holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Detect duplicate routes.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-03-22 14:59:35 -07:00
parent 215fd9e234
commit 536fea27a5
1 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -105,11 +105,11 @@ sub initialize( $ ) {
$maxload = 0; $maxload = 0;
$tproxies = 0; $tproxies = 0;
%providers = ( local => { number => LOCAL_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] } , %providers = ( local => { number => LOCAL_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] , routedests => {} } ,
main => { number => MAIN_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] } , main => { number => MAIN_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] , routedests => {} } ,
default => { number => DEFAULT_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] } , default => { number => DEFAULT_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] , routedests => {} } ,
balance => { number => BALANCE_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] } , balance => { number => BALANCE_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] , routedests => {} } ,
unspec => { number => UNSPEC_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] } ); unspec => { number => UNSPEC_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] , routedests => {} } );
@providers = (); @providers = ();
} }
@ -625,6 +625,7 @@ sub process_a_provider( $ ) {
what => $what , what => $what ,
rules => [] , rules => [] ,
routes => [] , routes => [] ,
routedests => {} ,
}; };
$provider_interfaces{$interface} = $table unless $shared; $provider_interfaces{$interface} = $table unless $shared;
@ -1142,9 +1143,18 @@ sub add_a_route( ) {
my $number = $providerref->{number}; my $number = $providerref->{number};
my $physical = $device eq '-' ? $providers{$provider}{physical} : physical_name( $device ); my $physical = $device eq '-' ? $providers{$provider}{physical} : physical_name( $device );
my $routes = $providerref->{routes}; my $routes = $providerref->{routes};
my $routedests = $providerref->{routedests};
fatal_error "You may not add routes to the $provider table" if $number == LOCAL_TABLE || $number == UNSPEC_TABLE; fatal_error "You may not add routes to the $provider table" if $number == LOCAL_TABLE || $number == UNSPEC_TABLE;
$dest .= join( '', '/', $family == 4 ? '32' : '128' ) unless $dest =~ '/';
if ( $routedests->{$dest} ) {
fatal_error "Duplicate DEST ($dest) in table ($provider)";
} else {
$routedests->{$dest} = 1;
}
if ( $gateway ne '-' ) { if ( $gateway ne '-' ) {
if ( $device ne '-' ) { if ( $device ne '-' ) {
push @$routes, qq(run_ip route replace $dest via $gateway dev $physical table $number); push @$routes, qq(run_ip route replace $dest via $gateway dev $physical table $number);
@ -1171,10 +1181,14 @@ sub setup_null_routing() {
save_progress_message "Null Routing the RFC 1918 subnets"; save_progress_message "Null Routing the RFC 1918 subnets";
emit "> \${VARDIR}/undo_rfc1918_routing\n"; emit "> \${VARDIR}/undo_rfc1918_routing\n";
for ( rfc1918_networks ) { for ( rfc1918_networks ) {
emit( qq(if ! \$IP -4 route ls | grep -q '^$_.* dev '; then), if ( $providers{main}{routedests}{$_} ) {
qq( run_ip route replace $type $_), warning_message "No NULL_ROUTE_RFC1918 route added for $_; there is already a route to that network defined in the routes file";
qq( echo "\$IP -4 route del $type $_ > /dev/null 2>&1" >> \${VARDIR}/undo_rfc1918_routing), } else {
qq(fi\n) ); emit( qq(if ! \$IP -4 route ls | grep -q '^$_.* dev '; then),
qq( run_ip route replace $type $_),
qq( echo "\$IP -4 route del $type $_ > /dev/null 2>&1" >> \${VARDIR}/undo_rfc1918_routing),
qq(fi\n) );
}
} }
} }