From ec04636c8625f729396bff3c3f40b4bd5e3f448c Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 20 Apr 2009 08:30:15 -0700 Subject: [PATCH] Correct handling of optional shared providers --- Shorewall/Perl/Shorewall/Providers.pm | 50 +++++++++++++++++++-------- 1 file changed, 35 insertions(+), 15 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index ae9dda2f0..dd5de0820 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -264,26 +264,28 @@ sub add_a_provider( $$$$$$$$ ) { fatal_error "Unknown Interface ($interface)" unless known_interface $interface; - my $provider = chain_base $table; - my $base = uc chain_base $interface; + my $provider = chain_base $table; + my $base = uc chain_base $interface; + my $gatewaycase = ''; if ( $gateway eq 'detect' ) { fatal_error "Configuring multiple providers through one interface requires an explicit gateway" if $shared; $gateway = get_interface_gateway $interface; - start_provider( $table, $number, qq(if interface_is_usable $interface && [ -n "$gateway" ]; then) ); + $gatewaycase = 'detect'; } else { - start_provider( $table, $number, "if interface_is_usable $interface; then" ); if ( $gateway && $gateway ne '-' ) { validate_address $gateway, 0; + $gatewaycase = 'specified'; } else { + $gatewaycase = 'none'; fatal_error "Configuring multiple providers through one interface requires a gateway" if $shared; $gateway = ''; - emit "run_ip route add default dev $interface table $number"; } } my $val = 0; + my $pref; if ( $mark ne '-' ) { @@ -303,13 +305,8 @@ sub add_a_provider( $$$$$$$$ ) { fatal_error "Duplicate mark value ($mark)" if $providerref->{mark} == $val; } - my $pref = 10000 + $number - 1; + $pref = 10000 + $number - 1; - emit ( "qt \$IP -$family rule del fwmark $mark" ) if $config{DELETE_THEN_ADD}; - - emit ( "run_ip rule add fwmark $mark pref $pref table $number", - "echo \"qt \$IP -$family rule del fwmark $mark\" >> \${VARDIR}/undo_routing" - ); } my ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu ) = (0,0,0,0,$config{USE_DEFAULT_RT} ? 1 : 0,interface_is_optional( $interface ), '' ); @@ -384,8 +381,22 @@ sub add_a_provider( $$$$$$$$ ) { my $realm = ''; if ( $shared ) { - $providers{$table}{mac} = get_interface_mac( $gateway, $interface , $table ); + my $variable = $providers{$table}{mac} = get_interface_mac( $gateway, $interface , $table ); $realm = "realm $number"; + start_provider( $table, $number, qq(if interface_is_usable $interface && [ -n "$variable" ]; then) ); + } elsif ( $gatewaycase eq 'detect' ) { + start_provider( $table, $number, qq(if interface_is_usable $interface && [ -n "$gateway" ]; then) ); + } else { + start_provider( $table, $number, "if interface_is_usable $interface; then" ); + emit "run_ip route add default dev $interface table $number" if $gatewaycase eq 'none'; + } + + if ( $mark ne '-' ) { + emit ( "qt \$IP -$family rule del fwmark $mark" ) if $config{DELETE_THEN_ADD}; + + emit ( "run_ip rule add fwmark $mark pref $pref table $number", + "echo \"qt \$IP -$family rule del fwmark $mark\" >> \${VARDIR}/undo_routing" + ); } if ( $duplicate ne '-' ) { @@ -461,10 +472,19 @@ sub add_a_provider( $$$$$$$$ ) { emit 'else'; if ( $optional ) { - emit ( " error_message \"WARNING: Interface $interface is not usable -- Provider $table ($number) not Added\"", - " ${base}_IS_UP=" ); + if ( $shared ) { + emit ( " error_message \"WARNING: Interface $interface is not usable -- Provider $table ($number) not Added\"" ); + } else { + emit ( " error_message \"WARNING: Gateway $gateway is not reachable -- Provider $table ($number) not Added\"" ); + } + + emit( " ${base}_IS_UP=" ); } else { - emit( " fatal_error \"Interface $interface is not usable -- Provider $table ($number) Cannot be Added\"" ); + if ( $shared ) { + emit( " fatal_error \"Gateway $gateway is not reachable -- Provider $table ($number) Cannot be Added\"" ); + } else { + emit( " fatal_error \"Interface $interface is not usable -- Provider $table ($number) Cannot be Added\"" ); + } } emit "fi\n";