diff --git a/Shorewall6/lib.base b/Shorewall6/lib.base index bdf7f700f..41aea3bbd 100644 --- a/Shorewall6/lib.base +++ b/Shorewall6/lib.base @@ -140,14 +140,6 @@ mutex_off() rm -f ${LOCKFILE:=${VARDIR}/lock} } -# -# Query NetFilter about the existence of a filter chain -# -chain_exists() # $1 = chain name -{ - qt $IP6TABLES -L $1 -n -} - # # Find the interface with the passed MAC address # @@ -224,28 +216,6 @@ resolve_file() # $1 = file name esac } -detect_gateway() # $1 = interface -{ - local interface - interface=$1 - # - # First assume that this is some sort of point-to-point interface - # - gateway=$( find_peer $(ip -6 addr list $interface ) ) - # - # Maybe there's a default route through this gateway already - # - [ -n "$gateway" ] || gateway=$(find_gateway $(ip -6 route list dev $interface)) - # - # Last hope -- is there a load-balancing route through the interface? - # - [ -n "$gateway" ] || gateway=$(find_nexthop $interface) - # - # Be sure we found one - # - [ -n "$gateway" ] && echo $gateway -} - # # Determine how to do "echo -e" # @@ -327,3 +297,5 @@ mktempfile() { esac fi } + +. ${SHAREDIR}/lib.common diff --git a/Shorewall6/lib.common b/Shorewall6/lib.common index b19441e61..aaf420924 100644 --- a/Shorewall6/lib.common +++ b/Shorewall6/lib.common @@ -203,6 +203,123 @@ run_user_exit() # $1 = file name fi } +# +# Load a Kernel Module -- assumes that the variable 'moduledirectories' contains +# a space-separated list of directories to search for +# the module and that 'moduleloader' contains the +# module loader command. +# +loadmodule() # $1 = module name, $2 - * arguments +{ + local modulename + modulename=$1 + local modulefile + local suffix + + if ! list_search $modulename $MODULES $DONT_LOAD ; then + shift + + for suffix in $MODULE_SUFFIX ; do + for directory in $moduledirectories; do + modulefile=$directory/${modulename}.${suffix} + + if [ -f $modulefile ]; then + case $moduleloader in + insmod) + insmod $modulefile $* + ;; + *) + modprobe $modulename $* + ;; + esac + break 2 + fi + done + done + fi +} + +# +# Reload the Modules +# +reload_kernel_modules() { + + local save_modules_dir + save_modules_dir=$MODULESDIR + local directory + local moduledirectories + moduledirectories= + local moduleloader + moduleloader=modprobe + + if ! qt mywhich modprobe; then + moduleloader=insmod + fi + + [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ] + + [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)/kernel/net/sched + MODULES=$(lsmod | cut -d ' ' -f1) + + for directory in $(split $MODULESDIR); do + [ -d $directory ] && moduledirectories="$moduledirectories $directory" + done + + [ -n "$moduledirectories" ] && while read command; do + eval $command + done + + MODULESDIR=$save_modules_dir +} + +# +# Load kernel modules required for Shorewall +# +load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR +{ + local save_modules_dir + save_modules_dir=$MODULESDIR + local directory + local moduledirectories + moduledirectories= + local moduleloader + moduleloader=modprobe + local savemoduleinfo + savemoduleinfo=${1:-Yes} # So old compiled scripts still work + + if ! qt mywhich modprobe; then + moduleloader=insmod + fi + + [ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ] + + [ -z "$MODULESDIR" ] && \ + MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)/kernel/net/sched + + for directory in $(split $MODULESDIR); do + [ -d $directory ] && moduledirectories="$moduledirectories $directory" + done + + [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules) + + if [ -f $modules -a -n "$moduledirectories" ]; then + MODULES=$(lsmod | cut -d ' ' -f1) + progress_message "Loading Modules..." + . $modules + if [ $savemoduleinfo = Yes ]; then + [ -d ${VARDIR} ] || mkdir -p ${VARDIR} + echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir + cp -f $modules ${VARDIR}/.modules + fi + elif [ $savemoduleinfo = Yes ]; then + [ -d ${VARDIR} ] || mkdir -p ${VARDIR} + > ${VARDIR}/.modulesdir + > ${VARDIR}/.modules + fi + + MODULESDIR=$save_modules_dir +} + # # Query NetFilter about the existence of a filter chain # @@ -211,6 +328,32 @@ chain_exists() # $1 = chain name qt1 $IP6TABLES -L $1 -n } +# +# Find a File -- For relative file name, look in each ${CONFIG_PATH} then ${CONFDIR} +# +find_file() +{ + local saveifs + saveifs= + local directory + + case $1 in + /*) + echo $1 + ;; + *) + for directory in $(split $CONFIG_PATH); do + if [ -f $directory/$1 ]; then + echo $directory/$1 + return + fi + done + + echo ${CONFDIR}/$1 + ;; + esac +} + # # Find the interface with the passed MAC address #