Fix module load/detect capability order

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1366 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-15 04:04:10 +01:00 · 2004-05-28 00:08:14 +00:00 · 2004-05-28 00:08:14 +00:00 · 666ae8701f
commit 666ae8701f
parent 102743a0e3
3 changed files with 26 additions and 17 deletions
--- a/STABLE2/changelog.txt
+++ b/STABLE2/changelog.txt
@ -69,3 +69,5 @@ Changes since 2.0.1
 33) Create /var/lib/shorewall if it doesn't exist.

 34) Fix dynamic in chains in the nat table.
+
+35) Load modules before detecting capabilities.
--- a/STABLE2/firewall
+++ b/STABLE2/firewall
@ -2285,7 +2285,7 @@ check_config() {

    verify_os_version

-    load_kernel_modules
+    load_kernel_modules check

    echo "Determining Zones..."

@ -4527,30 +4527,32 @@ add_ip_aliases()
 #
 # Load kernel modules required for Shorewall
 #
-load_kernel_modules() {
+load_kernel_modules() #1 = command
+{

    [ -z "$MODULESDIR" ] && \
-	MODULESDIR=/lib/modules/$osversion/kernel/net/ipv4/netfilter
+	MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter

    modules=$(find_file modules)

    if [ -f $modules -a -d $MODULESDIR ]; then
-	echo "Loading Modules..."
+	[ "$1" = silent ] || echo "Loading Modules..."
 	. $modules
+	case $1 in
+	    start|restart)
+		save_command "reload_kernel_modules <<EOF"

-	if [ "$command" != check ]; then
-	    save_command "reload_kernel_modules <<EOF"
-
-	    while read command; do
-		case "$command" in
-		loadmodule*)
-		    save_command $command
-		    ;;
-		esac
-	    done < $modules
+		while read command; do
+		    case "$command" in
+			loadmodule*)
+			    save_command $command
+			    ;;
+		    esac
+		done < $modules
 	    
-	    save_command EOF
-	fi
+		save_command EOF
+		;;
+	esac
    fi
 }

@ -5410,7 +5412,7 @@ define_firewall() # $1 = Command (Start or Restart)
    save_command "MODULESDIR=\"$MODULESDIR\""
    save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""

-    load_kernel_modules
+    load_kernel_modules $command

    echo "Initializing...";                    initialize_netfilter
    echo "Configuring Proxy ARP";              setup_proxy_arp
@ -5934,7 +5936,9 @@ do_initialize() {
    ensure_config_path
    #
    # Determine the capabilities of the installed iptables/netfilter
+    # We silently load the modules
    #
+    qt load_kernel_modules silent
    determine_capabilities

    [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall
--- a/STABLE2/releasenotes.txt
+++ b/STABLE2/releasenotes.txt
@ -34,6 +34,9 @@ Problems Corrected since 2.0.2
   used, these rules cause the rule to be checked against ALL input,
   not just input from the designated zone.

+6) Shorewall checks netfilter capabilities before loading kernel
+   modules. Hence if kernel module autoloading isn't enabled, the
+   capabilities will be misdetected. 
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0.1 to Shorewall 2.0.2: