From 7c31f70dc8a3f92ebd2c0893bf5902ac958a3c09 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 1 Aug 2018 13:48:29 -0700 Subject: [PATCH 1/5] Use '=' rather than '&' to create UNTRACKED rule chains. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index e6b00d9b6..9289ff46d 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -425,7 +425,7 @@ our $VERSION = 'MODULEVERSION'; # Established - ^ # Related - + # Invalid - _ -# Untracked - & +# Untracked - = # our %chain_table; our $raw_table; @@ -2269,7 +2269,7 @@ sub invalid_chain($$) { # Name of the untracked chain between an ordered pair of zones # sub untracked_chain($$) { - '&' . &rules_chain(@_); + '=' . &rules_chain(@_); } # From 23cf8328d5c486a14557e4c02bf1a8b5e73b709b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 26 Jul 2018 11:47:51 -0700 Subject: [PATCH 2/5] Fix mutex on OpenWRT - patch 1 Signed-off-by: Tom Eastep --- Shorewall-core/lib.common | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common index c373a31ad..b05a2db78 100644 --- a/Shorewall-core/lib.common +++ b/Shorewall-core/lib.common @@ -766,23 +766,22 @@ mutex_on() rm -f ${lockf} error_message "WARNING: Stale lockfile ${lockf} removed" elif [ $lockpid -eq $$ ]; then - return 0 - elif ! ps | grep -v grep | qt grep ${lockpid}; then + fatal_error "Mutex_on confusion" + elif ! qt ps --pid ${lockpid}; then rm -f ${lockf} error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed" fi fi if qt mywhich lockfile; then - lockfile -${MUTEX_TIMEOUT} -r1 ${lockf} + lockfile -${MUTEX_TIMEOUT} -r1 ${lockf} || fatal_error "Can't lock ${lockf}" g_havemutex="rm -f ${lockf}" chmod u+w ${lockf} echo $$ > ${lockf} chmod u-w ${lockf} elif qt mywhich lock; then - lock ${lockf} - g_havemutex="lock -u ${lockf} && rm -f ${lockf}" - chmod u=r ${lockf} + lock ${lockf} || fatal_error "Can't lock ${lockf}" + g_havemutex="lock -u ${lockf}" else while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do sleep 1 From 82e84f724deffb6a56c2979aa085799a3b3cffdc Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 26 Jul 2018 13:51:30 -0700 Subject: [PATCH 3/5] Use -h rather than -L for checking a symlink Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 2 +- Shorewall-core/lib.uninstaller | 4 ++-- Shorewall-lite/uninstall.sh | 2 +- Shorewall/uninstall.sh | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index 60499180d..c3d24e29f 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -3864,7 +3864,7 @@ noiptrace_command() { verify_firewall_script() { if [ ! -f $g_firewall ]; then echo " ERROR: $g_product is not properly installed" >&2 - if [ -L $g_firewall ]; then + if [ -h $g_firewall ]; then echo " $g_firewall is a symbolic link to a" >&2 echo " non-existant file" >&2 else diff --git a/Shorewall-core/lib.uninstaller b/Shorewall-core/lib.uninstaller index a13021533..0eb5d8cd0 100644 --- a/Shorewall-core/lib.uninstaller +++ b/Shorewall-core/lib.uninstaller @@ -60,7 +60,7 @@ mywhich() { remove_file() # $1 = file to remove { if [ -n "$1" ] ; then - if [ -f $1 -o -L $1 ] ; then + if [ -f $1 -o -h $1 ] ; then rm -f $1 echo "$1 Removed" fi @@ -84,7 +84,7 @@ remove_file_with_wildcard() # $1 = file with wildcard to remove if [ -d $f ] ; then rm -rf $f echo "$f Removed" - elif [ -f $f -o -L $f ] ; then + elif [ -f $f -o -h $f ] ; then rm -f $f echo "$f Removed" fi diff --git a/Shorewall-lite/uninstall.sh b/Shorewall-lite/uninstall.sh index 2c4536905..7205b715f 100755 --- a/Shorewall-lite/uninstall.sh +++ b/Shorewall-lite/uninstall.sh @@ -151,7 +151,7 @@ fi remove_file ${SBINDIR}/$PRODUCT -if [ -L ${SHAREDIR}/$PRODUCT/init ]; then +if [ -h ${SHAREDIR}/$PRODUCT/init ]; then if [ $HOST = openwrt ]; then if [ $configure -eq 1 ] && /etc/init.d/$PRODUCT enabled; then /etc/init.d/$PRODUCT disable diff --git a/Shorewall/uninstall.sh b/Shorewall/uninstall.sh index f5a632b2e..ecefdbaed 100755 --- a/Shorewall/uninstall.sh +++ b/Shorewall/uninstall.sh @@ -151,7 +151,7 @@ fi remove_file ${SBINDIR}/$PRODUCT -if [ -L ${SHAREDIR}/$PRODUCT/init ]; then +if [ -h ${SHAREDIR}/$PRODUCT/init ]; then FIREWALL=$(readlink -m -q ${SHAREDIR}/$PRODUCT/init) elif [ -n "$INITFILE" ]; then FIREWALL=${INITDIR}/${INITFILE} From 9cbcb328af4f172479973e42812d992a4db7cc73 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 31 Jul 2018 15:03:58 -0700 Subject: [PATCH 4/5] More mutex changes for LEDE Signed-off-by: Tom Eastep --- Shorewall-core/lib.common | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common index b05a2db78..1388c02d3 100644 --- a/Shorewall-core/lib.common +++ b/Shorewall-core/lib.common @@ -751,6 +751,8 @@ mutex_on() lockf=${LOCKFILE:=${VARDIR}/lock} local lockpid local lockd + local lockbin + local openwrt MUTEX_TIMEOUT=${MUTEX_TIMEOUT:-60} @@ -760,28 +762,33 @@ mutex_on() [ -d "$lockd" ] || mkdir -p "$lockd" + lockbin=$(mywhich lock) + [ -n "$lockbin" -a -h "$lockbin" ] && openwrt=Yes + if [ -f $lockf ]; then lockpid=`cat ${lockf} 2> /dev/null` if [ -z "$lockpid" ] || [ $lockpid = 0 ]; then rm -f ${lockf} error_message "WARNING: Stale lockfile ${lockf} removed" - elif [ $lockpid -eq $$ ]; then - fatal_error "Mutex_on confusion" - elif ! qt ps --pid ${lockpid}; then - rm -f ${lockf} - error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed" + elif [ -z "$openwrt" ]; then + if [ $lockpid -eq $$ ]; then + fatal_error "Mutex_on confusion" + elif ! qt ps --pid ${lockpid}; then + rm -f ${lockf} + error_message "WARNING: Stale lockfile ${lockf} from pid ${lockpid} removed" + fi fi fi - if qt mywhich lockfile; then + if [ -n "$openwrt" ]; then + lock ${lockf} || fatal_error "Can't lock ${lockf}" + g_havemutex="lock -u ${lockf}" + elif qt mywhich lockfile; then lockfile -${MUTEX_TIMEOUT} -r1 ${lockf} || fatal_error "Can't lock ${lockf}" g_havemutex="rm -f ${lockf}" chmod u+w ${lockf} echo $$ > ${lockf} chmod u-w ${lockf} - elif qt mywhich lock; then - lock ${lockf} || fatal_error "Can't lock ${lockf}" - g_havemutex="lock -u ${lockf}" else while [ -f ${lockf} -a ${try} -lt ${MUTEX_TIMEOUT} ] ; do sleep 1 From 732ae3ce1997d75a738fef35ffd3b9bea7d94e01 Mon Sep 17 00:00:00 2001 From: Matt Darfeuille Date: Sat, 4 Aug 2018 15:29:53 +0200 Subject: [PATCH 5/5] Ipcalc: Fail when missing arguments Signed-off-by: Matt Darfeuille Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index c3d24e29f..1e2ea2507 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -3775,7 +3775,7 @@ ipcalc_command() { elif [ $# -eq 3 ]; then address=$2 vlsm=$(ip_vlsm $3) - elif [ $# -eq 0 ]; then + elif [ $# -eq 1 ]; then missing_argument else too_many_arguments $4