On 04/14/2011 07:52 AM, Tom Eastep wrote:
> On 04/14/2011 07:18 AM, Tom Eastep wrote:
>> On 04/14/2011 07:03 AM, Jörg Kleuver wrote:
>>> Am 14.04.2011 15:56, schrieb Tom Eastep:
>>>> On 04/14/2011 02:50 AM, Jörg Kleuver wrote:
>>>>
>>>>>
>>>>> What's the problem with this? Is there still one?
>>>>
>>>> Yes -- the code supporting USE_DEFAULT_RT=Yes is not prepared to handle
>>>> multiple default routes in the main table.
>>>>
>>>> -Tom
>>>
>>> Hi Tom,
>>>
>>> I wasn't using USE_DEFAULT_RT=Yes in any of the configurations yet and
>>> this happened all with USE_DEFAULT_RT=No
>>
>> Yes -- I see that. I'll try to get a fix out today but I have a busy
>> work schedule so it may be this evening.
>
> Hi Jörg,
>
> The attached patch should fix the USE_DEFAULT_RT=No case for IPv4. I'll
> work on the other cases as time permits.
If you have applied the previous patch, please reverse it and apply this
one instead. I believe that it corrects default route save/restore in
all cases.
Thanks,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 51ebfc2..8bd3f2c 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -1887,7 +1887,7 @@ EOF
emit 'delete_tc1' if $config{CLEAR_TC};
emit( 'undo_routing',
- 'restore_default_route'
+ "restore_default_route $config{USE_DEFAULT_RT}"
);
my @chains = $config{ADMINISABSENTMINDED} ? qw/INPUT FORWARD/ : qw/INPUT OUTPUT FORWARD/;
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index f9567c0..e301108 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -758,13 +758,21 @@ sub finish_providers() {
emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' );
emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" );
- emit ( " qt \$IP -$family route del default table " . MAIN_TABLE ) if $config{USE_DEFAULT_RT};
+
+ if ( $config{USE_DEFAULT_RT} ) {
+ emit ( " while qt \$IP -$family route del default table " . MAIN_TABLE . '; do',
+ ' true',
+ ' done',
+ ''
+ );
+ }
+
emit ( " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
'else',
' error_message "WARNING: No Default route added (all \'balance\' providers are down)"' );
if ( $config{RESTORE_DEFAULT_ROUTE} ) {
- emit ' restore_default_route && error_message "NOTICE: Default route restored"'
+ emit qq( restore_default_route $config{USE_DEFAULT_RT} && error_message "NOTICE: Default route restored")
} else {
emit qq( qt \$IP -$family route del default table $table && error_message "WARNING: Default route deleted from table $table");
}
@@ -775,7 +783,7 @@ sub finish_providers() {
emit ( '#',
'# We don\'t have any \'balance\' providers so we restore any default route that we\'ve saved',
'#',
- 'restore_default_route' ,
+ "restore_default_route $config{USE_DEFAULT_RT}" ,
'' );
}
@@ -871,7 +879,7 @@ sub setup_providers() {
push_indent;
emit "\nundo_routing";
- emit 'restore_default_route';
+ emit "restore_default_route $config{USE_DEFAULT_RT}";
if ( $config{NULL_ROUTE_RFC1918} ) {
emit ( '#',
diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header
index 3c37d43..39c53e9 100644
--- a/Shorewall/Perl/prog.header
+++ b/Shorewall/Perl/prog.header
@@ -518,7 +518,14 @@ save_default_route() {
#
# Restore the default route that was in place before the initial 'shorewall start'
#
-restore_default_route() {
+replace_default_route() {
+ qt $IP -4 route replace $default_route && \
+ result=0 && \
+ progress_message "Default Route (${default_route# }) restored"
+}
+
+restore_default_route() # $1 = USE_DEFAULT_RT
+{
local result
if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then
@@ -533,20 +540,17 @@ restore_default_route() {
if [ -n "$default_route" ]; then
case "$default_route" in
*metric*)
- #
- # Don't restore a route with a metric -- we only replace the one with metric == 0
- #
- qt $IP -4 route delete default metric 0 && \
- progress_message "Default Route with metric 0 deleted"
+ #
+ # Don't restore a default route with a metric unless USE_DEFAULT_RT=Yes. Otherwise, we only replace the one with metric 0
+ #
+ [ -n "$1" ] && replace_default_route
+ default_route=
;;
*)
- qt $IP -4 route replace $default_route && \
- result=0 && \
- progress_message "Default Route (${default_route# }) restored"
+ replace_default_route
+ default_route=
;;
esac
-
- break
fi
default_route="$default_route $route"
@@ -557,6 +561,15 @@ restore_default_route() {
esac
done < ${VARDIR}/default_route
+ if [ -n "$default_route" ]; then
+ replace_default_route
+ elif [ $result = 1 ]; then
+ #
+ # We added a default route with metric 0 but there wasn't one previously
+ #
+ qt -4 ip route del default metric 0 && progress_message "Default route with metric 0 deleted"
+ fi
+
rm -f ${VARDIR}/default_route
fi
diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6
index e708e88..f8f0d71 100644
--- a/Shorewall/Perl/prog.header6
+++ b/Shorewall/Perl/prog.header6
@@ -506,7 +506,14 @@ save_default_route() {
#
# Restore the default route that was in place before the initial 'shorewall start'
#
-restore_default_route() {
+replace_default_route() {
+ qt $IP -6 route replace $default_route && \
+ result=0 && \
+ progress_message "Default Route (${default_route# }) restored"
+}
+
+restore_default_route() # $1 = USE_DEFAULT_RT
+{
local result
if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then
@@ -517,24 +524,21 @@ restore_default_route() {
while read route ; do
case $route in
- default)
+ default*)
if [ -n "$default_route" ]; then
case "$default_route" in
*metric*)
- #
- # Don't restore a route with a metric -- we only replace the one with metric == 0
- #
- qt $IP -6 route delete default metric 0 && \
- progress_message "Default Route with metric 0 deleted"
+ #
+ # Don't restore a default route with a metric unless USE_DEFAULT_RT=Yes. Otherwise, we only replace the one with metric 0
+ #
+ [ -n "$1" ] && replace_default_route
+ default_route=
;;
*)
- qt $IP -6 route replace $default_route && \
- result=0 && \
- progress_message "Default Route (${default_route# }) restored"
+ replace_default_route
+ default_route=
;;
esac
-
- break
fi
default_route="$default_route $route"
@@ -545,6 +549,15 @@ restore_default_route() {
esac
done < ${VARDIR}/default_route
+ if [ -n "$default_route" ]; then
+ replace_default_route
+ elif [ $result = 1 ]; then
+ #
+ # We added a default route with metric 0 but there wasn't one previously
+ #
+ qt -6 ip route del default metric 0 && progress_message "Default route with metric 0 deleted"
+ fi
+
rm -f ${VARDIR}/default_route
fi
------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve
application availability and disaster protection. Learn more about boosting
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
