onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-01 14:47:27 +02:00
Code Issues Releases Wiki Activity

script output redirection in the routing section

Browse Source
This commit is contained in:
Vadim Kurland 2009-03-03 05:26:43 +00:00
parent 0264476556
commit 8bf0b719b3
5 changed files with 76 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 770
#define BUILD_NUM 772

11
doc/ChangeLog
View File

@ -1,3 +1,14 @@
2009-03-02 vadim <vadim@vk.crocodile.org>
* RoutingCompiler_ipt_writers.cpp (PrintRule::processNext): finish
fixes for bugs #2540389: "Routing Broken from 2.1 to 3.0.3" and
#2356151 "Routing broken when default route has a 0
metric". Redirect script output to a file for the time when we
remove static routing entries and add new ones to prevent ssh
session from stalling. Restore output back to the terminal when
script finishes or when an error is detected. Using idea suggested
by Heiko Helmle <helman@gmx.de>
2009-02-27 vadim <vadim@vk.crocodile.org>
* RoutingCompiler_ipt_writers.cpp (PrintRule::processNext): fixed

34
doc/Credits
View File

@ -97,6 +97,37 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Compal GmbH, Germany, Tidei Maurizio, fwbuilder-routing@compal.de
- For contribution of the code that adds support for static routing for Linux
Firewall Builder Routing add-on
Copyright (C) 2004 Compal GmbH, Germany
Author: Tidei Maurizio <fwbuilder-routing at compal.de>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Steven Mestdagh <steven@openbsd.org>
- for the code for the static routing configutation for PIX
@ -117,5 +148,8 @@ Steven Mestdagh <steven@openbsd.org>
Heiko Helmle <helman@gmx.de>
- for valuable ideas and suggestions that lead to improvement of
support for Linux static routing configuration

4
src/ipt/RoutingCompiler_ipt.cpp
View File

@ -263,12 +263,14 @@ void RoutingCompiler_ipt::epilog()
output << ecmp_rules_buffer[ecmp_comments_buffer_it->first] << flush;
output << " \\\n|| routeFailed " << "\"" << ++nb << "\"" << endl;
output << " \\\n|| route_command_error " << "\"" << ++nb << "\"" << endl;
//echo \"Error: The ECMP routing rule #" << ++nb <<" couldn't be activated! Please make sure your kernel is compiled with the CONFIG_IP_ROUTE_MULTIPATH option.\"" << endl;
}
}
output << endl;
output << "restore_script_output" << endl;
output << "echo \"...done.\"" << endl;
}

28
src/ipt/RoutingCompiler_ipt_writers.cpp
View File

@ -147,8 +147,19 @@ bool RoutingCompiler_ipt::PrintRule::processNext()
<< "#\n#\n# ============== ROUTING RULES ============== \n#"
<< endl;
compiler->output << "# This function stops stdout redirection"
<< endl;
compiler->output << "# and sends previously saved output to terminal"
<< endl;
compiler->output << "restore_script_output()" << endl;
compiler->output << "{" << endl;
compiler->output << " exec 1>&3 2>&1" << endl;
compiler->output << " cat /tmp/.fwbuilder.out" << endl;
compiler->output << "}" << endl;
compiler->output << endl;
compiler->output << "# if any routing rule fails we do our best to prevent freezing the firewall" << endl;
compiler->output << "routeFailed()" << endl;
compiler->output << "route_command_error()" << endl;
compiler->output << "{" << endl;
compiler->output << " echo \"Error: Routing rule $1 couldn't be activated!\"" << endl;
compiler->output << " echo \"Recovering previous routing configuration...\"" << endl;
@ -160,6 +171,8 @@ bool RoutingCompiler_ipt::PrintRule::processNext()
* csh and tcsh */
compiler->output << " (IFS=\"\n\"; for route in $oldRoutes; do (IFS=' '; $IP route add $route); done)" << endl;
compiler->output << " echo \"...done\"" << endl;
compiler->output << " restore_script_output" << endl;
/* Note that we call epilog_commands in case when
* iptables-restore returns with an error. We should also call
* it if routing commands fail.
@ -168,6 +181,13 @@ bool RoutingCompiler_ipt::PrintRule::processNext()
compiler->output << " exit 1" << endl;
compiler->output << "}" << endl << endl;
compiler->output << "# redirect output to prevent ssh session from stalling"
<< endl;
compiler->output << "exec 3>&1" << endl;
compiler->output << "exec 1> /tmp/.fwbuilder.out" << endl;
compiler->output << "exec 2>&1" << endl;
compiler->output << endl;
compiler->output << "# store previous routing configuration "
<< "(sort: 'via' GW has to be inserted after device routes)" << endl;
compiler->output << "oldRoutes=$($IP route show | sort -k 2)" << endl << endl;
@ -315,10 +335,12 @@ string RoutingCompiler_ipt::PrintRule::RoutingRuleToString(RoutingRule *rule)
RoutingRuleOptions *opt = opt_dummy ? RoutingRuleOptions::cast(opt_dummy) : 0;
if ( opt && opt->getBool("no_fail") )
{
command_line << "echo \"*** Warning: routing rule " << rule->getLabel() << " failed. ignored. ***\"\n";
command_line << "echo \"*** Warning: routing rule "
<< rule->getLabel() << " failed. ignored. ***\"\n";
} else
{
command_line << "routeFailed " << "\"" << rule->getLabel() << "\"" << endl;;
command_line << "route_command_error "
<< "\"" << rule->getLabel() << "\"" << endl;;
}
command_line << endl;