extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-10 23:58:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Consolidate the lib.common files.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-04 09:19:48 -08:00
parent 0d80b54ad9
commit e7d2b1d4ed
15 changed files with 232 additions and 596 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-lite/install.sh
View File

@ -301,6 +301,8 @@ for f in lib.* ; do
fi
done
eval sed -i \'s\|g_program:=shorewall\|g_program:=shorewall-lite\|\' ${DESTDIR}/usr/share/shorewall-lite/lib.base
ln -sf lib.base ${DESTDIR}/usr/share/shorewall-lite/functions
echo "Common functions linked through ${DESTDIR}/usr/share/shorewall-lite/functions"

6
Shorewall-lite/shorecap
View File

@ -48,7 +48,11 @@
SHAREDIR=/usr/share/shorewall-lite
VARDIR=/var/lib/shorewall-lite
CONFDIR=/etc/shorewall-lite
g_program=shorewall-lite
g_product="Shorewall Lite"
g_family=4
g_base=shorewall
g_basedir=/usr/share/shorewall-lite
. /usr/share/shorewall-lite/lib.base
. /usr/share/shorewall-lite/lib.cli
@ -60,6 +64,8 @@ SHOREWALL_VERSION=$(cat /usr/share/shorewall-lite/version)
[ -n "$IPTABLES" ] || IPTABLES=$(mywhich iptables)
g_tool=$IPTABLES
VERBOSITY=0
load_kernel_modules No
determine_capabilities

8
Shorewall-lite/shorewall-lite
View File

@ -68,7 +68,7 @@ get_config() {
fi
fi
g_tool=#$IPTABLES
g_tool=$IPTABLES
else
if [ -n "$IP6TABLES" ]; then
if [ ! -x "$IP6TABLES" ]; then
@ -414,7 +414,7 @@ version_command() {
if [ -n "$all" ]; then
for product in shorewall shorewall6 shorewall-lite shorewall6-lite shorewall-init; do
if [ $product ~= $g_program] && [ -f /usr/share/$product/version ]; then
if [ $product != $g_program ] && [ -f /usr/share/$product/version ]; then
echo "$product: $(cat /usr/share/$product/version)"
fi
done
@ -457,6 +457,7 @@ if [ $g_program = shorewall6-lite ]; then
g_family=6
g_base=shorewall6
g_tool=ip6tables
g_basedir=/usr/share/shorewall6-lite
else
g_program=shorewall-lite
SHAREDIR=/usr/share/shorewall-lite
@ -465,6 +466,7 @@ else
g_family=4
g_base=shorewall
g_tool=iptables
g_basedir=/usr/share/shorewall-lite
fi
#
@ -644,7 +646,7 @@ case "$COMMAND" in
;;
restart)
shift
restart_command @
restart_command $@
;;
show|list)
shift

4
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -4796,6 +4796,8 @@ sub set_chain_variables() {
emit( 'IPTABLES_RESTORE=${IPTABLES}-restore',
'[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' );
emit( 'g_tool=$IPTABLES' );
} else {
if ( $config{IP6TABLES} ) {
emit( qq(IP6TABLES="$config{IP6TABLES}"),
@ -4809,6 +4811,8 @@ sub set_chain_variables() {
emit( 'IP6TABLES_RESTORE=${IP6TABLES}-restore',
'[ -x "$IP6TABLES_RESTORE" ] || startup_error "$IP6TABLES_RESTORE does not exist or is not executable"' );
emit( 'g_tool=$IP6TABLES' );
}
if ( $config{IP} ) {

22
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -95,7 +95,7 @@ sub generate_script_1( $ ) {
copy $globals{SHAREDIRPL} . 'prog.header6';
}
copy2 $globals{SHAREDIR} . '/lib.common', 0;
copy2 $globals{SHAREDIRPL} . '/lib.common', 0;
}
}
@ -162,27 +162,39 @@ sub generate_script_2() {
push_indent;
if ( $family == F_IPV4 ) {
emit( 'g_family=4' );
if ( $export ) {
emit ( 'SHAREDIR=/usr/share/shorewall-lite',
'CONFDIR=/etc/shorewall-lite',
'g_product="Shorewall Lite"'
'g_product="Shorewall Lite"',
'g_program=shorewall-lite',
'g_basedir=/usr/share/shorewall-lite',
);
} else {
emit ( 'SHAREDIR=/usr/share/shorewall',
'CONFDIR=/etc/shorewall',
'g_product=\'Shorewall\'',
'g_product=Shorewall',
'g_program=shorewall',
'g_basedir=/usr/share/shorewall',
);
}
} else {
emit( 'g_family=6' );
if ( $export ) {
emit ( 'SHAREDIR=/usr/share/shorewall6-lite',
'CONFDIR=/etc/shorewall6-lite',
'g_product="Shorewall6 Lite"'
'g_product="Shorewall6 Lite"',
'g_program=shorewall6-lite',
'g_basedir=/usr/share/shorewall6',
);
} else {
emit ( 'SHAREDIR=/usr/share/shorewall6',
'CONFDIR=/etc/shorewall6',
'g_product=\'Shorewall6\'',
'g_product=Shorewall6',
'g_program=shorewall6',
'g_basedir=/usr/share/shorewall'
);
}
}

20
Shorewall/Perl/getparams
View File

@ -28,13 +28,25 @@
# $3 = Address family (4 o4 6)
#
if [ "$3" = 6 ]; then
. /usr/share/shorewall6/lib.base
. /usr/share/shorewall6/lib.cli
SHAREDIR=/usr/share/shorewall6
CONFDIR=/etc/shorewall6
g_product="Shorewall6"
g_family=6
g_tool=
g_basedir=/usr/share/shorewall
else
. /usr/share/shorewall/lib.base
. /usr/share/shorewall/lib.cli
g_program=shorewall
SHAREDIR=/usr/share/shorewall
CONFDIR=/etc/shorewall
g_product="Shorewall"
g_family=4
g_tool=
g_basedir=/usr/share/shorewall
fi
. /usr/share/shorewall/lib.base
. /usr/share/shorewall/lib.cli
CONFIG_PATH="$2"
set -a

3
Shorewall/lib.base
View File

@ -34,6 +34,7 @@ SHOREWALL_CAPVERSION=40426
[ -n "${VARDIR:=/var/lib/$g_program}" ]
[ -n "${SHAREDIR:=/usr/share/$g_program}" ]
[ -n "${CONFDIR:=/etc/$g_program}" ]
[ -n "${g_family:=4}" ]
#
# Conditionally produce message
@ -176,7 +177,7 @@ find_interface_by_mac() {
done
}
[ -z "$LEFTSHIFT" ] && . ${SHAREDIR}/lib.common
[ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common
#
# Validate an IP address

4
Shorewall/lib.cli
View File

@ -791,8 +791,8 @@ show_command() {
[ -f ${VARDIR}/marks ] && cat ${VARDIR}/marks;
;;
*)
case "$g_product" in
*lite)
case "$g_program" in
*-lite)
;;
*)
case $1 in

170
Shorewall/lib.common
View File

@ -88,13 +88,15 @@ run_it() {
export TIMESTAMP=$g_timestamp
export RECOVERING=$g_recovering
if [ "$g_product" != Shorewall ]; then
#
# Shorewall Lite
#
export LOGFORMAT
export IPTABLES
fi
case "$g_program" in
*-lite)
#
# Shorewall Lite
#
export LOGFORMAT
export IPTABLES
;;
esac
else
#
# 4.4.8 or later -- no additional exports required
@ -127,6 +129,30 @@ error_message() # $* = Error Message
echo " $@" >&2
}
#
# Undo the effect of 'split()'
#
join()
{
local f
local o
o=
for f in $* ; do
o="${o:+$o:}$f"
done
echo $o
}
#
# Return the number of elements in a list
#
list_count() # $* = list
{
return $#
}
#
# Split a colon-separated list into a space-separated list
#
@ -184,12 +210,20 @@ qt1()
}
#
# Determine if Shorewall is "running"
# Determine if Shorewall[6] is "running"
#
product_is_started() {
qt1 $g_tool -L shorewall -n
}
shorewall_is_started() {
qt1 $IPTABLES -L shorewall -n
}
shorewall6_is_started() {
qt1 $IP6TABLES -L shorewall -n
}
#
# Echos the fully-qualified name of the calling shell program
#
@ -294,7 +328,7 @@ reload_kernel_modules() {
[ -z "$MODULESDIR" ] && \
uname=$(uname -r) && \
MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
@ -333,7 +367,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
[ -z "$MODULESDIR" ] && \
uname=$(uname -r) && \
MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
MODULESDIR=/lib/modules/$uname/kernel/net/ipv${g_family}/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset
for directory in $(split $MODULESDIR); do
[ -d $directory ] && moduledirectories="$moduledirectories $directory"
@ -465,38 +499,100 @@ in_network() # $1 = IP address, $2 = CIDR network
test $(( $(decodeaddr $1) & $netmask)) = $(( $(decodeaddr ${2%/*}) & $netmask ))
}
#
# Query NetFilter about the existence of a filter chain
#
chain_exists() # $1 = chain name
{
qt1 $IP6TABLES -L $1 -n
}
#
# Find the interface with the passed MAC address
#
find_interface_by_mac() {
local mac
mac=$1
local first
local second
local rest
local dev
$IP link list | while read first second rest; do
case $first in
*:)
dev=$second
;;
*)
if [ "$second" = $mac ]; then
echo ${dev%:}
return
fi
esac
done
}
#
# Find interface address--returns the first IP address assigned to the passed
# device
#
find_first_interface_address() # $1 = interface
{
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
#
# If there wasn't one, bail out now
#
[ -n "$addr" ] || startup_error "Can't determine the IP address of $1"
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
if [ $g_family -eq 4 ]; then
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -$g_family addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
#
# If there wasn't one, bail out now
#
[ -n "$addr" ] || startup_error "Can't determine the IP address of $1"
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//'
else
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
#
# If there wasn't one, bail out now
#
[ -n "$addr" ] || startup_error "Can't determine the IPv6 address of $1"
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
echo $addr | sed 's/\s*inet6 //;s/\/.*//;s/ peer.*//'
fi
}
find_first_interface_address_if_any() # $1 = interface
{
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
[ -n "$addr" ] && echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//' || echo 0.0.0.0
if [ $g_family -eq 4 ]; then
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
[ -n "$addr" ] && echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//' || echo 0.0.0.0
else
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
[ -n "$addr" ] && echo $addr | sed 's/\s*inet6 //;s/\/.*//;s/ peer.*//' || echo ::
fi
}
#
@ -515,14 +611,6 @@ mywhich() {
return 2
}
#
# Query NetFilter about the existence of a filter chain
#
chain_exists() # $1 = chain name
{
qt1 $IPTABLES -L $1 -n
}
#
# Find a File -- For relative file name, look in each ${CONFIG_PATH} then ${CONFDIR}
#
@ -552,7 +640,7 @@ find_file()
#
# Set the Shorewall state
#
set_state () # $1 = state $2
set_state () # $1 = state
{
if [ $# -gt 1 ]; then
echo "$1 ($(date)) from $2" > ${VARDIR}/state

14
Shorewall/shorewall
View File

@ -442,17 +442,6 @@ compiler() {
fi
}
#
# Determine if the current product is in the started state
#
product_is_started() {
if [ $g_family -eq 4 ]; then
shorewall_is_started
else
shorewall6_is_started
fi
}
#
# Start Command Executor
#
@ -1698,12 +1687,15 @@ if [ $g_program = shorewall6 ]; then
g_product="Shorewall6"
g_family=6
g_tool=
g_basedir=/usr/share/shorewall
else
g_program=shorewall
SHAREDIR=/usr/share/shorewall
CONFDIR=/etc/shorewall
g_product="Shorewall"
g_family=4
g_tool=
g_basedir=/usr/share/shorewall
fi
finished=0

3
Shorewall6-lite/install.sh
View File

@ -301,6 +301,9 @@ for f in lib.* ; do
fi
done
eval sed -i \'s\|g_program:=shorewall\|g_program:=shorewall6-lite\|\' ${DESTDIR}/usr/share/shorewall6-lite/lib.base
eval sed -i \'s\|g_family:=4\|g_family:=6\|\' ${DESTDIR}/usr/share/shorewall6-lite/lib.base
ln -sf lib.base ${DESTDIR}/usr/share/shorewall6-lite/functions
echo "Common functions linked through ${DESTDIR}/usr/share/shorewall6-lite/functions"

7
Shorewall6-lite/shorecap
View File

@ -48,7 +48,10 @@
SHAREDIR=/usr/share/shorewall6-lite
VARDIR=/var/lib/shorewall6-lite
CONFDIR=/etc/shorewall6-lite
g_product="Shorewall Lite"
g_product="Shorewall6 Lite"
g_family=6
g_base=shorewall6
g_basedir=/usr/share/shorewall6-lite
. /usr/share/shorewall6-lite/lib.base
. /usr/share/shorewall6-lite/lib.cli
@ -60,6 +63,8 @@ SHOREWALL_VERSION=$(cat /usr/share/shorewall6-lite/version)
[ -n "$IP6TABLES" ] || IP6TABLES=$(mywhich ip6tables)
g_tool=$IP6TABLES
VERBOSITY=0
load_kernel_modules No
determine_capabilities

8
Shorewall6/install.sh
View File

@ -354,8 +354,8 @@ delete_file ${DESTDIR}/usr/share/shorewall6/lib.proxyarp
delete_file ${DESTDIR}/usr/share/shorewall6/lib.tc
delete_file ${DESTDIR}/usr/share/shorewall6/lib.tcrules
delete_file ${DESTDIR}/usr/share/shorewall6/lib.tunnels
delete_file ${DESTDIR}/usr/share/shorewall6/lib.base
delete_file ${DESTDIR}/usr/share/shorewall6/lib.cli
delete_file ${DESTDIR}/usr/share/shorewall6/lib.common
delete_file ${DESTDIR}/usr/share/shorewall6/prog.header6
delete_file ${DESTDIR}/usr/share/shorewall6/prog.footer6
@ -838,10 +838,8 @@ done
# Install the libraries
#
for f in lib.* ; do
if [ -f $f ]; then
install_file $f ${DESTDIR}/usr/share/shorewall6/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/shorewall6/$f"
fi
install_file $f ${DESTDIR}/usr/share/shorewall6/$f 0644
echo "Library ${f#*.} file installed as ${DESTDIR}/usr/share/shorewall6/$f"
done
#
# Symbolically link 'functions' to lib.base

34
Shorewall6/lib.base Normal file
View File

@ -0,0 +1,34 @@
#
# Shorewall 4.4 -- /usr/share/shorewall6/lib.base
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2011 - Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# This library contains the code common to all Shorewall components.
g_program=shorewall6
g_family=6
g_basedir=/usr/share/shorewall
[ -n "${VARDIR:=/var/lib/$g_program}" ]
[ -n "${SHAREDIR:=/usr/share/$g_program}" ]
[ -n "${CONFDIR:=/etc/$g_program}" ]
. /usr/share/shorewall/lib.base

523
Shorewall6/lib.common
View File

@ -1,523 +0,0 @@
#
# Shorewall 4.4 -- /usr/share/shorewall6/lib.common.
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2010 - Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# This library contains the wrapper code for running a generated script.
#
#
# Get the Shorewall version of the passed script
#
get_script_version() { # $1 = script
local temp
local version
local ifs
local digits
local verbosity
verbosity="$VERBOSITY"
VERBOSITY=0
temp=$( $SHOREWALL_SHELL $1 version | sed 's/-.*//' )
if [ -z "$temp" ]; then
version=0
else
ifs=$IFS
IFS=.
temp=$(echo $temp)
IFS=$ifs
digits=0
for temp in $temp; do
version=${version}$(printf '%02d' $temp)
digits=$(($digits + 1))
[ $digits -eq 3 ] && break
done
fi
echo $version
VERBOSITY="$verbosity"
}
#
# Do required exports and create the required option string and run the passed script using
# $SHOREWALL_SHELL
#
run_it() {
local script
local options
local version
export VARDIR
script=$1
shift
version=$(get_script_version $script)
if [ $version -lt 040408 ]; then
#
# Old script that doesn't understand 4.4.8 script options
#
export RESTOREFILE=
export VERBOSITY
export NOROUTES=$g_noroutes
export PURGE=$g_purge
export TIMESTAMP=$g_timestamp
export RECOVERING=$g_recovering
if [ "$g_product" != Shorewall6 ]; then
#
# Shorewall6 Lite
#
export LOGFORMAT
export IP6TABLES
fi
else
#
# 4.4.8 or later -- no additional exports required
#
if [ x$1 = xtrace -o x$1 = xdebug ]; then
options="$1 -"
shift;
else
options='-'
fi
[ -n "$g_noroutes" ] && options=${options}n
[ -n "$g_timestamp" ] && options=${options}t
[ -n "$g_purge" ] && options=${options}p
[ -n "$g_recovering" ] && options=${options}r
options="${options}V $VERBOSITY"
[ -n "$RESTOREFILE" ] && options="${options} -R $RESTOREFILE"
fi
$SHOREWALL_SHELL $script $options $@
}
#
# Message to stderr
#
error_message() # $* = Error Message
{
echo " $@" >&2
}
#
# Split a colon-separated list into a space-separated list
#
split() {
local ifs
ifs=$IFS
IFS=:
echo $*
IFS=$ifs
}
#
# Undo the effect of 'split()'
#
join()
{
local f
local o
o=
for f in $* ; do
o="${o:+$o:}$f"
done
echo $o
}
#
# Return the number of elements in a list
#
list_count() # $* = list
{
return $#
}
#
# Search a list looking for a match -- returns zero if a match found
# 1 otherwise
#
list_search() # $1 = element to search for , $2-$n = list
{
local e
e=$1
while [ $# -gt 1 ]; do
shift
[ "x$e" = "x$1" ] && return 0
done
return 1
}
#
# Suppress all output for a command
#
qt()
{
"$@" >/dev/null 2>&1
}
#
# Suppress all output and input - mainly for preventing leaked file descriptors
# to avoid SELinux denials
#
qtnoin()
{
"$@" </dev/null >/dev/null 2>&1
}
qt1()
{
local status
while [ 1 ]; do
"$@" </dev/null >/dev/null 2>&1
status=$?
[ $status -ne 4 ] && return $status
done
}
#
# Determine if Shorewall is "running"
#
shorewall6_is_started() {
qt1 $IP6TABLES -L shorewall -n
}
#
# Echos the fully-qualified name of the calling shell program
#
my_pathname() {
cd $(dirname $0)
echo $PWD/$(basename $0)
}
#
# Source a user exit file if it exists
#
run_user_exit() # $1 = file name
{
local user_exit
user_exit=$(find_file $1)
if [ -f $user_exit ]; then
progress_message "Processing $user_exit ..."
. $user_exit
fi
}
#
# Load a Kernel Module -- assumes that the variable 'moduledirectories' contains
# a space-separated list of directories to search for
# the module and that 'moduleloader' contains the
# module loader command.
#
loadmodule() # $1 = module name, $2 - * arguments
{
local modulename
modulename=$1
local modulefile
local suffix
if [ -d /sys/module/ ]; then
if ! list_search $modulename $DONT_LOAD; then
if [ ! -d /sys/module/$modulename ]; then
shift
for suffix in $MODULE_SUFFIX ; do
for directory in $moduledirectories; do
modulefile=$directory/${modulename}.${suffix}
if [ -f $modulefile ]; then
case $moduleloader in
insmod)
insmod $modulefile $*
;;
*)
modprobe $modulename $*
;;
esac
break 2
fi
done
done
fi
fi
elif ! list_search $modulename $MODULES $DONT_LOAD ; then
shift
for suffix in $MODULE_SUFFIX ; do
for directory in $moduledirectories; do
modulefile=$directory/${modulename}.${suffix}
if [ -f $modulefile ]; then
case $moduleloader in
insmod)
insmod $modulefile $*
;;
*)
modprobe $modulename $*
;;
esac
break 2
fi
done
done
fi
}
#
# Reload the Modules
#
reload_kernel_modules() {
local save_modules_dir
save_modules_dir=$MODULESDIR
local directory
local moduledirectories
moduledirectories=
local moduleloader
moduleloader=modprobe
if ! qt mywhich modprobe; then
moduleloader=insmod
fi
[ -n "${MODULE_SUFFIX:=ko ko.gz o o.gz gz}" ]
[ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)/kernel/net/sched
[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
for directory in $(split $MODULESDIR); do
[ -d $directory ] && moduledirectories="$moduledirectories $directory"
done
[ -n "$moduledirectories" ] && while read command; do
eval $command
done
MODULESDIR=$save_modules_dir
}
#
# Load kernel modules required for Shorewall
#
load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
{
local save_modules_dir
save_modules_dir=$MODULESDIR
local directory
local moduledirectories
moduledirectories=
local moduleloader
moduleloader=modprobe
local savemoduleinfo
savemoduleinfo=${1:-Yes} # So old compiled scripts still work
if ! qt mywhich modprobe; then
moduleloader=insmod
fi
[ -n "${MODULE_SUFFIX:=o gz ko o.gz ko.gz}" ]
[ -z "$MODULESDIR" ] && \
MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)/kernel/net/sched
for directory in $(split $MODULESDIR); do
[ -d $directory ] && moduledirectories="$moduledirectories $directory"
done
[ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)
if [ -f $modules -a -n "$moduledirectories" ]; then
[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
progress_message "Loading Modules..."
. $modules
if [ $savemoduleinfo = Yes ]; then
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir
cp -f $modules ${VARDIR}/.modules
fi
elif [ $savemoduleinfo = Yes ]; then
[ -d ${VARDIR} ] || mkdir -p ${VARDIR}
> ${VARDIR}/.modulesdir
> ${VARDIR}/.modules
fi
MODULESDIR=$save_modules_dir
}
#
# Query NetFilter about the existence of a filter chain
#
chain_exists() # $1 = chain name
{
qt1 $IP6TABLES -L $1 -n
}
#
# Find the interface with the passed MAC address
#
find_interface_by_mac() {
local mac
mac=$1
local first
local second
local rest
local dev
$IP link list | while read first second rest; do
case $first in
*:)
dev=$second
;;
*)
if [ "$second" = $mac ]; then
echo ${dev%:}
return
fi
esac
done
}
#
# Find interface address--returns the first IP address assigned to the passed
# device
#
find_first_interface_address() # $1 = interface
{
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
#
# If there wasn't one, bail out now
#
[ -n "$addr" ] || startup_error "Can't determine the IPv6 address of $1"
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
echo $addr | sed 's/\s*inet6 //;s/\/.*//;s/ peer.*//'
}
find_first_interface_address_if_any() # $1 = interface
{
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet6 addr show dev $1 2> /dev/null | fgrep 'inet6 ' | fgrep -v 'scope link' | head -n1)
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
[ -n "$addr" ] && echo $addr | sed 's/\s*inet6 //;s/\/.*//;s/ peer.*//' || echo ::
}
#
# Internal version of 'which'
#
mywhich() {
local dir
for dir in $(split $PATH); do
if [ -x $dir/$1 ]; then
echo $dir/$1
return 0
fi
done
return 2
}
#
# Find a File -- For relative file name, look in each ${CONFIG_PATH} then ${CONFDIR}
#
find_file()
{
local saveifs
saveifs=
local directory
case $1 in
/*)
echo $1
;;
*)
for directory in $(split $CONFIG_PATH); do
if [ -f $directory/$1 ]; then
echo $directory/$1
return
fi
done
echo ${CONFDIR}/$1
;;
esac
}
#
# Set the Shorewall state
#
set_state () # $1 = state
{
if [ $# -gt 1 ]; then
echo "$1 ($(date)) from $2" > ${VARDIR}/state
else
echo "$1 ($(date))" > ${VARDIR}/state
fi
}
#
# Perform variable substitution on the passed argument and echo the result
#
expand() # $@ = contents of variable which may be the name of another variable
{
eval echo \"$@\"
}
#
# Function for including one file into another
#
INCLUDE() {
. $(find_file $(expand $@))
}
# Function to truncate a string -- It uses 'cut -b -<n>'
# rather than ${v:first:last} because light-weight shells like ash and
# dash do not support that form of expansion.
#
truncate() # $1 = length
{
cut -b -${1}
}