diff --git a/build_num b/build_num index 6191e8427..cc15acafb 100644 --- a/build_num +++ b/build_num @@ -1 +1 @@ -#define BUILD_NUM 1495 +#define BUILD_NUM 1496 diff --git a/doc/ChangeLog b/doc/ChangeLog index 0fe0494bf..7bcf33f27 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,13 +1,30 @@ 2009-09-23 vadim * ../src/res/configlets/linux24/update_bonding: Generated iptables - script incrementally updates bonding interfaces: it adds missing - slaves and removes those that are not configued in fwbuilder. It - also tries to load module "bonding" with protocol parameters - defined in the GUI. Bonding interfaces that exist on the firewall - but are not configured in fwbuilder are cleared of all slaves and - brought down. They can not be removed because that requires - removing module which kills bond interfaces that should be there. + script incrementally updates bonding interfaces: + + - It creates new bonding interfaces with parameters configured in + the GUI if module 'bonding' is not loaded. This is what happens + if fwbuilder script runs after reboot. + + - if there are no bonding interfaces in fwbuilder configuration, + the script removes bonding module to kill any bonding interfaces + that might exist on the machine + + - if you add new bonding interface in fwbuilder, the script checks + if it exists on the machine. It will not create it because to do + so, it would have to remove the module which kills other bonding + interfaces. If this second bonding interface exists, it will be + configured with slaves and addresses. If it does not exist, script + aborts. In this case you need to either 1) reload module manually + or 2) add max_bonds=2 to /etc/modules.conf and reboot or 3) unload + module and run fwbuilder script again (if module is not loaded, + the script loads it with correct max_bonds parameter) + + - if a bonding interface exists on the machine but not in + fwbuilder configuration, the script removes all slaves from it and + brings it down. It can not delete it because to do so it would + need to remove the module, which kills other bonding interfaces. Limitation: currently all bonding interfaces will use the same protocol parameters. This is because module loading with parameter @@ -15,12 +32,12 @@ bonding interface and also the way to specify different parameters for different interfaces causes kernel panic in my tests. Tested with bonding module v3.5.0 and kernel 2.6.29.4-167.fc11.i686.PAE - on Fedora Core 11. The only way to get two bonding interfaces that - works is to load the module with parameter max_bonds=2, but this - means all bonding interfaces work with the same protocol - parameters. If bond interfaces are configured with different - parameters in the GUI, compiler uses the first and issues warning - for others. + on Fedora Core 11. The only working way to get two bonding + interfaces I could find is to load the module with parameter + max_bonds=2, but this means all bonding interfaces work with the + same protocol parameters. If bond interfaces are configured with + different parameters in fwbuilder, compiler uses the first and + issues warning for others. 2009-09-18 vadim diff --git a/src/compiler_lib/interfacePropertiesObjectFactory.cpp b/src/compiler_lib/interfacePropertiesObjectFactory.cpp index 7222cc7f7..2d102c751 100644 --- a/src/compiler_lib/interfacePropertiesObjectFactory.cpp +++ b/src/compiler_lib/interfacePropertiesObjectFactory.cpp @@ -33,9 +33,9 @@ using namespace std; interfaceProperties* interfacePropertiesObjectFactory::getInterfacePropertiesObject( - const std::string &host_os) + const std::string &os_family) { - if (host_os == "linux24") return new linux24Interfaces(); + if (os_family == "linux24") return new linux24Interfaces(); // by default return object of the base class. It performs some // reasonable default actions. return new interfaceProperties(); diff --git a/src/gui/DiscoveryDruid.cpp b/src/gui/DiscoveryDruid.cpp index 1ff12a708..f34f8dca8 100644 --- a/src/gui/DiscoveryDruid.cpp +++ b/src/gui/DiscoveryDruid.cpp @@ -2285,10 +2285,16 @@ void DiscoveryDruid::createRealObjects() } } + Resources* os_res = Resources::os_res[o->getStr("host_OS")]; + string os_family = o->getStr("host_OS"); + if (os_res!=NULL) + os_family = os_res->getResourceStr( + "/FWBuilderResources/Target/family"); + list interface_tree; std::auto_ptr int_prop( interfacePropertiesObjectFactory::getInterfacePropertiesObject( - o->getStr("host_OS"))); + os_family)); int_prop->rearrangeInterfaces(od.interfaces, interface_tree); if (interface_tree.size() != od.interfaces.size()) diff --git a/src/gui/InterfaceDialog.cpp b/src/gui/InterfaceDialog.cpp index 36179eff3..db773575b 100644 --- a/src/gui/InterfaceDialog.cpp +++ b/src/gui/InterfaceDialog.cpp @@ -357,9 +357,15 @@ void InterfaceDialog::validate(bool *res) } FWObject *f = Interface::cast(obj)->getParentHost(); + + Resources* os_res = Resources::os_res[f->getStr("host_OS")]; + string os_family = f->getStr("host_OS"); + if (os_res!=NULL) + os_family = os_res->getResourceStr("/FWBuilderResources/Target/family"); + interfaceProperties *int_prop = interfacePropertiesObjectFactory::getInterfacePropertiesObject( - f->getStr("host_OS")); + os_family); if (int_prop->looksLikeVlanInterface(obj_name)) { QString parent_name = obj->getParent()->getName().c_str(); @@ -462,7 +468,7 @@ void InterfaceDialog::discardChanges() void InterfaceDialog::openIfaceDialog() { // TODO: applyChanges() call enabled results in problems with FWBTree ... - //applyChanges(); + applyChanges(); try { @@ -478,7 +484,6 @@ void InterfaceDialog::openIfaceDialog() // update object tree (if interface type has changed, the object properties // summary text may have to change too) mw->activeProject()->updateObjectInTree(obj, true); -// mw->updateLastModifiedTimestampForAllFirewalls(obj); emit notify_changes_applied_sign(); } } diff --git a/src/gui/ObjectManipulator.cpp b/src/gui/ObjectManipulator.cpp index 3ef6125f8..a411ccd7a 100644 --- a/src/gui/ObjectManipulator.cpp +++ b/src/gui/ObjectManipulator.cpp @@ -764,9 +764,15 @@ void ObjectManipulator::autorenameVlans(list &obj_list) while (fw && Firewall::cast(fw)==NULL) fw = fw->getParent(); assert(fw); QString obj_name = obj->getName().c_str(); + + Resources* os_res = Resources::os_res[fw->getStr("host_OS")]; + string os_family = fw->getStr("host_OS"); + if (os_res!=NULL) + os_family = os_res->getResourceStr("/FWBuilderResources/Target/family"); + std::auto_ptr int_prop( interfacePropertiesObjectFactory::getInterfacePropertiesObject( - fw->getStr("host_OS"))); + os_family)); if (int_prop->looksLikeVlanInterface(obj_name)) { // even though we only call this function if the type of @@ -1088,9 +1094,14 @@ void ObjectManipulator::makeNameUnique(FWObject *target, FWObject *obj) FWObject *fw = target; while (fw && !Firewall::isA(fw)) fw = fw->getParent(); + Resources* os_res = Resources::os_res[fw->getStr("host_OS")]; + string os_family = fw->getStr("host_OS"); + if (os_res!=NULL) + os_family = os_res->getResourceStr("/FWBuilderResources/Target/family"); + std::auto_ptr int_prop( interfacePropertiesObjectFactory::getInterfacePropertiesObject( - fw->getStr("host_OS"))); + os_family)); if (int_prop->looksLikeVlanInterface(obj_name)) return; } QString newname = makeNameUnique(target, @@ -2066,9 +2077,14 @@ bool ObjectManipulator::validateForPaste(FWObject *target, FWObject *obj, if (Interface::isA(obj)) { // check if obj is vlan interface + Resources* os_res = Resources::os_res[fw->getStr("host_OS")]; + string os_family = fw->getStr("host_OS"); + if (os_res!=NULL) + os_family = os_res->getResourceStr("/FWBuilderResources/Target/family"); + std::auto_ptr int_prop( interfacePropertiesObjectFactory::getInterfacePropertiesObject( - fw->getStr("host_OS"))); + os_family)); QString obj_name = obj->getName().c_str(); if (int_prop->looksLikeVlanInterface(obj_name)) { @@ -2102,9 +2118,15 @@ bool ObjectManipulator::validateForPaste(FWObject *target, FWObject *obj, } // check vlan conditions as well FWObject *f = intf->getParentHost(); + + Resources* os_res = Resources::os_res[f->getStr("host_OS")]; + string os_family = f->getStr("host_OS"); + if (os_res!=NULL) + os_family = os_res->getResourceStr("/FWBuilderResources/Target/family"); + std::auto_ptr int_prop( interfacePropertiesObjectFactory::getInterfacePropertiesObject( - f->getStr("host_OS"))); + os_family)); QString obj_name = obj->getName().c_str(); if (int_prop->looksLikeVlanInterface(obj_name)) { @@ -4039,9 +4061,15 @@ void ObjectManipulator::guessSubInterfaceTypeAndAttributes(Interface *intf) if (parent_intf == NULL) return; FWObject *f = intf->getParentHost(); + + Resources* os_res = Resources::os_res[f->getStr("host_OS")]; + string os_family = f->getStr("host_OS"); + if (os_res!=NULL) + os_family = os_res->getResourceStr("/FWBuilderResources/Target/family"); + interfaceProperties *int_prop = interfacePropertiesObjectFactory::getInterfacePropertiesObject( - f->getStr("host_OS")); + os_family); QString err; if (int_prop->looksLikeVlanInterface(intf->getName().c_str()) && int_prop->isValidVlanInterfaceName(intf->getName().c_str(), diff --git a/src/gui/ProjectPanel_events.cpp b/src/gui/ProjectPanel_events.cpp index 67a24e7d8..943483c98 100644 --- a/src/gui/ProjectPanel_events.cpp +++ b/src/gui/ProjectPanel_events.cpp @@ -77,27 +77,21 @@ bool ProjectPanel::event(QEvent *event) // This should enable "Save" action since something has changed mw->prepareFileMenu(); - if (RuleElement::cast(obj) || Rule::cast(obj) || RuleSet::cast(obj)) + FWObject *p = obj; + while (p && Firewall::cast(p)==NULL) p = p->getParent(); + Firewall *f = Firewall::cast(p); + if (f) { - FWObject *p = obj; - while (p && Firewall::cast(p)==NULL) p = p->getParent(); - Firewall *f = Firewall::cast(p); - if (f) - { - f->updateLastModifiedTimestamp(); - QCoreApplication::postEvent( - this, new updateObjectInTreeEvent(data_file, - f->getId())); - } + f->updateLastModifiedTimestamp(); QCoreApplication::postEvent( - this, new updateObjectInRulesetEvent(data_file, - obj->getId())); + this, new updateObjectInTreeEvent(data_file, + f->getId())); } else { QCoreApplication::postEvent( this, new updateObjectInTreeEvent(data_file, obj->getId())); - updateLastModifiedTimestampForAllFirewalls(obj); } + updateLastModifiedTimestampForAllFirewalls(obj); ev->accept(); return true; diff --git a/src/gui/platforms.cpp b/src/gui/platforms.cpp index febfe7fe4..8db35f0f3 100644 --- a/src/gui/platforms.cpp +++ b/src/gui/platforms.cpp @@ -528,9 +528,14 @@ void setInterfaceTypes(QComboBox *iface_type, QString host_os = p->getStr("host_OS").c_str(); QString obj_name = iface->getName().c_str(); + Resources* os_res = Resources::os_res[p->getStr("host_OS")]; + string os_family = p->getStr("host_OS"); + if (os_res!=NULL) + os_family = os_res->getResourceStr("/FWBuilderResources/Target/family"); + std::auto_ptr int_prop( interfacePropertiesObjectFactory::getInterfacePropertiesObject( - host_os.toStdString())); + os_family)); if (int_prop->looksLikeVlanInterface(obj_name)) { QString parent_name = iface->getParent()->getName().c_str(); diff --git a/src/iptlib/CompilerDriver_ipt_run.cpp b/src/iptlib/CompilerDriver_ipt_run.cpp index d91ae1298..b75704ec6 100644 --- a/src/iptlib/CompilerDriver_ipt_run.cpp +++ b/src/iptlib/CompilerDriver_ipt_run.cpp @@ -181,7 +181,7 @@ string CompilerDriver_ipt::run(const std::string &cluster_id, new OSConfigurator_ipcop(objdb , fw, false)); } - if (os_family == "linux24" || os_family == "sveasoft") + if (os_family == "linux24") oscnf = std::auto_ptr( new OSConfigurator_linux24(objdb , fw, false)); diff --git a/src/res/configlets/linux24/update_bonding b/src/res/configlets/linux24/update_bonding index 75a9adb12..f582ca1fe 100644 --- a/src/res/configlets/linux24/update_bonding +++ b/src/res/configlets/linux24/update_bonding @@ -159,11 +159,13 @@ clear_bonding_except_known() { } (!($1 in ignored_dict)) {print $1;}' | \ while read bond_intf; do - echo "Removing slaves and bringing unconfigured bonding interface $bond_intf down" - PROD_BOND_IFACE="${PROC_DIR}/$bond_intf" - slaves=$(cat $PROD_BOND_IFACE | awk '/[sS]lave [iI]nterface:/ { printf "%s ",$NF;}') - $FWBDEBUG $IFCONFIG $bond_intf up - $FWBDEBUG $IFENSLAVE -d $bond_intf $slaves - $FWBDEBUG $IFCONFIG $bond_intf down + PROD_BOND_IFACE="${PROC_DIR}/$bond_intf" + slaves=$(cat $PROD_BOND_IFACE | awk '/[sS]lave [iI]nterface:/ { printf "%s ",$NF;}') + test -n "$slaves" && { + echo "Removing slaves and bringing unconfigured bonding interface $bond_intf down" + $FWBDEBUG $IFCONFIG $bond_intf up + $FWBDEBUG $IFENSLAVE -d $bond_intf $slaves + $FWBDEBUG $IFCONFIG $bond_intf down + } done } diff --git a/src/res/os/linksys.xml b/src/res/os/linksys.xml index a3feb3e8c..1a116605a 100644 --- a/src/res/os/linksys.xml +++ b/src/res/os/linksys.xml @@ -3,7 +3,7 @@ Linksys/Sveasoft active - sveasoft + linux24 linksys