From 1238b771a26840a51e86c0c3b47c34a3478b61a0 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 7 Nov 2009 18:59:10 -0800 Subject: [PATCH] Apply logical->physical mapping to /proc settings --- Shorewall/Perl/Shorewall/Proc.pm | 48 +++++++++++++++++++++------- Shorewall/Perl/Shorewall/Proxyarp.pm | 14 ++++++-- 2 files changed, 48 insertions(+), 14 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Proc.pm b/Shorewall/Perl/Shorewall/Proc.pm index 97d8c3ce3..8a4c87c81 100644 --- a/Shorewall/Perl/Shorewall/Proc.pm +++ b/Shorewall/Perl/Shorewall/Proc.pm @@ -56,27 +56,35 @@ sub setup_arp_filtering() { save_progress_message "Setting up ARP filtering..."; for my $interface ( @$interfaces ) { - my $file = "/proc/sys/net/ipv4/conf/$interface/arp_filter"; my $value = get_interface_option $interface, 'arp_filter'; + my $optional = interface_is_optional $interface; + + $interface = get_physical $interface; + + my $file = "/proc/sys/net/ipv4/conf/$interface/arp_filter"; emit ( '', "if [ -f $file ]; then", " echo $value > $file"); emit ( 'else', - " error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface ); + " error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless $optional; emit "fi\n"; } for my $interface ( @$interfaces1 ) { - my $file = "/proc/sys/net/ipv4/conf/$interface/arp_ignore"; my $value = get_interface_option $interface, 'arp_ignore'; + my $optional = interface_is_optional $interface; + + $interface = get_physical $interface; + + my $file = "/proc/sys/net/ipv4/conf/$interface/arp_ignore"; assert( defined $value ); emit ( "if [ -f $file ]; then", " echo $value > $file"); emit ( 'else', - " error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface ); + " error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless $optional; emit "fi\n"; } } @@ -106,13 +114,17 @@ sub setup_route_filtering() { } for my $interface ( @$interfaces ) { - my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter"; my $value = get_interface_option $interface, 'routefilter'; + my $optional = interface_is_optional $interface; + + $interface = get_physical $interface; + + my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter"; emit ( "if [ -f $file ]; then" , " echo $value > $file" ); emit ( 'else' , - " error_message \"WARNING: Cannot set route filtering on $interface\"" ) unless interface_is_optional( $interface); + " error_message \"WARNING: Cannot set route filtering on $interface\"" ) unless $optional; emit "fi\n"; } @@ -153,14 +165,18 @@ sub setup_martian_logging() { } for my $interface ( @$interfaces ) { - my $file = "/proc/sys/net/ipv4/conf/$interface/log_martians"; my $value = get_interface_option $interface, 'logmartians'; + my $optional = interface_is_optional $interface; + + $interface = get_physical $interface; + + my $file = "/proc/sys/net/ipv4/conf/$interface/log_martians"; emit ( "if [ -f $file ]; then" , " echo $value > $file" ); emit ( 'else' , - " error_message \"WARNING: Cannot set Martian logging on $interface\"") unless interface_is_optional( $interface); + " error_message \"WARNING: Cannot set Martian logging on $interface\"") unless $optional; emit "fi\n"; } } @@ -180,13 +196,17 @@ sub setup_source_routing( $ ) { save_progress_message 'Setting up Accept Source Routing...'; for my $interface ( @$interfaces ) { - my $file = "/proc/sys/net/ipv$family/conf/$interface/accept_source_route"; my $value = get_interface_option $interface, 'sourceroute'; + my $optional = interface_is_optional $interface; + + $interface = get_physical $interface; + + my $file = "/proc/sys/net/ipv$family/conf/$interface/accept_source_route"; emit ( "if [ -f $file ]; then" , " echo $value > $file" ); emit ( 'else' , - " error_message \"WARNING: Cannot set Accept Source Routing on $interface\"" ) unless interface_is_optional( $interface); + " error_message \"WARNING: Cannot set Accept Source Routing on $interface\"" ) unless $optional; emit "fi\n"; } } @@ -227,13 +247,17 @@ sub setup_forwarding( $$ ) { save_progress_message 'Setting up IPv6 Interface Forwarding...'; for my $interface ( @$interfaces ) { - my $file = "/proc/sys/net/ipv6/conf/$interface/forwarding"; my $value = get_interface_option $interface, 'forward'; + my $optional = interface_is_optional $interface; + + $interface = get_physical $interface; + + my $file = "/proc/sys/net/ipv6/conf/$interface/forwarding"; emit ( "if [ -f $file ]; then" , " echo $value > $file" ); emit ( 'else' , - " error_message \"WARNING: Cannot set IPv6 forwarding on $interface\"" ) unless interface_is_optional( $interface); + " error_message \"WARNING: Cannot set IPv6 forwarding on $interface\"" ) unless $optional; emit "fi\n"; } diff --git a/Shorewall/Perl/Shorewall/Proxyarp.pm b/Shorewall/Perl/Shorewall/Proxyarp.pm index 6c9e6aeae..fd0efd9cf 100644 --- a/Shorewall/Perl/Shorewall/Proxyarp.pm +++ b/Shorewall/Perl/Shorewall/Proxyarp.pm @@ -117,6 +117,8 @@ sub setup_proxy_arp() { $first_entry = 0; } + $interface = get_physical $interface; + $set{$interface} = 1; $reset{$external} = 1 unless $set{$external}; @@ -143,10 +145,14 @@ sub setup_proxy_arp() { for my $interface ( @$interfaces ) { my $value = get_interface_option $interface, 'proxyarp'; + my $optional = interface_is_optional $interface; + + $interface = get_physical $interface; + emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" , " echo $value > /proc/sys/net/ipv4/conf/$interface/proxy_arp" ); emit ( 'else' , - " error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless interface_is_optional( $interface ); + " error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless $optional; emit "fi\n"; } } @@ -158,10 +164,14 @@ sub setup_proxy_arp() { for my $interface ( @$interfaces ) { my $value = get_interface_option $interface, 'proxyndp'; + my $optional = interface_is_optional $interface; + + $interface = get_physical $interface; + emit ( "if [ -f /proc/sys/net/ipv6/conf/$interface/proxy_ndp ] ; then" , " echo $value > /proc/sys/net/ipv6/conf/$interface/proxy_ndp" ); emit ( 'else' , - " error_message \"WARNING: Unable to set/reset Proxy NDP on $interface\"" ) unless interface_is_optional( $interface ); + " error_message \"WARNING: Unable to set/reset Proxy NDP on $interface\"" ) unless $optional; emit "fi\n"; } }