Add BROKEN_ROUTING hack

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8211 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-22 18:51:24 +02:00 · 2008-02-22 19:58:54 +00:00 · 2008-02-22 19:58:54 +00:00 · bcb7c8e9fa
commit bcb7c8e9fa
parent 4e67f4206e
5 changed files with 40 additions and 5 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -15,6 +15,8 @@ Changes in 4.1.5
 7)  Generate an error when mac match is used in the POSTROUTING or
    OUTPUT chains.
 8)  Add 'BROKEN_ROUTING' option.
 Changes in 4.1.4
 1)  Fix do_test() to accept 0 and to use the same mask as
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -108,6 +108,18 @@ New Features in 4.1.5.
 3)  The /usr/share/shorewall/modules file has been updated to reflect
    module renaming in kernel 2.6.25.
 4)  Some users are experiencing 'File Exists' errors when Shorewall
    executes 'ip route replace' commands. I consider this a bug in
    either kernel 2.6.24 or in iproute2 but until the issue is
    resolved, I've added a hack to work around the problem.
    If you are experiencing these problems then add the following line
    to your shorewall.conf file:
       BROKEN_ROUTING=Yes
    Note: This hack is only available in Shorewall-perl.
 4)  Shorewall-perl now generates an error when a MAC address appears in
    a traffic shaping rule in the OUTPUT or POSTROUTING chains.
--- a/Shorewall-perl/Shorewall/Config.pm
+++ b/Shorewall-perl/Shorewall/Config.pm
@ -352,6 +352,7 @@ sub initialize() {
 		DELETE_THEN_ADD => undef,
 		MULTICAST => undef,
 		DONT_LOAD => '',
 		BROKEN_ROUTING => '',
 		#
 		# Packet Disposition
 		#
@ -1878,6 +1879,7 @@ sub get_configuration( $ ) {
    default_yes_no 'EXPAND_POLICIES'            , '';
    default_yes_no 'KEEP_RT_TABLES'             , '';
    default_yes_no 'DELETE_THEN_ADD'            , 'Yes';
    default_yes_no 'BROKEN_ROUTING'             , '';
    default_yes_no 'MULTICAST'                  , '';
    default_yes_no 'MARK_IN_FORWARD_CHAIN'      , '';
--- a/Shorewall-perl/Shorewall/Providers.pm
+++ b/Shorewall-perl/Shorewall/Providers.pm
@ -339,7 +339,12 @@ sub add_a_provider( $$$$$$$$ ) {
    if ( $gateway ) {
 	$address = get_interface_address $interface unless $address;
 	if ( $config{BROKEN_ROUTING} ) {
 	    emit "qt ip route delete $gateway table $number";
 	    emit "run_ip route add $gateway src $address dev $interface ${mtu}table $number $realm";
 	} else {
 	    emit "run_ip route replace $gateway src $address dev $interface ${mtu}table $number $realm";
 	}
 	emit "run_ip route add default via $gateway dev $interface table $number $realm";
    }
@ -509,9 +514,16 @@ sub setup_providers() {
    if ( $providers ) {
 	if ( $balance ) {
-	    emit  ( 'if [ -n "$DEFAULT_ROUTE" ]; then',
+	    emit  ( 'if [ -n "$DEFAULT_ROUTE" ]; then' );
-		    '    run_ip route replace default scope global $DEFAULT_ROUTE',
+
-		    "    progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
+	    if ( $config{BROKEN_ROUTING} ) {
 		emit( '    run_ip route del default' );
 		emit( '    run_ip route add default scope global $DEFAULT_ROUTE' );
 	    } else {
 		emit( '    run_ip route replace default scope global $DEFAULT_ROUTE' );
 	    }
 	    emit  ( "    progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
 		    'else',
 		    '    error_message "WARNING: No Default route added (all \'balance\' providers are down)"',
 		    '    restore_default_route',
--- a/Shorewall-perl/Shorewall/Proxyarp.pm
+++ b/Shorewall-perl/Shorewall/Proxyarp.pm
@ -76,7 +76,14 @@ sub setup_one_proxy_arp( $$$$$ ) {
    }
    unless ( $haveroute ) {
 	if ( $config{BROKEN_ROUTING} ) {
 	    emit "[ -n \"\$NOROUTES\" ] || qt ip route del $address";
 	    emit "[ -n \"\$NOROUTES\" ] || run_ip route add $address dev $interface";
 	} else {
 	    emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface";
 	}
 	$haveroute = 1 if $persistent;
    }