From f75f4158b321ef630f4cd6c4ca7081380609e563 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 11 May 2009 14:35:20 -0700 Subject: [PATCH] Add 'findgw' user exit --- Shorewall/Perl/Shorewall/Compiler.pm | 2 +- Shorewall/Perl/prog.header | 18 +++++++----------- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 24 +++++++++++++++++++++++- 4 files changed, 33 insertions(+), 13 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 47863f094..b10df7506 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -98,7 +98,7 @@ sub generate_script_1() { ################################################################################ EOF - for my $exit qw/init isusable start tcclear started stop stopped clear refresh refreshed restored/ { + for my $exit qw/init isusable start tcclear started stop stopped clear refresh refreshed restored findgw/ { emit "\nrun_${exit}_exit() {"; push_indent; append_file $exit or emit 'true'; diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header index a57c989e8..50268bfea 100644 --- a/Shorewall/Perl/prog.header +++ b/Shorewall/Perl/prog.header @@ -808,13 +808,13 @@ detect_dynamic_gateway() { # $1 = interface local GATEWAYS GATEWAYS= local gateway - # - # First assume that this is some sort of point-to-point interface - # - gateway=$( find_peer $($IP addr list $interface ) ) - # - # If that didn't work, then try DHCP - # + + gateway=$(run_findgw_exit $1); + + if [ -n "$gateway" ]; then + gateway=$( find_peer $($IP addr list $interface ) ) + fi + if [ -z "$gateway" -a -f /var/lib/dhcpcd/dhcpcd-${1}.info ]; then eval $(grep ^GATEWAYS= /var/lib/dhcpcd/dhcpcd-${1}.info 2> /dev/null) [ -n "$GATEWAYS" ] && GATEWAYS=${GATEWAYS%,*} && gateway=$GATEWAYS @@ -824,10 +824,6 @@ detect_dynamic_gateway() { # $1 = interface gateway=$(grep 'option routers' /var/lib/dhcp/dhclient-${1}.lease | tail -n 1 | while read j1 j2 gateway; do echo $gateway; return 0; done) fi - if [ -z "$gateway" -a -f /var/lib/dhcp3/dhclient-${1}.leases ]; then - gateway=$(grep 'option routers' /var/lib/dhcp3/dhclient-${1}.leases | tail -n 1 | while read j1 j2 gateway; do echo $gateway; return 0; done) - fi - [ -n "$gateway" ] && echo $gateway } diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index b3450ee65..7af5cdb71 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -4,6 +4,8 @@ Changes in Shorewall 4.3.11 2) Fix SCTP source port handling in tcfilters. +3) Add 'findgw' user exit. + Changes in Shorewall 4.3.10 1) Fix handling of shared optional providers. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 687f7b468..d861f9b8c 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -125,7 +125,29 @@ None. local net flow=dst These will cause a 'flow' to consists of the traffic to/from each - internal system. + internal system. + +2) In order to generalize support for learning the gateway for dynamic + interfaces, a new 'findgw' extension script (user exit) has been + added. + + The exit will be invoked in a function that has a single argument: + + $1 = + + If the function can determine the gateway for the passed interface, + it should write the gateway to standard out. Here is a sample + /etc/shorewall/findgw that works with dhclient (dhcp3) in Debian + Lenny: + + if [ -f /var/lib/dhcp3/dhclient-${1}.leases ]; then + grep 'option routers' /var/lib/dhcp3/dhclient-${1}.leases |\ + tail -n 1 |\ + while read j1 j2 gateway; do echo $gateway; return 0; done + fi + + The same code works on Ubuntu Jaunty if you replace '.leases' with + '.lease' (don't you just love the consistency between distributions?). ---------------------------------------------------------------------------- N E W F E A T U R E S IN 4 . 3