Re: [Shorewall-users] Manually specify gateway MAC

[Tom Eastep]

On 7/6/2014 7:55 AM, Tom Eastep wrote:
> On 7/6/2014 3:08 AM, Lee Brown wrote:
>> Hi,
>>
>> One of the providers I use has their gateway on the other side of a
>> radio bridge several miles away.  Occasionally the MAC detection that
>> Shorewall does fails and prevents Shorewall from starting.
>>
>> Is there a way to specify the MAC address manually for these gateways
>> in the providers file?  I couldn't see anyway to specify it.
> 
> There is currently no way to specify the MAC manually.
> 

Here is a lightly-tested patch. In the INTERFACE column, enter
<interface>:<address>[,<mac>]

Here's an example:

#NAME NUMBER MARK  DUPLICATE INTERFACE  GATEWAY         OPTIONS         
Blarg 1      0x100 -         eth0.1:206.124.146.176,00:01:02:03:04:05\
                                        206.124.146.254 balance,track

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 96abf21..b4acfa2 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -6723,20 +6723,25 @@ sub interface_mac( $$ ) {
 #
 # Record the fact that the ruleset requires MAC address of the passed gateway IP routed out of the passed interface for the passed provider number
 #
-sub get_interface_mac( $$$ ) {
-    my ( $ipaddr, $logical , $table ) = @_;
+sub get_interface_mac( $$$$ ) {
+    my ( $ipaddr, $logical , $table, $mac ) = @_;
 
     my $interface = get_physical( $logical );
     my $variable = interface_mac( $interface , $table );
 
     $global_variables |= NOT_RESTORE;
-
-    if ( interface_is_optional $logical ) {
-	$interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)\n);
+    
+    if ( $mac ) {
+	$interfacemacs{$table} = qq($variable=$mac);
     } else {
-	$interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)
+	if ( interface_is_optional $logical ) {
+	    $interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)\n);
+	} else {
+	    $interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)
 [ -n "\$$variable" ] || startup_error "Unable to determine the MAC address of $ipaddr through interface \\"$interface\\""
 );
+
+       }
     }
 
     "\$$variable";
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index bf32b22..6eb3def 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -442,15 +442,25 @@ sub process_a_provider( $ ) {
 
     fatal_error 'INTERFACE must be specified' if $interface eq '-';
 
-    ( $interface, my $address ) = split /:/, $interface;
+    ( $interface, my $address ) = split /:/, $interface, 2;
 
     my $shared = 0;
     my $noautosrc = 0;
+    my $mac = '';
 
     if ( defined $address ) {
+	( $address, $mac ) = split_host_list( $address, 0 );
 	validate_address $address, 0;
 	$shared = 1;
 	require_capability 'REALM_MATCH', "Configuring multiple providers through one interface", "s";
+
+	if ( defined $mac ) {
+	    $mac =~ tr/-/:/;
+	    $mac =~ s/^~//;
+	    fatal_error "Invalid MAC address ($mac)" unless $mac =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/;
+	} else {
+	    $mac = '';
+	}
     }
 
     fatal_error "Unknown Interface ($interface)" unless known_interface( $interface );
@@ -644,6 +654,7 @@ sub process_a_provider( $ ) {
 			   loose       => $loose ,
 			   duplicate   => $duplicate ,
 			   address     => $address ,
+			   mac         => $mac ,
 			   local       => $local ,
 			   tproxy      => $tproxy ,
 			   load        => $load ,
@@ -720,6 +731,7 @@ sub add_a_provider( $$ ) {
     my $loose       = $providerref->{loose};
     my $duplicate   = $providerref->{duplicate};
     my $address     = $providerref->{address};
+    my $mac         = $providerref->{mac};
     my $local       = $providerref->{local};
     my $tproxy      = $providerref->{tproxy};
     my $load        = $providerref->{load};
@@ -733,7 +745,7 @@ sub add_a_provider( $$ ) {
     my $realm = '';
 
     if ( $shared ) {
-	my $variable = $providers{$table}{mac} = get_interface_mac( $gateway, $interface , $table );
+	my $variable = $providers{$table}{mac} = get_interface_mac( $gateway, $interface , $table, $mac );
 	$realm = "realm $number";
 	start_provider( $label , $table, $number, $id, qq(if interface_is_usable $physical && [ -n "$variable" ]; then) );
     } elsif ( $pseudo ) {

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users