From 7989f5094ebc4331ad851b7e2ee9dfbf3a9566f3 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 21 Dec 2010 11:15:41 -0800 Subject: [PATCH] Implement a better solution to down shared gateways --- Shorewall/Perl/Shorewall/Providers.pm | 10 +++------ Shorewall/Perl/Shorewall/Zones.pm | 32 +++++++++++++-------------- Shorewall/releasenotes.txt | 5 +++++ 3 files changed, 24 insertions(+), 23 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index ff56c7115..1085b7ef7 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -121,7 +121,9 @@ sub setup_route_marking() { } if ( $providerref->{shared} ) { + add_commands( $chainref, qq(if [ -n "$providerref->{mac}" ]; then) ), incr_cmd_level( $chainref ) if $providerref->{optional}; add_rule $chainref, match_source_dev( $interface ) . "-m mac --mac-source $providerref->{mac} -j MARK --set-mark $providerref->{mark}"; + decr_cmd_level( $chainref ), add_commands( $chainref, "fi\n" ) if $providerref->{optional}; } else { add_rule $chainref, match_source_dev( $interface ) . "-j MARK --set-mark $providerref->{mark}"; } @@ -520,13 +522,7 @@ sub add_a_provider( ) { if ( $optional ) { if ( $shared ) { - my $var = $providers{$table}{mac}; - - $var =~ s/^\$//; - - emit ( " error_message \"WARNING: Gateway $gateway is not reachable -- Provider $table ($number) not Added\"" , - " $var=02:00:00:00:00:00" ); - + emit ( " error_message \"WARNING: Gateway $gateway is not reachable -- Provider $table ($number) not Added\"" ); } else { emit ( " error_message \"WARNING: Interface $physical is not usable -- Provider $table ($number) not Added\"" ); } diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 174a877b4..490c6c2b0 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -84,7 +84,7 @@ our @EXPORT = qw( NOTHING ); our @EXPORT_OK = qw( initialize ); -our $VERSION = '4.4_16'; +our $VERSION = '4.4_15'; # # IPSEC Option types @@ -913,7 +913,7 @@ sub process_interface( $$ ) { $root = substr( $interface, 0, -1 ); $roots{$root} = $interface; my $len = length $root; - + if ( $minroot ) { $minroot = $len if $minroot > $len; } else { @@ -1209,23 +1209,23 @@ sub known_interface($) my $iface = $interface; - while ( 1 ) { - chop $iface; + if ( $minroot ) { + while ( length $iface > $minroot ) { + chop $iface; - return 0 if $iface eq ''; - - if ( my $i = $roots{$iface} ) { - $interfaceref = $interfaces{$i}; + if ( my $i = $roots{$iface} ) { + $interfaceref = $interfaces{$i}; - my $physical = map_physical( $interface, $interfaceref ); + my $physical = map_physical( $interface, $interfaceref ); - return $interfaces{$interface} = { options => $interfaceref->{options} , - bridge => $interfaceref->{bridge} , - name => $i , - number => $interfaceref->{number} , - physical => $physical , - base => chain_base( $physical ) , - }; + return $interfaces{$interface} = { options => $interfaceref->{options} , + bridge => $interfaceref->{bridge} , + name => $i , + number => $interfaceref->{number} , + physical => $physical , + base => chain_base( $physical ) , + }; + } } } diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 3afa6697f..f0c3cae43 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -33,6 +33,11 @@ Beta 6 - Failure to treat the interface as optional or required. +4) Where two ISPs share the same interface, if one of the ISPs was not + reachable, an iptables-restore error such as this occurred: + + iptables-restore v1.4.10: Bad mac address "-j" + Beta 5 1) Previously, proxy ARP with logical interface names did not