diff --git a/Shorewall/firewall b/Shorewall/firewall index 0f23018ff..cdd6fac75 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -3822,12 +3822,13 @@ refresh_tc() { done < $TMP_DIR/tcrules else setup_tc1 + fi - f=$(find_file tcstart) + f=$(find_file tcstart) - if [ -x &f ]; then - eval $f - fi + if [ -x $f ]; then + export CONFIG_PATH + eval $f fi } diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 13ca74779..4da9ea452 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -8,6 +8,9 @@ Problems Corrected in 2.5.7: ADMINISABSENTMINDED=Yes. That traffic is now enabled independent of the setting of ADMINISABSENTMINDED. +2) The "shorewall refresh" command was clearing traffic shaping but not + reconfiguring it. + Problems Corrected in 2.5.6: 1) The following fatal error could occur at startup: diff --git a/Shorewall/tcstart b/Shorewall/tcstart index a06df7d5e..46beaa89a 100755 --- a/Shorewall/tcstart +++ b/Shorewall/tcstart @@ -4,7 +4,7 @@ # (c) 2005 Arne Bernin # published under GPL Version 2 -if [ -z "$COMMAND" ]; then +if [ "$SHOREWALL_LIBRARY" != Loaded ]; then SHOREWALL_DIR=. SHARED_DIR=/usr/share/shorewall FUNCTIONS=$SHARED_DIR/functions @@ -12,22 +12,22 @@ if [ -z "$COMMAND" ]; then . $FUNCTIONS ensure_and_save_command() - { - if ! eval $* ; then - [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR - exit 2 - fi + { + if ! eval $* ; then + [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR + exit 2 + fi } run_and_save_command() { eval $*; } save_progress_message() { echo $@; } - fatal_error() - { - echo " ERROR: $@" >&2 - [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR - exit 2 + fatal_error() + { + echo " ERROR: $@" >&2 + [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR + exit 2 } TMP_DIR= @@ -99,17 +99,17 @@ setup_traffic_shaping() ;; *) echo $1 - return 1 + return 1 ;; esac done return 0 - } + } get_defmark_for_dev() { local searchdev searchmark device ceil prio options searchdev=$1 - + while read device mark rate ceil prio options; do expandv device mark rate ceil prio options options=$(separate_list $options | tr '[A-Z]' '[a-z]') @@ -132,14 +132,14 @@ setup_traffic_shaping() while read device inband outband; do expandv device inband outband tcdev="$device $inband $outband" - check_defmark_for_dev $device || fatal_error "Option default is not defined for any class in tcclasses for interface $device" + check_defmark_for_dev $device || fatal_error "Option default is not defined for any class in tcclasses for interface $device" case $interface in *:*|+) fatal_error "Invalid Interface Name: $interface" ;; - esac + esac list_search $device $devices && fatal_error "Interface $device is defined more than once in tcdevices" - tc_all_devices="$tc_all_devices $device" + tc_all_devices="$tc_all_devices $device" done < $TMP_DIR/tcdevices } @@ -156,11 +156,11 @@ setup_traffic_shaping() list_search "$device-$opt" $allopts && fatal_error "option $opt already defined in a chain for interface $device in tcclasses" allopts="$allopts $device-$opt" done - wrongopt=$(check_tcclasses_options $options) || fatal_error "unknown option $wrongopt for class iface $device mark $mark in tcclasses file" + wrongopt=$(check_tcclasses_options $options) || fatal_error "unknown option $wrongopt for class iface $device mark $mark in tcclasses file" if [ -z "$ratew" ] ; then fatal_error "device $device seems not to be configured in tcdevices" - fi - list_search "$device-$mark" $classlist && fatal_error "Mark $mark for interface $device defined more than once in tcclasses" + fi + list_search "$device-$mark" $classlist && fatal_error "Mark $mark for interface $device defined more than once in tcclasses" classlist="$classlist $device-$mark" done < $TMP_DIR/tcclasses } @@ -173,7 +173,7 @@ setup_traffic_shaping() run_and_save_command qt tc qdisc del dev $device root run_and_save_command qt tc qdisc del dev $device ingress ensure_and_save_command tc qdisc add dev $device root handle 1: htb default 1$defmark - ensure_and_save_command tc class add dev $device parent 1: classid 1:1 htb rate $outband + ensure_and_save_command tc class add dev $device parent 1: classid 1:1 htb rate $outband ensure_and_save_command tc qdisc add dev $device handle ffff: ingress ensure_and_save_command tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband} burst 10k drop flowid :1 } @@ -186,11 +186,11 @@ setup_traffic_shaping() if [ -z "$prio" ] ; then prio=1 fi - + case $rate in *full*) rate=$(echo $rate | sed -e "s/full/$full/") - rate="$(($rate))kbit" + rate="$(($rate))kbit" ;; esac @@ -200,7 +200,7 @@ setup_traffic_shaping() ceil="$(($ceil))kbit" ;; esac - + ensure_and_save_command tc class add dev $device parent 1:1 classid 1:1$mark htb rate $rate ceil $ceil prio $prio quantum $(calculate_quantum $rate) ensure_and_save_command tc qdisc add dev $device parent 1:1$mark handle 1$mark: sfq perturb 10 # add filters @@ -229,7 +229,7 @@ setup_traffic_shaping() expandv device inband outband defmark ackmark tcdev="$device $inband $outband" add_root_tc - progress_message " TC Device $tcdev Added." + progress_message " TC Device $tcdev Added." done < $TMP_DIR/tcdevices fi @@ -241,7 +241,7 @@ setup_traffic_shaping() tcdev="$device $mark $rate $ceil $prio $options" options=$(separate_list $options | tr '[A-Z]' '[a-z]') add_tc_class - progress_message " TC Class \"$tcdev\" Added." + progress_message " TC Class \"$tcdev\" Added." done < $TMP_DIR/tcclasses fi