From 90f33dd4361db2e121865032fb46b643dbf7daec Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 23 Aug 2017 10:19:52 -0700 Subject: [PATCH] Eliminate MODULE_SUFFIX Signed-off-by: Tom Eastep --- Shorewall-core/lib.common | 20 ++++++------- Shorewall-lite/shorecap | 3 +- Shorewall/Perl/Shorewall/Config.pm | 29 ++++++++----------- Shorewall/Samples/Universal/shorewall.conf | 2 -- .../Samples/one-interface/shorewall.conf | 2 -- .../Samples/three-interfaces/shorewall.conf | 2 -- .../Samples/two-interfaces/shorewall.conf | 2 -- Shorewall/configfiles/shorewall.conf | 2 -- Shorewall/lib.cli-std | 4 +-- Shorewall/manpages/shorewall-modules.xml | 2 +- Shorewall/manpages/shorewall.conf.xml | 12 -------- Shorewall6-lite/shorecap | 3 +- Shorewall6/Samples6/Universal/shorewall6.conf | 2 -- .../Samples6/one-interface/shorewall6.conf | 2 -- .../Samples6/three-interfaces/shorewall6.conf | 2 -- .../Samples6/two-interfaces/shorewall6.conf | 2 -- Shorewall6/configfiles/shorewall6.conf | 2 -- 17 files changed, 27 insertions(+), 66 deletions(-) diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common index ac2687f69..1b9ee9966 100644 --- a/Shorewall-core/lib.common +++ b/Shorewall-core/lib.common @@ -282,13 +282,15 @@ loadmodule() # $1 = module name, $2 - * arguments insmod) for directory in $moduledirectories; do for modulefile in $directory/${modulename}.*; do - insmod $modulefile $moduleoptions - return + if [ -f $modulefile ]; then + insmod $modulefile $moduleoptions + return + fi done done ;; *) - modprobe $modulename $moduleoptions 2> /dev/null + modprobe -q $modulename $moduleoptions ;; esac fi @@ -298,13 +300,15 @@ loadmodule() # $1 = module name, $2 - * arguments insmod) for directory in $moduledirectories; do for modulefile in $directory/${modulename}.*; do - insmod $modulefile $moduleoptions - return + if [ -f $modulefile ]; then + insmod $modulefile $moduleoptions + return + fi done done ;; *) - modprobe $modulename $moduleoptions 2> /dev/null + modprobe -q $modulename $moduleoptions ;; esac fi @@ -329,8 +333,6 @@ reload_kernel_modules() { moduleloader=insmod fi - [ -n "${MODULE_SUFFIX:=ko ko.gz ko.xz o o.gz o.xz gz xz}" ] - if [ -n "$MODULESDIR" ]; then case "$MODULESDIR" in +*) @@ -385,8 +387,6 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR moduleloader=insmod fi - [ -n "${MODULE_SUFFIX:=o gz xz ko o.gz o.xz ko.gz ko.xz}" ] - if [ -n "$MODULESDIR" ]; then case "$MODULESDIR" in +*) diff --git a/Shorewall-lite/shorecap b/Shorewall-lite/shorecap index c1cbe3649..064bdf418 100755 --- a/Shorewall-lite/shorecap +++ b/Shorewall-lite/shorecap @@ -28,7 +28,7 @@ # # On the target system (the system where the firewall program is to run): # -# [ IPTABLES= ] [ MODULESDIR= ] [ MODULE_SUFFIX="" ] shorecap > capabilities +# [ IPTABLES= ] [ MODULESDIR= ] shorecap > capabilities # # Now move the capabilities file to the compilation system. The file must # be placed in a directory on the CONFIG_PATH to be used when compiling firewalls @@ -38,7 +38,6 @@ # # IPTABLES - iptables # MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter -# MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz" # # Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is # used during firewall compilation, then the generated firewall program will likewise not diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index e7c8373a1..26df4b5bd 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -36,6 +36,7 @@ use strict; use warnings; use File::Basename; use File::Temp qw/ tempfile tempdir /; +use File::Glob ':globally'; use Cwd qw(abs_path getcwd); use autouse 'Carp' => qw(longmess confess); use Scalar::Util 'reftype'; @@ -315,7 +316,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST # # Config options and global settings that are to be copied to output script # -our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/; +our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/; # # From parsing the capabilities file or detecting capabilities # @@ -648,6 +649,7 @@ our %eliminated = ( LOGRATE => 1, HIGH_ROUTE_MARKS => 1, BLACKLISTNEWONLY => 1, CHAIN_SCRIPTS => 1, + MODULE_SUFFIX => 1, ); # # Variables involved in ?IF, ?ELSE ?ENDIF processing @@ -848,7 +850,6 @@ sub initialize( $;$$) { BLACKLIST => undef, BLACKLISTNEWONLY => undef, DELAYBLACKLISTLOAD => undef, - MODULE_SUFFIX => undef, DISABLE_IPV6 => undef, DYNAMIC_ZONES => undef, PKTTYPE=> undef, @@ -4320,25 +4321,20 @@ sub load_kernel_modules( ) { close LSMOD; - $config{MODULE_SUFFIX} = 'ko ko.gz ko.xz o o.gz o.xz gz xz' unless $config{MODULE_SUFFIX}; - - my @suffixes = split /\s+/ , $config{MODULE_SUFFIX}; - + MODULE: while ( read_a_line( NORMAL_READ ) ) { fatal_error "Invalid modules file entry" unless ( $currentline =~ /^loadmodule\s+([a-zA-Z]\w*)\s*(.*)$/ ); my ( $module, $arguments ) = ( $1, $2 ); unless ( $loadedmodules{ $module } ) { - for my $directory ( @moduledirectories ) { - for my $suffix ( @suffixes ) { - my $modulefile = "$directory/$module.$suffix"; - if ( -f $modulefile ) { - if ( $moduleloader eq 'insmod' ) { - system ("insmod $modulefile $arguments" ); - } else { - system( "modprobe $module $arguments" ); - } - + if ( $moduleloader eq 'modprobe' ) { + system( "modprobe -q $module $arguments" ); + $loadedmodules{ $module } = 1; + } else { + for my $directory ( @moduledirectories ) { + for my $modulefile ( <$directory/$module.*> ) { + system ("insmod $modulefile $arguments" ); $loadedmodules{ $module } = 1; + next MODULE; } } } @@ -6070,7 +6066,6 @@ sub get_configuration( $$$$ ) { # # get_capabilities requires that the true settings of these options be established # - default 'MODULE_PREFIX', 'ko ko.gz o o.gz gz'; default_yes_no 'LOAD_HELPERS_ONLY' , 'Yes'; if ( ! $export && $> == 0 ) { diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf index 789684b07..358570514 100644 --- a/Shorewall/Samples/Universal/shorewall.conf +++ b/Shorewall/Samples/Universal/shorewall.conf @@ -205,8 +205,6 @@ MINIUPNPD=No MARK_IN_FORWARD_CHAIN=No -MODULE_SUFFIX="ko ko.xz" - MULTICAST=No MUTEX_TIMEOUT=60 diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf index b5b56f10c..6cc8f09ee 100644 --- a/Shorewall/Samples/one-interface/shorewall.conf +++ b/Shorewall/Samples/one-interface/shorewall.conf @@ -216,8 +216,6 @@ MINIUPNPD=No MARK_IN_FORWARD_CHAIN=No -MODULE_SUFFIX="ko ko.xz" - MULTICAST=No MUTEX_TIMEOUT=60 diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf index 47a690f09..ce3a080bc 100644 --- a/Shorewall/Samples/three-interfaces/shorewall.conf +++ b/Shorewall/Samples/three-interfaces/shorewall.conf @@ -213,8 +213,6 @@ MINIUPNPD=No MARK_IN_FORWARD_CHAIN=No -MODULE_SUFFIX="ko ko.xz" - MULTICAST=No MUTEX_TIMEOUT=60 diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf index 327f9e88e..ed4ece56d 100644 --- a/Shorewall/Samples/two-interfaces/shorewall.conf +++ b/Shorewall/Samples/two-interfaces/shorewall.conf @@ -216,8 +216,6 @@ MINIUPNPD=No MARK_IN_FORWARD_CHAIN=No -MODULE_SUFFIX="ko ko.xz" - MULTICAST=No MUTEX_TIMEOUT=60 diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index 2a48e7071..2d3204c91 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -205,8 +205,6 @@ MARK_IN_FORWARD_CHAIN=No MINIUPNPD=No -MODULE_SUFFIX="ko ko.xz" - MULTICAST=No MUTEX_TIMEOUT=60 diff --git a/Shorewall/lib.cli-std b/Shorewall/lib.cli-std index 3022ab64c..f425381ce 100644 --- a/Shorewall/lib.cli-std +++ b/Shorewall/lib.cli-std @@ -1556,10 +1556,10 @@ remote_reload_command() # $* = original arguments less the command. progress_message "Getting Capabilities on system $system..." if [ $g_family -eq 4 ]; then - if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $g_shorewalldir/capabilities; then + if ! rsh_command "MODULESDIR=$MODULESDIR IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $g_shorewalldir/capabilities; then fatal_error "Capturing capabilities on system $system failed" fi - elif ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $g_shorewalldir/capabilities; then + elif ! rsh_command "MODULESDIR=$MODULESDIR IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $g_shorewalldir/capabilities; then fatal_error "Capturing capabilities on system $system failed" fi fi diff --git a/Shorewall/manpages/shorewall-modules.xml b/Shorewall/manpages/shorewall-modules.xml index 047de2795..e2047f6a5 100644 --- a/Shorewall/manpages/shorewall-modules.xml +++ b/Shorewall/manpages/shorewall-modules.xml @@ -51,7 +51,7 @@ The modulename names a kernel module (without suffix). Shorewall will search for modules based on your - MODULESDIR and MODULE_SUFFIX settings in shorewall.conf(8). The moduleoptions are passed to modprobe (if installed) or to insmod. diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml index ab821ea8c..731f44308 100644 --- a/Shorewall/manpages/shorewall.conf.xml +++ b/Shorewall/manpages/shorewall.conf.xml @@ -1892,18 +1892,6 @@ LOG:info:,bar net fw - - MODULE_SUFFIX=["extension ..."] - - - The value of this option determines the possible file - extensions of kernel modules. The default value is "ko ko.gz ko.xz o - o.gz o.xz gz xz". - - - MODULESDIR=[[+]pathname[ ] [ MODULESDIR= ] [ MODULE_SUFFIX="" ] shorecap > capabilities +# [ IPTABLES= ] [ MODULESDIR= ] shorecap > capabilities # # Now move the capabilities file to the compilation system. The file must # be placed in a directory on the CONFIG_PATH to be used when compiling firewalls @@ -38,7 +38,6 @@ # # IPTABLES - iptables # MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter -# MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz" # # Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is # used during firewall compilation, then the generated firewall program will likewise not diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf index f1750ccfb..f50885435 100644 --- a/Shorewall6/Samples6/Universal/shorewall6.conf +++ b/Shorewall6/Samples6/Universal/shorewall6.conf @@ -190,8 +190,6 @@ MARK_IN_FORWARD_CHAIN=No MINIUPNPD=No -MODULE_SUFFIX="ko ko.xz" - MUTEX_TIMEOUT=60 OPTIMIZE=All diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf index a6a1d7391..b67b031b5 100644 --- a/Shorewall6/Samples6/one-interface/shorewall6.conf +++ b/Shorewall6/Samples6/one-interface/shorewall6.conf @@ -191,8 +191,6 @@ MARK_IN_FORWARD_CHAIN=No MINIUPNPD=No -MODULE_SUFFIX="ko ko.xz" - MUTEX_TIMEOUT=60 OPTIMIZE=All diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf index 88cd85b6a..69301338b 100644 --- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf @@ -190,8 +190,6 @@ MARK_IN_FORWARD_CHAIN=No MINIUPNPD=No -MODULE_SUFFIX="ko ko.xz" - MUTEX_TIMEOUT=60 OPTIMIZE=All diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf index 00bfe6256..760f89ded 100644 --- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf @@ -190,8 +190,6 @@ MARK_IN_FORWARD_CHAIN=No MINIUPNPD=No -MODULE_SUFFIX="ko ko.xz" - MUTEX_TIMEOUT=60 OPTIMIZE=All diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf index 8a16d1bc8..0630dfad2 100644 --- a/Shorewall6/configfiles/shorewall6.conf +++ b/Shorewall6/configfiles/shorewall6.conf @@ -190,8 +190,6 @@ MARK_IN_FORWARD_CHAIN=No MINIUPNPD=No -MODULE_SUFFIX="ko ko.xz" - MUTEX_TIMEOUT=60 OPTIMIZE=All