From b54a6911102a3cbf201d526716c86e02710f380a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 23 Aug 2017 15:04:47 -0700
Subject: [PATCH] Improve dynamic gateway detection

- Use provider's routing table, if any

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm    | 6 ++++--
 Shorewall/Perl/Shorewall/Providers.pm | 2 +-
 Shorewall/Perl/lib.runtime            | 6 ++++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 5eb17ecf0..fa7d749ff 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -7065,6 +7065,8 @@ sub interface_gateway( $ ) {
 sub get_interface_gateway ( $;$$ ) {
     my ( $logical, $protect, $provider ) = @_;
 
+    $provider = '' unless defined $provider;
+
     my $interface = get_physical $logical;
     my $variable = interface_gateway( $interface );
     my $gateway  = get_interface_option( $interface, 'gateway' );
@@ -7078,9 +7080,9 @@ sub get_interface_gateway ( $;$$ ) {
     }
 
     if ( interface_is_optional $logical ) {
-	$interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface));
+	$interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface $provider));
     } else {
-	$interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface)
+	$interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface $provider)
 [ -n "\$$variable" ] || startup_error "Unable to detect the gateway through interface $interface");
     }
 
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 52da8d478..5b3cd6c99 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -502,7 +502,7 @@ sub process_a_provider( $ ) {
 
     if ( ( $gw = lc $gateway ) eq 'detect' ) {
 	fatal_error "Configuring multiple providers through one interface requires an explicit gateway" if $shared;
-	$gateway = get_interface_gateway( $interface, undef, 1 );
+	$gateway = get_interface_gateway( $interface, undef, $number );
 	$gatewaycase = 'detect';
 	set_interface_option( $interface, 'gateway', 'detect' );
     } elsif ( $gw eq 'none' ) {
diff --git a/Shorewall/Perl/lib.runtime b/Shorewall/Perl/lib.runtime
index 14265b652..b62f37fe5 100644
--- a/Shorewall/Perl/lib.runtime
+++ b/Shorewall/Perl/lib.runtime
@@ -421,7 +421,7 @@ restore_default_route() # $1 = USE_DEFAULT_RT
 conditionally_flush_conntrack() {
 
     if [ -n "$g_purge" ]; then
-	if [ -n $(mywhich conntrack) ]; then
+	if [ -n "$(mywhich conntrack)" ]; then
             conntrack -F
 	else
             error_message "WARNING: The '-p' option requires the conntrack utility which does not appear to be installed on this system"
@@ -899,7 +899,7 @@ detect_dynamic_gateway() { # $1 = interface
 #
 # Detect the gateway through an interface
 #
-detect_gateway() # $1 = interface
+detect_gateway() # $1 = interface $2 = table number
 {
     local interface
     interface=$1
@@ -912,6 +912,8 @@ detect_gateway() # $1 = interface
     # Maybe there's a default route through this gateway already
     #
     [ -n "$gateway" ] || gateway=$(find_gateway $($IP -4 route list dev $interface | grep ^default))
+
+    [ -z "$gateway" -a -n "$2" ] && gateway=$(find_gateway $($IP -4 route list dev $interface table $2 | grep ^default))
     #
     # Last hope -- is there a load-balancing route through the interface?
     #