Fix multicast through routeback/detectnets/bridge interfaces

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6781 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-04 15:45:19 +00:00
parent 0db5f3642f
commit b4d6c86685
4 changed files with 23 additions and 17 deletions

View File

@ -25,10 +25,10 @@ Shorewall 4.0.0 RC 1
Problems corrected in 4.0.0 Beta 7. Problems corrected in 4.0.0 Beta 7.
1) If 'routeback' and 'detectnets' were specified on an interface, 1) If 'routeback' and 'detectnets' were specified on an interface,
limited broadcasts (to 255.255.255.255) were dropped when forwarded limited broadcasts (to 255.255.255.255) and multicasts were dropped
through the interface. This could cause broadcast-based when forwarded through the interface. This could cause broadcast
applications to fail when running through a bridge with and multicast based applications to fail when running through a
'detectnets'. bridge with 'detectnets'.
2) Entries in the hosts file are now more carefully 2) Entries in the hosts file are now more carefully
validated. Previously, very obvious errors would result in run-time validated. Previously, very obvious errors would result in run-time

View File

@ -1662,6 +1662,7 @@ sub generate_matrix() {
if ( get_interface_option( $interface, 'bridge' ) ) { if ( get_interface_option( $interface, 'bridge' ) ) {
for my $source ( keys %$sourceref ) { for my $source ( keys %$sourceref ) {
add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 255.255.255.255 -j $chain3"; add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 255.255.255.255 -j $chain3";
add_rule $filter_table->{forward_chain $interface} , "-o $interface ${source}-d 224.0.0.0/4 -j $chain3";
} }
} }
} }

View File

@ -4365,6 +4365,7 @@ activate_rules()
iface=$(chain_base $interface) iface=$(chain_base $interface)
eval source=\"\$need_bcast_$iface\" eval source=\"\$need_bcast_$iface\"
run_iptables -A $(forward_chain $interface) $source $(match_dest_dev $interface) -d 255.255.255.255 -j $chain3; run_iptables -A $(forward_chain $interface) $source $(match_dest_dev $interface) -d 255.255.255.255 -j $chain3;
run_iptables -A $(forward_chain $interface) $source $(match_dest_dev $interface) -d 224.0.0.0/4 -j $chain3;
fi fi
done done
fi fi

View File

@ -1,16 +1,19 @@
--- /home/teastep/shorewall/branches/3.4/Shorewall/compiler 2007-06-30 08:39:22.000000000 -0700 --- /home/teastep/shorewall/branches/3.4/Shorewall/compiler 2007-07-04 08:07:46.000000000 -0700
+++ compiler 2007-07-02 10:15:12.000000000 -0700 +++ compiler 2007-07-04 08:31:25.000000000 -0700
@@ -35,6 +35,9 @@ @@ -35,6 +35,12 @@
# SHOREWALL_DIR A directory name was passed to /sbin/shorewall # SHOREWALL_DIR A directory name was passed to /sbin/shorewall
# VERBOSE Standard Shorewall verbosity control. # VERBOSE Standard Shorewall verbosity control.
+MIN_COMMON_VERSION=40000 +BASE_VERSION=40000
+MIN_COMMON_VERSION_PRINTABLE=4.0.0 +BASE_VERSION_PRINTABLE=4.0.0
+CONFIG_VERSION=40000
+CONFIG_VERSION_PRINTABLE=4.0.0
+
+ +
# #
# Fatal error -- stops the compiler after issuing the error message # Fatal error -- stops the compiler after issuing the error message
# #
@@ -673,11 +676,11 @@ @@ -673,11 +679,11 @@
progress_message2 "Compiling IP Forwarding..." progress_message2 "Compiling IP Forwarding..."
case "$IP_FORWARDING" in case "$IP_FORWARDING" in
@ -24,7 +27,7 @@
save_progress_message "IP Forwarding Disabled!" save_progress_message "IP Forwarding Disabled!"
save_command "echo 0 > /proc/sys/net/ipv4/ip_forward" save_command "echo 0 > /proc/sys/net/ipv4/ip_forward"
;; ;;
@@ -3767,7 +3770,7 @@ @@ -3767,7 +3773,7 @@
save_progress_message "Setting up Route Filtering..." save_progress_message "Setting up Route Filtering..."
@ -33,7 +36,7 @@
indent >&3 << __EOF__ indent >&3 << __EOF__
for f in /proc/sys/net/ipv4/conf/*; do for f in /proc/sys/net/ipv4/conf/*; do
@@ -3791,8 +3794,10 @@ @@ -3791,8 +3797,10 @@
save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter" save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
@ -45,7 +48,7 @@
fi fi
save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache" save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"
@@ -3808,7 +3813,7 @@ @@ -3808,7 +3816,7 @@
save_progress_message "Setting up Martian Logging..." save_progress_message "Setting up Martian Logging..."
@ -54,7 +57,7 @@
indent >&3 << __EOF__ indent >&3 << __EOF__
for f in /proc/sys/net/ipv4/conf/*; do for f in /proc/sys/net/ipv4/conf/*; do
@@ -3831,9 +3836,12 @@ @@ -3831,9 +3839,12 @@
__EOF__ __EOF__
done done
@ -68,7 +71,7 @@
fi fi
fi fi
@@ -4889,7 +4897,7 @@ @@ -4890,7 +4901,7 @@
;; ;;
esac esac
@ -77,13 +80,14 @@
} }
progress_message2 "Initializing..." progress_message2 "Initializing..."
@@ -5731,6 +5739,10 @@ @@ -5732,6 +5743,11 @@
fi fi
done done
+VERSION=$(cat $SHELLSHAREDIR/version) +VERSION=$(cat $SHELLSHAREDIR/version)
+ +
+[ $SHOREWALL_LIBVERSION -ge $MIN_COMMON_VERSION ] || fatal_error "Shorewall-shell $VERSION requires Shorewall-common >= $MIN_COMMON_VERSION_PRINTABLE" +[ "$SHOREWALL_LIBVERSION" -eq $BASE_VERSION ] || fatal_error "Shorewall-shell $VERSION requires Shorewall-common lib.base version $BASE_VERSION_PRINTABLE"
+[ "$SHOREWALL_CONFIGVERSION" -eq $CONFIG_VERSION ] || fatal_error "Shorewall-shell $VERSION requires Shorewall-common lib.config version $CONFIG_VERSION_PRINTABLE"
+ +
PROGRAM=compiler PROGRAM=compiler