holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add 'proxyndp' interface option

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9039 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-13 22:17:21 +00:00
parent 39a33ba07c
commit 620ad874c1
4 changed files with 65 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-common/changelog.txt
View File

@ -6,6 +6,10 @@ Changes in Shorewall 4.3.3
3) Enabled Traffic Shaping 3) Enabled Traffic Shaping
4) Convert AllowICMPs to a builtin action.
5) Add 'proxyndp' interface option.
Changes in Shorewall 4.3.2 Changes in Shorewall 4.3.2
1) Added 'dhcp' option. 1) Added 'dhcp' option.

6
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -70,7 +70,7 @@ sub reinitialize() {
Shorewall::Actions::initialize( $family ); Shorewall::Actions::initialize( $family );
Shorewall::Accounting::initialize; Shorewall::Accounting::initialize;
Shorewall::Rules::initialize($family); Shorewall::Rules::initialize($family);
Shorewall::Proxyarp::initialize; Shorewall::Proxyarp::initialize($family);
Shorewall::IPAddrs::initialize($family); Shorewall::IPAddrs::initialize($family);
} }
@ -972,9 +972,9 @@ sub compiler {
setup_source_routing; setup_source_routing;
# #
# Proxy Arp # Proxy Arp/Ndp
# #
setup_proxy_arp if $family == F_IPV4; setup_proxy_arp;
# #
# Handle MSS setings in the zones file # Handle MSS setings in the zones file
# #

24
Shorewall-perl/Shorewall/Proxyarp.pm
View File

@ -39,6 +39,8 @@ our $VERSION = 4.0.6;
our @proxyarp; our @proxyarp;
our $family;
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Initialize globals -- we take this novel approach to globals initialization to allow
# the compiler to run multiple times in the same process. The # the compiler to run multiple times in the same process. The
@ -48,12 +50,13 @@ our @proxyarp;
# the second and subsequent calls to that function. # the second and subsequent calls to that function.
# #
sub initialize() { sub initialize( $ ) {
$family = shift;
@proxyarp = (); @proxyarp = ();
} }
INIT { INIT {
initialize; initialize( F_IPV4 );
} }
sub setup_one_proxy_arp( $$$$$ ) { sub setup_one_proxy_arp( $$$$$ ) {
@ -95,6 +98,7 @@ sub setup_one_proxy_arp( $$$$$ ) {
# Setup Proxy ARP # Setup Proxy ARP
# #
sub setup_proxy_arp() { sub setup_proxy_arp() {
if ( $family == F_IPV4 ) {
my $interfaces= find_interfaces_by_option 'proxyarp'; my $interfaces= find_interfaces_by_option 'proxyarp';
my $fn = open_file 'proxyarp'; my $fn = open_file 'proxyarp';
@ -149,6 +153,22 @@ sub setup_proxy_arp() {
emit "fi\n"; emit "fi\n";
} }
} }
} else {
my $interfaces= find_interfaces_by_option 'proxyndp';
if ( @$interfaces ) {
save_progress_message "Setting up Proxy NDP...";
for my $interface ( @$interfaces ) {
my $value = get_interface_option $interface, 'proxyndp';
emit ( "if [ -f /proc/sys/net/ipv6/conf/$interface/proxy_ndp ] ; then" ,
" echo $value > /proc/sys/net/ipv6/conf/$interface/proxy_ndp" );
emit ( 'else' ,
" error_message \"WARNING: Unable to set/reset Proxy NDP on $interface\"" ) unless interface_is_optional( $interface );
emit "fi\n";
}
}
}
} }
sub dump_proxy_arp() { sub dump_proxy_arp() {

1
Shorewall-perl/Shorewall/Zones.pm
View File

@ -631,6 +631,7 @@ sub validate_interfaces_file( $ )
maclist => SIMPLE_IF_OPTION, maclist => SIMPLE_IF_OPTION,
nosmurfs => SIMPLE_IF_OPTION, nosmurfs => SIMPLE_IF_OPTION,
optional => SIMPLE_IF_OPTION, optional => SIMPLE_IF_OPTION,
proxyndp => BINARY_IF_OPTION,
routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY, routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY,
sourceroute => BINARY_IF_OPTION, sourceroute => BINARY_IF_OPTION,
tcpflags => SIMPLE_IF_OPTION, tcpflags => SIMPLE_IF_OPTION,