On 12-02-21 05:14 PM, Tom Eastep wrote: > So I eliminate two of my "remote variables" using &<ifname> but since I have to fetch others anyway...
> You could run a script on the remote system that simply returned a list
> of assignment statements separated by semicolons or newlines that you
> could then just source locally.
Right which is effectively what I have done with:
ssh root@gw "echo CGCOIF=\$(/sbin/uci -p /var/state get network.wan0.ifname)
echo IGSIF=\$(/sbin/uci -p /var/state get network.wan1.ifname)
echo PPPEIF=\$(/sbin/uci -p /var/state get network.pppoe_ether.device)
echo CGCO_GATEWAY=\$(/sbin/uci -p /var/state get network.wan0.gateway)
echo CGCO_ADDRESS=\$(/sbin/uci -p /var/state get network.wan0.ipaddr)
echo IGS_GATEWAY=\$(/sbin/uci -p /var/state get network.wan1.gateway)
echo IGS_ADDRESS=\$(/sbin/uci -p /var/state get network.wan1.ipaddr)" > foo
eval $(cat foo)
rm foo
and indeed, I can replace the "eval $(cat foo)" with ". ./foo".
Also, my remote address resolution provides the right level of
abstraction for openwrt. wan0 and wan1 are consistent across
routers whereas their real interface values (eth0.2 and pppoe-wan1)
are implementation dependent.
That said, ð0.2 and &pppoe-wan1 in my config files instead of the
${CGCO,IGS}_ADDRESS variables does have the desired effect. I do like
their true run-time evaluation effect also. They would be much more
flexible in dealing with a dynamic IP address change (i.e. assuming
one's router is configured to shorewall restore on interface changes).
I wonder how easily (and still generically)
find_first_interface_address_if_any() could be contorted to dive through
openwrt's wan* abstraction so that I could use &wan0 and &wan1.
Would it make you wretch to see platform specific (i.e. openwrt) code
in functions such as find_first_interface_address_if_any()? i.e.:
find_first_interface_address_if_any() # $1 = interface
{
ifname="$1"
if which uci >/dev/null; then
ifname=$(/sbin/uci -p /var/state get network.$ifname.ifname)
fi
#
# get the line of output containing the first IP address
#
addr=$(${IP:-ip} -f inet addr show $ifname 2> /dev/null | grep 'inet .*
global' | head -n1)
#
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
# along with everything else on the line
#
[ -n "$addr" ] && echo $addr | sed 's/\s*inet //;s/\/.*//;s/ peer.*//' ||
echo 0.0.0.0
}
And then the addition of some remote variable types like an the
gateway for an interface and the ability to resolve the openwrt
wan* interface abstraction elsewhere (like in rules) would elim-
inate all of this remote execution stuff and make the resulting
ruleset much more flexible.
Cheers,
b.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
