forked from extern/shorewall_code
cd4e9654d8
------- Forwarded message follows ------- From: istvan@istvan.org To: shorewall-users@lists.sourceforge.net Date sent: Thu, 19 May 2016 09:10:21 +0200 Subject: [Shorewall-users] Shorewall-lite on OpenWRT Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net> <mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe> <mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe> Hi there, I use Shorewall on an OpenWRT distribution and I experience 2 problems. I have solved them myself and report them here to help others with it. Shorewall version: shorewall[6]-lite 5.0.4 OpenWRT version: Chaos Calmer 15.05, r46767 Problem 1: Shorewall uses the lock utility from openwrt. I believe it is used in the wrong way. File lib.common line 775 First it passes arguments which the utility doesn't use/know. The util accepts them dumbly and continues to create a lockfile. It has no time-out functionality. I do not know the meaning of the r1 argument. Second the mutex_off simply deletes the lockfile by using the utility rm. This way a stale lock process keeps running. After a while the router is running a high number of stale processes which has impact on the load of the router. The correct way is to use "lock -u /lib/shorewall-lite/lock". This way the lockfile will be removed and the process will be terminated accordingly. To make it work for me, I no more let shorewall use the lock utility by using an ugly hack. Problem 2: An fgrep on the output of the type utility is wrongly coded. The output of the type command probably has been changed. File lib.cli line 4343 It is coded: "if type $1 2> /dev/null | fgrep -q 'is a function'; then" To make it work for me, it should be coded: "if type $1 2> /dev/null | fgrep -q 'is a shell function'; then" With regards, Stefan ------- End of forwarded message ------- Tom, attached as code.patch, are the patches that I believe will correct those issues In addition to those patches I've also added 3 patches: - Patch 1 will emulate the -p flag of the ps utility which is not available on openwrt. - The last two patches will add "file" to the progress message of SYSCONFFILE to make it more consistent among the installers. In shorewall-init/install.sh the else clause between the line 586 and 597 will only work for a sysvinit script. Should I make it also work for a systemd service script or can't we simply remove that else clause? In the compiled firewall script the comments before and after the functions imported from lib.common have two slashes in the path: $ grep -H lib.common firewall firewall:# Functions imported from /usr/share/shorewall//lib.common firewall:# End of imports from /usr/share/shorewall//lib.common -Matt -------------- Enclosure number 1 ---------------- >From 6ff651108df33ab8be4562caef03a8582e9eac5e Mon Sep 17 00:00:00 2001 From: Matt Darfeuille <matdarf@gmail.com> Date: Tue, 24 May 2016 13:10:28 +0200 Subject: [PATCH 1/8] Emulate 'ps -p' using grep to work on openwrt Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net> |
||
|---|---|---|
| .. | ||
| configfiles | ||
| Contrib | ||
| Macros | ||
| manpages | ||
| Perl | ||
| Samples | ||
| action.A_Drop | ||
| action.A_REJECT | ||
| action.A_REJECT! | ||
| action.A_Reject.deprecated | ||
| action.allowInvalid | ||
| action.AutoBL | ||
| action.AutoBLL | ||
| action.Broadcast | ||
| action.DNSAmp | ||
| action.Drop | ||
| action.dropInvalid | ||
| action.DropSmurfs | ||
| action.Established | ||
| action.GlusterFS | ||
| action.IfEvent | ||
| action.Invalid | ||
| action.mangletemplate | ||
| action.New | ||
| action.NotSyn | ||
| action.Reject | ||
| action.Related | ||
| action.ResetEvent | ||
| action.RST | ||
| action.SetEvent | ||
| action.TCPFlags | ||
| action.template | ||
| action.Untracked | ||
| actions.std | ||
| configpath | ||
| COPYING | ||
| default.debian | ||
| helpers | ||
| init.debian.sh | ||
| init.fedora.sh | ||
| init.sh | ||
| init.slackware.shorewall.sh | ||
| init.suse.sh | ||
| INSTALL | ||
| install.sh | ||
| lib.cli-std | ||
| logrotate | ||
| Makefile | ||
| Makefile-lite | ||
| modules | ||
| modules.essential | ||
| modules.extensions | ||
| modules.ipset | ||
| modules.tc | ||
| modules.xtables | ||
| shorewall | ||
| shorewall.service | ||
| shorewall.service.debian | ||
| sysconfig | ||
| uninstall.sh | ||