holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Change ROUTE_BALANCE to USE_DEFAULT_RT

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8606 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-07-06 15:54:20 +00:00
parent 5cff200a9c
commit a01d47579d
5 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/changelog.txt
View File

@ -4,7 +4,7 @@ Changes in 4.2.0-Beta3
2) Don't assume -f in /etc/init.d/shorewall-lite 2) Don't assume -f in /etc/init.d/shorewall-lite
3) Implement ROUTE_BALANCE 3) Implement USE_DEFAULT_RT
Changes in 4.2.0-Beta2 Changes in 4.2.0-Beta2

9
Shorewall-common/releasenotes.txt
View File

@ -92,17 +92,22 @@ Other Changes in Shoreall 4.2.0 Beta 3.
default for '/etc/init.d/shorewall start'. Beginning with 4.0.13 default for '/etc/init.d/shorewall start'. Beginning with 4.0.13
and 4.2.0-Beta3, this is also true for Shoreawall-lite. and 4.2.0-Beta3, this is also true for Shoreawall-lite.
2) A new ROUTE_BALANCE option has been added to shorewall.conf. When 2) A new USE_DEFAULT_RT option has been added to shorewall.conf. When
set to 'Yes', it causes the Shorewall multi-ISP feature to create set to 'Yes', it causes the Shorewall multi-ISP feature to create
a different set of routing rules which are resilient to changes in a different set of routing rules which are resilient to changes in
the main routing table. Such changes can occur for a number of the main routing table. Such changes can occur for a number of
reasons, VPNs going up and down being an example. reasons, VPNs going up and down being an example.
The USE_DEFAULT_RT option is currently classified as
EXPERIMENTAL. As a consequence, if you have a problem with it, the
Shorewall support team may not be able to supply you with a
solution.
The idea is to send packets through the main table prior to The idea is to send packets through the main table prior to
applying any of the Shorewall-generated routing rules. So changes applying any of the Shorewall-generated routing rules. So changes
to the main table will affect the routing of packets by default. to the main table will affect the routing of packets by default.
When ROUTE_BALANCE=Yes: When USE_DEFAULT_RT=Yes:
a) Both the DUPLICATE and the COPY columns in the providers file a) Both the DUPLICATE and the COPY columns in the providers file
must remain empty (or contain "-"). must remain empty (or contain "-").

2
Shorewall-common/shorewall.conf
View File

@ -184,7 +184,7 @@ AUTO_COMMENT=Yes
MANGLE_ENABLED=Yes MANGLE_ENABLED=Yes
ROUTE_BALANCE=No USE_DEFAULT_RT=No
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N

4
Shorewall-perl/Shorewall/Config.pm
View File

@ -366,7 +366,7 @@ sub initialize() {
AUTO_COMMENT => undef , AUTO_COMMENT => undef ,
MANGLE_ENABLED => undef , MANGLE_ENABLED => undef ,
NULL_ROUTE_RFC1918 => undef , NULL_ROUTE_RFC1918 => undef ,
ROUTE_BALANCE => undef , USE_DEFAULT_RT => undef ,
# #
# Packet Disposition # Packet Disposition
# #
@ -1913,7 +1913,7 @@ sub get_configuration( $ ) {
default_yes_no 'MARK_IN_FORWARD_CHAIN' , ''; default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';
default_yes_no 'MANGLE_ENABLED' , 'Yes'; default_yes_no 'MANGLE_ENABLED' , 'Yes';
default_yes_no 'NULL_ROUTE_RFC1918' , ''; default_yes_no 'NULL_ROUTE_RFC1918' , '';
default_yes_no 'ROUTE_BALANCE' , ''; default_yes_no 'USE_DEFAULT_RT' , '';
$capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK}; $capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK};

14
Shorewall-perl/Shorewall/Providers.pm
View File

@ -228,7 +228,7 @@ sub add_a_provider( $$$$$$$$ ) {
emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing"; emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing";
if ( $gateway eq 'detect' ) { if ( $gateway eq 'detect' ) {
fatal_error "'detect' is not allowed with ROUTE_BALANCE=Yes" if $config{ROUTE_BALANCE}; fatal_error "'detect' is not allowed with USE_DEFAULT_RT=Yes" if $config{USE_DEFAULT_RT};
$gateway = get_interface_gateway $interface; $gateway = get_interface_gateway $interface;
} elsif ( $gateway && $gateway ne '-' ) { } elsif ( $gateway && $gateway ne '-' ) {
validate_address $gateway, 0; validate_address $gateway, 0;
@ -267,7 +267,7 @@ sub add_a_provider( $$$$$$$$ ) {
); );
} }
my ( $loose, $track, $balance , $optional, $mtu ) = (0,0,$config{ROUTE_BALANCE} ? 1 : 0,interface_is_optional( $interface ), '' ); my ( $loose, $track, $balance , $optional, $mtu ) = (0,0,$config{USE_DEFAULT_RT} ? 1 : 0,interface_is_optional( $interface ), '' );
unless ( $options eq '-' ) { unless ( $options eq '-' ) {
for my $option ( split_list $options, 'option' ) { for my $option ( split_list $options, 'option' ) {
@ -279,7 +279,7 @@ sub add_a_provider( $$$$$$$$ ) {
$balance = 1; $balance = 1;
} elsif ( $option eq 'loose' ) { } elsif ( $option eq 'loose' ) {
$loose = 1; $loose = 1;
$balance = 0 if $config{ROUTE_BALANCE}; $balance = 0 if $config{USE_DEFAULT_RT};
} elsif ( $option eq 'optional' ) { } elsif ( $option eq 'optional' ) {
set_interface_option $interface, 'optional', 1; set_interface_option $interface, 'optional', 1;
$optional = 1; $optional = 1;
@ -324,7 +324,7 @@ sub add_a_provider( $$$$$$$$ ) {
} }
if ( $duplicate ne '-' ) { if ( $duplicate ne '-' ) {
fatal_error "The DUPLICATE column must be empty when ROUTE_BALANCE=Yes" if $config{ROUTE_BALANCE}; fatal_error "The DUPLICATE column must be empty when USE_DEFAULT_RT=Yes" if $config{USE_DEFAULT_RT};
if ( $copy eq '-' ) { if ( $copy eq '-' ) {
copy_table ( $duplicate, $number, $realm ); copy_table ( $duplicate, $number, $realm );
} else { } else {
@ -337,7 +337,7 @@ sub add_a_provider( $$$$$$$$ ) {
copy_and_edit_table( $duplicate, $number ,$copy , $realm); copy_and_edit_table( $duplicate, $number ,$copy , $realm);
} }
} else { } else {
fatal_error "The COPY column must be empty when ROUTE_BALANCE=Yes" if $config{ROUTE_BALANCE} && $copy ne '-'; fatal_error "The COPY column must be empty when USE_DEFAULT_RT=Yes" if $config{USE_DEFAULT_RT} && $copy ne '-';
fatal_error 'A non-empty COPY column requires that a routing table be specified in the DUPLICATE column' if $copy ne '-'; fatal_error 'A non-empty COPY column requires that a routing table be specified in the DUPLICATE column' if $copy ne '-';
} }
@ -529,7 +529,7 @@ sub setup_providers() {
if ( $balance ) { if ( $balance ) {
my $table = 254; # Main my $table = 254; # Main
if ( $config{ROUTE_BALANCE} ) { if ( $config{USE_DEFAULT_RT} ) {
emit ( 'run_ip rule add from all table 254 pref 999', emit ( 'run_ip rule add from all table 254 pref 999',
'ip rule del from all table 254 pref 32766', 'ip rule del from all table 254 pref 32766',
'echo "qt ip rule add from all table 254 pref 32766" >> ${VARDIR}/undo_routing', 'echo "qt ip rule add from all table 254 pref 32766" >> ${VARDIR}/undo_routing',
@ -540,7 +540,7 @@ sub setup_providers() {
emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' ); emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' );
emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" );
emit ( ' qt ip route del default table 254' ) if $config{ROUTE_BALANCE}; emit ( ' qt ip route del default table 254' ) if $config{USE_DEFAULT_RT};
emit ( " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"", emit ( " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
'else', 'else',
' error_message "WARNING: No Default route added (all \'balance\' providers are down)"', ' error_message "WARNING: No Default route added (all \'balance\' providers are down)"',