On 7/6/2014 8:57 AM, Tom Eastep wrote: > On 7/6/2014 7:55 AM, Tom Eastep wrote: >> On 7/6/2014 3:08 AM, Lee Brown wrote: >>> Hi, >>> >>> One of the providers I use has their gateway on the other side of a >>> radio bridge several miles away. Occasionally the MAC detection that >>> Shorewall does fails and prevents Shorewall from starting. >>> >>> Is there a way to specify the MAC address manually for these gateways >>> in the providers file? I couldn't see anyway to specify it. >> >> There is currently no way to specify the MAC manually. >> > > Here is a lightly-tested patch. In the INTERFACE column, enter > <interface>:<address>[,<mac>] > > Here's an example: > > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS > Blarg 1 0x100 - eth0.1:206.124.146.176,00:01:02:03:04:05\ > 206.124.146.254 balance,track >
The more that I think about this, the more I believe that the MAC
address should go in the GATEWAY column rather than in the INTERFACE
column. Example:
#NAME NUMBER MARK DUP INTERFACE GATEWAY OPTIONS
Blarg 1 0x100 - eth0.1:206.124.146.176\
206.124.146.254,00:01:02:03:04:05\
balance,track
Modified patch attached.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 96abf21..b4acfa2 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -6723,20 +6723,25 @@ sub interface_mac( $$ ) {
#
# Record the fact that the ruleset requires MAC address of the passed gateway IP routed out of the passed interface for the passed provider number
#
-sub get_interface_mac( $$$ ) {
- my ( $ipaddr, $logical , $table ) = @_;
+sub get_interface_mac( $$$$ ) {
+ my ( $ipaddr, $logical , $table, $mac ) = @_;
my $interface = get_physical( $logical );
my $variable = interface_mac( $interface , $table );
$global_variables |= NOT_RESTORE;
-
- if ( interface_is_optional $logical ) {
- $interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)\n);
+
+ if ( $mac ) {
+ $interfacemacs{$table} = qq($variable=$mac);
} else {
- $interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)
+ if ( interface_is_optional $logical ) {
+ $interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)\n);
+ } else {
+ $interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)
[ -n "\$$variable" ] || startup_error "Unable to determine the MAC address of $ipaddr through interface \\"$interface\\""
);
+
+ }
}
"\$$variable";
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index bf32b22..4ad8d85 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -258,7 +258,7 @@ sub copy_and_edit_table( $$$$$ ) {
emit '';
if ( $realm ) {
- emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]]+//' | ${filter}while read net route; do" )
+ emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | ${filter}while read net route; do" )
} else {
emit ( "\$IP -$family -o route show table $duplicate | ${filter}while read net route; do" )
}
@@ -442,10 +442,11 @@ sub process_a_provider( $ ) {
fatal_error 'INTERFACE must be specified' if $interface eq '-';
- ( $interface, my $address ) = split /:/, $interface;
+ ( $interface, my $address ) = split /:/, $interface, 2;
my $shared = 0;
my $noautosrc = 0;
+ my $mac = '';
if ( defined $address ) {
validate_address $address, 0;
@@ -469,7 +470,17 @@ sub process_a_provider( $ ) {
$gateway = get_interface_gateway $interface;
$gatewaycase = 'detect';
} elsif ( $gateway && $gateway ne '-' ) {
+ ( $gateway, $mac ) = split_host_list( $gateway, 0 );
validate_address $gateway, 0;
+
+ if ( defined $mac ) {
+ $mac =~ tr/-/:/;
+ $mac =~ s/^~//;
+ fatal_error "Invalid MAC address ($mac)" unless $mac =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/;
+ } else {
+ $mac = '';
+ }
+
$gatewaycase = 'specified';
} else {
$gatewaycase = 'none';
@@ -644,6 +655,7 @@ sub process_a_provider( $ ) {
loose => $loose ,
duplicate => $duplicate ,
address => $address ,
+ mac => $mac ,
local => $local ,
tproxy => $tproxy ,
load => $load ,
@@ -720,6 +732,7 @@ sub add_a_provider( $$ ) {
my $loose = $providerref->{loose};
my $duplicate = $providerref->{duplicate};
my $address = $providerref->{address};
+ my $mac = $providerref->{mac};
my $local = $providerref->{local};
my $tproxy = $providerref->{tproxy};
my $load = $providerref->{load};
@@ -733,7 +746,7 @@ sub add_a_provider( $$ ) {
my $realm = '';
if ( $shared ) {
- my $variable = $providers{$table}{mac} = get_interface_mac( $gateway, $interface , $table );
+ my $variable = $providers{$table}{mac} = get_interface_mac( $gateway, $interface , $table, $mac );
$realm = "realm $number";
start_provider( $label , $table, $number, $id, qq(if interface_is_usable $physical && [ -n "$variable" ]; then) );
} elsif ( $pseudo ) {
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
