holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Improve dynamic gateway detection

Browse Source 
- Use provider's routing table, if any

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-08-23 15:04:47 -07:00
parent 90f33dd436
commit b54a691110
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
3 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -7065,6 +7065,8 @@ sub interface_gateway( $ ) {
sub get_interface_gateway ( $;$$ ) { sub get_interface_gateway ( $;$$ ) {
my ( $logical, $protect, $provider ) = @_; my ( $logical, $protect, $provider ) = @_;
$provider = '' unless defined $provider;
my $interface = get_physical $logical; my $interface = get_physical $logical;
my $variable = interface_gateway( $interface ); my $variable = interface_gateway( $interface );
my $gateway = get_interface_option( $interface, 'gateway' ); my $gateway = get_interface_option( $interface, 'gateway' );
@ -7078,9 +7080,9 @@ sub get_interface_gateway ( $;$$ ) {
} }
if ( interface_is_optional $logical ) { if ( interface_is_optional $logical ) {
$interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface)); $interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface $provider));
} else { } else {
$interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface) $interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface $provider)
[ -n "\$$variable" ] || startup_error "Unable to detect the gateway through interface $interface"); [ -n "\$$variable" ] || startup_error "Unable to detect the gateway through interface $interface");
} }

2
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -502,7 +502,7 @@ sub process_a_provider( $ ) {
if ( ( $gw = lc $gateway ) eq 'detect' ) { if ( ( $gw = lc $gateway ) eq 'detect' ) {
fatal_error "Configuring multiple providers through one interface requires an explicit gateway" if $shared; fatal_error "Configuring multiple providers through one interface requires an explicit gateway" if $shared;
$gateway = get_interface_gateway( $interface, undef, 1 ); $gateway = get_interface_gateway( $interface, undef, $number );
$gatewaycase = 'detect'; $gatewaycase = 'detect';
set_interface_option( $interface, 'gateway', 'detect' ); set_interface_option( $interface, 'gateway', 'detect' );
} elsif ( $gw eq 'none' ) { } elsif ( $gw eq 'none' ) {

6
Shorewall/Perl/lib.runtime
View File

@ -421,7 +421,7 @@ restore_default_route() # $1 = USE_DEFAULT_RT
conditionally_flush_conntrack() { conditionally_flush_conntrack() {
if [ -n "$g_purge" ]; then if [ -n "$g_purge" ]; then
if [ -n $(mywhich conntrack) ]; then if [ -n "$(mywhich conntrack)" ]; then
conntrack -F conntrack -F
else else
error_message "WARNING: The '-p' option requires the conntrack utility which does not appear to be installed on this system" error_message "WARNING: The '-p' option requires the conntrack utility which does not appear to be installed on this system"
@ -899,7 +899,7 @@ detect_dynamic_gateway() { # $1 = interface
# #
# Detect the gateway through an interface # Detect the gateway through an interface
# #
detect_gateway() # $1 = interface detect_gateway() # $1 = interface $2 = table number
{ {
local interface local interface
interface=$1 interface=$1
@ -912,6 +912,8 @@ detect_gateway() # $1 = interface
# Maybe there's a default route through this gateway already # Maybe there's a default route through this gateway already
# #
[ -n "$gateway" ] || gateway=$(find_gateway $($IP -4 route list dev $interface | grep ^default)) [ -n "$gateway" ] || gateway=$(find_gateway $($IP -4 route list dev $interface | grep ^default))
[ -z "$gateway" -a -n "$2" ] && gateway=$(find_gateway $($IP -4 route list dev $interface table $2 | grep ^default))
# #
# Last hope -- is there a load-balancing route through the interface? # Last hope -- is there a load-balancing route through the interface?
# #