On 10/11/2018 03:07 AM, Jeremie Courreges-Anglas wrote: > > On 10/1/18 4:51 PM, Tom Eastep wrote: >> On 09/17/2018 03:15 AM, Jeremie Courreges-Anglas wrote: >>> From: htouvet <htouvet-git...@tranquil.it> >>> >>> Newish iproute2 print "linkdown" when the link state of the interface >>> associated with a route is down. This breaks multi-providers >>> operations. As a quickfix, tweak add/remove_gateway to strip >>> "linkdown" from ip route output. This diff does not address IPv6 >>> handling, which also looks affected. >>> >> Hi Jeremie, > > > Hi, > > >> Sorry to be slow responding; I've been traveling abroad and am just >> getting caught up again. > > Also sorry for the delay... > > >> Shorewall 5.2.0.3 contains a fix for this issue; the fix was updated in >> 5.2.0.4 to make it play better with link monitors like FooLSM. Have you >> continued to experience this problem with that fix in place? > > > That's right, the patch was originally written on top of 5.2.0.4. Two > data points: > > - the issue is only visible when the relevant route is associated to an > interface whose link is down (unplugged, peer down, etc). > > - also, we have our in-house link monitor working on top of shorewall, > maybe it doesn't exercise the same parts of shorewall as FooLSM does. > >
Okay - I think I prefer the attached patch to yours - there could be multiple linkdown 'nexthop' interfaces in the current default route. Thanks! -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
diff --git a/Shorewall/Perl/lib.runtime b/Shorewall/Perl/lib.runtime
index 84f0f92f0..f2036c8fb 100644
--- a/Shorewall/Perl/lib.runtime
+++ b/Shorewall/Perl/lib.runtime
@@ -963,7 +963,7 @@ add_gateway() # $1 = Delta $2 = Table Number
local delta
local dev
- route=`$IP -4 -o route ls table $2 | grep ^default | sed 's/default //; s/[\]//g'`
+ route=`$IP -4 -o route ls table $2 | grep ^default | sed 's/default //; s/linkdown//g; s/[\]//g'`
if [ -z "$route" ]; then
run_ip route add default scope global table $2 $1
@@ -997,7 +997,7 @@ delete_gateway() # $! = Description of the Gateway $2 = table number $3 = device
local gateway
local dev
- route=`$IP -4 -o route ls table $2 | grep ^default | sed 's/[\]//g'`
+ route=`$IP -4 -o route ls table $2 | grep ^default | sed 's/linkdown//g; s/[\]//g'`
gateway=$1
if [ -n "$route" ]; then
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
