Add BROKEN_ROUTING hack

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8211 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-02-22 19:58:54 +00:00
parent 4e67f4206e
commit bcb7c8e9fa
5 changed files with 40 additions and 5 deletions

View File

@ -15,6 +15,8 @@ Changes in 4.1.5
7) Generate an error when mac match is used in the POSTROUTING or 7) Generate an error when mac match is used in the POSTROUTING or
OUTPUT chains. OUTPUT chains.
8) Add 'BROKEN_ROUTING' option.
Changes in 4.1.4 Changes in 4.1.4
1) Fix do_test() to accept 0 and to use the same mask as 1) Fix do_test() to accept 0 and to use the same mask as

View File

@ -108,6 +108,18 @@ New Features in 4.1.5.
3) The /usr/share/shorewall/modules file has been updated to reflect 3) The /usr/share/shorewall/modules file has been updated to reflect
module renaming in kernel 2.6.25. module renaming in kernel 2.6.25.
4) Some users are experiencing 'File Exists' errors when Shorewall
executes 'ip route replace' commands. I consider this a bug in
either kernel 2.6.24 or in iproute2 but until the issue is
resolved, I've added a hack to work around the problem.
If you are experiencing these problems then add the following line
to your shorewall.conf file:
BROKEN_ROUTING=Yes
Note: This hack is only available in Shorewall-perl.
4) Shorewall-perl now generates an error when a MAC address appears in 4) Shorewall-perl now generates an error when a MAC address appears in
a traffic shaping rule in the OUTPUT or POSTROUTING chains. a traffic shaping rule in the OUTPUT or POSTROUTING chains.

View File

@ -352,6 +352,7 @@ sub initialize() {
DELETE_THEN_ADD => undef, DELETE_THEN_ADD => undef,
MULTICAST => undef, MULTICAST => undef,
DONT_LOAD => '', DONT_LOAD => '',
BROKEN_ROUTING => '',
# #
# Packet Disposition # Packet Disposition
# #
@ -1878,6 +1879,7 @@ sub get_configuration( $ ) {
default_yes_no 'EXPAND_POLICIES' , ''; default_yes_no 'EXPAND_POLICIES' , '';
default_yes_no 'KEEP_RT_TABLES' , ''; default_yes_no 'KEEP_RT_TABLES' , '';
default_yes_no 'DELETE_THEN_ADD' , 'Yes'; default_yes_no 'DELETE_THEN_ADD' , 'Yes';
default_yes_no 'BROKEN_ROUTING' , '';
default_yes_no 'MULTICAST' , ''; default_yes_no 'MULTICAST' , '';
default_yes_no 'MARK_IN_FORWARD_CHAIN' , ''; default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';

View File

@ -339,7 +339,12 @@ sub add_a_provider( $$$$$$$$ ) {
if ( $gateway ) { if ( $gateway ) {
$address = get_interface_address $interface unless $address; $address = get_interface_address $interface unless $address;
if ( $config{BROKEN_ROUTING} ) {
emit "qt ip route delete $gateway table $number";
emit "run_ip route add $gateway src $address dev $interface ${mtu}table $number $realm";
} else {
emit "run_ip route replace $gateway src $address dev $interface ${mtu}table $number $realm"; emit "run_ip route replace $gateway src $address dev $interface ${mtu}table $number $realm";
}
emit "run_ip route add default via $gateway dev $interface table $number $realm"; emit "run_ip route add default via $gateway dev $interface table $number $realm";
} }
@ -509,9 +514,16 @@ sub setup_providers() {
if ( $providers ) { if ( $providers ) {
if ( $balance ) { if ( $balance ) {
emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then', emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' );
' run_ip route replace default scope global $DEFAULT_ROUTE',
" progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"", if ( $config{BROKEN_ROUTING} ) {
emit( ' run_ip route del default' );
emit( ' run_ip route add default scope global $DEFAULT_ROUTE' );
} else {
emit( ' run_ip route replace default scope global $DEFAULT_ROUTE' );
}
emit ( " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
'else', 'else',
' error_message "WARNING: No Default route added (all \'balance\' providers are down)"', ' error_message "WARNING: No Default route added (all \'balance\' providers are down)"',
' restore_default_route', ' restore_default_route',

View File

@ -76,7 +76,14 @@ sub setup_one_proxy_arp( $$$$$ ) {
} }
unless ( $haveroute ) { unless ( $haveroute ) {
if ( $config{BROKEN_ROUTING} ) {
emit "[ -n \"\$NOROUTES\" ] || qt ip route del $address";
emit "[ -n \"\$NOROUTES\" ] || run_ip route add $address dev $interface";
} else {
emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface"; emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface";
}
$haveroute = 1 if $persistent; $haveroute = 1 if $persistent;
} }