Add BROKEN_ROUTING hack

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8211 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/changelog.txt

@@ -15,6 +15,8 @@ Changes in 4.1.5
 7)  Generate an error when mac match is used in the POSTROUTING or
     OUTPUT chains.
 
+8)  Add 'BROKEN_ROUTING' option.
+
 Changes in 4.1.4
 
 1)  Fix do_test() to accept 0 and to use the same mask as

Shorewall-common/releasenotes.txt

@@ -108,6 +108,18 @@ New Features in 4.1.5.
 3)  The /usr/share/shorewall/modules file has been updated to reflect
     module renaming in kernel 2.6.25.
 
+4)  Some users are experiencing 'File Exists' errors when Shorewall
+    executes 'ip route replace' commands. I consider this a bug in
+    either kernel 2.6.24 or in iproute2 but until the issue is
+    resolved, I've added a hack to work around the problem.
+
+    If you are experiencing these problems then add the following line
+    to your shorewall.conf file:
+
+       BROKEN_ROUTING=Yes
+
+    Note: This hack is only available in Shorewall-perl.
+
 4)  Shorewall-perl now generates an error when a MAC address appears in
     a traffic shaping rule in the OUTPUT or POSTROUTING chains.
 

Shorewall-perl/Shorewall/Config.pm

@@ -352,6 +352,7 @@ sub initialize() {
 		DELETE_THEN_ADD => undef,
 		MULTICAST => undef,
 		DONT_LOAD => '',
+		BROKEN_ROUTING => '',
 		#
 		# Packet Disposition
 		#
@@ -1878,6 +1879,7 @@ sub get_configuration( $ ) {
     default_yes_no 'EXPAND_POLICIES'            , '';
     default_yes_no 'KEEP_RT_TABLES'             , '';
     default_yes_no 'DELETE_THEN_ADD'            , 'Yes';
+    default_yes_no 'BROKEN_ROUTING'             , '';
     default_yes_no 'MULTICAST'                  , '';
     default_yes_no 'MARK_IN_FORWARD_CHAIN'      , '';
     

Shorewall-perl/Shorewall/Providers.pm

@@ -339,7 +339,12 @@ sub add_a_provider( $$$$$$$$ ) {
 
     if ( $gateway ) {
 	$address = get_interface_address $interface unless $address;
-	emit "run_ip route replace $gateway src $address dev $interface ${mtu}table $number $realm";
+	if ( $config{BROKEN_ROUTING} ) {
+	    emit "qt ip route delete $gateway table $number";
+	    emit "run_ip route add $gateway src $address dev $interface ${mtu}table $number $realm";
+	} else {
+	    emit "run_ip route replace $gateway src $address dev $interface ${mtu}table $number $realm";
+	}
 	emit "run_ip route add default via $gateway dev $interface table $number $realm";
     }
 
@@ -509,9 +514,16 @@ sub setup_providers() {
 
     if ( $providers ) {
 	if ( $balance ) {
-	    emit  ( 'if [ -n "$DEFAULT_ROUTE" ]; then',
-		    '    run_ip route replace default scope global $DEFAULT_ROUTE',
-		    "    progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
+	    emit  ( 'if [ -n "$DEFAULT_ROUTE" ]; then' );
+
+	    if ( $config{BROKEN_ROUTING} ) {
+		emit( '    run_ip route del default' );
+		emit( '    run_ip route add default scope global $DEFAULT_ROUTE' );
+	    } else {
+		emit( '    run_ip route replace default scope global $DEFAULT_ROUTE' );
+	    }
+
+	    emit  ( "    progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
 		    'else',
 		    '    error_message "WARNING: No Default route added (all \'balance\' providers are down)"',
 		    '    restore_default_route',

Shorewall-perl/Shorewall/Proxyarp.pm

@@ -76,7 +76,14 @@ sub setup_one_proxy_arp( $$$$$ ) {
     }
 
     unless ( $haveroute ) {
-	emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface";
+
+	if ( $config{BROKEN_ROUTING} ) {
+	    emit "[ -n \"\$NOROUTES\" ] || qt ip route del $address";
+	    emit "[ -n \"\$NOROUTES\" ] || run_ip route add $address dev $interface";
+	} else {
+	    emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface";
+	}
+
 	$haveroute = 1 if $persistent;
     }