holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

RESTORE_WAIT_OPTION

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-08-13 17:53:59 -07:00
parent 0603f8e355
commit 7e3521e221
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
3 changed files with 38 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall-core/lib.cli
View File

@ -25,7 +25,7 @@
# loaded after this one and replaces some of the functions declared here. # loaded after this one and replaces some of the functions declared here.
# #
SHOREWALL_CAPVERSION=50105 SHOREWALL_CAPVERSION=50106
if [ -z "$g_basedir" ]; then if [ -z "$g_basedir" ]; then
# #
@ -2804,6 +2804,7 @@ determine_capabilities() {
CPU_FANOUT= CPU_FANOUT=
NETMAP_TARGET= NETMAP_TARGET=
NFLOG_SIZE= NFLOG_SIZE=
RESTORE_WAIT_OPTION=
AMANDA_HELPER= AMANDA_HELPER=
FTP_HELPER= FTP_HELPER=
@ -2827,9 +2828,11 @@ determine_capabilities() {
qt $arptables -L OUT && ARPTABLESJF=Yes qt $arptables -L OUT && ARPTABLESJF=Yes
fi fi
[ -z "$(${g_tool}-restore --wait < /dev/null 2>&1)" ] && RESTORE_WAIT_OPTION=Yes
if qt $g_tool --wait -t filter -L INPUT -n -v; then if qt $g_tool --wait -t filter -L INPUT -n -v; then
WAIT_OPTION=Yes WAIT_OPTION=Yes
tool="$tool --wait" g_tool="$g_tool --wait"
fi fi
chain=fooX$$ chain=fooX$$
@ -3299,9 +3302,11 @@ report_capabilities_unsorted() {
if [ $g_family -eq 4 ]; then if [ $g_family -eq 4 ]; then
report_capability "iptables -S (IPTABLES_S)" $IPTABLES_S report_capability "iptables -S (IPTABLES_S)" $IPTABLES_S
report_capability "iptables --wait option (WAIT_OPTION)" $WAIT_OPTION report_capability "iptables --wait option (WAIT_OPTION)" $WAIT_OPTION
report_capability "iptables-restore --wait option (RESTORE_WAIT_OPTION)" $RESTORE_WAIT_OPTION
else else
report_capability "ip6tables -S (IPTABLES_S)" $IPTABLES_S report_capability "ip6tables -S (IPTABLES_S)" $IPTABLES_S
report_capability "ip6tables --wait option (WAIT_OPTION)" $WAIT_OPTION report_capability "ip6tables --wait option (WAIT_OPTION)" $WAIT_OPTION
report_capability "ip6tables-restore --wait option (RESTORE_WAIT_OPTION)" $RESTORE_WAIT_OPTION
fi fi
report_capability "Basic Filter (BASIC_FILTER)" $BASIC_FILTER report_capability "Basic Filter (BASIC_FILTER)" $BASIC_FILTER
@ -3417,6 +3422,7 @@ report_capabilities_unsorted1() {
report_capability1 CPU_FANOUT report_capability1 CPU_FANOUT
report_capability1 NETMAP_TARGET report_capability1 NETMAP_TARGET
report_capability1 NFLOG_SIZE report_capability1 NFLOG_SIZE
report_capability1 RESTORE_WAIT_OPTION
report_capability1 AMANDA_HELPER report_capability1 AMANDA_HELPER
report_capability1 FTP_HELPER report_capability1 FTP_HELPER

24
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -8913,9 +8913,15 @@ sub create_netfilter_load( $ ) {
my $UTILITY = $family == F_IPV4 ? 'IPTABLES_RESTORE' : 'IP6TABLES_RESTORE'; my $UTILITY = $family == F_IPV4 ? 'IPTABLES_RESTORE' : 'IP6TABLES_RESTORE';
emit( '', emit( '',
'if [ "$COMMAND" = reload -a -n "$g_counters" ] && chain_exists $g_sha1sum1 && chain_exists $g_sha1sum2 ; then', 'if [ "$COMMAND" = reload -a -n "$g_counters" ] && chain_exists $g_sha1sum1 && chain_exists $g_sha1sum2 ; then' );
' option="--counters"',
'', if ( have_capability( 'RESTORE_WAIT_OPTION' ) ) {
emit( ' option="--counters --wait"' );
} else {
emit( ' option="--counters"' );
}
emit( '',
' progress_message "Reusing existing ruleset..."', ' progress_message "Reusing existing ruleset..."',
'', '',
'else' 'else'
@ -8923,7 +8929,11 @@ sub create_netfilter_load( $ ) {
push_indent; push_indent;
emit 'option='; if ( have_capability( 'RESTORE_WAIT_OPTION' ) ) {
emit 'option="--wait"';
} else {
emit 'option=';
}
save_progress_message "Preparing $utility input..."; save_progress_message "Preparing $utility input...";
@ -9338,7 +9348,11 @@ sub create_stop_load( $ ) {
enter_cmd_mode; enter_cmd_mode;
emit( '[ -n "$g_debug_iptables" ] && command=debug_restore_input || command=$' . $UTILITY ); if ( have_capability( 'RESTORE_WAIT_OPTION' ) ) {
emit( '[ -n "$g_debug_iptables" ] && command=debug_restore_input || command=$' . $UTILITY . ' --wait' );
} else {
emit( '[ -n "$g_debug_iptables" ] && command=debug_restore_input || command=$' . $UTILITY );
}
emit( '', emit( '',
'progress_message2 "Running $command..."', 'progress_message2 "Running $command..."',

13
Shorewall/Perl/Shorewall/Config.pm
View File

@ -414,7 +414,8 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
CPU_FANOUT => 'NFQUEUE CPU Fanout', CPU_FANOUT => 'NFQUEUE CPU Fanout',
NETMAP_TARGET => 'NETMAP Target', NETMAP_TARGET => 'NETMAP Target',
NFLOG_SIZE => '--nflog-size support', NFLOG_SIZE => '--nflog-size support',
RESTORE_WAIT_OPTION
=> 'iptables-restore --wait option',
AMANDA_HELPER => 'Amanda Helper', AMANDA_HELPER => 'Amanda Helper',
FTP_HELPER => 'FTP Helper', FTP_HELPER => 'FTP Helper',
FTP0_HELPER => 'FTP-0 Helper', FTP0_HELPER => 'FTP-0 Helper',
@ -752,7 +753,7 @@ sub initialize( $;$$) {
EXPORT => 0, EXPORT => 0,
KLUDGEFREE => '', KLUDGEFREE => '',
VERSION => "5.1.5-RC1", VERSION => "5.1.5-RC1",
CAPVERSION => 50105 , CAPVERSION => 50106 ,
BLACKLIST_LOG_TAG => '', BLACKLIST_LOG_TAG => '',
RELATED_LOG_TAG => '', RELATED_LOG_TAG => '',
MACLIST_LOG_TAG => '', MACLIST_LOG_TAG => '',
@ -1046,6 +1047,7 @@ sub initialize( $;$$) {
CPU_FANOUT => undef, CPU_FANOUT => undef,
NETMAP_TARGET => undef, NETMAP_TARGET => undef,
NFLOG_SIZE => undef, NFLOG_SIZE => undef,
RESTORE_WAIT_OPTION => undef,
AMANDA_HELPER => undef, AMANDA_HELPER => undef,
FTP_HELPER => undef, FTP_HELPER => undef,
@ -4948,6 +4950,10 @@ sub Cpu_Fanout() {
have_capability( 'NFQUEUE_TARGET' ) && qt1( "$iptables -A $sillyname -j NFQUEUE --queue-balance 0:3 --queue-cpu-fanout" ); have_capability( 'NFQUEUE_TARGET' ) && qt1( "$iptables -A $sillyname -j NFQUEUE --queue-balance 0:3 --queue-cpu-fanout" );
} }
sub Restore_Wait_Option() {
length( `${iptables}-restore --wait < /dev/null 2>&1` ) == 0;
}
our %detect_capability = our %detect_capability =
( ACCOUNT_TARGET =>\&Account_Target, ( ACCOUNT_TARGET =>\&Account_Target,
AMANDA_HELPER => \&Amanda_Helper, AMANDA_HELPER => \&Amanda_Helper,
@ -5028,6 +5034,7 @@ our %detect_capability =
REALM_MATCH => \&Realm_Match, REALM_MATCH => \&Realm_Match,
REAP_OPTION => \&Reap_Option, REAP_OPTION => \&Reap_Option,
RECENT_MATCH => \&Recent_Match, RECENT_MATCH => \&Recent_Match,
RESTORE_WAIT_OPTION => \&Restore_Wait_Option,
RPFILTER_MATCH => \&RPFilter_Match, RPFILTER_MATCH => \&RPFilter_Match,
SANE_HELPER => \&SANE_Helper, SANE_HELPER => \&SANE_Helper,
SANE0_HELPER => \&SANE0_Helper, SANE0_HELPER => \&SANE0_Helper,
@ -5195,6 +5202,8 @@ sub determine_capabilities() {
$capabilities{CPU_FANOUT} = detect_capability( 'CPU_FANOUT' ); $capabilities{CPU_FANOUT} = detect_capability( 'CPU_FANOUT' );
$capabilities{NETMAP_TARGET} = detect_capability( 'NETMAP_TARGET' ); $capabilities{NETMAP_TARGET} = detect_capability( 'NETMAP_TARGET' );
$capabilities{NFLOG_SIZE} = detect_capability( 'NFLOG_SIZE' ); $capabilities{NFLOG_SIZE} = detect_capability( 'NFLOG_SIZE' );
$capabilities{RESTORE_WAIT_OPTION}
= detect_capability( 'RESTORE_WAIT_OPTION' );
unless ( have_capability 'CT_TARGET' ) { unless ( have_capability 'CT_TARGET' ) {
$capabilities{HELPER_MATCH} = detect_capability 'HELPER_MATCH'; $capabilities{HELPER_MATCH} = detect_capability 'HELPER_MATCH';