shorewall_code/Shorewall-lite
Matt Darfeuille cd4e9654d8
(Fwd) [Shorewall-users] Shorewall-lite on OpenWRT
------- Forwarded message follows -------
From:	istvan@istvan.org
To:	shorewall-users@lists.sourceforge.net
Date sent:	Thu, 19 May 2016 09:10:21 +0200
Subject:	[Shorewall-users] Shorewall-lite on OpenWRT
Send reply to:	Shorewall Users <shorewall-users@lists.sourceforge.net>
	<mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe>
	<mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>

Hi there,

I use Shorewall on an OpenWRT distribution and I experience 2
problems.
I have solved them myself and report them here to help others with
it.

Shorewall version: shorewall[6]-lite 5.0.4
OpenWRT version: Chaos Calmer 15.05, r46767

Problem 1:
Shorewall uses the lock utility from openwrt. I believe it is used in

the wrong way. File lib.common line 775
First it passes arguments which the utility doesn't use/know. The
util
accepts them dumbly and continues to create a lockfile. It has no
time-out functionality. I do not know the meaning of the r1 argument.
Second the mutex_off simply deletes the lockfile by using the utility

rm. This way a stale lock process keeps running. After a while the
router is running a high number of stale processes which has impact
on
the load of the router. The correct way is to use "lock -u
/lib/shorewall-lite/lock". This way the lockfile will be removed and
the
process will be terminated accordingly. To make it work for me, I no
more let shorewall use the lock utility by using an ugly hack.

Problem 2:
An fgrep on the output of the type utility is wrongly coded. The
output
of the type command probably has been changed. File lib.cli line 4343
It is coded: "if type $1 2> /dev/null | fgrep -q 'is a function';
then"
To make it work for me, it should be coded: "if type $1 2> /dev/null
|
fgrep -q 'is a shell function'; then"

With regards,

Stefan
------- End of forwarded message -------

Tom, attached as code.patch, are the patches that I  believe will
correct those issues

In addition to those patches I've also added 3 patches:
- Patch 1 will emulate the -p flag of the ps utility which is not
available on openwrt.
- The last two patches will add "file" to the progress message of
SYSCONFFILE to make it more consistent among the installers.

In shorewall-init/install.sh the else clause between  the line 586
and 597 will only work for a sysvinit script.
Should I make it also work for a systemd service script or can't we
simply remove that else clause?

In the compiled firewall script the comments before and after the
functions imported from lib.common have two slashes in the path:
$ grep -H lib.common firewall
firewall:#   Functions imported from /usr/share/shorewall//lib.common
firewall:#   End of imports from /usr/share/shorewall//lib.common

-Matt

-------------- Enclosure number 1 ----------------
>From 6ff651108df33ab8be4562caef03a8582e9eac5e Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Tue, 24 May 2016 13:10:28 +0200
Subject: [PATCH 1/8] Emulate 'ps -p' using grep to work on openwrt

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-08 15:40:36 -07:00
..
manpages Add an ENVIRONMENT section to the CLI manpages 2016-04-15 15:41:55 -07:00
configpath More version changes 2015-07-28 10:59:11 -07:00
COPYING Correct address of the FSF 2011-06-06 06:55:40 -07:00
default.debian Add STARTOPTIONS and RESTARTOPTIONS 2012-01-16 10:03:13 -08:00
init.debian.sh Add '. /lib/lsb/init-functions' to the Debian-specific init scripts, as recommended by lintian 2013-10-05 16:31:45 -04:00
init.fedora.sh Provide STARTOPTIONS and RESTARTOPTIONS in all cases 2014-10-30 10:22:39 -07:00
init.openwrt.sh Shorewall 5.0.4 Beta 2 2016-01-14 16:36:21 -08:00
init.sh Change license to GPLv2+ and update copyrights 2014-01-04 09:48:27 -08:00
init.suse.sh Suse specific patches 2012-08-25 08:45:57 -07:00
install.sh (Fwd) [Shorewall-users] Shorewall-lite on OpenWRT 2016-06-08 15:40:36 -07:00
lib.base Change license to GPLv2+ and update copyrights 2014-01-04 09:48:27 -08:00
logrotate Rationalize init logs 2010-04-10 11:46:50 -07:00
Makefile Correct Makefiles 2012-04-14 12:01:37 -07:00
shorecap Supporting xz compressed kernel modules 2015-02-06 12:51:00 -08:00
shorewall-lite Change license to GPLv2+ and update copyrights 2014-01-04 09:48:27 -08:00
shorewall-lite.conf Update config file version and copyrights 2015-07-28 10:50:19 -07:00
shorewall-lite.service Restore .214 files 2015-08-01 11:23:35 -07:00
shorewall-lite.service.debian Merge branch 'master' into 5.0.0 2015-10-12 10:55:36 -07:00
sysconfig Corrected sysconfig files 2016-01-19 09:25:37 -08:00
uninstall.sh Update copyrights in the install and uninstall scripts 2016-02-29 11:03:09 -08:00