Correct configure and configure.pl to output SPARSE

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/configure

@@ -181,6 +181,7 @@ for on in \
     SYSTEMD \
     SYSCONFFILE \
     SYSCONFDIR \
+    SPARSE \
     ANNOTATED \
     VARDIR
 do

Shorewall-core/configure.pl

@@ -140,6 +140,7 @@ for ( qw/ HOST
 	  SYSTEMD
 	  SYSCONFFILE
 	  SYSCONFDIR
+	  SPARSE
 	  ANNOTATED
 	  VARDIR / ) {
 

Shorewall/Perl/Shorewall/Config.pm

@@ -1030,7 +1030,9 @@ sub normalize_hex( $ ) {
 # Return the argument expressed in Hex
 #
 sub in_hex( $ ) {
-    sprintf '0x%x', $_[0];
+    my $value = $_[0];
+
+    $value =~ /^0x/ ? $value : sprintf '0x%x', $_[0];
 }
 
 sub in_hex2( $ ) {
@@ -1661,7 +1663,7 @@ sub process_conditional( $$$ ) {
 
 	fatal_error "Invalid IF variable ($rest)" unless ($rest =~ s/^\$// || $rest =~ /^__/ ) && $rest =~ /^\w+$/;
 
-	push @ifstack, [ 'IF', $lastomit, $omitting, $linenumber ];
+	push @ifstack, [ 'IF', $omitting, $omitting, $linenumber ];
 
 	if ( $rest eq '__IPV6' ) {
 	    $omitting = $family == F_IPV4;

Shorewall/Perl/Shorewall/Providers.pm

@@ -632,12 +632,13 @@ CEOF
     setup_interface_proc( $interface );
 
     if ( $mark ne '-' ) {
+	my $hexmark = in_hex( $mark );
 	my $mask = have_capability 'FWMARK_RT_MASK' ? '/' . in_hex $globals{PROVIDER_MASK} : '';
 
-	emit ( "qt \$IP -$family rule del fwmark ${mark}${mask}" ) if $config{DELETE_THEN_ADD};
+	emit ( "qt \$IP -$family rule del fwmark ${hexmark}${mask}" ) if $config{DELETE_THEN_ADD};
 
-	emit ( "run_ip rule add fwmark ${mark}${mask} pref $pref table $number",
-	       "echo \"qt \$IP -$family rule del fwmark ${mark}${mask}\" >> \${VARDIR}/undo_${table}_routing"
+	emit ( "run_ip rule add fwmark ${hexmark}${mask} pref $pref table $number",
+	       "echo \"qt \$IP -$family rule del fwmark ${hexmark}${mask}\" >> \${VARDIR}/undo_${table}_routing"
 	     );
     }
 
@@ -761,7 +762,7 @@ CEOF
 		if ( $gateway ) {
 		    emit qq(add_gateway "via $gateway dev $physical $realm" ) . $tbl;
 		} else {
-		    emit qq(add_gateway "nexthop dev $physical $realm" ) . $tbl;
+		    emit qq(add_gateway "dev $physical $realm" ) . $tbl;
 		}
 	    }
 	    	} else {
@@ -863,7 +864,8 @@ CEOF
 		  "qt \$TC qdisc del dev $physical ingress\n" ) if $tcdevices->{$interface};
 	}
 
-	emit( "progress_message2 \"   Provider $table ($number) stopped\"" );
+	emit( "echo 1 > \${VARDIR}/${physical}.status",
+	      "progress_message2 \"   Provider $table ($number) stopped\"" );
 
 	pop_indent;
 
@@ -1116,6 +1118,10 @@ sub finish_providers() {
 	       '# We don\'t have any \'balance\' providers so we restore any default route that we\'ve saved',
 	       '#',
 	       "restore_default_route $config{USE_DEFAULT_RT}" ,
+	       '#',
+	       '# And delete any routes in the \'balance\' table',
+	       '#',
+	       "qt \$IP -$family route del default table " . BALANCE_TABLE,
 	       '' );
     }
 

Shorewall/lib.core

@@ -176,8 +176,28 @@ interface_is_up() {
 #
 interface_is_usable() # $1 = interface
 {
-    [ "$1" = lo ] && return 0
-    interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != :: ] && run_isusable_exit $1
+    local status;
+    status=0
+
+    if [ "$1" != lo ]; then
+	if [ $g_family -eq 4 ]; then
+	    if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != 0.0.0.0 ]; then
+		[ "$COMMAND" = enable ] || run_isusable_exit $1
+		status=$?
+	    else
+		status=1
+	    fi
+	else
+	    if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" ]; then
+		[ "$COMMAND" = enable ] || run_isusable_exit $1
+		status=$?
+	    else
+		status=1
+	    fi
+	fi
+    fi
+
+    return $status
 }
 
 #

Shorewall/manpages/shorewall-tcrules.xml

@@ -407,39 +407,6 @@ SAME              $FW            0.0.0.0/0    tcp        80,443</programlisting>
               classes will have a value &gt; 256.</para>
             </listitem>
 
-            <listitem>
-              <para><emphasis
-              role="bold">TPROXY</emphasis>(<replaceable>mark</replaceable>[/<replaceable>mask</replaceable>][,[<replaceable>port</replaceable>][,[<replaceable>address</replaceable>]]])</para>
-
-              <para>Transparently redirects a packet without altering the IP
-              header. Requires a local provider to be defined in <ulink
-              url="shorewall-providers.html">shorewall-providers</ulink>(5).</para>
-
-              <para>There are three parameters to TPROXY - only the first
-              (mark) is required:</para>
-
-              <itemizedlist>
-                <listitem>
-                  <para><replaceable>mark</replaceable> - the MARK value
-                  corresponding to the local provider in <ulink
-                  url="shorewall-providers.html">shorewall-providers</ulink>(5).</para>
-                </listitem>
-
-                <listitem>
-                  <para><replaceable>port</replaceable> - the port on which
-                  the proxy server is listening. If omitted, the original
-                  destination port.</para>
-                </listitem>
-
-                <listitem>
-                  <para><replaceable>address</replaceable> - a local (to the
-                  firewall) IP address on which the proxy server is listening.
-                  If omitted, the IP address of the interface on which the
-                  request arrives.</para>
-                </listitem>
-              </itemizedlist>
-            </listitem>
-
             <listitem>
               <para><emphasis role="bold">TTL</emphasis>([<emphasis
               role="bold">-</emphasis>|<emphasis

Shorewall6/manpages/shorewall6-tcrules.xml

@@ -304,39 +304,6 @@ SAME              $FW            0.0.0.0/0    tcp        80,443</programlisting>
               simply include COMMENT on a line by itself.</para>
             </listitem>
 
-            <listitem>
-              <para><emphasis
-              role="bold">TPROXY</emphasis>(<replaceable>mark</replaceable>[/<replaceable>mask</replaceable>][,[<replaceable>port</replaceable>][,[<replaceable>address</replaceable>]]])</para>
-
-              <para>Transparently redirects a packet without altering the IP
-              header. Requires a local provider to be defined in <ulink
-              url="shorewall6-providers.html">shorewall6-providers</ulink>(5).</para>
-
-              <para>There are three parameters to TPROXY - only the first
-              (mark) is required:</para>
-
-              <itemizedlist>
-                <listitem>
-                  <para><replaceable>mark</replaceable> - the MARK value
-                  corresponding to the local provider in <ulink
-                  url="shorewall6-providers.html">shorewall6-providers</ulink>(5).</para>
-                </listitem>
-
-                <listitem>
-                  <para><replaceable>port</replaceable> - the port on which
-                  the proxy server is listening. If omitted, the original
-                  destination port.</para>
-                </listitem>
-
-                <listitem>
-                  <para><replaceable>address</replaceable> - a local (to the
-                  firewall) IP address on which the proxy server is listening.
-                  If omitted, the IP address of the interface on which the
-                  request arrives.</para>
-                </listitem>
-              </itemizedlist>
-            </listitem>
-
             <listitem>
               <para><emphasis role="bold">HL</emphasis>([<emphasis
               role="bold">-</emphasis>|<emphasis

docs/Shorewall_Squid_Usage.xml

@@ -308,40 +308,4 @@ ACCEPT    loc      $FW    tcp      8080
 ACCEPT    $FW      net    tcp      80,443</programlisting></para>
     </example>
   </section>
-
-  <section id="TPROXY">
-    <title>Transparent with TPROXY</title>
-
-    <para>Shorewall 4.4.7 contains support for TPROXY. TPROXY differs from
-    REDIRECT in that it does not modify the IP header. Because the IP header
-    stays intact, TPROXY requires policy routing to direct the packets to the
-    proxy server running on the firewall. This approach requires TPROXY
-    support in your kernel and iptables and Squid 3. See <ulink
-    url="http://wiki.squid-cache.org/Features/Tproxy4">http://wiki.squid-cache.org/Features/Tproxy4</ulink>.</para>
-
-    <para>The following configuration works with Squid running on the firewall
-    itself (assume that Squid is listening on port 3128).</para>
-
-    <para><filename>/etc/shorewall/interfaces:</filename></para>
-
-    <programlisting>#ZONE        INTERFACE        BROADCAST         OPTIONS
--            lo               -                 -</programlisting>
-
-    <para><filename>/etc/shorewall/providers</filename>:</para>
-
-    <programlisting>#NAME   NUMBER   MARK    DUPLICATE  INTERFACE  GATEWAY         OPTIONS               COPY
-Tproxy    1        1        -           lo        -            local</programlisting>
-
-    <para><filename>/etc/shorewall/tcrules</filename> (assume loc interface is
-    eth1):</para>
-
-    <programlisting>MARK            SOURCE      DEST        PROTO      PORT(S)
-TPROXY(1,3128)  eth1        0.0.0.0/0   tcp        80</programlisting>
-
-    <para>/etc/shorewall/rules:</para>
-
-    <programlisting>#ACTION   SOURCE   DEST   PROTO   DEST PORT(S)
-ACCEPT    loc      $FW    tcp     80
-ACCEPT    $FW      net    tcp     80</programlisting>
-  </section>
 </article>