holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Split add_a_provider() into two functions.

Browse Source 
- Avoid generating add_xxx_routes() and add_xxx_rules
- Only configure tc during 'enable'
- Fix a bad bug (routes were actually rules)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-08-28 07:54:47 -07:00
parent 90f83fd9fd
commit 65fe958e8e
1 changed files with 100 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -263,9 +263,10 @@ sub start_provider( $$$ ) {
emit "echo \". \${VARDIR}/undo_${table}_routing\" >> \${VARDIR}/undo_routing"; emit "echo \". \${VARDIR}/undo_${table}_routing\" >> \${VARDIR}/undo_routing";
} }
sub add_a_provider( $ ) { #
# Process a record in the providers file
my $tcdevices = shift; #
sub process_a_provider() {
my ($table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy ) = split_line 6, 8, 'providers file'; my ($table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy ) = split_line 6, 8, 'providers file';
@ -297,8 +298,6 @@ sub add_a_provider( $ ) {
fatal_error "A bridge port ($interface) may not be configured as a provider interface" if port_to_bridge $interface; fatal_error "A bridge port ($interface) may not be configured as a provider interface" if port_to_bridge $interface;
my $physical = get_physical $interface; my $physical = get_physical $interface;
my $dev = chain_base $physical;
my $base = uc $dev;
my $gatewaycase = ''; my $gatewaycase = '';
if ( $gateway eq 'detect' ) { if ( $gateway eq 'detect' ) {
@ -368,6 +367,13 @@ sub add_a_provider( $ ) {
fatal_error q(The 'balance' and 'fallback' options are mutually exclusive) if $balance && $default; fatal_error q(The 'balance' and 'fallback' options are mutually exclusive) if $balance && $default;
if ( $local ) {
fatal_error "GATEWAY not valid with 'local' provider" unless $gatewaycase eq 'none';
fatal_error "'track' not valid with 'local'" if $track;
fatal_error "DUPLICATE not valid with 'local'" if $duplicate ne '-';
fatal_error "MARK required with 'local'" unless $mark;
}
my $val = 0; my $val = 0;
my $pref; my $pref;
@ -402,8 +408,18 @@ sub add_a_provider( $ ) {
$balance = $default_balance unless $balance; $balance = $default_balance unless $balance;
fatal_error "Interface $interface is already associated with non-shared provider $provider_interfaces{$interface}" if $provider_interfaces{$table};
if ( $duplicate ne '-' ) {
fatal_error "The DUPLICATE column must be empty when USE_DEFAULT_RT=Yes" if $config{USE_DEFAULT_RT};
} elsif ( $copy ne '-' ) {
fatal_error "The COPY column must be empty when USE_DEFAULT_RT=Yes" if $config{USE_DEFAULT_RT};
fatal_error 'A non-empty COPY column requires that a routing table be specified in the DUPLICATE column';
}
$providers{$table} = { provider => $table, $providers{$table} = { provider => $table,
number => $number , number => $number ,
rawmark => $mark ,
mark => $val ? in_hex($val) : $val , mark => $val ? in_hex($val) : $val ,
interface => $interface , interface => $interface ,
physical => $physical , physical => $physical ,
@ -412,6 +428,15 @@ sub add_a_provider( $ ) {
gatewaycase => $gatewaycase , gatewaycase => $gatewaycase ,
shared => $shared , shared => $shared ,
default => $default , default => $default ,
copy => $copy ,
balance => $balance ,
pref => $pref ,
mtu => $mtu ,
track => $track ,
loose => $loose ,
duplicate => $duplicate ,
address => $address ,
local => $local ,
rules => [] , rules => [] ,
routes => [] , routes => [] ,
}; };
@ -430,9 +455,39 @@ sub add_a_provider( $ ) {
push @routemarked_providers, $providers{$table}; push @routemarked_providers, $providers{$table};
} }
my $realm = ''; push @providers, $table;
fatal_error "Interface $interface is already associated with non-shared provider $provider_interfaces{$interface}" if $provider_interfaces{$table}; }
#
# Generate the start_provider_...() function for the passed provider
#
sub add_a_provider( $$ ) {
my ( $providerref, $tcdevices ) = @_;
my $table = $providerref->{provider};
my $number = $providerref->{number};
my $mark = $providerref->{rawmark};
my $interface = $providerref->{interface};
my $physical = $providerref->{physical};
my $optional = $providerref->{optional};
my $gateway = $providerref->{gateway};
my $gatewaycase = $providerref->{gatewaycase};
my $shared = $providerref->{shared};
my $default = $providerref->{default};
my $copy = $providerref->{copy};
my $balance = $providerref->{balance};
my $pref = $providerref->{pref};
my $mtu = $providerref->{mtu};
my $track = $providerref->{track};
my $loose = $providerref->{loose};
my $duplicate = $providerref->{duplicate};
my $address = $providerref->{address};
my $local = $providerref->{local};
my $dev = chain_base $physical;
my $base = uc $dev;
my $realm = '';
if ( $shared ) { if ( $shared ) {
my $variable = $providers{$table}{mac} = get_interface_mac( $gateway, $interface , $table ); my $variable = $providers{$table}{mac} = get_interface_mac( $gateway, $interface , $table );
@ -470,7 +525,6 @@ sub add_a_provider( $ ) {
} }
if ( $duplicate ne '-' ) { if ( $duplicate ne '-' ) {
fatal_error "The DUPLICATE column must be empty when USE_DEFAULT_RT=Yes" if $config{USE_DEFAULT_RT};
if ( $copy eq '-' ) { if ( $copy eq '-' ) {
copy_table ( $duplicate, $number, $realm ); copy_table ( $duplicate, $number, $realm );
} else { } else {
@ -482,9 +536,6 @@ sub add_a_provider( $ ) {
copy_and_edit_table( $duplicate, $number ,$copy , $realm); copy_and_edit_table( $duplicate, $number ,$copy , $realm);
} }
} elsif ( $copy ne '-' ) {
fatal_error "The COPY column must be empty when USE_DEFAULT_RT=Yes" if $config{USE_DEFAULT_RT};
fatal_error 'A non-empty COPY column requires that a routing table be specified in the DUPLICATE column';
} }
if ( $gateway ) { if ( $gateway ) {
@ -522,39 +573,42 @@ sub add_a_provider( $ ) {
} }
} }
if ( $local ) { unless ( $local ) {
fatal_error "GATEWAY not valid with 'local' provider" unless $gatewaycase eq 'none'; if ( $loose ) {
fatal_error "'track' not valid with 'local'" if $track; if ( $config{DELETE_THEN_ADD} ) {
fatal_error "DUPLICATE not valid with 'local'" if $duplicate ne '-'; emit ( "\nfind_interface_addresses $physical | while read address; do",
fatal_error "MARK required with 'local'" unless $mark; " qt \$IP -$family rule del from \$address",
} elsif ( $loose ) { 'done'
if ( $config{DELETE_THEN_ADD} ) { );
emit ( "\nfind_interface_addresses $physical | while read address; do", }
" qt \$IP -$family rule del from \$address", } elsif ( $shared ) {
'done' emit "qt \$IP -$family rule del from $address" if $config{DELETE_THEN_ADD};
); emit( "run_ip rule add from $address pref 20000 table $number" ,
"echo \"qt \$IP -$family rule del from $address\" >> \${VARDIR}/undo_${table}_routing" );
} else {
my $rulebase = 20000 + ( 256 * ( $number - 1 ) );
emit "\nrulenum=0\n";
emit ( "find_interface_addresses $physical | while read address; do" );
emit ( " qt \$IP -$family rule del from \$address" ) if $config{DELETE_THEN_ADD};
emit ( " run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number",
" echo \"qt \$IP -$family rule del from \$address\" >> \${VARDIR}/undo_${table}_routing",
' rulenum=$(($rulenum + 1))',
'done'
);
} }
} elsif ( $shared ) {
emit "qt \$IP -$family rule del from $address" if $config{DELETE_THEN_ADD};
emit( "run_ip rule add from $address pref 20000 table $number" ,
"echo \"qt \$IP -$family rule del from $address\" >> \${VARDIR}/undo_${table}_routing" );
} else {
my $rulebase = 20000 + ( 256 * ( $number - 1 ) );
emit "\nrulenum=0\n";
emit ( "find_interface_addresses $physical | while read address; do" );
emit ( " qt \$IP -$family rule del from \$address" ) if $config{DELETE_THEN_ADD};
emit ( " run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number",
" echo \"qt \$IP -$family rule del from \$address\" >> \${VARDIR}/undo_${table}_routing",
' rulenum=$(($rulenum + 1))',
'done'
);
} }
emit "\nadd_${table}_routing_rules"; if ( @{$providerref->{rules}} ) {
emit "add_${table}_routes"; emit '';
emit "setup_${dev}_tc" if $tcdevices->{$interface}; emit $_ for @{$providers{$table}->{rules}};
}
if ( @{$providerref->{routes}} ) {
emit '';
emit $_ for @{$providers{$table}->{routes}};
}
emit( '', emit( '',
'if [ $COMMAND = enable ]; then' 'if [ $COMMAND = enable ]; then'
@ -577,6 +631,8 @@ sub add_a_provider( $ ) {
pop_indent; pop_indent;
} }
emit " setup_${dev}_tc" if $tcdevices->{$interface};
emit ( qq( progress_message " Provider $table ($number) Started"), emit ( qq( progress_message " Provider $table ($number) Started"),
'else', 'else',
qq( progress_message2 " Provider $table ($number) Started"), qq( progress_message2 " Provider $table ($number) Started"),
@ -650,8 +706,6 @@ sub add_a_provider( $ ) {
emit '}'; emit '}';
} }
push @providers, $table;
progress_message " Provider \"$currentline\" $done"; progress_message " Provider \"$currentline\" $done";
} }
@ -916,7 +970,7 @@ sub process_providers( $ ) {
if ( my $fn = open_file 'providers' ) { if ( my $fn = open_file 'providers' ) {
first_entry "$doing $fn..."; first_entry "$doing $fn...";
add_a_provider( $tcdevices ), $providers++ while read_a_line; process_a_provider, $providers++ while read_a_line;
} }
if ( $providers ) { if ( $providers ) {
@ -939,33 +993,7 @@ sub process_providers( $ ) {
} }
} }
for my $provider ( @providers ) { add_a_provider( $providers{$_}, $tcdevices ) for @providers;
emit "\n#\n# Add ${provider}'s Routing Rules\n#\nadd_${provider}_routing_rules() {";
push_indent;
if ( @{$providers{$provider}->{rules}} ) {
emit $_ for @{$providers{$provider}->{rules}};
} else {
emit 'true';
}
pop_indent;
emit '}';
}
for my $provider ( @providers ) {
emit "\n#\n# Add ${provider}'s Routes\n#\nadd_${provider}_routes() {";
push_indent;
if ( @{$providers{$provider}->{rules}} ) {
emit $_ for @{$providers{$provider}->{rules}};
} else {
emit 'true';
}
pop_indent;
emit '}';
}
emit << 'EOF';; emit << 'EOF';;