Merge branch '5.1.6'

# Conflicts:
#	Shorewall-core/lib.common

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/lib.common

@@ -269,53 +269,48 @@ loadmodule() # $1 = module name, $2 - * arguments
 {
     local modulename
     modulename=$1
+    shift
+    local moduleoptions
+    moduleoptions=$*
     local modulefile
     local suffix
 
     if [ -d /sys/module/ ]; then
 	if ! list_search $modulename $DONT_LOAD; then
 	    if [ ! -d /sys/module/$modulename ]; then
-		shift
-
-		for suffix in $MODULE_SUFFIX ; do
-		    for directory in $moduledirectories; do
-			modulefile=$directory/${modulename}.${suffix}
-
-			if [ -f $modulefile ]; then
 		case $moduleloader in
 		    insmod)
-				    insmod $modulefile $*
-				    ;;
-				*)
-				    modprobe $modulename $*
-				    ;;
-			    esac
-			    break 2
+			for directory in $moduledirectories; do
+			    for modulefile in $directory/${modulename}.*; do
+				if [ -f $modulefile ]; then
+				    insmod $modulefile $moduleoptions
+				    return
 				fi
 			    done
 			done
+			;;
+		    *)
+			modprobe -q $modulename $moduleoptions
+			;;
+		esac
 	    fi
 	fi
     elif ! list_search $modulename $DONT_LOAD $MODULES; then
-	shift
-
-	for suffix in $MODULE_SUFFIX ; do
-	    for directory in $moduledirectories; do
-		modulefile=$directory/${modulename}.${suffix}
-
-		if [ -f $modulefile ]; then
 	case $moduleloader in
 	    insmod)
-			    insmod $modulefile $*
-			    ;;
-			*)
-			    modprobe $modulename $*
-			    ;;
-		    esac
-		    break 2
+		for directory in $moduledirectories; do
+		    for modulefile in $directory/${modulename}.*; do
+			if [ -f $modulefile ]; then
+			    insmod $modulefile $moduleoptions
+			    return
 			fi
 		    done
 		done
+		;;
+	    *)
+		modprobe -q $modulename $moduleoptions
+		;;
+	esac
     fi
 }
 
@@ -338,8 +333,6 @@ reload_kernel_modules() {
 	moduleloader=insmod
     fi
 
-    [ -n "${MODULE_SUFFIX:=ko ko.gz ko.xz o o.gz o.xz gz xz}" ]
-
     if [ -n "$MODULESDIR" ]; then
 	case "$MODULESDIR" in
 	    +*)
@@ -394,8 +387,6 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
 	moduleloader=insmod
     fi
 
-    [ -n "${MODULE_SUFFIX:=o gz xz ko o.gz o.xz ko.gz ko.xz}" ]
-
     if [ -n "$MODULESDIR" ]; then
 	case "$MODULESDIR" in
 	    +*)

Shorewall-lite/shorecap

@@ -28,7 +28,7 @@
 #
 #   On the target system (the system where the firewall program is to run):
 #
-#       [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] [ MODULE_SUFFIX="<module suffix list>" ] shorecap > capabilities
+#       [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] shorecap > capabilities
 #
 #    Now move the capabilities file to the compilation system. The file must
 #    be placed in a directory on the CONFIG_PATH to be used when compiling firewalls
@@ -38,7 +38,6 @@
 #
 #        IPTABLES - iptables
 #        MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
-#        MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz"
 #
 #    Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
 #    used during firewall compilation, then the generated firewall program will likewise not

Shorewall/Perl/Shorewall/Chains.pm

@@ -7065,6 +7065,8 @@ sub interface_gateway( $ ) {
 sub get_interface_gateway ( $;$$ ) {
     my ( $logical, $protect, $provider ) = @_;
 
+    $provider = '' unless defined $provider;
+
     my $interface = get_physical $logical;
     my $variable = interface_gateway( $interface );
     my $gateway  = get_interface_option( $interface, 'gateway' );
@@ -7078,9 +7080,9 @@ sub get_interface_gateway ( $;$$ ) {
     }
 
     if ( interface_is_optional $logical ) {
-	$interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface));
+	$interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface $provider));
     } else {
-	$interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface)
+	$interfacegateways{$interface} = qq([ -n "\$$variable" ] || $variable=\$(detect_gateway $interface $provider)
 [ -n "\$$variable" ] || startup_error "Unable to detect the gateway through interface $interface");
     }
 

Shorewall/Perl/Shorewall/Config.pm

@@ -36,6 +36,7 @@ use strict;
 use warnings;
 use File::Basename;
 use File::Temp qw/ tempfile tempdir /;
+use File::Glob ':globally';
 use Cwd qw(abs_path getcwd);
 use autouse 'Carp' => qw(longmess confess);
 use Scalar::Util 'reftype';
@@ -315,7 +316,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST
 #
 # Config options and global settings that are to be copied to output script
 #
-our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/;
+our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY RESTART/;
 #
 # From parsing the capabilities file or detecting capabilities
 #
@@ -648,6 +649,7 @@ our %eliminated = ( LOGRATE          => 1,
 		    HIGH_ROUTE_MARKS => 1,
 		    BLACKLISTNEWONLY => 1,
 		    CHAIN_SCRIPTS    => 1,
+                    MODULE_SUFFIX    => 1,
 		  );
 #
 # Variables involved in ?IF, ?ELSE ?ENDIF processing
@@ -848,7 +850,6 @@ sub initialize( $;$$) {
 	  BLACKLIST => undef,
 	  BLACKLISTNEWONLY => undef,
 	  DELAYBLACKLISTLOAD => undef,
-	  MODULE_SUFFIX => undef,
 	  DISABLE_IPV6 => undef,
 	  DYNAMIC_ZONES => undef,
 	  PKTTYPE=> undef,
@@ -4320,25 +4321,20 @@ sub load_kernel_modules( ) {
 
 	close LSMOD;
 
-	$config{MODULE_SUFFIX} = 'ko ko.gz ko.xz o o.gz o.xz gz xz' unless $config{MODULE_SUFFIX};
-
-	my @suffixes = split /\s+/ , $config{MODULE_SUFFIX};
-
+      MODULE:
 	while ( read_a_line( NORMAL_READ ) ) {
 	    fatal_error "Invalid modules file entry" unless ( $currentline =~ /^loadmodule\s+([a-zA-Z]\w*)\s*(.*)$/ );
 	    my ( $module, $arguments ) = ( $1, $2 );
 	    unless ( $loadedmodules{ $module } ) {
-		for my $directory ( @moduledirectories ) {
-		    for my $suffix ( @suffixes ) {
-			my $modulefile = "$directory/$module.$suffix";
-			if ( -f $modulefile ) {
-			    if ( $moduleloader eq 'insmod' ) {
-				system ("insmod $modulefile $arguments" );
-			    } else {
-				system( "modprobe $module $arguments" );
-			    }
-
+		if ( $moduleloader eq 'modprobe' ) {
+		    system( "modprobe -q $module $arguments" );
 		    $loadedmodules{ $module } = 1;
+		} else {
+		    for my $directory ( @moduledirectories ) {
+			for my $modulefile ( <$directory/$module.*> ) {
+			    system ("insmod $modulefile $arguments" );
+			    $loadedmodules{ $module } = 1;
+			    next MODULE;
 			}
 		    }
 		}

Shorewall/Perl/Shorewall/Providers.pm

@@ -502,7 +502,7 @@ sub process_a_provider( $ ) {
 
     if ( ( $gw = lc $gateway ) eq 'detect' ) {
 	fatal_error "Configuring multiple providers through one interface requires an explicit gateway" if $shared;
-	$gateway = get_interface_gateway( $interface, undef, 1 );
+	$gateway = get_interface_gateway( $interface, undef, $number );
 	$gatewaycase = 'detect';
 	set_interface_option( $interface, 'gateway', 'detect' );
     } elsif ( $gw eq 'none' ) {

Shorewall/Perl/lib.runtime

@@ -899,7 +899,7 @@ detect_dynamic_gateway() { # $1 = interface
 #
 # Detect the gateway through an interface
 #
-detect_gateway() # $1 = interface
+detect_gateway() # $1 = interface $2 = table number
 {
     local interface
     interface=$1
@@ -912,6 +912,8 @@ detect_gateway() # $1 = interface
     # Maybe there's a default route through this gateway already
     #
     [ -n "$gateway" ] || gateway=$(find_gateway $($IP -4 route list dev $interface | grep ^default))
+
+    [ -z "$gateway" -a -n "$2" ] && gateway=$(find_gateway $($IP -4 route list dev $interface table $2 | grep ^default))
     #
     # Last hope -- is there a load-balancing route through the interface?
     #

Shorewall/Samples/Universal/shorewall.conf

@@ -205,8 +205,6 @@ MINIUPNPD=No
 
 MARK_IN_FORWARD_CHAIN=No
 
-MODULE_SUFFIX="ko ko.xz"
-
 MULTICAST=No
 
 MUTEX_TIMEOUT=60

Shorewall/Samples/one-interface/shorewall.conf

@@ -216,8 +216,6 @@ MINIUPNPD=No
 
 MARK_IN_FORWARD_CHAIN=No
 
-MODULE_SUFFIX="ko ko.xz"
-
 MULTICAST=No
 
 MUTEX_TIMEOUT=60

Shorewall/Samples/three-interfaces/shorewall.conf

@@ -213,8 +213,6 @@ MINIUPNPD=No
 
 MARK_IN_FORWARD_CHAIN=No
 
-MODULE_SUFFIX="ko ko.xz"
-
 MULTICAST=No
 
 MUTEX_TIMEOUT=60

Shorewall/Samples/two-interfaces/shorewall.conf

@@ -216,8 +216,6 @@ MINIUPNPD=No
 
 MARK_IN_FORWARD_CHAIN=No
 
-MODULE_SUFFIX="ko ko.xz"
-
 MULTICAST=No
 
 MUTEX_TIMEOUT=60

Shorewall/configfiles/shorewall.conf

@@ -205,8 +205,6 @@ MARK_IN_FORWARD_CHAIN=No
 
 MINIUPNPD=No
 
-MODULE_SUFFIX="ko ko.xz"
-
 MULTICAST=No
 
 MUTEX_TIMEOUT=60

Shorewall/lib.cli-std

@@ -1556,10 +1556,10 @@ remote_reload_command() # $* = original arguments less the command.
 
 	progress_message "Getting Capabilities on system $system..."
 	if [ $g_family -eq 4 ]; then
-	    if ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $g_shorewalldir/capabilities; then
+	    if ! rsh_command "MODULESDIR=$MODULESDIR IPTABLES=$IPTABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall-lite/shorecap" > $g_shorewalldir/capabilities; then
 	        fatal_error "Capturing capabilities on system $system failed"
 	    fi
-	elif ! rsh_command "MODULESDIR=$MODULESDIR MODULE_SUFFIX=\"$MODULE_SUFFIX\" IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $g_shorewalldir/capabilities; then
+	elif ! rsh_command "MODULESDIR=$MODULESDIR IP6TABLES=$IP6TABLES DONT_LOAD=\"$DONT_LOAD\" $libexec/shorewall6-lite/shorecap" > $g_shorewalldir/capabilities; then
 	    fatal_error "Capturing capabilities on system $system failed"
 	fi
     fi

Shorewall/manpages/shorewall-modules.xml

@@ -51,7 +51,7 @@
 
     <para>The <replaceable>modulename</replaceable> names a kernel module
     (without suffix). Shorewall will search for modules based on your
-    MODULESDIR and MODULE_SUFFIX settings in <ulink
+    MODULESDIR setting in <ulink
     url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(8). The
     <replaceable>moduleoption</replaceable>s are passed to modprobe (if
     installed) or to insmod.</para>

Shorewall/manpages/shorewall.conf.xml

@@ -1892,18 +1892,6 @@ LOG:info:,bar                        net                    fw</programlisting>
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">MODULE_SUFFIX=</emphasis>[<emphasis
-        role="bold">"</emphasis><emphasis>extension</emphasis> ...<emphasis
-        role="bold">"</emphasis>]</term>
-
-        <listitem>
-          <para>The value of this option determines the possible file
-          extensions of kernel modules. The default value is "ko ko.gz ko.xz o
-          o.gz o.xz gz xz".</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis
         role="bold">MODULESDIR=</emphasis>[[+]<emphasis>pathname</emphasis>[<emphasis

Shorewall6-lite/shorecap

@@ -28,7 +28,7 @@
 #
 #   On the target system (the system where the firewall program is to run):
 #
-#       [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] [ MODULE_SUFFIX="<module suffix list>" ] shorecap > capabilities
+#       [ IPTABLES=<iptables binary> ] [ MODULESDIR=<kernel modules directory> ] shorecap > capabilities
 #
 #    Now move the capabilities file to the compilation system. The file must
 #    be placed in a directory on the CONFIG_PATH to be used when compiling firewalls
@@ -38,7 +38,6 @@
 #
 #        IPTABLES - iptables
 #        MODULESDIR - /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
-#        MODULE_SUFFIX - "o gz xz ko o.gz o.xz ko.gz ko.xz"
 #
 #    Shorewall need not be installed on the target system to run shorecap. If the '-e' flag is
 #    used during firewall compilation, then the generated firewall program will likewise not

Shorewall6/Samples6/Universal/shorewall6.conf

@@ -190,8 +190,6 @@ MARK_IN_FORWARD_CHAIN=No
 
 MINIUPNPD=No
 
-MODULE_SUFFIX="ko ko.xz"
-
 MUTEX_TIMEOUT=60
 
 OPTIMIZE=All

Shorewall6/Samples6/one-interface/shorewall6.conf

@@ -191,8 +191,6 @@ MARK_IN_FORWARD_CHAIN=No
 
 MINIUPNPD=No
 
-MODULE_SUFFIX="ko ko.xz"
-
 MUTEX_TIMEOUT=60
 
 OPTIMIZE=All

Shorewall6/Samples6/three-interfaces/shorewall6.conf

@@ -190,8 +190,6 @@ MARK_IN_FORWARD_CHAIN=No
 
 MINIUPNPD=No
 
-MODULE_SUFFIX="ko ko.xz"
-
 MUTEX_TIMEOUT=60
 
 OPTIMIZE=All

Shorewall6/Samples6/two-interfaces/shorewall6.conf

@@ -190,8 +190,6 @@ MARK_IN_FORWARD_CHAIN=No
 
 MINIUPNPD=No
 
-MODULE_SUFFIX="ko ko.xz"
-
 MUTEX_TIMEOUT=60
 
 OPTIMIZE=All

Shorewall6/configfiles/shorewall6.conf

@@ -190,8 +190,6 @@ MARK_IN_FORWARD_CHAIN=No
 
 MINIUPNPD=No
 
-MODULE_SUFFIX="ko ko.xz"
-
 MUTEX_TIMEOUT=60
 
 OPTIMIZE=All