/lib.runtime +++ b/Shorewall/Perl/lib.runtime @@ -599,7 +599,11 @@ debug_restore_input() { } interface_enabled() { - return $(cat ${VARDIR}/$1.status) + status=0 + + [ -f ${VARDIR}/${1}.status ] && status=$(cat ${VARDIR}/${1}.status) + + return status } distribute_load() { From 72dbb4c3c3c394426e3a469268af71d84e75267c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 30 Sep 2016 16:01:04 -0700 Subject: [PATCH 2/2] Handle persistent provider enable/disable correctly Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Providers.pm | 19 ++++++++++++------- Shorewall/Perl/lib.runtime | 18 +++++++++++++----- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 4abee1fb0..06226abae 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -830,14 +830,19 @@ sub add_a_provider( $$ ) { if ( $family == F_IPV4 ) { emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}); emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm); + emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu} > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); + emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); } else { emit qq(qt \$IP -6 route add $gateway src $address dev $physical ${mtu}); emit qq(qt \$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm); emit qq(run_ip route add $gateway src $address dev $physical ${mtu}table $id $realm); + emit qq(echo "\$IP -6 route del $gateway src $address dev $physical ${mtu} > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing ); + emit qq(echo "\$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing); } } - emit "run_ip route add default via $gateway src $address dev $physical ${mtu}table $id $realm"; + emit( "run_ip route add default via $gateway src $address dev $physical ${mtu}table $id $realm" ); + emit( qq( echo "\$IP route del default via $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing) ); } if ( ! $noautosrc ) { @@ -869,7 +874,7 @@ sub add_a_provider( $$ ) { pop_indent; emit( qq(fi\n), - qq(rm -f \${VARDIR}/${physical}_enabled) ); + qq(echo 1 > \${VARDIR}/${physical}_disabled) ); pop_indent; @@ -1083,7 +1088,7 @@ CEOF emit( "setup_${dev}_tc" ) if $tcdevices->{$interface}; } - emit( qq( echo 1 > \${VARDIR}/${physical}_enabled) ) if $persistent; + emit( qq( rm -f \${VARDIR}/${physical}_disabled) ); emit_started_message( '', 2, $pseudo, $table, $number ); pop_indent; @@ -1091,7 +1096,7 @@ CEOF unless ( $pseudo ) { emit( 'else' ); emit( qq( echo $weight > \${VARDIR}/${physical}_weight) ); - emit( qq( echo 1 > \${VARDIR}/${physical}_enabled) ) if $persistent; + emit( qq( rm -f \${VARDIR}/${physical}_disabled) ) if $persistent; emit_started_message( ' ', '', $pseudo, $table, $number ); } @@ -1185,7 +1190,7 @@ CEOF 'if [ $COMMAND = disable ]; then', " do_persistent_${what}_${table}", "else", - " rm -f \${VARDIR}/${physical}_enabled\n", + " echo 1 > \${VARDIR}/${physical}_disabled\n", "fi\n", ); } @@ -1690,7 +1695,7 @@ EOF emit ( " if [ ! -f \${VARDIR}/undo_${provider}_routing ]; then", " start_interface_$provider" ); } elsif ( $providerref->{persistent} ) { - emit ( " if [ ! -f \${VARDIR}/$providerref->{physical}_enabled ]; then", + emit ( " if [ -f \${VARDIR}/$providerref->{physical}_disabled ]; then", " start_provider_$provider" ); } else { emit ( " if [ -z \"`\$IP -$family route ls table $providerref->{number}`\" ]; then", @@ -1741,7 +1746,7 @@ EOF if ( $providerref->{pseudo} ) { emit( " if [ -f \${VARDIR}/undo_${provider}_routing ]; then" ); } elsif ( $providerref->{persistent} ) { - emit( " if [ -f \${VARDIR}/$providerref->{physical}_enabled ]; then" ); + emit( " if [ ! -f \${VARDIR}/$providerref->{physical}_disabled ]; then" ); } else { emit( " if [ -n \"`\$IP -$family route ls table $providerref->{number}`\" ]; then" ); } diff --git a/Shorewall/Perl/lib.runtime b/Shorewall/Perl/lib.runtime index a1b5edc61..d82535d06 100644 --- a/Shorewall/Perl/lib.runtime +++ b/Shorewall/Perl/lib.runtime @@ -601,7 +601,11 @@ debug_restore_input() { interface_enabled() { status=0 - [ -f ${VARDIR}/${1}.status ] && status=$(cat ${VARDIR}/${1}.status) + if [ -f ${VARDIR}/${1}_disabled ]; then + status=1 + elif [ -f ${VARDIR}/${1}.status ]; then + status=$(cat ${VARDIR}/${1}.status) + fi return status } @@ -682,8 +686,10 @@ interface_is_usable() # $1 = interface if ! loopback_interface $1; then if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != 0.0.0.0 ]; then - [ "$COMMAND" = enable ] || run_isusable_exit $1 - status=$? + if [ "$COMMAND" != enable ]; then + [ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1 + status=$? + fi else status=1 fi @@ -1106,8 +1112,10 @@ interface_is_usable() # $1 = interface if [ "$1" != lo ]; then if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != :: ]; then - [ "$COMMAND" = enable ] || run_isusable_exit $1 - status=$? + if [ "$COMMAND" != enable ]; then + [ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1 + status=$? + fi else status=1 fi