Add missing 'sleep' when waiting for wildcard interface to come up

- Also reverse the order of test and sleep when waiting for a regular interface to come up. Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-03 08:06:58 -07:00 · 2012-07-03 07:16:49 -07:00 · 2012-06-28 07:16:54 -07:00 · 2012-06-27 11:35:56 -07:00 · 2012-06-25 15:01:39 -07:00 · 2012-06-23 17:24:57 -07:00
10 changed files with 43 additions and 32 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1038,6 +1038,7 @@ sub push_rule( $$ ) {
    push @{$chainref->{rules}}, $ruleref;
    $chainref->{referenced} = 1;
    $chainref->{optflags}  |= DONT_MOVE if ( $ruleref->{target} || '' ) eq 'RETURN';
    trace( $chainref, 'A', @{$chainref->{rules}}, "-A $chainref->{name} $_[1]" ) if $debug;
    $ruleref;
@@ -1229,6 +1230,7 @@ sub push_irule( $$$;@ ) {
    if ( $jump ) {
 	$ruleref->{jump}       = $jump;
 	$ruleref->{target}     = $target;
 	$chainref->{optflags} |= DONT_MOVE if $target eq 'RETURN';
 	$ruleref->{targetopts} = $targetopts if $targetopts;
    } else {
 	$ruleref->{target} = '';
@@ -4199,12 +4201,12 @@ sub do_user( $ ) {
 	if ( supplied $2 ) {
 	    $user  = $2;
-	    $user  = resolve_id( $user, 'user' ) unless $user =~ /\d+$/;
+	    $user  = resolve_id( $user, 'user' ) unless $user =~ /\d+(-\d+)?$/;
 	    $rule .= "${invert}--uid-owner $user ";
 	}
 	if ( $group ne '' ) {
-	    $group = resolve_id( $group, 'group' ) unless $group =~ /^\d+$/;
+	    $group = resolve_id( $group, 'group' ) unless $group =~ /^\d+(-\d+)?$/;
 	    $rule .= "${invert}--gid-owner $group ";
 	}
    } elsif ( $user =~ /^(!)?(.*)$/ ) {
@@ -4212,10 +4214,10 @@ sub do_user( $ ) {
 	$user   = $2;
 	fatal_error "Invalid USER/GROUP (!)" if $user eq '';
-	$user = resolve_id ($user, 'user' ) unless $user =~ /\d+$/;
+	$user = resolve_id ($user, 'user' ) unless $user =~ /\d+(-\d+)?$/;
 	$rule .= "${invert}--uid-owner $user ";
    } else {
-	$user  = resolve_id( $user, 'user' ) unless $user =~ /\d+$/;
+	$user  = resolve_id( $user, 'user' ) unless $user =~ /\d+(-\d+)?$/;
 	$rule .= "--uid-owner $user ";
    }
@@ -6057,7 +6059,7 @@ sub handle_exclusion( $$$$$$$$$$$$$$$$$$ ) {
 	#
 	my $echain = newexclusionchain( $table );
-	my $echainref = new_chain $table, $echain;
+	my $echainref = dont_move new_chain $table, $echain;
 	#
 	# Use the current rule and send all possible matches to the exclusion chain
 	#
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -1684,11 +1684,12 @@ sub process_conditional( $$$ ) {
    if ( $keyword =~ /^IF/ ) {
 	cond_error $linenumber, "Missing IF variable" unless $rest;
 	my $invert = $rest =~ s/^!\s*//;
 	cond_error $linenumber, "Invalid IF variable ($rest)" unless ($rest =~ s/^\$// || $rest =~ /^__/ ) && $rest =~ /^\w+$/;
 	push @ifstack, [ 'IF', $omitting, $omitting, $linenumber ];
 	$lastomit = $omitting;
 	if ( $rest eq '__IPV6' ) {
 	    $omitting = $family == F_IPV4;
 	} elsif ( $rest eq '__IPV4' ) {
@@ -4185,10 +4186,10 @@ sub get_configuration( $$$ ) {
    }
    if ( ( my $userbits = $config{PROVIDER_OFFSET} - $config{TC_BITS} ) > 0 ) {
 	$globals{USER_MASK} = make_mask( $userbits ) << $config{TC_BITS};
 	$globals{USER_BITS} = $userbits;
    } else {
-	$globals{USER_MASK} = 0;
+	$globals{USER_MASK} = $globals{USER_BITS} = 0;
    }
    if ( supplied ( $val = $config{ZONE2ZONE} ) ) {
@@ -4606,7 +4607,7 @@ sub dump_mark_layout() {
 	     $globals{TC_MASK} );
    dumpout( "User",
-	     $globals{USER_MASK},
+	     $globals{USER_BITS},
 	     $globals{TC_MAX} + 1,
 	     $globals{USER_MASK},
 	     $globals{USER_MASK} );
@@ -4628,6 +4629,12 @@ sub dump_mark_layout() {
 	     $globals{EXCLUSION_MASK},
 	     $globals{EXCLUSION_MASK},
 	     $globals{EXCLUSION_MASK} );
    dumpout( "TProxy",
 	     1,
 	     $globals{TPROXY_MARK},
 	     $globals{TPROXY_MARK},
 	     $globals{TPROXY_MARK} );
 }
 END {
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -61,10 +61,10 @@ my  @load_interfaces;
 my $balancing;
 my $fallback;
 my $metrics;
 my $first_default_route;
 my $first_fallback_route;
 my $maxload;
 my $tproxies;
 my %providers;
@@ -97,10 +97,10 @@ sub initialize( $ ) {
    @load_interfaces        = ();
    $balancing              = 0;
    $fallback               = 0;
    $metrics                = 0;
    $first_default_route    = 1;
    $first_fallback_route   = 1;
    $maxload                = 0;
    $tproxies               = 0;
    %providers  = ( local   => { number => LOCAL_TABLE   , mark => 0 , optional => 0 ,routes => [], rules => [] } ,
 		    main    => { number => MAIN_TABLE    , mark => 0 , optional => 0 ,routes => [], rules => [] } ,
@@ -464,10 +464,11 @@ sub process_a_provider() {
    }
    if ( $local ) {
-	fatal_error "GATEWAY not valid with 'local' provider" unless $gatewaycase eq 'none';
+	fatal_error "GATEWAY not valid with 'local' provider"  unless $gatewaycase eq 'none';
-	fatal_error "'track' not valid with 'local'"          if $track;
+	fatal_error "'track' not valid with 'local'"           if $track;
-	fatal_error "DUPLICATE not valid with 'local'"        if $duplicate ne '-';
+	fatal_error "DUPLICATE not valid with 'local'"         if $duplicate ne '-';
    } elsif ( $tproxy ) {
 	fatal_error "Only one 'tproxy' provider is allowed"    if $tproxies++;
 	fatal_error "GATEWAY not valid with 'tproxy' provider" unless $gatewaycase eq 'none';
 	fatal_error "'track' not valid with 'tproxy'"          if $track;
 	fatal_error "DUPLICATE not valid with 'tproxy'"        if $duplicate ne '-';
@@ -710,8 +711,6 @@ CEOF
 	    emit qq(run_ip route add default table ) . DEFAULT_TABLE . qq( dev $physical metric $number);
 	    emit qq(echo "qt \$IP -$family route del default dev $physical table ) . DEFAULT_TABLE . qq(" >> \${VARDIR}/undo_${table}_routing);
 	}
 	$metrics = 1;
    }
    emit( qq(\n) ,
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -1642,7 +1642,7 @@ sub process_tcpri() {
 			);
 	    add_ijump( $mangle_table->{tcpost} ,
-		       j    => 'CONNMARK --save-mark --ctmask '    . in_hex( $globals{TC_MASK} ),
+		       j    => 'CONNMARK --save-mark --mask '    . in_hex( $globals{TC_MASK} ),
 		       mark => '! --mark 0/' . in_hex( $globals{TC_MASK} )
 		     );
 	}
@@ -1739,8 +1739,9 @@ sub process_traffic_shaping() {
 	    handle_in_bandwidth( $device, $devref->{in_bandwidth} );
 	    for my $rdev ( @{$devref->{redirected}} ) {
-		emit ( "run_tc qdisc add dev $rdev handle ffff: ingress" );
+		my $phyrdev = get_physical( $rdev );
-		emit( "run_tc filter add dev $rdev parent ffff: protocol all u32 match u32 0 0 action mirred egress redirect dev $device > /dev/null" );
+		emit ( "run_tc qdisc add dev $phyrdev handle ffff: ingress" );
 		emit( "run_tc filter add dev $phyrdev parent ffff: protocol all u32 match u32 0 0 action mirred egress redirect dev $device > /dev/null" );
 	    }
 	    for my $class ( @tcclasses ) {
@@ -1764,7 +1765,7 @@ sub process_traffic_shaping() {
 		my $rate     = "$tcref->{rate}kbit";
 		my $quantum  = calculate_quantum $rate, calculate_r2q( $devref->{out_bandwidth} );
-		$classids{$classid}=$device;
+		$classids{$classid}=$devname;
 		my $priority = $tcref->{priority} << 8;
 		my $parent   = in_hexp $tcref->{parent};
@@ -1855,7 +1856,7 @@ sub process_traffic_shaping() {
 		my $devicenumber  = in_hexp $devref->{number};
 		my $classid  = join( ':', $devicenumber, $classnum);
-		$classids{$classid}=$device;
+		$classids{$classid}=$devname;
 	    }
 	}
    }
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -1622,16 +1622,16 @@ sub verify_required_interfaces( $ ) {
 		my $physical = get_physical $interface;
 		if ( $physical =~ /\+$/ ) {
 		    my $base = uc chain_base $physical;
 		    $physical =~ s/\+$/*/;
-		    emit( 'for interface in $(find_all_interfaces); do',
+		    emit( "waittime=$wait",
 			  '',
 			  'for interface in $(find_all_interfaces); do',
 			  '    case $interface in',
 			  "        $physical)",
 			  "            waittime=$wait",
 			  '            while [ $waittime -gt 0 ]; do',
 			  '                interface_is_usable $interface && break',
 			  '                sleep 1',
 			  '                waittime=$(($waittime - 1))',
 			  '            done',
 			  '            ;;',
@@ -1644,8 +1644,8 @@ sub verify_required_interfaces( $ ) {
 		    emit qq(    waittime=$wait);
 		    emit  '';
 		    emit  q(    while [ $waittime -gt 0 ]; do);
 		    emit qq(        interface_is_usable $physical && break);
 		    emit  q(        sleep 1);
 		    emit qq(        interface_is_usable $physical && break);
 		    emit   '        waittime=$(($waittime - 1))';
 		    emit  q(    done);
 		    emit  q(fi);
--- a/Shorewall/Perl/lib.core
+++ b/Shorewall/Perl/lib.core
@@ -344,7 +344,7 @@ replace_default_route() # $1 = USE_DEFAULT_RT
 #
 delete_default_routes() # $1 = table number
 {
-    $IP -$g_family route ls table $1 | fgrep default | fgrep -v metric | while read route; do
+    $IP -$g_family -o route ls table $1 | fgrep default | fgrep -v metric | while read route; do
 	qt $IP -$g_family route del $route
    done
 } 
--- a/Shorewall/manpages/shorewall-providers.xml
+++ b/Shorewall/manpages/shorewall-providers.xml
@@ -280,7 +280,8 @@
                url="http://www.shorewall.net/Shorewall_Squid_Usage.html">http://www.shorewall.net/Shorewall_Squid_Usage.html</ulink>.
                When specified, the MARK, DUPLICATE and GATEWAY columns should
                be empty, INTERFACE should be set to 'lo' and
-                <option>tproxy</option> should be the only OPTION.</para>
+                <option>tproxy</option> should be the only OPTION. Only one
                <option>tproxy</option> provider is allowed.</para>
              </listitem>
            </varlistentry>
          </variablelist>
--- a/Shorewall/manpages/shorewall-tcfilters.xml
+++ b/Shorewall/manpages/shorewall-tcfilters.xml
@@ -35,7 +35,7 @@
        <term>IPV4</term>
        <listitem>
-          <para>Following entriess apply to IPv4.</para>
+          <para>Following entries apply to IPv4.</para>
        </listitem>
      </varlistentry>
--- a/Shorewall6/manpages/shorewall6-providers.xml
+++ b/Shorewall6/manpages/shorewall6-providers.xml
@@ -255,7 +255,8 @@
                url="http://www.shorewall.net/Shorewall_Squid_Usage.html">http://www.shorewall.net/Shorewall_Squid_Usage.html</ulink>.
                When specified, the MARK, DUPLICATE and GATEWAY columns should
                be empty, INTERFACE should be set to 'lo' and
-                <option>tproxy</option> should be the only OPTION.</para>
+                <option>tproxy</option> should be the only OPTION. Only one
                <option>tproxy</option> provider is allowed.</para>
              </listitem>
            </varlistentry>
          </variablelist>
--- a/Shorewall6/manpages/shorewall6-tcfilters.xml
+++ b/Shorewall6/manpages/shorewall6-tcfilters.xml
@@ -35,7 +35,7 @@
        <term>IPV4</term>
        <listitem>
-          <para>Following entriess apply to IPv4.</para>
+          <para>Following entries apply to IPv4.</para>
        </listitem>
      </varlistentry>
@@ -235,6 +235,6 @@
    <para><ulink
    url="http://shorewall.net/PacketMarking.html">http://shorewall.net/PacketMarking.html</ulink></para>
-    <para></para>
+    <para/>
  </refsect1>
 </refentry>
Author	SHA1	Message	Date
Tom Eastep	add3d0169d	Add missing 'sleep' when waiting for wildcard interface to come up - Also reverse the order of test and sleep when waiting for a regular interface to come up. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-07-03 08:06:58 -07:00
Tom Eastep	daa91bc56b	Add missing 'sleep' when waiting for wildcard interface to come up - Also reverse the order of test and sleep when waiting for a regular interface to come up. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-07-03 07:16:49 -07:00
Tom Eastep	ccd56e9370	Ensure that exclusion chains have DONT_MOVE Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-28 07:16:54 -07:00
Tom Eastep	bf254a1b24	Correct another logical name bug -- this time in TC Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-27 11:35:56 -07:00
Tom Eastep	7428d46a4c	Another fix for nested conditionals. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-25 15:01:39 -07:00
Tom Eastep	8ab22755f6	Prevent multiple 'tproxy' providers Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-23 17:24:57 -07:00
Tom Eastep	7dd9eb0732	Add TPROXY_MARK to the output of 'shorewall show marks' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-23 08:11:16 -07:00
Tom Eastep	429b1c7e18	Don't use '--ctmark' when saving marks Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-20 13:28:59 -07:00
Tom Eastep	7947206eb2	Apply user/group Id range patch from Gergely Risko Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-19 06:15:53 -07:00
Tom Eastep	312cb7c6e1	Fix a typo in the tcfilters manpages. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-14 13:12:15 -07:00
Tom Eastep	b2195c92d6	Delete $metrics in the Providers module Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-14 07:16:19 -07:00
Tom Eastep	007d58e113	Use the -o ip option in delete_default_routes() so that multi-hop routes stay intact. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-14 07:00:20 -07:00
Tom Eastep	914988bdc2	Make IFB work with logical interface names. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-13 14:59:30 -07:00