extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implement 'fallback' and 'balance' for IPv6

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-10-21 11:55:15 -07:00
parent 20cd943a60
commit f31f3dc92a
2 changed files with 56 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -149,9 +149,9 @@ sub copy_table( $$$ ) {
emit ''; emit '';
if ( $realm ) { if ( $realm ) {
emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//; s/ cache / /' | while read net route; do" ) emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | fgrep -v ' cache ' | while read net route; do" )
} else { } else {
emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ cache / /' | ${filter}while read net route; do" ) emit ( "\$IP -$family -o route show table $duplicate | fgrep -v ' cache ' | ${filter}while read net route; do" )
} }
emit ( ' case $net in', emit ( ' case $net in',
@ -183,9 +183,9 @@ sub copy_and_edit_table( $$$$ ) {
emit ''; emit '';
if ( $realm ) { if ( $realm ) {
emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]]+//; s/ cache / /' | while read net route; do" ) emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]]+//' | fgrep -v ' cache ' | while read net route; do" )
} else { } else {
emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ cache / /' | ${filter}while read net route; do" ) emit ( "\$IP -$family -o route show table $duplicate | fgrep -v ' cache ' | ${filter}while read net route; do" )
} }
emit ( ' case $net in', emit ( ' case $net in',
@ -210,14 +210,24 @@ sub balance_default_route( $$$$ ) {
emit ''; emit '';
if ( $first_default_route ) { if ( $first_default_route ) {
if ( $gateway ) { if ( $family == F_IPV4 ) {
emit "DEFAULT_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\""; if ( $gateway ) {
emit "DEFAULT_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\"";
} else {
emit "DEFAULT_ROUTE=\"nexthop dev $interface weight $weight $realm\"";
}
} else { } else {
emit "DEFAULT_ROUTE=\"nexthop dev $interface weight $weight $realm\""; if ( $gateway ) {
emit "DEFAULT_ROUTE=\"via $gateway dev $interface $realm\"";
} else {
emit "DEFAULT_ROUTE=\"dev $interface $realm\"";
}
} }
$first_default_route = 0; $first_default_route = 0;
} else { } else {
fatal_error "Only one 'balance' provider is allowed with IPv6" if $family == F_IPV6;
if ( $gateway ) { if ( $gateway ) {
emit "DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop via $gateway dev $interface weight $weight $realm\""; emit "DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop via $gateway dev $interface weight $weight $realm\"";
} else { } else {
@ -234,14 +244,24 @@ sub balance_fallback_route( $$$$ ) {
emit ''; emit '';
if ( $first_fallback_route ) { if ( $first_fallback_route ) {
if ( $gateway ) { if ( $family == F_IPV4 ) {
emit "FALLBACK_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\""; if ( $gateway ) {
emit "FALLBACK_ROUTE=\"nexthop via $gateway dev $interface weight $weight $realm\"";
} else {
emit "FALLBACK_ROUTE=\"nexthop dev $interface weight $weight $realm\"";
}
} else { } else {
emit "FALLBACK_ROUTE=\"nexthop dev $interface weight $weight $realm\""; if ( $gateway ) {
emit "FALLBACK_ROUTE=\"via $gateway dev $interface $realm\"";
} else {
emit "FALLBACK_ROUTE=\"dev $interface $realm\"";
}
} }
$first_fallback_route = 0; $first_fallback_route = 0;
} else { } else {
fatal_error "Only one 'fallback' provider is allowed with IPv6" if $family == F_IPV6;
if ( $gateway ) { if ( $gateway ) {
emit "FALLBACK_ROUTE=\"\$FALLBACK_ROUTE nexthop via $gateway dev $interface weight $weight $realm\""; emit "FALLBACK_ROUTE=\"\$FALLBACK_ROUTE nexthop via $gateway dev $interface weight $weight $realm\"";
} else { } else {
@ -330,10 +350,9 @@ sub process_a_provider() {
} elsif ( $option eq 'notrack' ) { } elsif ( $option eq 'notrack' ) {
$track = 0; $track = 0;
} elsif ( $option =~ /^balance=(\d+)$/ ) { } elsif ( $option =~ /^balance=(\d+)$/ ) {
fatal_error q('balance' is not available in IPv6) if $family == F_IPV6; fatal_error q('balance=<weight>' is not available in IPv6) if $family == F_IPV6;
$balance = $1; $balance = $1;
} elsif ( $option eq 'balance' ) { } elsif ( $option eq 'balance' ) {
fatal_error q('balance' is not available in IPv6) if $family == F_IPV6;
$balance = 1; $balance = 1;
} elsif ( $option eq 'loose' ) { } elsif ( $option eq 'loose' ) {
$loose = 1; $loose = 1;
@ -348,12 +367,11 @@ sub process_a_provider() {
} elsif ( $option =~ /^mtu=(\d+)$/ ) { } elsif ( $option =~ /^mtu=(\d+)$/ ) {
$mtu = "mtu $1 "; $mtu = "mtu $1 ";
} elsif ( $option =~ /^fallback=(\d+)$/ ) { } elsif ( $option =~ /^fallback=(\d+)$/ ) {
fatal_error q('fallback' is not available in IPv6) if $family == F_IPV6; fatal_error q('fallback=<weight>' is not available in IPv6) if $family == F_IPV6;
$default = $1; $default = $1;
$default_balance = 0; $default_balance = 0;
fatal_error 'fallback must be non-zero' unless $default; fatal_error 'fallback must be non-zero' unless $default;
} elsif ( $option eq 'fallback' ) { } elsif ( $option eq 'fallback' ) {
fatal_error q('fallback' is not available in IPv6) if $family == F_IPV6;
$default = -1; $default = -1;
$default_balance = 0; $default_balance = 0;
} elsif ( $option eq 'local' ) { } elsif ( $option eq 'local' ) {
@ -632,12 +650,19 @@ sub add_a_provider( $$ ) {
$tbl = $default ? DEFAULT_TABLE : $config{USE_DEFAULT_RT} ? BALANCE_TABLE : MAIN_TABLE; $tbl = $default ? DEFAULT_TABLE : $config{USE_DEFAULT_RT} ? BALANCE_TABLE : MAIN_TABLE;
$weight = $balance ? $balance : $default; $weight = $balance ? $balance : $default;
if ( $gateway ) { if ( $family == F_IPV4 ) {
emit qq(add_gateway "nexthop via $gateway dev $physical weight $weight $realm" ) . $tbl; if ( $gateway ) {
emit qq(add_gateway "nexthop via $gateway dev $physical weight $weight $realm" ) . $tbl;
} else {
emit qq(add_gateway "nexthop dev $physical weight $weight $realm" ) . $tbl;
}
} else { } else {
emit qq(add_gateway "nexthop dev $physical weight $weight $realm" ) . $tbl; if ( $gateway ) {
emit qq(add_gateway "via $gateway dev $physical $realm" ) . $tbl;
} else {
emit qq(add_gateway "nexthop dev $physical $realm" ) . $tbl;
}
} }
} else { } else {
$weight = 1; $weight = 1;
} }
@ -712,7 +737,7 @@ sub add_a_provider( $$ ) {
$via = "dev $physical"; $via = "dev $physical";
} }
$via .= " weight $weight" unless $weight < 0; $via .= " weight $weight" unless $weight < 0 or $family == F_IPV6;
$via .= " $realm" if $realm; $via .= " $realm" if $realm;
emit( qq(delete_gateway "$via" $tbl $physical) ); emit( qq(delete_gateway "$via" $tbl $physical) );

16
Shorewall/Perl/prog.header6
View File

@ -469,6 +469,8 @@ get_device_mtu1() # $1 = device
# Undo changes to routing # Undo changes to routing
# #
undo_routing() { undo_routing() {
local undofiles
local f
if [ -z "$g_noroutes" ]; then if [ -z "$g_noroutes" ]; then
# #
@ -481,10 +483,16 @@ undo_routing() {
# #
# Restore the rest of the routing table # Restore the rest of the routing table
# #
if [ -f ${VARDIR}/undo_routing ]; then undofiles="$(ls ${VARDIR}/undo_*routing 2> /dev/null)"
. ${VARDIR}/undo_routing
progress_message "Shorewall-generated routing tables and routing rules removed" if [ -n "$undofiles" ]; then
rm -f ${VARDIR}/undo_*routing for f in $undofiles; do
. $f
done
rm -f $undofiles
progress_message "Shorewall6-generated routing tables and routing rules removed"
fi fi
fi fi